Catalyst 3750 Command Reference, Release 12.2(55)SE
Downloads: This chapterpdf (PDF - 704.0 KB) The complete bookPDF (PDF - 7.84 MB) | Feedback



aaa accounting dot1x command 2-1

aaa authentication dot1x command 2-3, 2-846

aaa authorization network command 2-5, 2-24, 2-30, 2-32, 2-34, 2-36, 2-38, 2-148, 2-316, 2-485, B-7, B-34

AAA methods 2-3, 2-846

access control entries

See ACEs

access control lists

See ACLs

access groups

IP 2-203

MAC, displaying 2-613

access list, IPv6 2-273

access map configuration mode 2-332

access mode 2-803

access ports 2-803

ACEs 2-133, 2-409


deny 2-131

displaying 2-466

for non-IP protocols 2-320

IP 2-203

matching 2-332

on Layer 2 interfaces 2-203

permit 2-407

action command 2-6

address aliasing 2-380

aggregate-port learner 2-395

allowed VLANs 2-823

archive copy-sw command 2-8

archive download-sw command 2-11

archive tar command 2-15

archive upload-sw command 2-18

arp access-list command 2-20

authentication command bounce-port ignore 2-22

authentication command disable-port ignore 2-23

authentication control-direction command 2-24

authentication event command 2-26

authentication failed VLAN

See dot1x auth-fail vlan

authentication fallback command 2-30

authentication host-mode command 2-32

authentication mac-move permit command 2-34

authentication open command 2-36

authentication order command 2-38

authentication periodic command 2-40

authentication port-control command 2-42

authentication priority command 2-44

authentication timer command 2-46

authentication violation command 2-48

auth-fail max-attempts

See dot1x auth-fail max-attempts

auth-fail vlan

See dot1x auth-fail vlan

auth open command 2-36

auth order command 2-38

authorization state of controlled port 2-168

auth timer command 2-46

autonegotiation of duplex mode 2-181

auto qos classify command 2-50

auto qos trust command 2-53

auto qos voip command 2-56


BackboneFast, for STP 2-724

backup interfaces

configuring 2-796

displaying 2-543

boot (boot loader) command A-2

boot auto-copy-sw command 2-62

boot auto-download-sw command 2-63

boot config-file command 2-66

boot enable-break command 2-67

boot helper command 2-68

boot helper-config file command 2-69


Cisco IOS image 2-72

displaying environment variables 2-479

interrupting 2-63, 2-67

manually 2-70

boot loader

accessing A-1


Cisco IOS image A-2

helper image 2-68


creating A-15

displaying a list of A-7

removing A-19


available commands A-12

memory heap utilization A-13

version A-26

environment variables

described A-20

displaying settings A-20

location of A-21

setting A-20

unsetting A-24

boot loader (continued)


copying A-5

deleting A-6

displaying a list of A-7

displaying the contents of A-4, A-16, A-23

renaming A-17

file system

formatting A-10

initializing flash A-9

running a consistency check A-11

prompt A-1

resetting the system A-18

boot manual command 2-70

boot private-config-file command 2-71

boot system command 2-72

BPDU filtering, for spanning tree 2-725, 2-759

BPDU guard, for spanning tree 2-727, 2-759

broadcast storm control 2-780


candidate switches

See clusters

cat (boot loader) command A-4

Catalyst 3750G Integrated Wireless LAN Controller Switch 2-457

CDP, enabling protocol tunneling for 2-297

channel-group command 2-75

channel-protocol command 2-79

Cisco SoftPhone

auto-QoS configuration 2-56

trusting packets sent from 2-371


See Client Information Signalling Protocol


debug platform cisp command B-34

cisp enable command 2-80

class command 2-81

class-map command 2-84

class maps

creating 2-84

defining the match criteria 2-334

displaying 2-486

class of service

See CoS

clear dot1x command 2-86

clear eap sessions command 2-87

clear errdisable interface 2-88

clear ip arp inspection log command 2-89

clear ip arp inspection statistics command 2-90

clear ipc command 2-93

clear ip dhcp snooping database command 2-91

clear ipv6 dhcp conflict command 2-94

clear l2protocol-tunnel counters command 2-95

clear lacp command 2-96

clear mac address-table command 2-97, 2-99

clear nmsp statistics command 2-100

clear pagp command 2-101

clear port-security command 2-102

clear spanning-tree counters command 2-104

clear spanning-tree detected-protocols command 2-105

clear vmps statistics command 2-106

clear vtp counters command 2-107

Client Information Signalling Protocol 2-80, 2-148, 2-485, B-7, B-34

cluster commander-address command 2-108

cluster discovery hop-count command 2-110

cluster enable command 2-111

cluster holdtime command 2-112

cluster member command 2-113

cluster outside-interface command 2-115

cluster run command 2-116


adding candidates 2-113

binding to HSRP group 2-117

building manually 2-113

communicating with

devices outside the cluster 2-115

members by using Telnet 2-437

debug messages, display B-8


candidate switches 2-489

debug messages B-8

member switches 2-491

status 2-487

hop-count limit for extended discovery 2-110

HSRP standby groups 2-117

redundancy 2-117

SNMP trap 2-713

cluster standby-group command 2-117

cluster timer command 2-119

command modes defined 1-2

command switch

See clusters

configuration files

password recovery disable considerations A-1

specifying the name 2-66, 2-71

configuring multiple interfaces 2-199

controller, wireless 2-457

copy (boot loader) command A-5


assigning default value to incoming packets 2-341

assigning to Layer 2 protocol packets 2-300

overriding the incoming value 2-341

CoS-to-DSCP map 2-345

CPU ASIC statistics, displaying 2-493

crashinfo files 2-192

critical VLAN 2-27


debug authentication B-2

debug auto qos command B-4

debug backup command B-6

debug cisp command B-7

debug cluster command B-8

debug dot1x command B-10

debug dtp command B-12

debug eap command B-13

debug etherchannel command B-14

debug ilpower command B-15

debug interface command B-16

debug ip dhcp snooping command B-17

debug ip igmp filter command B-19

debug ip igmp max-groups command B-20

debug ip igmp snooping command B-21

debug ip verify source packet command B-18

debug lacp command B-22

debug lldp packets command B-23

debug mac-notification command B-24

debug matm command B-25

debug matm move update command B-26

debug monitor command B-27

debug mvrdbg command B-28

debug nmsp command B-29

debug nvram command B-30

debug pagp command B-31

debug platform acl command B-32

debug platform backup interface command B-33

debug platform cisp command B-34

debug platform cli-redirection main command B-35

debug platform configuration command B-36, B-44

debug platform cpu-queues command B-37

debug platform device-manager command B-39

debug platform dot1x command B-40

debug platform etherchannel command B-41

debug platform fallback-bridging command B-42

debug platform forw-tcam command B-43

debug platform ip arp inspection command B-45

debug platform ipc command B-56

debug platform ip dhcp command B-46

debug platform ip igmp snooping command B-47

debug platform ip multicast command B-49

debug platform ip source-guard command B-52

debug platform ip unicast command B-53

debug platform ip wccp command B-55

debug platform led command B-57

debug platform matm command B-58

debug platform messaging application command B-59

debug platform phy command B-60

debug platform pm command B-62

debug platform port-asic command B-64

debug platform port-security command B-65

debug platform qos-acl-tcam command B-66

debug platform remote-commands command B-67

debug platform resource-manager command B-68

debug platform snmp command B-69

debug platform span command B-70

debug platform stack-manager command B-71

debug platform supervisor-asic command B-72

debug platform sw-bridge command B-73

debug platform tcam command B-74

debug platform udld command B-77

debug platform vlan command B-78

debug platform wireless-controller B-103

debug pm command B-79

debug port-security command B-81

debug qos-manager command B-82

debug spanning-tree backbonefast command B-85

debug spanning-tree bpdu command B-86

debug spanning-tree bpdu-opt command B-87

debug spanning-tree command B-83

debug spanning-tree mstp command B-88

debug spanning-tree switch command B-90

debug spanning-tree uplinkfast command B-92

debug sw-vlan command B-93

debug sw-vlan ifs command B-95

debug sw-vlan notification command B-96

debug sw-vlan vtp command B-98

debug udld command B-100

debug vqpc command B-102

define interface-range command 2-120

delete (boot loader) command A-6

delete command 2-122

deny (ARP access-list configuration) command 2-124

deny (IPv6) command 2-126

deny command 2-131

detect mechanism, causes 2-183

DHCP snooping

accepting untrusted packets from edge switch 2-234


on a VLAN 2-240

option 82 2-232, 2-234

trust on an interface 2-238

error recovery timer 2-189

rate limiting 2-237

DHCP snooping binding database

binding file, configuring 2-230


adding 2-228

deleting 2-228

displaying 2-563

clearing database agent statistics 2-91

database agent, configuring 2-230


binding entries 2-563

database agent status 2-565, 2-567

renewing 2-444

dir (boot loader) command A-7

directories, deleting 2-122

domain name, VTP 2-860

dot1x auth-fail max-attempts 2-142

dot1x auth-fail vlan 2-144

dot1x command 2-140

dot1x control-direction command 2-146

dot1x credentials (global configuration) command 2-148

dot1x critical global configuration command 2-149

dot1x critical interface configuration command 2-151

dot1x default command 2-153

dot1x fallback command 2-154

dot1x guest-vlan command 2-155

dot1x host-mode command 2-158

dot1x initialize command 2-160

dot1x mac-auth-bypass command 2-161

dot1x max-reauth-req command 2-163

dot1x max-req command 2-165

dot1x multiple-hosts command 2-166

dot1x pae command 2-167

dot1x port-control command 2-168

dot1x re-authenticate command 2-170

dot1x re-authentication command 2-171

dot1x reauthentication command 2-172

dot1x supplicant force-multicast command 2-173

dot1x test eapol-capable command 2-174

dot1x test timeout command 2-175

dot1x timeout command 2-176

dot1x violation-mode command 2-179

dropping packets, with ACL matches 2-6

drop threshold, Layer 2 protocol tunneling 2-297

DSCP-to-CoS map 2-345

DSCP-to-DSCP-mutation map 2-345

DTP 2-804

DTP flap

error detection for 2-183

error recovery timer 2-189

DTP negotiation 2-808

dual-purpose uplink ports

displaying configurable options 2-546

duplex command 2-180

dynamic-access ports

configuring 2-792

restrictions 2-793

dynamic ARP inspection


apply to a VLAN 2-211

define 2-20

deny packets 2-124

display 2-470

permit packets 2-399


log buffer 2-89

statistics 2-90


ARP ACLs 2-470

configuration and operating state 2-558

log buffer 2-558

statistics 2-558

trust state and rate limit 2-558

enable per VLAN 2-221

error detection for 2-183

error recovery timer 2-189

log buffer

clear 2-89

configure 2-215

display 2-558

rate-limit incoming ARP packets 2-213


clear 2-90

display 2-558

trusted interface state 2-217

type of packet logged 2-222

validation checks 2-219

dynamic auto VLAN membership mode 2-803

dynamic desirable VLAN membership mode 2-803

Dynamic Host Configuration Protocol (DHCP)

See DHCP snooping

Dynamic Trunking Protocol



EAP-request/identity frame

maximum number to send 2-165

response time before retransmitting 2-176

encapsulation methods 2-823

environment variables, displaying 2-479

epm access-control open 2-182

errdisable detect cause command 2-183

errdisable detect cause small-frame comand 2-186

errdisable recovery cause small-frame 2-188

errdisable recovery command 2-189

error conditions, displaying 2-529

error disable detection 2-183

error-disabled interfaces, displaying 2-543


assigning Ethernet interface to channel group 2-75

creating port-channel logical interface 2-197

debug EtherChannel/PAgP, display B-14

debug platform-specific events, display B-41

displaying 2-533

enabling Layer 2 protocol tunneling for

LACP 2-298

PAgP 2-298

UDLD 2-298

interface information, displaying 2-543


clearing channel-group information 2-96

debug messages, display B-22

displaying 2-603

modes 2-75

port priority for hot-standby ports 2-301

restricting a protocol 2-79

system priority 2-303

load-distribution methods 2-417

EtherChannel (continued)


aggregate-port learner 2-395

clearing channel-group information 2-101

debug messages, display B-31

displaying 2-662

error detection for 2-183

error recovery timer 2-189

learn method 2-395

modes 2-75

physical-port learner 2-395

priority of interface for transmitted traffic 2-397

Ethernet controller, internal register display 2-495

Ethernet statistics, collecting 2-447

exception crashinfo command 2-192

extended discovery of candidate switches 2-110

extended-range VLANs

and allowed VLAN list 2-823

and pruning-eligible list 2-823

extended system ID for STP 2-733


fallback profile command 2-193

fallback profiles, displaying 2-536

fan information, displaying 2-523

file name, VTP 2-860

files, deleting 2-122

flash_init (boot loader) command A-9

flexible authentication ordering 2-38

Flex Links

configuring 2-796

configuring preferred VLAN 2-799

displaying 2-543

flowcontrol command 2-195

format (boot loader) command A-10

forwarding packets, with ACL matches 2-6

forwarding results, display C-6

frame forwarding information, displaying C-6

front-end controller, counter and status information C-8

fsck (boot loader) command A-11


global configuration mode 1-2, 1-4


hardware ACL statistics 2-466

help (boot loader) command A-12

hierarchical policy maps 2-415

hop-count limit for clusters 2-110

host connection, port configuration 2-802

host ports, private VLANs 2-806

Hot Standby Router Protocol



binding HSRP group to cluster 2-117

standby group 2-117


IEEE 802.1Q trunk ports and native VLANs 2-852

IEEE 802.1Q tunnel ports

configuring 2-803

displaying 2-512

limitations 2-804

IEEE 802.1x

and switchport modes 2-804

violation error recovery 2-189

See also port-based authentication

IEEE 802.1X Port Based Authentication

enabling guest VLAN supplicant 2-143, 2-154, 2-194

IGMP filters

applying 2-243

debug messages, display B-19

IGMP groups, setting maximum 2-244

IGMP maximum groups, debugging B-20

IGMP profiles

creating 2-246

displaying 2-570

IGMP snooping

adding ports as a static member of a group 2-262

displaying 2-571, 2-576, 2-578

enabling 2-248

enabling the configurable-leave timer 2-250

enabling the Immediate-Leave feature 2-259

flooding query count 2-256

interface topology change notification behavior 2-258

multicast table 2-574

querier 2-252

query solicitation 2-256

report suppression 2-254

switch topology change notification behavior 2-256


See software images

Immediate-Leave feature, MVR 2-382

immediate-leave processing 2-259

Immediate-Leave processing, IPv6 2-293

interface configuration mode 1-2, 1-4

interface port-channel command 2-197

interface range command 2-199

interface-range macros 2-120


assigning Ethernet interface to channel group 2-75

configuring 2-180

configuring multiple 2-199

creating port-channel logical 2-197

debug messages, display B-16

disabling 2-709

displaying the MAC address table 2-625

restarting 2-709

interface speed, configuring 2-769

interface vlan command 2-201

internal registers, displaying 2-495, 2-505

Internet Group Management Protocol


invalid GBIC

error detection for 2-183

error recovery timer 2-189

ip access-group command 2-203

ip address command 2-206

IP addresses, setting 2-206

IP address matching 2-332

ip admission command 2-208

ip admission name proxy http command 2-209

ip arp inspection filter vlan command 2-211

ip arp inspection limit command 2-213

ip arp inspection log-buffer command 2-215

ip arp inspection trust command 2-217

ip arp inspection validate command 2-219

ip arp inspection vlan command 2-221

ip arp inspection vlan logging command 2-222

ip device tracking command 2-226

ip device tracking probe command 2-224

IP DHCP snooping

See DHCP snooping

ip dhcp snooping binding command 2-228

ip dhcp snooping command 2-227

ip dhcp snooping database command 2-230

ip dhcp snooping information option allow-untrusted command 2-234

ip dhcp snooping information option command 2-232

ip dhcp snooping information option format remote-id command 2-236

ip dhcp snooping limit rate command 2-237

ip dhcp snooping trust command 2-238

ip dhcp snooping verify command 2-239

ip dhcp snooping vlan command 2-240

ip dhcp snooping vlan information option format-type circuit-id string command 2-241

ip igmp filter command 2-243

ip igmp max-groups command 2-244, 2-268, 2-270

ip igmp profile command 2-246

ip igmp snooping command 2-248

ip igmp snooping last-member-query-interval command 2-250

ip igmp snooping querier command 2-252

ip igmp snooping report-suppression command 2-254

ip igmp snooping tcn command 2-256

ip igmp snooping tcn flood command 2-258

ip igmp snooping vlan immediate-leave command 2-259

ip igmp snooping vlan mrouter command 2-260

ip igmp snooping vlan static command 2-262

IP multicast addresses 2-379

IP phones

auto-QoS configuration 2-56

trusting packets sent from 2-371

IP-precedence-to-DSCP map 2-345

ip snap forwarding command 2-264

ip source binding command 2-265

IP source guard

disabling 2-272


binding entries 2-580

configuration 2-581

dynamic binding entries only 2-563

enabling 2-272

static IP source bindings 2-265

ip ssh command 2-267

IPv6 access list, deny conditions 2-126

ipv6 access-list command 2-273

ipv6 address dhcp command 2-275

ipv6 dhcp client request vendor command 2-276

ipv6 dhcp ping packets command 2-277

ipv6 dhcp pool command 2-278

ipv6 dhcp server command 2-280

ipv6 mld snooping command 2-282

ipv6 mld snooping last-listener-query count command 2-284

ipv6 mld snooping last-listener-query-interval command 2-286

ipv6 mld snooping listener-message-suppression command 2-288

ipv6 mld snooping robustness-variable command 2-289

ipv6 mld snooping tcn command 2-291

ipv6 mld snooping vlan command 2-293

IPv6 SDM template 2-448

ipv6 traffic-filter command 2-295

ip verify source command 2-272


jumbo frames



l2protocol-tunnel command 2-297

l2protocol-tunnel cos command 2-300


See EtherChannel

lacp port-priority command 2-301

lacp system-priority command 2-303

Layer 2 mode, enabling 2-790

Layer 2 protocol ports, displaying 2-600

Layer 2 protocol-tunnel

error detection for 2-183

error recovery timer 2-189

Layer 2 protocol tunnel counters 2-95

Layer 2 protocol tunneling error recovery 2-298

Layer 2 traceroute

IP addresses 2-837

MAC addresses 2-834

Layer 3 mode, enabling 2-790

line configuration mode 1-3, 1-5

Link Aggregation Control Protocol

See EtherChannel

link flap

error detection for 2-183

error recovery timer 2-189

link state group command 2-305

link state track command 2-307

load-distribution methods for EtherChannel 2-417

location (global configuration) command 2-308

location (interface configuration) command 2-310

logging event command 2-312

logging event power-inline-status command 2-313

logging file command 2-314

logical interface 2-197

loopback error

detection for 2-183

recovery timer 2-189

loop guard, for spanning tree 2-735, 2-739


mab request format attribute 32 command 2-316

mac access-group command 2-318

MAC access-groups, displaying 2-613

MAC access list configuration mode 2-320

mac access-list extended command 2-320

MAC access lists 2-131

MAC addresses

disabling MAC address learning per VLAN 2-323


aging time 2-619

all 2-617

dynamic 2-623

MAC address-table move updates 2-628

notification settings 2-627, 2-630

number of addresses in a VLAN 2-621

per interface 2-625

per VLAN 2-634

static 2-632

static and dynamic entries 2-615


aging time 2-322

deleting 2-97

displaying 2-623

enabling MAC address notification 2-327

enabling MAC address-table move update 2-325

MAC addresses (continued)

matching 2-332

persistent stack 2-777


adding and removing 2-329

displaying 2-632

dropping on an interface 2-330

tables 2-617

MAC address notification, debugging B-24

mac address-table aging-time 2-318, 2-332

mac address-table aging-time command 2-322

mac address-table learning command 2-323

mac address-table move update command 2-325

mac address-table notification command 2-327

mac address-table static command 2-329

mac address-table static drop command 2-330


interface range 2-120, 2-199



defining 2-345

displaying 2-644


creating 2-849

defining 2-332

displaying 2-700

match (access-map configuration) command 2-332

match (class-map configuration) command 2-334

maximum transmission unit


mdix auto command 2-336

member switches

See clusters

memory (boot loader) command A-13

mkdir (boot loader) command A-15

MLD snooping

configuring 2-288, 2-289

configuring queries 2-284, 2-286

configuring topology change notification 2-291

displaying 2-590, 2-592, 2-594, 2-596

enabling 2-282

MLD snooping on a VLAN, enabling 2-293

mls qos aggregate-policer command 2-339

mls qos command 2-337

mls qos cos command 2-341

mls qos dscp-mutation command 2-343

mls qos map command 2-345

mls qos queue-set output buffers command 2-349

mls qos queue-set output threshold command 2-351

mls qos rewrite ip dscp command 2-353

mls qos srr-queue input bandwidth command 2-355

mls qos srr-queue input buffers command 2-357

mls qos-srr-queue input cos-map command 2-359

mls qos srr-queue input dscp-map command 2-361

mls qos srr-queue input priority-queue command 2-363

mls qos srr-queue input threshold command 2-365

mls qos-srr-queue output cos-map command 2-367

mls qos srr-queue output dscp-map command 2-369

mls qos trust command 2-371

mls qos vlan-based command 2-373

mode, MVR 2-379

Mode button, and password recovery 2-452

modes, commands 1-2

monitor session command 2-374

more (boot loader) command A-16


displaying 2-677

interoperability 2-105

link type 2-737

MSTP (continued)

MST region

aborting changes 2-742

applying changes 2-742

configuration name 2-742

configuration revision number 2-742

current or pending display 2-742

displaying 2-677

MST configuration mode 2-742

VLANs-to-instance mapping 2-742

path cost 2-744

protocol mode 2-740

restart protocol migration process 2-105

root port

loop guard 2-735

preventing from becoming designated 2-735

restricting which can be root 2-735

root guard 2-735

root switch

affects of extended system ID 2-733

hello-time 2-747, 2-755

interval between BDPU messages 2-748

interval between hello BPDU messages 2-747, 2-755

max-age 2-748

maximum hop count before discarding BPDU 2-749

port priority for selection of 2-751

primary or secondary 2-755

switch priority 2-754

state changes

blocking to forwarding state 2-761

enabling BPDU filtering 2-725, 2-759

enabling BPDU guard 2-727, 2-759

enabling Port Fast 2-759, 2-761

forward-delay time 2-746

length of listening and learning states 2-746

rapid transition to forwarding 2-737

shutting down Port Fast-enabled ports 2-759

MSTP (continued)

state information display 2-676


configuring size 2-831

displaying global setting 2-689

Multicase Listener Discovery


multicast group address, MVR 2-382

multicast groups, MVR 2-380

Multicast Listener Discovery


multicast router learning method 2-260

multicast router ports, configuring 2-260

multicast router ports, IPv6 2-293

multicast storm control 2-780

multicast VLAN, MVR 2-379

multicast VLAN registration


Multiple Spanning Tree Protocol



and address aliasing 2-380

configuring 2-379

configuring interfaces 2-382

debug messages, display B-28

displaying 2-652

displaying interface information 2-654

members, displaying 2-656

mvr (global configuration) command 2-379

mvr (interface configuration) command 2-382

mvr vlan group command 2-383


native VLANs 2-823

native VLAN tagging 2-852

network-policy (global configuration) command 2-386

network-policy command 2-385

network-policy profile (network-policy configuration) command 2-387

nmsp attachment suppress command 2-390

nmsp command 2-389

no authentication logging verbose 2-391

no dot1x logging verbose 2-392

no mab logging verbose 2-393

nonegotiate, speed 2-769

nonegotiating DTP messaging 2-808

non-IP protocols

denying 2-131

forwarding 2-407

non-IP traffic access lists 2-320

non-IP traffic forwarding

denying 2-131

permitting 2-407

non-stop forwarding 2-394

normal-range VLANs 2-848

nsf command 2-394


online diagnostics


configured boot-up coverage level 2-509

current scheduled tasks 2-509

event logs 2-509

supported test suites 2-509

test ID 2-509

test results 2-509

test statistics 2-509

global configuration mode

clearing health monitoring diagnostic test schedule 2-89

clearing test-based testing schedule 2-136

setting health monitoring diagnostic testing 2-89

setting test-based testing 2-136

setting up health monitoring diagnostic test schedule 2-89

online diagnostics (continued)

global configuration mode

setting up test-based testing 2-136

health monitoring diagnostic tests, configuring 2-134

scheduled switchover

disabling 2-136

enabling 2-136


enabling 2-136

removing 2-136

testing, starting 2-138

test interval, setting 2-136



See EtherChannel

pagp learn-method command 2-395

pagp port-priority command 2-397

password, VTP 2-861

password-recovery mechanism, enabling and disabling 2-452

permit (ARP access-list configuration) command 2-399

permit (IPv6) command 2-401

permit (MAC access-list configuration) command 2-407

per-VLAN spanning-tree plus


physical-port learner 2-395

PID, displaying 2-557

PIM-DVMRP, as multicast router learning method 2-260


configuring the power budget 2-421

configuring the power management mode 2-418

displaying controller register values 2-503

displaying power management information 2-669

logging of status 2-313

police aggregate command 2-412

police command 2-410

policed-DSCP map 2-345

policy-map command 2-414

policy maps

applying to an interface 2-454, 2-461

creating 2-414

displaying 2-664

hierarchical 2-415


displaying 2-637

for a single class 2-410

for multiple classes 2-339, 2-412

policed-DSCP map 2-345

traffic classification

defining the class 2-81

defining trust states 2-839

setting DSCP or IP precedence values 2-459

Port Aggregation Protocol

See EtherChannel

port-based authentication

AAA method list 2-3, 2-846

configuring violation modes 2-179

debug messages, display B-10

enabling IEEE 802.1x

globally 2-140

per interface 2-168

guest VLAN 2-155

host modes 2-158

IEEE 802.1x AAA accounting methods 2-1

initialize an interface 2-160, 2-175

MAC authentication bypass 2-161

manual control of authorization state 2-168

PAE as authenticator 2-167

periodic re-authentication

enabling 2-172

time between attempts 2-176

quiet period between failed authentication exchanges 2-176

re-authenticating IEEE 802.1x-enabled ports 2-170

resetting configurable IEEE 802.1x parameters 2-153

port-based authentication (continued)

switch-to-authentication server retransmission time 2-176

switch-to-client frame-retransmission number 2-163 to 2-165

switch-to-client retransmission time 2-176

test for IEEE 802.1x readiness 2-174

port-channel load-balance command 2-417

Port Fast, for spanning tree 2-761

port ranges, defining 2-120

ports, debugging B-79

ports, protected 2-821

port security

aging 2-815

debug messages, display B-81

enabling 2-810

violation error recovery 2-189

port trust states for QoS 2-371

port types, MVR 2-382

power information, displaying 2-523

power inline command 2-418

power inline consumption command 2-421

Power over Ethernet

See PoE

power rps command (user EXEC) 2-423

priority-queue command 2-425

priority value, stack member 2-684, 2-785

private-vlan command 2-427

private-vlan mapping command 2-430

private VLANs

association 2-819

configuring 2-427

configuring ports 2-806

displaying 2-695

host ports 2-806


configuring 2-819

displaying 2-543

promiscuous ports 2-806

privileged EXEC mode 1-2, 1-3

product identification information, displaying 2-557

promiscuous ports, private VLANs 2-806

protected ports, displaying 2-549


VLANs 2-823


displaying interface information 2-543

enabling 2-861

pruning-eligible VLAN list 2-825






configuring 2-56

debug messages, display B-4

displaying 2-475

auto-QoS trust

configuring 2-53

class maps

creating 2-84

defining the match criteria 2-334

displaying 2-486

defining the CoS value for an incoming packet 2-341

displaying configuration information 2-475, 2-636

DSCP transparency 2-353

DSCP trusted ports

applying DSCP-to-DSCP-mutation map to 2-343

defining DSCP-to-DSCP-mutation map 2-345

QoS (continued)

egress queues

allocating buffers 2-349

defining the CoS output queue threshold map 2-367

defining the DSCP output queue threshold map 2-369

displaying buffer allocations 2-640

displaying CoS output queue threshold map 2-644

displaying DSCP output queue threshold map 2-644

displaying queueing strategy 2-640

displaying queue-set settings 2-647

enabling bandwidth shaping and scheduling 2-773

enabling bandwidth sharing and scheduling 2-775

limiting the maximum output on a port 2-771

mapping a port to a queue-set 2-432

mapping CoS values to a queue and threshold 2-367

mapping DSCP values to a queue and threshold 2-369

setting maximum and reserved memory allocations 2-351

setting WTD thresholds 2-351

enabling 2-337

ingress queues

allocating buffers 2-357

assigning SRR scheduling weights 2-355

defining the CoS input queue threshold map 2-359

defining the DSCP input queue threshold map 2-361

displaying buffer allocations 2-640

displaying CoS input queue threshold map 2-644

displaying DSCP input queue threshold map 2-644

displaying queueing strategy 2-640

displaying settings for 2-638

enabling the priority queue 2-363

QoS (continued)

ingress queues

mapping CoS values to a queue and threshold 2-359

mapping DSCP values to a queue and threshold 2-361

setting WTD thresholds 2-365


defining 2-345, 2-359, 2-361, 2-367, 2-369

displaying 2-644

policy maps

applying an aggregate policer 2-412

applying to an interface 2-454, 2-461

creating 2-414

defining policers 2-339, 2-410

displaying policers 2-637

displaying policy maps 2-664

hierarchical 2-415

policed-DSCP map 2-345

setting DSCP or IP precedence values 2-459

traffic classifications 2-81

trust states 2-839

port trust states 2-371

queues, enabling the expedite 2-425


in-profile and out-of-profile packets 2-640

packets enqueued or dropped 2-640

sent and received CoS values 2-640

sent and received DSCP values 2-640

trusted boundary for IP phones 2-371

VLAN-based 2-373

quality of service

See QoS

querytime, MVR 2-379

queue-set command 2-432


radius-server dead-criteria command 2-433

radius-server host command 2-435

rapid per-VLAN spanning-tree plus


rapid PVST+


rcommand command 2-437

re-authenticating IEEE 802.1x-enabled ports 2-170


periodic 2-172

time between attempts 2-176

receiver ports, MVR 2-382

receiving flow-control packets 2-195

recovery mechanism

causes 2-189

display 2-88, 2-481, 2-527, 2-531

timer interval 2-190

redundancy for cluster switches 2-117

redundant power supply


reload command 2-439

remote command 2-441

remote-span command 2-442

Remote Switched Port Analyzer


rename (boot loader) command A-17

renew ip dhcp snooping database command 2-444

reset (boot loader) command A-18

resource templates, displaying 2-672

restricted VLAN

See dot1x auth-fail vlan

rmdir (boot loader) command A-19

rmon collection stats command 2-447

root guard, for spanning tree 2-735

routed ports

IP addresses on 2-207

number supported 2-207

RPS 2300

configuring 2-423

managing 2-423


configuring 2-374

displaying 2-650

filter RSPAN traffic 2-374

remote-span command 2-442


displaying 2-650


scheduled switchover

disabling 2-136

enabling 2-136

SDM mismatch mode 2-449, 2-685

sdm prefer command 2-448

SDM templates

allowed resources 2-450

and stacking 2-449

displaying 2-672

dual IPv4 and IPv6 2-448

secure ports, limitations 2-812

sending flow-control packets 2-195

service password-recovery command 2-452

service-policy command 2-454

session command 2-457

set (boot loader) command A-20

set command 2-459

setup command 2-461

setup express command 2-464

show access-lists command 2-466

show archive status command 2-469

show arp access-list command 2-470

show authentication command 2-471

show auto qos command 2-475

show boot command 2-479

show cable-diagnostics tdr command 2-481

show cisp command 2-485

show class-map command 2-486

show cluster candidates command 2-489

show cluster command 2-487

show cluster members command 2-491

show controllers cpu-interface command 2-493

show controllers ethernet-controller command 2-495

show controllers power inline command 2-503

show controllers tcam command 2-505

show controller utilization command 2-507

show dot1q-tunnel command 2-512

show dot1x command 2-513

show dtp 2-518

show eap command 2-520

show env command 2-523

show errdisable detect command 2-527

show errdisable flap-values command 2-529

show errdisable recovery command 2-531

show etherchannel command 2-533

show fallback profile command 2-536

show flowcontrol command 2-538

show idprom command 2-540

show interfaces command 2-543

show interfaces counters command 2-554

show inventory command 2-557

show ip arp inspection command 2-558

show ipc command 2-583

show ip dhcp snooping binding command 2-563

show ip dhcp snooping command 2-562

show ip dhcp snooping database command 2-565, 2-567

show ip igmp profile command 2-570

show ip igmp snooping address command 2-592

show ip igmp snooping command 2-571, 2-590

show ip igmp snooping groups command 2-574

show ip igmp snooping mrouter command 2-576, 2-594

show ip igmp snooping querier command 2-578, 2-596

show ip source binding command 2-580

show ipv6 access-list command 2-587

show ipv6 dhcp conflict command 2-589

show ipv6 route updated 2-598

show ip verify source command 2-581

show l2protocol-tunnel command 2-600

show lacp command 2-603

show link state group command 2-611

show lldp command 2-607

show location 2-608

show mac access-group command 2-613

show mac address-table address command 2-617

show mac address-table aging time command 2-619

show mac address-table command 2-615

show mac address-table count command 2-621

show mac address-table dynamic command 2-623

show mac address-table interface command 2-625

show mac address-table learning command 2-627

show mac address-table move update command 2-628

show mac address-table notification command 2-99, 2-630, B-26

show mac address-table static command 2-632

show mac address-table vlan command 2-634

show mls qos aggregate-policer command 2-637

show mls qos command 2-636

show mls qos input-queue command 2-638

show mls qos interface command 2-640

show mls qos maps command 2-644

show mls qos queue-set command 2-647

show mls qos vlan command 2-649

show monitor command 2-650

show mvr command 2-652

show mvr interface command 2-654

show mvr members command 2-656

show network-policy profile command 2-658

show nmsp command 2-659

show pagp command 2-662

show platform acl command C-2

show platform backup interface command C-3

show platform configuration command C-4

show platform etherchannel command C-5

show platform forward command C-6

show platform frontend-controller command C-8

show platform igmp snooping command C-9

show platform ipc trace command C-17

show platform ip multicast command C-11

show platform ip unicast command C-12

show platform ipv6 unicast command C-18

show platform ip wccp command C-16

show platform layer4op command C-20

show platform mac-address-table command C-21

show platform messaging command C-22

show platform monitor command C-23

show platform mvr table command C-24

show platform pm command C-25

show platform port-asic command C-26

show platform port-security command C-31

show platform qos command C-32

show platform resource-manager command C-33

show platform snmp counters command C-35

show platform spanning-tree command C-36

show platform stack manager command C-38

show platform stp-instance command C-37

show platform tb command C-42

show platform tcam command C-44

show platform vlan command C-47

show policy-map command 2-664

show port security command 2-666

show power inline command 2-669

show sdm prefer command 2-672

show setup express command 2-675

show spanning-tree command 2-676

show storm-control command 2-682

show switch command 2-684

show system mtu command 2-689

show trust command 2-839

show udld command 2-690

show version command 2-693

show vlan access-map command 2-700

show vlan command 2-695

show vlan command, fields 2-697

show vlan filter command 2-701

show vmps command 2-702

show vtp command 2-704

shutdown command 2-709

shutdown threshold, Layer 2 protocol tunneling 2-297

shutdown vlan command 2-710

small violation-rate command 2-711

SNMP host, specifying 2-718

SNMP informs, enabling the sending of 2-713

snmp-server enable traps command 2-713

snmp-server host command 2-718

snmp trap mac-notification change command 2-722

SNMP traps

enabling MAC address notification trap 2-722

enabling the MAC address notification feature 2-327

enabling the sending of 2-713


See Cisco SoftPhone

software images

copying 2-8

deleting 2-122

downloading 2-11

upgrading 2-8, 2-11

uploading 2-18

software version, displaying 2-693

source ports, MVR 2-382


configuring 2-374

debug messages, display B-27

displaying 2-650

filter SPAN traffic 2-374


add interfaces to 2-374

displaying 2-650

start new 2-374

spanning-tree backbonefast command 2-724

spanning-tree bpdufilter command 2-725

spanning-tree bpduguard command 2-727

spanning-tree cost command 2-729

spanning-tree etherchannel command 2-731

spanning-tree extend system-id command 2-733

spanning-tree guard command 2-735

spanning-tree link-type command 2-737

spanning-tree loopguard default command 2-739

spanning-tree mode command 2-740

spanning-tree mst configuration command 2-742

spanning-tree mst cost command 2-744

spanning-tree mst forward-time command 2-746

spanning-tree mst hello-time command 2-747

spanning-tree mst max-age command 2-748

spanning-tree mst max-hops command 2-749

spanning-tree mst port-priority command 2-751

spanning-tree mst pre-standard command 2-753

spanning-tree mst priority command 2-754

spanning-tree mst root command 2-755

spanning-tree portfast (global configuration) command 2-759

spanning-tree portfast (interface configuration) command 2-761

spanning-tree port-priority command 2-757

Spanning Tree Protocol


spanning-tree transmit hold-count command 2-763

spanning-tree uplinkfast command 2-764

spanning-tree vlan command 2-766

speed command 2-769

srr-queue bandwidth limit command 2-771

srr-queue bandwidth share command 2-775

SSH, configuring version 2-267

stack-mac persistent timer command 2-777

stack member

access 2-457

number 2-684, 2-788

priority value 2-785

provisioning 2-786

reloading 2-439

stacks, switch

disabling a member 2-783

enabling a member 2-783

MAC address 2-777

provisioning a new member 2-786

reloading 2-439

stack member access 2-457

stack member number 2-684, 2-788

stack member priority value 2-684, 2-785

static-access ports, configuring 2-792

statistics, Ethernet group 2-447

sticky learning, enabling 2-810

storm-control command 2-780


BackboneFast 2-724

counters, clearing 2-104

debug messages, display

BackboneFast events B-85


optimized BPDUs handling B-87

spanning-tree activity B-83

switch shim B-90

transmitted and received BPDUs B-86

UplinkFast B-92

detection of indirect link failures 2-724

enabling protocol tunneling for 2-297

EtherChannel misconfiguration 2-731

extended system ID 2-733

path cost 2-729

protocol modes 2-740

root port

accelerating choice of new 2-764

loop guard 2-735

preventing from becoming designated 2-735

restricting which can be root 2-735

root guard 2-735

UplinkFast 2-764

STP (continued)

root switch

affects of extended system ID 2-733, 2-767

hello-time 2-766

interval between BDPU messages 2-766

interval between hello BPDU messages 2-766

max-age 2-766

port priority for selection of 2-757

primary or secondary 2-766

switch priority 2-766

state changes

blocking to forwarding state 2-761

enabling BPDU filtering 2-725, 2-759

enabling BPDU guard 2-727, 2-759

enabling Port Fast 2-759, 2-761

enabling timer to recover from error state 2-189

forward-delay time 2-766

length of listening and learning states 2-766

shutting down Port Fast-enabled ports 2-759

state information display 2-676

VLAN options 2-754, 2-766

SVIs, creating 2-201

SVI status calculation 2-794

Switched Port Analyzer


switching characteristics

modifying 2-790

returning to interfaces 2-790

switchport access command 2-792

switchport autostate exclude command 2-794

switchport backup interface command 2-796

switchport block command 2-800

switchport command 2-790

switchport host command 2-802

switchport mode command 2-803

switchport mode private-vlan command 2-806

switchport nonegotiate command 2-808

switchport port-security aging command 2-815

switchport port-security command 2-810

switchport priority extend command 2-817

switchport private-vlan command 2-819

switchport protected command 2-821

switchports, displaying 2-543

switchport trunk command 2-823

switchport voice vlan command 2-826, 2-827

switch priority command 2-783, 2-785

switch provision command 2-786

switch renumber command 2-788

system env temperature threshold yellow command 2-829

system message logging 2-313

system message logging, save message to flash 2-314

system mtu command 2-831

system resource templates 2-448


tar files, creating, listing, and extracting 2-15

TDR, running 2-833

Telnet, using to communicate to cluster switches 2-437

temperature information, displaying 2-523

templates, system resources 2-448

test cable-diagnostics tdr command 2-833

traceroute mac command 2-834

traceroute mac ip command 2-837

trunking, VLAN mode 2-803

trunk mode 2-803

trunk ports 2-803

trunks, to non-DTP device 2-804

trusted boundary for QoS 2-371

trusted port states for QoS 2-371

tunnel ports, Layer 2 protocol, displaying 2-600

type (boot loader) command A-23



aggressive mode 2-841, 2-843

debug messages, display B-100

enable globally 2-841

enable per interface 2-843

error recovery timer 2-189

message timer 2-841

normal mode 2-841, 2-843

reset a shutdown interface 2-845

status 2-690

udld command 2-841

udld port command 2-843

udld reset command 2-845

unicast storm control 2-780

UniDirectional Link Detection


unknown multicast traffic, preventing 2-800

unknown unicast traffic, preventing 2-800

unset (boot loader) command A-24


software images

copying 2-8

downloading 2-11

monitoring status of 2-469

UplinkFast, for STP 2-764

user EXEC mode 1-2, 1-3


version (boot loader) command A-26

version mismatch mode 2-685, C-39

vlan access-map command 2-849

VLAN access map configuration mode 2-849

VLAN access maps

actions 2-6

displaying 2-700

VLAN-based QoS 2-373

VLAN configuration mode


VLAN 2-848

VTP 2-866

description 1-4

entering 2-851

summary 1-3

vlan dot1q tag native command 2-852

vlan filter command 2-853

VLAN filters, displaying 2-701

VLAN maps

applying 2-853

creating 2-849

defining 2-332

displaying 2-700

VLAN Query Protocol



configuring 2-848

debug messages, display

ISL B-96

VLAN IOS file system error tests B-95

VLAN manager activity B-93

VTP B-98

displaying configurations 2-695

enabling guest VLAN supplicant 2-143, 2-154, 2-194

MAC addresses

displaying 2-634

number of 2-621

normal-range 2-848

private 2-806

configuring 2-427

displaying 2-695

See also private VLANs

restarting 2-710

shutting down 2-710

SNMP traps for VTP 2-716, 2-719

suspending 2-710

VLAN Trunking Protocol


VM mode 2-685, C-39


configuring servers 2-858

displaying 2-702

error recovery timer 2-190

reconfirming dynamic VLAN assignments 2-855

vmps reconfirm (global configuration) command 2-856

vmps reconfirm (privileged EXEC) command 2-855

vmps retry command 2-857

vmps server command 2-858

voice VLAN

configuring 2-826, 2-827

setting port priority 2-817


and dynamic-access ports 2-793

clearing client statistics 2-106

displaying information 2-702

per-server retry count 2-857

reconfirmation interval 2-856

reconfirming dynamic VLAN assignments 2-855


changing characteristics 2-860

clearing pruning counters 2-107


domain name 2-860

file name 2-860

mode 2-860

password 2-861

counters display fields 2-705

displaying information 2-704


pruning 2-861

tunneling for 2-297

Version 2 2-861

enabling per port 2-865

mode 2-860

pruning 2-861

VTP (continued)

statistics 2-704

status 2-704

status display fields 2-707

vtp (global configuration) command 2-860

vtp interface configuration) command 2-865

vtp primary command 2-867


wireless controller, accessing 2-457

wireless controller switch. B-103


XENPAK module serial EERPOM information 2-499, 2-540