A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
Index
A
aaa accounting dot1x command 2-1
aaa authentication dot1x command 2-3
aaa authorization network command 2-5
AAA methods 2-3
abort command 2-754
access control entries
See ACEs
access control lists
See ACLs
access groups
IP 2-149
MAC, displaying 2-527
access list, IPv6 2-212
access map configuration mode 2-280
access mode 2-697
access ports 2-697
ACEs 2-84, 2-349
ACLs
deny 2-82
displaying 2-399
for non-IP protocols 2-258
IP 2-149
matching 2-280
on Layer 2 interfaces 2-149
permit 2-347
action command 2-6
address aliasing 2-330
aggregate-port learner 2-335
allowed VLANs 2-716
apply command 2-754
archive download-sw command 2-8
archive tar command 2-11
archive upload-sw command 2-14
arp access-list command 2-16
authentication failed VLAN
See dot1x auth-fail vlan
auth-fail max-attempts
See dot1x auth-fail max-attempts
auth-fail vlan
See dot1x auth-fail vlan
authorization state of controlled port 2-116
autonegotiation of duplex mode 2-128
auto qos voip command 2-18
B
BackboneFast, for STP 2-629
backup interfaces
configuring 2-691
displaying 2-462
boot (boot loader) command A-2
boot auto-download-sw command 2-22
boot config-file command 2-24
boot enable-break command 2-25
boot helper command 2-26
boot helper-config file command 2-27
booting
Cisco IOS image 2-30
displaying environment variables 2-408
interrupting 2-22, 2-25
manually 2-28
boot loader
accessing A-1
booting
Cisco IOS image A-2
helper image 2-26
directories
creating A-14
displaying a list of A-7
removing A-18
displaying
available commands A-12
memory heap utilization A-13
version A-25
environment variables
described A-19
displaying settings A-19
location of A-20
setting A-19
unsetting A-23
files
copying A-5
deleting A-6
displaying a list of A-7
displaying the contents of A-4, A-15, A-22
renaming A-16
file system
formatting A-10
initializing flash A-9
running a consistency check A-11
prompt A-1
resetting the system A-17
boot manual command 2-28
boot private-config-file command 2-29
boot system command 2-30
BPDU filtering, for spanning tree 2-630, 2-664
BPDU guard, for spanning tree 2-632, 2-664
broadcast storm control 2-682
C
candidate switches
See clusters
cat (boot loader) command A-4
CDP, enabling protocol tunneling for 2-237
channel-group command 2-31
channel-protocol command 2-34
Cisco SoftPhone
auto-QoS configuration 2-18
trusting packets sent from 2-322
class command 2-35
class-map command 2-37
class maps
creating 2-37
defining the match criteria 2-282
displaying 2-412
class of service
See CoS
clear dot1x command 2-39
clear eap sessions command 2-40
clear errdisable interface 2-41
clear ip arp inspection log command 2-42
clear ip arp inspection statistics command 2-43
clear ipc command 2-46
clear ip dhcp snooping database command 2-44
clear ipv6 dhcp conflict command 2-47
clear l2protocol-tunnel counters command 2-48
clear lacp command 2-49
clear mac address-table command 2-50, 2-51
clear pagp command 2-52
clear port-security command 2-53
clear spanning-tree counters command 2-55
clear spanning-tree detected-protocols command 2-56
clear vmps statistics command 2-57
clear vtp counters command 2-58
cluster commander-address command 2-59
cluster discovery hop-count command 2-61
cluster enable command 2-62
cluster holdtime command 2-64
cluster member command 2-65
cluster outside-interface command 2-67
cluster run command 2-68
clusters
adding candidates 2-65
binding to HSRP group 2-69
building manually 2-65
communicating with
devices outside the cluster 2-67
members by using Telnet 2-376
debug messages, display B-5
displaying
candidate switches 2-415
debug messages B-5
member switches 2-417
status 2-413
hop-count limit for extended discovery 2-61
HSRP standby groups 2-69
redundancy 2-69
SNMP trap 2-619
cluster standby-group command 2-69
cluster timer command 2-71
command modes defined 1-1
commands changed in Cisco IOS Release 12.2(20)SE 1-5
command switch
See clusters
configuration files
password recovery disable considerations A-1
specifying the name 2-24, 2-29
configuring multiple interfaces 2-145
config-vlan mode
commands 2-740
description 1-4
entering 2-739
summary 1-2
copy (boot loader) command A-5
CoS
assigning default value to incoming packets 2-292
assigning to Layer 2 protocol packets 2-240
overriding the incoming value 2-292
CoS-to-DSCP map 2-296
CPU ASIC statistics, displaying 2-419
crashinfo files 2-138
D
debug auto qos command B-2
debug backup command B-4
debug cluster command B-5
debug dot1x command B-7
debug dtp command B-8
debug eap command B-9
debug etherchannel command B-10
debug ilpower command B-11
debug interface command B-12
debug ip dhcp snooping command B-13
debug ip igmp filter command B-15
debug ip igmp max-groups command B-16
debug ip igmp snooping command B-17
debug ip verify source packet command B-14
debug lacp command B-18
debug mac-notification command B-19
debug matm command B-20
debug matm move update command B-21
debug monitor command B-22
debug mvrdbg command B-23
debug nvram command B-24
debug pagp command B-25
debug platform acl command B-26
debug platform backup interface command B-27
debug platform configuration command B-35
debug platform cpu-queues command B-28
debug platform device-manager command B-30
debug platform dot1x command B-31
debug platform etherchannel command B-32
debug platform fallback-bridging command B-33
debug platform forw-tcam command B-34
debug platform ip arp inspection command B-36
debug platform ip dhcp command B-37
debug platform ip igmp snooping command B-38
debug platform ip multicast command B-40
debug platform ip unicast command B-42
debug platform ip wccp command B-44
debug platform led command B-45
debug platform matm command B-46
debug platform messaging application command B-47
debug platform phy command B-48
debug platform pm command B-50
debug platform port-asic command B-52
debug platform port-security command B-53
debug platform qos-acl-tcam command B-54
debug platform remote-commands command B-55
debug platform resource-manager command B-56
debug platform snmp command B-57
debug platform span command B-58
debug platform supervisor-asic command B-59
debug platform sw-bridge command B-60
debug platform tcam command B-61
debug platform udld command B-63
debug platform vlan command B-64
debug pm command B-65
debug port-security command B-67
debug qos-manager command B-68
debug spanning-tree backbonefast command B-71
debug spanning-tree bpdu command B-72
debug spanning-tree bpdu-opt command B-73
debug spanning-tree command B-69
debug spanning-tree mstp command B-74
debug spanning-tree switch command B-76
debug spanning-tree uplinkfast command B-78
debug sw-vlan command B-79
debug sw-vlan ifs command B-81
debug sw-vlan notification command B-82
debug sw-vlan vtp command B-84
debug udld command B-86
debug vqpc command B-88
define interface-range command 2-72
delete (boot loader) command A-6
delete command 2-74
deny (ARP access-list configuration) command 2-75
deny (IPv6) command 2-77
deny command 2-82
detect mechanism, causes 2-129
DHCP snooping
accepting untrusted packets from edge switch 2-177
enabling
on a VLAN 2-183
option 82 2-175, 2-177
trust on an interface 2-181
error recovery timer 2-135
rate limiting 2-180
DHCP snooping binding database
binding file, configuring 2-173
bindings
adding 2-171
deleting 2-171
displaying 2-480
clearing database agent statistics 2-44
database agent, configuring 2-173
displaying
binding entries 2-480
database agent status 2-482, 2-484
renewing 2-380
dir (boot loader) command A-7
directories, deleting 2-74
domain name, VTP 2-764, 2-768
dot1x auth-fail max-attempts 2-92
dot1x auth-fail vlan 2-94
dot1x command 2-90
dot1x control-direction command 2-96
dot1x critical global configuration command 2-98
dot1x critical interface configuration command 2-100
dot1x default command 2-102
dot1x fallback command 2-103
dot1x guest-vlan command 2-104
dot1x host-mode command 2-107
dot1x initialize command 2-109
dot1x mac-auth-bypass command 2-110
dot1x max-reauth-req command 2-112
dot1x max-req command 2-113
dot1x multiple-hosts command 2-114
dot1x pae command 2-115
dot1x port-control command 2-116
dot1x re-authenticate command 2-118
dot1x re-authentication command 2-119
dot1x reauthentication command 2-120
dot1x test eapol-capable command 2-121
dot1x test timeout command 2-122
dot1x timeout command 2-123
dot1x violation-mode command 2-126
dropping packets, with ACL matches 2-6
drop threshold, Layer 2 protocol tunneling 2-237
DSCP-to-CoS map 2-296
DSCP-to-DSCP-mutation map 2-296
DTP 2-698
DTP flap
error detection for 2-129
error recovery timer 2-135
DTP negotiation 2-702
dual-purpose uplink ports
selecting the type 2-286
duplex command 2-127
dynamic-access ports
configuring 2-687
restrictions 2-688
dynamic ARP inspection
ARP ACLs
apply to a VLAN 2-157
define 2-16
deny packets 2-75
display 2-403
permit packets 2-339
clear
log buffer 2-42
statistics 2-43
display
ARP ACLs 2-403
configuration and operating state 2-475
log buffer 2-475
statistics 2-475
trust state and rate limit 2-475
enable per VLAN 2-167
error detection for 2-129
error recovery timer 2-135
log buffer
clear 2-42
configure 2-161
display 2-475
rate-limit incoming ARP packets 2-159
statistics
clear 2-43
display 2-475
trusted interface state 2-163
type of packet logged 2-168
validation checks 2-165
dynamic auto VLAN membership mode 2-697
dynamic desirable VLAN membership mode 2-697
Dynamic Host Configuration Protocol (DHCP)
See DHCP snooping
Dynamic Trunking Protocol
See DTP
E
EAP-request/identity frame
maximum number to send 2-113
response time before retransmitting 2-123
encapsulation methods 2-716
environment variables, displaying 2-408
errdisable detect cause command 2-129
errdisable detect cause small-frame comand 2-132
errdisable recovery cause small-frame 2-134
errdisable recovery command 2-135
error conditions, displaying 2-451
error disable detection 2-129
error-disabled interfaces, displaying 2-462
EtherChannel
assigning Ethernet interface to channel group 2-31
creating port-channel logical interface 2-143
debug EtherChannel/PAgP, display B-10
debug platform-specific events, display B-32
displaying 2-455
enabling Layer 2 protocol tunneling for
LACP 2-238
PAgP 2-238
UDLD 2-238
interface information, displaying 2-462
LACP
clearing channel-group information 2-49
debug messages, display B-18
displaying 2-519
modes 2-31
port priority for hot-standby ports 2-241
restricting a protocol 2-34
system priority 2-243
load-distribution methods 2-357
PAgP
aggregate-port learner 2-335
clearing channel-group information 2-52
debug messages, display B-25
displaying 2-572
error detection for 2-129
error recovery timer 2-135
learn method 2-335
modes 2-31
physical-port learner 2-335
priority of interface for transmitted traffic 2-337
Ethernet controller, internal register display 2-421
Ethernet statistics, collecting 2-383
exception crashinfo command 2-138
exit command 2-754
extended discovery of candidate switches 2-61
extended-range VLANs
and allowed VLAN list 2-716
and pruning-eligible list 2-716
configuring 2-739
extended system ID for STP 2-638
F
fallback profile command 2-139
fallback profiles, displaying 2-458
fan information, displaying 2-447
file name, VTP 2-764
files, deleting 2-74
flash_init (boot loader) command A-9
Flex Links
configuring 2-691
configuring preferred VLAN 2-693
displaying 2-462
flowcontrol command 2-141
format (boot loader) command A-10
forwarding packets, with ACL matches 2-6
forwarding results, display C-6
frame forwarding information, displaying C-6
front-end controller, counter and status information C-8
fsck (boot loader) command A-11
G
global configuration mode 1-2, 1-3
H
hardware ACL statistics 2-399
help (boot loader) command A-12
hierarchical policy maps 2-355
hop-count limit for clusters 2-61
host connection, port configuration 2-696
host ports, private VLANs 2-700
Hot Standby Router Protocol
See HSRP
HSRP
binding HSRP group to cluster 2-69
standby group 2-69
I
IEEE 802.1Q trunk ports and native VLANs 2-756
IEEE 802.1Q tunnel ports
configuring 2-697
displaying 2-436
limitations 2-698
IEEE 802.1x
and switchport modes 2-698
violation error recovery 2-135
See also port-based authentication
IEEE 802.1X Port Based Authentication
enabling guest VLAN supplicant 2-92, 2-103, 2-140
IGMP filters
applying 2-186
debug messages, display B-15
IGMP groups, setting maximum 2-187
IGMP maximum groups, debugging B-16
IGMP profiles
creating 2-189
displaying 2-487
IGMP snooping
adding ports as a static member of a group 2-205
displaying 2-488, 2-493, 2-495
enabling 2-191
enabling the configurable-leave timer 2-193
enabling the Immediate-Leave feature 2-202
flooding query count 2-199
interface topology change notification behavior 2-201
multicast table 1-5, 2-491
querier 2-195
query solicitation 2-199
report suppression 2-197
switch topology change notification behavior 2-199
images
See software images
Immediate-Leave feature, MVR 2-332
immediate-leave processing 2-202
Immediate-Leave processing, IPv6 2-233
interface configuration mode 1-2, 1-4
interface port-channel command 2-143
interface range command 2-145
interface-range macros 2-72
interfaces
assigning Ethernet interface to channel group 2-31
configuring 2-127
configuring multiple 2-145
creating port-channel logical 2-143
debug messages, display B-12
disabling 2-615
displaying the MAC address table 2-539
restarting 2-615
interface speed, configuring 2-674
interface vlan command 2-147
internal registers, displaying 2-421, 2-430
Internet Group Management Protocol
See IGMP
invalid GBIC
error detection for 2-129
error recovery timer 2-135
ip access-group command 2-149
ip address command 2-152
IP addresses, setting 2-152
IP address matching 2-280
ip admission command 2-154
ip admission name proxy http command 2-155
ip arp inspection filter vlan command 2-157
ip arp inspection limit command 2-159
ip arp inspection log-buffer command 2-161
ip arp inspection trust command 2-163
ip arp inspection validate command 2-165
ip arp inspection vlan command 2-167
ip arp inspection vlan logging command 2-168
IP DHCP snooping
See DHCP snooping
ip dhcp snooping binding command 2-171
ip dhcp snooping command 2-170
ip dhcp snooping database command 2-173
ip dhcp snooping information option allow-untrusted command 2-177
ip dhcp snooping information option command 2-175
ip dhcp snooping information option format remote-id command 2-179
ip dhcp snooping limit rate command 2-180
ip dhcp snooping trust command 2-181
ip dhcp snooping verify command 2-182
ip dhcp snooping vlan command 2-183
ip dhcp snooping vlan information option format-type circuit-id string command 2-184
ip igmp filter command 2-186
ip igmp max-groups command 2-187
ip igmp profile command 2-189
ip igmp snooping command 2-191
ip igmp snooping last-member-query-interval command 2-193
ip igmp snooping querier command 2-195
ip igmp snooping report-suppression command 2-197
ip igmp snooping tcn command 2-199
ip igmp snooping tcn flood command 2-201
ip igmp snooping vlan immediate-leave command 2-202
ip igmp snooping vlan mrouter command 2-203
ip igmp snooping vlan static command 2-205
IP multicast addresses 2-329
IP phones
auto-QoS configuration 2-18
trusting packets sent from 2-322
IP-precedence-to-DSCP map 2-296
ip source binding command 2-207
IP source guard
disabling 2-211
displaying
binding entries 2-497
configuration 2-498
dynamic binding entries only 2-480
enabling 2-211
static IP source bindings 2-207
ip ssh command 2-209
IPv6 access list, deny conditions 2-77
ipv6 access-list command 2-212
ipv6 address dhcp command 2-214
ipv6 dhcp client request vendor command 2-215
ipv6 dhcp ping packets command 2-216
ipv6 dhcp pool command 2-218
ipv6 dhcp server command 2-220
ipv6 mld snooping command 2-222
ipv6 mld snooping last-listener-query count command 2-224
ipv6 mld snooping last-listener-query-interval command 2-226
ipv6 mld snooping listener-message-suppression command 2-228
ipv6 mld snooping robustness-variable command 2-229
ipv6 mld snooping tcn command 2-231
ipv6 mld snooping vlan command 2-233
IPv6 SDM template 2-384
ipv6 traffic-filter command 2-235
ip verify source command 2-211
J
jumbo frames
See MTU
L
l2protocol-tunnel command 2-237
l2protocol-tunnel cos command 2-240
LACP
See EtherChannel
lacp port-priority command 2-241
lacp system-priority command 2-243
Layer 2 mode, enabling 2-685
Layer 2 protocol ports, displaying 2-517
Layer 2 protocol-tunnel
error detection for 2-129
error recovery timer 2-135
Layer 2 protocol tunnel counters 2-48
Layer 2 protocol tunneling error recovery 2-238
Layer 2 traceroute
IP addresses 2-730
MAC addresses 2-727
Layer 3 mode, enabling 2-685
line configuration mode 1-2, 1-5
Link Aggregation Control Protocol
See EtherChannel
link flap
error detection for 2-129
error recovery timer 2-135
link state group command 2-249
link state track command 2-251
load-distribution methods for EtherChannel 2-357
location (global configuration) command 2-245
location (interface configuration) command 2-247
logging event command 2-252
logging event power-inline-status command 2-253
logging file command 2-254
logical interface 2-143
loopback error
detection for 2-129
recovery timer 2-135
loop guard, for spanning tree 2-639, 2-643
M
mac access-group command 2-256
MAC access-groups, displaying 2-527
MAC access list configuration mode 2-258
mac access-list extended command 2-258
MAC access lists 2-82
MAC addresses
disabling MAC address learning per VLAN 2-261
displaying
aging time 2-533
all 2-531
dynamic 2-537
MAC address-table move updates 2-542
notification settings 2-541, 2-544
number of addresses in a VLAN 2-535
per interface 2-539
per VLAN 2-548
static 2-546
static and dynamic entries 2-529
dynamic
aging time 2-260
deleting 2-50
displaying 2-537
enabling MAC address notification 2-265
enabling MAC address-table move update 2-263
matching 2-280
static
adding and removing 2-267
displaying 2-546
dropping on an interface 2-268
tables 2-531
MAC address notification, debugging B-19
mac address-table aging-time 2-256, 2-280
mac address-table aging-time command 2-260
mac address-table learning command 2-261
mac address-table move update command 2-263
mac address-table notification command 2-265
mac address-table static command 2-267
mac address-table static drop command 2-268
macro apply command 2-270
macro description command 2-273
macro global command 2-274
macro global description command 2-277
macro name command 2-278
macros
adding a description 2-273
adding a global description 2-277
applying 2-274
creating 2-278
displaying 2-574
interface range 2-72, 2-145
specifying parameter values 2-274
tracing 2-274
maps
QoS
defining 2-296
displaying 2-558
VLAN
creating 2-751
defining 2-280
displaying 2-607
match (access-map configuration) command 2-280
match (class-map configuration) command 2-282
maximum transmission unit
See MTU
mdix auto command 2-284
media-type command 2-286
member switches
See clusters
memory (boot loader) command A-13
mkdir (boot loader) command A-14
MLD snooping
configuring 2-228, 2-229
configuring queries 2-224, 2-226
configuring topology change notification 2-231
displaying 2-507, 2-509, 2-511, 2-513
enabling 2-222
MLD snooping on a VLAN, enabling 2-233
mls qos aggregate-policer command 2-290
mls qos command 2-288
mls qos cos command 2-292
mls qos dscp-mutation command 2-294
mls qos map command 2-296
mls qos queue-set output buffers command 2-300
mls qos queue-set output threshold command 2-302
mls qos rewrite ip dscp command 2-304
mls qos srr-queue input bandwidth command 2-306
mls qos srr-queue input buffers command 2-308
mls qos-srr-queue input cos-map command 2-310
mls qos srr-queue input dscp-map command 2-312
mls qos srr-queue input priority-queue command 2-314
mls qos srr-queue input threshold command 2-316
mls qos-srr-queue output cos-map command 2-318
mls qos srr-queue output dscp-map command 2-320
mls qos trust command 2-322
mls qos vlan-based command 2-324
mode, MVR 2-329
Mode button, and password recovery 2-387
modes, commands 1-1
monitor session command 2-325
more (boot loader) command A-15
MSTP
displaying 2-589
interoperability 2-56
link type 2-641
MST region
aborting changes 2-647
applying changes 2-647
configuration name 2-647
configuration revision number 2-647
current or pending display 2-647
displaying 2-589
MST configuration mode 2-647
VLANs-to-instance mapping 2-647
path cost 2-649
protocol mode 2-645
restart protocol migration process 2-56
root port
loop guard 2-639
preventing from becoming designated 2-639
restricting which can be root 2-639
root guard 2-639
root switch
affects of extended system ID 2-638
hello-time 2-652, 2-660
interval between BDPU messages 2-653
interval between hello BPDU messages 2-652, 2-660
max-age 2-653
maximum hop count before discarding BPDU 2-654
port priority for selection of 2-656
primary or secondary 2-660
switch priority 2-659
state changes
blocking to forwarding state 2-666
enabling BPDU filtering 2-630, 2-664
enabling BPDU guard 2-632, 2-664
enabling Port Fast 2-664, 2-666
forward-delay time 2-651
length of listening and learning states 2-651
rapid transition to forwarding 2-641
shutting down Port Fast-enabled ports 2-664
state information display 2-588
MTU
configuring size 2-724
displaying global setting 2-596
Multicase Listener Discovery
See MLD
multicast group address, MVR 2-332
multicast groups, MVR 2-330
Multicast Listener Discovery
See MLD
multicast router learning method 2-203
multicast router ports, configuring 2-203
multicast router ports, IPv6 2-233
multicast storm control 2-682
multicast VLAN, MVR 2-329
multicast VLAN registration
See MVR
Multiple Spanning Tree Protocol
See MSTP
MVR
and address aliasing 2-330
configuring 2-329
configuring interfaces 2-332
debug messages, display B-23
displaying 2-566
displaying interface information 2-568
members, displaying 2-570
mvr (global configuration) command 2-329
mvr (interface configuration) command 2-332
mvr vlan group command 2-333
N
native VLANs 2-716
native VLAN tagging 2-756
Network Admission Control Software Configuration Guide 2-154, 2-156
nonegotiate, speed 2-674
nonegotiating DTP messaging 2-702
non-IP protocols
denying 2-82
forwarding 2-347
non-IP traffic access lists 2-258
non-IP traffic forwarding
denying 2-82
permitting 2-347
normal-range VLANs 2-739, 2-745
no vlan command 2-739, 2-749
O
online diagnostics
displaying
configured boot-up coverage level 2-434
current scheduled tasks 2-434
event logs 2-434
supported test suites 2-434
test ID 2-434
test results 2-434
test statistics 2-434
global configuration mode
clearing health monitoring diagnostic test schedule 2-42
clearing test-based testing schedule 2-87
setting health monitoring diagnostic testing 2-42
setting test-based testing 2-87
setting up health monitoring diagnostic test schedule 2-42
setting up test-based testing 2-87
health monitoring diagnostic tests, configuring 2-85
scheduled switchover
disabling 2-87
enabling 2-87
scheduling
enabling 2-87
removing 2-87
test interval, setting 2-87
P
PAgP
See EtherChannel
pagp learn-method command 2-335
pagp port-priority command 2-337
password, VTP 2-764, 2-768
password-recovery mechanism, enabling and disabling 2-387
permit (ARP access-list configuration) command 2-339
permit (IPv6) command 2-341
permit (MAC access-list configuration) command 2-347
per-VLAN spanning-tree plus
See STP
physical-port learner 2-335
PID, displaying 2-474
PIM-DVMRP, as multicast router learning method 2-203
PoE
configuring the power budget 2-362
configuring the power management mode 2-359
displaying controller register values 2-428
displaying power management information 2-582
logging of status 2-253
police aggregate command 2-352
police command 2-350
policed-DSCP map 2-296
policy-map command 2-354
policy maps
applying to an interface 2-389, 2-394
creating 2-354
displaying 2-577
hierarchical 2-355
policers
displaying 2-551
for a single class 2-350
for multiple classes 2-290, 2-352
policed-DSCP map 2-296
traffic classification
defining the class 2-35
defining trust states 2-732
setting DSCP or IP precedence values 2-392
Port Aggregation Protocol
See EtherChannel
port-based authentication
AAA method list 2-3
configuring violation modes 2-126
debug messages, display B-7
enabling IEEE 802.1x
globally 2-90
per interface 2-116
guest VLAN 2-104
host modes 2-107
IEEE 802.1x AAA accounting methods 2-1
initialize an interface 2-109, 2-122
MAC authentication bypass 2-110
manual control of authorization state 2-116
PAE as authenticator 2-115
periodic re-authentication
enabling 2-120
time between attempts 2-123
quiet period between failed authentication exchanges 2-123
re-authenticating IEEE 802.1x-enabled ports 2-118
resetting configurable IEEE 802.1x parameters 2-102
switch-to-authentication server retransmission time 2-123
switch-to-client frame-retransmission number2-112to 2-113
switch-to-client retransmission time 2-123
test for IEEE 802.1x readiness 2-121
port-channel load-balance command 2-357
Port Fast, for spanning tree 2-666
port ranges, defining 2-72
ports, debugging B-65
ports, protected 2-715
port security
aging 2-709
debug messages, display B-67
enabling 2-704
violation error recovery 2-135
port trust states for QoS 2-322
port types, MVR 2-332
power information, displaying 2-447
power inline command 2-359
power inline consumption command 2-362
Power over Ethernet
See PoE
priority-queue command 2-364
private-vlan command 2-366
private-vlan mapping command 2-369
private VLANs
association 2-713
configuring 2-366
configuring ports 2-700
displaying 2-602
host ports 2-700
mapping
configuring 2-713
displaying 2-462
promiscuous ports 2-700
privileged EXEC mode 1-2, 1-3
product identification information, displaying 2-474
promiscuous ports, private VLANs 2-700
protected ports, displaying 2-467
pruning
VLANs 2-716
VTP
displaying interface information 2-462
enabling 2-764, 2-768
pruning-eligible VLAN list 2-718
PVST+
See STP
Q
QoS
auto-QoS
configuring 2-18
debug messages, display 1-5, B-2
displaying 2-404
class maps
creating 2-37
defining the match criteria 2-282
displaying 2-412
defining the CoS value for an incoming packet 2-292
displaying configuration information 2-404, 2-550
DSCP transparency 2-304
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 2-294
defining DSCP-to-DSCP-mutation map 2-296
egress queues
allocating buffers 2-300
defining the CoS output queue threshold map 2-318
defining the DSCP output queue threshold map 2-320
displaying buffer allocations 2-554
displaying CoS output queue threshold map 2-558
displaying DSCP output queue threshold map 2-558
displaying queueing strategy 2-554
displaying queue-set settings 2-561
enabling bandwidth shaping and scheduling 2-678
enabling bandwidth sharing and scheduling 2-680
limiting the maximum output on a port 2-676
mapping a port to a queue-set 2-371
mapping CoS values to a queue and threshold 2-318
mapping DSCP values to a queue and threshold 2-320
setting maximum and reserved memory allocations 2-302
setting WTD thresholds 2-302
enabling 2-288
ingress queues
allocating buffers 2-308
assigning SRR scheduling weights 2-306
defining the CoS input queue threshold map 2-310
defining the DSCP input queue threshold map 2-312
displaying buffer allocations 2-554
displaying CoS input queue threshold map 2-558
displaying DSCP input queue threshold map 2-558
displaying queueing strategy 2-554
displaying settings for 2-552
enabling the priority queue 2-314
mapping CoS values to a queue and threshold 2-310
mapping DSCP values to a queue and threshold 2-312
setting WTD thresholds 2-316
maps
defining 2-296, 2-310, 2-312, 2-318, 2-320
displaying 2-558
policy maps
applying an aggregate policer 2-352
applying to an interface 2-389, 2-394
creating 2-354
defining policers 2-290, 2-350
displaying policers 2-551
displaying policy maps 2-577
hierarchical 2-355
policed-DSCP map 2-296
setting DSCP or IP precedence values 2-392
traffic classifications 2-35
trust states 2-732
port trust states 2-322
queues, enabling the expedite 2-364
statistics
in-profile and out-of-profile packets 2-554
packets enqueued or dropped 2-554
sent and received CoS values 2-554
sent and received DSCP values 2-554
trusted boundary for IP phones 2-322
VLAN-based 2-324
quality of service
See QoS
querytime, MVR 2-329
queue-set command 2-371
R
radius-server dead-criteria command 2-372
radius-server host command 2-374
rapid per-VLAN spanning-tree plus
See STP
rapid PVST+
See STP
rcommand command 2-376
re-authenticating IEEE 802.1x-enabled ports 2-118
re-authentication
periodic 2-120
time between attempts 2-123
receiver ports, MVR 2-332
receiving flow-control packets 2-141
recovery mechanism
causes 2-135
display 2-41, 2-410, 2-449, 2-453
timer interval 2-136
redundancy for cluster switches 2-69
remote-span command 2-378
Remote Switched Port Analyzer
See RSPAN
rename (boot loader) command A-16
renew ip dhcp snooping database command 2-380
reset (boot loader) command A-17
reset command 2-754
resource templates, displaying 2-584
restricted VLAN
See dot1x auth-fail vlan
rmdir (boot loader) command A-18
rmon collection stats command 2-383
root guard, for spanning tree 2-639
routed ports
IP addresses on 2-153
number supported 2-153
RSPAN
configuring 2-325
displaying 2-564
filter RSPAN traffic 2-325
remote-span command 2-378
sessions
displaying 2-564
S
scheduled switchover
disabling 2-87
enabling 2-87
sdm prefer command 2-384
SDM templates
allowed resources 2-385
displaying 2-584
dual IPv4 and IPv6 2-384
secure ports, limitations 2-706
sending flow-control packets 2-141
service password-recovery command 2-387
service-policy command 2-389
set (boot loader) command A-19
set command 2-392
setup command 2-394
setup express command 2-397
show access-lists command 2-399
show archive status command 2-402
show arp access-list command 2-403
show auto qos command 2-404
show boot command 2-408
show cable-diagnostics tdr command 2-410
show changes command 2-754
show class-map command 2-412
show cluster candidates command 2-415
show cluster command 2-413
show cluster members command 2-417
show controllers cpu-interface command 2-419
show controllers ethernet-controller command 2-421
show controllers power inline command 2-428
show controllers tcam command 2-430
show controller utilization command 2-432
show current command 2-754
show dot1q-tunnel command 2-436
show dot1x command 2-437
show dtp 2-442
show eap command 2-444
show env command 2-447
show errdisable detect command 2-449
show errdisable flap-values command 2-451
show errdisable recovery command 2-453
show etherchannel command 2-455
show facility-alarm status 2-458
show fallback profile command 2-458
show flowcontrol command 2-460
show interfaces command 2-462
show interfaces counters command 2-472
show inventory command 2-474
show ip arp inspection command 2-475
show ipc command 2-500
show ip dhcp snooping binding command 2-480
show ip dhcp snooping command 2-479
show ip dhcp snooping database command 2-482, 2-484
show ip igmp profile command 2-487
show ip igmp snooping address command 2-509
show ip igmp snooping command 2-488, 2-507
show ip igmp snooping groups command 2-491
show ip igmp snooping mrouter command 2-493, 2-511
show ip igmp snooping querier command 2-495, 2-513
show ip source binding command 2-497
show ipv6 access-list command 2-504
show ipv6 dhcp conflict command 2-506
show ipv6 route updated 2-515
show ip verify source command 2-498
show l2protocol-tunnel command 2-517
show lacp command 2-519
show link state group command 2-525
show location 2-523
show mac access-group command 2-527
show mac address-table address command 2-531
show mac address-table aging time command 2-533
show mac address-table command 2-529
show mac address-table count command 2-535
show mac address-table dynamic command 2-537
show mac address-table interface command 2-539
show mac address-table learning command 2-541
show mac address-table move update command 2-542
show mac address-table notification command 2-51, 2-544, B-21
show mac address-table static command 2-546
show mac address-table vlan command 2-548
show mls qos aggregate-policer command 2-551
show mls qos command 2-550
show mls qos input-queue command 2-552
show mls qos interface command 2-554
show mls qos maps command 2-558
show mls qos queue-set command 2-561
show mls qos vlan command 2-563
show monitor command 2-564
show mvr command 2-566
show mvr interface command 2-568
show mvr members command 2-570
show pagp command 2-572
show parser macro command 2-574
show platform acl command C-2
show platform backup interface command C-3
show platform configuration command C-4
show platform etherchannel command C-5
show platform forward command C-6
show platform frontend-controller command C-8
show platform igmp snooping command C-9
show platform ip multicast command C-11
show platform ip unicast command C-12
show platform ipv6 unicast command C-17
show platform ip wccp command C-16
show platform layer4op command C-19
show platform mac-address-table command C-20
show platform messaging command C-21
show platform monitor command C-22
show platform mvr table command C-23
show platform pm command C-24
show platform port-asic command C-25
show platform port-security command C-30
show platform qos command C-31
show platform resource-manager command C-32
show platform snmp counters command C-34
show platform spanning-tree command C-35
show platform stp-instance command C-36
show platform tcam command C-37
show platform vlan command C-40
show policy-map command 2-577
show port security command 2-579
show power inline command 2-582
show proposed command 2-754
show sdm prefer command 2-584
show setup express command 2-587
show spanning-tree command 2-588
show storm-control command 2-594
show system mtu command 2-596
show trust command 2-732
show udld command 2-597
show version command 2-600
show vlan access-map command 2-607
show vlan command 2-602
show vlan command, fields 2-604
show vlan filter command 2-608
show vmps command 2-609
show vtp command 2-611
shutdown command 2-615
shutdown threshold, Layer 2 protocol tunneling 2-237
shutdown vlan command 2-616
small violation-rate command 2-617
Smartports macros
See macros
SNMP host, specifying 2-623
SNMP informs, enabling the sending of 2-619
snmp-server enable traps command 2-619
snmp-server host command 2-623
snmp trap mac-notification command 2-627
SNMP traps
enabling MAC address notification trap 2-627
enabling the MAC address notification feature 2-265
enabling the sending of 2-619
SoftPhone
See Cisco SoftPhone
software images
deleting 2-74
downloading 2-8
upgrading 2-8
uploading 2-14
software version, displaying 2-600
source ports, MVR 2-332
SPAN
configuring 2-325
debug messages, display B-22
displaying 2-564
filter SPAN traffic 2-325
sessions
add interfaces to 2-325
displaying 2-564
start new 2-325
spanning-tree backbonefast command 2-629
spanning-tree bpdufilter command 2-630
spanning-tree bpduguard command 2-632
spanning-tree cost command 2-634
spanning-tree etherchannel command 2-636
spanning-tree extend system-id command 2-638
spanning-tree guard command 2-639
spanning-tree link-type command 2-641
spanning-tree loopguard default command 2-643
spanning-tree mode command 2-645
spanning-tree mst configuration command 2-647
spanning-tree mst cost command 2-649
spanning-tree mst forward-time command 2-651
spanning-tree mst hello-time command 2-652
spanning-tree mst max-age command 2-653
spanning-tree mst max-hops command 2-654
spanning-tree mst port-priority command 2-656
spanning-tree mst pre-standard command 2-658
spanning-tree mst priority command 2-659
spanning-tree mst root command 2-660
spanning-tree portfast (global configuration) command 2-664
spanning-tree portfast (interface configuration) command 2-666
spanning-tree port-priority command 2-662
Spanning Tree Protocol
See STP
spanning-tree transmit hold-count command 2-668
spanning-tree uplinkfast command 2-669
spanning-tree vlan command 2-671
speed command 2-674
srr-queue bandwidth limit command 2-676
srr-queue bandwidth share command 2-680
SSH, configuring version 2-209
static-access ports, configuring 2-687
statistics, Ethernet group 2-383
sticky learning, enabling 2-704
storm-control command 2-682
STP
BackboneFast 2-629
counters, clearing 2-55
debug messages, display
BackboneFast events B-71
MSTP B-74
optimized BPDUs handling B-73
spanning-tree activity B-69
switch shim B-76
transmitted and received BPDUs B-72
UplinkFast B-78
detection of indirect link failures 2-629
enabling protocol tunneling for 2-237
EtherChannel misconfiguration 2-636
extended system ID 2-638
path cost 2-634
protocol modes 2-645
root port
accelerating choice of new 2-669
loop guard 2-639
preventing from becoming designated 2-639
restricting which can be root 2-639
root guard 2-639
UplinkFast 2-669
root switch
affects of extended system ID 2-638, 2-672
hello-time 2-671
interval between BDPU messages 2-671
interval between hello BPDU messages 2-671
max-age 2-671
port priority for selection of 2-662
primary or secondary 2-671
switch priority 2-671
state changes
blocking to forwarding state 2-666
enabling BPDU filtering 2-630, 2-664
enabling BPDU guard 2-632, 2-664
enabling Port Fast 2-664, 2-666
enabling timer to recover from error state 2-135
forward-delay time 2-671
length of listening and learning states 2-671
shutting down Port Fast-enabled ports 2-664
state information display 2-588
VLAN options 2-659, 2-671
SVIs, creating 2-147
SVI status calculation 2-689
Switched Port Analyzer
See SPAN
switching characteristics
modifying 2-685
returning to interfaces 2-685
switchport access command 2-687
switchport autostate exclude command 2-689
switchport backup interface command 2-691
switchport block command 2-695
switchport command 2-685
switchport host command 2-696
switchport mode command 2-697
switchport mode private-vlan command 2-700
switchport nonegotiate command 2-702
switchport port-security aging command 2-709
switchport port-security command 2-704
switchport priority extend command 2-711
switchport private-vlan command 2-713
switchport protected command 2-715
switchports, displaying 2-462
switchport trunk command 2-716
switchport voice vlan command 2-719, 2-720
system env temperature threshold yellow command 2-722
system message logging 2-253
system message logging, save message to flash 2-254
system mtu command 2-724
system resource templates 2-384
T
tar files, creating, listing, and extracting 2-11
TDR, running 2-726
Telnet, using to communicate to cluster switches 2-376
temperature information, displaying 2-447
templates, system resources 2-384
test cable-diagnostics tdr command 2-726
test relay 2-727
traceroute mac command 2-727
traceroute mac ip command 2-730
trunking, VLAN mode 2-697
trunk mode 2-697
trunk ports 2-697
trunks, to non-DTP device 2-698
trusted boundary for QoS 2-322
trusted port states for QoS 2-322
tunnel ports, Layer 2 protocol, displaying 2-517
type (boot loader) command A-22
U
UDLD
aggressive mode 2-734, 2-736
debug messages, display B-86
enable globally 2-734
enable per interface 2-736
error recovery timer 2-135
message timer 2-734
normal mode 2-734, 2-736
reset a shutdown interface 2-738
status 2-597
udld command 2-734
udld port command 2-736
udld reset command 2-738
unicast storm control 2-682
UniDirectional Link Detection
See UDLD
unknown multicast traffic, preventing 2-695
unknown unicast traffic, preventing 2-695
unset (boot loader) command A-23
upgrading
software images
downloading 2-8
monitoring status of 2-402
UplinkFast, for STP 2-669
user EXEC mode 1-2, 1-3
V
version (boot loader) command A-25
vlan (global configuration) command 2-739
vlan (VLAN configuration) command 2-745
vlan access-map command 2-751
VLAN access map configuration mode 2-751
VLAN access maps
actions 2-6
displaying 2-607
VLAN-based QoS 2-324
VLAN configuration
rules 2-742, 2-747
saving 2-739, 2-749
VLAN configuration mode
commands
VLAN 2-745
VTP 2-768
description 1-5
entering 2-753
summary 1-2
vlan database command 2-753
vlan dot1q tag native command 2-756
vlan filter command 2-757
VLAN filters, displaying 2-608
VLAN ID range 2-739, 2-745
VLAN maps
applying 2-757
creating 2-751
defining 2-280
displaying 2-607
VLAN Query Protocol
See VQP
VLANs
adding 2-739
configuring 2-739, 2-745
debug messages, display
ISL B-82
VLAN IOS file system error tests B-81
VLAN manager activity B-79
VTP B-84
displaying configurations 2-602
enabling guest VLAN supplicant 2-92, 2-103, 2-140
extended-range 2-739
MAC addresses
displaying 2-548
number of 2-535
media types 2-742, 2-747
normal-range 2-739, 2-745
private 2-700
configuring 2-366
displaying 2-602
See also private VLANs
restarting 2-616
saving the configuration 2-739
shutting down 2-616
SNMP traps for VTP 2-621, 2-624
suspending 2-616
variables 2-745
VLAN Trunking Protocol
See VTP
VMPS
configuring servers 2-762
displaying 2-609
error recovery timer 2-136
reconfirming dynamic VLAN assignments 2-759
vmps reconfirm (global configuration) command 2-760
vmps reconfirm (privileged EXEC) command 2-759
vmps retry command 2-761
vmps server command 2-762
voice VLAN
configuring 2-719, 2-720
setting port priority 2-711
VQP
and dynamic-access ports 2-688
clearing client statistics 2-57
displaying information 2-609
per-server retry count 2-761
reconfirmation interval 2-760
reconfirming dynamic VLAN assignments 2-759
VTP
changing characteristics 2-764
clearing pruning counters 2-58
configuring
domain name 2-764, 2-768
file name 2-764
mode 2-764, 2-768
password 2-764, 2-768
counters display fields 2-612
displaying information 2-611
enabling
pruning 2-764, 2-768
tunneling for 2-237
Version 2 2-764, 2-768
mode 2-764, 2-768
pruning 2-764, 2-768
saving the configuration 2-739, 2-749
statistics 2-611
status 2-611
status display fields 2-613
vtp (global configuration) command 2-764
vtp (VLAN configuration) command 2-768