Index A
aaa accounting dot1x command 1
aaa authentication dot1x command 3, 799
aaa authorization network command 5, 20, 26, 28, 30, 32, 34, 138, 305, 468, 7, 33
AAA methods 3, 799
access control entries
See ACEs
access control lists
See ACLs
access groups
IP 193
MAC, displaying 588
access list, IPv6 262
access map configuration mode 321
access mode 757
access ports 757
ACEs 124, 398
ACLs
deny 122
displaying 449
for non-IP protocols 309
IP 193
matching 321
on Layer 2 interfaces 193
permit 396
action command 6
address aliasing 370
aggregate-port learner 384
allowed VLANs 776
archive download-sw command 8
archive tar command 11
archive upload-sw command 14
arp access-list command 16
authentication command bounce-port ignore 18
authentication command disable-port ignore 19
authentication control-direction command 20
authentication event command 22
authentication failed VLAN
See dot1x auth-fail vlan
authentication fallback command 26
authentication host-mode command 28
authentication mac-move permit command 30
authentication open command 32
authentication order command 34
authentication periodic command 36
authentication port-control command 38
authentication priority command 40
authentication timer command 42
authentication violation command 44
auth-fail max-attempts
See dot1x auth-fail max-attempts
auth-fail vlan
See dot1x auth-fail vlan
auth open command 32
auth order command 34
authorization state of controlled port 158
auth timer command 42
autonegotiation of duplex mode 171
auto qos classify command 46
auto qos trust command 49
auto qos voip command 52
B
BackboneFast, for STP 690
backup interfaces
configuring 750
displaying 520
boot (boot loader) command 2
boot auto-download-sw command 57
boot config-file command 60
boot enable-break command 61
boot helper command 62
boot helper-config file command 63
booting
Cisco IOS image 66
displaying environment variables 462
interrupting 57, 61
manually 64
boot loader
accessing 1
booting
Cisco IOS image 2
helper image 62
directories
creating 14
displaying a list of 7
removing 18
displaying
available commands 12
memory heap utilization 13
version 25
environment variables
described 19
displaying settings 19
location of 20
setting 19
unsetting 23
boot loader (continued)
files
copying 5
deleting 6
displaying a list of 7
displaying the contents of 4, 15, 22
renaming 16
file system
formatting 10
initializing flash 9
running a consistency check 11
prompt 1
resetting the system 17
boot manual command 64
boot private-config-file command 65
boot system command 66
BPDU filtering, for spanning tree 691, 723
BPDU guard, for spanning tree 693, 723
broadcast storm control 741
C
candidate switches
See clusters
cat (boot loader) command 4
CDP, enabling protocol tunneling for 286
channel-group command 68
channel-protocol command 71
Cisco SoftPhone
auto-QoS configuration 52
trusting packets sent from 362
CISP
See Client Information Signalling Protocol
cisp
debug platform cisp command 33
cisp enable command 72
class command 73
class-map command 76
class maps
creating 76
defining the match criteria 323
displaying 469
class of service
See CoS
clear dot1x command 78
clear eap sessions command 79
clear errdisable interface 80
clear ip arp inspection log command 81
clear ip arp inspection statistics command 82
clear ipc command 85
clear ip dhcp snooping database command 83
clear ipv6 dhcp conflict command 86
clear l2protocol-tunnel counters command 87
clear lacp command 88
clear mac address-table command 89, 91
clear nmsp statistics command 92
clear pagp command 93
clear port-security command 94
clear spanning-tree counters command 96
clear spanning-tree detected-protocols command 97
clear vmps statistics command 98
clear vtp counters command 99
Client Information Signalling Protocol 72, 138, 468, 7, 33
cluster commander-address command 100
cluster discovery hop-count command 102
cluster enable command 103
cluster holdtime command 104
cluster member command 105
cluster outside-interface command 107
cluster run command 108
clusters
adding candidates 105
binding to HSRP group 109
building manually 105
communicating with
devices outside the cluster 107
members by using Telnet 426
clusters (continued)
debug messages, display 8
displaying
candidate switches 472
debug messages 8
member switches 474
status 470
hop-count limit for extended discovery 102
HSRP standby groups 109
redundancy 109
SNMP trap 679
cluster standby-group command 109
cluster timer command 111
command modes defined 1
command switch
See clusters
configuration files
password recovery disable considerations 1
specifying the name 60, 65
configuring multiple interfaces 189
copy (boot loader) command 5
CoS
assigning default value to incoming packets 332
assigning to Layer 2 protocol packets 289
overriding the incoming value 332
CoS-to-DSCP map 336
CPU ASIC statistics, displaying 476
crashinfo files 182
critical VLAN 23
D
debug authentication 2
debug auto qos command 4
debug backup command 6
debug cisp command 7
debug cluster command 8
debug dot1x command 10
debug dtp command 11
debug eap command 12
debug etherchannel command 13
debug ilpower command 14
debug interface command 15
debug ip dhcp snooping command 16
debug ip igmp filter command 18
debug ip igmp max-groups command 19
debug ip igmp snooping command 20
debug ip verify source packet command 17
debug lacp command 21
debug lldp packets command 22
debug mac-notification command 23
debug matm command 24
debug matm move update command 25
debug monitor command 26
debug mvrdbg command 27
debug nmsp command 28
debug nvram command 29
debug pagp command 30
debug platform acl command 31
debug platform backup interface command 32
debug platform cisp command 33
debug platform configuration command 41
debug platform cpu-queues command 34
debug platform device-manager command 36
debug platform dot1x command 37
debug platform etherchannel command 38
debug platform fallback-bridging command 39
debug platform forw-tcam command 40
debug platform ip arp inspection command 42
debug platform ip dhcp command 43
debug platform ip igmp snooping command 44
debug platform ip multicast command 46
debug platform ip source-guard command 48
debug platform ip unicast command 49
debug platform ip wccp command 51
debug platform led command 52
debug platform matm command 53
debug platform messaging application command 54
debug platform phy command 55
debug platform pm command 57
debug platform port-asic command 59
debug platform port-security command 60
debug platform qos-acl-tcam command 61
debug platform remote-commands command 62
debug platform resource-manager command 63
debug platform snmp command 64
debug platform span command 65
debug platform supervisor-asic command 66
debug platform sw-bridge command 67
debug platform tcam command 68
debug platform udld command 70
debug platform vlan command 71
debug pm command 72
debug port-security command 74
debug qos-manager command 75
debug spanning-tree backbonefast command 78
debug spanning-tree bpdu command 79
debug spanning-tree bpdu-opt command 80
debug spanning-tree command 76
debug spanning-tree mstp command 81
debug spanning-tree switch command 83
debug spanning-tree uplinkfast command 85
debug sw-vlan command 86
debug sw-vlan ifs command 88
debug sw-vlan notification command 89
debug sw-vlan vtp command 90
debug udld command 92
debug vqpc command 94
define interface-range command 112
delete (boot loader) command 6
delete command 114
deny (ARP access-list configuration) command 115
deny (IPv6) command 117
deny command 122
detect mechanism, causes 173
DHCP snooping
accepting untrusted packets from edge switch 224
enabling
on a VLAN 230
option 82 222, 224
trust on an interface 228
error recovery timer 179
rate limiting 227
DHCP snooping binding database
binding file, configuring 220
bindings
adding 218
deleting 218
displaying 539
clearing database agent statistics 83
database agent, configuring 220
displaying
binding entries 539
database agent status 541, 543
renewing 430
dir (boot loader) command 7
directories, deleting 114
domain name, VTP 813
dot1x auth-fail max-attempts 132
dot1x auth-fail vlan 134
dot1x command 130
dot1x control-direction command 136
dot1x credentials (global configuration) command 138
dot1x critical global configuration command 139
dot1x critical interface configuration command 141
dot1x default command 143
dot1x fallback command 144
dot1x guest-vlan command 145
dot1x host-mode command 148
dot1x initialize command 150
dot1x mac-auth-bypass command 151
dot1x max-reauth-req command 153
dot1x max-req command 155
dot1x multiple-hosts command 156
dot1x pae command 157
dot1x port-control command 158
dot1x re-authenticate command 160
dot1x re-authentication command 161
dot1x reauthentication command 162
dot1x supplicant force-multicast command 163
dot1x test eapol-capable command 164
dot1x test timeout command 165
dot1x timeout command 166
dot1x violation-mode command 169
dropping packets, with ACL matches 6
drop threshold, Layer 2 protocol tunneling 286
DSCP-to-CoS map 336
DSCP-to-DSCP-mutation map 336
DTP 758
DTP flap
error detection for 173
error recovery timer 179
DTP negotiation 762
dual-purpose uplink ports
displaying configurable options 523
selecting the type 326
duplex command 170
dynamic-access ports
configuring 746
restrictions 747
dynamic ARP inspection
ARP ACLs
apply to a VLAN 201
define 16
deny packets 115
display 453
permit packets 388
clear
log buffer 81
statistics 82
dynamic ARP inspection (continued)
display
ARP ACLs 453
configuration and operating state 534
log buffer 534
statistics 534
trust state and rate limit 534
enable per VLAN 211
error detection for 173
error recovery timer 179
log buffer
clear 81
configure 205
display 534
rate-limit incoming ARP packets 203
statistics
clear 82
display 534
trusted interface state 207
type of packet logged 212
validation checks 209
dynamic auto VLAN membership mode 757
dynamic desirable VLAN membership mode 757
Dynamic Host Configuration Protocol (DHCP)
See DHCP snooping
Dynamic Trunking Protocol
See DTP
E
EAP-request/identity frame
maximum number to send 155
response time before retransmitting 166
encapsulation methods 776
environment variables, displaying 462
epm access-control open 172
errdisable detect cause command 173
errdisable detect cause small-frame comand 176
errdisable recovery cause small-frame 178
errdisable recovery command 179
error conditions, displaying 509
error disable detection 173
error-disabled interfaces, displaying 520
EtherChannel
assigning Ethernet interface to channel group 68
creating port-channel logical interface 187
debug EtherChannel/PAgP, display 13
debug platform-specific events, display 38
displaying 513
enabling Layer 2 protocol tunneling for
LACP 287
PAgP 287
UDLD 287
interface information, displaying 520
LACP
clearing channel-group information 88
debug messages, display 21
displaying 579
modes 68
port priority for hot-standby ports 290
restricting a protocol 71
system priority 292
load-distribution methods 406
PAgP
aggregate-port learner 384
clearing channel-group information 93
debug messages, display 30
displaying 635
error detection for 173
error recovery timer 179
learn method 384
modes 68
physical-port learner 384
priority of interface for transmitted traffic 386
Ethernet controller, internal register display 478
Ethernet statistics, collecting 433
exception crashinfo command 182
extended discovery of candidate switches 102
extended-range VLANs
and allowed VLAN list 776
and pruning-eligible list 776
extended system ID for STP 699
F
fallback profile command 183
fallback profiles, displaying 516
fan information, displaying 505
file name, VTP 813
files, deleting 114
flash_init (boot loader) command 9
flexible authentication ordering 34
Flex Links
configuring 750
configuring preferred VLAN 752
displaying 520
flowcontrol command 185
format (boot loader) command 10
forwarding packets, with ACL matches 6
forwarding results, display 6
frame forwarding information, displaying 6
front-end controller, counter and status information 8
fsck (boot loader) command 11
G
global configuration mode 2, 3
H
hardware ACL statistics 449
help (boot loader) command 12
hierarchical policy maps 404
hop-count limit for clusters 102
host connection, port configuration 756
host ports, private VLANs 760
Hot Standby Router Protocol
See HSRP
HSRP
binding HSRP group to cluster 109
standby group 109
I
IEEE 802.1Q trunk ports and native VLANs 805
IEEE 802.1Q tunnel ports
configuring 757
displaying 494
limitations 758
IEEE 802.1x
and switchport modes 758
violation error recovery 179
See also port-based authentication
IEEE 802.1X Port Based Authentication
enabling guest VLAN supplicant 133, 144, 184
IGMP filters
applying 233
debug messages, display 18
IGMP groups, setting maximum 234
IGMP maximum groups, debugging 19
IGMP profiles
creating 236
displaying 546
IGMP snooping
adding ports as a static member of a group 252
displaying 547, 552, 554
enabling 238
enabling the configurable-leave timer 240
enabling the Immediate-Leave feature 249
flooding query count 246
interface topology change notification behavior 248
multicast table 550
querier 242
query solicitation 246
report suppression 244
IGMP snooping (continued)
switch topology change notification behavior 246
images
See software images
Immediate-Leave feature, MVR 372
immediate-leave processing 249
Immediate-Leave processing, IPv6 282
interface configuration mode 2, 4
interface port-channel command 187
interface range command 189
interface-range macros 112
interfaces
assigning Ethernet interface to channel group 68
configuring 170
configuring multiple 189
creating port-channel logical 187
debug messages, display 15
disabling 675
displaying the MAC address table 599
restarting 675
interface speed, configuring 733
interface vlan command 191
internal registers, displaying 478, 487
Internet Group Management Protocol
See IGMP
invalid GBIC
error detection for 173
error recovery timer 179
ip access-group command 193
ip address command 196
IP addresses, setting 196
IP address matching 321
ip admission command 198
ip admission name proxy http command 199
ip arp inspection filter vlan command 201
ip arp inspection limit command 203
ip arp inspection log-buffer command 205
ip arp inspection trust command 207
ip arp inspection validate command 209
ip arp inspection vlan command 211
ip arp inspection vlan logging command 212
ip device tracking command 216
ip device tracking probe command 214
IP DHCP snooping
See DHCP snooping
ip dhcp snooping binding command 218
ip dhcp snooping command 217
ip dhcp snooping database command 220
ip dhcp snooping information option allow-untrusted command 224
ip dhcp snooping information option command 222
ip dhcp snooping information option format remote-id command 226
ip dhcp snooping limit rate command 227
ip dhcp snooping trust command 228
ip dhcp snooping verify command 229
ip dhcp snooping vlan command 230
ip dhcp snooping vlan information option format-type circuit-id string command 231
ip igmp filter command 233
ip igmp max-groups command 234, 257, 259
ip igmp profile command 236
ip igmp snooping command 238
ip igmp snooping last-member-query-interval command 240
ip igmp snooping querier command 242
ip igmp snooping report-suppression command 244
ip igmp snooping tcn command 246
ip igmp snooping tcn flood command 248
ip igmp snooping vlan immediate-leave command 249
ip igmp snooping vlan mrouter command 250
ip igmp snooping vlan static command 252
IP multicast addresses 369
IP phones
auto-QoS configuration 52
trusting packets sent from 362
IP-precedence-to-DSCP map 336
ip source binding command 254
IP source guard
disabling 261
displaying
binding entries 556
configuration 557
dynamic binding entries only 539
enabling 261
static IP source bindings 254
ip ssh command 256
IPv6 access list, deny conditions 117
ipv6 access-list command 262
ipv6 address dhcp command 264
ipv6 dhcp client request vendor command 265
ipv6 dhcp ping packets command 266
ipv6 dhcp pool command 267
ipv6 dhcp server command 269
ipv6 mld snooping command 271
ipv6 mld snooping last-listener-query count command 273
ipv6 mld snooping last-listener-query-interval command 275
ipv6 mld snooping listener-message-suppression command 277
ipv6 mld snooping robustness-variable command 278
ipv6 mld snooping tcn command 280
ipv6 mld snooping vlan command 282
IPv6 SDM template 434
ipv6 traffic-filter command 284
ip verify source command 261
J
jumbo frames
See MTU
L
l2protocol-tunnel command 286
l2protocol-tunnel cos command 289
LACP
See EtherChannel
lacp port-priority command 290
lacp system-priority command 292
Layer 2 mode, enabling 744
Layer 2 protocol ports, displaying 576
Layer 2 protocol-tunnel
error detection for 173
error recovery timer 179
Layer 2 protocol tunnel counters 87
Layer 2 protocol tunneling error recovery 287
Layer 2 traceroute
IP addresses 790
MAC addresses 787
Layer 3 mode, enabling 744
line configuration mode 2, 4
Link Aggregation Control Protocol
See EtherChannel
link flap
error detection for 173
error recovery timer 179
link state group command 294
link state track command 296
load-distribution methods for EtherChannel 406
location (global configuration) command 297
location (interface configuration) command 299
logging event command 301
logging event power-inline-status command 302
logging file command 303
logical interface 187
loopback error
detection for 173
recovery timer 179
loop guard, for spanning tree 700, 704
M
mab request format attribute 32 command 305
mac access-group command 307
MAC access-groups, displaying 588
MAC access list configuration mode 309
mac access-list extended command 309
MAC access lists 122
MAC addresses
disabling MAC address learning per VLAN 312
displaying
aging time 593
all 591
dynamic 597
MAC address-table move updates 602
notification settings 601, 604
number of addresses in a VLAN 595
per interface 599
per VLAN 608
static 606
static and dynamic entries 589
dynamic
aging time 311
deleting 89
displaying 597
enabling MAC address notification 316
enabling MAC address-table move update 314
matching 321
static
adding and removing 318
displaying 606
dropping on an interface 319
tables 591
MAC address notification, debugging 23
mac address-table aging-time 307, 321
mac address-table aging-time command 311
mac address-table learning command 312
mac address-table move update command 314
mac address-table notification command 316
mac address-table static command 318
mac address-table static drop command 319
macros
interface range 112, 189
maps
QoS
defining 336
displaying 617
VLAN
creating 802
defining 321
displaying 666
match (access-map configuration) command 321
match (class-map configuration) command 323
maximum transmission unit
See MTU
mdix auto command 325
media-type (interface configuration) command 326
member switches
See clusters
memory (boot loader) command 13
mkdir (boot loader) command 14
MLD snooping
configuring 277, 278
configuring queries 273, 275
configuring topology change notification 280
displaying 566, 568, 570, 572
enabling 271
MLD snooping on a VLAN, enabling 282
mls qos aggregate-policer command 330
mls qos command 328
mls qos cos command 332
mls qos dscp-mutation command 334
mls qos map command 336
mls qos queue-set output buffers command 340
mls qos queue-set output threshold command 342
mls qos rewrite ip dscp command 344
mls qos srr-queue input bandwidth command 346
mls qos srr-queue input buffers command 348
mls qos-srr-queue input cos-map command 350
mls qos srr-queue input dscp-map command 352
mls qos srr-queue input priority-queue command 354
mls qos srr-queue input threshold command 356
mls qos-srr-queue output cos-map command 358
mls qos srr-queue output dscp-map command 360
mls qos trust command 362
mls qos vlan-based command 364
mode, MVR 369
Mode button, and password recovery 437
modes, commands 1
monitor session command 365
more (boot loader) command 15
MSTP
displaying 649
interoperability 97
link type 702
MST region
aborting changes 706
applying changes 706
configuration name 706
configuration revision number 706
current or pending display 706
displaying 649
MST configuration mode 706
VLANs-to-instance mapping 706
path cost 708
protocol mode 705
restart protocol migration process 97
root port
loop guard 700
preventing from becoming designated 700
restricting which can be root 700
root guard 700
root switch
affects of extended system ID 699
hello-time 711, 719
interval between BDPU messages 712
interval between hello BPDU messages 711, 719
max-age 712
maximum hop count before discarding BPDU 713
port priority for selection of 715
MSTP (continued)
root switch
primary or secondary 719
switch priority 718
state changes
blocking to forwarding state 725
enabling BPDU filtering 691, 723
enabling BPDU guard 693, 723
enabling Port Fast 723, 725
forward-delay time 710
length of listening and learning states 710
rapid transition to forwarding 702
shutting down Port Fast-enabled ports 723
state information display 648
MTU
configuring size 784
displaying global setting 656
Multicase Listener Discovery
See MLD
multicast group address, MVR 372
multicast groups, MVR 370
Multicast Listener Discovery
See MLD
multicast router learning method 250
multicast router ports, configuring 250
multicast router ports, IPv6 282
multicast storm control 741
multicast VLAN, MVR 369
multicast VLAN registration
See MVR
Multiple Spanning Tree Protocol
See MSTP
MVR
and address aliasing 370
configuring 369
configuring interfaces 372
debug messages, display 27
displaying 625
displaying interface information 627
MVR (continued)
members, displaying 629
mvr (global configuration) command 369
mvr (interface configuration) command 372
mvr vlan group command 373
N
native VLANs 776
native VLAN tagging 805
network-policy (global configuration) command 376
network-policy command 375
network-policy profile (network-policy configuration) command 377
nmsp attachment suppress command 380
nmsp command 379
no authentication logging verbose 381
no dot1x logging verbose 382
no mab logging verbose 383
nonegotiate, speed 733
nonegotiating DTP messaging 762
non-IP protocols
denying 122
forwarding 396
non-IP traffic access lists 309
non-IP traffic forwarding
denying 122
permitting 396
normal-range VLANs 801
O
online diagnostics
global configuration mode
clearing health monitoring diagnostic test schedule 81
clearing test-based testing schedule 127
setting health monitoring diagnostic testing 81
setting test-based testing 127
setting up health monitoring diagnostic test schedule 81
setting up test-based testing 127
health monitoring diagnostic tests, configuring 125
scheduled switchover
disabling 127
enabling 127
scheduling
enabling 127
removing 127
testing, starting 129
test interval, setting 127
P
PAgP
See EtherChannel
pagp learn-method command 384
pagp port-priority command 386
password, VTP 814
password-recovery mechanism, enabling and disabling 437
permit (ARP access-list configuration) command 388
permit (IPv6) command 390
permit (MAC access-list configuration) command 396
per-VLAN spanning-tree plus
See STP
physical-port learner 384
PID, displaying 533
PIM-DVMRP, as multicast router learning method 250
PoE
configuring the power budget 410
configuring the power management mode 407
displaying controller register values 485
displaying power management information 642
logging of status 302
police aggregate command 401
police command 399
policed-DSCP map 336
policy-map command 403
policy maps
applying to an interface 439, 444
creating 403
displaying 637
hierarchical 404
policers
displaying 611
for a single class 399
for multiple classes 330, 401
policed-DSCP map 336
traffic classification
defining the class 73
defining trust states 792
setting DSCP or IP precedence values 442
Port Aggregation Protocol
See EtherChannel
port-based authentication
AAA method list 3, 799
configuring violation modes 169
debug messages, display 10
enabling IEEE 802.1x
globally 130
per interface 158
guest VLAN 145
host modes 148
IEEE 802.1x AAA accounting methods 1
initialize an interface 150, 165
MAC authentication bypass 151
manual control of authorization state 158
port-based authentication (continued)
PAE as authenticator 157
periodic re-authentication
enabling 162
time between attempts 166
quiet period between failed authentication exchanges 166
re-authenticating IEEE 802.1x-enabled ports 160
resetting configurable IEEE 802.1x parameters 143
switch-to-authentication server retransmission time 166
switch-to-client frame-retransmission number 153 to 155
switch-to-client retransmission time 166
test for IEEE 802.1x readiness 164
port-channel load-balance command 406
Port Fast, for spanning tree 725
port ranges, defining 112
ports, debugging 72
ports, protected 775
port security
aging 769
debug messages, display 74
enabling 764
violation error recovery 179
port trust states for QoS 362
port types, MVR 372
power information, displaying 505
power inline command 407
power inline consumption command 410
Power over Ethernet
See PoE
power rps command (user EXEC) 412
priority-queue command 414
private-vlan command 416
private-vlan mapping command 419
private VLANs
association 773
configuring 416
configuring ports 760
displaying 662
host ports 760
mapping
configuring 773
displaying 520
promiscuous ports 760
privileged EXEC mode 2, 3
product identification information, displaying 533
promiscuous ports, private VLANs 760
protected ports, displaying 526
pruning
VLANs 776
VTP
displaying interface information 520
enabling 814
pruning-eligible VLAN list 778
PVST+
See STP
Q
QoS
auto-QoS
configuring 52
debug messages, display 4
displaying 458
auto-QoS trust
configuring 49
class maps
creating 76
defining the match criteria 323
displaying 469
defining the CoS value for an incoming packet 332
displaying configuration information 458, 610
DSCP transparency 344
QoS (continued)
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 334
defining DSCP-to-DSCP-mutation map 336
egress queues
allocating buffers 340
defining the CoS output queue threshold map 358
defining the DSCP output queue threshold map 360
displaying buffer allocations 614
displaying CoS output queue threshold map 617
displaying DSCP output queue threshold map 617
displaying queueing strategy 614
displaying queue-set settings 620
enabling bandwidth shaping and scheduling 737
enabling bandwidth sharing and scheduling 739
limiting the maximum output on a port 735
mapping a port to a queue-set 421
mapping CoS values to a queue and threshold 358
mapping DSCP values to a queue and threshold 360
setting maximum and reserved memory allocations 342
setting WTD thresholds 342
enabling 328
ingress queues
allocating buffers 348
assigning SRR scheduling weights 346
defining the CoS input queue threshold map 350
defining the DSCP input queue threshold map 352
displaying buffer allocations 614
displaying CoS input queue threshold map 617
displaying DSCP input queue threshold map 617
displaying queueing strategy 614
displaying settings for 612
enabling the priority queue 354
QoS (continued)
ingress queues
mapping CoS values to a queue and threshold 350
mapping DSCP values to a queue and threshold 352
setting WTD thresholds 356
maps
defining 336, 350, 352, 358, 360
displaying 617
policy maps
applying an aggregate policer 401
applying to an interface 439, 444
creating 403
defining policers 330, 399
displaying policers 611
displaying policy maps 637
hierarchical 404
policed-DSCP map 336
setting DSCP or IP precedence values 442
traffic classifications 73
trust states 792
port trust states 362
queues, enabling the expedite 414
statistics
in-profile and out-of-profile packets 614
packets enqueued or dropped 614
sent and received CoS values 614
sent and received DSCP values 614
trusted boundary for IP phones 362
VLAN-based 364
quality of service
See QoS
querytime, MVR 369
queue-set command 421
R
radius-server dead-criteria command 422
radius-server host command 424
rapid per-VLAN spanning-tree plus
See STP
rapid PVST+
See STP
rcommand command 426
re-authenticating IEEE 802.1x-enabled ports 160
re-authentication
periodic 162
time between attempts 166
receiver ports, MVR 372
receiving flow-control packets 185
recovery mechanism
causes 179
display 80, 464, 507, 511
timer interval 180
redundancy for cluster switches 109
redundant power supply
See RPS
remote-span command 428
Remote Switched Port Analyzer
See RSPAN
rename (boot loader) command 16
renew ip dhcp snooping database command 430
reset (boot loader) command 17
resource templates, displaying 644
restricted VLAN
See dot1x auth-fail vlan
rmdir (boot loader) command 18
rmon collection stats command 433
root guard, for spanning tree 700
routed ports
IP addresses on 197
number supported 197
RPS 2300
configuring 412
managing 412
RSPAN
configuring 365
displaying 623
filter RSPAN traffic 365
remote-span command 428
sessions
displaying 623
S
scheduled switchover
disabling 127
enabling 127
sdm prefer command 434
SDM templates
allowed resources 435
displaying 644
dual IPv4 and IPv6 434
secure ports, limitations 766
sending flow-control packets 185
service password-recovery command 437
service-policy command 439
set (boot loader) command 19
set command 442
setup command 444
setup express command 447
show access-lists command 449
show archive status command 452
show arp access-list command 453
show authentication command 454
show auto qos command 458
show boot command 462
show cable-diagnostics tdr command 464
show cisp command 468
show class-map command 469
show cluster candidates command 472
show cluster command 470
show cluster members command 474
show controllers cpu-interface command 476
show controllers ethernet-controller command 478
show controllers power inline command 485
show controllers tcam command 487
show controller utilization command 489
show dot1q-tunnel command 494
show dot1x command 495
show dtp 500
show eap command 502
show env command 505
show errdisable detect command 507
show errdisable flap-values command 509
show errdisable recovery command 511
show etherchannel command 513
show fallback profile command 516
show flowcontrol command 518
show interfaces command 520
show interfaces counters command 531
show inventory command 533
show ip arp inspection command 534
show ipc command 559
show ip dhcp snooping binding command 539
show ip dhcp snooping command 538
show ip dhcp snooping database command 541, 543
show ip igmp profile command 546
show ip igmp snooping address command 568
show ip igmp snooping command 547, 566
show ip igmp snooping groups command 550
show ip igmp snooping mrouter command 552, 570
show ip igmp snooping querier command 554, 572
show ip source binding command 556
show ipv6 access-list command 563
show ipv6 dhcp conflict command 565
show ipv6 route updated 574
show ip verify source command 557
show l2protocol-tunnel command 576
show lacp command 579
show link state group command 586
show lldp command 583
show location 584
show mac access-group command 588
show mac address-table address command 591
show mac address-table aging time command 593
show mac address-table command 589
show mac address-table count command 595
show mac address-table dynamic command 597
show mac address-table interface command 599
show mac address-table learning command 601
show mac address-table move update command 602
show mac address-table notification command 91, 604, 25
show mac address-table static command 606
show mac address-table vlan command 608
show mls qos aggregate-policer command 611
show mls qos command 610
show mls qos input-queue command 612
show mls qos interface command 614
show mls qos maps command 617
show mls qos queue-set command 620
show mls qos vlan command 622
show monitor command 623
show mvr command 625
show mvr interface command 627
show mvr members command 629
show network-policy profile command 631
show nmsp command 632
show pagp command 635
show platform acl command 2
show platform backup interface command 3
show platform configuration command 4
show platform etherchannel command 5
show platform forward command 6
show platform frontend-controller command 8
show platform igmp snooping command 9
show platform ip multicast command 11
show platform ip unicast command 12
show platform ipv6 unicast command 17
show platform ip wccp command 16
show platform layer4op command 19
show platform mac-address-table command 20
show platform messaging command 21
show platform monitor command 22
show platform mvr table command 23
show platform pm command 24
show platform port-asic command 25
show platform port-security command 30
show platform qos command 31
show platform resource-manager command 32
show platform snmp counters command 34
show platform spanning-tree command 35
show platform stp-instance command 36
show platform tcam command 37
show platform vlan command 40
show policy-map command 637
show port security command 639
show power inline command 642
show sdm prefer command 644
show setup express command 647
show spanning-tree command 648
show storm-control command 654
show system mtu command 656
show trust command 792
show udld command 657
show version command 660
show vlan access-map command 666
show vlan command 662
show vlan command, fields 664
show vlan filter command 667
show vmps command 668
show vtp command 670
shutdown command 675
shutdown threshold, Layer 2 protocol tunneling 286
shutdown vlan command 676
small violation-rate command 677
SNMP host, specifying 684
SNMP informs, enabling the sending of 679
snmp-server enable traps command 679
snmp-server host command 684
snmp trap mac-notification change command 688
SNMP traps
enabling MAC address notification trap 688
enabling the MAC address notification feature 316
enabling the sending of 679
SoftPhone
See Cisco SoftPhone
software images
deleting 114
downloading 8
upgrading 8
uploading 14
software version, displaying 660
source ports, MVR 372
SPAN
configuring 365
debug messages, display 26
displaying 623
filter SPAN traffic 365
sessions
add interfaces to 365
displaying 623
start new 365
spanning-tree backbonefast command 690
spanning-tree bpdufilter command 691
spanning-tree bpduguard command 693
spanning-tree cost command 695
spanning-tree etherchannel command 697
spanning-tree extend system-id command 699
spanning-tree guard command 700
spanning-tree link-type command 702
spanning-tree loopguard default command 704
spanning-tree mode command 705
spanning-tree mst configuration command 706
spanning-tree mst cost command 708
spanning-tree mst forward-time command 710
spanning-tree mst hello-time command 711
spanning-tree mst max-age command 712
spanning-tree mst max-hops command 713
spanning-tree mst port-priority command 715
spanning-tree mst pre-standard command 717
spanning-tree mst priority command 718
spanning-tree mst root command 719
spanning-tree portfast (global configuration) command 723
spanning-tree portfast (interface configuration) command 725
spanning-tree port-priority command 721
Spanning Tree Protocol
See STP
spanning-tree transmit hold-count command 727
spanning-tree uplinkfast command 728
spanning-tree vlan command 730
speed command 733
srr-queue bandwidth limit command 735
srr-queue bandwidth share command 739
SSH, configuring version 256
static-access ports, configuring 746
statistics, Ethernet group 433
sticky learning, enabling 764
storm-control command 741
STP
BackboneFast 690
counters, clearing 96
debug messages, display
BackboneFast events 78
MSTP 81
optimized BPDUs handling 80
spanning-tree activity 76
switch shim 83
transmitted and received BPDUs 79
UplinkFast 85
detection of indirect link failures 690
enabling protocol tunneling for 286
EtherChannel misconfiguration 697
extended system ID 699
STP (continued)
path cost 695
protocol modes 705
root port
accelerating choice of new 728
loop guard 700
preventing from becoming designated 700
restricting which can be root 700
root guard 700
UplinkFast 728
root switch
affects of extended system ID 699, 731
hello-time 730
interval between BDPU messages 730
interval between hello BPDU messages 730
max-age 730
port priority for selection of 721
primary or secondary 730
switch priority 730
state changes
blocking to forwarding state 725
enabling BPDU filtering 691, 723
enabling BPDU guard 693, 723
enabling Port Fast 723, 725
enabling timer to recover from error state 179
forward-delay time 730
length of listening and learning states 730
shutting down Port Fast-enabled ports 723
state information display 648
VLAN options 718, 730
SVIs, creating 191
SVI status calculation 748
Switched Port Analyzer
See SPAN
switching characteristics
modifying 744
returning to interfaces 744
switchport access command 746
switchport autostate exclude command 748
switchport backup interface command 750
switchport block command 754
switchport command 744
switchport host command 756
switchport mode command 757
switchport mode private-vlan command 760
switchport nonegotiate command 762
switchport port-security aging command 769
switchport port-security command 764
switchport priority extend command 771
switchport private-vlan command 773
switchport protected command 775
switchports, displaying 520
switchport trunk command 776
switchport voice vlan command 779, 780
system env temperature threshold yellow command 782
system message logging 302
system message logging, save message to flash 303
system mtu command 784
system resource templates 434
T
tar files, creating, listing, and extracting 11
TDR, running 786
Telnet, using to communicate to cluster switches 426
temperature information, displaying 505
templates, system resources 434
test cable-diagnostics tdr command 786
traceroute mac command 787
traceroute mac ip command 790
trunking, VLAN mode 757
trunk mode 757
trunk ports 757
trunks, to non-DTP device 758
trusted boundary for QoS 362
trusted port states for QoS 362
tunnel ports, Layer 2 protocol, displaying 576
type (boot loader) command 22
U
UDLD
aggressive mode 794, 796
debug messages, display 92
enable globally 794
enable per interface 796
error recovery timer 179
message timer 794
normal mode 794, 796
reset a shutdown interface 798
status 657
udld command 794
udld port command 796
udld reset command 798
unicast storm control 741
UniDirectional Link Detection
See UDLD
unknown multicast traffic, preventing 754
unknown unicast traffic, preventing 754
unset (boot loader) command 23
upgrading
software images
downloading 8
monitoring status of 452
UplinkFast, for STP 728
user EXEC mode 2
V
version (boot loader) command 25
vlan access-map command 802
VLAN access map configuration mode 802
VLAN access maps
actions 6
displaying 666
VLAN-based QoS 364
VLAN configuration mode
commands
VLAN 801
VTP 819
description 4
entering 804
summary 2
vlan dot1q tag native command 805
vlan filter command 806
VLAN filters, displaying 667
VLAN maps
applying 806
creating 802
defining 321
displaying 666
VLAN Query Protocol
See VQP
VLANs
configuring 801
debug messages, display
ISL 89
VLAN IOS file system error tests 88
VLAN manager activity 86
VTP 90
displaying configurations 662
enabling guest VLAN supplicant 133, 144, 184
MAC addresses
displaying 608
number of 595
normal-range 801
private 760
configuring 416
displaying 662
See also private VLANs
restarting 676
shutting down 676
SNMP traps for VTP 681, 685
suspending 676
VLAN Trunking Protocol
See VTP
VMPS
configuring servers 811
displaying 668
error recovery timer 180
reconfirming dynamic VLAN assignments 808
vmps reconfirm (global configuration) command 809
vmps reconfirm (privileged EXEC) command 808
vmps retry command 810
vmps server command 811
voice VLAN
configuring 779, 780
setting port priority 771
VQP
and dynamic-access ports 747
clearing client statistics 98
displaying information 668
per-server retry count 810
reconfirmation interval 809
reconfirming dynamic VLAN assignments 808
VTP
changing characteristics 813
clearing pruning counters 99
configuring
domain name 813
file name 813
mode 813
password 814
counters display fields 671
displaying information 670
enabling
pruning 814
tunneling for 286
Version 2 814
VTP (continued)
enabling per port 818
mode 813
pruning 814
statistics 670
status 670
status display fields 673
vtp (global configuration) command 813
vtp interface configuration) command 818
vtp primary command 820
Index
A
aaa accounting dot1x command 1
aaa authentication dot1x command 3, 799
aaa authorization network command 5, 20, 26, 28, 30, 32, 34, 138, 305, 468, 7, 33
AAA methods 3, 799
access control entries
See ACEs
access control lists
See ACLs
access groups
IP 193
MAC, displaying 588
access list, IPv6 262
access map configuration mode 321
access mode 757
access ports 757
ACEs 124, 398
ACLs
deny 122
displaying 449
for non-IP protocols 309
IP 193
matching 321
on Layer 2 interfaces 193
permit 396
action command 6
address aliasing 370
aggregate-port learner 384
allowed VLANs 776
archive download-sw command 8
archive tar command 11
archive upload-sw command 14
arp access-list command 16
authentication command bounce-port ignore 18
authentication command disable-port ignore 19
authentication control-direction command 20
authentication event command 22
authentication failed VLAN
See dot1x auth-fail vlan
authentication fallback command 26
authentication host-mode command 28
authentication mac-move permit command 30
authentication open command 32
authentication order command 34
authentication periodic command 36
authentication port-control command 38
authentication priority command 40
authentication timer command 42
authentication violation command 44
auth-fail max-attempts
See dot1x auth-fail max-attempts
auth-fail vlan
See dot1x auth-fail vlan
auth open command 32
auth order command 34
authorization state of controlled port 158
auth timer command 42
autonegotiation of duplex mode 171
auto qos classify command 46
auto qos trust command 49
auto qos voip command 52
B
BackboneFast, for STP 690
backup interfaces
configuring 750
displaying 520
boot (boot loader) command 2
boot auto-download-sw command 57
boot config-file command 60
boot enable-break command 61
boot helper command 62
boot helper-config file command 63
booting
Cisco IOS image 66
displaying environment variables 462
interrupting 57, 61
manually 64
boot loader
accessing 1
booting
Cisco IOS image 2
helper image 62
directories
creating 14
displaying a list of 7
removing 18
displaying
available commands 12
memory heap utilization 13
version 25
environment variables
described 19
displaying settings 19
location of 20
setting 19
unsetting 23
boot loader (continued)
files
copying 5
deleting 6
displaying a list of 7
displaying the contents of 4, 15, 22
renaming 16
file system
formatting 10
initializing flash 9
running a consistency check 11
prompt 1
resetting the system 17
boot manual command 64
boot private-config-file command 65
boot system command 66
BPDU filtering, for spanning tree 691, 723
BPDU guard, for spanning tree 693, 723
broadcast storm control 741
C
candidate switches
See clusters
cat (boot loader) command 4
CDP, enabling protocol tunneling for 286
channel-group command 68
channel-protocol command 71
Cisco SoftPhone
auto-QoS configuration 52
trusting packets sent from 362
CISP
See Client Information Signalling Protocol
cisp
debug platform cisp command 33
cisp enable command 72
class command 73
class-map command 76
class maps
creating 76
defining the match criteria 323
displaying 469
class of service
See CoS
clear dot1x command 78
clear eap sessions command 79
clear errdisable interface 80
clear ip arp inspection log command 81
clear ip arp inspection statistics command 82
clear ipc command 85
clear ip dhcp snooping database command 83
clear ipv6 dhcp conflict command 86
clear l2protocol-tunnel counters command 87
clear lacp command 88
clear mac address-table command 89, 91
clear nmsp statistics command 92
clear pagp command 93
clear port-security command 94
clear spanning-tree counters command 96
clear spanning-tree detected-protocols command 97
clear vmps statistics command 98
clear vtp counters command 99
Client Information Signalling Protocol 72, 138, 468, 7, 33
cluster commander-address command 100
cluster discovery hop-count command 102
cluster enable command 103
cluster holdtime command 104
cluster member command 105
cluster outside-interface command 107
cluster run command 108
clusters
adding candidates 105
binding to HSRP group 109
building manually 105
communicating with
devices outside the cluster 107
members by using Telnet 426
clusters (continued)
debug messages, display 8
displaying
candidate switches 472
debug messages 8
member switches 474
status 470
hop-count limit for extended discovery 102
HSRP standby groups 109
redundancy 109
SNMP trap 679
cluster standby-group command 109
cluster timer command 111
command modes defined 1
command switch
See clusters
configuration files
password recovery disable considerations 1
specifying the name 60, 65
configuring multiple interfaces 189
copy (boot loader) command 5
CoS
assigning default value to incoming packets 332
assigning to Layer 2 protocol packets 289
overriding the incoming value 332
CoS-to-DSCP map 336
CPU ASIC statistics, displaying 476
crashinfo files 182
critical VLAN 23
D
debug authentication 2
debug auto qos command 4
debug backup command 6
debug cisp command 7
debug cluster command 8
debug dot1x command 10
debug dtp command 11
debug eap command 12
debug etherchannel command 13
debug ilpower command 14
debug interface command 15
debug ip dhcp snooping command 16
debug ip igmp filter command 18
debug ip igmp max-groups command 19
debug ip igmp snooping command 20
debug ip verify source packet command 17
debug lacp command 21
debug lldp packets command 22
debug mac-notification command 23
debug matm command 24
debug matm move update command 25
debug monitor command 26
debug mvrdbg command 27
debug nmsp command 28
debug nvram command 29
debug pagp command 30
debug platform acl command 31
debug platform backup interface command 32
debug platform cisp command 33
debug platform configuration command 41
debug platform cpu-queues command 34
debug platform device-manager command 36
debug platform dot1x command 37
debug platform etherchannel command 38
debug platform fallback-bridging command 39
debug platform forw-tcam command 40
debug platform ip arp inspection command 42
debug platform ip dhcp command 43
debug platform ip igmp snooping command 44
debug platform ip multicast command 46
debug platform ip source-guard command 48
debug platform ip unicast command 49
debug platform ip wccp command 51
debug platform led command 52
debug platform matm command 53
debug platform messaging application command 54
debug platform phy command 55
debug platform pm command 57
debug platform port-asic command 59
debug platform port-security command 60
debug platform qos-acl-tcam command 61
debug platform remote-commands command 62
debug platform resource-manager command 63
debug platform snmp command 64
debug platform span command 65
debug platform supervisor-asic command 66
debug platform sw-bridge command 67
debug platform tcam command 68
debug platform udld command 70
debug platform vlan command 71
debug pm command 72
debug port-security command 74
debug qos-manager command 75
debug spanning-tree backbonefast command 78
debug spanning-tree bpdu command 79
debug spanning-tree bpdu-opt command 80
debug spanning-tree command 76
debug spanning-tree mstp command 81
debug spanning-tree switch command 83
debug spanning-tree uplinkfast command 85
debug sw-vlan command 86
debug sw-vlan ifs command 88
debug sw-vlan notification command 89
debug sw-vlan vtp command 90
debug udld command 92
debug vqpc command 94
define interface-range command 112
delete (boot loader) command 6
delete command 114
deny (ARP access-list configuration) command 115
deny (IPv6) command 117
deny command 122
detect mechanism, causes 173
DHCP snooping
accepting untrusted packets from edge switch 224
enabling
on a VLAN 230
option 82 222, 224
trust on an interface 228
error recovery timer 179
rate limiting 227
DHCP snooping binding database
binding file, configuring 220
bindings
adding 218
deleting 218
displaying 539
clearing database agent statistics 83
database agent, configuring 220
displaying
binding entries 539
database agent status 541, 543
renewing 430
dir (boot loader) command 7
directories, deleting 114
domain name, VTP 813
dot1x auth-fail max-attempts 132
dot1x auth-fail vlan 134
dot1x command 130
dot1x control-direction command 136
dot1x credentials (global configuration) command 138
dot1x critical global configuration command 139
dot1x critical interface configuration command 141
dot1x default command 143
dot1x fallback command 144
dot1x guest-vlan command 145
dot1x host-mode command 148
dot1x initialize command 150
dot1x mac-auth-bypass command 151
dot1x max-reauth-req command 153
dot1x max-req command 155
dot1x multiple-hosts command 156
dot1x pae command 157
dot1x port-control command 158
dot1x re-authenticate command 160
dot1x re-authentication command 161
dot1x reauthentication command 162
dot1x supplicant force-multicast command 163
dot1x test eapol-capable command 164
dot1x test timeout command 165
dot1x timeout command 166
dot1x violation-mode command 169
dropping packets, with ACL matches 6
drop threshold, Layer 2 protocol tunneling 286
DSCP-to-CoS map 336
DSCP-to-DSCP-mutation map 336
DTP 758
DTP flap
error detection for 173
error recovery timer 179
DTP negotiation 762
dual-purpose uplink ports
displaying configurable options 523
selecting the type 326
duplex command 170
dynamic-access ports
configuring 746
restrictions 747
dynamic ARP inspection
ARP ACLs
apply to a VLAN 201
define 16
deny packets 115
display 453
permit packets 388
clear
log buffer 81
statistics 82
dynamic ARP inspection (continued)
display
ARP ACLs 453
configuration and operating state 534
log buffer 534
statistics 534
trust state and rate limit 534
enable per VLAN 211
error detection for 173
error recovery timer 179
log buffer
clear 81
configure 205
display 534
rate-limit incoming ARP packets 203
statistics
clear 82
display 534
trusted interface state 207
type of packet logged 212
validation checks 209
dynamic auto VLAN membership mode 757
dynamic desirable VLAN membership mode 757
Dynamic Host Configuration Protocol (DHCP)
See DHCP snooping
Dynamic Trunking Protocol
See DTP
E
EAP-request/identity frame
maximum number to send 155
response time before retransmitting 166
encapsulation methods 776
environment variables, displaying 462
epm access-control open 172
errdisable detect cause command 173
errdisable detect cause small-frame comand 176
errdisable recovery cause small-frame 178
errdisable recovery command 179
error conditions, displaying 509
error disable detection 173
error-disabled interfaces, displaying 520
EtherChannel
assigning Ethernet interface to channel group 68
creating port-channel logical interface 187
debug EtherChannel/PAgP, display 13
debug platform-specific events, display 38
displaying 513
enabling Layer 2 protocol tunneling for
LACP 287
PAgP 287
UDLD 287
interface information, displaying 520
LACP
clearing channel-group information 88
debug messages, display 21
displaying 579
modes 68
port priority for hot-standby ports 290
restricting a protocol 71
system priority 292
load-distribution methods 406
PAgP
aggregate-port learner 384
clearing channel-group information 93
debug messages, display 30
displaying 635
error detection for 173
error recovery timer 179
learn method 384
modes 68
physical-port learner 384
priority of interface for transmitted traffic 386
Ethernet controller, internal register display 478
Ethernet statistics, collecting 433
exception crashinfo command 182
extended discovery of candidate switches 102
extended-range VLANs
and allowed VLAN list 776
and pruning-eligible list 776
extended system ID for STP 699
F
fallback profile command 183
fallback profiles, displaying 516
fan information, displaying 505
file name, VTP 813
files, deleting 114
flash_init (boot loader) command 9
flexible authentication ordering 34
Flex Links
configuring 750
configuring preferred VLAN 752
displaying 520
flowcontrol command 185
format (boot loader) command 10
forwarding packets, with ACL matches 6
forwarding results, display 6
frame forwarding information, displaying 6
front-end controller, counter and status information 8
fsck (boot loader) command 11
G
global configuration mode 2, 3
H
hardware ACL statistics 449
help (boot loader) command 12
hierarchical policy maps 404
hop-count limit for clusters 102
host connection, port configuration 756
host ports, private VLANs 760
Hot Standby Router Protocol
See HSRP
HSRP
binding HSRP group to cluster 109
standby group 109
I
IEEE 802.1Q trunk ports and native VLANs 805
IEEE 802.1Q tunnel ports
configuring 757
displaying 494
limitations 758
IEEE 802.1x
and switchport modes 758
violation error recovery 179
See also port-based authentication
IEEE 802.1X Port Based Authentication
enabling guest VLAN supplicant 133, 144, 184
IGMP filters
applying 233
debug messages, display 18
IGMP groups, setting maximum 234
IGMP maximum groups, debugging 19
IGMP profiles
creating 236
displaying 546
IGMP snooping
adding ports as a static member of a group 252
displaying 547, 552, 554
enabling 238
enabling the configurable-leave timer 240
enabling the Immediate-Leave feature 249
flooding query count 246
interface topology change notification behavior 248
multicast table 550
querier 242
query solicitation 246
report suppression 244
IGMP snooping (continued)
switch topology change notification behavior 246
images
See software images
Immediate-Leave feature, MVR 372
immediate-leave processing 249
Immediate-Leave processing, IPv6 282
interface configuration mode 2, 4
interface port-channel command 187
interface range command 189
interface-range macros 112
interfaces
assigning Ethernet interface to channel group 68
configuring 170
configuring multiple 189
creating port-channel logical 187
debug messages, display 15
disabling 675
displaying the MAC address table 599
restarting 675
interface speed, configuring 733
interface vlan command 191
internal registers, displaying 478, 487
Internet Group Management Protocol
See IGMP
invalid GBIC
error detection for 173
error recovery timer 179
ip access-group command 193
ip address command 196
IP addresses, setting 196
IP address matching 321
ip admission command 198
ip admission name proxy http command 199
ip arp inspection filter vlan command 201
ip arp inspection limit command 203
ip arp inspection log-buffer command 205
ip arp inspection trust command 207
ip arp inspection validate command 209
ip arp inspection vlan command 211
ip arp inspection vlan logging command 212
ip device tracking command 216
ip device tracking probe command 214
IP DHCP snooping
See DHCP snooping
ip dhcp snooping binding command 218
ip dhcp snooping command 217
ip dhcp snooping database command 220
ip dhcp snooping information option allow-untrusted command 224
ip dhcp snooping information option command 222
ip dhcp snooping information option format remote-id command 226
ip dhcp snooping limit rate command 227
ip dhcp snooping trust command 228
ip dhcp snooping verify command 229
ip dhcp snooping vlan command 230
ip dhcp snooping vlan information option format-type circuit-id string command 231
ip igmp filter command 233
ip igmp max-groups command 234, 257, 259
ip igmp profile command 236
ip igmp snooping command 238
ip igmp snooping last-member-query-interval command 240
ip igmp snooping querier command 242
ip igmp snooping report-suppression command 244
ip igmp snooping tcn command 246
ip igmp snooping tcn flood command 248
ip igmp snooping vlan immediate-leave command 249
ip igmp snooping vlan mrouter command 250
ip igmp snooping vlan static command 252
IP multicast addresses 369
IP phones
auto-QoS configuration 52
trusting packets sent from 362
IP-precedence-to-DSCP map 336
ip source binding command 254
IP source guard
disabling 261
displaying
binding entries 556
configuration 557
dynamic binding entries only 539
enabling 261
static IP source bindings 254
ip ssh command 256
IPv6 access list, deny conditions 117
ipv6 access-list command 262
ipv6 address dhcp command 264
ipv6 dhcp client request vendor command 265
ipv6 dhcp ping packets command 266
ipv6 dhcp pool command 267
ipv6 dhcp server command 269
ipv6 mld snooping command 271
ipv6 mld snooping last-listener-query count command 273
ipv6 mld snooping last-listener-query-interval command 275
ipv6 mld snooping listener-message-suppression command 277
ipv6 mld snooping robustness-variable command 278
ipv6 mld snooping tcn command 280
ipv6 mld snooping vlan command 282
IPv6 SDM template 434
ipv6 traffic-filter command 284
ip verify source command 261
J
jumbo frames
See MTU
L
l2protocol-tunnel command 286
l2protocol-tunnel cos command 289
LACP
See EtherChannel
lacp port-priority command 290
lacp system-priority command 292
Layer 2 mode, enabling 744
Layer 2 protocol ports, displaying 576
Layer 2 protocol-tunnel
error detection for 173
error recovery timer 179
Layer 2 protocol tunnel counters 87
Layer 2 protocol tunneling error recovery 287
Layer 2 traceroute
IP addresses 790
MAC addresses 787
Layer 3 mode, enabling 744
line configuration mode 2, 4
Link Aggregation Control Protocol
See EtherChannel
link flap
error detection for 173
error recovery timer 179
link state group command 294
link state track command 296
load-distribution methods for EtherChannel 406
location (global configuration) command 297
location (interface configuration) command 299
logging event command 301
logging event power-inline-status command 302
logging file command 303
logical interface 187
loopback error
detection for 173
recovery timer 179
loop guard, for spanning tree 700, 704
M
mab request format attribute 32 command 305
mac access-group command 307
MAC access-groups, displaying 588
MAC access list configuration mode 309
mac access-list extended command 309
MAC access lists 122
MAC addresses
disabling MAC address learning per VLAN 312
displaying
aging time 593
all 591
dynamic 597
MAC address-table move updates 602
notification settings 601, 604
number of addresses in a VLAN 595
per interface 599
per VLAN 608
static 606
static and dynamic entries 589
dynamic
aging time 311
deleting 89
displaying 597
enabling MAC address notification 316
enabling MAC address-table move update 314
matching 321
static
adding and removing 318
displaying 606
dropping on an interface 319
tables 591
MAC address notification, debugging 23
mac address-table aging-time 307, 321
mac address-table aging-time command 311
mac address-table learning command 312
mac address-table move update command 314
mac address-table notification command 316
mac address-table static command 318
mac address-table static drop command 319
macros
interface range 112, 189
maps
QoS
defining 336
displaying 617
VLAN
creating 802
defining 321
displaying 666
match (access-map configuration) command 321
match (class-map configuration) command 323
maximum transmission unit
See MTU
mdix auto command 325
media-type (interface configuration) command 326
member switches
See clusters
memory (boot loader) command 13
mkdir (boot loader) command 14
MLD snooping
configuring 277, 278
configuring queries 273, 275
configuring topology change notification 280
displaying 566, 568, 570, 572
enabling 271
MLD snooping on a VLAN, enabling 282
mls qos aggregate-policer command 330
mls qos command 328
mls qos cos command 332
mls qos dscp-mutation command 334
mls qos map command 336
mls qos queue-set output buffers command 340
mls qos queue-set output threshold command 342
mls qos rewrite ip dscp command 344
mls qos srr-queue input bandwidth command 346
mls qos srr-queue input buffers command 348
mls qos-srr-queue input cos-map command 350
mls qos srr-queue input dscp-map command 352
mls qos srr-queue input priority-queue command 354
mls qos srr-queue input threshold command 356
mls qos-srr-queue output cos-map command 358
mls qos srr-queue output dscp-map command 360
mls qos trust command 362
mls qos vlan-based command 364
mode, MVR 369
Mode button, and password recovery 437
modes, commands 1
monitor session command 365
more (boot loader) command 15
MSTP
displaying 649
interoperability 97
link type 702
MST region
aborting changes 706
applying changes 706
configuration name 706
configuration revision number 706
current or pending display 706
displaying 649
MST configuration mode 706
VLANs-to-instance mapping 706
path cost 708
protocol mode 705
restart protocol migration process 97
root port
loop guard 700
preventing from becoming designated 700
restricting which can be root 700
root guard 700
root switch
affects of extended system ID 699
hello-time 711, 719
interval between BDPU messages 712
interval between hello BPDU messages 711, 719
max-age 712
maximum hop count before discarding BPDU 713
port priority for selection of 715
MSTP (continued)
root switch
primary or secondary 719
switch priority 718
state changes
blocking to forwarding state 725
enabling BPDU filtering 691, 723
enabling BPDU guard 693, 723
enabling Port Fast 723, 725
forward-delay time 710
length of listening and learning states 710
rapid transition to forwarding 702
shutting down Port Fast-enabled ports 723
state information display 648
MTU
configuring size 784
displaying global setting 656
Multicase Listener Discovery
See MLD
multicast group address, MVR 372
multicast groups, MVR 370
Multicast Listener Discovery
See MLD
multicast router learning method 250
multicast router ports, configuring 250
multicast router ports, IPv6 282
multicast storm control 741
multicast VLAN, MVR 369
multicast VLAN registration
See MVR
Multiple Spanning Tree Protocol
See MSTP
MVR
and address aliasing 370
configuring 369
configuring interfaces 372
debug messages, display 27
displaying 625
displaying interface information 627
MVR (continued)
members, displaying 629
mvr (global configuration) command 369
mvr (interface configuration) command 372
mvr vlan group command 373
N
native VLANs 776
native VLAN tagging 805
network-policy (global configuration) command 376
network-policy command 375
network-policy profile (network-policy configuration) command 377
nmsp attachment suppress command 380
nmsp command 379
no authentication logging verbose 381
no dot1x logging verbose 382
no mab logging verbose 383
nonegotiate, speed 733
nonegotiating DTP messaging 762
non-IP protocols
denying 122
forwarding 396
non-IP traffic access lists 309
non-IP traffic forwarding
denying 122
permitting 396
normal-range VLANs 801
O
online diagnostics
global configuration mode
clearing health monitoring diagnostic test schedule 81
clearing test-based testing schedule 127
setting health monitoring diagnostic testing 81
setting test-based testing 127
setting up health monitoring diagnostic test schedule 81
setting up test-based testing 127
health monitoring diagnostic tests, configuring 125
scheduled switchover
disabling 127
enabling 127
scheduling
enabling 127
removing 127
testing, starting 129
test interval, setting 127
P
PAgP
See EtherChannel
pagp learn-method command 384
pagp port-priority command 386
password, VTP 814
password-recovery mechanism, enabling and disabling 437
permit (ARP access-list configuration) command 388
permit (IPv6) command 390
permit (MAC access-list configuration) command 396
per-VLAN spanning-tree plus
See STP
physical-port learner 384
PID, displaying 533
PIM-DVMRP, as multicast router learning method 250
PoE
configuring the power budget 410
configuring the power management mode 407
displaying controller register values 485
displaying power management information 642
logging of status 302
police aggregate command 401
police command 399
policed-DSCP map 336
policy-map command 403
policy maps
applying to an interface 439, 444
creating 403
displaying 637
hierarchical 404
policers
displaying 611
for a single class 399
for multiple classes 330, 401
policed-DSCP map 336
traffic classification
defining the class 73
defining trust states 792
setting DSCP or IP precedence values 442
Port Aggregation Protocol
See EtherChannel
port-based authentication
AAA method list 3, 799
configuring violation modes 169
debug messages, display 10
enabling IEEE 802.1x
globally 130
per interface 158
guest VLAN 145
host modes 148
IEEE 802.1x AAA accounting methods 1
initialize an interface 150, 165
MAC authentication bypass 151
manual control of authorization state 158
port-based authentication (continued)
PAE as authenticator 157
periodic re-authentication
enabling 162
time between attempts 166
quiet period between failed authentication exchanges 166
re-authenticating IEEE 802.1x-enabled ports 160
resetting configurable IEEE 802.1x parameters 143
switch-to-authentication server retransmission time 166
switch-to-client frame-retransmission number 153 to 155
switch-to-client retransmission time 166
test for IEEE 802.1x readiness 164
port-channel load-balance command 406
Port Fast, for spanning tree 725
port ranges, defining 112
ports, debugging 72
ports, protected 775
port security
aging 769
debug messages, display 74
enabling 764
violation error recovery 179
port trust states for QoS 362
port types, MVR 372
power information, displaying 505
power inline command 407
power inline consumption command 410
Power over Ethernet
See PoE
power rps command (user EXEC) 412
priority-queue command 414
private-vlan command 416
private-vlan mapping command 419
private VLANs
association 773
configuring 416
configuring ports 760
displaying 662
host ports 760
mapping
configuring 773
displaying 520
promiscuous ports 760
privileged EXEC mode 2, 3
product identification information, displaying 533
promiscuous ports, private VLANs 760
protected ports, displaying 526
pruning
VLANs 776
VTP
displaying interface information 520
enabling 814
pruning-eligible VLAN list 778
PVST+
See STP
Q
QoS
auto-QoS
configuring 52
debug messages, display 4
displaying 458
auto-QoS trust
configuring 49
class maps
creating 76
defining the match criteria 323
displaying 469
defining the CoS value for an incoming packet 332
displaying configuration information 458, 610
DSCP transparency 344
QoS (continued)
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 334
defining DSCP-to-DSCP-mutation map 336
egress queues
allocating buffers 340
defining the CoS output queue threshold map 358
defining the DSCP output queue threshold map 360
displaying buffer allocations 614
displaying CoS output queue threshold map 617
displaying DSCP output queue threshold map 617
displaying queueing strategy 614
displaying queue-set settings 620
enabling bandwidth shaping and scheduling 737
enabling bandwidth sharing and scheduling 739
limiting the maximum output on a port 735
mapping a port to a queue-set 421
mapping CoS values to a queue and threshold 358
mapping DSCP values to a queue and threshold 360
setting maximum and reserved memory allocations 342
setting WTD thresholds 342
enabling 328
ingress queues
allocating buffers 348
assigning SRR scheduling weights 346
defining the CoS input queue threshold map 350
defining the DSCP input queue threshold map 352
displaying buffer allocations 614
displaying CoS input queue threshold map 617
displaying DSCP input queue threshold map 617
displaying queueing strategy 614
displaying settings for 612
enabling the priority queue 354
QoS (continued)
ingress queues
mapping CoS values to a queue and threshold 350
mapping DSCP values to a queue and threshold 352
setting WTD thresholds 356
maps
defining 336, 350, 352, 358, 360
displaying 617
policy maps
applying an aggregate policer 401
applying to an interface 439, 444
creating 403
defining policers 330, 399
displaying policers 611
displaying policy maps 637
hierarchical 404
policed-DSCP map 336
setting DSCP or IP precedence values 442
traffic classifications 73
trust states 792
port trust states 362
queues, enabling the expedite 414
statistics
in-profile and out-of-profile packets 614
packets enqueued or dropped 614
sent and received CoS values 614
sent and received DSCP values 614
trusted boundary for IP phones 362
VLAN-based 364
quality of service
See QoS
querytime, MVR 369
queue-set command 421
R
radius-server dead-criteria command 422
radius-server host command 424
rapid per-VLAN spanning-tree plus
See STP
rapid PVST+
See STP
rcommand command 426
re-authenticating IEEE 802.1x-enabled ports 160
re-authentication
periodic 162
time between attempts 166
receiver ports, MVR 372
receiving flow-control packets 185
recovery mechanism
causes 179
display 80, 464, 507, 511
timer interval 180
redundancy for cluster switches 109
redundant power supply
See RPS
remote-span command 428
Remote Switched Port Analyzer
See RSPAN
rename (boot loader) command 16
renew ip dhcp snooping database command 430
reset (boot loader) command 17
resource templates, displaying 644
restricted VLAN
See dot1x auth-fail vlan
rmdir (boot loader) command 18
rmon collection stats command 433
root guard, for spanning tree 700
routed ports
IP addresses on 197
number supported 197
RPS 2300
configuring 412
managing 412
RSPAN
configuring 365
displaying 623
filter RSPAN traffic 365
remote-span command 428
sessions
displaying 623
S
scheduled switchover
disabling 127
enabling 127
sdm prefer command 434
SDM templates
allowed resources 435
displaying 644
dual IPv4 and IPv6 434
secure ports, limitations 766
sending flow-control packets 185
service password-recovery command 437
service-policy command 439
set (boot loader) command 19
set command 442
setup command 444
setup express command 447
show access-lists command 449
show archive status command 452
show arp access-list command 453
show authentication command 454
show auto qos command 458
show boot command 462
show cable-diagnostics tdr command 464
show cisp command 468
show class-map command 469
show cluster candidates command 472
show cluster command 470
show cluster members command 474
show controllers cpu-interface command 476
show controllers ethernet-controller command 478
show controllers power inline command 485
show controllers tcam command 487
show controller utilization command 489
show dot1q-tunnel command 494
show dot1x command 495
show dtp 500
show eap command 502
show env command 505
show errdisable detect command 507
show errdisable flap-values command 509
show errdisable recovery command 511
show etherchannel command 513
show fallback profile command 516
show flowcontrol command 518
show interfaces command 520
show interfaces counters command 531
show inventory command 533
show ip arp inspection command 534
show ipc command 559
show ip dhcp snooping binding command 539
show ip dhcp snooping command 538
show ip dhcp snooping database command 541, 543
show ip igmp profile command 546
show ip igmp snooping address command 568
show ip igmp snooping command 547, 566
show ip igmp snooping groups command 550
show ip igmp snooping mrouter command 552, 570
show ip igmp snooping querier command 554, 572
show ip source binding command 556
show ipv6 access-list command 563
show ipv6 dhcp conflict command 565
show ipv6 route updated 574
show ip verify source command 557
show l2protocol-tunnel command 576
show lacp command 579
show link state group command 586
show lldp command 583
show location 584
show mac access-group command 588
show mac address-table address command 591
show mac address-table aging time command 593
show mac address-table command 589
show mac address-table count command 595
show mac address-table dynamic command 597
show mac address-table interface command 599
show mac address-table learning command 601
show mac address-table move update command 602
show mac address-table notification command 91, 604, 25
show mac address-table static command 606
show mac address-table vlan command 608
show mls qos aggregate-policer command 611
show mls qos command 610
show mls qos input-queue command 612
show mls qos interface command 614
show mls qos maps command 617
show mls qos queue-set command 620
show mls qos vlan command 622
show monitor command 623
show mvr command 625
show mvr interface command 627
show mvr members command 629
show network-policy profile command 631
show nmsp command 632
show pagp command 635
show platform acl command 2
show platform backup interface command 3
show platform configuration command 4
show platform etherchannel command 5
show platform forward command 6
show platform frontend-controller command 8
show platform igmp snooping command 9
show platform ip multicast command 11
show platform ip unicast command 12
show platform ipv6 unicast command 17
show platform ip wccp command 16
show platform layer4op command 19
show platform mac-address-table command 20
show platform messaging command 21
show platform monitor command 22
show platform mvr table command 23
show platform pm command 24
show platform port-asic command 25
show platform port-security command 30
show platform qos command 31
show platform resource-manager command 32
show platform snmp counters command 34
show platform spanning-tree command 35
show platform stp-instance command 36
show platform tcam command 37
show platform vlan command 40
show policy-map command 637
show port security command 639
show power inline command 642
show sdm prefer command 644
show setup express command 647
show spanning-tree command 648
show storm-control command 654
show system mtu command 656
show trust command 792
show udld command 657
show version command 660
show vlan access-map command 666
show vlan command 662
show vlan command, fields 664
show vlan filter command 667
show vmps command 668
show vtp command 670
shutdown command 675
shutdown threshold, Layer 2 protocol tunneling 286
shutdown vlan command 676
small violation-rate command 677
SNMP host, specifying 684
SNMP informs, enabling the sending of 679
snmp-server enable traps command 679
snmp-server host command 684
snmp trap mac-notification change command 688
SNMP traps
enabling MAC address notification trap 688
enabling the MAC address notification feature 316
enabling the sending of 679
SoftPhone
See Cisco SoftPhone
software images
deleting 114
downloading 8
upgrading 8
uploading 14
software version, displaying 660
source ports, MVR 372
SPAN
configuring 365
debug messages, display 26
displaying 623
filter SPAN traffic 365
sessions
add interfaces to 365
displaying 623
start new 365
spanning-tree backbonefast command 690
spanning-tree bpdufilter command 691
spanning-tree bpduguard command 693
spanning-tree cost command 695
spanning-tree etherchannel command 697
spanning-tree extend system-id command 699
spanning-tree guard command 700
spanning-tree link-type command 702
spanning-tree loopguard default command 704
spanning-tree mode command 705
spanning-tree mst configuration command 706
spanning-tree mst cost command 708
spanning-tree mst forward-time command 710
spanning-tree mst hello-time command 711
spanning-tree mst max-age command 712
spanning-tree mst max-hops command 713
spanning-tree mst port-priority command 715
spanning-tree mst pre-standard command 717
spanning-tree mst priority command 718
spanning-tree mst root command 719
spanning-tree portfast (global configuration) command 723
spanning-tree portfast (interface configuration) command 725
spanning-tree port-priority command 721
Spanning Tree Protocol
See STP
spanning-tree transmit hold-count command 727
spanning-tree uplinkfast command 728
spanning-tree vlan command 730
speed command 733
srr-queue bandwidth limit command 735
srr-queue bandwidth share command 739
SSH, configuring version 256
static-access ports, configuring 746
statistics, Ethernet group 433
sticky learning, enabling 764
storm-control command 741
STP
BackboneFast 690
counters, clearing 96
debug messages, display
BackboneFast events 78
MSTP 81
optimized BPDUs handling 80
spanning-tree activity 76
switch shim 83
transmitted and received BPDUs 79
UplinkFast 85
detection of indirect link failures 690
enabling protocol tunneling for 286
EtherChannel misconfiguration 697
extended system ID 699
STP (continued)
path cost 695
protocol modes 705
root port
accelerating choice of new 728
loop guard 700
preventing from becoming designated 700
restricting which can be root 700
root guard 700
UplinkFast 728
root switch
affects of extended system ID 699, 731
hello-time 730
interval between BDPU messages 730
interval between hello BPDU messages 730
max-age 730
port priority for selection of 721
primary or secondary 730
switch priority 730
state changes
blocking to forwarding state 725
enabling BPDU filtering 691, 723
enabling BPDU guard 693, 723
enabling Port Fast 723, 725
enabling timer to recover from error state 179
forward-delay time 730
length of listening and learning states 730
shutting down Port Fast-enabled ports 723
state information display 648
VLAN options 718, 730
SVIs, creating 191
SVI status calculation 748
Switched Port Analyzer
See SPAN
switching characteristics
modifying 744
returning to interfaces 744
switchport access command 746
switchport autostate exclude command 748
switchport backup interface command 750
switchport block command 754
switchport command 744
switchport host command 756
switchport mode command 757
switchport mode private-vlan command 760
switchport nonegotiate command 762
switchport port-security aging command 769
switchport port-security command 764
switchport priority extend command 771
switchport private-vlan command 773
switchport protected command 775
switchports, displaying 520
switchport trunk command 776
switchport voice vlan command 779, 780
system env temperature threshold yellow command 782
system message logging 302
system message logging, save message to flash 303
system mtu command 784
system resource templates 434
T
tar files, creating, listing, and extracting 11
TDR, running 786
Telnet, using to communicate to cluster switches 426
temperature information, displaying 505
templates, system resources 434
test cable-diagnostics tdr command 786
traceroute mac command 787
traceroute mac ip command 790
trunking, VLAN mode 757
trunk mode 757
trunk ports 757
trunks, to non-DTP device 758
trusted boundary for QoS 362
trusted port states for QoS 362
tunnel ports, Layer 2 protocol, displaying 576
type (boot loader) command 22
U
UDLD
aggressive mode 794, 796
debug messages, display 92
enable globally 794
enable per interface 796
error recovery timer 179
message timer 794
normal mode 794, 796
reset a shutdown interface 798
status 657
udld command 794
udld port command 796
udld reset command 798
unicast storm control 741
UniDirectional Link Detection
See UDLD
unknown multicast traffic, preventing 754
unknown unicast traffic, preventing 754
unset (boot loader) command 23
upgrading
software images
downloading 8
monitoring status of 452
UplinkFast, for STP 728
user EXEC mode 2
V
version (boot loader) command 25
vlan access-map command 802
VLAN access map configuration mode 802
VLAN access maps
actions 6
displaying 666
VLAN-based QoS 364
VLAN configuration mode
commands
VLAN 801
VTP 819
description 4
entering 804
summary 2
vlan dot1q tag native command 805
vlan filter command 806
VLAN filters, displaying 667
VLAN maps
applying 806
creating 802
defining 321
displaying 666
VLAN Query Protocol
See VQP
VLANs
configuring 801
debug messages, display
ISL 89
VLAN IOS file system error tests 88
VLAN manager activity 86
VTP 90
displaying configurations 662
enabling guest VLAN supplicant 133, 144, 184
MAC addresses
displaying 608
number of 595
normal-range 801
private 760
configuring 416
displaying 662
See also private VLANs
restarting 676
shutting down 676
SNMP traps for VTP 681, 685
suspending 676
VLAN Trunking Protocol
See VTP
VMPS
configuring servers 811
displaying 668
error recovery timer 180
reconfirming dynamic VLAN assignments 808
vmps reconfirm (global configuration) command 809
vmps reconfirm (privileged EXEC) command 808
vmps retry command 810
vmps server command 811
voice VLAN
configuring 779, 780
setting port priority 771
VQP
and dynamic-access ports 747
clearing client statistics 98
displaying information 668
per-server retry count 810
reconfirmation interval 809
reconfirming dynamic VLAN assignments 808
VTP
changing characteristics 813
clearing pruning counters 99
configuring
domain name 813
file name 813
mode 813
password 814
counters display fields 671
displaying information 670
enabling
pruning 814
tunneling for 286
Version 2 814
VTP (continued)
enabling per port 818
mode 813
pruning 814
statistics 670
status 670
status display fields 673
vtp (global configuration) command 813
vtp interface configuration) command 818
vtp primary command 820