Index

A

aaa accounting dot1x command 1

aaa authentication dot1x command 3

aaa authorization network command 5, 22, 28, 30, 32, 34, 36, 148, 321, 486, 7, 35

AAA methods 3

access control entries

See ACEs

access control lists

See ACLs

access groups

IP 203

MAC, displaying 601

access list, IPv6 276

access map configuration mode 337

access mode 767

access ports 767

ACEs 134, 416

ACLs

deny 132

displaying 468

for non-IP protocols 325

IP 203

matching 337

on Layer 2 interfaces 203

permit 414

action command 6

address aliasing 386

aggregate-port learner 400

allowed VLANs 787

archive download-sw command 10

archive tar command 13

archive upload-sw command 16

arp access-list command 18

authentication command bounce-port ignore 20

authentication command disable-port ignore 21

authentication control-direction command 22

authentication event command 24

authentication failed VLAN

See dot1x auth-fail vlan

authentication fallback command 28

authentication host-mode command 30

authentication mac-move permit command 32

authentication open command 34

authentication order command 36

authentication periodic command 38

authentication port-control command 40

authentication priority command 42

authentication timer command 44

authentication violation command 46

auth-fail max-attempts

See dot1x auth-fail max-attempts

auth-fail vlan

See dot1x auth-fail vlan

auth open command 34

auth order command 36

authorization state of controlled port 168

auth timer command 44

autonegotiation of duplex mode 181

auto qos classify command 48

auto qos trust command 51

auto qos video command 54

auto qos voip command 57

B

BackboneFast, for STP 698

backup interfaces

configuring 760

displaying 535

boot (boot loader) command 2

boot auto-download-sw command 63

boot config-file command 66

boot enable-break command 67

boot helper command 68

boot helper-config file command 69

booting

Cisco IOS image 72

displaying environment variables 481

interrupting 63, 67

manually 70

boot loader

accessing 1

booting

Cisco IOS image 2

helper image 68

directories

creating 14

displaying a list of 7

removing 18

displaying

available commands 12

memory heap utilization 13

version 25

environment variables

described 19

displaying settings 19

location of 20

setting 19

unsetting 23

files

copying 5

deleting 6

displaying a list of 7

displaying the contents of 4, 15, 22

renaming 16

file system

formatting 10

initializing flash 9

running a consistency check 11

prompt 1

resetting the system 17

boot manual command 70

boot private-config-file command 71

boot system command 72

BPDU filtering, for spanning tree 699, 733

BPDU guard, for spanning tree 701, 733

broadcast storm control 751

C

candidate switches

See clusters

cat (boot loader) command 4

CDP, enabling protocol tunneling for 300

channel-group command 74

channel-protocol command 77

Cisco IP camera

auto-QoS configuration 54

Cisco SoftPhone

auto-QoS configuration 57

trusting packets sent from 378

Cisco Telepresence System

auto-QoS configuration 54

CISP

See Client Information Signalling Protocol

cisp

debug platform cisp command 35

cisp enable command 78

class command 79

class-map command 82

class maps

creating 82

defining the match criteria 339

displaying 487

class of service

See CoS

clear dot1x command 85

clear eap sessions command 86

clear errdisable interface 87

clear ip arp inspection log command 84

clear ip arp inspection statistics command 88

clear ipc command 91

clear ip dhcp snooping database command 89

clear ipv6 dhcp conflict command 92

clear l2protocol-tunnel counters command 93

clear lacp command 94

clear logging smartlog statistics interface command 95

clear mac address-table command 96, 98

clear nmsp statistics command 99

clear pagp command 100

clear port-security command 101

clear psp counter 103

clear psp counter command 103

clear spanning-tree counters command 104

clear spanning-tree detected-protocols command 105

clear vmps statistics command 106

clear vtp counters command 107

Client Information Signalling Protocol 78, 148, 486, 7, 35

cluster commander-address command 108

cluster discovery hop-count command 110

cluster enable command 111

cluster holdtime command 112

cluster member command 113

cluster outside-interface command 115

cluster run command 116

clusters

adding candidates 113

binding to HSRP group 117

building manually 113

communicating with

devices outside the cluster 115

members by using Telnet 445

debug messages, display 8

displaying

candidate switches 490

debug messages 8

member switches 492

status 488

hop-count limit for extended discovery 110

HSRP standby groups 117

redundancy 117

SNMP trap 687

cluster standby-group command 117

cluster timer command 119

command modes defined 1

command switch

See clusters

configuration files

password recovery disable considerations 1

specifying the name 66, 71

configuring multiple interfaces 199

config-vlan mode

commands 811

entering 810

copy (boot loader) command 5

CoS

assigning default value to incoming packets 348

assigning to Layer 2 protocol packets 303

overriding the incoming value 348

CoS-to-DSCP map 352

CPU ASIC statistics, displaying 494

crashinfo files 192

critical VLAN 25

D

debug authentication 2

debug auto qos command 4

debug backup command 6

debug cisp command 7

debug cluster command 8

debug dot1x command 10

debug dtp command 12

debug eap command 13

debug etherchannel command 14

debug ilpower command 15

debug interface command 16

debug ip dhcp snooping command 17

debug ip igmp filter command 19

debug ip igmp max-groups command 20

debug ip igmp snooping command 21

debug ip verify source packet command 18

debug lacp command 22

debug lldp packets command 23

debug mac-notification command 25

debug matm command 26

debug matm move update command 27

debug monitor command 28

debug mvrdbg command 29

debug nmsp command 30

debug nvram command 31

debug pagp command 32

debug platform acl command 33

debug platform backup interface command 34

debug platform cisp command 35

debug platform configuration command 43

debug platform cpu-queues command 36

debug platform device-manager command 38

debug platform dot1x command 39

debug platform etherchannel command 40

debug platform fallback-bridging command 41

debug platform forw-tcam command 42

debug platform ip arp inspection command 44

debug platform ip dhcp command 45

debug platform ip igmp snooping command 46

debug platform ip multicast command 48

debug platform ip source-guard command 50

debug platform ip unicast command 51

debug platform ip wccp command 53

debug platform led command 54

debug platform matm command 55

debug platform messaging application command 56

debug platform phy command 57

debug platform pm command 59

debug platform port-asic command 61

debug platform port-security command 62

debug platform qos-acl-tcam command 63

debug platform remote-commands command 64

debug platform resource-manager command 65

debug platform snmp command 66

debug platform span command 67

debug platform supervisor-asic command 68

debug platform sw-bridge command 69

debug platform tcam command 70

debug platform udld command 72

debug platform vlan command 73

debug pm command 74

debug port-security command 76

debug qos-manager command 77

debug spanning-tree backbonefast command 80

debug spanning-tree bpdu command 81

debug spanning-tree bpdu-opt command 82

debug spanning-tree command 78

debug spanning-tree mstp command 83

debug spanning-tree switch command 85

debug spanning-tree uplinkfast command 87

debug sw-vlan command 88

debug sw-vlan ifs command 90

debug sw-vlan notification command 91

debug sw-vlan vtp command 92

debug udld command 94

debug vqpc command 96

define interface-range command 120

delete (boot loader) command 6

delete command 122

deny (ARP access-list configuration) command 125

deny (IPv6) command 127

deny command 132

detect mechanism, causes 183

DHCP snooping

accepting untrusted packets from edge switch 236

enabling

on a VLAN 242

option 82 234, 236

trust on an interface 240

error recovery timer 189

rate limiting 239

DHCP snooping binding database

binding file, configuring 232

bindings

adding 230

deleting 230

clearing database agent statistics 89

database agent, configuring 232

renewing 449

dir (boot loader) command 7

directories, deleting 122

domain name, VTP 825

dot1x auth-fail max-attempts 142

dot1x auth-fail vlan 144

dot1x command 140

dot1x control-direction command 146

dot1x credentials (global configuration) command 148

dot1x critical global configuration command 149

dot1x critical interface configuration command 151

dot1x default command 153

dot1x fallback command 154

dot1x guest-vlan command 155

dot1x host-mode command 158

dot1x initialize command 160

dot1x mac-auth-bypass command 161

dot1x max-reauth-req command 163

dot1x max-req command 165

dot1x multiple-hosts command 166

dot1x pae command 167

dot1x port-control command 168

dot1x re-authenticate command 170

dot1x re-authentication command 171

dot1x reauthentication command 172

dot1x supplicant force-multicast command 173

dot1x test eapol-capable command 174

dot1x test timeout command 175

dot1x timeout command 176

dot1x violation-mode command 179

dropping packets, with ACL matches 6

drop threshold, Layer 2 protocol tunneling 300

DSCP-to-CoS map 352

DSCP-to-DSCP-mutation map 352

DTP 768

DTP flap

error detection for 183

error recovery timer 189

DTP negotiation 772

dual-purpose uplink ports

displaying configurable options 538

selecting the type 342

duplex command 180

dynamic-access ports

configuring 756

restrictions 757

dynamic ARP inspection

ARP ACLs

apply to a VLAN 211

define 18

deny packets 125

display 472

permit packets 406

clear

log buffer 84

statistics 88

display

ARP ACLs 472

configuration and operating state 548

log buffer 548

statistics 548

trust state and rate limit 548

enable per VLAN 223

error detection for 183

error recovery timer 189

log buffer

clear 84

configure 215

display 548

rate-limit incoming ARP packets 213

statistics

clear 88

display 548

trusted interface state 219

type of packet logged 224

validation checks 221

dynamic auto VLAN membership mode 767

dynamic desirable VLAN membership mode 767

Dynamic Host Configuration Protocol (DHCP)

See DHCP snooping

Dynamic Trunking Protocol

See DTP

E

EAP-request/identity frame

maximum number to send 165

response time before retransmitting 176

encapsulation methods 787

environment variables, displaying 481

epm access-control open 182

errdisable detect cause command 183

errdisable detect cause small-frame comand 186

errdisable recovery cause small-frame 188

errdisable recovery command 189

error conditions, displaying 526

error disable detection 183

error-disabled interfaces, displaying 535

EtherChannel

assigning Ethernet interface to channel group 74

creating port-channel logical interface 197

debug EtherChannel/PAgP, display 14

debug platform-specific events, display 40

displaying 529

enabling Layer 2 protocol tunneling for

LACP 301

PAgP 301

UDLD 301

interface information, displaying 535

LACP

clearing channel-group information 94

debug messages, display 22

displaying 590

modes 74

port priority for hot-standby ports 304

restricting a protocol 77

system priority 306

load-distribution methods 424

PAgP

aggregate-port learner 400

clearing channel-group information 100

debug messages, display 32

displaying 641

error detection for 183

error recovery timer 189

learn method 400

modes 74

physical-port learner 400

priority of interface for transmitted traffic 402

Ethernet controller, internal register display 496

Ethernet statistics, collecting 451

exception crashinfo command 192

extended discovery of candidate switches 110

extended-range VLANs

and allowed VLAN list 787

and pruning-eligible list 787

configuring 810

extended system ID for STP 707

F

fallback profile command 193

fallback profiles, displaying 532

fan information, displaying 522

file name, VTP 825

files, deleting 122

flash_init (boot loader) command 9

flexible authentication ordering 36

Flex Links

configuring 760

configuring preferred VLAN 762

displaying 535

flowcontrol command 195

format (boot loader) command 10

forwarding packets, with ACL matches 6

fsck (boot loader) command 11

G

global configuration mode 2, 3

H

hardware ACL statistics 468

help (boot loader) command 12

hierarchical policy maps 422

hop-count limit for clusters 110

host connection, port configuration 766

host ports, private VLANs 770

Hot Standby Router Protocol

See HSRP

HSRP

binding HSRP group to cluster 117

standby group 117

I

IEEE 802.1Q trunk ports and native VLANs 817

IEEE 802.1Q tunnel ports

configuring 767

limitations 768

IEEE 802.1x

and switchport modes 768

violation error recovery 189

See also port-based authentication

IEEE 802.1X Port Based Authentication

enabling guest VLAN supplicant 143, 154, 194

IGMP filters

applying 246

debug messages, display 19

IGMP groups, setting maximum 247

IGMP maximum groups, debugging 20

IGMP profiles

creating 249

displaying 560

IGMP snooping

adding ports as a static member of a group 265

displaying 561

enabling 251

enabling the configurable-leave timer 253

enabling the Immediate-Leave feature 262

flooding query count 259

interface topology change notification behavior 261

querier 255

query solicitation 259

report suppression 257

switch topology change notification behavior 259

images

See software images

Immediate-Leave feature, MVR 388

immediate-leave processing 262

Immediate-Leave processing, IPv6 296

interface configuration mode 2, 4

interface port-channel command 197

interface range command 199

interface-range macros 120

interfaces

assigning Ethernet interface to channel group 74

configuring 180

configuring multiple 199

creating port-channel logical 197

debug messages, display 16

disabling 683

displaying the MAC address table 610

restarting 683

interface speed, configuring 743

interface vlan command 201

internal registers, displaying 496, 505

Internet Group Management Protocol

See IGMP

invalid GBIC

error detection for 183

error recovery timer 189

ip access-group command 203

ip address command 206

IP addresses, setting 206

IP address matching 337

ip admission command 208

ip admission name proxy http command 209

ip arp inspection filter vlan command 211

ip arp inspection limit command 213

ip arp inspection log-buffer command 215

ip arp inspection trust command 219

ip arp inspection validate command 221

ip arp inspection vlan command 223

ip arp inspection vlan logging command 224

ip device tracking command 228

ip device tracking probe command 226

IP DHCP snooping

See DHCP snooping

ip dhcp snooping binding command 230

ip dhcp snooping command 229

ip dhcp snooping database command 232

ip dhcp snooping information option allow-untrusted command 236

ip dhcp snooping information option command 234

ip dhcp snooping information option format remote-id command 238

ip dhcp snooping limit rate command 239

ip dhcp snooping trust command 240

ip dhcp snooping verify command 241

ip dhcp snooping vlan command 242

ip dhcp snooping vlan information option format-type circuit-id string command 244

ip igmp filter command 246

ip igmp max-groups command 247, 270, 272

ip igmp profile command 249

ip igmp snooping command 251

ip igmp snooping last-member-query-interval command 253

ip igmp snooping querier command 255

ip igmp snooping report-suppression command 257

ip igmp snooping tcn command 259

ip igmp snooping tcn flood command 261

ip igmp snooping vlan immediate-leave command 262

ip igmp snooping vlan mrouter command 263

ip igmp snooping vlan static command 265

IP multicast addresses 385

IP phones

auto-QoS configuration 57

trusting packets sent from 378

IP-precedence-to-DSCP map 352

ip source binding command 267

IP source guard

disabling 274

enabling 274

static IP source bindings 267

ip ssh command 269

IPv6 access list, deny conditions 127

ipv6 access-list command 276

ipv6 address dhcp command 278

ipv6 dhcp client request vendor command 279

ipv6 dhcp ping packets command 280

ipv6 dhcp pool command 281

ipv6 dhcp server command 283

ipv6 mld snooping command 285

ipv6 mld snooping last-listener-query count command 287

ipv6 mld snooping last-listener-query-interval command 289

ipv6 mld snooping listener-message-suppression command 291

ipv6 mld snooping robustness-variable command 292

ipv6 mld snooping tcn command 294

ipv6 mld snooping vlan command 296

IPv6 SDM template 452

ipv6 traffic-filter command 298

ip verify source command 274

ip verify source smartlog command 275

J

jumbo frames

See MTU

L

l2protocol-tunnel command 300

l2protocol-tunnel cos command 303

LACP

See EtherChannel

lacp port-priority command 304

lacp system-priority command 306

Layer 2 mode, enabling 754

Layer 2 protocol-tunnel

error detection for 183

error recovery timer 189

Layer 2 protocol tunnel counters 93

Layer 2 protocol tunneling error recovery 301

Layer 2 traceroute

IP addresses 801

MAC addresses 798

Layer 3 mode, enabling 754

line configuration mode 2, 4

Link Aggregation Control Protocol

See EtherChannel

link flap

error detection for 183

error recovery timer 189

link state group command 308

link state track command 310

load-distribution methods for EtherChannel 424

location (global configuration) command 311

location (interface configuration) command 313

logging event command 315

logging event power-inline-status command 316

logging file command 317

logical interface 197

loopback error

detection for 183

recovery timer 189

loop guard, for spanning tree 709, 713

M

mab request format attribute 32 command 321

mac access-group command 323

MAC access-groups, displaying 601

MAC access list configuration mode 325

mac access-list extended command 325

MAC access lists 132

MAC addresses

disabling MAC address learning per VLAN 328

displaying

dynamic 608

notification settings 613

number of addresses in a VLAN 607

per interface 610

per VLAN 617

static 615

static and dynamic entries 602

dynamic

aging time 327

deleting 96

displaying 608

enabling MAC address notification 332

enabling MAC address-table move update 330

matching 337

static

adding and removing 334

displaying 615

dropping on an interface 335

MAC address notification, debugging 25

mac address-table aging-time 323, 337

mac address-table aging-time command 327

mac address-table learning command 328

mac address-table move update command 330

mac address-table notification command 332

mac address-table static command 334

mac address-table static drop command 335

macros

interface range 120, 199

maps

QoS

defining 352

VLAN

creating 815

defining 337

displaying 673

match (access-map configuration) command 337

match (class-map configuration) command 339

maximum transmission unit

See MTU

mdix auto command 341

media-type (interface configuration) command 342

member switches

See clusters

memory (boot loader) command 13

mkdir (boot loader) command 14

MLD snooping

configuring 291, 292

configuring queries 287, 289

configuring topology change notification 294

displaying 578

enabling 285

MLD snooping on a VLAN, enabling 296

mls qos aggregate-policer command 346

mls qos command 344

mls qos cos command 348

mls qos dscp-mutation command 350

mls qos map command 352

mls qos queue-set output buffers command 356

mls qos queue-set output threshold command 358

mls qos rewrite ip dscp command 360

mls qos srr-queue input bandwidth command 362

mls qos srr-queue input buffers command 364

mls qos-srr-queue input cos-map command 366

mls qos srr-queue input dscp-map command 368

mls qos srr-queue input priority-queue command 370

mls qos srr-queue input threshold command 372

mls qos-srr-queue output cos-map command 374

mls qos srr-queue output dscp-map command 376

mls qos trust command 378

mls qos vlan-based command 380

mode, MVR 385

Mode button, and password recovery 455

modes, commands 1

monitor session command 381

more (boot loader) command 15

MSTP

displaying 655

interoperability 105

link type 711

MST region

aborting changes 716

applying changes 716

configuration name 716

configuration revision number 716

current or pending display 716

displaying 655

MST configuration mode 716

VLANs-to-instance mapping 716

path cost 718

protocol mode 714

restart protocol migration process 105

root port

loop guard 709

preventing from becoming designated 709

restricting which can be root 709

root guard 709

root switch

affects of extended system ID 707

hello-time 721, 729

interval between BDPU messages 722

interval between hello BPDU messages 721, 729

max-age 722

maximum hop count before discarding BPDU 723

port priority for selection of 725

primary or secondary 729

switch priority 728

state changes

blocking to forwarding state 735

enabling BPDU filtering 699, 733

enabling BPDU guard 701, 733

enabling Port Fast 733, 735

forward-delay time 720

length of listening and learning states 720

rapid transition to forwarding 711

shutting down Port Fast-enabled ports 733

state information display 654

MTU

configuring size 795

displaying global setting 662

Multicase Listener Discovery

See MLD

multicast group address, MVR 388

multicast groups, MVR 386

Multicast Listener Discovery

See MLD

multicast router learning method 263

multicast router ports, configuring 263

multicast router ports, IPv6 296

multicast storm control 751

multicast VLAN, MVR 385

multicast VLAN registration

See MVR

Multiple Spanning Tree Protocol

See MSTP

MVR

and address aliasing 386

configuring 385

configuring interfaces 388

debug messages, display 29

displaying 632

displaying interface information 633

members, displaying 635

mvr (global configuration) command 385

mvr (interface configuration) command 388

mvr vlan group command 389

N

native VLANs 787

native VLAN tagging 817

network-policy (global configuration) command 392

network-policy command 391

network-policy profile (network-policy configuration) command 393

nmsp attachment suppress command 396

nmsp command 395

no authentication logging verbose 397

no dot1x logging verbose 398

no mab logging verbose 399

nonegotiate, speed 743

nonegotiating DTP messaging 772

non-IP protocols

denying 132

forwarding 414

non-IP traffic access lists 325

non-IP traffic forwarding

denying 132

permitting 414

normal-range VLANs 810

no vlan command 810

O

online diagnostics

displaying

configured boot-up coverage level 509

current scheduled tasks 509

event logs 509

supported test suites 509

test ID 509

test results 509

test statistics 509

global configuration mode

clearing health monitoring diagnostic test schedule 88

clearing test-based testing schedule 137

setting health monitoring diagnostic testing 88

setting test-based testing 137

setting up health monitoring diagnostic test schedule 88

setting up test-based testing 137

health monitoring diagnostic tests, configuring 135

scheduled switchover

disabling 137

enabling 137

scheduling

enabling 137

removing 137

testing, starting 139

test interval, setting 137

P

PAgP

See EtherChannel

pagp learn-method command 400

pagp port-priority command 402

password, VTP 826

password-recovery mechanism, enabling and disabling 455

permit (ARP access-list configuration) command 406

permit (IPv6) command 408

permit (MAC access-list configuration) command 414

per-VLAN spanning-tree plus

See STP

physical-port learner 400

PIM-DVMRP, as multicast router learning method 263

PoE

configuring the power budget 428

configuring the power management mode 425

displaying controller register values 503

displaying power management information 646

logging of status 316

police aggregate command 419

police command 417

policed-DSCP map 352

policy-map command 421

policy maps

applying to an interface 457, 463

creating 421

hierarchical 422

policers

displaying 620

for a single class 417

for multiple classes 346, 419

policed-DSCP map 352

traffic classification

defining the class 79

defining trust states 803

setting DSCP or IP precedence values 461

Port Aggregation Protocol

See EtherChannel

port-based authentication

AAA method list 3

configuring violation modes 179

debug messages, display 10

enabling IEEE 802.1x

globally 140

per interface 168

guest VLAN 155

host modes 158

IEEE 802.1x AAA accounting methods 1

initialize an interface 160, 175

MAC authentication bypass 161

manual control of authorization state 168

PAE as authenticator 167

periodic re-authentication

enabling 172

time between attempts 176

quiet period between failed authentication exchanges 176

re-authenticating IEEE 802.1x-enabled ports 170

resetting configurable IEEE 802.1x parameters 153

switch-to-authentication server retransmission time 176

switch-to-client frame-retransmission number 163 to 165

switch-to-client retransmission time 176

test for IEEE 802.1x readiness 174

port-channel load-balance command 424

Port Fast, for spanning tree 735

port ranges, defining 120

ports, debugging 74

ports, protected 785

port security

aging 779

debug messages, display 76

enabling 774

violation error recovery 189

port trust states for QoS 378

port types, MVR 388

power information, displaying 522

power inline command 425

power inline consumption command 428

Power over Ethernet

See PoE

power rps command (user EXEC) 430

priority-queue command 432

private-vlan command 434

private-vlan mapping command 437

private VLANs

association 783

configuring 434

configuring ports 770

displaying 668

host ports 770

mapping

configuring 783

displaying 535

promiscuous ports 770

privileged EXEC mode 2, 3

promiscuous ports, private VLANs 770

protected ports, displaying 540

pruning

VLANs 787

VTP

displaying interface information 535

enabling 826

pruning-eligible VLAN list 789

psp 439

psp command 439

PVST+

See STP

Q

QoS

auto-QoS

configuring 57

debug messages, display 4

auto-QoS trust

configuring 51

auto-QoS video

configuring 54

class maps

creating 82

defining the match criteria 339

displaying 487

defining the CoS value for an incoming packet 348

displaying configuration information 619

DSCP transparency 360

DSCP trusted ports

applying DSCP-to-DSCP-mutation map to 350

defining DSCP-to-DSCP-mutation map 352

egress queues

allocating buffers 356

defining the CoS output queue threshold map 374

defining the DSCP output queue threshold map 376

displaying buffer allocations 622

displaying CoS output queue threshold map 625

displaying DSCP output queue threshold map 625

displaying queueing strategy 622

displaying queue-set settings 628

enabling bandwidth shaping and scheduling 747

enabling bandwidth sharing and scheduling 749

limiting the maximum output on a port 745

mapping a port to a queue-set 440

mapping CoS values to a queue and threshold 374

mapping DSCP values to a queue and threshold 376

setting maximum and reserved memory allocations 358

setting WTD thresholds 358

enabling 344

ingress queues

allocating buffers 364

assigning SRR scheduling weights 362

defining the CoS input queue threshold map 366

defining the DSCP input queue threshold map 368

displaying buffer allocations 622

displaying CoS input queue threshold map 625

displaying DSCP input queue threshold map 625

displaying queueing strategy 622

displaying settings for 621

enabling the priority queue 370

mapping CoS values to a queue and threshold 366

mapping DSCP values to a queue and threshold 368

setting WTD thresholds 372

maps

defining 352, 366, 368, 374, 376

policy maps

applying an aggregate policer 419

applying to an interface 457, 463

creating 421

defining policers 346, 417

displaying policers 620

hierarchical 422

policed-DSCP map 352

setting DSCP or IP precedence values 461

traffic classifications 79

trust states 803

port trust states 378

queues, enabling the expedite 432

statistics

in-profile and out-of-profile packets 622

packets enqueued or dropped 622

sent and received CoS values 622

sent and received DSCP values 622

trusted boundary for IP phones 378

VLAN-based 380

quality of service

See QoS

querytime, MVR 385

queue-set command 440

R

radius-server dead-criteria command 441

radius-server host command 443

rapid per-VLAN spanning-tree plus

See STP

rapid PVST+

See STP

rcommand command 445

re-authenticating IEEE 802.1x-enabled ports 170

re-authentication

periodic 172

time between attempts 176

receiver ports, MVR 388

receiving flow-control packets 195

recovery mechanism

causes 189

display 87, 483, 524, 527

timer interval 190

redundancy for cluster switches 117

redundant power supply

See RPS

remote-span command 447

Remote Switched Port Analyzer

See RSPAN

rename (boot loader) command 16

renew ip dhcp snooping database command 449

reset (boot loader) command 17

restricted VLAN

See dot1x auth-fail vlan

rmdir (boot loader) command 18

rmon collection stats command 451

root guard, for spanning tree 709

routed ports

IP addresses on 207

number supported 207

RPS 2300

configuring 430

managing 430

RSPAN

configuring 381

filter RSPAN traffic 381

remote-span command 447

S

scheduled switchover

disabling 137

enabling 137

sdm prefer command 452

SDM templates

allowed resources 453

displaying 650

dual IPv4 and IPv6 452

secure ports, limitations 776

sending flow-control packets 195

service password-recovery command 455

service-policy command 457

set (boot loader) command 19

set command 461

setup command 463

setup express command 466

show access-lists command 468

show archive status command 471

show arp access-list command 472

show authentication command 473

show auto qos command 477

show boot command 481

show cable-diagnostics tdr command 483

show cisp command 486

show class-map command 487

show cluster candidates command 490

show cluster command 488

show cluster members command 492

show controllers cpu-interface command 494

show controllers ethernet-controller command 496

show controllers power inline command 503

show controllers tcam command 505

show controller utilization command 507

show dot1q-tunnel command 512

show dot1x command 513

show dtp 517

show eap command 519

show env command 522

show errdisable detect command 524

show errdisable flap-values command 526

show errdisable recovery command 527

show etherchannel command 529

show fallback profile command 532

show flowcontrol command 533

show interfaces command 535

show interfaces counters command 545

show inventory command 547

show ip arp inspection command 548

show ipc command 572

show ip dhcp snooping binding command 553

show ip dhcp snooping command 552

show ip dhcp snooping database command 555, 557

show ip igmp profile command 560

show ip igmp snooping command 561, 578

show ip igmp snooping groups command 564

show ip igmp snooping mrouter command 566

show ip igmp snooping querier command 567

show ip source binding command 569

show ipv6 access-list command 575

show ipv6 dhcp conflict command 577

show ipv6 route updated 586

show ip verify source command 570

show l2protocol-tunnel command 588

show lacp command 590

show link state group command 594

show mac access-group command 601

show mac address-table address command 604

show mac address-table aging time command 605

show mac address-table command 602

show mac address-table count command 607

show mac address-table dynamic command 608

show mac address-table interface command 610

show mac address-table move update command 612

show mac address-table notification command 98, 613, 27

show mac address-table static command 615

show mac address-table vlan command 617

show mls qos aggregate-policer command 620

show mls qos command 619

show mls qos input-queue command 621

show mls qos interface command 622

show mls qos maps command 625

show mls qos queue-set command 628

show mls qos vlan command 629

show monitor command 630

show mvr command 632

show mvr interface command 633

show mvr members command 635

show network-policy profile command 637

show nmsp command 638

show pagp command 641

show platform acl command 2

show platform backup interface command 3

show platform configuration command 4

show platform etherchannel command 5

show platform forward command 6

show platform frontend-controller command 8

show platform igmp snooping command 9

show platform ip multicast command 10

show platform ip unicast command 11

show platform ipv6 unicast command 15

show platform ip wccp command 14

show platform layer4op command 17

show platform mac-address-table command 18

show platform messaging command 19

show platform monitor command 20

show platform mvr table command 21

show platform pm command 22

show platform port-asic command 23

show platform port-security command 27

show platform qos command 28

show platform resource-manager command 29

show platform snmp counters command 31

show platform spanning-tree command 32

show platform stp-instance command 33

show platform tcam command 34

show platform vlan command 37

show policy-map command 643

show port security command 644

show power inline command 646

show psp config 648

show psp config command 648

show psp statistics 649

show psp statistics command 649

show sdm prefer command 650

show setup express command 653

show spanning-tree command 654

show storm-control command 660

show system mtu command 662

show trust command 803

show udld command 663

show version command 666

show vlan access-map command 673

show vlan command 668

show vlan command, fields 670

show vlan filter command 674

show vmps command 675

show vtp command 677

shutdown command 683

shutdown threshold, Layer 2 protocol tunneling 300

shutdown vlan command 684

small violation-rate command 685

SNMP host, specifying 692

SNMP informs, enabling the sending of 687

snmp-server enable traps command 687

snmp-server host command 692

snmp trap mac-notification change command 696

SNMP traps

enabling MAC address notification trap 696

enabling the MAC address notification feature 332

enabling the sending of 687

SoftPhone

See Cisco SoftPhone

software images

deleting 122

downloading 10

upgrading 10

uploading 16

software version, displaying 666

source ports, MVR 388

SPAN

configuring 381

debug messages, display 28

filter SPAN traffic 381

sessions

add interfaces to 381

start new 381

spanning-tree backbonefast command 698

spanning-tree bpdufilter command 699

spanning-tree bpduguard command 701

spanning-tree cost command 703

spanning-tree etherchannel command 705

spanning-tree extend system-id command 707

spanning-tree guard command 709

spanning-tree link-type command 711

spanning-tree loopguard default command 713

spanning-tree mode command 714

spanning-tree mst configuration command 716

spanning-tree mst cost command 718

spanning-tree mst forward-time command 720

spanning-tree mst hello-time command 721

spanning-tree mst max-age command 722

spanning-tree mst max-hops command 723

spanning-tree mst port-priority command 725

spanning-tree mst pre-standard command 727

spanning-tree mst priority command 728

spanning-tree mst root command 729

spanning-tree portfast (global configuration) command 733

spanning-tree portfast (interface configuration) command 735

spanning-tree port-priority command 731

Spanning Tree Protocol

See STP

spanning-tree transmit hold-count command 737

spanning-tree uplinkfast command 738

spanning-tree vlan command 740

speed command 743

srr-queue bandwidth limit command 745

srr-queue bandwidth share command 749

SSH, configuring version 269

static-access ports, configuring 756

statistics, Ethernet group 451

sticky learning, enabling 774

storm-control command 751

STP

BackboneFast 698

counters, clearing 104

debug messages, display

BackboneFast events 80

MSTP 83

optimized BPDUs handling 82

spanning-tree activity 78

switch shim 85

transmitted and received BPDUs 81

UplinkFast 87

detection of indirect link failures 698

enabling protocol tunneling for 300

EtherChannel misconfiguration 705

extended system ID 707

path cost 703

protocol modes 714

root port

accelerating choice of new 738

loop guard 709

preventing from becoming designated 709

restricting which can be root 709

root guard 709

UplinkFast 738

root switch

affects of extended system ID 707, 741

hello-time 740

interval between BDPU messages 740

interval between hello BPDU messages 740

max-age 740

port priority for selection of 731

primary or secondary 740

switch priority 740

state changes

blocking to forwarding state 735

enabling BPDU filtering 699, 733

enabling BPDU guard 701, 733

enabling Port Fast 733, 735

enabling timer to recover from error state 189

forward-delay time 740

length of listening and learning states 740

shutting down Port Fast-enabled ports 733

state information display 654

VLAN options 728, 740

SVIs, creating 201

SVI status calculation 758

Switched Port Analyzer

See SPAN

switching characteristics

modifying 754

returning to interfaces 754

switchport access command 756

switchport autostate exclude command 758

switchport backup interface command 760

switchport block command 764

switchport command 754

switchport host command 766

switchport mode command 767

switchport mode private-vlan command 770

switchport nonegotiate command 772

switchport port-security aging command 779

switchport port-security command 774

switchport priority extend command 781

switchport private-vlan command 783

switchport protected command 785

switchports, displaying 535

switchport trunk command 787

switchport voice vlan command 790, 791

system env temperature threshold yellow command 793

system message logging 316

system message logging, save message to flash 317

system mtu command 795

system resource templates 452

T

tar files, creating, listing, and extracting 13

TDR, running 797

Telnet, using to communicate to cluster switches 445

temperature information, displaying 522

templates, system resources 452

test cable-diagnostics tdr command 797

traceroute mac command 798

traceroute mac ip command 801

trunking, VLAN mode 767

trunk mode 767

trunk ports 767

trunks, to non-DTP device 768

trusted boundary for QoS 378

trusted port states for QoS 378

tunnel ports, Layer 2 protocol, displaying 588

type (boot loader) command 22

U

UDLD

aggressive mode 805, 807

debug messages, display 94

enable globally 805

enable per interface 807

error recovery timer 189

message timer 805

normal mode 805, 807

reset a shutdown interface 809

status 663

udld command 805

udld port command 807

udld reset command 809

unicast storm control 751

UniDirectional Link Detection

See UDLD

unknown multicast traffic, preventing 764

unknown unicast traffic, preventing 764

unset (boot loader) command 23

upgrading

software images

downloading 10

monitoring status of 471

UplinkFast, for STP 738

user EXEC mode 2

V

version (boot loader) command 25

vlan (global configuration) command 810

vlan access-map command 815

VLAN access map configuration mode 815

VLAN access maps

actions 6

displaying 673

VLAN-based QoS 380

VLAN configuration

rules 813

saving 810

VLAN configuration mode

description 4

summary 2

vlan dot1q tag native command 817

vlan filter command 818

VLAN filters, displaying 674

VLAN ID range 810

VLAN maps

applying 818

creating 815

defining 337

displaying 673

VLAN Query Protocol

See VQP

VLANs

adding 810

configuring 810

debug messages, display

ISL 91

VLAN IOS file system error tests 90

VLAN manager activity 88

VTP 92

displaying configurations 668

enabling guest VLAN supplicant 143, 154, 194

extended-range 810

MAC addresses

displaying 617

number of 607

media types 813

normal-range 810

private 770

configuring 434

displaying 668

See also private VLANs

restarting 684

saving the configuration 810

shutting down 684

SNMP traps for VTP 689, 693

suspending 684

VLAN Trunking Protocol

See VTP

VMPS

configuring servers 823

displaying 675

error recovery timer 190

reconfirming dynamic VLAN assignments 820

vmps reconfirm (global configuration) command 821

vmps reconfirm (privileged EXEC) command 820

vmps retry command 822

vmps server command 823

voice VLAN

configuring 790, 791

setting port priority 781

VQP

and dynamic-access ports 757

clearing client statistics 106

displaying information 675

per-server retry count 822

reconfirmation interval 821

reconfirming dynamic VLAN assignments 820

VTP

changing characteristics 825

clearing pruning counters 107

configuring

domain name 825

file name 825

mode 825

password 826

counters display fields 678

displaying information 677

enabling

pruning 826

tunneling for 300

Version 2 826

enabling per port 830

mode 825

pruning 826

saving the configuration 810

statistics 677

status 677

status display fields 680

vtp (global configuration) command 825

vtp interface configuration) command 830

vtp primary command 831

Index

A

aaa accounting dot1x command 1

aaa authentication dot1x command 3

aaa authorization network command 5, 22, 28, 30, 32, 34, 36, 148, 321, 486, 7, 35

AAA methods 3

access control entries

See ACEs

access control lists

See ACLs

access groups

IP 203

MAC, displaying 601

access list, IPv6 276

access map configuration mode 337

access mode 767

access ports 767

ACEs 134, 416

ACLs

deny 132

displaying 468

for non-IP protocols 325

IP 203

matching 337

on Layer 2 interfaces 203

permit 414

action command 6

address aliasing 386

aggregate-port learner 400

allowed VLANs 787

archive download-sw command 10

archive tar command 13

archive upload-sw command 16

arp access-list command 18

authentication command bounce-port ignore 20

authentication command disable-port ignore 21

authentication control-direction command 22

authentication event command 24

authentication failed VLAN

See dot1x auth-fail vlan

authentication fallback command 28

authentication host-mode command 30

authentication mac-move permit command 32

authentication open command 34

authentication order command 36

authentication periodic command 38

authentication port-control command 40

authentication priority command 42

authentication timer command 44

authentication violation command 46

auth-fail max-attempts

See dot1x auth-fail max-attempts

auth-fail vlan

See dot1x auth-fail vlan

auth open command 34

auth order command 36

authorization state of controlled port 168

auth timer command 44

autonegotiation of duplex mode 181

auto qos classify command 48

auto qos trust command 51

auto qos video command 54

auto qos voip command 57

B

BackboneFast, for STP 698

backup interfaces

configuring 760

displaying 535

boot (boot loader) command 2

boot auto-download-sw command 63

boot config-file command 66

boot enable-break command 67

boot helper command 68

boot helper-config file command 69

booting

Cisco IOS image 72

displaying environment variables 481

interrupting 63, 67

manually 70

boot loader

accessing 1

booting

Cisco IOS image 2

helper image 68

directories

creating 14

displaying a list of 7

removing 18

displaying

available commands 12

memory heap utilization 13

version 25

environment variables

described 19

displaying settings 19

location of 20

setting 19

unsetting 23

files

copying 5

deleting 6

displaying a list of 7

displaying the contents of 4, 15, 22

renaming 16

file system

formatting 10

initializing flash 9

running a consistency check 11

prompt 1

resetting the system 17

boot manual command 70

boot private-config-file command 71

boot system command 72

BPDU filtering, for spanning tree 699, 733

BPDU guard, for spanning tree 701, 733

broadcast storm control 751

C

candidate switches

See clusters

cat (boot loader) command 4

CDP, enabling protocol tunneling for 300

channel-group command 74

channel-protocol command 77

Cisco IP camera

auto-QoS configuration 54

Cisco SoftPhone

auto-QoS configuration 57

trusting packets sent from 378

Cisco Telepresence System

auto-QoS configuration 54

CISP

See Client Information Signalling Protocol

cisp

debug platform cisp command 35

cisp enable command 78

class command 79

class-map command 82

class maps

creating 82

defining the match criteria 339

displaying 487

class of service

See CoS

clear dot1x command 85

clear eap sessions command 86

clear errdisable interface 87

clear ip arp inspection log command 84

clear ip arp inspection statistics command 88

clear ipc command 91

clear ip dhcp snooping database command 89

clear ipv6 dhcp conflict command 92

clear l2protocol-tunnel counters command 93

clear lacp command 94

clear logging smartlog statistics interface command 95

clear mac address-table command 96, 98

clear nmsp statistics command 99

clear pagp command 100

clear port-security command 101

clear psp counter 103

clear psp counter command 103

clear spanning-tree counters command 104

clear spanning-tree detected-protocols command 105

clear vmps statistics command 106

clear vtp counters command 107

Client Information Signalling Protocol 78, 148, 486, 7, 35

cluster commander-address command 108

cluster discovery hop-count command 110

cluster enable command 111

cluster holdtime command 112

cluster member command 113

cluster outside-interface command 115

cluster run command 116

clusters

adding candidates 113

binding to HSRP group 117

building manually 113

communicating with

devices outside the cluster 115

members by using Telnet 445

debug messages, display 8

displaying

candidate switches 490

debug messages 8

member switches 492

status 488

hop-count limit for extended discovery 110

HSRP standby groups 117

redundancy 117

SNMP trap 687

cluster standby-group command 117

cluster timer command 119

command modes defined 1

command switch

See clusters

configuration files

password recovery disable considerations 1

specifying the name 66, 71

configuring multiple interfaces 199

config-vlan mode

commands 811

entering 810

copy (boot loader) command 5

CoS

assigning default value to incoming packets 348

assigning to Layer 2 protocol packets 303

overriding the incoming value 348

CoS-to-DSCP map 352

CPU ASIC statistics, displaying 494

crashinfo files 192

critical VLAN 25

D

debug authentication 2

debug auto qos command 4

debug backup command 6

debug cisp command 7

debug cluster command 8

debug dot1x command 10

debug dtp command 12

debug eap command 13

debug etherchannel command 14

debug ilpower command 15

debug interface command 16

debug ip dhcp snooping command 17

debug ip igmp filter command 19

debug ip igmp max-groups command 20

debug ip igmp snooping command 21

debug ip verify source packet command 18

debug lacp command 22

debug lldp packets command 23

debug mac-notification command 25

debug matm command 26

debug matm move update command 27

debug monitor command 28

debug mvrdbg command 29

debug nmsp command 30

debug nvram command 31

debug pagp command 32

debug platform acl command 33

debug platform backup interface command 34

debug platform cisp command 35

debug platform configuration command 43

debug platform cpu-queues command 36

debug platform device-manager command 38

debug platform dot1x command 39

debug platform etherchannel command 40

debug platform fallback-bridging command 41

debug platform forw-tcam command 42

debug platform ip arp inspection command 44

debug platform ip dhcp command 45

debug platform ip igmp snooping command 46

debug platform ip multicast command 48

debug platform ip source-guard command 50

debug platform ip unicast command 51

debug platform ip wccp command 53

debug platform led command 54

debug platform matm command 55

debug platform messaging application command 56

debug platform phy command 57

debug platform pm command 59

debug platform port-asic command 61

debug platform port-security command 62

debug platform qos-acl-tcam command 63

debug platform remote-commands command 64

debug platform resource-manager command 65

debug platform snmp command 66

debug platform span command 67

debug platform supervisor-asic command 68

debug platform sw-bridge command 69

debug platform tcam command 70

debug platform udld command 72

debug platform vlan command 73

debug pm command 74

debug port-security command 76

debug qos-manager command 77

debug spanning-tree backbonefast command 80

debug spanning-tree bpdu command 81

debug spanning-tree bpdu-opt command 82

debug spanning-tree command 78

debug spanning-tree mstp command 83

debug spanning-tree switch command 85

debug spanning-tree uplinkfast command 87

debug sw-vlan command 88

debug sw-vlan ifs command 90

debug sw-vlan notification command 91

debug sw-vlan vtp command 92

debug udld command 94

debug vqpc command 96

define interface-range command 120

delete (boot loader) command 6

delete command 122

deny (ARP access-list configuration) command 125

deny (IPv6) command 127

deny command 132

detect mechanism, causes 183

DHCP snooping

accepting untrusted packets from edge switch 236

enabling

on a VLAN 242

option 82 234, 236

trust on an interface 240

error recovery timer 189

rate limiting 239

DHCP snooping binding database

binding file, configuring 232

bindings

adding 230

deleting 230

clearing database agent statistics 89

database agent, configuring 232

renewing 449

dir (boot loader) command 7

directories, deleting 122

domain name, VTP 825

dot1x auth-fail max-attempts 142

dot1x auth-fail vlan 144

dot1x command 140

dot1x control-direction command 146

dot1x credentials (global configuration) command 148

dot1x critical global configuration command 149

dot1x critical interface configuration command 151

dot1x default command 153

dot1x fallback command 154

dot1x guest-vlan command 155

dot1x host-mode command 158

dot1x initialize command 160

dot1x mac-auth-bypass command 161

dot1x max-reauth-req command 163

dot1x max-req command 165

dot1x multiple-hosts command 166

dot1x pae command 167

dot1x port-control command 168

dot1x re-authenticate command 170

dot1x re-authentication command 171

dot1x reauthentication command 172

dot1x supplicant force-multicast command 173

dot1x test eapol-capable command 174

dot1x test timeout command 175

dot1x timeout command 176

dot1x violation-mode command 179

dropping packets, with ACL matches 6

drop threshold, Layer 2 protocol tunneling 300

DSCP-to-CoS map 352

DSCP-to-DSCP-mutation map 352

DTP 768

DTP flap

error detection for 183

error recovery timer 189

DTP negotiation 772

dual-purpose uplink ports

displaying configurable options 538

selecting the type 342

duplex command 180

dynamic-access ports

configuring 756

restrictions 757

dynamic ARP inspection

ARP ACLs

apply to a VLAN 211

define 18

deny packets 125

display 472

permit packets 406

clear

log buffer 84

statistics 88

display

ARP ACLs 472

configuration and operating state 548

log buffer 548

statistics 548

trust state and rate limit 548

enable per VLAN 223

error detection for 183

error recovery timer 189

log buffer

clear 84

configure 215

display 548

rate-limit incoming ARP packets 213

statistics

clear 88

display 548

trusted interface state 219

type of packet logged 224

validation checks 221

dynamic auto VLAN membership mode 767

dynamic desirable VLAN membership mode 767

Dynamic Host Configuration Protocol (DHCP)

See DHCP snooping

Dynamic Trunking Protocol

See DTP

E

EAP-request/identity frame

maximum number to send 165

response time before retransmitting 176

encapsulation methods 787

environment variables, displaying 481

epm access-control open 182

errdisable detect cause command 183

errdisable detect cause small-frame comand 186

errdisable recovery cause small-frame 188

errdisable recovery command 189

error conditions, displaying 526

error disable detection 183

error-disabled interfaces, displaying 535

EtherChannel

assigning Ethernet interface to channel group 74

creating port-channel logical interface 197

debug EtherChannel/PAgP, display 14

debug platform-specific events, display 40

displaying 529

enabling Layer 2 protocol tunneling for

LACP 301

PAgP 301

UDLD 301

interface information, displaying 535

LACP

clearing channel-group information 94

debug messages, display 22

displaying 590

modes 74

port priority for hot-standby ports 304

restricting a protocol 77

system priority 306

load-distribution methods 424

PAgP

aggregate-port learner 400

clearing channel-group information 100

debug messages, display 32

displaying 641

error detection for 183

error recovery timer 189

learn method 400

modes 74

physical-port learner 400

priority of interface for transmitted traffic 402

Ethernet controller, internal register display 496

Ethernet statistics, collecting 451

exception crashinfo command 192

extended discovery of candidate switches 110

extended-range VLANs

and allowed VLAN list 787

and pruning-eligible list 787

configuring 810

extended system ID for STP 707

F

fallback profile command 193

fallback profiles, displaying 532

fan information, displaying 522

file name, VTP 825

files, deleting 122

flash_init (boot loader) command 9

flexible authentication ordering 36

Flex Links

configuring 760

configuring preferred VLAN 762

displaying 535

flowcontrol command 195

format (boot loader) command 10

forwarding packets, with ACL matches 6

fsck (boot loader) command 11

G

global configuration mode 2, 3

H

hardware ACL statistics 468

help (boot loader) command 12

hierarchical policy maps 422

hop-count limit for clusters 110

host connection, port configuration 766

host ports, private VLANs 770

Hot Standby Router Protocol

See HSRP

HSRP

binding HSRP group to cluster 117

standby group 117

I

IEEE 802.1Q trunk ports and native VLANs 817

IEEE 802.1Q tunnel ports

configuring 767

limitations 768

IEEE 802.1x

and switchport modes 768

violation error recovery 189

See also port-based authentication

IEEE 802.1X Port Based Authentication

enabling guest VLAN supplicant 143, 154, 194

IGMP filters

applying 246

debug messages, display 19

IGMP groups, setting maximum 247

IGMP maximum groups, debugging 20

IGMP profiles

creating 249

displaying 560

IGMP snooping

adding ports as a static member of a group 265

displaying 561

enabling 251

enabling the configurable-leave timer 253

enabling the Immediate-Leave feature 262

flooding query count 259

interface topology change notification behavior 261

querier 255

query solicitation 259

report suppression 257

switch topology change notification behavior 259

images

See software images

Immediate-Leave feature, MVR 388

immediate-leave processing 262

Immediate-Leave processing, IPv6 296

interface configuration mode 2, 4

interface port-channel command 197

interface range command 199

interface-range macros 120

interfaces

assigning Ethernet interface to channel group 74

configuring 180

configuring multiple 199

creating port-channel logical 197

debug messages, display 16

disabling 683

displaying the MAC address table 610

restarting 683

interface speed, configuring 743

interface vlan command 201

internal registers, displaying 496, 505

Internet Group Management Protocol

See IGMP

invalid GBIC

error detection for 183

error recovery timer 189

ip access-group command 203

ip address command 206

IP addresses, setting 206

IP address matching 337

ip admission command 208

ip admission name proxy http command 209

ip arp inspection filter vlan command 211

ip arp inspection limit command 213

ip arp inspection log-buffer command 215

ip arp inspection trust command 219

ip arp inspection validate command 221

ip arp inspection vlan command 223

ip arp inspection vlan logging command 224

ip device tracking command 228

ip device tracking probe command 226

IP DHCP snooping

See DHCP snooping

ip dhcp snooping binding command 230

ip dhcp snooping command 229

ip dhcp snooping database command 232

ip dhcp snooping information option allow-untrusted command 236

ip dhcp snooping information option command 234

ip dhcp snooping information option format remote-id command 238

ip dhcp snooping limit rate command 239

ip dhcp snooping trust command 240

ip dhcp snooping verify command 241

ip dhcp snooping vlan command 242

ip dhcp snooping vlan information option format-type circuit-id string command 244

ip igmp filter command 246

ip igmp max-groups command 247, 270, 272

ip igmp profile command 249

ip igmp snooping command 251

ip igmp snooping last-member-query-interval command 253

ip igmp snooping querier command 255

ip igmp snooping report-suppression command 257

ip igmp snooping tcn command 259

ip igmp snooping tcn flood command 261

ip igmp snooping vlan immediate-leave command 262

ip igmp snooping vlan mrouter command 263

ip igmp snooping vlan static command 265

IP multicast addresses 385

IP phones

auto-QoS configuration 57

trusting packets sent from 378

IP-precedence-to-DSCP map 352

ip source binding command 267

IP source guard

disabling 274

enabling 274

static IP source bindings 267

ip ssh command 269

IPv6 access list, deny conditions 127

ipv6 access-list command 276

ipv6 address dhcp command 278

ipv6 dhcp client request vendor command 279

ipv6 dhcp ping packets command 280

ipv6 dhcp pool command 281

ipv6 dhcp server command 283

ipv6 mld snooping command 285

ipv6 mld snooping last-listener-query count command 287

ipv6 mld snooping last-listener-query-interval command 289

ipv6 mld snooping listener-message-suppression command 291

ipv6 mld snooping robustness-variable command 292

ipv6 mld snooping tcn command 294

ipv6 mld snooping vlan command 296

IPv6 SDM template 452

ipv6 traffic-filter command 298

ip verify source command 274

ip verify source smartlog command 275

J

jumbo frames

See MTU

L

l2protocol-tunnel command 300

l2protocol-tunnel cos command 303

LACP

See EtherChannel

lacp port-priority command 304

lacp system-priority command 306

Layer 2 mode, enabling 754

Layer 2 protocol-tunnel

error detection for 183

error recovery timer 189

Layer 2 protocol tunnel counters 93

Layer 2 protocol tunneling error recovery 301

Layer 2 traceroute

IP addresses 801

MAC addresses 798

Layer 3 mode, enabling 754

line configuration mode 2, 4

Link Aggregation Control Protocol

See EtherChannel

link flap

error detection for 183

error recovery timer 189

link state group command 308

link state track command 310

load-distribution methods for EtherChannel 424

location (global configuration) command 311

location (interface configuration) command 313

logging event command 315

logging event power-inline-status command 316

logging file command 317

logical interface 197

loopback error

detection for 183

recovery timer 189

loop guard, for spanning tree 709, 713

M

mab request format attribute 32 command 321

mac access-group command 323

MAC access-groups, displaying 601

MAC access list configuration mode 325

mac access-list extended command 325

MAC access lists 132

MAC addresses

disabling MAC address learning per VLAN 328

displaying

dynamic 608

notification settings 613

number of addresses in a VLAN 607

per interface 610

per VLAN 617

static 615

static and dynamic entries 602

dynamic

aging time 327

deleting 96

displaying 608

enabling MAC address notification 332

enabling MAC address-table move update 330

matching 337

static

adding and removing 334

displaying 615

dropping on an interface 335

MAC address notification, debugging 25

mac address-table aging-time 323, 337

mac address-table aging-time command 327

mac address-table learning command 328

mac address-table move update command 330

mac address-table notification command 332

mac address-table static command 334

mac address-table static drop command 335

macros

interface range 120, 199

maps

QoS

defining 352

VLAN

creating 815

defining 337

displaying 673

match (access-map configuration) command 337

match (class-map configuration) command 339

maximum transmission unit

See MTU

mdix auto command 341

media-type (interface configuration) command 342

member switches

See clusters

memory (boot loader) command 13

mkdir (boot loader) command 14

MLD snooping

configuring 291, 292

configuring queries 287, 289

configuring topology change notification 294

displaying 578

enabling 285

MLD snooping on a VLAN, enabling 296

mls qos aggregate-policer command 346

mls qos command 344

mls qos cos command 348

mls qos dscp-mutation command 350

mls qos map command 352

mls qos queue-set output buffers command 356

mls qos queue-set output threshold command 358

mls qos rewrite ip dscp command 360

mls qos srr-queue input bandwidth command 362

mls qos srr-queue input buffers command 364

mls qos-srr-queue input cos-map command 366

mls qos srr-queue input dscp-map command 368

mls qos srr-queue input priority-queue command 370

mls qos srr-queue input threshold command 372

mls qos-srr-queue output cos-map command 374

mls qos srr-queue output dscp-map command 376

mls qos trust command 378

mls qos vlan-based command 380

mode, MVR 385

Mode button, and password recovery 455

modes, commands 1

monitor session command 381

more (boot loader) command 15

MSTP

displaying 655

interoperability 105

link type 711

MST region

aborting changes 716

applying changes 716

configuration name 716

configuration revision number 716

current or pending display 716

displaying 655

MST configuration mode 716

VLANs-to-instance mapping 716

path cost 718

protocol mode 714

restart protocol migration process 105

root port

loop guard 709

preventing from becoming designated 709

restricting which can be root 709

root guard 709

root switch

affects of extended system ID 707

hello-time 721, 729

interval between BDPU messages 722

interval between hello BPDU messages 721, 729

max-age 722

maximum hop count before discarding BPDU 723

port priority for selection of 725

primary or secondary 729

switch priority 728

state changes

blocking to forwarding state 735

enabling BPDU filtering 699, 733

enabling BPDU guard 701, 733

enabling Port Fast 733, 735

forward-delay time 720

length of listening and learning states 720

rapid transition to forwarding 711

shutting down Port Fast-enabled ports 733

state information display 654

MTU

configuring size 795

displaying global setting 662

Multicase Listener Discovery

See MLD

multicast group address, MVR 388

multicast groups, MVR 386

Multicast Listener Discovery

See MLD

multicast router learning method 263

multicast router ports, configuring 263

multicast router ports, IPv6 296

multicast storm control 751

multicast VLAN, MVR 385

multicast VLAN registration

See MVR

Multiple Spanning Tree Protocol

See MSTP

MVR

and address aliasing 386

configuring 385

configuring interfaces 388

debug messages, display 29

displaying 632

displaying interface information 633

members, displaying 635

mvr (global configuration) command 385

mvr (interface configuration) command 388

mvr vlan group command 389

N

native VLANs 787

native VLAN tagging 817

network-policy (global configuration) command 392

network-policy command 391

network-policy profile (network-policy configuration) command 393

nmsp attachment suppress command 396

nmsp command 395

no authentication logging verbose 397

no dot1x logging verbose 398

no mab logging verbose 399

nonegotiate, speed 743

nonegotiating DTP messaging 772

non-IP protocols

denying 132

forwarding 414

non-IP traffic access lists 325

non-IP traffic forwarding

denying 132

permitting 414

normal-range VLANs 810

no vlan command 810

O

online diagnostics

displaying

configured boot-up coverage level 509

current scheduled tasks 509

event logs 509

supported test suites 509

test ID 509

test results 509

test statistics 509

global configuration mode

clearing health monitoring diagnostic test schedule 88

clearing test-based testing schedule 137

setting health monitoring diagnostic testing 88

setting test-based testing 137

setting up health monitoring diagnostic test schedule 88

setting up test-based testing 137

health monitoring diagnostic tests, configuring 135

scheduled switchover

disabling 137

enabling 137

scheduling

enabling 137

removing 137

testing, starting 139

test interval, setting 137

P

PAgP

See EtherChannel

pagp learn-method command 400

pagp port-priority command 402

password, VTP 826

password-recovery mechanism, enabling and disabling 455

permit (ARP access-list configuration) command 406

permit (IPv6) command 408

permit (MAC access-list configuration) command 414

per-VLAN spanning-tree plus

See STP

physical-port learner 400

PIM-DVMRP, as multicast router learning method 263

PoE

configuring the power budget 428

configuring the power management mode 425

displaying controller register values 503

displaying power management information 646

logging of status 316

police aggregate command 419

police command 417

policed-DSCP map 352

policy-map command 421

policy maps

applying to an interface 457, 463

creating 421

hierarchical 422

policers

displaying 620

for a single class 417

for multiple classes 346, 419

policed-DSCP map 352

traffic classification

defining the class 79

defining trust states 803

setting DSCP or IP precedence values 461

Port Aggregation Protocol

See EtherChannel

port-based authentication

AAA method list 3

configuring violation modes 179

debug messages, display 10

enabling IEEE 802.1x

globally 140

per interface 168

guest VLAN 155

host modes 158

IEEE 802.1x AAA accounting methods 1

initialize an interface 160, 175

MAC authentication bypass 161

manual control of authorization state 168

PAE as authenticator 167

periodic re-authentication

enabling 172

time between attempts 176

quiet period between failed authentication exchanges 176

re-authenticating IEEE 802.1x-enabled ports 170

resetting configurable IEEE 802.1x parameters 153

switch-to-authentication server retransmission time 176

switch-to-client frame-retransmission number 163 to 165

switch-to-client retransmission time 176

test for IEEE 802.1x readiness 174

port-channel load-balance command 424

Port Fast, for spanning tree 735

port ranges, defining 120

ports, debugging 74

ports, protected 785

port security

aging 779

debug messages, display 76

enabling 774

violation error recovery 189

port trust states for QoS 378

port types, MVR 388

power information, displaying 522

power inline command 425

power inline consumption command 428

Power over Ethernet

See PoE

power rps command (user EXEC) 430

priority-queue command 432

private-vlan command 434

private-vlan mapping command 437

private VLANs

association 783

configuring 434

configuring ports 770

displaying 668

host ports 770

mapping

configuring 783

displaying 535

promiscuous ports 770

privileged EXEC mode 2, 3

promiscuous ports, private VLANs 770

protected ports, displaying 540

pruning

VLANs 787

VTP

displaying interface information 535

enabling 826

pruning-eligible VLAN list 789

psp 439

psp command 439

PVST+

See STP

Q

QoS

auto-QoS

configuring 57

debug messages, display 4

auto-QoS trust

configuring 51

auto-QoS video

configuring 54

class maps

creating 82

defining the match criteria 339

displaying 487

defining the CoS value for an incoming packet 348

displaying configuration information 619

DSCP transparency 360

DSCP trusted ports

applying DSCP-to-DSCP-mutation map to 350

defining DSCP-to-DSCP-mutation map 352

egress queues

allocating buffers 356

defining the CoS output queue threshold map 374

defining the DSCP output queue threshold map 376

displaying buffer allocations 622

displaying CoS output queue threshold map 625

displaying DSCP output queue threshold map 625

displaying queueing strategy 622

displaying queue-set settings 628

enabling bandwidth shaping and scheduling 747

enabling bandwidth sharing and scheduling 749

limiting the maximum output on a port 745

mapping a port to a queue-set 440

mapping CoS values to a queue and threshold 374

mapping DSCP values to a queue and threshold 376

setting maximum and reserved memory allocations 358

setting WTD thresholds 358

enabling 344

ingress queues

allocating buffers 364

assigning SRR scheduling weights 362

defining the CoS input queue threshold map 366

defining the DSCP input queue threshold map 368

displaying buffer allocations 622

displaying CoS input queue threshold map 625

displaying DSCP input queue threshold map 625

displaying queueing strategy 622

displaying settings for 621

enabling the priority queue 370

mapping CoS values to a queue and threshold 366

mapping DSCP values to a queue and threshold 368

setting WTD thresholds 372

maps

defining 352, 366, 368, 374, 376

policy maps

applying an aggregate policer 419

applying to an interface 457, 463

creating 421

defining policers 346, 417

displaying policers 620

hierarchical 422

policed-DSCP map 352

setting DSCP or IP precedence values 461

traffic classifications 79

trust states 803

port trust states 378

queues, enabling the expedite 432

statistics

in-profile and out-of-profile packets 622

packets enqueued or dropped 622

sent and received CoS values 622

sent and received DSCP values 622

trusted boundary for IP phones 378

VLAN-based 380

quality of service

See QoS

querytime, MVR 385

queue-set command 440

R

radius-server dead-criteria command 441

radius-server host command 443

rapid per-VLAN spanning-tree plus

See STP

rapid PVST+

See STP

rcommand command 445

re-authenticating IEEE 802.1x-enabled ports 170

re-authentication

periodic 172

time between attempts 176

receiver ports, MVR 388

receiving flow-control packets 195

recovery mechanism

causes 189

display 87, 483, 524, 527

timer interval 190

redundancy for cluster switches 117

redundant power supply

See RPS

remote-span command 447

Remote Switched Port Analyzer

See RSPAN

rename (boot loader) command 16

renew ip dhcp snooping database command 449

reset (boot loader) command 17

restricted VLAN

See dot1x auth-fail vlan

rmdir (boot loader) command 18

rmon collection stats command 451

root guard, for spanning tree 709

routed ports

IP addresses on 207

number supported 207

RPS 2300

configuring 430

managing 430

RSPAN

configuring 381

filter RSPAN traffic 381

remote-span command 447

S

scheduled switchover

disabling 137

enabling 137

sdm prefer command 452

SDM templates

allowed resources 453

displaying 650

dual IPv4 and IPv6 452

secure ports, limitations 776

sending flow-control packets 195

service password-recovery command 455

service-policy command 457

set (boot loader) command 19

set command 461

setup command 463

setup express command 466

show access-lists command 468

show archive status command 471

show arp access-list command 472

show authentication command 473

show auto qos command 477

show boot command 481

show cable-diagnostics tdr command 483

show cisp command 486

show class-map command 487

show cluster candidates command 490

show cluster command 488

show cluster members command 492

show controllers cpu-interface command 494

show controllers ethernet-controller command 496

show controllers power inline command 503

show controllers tcam command 505

show controller utilization command 507

show dot1q-tunnel command 512

show dot1x command 513

show dtp 517

show eap command 519

show env command 522

show errdisable detect command 524

show errdisable flap-values command 526

show errdisable recovery command 527

show etherchannel command 529

show fallback profile command 532

show flowcontrol command 533

show interfaces command 535

show interfaces counters command 545

show inventory command 547

show ip arp inspection command 548

show ipc command 572

show ip dhcp snooping binding command 553

show ip dhcp snooping command 552

show ip dhcp snooping database command 555, 557

show ip igmp profile command 560

show ip igmp snooping command 561, 578

show ip igmp snooping groups command 564

show ip igmp snooping mrouter command 566

show ip igmp snooping querier command 567

show ip source binding command 569

show ipv6 access-list command 575

show ipv6 dhcp conflict command 577

show ipv6 route updated 586

show ip verify source command 570

show l2protocol-tunnel command 588

show lacp command 590

show link state group command 594

show mac access-group command 601

show mac address-table address command 604

show mac address-table aging time command 605

show mac address-table command 602

show mac address-table count command 607

show mac address-table dynamic command 608

show mac address-table interface command 610

show mac address-table move update command 612

show mac address-table notification command 98, 613, 27

show mac address-table static command 615

show mac address-table vlan command 617

show mls qos aggregate-policer command 620

show mls qos command 619

show mls qos input-queue command 621

show mls qos interface command 622

show mls qos maps command 625

show mls qos queue-set command 628

show mls qos vlan command 629

show monitor command 630

show mvr command 632

show mvr interface command 633

show mvr members command 635

show network-policy profile command 637

show nmsp command 638

show pagp command 641

show platform acl command 2

show platform backup interface command 3

show platform configuration command 4

show platform etherchannel command 5

show platform forward command 6

show platform frontend-controller command 8

show platform igmp snooping command 9

show platform ip multicast command 10

show platform ip unicast command 11

show platform ipv6 unicast command 15

show platform ip wccp command 14

show platform layer4op command 17

show platform mac-address-table command 18

show platform messaging command 19

show platform monitor command 20

show platform mvr table command 21

show platform pm command 22

show platform port-asic command 23

show platform port-security command 27

show platform qos command 28

show platform resource-manager command 29

show platform snmp counters command 31

show platform spanning-tree command 32

show platform stp-instance command 33

show platform tcam command 34

show platform vlan command 37

show policy-map command 643

show port security command 644

show power inline command 646

show psp config 648

show psp config command 648

show psp statistics 649

show psp statistics command 649

show sdm prefer command 650

show setup express command 653

show spanning-tree command 654

show storm-control command 660

show system mtu command 662

show trust command 803

show udld command 663

show version command 666

show vlan access-map command 673

show vlan command 668

show vlan command, fields 670

show vlan filter command 674

show vmps command 675

show vtp command 677

shutdown command 683

shutdown threshold, Layer 2 protocol tunneling 300

shutdown vlan command 684

small violation-rate command 685

SNMP host, specifying 692

SNMP informs, enabling the sending of 687

snmp-server enable traps command 687

snmp-server host command 692

snmp trap mac-notification change command 696

SNMP traps

enabling MAC address notification trap 696

enabling the MAC address notification feature 332

enabling the sending of 687

SoftPhone

See Cisco SoftPhone

software images

deleting 122

downloading 10

upgrading 10

uploading 16

software version, displaying 666

source ports, MVR 388

SPAN

configuring 381

debug messages, display 28

filter SPAN traffic 381

sessions

add interfaces to 381

start new 381

spanning-tree backbonefast command 698

spanning-tree bpdufilter command 699

spanning-tree bpduguard command 701

spanning-tree cost command 703

spanning-tree etherchannel command 705

spanning-tree extend system-id command 707

spanning-tree guard command 709

spanning-tree link-type command 711

spanning-tree loopguard default command 713

spanning-tree mode command 714

spanning-tree mst configuration command 716

spanning-tree mst cost command 718

spanning-tree mst forward-time command 720

spanning-tree mst hello-time command 721

spanning-tree mst max-age command 722

spanning-tree mst max-hops command 723

spanning-tree mst port-priority command 725

spanning-tree mst pre-standard command 727

spanning-tree mst priority command 728

spanning-tree mst root command 729

spanning-tree portfast (global configuration) command 733

spanning-tree portfast (interface configuration) command 735

spanning-tree port-priority command 731

Spanning Tree Protocol

See STP

spanning-tree transmit hold-count command 737

spanning-tree uplinkfast command 738

spanning-tree vlan command 740

speed command 743

srr-queue bandwidth limit command 745

srr-queue bandwidth share command 749

SSH, configuring version 269

static-access ports, configuring 756

statistics, Ethernet group 451

sticky learning, enabling 774

storm-control command 751

STP

BackboneFast 698

counters, clearing 104

debug messages, display

BackboneFast events 80

MSTP 83

optimized BPDUs handling 82

spanning-tree activity 78

switch shim 85

transmitted and received BPDUs 81

UplinkFast 87

detection of indirect link failures 698

enabling protocol tunneling for 300

EtherChannel misconfiguration 705

extended system ID 707

path cost 703

protocol modes 714

root port

accelerating choice of new 738

loop guard 709

preventing from becoming designated 709

restricting which can be root 709

root guard 709

UplinkFast 738

root switch

affects of extended system ID 707, 741

hello-time 740

interval between BDPU messages 740

interval between hello BPDU messages 740

max-age 740

port priority for selection of 731

primary or secondary 740

switch priority 740

state changes

blocking to forwarding state 735

enabling BPDU filtering 699, 733

enabling BPDU guard 701, 733

enabling Port Fast 733, 735

enabling timer to recover from error state 189

forward-delay time 740

length of listening and learning states 740

shutting down Port Fast-enabled ports 733

state information display 654

VLAN options 728, 740

SVIs, creating 201

SVI status calculation 758

Switched Port Analyzer

See SPAN

switching characteristics

modifying 754

returning to interfaces 754

switchport access command 756

switchport autostate exclude command 758

switchport backup interface command 760

switchport block command 764

switchport command 754

switchport host command 766

switchport mode command 767

switchport mode private-vlan command 770

switchport nonegotiate command 772

switchport port-security aging command 779

switchport port-security command 774

switchport priority extend command 781

switchport private-vlan command 783

switchport protected command 785

switchports, displaying 535

switchport trunk command 787

switchport voice vlan command 790, 791

system env temperature threshold yellow command 793

system message logging 316

system message logging, save message to flash 317

system mtu command 795

system resource templates 452

T

tar files, creating, listing, and extracting 13

TDR, running 797

Telnet, using to communicate to cluster switches 445

temperature information, displaying 522

templates, system resources 452

test cable-diagnostics tdr command 797

traceroute mac command 798

traceroute mac ip command 801

trunking, VLAN mode 767

trunk mode 767

trunk ports 767

trunks, to non-DTP device 768

trusted boundary for QoS 378

trusted port states for QoS 378

tunnel ports, Layer 2 protocol, displaying 588

type (boot loader) command 22

U

UDLD

aggressive mode 805, 807

debug messages, display 94

enable globally 805

enable per interface 807

error recovery timer 189

message timer 805

normal mode 805, 807

reset a shutdown interface 809

status 663

udld command 805

udld port command 807

udld reset command 809

unicast storm control 751

UniDirectional Link Detection

See UDLD

unknown multicast traffic, preventing 764

unknown unicast traffic, preventing 764

unset (boot loader) command 23

upgrading

software images

downloading 10

monitoring status of 471

UplinkFast, for STP 738

user EXEC mode 2

V

version (boot loader) command 25

vlan (global configuration) command 810

vlan access-map command 815

VLAN access map configuration mode 815

VLAN access maps

actions 6

displaying 673

VLAN-based QoS 380

VLAN configuration

rules 813

saving 810

VLAN configuration mode

description 4

summary 2

vlan dot1q tag native command 817

vlan filter command 818

VLAN filters, displaying 674

VLAN ID range 810

VLAN maps

applying 818

creating 815

defining 337

displaying 673

VLAN Query Protocol

See VQP

VLANs

adding 810

configuring 810

debug messages, display

ISL 91

VLAN IOS file system error tests 90

VLAN manager activity 88

VTP 92

displaying configurations 668

enabling guest VLAN supplicant 143, 154, 194

extended-range 810

MAC addresses

displaying 617

number of 607

media types 813

normal-range 810

private 770

configuring 434

displaying 668

See also private VLANs

restarting 684

saving the configuration 810

shutting down 684

SNMP traps for VTP 689, 693

suspending 684

VLAN Trunking Protocol

See VTP

VMPS

configuring servers 823

displaying 675

error recovery timer 190

reconfirming dynamic VLAN assignments 820

vmps reconfirm (global configuration) command 821

vmps reconfirm (privileged EXEC) command 820

vmps retry command 822

vmps server command 823

voice VLAN

configuring 790, 791

setting port priority 781

VQP

and dynamic-access ports 757

clearing client statistics 106

displaying information 675

per-server retry count 822

reconfirmation interval 821

reconfirming dynamic VLAN assignments 820

VTP

changing characteristics 825

clearing pruning counters 107

configuring

domain name 825

file name 825

mode 825

password 826

counters display fields 678

displaying information 677

enabling

pruning 826

tunneling for 300

Version 2 826

enabling per port 830

mode 825

pruning 826

saving the configuration 810

statistics 677

status 677

status display fields 680

vtp (global configuration) command 825

vtp interface configuration) command 830

vtp primary command 831