Catalyst 4500 Series Switch Cisco IOS Command Reference, 12.2(52)SG
Downloads: This chapterpdf (PDF - 672.0 KB) The complete bookPDF (PDF - 20.25 MB) | Feedback


Table Of Contents

Symbols - Numerics - A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - Q - R - S - T - U - V - W -



$ matches the end of a string 1-7

( ) in commands 1-11

* matches 0 or more sequences of a pattern 1-7

+ matches 1 or more sequences of a pattern 1-7

. matches any single character 1-7

? command 1-1

? matches 0 or 1 occurrence of a pattern 1-7

^ matches the beginning of a string 1-7

_ matches a comma (,), left brace ({), left parenthesis 1-7

" 1-10


10-Gigabit Ethernet uplink

selecting 2-199

showing the mode 2-531, 2-532

802.1Q trunk ports and native VLANs 2-864

802.1Q tunnel ports

configuring 2-806

802.1S Multiple Spanning Tree

see MST


configuring for multiple hosts 2-156

configuring for single host 2-156

configuring multiple domains 2-156

disabling port control 2-149

enabling port control 2-149

802.1X Critical Authentication

disabling on a port 2-150

disabling on a VLAN 2-153


disabling send success packets 2-151

enabling send success packets 2-151

enabling on a port 2-150

enabling on a VLAN 2-153

returning delay time to default setting 2-152

setting delay time on a port 2-152

802.1X critical authentication

configure parameters 2-23

802.1X critical recovery delay, configuring 2-23

802.1X Port Based Authentication

debugging 802.1X Port Based Authentication 2-108

displaying port based authentication 2-511

enabling accounting for authentication sessions 2-4

enabling authentication on the system 2-167

enabling guest VLAN 2-154

enabling guest VLAN supplicant 2-147, 2-155

enabling manual control of auth state 2-163

enabling periodic re-authentication of the client 2-166

initializing re-authentication of dot1x ports 2-165

initializing state machines 2-158

receive session termination message upon reboot 2-5

setting maximum number for EAP requests 2-161

setting the reauthentication timer 2-168


abbreviating commands

context-sensitive help 1-1

Access Gateway Module

connecting to a module 2-20

connecting to a remote module 2-442

connecting to a specific remote module 2-454


displaying mac interface 2-638

show mode interface 2-391, 2-473, 2-696

access groups

IP 2-6

access lists

clearing an access template 2-71

defining ARP 2-19

displaying ARP information 2-477

See also ACLs, MAC ACLs, and VACLs

access maps

applying with VLAN filter 2-866

access-node-identifier, setting for the switch 2-389

access-policies, applying using host-mode 2-27


access-group mode 2-6

balancing hardware regions 2-12

capturing control packets 2-8

determining ACL hardware programming 2-10

disabling hardware statistics 2-194

displaying mac access-group interface 2-638

enabling hardware statisctics 2-194

using ACL naming conventions for MAC ACLs 2-306

action clause

specifying drop or forward action in a VACL 2-13

addresses, configuring a maximum 2-385


debugging the adjacency table 2-101

disabling the debug facility 2-101

displaying information about the adjacency table 2-474

displaying IPC table entries 2-101

aggregate policer

displaying information 2-697

aging time

displaying MAC address aging time 2-641

MAC address table 2-309


displaying operational status 2-519


description 1-10


description 1-10

ancp, show multicast 2-476

ANCP client

port identifier 2-14

remote server 2-15

set router to become 2-16


access list, displaying detailed information 2-477

defining access-lists 2-19

ARP inspection

enforce certain types of checking 2-216

ARP packet

deny based on DHCP bindings 2-143

permit based on DHCP bindings 2-358

authentication 2-23, 2-29

changing the control-direction 2-21

configure actions for events

configuring the actions 2-24

configuring port-control 2-33

enabling reauthentication 2-32

enabling Webauth fallback 2-26

host-mode configuration 2-27

setting priority of methods 2-35

setting the timer 2-37

setting username 2-851

specifying the order of methods 2-30

using an MD5-type encryption method 2-851

verifying MD5 signature 2-853

verifying the checksum for Flash memory 2-853

authentication control-direction command 2-21

authentication critical recovery delay command 2-23

authentication event command 2-24

authentication fallback command 2-26

authentication host-mode 2-27

authentication methods, setting priority 2-35

authentication methods, specifying the order of attempts 2-30

authentication open command 2-29

authentication order command 2-30

authentication periodic command 2-32

authentication port-control command 2-33

authentication priority command 2-35

authentication timer, setting 2-37

authentication timer command 2-37

auth fail VLAN

enable on a port 2-148

set max number of attempts 2-147

Auth Manager


authentication timer 2-37

authorization state

enabling manual control 2-163

authorization state of a controlled port 2-163

automatic installation

displaying status 2-482

automatic medium-dependent interface crossover

See Auto-MDIX


disabling 2-338

enabling 2-338

auto-negotiate interface speed

example 2-795


configuring for VoIP 2-39

displaying configuration 2-483


baby giants

displaying the system MTU setting 2-728

setting the maximum Layer 2 payload size 2-831


displaying debugging messages 2-130

displaying spanning tree status 2-718

enabling debugging 2-130

bandwidth command 2-43


store for DHCP snooping 2-228

BOOT environment variable

displaying information 2-486


displaying information 2-484


debugging spanning tree activities 2-128

bridge protocol data units



counters 2-98

broadcast suppression level

configuring 2-796, 2-798

enabling 2-796, 2-798


cable diagnostics


displaying test results 2-487

testing conditions of copper cables 2-833

call home

displaying information 2-489

e-mailing output 2-51

entering configuration submode 2-46

executing 2-51

manually send test message 2-54

receiving information 2-49

sending alert group message 2-52

submitting information 2-49

call home destination profiles

displaying 2-491

Catalyst 4507R 2-381


configuring tunneling encapsulation rate 2-296


neighbor information 2-494

enabling protocol tunneling for 2-291

set drop threshold for 2-294


displaying next-hop information 2-568

displaying VLAN configuration information 2-568



chassis MAC address ranges 2-635

current and peak traffic meter readings 2-635

percentage of backplane utilization 2-635

switching clock failure recovery mode 2-635


setting for an interface 2-396

circuit-id, setting for an interface VLAN range 2-398


macro apply 2-316

Cisco Express Forwarding



macro apply 2-318


macro apply 2-320


macro apply 2-322

class maps

creating 2-62

defining the match criteria 2-331

clear commands

clearing Gigabit Ethernet interfaces 2-69

clearing IGMP group cache entries 2-78

clearing interface counters 2-64

clearing IP access lists 2-71, 2-72

clearing IP ARP inspection statistics VLAN 2-73

clearing IP DHCP snooping database statistics 2-77

clearing MFIB counters and routes 2-81

clearing MFIB fastdrop entries 2-82

clearing PAgP channel information 2-88

clearing QoS aggregate counters 2-92

clearing VLAN interfaces 2-70

clear energywise neighbors command 2-66

clear nmsp statistics command 2-87

CLI string search

anchoring 1-10

expressions 1-7

filtering 1-6

multiple-character patterns 1-8

multipliers 1-9

parentheses for recall 1-11

searching outputs 1-6

single-character patterns 1-7

using 1-6

command modes

accessing privileged EXEC mode 1-5

exiting 1-5

understanding user EXEC and configuration modes 1-5

condition interface

debugging interface-related activities 2-103

condition vlan

debugging VLAN output 2-106

configuration, saving 1-11


root as secondary 2-779

configuring a SPAN session to monitor

limit SPAN source traffic 2-343

configuring critical recovery 2-23

configuring forward delay 2-775

configuring root as primary 2-779



policy map to control plane 2-452


policy-map class information 2-670

entering configuration mode 2-96


service policy from control plane 2-452


assigning to Layer 2 protocol packets 2-293

CoS QoS default

defining value on an interface 2-418

Cost of Service

See QoS CoS


clearing interface counters 2-64

critical authentication, configure 802.1X parameters 2-23

critical recovery, configuring 802.1X parameter 2-23



clear statistics 2-73


displaying qos dbl 2-698

enabling DBL globally on the switch 2-419

debug commands

debugging backup events 2-102

debugging DHCP snooping events 2-113

debugging DHCP snooping messages 2-114

debugging EtherChannel/PAgP/shim 2-109

debugging IPC activity 2-112

debugging IP DHCP snooping security messages 2-115

debugging NVRAM activities 2-119

debugging PAgP activities 2-120

debugging port manager activities 2-123

debugging spanning tree activities 2-128

debugging spanning tree backbonefast 2-130

debugging spanning tree UplinkFast 2-133

debugging supervisor redundancy 2-127

debugging VLAN manager activities 2-134

displaying monitor activity 2-117

displaying the adjacency table 2-101

enabling debug dot1x 2-108

enabling debugging messages for ISL VLAN IDs 2-137

enabling debugging messages for VTP 2-138

enabling debugging of UDLD activity 2-139

enabling switch shim debugging 2-131

enabling VLAN manager file system error tests 2-135

limiting debugging output for VLANs 2-106

limiting interface debugging output 2-103

limiting output for debugging standby state changes 2-104

shortcut to the debug condition interface 2-111


activity monitoring 2-117

DHCP snooping events 2-113

DHCP snooping packets 2-114

IPC activities 2-112

IP DHCP snooping security packets 2-115

NVRAM activities 2-119

PAgP activities 2-120

PAgP shim 2-109

PM activities 2-123

PPPoE Intermediate Agent 2-125

spanning tree BackboneFast events 2-130

spanning tree switch shim 2-131

spanning tree UplinkFast events 2-133

VLAN manager activities 2-134

VLAN manager IOS file system error tests 2-135

VTP protocol debug messages 2-138

debug nmsp command 2-118

debug spanning tree switch 2-131

debug sw-vlan vtp 2-138

default CoS value 2-418

default form of a command, using 1-6

defining egress DSCP-to-CoS mapping 2-425


clearing database statistics 2-77

DHCP bindings

configuring bindings 2-226

deny ARP packet based on matches 2-143

permit ARP packet based on matches 2-358

DHCP snooping

clearing binding entries 2-74

clearing database 2-76

displaying binding table 2-571

displaying configuration information 2-569

displaying status of DHCP database 2-574

displaying status of error detection 2-522

enabling DHCP globally 2-225

enabling IP source guard 2-265

enabling on a VLAN 2-235

enabling option 82 2-230, 2-232

enabling option-82 2-237

enabling rate limiting on an interface 2-233

enabling trust on an interface 2-234

establishing binding configuration 2-226

renew binding database 2-444

store generated bindings 2-228

diagnostic test

bootup packet memory 2-505

displaying attributes 2-499

display module-based results 2-501

running 2-146

show results for TDR 2-487

testing conditions of copper cables 2-833

displaying error disable recovery 2-523

displaying inline power status 2-685

displaying monitoring activity 2-117

displaying PoE policing and monitoring status 2-693

displaying SEEPROM information

GBIC 2-533

displaying SPAN session information 2-727, 2-797

document conventions 1-xx

document organization 1-xix



attaching policy map to control plane 2-452

displaying policy-map class information 2-670

entering configuration mode 2-96

removing service policy from control plane 2-452


CoPP configuration mode 2-96

DOS attack

protecting system's resources 2-211

drop threshold, Layer 2 protocol tunneling 2-294

DSCP rewrite for IP packets

enable 2-429

dual-capable port

selecting a connector 2-340

duplex mode

configuring autonegotiation on an interface 2-170

configuring full duplex on an interface 2-170

configuring half duplex on an interface 2-170

dynamic ARP inspection

preventing 2-211

Dynamic Buffer Limiting


Dynamic Host Configuration Protocol




restarting authentication process 2-161

EDCS-587028 2-478, 2-635

EIGRP (Enhanced IGRP)


routing updates, preventing 2-355


debugging for UDLD 2-139

voice VLANs 2-799

enabling open access 2-29


display power information through queries 2-179

display setting, status of entity and PoE ports 2-515

on an entity

enable, assign to domain, and set password 2-177

on an entity, enable and configure 2-172

on a PoE port

configuring on PoE port 2-174

energywise (global configuration) command 2-172, 2-174

energywise domain command 2-177

EnergyWise neighbor table, deleting 2-66

energywise query command 2-179


alarms 2-519

displaying information 2-519

status 2-519

temperature 2-519

erase a file 2-183

error disable detection

clearing error disable on an interface 2-67

enabling error disable detection 2-67, 2-186

enabling per-VLAN on BPDU guard 2-186

error-disabled state

displaying 2-552

error disable recovery

configuring recovery mechanism variables 2-188

displaying recovery timer information 2-523

enabling ARP inspection timeout 2-188

specifying recovery cause 2-188


assigning interfaces to EtherChannel groups 2-55

debugging EtherChannel 2-109

debugging PAgP shim 2-109

debugging spanning tree activities 2-128

displaying information for a channel 2-525

removing interfaces from EtherChannel groups 2-55

EtherChannel guard

detecting STP misconfiguration 2-765

Explicit Host Tracking

clearing the database 2-80

enabling per-VLAN 2-249


matching multiple expression occurrences 1-9

multiple-character patterns 1-8

multiplying pattern occurrence 1-11

single-character patterns 1-7

Extensible Authentication Protocol



fallback profile, specifying 2-26

field replaceable unit (FRU)

displaying status information 2-519



routing updates, preventing 2-355

Flash memory file system

displaying file system information 2-484

verifying checksum 2-853

flow control

configuring a gigabit interface for pause frames 2-191

displaying per-interface statistics for flow control 2-529



displaying SEEPROM information 2-533

generic-error-message, setting for the switch 2-389

Gigabit Ethernet interface

clearing the hardware logic 2-69

Gigabit Ethernet uplink

selecting 2-199

showing the mode 2-531, 2-532

global configuration mode

using 1-5


hardware module

resetting a module by toggling the power 2-196

hardware statistics

disabling 2-194

enabling 2-194

hardware uplink

changing the mode 2-197

selecting the mode 2-199

showing the mode 2-531, 2-532

helper addresses, IP 2-589

hot standby protocol

debugging 2-104

disabling debugging 2-104

limiting output 2-104


identifier-string, setting for the switch 2-389

ID mapping, creating an ANCP client 2-14


displaying SEEPROM information

chassis 2-533

clock module 2-533

fan trays 2-533

module 2-533

mux buffer 2-533

power supplies 2-533

supervisor engine 2-533

ifIndex persistence

clearing SNMP ifIndex commands 2-751

compress SNMP ifIndex table format 2-758

disabling globally 2-757

disabling on an interface 2-753

enabling globally 2-757

enabling on an interface 2-753


applying filters for host joining on Layer 2 interfaces 2-239

clearing IGMP group cache entries 2-78

configuring frequency for IGMP host-query messages 2-242

creating an IGMP profile 2-241

displaying IGMP interface configuration information 2-576

displaying profiles 2-578

setting maximum group numbers 2-240

IGMP profiles

displaying 2-578

IGMP snooping

clearing the EHT database 2-80

configuring a Layer 2 interface as a group member 2-255

configuring a Layer 2 interface as a multicast router 2-253

configuring a static VLAN interface 2-255

displaying multicast information 2-585

displaying VLAN information 2-579, 2-583, 2-586

enabling 2-244

enabling immediate-leave processing 2-251

enabling on a VLAN 2-248

enabling per-VLAN Explicit Host Tracking 2-249


enabling 2-755

inline power

displaying inline power status 2-685

In Service Software Upgrade


inspection log

clearing log buffer 2-72


displaying suppressed multicast bytes 2-546

interface capabilities

displaying 2-542

interface configuration mode

summary 1-5

interface link

display cable disconnect time 2-549


configuring dot1q tunnel ports 2-806

creating an interface-range macro 2-142

debugging output of interface related activities 2-103

displaying description 2-548

displaying error-disabled state 2-552

displaying information when tunneling is enabled 2-629

displaying status 2-548

displaying traffic for a specific interface 2-539

entering interface configuration mode 2-203

executing a command on multiple ports in a range 2-206

selecting an interface to configure 2-203

setting a CoS value for Layer 2 packets 2-293

setting drop threshold for Layer 2 packets 2-294

setting the interface type 2-806

interface speed

configuring interface speed 2-793

interface transceiver

displaying diagnostic data 2-556

internal VLAN allocation

configuring 2-867

default setting 2-867

displaying allocation information 2-740

Internet Group Management Protocol


IP address of remote ANCP server, setting 2-15


applying ARP ACL to VLAN 2-209

clearing inspection statistics 2-73

clearing status of log buffer 2-72

controlling packet logging 2-220

enabling dynamic inspection 2-218

limit rate of incoming requests 2-211

set per-port config trust state 2-215

showing status of dynamic ARP inspection 2-563

showing status of log buffer 2-566


debugging IPC activities 2-112

IP DHCP Snooping

See DHCP snooping

IP header validation

disabling 2-264

enabling 2-264

IP interfaces

displaying usability status 2-588

IP multicast

displaying multicast routing table information 2-594

IP packets

enable DSCP rewrite 2-429

IP phone and standard desktop

enabling Cisco-recommended features 2-318

IP Port Security

enabling 2-265

IP source binding

adding or deleting 2-261

displaying bindingstagging 2-599

IP source guard

debugging messages 2-115

displaying configuration and filters 2-600

enabling on DHCP snooping 2-265


configuring queries 2-271, 2-273

configuring snooping last-listener-query-intervals 2-273

configuring snooping listener-message-suppression 2-275

configuring snooping robustness-variables 2-276

configuring tcn topology change notifications 2-278

counting snooping last-listener-queries 2-271

displaying information 2-605

displaying ports for a switch or VLAN 2-607

displaying querier information 2-608

enabling snooping 2-269

enabling snooping on a VLAN 2-279


canceling process 2-281

configuring rollback timer 2-290

displaying capability 2-610

displaying client information 2-612

displaying compatibility matrix 2-614

displaying endpoint information 2-619

displaying entities 2-620

displaying FSM session 2-621

displaying messages 2-622

displaying negotiated 2-624

displaying rollback-timer 2-625

displaying session information 2-626

displaying software version 2-627

displaying state 2-627

forcing switchover to standby supervisor engine 2-289

loading new image 2-285

starting process 2-287

stopping rollback timer 2-283


Jumbo frames

enabling jumbo frames 2-349



deselecting channeling protocol 2-57

enabling LACP on an interface 2-57

setting channeling protocol 2-57

Layer 2

displaying ACL configuration 2-638

Layer 2 interface type

specifying a nontrunking, nontagged single VLAN interface 2-806

specifying a trunking VLAN interface 2-806

Layer 2 protocol ports

displaying 2-629

Layer 2 protocol tunneling error recovery 2-296

Layer 2 switching

enabling voice VLANs 2-799

modifying switching characteristics 2-799

Layer 2 traceroute

IP addresses 2-838

Layer 3 switching

displaying information about an adjacency table 2-474

displaying port status 2-554

displaying status of native VLAN tagging 2-554

link-status event messages


globally 2-300, 2-303

on an interface 2-301, 2-304


globally 2-300, 2-303

on an interface 2-301, 2-304

log buffer

show status 2-566


controlling IP ARP packets 2-220


MAB, display information 2-635

MAB, enable and configure 2-328

mab command 2-328

MAC Access Control Lists



defining extended MAC access list 2-306

displaying MAC ACL information 2-737

naming an ACL 2-306

MAC address filtering

configuring 2-315

disabling 2-315

enabling 2-315

MAC address table

adding static entries 2-327

clearing dynamic entries 2-84, 2-86

configuring aging time 2-309

displaying dynamic table entry information 2-645

displaying entry count 2-643

displaying information 2-639

displaying interface-based information 2-647

displaying multicast information 2-649

displaying notification information 2-651

displaying protocol-based information 2-653

displaying static table entry information 2-655

displaying the MAC address aging time 2-641

displaying VLAN-based information 2-658

enabling authentication bypass 2-159

enabling notifications 2-313

learning in the protocol buckets 2-310

removing static entries 2-327

MAC address tables

adding static entries 2-315

deleting secure or specific addresses 2-89

disabling IGMP snooping on static MAC addresses 2-315

removing static entries 2-315

mac-address-table static 2-315

MAC address unicast filtering

dropping unicast traffic 2-315

MAC authentication bypass (MAB), display information 2-635

MAC authorization bypass(MAB), enable and configure 2-328


displaying descriptions 2-326

macro keywords

help strings 2-2


adding a global description 2-326

cisco global 2-324

system-cpp 2-325

mapping secondary VLANs to MST instance 2-408

mapping VLAN(s) to an MST instance 2-201

match (class-map configuration) command 2-331

maximum transmission unit (MTU)

displaying the system MTU setting 2-728

setting the maximum Layer 2 payload size 2-831


verifying MD5 signature 2-853

message digest 5

See MD5


clearing ip mfib counters 2-81

clearing ip mfib fastdrop 2-82

displaying all active MFIB routes 2-591

displaying MFIB fastdrop table entries 2-593

enabling IP MFIB fastdrops 2-258


configuring snooping last-listener-query-intervals 2-273

configuring snooping listener-message-suppression 2-275

configuring snooping robustness-variables 2-276

configuring topology change notifications 2-278

counting snooping last-listener-queries 2-271

enabling snooping 2-269

enabling snooping on a VLAN 2-279

MLD snooping

displaying 2-608


access-group 2-6

show access-group interface 2-391, 2-473, 2-696

switching between PVST+, MST, and Rapid PVST 2-770

See also command modes

module password clearing 2-68

module reset

resetting a module by toggling the power 2-196

--More-- prompt

filter 1-6

search 1-7


designating the primary and secondary root 2-779

displaying MST protocol information 2-723

displaying region configuration information 2-723

displaying spanning tree information 2-723

entering MST configuration submode 2-773

setting configuration revision number 2-446

setting path cost and port priority for instances 2-771

setting the forward delay timer for all instances 2-775

setting the hello-time delay timer for all instances 2-776

setting the max-age timer for all instances 2-777

setting the MST region name 2-350

specifying the maximum number of hops 2-778

switching between PVST+ and Rapid PVST 2-770

using the MST configuration submode revision command 2-446

using the submode name command 2-350


displaying global MTU settings 2-728

multi-auth, setting 2-27

Multicase Listener Discovery



counters 2-98

enabling storm control 2-798

show ancp 2-476

multicast/unicast packets

prevent forwarding 2-805

Multicast Forwarding Information Base


multi-domain, setting 2-27

multiple-character patterns 1-8

Multiple Spanning Tree



native VLAN

controlling tagging of traffic 2-826

displaying ports eligible for native tagging 2-739

displaying ports eligible for tagging 2-739

enabling tagging on 802.1Q trunk ports 2-864

specifing the tagging of traffic 2-827


enabling NetFlow statistics 2-259

including infer fields in routing statistics 2-259


displaying CEF VLAN information 2-568

nmsp attachment suppress command 2-352

nmsp command 2-351

no form of a command, using 1-6


debugging NVRAM activities 2-119


open access on a port, enabling 2-29


pattern searches 1-7


packet counters (statistics)

clear for PPPoE Intermediate Agent 2-91

packet counters, display for PPPoE Intermediate Agent 2-694

packet forwarding

prevent unknown packets 2-805

packet memory failure

direct switch action upon detection 2-145

packet memory test

bootup, displaying results 2-505, 2-507

ongoing, displaying results 2-509


access-group mode 2-6

paging prompt

see --More-- prompt


clearing port channel information 2-88

debugging PAgP activity 2-120

deselecting channeling protocol 2-57

displaying port channel information 2-667

hot standby mode

returning to defaults 2-354

selecting ports 2-354

input interface of incoming packets

learning 2-353

returning to defaults 2-353

setting channeling protocol 2-57

parentheses 1-11


clearing on an intelligent line module 2-68

establishing enhanced password security 2-851

setting username 2-851


displaying route maps 1-xx

redistributing route maps 1-xx

PM activities

debugging 2-123

disabling debugging 2-123

PoE policing

configure on an interface 2-387

PoE policing and monitoring

displaying status 2-693

police (percent) command 2-365

police (two rates) command 2-367, 2-369

police command 2-360

policing, configure PoE 2-387

policing and monitoring status

displaying PoE 2-693

Policy Based Routing


policy maps

creating 2-373

marking 2-456

See also QoS, hierarchical policies

traffic classification

defining the class

defining trust states 2-841

port, dual-capable

selecting the connector 2-340

Port Aggregation Protocol

See PAgP

port-based authentication

displaying debug messages 2-108

displaying statistics and status 2-511

enabling 802.1X 2-163

host modes 2-156

manual control of authorization state 2-163

periodic re-authentication

enabling 2-166

re-authenticating 802.1X-enabled ports 2-165

switch-to-client frame-retransmission number 2-161

port channel

accessing 2-205

creating 2-205

displaying information 2-667

load distribution method

resetting to defaults 2-375

setting 2-375

port control, changing from unidirectional or bidirectional 2-21

port-control value, configuring 2-33

port range

executing 2-206

port security

debugging ports security 2-124

deleting secure or specific addresses 2-89

displaying settings for an interface or switch 2-678

enabling 2-811

filter source IP and MAC addresses 2-265

setting action upon security violation 2-811

setting the rate limit for bad packets 2-811

sticky port 2-811

Port Trust Device

displaying 2-699

power status

displaying inline power 2-685

displaying power status 2-685

power supply

configuring combined and redundant power on the Catalyst 4507R 2-381

configuring inline power 2-378

configuring power consumption 2-380

displaying the SEEPROM 2-533

setting inline power state 2-377

PPPoE Discovery

enable vendor-tag stripping on packetsPPPoE Server

enable vendor-tag stripping on Discovery packets 2-395

PPPoE Discovery packets, limit rate arriving on an interfsce 2-393

PPPoE Intermediate Agent

clear statistics (packet counters) 2-91

debugging 2-125

pppoe intermediate-agent

enable intermediate agent on a switch 2-391

enable on an interface VLAN range 2-397

enable PPPoE Intermediate Agent on an interface 2-392

enable vendor-tag stripping of Discovery packets 2-395

format-type (global) 2-389

limit rate of PPPoE Discovery packets 2-393

set circuit-id or remote-id for an interface 2-396

set circuit-id or remote-id for an interface VLAN range 2-398

set trust configuration on an interface 2-393, 2-394

PPPoE Intermediate Agent, display configuration and statistics (packet counters) 2-694

priority command 2-399

priority-queue command 2-99

Private VLAN


privileged EXEC mode, summary 1-5


system 1-5

protocol tunneling

configuring encapsulation rate 2-296

disabling 2-291

displaying port information 2-629

enabling 2-291

setting a CoS value for Layer 2 packets 2-293

setting a drop threshold for Layer 2 packets 2-294


configuring isolated, primary, and community PVLANs 2-401

controlling tagging of native VLAN traffic 2-826

disabling sticky-ARP 2-262

displaying map information for VLAN SVIs 2-551

displaying PVLAN information 2-742

enabling interface configuration mode 2-806

enabling sticky-ARP 2-262

mapping VLANs to the same SVI 2-405

specifying host ports 2-806

specifying promiscuous ports 2-806


switching between PVST and MST 2-770



account Layer 2 encapsulation 2-411

attaching a policy-map to an interface 2-447

automatic configuration 2-39

class maps

creating 2-62

defining the match criteria 2-331

clearing aggregate counters 2-92

configuring auto 2-39

defining a named aggregate policer 2-413

defining default CoS value 2-418

defining ingress CoS-to-DSCP mapping 2-423

displaying aggregate policer information 2-697

displaying auto configuration 2-483

displaying class maps information 2-497

displaying configuration information 2-483

displaying configurations of policies 2-673

displaying policy map information 2-669, 2-676

displaying QoS information 2-696

displaying QoS map information 2-701

egress queue-sets

enabling the priority queue 2-99

enabling global configuration mode 2-409

enabling on control packets 2-416

enabling per-VLAN QoS for a Layer 2 interface 2-432

enabling QoS on an interface 2-410

hierarchical policies

average-rate traffic shaping on a class 2-469

bandwidth allocation for a class 2-43, 2-61

creating a service policy 2-450

marking 2-456

strict priority queueing (LLQ) 2-399

mapping DSCP values to transmit queues 2-425

mapping egress DSCP-to-CoS 2-425

mapping the DSCP-to-CoS value 2-425

policy maps

creating 2-373

marking 2-456

traffic classifications

trust states 2-841

setting the mapping of policed DSCP values 2-427

setting the trust state 2-430

specifying flow-based match criteria 2-334

Supervisor Engine 6-E

setting CoS 2-458

setting DSCP 2-461

setting precedence values 2-464

setting QoS group identifiers 2-467


configuring for tunneled Layer 2 protocol packets 2-293

defining default CoS value 2-418

qos dbl 2-419

quality of service

See QoS

question command 1-1

queueing information

displaying 2-699

queue limiting

configuring packet limits 2-434


Rapid PVST

switching between PVST and MST 2-770

re-authenticating 802.1X-enabled ports 2-165


periodic 2-166

set the time 2-168

reauthentication, enabling 2-32


restoring bindings across 2-226


accessing the main CPU 2-436

changing from active to standby supervisor engine 2-440

displaying information 2-703

displaying ISSU config-sync failure information 2-707

displaying redundancy facility information 2-703

displaying RF client list 2-703

displaying RF operational counters 2-703

displaying RF states 2-703

enabling automatic synchronization 2-42

forcing switchover to standby supervisor engine 2-440

mismatched command listing 2-438

set the mode 2-341

synchronizing the route processor configurations 2-327

related documentation 1-xix

remote-id, setting for an interface 2-396

remote-id, setting for an interface VLAN range 2-398

remote SPAN


renew commands

ip dhcp snooping database 2-444

resetting PVLAN trunk

setting switchport to trunk 2-806

retry failed authentiation, configuring 2-24

rj45 connector, selecting the connector 2-340

ROM monitor mode

summary 1-6

Route Processor Redundancy

See redundancy

router, set to become ANCP client 2-16


disabling IPv4 exists-only checks 2-267

enabling IPv4 exists-only checks 2-267


set the redundancy mode 2-341


converting VLAN to RSPAN VLAN 2-443

displaying list 2-744


saving configuration changes 1-11

secure address, configuring 2-383

secure ports, limitations 2-812

server (AAA) alive actions, configuring 2-24

server (AAA) dead actions, configuring 2-24

service-policy command (policy-map class) 2-450

session classification, defining 2-27

set the redundancy mode 2-341

sfp connector, selecting the connector 2-340

shape command 2-469

show ancp multicast 2-476

show authentication interface command 2-478

show authentication registration command 2-478

show authentication sessions command 2-478

show commands

filtering parameters 1-7

searching and filtering 1-6

show platform commands 1-11

show energywise command 2-515

show mab command 2-635

show nmsp command 2-664

Simple Network Management Protocol


single-character patterns

special characters 1-7

single-host, setting 2-27


displaying information on the standby supervisor 2-714


displaying information about the system 2-716


debugging spanning tree activities 2-128

ifIndex persistence

clearing SNMP ifIndex commands 2-751

compress SNMP ifIndex table format 2-758

disabling globally 2-757

disabling on an interface 2-753

enabling globally 2-757

enabling on an interface 2-753


disabling 2-755

enabling 2-755


configuring to send when storm occurs 2-796

disabling 2-755

enabling 2-755


adding     1

removing     1

SPAN commands

configuring a SPAN session to monitor 2-343

displaying SPAN session information 2-727, 2-797

SPAN enhancements

displaying status 2-662

Spanning Tree Protocol


SPAN session

displaying session information 2-662

filter ACLs 2-343

specify encap type 2-343

turn off host learning based on ingress packets 2-343

special characters

anchoring, table 1-10

SSO 2-341

standard desktop

enabling Cisco-recommended features 2-316

standard desktop and Cisco IP phone

enabling Cisco-recommended features 2-318

sticky address, configuring 2-384


disabling on PVLANs 2-262

enabling on PVLANs 2-262

sticky port

deleting 2-89

enabling security 2-811

storm control

configuring for action when storm occurs 2-796

disabling suppression mode 2-522

displaying settings 2-726

enabling 2-796

enabling broadcast 2-796, 2-798

enabling multicast 2-796, 2-798

enabling suppression mode 2-522

enabling timer to recover from error disable 2-188

enabling unicast 2-796, 2-798

multicast, enabling 2-798

setting high and low levels 2-796

setting suppression level 2-522


configuring link type for a port 2-768

configuring tunneling encapsulation rate 2-296

debugging all activities 2-128

debugging spanning tree activities 2-128

debugging spanning tree BackboneFast events 2-130

debugging spanning tree UplinkFast 2-133

detecting misconfiguration 2-765

displaying active interfaces only 2-718

displaying BackboneFast status 2-718

displaying bridge status and configuration 2-718

displaying spanning tree debug messages 2-128

displaying summary of interface information 2-718

enabling BPDU filtering by default on all PortFast ports 2-784

enabling BPDU filtering on an interface 2-761

enabling BPDU guard by default on all PortFast ports 2-786

enabling BPDU guard on an interface 2-763

enabling extended system ID 2-766

enabling loop guard as a default on all ports 2-769

enabling PortFast by default on all access ports 2-787

enabling PortFast mode 2-782

enabling protocol tunneling for 2-291

enabling root guard 2-767

enabling spanning tree BackboneFast 2-760

enabling spanning tree on a per VLAN basis 2-791

enabling spanning tree UplinkFast 2-789

setting an interface priority 2-788

setting drop threshold for 2-294

setting pathcost 2-764

setting the default pathcost calculation method 2-781

subinterface configuration mode, summary 1-6


creating a Layer 3 interface on a VLAN 2-208

switching characteristics

excluding from link-up calculation 2-803

modifying 2-803

returning to interfaces

capture function 2-803

switchport 2-827

switchport interfaces

displaying status of Layer 3 port 2-554

displaying status of native VLAN tagging 2-554

switch shim

debugging 2-131

disabling debugging 2-131

switch to router connection

enabling Cisco-recommended features 2-320

switch to switch connection

enabling Cisco-recommended features 2-322

switch virtual interface


sw-vlan 2-134

system prompts 1-5


Tab key

command completion 1-1


characters with special meaning 1-7

mac access-list extended subcommands 2-306

multipliers 1-9

relationship between duplex and speed commands 2-794

show cable-diagnostics tdr command output fields 2-488

show cdp neighbors detail field descriptions 2-496

show cdp neighbors field descriptions 2-495

show ip dhcp snooping command output 2-479, 2-635

show ip interface field descriptions 2-589

show policy-map control-plane field descriptions 2-672

show vlan command output fields 2-743

show vtp command output fields 2-748

special characters 1-9

special characters used for anchoring 1-10

speed command options 2-334, 2-794

valid interface types 2-203


displaying information useful to TAC 2-729


debugging spanning tree activities 2-128


displaying cable diagnostic test results 2-487

test condition of copper cables 2-833

temperature readings

displaying information 2-519

Ten-Gigabit Ethernet uplink

blocking ports on redundant Supervisor Engine 6-E 2-197

timer information 2-523

traffic monitor

display status 2-635

traffic shaping

enable on an interface 2-471

traps, enabling 2-755

trunk encapsulation

setting format 2-827

trunk interfaces

displaying trunk interfaces information 2-561

trust configuration, setting on an interface 2-393, 2-394

trust state

setting 2-215

tunnel ports

displaying information about Layer 2 protocol 2-629

TX queues

allocating bandwidth 2-843

returning to default values 2-843

setting priority to high 2-843

specifying burst size 2-843

specifying traffic rate 2-843



displaying administrative and operational status 2-731

enabling by default on all fiber interfaces 2-845

enabling on an individual interface 2-847

preventing a fiber interface from being enabled 2-847

resetting all shutdown ports 2-849

setting the message timer 2-845


counters 2-98

Unidirectional Link Detection


unidirection port control, changing from bidirectional 2-21

unknown multicast traffic, preventing 2-805

unknown unicast traffic, preventing 2-805

user EXEC mode, summary 1-5


setting password and privilege level 2-851



access-group mode 2-6

applying VLAN access maps 2-866

displaying VLAN access map information 2-737

specifying an action in a VLAN access map 2-13

specifying the match clause for a VLAN access-map sequence 2-329

using a VLAN filter 2-866


applying an ARP ACL 2-209

configuring 2-855

configuring service policies 2-860

converting to RSPAN VLAN 2-443

displaying CEF information 2-568

displaying CEF next-hop information 2-568

displaying information on switch interfaces 2-579, 2-583

displaying information on VLAN switch interfaces 2-586

displaying information sorted by group IP address 2-579, 2-583

displaying IP address and version information 2-579, 2-583

displaying Layer 2 VLAN information 2-733

displaying statistical information 2-660

displaying VLAN information 2-735

enabling dynamic ARP inspection 2-218

enabling Explicit Host Tracking 2-249

enabling guest per-port 2-154

enabling guest VLAN supplicant 2-147, 2-155

entering VLAN configuration mode 2-860, 2-862

native frames

enabling tagging on all 802.1Q trunk ports 2-864

pruning the list for VTP 2-827

setting the list of allowed 2-827

VLAN Access Control Lists


VLAN access map


VLAN database

resetting 2-445

VLAN debugging

limiting output 2-106

VLAN link-up calculation

excluding a switch port 2-803

including a switch port 2-803

VLAN manager

debugging 2-134

disabling debugging 2-134

IOS file system error tests

debugging 2-135

disabling debugging 2-135

VLAN Query Protocol


VLAN query protocol (VQPC)

debugging 2-141



counters 2-94

clearing hardware logic 2-70


internal allocation scheme 2-867


internal VLAN allocation information 2-740


entering VLAN configuration mode 2-862


configuring servers 2-871

reconfirming dynamic VLAN assignments 2-141, 2-869

voice VLANs

enabling 2-799


configuring auto-QoS 2-39


per-server retry count 2-870

reconfirming dynamic VLAN assignments 2-141, 2-869


configuring the administrative domain name 2-875

configuring the device in VTP client mode 2-874

configuring the device in VTP server mode 2-878

configuring the device in VTP transparent mode 2-879

configuring tunnel encapsulation rate 2-296

creating a VTP domain password 2-876

displaying domain information 2-747

displaying statistics information 2-747

enabling protocol tunneling for 2-291

enabling pruning in the VLAN database 2-877

enabling VTP version 2 mode 2-880

modifying the VTP configuration storage file name 2-873

set drop threshold for 2-294

VTP protocol code

activating debug messages 2-138

deactivating debug messages 2-138


Webauth fallback, enabling 2-26