Catalyst 2960 Switch Software Configuration Guide, 12.2(25)FX
Index
Downloads: This chapterpdf (PDF - 1.2MB) The complete bookPDF (PDF - 7.97MB) | Feedback

Index

Table Of Contents

A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - Q - R - S - T - U - V - W - X -

Index

A

abbreviating commands     2-4

access-class command     28-16

access control entries

See ACEs

access-denied response, VMPS     12-24

access groups, applying IPv4 ACLs to interfaces     28-17

access lists

See ACLs

access ports, defined     10-2

accounting

with 802.1x     9-21

with IEEE 802.1x     9-5

with RADIUS     8-28

with TACACS+     8-11, 8-17

ACEs

and QoS     29-7

defined     28-2

Ethernet     28-2

IP     28-2

ACLs

ACEs     28-2

any keyword     28-9

applying

time ranges to     28-14

to an interface     28-17

to QoS     29-7

classifying traffic for QoS     29-40

comments in     28-15

compiling     28-18

defined     28-1, 28-5

examples of     28-18, 29-40

ACLs (continued)

extended IP

configuring for QoS classification     29-41

extended IPv4

creating     28-8

matching criteria     28-5

hardware and software handling     28-17

host keyword     28-10

IP

creating     28-5

fragments and QoS guidelines     29-31

implicit deny     28-7, 28-11, 28-13

implicit masks     28-7

matching criteria     28-5

undefined     28-17

IPv4

applying to interfaces     28-17

creating     28-5

matching criteria     28-5

named     28-12

numbers     28-6

terminal lines, setting on     28-16

unsupported features     28-5

MAC extended     28-20, 29-42

matching     28-5, 28-17

monitoring     28-22

named, IPv4     28-12

number per QoS class map     29-31

QoS     29-7, 29-40

resequencing entries     28-12

standard IP, configuring for QoS classification     29-40

ACLs (continued)

standard IPv4

creating     28-7

matching criteria     28-5

support for     1-6

support in hardware     28-17

time ranges     28-14

unsupported features, IPv4     28-5

active links     18-1

address aliasing     20-2

addresses

displaying the MAC address table     6-25

dynamic

accelerated aging     15-8

changing the aging time     6-21

default aging     15-8

defined     6-19

learning     6-20

removing     6-21

MAC, discovering     6-26

multicast, STP address management     15-8

static

adding and removing     6-23

defined     6-19

address resolution     6-26

Address Resolution Protocol

See ARP

advertisements

CDP     22-1

VTP     12-16, 13-3

aggregated ports

See EtherChannel

aggregate policers     29-48

aggregate policing     1-7

aging, accelerating     15-8

aging time

accelerated

for MSTP     16-20

for STP     15-8, 15-21

MAC address table     6-21

maximum

for MSTP     16-20, 16-21

for STP     15-21

alarms, RMON     25-3

allowed-VLAN list     12-18

ARP

defined     1-4, 6-26

table

address resolution     6-26

managing     6-26

attributes, RADIUS

vendor-proprietary     8-30

vendor-specific     8-29

audience     xxvii

authentication

local mode with AAA     8-32

NTP associations     6-5

RADIUS

key     8-21

login     8-23

TACACS+

defined     8-11

key     8-13

login     8-14

See also port-based authentication

authoritative time source, described     6-2

authorization

with RADIUS     8-27

with TACACS+     8-11, 8-16

authorized ports with IEEE 802.1x     9-4

autoconfiguration     3-3

automatic QoS

See QoS

auto-MDIX

configuring     10-15

described     10-15

autonegotiation

duplex mode     1-3

interface configuration guidelines     10-11

mismatches     31-11

autosensing, port speed     1-3

auxiliary VLAN

See voice VLAN

availability, features     1-5

B

BackboneFast

described     17-5

disabling     17-14

enabling     17-14

support for     1-5

backup interfaces

See Flex Links

backup links     18-1

banners

configuring

login     6-18

message-of-the-day login     6-18

default configuration     6-17

when displayed     6-17

binding database

DHCP snooping

See DHCP snooping binding database

bindings

DHCP snooping database     19-5

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets     21-6

booting

boot loader, function of     3-2

boot process     3-1

manually     3-13

specific image     3-13

boot loader

accessing     3-14

described     3-2

environment variables     3-14

prompt     3-14

trap-door mechanism     3-2

BPDU

error-disabled state     17-3

filtering     17-3

RSTP format     16-9

BPDU filtering

described     17-3

disabling     17-12

enabling     17-12

support for     1-5

BPDU guard

described     17-3

disabling     17-11

enabling     17-11

support for     1-5

bridge protocol data unit

See BPDU

broadcast storm-control command     21-4

broadcast storms     21-1

C

cables, monitoring for unidirectional links     24-1

candidate switch

defined     5-3

requirements     5-3

See also command switch, cluster standby group, and member switch

CA trustpoint

configuring     8-40

defined     8-38

caution, described     xxviii

CDP

and trusted boundary     29-36

configuring     22-2

default configuration     22-2

described     22-1

disabling for routing device     22-3 to  22-4

enabling and disabling

on an interface     22-4

on a switch     22-3

monitoring     22-5

overview     22-1

support for     1-4

transmission timer and holdtime, setting     22-2

updates     22-2

CGMP

as IGMP snooping learning method     20-8

joining multicast group     20-3

CipherSuites     8-39

Cisco 7960 IP Phone     14-1

Cisco Discovery Protocol

See CDP

Cisco Intelligence Engine 2100 Series Configuration Registrar

See IE2100

Cisco IOS File System

See IFS

Cisco Network Assistant

See Network Assistant

Cisco Networking Services

See IE2100

CiscoWorks 2000     1-4, 27-4

class maps for QoS

configuring     29-43

described     29-7

displaying     29-69

class of service

See CoS

clearing interfaces     10-19

CLI

abbreviating commands     2-4

command modes     2-1

described     1-4

editing features

enabling and disabling     2-7

keystroke editing     2-7

wrapped lines     2-8

error messages     2-5

filtering command output     2-9

getting help     2-3

history

changing the buffer size     2-5

described     2-5

disabling     2-6

recalling commands     2-6

managing clusters     5-3

no and default forms of commands     2-4

client mode, VTP     13-3

clock

See system clock

cluster requirements     xxix

clusters, switch

benefits     1-2

described     5-1

managing

through CLI     5-3

through SNMP     5-4

planning considerations

CLI     5-3

SNMP     5-4

See also Getting Started with Cisco Network Assistant

cluster standby group, requirements     5-2

Coarse Wave Division Multiplexer

See CWDM SFPs

command-line interface

See CLI

command modes     2-1

commands

abbreviating     2-4

no and default     2-4

commands, setting privilege levels     8-8

command switch

configuration conflicts     31-11

defined     5-2

password privilege levels     5-4

recovery

from command-switch failure     31-7

from lost member connectivity     31-11

replacing

with another switch     31-9

with cluster member     31-8

requirements     5-2

See also candidate switch, cluster standby group, member switch, and standby command switch

community strings

configuring     27-8

for cluster switches     27-4

overview     27-4

compatibility, feature     21-11

config.text     3-12

configurable leave timer, IGMP     20-5

configuration, initial

defaults     1-8

Express Setup     1-2

See also getting started guide and hardware installation guide

configuration conflicts, recovering from lost member connectivity     31-11

configuration examples, network     1-11

configuration files

clearing the startup configuration     B-19

creating using a text editor     B-10

default name     3-12

deleting a stored configuration     B-19

configuration files (continued)

described     B-8

downloading

automatically     3-12

preparing     B-10, B-13, B-16

reasons for     B-8

using FTP     B-13

using RCP     B-17

using TFTP     B-11

guidelines for creating and using     B-9

invalid combinations when copying     B-5

limiting TFTP server access     27-15

obtaining with DHCP     3-7

password recovery disable considerations     8-5

specifying the filename     3-12

system contact and location information     27-14

types and location     B-9

uploading

preparing     B-10, B-13, B-16

reasons for     B-8

using FTP     B-14

using RCP     B-18

using TFTP     B-11

configuration settings, saving     3-10

configure terminal command     10-5

config-vlan mode     2-2, 12-6

conflicts, configuration     31-11

connections, secure remote     8-33

connectivity problems     31-12, 31-13, 31-15

consistency checks in VTP Version 2     13-4

console port, connecting to     2-10

conventions

command     xxviii

for examples     xxviii

publication     xxviii

text     xxviii

corrupted software, recovery steps with Xmodem     31-2

CoS

in Layer 2 frames     29-2

override priority     14-6

trust priority     14-6

CoS input queue threshold map for QoS     29-14

CoS output queue threshold map for QoS     29-17

CoS-to-DSCP map for QoS     29-51

counters, clearing interface     10-19

crashinfo file     31-21

cryptographic software image

SSH     8-33

SSL     8-37

CWDM SFPs     1-15

D

daylight saving time     6-13

debugging

enabling all system diagnostics     31-19

enabling for a specific feature     31-18

redirecting error message output     31-19

using commands     31-18

default commands     2-4

default configuration

802.1x     9-11

auto-QoS     29-19

banners     6-17

booting     3-12

CDP     22-2

DHCP     19-7

DHCP option 82     19-7

DHCP snooping     19-7

DHCP snooping binding database     19-7

DNS     6-16

EtherChannel     30-9

Ethernet interfaces     10-9

Flex Links     18-2

IGMP filtering     20-23

IGMP snooping     20-6

default configuration (continued)

IGMP throttling     20-23

initial switch information     3-3

Layer 2 interfaces     10-9

MAC address table     6-20

MSTP     16-11

MVR     20-18

NTP     6-4

optional spanning-tree configuration     17-9

password and privilege level     8-2

RADIUS     8-20

RMON     25-3

RSPAN     23-9

SDM template     7-2

SNMP     27-6

SPAN     23-9

SSL     8-39

standard QoS     29-29

STP     15-11

system message logging     26-3

system name and prompt     6-15

TACACS+     8-13

UDLD     24-4

VLAN, Layer 2 Ethernet interfaces     12-16

VLANs     12-7

VMPS     12-25

voice VLAN     14-3

VTP     13-6

default gateway     3-10

deleting VLANs     12-9

denial-of-service attack     21-1

description command     10-16

designing your network, examples     1-11

destination addresses, in IPv4 ACLs     28-9

destination-IP address-based forwarding, EtherChannel     30-7

destination-MAC address forwarding, EtherChannel     30-6

detecting indirect link failures, STP     17-5

device     B-19

device discovery protocol     22-1

device manager

benefits     1-2

described     1-2, 1-3

in-band management     1-4

requirements     xxviii

upgrading a switch     B-19

DHCP

enabling

relay agent     19-8

DHCP-based autoconfiguration

client request message exchange     3-4

configuring

client side     3-3

DNS     3-6

relay device     3-6

server side     3-5

TFTP server     3-5

example     3-8

lease options

for IP address information     3-5

for receiving the configuration file     3-5

overview     3-3

relationship to BOOTP     3-3

relay support     1-4

support for     1-4

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP option 82

circuit ID suboption     19-5

configuration guidelines     19-7

default configuration     19-7

displaying     19-11

overview     19-3

DHCP option 82 (continued)

packet format, suboption

circuit ID     19-5

remote ID     19-5

remote ID suboption     19-5

DHCP snooping

accepting untrusted packets form edge switch     19-3, 19-9

binding database

See DHCP snooping binding database

configuration guidelines     19-7

default configuration     19-7

displaying binding tables     19-11

message exchange process     19-4

option 82 data insertion     19-3

trusted interface     19-2

untrusted interface     19-2

untrusted messages     19-2

DHCP snooping binding database

adding bindings     19-10

binding entries, displaying     19-11

binding file

format     19-6

location     19-5

bindings     19-5

clearing agent statistics     19-11

configuration guidelines     19-8

configuring     19-10

default configuration     19-7

deleting

binding file     19-11

bindings     19-11

database agent     19-11

described     19-5

displaying     19-11

displaying status and statistics     19-11

enabling     19-10

entry     19-5

renewing database     19-11

resetting

DHCP snooping binding database (continued)

delay value     19-11

timeout value     19-11

DHCP snooping binding table

See DHCP snooping binding database

Differentiated Services architecture, QoS     29-2

Differentiated Services Code Point     29-2

directed unicast requests     1-4

directories

changing     B-3

creating and removing     B-4

displaying the working     B-3

DNS

and DHCP-based autoconfiguration     3-6

default configuration     6-16

displaying the configuration     6-17

overview     6-15

setting up     6-16

support for     1-4

documentation, related     xxviii

document conventions     xxviii

domain names

DNS     6-15

VTP     13-8

Domain Name System

See DNS

downloading

configuration files

preparing     B-10, B-13, B-16

reasons for     B-8

using FTP     B-13

using RCP     B-17

using TFTP     B-11

image files

deleting old image     B-23

preparing     B-21, B-25, B-29

downloading (continued)

image files (continued)

reasons for     B-19

using CMS     1-2

using FTP     B-26

using HTTP     1-2, B-19

using RCP     B-31

using TFTP     B-22

using the device manager or Network Assistant     B-19

DSCP     1-7, 29-2

DSCP input queue threshold map for QoS     29-14

DSCP output queue threshold map for QoS     29-17

DSCP-to-CoS map for QoS     29-54

DSCP-to-DSCP-mutation map for QoS     29-55

DSCP transparency     29-36

DTP     1-6, 12-14

dual-purpose uplinks

defined     10-4

setting the type     10-11

dynamic access ports

characteristics     12-3

configuring     12-26

defined     10-3

dynamic addresses

See addresses

dynamic auto trunking mode     12-15

dynamic desirable trunking mode     12-15

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described     12-24

reconfirming     12-27

troubleshooting     12-29

types of connections     12-26

Dynamic Trunking Protocol

See DTP

E

editing features

enabling and disabling     2-7

keystrokes used     2-7

wrapped lines     2-8

enable password     8-3

enable secret password     8-3

encryption, CipherSuite     8-39

encryption for passwords     8-3

environment variables, function of     3-15

error messages during command entry     2-5

EtherChannel

automatic creation of     30-4, 30-5

channel groups

binding physical and logical interfaces     30-3

numbering of     30-3

configuration guidelines     30-9

configuring Layer 2 interfaces     30-10

default configuration     30-9

described     30-2

displaying status     30-16

forwarding methods     30-6, 30-12

IEEE 802.3ad, described     30-5

interaction

with STP     30-9

with VLANs     30-10

LACP

described     30-5

displaying status     30-16

hot-standby ports     30-14

interaction with other features     30-6

modes     30-5

port priority     30-15

system priority     30-15

load balancing     30-6, 30-12

EtherChannel (continued)

PAgP

aggregate-port learners     30-13

compatibility with Catalyst 1900     30-13

described     30-4

displaying status     30-16

interaction with other features     30-5

learn method and priority configuration     30-13

modes     30-4

support for     1-3

port-channel interfaces

described     30-3

numbering of     30-3

port groups     10-3

support for     1-3

EtherChannel guard

described     17-7

disabling     17-14

enabling     17-14

Ethernet VLANs

adding     12-8

defaults and ranges     12-7

modifying     12-8

events, RMON     25-3

examples

conventions for     xxviii

network configuration     1-11

expedite queue for QoS     29-68

Express Setup     1-2

See also getting started guide

extended-range VLANs

configuration guidelines     12-12

configuring     12-11

creating     12-12

defined     12-1

extended system ID

MSTP     16-14

STP     15-4, 15-14

Extensible Authentication Protocol over LAN     9-1

F

features, incompatible     21-11

fiber-optic, detecting unidirectional links     24-1

files

copying     B-4

crashinfo

description     31-21

displaying the contents of     31-21

location     31-21

deleting     B-5

displaying the contents of     B-8

tar

creating     B-6

displaying the contents of     B-6

extracting     B-7

image file format     B-20

file system

displaying available file systems     B-2

displaying file information     B-3

local file system names     B-1

network file system names     B-4

setting the default     B-3

filtering

non-IP traffic     28-20

show and more command output     2-9

filtering show and more command output     2-9

filters, IP

See ACLs, IP

flash device, number of     B-1

Flex Links

configuration guidelines     18-2

configuring     18-3

default configuration     18-2

description     18-1

monitoring     18-3

flooded traffic, blocking     21-7

flow-based packet classification     1-7

flowcharts

QoS classification     29-6

QoS egress queueing and scheduling     29-16

QoS ingress queueing and scheduling     29-13

QoS policing and marking     29-10

flowcontrol

configuring     10-14

described     10-14

forward-delay time

MSTP     16-20

STP     15-21

FTP

accessing MIB files     A-3

configuration files

downloading     B-13

overview     B-12

preparing the server     B-13

uploading     B-14

image files

deleting old image     B-28

downloading     B-26

preparing the server     B-25

uploading     B-28

G

get-bulk-request operation     27-3

get-next-request operation     27-3, 27-4

get-request operation     27-3, 27-4

get-response operation     27-3

global configuration mode     2-2

global leave, IGMP     20-12

guest VLAN and 802.1x     9-10

guide

audience     xxvii

purpose of     xxvii

guide mode     1-2

GUIs

See device manager and Network Assistant     1-3

H

hello time

MSTP     16-19

STP     15-20

help, for the command line     2-3

history

changing the buffer size     2-5

described     2-5

disabling     2-6

recalling commands     2-6

history table, level and number of syslog messages     26-9

hosts, limit on dynamic ports     12-29

HP OpenView     1-4

HTTP over SSL

see HTTPS

HTTPS     8-37

configuring     8-41

self-signed certificate     8-38

HTTP secure server     8-37

I

ICMP

time-exceeded messages     31-15

traceroute and     31-15

ICMP ping

executing     31-13

overview     31-12

IDS appliances

and ingress RSPAN     23-20

and ingress SPAN     23-13

IE2100

CNS embedded agents

described     4-5

enabling automated configuration     4-6

enabling configuration agent     4-9

enabling event agent     4-8

IE2100 (continued)

Configuration Registrar

configID, deviceID, hostname     4-3

configuration service     4-2

described     4-1

event service     4-3

IEEE 802.1D

See STP

IEEE 802.1p     14-1

IEEE 802.1Q

and trunk ports     10-3

configuration limitations     12-15

encapsulation     12-14

native VLAN for untagged traffic     12-19

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3x flow control     10-14

ifIndex values, SNMP     27-5

IFS     1-4

IGMP

configurable leave timer

described     20-5

enabling     20-10

flooded multicast traffic

controlling the length of time     20-11

disabling on an interface     20-12

global leave     20-12

query solicitation     20-12

recovering from flood mode     20-12

joining multicast group     20-3

join messages     20-3

leave processing, enabling     20-9

leaving multicast group     20-4

IGMP (continued)

queries     20-3

report suppression

described     20-5

disabling     20-14

supported versions     20-2

support for     1-3

IGMP filtering

configuring     20-23

default configuration     20-23

described     20-22

monitoring     20-27

support for     1-3

IGMP groups

configuring filtering     20-25

setting the maximum number     20-25

IGMP Immediate Leave

configuration guidelines     20-10

described     20-5

enabling     20-9

IGMP profile

applying     20-24

configuration mode     20-23

configuring     20-23

IGMP snooping

and address aliasing     20-2

configuring     20-6

default configuration     20-6

definition     20-1

enabling and disabling     20-6

global configuration     20-7

Immediate Leave     20-5

method     20-7

monitoring     20-14

querier

configuration guidelines     20-13

configuring     20-13

IGMP snooping (continued)

supported versions     20-2

support for     1-3

VLAN configuration     20-7

IGMP throttling

configuring     20-25

default configuration     20-23

described     20-22

displaying action     20-27

Immediate Leave, IGMP     20-5

initial configuration

defaults     1-8

Express Setup     1-2

See also getting started guide and hardware installation guide

Intelligence Engine 2100 Series CNS Agents

See IE2100

interface

number     10-5

range macros     10-7

interface command     10-5

interface configuration mode     2-3

interfaces

auto-MDIX, configuring     10-15

configuration guidelines

duplex and speed     10-11

configuring

procedure     10-5

counters, clearing     10-19

default configuration     10-9

described     10-16

descriptive name, adding     10-16

displaying information about     10-18

flow control     10-14

management     1-3

monitoring     10-18

naming     10-16

physical, identifying     10-4, 10-5

range of     10-6

interfaces (continued)

restarting     10-19

shutting down     10-19

speed and duplex, configuring     10-13

status     10-18

supported     10-4

types of     10-1

interfaces range macro command     10-7

interface types     10-5

Intrusion Detection System

See IDS appliances

IP ACLs

for QoS classification     29-7

implicit deny     28-7, 28-11

implicit masks     28-7

named     28-12

undefined     28-17

IP addresses

candidate or member     5-3

command switch     5-2

discovering     6-26

See also IP information

ip igmp profile command     20-23

IP information

assigned

manually     3-9

through DHCP-based autoconfiguration     3-3

default configuration     3-3

IP phones

and QoS     14-1

automatic classification and queueing     29-19

configuring     14-4

ensuring port security with QoS     29-35

trusted boundary for QoS     29-35

IP precedence     29-2

IP-precedence-to-DSCP map for QoS     29-52

IP protocols in ACLs     28-9

IP traceroute

executing     31-16

overview     31-15

IPv4 ACLs

applying to interfaces     28-17

extended, creating     28-8

named     28-12

standard, creating     28-7

J

join messages, IGMP     20-3

L

LACP

See EtherChannel

Layer 2 frames, classification with CoS     29-2

Layer 2 interfaces, default configuration     10-9

Layer 2 traceroute

and ARP     31-14

and CDP     31-14

broadcast traffic     31-14

described     31-14

IP addresses and subnets     31-14

MAC addresses and VLANs     31-14

multicast traffic     31-14

multiple devices on a port     31-15

unicast traffic     31-14

usage guidelines     31-14

Layer 3 packets, classification methods     29-2

LDAP     4-2

LEDs, switch

See hardware installation guide

lightweight directory access protocol

See LDAP

line configuration mode     2-3

Link Aggregation Control Protocol

See EtherChannel

link redundancy

See Flex Links

links, unidirectional     24-1

local SPAN     23-2

login authentication

with RADIUS     8-23

with TACACS+     8-14

login banners     6-17

log messages

See system message logging

Long-Reach Ethernet (LRE) technology     1-12

loop guard

described     17-9

enabling     17-15

support for     1-5

M

MAC addresses

aging time     6-21

and VLAN association     6-20

building the address table     6-20

default configuration     6-20

discovering     6-26

displaying     6-25

dynamic

learning     6-20

removing     6-21

in ACLs     28-20

static

adding     6-24

allowing     6-25

characteristics of     6-23

dropping     6-25

removing     6-24

MAC address notification, support for     1-8

MAC address-to-VLAN mapping     12-24

MAC extended access lists

applying to Layer 2 interfaces     28-21

configuring for QoS     29-42

creating     28-20

defined     28-20

for QoS classification     29-5

macros

See Smartports macros

manageability features     1-4

management access

in-band

browser session     1-4

CLI session     1-4

device manager     1-4

SNMP     1-5

out-of-band console port connection     1-5

management options

CLI     2-1

clustering     1-2

CNS     4-1

Network Assistant     1-2

overview     1-3

mapping tables for QoS

configuring

CoS-to-DSCP     29-51

DSCP     29-51

DSCP-to-CoS     29-54

DSCP-to-DSCP-mutation     29-55

IP-precedence-to-DSCP     29-52

policed-DSCP     29-53

described     29-10

marking

action in policy map     29-45

action with aggregate policers     29-48

described     29-4, 29-8

matching, IPv4 ACLs     28-5

maximum aging time

MSTP     16-20

STP     15-21

maximum hop count, MSTP     16-21

membership mode, VLAN port     12-3

member switch

defined     5-2

managing     5-3

recovering from lost connectivity     31-11

requirements     5-3

See also candidate switch, cluster standby group, and standby command switch

messages, to users through banners     6-17

MIBs

accessing files with FTP     A-3

location of files     A-3

overview     27-1

SNMP interaction with     27-4

supported     A-1

mirroring traffic for analysis     23-1

mismatches, autonegotiation     31-11

module number     10-5

monitoring

access groups     28-22

cables for unidirectional links     24-1

CDP     22-5

features     1-8

Flex Links     18-3

IGMP

filters     20-27

snooping     20-14

interfaces     10-18

IPv4 ACL configuration     28-22

multicast router interfaces     20-15

MVR     20-21

network traffic for analysis with probe     23-2

port

blocking     21-16

protection     21-16

SFP status     10-18, 31-12

speed and duplex mode     10-13

traffic flowing among switches     25-1

monitoring (continued)

traffic suppression     21-16

VLANs     12-13

VMPS     12-28

VTP     13-16

MSTP

boundary ports

configuration guidelines     16-12

described     16-5

BPDU filtering

described     17-3

enabling     17-12

BPDU guard

described     17-3

enabling     17-11

CIST, described     16-3

configuration guidelines     16-12, 17-10

configuring

forward-delay time     16-20

hello time     16-19

link type for rapid convergence     16-21

maximum aging time     16-20

maximum hop count     16-21

MST region     16-13

path cost     16-17

port priority     16-16

root switch     16-14

secondary root switch     16-15

switch priority     16-18

CST

defined     16-3

operations between regions     16-4

default configuration     16-11

default optional feature configuration     17-9

displaying status     16-22

enabling the mode     16-13

EtherChannel guard

described     17-7

enabling     17-14

MSTP (continued)

extended system ID

effects on root switch     16-14

effects on secondary root switch     16-15

unexpected behavior     16-14

instances supported     15-9

interface state, blocking to forwarding     17-2

interoperability and compatibility among modes     15-10

interoperability with IEEE 802.1D

described     16-5

restarting migration process     16-22

IST

defined     16-3

master     16-3

operations within a region     16-3

loop guard

described     17-9

enabling     17-15

mapping VLANs to MST instance     16-13

MST region

CIST     16-3

configuring     16-13

described     16-2

hop-count mechanism     16-5

IST     16-3

supported spanning-tree instances     16-2

optional features supported     1-5

overview     16-2

Port Fast

described     17-2

enabling     17-10

preventing root switch selection     17-8

root guard

described     17-8

enabling     17-15

root switch

configuring     16-14

effects of extended system ID     16-14

unexpected behavior     16-14

MSTP (continued)

shutdown Port Fast-enabled port     17-3

status, displaying     16-22

multicast groups

Immediate Leave     20-5

joining     20-3

leaving     20-4

static joins     20-9

multicast router interfaces, monitoring     20-15

multicast router ports, adding     20-8

multicast storm     21-1

multicast storm-control command     21-4

multicast television application     20-16

multicast VLAN     20-16

Multicast VLAN Registration

See MVR

MVR

and address aliasing     20-19

and IGMPv3     20-19

configuration guidelines     20-18

configuring interfaces     20-20

default configuration     20-18

described     20-16

example application     20-16

modes     20-19

monitoring     20-21

multicast television application     20-16

setting global parameters     20-19

support for     1-3

N

named IPv4 ACLs     28-12

NameSpace Mapper

See NSM

native VLAN

configuring     12-19

default     12-19

Network Assistant

benefits     1-2

described     1-3

downloading image files     1-2

guide mode     1-2

management options     1-2

requirements     xxviii

upgrading a switch     B-19

wizards     1-2

network configuration examples

increasing network performance     1-11

long-distance, high-bandwidth transport     1-15

providing network services     1-12

server aggregation and Linux server cluster     1-13

small to medium-sized network     1-14

network design

performance     1-11

services     1-12

network management

CDP     22-1

RMON     25-1

SNMP     27-1

Network Time Protocol

See NTP

no commands     2-4

nonhierarchical policy maps

configuring     29-45

described     29-9

non-IP traffic filtering     28-20

nontrunking mode     12-15

normal-range VLANs     12-4

configuration guidelines     12-5

configuration modes     12-6

configuring     12-4

defined     12-1

note, described     xxviii

NSM     4-3

NTP

associations

authenticating     6-5

defined     6-2

enabling broadcast messages     6-7

peer     6-6

server     6-6

default configuration     6-4

displaying the configuration     6-11

overview     6-2

restricting access

creating an access group     6-9

disabling NTP services per interface     6-10

source IP address, configuring     6-10

stratum     6-2

support for     1-4

synchronizing devices     6-6

time

services     6-2

synchronizing     6-2

O

optimizing system resources     7-1

options, management     1-3

out-of-profile markdown     1-7

P

packet modification, with QoS     29-18

PAgP

See EtherChannel

passwords

default configuration     8-2

disabling recovery of     8-5

encrypting     8-3

for security     1-6

overview     8-1

passwords (continued)

recovery of     31-3

setting

enable     8-3

enable secret     8-3

Telnet     8-6

with usernames     8-7

VTP domain     13-8

path cost

MSTP     16-17

STP     15-17

performance, network design     1-11

performance features     1-3

persistent self-signed certificate     8-38

per-VLAN spanning-tree plus

See PVST+

physical ports     10-2

PIM-DVMRP, as snooping method     20-7

ping

character output description     31-13

executing     31-13

overview     31-12

policed-DSCP map for QoS     29-53

policers

configuring

for each matched traffic class     29-45

for more than one traffic class     29-48

described     29-4

displaying     29-69

number of     29-31

types of     29-9

policing

described     29-4

token-bucket algorithm     29-9

policy maps for QoS

characteristics of     29-45

described     29-7

displaying     29-70

nonhierarchical on physical ports

policy maps for QoS (continued)

configuring     29-45

described     29-9

port ACLs, described     28-2

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting     9-5

authentication server

defined     9-2

RADIUS server     9-2

client, defined     9-2

configuration guidelines     9-12

configuring

802.1x authentication     9-12

guest VLAN     9-19

host mode     9-18

manual re-authentication of a client     9-15

periodic re-authentication     9-15

quiet period     9-16

RADIUS server     9-15

RADIUS server parameters on the switch     9-14

switch-to-client frame-retransmission number     9-17

switch-to-client retransmission time     9-16

default configuration     9-11

described     9-1

device roles     9-2

displaying statistics     9-22

EAPOL-start frame     9-3

EAP-request/identity frame     9-3

EAP-response/identity frame     9-3

encapsulation     9-2

guest VLAN

configuration guidelines     9-10

described     9-10

host mode     9-6

initiation and message exchange     9-3

method lists     9-12

multiple-hosts mode, described     9-6

port-based authentication (continued)

ports

authorization state and dot1x port-control command     9-4

authorized and unauthorized     9-4

voice VLAN     9-8

port security

and voice VLAN     9-8

described     9-7

interactions     9-7

multiple-hosts mode     9-7

resetting to default values     9-20

statistics, displaying     9-22

switch

as proxy     9-2

RADIUS client     9-2

VLAN assignment

AAA authorization     9-13

characteristics     9-9

configuration tasks     9-9

described     9-8

voice VLAN

described     9-8

PVID     9-8

VVID     9-8

port blocking     1-3, 21-6

port-channel

See EtherChannel

Port Fast

described     17-2

enabling     17-10

mode, spanning tree     12-25

support for     1-5

port membership modes, VLAN     12-3

port priority

MSTP     16-16

STP     15-16

ports

access     10-2

blocking     21-6

dual-purpose uplink     10-4

dynamic access     12-3

protected     21-5

secure     21-7

static-access     12-3, 12-10

switch     10-2

trunks     12-3, 12-14

VLAN assignments     12-10

port security

aging     21-15

and QoS trusted boundary     29-35

configuring     21-11

default configuration     21-10

described     21-7

displaying     21-16

on trunk ports     21-12

sticky learning     21-8

violations     21-9

with other features     21-10

port-shutdown response, VMPS     12-24

preferential treatment of traffic

See QoS

preventing unauthorized access     8-1

primary links     18-1

priority

overriding CoS     14-6

trusting CoS     14-6

private VLAN edge ports

See protected ports

privileged EXEC mode     2-2

privilege levels

changing the default for lines     8-9

command switch     5-4

exiting     8-10

privilege levels (continued)

logging into     8-10

mapping on member switches     5-4

overview     8-2, 8-8

setting a command with     8-8

protected ports     1-6, 21-5

pruning, VTP

disabling

in VTP domain     13-14

on a port     12-19

enabling

in VTP domain     13-14

on a port     12-19

examples     13-5

overview     13-4

pruning-eligible list

changing     12-19

for VTP pruning     13-4

VLANs     13-14

PVST+

described     15-9

IEEE 802.1Q trunking interoperability     15-10

instances supported     15-9

Q

QoS

and MQC commands     29-1

auto-QoS

categorizing traffic     29-19

configuration and defaults display     29-28

configuration guidelines     29-24

described     29-19

disabling     29-25

displaying generated commands     29-25

displaying the initial configuration     29-28

effects on running configuration     29-24

egress queue defaults     29-20

enabling for VoIP     29-25

QoS (continued)

auto-QoS (continued)

example configuration     29-26

ingress queue defaults     29-20

list of generated commands     29-21

basic model     29-4

classification

class maps, described     29-7

defined     29-4

DSCP transparency, described     29-36

flowchart     29-6

forwarding treatment     29-3

in frames and packets     29-3

IP ACLs, described     29-5, 29-7

MAC ACLs, described     29-5, 29-7

options for IP traffic     29-5

options for non-IP traffic     29-5

policy maps, described     29-7

trust DSCP, described     29-5

trusted CoS, described     29-5

trust IP precedence, described     29-5

class maps

configuring     29-43

displaying     29-69

configuration guidelines

auto-QoS     29-24

standard QoS     29-31

configuring

aggregate policers     29-48

auto-QoS     29-19

default port CoS value     29-34

DSCP maps     29-51

DSCP transparency     29-36

DSCP trust states bordering another domain     29-37

egress queue characteristics     29-62

ingress queue characteristics     29-57

IP extended ACLs     29-41

IP standard ACLs     29-40

MAC ACLs     29-42

QoS (continued)

configuring (continued)

policy maps on physical ports     29-45

port trust states within the domain     29-33

trusted boundary     29-35

default auto configuration     29-19

default standard configuration     29-29

displaying statistics     29-69

DSCP transparency     29-36

egress queues

allocating buffer space     29-62

buffer allocation scheme, described     29-16

configuring shaped weights for SRR     29-66

configuring shared weights for SRR     29-67

described     29-4

displaying the threshold map     29-65

flowchart     29-16

mapping DSCP or CoS values     29-64

scheduling, described     29-4

setting WTD thresholds     29-62

WTD, described     29-17

enabling globally     29-32

flowcharts

classification     29-6

egress queueing and scheduling     29-16

ingress queueing and scheduling     29-13

policing and marking     29-10

implicit deny     29-7

ingress queues

allocating bandwidth     29-60

allocating buffer space     29-59

buffer and bandwidth allocation, described     29-14

configuring shared weights for SRR     29-60

configuring the priority queue     29-61

described     29-4

displaying the threshold map     29-58

flowchart     29-13

mapping DSCP or CoS values     29-57

priority queue, described     29-15

QoS (continued)

ingress queues (continued)

scheduling, described     29-4

setting WTD thresholds     29-57

WTD, described     29-14

IP phones

automatic classification and queueing     29-19

detection and trusted settings     29-19, 29-35

limiting bandwidth on egress interface     29-68

mapping tables

CoS-to-DSCP     29-51

displaying     29-69

DSCP-to-CoS     29-54

DSCP-to-DSCP-mutation     29-55

IP-precedence-to-DSCP     29-52

policed-DSCP     29-53

types of     29-10

marked-down actions     29-47

marking, described     29-4, 29-8

overview     29-1

packet modification     29-18

policers

configuring     29-47, 29-49

described     29-8

displaying     29-69

number of     29-31

types of     29-9

policies, attaching to an interface     29-8

policing

described     29-4, 29-8

token bucket algorithm     29-9

policy maps

characteristics of     29-45

displaying     29-70

nonhierarchical on physical ports     29-45

QoS label, defined     29-4

queues

configuring egress characteristics     29-62

configuring ingress characteristics     29-57

QoS (continued)

queues (continued)

high priority (expedite)     29-18, 29-68

location of     29-11

SRR, described     29-12

WTD, described     29-12

rewrites     29-18

support for     1-7

trust states

bordering another domain     29-37

described     29-5

trusted device     29-35

within the domain     29-33

quality of service

See QoS

queries, IGMP     20-3

query solicitation, IGMP     20-12

R

RADIUS

attributes

vendor-proprietary     8-30

vendor-specific     8-29

configuring

accounting     8-28

authentication     8-23

authorization     8-27

communication, global     8-21, 8-29

communication, per-server     8-20, 8-21

multiple UDP ports     8-21

default configuration     8-20

defining AAA server groups     8-25

displaying the configuration     8-31

identifying the server     8-20

limiting the services to the user     8-27

method list, defined     8-20

operation of     8-19

overview     8-18

RADIUS (continued)

suggested network environments     8-18

support for     1-7

tracking services accessed by user     8-28

range

macro     10-7

of interfaces     10-6

rapid convergence     16-7

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described     15-9

IEEE 802.1Q trunking interoperability     15-10

instances supported     15-9

Rapid Spanning Tree Protocol

See RSTP

rcommand command     5-3

RCP

configuration files

downloading     B-17

overview     B-15

preparing the server     B-16

uploading     B-18

image files

deleting old image     B-32

downloading     B-31

preparing the server     B-29

uploading     B-32

reconfirmation interval, VMPS, changing     12-27

reconfirming dynamic VLAN membership     12-27

recovery procedures     31-1

redundancy

EtherChannel     30-2

STP

backbone     15-8

path cost     12-22

port priority     12-20

redundant links and UplinkFast     17-13

reloading software     3-15

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN     23-2

report suppression, IGMP

described     20-5

disabling     20-14

requirements

cluster     xxix

device manager     xxviii

Network Assistant     xxviii

resequencing ACL entries     28-12

resetting a UDLD-shutdown interface     24-6

restricting access

NTP services     6-8

overview     8-1

passwords and privilege levels     8-2

RADIUS     8-17

TACACS+     8-10

retry count, VMPS, changing     12-28

RFC

1112, IP multicast and IGMP     20-2

1157, SNMPv1     27-2

1305, NTP     6-2

1757, RMON     25-2

1901, SNMPv2C     27-2

1902 to 1907, SNMPv2     27-2

2236, IP multicast and IGMP     20-2

2273-2275, SNMPv3     27-2

RMON

default configuration     25-3

displaying status     25-6

enabling alarms and events     25-3

groups supported     25-2

RMON (continued)

overview     25-1

statistics

collecting group Ethernet     25-6

collecting group history     25-5

support for     1-8

root guard

described     17-8

enabling     17-15

support for     1-5

root switch

MSTP     16-14

STP     15-14

RSPAN     23-2

characteristics     23-8

configuration guidelines     23-16

default configuration     23-9

destination ports     23-6

displaying status     23-23

interaction with other features     23-8

monitored ports     23-5

monitoring ports     23-6

overview     1-8, 23-1

received traffic     23-4

sessions

creating     23-17

defined     23-3

limiting source traffic to specific VLANs     23-22

specifying monitored ports     23-17

with ingress traffic enabled     23-20

source ports     23-5

transmitted traffic     23-5

VLAN-based     23-6

RSTP

active topology     16-6

BPDU

format     16-9

processing     16-10

designated port, defined     16-6

RSTP (continued)

designated switch, defined     16-6

interoperability with IEEE 802.1D

described     16-5

restarting migration process     16-22

topology changes     16-10

overview     16-6

port roles

described     16-6

synchronized     16-8

proposal-agreement handshake process     16-7

rapid convergence

described     16-7

edge ports and Port Fast     16-7

point-to-point links     16-7, 16-21

root ports     16-7

root port, defined     16-6

See also MSTP

running configuration, saving     3-10

S

scheduled reloads     3-15

SDM

described     7-1

templates

configuring     7-2

number of     7-1

SDM template

configuration guidelines     7-2

configuring     7-2

types of     7-1

secure HTTP client

configuring     8-42

displaying     8-43

secure HTTP server

configuring     8-41

displaying     8-43

secure MAC addresses

deleting     21-14

maximum number of     21-8

types of     21-8

secure ports, configuring     21-7

secure remote connections     8-33

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port     21-7

security features     1-6

sequence numbers in log messages     26-7

server mode, VTP     13-3

service-provider network, MSTP and RSTP     16-1

set-request operation     27-4

setup program

failed command switch replacement     31-9

replacing failed command switch     31-8

severity levels, defining in system messages     26-8

SFPs

monitoring status of     10-18, 31-12

security and identification     31-11

status, displaying     31-12

shaped round robin

See SRR

show access-lists hw-summary command     28-17

show and more command output, filtering     2-9

show cdp traffic command     22-5

show cluster members command     5-3

show configuration command     10-16

show forward command     31-19

show interfaces command     10-13, 10-16

show platform forward command     31-19

show running-config command

displaying ACLs     28-16, 28-17

interface description in     10-16

shutdown command on interfaces     10-19

Simple Network Management Protocol

See SNMP

Smartports macros

applying Cisco-default macros     11-6

applying global parameter values     11-5, 11-6

applying macros     11-5

applying parameter values     11-5, 11-7

configuration guidelines     11-3

creating     11-4

default configuration     11-2

defined     11-1

displaying     11-8

tracing     11-3

website     11-2

SNAP     22-1

SNMP

accessing MIB variables with     27-4

agent

described     27-4

disabling     27-8

authentication level     27-10

community strings

configuring     27-8

for cluster switches     27-4

overview     27-4

configuration examples     27-15

default configuration     27-6

engine ID     27-7

groups     27-7, 27-9

host     27-7

ifIndex values     27-5

in-band management     1-5

informs

and trap keyword     27-11

described     27-5

differences from traps     27-5

disabling     27-14

enabling     27-14

SNMP (continued)

limiting access by TFTP servers     27-15

limiting system log messages to NMS     26-9

manager functions     1-4, 27-3

managing clusters with     5-4

MIBs

location of     A-3

supported     A-1

notifications     27-5

overview     27-1, 27-4

security levels     27-3

status, displaying     27-16

system contact and location     27-14

trap manager, configuring     27-13

traps

described     27-3, 27-5

differences from informs     27-5

disabling     27-14

enabling     27-11

enabling MAC address notification     6-21

overview     27-1, 27-4

types of     27-11

users     27-7, 27-9

versions supported     27-2

SNMPv1     27-2

SNMPv2C     27-2

SNMPv3     27-2

snooping, IGMP     20-1

software images

location in flash     B-20

recovery procedures     31-2

scheduling reloads     3-16

tar file format, described     B-20

See also downloading and uploading

source addresses, in IPv4 ACLs     28-9

source-and-destination-IP address based forwarding, EtherChannel     30-7

source-and-destination MAC address forwarding, EtherChannel     30-7

source-IP address based forwarding, EtherChannel     30-7

source-MAC address forwarding, EtherChannel     30-6

SPAN

configuration guidelines     23-10

default configuration     23-9

destination ports     23-6

displaying status     23-23

interaction with other features     23-8

monitored ports     23-5

monitoring ports     23-6

overview     1-8, 23-1

ports, restrictions     21-11

received traffic     23-4

sessions

configuring ingress forwarding     23-14, 23-21

creating     23-10

defined     23-3

limiting source traffic to specific VLANs     23-15

removing destination (monitoring) ports     23-12

specifying monitored ports     23-10

with ingress traffic enabled     23-13

source ports     23-5

transmitted traffic     23-5

VLAN-based     23-6

spanning tree and native VLANs     12-15

Spanning Tree Protocol

See STP

SPAN traffic     23-4

SRR

configuring

shaped weights on egress queues     29-66

shared weights on egress queues     29-67

shared weights on ingress queues     29-60

described     29-12

shaped mode     29-12

shared mode     29-13

support for     1-7, 1-8

SSH

configuring     8-34

cryptographic software image     8-33

described     1-4, 8-33

encryption methods     8-33

user authentication methods, supported     8-34

SSL

configuration guidelines     8-40

configuring a secure HTTP client     8-42

configuring a secure HTTP server     8-41

cryptographic software image     8-37

described     8-37

monitoring     8-43

standby command switch, requirements     5-2

standby links     18-1

startup configuration

booting

manually     3-13

specific image     3-13

clearing     B-19

configuration file

automatically downloading     3-12

specifying the filename     3-12

default boot configuration     3-12

static access ports

assigning to VLAN     12-10

defined     10-3, 12-3

static addresses

See addresses

static MAC addressing     1-6

static VLAN membership     12-2

statistics

802.1x     9-22

CDP     22-5

interface     10-18

QoS ingress and egress     29-69

RMON group Ethernet     25-6

statistics (continued)

RMON group history     25-5

SNMP input and output     27-16

VTP     13-16

sticky learning     21-8

storm control

configuring     21-3

described     21-1

disabling     21-5

displaying     21-16

support for     1-3

thresholds     21-1

STP

accelerating root port selection     17-4

BackboneFast

described     17-5

disabling     17-14

enabling     17-14

BPDU filtering

described     17-3

disabling     17-12

enabling     17-12

BPDU guard

described     17-3

disabling     17-11

enabling     17-11

BPDU message exchange     15-3

configuration guidelines     15-11, 17-10

configuring

forward-delay time     15-21

hello time     15-20

maximum aging time     15-21

path cost     15-17

port priority     15-16

root switch     15-14

secondary root switch     15-15

spanning-tree mode     15-12

switch priority     15-19

counters, clearing     15-22

STP (continued)

default configuration     15-11

default optional feature configuration     17-9

designated port, defined     15-3

designated switch, defined     15-3

detecting indirect link failures     17-5

disabling     15-13

displaying status     15-22

EtherChannel guard

described     17-7

disabling     17-14

enabling     17-14

extended system ID

effects on root switch     15-14

effects on the secondary root switch     15-15

overview     15-4

unexpected behavior     15-14

features supported     1-5

IEEE 802.1D and bridge ID     15-4

IEEE 802.1D and multicast addresses     15-8

IEEE 802.1t and VLAN identifier     15-4

inferior BPDU     15-3

instances supported     15-9

interface state, blocking to forwarding     17-2

interface states

blocking     15-6

disabled     15-7

forwarding     15-5, 15-6

learning     15-6

listening     15-6

overview     15-4

interoperability and compatibility among modes     15-10

limitations with IEEE 802.1Q trunks     15-10

load sharing

overview     12-20

using path costs     12-22

using port priorities     12-21

STP (continued)

loop guard

described     17-9

enabling     17-15

modes supported     15-9

multicast addresses, effect of     15-8

optional features supported     1-5

overview     15-2

path costs     12-22, 12-23

Port Fast

described     17-2

enabling     17-10

port priorities     12-21

preventing root switch selection     17-8

protocols supported     15-9

redundant connectivity     15-8

root guard

described     17-8

enabling     17-15

root port, defined     15-3

root switch

configuring     15-14

effects of extended system ID     15-4, 15-14

election     15-3

unexpected behavior     15-14

shutdown Port Fast-enabled port     17-3

status, displaying     15-22

superior BPDU     15-3

timers, described     15-19

UplinkFast

described     17-4

enabling     17-13

stratum, NTP     6-2

success response, VMPS     12-24

summer time     6-13

SunNet Manager     1-4

switch clustering technology     5-1

See also clusters, switch

switch console port     1-5

Switch Database Management

See SDM

Switched Port Analyzer

See SPAN

switched ports     10-2

switchport block multicast command     21-7

switchport block unicast command     21-7

switchport protected command     21-6

switch priority

MSTP     16-18

STP     15-19

switch software features     1-1

syslog

See system message logging

system clock

configuring

daylight saving time     6-13

manually     6-11

summer time     6-13

time zones     6-12

displaying the time and date     6-12

overview     6-2

See also NTP

system message logging

default configuration     26-3

defining error message severity levels     26-8

disabling     26-3

displaying the configuration     26-12

enabling     26-4

facility keywords, described     26-12

level keywords, described     26-9

limiting messages     26-9

message format     26-2

overview     26-1

sequence numbers, enabling and disabling     26-7

setting the display destination device     26-4

synchronizing log messages     26-5

syslog facility     1-8

time stamps, enabling and disabling     26-7

system message logging (continued)

UNIX syslog servers

configuring the daemon     26-11

configuring the logging facility     26-11

facilities supported     26-12

system name

default configuration     6-15

default setting     6-15

manual configuration     6-15

See also DNS

system prompt, default setting     6-14, 6-15

system resources, optimizing     7-1

T

TACACS+

accounting, defined     8-11

authentication, defined     8-11

authorization, defined     8-11

configuring

accounting     8-17

authentication key     8-13

authorization     8-16

login authentication     8-14

default configuration     8-13

displaying the configuration     8-17

identifying the server     8-13

limiting the services to the user     8-16

operation of     8-12

overview     8-10

support for     1-7

tracking services accessed by user     8-17

tar files

creating     B-6

displaying the contents of     B-6

extracting     B-7

image file format     B-20

TDR     1-8

Telnet

accessing management interfaces     2-10

number of connections     1-4

setting a password     8-6

templates, SDM     7-1

temporary self-signed certificate     8-38

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password     8-6

TFTP

configuration files

downloading     B-11

preparing the server     B-10

uploading     B-11

configuration files in base directory     3-6

configuring for autoconfiguration     3-5

image files

deleting     B-23

downloading     B-22

preparing the server     B-21

uploading     B-24

limiting access by servers     27-15

TFTP server     1-4

threshold, traffic level     21-2

time

See NTP and system clock

Time Domain Reflector

See TDR

time-range command     28-14

time ranges in ACLs     28-14

time stamps in log messages     26-7

time zones     6-12

Token Ring VLANs

support for     12-5

VTP support     13-4

ToS     1-7

traceroute, Layer 2

and ARP     31-14

and CDP     31-14

broadcast traffic     31-14

described     31-14

IP addresses and subnets     31-14

MAC addresses and VLANs     31-14

multicast traffic     31-14

multiple devices on a port     31-15

unicast traffic     31-14

usage guidelines     31-14

traceroute command     31-16

See also IP traceroute

traffic

blocking flooded     21-7

fragmented     28-3

unfragmented     28-3

traffic policing     1-7

traffic suppression     21-1

transparent mode, VTP     13-3, 13-12

trap-door mechanism     3-2

traps

configuring MAC address notification     6-21

configuring managers     27-11

defined     27-3

enabling     6-21, 27-11

notification types     27-11

overview     27-1, 27-4

troubleshooting

connectivity problems     31-12, 31-13, 31-15

detecting unidirectional links     24-1

displaying crash information     31-21

setting packet forwarding     31-19

SFP security and identification     31-11

show forward command     31-19

with CiscoWorks     27-4

with debug commands     31-18

troubleshooting (continued)

with ping     31-12

with system message logging     26-1

with traceroute     31-15

trunking encapsulation     1-6

trunk ports

configuring     12-17

defined     10-3, 12-3

trunks

allowed-VLAN list     12-18

load sharing

setting STP path costs     12-22

using STP port priorities     12-20, 12-21

native VLAN for untagged traffic     12-19

parallel     12-22

pruning-eligible list     12-19

to non-DTP device     12-14

trusted boundary for QoS     29-35

trusted port states

between QoS domains     29-37

classification options     29-5

ensuring port security for IP phones     29-35

support for     1-7

within a QoS domain     29-33

trustpoints, CA     8-37

twisted-pair Ethernet, detecting unidirectional links     24-1

type of service

See ToS

U

UDLD

configuration guidelines     24-4

default configuration     24-4

disabling

globally     24-5

on fiber-optic interfaces     24-5

per interface     24-5

UDLD (continued)

echoing detection mechanism     24-3

enabling

globally     24-5

per interface     24-5

link-detection mechanism     24-1

neighbor database     24-2

overview     24-1

resetting an interface     24-6

status, displaying     24-6

support for     1-5

unauthorized ports with IEEE 802.1x     9-4

unicast MAC address filtering     1-4

and adding static addresses     6-24

and broadcast MAC addresses     6-24

and CPU packets     6-24

and multicast addresses     6-24

and router MAC addresses     6-24

configuration guidelines     6-24

described     6-24

unicast storm     21-1

unicast storm control command     21-4

unicast traffic, blocking     21-7

UniDirectional Link Detection protocol

See UDLD

UNIX syslog servers

daemon configuration     26-11

facilities supported     26-12

message logging configuration     26-11

unrecognized Type-Length-Value (TLV) support     13-4

upgrading a Catalyst 2950 switch

configuration compatibility issues     C-1

differences in configuration commands     C-1

feature behavior incompatibilities     C-5

incompatible command messages     C-1

recommendations     C-1

upgrading information

See release notes

upgrading software images

See downloading

UplinkFast

described     17-4

disabling     17-13

enabling     17-13

support for     1-5

uploading

configuration files

preparing     B-10, B-13, B-16

reasons for     B-8

using FTP     B-14

using RCP     B-18

using TFTP     B-11

image files

preparing     B-21, B-25, B-29

reasons for     B-19

using FTP     B-28

using RCP     B-32

using TFTP     B-24

user EXEC mode     2-2

username-based authentication     8-7

V

version-dependent transparent mode     13-4

vlan.dat file     12-4

VLAN 1, disabling on a trunk port     12-18

VLAN 1 minimization     12-18

vlan-assignment response, VMPS     12-24

VLAN configuration

at bootup     12-7

saving     12-7

VLAN configuration mode     2-2, 12-6

VLAN database

and startup configuration file     12-7

and VTP     13-1

VLAN configuration saved in     12-6

VLANs saved in     12-4

vlan database command     12-6

VLAN filtering and SPAN     23-6

vlan global configuration command     12-6

VLAN ID, discovering     6-26

VLAN management domain     13-2

VLAN Management Policy Server

See VMPS

VLAN membership

confirming     12-27

modes     12-3

VLAN Query Protocol

See VQP

VLANs

adding     12-8

adding to VLAN database     12-8

aging dynamic addresses     15-9

allowed on trunk     12-18

and spanning-tree instances     12-2, 12-6, 12-12

configuration guidelines, extended-range VLANs     12-12

configuration guidelines, normal-range VLANs     12-5

configuration options     12-6

configuring     12-1

configuring IDs 1006 to 4094     12-12

creating in config-vlan mode     12-8

creating in VLAN configuration mode     12-9

default configuration     12-7

deleting     12-9

described     10-2, 12-1

displaying     12-13

extended-range     12-1, 12-11

features     1-6

illustrated     12-2

limiting source traffic with RSPAN     23-22

limiting source traffic with SPAN     23-15

modifying     12-8

multicast     20-16

native, configuring     12-19

normal-range     12-1, 12-4

number supported     1-6

VLANs (continued)

parameters     12-4

port membership modes     12-3

static-access ports     12-10

STP and IEEE 802.1Q trunks     15-10

supported     12-2

Token Ring     12-5

traffic between     12-2

VTP modes     13-3

VLAN Trunking Protocol

See VTP

VLAN trunks     12-14

VMPS

administering     12-28

configuration example     12-29

configuration guidelines     12-25

default configuration     12-25

description     12-23

dynamic port membership

described     12-24

reconfirming     12-27

troubleshooting     12-29

entering server address     12-26

mapping MAC addresses to VLANs     12-24

monitoring     12-28

reconfirmation interval, changing     12-27

reconfirming membership     12-27

retry count, changing     12-28

voice-over-IP     14-1

voice VLAN

Cisco 7960 phone, port connections     14-1

configuration guidelines     14-3

configuring IP phones for data traffic

override CoS of incoming frame     14-6

trust CoS priority of incoming frame     14-6

configuring ports for voice traffic in

802.1p priority tagged frames     14-5

802.1Q frames     14-5

connecting to an IP phone     14-4

voice VLAN (continued)

default configuration     14-3

described     14-1

displaying     14-6

IP phone data traffic, described     14-2

IP phone voice traffic, described     14-2

VQP     1-6, 12-23

VTP

adding a client to a domain     13-14

advertisements     12-16, 13-3

and extended-range VLANs     13-1

and normal-range VLANs     13-1

client mode, configuring     13-11

configuration

global configuration mode     13-7

guidelines     13-8

privileged EXEC mode     13-7

requirements     13-9

saving     13-7

VLAN configuration mode     13-7

configuration mode options     13-7

configuration requirements     13-9

configuration revision number

guideline     13-14

resetting     13-15

configuring

client mode     13-11

server mode     13-9

transparent mode     13-12

consistency checks     13-4

default configuration     13-6

described     13-1

disabling     13-12

domain names     13-8

domains     13-2

VTP (continued)

modes

client     13-3, 13-11

server     13-3, 13-9

transitions     13-3

transparent     13-3, 13-12

monitoring     13-16

passwords     13-8

pruning

disabling     13-14

enabling     13-14

examples     13-5

overview     13-4

support for     1-6

pruning-eligible list, changing     12-19

server mode, configuring     13-9

statistics     13-16

support for     1-6

Token Ring support     13-4

transparent mode, configuring     13-12

using     13-1

version, guidelines     13-8

Version 1     13-4

Version 2

configuration guidelines     13-8

disabling     13-13

enabling     13-13

overview     13-4

W

weighted tail drop

See WTD

wizards     1-2

WTD

described     29-12

setting thresholds

egress queue-sets     29-62

ingress queues     29-57

support for     1-7, 1-8

X

Xmodem protocol     31-2