A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
Index
A
aaa accounting dot1x command 2-1
aaa authentication dot1x command 2-3
aaa authorization network command 2-5, 2-22, 2-27, 2-29, 2-31, 2-33, 2-126, 2-460, B-5, B-29
AAA methods 2-3
abort command 2-836
access control entries
See ACEs
access control lists
See ACLs
access groups
IP 2-183
MAC, displaying 2-589
access list, IPv6 2-252
access map configuration mode 2-319
access mode 2-778
access ports 2-778
ACEs 2-110, 2-393
ACLs
deny 2-108
displaying 2-442
for non-IP protocols 2-297
IP 2-183
matching 2-319
on Layer 2 interfaces 2-183
permit 2-391
action command 2-6
aggregate-port learner 2-380
allowed VLANs 2-798
apply command 2-836
archive copy-sw command 2-8
archive download-sw command 2-11
archive tar command 2-15
archive upload-sw command 2-18
arp (boot loader) command A-2
arp access-list command 2-20
authentication control-direction command 2-22
authentication event command 2-24
authentication failed VLAN
See dot1x auth-fail vlan
authentication fallback command 2-27
authentication host-mode command 2-29
authentication open command 2-31
authentication order command 2-33
authentication periodic command 2-35
authentication port-control command 2-37
authentication priority command 2-39
authentication timer command 2-41
authentication violation command 2-43
auth-fail max-attempts
See dot1x auth-fail max-attempts
auth-fail vlan
See dot1x auth-fail vlan
auth open command 2-31
auth order command 2-33
authorization state of controlled port 2-142
auth timer command 2-41
autonegotiation of duplex mode 2-151
auto qos voip command 2-45
B
BackboneFast, for STP 2-701
backup interfaces
configuring 2-773
displaying 2-513
boot (boot loader) command A-3
boot auto-copy-sw command 2-49
boot auto-download-sw command 2-51
boot config-file command 2-53
boot enable-break command 2-54
boot helper command 2-55
boot helper-config file command 2-56
booting
Cisco IOS image 2-59
displaying environment variables 2-455
interrupting 2-54
manually 2-57
boot loader
accessing A-1
booting
Cisco IOS image A-3
helper image 2-55
directories
creating A-19
displaying a list of A-8
removing A-23
displaying
available commands A-13
memory heap utilization A-14
version A-30
environment variables
described A-24
displaying settings A-24
location of A-25
setting A-24
unsetting A-28
files
copying A-6
deleting A-7
displaying a list of A-8
displaying the contents of A-5, A-20, A-27
renaming A-21
file system
formatting A-11
initializing flash A-10
running a consistency check A-12
prompt A-1
resetting the system A-22
boot manual command 2-57
boot private-config-file command 2-58
boot system command 2-59
BPDU filtering, for spanning tree 2-702, 2-736
BPDU guard, for spanning tree 2-704, 2-736
broadcast storm control 2-757
C
cat (boot loader) command A-5
CDP, enabling protocol tunneling for 2-278
channel-group command 2-61
channel-protocol command 2-65
Cisco SoftPhone
auto-QoS configuration 2-45
trusting packets sent from 2-360
CISP
See Client Information Signalling Protocol
cisp
debug platform cisp command B-29
cisp enable command 2-66
class command 2-67
class-map command 2-69
class maps
creating 2-69
defining the match criteria 2-321
displaying 2-461
class of service
See CoS
clear dot1x command 2-71
clear eap command 2-72
clear energywise neighbors command 2-73
clear errdisable interface 2-74
clear ip arp inspection log command 2-75
clear ip arp inspection statistics command 2-76
clear ipc command 2-81
clear ip dhcp snooping database command 2-77, 2-79
clear ipv6 dhcp conflict command 2-82
clear l2protocol-tunnel counters command 2-83
clear lacp command 2-84
clear logging command 2-85
clear mac address-table command 2-86, 2-87
clear nmsp statistics command 2-88
clear pagp command 2-89
clear port-security command 2-90
clear spanning-tree counters command 2-92
clear spanning-tree detected-protocols command 2-93
clear vmps statistics command 2-94
clear vtp counters command 2-95
Client Information Signalling Protocol 2-66, 2-126, 2-460, B-5, B-29
command modes defined 1-2
configuration files
password recovery disable considerations A-1
specifying the name 2-53, 2-58
configuring multiple interfaces 2-179
config-vlan mode
commands 2-822
description 1-5
entering 2-821
summary 1-2
copy (boot loader) command A-6
copy logging onboard command 2-96
CoS
assigning default value to incoming packets 2-330
assigning to Layer 2 protocol packets 2-281
overriding the incoming value 2-330
CoS-to-DSCP map 2-334
CPU ASIC statistics, displaying 2-462
crashinfo files 2-170
D
debug auto qos command B-2
debug backup command B-4
debug cisp command B-5
debug dot1x command B-6
debug dtp command B-7
debug eap command B-8
debug etherchannel command B-9
debug fastethernet command B-10
debug interface command B-13
debug ip dhcp snooping command B-11
debug ip igmp filter command B-14
debug ip igmp max-groups command B-15
debug ip igmp snooping command B-16
debug ip verify source packet command B-12
debug lacp command B-17
debug lldp packets command B-18
debug mac-notification command B-19
debug matm command B-20
debug matm move update command B-21
debug monitor command B-22
debug mvrdbg command B-23
debug nmsp command B-24
debug nvram command B-25
debug pagp command B-26
debug platform acl command B-27
debug platform backup interface command B-28
debug platform cisp command B-29
debug platform cli-redirection main command B-30
debug platform configuration command B-31
debug platform cpu-queues command B-32
debug platform device-manager command B-34
debug platform dot1x command B-35
debug platform etherchannel command B-36
debug platform fallback-bridging command B-37
debug platform ip arp inspection command B-38
debug platform ipc command B-47
debug platform ip dhcp command B-39
debug platform ip igmp snooping command B-40
debug platform ip multicast command B-42
debug platform ip unicast command B-44
debug platform ip wccp command B-46
debug platform led command B-48
debug platform matm command B-49
debug platform messaging application command B-50
debug platform phy command B-51
debug platform pm command B-53
debug platform port-asic command B-55
debug platform port-security command B-56
debug platform qos-acl-tcam command B-57
debug platform remote-commands command B-58
debug platform resource-manager command B-59
debug platform snmp command B-60
debug platform span command B-61
debug platform stack-manager command B-62
debug platform supervisor-asic command B-63
debug platform sw-bridge command B-64
debug platform tcam command B-65
debug platform udld command B-68
debug platform vlan command B-69
debug pm command B-70
debug port-security command B-72
debug qos-manager command B-73
debug spanning-tree backbonefast command B-76
debug spanning-tree bpdu command B-77
debug spanning-tree bpdu-opt command B-78
debug spanning-tree command B-74
debug spanning-tree mstp command B-79
debug spanning-tree switch command B-81
debug spanning-tree uplinkfast command B-83
debug sw-vlan command B-84
debug sw-vlan ifs command B-86
debug sw-vlan notification command B-87
debug sw-vlan vtp command B-89
debug udld command B-91
debug vqpc command B-93
define interface-range command 2-98
delete (boot loader) command A-7
delete command 2-100
deny (ARP access-list configuration) command 2-101
deny (IPv6) command 2-103
deny command 2-108
detect mechanism, causes 2-162
DHCP snooping
accepting untrusted packets from edge switch 2-211
enabling
on a VLAN 2-217
option 82 2-209, 2-211
trust on an interface 2-215
error recovery timer 2-166
rate limiting 2-214
DHCP snooping binding database
binding file, configuring 2-207
bindings
adding 2-205
deleting 2-205
displaying 2-534
clearing database agent statistics 2-77, 2-79
database agent, configuring 2-207
displaying
binding entries 2-534
database agent status 2-536, 2-538
renewing 2-421
dir (boot loader) command A-8
directories, deleting 2-100
domain name, VTP 2-847, 2-851
dot1x auth-fail max-attempts 2-120
dot1x auth-fail vlan 2-122
dot1x command 2-118
dot1x control-direction command 2-124
dot1x credentials (global configuration) command 2-126
dot1x critical global configuration command 2-127
dot1x critical interface configuration command 2-129
dot1x default command 2-131
dot1x fallback command 2-132
dot1x guest-vlan command 2-133
dot1x host-mode command 2-135
dot1x initialize command 2-136
dot1x mac-auth-bypass command 2-137
dot1x max-reauth-req command 2-139
dot1x max-req command 2-140
dot1x pae command 2-141
dot1x port-control command 2-142
dot1x re-authenticate command 2-144
dot1x reauthentication command 2-145
dot1x timeout command 2-146
dot1x violation-mode command 2-148
dropping packets, with ACL matches 2-6
drop threshold, Layer 2 protocol tunneling 2-278
DSCP-to-CoS map 2-334
DSCP-to-DSCP-mutation map 2-334
DTP 2-779
DTP flap
error detection for 2-162
error recovery timer 2-166
DTP negotiation 2-783
dual IPv4 and IPv6 templates 2-386
duplex command 2-150
dynamic-access ports
configuring 2-769
restrictions 2-770
dynamic ARP inspection
ARP ACLs
apply to a VLAN 2-191
define 2-20
deny packets 2-101
display 2-446
permit packets 2-384
clear
log buffer 2-75
statistics 2-76
display
ARP ACLs 2-446
configuration and operating state 2-529
log buffer 2-529
statistics 2-529
trust state and rate limit 2-529
enable per VLAN 2-201
error detection for 2-162
error recovery timer 2-166
log buffer
clear 2-75
configure 2-195
display 2-529
rate-limit incoming ARP packets 2-193
statistics
clear 2-76
display 2-529
trusted interface state 2-197
type of packet logged 2-202
validation checks 2-199
dynamic auto VLAN membership mode 2-778
dynamic desirable VLAN membership mode 2-778
Dynamic Host Configuration Protocol (DHCP)
See DHCP snooping
Dynamic Trunking Protocol
See DTP
E
EAP-request/identity frame
maximum number to send 2-140
response time before retransmitting 2-146
encapsulation methods 2-798
energywise (global configuration) command 2-152, 2-154
energywise domain command 2-156
energywise query command 2-158
environment variables, displaying 2-455
errdisable detect cause command 2-162
errdisable detect cause small-frame command 2-164
errdisable recovery cause small-frame 2-169
errdisable recovery command 2-166
error conditions, displaying 2-501
error disable detection 2-162
error-disabled interfaces, displaying 2-513
EtherChannel
assigning Ethernet interface to channel group 2-61
creating port-channel logical interface 2-177
debug EtherChannel/PAgP, display B-9
debug platform-specific events, display B-36
displaying 2-504
enabling Layer 2 protocol tunneling for
LACP 2-279
PAgP 2-279
UDLD 2-279
interface information, displaying 2-513
LACP
clearing channel-group information 2-84, 2-85
debug messages, display B-17
displaying 2-575
modes 2-61
port priority for hot-standby ports 2-282
restricting a protocol 2-65
system priority 2-284
load-distribution methods 2-401
EtherChannel (continued)
PAgP
aggregate-port learner 2-380
clearing channel-group information 2-89
debug messages, display B-26
displaying 2-640
error detection for 2-162
error recovery timer 2-166
learn method 2-380
modes 2-61
physical-port learner 2-380
priority of interface for transmitted traffic 2-382
Ethernet controller, internal register display 2-464, 2-471
Ethernet Management port, debugging B-10
Ethernet statistics, collecting 2-425
exception crashinfo command 2-170, 2-175
exit command 2-836
extended-range VLANs
and allowed VLAN list 2-798
and pruning-eligible list 2-798
configuring 2-821
extended system ID for STP 2-710
F
fallback profile command 2-171
fallback profiles, displaying 2-507
fan information, displaying 2-497
file name, VTP 2-847
files, deleting 2-100
flash_init (boot loader) command A-10
flexible authentication ordering 2-33
Flex Links
configuring 2-773
displaying 2-513
flowcontrol command 2-173
format (boot loader) command A-11
forwarding packets, with ACL matches 2-6
forwarding results, display C-7
frame forwarding information, displaying C-7
front-end controller counter and status information C-9
fsck (boot loader) command A-12
G
global configuration mode 1-2, 1-4
H
hardware ACL statistics 2-442
health monitoring diagnostic tests 2-111
help (boot loader) command A-13
hierarchical policy maps 2-399
host connection, port configuration 2-777
host ports, private VLANs 2-781
I
IEEE 802.1Q trunk ports and native VLANs 2-838
IEEE 802.1Q tunnel ports
configuring 2-778
displaying 2-483
limitations 2-779
IEEE 802.1x
and switchport modes 2-779
violation error recovery 2-166
See also port-based authentication
IGMP filters
applying 2-220
debug messages, display B-14
IGMP groups, setting maximum 2-222
IGMP maximum groups, debugging B-15
IGMP profiles
creating 2-224
displaying 2-541
IGMP snooping
adding ports as a static member of a group 2-240
displaying 2-542, 2-547, 2-549
enabling 2-226
enabling the configurable-leave timer 2-228
enabling the Immediate-Leave feature 2-237
flooding query count 2-234
interface topology change notification behavior 2-236
multicast table 2-545
querier 2-230
query solicitation 2-234
report suppression 2-232
switch topology change notification behavior 2-234
images
See software images
Immediate-Leave processing
IGMP 2-237
IPv6 2-274
MVR 2-370
interface configuration mode 1-2, 1-4
interface port-channel command 2-177
interface range command 2-179
interface-range macros 2-98
interfaces
assigning Ethernet interface to channel group 2-61
configuring 2-150
configuring multiple 2-179
creating port-channel logical 2-177
debug messages, display B-13
disabling 2-687
displaying the MAC address table 2-601
restarting 2-687
interface speed, configuring 2-747
interface vlan command 2-181
internal registers, displaying 2-464, 2-471, 2-474
Internet Group Management Protocol
See IGMP
invalid GBIC
error detection for 2-162
error recovery timer 2-166
ip access-group command 2-183
ip address command 2-186
IP addresses, setting 2-186
IP address matching 2-319
ip admission command 2-188
ip admission name proxy http command 2-189
ip arp inspection filter vlan command 2-191
ip arp inspection limit command 2-193
ip arp inspection log-buffer command 2-195
ip arp inspection trust command 2-197
ip arp inspection validate command 2-199
ip arp inspection vlan command 2-201
ip arp inspection vlan logging command 2-202
IP DHCP snooping
See DHCP snooping
ip dhcp snooping binding command 2-205
ip dhcp snooping command 2-204
ip dhcp snooping database command 2-207
ip dhcp snooping information option allow-untrusted command 2-211
ip dhcp snooping information option command 2-209
ip dhcp snooping information option format remote-id command 2-213
ip dhcp snooping limit rate command 2-214
ip dhcp snooping trust command 2-215
ip dhcp snooping verify command 2-216
ip dhcp snooping vlan command 2-217
ip dhcp snooping vlan information option format-type circuit-id string command 2-218
ip igmp filter command 2-220
ip igmp max-groups command 2-222, 2-247, 2-249
ip igmp profile command 2-224
ip igmp snooping command 2-226
ip igmp snooping last-member-query-interval command 2-228
ip igmp snooping querier command 2-230
ip igmp snooping report-suppression command 2-232
ip igmp snooping tcn command 2-234
ip igmp snooping tcn flood command 2-236
ip igmp snooping vlan immediate-leave command 2-237
ip igmp snooping vlan mrouter command 2-238
ip igmp snooping vlan static command 2-240
IP multicast addresses 2-367
IP phones
auto-QoS configuration 2-45
trusting packets sent from 2-360
IP-precedence-to-DSCP map 2-334
ip snap forwarding command 2-242
ip source binding command 2-243
IP source guard
disabling 2-251
displaying
binding entries 2-551
configuration 2-553
dynamic binding entries only 2-534
enabling 2-251
static IP source bindings 2-243
ip ssh command 2-245
IPv6 access list, deny conditions 2-103
ipv6 access-list command 2-252
ipv6 address dhcp command 2-254
ipv6 dhcp client request vendor command 2-255
ipv6 dhcp ping packets command 2-256
ipv6 dhcp pool command 2-258
ipv6 dhcp server command 2-260
ipv6 mld snooping command 2-262
ipv6 mld snooping last-listener-query count command 2-264
ipv6 mld snooping last-listener-query-interval command 2-266
ipv6 mld snooping listener-message-suppression command 2-268
ipv6 mld snooping robustness-variable command 2-270
ipv6 mld snooping tcn command 2-272
ipv6 mld snooping vlan command 2-274
IPv6 SDM template 2-426
ipv6 traffic-filter command 2-276
ip verify source command 2-251
J
jumbo frames
See MTU
L
l2protocol-tunnel command 2-278
l2protocol-tunnel cos command 2-281
LACP
See EtherChannel
lacp port-priority command 2-282
lacp system-priority command 2-284
Layer 2 mode, enabling 2-767
Layer 2 protocol ports, displaying 2-572
Layer 2 protocol-tunnel
error detection for 2-162
error recovery timer 2-166
Layer 2 protocol tunnel counters 2-83
Layer 2 protocol tunneling error recovery 2-279
Layer 2 traceroute
IP addresses 2-812
MAC addresses 2-809
Layer 3 mode, enabling 2-767
line configuration mode 1-3, 1-6
Link Aggregation Control Protocol
See EtherChannel
link flap
error detection for 2-162
error recovery timer 2-166
link state group command 2-286
link state track command 2-288
load-distribution methods for EtherChannel 2-401
location (global configuration) command 2-289
location (interface configuration) command 2-291
logging file command 2-293
logical interface 2-177
loopback error
detection for 2-162
recovery timer 2-166
loop guard, for spanning tree 2-712, 2-716
M
mac access-group command 2-295
MAC access-groups, displaying 2-589
MAC access list configuration mode 2-297
mac access-list extended command 2-297
MAC access lists 2-108
MAC addresses
disabling MAC address learning per VLAN 2-300
displaying
aging time 2-595
all 2-593
dynamic 2-599
MAC address-table move updates 2-604
notification settings 2-603, 2-606
number of addresses in a VLAN 2-597
per interface 2-601
per VLAN 2-610
static 2-608
static and dynamic entries 2-591
dynamic
aging time 2-299
deleting 2-86
displaying 2-599
enabling MAC address notification 2-304
enabling MAC address-table move update 2-302
matching 2-319
persistent stack 2-755
static
adding and removing 2-306
displaying 2-608
dropping on an interface 2-307
tables 2-593
MAC address notification, debugging B-19
mac address-table aging-time 2-295, 2-319
mac address-table aging-time command 2-299
mac address-table learning command 2-300
mac address-table move update command 2-302
mac address-table notification command 2-304
mac address-table static command 2-306
mac address-table static drop command 2-307
MAC frames
See MTU
macro apply command 2-309
macro description command 2-312
macro global command 2-313
macro global description command 2-316
macro name command 2-317
macros
adding a description 2-312
adding a global description 2-316
applying 2-313
creating 2-317
displaying 2-642
interface range 2-98, 2-179
specifying parameter values 2-313
tracing 2-313
maps
QoS
defining 2-334
displaying 2-620
VLAN
creating 2-833
defining 2-319
displaying 2-679
match (access-map configuration) command 2-319
match (class-map configuration) command 2-321
maximum transmission unit
See MTU
mdix auto command 2-324
memory (boot loader) command A-14
mgmt_clr (boot loader) command A-16
mgmt_init (boot loader) command A-17, A-18
mkdir (boot loader) command A-19
MLD snooping
configuring 2-268, 2-270
configuring queries 2-264, 2-266
configuring topology change notification 2-272
displaying 2-562, 2-564, 2-566, 2-568
enabling 2-262
enabling on a VLAN 2-274
mls qos aggregate-policer command 2-328
mls qos command 2-326
mls qos cos command 2-330
mls qos dscp-mutation command 2-332
mls qos map command 2-334
mls qos queue-set output buffers command 2-338
mls qos queue-set output threshold command 2-340
mls qos rewrite ip dscp command 2-342
mls qos srr-queue input bandwidth command 2-344
mls qos srr-queue input buffers command 2-346
mls qos-srr-queue input cos-map command 2-348
mls qos srr-queue input dscp-map command 2-350
mls qos srr-queue input priority-queue command 2-352
mls qos srr-queue input threshold command 2-354
mls qos-srr-queue output cos-map command 2-356
mls qos srr-queue output dscp-map command 2-358
mls qos trust command 2-360
mls qos vlan-based command 2-362
mode, MVR 2-367
Mode button, and password recovery 2-429
modes, commands 1-2
monitor session command 2-363
more (boot loader) command A-20
MSTP
displaying 2-656
interoperability 2-93
link type 2-714
MST region
aborting changes 2-720
applying changes 2-720
configuration name 2-720
configuration revision number 2-720
current or pending display 2-720
displaying 2-656
MST configuration mode 2-720
VLANs-to-instance mapping 2-720
path cost 2-722
protocol mode 2-718
restart protocol migration process 2-93
root port
loop guard 2-712
preventing from becoming designated 2-712
restricting which can be root 2-712
root guard 2-712
root switch
affects of extended system ID 2-710
hello-time 2-725, 2-732
interval between BDPU messages 2-726
interval between hello BPDU messages 2-725, 2-732
max-age 2-726
maximum hop count before discarding BPDU 2-727
port priority for selection of 2-728
primary or secondary 2-732
switch priority 2-731
state changes
blocking to forwarding state 2-739
enabling BPDU filtering 2-702, 2-736
enabling BPDU guard 2-704, 2-736
enabling Port Fast 2-736, 2-739
forward-delay time 2-724
length of listening and learning states 2-724
rapid transition to forwarding 2-714
shutting down Port Fast-enabled ports 2-736
state information display 2-655
MTU
configuring size 2-806
displaying global setting 2-668
Multicase Listener Discovery
See MLD
multicast group address, MVR 2-370
multicast groups, MVR 2-368
Multicast Listener Discovery
See MLD
multicast router learning method 2-238
multicast router ports, configuring 2-238
multicast router ports, IPv6 2-274
multicast storm control 2-757
multicast VLAN, MVR 2-367
multicast VLAN registration
See MVR
multiple hosts on authorized port 2-135
Multiple Spanning Tree Protocol
See MSTP
MVR
configuring 2-367
configuring interfaces 2-370
debug messages, display B-23
displaying 2-629
displaying interface information 2-631
members, displaying 2-633
mvr (global configuration) command 2-367
mvr (interface configuration) command 2-370
mvr vlan group command 2-371
N
native VLANs 2-798
native VLAN tagging 2-838
network-policy (global configuration) command 2-373
network-policy command 2-372
network-policy profile (network-policy configuration) command 2-374
nmsp attachment suppress command 2-377
nmsp command 2-376
nonegotiate
DTP messaging 2-783
speed 2-747
non-IP protocols
denying 2-108
forwarding 2-391
non-IP traffic access lists 2-297
non-IP traffic forwarding
denying 2-108
permitting 2-391
non-stop forwarding 2-378
normal-range VLANs 2-821, 2-827
no vlan command 2-821, 2-831
nsf command 2-378
O
online diagnostics
configuring health monitoring diagnostic tests 2-111
displaying
configured boot-up coverage level 2-478
current scheduled tasks 2-478
event logs 2-478
supported test suites 2-478
test ID 2-478
test results 2-478
test statistics 2-478
enabling
scheduling 2-113
syslog messages 2-111
global configuration mode
clearing health monitoring diagnostic test schedule 2-111
clearing test-based testing schedule 2-113
online diagnostics (continued)
setting health monitoring diagnostic testing 2-111
setting test-based testing 2-113
setting up health monitoring diagnostic test schedule 2-111
setting up test-based testing 2-113
removing scheduling 2-113
scheduled switchover
disabling 2-113
enabling 2-113
setting test interval 2-113
specifying health monitoring diagnostic tests 2-111
starting testing 2-115
P
PAgP
See EtherChannel
pagp learn-method command 2-380
pagp port-priority command 2-382
password, VTP 2-847, 2-851
password-recovery mechanism, enabling and disabling 2-429
permit (ARP access-list configuration) command 2-384
permit (IPv6) command 2-386
permit (MAC access-list configuration) command 2-391
per-VLAN spanning-tree plus
See STP
physical-port learner 2-380
PID, displaying 2-528
PIM-DVMRP, as multicast router learning method 2-238
police aggregate command 2-396
police command 2-394
policed-DSCP map 2-334
policy-map command 2-398
policy maps
applying to an interface 2-431, 2-437
creating 2-398
displaying 2-645
hierarchical 2-399
policers
displaying 2-613
for a single class 2-394
for multiple classes 2-328, 2-396
policed-DSCP map 2-334
traffic classification
defining the class 2-67
defining trust states 2-814
setting DSCP or IP precedence values 2-435
Port Aggregation Protocol
See EtherChannel
port-based authentication
AAA method list 2-3
configuring violation modes 2-148
debug messages, display B-6
enabling guest VLAN supplicant 2-121, 2-132
enabling IEEE 802.1x
globally 2-118
per interface 2-142
guest VLAN 2-133
host modes 2-135
IEEE 802.1x AAA accounting methods 2-1
initialize an interface 2-136
MAC authentication bypass 2-137
manual control of authorization state 2-142
multiple hosts on authorized port 2-135
PAE as authenticator 2-141
periodic re-authentication
enabling 2-145
time between attempts 2-146
quiet period between failed authentication exchanges 2-146
re-authenticating IEEE 802.1x-enabled ports 2-144
resetting configurable IEEE 802.1x parameters 2-131
port-based authentication (continued)
switch-to-authentication server retransmission time 2-146
switch-to-client frame-retransmission number2-139to 2-140
switch-to-client retransmission time 2-146
port-channel load-balance command 2-401
Port Fast, for spanning tree 2-739
port ranges, defining 2-96, 2-98
ports, debugging B-70
ports, protected 2-796
port security
aging 2-790
debug messages, display B-72
enabling 2-785
violation error recovery 2-166
port trust states for QoS 2-360
port types, MVR 2-370
power information, displaying 2-497
priority-queue command 2-403
priority value, stack member 2-663, 2-762
private-vlan command 2-405
private-vlan mapping command 2-408
private VLANs
association 2-794
configuring 2-405
configuring ports 2-781
displaying 2-674
host ports 2-781
mapping
configuring 2-794
displaying 2-513
promiscuous ports 2-781
privileged EXEC mode 1-2, 1-3
product identification information, displaying 2-528
promiscuous ports, private VLANs 2-781
protected ports, displaying 2-519
pruning
VLANs 2-798
VTP
displaying interface information 2-513
enabling 2-847, 2-851
pruning-eligible VLAN list 2-800
PVST+
See STP
Q
QoS
auto-QoS
configuring 2-45
debug messages, display B-2
displaying 2-451
class maps
creating 2-69
defining the match criteria 2-321
displaying 2-461
defining the CoS value for an incoming packet 2-330
displaying configuration information 2-451, 2-612
DSCP transparency 2-342
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 2-332
defining DSCP-to-DSCP-mutation map 2-334
egress queues
allocating buffers 2-338
defining the CoS output queue threshold map 2-356
defining the DSCP output queue threshold map 2-358
displaying buffer allocations 2-616
displaying CoS output queue threshold map 2-620
displaying DSCP output queue threshold map 2-620
displaying queueing strategy 2-616
displaying queue-set settings 2-623
enabling bandwidth shaping and scheduling 2-751
enabling bandwidth sharing and scheduling 2-753
limiting the maximum output on a port 2-749
mapping a port to a queue-set 2-410
mapping CoS values to a queue and threshold 2-356
mapping DSCP values to a queue and threshold 2-358
setting maximum and reserved memory allocations 2-340
setting WTD thresholds 2-340
enabling 2-326
ingress queues
allocating buffers 2-346
assigning SRR scheduling weights 2-344
defining the CoS input queue threshold map 2-348
defining the DSCP input queue threshold map 2-350
displaying buffer allocations 2-616
displaying CoS input queue threshold map 2-620
displaying DSCP input queue threshold map 2-620
displaying queueing strategy 2-616
displaying settings for 2-614
enabling the priority queue 2-352
mapping CoS values to a queue and threshold 2-348
mapping DSCP values to a queue and threshold 2-350
setting WTD thresholds 2-354
maps
defining 2-334, 2-348, 2-350, 2-356, 2-358
displaying 2-620
policy maps
applying an aggregate policer 2-396
applying to an interface 2-431, 2-437
creating 2-398
defining policers 2-328, 2-394
displaying policers 2-613
displaying policy maps 2-645
hierarchical 2-399
policed-DSCP map 2-334
setting DSCP or IP precedence values 2-435
traffic classifications 2-67
trust states 2-814
port trust states 2-360
queues, enabling the expedite 2-403
statistics
in-profile and out-of-profile packets 2-616
packets enqueued or dropped 2-616
sent and received CoS values 2-616
sent and received DSCP values 2-616
trusted boundary for IP phones 2-360
VLAN-based 2-362
quality of service
See QoS
querytime, MVR 2-367
queue-set command 2-410
R
radius-server dead-criteria command 2-411
radius-server host command 2-413
rapid per-VLAN spanning-tree plus
See STP
rapid PVST+
See STP
re-authenticating IEEE 802.1x-enabled ports 2-144
re-authentication
periodic 2-145
time between attempts 2-146
receiver ports, MVR 2-370
receiving flow-control packets 2-173
recovery mechanism
causes 2-166
display 2-74, 2-458, 2-499, 2-502
timer interval 2-167
reload command 2-415
remote command 2-417
remote-span command 2-419
Remote Switched Port Analyzer
See RSPAN
rename (boot loader) command A-21
renew ip dhcp snooping database command 2-421
reset (boot loader) command A-22
reset command 2-836
resource templates, displaying 2-650
restricted VLAN
See dot1x auth-fail vlan
rmdir (boot loader) command A-23
rmon collection stats command 2-425
root guard, for spanning tree 2-712
routed ports
IP addresses on 2-187
number supported 2-187
routing frames
See MTU
RSPAN
configuring 2-363
displaying 2-626
filter RSPAN traffic 2-363
remote-span command 2-419
sessions
add interfaces to 2-363
displaying 2-626
start new 2-363
S
scheduled switchover
disabling 2-113
enabling 2-113
SDM mismatch mode 2-427, 2-664
sdm prefer command 2-426
SDM templates
allowed resources 2-427
and stacking 2-427
displaying 2-650
dual IPv4 and IPv6 2-426
secure ports, limitations 2-787
sending flow-control packets 2-173
service password-recovery command 2-429
service-policy command 2-431
session command 2-434
set (boot loader) command A-24
set command 2-435
setup command 2-437
setup express command 2-440
show access-lists command 2-442
show archive status command 2-445
show arp access-list command 2-446
show authentication command 2-447
show auto qos command 2-451
show boot command 2-455
show cable-diagnostics tdr command 2-458
show changes command 2-836
show cisp command 2-460
show class-map command 2-461
show controllers cpu-interface command 2-462
show controllers ethernet-controller command 2-464
show controllers ethernet-controller fastethernet command 2-471
show controllers tcam command 2-474
show controller utilization command 2-476
show current command 2-836
show dot1q-tunnel command 2-483
show dot1x command 2-484
show dtp 2-488
show eap command 2-490
show energywise command 2-493
show env command 2-497
show errdisable detect command 2-499
show errdisable flap-values command 2-501
show errdisable recovery command 2-502
show etherchannel command 2-504
show fallback profile command 2-507
show flowcontrol command 2-509
show idprom command 2-511
show interfaces command 2-513
show interfaces counters command 2-525
show inventory command 2-528
show ip arp inspection command 2-529
show ipc command 2-555
show ip dhcp snooping binding command 2-534
show ip dhcp snooping command 2-533
show ip dhcp snooping database command 2-536, 2-538
show ip igmp profile command 2-541
show ip igmp snooping address command 2-564
show ip igmp snooping command 2-542, 2-562
show ip igmp snooping groups command 2-545
show ip igmp snooping mrouter command 2-547, 2-566
show ip igmp snooping querier command 2-549, 2-568
show ip source binding command 2-551
show ipv6 access-list command 2-559
show ipv6 dhcp conflict command 2-561
show ipv6 route updated 2-570
show ip verify source command 2-553
show l2protocol-tunnel command 2-572
show lacp command 2-575
show link state group command 2-579
show location 2-581
show location command 2-581
show logging command 2-584
show mac access-group command 2-589
show mac address-table address command 2-593
show mac address-table aging time command 2-595
show mac address-table command 2-591
show mac address-table count command 2-597
show mac address-table dynamic command 2-599
show mac address-table interface command 2-601
show mac address-table learning command 2-603
show mac address-table move update command 2-604
show mac address-table notification command 2-87, 2-606, B-21
show mac address-table static command 2-608
show mac address-table vlan command 2-610
show mls qos aggregate-policer command 2-613
show mls qos command 2-612
show mls qos input-queue command 2-614
show mls qos interface command 2-616
show mls qos maps command 2-620
show mls qos queue-set command 2-623
show mls qos vlan command 2-625
show monitor command 2-626
show mvr command 2-629
show mvr interface command 2-631
show mvr members command 2-633
show network-policy profile command 2-635
show nmsp command 2-637
show pagp command 2-640
show parser macro command 2-642
show platform acl command C-2
show platform backup interface command C-3
show platform configuration command C-4
show platform dl command C-5
show platform etherchannel command C-6
show platform forward command C-7
show platform frontend-controller command C-9
show platform igmp snooping command C-10
show platform ipc trace command C-18
show platform ip multicast command C-12
show platform ip unicast command C-13
show platform ipv6 unicast command C-19
show platform ip wccp command C-17
show platform layer4op command C-21
show platform mac-address-table command C-22
show platform messaging command C-23
show platform monitor command C-24
show platform mvr table command C-25
show platform pm command C-26
show platform port-asic command C-27
show platform port-security command C-32
show platform qos command C-33
show platform resource-manager command C-34
show platform snmp counters command C-36
show platform spanning-tree command C-37
show platform stack-manager command C-39
show platform stp-instance command C-38
show platform tb command C-43
show platform tcam command C-45
show platform vlan command C-48
show policy-map command 2-645
show port security command 2-647
show proposed command 2-836
show sdm prefer command 2-650
show setup express command 2-654
show spanning-tree command 2-655
show storm-control command 2-661
show switch command 2-663
show system mtu command 2-668
show trust command 2-814
show udld command 2-669
show version command 2-672
show vlan access-map command 2-679
show vlan command 2-674
show vlan command, fields 2-676
show vlan filter command 2-680
show vmps command 2-681
show vtp command 2-683
shutdown command 2-687
shutdown threshold, Layer 2 protocol tunneling 2-278
shutdown vlan command 2-688
small violation-rate command 2-689
Smartports macros
See macros
SNMP host, specifying 2-695
SNMP informs, enabling the sending of 2-691
snmp-server enable traps command 2-691
snmp-server host command 2-695
snmp trap mac-notification command 2-699
SNMP traps
enabling MAC address notification trap 2-699
enabling the MAC address notification feature 2-304
enabling the sending of 2-691
SoftPhone
See Cisco SoftPhone
software images
copying 2-8
deleting 2-100
downloading 2-11
upgrading 2-8, 2-11
uploading 2-18
software version, displaying 2-672
source ports, MVR 2-370
SPAN
configuring 2-363
debug messages, display B-22
displaying 2-626
filter SPAN traffic 2-363
sessions
add interfaces to 2-363
displaying 2-626
start new 2-363
spanning-tree backbonefast command 2-701
spanning-tree bpdufilter command 2-702
spanning-tree bpduguard command 2-704
spanning-tree cost command 2-706
spanning-tree etherchannel command 2-708
spanning-tree extend system-id command 2-710
spanning-tree guard command 2-712
spanning-tree link-type command 2-714
spanning-tree loopguard default command 2-716
spanning-tree mode command 2-718
spanning-tree mst configuration command 2-720
spanning-tree mst cost command 2-722
spanning-tree mst forward-time command 2-724
spanning-tree mst hello-time command 2-725
spanning-tree mst max-age command 2-726
spanning-tree mst max-hops command 2-727
spanning-tree mst port-priority command 2-728
spanning-tree mst pre-standard command 2-730
spanning-tree mst priority command 2-731
spanning-tree mst root command 2-732
spanning-tree portfast (global configuration) command 2-736
spanning-tree portfast (interface configuration) command 2-739
spanning-tree port-priority command 2-734
Spanning Tree Protocol
See STP
spanning-tree transmit hold-count command 2-741
spanning-tree uplinkfast command 2-742
spanning-tree vlan command 2-744
speed command 2-747
srr-queue bandwidth limit command 2-749
srr-queue bandwidth shape command 2-751
srr-queue bandwidth share command 2-753
SSH, configuring version 2-245
stack-mac persistent timer command 2-755
stack member
access 2-434
number 2-663, 2-765
priority value 2-762
provisioning 2-763
reloading 2-415
stacks, switch
disabling a member 2-760
enabling a member 2-760
MAC address 2-755
provisioning a new member 2-763
reloading 2-415
stack member access 2-434
stack member number 2-663, 2-765
stack member priority value 2-663, 2-762
static-access ports, configuring 2-769
statistics, Ethernet group 2-425
sticky learning, enabling 2-785
storm-control command 2-757
STP
BackboneFast 2-701
counters, clearing 2-92
debug messages, display
BackboneFast events B-76
MSTP B-79
optimized BPDUs handling B-78
spanning-tree activity B-74
switch shim B-81
transmitted and received BPDUs B-77
UplinkFast B-83
detection of indirect link failures 2-701
enabling protocol tunneling for 2-278
EtherChannel misconfiguration 2-708
extended system ID 2-710
path cost 2-706
protocol modes 2-718
root port
accelerating choice of new 2-742
loop guard 2-712
preventing from becoming designated 2-712
restricting which can be root 2-712
root guard 2-712
UplinkFast 2-742
root switch
affects of extended system ID 2-710, 2-745
hello-time 2-744
interval between BDPU messages 2-744
interval between hello BPDU messages 2-744
max-age 2-744
port priority for selection of 2-734
primary or secondary 2-744
switch priority 2-744
state changes
blocking to forwarding state 2-739
enabling BPDU filtering 2-702, 2-736
enabling BPDU guard 2-704, 2-736
enabling Port Fast 2-736, 2-739
enabling timer to recover from error state 2-166
forward-delay time 2-744
length of listening and learning states 2-744
shutting down Port Fast-enabled ports 2-736
state information display 2-655
VLAN options 2-731, 2-744
SVIs, creating 2-181
SVI status calculation 2-771
Switched Port Analyzer
See SPAN
switching characteristics
modifying 2-767
returning to interfaces 2-767
switchport access command 2-769
switchport autostate exclude command 2-771
switchport backup interface command 2-773
switchport block command 2-776
switchport command 2-767
switchport host command 2-777
switchport mode command 2-778
switchport mode private-vlan command 2-781
switchport nonegotiate command 2-783
switchport port-security aging command 2-790
switchport port-security command 2-785
switchport priority extend command 2-792
switchport private-vlan command 2-794
switchport protected command 2-796
switchports, displaying 2-513
switchport trunk command 2-798
switchport voice detect 2-801
switchport voice vlan command 2-802
switch priority command 2-760, 2-762
switch provision command 2-763
switch renumber command 2-765
system env temperature threshold yellow command 2-804
system message logging, save message to flash 2-293
system mtu command 2-806
system resource templates 2-426
T
tar files, creating, listing, and extracting 2-15
TDR, running 2-808
temperature information, displaying 2-497
templates, system resources 2-426
test cable-diagnostics tdr command 2-808
traceroute mac command 2-809
traceroute mac ip command 2-812
trunking, VLAN mode 2-778
trunk mode 2-778
trunk ports 2-778
trunks, to non-DTP device 2-779
trusted boundary for QoS 2-360
trusted port states for QoS 2-360
tunnel ports, Layer 2 protocol, displaying 2-572
type (boot loader) command A-27
U
UDLD
aggressive mode 2-816, 2-818
debug messages, display B-91
enable globally 2-816
enable per interface 2-818
error recovery timer 2-166
message timer 2-816
normal mode 2-816, 2-818
reset a shutdown interface 2-820
status 2-669
udld command 2-816
udld port command 2-818
udld reset command 2-820
unicast storm control 2-757
UniDirectional Link Detection
See UDLD
unknown multicast traffic, preventing 2-776
unknown unicast traffic, preventing 2-776
unset (boot loader) command A-28
upgrading
copying software images 2-8
downloading software images 2-11
software images, monitoring status of 2-445
UplinkFast, for STP 2-742
user EXEC mode 1-2, 1-3
V
version (boot loader) command A-30
version mismatch mode 2-664, C-40
vlan (global configuration) command 2-821
vlan (VLAN configuration) command 2-827
vlan access-map command 2-833
VLAN access map configuration mode 2-833
VLAN access maps
actions 2-6
displaying 2-679
VLAN-based QoS 2-362
VLAN configuration
rules 2-824, 2-829
saving 2-821, 2-831
VLAN configuration mode
commands
VLAN 2-827
VTP 2-851
description 1-5
entering 2-835
summary 1-3
vlan database command 2-835
vlan dot1q tag native command 2-838
vlan filter command 2-840
VLAN filters, displaying 2-680
VLAN ID range 2-821, 2-827
VLAN maps
applying 2-840
creating 2-833
defining 2-319
displaying 2-679
VLAN Query Protocol
See VQP
VLANs
adding 2-821
configuring 2-821, 2-827
debug messages, display
ISL B-87
VLAN IOS file system error tests B-86
VLAN manager activity B-84
VTP B-89
displaying configurations 2-674
extended-range 2-821
MAC addresses
displaying 2-610
number of 2-597
media types 2-824, 2-829
normal-range 2-821, 2-827
private 2-781
configuring 2-405
displaying 2-674
See also private VLANs
restarting 2-688
saving the configuration 2-821
shutting down 2-688
SNMP traps for VTP 2-693, 2-696
suspending 2-688
variables 2-827
VLAN Trunking Protocol
See VTP
VM mode 2-664, C-40
VMPS
configuring servers 2-845
displaying 2-681
error recovery timer 2-167
reconfirming dynamic VLAN assignments 2-842
vmps reconfirm (global configuration) command 2-843
vmps reconfirm (privileged EXEC) command 2-842
vmps retry command 2-844
vmps server command 2-845
voice VLAN
configuring 2-801, 2-802
setting port priority 2-792
VQP
and dynamic-access ports 2-770
clearing client statistics 2-94
displaying information 2-681
per-server retry count 2-844
reconfirmation interval 2-843
reconfirming dynamic VLAN assignments 2-842
VTP
changing characteristics 2-847
clearing pruning counters 2-95
configuring
domain name 2-847, 2-851
file name 2-847
mode 2-847, 2-851
password 2-847, 2-851
counters display fields 2-684
displaying information 2-683
enabling
pruning 2-847, 2-851
tunneling for 2-278
Version 2 2-847, 2-851
mode 2-847, 2-851
pruning 2-847, 2-851
saving the configuration 2-821, 2-831
statistics 2-683
status 2-683
status display fields 2-685
vtp (global configuration) command 2-847
vtp (VLAN configuration) command 2-851