[static | dynamic | secure] [address hw-addr] [
interface interface]
Syntax Description
| static |
Clear only the static addresses. |
| dynamic |
Clear only the dynamic addresses. |
| secure |
Clear only the secure addresses. |
| address |
Clear all the addresses for an address. |
| hw-addr |
Clear the addresses for this address. |
| interface |
Clear all the addresses for an interface. |
| interface |
Clear the addresses for this interface. |
Command Mode
EXEC
Usage Guidelines
This command deletes entries from the global MAC address table. Specific subsets can be deleted by using the optional keywords and values. If more than one optional keyword is used, then all of the conditions in the argument must be true for that entry to be deleted.
Example
The following example shows how to clear the switch MAC address table:
Switch# clear mac-address-table
Related Commands
show mac-address-table
duplex
Use the duplex interface configuration command to specify the duplex mode of operation for an interface. Use the no form of this command to return the interface to its default value.
duplex {full | half | auto}
no duplex
Syntax Description
| full |
Specifies that the interface is in full-duplex mode. |
| half |
Specifies that the interface is in half-duplex mode. |
| auto |
Specifies that the interface should automatically detect whether it should run in full- or half-duplex mode. |
Default
The default is auto.
Command Mode
Interface configuration
Usage Guidelines
Certain interfaces can be configured to be either full duplex or half duplex. Applicability of this command depends on the device to which the switch is attached. All fixed ports can be configured for either full or half duplex. Setting the fixed ports to auto will have the same effect as specifying half if the attached device does not autonegotiate the duplex parameter.
Note See the Catalyst 2900 Series XL Installation and Configuration Guide for guidelines on setting the switch speed and duplex parameters.
Example
The following example shows how to set port 1 on module 2 to full duplex:
Switch(config)# interface fastethernet2/1
Switch(config-if)# duplex full
Related Commands
speed
ip address
To set a primary or secondary IP address for an interface, use the ip address interface configuration command. To remove an IP address or disable IP processing, use the no form of this command.
ip address ip-address mask
no ip address ip-address mask
Syntax Description
| ip-address |
IP address. |
| mask |
Mask for the associated IP subnet. |
Default
No IP address is defined for the interface.
Command Mode
Interface configuration
Usage Guidelines
An interface can have one primary IP address.
Example
The following shows how to configure the IP address for the switch on a subnetted class B network:
Switch(config)# interface vlan1
Switch(config-if)# ip address 172.20.128.2 255.255.255.0
mac-address-table aging-time
Use the mac-address-table aging-time configuration command to set the length of time that a dynamic entry can remain in the MAC address table, from the time the entry was used or last updated. Use the no form of this command to return to the default aging-time interval.
mac-address-table aging-time age
no mac-address-table aging-time
Syntax Description
| age |
A number from 10 to 1000000 seconds. |
Default
The default is 300 seconds.
Command Mode
Configuration
Usage Guidelines
If hosts do not transmit continuously, increase the aging time to record the dynamic entries for a longer time and thus reduce the possibility of flooding when the hosts transmit again.
Example
The following example sets the aging time to 200 seconds:
Switch(config)# mac-address-table aging-time 200
Related Commands
clear mac-address-table secure
show mac-address-table
mac-address-table static
mac-address-table dynamic
mac-address-table dynamic
Use the mac-address-table dynamic configuration command to add entries to the MAC address table that are subject to aging. Use the no form of this command to remove entries from the MAC address table.
mac-address-table dynamic hw-addr interface
no mac-address-table dynamic hw-addr
Syntax Description
| hw-addr |
The MAC address that is added to the table. |
| interface |
The interface to which packets destined for hw-addr are forwarded. |
Command Mode
Configuration
Example
The following example shows how to add a dynamic address to the address table:
Switch(config)# mac-address-table dynamic 00c0.00a0.03fa fa0/1
Related Commands
clear mac-address-table secure
show mac-address-table
mac-address-table static
mac-address-table aging-time
mac-address-table secure
Use the mac-address-table secure configuration command to add entries to the MAC address table that are known to be secure addresses. Use the no form of this command to remove entries from the MAC address table.
mac-address-table secure hw-addr interface
no mac-address-table secure hw-addr
Syntax Description
| hw-addr |
The MAC address that will be added to the table. |
| interface |
The interface to which packets destined for hw-address will be forwarded. |
Command Mode
Configuration
Usage Guidelines
Secure addresses can only be assigned to one port at a time. Therefore, if a secure address table entry for the specified hw-addr already exists on another port, it is removed from that port and assigned to the specified interface.
Example
The following example shows how to add a secure MAC address to the first port of the system:
Switch(config)# mac-address-table secure 00c0.00a0.03fa fa0/1
Related Commands
mac-address-table aging-time
show mac-address-table
mac-address-table static
mac-address-table dynamic
mac-address-table static
Use the mac-address-table static configuration command to add static entries to the MAC address table. Use the no form of this command to remove static entries from the MAC address table.
mac-address-table static hw-addr in-port out-port-list
no mac-address-table static hw-addr
Syntax Description
| hw-addr |
The MAC address that will be added to the table. |
| in-port |
The input port from which packets received with a destination address of hw-addr will be forwarded to the list of ports in out-port-list. |
| out-port-list |
The list of ports to which packets received with a destination address of hw-addr on ports in in-port will be forwarded. |
Command Mode
Configuration
Usage Guidelines
Static addresses are not assigned to a port, but instead to the system. Each static address has an associated forwarding table that contains one entry for each input port in the system. This allows the following algorithm to be used: when a packet is received on the in-port, it is forwarded to each port in the out-port-list. Different input ports can have different output-port lists for each static address. Adding a static address that is already defined as a static address only modifies that port map (out-port-list) for the port specified in the in-port.
Example
The following example adds a static address with port 1 as an input port and port 2 and port 8 as output ports:
Switch(config)# mac-address-table static c2f3.220a.12f4 fa0/1 fa0/2 fa0/8
Related Commands
mac-address-table aging-time
show mac-address-table
mac-address-table secure
mac-address-table dynamic
port block
Use the port block interface configuration command to block the flooding of unknown unicast or multicast packets to a port. Use the no form of this command to resume normal forwarding.
port block {unicast | multicast}
no port block {unicast | multicast}
Syntax Description
| unicast |
Do not forward packets with unknown unicast addresses to this port. |
| multicast |
Do not forward packets with unknown multicast addresses to this port. |
Default
Flood unknown unicast and multicast packets to all ports.
Command Mode
Interface configuration
Example
The following example shows how to block the forwarding of multicast and unicast packets to a port:
Switch(config-if)# port block unicast
Switch(config-if)# port block multicast
Related Commands
show port block
port group
Use the port group interface configuration command to assign a port to a Fast EtherChannel port group. There can be four groups defined for a switch, and any number of ports can belong to a port group. Use the no form of this command to remove the port from the port group.
port group group-number
no port group
Syntax Description
| group-number |
Port group to which the port is assigned. This can be from 1 to 4. |
Default
Port does not belong to a port group.
Command Mode
Interface configuration
Usage Guidelines
This command cannot be used when Switched Port Analyzer (SPAN) port monitoring or port security is enabled for the port.
Example
The following example shows how to add a port to a port group:
Switch(config-if)# port group 1
Related Commands
show port group
port monitor
Use the port monitor interface configuration command to enable Switched Port Analyzer (SPAN) port monitoring on a port. Use the no form of this command to return the interface to its default value.
port monitor [interface]no port monitor [interface]
Syntax Description
| interface |
The module and port number for which SPAN is to be enabled. |
Default
Port does not monitor any other ports.
Command Mode
Interface configuration
Usage Guidelines
This command cannot be used when a port is part of a Fast EtherChannel port group or when port security is enabled. Specifying port monitoring without an interface causes all other ports to be monitored.
Example
The following example shows how to enable port monitoring on a port:
Switch(config-if)# port monitor
Related Commands
show port monitor
port security
Use the port security interface configuration command to enable port security on a port. Use the no form of this command to return the interface to its default value.
port security [action {shutdown | trap}]
port security [max-mac-countaddresses]no port security
Syntax Description
| action |
(Optional) Defines the action to take when an address violation occurs on this port. |
| shutdown |
Disable the port when a security violation occurs. |
| trap |
Generate an SNMP trap when a security violation occurs. |
| max-mac-count |
(Optional) The maximum number of secure addresses that this port can support. |
| addresses |
1 to 132. |
Default
Port security is disabled.
Command Mode
Interface configuration
Usage Guidelines
This command cannot be used when a port is part of a Fast EtherChannel port group or when Switched Port Analyzer (SPAN) port monitoring is enabled.
Example
The following example shows how to enable port security on a port. The maximum number of addresses that the port can learn is set to 8.
Switch(config-if)# port security action shutdown
Switch(config-if)# port security max-mac-count 8
Related Commands
show port security
port storm-control
Use the port storm-control interface configuration command to enable broadcast storm control on a port. Use the no form of this command to disable storm control on the interface.
port storm-control [filter] [trap] [threshold {rising rising-number | falling falling-number}]no port storm-control [filter] [trap] [threshold {rising rising-number | falling falling-number}]
Syntax Description
| filter |
Disable the port during a broadcast storm. |
| threshold |
The threshold which signals the beginning or end of a broadcast storm. |
| rising |
The threshold which signals the beginning of a broadcast storm. |
| rising-number |
0 to 4294967295 packets per second. |
| falling |
The threshold which signals the end of a broadcast storm. |
| falling-number |
0 to 4294967295 packets per second. |
| trap |
Generate an SNMP trap when the port crosses the rising or falling threshold. |
Default
Broadcast storm control is not enabled.
Command Mode
Interface configuration
Example
The following example shows how to enable broadcast storm control on a port:
Switch(config-if)# port storm-control threshold rising 1000 falling 200
Related Commands
show port storm-control
show mac-address-table
Use the show mac-address-table EXEC command to display the MAC address table.
show mac-address-table [static | dynamic | secure] [address hw-addr] [interface interface]
Syntax Description
| static |
(Optional) Display only the static addresses. |
| dynamic |
(Optional) Display only the dynamic addresses. |
| secure |
(Optional) Display only the secure addresses. |
| address |
(Optional) Display entries for a specific address. |
| hw-addr |
Display addresses for this address. |
| interface |
(Optional) Indicates that only entries for a specific interface is displayed. |
| interface |
Display entries for this interface. |
Default
None
Command Mode
EXEC
Usage Guidelines
This command displays the global MAC address table. Specific views can be defined by using the optional keywords and values. If more than one optional keyword is used, then all of the conditions must be true in order for that entry to be displayed.
Example
The following example shows how to display the switch MAC address table:
Switch# show mac-address-table
Dynamic Addresses Count: 19
Secure Addresses (User-defined) Count: 0
Static Addresses (User-defined) Count: 0
System Self Addresses Count: 29
Total MAC addresses: 48
Non-static Address Table:
Destination Address Address Type Destination Port
——————- ———— —————-
0000.0c5c.e176 Dynamic FastEthernet0/8
0000.2424.96b4 Dynamic FastEthernet0/8
Related Commands
clear mac-address-table
show port block
To display the blocking of unicast or multicast flooding to a port, use the show port block EXEC command.
show port block {unicast | multicast} [interface]
Syntax Description
| unicast |
Show whether ports are blocking unicast packets or not. |
| multicast |
Show whether ports are blocking multicast packets or not. |
| interface |
(Optional) Show whether this port is blocking unicast or multicast packets. |
Default
None
Command Mode
EXEC
Usage Guidelines
None
Example
The following example shows how to display port block information for a fixed port:
Switch# show port block unicast fa0/8
FastEthernet0/8 is blocked from unknown unicast addresses
Related Commands
port block
show port group
To display port groups, use the show port group EXEC command.
show port group [group-number]
Syntax Description
group-number Port group to which the port is assigned.
Default
None
Command Mode
EXEC
Usage Guidelines
Switched Port Analyzer (SPAN) port monitoring and port security cannot be enabled when a port belongs to a port group.
Example
The following example shows how to display the members of a port group.
Switch# show port group 1
Group Interface
—– ————-
1 FastEthernet0/1
1 FastEthernet0/4
Related Commands
port group
show port monitor
To display the ports for which Switched Port Analyzer (SPAN) port monitoring is enabled, use the show port monitor EXEC command.
show port monitor interface
Syntax Description
interface The module and port number enabled for SPAN.
Default
None
Command Mode
EXEC
Usage Guidelines
SPAN port monitoring cannot be enabled when a port belongs to a Fast EtherChannel group or when port security is enabled.
Example
The following example shows how to display the ports that are being monitored by a fixed port:
Switch# show port monitor fa0/8
Monitor Port Port Being Monitored
—————— —————
FastEthernet0/8 FastEthernet0/1
FastEthernet0/8 FastEthernet0/2
FastEthernet0/8 FastEthernet0/3
FastEthernet0/8 FastEthernet0/4
FastEthernet0/8 FastEthernet0/5
FastEthernet0/8 FastEthernet0/6
FastEthernet0/8 FastEthernet0/7
Related Commands
port monitor
show port security
To show the port security parameters defined for the port, use the show port security EXEC command.
show port security interface
Syntax Description
interface The module and port number to be displayed.
Default
None
Command Mode
EXEC
Example
The following example shows how to display the port security information for a fixed port:
Switch# show port security fa0/4
Secure Port Secure Addr Secure Addr Security Security Action
Cnt (Current) Cnt (Max) Reject Cnt
————— ————- ———– ———- ———————-
FastEthernet0/4 1 132 0 Send Trap
Example
port security
show port storm-control
To display the rising and falling threshold for broadcast storm control, use the show port storm-control EXEC command. This command also displays the action that the switch takes when the thresholds are reached.
show port storm-control [interface]
Syntax Description
interface (Optional) Show storm-control parameters for this port.
Default
None
Command Mode
EXEC
Example
The following example shows how to display storm-control information for the switch:
Switch# show port storm-control
Interface Filter State Trap State Rising Falling Current Traps Sent
——— ———— ————- —— ——- ——- ———-
Fa0/1 500 250 0 0
Fa0/2 500 250 0 0
Fa0/3 500 250 0 0
Fa0/4 500 250 0 0
Fa0/5 500 250 0 0
Fa0/6 500 250 0 0
Fa0/7 500 250 0 0
Fa0/8 500 250 0 0
Related Commands
port storm-control
shutdown
To disable an interface, use the shutdown interface configuration command. To restart a disabled interface, use the no form of this command.
shutdown
no shutdown
Syntax Description
This command has no arguments or keywords.
Default
None
Command Mode
Interface configuration
Usage Guidelines
Use shutdown Vlan1 to disable communication with the switch. The shutdown interface command causes the port to stop forwarding but maintains communication with the switch. For example, you can still enable the port with no shutdown.
Example
The following example shows how to disable a fixed port and how to reenable it:
Switch(config)# interface fa0/8
Switch(config-if)#shutdown
Switch(config-if)# no shutdown
Switch(config-if)#
spantree disable
To disable the Spanning-Tree Protocol, use the spantree disable interface configuration command.
To enable the Spanning-Tree Protocol, use the no form of this command.
spantree disable
no spantree disable
Syntax Description
This command has no arguments or keywords.
Default
STP is enabled
Command Mode
Interface configuration
Usage Guidelines
Shutting down the Spanning-Tree Protocol causes the switch to stop participating in STP. Ports that are administratively down remain down. Ports in the blocking state behave as if they are in the forwarding state and could cause a loop. Received BPDUs are forwarded like any other multicast frame.
Example
The following example shows how to disable STP on the switch:
Switch(config)# interface vlan1
Switch(config-if)# spantree disable
Related Commands
spantree forwarding-time
spantree hello-time
spantree max-age
spantree priority
spantree priority
spantree forwarding-time
Use the spantree forwarding-time interface configuration command to specify the forward delay interval for the switch. Use the no form of this command to return to the default interval.
spantree forwarding-time seconds
no spantree forwarding-time
Syntax Description
seconds A number from 10 to 200.
Default
15-second delay
Command Mode
Interface configuration
Usage Guidelines
The forward delay interval is the amount of time the switch spends listening for topology information and learning addresses after an interface activates and before forwarding actually begins.
Each switch in a spanning tree adopts the hello-time, forward-time, and max-age parameters of the root bridge.
Example
The following example shows how to set the forward-delay interval to 60 seconds
Switch(config)# interface vlan1
Switch(config-if)# spantree forward-time 60
Related Commands
spantree disable
spantree hello-time
spantree max-age
spantree priority
spantree priority
spantree hello-time
Use the spantree hello-time interface configuration command to specify the interval between Hello Bridge Protocol Data Units (BPDUs). Use the no form of this command to return to the default interval.
spantree hello-time seconds
no spantree hello-time
Syntax Description
seconds A number between 1 and 10.
Default
The default is 2 seconds.
Command Mode
Interface configuration
Usage Guidelines
Each switch in a spanning tree adopts the hello-time, forward-time, and max-age parameters of the root bridge. For this reason, this parameter only applies when this switch is the root switch.
Example
The following example show how to set the interval to 5 seconds:
Switch(config)# interface vlan1
Switch(config-if)# spantree hello-time 5
Related Commands
spantree disable
spantree forwarding-time
spantree max-age
spantree priority
spantree priority
spantree max-age
Use the spantree max-age interface configuration command to change the interval the switch waits to hear bridge protocol data units (BPDUs) from the root bridge. If a switch does not hear BPDUs from the root bridge within the specified interval, it assumes that the network has changed and recomputes the spanning-tree topology. Use the no form of this command to return to the default interval.
spantree max-age seconds
no spantree max-age
Syntax Description
seconds A number from 6 to 200.
Default
The default is 20 seconds.
Command Mode
Interface configuration
Usage Guidelines
Each switch in a spanning tree adopts the hello-time, forward-time, and max-age parameters of the root bridge.
Example
The following example shows how to increase the maximum idle interval to 20 seconds:
Switch(config)# interface vlan1
Switch(config-if)# spantree max-age 20
Related Commands
spantree disable
spantree forwarding-time
spantree hello-time
spantree priority
spantree priority
spantree cost
Use the spantree cost interface configuration command to set a different path cost. Use the no form of this command to choose the default path cost for the interface.
spantree cost cost
no spantree cost
Syntax Description
| cost |
Path cost can range from 1 to 65535, with higher values indicating higher costs. This range applies regardless of the Spanning-Tree Protocol that has been specified. |
Default
The default is 1000/interface-speed-Mbps. Thus, a 100-Mbps interface has a default path cost of 10, and a 10-Mbps interface has a default path cost of 100.
Command Mode
Interface configuration
Usage Guidelines
By convention, the path cost is 1000/data rate of the attached LAN (IEEE), or 10000/data rate of the attached LAN (Digital), in Mbps. This parameter is automatically adjusted for, unless overridden by this command.
Example
The following example changes the default path cost for a fixed port:
Switch(config)# interface fa0/1
Switch(config-if)# spantree cost 250
Related Commands
spantree disable
spantree forwarding-time
spantree hello-time
spantree max-age
spantree priority
spantree priority
spantree portfast
Use the spantree portfast interface configuration command to decrease the amount of time it takes STP to bring a port into the forwarding state. Use the no form of this command to disable PortFast.
spantree portfast
no spantree portfast
Syntax Description
This command has no parameters.
Default
PortFast is disabled.
Command Mode
Interface configuration
Usage Guidelines
This command should only be used when a port is connected to a workstation or server. If PortFast is enabled on a port connected to another switch or hub, it can prevent STP from detecting and avoiding loops in the network.
Example
The following example shows how to enable PortFast on a fixed port:
Switch(config)# interface fa0/2
Switch(config-if)# spantree portfast
Related Commands
spantree disable
spantree forwarding-time
spantree hello-time
spantree max-age
spantree priority
spantree priority
spantree priority
Use the spantree priority interface configuration command to configure the priority of an individual bridge.
spantree priority number
Syntax Description
number A number from 0 through 65535.
Default
When the IEEE Spanning-Tree Protocol is enabled on the switch: 32768
Command Mode
Interface configuration
Usage Guidelines
When two bridges tie for position as the root bridge, a bridge priority determines which bridge serves as the root bridge. The lower the number, the more likely the bridge is chosen as root. Use the spantree priority interface configuration command to control an interface priority.
Example
The following example establishes this switch as a likely candidate to be the root bridge:
Switch(config)# interface vlan1
Switch(config-if)# spantree priority 100
Related Commands
spantree disable
spantree forwarding-time
spantree hello-time
spantree max-age
spantree priority
spantree priority
spantree priority
Use the spantree priority interface configuration command to set an interface priority when two bridges tie for position as the root bridge. The priority you set breaks the tie. Use the no form of this command to return to the default priority.
spantree priority number
no spantree priority
Syntax Description
| priority |
Indicates that the following parameter specifies the new priority for the vlan and interface. |
| number |
Priority number ranging from 0 through 255 (Digital) or 0 through 64000 (IEEE). |
Default
32768 – IEEE spanning-tree protocol
Command Mode
Interface configuration
Usage Guidelines
The lower the number, the more likely it is that the bridge on the interface will be chosen as the root. The switch-based version of this command sets the priority for the switch.
Example
The following example increases the likelihood that the root bridge will be the one on FastEthernet interface 0 on port 1:
Switch(config)#interface fastethernet 0/1
Switch(config-if)#spantree priority 100
Related Commands
spantree forwarding-time
spantree hello-time
spantree max-age
spantree disable
spantree priority
spantree protocol
Use the protocol interface configuration command to define the type of Spanning-Tree Protocol. Use the no protocol command to set the protocol to its default value of IEEE.
spantree protocol [ieee | dec | ibm]
no spantree protocol
Syntax Description
| ieee |
IEEE Ethernet Spanning-Tree Protocol |
| dec |
Digital Spanning-Tree Protocol |
| ibm |
IBM Spanning-Tree Protocol |
Default
The IEEE 802.1d Spanning-Tree Protocol is enabled by default.
Command Mode
Interface configuration
Usage Guidelines
The IEEE 802.1d Spanning-Tree Protocol is the preferred way to run the switch. Use the other protocols only for backward compatibility.
Example
The following example shows how to set the switch (vlan1) to use the IEEE 802.1d Spanning-Tree Protocol:
Switch(config)# interface vlan1
Switch(config-if)# spantree protocol ieee
Related Commands
spantree disable
spantree forwarding-time
spantree hello-time
spantree max-age
spantree priority
spantree priority
speed
Use the speed interface configuration command to specify the speed of the interface. Use the no form of this command to return the interface to its default value.
speed [10 | 100 | auto]
no speed
Syntax Description
| 10 |
Specifies that the interface runs at 10 Mbps. |
| 100 |
Specifies that the interface runs at 100 Mbps. |
| auto |
Specifies that the interface should automatically detect whether it should run at 10 Mbps or 100 Mbps. |
Default
The default is auto.
Command Mode
Interface configuration
Usage Guidelines
Certain interfaces can be configured to be either 10 or 100 Mbps. Applicability of this command is hardware-dependent. All fixed ports can be configured for either 10- or 100-Mbps operation.
Note See the Catalyst 2900 Series XL Installation and Configuration Guide for guidelines on setting the switch speed and duplex parameters.
Example
The following example shows how to set port 1 on module 2 to 100 Mbps:
Switch(config)# interface fastethernet2/1
Switch(config-if)# speed 100
I hope you found this article to be of use and it helps you prepare for your Cisco CCNA certification. I am sure you will quickly find out that hands-on real world experience is the best way to cement the CCNA concepts in your head to help you pass your CCNA exam!
