Index A
aaa accounting dot1x command 1
aaa authentication dot1x command 3, 776
aaa authorization network command 5, 22, 28, 30, 32, 34, 36, 137, 281, 439, 7, 34
AAA methods 3, 776
access control entries
See ACEs
access control lists
See ACLs
access groups
IP 189
MAC, displaying 562
access mode 741
access ports 741
ACEs 122, 372
ACLs
deny 120
displaying 422
for non-IP protocols 285
IP 189
on Layer 2 interfaces 189
permit 370
address aliasing 348
aggregate-port learner 364
allowed VLANs 756
archive copy-sw command 6
archive download-sw command 9
archive tar command 13
archive upload-sw command 16
arp access-list command 18
authentication command bounce-port ignore 20
authentication command disable-port ignore 21
authentication control-direction command 22
authentication event command 24
authentication failed VLAN
See dot1x auth-fail vlan
authentication fallback command 28
authentication host-mode command 30
authentication mac-move permit command 32
authentication open command 34
authentication order command 36
authentication periodic command 38
authentication port-control command 40
authentication priority command 42
authentication timer command 44
authentication violation command 46
auth-fail max-attempts
See dot1x auth-fail max-attempts
auth-fail vlan
See dot1x auth-fail vlan
auth open command 34
auth order command 36
authorization state of controlled port 155
auth timer command 44
autonegotiation of duplex mode 167
auto qos classify command 48
auto qos trust command 51
auto qos voip command 54
B
BackboneFast, for STP 667
backup interfaces
configuring 734
displaying 494
boot (boot loader) command 2
boot auto-copy-sw command 60
boot config-file command 62
boot enable-break command 63
boot helper command 64
boot helper-config file command 65
booting
Cisco IOS image 68
displaying environment variables 435
interrupting 63
manually 66
boot loader
accessing 1
booting
Cisco IOS image 2
helper image 64
directories
creating 14
displaying a list of 7
removing 18
displaying
available commands 12
memory heap utilization 13
version 25
environment variables
described 19
displaying settings 19
location of 20
setting 19
unsetting 23
boot loader (continued)
files
copying 5
deleting 6
displaying a list of 7
displaying the contents of 4, 15, 22
renaming 16
file system
formatting 10
initializing flash 9
running a consistency check 11
prompt 1
resetting the system 17
boot manual command 66
boot private-config-file command 67
boot system command 68
BPDU filtering, for spanning tree 668, 702
BPDU guard, for spanning tree 670, 702
broadcast storm control 723
C
candidate switches
See clusters
cat (boot loader) command 4
channel-group command 70
channel-protocol command 73
Cisco SoftPhone
auto-QoS configuration 54
trusting packets sent from 340
CISP
See Client Information Signalling Protocol
cisp
debug platform cisp command 34
cisp enable command 74
class command 75
class-map command 78
class maps
creating 78
defining the match criteria 297
displaying 440
class of service
See CoS
clear dot1x command 80
clear eap sessions command 81
clear errdisable interface 82
clear ip arp inspection log command 83
clear ip arp inspection statistics command 84
clear ip dhcp snooping database command 85
clear lacp command 87
clear logging onboard command 88
clear mac address-table command 89, 91
clear nmsp statistics command 92
clear pagp command 93
clear port-security command 94
clear spanning-tree counters command 96
clear spanning-tree detected-protocols command 97
clear vmps statistics command 98
clear vtp counters command 99
Client Information Signalling Protocol 74, 137, 439, 7, 34
cluster commander-address command 100
cluster discovery hop-count command 102
cluster enable command 103
cluster holdtime command 104
cluster member command 105
cluster outside-interface command 107
cluster run command 108
clusters
adding candidates 105
binding to HSRP group 109
building manually 105
communicating with
devices outside the cluster 107
members by using Telnet 395
debug messages, display 8
clusters (continued)
displaying
candidate switches 443
debug messages 8
member switches 445
status 441
hop-count limit for extended discovery 102
HSRP standby groups 109
redundancy 109
SNMP trap 657
cluster standby-group command 109
cluster timer command 111
command modes defined 2
command switch
See clusters
configuration files
password recovery disable considerations 1
specifying the name 62, 67
configuring multiple interfaces 185
copy (boot loader) command 5
copy logging onboard command 112
CoS
assigning default value to incoming packets 308
overriding the incoming value 308
CoS-to-DSCP map 312
CPU ASIC statistics, displaying 447
crashinfo files 176
critical VLAN 25
D
debug authentication 2
debug auto qos command 4
debug backup command 6
debug cisp command 7
debug cluster command 8
debug dot1x command 10
debug dtp command 12
debug eap command 13
debug etherchannel command 14
debug ilpower command 15
debug interface command 16
debug ip dhcp snooping command 17
debug ip igmp filter command 19
debug ip igmp max-groups command 20
debug ip igmp snooping command 21
debug ip verify source packet command 18
debug lacp command 22
debug lldp packets command 23
debug mac-notification command 24
debug matm command 25
debug matm move update command 26
debug monitor command 27
debug mvrdbg command 28
debug nmsp command 29
debug nvram command 30
debug pagp command 31
debug platform acl command 32
debug platform backup interface command 33
debug platform cisp command 34
debug platform cli-redirection main command 35
debug platform configuration command 36, 42
debug platform cpu-queues command 37
debug platform dot1x command 39
debug platform etherchannel command 40
debug platform forw-tcam command 41
debug platform ip arp inspection command 43
debug platform ip dhcp command 44
debug platform ip igmp snooping command 45
debug platform ip source-guard command 47
debug platform led command 48
debug platform matm command 49
debug platform messaging application command 50
debug platform phy command 51
debug platform pm command 53
debug platform port-asic command 55
debug platform port-security command 56
debug platform qos-acl-tcam command 57
debug platform resource-manager command 58
debug platform snmp command 59
debug platform span command 60
debug platform stack-manager command 61
debug platform supervisor-asic command 62
debug platform sw-bridge command 63
debug platform tcam command 64
debug platform udld command 66
debug platform vlan command 67
debug pm command 68
debug port-security command 70
debug qos-manager command 71
debug spanning-tree backbonefast command 74
debug spanning-tree bpdu command 75
debug spanning-tree bpdu-opt command 76
debug spanning-tree command 72
debug spanning-tree mstp command 77
debug spanning-tree switch command 79
debug spanning-tree uplinkfast command 81
debug sw-vlan command 82
debug sw-vlan ifs command 84
debug sw-vlan notification command 85
debug sw-vlan vtp command 87
debug udld command 89
debug vqpc command 91
define interface-range command 114
delete (boot loader) command 6
delete command 116
deny (ARP access-list configuration) command 118
deny command 120
detect mechanism, causes 169
DHCP snooping
accepting untrusted packets from edge switch 219
enabling
on a VLAN 224
option 82 217, 219
trust on an interface 222
error recovery timer 174
rate limiting 221
DHCP snooping binding database
binding file, configuring 215
bindings
adding 213
deleting 213
displaying 512
clearing database agent statistics 85
database agent, configuring 215
displaying
binding entries 512
database agent status 514, 516
renewing 403
dir (boot loader) command 7
directories, deleting 116
domain name, VTP 786
dot1x auth-fail max-attempts 131
dot1x auth-fail vlan 133
dot1x command 129
dot1x control-direction command 135
dot1x credentials (global configuration) command 137
dot1x critical global configuration command 138
dot1x critical interface configuration command 140
dot1x default command 142
dot1x fallback command 143
dot1x guest-vlan command 144
dot1x host-mode command 146
dot1x initialize command 148
dot1x mac-auth-bypass command 149
dot1x max-reauth-req command 151
dot1x max-req command 153
dot1x pae command 154
dot1x port-control command 155
dot1x re-authenticate command 157
dot1x reauthentication command 158
dot1x supplicant force-multicast command 159
dot1x test eapol-capable command 160
dot1x test timeout command 161
dot1x timeout command 162
dot1x violation-mode command 165
DSCP-to-CoS map 312
DSCP-to-DSCP-mutation map 312
DTP 742
DTP flap
error detection for 169
error recovery timer 174
DTP negotiation 743
dual-purpose uplink ports
displaying configurable options 497
displaying the active media 501
selecting the type 300
duplex command 166
dynamic-access ports
configuring 732
restrictions 733
dynamic ARP inspection
ARP ACLs
apply to a VLAN 196
define 18
deny packets 118
display 426
permit packets 368
clear
log buffer 83
statistics 84
display
ARP ACLs 426
configuration and operating state 507
log buffer 507
statistics 507
trust state and rate limit 507
enable per VLAN 206
log buffer
clear 83
configure 200
display 507
rate-limit incoming ARP packets 198
dynamic ARP inspection (continued)
statistics
clear 84
display 507
trusted interface state 202
type of packet logged 207
validation checks 204
dynamic auto VLAN membership mode 741
dynamic desirable VLAN membership mode 741
Dynamic Host Configuration Protocol (DHCP)
See DHCP snooping
Dynamic Trunking Protocol
See DTP
E
EAP-request/identity frame
maximum number to send 153
response time before retransmitting 162
environment variables, displaying 435
epm access-control open 168
errdisable detect cause command 169
errdisable detect cause small-frame comand 171
errdisable recovery cause small-frame 173
errdisable recovery command 174
error conditions, displaying 483
error disable detection 169
error-disabled interfaces, displaying 494
EtherChannel
assigning Ethernet interface to channel group 70
creating port-channel logical interface 183
debug EtherChannel/PAgP, display 14
debug platform-specific events, display 40
displaying 487
interface information, displaying 494
EtherChannel (continued)
LACP
clearing channel-group information 87, 88
debug messages, display 22
displaying 542
modes 70
port priority for hot-standby ports 266
restricting a protocol 73
system priority 268
load-distribution methods 379
PAgP
aggregate-port learner 364
clearing channel-group information 93
debug messages, display 31
displaying 610
error detection for 169
error recovery timer 174
learn method 364
modes 70
physical-port learner 364
priority of interface for transmitted traffic 366
Ethernet controller, internal register display 449
Ethernet controller, stackport information 456
Ethernet statistics, collecting 407
exception crashinfo command 176, 181
extended discovery of candidate switches 102
extended-range VLANs
and allowed VLAN list 756
and pruning-eligible list 756
extended system ID for STP 676
F
fallback profile command 177
fallback profiles, displaying 490
fan information, displaying 479
file name, VTP 786
files, deleting 116
flash_init (boot loader) command 9
flexible authentication ordering 36
Flex Links
configuring 734
configuring preferred VLAN 736
displaying 494
flowcontrol command 179
format (boot loader) command 10
forwarding results, display 5
frame forwarding information, displaying 5
front-end controller, counter and status information 7
fsck (boot loader) command 11
G
global configuration mode 2, 4
H
hardware ACL statistics 422
help (boot loader) command 12
hierarchical policy maps 378
hop-count limit for clusters 102
host connection, port configuration 740
Hot Standby Router Protocol
See HSRP
HSRP
binding HSRP group to cluster 109
standby group 109
I
IEEE 802.1x
and switchport modes 742
violation error recovery 174
See also port-based authentication
IEEE 802.1X Port Based Authentication
enabling guest VLAN supplicant 132, 143, 178
IGMP filters
applying 227
debug messages, display 19
IGMP groups, setting maximum 228
IGMP maximum groups, debugging 20
IGMP profiles
creating 230
displaying 519
IGMP snooping
adding ports as a static member of a group 246
displaying 520, 525, 527
enabling 232
enabling the configurable-leave timer 234
enabling the Immediate-Leave feature 243
flooding query count 240
interface topology change notification behavior 242
multicast table 523
querier 236
query solicitation 240
report suppression 238
switch topology change notification behavior 240
images
See software images
Immediate-Leave feature, MVR 350
immediate-leave processing 243
Immediate-Leave processing, IPv6 264
interface configuration mode 3, 4
interface port-channel command 183
interface range command 185
interface-range macros 114
interfaces
assigning Ethernet interface to channel group 70
configuring 166
configuring multiple 185
creating port-channel logical 183
debug messages, display 16
disabling 653
displaying the MAC address table 574
restarting 653
interface speed, configuring 712
interface vlan command 188
internal registers, displaying 449, 456, 463
Internet Group Management Protocol
See IGMP
invalid GBIC
error detection for 169
error recovery timer 174
ip access-group command 189
ip address command 191
IP addresses, setting 191
ip admission command 193
ip admission name proxy http command 194
ip arp inspection filter vlan command 196
ip arp inspection limit command 198
ip arp inspection log-buffer command 200
ip arp inspection trust command 202
ip arp inspection validate command 204
ip arp inspection vlan command 206
ip arp inspection vlan logging command 207
ip device tracking command 211
ip device tracking probe command 209
IP DHCP snooping
See DHCP snooping
ip dhcp snooping binding command 213
ip dhcp snooping command 212
ip dhcp snooping database command 215
ip dhcp snooping information option allow-untrusted command 219
ip dhcp snooping information option command 217
ip dhcp snooping limit rate command 221
ip dhcp snooping trust command 222
ip dhcp snooping verify command 223
ip dhcp snooping vlan command 224
ip dhcp snooping vlan information option format-type circuit-id string command 225
ip igmp filter command 227
ip igmp max-groups command 228
ip igmp profile command 230
ip igmp snooping command 232
ip igmp snooping last-member-query-interval command 234
ip igmp snooping querier command 236
ip igmp snooping report-suppression command 238
ip igmp snooping tcn command 240
ip igmp snooping tcn flood command 242
ip igmp snooping vlan immediate-leave command 243
ip igmp snooping vlan mrouter command 244
ip igmp snooping vlan static command 246
IP multicast addresses 347
IP phones
auto-QoS configuration 54
trusting packets sent from 340
IP-precedence-to-DSCP map 312
ip source binding command 248
IP source guard
disabling 251
displaying
binding entries 529
configuration 530
dynamic binding entries only 512
enabling 251
static IP source bindings 248
ip ssh command 250
ipv6 mld snooping command 252
ipv6 mld snooping last-listener-query count command 254
ipv6 mld snooping last-listener-query-interval command 256
ipv6 mld snooping listener-message-suppression command 258
ipv6 mld snooping robustness-variable command 260
ipv6 mld snooping tcn command 262
ipv6 mld snooping vlan command 264
IPv6 SDM template 408
ip verify source command 251
J
jumbo frames
See MTU
L
LACP
See EtherChannel
lacp port-priority command 266
lacp system-priority command 268
Layer 2 traceroute
IP addresses 767
MAC addresses 764
line configuration mode 3, 5
Link Aggregation Control Protocol
See EtherChannel
link flap
error detection for 169
error recovery timer 174
link state group command 270
link state track command 272
load-distribution methods for EtherChannel 379
location (global configuration) command 273
location (interface configuration) command 275
logging event command 277
logging event power-inline-status command 278
logging file command 279
logical interface 183
loopback error
detection for 169
recovery timer 174
loop guard, for spanning tree 678, 682
M
mab request format attribute 32 command 281
mac access-group command 283
MAC access-groups, displaying 562
MAC access list configuration mode 285
mac access-list extended command 285
MAC access lists 120
MAC addresses
disabling MAC address learning per VLAN 288
displaying
aging time 568
all 566
dynamic 572
MAC address-table move updates 577
notification settings 576, 579
number of addresses in a VLAN 570
per interface 574
per VLAN 583
static 581
static and dynamic entries 564
dynamic
aging time 287
deleting 89
displaying 572
enabling MAC address notification 292
enabling MAC address-table move update 290
persistent stack 720
static
adding and removing 294
displaying 581
dropping on an interface 295
tables 566
MAC address notification, debugging 24
mac address-table aging-time 283
mac address-table aging-time command 287
mac address-table learning command 288
mac address-table move update command 290
mac address-table notification command 292
mac address-table static command 294
mac address-table static drop command 295
macros
interface range 114, 185
maps
QoS
defining 312
displaying 592
match (class-map configuration) command 297
maximum transmission unit
See MTU
mdix auto command 299
media-type (interface configuration) command 300
media-type rj45 (line configuration) command 302
member switches
See clusters
memory (boot loader) command 13
mkdir (boot loader) command 14
MLD snooping
configuring 258, 260
configuring queries 254, 256
configuring topology change notification 262
displaying 532, 534, 536, 538
enabling 252
MLD snooping on a VLAN, enabling 264
mls qos aggregate-policer command 306
mls qos command 304
mls qos cos command 308
mls qos dscp-mutation command 310
mls qos map command 312
mls qos queue-set output buffers command 316
mls qos queue-set output threshold command 318
mls qos queue-set stack buffers command 320
mls qos rewrite ip dscp command 322
mls qos srr-queue input bandwidth command 324
mls qos srr-queue input buffers command 326
mls qos-srr-queue input cos-map command 328
mls qos srr-queue input dscp-map command 330
mls qos srr-queue input priority-queue command 332
mls qos srr-queue input threshold command 334
mls qos-srr-queue output cos-map command 336
mls qos srr-queue output dscp-map command 338
mls qos trust command 340
mode, MVR 347
Mode button, and password recovery 410
modes, commands 2
monitor session command 342
more (boot loader) command 15
MSTP
displaying 627
interoperability 97
link type 680
MST region
aborting changes 685
applying changes 685
configuration name 685
configuration revision number 685
current or pending display 685
displaying 627
MST configuration mode 685
VLANs-to-instance mapping 685
path cost 687
protocol mode 683
restart protocol migration process 97
root port
loop guard 678
preventing from becoming designated 678
restricting which can be root 678
root guard 678
root switch
affects of extended system ID 676
hello-time 690, 698
interval between BDPU messages 691
interval between hello BPDU messages 690, 698
max-age 691
maximum hop count before discarding BPDU 692
port priority for selection of 694
primary or secondary 698
switch priority 697
MSTP (continued)
state changes
blocking to forwarding state 704
enabling BPDU filtering 668, 702
enabling BPDU guard 670, 702
enabling Port Fast 702, 704
forward-delay time 689
length of listening and learning states 689
rapid transition to forwarding 680
shutting down Port Fast-enabled ports 702
state information display 626
MTU
configuring size 761
displaying global setting 637
Multicase Listener Discovery
See MLD
multicast group address, MVR 350
multicast groups, MVR 348
Multicast Listener Discovery
See MLD
multicast router learning method 244
multicast router ports, configuring 244
multicast router ports, IPv6 264
multicast storm control 723
multicast VLAN, MVR 348
multicast VLAN registration
See MVR
Multiple Spanning Tree Protocol
See MSTP
MVR
and address aliasing 348
configuring 347
configuring interfaces 350
debug messages, display 28
displaying 600
displaying interface information 602
members, displaying 604
mvr (global configuration) command 347
mvr (interface configuration) command 350
mvr vlan group command 351
N
native VLANs 756
network-policy (global configuration) command 354
network-policy command 353
network-policy profile (network-policy configuration) command 356
nmsp attachment suppress command 360
nmsp command 358
no authentication logging verbose 361
no dot1x logging verbose 362
no mab logging verbose 363
nonegotiate, speed 712
nonegotiating DTP messaging 743
non-IP protocols
denying 120
forwarding 370
non-IP traffic access lists 285
non-IP traffic forwarding
denying 120
permitting 370
normal-range VLANs 779
O
online diagnostics
displaying
configured boot-up coverage level 467
current scheduled tasks 467
event logs 467
supported test suites 467
test ID 467
test results 467
test statistics 467
online diagnostics (continued)
global configuration mode
clearing health monitoring diagnostic test schedule 83
setting health monitoring diagnostic testing 83
setting up health monitoring diagnostic test schedule 83
health monitoring diagnostic tests, configuring 123
testing, starting 127
P
PAgP
See EtherChannel
pagp learn-method command 364
pagp port-priority command 366
password, VTP 787
password-recovery mechanism, enabling and disabling 410
permit (ARP access-list configuration) command 368
permit (MAC access-list configuration) command 370
per-VLAN spanning-tree plus
See STP
physical-port learner 364
PID, displaying 506
PIM-DVMRP, as multicast router learning method 244
PoE
configuring the power budget 383
configuring the power management mode 380
displaying controller register values 461
displaying power management information 617
logging of status 278
monitoring power 385
policing power consumption 385
police aggregate command 375
police command 373
policed-DSCP map 312
policy-map command 377
policy maps
applying to an interface 412, 417
creating 377
displaying 612
hierarchical 378
policers
displaying 586
for a single class 373
for multiple classes 306, 375
policed-DSCP map 312
traffic classification
defining the class 75
defining trust states 769
setting DSCP or IP precedence values 415
Port Aggregation Protocol
See EtherChannel
port-based authentication
AAA method list 3, 776
configuring violation modes 165
debug messages, display 10
enabling IEEE 802.1x
globally 129
per interface 155
guest VLAN 144
host modes 146
IEEE 802.1x AAA accounting methods 1
initialize an interface 148, 161
MAC authentication bypass 149
manual control of authorization state 155
PAE as authenticator 154
periodic re-authentication
enabling 158
time between attempts 162
quiet period between failed authentication exchanges 162
re-authenticating IEEE 802.1x-enabled ports 157
resetting configurable IEEE 802.1x parameters 142
switch-to-authentication server retransmission time 162
port-based authentication (continued)
switch-to-client frame-retransmission number 151 to 153
switch-to-client retransmission time 162
test for IEEE 802.1x readiness 160
port-channel load-balance command 379
Port Fast, for spanning tree 704
port ranges, defining 112, 114
ports, debugging 68
ports, protected 754
port security
aging 750
debug messages, display 70
enabling 745
violation error recovery 174
port trust states for QoS 340
port types, MVR 350
power information, displaying 479
power inline command 380
power inline consumption command 383
power inline police command 385
Power over Ethernet
See PoE
priority-queue command 388
priority value, stack member 634
privileged EXEC mode 2, 3
product identification information, displaying 506
protected ports, displaying 499
pruning
VLANs 756
VTP
displaying interface information 494
enabling 787
pruning-eligible VLAN list 757
PVST+
See STP
Q
QoS
auto-QoS
configuring 54
debug messages, display 4
displaying 431
auto-QoS trust
configuring 51
class maps
creating 78
defining the match criteria 297
displaying 440
defining the CoS value for an incoming packet 308
displaying configuration information 431, 585
DSCP transparency 322
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 310
defining DSCP-to-DSCP-mutation map 312
egress queues
allocating buffers 316
defining the CoS output queue threshold map 336
defining the DSCP output queue threshold map 338
displaying buffer allocations 589
displaying CoS output queue threshold map 592
displaying DSCP output queue threshold map 592
displaying queueing strategy 589
displaying queue-set settings 595
enabling bandwidth shaping and scheduling 716
enabling bandwidth sharing and scheduling 718
limiting the maximum output on a port 714
mapping a port to a queue-set 390
mapping CoS values to a queue and threshold 336
mapping DSCP values to a queue and threshold 338
setting maximum and reserved memory allocations 318
QoS (continued)
egress queues (continued)
setting WTD thresholds 318
enabling 304
ingress queues
allocating buffers 326
assigning SRR scheduling weights 324
defining the CoS input queue threshold map 328
defining the DSCP input queue threshold map 330
displaying buffer allocations 589
displaying CoS input queue threshold map 592
displaying DSCP input queue threshold map 592
displaying queueing strategy 589
displaying settings for 587
enabling the priority queue 332
mapping CoS values to a queue and threshold 328
mapping DSCP values to a queue and threshold 330
setting WTD thresholds 334
maps
defining 312, 328, 330, 336, 338
displaying 592
policy maps
applying an aggregate policer 375
applying to an interface 412, 417
creating 377
defining policers 306, 373
displaying policers 586
displaying policy maps 612
hierarchical 378
policed-DSCP map 312
setting DSCP or IP precedence values 415
traffic classifications 75
trust states 769
port trust states 340
queues, enabling the expedite 388
QoS (continued)
statistics
in-profile and out-of-profile packets 589
packets enqueued or dropped 589
sent and received CoS values 589
sent and received DSCP values 589
trusted boundary for IP phones 340
quality of service
See QoS
querytime, MVR 347
queue-set command 390
R
radius-server dead-criteria command 391
radius-server host command 393
rapid per-VLAN spanning-tree plus
See STP
rapid PVST+
See STP
rcommand command 395
re-authenticating IEEE 802.1x-enabled ports 157
re-authentication
periodic 158
time between attempts 162
receiver ports, MVR 350
receiving flow-control packets 179
recovery mechanism
causes 174
display 82, 437, 481, 485
timer interval 174
redundancy for cluster switches 109
reload command 397
remote command 399
remote-span command 401
Remote Switched Port Analyzer
See RSPAN
rename (boot loader) command 16
renew ip dhcp snooping database command 403
reset (boot loader) command 17
resource templates, displaying 622
restricted VLAN
See dot1x auth-fail vlan
rmdir (boot loader) command 18
rmon collection stats command 407
root guard, for spanning tree 678
RSPAN
configuring 342
displaying 598
filter RSPAN traffic 342
remote-span command 401
sessions
displaying 598
S
SDM mismatch mode 635
sdm prefer command 408
SDM templates
displaying 622
dual IPv4 and IPv6 408
secure ports, limitations 747
sending flow-control packets 179
service password-recovery command 410
service-policy command 412
session command 414
set (boot loader) command 19
set command 415
setup command 417
setup express command 420
show access-lists command 422
show archive status command 425
show arp access-list command 426
show authentication command 427
show auto qos command 431
show boot command 435
show cable-diagnostics tdr command 437
show cisp command 439
show class-map command 440
show cluster candidates command 443
show cluster command 441
show cluster members command 445
show controllers cpu-interface command 447
show controllers ethernet-controller command 449
show controllers power inline command 461
show controllers tcam command 463
show controller utilization command 465
show dot1x command 470
show dtp 474
show eap command 476
show env command 479
show errdisable detect command 481
show errdisable flap-values command 483
show errdisable recovery command 485
show etherchannel command 487
show fallback profile command 490
show flowcontrol command 492
show interfaces command 494
show interfaces counters command 503
show inventory command 506
show ip arp inspection command 507
show ip dhcp snooping binding command 512
show ip dhcp snooping command 511
show ip dhcp snooping database command 514, 516
show ip igmp profile command 519
show ip igmp snooping address command 534
show ip igmp snooping command 520, 532
show ip igmp snooping groups command 523
show ip igmp snooping mrouter command 525, 536
show ip igmp snooping querier command 527, 538
show ip source binding command 529
show ipv6 route updated 540
show ip verify source command 530
show lacp command 542
show link state group command 555
show lldp command 546
show location 547
show logging onboard command 550, 557
show mac access-group command 562
show mac address-table address command 566
show mac address-table aging time command 568
show mac address-table command 564
show mac address-table count command 570
show mac address-table dynamic command 572
show mac address-table interface command 574
show mac address-table learning command 576
show mac address-table move update command 577
show mac address-table notification command 91, 579, 26
show mac address-table static command 581
show mac address-table vlan command 583
show mls qos aggregate-policer command 586
show mls qos command 585
show mls qos input-queue command 587
show mls qos interface command 589
show mls qos maps command 592
show mls qos queue-set command 595
show mls qos vlan command 597
show monitor command 598
show mvr command 600
show mvr interface command 602
show mvr members command 604
show network-policy profile command 606
show nmsp command 607
show pagp command 610
show platform acl command 2
show platform backup interface command 3
show platform etherchannel command 4
show platform forward command 5
show platform frontend-controller command 7
show platform igmp snooping command 8
show platform ip unicast command 10
show platform layer4op command 12
show platform mac-address-table command 13
show platform messaging command 14
show platform monitor command 15
show platform mvr table command 16
show platform pm command 17
show platform port-asic command 18
show platform port-security command 23
show platform qos command 24
show platform resource-manager command 25
show platform snmp counters command 27
show platform spanning-tree command 28
show platform stack manager command 30
show platform stp-instance command 29
show platform tb command 33
show platform tcam command 35
show platform vlan command 38
show policy-map command 612
show port security command 614
show power inline command 617
show sdm prefer command 622
show setup express command 625
show spanning-tree command 626
show storm-control command 632
show switch command 634
show system mtu command 637
show trust command 769
show udld command 638
show version command 641
show vlan command 643
show vlan command, fields 644
show vmps command 646
show vtp command 648
shutdown command 653
shutdown vlan command 654
small violation-rate command 655
SNMP host, specifying 661
SNMP informs, enabling the sending of 657
snmp-server enable traps command 657
snmp-server host command 661
snmp trap mac-notification change command 665
SNMP traps
enabling MAC address notification trap 665
enabling the MAC address notification feature 292
enabling the sending of 657
SoftPhone
See Cisco SoftPhone
software images
copying 6
deleting 116
downloading 9
upgrading 6, 9
uploading 16
software version, displaying 641
source ports, MVR 350
SPAN
configuring 342
debug messages, display 27
displaying 598
filter SPAN traffic 342
sessions
add interfaces to 342
displaying 598
start new 342
spanning-tree backbonefast command 667
spanning-tree bpdufilter command 668
spanning-tree bpduguard command 670
spanning-tree cost command 672
spanning-tree etherchannel command 674
spanning-tree extend system-id command 676
spanning-tree guard command 678
spanning-tree link-type command 680
spanning-tree loopguard default command 682
spanning-tree mode command 683
spanning-tree mst configuration command 685
spanning-tree mst cost command 687
spanning-tree mst forward-time command 689
spanning-tree mst hello-time command 690
spanning-tree mst max-age command 691
spanning-tree mst max-hops command 692
spanning-tree mst port-priority command 694
spanning-tree mst pre-standard command 696
spanning-tree mst priority command 697
spanning-tree mst root command 698
spanning-tree portfast (global configuration) command 702
spanning-tree portfast (interface configuration) command 704
spanning-tree port-priority command 700
Spanning Tree Protocol
See STP
spanning-tree transmit hold-count command 706
spanning-tree uplinkfast command 707
spanning-tree vlan command 709
speed command 712
srr-queue bandwidth limit command 714
srr-queue bandwidth share command 718
SSH, configuring version 250
stack-mac persistent timer command 720
stack member
access 414
number 634, 730
provisioning 728
reloading 397
stacks, switch
disabling a member 726
enabling a member 726
MAC address 720
provisioning a new member 728
reloading 397
stack member access 414
stack member number 634, 730
stack member priority value 634
static-access ports, configuring 732
statistics, Ethernet group 407
sticky learning, enabling 745
storm-control command 723
STP
BackboneFast 667
counters, clearing 96
debug messages, display
BackboneFast events 74
MSTP 77
optimized BPDUs handling 76
spanning-tree activity 72
switch shim 79
transmitted and received BPDUs 75
UplinkFast 81
detection of indirect link failures 667
EtherChannel misconfiguration 674
extended system ID 676
path cost 672
protocol modes 683
root port
accelerating choice of new 707
loop guard 678
preventing from becoming designated 678
restricting which can be root 678
root guard 678
UplinkFast 707
root switch
affects of extended system ID 676, 710
hello-time 709
interval between BDPU messages 709
interval between hello BPDU messages 709
max-age 709
port priority for selection of 700
primary or secondary 709
switch priority 709
STP
state changes
blocking to forwarding state 704
enabling BPDU filtering 668, 702
enabling BPDU guard 670, 702
enabling Port Fast 702, 704
enabling timer to recover from error state 174
forward-delay time 709
length of listening and learning states 709
shutting down Port Fast-enabled ports 702
state information display 626
VLAN options 697, 709
Switched Port Analyzer
See SPAN
switchport access command 732
switchport backup interface command 734
switchport block command 738
switchport host command 740
switchport mode command 741
switchport nonegotiate command 743
switchport port-security aging command 750
switchport port-security command 745
switchport priority extend command 752
switchport protected command 754
switchports, displaying 494
switchport trunk command 756
switchport voice vlan command 759
switch priority command 726
switch provision command 728
switch renumber command 730
system message logging 278
system message logging, save message to flash 279
system mtu command 761
system resource templates 408
T
tar files, creating, listing, and extracting 13
TDR, running 763
Telnet, using to communicate to cluster switches 395
temperature information, displaying 479
templates, system resources 408
test cable-diagnostics tdr command 763
traceroute mac command 764
traceroute mac ip command 767
trunking, VLAN mode 741
trunk mode 741
trunk ports 741
trunks, to non-DTP device 742
trusted boundary for QoS 340
trusted port states for QoS 340
type (boot loader) command 22
U
UDLD
aggressive mode 771, 773
debug messages, display 89
enable globally 771
enable per interface 773
error recovery timer 174
message timer 771
normal mode 771, 773
reset a shutdown interface 775
status 638
udld command 771
udld port command 773
udld reset command 775
unicast storm control 723
UniDirectional Link Detection
See UDLD
unknown multicast traffic, preventing 738
unknown unicast traffic, preventing 738
unset (boot loader) command 23
upgrading
software images
copying 6
downloading 9
monitoring status of 425
UplinkFast, for STP 707
usb-inactivity-timeout (console configuration) command 778
user EXEC mode 2, 3
V
version (boot loader) command 25
version mismatch mode 635, 31
VLAN configuration mode
commands
VLAN 779
VTP 792
description 5
entering 780
summary 3
VLAN Query Protocol
See VQP
VLANs
configuring 779
debug messages, display
ISL 85
VLAN IOS file system error tests 84
VLAN manager activity 82
VTP 87
displaying configurations 643
enabling guest VLAN supplicant 132, 143, 178
MAC addresses
displaying 583
number of 570
normal-range 779
restarting 654
shutting down 654
SNMP traps for VTP 659, 662
VLANs (continued)
suspending 654
VLAN Trunking Protocol
See VTP
VM mode 635, 31
VMPS
configuring servers 784
displaying 646
error recovery timer 174
reconfirming dynamic VLAN assignments 781
vmps reconfirm (global configuration) command 782
vmps reconfirm (privileged EXEC) command 781
vmps retry command 783
vmps server command 784
voice VLAN
configuring 759
setting port priority 752
VQP
and dynamic-access ports 733
clearing client statistics 98
displaying information 646
per-server retry count 783
reconfirmation interval 782
reconfirming dynamic VLAN assignments 781
VTP
changing characteristics 786
clearing pruning counters 99
configuring
domain name 786
file name 786
mode 786
password 787
counters display fields 649
displaying information 648
enabling
pruning 787
Version 2 787
enabling per port 791
VTP (continued)
mode 786
pruning 787
statistics 648
status 648
status display fields 651
vtp (global configuration) command 786
vtp interface configuration) command 791
vtp primary command 793
Index
A
aaa accounting dot1x command 1
aaa authentication dot1x command 3, 776
aaa authorization network command 5, 22, 28, 30, 32, 34, 36, 137, 281, 439, 7, 34
AAA methods 3, 776
access control entries
See ACEs
access control lists
See ACLs
access groups
IP 189
MAC, displaying 562
access mode 741
access ports 741
ACEs 122, 372
ACLs
deny 120
displaying 422
for non-IP protocols 285
IP 189
on Layer 2 interfaces 189
permit 370
address aliasing 348
aggregate-port learner 364
allowed VLANs 756
archive copy-sw command 6
archive download-sw command 9
archive tar command 13
archive upload-sw command 16
arp access-list command 18
authentication command bounce-port ignore 20
authentication command disable-port ignore 21
authentication control-direction command 22
authentication event command 24
authentication failed VLAN
See dot1x auth-fail vlan
authentication fallback command 28
authentication host-mode command 30
authentication mac-move permit command 32
authentication open command 34
authentication order command 36
authentication periodic command 38
authentication port-control command 40
authentication priority command 42
authentication timer command 44
authentication violation command 46
auth-fail max-attempts
See dot1x auth-fail max-attempts
auth-fail vlan
See dot1x auth-fail vlan
auth open command 34
auth order command 36
authorization state of controlled port 155
auth timer command 44
autonegotiation of duplex mode 167
auto qos classify command 48
auto qos trust command 51
auto qos voip command 54
B
BackboneFast, for STP 667
backup interfaces
configuring 734
displaying 494
boot (boot loader) command 2
boot auto-copy-sw command 60
boot config-file command 62
boot enable-break command 63
boot helper command 64
boot helper-config file command 65
booting
Cisco IOS image 68
displaying environment variables 435
interrupting 63
manually 66
boot loader
accessing 1
booting
Cisco IOS image 2
helper image 64
directories
creating 14
displaying a list of 7
removing 18
displaying
available commands 12
memory heap utilization 13
version 25
environment variables
described 19
displaying settings 19
location of 20
setting 19
unsetting 23
boot loader (continued)
files
copying 5
deleting 6
displaying a list of 7
displaying the contents of 4, 15, 22
renaming 16
file system
formatting 10
initializing flash 9
running a consistency check 11
prompt 1
resetting the system 17
boot manual command 66
boot private-config-file command 67
boot system command 68
BPDU filtering, for spanning tree 668, 702
BPDU guard, for spanning tree 670, 702
broadcast storm control 723
C
candidate switches
See clusters
cat (boot loader) command 4
channel-group command 70
channel-protocol command 73
Cisco SoftPhone
auto-QoS configuration 54
trusting packets sent from 340
CISP
See Client Information Signalling Protocol
cisp
debug platform cisp command 34
cisp enable command 74
class command 75
class-map command 78
class maps
creating 78
defining the match criteria 297
displaying 440
class of service
See CoS
clear dot1x command 80
clear eap sessions command 81
clear errdisable interface 82
clear ip arp inspection log command 83
clear ip arp inspection statistics command 84
clear ip dhcp snooping database command 85
clear lacp command 87
clear logging onboard command 88
clear mac address-table command 89, 91
clear nmsp statistics command 92
clear pagp command 93
clear port-security command 94
clear spanning-tree counters command 96
clear spanning-tree detected-protocols command 97
clear vmps statistics command 98
clear vtp counters command 99
Client Information Signalling Protocol 74, 137, 439, 7, 34
cluster commander-address command 100
cluster discovery hop-count command 102
cluster enable command 103
cluster holdtime command 104
cluster member command 105
cluster outside-interface command 107
cluster run command 108
clusters
adding candidates 105
binding to HSRP group 109
building manually 105
communicating with
devices outside the cluster 107
members by using Telnet 395
debug messages, display 8
clusters (continued)
displaying
candidate switches 443
debug messages 8
member switches 445
status 441
hop-count limit for extended discovery 102
HSRP standby groups 109
redundancy 109
SNMP trap 657
cluster standby-group command 109
cluster timer command 111
command modes defined 2
command switch
See clusters
configuration files
password recovery disable considerations 1
specifying the name 62, 67
configuring multiple interfaces 185
copy (boot loader) command 5
copy logging onboard command 112
CoS
assigning default value to incoming packets 308
overriding the incoming value 308
CoS-to-DSCP map 312
CPU ASIC statistics, displaying 447
crashinfo files 176
critical VLAN 25
D
debug authentication 2
debug auto qos command 4
debug backup command 6
debug cisp command 7
debug cluster command 8
debug dot1x command 10
debug dtp command 12
debug eap command 13
debug etherchannel command 14
debug ilpower command 15
debug interface command 16
debug ip dhcp snooping command 17
debug ip igmp filter command 19
debug ip igmp max-groups command 20
debug ip igmp snooping command 21
debug ip verify source packet command 18
debug lacp command 22
debug lldp packets command 23
debug mac-notification command 24
debug matm command 25
debug matm move update command 26
debug monitor command 27
debug mvrdbg command 28
debug nmsp command 29
debug nvram command 30
debug pagp command 31
debug platform acl command 32
debug platform backup interface command 33
debug platform cisp command 34
debug platform cli-redirection main command 35
debug platform configuration command 36, 42
debug platform cpu-queues command 37
debug platform dot1x command 39
debug platform etherchannel command 40
debug platform forw-tcam command 41
debug platform ip arp inspection command 43
debug platform ip dhcp command 44
debug platform ip igmp snooping command 45
debug platform ip source-guard command 47
debug platform led command 48
debug platform matm command 49
debug platform messaging application command 50
debug platform phy command 51
debug platform pm command 53
debug platform port-asic command 55
debug platform port-security command 56
debug platform qos-acl-tcam command 57
debug platform resource-manager command 58
debug platform snmp command 59
debug platform span command 60
debug platform stack-manager command 61
debug platform supervisor-asic command 62
debug platform sw-bridge command 63
debug platform tcam command 64
debug platform udld command 66
debug platform vlan command 67
debug pm command 68
debug port-security command 70
debug qos-manager command 71
debug spanning-tree backbonefast command 74
debug spanning-tree bpdu command 75
debug spanning-tree bpdu-opt command 76
debug spanning-tree command 72
debug spanning-tree mstp command 77
debug spanning-tree switch command 79
debug spanning-tree uplinkfast command 81
debug sw-vlan command 82
debug sw-vlan ifs command 84
debug sw-vlan notification command 85
debug sw-vlan vtp command 87
debug udld command 89
debug vqpc command 91
define interface-range command 114
delete (boot loader) command 6
delete command 116
deny (ARP access-list configuration) command 118
deny command 120
detect mechanism, causes 169
DHCP snooping
accepting untrusted packets from edge switch 219
enabling
on a VLAN 224
option 82 217, 219
trust on an interface 222
error recovery timer 174
rate limiting 221
DHCP snooping binding database
binding file, configuring 215
bindings
adding 213
deleting 213
displaying 512
clearing database agent statistics 85
database agent, configuring 215
displaying
binding entries 512
database agent status 514, 516
renewing 403
dir (boot loader) command 7
directories, deleting 116
domain name, VTP 786
dot1x auth-fail max-attempts 131
dot1x auth-fail vlan 133
dot1x command 129
dot1x control-direction command 135
dot1x credentials (global configuration) command 137
dot1x critical global configuration command 138
dot1x critical interface configuration command 140
dot1x default command 142
dot1x fallback command 143
dot1x guest-vlan command 144
dot1x host-mode command 146
dot1x initialize command 148
dot1x mac-auth-bypass command 149
dot1x max-reauth-req command 151
dot1x max-req command 153
dot1x pae command 154
dot1x port-control command 155
dot1x re-authenticate command 157
dot1x reauthentication command 158
dot1x supplicant force-multicast command 159
dot1x test eapol-capable command 160
dot1x test timeout command 161
dot1x timeout command 162
dot1x violation-mode command 165
DSCP-to-CoS map 312
DSCP-to-DSCP-mutation map 312
DTP 742
DTP flap
error detection for 169
error recovery timer 174
DTP negotiation 743
dual-purpose uplink ports
displaying configurable options 497
displaying the active media 501
selecting the type 300
duplex command 166
dynamic-access ports
configuring 732
restrictions 733
dynamic ARP inspection
ARP ACLs
apply to a VLAN 196
define 18
deny packets 118
display 426
permit packets 368
clear
log buffer 83
statistics 84
display
ARP ACLs 426
configuration and operating state 507
log buffer 507
statistics 507
trust state and rate limit 507
enable per VLAN 206
log buffer
clear 83
configure 200
display 507
rate-limit incoming ARP packets 198
dynamic ARP inspection (continued)
statistics
clear 84
display 507
trusted interface state 202
type of packet logged 207
validation checks 204
dynamic auto VLAN membership mode 741
dynamic desirable VLAN membership mode 741
Dynamic Host Configuration Protocol (DHCP)
See DHCP snooping
Dynamic Trunking Protocol
See DTP
E
EAP-request/identity frame
maximum number to send 153
response time before retransmitting 162
environment variables, displaying 435
epm access-control open 168
errdisable detect cause command 169
errdisable detect cause small-frame comand 171
errdisable recovery cause small-frame 173
errdisable recovery command 174
error conditions, displaying 483
error disable detection 169
error-disabled interfaces, displaying 494
EtherChannel
assigning Ethernet interface to channel group 70
creating port-channel logical interface 183
debug EtherChannel/PAgP, display 14
debug platform-specific events, display 40
displaying 487
interface information, displaying 494
EtherChannel (continued)
LACP
clearing channel-group information 87, 88
debug messages, display 22
displaying 542
modes 70
port priority for hot-standby ports 266
restricting a protocol 73
system priority 268
load-distribution methods 379
PAgP
aggregate-port learner 364
clearing channel-group information 93
debug messages, display 31
displaying 610
error detection for 169
error recovery timer 174
learn method 364
modes 70
physical-port learner 364
priority of interface for transmitted traffic 366
Ethernet controller, internal register display 449
Ethernet controller, stackport information 456
Ethernet statistics, collecting 407
exception crashinfo command 176, 181
extended discovery of candidate switches 102
extended-range VLANs
and allowed VLAN list 756
and pruning-eligible list 756
extended system ID for STP 676
F
fallback profile command 177
fallback profiles, displaying 490
fan information, displaying 479
file name, VTP 786
files, deleting 116
flash_init (boot loader) command 9
flexible authentication ordering 36
Flex Links
configuring 734
configuring preferred VLAN 736
displaying 494
flowcontrol command 179
format (boot loader) command 10
forwarding results, display 5
frame forwarding information, displaying 5
front-end controller, counter and status information 7
fsck (boot loader) command 11
G
global configuration mode 2, 4
H
hardware ACL statistics 422
help (boot loader) command 12
hierarchical policy maps 378
hop-count limit for clusters 102
host connection, port configuration 740
Hot Standby Router Protocol
See HSRP
HSRP
binding HSRP group to cluster 109
standby group 109
I
IEEE 802.1x
and switchport modes 742
violation error recovery 174
See also port-based authentication
IEEE 802.1X Port Based Authentication
enabling guest VLAN supplicant 132, 143, 178
IGMP filters
applying 227
debug messages, display 19
IGMP groups, setting maximum 228
IGMP maximum groups, debugging 20
IGMP profiles
creating 230
displaying 519
IGMP snooping
adding ports as a static member of a group 246
displaying 520, 525, 527
enabling 232
enabling the configurable-leave timer 234
enabling the Immediate-Leave feature 243
flooding query count 240
interface topology change notification behavior 242
multicast table 523
querier 236
query solicitation 240
report suppression 238
switch topology change notification behavior 240
images
See software images
Immediate-Leave feature, MVR 350
immediate-leave processing 243
Immediate-Leave processing, IPv6 264
interface configuration mode 3, 4
interface port-channel command 183
interface range command 185
interface-range macros 114
interfaces
assigning Ethernet interface to channel group 70
configuring 166
configuring multiple 185
creating port-channel logical 183
debug messages, display 16
disabling 653
displaying the MAC address table 574
restarting 653
interface speed, configuring 712
interface vlan command 188
internal registers, displaying 449, 456, 463
Internet Group Management Protocol
See IGMP
invalid GBIC
error detection for 169
error recovery timer 174
ip access-group command 189
ip address command 191
IP addresses, setting 191
ip admission command 193
ip admission name proxy http command 194
ip arp inspection filter vlan command 196
ip arp inspection limit command 198
ip arp inspection log-buffer command 200
ip arp inspection trust command 202
ip arp inspection validate command 204
ip arp inspection vlan command 206
ip arp inspection vlan logging command 207
ip device tracking command 211
ip device tracking probe command 209
IP DHCP snooping
See DHCP snooping
ip dhcp snooping binding command 213
ip dhcp snooping command 212
ip dhcp snooping database command 215
ip dhcp snooping information option allow-untrusted command 219
ip dhcp snooping information option command 217
ip dhcp snooping limit rate command 221
ip dhcp snooping trust command 222
ip dhcp snooping verify command 223
ip dhcp snooping vlan command 224
ip dhcp snooping vlan information option format-type circuit-id string command 225
ip igmp filter command 227
ip igmp max-groups command 228
ip igmp profile command 230
ip igmp snooping command 232
ip igmp snooping last-member-query-interval command 234
ip igmp snooping querier command 236
ip igmp snooping report-suppression command 238
ip igmp snooping tcn command 240
ip igmp snooping tcn flood command 242
ip igmp snooping vlan immediate-leave command 243
ip igmp snooping vlan mrouter command 244
ip igmp snooping vlan static command 246
IP multicast addresses 347
IP phones
auto-QoS configuration 54
trusting packets sent from 340
IP-precedence-to-DSCP map 312
ip source binding command 248
IP source guard
disabling 251
displaying
binding entries 529
configuration 530
dynamic binding entries only 512
enabling 251
static IP source bindings 248
ip ssh command 250
ipv6 mld snooping command 252
ipv6 mld snooping last-listener-query count command 254
ipv6 mld snooping last-listener-query-interval command 256
ipv6 mld snooping listener-message-suppression command 258
ipv6 mld snooping robustness-variable command 260
ipv6 mld snooping tcn command 262
ipv6 mld snooping vlan command 264
IPv6 SDM template 408
ip verify source command 251
J
jumbo frames
See MTU
L
LACP
See EtherChannel
lacp port-priority command 266
lacp system-priority command 268
Layer 2 traceroute
IP addresses 767
MAC addresses 764
line configuration mode 3, 5
Link Aggregation Control Protocol
See EtherChannel
link flap
error detection for 169
error recovery timer 174
link state group command 270
link state track command 272
load-distribution methods for EtherChannel 379
location (global configuration) command 273
location (interface configuration) command 275
logging event command 277
logging event power-inline-status command 278
logging file command 279
logical interface 183
loopback error
detection for 169
recovery timer 174
loop guard, for spanning tree 678, 682
M
mab request format attribute 32 command 281
mac access-group command 283
MAC access-groups, displaying 562
MAC access list configuration mode 285
mac access-list extended command 285
MAC access lists 120
MAC addresses
disabling MAC address learning per VLAN 288
displaying
aging time 568
all 566
dynamic 572
MAC address-table move updates 577
notification settings 576, 579
number of addresses in a VLAN 570
per interface 574
per VLAN 583
static 581
static and dynamic entries 564
dynamic
aging time 287
deleting 89
displaying 572
enabling MAC address notification 292
enabling MAC address-table move update 290
persistent stack 720
static
adding and removing 294
displaying 581
dropping on an interface 295
tables 566
MAC address notification, debugging 24
mac address-table aging-time 283
mac address-table aging-time command 287
mac address-table learning command 288
mac address-table move update command 290
mac address-table notification command 292
mac address-table static command 294
mac address-table static drop command 295
macros
interface range 114, 185
maps
QoS
defining 312
displaying 592
match (class-map configuration) command 297
maximum transmission unit
See MTU
mdix auto command 299
media-type (interface configuration) command 300
media-type rj45 (line configuration) command 302
member switches
See clusters
memory (boot loader) command 13
mkdir (boot loader) command 14
MLD snooping
configuring 258, 260
configuring queries 254, 256
configuring topology change notification 262
displaying 532, 534, 536, 538
enabling 252
MLD snooping on a VLAN, enabling 264
mls qos aggregate-policer command 306
mls qos command 304
mls qos cos command 308
mls qos dscp-mutation command 310
mls qos map command 312
mls qos queue-set output buffers command 316
mls qos queue-set output threshold command 318
mls qos queue-set stack buffers command 320
mls qos rewrite ip dscp command 322
mls qos srr-queue input bandwidth command 324
mls qos srr-queue input buffers command 326
mls qos-srr-queue input cos-map command 328
mls qos srr-queue input dscp-map command 330
mls qos srr-queue input priority-queue command 332
mls qos srr-queue input threshold command 334
mls qos-srr-queue output cos-map command 336
mls qos srr-queue output dscp-map command 338
mls qos trust command 340
mode, MVR 347
Mode button, and password recovery 410
modes, commands 2
monitor session command 342
more (boot loader) command 15
MSTP
displaying 627
interoperability 97
link type 680
MST region
aborting changes 685
applying changes 685
configuration name 685
configuration revision number 685
current or pending display 685
displaying 627
MST configuration mode 685
VLANs-to-instance mapping 685
path cost 687
protocol mode 683
restart protocol migration process 97
root port
loop guard 678
preventing from becoming designated 678
restricting which can be root 678
root guard 678
root switch
affects of extended system ID 676
hello-time 690, 698
interval between BDPU messages 691
interval between hello BPDU messages 690, 698
max-age 691
maximum hop count before discarding BPDU 692
port priority for selection of 694
primary or secondary 698
switch priority 697
MSTP (continued)
state changes
blocking to forwarding state 704
enabling BPDU filtering 668, 702
enabling BPDU guard 670, 702
enabling Port Fast 702, 704
forward-delay time 689
length of listening and learning states 689
rapid transition to forwarding 680
shutting down Port Fast-enabled ports 702
state information display 626
MTU
configuring size 761
displaying global setting 637
Multicase Listener Discovery
See MLD
multicast group address, MVR 350
multicast groups, MVR 348
Multicast Listener Discovery
See MLD
multicast router learning method 244
multicast router ports, configuring 244
multicast router ports, IPv6 264
multicast storm control 723
multicast VLAN, MVR 348
multicast VLAN registration
See MVR
Multiple Spanning Tree Protocol
See MSTP
MVR
and address aliasing 348
configuring 347
configuring interfaces 350
debug messages, display 28
displaying 600
displaying interface information 602
members, displaying 604
mvr (global configuration) command 347
mvr (interface configuration) command 350
mvr vlan group command 351
N
native VLANs 756
network-policy (global configuration) command 354
network-policy command 353
network-policy profile (network-policy configuration) command 356
nmsp attachment suppress command 360
nmsp command 358
no authentication logging verbose 361
no dot1x logging verbose 362
no mab logging verbose 363
nonegotiate, speed 712
nonegotiating DTP messaging 743
non-IP protocols
denying 120
forwarding 370
non-IP traffic access lists 285
non-IP traffic forwarding
denying 120
permitting 370
normal-range VLANs 779
O
online diagnostics
displaying
configured boot-up coverage level 467
current scheduled tasks 467
event logs 467
supported test suites 467
test ID 467
test results 467
test statistics 467
online diagnostics (continued)
global configuration mode
clearing health monitoring diagnostic test schedule 83
setting health monitoring diagnostic testing 83
setting up health monitoring diagnostic test schedule 83
health monitoring diagnostic tests, configuring 123
testing, starting 127
P
PAgP
See EtherChannel
pagp learn-method command 364
pagp port-priority command 366
password, VTP 787
password-recovery mechanism, enabling and disabling 410
permit (ARP access-list configuration) command 368
permit (MAC access-list configuration) command 370
per-VLAN spanning-tree plus
See STP
physical-port learner 364
PID, displaying 506
PIM-DVMRP, as multicast router learning method 244
PoE
configuring the power budget 383
configuring the power management mode 380
displaying controller register values 461
displaying power management information 617
logging of status 278
monitoring power 385
policing power consumption 385
police aggregate command 375
police command 373
policed-DSCP map 312
policy-map command 377
policy maps
applying to an interface 412, 417
creating 377
displaying 612
hierarchical 378
policers
displaying 586
for a single class 373
for multiple classes 306, 375
policed-DSCP map 312
traffic classification
defining the class 75
defining trust states 769
setting DSCP or IP precedence values 415
Port Aggregation Protocol
See EtherChannel
port-based authentication
AAA method list 3, 776
configuring violation modes 165
debug messages, display 10
enabling IEEE 802.1x
globally 129
per interface 155
guest VLAN 144
host modes 146
IEEE 802.1x AAA accounting methods 1
initialize an interface 148, 161
MAC authentication bypass 149
manual control of authorization state 155
PAE as authenticator 154
periodic re-authentication
enabling 158
time between attempts 162
quiet period between failed authentication exchanges 162
re-authenticating IEEE 802.1x-enabled ports 157
resetting configurable IEEE 802.1x parameters 142
switch-to-authentication server retransmission time 162
port-based authentication (continued)
switch-to-client frame-retransmission number 151 to 153
switch-to-client retransmission time 162
test for IEEE 802.1x readiness 160
port-channel load-balance command 379
Port Fast, for spanning tree 704
port ranges, defining 112, 114
ports, debugging 68
ports, protected 754
port security
aging 750
debug messages, display 70
enabling 745
violation error recovery 174
port trust states for QoS 340
port types, MVR 350
power information, displaying 479
power inline command 380
power inline consumption command 383
power inline police command 385
Power over Ethernet
See PoE
priority-queue command 388
priority value, stack member 634
privileged EXEC mode 2, 3
product identification information, displaying 506
protected ports, displaying 499
pruning
VLANs 756
VTP
displaying interface information 494
enabling 787
pruning-eligible VLAN list 757
PVST+
See STP
Q
QoS
auto-QoS
configuring 54
debug messages, display 4
displaying 431
auto-QoS trust
configuring 51
class maps
creating 78
defining the match criteria 297
displaying 440
defining the CoS value for an incoming packet 308
displaying configuration information 431, 585
DSCP transparency 322
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 310
defining DSCP-to-DSCP-mutation map 312
egress queues
allocating buffers 316
defining the CoS output queue threshold map 336
defining the DSCP output queue threshold map 338
displaying buffer allocations 589
displaying CoS output queue threshold map 592
displaying DSCP output queue threshold map 592
displaying queueing strategy 589
displaying queue-set settings 595
enabling bandwidth shaping and scheduling 716
enabling bandwidth sharing and scheduling 718
limiting the maximum output on a port 714
mapping a port to a queue-set 390
mapping CoS values to a queue and threshold 336
mapping DSCP values to a queue and threshold 338
setting maximum and reserved memory allocations 318
QoS (continued)
egress queues (continued)
setting WTD thresholds 318
enabling 304
ingress queues
allocating buffers 326
assigning SRR scheduling weights 324
defining the CoS input queue threshold map 328
defining the DSCP input queue threshold map 330
displaying buffer allocations 589
displaying CoS input queue threshold map 592
displaying DSCP input queue threshold map 592
displaying queueing strategy 589
displaying settings for 587
enabling the priority queue 332
mapping CoS values to a queue and threshold 328
mapping DSCP values to a queue and threshold 330
setting WTD thresholds 334
maps
defining 312, 328, 330, 336, 338
displaying 592
policy maps
applying an aggregate policer 375
applying to an interface 412, 417
creating 377
defining policers 306, 373
displaying policers 586
displaying policy maps 612
hierarchical 378
policed-DSCP map 312
setting DSCP or IP precedence values 415
traffic classifications 75
trust states 769
port trust states 340
queues, enabling the expedite 388
QoS (continued)
statistics
in-profile and out-of-profile packets 589
packets enqueued or dropped 589
sent and received CoS values 589
sent and received DSCP values 589
trusted boundary for IP phones 340
quality of service
See QoS
querytime, MVR 347
queue-set command 390
R
radius-server dead-criteria command 391
radius-server host command 393
rapid per-VLAN spanning-tree plus
See STP
rapid PVST+
See STP
rcommand command 395
re-authenticating IEEE 802.1x-enabled ports 157
re-authentication
periodic 158
time between attempts 162
receiver ports, MVR 350
receiving flow-control packets 179
recovery mechanism
causes 174
display 82, 437, 481, 485
timer interval 174
redundancy for cluster switches 109
reload command 397
remote command 399
remote-span command 401
Remote Switched Port Analyzer
See RSPAN
rename (boot loader) command 16
renew ip dhcp snooping database command 403
reset (boot loader) command 17
resource templates, displaying 622
restricted VLAN
See dot1x auth-fail vlan
rmdir (boot loader) command 18
rmon collection stats command 407
root guard, for spanning tree 678
RSPAN
configuring 342
displaying 598
filter RSPAN traffic 342
remote-span command 401
sessions
displaying 598
S
SDM mismatch mode 635
sdm prefer command 408
SDM templates
displaying 622
dual IPv4 and IPv6 408
secure ports, limitations 747
sending flow-control packets 179
service password-recovery command 410
service-policy command 412
session command 414
set (boot loader) command 19
set command 415
setup command 417
setup express command 420
show access-lists command 422
show archive status command 425
show arp access-list command 426
show authentication command 427
show auto qos command 431
show boot command 435
show cable-diagnostics tdr command 437
show cisp command 439
show class-map command 440
show cluster candidates command 443
show cluster command 441
show cluster members command 445
show controllers cpu-interface command 447
show controllers ethernet-controller command 449
show controllers power inline command 461
show controllers tcam command 463
show controller utilization command 465
show dot1x command 470
show dtp 474
show eap command 476
show env command 479
show errdisable detect command 481
show errdisable flap-values command 483
show errdisable recovery command 485
show etherchannel command 487
show fallback profile command 490
show flowcontrol command 492
show interfaces command 494
show interfaces counters command 503
show inventory command 506
show ip arp inspection command 507
show ip dhcp snooping binding command 512
show ip dhcp snooping command 511
show ip dhcp snooping database command 514, 516
show ip igmp profile command 519
show ip igmp snooping address command 534
show ip igmp snooping command 520, 532
show ip igmp snooping groups command 523
show ip igmp snooping mrouter command 525, 536
show ip igmp snooping querier command 527, 538
show ip source binding command 529
show ipv6 route updated 540
show ip verify source command 530
show lacp command 542
show link state group command 555
show lldp command 546
show location 547
show logging onboard command 550, 557
show mac access-group command 562
show mac address-table address command 566
show mac address-table aging time command 568
show mac address-table command 564
show mac address-table count command 570
show mac address-table dynamic command 572
show mac address-table interface command 574
show mac address-table learning command 576
show mac address-table move update command 577
show mac address-table notification command 91, 579, 26
show mac address-table static command 581
show mac address-table vlan command 583
show mls qos aggregate-policer command 586
show mls qos command 585
show mls qos input-queue command 587
show mls qos interface command 589
show mls qos maps command 592
show mls qos queue-set command 595
show mls qos vlan command 597
show monitor command 598
show mvr command 600
show mvr interface command 602
show mvr members command 604
show network-policy profile command 606
show nmsp command 607
show pagp command 610
show platform acl command 2
show platform backup interface command 3
show platform etherchannel command 4
show platform forward command 5
show platform frontend-controller command 7
show platform igmp snooping command 8
show platform ip unicast command 10
show platform layer4op command 12
show platform mac-address-table command 13
show platform messaging command 14
show platform monitor command 15
show platform mvr table command 16
show platform pm command 17
show platform port-asic command 18
show platform port-security command 23
show platform qos command 24
show platform resource-manager command 25
show platform snmp counters command 27
show platform spanning-tree command 28
show platform stack manager command 30
show platform stp-instance command 29
show platform tb command 33
show platform tcam command 35
show platform vlan command 38
show policy-map command 612
show port security command 614
show power inline command 617
show sdm prefer command 622
show setup express command 625
show spanning-tree command 626
show storm-control command 632
show switch command 634
show system mtu command 637
show trust command 769
show udld command 638
show version command 641
show vlan command 643
show vlan command, fields 644
show vmps command 646
show vtp command 648
shutdown command 653
shutdown vlan command 654
small violation-rate command 655
SNMP host, specifying 661
SNMP informs, enabling the sending of 657
snmp-server enable traps command 657
snmp-server host command 661
snmp trap mac-notification change command 665
SNMP traps
enabling MAC address notification trap 665
enabling the MAC address notification feature 292
enabling the sending of 657
SoftPhone
See Cisco SoftPhone
software images
copying 6
deleting 116
downloading 9
upgrading 6, 9
uploading 16
software version, displaying 641
source ports, MVR 350
SPAN
configuring 342
debug messages, display 27
displaying 598
filter SPAN traffic 342
sessions
add interfaces to 342
displaying 598
start new 342
spanning-tree backbonefast command 667
spanning-tree bpdufilter command 668
spanning-tree bpduguard command 670
spanning-tree cost command 672
spanning-tree etherchannel command 674
spanning-tree extend system-id command 676
spanning-tree guard command 678
spanning-tree link-type command 680
spanning-tree loopguard default command 682
spanning-tree mode command 683
spanning-tree mst configuration command 685
spanning-tree mst cost command 687
spanning-tree mst forward-time command 689
spanning-tree mst hello-time command 690
spanning-tree mst max-age command 691
spanning-tree mst max-hops command 692
spanning-tree mst port-priority command 694
spanning-tree mst pre-standard command 696
spanning-tree mst priority command 697
spanning-tree mst root command 698
spanning-tree portfast (global configuration) command 702
spanning-tree portfast (interface configuration) command 704
spanning-tree port-priority command 700
Spanning Tree Protocol
See STP
spanning-tree transmit hold-count command 706
spanning-tree uplinkfast command 707
spanning-tree vlan command 709
speed command 712
srr-queue bandwidth limit command 714
srr-queue bandwidth share command 718
SSH, configuring version 250
stack-mac persistent timer command 720
stack member
access 414
number 634, 730
provisioning 728
reloading 397
stacks, switch
disabling a member 726
enabling a member 726
MAC address 720
provisioning a new member 728
reloading 397
stack member access 414
stack member number 634, 730
stack member priority value 634
static-access ports, configuring 732
statistics, Ethernet group 407
sticky learning, enabling 745
storm-control command 723
STP
BackboneFast 667
counters, clearing 96
debug messages, display
BackboneFast events 74
MSTP 77
optimized BPDUs handling 76
spanning-tree activity 72
switch shim 79
transmitted and received BPDUs 75
UplinkFast 81
detection of indirect link failures 667
EtherChannel misconfiguration 674
extended system ID 676
path cost 672
protocol modes 683
root port
accelerating choice of new 707
loop guard 678
preventing from becoming designated 678
restricting which can be root 678
root guard 678
UplinkFast 707
root switch
affects of extended system ID 676, 710
hello-time 709
interval between BDPU messages 709
interval between hello BPDU messages 709
max-age 709
port priority for selection of 700
primary or secondary 709
switch priority 709
STP
state changes
blocking to forwarding state 704
enabling BPDU filtering 668, 702
enabling BPDU guard 670, 702
enabling Port Fast 702, 704
enabling timer to recover from error state 174
forward-delay time 709
length of listening and learning states 709
shutting down Port Fast-enabled ports 702
state information display 626
VLAN options 697, 709
Switched Port Analyzer
See SPAN
switchport access command 732
switchport backup interface command 734
switchport block command 738
switchport host command 740
switchport mode command 741
switchport nonegotiate command 743
switchport port-security aging command 750
switchport port-security command 745
switchport priority extend command 752
switchport protected command 754
switchports, displaying 494
switchport trunk command 756
switchport voice vlan command 759
switch priority command 726
switch provision command 728
switch renumber command 730
system message logging 278
system message logging, save message to flash 279
system mtu command 761
system resource templates 408
T
tar files, creating, listing, and extracting 13
TDR, running 763
Telnet, using to communicate to cluster switches 395
temperature information, displaying 479
templates, system resources 408
test cable-diagnostics tdr command 763
traceroute mac command 764
traceroute mac ip command 767
trunking, VLAN mode 741
trunk mode 741
trunk ports 741
trunks, to non-DTP device 742
trusted boundary for QoS 340
trusted port states for QoS 340
type (boot loader) command 22
U
UDLD
aggressive mode 771, 773
debug messages, display 89
enable globally 771
enable per interface 773
error recovery timer 174
message timer 771
normal mode 771, 773
reset a shutdown interface 775
status 638
udld command 771
udld port command 773
udld reset command 775
unicast storm control 723
UniDirectional Link Detection
See UDLD
unknown multicast traffic, preventing 738
unknown unicast traffic, preventing 738
unset (boot loader) command 23
upgrading
software images
copying 6
downloading 9
monitoring status of 425
UplinkFast, for STP 707
usb-inactivity-timeout (console configuration) command 778
user EXEC mode 2, 3
V
version (boot loader) command 25
version mismatch mode 635, 31
VLAN configuration mode
commands
VLAN 779
VTP 792
description 5
entering 780
summary 3
VLAN Query Protocol
See VQP
VLANs
configuring 779
debug messages, display
ISL 85
VLAN IOS file system error tests 84
VLAN manager activity 82
VTP 87
displaying configurations 643
enabling guest VLAN supplicant 132, 143, 178
MAC addresses
displaying 583
number of 570
normal-range 779
restarting 654
shutting down 654
SNMP traps for VTP 659, 662
VLANs (continued)
suspending 654
VLAN Trunking Protocol
See VTP
VM mode 635, 31
VMPS
configuring servers 784
displaying 646
error recovery timer 174
reconfirming dynamic VLAN assignments 781
vmps reconfirm (global configuration) command 782
vmps reconfirm (privileged EXEC) command 781
vmps retry command 783
vmps server command 784
voice VLAN
configuring 759
setting port priority 752
VQP
and dynamic-access ports 733
clearing client statistics 98
displaying information 646
per-server retry count 783
reconfirmation interval 782
reconfirming dynamic VLAN assignments 781
VTP
changing characteristics 786
clearing pruning counters 99
configuring
domain name 786
file name 786
mode 786
password 787
counters display fields 649
displaying information 648
enabling
pruning 787
Version 2 787
enabling per port 791
VTP (continued)
mode 786
pruning 787
statistics 648
status 648
status display fields 651
vtp (global configuration) command 786
vtp interface configuration) command 791
vtp primary command 793