Catalyst 2960 Switch Software Configuration Guide, Rel. 12.2(44)SE
Index
Downloads: This chapterpdf (PDF - 1.31MB) The complete bookPDF (PDF - 9.19MB) | Feedback

Index

Table Of Contents

A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - Q - R - S - T - U - V - W - X -

Index

A

abbreviating commands 2-4

AC (command switch) 5-9

access-class command 29-34

access control entries

See ACEs

access-denied response, VMPS 12-24

access groups, applying IPv4 ACLs to interfaces 29-35

accessing

clusters, switch 5-12

command switches 5-10

member switches 5-12

switch clusters 5-12

access lists

See ACLs

access ports

in switch clusters 5-8

access ports, defined 10-2

accounting

with 802.1x 9-32

with IEEE 802.1x 9-9

with RADIUS 8-28

with TACACS+ 8-11, 8-17

ACEs

and QoS 31-6

defined 29-20

Ethernet 29-20

IP 29-20

ACLs

ACEs 29-20

any keyword 29-27

applying

time ranges to 29-32

to an interface 29-34

to QoS 31-6

classifying traffic for QoS 31-40

comments in 29-33

compiling 29-35

defined 29-19, 29-23

examples of 29-35, 31-40

extended IP, configuring for QoS classification 31-41

extended IPv4

creating 29-26

matching criteria 29-23

hardware and software handling 29-35

host keyword 29-28

IP

creating 29-23

fragments and QoS guidelines 31-31

implicit deny 29-25, 29-29, 29-31

implicit masks 29-25

matching criteria 29-23

undefined 29-35

IPv4

applying to interfaces 29-34

creating 29-23

matching criteria 29-23

named 29-30

numbers 29-24

terminal lines, setting on 29-34

unsupported features 29-22

MAC extended 29-37, 31-42

matching 29-23, 29-35

monitoring 29-40

named, IPv4 29-30

number per QoS class map 31-31

QoS 31-6, 31-40

resequencing entries 29-30

standard IP, configuring for QoS classification 31-40

standard IPv4

creating 29-25

matching criteria 29-23

support for 1-8

support in hardware 29-35

time ranges 29-32

unsupported features, IPv4 29-22

active link 18-4, 18-5, 18-6

active links 18-2

active traffic monitoring, IP SLAs 30-1

address aliasing 20-2

addresses

displaying the MAC address table 6-26

dynamic

accelerated aging 15-8

changing the aging time 6-21

default aging 15-8

defined 6-19

learning 6-20

removing 6-22

MAC, discovering 6-26

multicast, STP address management 15-8

static

adding and removing 6-24

defined 6-19

address resolution 6-26

Address Resolution Protocol

See ARP

advertisements

CDP 22-1

LLDP 23-2

VTP 12-16, 13-3

aggregatable global unicast addresses 32-3

aggregated ports

See EtherChannel

aggregate policers 31-48

aggregate policing 1-10

aging, accelerating 15-8

aging time

accelerated

for MSTP 16-23

for STP 15-8, 15-21

MAC address table 6-21

maximum

for MSTP 16-23, 16-24

for STP 15-21, 15-22

alarms, RMON 26-3

allowed-VLAN list 12-18

ARP

defined 1-5, 6-26

table

address resolution 6-26

managing 6-26

attributes, RADIUS

vendor-proprietary 8-31

vendor-specific 8-29

audience xxxi

authentication

local mode with AAA 8-32

NTP associations 6-4

RADIUS

key 8-21

login 8-23

TACACS+

defined 8-11

key 8-13

login 8-14

See also port-based authentication

authentication failed VLAN

See restricted VLAN

authoritative time source, described 6-2

authorization

with RADIUS 8-27

with TACACS+ 8-11, 8-16

authorized ports with IEEE 802.1x 9-8

autoconfiguration 3-3

automatic discovery

considerations

beyond a noncandidate device 5-7

brand new switches 5-8

connectivity 5-4

different VLANs 5-6

management VLANs 5-7

non-CDP-capable devices 5-6

noncluster-capable devices 5-6

in switch clusters 5-4

See also CDP

automatic QoS

See QoS

automatic recovery, clusters 5-9

See also HSRP

auto-MDIX

configuring 10-15

described 10-15

autonegotiation

duplex mode 1-3

interface configuration guidelines 10-12

mismatches 35-11

autosensing, port speed 1-3

auxiliary VLAN

See voice VLAN

availability, features 1-6

B

BackboneFast

described 17-5

disabling 17-14

enabling 17-13

support for 1-6

backup interfaces

See Flex Links

backup links 18-2

banners

configuring

login 6-19

message-of-the-day login 6-18

default configuration 6-17

when displayed 6-17

Berkeley r-tools replacement 8-44

binding database

DHCP snooping

See DHCP snooping binding database

bindings

DHCP snooping database 19-5

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets 21-7

booting

boot loader, function of 3-2

boot process 3-1

manually 3-17

specific image 3-18

boot loader

accessing 3-18

described 3-2

environment variables 3-18

prompt 3-18

trap-door mechanism 3-2

BPDU

error-disabled state 17-2

filtering 17-3

RSTP format 16-12

BPDU filtering

described 17-3

disabling 17-12

enabling 17-12

support for 1-7

BPDU guard

described 17-2

disabling 17-12

enabling 17-11

support for 1-7

bridge protocol data unit

See BPDU

broadcast storm-control command 21-4

broadcast storms 21-1

C

cables, monitoring for unidirectional links 24-1

candidate switch

automatic discovery 5-4

defined 5-3

requirements 5-3

See also command switch, cluster standby group, and member switch

CA trustpoint

configuring 8-40

defined 8-38

caution, described xxxii

CDP

and trusted boundary 31-36

automatic discovery in switch clusters 5-4

configuring 22-2

default configuration 22-2

defined with LLDP 23-1

described 22-1

disabling for routing device22-3to 22-4

enabling and disabling

on an interface 22-4

on a switch 22-3

monitoring 22-4

overview 22-1

support for 1-5

transmission timer and holdtime, setting 22-2

updates 22-2

CGMP

as IGMP snooping learning method 20-8

joining multicast group 20-3

CipherSuites 8-39

Cisco 7960 IP Phone 14-1

Cisco Discovery Protocol

See CDP

Cisco IOS File System

See IFS

Cisco IOS IP Service Level Agreements (SLAs) responder 1-4

Cisco IOS IP SLAs 30-1

Cisco Network Assistant

See Network Assistant

CiscoWorks 2000 1-4, 28-4

CIST regional root

See MSTP

CIST root

See MSTP

civic location 23-3

class maps for QoS

configuring 31-43

described 31-7

displaying 31-68

class of service

See CoS

clearing interfaces 10-19

CLI

abbreviating commands 2-4

command modes 2-1

configuration logging 2-5

described 1-4

editing features

enabling and disabling 2-7

keystroke editing 2-7

wrapped lines 2-9

error messages 2-5

filtering command output 2-10

getting help 2-3

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

managing clusters 5-13

no and default forms of commands 2-4

client mode, VTP 13-3

clock

See system clock

cluster requirements xxxiii

clusters, switch

accessing 5-12

automatic discovery 5-4

automatic recovery 5-9

benefits 1-2

compatibility 5-4

described 5-1

LRE profile considerations 5-13

managing

through CLI 5-13

through SNMP 5-14

planning 5-4

planning considerations

automatic discovery 5-4

automatic recovery 5-9

CLI 5-13

host names 5-12

IP addresses 5-12

LRE profiles 5-13

passwords 5-12

RADIUS 5-13

SNMP 5-13, 5-14

TACACS+ 5-13

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

automatic recovery 5-11

considerations 5-10

defined 5-2

requirements 5-3

virtual IP address 5-10

See also HSRP

CNS 1-5

Configuration Engine

configID, deviceID, hostname 4-3

configuration service 4-2

described 4-1

event service 4-3

embedded agents

described 4-5

enabling automated configuration 4-6

enabling configuration agent 4-9

enabling event agent 4-8

management functions 1-4

Coarse Wave Division Multiplexer

See CWDM SFPs

command-line interface

See CLI

command modes 2-1

commands

abbreviating 2-4

no and default 2-4

commands, setting privilege levels 8-8

command switch

accessing 5-10

active (AC) 5-9

configuration conflicts 35-11

defined 5-2

passive (PC) 5-9

password privilege levels 5-14

priority 5-9

recovery

from command-switch failure 5-9, 35-7

from lost member connectivity 35-11

redundant 5-9

replacing

with another switch 35-9

with cluster member 35-8

requirements 5-3

standby (SC) 5-9

See also candidate switch, cluster standby group, member switch, and standby command switch

community strings

configuring 5-13, 28-8

for cluster switches 28-4

in clusters 5-13

overview 28-4

SNMP 5-13

compatibility, feature 21-12

config.text 3-16

configurable leave timer, IGMP 20-5

configuration, initial

defaults 1-12

Express Setup 1-2

See also getting started guide and hardware installation guide

configuration changes, logging 27-10

configuration conflicts, recovering from lost member connectivity 35-11

configuration examples, network 1-14

configuration files

archiving B-19

clearing the startup configuration B-18

creating using a text editor B-9

default name 3-16

deleting a stored configuration B-18

described B-8

downloading

automatically 3-16

preparing B-10, B-12, B-15

reasons for B-8

using FTP B-13

using RCP B-16

using TFTP B-11

guidelines for creating and using B-9

guidelines for replacing and rolling back B-20

invalid combinations when copying B-5

limiting TFTP server access 28-15

obtaining with DHCP 3-8

password recovery disable considerations 8-5

replacing a running configuration B-18, B-19

rolling back a running configuration B-18, B-20

specifying the filename 3-16

system contact and location information 28-14

types and location B-9

uploading

preparing B-10, B-12, B-15

reasons for B-8

using FTP B-14

using RCP B-17

using TFTP B-11

configuration logger 27-10

configuration logging 2-5

configuration replacement B-18

configuration rollback B-18, B-19

configuration settings, saving 3-15

configure terminal command 10-5

configuring small-frame arrival rate 21-5

config-vlan mode 2-2, 12-6

conflicts, configuration 35-11

connections, secure remote 8-33

connectivity problems 35-12, 35-13, 35-15

consistency checks in VTP Version 2 13-4

console port, connecting to 2-10

control protocol, IP SLAs 30-4

conventions

command xxxii

for examples xxxii

publication xxxii

text xxxii

corrupted software, recovery steps with Xmodem 35-2

CoS

in Layer 2 frames 31-2

override priority 14-6

trust priority 14-6

CoS input queue threshold map for QoS 31-14

CoS output queue threshold map for QoS 31-17

CoS-to-DSCP map for QoS 31-51

counters, clearing interface 10-19

crashinfo file 35-21

critical authentication, IEEE 802.1x 9-36

cryptographic software image

SSH 8-33

SSL 8-37

CWDM SFPs 1-19

D

daylight saving time 6-13

debugging

enabling all system diagnostics 35-19

enabling for a specific feature 35-18

redirecting error message output 35-19

using commands 35-18

default commands 2-4

default configuration

802.1x 9-21

auto-QoS 31-19

banners 6-17

booting 3-16

CDP 22-2

DHCP 19-7

DHCP option 82 19-7

DHCP snooping 19-7

DHCP snooping binding database 19-7

DNS 6-16

EtherChannel 34-9

Ethernet interfaces 10-9

Flex Links 18-8

IGMP filtering 20-24

IGMP snooping 20-6, 33-5, 33-6

IGMP throttling 20-24

initial switch information 3-3

IP SLAs 30-5

IPv6 32-13

Layer 2 interfaces 10-9

LLDP 23-3

MAC address table 6-21

MAC address-table move update 18-8

MSTP 16-14

MVR 20-19

NTP 6-4

optional spanning-tree configuration 17-9

password and privilege level 8-2

RADIUS 8-20

RMON 26-3

RSPAN 25-9

SDM template 7-2

SNMP 28-6

SPAN 25-9

SSL 8-40

standard QoS 31-29

STP 15-11

system message logging 27-3

system name and prompt 6-15

TACACS+ 8-13

UDLD 24-4

VLAN, Layer 2 Ethernet interfaces 12-16

VLANs 12-7

VMPS 12-25

voice VLAN 14-3

VTP 13-6

default gateway 3-14

deleting VLANs 12-10

denial-of-service attack 21-1

description command 10-16

designing your network, examples 1-14

destination addresses

in IPv4 ACLs 29-27

destination-IP address-based forwarding, EtherChannel 34-7

destination-MAC address forwarding, EtherChannel 34-7

detecting indirect link failures, STP 17-5

device B-22

device discovery protocol 22-1, 23-1

device manager

benefits 1-2

described 1-2, 1-4

in-band management 1-5

requirements xxxii

upgrading a switch B-22

DHCP

Cisco IOS server database

configuring 19-10

enabling

relay agent 19-8

DHCP-based autoconfiguration

client request message exchange 3-4

configuring

client side 3-3

DNS 3-7

relay device 3-7

server side 3-6

TFTP server 3-7

example 3-9

lease options

for IP address information 3-6

for receiving the configuration file 3-6

overview 3-3

relationship to BOOTP 3-3

relay support 1-5

support for 1-5

DHCP-based autoconfiguration and image update

configuring3-11to 3-14

understanding3-4to 3-5

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP option 82

circuit ID suboption 19-5

configuration guidelines 19-7

default configuration 19-7

displaying 19-12

overview 19-3

packet format, suboption

circuit ID 19-5

remote ID 19-5

remote ID suboption 19-5

DHCP snooping

accepting untrusted packets form edge switch 19-3, 19-9

binding database

See DHCP snooping binding database

configuration guidelines 19-7

default configuration 19-7

displaying binding tables 19-12

message exchange process 19-4

option 82 data insertion 19-3

trusted interface 19-2

untrusted interface 19-2

untrusted messages 19-2

DHCP snooping binding database

adding bindings 19-11

binding entries, displaying 19-12

binding file

format 19-6

location 19-5

bindings 19-5

clearing agent statistics 19-11

configuration guidelines 19-8

configuring 19-11

default configuration 19-7

deleting

binding file 19-11

bindings 19-11

database agent 19-11

described 19-5

displaying 19-12

displaying status and statistics 19-12

enabling 19-11

entry 19-5

renewing database 19-11

resetting

delay value 19-11

timeout value 19-11

DHCP snooping binding table

See DHCP snooping binding database

Differentiated Services architecture, QoS 31-2

Differentiated Services Code Point 31-2

directed unicast requests 1-5

directories

changing B-3

creating and removing B-4

displaying the working B-3

discovery, clusters

See automatic discovery

DNS

and DHCP-based autoconfiguration 3-7

default configuration 6-16

displaying the configuration 6-17

in IPv6 32-4

overview 6-15

setting up 6-16

support for 1-5

documentation, related xxxii

document conventions xxxii

domain names

DNS 6-15

VTP 13-8

Domain Name System

See DNS

downloading

configuration files

preparing B-10, B-12, B-15

reasons for B-8

using FTP B-13

using RCP B-16

using TFTP B-11

image files

deleting old image B-26

preparing B-25, B-28, B-32

reasons for B-22

using CMS 1-2

using FTP B-29

using HTTP 1-2, B-22

using RCP B-33

using TFTP B-25

using the device manager or Network Assistant B-22

DSCP 1-10, 31-2

DSCP input queue threshold map for QoS 31-14

DSCP output queue threshold map for QoS 31-17

DSCP-to-CoS map for QoS 31-54

DSCP-to-DSCP-mutation map for QoS 31-55

DSCP transparency 31-37

DTP 1-7, 12-15

Dual IPv4-and-IPv6 SDM Templates 32-12

dual IPv4 and IPv6 templates 32-1, 32-12

dual protocol stacks

IPv4 and IPv6 32-12

SDM templates supporting 32-12

dual-purpose uplinks

defined 10-4

LEDs 10-4

link selection 10-4

setting the type 10-10

dynamic access ports

characteristics 12-3

configuring 12-27

defined 10-3

dynamic addresses

See addresses

dynamic auto trunking mode 12-15

dynamic desirable trunking mode 12-15

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described 12-25

reconfirming 12-27

troubleshooting 12-29

types of connections 12-27

Dynamic Trunking Protocol

See DTP

E

editing features

enabling and disabling 2-7

keystrokes used 2-7

wrapped lines 2-9

ELIN location 23-3

enable password 8-3

enable secret password 8-3

encryption, CipherSuite 8-39

encryption for passwords 8-3

environment variables, function of 3-19

error-disabled state, BPDU 17-2

error messages during command entry 2-5

EtherChannel

automatic creation of 34-4, 34-5

channel groups

binding physical and logical interfaces 34-3

numbering of 34-3

configuration guidelines 34-9

configuring Layer 2 interfaces 34-10

default configuration 34-9

described 34-2

displaying status 34-16

forwarding methods 34-6, 34-12

IEEE 802.3ad, described 34-5

interaction

with STP 34-9

with VLANs 34-10

LACP

described 34-5

displaying status 34-16

hot-standby ports 34-14

interaction with other features 34-6

modes 34-5

port priority 34-15

system priority 34-15

load balancing 34-6, 34-12

PAgP

aggregate-port learners 34-13

compatibility with Catalyst 1900 34-13

described 34-4

displaying status 34-16

interaction with other features 34-5

learn method and priority configuration 34-13

modes 34-4

support for 1-3

port-channel interfaces

described 34-3

numbering of 34-3

port groups 10-3

support for 1-3

EtherChannel guard

described 17-7

disabling 17-14

enabling 17-14

Ethernet VLANs

adding 12-8

defaults and ranges 12-7

modifying 12-8

EUI 32-3

events, RMON 26-3

examples

conventions for xxxii

network configuration 1-14

expedite queue for QoS 31-67

Express Setup 1-2

See also getting started guide

extended crashinfo file 35-21

extended-range VLANs

configuration guidelines 12-12

configuring 12-11

creating 12-12

defined 12-1

extended system ID

MSTP 16-17

STP 15-4, 15-14

extended universal identifier

See EUI

Extensible Authentication Protocol over LAN 9-1

F

fa0 interface 1-6

Fast Convergence 18-3

features, incompatible 21-12

fiber-optic, detecting unidirectional links 24-1

files

basic crashinfo

description 35-21

location 35-21

copying B-4

crashinfo, description 35-21

deleting B-5

displaying the contents of B-7

extended crashinfo

description 35-21

location 35-22

tar

creating B-6

displaying the contents of B-6

extracting B-7

image file format B-23

file system

displaying available file systems B-2

displaying file information B-3

local file system names B-1

network file system names B-4

setting the default B-2

filtering

non-IP traffic 29-37

show and more command output 2-10

filtering show and more command output 2-10

filters, IP

See ACLs, IP

flash device, number of B-1

Flex Link Multicast Fast Convergence 18-3

Flex Links

configuration guidelines 18-8

configuring 18-9

configuring preferred VLAN 18-12

configuring VLAN load balancing 18-11

default configuration 18-8

description 18-2

link load balancing 18-2

monitoring 18-14

VLANs 18-2

flooded traffic, blocking 21-8

flow-based packet classification 1-10

flowcharts

QoS classification 31-6

QoS egress queueing and scheduling 31-15

QoS ingress queueing and scheduling 31-13

QoS policing and marking 31-9

flowcontrol

configuring 10-14

described 10-14

forward-delay time

MSTP 16-23

STP 15-21

FTP

accessing MIB files A-3

configuration files

downloading B-13

overview B-12

preparing the server B-12

uploading B-14

image files

deleting old image B-30

downloading B-29

preparing the server B-28

uploading B-30

G

general query 18-5

Generating IGMP Reports 18-4

get-bulk-request operation 28-3

get-next-request operation 28-3, 28-4

get-request operation 28-3, 28-4

get-response operation 28-3

global configuration mode 2-2

global leave, IGMP 20-12

guest VLAN and 802.1x 9-12

guide

audience xxxi

purpose of xxxi

guide mode 1-2

GUIs

See device manager and Network Assistant

H

hello time

MSTP 16-22

STP 15-20

help, for the command line 2-3

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

history table, level and number of syslog messages 27-10

host names, in clusters 5-12

hosts, limit on dynamic ports 12-29

HP OpenView 1-4

HSRP

automatic cluster recovery 5-11

cluster standby group considerations 5-10

See also clusters, cluster standby group, and standby command switch

HTTP over SSL

see HTTPS

HTTPS 8-38

configuring 8-41

self-signed certificate 8-38

HTTP secure server 8-38

I

ICMP

IPv6 32-4

time-exceeded messages 35-15

traceroute and 35-15

ICMP ping

executing 35-13

overview 35-12

ICMPv6 32-4

IDS appliances

and ingress RSPAN 25-20

and ingress SPAN 25-13

IEEE 802.1D

See STP

IEEE 802.1p 14-1

IEEE 802.1Q

and trunk ports 10-3

configuration limitations 12-15

encapsulation 12-14

native VLAN for untagged traffic 12-20

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3x flow control 10-14

ifIndex values, SNMP 28-5

IFS 1-5

IGMP

configurable leave timer

described 20-5

enabling 20-10

flooded multicast traffic

controlling the length of time 20-11

disabling on an interface 20-12

global leave 20-12

query solicitation 20-12

recovering from flood mode 20-12

joining multicast group 20-3

join messages 20-3

leave processing, enabling 20-10, 33-9

leaving multicast group 20-5

queries 20-4

report suppression

described 20-6

disabling 20-15, 33-11

supported versions 20-2

support for 1-3

IGMP filtering

configuring 20-24

default configuration 20-24

described 20-23

monitoring 20-28

support for 1-4

IGMP groups

configuring filtering 20-26

setting the maximum number 20-26

IGMP Immediate Leave

configuration guidelines 20-10

described 20-5

enabling 20-10

IGMP profile

applying 20-25

configuration mode 20-24

configuring 20-24

IGMP snooping

and address aliasing 20-2

configuring 20-6

default configuration 20-6, 33-5, 33-6

definition 20-1

enabling and disabling 20-7, 33-6

global configuration 20-7

Immediate Leave 20-5

method 20-8

monitoring 20-15, 33-11

querier

configuration guidelines 20-13

configuring 20-13

supported versions 20-2

support for 1-3

VLAN configuration 20-7

IGMP throttling

configuring 20-26

default configuration 20-24

described 20-23

displaying action 20-28

Immediate Leave, IGMP 20-5

enabling 33-9

inaccessible authentication bypass 9-14

initial configuration

defaults 1-12

Express Setup 1-2

See also getting started guide and hardware installation guide

interface

number 10-5

range macros 10-7

interface command 10-5

interface configuration mode 2-3

interfaces

auto-MDIX, configuring 10-15

configuration guidelines

duplex and speed 10-12

configuring

procedure 10-5

counters, clearing 10-19

default configuration 10-9

described 10-16

descriptive name, adding 10-16

displaying information about 10-18

flow control 10-14

management 1-4

monitoring 10-18

naming 10-16

physical, identifying 10-5

range of 10-6

restarting 10-19

shutting down 10-19

speed and duplex, configuring 10-13

status 10-18

supported 10-5

types of 10-1

interfaces range macro command 10-7

interface types 10-5

Internet Protocol version 6

See IPv6

Intrusion Detection System

See IDS appliances

inventory management TLV 23-3, 23-6

IP ACLs

for QoS classification 31-6

implicit deny 29-25, 29-29

implicit masks 29-25

named 29-30

undefined 29-35

IP addresses

128-bit 32-2

candidate or member 5-3, 5-12

cluster access 5-2

command switch 5-3, 5-10, 5-12

discovering 6-26

IPv6 32-2

redundant clusters 5-10

standby command switch 5-10, 5-12

See also IP information

ip igmp profile command 20-24

IP information

assigned

manually 3-14

through DHCP-based autoconfiguration 3-3

default configuration 3-3

IP phones

and QoS 14-1

automatic classification and queueing 31-18

configuring 14-4

ensuring port security with QoS 31-35

trusted boundary for QoS 31-35

IP precedence 31-2

IP-precedence-to-DSCP map for QoS 31-52

IP protocols in ACLs 29-27

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 30-1

IP SLAs

benefits 30-2

configuration guidelines 30-5

Control Protocol 30-4

default configuration 30-5

definition 30-1

measuring network performance 30-3

monitoring 30-7

operation 30-3

responder

described 30-4

enabling 30-6

response time 30-4

SNMP support 30-2

supported metrics 30-2

IP traceroute

executing 35-16

overview 35-15

IPv4 ACLs

applying to interfaces 29-34

extended, creating 29-26

named 29-30

standard, creating 29-25

IPv4 and IPv6

differences 32-2

dual protocol stacks 32-10

IPv6

addresses 32-2

address formats 32-2

advantages 32-2

applications 32-9

autoconfiguration 32-4

autogenerated address 32-6

configuring static routes 32-15

default configuration 32-13

defined 32-1

duplicate-address detection 32-5

global prefixes 32-5

ICMP 32-4

ICMP rate limiting 32-14

link-local address 32-5

monitoring 32-17

neighbor discovery 32-4

reasons for 32-1

router advertisement messages 32-5

router advertisements 32-5

SDM templates 32-12, 33-1

Stateless Autoconfiguration 32-4

supported features 32-3

J

join messages, IGMP 20-3

L

LACP

See EtherChannel

Layer 2 frames, classification with CoS 31-2

Layer 2 interfaces, default configuration 10-9

Layer 2 traceroute

and ARP 35-14

and CDP 35-14

broadcast traffic 35-14

described 35-14

IP addresses and subnets 35-14

MAC addresses and VLANs 35-14

multicast traffic 35-14

multiple devices on a port 35-15

unicast traffic 35-14

usage guidelines 35-14

Layer 3 packets, classification methods 31-2

LDAP 4-2

Leaking IGMP Reports 18-4

LEDs, switch

See hardware installation guide

lightweight directory access protocol

See LDAP

line configuration mode 2-3

Link Aggregation Control Protocol

See EtherChannel

link failure, detecting unidirectional 16-8

Link Layer Discovery Protocol

See CDP

link local unicast addresses 32-3

link redundancy

See Flex Links

links, unidirectional 24-1

link-state tracking

configuring 34-19

described 34-17

LLDP

configuring 23-3

characteristics 23-4

default configuration 23-3

disabling and enabling

globally 23-5

on an interface 23-5

monitoring and maintaining 23-7

overview 23-1

supported TLVs 23-2

switch stack considerations 23-2

transmission timer and holdtime, setting 23-4

LLDP-MED

configuring

procedures 23-3

TLVs 23-6

monitoring and maintaining 23-7

overview 23-1, 23-2

supported TLVs 23-2

LLDP Media Endpoint Discovery

See LLDP-MED

local SPAN 25-2

location TLV 23-3, 23-6

login authentication

with RADIUS 8-23

with TACACS+ 8-14

login banners 6-17

log messages

See system message logging

Long-Reach Ethernet (LRE) technology 1-15

loop guard

described 17-9

enabling 17-15

support for 1-7

LRE profiles, considerations in switch clusters 5-13

M

MAC/PHY configuration status TLV 23-2

MAC addresses

aging time 6-21

and VLAN association 6-20

building the address table 6-20

default configuration 6-21

discovering 6-26

displaying 6-26

dynamic

learning 6-20

removing 6-22

in ACLs 29-37

static

adding 6-24

allowing 6-25

characteristics of 6-24

dropping 6-25

removing 6-24

MAC address notification, support for 1-11

MAC address-table move update

configuration guidelines 18-8

configuring 18-12

default configuration 18-8

description 18-6

monitoring 18-14

MAC address-to-VLAN mapping 12-24

MAC authentication bypass 9-10

MAC extended access lists

applying to Layer 2 interfaces 29-39

configuring for QoS 31-42

creating 29-37

defined 29-37

for QoS classification 31-5

macros

See Smartports macros

magic packet 9-17

manageability features 1-5

management access

in-band

browser session 1-5

CLI session 1-6

device manager 1-5

SNMP 1-6

out-of-band console port connection 1-6

management address TLV 23-2

management options

CLI 2-1

clustering 1-3

CNS 4-1

Network Assistant 1-2

overview 1-4

management VLAN

considerations in switch clusters 5-7

discovery through different management VLANs 5-7

mapping tables for QoS

configuring

CoS-to-DSCP 31-51

DSCP 31-50

DSCP-to-CoS 31-54

DSCP-to-DSCP-mutation 31-55

IP-precedence-to-DSCP 31-52

policed-DSCP 31-53

described 31-10

marking

action with aggregate policers 31-48

described 31-4, 31-8

matching, IPv4 ACLs 29-23

maximum aging time

MSTP 16-23

STP 15-21

maximum hop count, MSTP 16-24

membership mode, VLAN port 12-3

member switch

automatic discovery 5-4

defined 5-2

managing 5-13

passwords 5-12

recovering from lost connectivity 35-11

requirements 5-3

See also candidate switch, cluster standby group, and standby command switch

messages, to users through banners 6-17

MIBs

accessing files with FTP A-3

location of files A-3

overview 28-1

SNMP interaction with 28-4

supported A-1

mirroring traffic for analysis 25-1

mismatches, autonegotiation 35-11

module number 10-5

monitoring

access groups 29-40

cables for unidirectional links 24-1

CDP 22-4

features 1-11

Flex Links 18-14

IGMP

filters 20-28

snooping 20-15, 33-11

interfaces 10-18

IP SLAs operations 30-7

IPv4 ACL configuration 29-40

IPv6 32-17

MAC address-table move update 18-14

multicast router interfaces 20-16, 33-12

MVR 20-22

network traffic for analysis with probe 25-2

port

blocking 21-19

protection 21-19

SFP status 10-18, 35-12

speed and duplex mode 10-13

traffic flowing among switches 26-1

traffic suppression 21-18

VLANs 12-14

VMPS 12-28

VTP 13-16

mrouter Port 18-3

mrouter port 18-5

MSTP

boundary ports

configuration guidelines 16-15

described 16-6

BPDU filtering

described 17-3

enabling 17-12

BPDU guard

described 17-2

enabling 17-11

CIST, described 16-3

CIST regional root 16-3

CIST root 16-5

configuration guidelines 16-15, 17-10

configuring

forward-delay time 16-23

hello time 16-22

link type for rapid convergence 16-24

maximum aging time 16-23

maximum hop count 16-24

MST region 16-16

neighbor type 16-25

path cost 16-20

port priority 16-19

root switch 16-17

secondary root switch 16-18

switch priority 16-21

CST

defined 16-3

operations between regions 16-4

default configuration 16-14

default optional feature configuration 17-9

displaying status 16-26

enabling the mode 16-16

EtherChannel guard

described 17-7

enabling 17-14

extended system ID

effects on root switch 16-17

effects on secondary root switch 16-18

unexpected behavior 16-17

IEEE 802.1s

implementation 16-6

port role naming change 16-7

terminology 16-5

instances supported 15-9

interface state, blocking to forwarding 17-2

interoperability and compatibility among modes 15-10

interoperability with IEEE 802.1D

described 16-8

restarting migration process 16-25

IST

defined 16-3

master 16-3

operations within a region 16-3

loop guard

described 17-9

enabling 17-15

mapping VLANs to MST instance 16-16

MST region

CIST 16-3

configuring 16-16

described 16-2

hop-count mechanism 16-5

IST 16-3

supported spanning-tree instances 16-2

optional features supported 1-7

overview 16-2

Port Fast

described 17-2

enabling 17-10

preventing root switch selection 17-8

root guard

described 17-8

enabling 17-15

root switch

configuring 16-17

effects of extended system ID 16-17

unexpected behavior 16-17

shutdown Port Fast-enabled port 17-2

status, displaying 16-26

multicast groups

Immediate Leave 20-5

joining 20-3

leaving 20-5

static joins 20-9, 33-8

multicast router interfaces, monitoring 20-16, 33-12

multicast router ports, adding 20-9, 33-8

multicast storm 21-1

multicast storm-control command 21-4

multicast television application 20-17

multicast VLAN 20-16

Multicast VLAN Registration

See MVR

MVR

and address aliasing 20-20

and IGMPv3 20-20

configuration guidelines 20-19

configuring interfaces 20-21

default configuration 20-19

described 20-16

example application 20-17

modes 20-20

monitoring 20-22

multicast television application 20-17

setting global parameters 20-20

support for 1-3

N

NAC

critical authentication 9-14, 9-36

IEEE 802.1x authentication using a RADIUS server 9-40

IEEE 802.1x validation using RADIUS server 9-40

inaccessible authentication bypass 9-36

Layer 2 IEEE 802.1x validation 1-9, 9-19, 9-40

named IPv4 ACLs 29-30

NameSpace Mapper

See NSM

native VLAN

configuring 12-20

default 12-20

neighbor discovery, IPv6 32-4

Network Admission Control

See NAC

Network Admission Control Software Configuration Guide 9-42, 9-43

Network Assistant

benefits 1-2

described 1-4

downloading image files 1-2

guide mode 1-2

management options 1-2

requirements xxxii

upgrading a switch B-22

wizards 1-2

network configuration examples

increasing network performance 1-14

long-distance, high-bandwidth transport 1-19

providing network services 1-15

server aggregation and Linux server cluster 1-17

small to medium-sized network 1-18

network design

performance 1-15

services 1-15

network management

CDP 22-1

RMON 26-1

SNMP 28-1

network performance, measuring with IP SLAs 30-3

network policy TLV 23-2, 23-6

Network Time Protocol

See NTP

no commands 2-4

nonhierarchical policy maps

described 31-8

non-IP traffic filtering 29-37

nontrunking mode 12-15

normal-range VLANs 12-4

configuration guidelines 12-5

configuration modes 12-6

configuring 12-4

defined 12-1

note, described xxxii

NSM 4-3

NTP

associations

authenticating 6-4

defined 6-2

enabling broadcast messages 6-6

peer 6-5

server 6-5

default configuration 6-4

displaying the configuration 6-11

overview 6-2

restricting access

creating an access group 6-8

disabling NTP services per interface 6-10

source IP address, configuring 6-10

stratum 6-2

support for 1-5

NTP

synchronizing devices 6-5

time

services 6-2

synchronizing 6-2

O

optimizing system resources 7-1

options, management 1-4

out-of-profile markdown 1-11

P

packet modification, with QoS 31-17

PAgP

See EtherChannel

passwords

default configuration 8-2

disabling recovery of 8-5

encrypting 8-3

for security 1-8

in clusters 5-12

overview 8-1

recovery of 35-3

setting

enable 8-3

enable secret 8-3

Telnet 8-6

with usernames 8-6

VTP domain 13-8

path cost

MSTP 16-20

STP 15-18

PC (passive command switch) 5-9

performance, network design 1-14

performance features 1-3

persistent self-signed certificate 8-38

per-VLAN spanning-tree plus

See PVST+

physical ports 10-2

PIM-DVMRP, as snooping method 20-8

ping

character output description 35-13

executing 35-13

overview 35-12

policed-DSCP map for QoS 31-53

policers

configuring

for each matched traffic class 31-45

for more than one traffic class 31-48

described 31-4

displaying 31-68

number of 31-31

types of 31-8

policing

described 31-4

token-bucket algorithm 31-8

policy maps for QoS

characteristics of 31-45

described 31-7

displaying 31-68

nonhierarchical on physical ports

described 31-8

port ACLs, described 29-20

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting 9-9

authentication server

defined 9-3

RADIUS server 9-3

client, defined 9-3

configuration guidelines 9-22

configuring

802.1x authentication 9-25

guest VLAN 9-33

host mode 9-28

inaccessible authentication bypass 9-36

manual re-authentication of a client 9-29

periodic re-authentication 9-28

quiet period 9-29

RADIUS server 9-27

RADIUS server parameters on the switch 9-26

restricted VLAN 9-34

switch-to-client frame-retransmission number 9-31

switch-to-client retransmission time 9-30

default configuration 9-21

described 9-1

device roles 9-3

displaying statistics 9-44

EAPOL-start frame 9-6

EAP-request/identity frame 9-6

EAP-response/identity frame 9-6

encapsulation 9-3

guest VLAN

configuration guidelines 9-13, 9-14

described 9-12

host mode 9-8

inaccessible authentication bypass

configuring 9-36

described 9-14

guidelines 9-23

initiation and message exchange 9-6

magic packet 9-17

method lists 9-25

multiple-hosts mode, described 9-9

ports

authorization state and dot1x port-control command 9-8

authorized and unauthorized 9-8

critical 9-14

voice VLAN 9-15

port security

and voice VLAN 9-17

described 9-16

interactions 9-16

multiple-hosts mode 9-9

readiness check

configuring 9-24

described 9-10, 9-24

resetting to default values 9-44

statistics, displaying 9-44

switch

as proxy 9-3

RADIUS client 9-3

upgrading from a previous release 9-24

VLAN assignment

AAA authorization 9-25

characteristics 9-11

configuration tasks 9-12

described 9-11

voice VLAN

described 9-15

PVID 9-15

VVID 9-15

wake-on-LAN, described 9-17

port blocking 1-3, 21-7

port-channel

See EtherChannel

port description TLV 23-2

Port Fast

described 17-2

enabling 17-10

mode, spanning tree 12-25

support for 1-7

port membership modes, VLAN 12-3

port priority

MSTP 16-19

STP 15-16

ports

access 10-2

blocking 21-7

dual-purpose uplink 10-4

dynamic access 12-3

protected 21-6

secure 21-8

static-access 12-3, 12-10

switch 10-2

trunks 12-3, 12-14

VLAN assignments 12-10

port security

aging 21-17

and QoS trusted boundary 31-35

configuring 21-12

default configuration 21-11

described 21-8

displaying 21-19

on trunk ports 21-14

sticky learning 21-9

violations 21-10

with other features 21-11

port-shutdown response, VMPS 12-24

port VLAN ID TLV 23-2

power management TLV 23-2, 23-6

preemption, default configuration 18-8

preemption delay, default configuration 18-8

preferential treatment of traffic

See QoS

preventing unauthorized access 8-1

primary links 18-2

priority

overriding CoS 14-6

trusting CoS 14-6

private VLAN edge ports

See protected ports

privileged EXEC mode 2-2

privilege levels

changing the default for lines 8-9

command switch 5-14

exiting 8-9

logging into 8-9

mapping on member switches 5-14

overview 8-2, 8-7

setting a command with 8-8

protected ports 1-8, 21-6

proxy reports 18-4

pruning, VTP

disabling

in VTP domain 13-14

on a port 12-20

enabling

in VTP domain 13-14

on a port 12-19

examples 13-5

overview 13-4

pruning-eligible list

changing 12-19

for VTP pruning 13-4

VLANs 13-14

PVST+

described 15-9

IEEE 802.1Q trunking interoperability 15-10

instances supported 15-9

Q

QoS

and MQC commands 31-1

auto-QoS

categorizing traffic 31-19

configuration and defaults display 31-28

configuration guidelines 31-23

described 31-18

disabling 31-25

displaying generated commands 31-25

displaying the initial configuration 31-28

effects on running configuration 31-23

egress queue defaults 31-19

enabling for VoIP 31-24

example configuration 31-26

ingress queue defaults 31-19

list of generated commands 31-20

basic model 31-4

classification

class maps, described 31-7

defined 31-4

DSCP transparency, described 31-37

flowchart 31-6

forwarding treatment 31-3

in frames and packets 31-3

IP ACLs, described 31-5, 31-6

MAC ACLs, described 31-5, 31-6

options for IP traffic 31-5

options for non-IP traffic 31-5

policy maps, described 31-7

trust DSCP, described 31-5

trusted CoS, described 31-5

trust IP precedence, described 31-5

class maps

configuring 31-43

displaying 31-68

QoS

configuration guidelines

auto-QoS 31-23

standard QoS 31-31

configuring

aggregate policers 31-48

auto-QoS 31-18

default port CoS value 31-35

DSCP maps 31-50

DSCP transparency 31-37

DSCP trust states bordering another domain 31-37

egress queue characteristics 31-61

ingress queue characteristics 31-56

IP extended ACLs 31-41

IP standard ACLs 31-40

MAC ACLs 31-42

port trust states within the domain 31-33

trusted boundary 31-35

default auto configuration 31-19

default standard configuration 31-29

displaying statistics 31-68

DSCP transparency 31-37

egress queues

allocating buffer space 31-61

buffer allocation scheme, described 31-16

configuring shaped weights for SRR 31-65

configuring shared weights for SRR 31-66

described 31-4

displaying the threshold map 31-64

flowchart 31-15

mapping DSCP or CoS values 31-64

scheduling, described 31-4

setting WTD thresholds 31-61

WTD, described 31-17

enabling globally 31-32

QoS

flowcharts

classification 31-6

egress queueing and scheduling 31-15

ingress queueing and scheduling 31-13

policing and marking 31-9

implicit deny 31-7

ingress queues

allocating bandwidth 31-59

allocating buffer space 31-58

buffer and bandwidth allocation, described 31-14

configuring shared weights for SRR 31-59

configuring the priority queue 31-60

described 31-4

displaying the threshold map 31-58

flowchart 31-13

mapping DSCP or CoS values 31-57

priority queue, described 31-14

scheduling, described 31-4

setting WTD thresholds 31-57

WTD, described 31-14

IP phones

automatic classification and queueing 31-18

detection and trusted settings 31-18, 31-35

limiting bandwidth on egress interface 31-67

mapping tables

CoS-to-DSCP 31-51

displaying 31-68

DSCP-to-CoS 31-54

DSCP-to-DSCP-mutation 31-55

IP-precedence-to-DSCP 31-52

policed-DSCP 31-53

types of 31-10

marked-down actions 31-47

marking, described 31-4, 31-8

overview 31-2

packet modification 31-17

QoS

policers

configuring 31-47, 31-49

described 31-8

displaying 31-68

number of 31-31

types of 31-8

policies, attaching to an interface 31-8

policing

described 31-4, 31-8

token bucket algorithm 31-8

policy maps

characteristics of 31-45

displaying 31-68

nonhierarchical on physical ports 31-45

QoS label, defined 31-4

queues

configuring egress characteristics 31-61

configuring ingress characteristics 31-56

high priority (expedite) 31-17, 31-67

location of 31-11

SRR, described 31-12

WTD, described 31-11

rewrites 31-17

support for 1-10

trust states

bordering another domain 31-37

described 31-5

trusted device 31-35

within the domain 31-33

quality of service

See QoS

queries, IGMP 20-4

query solicitation, IGMP 20-12

R

RADIUS

attributes

vendor-proprietary 8-31

vendor-specific 8-29

configuring

accounting 8-28

authentication 8-23

authorization 8-27

communication, global 8-21, 8-29

communication, per-server 8-20, 8-21

multiple UDP ports 8-20

default configuration 8-20

defining AAA server groups 8-25

displaying the configuration 8-31

identifying the server 8-20

in clusters 5-13

limiting the services to the user 8-27

method list, defined 8-19

operation of 8-19

overview 8-18

suggested network environments 8-18

support for 1-9

tracking services accessed by user 8-28

range

macro 10-7

of interfaces 10-6

rapid convergence 16-10

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described 15-9

IEEE 802.1Q trunking interoperability 15-10

instances supported 15-9

Rapid Spanning Tree Protocol

See RSTP

rcommand command 5-13

RCP

configuration files

downloading B-16

overview B-15

preparing the server B-15

uploading B-17

image files

deleting old image B-35

downloading B-33

preparing the server B-32

uploading B-35

readiness check

port-based authentication

configuring 9-24

described 9-10, 9-24

reconfirmation interval, VMPS, changing 12-27

reconfirming dynamic VLAN membership 12-27

recovery procedures 35-1

redundancy

EtherChannel 34-3

STP

backbone 15-8

path cost 12-22

port priority 12-21

redundant links and UplinkFast 17-13

reloading software 3-20

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN 25-2

report suppression, IGMP

described 20-6

disabling 20-15, 33-11

requirements

cluster xxxiii

device manager xxxii

Network Assistant xxxii

resequencing ACL entries 29-30

resetting a UDLD-shutdown interface 24-6

responder, IP SLAs

described 30-4

enabling 30-6

response time, measuring with IP SLAs 30-4

restricted VLAN

configuring 9-34

described 9-13

using with IEEE 802.1x 9-13

restricting access

NTP services 6-8

overview 8-1

passwords and privilege levels 8-2

RADIUS 8-17

TACACS+ 8-10

retry count, VMPS, changing 12-28

RFC

1112, IP multicast and IGMP 20-2

1157, SNMPv1 28-2

1305, NTP 6-2

1757, RMON 26-2

1901, SNMPv2C 28-2

1902 to 1907, SNMPv2 28-2

2236, IP multicast and IGMP 20-2

2273-2275, SNMPv3 28-2

RMON

default configuration 26-3

displaying status 26-6

enabling alarms and events 26-3

groups supported 26-2

overview 26-1

statistics

collecting group Ethernet 26-5

collecting group history 26-5

support for 1-11

root guard

described 17-8

enabling 17-15

support for 1-7

root switch

MSTP 16-17

STP 15-14

RSPAN

characteristics 25-7

configuration guidelines 25-16

default configuration 25-9

defined 25-2

destination ports 25-6

displaying status 25-22

interaction with other features 25-8

monitored ports 25-5

monitoring ports 25-6

overview 1-11, 25-1

received traffic 25-4

sessions

creating 25-16

defined 25-3

limiting source traffic to specific VLANs 25-21

specifying monitored ports 25-16

with ingress traffic enabled 25-20

source ports 25-5

transmitted traffic 25-5

VLAN-based 25-6

RSTP

active topology 16-9

BPDU

format 16-12

processing 16-13

designated port, defined 16-9

designated switch, defined 16-9

interoperability with IEEE 802.1D

described 16-8

restarting migration process 16-25

topology changes 16-13

overview 16-8

port roles

described 16-9

synchronized 16-11

proposal-agreement handshake process 16-10

rapid convergence

described 16-10

edge ports and Port Fast 16-10

point-to-point links 16-10, 16-24

root ports 16-10

root port, defined 16-9

See also MSTP

running configuration

replacing B-18, B-19

rolling back B-18, B-20

running configuration, saving 3-15

S

SC (standby command switch) 5-9

scheduled reloads 3-20

SCP

and SSH 8-44

configuring 8-44

SDM

described 7-1

templates

configuring 7-3

number of 7-1

SDM template

configuration guidelines 7-2

configuring 7-2

types of 7-1

Secure Copy Protocol

secure HTTP client

configuring 8-43

displaying 8-44

secure HTTP server

configuring 8-42

displaying 8-44

secure MAC addresses

deleting 21-16

maximum number of 21-9

types of 21-9

secure ports, configuring 21-8

secure remote connections 8-33

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port 21-8

security features 1-8

See SCP

sequence numbers in log messages 27-8

server mode, VTP 13-3

service-provider network, MSTP and RSTP 16-1

set-request operation 28-4

setup program

failed command switch replacement 35-9

replacing failed command switch 35-8

severity levels, defining in system messages 27-8

SFPs

monitoring status of 10-18, 35-12

security and identification 35-11

status, displaying 35-12

shaped round robin

See SRR

show access-lists hw-summary command 29-35

show and more command output, filtering 2-10

show cdp traffic command 22-5

show cluster members command 5-13

show configuration command 10-16

show forward command 35-19

show interfaces command 10-13, 10-16

show interfaces switchport 18-4

show lldp traffic command 23-8

show platform forward command 35-19

show running-config command

displaying ACLs 29-34, 29-35

interface description in 10-16

shutdown command on interfaces 10-19

Simple Network Management Protocol

See SNMP

small-frame arrival rate, configuring 21-5

Smartports macros

applying Cisco-default macros 11-6

applying global parameter values 11-5, 11-6

applying macros 11-5

applying parameter values 11-5, 11-7

configuration guidelines 11-2

creating 11-4

default configuration 11-2

defined 11-1

displaying 11-8

tracing 11-3

website 11-2

SNAP 22-1

SNMP

accessing MIB variables with 28-4

agent

described 28-4

disabling 28-7

and IP SLAs 30-2

authentication level 28-10

community strings

configuring 28-8

for cluster switches 28-4

overview 28-4

configuration examples 28-16

default configuration 28-6

engine ID 28-7

groups 28-7, 28-9

host 28-7

ifIndex values 28-5

in-band management 1-6

in clusters 5-13

informs

and trap keyword 28-11

described 28-5

differences from traps 28-5

disabling 28-14

enabling 28-14

limiting access by TFTP servers 28-15

limiting system log messages to NMS 27-10

manager functions 1-4, 28-3

managing clusters with 5-14

MIBs

location of A-3

supported A-1

notifications 28-5

overview 28-1, 28-4

security levels 28-3

status, displaying 28-17

system contact and location 28-14

trap manager, configuring 28-13

traps

described 28-3, 28-5

differences from informs 28-5

disabling 28-14

enabling 28-11

enabling MAC address notification 6-22

overview 28-1, 28-4

types of 28-11

users 28-7, 28-9

versions supported 28-2

SNMP and Syslog Over IPv6 32-10

SNMPv1 28-2

SNMPv2C 28-2

SNMPv3 28-2

snooping, IGMP 20-1

software images

location in flash B-23

recovery procedures 35-2

scheduling reloads 3-20

tar file format, described B-23

See also downloading and uploading

source addresses

in IPv4 ACLs 29-27

source-and-destination-IP address based forwarding, EtherChannel 34-7

source-and-destination MAC address forwarding, EtherChannel 34-7

source-IP address based forwarding, EtherChannel 34-7

source-MAC address forwarding, EtherChannel 34-6

SPAN

configuration guidelines 25-10

default configuration 25-9

destination ports 25-6

displaying status 25-22

interaction with other features 25-8

monitored ports 25-5

monitoring ports 25-6

overview 1-11, 25-1

ports, restrictions 21-12

received traffic 25-4

sessions

configuring ingress forwarding 25-14, 25-21

creating 25-10

defined 25-3

limiting source traffic to specific VLANs 25-14

removing destination (monitoring) ports 25-12

specifying monitored ports 25-10

with ingress traffic enabled 25-13

source ports 25-5

transmitted traffic 25-5

VLAN-based 25-6

spanning tree and native VLANs 12-16

Spanning Tree Protocol

See STP

SPAN traffic 25-4

SRR

configuring

shaped weights on egress queues 31-65

shared weights on egress queues 31-66

shared weights on ingress queues 31-59

described 31-12

shaped mode 31-12

shared mode 31-12

support for 1-11

SSH

configuring 8-34

cryptographic software image 8-33

described 1-6, 8-33

encryption methods 8-34

user authentication methods, supported 8-34

SSL

configuration guidelines 8-40

configuring a secure HTTP client 8-43

configuring a secure HTTP server 8-41

cryptographic software image 8-37

described 8-37

monitoring 8-44

standby command switch

configuring

considerations 5-10

defined 5-2

priority 5-9

requirements 5-3

virtual IP address 5-10

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

standby links 18-2

startup configuration

booting

manually 3-17

specific image 3-18

clearing B-18

configuration file

automatically downloading 3-16

specifying the filename 3-16

default boot configuration 3-16

static access ports

assigning to VLAN 12-10

defined 10-3, 12-3

static addresses

See addresses

static MAC addressing 1-8

static routes

configuring for IPv6 32-15

static VLAN membership 12-2

statistics

802.1x 9-44

CDP 22-4

interface 10-18

LLDP 23-7

LLDP-MED 23-7

QoS ingress and egress 31-68

RMON group Ethernet 26-5

RMON group history 26-5

SNMP input and output 28-17

VTP 13-16

sticky learning 21-9

storm control

configuring 21-3

described 21-1

disabling 21-5

displaying 21-19

support for 1-3

thresholds 21-1

STP

accelerating root port selection 17-4

BackboneFast

described 17-5

disabling 17-14

enabling 17-13

BPDU filtering

described 17-3

disabling 17-12

enabling 17-12

BPDU guard

described 17-2

disabling 17-12

enabling 17-11

BPDU message exchange 15-3

configuration guidelines 15-12, 17-10

configuring

forward-delay time 15-21

hello time 15-20

maximum aging time 15-21

path cost 15-18

port priority 15-16

root switch 15-14

secondary root switch 15-16

spanning-tree mode 15-13

switch priority 15-19

transmit hold-count 15-22

counters, clearing 15-22

default configuration 15-11

default optional feature configuration 17-9

designated port, defined 15-3

designated switch, defined 15-3

detecting indirect link failures 17-5

disabling 15-14

displaying status 15-22

EtherChannel guard

described 17-7

disabling 17-14

enabling 17-14

STP

extended system ID

effects on root switch 15-14

effects on the secondary root switch 15-16

overview 15-4

unexpected behavior 15-14

features supported 1-6

IEEE 802.1D and bridge ID 15-4

IEEE 802.1D and multicast addresses 15-8

IEEE 802.1t and VLAN identifier 15-4

inferior BPDU 15-3

instances supported 15-9

interface state, blocking to forwarding 17-2

interface states

blocking 15-6

disabled 15-7

forwarding 15-5, 15-6

learning 15-6

listening 15-6

overview 15-4

interoperability and compatibility among modes 15-10

limitations with IEEE 802.1Q trunks 15-10

load sharing

overview 12-20

using path costs 12-22

using port priorities 12-21

loop guard

described 17-9

enabling 17-15

modes supported 15-9

multicast addresses, effect of 15-8

optional features supported 1-7

overview 15-2

path costs 12-22, 12-23

Port Fast

described 17-2

enabling 17-10

port priorities 12-21

STP

preventing root switch selection 17-8

protocols supported 15-9

redundant connectivity 15-8

root guard

described 17-8

enabling 17-15

root port, defined 15-3

root switch

configuring 15-14

effects of extended system ID 15-4, 15-14

election 15-3

unexpected behavior 15-14

shutdown Port Fast-enabled port 17-2

status, displaying 15-22

superior BPDU 15-3

timers, described 15-20

UplinkFast

described 17-3

enabling 17-13

stratum, NTP 6-2

success response, VMPS 12-24

summer time 6-13

SunNet Manager 1-4

switch clustering technology 5-1

See also clusters, switch

switch console port 1-6

Switch Database Management

See SDM

Switched Port Analyzer

See SPAN

switched ports 10-2

switchport backup interface 18-4, 18-5

switchport block multicast command 21-8

switchport block unicast command 21-8

switchport protected command 21-7

switch priority

MSTP 16-21

STP 15-19

switch software features 1-1

syslog

See system message logging

Syslog Over IPv6 32-11

system capabilities TLV 23-2

system clock

configuring

daylight saving time 6-13

manually 6-11

summer time 6-13

time zones 6-12

displaying the time and date 6-12

overview 6-1

See also NTP

system description TLV 23-2

system message logging

default configuration 27-3

defining error message severity levels 27-8

disabling 27-4

displaying the configuration 27-13

enabling 27-4

facility keywords, described 27-13

level keywords, described 27-9

limiting messages 27-10

message format 27-2

overview 27-1

sequence numbers, enabling and disabling 27-8

setting the display destination device 27-5

synchronizing log messages 27-6

syslog facility 1-11

time stamps, enabling and disabling 27-7

UNIX syslog servers

configuring the daemon 27-12

configuring the logging facility 27-12

facilities supported 27-13

system name

default configuration 6-15

default setting 6-15

manual configuration 6-15

See also DNS

system name TLV 23-2

system prompt, default setting 6-14, 6-15

system resources, optimizing 7-1

T

TACACS+

accounting, defined 8-11

authentication, defined 8-11

authorization, defined 8-11

configuring

accounting 8-17

authentication key 8-13

authorization 8-16

login authentication 8-14

default configuration 8-13

displaying the configuration 8-17

identifying the server 8-13

in clusters 5-13

limiting the services to the user 8-16

operation of 8-12

overview 8-10

support for 1-9

tracking services accessed by user 8-17

tar files

creating B-6

displaying the contents of B-6

extracting B-7

image file format B-23

TDR 1-12

Telnet

accessing management interfaces 2-10

number of connections 1-6

setting a password 8-6

templates, SDM 7-2

temporary self-signed certificate 8-38

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password 8-6

TFTP

configuration files

downloading B-11

preparing the server B-10

uploading B-11

configuration files in base directory 3-7

configuring for autoconfiguration 3-7

image files

deleting B-26

downloading B-25

preparing the server B-25

uploading B-27

limiting access by servers 28-15

TFTP server 1-5

threshold, traffic level 21-2

time

See NTP and system clock

Time Domain Reflector

See TDR

time-range command 29-32

time ranges in ACLs 29-32

time stamps in log messages 27-7

time zones 6-12

TLVs

defined 23-2

LLDP 23-2

LLDP-MED 23-2

Token Ring VLANs

support for 12-5

VTP support 13-4

ToS 1-10

traceroute, Layer 2

and ARP 35-14

and CDP 35-14

broadcast traffic 35-14

described 35-14

IP addresses and subnets 35-14

MAC addresses and VLANs 35-14

multicast traffic 35-14

multiple devices on a port 35-15

unicast traffic 35-14

usage guidelines 35-14

traceroute command 35-16

See also IP traceroute

traffic

blocking flooded 21-8

fragmented 29-21

unfragmented 29-21

traffic policing 1-10

traffic suppression 21-1

transmit hold-count

see STP

transparent mode, VTP 13-3, 13-12

trap-door mechanism 3-2

traps

configuring MAC address notification 6-22

configuring managers 28-11

defined 28-3

enabling 6-22, 28-11

notification types 28-11

overview 28-1, 28-4

troubleshooting

connectivity problems 35-12, 35-13, 35-15

detecting unidirectional links 24-1

displaying crash information 35-21

setting packet forwarding 35-19

SFP security and identification 35-11

show forward command 35-19

with CiscoWorks 28-4

with debug commands 35-18

with ping 35-12

with system message logging 27-1

with traceroute 35-15

trunk failover

See link-state tracking

trunking encapsulation 1-7

trunk ports

configuring 12-17

defined 10-3, 12-3

trunks

allowed-VLAN list 12-18

load sharing

setting STP path costs 12-22

using STP port priorities 12-21

native VLAN for untagged traffic 12-20

parallel 12-22

pruning-eligible list 12-19

to non-DTP device 12-15

trusted boundary for QoS 31-35

trusted port states

between QoS domains 31-37

classification options 31-5

ensuring port security for IP phones 31-35

support for 1-10

within a QoS domain 31-33

trustpoints, CA 8-38

twisted-pair Ethernet, detecting unidirectional links 24-1

type of service

See ToS

U

UDLD

configuration guidelines 24-4

default configuration 24-4

disabling

globally 24-5

on fiber-optic interfaces 24-5

per interface 24-5

echoing detection mechanism 24-2

enabling

globally 24-5

per interface 24-5

link-detection mechanism 24-1

neighbor database 24-2

overview 24-1

resetting an interface 24-6

status, displaying 24-6

support for 1-6

unauthorized ports with IEEE 802.1x 9-8

unicast MAC address filtering 1-5

and adding static addresses 6-25

and broadcast MAC addresses 6-25

and CPU packets 6-25

and multicast addresses 6-25

and router MAC addresses 6-25

configuration guidelines 6-25

described 6-25

unicast storm 21-1

unicast storm control command 21-4

unicast traffic, blocking 21-8

UniDirectional Link Detection protocol

See UDLD

UNIX syslog servers

daemon configuration 27-12

facilities supported 27-13

message logging configuration 27-12

unrecognized Type-Length-Value (TLV) support 13-4

upgrading a Catalyst 2950 switch

configuration compatibility issues C-1

differences in configuration commands C-1

feature behavior incompatibilities C-5

incompatible command messages C-1

recommendations C-1

upgrading information

See release notes

upgrading software images

See downloading

UplinkFast

described 17-3

disabling 17-13

enabling 17-13

support for 1-6

uploading

configuration files

preparing B-10, B-12, B-15

reasons for B-8

using FTP B-14

using RCP B-17

using TFTP B-11

image files

preparing B-25, B-28, B-32

reasons for B-23

using FTP B-30

using RCP B-35

using TFTP B-27

user EXEC mode 2-2

username-based authentication 8-6

V

version-dependent transparent mode 13-4

virtual IP address

cluster standby group 5-10

command switch 5-10

vlan.dat file 12-4

VLAN 1, disabling on a trunk port 12-18

VLAN 1 minimization 12-18

vlan-assignment response, VMPS 12-24

VLAN configuration

at bootup 12-7

saving 12-7

VLAN configuration mode 2-2, 12-6

VLAN database

and startup configuration file 12-7

and VTP 13-1

VLAN configuration saved in 12-7

VLANs saved in 12-4

vlan database command 12-6

VLAN filtering and SPAN 25-6

vlan global configuration command 12-6

VLAN ID, discovering 6-26

VLAN load balancing on flex links 18-2

configuration guidelines 18-8

VLAN management domain 13-2

VLAN Management Policy Server

See VMPS

VLAN membership

confirming 12-27

modes 12-3

VLAN Query Protocol

See VQP

VLANs

adding 12-8

adding to VLAN database 12-8

aging dynamic addresses 15-9

allowed on trunk 12-18

and spanning-tree instances 12-2, 12-6, 12-12

configuration guidelines, extended-range VLANs 12-12

configuration guidelines, normal-range VLANs 12-5

configuration options 12-6

configuring 12-1

configuring IDs 1006 to 4094 12-12

creating in config-vlan mode 12-8

creating in VLAN configuration mode 12-9

default configuration 12-7

deleting 12-10

described 10-2, 12-1

displaying 12-14

extended-range 12-1, 12-11

features 1-7

illustrated 12-2

limiting source traffic with RSPAN 25-21

limiting source traffic with SPAN 25-14

modifying 12-8

multicast 20-16

native, configuring 12-20

normal-range 12-1, 12-4

number supported 1-7

parameters 12-4

port membership modes 12-3

static-access ports 12-10

STP and IEEE 802.1Q trunks 15-10

supported 12-2

Token Ring 12-5

traffic between 12-2

VTP modes 13-3

VLAN Trunking Protocol

See VTP

VLAN trunks 12-14

VMPS

administering 12-28

configuration example 12-29

configuration guidelines 12-25

default configuration 12-25

description 12-24

dynamic port membership

described 12-25

reconfirming 12-27

troubleshooting 12-29

entering server address 12-26

mapping MAC addresses to VLANs 12-24

monitoring 12-28

reconfirmation interval, changing 12-27

reconfirming membership 12-27

retry count, changing 12-28

voice-over-IP 14-1

voice VLAN

Cisco 7960 phone, port connections 14-1

configuration guidelines 14-3

configuring IP phones for data traffic

override CoS of incoming frame 14-6

trust CoS priority of incoming frame 14-6

configuring ports for voice traffic in

802.1p priority tagged frames 14-5

802.1Q frames 14-4

connecting to an IP phone 14-4

default configuration 14-3

described 14-1

displaying 14-6

IP phone data traffic, described 14-2

IP phone voice traffic, described 14-2

VQP 1-7, 12-24

VTP

adding a client to a domain 13-14

advertisements 12-16, 13-3

and extended-range VLANs 13-2

and normal-range VLANs 13-2

client mode, configuring 13-11

configuration

global configuration mode 13-7

guidelines 13-8

privileged EXEC mode 13-7

requirements 13-9

saving 13-7

VLAN configuration mode 13-7

configuration mode options 13-7

configuration requirements 13-9

configuration revision number

guideline 13-14

resetting 13-15

VTP

configuring

client mode 13-11

server mode 13-9

transparent mode 13-12

consistency checks 13-4

default configuration 13-6

described 13-1

disabling 13-12

domain names 13-8

domains 13-2

modes

client 13-3, 13-11

server 13-3, 13-9

transitions 13-3

transparent 13-3, 13-12

monitoring 13-16

passwords 13-8

pruning

disabling 13-14

enabling 13-14

examples 13-5

overview 13-4

support for 1-7

pruning-eligible list, changing 12-19

server mode, configuring 13-9

statistics 13-16

support for 1-7

Token Ring support 13-4

transparent mode, configuring 13-12

using 13-1

version, guidelines 13-8

Version 1 13-4

Version 2

configuration guidelines 13-8

disabling 13-13

enabling 13-13

overview 13-4

W

web authentication 9-10

configuring9-41to 9-43

described 1-8, 9-19

fallback for IEEE 802.1x 9-42

weighted tail drop

See WTD

wizards 1-2

WTD

described 31-11

setting thresholds

egress queue-sets 31-61

ingress queues 31-57

support for 1-11

X

Xmodem protocol 35-2