Table Of Contents
udld (interface configuration)
vmps reconfirm (privileged EXEC)
vmps reconfirm (global configuration)
wrr-queue random-detect max-threshold
2trust
Use the trust policy-map class configuration command to define a trust state for traffic classified by the class or the class-map command. Use the no form of this command to return to the default setting.
trust [cos | dscp | ip-precedence]
no trust [cos | dscp | ip-precedence]
Syntax Description
Defaults
The port is not trusted. If no keyword is specified when the command is entered, the default is dscp.
Command Modes
Policy-map class configuration
Command History
Usage Guidelines
Use this command to distinguish the quality of service (QoS) trust behavior for certain traffic from others. For example, incoming traffic with certain DSCP values can be trusted. You can configure a class map to match and trust the DSCP values in the incoming traffic.
Trust values set with this command supersede trust values set on specific interfaces with the mls qos trust interface configuration command.
The trust command is mutually exclusive with set command within the same policy map.
You cannot attach policy maps that contain set or trust policy-map class configuration commands or that have access control list (ACL) classification to an egress interface by using the service-policy interface configuration command.
If you specify trust cos, QoS derives the internal DSCP value by using the received or default port CoS value and the CoS-to-DSCP map.
If you specify trust dscp, QoS derives the internal DSCP value by using the DSCP value from the ingress packet. For non-IP packets that are tagged, QoS derives the internal DSCP value by using the received CoS value; for non-IP packets that are untagged, QoS derives the internal DSCP value by using the default port CoS value. In either case, the internal DSCP value is derived from the CoS-to-DSCP map.
If you specify trust ip-precedence, QoS derives the internal DSCP value by using the IP precedence value from the ingress packet and the IP-precedence-to-DSCP map. For non-IP packets that are tagged, QoS derives the internal DSCP value by using the received CoS value; for non-IP packets that are untagged, QoS derives the internal DSCP value by using the default port CoS value. In either case, the internal DSCP value is derived from the CoS-to-DSCP map.
To return to policy-map configuration mode, use the exit command. To return to privileged EXEC mode, use the end command.
Examples
The following example shows how to define a port trust state to trust incoming DSCP values for traffic classified with class1:
Switch(config)# policy-map policy1Switch(config-pmap)# class class1Switch(config-pmap-c)# trust dscpSwitch(config-pmap-c)# police 1000000 20000 exceed-action policed-dscp-transmitSwitch(config-pmap-c)# exitYou can verify the previous commands by entering the show policy-map user EXEC command.
Related Commands
udld (global configuration)
Use the udld global configuration command to enable aggressive or normal mode in the UniDirectional Link Detection (UDLD) and to set the configurable message timer time. Use the no form of the command to disable aggressive or normal mode UDLD on all fiber-optic ports.
udld {aggressive | enable | message time message-timer-interval}
no udld {aggressive | enable | message}
Syntax Description
Defaults
UDLD is disabled on all fiber-optic interfaces.
The message timer is set at 60 seconds.
Command Modes
Global configuration
Command History
Usage Guidelines
In normal mode, if UDLD is in the advertisement or in the detection phase and all the neighbor cache entries are aged out, UDLD restarts the link-up sequence to try to resynchronize with any potentially out-of-sync neighbors.
If you enable aggressive mode, when all the neighbors of a port have aged out either in the advertisement or in the detection phase, UDLD restarts the link-up sequence to try to get resynchronized with any potentially out-of-sync neighbor and shuts down the port if after the fast train of messages, the link state is still undetermined. Use aggressive mode on point-to-point links where no failure between two neighbors is allowed. In this situation, UDLD probe packets can be considered as a heart beat whose presence guarantees the health of the link. Conversely, the loss of the heart beat means trouble, and the link must be shut down if it is not possible to re-establish a bidirectional link.
If you change the message time between probe packets, you are making a trade-off between the detection speed and the CPU load. By decreasing the time, you can make the detection-response faster but increase the load on the CPU.
This command affects fiber-optic interfaces only. Use the udld interface configuration command to enable UDLD on other interface types.
Examples
The following example shows how to enable UDLD on all fiber-optic interfaces:
Switch(config)# udld enableYou can verify the previous command by entering the show udld user EXEC command.
Related Commands
udld (interface configuration)
Use the udld interface configuration command to enable the UniDirectional Link Detection (UDLD) on an individual interface or prevent a fiber-optic interface from being enabled by the udld global configuration command. Use the no form of this command to return to the udld global configuration command setting or disable UDLD if executed on a non-fiber-optic port.
udld {aggressive | enable | disable}
no udld {aggressive | enable | disable}
Syntax Description
Defaults
On fiber-optic interfaces, UDLD is neither enabled, in aggressive mode, nor disabled. For this reason, fiber-optic interfaces enable UDLD according to the state of the udld enable or udld aggressive global configuration command.
On nonfiber-optic interfaces, UDLD is disabled.
Command Modes
Interface configuration
Command History
Usage Guidelines
A UDLD-capable port cannot detect a unidirectional link if it is connected to a UDLD-incapable port of another switch.
In normal mode, if UDLD is in the advertisement or in the detection phase and all the neighbor cache entries are aged out, UDLD restarts the link-up sequence to try to resynchronize with any potentially out-of-sync neighbors.
If you enable aggressive mode, once all the neighbors of a port have aged out either in the advertisement or in the detection phase, UDLD restarts the link-up sequence to try to get resynchronized with any potentially out-of-sync neighbor and shuts down the port if after the fast train of messages, the link state is still undetermined. Use aggressive mode on point-to-point links where no failure between two neighbors is allowed. In this situation, UDLD probe packets can be considered as a heart beat whose presence guarantees the health of the link. Conversely, the loss of the heart beat means trouble, and the link must be shut down if it is not possible to re-establish a bidirectional link.
Use the no udld enable command on fiber-optic ports to return control of UDLD to the udld enable global configuration command or to disable UDLD on non-fiber-optic ports.
Use the udld aggressive command on fiber-optic ports to override the setting of the udld enable or udld aggressive global configuration command. Use the no form on fiber-optic ports to remove this setting and return control of UDLD enabling to the udld global configuration command or disable UDLD on non-fiber-optic ports.
The disable keyword is supported on fiber-optic ports only. Use the no form of this command to remove this setting and return control of UDLD to the udld global configuration command.
If, due to a module or GBIC change that is detected by the platform software and the port changes from fiber-optic to non-fiber-optic or visa versa, all configurations are maintained.
Examples
The following example shows how to enable UDLD on an interface:
Switch(config)# interface gigabitethernet0/11Switch(config-if)# udld enableThe following example shows how to disable UDLD on a fiber-optic interface despite the setting of the udld global configuration command:
Switch(config)# interface gigabitethernet0/11Switch(config-if)# udld disableYou can verify the previous commands by entering the show running-config or the show udld interface privileged EXEC command.
Related Commands
udld reset
Use the udld reset privileged EXEC command to reset all interfaces shutdown by the UniDirectional Link Detection (UDLD) and permit traffic to begin passing through them again (though other features, such as spanning tree, Port Aggregation Protocol (PAgP), and Dynamic Trunking Protocol (DTP) still have their normal effects, if enabled).
udld reset
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
If the interface configuration is still enabled for UDLD, these ports begin to run UDLD again and might shutdown for the same reason if the problem has not been corrected.
Examples
The following example shows how to reset all interfaces shutdown by UDLD:
Switch# udld reset1 ports shutdown by UDLD were reset.You can verify the previous command by entering the show udld user EXEC command.
Related Commands
show running-config
Displays the running configuration on the switch.
show udld
Displays UDLD administrative and operational status for all ports or the specified port.
vlan
Use the vlan VLAN configuration command to configure virtual LAN (VLAN) characteristics for a specific VLAN. Use the no form of this command without additional parameters to delete a VLAN. Use the no form with parameters to change its configured characteristics.
vlan vlan-id [name vlan-name] [media {ethernet | fddi | fdi-net | tokenring | tr-net}]
[state {suspend | active}] [said said-value] [mtu mtu-size] [ring ring-number]
[bridge bridge-number | type {srb | srt}] [parent parent-vlan-id]
[stp type {ieee | ibm | auto}] [are are-number] [ste ste-number]
[backupcrf {enable | disable}] [tb-vlan1 tb-vlan1-id] [tb-vlan2 tb-vlan2-id]no vlan vlan-id [name vlan-name] [media {ethernet | fddi | fdi-net | tokenring | tr-net}]
[state {suspend | active}] [said said-value] [mtu mtu-size] [ring ring-number]
[bridge bridge-number | type {srb | srt}] [parent parent-vlan-id]
[stp type {ieee | ibm | auto}] [are are-number] [ste ste-number]
[backupcrf {enable | disable}] [tb-vlan1 tb-vlan1-id] [tb-vlan2 tb-vlan2-id]
Note
The switch supports only Ethernet ports. You configure only FDDI and Token Ring media-specific characteristics for VLAN Trunk Protocol (VTP) global advertisements to other switches. These VLANs are locally suspended.
Table 2-21 lists the valid syntax for each media type.
VLAN Configuration Rules
Table 2-22 describes the rules for configuring VLANs.
Syntax Description
Defaults
The vlan-name variable is VLANxxxx, where xxxx represents four numeric digits (including leading zeroes) equal to the VLAN ID number.
The media type is ethernet.
The state is active.
The said value is 100000 plus the VLAN ID.
The mtu size is dependent upon the VLAN type:
•
•
•
The ring number for Token Ring VLANs is zero. For FDDI VLANs, there is no default. For TrCRF VLANs, you must specify a ring number.
The bridge number is zero (no source-routing bridge) for FDDI-NET and Token Ring-NET VLANs. For TrBRF VLANs, you must specify a bridge number.
The parent VLAN ID is zero (no parent VLAN) for FDDI and Token Ring VLANs. For TrCRF VLANs, you must specify a parent VLAN ID. For both Token Ring and TrCRF VLANs, the parent VLAN ID must already exist in the database and be associated with a Token Ring-NET or TrBRF VLAN.
The STP type is ibm for FDDI-NET and Token Ring-NET VLANs. For FDDI and Token Ring VLANs, the default is no type specified.
The ARE value is 7.
The STE value is 7.
Backup CRF is disabled.
The tb-vlan1-id and tb-vlan2-id variables are zero (no translational bridging).
Command Modes
VLAN configuration
Command History
Usage Guidelines
The following are the results of using the no vlan commands:
•
•
•
•
•
•
•
•
•
•
•
Examples
The following example shows how to add an Ethernet VLAN with default media characteristics. The default includes a vlan-name of VLANxxx, where xxxx represents four numeric digits (including leading zeroes) equal to the VLAN ID number. The default media option is ethernet; the state option is active. The default said-value variable is 100000 plus the VLAN ID; the mtu-size variable is 1500; the stp-type option is ieee. The VLAN is added if it did not already exist; otherwise, this command does nothing.
Switch(vlan)# vlan 2The following example shows how to modify an existing VLAN by changing its name and MTU size:
Switch(vlan)# no vlan name engineering mtu 1200You can verify the previous commands by entering the show vlan privileged EXEC command.
Related Commands
show vlan
Displays the parameters for all configured VLANs or one VLAN (if the VLAN ID or name is specified) in the administrative domain.
vlan access-map
Use the vlan access-map global configuration command to create or modify a virtual LAN (VLAN) map entry for VLAN packet filtering. This entry changes the mode to the VLAN access map configuration. Use the no form to delete a VLAN map entry. Use the vlan filter interface configuration command to apply a VLAN map to one or more VLANs.
vlan access-map name [number]
no vlan access-map name [number]
Syntax Description
Defaults
By default, there are no VLAN map entries and no VLAN maps applied to a VLAN.
Command Modes
Global configuration
Command History
Usage Guidelines
In global configuration mode, use this command to create or modify a VLAN map. This entry changes the mode to VLAN access map configuration, where you can use the match command to specify the access lists for IP or non-IP traffic to match and use the action command to set whether a match causes the packet to be forwarded or dropped.
When you do not specify an entry number (sequence number), it is added to the end of the map.
There can be only one VLAN map per VLAN and it is applied as packets are received by a VLAN.
You can use the no vlan access-map name [number] command with a sequence number to delete a single entry.
In global configuration mode, use the vlan filter command to apply the map to one or more VLANs.
Note
Examples
The following example shows how to create a VLAN map named vac1 and apply matching conditions and actions to it. If no other entries already exist in the map, this will be entry 10.
Switch(config)# vlan access-map vac1Switch(config-access-map)# match ip address acl1Switch(config-access-map)# action dropThe following example shows how to delete VLAN map vac1:
Switch(config)# no vlan access-map vac1Related Commands
vlan database
Use the vlan database privileged EXEC command to enter virtual LAN (VLAN) configuration mode. From this mode, you can add, delete, and modify VLAN configurations and globally propagate these changes by using the VLAN Trunk Protocol (VTP).
vlan database
Syntax Description
This command has no arguments or keywords.
Defaults
No default is defined.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
To return to the privileged EXEC mode from the VLAN configuration mode, enter the exit command.
Note
Once you are in VLAN configuration mode, you can access the VLAN database editing buffer manipulation commands, including:
•
•
•
•
•
•
•
•
Examples
The following example shows how to enter the VLAN configuration mode from the privileged EXEC mode:
Switch# vlan databaseSwitch(vlan)#Related Commands
vlan filter
Use the vlan filter global configuration command to apply a virtual LAN (VLAN) map to one or more VLANs. Use the no form of this command to remove the map.
vlan filter mapname vlan-list list
no vlan filter mapname vlan-list list
Syntax Description
mapname
Name of the VLAN map entry.
list
The list of one or more VLANs in the form tt, uu-vv, xx, yy-zz, where spaces around commas and dashes are optional.
Defaults
By default, there are no VLAN filters.
Command Modes
Global configuration
Command History
Usage Guidelines
To avoid accidentally dropping too many packets and disabling connectivity in the middle of the configuration process, we recommend that you completely define the VLAN access map before applying it to a VLAN.
Note
Examples
The following example applies VLAN map entry map1 to VLANs 20 and 30:
Switch(config)# vlan filter map1 vlan-list 20, 30The following example shows how to delete VLAN map entry mac1 from VLAN 20:
Switch(config)# no vlan filter map1 vlan-list 20Related Commands
vmps reconfirm (privileged EXEC)
Use the vmps reconfirm privileged EXEC command to immediately send VLAN Query Protocol (VQP) queries to reconfirm all dynamic VLAN assignments with the VLAN Membership Policy Server (VMPS).
vmps reconfirm
Syntax Description
This command has no arguments or keywords.
Defaults
No default is defined.
Command Modes
Privileged EXEC
Command History
Examples
The following example shows how to immediately send VQP queries to the VMPS:
Switch# vmps reconfirmYou can verify the previous command by entering the show vmps privileged EXEC command and examining the VMPS Action row of the Reconfirmation Status section. The show vmps command shows the result of the last time the assignments were reconfirmed either as a result of the reconfirmation timer expiring or because the vmps reconfirm command was issued.
Related Commands
show vmps
Displays VQP and VMPS information.
vmps reconfirm interval
Changes the reconfirmation interval for the VLAN Query Protocol (VQP) client.
vmps reconfirm (global configuration)
Use the vmps reconfirm global configuration command to change the reconfirmation interval for the VLAN Query Protocol (VQP) client.
vmps reconfirm interval
Syntax Description
interval
Reconfirmation interval for VQP client queries to the VLAN Membership Policy Server (VMPS) to reconfirm dynamic VLAN assignments. The interval range is from 1 to 120 minutes.
Defaults
The default reconfirmation interval is 60 minutes.
Command Modes
Global configuration
Command History
Examples
The following example shows how to set the VQP client to reconfirm dynamic VLAN entries every 20 minutes:
Switch(config)# vmps reconfirm 20You can verify the previous command by entering the show vmps privileged EXEC command and examining information in the Reconfirm Interval row.
Related Commands
show vmps
Displays VQP and VMPS information.
vmps reconfirm (privileged EXEC)
Sends VQP queries to reconfirm all dynamic VLAN assignments with the VMPS.
vmps retry
Use the vmps retry global configuration command to configure the per-server retry count for the VLAN Query Protocol (VQP) client.
vmps retry count
Syntax Description
count
Number of attempts to contact the VLAN Membership Policy Server (VMPS) by the client before querying the next server in the list. The retry range is from 1 to 10.
Defaults
The default retry count is 3.
Command Modes
Global configuration
Command History
Examples
The following example shows how to set the retry count to 7:
Switch(config)# vmps retry 7You can verify the previous command by entering the show vmps privileged EXEC command and examining information in the Server Retry Count row.
Related Commands
vmps server
Use the vmps server global configuration command to configure the primary VLAN Membership Policy Server (VMPS) and up to three secondary servers. Use the no form of this command to remove a VMPS server.
vmps server ipaddress [primary]
no vmps server [ipaddress]
Syntax Description
Defaults
No primary or secondary VMPS servers are defined.
Command Modes
Global configuration
Command History
Usage Guidelines
The first server entered is automatically selected as the primary server whether or not primary is entered. The first server address can be overridden by using primary in a subsequent command.
If a member switch in a cluster configuration does not have an IP address, the cluster does not use the VMPS server configured for that member switch. Instead, the cluster uses the VMPS server on the command switch, and the command switch proxies the VMPS requests. The VMPS server treats the cluster as a single switch and uses the IP address of the command switch to respond to requests.
When using the no form without specifying the ipaddress, all configured servers are deleted. If you delete all servers when dynamic-access ports are present, the switch cannot forward packets from new sources on these ports because it cannot query the VMPS.
Examples
The following example shows how to configure the server with IP address 191.10.49.20 as the primary VMPS server. The servers with IP addresses 191.10.49.21 and 191.10.49.22 are configured as secondary servers:
Switch(config)# vmps server 191.10.49.20 primarySwitch(config)# vmps server 191.10.49.21Switch(config)# vmps server 191.10.49.22The following example shows how to delete the server with IP address 191.10.49.21:
Switch(config)# no vmps server 191.10.49.21You can verify the previous commands by entering the show vmps privileged EXEC command and examining information in the VMPS Domain Server row.
Related Commands
vtp
Use the vtp VLAN configuration command to configure the VLAN Trunk Protocol (VTP) mode. Use the no form of this command to return to the default setting of server.
vtp {server | client | transparent}
no vtp {server | client | transparent}
Syntax Description
Note
Defaults
The default mode is server mode.
Command Modes
VLAN configuration
Command History
Usage Guidelines
The no vtp client and no vtp transparent forms of the command return the switch to VTP server mode.
The vtp server command is the same as no vtp client or no vtp transparent except that it does not return an error if the switch is not in client or transparent mode.
If the receiving switch is in client mode, the client switch changes its configuration to duplicate the configuration of the server. If you have switches in client mode, make sure to make all VTP or VLAN configuration changes on a switch in server mode.
If the receiving switch is in server mode, the configuration is not changed.
If the receiving switch is in transparent mode, the configuration is not changed. Switches in transparent mode do not participate in VTP.
If you make VTP or VLAN configuration changes on a switch in transparent mode, the changes are not propagated to other switches in the network.
If you make a change to the VTP or VLAN configuration on a switch in server mode, that change is propagated to all the switches in the same VTP domain.
The vtp transparent command disabled VTP from the domain but does not remove the domain from the switch.
VTP can be set to either server or client mode only when dynamic VLAN creation is disabled.
Examples
The following example shows how to place the switch in VTP transparent mode:
Switch(vlan)# vtp transparentYou can verify the previous commands by entering the show vtp status privileged EXEC command.
Related Commands
show vtp counters
Displays the VTP statistics for the switch.
show vtp status
Displays general information about the VTP management domain status.
vtp domain
Use the vtp domain VLAN configuration command to configure the VLAN Trunk Protocol (VTP) administrative domain.
vtp domain domain-name
Syntax Description
domain-name
ASCII string from 1 to 32 characters that identifies the VTP administrative domain for the switch. The domain name is case sensitive.
Defaults
No domain name is defined.
Command Modes
VLAN configuration
Command History
Usage Guidelines
The switch is in the no-management-domain state until you configure a domain name. While in the no-management-domain state, the switch does not transmit any VTP advertisements even if changes occur to the local VLAN configuration. The switch leaves the no-management-domain state after receiving the first VTP summary packet on any port that is currently trunking or after configuring a domain name using the vtp domain command. If the switch receives its domain from a summary packet, it resets its configuration revision number to zero. After the switch leaves the no-management-domain state, it can never be configured to reenter it until you clear the nonvolatile RAM (NVRAM) and reload the software.
Domain names are case sensitive.
Once you configure a domain name, it cannot be removed. You can only reassign it to a different domain.
Examples
The following example shows how to set the administrative domain for the switch:
Switch(vlan)# vtp domain OurDomainNameYou can verify the previous commands by entering the show vtp status privileged EXEC command.
Related Commands
vtp file
Use the vtp file global configuration command to modify the VLAN Tr
