You are here: Home > CLI Commands > Just_CLI_Topics > interface range

interface range

interface range gigabitethernet <slot>/<module-start>/<port-start>-<module-end>/<port-end>

ip access-group {in|out|session {vlan <vlanId>}} <acl)_name>

lacp

lldp

no

shutdown

switchport {access vlan <vlan>|mode {access|trunk}|trunk {allowed vlan {<vlans>|add <vlans>|all|except <vlans>|remove <vlans>}|

 native vlan <vlan>}}

trusted {vlan <word>}

Description

This command configures a range of GigabitEthernet interfaces on the managed device.

Syntax

Parameter

Description

Range

Default

range

Range of EthernetEthernet is a network protocol for data transmission over LAN. ports in the format <slot>/<module>/<port>-<port>. where <slot>/<module>/<port> is the interface.

duplex

Transmission mode on the interface: full- or half-duplex or auto to automatically adjust transmission.

auto/full/half

auto

ip access-group

Applies the specified ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. to the interface. Use the ip access-list command to configure an ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port..

in

Applies ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. to interface’s inbound traffic.

out

Applies ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. to interface’s outbound traffic.

session

Applies session ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. to interface and optionally to a selected VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. associated with this range of ports.

lacp

Configure an LACPLink Aggregation Control Protocol. LACP is used for the collective handling of multiple physical ports that can be seen as a single channel for network traffic purposes. group to the interface.

group <id> mode [active|passive]

Enter the LAGLink Aggregation Group . A LAG combines a number of physical ports together to make a single high-bandwidth data path. LAGs can connect two switches to provide a higher-bandwidth connection to a public network. number (0-7) and specify the mode (active or passive).

Active mode—the interface is in active negotiating state. LACPLink Aggregation Control Protocol. LACP is used for the collective handling of multiple physical ports that can be seen as a single channel for network traffic purposes. runs on any link that is configured to be in the active state. The port in an active mode also automatically initiates negotiations with other ports by initiating LACPLink Aggregation Control Protocol. LACP is used for the collective handling of multiple physical ports that can be seen as a single channel for network traffic purposes. packets.

Passive mode—the interface is not in an active negotiating state. LACPLink Aggregation Control Protocol. LACP is used for the collective handling of multiple physical ports that can be seen as a single channel for network traffic purposes. runs on any link that is configured in a passive state. The port in a passive mode responds to negotiations requests from other ports that are in an active state. Ports in passive state respond to LACPLink Aggregation Control Protocol. LACP is used for the collective handling of multiple physical ports that can be seen as a single channel for network traffic purposes. packets.

port-priority <value>

Enter the port-priority value. The higher the value, the lower the priority.

1-65535

255

timeout

Enter the keyword long to set the LACPLink Aggregation Control Protocol. LACP is used for the collective handling of multiple physical ports that can be seen as a single channel for network traffic purposes. session to 90 seconds.

Enter the keyword short to set the LACPLink Aggregation Control Protocol. LACP is used for the collective handling of multiple physical ports that can be seen as a single channel for network traffic purposes. session to 3 seconds.

90

lldp

Configures an LLDPLink Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet. functionality on an interface.

fast-transmit-counter

Set the number of the LLDPLink Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet. data units sent each time fast LLDPLink Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet. data unit transmission is triggered

1-8

4

fast-transmit-interval

Set the LLDPLink Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet. fast transmission interval in seconds.

1-3600

1

med

Enables the LLDPLink Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet. MED protocol.

disabled

receive

Enables processing of LLDPLink Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet. PDUPower Distribution Unit or Protocol Data Unit. Power Distribution Unit is a device that distributes electric power to the networking equipment located within a data center. Protocol Data Unit contains protocol control Information that is delivered as a unit among peer entities of a network. received.

disabled

transmit

Enables LLDPLink Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet. PDUPower Distribution Unit or Protocol Data Unit. Power Distribution Unit is a device that distributes electric power to the networking equipment located within a data center. Protocol Data Unit contains protocol control Information that is delivered as a unit among peer entities of a network. transmit.

disabled

transmit-hold <1-100>

Set the transmit hold multiplier.

1-100

4

transmit-interval <1-3600>

Sets the transmit interval in seconds.

1-3600

30

no

Negates any configured parameter.

shutdown

Causes a hard shutdown of the interface.

switchport

Sets switching mode parameters for the interface.

access vlan

Sets the interface as an access port for the specified VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.. The interface carries traffic only for the specified VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN..

mode

Sets the mode of the interface to access or trunk mode only.

trunk {allowed vlan

{<vlans>|add <vlans>|all|except <vlans> |remove <vlans>}|native vlan <vlan>}} 

Sets the interfaces as trunk ports for the specified VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.. A trunk port carries traffic for multiple VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. using 802.1q tagging to mark frames for specific VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.. You can include all VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. configured on the managed device, or add or remove specified VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.. Optionally you can specify the native VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. for the trunk mode interface. Frames on the native VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. are not 802.1q tagged.

trusted

Set this interface and range of VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. to be trusted. VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. not included in the trusted range of VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. will be, by default, untrusted.

Trusted ports and VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. are typically connected to internal controlled networks, while untrusted ports connect to third-party APs, public areas, or other networks to which access controls should be applied. When Aruba APs are attached directly to the managed device, set the port to be trusted.

enabled

vlan <word>

Sets the specified range of VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. as trusted. All remaining become untrusted automatically.

For example, If you set a VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. range as:
vlanVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. 1-10, 100-300, 301, 305-400, 501-4094

Then all VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. in this range are trusted and all others become untrusted by default. You can also use the no trusted vlan command to explicitly make an individual VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. untrusted. The no trusted vlanVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. command is additive and adds given vlansVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. to the existing untrusted vlanVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. set.

However, if you execute the trusted vlan <word> command, it overrides any earlier untrusted VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. or a range of untrusted VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. and creates a new set of trusted VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN..

NOTE: A port supports a user VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. range from 1-4094. If you want to set all VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. (1-4094) on a port as untrusted then mark the port itself as untrusted. By default the port and all its associated VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. are trusted.

1-4094

Usage Guidelines

Use the show port status command to obtain information about the interfaces available on the managed device. You can execute this command only on a hardware platform that acts as a managed device or as a stand-alone controller.

Example

The following command configures a range of interface as a trunk port for a set of VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.:

(host) [00:0b:86:99:88:17] (config) #interface range gigabitethernet 0/0/0-0/17

(host) [00:0b:86:99:88:17] (config-submode)#switchport mode trunk

(host) [00:0b:86:99:88:17] (config-submode)#switchport trunk native vlan 10

(host) [00:0b:86:99:88:17] (config-submode)#switchport trunk allowed vlan 1,10,100

Command History

Release

Modification

ArubaOS 8.2.0.0

Updated the new syntax as ip access-group {in|out|session {vlan <vlanId>}} <acl)_name>.

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Config mode on Mobility Master.

/*]]>*/