Catalyst 3750-X and 3560-X Switch Command Reference, Release 12.2(53)SE2
Downloads: This chapterpdf (PDF - 880.0 KB) The complete bookPDF (PDF - 25.07 MB) | Feedback


Table Of Contents

A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - Q - R - S - T - U - V -



aaa accounting dot1x command 2-1

aaa authentication dot1x command 2-3

aaa authorization network command 2-5, 2-24, 2-31, 2-33, 2-36, 2-38, 2-40, 2-149, 2-317, 2-530, B-7, B-39

AAA methods 2-3

access control entries

See ACEs

access control lists

See ACLs

access groups

IP 2-200

MAC, displaying 2-670

access list, IPv6 2-271

access map configuration mode 2-357

access mode 2-888

access ports 2-888

ACEs 2-133, 2-442


deny 2-131

displaying 2-511

for non-IP protocols 2-321

IP 2-200

matching 2-357

on Layer 2 interfaces 2-200

permit 2-440

action command 2-6

address aliasing 2-415

aggregate-port learner 2-428

allowed VLANs 2-908

archive copy-sw command 2-8

archive download-sw command 2-11

archive tar command 2-15

archive upload-sw command 2-18

arp (boot loader) command A-2

arp access-list command 2-20

audience xxi

authentication command bounce-port ignore 2-22

authentication command disable-port ignore 2-23

authentication control-direction command 2-24

authentication event command 2-26

authentication event linksec fail action command 2-30

authentication failed VLAN

See dot1x auth-fail vlan

authentication fallback command 2-31

authentication host-mode command 2-33

authentication linksec policy command 2-35

authentication mac-move permit command 2-36

authentication open command 2-38

authentication order command 2-40

authentication periodic command 2-42

authentication port-control command 2-44

authentication priority command 2-46

authentication timer command 2-48

authentication violation command 2-50

auth-fail max-attempts

See dot1x auth-fail max-attempts

auth-fail vlan

See dot1x auth-fail vlan

auth open command 2-38

auth order command 2-40

authorization state of controlled port 2-166

auth timer command 2-48

autonegotiation of duplex mode 2-178

auto qos voip command 2-52

Auto Smartports macros and LLDP 2-347


BackboneFast, for STP 2-808

backup interfaces

configuring 2-882

displaying 2-593

boot (boot loader) command A-3

boot auto-copy-sw command 2-57

boot auto-download-sw command 2-58

boot config-file command 2-60

boot enable-break command 2-61

boot helper command 2-62

boot helper-config file command 2-63


Cisco IOS image 2-66

displaying environment variables 2-524

interrupting 2-61

manually 2-64

boot loader

accessing A-1


Cisco IOS image A-3

helper image 2-62


creating A-19

displaying a list of A-8

removing A-23


available commands A-13

memory heap utilization A-14

version A-30

environment variables

described A-24

displaying settings A-24

location of A-25

setting A-24

unsetting A-28


copying A-6

deleting A-7

displaying a list of A-8

displaying the contents of A-5, A-20, A-27

renaming A-21

file system

formatting A-11

initializing flash A-10

running a consistency check A-12

prompt A-1

resetting the system A-22

boot manual command 2-64

boot private-config-file command 2-65

boot system command 2-66

BPDU filtering, for spanning tree 2-809, 2-843

BPDU guard, for spanning tree 2-811, 2-843

broadcast storm control 2-866


candidate switches

See clusters

cat (boot loader) command A-5

caution, description xxii

CDP, enabling protocol tunneling for 2-298

channel-group command 2-70

channel-protocol command 2-74

Cisco Network Assistant

See Network Assistant

Cisco Redundant Power System 2300

configuring 2-464

managing 2-464

Cisco SoftPhone

auto-QoS configuration 2-52

trusting packets sent from 2-404


See Client Information Signalling Protocol


debug platform cisp command B-39

cisp enable command 2-75

class command 2-76

class-map command 2-78

class maps

creating 2-78

defining the match criteria 2-359

displaying 2-531

class of service

See CoS

clear dot1x command 2-80

clear eap sessions command 2-81

clear errdisable interface 2-82

clear ip arp inspection log command 2-83

clear ip arp inspection statistics command 2-84

clear ipc command 2-87

clear ip dhcp snooping database command 2-85

clear ipv6 dhcp conflict command 2-88

clear l2protocol-tunnel counters command 2-89

clear lacp command 2-90

clear logging onboard command 2-91

clear mac address-table command 2-92, 2-93

clear macsec counters interface command 2-94

clear mka command 2-95

clear nmsp statistics command 2-97

clear pagp command 2-98

clear port-security command 2-99

clear spanning-tree counters command 2-101

clear spanning-tree detected-protocols command 2-102

clear vmps statistics command 2-103

clear vtp counters command 2-104

Client Information Signalling Protocol 2-75, 2-149, 2-530, B-7, B-39

cluster commander-address command 2-105

cluster discovery hop-count command 2-107

cluster enable command 2-108

cluster holdtime command 2-110

cluster member command 2-111

cluster outside-interface command 2-113

cluster requirements xxii

cluster run command 2-114


adding candidates 2-111

binding to HSRP group 2-115

building manually 2-111

communicating with

devices outside the cluster 2-113

members by using Telnet 2-479

debug messages, display B-8


candidate switches 2-534

debug messages B-8

member switches 2-536

status 2-532

hop-count limit for extended discovery 2-107

HSRP standby groups 2-115

redundancy 2-115

SNMP trap 2-797

cluster standby-group command 2-115

cluster timer command 2-117

command modes defined 1-2

command switch

See clusters

confidentiality-offset command 2-120

configuration, initial

See getting started guide and hardware installation guide

configuration files

password recovery disable considerations A-1

specifying the name 2-60, 2-65

configuring multiple interfaces 2-196

config-vlan mode

commands 2-934


command xxi

for examples xxii

publication xxi

text xxi

copy (boot loader) command A-6

copy logging onboard command 2-118


assigning default value to incoming packets 2-374

assigning to Layer 2 protocol packets 2-301

overriding the incoming value 2-374

CoS-to-DSCP map 2-378

CPU ASIC statistics, displaying 2-538

crashinfo files 2-187

critical VLAN 2-27


debug authentication B-2

debug auto qos command B-4

debug backup command B-6

debug cisp command B-7

debug cluster command B-8

debug dot1x command B-10

debug dtp command B-11

debug eap command B-12

debug etherchannel command B-13

debug fastethernet command B-14

debug ilpower command B-15

debug interface command B-16

debug ip dhcp snooping command B-17

debug ip igmp filter command B-19

debug ip igmp max-groups command B-20

debug ip igmp snooping command B-21

debug ip verify source packet command B-18

debug lacp command B-22

debug lldp packets command B-23

debug mac-notification command B-24

debug macro command B-25

debug macsec command B-26

debug matm command B-27

debug matm move update command B-28

debug mka command B-29

debug monitor command B-31

debug mvrdbg command B-32

debug nmsp command B-33

debug nvram command B-34

debug pagp command B-35

debug platform acl command B-36

debug platform backup interface command B-38

debug platform cisp command B-39

debug platform cli-redirection main command B-40

debug platform configuration command B-41, B-49

debug platform cpu-queues command B-42

debug platform device-manager command B-44

debug platform dot1x command B-45

debug platform etherchannel command B-46

debug platform fallback-bridging command B-47

debug platform forw-tcam command B-48

debug platform ip arp inspection command B-50

debug platform ipc command B-59

debug platform ip dhcp command B-51

debug platform ip igmp snooping command B-52

debug platform ip multicast command B-54

debug platform ip unicast command B-56

debug platform ip wccp command B-58

debug platform led command B-60

debug platform matm command B-61

debug platform messaging application command B-62

debug platform phy command B-63

debug platform pm command B-65

debug platform port-asic command B-67

debug platform port-security command B-68

debug platform qos-acl-tcam command B-69

debug platform remote-commands command B-70

debug platform resource-manager command B-71

debug platform snmp command B-72

debug platform span command B-73

debug platform stack-manager command B-74

debug platform supervisor-asic command B-75

debug platform sw-bridge command B-76

debug platform tcam command B-77

debug platform udld command B-80

debug platform vlan command B-81

debug pm command B-82

debug port-security command B-84

debug qos-manager command B-85

debug spanning-tree backbonefast command B-88

debug spanning-tree bpdu command B-89

debug spanning-tree bpdu-opt command B-90

debug spanning-tree command B-86

debug spanning-tree mstp command B-91

debug spanning-tree switch command B-93

debug spanning-tree uplinkfast command B-95

debug sw-vlan command B-96

debug sw-vlan ifs command B-98

debug sw-vlan notification command B-99

debug sw-vlan vtp command B-101

debug udld command B-103

debug vqpc command B-105

default policy, MKA 2-365

define interface-range command 2-121

delete (boot loader) command A-7

delete command 2-123

deny (ARP access-list configuration) command 2-124

deny (IPv6) command 2-126

deny command 2-131

detect mechanism, causes 2-179

device manager requirements xxii

DHCP snooping

accepting untrusted packets from edge switch 2-229


on a VLAN 2-235

option 82 2-227, 2-229

trust on an interface 2-233

error recovery timer 2-183

rate limiting 2-232

DHCP snooping binding database

binding file, configuring 2-225


adding 2-223

deleting 2-223

displaying 2-615

clearing database agent statistics 2-85

database agent, configuring 2-225


binding entries 2-615

database agent status 2-617, 2-619

renewing 2-487

Digital Optical Monitoring

see DoM

dir (boot loader) command A-8

directories, deleting 2-123

documentation, related xxii

document conventions xxi


displaying supported transceivers 2-606

domain name, VTP 2-949

dot1x auth-fail max-attempts 2-143

dot1x auth-fail vlan 2-145

dot1x command 2-141

dot1x control-direction command 2-147

dot1x credentials (global configuration) command 2-149

dot1x critical global configuration command 2-150

dot1x critical interface configuration command 2-152

dot1x default command 2-154

dot1x fallback command 2-155

dot1x guest-vlan command 2-156

dot1x host-mode command 2-158

dot1x initialize command 2-159

dot1x mac-auth-bypass command 2-160

dot1x max-reauth-req command 2-162

dot1x max-req command 2-164

dot1x pae command 2-165

dot1x port-control command 2-166

dot1x re-authenticate command 2-168

dot1x reauthentication command 2-169

dot1x supplicant force-multicast command 2-170

dot1x test eapol-capable command 2-171

dot1x test timeout command 2-172

dot1x timeout command 2-173

dot1x violation-mode command 2-176

dropping packets, with ACL matches 2-6

drop threshold, Layer 2 protocol tunneling 2-298

DSCP-to-CoS map 2-378

DSCP-to-DSCP-mutation map 2-378

DTP 2-889

DTP flap

error detection for 2-179

error recovery timer 2-183

DTP negotiation 2-893

dual IPv4 and IPv6 templates 2-434

duplex command 2-177

dynamic-access ports

configuring 2-878

restrictions 2-879

dynamic ARP inspection


apply to a VLAN 2-208

define 2-20

deny packets 2-124

display 2-515

permit packets 2-432


log buffer 2-83

statistics 2-84


ARP ACLs 2-515

configuration and operating state 2-610

log buffer 2-610

statistics 2-610

trust state and rate limit 2-610

enable per VLAN 2-218

error detection for 2-179

error recovery timer 2-183

log buffer

clear 2-83

configure 2-212

display 2-610

rate-limit incoming ARP packets 2-210


clear 2-84

display 2-610

trusted interface state 2-214

type of packet logged 2-219

validation checks 2-216

dynamic auto VLAN membership mode 2-888

dynamic desirable VLAN membership mode 2-888

Dynamic Host Configuration Protocol (DHCP)

See DHCP snooping

Dynamic Trunking Protocol



EAP-request/identity frame

maximum number to send 2-164

response time before retransmitting 2-173

encapsulation methods 2-908

environment variables, displaying 2-524

errdisable detect cause command 2-179

errdisable detect cause small-frame command 2-181

errdisable recovery cause small-frame 2-186

errdisable recovery command 2-183

error conditions, displaying 2-580

error disable detection 2-179

error-disabled interfaces, displaying 2-592


assigning Ethernet interface to channel group 2-70

creating port-channel logical interface 2-194

debug EtherChannel/PAgP, display B-13

debug platform-specific events, display B-46

displaying 2-583

enabling Layer 2 protocol tunneling for

LACP 2-299

PAgP 2-299

UDLD 2-299

interface information, displaying 2-592


clearing channel-group information 2-90, 2-91

debug messages, display B-22

displaying 2-656

modes 2-70

port priority for hot-standby ports 2-302

restricting a protocol 2-74

system priority 2-304

load-distribution methods 2-450


aggregate-port learner 2-428

clearing channel-group information 2-98

debug messages, display B-35

displaying 2-736

error detection for 2-179

error recovery timer 2-183

learn method 2-428

modes 2-70

physical-port learner 2-428

priority of interface for transmitted traffic 2-430

Ethernet controller, internal register display 2-540, 2-547

Ethernet Management port, debugging B-14

Ethernet statistics, collecting 2-491

examples, conventions for xxii

exception crashinfo command 2-187, 2-192

extended discovery of candidate switches 2-107

extended-range VLANs

and allowed VLAN list 2-908

and pruning-eligible list 2-908

configuring 2-933

extended system ID for STP 2-817


fallback profile command 2-188

fallback profiles, displaying 2-586

fan information, displaying 2-575

file name, VTP 2-949

files, deleting 2-123

flash_init (boot loader) command A-10

flexible authentication ordering 2-40

Flex Links

configuring 2-882

displaying 2-593

flow-based SPAN 2-409

flowcontrol command 2-190

format (boot loader) command A-11

forwarding packets, with ACL matches 2-6

forwarding results, display C-7

frame forwarding information, displaying C-7

front-end controller counter and status information C-9

fsck (boot loader) command A-12

FSPAN 2-409


global configuration mode 1-2, 1-4


hardware ACL statistics 2-511

health monitoring diagnostic tests 2-134

help (boot loader) command A-13

hierarchical policy maps 2-448

hop-count limit for clusters 2-107

host connection, port configuration 2-887

host ports, private VLANs 2-891

Hot Standby Router Protocol



binding HSRP group to cluster 2-115

standby group 2-115


IEEE 802.1Q trunk ports and native VLANs 2-940

IEEE 802.1Q tunnel ports

configuring 2-888

displaying 2-564

limitations 2-889

IEEE 802.1x

and switchport modes 2-889

violation error recovery 2-183

See also port-based authentication

IGMP filters

applying 2-238

debug messages, display B-19

IGMP groups, setting maximum 2-240

IGMP maximum groups, debugging B-20

IGMP profiles

creating 2-242

displaying 2-622

IGMP snooping

adding ports as a static member of a group 2-258

displaying 2-623, 2-628, 2-630

enabling 2-244

enabling the configurable-leave timer 2-246

enabling the Immediate-Leave feature 2-255

flooding query count 2-252

interface topology change notification behavior 2-254

multicast table 2-626

querier 2-248

query solicitation 2-252

report suppression 2-250

switch topology change notification behavior 2-252


See software images

Immediate-Leave processing

IGMP 2-255

IPv6 2-294

MVR 2-417

initial configuration

See getting started guide and hardware installation guide

interface configuration mode 1-2, 1-4

interface port-channel command 2-194

interface range command 2-196

interface-range macros 2-121


assigning Ethernet interface to channel group 2-70

configuring 2-177

configuring multiple 2-196

creating port-channel logical 2-194

debug messages, display B-16

disabling 2-793

displaying the MAC address table 2-681

restarting 2-793

interface speed, configuring 2-854

interface vlan command 2-198

internal power supplies

See power supplies

internal registers, displaying 2-540, 2-547, 2-555

Internet Group Management Protocol


invalid GBIC

error detection for 2-179

error recovery timer 2-183

ip access-group command 2-200

ip address command 2-203

IP addresses, setting 2-203

IP address matching 2-357

ip admission command 2-205

ip admission name proxy http command 2-206

ip arp inspection filter vlan command 2-208

ip arp inspection limit command 2-210

ip arp inspection log-buffer command 2-212

ip arp inspection trust command 2-214

ip arp inspection validate command 2-216

ip arp inspection vlan command 2-218

ip arp inspection vlan logging command 2-219

IP DHCP snooping

See DHCP snooping

ip dhcp snooping binding command 2-223

ip dhcp snooping command 2-222

ip dhcp snooping database command 2-225

ip dhcp snooping information option allow-untrusted command 2-229

ip dhcp snooping information option command 2-227

ip dhcp snooping information option format remote-id command 2-231

ip dhcp snooping limit rate command 2-232

ip dhcp snooping trust command 2-233

ip dhcp snooping verify command 2-234

ip dhcp snooping vlan command 2-235

ip dhcp snooping vlan information option format-type circuit-id string command 2-236

ip igmp filter command 2-238

ip igmp max-groups command 2-240, 2-265, 2-267

ip igmp profile command 2-242

ip igmp snooping command 2-244

ip igmp snooping last-member-query-interval command 2-246

ip igmp snooping querier command 2-248

ip igmp snooping report-suppression command 2-250

ip igmp snooping tcn command 2-252

ip igmp snooping tcn flood command 2-254

ip igmp snooping vlan immediate-leave command 2-255

ip igmp snooping vlan mrouter command 2-256

ip igmp snooping vlan static command 2-258

IP multicast addresses 2-414

IP phones

auto-QoS configuration 2-52

trusting packets sent from 2-404

IP-precedence-to-DSCP map 2-378

ip snap forwarding command 2-260

ip source binding command 2-261

IP source guard

disabling 2-269


binding entries 2-632

configuration 2-634

dynamic binding entries only 2-615

enabling 2-269

static IP source bindings 2-261

ip ssh command 2-263

IPv4 and IPv6

port-based trust 2-405

IPv6 access list, deny conditions 2-126

ipv6 access-list command 2-271

ipv6 address dhcp command 2-274

ipv6 dhcp client request vendor command 2-275

ipv6 dhcp ping packets command 2-276

ipv6 dhcp pool command 2-278

ipv6 dhcp server command 2-281

ipv6 mld snooping command 2-283

ipv6 mld snooping last-listener-query count command 2-285

ipv6 mld snooping last-listener-query-interval command 2-287

ipv6 mld snooping listener-message-suppression command 2-289

ipv6 mld snooping robustness-variable command 2-290

ipv6 mld snooping tcn command 2-292

ipv6 mld snooping vlan command 2-294

IPv6 QoS

enabling 2-370

IPv6 SDM template 2-492

ipv6 traffic-filter command 2-296

ip verify source command 2-269


jumbo frames



l2protocol-tunnel command 2-298

l2protocol-tunnel cos command 2-301


See EtherChannel

lacp port-priority command 2-302

lacp system-priority command 2-304

Layer 2 mode, enabling 2-876

Layer 2 protocol ports, displaying 2-653

Layer 2 protocol-tunnel

error detection for 2-179

error recovery timer 2-183

Layer 2 protocol tunnel counters 2-89

Layer 2 protocol tunneling error recovery 2-299

Layer 2 traceroute

IP addresses 2-923

MAC addresses 2-920

Layer 3 mode, enabling 2-876

line configuration mode 1-3, 1-5

Link Aggregation Control Protocol

See EtherChannel

link flap

error detection for 2-179

error recovery timer 2-183

link-security authentication 2-30

link-security policies 2-35

link state group command 2-306

link state track command 2-308

load-distribution methods for EtherChannel 2-450

location (global configuration) command 2-309

location (interface configuration) command 2-311

logging event command 2-313

logging event power-inline-status command 2-314

logging file command 2-315

logical interface 2-194

loopback error

detection for 2-179

recovery timer 2-183

loop guard, for spanning tree 2-819, 2-823


mab request format attribute 32 command 2-317

mac access-group command 2-319

MAC access-groups, displaying 2-670

MAC access list configuration mode 2-321

mac access-list extended command 2-321

MAC access lists 2-131

MAC addresses

disabling MAC address learning per VLAN 2-324


aging time 2-675

all 2-673

dynamic 2-679

MAC address-table move updates 2-684

notification settings 2-683, 2-686

number of addresses in a VLAN 2-677

per interface 2-681

per VLAN 2-690

static 2-688

static and dynamic entries 2-671


aging time 2-323

deleting 2-92

displaying 2-679

enabling MAC address notification 2-328

enabling MAC address-table move update 2-326

matching 2-357

persistent stack 2-862


adding and removing 2-330

displaying 2-688

dropping on an interface 2-331

tables 2-673

MAC address notification, debugging B-24

mac address-table aging-time 2-319, 2-357

mac address-table aging-time command 2-323

mac address-table learning command 2-324

mac address-table move update command 2-326

mac address-table notification command 2-328

mac address-table static command 2-330

mac address-table static drop command 2-331

MAC frames


macro apply command 2-334

macro auto device command 2-337

macro auto execute command 2-339

macro auto file command 2-345

macro auto global processing command 2-347

macro auto mac-address-group command 2-349

macro auto sticky command 2-351

macro description command 2-352

macro global command 2-353

macro global description command 2-356


adding a description 2-352

adding a global description 2-356

applying 2-353

displaying 2-738

interface range 2-121, 2-196

specifying parameter values 2-353

tracing 2-353


counters 2-94, 2-550

debugging B-26

displaying 2-694

enabling 2-333

registers 2-550

macsec command 2-333


audience xxi

purpose of xxi



defining 2-378

displaying 2-718


creating 2-938

defining 2-357

displaying 2-784

match (access-map configuration) command 2-357

match (class-map configuration) command 2-359

maximum transmission unit


mdix auto command 2-362

Media Access Control Security

See MACsec.

media-type rj45 command 2-364

member switches

See clusters

memory (boot loader) command A-14

mgmt_clr (boot loader) command A-16

mgmt_init (boot loader) command A-17, A-18


confidentiality 2-120

debugging B-29

displaying default policy 2-696

displaying policies 2-698

displaying sessions 2-701

displaying sessions and statistics 2-707

displaying statistics 2-704

policy configuration mode 2-366

MKA, enabling 2-368

mka default policy command 2-365

mka policy global configuration command 2-366

mka policy interface configuration command 2-368

mkdir (boot loader) command A-19

MLD snooping

configuring 2-289, 2-290

configuring queries 2-285, 2-287

configuring topology change notification 2-292

displaying 2-643, 2-645, 2-647, 2-649

enabling 2-283

enabling on a VLAN 2-294

mls qos aggregate-policer command 2-372

mls qos command 2-370

mls qos cos command 2-374

mls qos dscp-mutation command 2-376

mls qos map command 2-378

mls qos queue-set output buffers command 2-382

mls qos queue-set output threshold command 2-384

mls qos rewrite ip dscp command 2-386

mls qos srr-queue input bandwidth command 2-388

mls qos srr-queue input buffers command 2-390

mls qos-srr-queue input cos-map command 2-392

mls qos srr-queue input dscp-map command 2-394

mls qos srr-queue input priority-queue command 2-396

mls qos srr-queue input threshold command 2-398

mls qos-srr-queue output cos-map command 2-400

mls qos srr-queue output dscp-map command 2-402

mls qos trust command 2-404

mls qos vlan-based command 2-406

mode, MVR 2-414

Mode button, and password recovery 2-496

mode command 2-407

modes, commands 1-2

monitor session command 2-409

more (boot loader) command A-20


displaying 2-759

interoperability 2-102

link type 2-821

MST region

aborting changes 2-827

applying changes 2-827

configuration name 2-827

configuration revision number 2-827

current or pending display 2-827

displaying 2-759

MST configuration mode 2-827

VLANs-to-instance mapping 2-827

path cost 2-829

protocol mode 2-825

restart protocol migration process 2-102

root port

loop guard 2-819

preventing from becoming designated 2-819

restricting which can be root 2-819

root guard 2-819

root switch

affects of extended system ID 2-817

hello-time 2-832, 2-839

interval between BDPU messages 2-833

interval between hello BPDU messages 2-832, 2-839

max-age 2-833

maximum hop count before discarding BPDU 2-834

port priority for selection of 2-835

primary or secondary 2-839

switch priority 2-838

state changes

blocking to forwarding state 2-846

enabling BPDU filtering 2-809, 2-843

enabling BPDU guard 2-811, 2-843

enabling Port Fast 2-843, 2-846

forward-delay time 2-831

length of listening and learning states 2-831

rapid transition to forwarding 2-821

shutting down Port Fast-enabled ports 2-843

state information display 2-758


configuring size 2-916

displaying global setting 2-773

MAC 2-917

system jumbo 2-917

system routing 2-917

Multicase Listener Discovery


multicast group address, MVR 2-417

multicast groups, MVR 2-415

Multicast Listener Discovery


multicast router learning method 2-256

multicast router ports, configuring 2-256

multicast router ports, IPv6 2-294

multicast storm control 2-866

multicast VLAN, MVR 2-414

multicast VLAN registration


multiple hosts on authorized port 2-158

Multiple Spanning Tree Protocol



and address aliasing 2-415

configuring 2-414

configuring interfaces 2-417

debug messages, display B-32

displaying 2-726

displaying interface information 2-728

members, displaying 2-730

mvr (global configuration) command 2-414

mvr (interface configuration) command 2-417

mvr vlan group command 2-418


native VLANs 2-908

native VLAN tagging 2-940

Network Assistant requirements xxii

network-policy (global configuration) command 2-421

network-policy command 2-420

network-policy profile (network-policy configuration) command 2-422

nmsp attachment suppress command 2-425

nmsp command 2-424


DTP messaging 2-893

speed 2-854

non-IP protocols

denying 2-131

forwarding 2-440

non-IP traffic access lists 2-321

non-IP traffic forwarding

denying 2-131

permitting 2-440

non-stop forwarding 2-426

normal-range VLANs 2-933

note, description xxii

no vlan command 2-933

nsf command 2-426


online diagnostics

configuring health monitoring diagnostic tests 2-134


configured boot-up coverage level 2-559

current scheduled tasks 2-559

event logs 2-559

supported test suites 2-559

test ID 2-559

test results 2-559

test statistics 2-559


scheduling 2-136

syslog messages 2-134

global configuration mode

clearing health monitoring diagnostic test schedule 2-134

clearing test-based testing schedule 2-136

setting health monitoring diagnostic testing 2-134

setting test-based testing 2-136

setting up health monitoring diagnostic test schedule 2-134

setting up test-based testing 2-136

removing scheduling 2-136

scheduled switchover

disabling 2-136

enabling 2-136

setting test interval 2-136

specifying health monitoring diagnostic tests 2-134

starting testing 2-138



See EtherChannel

pagp learn-method command 2-428

pagp port-priority command 2-430

password, VTP 2-950

password-recovery mechanism, enabling and disabling 2-496

permit (ARP access-list configuration) command 2-432

permit (IPv6) command 2-434

permit (MAC access-list configuration) command 2-440

per-VLAN spanning-tree plus


physical-port learner 2-428

PID, displaying 2-609

PIM-DVMRP, as multicast router learning method 2-256


configuring the power budget 2-455

configuring the power management mode 2-452

displaying controller register values 2-553

displaying power management information 2-745

error detection for 2-179

error recovery timer 2-183

logging of status 2-314

monitoring power 2-458

policing power consumption 2-458

police aggregate command 2-445

police command 2-443

policed-DSCP map 2-378

policy-map command 2-447

policy maps

applying to an interface 2-498, 2-504

creating 2-447

displaying 2-741

hierarchical 2-448


displaying 2-711

for a single class 2-443

for multiple classes 2-372, 2-445

policed-DSCP map 2-378

traffic classification

defining the class 2-76

defining trust states 2-925

setting DSCP or IP precedence values 2-502

Port Aggregation Protocol

See EtherChannel

port-based authentication

AAA method list 2-3

configuring violation modes 2-176

debug messages, display B-10

enabling guest VLAN supplicant 2-144, 2-155

enabling IEEE 802.1x

globally 2-141

per interface 2-166

guest VLAN 2-156

host modes 2-158

IEEE 802.1x AAA accounting methods 2-1

initialize an interface 2-159, 2-172

MAC authentication bypass 2-160

manual control of authorization state 2-166

multiple hosts on authorized port 2-158

PAE as authenticator 2-165

periodic re-authentication

enabling 2-169

time between attempts 2-173

quiet period between failed authentication exchanges 2-173

re-authenticating IEEE 802.1x-enabled ports 2-168

resetting configurable IEEE 802.1x parameters 2-154

switch-to-authentication server retransmission time 2-173

switch-to-client frame-retransmission number2-162to 2-164

switch-to-client retransmission time 2-173

test for IEEE 802.1x readiness 2-171

port-based trust

IPv4 and IPv6 2-405

port-channel load-balance command 2-450

Port Fast, for spanning tree 2-846

port ranges, defining 2-118, 2-121

ports, debugging B-82

ports, protected 2-906

port security

aging 2-900

debug messages, display B-84

enabling 2-895

violation error recovery 2-183

port trust states for QoS 2-404

port types, MVR 2-417

power information, displaying 2-575

power inline command 2-452

power inline consumption command 2-455

power inline police command 2-458

Power over Ethernet

See PoE

power-priority command 2-461

power rps command (user EXEC) 2-463

power supply

configuring 2-465

managing 2-465

power supply command 2-465

priority-queue command 2-467

priority value, stack member 2-768, 2-871

private-vlan command 2-469

private-vlan mapping command 2-472

private VLANs

association 2-904

configuring 2-469

configuring ports 2-891

displaying 2-779

host ports 2-891


configuring 2-904

displaying 2-592

promiscuous ports 2-891

privileged EXEC mode 1-2, 1-3

product identification information, displaying 2-609

promiscuous ports, private VLANs 2-891

protected ports, displaying 2-598


VLANs 2-908


enabling 2-950

pruning-eligible VLAN list 2-910






configuring 2-52

debug messages, display B-4

displaying 2-520

class maps

creating 2-78

defining the match criteria 2-359

displaying 2-531

defining the CoS value for an incoming packet 2-374

displaying configuration information 2-520, 2-710

DSCP transparency 2-386

DSCP trusted ports

applying DSCP-to-DSCP-mutation map to 2-376

defining DSCP-to-DSCP-mutation map 2-378

egress queues

allocating buffers 2-382

defining the CoS output queue threshold map 2-400

defining the DSCP output queue threshold map 2-402

displaying buffer allocations 2-714

displaying CoS output queue threshold map 2-718

displaying DSCP output queue threshold map 2-718

displaying queueing strategy 2-714

displaying queue-set settings 2-721

enabling bandwidth shaping and scheduling 2-858

enabling bandwidth sharing and scheduling 2-860

limiting the maximum output on a port 2-856

mapping a port to a queue-set 2-474

mapping CoS values to a queue and threshold 2-400

mapping DSCP values to a queue and threshold 2-402


setting maximum and reserved memory allocations 2-384

setting WTD thresholds 2-384

enabling 2-370

enabling IPv6 QoS 2-370

ingress queues

allocating buffers 2-390

assigning SRR scheduling weights 2-388

defining the CoS input queue threshold map 2-392

defining the DSCP input queue threshold map 2-394

displaying buffer allocations 2-714

displaying CoS input queue threshold map 2-718

displaying DSCP input queue threshold map 2-718

displaying queueing strategy 2-714

displaying settings for 2-712

enabling the priority queue 2-396

mapping CoS values to a queue and threshold 2-392

mapping DSCP values to a queue and threshold 2-394

setting WTD thresholds 2-398


defining 2-378, 2-392, 2-394, 2-400, 2-402

displaying 2-718

policy maps

applying an aggregate policer 2-445

applying to an interface 2-498, 2-504

creating 2-447

defining policers 2-372, 2-443

displaying policers 2-711

displaying policy maps 2-741

hierarchical 2-448

policed-DSCP map 2-378

setting DSCP or IP precedence values 2-502

traffic classifications 2-76

trust states 2-925


port trust states 2-404

queues, enabling the expedite 2-467


in-profile and out-of-profile packets 2-714

packets enqueued or dropped 2-714

sent and received CoS values 2-714

sent and received DSCP values 2-714

trusted boundary for IP phones 2-404

VLAN-based 2-406

quality of service

See QoS

querytime, MVR 2-414

queue-set command 2-474


radius-server dead-criteria command 2-475

radius-server host command 2-477

rapid per-VLAN spanning-tree plus


rapid PVST+


rcommand command 2-479

re-authenticating IEEE 802.1x-enabled ports 2-168


periodic 2-169

time between attempts 2-173

receiver ports, MVR 2-417

receiving flow-control packets 2-190

recovery mechanism

causes 2-183

display 2-82, 2-527, 2-578, 2-581

timer interval 2-184

redundancy for cluster switches 2-115

redundant power supply


redundant power system

See Cisco Redundant Power System 2300

reload command 2-481

remote command 2-483

remote-span command 2-485

Remote Switched Port Analyzer


rename (boot loader) command A-21

renew ip dhcp snooping database command 2-487

replay protection, MACsec 2-489

replay-protection command 2-489


cluster xxii

device manager xxii

Network Assistant xxii

reset (boot loader) command A-22

resource templates, displaying 2-751

restricted VLAN

See dot1x auth-fail vlan

rmdir (boot loader) command A-23

rmon collection stats command 2-491

root guard, for spanning tree 2-819

routed ports

IP addresses on 2-204

number supported 2-204

routing frames



See Cisco Redundant Power System 2300

RPS 2300

configuring 2-463

managing 2-463

See Cisco Redundant Power System 2300


configuring 2-409

displaying 2-724

filter RSPAN traffic 2-409

remote-span command 2-485


add interfaces to 2-409

displaying 2-724

start new 2-409


scheduled switchover

disabling 2-136

enabling 2-136

SDM mismatch mode 2-493, 2-769

sdm prefer command 2-492

SDM templates

allowed resources 2-493

and stacking 2-493

displaying 2-751

dual IPv4 and IPv6 2-492

secure ports, limitations 2-897

sending flow-control packets 2-190

service password-recovery command 2-496

service-policy command 2-498

session command 2-501

set (boot loader) command A-24

set command 2-502

setup command 2-504

setup express command 2-507

shell trigger command 2-509

show access-lists command 2-511

show archive status command 2-514

show arp access-list command 2-515

show authentication command 2-516

show auto qos command 2-520

show boot command 2-524

show cable-diagnostics tdr command 2-527

show cisp command 2-530

show class-map command 2-531

show cluster candidates command 2-534

show cluster command 2-532

show cluster members command 2-536

show controllers cpu-interface command 2-538

show controllers ethernet-controller command 2-540

show controllers ethernet-controller fastethernet command 2-547

show controllers ethernet phy macsec command 2-550

show controllers power inline command 2-553

show controllers tcam command 2-555

show controller utilization command 2-557

show dot1q-tunnel command 2-564

show dot1x command 2-566

show dtp 2-570

show eap command 2-572

show env command 2-575

show errdisable detect command 2-578

show errdisable flap-values command 2-580

show errdisable recovery command 2-581

show etherchannel command 2-583

show fallback profile command 2-586

show flowcontrol command 2-588

show idprom command 2-590

show interfaces command 2-592

show interfaces counters command 2-603

show interface transceivers command 2-606

show inventory command 2-609

show ip arp inspection command 2-610

show ipc command 2-636

show ip dhcp snooping binding command 2-615

show ip dhcp snooping command 2-614

show ip dhcp snooping database command 2-617, 2-619

show ip igmp profile command 2-622

show ip igmp snooping address command 2-645

show ip igmp snooping command 2-623, 2-643

show ip igmp snooping groups command 2-626

show ip igmp snooping mrouter command 2-628, 2-647

show ip igmp snooping querier command 2-630, 2-649

show ip source binding command 2-632

show ipv6 access-list command 2-640

show ipv6 dhcp conflict command 2-642

show ipv6 route updated 2-651

show ip verify source command 2-634

show l2protocol-tunnel command 2-653

show lacp command 2-656

show link state group command 2-660

show location 2-662

show location command 2-662

show logging onboard command 2-665

show mac access-group command 2-670

show mac address-table address command 2-673

show mac address-table aging time command 2-675

show mac address-table command 2-671

show mac address-table count command 2-677

show mac address-table dynamic command 2-679

show mac address-table interface command 2-681

show mac address-table learning command 2-683

show mac address-table move update command 2-684

show mac address-table notification command 2-93, 2-686, B-28

show mac address-table static command 2-688

show mac address-table vlan command 2-690

show macro auto command 2-692

show macsec command 2-694

show mka default-policy command 2-696

show mka policy command 2-698

show mka session command 2-701

show mka statistics command 2-704

show mka summary command 2-707

show mls qos aggregate-policer command 2-711

show mls qos command 2-710

show mls qos input-queue command 2-712

show mls qos interface command 2-714

show mls qos maps command 2-718

show mls qos queue-set command 2-721

show mls qos vlan command 2-723

show monitor command 2-724

show mvr command 2-726

show mvr interface command 2-728

show mvr members command 2-730

show network-policy profile command 2-732

show nmsp command 2-733

show pagp command 2-736

show parser macro command 2-738

show platform acl command C-2

show platform backup interface command C-3

show platform configuration command C-4

show platform dl command C-5

show platform etherchannel command C-6

show platform forward command C-7

show platform frontend-controller command C-9

show platform igmp snooping command C-10

show platform ipc trace command C-18

show platform ip multicast command C-12

show platform ip unicast command C-13

show platform ipv6 mld snooping command C-19

show platform ipv6 unicast command C-20

show platform ip wccp command C-17

show platform layer4op command C-22

show platform mac-address-table command C-23

show platform messaging command C-24

show platform monitor command C-25

show platform mvr table command C-26

show platform pm command C-27

show platform port-asic command C-29

show platform port-security command C-34

show platform qos command C-35

show platform resource-manager command C-36

show platform snmp counters command C-38

show platform spanning-tree command C-39

show platform stack-manager command C-41

show platform stp-instance command C-40

show platform tb command C-45

show platform tcam command C-47

show platform vlan command C-50

show policy-map command 2-741

show port security command 2-742

show power inline command 2-745, 2-764

show sdm prefer command 2-751

show setup express command 2-754

show shell command 2-755

show spanning-tree command 2-758

show storm-control command 2-766

show switch command 2-768

show system mtu command 2-773

show trust command 2-925

show udld command 2-774

show version command 2-777

show vlan access-map command 2-784

show vlan command 2-779

show vlan command, fields 2-781

show vlan filter command 2-785

show vmps command 2-786

show vtp command 2-788

shutdown command 2-793

shutdown threshold, Layer 2 protocol tunneling 2-298

shutdown vlan command 2-794

small-frame violation rate command 2-795

Smartports macros

See macros

SNMP host, specifying 2-802

SNMP informs, enabling the sending of 2-797

snmp-server enable traps command 2-797

snmp-server host command 2-802

snmp trap mac-notification change command 2-806

SNMP traps

enabling MAC address notification trap 2-806

enabling the MAC address notification feature 2-328

enabling the sending of 2-797


See Cisco SoftPhone

software images

copying 2-8

deleting 2-123

downloading 2-11

upgrading 2-8, 2-11

uploading 2-18

software version, displaying 2-777

source ports, MVR 2-417


configuring 2-409

debug messages, display B-31

displaying 2-724

filter SPAN traffic 2-409


add interfaces to 2-409

displaying 2-724

start new 2-409

spanning-tree backbonefast command 2-808

spanning-tree bpdufilter command 2-809

spanning-tree bpduguard command 2-811

spanning-tree cost command 2-813

spanning-tree etherchannel command 2-815

spanning-tree extend system-id command 2-817

spanning-tree guard command 2-819

spanning-tree link-type command 2-821

spanning-tree loopguard default command 2-823

spanning-tree mode command 2-825

spanning-tree mst configuration command 2-827

spanning-tree mst cost command 2-829

spanning-tree mst forward-time command 2-831

spanning-tree mst hello-time command 2-832

spanning-tree mst max-age command 2-833

spanning-tree mst max-hops command 2-834

spanning-tree mst port-priority command 2-835

spanning-tree mst pre-standard command 2-837

spanning-tree mst priority command 2-838

spanning-tree mst root command 2-839

spanning-tree portfast (global configuration) command 2-843

spanning-tree portfast (interface configuration) command 2-846

spanning-tree port-priority command 2-841

Spanning Tree Protocol


spanning-tree transmit hold-count command 2-848

spanning-tree uplinkfast command 2-849

spanning-tree vlan command 2-851

speed command 2-854

srr-queue bandwidth limit command 2-856

srr-queue bandwidth shape command 2-858

srr-queue bandwidth share command 2-860

SSH, configuring version 2-263

stack-mac persistent timer command 2-862

stack member

access 2-501

number 2-768, 2-874

priority value 2-871

provisioning 2-872

reloading 2-481

stacks, switch

disabling a member 2-869

enabling a member 2-869

MAC address 2-862

provisioning a new member 2-872

reloading 2-481

stack member access 2-501

stack member number 2-768, 2-874

stack member priority value 2-768, 2-871

static-access ports, configuring 2-878

statistics, Ethernet group 2-491

sticky learning, enabling 2-895

storm-control command 2-866


BackboneFast 2-808

counters, clearing 2-101

debug messages, display

BackboneFast events B-88


optimized BPDUs handling B-90

spanning-tree activity B-86

switch shim B-93

transmitted and received BPDUs B-89

UplinkFast B-95

detection of indirect link failures 2-808

enabling protocol tunneling for 2-298

EtherChannel misconfiguration 2-815


extended system ID 2-817

path cost 2-813

protocol modes 2-825

root port

accelerating choice of new 2-849

loop guard 2-819

preventing from becoming designated 2-819

restricting which can be root 2-819

root guard 2-819

UplinkFast 2-849

root switch

affects of extended system ID 2-817, 2-852

hello-time 2-851

interval between BDPU messages 2-851

interval between hello BPDU messages 2-851

max-age 2-851

port priority for selection of 2-841

primary or secondary 2-851

switch priority 2-851

state changes

blocking to forwarding state 2-846

enabling BPDU filtering 2-809, 2-843

enabling BPDU guard 2-811, 2-843

enabling Port Fast 2-843, 2-846

enabling timer to recover from error state 2-183

forward-delay time 2-851

length of listening and learning states 2-851

shutting down Port Fast-enabled ports 2-843

state information display 2-758

VLAN options 2-838, 2-851

supplemental power command 2-864

SVIs, creating 2-198

SVI status calculation 2-880

Switched Port Analyzer


switching characteristics

modifying 2-876

returning to interfaces 2-876

switchport access command 2-878

switchport autostate exclude command 2-880

switchport backup interface command 2-882

switchport block command 2-885

switchport command 2-876

switchport host command 2-887

switchport mode command 2-888

switchport mode private-vlan command 2-891

switchport nonegotiate command 2-893

switchport port-security aging command 2-900

switchport port-security command 2-895

switchport priority extend command 2-902

switchport private-vlan command 2-904

switchport protected command 2-906

switchports, displaying 2-592

switchport trunk command 2-908

switchport voice detect 2-911

switchport voice vlan command 2-912

switch priority command 2-869, 2-871

switch provision command 2-872

switch renumber command 2-874

system env temperature threshold yellow command 2-914

system message logging 2-314

system message logging, save message to flash 2-315

system mtu command 2-916

system resource templates 2-492


tar files, creating, listing, and extracting 2-15

TDR, running 2-919

Telnet, using to communicate to cluster switches 2-479

temperature information, displaying 2-575

templates, system resources 2-492

test cable-diagnostics tdr command 2-919

traceroute mac command 2-920

traceroute mac ip command 2-923

trunking, VLAN mode 2-888

trunk mode 2-888

trunk ports 2-888

trunks, to non-DTP device 2-889

trusted boundary for QoS 2-404

trusted port states for QoS 2-404

tunnel ports, Layer 2 protocol, displaying 2-653

type (boot loader) command A-27



aggressive mode 2-927, 2-929

debug messages, display B-103

enable globally 2-927

enable per interface 2-929

error recovery timer 2-183

message timer 2-927

normal mode 2-927, 2-929

reset a shutdown interface 2-931

status 2-774

udld command 2-927

udld port command 2-929

udld reset command 2-931

unicast storm control 2-866

UniDirectional Link Detection


unknown multicast traffic, preventing 2-885

unknown unicast traffic, preventing 2-885

unset (boot loader) command A-28


copying software images 2-8

downloading software images 2-11

software images, monitoring status of 2-514

upgrading information

See release notes

UplinkFast, for STP 2-849

usb-inactivity-timeout (console configuration) command 2-932

user EXEC mode 1-2, 1-3


version (boot loader) command A-30

version mismatch mode 2-769, C-42

vlan (global configuration) command 2-933

vlan access-map command 2-938

VLAN access map configuration mode 2-938

VLAN access maps

actions 2-6

displaying 2-784

VLAN-based QoS 2-406

VLAN configuration

rules 2-936

saving 2-933

VLAN configuration mode

description 1-4

entering 2-933

summary 1-3

vlan dot1q tag native command 2-940

vlan filter command 2-942

VLAN filters, displaying 2-785

VLAN ID range 2-933

VLAN maps

applying 2-942

creating 2-938

defining 2-357

displaying 2-784

VLAN Query Protocol



adding 2-933

configuring 2-933

debug messages, display

ISL B-99

VLAN IOS file system error tests B-98

VLAN manager activity B-96

VTP B-101

displaying configurations 2-779

extended-range 2-933

MAC addresses

displaying 2-690

number of 2-677

media types 2-936

normal-range 2-933

private 2-891

configuring 2-469

displaying 2-779

See also private VLANs

restarting 2-794

saving the configuration 2-933

shutting down 2-794

SNMP traps for VTP 2-800, 2-803

suspending 2-794

VLAN Trunking Protocol


VM mode 2-769, C-42


configuring servers 2-947

displaying 2-786

error recovery timer 2-184

reconfirming dynamic VLAN assignments 2-944

vmps reconfirm (global configuration) command 2-945

vmps reconfirm (privileged EXEC) command 2-944

vmps retry command 2-946

vmps server command 2-947

voice VLAN

configuring 2-911, 2-912

setting port priority 2-902


and dynamic-access ports 2-879

clearing client statistics 2-103

displaying information 2-786

per-server retry count 2-946

reconfirmation interval 2-945

reconfirming dynamic VLAN assignments 2-944


changing characteristics 2-949

clearing pruning counters 2-104


domain name 2-949

file name 2-949

mode 2-949

password 2-950

counters display fields 2-789

displaying information 2-788


pruning 2-950

tunneling for 2-298

Version 2 2-950

enabling per port 2-954

mode 2-949

pruning 2-950

saving the configuration 2-933

statistics 2-788

status 2-788

status display fields 2-791

vtp (global configuration) command 2-949

vtp interface configuration command 2-954

vtp primary command 2-955