Numerics -
A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
K -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
Index
Numerics
10-Gigabit Ethernet interfaces 10-6
A
AAA down policy, NAC Layer 2 IP validation 1-10
abbreviating commands 2-4
ABRs 37-26
access
templates 8-1
access-class command 33-20
access control entries
See ACEs
access-denied response, VMPS 12-29
access groups
applying IPv4 ACLs to interfaces 33-21
Layer 2 33-21
Layer 3 33-21
access groups, applying IPv4 ACLs to interfaces 33-21
accessing stack members 5-25
access lists
See ACLs
access ports
and Layer 2 protocol tunneling 16-11
defined 10-3
access template 8-1
accounting
with 802.1x 9-39
with IEEE 802.1x 9-9
with RADIUS 7-28
with TACACS+ 7-11, 7-17
ACEs
and QoS 35-7
defined 33-2
Ethernet 33-2
IP 33-2
ACLs
ACEs 33-2
any keyword 33-13
applying
on bridged packets 33-37
on multicast packets 33-38
on routed packets 33-38
on switched packets 33-36
time ranges to 33-17
to an interface 33-20, 34-8
to IPv6 interfaces 34-8
to QoS 35-7
classifying traffic for QoS 35-43
comments in 33-19
compiling 33-22
defined 33-1, 33-7
examples of 33-22, 35-43
extended IP, configuring for QoS classification 35-44
extended IPv4
creating 33-11
matching criteria 33-8
hardware and software handling 33-22
host keyword 33-13
IP
creating 33-7
fragments and QoS guidelines 35-32
implicit deny 33-10, 33-14, 33-17
implicit masks 33-10
matching criteria 33-8
undefined 33-21
IPv4
applying to interfaces 33-20
creating 33-7
matching criteria 33-8
named 33-15
numbers 33-8
terminal lines, setting on 33-19
unsupported features 33-7
IPv6
and stacking 34-3
applying to interfaces 34-8
configuring 34-4, 34-5
displaying 34-9
interactions with other features 34-4
limitations 34-2, 34-3
matching criteria 34-3
named 34-2
precedence of 34-2
supported 34-2
unsupported features 34-3
Layer 4 information in 33-36
logging messages 33-9
MAC extended 33-27, 35-45
matching 33-7, 33-21
monitoring 33-39, 34-9
named
IPv4 33-15
IPv6 34-2
names 34-4
number per QoS class map 35-32
port 33-2, 34-1
precedence of 33-2
QoS 35-7, 35-43
resequencing entries 33-15
router 33-2, 34-1
router ACLs and VLAN map configuration guidelines 33-35
standard IP, configuring for QoS classification 35-43
standard IPv4
creating 33-10
matching criteria 33-8
support for 1-9
support in hardware 33-22
time ranges 33-17
types supported 33-2
unsupported features
IPv4 33-7
IPv6 34-3
using router ACLs with VLAN maps 33-35
VLAN maps
configuration guidelines 33-30
configuring 33-29
active link 20-4, 20-5, 20-6
active links 20-2
active router 39-1
active traffic monitoring, IP SLAs 40-1
address aliasing 23-2
addresses
displaying the MAC address table 6-27
dynamic
accelerated aging 17-9
changing the aging time 6-21
default aging 17-9
defined 6-19
learning 3-15, 6-20
removing 6-22
IPv6 38-2
MAC, discovering 6-27
multicast
group address range 43-3
STP address management 17-9
static
adding and removing 6-24
defined 6-19
address resolution 6-27, 37-10
Address Resolution Protocol
See ARP
adjacency tables, with CEF 37-81
administrative distances
defined 37-94
OSPF 37-33
routing protocol defaults 37-83
advanced IP services feature set 1-2
advertisements
CDP 26-1
LLDP 27-2
RIP 37-21
VTP 12-20, 13-3
aggregatable global unicast addresses 38-4
aggregate addresses, BGP 37-61
aggregated ports
See EtherChannel
aggregate policers 35-58
aggregate policing 1-11
aging, accelerating 17-9
aging time
accelerated
for MSTP 18-23
for STP 17-9, 17-23
MAC address table 6-21
maximum
for MSTP 18-23, 18-24
for STP 17-23, 17-24
alarms, RMON 30-3
allowed-VLAN list 12-22
application engines, redirecting traffic to 42-1
area border routers
See ABRs
ARP
configuring 37-11
defined 1-6, 6-27, 37-10
encapsulation 37-11
static cache configuration 37-11
table
address resolution 6-27
managing 6-27
ASBRs 37-26
AS-path filters, BGP 37-55
asymmetrical links, and IEEE 802.1Q tunneling 16-4
attributes, RADIUS
vendor-proprietary 7-31
vendor-specific 7-29
authentication
EIGRP 37-42
HSRP 39-11
local mode with AAA 7-36
NTP associations 6-4
RADIUS
key 7-21
login 7-23
TACACS+
defined 7-11
key 7-13
login 7-14
See also port-based authentication
authentication failed VLAN
See restricted VLAN
authentication keys, and routing protocols 37-94
authoritative time source, described 6-2
authorization
with RADIUS 7-27
with TACACS+ 7-11, 7-16
authorized ports with IEEE 802.1x 9-7
autoconfiguration 3-3
automatic advise (auto-advise) in switch stacks 5-13
automatic copy (auto-copy) in switch stacks 5-13
automatic extraction (auto-extract) in switch stacks 5-13
automatic QoS
See QoS
automatic upgrades (auto-upgrade) in switch stacks 5-13
auto-MDIX
configuring 10-21
described 10-21
autonegotiation
duplex mode 1-4
interface configuration guidelines 10-18
mismatches 46-9
autonomous system boundary routers
See ASBRs
autonomous systems, in BGP 37-49
Auto-RP, described 43-7
autosensing, port speed 1-4
autostate exclude 10-6
auxiliary VLAN
See voice VLAN
availability, features 1-7
B
BackboneFast
described 19-7
disabling 19-17
enabling 19-16
support for 1-7
backup interfaces
See Flex Links
backup links 20-2
banners
configuring
login 6-18
message-of-the-day login 6-18
default configuration 6-17
when displayed 6-17
BGP
aggregate addresses 37-61
aggregate routes, configuring 37-61
CIDR 37-61
clear commands 37-64
community filtering 37-58
configuring neighbors 37-59
default configuration 37-46
described 37-45
enabling 37-49
monitoring 37-64
multipath support 37-53
neighbors, types of 37-49
path selection 37-53
peers, configuring 37-59
prefix filtering 37-57
resetting sessions 37-52
route dampening 37-63
route maps 37-55
route reflectors 37-62
routing domain confederation 37-62
routing session with multi-VRF CE 37-75
show commands 37-64
supernets 37-61
support for 1-12
Version 4 37-46
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 21-6
DHCP snooping database 21-7
IP source guard 21-16
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 25-7
Boolean expressions in tracked lists 41-4
booting
boot loader, function of 3-2
boot process 3-2
manually 3-18
specific image 3-19
boot loader
accessing 3-20
described 3-2
environment variables 3-20
prompt 3-20
trap-door mechanism 3-2
bootstrap router (BSR), described 43-7
Border Gateway Protocol
See BGP
BPDU
error-disabled state 19-2
filtering 19-3
RSTP format 18-12
BPDU filtering
described 19-3
disabling 19-15
enabling 19-14
support for 1-8
BPDU guard
described 19-2
disabling 19-14
enabling 19-13
support for 1-8
bridged packets, ACLs on 33-37
bridge groups
See fallback bridging
bridge protocol data unit
See BPDU
broadcast flooding 37-18
broadcast packets
directed 37-15
flooded 37-15
broadcast storm-control command 25-4
broadcast storms 25-1, 37-15
C
cables, monitoring for unidirectional links 28-1
CA trustpoint
configuring 7-45
defined 7-42
CDP
and trusted boundary 35-39
configuring 26-2
default configuration 26-2
defined with LLDP 27-1
described 26-1
disabling for routing device26-3to 26-4
enabling and disabling
on an interface 26-4
on a switch 26-3
Layer 2 protocol tunneling 16-8
monitoring 26-5
overview 26-1
support for 1-6
switch stack considerations 26-2
transmission timer and holdtime, setting 26-2
updates 26-2
CEF
defined 37-80
distributed 37-81
IPv6 38-19
CGMP
as IGMP snooping learning method 23-9
clearing cached group entries 43-61
enabling server support 43-44
joining multicast group 23-3
overview 43-9
server support only 43-9
switch support of 1-4
CIDR 37-61
CipherSuites 7-43
Cisco 7960 IP Phone 14-1
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
See IFS
Cisco IOS IP SLAs 40-1
Cisco StackWise Plus technology 1-3
See also stacks, switch
CiscoWorks 2000 1-5, 32-4
CIST regional root
See MSTP
CIST root
See MSTP
civic location 27-3
classless interdomain routing
See CIDR
classless routing 37-8
class maps for QoS
configuring 35-46
described 35-7
displaying 35-78
class of service
See CoS
clearing interfaces 10-27
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-5
editing features
enabling and disabling 2-7
keystroke editing 2-8
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
no and default forms of commands 2-4
client mode, VTP 13-3
client processes, tracking 41-1
clock
See system clock
CNS
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-7
enabling configuration agent 4-9
enabling event agent 4-8
management functions 1-5
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 7-8
community list, BGP 37-58
community ports 15-2
community strings
configuring 32-8
overview 32-4
community VLANs 15-2, 15-3
compatibility, feature 25-12
compatibility, software
See stacks, switch
config.text 3-17
configurable leave timer, IGMP 23-6
configuration, initial
defaults 1-14
Express Setup 1-3
configuration examples, network 1-17
configuration files
archiving B-20
clearing the startup configuration B-20
creating and using, guidelines for B-10
creating using a text editor B-11
default name 3-17
deleting a stored configuration B-20
described B-9
downloading
automatically 3-17
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
invalid combinations when copying B-5
limiting TFTP server access 32-15
obtaining with DHCP 3-9
password recovery disable considerations 7-5
replacing and rolling back, guidelines for B-22
replacing a running configuration B-20, B-21
rolling back a running configuration B-20, B-21
specifying the filename 3-17
system contact and location information 32-15
types and location B-10
uploading
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-15
using RCP B-19
using TFTP B-12
configuration guidelines, multi-VRF CE 37-68
configuration logging 2-5
configuration replacement B-20
configuration rollback B-20
configuration settings, saving 3-15
configure terminal command 10-9
configuring multicast VRFs 37-73
configuring port-based authentication violation modes9-29to 9-30
configuring small-frame arrival rate 25-5
config-vlan mode 2-2, 12-7
connections, secure remote 7-37
connectivity problems 46-11, 46-12, 46-14
consistency checks in VTP Version 2 13-4
console port, connecting to 2-11
content-routing technology
See WCCP
control protocol, IP SLAs 40-3
corrupted software, recovery steps with Xmodem 46-2
CoS
in Layer 2 frames 35-2
override priority 14-6
trust priority 14-6
CoS input queue threshold map for QoS 35-16
CoS output queue threshold map for QoS 35-19
CoS-to-DSCP map for QoS 35-60
counters, clearing interface 10-27
crashinfo file 46-21
critical authentication, IEEE 802.1x 9-43
cross-stack EtherChannel
configuration guidelines 36-12
configuring
on Layer 2 interfaces 36-12
on Layer 3 physical interfaces 36-15
described 36-2
illustration 36-3
support for 1-7
cross-stack UplinkFast, STP
described 19-5
disabling 19-16
enabling 19-16
fast-convergence events 19-7
Fast Uplink Transition Protocol 19-6
normal-convergence events 19-7
support for 1-7
cryptographic software image
Kerberos 7-32
SSH 7-37
SSL 7-41
switch stack considerations 5-2, 5-18, 7-38
customer edge devices 37-66
D
daylight saving time 6-13
dCEF in the switch stack 37-80
debugging
enabling all system diagnostics 46-18
enabling for a specific feature 46-17
redirecting error message output 46-18
using commands 46-17
default commands 2-4
default configuration
802.1x 9-26
auto-QoS 35-21
banners 6-17
BGP 37-46
booting 3-17
CDP 26-2
DHCP 21-8
DHCP option 82 21-8
DHCP snooping 21-8
DHCP snooping binding database 21-9
DNS 6-16
dynamic ARP inspection 22-5
EIGRP 37-38
default configuration (continued)
EtherChannel 36-10
Ethernet interfaces 10-16
fallback bridging 45-4
Flex Links 20-8
HSRP 39-6
IEEE 802.1Q tunneling 16-4
IGMP 43-39
IGMP filtering 23-25
IGMP snooping 23-7, 24-6
IGMP throttling 23-25
initial switch information 3-3
IP addressing, IP routing 37-6
IP multicast routing 43-11
IP SLAs 40-6
IP source guard 21-17
IPv6 38-11
Layer 2 interfaces 10-16
Layer 2 protocol tunneling 16-11
LLDP 27-3
MAC address table 6-21
MAC address-table move update 20-8
MSDP 44-4
MSTP 18-15
multi-VRF CE 37-68
MVR 23-20
NTP 6-4
optional spanning-tree configuration 19-12
OSPF 37-27
password and privilege level 7-2
PIM 43-11
private VLANs 15-6
RADIUS 7-20
RIP 37-21
RMON 30-3
RSPAN 29-11
SDM template 8-4
SNMP 32-6
SPAN 29-11
default configuration (continued)
SSL 7-44
standard QoS 35-30
STP 17-13
switch stacks 5-21
system message logging 31-4
system name and prompt 6-15
TACACS+ 7-13
UDLD 28-4
VLAN, Layer 2 Ethernet interfaces 12-20
VLANs 12-8
VMPS 12-30
voice VLAN 14-3
VTP 13-7
WCCP 42-6
default gateway 3-15, 37-13
default networks 37-84
default router preference
See DRP
default routes 37-84
default routing 37-3
deleting VLANs 12-10
denial-of-service attack 25-1
description command 10-22
designing your network, examples 1-17
desktop template 5-11
destination addresses
in IPv4 ACLs 33-12
in IPv6 ACLs 34-6
destination-IP address-based forwarding, EtherChannel 36-8
destination-MAC address forwarding, EtherChannel 36-8
detecting indirect link failures, STP 19-8
device discovery protocol 26-1, 27-1
device manager
benefits 1-3
described 1-3, 1-5
in-band management 1-6
DHCP
Cisco IOS server database
configuring 21-14
default configuration 21-9
described 21-6
DHCP for IPv6
See DHCPv6
enabling
relay agent 21-11
server 21-10
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-4
DNS 3-7
relay device 3-8
server side 3-6
server-side 21-10
TFTP server 3-7
example 3-10
lease options
for IP address information 3-6
for receiving the configuration file 3-7
overview 3-3
relationship to BOOTP 3-4
relay support 1-6, 1-13
support for 1-6
DHCP-based autoconfiguration and image update
configuring3-11to 3-14
understanding3-5to 3-6
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 21-5
configuration guidelines 21-9
default configuration 21-8
displaying 21-15
DHCP option 82 (continued)
forwarding address, specifying 21-11
helper address 21-11
overview 21-3
packet format, suboption
circuit ID 21-5
remote ID 21-5
remote ID suboption 21-5
DHCP server port-based address allocation
configuration guidelines 21-20
default configuration 21-20
described 21-19
displaying 21-23
enabling 21-20
DHCP snooping
accepting untrusted packets form edge switch 21-3, 21-13
and private VLANs 21-14
binding database
See DHCP snooping binding database
configuration guidelines 21-9
default configuration 21-8
displaying binding tables 21-15
message exchange process 21-4
option 82 data insertion 21-3
trusted interface 21-2
untrusted interface 21-2
untrusted messages 21-2
DHCP snooping binding database
adding bindings 21-14
binding entries, displaying 21-15
binding file
format 21-7
location 21-7
bindings 21-7
clearing agent statistics 21-15
configuration guidelines 21-10
configuring 21-14
default configuration 21-8, 21-9
DHCP snooping binding database (continued)
deleting
binding file 21-15
bindings 21-15
database agent 21-15
described 21-6
displaying 21-15
binding entries 21-15
status and statistics 21-15
displaying status and statistics 21-15
enabling 21-14
entry 21-7
renewing database 21-15
resetting
delay value 21-15
timeout value 21-15
DHCP snooping binding table
See DHCP snooping binding database
DHCPv6
configuration guidelines 38-16
default configuration 38-16
described 38-6
enabling client function 38-18
enabling DHCPv6 server function 38-16
diagnostic schedule command 47-2
Differentiated Services architecture, QoS 35-2
Differentiated Services Code Point 35-2
Diffusing Update Algorithm (DUAL) 37-36
directed unicast requests 1-6
directories
changing B-4
creating and removing B-4
displaying the working B-4
Distance Vector Multicast Routing Protocol
See DVMRP
distance-vector protocols 37-3
distribute-list command 37-93
DNS
and DHCP-based autoconfiguration 3-7
default configuration 6-16
displaying the configuration 6-17
in IPv6 38-4
overview 6-15
setting up 6-16
support for 1-6
DNS-based SSM mapping 43-19, 43-21
domain names
DNS 6-15
VTP 13-8
Domain Name System
See DNS
dot1q-tunnel switchport mode 12-18
double-tagged packets
IEEE 802.1Q tunneling 16-2
Layer 2 protocol tunneling 16-10
downloading
configuration files
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
image files
deleting old image B-29
preparing B-27, B-30, B-35
reasons for B-24
using CMS 1-3
using FTP B-31
using HTTP 1-3, B-24
using RCP B-36
using TFTP B-27
using the device manager or Network Assistant B-24
drop threshold for Layer 2 protocol packets 16-11
DRP
configuring 38-13
described 38-5
IPv6 38-5
DSCP 1-11, 35-2
DSCP input queue threshold map for QoS 35-16
DSCP output queue threshold map for QoS 35-19
DSCP-to-CoS map for QoS 35-63
DSCP-to-DSCP-mutation map for QoS 35-64
DSCP transparency 35-39
DTP 1-8, 12-18
dual-action detection 36-6
DUAL finite state machine, EIGRP 37-37
dual IPv4 and IPv6 templates 8-2, 38-6
dual protocol stacks
IPv4 and IPv6 38-6
SDM templates supporting 38-6
DVMRP
autosummarization
configuring a summary address 43-58
disabling 43-60
connecting PIM domain to DVMRP router 43-51
enabling unicast routing 43-54
interoperability
with Cisco devices 43-49
with Cisco IOS software 43-9
mrinfo requests, responding to 43-53
neighbors
advertising the default route to 43-52
discovery with Probe messages 43-49
displaying information 43-53
prevent peering with nonpruning 43-56
rejecting nonpruning 43-55
overview 43-9
routes
adding a metric offset 43-60
advertising all 43-60
advertising the default route to neighbors 43-52
caching DVMRP routes learned in report messages 43-54
changing the threshold for syslog messages 43-57
deleting 43-61
displaying 43-62
favoring one over another 43-60
limiting the number injected into MBONE 43-57
limiting unicast route advertisements 43-49
routing table 43-9
source distribution tree, building 43-9
support for 1-13
tunnels
configuring 43-51
displaying neighbor information 43-53
dynamic access ports
characteristics 12-4
configuring 12-31
defined 10-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 22-1
ARP requests, described 22-1
ARP spoofing attack 22-1
clearing
log buffer 22-15
statistics 22-15
configuration guidelines 22-6
configuring
ACLs for non-DHCP environments 22-8
in DHCP environments 22-7
log buffer 22-12
rate limit for incoming ARP packets 22-4, 22-10
default configuration 22-5
dynamic ARP inspection (continued)
denial-of-service attacks, preventing 22-10
described 22-1
DHCP snooping binding database 22-2
displaying
ARP ACLs 22-14
configuration and operating state 22-14
log buffer 22-15
statistics 22-15
trust state and rate limit 22-14
error-disabled state for exceeding rate limit 22-4
function of 22-2
interface trust states 22-3
log buffer
clearing 22-15
configuring 22-12
displaying 22-15
logging of dropped packets, described 22-5
man-in-the middle attack, described 22-2
network security issues and interface trust states 22-3
priority of ARP ACLs and DHCP snooping entries 22-4
rate limiting of ARP packets
configuring 22-10
described 22-4
error-disabled state 22-4
statistics
clearing 22-15
displaying 22-15
validation checks, performing 22-11
dynamic auto trunking mode 12-18
dynamic desirable trunking mode 12-18
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 12-29
reconfirming 12-32
troubleshooting 12-33
types of connections 12-31
dynamic routing 37-3
Dynamic Trunking Protocol
See DTP
E
EBGP 37-44
editing features
enabling and disabling 2-7
keystrokes used 2-8
wrapped lines 2-9
EIGRP
authentication 37-42
components 37-37
configuring 37-40
default configuration 37-38
definition 37-36
interface parameters, configuring 37-41
monitoring 37-44
stub routing 37-43
support for 1-12
elections
See stack master
ELIN location 27-3
enable password 7-3
enable secret password 7-3
encryption, CipherSuite 7-44
encryption for passwords 7-3
Enhanced IGRP
See EIGRP
enhanced object tracking
commands 41-1
defined 41-1
HSRP 41-7
IP routing state 41-2
IP SLAs 41-9
line-protocol state 41-2
tracked lists 41-3
environment variables, function of 3-21
equal-cost routing 1-13, 37-82
error-disabled state, BPDU 19-2
error messages during command entry 2-5
EtherChannel
automatic creation of 36-5, 36-6
channel groups
binding physical and logical interfaces 36-4
numbering of 36-4
configuration guidelines 36-11
configuring
Layer 2 interfaces 36-12
Layer 3 physical interfaces 36-15
Layer 3 port-channel logical interfaces 36-14
default configuration 36-10
described 36-2
displaying status 36-22
forwarding methods 36-8, 36-17
IEEE 802.3ad, described 36-6
interaction
with STP 36-11
with VLANs 36-12
LACP
described 36-6
displaying status 36-22
hot-standby ports 36-19
interaction with other features 36-7
modes 36-7
port priority 36-21
system priority 36-20
Layer 3 interface 37-5
load balancing 36-8, 36-17
logical interfaces, described 36-4
PAgP
aggregate-port learners 36-18
compatibility with Catalyst 1900 36-18
described 36-5
displaying status 36-22
interaction with other features 36-6
interaction with virtual switches 36-6
EtherChannels (continued)
PAgP (continued)
learn method and priority configuration 36-18
modes 36-5
support for 1-4
with dual-action detection 36-6
port-channel interfaces
described 36-4
numbering of 36-4
port groups 10-6
stack changes, effects of 36-9
support for 1-4
EtherChannel guard
described 19-10
disabling 19-17
enabling 19-17
Ethernet management port
and switch stacks 10-13
supported features 10-14
Ethernet management port, internal
active link 10-13
and management module 10-13
and routing 10-14
and switch stacks 10-13
and TFTP 10-16
configuring 10-15
default setting 10-14
described 10-13
IP address 10-13
Layer 3 routing guidelines 10-15
unsupported features 10-15
Ethernet VLANs
adding 12-9
defaults and ranges 12-8
modifying 12-9
EUI 38-4
events, RMON 30-3
examples
network configuration 1-17
expedite queue for QoS 35-76
Express Setup 1-3
See also getting started guide
extended crashinfo file 46-21
extended-range VLANs
configuration guidelines 12-13
configuring 12-12
creating 12-14
creating with an internal VLAN ID 12-15
defined 12-1
extended system ID
MSTP 18-17
STP 17-4, 17-16
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 9-1
external BGP
See EBGP
external neighbors, BGP 37-49
F
Fa0 port
See Ethernet management port, internal
failover support 1-7
fallback bridging
and protected ports 45-4
bridge groups
creating 45-4
described 45-2
displaying 45-11
function of 45-2
number supported 45-5
removing 45-5
bridge table
clearing 45-11
displaying 45-11
configuration guidelines 45-4
connecting interfaces with 10-7
fallback bridging (continued)
default configuration 45-4
described 45-1
frame forwarding
flooding packets 45-2
forwarding packets 45-2
overview 45-1
protocol, unsupported 45-4
stack changes, effects of 45-3
STP
disabling on an interface 45-10
forward-delay interval 45-9
hello BPDU interval 45-8
interface priority 45-7
keepalive messages 17-2
maximum-idle interval 45-9
path cost 45-7
VLAN-bridge spanning-tree priority 45-6
VLAN-bridge STP 45-2
support for 1-12
SVIs and routed ports 45-1
unsupported protocols 45-4
VLAN-bridge STP 17-11
Fast Convergence 20-3
fastethernet0 port
See Ethernet management port, internal
Fast Uplink Transition Protocol 19-6
features, incompatible 25-12
FIB 37-81
fiber-optic, detecting unidirectional links 28-1
files
basic crashinfo
description 46-21
location 46-21
copying B-5
crashinfo, description 46-21
deleting B-5
displaying the contents of B-8
extended crashinfo
description 46-21
location 46-21
tar
creating B-7
displaying the contents of B-7
extracting B-8
image file format B-25
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-5
setting the default B-3
filtering
in a VLAN 33-29
IPv6 traffic 34-4, 34-8
non-IP traffic 33-27
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
See ACLs, IP
flash device, number of B-1
Flex Link Multicast Fast Convergence 20-3
Flex Links
configuration guidelines 20-8
configuring 20-9
configuring preferred VLAN 20-12
configuring VLAN load balancing 20-11
default configuration 20-8
description 20-1
link load balancing 20-2
monitoring 20-14
VLANs 20-2
flooded traffic, blocking 25-8
flow-based packet classification 1-11
flowcharts
QoS classification 35-6
QoS egress queueing and scheduling 35-17
QoS ingress queueing and scheduling 35-15
QoS policing and marking 35-10
flowcontrol
configuring 10-20
described 10-20
forward-delay time
MSTP 18-23
STP 17-23
Forwarding Information Base
See FIB
forwarding nonroutable protocols 45-1
FTP
accessing MIB files A-4
configuration files
downloading B-14
overview B-13
preparing the server B-14
uploading B-15
image files
deleting old image B-33
downloading B-31
preparing the server B-30
uploading B-33
G
general query 20-5
Generating IGMP Reports 20-3
get-bulk-request operation 32-3
get-next-request operation 32-3, 32-4
get-request operation 32-3, 32-4
get-response operation 32-3
global configuration mode 2-2
global leave, IGMP 23-13
guest VLAN and IEEE 802.1x 9-13
guide mode 1-3
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces 10-23
hello time
MSTP 18-22
STP 17-22
help, for the command line 2-3
hierarchical policy maps 35-8
configuration guidelines 35-32
configuring 35-52
described 35-11
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 31-10
host ports
configuring 15-11
kinds of 15-2
hosts, limit on dynamic ports 12-33
Hot Standby Router Protocol
See HSRP
HP OpenView 1-5
HSRP
authentication string 39-11
command-switch redundancy 1-2, 1-7
configuring 39-5
default configuration 39-6
definition 39-1
guidelines 39-6
monitoring 39-12
object tracking 41-7
overview 39-1
priority 39-8
routing redundancy 1-12
support for ICMP redirect messages 39-12
switch stack considerations 39-5
timers 39-11
tracking 39-8
HSRP for IPv6
configuring 38-25
guidelines 38-24
HTTP over SSL
see HTTPS
HTTPS
configuring 7-45
described 7-42
self-signed certificate 7-43
HTTP secure server 7-42
I
IBPG 37-44
ICMP
IPv6 38-4
redirect messages 37-13
support for 1-13
time-exceeded messages 46-14
traceroute and 46-14
unreachable messages 33-20
unreachable messages and IPv6 34-4
unreachables and ACLs 33-22
ICMP Echo operation
configuring 40-11
IP SLAs 40-10
ICMP ping
executing 46-11
overview 46-11
ICMP Router Discovery Protocol
See IRDP
ICMPv6 38-4
IDS appliances
and ingress RSPAN 29-22
and ingress SPAN 29-15
IEEE 802.1D
See STP
IEEE 802.1p 14-1
IEEE 802.1Q
and trunk ports 10-3
configuration limitations 12-19
encapsulation 12-16
native VLAN for untagged traffic 12-24
tunneling
compatibility with other features 16-6
defaults 16-4
described 16-1
tunnel ports with other features 16-6
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3x flow control 10-20
ifIndex values, SNMP 32-5
IFS 1-6
IGMP
configurable leave timer
described 23-6
enabling 23-12
configuring the switch
as a member of a group 43-39
statically connected member 43-43
controlling access to groups 43-40
default configuration 43-39
deleting cache entries 43-62
displaying groups 43-62
fast switching 43-44
flooded multicast traffic
controlling the length of time 23-13
disabling on an interface 23-14
global leave 23-13
query solicitation 23-13
recovering from flood mode 23-13
host-query interval, modifying 43-41
joining multicast group 23-3
join messages 23-3
leave processing, enabling 23-11, 24-9
leaving multicast group 23-5
multicast reachability 43-39
overview 43-3
queries 23-4
report suppression
described 23-6
disabling 23-16, 24-11
supported versions 23-3
support for 1-4
Version 1
changing to Version 2 43-41
described 43-3
Version 2
changing to Version 1 43-41
described 43-3
maximum query response time value 43-43
pruning groups 43-43
query timeout value 43-42
IGMP filtering
configuring 23-25
default configuration 23-25
described 23-24
monitoring 23-29
support for 1-5
IGMP groups
configuring filtering 23-28
setting the maximum number 23-27
IGMP helper 43-6
IGMP Immediate Leave
configuration guidelines 23-12
described 23-6
enabling 23-11
IGMP profile
applying 23-27
configuration mode 23-25
configuring 23-26
IGMP snooping
and address aliasing 23-2
and stack changes 23-7
configuring 23-7
default configuration 23-7, 24-6
definition 23-2
enabling and disabling 23-8, 24-7
global configuration 23-8
Immediate Leave 23-6
in the switch stack 23-7
method 23-9
monitoring 23-16, 24-11
querier
configuration guidelines 23-14
configuring 23-14
supported versions 23-3
support for 1-4
VLAN configuration 23-8
IGMP throttling
configuring 23-28
default configuration 23-25
described 23-25
displaying action 23-29
IGP 37-26
Immediate Leave, IGMP
described 23-6
enabling 24-9
inaccessible authentication bypass 9-15
initial configuration
defaults 1-14
Express Setup 1-3
interface
number 10-8
range macros 10-11
interface command10-8to 10-9
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 10-21
configuring
procedure 10-9
counters, clearing 10-27
default configuration 10-16
described 10-22
descriptive name, adding 10-22
displaying information about 10-27
duplex and speed configuration guidelines 10-18
flow control 10-20
management 1-5
monitoring 10-26
naming 10-22
physical, identifying 10-8
range of 10-9
restarting 10-28
shutting down 10-28
speed and duplex, configuring 10-19
status 10-26
supported 10-8
types of 10-1
interfaces range macro command 10-11
interface types 10-8
Interior Gateway Protocol
See IGP
internal BGP
See IBGP
internal neighbors, BGP 37-49
Internet Control Message Protocol
See ICMP
Internet Group Management Protocol
See IGMP
Internet Protocol version 6
See IPv6
Inter-Switch Link
See ISL
inter-VLAN routing 1-12, 37-2
Intrusion Detection System
See IDS appliances
inventory management TLV 27-6
IP ACLs
for QoS classification 35-7
implicit deny 33-10, 33-14
implicit masks 33-10
named 33-15
undefined 33-21
IP addresses
128-bit 38-2
classes of 37-7
default configuration 37-6
discovering 6-27
for IP routing 37-6
IPv6 38-2
MAC address association 37-10
monitoring 37-19
IP base feature set 1-2
IP broadcast address 37-17
ip cef distributed command 37-81
IP directed broadcasts 37-15
ip igmp profile command 23-25
IP information
assigned
manually 3-14
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing
addresses
all-hosts 43-3
all-multicast-routers 43-3
host group address range 43-3
administratively-scoped boundaries, described 43-46
IP multicast routing (continued)
and IGMP snooping 23-2
Auto-RP
adding to an existing sparse-mode cloud 43-26
benefits of 43-26
clearing the cache 43-62
configuration guidelines 43-12
filtering incoming RP announcement messages 43-28
overview 43-7
preventing candidate RP spoofing 43-28
preventing join messages to false RPs 43-28
setting up in a new internetwork 43-26
using with BSR 43-34
bootstrap router
configuration guidelines 43-12
configuring candidate BSRs 43-32
configuring candidate RPs 43-33
defining the IP multicast boundary 43-31
defining the PIM domain border 43-30
overview 43-7
using with Auto-RP 43-34
Cisco implementation 43-2
configuring
basic multicast routing 43-12
IP multicast boundary 43-46
default configuration 43-11
enabling
multicast forwarding 43-13
PIM mode 43-14
group-to-RP mappings
Auto-RP 43-7
BSR 43-7
IP multicast routing (continued)
MBONE
deleting sdr cache entries 43-62
described 43-45
displaying sdr cache 43-63
enabling sdr listener support 43-46
limiting DVMRP routes advertised 43-57
limiting sdr cache entry lifetime 43-46
SAP packets for conference session announcement 43-45
Session Directory (sdr) tool, described 43-45
monitoring
packet rate loss 43-63
peering devices 43-63
tracing a path 43-63
multicast forwarding, described 43-8
PIMv1 and PIMv2 interoperability 43-11
protocol interaction 43-2
reverse path check (RPF) 43-8
routing table
deleting 43-62
displaying 43-62
RP
assigning manually 43-24
configuring Auto-RP 43-26
configuring PIMv2 BSR 43-30
monitoring mapping information 43-35
using Auto-RP and BSR 43-34
stacking
stack master functions 43-10
stack member functions 43-10
statistics, displaying system and network 43-62
See also CGMP
See also DVMRP
See also IGMP
See also PIM
IP phones
and QoS 14-1
automatic classification and queueing 35-20
configuring 14-4
ensuring port security with QoS 35-38
trusted boundary for QoS 35-38
IP precedence 35-2
IP-precedence-to-DSCP map for QoS 35-61
IP protocols
in ACLs 33-12
routing 1-12
IP protocols in ACLs 33-12
IP routes, monitoring 37-96
IP routing
connecting interfaces with 10-7
disabling 37-20
enabling 37-20
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 40-1
IP services feature set 1-2
IP SLAs
benefits 40-2
configuration guidelines 40-6
configuring object tracking 41-9
Control Protocol 40-3
default configuration 40-6
definition 40-1
ICMP echo operation 40-10
measuring network performance 40-2
monitoring 40-13
multioperations scheduling 40-5
object tracking 41-9
operation 40-3
reachability tracking 41-9
responder
described 40-3
enabling 40-7
response time 40-4
scheduling 40-5
SNMP support 40-2
supported metrics 40-2
threshold monitoring 40-5
track state 41-9
UDP jitter operation 40-8
IP source guard
and DHCP snooping 21-16
and EtherChannels 21-18
and hardware entries 21-18
and IEEE 802.1x 21-18
and port security 21-17
and private VLANs 21-18
and routed ports 21-17
and trunk interfaces 21-17
and VRF 21-18
binding configuration
automatic 21-16
manual 21-16
binding table 21-16
configuration guidelines 21-17
default configuration 21-17
described 21-16
disabling 21-19
displaying
bindings 21-19
configuration 21-19
enabling 21-18
filtering
source IP address 21-16
source IP and MAC address 21-17
source IP address filtering 21-16
source IP and MAC address filtering 21-17
static bindings
adding 21-18
deleting 21-19
IP traceroute
executing 46-15
overview 46-14
IP unicast routing
address resolution 37-10
administrative distances 37-83, 37-94
ARP 37-10
assigning IP addresses to Layer 3 interfaces 37-7
authentication keys 37-94
broadcast
address 37-17
flooding 37-18
packets 37-15
storms 37-15
classless routing 37-8
configuring static routes 37-83
default
addressing configuration 37-6
gateways 37-13
networks 37-84
routes 37-84
routing 37-3
directed broadcasts 37-15
disabling 37-20
dynamic routing 37-3
enabling 37-20
EtherChannel Layer 3 interface 37-5
IGP 37-26
inter-VLAN 37-2
IP addressing
classes 37-7
configuring 37-6
IPv6 38-3
IRDP 37-13
Layer 3 interfaces 37-5
MAC address and IP address 37-10
passive interfaces 37-92
IP unicast routing (continued)
protocols
distance-vector 37-3
dynamic 37-3
link-state 37-3
proxy ARP 37-10
redistribution 37-85
reverse address resolution 37-10
routed ports 37-5
static routing 37-3
steps to configure 37-5
subnet mask 37-7
subnet zero 37-8
supernet 37-8
UDP 37-16
unicast reverse path forwarding 1-13, 37-80
with SVIs 37-5
See also BGP
See also EIGRP
See also OSPF
See also RIP
IPv4 ACLs
applying to interfaces 33-20
extended, creating 33-11
named 33-15
standard, creating 33-10
IPv6
ACLs
displaying 34-9
limitations 34-2
matching criteria 34-3
port 34-1
precedence 34-2
router 34-1
supported 34-2
addresses 38-2
address formats 38-2
and switch stacks 38-9
applications 38-5
assigning address 38-11
autoconfiguration 38-5
CEFv6 38-19
configuring static routes 38-20
default configuration 38-11
default router preference (DRP) 38-5
defined 38-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 38-7
EIGRP IPv6 Commands 38-7
Router ID 38-7
feature limitations 38-9
features not supported 38-8
forwarding 38-11
ICMP 38-4
monitoring 38-27
neighbor discovery 38-4
OSPF 38-7
path MTU discovery 38-4
SDM templates 8-2, 24-1, 34-1
stack master functions 38-10
supported features 38-2
switch limitations 38-9
understanding static routes 38-6
IPv6 traffic, filtering 34-4
IRDP
configuring 37-14
definition 37-13
support for 1-13
ISL
and IPv6 38-3
and trunk ports 10-3
encapsulation 1-8, 12-16
trunking with IEEE 802.1 tunneling 16-5
isolated port 15-2
isolated VLANs 15-2, 15-3
J
join messages, IGMP 23-3
K
KDC
described 7-32
See also Kerberos
keepalive messages 17-2
Kerberos
authenticating to
boundary switch 7-34
KDC 7-34
network services 7-35
configuration examples 7-32
configuring 7-35
credentials 7-32
cryptographic software image 7-32
described 7-32
KDC 7-32
operation 7-34
realm 7-33
server 7-33
support for 1-11
switch as trusted third party 7-32
terms 7-33
TGT 7-34
tickets 7-32
key distribution center
See KDC
L
l2protocol-tunnel command 16-13
LACP
Layer 2 protocol tunneling 16-9
See EtherChannel
Layer 2 frames, classification with CoS 35-2
Layer 2 interfaces, default configuration 10-16
Layer 2 protocol tunneling
configuring 16-10
configuring for EtherChannels 16-14
default configuration 16-11
defined 16-8
guidelines 16-12
Layer 2 traceroute
and ARP 46-13
and CDP 46-13
broadcast traffic 46-12
described 46-12
IP addresses and subnets 46-13
MAC addresses and VLANs 46-13
multicast traffic 46-13
multiple devices on a port 46-13
unicast traffic 46-12
usage guidelines 46-13
Layer 3 features 1-12
Layer 3 interfaces
assigning IP addresses to 37-7
assigning IPv4 and IPv6 addresses to 38-14
assigning IPv6 addresses to 38-12
changing from Layer 2 mode 37-7, 37-71, 37-72
types of 37-5
Layer 3 packets, classification methods 35-2
LDAP 4-2
Leaking IGMP Reports 20-4
LEDs, switch
See hardware installation guide
Lightweight Directory Access Protocol
See LDAP
line configuration mode 2-3
Link Aggregation Control Protocol
See EtherChannel
Link Failure, detecting unidirectional 18-8
Link Layer Discovery Protocol
See CDP
link local unicast addresses 38-4
link redundancy
See Flex Links
links, unidirectional 28-1
link state advertisements (LSAs) 37-31
link-state protocols 37-3
link-state tracking
configuring 36-24
described 36-22
LLDP
configuring
characteristics 27-4
default configuration 27-3
globally 27-5
on an interface 27-5
disabling and enabling
globally 27-5
on an interface 27-5
monitoring and maintaining 27-8
overview 27-1
supported TLVs 27-2
switch stack considerations 27-2
transmission timer and holdtime, setting 27-4
LLDP-MED
configuring 27-3
configuring TLVs 27-6
monitoring and maintaining 27-8
overview 27-1, 27-2
supported TLVs 27-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing 39-4
local SPAN 29-2
location TLV 27-3, 27-6
logging messages, ACL 33-9
login authentication
with RADIUS 7-23
with TACACS+ 7-14
login banners 6-17
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-18
loop guard
described 19-11
enabling 19-18
support for 1-8
M
MAC addresses
aging time 6-21
and VLAN association 6-20
building the address table 6-20
default configuration 6-21
disabling learning on a VLAN 6-26
discovering 6-27
displaying 6-27
displaying in the IP source binding table 21-19
dynamic
learning 6-20
removing 6-22
in ACLs 33-27
IP address association 37-10
manually assigning IP address 3-15
static
adding 6-24
allowing 6-26, 6-27
characteristics of 6-24
dropping 6-25
removing 6-24
MAC address learning 1-6
MAC address learning, disabling on a VLAN 6-26
MAC address notification, support for 1-13
MAC address-table move update
configuration guidelines 20-8
configuring 20-12
default configuration 20-8
description 20-6
monitoring 20-14
MAC address-to-VLAN mapping 12-28
MAC authentication bypass 9-10
MAC extended access lists
applying to Layer 2 interfaces 33-28
configuring for QoS 35-45
creating 33-27
defined 33-27
for QoS classification 35-5
macros
See Smartports macros
magic packet 9-18
manageability features 1-6
management access
in-band
browser session 1-6
CLI session 1-6
device manager 1-6
SNMP 1-7
out-of-band console port connection 1-7
management options
CLI 2-1
CNS 4-1
Network Assistant 1-3
overview 1-5
switch stacks 1-3
mapping tables for QoS
configuring
CoS-to-DSCP 35-60
DSCP 35-60
DSCP-to-CoS 35-63
DSCP-to-DSCP-mutation 35-64
IP-precedence-to-DSCP 35-61
policed-DSCP 35-62
described 35-12
marking
action in policy map 35-48
action with aggregate policers 35-58
described 35-4, 35-8
matching IPv4 ACLs 33-7
maximum aging time
MSTP 18-23
STP 17-23
maximum hop count, MSTP 18-24
maximum number of allowed devices, port-based authentication 9-29
maximum-paths command 37-53, 37-82
MDA
configuration guidelines9-20to 9-21
described 1-10, 9-20
exceptions with authentication process 9-4
membership mode, VLAN port 12-3
messages, to users through banners 6-17
metrics, in BGP 37-53
metric translations, between routing protocols 37-88
metro tags 16-2
MHSRP 39-4
MIBs
accessing files with FTP A-4
location of files A-4
overview 32-1
SNMP interaction with 32-4
supported A-1
mirroring traffic for analysis 29-1
mismatches, autonegotiation 46-9
module number 10-8
monitoring
access groups 33-39
BGP 37-64
cables for unidirectional links 28-1
CDP 26-5
CEF 37-81
EIGRP 37-44
fallback bridging 45-11
features 1-13
Flex Links 20-14
HSRP 39-12
IEEE 802.1Q tunneling 16-18
IGMP
filters 23-29
snooping 23-16, 24-11
interfaces 10-26
IP
address tables 37-19
multicast routing 43-61
routes 37-96
IP SLAs operations 40-13
IPv4 ACL configuration 33-39
IPv6 38-27
IPv6 ACL configuration 34-9
Layer 2 protocol tunneling 16-18
MAC address-table move update 20-14
MSDP peers 44-18
multicast router interfaces 23-17, 24-12
multi-VRF CE 37-79
MVR 23-24
network traffic for analysis with probe 29-2
object tracking 41-10
OSPF 37-35
port
blocking 25-19
protection 25-19
private VLANs 15-15
RP mapping information 43-35
SFP status 10-27, 46-10
source-active messages 44-18
speed and duplex mode 10-19
SSM mapping 43-22
traffic flowing among switches 30-1
traffic suppression 25-19
tunneling 16-18
VLAN
filters 33-40
maps 33-40
VLANs 12-16
VMPS 12-33
VTP 13-16
mrouter Port 20-3
mrouter port 20-5
MSDP
benefits of 44-3
clearing MSDP connections and statistics 44-18
controlling source information
forwarded by switch 44-11
originated by switch 44-8
received by switch 44-13
default configuration 44-4
dense-mode regions
sending SA messages to 44-16
specifying the originating address 44-17
filtering
incoming SA messages 44-14
SA messages to a peer 44-12
SA requests from a peer 44-10
join latency, defined 44-6
meshed groups
configuring 44-15
defined 44-15
originating address, changing 44-17
overview 44-1
peer-RPF flooding 44-2
peers
configuring a default 44-4
monitoring 44-18
peering relationship, overview 44-1
requesting source information from 44-8
shutting down 44-15
source-active messages
caching 44-6
clearing cache entries 44-18
defined 44-2
filtering from a peer 44-10
filtering incoming 44-14
filtering to a peer 44-12
limiting data with TTL 44-13
monitoring 44-18
restricting advertised sources 44-9
support for 1-13
MSTP
boundary ports
configuration guidelines 18-16
described 18-6
BPDU filtering
described 19-3
enabling 19-14
BPDU guard
described 19-2
enabling 19-13
CIST, described 18-3
CIST regional root 18-3
CIST root 18-5
configuration guidelines 18-15, 19-12
configuring
forward-delay time 18-23
hello time 18-22
link type for rapid convergence 18-24
maximum aging time 18-23
maximum hop count 18-24
MST region 18-16
configuring (continued)
neighbor type 18-25
path cost 18-21
port priority 18-19
root switch 18-17
secondary root switch 18-19
switch priority 18-21
CST
defined 18-3
operations between regions 18-4
default configuration 18-15
default optional feature configuration 19-12
displaying status 18-26
enabling the mode 18-16
EtherChannel guard
described 19-10
enabling 19-17
extended system ID
effects on root switch 18-17
effects on secondary root switch 18-19
unexpected behavior 18-18
IEEE 802.1s
implementation 18-6
port role naming change 18-7
terminology 18-5
instances supported 17-10
interface state, blocking to forwarding 19-2
interoperability and compatibility among modes 17-11
interoperability with IEEE 802.1D
described 18-9
restarting migration process 18-25
IST
defined 18-3
master 18-3
operations within a region 18-3
loop guard
described 19-11
enabling 19-18
mapping VLANs to MST instance 18-16
MST region
CIST 18-3
configuring 18-16
described 18-2
hop-count mechanism 18-5
IST 18-3
supported spanning-tree instances 18-2
optional features supported 1-8
overview 18-2
Port Fast
described 19-2
enabling 19-12
preventing root switch selection 19-10
root guard
described 19-10
enabling 19-18
root switch
configuring 18-18
effects of extended system ID 18-17
unexpected behavior 18-18
shutdown Port Fast-enabled port 19-2
stack changes, effects of 18-8
status, displaying 18-26
MTU
system 10-25
system jumbo 10-25
system routing 10-25
multicast groups
Immediate Leave 23-6
joining 23-3
leaving 23-5
static joins 23-10, 24-8
multicast packets
ACLs on 33-38
blocking 25-8
multicast router interfaces, monitoring 23-17, 24-12
multicast router ports, adding 23-10, 24-8
Multicast Source Discovery Protocol
See MSDP
multicast storm 25-1
multicast storm-control command 25-4
multicast television application 23-18
multicast VLAN 23-18
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multioperations scheduling, IP SLAs 40-5
Multiple HSRP
See MHSRP
multiple VPN routing/forwarding in customer edge devices
See multi-VRF CE
multi-VRF CE
configuration example 37-75
configuration guidelines 37-68
configuring 37-67
default configuration 37-68
defined 37-65
displaying 37-79
monitoring 37-79
network components 37-67
packet-forwarding process 37-67
support for 1-12
MVR
and address aliasing 23-20
and IGMPv3 23-21
configuration guidelines 23-20
configuring interfaces 23-22
default configuration 23-20
described 23-18
example application 23-18
in the switch stack 23-20
modes 23-21
monitoring 23-24
multicast television application 23-18
setting global parameters 23-21
support for 1-5
N
NAC
AAA down policy 1-10
critical authentication 9-15, 9-43
IEEE 802.1x authentication using a RADIUS server 9-47
IEEE 802.1x validation using RADIUS server 9-47
inaccessible authentication bypass 1-10, 9-43
Layer 2 IEEE 802.1x validation 1-10, 9-47
Layer 2 IP validation 1-10
named IPv4 ACLs 33-15
named IPv6 ACLs 34-2
NameSpace Mapper
See NSM
native VLAN
and IEEE 802.1Q tunneling 16-4
configuring 12-24
default 12-24
neighbor discovery, IPv6 38-4
neighbor discovery/recovery, EIGRP 37-37
neighbors, BGP 37-59
Network Admission Control
See NAC
Network Assistant
benefits 1-3
described 1-5
downloading image files 1-3
guide mode 1-3
management options 1-3
Network Assistant (continued)
managing switch stacks 5-2, 5-17
upgrading a switch B-24
wizards 1-3
network configuration examples
data center 1-18
expanded data center 1-19
increasing network performance 1-17
providing network services 1-18
small to medium-sized network 1-20
network design
performance 1-17
services 1-18
network management
CDP 26-1
RMON 30-1
SNMP 32-1
network performance, measuring with IP SLAs 40-2
network policy TLV 27-6
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
configuration guidelines 35-32
configuring 35-48
described 35-9
non-IP traffic filtering 33-27
nontrunking mode 12-18
normal-range VLANs 12-4
configuration guidelines 12-6
configuration modes 12-7
configuring 12-4
defined 12-1
no switchport command 10-4
not-so-stubby areas
See NSSA
NSM 4-3
NSSA, OSPF 37-31
NTP
associations
authenticating 6-4
defined 6-2
enabling broadcast messages 6-6
peer 6-5
server 6-5
default configuration 6-4
displaying the configuration 6-11
overview 6-2
restricting access
creating an access group 6-8
disabling NTP services per interface 6-10
source IP address, configuring 6-10
stratum 6-2
support for 1-6
synchronizing devices 6-5
time
services 6-2
synchronizing 6-2
O
OBFL
configuring 46-22
described 46-22
displaying 46-23
object tracking
HSRP 41-7
IP SLAs 41-9
IP SLAs, configuring 41-9
monitoring 41-10
offline configuration for switch stacks 5-9
on-board failure logging
See OBFL
online diagnostics
described 47-1
overview 47-1
running tests 47-5
Open Shortest Path First
See OSPF
optimizing system resources 8-1
options, management 1-5
OSPF
area parameters, configuring 37-31
configuring 37-29
default configuration
metrics 37-33
route 37-33
settings 37-27
described 37-26
for IPv6 38-7
interface parameters, configuring 37-30
LSA group pacing 37-34
monitoring 37-35
router IDs 37-35
route summarization 37-32
support for 1-12
virtual links 37-33
out-of-profile markdown 1-11
P
packet modification, with QoS 35-19
PAgP
Layer 2 protocol tunneling 16-9
See EtherChannel
parallel paths, in routing tables 37-82
passive interfaces
configuring 37-92
OSPF 37-33
passwords
default configuration 7-2
disabling recovery of 7-5
encrypting 7-3
for security 1-9
overview 7-1
recovery of 46-4
setting
enable 7-3
enable secret 7-3
Telnet 7-6
with usernames 7-6
VTP domain 13-8
path cost
MSTP 18-21
STP 17-20
path MTU discovery 38-4
PBR
defined 37-88
enabling 37-90
fast-switched policy-based routing 37-91
local policy-based routing 37-91
peers, BGP 37-59
percentage thresholds in tracked lists 41-6
performance, network design 1-17
performance features 1-4
persistent self-signed certificate 7-43
per-VLAN spanning-tree plus
See PVST+
PE to CE routing, configuring 37-75
physical ports 10-2
PIM
default configuration 43-11
dense mode
overview 43-4
rendezvous point (RP), described 43-5
RPF lookups 43-9
displaying neighbors 43-62
enabling a mode 43-14
overview 43-4
router-query message interval, modifying 43-38
shared tree and source tree, overview 43-35
shortest path tree, delaying the use of 43-37
sparse mode
join messages and shared tree 43-5
overview 43-5
prune messages 43-5
RPF lookups 43-9
stub routing
enabling 43-23
overview 43-5
support for 1-13
versions
interoperability 43-11
troubleshooting interoperability problems 43-35
v2 improvements 43-4
PIM-DVMRP, as snooping method 23-9
ping
character output description 46-12
executing 46-11
overview 46-11
policed-DSCP map for QoS 35-62
policers
configuring
for each matched traffic class 35-48
for more than one traffic class 35-58
described 35-4
displaying 35-78
number of 35-33
types of 35-9
policing
described 35-4
hierarchical
See hierarchical policy maps
token-bucket algorithm 35-9
policy-based routing
See PBR
policy maps for QoS
characteristics of 35-48
described 35-7
displaying 35-79
hierarchical 35-8
hierarchical on SVIs
configuration guidelines 35-32
configuring 35-52
described 35-11
nonhierarchical on physical ports
configuration guidelines 35-32
configuring 35-48
described 35-9
port ACLs
defined 33-2
types of 33-3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 9-9
authentication server
defined 9-3
RADIUS server 9-3
client, defined 9-2
configuration guidelines 9-27
configuring
802.1x authentication 9-30
guest VLAN 9-40
host mode 9-35
inaccessible authentication bypass 9-43
manual re-authentication of a client 9-36
periodic re-authentication 9-36
quiet period 9-37
RADIUS server 9-35
RADIUS server parameters on the switch 9-34
restricted VLAN 9-41
switch-to-client frame-retransmission number 9-38
switch-to-client retransmission time 9-37
port-based authentication (continued)
configuring (continued)
violation mode 9-18
violation modes9-29to 9-30
default configuration 9-26
described 9-1
device roles 9-2
displaying statistics 9-52
EAPOL-start frame 9-5
EAP-request/identity frame 9-5
EAP-response/identity frame 9-5
encapsulation 9-3
guest VLAN
configuration guidelines 9-14, 9-15
described 9-13
host mode 9-8
inaccessible authentication bypass
configuring 9-43
described 9-15
guidelines 9-28
initiation and message exchange 9-5
magic packet 9-18
maximum number of allowed devices per port 9-29
method lists 9-30
multiple-hosts mode, described 9-9
per-user ACLs
AAA authorization 9-30
configuration tasks 9-13
described 9-12
RADIUS server attributes 9-12
ports
authorization state and dot1x port-control command 9-7
authorized and unauthorized 9-7
critical 9-15
voice VLAN 9-16
port-based authentication (continued)
port security
and voice VLAN 9-18
described 9-17
interactions 9-17
multiple-hosts mode 9-9
readiness check
configuring 9-31
described 9-10, 9-31
resetting to default values 9-51
stack changes, effects of 9-8
statistics, displaying 9-52
switch
as proxy 9-3
RADIUS client 9-3
VLAN assignment
AAA authorization 9-30
characteristics 9-11
configuration tasks 9-12
described 9-11
voice aware 802.1x security
configuring 9-33
described 9-21, 9-32
voice VLAN
described 9-16
PVID 9-16
VVID 9-16
wake-on-LAN, described 9-18
port blocking 1-4, 25-7
port-channel
See EtherChannel
Port Fast
described 19-2
enabling 19-12
mode, spanning tree 12-30
support for 1-8
port membership modes, VLAN 12-3
port priority
MSTP 18-19
STP 17-18
ports
10-Gigabit Ethernet 10-6
access 10-3
blocking 25-7
dynamic access 12-4
protected 25-6
routed 10-4
secure 25-8
static-access 12-3, 12-11
switch 10-2
trunks 12-3, 12-16
VLAN assignments 12-11
port security
aging 25-17
and private VLANs 25-18
and QoS trusted boundary 35-38
and stacking 25-18
configuring 25-13
default configuration 25-11
described 25-8
displaying 25-19
enabling 25-18
on trunk ports 25-14
sticky learning 25-9
violations 25-10
with other features 25-11
port-shutdown response, VMPS 12-29
power management TLV 27-6
preemption, default configuration 20-8
preemption delay, default configuration 20-8
preferential treatment of traffic
See QoS
prefix lists, BGP 37-57
preventing unauthorized access 7-1
primary links 20-2
primary VLANs 15-1, 15-3
priority
HSRP 39-8
overriding CoS 14-6
trusting CoS 14-6
private VLAN edge ports
See protected ports
private VLANs
across multiple switches 15-4
and SDM template 15-4
and SVIs 15-5
and switch stacks 15-5
benefits of 15-1
community ports 15-2
community VLANs 15-2, 15-3
configuration guidelines 15-7, 15-8
configuration tasks 15-6
configuring 15-10
default configuration 15-6
end station access to 15-3
IP addressing 15-3
isolated port 15-2
isolated VLANs 15-2, 15-3
mapping 15-14
monitoring 15-15
ports
community 15-2
configuration guidelines 15-8
configuring host ports 15-11
configuring promiscuous ports 15-13
isolated 15-2
promiscuous 15-2
primary VLANs 15-1, 15-3
promiscuous ports 15-2
secondary VLANs 15-2
subdomains 15-1
traffic in 15-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 7-9
exiting 7-9
logging into 7-9
overview 7-2, 7-7
setting a command with 7-8
promiscuous ports
configuring 15-13
defined 15-2
protected ports 1-9, 25-6
protocol-dependent modules, EIGRP 37-37
Protocol-Independent Multicast Protocol
See PIM
provider edge devices 37-66
provisioning new members for a switch stack 5-9
proxy ARP
configuring 37-12
definition 37-10
with IP routing disabled 37-13
proxy reports 20-3
pruning, VTP
disabling
in VTP domain 13-14
on a port 12-24
enabling
in VTP domain 13-14
on a port 12-23
examples 13-5
overview 13-4
pruning-eligible list
changing 12-23
for VTP pruning 13-5
VLANs 13-14
PVST+
described 17-10
IEEE 802.1Q trunking interoperability 17-11
instances supported 17-10
Q
QoS
and MQC commands 35-1
auto-QoS
categorizing traffic 35-21
configuration and defaults display 35-29
configuration guidelines 35-25
described 35-20
disabling 35-26
displaying generated commands 35-26
displaying the initial configuration 35-29
effects on running configuration 35-25
egress queue defaults 35-21
enabling for VoIP 35-26
example configuration 35-27
ingress queue defaults 35-21
list of generated commands 35-22
basic model 35-4
classification
class maps, described 35-7
defined 35-4
DSCP transparency, described 35-39
flowchart 35-6
forwarding treatment 35-3
in frames and packets 35-3
IP ACLs, described 35-5, 35-7
MAC ACLs, described 35-5, 35-7
options for IP traffic 35-5
options for non-IP traffic 35-5
policy maps, described 35-7
trust DSCP, described 35-5
trusted CoS, described 35-5
trust IP precedence, described 35-5
class maps
configuring 35-46
displaying 35-78
configuration guidelines
auto-QoS 35-25
standard QoS 35-32
configuring
aggregate policers 35-58
auto-QoS 35-20
default port CoS value 35-37
DSCP maps 35-60
DSCP transparency 35-39
DSCP trust states bordering another domain 35-40
egress queue characteristics 35-70
ingress queue characteristics 35-66
IP extended ACLs 35-44
IP standard ACLs 35-43
MAC ACLs 35-45
policy maps, hierarchical 35-52
policy maps on physical ports 35-48
port trust states within the domain 35-35
trusted boundary 35-38
default auto configuration 35-21
default standard configuration 35-30
displaying statistics 35-78
DSCP transparency 35-39
egress queues
allocating buffer space 35-71
buffer allocation scheme, described 35-18
configuring shaped weights for SRR 35-75
configuring shared weights for SRR 35-76
described 35-4
displaying the threshold map 35-74
flowchart 35-17
mapping DSCP or CoS values 35-73
scheduling, described 35-4
setting WTD thresholds 35-71
WTD, described 35-19
enabling globally 35-34
flowcharts
classification 35-6
egress queueing and scheduling 35-17
ingress queueing and scheduling 35-15
policing and marking 35-10
implicit deny 35-7
ingress queues
allocating bandwidth 35-68
allocating buffer space 35-68
buffer and bandwidth allocation, described 35-16
configuring shared weights for SRR 35-68
configuring the priority queue 35-69
described 35-4
displaying the threshold map 35-67
flowchart 35-15
mapping DSCP or CoS values 35-67
priority queue, described 35-16
scheduling, described 35-4
setting WTD thresholds 35-67
WTD, described 35-16
IP phones
automatic classification and queueing 35-20
detection and trusted settings 35-20, 35-38
limiting bandwidth on egress interface 35-77
mapping tables
CoS-to-DSCP 35-60
displaying 35-78
DSCP-to-CoS 35-63
DSCP-to-DSCP-mutation 35-64
IP-precedence-to-DSCP 35-61
policed-DSCP 35-62
types of 35-12
marked-down actions 35-50, 35-55
marking, described 35-4, 35-8
overview 35-2
packet modification 35-19
policers
configuring 35-50, 35-55, 35-58
described 35-8
displaying 35-78
number of 35-33
types of 35-9
policies, attaching to an interface 35-8
policing
described 35-4, 35-8
token bucket algorithm 35-9
policy maps
characteristics of 35-48
displaying 35-79
hierarchical 35-8
hierarchical on SVIs 35-52
nonhierarchical on physical ports 35-48
QoS label, defined 35-4
queues
configuring egress characteristics 35-70
configuring ingress characteristics 35-66
high priority (expedite) 35-19, 35-76
location of 35-13
SRR, described 35-14
WTD, described 35-13
rewrites 35-19
support for 1-11
trust states
bordering another domain 35-40
described 35-5
trusted device 35-38
within the domain 35-35
quality of service
See QoS
queries, IGMP 23-4
query solicitation, IGMP 23-13
R
RADIUS
attributes
vendor-proprietary 7-31
vendor-specific 7-29
configuring
accounting 7-28
authentication 7-23
authorization 7-27
communication, global 7-21, 7-29
communication, per-server 7-20, 7-21
multiple UDP ports 7-20
default configuration 7-20
defining AAA server groups 7-25
displaying the configuration 7-31
identifying the server 7-20
limiting the services to the user 7-27
method list, defined 7-20
operation of 7-19
overview 7-18
suggested network environments 7-18
support for 1-10
tracking services accessed by user 7-28
range
macro 10-11
of interfaces 10-10
rapid convergence 18-10
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 17-10
IEEE 802.1Q trunking interoperability 17-11
instances supported 17-10
Rapid Spanning Tree Protocol
See RSTP
RARP 37-10
RCP
configuration files
downloading B-18
overview B-16
preparing the server B-17
uploading B-19
image files
deleting old image B-38
downloading B-36
preparing the server B-35
uploading B-38
reachability, tracking IP SLAs IP host 41-9
readiness check
port-based authentication
configuring 9-31
described 9-10, 9-31
reconfirmation interval, VMPS, changing 12-32
reconfirming dynamic VLAN membership 12-32
recovery procedures 46-1
redundancy
EtherChannel 36-2
HSRP 39-1
STP
backbone 17-8
multidrop backbone 19-5
path cost 12-27
port priority 12-25
redundant links and UplinkFast 19-15
reliable transport protocol, EIGRP 37-37
reloading software 3-22
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 29-3
report suppression, IGMP
described 23-6
disabling 23-16, 24-11
resequencing ACL entries 33-15
resets, in BGP 37-52
resetting a UDLD-shutdown interface 28-6
responder, IP SLAs
described 40-3
enabling 40-7
response time, measuring with IP SLAs 40-4
restricted VLAN
configuring 9-41
described 9-14
using with IEEE 802.1x 9-14
restricting access
NTP services 6-8
overview 7-1
passwords and privilege levels 7-2
RADIUS 7-17
TACACS+ 7-10
retry count, VMPS, changing 12-32
reverse address resolution 37-10
Reverse Address Resolution Protocol
See RARP
RFC
1112, IP multicast and IGMP 23-2
1157, SNMPv1 32-2
1166, IP addresses 37-7
1305, NTP 6-2
1587, NSSAs 37-26
1757, RMON 30-2
1901, SNMPv2C 32-2
1902 to 1907, SNMPv2 32-2
2236, IP multicast and IGMP 23-2
2273-2275, SNMPv3 32-2
RIP
advertisements 37-21
authentication 37-23
configuring 37-22
default configuration 37-21
described 37-21
for IPv6 38-7
hop counts 37-21
split horizon 37-24
summary addresses 37-24
support for 1-12
RMON
default configuration 30-3
displaying status 30-6
enabling alarms and events 30-3
groups supported 30-2
overview 30-1
statistics
collecting group Ethernet 30-5
collecting group history 30-5
support for 1-13
root guard
described 19-10
enabling 19-18
support for 1-8
root switch
MSTP 18-17
STP 17-16
route calculation timers, OSPF 37-33
route dampening, BGP 37-63
routed packets, ACLs on 33-38
routed ports
configuring 37-5
defined 10-4
IP addresses on 10-23, 37-5
route-map command 37-91
route maps
BGP 37-55
policy-based routing 37-88
router ACLs
defined 33-2
types of 33-4
route reflectors, BGP 37-62
router ID, OSPF 37-35
route selection, BGP 37-53
route summarization, OSPF 37-32
route targets, VPN 37-67
routing
default 37-3
dynamic 37-3
redistribution of information 37-85
static 37-3
routing domain confederation, BGP 37-62
Routing Information Protocol
See RIP
routing protocol administrative distances 37-83
RSPAN 29-3
and stack changes 29-10
characteristics 29-9
configuration guidelines 29-17
default configuration 29-11
destination ports 29-8
displaying status 29-28
in a switch stack 29-2
interaction with other features 29-9
monitored ports 29-6
monitoring ports 29-8
overview 1-13, 29-1
received traffic 29-5
session limits 29-12
sessions
creating 29-18
defined 29-4
limiting source traffic to specific VLANs 29-20
specifying monitored ports 29-18
with ingress traffic enabled 29-22
source ports 29-6
transmitted traffic 29-6
VLAN-based 29-7
RSTP
active topology 18-10
BPDU
format 18-12
processing 18-13
designated port, defined 18-9
designated switch, defined 18-9
interoperability with IEEE 802.1D
described 18-9
restarting migration process 18-25
topology changes 18-13
overview 18-9
port roles
described 18-9
synchronized 18-11
proposal-agreement handshake process 18-10
rapid convergence
cross-stack rapid convergence 18-11
described 18-10
edge ports and Port Fast 18-10
point-to-point links 18-10, 18-24
root ports 18-10
root port, defined 18-9
See also MSTP
running configuration
replacing B-20, B-21
rolling back B-20, B-21
saving 3-15
S
scheduled reloads 3-22
scheduling, IP SLAs operations 40-5
SDM
described 8-1
switch stack consideration 5-11
templates
configuring 8-5
number of 8-1
SDM template
configuring 8-4
dual IPv4 and IPv6 8-2
types of 8-1
secondary VLANs 15-2
secure HTTP client
configuring 7-47
displaying 7-48
secure HTTP server
configuring 7-46
displaying 7-48
secure MAC addresses
and switch stacks 25-18
deleting 25-16
maximum number of 25-10
types of 25-9
secure ports
and switch stacks 25-18
configuring 25-8
secure remote connections 7-37
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 25-8
security features 1-9
sequence numbers in log messages 31-8
server mode, VTP 13-3
service-provider network, MSTP and RSTP 18-1
service-provider networks
and customer VLANs 16-2
and IEEE 802.1Q tunneling 16-1
Layer 2 protocols across 16-8
Layer 2 protocol tunneling for EtherChannels 16-9
set-request operation 32-4
severity levels, defining in system messages 31-9
SFPs
monitoring status of 10-27, 46-10
numbering of 10-9
security and identification 46-10
status, displaying 46-10
shaped round robin
See SRR
show access-lists hw-summary command 33-22
show and more command output, filtering 2-10
show cdp traffic command 26-5
show configuration command 10-22
show forward command 46-18
show interfaces command 10-19, 10-22
show interfaces switchport 20-4
show l2protocol command 16-13, 16-15, 16-16
show lldp traffic command 27-8
show platform forward command 46-18
show running-config command
displaying ACLs 33-20, 33-21, 33-31, 33-34
interface description in 10-22
shutdown command on interfaces 10-28
shutdown threshold for Layer 2 protocol packets 16-11
Simple Network Management Protocol
See SNMP
small-frame arrival rate, configuring 25-5
Smartports macros
applying Cisco-default macros 11-6
applying global parameter values 11-5, 11-6
applying macros 11-5
applying parameter values 11-5, 11-7
configuration guidelines 11-2
creating 11-4
default configuration 11-2
defined 11-1
displaying 11-8
tracing 11-3
SNAP 26-1
SNMP
accessing MIB variables with 32-4
agent
described 32-4
disabling 32-7
and IP SLAs 40-2
authentication level 32-10
community strings
configuring 32-8
overview 32-4
configuration examples 32-16
default configuration 32-6
engine ID 32-7
groups 32-6, 32-9
host 32-6
ifIndex values 32-5
in-band management 1-7
informs
and trap keyword 32-11
described 32-5
differences from traps 32-5
disabling 32-15
enabling 32-14
limiting access by TFTP servers 32-15
limiting system log messages to NMS 31-10
manager functions 1-5, 32-3
MIBs
location of A-4
supported A-1
notifications 32-5
overview 32-1, 32-4
security levels 32-3
status, displaying 32-17
system contact and location 32-15
trap manager, configuring 32-13
traps
described 32-3, 32-5
differences from informs 32-5
disabling 32-15
enabling 32-11
enabling MAC address notification 6-22
overview 32-1, 32-4
types of 32-11
users 32-6, 32-9
versions supported 32-2
SNMP and Syslog Over IPv6 38-7
SNMPv1 32-2
SNMPv2C 32-2
SNMPv3 32-2
snooping, IGMP 23-2
software compatibility
See stacks, switch
software images
location in flash B-25
recovery procedures 46-2
scheduling reloads 3-22
tar file format, described B-25
See also downloading and uploading
source addresses
in IPv4 ACLs 33-12
in IPv6 ACLs 34-6
source-and-destination-IP address based forwarding, EtherChannel 36-8
source-and-destination MAC address forwarding, EtherChannel 36-8
source-IP address based forwarding, EtherChannel 36-8
source-MAC address forwarding, EtherChannel 36-8
Source-specific multicast
See SSM
SPAN
and stack changes 29-10
configuration guidelines 29-12
default configuration 29-11
destination ports 29-8
displaying status 29-28
interaction with other features 29-9
monitored ports 29-6
monitoring ports 29-8
overview 1-13, 29-1
ports, restrictions 25-12
received traffic 29-5
session limits 29-12
sessions
configuring ingress forwarding 29-16, 29-23
creating 29-13, 29-25
defined 29-4
limiting source traffic to specific VLANs 29-16
removing destination (monitoring) ports 29-14
specifying monitored ports 29-13, 29-25
with ingress traffic enabled 29-15
source ports 29-6
transmitted traffic 29-6
VLAN-based 29-7
spanning tree and native VLANs 12-19
Spanning Tree Protocol
See STP
SPAN traffic 29-5
split horizon, RIP 37-24
SRR
configuring
shaped weights on egress queues 35-75
shared weights on egress queues 35-76
shared weights on ingress queues 35-68
described 35-14
shaped mode 35-14
shared mode 35-14
support for 1-11, 1-12
SSH
configuring 7-39
cryptographic software image 7-37
described 1-7, 7-37
encryption methods 7-38
switch stack considerations 5-18, 7-38
user authentication methods, supported 7-38
SSL
configuration guidelines 7-44
configuring a secure HTTP client 7-47
configuring a secure HTTP server 7-45
cryptographic software image 7-41
described 7-41
monitoring 7-48
SSM
address management restrictions 43-16
CGMP limitations 43-16
components 43-14
configuration guidelines 43-16
configuring 43-14, 43-17
differs from Internet standard multicast 43-15
IGMP snooping 43-16
IGMPv3 43-14
IGMPv3 Host Signalling 43-16
IP address range 43-15
monitoring 43-17
operations 43-15
PIM 43-14
state maintenance limitations 43-17
SSM mapping 43-17
configuration guidelines 43-18
configuring 43-17, 43-20
DNS-based 43-19, 43-21
monitoring 43-22
overview 43-18
restrictions 43-18
static 43-19, 43-20
static traffic forwarding 43-21
stack changes
effects on
IPv6 routing 38-10
stack changes, effects on
ACL configuration 33-7
CDP 26-2
cross-stack EtherChannel 36-12
EtherChannel 36-9
fallback bridging 45-3
HSRP 39-5
IEEE 802.1x port-based authentication 9-8
IGMP snooping 23-7
IP routing 37-4
IPv6 ACLs 34-3
MAC address tables 6-21
MSTP 18-8
multicast routing 43-10
MVR 23-18
port security 25-18
SDM template selection 8-3
SNMP 32-1
SPAN and RSPAN 29-10
STP 17-12
system message log 31-2
VLANs 12-6
VTP 13-6
stack master
bridge ID (MAC address) 5-8
defined 5-1
election 5-6
IPv6 38-10
re-election 5-6
See also stacks, switch
stack member
accessing CLI of specific member 5-25
configuring
member number 5-23
priority value 5-24
defined 5-1
displaying information of 5-26
IPv6 38-10
number 5-8
priority value 5-9
provisioning a new member 5-24
replacing 5-17
See also stacks, switch
stack member number 10-8
stack protocol version 5-12
stacks, switch
accessing CLI of specific member 5-25
assigning information
member number 5-23
priority value 5-24
provisioning a new member 5-24
auto-advise 5-13
auto-copy 5-13
auto-extract 5-13
auto-upgrade 5-13
bridge ID 5-8
CDP considerations 26-2
compatibility, software 5-12
configuration file 5-16
configuration scenarios 5-19
copying an image file from one member to another B-39
default configuration 5-21
description of 5-1
displaying information of 5-26
enabling persistent MAC address timer 5-21
hardware compatibility and SDM mismatch mode 5-11
HSRP considerations 39-5
incompatible software and image upgrades 5-16, B-39
IPv6 on 38-9
MAC address considerations 6-21
MAC address of 5-21
management connectivity 5-17
stacks, switch (continued)
managing 5-1
membership 5-3
merged 5-3
MSTP instances supported 17-10
multicast routing, stack master and member roles 43-10
offline configuration
described 5-9
effects of adding a provisioned switch 5-10
effects of removing a provisioned switch 5-11
effects of replacing a provisioned switch 5-11
provisioned configuration, defined 5-9
provisioned switch, defined 5-9
provisioning a new member 5-24
partitioned 5-3, 46-9
provisioned switch
adding 5-10
removing 5-11
replacing 5-11
replacing a failed member 5-17
software compatibility 5-12
software image version 5-12
stack protocol version 5-12
STP
bridge ID 17-3
instances supported 17-10
root port selection 17-3
stack root switch election 17-3
system messages
hostnames in the display 31-1
remotely monitoring 31-2
system prompt consideration 6-14
system-wide configuration considerations 5-17
upgrading B-39
stacks, switch (continued)
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 5-13
described 5-12
examples 5-14
manual upgrades with auto-advise 5-13
upgrades with auto-extract 5-13
See also stack master and stack member
StackWise Plus technology, Cisco 1-3
See also stacks, switch
standby ip command 39-7
standby links 20-2
standby router 39-1
standby timers, HSRP 39-11
startup configuration
booting
manually 3-18
specific image 3-19
clearing B-20
configuration file
automatically downloading 3-17
specifying the filename 3-17
default boot configuration 3-17
static access ports
assigning to VLAN 12-11
defined 10-3, 12-3
static addresses
See addresses
static IP routing 1-13
static MAC addressing 1-9
static routes
configuring 37-83
configuring for IPv6 38-20
understanding 38-6
static routing 37-3
static SSM mapping 43-19, 43-20
static traffic forwarding 43-21
static VLAN membership 12-2
statistics
CDP 26-5
IEEE 802.1x 9-52
interface 10-27
IP multicast routing 43-62
LLDP 27-8
LLDP-MED 27-8
OSPF 37-35
QoS ingress and egress 35-78
RMON group Ethernet 30-5
RMON group history 30-5
SNMP input and output 32-17
VTP 13-16
sticky learning 25-9
storm control
configuring 25-3
described 25-1
disabling 25-5
displaying 25-19
support for 1-4
thresholds 25-1
STP
accelerating root port selection 19-4
BackboneFast
described 19-7
disabling 19-17
enabling 19-16
BPDU filtering
described 19-3
disabling 19-15
enabling 19-14
BPDU guard
described 19-2
disabling 19-14
enabling 19-13
BPDU message exchange 17-3
configuration guidelines 17-13, 19-12
configuring
forward-delay time 17-23
hello time 17-22
maximum aging time 17-23
path cost 17-20
port priority 17-18
root switch 17-16
secondary root switch 17-18
spanning-tree mode 17-15
switch priority 17-21
transmit hold-count 17-24
counters, clearing 17-24
cross-stack UplinkFast
described 19-5
enabling 19-16
default configuration 17-13
default optional feature configuration 19-12
designated port, defined 17-4
designated switch, defined 17-4
detecting indirect link failures 19-8
disabling 17-16
displaying status 17-24
EtherChannel guard
described 19-10
disabling 19-17
enabling 19-17
extended system ID
effects on root switch 17-16
effects on the secondary root switch 17-18
overview 17-4
unexpected behavior 17-16
features supported 1-7
IEEE 802.1D and bridge ID 17-4
IEEE 802.1D and multicast addresses 17-9
IEEE 802.1t and VLAN identifier 17-5
inferior BPDU 17-3
instances supported 17-10
interface state, blocking to forwarding 19-2
interface states
blocking 17-6
disabled 17-7
forwarding 17-6, 17-7
learning 17-7
listening 17-7
overview 17-5
interoperability and compatibility among modes 17-11
keepalive messages 17-2
Layer 2 protocol tunneling 16-8
limitations with IEEE 802.1Q trunks 17-11
load sharing
overview 12-24
using path costs 12-27
using port priorities 12-25
loop guard
described 19-11
enabling 19-18
modes supported 17-10
multicast addresses, effect of 17-9
optional features supported 1-8
overview 17-2
path costs 12-27
Port Fast
described 19-2
enabling 19-12
port priorities 12-26
preventing root switch selection 19-10
protocols supported 17-10
redundant connectivity 17-8
root guard
described 19-10
enabling 19-18
root port, defined 17-3
root port selection on a switch stack 17-3
root switch
configuring 17-16
effects of extended system ID 17-4, 17-16
election 17-3
unexpected behavior 17-16
shutdown Port Fast-enabled port 19-2
stack changes, effects of 17-12
status, displaying 17-24
superior BPDU 17-3
timers, described 17-22
UplinkFast
described 19-3
enabling 19-15
VLAN-bridge 17-11
stratum, NTP 6-2
stub areas, OSPF 37-31
stub routing, EIGRP 37-43
subdomains, private VLAN 15-1
subnet mask 37-7
subnet zero 37-8
success response, VMPS 12-29
summer time 6-13
SunNet Manager 1-5
supernet 37-8
SVI autostate exclude
configuring 10-24
defined 10-6
SVI link state 10-6
SVIs
and IP unicast routing 37-5
and router ACLs 33-4
connecting VLANs 10-7
defined 10-5
routing between VLANs 12-2
switch 38-2
switch console port 1-7
Switch Database Management
See SDM
switched packets, ACLs on 33-36
Switched Port Analyzer
See SPAN
switched ports 10-2
switchport backup interface 20-4, 20-5
switchport block multicast command 25-8
switchport block unicast command 25-8
switchport command 10-17
switchport mode dot1q-tunnel command 16-6
switchport protected command 25-7
switch priority
MSTP 18-21
STP 17-21
switch software features 1-1
switch virtual interface
See SVI
synchronization, BGP 37-49
syslog
See system message logging
system clock
configuring
daylight saving time 6-13
manually 6-11
summer time 6-13
time zones 6-12
displaying the time and date 6-12
overview 6-1
See also NTP
system message logging
default configuration 31-4
defining error message severity levels 31-9
disabling 31-4
displaying the configuration 31-14
enabling 31-5
facility keywords, described 31-14
level keywords, described 31-10
limiting messages 31-10
message format 31-2
overview 31-1
system message logging (continued)
sequence numbers, enabling and disabling 31-8
setting the display destination device 31-5
stack changes, effects of 31-2
synchronizing log messages 31-6
syslog facility 1-13
time stamps, enabling and disabling 31-8
UNIX syslog servers
configuring the daemon 31-12
configuring the logging facility 31-13
facilities supported 31-14
system MTU and IEEE 802.1Q tunneling 16-5
system name
default configuration 6-15
default setting 6-15
manual configuration 6-15
See also DNS
system prompt, default setting 6-14, 6-15
system resources, optimizing 8-1
T
TACACS+
accounting, defined 7-11
authentication, defined 7-11
authorization, defined 7-11
configuring
accounting 7-17
authentication key 7-13
authorization 7-16
login authentication 7-14
default configuration 7-13
displaying the configuration 7-17
identifying the server 7-13
limiting the services to the user 7-16
operation of 7-12
overview 7-10
support for 1-10
tracking services accessed by user 7-17
tagged packets
IEEE 802.1Q 16-3
Layer 2 protocol 16-7
tar files
creating B-7
displaying the contents of B-7
extracting B-8
image file format B-25
TDR 1-14
Telnet
accessing management interfaces 2-11
number of connections 1-6
setting a password 7-6
templates, SDM 8-2
temporary self-signed certificate 7-43
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 7-6
TFTP
configuration files
downloading B-12
preparing the server B-11
uploading B-12
configuration files in base directory 3-7
configuring for autoconfiguration 3-7
image files
deleting B-29
downloading B-27
preparing the server B-27
uploading B-29
limiting access by servers 32-15
TFTP server 1-6
threshold, traffic level 25-2
threshold monitoring, IP SLAs 40-5
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 33-17
time ranges in ACLs 33-17
time stamps in log messages 31-8
time zones 6-12
TLVs
defined 27-2
LLDP 27-2
LLDP-MED 27-2
Token Ring VLANs
support for 12-6
VTP support 13-4
ToS 1-11
traceroute, Layer 2
and ARP 46-13
and CDP 46-13
broadcast traffic 46-12
described 46-12
IP addresses and subnets 46-13
MAC addresses and VLANs 46-13
multicast traffic 46-13
multiple devices on a port 46-13
unicast traffic 46-12
usage guidelines 46-13
traceroute command 46-15
See also IP traceroute
tracked lists
configuring 41-3
types 41-3
tracked objects
by Boolean expression 41-4
by threshold percentage 41-6
by threshold weight 41-5
tracking interface line-protocol state 41-2
tracking IP routing state 41-2
tracking objects 41-1
tracking process 41-1
track state, tracking IP SLAs 41-9
traffic
blocking flooded 25-8
fragmented 33-5
fragmented IPv6 34-2
unfragmented 33-5
traffic policing 1-11
traffic suppression 25-1
transmit hold-count
see STP
transparent mode, VTP 13-3, 13-12
trap-door mechanism 3-2
traps
configuring MAC address notification 6-22
configuring managers 32-11
defined 32-3
enabling 6-22, 32-11
notification types 32-11
overview 32-1, 32-4
troubleshooting
connectivity problems 46-11, 46-12, 46-14
detecting unidirectional links 28-1
displaying crash information 46-21
PIMv1 and PIMv2 interoperability problems 43-35
setting packet forwarding 46-18
SFP security and identification 46-10
show forward command 46-18
with CiscoWorks 32-4
with debug commands 46-17
with ping 46-11
with system message logging 31-1
with traceroute 46-14
trunk failover
See link-state tracking
trunking encapsulation 1-8
trunk ports
configuring 12-21
defined 10-3, 12-3
encapsulation 12-21, 12-26, 12-27
trunks
allowed-VLAN list 12-22
configuring 12-21, 12-26, 12-27
ISL 12-16
load sharing
setting STP path costs 12-27
using STP port priorities 12-25, 12-26
native VLAN for untagged traffic 12-24
parallel 12-27
pruning-eligible list 12-23
to non-DTP device 12-18
trusted boundary for QoS 35-38
trusted port states
between QoS domains 35-40
classification options 35-5
ensuring port security for IP phones 35-38
support for 1-11
within a QoS domain 35-35
trustpoints, CA 7-42
tunneling
defined 16-1
IEEE 802.1Q 16-1
Layer 2 protocol 16-8
tunnel ports
described 10-4, 16-1
IEEE 802.1Q, configuring 16-6
incompatibilities with other features 16-6
twisted-pair Ethernet, detecting unidirectional links 28-1
type of service
See ToS
U
UDLD
configuration guidelines 28-4
default configuration 28-4
disabling
globally 28-5
on fiber-optic interfaces 28-5
per interface 28-6
echoing detection mechanism 28-2
enabling
globally 28-5
per interface 28-6
Layer 2 protocol tunneling 16-10
link-detection mechanism 28-1
neighbor database 28-2
overview 28-1
resetting an interface 28-6
status, displaying 28-7
support for 1-7
UDP, configuring 37-16
UDP jitter, configuring 40-8
UDP jitter operation, IP SLAs 40-8
unauthorized ports with IEEE 802.1x 9-7
unicast MAC address filtering 1-6
and adding static addresses 6-25
and broadcast MAC addresses 6-25
and CPU packets 6-25
and multicast addresses 6-25
and router MAC addresses 6-25
configuration guidelines 6-25
described 6-25
unicast storm 25-1
unicast storm control command 25-4
unicast traffic, blocking 25-8
UniDirectional Link Detection protocol
See UDLD
universal software image
cryptographic 1-1
feature set
advanced IP services 1-2
IP base 1-2
IP services 1-2
noncryptographic 1-1
UNIX syslog servers
daemon configuration 31-12
facilities supported 31-14
message logging configuration 31-13
unrecognized Type-Length-Value (TLV) support 13-4
upgrading software images
See downloading
UplinkFast
described 19-3
disabling 19-16
enabling 19-15
support for 1-7
uploading
configuration files
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-15
using RCP B-19
using TFTP B-12
image files
preparing B-27, B-30, B-35
reasons for B-24
using FTP B-33
using RCP B-38
using TFTP B-29
User Datagram Protocol
See UDP
user EXEC mode 2-2
username-based authentication 7-6
V
version-dependent transparent mode 13-4
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 5-13
described 5-12
displaying 5-12
manual upgrades with auto-advise 5-13
upgrades with auto-extract 5-13
Virtual Private Network
See VPN
virtual router 39-1, 39-2
virtual switches and PAgP 36-6
vlan.dat file 12-5
VLAN 1
disabling on a trunk port 12-22
minimization 12-22
VLAN ACLs
See VLAN maps
vlan-assignment response, VMPS 12-29
VLAN configuration
at bootup 12-8
saving 12-8
VLAN configuration mode 2-2, 12-7
VLAN database
and startup configuration file 12-8
and VTP 13-1
VLAN configuration saved in 12-7
VLANs saved in 12-4
vlan database command 12-7
vlan dot1q tag native command 16-5
VLAN filtering and SPAN 29-7
vlan global configuration command 12-7
VLAN ID, discovering 6-27
VLAN link state 10-5
VLAN load balancing on flex links
configuration guidelines 20-8
described 20-2
VLAN management domain 13-2
VLAN Management Policy Server
See VMPS
VLAN map entries, order of 33-30
VLAN maps
applying 33-34
common uses for 33-34
configuration guidelines 33-30
configuring 33-29
creating 33-31
defined 33-2
denying access to a server example 33-34
denying and permitting packets 33-31
displaying 33-40
examples of ACLs and VLAN maps 33-32
removing 33-34
support for 1-9
VLAN membership
confirming 12-32
modes 12-3
VLAN Query Protocol
See VQP
VLANs
adding 12-9
adding to VLAN database 12-9
aging dynamic addresses 17-9
allowed on trunk 12-22
and spanning-tree instances 12-3, 12-6, 12-13
configuration guidelines, extended-range VLANs 12-13
configuration guidelines, normal-range VLANs 12-6
configuration options 12-7
configuring 12-1
configuring IDs 1006 to 4094 12-13
connecting through SVIs 10-7
creating in config-vlan mode 12-9
creating in VLAN configuration mode 12-10
customer numbering in service-provider networks 16-3
default configuration 12-8
deleting 12-10
described 10-2, 12-1
displaying 12-16
extended-range 12-1, 12-12
features 1-8
illustrated 12-2
internal 12-13
in the switch stack 12-6
limiting source traffic with RSPAN 29-20
limiting source traffic with SPAN 29-16
modifying 12-9
multicast 23-18
native, configuring 12-24
normal-range 12-1, 12-4
number supported 1-8
parameters 12-5
port membership modes 12-3
static-access ports 12-11
STP and IEEE 802.1Q trunks 17-11
supported 12-2
Token Ring 12-6
traffic between 12-2
VLAN-bridge STP 17-11, 45-2
VTP modes 13-3
VLAN Trunking Protocol
See VTP
VLAN trunks 12-16
VMPS
administering 12-33
configuration example 12-34
configuration guidelines 12-30
default configuration 12-30
description 12-28
dynamic port membership
described 12-29
reconfirming 12-32
troubleshooting 12-33
mapping MAC addresses to VLANs 12-28
monitoring 12-33
reconfirmation interval, changing 12-32
reconfirming membership 12-32
retry count, changing 12-32
voice aware 802.1x security
port-based authentication
configuring 9-33
described 9-21, 9-32
voice-over-IP 14-1
voice VLAN
Cisco 7960 phone, port connections 14-1
configuration guidelines 14-3
configuring IP phones for data traffic
override CoS of incoming frame 14-6
trust CoS priority of incoming frame 14-6
configuring ports for voice traffic in
IEEE 802.1p priority tagged frames 14-5
IEEE 802.1Q frames 14-5
connecting to an IP phone 14-4
default configuration 14-3
described 14-1
displaying 14-7
IP phone data traffic, described 14-2
IP phone voice traffic, described 14-2
VPN
configuring routing in 37-74
forwarding 37-68
in service provider networks 37-65
routes 37-66
VPN routing and forwarding table
See VRF
VQP 1-8, 12-28
VRF
defining 37-67
tables 37-65
VRF-aware services
ARP 37-70
configuring 37-70
ftp 37-73
HSRP 37-71
ping 37-70
SNMP 37-71
syslog 37-72
tftp 37-73
traceroute 37-72
uRPF 37-71
VRFs, configuring multicast 37-73
VTP
adding a client to a domain 13-14
advertisements 12-20, 13-3
and extended-range VLANs 13-2
and normal-range VLANs 13-2
client mode, configuring 13-11
configuration
global configuration mode 13-7
guidelines 13-8
privileged EXEC mode 13-7
requirements 13-9
saving 13-7
VLAN configuration mode 13-8
configuration mode options 13-7
configuration requirements 13-9
configuration revision number
guideline 13-14
resetting 13-15
configuring
client mode 13-11
server mode 13-9
transparent mode 13-12
consistency checks 13-4
default configuration 13-7
described 13-1
disabling 13-12
domain names 13-8
domains 13-2
Layer 2 protocol tunneling 16-8
modes
client 13-3, 13-11
server 13-3, 13-9
transitions 13-3
transparent 13-3, 13-12
monitoring 13-16
passwords 13-8
pruning
disabling 13-14
enabling 13-14
examples 13-5
overview 13-4
support for 1-8
pruning-eligible list, changing 12-23
server mode, configuring 13-9
statistics 13-16
support for 1-8
Token Ring support 13-4
transparent mode, configuring 13-12
using 13-1
version, guidelines 13-9
Version 1 13-4
Version 2
configuration guidelines 13-9
disabling 13-13
enabling 13-13
overview 13-4
W
WCCP
authentication 42-4
configuration guidelines 42-6
default configuration 42-6
described 42-2
displaying 42-10
dynamic service groups 42-4
enabling 42-6
features unsupported 42-5
forwarding method 42-3
Layer-2 header rewrite 42-3
MD5 security 42-4
message exchange 42-3
monitoring and maintaining 42-10
negotiation 42-3
packet redirection 42-4
packet-return method 42-3
redirecting traffic received from a client 42-6
setting the password 42-7
unsupported WCCPv2 features 42-5
web authentication 9-10
configuring9-48to9-50, 9-50to ??
described 1-9, 9-22
fallback for IEEE 802.1x 9-49
Web Cache Communication Protocol
See WCCP
weighted tail drop
See WTD
weight thresholds in tracked lists 41-5
wizards 1-3
WTD
described 35-13
setting thresholds
egress queue-sets 35-71
ingress queues 35-67
support for 1-11, 1-12