Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - L - M - N - P - Q - R - S - T - U - V - W -
Index
Numerics
802.1Q trunk ports and native VLANs 2-470
802.1Q tunnel ports
configuring 2-416
displaying 2-217
limitations 2-417
802.1X
and switchport modes 2-417
See also port-based authentication
A
aaa authentication dot1x command 2-1
AAA methods 2-1
abort command 2-467
access control entries
access control lists
access groups
IP 2-92
MAC
configuring 2-116
displaying 2-266
access-list hardware program nonblocking command 2-3
access lists
IP 2-92
on Layer 2 interfaces 2-92, 2-116
access map configuration mode 2-125
access mode 2-416
access ports 2-416
ACLs
deny 2-64
displaying 2-196
for non-IP protocols 2-118
matching 2-125
permit 2-165
action command 2-5
aggregate-port learner 2-161
allowed VLANs 2-431
apply command 2-467
archive download-sw command 2-7
archive tar command 2-9
archive upload-sw command 2-12
audience xiii
authorization state of controlled port 2-70
autonegotiation of duplex mode 2-77
auto qos voip command 2-14
B
BackboneFast, for STP 2-360
boot (boot loader) command A-2
boot boothlpr command 2-18
boot buffersize command 2-19
boot config-file command 2-20
boot enable-break command 2-21
boot helper command 2-22
boot helper-config file command 2-23
booting
displaying environment variables 2-200
interrupting 2-21
IOS image 2-26
manually 2-24
boot loader
accessing A-1
booting
helper image 2-22
IOS image A-2
directories
creating A-15
displaying a list of A-6
removing A-19
displaying
available commands A-11
memory heap utilization A-13
version A-26
environment variables
described A-20
displaying settings A-20
location of A-21
setting A-20
unsetting A-24
files
copying A-4
deleting A-5
displaying a list of A-6
displaying the contents of A-3, A-16, A-23
renaming A-17
file system
formatting A-9
initializing Flash A-8
running a consistency check A-10
loading helper images A-12
prompt A-1
resetting the system A-18
boot manual command 2-24
boot private-config-file command 2-25
boot system command 2-26
BPDU filtering, for spanning tree 2-361, 2-393
BPDU guard, for spanning tree 2-363, 2-393
broadcast storm control 2-406
broadcast traffic counters 2-252
C
candidate switches
cat (boot loader) command A-3
caution, description xiv
CDP, enabling protocol tunneling for 2-109
channel-group command 2-27
channel-protocol command 2-30
class command 2-32
class-map command 2-34
class maps
creating 2-34
defining the match criteria 2-127
displaying 2-202
class of service
clear l2protocol-tunnel counters command 2-37
clear lacp command 2-36
clear mac address-table command 2-38
clear pagp command 2-40
clear port-security dynamic command 2-41
clear port-security sticky command 2-42
clear spanning-tree counters command 2-44
clear spanning-tree detected-protocols command 2-45
clear vmps statistics command 2-46
clear vtp counters command 2-47
cluster commander-address command 2-48
cluster discovery hop-count command 2-50
cluster enable command 2-51
cluster holdtime command 2-53
cluster member command 2-54
cluster outside-interface command 2-56
cluster run command 2-57
clusters
adding candidates 2-54
binding to HSRP group 2-58
building manually 2-54
communicating with
devices outside the cluster 2-56
members by using Telnet 2-178
debug messages, display B-5
displaying
candidate switches 2-205
debug messages B-5
member switches 2-207
status 2-203
hop-count limit for extended discovery 2-50
HSRP standby groups 2-58
redundancy 2-58
SNMP trap 2-352
cluster standby-group command 2-58
cluster timer command 2-60
command modes defined 1-1
command switch
configuration conflicts, ACL, displaying 2-233
configuration files
password recovery disable considerations A-1
setting the NVRAM size for 2-19
specifying the name 2-20, 2-25
configuring multiple interfaces 2-88
config-vlan mode
commands 2-453
description 1-4
entering 2-452
summary 1-2
conventions
command xiv
for examples xiv
publication xiv
text xiv
copy (boot loader) command A-4
CoS
assigning default value to incoming packets 2-137
assigning to Layer 2 protocol packets 2-111
defining in a policy map 2-139
overriding the incoming value 2-137
CoS-to-DSCP map 2-143
CoS-to-egress-queue map 2-490
CPU ASIC
debug messages, display B-7
statistics display 2-210
CPU statistics, displaying 2-210
cross-stack UplinkFast, for STP 2-397
D
debug acltcam command B-2
debug autoqos command B-3
debug cluster command B-5
debug cpu-interface command B-7
debug dot1x command B-8
debug etherchannel command B-9
debug ethernet-controller ram-access command B-10
debug fallback-bridging command B-11
debug gigastack command B-12
debug ilpower controller command B-13
debug ilpower process command B-14
debug ip igmp filter command B-15
debug ip igmp max-groups command B-16
debug l3multicast command B-17
debug l3tcam command B-18
debug l3unicast command B-19
debug mac-manager command B-20
debug mac-notification command B-21
debug met command B-22
debug mvrdbg command B-23
debug pagp command B-24
debug pbr command B-25
debug pm command B-26
debug port-security command B-28
debug spanning-tree backbonefast command B-32
debug spanning-tree bpdu command B-33
debug spanning-tree bpdu-opt command B-34
debug spanning-tree command B-30
debug spanning-tree mstp command B-35
debug spanning-tree switch command B-37
debug spanning-tree uplinkfast command B-39
debug span-session command B-29
debug sw-vlan command B-40
debug sw-vlan ifs command B-42
debug sw-vlan notification command B-43
debug sw-vlan vtp command B-44
debug udld command B-46
define interface-range command 2-61
delete (boot loader) command A-5
delete command 2-63
deny command 2-64
detect mechanism, causes 2-79
dir (boot loader) command A-6
directories, deleting 2-63
documentation, related xv
document conventions xiv
dot1x default command 2-67
dot1x max-req command 2-68
dot1x multiple-hosts command 2-69
dot1x port-control command 2-70
dot1x re-authenticate command 2-72
dot1x re-authentication command 2-73
dot1x timeout quiet-period command 2-74
dot1x timeout re-authperiod command 2-75
dot1x timeout tx-period command 2-76
dropping packets, with ACL matches 2-5
drop threshold, Layer 2 protocol tunneling 2-109
DSCP-to-CoS map 2-143
DSCP-to-DSCP-mutation map 2-143
DSCP-to-threshold map 2-492
DTP 2-417
DTP flap
error detection for 2-79
error recovery timer 2-81
duplex command 2-77
dynamic-access ports
configuring 2-412
restrictions 2-413
dynamic auto VLAN membership mode 2-416
dynamic desirable VLAN membership mode 2-416
Dynamic Trunking Protocol
E
EAP-request/identity frame
maximum number to send 2-68
response time before retransmitting 2-76
encapsulation methods 2-431
environment variables, displaying 2-200
errdisable detect cause command 2-79
errdisable recovery command 2-81
error conditions, displaying 2-226
error disable detection 2-79
error-disabled interfaces, displaying 2-244
EtherChannel
assigning Ethernet interface to channel group 2-27
creating port-channel logical interface 2-86
debug messages, display B-9, B-24
displaying 2-230
interface information, displaying 2-244
LACP modes 2-27
load-distribution methods 2-175
PAgP
aggregate-port learner 2-161
clearing channel-group information 2-36, 2-40
debug messages, display B-24
error detection for 2-79
error recovery timer 2-81
learn method 2-161
modes 2-27
physical-port learner 2-161
priority of interface for transmitted traffic 2-163
Ethernet controller
debug messages, display B-10
internal register display 2-212
Ethernet statistics, collecting 2-182
examples, conventions for xiv
exit command 2-467
extended discovery of candidate switches 2-50
extended-range VLANs
and allowed VLAN list 2-431
and pruning-eligible list 2-431
configuring 2-452
extended system ID for STP 2-369
F
fallback bridging, debugging B-11
fan information, displaying 2-223
feature manager
displaying 2-233
displaying summaries 2-238
label information 2-233
per-interface information 2-236
per-VLAN information 2-238
file name, VTP 2-478
files, deleting 2-63
flash_init (boot loader) command A-8
flowcontrol command 2-83
format (boot loader) command A-9
forwarding information base (FIB), debugging B-19
forwarding packets, with ACL matches 2-5
forwarding results, display 2-239
frame forwarding information, displaying 2-239
fsck (boot loader) command A-10
G
GigaStack GBIC, debugging B-12
global configuration mode 1-2, 1-3
H
hardware ACL statistics 2-196
help (boot loader) command A-11
hop-count limit for clusters 2-50
HSRP
binding HSRP group to cluster 2-58
standby group 2-58
I
IDS
using with SPAN and RSPAN 2-153
IGMP filters
applying 2-96
debug messages, display B-15
IGMP groups, setting maximum 2-98
IGMP maximum groups, debugging B-16
IGMP profiles
creating 2-100
displaying 2-255
IGMP snooping
displaying 2-256
enabling 2-102
MAC address tables 2-280
images
Immediate-Leave feature, MVR 2-158
Immediate-Leave processing 2-102
import map command 2-106
inline power command 2-176
interface command 2-90
interface configuration mode 1-2, 1-4
interface port-channel command 2-86
interface range command 2-88
interface-range macros 2-61
interfaces
assigning Ethernet interface to channel group 2-27
configuring 2-77
configuring multiple 2-88
creating port-channel logical 2-86
disabling 2-350
displaying the MAC address table 2-278
restarting 2-350
interface speed, configuring 2-404
internal registers, displaying 2-212, 2-215
Intrusion Detection System
invalid GBIC
error detection for 2-79
error recovery timer 2-81
ip address command 2-94
IP addresses, setting 2-94
IP address matching 2-125
ip igmp filter command 2-96
ip igmp max-groups command 2-98
ip igmp profile command 2-100
ip igmp snooping command 2-102
IP multicast addresses 2-155
IP-precedence-to-DSCP map 2-143
ip vrf (global configuration) command 2-105
ip vrf command 2-107
J
jumbo frames
L
l2protocol-tunnel command 2-109
l2protocol-tunnel cos command 2-111
LACP
lacp port-priority command 2-112
lacp system-priority command 2-113
Layer 2 mode, enabling 2-410
Layer 2 protocol ports, displaying 2-258
Layer 2 protocol-tunnel
error detection for 2-79
error recovery timer 2-81
Layer 2 protocol tunnel counters 2-37
Layer 2 protocol tunneling error recovery 2-110
Layer 2 traceroute
IP addresses 2-442
MAC addresses 2-439
Layer 3 mode, enabling 2-410
line configuration mode 1-2, 1-5
Link Aggregation Control Protocol
link flap
enable timer to recover from error state 2-81
error detection for 2-79
load_helper (boot loader) command A-12
load-distribution methods for EtherChannel 2-175
logging file command 2-114
logical interface 2-86
loop guard, for spanning tree 2-371, 2-374
M
mac access-group 2-116
MAC access-groups, displaying 2-266
MAC access list configuration mode 2-118
mac access-list extended command 2-118
MAC access lists 2-64
MAC addresses
and port security 2-422
debug learning on bridge groups B-11
debug learning on VLANs B-20
displaying
aging time 2-272
all 2-270
dynamic 2-276
Layer 2 multicast entries 2-280
notification settings 2-282
number of addresses in a VLAN 2-274
per interface 2-278
per VLAN 2-286
static 2-284
static and dynamic entries 2-268
dynamic
aging time 2-120
deleting 2-38
displaying 2-276
enabling MAC address notification 2-122
matching 2-125
static
adding and removing 2-124
displaying 2-284
tables 2-270
MAC address notification, debugging B-21
mac address-table aging-time 2-120
mac address-table aging-time command 2-120
mac address-table notification command 2-122
mac address-table static command 2-124
MAC named extended access lists 2-118
macros, interface range 2-61, 2-88
manual
audience xiii
purpose of xiii
maps
QoS
defining 2-143
displaying 2-294
VLAN
creating 2-464
defining 2-125
displaying 2-342
match (access-map configuration) command 2-125
match (class-map configuration) command 2-127
maximum transmission unit
member switches
memory (boot loader) command A-13
merge failures, displaying 2-233
mkdir (boot loader) command A-15
mls aclmerge delay command 2-130
mls qos aggregate-policer command 2-135
mls qos command 2-132
mls qos cos command 2-137
mls qos cos policy-map command 2-139
mls qos dscp-mutation command 2-141
mls qos map command 2-143
mls qos min-reserve command 2-146
mls qos monitor command 2-147
mls qos trust command 2-149
mode, MVR 2-155
Mode button, and password recovery 2-186
modes, commands 1-1
monitor session command 2-151
more (boot loader) command A-16
MSTP
displaying 2-318
interoperability 2-45
link type 2-373
MST region
aborting changes 2-378
applying changes 2-378
configuration name 2-378
configuration revision number 2-378
current or pending display 2-378
displaying 2-318
MST configuration mode 2-378
VLANs-to-instance mapping 2-378
path cost 2-380
protocol mode 2-376
restart protocol migration process 2-45
root port
loop guard 2-371
preventing from becoming designated 2-371
restricting which can be root 2-371
root guard 2-371
root switch
affects of extended system ID 2-369
interval between BDPU messages 2-384
interval between hello BPDU messages 2-383, 2-389
max-age 2-384
maximum hop count before discarding BPDU 2-385
port priority for selection of 2-386
primary or secondary 2-389
switch priority 2-388
state changes
blocking to forwarding state 2-395
enabling BPDU filtering 2-361, 2-393
enabling BPDU guard 2-363, 2-393
enabling Port Fast 2-393, 2-395
forward-delay time 2-382
length of listening and learning states 2-382
rapid transition to forwarding 2-373
shutting down Port Fast-enabled ports 2-393
state information display 2-317
MTU
configuring size 2-437
displaying global setting 2-325
multicast expansion table (MET), debugging B-22
multicast group address, MVR 2-158
multicast groups, MVR 2-156
multicast router learning method 2-102
multicast router ports, configuring 2-102
multicast routes, debugging B-17, B-18
multicast storm control 2-406
multicast traffic counters 2-252
multicast VLAN, MVR 2-155
multicast VLAN registration
multiple hosts on authorized port 2-69
Multiple Spanning Tree Protocol
multi VPN routing/forwarding instances in customer edge devices
MVR
configuring 2-155
configuring interfaces 2-158
debug messages, display B-23
displaying 2-298
displaying interface information 2-300
members, displaying 2-302
mvr (global configuration) command 2-155
mvr (interface configuration) command 2-158
mvr group command 2-156
mvr vlan group command 2-159
N
native VLANs 2-431
native VLAN tagging 2-470
nonegotiate
DTP messaging 2-420
speed 2-404
non-IP protocols
denying 2-64
forwarding 2-165
non-IP traffic access lists 2-118
non-IP traffic forwarding
denying 2-64
permitting 2-165
normal-range VLANs 2-452, 2-458
note, description xiv
P
PAgP
pagp learn-method command 2-161
pagp port-priority command 2-163
password, VTP 2-478, 2-482, 2-484
password-recovery mechanism, enabling and disabling 2-186
PBR
debug messages, display B-25
permit command 2-165
physical-port learner 2-161
PIM-DVMRP, as multicast router learning method 2-102
police aggregate command 2-170
police command 2-168
policed-DSCP map 2-143
policy-based routing
policy-map command 2-172
policy maps
applying to an interface 2-188, 2-192
creating 2-172
displaying 2-306
policers
for a single class 2-168
for multiple classes 2-135, 2-170
policed-DSCP map 2-143
traffic classification
defining the class 2-32
defining trust states 2-445
setting DSCP or IP precedence values 2-190
Port Aggregation Protocol
port-based authentication
AAA method list 2-1
debug messages, display B-8
enabling 802.1X 2-70
manual control of authorization state 2-70
multiple hosts on authorized port 2-69
periodic re-authentication
enabling 2-73
time between attempts 2-75
quiet period between failed authentication exchanges 2-74
re-authenticating 802.1X-enabled ports 2-72
resetting global 802.1X parameters 2-67
statistics and status display 2-218
switch-to-client frame-retransmission number 2-68
switch-to-client retransmission time 2-76
port-channel load-balance command 2-175
Port Fast, for spanning tree 2-395
port labels 2-233, 2-236, 2-326
port ranges, defining 2-61
ports, debugging B-26
ports, protected 2-430
port security
aging 2-426
debug messages, display B-28
enabling 2-422
violation error recovery 2-81
port trust states for QoS 2-149
port types, MVR 2-158
power information, displaying 2-223
power inline command 2-176
priority-queue command 2-177
protected ports, displaying 2-250
pruning
VLANs 2-431
VTP
displaying interface information 2-244
pruning-eligible VLAN list 2-433
publications, related xv
Q
QoS
automatic configuration 2-14
class maps
creating 2-34
defining the match criteria 2-127
displaying 2-202
defining the CoS value for an incoming packet 2-137
displaying configuration information 2-198, 2-288
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 2-141
defining DSCP-to-DSCP-mutation map 2-143
enabling 2-132
maps
defining 2-143
displaying 2-294
policy maps
applying an aggregate policer 2-170
applying to an interface 2-188, 2-192
creating 2-172
defining CoS 2-139
defining policers 2-135, 2-168
displaying policers 2-289, 2-290
displaying policy maps 2-306
policed-DSCP map 2-143
setting DSCP or IP precedence values 2-190
traffic classifications 2-32
trust states 2-445
port trust states 2-149
queues
CoS-to-egress-queue map 2-490
displaying buffer settings 2-290
displaying queueing strategies 2-290
enabling the expedite 2-177
mapping DSCPs to thresholds 2-492
minimum-reserve level 2-494
minimum-reserve level buffer sizes 2-146
ratio of queue sizes 2-495
tail-drop threshold percentages 2-498
WRED threshold percentages 2-496
WRR weights 2-488
statistics
collecting on specified DSCPs 2-147
displaying DSCP information 2-290
tail-drop
assigning threshold percentages 2-498
mapping DSCPs to thresholds 2-492
WRED
assigning threshold percentages 2-496
enabling 2-496
mapping DSCPs to thresholds 2-492
quality of service
querytime, MVR 2-155
R
Rapid Spanning Tree Protocol
rcommand command 2-178
re-authenticating 802.1X-enabled ports 2-72
re-authentication
periodic 2-73
time between attempts 2-75
receiver ports, MVR 2-158
receiving flow-control packets 2-83
recovery mechanism
causes 2-81
timer interval 2-81
redundancy for cluster switches 2-58
remote-span command 2-180
Remote Switched Port Analyzer
rename (boot loader) command A-17
reset (boot loader) command A-18
reset command 2-467
resource templates, displaying 2-315
rmdir (boot loader) command A-19
rmon collection stats command 2-182
root guard, for spanning tree 2-371
route distinguisher 2-106
routed ports
IP addresses on 2-95
route-target command 2-106
RSPAN
and IDS 2-153
configuring 2-151
displaying 2-296
filter RSPAN traffic 2-151
remote-span command 2-180
sessions
add interfaces to 2-151
start new 2-151
S
sdm prefer command 2-183
secure ports, limitations 2-424
sending flow-control packets 2-83
service password-recovery command 2-186
service-policy command 2-188
set (boot loader) command A-20
set command 2-190
setup command 2-192
show access-lists command 2-196
show auto qos command 2-198
show boot command 2-200
show changes command 2-467
show class-map command 2-202
show cluster candidates command 2-205
show cluster command 2-203
show cluster members command 2-207
show controllers cpu-interface command 2-210
show controllers ethernet-controller command 2-212
show controllers switch command 2-214
show controllers tcam command 2-215
show current command 2-467
show dot1q-tunnel command 2-217
show dot1x command 2-218
show env command 2-223
show errdisable detect command 2-225
show errdisable flap-values command 2-226
show errdisable recovery command 2-228
show etherchannel command 2-230
show fm command 2-233
show fm interface command 2-236
show fm vlan command 2-238
show forward command 2-239
show interfaces command 2-244
show interfaces counters command 2-252
show ip igmp profile command 2-255
show ip igmp snooping command 2-256
show l2protocol-tunnel command 2-258
show l2tcam command 2-260
show l3tcam command 2-262
show lacp command 2-264
show mac access-group command 2-266
show mac address-table address command 2-270
show mac address-table aging time command 2-272
show mac address-table command 2-268
show mac address-table count command 2-274
show mac address-table dynamic command 2-276
show mac address-table interface command 2-278
show mac address-table multicast command 2-280
show mac address-table notification command 2-282
show mac address-table static command 2-284
show mac address-table vlan command 2-286
show mls qos aggregate-policer command 2-289
show mls qos command 2-288
show mls qos interface command 2-290
show mls qos maps command 2-294
show monitor command 2-296
show mvr command 2-298
show mvr interface command 2-300
show mvr members command 2-302
show pagp command 2-304
show policy-map command 2-306
show port security command 2-308
show power inline command 2-311
show proposed command 2-467
show running-config vlan command 2-313
show sdm prefer command 2-315
show spanning-tree command 2-317
show storm-control command 2-323
show system mtu command 2-325
show tcam command 2-326
show tcam pbr command 2-329
show tcam qos command 2-331
show trust command 2-445
show udld command 2-333
show version command 2-336
show vlan access-map command 2-342
show vlan command 2-338
show vlan command fields 2-339
show vlan filter command 2-343
show vmps command 2-344
show vtp command 2-346
shutdown command 2-350
shutdown threshold, Layer 2 protocol tunneling 2-109
shutdown vlan command 2-351
SNMP host, specifying 2-354
SNMP informs
enable the