Home Blog Certs Knowledge Base About
maks.top / kb / Cisco β€” Layer 2 Switching / Cisco VLANs, STP & EtherChannel

Cisco VLANs, STP & EtherChannel

22/04/2026
CiscoVLANVTPSTPRSTPEtherChannelLACPIOSswitching
Cisco IOS Layer 2 cheat sheet: VLANs, VTP, SVI interfaces, Spanning Tree (STP/RSTP), EtherChannel (LACP/PAgP), and FlexLinks. Configuration and diagnostics commands.

VLANs

VLAN Configuration
CommandDescription
vlan 2Enter VLAN 2 configuration
name salesAssign name to VLAN
switchport mode accessSet port to access mode (one VLAN, toward end user)
switchport access vlan 2Assign access port to VLAN 2
switchport nonegotiateDisable DTP auto-negotiation
switchport trunk encapsulation dot1qSet encapsulation to 802.1Q (required if ISL is supported)
switchport mode trunkSet port to trunk mode
switchport trunk allowed vlan 2,3,4,5,99Allow only specific VLANs on trunk
switchport trunk native vlan 99Change native VLAN to 99
vlan dot1q tag nativeTag native VLAN frames (security hardening)
VLAN Diagnostics
CommandDescription
show vlanList all VLANs and their port assignments
show vlan id 2Details for a specific VLAN
show int fasteth 0/1 switchportVLAN info for a specific port
show int trunkTrunk ports and allowed VLANs

VTP (VLAN Trunking Protocol)

VTP Configuration
CommandDescription
vtp mode transparentDisable VTP VLAN sync; store VLAN DB in config file
vtp mode serverFull VTP server mode (can create/modify/delete VLANs)
vtp mode clientClient mode β€” cannot modify VLANs from CLI
vtp mode offVTP v3: completely disabled, does not forward announcements
vtp version 2Select VTP version
vtp domain darkmaycalSet VTP domain name
vtp password 123 [hidden|secret]Set VTP password
vtp primary-serverDesignate as primary VTP server (v3)
show vtp statusShow VTP status and revision number
show vtp passwordShow VTP domain password

SVI β€” Virtual Layer 3 Interfaces

Configuration is done on the switch. Enables inter-VLAN routing on L3 switches.

SVI Setup
CommandDescription
ip routingEnable routing engine on the switch
int vlan 2Create SVI for VLAN 2
ip address 192.168.2.50 255.255.255.0Assign IP to SVI
no shutdownBring up the SVI

STP / RSTP β€” Spanning Tree Protocol

STP Configuration
CommandDescription
spanning-tree mode rapid-pvstSwitch to Rapid PVST+ (recommended)
spanning-tree vlan 1 root primaryBecome root bridge for VLAN 1
spanning-tree vlan 1 root secondaryBecome backup root bridge
spanning-tree vlan 1 priority 110Set bridge priority for VLAN 1 (lower = more preferred root)
spanning-tree vlan 1 forward-time 12Set forwarding delay (convergence time)
spanning-tree pathcost method longUse 32-bit path cost (802.1t): cost = 20 000 000 000 / speed Kbps
spanning-tree vlan 1 cost 5Set interface cost for STP
spanning-tree vlan 1 port-priority 50Set port priority (affects designated port election)
STP Security Features
CommandDescription
spanning-tree portfastSkip listening/learning states (for end-host ports only)
spanning-tree portfast defaultEnable PortFast on all access ports globally
spanning-tree bpduguard enableShut port if a BPDU is received (protects against rogue switches)
spanning-tree portfast bpdufilter defaultEnable BPDU filter on all PortFast ports globally
spanning-tree bpdufilter enableStop sending and receiving BPDUs on interface
spanning-tree guard loopEnable Loop Guard on interface (or use spanning-tree loopguard default)
spanning-tree guard rootProtect against unauthorized root bridge on interface
spanning-tree link-type point-to-pointSet link type for Rapid PVST+ fast convergence
spanning-tree backbonefastEnable BackboneFast (PVST+ only)
spanning-tree uplinkfastEnable UplinkFast for fast uplink failover (PVST+ only)
udld enableEnable UDLD globally (fiber interfaces only)
udld port enableForce-enable UDLD on copper interface
udld resetRestore interfaces blocked by UDLD
STP Diagnostics
CommandDescription
show spanning-tree summaryAll enabled STP features (bpduguard, loopguard, etc.)
show spanning-tree [vlan 1]STP info per VLAN (root, port roles, costs)
show spanning-tree int fa0/1 portfastCheck if PortFast is active on a port
show udldUDLD status
debug spanning-tree eventsReal-time STP event output

EtherChannel

L2 EtherChannel (LACP)
CommandDescription
int range fa0/1-2Enter range configuration for fa0/1–fa0/2
switchport mode trunkSet ports to trunk mode
switchport nonegotiateDisable DTP
switchport trunk allowed vlan 1,2,...Specify allowed VLANs on the trunk
channel-group 1 mode activeAdd ports to EtherChannel group 1 with LACP (active)
channel-group 1 mode autoPAgP passive mode
channel-group 1 mode onStatic EtherChannel (no negotiation protocol)
port-channel load-balance dst-ipLoad balance by destination IP
L3 EtherChannel on Switch
CommandDescription
int port-channel 1Create port-channel interface manually
no switchportPut port-channel in routed mode
ip address 10.0.1.1 255.255.255.0Assign IP to port-channel
int range fa0/1, fa0/2Select physical ports
no switchportSet physical ports to routed mode
channel-group 1 mode activeAdd physical ports to EtherChannel (LACP)
EtherChannel Diagnostics
CommandDescription
show etherchannel summaryEtherChannel status and port flags
show etherchannel port-channelDetailed EtherChannel info
show etherchannel load-balanceCurrent load-balancing method
show int port-channel 1Port-channel interface status (not available in PacketTracer)

L3 EtherChannel on routers: static aggregation only (no LACP/PAgP); max 2 port-channels; max 4 ports per bundle; source+destination IP load balancing (not changeable).

STP Reference Tables

STP Versions Comparison
VersionStandardResourcesConvergencePer-VLAN
CST802.1DLowSlowNo
PVST+CiscoHighSlowYes
RSTP802.1WMediumFastNo
Rapid PVST+CiscoVery highFastYes
MSTP802.1SMedium–highFastYes
STP Port States
StateRecv BPDUSend BPDULearn MACForward dataDuration
Blockingβœ“βœ—βœ—βœ—Until loop detected
Listeningβœ“βœ“βœ—βœ—Forward Delay (15 s)
Learningβœ“βœ“βœ“βœ—Forward Delay (15 s)
Forwardingβœ“βœ“βœ“βœ“Until loop detected
Disabledβœ—βœ—βœ—βœ—Admin down
STP / RSTP Path Cost by Speed
SpeedSTP cost (802.1D short)RSTP cost (802.1W long)
10 Mbps1002 000 000
100 Mbps19200 000
1 Gbps420 000
2 Gbps310 000
10 Gbps22 000
100 Gbpsβ€”200
Loop Guard vs UDLD
ProtectionLoop GuardUDLD
STP software-level failureβœ“βœ—
Incorrect initial cablingβœ—βœ“
Unidirectional linkβœ“ (if on all alternate ports)βœ“ (if on all ports)

Recommended: enable both Loop Guard and UDLD together.

DTP β€” Dynamic Trunking Protocol

DTP Negotiation Matrix
Local \ RemoteDynamic autoDynamic desirableTrunkAccess
Dynamic autoAccessTrunkTrunkAccess
Dynamic desirableTrunkTrunkTrunkAccess
TrunkTrunkTrunkTrunk⚠️ misconfig
AccessAccessAccess⚠️ misconfigAccess

Default mode on Cisco switches: dynamic auto. Best practice: set mode manually (trunk / access) and disable DTP with switchport nonegotiate.

EtherChannel Reference Tables

LACP / PAgP Negotiation Modes
ProtocolMode A \ Mode BActive / DesirablePassive / AutoOn
LACPActiveβœ“ Trunk formedβœ“ Trunk formedβ€”
LACPPassiveβœ“ Trunk formedβœ— No trunkβ€”
PAgPDesirableβœ“ Trunk formedβœ“ Trunk formedβ€”
PAgPAutoβœ“ Trunk formedβœ— No trunkβ€”
StaticOnβ€”β€”βœ“ Trunk formed
EtherChannel Load Balancing Methods
MethodHash based onSupported platforms
src-ipSource IP addressAll switches
dst-ipDestination IP addressAll switches
src-dst-ipSource + destination IPAll switches
src-macSource MAC addressAll switches
dst-macDestination MAC addressAll switches
src-dst-macSource + destination MACAll switches
src-portSource TCP/UDP portCatalyst 4500, 6500
dst-portDestination TCP/UDP portCatalyst 4500, 6500
src-dst-portSource + destination portCatalyst 4500, 6500

Simple active/standby failover β€” alternative to STP for access layer.

FlexLinks Configuration
CommandDescription
int fa0/1Enter primary interface
switchport backup interface fa0/2Set fa0/2 as standby for fa0/1 (activates when fa0/1 goes down)
show interface switchport backupShow FlexLinks pairs and their status

Cisco IOS Command Reference | VLANs, STP, EtherChannel

← Back to kb