Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - L - M - N - P - Q - R - S - T - U - V - W -
Index
Numerics
802.1Q trunk ports and native VLANs 2-521
802.1Q tunnel ports
configuring 2-467
displaying 2-256
limitations 2-468
802.1x
and switchport modes 2-468
See also port-based authentication
A
aaa accounting dot1x command 2-1
aaa authentication dot1x command 2-3
AAA methods 2-3
abort command 2-518
access control entries
access control lists
access groups
IP 2-98
MAC
configuring 2-137
displaying 2-309
access-list hardware program nonblocking command 2-5
access lists
IP 2-98
on Layer 2 interfaces 2-98, 2-137
access map configuration mode 2-157
access mode 2-467
access ports 2-467
ACLs
deny 2-65
displaying 2-232
for non-IP protocols 2-139
matching 2-157
permit 2-198
action command 2-7
aggregate-port learner 2-194
allowed VLANs 2-482
apply command 2-518
archive download-sw command 2-9
archive tar command 2-11
archive upload-sw command 2-14
audience xv
authorization state of controlled port 2-74
autonegotiation of duplex mode 2-82
auto qos voip command 2-16
B
BackboneFast, for STP 2-409
boot (boot loader) command A-2
boot boothlpr command 2-20
boot buffersize command 2-21
boot config-file command 2-22
boot enable-break command 2-23
boot helper command 2-24
boot helper-config file command 2-25
booting
Cisco IOS image 2-28
displaying environment variables 2-237
interrupting 2-23
manually 2-26
boot loader
accessing A-1
booting
Cisco IOS image A-2
helper image 2-24
directories
creating A-15
displaying a list of A-6
removing A-19
displaying
available commands A-11
memory heap utilization A-13
version A-26
environment variables
described A-20
displaying settings A-20
location of A-21
setting A-20
unsetting A-24
files
copying A-4
deleting A-5
displaying a list of A-6
displaying the contents of A-3, A-16, A-23
renaming A-17
file system
formatting A-9
initializing flash A-8
running a consistency check A-10
loading helper images A-12
prompt A-1
resetting the system A-18
boot manual command 2-26
boot private-config-file command 2-27
boot system command 2-28
BPDU filtering, for spanning tree 2-410, 2-442
BPDU guard, for spanning tree 2-412, 2-442
broadcast storm control 2-455
broadcast traffic counters 2-290
C
candidate switches
cat (boot loader) command A-3
caution, description xvi
CDP, enabling protocol tunneling for 2-129
channel-group command 2-29
channel-protocol command 2-32
Cisco SoftPhone
auto-QoS configuration 2-16
trusting packets sent from 2-181
class command 2-34
class-map command 2-36
class maps
creating 2-36
defining the match criteria 2-159
displaying 2-239
class of service
clear l2protocol-tunnel counters command 2-39
clear lacp command 2-38
clear mac address-table command 2-40
clear pagp command 2-42
clear port-security command 2-43
clear setup express command 2-45
clear spanning-tree counters command 2-46
clear spanning-tree detected-protocols command 2-47
clear vmps statistics command 2-48
clear vtp counters command 2-49
cluster commander-address command 2-50
cluster discovery hop-count command 2-52
cluster enable command 2-53
cluster holdtime command 2-54
cluster member command 2-55
cluster outside-interface command 2-57
cluster run command 2-58
clusters
adding candidates 2-55
binding to HSRP group 2-59
building manually 2-55
communicating with
devices outside the cluster 2-57
members by using Telnet 2-213
debug messages, display B-5
displaying
candidate switches 2-242
debug messages B-5
member switches 2-244
status 2-240
hop-count limit for extended discovery 2-52
HSRP standby groups 2-59
redundancy 2-59
SNMP trap 2-398
cluster standby-group command 2-59
cluster timer command 2-61
command modes defined 1-1
command switch
configuration conflicts, ACL, displaying 2-271
configuration files
password recovery disable considerations A-1
setting the NVRAM size for 2-21
specifying the name 2-22, 2-27
configuring multiple interfaces 2-94
config-vlan mode
commands 2-504
description 1-4
entering 2-503
summary 1-2
conventions
command xvi
for examples xvi
publication xvi
text xvi
copy (boot loader) command A-4
CoS
assigning default value to incoming packets 2-169
assigning to Layer 2 protocol packets 2-132
defining in a policy map 2-171
overriding the incoming value 2-169
CoS-to-DSCP map 2-175
CoS-to-egress-queue map 2-541
CPU ASIC
debug messages, display B-7
statistics display 2-246
CPU statistics, displaying 2-246
cross-stack UplinkFast, for STP 2-446
D
debug acltcam command B-2
debug auto qos command B-3
debug cluster command B-5
debug cpu-interface command B-7
debug dot1x command B-8
debug etherchannel command B-9
debug ethernet-controller ram-access command B-10
debug fallback-bridging command B-11
debug gigastack command B-12
debug ilpower controller command B-13
debug ilpower process command B-14
debug ip dhcp snooping command B-15
debug ip igmp filter command B-16
debug ip igmp max-groups command B-17
debug l3multicast command B-18
debug l3tcam command B-19
debug l3unicast command B-20
debug mac-manager command B-21
debug mac-notification command B-22
debug met command B-23
debug mvrdbg command B-24
debug pagp command B-25
debug pbr command B-26
debug pm command B-27
debug port-security command B-29
debug spanning-tree backbonefast command B-33
debug spanning-tree bpdu command B-34
debug spanning-tree bpdu-opt command B-35
debug spanning-tree command B-31
debug spanning-tree mstp command B-36
debug spanning-tree switch command B-38
debug spanning-tree uplinkfast command B-40
debug span-session command B-30
debug sw-vlan command B-41
debug sw-vlan ifs command B-43
debug sw-vlan notification command B-44
debug sw-vlan vtp command B-46
debug udld command B-48
define interface-range command 2-62
delete (boot loader) command A-5
delete command 2-64
deny command 2-65
detect mechanism, causes 2-84
DHCP snooping
displaying
bindings 2-294
configuration 2-293
enabling
on a VLAN 2-109
trust on an interface 2-108
error recovery timer 2-86
rate limiting 2-107
dir (boot loader) command A-6
directories, deleting 2-64
documentation
feedback xviii
obtaining xvii
ordering xviii
related xvii
document conventions xvi
dot1x default command 2-68
dot1x guest-vlan command 2-69
dot1x host-mode command 2-70
dot1x initialize command 2-71
dot1x max-req command 2-72
dot1x multiple-hosts command 2-73
dot1x port-control command 2-74
dot1x re-authenticate command 2-76
dot1x re-authentication command 2-77
dot1x reauthentication command 2-78
dot1x system-auth-control command 2-79
dropping packets, with ACL matches 2-7
drop threshold, Layer 2 protocol tunneling 2-129
DSCP-to-CoS map 2-175
DSCP-to-DSCP-mutation map 2-175
DSCP-to-threshold map 2-543
DTP 2-468
DTP flap
error detection for 2-84
error recovery timer 2-86
duplex command 2-82
dynamic-access ports
configuring 2-461
restrictions 2-462
dynamic auto VLAN membership mode 2-467
dynamic desirable VLAN membership mode 2-467
Dynamic Host Configuration Protocol (DHCP)
Dynamic Trunking Protocol
E
EAP-request/identity frame
maximum number to send 2-72
response time before retransmitting 2-80
encapsulation methods 2-482
environment variables, displaying 2-237
errdisable detect cause command 2-84
errdisable recovery command 2-86
error conditions, displaying 2-262
error disable detection 2-84
error-disabled interfaces, displaying 2-282
EtherChannel
assigning Ethernet interface to channel group 2-29
creating port-channel logical interface 2-92
debug messages, display B-9, B-25
displaying 2-266
enabling Layer 2 protocol tunneling for
LACP 2-130
PAgP 2-130
UDLD 2-130
interface information, displaying 2-282
LACP modes 2-29
load-distribution methods 2-208
PAgP
aggregate-port learner 2-194
clearing channel-group information 2-38, 2-42
debug messages, display B-25
error detection for 2-84
error recovery timer 2-86
learn method 2-194
modes 2-29
physical-port learner 2-194
priority of interface for transmitted traffic 2-196
Ethernet controller
debug messages, display B-10
internal register display 2-248
Ethernet statistics, collecting 2-216
examples, conventions for xvi
exit command 2-518
express setup-related commands 2-45, 2-230, 2-364
extended discovery of candidate switches 2-52
extended-range VLANs
and allowed VLAN list 2-482
and pruning-eligible list 2-482
configuring 2-503
extended system ID for STP 2-418
F
fallback bridging, debugging B-11
fan information, displaying 2-260
feature manager
displaying 2-271
displaying summaries 2-276
label information 2-271
per-interface information 2-274
per-VLAN information 2-276
feedback to Cisco Systems xviii
file name, VTP 2-529
files, deleting 2-64
flash_init (boot loader) command A-8
flowcontrol command 2-88
format (boot loader) command A-9
forwarding information base (FIB), debugging B-20
forwarding packets, with ACL matches 2-7
forwarding results, display 2-277
frame forwarding information, displaying 2-277
fsck (boot loader) command A-10
G
GigaStack GBICs
debugging B-12
trunk mode on 2-468
global configuration mode 1-2, 1-3
H
hardware ACL statistics 2-232
help (boot loader) command A-11
hop-count limit for clusters 2-52
host connection, port configuration 2-465
HSRP
binding HSRP group to cluster 2-59
standby group 2-59
I
IDS, using with SPAN and RSPAN 2-186
IGMP filters
applying 2-110
debug messages, display B-16
IGMP groups
configuring throttling action 2-112
setting maximum 2-112
IGMP maximum groups, debugging B-17
IGMP profiles
creating 2-114
displaying 2-296
IGMP snooping
displaying 2-297
enabling 2-116
MAC address tables 2-323
report suppression 2-119
source-only-learning aging time 2-121
images
Immediate-Leave feature, MVR 2-191
Immediate-Leave processing 2-116
import map command 2-126
inline power command 2-210
interface command 2-96
interface configuration mode 1-2, 1-4
interface port-channel command 2-92
interface range command 2-94
interface-range macros 2-62
interfaces
assigning Ethernet interface to channel group 2-29
configuring 2-82
configuring multiple 2-94
creating port-channel logical 2-92
disabling 2-396
displaying the MAC address table 2-321
restarting 2-396
interface speed, configuring 2-453
internal registers, displaying 2-248, 2-254
Intrusion Detection System
invalid GBIC
error detection for 2-84
error recovery timer 2-86
ip address command 2-100
IP addresses, setting 2-100
IP address matching 2-157
IP DHCP snooping
ip dhcp snooping command 2-102
ip dhcp snooping information option command 2-104
ip dhcp snooping information option format snmp-ifindex command 2-106
ip dhcp snooping limit rate command 2-107
ip dhcp snooping trust command 2-108
ip dhcp snooping vlan command 2-109
ip igmp filter command 2-110
ip igmp max-groups command 2-112
ip igmp profile command 2-114
ip igmp snooping command 2-116
ip igmp snooping report-suppression command 2-119
ip igmp snooping source-only-learning command age-timer 2-121
IP multicast addresses 2-188
IP phones
auto-QoS configuration 2-16
trusting packets sent from 2-181
IP-precedence-to-DSCP map 2-175
ip ssh command 2-123
ip vrf (global configuration) command 2-125
ip vrf command 2-127
J
jumbo frames
L
l2protocol-tunnel command 2-129
l2protocol-tunnel cos command 2-132
LACP
lacp port-priority command 2-133
lacp system-priority command 2-134
Layer 2 mode, enabling 2-459
Layer 2 protocol ports, displaying 2-300
Layer 2 protocol-tunnel
error detection for 2-84
error recovery timer 2-86
Layer 2 protocol tunnel counters 2-39
Layer 2 protocol tunneling error recovery 2-130
Layer 2 traceroute
IP addresses 2-494
MAC addresses 2-491
Layer 3 mode, enabling 2-459
line configuration mode 1-2, 1-5
Link Aggregation Control Protocol
link flap
enable timer to recover from error state 2-86
error detection for 2-84
load_helper (boot loader) command A-12
load-distribution methods for EtherChannel 2-208
logging file command 2-135
logical interface 2-92
loopback error, recovery timer 2-86
loop guard, for spanning tree 2-420, 2-423
M
mac access-group command 2-137
MAC access-groups, displaying 2-309
MAC access list configuration mode 2-139
mac access-list extended command 2-139
MAC access lists 2-65
MAC addresses
and port security 2-473
debug learning on bridge groups B-11
debug learning on VLANs B-21
displaying
aging time 2-315
all 2-313
dynamic 2-319
Layer 2 multicast entries 2-323
notification settings 2-325
number of addresses in a VLAN 2-317
per interface 2-321
per VLAN 2-329
static 2-327
static and dynamic entries 2-311
dynamic
aging time 2-141
deleting 2-40
displaying 2-319
enabling MAC address notification 2-142
matching 2-157
static
adding and removing 2-144
displaying 2-327
dropping on an interface 2-145
tables 2-313
MAC address notification, debugging B-22
mac address-table aging-time 2-141
mac address-table aging-time command 2-141
mac address-table notification command 2-142
mac address-table static command 2-144
mac address-table static drop command 2-145
MAC named extended access lists 2-139
macro description command 2-150
macro global command 2-151
macro global description command 2-154
macro name command 2-155
macros
adding a description 2-150
adding a global description 2-154
applying 2-151
creating 2-155
displaying 2-350
specifying parameter values 2-151
tracing 2-151
manual
audience xv
purpose of xv
maps
QoS
defining 2-175
displaying 2-337
VLAN
creating 2-515
defining 2-157
displaying 2-388
match (access-map configuration) command 2-157
match (class-map configuration) command 2-159
maximum transmission unit
member switches
memory (boot loader) command A-13
merge failures, displaying 2-271
mkdir (boot loader) command A-15
mls aclmerge delay command 2-162
mls qos aggregate-policer command 2-167
mls qos command 2-164
mls qos cos command 2-169
mls qos cos policy-map command 2-171
mls qos dscp-mutation command 2-173
mls qos map command 2-175
mls qos min-reserve command 2-178
mls qos monitor command 2-179
mls qos trust command 2-181
mode, MVR 2-188
modes, commands 1-1
monitor session command 2-184
more (boot loader) command A-16
MSTP
displaying 2-366
interoperability 2-47
link type 2-422
MST region
aborting changes 2-427
applying changes 2-427
configuration name 2-427
configuration revision number 2-427
current or pending display 2-427
displaying 2-366
MST configuration mode 2-427
VLANs-to-instance mapping 2-427
path cost 2-429
protocol mode 2-425
restart protocol migration process 2-47
root port
loop guard 2-420
preventing from becoming designated 2-420
restricting which can be root 2-420
root guard 2-420
MSTP (continued)root switch
affects of extended system ID 2-418
interval between BDPU messages 2-433
interval between hello BPDU messages 2-432, 2-438
max-age 2-433
maximum hop count before discarding BPDU 2-434
port priority for selection of 2-435
primary or secondary 2-438
switch priority 2-437
state changes
blocking to forwarding state 2-444
enabling BPDU filtering 2-410, 2-442
enabling BPDU guard 2-412, 2-442
enabling Port Fast 2-442, 2-444
forward-delay time 2-431
length of listening and learning states 2-431
rapid transition to forwarding 2-422
shutting down Port Fast-enabled ports 2-442
state information display 2-365
MTU
configuring size 2-489
displaying global setting 2-372
multicast expansion table (MET), debugging B-23
multicast group address, MVR 2-191
multicast groups, MVR 2-189
multicast router learning method 2-116
multicast router ports, configuring 2-116
multicast routes, debugging B-18, B-19
multicast storm control 2-455
multicast traffic counters 2-290
multicast VLAN, MVR 2-188
multicast VLAN registration
multiple hosts on authorized port 2-70
Multiple Spanning Tree Protocol
multi VPN routing/forwarding instances in customer edge devices
MVR
configuring 2-188
configuring interfaces 2-191
debug messages, display B-24
displaying 2-342
displaying interface information 2-344
members, displaying 2-346
mvr (global configuration) command 2-188
mvr (interface configuration) command 2-191
mvr group command 2-189
mvr vlan group command 2-192
N
native VLANs 2-482
native VLAN tagging 2-521
nonegotiate
DTP messaging 2-471
speed 2-453
non-IP protocols
denying 2-65
forwarding 2-198
non-IP traffic access lists 2-139
non-IP traffic forwarding
denying 2-65
permitting 2-198
normal-range VLANs 2-503, 2-509
note, description xvi
P
PAgP
pagp learn-method command 2-194
pagp port-priority command 2-196
password, VTP 2-529, 2-533, 2-535
password-recovery mechanism, enabling and disabling 2-220
PBR, debug messages, display B-26
permit command 2-198
per-VLAN spanning-tree plus
physical-port learner 2-194
PIM-DVMRP, as multicast router learning method 2-116
police aggregate command 2-203
police command 2-201
policed-DSCP map 2-175
policy-based routing
policy-map command 2-205
policy maps
applying to an interface 2-223, 2-227
creating 2-205
displaying 2-353
policers
for a single class 2-201
for multiple classes 2-167, 2-203
policed-DSCP map 2-175
traffic classification
defining the class 2-34
defining trust states 2-496
setting DSCP or IP precedence values 2-225
Port Aggregation Protocol
port-based authentication
802.1x AAA accounting methods 2-1
AAA method list 2-3
debug messages, display B-8
enabling 802.1x 2-74
guest VLAN 2-69
manual control of authorization state 2-74
multiple hosts on authorized port 2-70
port-based authentication (continued)
periodic re-authentication
enabling 2-78
time between attempts 2-80
quiet period between failed authentication exchanges 2-80
re-authenticating 802.1x-enabled ports 2-76
resetting configurable 802.1x parameters 2-68
statistics and status display 2-257
switch-to-client frame-retransmission number 2-72
switch-to-client retransmission time 2-80
port-channel load-balance command 2-208
Port Fast, for spanning tree 2-444
port labels 2-271, 2-274, 2-373
port ranges, defining 2-62
ports, debugging B-27
ports, protected 2-481
port security
aging 2-477
debug messages, display B-29
enabling 2-473
violation error recovery 2-86
port trust states for QoS 2-181
port types, MVR 2-191
power information, displaying 2-260
power inline command 2-210
priority-queue command 2-212
protected ports, displaying 2-288
pruning
VLANs 2-482
VTP
displaying interface information 2-282
publications, related xvii
PVST+
Q
QoS
automatic configuration 2-16
class maps
creating 2-36
defining the match criteria 2-159
displaying 2-239
defining the CoS value for an incoming packet 2-169
displaying configuration information 2-234, 2-331
DSCP trusted ports
applying DSCP-to-DSCP-mutation map to 2-173
defining DSCP-to-DSCP-mutation map 2-175
enabling 2-164
maps
defining 2-175
displaying 2-337
policy maps
applying an aggregate policer 2-203
applying to an interface 2-223, 2-227
creating 2-205
defining CoS 2-171
defining policers 2-167, 2-201
displaying policers 2-332, 2-333
displaying policy maps 2-353
policed-DSCP map 2-175
setting DSCP or IP precedence values 2-225
traffic classifications 2-34
trust states 2-496
port trust states 2-181
queues
CoS-to-egress-queue map 2-541
displaying buffer settings 2-333
displaying queueing strategies 2-333
enabling the expedite 2-212
mapping DSCPs to thresholds 2-543
minimum-reserve level 2-545
minimum-reserve level buffer sizes 2-178
ratio of queue sizes 2-546
QoS queues (continued)tail-drop threshold percentages 2-549
WRED threshold percentages 2-547
WRR weights 2-539
statistics
collecting on specified DSCPs 2-179
displaying DSCP information 2-333
tail-drop
assigning threshold percentages 2-549
mapping DSCPs to thresholds 2-543
trusted boundary for Cisco SoftPhones 2-181
trusted boundary for IP phones 2-181
WRED
assigning threshold percentages 2-547
enabling 2-547
mapping DSCPs to thresholds 2-543
quality of service
querytime, MVR 2-188
R
rapid per-VLAN spanning-tree plus
rapid PVST+
rcommand command 2-213
re-authenticating 802.1x-enabled ports 2-76
re-authentication
periodic 2-78
time between attempts 2-80
receiver ports, MVR 2-191
receiving flow-control packets 2-88
recovery mechanism
causes 2-86
timer interval 2-86
redundancy for cluster switches 2-59
remote-span command 2-215
Remote Switched Port Analyzer
rename (boot loader) command A-17
reset (boot loader) command A-18
reset command 2-518
resource templates, displaying 2-362
rmdir (boot loader) command A-19
rmon collection stats command 2-216
root guard, for spanning tree 2-420
route distinguisher 2-126
routed ports
IP addresses on 2-101
route-target command 2-126
RSPAN
and IDS 2-186
configuring 2-184
displaying 2-340
filter RSPAN traffic 2-184
remote-span command 2-215
sessions
add interfaces to 2-184
start new 2-184
S
sdm prefer command 2-217
secure ports, limitations 2-475
sending flow-control packets 2-88
service password-recovery command 2-220
service-policy command 2-223
set (boot loader) command A-20
set command 2-225
setup command 2-227
setup express command 2-230
show access-lists command 2-232
show auto qos command 2-234
show boot command 2-237
show changes command 2-518
show class-map command 2-239
show cluster candidates command 2-242