Index A
aaa accounting dot1x command 1
aaa authentication dot1x command 3
aaa authorization network command 5, 22, 28, 30, 32, 34, 36, 141, 291, 451, 7, 34
AAA methods 3
access control entries
See ACEs
access control lists
See ACLs
access groups
IP 198
MAC, displaying 560
access mode 736
access ports 736
ACEs 126, 382
ACLs
deny 124
displaying 434
for non-IP protocols 295
IP 198
on Layer 2 interfaces 198
permit 380
address aliasing 358
aggregate-port learner 374
allowed VLANs 751
archive copy-sw command 6
archive download-sw command 9
archive tar command 13
archive upload-sw command 16
arp access-list command 18
authentication command bounce-port ignore 20
authentication command disable-port ignore 21
authentication control-direction command 22
authentication event command 24
authentication failed VLAN
See dot1x auth-fail vlan
authentication fallback command 28
authentication host-mode command 30
authentication mac-move permit command 32
authentication open command 34
authentication order command 36
authentication periodic command 38
authentication port-control command 40
authentication priority command 42
authentication timer command 44
authentication violation command 46
auth-fail max-attempts
See dot1x auth-fail max-attempts
auth-fail vlan
See dot1x auth-fail vlan
auth open command 34
auth order command 36
authorization state of controlled port 159
auth timer command 44
autonegotiation of duplex mode 173
auto qos classify command 48
auto qos trust command 51
auto qos video command 54
auto qos voip command 57
B
BackboneFast, for STP 661
backup interfaces
configuring 729
displaying 502
boot (boot loader) command 2
boot auto-copy-sw command 63
boot config-file command 65
boot enable-break command 66
boot helper command 67
boot helper-config file command 68
booting
Cisco IOS image 71
displaying environment variables 447
interrupting 66
manually 69
boot loader
accessing 1
booting
Cisco IOS image 2
helper image 67
directories
creating 15
displaying a list of 7
removing 19
displaying
available commands 12
memory heap utilization 13
version 26
environment variables
described 20
displaying settings 20
location of 21
setting 20
unsetting 24
files
copying 5
deleting 6
displaying a list of 7
displaying the contents of 4, 16, 23
renaming 17
file system
formatting 10
initializing flash 9
running a consistency check 11
prompt 1
resetting the system 18
boot manual command 69
boot private-config-file command 70
boot system command 71
BPDU filtering, for spanning tree 662, 696
BPDU guard, for spanning tree 664, 696
broadcast storm control 717
C
candidate switches
See clusters
cat (boot loader) command 4
channel-group command 73
channel-protocol command 76
Cisco IP camera
auto-QoS configuration 54
Cisco SoftPhone
auto-QoS configuration 57
trusting packets sent from 350
Cisco Telepresence System
auto-QoS configuration 54
CISP
See Client Information Signalling Protocol
cisp
debug platform cisp command 34
cisp enable command 77
class command 78
class-map command 81
class maps
creating 81
defining the match criteria 307
displaying 452
class of service
See CoS
clear dot1x command 84
clear eap sessions command 85
clear errdisable interface 86
clear ip arp inspection log command 83
clear ip arp inspection statistics command 87
clear ip dhcp snooping database command 88
clear lacp command 90
clear logging onboard command 91
clear mac address-table command 92, 94
clear nmsp statistics command 95
clear pagp command 96
clear port-security command 97
clear psp counter 99
clear psp counter command 99
clear spanning-tree counters command 100
clear spanning-tree detected-protocols command 101
clear vmps statistics command 102
clear vtp counters command 103
Client Information Signalling Protocol 77, 141, 451, 7, 34
cluster commander-address command 104
cluster discovery hop-count command 106
cluster enable command 107
cluster holdtime command 108
cluster member command 109
cluster outside-interface command 111
cluster run command 112
clusters
adding candidates 109
binding to HSRP group 113
building manually 109
communicating with
devices outside the cluster 111
members by using Telnet 406
debug messages, display 8
displaying
candidate switches 455
debug messages 8
member switches 457
status 453
hop-count limit for extended discovery 106
HSRP standby groups 113
redundancy 113
SNMP trap 651
cluster standby-group command 113
cluster timer command 115
command modes defined 2
command switch
See clusters
configuration files
password recovery disable considerations 1
specifying the name 65, 70
configuring multiple interfaces 193
config-vlan mode
commands 773
entering 772
copy (boot loader) command 5
copy logging onboard command 116
CoS
assigning default value to incoming packets 318
overriding the incoming value 318
CoS-to-DSCP map 322
CPU ASIC statistics, displaying 459
crashinfo files 184
critical VLAN 26
D
debug authentication 2
debug auto qos command 4
debug backup command 6
debug cisp command 7
debug cluster command 8
debug dot1x command 10
debug dtp command 12
debug eap command 13
debug etherchannel command 14
debug ilpower command 15
debug interface command 16
debug ip dhcp snooping command 17
debug ip igmp filter command 19
debug ip igmp max-groups command 20
debug ip igmp snooping command 21
debug ip verify source packet command 18
debug lacp command 22
debug lldp packets command 23
debug mac-notification command 24
debug matm command 25
debug matm move update command 26
debug monitor command 27
debug mvrdbg command 28
debug nmsp command 29
debug nvram command 30
debug pagp command 31
debug platform acl command 32
debug platform backup interface command 33
debug platform cisp command 34
debug platform cli-redirection main command 35
debug platform configuration command 42
debug platform cpu-queues command 37
debug platform dot1x command 39
debug platform etherchannel command 40
debug platform forw-tcam command 41
debug platform ip arp inspection command 43
debug platform ip dhcp command 44
debug platform ip igmp snooping command 45
debug platform ip source-guard command 47
debug platform led command 48
debug platform matm command 49
debug platform messaging application command 50
debug platform phy command 51
debug platform pm command 53
debug platform port-asic command 55
debug platform port-security command 56
debug platform qos-acl-tcam command 57
debug platform resource-manager command 58
debug platform snmp command 59
debug platform span command 60
debug platform stack-manager command 61
debug platform supervisor-asic command 62
debug platform sw-bridge command 63
debug platform tcam command 64
debug platform udld command 66
debug platform vlan command 67
debug pm command 68
debug port-security command 70
debug qos-manager command 71
debug spanning-tree backbonefast command 74
debug spanning-tree bpdu command 75
debug spanning-tree bpdu-opt command 76
debug spanning-tree command 72
debug spanning-tree mstp command 77
debug spanning-tree switch command 79
debug spanning-tree uplinkfast command 81
debug sw-vlan command 82
debug sw-vlan ifs command 84
debug sw-vlan notification command 85
debug sw-vlan vtp command 87
debug udld command 89
debug vqpc command 91
define interface-range command 118
delete (boot loader) command 6
delete command 120
deny (ARP access-list configuration) command 122
deny command 124
detect mechanism, causes 175
DHCP snooping
accepting untrusted packets from edge switch 229
enabling
on a VLAN 234
option 82 227, 229
trust on an interface 232
error recovery timer 181
rate limiting 231
DHCP snooping binding database
binding file, configuring 225
bindings
adding 223
deleting 223
clearing database agent statistics 88
database agent, configuring 225
renewing 414
dir (boot loader) command 7
directories, deleting 120
domain name, VTP 782
dot1x auth-fail max-attempts 135
dot1x auth-fail vlan 137
dot1x command 133
dot1x control-direction command 139
dot1x credentials (global configuration) command 141
dot1x critical global configuration command 142
dot1x critical interface configuration command 144
dot1x default command 146
dot1x fallback command 147
dot1x guest-vlan command 148
dot1x host-mode command 150
dot1x initialize command 152
dot1x mac-auth-bypass command 153
dot1x max-reauth-req command 155
dot1x max-req command 157
dot1x pae command 158
dot1x port-control command 159
dot1x re-authenticate command 161
dot1x reauthentication command 162
dot1x supplicant controlled transient command 163
dot1x supplicant force-multicast command 165
dot1x test eapol-capable command 166
dot1x test timeout command 167
dot1x timeout command 168
dot1x violation-mode command 171
DSCP-to-CoS map 322
DSCP-to-DSCP-mutation map 322
DTP 737
DTP flap
error detection for 175
error recovery timer 181
DTP negotiation 738
dual-purpose uplink ports
displaying configurable options 505
displaying the active media 508
selecting the type 310
duplex command 172
dynamic-access ports
configuring 727
restrictions 728
dynamic ARP inspection
ARP ACLs
apply to a VLAN 206
define 18
deny packets 122
display 438
permit packets 378
clear
log buffer 83
statistics 87
display
ARP ACLs 438
configuration and operating state 513
log buffer 513
statistics 513
trust state and rate limit 513
enable per VLAN 216
log buffer
clear 83
configure 210
display 513
rate-limit incoming ARP packets 208
statistics
clear 87
display 513
trusted interface state 212
type of packet logged 217
validation checks 214
dynamic auto VLAN membership mode 736
dynamic desirable VLAN membership mode 736
Dynamic Host Configuration Protocol (DHCP)
See DHCP snooping
Dynamic Trunking Protocol
See DTP
E
EAP-request/identity frame
maximum number to send 157
response time before retransmitting 168
environment variables, displaying 447
epm access-control open 174
errdisable detect cause command 175
errdisable detect cause small-frame comand 178
errdisable recovery cause small-frame 180
errdisable recovery command 181
error conditions, displaying 493
error disable detection 175
error-disabled interfaces, displaying 502
EtherChannel
assigning Ethernet interface to channel group 73
creating port-channel logical interface 191
debug EtherChannel/PAgP, display 14
debug platform-specific events, display 40
displaying 496
interface information, displaying 502
LACP
clearing channel-group information 90, 91
debug messages, display 22
displaying 547
modes 73
port priority for hot-standby ports 276
restricting a protocol 76
system priority 278
load-distribution methods 389
PAgP
aggregate-port learner 374
clearing channel-group information 96
debug messages, display 31
displaying 601
error detection for 175
error recovery timer 181
learn method 374
modes 73
physical-port learner 374
priority of interface for transmitted traffic 376
Ethernet controller, internal register display 461
Ethernet controller, stackport information 468
Ethernet statistics, collecting 417
exception crashinfo command 184, 189
extended discovery of candidate switches 106
extended-range VLANs
and allowed VLAN list 751
and pruning-eligible list 751
configuring 772
extended system ID for STP 670
F
fallback profile command 185
fallback profiles, displaying 499
fan information, displaying 490
file name, VTP 782
files, deleting 120
flash_init (boot loader) command 9
flexible authentication ordering 36
Flex Links
configuring 729
configuring preferred VLAN 732
displaying 502
flowcontrol command 187
format (boot loader) command 10
fsck (boot loader) command 11
G
global configuration mode 2, 4
H
hardware ACL statistics 434
help (boot loader) command 12
hierarchical policy maps 388
hop-count limit for clusters 106
host connection, port configuration 735
Hot Standby Router Protocol
See HSRP
HSRP
binding HSRP group to cluster 113
standby group 113
I
IEEE 802.1x
and switchport modes 737
violation error recovery 181
See also port-based authentication
IEEE 802.1X Port Based Authentication
enabling guest VLAN supplicant 135, 147, 186
IGMP filters
applying 237
debug messages, display 19
IGMP groups, setting maximum 238
IGMP maximum groups, debugging 20
IGMP profiles
creating 240
displaying 525
IGMP snooping
adding ports as a static member of a group 256
displaying 526
enabling 242
enabling the configurable-leave timer 244
enabling the Immediate-Leave feature 253
flooding query count 250
interface topology change notification behavior 252
querier 246
query solicitation 250
report suppression 248
switch topology change notification behavior 250
images
See software images
Immediate-Leave feature, MVR 360
immediate-leave processing 253
Immediate-Leave processing, IPv6 274
interface configuration mode 3, 4
interface port-channel command 191
interface range command 193
interface-range macros 118
interfaces
assigning Ethernet interface to channel group 73
configuring 172
configuring multiple 193
creating port-channel logical 191
debug messages, display 16
disabling 647
displaying the MAC address table 569
restarting 647
interface speed, configuring 706
interface vlan command 196
internal registers, displaying 461, 468, 474
Internet Group Management Protocol
See IGMP
invalid GBIC
error detection for 175
error recovery timer 181
ip access-group command 198
ip address command 200
IP addresses, setting 200
ip admission command 202
ip admission name proxy http command 204
ip arp inspection filter vlan command 206
ip arp inspection limit command 208
ip arp inspection log-buffer command 210
ip arp inspection trust command 212
ip arp inspection validate command 214
ip arp inspection vlan command 216
ip arp inspection vlan logging command 217
ip device tracking command 221
ip device tracking probe command 219
IP DHCP snooping
See DHCP snooping
ip dhcp snooping binding command 223
ip dhcp snooping command 222
ip dhcp snooping database command 225
ip dhcp snooping information option allow-untrusted command 229
ip dhcp snooping information option command 227
ip dhcp snooping limit rate command 231
ip dhcp snooping trust command 232
ip dhcp snooping verify command 233
ip dhcp snooping vlan command 234
ip dhcp snooping vlan information option format-type circuit-id string command 235
ip igmp filter command 237
ip igmp max-groups command 238
ip igmp profile command 240
ip igmp snooping command 242
ip igmp snooping last-member-query-interval command 244
ip igmp snooping querier command 246
ip igmp snooping report-suppression command 248
ip igmp snooping tcn command 250
ip igmp snooping tcn flood command 252
ip igmp snooping vlan immediate-leave command 253
ip igmp snooping vlan mrouter command 254
ip igmp snooping vlan static command 256
IP multicast addresses 357
IP phones
auto-QoS configuration 57
trusting packets sent from 350
IP-precedence-to-DSCP map 322
ip source binding command 258
IP source guard
disabling 261
enabling 261
static IP source bindings 258
ip ssh command 260
ipv6 mld snooping command 262
ipv6 mld snooping last-listener-query count command 264
ipv6 mld snooping last-listener-query-interval command 266
ipv6 mld snooping listener-message-suppression command 268
ipv6 mld snooping robustness-variable command 270
ipv6 mld snooping tcn command 272
ipv6 mld snooping vlan command 274
IPv6 SDM template 418
ip verify source command 261
J
jumbo frames
See MTU
L
LACP
See EtherChannel
lacp port-priority command 276
lacp system-priority command 278
Layer 2 traceroute
IP addresses 762
MAC addresses 759
line configuration mode 3, 5
Link Aggregation Control Protocol
See EtherChannel
link flap
error detection for 175
error recovery timer 181
link state group command 280
link state track command 282
load-distribution methods for EtherChannel 389
location (global configuration) command 283
location (interface configuration) command 285
logging event command 287
logging event power-inline-status command 288
logging file command 289
logical interface 191
loopback error
detection for 175
recovery timer 181
loop guard, for spanning tree 672, 676
M
mab request format attribute 32 command 291
mac access-group command 293
MAC access-groups, displaying 560
MAC access list configuration mode 295
mac access-list extended command 295
MAC access lists 124
MAC addresses
disabling MAC address learning per VLAN 298
displaying
dynamic 567
notification settings 572
number of addresses in a VLAN 566
per interface 569
per VLAN 576
static 574
static and dynamic entries 561
dynamic
aging time 297
deleting 92
displaying 567
enabling MAC address notification 302
enabling MAC address-table move update 300
persistent stack 714
static
adding and removing 304
displaying 574
dropping on an interface 305
MAC address notification, debugging 24
mac address-table aging-time 293
mac address-table aging-time command 297
mac address-table learning command 298
mac address-table move update command 300
mac address-table notification command 302
mac address-table static command 304
mac address-table static drop command 305
macros
interface range 118, 193
maps
QoS
defining 322
match (class-map configuration) command 307
maximum transmission unit
See MTU
mdix auto command 309
media-type (interface configuration) command 310
media-type rj45 (line configuration) command 312
member switches
See clusters
memory (boot loader) command 13
mkdir (boot loader) command 15
MLD snooping
configuring 268, 270
configuring queries 264, 266
configuring topology change notification 272
displaying 537
enabling 262
MLD snooping on a VLAN, enabling 274
mls qos aggregate-policer command 316
mls qos command 314
mls qos cos command 318
mls qos dscp-mutation command 320
mls qos map command 322
mls qos queue-set output buffers command 326
mls qos queue-set output threshold command 328
mls qos queue-set stack buffers command 330
mls qos rewrite ip dscp command 332
mls qos srr-queue input bandwidth command 334
mls qos srr-queue input buffers command 336
mls qos-srr-queue input cos-map command 338
mls qos srr-queue input dscp-map command 340
mls qos srr-queue input priority-queue command 342
mls qos srr-queue input threshold command 344
mls qos-srr-queue output cos-map command 346
mls qos srr-queue output dscp-map command 348
mls qos trust command 350
mode, MVR 357
Mode button, and password recovery 422
modes, commands 2
monitor session command 352
more (boot loader) command 16
MSTP
displaying 618
interoperability 101
link type 674
MST region
aborting changes 679
applying changes 679
configuration name 679
configuration revision number 679
current or pending display 679
displaying 618
MST configuration mode 679
VLANs-to-instance mapping 679
path cost 681
protocol mode 677
restart protocol migration process 101
root port
loop guard 672
preventing from becoming designated 672
restricting which can be root 672
root guard 672
root switch
affects of extended system ID 670
hello-time 684, 692
interval between BDPU messages 685
interval between hello BPDU messages 684, 692
max-age 685
maximum hop count before discarding BPDU 686
port priority for selection of 688
primary or secondary 692
switch priority 691
state changes
blocking to forwarding state 698
enabling BPDU filtering 662, 696
enabling BPDU guard 664, 696
enabling Port Fast 696, 698
forward-delay time 683
length of listening and learning states 683
rapid transition to forwarding 674
shutting down Port Fast-enabled ports 696
state information display 617
MTU
configuring size 756
displaying global setting 630
Multicase Listener Discovery
See MLD
multicast group address, MVR 360
multicast groups, MVR 358
Multicast Listener Discovery
See MLD
multicast router learning method 254
multicast router ports, configuring 254
multicast router ports, IPv6 274
multicast storm control 717
multicast VLAN, MVR 358
multicast VLAN registration
See MVR
Multiple Spanning Tree Protocol
See MSTP
MVR
and address aliasing 358
configuring 357
configuring interfaces 360
debug messages, display 28
displaying 592
displaying interface information 593
members, displaying 595
mvr (global configuration) command 357
mvr (interface configuration) command 360
mvr vlan group command 361
N
native VLANs 751
Network Admission Control Software Configuration Guide 203, 205
network-policy (global configuration) command 364
network-policy command 363
network-policy profile (network-policy configuration) command 366
nmsp attachment suppress command 370
nmsp command 368
no authentication logging verbose 371
no dot1x logging verbose 372
no mab logging verbose 373
nonegotiate, speed 706
nonegotiating DTP messaging 738
non-IP protocols
denying 124
forwarding 380
non-IP traffic access lists 295
non-IP traffic forwarding
denying 124
permitting 380
normal-range VLANs 772
no vlan command 772
O
online diagnostics
displaying
configured boot-up coverage level 478
current scheduled tasks 478
event logs 478
supported test suites 478
test ID 478
test results 478
test statistics 478
global configuration mode
clearing health monitoring diagnostic test schedule 87
clearing test-based testing schedule 129
setting health monitoring diagnostic testing 87
setting test-based testing 129
setting up health monitoring diagnostic test schedule 87
setting up test-based testing 129
health monitoring diagnostic tests, configuring 127
scheduled switchover
disabling 129
enabling 129
scheduling
enabling 129
removing 129
testing, starting 131
test interval, setting 129
P
PAgP
See EtherChannel
pagp learn-method command 374
pagp port-priority command 376
password, VTP 783
password-recovery mechanism, enabling and disabling 422
permit (ARP access-list configuration) command 378
permit (MAC access-list configuration) command 380
per-VLAN spanning-tree plus
See STP
physical-port learner 374
PIM-DVMRP, as multicast router learning method 254
PoE
configuring the power budget 393
configuring the power management mode 390
displaying controller register values 472
displaying power management information 606
logging of status 288
monitoring power 395
policing power consumption 395
police aggregate command 385
police command 383
policed-DSCP map 322
policy-map command 387
policy maps
applying to an interface 424, 429
creating 387
hierarchical 388
policers
displaying 579
for a single class 383
for multiple classes 316, 385
policed-DSCP map 322
traffic classification
defining the class 78
defining trust states 764
setting DSCP or IP precedence values 427
Port Aggregation Protocol
See EtherChannel
port-based authentication
AAA method list 3
configuring violation modes 171
debug messages, display 10
enabling IEEE 802.1x
globally 133
per interface 159
guest VLAN 148
host modes 150
IEEE 802.1x AAA accounting methods 1
initialize an interface 152, 167
MAC authentication bypass 153
manual control of authorization state 159
PAE as authenticator 158
periodic re-authentication
enabling 162
time between attempts 168
quiet period between failed authentication exchanges 168
re-authenticating IEEE 802.1x-enabled ports 161
resetting configurable IEEE 802.1x parameters 146
switch-to-authentication server retransmission time 168
switch-to-client frame-retransmission number 155 to 157
switch-to-client retransmission time 168
test for IEEE 802.1x readiness 166
port-channel load-balance command 389
Port Fast, for spanning tree 698
port ranges, defining 116, 118
ports, debugging 68
ports, protected 749
port security
aging 745
debug messages, display 70
enabling 740
violation error recovery 181
port trust states for QoS 350
port types, MVR 360
power information, displaying 490
power inline command 390
power inline consumption command 393
power inline police command 395
Power over Ethernet
See PoE
priority-queue command 398
priority value, stack member 625, 722
privileged EXEC mode 2, 3
protected ports, displaying 507
pruning
VLANs 751
VTP
displaying interface information 502
enabling 783
pruning-eligible VLAN list 752
psp 400
psp command 400
PVST+
See STP
Q
QoS
auto-QoS
configuring 57
debug messages, display 4
auto-QoS trust
configuring 51
auto-QoS video
configuring 54
class maps
creating 81
defining the match criteria 307
displaying 452
defining the CoS value for an incoming packet 318
displaying configuration information 578
DSCP transparency 332
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 320
defining DSCP-to-DSCP-mutation map 322
egress queues
allocating buffers 326
defining the CoS output queue threshold map 346
defining the DSCP output queue threshold map 348
displaying buffer allocations 581
displaying CoS output queue threshold map 585
displaying DSCP output queue threshold map 585
displaying queueing strategy 581
displaying queue-set settings 588
enabling bandwidth shaping and scheduling 710
enabling bandwidth sharing and scheduling 712
limiting the maximum output on a port 708
mapping a port to a queue-set 401
mapping CoS values to a queue and threshold 346
mapping DSCP values to a queue and threshold 348
setting maximum and reserved memory allocations 328
setting WTD thresholds 328
enabling 314
ingress queues
allocating buffers 336
assigning SRR scheduling weights 334
defining the CoS input queue threshold map 338
defining the DSCP input queue threshold map 340
displaying buffer allocations 581
displaying CoS input queue threshold map 585
displaying DSCP input queue threshold map 585
displaying queueing strategy 581
displaying settings for 580
enabling the priority queue 342
mapping CoS values to a queue and threshold 338
mapping DSCP values to a queue and threshold 340
setting WTD thresholds 344
maps
defining 322, 338, 340, 346, 348
policy maps
applying an aggregate policer 385
applying to an interface 424, 429
creating 387
defining policers 316, 383
displaying policers 579
hierarchical 388
policed-DSCP map 322
setting DSCP or IP precedence values 427
traffic classifications 78
trust states 764
port trust states 350
queues, enabling the expedite 398
statistics
in-profile and out-of-profile packets 581
packets enqueued or dropped 581
sent and received CoS values 581
sent and received DSCP values 581
trusted boundary for IP phones 350
quality of service
See QoS
querytime, MVR 357
queue-set command 401
R
radius-server dead-criteria command 402
radius-server host command 404
rapid per-VLAN spanning-tree plus
See STP
rapid PVST+
See STP
rcommand command 406
re-authenticating IEEE 802.1x-enabled ports 161
re-authentication
periodic 162
time between attempts 168
receiver ports, MVR 360
receiving flow-control packets 187
recovery mechanism
causes 181
display 86, 449, 492, 494
timer interval 182
redundancy for cluster switches 113
reload command 408
remote command 410
remote-span command 412
Remote Switched Port Analyzer
See RSPAN
rename (boot loader) command 17
renew ip dhcp snooping database command 414
reset (boot loader) command 18
resource templates, displaying 613
restricted VLAN
See dot1x auth-fail vlan
rmdir (boot loader) command 19
rmon collection stats command 417
root guard, for spanning tree 672
RSPAN
configuring 352
filter RSPAN traffic 352
remote-span command 412
S
scheduled switchover
disabling 129
enabling 129
SDM mismatch mode 626
sdm prefer command 418
SDM templates
displaying 613
dual IPv4 and IPv6 418
secure ports, limitations 742
sending flow-control packets 187
service password-recovery command 422
service-policy command 424
session command 426
set (boot loader) command 20
set command 427
setup command 429
setup express command 432
show access-lists command 434
show archive status command 437
show arp access-list command 438
show authentication command 439
show auto qos command 443
show boot command 447
show cable-diagnostics tdr command 449
show cisp command 451
show class-map command 452
show cluster candidates command 455
show cluster command 453
show cluster members command 457
show controllers cpu-interface command 459
show controllers ethernet-controller command 461
show controllers power inline command 472
show controllers tcam command 474
show controller utilization command 476
show dot1x command 481
show dtp 485
show eap command 487
show env command 490
show errdisable detect command 492
show errdisable flap-values command 493
show errdisable recovery command 494
show etherchannel command 496
show fallback profile command 499
show flowcontrol command 500
show interfaces command 502
show interfaces counters command 510
show inventory command 512
show ip arp inspection command 513
show ip dhcp snooping binding command 518
show ip dhcp snooping command 517
show ip dhcp snooping database command 520, 522
show ip igmp profile command 525
show ip igmp snooping command 526, 537
show ip igmp snooping groups command 529
show ip igmp snooping mrouter command 531
show ip igmp snooping querier command 532
show ip source binding command 534
show ipv6 route updated 545
show ip verify source command 535
show lacp command 547
show link state group command 551
show logging onboard command 555
show mac access-group command 560
show mac address-table address command 563
show mac address-table aging time command 564
show mac address-table command 561
show mac address-table count command 566
show mac address-table dynamic command 567
show mac address-table interface command 569
show mac address-table move update command 571
show mac address-table notification command 94, 572, 26
show mac address-table static command 574
show mac address-table vlan command 576
show mls qos aggregate-policer command 579
show mls qos command 578
show mls qos input-queue command 580
show mls qos interface command 581
show mls qos maps command 585
show mls qos queue-set command 588
show mls qos vlan command 589
show monitor command 590
show mvr command 592
show mvr interface command 593
show mvr members command 595
show network-policy profile command 597
show nmsp command 598
show pagp command 601
show platform acl command 2
show platform backup interface command 3
show platform etherchannel command 4
show platform forward command 5
show platform frontend-controller command 7
show platform igmp snooping command 8
show platform ip unicast command 9
show platform layer4op command 10
show platform mac-address-table command 11
show platform messaging command 12
show platform monitor command 13
show platform mvr table command 14
show platform pm command 15
show platform port-asic command 16
show platform port-security command 21
show platform qos command 22
show platform resource-manager command 23
show platform snmp counters command 25
show platform spanning-tree command 26
show platform stack manager command 28
show platform stp-instance command 27
show platform tb command 32
show platform tcam command 34
show platform vlan command 36
show policy-map command 603
show port security command 604
show power inline command 606
show psp config 611
show psp config command 611
show psp statistics 612
show psp statistics command 612
show sdm prefer command 613
show setup express command 616
show spanning-tree command 617
show storm-control command 623
show switch command 625
show system mtu command 630
show trust command 764
show udld command 631
show version command 634
show vlan command 636
show vlan command, fields 637
show vmps command 639
show vtp command 641
shutdown command 647
shutdown vlan command 648
small violation-rate command 649
SNMP host, specifying 655
SNMP informs, enabling the sending of 651
snmp-server enable traps command 651
snmp-server host command 655
snmp trap mac-notification change command 659
SNMP traps
enabling MAC address notification trap 659
enabling the MAC address notification feature 302
enabling the sending of 651
SoftPhone
See Cisco SoftPhone
software images
copying 6
deleting 120
downloading 9
upgrading 6, 9
uploading 16
software version, displaying 634
source ports, MVR 360
SPAN
configuring 352
debug messages, display 27
filter SPAN traffic 352
sessions
add interfaces to 352
start new 352
spanning-tree backbonefast command 661
spanning-tree bpdufilter command 662
spanning-tree bpduguard command 664
spanning-tree cost command 666
spanning-tree etherchannel command 668
spanning-tree extend system-id command 670
spanning-tree guard command 672
spanning-tree link-type command 674
spanning-tree loopguard default command 676
spanning-tree mode command 677
spanning-tree mst configuration command 679
spanning-tree mst cost command 681
spanning-tree mst forward-time command 683
spanning-tree mst hello-time command 684
spanning-tree mst max-age command 685
spanning-tree mst max-hops command 686
spanning-tree mst port-priority command 688
spanning-tree mst pre-standard command 690
spanning-tree mst priority command 691
spanning-tree mst root command 692
spanning-tree portfast (global configuration) command 696
spanning-tree portfast (interface configuration) command 698
spanning-tree port-priority command 694
Spanning Tree Protocol
See STP
spanning-tree transmit hold-count command 700
spanning-tree uplinkfast command 701
spanning-tree vlan command 703
speed command 706
srr-queue bandwidth limit command 708
srr-queue bandwidth share command 712
SSH, configuring version 260
stack-mac persistent timer command 714
stack member
access 426
number 625, 725
priority value 722
provisioning 723
reloading 408
stacks, switch
disabling a member 720
enabling a member 720
MAC address 714
provisioning a new member 723
reloading 408
stack member access 426
stack member number 625, 725
stack member priority value 625, 722
static-access ports, configuring 727
statistics, Ethernet group 417
sticky learning, enabling 740
storm-control command 717
STP
BackboneFast 661
counters, clearing 100
debug messages, display
BackboneFast events 74
MSTP 77
optimized BPDUs handling 76
spanning-tree activity 72
switch shim 79
transmitted and received BPDUs 75
UplinkFast 81
detection of indirect link failures 661
EtherChannel misconfiguration 668
extended system ID 670
path cost 666
protocol modes 677
root port
accelerating choice of new 701
loop guard 672
preventing from becoming designated 672
restricting which can be root 672
root guard 672
UplinkFast 701
root switch
affects of extended system ID 670, 704
hello-time 703
interval between BDPU messages 703
interval between hello BPDU messages 703
max-age 703
port priority for selection of 694
primary or secondary 703
switch priority 703
state changes
blocking to forwarding state 698
enabling BPDU filtering 662, 696
enabling BPDU guard 664, 696
enabling Port Fast 696, 698
enabling timer to recover from error state 181
forward-delay time 703
length of listening and learning states 703
shutting down Port Fast-enabled ports 696
state information display 617
VLAN options 691, 703
Switched Port Analyzer
See SPAN
switchport access command 727
switchport backup interface command 729
switchport block command 733
switchport host command 735
switchport mode command 736
switchport nonegotiate command 738
switchport port-security aging command 745
switchport port-security command 740
switchport priority extend command 747
switchport protected command 749
switchports, displaying 502
switchport trunk command 751
switchport voice vlan command 754
switch priority command 720, 722
switch provision command 723
switch renumber command 725
system message logging 288
system message logging, save message to flash 289
system mtu command 756
system resource templates 418
T
tar files, creating, listing, and extracting 13
TDR, running 758
Telnet, using to communicate to cluster switches 406
temperature information, displaying 490
templates, system resources 418
test cable-diagnostics tdr command 758
traceroute mac command 759
traceroute mac ip command 762
trunking, VLAN mode 736
trunk mode 736
trunk ports 736
trunks, to non-DTP device 737
trusted boundary for QoS 350
trusted port states for QoS 350
type (boot loader) command 23
U
UDLD
aggressive mode 766, 768
debug messages, display 89
enable globally 766
enable per interface 768
error recovery timer 181
message timer 766
normal mode 766, 768
reset a shutdown interface 770
status 631
udld command 766
udld port command 768
udld reset command 770
unicast storm control 717
UniDirectional Link Detection
See UDLD
unknown multicast traffic, preventing 733
unknown unicast traffic, preventing 733
unset (boot loader) command 24
upgrading
software images
copying 6
downloading 9
monitoring status of 437
UplinkFast, for STP 701
usb-inactivity-timeout (console configuration) command 771
user EXEC mode 2, 3
V
version (boot loader) command 26
version mismatch mode 626
vlan (global configuration) command 772
VLAN configuration
rules 775
saving 772
VLAN configuration mode
description 5
summary 3
VLAN ID range 772
VLAN Query Protocol
See VQP
VLANs
adding 772
configuring 772
debug messages, display
ISL 85
VLAN IOS file system error tests 84
VLAN manager activity 82
VTP 87
displaying configurations 636
enabling guest VLAN supplicant 135, 147, 186
extended-range 772
MAC addresses
displaying 576
number of 566
media types 774
normal-range 772
restarting 648
saving the configuration 772
shutting down 648
SNMP traps for VTP 653, 656
suspending 648
VLAN Trunking Protocol
See VTP
VM mode 626
VMPS
configuring servers 780
displaying 639
error recovery timer 182
reconfirming dynamic VLAN assignments 777
vmps reconfirm (global configuration) command 778
vmps reconfirm (privileged EXEC) command 777
vmps retry command 779
vmps server command 780
voice VLAN
configuring 754
setting port priority 747
VQP
and dynamic-access ports 728
clearing client statistics 102
displaying information 639
per-server retry count 779
reconfirmation interval 778
reconfirming dynamic VLAN assignments 777
VTP
changing characteristics 782
clearing pruning counters 103
configuring
domain name 782
file name 782
mode 782
password 783
counters display fields 643
displaying information 641
enabling
pruning 783
Version 2 783
enabling per port 787
mode 782
pruning 783
saving the configuration 772
statistics 641
status 641
status display fields 644
vtp (global configuration) command 782
vtp interface configuration) command 787
vtp primary command 788
Index
A
aaa accounting dot1x command 1
aaa authentication dot1x command 3
aaa authorization network command 5, 22, 28, 30, 32, 34, 36, 141, 291, 451, 7, 34
AAA methods 3
access control entries
See ACEs
access control lists
See ACLs
access groups
IP 198
MAC, displaying 560
access mode 736
access ports 736
ACEs 126, 382
ACLs
deny 124
displaying 434
for non-IP protocols 295
IP 198
on Layer 2 interfaces 198
permit 380
address aliasing 358
aggregate-port learner 374
allowed VLANs 751
archive copy-sw command 6
archive download-sw command 9
archive tar command 13
archive upload-sw command 16
arp access-list command 18
authentication command bounce-port ignore 20
authentication command disable-port ignore 21
authentication control-direction command 22
authentication event command 24
authentication failed VLAN
See dot1x auth-fail vlan
authentication fallback command 28
authentication host-mode command 30
authentication mac-move permit command 32
authentication open command 34
authentication order command 36
authentication periodic command 38
authentication port-control command 40
authentication priority command 42
authentication timer command 44
authentication violation command 46
auth-fail max-attempts
See dot1x auth-fail max-attempts
auth-fail vlan
See dot1x auth-fail vlan
auth open command 34
auth order command 36
authorization state of controlled port 159
auth timer command 44
autonegotiation of duplex mode 173
auto qos classify command 48
auto qos trust command 51
auto qos video command 54
auto qos voip command 57
B
BackboneFast, for STP 661
backup interfaces
configuring 729
displaying 502
boot (boot loader) command 2
boot auto-copy-sw command 63
boot config-file command 65
boot enable-break command 66
boot helper command 67
boot helper-config file command 68
booting
Cisco IOS image 71
displaying environment variables 447
interrupting 66
manually 69
boot loader
accessing 1
booting
Cisco IOS image 2
helper image 67
directories
creating 15
displaying a list of 7
removing 19
displaying
available commands 12
memory heap utilization 13
version 26
environment variables
described 20
displaying settings 20
location of 21
setting 20
unsetting 24
files
copying 5
deleting 6
displaying a list of 7
displaying the contents of 4, 16, 23
renaming 17
file system
formatting 10
initializing flash 9
running a consistency check 11
prompt 1
resetting the system 18
boot manual command 69
boot private-config-file command 70
boot system command 71
BPDU filtering, for spanning tree 662, 696
BPDU guard, for spanning tree 664, 696
broadcast storm control 717
C
candidate switches
See clusters
cat (boot loader) command 4
channel-group command 73
channel-protocol command 76
Cisco IP camera
auto-QoS configuration 54
Cisco SoftPhone
auto-QoS configuration 57
trusting packets sent from 350
Cisco Telepresence System
auto-QoS configuration 54
CISP
See Client Information Signalling Protocol
cisp
debug platform cisp command 34
cisp enable command 77
class command 78
class-map command 81
class maps
creating 81
defining the match criteria 307
displaying 452
class of service
See CoS
clear dot1x command 84
clear eap sessions command 85
clear errdisable interface 86
clear ip arp inspection log command 83
clear ip arp inspection statistics command 87
clear ip dhcp snooping database command 88
clear lacp command 90
clear logging onboard command 91
clear mac address-table command 92, 94
clear nmsp statistics command 95
clear pagp command 96
clear port-security command 97
clear psp counter 99
clear psp counter command 99
clear spanning-tree counters command 100
clear spanning-tree detected-protocols command 101
clear vmps statistics command 102
clear vtp counters command 103
Client Information Signalling Protocol 77, 141, 451, 7, 34
cluster commander-address command 104
cluster discovery hop-count command 106
cluster enable command 107
cluster holdtime command 108
cluster member command 109
cluster outside-interface command 111
cluster run command 112
clusters
adding candidates 109
binding to HSRP group 113
building manually 109
communicating with
devices outside the cluster 111
members by using Telnet 406
debug messages, display 8
displaying
candidate switches 455
debug messages 8
member switches 457
status 453
hop-count limit for extended discovery 106
HSRP standby groups 113
redundancy 113
SNMP trap 651
cluster standby-group command 113
cluster timer command 115
command modes defined 2
command switch
See clusters
configuration files
password recovery disable considerations 1
specifying the name 65, 70
configuring multiple interfaces 193
config-vlan mode
commands 773
entering 772
copy (boot loader) command 5
copy logging onboard command 116
CoS
assigning default value to incoming packets 318
overriding the incoming value 318
CoS-to-DSCP map 322
CPU ASIC statistics, displaying 459
crashinfo files 184
critical VLAN 26
D
debug authentication 2
debug auto qos command 4
debug backup command 6
debug cisp command 7
debug cluster command 8
debug dot1x command 10
debug dtp command 12
debug eap command 13
debug etherchannel command 14
debug ilpower command 15
debug interface command 16
debug ip dhcp snooping command 17
debug ip igmp filter command 19
debug ip igmp max-groups command 20
debug ip igmp snooping command 21
debug ip verify source packet command 18
debug lacp command 22
debug lldp packets command 23
debug mac-notification command 24
debug matm command 25
debug matm move update command 26
debug monitor command 27
debug mvrdbg command 28
debug nmsp command 29
debug nvram command 30
debug pagp command 31
debug platform acl command 32
debug platform backup interface command 33
debug platform cisp command 34
debug platform cli-redirection main command 35
debug platform configuration command 42
debug platform cpu-queues command 37
debug platform dot1x command 39
debug platform etherchannel command 40
debug platform forw-tcam command 41
debug platform ip arp inspection command 43
debug platform ip dhcp command 44
debug platform ip igmp snooping command 45
debug platform ip source-guard command 47
debug platform led command 48
debug platform matm command 49
debug platform messaging application command 50
debug platform phy command 51
debug platform pm command 53
debug platform port-asic command 55
debug platform port-security command 56
debug platform qos-acl-tcam command 57
debug platform resource-manager command 58
debug platform snmp command 59
debug platform span command 60
debug platform stack-manager command 61
debug platform supervisor-asic command 62
debug platform sw-bridge command 63
debug platform tcam command 64
debug platform udld command 66
debug platform vlan command 67
debug pm command 68
debug port-security command 70
debug qos-manager command 71
debug spanning-tree backbonefast command 74
debug spanning-tree bpdu command 75
debug spanning-tree bpdu-opt command 76
debug spanning-tree command 72
debug spanning-tree mstp command 77
debug spanning-tree switch command 79
debug spanning-tree uplinkfast command 81
debug sw-vlan command 82
debug sw-vlan ifs command 84
debug sw-vlan notification command 85
debug sw-vlan vtp command 87
debug udld command 89
debug vqpc command 91
define interface-range command 118
delete (boot loader) command 6
delete command 120
deny (ARP access-list configuration) command 122
deny command 124
detect mechanism, causes 175
DHCP snooping
accepting untrusted packets from edge switch 229
enabling
on a VLAN 234
option 82 227, 229
trust on an interface 232
error recovery timer 181
rate limiting 231
DHCP snooping binding database
binding file, configuring 225
bindings
adding 223
deleting 223
clearing database agent statistics 88
database agent, configuring 225
renewing 414
dir (boot loader) command 7
directories, deleting 120
domain name, VTP 782
dot1x auth-fail max-attempts 135
dot1x auth-fail vlan 137
dot1x command 133
dot1x control-direction command 139
dot1x credentials (global configuration) command 141
dot1x critical global configuration command 142
dot1x critical interface configuration command 144
dot1x default command 146
dot1x fallback command 147
dot1x guest-vlan command 148
dot1x host-mode command 150
dot1x initialize command 152
dot1x mac-auth-bypass command 153
dot1x max-reauth-req command 155
dot1x max-req command 157
dot1x pae command 158
dot1x port-control command 159
dot1x re-authenticate command 161
dot1x reauthentication command 162
dot1x supplicant controlled transient command 163
dot1x supplicant force-multicast command 165
dot1x test eapol-capable command 166
dot1x test timeout command 167
dot1x timeout command 168
dot1x violation-mode command 171
DSCP-to-CoS map 322
DSCP-to-DSCP-mutation map 322
DTP 737
DTP flap
error detection for 175
error recovery timer 181
DTP negotiation 738
dual-purpose uplink ports
displaying configurable options 505
displaying the active media 508
selecting the type 310
duplex command 172
dynamic-access ports
configuring 727
restrictions 728
dynamic ARP inspection
ARP ACLs
apply to a VLAN 206
define 18
deny packets 122
display 438
permit packets 378
clear
log buffer 83
statistics 87
display
ARP ACLs 438
configuration and operating state 513
log buffer 513
statistics 513
trust state and rate limit 513
enable per VLAN 216
log buffer
clear 83
configure 210
display 513
rate-limit incoming ARP packets 208
statistics
clear 87
display 513
trusted interface state 212
type of packet logged 217
validation checks 214
dynamic auto VLAN membership mode 736
dynamic desirable VLAN membership mode 736
Dynamic Host Configuration Protocol (DHCP)
See DHCP snooping
Dynamic Trunking Protocol
See DTP
E
EAP-request/identity frame
maximum number to send 157
response time before retransmitting 168
environment variables, displaying 447
epm access-control open 174
errdisable detect cause command 175
errdisable detect cause small-frame comand 178
errdisable recovery cause small-frame 180
errdisable recovery command 181
error conditions, displaying 493
error disable detection 175
error-disabled interfaces, displaying 502
EtherChannel
assigning Ethernet interface to channel group 73
creating port-channel logical interface 191
debug EtherChannel/PAgP, display 14
debug platform-specific events, display 40
displaying 496
interface information, displaying 502
LACP
clearing channel-group information 90, 91
debug messages, display 22
displaying 547
modes 73
port priority for hot-standby ports 276
restricting a protocol 76
system priority 278
load-distribution methods 389
PAgP
aggregate-port learner 374
clearing channel-group information 96
debug messages, display 31
displaying 601
error detection for 175
error recovery timer 181
learn method 374
modes 73
physical-port learner 374
priority of interface for transmitted traffic 376
Ethernet controller, internal register display 461
Ethernet controller, stackport information 468
Ethernet statistics, collecting 417
exception crashinfo command 184, 189
extended discovery of candidate switches 106
extended-range VLANs
and allowed VLAN list 751
and pruning-eligible list 751
configuring 772
extended system ID for STP 670
F
fallback profile command 185
fallback profiles, displaying 499
fan information, displaying 490
file name, VTP 782
files, deleting 120
flash_init (boot loader) command 9
flexible authentication ordering 36
Flex Links
configuring 729
configuring preferred VLAN 732
displaying 502
flowcontrol command 187
format (boot loader) command 10
fsck (boot loader) command 11
G
global configuration mode 2, 4
H
hardware ACL statistics 434
help (boot loader) command 12
hierarchical policy maps 388
hop-count limit for clusters 106
host connection, port configuration 735
Hot Standby Router Protocol
See HSRP
HSRP
binding HSRP group to cluster 113
standby group 113
I
IEEE 802.1x
and switchport modes 737
violation error recovery 181
See also port-based authentication
IEEE 802.1X Port Based Authentication
enabling guest VLAN supplicant 135, 147, 186
IGMP filters
applying 237
debug messages, display 19
IGMP groups, setting maximum 238
IGMP maximum groups, debugging 20
IGMP profiles
creating 240
displaying 525
IGMP snooping
adding ports as a static member of a group 256
displaying 526
enabling 242
enabling the configurable-leave timer 244
enabling the Immediate-Leave feature 253
flooding query count 250
interface topology change notification behavior 252
querier 246
query solicitation 250
report suppression 248
switch topology change notification behavior 250
images
See software images
Immediate-Leave feature, MVR 360
immediate-leave processing 253
Immediate-Leave processing, IPv6 274
interface configuration mode 3, 4
interface port-channel command 191
interface range command 193
interface-range macros 118
interfaces
assigning Ethernet interface to channel group 73
configuring 172
configuring multiple 193
creating port-channel logical 191
debug messages, display 16
disabling 647
displaying the MAC address table 569
restarting 647
interface speed, configuring 706
interface vlan command 196
internal registers, displaying 461, 468, 474
Internet Group Management Protocol
See IGMP
invalid GBIC
error detection for 175
error recovery timer 181
ip access-group command 198
ip address command 200
IP addresses, setting 200
ip admission command 202
ip admission name proxy http command 204
ip arp inspection filter vlan command 206
ip arp inspection limit command 208
ip arp inspection log-buffer command 210
ip arp inspection trust command 212
ip arp inspection validate command 214
ip arp inspection vlan command 216
ip arp inspection vlan logging command 217
ip device tracking command 221
ip device tracking probe command 219
IP DHCP snooping
See DHCP snooping
ip dhcp snooping binding command 223
ip dhcp snooping command 222
ip dhcp snooping database command 225
ip dhcp snooping information option allow-untrusted command 229
ip dhcp snooping information option command 227
ip dhcp snooping limit rate command 231
ip dhcp snooping trust command 232
ip dhcp snooping verify command 233
ip dhcp snooping vlan command 234
ip dhcp snooping vlan information option format-type circuit-id string command 235
ip igmp filter command 237
ip igmp max-groups command 238
ip igmp profile command 240
ip igmp snooping command 242
ip igmp snooping last-member-query-interval command 244
ip igmp snooping querier command 246
ip igmp snooping report-suppression command 248
ip igmp snooping tcn command 250
ip igmp snooping tcn flood command 252
ip igmp snooping vlan immediate-leave command 253
ip igmp snooping vlan mrouter command 254
ip igmp snooping vlan static command 256
IP multicast addresses 357
IP phones
auto-QoS configuration 57
trusting packets sent from 350
IP-precedence-to-DSCP map 322
ip source binding command 258
IP source guard
disabling 261
enabling 261
static IP source bindings 258
ip ssh command 260
ipv6 mld snooping command 262
ipv6 mld snooping last-listener-query count command 264
ipv6 mld snooping last-listener-query-interval command 266
ipv6 mld snooping listener-message-suppression command 268
ipv6 mld snooping robustness-variable command 270
ipv6 mld snooping tcn command 272
ipv6 mld snooping vlan command 274
IPv6 SDM template 418
ip verify source command 261
J
jumbo frames
See MTU
L
LACP
See EtherChannel
lacp port-priority command 276
lacp system-priority command 278
Layer 2 traceroute
IP addresses 762
MAC addresses 759
line configuration mode 3, 5
Link Aggregation Control Protocol
See EtherChannel
link flap
error detection for 175
error recovery timer 181
link state group command 280
link state track command 282
load-distribution methods for EtherChannel 389
location (global configuration) command 283
location (interface configuration) command 285
logging event command 287
logging event power-inline-status command 288
logging file command 289
logical interface 191
loopback error
detection for 175
recovery timer 181
loop guard, for spanning tree 672, 676
M
mab request format attribute 32 command 291
mac access-group command 293
MAC access-groups, displaying 560
MAC access list configuration mode 295
mac access-list extended command 295
MAC access lists 124
MAC addresses
disabling MAC address learning per VLAN 298
displaying
dynamic 567
notification settings 572
number of addresses in a VLAN 566
per interface 569
per VLAN 576
static 574
static and dynamic entries 561
dynamic
aging time 297
deleting 92
displaying 567
enabling MAC address notification 302
enabling MAC address-table move update 300
persistent stack 714
static
adding and removing 304
displaying 574
dropping on an interface 305
MAC address notification, debugging 24
mac address-table aging-time 293
mac address-table aging-time command 297
mac address-table learning command 298
mac address-table move update command 300
mac address-table notification command 302
mac address-table static command 304
mac address-table static drop command 305
macros
interface range 118, 193
maps
QoS
defining 322
match (class-map configuration) command 307
maximum transmission unit
See MTU
mdix auto command 309
media-type (interface configuration) command 310
media-type rj45 (line configuration) command 312
member switches
See clusters
memory (boot loader) command 13
mkdir (boot loader) command 15
MLD snooping
configuring 268, 270
configuring queries 264, 266
configuring topology change notification 272
displaying 537
enabling 262
MLD snooping on a VLAN, enabling 274
mls qos aggregate-policer command 316
mls qos command 314
mls qos cos command 318
mls qos dscp-mutation command 320
mls qos map command 322
mls qos queue-set output buffers command 326
mls qos queue-set output threshold command 328
mls qos queue-set stack buffers command 330
mls qos rewrite ip dscp command 332
mls qos srr-queue input bandwidth command 334
mls qos srr-queue input buffers command 336
mls qos-srr-queue input cos-map command 338
mls qos srr-queue input dscp-map command 340
mls qos srr-queue input priority-queue command 342
mls qos srr-queue input threshold command 344
mls qos-srr-queue output cos-map command 346
mls qos srr-queue output dscp-map command 348
mls qos trust command 350
mode, MVR 357
Mode button, and password recovery 422
modes, commands 2
monitor session command 352
more (boot loader) command 16
MSTP
displaying 618
interoperability 101
link type 674
MST region
aborting changes 679
applying changes 679
configuration name 679
configuration revision number 679
current or pending display 679
displaying 618
MST configuration mode 679
VLANs-to-instance mapping 679
path cost 681
protocol mode 677
restart protocol migration process 101
root port
loop guard 672
preventing from becoming designated 672
restricting which can be root 672
root guard 672
root switch
affects of extended system ID 670
hello-time 684, 692
interval between BDPU messages 685
interval between hello BPDU messages 684, 692
max-age 685
maximum hop count before discarding BPDU 686
port priority for selection of 688
primary or secondary 692
switch priority 691
state changes
blocking to forwarding state 698
enabling BPDU filtering 662, 696
enabling BPDU guard 664, 696
enabling Port Fast 696, 698
forward-delay time 683
length of listening and learning states 683
rapid transition to forwarding 674
shutting down Port Fast-enabled ports 696
state information display 617
MTU
configuring size 756
displaying global setting 630
Multicase Listener Discovery
See MLD
multicast group address, MVR 360
multicast groups, MVR 358
Multicast Listener Discovery
See MLD
multicast router learning method 254
multicast router ports, configuring 254
multicast router ports, IPv6 274
multicast storm control 717
multicast VLAN, MVR 358
multicast VLAN registration
See MVR
Multiple Spanning Tree Protocol
See MSTP
MVR
and address aliasing 358
configuring 357
configuring interfaces 360
debug messages, display 28
displaying 592
displaying interface information 593
members, displaying 595
mvr (global configuration) command 357
mvr (interface configuration) command 360
mvr vlan group command 361
N
native VLANs 751
Network Admission Control Software Configuration Guide 203, 205
network-policy (global configuration) command 364
network-policy command 363
network-policy profile (network-policy configuration) command 366
nmsp attachment suppress command 370
nmsp command 368
no authentication logging verbose 371
no dot1x logging verbose 372
no mab logging verbose 373
nonegotiate, speed 706
nonegotiating DTP messaging 738
non-IP protocols
denying 124
forwarding 380
non-IP traffic access lists 295
non-IP traffic forwarding
denying 124
permitting 380
normal-range VLANs 772
no vlan command 772
O
online diagnostics
displaying
configured boot-up coverage level 478
current scheduled tasks 478
event logs 478
supported test suites 478
test ID 478
test results 478
test statistics 478
global configuration mode
clearing health monitoring diagnostic test schedule 87
clearing test-based testing schedule 129
setting health monitoring diagnostic testing 87
setting test-based testing 129
setting up health monitoring diagnostic test schedule 87
setting up test-based testing 129
health monitoring diagnostic tests, configuring 127
scheduled switchover
disabling 129
enabling 129
scheduling
enabling 129
removing 129
testing, starting 131
test interval, setting 129
P
PAgP
See EtherChannel
pagp learn-method command 374
pagp port-priority command 376
password, VTP 783
password-recovery mechanism, enabling and disabling 422
permit (ARP access-list configuration) command 378
permit (MAC access-list configuration) command 380
per-VLAN spanning-tree plus
See STP
physical-port learner 374
PIM-DVMRP, as multicast router learning method 254
PoE
configuring the power budget 393
configuring the power management mode 390
displaying controller register values 472
displaying power management information 606
logging of status 288
monitoring power 395
policing power consumption 395
police aggregate command 385
police command 383
policed-DSCP map 322
policy-map command 387
policy maps
applying to an interface 424, 429
creating 387
hierarchical 388
policers
displaying 579
for a single class 383
for multiple classes 316, 385
policed-DSCP map 322
traffic classification
defining the class 78
defining trust states 764
setting DSCP or IP precedence values 427
Port Aggregation Protocol
See EtherChannel
port-based authentication
AAA method list 3
configuring violation modes 171
debug messages, display 10
enabling IEEE 802.1x
globally 133
per interface 159
guest VLAN 148
host modes 150
IEEE 802.1x AAA accounting methods 1
initialize an interface 152, 167
MAC authentication bypass 153
manual control of authorization state 159
PAE as authenticator 158
periodic re-authentication
enabling 162
time between attempts 168
quiet period between failed authentication exchanges 168
re-authenticating IEEE 802.1x-enabled ports 161
resetting configurable IEEE 802.1x parameters 146
switch-to-authentication server retransmission time 168
switch-to-client frame-retransmission number 155 to 157
switch-to-client retransmission time 168
test for IEEE 802.1x readiness 166
port-channel load-balance command 389
Port Fast, for spanning tree 698
port ranges, defining 116, 118
ports, debugging 68
ports, protected 749
port security
aging 745
debug messages, display 70
enabling 740
violation error recovery 181
port trust states for QoS 350
port types, MVR 360
power information, displaying 490
power inline command 390
power inline consumption command 393
power inline police command 395
Power over Ethernet
See PoE
priority-queue command 398
priority value, stack member 625, 722
privileged EXEC mode 2, 3
protected ports, displaying 507
pruning
VLANs 751
VTP
displaying interface information 502
enabling 783
pruning-eligible VLAN list 752
psp 400
psp command 400
PVST+
See STP
Q
QoS
auto-QoS
configuring 57
debug messages, display 4
auto-QoS trust
configuring 51
auto-QoS video
configuring 54
class maps
creating 81
defining the match criteria 307
displaying 452
defining the CoS value for an incoming packet 318
displaying configuration information 578
DSCP transparency 332
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 320
defining DSCP-to-DSCP-mutation map 322
egress queues
allocating buffers 326
defining the CoS output queue threshold map 346
defining the DSCP output queue threshold map 348
displaying buffer allocations 581
displaying CoS output queue threshold map 585
displaying DSCP output queue threshold map 585
displaying queueing strategy 581
displaying queue-set settings 588
enabling bandwidth shaping and scheduling 710
enabling bandwidth sharing and scheduling 712
limiting the maximum output on a port 708
mapping a port to a queue-set 401
mapping CoS values to a queue and threshold 346
mapping DSCP values to a queue and threshold 348
setting maximum and reserved memory allocations 328
setting WTD thresholds 328
enabling 314
ingress queues
allocating buffers 336
assigning SRR scheduling weights 334
defining the CoS input queue threshold map 338
defining the DSCP input queue threshold map 340
displaying buffer allocations 581
displaying CoS input queue threshold map 585
displaying DSCP input queue threshold map 585
displaying queueing strategy 581
displaying settings for 580
enabling the priority queue 342
mapping CoS values to a queue and threshold 338
mapping DSCP values to a queue and threshold 340
setting WTD thresholds 344
maps
defining 322, 338, 340, 346, 348
policy maps
applying an aggregate policer 385
applying to an interface 424, 429
creating 387
defining policers 316, 383
displaying policers 579
hierarchical 388
policed-DSCP map 322
setting DSCP or IP precedence values 427
traffic classifications 78
trust states 764
port trust states 350
queues, enabling the expedite 398
statistics
in-profile and out-of-profile packets 581
packets enqueued or dropped 581
sent and received CoS values 581
sent and received DSCP values 581
trusted boundary for IP phones 350
quality of service
See QoS
querytime, MVR 357
queue-set command 401
R
radius-server dead-criteria command 402
radius-server host command 404
rapid per-VLAN spanning-tree plus
See STP
rapid PVST+
See STP
rcommand command 406
re-authenticating IEEE 802.1x-enabled ports 161
re-authentication
periodic 162
time between attempts 168
receiver ports, MVR 360
receiving flow-control packets 187
recovery mechanism
causes 181
display 86, 449, 492, 494
timer interval 182
redundancy for cluster switches 113
reload command 408
remote command 410
remote-span command 412
Remote Switched Port Analyzer
See RSPAN
rename (boot loader) command 17
renew ip dhcp snooping database command 414
reset (boot loader) command 18
resource templates, displaying 613
restricted VLAN
See dot1x auth-fail vlan
rmdir (boot loader) command 19
rmon collection stats command 417
root guard, for spanning tree 672
RSPAN
configuring 352
filter RSPAN traffic 352
remote-span command 412
S
scheduled switchover
disabling 129
enabling 129
SDM mismatch mode 626
sdm prefer command 418
SDM templates
displaying 613
dual IPv4 and IPv6 418
secure ports, limitations 742
sending flow-control packets 187
service password-recovery command 422
service-policy command 424
session command 426
set (boot loader) command 20
set command 427
setup command 429
setup express command 432
show access-lists command 434
show archive status command 437
show arp access-list command 438
show authentication command 439
show auto qos command 443
show boot command 447
show cable-diagnostics tdr command 449
show cisp command 451
show class-map command 452
show cluster candidates command 455
show cluster command 453
show cluster members command 457
show controllers cpu-interface command 459
show controllers ethernet-controller command 461
show controllers power inline command 472
show controllers tcam command 474
show controller utilization command 476
show dot1x command 481
show dtp 485
show eap command 487
show env command 490
show errdisable detect command 492
show errdisable flap-values command 493
show errdisable recovery command 494
show etherchannel command 496
show fallback profile command 499
show flowcontrol command 500
show interfaces command 502
show interfaces counters command 510
show inventory command 512
show ip arp inspection command 513
show ip dhcp snooping binding command 518
show ip dhcp snooping command 517
show ip dhcp snooping database command 520, 522
show ip igmp profile command 525
show ip igmp snooping command 526, 537
show ip igmp snooping groups command 529
show ip igmp snooping mrouter command 531
show ip igmp snooping querier command 532
show ip source binding command 534
show ipv6 route updated 545
show ip verify source command 535
show lacp command 547
show link state group command 551
show logging onboard command 555
show mac access-group command 560
show mac address-table address command 563
show mac address-table aging time command 564
show mac address-table command 561
show mac address-table count command 566
show mac address-table dynamic command 567
show mac address-table interface command 569
show mac address-table move update command 571
show mac address-table notification command 94, 572, 26
show mac address-table static command 574
show mac address-table vlan command 576
show mls qos aggregate-policer command 579
show mls qos command 578
show mls qos input-queue command 580
show mls qos interface command 581
show mls qos maps command 585
show mls qos queue-set command 588
show mls qos vlan command 589
show monitor command 590
show mvr command 592
show mvr interface command 593
show mvr members command 595
show network-policy profile command 597
show nmsp command 598
show pagp command 601
show platform acl command 2
show platform backup interface command 3
show platform etherchannel command 4
show platform forward command 5
show platform frontend-controller command 7
show platform igmp snooping command 8
show platform ip unicast command 9
show platform layer4op command 10
show platform mac-address-table command 11
show platform messaging command 12
show platform monitor command 13
show platform mvr table command 14
show platform pm command 15
show platform port-asic command 16
show platform port-security command 21
show platform qos command 22
show platform resource-manager command 23
show platform snmp counters command 25
show platform spanning-tree command 26
show platform stack manager command 28
show platform stp-instance command 27
show platform tb command 32
show platform tcam command 34
show platform vlan command 36
show policy-map command 603
show port security command 604
show power inline command 606
show psp config 611
show psp config command 611
show psp statistics 612
show psp statistics command 612
show sdm prefer command 613
show setup express command 616
show spanning-tree command 617
show storm-control command 623
show switch command 625
show system mtu command 630
show trust command 764
show udld command 631
show version command 634
show vlan command 636
show vlan command, fields 637
show vmps command 639
show vtp command 641
shutdown command 647
shutdown vlan command 648
small violation-rate command 649
SNMP host, specifying 655
SNMP informs, enabling the sending of 651
snmp-server enable traps command 651
snmp-server host command 655
snmp trap mac-notification change command 659
SNMP traps
enabling MAC address notification trap 659
enabling the MAC address notification feature 302
enabling the sending of 651
SoftPhone
See Cisco SoftPhone
software images
copying 6
deleting 120
downloading 9
upgrading 6, 9
uploading 16
software version, displaying 634
source ports, MVR 360
SPAN
configuring 352
debug messages, display 27
filter SPAN traffic 352
sessions
add interfaces to 352
start new 352
spanning-tree backbonefast command 661
spanning-tree bpdufilter command 662
spanning-tree bpduguard command 664
spanning-tree cost command 666
spanning-tree etherchannel command 668
spanning-tree extend system-id command 670
spanning-tree guard command 672
spanning-tree link-type command 674
spanning-tree loopguard default command 676
spanning-tree mode command 677
spanning-tree mst configuration command 679
spanning-tree mst cost command 681
spanning-tree mst forward-time command 683
spanning-tree mst hello-time command 684
spanning-tree mst max-age command 685
spanning-tree mst max-hops command 686
spanning-tree mst port-priority command 688
spanning-tree mst pre-standard command 690
spanning-tree mst priority command 691
spanning-tree mst root command 692
spanning-tree portfast (global configuration) command 696
spanning-tree portfast (interface configuration) command 698
spanning-tree port-priority command 694
Spanning Tree Protocol
See STP
spanning-tree transmit hold-count command 700
spanning-tree uplinkfast command 701
spanning-tree vlan command 703
speed command 706
srr-queue bandwidth limit command 708
srr-queue bandwidth share command 712
SSH, configuring version 260
stack-mac persistent timer command 714
stack member
access 426
number 625, 725
priority value 722
provisioning 723
reloading 408
stacks, switch
disabling a member 720
enabling a member 720
MAC address 714
provisioning a new member 723
reloading 408
stack member access 426
stack member number 625, 725
stack member priority value 625, 722
static-access ports, configuring 727
statistics, Ethernet group 417
sticky learning, enabling 740
storm-control command 717
STP
BackboneFast 661
counters, clearing 100
debug messages, display
BackboneFast events 74
MSTP 77
optimized BPDUs handling 76
spanning-tree activity 72
switch shim 79
transmitted and received BPDUs 75
UplinkFast 81
detection of indirect link failures 661
EtherChannel misconfiguration 668
extended system ID 670
path cost 666
protocol modes 677
root port
accelerating choice of new 701
loop guard 672
preventing from becoming designated 672
restricting which can be root 672
root guard 672
UplinkFast 701
root switch
affects of extended system ID 670, 704
hello-time 703
interval between BDPU messages 703
interval between hello BPDU messages 703
max-age 703
port priority for selection of 694
primary or secondary 703
switch priority 703
state changes
blocking to forwarding state 698
enabling BPDU filtering 662, 696
enabling BPDU guard 664, 696
enabling Port Fast 696, 698
enabling timer to recover from error state 181
forward-delay time 703
length of listening and learning states 703
shutting down Port Fast-enabled ports 696
state information display 617
VLAN options 691, 703
Switched Port Analyzer
See SPAN
switchport access command 727
switchport backup interface command 729
switchport block command 733
switchport host command 735
switchport mode command 736
switchport nonegotiate command 738
switchport port-security aging command 745
switchport port-security command 740
switchport priority extend command 747
switchport protected command 749
switchports, displaying 502
switchport trunk command 751
switchport voice vlan command 754
switch priority command 720, 722
switch provision command 723
switch renumber command 725
system message logging 288
system message logging, save message to flash 289
system mtu command 756
system resource templates 418
T
tar files, creating, listing, and extracting 13
TDR, running 758
Telnet, using to communicate to cluster switches 406
temperature information, displaying 490
templates, system resources 418
test cable-diagnostics tdr command 758
traceroute mac command 759
traceroute mac ip command 762
trunking, VLAN mode 736
trunk mode 736
trunk ports 736
trunks, to non-DTP device 737
trusted boundary for QoS 350
trusted port states for QoS 350
type (boot loader) command 23
U
UDLD
aggressive mode 766, 768
debug messages, display 89
enable globally 766
enable per interface 768
error recovery timer 181
message timer 766
normal mode 766, 768
reset a shutdown interface 770
status 631
udld command 766
udld port command 768
udld reset command 770
unicast storm control 717
UniDirectional Link Detection
See UDLD
unknown multicast traffic, preventing 733
unknown unicast traffic, preventing 733
unset (boot loader) command 24
upgrading
software images
copying 6
downloading 9
monitoring status of 437
UplinkFast, for STP 701
usb-inactivity-timeout (console configuration) command 771
user EXEC mode 2, 3
V
version (boot loader) command 26
version mismatch mode 626
vlan (global configuration) command 772
VLAN configuration
rules 775
saving 772
VLAN configuration mode
description 5
summary 3
VLAN ID range 772
VLAN Query Protocol
See VQP
VLANs
adding 772
configuring 772
debug messages, display
ISL 85
VLAN IOS file system error tests 84
VLAN manager activity 82
VTP 87
displaying configurations 636
enabling guest VLAN supplicant 135, 147, 186
extended-range 772
MAC addresses
displaying 576
number of 566
media types 774
normal-range 772
restarting 648
saving the configuration 772
shutting down 648
SNMP traps for VTP 653, 656
suspending 648
VLAN Trunking Protocol
See VTP
VM mode 626
VMPS
configuring servers 780
displaying 639
error recovery timer 182
reconfirming dynamic VLAN assignments 777
vmps reconfirm (global configuration) command 778
vmps reconfirm (privileged EXEC) command 777
vmps retry command 779
vmps server command 780
voice VLAN
configuring 754
setting port priority 747
VQP
and dynamic-access ports 728
clearing client statistics 102
displaying information 639
per-server retry count 779
reconfirmation interval 778
reconfirming dynamic VLAN assignments 777
VTP
changing characteristics 782
clearing pruning counters 103
configuring
domain name 782
file name 782
mode 782
password 783
counters display fields 643
displaying information 641
enabling
pruning 783
Version 2 783
enabling per port 787
mode 782
pruning 783
saving the configuration 772
statistics 641
status 641
status display fields 644
vtp (global configuration) command 782
vtp interface configuration) command 787
vtp primary command 788