Index A
aaa accounting dot1x command 1
aaa authentication dot1x command 3
aaa authorization network command 5, 22, 28, 30, 32, 34, 36, 140, 286, 443, 7, 34
AAA methods 3
access control entries
See ACEs
access control lists
See ACLs
access groups
IP 193
MAC, displaying 551
access mode 725
access ports 725
ACEs 125, 376
ACLs
deny 123
displaying 426
for non-IP protocols 290
IP 193
on Layer 2 interfaces 193
permit 374
address aliasing 353
aggregate-port learner 368
allowed VLANs 740
archive copy-sw command 6
archive download-sw command 9
archive tar command 13
archive upload-sw command 16
arp access-list command 18
authentication command bounce-port ignore 20
authentication command disable-port ignore 21
authentication control-direction command 22
authentication event command 24
authentication failed VLAN
See dot1x auth-fail vlan
authentication fallback command 28
authentication host-mode command 30
authentication mac-move permit command 32
authentication open command 34
authentication order command 36
authentication periodic command 38
authentication port-control command 40
authentication priority command 42
authentication timer command 44
authentication violation command 46
auth-fail max-attempts
See dot1x auth-fail max-attempts
auth-fail vlan
See dot1x auth-fail vlan
auth open command 34
auth order command 36
authorization state of controlled port 158
auth timer command 44
autonegotiation of duplex mode 170
auto qos classify command 48
auto qos trust command 51
auto qos video command 54
auto qos voip command 57
B
BackboneFast, for STP 651
backup interfaces
configuring 718
displaying 493
boot (boot loader) command 2
boot auto-copy-sw command 63
boot config-file command 65
boot enable-break command 66
boot helper command 67
boot helper-config file command 68
booting
Cisco IOS image 71
displaying environment variables 439
interrupting 66
manually 69
boot loader
accessing 1
booting
Cisco IOS image 2
helper image 67
directories
creating 14
displaying a list of 7
removing 18
displaying
available commands 12
memory heap utilization 13
version 25
environment variables
described 19
displaying settings 19
location of 20
setting 19
unsetting 23
files
copying 5
deleting 6
displaying a list of 7
displaying the contents of 4, 15, 22
renaming 16
file system
formatting 10
initializing flash 9
running a consistency check 11
prompt 1
resetting the system 17
boot manual command 69
boot private-config-file command 70
boot system command 71
BPDU filtering, for spanning tree 652, 686
BPDU guard, for spanning tree 654, 686
broadcast storm control 707
C
candidate switches
See clusters
cat (boot loader) command 4
channel-group command 73
channel-protocol command 76
Cisco IP camera
auto-QoS configuration 54
Cisco SoftPhone
auto-QoS configuration 57
trusting packets sent from 345
Cisco Telepresence System
auto-QoS configuration 54
CISP
See Client Information Signalling Protocol
cisp
debug platform cisp command 34
cisp enable command 77
class command 78
class-map command 81
class maps
creating 81
defining the match criteria 302
displaying 444
class of service
See CoS
clear dot1x command 84
clear eap sessions command 85
clear errdisable interface 86
clear ip arp inspection log command 83
clear ip arp inspection statistics command 87
clear ip dhcp snooping database command 88
clear lacp command 90
clear logging onboard command 91
clear mac address-table command 92, 94
clear nmsp statistics command 95
clear pagp command 96
clear port-security command 97
clear psp counter 99
clear psp counter command 99
clear spanning-tree counters command 100
clear spanning-tree detected-protocols command 101
clear vmps statistics command 102
clear vtp counters command 103
Client Information Signalling Protocol 77, 140, 443, 7, 34
cluster commander-address command 104
cluster discovery hop-count command 106
cluster enable command 107
cluster holdtime command 108
cluster member command 109
cluster outside-interface command 111
cluster run command 112
clusters
adding candidates 109
binding to HSRP group 113
building manually 109
communicating with
devices outside the cluster 111
members by using Telnet 400
debug messages, display 8
displaying
candidate switches 447
debug messages 8
member switches 449
status 445
hop-count limit for extended discovery 106
HSRP standby groups 113
redundancy 113
SNMP trap 641
cluster standby-group command 113
cluster timer command 115
command modes defined 2
command switch
See clusters
configuration files
password recovery disable considerations 1
specifying the name 65, 70
configuring multiple interfaces 190
config-vlan mode
commands 762
entering 761
copy (boot loader) command 5
copy logging onboard command 116
CoS
assigning default value to incoming packets 313
overriding the incoming value 313
CoS-to-DSCP map 317
CPU ASIC statistics, displaying 451
crashinfo files 181
critical VLAN 25
D
debug authentication 2
debug auto qos command 4
debug backup command 6
debug cisp command 7
debug cluster command 8
debug dot1x command 10
debug dtp command 12
debug eap command 13
debug etherchannel command 14
debug ilpower command 15
debug interface command 16
debug ip dhcp snooping command 17
debug ip igmp filter command 19
debug ip igmp max-groups command 20
debug ip igmp snooping command 21
debug ip verify source packet command 18
debug lacp command 22
debug lldp packets command 23
debug mac-notification command 24
debug matm command 25
debug matm move update command 26
debug monitor command 27
debug mvrdbg command 28
debug nmsp command 29
debug nvram command 30
debug pagp command 31
debug platform acl command 32
debug platform backup interface command 33
debug platform cisp command 34
debug platform cli-redirection main command 35
debug platform configuration command 36, 42
debug platform cpu-queues command 37
debug platform dot1x command 39
debug platform etherchannel command 40
debug platform forw-tcam command 41
debug platform ip arp inspection command 43
debug platform ip dhcp command 44
debug platform ip igmp snooping command 45
debug platform ip source-guard command 47
debug platform led command 48
debug platform matm command 49
debug platform messaging application command 50
debug platform phy command 51
debug platform pm command 53
debug platform port-asic command 55
debug platform port-security command 56
debug platform qos-acl-tcam command 57
debug platform resource-manager command 58
debug platform snmp command 59
debug platform span command 60
debug platform stack-manager command 61
debug platform supervisor-asic command 62
debug platform sw-bridge command 63
debug platform tcam command 64
debug platform udld command 66
debug platform vlan command 67
debug pm command 68
debug port-security command 70
debug qos-manager command 71
debug spanning-tree backbonefast command 74
debug spanning-tree bpdu command 75
debug spanning-tree bpdu-opt command 76
debug spanning-tree command 72
debug spanning-tree mstp command 77
debug spanning-tree switch command 79
debug spanning-tree uplinkfast command 81
debug sw-vlan command 82
debug sw-vlan ifs command 84
debug sw-vlan notification command 85
debug sw-vlan vtp command 87
debug udld command 89
debug vqpc command 91
define interface-range command 118
delete (boot loader) command 6
delete command 120
deny (ARP access-list configuration) command 121
deny command 123
detect mechanism, causes 172
DHCP snooping
accepting untrusted packets from edge switch 224
enabling
on a VLAN 229
option 82 222, 224
trust on an interface 227
error recovery timer 178
rate limiting 226
DHCP snooping binding database
binding file, configuring 220
bindings
adding 218
deleting 218
clearing database agent statistics 88
database agent, configuring 220
renewing 408
dir (boot loader) command 7
directories, deleting 120
domain name, VTP 771
dot1x auth-fail max-attempts 134
dot1x auth-fail vlan 136
dot1x command 132
dot1x control-direction command 138
dot1x credentials (global configuration) command 140
dot1x critical global configuration command 141
dot1x critical interface configuration command 143
dot1x default command 145
dot1x fallback command 146
dot1x guest-vlan command 147
dot1x host-mode command 149
dot1x initialize command 151
dot1x mac-auth-bypass command 152
dot1x max-reauth-req command 154
dot1x max-req command 156
dot1x pae command 157
dot1x port-control command 158
dot1x re-authenticate command 160
dot1x reauthentication command 161
dot1x supplicant force-multicast command 162
dot1x test eapol-capable command 163
dot1x test timeout command 164
dot1x timeout command 165
dot1x violation-mode command 168
DSCP-to-CoS map 317
DSCP-to-DSCP-mutation map 317
DTP 726
DTP flap
error detection for 172
error recovery timer 178
DTP negotiation 727
dual-purpose uplink ports
displaying configurable options 496
displaying the active media 500
selecting the type 305
duplex command 169
dynamic-access ports
configuring 716
restrictions 717
dynamic ARP inspection
ARP ACLs
apply to a VLAN 201
define 18
deny packets 121
display 430
permit packets 372
clear
log buffer 83
statistics 87
display
ARP ACLs 430
configuration and operating state 504
log buffer 504
statistics 504
trust state and rate limit 504
enable per VLAN 211
log buffer
clear 83
configure 205
display 504
rate-limit incoming ARP packets 203
statistics
clear 87
display 504
trusted interface state 207
type of packet logged 212
validation checks 209
dynamic auto VLAN membership mode 725
dynamic desirable VLAN membership mode 725
Dynamic Host Configuration Protocol (DHCP)
See DHCP snooping
Dynamic Trunking Protocol
See DTP
E
EAP-request/identity frame
maximum number to send 156
response time before retransmitting 165
environment variables, displaying 439
epm access-control open 171
errdisable detect cause command 172
errdisable detect cause small-frame comand 175
errdisable recovery cause small-frame 177
errdisable recovery command 178
error conditions, displaying 483
error disable detection 172
error-disabled interfaces, displaying 493
EtherChannel
assigning Ethernet interface to channel group 73
creating port-channel logical interface 188
debug EtherChannel/PAgP, display 14
debug platform-specific events, display 40
displaying 486
interface information, displaying 493
LACP
clearing channel-group information 90, 91
debug messages, display 22
displaying 538
modes 73
port priority for hot-standby ports 271
restricting a protocol 76
system priority 273
load-distribution methods 383
PAgP
aggregate-port learner 368
clearing channel-group information 96
debug messages, display 31
displaying 593
error detection for 172
error recovery timer 178
learn method 368
modes 73
physical-port learner 368
priority of interface for transmitted traffic 370
Ethernet controller, internal register display 453
Ethernet controller, stackport information 459
Ethernet statistics, collecting 411
exception crashinfo command 181, 186
extended discovery of candidate switches 106
extended-range VLANs
and allowed VLAN list 740
and pruning-eligible list 740
configuring 761
extended system ID for STP 660
F
fallback profile command 182
fallback profiles, displaying 489
fan information, displaying 480
file name, VTP 771
files, deleting 120
flash_init (boot loader) command 9
flexible authentication ordering 36
Flex Links
configuring 718
configuring preferred VLAN 720
displaying 493
flowcontrol command 184
format (boot loader) command 10
fsck (boot loader) command 11
G
global configuration mode 2, 4
H
hardware ACL statistics 426
help (boot loader) command 12
hierarchical policy maps 382
hop-count limit for clusters 106
host connection, port configuration 724
Hot Standby Router Protocol
See HSRP
HSRP
binding HSRP group to cluster 113
standby group 113
I
IEEE 802.1x
and switchport modes 726
violation error recovery 178
See also port-based authentication
IEEE 802.1X Port Based Authentication
enabling guest VLAN supplicant 135, 146, 183
IGMP filters
applying 232
debug messages, display 19
IGMP groups, setting maximum 233
IGMP maximum groups, debugging 20
IGMP profiles
creating 235
displaying 516
IGMP snooping
adding ports as a static member of a group 251
displaying 517
enabling 237
enabling the configurable-leave timer 239
enabling the Immediate-Leave feature 248
flooding query count 245
interface topology change notification behavior 247
querier 241
query solicitation 245
report suppression 243
switch topology change notification behavior 245
images
See software images
Immediate-Leave feature, MVR 355
immediate-leave processing 248
Immediate-Leave processing, IPv6 269
interface configuration mode 3, 4
interface port-channel command 188
interface range command 190
interface-range macros 118
interfaces
assigning Ethernet interface to channel group 73
configuring 169
configuring multiple 190
creating port-channel logical 188
debug messages, display 16
disabling 637
displaying the MAC address table 560
restarting 637
interface speed, configuring 696
interface vlan command 192
internal registers, displaying 453, 459, 465
Internet Group Management Protocol
See IGMP
invalid GBIC
error detection for 172
error recovery timer 178
ip access-group command 193
ip address command 195
IP addresses, setting 195
ip admission command 197
ip admission name proxy http command 199
ip arp inspection filter vlan command 201
ip arp inspection limit command 203
ip arp inspection log-buffer command 205
ip arp inspection trust command 207
ip arp inspection validate command 209
ip arp inspection vlan command 211
ip arp inspection vlan logging command 212
ip device tracking command 216
ip device tracking probe command 214
IP DHCP snooping
See DHCP snooping
ip dhcp snooping binding command 218
ip dhcp snooping command 217
ip dhcp snooping database command 220
ip dhcp snooping information option allow-untrusted command 224
ip dhcp snooping information option command 222
ip dhcp snooping limit rate command 226
ip dhcp snooping trust command 227
ip dhcp snooping verify command 228
ip dhcp snooping vlan command 229
ip dhcp snooping vlan information option format-type circuit-id string command 230
ip igmp filter command 232
ip igmp max-groups command 233
ip igmp profile command 235
ip igmp snooping command 237
ip igmp snooping last-member-query-interval command 239
ip igmp snooping querier command 241
ip igmp snooping report-suppression command 243
ip igmp snooping tcn command 245
ip igmp snooping tcn flood command 247
ip igmp snooping vlan immediate-leave command 248
ip igmp snooping vlan mrouter command 249
ip igmp snooping vlan static command 251
IP multicast addresses 352
IP phones
auto-QoS configuration 57
trusting packets sent from 345
IP-precedence-to-DSCP map 317
ip source binding command 253
IP source guard
disabling 256
enabling 256
static IP source bindings 253
ip ssh command 255
ipv6 mld snooping command 257
ipv6 mld snooping last-listener-query count command 259
ipv6 mld snooping last-listener-query-interval command 261
ipv6 mld snooping listener-message-suppression command 263
ipv6 mld snooping robustness-variable command 265
ipv6 mld snooping tcn command 267
ipv6 mld snooping vlan command 269
IPv6 SDM template 412
ip verify source command 256
J
jumbo frames
See MTU
L
LACP
See EtherChannel
lacp port-priority command 271
lacp system-priority command 273
Layer 2 traceroute
IP addresses 751
MAC addresses 748
line configuration mode 3, 5
Link Aggregation Control Protocol
See EtherChannel
link flap
error detection for 172
error recovery timer 178
link state group command 275
link state track command 277
load-distribution methods for EtherChannel 383
location (global configuration) command 278
location (interface configuration) command 280
logging event command 282
logging event power-inline-status command 283
logging file command 284
logical interface 188
loopback error
detection for 172
recovery timer 178
loop guard, for spanning tree 662, 666
M
mab request format attribute 32 command 286
mac access-group command 288
MAC access-groups, displaying 551
MAC access list configuration mode 290
mac access-list extended command 290
MAC access lists 123
MAC addresses
disabling MAC address learning per VLAN 293
displaying
dynamic 558
notification settings 563
number of addresses in a VLAN 557
per interface 560
per VLAN 567
static 565
static and dynamic entries 552
dynamic
aging time 292
deleting 92
displaying 558
enabling MAC address notification 297
enabling MAC address-table move update 295
persistent stack 704
static
adding and removing 299
displaying 565
dropping on an interface 300
MAC address notification, debugging 24
mac address-table aging-time 288
mac address-table aging-time command 292
mac address-table learning command 293
mac address-table move update command 295
mac address-table notification command 297
mac address-table static command 299
mac address-table static drop command 300
macros
interface range 118, 190
maps
QoS
defining 317
match (class-map configuration) command 302
maximum transmission unit
See MTU
mdix auto command 304
media-type (interface configuration) command 305
media-type rj45 (line configuration) command 307
member switches
See clusters
memory (boot loader) command 13
mkdir (boot loader) command 14
MLD snooping
configuring 263, 265
configuring queries 259, 261
configuring topology change notification 267
displaying 528
enabling 257
MLD snooping on a VLAN, enabling 269
mls qos aggregate-policer command 311
mls qos command 309
mls qos cos command 313
mls qos dscp-mutation command 315
mls qos map command 317
mls qos queue-set output buffers command 321
mls qos queue-set output threshold command 323
mls qos queue-set stack buffers command 325
mls qos rewrite ip dscp command 327
mls qos srr-queue input bandwidth command 329
mls qos srr-queue input buffers command 331
mls qos-srr-queue input cos-map command 333
mls qos srr-queue input dscp-map command 335
mls qos srr-queue input priority-queue command 337
mls qos srr-queue input threshold command 339
mls qos-srr-queue output cos-map command 341
mls qos srr-queue output dscp-map command 343
mls qos trust command 345
mode, MVR 352
Mode button, and password recovery 414
modes, commands 2
monitor session command 347
more (boot loader) command 15
MSTP
displaying 610
interoperability 101
link type 664
MST region
aborting changes 669
applying changes 669
configuration name 669
configuration revision number 669
current or pending display 669
displaying 610
MST configuration mode 669
VLANs-to-instance mapping 669
path cost 671
protocol mode 667
restart protocol migration process 101
root port
loop guard 662
preventing from becoming designated 662
restricting which can be root 662
root guard 662
root switch
affects of extended system ID 660
hello-time 674, 682
interval between BDPU messages 675
interval between hello BPDU messages 674, 682
max-age 675
maximum hop count before discarding BPDU 676
port priority for selection of 678
primary or secondary 682
switch priority 681
state changes
blocking to forwarding state 688
enabling BPDU filtering 652, 686
enabling BPDU guard 654, 686
enabling Port Fast 686, 688
forward-delay time 673
length of listening and learning states 673
rapid transition to forwarding 664
shutting down Port Fast-enabled ports 686
state information display 609
MTU
configuring size 745
displaying global setting 620
Multicase Listener Discovery
See MLD
multicast group address, MVR 355
multicast groups, MVR 353
Multicast Listener Discovery
See MLD
multicast router learning method 249
multicast router ports, configuring 249
multicast router ports, IPv6 269
multicast storm control 707
multicast VLAN, MVR 353
multicast VLAN registration
See MVR
Multiple Spanning Tree Protocol
See MSTP
MVR
and address aliasing 353
configuring 352
configuring interfaces 355
debug messages, display 28
displaying 584
displaying interface information 585
members, displaying 587
mvr (global configuration) command 352
mvr (interface configuration) command 355
mvr vlan group command 356
N
native VLANs 740
Network Admission Control Software Configuration Guide 198, 200
network-policy (global configuration) command 359
network-policy command 358
network-policy profile (network-policy configuration) command 361
nmsp attachment suppress command 364
nmsp command 363
no authentication logging verbose 365
no dot1x logging verbose 366
no mab logging verbose 367
nonegotiate, speed 696
nonegotiating DTP messaging 727
non-IP protocols
denying 123
forwarding 374
non-IP traffic access lists 290
non-IP traffic forwarding
denying 123
permitting 374
normal-range VLANs 761
no vlan command 761
O
online diagnostics
displaying
configured boot-up coverage level 469
current scheduled tasks 469
event logs 469
supported test suites 469
test ID 469
test results 469
test statistics 469
global configuration mode
clearing health monitoring diagnostic test schedule 87
setting health monitoring diagnostic testing 87
setting up health monitoring diagnostic test schedule 87
health monitoring diagnostic tests, configuring 126
testing, starting 130
P
PAgP
See EtherChannel
pagp learn-method command 368
pagp port-priority command 370
password, VTP 772
password-recovery mechanism, enabling and disabling 414
permit (ARP access-list configuration) command 372
permit (MAC access-list configuration) command 374
per-VLAN spanning-tree plus
See STP
physical-port learner 368
PIM-DVMRP, as multicast router learning method 249
PoE
configuring the power budget 387
configuring the power management mode 384
displaying controller register values 463
displaying power management information 598
logging of status 283
monitoring power 389
policing power consumption 389
police aggregate command 379
police command 377
policed-DSCP map 317
policy-map command 381
policy maps
applying to an interface 416, 421
creating 381
hierarchical 382
policers
displaying 570
for a single class 377
for multiple classes 311, 379
policed-DSCP map 317
traffic classification
defining the class 78
defining trust states 753
setting DSCP or IP precedence values 419
Port Aggregation Protocol
See EtherChannel
port-based authentication
AAA method list 3
configuring violation modes 168
debug messages, display 10
enabling IEEE 802.1x
globally 132
per interface 158
guest VLAN 147
host modes 149
IEEE 802.1x AAA accounting methods 1
initialize an interface 151, 164
MAC authentication bypass 152
manual control of authorization state 158
PAE as authenticator 157
periodic re-authentication
enabling 161
time between attempts 165
quiet period between failed authentication exchanges 165
re-authenticating IEEE 802.1x-enabled ports 160
resetting configurable IEEE 802.1x parameters 145
switch-to-authentication server retransmission time 165
switch-to-client frame-retransmission number 154 to 156
switch-to-client retransmission time 165
test for IEEE 802.1x readiness 163
port-channel load-balance command 383
Port Fast, for spanning tree 688
port ranges, defining 116, 118
ports, debugging 68
ports, protected 738
port security
aging 734
debug messages, display 70
enabling 729
violation error recovery 178
port trust states for QoS 345
port types, MVR 355
power information, displaying 480
power inline command 384
power inline consumption command 387
power inline police command 389
Power over Ethernet
See PoE
priority-queue command 392
priority value, stack member 617
privileged EXEC mode 2, 3
protected ports, displaying 498
pruning
VLANs 740
VTP
displaying interface information 493
enabling 772
pruning-eligible VLAN list 741
psp 394
psp command 394
PVST+
See STP
Q
QoS
auto-QoS
configuring 57
debug messages, display 4
auto-QoS trust
configuring 51
auto-QoS video
configuring 54
class maps
creating 81
defining the match criteria 302
displaying 444
defining the CoS value for an incoming packet 313
displaying configuration information 569
DSCP transparency 327
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 315
defining DSCP-to-DSCP-mutation map 317
egress queues
allocating buffers 321
defining the CoS output queue threshold map 341
defining the DSCP output queue threshold map 343
displaying buffer allocations 572
displaying CoS output queue threshold map 577
displaying DSCP output queue threshold map 577
displaying queueing strategy 572
displaying queue-set settings 580
enabling bandwidth shaping and scheduling 700
enabling bandwidth sharing and scheduling 702
limiting the maximum output on a port 698
mapping a port to a queue-set 395
mapping CoS values to a queue and threshold 341
mapping DSCP values to a queue and threshold 343
setting maximum and reserved memory allocations 323
setting WTD thresholds 323
enabling 309
ingress queues
allocating buffers 331
assigning SRR scheduling weights 329
defining the CoS input queue threshold map 333
defining the DSCP input queue threshold map 335
displaying buffer allocations 572
displaying CoS input queue threshold map 577
displaying DSCP input queue threshold map 577
displaying queueing strategy 572
displaying settings for 571
enabling the priority queue 337
mapping CoS values to a queue and threshold 333
mapping DSCP values to a queue and threshold 335
setting WTD thresholds 339
maps
defining 317, 333, 335, 341, 343
policy maps
applying an aggregate policer 379
applying to an interface 416, 421
creating 381
defining policers 311, 377
displaying policers 570
hierarchical 382
policed-DSCP map 317
setting DSCP or IP precedence values 419
traffic classifications 78
trust states 753
port trust states 345
queues, enabling the expedite 392
statistics
in-profile and out-of-profile packets 572
packets enqueued or dropped 572
sent and received CoS values 572
sent and received DSCP values 572
trusted boundary for IP phones 345
quality of service
See QoS
querytime, MVR 352
queue-set command 395
R
radius-server dead-criteria command 396
radius-server host command 398
rapid per-VLAN spanning-tree plus
See STP
rapid PVST+
See STP
rcommand command 400
re-authenticating IEEE 802.1x-enabled ports 160
re-authentication
periodic 161
time between attempts 165
receiver ports, MVR 355
receiving flow-control packets 184
recovery mechanism
causes 178
display 86, 441, 482, 484
timer interval 179
redundancy for cluster switches 113
reload command 402
remote command 404
remote-span command 406
Remote Switched Port Analyzer
See RSPAN
rename (boot loader) command 16
renew ip dhcp snooping database command 408
reset (boot loader) command 17
resource templates, displaying 605
restricted VLAN
See dot1x auth-fail vlan
rmdir (boot loader) command 18
rmon collection stats command 411
root guard, for spanning tree 662
RSPAN
configuring 347
filter RSPAN traffic 347
remote-span command 406
S
SDM mismatch mode 618
sdm prefer command 412
SDM templates
displaying 605
dual IPv4 and IPv6 412
secure ports, limitations 731
sending flow-control packets 184
service password-recovery command 414
service-policy command 416
session command 418
set (boot loader) command 19
set command 419
setup command 421
setup express command 424
show access-lists command 426
show archive status command 429
show arp access-list command 430
show authentication command 431
show auto qos command 435
show boot command 439
show cable-diagnostics tdr command 441
show cisp command 443
show class-map command 444
show cluster candidates command 447
show cluster command 445
show cluster members command 449
show controllers cpu-interface command 451
show controllers ethernet-controller command 453
show controllers power inline command 463
show controllers tcam command 465
show controller utilization command 467
show dot1x command 472
show dtp 476
show eap command 478
show env command 480
show errdisable detect command 482
show errdisable flap-values command 483
show errdisable recovery command 484
show etherchannel command 486
show fallback profile command 489
show flowcontrol command 491
show interfaces command 493
show interfaces counters command 501
show inventory command 503
show ip arp inspection command 504
show ip dhcp snooping binding command 509
show ip dhcp snooping command 508
show ip dhcp snooping database command 511, 513
show ip igmp profile command 516
show ip igmp snooping command 517, 528
show ip igmp snooping groups command 520
show ip igmp snooping mrouter command 522
show ip igmp snooping querier command 523
show ip source binding command 525
show ipv6 route updated 536
show ip verify source command 526
show lacp command 538
show link state group command 542
show logging onboard command 546
show mac access-group command 551
show mac address-table address command 554
show mac address-table aging time command 555
show mac address-table command 552
show mac address-table count command 557
show mac address-table dynamic command 558
show mac address-table interface command 560
show mac address-table move update command 562
show mac address-table notification command 94, 563, 26
show mac address-table static command 565
show mac address-table vlan command 567
show mls qos aggregate-policer command 570
show mls qos command 569
show mls qos input-queue command 571
show mls qos interface command 572
show mls qos maps command 577
show mls qos queue-set command 580
show mls qos vlan command 581
show monitor command 582
show mvr command 584
show mvr interface command 585
show mvr members command 587
show network-policy profile command 589
show nmsp command 590
show pagp command 593
show platform acl command 2
show platform backup interface command 3
show platform etherchannel command 4
show platform forward command 5
show platform frontend-controller command 7
show platform igmp snooping command 8
show platform ip unicast command 9
show platform layer4op command 10
show platform mac-address-table command 11
show platform messaging command 12
show platform monitor command 13
show platform mvr table command 14
show platform pm command 15
show platform port-asic command 16
show platform port-security command 21
show platform qos command 22
show platform resource-manager command 23
show platform snmp counters command 25
show platform spanning-tree command 26
show platform stack manager command 28
show platform stp-instance command 27
show platform tb command 31
show platform tcam command 33
show platform vlan command 35
show policy-map command 595
show port security command 596
show power inline command 598
show psp config 603
show psp config command 603
show psp statistics 604
show psp statistics command 604
show sdm prefer command 605
show setup express command 608
show spanning-tree command 609
show storm-control command 615
show switch command 617
show system mtu command 620
show trust command 753
show udld command 621
show version command 624
show vlan command 626
show vlan command, fields 627
show vmps command 629
show vtp command 631
shutdown command 637
shutdown vlan command 638
small violation-rate command 639
SNMP host, specifying 645
SNMP informs, enabling the sending of 641
snmp-server enable traps command 641
snmp-server host command 645
snmp trap mac-notification change command 649
SNMP traps
enabling MAC address notification trap 649
enabling the MAC address notification feature 297
enabling the sending of 641
SoftPhone
See Cisco SoftPhone
software images
copying 6
deleting 120
downloading 9
upgrading 6, 9
uploading 16
software version, displaying 624
source ports, MVR 355
SPAN
configuring 347
debug messages, display 27
filter SPAN traffic 347
sessions
add interfaces to 347
start new 347
spanning-tree backbonefast command 651
spanning-tree bpdufilter command 652
spanning-tree bpduguard command 654
spanning-tree cost command 656
spanning-tree etherchannel command 658
spanning-tree extend system-id command 660
spanning-tree guard command 662
spanning-tree link-type command 664
spanning-tree loopguard default command 666
spanning-tree mode command 667
spanning-tree mst configuration command 669
spanning-tree mst cost command 671
spanning-tree mst forward-time command 673
spanning-tree mst hello-time command 674
spanning-tree mst max-age command 675
spanning-tree mst max-hops command 676
spanning-tree mst port-priority command 678
spanning-tree mst pre-standard command 680
spanning-tree mst priority command 681
spanning-tree mst root command 682
spanning-tree portfast (global configuration) command 686
spanning-tree portfast (interface configuration) command 688
spanning-tree port-priority command 684
Spanning Tree Protocol
See STP
spanning-tree transmit hold-count command 690
spanning-tree uplinkfast command 691
spanning-tree vlan command 693
speed command 696
srr-queue bandwidth limit command 698
srr-queue bandwidth share command 702
SSH, configuring version 255
stack-mac persistent timer command 704
stack member
access 418
number 617, 714
provisioning 712
reloading 402
stacks, switch
disabling a member 710
enabling a member 710
MAC address 704
provisioning a new member 712
reloading 402
stack member access 418
stack member number 617, 714
stack member priority value 617
static-access ports, configuring 716
statistics, Ethernet group 411
sticky learning, enabling 729
storm-control command 707
STP
BackboneFast 651
counters, clearing 100
debug messages, display
BackboneFast events 74
MSTP 77
optimized BPDUs handling 76
spanning-tree activity 72
switch shim 79
transmitted and received BPDUs 75
UplinkFast 81
detection of indirect link failures 651
EtherChannel misconfiguration 658
extended system ID 660
path cost 656
protocol modes 667
root port
accelerating choice of new 691
loop guard 662
preventing from becoming designated 662
restricting which can be root 662
root guard 662
UplinkFast 691
root switch
affects of extended system ID 660, 694
hello-time 693
interval between BDPU messages 693
interval between hello BPDU messages 693
max-age 693
port priority for selection of 684
primary or secondary 693
switch priority 693
state changes
blocking to forwarding state 688
enabling BPDU filtering 652, 686
enabling BPDU guard 654, 686
enabling Port Fast 686, 688
enabling timer to recover from error state 178
forward-delay time 693
length of listening and learning states 693
shutting down Port Fast-enabled ports 686
state information display 609
VLAN options 681, 693
Switched Port Analyzer
See SPAN
switchport access command 716
switchport backup interface command 718
switchport block command 722
switchport host command 724
switchport mode command 725
switchport nonegotiate command 727
switchport port-security aging command 734
switchport port-security command 729
switchport priority extend command 736
switchport protected command 738
switchports, displaying 493
switchport trunk command 740
switchport voice vlan command 743
switch priority command 710
switch provision command 712
switch renumber command 714
system message logging 283
system message logging, save message to flash 284
system mtu command 745
system resource templates 412
T
tar files, creating, listing, and extracting 13
TDR, running 747
Telnet, using to communicate to cluster switches 400
temperature information, displaying 480
templates, system resources 412
test cable-diagnostics tdr command 747
traceroute mac command 748
traceroute mac ip command 751
trunking, VLAN mode 725
trunk mode 725
trunk ports 725
trunks, to non-DTP device 726
trusted boundary for QoS 345
trusted port states for QoS 345
type (boot loader) command 22
U
UDLD
aggressive mode 755, 757
debug messages, display 89
enable globally 755
enable per interface 757
error recovery timer 178
message timer 755
normal mode 755, 757
reset a shutdown interface 759
status 621
udld command 755
udld port command 757
udld reset command 759
unicast storm control 707
UniDirectional Link Detection
See UDLD
unknown multicast traffic, preventing 722
unknown unicast traffic, preventing 722
unset (boot loader) command 23
upgrading
software images
copying 6
downloading 9
monitoring status of 429
UplinkFast, for STP 691
usb-inactivity-timeout (console configuration) command 760
user EXEC mode 2, 3
V
version (boot loader) command 25
version mismatch mode 617
vlan (global configuration) command 761
VLAN configuration
rules 764
saving 761
VLAN configuration mode
description 5
summary 3
VLAN ID range 761
VLAN Query Protocol
See VQP
VLANs
adding 761
configuring 761
debug messages, display
ISL 85
VLAN IOS file system error tests 84
VLAN manager activity 82
VTP 87
displaying configurations 626
enabling guest VLAN supplicant 135, 146, 183
extended-range 761
MAC addresses
displaying 567
number of 557
media types 763
normal-range 761
restarting 638
saving the configuration 761
shutting down 638
SNMP traps for VTP 643, 646
suspending 638
VLAN Trunking Protocol
See VTP
VM mode 617
VMPS
configuring servers 769
displaying 629
error recovery timer 179
reconfirming dynamic VLAN assignments 766
vmps reconfirm (global configuration) command 767
vmps reconfirm (privileged EXEC) command 766
vmps retry command 768
vmps server command 769
voice VLAN
configuring 743
setting port priority 736
VQP
and dynamic-access ports 717
clearing client statistics 102
displaying information 629
per-server retry count 768
reconfirmation interval 767
reconfirming dynamic VLAN assignments 766
VTP
changing characteristics 771
clearing pruning counters 103
configuring
domain name 771
file name 771
mode 771
password 772
counters display fields 632
displaying information 631
enabling
pruning 772
Version 2 772
enabling per port 776
mode 771
pruning 772
saving the configuration 761
statistics 631
status 631
status display fields 634
vtp (global configuration) command 771
vtp interface configuration) command 776
vtp primary command 777
Index
A
aaa accounting dot1x command 1
aaa authentication dot1x command 3
aaa authorization network command 5, 22, 28, 30, 32, 34, 36, 140, 286, 443, 7, 34
AAA methods 3
access control entries
See ACEs
access control lists
See ACLs
access groups
IP 193
MAC, displaying 551
access mode 725
access ports 725
ACEs 125, 376
ACLs
deny 123
displaying 426
for non-IP protocols 290
IP 193
on Layer 2 interfaces 193
permit 374
address aliasing 353
aggregate-port learner 368
allowed VLANs 740
archive copy-sw command 6
archive download-sw command 9
archive tar command 13
archive upload-sw command 16
arp access-list command 18
authentication command bounce-port ignore 20
authentication command disable-port ignore 21
authentication control-direction command 22
authentication event command 24
authentication failed VLAN
See dot1x auth-fail vlan
authentication fallback command 28
authentication host-mode command 30
authentication mac-move permit command 32
authentication open command 34
authentication order command 36
authentication periodic command 38
authentication port-control command 40
authentication priority command 42
authentication timer command 44
authentication violation command 46
auth-fail max-attempts
See dot1x auth-fail max-attempts
auth-fail vlan
See dot1x auth-fail vlan
auth open command 34
auth order command 36
authorization state of controlled port 158
auth timer command 44
autonegotiation of duplex mode 170
auto qos classify command 48
auto qos trust command 51
auto qos video command 54
auto qos voip command 57
B
BackboneFast, for STP 651
backup interfaces
configuring 718
displaying 493
boot (boot loader) command 2
boot auto-copy-sw command 63
boot config-file command 65
boot enable-break command 66
boot helper command 67
boot helper-config file command 68
booting
Cisco IOS image 71
displaying environment variables 439
interrupting 66
manually 69
boot loader
accessing 1
booting
Cisco IOS image 2
helper image 67
directories
creating 14
displaying a list of 7
removing 18
displaying
available commands 12
memory heap utilization 13
version 25
environment variables
described 19
displaying settings 19
location of 20
setting 19
unsetting 23
files
copying 5
deleting 6
displaying a list of 7
displaying the contents of 4, 15, 22
renaming 16
file system
formatting 10
initializing flash 9
running a consistency check 11
prompt 1
resetting the system 17
boot manual command 69
boot private-config-file command 70
boot system command 71
BPDU filtering, for spanning tree 652, 686
BPDU guard, for spanning tree 654, 686
broadcast storm control 707
C
candidate switches
See clusters
cat (boot loader) command 4
channel-group command 73
channel-protocol command 76
Cisco IP camera
auto-QoS configuration 54
Cisco SoftPhone
auto-QoS configuration 57
trusting packets sent from 345
Cisco Telepresence System
auto-QoS configuration 54
CISP
See Client Information Signalling Protocol
cisp
debug platform cisp command 34
cisp enable command 77
class command 78
class-map command 81
class maps
creating 81
defining the match criteria 302
displaying 444
class of service
See CoS
clear dot1x command 84
clear eap sessions command 85
clear errdisable interface 86
clear ip arp inspection log command 83
clear ip arp inspection statistics command 87
clear ip dhcp snooping database command 88
clear lacp command 90
clear logging onboard command 91
clear mac address-table command 92, 94
clear nmsp statistics command 95
clear pagp command 96
clear port-security command 97
clear psp counter 99
clear psp counter command 99
clear spanning-tree counters command 100
clear spanning-tree detected-protocols command 101
clear vmps statistics command 102
clear vtp counters command 103
Client Information Signalling Protocol 77, 140, 443, 7, 34
cluster commander-address command 104
cluster discovery hop-count command 106
cluster enable command 107
cluster holdtime command 108
cluster member command 109
cluster outside-interface command 111
cluster run command 112
clusters
adding candidates 109
binding to HSRP group 113
building manually 109
communicating with
devices outside the cluster 111
members by using Telnet 400
debug messages, display 8
displaying
candidate switches 447
debug messages 8
member switches 449
status 445
hop-count limit for extended discovery 106
HSRP standby groups 113
redundancy 113
SNMP trap 641
cluster standby-group command 113
cluster timer command 115
command modes defined 2
command switch
See clusters
configuration files
password recovery disable considerations 1
specifying the name 65, 70
configuring multiple interfaces 190
config-vlan mode
commands 762
entering 761
copy (boot loader) command 5
copy logging onboard command 116
CoS
assigning default value to incoming packets 313
overriding the incoming value 313
CoS-to-DSCP map 317
CPU ASIC statistics, displaying 451
crashinfo files 181
critical VLAN 25
D
debug authentication 2
debug auto qos command 4
debug backup command 6
debug cisp command 7
debug cluster command 8
debug dot1x command 10
debug dtp command 12
debug eap command 13
debug etherchannel command 14
debug ilpower command 15
debug interface command 16
debug ip dhcp snooping command 17
debug ip igmp filter command 19
debug ip igmp max-groups command 20
debug ip igmp snooping command 21
debug ip verify source packet command 18
debug lacp command 22
debug lldp packets command 23
debug mac-notification command 24
debug matm command 25
debug matm move update command 26
debug monitor command 27
debug mvrdbg command 28
debug nmsp command 29
debug nvram command 30
debug pagp command 31
debug platform acl command 32
debug platform backup interface command 33
debug platform cisp command 34
debug platform cli-redirection main command 35
debug platform configuration command 36, 42
debug platform cpu-queues command 37
debug platform dot1x command 39
debug platform etherchannel command 40
debug platform forw-tcam command 41
debug platform ip arp inspection command 43
debug platform ip dhcp command 44
debug platform ip igmp snooping command 45
debug platform ip source-guard command 47
debug platform led command 48
debug platform matm command 49
debug platform messaging application command 50
debug platform phy command 51
debug platform pm command 53
debug platform port-asic command 55
debug platform port-security command 56
debug platform qos-acl-tcam command 57
debug platform resource-manager command 58
debug platform snmp command 59
debug platform span command 60
debug platform stack-manager command 61
debug platform supervisor-asic command 62
debug platform sw-bridge command 63
debug platform tcam command 64
debug platform udld command 66
debug platform vlan command 67
debug pm command 68
debug port-security command 70
debug qos-manager command 71
debug spanning-tree backbonefast command 74
debug spanning-tree bpdu command 75
debug spanning-tree bpdu-opt command 76
debug spanning-tree command 72
debug spanning-tree mstp command 77
debug spanning-tree switch command 79
debug spanning-tree uplinkfast command 81
debug sw-vlan command 82
debug sw-vlan ifs command 84
debug sw-vlan notification command 85
debug sw-vlan vtp command 87
debug udld command 89
debug vqpc command 91
define interface-range command 118
delete (boot loader) command 6
delete command 120
deny (ARP access-list configuration) command 121
deny command 123
detect mechanism, causes 172
DHCP snooping
accepting untrusted packets from edge switch 224
enabling
on a VLAN 229
option 82 222, 224
trust on an interface 227
error recovery timer 178
rate limiting 226
DHCP snooping binding database
binding file, configuring 220
bindings
adding 218
deleting 218
clearing database agent statistics 88
database agent, configuring 220
renewing 408
dir (boot loader) command 7
directories, deleting 120
domain name, VTP 771
dot1x auth-fail max-attempts 134
dot1x auth-fail vlan 136
dot1x command 132
dot1x control-direction command 138
dot1x credentials (global configuration) command 140
dot1x critical global configuration command 141
dot1x critical interface configuration command 143
dot1x default command 145
dot1x fallback command 146
dot1x guest-vlan command 147
dot1x host-mode command 149
dot1x initialize command 151
dot1x mac-auth-bypass command 152
dot1x max-reauth-req command 154
dot1x max-req command 156
dot1x pae command 157
dot1x port-control command 158
dot1x re-authenticate command 160
dot1x reauthentication command 161
dot1x supplicant force-multicast command 162
dot1x test eapol-capable command 163
dot1x test timeout command 164
dot1x timeout command 165
dot1x violation-mode command 168
DSCP-to-CoS map 317
DSCP-to-DSCP-mutation map 317
DTP 726
DTP flap
error detection for 172
error recovery timer 178
DTP negotiation 727
dual-purpose uplink ports
displaying configurable options 496
displaying the active media 500
selecting the type 305
duplex command 169
dynamic-access ports
configuring 716
restrictions 717
dynamic ARP inspection
ARP ACLs
apply to a VLAN 201
define 18
deny packets 121
display 430
permit packets 372
clear
log buffer 83
statistics 87
display
ARP ACLs 430
configuration and operating state 504
log buffer 504
statistics 504
trust state and rate limit 504
enable per VLAN 211
log buffer
clear 83
configure 205
display 504
rate-limit incoming ARP packets 203
statistics
clear 87
display 504
trusted interface state 207
type of packet logged 212
validation checks 209
dynamic auto VLAN membership mode 725
dynamic desirable VLAN membership mode 725
Dynamic Host Configuration Protocol (DHCP)
See DHCP snooping
Dynamic Trunking Protocol
See DTP
E
EAP-request/identity frame
maximum number to send 156
response time before retransmitting 165
environment variables, displaying 439
epm access-control open 171
errdisable detect cause command 172
errdisable detect cause small-frame comand 175
errdisable recovery cause small-frame 177
errdisable recovery command 178
error conditions, displaying 483
error disable detection 172
error-disabled interfaces, displaying 493
EtherChannel
assigning Ethernet interface to channel group 73
creating port-channel logical interface 188
debug EtherChannel/PAgP, display 14
debug platform-specific events, display 40
displaying 486
interface information, displaying 493
LACP
clearing channel-group information 90, 91
debug messages, display 22
displaying 538
modes 73
port priority for hot-standby ports 271
restricting a protocol 76
system priority 273
load-distribution methods 383
PAgP
aggregate-port learner 368
clearing channel-group information 96
debug messages, display 31
displaying 593
error detection for 172
error recovery timer 178
learn method 368
modes 73
physical-port learner 368
priority of interface for transmitted traffic 370
Ethernet controller, internal register display 453
Ethernet controller, stackport information 459
Ethernet statistics, collecting 411
exception crashinfo command 181, 186
extended discovery of candidate switches 106
extended-range VLANs
and allowed VLAN list 740
and pruning-eligible list 740
configuring 761
extended system ID for STP 660
F
fallback profile command 182
fallback profiles, displaying 489
fan information, displaying 480
file name, VTP 771
files, deleting 120
flash_init (boot loader) command 9
flexible authentication ordering 36
Flex Links
configuring 718
configuring preferred VLAN 720
displaying 493
flowcontrol command 184
format (boot loader) command 10
fsck (boot loader) command 11
G
global configuration mode 2, 4
H
hardware ACL statistics 426
help (boot loader) command 12
hierarchical policy maps 382
hop-count limit for clusters 106
host connection, port configuration 724
Hot Standby Router Protocol
See HSRP
HSRP
binding HSRP group to cluster 113
standby group 113
I
IEEE 802.1x
and switchport modes 726
violation error recovery 178
See also port-based authentication
IEEE 802.1X Port Based Authentication
enabling guest VLAN supplicant 135, 146, 183
IGMP filters
applying 232
debug messages, display 19
IGMP groups, setting maximum 233
IGMP maximum groups, debugging 20
IGMP profiles
creating 235
displaying 516
IGMP snooping
adding ports as a static member of a group 251
displaying 517
enabling 237
enabling the configurable-leave timer 239
enabling the Immediate-Leave feature 248
flooding query count 245
interface topology change notification behavior 247
querier 241
query solicitation 245
report suppression 243
switch topology change notification behavior 245
images
See software images
Immediate-Leave feature, MVR 355
immediate-leave processing 248
Immediate-Leave processing, IPv6 269
interface configuration mode 3, 4
interface port-channel command 188
interface range command 190
interface-range macros 118
interfaces
assigning Ethernet interface to channel group 73
configuring 169
configuring multiple 190
creating port-channel logical 188
debug messages, display 16
disabling 637
displaying the MAC address table 560
restarting 637
interface speed, configuring 696
interface vlan command 192
internal registers, displaying 453, 459, 465
Internet Group Management Protocol
See IGMP
invalid GBIC
error detection for 172
error recovery timer 178
ip access-group command 193
ip address command 195
IP addresses, setting 195
ip admission command 197
ip admission name proxy http command 199
ip arp inspection filter vlan command 201
ip arp inspection limit command 203
ip arp inspection log-buffer command 205
ip arp inspection trust command 207
ip arp inspection validate command 209
ip arp inspection vlan command 211
ip arp inspection vlan logging command 212
ip device tracking command 216
ip device tracking probe command 214
IP DHCP snooping
See DHCP snooping
ip dhcp snooping binding command 218
ip dhcp snooping command 217
ip dhcp snooping database command 220
ip dhcp snooping information option allow-untrusted command 224
ip dhcp snooping information option command 222
ip dhcp snooping limit rate command 226
ip dhcp snooping trust command 227
ip dhcp snooping verify command 228
ip dhcp snooping vlan command 229
ip dhcp snooping vlan information option format-type circuit-id string command 230
ip igmp filter command 232
ip igmp max-groups command 233
ip igmp profile command 235
ip igmp snooping command 237
ip igmp snooping last-member-query-interval command 239
ip igmp snooping querier command 241
ip igmp snooping report-suppression command 243
ip igmp snooping tcn command 245
ip igmp snooping tcn flood command 247
ip igmp snooping vlan immediate-leave command 248
ip igmp snooping vlan mrouter command 249
ip igmp snooping vlan static command 251
IP multicast addresses 352
IP phones
auto-QoS configuration 57
trusting packets sent from 345
IP-precedence-to-DSCP map 317
ip source binding command 253
IP source guard
disabling 256
enabling 256
static IP source bindings 253
ip ssh command 255
ipv6 mld snooping command 257
ipv6 mld snooping last-listener-query count command 259
ipv6 mld snooping last-listener-query-interval command 261
ipv6 mld snooping listener-message-suppression command 263
ipv6 mld snooping robustness-variable command 265
ipv6 mld snooping tcn command 267
ipv6 mld snooping vlan command 269
IPv6 SDM template 412
ip verify source command 256
J
jumbo frames
See MTU
L
LACP
See EtherChannel
lacp port-priority command 271
lacp system-priority command 273
Layer 2 traceroute
IP addresses 751
MAC addresses 748
line configuration mode 3, 5
Link Aggregation Control Protocol
See EtherChannel
link flap
error detection for 172
error recovery timer 178
link state group command 275
link state track command 277
load-distribution methods for EtherChannel 383
location (global configuration) command 278
location (interface configuration) command 280
logging event command 282
logging event power-inline-status command 283
logging file command 284
logical interface 188
loopback error
detection for 172
recovery timer 178
loop guard, for spanning tree 662, 666
M
mab request format attribute 32 command 286
mac access-group command 288
MAC access-groups, displaying 551
MAC access list configuration mode 290
mac access-list extended command 290
MAC access lists 123
MAC addresses
disabling MAC address learning per VLAN 293
displaying
dynamic 558
notification settings 563
number of addresses in a VLAN 557
per interface 560
per VLAN 567
static 565
static and dynamic entries 552
dynamic
aging time 292
deleting 92
displaying 558
enabling MAC address notification 297
enabling MAC address-table move update 295
persistent stack 704
static
adding and removing 299
displaying 565
dropping on an interface 300
MAC address notification, debugging 24
mac address-table aging-time 288
mac address-table aging-time command 292
mac address-table learning command 293
mac address-table move update command 295
mac address-table notification command 297
mac address-table static command 299
mac address-table static drop command 300
macros
interface range 118, 190
maps
QoS
defining 317
match (class-map configuration) command 302
maximum transmission unit
See MTU
mdix auto command 304
media-type (interface configuration) command 305
media-type rj45 (line configuration) command 307
member switches
See clusters
memory (boot loader) command 13
mkdir (boot loader) command 14
MLD snooping
configuring 263, 265
configuring queries 259, 261
configuring topology change notification 267
displaying 528
enabling 257
MLD snooping on a VLAN, enabling 269
mls qos aggregate-policer command 311
mls qos command 309
mls qos cos command 313
mls qos dscp-mutation command 315
mls qos map command 317
mls qos queue-set output buffers command 321
mls qos queue-set output threshold command 323
mls qos queue-set stack buffers command 325
mls qos rewrite ip dscp command 327
mls qos srr-queue input bandwidth command 329
mls qos srr-queue input buffers command 331
mls qos-srr-queue input cos-map command 333
mls qos srr-queue input dscp-map command 335
mls qos srr-queue input priority-queue command 337
mls qos srr-queue input threshold command 339
mls qos-srr-queue output cos-map command 341
mls qos srr-queue output dscp-map command 343
mls qos trust command 345
mode, MVR 352
Mode button, and password recovery 414
modes, commands 2
monitor session command 347
more (boot loader) command 15
MSTP
displaying 610
interoperability 101
link type 664
MST region
aborting changes 669
applying changes 669
configuration name 669
configuration revision number 669
current or pending display 669
displaying 610
MST configuration mode 669
VLANs-to-instance mapping 669
path cost 671
protocol mode 667
restart protocol migration process 101
root port
loop guard 662
preventing from becoming designated 662
restricting which can be root 662
root guard 662
root switch
affects of extended system ID 660
hello-time 674, 682
interval between BDPU messages 675
interval between hello BPDU messages 674, 682
max-age 675
maximum hop count before discarding BPDU 676
port priority for selection of 678
primary or secondary 682
switch priority 681
state changes
blocking to forwarding state 688
enabling BPDU filtering 652, 686
enabling BPDU guard 654, 686
enabling Port Fast 686, 688
forward-delay time 673
length of listening and learning states 673
rapid transition to forwarding 664
shutting down Port Fast-enabled ports 686
state information display 609
MTU
configuring size 745
displaying global setting 620
Multicase Listener Discovery
See MLD
multicast group address, MVR 355
multicast groups, MVR 353
Multicast Listener Discovery
See MLD
multicast router learning method 249
multicast router ports, configuring 249
multicast router ports, IPv6 269
multicast storm control 707
multicast VLAN, MVR 353
multicast VLAN registration
See MVR
Multiple Spanning Tree Protocol
See MSTP
MVR
and address aliasing 353
configuring 352
configuring interfaces 355
debug messages, display 28
displaying 584
displaying interface information 585
members, displaying 587
mvr (global configuration) command 352
mvr (interface configuration) command 355
mvr vlan group command 356
N
native VLANs 740
Network Admission Control Software Configuration Guide 198, 200
network-policy (global configuration) command 359
network-policy command 358
network-policy profile (network-policy configuration) command 361
nmsp attachment suppress command 364
nmsp command 363
no authentication logging verbose 365
no dot1x logging verbose 366
no mab logging verbose 367
nonegotiate, speed 696
nonegotiating DTP messaging 727
non-IP protocols
denying 123
forwarding 374
non-IP traffic access lists 290
non-IP traffic forwarding
denying 123
permitting 374
normal-range VLANs 761
no vlan command 761
O
online diagnostics
displaying
configured boot-up coverage level 469
current scheduled tasks 469
event logs 469
supported test suites 469
test ID 469
test results 469
test statistics 469
global configuration mode
clearing health monitoring diagnostic test schedule 87
setting health monitoring diagnostic testing 87
setting up health monitoring diagnostic test schedule 87
health monitoring diagnostic tests, configuring 126
testing, starting 130
P
PAgP
See EtherChannel
pagp learn-method command 368
pagp port-priority command 370
password, VTP 772
password-recovery mechanism, enabling and disabling 414
permit (ARP access-list configuration) command 372
permit (MAC access-list configuration) command 374
per-VLAN spanning-tree plus
See STP
physical-port learner 368
PIM-DVMRP, as multicast router learning method 249
PoE
configuring the power budget 387
configuring the power management mode 384
displaying controller register values 463
displaying power management information 598
logging of status 283
monitoring power 389
policing power consumption 389
police aggregate command 379
police command 377
policed-DSCP map 317
policy-map command 381
policy maps
applying to an interface 416, 421
creating 381
hierarchical 382
policers
displaying 570
for a single class 377
for multiple classes 311, 379
policed-DSCP map 317
traffic classification
defining the class 78
defining trust states 753
setting DSCP or IP precedence values 419
Port Aggregation Protocol
See EtherChannel
port-based authentication
AAA method list 3
configuring violation modes 168
debug messages, display 10
enabling IEEE 802.1x
globally 132
per interface 158
guest VLAN 147
host modes 149
IEEE 802.1x AAA accounting methods 1
initialize an interface 151, 164
MAC authentication bypass 152
manual control of authorization state 158
PAE as authenticator 157
periodic re-authentication
enabling 161
time between attempts 165
quiet period between failed authentication exchanges 165
re-authenticating IEEE 802.1x-enabled ports 160
resetting configurable IEEE 802.1x parameters 145
switch-to-authentication server retransmission time 165
switch-to-client frame-retransmission number 154 to 156
switch-to-client retransmission time 165
test for IEEE 802.1x readiness 163
port-channel load-balance command 383
Port Fast, for spanning tree 688
port ranges, defining 116, 118
ports, debugging 68
ports, protected 738
port security
aging 734
debug messages, display 70
enabling 729
violation error recovery 178
port trust states for QoS 345
port types, MVR 355
power information, displaying 480
power inline command 384
power inline consumption command 387
power inline police command 389
Power over Ethernet
See PoE
priority-queue command 392
priority value, stack member 617
privileged EXEC mode 2, 3
protected ports, displaying 498
pruning
VLANs 740
VTP
displaying interface information 493
enabling 772
pruning-eligible VLAN list 741
psp 394
psp command 394
PVST+
See STP
Q
QoS
auto-QoS
configuring 57
debug messages, display 4
auto-QoS trust
configuring 51
auto-QoS video
configuring 54
class maps
creating 81
defining the match criteria 302
displaying 444
defining the CoS value for an incoming packet 313
displaying configuration information 569
DSCP transparency 327
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 315
defining DSCP-to-DSCP-mutation map 317
egress queues
allocating buffers 321
defining the CoS output queue threshold map 341
defining the DSCP output queue threshold map 343
displaying buffer allocations 572
displaying CoS output queue threshold map 577
displaying DSCP output queue threshold map 577
displaying queueing strategy 572
displaying queue-set settings 580
enabling bandwidth shaping and scheduling 700
enabling bandwidth sharing and scheduling 702
limiting the maximum output on a port 698
mapping a port to a queue-set 395
mapping CoS values to a queue and threshold 341
mapping DSCP values to a queue and threshold 343
setting maximum and reserved memory allocations 323
setting WTD thresholds 323
enabling 309
ingress queues
allocating buffers 331
assigning SRR scheduling weights 329
defining the CoS input queue threshold map 333
defining the DSCP input queue threshold map 335
displaying buffer allocations 572
displaying CoS input queue threshold map 577
displaying DSCP input queue threshold map 577
displaying queueing strategy 572
displaying settings for 571
enabling the priority queue 337
mapping CoS values to a queue and threshold 333
mapping DSCP values to a queue and threshold 335
setting WTD thresholds 339
maps
defining 317, 333, 335, 341, 343
policy maps
applying an aggregate policer 379
applying to an interface 416, 421
creating 381
defining policers 311, 377
displaying policers 570
hierarchical 382
policed-DSCP map 317
setting DSCP or IP precedence values 419
traffic classifications 78
trust states 753
port trust states 345
queues, enabling the expedite 392
statistics
in-profile and out-of-profile packets 572
packets enqueued or dropped 572
sent and received CoS values 572
sent and received DSCP values 572
trusted boundary for IP phones 345
quality of service
See QoS
querytime, MVR 352
queue-set command 395
R
radius-server dead-criteria command 396
radius-server host command 398
rapid per-VLAN spanning-tree plus
See STP
rapid PVST+
See STP
rcommand command 400
re-authenticating IEEE 802.1x-enabled ports 160
re-authentication
periodic 161
time between attempts 165
receiver ports, MVR 355
receiving flow-control packets 184
recovery mechanism
causes 178
display 86, 441, 482, 484
timer interval 179
redundancy for cluster switches 113
reload command 402
remote command 404
remote-span command 406
Remote Switched Port Analyzer
See RSPAN
rename (boot loader) command 16
renew ip dhcp snooping database command 408
reset (boot loader) command 17
resource templates, displaying 605
restricted VLAN
See dot1x auth-fail vlan
rmdir (boot loader) command 18
rmon collection stats command 411
root guard, for spanning tree 662
RSPAN
configuring 347
filter RSPAN traffic 347
remote-span command 406
S
SDM mismatch mode 618
sdm prefer command 412
SDM templates
displaying 605
dual IPv4 and IPv6 412
secure ports, limitations 731
sending flow-control packets 184
service password-recovery command 414
service-policy command 416
session command 418
set (boot loader) command 19
set command 419
setup command 421
setup express command 424
show access-lists command 426
show archive status command 429
show arp access-list command 430
show authentication command 431
show auto qos command 435
show boot command 439
show cable-diagnostics tdr command 441
show cisp command 443
show class-map command 444
show cluster candidates command 447
show cluster command 445
show cluster members command 449
show controllers cpu-interface command 451
show controllers ethernet-controller command 453
show controllers power inline command 463
show controllers tcam command 465
show controller utilization command 467
show dot1x command 472
show dtp 476
show eap command 478
show env command 480
show errdisable detect command 482
show errdisable flap-values command 483
show errdisable recovery command 484
show etherchannel command 486
show fallback profile command 489
show flowcontrol command 491
show interfaces command 493
show interfaces counters command 501
show inventory command 503
show ip arp inspection command 504
show ip dhcp snooping binding command 509
show ip dhcp snooping command 508
show ip dhcp snooping database command 511, 513
show ip igmp profile command 516
show ip igmp snooping command 517, 528
show ip igmp snooping groups command 520
show ip igmp snooping mrouter command 522
show ip igmp snooping querier command 523
show ip source binding command 525
show ipv6 route updated 536
show ip verify source command 526
show lacp command 538
show link state group command 542
show logging onboard command 546
show mac access-group command 551
show mac address-table address command 554
show mac address-table aging time command 555
show mac address-table command 552
show mac address-table count command 557
show mac address-table dynamic command 558
show mac address-table interface command 560
show mac address-table move update command 562
show mac address-table notification command 94, 563, 26
show mac address-table static command 565
show mac address-table vlan command 567
show mls qos aggregate-policer command 570
show mls qos command 569
show mls qos input-queue command 571
show mls qos interface command 572
show mls qos maps command 577
show mls qos queue-set command 580
show mls qos vlan command 581
show monitor command 582
show mvr command 584
show mvr interface command 585
show mvr members command 587
show network-policy profile command 589
show nmsp command 590
show pagp command 593
show platform acl command 2
show platform backup interface command 3
show platform etherchannel command 4
show platform forward command 5
show platform frontend-controller command 7
show platform igmp snooping command 8
show platform ip unicast command 9
show platform layer4op command 10
show platform mac-address-table command 11
show platform messaging command 12
show platform monitor command 13
show platform mvr table command 14
show platform pm command 15
show platform port-asic command 16
show platform port-security command 21
show platform qos command 22
show platform resource-manager command 23
show platform snmp counters command 25
show platform spanning-tree command 26
show platform stack manager command 28
show platform stp-instance command 27
show platform tb command 31
show platform tcam command 33
show platform vlan command 35
show policy-map command 595
show port security command 596
show power inline command 598
show psp config 603
show psp config command 603
show psp statistics 604
show psp statistics command 604
show sdm prefer command 605
show setup express command 608
show spanning-tree command 609
show storm-control command 615
show switch command 617
show system mtu command 620
show trust command 753
show udld command 621
show version command 624
show vlan command 626
show vlan command, fields 627
show vmps command 629
show vtp command 631
shutdown command 637
shutdown vlan command 638
small violation-rate command 639
SNMP host, specifying 645
SNMP informs, enabling the sending of 641
snmp-server enable traps command 641
snmp-server host command 645
snmp trap mac-notification change command 649
SNMP traps
enabling MAC address notification trap 649
enabling the MAC address notification feature 297
enabling the sending of 641
SoftPhone
See Cisco SoftPhone
software images
copying 6
deleting 120
downloading 9
upgrading 6, 9
uploading 16
software version, displaying 624
source ports, MVR 355
SPAN
configuring 347
debug messages, display 27
filter SPAN traffic 347
sessions
add interfaces to 347
start new 347
spanning-tree backbonefast command 651
spanning-tree bpdufilter command 652
spanning-tree bpduguard command 654
spanning-tree cost command 656
spanning-tree etherchannel command 658
spanning-tree extend system-id command 660
spanning-tree guard command 662
spanning-tree link-type command 664
spanning-tree loopguard default command 666
spanning-tree mode command 667
spanning-tree mst configuration command 669
spanning-tree mst cost command 671
spanning-tree mst forward-time command 673
spanning-tree mst hello-time command 674
spanning-tree mst max-age command 675
spanning-tree mst max-hops command 676
spanning-tree mst port-priority command 678
spanning-tree mst pre-standard command 680
spanning-tree mst priority command 681
spanning-tree mst root command 682
spanning-tree portfast (global configuration) command 686
spanning-tree portfast (interface configuration) command 688
spanning-tree port-priority command 684
Spanning Tree Protocol
See STP
spanning-tree transmit hold-count command 690
spanning-tree uplinkfast command 691
spanning-tree vlan command 693
speed command 696
srr-queue bandwidth limit command 698
srr-queue bandwidth share command 702
SSH, configuring version 255
stack-mac persistent timer command 704
stack member
access 418
number 617, 714
provisioning 712
reloading 402
stacks, switch
disabling a member 710
enabling a member 710
MAC address 704
provisioning a new member 712
reloading 402
stack member access 418
stack member number 617, 714
stack member priority value 617
static-access ports, configuring 716
statistics, Ethernet group 411
sticky learning, enabling 729
storm-control command 707
STP
BackboneFast 651
counters, clearing 100
debug messages, display
BackboneFast events 74
MSTP 77
optimized BPDUs handling 76
spanning-tree activity 72
switch shim 79
transmitted and received BPDUs 75
UplinkFast 81
detection of indirect link failures 651
EtherChannel misconfiguration 658
extended system ID 660
path cost 656
protocol modes 667
root port
accelerating choice of new 691
loop guard 662
preventing from becoming designated 662
restricting which can be root 662
root guard 662
UplinkFast 691
root switch
affects of extended system ID 660, 694
hello-time 693
interval between BDPU messages 693
interval between hello BPDU messages 693
max-age 693
port priority for selection of 684
primary or secondary 693
switch priority 693
state changes
blocking to forwarding state 688
enabling BPDU filtering 652, 686
enabling BPDU guard 654, 686
enabling Port Fast 686, 688
enabling timer to recover from error state 178
forward-delay time 693
length of listening and learning states 693
shutting down Port Fast-enabled ports 686
state information display 609
VLAN options 681, 693
Switched Port Analyzer
See SPAN
switchport access command 716
switchport backup interface command 718
switchport block command 722
switchport host command 724
switchport mode command 725
switchport nonegotiate command 727
switchport port-security aging command 734
switchport port-security command 729
switchport priority extend command 736
switchport protected command 738
switchports, displaying 493
switchport trunk command 740
switchport voice vlan command 743
switch priority command 710
switch provision command 712
switch renumber command 714
system message logging 283
system message logging, save message to flash 284
system mtu command 745
system resource templates 412
T
tar files, creating, listing, and extracting 13
TDR, running 747
Telnet, using to communicate to cluster switches 400
temperature information, displaying 480
templates, system resources 412
test cable-diagnostics tdr command 747
traceroute mac command 748
traceroute mac ip command 751
trunking, VLAN mode 725
trunk mode 725
trunk ports 725
trunks, to non-DTP device 726
trusted boundary for QoS 345
trusted port states for QoS 345
type (boot loader) command 22
U
UDLD
aggressive mode 755, 757
debug messages, display 89
enable globally 755
enable per interface 757
error recovery timer 178
message timer 755
normal mode 755, 757
reset a shutdown interface 759
status 621
udld command 755
udld port command 757
udld reset command 759
unicast storm control 707
UniDirectional Link Detection
See UDLD
unknown multicast traffic, preventing 722
unknown unicast traffic, preventing 722
unset (boot loader) command 23
upgrading
software images
copying 6
downloading 9
monitoring status of 429
UplinkFast, for STP 691
usb-inactivity-timeout (console configuration) command 760
user EXEC mode 2, 3
V
version (boot loader) command 25
version mismatch mode 617
vlan (global configuration) command 761
VLAN configuration
rules 764
saving 761
VLAN configuration mode
description 5
summary 3
VLAN ID range 761
VLAN Query Protocol
See VQP
VLANs
adding 761
configuring 761
debug messages, display
ISL 85
VLAN IOS file system error tests 84
VLAN manager activity 82
VTP 87
displaying configurations 626
enabling guest VLAN supplicant 135, 146, 183
extended-range 761
MAC addresses
displaying 567
number of 557
media types 763
normal-range 761
restarting 638
saving the configuration 761
shutting down 638
SNMP traps for VTP 643, 646
suspending 638
VLAN Trunking Protocol
See VTP
VM mode 617
VMPS
configuring servers 769
displaying 629
error recovery timer 179
reconfirming dynamic VLAN assignments 766
vmps reconfirm (global configuration) command 767
vmps reconfirm (privileged EXEC) command 766
vmps retry command 768
vmps server command 769
voice VLAN
configuring 743
setting port priority 736
VQP
and dynamic-access ports 717
clearing client statistics 102
displaying information 629
per-server retry count 768
reconfirmation interval 767
reconfirming dynamic VLAN assignments 766
VTP
changing characteristics 771
clearing pruning counters 103
configuring
domain name 771
file name 771
mode 771
password 772
counters display fields 632
displaying information 631
enabling
pruning 772
Version 2 772
enabling per port 776
mode 771
pruning 772
saving the configuration 761
statistics 631
status 631
status display fields 634
vtp (global configuration) command 771
vtp interface configuration) command 776
vtp primary command 777