Numerics -
A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
K -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
Index
Numerics
10-Gigabit Ethernet interfaces 11-6
A
AAA down policy, NAC Layer 2 IP validation 1-11
abbreviating commands 2-4
ABRs 38-26
access
templates 9-1
access-class command 34-20
access control entries
See ACEs
access-denied response, VMPS 13-29
access groups
applying IPv4 ACLs to interfaces 34-21
Layer 2 34-21
Layer 3 34-21
access groups, applying IPv4 ACLs to interfaces 34-21
accessing stack members 6-26
access lists
See ACLs
access ports
and Layer 2 protocol tunneling 17-11
defined 11-3
access template 9-1
accounting
with 802.1x 10-47
with IEEE 802.1x 10-13
with RADIUS 8-28
with TACACS+ 8-11, 8-17
ACEs
and QoS 36-7
defined 34-2
Ethernet 34-2
IP 34-2
ACLs
ACEs 34-2
any keyword 34-13
applying
on bridged packets 34-38
on multicast packets 34-39
on routed packets 34-39
on switched packets 34-37
time ranges to 34-17
to an interface 34-20, 35-8
to IPv6 interfaces 35-8
to QoS 36-7
classifying traffic for QoS 36-43
comments in 34-19
compiling 34-23
defined 34-1, 34-8
examples of 34-23, 36-43
extended IP, configuring for QoS classification 36-44
extended IPv4
creating 34-11
matching criteria 34-8
hardware and software handling 34-22
host keyword 34-13
IP
creating 34-8
fragments and QoS guidelines 36-32
implicit deny 34-10, 34-14, 34-17
implicit masks 34-10
matching criteria 34-8
undefined 34-21
IPv4
applying to interfaces 34-20
creating 34-8
matching criteria 34-8
named 34-15
numbers 34-8
terminal lines, setting on 34-19
unsupported features 34-7
IPv6
and stacking 35-3
applying to interfaces 35-8
configuring 35-3, 35-4
displaying 35-9
interactions with other features 35-4
limitations 35-2
matching criteria 35-3
named 35-2
precedence of 35-2
supported 35-2
unsupported features 35-2
Layer 4 information in 34-37
logging messages 34-9
MAC extended 34-28, 36-45
matching 34-8, 34-21
monitoring 34-40, 35-9
named
IPv4 34-15
IPv6 35-2
names 35-4
number per QoS class map 36-32
port 34-2, 35-1
precedence of 34-2
QoS 36-7, 36-43
resequencing entries 34-15
router 34-2, 35-1
router ACLs and VLAN map configuration guidelines 34-36
standard IP, configuring for QoS classification 36-43
standard IPv4
creating 34-10
matching criteria 34-8
support for 1-9
support in hardware 34-22
time ranges 34-17
types supported 34-2
unsupported features
IPv4 34-7
IPv6 35-2
using router ACLs with VLAN maps 34-36
VLAN maps
configuration guidelines 34-31
configuring 34-30
active link 21-4, 21-5, 21-6
active links 21-2
active router 40-1
active traffic monitoring, IP SLAs 41-1
address aliasing 24-2
addresses
displaying the MAC address table 7-27
dynamic
accelerated aging 18-9
changing the aging time 7-21
default aging 18-9
defined 7-19
learning 3-15, 7-20
removing 7-22
IPv6 39-2
MAC, discovering 7-28
multicast
group address range 44-3
STP address management 18-9
static
adding and removing 7-24
defined 7-19
address resolution 7-28, 38-10
Address Resolution Protocol
See ARP
adjacency tables, with CEF 38-92
administrative distances
defined 38-106
OSPF 38-33
routing protocol defaults 38-94
advertisements
CDP 27-1
LLDP 28-1, 28-2
RIP 38-21
VTP 13-20, 14-3
aggregatable global unicast addresses 39-3
aggregate addresses, BGP 38-62
aggregated ports
See EtherChannel
aggregate policers 36-58
aggregate policing 1-12
aging, accelerating 18-9
aging time
accelerated
for MSTP 19-23
for STP 18-9, 18-23
MAC address table 7-21
maximum
for MSTP 19-23, 19-24
for STP 18-23, 18-24
alarms, RMON 31-3
allowed-VLAN list 13-22
application engines, redirecting traffic to 43-1
area border routers
See ABRs
area routing
IS-IS 38-66
ISO IGRP 38-66
ARP
configuring 38-11
defined 1-6, 7-28, 38-10
encapsulation 38-11
static cache configuration 38-11
table
address resolution 7-28
managing 7-28
ASBRs 38-26
AS-path filters, BGP 38-56
asymmetrical links, and IEEE 802.1Q tunneling 17-4
attributes, RADIUS
vendor-proprietary 8-31
vendor-specific 8-29
attribute-value pairs 10-17, 10-18
authentication
EIGRP 38-42
HSRP 40-11
local mode with AAA 8-36
NTP associations 7-4
open1x 10-25
RADIUS
key 8-21
login 8-23
TACACS+
defined 8-11
key 8-13
login 8-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 10-8
authentication failed VLAN
See restricted VLAN
authentication keys, and routing protocols 38-106
authentication manager
CLI commands 10-9
compatibility with older 802.1x CLI commands10-9to 10-10
overview 10-7
authoritative time source, described 7-2
authorization
with RADIUS 8-27
with TACACS+ 8-11, 8-16
authorized ports with IEEE 802.1x 10-10
autoconfiguration 3-3
auto enablement 10-30
automatic advise (auto-advise) in switch stacks 6-14
automatic copy (auto-copy) in switch stacks 6-13
automatic extraction (auto-extract) in switch stacks 6-13
automatic QoS
See QoS
automatic upgrades (auto-upgrade) in switch stacks 6-13
auto-MDIX
configuring 11-22
described 11-22
autonegotiation
duplex mode 1-4
interface configuration guidelines 11-18
mismatches 47-9
autonomous system boundary routers
See ASBRs
autonomous systems, in BGP 38-49
Auto-RP, described 44-7
autosensing, port speed 1-4
autostate exclude 11-6
auxiliary VLAN
See voice VLAN
availability, features 1-7
B
BackboneFast
described 20-7
disabling 20-17
enabling 20-16
support for 1-8
backup interfaces
See Flex Links
backup links 21-2
banners
configuring
login 7-18
message-of-the-day login 7-18
default configuration 7-17
when displayed 7-17
BGP
aggregate addresses 38-62
aggregate routes, configuring 38-62
CIDR 38-62
clear commands 38-65
community filtering 38-58
configuring neighbors 38-60
default configuration 38-47
described 38-46
enabling 38-49
monitoring 38-65
multipath support 38-53
neighbors, types of 38-49
path selection 38-53
peers, configuring 38-60
prefix filtering 38-57
resetting sessions 38-52
route dampening 38-64
route maps 38-55
route reflectors 38-63
routing domain confederation 38-62
routing session with multi-VRF CE 38-86
show commands 38-65
supernets 38-62
support for 1-13
Version 4 38-46
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 22-6
DHCP snooping database 22-6
IP source guard 22-16
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 26-7
Boolean expressions in tracked lists 42-4
booting
boot loader, function of 3-2
boot process 3-2
manually 3-18
specific image 3-18
boot loader
accessing 3-19
described 3-2
environment variables 3-19
prompt 3-19
trap-door mechanism 3-2
bootstrap router (BSR), described 44-7
Border Gateway Protocol
See BGP
BPDU
error-disabled state 20-2
filtering 20-3
RSTP format 19-12
BPDU filtering
described 20-3
disabling 20-15
enabling 20-14
support for 1-8
BPDU guard
described 20-2
disabling 20-14
enabling 20-13
support for 1-8
bridged packets, ACLs on 34-38
bridge groups
See fallback bridging
bridge protocol data unit
See BPDU
broadcast flooding 38-18
broadcast packets
directed 38-15
flooded 38-15
broadcast storm-control command 26-4
broadcast storms 26-1, 38-15
C
cables, monitoring for unidirectional links 29-1
Catalyst 6000 switches
authentication compatibility 10-8
CA trustpoint
configuring 8-45
defined 8-43
CDP
and trusted boundary 36-39
configuring 27-2
default configuration 27-2
defined with LLDP 28-1
described 27-1
disabling for routing device27-3to 27-4
enabling and disabling
on an interface 27-4
on a switch 27-3
Layer 2 protocol tunneling 17-8
monitoring 27-5
overview 27-1
support for 1-6
switch stack considerations 27-2
transmission timer and holdtime, setting 27-2
updates 27-2
CEF
defined 38-91
distributed 38-92
IPv6 39-19
CGMP
as IGMP snooping learning method 24-9
clearing cached group entries 44-61
enabling server support 44-44
joining multicast group 24-3
overview 44-9
server support only 44-9
switch support of 1-4
CIDR 38-62
CipherSuites 8-44
Cisco 7960 IP Phone 15-1
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
See IFS
Cisco IOS IP SLAs 41-1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 10-18
attribute-value pairs for redirect URL 10-17
Cisco Secure ACS configuration guide 10-58
Cisco StackWise Plus technology 1-3
See also stacks, switch
CiscoWorks 2000 1-5, 33-4
CISP 10-30
CIST regional root
See MSTP
CIST root
See MSTP
civic location 28-3
classless interdomain routing
See CIDR
classless routing 38-8
class maps for QoS
configuring 36-46
described 36-7
displaying 36-78
class of service
See CoS
clearing interfaces 11-29
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-5
editing features
enabling and disabling 2-7
keystroke editing 2-8
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client mode, VTP 14-3
client processes, tracking 42-1
CLNS
See ISO CLNS
clock
See system clock
CNS
Configuration Engine
configID, deviceID, hostname 5-3
configuration service 5-2
described 5-1
event service 5-3
embedded agents
described 5-5
enabling automated configuration 5-7
enabling configuration agent 5-9
enabling event agent 5-8
management functions 1-6
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 8-8
community list, BGP 38-59
community ports 16-2
community strings
configuring 33-8
overview 33-4
community VLANs 16-2, 16-3
compatibility, feature 26-12
compatibility, software
See stacks, switch
config.text 3-17
configurable leave timer, IGMP 24-6
configuration, initial
defaults 1-14
Express Setup 1-3
configuration examples, network 1-17
configuration files
archiving B-20
clearing the startup configuration B-20
creating and using, guidelines for B-10
creating using a text editor B-11
default name 3-17
deleting a stored configuration B-20
described B-9
downloading
automatically 3-17
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
invalid combinations when copying B-5
limiting TFTP server access 33-16
obtaining with DHCP 3-8
password recovery disable considerations 8-5
replacing and rolling back, guidelines for B-21
replacing a running configuration B-20, B-21
rolling back a running configuration B-20, B-21
specifying the filename 3-17
system contact and location information 33-16
types and location B-10
configuration files (continued)
uploading
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-15
using RCP B-19
using TFTP B-12
configuration guidelines, multi-VRF CE 38-79
configuration logging 2-5
configuration replacement B-20
configuration rollback B-20
configuration settings, saving 3-15
configure terminal command 11-9
configuring multicast VRFs 38-84
configuring port-based authentication violation modes 10-36
configuring small-frame arrival rate 26-5
config-vlan mode 2-2, 13-7
connections, secure remote 8-38
connectivity problems 47-11, 47-12, 47-14
consistency checks in VTP Version 2 14-4
console port, connecting to 2-11
content-routing technology
See WCCP
control protocol, IP SLAs 41-3
corrupted software, recovery steps with Xmodem 47-2
CoS
in Layer 2 frames 36-2
override priority 15-6
trust priority 15-6
CoS input queue threshold map for QoS 36-16
CoS output queue threshold map for QoS 36-19
CoS-to-DSCP map for QoS 36-60
counters, clearing interface 11-29
CPU utilization, troubleshooting 47-24
crashinfo file 47-21
critical authentication, IEEE 802.1x 10-51
cross-stack EtherChannel
configuration guidelines 37-12
configuring
on Layer 2 interfaces 37-12
on Layer 3 physical interfaces 37-15
described 37-2
illustration 37-3
support for 1-7
cross-stack UplinkFast, STP
described 20-5
disabling 20-16
enabling 20-16
fast-convergence events 20-7
Fast Uplink Transition Protocol 20-6
normal-convergence events 20-7
support for 1-8
cryptographic software image
Kerberos 8-32
SSH 8-37
SSL 8-42
switch stack considerations 6-2, 6-18, 8-38
customer edge devices 38-77
D
DACL
See downloadable ACL
daylight saving time 7-13
dCEF in the switch stack 38-91
debugging
enabling all system diagnostics 47-18
enabling for a specific feature 47-17
redirecting error message output 47-18
using commands 47-17
default commands 2-4
default configuration
802.1x 10-32
auto-QoS 36-21
banners 7-17
default configuration (continued)
BGP 38-47
booting 3-17
CDP 27-2
DHCP 22-8
DHCP option 82 22-8
DHCP snooping 22-8
DHCP snooping binding database 22-9
DNS 7-16
dynamic ARP inspection 23-5
EIGRP 38-38
EtherChannel 37-10
Ethernet interfaces 11-17
fallback bridging 46-4
Flex Links 21-8
HSRP 40-6
IEEE 802.1Q tunneling 17-4
IGMP 44-39
IGMP filtering 24-25
IGMP snooping 24-7, 25-5, 25-6
IGMP throttling 24-25
initial switch information 3-3
IP addressing, IP routing 38-6
IP multicast routing 44-11
IP SLAs 41-6
IP source guard 22-17
IPv6 39-11
IS-IS 38-68
Layer 2 interfaces 11-17
Layer 2 protocol tunneling 17-11
LLDP 28-4
MAC address table 7-21
MAC address-table move update 21-8
MSDP 45-4
MSTP 19-14
multi-VRF CE 38-79
MVR 24-20
NTP 7-4
optional spanning-tree configuration 20-12
default configuration (continued)
OSPF 38-27
password and privilege level 8-2
PIM 44-11
private VLANs 16-6
RADIUS 8-20
RIP 38-21
RMON 31-3
RSPAN 30-11
SDM template 9-4
SNMP 33-6
SPAN 30-11
SSL 8-45
standard QoS 36-30
STP 18-13
switch stacks 6-21
system message logging 32-4
system name and prompt 7-15
TACACS+ 8-13
UDLD 29-4
VLAN, Layer 2 Ethernet interfaces 13-20
VLANs 13-8
VMPS 13-30
voice VLAN 15-3
VTP 14-7
WCCP 43-6
default gateway 3-14, 38-13
default networks 38-95
default router preference
See DRP
default routes 38-95
default routing 38-3
deleting VLANs 13-10
denial-of-service attack 26-1
description command 11-23
designing your network, examples 1-17
desktop template 6-12
destination addresses
in IPv4 ACLs 34-12
in IPv6 ACLs 35-5, 35-6
destination-IP address-based forwarding, EtherChannel 37-8
destination-MAC address forwarding, EtherChannel 37-8
detecting indirect link failures, STP 20-8
device discovery protocol 27-1, 28-1
device manager
benefits 1-3
described 1-3, 1-5
in-band management 1-7
DHCP
Cisco IOS server database
configuring 22-14
default configuration 22-9
described 22-6
DHCP for IPv6
See DHCPv6
enabling
relay agent 22-11
server 22-10
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-4
DNS 3-7
relay device 3-8
server side 3-6
server-side 22-10
TFTP server 3-7
example 3-9
lease options
for IP address information 3-6
for receiving the configuration file 3-6
overview 3-3
relationship to BOOTP 3-4
relay support 1-6, 1-13
support for 1-6
DHCP-based autoconfiguration and image update
configuring3-11to 3-14
understanding3-5to 3-6
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 22-5
configuration guidelines 22-9
default configuration 22-8
displaying 22-16
forwarding address, specifying 22-11
helper address 22-11
overview 22-3
packet format, suboption
circuit ID 22-5
remote ID 22-5
remote ID suboption 22-5
DHCP server port-based address allocation
configuration guidelines 22-21
default configuration 22-21
described 22-20
displaying 22-23
enabling 22-21
DHCP snooping
accepting untrusted packets form edge switch 22-3, 22-13
and private VLANs 22-14
binding database
See DHCP snooping binding database
configuration guidelines 22-9
default configuration 22-8
displaying binding tables 22-16
message exchange process 22-4
option 82 data insertion 22-3
trusted interface 22-2
untrusted interface 22-2
untrusted messages 22-2
DHCP snooping binding database
adding bindings 22-15
binding entries, displaying 22-16
binding file
format 22-7
location 22-6
bindings 22-6
clearing agent statistics 22-15
configuration guidelines 22-10
configuring 22-15
default configuration 22-8, 22-9
deleting
binding file 22-15
bindings 22-16
database agent 22-15
described 22-6
displaying 22-16
binding entries 22-16
status and statistics 22-16
displaying status and statistics 22-16
enabling 22-15
entry 22-6
renewing database 22-15
resetting
delay value 22-15
timeout value 22-15
DHCP snooping binding table
See DHCP snooping binding database
DHCPv6
configuration guidelines 39-15
default configuration 39-15
described 39-6
enabling client function 39-18
enabling DHCPv6 server function 39-16
diagnostic schedule command 48-2
Differentiated Services architecture, QoS 36-2
Differentiated Services Code Point 36-2
Diffusing Update Algorithm (DUAL) 38-36
directed unicast requests 1-6
directories
changing B-4
creating and removing B-4
displaying the working B-4
Distance Vector Multicast Routing Protocol
See DVMRP
distance-vector protocols 38-3
distribute-list command 38-105
DNS
and DHCP-based autoconfiguration 3-7
default configuration 7-16
displaying the configuration 7-17
in IPv6 39-4
overview 7-15
setting up 7-16
support for 1-6
DNS-based SSM mapping 44-19, 44-21
domain names
DNS 7-15
VTP 14-8
Domain Name System
See DNS
domains, ISO IGRP routing 38-66
dot1q-tunnel switchport mode 13-18
double-tagged packets
IEEE 802.1Q tunneling 17-2
Layer 2 protocol tunneling 17-10
downloadable ACL 10-17, 10-18, 10-58
downloading
configuration files
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
image files
deleting old image B-29
preparing B-26, B-30, B-35
reasons for B-24
using CMS 1-3
using FTP B-31
using HTTP 1-3, B-24
using RCP B-36
using TFTP B-27
using the device manager or Network Assistant B-24
drop threshold for Layer 2 protocol packets 17-11
DRP
configuring 39-13
described 39-4
IPv6 39-4
DSCP 1-11, 36-2
DSCP input queue threshold map for QoS 36-16
DSCP output queue threshold map for QoS 36-19
DSCP-to-CoS map for QoS 36-63
DSCP-to-DSCP-mutation map for QoS 36-64
DSCP transparency 36-39
DTP 1-8, 13-18
dual-action detection 37-6
DUAL finite state machine, EIGRP 38-37
dual IPv4 and IPv6 templates 9-2, 39-5, 39-6
dual protocol stacks
IPv4 and IPv6 39-6
SDM templates supporting 39-6
DVMRP
autosummarization
configuring a summary address 44-58
disabling 44-60
connecting PIM domain to DVMRP router 44-51
enabling unicast routing 44-54
interoperability
with Cisco devices 44-49
with Cisco IOS software 44-9
mrinfo requests, responding to 44-53
neighbors
advertising the default route to 44-52
discovery with Probe messages 44-49
displaying information 44-53
prevent peering with nonpruning 44-56
rejecting nonpruning 44-55
overview 44-9
routes
adding a metric offset 44-60
advertising all 44-60
advertising the default route to neighbors 44-52
caching DVMRP routes learned in report messages 44-54
changing the threshold for syslog messages 44-57
deleting 44-61
displaying 44-62
favoring one over another 44-60
limiting the number injected into MBONE 44-57
limiting unicast route advertisements 44-49
routing table 44-9
source distribution tree, building 44-9
support for 1-13
tunnels
configuring 44-51
displaying neighbor information 44-53
dynamic access ports
characteristics 13-4
configuring 13-31
defined 11-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 23-1
ARP requests, described 23-1
ARP spoofing attack 23-1
dynamic ARP inspection (continued)
clearing
log buffer 23-15
statistics 23-15
configuration guidelines 23-6
configuring
ACLs for non-DHCP environments 23-8
in DHCP environments 23-7
log buffer 23-12
rate limit for incoming ARP packets 23-4, 23-10
default configuration 23-5
denial-of-service attacks, preventing 23-10
described 23-1
DHCP snooping binding database 23-2
displaying
ARP ACLs 23-14
configuration and operating state 23-14
log buffer 23-15
statistics 23-15
trust state and rate limit 23-14
error-disabled state for exceeding rate limit 23-4
function of 23-2
interface trust states 23-3
log buffer
clearing 23-15
configuring 23-12
displaying 23-15
logging of dropped packets, described 23-5
man-in-the middle attack, described 23-2
network security issues and interface trust states 23-3
priority of ARP ACLs and DHCP snooping entries 23-4
rate limiting of ARP packets
configuring 23-10
described 23-4
error-disabled state 23-4
statistics
clearing 23-15
displaying 23-15
dynamic ARP inspection (continued)
validation checks, performing 23-11
dynamic auto trunking mode 13-18
dynamic desirable trunking mode 13-18
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 13-29
reconfirming 13-32
troubleshooting 13-33
types of connections 13-31
dynamic routing 38-3
ISO CLNS 38-66
Dynamic Trunking Protocol
See DTP
E
EBGP 38-45
editing features
enabling and disabling 2-7
keystrokes used 2-8
wrapped lines 2-9
EIGRP
authentication 38-42
components 38-37
configuring 38-40
default configuration 38-38
definition 38-36
interface parameters, configuring 38-41
monitoring 38-44
stub routing 38-43
support for 1-13
elections
See stack master
ELIN location 28-3
enable password 8-3
enable secret password 8-3
encryption, CipherSuite 8-44
encryption for passwords 8-3
Enhanced IGRP
See EIGRP
enhanced object tracking
commands 42-1
defined 42-1
HSRP 42-7
IP routing state 42-2
IP SLAs 42-9
line-protocol state 42-2
tracked lists 42-3
environment variables, function of 3-20
equal-cost routing 1-13, 38-93
error-disabled state, BPDU 20-2
error messages during command entry 2-5
EtherChannel
automatic creation of 37-5, 37-6
channel groups
binding physical and logical interfaces 37-4
numbering of 37-4
configuration guidelines 37-11
configuring
Layer 2 interfaces 37-12
Layer 3 physical interfaces 37-15
Layer 3 port-channel logical interfaces 37-14
default configuration 37-10
described 37-2
displaying status 37-22
forwarding methods 37-8, 37-17
IEEE 802.3ad, described 37-6
interaction
with STP 37-11
with VLANs 37-12
LACP
described 37-6
displaying status 37-22
hot-standby ports 37-19
interaction with other features 37-7
modes 37-7
port priority 37-21
system priority 37-20
Layer 3 interface 38-5
load balancing 37-8, 37-17
logical interfaces, described 37-4
PAgP
aggregate-port learners 37-18
compatibility with Catalyst 1900 37-18
described 37-5
displaying status 37-22
interaction with other features 37-6
interaction with virtual switches 37-6
learn method and priority configuration 37-18
modes 37-5
support for 1-4
with dual-action detection 37-6
port-channel interfaces
described 37-4
numbering of 37-4
port groups 11-6
stack changes, effects of 37-9
support for 1-4
EtherChannel guard
described 20-10
disabling 20-17
enabling 20-17
Ethernet management port
and switch stacks 11-13
supported features 11-15
Ethernet management port, internal
active link 11-14
and management module 11-13
and routing 11-14
and switch stacks 11-13
and TFTP 11-16
configuring 11-16
default setting 11-14
described 11-13
Ethernet management port, internal (continued)
IP address 11-13
Layer 3 routing guidelines 11-15
unsupported features 11-15
Ethernet VLANs
adding 13-9
defaults and ranges 13-8
modifying 13-9
EUI 39-3
events, RMON 31-3
examples
network configuration 1-17
expedite queue for QoS 36-76
Express Setup 1-3
See also getting started guide
extended crashinfo file 47-21
extended-range VLANs
configuration guidelines 13-13
configuring 13-12
creating 13-14
creating with an internal VLAN ID 13-15
defined 13-1
extended system ID
MSTP 19-17
STP 18-4, 18-16
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 10-1
external BGP
See EBGP
external neighbors, BGP 38-49
F
Fa0 port
See Ethernet management port, internal
failover support 1-7
fallback bridging
and protected ports 46-4
bridge groups
creating 46-4
described 46-2
displaying 46-11
function of 46-2
number supported 46-5
removing 46-5
bridge table
clearing 46-11
displaying 46-11
configuration guidelines 46-4
connecting interfaces with 11-8
default configuration 46-4
described 46-1
frame forwarding
flooding packets 46-2
forwarding packets 46-2
overview 46-1
protocol, unsupported 46-4
stack changes, effects of 46-3
STP
disabling on an interface 46-10
forward-delay interval 46-9
hello BPDU interval 46-9
interface priority 46-7
keepalive messages 18-2
maximum-idle interval 46-10
path cost 46-7
VLAN-bridge spanning-tree priority 46-6
VLAN-bridge STP 46-2
support for 1-13
SVIs and routed ports 46-1
unsupported protocols 46-4
VLAN-bridge STP 18-11
Fast Convergence 21-3
fastethernet0 port
See Ethernet management port, internal
Fast Uplink Transition Protocol 20-6
features, incompatible 26-12
FIB 38-92
fiber-optic, detecting unidirectional links 29-1
files
basic crashinfo
description 47-21
location 47-21
copying B-5
crashinfo, description 47-21
deleting B-5
displaying the contents of B-8
extended crashinfo
description 47-21
location 47-21
tar
creating B-7
displaying the contents of B-7
extracting B-8
image file format B-25
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-5
setting the default B-3
filtering
in a VLAN 34-30
IPv6 traffic 35-3, 35-8
non-IP traffic 34-28
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
See ACLs, IP
flash device, number of B-1
flexible authentication ordering
configuring 10-61
overview 10-25
Flex Link Multicast Fast Convergence 21-3
Flex Links
configuration guidelines 21-8
configuring 21-9
configuring preferred VLAN 21-12
configuring VLAN load balancing 21-11
default configuration 21-8
description 21-1
link load balancing 21-2
monitoring 21-14
VLANs 21-2
flooded traffic, blocking 26-8
flow-based packet classification 1-11
flowcharts
QoS classification 36-6
QoS egress queueing and scheduling 36-17
QoS ingress queueing and scheduling 36-15
QoS policing and marking 36-10
flowcontrol
configuring 11-20
described 11-20
forward-delay time
MSTP 19-23
STP 18-23
Forwarding Information Base
See FIB
forwarding nonroutable protocols 46-1
FTP
accessing MIB files A-4
configuration files
downloading B-14
overview B-13
preparing the server B-14
uploading B-15
image files
deleting old image B-33
downloading B-31
preparing the server B-30
uploading B-33
G
general query 21-5
Generating IGMP Reports 21-3
get-bulk-request operation 33-3
get-next-request operation 33-3, 33-4
get-request operation 33-3, 33-4
get-response operation 33-3
global configuration mode 2-2
global leave, IGMP 24-13
guest VLAN and IEEE 802.1x 10-18
guide mode 1-3
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces 11-24
hello time
MSTP 19-22
STP 18-22
help, for the command line 2-3
hierarchical policy maps 36-8
configuration guidelines 36-32
configuring 36-52
described 36-11
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 32-10
host ports
configuring 16-11
kinds of 16-2
hosts, limit on dynamic ports 13-33
Hot Standby Router Protocol
See HSRP
HP OpenView 1-5
HSRP
authentication string 40-11
command-switch redundancy 1-2, 1-7
configuring 40-5
default configuration 40-6
definition 40-1
guidelines 40-6
monitoring 40-12
object tracking 42-7
overview 40-1
priority 40-8
routing redundancy 1-12
support for ICMP redirect messages 40-12
switch stack considerations 40-5
timers 40-11
tracking 40-8
HSRP for IPv6
configuring 39-25
guidelines 39-24
HTTP over SSL
see HTTPS
HTTPS
configuring 8-46
described 8-43
self-signed certificate 8-43
HTTP secure server 8-43
I
IBPG 38-45
ICMP
IPv6 39-4
redirect messages 38-13
support for 1-13
time-exceeded messages 47-14
traceroute and 47-14
unreachable messages 34-20
unreachable messages and IPv6 35-4
unreachables and ACLs 34-22
ICMP Echo operation
configuring 41-11
IP SLAs 41-10
ICMP ping
executing 47-11
overview 47-11
ICMP Router Discovery Protocol
See IRDP
ICMPv6 39-4
IDS appliances
and ingress RSPAN 30-22
and ingress SPAN 30-15
IEEE 802.1D
See STP
IEEE 802.1p 15-1
IEEE 802.1Q
and trunk ports 11-3
configuration limitations 13-19
encapsulation 13-16
native VLAN for untagged traffic 13-24
tunneling
compatibility with other features 17-6
defaults 17-4
described 17-1
tunnel ports with other features 17-6
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3x flow control 11-20
ifIndex values, SNMP 33-5
IFS 1-6
IGMP
configurable leave timer
described 24-6
enabling 24-12
configuring the switch
as a member of a group 44-39
statically connected member 44-43
controlling access to groups 44-40
default configuration 44-39
deleting cache entries 44-62
displaying groups 44-62
fast switching 44-44
flooded multicast traffic
controlling the length of time 24-13
disabling on an interface 24-14
global leave 24-13
query solicitation 24-13
recovering from flood mode 24-13
host-query interval, modifying 44-41
joining multicast group 24-3
join messages 24-3
leave processing, enabling 24-11, 25-9
leaving multicast group 24-5
multicast reachability 44-39
overview 44-3
queries 24-4
report suppression
described 24-6
disabling 24-16, 25-11
supported versions 24-3
support for 1-4
Version 1
changing to Version 2 44-41
described 44-3
Version 2
changing to Version 1 44-41
described 44-3
maximum query response time value 44-43
pruning groups 44-43
IGMP (continued)
query timeout value 44-42
IGMP filtering
configuring 24-25
default configuration 24-25
described 24-24
monitoring 24-29
support for 1-5
IGMP groups
configuring filtering 24-28
setting the maximum number 24-27
IGMP helper 44-6
IGMP Immediate Leave
configuration guidelines 24-12
described 24-6
enabling 24-11
IGMP profile
applying 24-27
configuration mode 24-25
configuring 24-26
IGMP snooping
and address aliasing 24-2
and stack changes 24-7
configuring 24-7
default configuration 24-7, 25-5, 25-6
definition 24-2
enabling and disabling 24-8, 25-7
global configuration 24-8
Immediate Leave 24-6
in the switch stack 24-7
method 24-9
monitoring 24-16, 25-11
querier
configuration guidelines 24-14
configuring 24-14
supported versions 24-3
support for 1-4
VLAN configuration 24-8
IGMP throttling
configuring 24-28
default configuration 24-25
described 24-25
displaying action 24-29
IGP 38-26
Immediate Leave, IGMP
described 24-6
enabling 25-9
inaccessible authentication bypass 10-20
initial configuration
defaults 1-14
Express Setup 1-3
interface
number 11-8
range macros 11-11
interface command11-8to 11-9
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 11-22
configuring
procedure 11-9
counters, clearing 11-29
default configuration 11-17
described 11-23
descriptive name, adding 11-23
displaying information about 11-28
duplex and speed configuration guidelines 11-18
flow control 11-20
management 1-5
monitoring 11-28
naming 11-23
physical, identifying 11-8
range of 11-10
restarting 11-29
shutting down 11-29
speed and duplex, configuring 11-19
status 11-28
supported 11-8
types of 11-1
interfaces range macro command 11-11
interface types 11-8
Interior Gateway Protocol
See IGP
internal BGP
See IBGP
internal neighbors, BGP 38-49
Internet Control Message Protocol
See ICMP
Internet Group Management Protocol
See IGMP
Internet Protocol version 6
See IPv6
Inter-Switch Link
See ISL
inter-VLAN routing 1-13, 38-2
Intrusion Detection System
See IDS appliances
inventory management TLV 28-2, 28-7
IP ACLs
for QoS classification 36-7
implicit deny 34-10, 34-14
implicit masks 34-10
named 34-15
undefined 34-21
IP addresses
128-bit 39-2
classes of 38-7
default configuration 38-6
discovering 7-28
for IP routing 38-6
IPv6 39-2
MAC address association 38-10
monitoring 38-19
IP base feature set 1-2
IP broadcast address 38-17
ip cef distributed command 38-92
IP directed broadcasts 38-15
ip igmp profile command 24-25
IP information
assigned
manually 3-14
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing
addresses
all-hosts 44-3
all-multicast-routers 44-3
host group address range 44-3
administratively-scoped boundaries, described 44-46
and IGMP snooping 24-2
Auto-RP
adding to an existing sparse-mode cloud 44-27
benefits of 44-26
clearing the cache 44-62
configuration guidelines 44-12
filtering incoming RP announcement messages 44-28
overview 44-7
preventing candidate RP spoofing 44-28
preventing join messages to false RPs 44-28
setting up in a new internetwork 44-26
using with BSR 44-34
bootstrap router
configuration guidelines 44-12
configuring candidate BSRs 44-32
configuring candidate RPs 44-33
defining the IP multicast boundary 44-31
defining the PIM domain border 44-30
overview 44-7
using with Auto-RP 44-34
Cisco implementation 44-2
configuring
basic multicast routing 44-12
IP multicast boundary 44-46
IP multicast routing (continued)
default configuration 44-11
enabling
multicast forwarding 44-13
PIM mode 44-14
group-to-RP mappings
Auto-RP 44-7
BSR 44-7
MBONE
deleting sdr cache entries 44-62
described 44-45
displaying sdr cache 44-63
enabling sdr listener support 44-46
limiting DVMRP routes advertised 44-57
limiting sdr cache entry lifetime 44-46
SAP packets for conference session announcement 44-45
Session Directory (sdr) tool, described 44-45
monitoring
packet rate loss 44-63
peering devices 44-63
tracing a path 44-63
multicast forwarding, described 44-8
PIMv1 and PIMv2 interoperability 44-11
protocol interaction 44-2
reverse path check (RPF) 44-8
routing table
deleting 44-62
displaying 44-62
RP
assigning manually 44-25
configuring Auto-RP 44-26
configuring PIMv2 BSR 44-30
monitoring mapping information 44-35
using Auto-RP and BSR 44-34
stacking
stack master functions 44-10
stack member functions 44-10
statistics, displaying system and network 44-62
IP multicast routing (continued)
See also CGMP
See also DVMRP
See also IGMP
See also PIM
IP phones
and QoS 15-1
automatic classification and queueing 36-20
configuring 15-4
ensuring port security with QoS 36-38
trusted boundary for QoS 36-38
IP precedence 36-2
IP-precedence-to-DSCP map for QoS 36-61
IP protocols
in ACLs 34-12
routing 1-12
IP protocols in ACLs 34-12
IP routes, monitoring 38-108
IP routing
connecting interfaces with 11-8
disabling 38-20
enabling 38-20
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 41-1
IP services feature set 1-2
IP SLAs
benefits 41-2
configuration guidelines 41-6
configuring object tracking 42-9
Control Protocol 41-3
default configuration 41-6
definition 41-1
ICMP echo operation 41-10
measuring network performance 41-2
monitoring 41-13
multioperations scheduling 41-5
object tracking 42-9
operation 41-3
reachability tracking 42-9
responder
described 41-3
enabling 41-7
response time 41-4
scheduling 41-5
SNMP support 41-2
supported metrics 41-2
threshold monitoring 41-5
track state 42-9
UDP jitter operation 41-8
IP source guard
and DHCP snooping 22-16
and EtherChannels 22-18
and hardware entries 22-18
and IEEE 802.1x 22-18
and port security 22-18
and private VLANs 22-18
and routed ports 22-18
and trunk interfaces 22-18
and VRF 22-18
binding configuration
automatic 22-16
manual 22-16
binding table 22-16
configuration guidelines 22-18
default configuration 22-17
described 22-16
disabling 22-19
displaying
bindings 22-20
configuration 22-20
enabling 22-19
filtering
source IP address 22-17
source IP and MAC address 22-17
source IP address filtering 22-17
source IP and MAC address filtering 22-17
IP source guard (continued)
static bindings
adding 22-19
deleting 22-19
IP traceroute
executing 47-15
overview 47-14
IP unicast routing
address resolution 38-10
administrative distances 38-94, 38-106
ARP 38-10
assigning IP addresses to Layer 3 interfaces 38-7
authentication keys 38-106
broadcast
address 38-17
flooding 38-18
packets 38-15
storms 38-15
classless routing 38-8
configuring static routes 38-94
default
addressing configuration 38-6
gateways 38-13
networks 38-95
routes 38-95
routing 38-3
directed broadcasts 38-15
disabling 38-20
dynamic routing 38-3
enabling 38-20
EtherChannel Layer 3 interface 38-5
IGP 38-26
inter-VLAN 38-2
IP addressing
classes 38-7
configuring 38-6
IPv6 39-3
IRDP 38-13
Layer 3 interfaces 38-5
IP unicast routing (continued)
MAC address and IP address 38-10
passive interfaces 38-104
protocols
distance-vector 38-3
dynamic 38-3
link-state 38-3
proxy ARP 38-10
redistribution 38-96
reverse address resolution 38-10
routed ports 38-5
static routing 38-3
steps to configure 38-5
subnet mask 38-7
subnet zero 38-8
supernet 38-8
UDP 38-16
unicast reverse path forwarding 1-13, 38-91
with SVIs 38-5
See also BGP
See also EIGRP
See also OSPF
See also RIP
IPv4 ACLs
applying to interfaces 34-20
extended, creating 34-11
named 34-15
standard, creating 34-10
IP unicast routing
ACLs
displaying 35-9
limitations 35-2
matching criteria 35-3
port 35-1
precedence 35-2
router 35-1
supported 35-2
addresses 39-2
address formats 39-2
IP unicast routing (continued)
and switch stacks 39-9
applications 39-5
assigning address 39-11
autoconfiguration 39-5
CEFv6 39-19
configuring static routes 39-20
default configuration 39-11
default router preference (DRP) 39-4
defined 39-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 39-7
EIGRP IPv6 Commands 39-7
Router ID 39-7
feature limitations 39-8
features not supported 39-8
forwarding 39-11
ICMP 39-4
monitoring 39-27
neighbor discovery 39-4
OSPF 39-6
path MTU discovery 39-4
SDM templates 9-2, 25-1, 35-1
stack master functions 39-10
supported features 39-2
switch limitations 39-8
understanding static routes 39-6
IPv6 traffic, filtering 35-3
IRDP
configuring 38-14
definition 38-13
support for 1-13
IS-IS
addresses 38-66
area routing 38-66
default configuration 38-68
monitoring 38-75
show commands 38-75
system routing 38-66
ISL
and IPv6 39-3
and trunk ports 11-3
encapsulation 1-8, 13-16
trunking with IEEE 802.1 tunneling 17-5
ISO CLNS
clear commands 38-75
dynamic routing protocols 38-66
monitoring 38-75
NETs 38-66
NSAPs 38-66
OSI standard 38-66
ISO IGRP
area routing 38-66
system routing 38-66
isolated port 16-2
isolated VLANs 16-2, 16-3
J
join messages, IGMP 24-3
K
KDC
described 8-32
See also Kerberos
keepalive messages 18-2
Kerberos
authenticating to
boundary switch 8-35
KDC 8-35
network services 8-35
configuration examples 8-32
configuring 8-35
credentials 8-32
cryptographic software image 8-32
described 8-32
Kerberos (continued)
KDC 8-32
operation 8-34
realm 8-34
server 8-34
support for 1-11
switch as trusted third party 8-32
terms 8-33
TGT 8-34
tickets 8-32
key distribution center
See KDC
L
l2protocol-tunnel command 17-13
LACP
Layer 2 protocol tunneling 17-9
See EtherChannel
Layer 2 frames, classification with CoS 36-2
Layer 2 interfaces, default configuration 11-17
Layer 2 protocol tunneling
configuring 17-10
configuring for EtherChannels 17-14
default configuration 17-11
defined 17-8
guidelines 17-12
Layer 2 traceroute
and ARP 47-13
and CDP 47-13
broadcast traffic 47-12
described 47-12
IP addresses and subnets 47-13
MAC addresses and VLANs 47-13
multicast traffic 47-13
multiple devices on a port 47-13
unicast traffic 47-12
usage guidelines 47-13
Layer 3 features 1-12
Layer 3 interfaces
assigning IP addresses to 38-7
assigning IPv4 and IPv6 addresses to 39-14
assigning IPv6 addresses to 39-12
changing from Layer 2 mode 38-7, 38-82, 38-83
types of 38-5
Layer 3 packets, classification methods 36-2
LDAP 5-2
Leaking IGMP Reports 21-4
LEDs, switch
See hardware installation guide
Lightweight Directory Access Protocol
See LDAP
line configuration mode 2-3
Link Aggregation Control Protocol
See EtherChannel
Link Failure, detecting unidirectional 19-7
Link Layer Discovery Protocol
See CDP
link local unicast addresses 39-3
link redundancy
See Flex Links
links, unidirectional 29-1
link state advertisements (LSAs) 38-31
link-state protocols 38-3
link-state tracking
configuring 37-24
described 37-22
LLDP
configuring 28-4
characteristics 28-5
default configuration 28-4
enabling 28-5
monitoring and maintaining 28-10
overview 28-1
supported TLVs 28-2
switch stack considerations 28-2
transmission timer and holdtime, setting 28-5
LLDP-MED
configuring
procedures 28-4
TLVs 28-6
monitoring and maintaining 28-10
overview 28-1, 28-2
supported TLVs 28-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing 40-4
local SPAN 30-2
location TLV 28-3, 28-7
logging messages, ACL 34-9
login authentication
with RADIUS 8-23
with TACACS+ 8-14
login banners 7-17
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-19
loop guard
described 20-11
enabling 20-18
support for 1-8
M
MAC/PHY configuration status TLV 28-2
MAC addresses
aging time 7-21
and VLAN association 7-20
building the address table 7-20
default configuration 7-21
disabling learning on a VLAN 7-27
discovering 7-28
displaying 7-27
displaying in the IP source binding table 22-20
MAC addresses (continued)
dynamic
learning 7-20
removing 7-22
in ACLs 34-28
IP address association 38-10
manually assigning IP address 3-15
static
adding 7-24
allowing 7-26, 7-27
characteristics of 7-24
dropping 7-25
removing 7-24
MAC address learning 1-6
MAC address learning, disabling on a VLAN 7-27
MAC address notification, support for 1-14
MAC address-table move update
configuration guidelines 21-8
configuring 21-12
default configuration 21-8
description 21-6
monitoring 21-14
MAC address-to-VLAN mapping 13-28
MAC authentication bypass 10-14
MAC extended access lists
applying to Layer 2 interfaces 34-29
configuring for QoS 36-45
creating 34-28
defined 34-28
for QoS classification 36-5
macros
See Smartports macros
magic packet 10-23
manageability features 1-6
management access
in-band
browser session 1-7
CLI session 1-7
device manager 1-7
management access (continued)
SNMP 1-7
out-of-band console port connection 1-7
management address TLV 28-2
management options
CLI 2-1
CNS 5-1
Network Assistant 1-3
overview 1-5
switch stacks 1-3
mapping tables for QoS
configuring
CoS-to-DSCP 36-60
DSCP 36-60
DSCP-to-CoS 36-63
DSCP-to-DSCP-mutation 36-64
IP-precedence-to-DSCP 36-61
policed-DSCP 36-62
described 36-12
marking
action in policy map 36-48
action with aggregate policers 36-58
described 36-4, 36-8
matching IPv4 ACLs 34-8
maximum aging time
MSTP 19-23
STP 18-23
maximum hop count, MSTP 19-24
maximum number of allowed devices, port-based authentication 10-35
maximum-paths command 38-53, 38-93
MDA
configuration guidelines10-26to 10-27
described 1-10, 10-26
exceptions with authentication process 10-4
membership mode, VLAN port 13-3
messages, to users through banners 7-17
metrics, in BGP 38-54
metric translations, between routing protocols 38-100
metro tags 17-2
MHSRP 40-4
MIBs
accessing files with FTP A-4
location of files A-4
overview 33-1
SNMP interaction with 33-4
supported A-1
mirroring traffic for analysis 30-1
mismatches, autonegotiation 47-9
module number 11-8
monitoring
access groups 34-40
BGP 38-65
cables for unidirectional links 29-1
CDP 27-5
CEF 38-92
EIGRP 38-44
fallback bridging 46-11
features 1-14
Flex Links 21-14
HSRP 40-12
IEEE 802.1Q tunneling 17-18
IGMP
filters 24-29
snooping 24-16, 25-11
interfaces 11-28
IP
address tables 38-19
multicast routing 44-61
routes 38-108
IP SLAs operations 41-13
IPv4 ACL configuration 34-40
IPv6 39-27
IPv6 ACL configuration 35-9
IS-IS 38-75
ISO CLNS 38-75
Layer 2 protocol tunneling 17-18
MAC address-table move update 21-14
monitoring (continued)
MSDP peers 45-18
multicast router interfaces 24-17, 25-12
multi-VRF CE 38-90
MVR 24-24
network traffic for analysis with probe 30-2
object tracking 42-10
OSPF 38-35
port
blocking 26-19
protection 26-19
private VLANs 16-15
RP mapping information 44-35
SFP status 11-28, 47-10
source-active messages 45-18
speed and duplex mode 11-19
SSM mapping 44-23
traffic flowing among switches 31-1
traffic suppression 26-19
tunneling 17-18
VLAN
filters 34-41
maps 34-41
VLANs 13-16
VMPS 13-33
VTP 14-16
mrouter Port 21-3
mrouter port 21-5
MSDP
benefits of 45-3
clearing MSDP connections and statistics 45-18
controlling source information
forwarded by switch 45-11
originated by switch 45-8
received by switch 45-13
default configuration 45-4
dense-mode regions
sending SA messages to 45-16
specifying the originating address 45-17
filtering
incoming SA messages 45-14
SA messages to a peer 45-12
SA requests from a peer 45-10
join latency, defined 45-6
meshed groups
configuring 45-15
defined 45-15
originating address, changing 45-17
overview 45-1
peer-RPF flooding 45-2
peers
configuring a default 45-4
monitoring 45-18
peering relationship, overview 45-1
requesting source information from 45-8
shutting down 45-15
source-active messages
caching 45-6
clearing cache entries 45-18
defined 45-2
filtering from a peer 45-10
filtering incoming 45-14
filtering to a peer 45-12
limiting data with TTL 45-13
monitoring 45-18
restricting advertised sources 45-9
support for 1-13
MSTP
boundary ports
configuration guidelines 19-15
described 19-6
BPDU filtering
described 20-3
enabling 20-14
BPDU guard
described 20-2
enabling 20-13
CIST, described 19-3
CIST regional root 19-3
CIST root 19-5
configuration guidelines 19-15, 20-12
configuring
forward-delay time 19-23
hello time 19-22
link type for rapid convergence 19-24
maximum aging time 19-23
maximum hop count 19-24
MST region 19-16
neighbor type 19-25
path cost 19-20
port priority 19-19
root switch 19-17
secondary root switch 19-18
switch priority 19-21
CST
defined 19-3
operations between regions 19-3
default configuration 19-14
default optional feature configuration 20-12
displaying status 19-26
enabling the mode 19-16
EtherChannel guard
described 20-10
enabling 20-17
extended system ID
effects on root switch 19-17
effects on secondary root switch 19-18
unexpected behavior 19-17
IEEE 802.1s
implementation 19-6
port role naming change 19-6
terminology 19-5
instances supported 18-10
interface state, blocking to forwarding 20-2
interoperability and compatibility among modes 18-11
interoperability with IEEE 802.1D
described 19-8
restarting migration process 19-25
IST
defined 19-2
master 19-3
operations within a region 19-3
loop guard
described 20-11
enabling 20-18
mapping VLANs to MST instance 19-16
MST region
CIST 19-3
configuring 19-16
described 19-2
hop-count mechanism 19-5
IST 19-2
supported spanning-tree instances 19-2
optional features supported 1-8
overview 19-2
Port Fast
described 20-2
enabling 20-12
preventing root switch selection 20-10
root guard
described 20-10
enabling 20-18
root switch
configuring 19-17
effects of extended system ID 19-17
unexpected behavior 19-17
shutdown Port Fast-enabled port 20-2
stack changes, effects of 19-8
status, displaying 19-26
MTU
system 11-26
system jumbo 11-26
system routing 11-26
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 24-6
joining 24-3
leaving 24-5
static joins 24-10, 25-8
multicast packets
ACLs on 34-39
blocking 26-8
multicast router interfaces, monitoring 24-17, 25-12
multicast router ports, adding 24-10, 25-8
Multicast Source Discovery Protocol
See MSDP
multicast storm 26-1
multicast storm-control command 26-4
multicast television application 24-18
multicast VLAN 24-18
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multioperations scheduling, IP SLAs 41-5
multiple authentication 10-12
Multiple HSRP
See MHSRP
multiple VPN routing/forwarding in customer edge devices
See multi-VRF CE
multi-VRF CE
configuration example 38-86
configuration guidelines 38-79
configuring 38-78
default configuration 38-79
defined 38-76
displaying 38-90
monitoring 38-90
network components 38-78
packet-forwarding process 38-78
support for 1-13
MVR
and address aliasing 24-20
and IGMPv3 24-21
configuration guidelines 24-20
configuring interfaces 24-22
default configuration 24-20
described 24-18
example application 24-18
in the switch stack 24-20
modes 24-21
monitoring 24-24
multicast television application 24-18
setting global parameters 24-21
support for 1-5
N
NAC
AAA down policy 1-11
critical authentication 10-20, 10-51
IEEE 802.1x authentication using a RADIUS server 10-56
IEEE 802.1x validation using RADIUS server 10-56
inaccessible authentication bypass 1-11, 10-51
Layer 2 IEEE 802.1x validation 1-10, 10-56
Layer 2 IP validation 1-11
named IPv4 ACLs 34-15
named IPv6 ACLs 35-2
NameSpace Mapper
See NSM
native VLAN
and IEEE 802.1Q tunneling 17-4
configuring 13-24
default 13-24
NEAT
configuring 10-57
overview 10-30
neighbor discovery, IPv6 39-4
neighbor discovery/recovery, EIGRP 38-37
neighbors, BGP 38-60
Network Admission Control
See NAC
Network Assistant
benefits 1-3
described 1-5
downloading image files 1-3
guide mode 1-3
management options 1-3
managing switch stacks 6-2, 6-18
upgrading a switch B-24
wizards 1-3
network configuration examples
data center 1-19
expanded data center 1-19
increasing network performance 1-18
providing network services 1-18
small to medium-sized network 1-20
network design
performance 1-18
services 1-18
Network Edge Access Topology
See NEAT
network management
CDP 27-1
RMON 31-1
SNMP 33-1
network performance, measuring with IP SLAs 41-2
network policy TLV 28-2, 28-7
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
configuration guidelines 36-32
configuring 36-48
described 36-9
non-IP traffic filtering 34-28
nontrunking mode 13-18
normal-range VLANs 13-4
configuration guidelines 13-6
configuration modes 13-7
configuring 13-4
defined 13-1
no switchport command 11-4
not-so-stubby areas
See NSSA
NSAPs, as ISO IGRP addresses 38-66
NSF Awareness
IS-IS 38-68
NSM 5-3
NSSA, OSPF 38-31
NTP
associations
authenticating 7-4
defined 7-2
enabling broadcast messages 7-6
peer 7-5
server 7-5
default configuration 7-4
displaying the configuration 7-11
overview 7-2
restricting access
creating an access group 7-8
disabling NTP services per interface 7-10
source IP address, configuring 7-10
stratum 7-2
support for 1-6
synchronizing devices 7-5
time
services 7-2
synchronizing 7-2
O
OBFL
configuring 47-22
described 47-22
displaying 47-23
object tracking
HSRP 42-7
IP SLAs 42-9
IP SLAs, configuring 42-9
monitoring 42-10
offline configuration for switch stacks 6-9
on-board failure logging
See OBFL
online diagnostics
described 48-1
overview 48-1
running tests 48-5
open1x
configuring 10-61
open1x authentication
overview 10-25
Open Shortest Path First
See OSPF
optimizing system resources 9-1
options, management 1-5
OSPF
area parameters, configuring 38-31
configuring 38-29
default configuration
metrics 38-33
route 38-33
settings 38-27
described 38-26
for IPv6 39-6
interface parameters, configuring 38-30
LSA group pacing 38-34
monitoring 38-35
router IDs 38-35
route summarization 38-32
support for 1-12
virtual links 38-33
out-of-profile markdown 1-12
P
packet modification, with QoS 36-19
PAgP
Layer 2 protocol tunneling 17-9
See EtherChannel
parallel paths, in routing tables 38-93
passive interfaces
configuring 38-104
OSPF 38-33
passwords
default configuration 8-2
disabling recovery of 8-5
encrypting 8-3
for security 1-9
overview 8-1
recovery of 47-4
setting
enable 8-3
enable secret 8-3
Telnet 8-6
with usernames 8-6
VTP domain 14-8
path cost
MSTP 19-20
STP 18-20
path MTU discovery 39-4
PBR
defined 38-100
enabling 38-102
fast-switched policy-based routing 38-103
local policy-based routing 38-103
peers, BGP 38-60
percentage thresholds in tracked lists 42-6
performance, network design 1-18
performance features 1-4
persistent self-signed certificate 8-43
per-user ACLs and Filter-Ids 10-8
per-VLAN spanning-tree plus
See PVST+
PE to CE routing, configuring 38-86
physical ports 11-2
PIM
default configuration 44-11
dense mode
overview 44-4
rendezvous point (RP), described 44-5
RPF lookups 44-9
displaying neighbors 44-62
enabling a mode 44-14
overview 44-4
router-query message interval, modifying 44-38
shared tree and source tree, overview 44-35
shortest path tree, delaying the use of 44-37
sparse mode
join messages and shared tree 44-5
overview 44-5
prune messages 44-5
RPF lookups 44-9
stub routing
enabling 44-23
overview 44-5
support for 1-13
versions
interoperability 44-11
troubleshooting interoperability problems 44-35
v2 improvements 44-4
PIM-DVMRP, as snooping method 24-9
ping
character output description 47-12
executing 47-11
overview 47-11
policed-DSCP map for QoS 36-62
policers
configuring
for each matched traffic class 36-48
for more than one traffic class 36-58
described 36-4
displaying 36-78
number of 36-33
types of 36-9
policing
described 36-4
hierarchical
See hierarchical policy maps
token-bucket algorithm 36-9
policy-based routing
See PBR
policy maps for QoS
characteristics of 36-48
described 36-7
displaying 36-79
hierarchical 36-8
hierarchical on SVIs
configuration guidelines 36-32
configuring 36-52
described 36-11
nonhierarchical on physical ports
configuration guidelines 36-32
configuring 36-48
described 36-9
port ACLs
defined 34-2
types of 34-3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 10-13
authentication server
defined 10-3
RADIUS server 10-3
client, defined 10-3
configuration guidelines 10-33
configuring
802.1x authentication 10-36
guest VLAN 10-48
host mode 10-42
inaccessible authentication bypass 10-51
manual re-authentication of a client 10-44
periodic re-authentication 10-43
quiet period 10-44
RADIUS server 10-41
RADIUS server parameters on the switch 10-40
restricted VLAN 10-49
switch-to-client frame-retransmission number 10-46
switch-to-client retransmission time 10-45
violation mode 10-23
violation modes 10-36
default configuration 10-32
described 10-1
device roles 10-2
displaying statistics 10-67
downloadable ACLs and redirect URLs
configuring10-58to 10-61
overview10-17to 10-18
EAPOL-start frame 10-5
EAP-request/identity frame 10-5
EAP-response/identity frame 10-5
encapsulation 10-3
port-based authentication (continued)
flexible authentication ordering
configuring 10-61
overview 10-25
guest VLAN
configuration guidelines 10-19, 10-20
described 10-18
host mode 10-11
inaccessible authentication bypass
configuring 10-51
described 10-20
guidelines 10-35
initiation and message exchange 10-5
magic packet 10-23
maximum number of allowed devices per port 10-35
method lists 10-36
multiple authentication 10-12
multiple-hosts mode, described 10-11
per-user ACLs
AAA authorization 10-36
configuration tasks 10-17
described 10-16
RADIUS server attributes 10-16
ports
authorization state and dot1x port-control command 10-10
authorized and unauthorized 10-10
critical 10-20
voice VLAN 10-21
port security
and voice VLAN 10-23
described 10-22
interactions 10-22
multiple-hosts mode 10-12
readiness check
configuring 10-38
described 10-14, 10-38
resetting to default values 10-66
stack changes, effects of 10-11
port-based authentication (continued)
statistics, displaying 10-67
switch
as proxy 10-3
RADIUS client 10-3
switch supplicant
configuring 10-57
overview 10-30
VLAN assignment
AAA authorization 10-36
characteristics 10-15
configuration tasks 10-15
described 10-14
voice aware 802.1x security
configuring 10-39
described 10-27, 10-39
voice VLAN
described 10-21
PVID 10-21
VVID 10-21
wake-on-LAN, described 10-23
port-based authentication methods, supported 10-8
port blocking 1-4, 26-7
port-channel
See EtherChannel
port description TLV 28-2
Port Fast
described 20-2
enabling 20-12
mode, spanning tree 13-30
support for 1-8
port membership modes, VLAN 13-3
port priority
MSTP 19-19
STP 18-18
ports
10-Gigabit Ethernet 11-6
access 11-3
blocking 26-7
dynamic access 13-4
protected 26-6
routed 11-4
secure 26-8
static-access 13-3, 13-11
switch 11-2
trunks 13-3, 13-16
VLAN assignments 13-11
port security
aging 26-17
and private VLANs 26-18
and QoS trusted boundary 36-38
and stacking 26-18
configuring 26-13
default configuration 26-11
described 26-8
displaying 26-19
enabling 26-18
on trunk ports 26-14
sticky learning 26-9
violations 26-10
with other features 26-11
port-shutdown response, VMPS 13-29
port VLAN ID TLV 28-2
power management TLV 28-2, 28-7
preemption, default configuration 21-8
preemption delay, default configuration 21-8
preferential treatment of traffic
See QoS
prefix lists, BGP 38-57
preventing unauthorized access 8-1
primary links 21-2
primary VLANs 16-1, 16-3
priority
HSRP 40-8
overriding CoS 15-6
trusting CoS 15-6
private VLAN edge ports
See protected ports
private VLANs
across multiple switches 16-4
and SDM template 16-4
and SVIs 16-5
and switch stacks 16-5
benefits of 16-1
community ports 16-2
community VLANs 16-2, 16-3
configuration guidelines 16-7, 16-8
configuration tasks 16-6
configuring 16-10
default configuration 16-6
end station access to 16-3
IP addressing 16-3
isolated port 16-2
isolated VLANs 16-2, 16-3
mapping 16-14
monitoring 16-15
ports
community 16-2
configuration guidelines 16-8
configuring host ports 16-11
configuring promiscuous ports 16-13
isolated 16-2
promiscuous 16-2
primary VLANs 16-1, 16-3
promiscuous ports 16-2
secondary VLANs 16-2
subdomains 16-1
traffic in 16-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 8-9
exiting 8-9
logging into 8-9
overview 8-2, 8-7
setting a command with 8-8
promiscuous ports
configuring 16-13
defined 16-2
protected ports 1-9, 26-6
protocol-dependent modules, EIGRP 38-37
Protocol-Independent Multicast Protocol
See PIM
provider edge devices 38-77
provisioning new members for a switch stack 6-9
proxy ARP
configuring 38-12
definition 38-10
with IP routing disabled 38-13
proxy reports 21-3
pruning, VTP
disabling
in VTP domain 14-14
on a port 13-24
enabling
in VTP domain 14-14
on a port 13-23
examples 14-5
overview 14-4
pruning-eligible list
changing 13-23
for VTP pruning 14-5
VLANs 14-14
PVST+
described 18-10
IEEE 802.1Q trunking interoperability 18-11
instances supported 18-10
Q
QoS
and MQC commands 36-1
auto-QoS
categorizing traffic 36-21
configuration and defaults display 36-29
configuration guidelines 36-25
described 36-20
disabling 36-26
displaying generated commands 36-26
displaying the initial configuration 36-29
effects on running configuration 36-25
egress queue defaults 36-21
enabling for VoIP 36-26
example configuration 36-27
ingress queue defaults 36-21
list of generated commands 36-22
basic model 36-4
classification
class maps, described 36-7
defined 36-4
DSCP transparency, described 36-39
flowchart 36-6
forwarding treatment 36-3
in frames and packets 36-3
IP ACLs, described 36-5, 36-7
MAC ACLs, described 36-5, 36-7
options for IP traffic 36-5
options for non-IP traffic 36-5
policy maps, described 36-7
trust DSCP, described 36-5
trusted CoS, described 36-5
trust IP precedence, described 36-5
class maps
configuring 36-46
displaying 36-78
configuration guidelines
auto-QoS 36-25
standard QoS 36-32
configuring
aggregate policers 36-58
auto-QoS 36-20
default port CoS value 36-37
DSCP maps 36-60
DSCP transparency 36-39
DSCP trust states bordering another domain 36-40
egress queue characteristics 36-70
ingress queue characteristics 36-66
IP extended ACLs 36-44
IP standard ACLs 36-43
MAC ACLs 36-45
policy maps, hierarchical 36-52
policy maps on physical ports 36-48
port trust states within the domain 36-35
trusted boundary 36-38
default auto configuration 36-21
default standard configuration 36-30
displaying statistics 36-78
DSCP transparency 36-39
egress queues
allocating buffer space 36-71
buffer allocation scheme, described 36-18
configuring shaped weights for SRR 36-75
configuring shared weights for SRR 36-76
described 36-4
displaying the threshold map 36-74
flowchart 36-17
mapping DSCP or CoS values 36-73
scheduling, described 36-4
setting WTD thresholds 36-71
WTD, described 36-19
enabling globally 36-34
flowcharts
classification 36-6
egress queueing and scheduling 36-17
ingress queueing and scheduling 36-15
policing and marking 36-10
implicit deny 36-7
ingress queues
allocating bandwidth 36-68
allocating buffer space 36-68
buffer and bandwidth allocation, described 36-16
configuring shared weights for SRR 36-68
configuring the priority queue 36-69
described 36-4
displaying the threshold map 36-67
flowchart 36-15
mapping DSCP or CoS values 36-67
priority queue, described 36-16
scheduling, described 36-4
setting WTD thresholds 36-67
WTD, described 36-16
IP phones
automatic classification and queueing 36-20
detection and trusted settings 36-20, 36-38
limiting bandwidth on egress interface 36-77
mapping tables
CoS-to-DSCP 36-60
displaying 36-78
DSCP-to-CoS 36-63
DSCP-to-DSCP-mutation 36-64
IP-precedence-to-DSCP 36-61
policed-DSCP 36-62
types of 36-12
marked-down actions 36-50, 36-55
marking, described 36-4, 36-8
overview 36-2
packet modification 36-19
policers
configuring 36-50, 36-55, 36-58
described 36-8
displaying 36-78
number of 36-33
types of 36-9
policies, attaching to an interface 36-8
policing
described 36-4, 36-8
token bucket algorithm 36-9
policy maps
characteristics of 36-48
displaying 36-79
hierarchical 36-8
hierarchical on SVIs 36-52
nonhierarchical on physical ports 36-48
QoS label, defined 36-4
queues
configuring egress characteristics 36-70
configuring ingress characteristics 36-66
high priority (expedite) 36-19, 36-76
location of 36-13
SRR, described 36-14
WTD, described 36-13
rewrites 36-19
support for 1-11
trust states
bordering another domain 36-40
described 36-5
trusted device 36-38
within the domain 36-35
quality of service
See QoS
queries, IGMP 24-4
query solicitation, IGMP 24-13
R
RADIUS
attributes
vendor-proprietary 8-31
vendor-specific 8-29
configuring
accounting 8-28
authentication 8-23
authorization 8-27
communication, global 8-21, 8-29
communication, per-server 8-20, 8-21
multiple UDP ports 8-20
default configuration 8-20
defining AAA server groups 8-25
displaying the configuration 8-32
identifying the server 8-20
limiting the services to the user 8-27
method list, defined 8-20
operation of 8-19
overview 8-18
server load balancing 8-31
suggested network environments 8-18
support for 1-11
tracking services accessed by user 8-28
range
macro 11-11
of interfaces 11-10
rapid convergence 19-10
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 18-10
IEEE 802.1Q trunking interoperability 18-11
instances supported 18-10
Rapid Spanning Tree Protocol
See RSTP
RARP 38-10
RCP
configuration files
downloading B-18
overview B-16
preparing the server B-17
uploading B-19
image files
deleting old image B-38
downloading B-36
preparing the server B-35
uploading B-38
reachability, tracking IP SLAs IP host 42-9
readiness check
port-based authentication
configuring 10-38
described 10-14, 10-38
reconfirmation interval, VMPS, changing 13-32
reconfirming dynamic VLAN membership 13-32
recovery procedures 47-1
redirect URL 10-17, 10-58
redundancy
EtherChannel 37-2
HSRP 40-1
STP
backbone 18-8
multidrop backbone 20-5
path cost 13-27
port priority 13-25
redundant links and UplinkFast 20-15
reliable transport protocol, EIGRP 38-37
reloading software 3-21
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 30-3
report suppression, IGMP
described 24-6
disabling 24-16, 25-11
resequencing ACL entries 34-15
resets, in BGP 38-52
resetting a UDLD-shutdown interface 29-6
responder, IP SLAs
described 41-3
enabling 41-7
response time, measuring with IP SLAs 41-4
restricted VLAN
configuring 10-49
described 10-19
using with IEEE 802.1x 10-19
restricting access
NTP services 7-8
overview 8-1
passwords and privilege levels 8-2
RADIUS 8-17
TACACS+ 8-10
retry count, VMPS, changing 13-32
reverse address resolution 38-10
Reverse Address Resolution Protocol
See RARP
RFC
1112, IP multicast and IGMP 24-2
1157, SNMPv1 33-2
1166, IP addresses 38-7
1305, NTP 7-2
1587, NSSAs 38-26
1757, RMON 31-2
1901, SNMPv2C 33-2
1902 to 1907, SNMPv2 33-2
2236, IP multicast and IGMP 24-2
2273-2275, SNMPv3 33-2
RIP
advertisements 38-21
authentication 38-23
configuring 38-22
default configuration 38-21
described 38-21
for IPv6 39-6
hop counts 38-21
split horizon 38-24
summary addresses 38-24
support for 1-12
RMON
default configuration 31-3
displaying status 31-6
enabling alarms and events 31-3
groups supported 31-2
overview 31-1
statistics
collecting group Ethernet 31-5
collecting group history 31-5
support for 1-14
root guard
described 20-10
enabling 20-18
support for 1-8
root switch
MSTP 19-17
STP 18-16
route calculation timers, OSPF 38-33
route dampening, BGP 38-64
routed packets, ACLs on 34-39
routed ports
configuring 38-5
defined 11-4
IP addresses on 11-24, 38-5
route-map command 38-103
route maps
BGP 38-55
policy-based routing 38-101
router ACLs
defined 34-2
types of 34-4
route reflectors, BGP 38-63
router ID, OSPF 38-35
route selection, BGP 38-53
route summarization, OSPF 38-32
route targets, VPN 38-78
routing
default 38-3
dynamic 38-3
redistribution of information 38-96
static 38-3
routing domain confederation, BGP 38-62
Routing Information Protocol
See RIP
routing protocol administrative distances 38-94
RSPAN 30-3
and stack changes 30-10
characteristics 30-9
configuration guidelines 30-17
default configuration 30-11
destination ports 30-8
displaying status 30-28
in a switch stack 30-2
interaction with other features 30-9
monitored ports 30-6
monitoring ports 30-8
overview 1-14, 30-1
received traffic 30-5
session limits 30-12
sessions
creating 30-18
defined 30-4
limiting source traffic to specific VLANs 30-20
specifying monitored ports 30-18
with ingress traffic enabled 30-22
source ports 30-6
transmitted traffic 30-6
VLAN-based 30-7
RSTP
active topology 19-9
BPDU
format 19-12
processing 19-13
designated port, defined 19-9
designated switch, defined 19-9
interoperability with IEEE 802.1D
described 19-8
restarting migration process 19-25
topology changes 19-13
overview 19-9
port roles
described 19-9
synchronized 19-11
proposal-agreement handshake process 19-10
rapid convergence
cross-stack rapid convergence 19-11
described 19-10
edge ports and Port Fast 19-10
point-to-point links 19-10, 19-24
root ports 19-10
root port, defined 19-9
See also MSTP
running configuration
replacing B-20, B-21
rolling back B-20, B-21
saving 3-15
S
scheduled reloads 3-21
scheduling, IP SLAs operations 41-5
SDM
described 9-1
switch stack consideration 6-12
templates
configuring 9-5
number of 9-1
SDM template
configuring 9-4
dual IPv4 and IPv6 9-2
types of 9-1
secondary VLANs 16-2
secure HTTP client
configuring 8-48
displaying 8-48
secure HTTP server
configuring 8-46
displaying 8-48
secure MAC addresses
and switch stacks 26-18
deleting 26-16
maximum number of 26-10
types of 26-9
secure ports
and switch stacks 26-18
configuring 26-8
secure remote connections 8-38
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 26-8
security features 1-9
sequence numbers in log messages 32-8
server mode, VTP 14-3
service-provider network, MSTP and RSTP 19-1
service-provider networks
and customer VLANs 17-2
and IEEE 802.1Q tunneling 17-1
Layer 2 protocols across 17-8
Layer 2 protocol tunneling for EtherChannels 17-9
set-request operation 33-4
severity levels, defining in system messages 32-9
SFPs
monitoring status of 11-28, 47-10
numbering of 11-9
security and identification 47-10
status, displaying 47-10
shaped round robin
See SRR
show access-lists hw-summary command 34-22
show and more command output, filtering 2-10
show cdp traffic command 27-5
show configuration command 11-23
show forward command 47-18
show interfaces command 11-19, 11-23
show interfaces switchport 21-4
show l2protocol command 17-13, 17-15, 17-16
show lldp traffic command 28-11
show platform forward command 47-18
show running-config command
displaying ACLs 34-20, 34-21, 34-32, 34-35
interface description in 11-23
shutdown command on interfaces 11-29
shutdown threshold for Layer 2 protocol packets 17-11
Simple Network Management Protocol
See SNMP
small-frame arrival rate, configuring 26-5
Smartports macros
applying Cisco-default macros 12-6
applying global parameter values 12-5, 12-6
applying macros 12-5
applying parameter values 12-5, 12-7
configuration guidelines 12-2
creating 12-4
default configuration 12-2
defined 12-1
displaying 12-8
tracing 12-3
SNAP 27-1
SNMP
accessing MIB variables with 33-4
agent
described 33-4
disabling 33-7
and IP SLAs 41-2
authentication level 33-10
community strings
configuring 33-8
overview 33-4
configuration examples 33-17
default configuration 33-6
engine ID 33-7
groups 33-6, 33-9
host 33-6
ifIndex values 33-5
in-band management 1-7
informs
and trap keyword 33-11
described 33-5
differences from traps 33-5
disabling 33-15
enabling 33-14
limiting access by TFTP servers 33-16
limiting system log messages to NMS 32-10
manager functions 1-5, 33-3
MIBs
location of A-4
supported A-1
notifications 33-5
overview 33-1, 33-4
security levels 33-3
setting CPU threshold notification 33-15
status, displaying 33-18
system contact and location 33-16
trap manager, configuring 33-13
traps
described 33-3, 33-5
differences from informs 33-5
disabling 33-15
enabling 33-11
enabling MAC address notification 7-22
overview 33-1, 33-4
types of 33-11
users 33-6, 33-9
versions supported 33-2
SNMP and Syslog Over IPv6 39-7
SNMPv1 33-2
SNMPv2C 33-2
SNMPv3 33-2
snooping, IGMP 24-2
software compatibility
See stacks, switch
software images
location in flash B-25
recovery procedures 47-2
scheduling reloads 3-22
tar file format, described B-25
See also downloading and uploading
source addresses
in IPv4 ACLs 34-12
in IPv6 ACLs 35-5, 35-6
source-and-destination-IP address based forwarding, EtherChannel 37-8
source-and-destination MAC address forwarding, EtherChannel 37-8
source-IP address based forwarding, EtherChannel 37-8
source-MAC address forwarding, EtherChannel 37-8
Source-specific multicast
See SSM
SPAN
and stack changes 30-10
configuration guidelines 30-12
default configuration 30-11
destination ports 30-8
displaying status 30-28
interaction with other features 30-9
monitored ports 30-6
monitoring ports 30-8
overview 1-14, 30-1
ports, restrictions 26-12
received traffic 30-5
session limits 30-12
sessions
configuring ingress forwarding 30-16, 30-23
creating 30-13, 30-25
defined 30-4
limiting source traffic to specific VLANs 30-16
removing destination (monitoring) ports 30-14
specifying monitored ports 30-13, 30-25
with ingress traffic enabled 30-15
source ports 30-6
transmitted traffic 30-6
VLAN-based 30-7
spanning tree and native VLANs 13-19
Spanning Tree Protocol
See STP
SPAN traffic 30-5
split horizon, RIP 38-24
SRR
configuring
shaped weights on egress queues 36-75
shared weights on egress queues 36-76
shared weights on ingress queues 36-68
described 36-14
shaped mode 36-14
shared mode 36-14
support for 1-12
SSH
configuring 8-39
cryptographic software image 8-37
described 1-7, 8-38
encryption methods 8-38
switch stack considerations 6-18, 8-38
user authentication methods, supported 8-38
SSL
configuration guidelines 8-45
configuring a secure HTTP client 8-48
configuring a secure HTTP server 8-46
cryptographic software image 8-42
described 8-42
monitoring 8-48
SSM
address management restrictions 44-16
CGMP limitations 44-17
components 44-14
configuration guidelines 44-16
configuring 44-14, 44-17
differs from Internet standard multicast 44-15
IGMP snooping 44-17
IGMPv3 44-14
IGMPv3 Host Signalling 44-16
IP address range 44-15
monitoring 44-17
operations 44-15
PIM 44-14
state maintenance limitations 44-17
SSM mapping 44-18
configuration guidelines 44-18
configuring 44-18, 44-20
DNS-based 44-19, 44-21
monitoring 44-23
overview 44-18
restrictions 44-18
static 44-19, 44-21
static traffic forwarding 44-22
stack changes
effects on
IPv6 routing 39-9
stack changes, effects on
ACL configuration 34-7
CDP 27-2
cross-stack EtherChannel 37-12
EtherChannel 37-9
fallback bridging 46-3
HSRP 40-5
IEEE 802.1x port-based authentication 10-11
IGMP snooping 24-7
stack changes, effects on (continued)
IP routing 38-4
IPv6 ACLs 35-3
MAC address tables 7-21
MSTP 19-8
multicast routing 44-10
MVR 24-18
port security 26-18
SDM template selection 9-3
SNMP 33-1
SPAN and RSPAN 30-10
STP 18-12
system message log 32-2
VLANs 13-6
VTP 14-6
stack master
bridge ID (MAC address) 6-8
defined 6-1
election 6-6
IPv6 39-10
re-election 6-6
See also stacks, switch
stack member
accessing CLI of specific member 6-26
configuring
member number 6-23
priority value 6-25
defined 6-1
displaying information of 6-27
IPv6 39-10
number 6-8
priority value 6-9
provisioning a new member 6-25
replacing 6-17
See also stacks, switch
stack member number 11-8
stack protocol version 6-12
stacks, switch
accessing CLI of specific member 6-26
assigning information
member number 6-23
priority value 6-25
provisioning a new member 6-25
auto-advise 6-14
auto-copy 6-13
auto-extract 6-13
auto-upgrade 6-13
bridge ID 6-8
CDP considerations 27-2
compatibility, software 6-12
configuration file 6-16
configuration scenarios 6-19
copying an image file from one member to another B-39
default configuration 6-21
description of 6-1
displaying information of 6-27
enabling persistent MAC address timer 6-21
hardware compatibility and SDM mismatch mode 6-12
HSRP considerations 40-5
incompatible software and image upgrades 6-16, B-39
IPv6 on 39-9
MAC address considerations 7-21
MAC address of 6-21
management connectivity 6-18
managing 6-1
membership 6-3
merged 6-3
MSTP instances supported 18-10
multicast routing, stack master and member roles 44-10
offline configuration
described 6-9
effects of adding a provisioned switch 6-10
effects of removing a provisioned switch 6-11
effects of replacing a provisioned switch 6-11
stacks, switch (continued)
provisioned configuration, defined 6-9
provisioned switch, defined 6-9
provisioning a new member 6-25
partitioned 6-3, 47-9
provisioned switch
adding 6-10
removing 6-11
replacing 6-11
replacing a failed member 6-17
software compatibility 6-12
software image version 6-12
stack protocol version 6-12
STP
bridge ID 18-3
instances supported 18-10
root port selection 18-3
stack root switch election 18-3
system messages
hostnames in the display 32-1
remotely monitoring 32-2
system prompt consideration 7-14
system-wide configuration considerations 6-17
upgrading B-39
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 6-13
described 6-13
examples 6-14
manual upgrades with auto-advise 6-14
upgrades with auto-extract 6-13
See also stack master and stack member
StackWise Plus technology, Cisco 1-3
See also stacks, switch
standby ip command 40-7
standby links 21-2
standby router 40-1
standby timers, HSRP 40-11
startup configuration
booting
manually 3-18
specific image 3-18
clearing B-20
configuration file
automatically downloading 3-17
specifying the filename 3-17
default boot configuration 3-17
static access ports
assigning to VLAN 13-11
defined 11-3, 13-3
static addresses
See addresses
static IP routing 1-13
static MAC addressing 1-9
static routes
configuring 38-94
configuring for IPv6 39-20
understanding 39-6
static routing 38-3
static SSM mapping 44-19, 44-21
static traffic forwarding 44-22
static VLAN membership 13-2
statistics
CDP 27-5
IEEE 802.1x 10-67
interface 11-28
IP multicast routing 44-62
LLDP 28-10
LLDP-MED 28-10
NMSP 28-10
OSPF 38-35
QoS ingress and egress 36-78
RMON group Ethernet 31-5
RMON group history 31-5
SNMP input and output 33-18
VTP 14-16
sticky learning 26-9
storm control
configuring 26-3
described 26-1
disabling 26-5
displaying 26-19
support for 1-4
thresholds 26-1
STP
accelerating root port selection 20-4
BackboneFast
described 20-7
disabling 20-17
enabling 20-16
BPDU filtering
described 20-3
disabling 20-15
enabling 20-14
BPDU guard
described 20-2
disabling 20-14
enabling 20-13
BPDU message exchange 18-3
configuration guidelines 18-13, 20-12
configuring
forward-delay time 18-23
hello time 18-22
maximum aging time 18-23
path cost 18-20
port priority 18-18
root switch 18-16
secondary root switch 18-18
spanning-tree mode 18-15
switch priority 18-21
transmit hold-count 18-24
counters, clearing 18-24
cross-stack UplinkFast
described 20-5
enabling 20-16
default configuration 18-13
STP (continued)
default optional feature configuration 20-12
designated port, defined 18-4
designated switch, defined 18-4
detecting indirect link failures 20-8
disabling 18-16
displaying status 18-24
EtherChannel guard
described 20-10
disabling 20-17
enabling 20-17
extended system ID
effects on root switch 18-16
effects on the secondary root switch 18-18
overview 18-4
unexpected behavior 18-16
features supported 1-7
IEEE 802.1D and bridge ID 18-4
IEEE 802.1D and multicast addresses 18-9
IEEE 802.1t and VLAN identifier 18-5
inferior BPDU 18-3
instances supported 18-10
interface state, blocking to forwarding 20-2
interface states
blocking 18-6
disabled 18-7
forwarding 18-6, 18-7
learning 18-7
listening 18-7
overview 18-5
interoperability and compatibility among modes 18-11
keepalive messages 18-2
Layer 2 protocol tunneling 17-8
limitations with IEEE 802.1Q trunks 18-11
load sharing
overview 13-24
using path costs 13-27
using port priorities 13-25
STP (continued)
loop guard
described 20-11
enabling 20-18
modes supported 18-10
multicast addresses, effect of 18-9
optional features supported 1-8
overview 18-2
path costs 13-27
Port Fast
described 20-2
enabling 20-12
port priorities 13-26
preventing root switch selection 20-10
protocols supported 18-10
redundant connectivity 18-8
root guard
described 20-10
enabling 20-18
root port, defined 18-3
root port selection on a switch stack 18-3
root switch
configuring 18-16
effects of extended system ID 18-4, 18-16
election 18-3
unexpected behavior 18-16
shutdown Port Fast-enabled port 20-2
stack changes, effects of 18-12
status, displaying 18-24
superior BPDU 18-3
timers, described 18-22
UplinkFast
described 20-3
enabling 20-15
VLAN-bridge 18-11
stratum, NTP 7-2
stub areas, OSPF 38-31
stub routing, EIGRP 38-43
subdomains, private VLAN 16-1
subnet mask 38-7
subnet zero 38-8
success response, VMPS 13-29
summer time 7-13
SunNet Manager 1-5
supernet 38-8
supported port-based authentication methods 10-8
SVI autostate exclude
configuring 11-25
defined 11-6
SVI link state 11-6
SVIs
and IP unicast routing 38-5
and router ACLs 34-4
connecting VLANs 11-7
defined 11-5
routing between VLANs 13-2
switch 39-2
switch console port 1-7
Switch Database Management
See SDM
switched packets, ACLs on 34-37
Switched Port Analyzer
See SPAN
switched ports 11-2
switchport backup interface 21-4, 21-5
switchport block multicast command 26-8
switchport block unicast command 26-8
switchport command 11-17
switchport mode dot1q-tunnel command 17-6
switchport protected command 26-7
switch priority
MSTP 19-21
STP 18-21
switch software features 1-1
switch virtual interface
See SVI
synchronization, BGP 38-49
syslog
See system message logging
system capabilities TLV 28-2
system clock
configuring
daylight saving time 7-13
manually 7-11
summer time 7-13
time zones 7-12
displaying the time and date 7-12
overview 7-1
See also NTP
system description TLV 28-2
system message logging
default configuration 32-4
defining error message severity levels 32-9
disabling 32-4
displaying the configuration 32-14
enabling 32-5
facility keywords, described 32-14
level keywords, described 32-10
limiting messages 32-10
message format 32-2
overview 32-1
sequence numbers, enabling and disabling 32-8
setting the display destination device 32-5
stack changes, effects of 32-2
synchronizing log messages 32-6
syslog facility 1-14
time stamps, enabling and disabling 32-8
UNIX syslog servers
configuring the daemon 32-13
configuring the logging facility 32-13
facilities supported 32-14
system MTU
and IS-IS LSPs 38-71
system MTU and IEEE 802.1Q tunneling 17-5
system name
default configuration 7-15
default setting 7-15
manual configuration 7-15
See also DNS
system name TLV 28-2
system prompt, default setting 7-14, 7-15
system resources, optimizing 9-1
system routing
IS-IS 38-66
ISO IGRP 38-66
T
TACACS+
accounting, defined 8-11
authentication, defined 8-11
authorization, defined 8-11
configuring
accounting 8-17
authentication key 8-13
authorization 8-16
login authentication 8-14
default configuration 8-13
displaying the configuration 8-17
identifying the server 8-13
limiting the services to the user 8-16
operation of 8-12
overview 8-10
support for 1-11
tracking services accessed by user 8-17
tagged packets
IEEE 802.1Q 17-3
Layer 2 protocol 17-7
tar files
creating B-7
displaying the contents of B-7
extracting B-8
image file format B-25
TDR 1-14
Telnet
accessing management interfaces 2-11
number of connections 1-7
setting a password 8-6
templates, SDM 9-2
temporary self-signed certificate 8-43
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 8-6
TFTP
configuration files
downloading B-12
preparing the server B-11
uploading B-12
configuration files in base directory 3-7
configuring for autoconfiguration 3-7
image files
deleting B-29
downloading B-27
preparing the server B-26
uploading B-29
limiting access by servers 33-16
TFTP server 1-6
threshold, traffic level 26-2
threshold monitoring, IP SLAs 41-5
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 34-17
time ranges in ACLs 34-17
time stamps in log messages 32-8
time zones 7-12
TLVs
defined 28-1
LLDP 28-2
LLDP-MED 28-2
Token Ring VLANs
support for 13-6
VTP support 14-4
ToS 1-11
traceroute, Layer 2
and ARP 47-13
and CDP 47-13
broadcast traffic 47-12
described 47-12
IP addresses and subnets 47-13
MAC addresses and VLANs 47-13
multicast traffic 47-13
multiple devices on a port 47-13
unicast traffic 47-12
usage guidelines 47-13
traceroute command 47-15
See also IP traceroute
tracked lists
configuring 42-3
types 42-3
tracked objects
by Boolean expression 42-4
by threshold percentage 42-6
by threshold weight 42-5
tracking interface line-protocol state 42-2
tracking IP routing state 42-2
tracking objects 42-1
tracking process 42-1
track state, tracking IP SLAs 42-9
traffic
blocking flooded 26-8
fragmented 34-5
fragmented IPv6 35-2
unfragmented 34-5
traffic policing 1-12
traffic suppression 26-1
transmit hold-count
see STP
transparent mode, VTP 14-3, 14-12
trap-door mechanism 3-2
traps
configuring MAC address notification 7-22
configuring managers 33-11
defined 33-3
enabling 7-22, 33-11
notification types 33-11
overview 33-1, 33-4
troubleshooting
connectivity problems 47-11, 47-12, 47-14
CPU utilization 47-24
detecting unidirectional links 29-1
displaying crash information 47-21
PIMv1 and PIMv2 interoperability problems 44-35
setting packet forwarding 47-18
SFP security and identification 47-10
show forward command 47-18
with CiscoWorks 33-4
with debug commands 47-17
with ping 47-11
with system message logging 32-1
with traceroute 47-14
trunk failover
See link-state tracking
trunking encapsulation 1-8
trunk ports
configuring 13-21
defined 11-3, 13-3
encapsulation 13-21, 13-26, 13-27
trunks
allowed-VLAN list 13-22
configuring 13-21, 13-26, 13-27
ISL 13-16
load sharing
setting STP path costs 13-27
using STP port priorities 13-25, 13-26
native VLAN for untagged traffic 13-24
parallel 13-27
pruning-eligible list 13-23
to non-DTP device 13-18
trusted boundary for QoS 36-38
trusted port states
between QoS domains 36-40
classification options 36-5
ensuring port security for IP phones 36-38
support for 1-11
within a QoS domain 36-35
trustpoints, CA 8-43
tunneling
defined 17-1
IEEE 802.1Q 17-1
Layer 2 protocol 17-8
tunnel ports
described 11-4, 17-1
IEEE 802.1Q, configuring 17-6
incompatibilities with other features 17-6
twisted-pair Ethernet, detecting unidirectional links 29-1
type of service
See ToS
U
UDLD
configuration guidelines 29-4
default configuration 29-4
disabling
globally 29-5
on fiber-optic interfaces 29-5
per interface 29-6
echoing detection mechanism 29-2
enabling
globally 29-5
per interface 29-6
Layer 2 protocol tunneling 17-10
link-detection mechanism 29-1
neighbor database 29-2
overview 29-1
resetting an interface 29-6
status, displaying 29-7
support for 1-7
UDP, configuring 38-16
UDP jitter, configuring 41-8
UDP jitter operation, IP SLAs 41-8
unauthorized ports with IEEE 802.1x 10-10
unicast MAC address filtering 1-6
and adding static addresses 7-25
and broadcast MAC addresses 7-25
and CPU packets 7-25
and multicast addresses 7-25
and router MAC addresses 7-25
configuration guidelines 7-25
described 7-25
unicast storm 26-1
unicast storm control command 26-4
unicast traffic, blocking 26-8
UniDirectional Link Detection protocol
See UDLD
universal software image
cryptographic 1-1
feature set
IP base 1-2
IP services 1-2
noncryptographic 1-1
UNIX syslog servers
daemon configuration 32-13
facilities supported 32-14
message logging configuration 32-13
unrecognized Type-Length-Value (TLV) support 14-4
upgrading software images
See downloading
UplinkFast
described 20-3
disabling 20-16
enabling 20-15
support for 1-8
uploading
configuration files
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-15
using RCP B-19
using TFTP B-12
image files
preparing B-26, B-30, B-35
reasons for B-24
using FTP B-33
using RCP B-38
using TFTP B-29
User Datagram Protocol
See UDP
user EXEC mode 2-2
username-based authentication 8-6
V
version-dependent transparent mode 14-4
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 6-13
described 6-13
displaying 6-13
manual upgrades with auto-advise 6-14
upgrades with auto-extract 6-13
Virtual Private Network
See VPN
virtual router 40-1, 40-2
virtual switches and PAgP 37-6
vlan.dat file 13-5
VLAN 1
disabling on a trunk port 13-22
minimization 13-22
VLAN ACLs
See VLAN maps
vlan-assignment response, VMPS 13-29
VLAN configuration
at bootup 13-8
saving 13-8
VLAN configuration mode 2-2, 13-7
VLAN database
and startup configuration file 13-8
and VTP 14-1
VLAN configuration saved in 13-7
VLANs saved in 13-4
vlan database command 13-7
vlan dot1q tag native command 17-5
VLAN filtering and SPAN 30-7
vlan global configuration command 13-7
VLAN ID, discovering 7-28
VLAN link state 11-5
VLAN load balancing on flex links
configuration guidelines 21-8
described 21-2
VLAN management domain 14-2
VLAN Management Policy Server
See VMPS
VLAN map entries, order of 34-31
VLAN maps
applying 34-35
common uses for 34-35
configuration guidelines 34-31
configuring 34-30
creating 34-32
defined 34-2
denying access to a server example 34-35
denying and permitting packets 34-32
displaying 34-41
examples of ACLs and VLAN maps 34-33
removing 34-35
support for 1-9
VLAN membership
confirming 13-32
modes 13-3
VLAN Query Protocol
See VQP
VLANs
adding 13-9
adding to VLAN database 13-9
aging dynamic addresses 18-9
allowed on trunk 13-22
and spanning-tree instances 13-3, 13-6, 13-13
configuration guidelines, extended-range VLANs 13-13
configuration guidelines, normal-range VLANs 13-6
configuration options 13-7
configuring 13-1
configuring IDs 1006 to 4094 13-13
connecting through SVIs 11-7
creating in config-vlan mode 13-9
creating in VLAN configuration mode 13-10
customer numbering in service-provider networks 17-3
default configuration 13-8
deleting 13-10
described 11-2, 13-1
displaying 13-16
extended-range 13-1, 13-12
features 1-8
illustrated 13-2
internal 13-13
in the switch stack 13-6
limiting source traffic with RSPAN 30-20
limiting source traffic with SPAN 30-16
modifying 13-9
multicast 24-18
native, configuring 13-24
normal-range 13-1, 13-4
number supported 1-8
parameters 13-5
port membership modes 13-3
static-access ports 13-11
STP and IEEE 802.1Q trunks 18-11
supported 13-2
Token Ring 13-6
traffic between 13-2
VLAN-bridge STP 18-11, 46-2
VTP modes 14-3
VLAN Trunking Protocol
See VTP
VLAN trunks 13-16
VMPS
administering 13-33
configuration example 13-34
configuration guidelines 13-30
default configuration 13-30
description 13-28
dynamic port membership
described 13-29
reconfirming 13-32
troubleshooting 13-33
mapping MAC addresses to VLANs 13-28
monitoring 13-33
reconfirmation interval, changing 13-32
reconfirming membership 13-32
retry count, changing 13-32
voice aware 802.1x security
port-based authentication
configuring 10-39
described 10-27, 10-39
voice-over-IP 15-1
voice VLAN
Cisco 7960 phone, port connections 15-1
configuration guidelines 15-3
configuring IP phones for data traffic
override CoS of incoming frame 15-6
trust CoS priority of incoming frame 15-6
configuring ports for voice traffic in
IEEE 802.1p priority tagged frames 15-5
IEEE 802.1Q frames 15-5
connecting to an IP phone 15-4
default configuration 15-3
described 15-1
displaying 15-7
IP phone data traffic, described 15-2
IP phone voice traffic, described 15-2
VPN
configuring routing in 38-85
forwarding 38-79
in service provider networks 38-76
routes 38-77
VPN routing and forwarding table
See VRF
VQP 1-8, 13-28
VRF
defining 38-78
tables 38-76
VRF-aware services
ARP 38-81
configuring 38-81
ftp 38-84
HSRP 38-82
ping 38-81
SNMP 38-82
syslog 38-83
tftp 38-84
traceroute 38-83
uRPF 38-82
VRFs, configuring multicast 38-84
VTP
adding a client to a domain 14-14
advertisements 13-20, 14-3
and extended-range VLANs 14-2
and normal-range VLANs 14-2
client mode, configuring 14-11
configuration
global configuration mode 14-7
guidelines 14-8
privileged EXEC mode 14-7
requirements 14-9
saving 14-7
VLAN configuration mode 14-8
configuration mode options 14-7
configuration requirements 14-9
configuration revision number
guideline 14-14
resetting 14-15
configuring
client mode 14-11
server mode 14-9
transparent mode 14-12
consistency checks 14-4
default configuration 14-7
described 14-1
disabling 14-12
domain names 14-8
domains 14-2
Layer 2 protocol tunneling 17-8
modes
client 14-3, 14-11
server 14-3, 14-9
transitions 14-3
transparent 14-3, 14-12
monitoring 14-16
passwords 14-8
pruning
disabling 14-14
enabling 14-14
examples 14-5
overview 14-4
support for 1-8
pruning-eligible list, changing 13-23
server mode, configuring 14-9
statistics 14-16
support for 1-8
Token Ring support 14-4
transparent mode, configuring 14-12
using 14-1
version, guidelines 14-9
Version 1 14-4
Version 2
configuration guidelines 14-9
disabling 14-13
enabling 14-13
overview 14-4
W
WCCP
authentication 43-4
configuration guidelines 43-6
default configuration 43-6
described 43-2
displaying 43-10
dynamic service groups 43-4
enabling 43-6
features unsupported 43-5
forwarding method 43-3
Layer-2 header rewrite 43-3
MD5 security 43-4
message exchange 43-3
monitoring and maintaining 43-10
negotiation 43-3
packet redirection 43-4
packet-return method 43-3
redirecting traffic received from a client 43-6
setting the password 43-7
unsupported WCCPv2 features 43-5
web authentication 10-14
configuring 10-62, 10-65
described 1-9, 10-27
fallback for IEEE 802.1x 10-64
Web Cache Communication Protocol
See WCCP
weighted tail drop
See WTD
weight thresholds in tracked lists 42-5
wired location service
configuring 28-9
displaying 28-10
location TLV 28-3
understanding 28-3
wizards 1-3
WTD
described 36-13
setting thresholds
egress queue-sets 36-71
ingress queues 36-67
support for 1-12