Index A
aaa accounting dot1x command 2-1
aaa authentication dot1x command 2-3
aaa authorization network command 2-5, 2-22, 2-29, 2-31, 2-34, 2-36, 2-38, 2-154, 2-329, 2-331, 2-332, 2-527, B-7, B-38
AAA methods 2-3
access control entries
See ACEs
access control lists
See ACLs
access groups
IP 2-211
MAC, displaying 2-647
access list, IPv6 2-284
access map configuration mode 2-350
access mode 2-832
access ports 2-832
ACEs 2-141, 2-437
ACLs
deny 2-139
displaying 2-509
for non-IP protocols 2-336
IP 2-211
matching 2-350
on Layer 2 interfaces 2-211
permit 2-435
action command 2-6
address aliasing 2-407
aggregate-port learner 2-421
allowed VLANs 2-852
archive download-sw command 2-10
archive tar command 2-13
archive upload-sw command 2-16
arp access-list command 2-18
authentication command bounce-port ignore 2-20
authentication command disable-port ignore 2-21
authentication control-direction command 2-22
authentication event command 2-24
authentication event linksec fail action command 2-28
authentication failed VLAN
See dot1x auth-fail vlan
authentication fallback command 2-29
authentication host-mode command 2-31
authentication linksec policy command 2-33
authentication mac-move permit command 2-34
authentication open command 2-36
authentication order command 2-38
authentication periodic command 2-40
authentication port-control command 2-42
authentication priority command 2-44
authentication timer command 2-46
authentication violation command 2-48
auth-fail max-attempts
See dot1x auth-fail max-attempts
auth-fail vlan
See dot1x auth-fail vlan
auth open command 2-36
auth order command 2-38
authorization state of controlled port 2-174
auth timer command 2-46
autonegotiation of duplex mode 2-189
auto qos classify command 2-50
auto qos trust command 2-53
auto qos video command 2-56
auto qos voip command 2-59
B
BackboneFast, for STP 2-763
backup interfaces
configuring 2-825
displaying 2-579
boot (boot loader) command A-2
boot auto-download-sw command 2-65
boot config-file command 2-68
boot enable-break command 2-69
boot helper command 2-70
boot helper-config file command 2-71
booting
Cisco IOS image 2-74
displaying environment variables 2-522
interrupting 2-65, 2-69
manually 2-72
boot loader
accessing A-1
booting
Cisco IOS image A-2
helper image 2-70
directories
creating A-14
displaying a list of A-7
removing A-18
displaying
available commands A-12
memory heap utilization A-13
version A-25
environment variables
described A-19
displaying settings A-19
location of A-20
setting A-19
unsetting A-23
files
copying A-5
deleting A-6
displaying a list of A-7
displaying the contents of A-4, A-15, A-22
renaming A-16
file system
formatting A-10
initializing flash A-9
running a consistency check A-11
prompt A-1
resetting the system A-17
boot manual command 2-72
boot private-config-file command 2-73
boot system command 2-74
BPDU filtering, for spanning tree 2-764, 2-798
BPDU guard, for spanning tree 2-766, 2-798
broadcast storm control 2-816
C
candidate switches
See clusters
cat (boot loader) command A-4
CDP, enabling protocol tunneling for 2-308
channel-group command 2-76
channel-protocol command 2-79
Cisco IP camera
auto-QoS configuration 2-56
Cisco SoftPhone
auto-QoS configuration 2-59
trusting packets sent from 2-399
Cisco Telepresence System
auto-QoS configuration 2-56
CISP
See Client Information Signalling Protocol
cisp
debug platform cisp command B-38
cisp enable command 2-80
class command 2-81
class-map command 2-84
class maps
creating 2-84
defining the match criteria 2-352
displaying 2-528
class of service
See CoS
clear dot1x command 2-87
clear eap sessions command 2-88
clear errdisable interface 2-89
clear ip arp inspection log command 2-86
clear ip arp inspection statistics command 2-90
clear ipc command 2-93
clear ip dhcp snooping database command 2-91
clear ipv6 dhcp conflict command 2-94
clear l2protocol-tunnel counters command 2-95
clear lacp command 2-96
clear logging smartlog statistics interface command 2-97
clear mac address-table command 2-98, 2-100
clear macsec counters interface command 2-101
clear mka command 2-102
clear nmsp statistics command 2-104
clear pagp command 2-105, 2-109
clear port-security command 2-106
clear psp counter 2-108
clear psp counter command 2-108
clear spanning-tree counters command 2-110
clear spanning-tree detected-protocols command 2-111
clear vmps statistics command 2-112
clear vtp counters command 2-113
Client Information Signalling Protocol 2-80, 2-154, 2-527, B-7, B-38
cluster commander-address command 2-114
cluster discovery hop-count command 2-116
cluster enable command 2-117
cluster holdtime command 2-118
cluster member command 2-119
cluster outside-interface command 2-121
cluster run command 2-122
clusters
adding candidates 2-119
binding to HSRP group 2-123
building manually 2-119
communicating with
devices outside the cluster 2-121
members by using Telnet 2-470
debug messages, display B-8
displaying
candidate switches 2-531
debug messages B-8
member switches 2-533
status 2-529
hop-count limit for extended discovery 2-116
HSRP standby groups 2-123
redundancy 2-123
SNMP trap 2-752
cluster standby-group command 2-123
cluster timer command 2-125
command modes defined 1-1
command switch
See clusters
confidentiality-offset command 2-126
configuration files
password recovery disable considerations A-1
specifying the name 2-68, 2-73
configuring multiple interfaces 2-207
config-vlan mode
commands 2-877
entering 2-876
copy (boot loader) command A-5
CoS
assigning default value to incoming packets 2-369
assigning to Layer 2 protocol packets 2-311
overriding the incoming value 2-369
CoS-to-DSCP map 2-373
CPU ASIC statistics, displaying 2-535
crashinfo files 2-200
critical VLAN 2-26
D
debug authentication B-2
debug auto qos command B-4
debug backup command B-6
debug cisp command B-7
debug cluster command B-8
debug dot1x command B-10
debug dtp command B-12
debug eap command B-13
debug etherchannel command B-14
debug ilpower command B-15
debug interface command B-16
debug ip dhcp snooping command B-17
debug ip igmp filter command B-19
debug ip igmp max-groups command B-20
debug ip igmp snooping command B-21
debug ip verify source packet command B-18
debug lacp command B-22
debug lldp packets command B-23
debug mac-notification command B-25
debug macsec command B-26
debug matm command B-27
debug matm move update command B-28
debug mka command B-29
debug monitor command B-31
debug mvrdbg command B-32
debug nmsp command B-33
debug nvram command B-34
debug pagp command B-35
debug platform acl command B-36
debug platform backup interface command B-37
debug platform cisp command B-38
debug platform configuration command B-46
debug platform cpu-queues command B-39
debug platform device-manager command B-41
debug platform dot1x command B-42
debug platform etherchannel command B-43
debug platform fallback-bridging command B-44
debug platform forw-tcam command B-45
debug platform ip arp inspection command B-47
debug platform ip dhcp command B-48
debug platform ip igmp snooping command B-49
debug platform ip multicast command B-51
debug platform ip source-guard command B-53
debug platform ip unicast command B-54
debug platform ip wccp command B-56
debug platform led command B-57
debug platform matm command B-58
debug platform messaging application command B-59
debug platform phy command B-60
debug platform pm command B-62
debug platform port-asic command B-64
debug platform port-security command B-65
debug platform qos-acl-tcam command B-66
debug platform remote-commands command B-67
debug platform resource-manager command B-68
debug platform snmp command B-69
debug platform span command B-70
debug platform supervisor-asic command B-71
debug platform sw-bridge command B-72
debug platform tcam command B-73
debug platform udld command B-75
debug platform vlan command B-76
debug pm command B-77
debug port-security command B-79
debug qos-manager command B-80
debug spanning-tree backbonefast command B-83
debug spanning-tree bpdu command B-84
debug spanning-tree bpdu-opt command B-85
debug spanning-tree command B-81
debug spanning-tree mstp command B-86
debug spanning-tree switch command B-88
debug spanning-tree uplinkfast command B-90
debug sw-vlan command B-91
debug sw-vlan ifs command B-93
debug sw-vlan notification command B-94
debug sw-vlan vtp command B-95
debug udld command B-97
debug vqpc command B-99
default policy, MKA 2-359
define interface-range command 2-127
delete (boot loader) command A-6
delete command 2-129
deny (ARP access-list configuration) command 2-132
deny (IPv6) command 2-134
deny command 2-139
detect mechanism, causes 2-191
DHCP snooping
accepting untrusted packets from edge switch 2-244
enabling
on a VLAN 2-250
option 82 2-242, 2-244
trust on an interface 2-248
error recovery timer 2-197
rate limiting 2-247
DHCP snooping binding database
binding file, configuring 2-240
bindings
adding 2-238
deleting 2-238
clearing database agent statistics 2-91
database agent, configuring 2-240
renewing 2-474
dir (boot loader) command A-7
directories, deleting 2-129
domain name, VTP 2-891
dot1x auth-fail max-attempts 2-149
dot1x auth-fail vlan 2-150
dot1x command 2-147
dot1x control-direction command 2-152
dot1x credentials (global configuration) command 2-154
dot1x critical global configuration command 2-155
dot1x critical interface configuration command 2-157
dot1x default command 2-159
dot1x fallback command 2-160
dot1x guest-vlan command 2-161
dot1x host-mode command 2-164
dot1x initialize command 2-166
dot1x mac-auth-bypass command 2-167
dot1x max-reauth-req command 2-169
dot1x max-req command 2-171
dot1x multiple-hosts command 2-172
dot1x pae command 2-173
dot1x port-control command 2-174
dot1x re-authenticate command 2-176
dot1x re-authentication command 2-177
dot1x reauthentication command 2-178
dot1x supplicant controlled transient command 2-179
dot1x supplicant force-multicast command 2-181
dot1x test eapol-capable command 2-182
dot1x test timeout command 2-183
dot1x timeout command 2-184
dot1x violation-mode command 2-187
dropping packets, with ACL matches 2-6
drop threshold, Layer 2 protocol tunneling 2-308
DSCP-to-CoS map 2-373
DSCP-to-DSCP-mutation map 2-373
DTP 2-833
DTP flap
error detection for 2-191
error recovery timer 2-197
DTP negotiation 2-837
dual-purpose uplink ports
displaying configurable options 2-582
selecting the type 2-355
duplex command 2-188
dynamic-access ports
configuring 2-821
restrictions 2-822
dynamic ARP inspection
ARP ACLs
apply to a VLAN 2-219
define 2-18
deny packets 2-132
display 2-513
permit packets 2-427
clear
log buffer 2-86
statistics 2-90
display
ARP ACLs 2-513
configuration and operating state 2-594
log buffer 2-594
statistics 2-594
trust state and rate limit 2-594
enable per VLAN 2-231
error detection for 2-191
error recovery timer 2-197
log buffer
clear 2-86
configure 2-223
display 2-594
rate-limit incoming ARP packets 2-221
statistics
clear 2-90
display 2-594
trusted interface state 2-227
type of packet logged 2-232
validation checks 2-229
dynamic auto VLAN membership mode 2-832
dynamic desirable VLAN membership mode 2-832
Dynamic Host Configuration Protocol (DHCP)
See DHCP snooping
Dynamic Trunking Protocol
See DTP
E
EAP-request/identity frame
maximum number to send 2-171
response time before retransmitting 2-184
encapsulation methods 2-852
environment variables, displaying 2-522
epm access-control open 2-190
errdisable detect cause command 2-191
errdisable detect cause small-frame comand 2-194
errdisable recovery cause small-frame 2-196
errdisable recovery command 2-197
error conditions, displaying 2-570
error disable detection 2-191
error-disabled interfaces, displaying 2-579
EtherChannel
assigning Ethernet interface to channel group 2-76
creating port-channel logical interface 2-205
debug EtherChannel/PAgP, display B-14
debug platform-specific events, display B-43
displaying 2-573
enabling Layer 2 protocol tunneling for
LACP 2-309
PAgP 2-309
UDLD 2-309
interface information, displaying 2-579
LACP
clearing channel-group information 2-96
debug messages, display B-22
displaying 2-636
modes 2-76
port priority for hot-standby ports 2-312
restricting a protocol 2-79
system priority 2-314
load-distribution methods 2-445
PAgP
aggregate-port learner 2-421
clearing channel-group information 2-105
debug messages, display B-35
displaying 2-703
error detection for 2-191
error recovery timer 2-197
learn method 2-421
modes 2-76
physical-port learner 2-421
priority of interface for transmitted traffic 2-423
Ethernet controller, internal register display 2-537
Ethernet statistics, collecting 2-492
exception crashinfo command 2-200
extended discovery of candidate switches 2-116
extended-range VLANs
and allowed VLAN list 2-852
and pruning-eligible list 2-852
configuring 2-876
extended system ID for STP 2-772
F
fallback profile command 2-201
fallback profiles, displaying 2-576
fan information, displaying 2-566
file name, VTP 2-891
files, deleting 2-129
flash_init (boot loader) command A-9
flexible authentication ordering 2-38
Flex Links
configuring 2-825
configuring preferred VLAN 2-827
displaying 2-579
flowcontrol command 2-203
format (boot loader) command A-10
forwarding packets, with ACL matches 2-6
fsck (boot loader) command A-11
G
global configuration mode 1-2, 1-3
H
hardware ACL statistics 2-509
help (boot loader) command A-12
hierarchical policy maps 2-443
hop-count limit for clusters 2-116
host connection, port configuration 2-831
host ports, private VLANs 2-835
Hot Standby Router Protocol
See HSRP
HSRP
binding HSRP group to cluster 2-123
standby group 2-123
I
IEEE 802.1Q trunk ports and native VLANs 2-883
IEEE 802.1Q tunnel ports
configuring 2-832
limitations 2-833
IEEE 802.1x
and switchport modes 2-833
violation error recovery 2-197
See also port-based authentication
IEEE 802.1X Port Based Authentication
enabling guest VLAN supplicant 2-149, 2-160, 2-202
IGMP filters
applying 2-254
debug messages, display B-19
IGMP groups, setting maximum 2-255
IGMP maximum groups, debugging B-20
IGMP profiles
creating 2-257
displaying 2-606
IGMP snooping
adding ports as a static member of a group 2-273
displaying 2-607
enabling 2-259
enabling the configurable-leave timer 2-261
enabling the Immediate-Leave feature 2-270
flooding query count 2-267
interface topology change notification behavior 2-269
querier 2-263
query solicitation 2-267
report suppression 2-265
switch topology change notification behavior 2-267
images
See software images
Immediate-Leave feature, MVR 2-409
immediate-leave processing 2-270
Immediate-Leave processing, IPv6 2-304
interface configuration mode 1-2, 1-4
interface port-channel command 2-205
interface range command 2-207
interface-range macros 2-127
interfaces
assigning Ethernet interface to channel group 2-76
configuring 2-188
configuring multiple 2-207
creating port-channel logical 2-205
debug messages, display B-16
disabling 2-748
displaying the MAC address table 2-656
restarting 2-748
interface speed, configuring 2-808
interface vlan command 2-209
internal registers, displaying 2-537, 2-549
Internet Group Management Protocol
See IGMP
invalid GBIC
error detection for 2-191
error recovery timer 2-197
ip access-group command 2-211
ip address command 2-214
IP addresses, setting 2-214
IP address matching 2-350
ip admission command 2-216
ip admission name proxy http command 2-217
ip arp inspection filter vlan command 2-219
ip arp inspection limit command 2-221
ip arp inspection log-buffer command 2-223
ip arp inspection trust command 2-227
ip arp inspection validate command 2-229
ip arp inspection vlan command 2-231
ip arp inspection vlan logging command 2-232
ip device tracking command 2-236
ip device tracking probe command 2-234
IP DHCP snooping
See DHCP snooping
ip dhcp snooping binding command 2-238
ip dhcp snooping command 2-237
ip dhcp snooping database command 2-240
ip dhcp snooping information option allow-untrusted command 2-244
ip dhcp snooping information option command 2-242
ip dhcp snooping information option format remote-id command 2-246
ip dhcp snooping limit rate command 2-247
ip dhcp snooping trust command 2-248
ip dhcp snooping verify command 2-249
ip dhcp snooping vlan command 2-250
ip dhcp snooping vlan information option format-type circuit-id string command 2-252
ip igmp filter command 2-254
ip igmp max-groups command 2-255, 2-278, 2-280
ip igmp profile command 2-257
ip igmp snooping command 2-259
ip igmp snooping last-member-query-interval command 2-261
ip igmp snooping querier command 2-263
ip igmp snooping report-suppression command 2-265
ip igmp snooping tcn command 2-267
ip igmp snooping tcn flood command 2-269
ip igmp snooping vlan immediate-leave command 2-270
ip igmp snooping vlan mrouter command 2-271
ip igmp snooping vlan static command 2-273
IP multicast addresses 2-406
IP phones
auto-QoS configuration 2-59
trusting packets sent from 2-399
IP-precedence-to-DSCP map 2-373
ip source binding command 2-275
IP source guard
disabling 2-282
enabling 2-282
static IP source bindings 2-275
ip ssh command 2-277
IPv6 access list, deny conditions 2-134
ipv6 access-list command 2-284
ipv6 address dhcp command 2-286
ipv6 dhcp client request vendor command 2-287
ipv6 dhcp ping packets command 2-288
ipv6 dhcp pool command 2-289
ipv6 dhcp server command 2-291
ipv6 mld snooping command 2-293
ipv6 mld snooping last-listener-query count command 2-295
ipv6 mld snooping last-listener-query-interval command 2-297
ipv6 mld snooping listener-message-suppression command 2-299
ipv6 mld snooping robustness-variable command 2-300
ipv6 mld snooping tcn command 2-302
ipv6 mld snooping vlan command 2-304
IPv6 SDM template 2-493
ipv6 traffic-filter command 2-306
ip verify source command 2-282
ip verify source smartlog command 2-283
J
jumbo frames
See MTU
L
l2protocol-tunnel command 2-308
l2protocol-tunnel cos command 2-311
LACP
See EtherChannel
lacp port-priority command 2-312
lacp system-priority command 2-314
Layer 2 mode, enabling 2-819
Layer 2 protocol-tunnel
error detection for 2-191
error recovery timer 2-197
Layer 2 protocol tunnel counters 2-95
Layer 2 protocol tunneling error recovery 2-309
Layer 2 traceroute
IP addresses 2-866
MAC addresses 2-863
Layer 3 mode, enabling 2-819
line configuration mode 1-2, 1-4
Link Aggregation Control Protocol
See EtherChannel
link flap
error detection for 2-191
error recovery timer 2-197
link-security authentication 2-28
link-security policies 2-33
link state group command 2-316
link state track command 2-318
load-distribution methods for EtherChannel 2-445
location (global configuration) command 2-319
location (interface configuration) command 2-321
logging event command 2-323
logging event power-inline-status command 2-324
logging file command 2-325
logical interface 2-205
loopback error
detection for 2-191
recovery timer 2-197
loop guard, for spanning tree 2-774, 2-778
M
mab request format attribute 1 command 2-329
mab request format attribute 2 command 2-331
mab request format attribute 32 command 2-332
mac access-group command 2-334
MAC access-groups, displaying 2-647
MAC access list configuration mode 2-336
mac access-list extended command 2-336
MAC access lists 2-139
MAC addresses
disabling MAC address learning per VLAN 2-339
displaying
dynamic 2-654
notification settings 2-659
number of addresses in a VLAN 2-653
per interface 2-656
per VLAN 2-663
static 2-661
static and dynamic entries 2-648
dynamic
aging time 2-338
deleting 2-98
displaying 2-654
enabling MAC address notification 2-343
enabling MAC address-table move update 2-341
matching 2-350
static
adding and removing 2-345
displaying 2-661
dropping on an interface 2-346
MAC address notification, debugging B-25
mac address-table aging-time 2-334, 2-350
mac address-table aging-time command 2-338
mac address-table learning command 2-339
mac address-table move update command 2-341
mac address-table notification command 2-343
mac address-table static command 2-345
mac address-table static drop command 2-346
macros
interface range 2-127, 2-207
MACsec
counters 2-101, 2-544
debugging B-26
displaying 2-665
enabling 2-348
registers 2-544
macsec command 2-348
maps
QoS
defining 2-373
VLAN
creating 2-881
defining 2-350
displaying 2-739
match (access-map configuration) command 2-350
match (class-map configuration) command 2-352
maximum transmission unit
See MTU
mdix auto command 2-354
Media Access Control Security
See MACsec.
media-type (interface configuration) command 2-355
media-type rj45 (line configuration) command 2-357
member switches
See clusters
memory (boot loader) command A-13
MKA
confidentiality 2-126
debugging B-29
displaying default policy 2-667
displaying policies 2-669
displaying sessions 2-672
displaying sessions and statistics 2-678
displaying statistics 2-675
policy configuration mode 2-361
MKA, enabling 2-363
mka default policy command 2-359
mka policy global configuration command 2-361
mka policy interface configuration command 2-363
mkdir (boot loader) command A-14
MLD snooping
configuring 2-299, 2-300
configuring queries 2-295, 2-297
configuring topology change notification 2-302
displaying 2-624
enabling 2-293
MLD snooping on a VLAN, enabling 2-304
mls qos aggregate-policer command 2-367
mls qos command 2-365
mls qos cos command 2-369
mls qos dscp-mutation command 2-371
mls qos map command 2-373
mls qos queue-set output buffers command 2-377
mls qos queue-set output threshold command 2-379
mls qos rewrite ip dscp command 2-381
mls qos srr-queue input bandwidth command 2-383
mls qos srr-queue input buffers command 2-385
mls qos-srr-queue input cos-map command 2-387
mls qos srr-queue input dscp-map command 2-389
mls qos srr-queue input priority-queue command 2-391
mls qos srr-queue input threshold command 2-393
mls qos-srr-queue output cos-map command 2-395
mls qos srr-queue output dscp-map command 2-397
mls qos trust command 2-399
mls qos vlan-based command 2-401
mode, MVR 2-406
Mode button, and password recovery 2-497
modes, commands 1-1
monitor session command 2-402
more (boot loader) command A-15
MSTP
displaying 2-721
interoperability 2-111
link type 2-776
MST region
aborting changes 2-781
applying changes 2-781
configuration name 2-781
configuration revision number 2-781
current or pending display 2-781
displaying 2-721
MST configuration mode 2-781
VLANs-to-instance mapping 2-781
path cost 2-783
protocol mode 2-779
restart protocol migration process 2-111
root port
loop guard 2-774
preventing from becoming designated 2-774
restricting which can be root 2-774
root guard 2-774
root switch
affects of extended system ID 2-772
hello-time 2-786, 2-794
interval between BDPU messages 2-787
interval between hello BPDU messages 2-786, 2-794
max-age 2-787
maximum hop count before discarding BPDU 2-788
port priority for selection of 2-790
primary or secondary 2-794
switch priority 2-793
state changes
blocking to forwarding state 2-800
enabling BPDU filtering 2-764, 2-798
enabling BPDU guard 2-766, 2-798
enabling Port Fast 2-798, 2-800
forward-delay time 2-785
length of listening and learning states 2-785
rapid transition to forwarding 2-776
shutting down Port Fast-enabled ports 2-798
state information display 2-720
MTU
configuring size 2-860
displaying global setting 2-728
Multicase Listener Discovery
See MLD
multicast group address, MVR 2-409
multicast groups, MVR 2-407
Multicast Listener Discovery
See MLD
multicast router learning method 2-271
multicast router ports, configuring 2-271
multicast router ports, IPv6 2-304
multicast storm control 2-816
multicast VLAN, MVR 2-406
multicast VLAN registration
See MVR
Multiple Spanning Tree Protocol
See MSTP
MVR
and address aliasing 2-407
configuring 2-406
configuring interfaces 2-409
debug messages, display B-32
displaying 2-694
displaying interface information 2-695
members, displaying 2-697
mvr (global configuration) command 2-406
mvr (interface configuration) command 2-409
mvr vlan group command 2-410
N
native VLANs 2-852
native VLAN tagging 2-883
Network Admission Control Software Configuration Guide 2-216, 2-218
network-policy (global configuration) command 2-413
network-policy command 2-412
network-policy profile (network-policy configuration) command 2-414
nmsp attachment suppress command 2-417
nmsp command 2-416
no authentication logging verbose 2-418
no dot1x logging verbose 2-419
no mab logging verbose 2-420
nonegotiate, speed 2-808
nonegotiating DTP messaging 2-837
non-IP protocols
denying 2-139
forwarding 2-435
non-IP traffic access lists 2-336
non-IP traffic forwarding
denying 2-139
permitting 2-435
normal-range VLANs 2-876
no vlan command 2-876
O
online diagnostics
displaying
configured boot-up coverage level 2-553
current scheduled tasks 2-553
event logs 2-553
supported test suites 2-553
test ID 2-553
test results 2-553
test statistics 2-553
global configuration mode
clearing health monitoring diagnostic test schedule 2-90
clearing test-based testing schedule 2-144
setting health monitoring diagnostic testing 2-90
setting test-based testing 2-144
setting up health monitoring diagnostic test schedule 2-90
setting up test-based testing 2-144
health monitoring diagnostic tests, configuring 2-142
scheduled switchover
disabling 2-144
enabling 2-144
scheduling
enabling 2-144
removing 2-144
testing, starting 2-146
test interval, setting 2-144
P
PAgP
See EtherChannel
pagp learn-method command 2-421
pagp port-priority command 2-423
password, VTP 2-892
password-recovery mechanism, enabling and disabling 2-497
permit (ARP access-list configuration) command 2-427
permit (IPv6) command 2-429
permit (MAC access-list configuration) command 2-435
per-VLAN spanning-tree plus
See STP
physical-port learner 2-421
PIM-DVMRP, as multicast router learning method 2-271
PoE
configuring the power budget 2-449
configuring the power management mode 2-446
displaying controller register values 2-547
displaying power management information 2-708
logging of status 2-324
monitoring power 2-452
policing power consumption 2-452
police aggregate command 2-440
police command 2-438
policed-DSCP map 2-373
policy-map command 2-442
policy maps
applying to an interface 2-499, 2-504
creating 2-442
hierarchical 2-443
policers
displaying 2-682
for a single class 2-438
for multiple classes 2-367, 2-440
policed-DSCP map 2-373
traffic classification
defining the class 2-81
defining trust states 2-868
setting DSCP or IP precedence values 2-502
Port Aggregation Protocol
See EtherChannel
port-based authentication
AAA method list 2-3
configuring violation modes 2-187
debug messages, display B-10
enabling IEEE 802.1x
globally 2-147
per interface 2-174
guest VLAN 2-161
host modes 2-164
IEEE 802.1x AAA accounting methods 2-1
initialize an interface 2-166, 2-183
MAC authentication bypass 2-167
manual control of authorization state 2-174
PAE as authenticator 2-173
periodic re-authentication
enabling 2-178
time between attempts 2-184
quiet period between failed authentication exchanges 2-184
re-authenticating IEEE 802.1x-enabled ports 2-176
resetting configurable IEEE 802.1x parameters 2-159
switch-to-authentication server retransmission time 2-184
switch-to-client frame-retransmission number 2-169 to 2-171
switch-to-client retransmission time 2-184
test for IEEE 802.1x readiness 2-182
port-channel load-balance command 2-445
Port Fast, for spanning tree 2-800
port ranges, defining 2-127
ports, debugging B-77
ports, protected 2-850
port security
aging 2-844
debug messages, display B-79
enabling 2-839
violation error recovery 2-197
port trust states for QoS 2-399
port types, MVR 2-409
power information, displaying 2-566
power inline command 2-446
power inline consumption command 2-449
power inline four-pair forced command 2-451
power inline police command 2-452
Power over Ethernet
See PoE
power rps command (user EXEC) 2-455
priority-queue command 2-457
private-vlan command 2-459
private-vlan mapping command 2-462
private VLANs
association 2-848
configuring 2-459
configuring ports 2-835
displaying 2-734
host ports 2-835
mapping
configuring 2-848
displaying 2-579
promiscuous ports 2-835
privileged EXEC mode 1-2, 1-3
promiscuous ports, private VLANs 2-835
protected ports, displaying 2-584
pruning
VLANs 2-852
VTP
displaying interface information 2-579
enabling 2-892
pruning-eligible VLAN list 2-854
psp 2-464
psp command 2-464
PVST+
See STP
Q
QoS
auto-QoS
configuring 2-59
debug messages, display B-4
auto-QoS trust
configuring 2-53
auto-QoS video
configuring 2-56
class maps
creating 2-84
defining the match criteria 2-352
displaying 2-528
defining the CoS value for an incoming packet 2-369
displaying configuration information 2-681
DSCP transparency 2-381
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 2-371
defining DSCP-to-DSCP-mutation map 2-373
egress queues
allocating buffers 2-377
defining the CoS output queue threshold map 2-395
defining the DSCP output queue threshold map 2-397
displaying buffer allocations 2-684
displaying CoS output queue threshold map 2-687
displaying DSCP output queue threshold map 2-687
displaying queueing strategy 2-684
displaying queue-set settings 2-690
enabling bandwidth shaping and scheduling 2-812
enabling bandwidth sharing and scheduling 2-814
limiting the maximum output on a port 2-810
mapping a port to a queue-set 2-465
mapping CoS values to a queue and threshold 2-395
mapping DSCP values to a queue and threshold 2-397
setting maximum and reserved memory allocations 2-379
setting WTD thresholds 2-379
enabling 2-365
ingress queues
allocating buffers 2-385
assigning SRR scheduling weights 2-383
defining the CoS input queue threshold map 2-387
defining the DSCP input queue threshold map 2-389
displaying buffer allocations 2-684
displaying CoS input queue threshold map 2-687
displaying DSCP input queue threshold map 2-687
displaying queueing strategy 2-684
displaying settings for 2-683
enabling the priority queue 2-391
mapping CoS values to a queue and threshold 2-387
mapping DSCP values to a queue and threshold 2-389
setting WTD thresholds 2-393
maps
defining 2-373, 2-387, 2-389, 2-395, 2-397
policy maps
applying an aggregate policer 2-440
applying to an interface 2-499, 2-504
creating 2-442
defining policers 2-367, 2-438
displaying policers 2-682
hierarchical 2-443
policed-DSCP map 2-373
setting DSCP or IP precedence values 2-502
traffic classifications 2-81
trust states 2-868
port trust states 2-399
queues, enabling the expedite 2-457
statistics
in-profile and out-of-profile packets 2-684
packets enqueued or dropped 2-684
sent and received CoS values 2-684
sent and received DSCP values 2-684
trusted boundary for IP phones 2-399
VLAN-based 2-401
quality of service
See QoS
querytime, MVR 2-406
queue-set command 2-465
R
radius-server dead-criteria command 2-466
radius-server host command 2-468
rapid per-VLAN spanning-tree plus
See STP
rapid PVST+
See STP
rcommand command 2-470
re-authenticating IEEE 802.1x-enabled ports 2-176
re-authentication
periodic 2-178
time between attempts 2-184
receiver ports, MVR 2-409
receiving flow-control packets 2-203
recovery mechanism
causes 2-197
display 2-89, 2-524, 2-568, 2-571
timer interval 2-198
redundancy for cluster switches 2-123
redundant power supply
See RPS
remote-span command 2-472
Remote Switched Port Analyzer
See RSPAN
rename (boot loader) command A-16
renew ip dhcp snooping database command 2-474
rep admin vlan command 2-476
rep block port command 2-477
replay protection, MACsec 2-490
replay-protection window-size command 2-490
rep lsl-age-timer command 2-481
rep preempt delay command 2-482
rep preempt segment command 2-484
rep segment command 2-485
rep stcn command 2-488
reset (boot loader) command A-17
restricted VLAN
See dot1x auth-fail vlan
rmdir (boot loader) command A-18
rmon collection stats command 2-492
root guard, for spanning tree 2-774
routed ports
IP addresses on 2-215
number supported 2-215
RPS 2300
configuring 2-455
managing 2-455
RSPAN
configuring 2-402
filter RSPAN traffic 2-402
remote-span command 2-472
S
scheduled switchover
disabling 2-144
enabling 2-144
sdm prefer command 2-493
SDM templates
allowed resources 2-494
displaying 2-716
dual IPv4 and IPv6 2-493
secure ports, limitations 2-841
sending flow-control packets 2-203
service password-recovery command 2-497
service-policy command 2-499
set (boot loader) command A-19
set command 2-502
setup command 2-504
setup express command 2-507
show access-lists command 2-509
show archive status command 2-512
show arp access-list command 2-513
show authentication command 2-514
show auto qos command 2-518
show boot command 2-522
show cable-diagnostics tdr command 2-524
show cisp command 2-527
show class-map command 2-528
show cluster candidates command 2-531
show cluster command 2-529
show cluster members command 2-533
show controllers cpu-interface command 2-535
show controllers ethernet-controller command 2-537
show controllers ethernet phy macsec command 2-544
show controllers power inline command 2-547
show controllers tcam command 2-549
show controller utilization command 2-551
show dot1q-tunnel command 2-556
show dot1x command 2-557
show dtp 2-561
show eap command 2-563
show env command 2-566
show errdisable detect command 2-568
show errdisable flap-values command 2-570
show errdisable recovery command 2-571
show etherchannel command 2-573
show fallback profile command 2-576
show flowcontrol command 2-577
show interface rep command 2-591
show interfaces command 2-579
show interfaces counters command 2-589
show inventory command 2-593
show ip arp inspection command 2-594
show ipc command 2-618
show ip dhcp snooping binding command 2-599
show ip dhcp snooping command 2-598
show ip dhcp snooping database command 2-601, 2-603
show ip igmp profile command 2-606
show ip igmp snooping command 2-607, 2-624
show ip igmp snooping groups command 2-610
show ip igmp snooping mrouter command 2-612
show ip igmp snooping querier command 2-613
show ip source binding command 2-615
show ipv6 access-list command 2-621
show ipv6 dhcp conflict command 2-623
show ipv6 route updated 2-632
show ip verify source command 2-616
show l2protocol-tunnel command 2-634
show lacp command 2-636
show link state group command 2-640
show mac access-group command 2-647
show mac address-table address command 2-650
show mac address-table aging time command 2-651
show mac address-table command 2-648
show mac address-table count command 2-653
show mac address-table dynamic command 2-654
show mac address-table interface command 2-656
show mac address-table move update command 2-658
show mac address-table notification command 2-100, 2-659, B-28
show mac address-table static command 2-661
show mac address-table vlan command 2-663
show macsec command 2-665
show mka default-policy command 2-667
show mka policy command 2-669
show mka session command 2-672
show mka statistics command 2-675
show mka summary command 2-678
show mls qos aggregate-policer command 2-682
show mls qos command 2-681
show mls qos input-queue command 2-683
show mls qos interface command 2-684
show mls qos maps command 2-687
show mls qos queue-set command 2-690
show mls qos vlan command 2-691
show monitor command 2-692
show mvr command 2-694
show mvr interface command 2-695
show mvr members command 2-697
show network-policy profile command 2-699
show nmsp command 2-700
show pagp command 2-703
show platform acl command C-2
show platform backup interface command C-3
show platform configuration command C-4
show platform etherchannel command C-5
show platform forward command C-6
show platform frontend-controller command C-8
show platform igmp snooping command C-9
show platform ip multicast command C-10
show platform ip unicast command C-11
show platform ipv6 unicast command C-15
show platform ip wccp command C-14
show platform layer4op command C-17
show platform mac-address-table command C-18
show platform messaging command C-19
show platform monitor command C-20
show platform mvr table command C-21
show platform pm command C-22
show platform port-asic command C-23
show platform port-security command C-27
show platform qos command C-28
show platform resource-manager command C-29
show platform snmp counters command C-31
show platform spanning-tree command C-32
show platform stp-instance command C-33
show platform tcam command C-34
show platform vlan command C-37
show policy-map command 2-705
show port security command 2-706
show power inline command 2-708
show psp config 2-712
show psp config command 2-712
show psp statistics 2-713
show psp statistics command 2-713
show rep topology command 2-714
show sdm prefer command 2-716
show setup express command 2-719
show spanning-tree command 2-720
show storm-control command 2-726
show system mtu command 2-728
show trust command 2-868
show udld command 2-729
show version command 2-732
show vlan access-map command 2-739
show vlan command 2-734
show vlan command, fields 2-736
show vlan filter command 2-740
show vmps command 2-741
show vtp command 2-743
shutdown command 2-748
shutdown threshold, Layer 2 protocol tunneling 2-308
shutdown vlan command 2-749
small violation-rate command 2-750
SNMP host, specifying 2-757
SNMP informs, enabling the sending of 2-752
snmp-server enable traps command 2-752
snmp-server host command 2-757
snmp trap mac-notification change command 2-761
SNMP traps
enabling MAC address notification trap 2-761
enabling the MAC address notification feature 2-343
enabling the sending of 2-752
SoftPhone
See Cisco SoftPhone
software images
deleting 2-129
downloading 2-10
upgrading 2-10
uploading 2-16
software version, displaying 2-732
source ports, MVR 2-409
SPAN
configuring 2-402
debug messages, display B-31
filter SPAN traffic 2-402
sessions
add interfaces to 2-402
start new 2-402
spanning-tree backbonefast command 2-763
spanning-tree bpdufilter command 2-764
spanning-tree bpduguard command 2-766
spanning-tree cost command 2-768
spanning-tree etherchannel command 2-770
spanning-tree extend system-id command 2-772
spanning-tree guard command 2-774
spanning-tree link-type command 2-776
spanning-tree loopguard default command 2-778
spanning-tree mode command 2-779
spanning-tree mst configuration command 2-781
spanning-tree mst cost command 2-783
spanning-tree mst forward-time command 2-785
spanning-tree mst hello-time command 2-786
spanning-tree mst max-age command 2-787
spanning-tree mst max-hops command 2-788
spanning-tree mst port-priority command 2-790
spanning-tree mst pre-standard command 2-792
spanning-tree mst priority command 2-793
spanning-tree mst root command 2-794
spanning-tree portfast (global configuration) command 2-798
spanning-tree portfast (interface configuration) command 2-800
spanning-tree port-priority command 2-796
Spanning Tree Protocol
See STP
spanning-tree transmit hold-count command 2-802
spanning-tree uplinkfast command 2-803
spanning-tree vlan command 2-805
speed command 2-808
srr-queue bandwidth limit command 2-810
srr-queue bandwidth share command 2-814
SSH, configuring version 2-277
static-access ports, configuring 2-821
statistics, Ethernet group 2-492
sticky learning, enabling 2-839
storm-control command 2-816
STP
BackboneFast 2-763
counters, clearing 2-110
debug messages, display
BackboneFast events B-83
MSTP B-86
optimized BPDUs handling B-85
spanning-tree activity B-81
switch shim B-88
transmitted and received BPDUs B-84
UplinkFast B-90
detection of indirect link failures 2-763
enabling protocol tunneling for 2-308
EtherChannel misconfiguration 2-770
extended system ID 2-772
path cost 2-768
protocol modes 2-779
root port
accelerating choice of new 2-803
loop guard 2-774
preventing from becoming designated 2-774
restricting which can be root 2-774
root guard 2-774
UplinkFast 2-803
root switch
affects of extended system ID 2-772, 2-806
hello-time 2-805
interval between BDPU messages 2-805
interval between hello BPDU messages 2-805
max-age 2-805
port priority for selection of 2-796
primary or secondary 2-805
switch priority 2-805
state changes
blocking to forwarding state 2-800
enabling BPDU filtering 2-764, 2-798
enabling BPDU guard 2-766, 2-798
enabling Port Fast 2-798, 2-800
enabling timer to recover from error state 2-197
forward-delay time 2-805
length of listening and learning states 2-805
shutting down Port Fast-enabled ports 2-798
state information display 2-720
VLAN options 2-793, 2-805
SVIs, creating 2-209
SVI status calculation 2-823
Switched Port Analyzer
See SPAN
switching characteristics
modifying 2-819
returning to interfaces 2-819
switchport access command 2-821
switchport autostate exclude command 2-823
switchport backup interface command 2-825
switchport block command 2-829
switchport command 2-819
switchport host command 2-831
switchport mode command 2-832
switchport mode private-vlan command 2-835
switchport nonegotiate command 2-837
switchport port-security aging command 2-844
switchport port-security command 2-839
switchport priority extend command 2-846
switchport private-vlan command 2-848
switchport protected command 2-850
switchports, displaying 2-579
switchport trunk command 2-852
switchport voice vlan command 2-855, 2-856
system env temperature threshold yellow command 2-858
system message logging 2-324
system message logging, save message to flash 2-325
system mtu command 2-860
system resource templates 2-493
T
tar files, creating, listing, and extracting 2-13
TDR, running 2-862
Telnet, using to communicate to cluster switches 2-470
temperature information, displaying 2-566
templates, system resources 2-493
test cable-diagnostics tdr command 2-862
traceroute mac command 2-863
traceroute mac ip command 2-866
trunking, VLAN mode 2-832
trunk mode 2-832
trunk ports 2-832
trunks, to non-DTP device 2-833
trusted boundary for QoS 2-399
trusted port states for QoS 2-399
tunnel ports, Layer 2 protocol, displaying 2-634
type (boot loader) command A-22
U
UDLD
aggressive mode 2-870, 2-872
debug messages, display B-97
enable globally 2-870
enable per interface 2-872
error recovery timer 2-197
message timer 2-870
normal mode 2-870, 2-872
reset a shutdown interface 2-874
status 2-729
udld command 2-870
udld port command 2-872
udld reset command 2-874
unicast storm control 2-816
UniDirectional Link Detection
See UDLD
unknown multicast traffic, preventing 2-829
unknown unicast traffic, preventing 2-829
unset (boot loader) command A-23
upgrading
software images
downloading 2-10
monitoring status of 2-512
UplinkFast, for STP 2-803
usb-inactivity-timeout (console configuration) command 2-875
user EXEC mode 1-2
V
version (boot loader) command A-25
vlan (global configuration) command 2-876
vlan access-map command 2-881
VLAN access map configuration mode 2-881
VLAN access maps
actions 2-6
displaying 2-739
VLAN-based QoS 2-401
VLAN configuration
rules 2-879
saving 2-876
VLAN configuration mode
description 1-4
summary 1-2
vlan dot1q tag native command 2-883
vlan filter command 2-884
VLAN filters, displaying 2-740
VLAN ID range 2-876
VLAN maps
applying 2-884
creating 2-881
defining 2-350
displaying 2-739
VLAN Query Protocol
See VQP
VLANs
adding 2-876
configuring 2-876
debug messages, display
ISL B-94
VLAN IOS file system error tests B-93
VLAN manager activity B-91
VTP B-95
displaying configurations 2-734
enabling guest VLAN supplicant 2-149, 2-160, 2-202
extended-range 2-876
MAC addresses
displaying 2-663
number of 2-653
media types 2-879
normal-range 2-876
private 2-835
configuring 2-459
displaying 2-734
See also private VLANs
restarting 2-749
saving the configuration 2-876
shutting down 2-749
SNMP traps for VTP 2-754, 2-758
suspending 2-749
VLAN Trunking Protocol
See VTP
VMPS
configuring servers 2-889
displaying 2-741
error recovery timer 2-198
reconfirming dynamic VLAN assignments 2-886
vmps reconfirm (global configuration) command 2-887
vmps reconfirm (privileged EXEC) command 2-886
vmps retry command 2-888
vmps server command 2-889
voice VLAN
configuring 2-855, 2-856
setting port priority 2-846
VQP
and dynamic-access ports 2-822
clearing client statistics 2-112
displaying information 2-741
per-server retry count 2-888
reconfirmation interval 2-887
reconfirming dynamic VLAN assignments 2-886
VTP
changing characteristics 2-891
clearing pruning counters 2-113
configuring
domain name 2-891
file name 2-891
mode 2-891
password 2-892
counters display fields 2-744
displaying information 2-743
enabling
pruning 2-892
tunneling for 2-308
Version 2 2-892
enabling per port 2-896
mode 2-891
pruning 2-892
saving the configuration 2-876
statistics 2-743
status 2-743
status display fields 2-746
vtp (global configuration) command 2-891
vtp interface configuration) command 2-896
vtp primary command 2-897
Index
A
aaa accounting dot1x command 2-1
aaa authentication dot1x command 2-3
aaa authorization network command 2-5, 2-22, 2-29, 2-31, 2-34, 2-36, 2-38, 2-154, 2-329, 2-331, 2-332, 2-527, B-7, B-38
AAA methods 2-3
access control entries
See ACEs
access control lists
See ACLs
access groups
IP 2-211
MAC, displaying 2-647
access list, IPv6 2-284
access map configuration mode 2-350
access mode 2-832
access ports 2-832
ACEs 2-141, 2-437
ACLs
deny 2-139
displaying 2-509
for non-IP protocols 2-336
IP 2-211
matching 2-350
on Layer 2 interfaces 2-211
permit 2-435
action command 2-6
address aliasing 2-407
aggregate-port learner 2-421
allowed VLANs 2-852
archive download-sw command 2-10
archive tar command 2-13
archive upload-sw command 2-16
arp access-list command 2-18
authentication command bounce-port ignore 2-20
authentication command disable-port ignore 2-21
authentication control-direction command 2-22
authentication event command 2-24
authentication event linksec fail action command 2-28
authentication failed VLAN
See dot1x auth-fail vlan
authentication fallback command 2-29
authentication host-mode command 2-31
authentication linksec policy command 2-33
authentication mac-move permit command 2-34
authentication open command 2-36
authentication order command 2-38
authentication periodic command 2-40
authentication port-control command 2-42
authentication priority command 2-44
authentication timer command 2-46
authentication violation command 2-48
auth-fail max-attempts
See dot1x auth-fail max-attempts
auth-fail vlan
See dot1x auth-fail vlan
auth open command 2-36
auth order command 2-38
authorization state of controlled port 2-174
auth timer command 2-46
autonegotiation of duplex mode 2-189
auto qos classify command 2-50
auto qos trust command 2-53
auto qos video command 2-56
auto qos voip command 2-59
B
BackboneFast, for STP 2-763
backup interfaces
configuring 2-825
displaying 2-579
boot (boot loader) command A-2
boot auto-download-sw command 2-65
boot config-file command 2-68
boot enable-break command 2-69
boot helper command 2-70
boot helper-config file command 2-71
booting
Cisco IOS image 2-74
displaying environment variables 2-522
interrupting 2-65, 2-69
manually 2-72
boot loader
accessing A-1
booting
Cisco IOS image A-2
helper image 2-70
directories
creating A-14
displaying a list of A-7
removing A-18
displaying
available commands A-12
memory heap utilization A-13
version A-25
environment variables
described A-19
displaying settings A-19
location of A-20
setting A-19
unsetting A-23
files
copying A-5
deleting A-6
displaying a list of A-7
displaying the contents of A-4, A-15, A-22
renaming A-16
file system
formatting A-10
initializing flash A-9
running a consistency check A-11
prompt A-1
resetting the system A-17
boot manual command 2-72
boot private-config-file command 2-73
boot system command 2-74
BPDU filtering, for spanning tree 2-764, 2-798
BPDU guard, for spanning tree 2-766, 2-798
broadcast storm control 2-816
C
candidate switches
See clusters
cat (boot loader) command A-4
CDP, enabling protocol tunneling for 2-308
channel-group command 2-76
channel-protocol command 2-79
Cisco IP camera
auto-QoS configuration 2-56
Cisco SoftPhone
auto-QoS configuration 2-59
trusting packets sent from 2-399
Cisco Telepresence System
auto-QoS configuration 2-56
CISP
See Client Information Signalling Protocol
cisp
debug platform cisp command B-38
cisp enable command 2-80
class command 2-81
class-map command 2-84
class maps
creating 2-84
defining the match criteria 2-352
displaying 2-528
class of service
See CoS
clear dot1x command 2-87
clear eap sessions command 2-88
clear errdisable interface 2-89
clear ip arp inspection log command 2-86
clear ip arp inspection statistics command 2-90
clear ipc command 2-93
clear ip dhcp snooping database command 2-91
clear ipv6 dhcp conflict command 2-94
clear l2protocol-tunnel counters command 2-95
clear lacp command 2-96
clear logging smartlog statistics interface command 2-97
clear mac address-table command 2-98, 2-100
clear macsec counters interface command 2-101
clear mka command 2-102
clear nmsp statistics command 2-104
clear pagp command 2-105, 2-109
clear port-security command 2-106
clear psp counter 2-108
clear psp counter command 2-108
clear spanning-tree counters command 2-110
clear spanning-tree detected-protocols command 2-111
clear vmps statistics command 2-112
clear vtp counters command 2-113
Client Information Signalling Protocol 2-80, 2-154, 2-527, B-7, B-38
cluster commander-address command 2-114
cluster discovery hop-count command 2-116
cluster enable command 2-117
cluster holdtime command 2-118
cluster member command 2-119
cluster outside-interface command 2-121
cluster run command 2-122
clusters
adding candidates 2-119
binding to HSRP group 2-123
building manually 2-119
communicating with
devices outside the cluster 2-121
members by using Telnet 2-470
debug messages, display B-8
displaying
candidate switches 2-531
debug messages B-8
member switches 2-533
status 2-529
hop-count limit for extended discovery 2-116
HSRP standby groups 2-123
redundancy 2-123
SNMP trap 2-752
cluster standby-group command 2-123
cluster timer command 2-125
command modes defined 1-1
command switch
See clusters
confidentiality-offset command 2-126
configuration files
password recovery disable considerations A-1
specifying the name 2-68, 2-73
configuring multiple interfaces 2-207
config-vlan mode
commands 2-877
entering 2-876
copy (boot loader) command A-5
CoS
assigning default value to incoming packets 2-369
assigning to Layer 2 protocol packets 2-311
overriding the incoming value 2-369
CoS-to-DSCP map 2-373
CPU ASIC statistics, displaying 2-535
crashinfo files 2-200
critical VLAN 2-26
D
debug authentication B-2
debug auto qos command B-4
debug backup command B-6
debug cisp command B-7
debug cluster command B-8
debug dot1x command B-10
debug dtp command B-12
debug eap command B-13
debug etherchannel command B-14
debug ilpower command B-15
debug interface command B-16
debug ip dhcp snooping command B-17
debug ip igmp filter command B-19
debug ip igmp max-groups command B-20
debug ip igmp snooping command B-21
debug ip verify source packet command B-18
debug lacp command B-22
debug lldp packets command B-23
debug mac-notification command B-25
debug macsec command B-26
debug matm command B-27
debug matm move update command B-28
debug mka command B-29
debug monitor command B-31
debug mvrdbg command B-32
debug nmsp command B-33
debug nvram command B-34
debug pagp command B-35
debug platform acl command B-36
debug platform backup interface command B-37
debug platform cisp command B-38
debug platform configuration command B-46
debug platform cpu-queues command B-39
debug platform device-manager command B-41
debug platform dot1x command B-42
debug platform etherchannel command B-43
debug platform fallback-bridging command B-44
debug platform forw-tcam command B-45
debug platform ip arp inspection command B-47
debug platform ip dhcp command B-48
debug platform ip igmp snooping command B-49
debug platform ip multicast command B-51
debug platform ip source-guard command B-53
debug platform ip unicast command B-54
debug platform ip wccp command B-56
debug platform led command B-57
debug platform matm command B-58
debug platform messaging application command B-59
debug platform phy command B-60
debug platform pm command B-62
debug platform port-asic command B-64
debug platform port-security command B-65
debug platform qos-acl-tcam command B-66
debug platform remote-commands command B-67
debug platform resource-manager command B-68
debug platform snmp command B-69
debug platform span command B-70
debug platform supervisor-asic command B-71
debug platform sw-bridge command B-72
debug platform tcam command B-73
debug platform udld command B-75
debug platform vlan command B-76
debug pm command B-77
debug port-security command B-79
debug qos-manager command B-80
debug spanning-tree backbonefast command B-83
debug spanning-tree bpdu command B-84
debug spanning-tree bpdu-opt command B-85
debug spanning-tree command B-81
debug spanning-tree mstp command B-86
debug spanning-tree switch command B-88
debug spanning-tree uplinkfast command B-90
debug sw-vlan command B-91
debug sw-vlan ifs command B-93
debug sw-vlan notification command B-94
debug sw-vlan vtp command B-95
debug udld command B-97
debug vqpc command B-99
default policy, MKA 2-359
define interface-range command 2-127
delete (boot loader) command A-6
delete command 2-129
deny (ARP access-list configuration) command 2-132
deny (IPv6) command 2-134
deny command 2-139
detect mechanism, causes 2-191
DHCP snooping
accepting untrusted packets from edge switch 2-244
enabling
on a VLAN 2-250
option 82 2-242, 2-244
trust on an interface 2-248
error recovery timer 2-197
rate limiting 2-247
DHCP snooping binding database
binding file, configuring 2-240
bindings
adding 2-238
deleting 2-238
clearing database agent statistics 2-91
database agent, configuring 2-240
renewing 2-474
dir (boot loader) command A-7
directories, deleting 2-129
domain name, VTP 2-891
dot1x auth-fail max-attempts 2-149
dot1x auth-fail vlan 2-150
dot1x command 2-147
dot1x control-direction command 2-152
dot1x credentials (global configuration) command 2-154
dot1x critical global configuration command 2-155
dot1x critical interface configuration command 2-157
dot1x default command 2-159
dot1x fallback command 2-160
dot1x guest-vlan command 2-161
dot1x host-mode command 2-164
dot1x initialize command 2-166
dot1x mac-auth-bypass command 2-167
dot1x max-reauth-req command 2-169
dot1x max-req command 2-171
dot1x multiple-hosts command 2-172
dot1x pae command 2-173
dot1x port-control command 2-174
dot1x re-authenticate command 2-176
dot1x re-authentication command 2-177
dot1x reauthentication command 2-178
dot1x supplicant controlled transient command 2-179
dot1x supplicant force-multicast command 2-181
dot1x test eapol-capable command 2-182
dot1x test timeout command 2-183
dot1x timeout command 2-184
dot1x violation-mode command 2-187
dropping packets, with ACL matches 2-6
drop threshold, Layer 2 protocol tunneling 2-308
DSCP-to-CoS map 2-373
DSCP-to-DSCP-mutation map 2-373
DTP 2-833
DTP flap
error detection for 2-191
error recovery timer 2-197
DTP negotiation 2-837
dual-purpose uplink ports
displaying configurable options 2-582
selecting the type 2-355
duplex command 2-188
dynamic-access ports
configuring 2-821
restrictions 2-822
dynamic ARP inspection
ARP ACLs
apply to a VLAN 2-219
define 2-18
deny packets 2-132
display 2-513
permit packets 2-427
clear
log buffer 2-86
statistics 2-90
display
ARP ACLs 2-513
configuration and operating state 2-594
log buffer 2-594
statistics 2-594
trust state and rate limit 2-594
enable per VLAN 2-231
error detection for 2-191
error recovery timer 2-197
log buffer
clear 2-86
configure 2-223
display 2-594
rate-limit incoming ARP packets 2-221
statistics
clear 2-90
display 2-594
trusted interface state 2-227
type of packet logged 2-232
validation checks 2-229
dynamic auto VLAN membership mode 2-832
dynamic desirable VLAN membership mode 2-832
Dynamic Host Configuration Protocol (DHCP)
See DHCP snooping
Dynamic Trunking Protocol
See DTP
E
EAP-request/identity frame
maximum number to send 2-171
response time before retransmitting 2-184
encapsulation methods 2-852
environment variables, displaying 2-522
epm access-control open 2-190
errdisable detect cause command 2-191
errdisable detect cause small-frame comand 2-194
errdisable recovery cause small-frame 2-196
errdisable recovery command 2-197
error conditions, displaying 2-570
error disable detection 2-191
error-disabled interfaces, displaying 2-579
EtherChannel
assigning Ethernet interface to channel group 2-76
creating port-channel logical interface 2-205
debug EtherChannel/PAgP, display B-14
debug platform-specific events, display B-43
displaying 2-573
enabling Layer 2 protocol tunneling for
LACP 2-309
PAgP 2-309
UDLD 2-309
interface information, displaying 2-579
LACP
clearing channel-group information 2-96
debug messages, display B-22
displaying 2-636
modes 2-76
port priority for hot-standby ports 2-312
restricting a protocol 2-79
system priority 2-314
load-distribution methods 2-445
PAgP
aggregate-port learner 2-421
clearing channel-group information 2-105
debug messages, display B-35
displaying 2-703
error detection for 2-191
error recovery timer 2-197
learn method 2-421
modes 2-76
physical-port learner 2-421
priority of interface for transmitted traffic 2-423
Ethernet controller, internal register display 2-537
Ethernet statistics, collecting 2-492
exception crashinfo command 2-200
extended discovery of candidate switches 2-116
extended-range VLANs
and allowed VLAN list 2-852
and pruning-eligible list 2-852
configuring 2-876
extended system ID for STP 2-772
F
fallback profile command 2-201
fallback profiles, displaying 2-576
fan information, displaying 2-566
file name, VTP 2-891
files, deleting 2-129
flash_init (boot loader) command A-9
flexible authentication ordering 2-38
Flex Links
configuring 2-825
configuring preferred VLAN 2-827
displaying 2-579
flowcontrol command 2-203
format (boot loader) command A-10
forwarding packets, with ACL matches 2-6
fsck (boot loader) command A-11
G
global configuration mode 1-2, 1-3
H
hardware ACL statistics 2-509
help (boot loader) command A-12
hierarchical policy maps 2-443
hop-count limit for clusters 2-116
host connection, port configuration 2-831
host ports, private VLANs 2-835
Hot Standby Router Protocol
See HSRP
HSRP
binding HSRP group to cluster 2-123
standby group 2-123
I
IEEE 802.1Q trunk ports and native VLANs 2-883
IEEE 802.1Q tunnel ports
configuring 2-832
limitations 2-833
IEEE 802.1x
and switchport modes 2-833
violation error recovery 2-197
See also port-based authentication
IEEE 802.1X Port Based Authentication
enabling guest VLAN supplicant 2-149, 2-160, 2-202
IGMP filters
applying 2-254
debug messages, display B-19
IGMP groups, setting maximum 2-255
IGMP maximum groups, debugging B-20
IGMP profiles
creating 2-257
displaying 2-606
IGMP snooping
adding ports as a static member of a group 2-273
displaying 2-607
enabling 2-259
enabling the configurable-leave timer 2-261
enabling the Immediate-Leave feature 2-270
flooding query count 2-267
interface topology change notification behavior 2-269
querier 2-263
query solicitation 2-267
report suppression 2-265
switch topology change notification behavior 2-267
images
See software images
Immediate-Leave feature, MVR 2-409
immediate-leave processing 2-270
Immediate-Leave processing, IPv6 2-304
interface configuration mode 1-2, 1-4
interface port-channel command 2-205
interface range command 2-207
interface-range macros 2-127
interfaces
assigning Ethernet interface to channel group 2-76
configuring 2-188
configuring multiple 2-207
creating port-channel logical 2-205
debug messages, display B-16
disabling 2-748
displaying the MAC address table 2-656
restarting 2-748
interface speed, configuring 2-808
interface vlan command 2-209
internal registers, displaying 2-537, 2-549
Internet Group Management Protocol
See IGMP
invalid GBIC
error detection for 2-191
error recovery timer 2-197
ip access-group command 2-211
ip address command 2-214
IP addresses, setting 2-214
IP address matching 2-350
ip admission command 2-216
ip admission name proxy http command 2-217
ip arp inspection filter vlan command 2-219
ip arp inspection limit command 2-221
ip arp inspection log-buffer command 2-223
ip arp inspection trust command 2-227
ip arp inspection validate command 2-229
ip arp inspection vlan command 2-231
ip arp inspection vlan logging command 2-232
ip device tracking command 2-236
ip device tracking probe command 2-234
IP DHCP snooping
See DHCP snooping
ip dhcp snooping binding command 2-238
ip dhcp snooping command 2-237
ip dhcp snooping database command 2-240
ip dhcp snooping information option allow-untrusted command 2-244
ip dhcp snooping information option command 2-242
ip dhcp snooping information option format remote-id command 2-246
ip dhcp snooping limit rate command 2-247
ip dhcp snooping trust command 2-248
ip dhcp snooping verify command 2-249
ip dhcp snooping vlan command 2-250
ip dhcp snooping vlan information option format-type circuit-id string command 2-252
ip igmp filter command 2-254
ip igmp max-groups command 2-255, 2-278, 2-280
ip igmp profile command 2-257
ip igmp snooping command 2-259
ip igmp snooping last-member-query-interval command 2-261
ip igmp snooping querier command 2-263
ip igmp snooping report-suppression command 2-265
ip igmp snooping tcn command 2-267
ip igmp snooping tcn flood command 2-269
ip igmp snooping vlan immediate-leave command 2-270
ip igmp snooping vlan mrouter command 2-271
ip igmp snooping vlan static command 2-273
IP multicast addresses 2-406
IP phones
auto-QoS configuration 2-59
trusting packets sent from 2-399
IP-precedence-to-DSCP map 2-373
ip source binding command 2-275
IP source guard
disabling 2-282
enabling 2-282
static IP source bindings 2-275
ip ssh command 2-277
IPv6 access list, deny conditions 2-134
ipv6 access-list command 2-284
ipv6 address dhcp command 2-286
ipv6 dhcp client request vendor command 2-287
ipv6 dhcp ping packets command 2-288
ipv6 dhcp pool command 2-289
ipv6 dhcp server command 2-291
ipv6 mld snooping command 2-293
ipv6 mld snooping last-listener-query count command 2-295
ipv6 mld snooping last-listener-query-interval command 2-297
ipv6 mld snooping listener-message-suppression command 2-299
ipv6 mld snooping robustness-variable command 2-300
ipv6 mld snooping tcn command 2-302
ipv6 mld snooping vlan command 2-304
IPv6 SDM template 2-493
ipv6 traffic-filter command 2-306
ip verify source command 2-282
ip verify source smartlog command 2-283
J
jumbo frames
See MTU
L
l2protocol-tunnel command 2-308
l2protocol-tunnel cos command 2-311
LACP
See EtherChannel
lacp port-priority command 2-312
lacp system-priority command 2-314
Layer 2 mode, enabling 2-819
Layer 2 protocol-tunnel
error detection for 2-191
error recovery timer 2-197
Layer 2 protocol tunnel counters 2-95
Layer 2 protocol tunneling error recovery 2-309
Layer 2 traceroute
IP addresses 2-866
MAC addresses 2-863
Layer 3 mode, enabling 2-819
line configuration mode 1-2, 1-4
Link Aggregation Control Protocol
See EtherChannel
link flap
error detection for 2-191
error recovery timer 2-197
link-security authentication 2-28
link-security policies 2-33
link state group command 2-316
link state track command 2-318
load-distribution methods for EtherChannel 2-445
location (global configuration) command 2-319
location (interface configuration) command 2-321
logging event command 2-323
logging event power-inline-status command 2-324
logging file command 2-325
logical interface 2-205
loopback error
detection for 2-191
recovery timer 2-197
loop guard, for spanning tree 2-774, 2-778
M
mab request format attribute 1 command 2-329
mab request format attribute 2 command 2-331
mab request format attribute 32 command 2-332
mac access-group command 2-334
MAC access-groups, displaying 2-647
MAC access list configuration mode 2-336
mac access-list extended command 2-336
MAC access lists 2-139
MAC addresses
disabling MAC address learning per VLAN 2-339
displaying
dynamic 2-654
notification settings 2-659
number of addresses in a VLAN 2-653
per interface 2-656
per VLAN 2-663
static 2-661
static and dynamic entries 2-648
dynamic
aging time 2-338
deleting 2-98
displaying 2-654
enabling MAC address notification 2-343
enabling MAC address-table move update 2-341
matching 2-350
static
adding and removing 2-345
displaying 2-661
dropping on an interface 2-346
MAC address notification, debugging B-25
mac address-table aging-time 2-334, 2-350
mac address-table aging-time command 2-338
mac address-table learning command 2-339
mac address-table move update command 2-341
mac address-table notification command 2-343
mac address-table static command 2-345
mac address-table static drop command 2-346
macros
interface range 2-127, 2-207
MACsec
counters 2-101, 2-544
debugging B-26
displaying 2-665
enabling 2-348
registers 2-544
macsec command 2-348
maps
QoS
defining 2-373
VLAN
creating 2-881
defining 2-350
displaying 2-739
match (access-map configuration) command 2-350
match (class-map configuration) command 2-352
maximum transmission unit
See MTU
mdix auto command 2-354
Media Access Control Security
See MACsec.
media-type (interface configuration) command 2-355
media-type rj45 (line configuration) command 2-357
member switches
See clusters
memory (boot loader) command A-13
MKA
confidentiality 2-126
debugging B-29
displaying default policy 2-667
displaying policies 2-669
displaying sessions 2-672
displaying sessions and statistics 2-678
displaying statistics 2-675
policy configuration mode 2-361
MKA, enabling 2-363
mka default policy command 2-359
mka policy global configuration command 2-361
mka policy interface configuration command 2-363
mkdir (boot loader) command A-14
MLD snooping
configuring 2-299, 2-300
configuring queries 2-295, 2-297
configuring topology change notification 2-302
displaying 2-624
enabling 2-293
MLD snooping on a VLAN, enabling 2-304
mls qos aggregate-policer command 2-367
mls qos command 2-365
mls qos cos command 2-369
mls qos dscp-mutation command 2-371
mls qos map command 2-373
mls qos queue-set output buffers command 2-377
mls qos queue-set output threshold command 2-379
mls qos rewrite ip dscp command 2-381
mls qos srr-queue input bandwidth command 2-383
mls qos srr-queue input buffers command 2-385
mls qos-srr-queue input cos-map command 2-387
mls qos srr-queue input dscp-map command 2-389
mls qos srr-queue input priority-queue command 2-391
mls qos srr-queue input threshold command 2-393
mls qos-srr-queue output cos-map command 2-395
mls qos srr-queue output dscp-map command 2-397
mls qos trust command 2-399
mls qos vlan-based command 2-401
mode, MVR 2-406
Mode button, and password recovery 2-497
modes, commands 1-1
monitor session command 2-402
more (boot loader) command A-15
MSTP
displaying 2-721
interoperability 2-111
link type 2-776
MST region
aborting changes 2-781
applying changes 2-781
configuration name 2-781
configuration revision number 2-781
current or pending display 2-781
displaying 2-721
MST configuration mode 2-781
VLANs-to-instance mapping 2-781
path cost 2-783
protocol mode 2-779
restart protocol migration process 2-111
root port
loop guard 2-774
preventing from becoming designated 2-774
restricting which can be root 2-774
root guard 2-774
root switch
affects of extended system ID 2-772
hello-time 2-786, 2-794
interval between BDPU messages 2-787
interval between hello BPDU messages 2-786, 2-794
max-age 2-787
maximum hop count before discarding BPDU 2-788
port priority for selection of 2-790
primary or secondary 2-794
switch priority 2-793
state changes
blocking to forwarding state 2-800
enabling BPDU filtering 2-764, 2-798
enabling BPDU guard 2-766, 2-798
enabling Port Fast 2-798, 2-800
forward-delay time 2-785
length of listening and learning states 2-785
rapid transition to forwarding 2-776
shutting down Port Fast-enabled ports 2-798
state information display 2-720
MTU
configuring size 2-860
displaying global setting 2-728
Multicase Listener Discovery
See MLD
multicast group address, MVR 2-409
multicast groups, MVR 2-407
Multicast Listener Discovery
See MLD
multicast router learning method 2-271
multicast router ports, configuring 2-271
multicast router ports, IPv6 2-304
multicast storm control 2-816
multicast VLAN, MVR 2-406
multicast VLAN registration
See MVR
Multiple Spanning Tree Protocol
See MSTP
MVR
and address aliasing 2-407
configuring 2-406
configuring interfaces 2-409
debug messages, display B-32
displaying 2-694
displaying interface information 2-695
members, displaying 2-697
mvr (global configuration) command 2-406
mvr (interface configuration) command 2-409
mvr vlan group command 2-410
N
native VLANs 2-852
native VLAN tagging 2-883
Network Admission Control Software Configuration Guide 2-216, 2-218
network-policy (global configuration) command 2-413
network-policy command 2-412
network-policy profile (network-policy configuration) command 2-414
nmsp attachment suppress command 2-417
nmsp command 2-416
no authentication logging verbose 2-418
no dot1x logging verbose 2-419
no mab logging verbose 2-420
nonegotiate, speed 2-808
nonegotiating DTP messaging 2-837
non-IP protocols
denying 2-139
forwarding 2-435
non-IP traffic access lists 2-336
non-IP traffic forwarding
denying 2-139
permitting 2-435
normal-range VLANs 2-876
no vlan command 2-876
O
online diagnostics
displaying
configured boot-up coverage level 2-553
current scheduled tasks 2-553
event logs 2-553
supported test suites 2-553
test ID 2-553
test results 2-553
test statistics 2-553
global configuration mode
clearing health monitoring diagnostic test schedule 2-90
clearing test-based testing schedule 2-144
setting health monitoring diagnostic testing 2-90
setting test-based testing 2-144
setting up health monitoring diagnostic test schedule 2-90
setting up test-based testing 2-144
health monitoring diagnostic tests, configuring 2-142
scheduled switchover
disabling 2-144
enabling 2-144
scheduling
enabling 2-144
removing 2-144
testing, starting 2-146
test interval, setting 2-144
P
PAgP
See EtherChannel
pagp learn-method command 2-421
pagp port-priority command 2-423
password, VTP 2-892
password-recovery mechanism, enabling and disabling 2-497
permit (ARP access-list configuration) command 2-427
permit (IPv6) command 2-429
permit (MAC access-list configuration) command 2-435
per-VLAN spanning-tree plus
See STP
physical-port learner 2-421
PIM-DVMRP, as multicast router learning method 2-271
PoE
configuring the power budget 2-449
configuring the power management mode 2-446
displaying controller register values 2-547
displaying power management information 2-708
logging of status 2-324
monitoring power 2-452
policing power consumption 2-452
police aggregate command 2-440
police command 2-438
policed-DSCP map 2-373
policy-map command 2-442
policy maps
applying to an interface 2-499, 2-504
creating 2-442
hierarchical 2-443
policers
displaying 2-682
for a single class 2-438
for multiple classes 2-367, 2-440
policed-DSCP map 2-373
traffic classification
defining the class 2-81
defining trust states 2-868
setting DSCP or IP precedence values 2-502
Port Aggregation Protocol
See EtherChannel
port-based authentication
AAA method list 2-3
configuring violation modes 2-187
debug messages, display B-10
enabling IEEE 802.1x
globally 2-147
per interface 2-174
guest VLAN 2-161
host modes 2-164
IEEE 802.1x AAA accounting methods 2-1
initialize an interface 2-166, 2-183
MAC authentication bypass 2-167
manual control of authorization state 2-174
PAE as authenticator 2-173
periodic re-authentication
enabling 2-178
time between attempts 2-184
quiet period between failed authentication exchanges 2-184
re-authenticating IEEE 802.1x-enabled ports 2-176
resetting configurable IEEE 802.1x parameters 2-159
switch-to-authentication server retransmission time 2-184
switch-to-client frame-retransmission number 2-169 to 2-171
switch-to-client retransmission time 2-184
test for IEEE 802.1x readiness 2-182
port-channel load-balance command 2-445
Port Fast, for spanning tree 2-800
port ranges, defining 2-127
ports, debugging B-77
ports, protected 2-850
port security
aging 2-844
debug messages, display B-79
enabling 2-839
violation error recovery 2-197
port trust states for QoS 2-399
port types, MVR 2-409
power information, displaying 2-566
power inline command 2-446
power inline consumption command 2-449
power inline four-pair forced command 2-451
power inline police command 2-452
Power over Ethernet
See PoE
power rps command (user EXEC) 2-455
priority-queue command 2-457
private-vlan command 2-459
private-vlan mapping command 2-462
private VLANs
association 2-848
configuring 2-459
configuring ports 2-835
displaying 2-734
host ports 2-835
mapping
configuring 2-848
displaying 2-579
promiscuous ports 2-835
privileged EXEC mode 1-2, 1-3
promiscuous ports, private VLANs 2-835
protected ports, displaying 2-584
pruning
VLANs 2-852
VTP
displaying interface information 2-579
enabling 2-892
pruning-eligible VLAN list 2-854
psp 2-464
psp command 2-464
PVST+
See STP
Q
QoS
auto-QoS
configuring 2-59
debug messages, display B-4
auto-QoS trust
configuring 2-53
auto-QoS video
configuring 2-56
class maps
creating 2-84
defining the match criteria 2-352
displaying 2-528
defining the CoS value for an incoming packet 2-369
displaying configuration information 2-681
DSCP transparency 2-381
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 2-371
defining DSCP-to-DSCP-mutation map 2-373
egress queues
allocating buffers 2-377
defining the CoS output queue threshold map 2-395
defining the DSCP output queue threshold map 2-397
displaying buffer allocations 2-684
displaying CoS output queue threshold map 2-687
displaying DSCP output queue threshold map 2-687
displaying queueing strategy 2-684
displaying queue-set settings 2-690
enabling bandwidth shaping and scheduling 2-812
enabling bandwidth sharing and scheduling 2-814
limiting the maximum output on a port 2-810
mapping a port to a queue-set 2-465
mapping CoS values to a queue and threshold 2-395
mapping DSCP values to a queue and threshold 2-397
setting maximum and reserved memory allocations 2-379
setting WTD thresholds 2-379
enabling 2-365
ingress queues
allocating buffers 2-385
assigning SRR scheduling weights 2-383
defining the CoS input queue threshold map 2-387
defining the DSCP input queue threshold map 2-389
displaying buffer allocations 2-684
displaying CoS input queue threshold map 2-687
displaying DSCP input queue threshold map 2-687
displaying queueing strategy 2-684
displaying settings for 2-683
enabling the priority queue 2-391
mapping CoS values to a queue and threshold 2-387
mapping DSCP values to a queue and threshold 2-389
setting WTD thresholds 2-393
maps
defining 2-373, 2-387, 2-389, 2-395, 2-397
policy maps
applying an aggregate policer 2-440
applying to an interface 2-499, 2-504
creating 2-442
defining policers 2-367, 2-438
displaying policers 2-682
hierarchical 2-443
policed-DSCP map 2-373
setting DSCP or IP precedence values 2-502
traffic classifications 2-81
trust states 2-868
port trust states 2-399
queues, enabling the expedite 2-457
statistics
in-profile and out-of-profile packets 2-684
packets enqueued or dropped 2-684
sent and received CoS values 2-684
sent and received DSCP values 2-684
trusted boundary for IP phones 2-399
VLAN-based 2-401
quality of service
See QoS
querytime, MVR 2-406
queue-set command 2-465
R
radius-server dead-criteria command 2-466
radius-server host command 2-468
rapid per-VLAN spanning-tree plus
See STP
rapid PVST+
See STP
rcommand command 2-470
re-authenticating IEEE 802.1x-enabled ports 2-176
re-authentication
periodic 2-178
time between attempts 2-184
receiver ports, MVR 2-409
receiving flow-control packets 2-203
recovery mechanism
causes 2-197
display 2-89, 2-524, 2-568, 2-571
timer interval 2-198
redundancy for cluster switches 2-123
redundant power supply
See RPS
remote-span command 2-472
Remote Switched Port Analyzer
See RSPAN
rename (boot loader) command A-16
renew ip dhcp snooping database command 2-474
rep admin vlan command 2-476
rep block port command 2-477
replay protection, MACsec 2-490
replay-protection window-size command 2-490
rep lsl-age-timer command 2-481
rep preempt delay command 2-482
rep preempt segment command 2-484
rep segment command 2-485
rep stcn command 2-488
reset (boot loader) command A-17
restricted VLAN
See dot1x auth-fail vlan
rmdir (boot loader) command A-18
rmon collection stats command 2-492
root guard, for spanning tree 2-774
routed ports
IP addresses on 2-215
number supported 2-215
RPS 2300
configuring 2-455
managing 2-455
RSPAN
configuring 2-402
filter RSPAN traffic 2-402
remote-span command 2-472
S
scheduled switchover
disabling 2-144
enabling 2-144
sdm prefer command 2-493
SDM templates
allowed resources 2-494
displaying 2-716
dual IPv4 and IPv6 2-493
secure ports, limitations 2-841
sending flow-control packets 2-203
service password-recovery command 2-497
service-policy command 2-499
set (boot loader) command A-19
set command 2-502
setup command 2-504
setup express command 2-507
show access-lists command 2-509
show archive status command 2-512
show arp access-list command 2-513
show authentication command 2-514
show auto qos command 2-518
show boot command 2-522
show cable-diagnostics tdr command 2-524
show cisp command 2-527
show class-map command 2-528
show cluster candidates command 2-531
show cluster command 2-529
show cluster members command 2-533
show controllers cpu-interface command 2-535
show controllers ethernet-controller command 2-537
show controllers ethernet phy macsec command 2-544
show controllers power inline command 2-547
show controllers tcam command 2-549
show controller utilization command 2-551
show dot1q-tunnel command 2-556
show dot1x command 2-557
show dtp 2-561
show eap command 2-563
show env command 2-566
show errdisable detect command 2-568
show errdisable flap-values command 2-570
show errdisable recovery command 2-571
show etherchannel command 2-573
show fallback profile command 2-576
show flowcontrol command 2-577
show interface rep command 2-591
show interfaces command 2-579
show interfaces counters command 2-589
show inventory command 2-593
show ip arp inspection command 2-594
show ipc command 2-618
show ip dhcp snooping binding command 2-599
show ip dhcp snooping command 2-598
show ip dhcp snooping database command 2-601, 2-603
show ip igmp profile command 2-606
show ip igmp snooping command 2-607, 2-624
show ip igmp snooping groups command 2-610
show ip igmp snooping mrouter command 2-612
show ip igmp snooping querier command 2-613
show ip source binding command 2-615
show ipv6 access-list command 2-621
show ipv6 dhcp conflict command 2-623
show ipv6 route updated 2-632
show ip verify source command 2-616
show l2protocol-tunnel command 2-634
show lacp command 2-636
show link state group command 2-640
show mac access-group command 2-647
show mac address-table address command 2-650
show mac address-table aging time command 2-651
show mac address-table command 2-648
show mac address-table count command 2-653
show mac address-table dynamic command 2-654
show mac address-table interface command 2-656
show mac address-table move update command 2-658
show mac address-table notification command 2-100, 2-659, B-28
show mac address-table static command 2-661
show mac address-table vlan command 2-663
show macsec command 2-665
show mka default-policy command 2-667
show mka policy command 2-669
show mka session command 2-672
show mka statistics command 2-675
show mka summary command 2-678
show mls qos aggregate-policer command 2-682
show mls qos command 2-681
show mls qos input-queue command 2-683
show mls qos interface command 2-684
show mls qos maps command 2-687
show mls qos queue-set command 2-690
show mls qos vlan command 2-691
show monitor command 2-692
show mvr command 2-694
show mvr interface command 2-695
show mvr members command 2-697
show network-policy profile command 2-699
show nmsp command 2-700
show pagp command 2-703
show platform acl command C-2
show platform backup interface command C-3
show platform configuration command C-4
show platform etherchannel command C-5
show platform forward command C-6
show platform frontend-controller command C-8
show platform igmp snooping command C-9
show platform ip multicast command C-10
show platform ip unicast command C-11
show platform ipv6 unicast command C-15
show platform ip wccp command C-14
show platform layer4op command C-17
show platform mac-address-table command C-18
show platform messaging command C-19
show platform monitor command C-20
show platform mvr table command C-21
show platform pm command C-22
show platform port-asic command C-23
show platform port-security command C-27
show platform qos command C-28
show platform resource-manager command C-29
show platform snmp counters command C-31
show platform spanning-tree command C-32
show platform stp-instance command C-33
show platform tcam command C-34
show platform vlan command C-37
show policy-map command 2-705
show port security command 2-706
show power inline command 2-708
show psp config 2-712
show psp config command 2-712
show psp statistics 2-713
show psp statistics command 2-713
show rep topology command 2-714
show sdm prefer command 2-716
show setup express command 2-719
show spanning-tree command 2-720
show storm-control command 2-726
show system mtu command 2-728
show trust command 2-868
show udld command 2-729
show version command 2-732
show vlan access-map command 2-739
show vlan command 2-734
show vlan command, fields 2-736
show vlan filter command 2-740
show vmps command 2-741
show vtp command 2-743
shutdown command 2-748
shutdown threshold, Layer 2 protocol tunneling 2-308
shutdown vlan command 2-749
small violation-rate command 2-750
SNMP host, specifying 2-757
SNMP informs, enabling the sending of 2-752
snmp-server enable traps command 2-752
snmp-server host command 2-757
snmp trap mac-notification change command 2-761
SNMP traps
enabling MAC address notification trap 2-761
enabling the MAC address notification feature 2-343
enabling the sending of 2-752
SoftPhone
See Cisco SoftPhone
software images
deleting 2-129
downloading 2-10
upgrading 2-10
uploading 2-16
software version, displaying 2-732
source ports, MVR 2-409
SPAN
configuring 2-402
debug messages, display B-31
filter SPAN traffic 2-402
sessions
add interfaces to 2-402
start new 2-402
spanning-tree backbonefast command 2-763
spanning-tree bpdufilter command 2-764
spanning-tree bpduguard command 2-766
spanning-tree cost command 2-768
spanning-tree etherchannel command 2-770
spanning-tree extend system-id command 2-772
spanning-tree guard command 2-774
spanning-tree link-type command 2-776
spanning-tree loopguard default command 2-778
spanning-tree mode command 2-779
spanning-tree mst configuration command 2-781
spanning-tree mst cost command 2-783
spanning-tree mst forward-time command 2-785
spanning-tree mst hello-time command 2-786
spanning-tree mst max-age command 2-787
spanning-tree mst max-hops command 2-788
spanning-tree mst port-priority command 2-790
spanning-tree mst pre-standard command 2-792
spanning-tree mst priority command 2-793
spanning-tree mst root command 2-794
spanning-tree portfast (global configuration) command 2-798
spanning-tree portfast (interface configuration) command 2-800
spanning-tree port-priority command 2-796
Spanning Tree Protocol
See STP
spanning-tree transmit hold-count command 2-802
spanning-tree uplinkfast command 2-803
spanning-tree vlan command 2-805
speed command 2-808
srr-queue bandwidth limit command 2-810
srr-queue bandwidth share command 2-814
SSH, configuring version 2-277
static-access ports, configuring 2-821
statistics, Ethernet group 2-492
sticky learning, enabling 2-839
storm-control command 2-816
STP
BackboneFast 2-763
counters, clearing 2-110
debug messages, display
BackboneFast events B-83
MSTP B-86
optimized BPDUs handling B-85
spanning-tree activity B-81
switch shim B-88
transmitted and received BPDUs B-84
UplinkFast B-90
detection of indirect link failures 2-763
enabling protocol tunneling for 2-308
EtherChannel misconfiguration 2-770
extended system ID 2-772
path cost 2-768
protocol modes 2-779
root port
accelerating choice of new 2-803
loop guard 2-774
preventing from becoming designated 2-774
restricting which can be root 2-774
root guard 2-774
UplinkFast 2-803
root switch
affects of extended system ID 2-772, 2-806
hello-time 2-805
interval between BDPU messages 2-805
interval between hello BPDU messages 2-805
max-age 2-805
port priority for selection of 2-796
primary or secondary 2-805
switch priority 2-805
state changes
blocking to forwarding state 2-800
enabling BPDU filtering 2-764, 2-798
enabling BPDU guard 2-766, 2-798
enabling Port Fast 2-798, 2-800
enabling timer to recover from error state 2-197
forward-delay time 2-805
length of listening and learning states 2-805
shutting down Port Fast-enabled ports 2-798
state information display 2-720
VLAN options 2-793, 2-805
SVIs, creating 2-209
SVI status calculation 2-823
Switched Port Analyzer
See SPAN
switching characteristics
modifying 2-819
returning to interfaces 2-819
switchport access command 2-821
switchport autostate exclude command 2-823
switchport backup interface command 2-825
switchport block command 2-829
switchport command 2-819
switchport host command 2-831
switchport mode command 2-832
switchport mode private-vlan command 2-835
switchport nonegotiate command 2-837
switchport port-security aging command 2-844
switchport port-security command 2-839
switchport priority extend command 2-846
switchport private-vlan command 2-848
switchport protected command 2-850
switchports, displaying 2-579
switchport trunk command 2-852
switchport voice vlan command 2-855, 2-856
system env temperature threshold yellow command 2-858
system message logging 2-324
system message logging, save message to flash 2-325
system mtu command 2-860
system resource templates 2-493
T
tar files, creating, listing, and extracting 2-13
TDR, running 2-862
Telnet, using to communicate to cluster switches 2-470
temperature information, displaying 2-566
templates, system resources 2-493
test cable-diagnostics tdr command 2-862
traceroute mac command 2-863
traceroute mac ip command 2-866
trunking, VLAN mode 2-832
trunk mode 2-832
trunk ports 2-832
trunks, to non-DTP device 2-833
trusted boundary for QoS 2-399
trusted port states for QoS 2-399
tunnel ports, Layer 2 protocol, displaying 2-634
type (boot loader) command A-22
U
UDLD
aggressive mode 2-870, 2-872
debug messages, display B-97
enable globally 2-870
enable per interface 2-872
error recovery timer 2-197
message timer 2-870
normal mode 2-870, 2-872
reset a shutdown interface 2-874
status 2-729
udld command 2-870
udld port command 2-872
udld reset command 2-874
unicast storm control 2-816
UniDirectional Link Detection
See UDLD
unknown multicast traffic, preventing 2-829
unknown unicast traffic, preventing 2-829
unset (boot loader) command A-23
upgrading
software images
downloading 2-10
monitoring status of 2-512
UplinkFast, for STP 2-803
usb-inactivity-timeout (console configuration) command 2-875
user EXEC mode 1-2
V
version (boot loader) command A-25
vlan (global configuration) command 2-876
vlan access-map command 2-881
VLAN access map configuration mode 2-881
VLAN access maps
actions 2-6
displaying 2-739
VLAN-based QoS 2-401
VLAN configuration
rules 2-879
saving 2-876
VLAN configuration mode
description 1-4
summary 1-2
vlan dot1q tag native command 2-883
vlan filter command 2-884
VLAN filters, displaying 2-740
VLAN ID range 2-876
VLAN maps
applying 2-884
creating 2-881
defining 2-350
displaying 2-739
VLAN Query Protocol
See VQP
VLANs
adding 2-876
configuring 2-876
debug messages, display
ISL B-94
VLAN IOS file system error tests B-93
VLAN manager activity B-91
VTP B-95
displaying configurations 2-734
enabling guest VLAN supplicant 2-149, 2-160, 2-202
extended-range 2-876
MAC addresses
displaying 2-663
number of 2-653
media types 2-879
normal-range 2-876
private 2-835
configuring 2-459
displaying 2-734
See also private VLANs
restarting 2-749
saving the configuration 2-876
shutting down 2-749
SNMP traps for VTP 2-754, 2-758
suspending 2-749
VLAN Trunking Protocol
See VTP
VMPS
configuring servers 2-889
displaying 2-741
error recovery timer 2-198
reconfirming dynamic VLAN assignments 2-886
vmps reconfirm (global configuration) command 2-887
vmps reconfirm (privileged EXEC) command 2-886
vmps retry command 2-888
vmps server command 2-889
voice VLAN
configuring 2-855, 2-856
setting port priority 2-846
VQP
and dynamic-access ports 2-822
clearing client statistics 2-112
displaying information 2-741
per-server retry count 2-888
reconfirmation interval 2-887
reconfirming dynamic VLAN assignments 2-886
VTP
changing characteristics 2-891
clearing pruning counters 2-113
configuring
domain name 2-891
file name 2-891
mode 2-891
password 2-892
counters display fields 2-744
displaying information 2-743
enabling
pruning 2-892
tunneling for 2-308
Version 2 2-892
enabling per port 2-896
mode 2-891
pruning 2-892
saving the configuration 2-876
statistics 2-743
status 2-743
status display fields 2-746
vtp (global configuration) command 2-891
vtp interface configuration) command 2-896
vtp primary command 2-897