Index

A

aaa accounting dot1x command 2-1

aaa authentication dot1x command 2-3

aaa authorization network command 2-5, 2-27, 2-34, 2-36, 2-39, 2-41, 2-43, 2-180, 2-364, 2-581, B-7, B-41

AAA methods 2-3

access control entries

See ACEs

access control lists

See ACLs

access groups

IP 2-237

MAC, displaying 2-725

access list, IPv6 2-314

access map configuration mode 2-381

access mode 2-934

access ports 2-934

ACEs 2-154, 2-471

ACLs

deny 2-152

displaying 2-562

for non-IP protocols 2-368

IP 2-237

matching 2-381

on Layer 2 interfaces 2-237

permit 2-469

action command 2-8

address aliasing 2-439

aggregate-port learner 2-455

allowed VLANs 2-954

archive copy-sw command 2-10

archive download-sw command 2-13

archive tar command 2-18

archive upload-sw command 2-21

arp (boot loader) command A-2

arp access-list command 2-23

authentication command bounce-port ignore 2-25

authentication command disable-port ignore 2-26

authentication control-direction command 2-27

authentication event command 2-29

authentication event linksec fail action command 2-33

authentication failed VLAN

See dot1x auth-fail vlan

authentication fallback command 2-34

authentication host-mode command 2-36

authentication linksec policy command 2-38

authentication mac-move permit command 2-39

authentication open command 2-41

authentication order command 2-43

authentication periodic command 2-45

authentication port-control command 2-47

authentication priority command 2-49

authentication timer command 2-51

authentication violation command 2-53

auth-fail max-attempts

See dot1x auth-fail max-attempts

auth-fail vlan

See dot1x auth-fail vlan

auth open command 2-41

auth order command 2-43

authorization state of controlled port 2-197

auth timer command 2-51

autonegotiation of duplex mode 2-211

auto qos classify command 2-55

auto qos trust command 2-58

auto qos video command 2-61

auto qos voip command 2-64

B

BackboneFast, for STP 2-854

backup interfaces

configuring 2-928

displaying 2-649

boot (boot loader) command A-3

boot auto-copy-sw command 2-71

boot auto-download-sw command 2-72

boot config-file command 2-75

boot enable-break command 2-76

boot helper command 2-77

boot helper-config file command 2-78

booting

Cisco IOS image 2-81

displaying environment variables 2-575

interrupting 2-76

manually 2-79

boot loader

accessing A-1

booting

Cisco IOS image A-3

helper image 2-77

directories

creating A-19

displaying a list of A-8

removing A-23

displaying

available commands A-13

memory heap utilization A-14

version A-30

environment variables

described A-24

displaying settings A-24

location of A-25

setting A-24

unsetting A-28

files

copying A-6

deleting A-7

displaying a list of A-8

displaying the contents of A-5, A-20, A-27

renaming A-21

file system

formatting A-11

initializing flash A-10

running a consistency check A-12

prompt A-1

resetting the system A-22

boot manual command 2-79

boot private-config-file command 2-80

boot system command 2-81

boot time-copy-sw command 2-70

BPDU filtering, for spanning tree 2-855, 2-889

BPDU guard, for spanning tree 2-857, 2-889

broadcast storm control 2-912

C

candidate switches

See clusters

cat (boot loader) command A-5

CDP, enabling protocol tunneling for 2-341

channel-group command 2-85

channel-protocol command 2-89

Cisco Redundant Power System 2300

configuring 2-494

managing 2-494

Cisco SoftPhone

auto-QoS configuration 2-64

trusting packets sent from 2-428

CISP

See Client Information Signalling Protocol

cisp

debug platform cisp command B-41

cisp enable command 2-90

class command 2-91

class-map command 2-94

class maps

creating 2-94

defining the match criteria 2-383

displaying 2-582

class of service

See CoS

clear dot1x command 2-96

clear eap sessions command 2-97

clear errdisable interface 2-98

clear ip arp inspection log command 2-99

clear ip arp inspection statistics command 2-100

clear ipc command 2-103

clear ip dhcp snooping database command 2-101

clear ipv6 dhcp conflict command 2-104

clear l2protocol-tunnel counters command 2-105

clear lacp command 2-106

clear logging onboard command 2-107

clear logging smartlog statistics interface command 2-108

clear mac address-table command 2-109, 2-110

clear macsec counters interface command 2-111

clear mka command 2-112

clear nmsp statistics command 2-114

clear pagp command 2-115, 2-119

clear port-security command 2-116

clear psp counter 2-118

clear psp counter command 2-118

clear spanning-tree counters command 2-120

clear spanning-tree detected-protocols command 2-121

clear vmps statistics command 2-122

clear vtp counters command 2-123

Client Information Signalling Protocol 2-90, 2-180, 2-581, B-7, B-41

cluster commander-address command 2-124

cluster discovery hop-count command 2-126

cluster enable command 2-127

cluster holdtime command 2-129

cluster member command 2-130

cluster outside-interface command 2-132

cluster run command 2-133

clusters

adding candidates 2-130

binding to HSRP group 2-134

building manually 2-130

communicating with

devices outside the cluster 2-132

members by using Telnet 2-516

debug messages, display B-8

displaying

candidate switches 2-585

debug messages B-8

member switches 2-587

status 2-583

hop-count limit for extended discovery 2-126

HSRP standby groups 2-134

redundancy 2-134

SNMP trap 2-843

cluster standby-group command 2-134

cluster timer command 2-136

command modes defined 1-2

command switch

See clusters

confidentiality-offset command 2-139

configuration files

password recovery disable considerations A-1

specifying the name 2-75, 2-80

configuring multiple interfaces 2-233

config-vlan mode

commands 2-980

copy (boot loader) command A-6

copy logging onboard command 2-137

CoS

assigning default value to incoming packets 2-398

assigning to Layer 2 protocol packets 2-344

overriding the incoming value 2-398

CoS-to-DSCP map 2-402

CPU ASIC statistics, displaying 2-589

crashinfo files 2-223

critical VLAN 2-31

D

debug authentication B-2

debug auto qos command B-4

debug backup command B-6

debug cisp command B-7

debug cluster command B-8

debug device-sensor command B-10

debug dot1x command B-12

debug dtp command B-13

debug eap command B-14

debug etherchannel command B-15

debug fastethernet command B-16

debug ilpower command B-17

debug interface command B-18

debug ip dhcp snooping command B-19

debug ip igmp filter command B-21

debug ip igmp max-groups command B-22

debug ip igmp snooping command B-23

debug ip verify source packet command B-20

debug lacp command B-24

debug lldp packets command B-25

debug mac-notification command B-27

debug macsec command B-28

debug matm command B-29

debug matm move update command B-30

debug mka command B-31

debug monitor command B-33

debug mvrdbg command B-34

debug nmsp command B-35

debug nvram command B-36

debug pagp command B-37

debug platform acl command B-38

debug platform backup interface command B-40

debug platform cisp command B-41

debug platform cli-redirection main command B-42

debug platform configuration command B-43, B-51

debug platform cpu-queues command B-44

debug platform device-manager command B-46

debug platform dot1x command B-47

debug platform etherchannel command B-48

debug platform fallback-bridging command B-49

debug platform forw-tcam command B-50

debug platform ip arp inspection command B-52

debug platform ipc command B-61

debug platform ip dhcp command B-53

debug platform ip igmp snooping command B-54

debug platform ip multicast command B-56

debug platform ip unicast command B-58

debug platform ip wccp command B-60

debug platform led command B-62

debug platform matm command B-63

debug platform messaging application command B-64

debug platform phy command B-65

debug platform pm command B-67

debug platform port-asic command B-69

debug platform port-security command B-70

debug platform qos-acl-tcam command B-71

debug platform remote-commands command B-72

debug platform resource-manager command B-73

debug platform snmp command B-74

debug platform span command B-75

debug platform stack-manager command B-76

debug platform supervisor-asic command B-77

debug platform sw-bridge command B-78

debug platform tcam command B-79

debug platform udld command B-82

debug platform vlan command B-83

debug pm command B-84

debug port-security command B-86

debug qos-manager command B-87

debug spanning-tree backbonefast command B-90

debug spanning-tree bpdu command B-91

debug spanning-tree bpdu-opt command B-92

debug spanning-tree command B-88

debug spanning-tree mstp command B-93

debug spanning-tree switch command B-95

debug spanning-tree uplinkfast command B-97

debug sw-vlan command B-98

debug sw-vlan ifs command B-100

debug sw-vlan notification command B-101

debug sw-vlan vtp command B-103

debug udld command B-105

debug vqpc command B-107

default policy, MKA 2-389

define interface-range command 2-140

delete (boot loader) command A-7

delete command 2-142

deny (ARP access-list configuration) command 2-145

deny (IPv6) command 2-147

deny command 2-152

detect mechanism, causes 2-214

device-sensor accounting command 2-155

device-sensor filter-list command 2-156

device-sensor filter-list dhcp command 2-159

device-sensor filter-spec command 2-161

device-sensor notify command 2-163

DHCP snooping

accepting untrusted packets from edge switch 2-271

enabling

on a VLAN 2-277

option 82 2-269, 2-271

trust on an interface 2-275

error recovery timer 2-219

rate limiting 2-274

DHCP snooping binding database

binding file, configuring 2-267

bindings

adding 2-265

deleting 2-265

displaying 2-672

clearing database agent statistics 2-101

database agent, configuring 2-267

displaying

binding entries 2-672

database agent status 2-674, 2-676

renewing 2-524

Digital Optical Monitoring

see DoM

dir (boot loader) command A-8

directories, deleting 2-142

DoM

displaying supported transceivers 2-663

domain name, VTP 2-995

dot1x auth-fail max-attempts 2-174

dot1x auth-fail vlan 2-176

dot1x command 2-172

dot1x control-direction command 2-178

dot1x credentials (global configuration) command 2-180

dot1x critical global configuration command 2-181

dot1x critical interface configuration command 2-183

dot1x default command 2-185

dot1x fallback command 2-186

dot1x guest-vlan command 2-187

dot1x host-mode command 2-189

dot1x initialize command 2-190

dot1x mac-auth-bypass command 2-191

dot1x max-reauth-req command 2-193

dot1x max-req command 2-195

dot1x pae command 2-196

dot1x port-control command 2-197

dot1x re-authenticate command 2-199

dot1x reauthentication command 2-200

dot1x supplicant controlled transient command 2-201

dot1x supplicant force-multicast command 2-203

dot1x test eapol-capable command 2-204

dot1x test timeout command 2-205

dot1x timeout command 2-206

dot1x violation-mode command 2-209

dropping packets, with ACL matches 2-8

drop threshold, Layer 2 protocol tunneling 2-341

DSCP-to-CoS map 2-402

DSCP-to-DSCP-mutation map 2-402

DTP 2-935

DTP flap

error detection for 2-214

error recovery timer 2-219

DTP negotiation 2-939

dual IPv4 and IPv6 templates 2-463

duplex command 2-210

dynamic-access ports

configuring 2-924

restrictions 2-925

dynamic ARP inspection

ARP ACLs

apply to a VLAN 2-245

define 2-23

deny packets 2-145

display 2-566

permit packets 2-461

clear

log buffer 2-99

statistics 2-100

display

ARP ACLs 2-566

configuration and operating state 2-667

log buffer 2-667

statistics 2-667

trust state and rate limit 2-667

enable per VLAN 2-257

error detection for 2-214

error recovery timer 2-219

log buffer

clear 2-99

configure 2-249

display 2-667

rate-limit incoming ARP packets 2-247

statistics

clear 2-100

display 2-667

trusted interface state 2-253

type of packet logged 2-258

validation checks 2-255

dynamic auto VLAN membership mode 2-934

dynamic desirable VLAN membership mode 2-934

Dynamic Host Configuration Protocol (DHCP)

See DHCP snooping

Dynamic Trunking Protocol

See DTP

E

EAP-request/identity frame

maximum number to send 2-195

response time before retransmitting 2-206

encapsulation methods 2-954

environment variables, displaying 2-575

epm access-control open 2-212

errdisable detect cause command 2-214

errdisable detect cause small-frame command 2-217

errdisable recovery cause small-frame 2-222

errdisable recovery command 2-219

error conditions, displaying 2-635

error disable detection 2-214

error-disabled interfaces, displaying 2-648

EtherChannel

assigning Ethernet interface to channel group 2-85

creating port-channel logical interface 2-231

debug EtherChannel/PAgP, display B-15

debug platform-specific events, display B-48

displaying 2-638

enabling Layer 2 protocol tunneling for

LACP 2-342

PAgP 2-342

UDLD 2-342

interface information, displaying 2-648

LACP

clearing channel-group information 2-106, 2-107

debug messages, display B-24

displaying 2-709

modes 2-85

port priority for hot-standby ports 2-345

restricting a protocol 2-89

system priority 2-347

load-distribution methods 2-479

PAgP

aggregate-port learner 2-455

clearing channel-group information 2-115

debug messages, display B-37

displaying 2-781

error detection for 2-214

error recovery timer 2-219

learn method 2-455

modes 2-85

physical-port learner 2-455

priority of interface for transmitted traffic 2-457

Ethernet controller, internal register display 2-591, 2-598

Ethernet Management port, debugging B-16

Ethernet statistics, collecting 2-543

exception crashinfo command 2-223, 2-228

extended discovery of candidate switches 2-126

extended-range VLANs

and allowed VLAN list 2-954

and pruning-eligible list 2-954

configuring 2-979

extended system ID for STP 2-863

F

fallback profile command 2-224

fallback profiles, displaying 2-641

fan information, displaying 2-626

file name, VTP 2-995

files, deleting 2-142

flash_init (boot loader) command A-10

flexible authentication ordering 2-43

Flex Links

configuring 2-928

displaying 2-649

flow-based SPAN 2-433

flowcontrol command 2-226

format (boot loader) command A-11

forwarding packets, with ACL matches 2-8

forwarding results, display C-7

frame forwarding information, displaying C-7

front-end controller counter and status information C-9

fsck (boot loader) command A-12

FSPAN 2-433

G

global configuration mode 1-2, 1-4

H

hardware ACL statistics 2-562

health monitoring diagnostic tests 2-165

help (boot loader) command A-13

hierarchical policy maps 2-477

hop-count limit for clusters 2-126

host connection, port configuration 2-933

host ports, private VLANs 2-937

Hot Standby Router Protocol

See HSRP

HSRP

binding HSRP group to cluster 2-134

standby group 2-134

hw-module switch command 2-230

I

IEEE 802.1Q trunk ports and native VLANs 2-986

IEEE 802.1Q tunnel ports

configuring 2-934

displaying 2-616

limitations 2-935

IEEE 802.1x

and switchport modes 2-935

violation error recovery 2-219

See also port-based authentication

IGMP filters

applying 2-281

debug messages, display B-21

IGMP groups, setting maximum 2-282

IGMP maximum groups, debugging B-22

IGMP profiles

creating 2-284

displaying 2-679

IGMP snooping

adding ports as a static member of a group 2-300

displaying 2-680, 2-684, 2-685

enabling 2-286

enabling the configurable-leave timer 2-288

enabling the Immediate-Leave feature 2-297

flooding query count 2-294

interface topology change notification behavior 2-296

multicast table 2-682

querier 2-290

query solicitation 2-294

report suppression 2-292

switch topology change notification behavior 2-294

images

See software images

Immediate-Leave processing

IGMP 2-297

IPv6 2-337

MVR 2-441

interface configuration mode 1-2, 1-4

interface port-channel command 2-231

interface range command 2-233

interface-range macros 2-140

interfaces

assigning Ethernet interface to channel group 2-85

configuring 2-210

configuring multiple 2-233

creating port-channel logical 2-231

debug messages, display B-18

disabling 2-839

displaying the MAC address table 2-733

restarting 2-839

interface speed, configuring 2-900

interface vlan command 2-235

internal power supplies

See power supplies

internal registers, displaying 2-591, 2-598, 2-605

Internet Group Management Protocol

See IGMP

invalid GBIC

error detection for 2-214

error recovery timer 2-219

ip access-group command 2-237

ip address command 2-240

IP addresses, setting 2-240

IP address matching 2-381

ip admission command 2-242

ip admission name proxy http command 2-243

ip arp inspection filter vlan command 2-245

ip arp inspection limit command 2-247

ip arp inspection log-buffer command 2-249

ip arp inspection trust command 2-253

ip arp inspection validate command 2-255

ip arp inspection vlan command 2-257

ip arp inspection vlan logging command 2-258

ip device tracking command 2-260

ip device tracking probe command 2-262

IP DHCP snooping

See DHCP snooping

ip dhcp snooping binding command 2-265

ip dhcp snooping command 2-264

ip dhcp snooping database command 2-267

ip dhcp snooping information option allow-untrusted command 2-271

ip dhcp snooping information option command 2-269

ip dhcp snooping information option format remote-id command 2-273

ip dhcp snooping limit rate command 2-274

ip dhcp snooping trust command 2-275

ip dhcp snooping verify command 2-276

ip dhcp snooping vlan command 2-277

ip dhcp snooping vlan information option format-type circuit-id string command 2-279

ip igmp filter command 2-281

ip igmp max-groups command 2-282, 2-307, 2-309

ip igmp profile command 2-284

ip igmp snooping command 2-286

ip igmp snooping last-member-query-interval command 2-288

ip igmp snooping querier command 2-290

ip igmp snooping report-suppression command 2-292

ip igmp snooping tcn command 2-294

ip igmp snooping tcn flood command 2-296

ip igmp snooping vlan immediate-leave command 2-297

ip igmp snooping vlan mrouter command 2-298

ip igmp snooping vlan static command 2-300

IP multicast addresses 2-438

IP phones

auto-QoS configuration 2-64

trusting packets sent from 2-428

IP-precedence-to-DSCP map 2-402

ip snap forwarding command 2-302

ip source binding command 2-303

IP source guard

disabling 2-311

displaying

binding entries 2-687

configuration 2-688

dynamic binding entries only 2-672

enabling 2-311

static IP source bindings 2-303

ip ssh command 2-305

IPv4 and IPv6

port-based trust 2-429

IPv6 access list, deny conditions 2-147

ipv6 access-list command 2-314

ipv6 address dhcp command 2-317

ipv6 dhcp client request vendor command 2-318

ipv6 dhcp ping packets command 2-319

ipv6 dhcp pool command 2-321

ipv6 dhcp server command 2-324

ipv6 mld snooping command 2-326

ipv6 mld snooping last-listener-query count command 2-328

ipv6 mld snooping last-listener-query-interval command 2-330

ipv6 mld snooping listener-message-suppression command 2-332

ipv6 mld snooping robustness-variable command 2-333

ipv6 mld snooping tcn command 2-335

ipv6 mld snooping vlan command 2-337

IPv6 QoS

enabling 2-394

IPv6 SDM template 2-545

ipv6 traffic-filter command 2-339

ip verify source command 2-311

ip verify source smartlog command 2-313

J

jumbo frames

See MTU

L

l2protocol-tunnel command 2-341

l2protocol-tunnel cos command 2-344

LACP

See EtherChannel

lacp port-priority command 2-345

lacp system-priority command 2-347

Layer 2 mode, enabling 2-922

Layer 2 protocol ports, displaying 2-707

Layer 2 protocol-tunnel

error detection for 2-214

error recovery timer 2-219

Layer 2 protocol tunnel counters 2-105

Layer 2 protocol tunneling error recovery 2-342

Layer 2 traceroute

IP addresses 2-969

MAC addresses 2-966

Layer 3 mode, enabling 2-922

license boot command 2-349

line configuration mode 1-3, 1-5

Link Aggregation Control Protocol

See EtherChannel

link flap

error detection for 2-214

error recovery timer 2-219

link-security authentication 2-33

link-security policies 2-38

link state group command 2-351

link state track command 2-353

load-distribution methods for EtherChannel 2-479

location (global configuration) command 2-354

location (interface configuration) command 2-356

logging event command 2-358

logging event power-inline-status command 2-359

logging file command 2-360

logical interface 2-231

loopback error

detection for 2-214

recovery timer 2-219

loop guard, for spanning tree 2-865, 2-869

M

mab request format attribute 32 command 2-364

mac access-group command 2-366

MAC access-groups, displaying 2-725

MAC access list configuration mode 2-368

mac access-list extended command 2-368

MAC access lists 2-152

MAC addresses

disabling MAC address learning per VLAN 2-371

displaying

aging time 2-729

all 2-728

dynamic 2-732

MAC address-table move updates 2-735

notification settings 2-734, 2-736

number of addresses in a VLAN 2-731

per interface 2-733

per VLAN 2-740

static 2-738

static and dynamic entries 2-726

dynamic

aging time 2-370

deleting 2-109

displaying 2-732

enabling MAC address notification 2-375

enabling MAC address-table move update 2-373

matching 2-381

persistent stack 2-908

static

adding and removing 2-377

displaying 2-738

dropping on an interface 2-378

tables 2-728

MAC address notification, debugging B-27

mac address-table aging-time 2-366, 2-381

mac address-table aging-time command 2-370

mac address-table learning command 2-371

mac address-table move update command 2-373

mac address-table notification command 2-375

mac address-table static command 2-377

mac address-table static drop command 2-378

MAC frames

See MTU

macros

interface range 2-140, 2-233

MACsec

counters 2-111, 2-601

debugging B-28

displaying 2-742

enabling 2-380

registers 2-601

macsec command 2-380

maps

QoS

defining 2-402

displaying 2-765

VLAN

creating 2-984

defining 2-381

displaying 2-829

match (access-map configuration) command 2-381

match (class-map configuration) command 2-383

maximum transmission unit

See MTU

mdix auto command 2-386

Media Access Control Security

See MACsec.

media-type rj45 command 2-388

member switches

See clusters

memory (boot loader) command A-14

mgmt_clr (boot loader) command A-16

mgmt_init (boot loader) command A-17, A-18

MKA

confidentiality 2-139

debugging B-31

displaying default policy 2-744

displaying policies 2-746

displaying sessions 2-749

displaying sessions and statistics 2-755

displaying statistics 2-752

policy configuration mode 2-390

MKA, enabling 2-392

mka default policy command 2-389

mka policy global configuration command 2-390

mka policy interface configuration command 2-392

mkdir (boot loader) command A-19

MLD snooping

configuring 2-332, 2-333

configuring queries 2-328, 2-330

configuring topology change notification 2-335

displaying 2-697, 2-699, 2-701, 2-703

enabling 2-326

enabling on a VLAN 2-337

mls qos aggregate-policer command 2-396

mls qos command 2-394

mls qos cos command 2-398

mls qos dscp-mutation command 2-400

mls qos map command 2-402

mls qos queue-set output buffers command 2-406

mls qos queue-set output threshold command 2-408

mls qos rewrite ip dscp command 2-410

mls qos srr-queue input bandwidth command 2-412

mls qos srr-queue input buffers command 2-414

mls qos-srr-queue input cos-map command 2-416

mls qos srr-queue input dscp-map command 2-418

mls qos srr-queue input priority-queue command 2-420

mls qos srr-queue input threshold command 2-422

mls qos-srr-queue output cos-map command 2-424

mls qos srr-queue output dscp-map command 2-426

mls qos trust command 2-428

mls qos vlan-based command 2-430

mode, MVR 2-438

Mode button, and password recovery 2-549

mode command 2-431

modes, commands 1-2

monitor session command 2-433

more (boot loader) command A-20

MSTP

displaying 2-801

interoperability 2-121

link type 2-867

MST region

aborting changes 2-873

applying changes 2-873

configuration name 2-873

configuration revision number 2-873

current or pending display 2-873

displaying 2-801

MST configuration mode 2-873

VLANs-to-instance mapping 2-873

path cost 2-875

protocol mode 2-871

restart protocol migration process 2-121

root port

loop guard 2-865

preventing from becoming designated 2-865

restricting which can be root 2-865

root guard 2-865

root switch

affects of extended system ID 2-863

hello-time 2-878, 2-885

interval between BDPU messages 2-879

interval between hello BPDU messages 2-878, 2-885

max-age 2-879

maximum hop count before discarding BPDU 2-880

port priority for selection of 2-881

primary or secondary 2-885

switch priority 2-884

state changes

blocking to forwarding state 2-892

enabling BPDU filtering 2-855, 2-889

enabling BPDU guard 2-857, 2-889

enabling Port Fast 2-889, 2-892

forward-delay time 2-877

length of listening and learning states 2-877

rapid transition to forwarding 2-867

shutting down Port Fast-enabled ports 2-889

state information display 2-800

MTU

configuring size 2-962

displaying global setting 2-818

MAC 2-963

system jumbo 2-963

system routing 2-963

Multicase Listener Discovery

See MLD

multicast group address, MVR 2-441

multicast groups, MVR 2-439

Multicast Listener Discovery

See MLD

multicast router learning method 2-298

multicast router ports, configuring 2-298

multicast router ports, IPv6 2-337

multicast storm control 2-912

multicast VLAN, MVR 2-438

multicast VLAN registration

See MVR

multiple hosts on authorized port 2-189

Multiple Spanning Tree Protocol

See MSTP

MVR

and address aliasing 2-439

configuring 2-438

configuring interfaces 2-441

debug messages, display B-34

displaying 2-772

displaying interface information 2-773

members, displaying 2-775

mvr (global configuration) command 2-438

mvr (interface configuration) command 2-441

mvr vlan group command 2-442

N

native VLANs 2-954

native VLAN tagging 2-986

network-policy (global configuration) command 2-445

network-policy command 2-444

network-policy profile (network-policy configuration) command 2-446

nmsp attachment suppress command 2-449

nmsp command 2-448

no authentication logging verbose 2-450

no dot1x logging verbose 2-451

no mab logging verbose 2-452

nonegotiate

DTP messaging 2-939

speed 2-900

non-IP protocols

denying 2-152

forwarding 2-469

non-IP traffic access lists 2-368

non-IP traffic forwarding

denying 2-152

permitting 2-469

non-stop forwarding 2-453

normal-range VLANs 2-979

no vlan command 2-979

nsf command 2-453

O

online diagnostics

configuring health monitoring diagnostic tests 2-165

displaying

configured boot-up coverage level 2-611

current scheduled tasks 2-611

event logs 2-611

supported test suites 2-611

test ID 2-611

test results 2-611

test statistics 2-611

enabling

scheduling 2-167

syslog messages 2-165

global configuration mode

clearing health monitoring diagnostic test schedule 2-165

clearing test-based testing schedule 2-167

setting health monitoring diagnostic testing 2-165

setting test-based testing 2-167

setting up health monitoring diagnostic test schedule 2-165

setting up test-based testing 2-167

removing scheduling 2-167

scheduled switchover

disabling 2-167

enabling 2-167

setting test interval 2-167

specifying health monitoring diagnostic tests 2-165

starting testing 2-169

P

PAgP

See EtherChannel

pagp learn-method command 2-455

pagp port-priority command 2-457

password, VTP 2-996

password-recovery mechanism, enabling and disabling 2-549

permit (ARP access-list configuration) command 2-461

permit (IPv6) command 2-463

permit (MAC access-list configuration) command 2-469

per-VLAN spanning-tree plus

See STP

physical-port learner 2-455

PID, displaying 2-666

PIM-DVMRP, as multicast router learning method 2-298

PoE

configuring the power budget 2-484

configuring the power management mode 2-481

displaying controller register values 2-603

displaying power management information 2-786

error detection for 2-214

error recovery timer 2-219

logging of status 2-359

monitoring power 2-488

policing power consumption 2-488

police aggregate command 2-474

police command 2-472

policed-DSCP map 2-402

policy-map command 2-476

policy maps

applying to an interface 2-551, 2-557

creating 2-476

displaying 2-783

hierarchical 2-477

policers

displaying 2-759

for a single class 2-472

for multiple classes 2-396, 2-474

policed-DSCP map 2-402

traffic classification

defining the class 2-91

defining trust states 2-971

setting DSCP or IP precedence values 2-555

Port Aggregation Protocol

See EtherChannel

port-based authentication

AAA method list 2-3

configuring violation modes 2-209

debug messages, display B-12

enabling guest VLAN supplicant 2-175, 2-186

enabling IEEE 802.1x

globally 2-172

per interface 2-197

guest VLAN 2-187

host modes 2-189

IEEE 802.1x AAA accounting methods 2-1

initialize an interface 2-190, 2-205

MAC authentication bypass 2-191

manual control of authorization state 2-197

multiple hosts on authorized port 2-189

PAE as authenticator 2-196

periodic re-authentication

enabling 2-200

time between attempts 2-206

quiet period between failed authentication exchanges 2-206

re-authenticating IEEE 802.1x-enabled ports 2-199

resetting configurable IEEE 802.1x parameters 2-185

switch-to-authentication server retransmission time 2-206

switch-to-client frame-retransmission number 2-193 to 2-195

switch-to-client retransmission time 2-206

test for IEEE 802.1x readiness 2-204

port-based trust

IPv4 and IPv6 2-429

port-channel load-balance command 2-479

Port Fast, for spanning tree 2-892

port ranges, defining 2-137, 2-140

ports, debugging B-84

ports, protected 2-952

port security

aging 2-946

debug messages, display B-86

enabling 2-941

violation error recovery 2-219

port trust states for QoS 2-428

port types, MVR 2-441

power information, displaying 2-626

power inline command 2-481

power inline consumption command 2-484

power inline four-pair forced command 2-487

power inline police command 2-488

Power over Ethernet

See PoE

power-priority command 2-491

power rps command (global configuration) 2-497

power rps command (user EXEC) 2-493

power supply

configuring 2-495

managing 2-495

power supply command 2-495

power xps command privileged EXEC) 2-499

power xps port command 2-501

priority-queue command 2-503

priority value, stack member 2-811, 2-917

private-vlan command 2-505

private-vlan mapping command 2-508

private VLANs

association 2-950

configuring 2-505

configuring ports 2-937

displaying 2-824

host ports 2-937

mapping

configuring 2-950

displaying 2-648

promiscuous ports 2-937

privileged EXEC mode 1-2, 1-3

product identification information, displaying 2-666

promiscuous ports, private VLANs 2-937

protected ports, displaying 2-653

pruning

VLANs 2-954

VTP

enabling 2-996

pruning-eligible VLAN list 2-956

psp 2-510

psp command 2-510

PVST+

See STP

Q

QoS

auto-QoS

configuring 2-64

debug messages, display B-4

displaying 2-571

auto-QoS trust

configuring 2-58

auto-QoS video

configuring 2-61

class maps

creating 2-94

defining the match criteria 2-383

displaying 2-582

defining the CoS value for an incoming packet 2-398

displaying configuration information 2-571, 2-758

DSCP transparency 2-410

DSCP trusted ports

applying DSCP-to-DSCP-mutation map to 2-400

defining DSCP-to-DSCP-mutation map 2-402

egress queues

allocating buffers 2-406

defining the CoS output queue threshold map 2-424

defining the DSCP output queue threshold map 2-426

displaying buffer allocations 2-761

displaying CoS output queue threshold map 2-765

displaying DSCP output queue threshold map 2-765

displaying queueing strategy 2-761

displaying queue-set settings 2-768

enabling bandwidth shaping and scheduling 2-904

enabling bandwidth sharing and scheduling 2-906

limiting the maximum output on a port 2-902

mapping a port to a queue-set 2-511

mapping CoS values to a queue and threshold 2-424

mapping DSCP values to a queue and threshold 2-426

setting maximum and reserved memory allocations 2-408

setting WTD thresholds 2-408

enabling 2-394

enabling IPv6 QoS 2-394

ingress queues

allocating buffers 2-414

assigning SRR scheduling weights 2-412

defining the CoS input queue threshold map 2-416

defining the DSCP input queue threshold map 2-418

displaying buffer allocations 2-761

displaying CoS input queue threshold map 2-765

displaying DSCP input queue threshold map 2-765

displaying queueing strategy 2-761

displaying settings for 2-760

enabling the priority queue 2-420

mapping CoS values to a queue and threshold 2-416

mapping DSCP values to a queue and threshold 2-418

setting WTD thresholds 2-422

maps

defining 2-402, 2-416, 2-418, 2-424, 2-426

displaying 2-765

policy maps

applying an aggregate policer 2-474

applying to an interface 2-551, 2-557

creating 2-476

defining policers 2-396, 2-472

displaying policers 2-759

displaying policy maps 2-783

hierarchical 2-477

policed-DSCP map 2-402

setting DSCP or IP precedence values 2-555

traffic classifications 2-91

trust states 2-971

port trust states 2-428

queues, enabling the expedite 2-503

statistics

in-profile and out-of-profile packets 2-761

packets enqueued or dropped 2-761

sent and received CoS values 2-761

sent and received DSCP values 2-761

trusted boundary for IP phones 2-428

VLAN-based 2-430

quality of service

See QoS

querytime, MVR 2-438

queue-set command 2-511

R

radius-server dead-criteria command 2-512

radius-server host command 2-514

rapid per-VLAN spanning-tree plus

See STP

rapid PVST+

See STP

rcommand command 2-516

re-authenticating IEEE 802.1x-enabled ports 2-199

re-authentication

periodic 2-200

time between attempts 2-206

receiver ports, MVR 2-441

receiving flow-control packets 2-226

recovery mechanism

causes 2-219

display 2-98, 2-578, 2-633, 2-636

timer interval 2-220

redundancy for cluster switches 2-134

redundant power supply

See RPS

redundant power system

See Cisco Redundant Power System 2300

reload command 2-518

remote command 2-520

remote-span command 2-522

Remote Switched Port Analyzer

See RSPAN

rename (boot loader) command A-21

renew ip dhcp snooping database command 2-524

rep admin vlan command 2-526

rep block port command 2-527

replay protection, MACsec 2-540

replay-protection command 2-540

rep lsl-age-timer command 2-531

rep preempt delay command 2-532

rep preempt segment command 2-534

rep segment command 2-535

rep stcn command 2-538

reset (boot loader) command A-22

restricted VLAN

See dot1x auth-fail vlan

rmdir (boot loader) command A-23

rmon collection stats command 2-543

root guard, for spanning tree 2-865

routed ports

IP addresses on 2-241

number supported 2-241

routing frames

See MTU

RPS

See Cisco Redundant Power System 2300

RPS 2300

configuring 2-493, 2-499, 2-501

managing 2-493, 2-499, 2-501

See Cisco Redundant Power System 2300

RSPAN

configuring 2-433

displaying 2-770

filter RSPAN traffic 2-433

remote-span command 2-522

sessions

add interfaces to 2-433

displaying 2-770

start new 2-433

rsu command 2-544

S

scheduled switchover

disabling 2-167

enabling 2-167

SDM mismatch mode 2-546, 2-812

sdm prefer command 2-545

SDM templates

allowed resources 2-547

and stacking 2-546

displaying 2-796

dual IPv4 and IPv6 2-545

secure ports, limitations 2-943

sending flow-control packets 2-226

service password-recovery command 2-549

service-policy command 2-551

session command 2-554

set (boot loader) command A-24

set command 2-555

setup command 2-557

setup express command 2-560

show access-lists command 2-562

show archive status command 2-565

show arp access-list command 2-566

show authentication command 2-567

show auto qos command 2-571

show boot command 2-575

show cable-diagnostics tdr command 2-578

show cisp command 2-581

show class-map command 2-582

show cluster candidates command 2-585

show cluster command 2-583

show cluster members command 2-587

show controllers cpu-interface command 2-589

show controllers ethernet-controller command 2-591

show controllers ethernet-controller fastethernet command 2-598

show controllers ethernet phy macsec command 2-601

show controllers power inline command 2-603

show controllers tcam command 2-605

show controller utilization command 2-607

show device-sensor cache command 2-609

show dot1q-tunnel command 2-616

show dot1x command 2-617

show dtp 2-621

show eap command 2-623

show env command 2-626

show env xps command 2-629

show errdisable detect command 2-633

show errdisable flap-values command 2-635

show errdisable recovery command 2-636

show etherchannel command 2-638

show fallback profile command 2-641

show flowcontrol command 2-642

show hw-module switch command 2-644

show idprom command 2-646

show interface rep command 2-661

show interfaces command 2-648

show interfaces counters command 2-659

show interface transceivers command 2-663

show inventory command 2-666

show ip arp inspection command 2-667

show ipc command 2-690

show ip dhcp snooping binding command 2-672

show ip dhcp snooping command 2-671

show ip dhcp snooping database command 2-674, 2-676

show ip igmp profile command 2-679

show ip igmp snooping address command 2-699

show ip igmp snooping command 2-680, 2-697

show ip igmp snooping groups command 2-682

show ip igmp snooping mrouter command 2-684, 2-701

show ip igmp snooping querier command 2-685, 2-703

show ip source binding command 2-687

show ipv6 access-list command 2-694

show ipv6 dhcp conflict command 2-696

show ipv6 route updated 2-705

show ip verify source command 2-688

show l2protocol-tunnel command 2-707

show lacp command 2-709

show link state group command 2-713

show location 2-715

show location command 2-715

show logging onboard command 2-717

show logging smartlog command 2-722

show mac access-group command 2-725

show mac address-table address command 2-728

show mac address-table aging time command 2-729

show mac address-table command 2-726

show mac address-table count command 2-731

show mac address-table dynamic command 2-732

show mac address-table interface command 2-733

show mac address-table learning command 2-734

show mac address-table move update command 2-735

show mac address-table notification command 2-110, 2-736, B-30

show mac address-table static command 2-738

show mac address-table vlan command 2-740

show macsec command 2-742

show mka default-policy command 2-744

show mka policy command 2-746

show mka session command 2-749

show mka statistics command 2-752

show mka summary command 2-755

show mls qos aggregate-policer command 2-759

show mls qos command 2-758

show mls qos input-queue command 2-760

show mls qos interface command 2-761

show mls qos maps command 2-765

show mls qos queue-set command 2-768

show mls qos vlan command 2-769

show monitor command 2-770

show mvr command 2-772

show mvr interface command 2-773

show mvr members command 2-775

show network-policy profile command 2-777

show nmsp command 2-778

show pagp command 2-781

show platform acl command C-2

show platform backup interface command C-3

show platform configuration command C-4

show platform dl command C-5

show platform etherchannel command C-6

show platform forward command C-7

show platform frontend-controller command C-9

show platform igmp snooping command C-10

show platform ipc trace command C-17

show platform ip multicast command C-11

show platform ip unicast command C-12

show platform ipv6 mld snooping command C-18

show platform ipv6 unicast command C-19

show platform ip wccp command C-16

show platform layer4op command C-21

show platform mac-address-table command C-22

show platform messaging command C-23

show platform monitor command C-24

show platform mvr table command C-25

show platform pm command C-26

show platform port-asic command C-27

show platform port-security command C-32

show platform qos command C-33

show platform resource-manager command C-34

show platform snmp counters command C-36

show platform spanning-tree command C-37

show platform stack-manager command C-39

show platform stp-instance command C-38

show platform tb command C-43

show platform tcam command C-44

show platform vlan command C-47

show policy-map command 2-783

show port security command 2-784

show power inline command 2-786, 2-806

show psp config 2-792

show psp config command 2-792

show psp statistics 2-793

show psp statistics command 2-793

show rep topology command 2-794

show sdm prefer command 2-796

show setup express command 2-799

show spanning-tree command 2-800

show storm-control command 2-809

show switch command 2-811

show switch service-modules command 2-816

show system mtu command 2-818

show trust command 2-971

show udld command 2-819

show version command 2-822

show vlan access-map command 2-829

show vlan command 2-824

show vlan command, fields 2-826

show vlan filter command 2-830

show vmps command 2-831

show vtp command 2-833

shutdown command 2-839

shutdown threshold, Layer 2 protocol tunneling 2-341

shutdown vlan command 2-840

small-frame violation rate command 2-841

SNMP host, specifying 2-848

SNMP informs, enabling the sending of 2-843

snmp-server enable traps command 2-843

snmp-server host command 2-848

snmp trap mac-notification change command 2-852

SNMP traps

enabling MAC address notification trap 2-852

enabling the MAC address notification feature 2-375

enabling the sending of 2-843

SoftPhone

See Cisco SoftPhone

software images

copying 2-10

deleting 2-142

downloading 2-13

upgrading 2-10, 2-13

uploading 2-21

software version, displaying 2-822

source ports, MVR 2-441

SPAN

configuring 2-433

debug messages, display B-33

displaying 2-770

filter SPAN traffic 2-433

sessions

add interfaces to 2-433

displaying 2-770

start new 2-433

spanning-tree backbonefast command 2-854

spanning-tree bpdufilter command 2-855

spanning-tree bpduguard command 2-857

spanning-tree cost command 2-859

spanning-tree etherchannel command 2-861

spanning-tree extend system-id command 2-863

spanning-tree guard command 2-865

spanning-tree link-type command 2-867

spanning-tree loopguard default command 2-869

spanning-tree mode command 2-871

spanning-tree mst configuration command 2-873

spanning-tree mst cost command 2-875

spanning-tree mst forward-time command 2-877

spanning-tree mst hello-time command 2-878

spanning-tree mst max-age command 2-879

spanning-tree mst max-hops command 2-880

spanning-tree mst port-priority command 2-881

spanning-tree mst pre-standard command 2-883

spanning-tree mst priority command 2-884

spanning-tree mst root command 2-885

spanning-tree portfast (global configuration) command 2-889

spanning-tree portfast (interface configuration) command 2-892

spanning-tree port-priority command 2-887

Spanning Tree Protocol

See STP

spanning-tree transmit hold-count command 2-894

spanning-tree uplinkfast command 2-895

spanning-tree vlan command 2-897

speed command 2-900

srr-queue bandwidth limit command 2-902

srr-queue bandwidth shape command 2-904

srr-queue bandwidth share command 2-906

SSH, configuring version 2-305

stack-mac persistent timer command 2-908

stack member

access 2-554

number 2-811, 2-920

priority value 2-917

provisioning 2-918

reloading 2-518

stacks, switch

disabling a member 2-915

enabling a member 2-915

MAC address 2-908

provisioning a new member 2-918

reloading 2-518

stack member access 2-554

stack member number 2-811, 2-920

stack member priority value 2-811, 2-917

static-access ports, configuring 2-924

statistics, Ethernet group 2-543

sticky learning, enabling 2-941

storm-control command 2-912

STP

BackboneFast 2-854

counters, clearing 2-120

debug messages, display

BackboneFast events B-90

MSTP B-93

optimized BPDUs handling B-92

spanning-tree activity B-88

switch shim B-95

transmitted and received BPDUs B-91

UplinkFast B-97

detection of indirect link failures 2-854

enabling protocol tunneling for 2-341

EtherChannel misconfiguration 2-861

extended system ID 2-863

path cost 2-859

protocol modes 2-871

root port

accelerating choice of new 2-895

loop guard 2-865

preventing from becoming designated 2-865

restricting which can be root 2-865

root guard 2-865

UplinkFast 2-895

root switch

affects of extended system ID 2-863, 2-898

hello-time 2-897

interval between BDPU messages 2-897

interval between hello BPDU messages 2-897

max-age 2-897

port priority for selection of 2-887

primary or secondary 2-897

switch priority 2-897

state changes

blocking to forwarding state 2-892

enabling BPDU filtering 2-855, 2-889

enabling BPDU guard 2-857, 2-889

enabling Port Fast 2-889, 2-892

enabling timer to recover from error state 2-219

forward-delay time 2-897

length of listening and learning states 2-897

shutting down Port Fast-enabled ports 2-889

state information display 2-800

VLAN options 2-884, 2-897

supplemental power command 2-910

SVIs, creating 2-235

SVI status calculation 2-926

Switched Port Analyzer

See SPAN

switching characteristics

modifying 2-922

returning to interfaces 2-922

switchport access command 2-924

switchport autostate exclude command 2-926

switchport backup interface command 2-928

switchport block command 2-931

switchport command 2-922

switchport host command 2-933

switchport mode command 2-934

switchport mode private-vlan command 2-937

switchport nonegotiate command 2-939

switchport port-security aging command 2-946

switchport port-security command 2-941

switchport priority extend command 2-948

switchport private-vlan command 2-950

switchport protected command 2-952

switchports, displaying 2-648

switchport trunk command 2-954

switchport voice detect 2-957

switchport voice vlan command 2-958

switch priority command 2-915, 2-917

switch provision command 2-918

switch renumber command 2-920

system env temperature threshold yellow command 2-960

system message logging 2-359

system message logging, save message to flash 2-360

system mtu command 2-962

system resource templates 2-545

T

tar files, creating, listing, and extracting 2-18

TDR, running 2-965

Telnet, using to communicate to cluster switches 2-516

temperature information, displaying 2-626

templates, system resources 2-545

test cable-diagnostics tdr command 2-965

traceroute mac command 2-966

traceroute mac ip command 2-969

trunking, VLAN mode 2-934

trunk mode 2-934

trunk ports 2-934

trunks, to non-DTP device 2-935

trusted boundary for QoS 2-428

trusted port states for QoS 2-428

tunnel ports, Layer 2 protocol, displaying 2-707

type (boot loader) command A-27

U

UDLD

aggressive mode 2-973, 2-975

debug messages, display B-105

enable globally 2-973

enable per interface 2-975

error recovery timer 2-220

message timer 2-973

normal mode 2-973, 2-975

reset a shutdown interface 2-977

status 2-819

udld command 2-973

udld port command 2-975

udld reset command 2-977

unicast storm control 2-912

UniDirectional Link Detection

See UDLD

unknown multicast traffic, preventing 2-931

unknown unicast traffic, preventing 2-931

unset (boot loader) command A-28

upgrading

copying software images 2-10

downloading software images 2-13

software images, monitoring status of 2-565

UplinkFast, for STP 2-895

usb-inactivity-timeout (console configuration) command 2-978

user EXEC mode 1-2, 1-3

V

version (boot loader) command A-30

version mismatch mode 2-812, C-40

vlan (global configuration) command 2-979

vlan access-map command 2-984

VLAN access map configuration mode 2-984

VLAN access maps

actions 2-8

displaying 2-829

VLAN-based QoS 2-430

VLAN configuration

rules 2-982

saving 2-979

VLAN configuration mode

description 1-4

entering 2-979

summary 1-3

vlan dot1q tag native command 2-986

vlan filter command 2-988

VLAN filters, displaying 2-830

VLAN ID range 2-979

VLAN maps

applying 2-988

creating 2-984

defining 2-381

displaying 2-829

VLAN Query Protocol

See VQP

VLANs

adding 2-979

configuring 2-979

debug messages, display

ISL B-101

VLAN IOS file system error tests B-100

VLAN manager activity B-98

VTP B-103

displaying configurations 2-824

extended-range 2-979

MAC addresses

displaying 2-740

number of 2-731

media types 2-982

normal-range 2-979

private 2-937

configuring 2-505

displaying 2-824

See also private VLANs

restarting 2-840

saving the configuration 2-979

shutting down 2-840

SNMP traps for VTP 2-846, 2-849

suspending 2-840

VLAN Trunking Protocol

See VTP

VM mode 2-812, C-40

VMPS

configuring servers 2-993

displaying 2-831

error recovery timer 2-220

reconfirming dynamic VLAN assignments 2-990

vmps reconfirm (global configuration) command 2-991

vmps reconfirm (privileged EXEC) command 2-990

vmps retry command 2-992

vmps server command 2-993

voice VLAN

configuring 2-957, 2-958

setting port priority 2-948

VQP

and dynamic-access ports 2-925

clearing client statistics 2-122

displaying information 2-831

per-server retry count 2-992

reconfirmation interval 2-991

reconfirming dynamic VLAN assignments 2-990

VTP

changing characteristics 2-995

clearing pruning counters 2-123

configuring

domain name 2-995

file name 2-995

mode 2-995

password 2-996

counters display fields 2-834

displaying information 2-833

enabling

pruning 2-996

tunneling for 2-341

Version 2 2-996

enabling per port 2-1000

mode 2-995

pruning 2-996

saving the configuration 2-979

statistics 2-833

status 2-833

status display fields 2-836

vtp (global configuration) command 2-995

vtp interface configuration command 2-1000

vtp primary command 2-1001

X

XPS 2200

configuring 2-497

naming 2-497

Index

A

aaa accounting dot1x command 2-1

aaa authentication dot1x command 2-3

aaa authorization network command 2-5, 2-27, 2-34, 2-36, 2-39, 2-41, 2-43, 2-180, 2-364, 2-581, B-7, B-41

AAA methods 2-3

access control entries

See ACEs

access control lists

See ACLs

access groups

IP 2-237

MAC, displaying 2-725

access list, IPv6 2-314

access map configuration mode 2-381

access mode 2-934

access ports 2-934

ACEs 2-154, 2-471

ACLs

deny 2-152

displaying 2-562

for non-IP protocols 2-368

IP 2-237

matching 2-381

on Layer 2 interfaces 2-237

permit 2-469

action command 2-8

address aliasing 2-439

aggregate-port learner 2-455

allowed VLANs 2-954

archive copy-sw command 2-10

archive download-sw command 2-13

archive tar command 2-18

archive upload-sw command 2-21

arp (boot loader) command A-2

arp access-list command 2-23

authentication command bounce-port ignore 2-25

authentication command disable-port ignore 2-26

authentication control-direction command 2-27

authentication event command 2-29

authentication event linksec fail action command 2-33

authentication failed VLAN

See dot1x auth-fail vlan

authentication fallback command 2-34

authentication host-mode command 2-36

authentication linksec policy command 2-38

authentication mac-move permit command 2-39

authentication open command 2-41

authentication order command 2-43

authentication periodic command 2-45

authentication port-control command 2-47

authentication priority command 2-49

authentication timer command 2-51

authentication violation command 2-53

auth-fail max-attempts

See dot1x auth-fail max-attempts

auth-fail vlan

See dot1x auth-fail vlan

auth open command 2-41

auth order command 2-43

authorization state of controlled port 2-197

auth timer command 2-51

autonegotiation of duplex mode 2-211

auto qos classify command 2-55

auto qos trust command 2-58

auto qos video command 2-61

auto qos voip command 2-64

B

BackboneFast, for STP 2-854

backup interfaces

configuring 2-928

displaying 2-649

boot (boot loader) command A-3

boot auto-copy-sw command 2-71

boot auto-download-sw command 2-72

boot config-file command 2-75

boot enable-break command 2-76

boot helper command 2-77

boot helper-config file command 2-78

booting

Cisco IOS image 2-81

displaying environment variables 2-575

interrupting 2-76

manually 2-79

boot loader

accessing A-1

booting

Cisco IOS image A-3

helper image 2-77

directories

creating A-19

displaying a list of A-8

removing A-23

displaying

available commands A-13

memory heap utilization A-14

version A-30

environment variables

described A-24

displaying settings A-24

location of A-25

setting A-24

unsetting A-28

files

copying A-6

deleting A-7

displaying a list of A-8

displaying the contents of A-5, A-20, A-27

renaming A-21

file system

formatting A-11

initializing flash A-10

running a consistency check A-12

prompt A-1

resetting the system A-22

boot manual command 2-79

boot private-config-file command 2-80

boot system command 2-81

boot time-copy-sw command 2-70

BPDU filtering, for spanning tree 2-855, 2-889

BPDU guard, for spanning tree 2-857, 2-889

broadcast storm control 2-912

C

candidate switches

See clusters

cat (boot loader) command A-5

CDP, enabling protocol tunneling for 2-341

channel-group command 2-85

channel-protocol command 2-89

Cisco Redundant Power System 2300

configuring 2-494

managing 2-494

Cisco SoftPhone

auto-QoS configuration 2-64

trusting packets sent from 2-428

CISP

See Client Information Signalling Protocol

cisp

debug platform cisp command B-41

cisp enable command 2-90

class command 2-91

class-map command 2-94

class maps

creating 2-94

defining the match criteria 2-383

displaying 2-582

class of service

See CoS

clear dot1x command 2-96

clear eap sessions command 2-97

clear errdisable interface 2-98

clear ip arp inspection log command 2-99

clear ip arp inspection statistics command 2-100

clear ipc command 2-103

clear ip dhcp snooping database command 2-101

clear ipv6 dhcp conflict command 2-104

clear l2protocol-tunnel counters command 2-105

clear lacp command 2-106

clear logging onboard command 2-107

clear logging smartlog statistics interface command 2-108

clear mac address-table command 2-109, 2-110

clear macsec counters interface command 2-111

clear mka command 2-112

clear nmsp statistics command 2-114

clear pagp command 2-115, 2-119

clear port-security command 2-116

clear psp counter 2-118

clear psp counter command 2-118

clear spanning-tree counters command 2-120

clear spanning-tree detected-protocols command 2-121

clear vmps statistics command 2-122

clear vtp counters command 2-123

Client Information Signalling Protocol 2-90, 2-180, 2-581, B-7, B-41

cluster commander-address command 2-124

cluster discovery hop-count command 2-126

cluster enable command 2-127

cluster holdtime command 2-129

cluster member command 2-130

cluster outside-interface command 2-132

cluster run command 2-133

clusters

adding candidates 2-130

binding to HSRP group 2-134

building manually 2-130

communicating with

devices outside the cluster 2-132

members by using Telnet 2-516

debug messages, display B-8

displaying

candidate switches 2-585

debug messages B-8

member switches 2-587

status 2-583

hop-count limit for extended discovery 2-126

HSRP standby groups 2-134

redundancy 2-134

SNMP trap 2-843

cluster standby-group command 2-134

cluster timer command 2-136

command modes defined 1-2

command switch

See clusters

confidentiality-offset command 2-139

configuration files

password recovery disable considerations A-1

specifying the name 2-75, 2-80

configuring multiple interfaces 2-233

config-vlan mode

commands 2-980

copy (boot loader) command A-6

copy logging onboard command 2-137

CoS

assigning default value to incoming packets 2-398

assigning to Layer 2 protocol packets 2-344

overriding the incoming value 2-398

CoS-to-DSCP map 2-402

CPU ASIC statistics, displaying 2-589

crashinfo files 2-223

critical VLAN 2-31

D

debug authentication B-2

debug auto qos command B-4

debug backup command B-6

debug cisp command B-7

debug cluster command B-8

debug device-sensor command B-10

debug dot1x command B-12

debug dtp command B-13

debug eap command B-14

debug etherchannel command B-15

debug fastethernet command B-16

debug ilpower command B-17

debug interface command B-18

debug ip dhcp snooping command B-19

debug ip igmp filter command B-21

debug ip igmp max-groups command B-22

debug ip igmp snooping command B-23

debug ip verify source packet command B-20

debug lacp command B-24

debug lldp packets command B-25

debug mac-notification command B-27

debug macsec command B-28

debug matm command B-29

debug matm move update command B-30

debug mka command B-31

debug monitor command B-33

debug mvrdbg command B-34

debug nmsp command B-35

debug nvram command B-36

debug pagp command B-37

debug platform acl command B-38

debug platform backup interface command B-40

debug platform cisp command B-41

debug platform cli-redirection main command B-42

debug platform configuration command B-43, B-51

debug platform cpu-queues command B-44

debug platform device-manager command B-46

debug platform dot1x command B-47

debug platform etherchannel command B-48

debug platform fallback-bridging command B-49

debug platform forw-tcam command B-50

debug platform ip arp inspection command B-52

debug platform ipc command B-61

debug platform ip dhcp command B-53

debug platform ip igmp snooping command B-54

debug platform ip multicast command B-56

debug platform ip unicast command B-58

debug platform ip wccp command B-60

debug platform led command B-62

debug platform matm command B-63

debug platform messaging application command B-64

debug platform phy command B-65

debug platform pm command B-67

debug platform port-asic command B-69

debug platform port-security command B-70

debug platform qos-acl-tcam command B-71

debug platform remote-commands command B-72

debug platform resource-manager command B-73

debug platform snmp command B-74

debug platform span command B-75

debug platform stack-manager command B-76

debug platform supervisor-asic command B-77

debug platform sw-bridge command B-78

debug platform tcam command B-79

debug platform udld command B-82

debug platform vlan command B-83

debug pm command B-84

debug port-security command B-86

debug qos-manager command B-87

debug spanning-tree backbonefast command B-90

debug spanning-tree bpdu command B-91

debug spanning-tree bpdu-opt command B-92

debug spanning-tree command B-88

debug spanning-tree mstp command B-93

debug spanning-tree switch command B-95

debug spanning-tree uplinkfast command B-97

debug sw-vlan command B-98

debug sw-vlan ifs command B-100

debug sw-vlan notification command B-101

debug sw-vlan vtp command B-103

debug udld command B-105

debug vqpc command B-107

default policy, MKA 2-389

define interface-range command 2-140

delete (boot loader) command A-7

delete command 2-142

deny (ARP access-list configuration) command 2-145

deny (IPv6) command 2-147

deny command 2-152

detect mechanism, causes 2-214

device-sensor accounting command 2-155

device-sensor filter-list command 2-156

device-sensor filter-list dhcp command 2-159

device-sensor filter-spec command 2-161

device-sensor notify command 2-163

DHCP snooping

accepting untrusted packets from edge switch 2-271

enabling

on a VLAN 2-277

option 82 2-269, 2-271

trust on an interface 2-275

error recovery timer 2-219

rate limiting 2-274

DHCP snooping binding database

binding file, configuring 2-267

bindings

adding 2-265

deleting 2-265

displaying 2-672

clearing database agent statistics 2-101

database agent, configuring 2-267

displaying

binding entries 2-672

database agent status 2-674, 2-676

renewing 2-524

Digital Optical Monitoring

see DoM

dir (boot loader) command A-8

directories, deleting 2-142

DoM

displaying supported transceivers 2-663

domain name, VTP 2-995

dot1x auth-fail max-attempts 2-174

dot1x auth-fail vlan 2-176

dot1x command 2-172

dot1x control-direction command 2-178

dot1x credentials (global configuration) command 2-180

dot1x critical global configuration command 2-181

dot1x critical interface configuration command 2-183

dot1x default command 2-185

dot1x fallback command 2-186

dot1x guest-vlan command 2-187

dot1x host-mode command 2-189

dot1x initialize command 2-190

dot1x mac-auth-bypass command 2-191

dot1x max-reauth-req command 2-193

dot1x max-req command 2-195

dot1x pae command 2-196

dot1x port-control command 2-197

dot1x re-authenticate command 2-199

dot1x reauthentication command 2-200

dot1x supplicant controlled transient command 2-201

dot1x supplicant force-multicast command 2-203

dot1x test eapol-capable command 2-204

dot1x test timeout command 2-205

dot1x timeout command 2-206

dot1x violation-mode command 2-209

dropping packets, with ACL matches 2-8

drop threshold, Layer 2 protocol tunneling 2-341

DSCP-to-CoS map 2-402

DSCP-to-DSCP-mutation map 2-402

DTP 2-935

DTP flap

error detection for 2-214

error recovery timer 2-219

DTP negotiation 2-939

dual IPv4 and IPv6 templates 2-463

duplex command 2-210

dynamic-access ports

configuring 2-924

restrictions 2-925

dynamic ARP inspection

ARP ACLs

apply to a VLAN 2-245

define 2-23

deny packets 2-145

display 2-566

permit packets 2-461

clear

log buffer 2-99

statistics 2-100

display

ARP ACLs 2-566

configuration and operating state 2-667

log buffer 2-667

statistics 2-667

trust state and rate limit 2-667

enable per VLAN 2-257

error detection for 2-214

error recovery timer 2-219

log buffer

clear 2-99

configure 2-249

display 2-667

rate-limit incoming ARP packets 2-247

statistics

clear 2-100

display 2-667

trusted interface state 2-253

type of packet logged 2-258

validation checks 2-255

dynamic auto VLAN membership mode 2-934

dynamic desirable VLAN membership mode 2-934

Dynamic Host Configuration Protocol (DHCP)

See DHCP snooping

Dynamic Trunking Protocol

See DTP

E

EAP-request/identity frame

maximum number to send 2-195

response time before retransmitting 2-206

encapsulation methods 2-954

environment variables, displaying 2-575

epm access-control open 2-212

errdisable detect cause command 2-214

errdisable detect cause small-frame command 2-217

errdisable recovery cause small-frame 2-222

errdisable recovery command 2-219

error conditions, displaying 2-635

error disable detection 2-214

error-disabled interfaces, displaying 2-648

EtherChannel

assigning Ethernet interface to channel group 2-85

creating port-channel logical interface 2-231

debug EtherChannel/PAgP, display B-15

debug platform-specific events, display B-48

displaying 2-638

enabling Layer 2 protocol tunneling for

LACP 2-342

PAgP 2-342

UDLD 2-342

interface information, displaying 2-648

LACP

clearing channel-group information 2-106, 2-107

debug messages, display B-24

displaying 2-709

modes 2-85

port priority for hot-standby ports 2-345

restricting a protocol 2-89

system priority 2-347

load-distribution methods 2-479

PAgP

aggregate-port learner 2-455

clearing channel-group information 2-115

debug messages, display B-37

displaying 2-781

error detection for 2-214

error recovery timer 2-219

learn method 2-455

modes 2-85

physical-port learner 2-455

priority of interface for transmitted traffic 2-457

Ethernet controller, internal register display 2-591, 2-598

Ethernet Management port, debugging B-16

Ethernet statistics, collecting 2-543

exception crashinfo command 2-223, 2-228

extended discovery of candidate switches 2-126

extended-range VLANs

and allowed VLAN list 2-954

and pruning-eligible list 2-954

configuring 2-979

extended system ID for STP 2-863

F

fallback profile command 2-224

fallback profiles, displaying 2-641

fan information, displaying 2-626

file name, VTP 2-995

files, deleting 2-142

flash_init (boot loader) command A-10

flexible authentication ordering 2-43

Flex Links

configuring 2-928

displaying 2-649

flow-based SPAN 2-433

flowcontrol command 2-226

format (boot loader) command A-11

forwarding packets, with ACL matches 2-8

forwarding results, display C-7

frame forwarding information, displaying C-7

front-end controller counter and status information C-9

fsck (boot loader) command A-12

FSPAN 2-433

G

global configuration mode 1-2, 1-4

H

hardware ACL statistics 2-562

health monitoring diagnostic tests 2-165

help (boot loader) command A-13

hierarchical policy maps 2-477

hop-count limit for clusters 2-126

host connection, port configuration 2-933

host ports, private VLANs 2-937

Hot Standby Router Protocol

See HSRP

HSRP

binding HSRP group to cluster 2-134

standby group 2-134

hw-module switch command 2-230

I

IEEE 802.1Q trunk ports and native VLANs 2-986

IEEE 802.1Q tunnel ports

configuring 2-934

displaying 2-616

limitations 2-935

IEEE 802.1x

and switchport modes 2-935

violation error recovery 2-219

See also port-based authentication

IGMP filters

applying 2-281

debug messages, display B-21

IGMP groups, setting maximum 2-282

IGMP maximum groups, debugging B-22

IGMP profiles

creating 2-284

displaying 2-679

IGMP snooping

adding ports as a static member of a group 2-300

displaying 2-680, 2-684, 2-685

enabling 2-286

enabling the configurable-leave timer 2-288

enabling the Immediate-Leave feature 2-297

flooding query count 2-294

interface topology change notification behavior 2-296

multicast table 2-682

querier 2-290

query solicitation 2-294

report suppression 2-292

switch topology change notification behavior 2-294

images

See software images

Immediate-Leave processing

IGMP 2-297

IPv6 2-337

MVR 2-441

interface configuration mode 1-2, 1-4

interface port-channel command 2-231

interface range command 2-233

interface-range macros 2-140

interfaces

assigning Ethernet interface to channel group 2-85

configuring 2-210

configuring multiple 2-233

creating port-channel logical 2-231

debug messages, display B-18

disabling 2-839

displaying the MAC address table 2-733

restarting 2-839

interface speed, configuring 2-900

interface vlan command 2-235

internal power supplies

See power supplies

internal registers, displaying 2-591, 2-598, 2-605

Internet Group Management Protocol

See IGMP

invalid GBIC

error detection for 2-214

error recovery timer 2-219

ip access-group command 2-237

ip address command 2-240

IP addresses, setting 2-240

IP address matching 2-381

ip admission command 2-242

ip admission name proxy http command 2-243

ip arp inspection filter vlan command 2-245

ip arp inspection limit command 2-247

ip arp inspection log-buffer command 2-249

ip arp inspection trust command 2-253

ip arp inspection validate command 2-255

ip arp inspection vlan command 2-257

ip arp inspection vlan logging command 2-258

ip device tracking command 2-260

ip device tracking probe command 2-262

IP DHCP snooping

See DHCP snooping

ip dhcp snooping binding command 2-265

ip dhcp snooping command 2-264

ip dhcp snooping database command 2-267

ip dhcp snooping information option allow-untrusted command 2-271

ip dhcp snooping information option command 2-269

ip dhcp snooping information option format remote-id command 2-273

ip dhcp snooping limit rate command 2-274

ip dhcp snooping trust command 2-275

ip dhcp snooping verify command 2-276

ip dhcp snooping vlan command 2-277

ip dhcp snooping vlan information option format-type circuit-id string command 2-279

ip igmp filter command 2-281

ip igmp max-groups command 2-282, 2-307, 2-309

ip igmp profile command 2-284

ip igmp snooping command 2-286

ip igmp snooping last-member-query-interval command 2-288

ip igmp snooping querier command 2-290

ip igmp snooping report-suppression command 2-292

ip igmp snooping tcn command 2-294

ip igmp snooping tcn flood command 2-296

ip igmp snooping vlan immediate-leave command 2-297

ip igmp snooping vlan mrouter command 2-298

ip igmp snooping vlan static command 2-300

IP multicast addresses 2-438

IP phones

auto-QoS configuration 2-64

trusting packets sent from 2-428

IP-precedence-to-DSCP map 2-402

ip snap forwarding command 2-302

ip source binding command 2-303

IP source guard

disabling 2-311

displaying

binding entries 2-687

configuration 2-688

dynamic binding entries only 2-672

enabling 2-311

static IP source bindings 2-303

ip ssh command 2-305

IPv4 and IPv6

port-based trust 2-429

IPv6 access list, deny conditions 2-147

ipv6 access-list command 2-314

ipv6 address dhcp command 2-317

ipv6 dhcp client request vendor command 2-318

ipv6 dhcp ping packets command 2-319

ipv6 dhcp pool command 2-321

ipv6 dhcp server command 2-324

ipv6 mld snooping command 2-326

ipv6 mld snooping last-listener-query count command 2-328

ipv6 mld snooping last-listener-query-interval command 2-330

ipv6 mld snooping listener-message-suppression command 2-332

ipv6 mld snooping robustness-variable command 2-333

ipv6 mld snooping tcn command 2-335

ipv6 mld snooping vlan command 2-337

IPv6 QoS

enabling 2-394

IPv6 SDM template 2-545

ipv6 traffic-filter command 2-339

ip verify source command 2-311

ip verify source smartlog command 2-313

J

jumbo frames

See MTU

L

l2protocol-tunnel command 2-341

l2protocol-tunnel cos command 2-344

LACP

See EtherChannel

lacp port-priority command 2-345

lacp system-priority command 2-347

Layer 2 mode, enabling 2-922

Layer 2 protocol ports, displaying 2-707

Layer 2 protocol-tunnel

error detection for 2-214

error recovery timer 2-219

Layer 2 protocol tunnel counters 2-105

Layer 2 protocol tunneling error recovery 2-342

Layer 2 traceroute

IP addresses 2-969

MAC addresses 2-966

Layer 3 mode, enabling 2-922

license boot command 2-349

line configuration mode 1-3, 1-5

Link Aggregation Control Protocol

See EtherChannel

link flap

error detection for 2-214

error recovery timer 2-219

link-security authentication 2-33

link-security policies 2-38

link state group command 2-351

link state track command 2-353

load-distribution methods for EtherChannel 2-479

location (global configuration) command 2-354

location (interface configuration) command 2-356

logging event command 2-358

logging event power-inline-status command 2-359

logging file command 2-360

logical interface 2-231

loopback error

detection for 2-214

recovery timer 2-219

loop guard, for spanning tree 2-865, 2-869

M

mab request format attribute 32 command 2-364

mac access-group command 2-366

MAC access-groups, displaying 2-725

MAC access list configuration mode 2-368

mac access-list extended command 2-368

MAC access lists 2-152

MAC addresses

disabling MAC address learning per VLAN 2-371

displaying

aging time 2-729

all 2-728

dynamic 2-732

MAC address-table move updates 2-735

notification settings 2-734, 2-736

number of addresses in a VLAN 2-731

per interface 2-733

per VLAN 2-740

static 2-738

static and dynamic entries 2-726

dynamic

aging time 2-370

deleting 2-109

displaying 2-732

enabling MAC address notification 2-375

enabling MAC address-table move update 2-373

matching 2-381

persistent stack 2-908

static

adding and removing 2-377

displaying 2-738

dropping on an interface 2-378

tables 2-728

MAC address notification, debugging B-27

mac address-table aging-time 2-366, 2-381

mac address-table aging-time command 2-370

mac address-table learning command 2-371

mac address-table move update command 2-373

mac address-table notification command 2-375

mac address-table static command 2-377

mac address-table static drop command 2-378

MAC frames

See MTU

macros

interface range 2-140, 2-233

MACsec

counters 2-111, 2-601

debugging B-28

displaying 2-742

enabling 2-380

registers 2-601

macsec command 2-380

maps

QoS

defining 2-402

displaying 2-765

VLAN

creating 2-984

defining 2-381

displaying 2-829

match (access-map configuration) command 2-381

match (class-map configuration) command 2-383

maximum transmission unit

See MTU

mdix auto command 2-386

Media Access Control Security

See MACsec.

media-type rj45 command 2-388

member switches

See clusters

memory (boot loader) command A-14

mgmt_clr (boot loader) command A-16

mgmt_init (boot loader) command A-17, A-18

MKA

confidentiality 2-139

debugging B-31

displaying default policy 2-744

displaying policies 2-746

displaying sessions 2-749

displaying sessions and statistics 2-755

displaying statistics 2-752

policy configuration mode 2-390

MKA, enabling 2-392

mka default policy command 2-389

mka policy global configuration command 2-390

mka policy interface configuration command 2-392

mkdir (boot loader) command A-19

MLD snooping

configuring 2-332, 2-333

configuring queries 2-328, 2-330

configuring topology change notification 2-335

displaying 2-697, 2-699, 2-701, 2-703

enabling 2-326

enabling on a VLAN 2-337

mls qos aggregate-policer command 2-396

mls qos command 2-394

mls qos cos command 2-398

mls qos dscp-mutation command 2-400

mls qos map command 2-402

mls qos queue-set output buffers command 2-406

mls qos queue-set output threshold command 2-408

mls qos rewrite ip dscp command 2-410

mls qos srr-queue input bandwidth command 2-412

mls qos srr-queue input buffers command 2-414

mls qos-srr-queue input cos-map command 2-416

mls qos srr-queue input dscp-map command 2-418

mls qos srr-queue input priority-queue command 2-420

mls qos srr-queue input threshold command 2-422

mls qos-srr-queue output cos-map command 2-424

mls qos srr-queue output dscp-map command 2-426

mls qos trust command 2-428

mls qos vlan-based command 2-430

mode, MVR 2-438

Mode button, and password recovery 2-549

mode command 2-431

modes, commands 1-2

monitor session command 2-433

more (boot loader) command A-20

MSTP

displaying 2-801

interoperability 2-121

link type 2-867

MST region

aborting changes 2-873

applying changes 2-873

configuration name 2-873

configuration revision number 2-873

current or pending display 2-873

displaying 2-801

MST configuration mode 2-873

VLANs-to-instance mapping 2-873

path cost 2-875

protocol mode 2-871

restart protocol migration process 2-121

root port

loop guard 2-865

preventing from becoming designated 2-865

restricting which can be root 2-865

root guard 2-865

root switch

affects of extended system ID 2-863

hello-time 2-878, 2-885

interval between BDPU messages 2-879

interval between hello BPDU messages 2-878, 2-885

max-age 2-879

maximum hop count before discarding BPDU 2-880

port priority for selection of 2-881

primary or secondary 2-885

switch priority 2-884

state changes

blocking to forwarding state 2-892

enabling BPDU filtering 2-855, 2-889

enabling BPDU guard 2-857, 2-889

enabling Port Fast 2-889, 2-892

forward-delay time 2-877

length of listening and learning states 2-877

rapid transition to forwarding 2-867

shutting down Port Fast-enabled ports 2-889

state information display 2-800

MTU

configuring size 2-962

displaying global setting 2-818

MAC 2-963

system jumbo 2-963

system routing 2-963

Multicase Listener Discovery

See MLD

multicast group address, MVR 2-441

multicast groups, MVR 2-439

Multicast Listener Discovery

See MLD

multicast router learning method 2-298

multicast router ports, configuring 2-298

multicast router ports, IPv6 2-337

multicast storm control 2-912

multicast VLAN, MVR 2-438

multicast VLAN registration

See MVR

multiple hosts on authorized port 2-189

Multiple Spanning Tree Protocol

See MSTP

MVR

and address aliasing 2-439

configuring 2-438

configuring interfaces 2-441

debug messages, display B-34

displaying 2-772

displaying interface information 2-773

members, displaying 2-775

mvr (global configuration) command 2-438

mvr (interface configuration) command 2-441

mvr vlan group command 2-442

N

native VLANs 2-954

native VLAN tagging 2-986

network-policy (global configuration) command 2-445

network-policy command 2-444

network-policy profile (network-policy configuration) command 2-446

nmsp attachment suppress command 2-449

nmsp command 2-448

no authentication logging verbose 2-450

no dot1x logging verbose 2-451

no mab logging verbose 2-452

nonegotiate

DTP messaging 2-939

speed 2-900

non-IP protocols

denying 2-152

forwarding 2-469

non-IP traffic access lists 2-368

non-IP traffic forwarding

denying 2-152

permitting 2-469

non-stop forwarding 2-453

normal-range VLANs 2-979

no vlan command 2-979

nsf command 2-453

O

online diagnostics

configuring health monitoring diagnostic tests 2-165

displaying

configured boot-up coverage level 2-611

current scheduled tasks 2-611

event logs 2-611

supported test suites 2-611

test ID 2-611

test results 2-611

test statistics 2-611

enabling

scheduling 2-167

syslog messages 2-165

global configuration mode

clearing health monitoring diagnostic test schedule 2-165

clearing test-based testing schedule 2-167

setting health monitoring diagnostic testing 2-165

setting test-based testing 2-167

setting up health monitoring diagnostic test schedule 2-165

setting up test-based testing 2-167

removing scheduling 2-167

scheduled switchover

disabling 2-167

enabling 2-167

setting test interval 2-167

specifying health monitoring diagnostic tests 2-165

starting testing 2-169

P

PAgP

See EtherChannel

pagp learn-method command 2-455

pagp port-priority command 2-457

password, VTP 2-996

password-recovery mechanism, enabling and disabling 2-549

permit (ARP access-list configuration) command 2-461

permit (IPv6) command 2-463

permit (MAC access-list configuration) command 2-469

per-VLAN spanning-tree plus

See STP

physical-port learner 2-455

PID, displaying 2-666

PIM-DVMRP, as multicast router learning method 2-298

PoE

configuring the power budget 2-484

configuring the power management mode 2-481

displaying controller register values 2-603

displaying power management information 2-786

error detection for 2-214

error recovery timer 2-219

logging of status 2-359

monitoring power 2-488

policing power consumption 2-488

police aggregate command 2-474

police command 2-472

policed-DSCP map 2-402

policy-map command 2-476

policy maps

applying to an interface 2-551, 2-557

creating 2-476

displaying 2-783

hierarchical 2-477

policers

displaying 2-759

for a single class 2-472

for multiple classes 2-396, 2-474

policed-DSCP map 2-402

traffic classification

defining the class 2-91

defining trust states 2-971

setting DSCP or IP precedence values 2-555

Port Aggregation Protocol

See EtherChannel

port-based authentication

AAA method list 2-3

configuring violation modes 2-209

debug messages, display B-12

enabling guest VLAN supplicant 2-175, 2-186

enabling IEEE 802.1x

globally 2-172

per interface 2-197

guest VLAN 2-187

host modes 2-189

IEEE 802.1x AAA accounting methods 2-1

initialize an interface 2-190, 2-205

MAC authentication bypass 2-191

manual control of authorization state 2-197

multiple hosts on authorized port 2-189

PAE as authenticator 2-196

periodic re-authentication

enabling 2-200

time between attempts 2-206

quiet period between failed authentication exchanges 2-206

re-authenticating IEEE 802.1x-enabled ports 2-199

resetting configurable IEEE 802.1x parameters 2-185

switch-to-authentication server retransmission time 2-206

switch-to-client frame-retransmission number 2-193 to 2-195

switch-to-client retransmission time 2-206

test for IEEE 802.1x readiness 2-204

port-based trust

IPv4 and IPv6 2-429

port-channel load-balance command 2-479

Port Fast, for spanning tree 2-892

port ranges, defining 2-137, 2-140

ports, debugging B-84

ports, protected 2-952

port security

aging 2-946

debug messages, display B-86

enabling 2-941

violation error recovery 2-219

port trust states for QoS 2-428

port types, MVR 2-441

power information, displaying 2-626

power inline command 2-481

power inline consumption command 2-484

power inline four-pair forced command 2-487

power inline police command 2-488

Power over Ethernet

See PoE

power-priority command 2-491

power rps command (global configuration) 2-497

power rps command (user EXEC) 2-493

power supply

configuring 2-495

managing 2-495

power supply command 2-495

power xps command privileged EXEC) 2-499

power xps port command 2-501

priority-queue command 2-503

priority value, stack member 2-811, 2-917

private-vlan command 2-505

private-vlan mapping command 2-508

private VLANs

association 2-950

configuring 2-505

configuring ports 2-937

displaying 2-824

host ports 2-937

mapping

configuring 2-950

displaying 2-648

promiscuous ports 2-937

privileged EXEC mode 1-2, 1-3

product identification information, displaying 2-666

promiscuous ports, private VLANs 2-937

protected ports, displaying 2-653

pruning

VLANs 2-954

VTP

enabling 2-996

pruning-eligible VLAN list 2-956

psp 2-510

psp command 2-510

PVST+

See STP

Q

QoS

auto-QoS

configuring 2-64

debug messages, display B-4

displaying 2-571

auto-QoS trust

configuring 2-58

auto-QoS video

configuring 2-61

class maps

creating 2-94

defining the match criteria 2-383

displaying 2-582

defining the CoS value for an incoming packet 2-398

displaying configuration information 2-571, 2-758

DSCP transparency 2-410

DSCP trusted ports

applying DSCP-to-DSCP-mutation map to 2-400

defining DSCP-to-DSCP-mutation map 2-402

egress queues

allocating buffers 2-406

defining the CoS output queue threshold map 2-424

defining the DSCP output queue threshold map 2-426

displaying buffer allocations 2-761

displaying CoS output queue threshold map 2-765

displaying DSCP output queue threshold map 2-765

displaying queueing strategy 2-761

displaying queue-set settings 2-768

enabling bandwidth shaping and scheduling 2-904

enabling bandwidth sharing and scheduling 2-906

limiting the maximum output on a port 2-902

mapping a port to a queue-set 2-511

mapping CoS values to a queue and threshold 2-424

mapping DSCP values to a queue and threshold 2-426

setting maximum and reserved memory allocations 2-408

setting WTD thresholds 2-408

enabling 2-394

enabling IPv6 QoS 2-394

ingress queues

allocating buffers 2-414

assigning SRR scheduling weights 2-412

defining the CoS input queue threshold map 2-416

defining the DSCP input queue threshold map 2-418

displaying buffer allocations 2-761

displaying CoS input queue threshold map 2-765

displaying DSCP input queue threshold map 2-765

displaying queueing strategy 2-761

displaying settings for 2-760

enabling the priority queue 2-420

mapping CoS values to a queue and threshold 2-416

mapping DSCP values to a queue and threshold 2-418

setting WTD thresholds 2-422

maps

defining 2-402, 2-416, 2-418, 2-424, 2-426

displaying 2-765

policy maps

applying an aggregate policer 2-474

applying to an interface 2-551, 2-557

creating 2-476

defining policers 2-396, 2-472

displaying policers 2-759

displaying policy maps 2-783

hierarchical 2-477

policed-DSCP map 2-402

setting DSCP or IP precedence values 2-555

traffic classifications 2-91

trust states 2-971

port trust states 2-428

queues, enabling the expedite 2-503

statistics

in-profile and out-of-profile packets 2-761

packets enqueued or dropped 2-761

sent and received CoS values 2-761

sent and received DSCP values 2-761

trusted boundary for IP phones 2-428

VLAN-based 2-430

quality of service

See QoS

querytime, MVR 2-438

queue-set command 2-511

R

radius-server dead-criteria command 2-512

radius-server host command 2-514

rapid per-VLAN spanning-tree plus

See STP

rapid PVST+

See STP

rcommand command 2-516

re-authenticating IEEE 802.1x-enabled ports 2-199

re-authentication

periodic 2-200

time between attempts 2-206

receiver ports, MVR 2-441

receiving flow-control packets 2-226

recovery mechanism

causes 2-219

display 2-98, 2-578, 2-633, 2-636

timer interval 2-220

redundancy for cluster switches 2-134

redundant power supply

See RPS

redundant power system

See Cisco Redundant Power System 2300

reload command 2-518

remote command 2-520

remote-span command 2-522

Remote Switched Port Analyzer

See RSPAN

rename (boot loader) command A-21

renew ip dhcp snooping database command 2-524

rep admin vlan command 2-526

rep block port command 2-527

replay protection, MACsec 2-540

replay-protection command 2-540

rep lsl-age-timer command 2-531

rep preempt delay command 2-532

rep preempt segment command 2-534

rep segment command 2-535

rep stcn command 2-538

reset (boot loader) command A-22

restricted VLAN

See dot1x auth-fail vlan

rmdir (boot loader) command A-23

rmon collection stats command 2-543

root guard, for spanning tree 2-865

routed ports

IP addresses on 2-241

number supported 2-241

routing frames

See MTU

RPS

See Cisco Redundant Power System 2300

RPS 2300

configuring 2-493, 2-499, 2-501

managing 2-493, 2-499, 2-501

See Cisco Redundant Power System 2300

RSPAN

configuring 2-433

displaying 2-770

filter RSPAN traffic 2-433

remote-span command 2-522

sessions

add interfaces to 2-433

displaying 2-770

start new 2-433

rsu command 2-544

S

scheduled switchover

disabling 2-167

enabling 2-167

SDM mismatch mode 2-546, 2-812

sdm prefer command 2-545

SDM templates

allowed resources 2-547

and stacking 2-546

displaying 2-796

dual IPv4 and IPv6 2-545

secure ports, limitations 2-943

sending flow-control packets 2-226

service password-recovery command 2-549

service-policy command 2-551

session command 2-554

set (boot loader) command A-24

set command 2-555

setup command 2-557

setup express command 2-560

show access-lists command 2-562

show archive status command 2-565

show arp access-list command 2-566

show authentication command 2-567

show auto qos command 2-571

show boot command 2-575

show cable-diagnostics tdr command 2-578

show cisp command 2-581

show class-map command 2-582

show cluster candidates command 2-585

show cluster command 2-583

show cluster members command 2-587

show controllers cpu-interface command 2-589

show controllers ethernet-controller command 2-591

show controllers ethernet-controller fastethernet command 2-598

show controllers ethernet phy macsec command 2-601

show controllers power inline command 2-603

show controllers tcam command 2-605

show controller utilization command 2-607

show device-sensor cache command 2-609

show dot1q-tunnel command 2-616

show dot1x command 2-617

show dtp 2-621

show eap command 2-623

show env command 2-626

show env xps command 2-629

show errdisable detect command 2-633

show errdisable flap-values command 2-635

show errdisable recovery command 2-636

show etherchannel command 2-638

show fallback profile command 2-641

show flowcontrol command 2-642

show hw-module switch command 2-644

show idprom command 2-646

show interface rep command 2-661

show interfaces command 2-648

show interfaces counters command 2-659

show interface transceivers command 2-663

show inventory command 2-666

show ip arp inspection command 2-667

show ipc command 2-690

show ip dhcp snooping binding command 2-672

show ip dhcp snooping command 2-671

show ip dhcp snooping database command 2-674, 2-676

show ip igmp profile command 2-679

show ip igmp snooping address command 2-699

show ip igmp snooping command 2-680, 2-697

show ip igmp snooping groups command 2-682

show ip igmp snooping mrouter command 2-684, 2-701

show ip igmp snooping querier command 2-685, 2-703

show ip source binding command 2-687

show ipv6 access-list command 2-694

show ipv6 dhcp conflict command 2-696

show ipv6 route updated 2-705

show ip verify source command 2-688

show l2protocol-tunnel command 2-707

show lacp command 2-709

show link state group command 2-713

show location 2-715

show location command 2-715

show logging onboard command 2-717

show logging smartlog command 2-722

show mac access-group command 2-725

show mac address-table address command 2-728

show mac address-table aging time command 2-729

show mac address-table command 2-726

show mac address-table count command 2-731

show mac address-table dynamic command 2-732

show mac address-table interface command 2-733

show mac address-table learning command 2-734

show mac address-table move update command 2-735

show mac address-table notification command 2-110, 2-736, B-30

show mac address-table static command 2-738

show mac address-table vlan command 2-740

show macsec command 2-742

show mka default-policy command 2-744

show mka policy command 2-746

show mka session command 2-749

show mka statistics command 2-752

show mka summary command 2-755

show mls qos aggregate-policer command 2-759

show mls qos command 2-758

show mls qos input-queue command 2-760

show mls qos interface command 2-761

show mls qos maps command 2-765

show mls qos queue-set command 2-768

show mls qos vlan command 2-769

show monitor command 2-770

show mvr command 2-772

show mvr interface command 2-773

show mvr members command 2-775

show network-policy profile command 2-777

show nmsp command 2-778

show pagp command 2-781

show platform acl command C-2

show platform backup interface command C-3

show platform configuration command C-4

show platform dl command C-5

show platform etherchannel command C-6

show platform forward command C-7

show platform frontend-controller command C-9

show platform igmp snooping command C-10

show platform ipc trace command C-17

show platform ip multicast command C-11

show platform ip unicast command C-12

show platform ipv6 mld snooping command C-18

show platform ipv6 unicast command C-19

show platform ip wccp command C-16

show platform layer4op command C-21

show platform mac-address-table command C-22

show platform messaging command C-23

show platform monitor command C-24

show platform mvr table command C-25

show platform pm command C-26

show platform port-asic command C-27

show platform port-security command C-32

show platform qos command C-33

show platform resource-manager command C-34

show platform snmp counters command C-36

show platform spanning-tree command C-37

show platform stack-manager command C-39

show platform stp-instance command C-38

show platform tb command C-43

show platform tcam command C-44

show platform vlan command C-47

show policy-map command 2-783

show port security command 2-784

show power inline command 2-786, 2-806

show psp config 2-792

show psp config command 2-792

show psp statistics 2-793

show psp statistics command 2-793

show rep topology command 2-794

show sdm prefer command 2-796

show setup express command 2-799

show spanning-tree command 2-800

show storm-control command 2-809

show switch command 2-811

show switch service-modules command 2-816

show system mtu command 2-818

show trust command 2-971

show udld command 2-819

show version command 2-822

show vlan access-map command 2-829

show vlan command 2-824

show vlan command, fields 2-826

show vlan filter command 2-830

show vmps command 2-831

show vtp command 2-833

shutdown command 2-839

shutdown threshold, Layer 2 protocol tunneling 2-341

shutdown vlan command 2-840

small-frame violation rate command 2-841

SNMP host, specifying 2-848

SNMP informs, enabling the sending of 2-843

snmp-server enable traps command 2-843

snmp-server host command 2-848

snmp trap mac-notification change command 2-852

SNMP traps

enabling MAC address notification trap 2-852

enabling the MAC address notification feature 2-375

enabling the sending of 2-843

SoftPhone

See Cisco SoftPhone

software images

copying 2-10

deleting 2-142

downloading 2-13

upgrading 2-10, 2-13

uploading 2-21

software version, displaying 2-822

source ports, MVR 2-441

SPAN

configuring 2-433

debug messages, display B-33

displaying 2-770

filter SPAN traffic 2-433

sessions

add interfaces to 2-433

displaying 2-770

start new 2-433

spanning-tree backbonefast command 2-854

spanning-tree bpdufilter command 2-855

spanning-tree bpduguard command 2-857

spanning-tree cost command 2-859

spanning-tree etherchannel command 2-861

spanning-tree extend system-id command 2-863

spanning-tree guard command 2-865

spanning-tree link-type command 2-867

spanning-tree loopguard default command 2-869

spanning-tree mode command 2-871

spanning-tree mst configuration command 2-873

spanning-tree mst cost command 2-875

spanning-tree mst forward-time command 2-877

spanning-tree mst hello-time command 2-878

spanning-tree mst max-age command 2-879

spanning-tree mst max-hops command 2-880

spanning-tree mst port-priority command 2-881

spanning-tree mst pre-standard command 2-883

spanning-tree mst priority command 2-884

spanning-tree mst root command 2-885

spanning-tree portfast (global configuration) command 2-889

spanning-tree portfast (interface configuration) command 2-892

spanning-tree port-priority command 2-887

Spanning Tree Protocol

See STP

spanning-tree transmit hold-count command 2-894

spanning-tree uplinkfast command 2-895

spanning-tree vlan command 2-897

speed command 2-900

srr-queue bandwidth limit command 2-902

srr-queue bandwidth shape command 2-904

srr-queue bandwidth share command 2-906

SSH, configuring version 2-305

stack-mac persistent timer command 2-908

stack member

access 2-554

number 2-811, 2-920

priority value 2-917

provisioning 2-918

reloading 2-518

stacks, switch

disabling a member 2-915

enabling a member 2-915

MAC address 2-908

provisioning a new member 2-918

reloading 2-518

stack member access 2-554

stack member number 2-811, 2-920

stack member priority value 2-811, 2-917

static-access ports, configuring 2-924

statistics, Ethernet group 2-543

sticky learning, enabling 2-941

storm-control command 2-912

STP

BackboneFast 2-854

counters, clearing 2-120

debug messages, display

BackboneFast events B-90

MSTP B-93

optimized BPDUs handling B-92

spanning-tree activity B-88

switch shim B-95

transmitted and received BPDUs B-91

UplinkFast B-97

detection of indirect link failures 2-854

enabling protocol tunneling for 2-341

EtherChannel misconfiguration 2-861

extended system ID 2-863

path cost 2-859

protocol modes 2-871

root port

accelerating choice of new 2-895

loop guard 2-865

preventing from becoming designated 2-865

restricting which can be root 2-865

root guard 2-865

UplinkFast 2-895

root switch

affects of extended system ID 2-863, 2-898

hello-time 2-897

interval between BDPU messages 2-897

interval between hello BPDU messages 2-897

max-age 2-897

port priority for selection of 2-887

primary or secondary 2-897

switch priority 2-897

state changes

blocking to forwarding state 2-892

enabling BPDU filtering 2-855, 2-889

enabling BPDU guard 2-857, 2-889

enabling Port Fast 2-889, 2-892

enabling timer to recover from error state 2-219

forward-delay time 2-897

length of listening and learning states 2-897

shutting down Port Fast-enabled ports 2-889

state information display 2-800

VLAN options 2-884, 2-897

supplemental power command 2-910

SVIs, creating 2-235

SVI status calculation 2-926

Switched Port Analyzer

See SPAN

switching characteristics

modifying 2-922

returning to interfaces 2-922

switchport access command 2-924

switchport autostate exclude command 2-926

switchport backup interface command 2-928

switchport block command 2-931

switchport command 2-922

switchport host command 2-933

switchport mode command 2-934

switchport mode private-vlan command 2-937

switchport nonegotiate command 2-939

switchport port-security aging command 2-946

switchport port-security command 2-941

switchport priority extend command 2-948

switchport private-vlan command 2-950

switchport protected command 2-952

switchports, displaying 2-648

switchport trunk command 2-954

switchport voice detect 2-957

switchport voice vlan command 2-958

switch priority command 2-915, 2-917

switch provision command 2-918

switch renumber command 2-920

system env temperature threshold yellow command 2-960

system message logging 2-359

system message logging, save message to flash 2-360

system mtu command 2-962

system resource templates 2-545

T

tar files, creating, listing, and extracting 2-18

TDR, running 2-965

Telnet, using to communicate to cluster switches 2-516

temperature information, displaying 2-626

templates, system resources 2-545

test cable-diagnostics tdr command 2-965

traceroute mac command 2-966

traceroute mac ip command 2-969

trunking, VLAN mode 2-934

trunk mode 2-934

trunk ports 2-934

trunks, to non-DTP device 2-935

trusted boundary for QoS 2-428

trusted port states for QoS 2-428

tunnel ports, Layer 2 protocol, displaying 2-707

type (boot loader) command A-27

U

UDLD

aggressive mode 2-973, 2-975

debug messages, display B-105

enable globally 2-973

enable per interface 2-975

error recovery timer 2-220

message timer 2-973

normal mode 2-973, 2-975

reset a shutdown interface 2-977

status 2-819

udld command 2-973

udld port command 2-975

udld reset command 2-977

unicast storm control 2-912

UniDirectional Link Detection

See UDLD

unknown multicast traffic, preventing 2-931

unknown unicast traffic, preventing 2-931

unset (boot loader) command A-28

upgrading

copying software images 2-10

downloading software images 2-13

software images, monitoring status of 2-565

UplinkFast, for STP 2-895

usb-inactivity-timeout (console configuration) command 2-978

user EXEC mode 1-2, 1-3

V

version (boot loader) command A-30

version mismatch mode 2-812, C-40

vlan (global configuration) command 2-979

vlan access-map command 2-984

VLAN access map configuration mode 2-984

VLAN access maps

actions 2-8

displaying 2-829

VLAN-based QoS 2-430

VLAN configuration

rules 2-982

saving 2-979

VLAN configuration mode

description 1-4

entering 2-979

summary 1-3

vlan dot1q tag native command 2-986

vlan filter command 2-988

VLAN filters, displaying 2-830

VLAN ID range 2-979

VLAN maps

applying 2-988

creating 2-984

defining 2-381

displaying 2-829

VLAN Query Protocol

See VQP

VLANs

adding 2-979

configuring 2-979

debug messages, display

ISL B-101

VLAN IOS file system error tests B-100

VLAN manager activity B-98

VTP B-103

displaying configurations 2-824

extended-range 2-979

MAC addresses

displaying 2-740

number of 2-731

media types 2-982

normal-range 2-979

private 2-937

configuring 2-505

displaying 2-824

See also private VLANs

restarting 2-840

saving the configuration 2-979

shutting down 2-840

SNMP traps for VTP 2-846, 2-849

suspending 2-840

VLAN Trunking Protocol

See VTP

VM mode 2-812, C-40

VMPS

configuring servers 2-993

displaying 2-831

error recovery timer 2-220

reconfirming dynamic VLAN assignments 2-990

vmps reconfirm (global configuration) command 2-991

vmps reconfirm (privileged EXEC) command 2-990

vmps retry command 2-992

vmps server command 2-993

voice VLAN

configuring 2-957, 2-958

setting port priority 2-948

VQP

and dynamic-access ports 2-925

clearing client statistics 2-122

displaying information 2-831

per-server retry count 2-992

reconfirmation interval 2-991

reconfirming dynamic VLAN assignments 2-990

VTP

changing characteristics 2-995

clearing pruning counters 2-123

configuring

domain name 2-995

file name 2-995

mode 2-995

password 2-996

counters display fields 2-834

displaying information 2-833

enabling

pruning 2-996

tunneling for 2-341

Version 2 2-996

enabling per port 2-1000

mode 2-995

pruning 2-996

saving the configuration 2-979

statistics 2-833

status 2-833

status display fields 2-836

vtp (global configuration) command 2-995

vtp interface configuration command 2-1000

vtp primary command 2-1001

X

XPS 2200

configuring 2-497

naming 2-497