Index A
aaa accounting dot1x command 2-1
aaa authentication dot1x command 2-3
aaa authorization network command 2-5, 2-27, 2-34, 2-36, 2-39, 2-41, 2-43, 2-172, 2-356, 2-557, B-7, B-39
AAA methods 2-3
access control entries
See ACEs
access control lists
See ACLs
access groups
IP 2-229
MAC, displaying 2-696
access list, IPv6 2-306
access map configuration mode 2-373
access mode 2-902
access ports 2-902
ACEs 2-156, 2-463
ACLs
deny 2-154
displaying 2-538
for non-IP protocols 2-360
IP 2-229
matching 2-373
on Layer 2 interfaces 2-229
permit 2-461
action command 2-8
address aliasing 2-431
aggregate-port learner 2-447
allowed VLANs 2-922
archive copy-sw command 2-10
archive download-sw command 2-13
archive tar command 2-18
archive upload-sw command 2-21
arp (boot loader) command A-2
arp access-list command 2-23
authentication command bounce-port ignore 2-25
authentication command disable-port ignore 2-26
authentication control-direction command 2-27
authentication event command 2-29
authentication event linksec fail action command 2-33
authentication failed VLAN
See dot1x auth-fail vlan
authentication fallback command 2-34
authentication host-mode command 2-36
authentication linksec policy command 2-38
authentication mac-move permit command 2-39
authentication open command 2-41
authentication order command 2-43
authentication periodic command 2-45
authentication port-control command 2-47
authentication priority command 2-49
authentication timer command 2-51
authentication violation command 2-53
auth-fail max-attempts
See dot1x auth-fail max-attempts
auth-fail vlan
See dot1x auth-fail vlan
auth open command 2-41
auth order command 2-43
authorization state of controlled port 2-189
auth timer command 2-51
autonegotiation of duplex mode 2-203
auto qos classify command 2-55
auto qos trust command 2-58
auto qos video command 2-61
auto qos voip command 2-64
B
BackboneFast, for STP 2-822
backup interfaces
configuring 2-896
displaying 2-623
boot (boot loader) command A-3
boot auto-copy-sw command 2-70
boot auto-download-sw command 2-71
boot config-file command 2-74
boot enable-break command 2-75
boot helper command 2-76
boot helper-config file command 2-77
booting
Cisco IOS image 2-80
displaying environment variables 2-551
interrupting 2-75
manually 2-78
boot loader
accessing A-1
booting
Cisco IOS image A-3
helper image 2-76
directories
creating A-19
displaying a list of A-8
removing A-23
displaying
available commands A-13
memory heap utilization A-14
version A-30
environment variables
described A-24
displaying settings A-24
location of A-25
setting A-24
unsetting A-28
files
copying A-6
deleting A-7
displaying a list of A-8
displaying the contents of A-5, A-20, A-27
renaming A-21
file system
formatting A-11
initializing flash A-10
running a consistency check A-12
prompt A-1
resetting the system A-22
boot manual command 2-78
boot private-config-file command 2-79
boot system command 2-80
boot time-copy-sw command 2-69
BPDU filtering, for spanning tree 2-823, 2-857
BPDU guard, for spanning tree 2-825, 2-857
broadcast storm control 2-880
C
candidate switches
See clusters
cat (boot loader) command A-5
CDP, enabling protocol tunneling for 2-333
channel-group command 2-84
channel-protocol command 2-88
Cisco Redundant Power System 2300
configuring 2-485
managing 2-485
Cisco SoftPhone
auto-QoS configuration 2-64
trusting packets sent from 2-420
CISP
See Client Information Signalling Protocol
cisp
debug platform cisp command B-39
cisp enable command 2-89
class command 2-90
class-map command 2-93
class maps
creating 2-93
defining the match criteria 2-375
displaying 2-558
class of service
See CoS
clear dot1x command 2-95
clear eap sessions command 2-96
clear errdisable interface 2-97
clear ip arp inspection log command 2-98
clear ip arp inspection statistics command 2-99
clear ipc command 2-102
clear ip dhcp snooping database command 2-100
clear ipv6 dhcp conflict command 2-103
clear l2protocol-tunnel counters command 2-104
clear lacp command 2-105
clear logging onboard command 2-106
clear logging smartlog statistics interface command 2-107
clear mac address-table command 2-108, 2-109
clear macsec counters interface command 2-110
clear mka command 2-111
clear nmsp statistics command 2-113
clear pagp command 2-114
clear port-security command 2-115
clear psp counter 2-117
clear psp counter command 2-117
clear spanning-tree counters command 2-118
clear spanning-tree detected-protocols command 2-119
clear vmps statistics command 2-120
clear vtp counters command 2-121
Client Information Signalling Protocol 2-89, 2-172, 2-557, B-7, B-39
cluster commander-address command 2-122
cluster discovery hop-count command 2-124
cluster enable command 2-125
cluster holdtime command 2-127
cluster member command 2-128
cluster outside-interface command 2-130
cluster run command 2-131
clusters
adding candidates 2-128
binding to HSRP group 2-132
building manually 2-128
communicating with
devices outside the cluster 2-130
members by using Telnet 2-507
debug messages, display B-8
displaying
candidate switches 2-561
debug messages B-8
member switches 2-563
status 2-559
hop-count limit for extended discovery 2-124
HSRP standby groups 2-132
redundancy 2-132
SNMP trap 2-811
cluster standby-group command 2-132
cluster timer command 2-134
command modes defined 1-2
command switch
See clusters
confidentiality-offset command 2-137
configuration files
password recovery disable considerations A-1
specifying the name 2-74, 2-79
configuring multiple interfaces 2-225
config-vlan mode
commands 2-948
copy (boot loader) command A-6
copy logging onboard command 2-135
CoS
assigning default value to incoming packets 2-390
assigning to Layer 2 protocol packets 2-336
overriding the incoming value 2-390
CoS-to-DSCP map 2-394
CPU ASIC statistics, displaying 2-565
crashinfo files 2-215
critical VLAN 2-31
D
debug authentication B-2
debug auto qos command B-4
debug backup command B-6
debug cisp command B-7
debug cluster command B-8
debug dot1x command B-10
debug dtp command B-11
debug eap command B-12
debug etherchannel command B-13
debug fastethernet command B-14
debug ilpower command B-15
debug interface command B-16
debug ip dhcp snooping command B-17
debug ip igmp filter command B-19
debug ip igmp max-groups command B-20
debug ip igmp snooping command B-21
debug ip verify source packet command B-18
debug lacp command B-22
debug lldp packets command B-23
debug mac-notification command B-25
debug macsec command B-26
debug matm command B-27
debug matm move update command B-28
debug mka command B-29
debug monitor command B-31
debug mvrdbg command B-32
debug nmsp command B-33
debug nvram command B-34
debug pagp command B-35
debug platform acl command B-36
debug platform backup interface command B-38
debug platform cisp command B-39
debug platform cli-redirection main command B-40
debug platform configuration command B-41, B-49
debug platform cpu-queues command B-42
debug platform device-manager command B-44
debug platform dot1x command B-45
debug platform etherchannel command B-46
debug platform fallback-bridging command B-47
debug platform forw-tcam command B-48
debug platform ip arp inspection command B-50
debug platform ipc command B-59
debug platform ip dhcp command B-51
debug platform ip igmp snooping command B-52
debug platform ip multicast command B-54
debug platform ip unicast command B-56
debug platform ip wccp command B-58
debug platform led command B-60
debug platform matm command B-61
debug platform messaging application command B-62
debug platform phy command B-63
debug platform pm command B-65
debug platform port-asic command B-67
debug platform port-security command B-68
debug platform qos-acl-tcam command B-69
debug platform remote-commands command B-70
debug platform resource-manager command B-71
debug platform snmp command B-72
debug platform span command B-73
debug platform stack-manager command B-74
debug platform supervisor-asic command B-75
debug platform sw-bridge command B-76
debug platform tcam command B-77
debug platform udld command B-80
debug platform vlan command B-81
debug pm command B-82
debug port-security command B-84
debug qos-manager command B-85
debug spanning-tree backbonefast command B-88
debug spanning-tree bpdu command B-89
debug spanning-tree bpdu-opt command B-90
debug spanning-tree command B-86
debug spanning-tree mstp command B-91
debug spanning-tree switch command B-93
debug spanning-tree uplinkfast command B-95
debug sw-vlan command B-96
debug sw-vlan ifs command B-98
debug sw-vlan notification command B-99
debug sw-vlan vtp command B-101
debug udld command B-103
debug vqpc command B-105
default policy, MKA 2-381
define interface-range command 2-138
delete (boot loader) command A-7
delete command 2-140
deny (ARP access-list configuration) command 2-143
deny (IPv6) command 2-145
deny command 2-154
detect mechanism, causes 2-206
DHCP snooping
accepting untrusted packets from edge switch 2-263
enabling
on a VLAN 2-269
option 82 2-261, 2-263
trust on an interface 2-267
error recovery timer 2-211
rate limiting 2-266
DHCP snooping binding database
binding file, configuring 2-259
bindings
adding 2-257
deleting 2-257
displaying 2-644
clearing database agent statistics 2-100
database agent, configuring 2-259
displaying
binding entries 2-644
database agent status 2-646, 2-648
renewing 2-515
Digital Optical Monitoring
see DoM
dir (boot loader) command A-8
directories, deleting 2-140
DoM
displaying supported transceivers 2-635
domain name, VTP 2-963
dot1x auth-fail max-attempts 2-166
dot1x auth-fail vlan 2-168
dot1x command 2-164
dot1x control-direction command 2-170
dot1x credentials (global configuration) command 2-172
dot1x critical global configuration command 2-173
dot1x critical interface configuration command 2-175
dot1x default command 2-177
dot1x fallback command 2-178
dot1x guest-vlan command 2-179
dot1x host-mode command 2-181
dot1x initialize command 2-182
dot1x mac-auth-bypass command 2-183
dot1x max-reauth-req command 2-185
dot1x max-req command 2-187
dot1x pae command 2-188
dot1x port-control command 2-189
dot1x re-authenticate command 2-191
dot1x reauthentication command 2-192
dot1x supplicant controlled transient command 2-193
dot1x supplicant force-multicast command 2-195
dot1x test eapol-capable command 2-196
dot1x test timeout command 2-197
dot1x timeout command 2-198
dot1x violation-mode command 2-201
dropping packets, with ACL matches 2-8
drop threshold, Layer 2 protocol tunneling 2-333
DSCP-to-CoS map 2-394
DSCP-to-DSCP-mutation map 2-394
DTP 2-903
DTP flap
error detection for 2-206
error recovery timer 2-211
DTP negotiation 2-907
dual IPv4 and IPv6 templates 2-455
duplex command 2-202
dynamic-access ports
configuring 2-892
restrictions 2-893
dynamic ARP inspection
ARP ACLs
apply to a VLAN 2-237
define 2-23
deny packets 2-143
display 2-542
permit packets 2-453
clear
log buffer 2-98
statistics 2-99
display
ARP ACLs 2-542
configuration and operating state 2-639
log buffer 2-639
statistics 2-639
trust state and rate limit 2-639
enable per VLAN 2-249
error detection for 2-206
error recovery timer 2-211
log buffer
clear 2-98
configure 2-241
display 2-639
rate-limit incoming ARP packets 2-239
statistics
clear 2-99
display 2-639
trusted interface state 2-245
type of packet logged 2-250
validation checks 2-247
dynamic auto VLAN membership mode 2-902
dynamic desirable VLAN membership mode 2-902
Dynamic Host Configuration Protocol (DHCP)
See DHCP snooping
Dynamic Trunking Protocol
See DTP
E
EAP-request/identity frame
maximum number to send 2-187
response time before retransmitting 2-198
encapsulation methods 2-922
environment variables, displaying 2-551
epm access-control open 2-204
errdisable detect cause command 2-206
errdisable detect cause small-frame command 2-209
errdisable recovery cause small-frame 2-214
errdisable recovery command 2-211
error conditions, displaying 2-609
error disable detection 2-206
error-disabled interfaces, displaying 2-622
EtherChannel
assigning Ethernet interface to channel group 2-84
creating port-channel logical interface 2-223
debug EtherChannel/PAgP, display B-13
debug platform-specific events, display B-46
displaying 2-612
enabling Layer 2 protocol tunneling for
LACP 2-334
PAgP 2-334
UDLD 2-334
interface information, displaying 2-622
LACP
clearing channel-group information 2-105, 2-106
debug messages, display B-22
displaying 2-680
modes 2-84
port priority for hot-standby ports 2-337
restricting a protocol 2-88
system priority 2-339
load-distribution methods 2-471
PAgP
aggregate-port learner 2-447
clearing channel-group information 2-114
debug messages, display B-35
displaying 2-752
error detection for 2-206
error recovery timer 2-211
learn method 2-447
modes 2-84
physical-port learner 2-447
priority of interface for transmitted traffic 2-449
Ethernet controller, internal register display 2-567, 2-574
Ethernet Management port, debugging B-14
Ethernet statistics, collecting 2-519
exception crashinfo command 2-215, 2-220
extended discovery of candidate switches 2-124
extended-range VLANs
and allowed VLAN list 2-922
and pruning-eligible list 2-922
configuring 2-947
extended system ID for STP 2-831
F
fallback profile command 2-216
fallback profiles, displaying 2-615
fan information, displaying 2-600
file name, VTP 2-963
files, deleting 2-140
flash_init (boot loader) command A-10
flexible authentication ordering 2-43
Flex Links
configuring 2-896
displaying 2-623
flow-based SPAN 2-425
flowcontrol command 2-218
format (boot loader) command A-11
forwarding packets, with ACL matches 2-8
forwarding results, display C-7
frame forwarding information, displaying C-7
front-end controller counter and status information C-9
fsck (boot loader) command A-12
FSPAN 2-425
G
global configuration mode 1-2, 1-4
H
hardware ACL statistics 2-538
health monitoring diagnostic tests 2-157
help (boot loader) command A-13
hierarchical policy maps 2-469
hop-count limit for clusters 2-124
host connection, port configuration 2-901
host ports, private VLANs 2-905
Hot Standby Router Protocol
See HSRP
HSRP
binding HSRP group to cluster 2-132
standby group 2-132
hw-module switch command 2-222
I
IEEE 802.1Q trunk ports and native VLANs 2-954
IEEE 802.1Q tunnel ports
configuring 2-902
displaying 2-590
limitations 2-903
IEEE 802.1x
and switchport modes 2-903
violation error recovery 2-211
See also port-based authentication
IGMP filters
applying 2-273
debug messages, display B-19
IGMP groups, setting maximum 2-274
IGMP maximum groups, debugging B-20
IGMP profiles
creating 2-276
displaying 2-651
IGMP snooping
adding ports as a static member of a group 2-292
displaying 2-652, 2-656, 2-657
enabling 2-278
enabling the configurable-leave timer 2-280
enabling the Immediate-Leave feature 2-289
flooding query count 2-286
interface topology change notification behavior 2-288
multicast table 2-654
querier 2-282
query solicitation 2-286
report suppression 2-284
switch topology change notification behavior 2-286
images
See software images
Immediate-Leave processing
IGMP 2-289
IPv6 2-329
MVR 2-433
interface configuration mode 1-2, 1-4
interface port-channel command 2-223
interface range command 2-225
interface-range macros 2-138
interfaces
assigning Ethernet interface to channel group 2-84
configuring 2-202
configuring multiple 2-225
creating port-channel logical 2-223
debug messages, display B-16
disabling 2-807
displaying the MAC address table 2-704
restarting 2-807
interface speed, configuring 2-868
interface vlan command 2-227
internal power supplies
See power supplies
internal registers, displaying 2-567, 2-574, 2-581
Internet Group Management Protocol
See IGMP
invalid GBIC
error detection for 2-206
error recovery timer 2-211
ip access-group command 2-229
ip address command 2-232
IP addresses, setting 2-232
IP address matching 2-373
ip admission command 2-234
ip admission name proxy http command 2-235
ip arp inspection filter vlan command 2-237
ip arp inspection limit command 2-239
ip arp inspection log-buffer command 2-241
ip arp inspection trust command 2-245
ip arp inspection validate command 2-247
ip arp inspection vlan command 2-249
ip arp inspection vlan logging command 2-250
ip device tracking command 2-252
ip device tracking probe command 2-254
IP DHCP snooping
See DHCP snooping
ip dhcp snooping binding command 2-257
ip dhcp snooping command 2-256
ip dhcp snooping database command 2-259
ip dhcp snooping information option allow-untrusted command 2-263
ip dhcp snooping information option command 2-261
ip dhcp snooping information option format remote-id command 2-265
ip dhcp snooping limit rate command 2-266
ip dhcp snooping trust command 2-267
ip dhcp snooping verify command 2-268
ip dhcp snooping vlan command 2-269
ip dhcp snooping vlan information option format-type circuit-id string command 2-271
ip igmp filter command 2-273
ip igmp max-groups command 2-274, 2-299, 2-301
ip igmp profile command 2-276
ip igmp snooping command 2-278
ip igmp snooping last-member-query-interval command 2-280
ip igmp snooping querier command 2-282
ip igmp snooping report-suppression command 2-284
ip igmp snooping tcn command 2-286
ip igmp snooping tcn flood command 2-288
ip igmp snooping vlan immediate-leave command 2-289
ip igmp snooping vlan mrouter command 2-290
ip igmp snooping vlan static command 2-292
IP multicast addresses 2-430
IP phones
auto-QoS configuration 2-64
trusting packets sent from 2-420
IP-precedence-to-DSCP map 2-394
ip snap forwarding command 2-294
ip source binding command 2-295
IP source guard
disabling 2-303
displaying
binding entries 2-659
configuration 2-660
dynamic binding entries only 2-644
enabling 2-303
static IP source bindings 2-295
ip ssh command 2-297
IPv4 and IPv6
port-based trust 2-421
IPv6 access list, deny conditions 2-145
ipv6 access-list command 2-306
ipv6 address dhcp command 2-309
ipv6 dhcp client request vendor command 2-310
ipv6 dhcp ping packets command 2-311
ipv6 dhcp pool command 2-313
ipv6 dhcp server command 2-316
ipv6 mld snooping command 2-318
ipv6 mld snooping last-listener-query count command 2-320
ipv6 mld snooping last-listener-query-interval command 2-322
ipv6 mld snooping listener-message-suppression command 2-324
ipv6 mld snooping robustness-variable command 2-325
ipv6 mld snooping tcn command 2-327
ipv6 mld snooping vlan command 2-329
IPv6 QoS
enabling 2-386
IPv6 SDM template 2-521
ipv6 traffic-filter command 2-331
ip verify source command 2-303
ip verify source smartlog command 2-305
J
jumbo frames
See MTU
L
l2protocol-tunnel command 2-333
l2protocol-tunnel cos command 2-336
LACP
See EtherChannel
lacp port-priority command 2-337
lacp system-priority command 2-339
Layer 2 mode, enabling 2-890
Layer 2 protocol ports, displaying 2-678
Layer 2 protocol-tunnel
error detection for 2-206
error recovery timer 2-211
Layer 2 protocol tunnel counters 2-104
Layer 2 protocol tunneling error recovery 2-334
Layer 2 traceroute
IP addresses 2-937
MAC addresses 2-934
Layer 3 mode, enabling 2-890
license boot command 2-341
line configuration mode 1-3, 1-5
Link Aggregation Control Protocol
See EtherChannel
link flap
error detection for 2-206
error recovery timer 2-211
link-security authentication 2-33
link-security policies 2-38
link state group command 2-343
link state track command 2-345
load-distribution methods for EtherChannel 2-471
location (global configuration) command 2-346
location (interface configuration) command 2-348
logging event command 2-350
logging event power-inline-status command 2-351
logging file command 2-352
logical interface 2-223
loopback error
detection for 2-206
recovery timer 2-211
loop guard, for spanning tree 2-833, 2-837
M
mab request format attribute 32 command 2-356
mac access-group command 2-358
MAC access-groups, displaying 2-696
MAC access list configuration mode 2-360
mac access-list extended command 2-360
MAC access lists 2-154
MAC addresses
disabling MAC address learning per VLAN 2-363
displaying
aging time 2-700
all 2-699
dynamic 2-703
MAC address-table move updates 2-706
notification settings 2-705, 2-707
number of addresses in a VLAN 2-702
per interface 2-704
per VLAN 2-711
static 2-709
static and dynamic entries 2-697
dynamic
aging time 2-362
deleting 2-108
displaying 2-703
enabling MAC address notification 2-367
enabling MAC address-table move update 2-365
matching 2-373
persistent stack 2-876
static
adding and removing 2-369
displaying 2-709
dropping on an interface 2-370
tables 2-699
MAC address notification, debugging B-25
mac address-table aging-time 2-358, 2-373
mac address-table aging-time command 2-362
mac address-table learning command 2-363
mac address-table move update command 2-365
mac address-table notification command 2-367
mac address-table static command 2-369
mac address-table static drop command 2-370
MAC frames
See MTU
macros
interface range 2-138, 2-225
MACsec
counters 2-110, 2-577
debugging B-26
displaying 2-713
enabling 2-372
registers 2-577
macsec command 2-372
maps
QoS
defining 2-394
displaying 2-736
VLAN
creating 2-952
defining 2-373
displaying 2-798
match (access-map configuration) command 2-373
match (class-map configuration) command 2-375
maximum transmission unit
See MTU
mdix auto command 2-378
Media Access Control Security
See MACsec.
media-type rj45 command 2-380
member switches
See clusters
memory (boot loader) command A-14
mgmt_clr (boot loader) command A-16
mgmt_init (boot loader) command A-17, A-18
MKA
confidentiality 2-137
debugging B-29
displaying default policy 2-715
displaying policies 2-717
displaying sessions 2-720
displaying sessions and statistics 2-726
displaying statistics 2-723
policy configuration mode 2-382
MKA, enabling 2-384
mka default policy command 2-381
mka policy global configuration command 2-382
mka policy interface configuration command 2-384
mkdir (boot loader) command A-19
MLD snooping
configuring 2-324, 2-325
configuring queries 2-320, 2-322
configuring topology change notification 2-327
displaying 2-668, 2-670, 2-672, 2-674
enabling 2-318
enabling on a VLAN 2-329
mls qos aggregate-policer command 2-388
mls qos command 2-386
mls qos cos command 2-390
mls qos dscp-mutation command 2-392
mls qos map command 2-394
mls qos queue-set output buffers command 2-398
mls qos queue-set output threshold command 2-400
mls qos rewrite ip dscp command 2-402
mls qos srr-queue input bandwidth command 2-404
mls qos srr-queue input buffers command 2-406
mls qos-srr-queue input cos-map command 2-408
mls qos srr-queue input dscp-map command 2-410
mls qos srr-queue input priority-queue command 2-412
mls qos srr-queue input threshold command 2-414
mls qos-srr-queue output cos-map command 2-416
mls qos srr-queue output dscp-map command 2-418
mls qos trust command 2-420
mls qos vlan-based command 2-422
mode, MVR 2-430
Mode button, and password recovery 2-525
mode command 2-423
modes, commands 1-2
monitor session command 2-425
more (boot loader) command A-20
MSTP
displaying 2-770
interoperability 2-119
link type 2-835
MST region
aborting changes 2-841
applying changes 2-841
configuration name 2-841
configuration revision number 2-841
current or pending display 2-841
displaying 2-770
MST configuration mode 2-841
VLANs-to-instance mapping 2-841
path cost 2-843
protocol mode 2-839
restart protocol migration process 2-119
root port
loop guard 2-833
preventing from becoming designated 2-833
restricting which can be root 2-833
root guard 2-833
root switch
affects of extended system ID 2-831
hello-time 2-846, 2-853
interval between BDPU messages 2-847
interval between hello BPDU messages 2-846, 2-853
max-age 2-847
maximum hop count before discarding BPDU 2-848
port priority for selection of 2-849
primary or secondary 2-853
switch priority 2-852
state changes
blocking to forwarding state 2-860
enabling BPDU filtering 2-823, 2-857
enabling BPDU guard 2-825, 2-857
enabling Port Fast 2-857, 2-860
forward-delay time 2-845
length of listening and learning states 2-845
rapid transition to forwarding 2-835
shutting down Port Fast-enabled ports 2-857
state information display 2-769
MTU
configuring size 2-930
displaying global setting 2-787
MAC 2-931
system jumbo 2-931
system routing 2-931
Multicase Listener Discovery
See MLD
multicast group address, MVR 2-433
multicast groups, MVR 2-431
Multicast Listener Discovery
See MLD
multicast router learning method 2-290
multicast router ports, configuring 2-290
multicast router ports, IPv6 2-329
multicast storm control 2-880
multicast VLAN, MVR 2-430
multicast VLAN registration
See MVR
multiple hosts on authorized port 2-181
Multiple Spanning Tree Protocol
See MSTP
MVR
and address aliasing 2-431
configuring 2-430
configuring interfaces 2-433
debug messages, display B-32
displaying 2-743
displaying interface information 2-744
members, displaying 2-746
mvr (global configuration) command 2-430
mvr (interface configuration) command 2-433
mvr vlan group command 2-434
N
native VLANs 2-922
native VLAN tagging 2-954
network-policy (global configuration) command 2-437
network-policy command 2-436
network-policy profile (network-policy configuration) command 2-438
nmsp attachment suppress command 2-441
nmsp command 2-440
no authentication logging verbose 2-442
no dot1x logging verbose 2-443
no mab logging verbose 2-444
nonegotiate
DTP messaging 2-907
speed 2-868
non-IP protocols
denying 2-154
forwarding 2-461
non-IP traffic access lists 2-360
non-IP traffic forwarding
denying 2-154
permitting 2-461
non-stop forwarding 2-445
normal-range VLANs 2-947
no vlan command 2-947
nsf command 2-445
O
online diagnostics
configuring health monitoring diagnostic tests 2-157
displaying
configured boot-up coverage level 2-585
current scheduled tasks 2-585
event logs 2-585
supported test suites 2-585
test ID 2-585
test results 2-585
test statistics 2-585
enabling
scheduling 2-159
syslog messages 2-157
global configuration mode
clearing health monitoring diagnostic test schedule 2-157
clearing test-based testing schedule 2-159
setting health monitoring diagnostic testing 2-157
setting test-based testing 2-159
setting up health monitoring diagnostic test schedule 2-157
setting up test-based testing 2-159
removing scheduling 2-159
scheduled switchover
disabling 2-159
enabling 2-159
setting test interval 2-159
specifying health monitoring diagnostic tests 2-157
starting testing 2-161
P
PAgP
See EtherChannel
pagp learn-method command 2-447
pagp port-priority command 2-449
password, VTP 2-964
password-recovery mechanism, enabling and disabling 2-525
permit (ARP access-list configuration) command 2-453
permit (IPv6) command 2-455
permit (MAC access-list configuration) command 2-461
per-VLAN spanning-tree plus
See STP
physical-port learner 2-447
PID, displaying 2-638
PIM-DVMRP, as multicast router learning method 2-290
PoE
configuring the power budget 2-476
configuring the power management mode 2-473
displaying controller register values 2-579
displaying power management information 2-757
error detection for 2-206
error recovery timer 2-211
logging of status 2-351
monitoring power 2-479
policing power consumption 2-479
police aggregate command 2-466
police command 2-464
policed-DSCP map 2-394
policy-map command 2-468
policy maps
applying to an interface 2-527, 2-533
creating 2-468
displaying 2-754
hierarchical 2-469
policers
displaying 2-730
for a single class 2-464
for multiple classes 2-388, 2-466
policed-DSCP map 2-394
traffic classification
defining the class 2-90
defining trust states 2-939
setting DSCP or IP precedence values 2-531
Port Aggregation Protocol
See EtherChannel
port-based authentication
AAA method list 2-3
configuring violation modes 2-201
debug messages, display B-10
enabling guest VLAN supplicant 2-167, 2-178
enabling IEEE 802.1x
globally 2-164
per interface 2-189
guest VLAN 2-179
host modes 2-181
IEEE 802.1x AAA accounting methods 2-1
initialize an interface 2-182, 2-197
MAC authentication bypass 2-183
manual control of authorization state 2-189
multiple hosts on authorized port 2-181
PAE as authenticator 2-188
periodic re-authentication
enabling 2-192
time between attempts 2-198
quiet period between failed authentication exchanges 2-198
re-authenticating IEEE 802.1x-enabled ports 2-191
resetting configurable IEEE 802.1x parameters 2-177
switch-to-authentication server retransmission time 2-198
switch-to-client frame-retransmission number 2-185 to 2-187
switch-to-client retransmission time 2-198
test for IEEE 802.1x readiness 2-196
port-based trust
IPv4 and IPv6 2-421
port-channel load-balance command 2-471
Port Fast, for spanning tree 2-860
port ranges, defining 2-135, 2-138
ports, debugging B-82
ports, protected 2-920
port security
aging 2-914
debug messages, display B-84
enabling 2-909
violation error recovery 2-211
port trust states for QoS 2-420
port types, MVR 2-433
power information, displaying 2-600
power inline command 2-473
power inline consumption command 2-476
power inline police command 2-479
Power over Ethernet
See PoE
power-priority command 2-482
power rps command (global configuration) 2-488
power rps command (user EXEC) 2-484
power supply
configuring 2-486
managing 2-486
power supply command 2-486
power xps command privileged EXEC) 2-490
power xps port command 2-492
priority-queue command 2-494
priority value, stack member 2-780, 2-885
private-vlan command 2-496
private-vlan mapping command 2-499
private VLANs
association 2-918
configuring 2-496
configuring ports 2-905
displaying 2-793
host ports 2-905
mapping
configuring 2-918
displaying 2-622
promiscuous ports 2-905
privileged EXEC mode 1-2, 1-3
product identification information, displaying 2-638
promiscuous ports, private VLANs 2-905
protected ports, displaying 2-627
pruning
VLANs 2-922
VTP
enabling 2-964
pruning-eligible VLAN list 2-924
psp 2-501
psp command 2-501
PVST+
See STP
Q
QoS
auto-QoS
configuring 2-64
debug messages, display B-4
displaying 2-547
auto-QoS trust
configuring 2-58
auto-QoS video
configuring 2-61
class maps
creating 2-93
defining the match criteria 2-375
displaying 2-558
defining the CoS value for an incoming packet 2-390
displaying configuration information 2-547, 2-729
DSCP transparency 2-402
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 2-392
defining DSCP-to-DSCP-mutation map 2-394
egress queues
allocating buffers 2-398
defining the CoS output queue threshold map 2-416
defining the DSCP output queue threshold map 2-418
displaying buffer allocations 2-732
displaying CoS output queue threshold map 2-736
displaying DSCP output queue threshold map 2-736
displaying queueing strategy 2-732
displaying queue-set settings 2-739
enabling bandwidth shaping and scheduling 2-872
enabling bandwidth sharing and scheduling 2-874
limiting the maximum output on a port 2-870
mapping a port to a queue-set 2-502
mapping CoS values to a queue and threshold 2-416
mapping DSCP values to a queue and threshold 2-418
setting maximum and reserved memory allocations 2-400
setting WTD thresholds 2-400
enabling 2-386
enabling IPv6 QoS 2-386
ingress queues
allocating buffers 2-406
assigning SRR scheduling weights 2-404
defining the CoS input queue threshold map 2-408
defining the DSCP input queue threshold map 2-410
displaying buffer allocations 2-732
displaying CoS input queue threshold map 2-736
displaying DSCP input queue threshold map 2-736
displaying queueing strategy 2-732
displaying settings for 2-731
enabling the priority queue 2-412
mapping CoS values to a queue and threshold 2-408
mapping DSCP values to a queue and threshold 2-410
setting WTD thresholds 2-414
maps
defining 2-394, 2-408, 2-410, 2-416, 2-418
displaying 2-736
policy maps
applying an aggregate policer 2-466
applying to an interface 2-527, 2-533
creating 2-468
defining policers 2-388, 2-464
displaying policers 2-730
displaying policy maps 2-754
hierarchical 2-469
policed-DSCP map 2-394
setting DSCP or IP precedence values 2-531
traffic classifications 2-90
trust states 2-939
port trust states 2-420
queues, enabling the expedite 2-494
statistics
in-profile and out-of-profile packets 2-732
packets enqueued or dropped 2-732
sent and received CoS values 2-732
sent and received DSCP values 2-732
trusted boundary for IP phones 2-420
VLAN-based 2-422
quality of service
See QoS
querytime, MVR 2-430
queue-set command 2-502
R
radius-server dead-criteria command 2-503
radius-server host command 2-505
rapid per-VLAN spanning-tree plus
See STP
rapid PVST+
See STP
rcommand command 2-507
re-authenticating IEEE 802.1x-enabled ports 2-191
re-authentication
periodic 2-192
time between attempts 2-198
receiver ports, MVR 2-433
receiving flow-control packets 2-218
recovery mechanism
causes 2-211
display 2-97, 2-554, 2-607, 2-610
timer interval 2-212
redundancy for cluster switches 2-132
redundant power supply
See RPS
redundant power system
See Cisco Redundant Power System 2300
reload command 2-509
remote command 2-511
remote-span command 2-513
Remote Switched Port Analyzer
See RSPAN
rename (boot loader) command A-21
renew ip dhcp snooping database command 2-515
replay protection, MACsec 2-517
replay-protection command 2-517
reset (boot loader) command A-22
restricted VLAN
See dot1x auth-fail vlan
rmdir (boot loader) command A-23
rmon collection stats command 2-519
root guard, for spanning tree 2-833
routed ports
IP addresses on 2-233
number supported 2-233
routing frames
See MTU
RPS
See Cisco Redundant Power System 2300
RPS 2300
configuring 2-484, 2-490, 2-492
managing 2-484, 2-490, 2-492
See Cisco Redundant Power System 2300
RSPAN
configuring 2-425
displaying 2-741
filter RSPAN traffic 2-425
remote-span command 2-513
sessions
add interfaces to 2-425
displaying 2-741
start new 2-425
rsu command 2-520
S
scheduled switchover
disabling 2-159
enabling 2-159
SDM mismatch mode 2-522, 2-781
sdm prefer command 2-521
SDM templates
allowed resources 2-523
and stacking 2-522
displaying 2-765
dual IPv4 and IPv6 2-521
secure ports, limitations 2-911
sending flow-control packets 2-218
service password-recovery command 2-525
service-policy command 2-527
session command 2-530
set (boot loader) command A-24
set command 2-531
setup command 2-533
setup express command 2-536
show access-lists command 2-538
show archive status command 2-541
show arp access-list command 2-542
show authentication command 2-543
show auto qos command 2-547
show boot command 2-551
show cable-diagnostics tdr command 2-554
show cisp command 2-557
show class-map command 2-558
show cluster candidates command 2-561
show cluster command 2-559
show cluster members command 2-563
show controllers cpu-interface command 2-565
show controllers ethernet-controller command 2-567
show controllers ethernet-controller fastethernet command 2-574
show controllers ethernet phy macsec command 2-577
show controllers power inline command 2-579
show controllers tcam command 2-581
show controller utilization command 2-583
show dot1q-tunnel command 2-590
show dot1x command 2-591
show dtp 2-595
show eap command 2-597
show env command 2-600
show env xps command 2-603
show errdisable detect command 2-607
show errdisable flap-values command 2-609
show errdisable recovery command 2-610
show etherchannel command 2-612
show fallback profile command 2-615
show flowcontrol command 2-616
show hw-module switch command 2-618
show idprom command 2-620
show interfaces command 2-622
show interfaces counters command 2-633
show interface transceivers command 2-635
show inventory command 2-638
show ip arp inspection command 2-639
show ipc command 2-662
show ip dhcp snooping binding command 2-644
show ip dhcp snooping command 2-643
show ip dhcp snooping database command 2-646, 2-648
show ip igmp profile command 2-651
show ip igmp snooping address command 2-670
show ip igmp snooping command 2-652, 2-668
show ip igmp snooping groups command 2-654
show ip igmp snooping mrouter command 2-656, 2-672
show ip igmp snooping querier command 2-657, 2-674
show ip source binding command 2-659
show ipv6 access-list command 2-665
show ipv6 dhcp conflict command 2-667
show ipv6 route updated 2-676
show ip verify source command 2-660
show l2protocol-tunnel command 2-678
show lacp command 2-680
show link state group command 2-684
show location 2-686
show location command 2-686
show logging onboard command 2-688
show logging smartlog command 2-693
show mac access-group command 2-696
show mac address-table address command 2-699
show mac address-table aging time command 2-700
show mac address-table command 2-697
show mac address-table count command 2-702
show mac address-table dynamic command 2-703
show mac address-table interface command 2-704
show mac address-table learning command 2-705
show mac address-table move update command 2-706
show mac address-table notification command 2-109, 2-707, B-28
show mac address-table static command 2-709
show mac address-table vlan command 2-711
show macsec command 2-713
show mka default-policy command 2-715
show mka policy command 2-717
show mka session command 2-720
show mka statistics command 2-723
show mka summary command 2-726
show mls qos aggregate-policer command 2-730
show mls qos command 2-729
show mls qos input-queue command 2-731
show mls qos interface command 2-732
show mls qos maps command 2-736
show mls qos queue-set command 2-739
show mls qos vlan command 2-740
show monitor command 2-741
show mvr command 2-743
show mvr interface command 2-744
show mvr members command 2-746
show network-policy profile command 2-748
show nmsp command 2-749
show pagp command 2-752
show platform acl command C-2
show platform backup interface command C-3
show platform configuration command C-4
show platform dl command C-5
show platform etherchannel command C-6
show platform forward command C-7
show platform frontend-controller command C-9
show platform igmp snooping command C-10
show platform ipc trace command C-17
show platform ip multicast command C-11
show platform ip unicast command C-12
show platform ipv6 mld snooping command C-18
show platform ipv6 unicast command C-19
show platform ip wccp command C-16
show platform layer4op command C-21
show platform mac-address-table command C-22
show platform messaging command C-23
show platform monitor command C-24
show platform mvr table command C-25
show platform pm command C-26
show platform port-asic command C-27
show platform port-security command C-32
show platform qos command C-33
show platform resource-manager command C-34
show platform snmp counters command C-36
show platform spanning-tree command C-37
show platform stack-manager command C-39
show platform stp-instance command C-38
show platform tb command C-43
show platform tcam command C-44
show platform vlan command C-47
show policy-map command 2-754
show port security command 2-755
show power inline command 2-757, 2-775
show psp config 2-763
show psp config command 2-763
show psp statistics 2-764
show psp statistics command 2-764
show sdm prefer command 2-765
show setup express command 2-768
show spanning-tree command 2-769
show storm-control command 2-778
show switch command 2-780
show switch service-modules command 2-785
show system mtu command 2-787
show trust command 2-939
show udld command 2-788
show version command 2-791
show vlan access-map command 2-798
show vlan command 2-793
show vlan command, fields 2-795
show vlan filter command 2-799
show vmps command 2-800
show vtp command 2-802
shutdown command 2-807
shutdown threshold, Layer 2 protocol tunneling 2-333
shutdown vlan command 2-808
small-frame violation rate command 2-809
SNMP host, specifying 2-816
SNMP informs, enabling the sending of 2-811
snmp-server enable traps command 2-811
snmp-server host command 2-816
snmp trap mac-notification change command 2-820
SNMP traps
enabling MAC address notification trap 2-820
enabling the MAC address notification feature 2-367
enabling the sending of 2-811
SoftPhone
See Cisco SoftPhone
software images
copying 2-10
deleting 2-140
downloading 2-13
upgrading 2-10, 2-13
uploading 2-21
software version, displaying 2-791
source ports, MVR 2-433
SPAN
configuring 2-425
debug messages, display B-31
displaying 2-741
filter SPAN traffic 2-425
sessions
add interfaces to 2-425
displaying 2-741
start new 2-425
spanning-tree backbonefast command 2-822
spanning-tree bpdufilter command 2-823
spanning-tree bpduguard command 2-825
spanning-tree cost command 2-827
spanning-tree etherchannel command 2-829
spanning-tree extend system-id command 2-831
spanning-tree guard command 2-833
spanning-tree link-type command 2-835
spanning-tree loopguard default command 2-837
spanning-tree mode command 2-839
spanning-tree mst configuration command 2-841
spanning-tree mst cost command 2-843
spanning-tree mst forward-time command 2-845
spanning-tree mst hello-time command 2-846
spanning-tree mst max-age command 2-847
spanning-tree mst max-hops command 2-848
spanning-tree mst port-priority command 2-849
spanning-tree mst pre-standard command 2-851
spanning-tree mst priority command 2-852
spanning-tree mst root command 2-853
spanning-tree portfast (global configuration) command 2-857
spanning-tree portfast (interface configuration) command 2-860
spanning-tree port-priority command 2-855
Spanning Tree Protocol
See STP
spanning-tree transmit hold-count command 2-862
spanning-tree uplinkfast command 2-863
spanning-tree vlan command 2-865
speed command 2-868
srr-queue bandwidth limit command 2-870
srr-queue bandwidth shape command 2-872
srr-queue bandwidth share command 2-874
SSH, configuring version 2-297
stack-mac persistent timer command 2-876
stack member
access 2-530
number 2-780, 2-888
priority value 2-885
provisioning 2-886
reloading 2-509
stacks, switch
disabling a member 2-883
enabling a member 2-883
MAC address 2-876
provisioning a new member 2-886
reloading 2-509
stack member access 2-530
stack member number 2-780, 2-888
stack member priority value 2-780, 2-885
static-access ports, configuring 2-892
statistics, Ethernet group 2-519
sticky learning, enabling 2-909
storm-control command 2-880
STP
BackboneFast 2-822
counters, clearing 2-118
debug messages, display
BackboneFast events B-88
MSTP B-91
optimized BPDUs handling B-90
spanning-tree activity B-86
switch shim B-93
transmitted and received BPDUs B-89
UplinkFast B-95
detection of indirect link failures 2-822
enabling protocol tunneling for 2-333
EtherChannel misconfiguration 2-829
extended system ID 2-831
path cost 2-827
protocol modes 2-839
root port
accelerating choice of new 2-863
loop guard 2-833
preventing from becoming designated 2-833
restricting which can be root 2-833
root guard 2-833
UplinkFast 2-863
root switch
affects of extended system ID 2-831, 2-866
hello-time 2-865
interval between BDPU messages 2-865
interval between hello BPDU messages 2-865
max-age 2-865
port priority for selection of 2-855
primary or secondary 2-865
switch priority 2-865
state changes
blocking to forwarding state 2-860
enabling BPDU filtering 2-823, 2-857
enabling BPDU guard 2-825, 2-857
enabling Port Fast 2-857, 2-860
enabling timer to recover from error state 2-211
forward-delay time 2-865
length of listening and learning states 2-865
shutting down Port Fast-enabled ports 2-857
state information display 2-769
VLAN options 2-852, 2-865
supplemental power command 2-878
SVIs, creating 2-227
SVI status calculation 2-894
Switched Port Analyzer
See SPAN
switching characteristics
modifying 2-890
returning to interfaces 2-890
switchport access command 2-892
switchport autostate exclude command 2-894
switchport backup interface command 2-896
switchport block command 2-899
switchport command 2-890
switchport host command 2-901
switchport mode command 2-902
switchport mode private-vlan command 2-905
switchport nonegotiate command 2-907
switchport port-security aging command 2-914
switchport port-security command 2-909
switchport priority extend command 2-916
switchport private-vlan command 2-918
switchport protected command 2-920
switchports, displaying 2-622
switchport trunk command 2-922
switchport voice detect 2-925
switchport voice vlan command 2-926
switch priority command 2-883, 2-885
switch provision command 2-886
switch renumber command 2-888
system env temperature threshold yellow command 2-928
system message logging 2-351
system message logging, save message to flash 2-352
system mtu command 2-930
system resource templates 2-521
T
tar files, creating, listing, and extracting 2-18
TDR, running 2-933
Telnet, using to communicate to cluster switches 2-507
temperature information, displaying 2-600
templates, system resources 2-521
test cable-diagnostics tdr command 2-933
traceroute mac command 2-934
traceroute mac ip command 2-937
trunking, VLAN mode 2-902
trunk mode 2-902
trunk ports 2-902
trunks, to non-DTP device 2-903
trusted boundary for QoS 2-420
trusted port states for QoS 2-420
tunnel ports, Layer 2 protocol, displaying 2-678
type (boot loader) command A-27
U
UDLD
aggressive mode 2-941, 2-943
debug messages, display B-103
enable globally 2-941
enable per interface 2-943
error recovery timer 2-212
message timer 2-941
normal mode 2-941, 2-943
reset a shutdown interface 2-945
status 2-788
udld command 2-941
udld port command 2-943
udld reset command 2-945
unicast storm control 2-880
UniDirectional Link Detection
See UDLD
unknown multicast traffic, preventing 2-899
unknown unicast traffic, preventing 2-899
unset (boot loader) command A-28
upgrading
copying software images 2-10
downloading software images 2-13
software images, monitoring status of 2-541
UplinkFast, for STP 2-863
usb-inactivity-timeout (console configuration) command 2-946
user EXEC mode 1-2, 1-3
V
version (boot loader) command A-30
version mismatch mode 2-781, C-40
vlan (global configuration) command 2-947
vlan access-map command 2-952
VLAN access map configuration mode 2-952
VLAN access maps
actions 2-8
displaying 2-798
VLAN-based QoS 2-422
VLAN configuration
rules 2-950
saving 2-947
VLAN configuration mode
description 1-4
entering 2-947
summary 1-3
vlan dot1q tag native command 2-954
vlan filter command 2-956
VLAN filters, displaying 2-799
VLAN ID range 2-947
VLAN maps
applying 2-956
creating 2-952
defining 2-373
displaying 2-798
VLAN Query Protocol
See VQP
VLANs
adding 2-947
configuring 2-947
debug messages, display
ISL B-99
VLAN IOS file system error tests B-98
VLAN manager activity B-96
VTP B-101
displaying configurations 2-793
extended-range 2-947
MAC addresses
displaying 2-711
number of 2-702
media types 2-950
normal-range 2-947
private 2-905
configuring 2-496
displaying 2-793
See also private VLANs
restarting 2-808
saving the configuration 2-947
shutting down 2-808
SNMP traps for VTP 2-814, 2-817
suspending 2-808
VLAN Trunking Protocol
See VTP
VM mode 2-781, C-40
VMPS
configuring servers 2-961
displaying 2-800
error recovery timer 2-212
reconfirming dynamic VLAN assignments 2-958
vmps reconfirm (global configuration) command 2-959
vmps reconfirm (privileged EXEC) command 2-958
vmps retry command 2-960
vmps server command 2-961
voice VLAN
configuring 2-925, 2-926
setting port priority 2-916
VQP
and dynamic-access ports 2-893
clearing client statistics 2-120
displaying information 2-800
per-server retry count 2-960
reconfirmation interval 2-959
reconfirming dynamic VLAN assignments 2-958
VTP
changing characteristics 2-963
clearing pruning counters 2-121
configuring
domain name 2-963
file name 2-963
mode 2-963
password 2-964
counters display fields 2-803
displaying information 2-802
enabling
pruning 2-964
tunneling for 2-333
Version 2 2-964
enabling per port 2-968
mode 2-963
pruning 2-964
saving the configuration 2-947
statistics 2-802
status 2-802
status display fields 2-805
vtp (global configuration) command 2-963
vtp interface configuration command 2-968
vtp primary command 2-969
X
XPS 2200
configuring 2-488
naming 2-488
Index
A
aaa accounting dot1x command 2-1
aaa authentication dot1x command 2-3
aaa authorization network command 2-5, 2-27, 2-34, 2-36, 2-39, 2-41, 2-43, 2-172, 2-356, 2-557, B-7, B-39
AAA methods 2-3
access control entries
See ACEs
access control lists
See ACLs
access groups
IP 2-229
MAC, displaying 2-696
access list, IPv6 2-306
access map configuration mode 2-373
access mode 2-902
access ports 2-902
ACEs 2-156, 2-463
ACLs
deny 2-154
displaying 2-538
for non-IP protocols 2-360
IP 2-229
matching 2-373
on Layer 2 interfaces 2-229
permit 2-461
action command 2-8
address aliasing 2-431
aggregate-port learner 2-447
allowed VLANs 2-922
archive copy-sw command 2-10
archive download-sw command 2-13
archive tar command 2-18
archive upload-sw command 2-21
arp (boot loader) command A-2
arp access-list command 2-23
authentication command bounce-port ignore 2-25
authentication command disable-port ignore 2-26
authentication control-direction command 2-27
authentication event command 2-29
authentication event linksec fail action command 2-33
authentication failed VLAN
See dot1x auth-fail vlan
authentication fallback command 2-34
authentication host-mode command 2-36
authentication linksec policy command 2-38
authentication mac-move permit command 2-39
authentication open command 2-41
authentication order command 2-43
authentication periodic command 2-45
authentication port-control command 2-47
authentication priority command 2-49
authentication timer command 2-51
authentication violation command 2-53
auth-fail max-attempts
See dot1x auth-fail max-attempts
auth-fail vlan
See dot1x auth-fail vlan
auth open command 2-41
auth order command 2-43
authorization state of controlled port 2-189
auth timer command 2-51
autonegotiation of duplex mode 2-203
auto qos classify command 2-55
auto qos trust command 2-58
auto qos video command 2-61
auto qos voip command 2-64
B
BackboneFast, for STP 2-822
backup interfaces
configuring 2-896
displaying 2-623
boot (boot loader) command A-3
boot auto-copy-sw command 2-70
boot auto-download-sw command 2-71
boot config-file command 2-74
boot enable-break command 2-75
boot helper command 2-76
boot helper-config file command 2-77
booting
Cisco IOS image 2-80
displaying environment variables 2-551
interrupting 2-75
manually 2-78
boot loader
accessing A-1
booting
Cisco IOS image A-3
helper image 2-76
directories
creating A-19
displaying a list of A-8
removing A-23
displaying
available commands A-13
memory heap utilization A-14
version A-30
environment variables
described A-24
displaying settings A-24
location of A-25
setting A-24
unsetting A-28
files
copying A-6
deleting A-7
displaying a list of A-8
displaying the contents of A-5, A-20, A-27
renaming A-21
file system
formatting A-11
initializing flash A-10
running a consistency check A-12
prompt A-1
resetting the system A-22
boot manual command 2-78
boot private-config-file command 2-79
boot system command 2-80
boot time-copy-sw command 2-69
BPDU filtering, for spanning tree 2-823, 2-857
BPDU guard, for spanning tree 2-825, 2-857
broadcast storm control 2-880
C
candidate switches
See clusters
cat (boot loader) command A-5
CDP, enabling protocol tunneling for 2-333
channel-group command 2-84
channel-protocol command 2-88
Cisco Redundant Power System 2300
configuring 2-485
managing 2-485
Cisco SoftPhone
auto-QoS configuration 2-64
trusting packets sent from 2-420
CISP
See Client Information Signalling Protocol
cisp
debug platform cisp command B-39
cisp enable command 2-89
class command 2-90
class-map command 2-93
class maps
creating 2-93
defining the match criteria 2-375
displaying 2-558
class of service
See CoS
clear dot1x command 2-95
clear eap sessions command 2-96
clear errdisable interface 2-97
clear ip arp inspection log command 2-98
clear ip arp inspection statistics command 2-99
clear ipc command 2-102
clear ip dhcp snooping database command 2-100
clear ipv6 dhcp conflict command 2-103
clear l2protocol-tunnel counters command 2-104
clear lacp command 2-105
clear logging onboard command 2-106
clear logging smartlog statistics interface command 2-107
clear mac address-table command 2-108, 2-109
clear macsec counters interface command 2-110
clear mka command 2-111
clear nmsp statistics command 2-113
clear pagp command 2-114
clear port-security command 2-115
clear psp counter 2-117
clear psp counter command 2-117
clear spanning-tree counters command 2-118
clear spanning-tree detected-protocols command 2-119
clear vmps statistics command 2-120
clear vtp counters command 2-121
Client Information Signalling Protocol 2-89, 2-172, 2-557, B-7, B-39
cluster commander-address command 2-122
cluster discovery hop-count command 2-124
cluster enable command 2-125
cluster holdtime command 2-127
cluster member command 2-128
cluster outside-interface command 2-130
cluster run command 2-131
clusters
adding candidates 2-128
binding to HSRP group 2-132
building manually 2-128
communicating with
devices outside the cluster 2-130
members by using Telnet 2-507
debug messages, display B-8
displaying
candidate switches 2-561
debug messages B-8
member switches 2-563
status 2-559
hop-count limit for extended discovery 2-124
HSRP standby groups 2-132
redundancy 2-132
SNMP trap 2-811
cluster standby-group command 2-132
cluster timer command 2-134
command modes defined 1-2
command switch
See clusters
confidentiality-offset command 2-137
configuration files
password recovery disable considerations A-1
specifying the name 2-74, 2-79
configuring multiple interfaces 2-225
config-vlan mode
commands 2-948
copy (boot loader) command A-6
copy logging onboard command 2-135
CoS
assigning default value to incoming packets 2-390
assigning to Layer 2 protocol packets 2-336
overriding the incoming value 2-390
CoS-to-DSCP map 2-394
CPU ASIC statistics, displaying 2-565
crashinfo files 2-215
critical VLAN 2-31
D
debug authentication B-2
debug auto qos command B-4
debug backup command B-6
debug cisp command B-7
debug cluster command B-8
debug dot1x command B-10
debug dtp command B-11
debug eap command B-12
debug etherchannel command B-13
debug fastethernet command B-14
debug ilpower command B-15
debug interface command B-16
debug ip dhcp snooping command B-17
debug ip igmp filter command B-19
debug ip igmp max-groups command B-20
debug ip igmp snooping command B-21
debug ip verify source packet command B-18
debug lacp command B-22
debug lldp packets command B-23
debug mac-notification command B-25
debug macsec command B-26
debug matm command B-27
debug matm move update command B-28
debug mka command B-29
debug monitor command B-31
debug mvrdbg command B-32
debug nmsp command B-33
debug nvram command B-34
debug pagp command B-35
debug platform acl command B-36
debug platform backup interface command B-38
debug platform cisp command B-39
debug platform cli-redirection main command B-40
debug platform configuration command B-41, B-49
debug platform cpu-queues command B-42
debug platform device-manager command B-44
debug platform dot1x command B-45
debug platform etherchannel command B-46
debug platform fallback-bridging command B-47
debug platform forw-tcam command B-48
debug platform ip arp inspection command B-50
debug platform ipc command B-59
debug platform ip dhcp command B-51
debug platform ip igmp snooping command B-52
debug platform ip multicast command B-54
debug platform ip unicast command B-56
debug platform ip wccp command B-58
debug platform led command B-60
debug platform matm command B-61
debug platform messaging application command B-62
debug platform phy command B-63
debug platform pm command B-65
debug platform port-asic command B-67
debug platform port-security command B-68
debug platform qos-acl-tcam command B-69
debug platform remote-commands command B-70
debug platform resource-manager command B-71
debug platform snmp command B-72
debug platform span command B-73
debug platform stack-manager command B-74
debug platform supervisor-asic command B-75
debug platform sw-bridge command B-76
debug platform tcam command B-77
debug platform udld command B-80
debug platform vlan command B-81
debug pm command B-82
debug port-security command B-84
debug qos-manager command B-85
debug spanning-tree backbonefast command B-88
debug spanning-tree bpdu command B-89
debug spanning-tree bpdu-opt command B-90
debug spanning-tree command B-86
debug spanning-tree mstp command B-91
debug spanning-tree switch command B-93
debug spanning-tree uplinkfast command B-95
debug sw-vlan command B-96
debug sw-vlan ifs command B-98
debug sw-vlan notification command B-99
debug sw-vlan vtp command B-101
debug udld command B-103
debug vqpc command B-105
default policy, MKA 2-381
define interface-range command 2-138
delete (boot loader) command A-7
delete command 2-140
deny (ARP access-list configuration) command 2-143
deny (IPv6) command 2-145
deny command 2-154
detect mechanism, causes 2-206
DHCP snooping
accepting untrusted packets from edge switch 2-263
enabling
on a VLAN 2-269
option 82 2-261, 2-263
trust on an interface 2-267
error recovery timer 2-211
rate limiting 2-266
DHCP snooping binding database
binding file, configuring 2-259
bindings
adding 2-257
deleting 2-257
displaying 2-644
clearing database agent statistics 2-100
database agent, configuring 2-259
displaying
binding entries 2-644
database agent status 2-646, 2-648
renewing 2-515
Digital Optical Monitoring
see DoM
dir (boot loader) command A-8
directories, deleting 2-140
DoM
displaying supported transceivers 2-635
domain name, VTP 2-963
dot1x auth-fail max-attempts 2-166
dot1x auth-fail vlan 2-168
dot1x command 2-164
dot1x control-direction command 2-170
dot1x credentials (global configuration) command 2-172
dot1x critical global configuration command 2-173
dot1x critical interface configuration command 2-175
dot1x default command 2-177
dot1x fallback command 2-178
dot1x guest-vlan command 2-179
dot1x host-mode command 2-181
dot1x initialize command 2-182
dot1x mac-auth-bypass command 2-183
dot1x max-reauth-req command 2-185
dot1x max-req command 2-187
dot1x pae command 2-188
dot1x port-control command 2-189
dot1x re-authenticate command 2-191
dot1x reauthentication command 2-192
dot1x supplicant controlled transient command 2-193
dot1x supplicant force-multicast command 2-195
dot1x test eapol-capable command 2-196
dot1x test timeout command 2-197
dot1x timeout command 2-198
dot1x violation-mode command 2-201
dropping packets, with ACL matches 2-8
drop threshold, Layer 2 protocol tunneling 2-333
DSCP-to-CoS map 2-394
DSCP-to-DSCP-mutation map 2-394
DTP 2-903
DTP flap
error detection for 2-206
error recovery timer 2-211
DTP negotiation 2-907
dual IPv4 and IPv6 templates 2-455
duplex command 2-202
dynamic-access ports
configuring 2-892
restrictions 2-893
dynamic ARP inspection
ARP ACLs
apply to a VLAN 2-237
define 2-23
deny packets 2-143
display 2-542
permit packets 2-453
clear
log buffer 2-98
statistics 2-99
display
ARP ACLs 2-542
configuration and operating state 2-639
log buffer 2-639
statistics 2-639
trust state and rate limit 2-639
enable per VLAN 2-249
error detection for 2-206
error recovery timer 2-211
log buffer
clear 2-98
configure 2-241
display 2-639
rate-limit incoming ARP packets 2-239
statistics
clear 2-99
display 2-639
trusted interface state 2-245
type of packet logged 2-250
validation checks 2-247
dynamic auto VLAN membership mode 2-902
dynamic desirable VLAN membership mode 2-902
Dynamic Host Configuration Protocol (DHCP)
See DHCP snooping
Dynamic Trunking Protocol
See DTP
E
EAP-request/identity frame
maximum number to send 2-187
response time before retransmitting 2-198
encapsulation methods 2-922
environment variables, displaying 2-551
epm access-control open 2-204
errdisable detect cause command 2-206
errdisable detect cause small-frame command 2-209
errdisable recovery cause small-frame 2-214
errdisable recovery command 2-211
error conditions, displaying 2-609
error disable detection 2-206
error-disabled interfaces, displaying 2-622
EtherChannel
assigning Ethernet interface to channel group 2-84
creating port-channel logical interface 2-223
debug EtherChannel/PAgP, display B-13
debug platform-specific events, display B-46
displaying 2-612
enabling Layer 2 protocol tunneling for
LACP 2-334
PAgP 2-334
UDLD 2-334
interface information, displaying 2-622
LACP
clearing channel-group information 2-105, 2-106
debug messages, display B-22
displaying 2-680
modes 2-84
port priority for hot-standby ports 2-337
restricting a protocol 2-88
system priority 2-339
load-distribution methods 2-471
PAgP
aggregate-port learner 2-447
clearing channel-group information 2-114
debug messages, display B-35
displaying 2-752
error detection for 2-206
error recovery timer 2-211
learn method 2-447
modes 2-84
physical-port learner 2-447
priority of interface for transmitted traffic 2-449
Ethernet controller, internal register display 2-567, 2-574
Ethernet Management port, debugging B-14
Ethernet statistics, collecting 2-519
exception crashinfo command 2-215, 2-220
extended discovery of candidate switches 2-124
extended-range VLANs
and allowed VLAN list 2-922
and pruning-eligible list 2-922
configuring 2-947
extended system ID for STP 2-831
F
fallback profile command 2-216
fallback profiles, displaying 2-615
fan information, displaying 2-600
file name, VTP 2-963
files, deleting 2-140
flash_init (boot loader) command A-10
flexible authentication ordering 2-43
Flex Links
configuring 2-896
displaying 2-623
flow-based SPAN 2-425
flowcontrol command 2-218
format (boot loader) command A-11
forwarding packets, with ACL matches 2-8
forwarding results, display C-7
frame forwarding information, displaying C-7
front-end controller counter and status information C-9
fsck (boot loader) command A-12
FSPAN 2-425
G
global configuration mode 1-2, 1-4
H
hardware ACL statistics 2-538
health monitoring diagnostic tests 2-157
help (boot loader) command A-13
hierarchical policy maps 2-469
hop-count limit for clusters 2-124
host connection, port configuration 2-901
host ports, private VLANs 2-905
Hot Standby Router Protocol
See HSRP
HSRP
binding HSRP group to cluster 2-132
standby group 2-132
hw-module switch command 2-222
I
IEEE 802.1Q trunk ports and native VLANs 2-954
IEEE 802.1Q tunnel ports
configuring 2-902
displaying 2-590
limitations 2-903
IEEE 802.1x
and switchport modes 2-903
violation error recovery 2-211
See also port-based authentication
IGMP filters
applying 2-273
debug messages, display B-19
IGMP groups, setting maximum 2-274
IGMP maximum groups, debugging B-20
IGMP profiles
creating 2-276
displaying 2-651
IGMP snooping
adding ports as a static member of a group 2-292
displaying 2-652, 2-656, 2-657
enabling 2-278
enabling the configurable-leave timer 2-280
enabling the Immediate-Leave feature 2-289
flooding query count 2-286
interface topology change notification behavior 2-288
multicast table 2-654
querier 2-282
query solicitation 2-286
report suppression 2-284
switch topology change notification behavior 2-286
images
See software images
Immediate-Leave processing
IGMP 2-289
IPv6 2-329
MVR 2-433
interface configuration mode 1-2, 1-4
interface port-channel command 2-223
interface range command 2-225
interface-range macros 2-138
interfaces
assigning Ethernet interface to channel group 2-84
configuring 2-202
configuring multiple 2-225
creating port-channel logical 2-223
debug messages, display B-16
disabling 2-807
displaying the MAC address table 2-704
restarting 2-807
interface speed, configuring 2-868
interface vlan command 2-227
internal power supplies
See power supplies
internal registers, displaying 2-567, 2-574, 2-581
Internet Group Management Protocol
See IGMP
invalid GBIC
error detection for 2-206
error recovery timer 2-211
ip access-group command 2-229
ip address command 2-232
IP addresses, setting 2-232
IP address matching 2-373
ip admission command 2-234
ip admission name proxy http command 2-235
ip arp inspection filter vlan command 2-237
ip arp inspection limit command 2-239
ip arp inspection log-buffer command 2-241
ip arp inspection trust command 2-245
ip arp inspection validate command 2-247
ip arp inspection vlan command 2-249
ip arp inspection vlan logging command 2-250
ip device tracking command 2-252
ip device tracking probe command 2-254
IP DHCP snooping
See DHCP snooping
ip dhcp snooping binding command 2-257
ip dhcp snooping command 2-256
ip dhcp snooping database command 2-259
ip dhcp snooping information option allow-untrusted command 2-263
ip dhcp snooping information option command 2-261
ip dhcp snooping information option format remote-id command 2-265
ip dhcp snooping limit rate command 2-266
ip dhcp snooping trust command 2-267
ip dhcp snooping verify command 2-268
ip dhcp snooping vlan command 2-269
ip dhcp snooping vlan information option format-type circuit-id string command 2-271
ip igmp filter command 2-273
ip igmp max-groups command 2-274, 2-299, 2-301
ip igmp profile command 2-276
ip igmp snooping command 2-278
ip igmp snooping last-member-query-interval command 2-280
ip igmp snooping querier command 2-282
ip igmp snooping report-suppression command 2-284
ip igmp snooping tcn command 2-286
ip igmp snooping tcn flood command 2-288
ip igmp snooping vlan immediate-leave command 2-289
ip igmp snooping vlan mrouter command 2-290
ip igmp snooping vlan static command 2-292
IP multicast addresses 2-430
IP phones
auto-QoS configuration 2-64
trusting packets sent from 2-420
IP-precedence-to-DSCP map 2-394
ip snap forwarding command 2-294
ip source binding command 2-295
IP source guard
disabling 2-303
displaying
binding entries 2-659
configuration 2-660
dynamic binding entries only 2-644
enabling 2-303
static IP source bindings 2-295
ip ssh command 2-297
IPv4 and IPv6
port-based trust 2-421
IPv6 access list, deny conditions 2-145
ipv6 access-list command 2-306
ipv6 address dhcp command 2-309
ipv6 dhcp client request vendor command 2-310
ipv6 dhcp ping packets command 2-311
ipv6 dhcp pool command 2-313
ipv6 dhcp server command 2-316
ipv6 mld snooping command 2-318
ipv6 mld snooping last-listener-query count command 2-320
ipv6 mld snooping last-listener-query-interval command 2-322
ipv6 mld snooping listener-message-suppression command 2-324
ipv6 mld snooping robustness-variable command 2-325
ipv6 mld snooping tcn command 2-327
ipv6 mld snooping vlan command 2-329
IPv6 QoS
enabling 2-386
IPv6 SDM template 2-521
ipv6 traffic-filter command 2-331
ip verify source command 2-303
ip verify source smartlog command 2-305
J
jumbo frames
See MTU
L
l2protocol-tunnel command 2-333
l2protocol-tunnel cos command 2-336
LACP
See EtherChannel
lacp port-priority command 2-337
lacp system-priority command 2-339
Layer 2 mode, enabling 2-890
Layer 2 protocol ports, displaying 2-678
Layer 2 protocol-tunnel
error detection for 2-206
error recovery timer 2-211
Layer 2 protocol tunnel counters 2-104
Layer 2 protocol tunneling error recovery 2-334
Layer 2 traceroute
IP addresses 2-937
MAC addresses 2-934
Layer 3 mode, enabling 2-890
license boot command 2-341
line configuration mode 1-3, 1-5
Link Aggregation Control Protocol
See EtherChannel
link flap
error detection for 2-206
error recovery timer 2-211
link-security authentication 2-33
link-security policies 2-38
link state group command 2-343
link state track command 2-345
load-distribution methods for EtherChannel 2-471
location (global configuration) command 2-346
location (interface configuration) command 2-348
logging event command 2-350
logging event power-inline-status command 2-351
logging file command 2-352
logical interface 2-223
loopback error
detection for 2-206
recovery timer 2-211
loop guard, for spanning tree 2-833, 2-837
M
mab request format attribute 32 command 2-356
mac access-group command 2-358
MAC access-groups, displaying 2-696
MAC access list configuration mode 2-360
mac access-list extended command 2-360
MAC access lists 2-154
MAC addresses
disabling MAC address learning per VLAN 2-363
displaying
aging time 2-700
all 2-699
dynamic 2-703
MAC address-table move updates 2-706
notification settings 2-705, 2-707
number of addresses in a VLAN 2-702
per interface 2-704
per VLAN 2-711
static 2-709
static and dynamic entries 2-697
dynamic
aging time 2-362
deleting 2-108
displaying 2-703
enabling MAC address notification 2-367
enabling MAC address-table move update 2-365
matching 2-373
persistent stack 2-876
static
adding and removing 2-369
displaying 2-709
dropping on an interface 2-370
tables 2-699
MAC address notification, debugging B-25
mac address-table aging-time 2-358, 2-373
mac address-table aging-time command 2-362
mac address-table learning command 2-363
mac address-table move update command 2-365
mac address-table notification command 2-367
mac address-table static command 2-369
mac address-table static drop command 2-370
MAC frames
See MTU
macros
interface range 2-138, 2-225
MACsec
counters 2-110, 2-577
debugging B-26
displaying 2-713
enabling 2-372
registers 2-577
macsec command 2-372
maps
QoS
defining 2-394
displaying 2-736
VLAN
creating 2-952
defining 2-373
displaying 2-798
match (access-map configuration) command 2-373
match (class-map configuration) command 2-375
maximum transmission unit
See MTU
mdix auto command 2-378
Media Access Control Security
See MACsec.
media-type rj45 command 2-380
member switches
See clusters
memory (boot loader) command A-14
mgmt_clr (boot loader) command A-16
mgmt_init (boot loader) command A-17, A-18
MKA
confidentiality 2-137
debugging B-29
displaying default policy 2-715
displaying policies 2-717
displaying sessions 2-720
displaying sessions and statistics 2-726
displaying statistics 2-723
policy configuration mode 2-382
MKA, enabling 2-384
mka default policy command 2-381
mka policy global configuration command 2-382
mka policy interface configuration command 2-384
mkdir (boot loader) command A-19
MLD snooping
configuring 2-324, 2-325
configuring queries 2-320, 2-322
configuring topology change notification 2-327
displaying 2-668, 2-670, 2-672, 2-674
enabling 2-318
enabling on a VLAN 2-329
mls qos aggregate-policer command 2-388
mls qos command 2-386
mls qos cos command 2-390
mls qos dscp-mutation command 2-392
mls qos map command 2-394
mls qos queue-set output buffers command 2-398
mls qos queue-set output threshold command 2-400
mls qos rewrite ip dscp command 2-402
mls qos srr-queue input bandwidth command 2-404
mls qos srr-queue input buffers command 2-406
mls qos-srr-queue input cos-map command 2-408
mls qos srr-queue input dscp-map command 2-410
mls qos srr-queue input priority-queue command 2-412
mls qos srr-queue input threshold command 2-414
mls qos-srr-queue output cos-map command 2-416
mls qos srr-queue output dscp-map command 2-418
mls qos trust command 2-420
mls qos vlan-based command 2-422
mode, MVR 2-430
Mode button, and password recovery 2-525
mode command 2-423
modes, commands 1-2
monitor session command 2-425
more (boot loader) command A-20
MSTP
displaying 2-770
interoperability 2-119
link type 2-835
MST region
aborting changes 2-841
applying changes 2-841
configuration name 2-841
configuration revision number 2-841
current or pending display 2-841
displaying 2-770
MST configuration mode 2-841
VLANs-to-instance mapping 2-841
path cost 2-843
protocol mode 2-839
restart protocol migration process 2-119
root port
loop guard 2-833
preventing from becoming designated 2-833
restricting which can be root 2-833
root guard 2-833
root switch
affects of extended system ID 2-831
hello-time 2-846, 2-853
interval between BDPU messages 2-847
interval between hello BPDU messages 2-846, 2-853
max-age 2-847
maximum hop count before discarding BPDU 2-848
port priority for selection of 2-849
primary or secondary 2-853
switch priority 2-852
state changes
blocking to forwarding state 2-860
enabling BPDU filtering 2-823, 2-857
enabling BPDU guard 2-825, 2-857
enabling Port Fast 2-857, 2-860
forward-delay time 2-845
length of listening and learning states 2-845
rapid transition to forwarding 2-835
shutting down Port Fast-enabled ports 2-857
state information display 2-769
MTU
configuring size 2-930
displaying global setting 2-787
MAC 2-931
system jumbo 2-931
system routing 2-931
Multicase Listener Discovery
See MLD
multicast group address, MVR 2-433
multicast groups, MVR 2-431
Multicast Listener Discovery
See MLD
multicast router learning method 2-290
multicast router ports, configuring 2-290
multicast router ports, IPv6 2-329
multicast storm control 2-880
multicast VLAN, MVR 2-430
multicast VLAN registration
See MVR
multiple hosts on authorized port 2-181
Multiple Spanning Tree Protocol
See MSTP
MVR
and address aliasing 2-431
configuring 2-430
configuring interfaces 2-433
debug messages, display B-32
displaying 2-743
displaying interface information 2-744
members, displaying 2-746
mvr (global configuration) command 2-430
mvr (interface configuration) command 2-433
mvr vlan group command 2-434
N
native VLANs 2-922
native VLAN tagging 2-954
network-policy (global configuration) command 2-437
network-policy command 2-436
network-policy profile (network-policy configuration) command 2-438
nmsp attachment suppress command 2-441
nmsp command 2-440
no authentication logging verbose 2-442
no dot1x logging verbose 2-443
no mab logging verbose 2-444
nonegotiate
DTP messaging 2-907
speed 2-868
non-IP protocols
denying 2-154
forwarding 2-461
non-IP traffic access lists 2-360
non-IP traffic forwarding
denying 2-154
permitting 2-461
non-stop forwarding 2-445
normal-range VLANs 2-947
no vlan command 2-947
nsf command 2-445
O
online diagnostics
configuring health monitoring diagnostic tests 2-157
displaying
configured boot-up coverage level 2-585
current scheduled tasks 2-585
event logs 2-585
supported test suites 2-585
test ID 2-585
test results 2-585
test statistics 2-585
enabling
scheduling 2-159
syslog messages 2-157
global configuration mode
clearing health monitoring diagnostic test schedule 2-157
clearing test-based testing schedule 2-159
setting health monitoring diagnostic testing 2-157
setting test-based testing 2-159
setting up health monitoring diagnostic test schedule 2-157
setting up test-based testing 2-159
removing scheduling 2-159
scheduled switchover
disabling 2-159
enabling 2-159
setting test interval 2-159
specifying health monitoring diagnostic tests 2-157
starting testing 2-161
P
PAgP
See EtherChannel
pagp learn-method command 2-447
pagp port-priority command 2-449
password, VTP 2-964
password-recovery mechanism, enabling and disabling 2-525
permit (ARP access-list configuration) command 2-453
permit (IPv6) command 2-455
permit (MAC access-list configuration) command 2-461
per-VLAN spanning-tree plus
See STP
physical-port learner 2-447
PID, displaying 2-638
PIM-DVMRP, as multicast router learning method 2-290
PoE
configuring the power budget 2-476
configuring the power management mode 2-473
displaying controller register values 2-579
displaying power management information 2-757
error detection for 2-206
error recovery timer 2-211
logging of status 2-351
monitoring power 2-479
policing power consumption 2-479
police aggregate command 2-466
police command 2-464
policed-DSCP map 2-394
policy-map command 2-468
policy maps
applying to an interface 2-527, 2-533
creating 2-468
displaying 2-754
hierarchical 2-469
policers
displaying 2-730
for a single class 2-464
for multiple classes 2-388, 2-466
policed-DSCP map 2-394
traffic classification
defining the class 2-90
defining trust states 2-939
setting DSCP or IP precedence values 2-531
Port Aggregation Protocol
See EtherChannel
port-based authentication
AAA method list 2-3
configuring violation modes 2-201
debug messages, display B-10
enabling guest VLAN supplicant 2-167, 2-178
enabling IEEE 802.1x
globally 2-164
per interface 2-189
guest VLAN 2-179
host modes 2-181
IEEE 802.1x AAA accounting methods 2-1
initialize an interface 2-182, 2-197
MAC authentication bypass 2-183
manual control of authorization state 2-189
multiple hosts on authorized port 2-181
PAE as authenticator 2-188
periodic re-authentication
enabling 2-192
time between attempts 2-198
quiet period between failed authentication exchanges 2-198
re-authenticating IEEE 802.1x-enabled ports 2-191
resetting configurable IEEE 802.1x parameters 2-177
switch-to-authentication server retransmission time 2-198
switch-to-client frame-retransmission number 2-185 to 2-187
switch-to-client retransmission time 2-198
test for IEEE 802.1x readiness 2-196
port-based trust
IPv4 and IPv6 2-421
port-channel load-balance command 2-471
Port Fast, for spanning tree 2-860
port ranges, defining 2-135, 2-138
ports, debugging B-82
ports, protected 2-920
port security
aging 2-914
debug messages, display B-84
enabling 2-909
violation error recovery 2-211
port trust states for QoS 2-420
port types, MVR 2-433
power information, displaying 2-600
power inline command 2-473
power inline consumption command 2-476
power inline police command 2-479
Power over Ethernet
See PoE
power-priority command 2-482
power rps command (global configuration) 2-488
power rps command (user EXEC) 2-484
power supply
configuring 2-486
managing 2-486
power supply command 2-486
power xps command privileged EXEC) 2-490
power xps port command 2-492
priority-queue command 2-494
priority value, stack member 2-780, 2-885
private-vlan command 2-496
private-vlan mapping command 2-499
private VLANs
association 2-918
configuring 2-496
configuring ports 2-905
displaying 2-793
host ports 2-905
mapping
configuring 2-918
displaying 2-622
promiscuous ports 2-905
privileged EXEC mode 1-2, 1-3
product identification information, displaying 2-638
promiscuous ports, private VLANs 2-905
protected ports, displaying 2-627
pruning
VLANs 2-922
VTP
enabling 2-964
pruning-eligible VLAN list 2-924
psp 2-501
psp command 2-501
PVST+
See STP
Q
QoS
auto-QoS
configuring 2-64
debug messages, display B-4
displaying 2-547
auto-QoS trust
configuring 2-58
auto-QoS video
configuring 2-61
class maps
creating 2-93
defining the match criteria 2-375
displaying 2-558
defining the CoS value for an incoming packet 2-390
displaying configuration information 2-547, 2-729
DSCP transparency 2-402
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 2-392
defining DSCP-to-DSCP-mutation map 2-394
egress queues
allocating buffers 2-398
defining the CoS output queue threshold map 2-416
defining the DSCP output queue threshold map 2-418
displaying buffer allocations 2-732
displaying CoS output queue threshold map 2-736
displaying DSCP output queue threshold map 2-736
displaying queueing strategy 2-732
displaying queue-set settings 2-739
enabling bandwidth shaping and scheduling 2-872
enabling bandwidth sharing and scheduling 2-874
limiting the maximum output on a port 2-870
mapping a port to a queue-set 2-502
mapping CoS values to a queue and threshold 2-416
mapping DSCP values to a queue and threshold 2-418
setting maximum and reserved memory allocations 2-400
setting WTD thresholds 2-400
enabling 2-386
enabling IPv6 QoS 2-386
ingress queues
allocating buffers 2-406
assigning SRR scheduling weights 2-404
defining the CoS input queue threshold map 2-408
defining the DSCP input queue threshold map 2-410
displaying buffer allocations 2-732
displaying CoS input queue threshold map 2-736
displaying DSCP input queue threshold map 2-736
displaying queueing strategy 2-732
displaying settings for 2-731
enabling the priority queue 2-412
mapping CoS values to a queue and threshold 2-408
mapping DSCP values to a queue and threshold 2-410
setting WTD thresholds 2-414
maps
defining 2-394, 2-408, 2-410, 2-416, 2-418
displaying 2-736
policy maps
applying an aggregate policer 2-466
applying to an interface 2-527, 2-533
creating 2-468
defining policers 2-388, 2-464
displaying policers 2-730
displaying policy maps 2-754
hierarchical 2-469
policed-DSCP map 2-394
setting DSCP or IP precedence values 2-531
traffic classifications 2-90
trust states 2-939
port trust states 2-420
queues, enabling the expedite 2-494
statistics
in-profile and out-of-profile packets 2-732
packets enqueued or dropped 2-732
sent and received CoS values 2-732
sent and received DSCP values 2-732
trusted boundary for IP phones 2-420
VLAN-based 2-422
quality of service
See QoS
querytime, MVR 2-430
queue-set command 2-502
R
radius-server dead-criteria command 2-503
radius-server host command 2-505
rapid per-VLAN spanning-tree plus
See STP
rapid PVST+
See STP
rcommand command 2-507
re-authenticating IEEE 802.1x-enabled ports 2-191
re-authentication
periodic 2-192
time between attempts 2-198
receiver ports, MVR 2-433
receiving flow-control packets 2-218
recovery mechanism
causes 2-211
display 2-97, 2-554, 2-607, 2-610
timer interval 2-212
redundancy for cluster switches 2-132
redundant power supply
See RPS
redundant power system
See Cisco Redundant Power System 2300
reload command 2-509
remote command 2-511
remote-span command 2-513
Remote Switched Port Analyzer
See RSPAN
rename (boot loader) command A-21
renew ip dhcp snooping database command 2-515
replay protection, MACsec 2-517
replay-protection command 2-517
reset (boot loader) command A-22
restricted VLAN
See dot1x auth-fail vlan
rmdir (boot loader) command A-23
rmon collection stats command 2-519
root guard, for spanning tree 2-833
routed ports
IP addresses on 2-233
number supported 2-233
routing frames
See MTU
RPS
See Cisco Redundant Power System 2300
RPS 2300
configuring 2-484, 2-490, 2-492
managing 2-484, 2-490, 2-492
See Cisco Redundant Power System 2300
RSPAN
configuring 2-425
displaying 2-741
filter RSPAN traffic 2-425
remote-span command 2-513
sessions
add interfaces to 2-425
displaying 2-741
start new 2-425
rsu command 2-520
S
scheduled switchover
disabling 2-159
enabling 2-159
SDM mismatch mode 2-522, 2-781
sdm prefer command 2-521
SDM templates
allowed resources 2-523
and stacking 2-522
displaying 2-765
dual IPv4 and IPv6 2-521
secure ports, limitations 2-911
sending flow-control packets 2-218
service password-recovery command 2-525
service-policy command 2-527
session command 2-530
set (boot loader) command A-24
set command 2-531
setup command 2-533
setup express command 2-536
show access-lists command 2-538
show archive status command 2-541
show arp access-list command 2-542
show authentication command 2-543
show auto qos command 2-547
show boot command 2-551
show cable-diagnostics tdr command 2-554
show cisp command 2-557
show class-map command 2-558
show cluster candidates command 2-561
show cluster command 2-559
show cluster members command 2-563
show controllers cpu-interface command 2-565
show controllers ethernet-controller command 2-567
show controllers ethernet-controller fastethernet command 2-574
show controllers ethernet phy macsec command 2-577
show controllers power inline command 2-579
show controllers tcam command 2-581
show controller utilization command 2-583
show dot1q-tunnel command 2-590
show dot1x command 2-591
show dtp 2-595
show eap command 2-597
show env command 2-600
show env xps command 2-603
show errdisable detect command 2-607
show errdisable flap-values command 2-609
show errdisable recovery command 2-610
show etherchannel command 2-612
show fallback profile command 2-615
show flowcontrol command 2-616
show hw-module switch command 2-618
show idprom command 2-620
show interfaces command 2-622
show interfaces counters command 2-633
show interface transceivers command 2-635
show inventory command 2-638
show ip arp inspection command 2-639
show ipc command 2-662
show ip dhcp snooping binding command 2-644
show ip dhcp snooping command 2-643
show ip dhcp snooping database command 2-646, 2-648
show ip igmp profile command 2-651
show ip igmp snooping address command 2-670
show ip igmp snooping command 2-652, 2-668
show ip igmp snooping groups command 2-654
show ip igmp snooping mrouter command 2-656, 2-672
show ip igmp snooping querier command 2-657, 2-674
show ip source binding command 2-659
show ipv6 access-list command 2-665
show ipv6 dhcp conflict command 2-667
show ipv6 route updated 2-676
show ip verify source command 2-660
show l2protocol-tunnel command 2-678
show lacp command 2-680
show link state group command 2-684
show location 2-686
show location command 2-686
show logging onboard command 2-688
show logging smartlog command 2-693
show mac access-group command 2-696
show mac address-table address command 2-699
show mac address-table aging time command 2-700
show mac address-table command 2-697
show mac address-table count command 2-702
show mac address-table dynamic command 2-703
show mac address-table interface command 2-704
show mac address-table learning command 2-705
show mac address-table move update command 2-706
show mac address-table notification command 2-109, 2-707, B-28
show mac address-table static command 2-709
show mac address-table vlan command 2-711
show macsec command 2-713
show mka default-policy command 2-715
show mka policy command 2-717
show mka session command 2-720
show mka statistics command 2-723
show mka summary command 2-726
show mls qos aggregate-policer command 2-730
show mls qos command 2-729
show mls qos input-queue command 2-731
show mls qos interface command 2-732
show mls qos maps command 2-736
show mls qos queue-set command 2-739
show mls qos vlan command 2-740
show monitor command 2-741
show mvr command 2-743
show mvr interface command 2-744
show mvr members command 2-746
show network-policy profile command 2-748
show nmsp command 2-749
show pagp command 2-752
show platform acl command C-2
show platform backup interface command C-3
show platform configuration command C-4
show platform dl command C-5
show platform etherchannel command C-6
show platform forward command C-7
show platform frontend-controller command C-9
show platform igmp snooping command C-10
show platform ipc trace command C-17
show platform ip multicast command C-11
show platform ip unicast command C-12
show platform ipv6 mld snooping command C-18
show platform ipv6 unicast command C-19
show platform ip wccp command C-16
show platform layer4op command C-21
show platform mac-address-table command C-22
show platform messaging command C-23
show platform monitor command C-24
show platform mvr table command C-25
show platform pm command C-26
show platform port-asic command C-27
show platform port-security command C-32
show platform qos command C-33
show platform resource-manager command C-34
show platform snmp counters command C-36
show platform spanning-tree command C-37
show platform stack-manager command C-39
show platform stp-instance command C-38
show platform tb command C-43
show platform tcam command C-44
show platform vlan command C-47
show policy-map command 2-754
show port security command 2-755
show power inline command 2-757, 2-775
show psp config 2-763
show psp config command 2-763
show psp statistics 2-764
show psp statistics command 2-764
show sdm prefer command 2-765
show setup express command 2-768
show spanning-tree command 2-769
show storm-control command 2-778
show switch command 2-780
show switch service-modules command 2-785
show system mtu command 2-787
show trust command 2-939
show udld command 2-788
show version command 2-791
show vlan access-map command 2-798
show vlan command 2-793
show vlan command, fields 2-795
show vlan filter command 2-799
show vmps command 2-800
show vtp command 2-802
shutdown command 2-807
shutdown threshold, Layer 2 protocol tunneling 2-333
shutdown vlan command 2-808
small-frame violation rate command 2-809
SNMP host, specifying 2-816
SNMP informs, enabling the sending of 2-811
snmp-server enable traps command 2-811
snmp-server host command 2-816
snmp trap mac-notification change command 2-820
SNMP traps
enabling MAC address notification trap 2-820
enabling the MAC address notification feature 2-367
enabling the sending of 2-811
SoftPhone
See Cisco SoftPhone
software images
copying 2-10
deleting 2-140
downloading 2-13
upgrading 2-10, 2-13
uploading 2-21
software version, displaying 2-791
source ports, MVR 2-433
SPAN
configuring 2-425
debug messages, display B-31
displaying 2-741
filter SPAN traffic 2-425
sessions
add interfaces to 2-425
displaying 2-741
start new 2-425
spanning-tree backbonefast command 2-822
spanning-tree bpdufilter command 2-823
spanning-tree bpduguard command 2-825
spanning-tree cost command 2-827
spanning-tree etherchannel command 2-829
spanning-tree extend system-id command 2-831
spanning-tree guard command 2-833
spanning-tree link-type command 2-835
spanning-tree loopguard default command 2-837
spanning-tree mode command 2-839
spanning-tree mst configuration command 2-841
spanning-tree mst cost command 2-843
spanning-tree mst forward-time command 2-845
spanning-tree mst hello-time command 2-846
spanning-tree mst max-age command 2-847
spanning-tree mst max-hops command 2-848
spanning-tree mst port-priority command 2-849
spanning-tree mst pre-standard command 2-851
spanning-tree mst priority command 2-852
spanning-tree mst root command 2-853
spanning-tree portfast (global configuration) command 2-857
spanning-tree portfast (interface configuration) command 2-860
spanning-tree port-priority command 2-855
Spanning Tree Protocol
See STP
spanning-tree transmit hold-count command 2-862
spanning-tree uplinkfast command 2-863
spanning-tree vlan command 2-865
speed command 2-868
srr-queue bandwidth limit command 2-870
srr-queue bandwidth shape command 2-872
srr-queue bandwidth share command 2-874
SSH, configuring version 2-297
stack-mac persistent timer command 2-876
stack member
access 2-530
number 2-780, 2-888
priority value 2-885
provisioning 2-886
reloading 2-509
stacks, switch
disabling a member 2-883
enabling a member 2-883
MAC address 2-876
provisioning a new member 2-886
reloading 2-509
stack member access 2-530
stack member number 2-780, 2-888
stack member priority value 2-780, 2-885
static-access ports, configuring 2-892
statistics, Ethernet group 2-519
sticky learning, enabling 2-909
storm-control command 2-880
STP
BackboneFast 2-822
counters, clearing 2-118
debug messages, display
BackboneFast events B-88
MSTP B-91
optimized BPDUs handling B-90
spanning-tree activity B-86
switch shim B-93
transmitted and received BPDUs B-89
UplinkFast B-95
detection of indirect link failures 2-822
enabling protocol tunneling for 2-333
EtherChannel misconfiguration 2-829
extended system ID 2-831
path cost 2-827
protocol modes 2-839
root port
accelerating choice of new 2-863
loop guard 2-833
preventing from becoming designated 2-833
restricting which can be root 2-833
root guard 2-833
UplinkFast 2-863
root switch
affects of extended system ID 2-831, 2-866
hello-time 2-865
interval between BDPU messages 2-865
interval between hello BPDU messages 2-865
max-age 2-865
port priority for selection of 2-855
primary or secondary 2-865
switch priority 2-865
state changes
blocking to forwarding state 2-860
enabling BPDU filtering 2-823, 2-857
enabling BPDU guard 2-825, 2-857
enabling Port Fast 2-857, 2-860
enabling timer to recover from error state 2-211
forward-delay time 2-865
length of listening and learning states 2-865
shutting down Port Fast-enabled ports 2-857
state information display 2-769
VLAN options 2-852, 2-865
supplemental power command 2-878
SVIs, creating 2-227
SVI status calculation 2-894
Switched Port Analyzer
See SPAN
switching characteristics
modifying 2-890
returning to interfaces 2-890
switchport access command 2-892
switchport autostate exclude command 2-894
switchport backup interface command 2-896
switchport block command 2-899
switchport command 2-890
switchport host command 2-901
switchport mode command 2-902
switchport mode private-vlan command 2-905
switchport nonegotiate command 2-907
switchport port-security aging command 2-914
switchport port-security command 2-909
switchport priority extend command 2-916
switchport private-vlan command 2-918
switchport protected command 2-920
switchports, displaying 2-622
switchport trunk command 2-922
switchport voice detect 2-925
switchport voice vlan command 2-926
switch priority command 2-883, 2-885
switch provision command 2-886
switch renumber command 2-888
system env temperature threshold yellow command 2-928
system message logging 2-351
system message logging, save message to flash 2-352
system mtu command 2-930
system resource templates 2-521
T
tar files, creating, listing, and extracting 2-18
TDR, running 2-933
Telnet, using to communicate to cluster switches 2-507
temperature information, displaying 2-600
templates, system resources 2-521
test cable-diagnostics tdr command 2-933
traceroute mac command 2-934
traceroute mac ip command 2-937
trunking, VLAN mode 2-902
trunk mode 2-902
trunk ports 2-902
trunks, to non-DTP device 2-903
trusted boundary for QoS 2-420
trusted port states for QoS 2-420
tunnel ports, Layer 2 protocol, displaying 2-678
type (boot loader) command A-27
U
UDLD
aggressive mode 2-941, 2-943
debug messages, display B-103
enable globally 2-941
enable per interface 2-943
error recovery timer 2-212
message timer 2-941
normal mode 2-941, 2-943
reset a shutdown interface 2-945
status 2-788
udld command 2-941
udld port command 2-943
udld reset command 2-945
unicast storm control 2-880
UniDirectional Link Detection
See UDLD
unknown multicast traffic, preventing 2-899
unknown unicast traffic, preventing 2-899
unset (boot loader) command A-28
upgrading
copying software images 2-10
downloading software images 2-13
software images, monitoring status of 2-541
UplinkFast, for STP 2-863
usb-inactivity-timeout (console configuration) command 2-946
user EXEC mode 1-2, 1-3
V
version (boot loader) command A-30
version mismatch mode 2-781, C-40
vlan (global configuration) command 2-947
vlan access-map command 2-952
VLAN access map configuration mode 2-952
VLAN access maps
actions 2-8
displaying 2-798
VLAN-based QoS 2-422
VLAN configuration
rules 2-950
saving 2-947
VLAN configuration mode
description 1-4
entering 2-947
summary 1-3
vlan dot1q tag native command 2-954
vlan filter command 2-956
VLAN filters, displaying 2-799
VLAN ID range 2-947
VLAN maps
applying 2-956
creating 2-952
defining 2-373
displaying 2-798
VLAN Query Protocol
See VQP
VLANs
adding 2-947
configuring 2-947
debug messages, display
ISL B-99
VLAN IOS file system error tests B-98
VLAN manager activity B-96
VTP B-101
displaying configurations 2-793
extended-range 2-947
MAC addresses
displaying 2-711
number of 2-702
media types 2-950
normal-range 2-947
private 2-905
configuring 2-496
displaying 2-793
See also private VLANs
restarting 2-808
saving the configuration 2-947
shutting down 2-808
SNMP traps for VTP 2-814, 2-817
suspending 2-808
VLAN Trunking Protocol
See VTP
VM mode 2-781, C-40
VMPS
configuring servers 2-961
displaying 2-800
error recovery timer 2-212
reconfirming dynamic VLAN assignments 2-958
vmps reconfirm (global configuration) command 2-959
vmps reconfirm (privileged EXEC) command 2-958
vmps retry command 2-960
vmps server command 2-961
voice VLAN
configuring 2-925, 2-926
setting port priority 2-916
VQP
and dynamic-access ports 2-893
clearing client statistics 2-120
displaying information 2-800
per-server retry count 2-960
reconfirmation interval 2-959
reconfirming dynamic VLAN assignments 2-958
VTP
changing characteristics 2-963
clearing pruning counters 2-121
configuring
domain name 2-963
file name 2-963
mode 2-963
password 2-964
counters display fields 2-803
displaying information 2-802
enabling
pruning 2-964
tunneling for 2-333
Version 2 2-964
enabling per port 2-968
mode 2-963
pruning 2-964
saving the configuration 2-947
statistics 2-802
status 2-802
status display fields 2-805
vtp (global configuration) command 2-963
vtp interface configuration command 2-968
vtp primary command 2-969
X
XPS 2200
configuring 2-488
naming 2-488