This chapter covers the most critical switch show commands for the CompTIA Network+ N10-009 exam. Understanding these commands is essential for troubleshooting network connectivity, performance, and security issues at the access and distribution layers. Approximately 10-15% of the exam's troubleshooting domain (Objective 5.6) will require you to interpret output from these commands to isolate problems. You will learn the exact syntax, key fields, and what each command reveals about the switch's current state.
Jump to a section
Imagine you are a building manager responsible for a large office complex with hundreds of rooms, each with a unique room number. You have a master blueprint that shows every room, its current occupant, and the status of its door (open/closed). When a visitor arrives and asks, 'Who is in room 305?', you consult the blueprint to answer. Similarly, when you need to check if a specific room's door is locked, you look at the blueprint's lock status column. The blueprint is your 'show mac address-table' and 'show interfaces status' commands. Now, suppose a room's occupant moves to a different room — you update the blueprint immediately. If you don't update, the visitor goes to the wrong room. That is exactly how a switch learns MAC addresses: it builds a table of which MAC address is associated with which port. The 'show mac address-table' command displays this table. Just as the building manager uses the blueprint to route visitors correctly, the switch uses its MAC address table to forward frames only to the correct port, avoiding unnecessary flooding. If the table is corrupted or stale, frames may be misdelivered, just as a visitor would be sent to the wrong room. The 'show mac address-table' command is your primary tool to verify the switch's forwarding decisions.
Overview of Switch Show Commands
Switch show commands are read-only commands executed in privileged EXEC mode (enable mode) that display the current operational state, configuration, and statistics of a switch. They are the primary tools for a network engineer to verify that the switch is functioning as expected, to identify misconfigurations, and to troubleshoot connectivity or performance issues. Unlike configuration commands, show commands do not alter the switch's state.
The MAC Address Table: show mac address-table
What it is: The MAC address table (also called CAM table) is a Layer 2 forwarding table that maps MAC addresses to switch ports. The switch uses this table to make forwarding decisions: when a frame arrives, the switch looks up the destination MAC address, and if found, forwards the frame only out the corresponding port. If not found, the switch floods the frame out all ports except the receiving port.
How it works internally: The switch learns MAC addresses by examining the source MAC address of every incoming frame. It records the source MAC, the port it arrived on, and the VLAN ID. The table is stored in content-addressable memory (CAM) for fast lookups. Entries have an aging timer (default 300 seconds on most Cisco switches) — if no frame with that source MAC is seen within that time, the entry is removed. Static entries can be manually configured and do not age out.
Command syntax:
Switch> enable
Switch# show mac address-tableOutput example:
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0050.7966.6800 DYNAMIC Gi0/1
1 0050.7966.6801 DYNAMIC Gi0/2
10 aaaa.bbbb.cccc STATIC Gi0/3Key fields: - Vlan: The VLAN ID in which the MAC address was learned. - Mac Address: The 48-bit MAC address in dotted-hex format. - Type: DYNAMIC (learned dynamically), STATIC (manually configured), or SECURE (port security). - Ports: The switch port(s) associated with the MAC address. For static entries, multiple ports may be listed.
Common troubleshooting scenarios:
- Missing MAC entry: If a device cannot communicate, check if its MAC appears in the table. If not, the switch has not learned it — possible causes: device powered off, cable fault, wrong VLAN, or port in blocking state (STP).
- Wrong port: If a MAC appears on an unexpected port, there may be a loop or a rogue device. Use show mac address-table address <MAC> to find the exact port.
- Aging timer: Use show mac address-table aging-time to see the current timer. Default is 300 seconds. If you suspect entries are timing out too quickly, check this value.
Interface Status: show interfaces status
What it is: Displays a summary of all interfaces, their administrative and operational status, VLAN assignment, duplex, speed, and type.
Command syntax:
Switch# show interfaces statusOutput example:
Port Name Status Vlan Duplex Speed Type
Gi0/1 HR_Desktop connected 1 a-full a-100 10/100/1000BaseTX
Gi0/2 Finance_Server notconnect 1 auto auto 10/100/1000BaseTX
Gi0/3 Admin_Printer disabled 1 auto auto 10/100/1000BaseTX
Gi0/4 Guest_WiFi_AP connected 10 a-full a-1000 10/100/1000BaseTXKey fields:
- Port: Interface identifier.
- Name: Description configured with description command.
- Status: connected (operational up), notconnect (cable unplugged or device off), disabled (administratively down with shutdown), err-disabled (error-disabled due to security violation or error).
- Vlan: Access VLAN (for access ports) or native VLAN (for trunk ports).
- Duplex: a-full (auto-negotiated full duplex), a-half (auto half), or full/half if manually set.
- Speed: a-100 (auto-negotiated 100 Mbps), a-1000, or fixed value.
- Type: Physical media type.
Troubleshooting use:
- A notconnect status indicates a Layer 1 problem — check cable, device power, or port security.
- A disabled status means the port was manually shut down. Use no shutdown to re-enable.
- An err-disabled status requires finding the cause (e.g., port security violation, BPDU guard) and then issuing shutdown followed by no shutdown on that port.
Interface Counters: show interfaces
What it is: Detailed per-interface statistics including packets, errors, and utilization. Essential for identifying CRC errors, collisions, runts, giants, and other issues.
Command syntax:
Switch# show interfaces gigabitEthernet 0/1Output example (truncated):
GigabitEthernet0/1 is up, line protocol is up
Hardware is Gigabit Ethernet, address is 0011.2233.4455 (bia 0011.2233.4455)
MTU 1500 bytes, BW 1000000 Kbit/sec
Full-duplex, 1000Mb/s
input flow-control is off, output flow-control is off
Input queue: 0/2000/0/0 (size/max/drops/flushes)
5 minute input rate 10000 bits/sec, 10 packets/sec
5 minute output rate 20000 bits/sec, 15 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped outKey error counters: - CRC: Cyclic Redundancy Check errors — caused by faulty cabling, electromagnetic interference, or duplex mismatch. - Runts: Frames smaller than 64 bytes — usually due to collisions or faulty NIC. - Giants: Frames larger than 1518 bytes — often due to misconfigured jumbo frames or faulty hardware. - Collisions: Normal on half-duplex; excessive collisions indicate duplex mismatch. - Late collisions: Occur after the first 64 bytes — typically caused by cable length exceeding specifications or duplex mismatch. - Input errors: Total of CRC, frame, overrun, ignored. - Output errors: Total of collisions, interface resets, etc.
Duplex mismatch detection: If one side is full-duplex and the other half-duplex, you will see high CRC errors on the full-duplex side and late collisions on the half-duplex side.
VLAN Information: show vlan brief
What it is: Displays all VLANs configured on the switch, their names, status, and ports assigned.
Command syntax:
Switch# show vlan briefOutput example:
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/1, Gi0/2, Gi0/3
10 Finance active Gi0/4, Gi0/5
20 HR active Gi0/6
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsupTroubleshooting use:
- If a device cannot communicate, verify its port is in the correct VLAN.
- VLANs 1002-1005 are default for legacy technologies and are usually not used.
- If a VLAN is not listed, it may not exist — create it with vlan <vlan-id>.
Trunking: show interfaces trunk
What it is: Displays trunk interfaces, allowed VLAN lists, and native VLAN.
Command syntax:
Switch# show interfaces trunkOutput example:
Port Mode Encapsulation Status Native vlan
Gi0/24 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/24 1-100,200,300
Port Vlans allowed and active in management domain
Gi0/24 1,10,20,30
Port Vlans in spanning tree forwarding state and not pruned
Gi0/24 1,10,20,30Troubleshooting use:
- If a VLAN is not being carried across a trunk, check if it is in the allowed list and if the native VLAN matches on both ends.
- A native VLAN mismatch will cause BPDU and CDP/VTP issues; use show interfaces trunk on both switches.
Spanning Tree: show spanning-tree
What it is: Displays the Spanning Tree Protocol (STP) state for each VLAN and port.
Command syntax:
Switch# show spanning-tree vlan 10Output example:
VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 32778
Address 0011.2233.4455
Cost 4
Port 24 (GigabitEthernet0/24)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address 0011.2233.4455
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/1 Desg FWD 4 128.1 P2p
Gi0/2 Altn BLK 4 128.2 P2p
Gi0/24 Root FWD 4 128.24 P2pKey fields: - Root ID: The bridge ID of the root bridge. - Bridge ID: This switch's bridge ID. - Role: Root, Designated, Alternate, or Backup. - Sts: Forwarding (FWD), Blocking (BLK), Listening, Learning. - Cost: Path cost to root bridge.
Troubleshooting use:
- If a port is stuck in Blocking, check for loops or configuration errors.
- If a port is in Listening/Learning for too long, the forward delay timer may be misconfigured.
- Use show spanning-tree root to quickly see the root bridge for all VLANs.
Port Security: show port-security
What it is: Displays port security settings and violations.
Command syntax:
Switch# show port-security interface gigabitEthernet 0/1Output example:
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Maximum MAC Addresses : 2
Total MAC Addresses : 1
Configured MAC Addresses : 1
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Security Violation Count : 0Troubleshooting use:
- If a port is err-disabled, check show port-security interface for violation count. Use clear port-security sticky if needed.
Error-Disabled Recovery: show errdisable recovery
What it is: Displays which causes can automatically recover from errdisable state.
Command syntax:
Switch# show errdisable recoveryOutput example:
ErrDisable Reason Timer Status
----------------- --------------
udld Disabled
bpduguard Disabled
security-violation Disabled
channel-misconfig Disabled
vmps Disabled
pagp-flap Disabled
dtp-flap Disabled
link-flap Disabled
l2ptguard Disabled
psecure-violation Disabled
port-mode-failure Disabled
Timer interval: 300 secondsARP Table: show arp
What it is: Displays the Address Resolution Protocol cache, mapping IP addresses to MAC addresses on the switch itself (not for switched traffic). Useful for verifying the switch's own management IP.
Command syntax:
Switch# show arpOutput example:
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.1.1.1 - 0011.2233.4455 ARPA Vlan1
Internet 10.1.1.100 10 0050.7966.6800 ARPA Vlan1Note: This is the switch's own ARP table, not the network's. For Layer 3 switches, show ip arp is similar.
CDP/LLDP: show cdp neighbors / show lldp neighbors
What it is: Displays directly connected Cisco devices (CDP) or any LLDP-capable devices.
Command syntax:
Switch# show cdp neighborsOutput example:
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
Router1 Gig 0/1 173 R ISR4331 Gig 0/0/0
Switch2 Gig 0/2 157 S WS-C2960 Gig 0/1Troubleshooting use:
- If a neighbor does not appear, CDP/LLDP may be disabled globally or on the interface.
- Use show cdp interface to verify CDP is enabled.
Summary of Key Commands for N10-009
| Command | Use Case |
|---------|----------|
| show mac address-table | Verify MAC learning, find device location, detect loops |
| show interfaces status | Check port connectivity, duplex, speed, VLAN |
| show interfaces | Detailed errors, counters, duplex mismatch |
| show vlan brief | VLAN configuration, port membership |
| show interfaces trunk | Trunk status, allowed VLANs, native VLAN |
| show spanning-tree | STP state, root bridge, blocked ports |
| show port-security | Port security violations |
| show cdp neighbors | Discover directly connected devices |
| show arp | Switch's own IP-to-MAC mappings |
Identify the Problem
Begin by gathering symptoms: a user cannot reach a server, or intermittent connectivity occurs. Use 'ping' from the user's device to the default gateway or server to confirm lack of connectivity. If ping fails, the issue is likely at Layer 2 or Layer 1. Document the source IP, destination IP, and switch port the user is connected to. This step ensures you focus on the correct segment of the network.
Check Interface Status
On the switch that the user's device is connected to, run 'show interfaces status' and locate the port. If the status is 'notconnect', the cable is unplugged or the device is off. If 'disabled', the port was administratively shut down. If 'err-disabled', a security violation or error occurred. If 'connected', proceed to check duplex and speed. A duplex mismatch can cause high errors and poor performance.
Examine MAC Address Table
Run 'show mac address-table address <user-device-MAC>' to verify the switch has learned the user's MAC address on the expected port. If the MAC is not present, the switch has not seen traffic from the device — possible causes: VLAN mismatch, cable fault, or the device is not sending frames. If the MAC is on a different port, there may be a loop or a rogue device. If the MAC is present on the correct port, the switch is capable of forwarding frames from that device.
Verify VLAN Configuration
Use 'show vlan brief' to confirm the user's port is in the correct VLAN. If the VLAN does not exist, create it. If the port is in the wrong VLAN, change it with 'switchport access vlan <vlan-id>'. Also check that the VLAN is allowed on any trunk links between switches. Use 'show interfaces trunk' to see allowed VLAN lists. A missing VLAN on a trunk will prevent traffic from crossing.
Check Spanning Tree State
Run 'show spanning-tree vlan <vlan-id>' and look at the port's role and status. If the port is in Blocking state, STP has disabled it to prevent loops. This could be due to a redundant link or a misconfiguration. If the port is in Listening or Learning for an extended time, check the forward delay timer. If the port is in Forwarding, STP is not blocking traffic.
Inspect Interface Errors
On the user's port, run 'show interfaces <interface>' and check CRC, collisions, runts, and giants. High CRC errors suggest a bad cable or interference. Late collisions indicate a duplex mismatch or excessive cable length. If errors are high, replace the cable or fix duplex settings. Also check the connected device's NIC for errors.
Resolve and Verify
Based on findings, take corrective action: replace cable, change VLAN, adjust duplex/speed, or clear errdisable state. After changes, re-test connectivity with ping. Use 'show mac address-table' again to confirm the MAC is present. Use 'show interfaces status' to confirm port is 'connected' with correct speed/duplex. Document the resolution.
Enterprise Scenario 1: Campus Network Connectivity Outage
A large university has a campus network with hundreds of access switches connecting dorm rooms and classrooms. Users in a specific building report that they cannot access the internet. As the network engineer, you begin troubleshooting at the access layer. You SSH into the access switch and run 'show interfaces status'. You notice that several ports are in 'err-disabled' state. Running 'show port-security interface' reveals that these ports have exceeded the maximum MAC addresses due to students connecting personal routers. The violation mode is shutdown. You clear the errdisable state with 'clear errdisable interface <port>' and reconfigure port security to allow more MAC addresses or use 'sticky' learning. After re-enabling, you verify connectivity with 'show mac address-table' to ensure the correct MACs are learned. This scenario highlights the importance of port security and the need to balance security with usability.
Enterprise Scenario 2: Data Center Leaf-Spine Leaf Switch Troubleshooting
In a modern data center using a leaf-spine topology, a leaf switch connected to a spine switch is experiencing intermittent connectivity for a specific VLAN. The engineer runs 'show interfaces trunk' on the leaf switch and notices that the trunk to the spine is up and trunking, but the VLAN in question is not in the 'Vlans allowed and active' list. Further investigation with 'show vlan brief' shows that the VLAN exists on the leaf but is not allowed on the trunk. The engineer adds the VLAN to the allowed list with 'switchport trunk allowed vlan add <vlan-id>'. Then, using 'show spanning-tree vlan <vlan-id>', they confirm the port is in forwarding state. Finally, they check 'show mac address-table vlan <vlan-id>' to see if the server MAC appears. This scenario demonstrates the interplay between VLAN configuration, trunking, and STP.
Common Pitfalls in Production
Duplex mismatch: Often occurs when one side is hard-coded and the other is auto-negotiating. Always use 'show interfaces status' to verify both sides match. A full/half mismatch causes high error rates and poor performance.
Native VLAN mismatch: A classic misconfiguration on trunk links. Use 'show interfaces trunk' on both ends. If native VLANs differ, CDP will report a native VLAN mismatch, and BPDU filtering may cause STP issues.
STP loops: When a new switch is added without proper STP configuration, loops can occur. Use 'show spanning-tree' to identify blocked ports. If a port that should be blocking is forwarding, there may be a configuration error or a hardware fault.
What N10-009 Tests on Switch Show Commands (Objective 5.6)
The exam expects you to interpret the output of show commands to identify common issues: duplex mismatch, VLAN mismatch, STP blocking, port security violations, and MAC table problems. You will be given a scenario and output from a show command, then asked to determine the cause or the next step.
Most Common Wrong Answers
'Use show running-config' when the issue is operational: Many candidates default to checking configuration, but show commands like 'show interfaces status' reveal the current operational state. The exam often tests whether you know that a 'disabled' status is administrative, while 'notconnect' is physical.
Assuming all ports in 'err-disabled' are due to port security: While port security is a common cause, err-disable can also result from BPDU guard, UDLD, link-flap, or channel misconfiguration. The exam may present a scenario where the cause is BPDU guard, and candidates incorrectly choose port security.
Confusing 'show mac address-table' with 'show arp': The MAC table is Layer 2; ARP is Layer 3. A question about which port a device is connected to requires the MAC table, not ARP. Candidates often pick ARP because they see IP addresses.
Thinking STP blocking is always a problem: STP blocks ports to prevent loops. The exam may ask why a port is blocking, and the correct answer is 'loop prevention', not 'malfunction'.
Specific Values to Memorize
Default MAC address table aging time: 300 seconds.
Default STP forward delay: 15 seconds.
Default STP hello time: 2 seconds.
Default STP max age: 20 seconds.
Port security default maximum MAC addresses: 1.
Errdisable recovery default timer: 300 seconds.
CDP holdtime default: 180 seconds.
LLDP transmit interval: 30 seconds (default).
Edge Cases and Exceptions
Multiple MAC addresses on one port: This is normal for a port connected to a hub or a switch with multiple devices. The exam may ask you to interpret a MAC table showing multiple MACs on an access port — that is acceptable if it's a hub.
Static MAC entries: A static entry overrides dynamic learning and does not age out. The exam may test that static entries are not removed by the aging timer.
VLAN 1 default: Many questions assume VLAN 1 is the default VLAN and native VLAN. Candidates should know that changing the native VLAN is a security best practice.
'show interfaces trunk' vs 'show interfaces switchport': The latter shows switchport mode (access/trunk) and native VLAN, while the former shows operational trunk status. The exam may test the difference.
How to Eliminate Wrong Answers
If the question involves a port that is 'notconnect', eliminate any answer suggesting a configuration issue — it's physical.
If the output shows 'err-disabled', look for a cause in the question (e.g., 'port security violation' or 'BPDU guard').
If the MAC table shows a MAC on the wrong port, consider a loop or MAC spoofing.
If CRC errors are high, suspect cabling or duplex mismatch — not VLAN mismatch.
Use 'show interfaces status' to quickly check port connectivity; 'connected' means Layer 1 is up, 'notconnect' means no cable or device off, 'disabled' means administratively down, 'err-disabled' means a violation or error occurred.
The MAC address table ('show mac address-table') is the switch's Layer 2 forwarding table; missing entries indicate the switch hasn't learned the device, often due to VLAN mismatch or cable fault.
High CRC errors on an interface typically indicate a cabling issue or duplex mismatch; late collisions specifically indicate duplex mismatch or excessive cable length.
The default MAC address table aging time is 300 seconds; static entries do not age out.
STP blocking is normal for redundant links; a port stuck in blocking when it should be forwarding indicates a configuration error or loop.
Port security violations cause err-disable state; use 'show port-security interface' to see violation count and 'clear errdisable interface' to recover.
Always verify native VLAN consistency on trunk links using 'show interfaces trunk' on both ends; native VLAN mismatch causes BPDU and CDP issues.
CDP and LLDP are Layer 2 discovery protocols; use 'show cdp neighbors' to find directly connected Cisco devices.
These come up on the exam all the time. Here's how to tell them apart.
show interfaces status
Displays a summary of all interfaces in a table format
Shows port status (connected/notconnect/disabled/err-disabled)
Shows VLAN, duplex, speed, and type
Does not show error counters or detailed statistics
Quick overview for connectivity checks
show interfaces
Displays detailed per-interface information
Shows operational status (up/down) and line protocol
Shows MAC address, MTU, bandwidth, and queue info
Shows detailed error counters (CRC, collisions, runts, giants)
Used for in-depth troubleshooting of errors
show mac address-table
Layer 2 table mapping MAC addresses to ports and VLANs
Used to find which port a device is connected to
Does not contain IP addresses
Entries age out by default after 300 seconds
Critical for loop detection and device location
show arp
Layer 3 table mapping IP addresses to MAC addresses
Used to resolve next-hop IP to MAC for the switch itself
Contains IP addresses and MAC addresses
Entries age out typically after 4 hours (default)
Used for switch management IP troubleshooting
Mistake
The 'show mac address-table' command shows IP addresses.
Correct
The MAC address table contains only MAC addresses, not IP addresses. It maps MAC addresses to ports and VLANs. To see IP-to-MAC mappings, use 'show arp' on the switch or router.
Mistake
A 'notconnect' status means the port is administratively down.
Correct
'notconnect' indicates the port is administratively up (no shutdown) but no cable is detected or the connected device is powered off. 'disabled' means the port was shut down with the 'shutdown' command.
Mistake
All errors on an interface are caused by bad cabling.
Correct
CRC errors can be caused by cabling, but also by duplex mismatch, electromagnetic interference, or faulty NIC. Late collisions specifically indicate duplex mismatch or cable length exceeding 100 meters for copper.
Mistake
Spanning Tree Protocol blocking a port always indicates a problem.
Correct
STP blocks ports to prevent loops in redundant topologies. A blocked port is normal and expected in a well-designed network. The problem is when a port that should be forwarding is blocked.
Mistake
The 'show interfaces status' command shows error counters.
Correct
'show interfaces status' shows a summary of administrative/operational status, VLAN, duplex, speed, and type. Error counters are displayed with 'show interfaces' (without 'status').
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
It shows a summary of all switch interfaces, including their administrative and operational status (connected, notconnect, disabled, err-disabled), VLAN assignment, duplex, speed, and media type. It is the first command to run when troubleshooting connectivity issues because it quickly reveals whether a port is physically connected and enabled.
Use the command 'show mac address-table address <MAC-address>' on the switch. Replace <MAC-address> with the device's MAC address in dotted-hex format (e.g., 0050.7966.6800). The output will show the VLAN and port associated with that MAC. If the MAC is not in the table, the switch has not learned it — check connectivity and VLAN assignment.
'notconnect' means the interface is administratively up (no shutdown) but no cable is detected or the connected device is powered off. 'disabled' means the interface was manually shut down with the 'shutdown' command. To fix 'disabled', use 'no shutdown'. To fix 'notconnect', check the cable and connected device.
CRC errors indicate that frames were received with an invalid checksum, usually due to faulty cabling, electromagnetic interference, or a duplex mismatch. A high number of CRC errors suggests a physical layer problem. Use 'show interfaces <interface>' to see the CRC counter. If CRC errors increase rapidly, replace the cable or check for interference.
A port enters err-disabled state when a security violation occurs (e.g., port security violation, BPDU guard, UDLD) or when an error condition is detected (e.g., link-flap, channel misconfig). Use 'show port-security interface' to check for security violations, or 'show errdisable recovery' to see which causes are enabled. To recover, fix the cause and issue 'shutdown' followed by 'no shutdown' on the port.
It displays the Spanning Tree Protocol status for each VLAN, including the root bridge, the role of each port (Root, Designated, Alternate, Backup), and the port state (Forwarding, Blocking, Listening, Learning). It is essential for identifying loops and verifying that redundant links are properly blocking.
Use 'show interfaces trunk' and look at the 'Vlans allowed on trunk' line. If the VLAN is not listed, it is not allowed. Also check 'Vlans allowed and active in management domain' — the VLAN must exist and be active on both ends. To add a VLAN, use 'switchport trunk allowed vlan add <vlan-id>' in interface configuration mode.
You've just covered Switch Show Commands — now see how well it sticks with free N10-009 practice questions. Full explanations included, no account needed.
Done with this chapter?