Index A
aaa accounting dot1x command 2-1
aaa authentication dot1x command 2-3
aaa authorization network command 2-5, 2-24, 2-31, 2-33, 2-36, 2-38, 2-40, 2-161, 2-334, 2-526, B-7, B-38
AAA methods 2-3
access control entries
See ACEs
access control lists
See ACLs
access groups
IP 2-214
MAC, displaying 2-667
access list, IPv6 2-288
access map configuration mode 2-351
access mode 2-878
access ports 2-878
ACEs 2-145, 2-439
ACLs
deny 2-143
displaying 2-507
for non-IP protocols 2-338
IP 2-214
matching 2-351
on Layer 2 interfaces 2-214
permit 2-437
action command 2-6
address aliasing 2-409
aggregate-port learner 2-425
allowed VLANs 2-898
archive copy-sw command 2-8
archive download-sw command 2-11
archive tar command 2-15
archive upload-sw command 2-18
arp (boot loader) command A-2
arp access-list command 2-20
authentication command bounce-port ignore 2-22
authentication command disable-port ignore 2-23
authentication control-direction command 2-24
authentication event command 2-26
authentication event linksec fail action command 2-30
authentication failed VLAN
See dot1x auth-fail vlan
authentication fallback command 2-31
authentication host-mode command 2-33
authentication linksec policy command 2-35
authentication mac-move permit command 2-36
authentication open command 2-38
authentication order command 2-40
authentication periodic command 2-42
authentication port-control command 2-44
authentication priority command 2-46
authentication timer command 2-48
authentication violation command 2-50
auth-fail max-attempts
See dot1x auth-fail max-attempts
auth-fail vlan
See dot1x auth-fail vlan
auth open command 2-38
auth order command 2-40
authorization state of controlled port 2-178
auth timer command 2-48
autonegotiation of duplex mode 2-190
auto qos classify command 2-52
auto qos trust command 2-55
auto qos video command 2-58
auto qos voip command 2-61
B
BackboneFast, for STP 2-798
backup interfaces
configuring 2-872
displaying 2-589
boot (boot loader) command A-3
boot auto-copy-sw command 2-67
boot auto-download-sw command 2-68
boot config-file command 2-71
boot enable-break command 2-72
boot helper command 2-73
boot helper-config file command 2-74
booting
Cisco IOS image 2-77
displaying environment variables 2-520
interrupting 2-72
manually 2-75
boot loader
accessing A-1
booting
Cisco IOS image A-3
helper image 2-73
directories
creating A-19
displaying a list of A-8
removing A-23
displaying
available commands A-13
memory heap utilization A-14
version A-30
environment variables
described A-24
displaying settings A-24
location of A-25
setting A-24
unsetting A-28
files
copying A-6
deleting A-7
displaying a list of A-8
displaying the contents of A-5, A-20, A-27
renaming A-21
file system
formatting A-11
initializing flash A-10
running a consistency check A-12
prompt A-1
resetting the system A-22
boot manual command 2-75
boot private-config-file command 2-76
boot system command 2-77
BPDU filtering, for spanning tree 2-799, 2-833
BPDU guard, for spanning tree 2-801, 2-833
broadcast storm control 2-856
C
candidate switches
See clusters
cat (boot loader) command A-5
CDP, enabling protocol tunneling for 2-315
channel-group command 2-81
channel-protocol command 2-85
Cisco IP camera
auto-QoS configuration 2-58
Cisco Redundant Power System 2300
configuring 2-461
managing 2-461
Cisco SoftPhone
auto-QoS configuration 2-61
trusting packets sent from 2-398
Cisco Telepresence System
auto-QoS configuration 2-58
CISP
See Client Information Signalling Protocol
cisp
debug platform cisp command B-38
cisp enable command 2-86
class command 2-87
class-map command 2-90
class maps
creating 2-90
defining the match criteria 2-353
displaying 2-527
class of service
See CoS
clear dot1x command 2-92
clear eap sessions command 2-93
clear errdisable interface 2-94
clear ip arp inspection log command 2-95
clear ip arp inspection statistics command 2-96
clear ipc command 2-99
clear ip dhcp snooping database command 2-97
clear ipv6 dhcp conflict command 2-100
clear l2protocol-tunnel counters command 2-101
clear lacp command 2-102
clear logging onboard command 2-103
clear mac address-table command 2-104, 2-105
clear macsec counters interface command 2-106
clear mka command 2-107
clear nmsp statistics command 2-109
clear pagp command 2-110
clear port-security command 2-111
clear spanning-tree counters command 2-113
clear spanning-tree detected-protocols command 2-114
clear vmps statistics command 2-115
clear vtp counters command 2-116
Client Information Signalling Protocol 2-86, 2-161, 2-526, B-7, B-38
cluster commander-address command 2-117
cluster discovery hop-count command 2-119
cluster enable command 2-120
cluster holdtime command 2-122
cluster member command 2-123
cluster outside-interface command 2-125
cluster run command 2-126
clusters
adding candidates 2-123
binding to HSRP group 2-127
building manually 2-123
communicating with
devices outside the cluster 2-125
members by using Telnet 2-476
debug messages, display B-8
displaying
candidate switches 2-530
debug messages B-8
member switches 2-532
status 2-528
hop-count limit for extended discovery 2-119
HSRP standby groups 2-127
redundancy 2-127
SNMP trap 2-787
cluster standby-group command 2-127
cluster timer command 2-129
command modes defined 1-2
command switch
See clusters
confidentiality-offset command 2-132
configuration files
password recovery disable considerations A-1
specifying the name 2-71, 2-76
configuring multiple interfaces 2-210
config-vlan mode
commands 2-924
copy (boot loader) command A-6
copy logging onboard command 2-130
CoS
assigning default value to incoming packets 2-368
assigning to Layer 2 protocol packets 2-318
overriding the incoming value 2-368
CoS-to-DSCP map 2-372
CPU ASIC statistics, displaying 2-534
crashinfo files 2-201
critical VLAN 2-27
D
debug authentication B-2
debug auto qos command B-4
debug backup command B-6
debug cisp command B-7
debug cluster command B-8
debug dot1x command B-10
debug dtp command B-11
debug eap command B-12
debug etherchannel command B-13
debug fastethernet command B-14
debug ilpower command B-15
debug interface command B-16
debug ip dhcp snooping command B-17
debug ip igmp filter command B-19
debug ip igmp max-groups command B-20
debug ip igmp snooping command B-21
debug ip verify source packet command B-18
debug lacp command B-22
debug lldp packets command B-23
debug mac-notification command B-24
debug macsec command B-25
debug matm command B-26
debug matm move update command B-27
debug mka command B-28
debug monitor command B-30
debug mvrdbg command B-31
debug nmsp command B-32
debug nvram command B-33
debug pagp command B-34
debug platform acl command B-35
debug platform backup interface command B-37
debug platform cisp command B-38
debug platform cli-redirection main command B-39
debug platform configuration command B-40, B-48
debug platform cpu-queues command B-41
debug platform device-manager command B-43
debug platform dot1x command B-44
debug platform etherchannel command B-45
debug platform fallback-bridging command B-46
debug platform forw-tcam command B-47
debug platform ip arp inspection command B-49
debug platform ipc command B-58
debug platform ip dhcp command B-50
debug platform ip igmp snooping command B-51
debug platform ip multicast command B-53
debug platform ip unicast command B-55
debug platform ip wccp command B-57
debug platform led command B-59
debug platform matm command B-60
debug platform messaging application command B-61
debug platform phy command B-62
debug platform pm command B-64
debug platform port-asic command B-66
debug platform port-security command B-67
debug platform qos-acl-tcam command B-68
debug platform remote-commands command B-69
debug platform resource-manager command B-70
debug platform snmp command B-71
debug platform span command B-72
debug platform stack-manager command B-73
debug platform supervisor-asic command B-74
debug platform sw-bridge command B-75
debug platform tcam command B-76
debug platform udld command B-79
debug platform vlan command B-80
debug pm command B-81
debug port-security command B-83
debug qos-manager command B-84
debug spanning-tree backbonefast command B-87
debug spanning-tree bpdu command B-88
debug spanning-tree bpdu-opt command B-89
debug spanning-tree command B-85
debug spanning-tree mstp command B-90
debug spanning-tree switch command B-92
debug spanning-tree uplinkfast command B-94
debug sw-vlan command B-95
debug sw-vlan ifs command B-97
debug sw-vlan notification command B-98
debug sw-vlan vtp command B-100
debug udld command B-102
debug vqpc command B-104
default policy, MKA 2-359
define interface-range command 2-133
delete (boot loader) command A-7
delete command 2-135
deny (ARP access-list configuration) command 2-136
deny (IPv6) command 2-138
deny command 2-143
detect mechanism, causes 2-193
DHCP snooping
accepting untrusted packets from edge switch 2-246
enabling
on a VLAN 2-252
option 82 2-244, 2-246
trust on an interface 2-250
error recovery timer 2-197
rate limiting 2-249
DHCP snooping binding database
binding file, configuring 2-242
bindings
adding 2-240
deleting 2-240
displaying 2-611
clearing database agent statistics 2-97
database agent, configuring 2-242
displaying
binding entries 2-611
database agent status 2-613, 2-615
renewing 2-484
Digital Optical Monitoring
see DoM
dir (boot loader) command A-8
directories, deleting 2-135
DoM
displaying supported transceivers 2-602
domain name, VTP 2-939
dot1x auth-fail max-attempts 2-155
dot1x auth-fail vlan 2-157
dot1x command 2-153
dot1x control-direction command 2-159
dot1x credentials (global configuration) command 2-161
dot1x critical global configuration command 2-162
dot1x critical interface configuration command 2-164
dot1x default command 2-166
dot1x fallback command 2-167
dot1x guest-vlan command 2-168
dot1x host-mode command 2-170
dot1x initialize command 2-171
dot1x mac-auth-bypass command 2-172
dot1x max-reauth-req command 2-174
dot1x max-req command 2-176
dot1x pae command 2-177
dot1x port-control command 2-178
dot1x re-authenticate command 2-180
dot1x reauthentication command 2-181
dot1x supplicant force-multicast command 2-182
dot1x test eapol-capable command 2-183
dot1x test timeout command 2-184
dot1x timeout command 2-185
dot1x violation-mode command 2-188
dropping packets, with ACL matches 2-6
drop threshold, Layer 2 protocol tunneling 2-315
DSCP-to-CoS map 2-372
DSCP-to-DSCP-mutation map 2-372
DTP 2-879
DTP flap
error detection for 2-193
error recovery timer 2-197
DTP negotiation 2-883
dual IPv4 and IPv6 templates 2-431
duplex command 2-189
dynamic-access ports
configuring 2-868
restrictions 2-869
dynamic ARP inspection
ARP ACLs
apply to a VLAN 2-222
define 2-20
deny packets 2-136
display 2-511
permit packets 2-429
clear
log buffer 2-95
statistics 2-96
display
ARP ACLs 2-511
configuration and operating state 2-606
log buffer 2-606
statistics 2-606
trust state and rate limit 2-606
enable per VLAN 2-232
error detection for 2-193
error recovery timer 2-197
log buffer
clear 2-95
configure 2-226
display 2-606
rate-limit incoming ARP packets 2-224
statistics
clear 2-96
display 2-606
trusted interface state 2-228
type of packet logged 2-233
validation checks 2-230
dynamic auto VLAN membership mode 2-878
dynamic desirable VLAN membership mode 2-878
Dynamic Host Configuration Protocol (DHCP)
See DHCP snooping
Dynamic Trunking Protocol
See DTP
E
EAP-request/identity frame
maximum number to send 2-176
response time before retransmitting 2-185
encapsulation methods 2-898
environment variables, displaying 2-520
epm access-control open 2-191
errdisable detect cause command 2-193
errdisable detect cause small-frame command 2-195
errdisable recovery cause small-frame 2-200
errdisable recovery command 2-197
error conditions, displaying 2-576
error disable detection 2-193
error-disabled interfaces, displaying 2-588
EtherChannel
assigning Ethernet interface to channel group 2-81
creating port-channel logical interface 2-208
debug EtherChannel/PAgP, display B-13
debug platform-specific events, display B-45
displaying 2-579
enabling Layer 2 protocol tunneling for
LACP 2-316
PAgP 2-316
UDLD 2-316
interface information, displaying 2-588
LACP
clearing channel-group information 2-102, 2-103
debug messages, display B-22
displaying 2-652
modes 2-81
port priority for hot-standby ports 2-319
restricting a protocol 2-85
system priority 2-321
load-distribution methods 2-447
PAgP
aggregate-port learner 2-425
clearing channel-group information 2-110
debug messages, display B-34
displaying 2-731
error detection for 2-193
error recovery timer 2-197
learn method 2-425
modes 2-81
physical-port learner 2-425
priority of interface for transmitted traffic 2-427
Ethernet controller, internal register display 2-536, 2-543
Ethernet Management port, debugging B-14
Ethernet statistics, collecting 2-489
exception crashinfo command 2-201, 2-206
extended discovery of candidate switches 2-119
extended-range VLANs
and allowed VLAN list 2-898
and pruning-eligible list 2-898
configuring 2-923
extended system ID for STP 2-807
F
fallback profile command 2-202
fallback profiles, displaying 2-582
fan information, displaying 2-571
file name, VTP 2-939
files, deleting 2-135
flash_init (boot loader) command A-10
flexible authentication ordering 2-40
Flex Links
configuring 2-872
displaying 2-589
flow-based SPAN 2-403
flowcontrol command 2-204
format (boot loader) command A-11
forwarding packets, with ACL matches 2-6
forwarding results, display C-7
frame forwarding information, displaying C-7
front-end controller counter and status information C-9
fsck (boot loader) command A-12
FSPAN 2-403
G
global configuration mode 1-2, 1-4
H
hardware ACL statistics 2-507
health monitoring diagnostic tests 2-146
help (boot loader) command A-13
hierarchical policy maps 2-445
hop-count limit for clusters 2-119
host connection, port configuration 2-877
host ports, private VLANs 2-881
Hot Standby Router Protocol
See HSRP
HSRP
binding HSRP group to cluster 2-127
standby group 2-127
I
IEEE 802.1Q trunk ports and native VLANs 2-930
IEEE 802.1Q tunnel ports
configuring 2-878
displaying 2-560
limitations 2-879
IEEE 802.1x
and switchport modes 2-879
violation error recovery 2-197
See also port-based authentication
IGMP filters
applying 2-255
debug messages, display B-19
IGMP groups, setting maximum 2-257
IGMP maximum groups, debugging B-20
IGMP profiles
creating 2-259
displaying 2-618
IGMP snooping
adding ports as a static member of a group 2-275
displaying 2-619, 2-624, 2-626
enabling 2-261
enabling the configurable-leave timer 2-263
enabling the Immediate-Leave feature 2-272
flooding query count 2-269
interface topology change notification behavior 2-271
multicast table 2-622
querier 2-265
query solicitation 2-269
report suppression 2-267
switch topology change notification behavior 2-269
images
See software images
Immediate-Leave processing
IGMP 2-272
IPv6 2-311
MVR 2-411
interface configuration mode 1-2, 1-4
interface port-channel command 2-208
interface range command 2-210
interface-range macros 2-133
interfaces
assigning Ethernet interface to channel group 2-81
configuring 2-189
configuring multiple 2-210
creating port-channel logical 2-208
debug messages, display B-16
disabling 2-783
displaying the MAC address table 2-678
restarting 2-783
interface speed, configuring 2-844
interface vlan command 2-212
internal power supplies
See power supplies
internal registers, displaying 2-536, 2-543, 2-551
Internet Group Management Protocol
See IGMP
invalid GBIC
error detection for 2-193
error recovery timer 2-197
ip access-group command 2-214
ip address command 2-217
IP addresses, setting 2-217
IP address matching 2-351
ip admission command 2-219
ip admission name proxy http command 2-220
ip arp inspection filter vlan command 2-222
ip arp inspection limit command 2-224
ip arp inspection log-buffer command 2-226
ip arp inspection trust command 2-228
ip arp inspection validate command 2-230
ip arp inspection vlan command 2-232
ip arp inspection vlan logging command 2-233
ip device tracking command 2-235
ip device tracking probe command 2-237
IP DHCP snooping
See DHCP snooping
ip dhcp snooping binding command 2-240
ip dhcp snooping command 2-239
ip dhcp snooping database command 2-242
ip dhcp snooping information option allow-untrusted command 2-246
ip dhcp snooping information option command 2-244
ip dhcp snooping information option format remote-id command 2-248
ip dhcp snooping limit rate command 2-249
ip dhcp snooping trust command 2-250
ip dhcp snooping verify command 2-251
ip dhcp snooping vlan command 2-252
ip dhcp snooping vlan information option format-type circuit-id string command 2-253
ip igmp filter command 2-255
ip igmp max-groups command 2-257, 2-282, 2-284
ip igmp profile command 2-259
ip igmp snooping command 2-261
ip igmp snooping last-member-query-interval command 2-263
ip igmp snooping querier command 2-265
ip igmp snooping report-suppression command 2-267
ip igmp snooping tcn command 2-269
ip igmp snooping tcn flood command 2-271
ip igmp snooping vlan immediate-leave command 2-272
ip igmp snooping vlan mrouter command 2-273
ip igmp snooping vlan static command 2-275
IP multicast addresses 2-408
IP phones
auto-QoS configuration 2-61
trusting packets sent from 2-398
IP-precedence-to-DSCP map 2-372
ip snap forwarding command 2-277
ip source binding command 2-278
IP source guard
disabling 2-286
displaying
binding entries 2-628
configuration 2-630
dynamic binding entries only 2-611
enabling 2-286
static IP source bindings 2-278
ip ssh command 2-280
IPv4 and IPv6
port-based trust 2-399
IPv6 access list, deny conditions 2-138
ipv6 access-list command 2-288
ipv6 address dhcp command 2-291
ipv6 dhcp client request vendor command 2-292
ipv6 dhcp ping packets command 2-293
ipv6 dhcp pool command 2-295
ipv6 dhcp server command 2-298
ipv6 mld snooping command 2-300
ipv6 mld snooping last-listener-query count command 2-302
ipv6 mld snooping last-listener-query-interval command 2-304
ipv6 mld snooping listener-message-suppression command 2-306
ipv6 mld snooping robustness-variable command 2-307
ipv6 mld snooping tcn command 2-309
ipv6 mld snooping vlan command 2-311
IPv6 QoS
enabling 2-364
IPv6 SDM template 2-490
ipv6 traffic-filter command 2-313
ip verify source command 2-286
J
jumbo frames
See MTU
L
l2protocol-tunnel command 2-315
l2protocol-tunnel cos command 2-318
LACP
See EtherChannel
lacp port-priority command 2-319
lacp system-priority command 2-321
Layer 2 mode, enabling 2-866
Layer 2 protocol ports, displaying 2-649
Layer 2 protocol-tunnel
error detection for 2-193
error recovery timer 2-197
Layer 2 protocol tunnel counters 2-101
Layer 2 protocol tunneling error recovery 2-316
Layer 2 traceroute
IP addresses 2-913
MAC addresses 2-910
Layer 3 mode, enabling 2-866
line configuration mode 1-3, 1-5
Link Aggregation Control Protocol
See EtherChannel
link flap
error detection for 2-193
error recovery timer 2-197
link-security authentication 2-30
link-security policies 2-35
link state group command 2-323
link state track command 2-325
load-distribution methods for EtherChannel 2-447
location (global configuration) command 2-326
location (interface configuration) command 2-328
logging event command 2-330
logging event power-inline-status command 2-331
logging file command 2-332
logical interface 2-208
loopback error
detection for 2-193
recovery timer 2-197
loop guard, for spanning tree 2-809, 2-813
M
mab request format attribute 32 command 2-334
mac access-group command 2-336
MAC access-groups, displaying 2-667
MAC access list configuration mode 2-338
mac access-list extended command 2-338
MAC access lists 2-143
MAC addresses
disabling MAC address learning per VLAN 2-341
displaying
aging time 2-672
all 2-670
dynamic 2-676
MAC address-table move updates 2-681
notification settings 2-680, 2-683
number of addresses in a VLAN 2-674
per interface 2-678
per VLAN 2-687
static 2-685
static and dynamic entries 2-668
dynamic
aging time 2-340
deleting 2-104
displaying 2-676
enabling MAC address notification 2-345
enabling MAC address-table move update 2-343
matching 2-351
persistent stack 2-852
static
adding and removing 2-347
displaying 2-685
dropping on an interface 2-348
tables 2-670
MAC address notification, debugging B-24
mac address-table aging-time 2-336, 2-351
mac address-table aging-time command 2-340
mac address-table learning command 2-341
mac address-table move update command 2-343
mac address-table notification command 2-345
mac address-table static command 2-347
mac address-table static drop command 2-348
MAC frames
See MTU
macros
interface range 2-133, 2-210
MACsec
counters 2-106, 2-546
debugging B-25
displaying 2-689
enabling 2-350
registers 2-546
macsec command 2-350
maps
QoS
defining 2-372
displaying 2-713
VLAN
creating 2-928
defining 2-351
displaying 2-773
match (access-map configuration) command 2-351
match (class-map configuration) command 2-353
maximum transmission unit
See MTU
mdix auto command 2-356
Media Access Control Security
See MACsec.
media-type rj45 command 2-358
member switches
See clusters
memory (boot loader) command A-14
mgmt_clr (boot loader) command A-16
mgmt_init (boot loader) command A-17, A-18
MKA
confidentiality 2-132
debugging B-28
displaying default policy 2-691
displaying policies 2-693
displaying sessions 2-696
displaying sessions and statistics 2-702
displaying statistics 2-699
policy configuration mode 2-360
MKA, enabling 2-362
mka default policy command 2-359
mka policy global configuration command 2-360
mka policy interface configuration command 2-362
mkdir (boot loader) command A-19
MLD snooping
configuring 2-306, 2-307
configuring queries 2-302, 2-304
configuring topology change notification 2-309
displaying 2-639, 2-641, 2-643, 2-645
enabling 2-300
enabling on a VLAN 2-311
mls qos aggregate-policer command 2-366
mls qos command 2-364
mls qos cos command 2-368
mls qos dscp-mutation command 2-370
mls qos map command 2-372
mls qos queue-set output buffers command 2-376
mls qos queue-set output threshold command 2-378
mls qos rewrite ip dscp command 2-380
mls qos srr-queue input bandwidth command 2-382
mls qos srr-queue input buffers command 2-384
mls qos-srr-queue input cos-map command 2-386
mls qos srr-queue input dscp-map command 2-388
mls qos srr-queue input priority-queue command 2-390
mls qos srr-queue input threshold command 2-392
mls qos-srr-queue output cos-map command 2-394
mls qos srr-queue output dscp-map command 2-396
mls qos trust command 2-398
mls qos vlan-based command 2-400
mode, MVR 2-408
Mode button, and password recovery 2-494
mode command 2-401
modes, commands 1-2
monitor session command 2-403
more (boot loader) command A-20
MSTP
displaying 2-748
interoperability 2-114
link type 2-811
MST region
aborting changes 2-817
applying changes 2-817
configuration name 2-817
configuration revision number 2-817
current or pending display 2-817
displaying 2-748
MST configuration mode 2-817
VLANs-to-instance mapping 2-817
path cost 2-819
protocol mode 2-815
restart protocol migration process 2-114
root port
loop guard 2-809
preventing from becoming designated 2-809
restricting which can be root 2-809
root guard 2-809
root switch
affects of extended system ID 2-807
hello-time 2-822, 2-829
interval between BDPU messages 2-823
interval between hello BPDU messages 2-822, 2-829
max-age 2-823
maximum hop count before discarding BPDU 2-824
port priority for selection of 2-825
primary or secondary 2-829
switch priority 2-828
state changes
blocking to forwarding state 2-836
enabling BPDU filtering 2-799, 2-833
enabling BPDU guard 2-801, 2-833
enabling Port Fast 2-833, 2-836
forward-delay time 2-821
length of listening and learning states 2-821
rapid transition to forwarding 2-811
shutting down Port Fast-enabled ports 2-833
state information display 2-747
MTU
configuring size 2-906
displaying global setting 2-762
MAC 2-907
system jumbo 2-907
system routing 2-907
Multicase Listener Discovery
See MLD
multicast group address, MVR 2-411
multicast groups, MVR 2-409
Multicast Listener Discovery
See MLD
multicast router learning method 2-273
multicast router ports, configuring 2-273
multicast router ports, IPv6 2-311
multicast storm control 2-856
multicast VLAN, MVR 2-408
multicast VLAN registration
See MVR
multiple hosts on authorized port 2-170
Multiple Spanning Tree Protocol
See MSTP
MVR
and address aliasing 2-409
configuring 2-408
configuring interfaces 2-411
debug messages, display B-31
displaying 2-721
displaying interface information 2-723
members, displaying 2-725
mvr (global configuration) command 2-408
mvr (interface configuration) command 2-411
mvr vlan group command 2-412
N
native VLANs 2-898
native VLAN tagging 2-930
network-policy (global configuration) command 2-415
network-policy command 2-414
network-policy profile (network-policy configuration) command 2-416
nmsp attachment suppress command 2-419
nmsp command 2-418
no authentication logging verbose 2-420
no dot1x logging verbose 2-421
no mab logging verbose 2-422
nonegotiate
DTP messaging 2-883
speed 2-844
non-IP protocols
denying 2-143
forwarding 2-437
non-IP traffic access lists 2-338
non-IP traffic forwarding
denying 2-143
permitting 2-437
non-stop forwarding 2-423
normal-range VLANs 2-923
no vlan command 2-923
nsf command 2-423
O
online diagnostics
configuring health monitoring diagnostic tests 2-146
displaying
configured boot-up coverage level 2-555
current scheduled tasks 2-555
event logs 2-555
supported test suites 2-555
test ID 2-555
test results 2-555
test statistics 2-555
enabling
scheduling 2-148
syslog messages 2-146
global configuration mode
clearing health monitoring diagnostic test schedule 2-146
clearing test-based testing schedule 2-148
setting health monitoring diagnostic testing 2-146
setting test-based testing 2-148
setting up health monitoring diagnostic test schedule 2-146
setting up test-based testing 2-148
removing scheduling 2-148
scheduled switchover
disabling 2-148
enabling 2-148
setting test interval 2-148
specifying health monitoring diagnostic tests 2-146
starting testing 2-150
P
PAgP
See EtherChannel
pagp learn-method command 2-425
pagp port-priority command 2-427
password, VTP 2-940
password-recovery mechanism, enabling and disabling 2-494
permit (ARP access-list configuration) command 2-429
permit (IPv6) command 2-431
permit (MAC access-list configuration) command 2-437
per-VLAN spanning-tree plus
See STP
physical-port learner 2-425
PID, displaying 2-605
PIM-DVMRP, as multicast router learning method 2-273
PoE
configuring the power budget 2-452
configuring the power management mode 2-449
displaying controller register values 2-549
displaying power management information 2-737
error detection for 2-193
error recovery timer 2-197
logging of status 2-331
monitoring power 2-455
policing power consumption 2-455
police aggregate command 2-442
police command 2-440
policed-DSCP map 2-372
policy-map command 2-444
policy maps
applying to an interface 2-496, 2-502
creating 2-444
displaying 2-733
hierarchical 2-445
policers
displaying 2-706
for a single class 2-440
for multiple classes 2-366, 2-442
policed-DSCP map 2-372
traffic classification
defining the class 2-87
defining trust states 2-915
setting DSCP or IP precedence values 2-500
Port Aggregation Protocol
See EtherChannel
port-based authentication
AAA method list 2-3
configuring violation modes 2-188
debug messages, display B-10
enabling guest VLAN supplicant 2-156, 2-167
enabling IEEE 802.1x
globally 2-153
per interface 2-178
guest VLAN 2-168
host modes 2-170
IEEE 802.1x AAA accounting methods 2-1
initialize an interface 2-171, 2-184
MAC authentication bypass 2-172
manual control of authorization state 2-178
multiple hosts on authorized port 2-170
PAE as authenticator 2-177
periodic re-authentication
enabling 2-181
time between attempts 2-185
quiet period between failed authentication exchanges 2-185
re-authenticating IEEE 802.1x-enabled ports 2-180
resetting configurable IEEE 802.1x parameters 2-166
switch-to-authentication server retransmission time 2-185
switch-to-client frame-retransmission number 2-174 to 2-176
switch-to-client retransmission time 2-185
test for IEEE 802.1x readiness 2-183
port-based trust
IPv4 and IPv6 2-399
port-channel load-balance command 2-447
Port Fast, for spanning tree 2-836
port ranges, defining 2-130, 2-133
ports, debugging B-81
ports, protected 2-896
port security
aging 2-890
debug messages, display B-83
enabling 2-885
violation error recovery 2-197
port trust states for QoS 2-398
port types, MVR 2-411
power information, displaying 2-571
power inline command 2-449
power inline consumption command 2-452
power inline police command 2-455
Power over Ethernet
See PoE
power-priority command 2-458
power rps command (user EXEC) 2-460
power supply
configuring 2-462
managing 2-462
power supply command 2-462
priority-queue command 2-464
priority value, stack member 2-757, 2-861
private-vlan command 2-466
private-vlan mapping command 2-469
private VLANs
association 2-894
configuring 2-466
configuring ports 2-881
displaying 2-768
host ports 2-881
mapping
configuring 2-894
displaying 2-588
promiscuous ports 2-881
privileged EXEC mode 1-2, 1-3
product identification information, displaying 2-605
promiscuous ports, private VLANs 2-881
protected ports, displaying 2-594
pruning
VLANs 2-898
VTP
enabling 2-940
pruning-eligible VLAN list 2-900
PVST+
See STP
Q
QoS
auto-QoS
configuring 2-61
debug messages, display B-4
displaying 2-516
auto-QoS trust
configuring 2-55
auto-QoS video
configuring 2-58
class maps
creating 2-90
defining the match criteria 2-353
displaying 2-527
defining the CoS value for an incoming packet 2-368
displaying configuration information 2-516, 2-705
DSCP transparency 2-380
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 2-370
defining DSCP-to-DSCP-mutation map 2-372
egress queues
allocating buffers 2-376
defining the CoS output queue threshold map 2-394
defining the DSCP output queue threshold map 2-396
displaying buffer allocations 2-709
displaying CoS output queue threshold map 2-713
displaying DSCP output queue threshold map 2-713
displaying queueing strategy 2-709
displaying queue-set settings 2-716
enabling bandwidth shaping and scheduling 2-848
enabling bandwidth sharing and scheduling 2-850
limiting the maximum output on a port 2-846
mapping a port to a queue-set 2-471
mapping CoS values to a queue and threshold 2-394
mapping DSCP values to a queue and threshold 2-396
setting maximum and reserved memory allocations 2-378
setting WTD thresholds 2-378
enabling 2-364
enabling IPv6 QoS 2-364
ingress queues
allocating buffers 2-384
assigning SRR scheduling weights 2-382
defining the CoS input queue threshold map 2-386
defining the DSCP input queue threshold map 2-388
displaying buffer allocations 2-709
displaying CoS input queue threshold map 2-713
displaying DSCP input queue threshold map 2-713
displaying queueing strategy 2-709
displaying settings for 2-707
enabling the priority queue 2-390
mapping CoS values to a queue and threshold 2-386
mapping DSCP values to a queue and threshold 2-388
setting WTD thresholds 2-392
maps
defining 2-372, 2-386, 2-388, 2-394, 2-396
displaying 2-713
policy maps
applying an aggregate policer 2-442
applying to an interface 2-496, 2-502
creating 2-444
defining policers 2-366, 2-440
displaying policers 2-706
displaying policy maps 2-733
hierarchical 2-445
policed-DSCP map 2-372
setting DSCP or IP precedence values 2-500
traffic classifications 2-87
trust states 2-915
port trust states 2-398
queues, enabling the expedite 2-464
statistics
in-profile and out-of-profile packets 2-709
packets enqueued or dropped 2-709
sent and received CoS values 2-709
sent and received DSCP values 2-709
trusted boundary for IP phones 2-398
VLAN-based 2-400
quality of service
See QoS
querytime, MVR 2-408
queue-set command 2-471
R
radius-server dead-criteria command 2-472
radius-server host command 2-474
rapid per-VLAN spanning-tree plus
See STP
rapid PVST+
See STP
rcommand command 2-476
re-authenticating IEEE 802.1x-enabled ports 2-180
re-authentication
periodic 2-181
time between attempts 2-185
receiver ports, MVR 2-411
receiving flow-control packets 2-204
recovery mechanism
causes 2-197
display 2-94, 2-523, 2-574, 2-577
timer interval 2-198
redundancy for cluster switches 2-127
redundant power supply
See RPS
redundant power system
See Cisco Redundant Power System 2300
reload command 2-478
remote command 2-480
remote-span command 2-482
Remote Switched Port Analyzer
See RSPAN
rename (boot loader) command A-21
renew ip dhcp snooping database command 2-484
replay protection, MACsec 2-486
replay-protection command 2-486
reset (boot loader) command A-22
resource templates, displaying 2-743
restricted VLAN
See dot1x auth-fail vlan
rmdir (boot loader) command A-23
rmon collection stats command 2-489
root guard, for spanning tree 2-809
routed ports
IP addresses on 2-218
number supported 2-218
routing frames
See MTU
RPS
See Cisco Redundant Power System 2300
RPS 2300
configuring 2-460
managing 2-460
See Cisco Redundant Power System 2300
RSPAN
configuring 2-403
displaying 2-719
filter RSPAN traffic 2-403
remote-span command 2-482
sessions
add interfaces to 2-403
displaying 2-719
start new 2-403
S
scheduled switchover
disabling 2-148
enabling 2-148
SDM mismatch mode 2-491, 2-758
sdm prefer command 2-490
SDM templates
allowed resources 2-491
and stacking 2-491
displaying 2-743
dual IPv4 and IPv6 2-490
secure ports, limitations 2-887
sending flow-control packets 2-204
service password-recovery command 2-494
service-policy command 2-496
session command 2-499
set (boot loader) command A-24
set command 2-500
setup command 2-502
setup express command 2-505
show access-lists command 2-507
show archive status command 2-510
show arp access-list command 2-511
show authentication command 2-512
show auto qos command 2-516
show boot command 2-520
show cable-diagnostics tdr command 2-523
show cisp command 2-526
show class-map command 2-527
show cluster candidates command 2-530
show cluster command 2-528
show cluster members command 2-532
show controllers cpu-interface command 2-534
show controllers ethernet-controller command 2-536
show controllers ethernet-controller fastethernet command 2-543
show controllers ethernet phy macsec command 2-546
show controllers power inline command 2-549
show controllers tcam command 2-551
show controller utilization command 2-553
show dot1q-tunnel command 2-560
show dot1x command 2-562
show dtp 2-566
show eap command 2-568
show env command 2-571
show errdisable detect command 2-574
show errdisable flap-values command 2-576
show errdisable recovery command 2-577
show etherchannel command 2-579
show fallback profile command 2-582
show flowcontrol command 2-584
show idprom command 2-586
show interfaces command 2-588
show interfaces counters command 2-599
show interface transceivers command 2-602
show inventory command 2-605
show ip arp inspection command 2-606
show ipc command 2-632
show ip dhcp snooping binding command 2-611
show ip dhcp snooping command 2-610
show ip dhcp snooping database command 2-613, 2-615
show ip igmp profile command 2-618
show ip igmp snooping address command 2-641
show ip igmp snooping command 2-619, 2-639
show ip igmp snooping groups command 2-622
show ip igmp snooping mrouter command 2-624, 2-643
show ip igmp snooping querier command 2-626, 2-645
show ip source binding command 2-628
show ipv6 access-list command 2-636
show ipv6 dhcp conflict command 2-638
show ipv6 route updated 2-647
show ip verify source command 2-630
show l2protocol-tunnel command 2-649
show lacp command 2-652
show link state group command 2-656
show lldp command 2-658
show location 2-659
show location command 2-659
show logging onboard command 2-662
show mac access-group command 2-667
show mac address-table address command 2-670
show mac address-table aging time command 2-672
show mac address-table command 2-668
show mac address-table count command 2-674
show mac address-table dynamic command 2-676
show mac address-table interface command 2-678
show mac address-table learning command 2-680
show mac address-table move update command 2-681
show mac address-table notification command 2-105, 2-683, B-27
show mac address-table static command 2-685
show mac address-table vlan command 2-687
show macsec command 2-689
show mka default-policy command 2-691
show mka policy command 2-693
show mka session command 2-696
show mka statistics command 2-699
show mka summary command 2-702
show mls qos aggregate-policer command 2-706
show mls qos command 2-705
show mls qos input-queue command 2-707
show mls qos interface command 2-709
show mls qos maps command 2-713
show mls qos queue-set command 2-716
show mls qos vlan command 2-718
show monitor command 2-719
show mvr command 2-721
show mvr interface command 2-723
show mvr members command 2-725
show network-policy profile command 2-727
show nmsp command 2-728
show pagp command 2-731
show platform acl command C-2
show platform backup interface command C-3
show platform configuration command C-4
show platform dl command C-5
show platform etherchannel command C-6
show platform forward command C-7
show platform frontend-controller command C-9
show platform igmp snooping command C-10
show platform ipc trace command C-18
show platform ip multicast command C-12
show platform ip unicast command C-13
show platform ipv6 mld snooping command C-19
show platform ipv6 unicast command C-20
show platform ip wccp command C-17
show platform layer4op command C-22
show platform mac-address-table command C-23
show platform messaging command C-24
show platform monitor command C-25
show platform mvr table command C-26
show platform pm command C-27
show platform port-asic command C-29
show platform port-security command C-34
show platform qos command C-35
show platform resource-manager command C-36
show platform snmp counters command C-38
show platform spanning-tree command C-39
show platform stack-manager command C-41
show platform stp-instance command C-40
show platform tb command C-45
show platform tcam command C-47
show platform vlan command C-50
show policy-map command 2-733
show port security command 2-734
show power inline command 2-737, 2-753
show sdm prefer command 2-743
show setup express command 2-746
show spanning-tree command 2-747
show storm-control command 2-755
show switch command 2-757
show system mtu command 2-762
show trust command 2-915
show udld command 2-763
show version command 2-766
show vlan access-map command 2-773
show vlan command 2-768
show vlan command, fields 2-770
show vlan filter command 2-774
show vmps command 2-775
show vtp command 2-777
shutdown command 2-783
shutdown threshold, Layer 2 protocol tunneling 2-315
shutdown vlan command 2-784
small-frame violation rate command 2-785
SNMP host, specifying 2-792
SNMP informs, enabling the sending of 2-787
snmp-server enable traps command 2-787
snmp-server host command 2-792
snmp trap mac-notification change command 2-796
SNMP traps
enabling MAC address notification trap 2-796
enabling the MAC address notification feature 2-345
enabling the sending of 2-787
SoftPhone
See Cisco SoftPhone
software images
copying 2-8
deleting 2-135
downloading 2-11
upgrading 2-8, 2-11
uploading 2-18
software version, displaying 2-766
source ports, MVR 2-411
SPAN
configuring 2-403
debug messages, display B-30
displaying 2-719
filter SPAN traffic 2-403
sessions
add interfaces to 2-403
displaying 2-719
start new 2-403
spanning-tree backbonefast command 2-798
spanning-tree bpdufilter command 2-799
spanning-tree bpduguard command 2-801
spanning-tree cost command 2-803
spanning-tree etherchannel command 2-805
spanning-tree extend system-id command 2-807
spanning-tree guard command 2-809
spanning-tree link-type command 2-811
spanning-tree loopguard default command 2-813
spanning-tree mode command 2-815
spanning-tree mst configuration command 2-817
spanning-tree mst cost command 2-819
spanning-tree mst forward-time command 2-821
spanning-tree mst hello-time command 2-822
spanning-tree mst max-age command 2-823
spanning-tree mst max-hops command 2-824
spanning-tree mst port-priority command 2-825
spanning-tree mst pre-standard command 2-827
spanning-tree mst priority command 2-828
spanning-tree mst root command 2-829
spanning-tree portfast (global configuration) command 2-833
spanning-tree portfast (interface configuration) command 2-836
spanning-tree port-priority command 2-831
Spanning Tree Protocol
See STP
spanning-tree transmit hold-count command 2-838
spanning-tree uplinkfast command 2-839
spanning-tree vlan command 2-841
speed command 2-844
srr-queue bandwidth limit command 2-846
srr-queue bandwidth shape command 2-848
srr-queue bandwidth share command 2-850
SSH, configuring version 2-280
stack-mac persistent timer command 2-852
stack member
access 2-499
number 2-757, 2-864
priority value 2-861
provisioning 2-862
reloading 2-478
stacks, switch
disabling a member 2-859
enabling a member 2-859
MAC address 2-852
provisioning a new member 2-862
reloading 2-478
stack member access 2-499
stack member number 2-757, 2-864
stack member priority value 2-757, 2-861
static-access ports, configuring 2-868
statistics, Ethernet group 2-489
sticky learning, enabling 2-885
storm-control command 2-856
STP
BackboneFast 2-798
counters, clearing 2-113
debug messages, display
BackboneFast events B-87
MSTP B-90
optimized BPDUs handling B-89
spanning-tree activity B-85
switch shim B-92
transmitted and received BPDUs B-88
UplinkFast B-94
detection of indirect link failures 2-798
enabling protocol tunneling for 2-315
EtherChannel misconfiguration 2-805
extended system ID 2-807
path cost 2-803
protocol modes 2-815
root port
accelerating choice of new 2-839
loop guard 2-809
preventing from becoming designated 2-809
restricting which can be root 2-809
root guard 2-809
UplinkFast 2-839
root switch
affects of extended system ID 2-807, 2-842
hello-time 2-841
interval between BDPU messages 2-841
interval between hello BPDU messages 2-841
max-age 2-841
port priority for selection of 2-831
primary or secondary 2-841
switch priority 2-841
state changes
blocking to forwarding state 2-836
enabling BPDU filtering 2-799, 2-833
enabling BPDU guard 2-801, 2-833
enabling Port Fast 2-833, 2-836
enabling timer to recover from error state 2-197
forward-delay time 2-841
length of listening and learning states 2-841
shutting down Port Fast-enabled ports 2-833
state information display 2-747
VLAN options 2-828, 2-841
supplemental power command 2-854
SVIs, creating 2-212
SVI status calculation 2-870
Switched Port Analyzer
See SPAN
switching characteristics
modifying 2-866
returning to interfaces 2-866
switchport access command 2-868
switchport autostate exclude command 2-870
switchport backup interface command 2-872
switchport block command 2-875
switchport command 2-866
switchport host command 2-877
switchport mode command 2-878
switchport mode private-vlan command 2-881
switchport nonegotiate command 2-883
switchport port-security aging command 2-890
switchport port-security command 2-885
switchport priority extend command 2-892
switchport private-vlan command 2-894
switchport protected command 2-896
switchports, displaying 2-588
switchport trunk command 2-898
switchport voice detect 2-901
switchport voice vlan command 2-902
switch priority command 2-859, 2-861
switch provision command 2-862
switch renumber command 2-864
system env temperature threshold yellow command 2-904
system message logging 2-331
system message logging, save message to flash 2-332
system mtu command 2-906
system resource templates 2-490
T
tar files, creating, listing, and extracting 2-15
TDR, running 2-909
Telnet, using to communicate to cluster switches 2-476
temperature information, displaying 2-571
templates, system resources 2-490
test cable-diagnostics tdr command 2-909
traceroute mac command 2-910
traceroute mac ip command 2-913
trunking, VLAN mode 2-878
trunk mode 2-878
trunk ports 2-878
trunks, to non-DTP device 2-879
trusted boundary for QoS 2-398
trusted port states for QoS 2-398
tunnel ports, Layer 2 protocol, displaying 2-649
type (boot loader) command A-27
U
UDLD
aggressive mode 2-917, 2-919
debug messages, display B-102
enable globally 2-917
enable per interface 2-919
error recovery timer 2-197
message timer 2-917
normal mode 2-917, 2-919
reset a shutdown interface 2-921
status 2-763
udld command 2-917
udld port command 2-919
udld reset command 2-921
unicast storm control 2-856
UniDirectional Link Detection
See UDLD
unknown multicast traffic, preventing 2-875
unknown unicast traffic, preventing 2-875
unset (boot loader) command A-28
upgrading
copying software images 2-8
downloading software images 2-11
software images, monitoring status of 2-510
UplinkFast, for STP 2-839
usb-inactivity-timeout (console configuration) command 2-922
user EXEC mode 1-2, 1-3
V
version (boot loader) command A-30
version mismatch mode 2-758, C-42
vlan (global configuration) command 2-923
vlan access-map command 2-928
VLAN access map configuration mode 2-928
VLAN access maps
actions 2-6
displaying 2-773
VLAN-based QoS 2-400
VLAN configuration
rules 2-926
saving 2-923
VLAN configuration mode
description 1-4
entering 2-923
summary 1-3
vlan dot1q tag native command 2-930
vlan filter command 2-932
VLAN filters, displaying 2-774
VLAN ID range 2-923
VLAN maps
applying 2-932
creating 2-928
defining 2-351
displaying 2-773
VLAN Query Protocol
See VQP
VLANs
adding 2-923
configuring 2-923
debug messages, display
ISL B-98
VLAN IOS file system error tests B-97
VLAN manager activity B-95
VTP B-100
displaying configurations 2-768
extended-range 2-923
MAC addresses
displaying 2-687
number of 2-674
media types 2-926
normal-range 2-923
private 2-881
configuring 2-466
displaying 2-768
See also private VLANs
restarting 2-784
saving the configuration 2-923
shutting down 2-784
SNMP traps for VTP 2-790, 2-793
suspending 2-784
VLAN Trunking Protocol
See VTP
VM mode 2-758, C-42
VMPS
configuring servers 2-937
displaying 2-775
error recovery timer 2-198
reconfirming dynamic VLAN assignments 2-934
vmps reconfirm (global configuration) command 2-935
vmps reconfirm (privileged EXEC) command 2-934
vmps retry command 2-936
vmps server command 2-937
voice VLAN
configuring 2-901, 2-902
setting port priority 2-892
VQP
and dynamic-access ports 2-869
clearing client statistics 2-115
displaying information 2-775
per-server retry count 2-936
reconfirmation interval 2-935
reconfirming dynamic VLAN assignments 2-934
VTP
changing characteristics 2-939
clearing pruning counters 2-116
configuring
domain name 2-939
file name 2-939
mode 2-939
password 2-940
counters display fields 2-778
displaying information 2-777
enabling
pruning 2-940
tunneling for 2-315
Version 2 2-940
enabling per port 2-944
mode 2-939
pruning 2-940
saving the configuration 2-923
statistics 2-777
status 2-777
status display fields 2-780
vtp (global configuration) command 2-939
vtp interface configuration command 2-944
vtp primary command 2-945
Index
A
aaa accounting dot1x command 2-1
aaa authentication dot1x command 2-3
aaa authorization network command 2-5, 2-24, 2-31, 2-33, 2-36, 2-38, 2-40, 2-161, 2-334, 2-526, B-7, B-38
AAA methods 2-3
access control entries
See ACEs
access control lists
See ACLs
access groups
IP 2-214
MAC, displaying 2-667
access list, IPv6 2-288
access map configuration mode 2-351
access mode 2-878
access ports 2-878
ACEs 2-145, 2-439
ACLs
deny 2-143
displaying 2-507
for non-IP protocols 2-338
IP 2-214
matching 2-351
on Layer 2 interfaces 2-214
permit 2-437
action command 2-6
address aliasing 2-409
aggregate-port learner 2-425
allowed VLANs 2-898
archive copy-sw command 2-8
archive download-sw command 2-11
archive tar command 2-15
archive upload-sw command 2-18
arp (boot loader) command A-2
arp access-list command 2-20
authentication command bounce-port ignore 2-22
authentication command disable-port ignore 2-23
authentication control-direction command 2-24
authentication event command 2-26
authentication event linksec fail action command 2-30
authentication failed VLAN
See dot1x auth-fail vlan
authentication fallback command 2-31
authentication host-mode command 2-33
authentication linksec policy command 2-35
authentication mac-move permit command 2-36
authentication open command 2-38
authentication order command 2-40
authentication periodic command 2-42
authentication port-control command 2-44
authentication priority command 2-46
authentication timer command 2-48
authentication violation command 2-50
auth-fail max-attempts
See dot1x auth-fail max-attempts
auth-fail vlan
See dot1x auth-fail vlan
auth open command 2-38
auth order command 2-40
authorization state of controlled port 2-178
auth timer command 2-48
autonegotiation of duplex mode 2-190
auto qos classify command 2-52
auto qos trust command 2-55
auto qos video command 2-58
auto qos voip command 2-61
B
BackboneFast, for STP 2-798
backup interfaces
configuring 2-872
displaying 2-589
boot (boot loader) command A-3
boot auto-copy-sw command 2-67
boot auto-download-sw command 2-68
boot config-file command 2-71
boot enable-break command 2-72
boot helper command 2-73
boot helper-config file command 2-74
booting
Cisco IOS image 2-77
displaying environment variables 2-520
interrupting 2-72
manually 2-75
boot loader
accessing A-1
booting
Cisco IOS image A-3
helper image 2-73
directories
creating A-19
displaying a list of A-8
removing A-23
displaying
available commands A-13
memory heap utilization A-14
version A-30
environment variables
described A-24
displaying settings A-24
location of A-25
setting A-24
unsetting A-28
files
copying A-6
deleting A-7
displaying a list of A-8
displaying the contents of A-5, A-20, A-27
renaming A-21
file system
formatting A-11
initializing flash A-10
running a consistency check A-12
prompt A-1
resetting the system A-22
boot manual command 2-75
boot private-config-file command 2-76
boot system command 2-77
BPDU filtering, for spanning tree 2-799, 2-833
BPDU guard, for spanning tree 2-801, 2-833
broadcast storm control 2-856
C
candidate switches
See clusters
cat (boot loader) command A-5
CDP, enabling protocol tunneling for 2-315
channel-group command 2-81
channel-protocol command 2-85
Cisco IP camera
auto-QoS configuration 2-58
Cisco Redundant Power System 2300
configuring 2-461
managing 2-461
Cisco SoftPhone
auto-QoS configuration 2-61
trusting packets sent from 2-398
Cisco Telepresence System
auto-QoS configuration 2-58
CISP
See Client Information Signalling Protocol
cisp
debug platform cisp command B-38
cisp enable command 2-86
class command 2-87
class-map command 2-90
class maps
creating 2-90
defining the match criteria 2-353
displaying 2-527
class of service
See CoS
clear dot1x command 2-92
clear eap sessions command 2-93
clear errdisable interface 2-94
clear ip arp inspection log command 2-95
clear ip arp inspection statistics command 2-96
clear ipc command 2-99
clear ip dhcp snooping database command 2-97
clear ipv6 dhcp conflict command 2-100
clear l2protocol-tunnel counters command 2-101
clear lacp command 2-102
clear logging onboard command 2-103
clear mac address-table command 2-104, 2-105
clear macsec counters interface command 2-106
clear mka command 2-107
clear nmsp statistics command 2-109
clear pagp command 2-110
clear port-security command 2-111
clear spanning-tree counters command 2-113
clear spanning-tree detected-protocols command 2-114
clear vmps statistics command 2-115
clear vtp counters command 2-116
Client Information Signalling Protocol 2-86, 2-161, 2-526, B-7, B-38
cluster commander-address command 2-117
cluster discovery hop-count command 2-119
cluster enable command 2-120
cluster holdtime command 2-122
cluster member command 2-123
cluster outside-interface command 2-125
cluster run command 2-126
clusters
adding candidates 2-123
binding to HSRP group 2-127
building manually 2-123
communicating with
devices outside the cluster 2-125
members by using Telnet 2-476
debug messages, display B-8
displaying
candidate switches 2-530
debug messages B-8
member switches 2-532
status 2-528
hop-count limit for extended discovery 2-119
HSRP standby groups 2-127
redundancy 2-127
SNMP trap 2-787
cluster standby-group command 2-127
cluster timer command 2-129
command modes defined 1-2
command switch
See clusters
confidentiality-offset command 2-132
configuration files
password recovery disable considerations A-1
specifying the name 2-71, 2-76
configuring multiple interfaces 2-210
config-vlan mode
commands 2-924
copy (boot loader) command A-6
copy logging onboard command 2-130
CoS
assigning default value to incoming packets 2-368
assigning to Layer 2 protocol packets 2-318
overriding the incoming value 2-368
CoS-to-DSCP map 2-372
CPU ASIC statistics, displaying 2-534
crashinfo files 2-201
critical VLAN 2-27
D
debug authentication B-2
debug auto qos command B-4
debug backup command B-6
debug cisp command B-7
debug cluster command B-8
debug dot1x command B-10
debug dtp command B-11
debug eap command B-12
debug etherchannel command B-13
debug fastethernet command B-14
debug ilpower command B-15
debug interface command B-16
debug ip dhcp snooping command B-17
debug ip igmp filter command B-19
debug ip igmp max-groups command B-20
debug ip igmp snooping command B-21
debug ip verify source packet command B-18
debug lacp command B-22
debug lldp packets command B-23
debug mac-notification command B-24
debug macsec command B-25
debug matm command B-26
debug matm move update command B-27
debug mka command B-28
debug monitor command B-30
debug mvrdbg command B-31
debug nmsp command B-32
debug nvram command B-33
debug pagp command B-34
debug platform acl command B-35
debug platform backup interface command B-37
debug platform cisp command B-38
debug platform cli-redirection main command B-39
debug platform configuration command B-40, B-48
debug platform cpu-queues command B-41
debug platform device-manager command B-43
debug platform dot1x command B-44
debug platform etherchannel command B-45
debug platform fallback-bridging command B-46
debug platform forw-tcam command B-47
debug platform ip arp inspection command B-49
debug platform ipc command B-58
debug platform ip dhcp command B-50
debug platform ip igmp snooping command B-51
debug platform ip multicast command B-53
debug platform ip unicast command B-55
debug platform ip wccp command B-57
debug platform led command B-59
debug platform matm command B-60
debug platform messaging application command B-61
debug platform phy command B-62
debug platform pm command B-64
debug platform port-asic command B-66
debug platform port-security command B-67
debug platform qos-acl-tcam command B-68
debug platform remote-commands command B-69
debug platform resource-manager command B-70
debug platform snmp command B-71
debug platform span command B-72
debug platform stack-manager command B-73
debug platform supervisor-asic command B-74
debug platform sw-bridge command B-75
debug platform tcam command B-76
debug platform udld command B-79
debug platform vlan command B-80
debug pm command B-81
debug port-security command B-83
debug qos-manager command B-84
debug spanning-tree backbonefast command B-87
debug spanning-tree bpdu command B-88
debug spanning-tree bpdu-opt command B-89
debug spanning-tree command B-85
debug spanning-tree mstp command B-90
debug spanning-tree switch command B-92
debug spanning-tree uplinkfast command B-94
debug sw-vlan command B-95
debug sw-vlan ifs command B-97
debug sw-vlan notification command B-98
debug sw-vlan vtp command B-100
debug udld command B-102
debug vqpc command B-104
default policy, MKA 2-359
define interface-range command 2-133
delete (boot loader) command A-7
delete command 2-135
deny (ARP access-list configuration) command 2-136
deny (IPv6) command 2-138
deny command 2-143
detect mechanism, causes 2-193
DHCP snooping
accepting untrusted packets from edge switch 2-246
enabling
on a VLAN 2-252
option 82 2-244, 2-246
trust on an interface 2-250
error recovery timer 2-197
rate limiting 2-249
DHCP snooping binding database
binding file, configuring 2-242
bindings
adding 2-240
deleting 2-240
displaying 2-611
clearing database agent statistics 2-97
database agent, configuring 2-242
displaying
binding entries 2-611
database agent status 2-613, 2-615
renewing 2-484
Digital Optical Monitoring
see DoM
dir (boot loader) command A-8
directories, deleting 2-135
DoM
displaying supported transceivers 2-602
domain name, VTP 2-939
dot1x auth-fail max-attempts 2-155
dot1x auth-fail vlan 2-157
dot1x command 2-153
dot1x control-direction command 2-159
dot1x credentials (global configuration) command 2-161
dot1x critical global configuration command 2-162
dot1x critical interface configuration command 2-164
dot1x default command 2-166
dot1x fallback command 2-167
dot1x guest-vlan command 2-168
dot1x host-mode command 2-170
dot1x initialize command 2-171
dot1x mac-auth-bypass command 2-172
dot1x max-reauth-req command 2-174
dot1x max-req command 2-176
dot1x pae command 2-177
dot1x port-control command 2-178
dot1x re-authenticate command 2-180
dot1x reauthentication command 2-181
dot1x supplicant force-multicast command 2-182
dot1x test eapol-capable command 2-183
dot1x test timeout command 2-184
dot1x timeout command 2-185
dot1x violation-mode command 2-188
dropping packets, with ACL matches 2-6
drop threshold, Layer 2 protocol tunneling 2-315
DSCP-to-CoS map 2-372
DSCP-to-DSCP-mutation map 2-372
DTP 2-879
DTP flap
error detection for 2-193
error recovery timer 2-197
DTP negotiation 2-883
dual IPv4 and IPv6 templates 2-431
duplex command 2-189
dynamic-access ports
configuring 2-868
restrictions 2-869
dynamic ARP inspection
ARP ACLs
apply to a VLAN 2-222
define 2-20
deny packets 2-136
display 2-511
permit packets 2-429
clear
log buffer 2-95
statistics 2-96
display
ARP ACLs 2-511
configuration and operating state 2-606
log buffer 2-606
statistics 2-606
trust state and rate limit 2-606
enable per VLAN 2-232
error detection for 2-193
error recovery timer 2-197
log buffer
clear 2-95
configure 2-226
display 2-606
rate-limit incoming ARP packets 2-224
statistics
clear 2-96
display 2-606
trusted interface state 2-228
type of packet logged 2-233
validation checks 2-230
dynamic auto VLAN membership mode 2-878
dynamic desirable VLAN membership mode 2-878
Dynamic Host Configuration Protocol (DHCP)
See DHCP snooping
Dynamic Trunking Protocol
See DTP
E
EAP-request/identity frame
maximum number to send 2-176
response time before retransmitting 2-185
encapsulation methods 2-898
environment variables, displaying 2-520
epm access-control open 2-191
errdisable detect cause command 2-193
errdisable detect cause small-frame command 2-195
errdisable recovery cause small-frame 2-200
errdisable recovery command 2-197
error conditions, displaying 2-576
error disable detection 2-193
error-disabled interfaces, displaying 2-588
EtherChannel
assigning Ethernet interface to channel group 2-81
creating port-channel logical interface 2-208
debug EtherChannel/PAgP, display B-13
debug platform-specific events, display B-45
displaying 2-579
enabling Layer 2 protocol tunneling for
LACP 2-316
PAgP 2-316
UDLD 2-316
interface information, displaying 2-588
LACP
clearing channel-group information 2-102, 2-103
debug messages, display B-22
displaying 2-652
modes 2-81
port priority for hot-standby ports 2-319
restricting a protocol 2-85
system priority 2-321
load-distribution methods 2-447
PAgP
aggregate-port learner 2-425
clearing channel-group information 2-110
debug messages, display B-34
displaying 2-731
error detection for 2-193
error recovery timer 2-197
learn method 2-425
modes 2-81
physical-port learner 2-425
priority of interface for transmitted traffic 2-427
Ethernet controller, internal register display 2-536, 2-543
Ethernet Management port, debugging B-14
Ethernet statistics, collecting 2-489
exception crashinfo command 2-201, 2-206
extended discovery of candidate switches 2-119
extended-range VLANs
and allowed VLAN list 2-898
and pruning-eligible list 2-898
configuring 2-923
extended system ID for STP 2-807
F
fallback profile command 2-202
fallback profiles, displaying 2-582
fan information, displaying 2-571
file name, VTP 2-939
files, deleting 2-135
flash_init (boot loader) command A-10
flexible authentication ordering 2-40
Flex Links
configuring 2-872
displaying 2-589
flow-based SPAN 2-403
flowcontrol command 2-204
format (boot loader) command A-11
forwarding packets, with ACL matches 2-6
forwarding results, display C-7
frame forwarding information, displaying C-7
front-end controller counter and status information C-9
fsck (boot loader) command A-12
FSPAN 2-403
G
global configuration mode 1-2, 1-4
H
hardware ACL statistics 2-507
health monitoring diagnostic tests 2-146
help (boot loader) command A-13
hierarchical policy maps 2-445
hop-count limit for clusters 2-119
host connection, port configuration 2-877
host ports, private VLANs 2-881
Hot Standby Router Protocol
See HSRP
HSRP
binding HSRP group to cluster 2-127
standby group 2-127
I
IEEE 802.1Q trunk ports and native VLANs 2-930
IEEE 802.1Q tunnel ports
configuring 2-878
displaying 2-560
limitations 2-879
IEEE 802.1x
and switchport modes 2-879
violation error recovery 2-197
See also port-based authentication
IGMP filters
applying 2-255
debug messages, display B-19
IGMP groups, setting maximum 2-257
IGMP maximum groups, debugging B-20
IGMP profiles
creating 2-259
displaying 2-618
IGMP snooping
adding ports as a static member of a group 2-275
displaying 2-619, 2-624, 2-626
enabling 2-261
enabling the configurable-leave timer 2-263
enabling the Immediate-Leave feature 2-272
flooding query count 2-269
interface topology change notification behavior 2-271
multicast table 2-622
querier 2-265
query solicitation 2-269
report suppression 2-267
switch topology change notification behavior 2-269
images
See software images
Immediate-Leave processing
IGMP 2-272
IPv6 2-311
MVR 2-411
interface configuration mode 1-2, 1-4
interface port-channel command 2-208
interface range command 2-210
interface-range macros 2-133
interfaces
assigning Ethernet interface to channel group 2-81
configuring 2-189
configuring multiple 2-210
creating port-channel logical 2-208
debug messages, display B-16
disabling 2-783
displaying the MAC address table 2-678
restarting 2-783
interface speed, configuring 2-844
interface vlan command 2-212
internal power supplies
See power supplies
internal registers, displaying 2-536, 2-543, 2-551
Internet Group Management Protocol
See IGMP
invalid GBIC
error detection for 2-193
error recovery timer 2-197
ip access-group command 2-214
ip address command 2-217
IP addresses, setting 2-217
IP address matching 2-351
ip admission command 2-219
ip admission name proxy http command 2-220
ip arp inspection filter vlan command 2-222
ip arp inspection limit command 2-224
ip arp inspection log-buffer command 2-226
ip arp inspection trust command 2-228
ip arp inspection validate command 2-230
ip arp inspection vlan command 2-232
ip arp inspection vlan logging command 2-233
ip device tracking command 2-235
ip device tracking probe command 2-237
IP DHCP snooping
See DHCP snooping
ip dhcp snooping binding command 2-240
ip dhcp snooping command 2-239
ip dhcp snooping database command 2-242
ip dhcp snooping information option allow-untrusted command 2-246
ip dhcp snooping information option command 2-244
ip dhcp snooping information option format remote-id command 2-248
ip dhcp snooping limit rate command 2-249
ip dhcp snooping trust command 2-250
ip dhcp snooping verify command 2-251
ip dhcp snooping vlan command 2-252
ip dhcp snooping vlan information option format-type circuit-id string command 2-253
ip igmp filter command 2-255
ip igmp max-groups command 2-257, 2-282, 2-284
ip igmp profile command 2-259
ip igmp snooping command 2-261
ip igmp snooping last-member-query-interval command 2-263
ip igmp snooping querier command 2-265
ip igmp snooping report-suppression command 2-267
ip igmp snooping tcn command 2-269
ip igmp snooping tcn flood command 2-271
ip igmp snooping vlan immediate-leave command 2-272
ip igmp snooping vlan mrouter command 2-273
ip igmp snooping vlan static command 2-275
IP multicast addresses 2-408
IP phones
auto-QoS configuration 2-61
trusting packets sent from 2-398
IP-precedence-to-DSCP map 2-372
ip snap forwarding command 2-277
ip source binding command 2-278
IP source guard
disabling 2-286
displaying
binding entries 2-628
configuration 2-630
dynamic binding entries only 2-611
enabling 2-286
static IP source bindings 2-278
ip ssh command 2-280
IPv4 and IPv6
port-based trust 2-399
IPv6 access list, deny conditions 2-138
ipv6 access-list command 2-288
ipv6 address dhcp command 2-291
ipv6 dhcp client request vendor command 2-292
ipv6 dhcp ping packets command 2-293
ipv6 dhcp pool command 2-295
ipv6 dhcp server command 2-298
ipv6 mld snooping command 2-300
ipv6 mld snooping last-listener-query count command 2-302
ipv6 mld snooping last-listener-query-interval command 2-304
ipv6 mld snooping listener-message-suppression command 2-306
ipv6 mld snooping robustness-variable command 2-307
ipv6 mld snooping tcn command 2-309
ipv6 mld snooping vlan command 2-311
IPv6 QoS
enabling 2-364
IPv6 SDM template 2-490
ipv6 traffic-filter command 2-313
ip verify source command 2-286
J
jumbo frames
See MTU
L
l2protocol-tunnel command 2-315
l2protocol-tunnel cos command 2-318
LACP
See EtherChannel
lacp port-priority command 2-319
lacp system-priority command 2-321
Layer 2 mode, enabling 2-866
Layer 2 protocol ports, displaying 2-649
Layer 2 protocol-tunnel
error detection for 2-193
error recovery timer 2-197
Layer 2 protocol tunnel counters 2-101
Layer 2 protocol tunneling error recovery 2-316
Layer 2 traceroute
IP addresses 2-913
MAC addresses 2-910
Layer 3 mode, enabling 2-866
line configuration mode 1-3, 1-5
Link Aggregation Control Protocol
See EtherChannel
link flap
error detection for 2-193
error recovery timer 2-197
link-security authentication 2-30
link-security policies 2-35
link state group command 2-323
link state track command 2-325
load-distribution methods for EtherChannel 2-447
location (global configuration) command 2-326
location (interface configuration) command 2-328
logging event command 2-330
logging event power-inline-status command 2-331
logging file command 2-332
logical interface 2-208
loopback error
detection for 2-193
recovery timer 2-197
loop guard, for spanning tree 2-809, 2-813
M
mab request format attribute 32 command 2-334
mac access-group command 2-336
MAC access-groups, displaying 2-667
MAC access list configuration mode 2-338
mac access-list extended command 2-338
MAC access lists 2-143
MAC addresses
disabling MAC address learning per VLAN 2-341
displaying
aging time 2-672
all 2-670
dynamic 2-676
MAC address-table move updates 2-681
notification settings 2-680, 2-683
number of addresses in a VLAN 2-674
per interface 2-678
per VLAN 2-687
static 2-685
static and dynamic entries 2-668
dynamic
aging time 2-340
deleting 2-104
displaying 2-676
enabling MAC address notification 2-345
enabling MAC address-table move update 2-343
matching 2-351
persistent stack 2-852
static
adding and removing 2-347
displaying 2-685
dropping on an interface 2-348
tables 2-670
MAC address notification, debugging B-24
mac address-table aging-time 2-336, 2-351
mac address-table aging-time command 2-340
mac address-table learning command 2-341
mac address-table move update command 2-343
mac address-table notification command 2-345
mac address-table static command 2-347
mac address-table static drop command 2-348
MAC frames
See MTU
macros
interface range 2-133, 2-210
MACsec
counters 2-106, 2-546
debugging B-25
displaying 2-689
enabling 2-350
registers 2-546
macsec command 2-350
maps
QoS
defining 2-372
displaying 2-713
VLAN
creating 2-928
defining 2-351
displaying 2-773
match (access-map configuration) command 2-351
match (class-map configuration) command 2-353
maximum transmission unit
See MTU
mdix auto command 2-356
Media Access Control Security
See MACsec.
media-type rj45 command 2-358
member switches
See clusters
memory (boot loader) command A-14
mgmt_clr (boot loader) command A-16
mgmt_init (boot loader) command A-17, A-18
MKA
confidentiality 2-132
debugging B-28
displaying default policy 2-691
displaying policies 2-693
displaying sessions 2-696
displaying sessions and statistics 2-702
displaying statistics 2-699
policy configuration mode 2-360
MKA, enabling 2-362
mka default policy command 2-359
mka policy global configuration command 2-360
mka policy interface configuration command 2-362
mkdir (boot loader) command A-19
MLD snooping
configuring 2-306, 2-307
configuring queries 2-302, 2-304
configuring topology change notification 2-309
displaying 2-639, 2-641, 2-643, 2-645
enabling 2-300
enabling on a VLAN 2-311
mls qos aggregate-policer command 2-366
mls qos command 2-364
mls qos cos command 2-368
mls qos dscp-mutation command 2-370
mls qos map command 2-372
mls qos queue-set output buffers command 2-376
mls qos queue-set output threshold command 2-378
mls qos rewrite ip dscp command 2-380
mls qos srr-queue input bandwidth command 2-382
mls qos srr-queue input buffers command 2-384
mls qos-srr-queue input cos-map command 2-386
mls qos srr-queue input dscp-map command 2-388
mls qos srr-queue input priority-queue command 2-390
mls qos srr-queue input threshold command 2-392
mls qos-srr-queue output cos-map command 2-394
mls qos srr-queue output dscp-map command 2-396
mls qos trust command 2-398
mls qos vlan-based command 2-400
mode, MVR 2-408
Mode button, and password recovery 2-494
mode command 2-401
modes, commands 1-2
monitor session command 2-403
more (boot loader) command A-20
MSTP
displaying 2-748
interoperability 2-114
link type 2-811
MST region
aborting changes 2-817
applying changes 2-817
configuration name 2-817
configuration revision number 2-817
current or pending display 2-817
displaying 2-748
MST configuration mode 2-817
VLANs-to-instance mapping 2-817
path cost 2-819
protocol mode 2-815
restart protocol migration process 2-114
root port
loop guard 2-809
preventing from becoming designated 2-809
restricting which can be root 2-809
root guard 2-809
root switch
affects of extended system ID 2-807
hello-time 2-822, 2-829
interval between BDPU messages 2-823
interval between hello BPDU messages 2-822, 2-829
max-age 2-823
maximum hop count before discarding BPDU 2-824
port priority for selection of 2-825
primary or secondary 2-829
switch priority 2-828
state changes
blocking to forwarding state 2-836
enabling BPDU filtering 2-799, 2-833
enabling BPDU guard 2-801, 2-833
enabling Port Fast 2-833, 2-836
forward-delay time 2-821
length of listening and learning states 2-821
rapid transition to forwarding 2-811
shutting down Port Fast-enabled ports 2-833
state information display 2-747
MTU
configuring size 2-906
displaying global setting 2-762
MAC 2-907
system jumbo 2-907
system routing 2-907
Multicase Listener Discovery
See MLD
multicast group address, MVR 2-411
multicast groups, MVR 2-409
Multicast Listener Discovery
See MLD
multicast router learning method 2-273
multicast router ports, configuring 2-273
multicast router ports, IPv6 2-311
multicast storm control 2-856
multicast VLAN, MVR 2-408
multicast VLAN registration
See MVR
multiple hosts on authorized port 2-170
Multiple Spanning Tree Protocol
See MSTP
MVR
and address aliasing 2-409
configuring 2-408
configuring interfaces 2-411
debug messages, display B-31
displaying 2-721
displaying interface information 2-723
members, displaying 2-725
mvr (global configuration) command 2-408
mvr (interface configuration) command 2-411
mvr vlan group command 2-412
N
native VLANs 2-898
native VLAN tagging 2-930
network-policy (global configuration) command 2-415
network-policy command 2-414
network-policy profile (network-policy configuration) command 2-416
nmsp attachment suppress command 2-419
nmsp command 2-418
no authentication logging verbose 2-420
no dot1x logging verbose 2-421
no mab logging verbose 2-422
nonegotiate
DTP messaging 2-883
speed 2-844
non-IP protocols
denying 2-143
forwarding 2-437
non-IP traffic access lists 2-338
non-IP traffic forwarding
denying 2-143
permitting 2-437
non-stop forwarding 2-423
normal-range VLANs 2-923
no vlan command 2-923
nsf command 2-423
O
online diagnostics
configuring health monitoring diagnostic tests 2-146
displaying
configured boot-up coverage level 2-555
current scheduled tasks 2-555
event logs 2-555
supported test suites 2-555
test ID 2-555
test results 2-555
test statistics 2-555
enabling
scheduling 2-148
syslog messages 2-146
global configuration mode
clearing health monitoring diagnostic test schedule 2-146
clearing test-based testing schedule 2-148
setting health monitoring diagnostic testing 2-146
setting test-based testing 2-148
setting up health monitoring diagnostic test schedule 2-146
setting up test-based testing 2-148
removing scheduling 2-148
scheduled switchover
disabling 2-148
enabling 2-148
setting test interval 2-148
specifying health monitoring diagnostic tests 2-146
starting testing 2-150
P
PAgP
See EtherChannel
pagp learn-method command 2-425
pagp port-priority command 2-427
password, VTP 2-940
password-recovery mechanism, enabling and disabling 2-494
permit (ARP access-list configuration) command 2-429
permit (IPv6) command 2-431
permit (MAC access-list configuration) command 2-437
per-VLAN spanning-tree plus
See STP
physical-port learner 2-425
PID, displaying 2-605
PIM-DVMRP, as multicast router learning method 2-273
PoE
configuring the power budget 2-452
configuring the power management mode 2-449
displaying controller register values 2-549
displaying power management information 2-737
error detection for 2-193
error recovery timer 2-197
logging of status 2-331
monitoring power 2-455
policing power consumption 2-455
police aggregate command 2-442
police command 2-440
policed-DSCP map 2-372
policy-map command 2-444
policy maps
applying to an interface 2-496, 2-502
creating 2-444
displaying 2-733
hierarchical 2-445
policers
displaying 2-706
for a single class 2-440
for multiple classes 2-366, 2-442
policed-DSCP map 2-372
traffic classification
defining the class 2-87
defining trust states 2-915
setting DSCP or IP precedence values 2-500
Port Aggregation Protocol
See EtherChannel
port-based authentication
AAA method list 2-3
configuring violation modes 2-188
debug messages, display B-10
enabling guest VLAN supplicant 2-156, 2-167
enabling IEEE 802.1x
globally 2-153
per interface 2-178
guest VLAN 2-168
host modes 2-170
IEEE 802.1x AAA accounting methods 2-1
initialize an interface 2-171, 2-184
MAC authentication bypass 2-172
manual control of authorization state 2-178
multiple hosts on authorized port 2-170
PAE as authenticator 2-177
periodic re-authentication
enabling 2-181
time between attempts 2-185
quiet period between failed authentication exchanges 2-185
re-authenticating IEEE 802.1x-enabled ports 2-180
resetting configurable IEEE 802.1x parameters 2-166
switch-to-authentication server retransmission time 2-185
switch-to-client frame-retransmission number 2-174 to 2-176
switch-to-client retransmission time 2-185
test for IEEE 802.1x readiness 2-183
port-based trust
IPv4 and IPv6 2-399
port-channel load-balance command 2-447
Port Fast, for spanning tree 2-836
port ranges, defining 2-130, 2-133
ports, debugging B-81
ports, protected 2-896
port security
aging 2-890
debug messages, display B-83
enabling 2-885
violation error recovery 2-197
port trust states for QoS 2-398
port types, MVR 2-411
power information, displaying 2-571
power inline command 2-449
power inline consumption command 2-452
power inline police command 2-455
Power over Ethernet
See PoE
power-priority command 2-458
power rps command (user EXEC) 2-460
power supply
configuring 2-462
managing 2-462
power supply command 2-462
priority-queue command 2-464
priority value, stack member 2-757, 2-861
private-vlan command 2-466
private-vlan mapping command 2-469
private VLANs
association 2-894
configuring 2-466
configuring ports 2-881
displaying 2-768
host ports 2-881
mapping
configuring 2-894
displaying 2-588
promiscuous ports 2-881
privileged EXEC mode 1-2, 1-3
product identification information, displaying 2-605
promiscuous ports, private VLANs 2-881
protected ports, displaying 2-594
pruning
VLANs 2-898
VTP
enabling 2-940
pruning-eligible VLAN list 2-900
PVST+
See STP
Q
QoS
auto-QoS
configuring 2-61
debug messages, display B-4
displaying 2-516
auto-QoS trust
configuring 2-55
auto-QoS video
configuring 2-58
class maps
creating 2-90
defining the match criteria 2-353
displaying 2-527
defining the CoS value for an incoming packet 2-368
displaying configuration information 2-516, 2-705
DSCP transparency 2-380
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 2-370
defining DSCP-to-DSCP-mutation map 2-372
egress queues
allocating buffers 2-376
defining the CoS output queue threshold map 2-394
defining the DSCP output queue threshold map 2-396
displaying buffer allocations 2-709
displaying CoS output queue threshold map 2-713
displaying DSCP output queue threshold map 2-713
displaying queueing strategy 2-709
displaying queue-set settings 2-716
enabling bandwidth shaping and scheduling 2-848
enabling bandwidth sharing and scheduling 2-850
limiting the maximum output on a port 2-846
mapping a port to a queue-set 2-471
mapping CoS values to a queue and threshold 2-394
mapping DSCP values to a queue and threshold 2-396
setting maximum and reserved memory allocations 2-378
setting WTD thresholds 2-378
enabling 2-364
enabling IPv6 QoS 2-364
ingress queues
allocating buffers 2-384
assigning SRR scheduling weights 2-382
defining the CoS input queue threshold map 2-386
defining the DSCP input queue threshold map 2-388
displaying buffer allocations 2-709
displaying CoS input queue threshold map 2-713
displaying DSCP input queue threshold map 2-713
displaying queueing strategy 2-709
displaying settings for 2-707
enabling the priority queue 2-390
mapping CoS values to a queue and threshold 2-386
mapping DSCP values to a queue and threshold 2-388
setting WTD thresholds 2-392
maps
defining 2-372, 2-386, 2-388, 2-394, 2-396
displaying 2-713
policy maps
applying an aggregate policer 2-442
applying to an interface 2-496, 2-502
creating 2-444
defining policers 2-366, 2-440
displaying policers 2-706
displaying policy maps 2-733
hierarchical 2-445
policed-DSCP map 2-372
setting DSCP or IP precedence values 2-500
traffic classifications 2-87
trust states 2-915
port trust states 2-398
queues, enabling the expedite 2-464
statistics
in-profile and out-of-profile packets 2-709
packets enqueued or dropped 2-709
sent and received CoS values 2-709
sent and received DSCP values 2-709
trusted boundary for IP phones 2-398
VLAN-based 2-400
quality of service
See QoS
querytime, MVR 2-408
queue-set command 2-471
R
radius-server dead-criteria command 2-472
radius-server host command 2-474
rapid per-VLAN spanning-tree plus
See STP
rapid PVST+
See STP
rcommand command 2-476
re-authenticating IEEE 802.1x-enabled ports 2-180
re-authentication
periodic 2-181
time between attempts 2-185
receiver ports, MVR 2-411
receiving flow-control packets 2-204
recovery mechanism
causes 2-197
display 2-94, 2-523, 2-574, 2-577
timer interval 2-198
redundancy for cluster switches 2-127
redundant power supply
See RPS
redundant power system
See Cisco Redundant Power System 2300
reload command 2-478
remote command 2-480
remote-span command 2-482
Remote Switched Port Analyzer
See RSPAN
rename (boot loader) command A-21
renew ip dhcp snooping database command 2-484
replay protection, MACsec 2-486
replay-protection command 2-486
reset (boot loader) command A-22
resource templates, displaying 2-743
restricted VLAN
See dot1x auth-fail vlan
rmdir (boot loader) command A-23
rmon collection stats command 2-489
root guard, for spanning tree 2-809
routed ports
IP addresses on 2-218
number supported 2-218
routing frames
See MTU
RPS
See Cisco Redundant Power System 2300
RPS 2300
configuring 2-460
managing 2-460
See Cisco Redundant Power System 2300
RSPAN
configuring 2-403
displaying 2-719
filter RSPAN traffic 2-403
remote-span command 2-482
sessions
add interfaces to 2-403
displaying 2-719
start new 2-403
S
scheduled switchover
disabling 2-148
enabling 2-148
SDM mismatch mode 2-491, 2-758
sdm prefer command 2-490
SDM templates
allowed resources 2-491
and stacking 2-491
displaying 2-743
dual IPv4 and IPv6 2-490
secure ports, limitations 2-887
sending flow-control packets 2-204
service password-recovery command 2-494
service-policy command 2-496
session command 2-499
set (boot loader) command A-24
set command 2-500
setup command 2-502
setup express command 2-505
show access-lists command 2-507
show archive status command 2-510
show arp access-list command 2-511
show authentication command 2-512
show auto qos command 2-516
show boot command 2-520
show cable-diagnostics tdr command 2-523
show cisp command 2-526
show class-map command 2-527
show cluster candidates command 2-530
show cluster command 2-528
show cluster members command 2-532
show controllers cpu-interface command 2-534
show controllers ethernet-controller command 2-536
show controllers ethernet-controller fastethernet command 2-543
show controllers ethernet phy macsec command 2-546
show controllers power inline command 2-549
show controllers tcam command 2-551
show controller utilization command 2-553
show dot1q-tunnel command 2-560
show dot1x command 2-562
show dtp 2-566
show eap command 2-568
show env command 2-571
show errdisable detect command 2-574
show errdisable flap-values command 2-576
show errdisable recovery command 2-577
show etherchannel command 2-579
show fallback profile command 2-582
show flowcontrol command 2-584
show idprom command 2-586
show interfaces command 2-588
show interfaces counters command 2-599
show interface transceivers command 2-602
show inventory command 2-605
show ip arp inspection command 2-606
show ipc command 2-632
show ip dhcp snooping binding command 2-611
show ip dhcp snooping command 2-610
show ip dhcp snooping database command 2-613, 2-615
show ip igmp profile command 2-618
show ip igmp snooping address command 2-641
show ip igmp snooping command 2-619, 2-639
show ip igmp snooping groups command 2-622
show ip igmp snooping mrouter command 2-624, 2-643
show ip igmp snooping querier command 2-626, 2-645
show ip source binding command 2-628
show ipv6 access-list command 2-636
show ipv6 dhcp conflict command 2-638
show ipv6 route updated 2-647
show ip verify source command 2-630
show l2protocol-tunnel command 2-649
show lacp command 2-652
show link state group command 2-656
show lldp command 2-658
show location 2-659
show location command 2-659
show logging onboard command 2-662
show mac access-group command 2-667
show mac address-table address command 2-670
show mac address-table aging time command 2-672
show mac address-table command 2-668
show mac address-table count command 2-674
show mac address-table dynamic command 2-676
show mac address-table interface command 2-678
show mac address-table learning command 2-680
show mac address-table move update command 2-681
show mac address-table notification command 2-105, 2-683, B-27
show mac address-table static command 2-685
show mac address-table vlan command 2-687
show macsec command 2-689
show mka default-policy command 2-691
show mka policy command 2-693
show mka session command 2-696
show mka statistics command 2-699
show mka summary command 2-702
show mls qos aggregate-policer command 2-706
show mls qos command 2-705
show mls qos input-queue command 2-707
show mls qos interface command 2-709
show mls qos maps command 2-713
show mls qos queue-set command 2-716
show mls qos vlan command 2-718
show monitor command 2-719
show mvr command 2-721
show mvr interface command 2-723
show mvr members command 2-725
show network-policy profile command 2-727
show nmsp command 2-728
show pagp command 2-731
show platform acl command C-2
show platform backup interface command C-3
show platform configuration command C-4
show platform dl command C-5
show platform etherchannel command C-6
show platform forward command C-7
show platform frontend-controller command C-9
show platform igmp snooping command C-10
show platform ipc trace command C-18
show platform ip multicast command C-12
show platform ip unicast command C-13
show platform ipv6 mld snooping command C-19
show platform ipv6 unicast command C-20
show platform ip wccp command C-17
show platform layer4op command C-22
show platform mac-address-table command C-23
show platform messaging command C-24
show platform monitor command C-25
show platform mvr table command C-26
show platform pm command C-27
show platform port-asic command C-29
show platform port-security command C-34
show platform qos command C-35
show platform resource-manager command C-36
show platform snmp counters command C-38
show platform spanning-tree command C-39
show platform stack-manager command C-41
show platform stp-instance command C-40
show platform tb command C-45
show platform tcam command C-47
show platform vlan command C-50
show policy-map command 2-733
show port security command 2-734
show power inline command 2-737, 2-753
show sdm prefer command 2-743
show setup express command 2-746
show spanning-tree command 2-747
show storm-control command 2-755
show switch command 2-757
show system mtu command 2-762
show trust command 2-915
show udld command 2-763
show version command 2-766
show vlan access-map command 2-773
show vlan command 2-768
show vlan command, fields 2-770
show vlan filter command 2-774
show vmps command 2-775
show vtp command 2-777
shutdown command 2-783
shutdown threshold, Layer 2 protocol tunneling 2-315
shutdown vlan command 2-784
small-frame violation rate command 2-785
SNMP host, specifying 2-792
SNMP informs, enabling the sending of 2-787
snmp-server enable traps command 2-787
snmp-server host command 2-792
snmp trap mac-notification change command 2-796
SNMP traps
enabling MAC address notification trap 2-796
enabling the MAC address notification feature 2-345
enabling the sending of 2-787
SoftPhone
See Cisco SoftPhone
software images
copying 2-8
deleting 2-135
downloading 2-11
upgrading 2-8, 2-11
uploading 2-18
software version, displaying 2-766
source ports, MVR 2-411
SPAN
configuring 2-403
debug messages, display B-30
displaying 2-719
filter SPAN traffic 2-403
sessions
add interfaces to 2-403
displaying 2-719
start new 2-403
spanning-tree backbonefast command 2-798
spanning-tree bpdufilter command 2-799
spanning-tree bpduguard command 2-801
spanning-tree cost command 2-803
spanning-tree etherchannel command 2-805
spanning-tree extend system-id command 2-807
spanning-tree guard command 2-809
spanning-tree link-type command 2-811
spanning-tree loopguard default command 2-813
spanning-tree mode command 2-815
spanning-tree mst configuration command 2-817
spanning-tree mst cost command 2-819
spanning-tree mst forward-time command 2-821
spanning-tree mst hello-time command 2-822
spanning-tree mst max-age command 2-823
spanning-tree mst max-hops command 2-824
spanning-tree mst port-priority command 2-825
spanning-tree mst pre-standard command 2-827
spanning-tree mst priority command 2-828
spanning-tree mst root command 2-829
spanning-tree portfast (global configuration) command 2-833
spanning-tree portfast (interface configuration) command 2-836
spanning-tree port-priority command 2-831
Spanning Tree Protocol
See STP
spanning-tree transmit hold-count command 2-838
spanning-tree uplinkfast command 2-839
spanning-tree vlan command 2-841
speed command 2-844
srr-queue bandwidth limit command 2-846
srr-queue bandwidth shape command 2-848
srr-queue bandwidth share command 2-850
SSH, configuring version 2-280
stack-mac persistent timer command 2-852
stack member
access 2-499
number 2-757, 2-864
priority value 2-861
provisioning 2-862
reloading 2-478
stacks, switch
disabling a member 2-859
enabling a member 2-859
MAC address 2-852
provisioning a new member 2-862
reloading 2-478
stack member access 2-499
stack member number 2-757, 2-864
stack member priority value 2-757, 2-861
static-access ports, configuring 2-868
statistics, Ethernet group 2-489
sticky learning, enabling 2-885
storm-control command 2-856
STP
BackboneFast 2-798
counters, clearing 2-113
debug messages, display
BackboneFast events B-87
MSTP B-90
optimized BPDUs handling B-89
spanning-tree activity B-85
switch shim B-92
transmitted and received BPDUs B-88
UplinkFast B-94
detection of indirect link failures 2-798
enabling protocol tunneling for 2-315
EtherChannel misconfiguration 2-805
extended system ID 2-807
path cost 2-803
protocol modes 2-815
root port
accelerating choice of new 2-839
loop guard 2-809
preventing from becoming designated 2-809
restricting which can be root 2-809
root guard 2-809
UplinkFast 2-839
root switch
affects of extended system ID 2-807, 2-842
hello-time 2-841
interval between BDPU messages 2-841
interval between hello BPDU messages 2-841
max-age 2-841
port priority for selection of 2-831
primary or secondary 2-841
switch priority 2-841
state changes
blocking to forwarding state 2-836
enabling BPDU filtering 2-799, 2-833
enabling BPDU guard 2-801, 2-833
enabling Port Fast 2-833, 2-836
enabling timer to recover from error state 2-197
forward-delay time 2-841
length of listening and learning states 2-841
shutting down Port Fast-enabled ports 2-833
state information display 2-747
VLAN options 2-828, 2-841
supplemental power command 2-854
SVIs, creating 2-212
SVI status calculation 2-870
Switched Port Analyzer
See SPAN
switching characteristics
modifying 2-866
returning to interfaces 2-866
switchport access command 2-868
switchport autostate exclude command 2-870
switchport backup interface command 2-872
switchport block command 2-875
switchport command 2-866
switchport host command 2-877
switchport mode command 2-878
switchport mode private-vlan command 2-881
switchport nonegotiate command 2-883
switchport port-security aging command 2-890
switchport port-security command 2-885
switchport priority extend command 2-892
switchport private-vlan command 2-894
switchport protected command 2-896
switchports, displaying 2-588
switchport trunk command 2-898
switchport voice detect 2-901
switchport voice vlan command 2-902
switch priority command 2-859, 2-861
switch provision command 2-862
switch renumber command 2-864
system env temperature threshold yellow command 2-904
system message logging 2-331
system message logging, save message to flash 2-332
system mtu command 2-906
system resource templates 2-490
T
tar files, creating, listing, and extracting 2-15
TDR, running 2-909
Telnet, using to communicate to cluster switches 2-476
temperature information, displaying 2-571
templates, system resources 2-490
test cable-diagnostics tdr command 2-909
traceroute mac command 2-910
traceroute mac ip command 2-913
trunking, VLAN mode 2-878
trunk mode 2-878
trunk ports 2-878
trunks, to non-DTP device 2-879
trusted boundary for QoS 2-398
trusted port states for QoS 2-398
tunnel ports, Layer 2 protocol, displaying 2-649
type (boot loader) command A-27
U
UDLD
aggressive mode 2-917, 2-919
debug messages, display B-102
enable globally 2-917
enable per interface 2-919
error recovery timer 2-197
message timer 2-917
normal mode 2-917, 2-919
reset a shutdown interface 2-921
status 2-763
udld command 2-917
udld port command 2-919
udld reset command 2-921
unicast storm control 2-856
UniDirectional Link Detection
See UDLD
unknown multicast traffic, preventing 2-875
unknown unicast traffic, preventing 2-875
unset (boot loader) command A-28
upgrading
copying software images 2-8
downloading software images 2-11
software images, monitoring status of 2-510
UplinkFast, for STP 2-839
usb-inactivity-timeout (console configuration) command 2-922
user EXEC mode 1-2, 1-3
V
version (boot loader) command A-30
version mismatch mode 2-758, C-42
vlan (global configuration) command 2-923
vlan access-map command 2-928
VLAN access map configuration mode 2-928
VLAN access maps
actions 2-6
displaying 2-773
VLAN-based QoS 2-400
VLAN configuration
rules 2-926
saving 2-923
VLAN configuration mode
description 1-4
entering 2-923
summary 1-3
vlan dot1q tag native command 2-930
vlan filter command 2-932
VLAN filters, displaying 2-774
VLAN ID range 2-923
VLAN maps
applying 2-932
creating 2-928
defining 2-351
displaying 2-773
VLAN Query Protocol
See VQP
VLANs
adding 2-923
configuring 2-923
debug messages, display
ISL B-98
VLAN IOS file system error tests B-97
VLAN manager activity B-95
VTP B-100
displaying configurations 2-768
extended-range 2-923
MAC addresses
displaying 2-687
number of 2-674
media types 2-926
normal-range 2-923
private 2-881
configuring 2-466
displaying 2-768
See also private VLANs
restarting 2-784
saving the configuration 2-923
shutting down 2-784
SNMP traps for VTP 2-790, 2-793
suspending 2-784
VLAN Trunking Protocol
See VTP
VM mode 2-758, C-42
VMPS
configuring servers 2-937
displaying 2-775
error recovery timer 2-198
reconfirming dynamic VLAN assignments 2-934
vmps reconfirm (global configuration) command 2-935
vmps reconfirm (privileged EXEC) command 2-934
vmps retry command 2-936
vmps server command 2-937
voice VLAN
configuring 2-901, 2-902
setting port priority 2-892
VQP
and dynamic-access ports 2-869
clearing client statistics 2-115
displaying information 2-775
per-server retry count 2-936
reconfirmation interval 2-935
reconfirming dynamic VLAN assignments 2-934
VTP
changing characteristics 2-939
clearing pruning counters 2-116
configuring
domain name 2-939
file name 2-939
mode 2-939
password 2-940
counters display fields 2-778
displaying information 2-777
enabling
pruning 2-940
tunneling for 2-315
Version 2 2-940
enabling per port 2-944
mode 2-939
pruning 2-940
saving the configuration 2-923
statistics 2-777
status 2-777
status display fields 2-780
vtp (global configuration) command 2-939
vtp interface configuration command 2-944
vtp primary command 2-945