Index A
aaa accounting dot1x command 1
aaa authentication dot1x command 3
aaa authorization network command 5, 22, 28, 30, 32, 34, 36, 141, 291, 293, 294, 456, 7, 34
AAA methods 3
access control entries
See ACEs
access control lists
See ACLs
access groups
IP 198
MAC, displaying 565
access mode 737
access ports 737
ACEs 126, 385
ACLs
deny 124
displaying 439
for non-IP protocols 298
IP 198
on Layer 2 interfaces 198
permit 383
address aliasing 361
aggregate-port learner 377
allowed VLANs 752
archive copy-sw command 6
archive download-sw command 9
archive tar command 13
archive upload-sw command 16
arp access-list command 18
authentication command bounce-port ignore 20
authentication command disable-port ignore 21
authentication control-direction command 22
authentication event command 24
authentication failed VLAN
See dot1x auth-fail vlan
authentication fallback command 28
authentication host-mode command 30
authentication mac-move permit command 32
authentication open command 34
authentication order command 36
authentication periodic command 38
authentication port-control command 40
authentication priority command 42
authentication timer command 44
authentication violation command 46
auth-fail max-attempts
See dot1x auth-fail max-attempts
auth-fail vlan
See dot1x auth-fail vlan
auth open command 34
auth order command 36
authorization state of controlled port 159
auth timer command 44
autonegotiation of duplex mode 173
auto qos classify command 48
auto qos trust command 51
auto qos video command 54
auto qos voip command 57
B
BackboneFast, for STP 663
backup interfaces
configuring 731
displaying 507
boot (boot loader) command 2
boot auto-copy-sw command 63
boot config-file command 65
boot enable-break command 66
boot helper command 67
boot helper-config file command 68
booting
Cisco IOS image 71
displaying environment variables 452
interrupting 66
manually 69
boot loader
accessing 1
booting
Cisco IOS image 2
helper image 67
directories
creating 15
displaying a list of 7
removing 19
displaying
available commands 12
memory heap utilization 13
version 26
environment variables
described 20
displaying settings 20
location of 21
setting 20
unsetting 24
files
copying 5
deleting 6
displaying a list of 7
displaying the contents of 4, 16, 23
renaming 17
file system
formatting 10
initializing flash 9
running a consistency check 11
prompt 1
resetting the system 18
boot manual command 69
boot private-config-file command 70
boot system command 71
BPDU filtering, for spanning tree 664, 698
BPDU guard, for spanning tree 666, 698
broadcast storm control 719
C
candidate switches
See clusters
cat (boot loader) command 4
channel-group command 73
channel-protocol command 76
Cisco IP camera
auto-QoS configuration 54
Cisco SoftPhone
auto-QoS configuration 57
trusting packets sent from 353
Cisco Telepresence System
auto-QoS configuration 54
CISP
See Client Information Signalling Protocol
cisp
debug platform cisp command 34
cisp enable command 77
class command 78
class-map command 81
class maps
creating 81
defining the match criteria 310
displaying 457
class of service
See CoS
clear dot1x command 84
clear eap sessions command 85
clear errdisable interface 86
clear ip arp inspection log command 83
clear ip arp inspection statistics command 87
clear ip dhcp snooping database command 88
clear lacp command 90
clear logging onboard command 91
clear mac address-table command 92, 94
clear nmsp statistics command 95
clear pagp command 96
clear port-security command 97
clear psp counter 99
clear psp counter command 99
clear spanning-tree counters command 100
clear spanning-tree detected-protocols command 101
clear vmps statistics command 102
clear vtp counters command 103
Client Information Signalling Protocol 77, 141, 456, 7, 34
cluster commander-address command 104
cluster discovery hop-count command 106
cluster enable command 107
cluster holdtime command 108
cluster member command 109
cluster outside-interface command 111
cluster run command 112
clusters
adding candidates 109
binding to HSRP group 113
building manually 109
communicating with
devices outside the cluster 111
members by using Telnet 410
debug messages, display 8
displaying
candidate switches 460
debug messages 8
member switches 462
status 458
hop-count limit for extended discovery 106
HSRP standby groups 113
redundancy 113
SNMP trap 653
cluster standby-group command 113
cluster timer command 115
command modes defined 2
command switch
See clusters
configuration files
password recovery disable considerations 1
specifying the name 65, 70
configuring multiple interfaces 193
config-vlan mode
commands 774
entering 773
copy (boot loader) command 5
copy logging onboard command 116
CoS
assigning default value to incoming packets 321
overriding the incoming value 321
CoS-to-DSCP map 325
CPU ASIC statistics, displaying 464
crashinfo files 184
critical VLAN 26
D
debug authentication 2
debug auto qos command 4
debug backup command 6
debug cisp command 7
debug cluster command 8
debug dot1x command 10
debug dtp command 12
debug eap command 13
debug etherchannel command 14
debug ilpower command 15
debug interface command 16
debug ip dhcp snooping command 17
debug ip igmp filter command 19
debug ip igmp max-groups command 20
debug ip igmp snooping command 21
debug ip verify source packet command 18
debug lacp command 22
debug lldp packets command 23
debug mac-notification command 24
debug matm command 25
debug matm move update command 26
debug monitor command 27
debug mvrdbg command 28
debug nmsp command 29
debug nvram command 30
debug pagp command 31
debug platform acl command 32
debug platform backup interface command 33
debug platform cisp command 34
debug platform cli-redirection main command 35
debug platform configuration command 42
debug platform cpu-queues command 37
debug platform dot1x command 39
debug platform etherchannel command 40
debug platform forw-tcam command 41
debug platform ip arp inspection command 43
debug platform ip dhcp command 44
debug platform ip igmp snooping command 45
debug platform ip source-guard command 47
debug platform led command 48
debug platform matm command 49
debug platform messaging application command 50
debug platform phy command 51
debug platform pm command 53
debug platform port-asic command 55
debug platform port-security command 56
debug platform qos-acl-tcam command 57
debug platform resource-manager command 58
debug platform snmp command 59
debug platform span command 60
debug platform stack-manager command 61
debug platform supervisor-asic command 62
debug platform sw-bridge command 63
debug platform tcam command 64
debug platform udld command 66
debug platform vlan command 67
debug pm command 68
debug port-security command 70
debug qos-manager command 71
debug spanning-tree backbonefast command 74
debug spanning-tree bpdu command 75
debug spanning-tree bpdu-opt command 76
debug spanning-tree command 72
debug spanning-tree mstp command 77
debug spanning-tree switch command 79
debug spanning-tree uplinkfast command 81
debug sw-vlan command 82
debug sw-vlan ifs command 84
debug sw-vlan notification command 85
debug sw-vlan vtp command 87
debug udld command 89
debug vqpc command 91
define interface-range command 118
delete (boot loader) command 6
delete command 120
deny (ARP access-list configuration) command 122
deny command 124
detect mechanism, causes 175
DHCP snooping
accepting untrusted packets from edge switch 229
enabling
on a VLAN 234
option 82 227, 229
trust on an interface 232
error recovery timer 181
rate limiting 231
DHCP snooping binding database
binding file, configuring 225
bindings
adding 223
deleting 223
clearing database agent statistics 88
database agent, configuring 225
renewing 418
dir (boot loader) command 7
directories, deleting 120
domain name, VTP 783
dot1x auth-fail max-attempts 135
dot1x auth-fail vlan 137
dot1x command 133
dot1x control-direction command 139
dot1x credentials (global configuration) command 141
dot1x critical global configuration command 142
dot1x critical interface configuration command 144
dot1x default command 146
dot1x fallback command 147
dot1x guest-vlan command 148
dot1x host-mode command 150
dot1x initialize command 152
dot1x mac-auth-bypass command 153
dot1x max-reauth-req command 155
dot1x max-req command 157
dot1x pae command 158
dot1x port-control command 159
dot1x re-authenticate command 161
dot1x reauthentication command 162
dot1x supplicant controlled transient command 163
dot1x supplicant force-multicast command 165
dot1x test eapol-capable command 166
dot1x test timeout command 167
dot1x timeout command 168
dot1x violation-mode command 171
DSCP-to-CoS map 325
DSCP-to-DSCP-mutation map 325
DTP 738
DTP flap
error detection for 175
error recovery timer 181
DTP negotiation 739
dual-purpose uplink ports
displaying configurable options 510
displaying the active media 513
selecting the type 313
duplex command 172
dynamic-access ports
configuring 729
restrictions 730
dynamic ARP inspection
ARP ACLs
apply to a VLAN 206
define 18
deny packets 122
display 443
permit packets 381
clear
log buffer 83
statistics 87
display
ARP ACLs 443
configuration and operating state 518
log buffer 518
statistics 518
trust state and rate limit 518
enable per VLAN 216
log buffer
clear 83
configure 210
display 518
rate-limit incoming ARP packets 208
statistics
clear 87
display 518
trusted interface state 212
type of packet logged 217
validation checks 214
dynamic auto VLAN membership mode 737
dynamic desirable VLAN membership mode 737
Dynamic Host Configuration Protocol (DHCP)
See DHCP snooping
Dynamic Trunking Protocol
See DTP
E
EAP-request/identity frame
maximum number to send 157
response time before retransmitting 168
environment variables, displaying 452
epm access-control open 174
errdisable detect cause command 175
errdisable detect cause small-frame comand 178
errdisable recovery cause small-frame 180
errdisable recovery command 181
error conditions, displaying 498
error disable detection 175
error-disabled interfaces, displaying 507
EtherChannel
assigning Ethernet interface to channel group 73
creating port-channel logical interface 191
debug EtherChannel/PAgP, display 14
debug platform-specific events, display 40
displaying 501
interface information, displaying 507
LACP
clearing channel-group information 90, 91
debug messages, display 22
displaying 552
modes 73
port priority for hot-standby ports 276
restricting a protocol 76
system priority 278
load-distribution methods 392
PAgP
aggregate-port learner 377
clearing channel-group information 96
debug messages, display 31
displaying 606
error detection for 175
error recovery timer 181
learn method 377
modes 73
physical-port learner 377
priority of interface for transmitted traffic 379
Ethernet controller, internal register display 466
Ethernet controller, stackport information 473
Ethernet statistics, collecting 421
exception crashinfo command 184, 189
extended discovery of candidate switches 106
extended-range VLANs
and allowed VLAN list 752
and pruning-eligible list 752
configuring 773
extended system ID for STP 672
F
fallback profile command 185
fallback profiles, displaying 504
fan information, displaying 495
file name, VTP 783
files, deleting 120
flash_init (boot loader) command 9
flexible authentication ordering 36
Flex Links
configuring 731
configuring preferred VLAN 734
displaying 507
flowcontrol command 187
format (boot loader) command 10
fsck (boot loader) command 11
G
global configuration mode 2, 4
H
hardware ACL statistics 439
help (boot loader) command 12
hierarchical policy maps 391
hop-count limit for clusters 106
host connection, port configuration 736
Hot Standby Router Protocol
See HSRP
HSRP
binding HSRP group to cluster 113
standby group 113
I
IEEE 802.1x
and switchport modes 738
violation error recovery 181
See also port-based authentication
IEEE 802.1X Port Based Authentication
enabling guest VLAN supplicant 136, 147, 186
IGMP filters
applying 237
debug messages, display 19
IGMP groups, setting maximum 238
IGMP maximum groups, debugging 20
IGMP profiles
creating 240
displaying 530
IGMP snooping
adding ports as a static member of a group 256
displaying 531
enabling 242
enabling the configurable-leave timer 244
enabling the Immediate-Leave feature 253
flooding query count 250
interface topology change notification behavior 252
querier 246
query solicitation 250
report suppression 248
switch topology change notification behavior 250
images
See software images
Immediate-Leave feature, MVR 363
immediate-leave processing 253
Immediate-Leave processing, IPv6 274
interface configuration mode 3, 4
interface port-channel command 191
interface range command 193
interface-range macros 118
interfaces
assigning Ethernet interface to channel group 73
configuring 172
configuring multiple 193
creating port-channel logical 191
debug messages, display 16
disabling 649
displaying the MAC address table 574
restarting 649
interface speed, configuring 708
interface vlan command 196
internal registers, displaying 466, 473, 479
Internet Group Management Protocol
See IGMP
invalid GBIC
error detection for 175
error recovery timer 181
ip access-group command 198
ip address command 200
IP addresses, setting 200
ip admission command 202
ip admission name proxy http command 204
ip arp inspection filter vlan command 206
ip arp inspection limit command 208
ip arp inspection log-buffer command 210
ip arp inspection trust command 212
ip arp inspection validate command 214
ip arp inspection vlan command 216
ip arp inspection vlan logging command 217
ip device tracking command 221
ip device tracking probe command 219
IP DHCP snooping
See DHCP snooping
ip dhcp snooping binding command 223
ip dhcp snooping command 222
ip dhcp snooping database command 225
ip dhcp snooping information option allow-untrusted command 229
ip dhcp snooping information option command 227
ip dhcp snooping limit rate command 231
ip dhcp snooping trust command 232
ip dhcp snooping verify command 233
ip dhcp snooping vlan command 234
ip dhcp snooping vlan information option format-type circuit-id string command 235
ip igmp filter command 237
ip igmp max-groups command 238
ip igmp profile command 240
ip igmp snooping command 242
ip igmp snooping last-member-query-interval command 244
ip igmp snooping querier command 246
ip igmp snooping report-suppression command 248
ip igmp snooping tcn command 250
ip igmp snooping tcn flood command 252
ip igmp snooping vlan immediate-leave command 253
ip igmp snooping vlan mrouter command 254
ip igmp snooping vlan static command 256
IP multicast addresses 360
IP phones
auto-QoS configuration 57
trusting packets sent from 353
IP-precedence-to-DSCP map 325
ip source binding command 258
IP source guard
disabling 261
enabling 261
static IP source bindings 258
ip ssh command 260
ipv6 mld snooping command 262
ipv6 mld snooping last-listener-query count command 264
ipv6 mld snooping last-listener-query-interval command 266
ipv6 mld snooping listener-message-suppression command 268
ipv6 mld snooping robustness-variable command 270
ipv6 mld snooping tcn command 272
ipv6 mld snooping vlan command 274
IPv6 SDM template 422
ip verify source command 261
J
jumbo frames
See MTU
L
LACP
See EtherChannel
lacp port-priority command 276
lacp system-priority command 278
Layer 2 traceroute
IP addresses 763
MAC addresses 760
line configuration mode 3, 5
Link Aggregation Control Protocol
See EtherChannel
link flap
error detection for 175
error recovery timer 181
link state group command 280
link state track command 282
load-distribution methods for EtherChannel 392
location (global configuration) command 283
location (interface configuration) command 285
logging event command 287
logging event power-inline-status command 288
logging file command 289
logical interface 191
loopback error
detection for 175
recovery timer 181
loop guard, for spanning tree 674, 678
M
mab request format attribute 1 command 291
mab request format attribute 2 command 293
mab request format attribute 32 command 294
mac access-group command 296
MAC access-groups, displaying 565
MAC access list configuration mode 298
mac access-list extended command 298
MAC access lists 124
MAC addresses
disabling MAC address learning per VLAN 301
displaying
dynamic 572
notification settings 577
number of addresses in a VLAN 571
per interface 574
per VLAN 581
static 579
static and dynamic entries 566
dynamic
aging time 300
deleting 92
displaying 572
enabling MAC address notification 305
enabling MAC address-table move update 303
persistent stack 716
static
adding and removing 307
displaying 579
dropping on an interface 308
MAC address notification, debugging 24
mac address-table aging-time 296
mac address-table aging-time command 300
mac address-table learning command 301
mac address-table move update command 303
mac address-table notification command 305
mac address-table static command 307
mac address-table static drop command 308
macros
interface range 118, 193
maps
QoS
defining 325
match (class-map configuration) command 310
maximum transmission unit
See MTU
mdix auto command 312
media-type (interface configuration) command 313
media-type rj45 (line configuration) command 315
member switches
See clusters
memory (boot loader) command 13
mkdir (boot loader) command 15
MLD snooping
configuring 268, 270
configuring queries 264, 266
configuring topology change notification 272
displaying 542
enabling 262
MLD snooping on a VLAN, enabling 274
mls qos aggregate-policer command 319
mls qos command 317
mls qos cos command 321
mls qos dscp-mutation command 323
mls qos map command 325
mls qos queue-set output buffers command 329
mls qos queue-set output threshold command 331
mls qos queue-set stack buffers command 333
mls qos rewrite ip dscp command 335
mls qos srr-queue input bandwidth command 337
mls qos srr-queue input buffers command 339
mls qos-srr-queue input cos-map command 341
mls qos srr-queue input dscp-map command 343
mls qos srr-queue input priority-queue command 345
mls qos srr-queue input threshold command 347
mls qos-srr-queue output cos-map command 349
mls qos srr-queue output dscp-map command 351
mls qos trust command 353
mode, MVR 360
Mode button, and password recovery 427
modes, commands 2
monitor session command 355
more (boot loader) command 16
MSTP
displaying 623
interoperability 101
link type 676
MST region
aborting changes 681
applying changes 681
configuration name 681
configuration revision number 681
current or pending display 681
displaying 623
MST configuration mode 681
VLANs-to-instance mapping 681
path cost 683
protocol mode 679
restart protocol migration process 101
root port
loop guard 674
preventing from becoming designated 674
restricting which can be root 674
root guard 674
root switch
affects of extended system ID 672
hello-time 686, 694
interval between BDPU messages 687
interval between hello BPDU messages 686, 694
max-age 687
maximum hop count before discarding BPDU 688
port priority for selection of 690
primary or secondary 694
switch priority 693
state changes
blocking to forwarding state 700
enabling BPDU filtering 664, 698
enabling BPDU guard 666, 698
enabling Port Fast 698, 700
forward-delay time 685
length of listening and learning states 685
rapid transition to forwarding 676
shutting down Port Fast-enabled ports 698
state information display 622
MTU
configuring size 757
displaying global setting 634
Multicase Listener Discovery
See MLD
multicast group address, MVR 363
multicast groups, MVR 361
Multicast Listener Discovery
See MLD
multicast router learning method 254
multicast router ports, configuring 254
multicast router ports, IPv6 274
multicast storm control 719
multicast VLAN, MVR 361
multicast VLAN registration
See MVR
Multiple Spanning Tree Protocol
See MSTP
MVR
and address aliasing 361
configuring 360
configuring interfaces 363
debug messages, display 28
displaying 597
displaying interface information 598
members, displaying 600
mvr (global configuration) command 360
mvr (interface configuration) command 363
mvr vlan group command 364
N
native VLANs 752
Network Admission Control Software Configuration Guide 203, 205
network-policy (global configuration) command 367
network-policy command 366
network-policy profile (network-policy configuration) command 369
nmsp attachment suppress command 373
nmsp command 371
no authentication logging verbose 374
no dot1x logging verbose 375
no mab logging verbose 376
nonegotiate, speed 708
nonegotiating DTP messaging 739
non-IP protocols
denying 124
forwarding 383
non-IP traffic access lists 298
non-IP traffic forwarding
denying 124
permitting 383
normal-range VLANs 773
no vlan command 773
O
online diagnostics
displaying
configured boot-up coverage level 483
current scheduled tasks 483
event logs 483
supported test suites 483
test ID 483
test results 483
test statistics 483
global configuration mode
clearing health monitoring diagnostic test schedule 87
clearing test-based testing schedule 129
setting health monitoring diagnostic testing 87
setting test-based testing 129
setting up health monitoring diagnostic test schedule 87
setting up test-based testing 129
health monitoring diagnostic tests, configuring 127
scheduled switchover
disabling 129
enabling 129
scheduling
enabling 129
removing 129
testing, starting 131
test interval, setting 129
P
PAgP
See EtherChannel
pagp learn-method command 377
pagp port-priority command 379
password, VTP 784
password-recovery mechanism, enabling and disabling 427
permit (ARP access-list configuration) command 381
permit (MAC access-list configuration) command 383
per-VLAN spanning-tree plus
See STP
physical-port learner 377
PIM-DVMRP, as multicast router learning method 254
PoE
configuring the power budget 396
configuring the power management mode 393
displaying controller register values 477
displaying power management information 611
logging of status 288
monitoring power 399
policing power consumption 399
police aggregate command 388
police command 386
policed-DSCP map 325
policy-map command 390
policy maps
applying to an interface 429, 434
creating 390
hierarchical 391
policers
displaying 584
for a single class 386
for multiple classes 319, 388
policed-DSCP map 325
traffic classification
defining the class 78
defining trust states 765
setting DSCP or IP precedence values 432
Port Aggregation Protocol
See EtherChannel
port-based authentication
AAA method list 3
configuring violation modes 171
debug messages, display 10
enabling IEEE 802.1x
globally 133
per interface 159
guest VLAN 148
host modes 150
IEEE 802.1x AAA accounting methods 1
initialize an interface 152, 167
MAC authentication bypass 153
manual control of authorization state 159
PAE as authenticator 158
periodic re-authentication
enabling 162
time between attempts 168
quiet period between failed authentication exchanges 168
re-authenticating IEEE 802.1x-enabled ports 161
resetting configurable IEEE 802.1x parameters 146
switch-to-authentication server retransmission time 168
switch-to-client frame-retransmission number 155 to 157
switch-to-client retransmission time 168
test for IEEE 802.1x readiness 166
port-channel load-balance command 392
Port Fast, for spanning tree 700
port ranges, defining 116, 118
ports, debugging 68
ports, protected 750
port security
aging 746
debug messages, display 70
enabling 741
violation error recovery 181
port trust states for QoS 353
port types, MVR 363
power information, displaying 495
power inline command 393
power inline consumption command 396
power inline four-pair forced command 398
power inline police command 399
Power over Ethernet
See PoE
priority-queue command 402
priority value, stack member 630, 724
privileged EXEC mode 2, 3
protected ports, displaying 512
pruning
VLANs 752
VTP
displaying interface information 507
enabling 784
pruning-eligible VLAN list 753
psp 404
psp command 404
PVST+
See STP
Q
QoS
auto-QoS
configuring 57
debug messages, display 4
auto-QoS trust
configuring 51
auto-QoS video
configuring 54
class maps
creating 81
defining the match criteria 310
displaying 457
defining the CoS value for an incoming packet 321
displaying configuration information 583
DSCP transparency 335
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 323
defining DSCP-to-DSCP-mutation map 325
egress queues
allocating buffers 329
defining the CoS output queue threshold map 349
defining the DSCP output queue threshold map 351
displaying buffer allocations 586
displaying CoS output queue threshold map 590
displaying DSCP output queue threshold map 590
displaying queueing strategy 586
displaying queue-set settings 593
enabling bandwidth shaping and scheduling 712
enabling bandwidth sharing and scheduling 714
limiting the maximum output on a port 710
mapping a port to a queue-set 405
mapping CoS values to a queue and threshold 349
mapping DSCP values to a queue and threshold 351
setting maximum and reserved memory allocations 331
setting WTD thresholds 331
enabling 317
ingress queues
allocating buffers 339
assigning SRR scheduling weights 337
defining the CoS input queue threshold map 341
defining the DSCP input queue threshold map 343
displaying buffer allocations 586
displaying CoS input queue threshold map 590
displaying DSCP input queue threshold map 590
displaying queueing strategy 586
displaying settings for 585
enabling the priority queue 345
mapping CoS values to a queue and threshold 341
mapping DSCP values to a queue and threshold 343
setting WTD thresholds 347
maps
defining 325, 341, 343, 349, 351
policy maps
applying an aggregate policer 388
applying to an interface 429, 434
creating 390
defining policers 319, 386
displaying policers 584
hierarchical 391
policed-DSCP map 325
setting DSCP or IP precedence values 432
traffic classifications 78
trust states 765
port trust states 353
queues, enabling the expedite 402
statistics
in-profile and out-of-profile packets 586
packets enqueued or dropped 586
sent and received CoS values 586
sent and received DSCP values 586
trusted boundary for IP phones 353
quality of service
See QoS
querytime, MVR 360
queue-set command 405
R
radius-server dead-criteria command 406
radius-server host command 408
rapid per-VLAN spanning-tree plus
See STP
rapid PVST+
See STP
rcommand command 410
re-authenticating IEEE 802.1x-enabled ports 161
re-authentication
periodic 162
time between attempts 168
receiver ports, MVR 363
receiving flow-control packets 187
recovery mechanism
causes 181
display 86, 454, 497, 499
timer interval 182
redundancy for cluster switches 113
reload command 412
remote command 414
remote-span command 416
Remote Switched Port Analyzer
See RSPAN
rename (boot loader) command 17
renew ip dhcp snooping database command 418
reset (boot loader) command 18
resource templates, displaying 618
restricted VLAN
See dot1x auth-fail vlan
rmdir (boot loader) command 19
rmon collection stats command 421
root guard, for spanning tree 674
RSPAN
configuring 355
filter RSPAN traffic 355
remote-span command 416
S
scheduled switchover
disabling 129
enabling 129
SDM mismatch mode 631
sdm prefer command 422
SDM templates
displaying 618
dual IPv4 and IPv6 422
secure ports, limitations 743
sending flow-control packets 187
service password-recovery command 427
service-policy command 429
session command 431
set (boot loader) command 20
set command 432
setup command 434
setup express command 437
show access-lists command 439
show archive status command 442
show arp access-list command 443
show authentication command 444
show auto qos command 448
show boot command 452
show cable-diagnostics tdr command 454
show cisp command 456
show class-map command 457
show cluster candidates command 460
show cluster command 458
show cluster members command 462
show controllers cpu-interface command 464
show controllers ethernet-controller command 466
show controllers power inline command 477
show controllers tcam command 479
show controller utilization command 481
show dot1x command 486
show dtp 490
show eap command 492
show env command 495
show errdisable detect command 497
show errdisable flap-values command 498
show errdisable recovery command 499
show etherchannel command 501
show fallback profile command 504
show flowcontrol command 505
show interfaces command 507
show interfaces counters command 515
show inventory command 517
show ip arp inspection command 518
show ip dhcp snooping binding command 523
show ip dhcp snooping command 522
show ip dhcp snooping database command 525, 527
show ip igmp profile command 530
show ip igmp snooping command 531, 542
show ip igmp snooping groups command 534
show ip igmp snooping mrouter command 536
show ip igmp snooping querier command 537
show ip source binding command 539
show ipv6 route updated 550
show ip verify source command 540
show lacp command 552
show link state group command 556
show logging onboard command 560
show mac access-group command 565
show mac address-table address command 568
show mac address-table aging time command 569
show mac address-table command 566
show mac address-table count command 571
show mac address-table dynamic command 572
show mac address-table interface command 574
show mac address-table move update command 576
show mac address-table notification command 94, 577, 26
show mac address-table static command 579
show mac address-table vlan command 581
show mls qos aggregate-policer command 584
show mls qos command 583
show mls qos input-queue command 585
show mls qos interface command 586
show mls qos maps command 590
show mls qos queue-set command 593
show mls qos vlan command 594
show monitor command 595
show mvr command 597
show mvr interface command 598
show mvr members command 600
show network-policy profile command 602
show nmsp command 603
show pagp command 606
show platform acl command 2
show platform backup interface command 3
show platform etherchannel command 4
show platform forward command 5
show platform frontend-controller command 7
show platform igmp snooping command 8
show platform ip unicast command 9
show platform layer4op command 10
show platform mac-address-table command 11
show platform messaging command 12
show platform monitor command 13
show platform mvr table command 14
show platform pm command 15
show platform port-asic command 16
show platform port-security command 21
show platform qos command 22
show platform resource-manager command 23
show platform snmp counters command 25
show platform spanning-tree command 26
show platform stack manager command 28
show platform stp-instance command 27
show platform tb command 32
show platform tcam command 34
show platform vlan command 36
show policy-map command 608
show port security command 609
show power inline command 611
show psp config 616
show psp config command 616
show psp statistics 617
show psp statistics command 617
show sdm prefer command 618
show setup express command 621
show spanning-tree command 622
show storm-control command 628
show switch command 630
show system mtu command 634
show trust command 765
show udld command 635
show version command 638
show vlan command 639
show vlan command, fields 640
show vmps command 642
show vtp command 644
shutdown command 649
shutdown vlan command 650
small violation-rate command 651
SNMP host, specifying 657
SNMP informs, enabling the sending of 653
snmp-server enable traps command 653
snmp-server host command 657
snmp trap mac-notification change command 661
SNMP traps
enabling MAC address notification trap 661
enabling the MAC address notification feature 305
enabling the sending of 653
SoftPhone
See Cisco SoftPhone
software images
copying 6
deleting 120
downloading 9
upgrading 6, 9
uploading 16
software version, displaying 638
source ports, MVR 363
SPAN
configuring 355
debug messages, display 27
filter SPAN traffic 355
sessions
add interfaces to 355
start new 355
spanning-tree backbonefast command 663
spanning-tree bpdufilter command 664
spanning-tree bpduguard command 666
spanning-tree cost command 668
spanning-tree etherchannel command 670
spanning-tree extend system-id command 672
spanning-tree guard command 674
spanning-tree link-type command 676
spanning-tree loopguard default command 678
spanning-tree mode command 679
spanning-tree mst configuration command 681
spanning-tree mst cost command 683
spanning-tree mst forward-time command 685
spanning-tree mst hello-time command 686
spanning-tree mst max-age command 687
spanning-tree mst max-hops command 688
spanning-tree mst port-priority command 690
spanning-tree mst pre-standard command 692
spanning-tree mst priority command 693
spanning-tree mst root command 694
spanning-tree portfast (global configuration) command 698
spanning-tree portfast (interface configuration) command 700
spanning-tree port-priority command 696
Spanning Tree Protocol
See STP
spanning-tree transmit hold-count command 702
spanning-tree uplinkfast command 703
spanning-tree vlan command 705
speed command 708
srr-queue bandwidth limit command 710
srr-queue bandwidth share command 714
SSH, configuring version 260
stack-mac persistent timer command 716
stack member
access 431
number 630, 727
priority value 724
provisioning 725
reloading 412
stacks, switch
disabling a member 722
enabling a member 722
MAC address 716
provisioning a new member 725
reloading 412
stack member access 431
stack member number 630, 727
stack member priority value 630, 724
static-access ports, configuring 729
statistics, Ethernet group 421
sticky learning, enabling 741
storm-control command 719
STP
BackboneFast 663
counters, clearing 100
debug messages, display
BackboneFast events 74
MSTP 77
optimized BPDUs handling 76
spanning-tree activity 72
switch shim 79
transmitted and received BPDUs 75
UplinkFast 81
detection of indirect link failures 663
EtherChannel misconfiguration 670
extended system ID 672
path cost 668
protocol modes 679
root port
accelerating choice of new 703
loop guard 674
preventing from becoming designated 674
restricting which can be root 674
root guard 674
UplinkFast 703
root switch
affects of extended system ID 672, 706
hello-time 705
interval between BDPU messages 705
interval between hello BPDU messages 705
max-age 705
port priority for selection of 696
primary or secondary 705
switch priority 705
state changes
blocking to forwarding state 700
enabling BPDU filtering 664, 698
enabling BPDU guard 666, 698
enabling Port Fast 698, 700
enabling timer to recover from error state 181
forward-delay time 705
length of listening and learning states 705
shutting down Port Fast-enabled ports 698
state information display 622
VLAN options 693, 705
Switched Port Analyzer
See SPAN
switchport access command 729
switchport backup interface command 731
switchport block command 735
switchport host command 736
switchport mode command 737
switchport nonegotiate command 739
switchport port-security aging command 746
switchport port-security command 741
switchport priority extend command 748
switchport protected command 750
switchports, displaying 507
switchport trunk command 752
switchport voice vlan command 755
switch priority command 722, 724
switch provision command 725
switch renumber command 727
system message logging 288
system message logging, save message to flash 289
system mtu command 757
system resource templates 422
T
tar files, creating, listing, and extracting 13
TDR, running 759
Telnet, using to communicate to cluster switches 410
temperature information, displaying 495
templates, system resources 422
test cable-diagnostics tdr command 759
traceroute mac command 760
traceroute mac ip command 763
trunking, VLAN mode 737
trunk mode 737
trunk ports 737
trunks, to non-DTP device 738
trusted boundary for QoS 353
trusted port states for QoS 353
type (boot loader) command 23
U
UDLD
aggressive mode 767, 769
debug messages, display 89
enable globally 767
enable per interface 769
error recovery timer 181
message timer 767
normal mode 767, 769
reset a shutdown interface 771
status 635
udld command 767
udld port command 769
udld reset command 771
unicast storm control 719
UniDirectional Link Detection
See UDLD
unknown multicast traffic, preventing 735
unknown unicast traffic, preventing 735
unset (boot loader) command 24
upgrading
software images
copying 6
downloading 9
monitoring status of 442
UplinkFast, for STP 703
usb-inactivity-timeout (console configuration) command 772
user EXEC mode 2, 3
V
version (boot loader) command 26
version mismatch mode 631
vlan (global configuration) command 773
VLAN configuration
rules 776
saving 773
VLAN configuration mode
description 5
summary 3
VLAN ID range 773
VLAN Query Protocol
See VQP
VLANs
adding 773
configuring 773
debug messages, display
ISL 85
VLAN IOS file system error tests 84
VLAN manager activity 82
VTP 87
displaying configurations 639
enabling guest VLAN supplicant 136, 147, 186
extended-range 773
MAC addresses
displaying 581
number of 571
media types 775
normal-range 773
restarting 650
saving the configuration 773
shutting down 650
SNMP traps for VTP 655, 658
suspending 650
VLAN Trunking Protocol
See VTP
VM mode 631
VMPS
configuring servers 781
displaying 642
error recovery timer 182
reconfirming dynamic VLAN assignments 778
vmps reconfirm (global configuration) command 779
vmps reconfirm (privileged EXEC) command 778
vmps retry command 780
vmps server command 781
voice VLAN
configuring 755
setting port priority 748
VQP
and dynamic-access ports 730
clearing client statistics 102
displaying information 642
per-server retry count 780
reconfirmation interval 779
reconfirming dynamic VLAN assignments 778
VTP
changing characteristics 783
clearing pruning counters 103
configuring
domain name 783
file name 783
mode 783
password 784
counters display fields 645
displaying information 644
enabling
pruning 784
Version 2 784
enabling per port 788
mode 783
pruning 784
saving the configuration 773
statistics 644
status 644
status display fields 647
vtp (global configuration) command 783
vtp interface configuration) command 788
vtp primary command 789
Index
A
aaa accounting dot1x command 1
aaa authentication dot1x command 3
aaa authorization network command 5, 22, 28, 30, 32, 34, 36, 141, 291, 293, 294, 456, 7, 34
AAA methods 3
access control entries
See ACEs
access control lists
See ACLs
access groups
IP 198
MAC, displaying 565
access mode 737
access ports 737
ACEs 126, 385
ACLs
deny 124
displaying 439
for non-IP protocols 298
IP 198
on Layer 2 interfaces 198
permit 383
address aliasing 361
aggregate-port learner 377
allowed VLANs 752
archive copy-sw command 6
archive download-sw command 9
archive tar command 13
archive upload-sw command 16
arp access-list command 18
authentication command bounce-port ignore 20
authentication command disable-port ignore 21
authentication control-direction command 22
authentication event command 24
authentication failed VLAN
See dot1x auth-fail vlan
authentication fallback command 28
authentication host-mode command 30
authentication mac-move permit command 32
authentication open command 34
authentication order command 36
authentication periodic command 38
authentication port-control command 40
authentication priority command 42
authentication timer command 44
authentication violation command 46
auth-fail max-attempts
See dot1x auth-fail max-attempts
auth-fail vlan
See dot1x auth-fail vlan
auth open command 34
auth order command 36
authorization state of controlled port 159
auth timer command 44
autonegotiation of duplex mode 173
auto qos classify command 48
auto qos trust command 51
auto qos video command 54
auto qos voip command 57
B
BackboneFast, for STP 663
backup interfaces
configuring 731
displaying 507
boot (boot loader) command 2
boot auto-copy-sw command 63
boot config-file command 65
boot enable-break command 66
boot helper command 67
boot helper-config file command 68
booting
Cisco IOS image 71
displaying environment variables 452
interrupting 66
manually 69
boot loader
accessing 1
booting
Cisco IOS image 2
helper image 67
directories
creating 15
displaying a list of 7
removing 19
displaying
available commands 12
memory heap utilization 13
version 26
environment variables
described 20
displaying settings 20
location of 21
setting 20
unsetting 24
files
copying 5
deleting 6
displaying a list of 7
displaying the contents of 4, 16, 23
renaming 17
file system
formatting 10
initializing flash 9
running a consistency check 11
prompt 1
resetting the system 18
boot manual command 69
boot private-config-file command 70
boot system command 71
BPDU filtering, for spanning tree 664, 698
BPDU guard, for spanning tree 666, 698
broadcast storm control 719
C
candidate switches
See clusters
cat (boot loader) command 4
channel-group command 73
channel-protocol command 76
Cisco IP camera
auto-QoS configuration 54
Cisco SoftPhone
auto-QoS configuration 57
trusting packets sent from 353
Cisco Telepresence System
auto-QoS configuration 54
CISP
See Client Information Signalling Protocol
cisp
debug platform cisp command 34
cisp enable command 77
class command 78
class-map command 81
class maps
creating 81
defining the match criteria 310
displaying 457
class of service
See CoS
clear dot1x command 84
clear eap sessions command 85
clear errdisable interface 86
clear ip arp inspection log command 83
clear ip arp inspection statistics command 87
clear ip dhcp snooping database command 88
clear lacp command 90
clear logging onboard command 91
clear mac address-table command 92, 94
clear nmsp statistics command 95
clear pagp command 96
clear port-security command 97
clear psp counter 99
clear psp counter command 99
clear spanning-tree counters command 100
clear spanning-tree detected-protocols command 101
clear vmps statistics command 102
clear vtp counters command 103
Client Information Signalling Protocol 77, 141, 456, 7, 34
cluster commander-address command 104
cluster discovery hop-count command 106
cluster enable command 107
cluster holdtime command 108
cluster member command 109
cluster outside-interface command 111
cluster run command 112
clusters
adding candidates 109
binding to HSRP group 113
building manually 109
communicating with
devices outside the cluster 111
members by using Telnet 410
debug messages, display 8
displaying
candidate switches 460
debug messages 8
member switches 462
status 458
hop-count limit for extended discovery 106
HSRP standby groups 113
redundancy 113
SNMP trap 653
cluster standby-group command 113
cluster timer command 115
command modes defined 2
command switch
See clusters
configuration files
password recovery disable considerations 1
specifying the name 65, 70
configuring multiple interfaces 193
config-vlan mode
commands 774
entering 773
copy (boot loader) command 5
copy logging onboard command 116
CoS
assigning default value to incoming packets 321
overriding the incoming value 321
CoS-to-DSCP map 325
CPU ASIC statistics, displaying 464
crashinfo files 184
critical VLAN 26
D
debug authentication 2
debug auto qos command 4
debug backup command 6
debug cisp command 7
debug cluster command 8
debug dot1x command 10
debug dtp command 12
debug eap command 13
debug etherchannel command 14
debug ilpower command 15
debug interface command 16
debug ip dhcp snooping command 17
debug ip igmp filter command 19
debug ip igmp max-groups command 20
debug ip igmp snooping command 21
debug ip verify source packet command 18
debug lacp command 22
debug lldp packets command 23
debug mac-notification command 24
debug matm command 25
debug matm move update command 26
debug monitor command 27
debug mvrdbg command 28
debug nmsp command 29
debug nvram command 30
debug pagp command 31
debug platform acl command 32
debug platform backup interface command 33
debug platform cisp command 34
debug platform cli-redirection main command 35
debug platform configuration command 42
debug platform cpu-queues command 37
debug platform dot1x command 39
debug platform etherchannel command 40
debug platform forw-tcam command 41
debug platform ip arp inspection command 43
debug platform ip dhcp command 44
debug platform ip igmp snooping command 45
debug platform ip source-guard command 47
debug platform led command 48
debug platform matm command 49
debug platform messaging application command 50
debug platform phy command 51
debug platform pm command 53
debug platform port-asic command 55
debug platform port-security command 56
debug platform qos-acl-tcam command 57
debug platform resource-manager command 58
debug platform snmp command 59
debug platform span command 60
debug platform stack-manager command 61
debug platform supervisor-asic command 62
debug platform sw-bridge command 63
debug platform tcam command 64
debug platform udld command 66
debug platform vlan command 67
debug pm command 68
debug port-security command 70
debug qos-manager command 71
debug spanning-tree backbonefast command 74
debug spanning-tree bpdu command 75
debug spanning-tree bpdu-opt command 76
debug spanning-tree command 72
debug spanning-tree mstp command 77
debug spanning-tree switch command 79
debug spanning-tree uplinkfast command 81
debug sw-vlan command 82
debug sw-vlan ifs command 84
debug sw-vlan notification command 85
debug sw-vlan vtp command 87
debug udld command 89
debug vqpc command 91
define interface-range command 118
delete (boot loader) command 6
delete command 120
deny (ARP access-list configuration) command 122
deny command 124
detect mechanism, causes 175
DHCP snooping
accepting untrusted packets from edge switch 229
enabling
on a VLAN 234
option 82 227, 229
trust on an interface 232
error recovery timer 181
rate limiting 231
DHCP snooping binding database
binding file, configuring 225
bindings
adding 223
deleting 223
clearing database agent statistics 88
database agent, configuring 225
renewing 418
dir (boot loader) command 7
directories, deleting 120
domain name, VTP 783
dot1x auth-fail max-attempts 135
dot1x auth-fail vlan 137
dot1x command 133
dot1x control-direction command 139
dot1x credentials (global configuration) command 141
dot1x critical global configuration command 142
dot1x critical interface configuration command 144
dot1x default command 146
dot1x fallback command 147
dot1x guest-vlan command 148
dot1x host-mode command 150
dot1x initialize command 152
dot1x mac-auth-bypass command 153
dot1x max-reauth-req command 155
dot1x max-req command 157
dot1x pae command 158
dot1x port-control command 159
dot1x re-authenticate command 161
dot1x reauthentication command 162
dot1x supplicant controlled transient command 163
dot1x supplicant force-multicast command 165
dot1x test eapol-capable command 166
dot1x test timeout command 167
dot1x timeout command 168
dot1x violation-mode command 171
DSCP-to-CoS map 325
DSCP-to-DSCP-mutation map 325
DTP 738
DTP flap
error detection for 175
error recovery timer 181
DTP negotiation 739
dual-purpose uplink ports
displaying configurable options 510
displaying the active media 513
selecting the type 313
duplex command 172
dynamic-access ports
configuring 729
restrictions 730
dynamic ARP inspection
ARP ACLs
apply to a VLAN 206
define 18
deny packets 122
display 443
permit packets 381
clear
log buffer 83
statistics 87
display
ARP ACLs 443
configuration and operating state 518
log buffer 518
statistics 518
trust state and rate limit 518
enable per VLAN 216
log buffer
clear 83
configure 210
display 518
rate-limit incoming ARP packets 208
statistics
clear 87
display 518
trusted interface state 212
type of packet logged 217
validation checks 214
dynamic auto VLAN membership mode 737
dynamic desirable VLAN membership mode 737
Dynamic Host Configuration Protocol (DHCP)
See DHCP snooping
Dynamic Trunking Protocol
See DTP
E
EAP-request/identity frame
maximum number to send 157
response time before retransmitting 168
environment variables, displaying 452
epm access-control open 174
errdisable detect cause command 175
errdisable detect cause small-frame comand 178
errdisable recovery cause small-frame 180
errdisable recovery command 181
error conditions, displaying 498
error disable detection 175
error-disabled interfaces, displaying 507
EtherChannel
assigning Ethernet interface to channel group 73
creating port-channel logical interface 191
debug EtherChannel/PAgP, display 14
debug platform-specific events, display 40
displaying 501
interface information, displaying 507
LACP
clearing channel-group information 90, 91
debug messages, display 22
displaying 552
modes 73
port priority for hot-standby ports 276
restricting a protocol 76
system priority 278
load-distribution methods 392
PAgP
aggregate-port learner 377
clearing channel-group information 96
debug messages, display 31
displaying 606
error detection for 175
error recovery timer 181
learn method 377
modes 73
physical-port learner 377
priority of interface for transmitted traffic 379
Ethernet controller, internal register display 466
Ethernet controller, stackport information 473
Ethernet statistics, collecting 421
exception crashinfo command 184, 189
extended discovery of candidate switches 106
extended-range VLANs
and allowed VLAN list 752
and pruning-eligible list 752
configuring 773
extended system ID for STP 672
F
fallback profile command 185
fallback profiles, displaying 504
fan information, displaying 495
file name, VTP 783
files, deleting 120
flash_init (boot loader) command 9
flexible authentication ordering 36
Flex Links
configuring 731
configuring preferred VLAN 734
displaying 507
flowcontrol command 187
format (boot loader) command 10
fsck (boot loader) command 11
G
global configuration mode 2, 4
H
hardware ACL statistics 439
help (boot loader) command 12
hierarchical policy maps 391
hop-count limit for clusters 106
host connection, port configuration 736
Hot Standby Router Protocol
See HSRP
HSRP
binding HSRP group to cluster 113
standby group 113
I
IEEE 802.1x
and switchport modes 738
violation error recovery 181
See also port-based authentication
IEEE 802.1X Port Based Authentication
enabling guest VLAN supplicant 136, 147, 186
IGMP filters
applying 237
debug messages, display 19
IGMP groups, setting maximum 238
IGMP maximum groups, debugging 20
IGMP profiles
creating 240
displaying 530
IGMP snooping
adding ports as a static member of a group 256
displaying 531
enabling 242
enabling the configurable-leave timer 244
enabling the Immediate-Leave feature 253
flooding query count 250
interface topology change notification behavior 252
querier 246
query solicitation 250
report suppression 248
switch topology change notification behavior 250
images
See software images
Immediate-Leave feature, MVR 363
immediate-leave processing 253
Immediate-Leave processing, IPv6 274
interface configuration mode 3, 4
interface port-channel command 191
interface range command 193
interface-range macros 118
interfaces
assigning Ethernet interface to channel group 73
configuring 172
configuring multiple 193
creating port-channel logical 191
debug messages, display 16
disabling 649
displaying the MAC address table 574
restarting 649
interface speed, configuring 708
interface vlan command 196
internal registers, displaying 466, 473, 479
Internet Group Management Protocol
See IGMP
invalid GBIC
error detection for 175
error recovery timer 181
ip access-group command 198
ip address command 200
IP addresses, setting 200
ip admission command 202
ip admission name proxy http command 204
ip arp inspection filter vlan command 206
ip arp inspection limit command 208
ip arp inspection log-buffer command 210
ip arp inspection trust command 212
ip arp inspection validate command 214
ip arp inspection vlan command 216
ip arp inspection vlan logging command 217
ip device tracking command 221
ip device tracking probe command 219
IP DHCP snooping
See DHCP snooping
ip dhcp snooping binding command 223
ip dhcp snooping command 222
ip dhcp snooping database command 225
ip dhcp snooping information option allow-untrusted command 229
ip dhcp snooping information option command 227
ip dhcp snooping limit rate command 231
ip dhcp snooping trust command 232
ip dhcp snooping verify command 233
ip dhcp snooping vlan command 234
ip dhcp snooping vlan information option format-type circuit-id string command 235
ip igmp filter command 237
ip igmp max-groups command 238
ip igmp profile command 240
ip igmp snooping command 242
ip igmp snooping last-member-query-interval command 244
ip igmp snooping querier command 246
ip igmp snooping report-suppression command 248
ip igmp snooping tcn command 250
ip igmp snooping tcn flood command 252
ip igmp snooping vlan immediate-leave command 253
ip igmp snooping vlan mrouter command 254
ip igmp snooping vlan static command 256
IP multicast addresses 360
IP phones
auto-QoS configuration 57
trusting packets sent from 353
IP-precedence-to-DSCP map 325
ip source binding command 258
IP source guard
disabling 261
enabling 261
static IP source bindings 258
ip ssh command 260
ipv6 mld snooping command 262
ipv6 mld snooping last-listener-query count command 264
ipv6 mld snooping last-listener-query-interval command 266
ipv6 mld snooping listener-message-suppression command 268
ipv6 mld snooping robustness-variable command 270
ipv6 mld snooping tcn command 272
ipv6 mld snooping vlan command 274
IPv6 SDM template 422
ip verify source command 261
J
jumbo frames
See MTU
L
LACP
See EtherChannel
lacp port-priority command 276
lacp system-priority command 278
Layer 2 traceroute
IP addresses 763
MAC addresses 760
line configuration mode 3, 5
Link Aggregation Control Protocol
See EtherChannel
link flap
error detection for 175
error recovery timer 181
link state group command 280
link state track command 282
load-distribution methods for EtherChannel 392
location (global configuration) command 283
location (interface configuration) command 285
logging event command 287
logging event power-inline-status command 288
logging file command 289
logical interface 191
loopback error
detection for 175
recovery timer 181
loop guard, for spanning tree 674, 678
M
mab request format attribute 1 command 291
mab request format attribute 2 command 293
mab request format attribute 32 command 294
mac access-group command 296
MAC access-groups, displaying 565
MAC access list configuration mode 298
mac access-list extended command 298
MAC access lists 124
MAC addresses
disabling MAC address learning per VLAN 301
displaying
dynamic 572
notification settings 577
number of addresses in a VLAN 571
per interface 574
per VLAN 581
static 579
static and dynamic entries 566
dynamic
aging time 300
deleting 92
displaying 572
enabling MAC address notification 305
enabling MAC address-table move update 303
persistent stack 716
static
adding and removing 307
displaying 579
dropping on an interface 308
MAC address notification, debugging 24
mac address-table aging-time 296
mac address-table aging-time command 300
mac address-table learning command 301
mac address-table move update command 303
mac address-table notification command 305
mac address-table static command 307
mac address-table static drop command 308
macros
interface range 118, 193
maps
QoS
defining 325
match (class-map configuration) command 310
maximum transmission unit
See MTU
mdix auto command 312
media-type (interface configuration) command 313
media-type rj45 (line configuration) command 315
member switches
See clusters
memory (boot loader) command 13
mkdir (boot loader) command 15
MLD snooping
configuring 268, 270
configuring queries 264, 266
configuring topology change notification 272
displaying 542
enabling 262
MLD snooping on a VLAN, enabling 274
mls qos aggregate-policer command 319
mls qos command 317
mls qos cos command 321
mls qos dscp-mutation command 323
mls qos map command 325
mls qos queue-set output buffers command 329
mls qos queue-set output threshold command 331
mls qos queue-set stack buffers command 333
mls qos rewrite ip dscp command 335
mls qos srr-queue input bandwidth command 337
mls qos srr-queue input buffers command 339
mls qos-srr-queue input cos-map command 341
mls qos srr-queue input dscp-map command 343
mls qos srr-queue input priority-queue command 345
mls qos srr-queue input threshold command 347
mls qos-srr-queue output cos-map command 349
mls qos srr-queue output dscp-map command 351
mls qos trust command 353
mode, MVR 360
Mode button, and password recovery 427
modes, commands 2
monitor session command 355
more (boot loader) command 16
MSTP
displaying 623
interoperability 101
link type 676
MST region
aborting changes 681
applying changes 681
configuration name 681
configuration revision number 681
current or pending display 681
displaying 623
MST configuration mode 681
VLANs-to-instance mapping 681
path cost 683
protocol mode 679
restart protocol migration process 101
root port
loop guard 674
preventing from becoming designated 674
restricting which can be root 674
root guard 674
root switch
affects of extended system ID 672
hello-time 686, 694
interval between BDPU messages 687
interval between hello BPDU messages 686, 694
max-age 687
maximum hop count before discarding BPDU 688
port priority for selection of 690
primary or secondary 694
switch priority 693
state changes
blocking to forwarding state 700
enabling BPDU filtering 664, 698
enabling BPDU guard 666, 698
enabling Port Fast 698, 700
forward-delay time 685
length of listening and learning states 685
rapid transition to forwarding 676
shutting down Port Fast-enabled ports 698
state information display 622
MTU
configuring size 757
displaying global setting 634
Multicase Listener Discovery
See MLD
multicast group address, MVR 363
multicast groups, MVR 361
Multicast Listener Discovery
See MLD
multicast router learning method 254
multicast router ports, configuring 254
multicast router ports, IPv6 274
multicast storm control 719
multicast VLAN, MVR 361
multicast VLAN registration
See MVR
Multiple Spanning Tree Protocol
See MSTP
MVR
and address aliasing 361
configuring 360
configuring interfaces 363
debug messages, display 28
displaying 597
displaying interface information 598
members, displaying 600
mvr (global configuration) command 360
mvr (interface configuration) command 363
mvr vlan group command 364
N
native VLANs 752
Network Admission Control Software Configuration Guide 203, 205
network-policy (global configuration) command 367
network-policy command 366
network-policy profile (network-policy configuration) command 369
nmsp attachment suppress command 373
nmsp command 371
no authentication logging verbose 374
no dot1x logging verbose 375
no mab logging verbose 376
nonegotiate, speed 708
nonegotiating DTP messaging 739
non-IP protocols
denying 124
forwarding 383
non-IP traffic access lists 298
non-IP traffic forwarding
denying 124
permitting 383
normal-range VLANs 773
no vlan command 773
O
online diagnostics
displaying
configured boot-up coverage level 483
current scheduled tasks 483
event logs 483
supported test suites 483
test ID 483
test results 483
test statistics 483
global configuration mode
clearing health monitoring diagnostic test schedule 87
clearing test-based testing schedule 129
setting health monitoring diagnostic testing 87
setting test-based testing 129
setting up health monitoring diagnostic test schedule 87
setting up test-based testing 129
health monitoring diagnostic tests, configuring 127
scheduled switchover
disabling 129
enabling 129
scheduling
enabling 129
removing 129
testing, starting 131
test interval, setting 129
P
PAgP
See EtherChannel
pagp learn-method command 377
pagp port-priority command 379
password, VTP 784
password-recovery mechanism, enabling and disabling 427
permit (ARP access-list configuration) command 381
permit (MAC access-list configuration) command 383
per-VLAN spanning-tree plus
See STP
physical-port learner 377
PIM-DVMRP, as multicast router learning method 254
PoE
configuring the power budget 396
configuring the power management mode 393
displaying controller register values 477
displaying power management information 611
logging of status 288
monitoring power 399
policing power consumption 399
police aggregate command 388
police command 386
policed-DSCP map 325
policy-map command 390
policy maps
applying to an interface 429, 434
creating 390
hierarchical 391
policers
displaying 584
for a single class 386
for multiple classes 319, 388
policed-DSCP map 325
traffic classification
defining the class 78
defining trust states 765
setting DSCP or IP precedence values 432
Port Aggregation Protocol
See EtherChannel
port-based authentication
AAA method list 3
configuring violation modes 171
debug messages, display 10
enabling IEEE 802.1x
globally 133
per interface 159
guest VLAN 148
host modes 150
IEEE 802.1x AAA accounting methods 1
initialize an interface 152, 167
MAC authentication bypass 153
manual control of authorization state 159
PAE as authenticator 158
periodic re-authentication
enabling 162
time between attempts 168
quiet period between failed authentication exchanges 168
re-authenticating IEEE 802.1x-enabled ports 161
resetting configurable IEEE 802.1x parameters 146
switch-to-authentication server retransmission time 168
switch-to-client frame-retransmission number 155 to 157
switch-to-client retransmission time 168
test for IEEE 802.1x readiness 166
port-channel load-balance command 392
Port Fast, for spanning tree 700
port ranges, defining 116, 118
ports, debugging 68
ports, protected 750
port security
aging 746
debug messages, display 70
enabling 741
violation error recovery 181
port trust states for QoS 353
port types, MVR 363
power information, displaying 495
power inline command 393
power inline consumption command 396
power inline four-pair forced command 398
power inline police command 399
Power over Ethernet
See PoE
priority-queue command 402
priority value, stack member 630, 724
privileged EXEC mode 2, 3
protected ports, displaying 512
pruning
VLANs 752
VTP
displaying interface information 507
enabling 784
pruning-eligible VLAN list 753
psp 404
psp command 404
PVST+
See STP
Q
QoS
auto-QoS
configuring 57
debug messages, display 4
auto-QoS trust
configuring 51
auto-QoS video
configuring 54
class maps
creating 81
defining the match criteria 310
displaying 457
defining the CoS value for an incoming packet 321
displaying configuration information 583
DSCP transparency 335
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 323
defining DSCP-to-DSCP-mutation map 325
egress queues
allocating buffers 329
defining the CoS output queue threshold map 349
defining the DSCP output queue threshold map 351
displaying buffer allocations 586
displaying CoS output queue threshold map 590
displaying DSCP output queue threshold map 590
displaying queueing strategy 586
displaying queue-set settings 593
enabling bandwidth shaping and scheduling 712
enabling bandwidth sharing and scheduling 714
limiting the maximum output on a port 710
mapping a port to a queue-set 405
mapping CoS values to a queue and threshold 349
mapping DSCP values to a queue and threshold 351
setting maximum and reserved memory allocations 331
setting WTD thresholds 331
enabling 317
ingress queues
allocating buffers 339
assigning SRR scheduling weights 337
defining the CoS input queue threshold map 341
defining the DSCP input queue threshold map 343
displaying buffer allocations 586
displaying CoS input queue threshold map 590
displaying DSCP input queue threshold map 590
displaying queueing strategy 586
displaying settings for 585
enabling the priority queue 345
mapping CoS values to a queue and threshold 341
mapping DSCP values to a queue and threshold 343
setting WTD thresholds 347
maps
defining 325, 341, 343, 349, 351
policy maps
applying an aggregate policer 388
applying to an interface 429, 434
creating 390
defining policers 319, 386
displaying policers 584
hierarchical 391
policed-DSCP map 325
setting DSCP or IP precedence values 432
traffic classifications 78
trust states 765
port trust states 353
queues, enabling the expedite 402
statistics
in-profile and out-of-profile packets 586
packets enqueued or dropped 586
sent and received CoS values 586
sent and received DSCP values 586
trusted boundary for IP phones 353
quality of service
See QoS
querytime, MVR 360
queue-set command 405
R
radius-server dead-criteria command 406
radius-server host command 408
rapid per-VLAN spanning-tree plus
See STP
rapid PVST+
See STP
rcommand command 410
re-authenticating IEEE 802.1x-enabled ports 161
re-authentication
periodic 162
time between attempts 168
receiver ports, MVR 363
receiving flow-control packets 187
recovery mechanism
causes 181
display 86, 454, 497, 499
timer interval 182
redundancy for cluster switches 113
reload command 412
remote command 414
remote-span command 416
Remote Switched Port Analyzer
See RSPAN
rename (boot loader) command 17
renew ip dhcp snooping database command 418
reset (boot loader) command 18
resource templates, displaying 618
restricted VLAN
See dot1x auth-fail vlan
rmdir (boot loader) command 19
rmon collection stats command 421
root guard, for spanning tree 674
RSPAN
configuring 355
filter RSPAN traffic 355
remote-span command 416
S
scheduled switchover
disabling 129
enabling 129
SDM mismatch mode 631
sdm prefer command 422
SDM templates
displaying 618
dual IPv4 and IPv6 422
secure ports, limitations 743
sending flow-control packets 187
service password-recovery command 427
service-policy command 429
session command 431
set (boot loader) command 20
set command 432
setup command 434
setup express command 437
show access-lists command 439
show archive status command 442
show arp access-list command 443
show authentication command 444
show auto qos command 448
show boot command 452
show cable-diagnostics tdr command 454
show cisp command 456
show class-map command 457
show cluster candidates command 460
show cluster command 458
show cluster members command 462
show controllers cpu-interface command 464
show controllers ethernet-controller command 466
show controllers power inline command 477
show controllers tcam command 479
show controller utilization command 481
show dot1x command 486
show dtp 490
show eap command 492
show env command 495
show errdisable detect command 497
show errdisable flap-values command 498
show errdisable recovery command 499
show etherchannel command 501
show fallback profile command 504
show flowcontrol command 505
show interfaces command 507
show interfaces counters command 515
show inventory command 517
show ip arp inspection command 518
show ip dhcp snooping binding command 523
show ip dhcp snooping command 522
show ip dhcp snooping database command 525, 527
show ip igmp profile command 530
show ip igmp snooping command 531, 542
show ip igmp snooping groups command 534
show ip igmp snooping mrouter command 536
show ip igmp snooping querier command 537
show ip source binding command 539
show ipv6 route updated 550
show ip verify source command 540
show lacp command 552
show link state group command 556
show logging onboard command 560
show mac access-group command 565
show mac address-table address command 568
show mac address-table aging time command 569
show mac address-table command 566
show mac address-table count command 571
show mac address-table dynamic command 572
show mac address-table interface command 574
show mac address-table move update command 576
show mac address-table notification command 94, 577, 26
show mac address-table static command 579
show mac address-table vlan command 581
show mls qos aggregate-policer command 584
show mls qos command 583
show mls qos input-queue command 585
show mls qos interface command 586
show mls qos maps command 590
show mls qos queue-set command 593
show mls qos vlan command 594
show monitor command 595
show mvr command 597
show mvr interface command 598
show mvr members command 600
show network-policy profile command 602
show nmsp command 603
show pagp command 606
show platform acl command 2
show platform backup interface command 3
show platform etherchannel command 4
show platform forward command 5
show platform frontend-controller command 7
show platform igmp snooping command 8
show platform ip unicast command 9
show platform layer4op command 10
show platform mac-address-table command 11
show platform messaging command 12
show platform monitor command 13
show platform mvr table command 14
show platform pm command 15
show platform port-asic command 16
show platform port-security command 21
show platform qos command 22
show platform resource-manager command 23
show platform snmp counters command 25
show platform spanning-tree command 26
show platform stack manager command 28
show platform stp-instance command 27
show platform tb command 32
show platform tcam command 34
show platform vlan command 36
show policy-map command 608
show port security command 609
show power inline command 611
show psp config 616
show psp config command 616
show psp statistics 617
show psp statistics command 617
show sdm prefer command 618
show setup express command 621
show spanning-tree command 622
show storm-control command 628
show switch command 630
show system mtu command 634
show trust command 765
show udld command 635
show version command 638
show vlan command 639
show vlan command, fields 640
show vmps command 642
show vtp command 644
shutdown command 649
shutdown vlan command 650
small violation-rate command 651
SNMP host, specifying 657
SNMP informs, enabling the sending of 653
snmp-server enable traps command 653
snmp-server host command 657
snmp trap mac-notification change command 661
SNMP traps
enabling MAC address notification trap 661
enabling the MAC address notification feature 305
enabling the sending of 653
SoftPhone
See Cisco SoftPhone
software images
copying 6
deleting 120
downloading 9
upgrading 6, 9
uploading 16
software version, displaying 638
source ports, MVR 363
SPAN
configuring 355
debug messages, display 27
filter SPAN traffic 355
sessions
add interfaces to 355
start new 355
spanning-tree backbonefast command 663
spanning-tree bpdufilter command 664
spanning-tree bpduguard command 666
spanning-tree cost command 668
spanning-tree etherchannel command 670
spanning-tree extend system-id command 672
spanning-tree guard command 674
spanning-tree link-type command 676
spanning-tree loopguard default command 678
spanning-tree mode command 679
spanning-tree mst configuration command 681
spanning-tree mst cost command 683
spanning-tree mst forward-time command 685
spanning-tree mst hello-time command 686
spanning-tree mst max-age command 687
spanning-tree mst max-hops command 688
spanning-tree mst port-priority command 690
spanning-tree mst pre-standard command 692
spanning-tree mst priority command 693
spanning-tree mst root command 694
spanning-tree portfast (global configuration) command 698
spanning-tree portfast (interface configuration) command 700
spanning-tree port-priority command 696
Spanning Tree Protocol
See STP
spanning-tree transmit hold-count command 702
spanning-tree uplinkfast command 703
spanning-tree vlan command 705
speed command 708
srr-queue bandwidth limit command 710
srr-queue bandwidth share command 714
SSH, configuring version 260
stack-mac persistent timer command 716
stack member
access 431
number 630, 727
priority value 724
provisioning 725
reloading 412
stacks, switch
disabling a member 722
enabling a member 722
MAC address 716
provisioning a new member 725
reloading 412
stack member access 431
stack member number 630, 727
stack member priority value 630, 724
static-access ports, configuring 729
statistics, Ethernet group 421
sticky learning, enabling 741
storm-control command 719
STP
BackboneFast 663
counters, clearing 100
debug messages, display
BackboneFast events 74
MSTP 77
optimized BPDUs handling 76
spanning-tree activity 72
switch shim 79
transmitted and received BPDUs 75
UplinkFast 81
detection of indirect link failures 663
EtherChannel misconfiguration 670
extended system ID 672
path cost 668
protocol modes 679
root port
accelerating choice of new 703
loop guard 674
preventing from becoming designated 674
restricting which can be root 674
root guard 674
UplinkFast 703
root switch
affects of extended system ID 672, 706
hello-time 705
interval between BDPU messages 705
interval between hello BPDU messages 705
max-age 705
port priority for selection of 696
primary or secondary 705
switch priority 705
state changes
blocking to forwarding state 700
enabling BPDU filtering 664, 698
enabling BPDU guard 666, 698
enabling Port Fast 698, 700
enabling timer to recover from error state 181
forward-delay time 705
length of listening and learning states 705
shutting down Port Fast-enabled ports 698
state information display 622
VLAN options 693, 705
Switched Port Analyzer
See SPAN
switchport access command 729
switchport backup interface command 731
switchport block command 735
switchport host command 736
switchport mode command 737
switchport nonegotiate command 739
switchport port-security aging command 746
switchport port-security command 741
switchport priority extend command 748
switchport protected command 750
switchports, displaying 507
switchport trunk command 752
switchport voice vlan command 755
switch priority command 722, 724
switch provision command 725
switch renumber command 727
system message logging 288
system message logging, save message to flash 289
system mtu command 757
system resource templates 422
T
tar files, creating, listing, and extracting 13
TDR, running 759
Telnet, using to communicate to cluster switches 410
temperature information, displaying 495
templates, system resources 422
test cable-diagnostics tdr command 759
traceroute mac command 760
traceroute mac ip command 763
trunking, VLAN mode 737
trunk mode 737
trunk ports 737
trunks, to non-DTP device 738
trusted boundary for QoS 353
trusted port states for QoS 353
type (boot loader) command 23
U
UDLD
aggressive mode 767, 769
debug messages, display 89
enable globally 767
enable per interface 769
error recovery timer 181
message timer 767
normal mode 767, 769
reset a shutdown interface 771
status 635
udld command 767
udld port command 769
udld reset command 771
unicast storm control 719
UniDirectional Link Detection
See UDLD
unknown multicast traffic, preventing 735
unknown unicast traffic, preventing 735
unset (boot loader) command 24
upgrading
software images
copying 6
downloading 9
monitoring status of 442
UplinkFast, for STP 703
usb-inactivity-timeout (console configuration) command 772
user EXEC mode 2, 3
V
version (boot loader) command 26
version mismatch mode 631
vlan (global configuration) command 773
VLAN configuration
rules 776
saving 773
VLAN configuration mode
description 5
summary 3
VLAN ID range 773
VLAN Query Protocol
See VQP
VLANs
adding 773
configuring 773
debug messages, display
ISL 85
VLAN IOS file system error tests 84
VLAN manager activity 82
VTP 87
displaying configurations 639
enabling guest VLAN supplicant 136, 147, 186
extended-range 773
MAC addresses
displaying 581
number of 571
media types 775
normal-range 773
restarting 650
saving the configuration 773
shutting down 650
SNMP traps for VTP 655, 658
suspending 650
VLAN Trunking Protocol
See VTP
VM mode 631
VMPS
configuring servers 781
displaying 642
error recovery timer 182
reconfirming dynamic VLAN assignments 778
vmps reconfirm (global configuration) command 779
vmps reconfirm (privileged EXEC) command 778
vmps retry command 780
vmps server command 781
voice VLAN
configuring 755
setting port priority 748
VQP
and dynamic-access ports 730
clearing client statistics 102
displaying information 642
per-server retry count 780
reconfirmation interval 779
reconfirming dynamic VLAN assignments 778
VTP
changing characteristics 783
clearing pruning counters 103
configuring
domain name 783
file name 783
mode 783
password 784
counters display fields 645
displaying information 644
enabling
pruning 784
Version 2 784
enabling per port 788
mode 783
pruning 784
saving the configuration 773
statistics 644
status 644
status display fields 647
vtp (global configuration) command 783
vtp interface configuration) command 788
vtp primary command 789