Index A
abbreviating commands 2-3
AC (command switch) 6-10
access-class command 31-17
access control entries
See ACEs
access-denied response, VMPS 13-23
access groups
Layer 3 31-19
access groups, applying IPv4 ACLs to interfaces 31-18
accessing
clusters, switch 6-13
command switches 6-11
member switches 6-13
switch clusters 6-13
accessing stack members 7-21
access lists
See ACLs
access ports
in switch clusters 6-9
access ports, defined 12-3
accounting
with 802.1x 10-55
with IEEE 802.1x 10-17
with RADIUS 9-35
with TACACS+ 9-11, 9-17
ACEs
and QoS 33-8
defined 31-2
Ethernet 31-2
IP 31-2
ACLs
ACEs 31-2
any keyword 31-11
applying
time ranges to 31-15
to an interface 31-18
to QoS 33-8
classifying traffic for QoS 33-48
comments in 31-16
compiling 31-20
defined 31-1, 31-7
examples of 31-20, 33-48
extended IP, configuring for QoS classification 33-49
extended IPv4
creating 31-9
matching criteria 31-7
hardware and software handling 31-19
host keyword 31-11
IP
creating 31-7
fragments and QoS guidelines 33-38
implicit deny 31-9, 31-12, 31-14
implicit masks 31-9
matching criteria 31-7
undefined 31-19
IPv4
applying to interfaces 31-18
creating 31-7
matching criteria 31-7
named 31-13
numbers 31-7
terminal lines, setting on 31-17
unsupported features 31-6
MAC extended 31-22, 33-50
matching 31-7, 31-19
monitoring 31-25
named, IPv4 31-13
number per QoS class map 33-38
port 31-2
precedence of 31-2
QoS 33-8, 33-48
resequencing entries 31-13
router 31-2
standard IP, configuring for QoS classification 33-48
standard IPv4
creating 31-8
matching criteria 31-7
support for 1-10
support in hardware 31-19
time ranges 31-15
types supported 31-2
unsupported features, IPv4 31-6
active link 19-4, 19-5, 19-6
active links 19-2
active traffic monitoring, IP SLAs 32-1
address aliasing 22-2
addresses
displaying the MAC address table 5-30
dynamic
accelerated aging 16-9
changing the aging time 5-22
default aging 16-9
defined 5-20
learning 5-21
removing 5-23
IPv6 35-2
MAC, discovering 5-31
multicast, STP address management 16-9
static
adding and removing 5-27
defined 5-20
address resolution 5-31
Address Resolution Protocol
See ARP
advertisements
CDP 25-1
LLDP 26-2
VTP 13-15, 14-3, 14-4
aggregatable global unicast addresses 35-3
aggregated ports
See EtherChannel
aggregate policers 33-58
aggregate policing 1-14
aging, accelerating 16-9
aging time
accelerated
for MSTP 17-25
for STP 16-9, 16-23
MAC address table 5-22
maximum
for MSTP 17-26
for STP 16-23, 16-24
alarms, RMON 28-3
allowed-VLAN list 13-17
ARP
defined 1-6, 5-31
table
address resolution 5-31
managing 5-31
attributes, RADIUS
vendor-proprietary 9-38
vendor-specific 9-36
attribute-value pairs 10-14, 10-17, 10-22, 10-23
authentication
local mode with AAA 9-40
NTP associations 5-5
open1x 10-33
RADIUS
key 9-28
login 9-30
TACACS+
defined 9-11
key 9-13
login 9-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 10-9
authentication failed VLAN
See restricted VLAN
authentication manager
CLI commands 10-10
compatibility with older 802.1x CLI commands 10-10 to ??
overview 10-8
authoritative time source, described 5-3
authorization
with RADIUS 9-34
with TACACS+ 9-11, 9-16
authorized ports with IEEE 802.1x 10-11
autoconfiguration 3-3
auto enablement 10-34
automatic advise (auto-advise) in switch stacks 7-11
automatic copy (auto-copy) in switch stacks 7-10
automatic discovery
considerations
beyond a noncandidate device 6-8
brand new switches 6-9
connectivity 6-5
different VLANs 6-7
management VLANs 6-8
non-CDP-capable devices 6-7
noncluster-capable devices 6-7
in switch clusters 6-5
See also CDP
automatic extraction (auto-extract) in switch stacks 7-10
automatic QoS
See QoS
automatic recovery, clusters 6-10
See also HSRP
automatic upgrades (auto-upgrade) in switch stacks 7-10
auto-MDIX
configuring 12-30
described 12-29
autonegotiation
duplex mode 1-4
interface configuration guidelines 12-27
mismatches 38-12
Auto-QoS video devices 1-14
autosensing, port speed 1-4
auxiliary VLAN
See voice VLAN
availability, features 1-8
B
BackboneFast
described 18-7
disabling 18-17
enabling 18-17
support for 1-8
backup interfaces
See Flex Links
backup links 19-2
banners
configuring
login 5-20
message-of-the-day login 5-19
default configuration 5-18
when displayed 5-18
Berkeley r-tools replacement 9-52
binding database
DHCP snooping
See DHCP snooping binding database
bindings
DHCP snooping database 20-7
IP source guard 20-14
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 23-7
booting
boot loader, function of 3-2
boot process 3-2
manually 3-19
specific image 3-20
boot loader
accessing 3-21
described 3-2
environment variables 3-21
prompt 3-21
trap-door mechanism 3-2
BPDU
error-disabled state 18-3
filtering 18-3
RSTP format 17-13
BPDU filtering
described 18-3
disabling 18-15
enabling 18-15
support for 1-8
BPDU guard
described 18-2
disabling 18-14
enabling 18-14
support for 1-8
bridge protocol data unit
See BPDU
broadcast storm-control command 23-4
broadcast storms 23-1
C
cables, monitoring for unidirectional links 24-1
candidate switch
automatic discovery 6-5
defined 6-4
requirements 6-4
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility 10-9
CA trustpoint
configuring 9-49
defined 9-47
CDP
and trusted boundary 33-43
automatic discovery in switch clusters 6-5
configuring 25-2
default configuration 25-2
defined with LLDP 26-1
described 25-1
disabling for routing device 25-4
enabling and disabling
on an interface 25-4
on a switch 25-4
monitoring 25-5
overview 25-1
power negotiation extensions 12-5
support for 1-6
switch stack considerations 25-2
transmission timer and holdtime, setting 25-3
updates 25-3
CGMP
as IGMP snooping learning method 22-9
joining multicast group 22-3
CipherSuites 9-48
Cisco 7960 IP Phone 15-1
Cisco Discovery Protocol
See CDP
Cisco intelligent power management 12-5
Cisco IOS File System
See IFS
Cisco IOS IP Service Level Agreements (SLAs) responder 1-5
Cisco IOS IP SLAs 32-2
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 10-23
attribute-value pairs for redirect URL 10-22
Cisco Secure ACS configuration guide 10-67
CiscoWorks 2000 1-5, 30-4
CISP 10-34
CIST regional root
See MSTP
CIST root
See MSTP
civic location 26-3
class maps for QoS
configuring 33-51
described 33-8
displaying 33-79
class of service
See CoS
clearing interfaces 12-38
CLI
abbreviating commands 2-3
command modes 2-1
configuration logging 2-4
described 1-5
editing features
enabling and disabling 2-6
keystroke editing 2-7
wrapped lines 2-8
error messages 2-4
filtering command output 2-9
getting help 2-3
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
managing clusters 6-16
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client mode, VTP 14-3
clock
See system clock
clusters, switch
accessing 6-13
automatic discovery 6-5
automatic recovery 6-10
benefits 1-2
compatibility 6-5
described 6-1
LRE profile considerations 6-16
managing
through CLI 6-16
through SNMP 6-17
planning 6-5
planning considerations
automatic discovery 6-5
automatic recovery 6-10
CLI 6-16
host names 6-13
IP addresses 6-13
LRE profiles 6-16
passwords 6-13
RADIUS 6-16
SNMP 6-14, 6-17
switch stacks 6-14
TACACS+ 6-16
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
automatic recovery 6-12
considerations 6-11
defined 6-2
requirements 6-3
virtual IP address 6-11
See also HSRP
CNS 1-6
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-7
management functions 1-6
CoA Request Commands 9-23
Coarse Wave Division Multiplexer
See CWDM SFPs
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-3
no and default 2-4
commands, setting privilege levels 9-8
command switch
accessing 6-11
active (AC) 6-10
configuration conflicts 38-12
defined 6-2
passive (PC) 6-10
password privilege levels 6-17
priority 6-10
recovery
from command-switch failure 6-10, 38-8
from lost member connectivity 38-12
redundant 6-10
replacing
with another switch 38-11
with cluster member 38-9
requirements 6-3
standby (SC) 6-10
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
configuring 6-14, 30-8
for cluster switches 30-4
in clusters 6-14
overview 30-4
SNMP 6-14
compatibility, feature 23-12
compatibility, software
See stacks, switch
config.text 3-18
configurable leave timer, IGMP 22-6
configuration, initial
defaults 1-16
Express Setup 1-2
configuration changes, logging 29-11
configuration conflicts, recovering from lost member connectivity 38-12
configuration examples, network 1-18
configuration files
archiving A-20
clearing the startup configuration A-19
creating using a text editor A-10
default name 3-18
deleting a stored configuration A-19
described A-8
downloading
automatically 3-18
preparing A-11, A-13, A-16
reasons for A-9
using FTP A-13
using RCP A-17
using TFTP A-11
guidelines for creating and using A-9
guidelines for replacing and rolling back A-21
invalid combinations when copying A-5
limiting TFTP server access 30-16
obtaining with DHCP 3-9
password recovery disable considerations 9-5
replacing a running configuration A-19, A-20
rolling back a running configuration A-19, A-20
specifying the filename 3-18
system contact and location information 30-16
types and location A-10
uploading
preparing A-11, A-13, A-16
reasons for A-9
using FTP A-15
using RCP A-18
using TFTP A-12
configuration logger 29-11
configuration logging 2-4
configuration replacement A-19
configuration rollback A-19, A-20
configuration settings, saving 3-15
configure terminal command 12-16
configuring 802.1x user distribution 10-63
configuring port-based authentication violation modes 10-44
configuring small-frame arrival rate 23-5
conflicts, configuration 38-12
connections, secure remote 9-42
connectivity problems 38-14, 38-15, 38-17
consistency checks in VTP Version 2 14-5
console port, connecting to 2-10
control protocol, IP SLAs 32-4
corrupted software, recovery steps with Xmodem 38-2
CoS
in Layer 2 frames 33-2
override priority 15-6
trust priority 15-6
CoS input queue threshold map for QoS 33-16
CoS output queue threshold map for QoS 33-19
CoS-to-DSCP map for QoS 33-61
counters, clearing interface 12-38
CPU utilization, troubleshooting 38-28
crashinfo file 38-23
critical authentication, IEEE 802.1x 10-60
critical VLAN 10-26
critical voice VLAN
configuring 10-60
cross-stack EtherChannel
configuration guidelines 37-13
described 37-3
illustration 37-4
support for 1-8
cross-stack UplinkFast, STP
described 18-5
disabling 18-17
enabling 18-17
fast-convergence events 18-7
Fast Uplink Transition Protocol 18-6
normal-convergence events 18-7
support for 1-8
cryptographic software image
SSH 9-41
SSL 9-46
switch stack considerations 7-14
customjzeable web pages, web-based authentication 11-6
CWDM SFPs 1-23
D
DACL
See downloadable ACL
daylight saving time 5-14
debugging
enabling all system diagnostics 38-21
enabling for a specific feature 38-20
redirecting error message output 38-21
using commands 38-20
default commands 2-4
default configuration
802.1x 10-37
auto-QoS 33-22
banners 5-18
booting 3-18
CDP 25-2
DHCP 20-9
DHCP option 82 20-9
DHCP snooping 20-9
DHCP snooping binding database 20-9
DNS 5-17
dynamic ARP inspection 21-5
EtherChannel 37-11
Ethernet interfaces 12-23
Flex Links 19-8
IGMP filtering 22-24
IGMP snooping 22-7, 36-6
IGMP throttling 22-24
initial switch information 3-3
IP SLAs 32-5
IP source guard 20-16
IPv6 35-6
Layer 2 interfaces 12-23
LLDP 26-5
MAC address table 5-22
MAC address-table move update 19-8
MSTP 17-16
MVR 22-19
NTP 5-5
optional spanning-tree configuration 18-12
password and privilege level 9-2
RADIUS 9-27
RMON 28-3
RSPAN 27-11
SDM template 8-3
SNMP 30-6
SPAN 27-11
SSL 9-48
standard QoS 33-36
STP 16-13
switch stacks 7-17
system message logging 29-4
system name and prompt 5-16
TACACS+ 9-13
UDLD 24-4
VLAN, Layer 2 Ethernet interfaces 13-15
VLANs 13-7
VMPS 13-24
voice VLAN 15-3
VTP 14-9
default gateway 3-15
default web-based authentication configuration
802.1X 11-9
deleting VLANs 13-9
denial-of-service attack 23-1
description command 12-34
designing your network, examples 1-18
destination addresses
in IPv4 ACLs 31-10
destination-IP address-based forwarding, EtherChannel 37-9
destination-MAC address forwarding, EtherChannel 37-9
detecting indirect link failures, STP 18-8
device A-23
device discovery protocol 25-1, 26-1
device manager
benefits 1-2
described 1-2, 1-5
in-band management 1-7
upgrading a switch A-23
DHCP
enabling
relay agent 20-11
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-8
relay device 3-8
server side 3-6
TFTP server 3-7
example 3-10
lease options
for IP address information 3-6
for receiving the configuration file 3-6
overview 3-3
relationship to BOOTP 3-4
relay support 1-6
support for 1-6
DHCP-based autoconfiguration and image update
configuring 3-11 to 3-14
understanding 3-5 to 3-6
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 20-5
configuration guidelines 20-9
default configuration 20-9
displaying 20-14
overview 20-4
packet format, suboption
circuit ID 20-5
remote ID 20-5
remote ID suboption 20-5
DHCP server port-based address allocation
configuration guidelines 20-23
default configuration 20-23
described 20-22
displaying 20-25
enabling 20-23
reserved addresses 20-23
DHCP server port-based address assignment
support for 1-6
DHCP snooping
accepting untrusted packets form edge switch 20-3, 20-11
binding database
See DHCP snooping binding database
configuration guidelines 20-9
default configuration 20-9
displaying binding tables 20-14
message exchange process 20-4
option 82 data insertion 20-4
trusted interface 20-3
untrusted interface 20-3
untrusted messages 20-3
DHCP snooping binding database
adding bindings 20-13
binding entries, displaying 20-14
binding file
format 20-8
location 20-7
bindings 20-7
clearing agent statistics 20-13
configuration guidelines 20-10
configuring 20-13
default configuration 20-9
deleting
binding file 20-13
bindings 20-13
database agent 20-13
described 20-7
displaying 20-14
displaying status and statistics 20-14
enabling 20-13
entry 20-7
renewing database 20-13
resetting
delay value 20-13
timeout value 20-13
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 33-2
Differentiated Services Code Point 33-2
directed unicast requests 1-6
directories
changing A-4
creating and removing A-4
displaying the working A-4
discovery, clusters
See automatic discovery
DNS
and DHCP-based autoconfiguration 3-8
default configuration 5-17
displaying the configuration 5-18
in IPv6 35-3
overview 5-16
setting up 5-17
support for 1-6
domain names
DNS 5-16
VTP 14-10
Domain Name System
See DNS
downloadable ACL 10-21, 10-23, 10-67
downloading
configuration files
preparing A-11, A-13, A-16
reasons for A-9
using FTP A-13
using RCP A-17
using TFTP A-11
image files
deleting old image A-27
preparing A-25, A-29, A-33
reasons for A-23
using CMS 1-2
using FTP A-30
using HTTP 1-2, A-23
using RCP A-34
using TFTP A-26
using the device manager or Network Assistant A-23
DRP
support for 1-15
DSCP 1-13, 33-2
DSCP input queue threshold map for QoS 33-16
DSCP output queue threshold map for QoS 33-19
DSCP-to-CoS map for QoS 33-64
DSCP-to-DSCP-mutation map for QoS 33-65
DSCP transparency 33-44
DTP 1-9, 13-13
dual-action detection 37-6
dual IPv4 and IPv6 templates 35-4, 35-5
dual protocol stacks
IPv4 and IPv6 35-4
SDM templates supporting 35-5
dual-purpose uplinks
defined 12-4
LEDs 12-5
link selection 12-5, 12-25
setting the type 12-25
dynamic access ports
characteristics 13-4
configuring 13-25
defined 12-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 21-1
ARP requests, described 21-1
ARP spoofing attack 21-1
clearing
log buffer 21-16
statistics 21-16
configuration guidelines 21-6
configuring
ACLs for non-DHCP environments 21-9
in DHCP environments 21-7
log buffer 21-13
rate limit for incoming ARP packets 21-4, 21-11
default configuration 21-5
denial-of-service attacks, preventing 21-11
described 21-1
DHCP snooping binding database 21-2
displaying
ARP ACLs 21-15
configuration and operating state 21-15
log buffer 21-16
statistics 21-16
trust state and rate limit 21-15
error-disabled state for exceeding rate limit 21-4
function of 21-2
interface trust states 21-3
log buffer
clearing 21-16
configuring 21-13
displaying 21-16
logging of dropped packets, described 21-5
man-in-the middle attack, described 21-2
network security issues and interface trust states 21-3
priority of ARP ACLs and DHCP snooping entries 21-4
rate limiting of ARP packets
configuring 21-11
described 21-4
error-disabled state 21-4
statistics
clearing 21-16
displaying 21-16
validation checks, performing 21-12
dynamic auto trunking mode 13-14
dynamic desirable trunking mode 13-14
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 13-23
reconfirming 13-26
troubleshooting 13-28
types of connections 13-25
Dynamic Trunking Protocol
See DTP
E
editing features
enabling and disabling 2-6
keystrokes used 2-7
wrapped lines 2-8
elections
See stack master
ELIN location 26-3
enable password 9-3
enable secret password 9-3
encryption, CipherSuite 9-48
encryption for passwords 9-3
environment variables, function of 3-21
error-disabled state, BPDU 18-3
error messages during command entry 2-4
EtherChannel
automatic creation of 37-5, 37-7
channel groups
binding physical and logical interfaces 37-4
numbering of 37-4
configuration guidelines 37-12
configuring Layer 2 interfaces 37-13
default configuration 37-11
described 37-2
displaying status 37-20
forwarding methods 37-8, 37-15
IEEE 802.3ad, described 37-7
interaction
with STP 37-12
with VLANs 37-13
LACP
described 37-7
displaying status 37-20
hot-standby ports 37-18
interaction with other features 37-8
modes 37-7
port priority 37-19
system priority 37-18
load balancing 37-8, 37-15
PAgP
aggregate-port learners 37-16
compatibility with Catalyst 1900 37-17
described 37-5
displaying status 37-20
interaction with other features 37-7
interaction with virtual switches 37-6
learn method and priority configuration 37-16
modes 37-6
support for 1-4
with dual-action detection 37-6
port-channel interfaces
described 37-4
numbering of 37-4
port groups 12-4
stack changes, effects of 37-10
support for 1-4
EtherChannel guard
described 18-10
disabling 18-18
enabling 18-18
Ethernet management port
active link 12-21
and routing 12-21
and TFTP 12-22
configuring 12-22
default setting 12-21
described 12-21
for network management 12-21
specifying 12-22
supported features 12-21
unsupported features 12-22
Ethernet management port, internal
and routing 12-21
unsupported features 12-22
Ethernet VLANs
adding 13-8
defaults and ranges 13-7
modifying 13-8
EUI 35-3
events, RMON 28-3
examples
network configuration 1-18
expedite queue for QoS 33-78
Express Setup 1-2
See also getting started guide
extended crashinfo file 38-23
extended-range VLANs
configuration guidelines 13-11
configuring 13-10
creating 13-11
defined 13-1
extended system ID
MSTP 17-19
STP 16-4, 16-16
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 10-1
F
fa0 interface 1-7
Fa0 port
See Ethernet management port
failover support 1-8
Fast Convergence 19-3
fastethernet0 port
See Ethernet management port
Fast Uplink Transition Protocol 18-6
features, incompatible 23-12
fiber-optic, detecting unidirectional links 24-1
files
basic crashinfo
description 38-23
location 38-23
copying A-5
crashinfo, description 38-23
deleting A-5
displaying the contents of A-8
extended crashinfo
description 38-24
location 38-24
tar
creating A-6
displaying the contents of A-7
extracting A-7
image file format A-24
file system
displaying available file systems A-2
displaying file information A-3
local file system names A-1
network file system names A-5
setting the default A-3
filtering
non-IP traffic 31-22
show and more command output 2-9
filtering show and more command output 2-9
filters, IP
See ACLs, IP
flash device, number of A-1
flexible authentication ordering
configuring 10-70
overview 10-33
Flex Link Multicast Fast Convergence 19-3
Flex Links
configuration guidelines 19-8
configuring 19-9, 19-10
configuring preferred VLAN 19-12
configuring VLAN load balancing 19-11
default configuration 19-8
description 19-2
link load balancing 19-3
monitoring 19-14
VLANs 19-3
flooded traffic, blocking 23-8
flow-based packet classification 1-13
flowcharts
QoS classification 33-7
QoS egress queueing and scheduling 33-18
QoS ingress queueing and scheduling 33-15
QoS policing and marking 33-11
flowcontrol
configuring 12-29
described 12-28
forward-delay time
MSTP 17-25
STP 16-23
FTP
accessing MIB files B-4
configuration files
downloading A-13
overview A-12
preparing the server A-13
uploading A-15
image files
deleting old image A-31
downloading A-30
preparing the server A-29
uploading A-32
G
general query 19-5
Generating IGMP Reports 19-4
get-bulk-request operation 30-3
get-next-request operation 30-3, 30-4
get-request operation 30-3, 30-4
get-response operation 30-3
Gigabit modules
See SFPs
global configuration mode 2-2
global leave, IGMP 22-13
guest VLAN and 802.1x 10-24
guide mode 1-2
GUIs
See device manager and Network Assistant
H
hello time
MSTP 17-25
STP 16-22
help, for the command line 2-3
HFTM space 38-26
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 29-10
host names, in clusters 6-13
hosts, limit on dynamic ports 13-28
HP OpenView 1-5
HQATM space 38-26
HSRP
automatic cluster recovery 6-12
cluster standby group considerations 6-11
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
see HTTPS
HTTPS 9-46
configuring 9-50
self-signed certificate 9-47
HTTP secure server 9-46
Hulc Forwarding TCAM Manager
See HFTM space
Hulc QoS/ACL TCAM Manager
See HQATM space
I
ICMP
IPv6 35-3
time-exceeded messages 38-17
traceroute and 38-17
ICMP ping
executing 38-14
overview 38-14
ICMPv6 35-3
IDS appliances
and ingress RSPAN 27-21
and ingress SPAN 27-14
IEEE 802.1D
See STP
IEEE 802.1p 15-1
IEEE 802.1Q
and trunk ports 12-3
configuration limitations 13-14
encapsulation 13-13
native VLAN for untagged traffic 13-18
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3ad, PoE+ 1-15, 12-6
IEEE 802.3af
See PoE
IEEE 802.3x flow control 12-28
ifIndex values, SNMP 30-5
IFS 1-6
IGMP
configurable leave timer
described 22-6
enabling 22-11
flooded multicast traffic
controlling the length of time 22-12
disabling on an interface 22-13
global leave 22-13
query solicitation 22-13
recovering from flood mode 22-13
joining multicast group 22-3
join messages 22-3
leave processing, enabling 22-10, 36-9
leaving multicast group 22-5
queries 22-4
report suppression
described 22-6
disabling 22-15, 36-11
supported versions 22-3
support for 1-4
IGMP filtering
configuring 22-24
default configuration 22-24
described 22-23
monitoring 22-28
support for 1-4
IGMP groups
configuring filtering 22-27
setting the maximum number 22-26
IGMP Immediate Leave
configuration guidelines 22-11
described 22-5
enabling 22-10
IGMP profile
applying 22-25
configuration mode 22-24
configuring 22-25
IGMP snooping
and address aliasing 22-2
and stack changes 22-6
configuring 22-7
default configuration 22-7, 36-6
definition 22-2
enabling and disabling 22-7, 36-7
global configuration 22-7
Immediate Leave 22-5
in the switch stack 22-6
method 22-8
monitoring 22-16, 36-12
querier
configuration guidelines 22-14
configuring 22-14
supported versions 22-3
support for 1-4
VLAN configuration 22-8
IGMP throttling
configuring 22-27
default configuration 22-24
described 22-24
displaying action 22-28
Immediate Leave, IGMP 22-5
enabling 36-9
inaccessible authentication bypass 10-26
support for multiauth ports 10-26
initial configuration
defaults 1-16
Express Setup 1-2
interface
number 12-16
range macros 12-19
interface command 12-16 to ??, 12-16
interface configuration mode 2-2
interfaces
auto-MDIX, configuring 12-29
configuration guidelines
duplex and speed 12-26
configuring
procedure 12-16
counters, clearing 12-38
default configuration 12-23
described 12-34
descriptive name, adding 12-34
displaying information about 12-38
flow control 12-28
management 1-5
monitoring 12-37
naming 12-34
physical, identifying 12-15, 12-16
range of 12-17
restarting 12-39
shutting down 12-39
speed and duplex, configuring 12-27
status 12-37
supported 12-15
types of 12-1
interfaces range macro command 12-19
interface types 12-16
Internet Protocol version 6
See IPv6
inter-VLAN routing 34-1
Intrusion Detection System
See IDS appliances
inventory management TLV 26-3, 26-7
IP ACLs
for QoS classification 33-8
implicit deny 31-9, 31-12
implicit masks 31-9
named 31-13
undefined 31-19
IP addresses
128-bit 35-2
candidate or member 6-4, 6-13
classes of 34-4
cluster access 6-2
command switch 6-3, 6-11, 6-13
discovering 5-31
for IP routing 34-4
IPv6 35-2
redundant clusters 6-11
standby command switch 6-11, 6-13
See also IP information
ip igmp profile command 22-24
IP information
assigned
manually 3-15
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP phones
and QoS 15-1
automatic classification and queueing 33-21
configuring 15-4
ensuring port security with QoS 33-43
trusted boundary for QoS 33-43
IP Port Security for Static Hosts
on a Layer 2 access port 20-18
IP precedence 33-2
IP-precedence-to-DSCP map for QoS 33-62
IP protocols in ACLs 31-10
IP routing
disabling 34-4
enabling 34-4
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 32-1
IP SLAs
benefits 32-2
configuration guidelines 32-5
Control Protocol 32-4
default configuration 32-5
definition 32-1
measuring network performance 32-3
monitoring 32-6
operation 32-3
responder
described 32-4
enabling 32-6
response time 32-4
SNMP support 32-2
supported metrics 32-2
IP source guard
and 802.1x 20-17
and DHCP snooping 20-14
and EtherChannels 20-17
and port security 20-17
and private VLANs 20-17
and routed ports 20-16
and TCAM entries 20-17
and trunk interfaces 20-16
and VRF 20-17
binding configuration
automatic 20-14
manual 20-14
binding table 20-14
configuration guidelines 20-16
default configuration 20-16
described 20-14
disabling 20-18
displaying
active IP or MAC bindings 20-22
bindings 20-22
configuration 20-22
enabling 20-17, 20-18
filtering
source IP address 20-15
source IP and MAC address 20-15
on provisioned switches 20-17
source IP address filtering 20-15
source IP and MAC address filtering 20-15
static bindings
adding 20-17, 20-18
deleting 20-18
static hosts 20-18
IP traceroute
executing 38-18
overview 38-17
IP unicast routing
assigning IP addresses to Layer 3 interfaces 34-4
configuring static routes 34-5
disabling 34-4
enabling 34-4
inter-VLAN 34-1
IP addressing
classes 34-4
configuring 34-4
steps to configure 34-3
subnet mask 34-4
with SVIs 34-3
IPv4 ACLs
applying to interfaces 31-18
extended, creating 31-9
named 31-13
standard, creating 31-8
IPv4 and IPv6
dual protocol stacks 35-4
IPv6
addresses 35-2
address formats 35-2
and switch stacks 35-6
applications 35-4
assigning address 35-7
autoconfiguration 35-4
configuring static routes 35-10
default configuration 35-6
defined 35-1
forwarding 35-7
ICMP 35-3
monitoring 35-11
neighbor discovery 35-3
SDM templates 36-1
stack master functions 35-6
Stateless Autoconfiguration 35-4
supported features 35-2
J
join messages, IGMP 22-3
L
LACP
See EtherChannel
Layer 2 frames, classification with CoS 33-2
Layer 2 interfaces, default configuration 12-23
Layer 2 traceroute
and ARP 38-16
and CDP 38-16
broadcast traffic 38-15
described 38-15
IP addresses and subnets 38-16
MAC addresses and VLANs 38-16
multicast traffic 38-16
multiple devices on a port 38-16
unicast traffic 38-15
usage guidelines 38-16
Layer 3 features 1-15
Layer 3 interfaces
assigning IP addresses to 34-4
assigning IPv6 addresses to 35-7
changing from Layer 2 mode 34-4
Layer 3 packets, classification methods 33-2
LDAP 4-2
Leaking IGMP Reports 19-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-2
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 17-8
Link Layer Discovery Protocol
See CDP
link local unicast addresses 35-3
link redundancy
See Flex Links
links, unidirectional 24-1
link-state tracking
configuring 37-23
described 37-20
LLDP
configuring 26-5
characteristics 26-6
default configuration 26-5
enabling 26-6
monitoring and maintaining 26-11
overview 26-1
supported TLVs 26-2
switch stack considerations 26-2
transmission timer and holdtime, setting 26-6
LLDP-MED
configuring
procedures 26-5
TLVs 26-7
monitoring and maintaining 26-11
overview 26-1, 26-2
supported TLVs 26-2
LLDP Media Endpoint Discovery
See LLDP-MED
local SPAN 27-2
location TLV 26-3, 26-7
login authentication
with RADIUS 9-30
with TACACS+ 9-14
login banners 5-18
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-20
loop guard
described 18-11
enabling 18-19
support for 1-9
LRE profiles, considerations in switch clusters 6-16
M
MAB
See MAC authentication bypass
MAB inactivity timer
default setting 10-38
range 10-40
MAC/PHY configuration status TLV 26-2
MAC addresses
aging time 5-22
and VLAN association 5-21
building the address table 5-21
default configuration 5-22
disabling learning on a VLAN 5-30
discovering 5-31
displaying 5-30
displaying in the IP source binding table 20-22
dynamic
learning 5-21
removing 5-23
in ACLs 31-22
static
adding 5-27
allowing 5-29, 5-30
characteristics of 5-27
dropping 5-29
removing 5-28
MAC address learning 1-6
MAC address learning, disabling on a VLAN 5-30
MAC address notification, support for 1-15
MAC address-table move update
configuration guidelines 19-8
configuring 19-12
default configuration 19-8
description 19-6
monitoring 19-14
MAC address-to-VLAN mapping 13-23
MAC authentication bypass 10-40
configuring 10-63
overview 10-18
MAC extended access lists
applying to Layer 2 interfaces 31-24
configuring for QoS 33-50
creating 31-22
defined 31-22
for QoS classification 33-5
magic packet 10-30
manageability features 1-6
management access
in-band
browser session 1-7
CLI session 1-7
device manager 1-7
SNMP 1-7
out-of-band console port connection 1-7
management address TLV 26-2
management options
CLI 2-1
clustering 1-3
CNS 4-1
Network Assistant 1-2
overview 1-5
management VLAN
considerations in switch clusters 6-8
discovery through different management VLANs 6-8
mapping tables for QoS
configuring
CoS-to-DSCP 33-61
DSCP 33-61
DSCP-to-CoS 33-64
DSCP-to-DSCP-mutation 33-65
IP-precedence-to-DSCP 33-62
policed-DSCP 33-63
described 33-11
marking
action with aggregate policers 33-58
described 33-4, 33-9
matching, IPv4 ACLs 31-7
maximum aging time
MSTP 17-26
STP 16-23
maximum hop count, MSTP 17-26
maximum number of allowed devices, port-based authentication 10-40
MDA
configuration guidelines 10-13 to 10-14
described 1-11, 10-13
exceptions with authentication process 10-6
membership mode, VLAN port 13-3
member switch
automatic discovery 6-5
defined 6-2
managing 6-16
passwords 6-13
recovering from lost connectivity 38-12
requirements 6-4
See also candidate switch, cluster standby group, and standby command switch
memory consistency check errors
displaying 38-27
example 38-27
memory consistency check routines 1-5, 38-26
memory consistency integrity 1-5, 38-26
messages, to users through banners 5-18
MIBs
accessing files with FTP B-4
location of files B-4
overview 30-1
SNMP interaction with 30-4
supported B-1
mirroring traffic for analysis 27-1
mismatches, autonegotiation 38-12
module number 12-16
monitoring
access groups 31-25
cables for unidirectional links 24-1
CDP 25-5
features 1-15
Flex Links 19-14
IGMP
filters 22-28
snooping 22-16, 36-12
interfaces 12-37
IP SLAs operations 32-6
IPv4 ACL configuration 31-25
IPv6 35-11
MAC address-table move update 19-14
multicast router interfaces 22-16, 36-12
MVR 22-23
network traffic for analysis with probe 27-2
port
blocking 23-18
protection 23-18
SFP status 12-38, 38-14
speed and duplex mode 12-28
traffic flowing among switches 28-1
traffic suppression 23-18
VLANs 13-13
VMPS 13-27
VTP 14-18
mrouter Port 19-3
mrouter port 19-5
MSTP
boundary ports
configuration guidelines 17-17
described 17-6
BPDU filtering
described 18-3
enabling 18-15
BPDU guard
described 18-2
enabling 18-14
CIST, described 17-3
CIST regional root 17-3
CIST root 17-5
configuration guidelines 17-16, 18-12
configuring
forward-delay time 17-25
hello time 17-25
link type for rapid convergence 17-27
maximum aging time 17-26
maximum hop count 17-26
MST region 17-17
neighbor type 17-27
path cost 17-23
port priority 17-21
root switch 17-19
secondary root switch 17-20
switch priority 17-24
CST
defined 17-3
operations between regions 17-4
default configuration 17-16
default optional feature configuration 18-12
displaying status 17-28
enabling the mode 17-17
EtherChannel guard
described 18-10
enabling 18-18
extended system ID
effects on root switch 17-19
effects on secondary root switch 17-20
unexpected behavior 17-19
IEEE 802.1s
implementation 17-7
port role naming change 17-7
terminology 17-5
instances supported 16-10
interface state, blocking to forwarding 18-2
interoperability and compatibility among modes 16-11
interoperability with IEEE 802.1D
described 17-9
restarting migration process 17-28
IST
defined 17-3
master 17-3
operations within a region 17-3
loop guard
described 18-11
enabling 18-19
mapping VLANs to MST instance 17-18
MST region
CIST 17-3
configuring 17-17
described 17-2
hop-count mechanism 17-6
IST 17-3
supported spanning-tree instances 17-2
optional features supported 1-8
overview 17-2
Port Fast
described 18-2
enabling 18-13
preventing root switch selection 18-10
root guard
described 18-10
enabling 18-18
root switch
configuring 17-19
effects of extended system ID 17-19
unexpected behavior 17-19
shutdown Port Fast-enabled port 18-2
stack changes, effects of 17-9
status, displaying 17-28
multiauth
support for inaccessible authentication bypass 10-26
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 22-5
joining 22-3
leaving 22-5
static joins 22-10, 36-8
multicast router interfaces, monitoring 22-16, 36-12
multicast router ports, adding 22-9, 36-8
multicast storm 23-1
multicast storm-control command 23-4
multicast television application 22-18
multicast VLAN 22-17
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multiple authentication 10-15
multiple authentication mode
configuring 10-48
MVR
and address aliasing 22-20
and IGMPv3 22-20
configuration guidelines 22-20
configuring interfaces 22-21
default configuration 22-19
described 22-17
example application 22-18
modes 22-21
monitoring 22-23
multicast television application 22-18
setting global parameters 22-20
support for 1-4
N
NAC
critical authentication 10-26, 10-60
IEEE 802.1x authentication using a RADIUS server 10-65
IEEE 802.1x validation using RADIUS server 10-65
inaccessible authentication bypass 10-60
Layer 2 IEEE 802.1x validation 1-12, 10-32, 10-65
named IPv4 ACLs 31-13
NameSpace Mapper
See NSM
native VLAN
configuring 13-18
default 13-18
NEAT
configuring 10-66
overview 10-34
neighbor discovery, IPv6 35-3
Network Admission Control
See NAC
Network Assistant
benefits 1-2
described 1-5
downloading image files 1-2
guide mode 1-2
management options 1-2
managing switch stacks 7-2, 7-14
upgrading a switch A-23
wizards 1-2
network configuration examples
increasing network performance 1-19
long-distance, high-bandwidth transport 1-23
providing network services 1-19
server aggregation and Linux server cluster 1-21
small to medium-sized network 1-22
network design
performance 1-19
services 1-19
Network Edge Access Topology
See NEAT
network management
CDP 25-1
RMON 28-1
SNMP 30-1
network performance, measuring with IP SLAs 32-3
network policy TLV 26-2, 26-7
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
described 33-10
non-IP traffic filtering 31-22
nontrunking mode 13-14
normal-range VLANs 13-4
configuration guidelines 13-6
configuring 13-4
defined 13-1
NSM 4-3
NTP
associations
authenticating 5-5
defined 5-3
enabling broadcast messages 5-7
peer 5-6
server 5-6
default configuration 5-5
displaying the configuration 5-12
overview 5-3
restricting access
creating an access group 5-9
disabling NTP services per interface 5-11
source IP address, configuring 5-11
stratum 5-3
support for 1-6
synchronizing devices 5-6
time
services 5-3
synchronizing 5-3
O
OBFL
configuring 38-25
described 38-24
displaying 38-26
offline configuration for switch stacks 7-7
off mode, VTP 14-4
on-board failure logging
See OBFL
online diagnostics
overview 39-1
running tests 39-3
understanding 39-1
open1x
configuring 10-71
open1x authentication
overview 10-33
optimizing system resources 8-1
options, management 1-5
out-of-profile markdown 1-14
P
packet modification, with QoS 33-20
PAgP
See EtherChannel
passwords
default configuration 9-2
disabling recovery of 9-5
encrypting 9-3
for security 1-10
in clusters 6-13
overview 9-1
recovery of 38-3
setting
enable 9-3
enable secret 9-3
Telnet 9-6
with usernames 9-7
VTP domain 14-10
path cost
MSTP 17-23
STP 16-20
PC (passive command switch) 6-10
performance, network design 1-19
performance features 1-4
persistent self-signed certificate 9-47
per-user ACLs and Filter-Ids 10-9
per-VLAN spanning-tree plus
See PVST+
physical ports 12-2
PIM-DVMRP, as snooping method 22-8
ping
character output description 38-15
executing 38-14
overview 38-14
PoE
auto mode 12-7
CDP with power consumption, described 12-5
CDP with power negotiation, described 12-5
Cisco intelligent power management 12-5
configuring 12-30
cutoff power
determining 12-8
cutoff-power
support for 12-8
devices supported 12-5
high-power devices operating in low-power mode 12-6
IEEE power classification levels 12-6
monitoring 12-8
monitoring power 12-33
policing power consumption 12-33
policing power usage 12-8
power budgeting 12-31
power consumption 12-9, 12-31
powered-device detection and initial power allocation 12-6
power management modes 12-7
power monitoring 12-8
power negotiation extensions to CDP 12-5
power sensing 12-8
standards supported 12-5
static mode 12-7
total available power 12-10
troubleshooting 38-13
PoE+ 1-15, 12-5, 12-6, 12-30
policed-DSCP map for QoS 33-63
policers
configuring
for each matched traffic class 33-53
for more than one traffic class 33-58
described 33-4
displaying 33-79
number of 33-39
types of 33-10
policing
described 33-4
token-bucket algorithm 33-10
policy maps for QoS
characteristics of 33-53
described 33-8
displaying 33-80
nonhierarchical on physical ports
described 33-10
port ACLs
defined 31-2
types of 31-3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 10-17
authentication server
defined 10-3, 11-2
RADIUS server 10-3
client, defined 10-3, 11-2
configuration guidelines 10-38, 11-9
configuring
802.1x authentication 10-45
guest VLAN 10-57
host mode 10-48
inaccessible authentication bypass 10-60
manual re-authentication of a client 10-50
periodic re-authentication 10-49
quiet period 10-51
RADIUS server 10-47, 11-13
RADIUS server parameters on the switch 10-46, 11-11
restricted VLAN 10-58
switch-to-client frame-retransmission number 10-53, 10-54
switch-to-client retransmission time 10-51
violation modes 10-44
default configuration 10-37, 11-9
described 10-1
device roles 10-3, 11-2
displaying statistics 10-73, 11-17
downloadable ACLs and redirect URLs
configuring 10-67 to 10-69, ?? to 10-70
overview 10-21 to 10-23
EAPOL-start frame 10-6
EAP-request/identity frame 10-6
EAP-response/identity frame 10-6
enabling
802.1X authentication 11-11
encapsulation 10-3
flexible authentication ordering
configuring 10-70
overview 10-33
guest VLAN
configuration guidelines 10-24, 10-25
described 10-24
host mode 10-13
inaccessible authentication bypass
configuring 10-60
described 10-26
guidelines 10-39
initiation and message exchange 10-6
magic packet 10-30
maximum number of allowed devices per port 10-40
method lists 10-45
multiple authentication 10-15
per-user ACLs
configuration tasks 10-21
described 10-20
RADIUS server attributes 10-20
ports
authorization state and dot1x port-control command 10-11
authorized and unauthorized 10-11
voice VLAN 10-28
port security
and voice VLAN 10-29
described 10-29
interactions 10-29
multiple-hosts mode 10-13
readiness check
configuring 10-40
described 10-18, 10-40
resetting to default values 10-72
stack changes, effects of 10-12
statistics, displaying 10-73
switch
as proxy 10-3, 11-2
RADIUS client 10-3
switch supplicant
configuring 10-66
overview 10-34
user distribution
guidelines 10-32
overview 10-31
VLAN assignment
AAA authorization 10-45
characteristics 10-19
configuration tasks 10-20
described 10-19
voice aware 802.1x security
configuring 10-42
described 10-33, 10-42
voice VLAN
described 10-28
PVID 10-28
VVID 10-28
wake-on-LAN, described 10-30
with ACLs and RADIUS Filter-Id attribute 10-35
port-based authentication methods, supported 10-8
port blocking 1-4, 23-7
port-channel
See EtherChannel
port description TLV 26-2
Port Fast
described 18-2
enabling 18-13
mode, spanning tree 13-24
support for 1-8
port membership modes, VLAN 13-3
port priority
MSTP 17-21
STP 16-18
ports
access 12-3
blocking 23-7
dual-purpose uplink 12-4
dynamic access 13-4
protected 23-6
secure 23-9
static-access 13-3, 13-9
switch 12-2
trunks 13-3, 13-13
VLAN assignments 13-9
port security
aging 23-16
and QoS trusted boundary 33-43
and stacking 23-18
configuring 23-13
default configuration 23-11
described 23-8
displaying 23-18
on trunk ports 23-14
sticky learning 23-9
violations 23-10
with other features 23-11
port-shutdown response, VMPS 13-23
port VLAN ID TLV 26-2
power management TLV 26-3, 26-7
Power over Ethernet
See PoE
preemption, default configuration 19-8
preemption delay, default configuration 19-8
preferential treatment of traffic
See QoS
preventing unauthorized access 9-1
primary links 19-2
priority
overriding CoS 15-6
trusting CoS 15-6
private VLAN edge ports
See protected ports
privileged EXEC mode 2-2
privilege levels
changing the default for lines 9-9
command switch 6-17
exiting 9-10
logging into 9-10
mapping on member switches 6-17
overview 9-2, 9-8
setting a command with 9-8
protected ports 1-10, 23-6
provisioned switches and IP source guard 20-17
provisioning new members for a switch stack 7-7
proxy reports 19-4
pruning, VTP
disabling
in VTP domain 14-16
on a port 13-18
enabling
in VTP domain 14-16
on a port 13-18
examples 14-7
overview 14-6
pruning-eligible list
changing 13-18
for VTP pruning 14-6
VLANs 14-16
PVST+
described 16-10
IEEE 802.1Q trunking interoperability 16-11
instances supported 16-10
Q
QoS
and MQC commands 33-1
auto-QoS
categorizing traffic 33-22
configuration and defaults display 33-35
configuration guidelines 33-32
described 33-21
disabling 33-34
displaying generated commands 33-34
displaying the initial configuration 33-35
effects on running configuration 33-32
list of generated commands 33-25
basic model 33-4
classification
class maps, described 33-8
defined 33-4
DSCP transparency, described 33-44
flowchart 33-7
forwarding treatment 33-3
in frames and packets 33-3
IP ACLs, described 33-6, 33-8
MAC ACLs, described 33-5, 33-8
options for IP traffic 33-6
options for non-IP traffic 33-5
policy maps, described 33-8
trust DSCP, described 33-5
trusted CoS, described 33-5
trust IP precedence, described 33-5
class maps
configuring 33-51
displaying 33-79
configuration guidelines
auto-QoS 33-32
standard QoS 33-38
configuring
aggregate policers 33-58
auto-QoS 33-21
default port CoS value 33-42
DSCP maps 33-61
DSCP transparency 33-44
DSCP trust states bordering another domain 33-45
egress queue characteristics 33-72
ingress queue characteristics 33-67
IP extended ACLs 33-49
IP standard ACLs 33-48
MAC ACLs 33-50
port trust states within the domain 33-40
trusted boundary 33-43
default auto configuration 33-22
default standard configuration 33-36
displaying statistics 33-79
DSCP transparency 33-44
egress queues
allocating buffer space 33-72
buffer allocation scheme, described 33-18
configuring shaped weights for SRR 33-76
configuring shared weights for SRR 33-77
described 33-4
displaying the threshold map 33-75
flowchart 33-18
mapping DSCP or CoS values 33-74
scheduling, described 33-4
setting WTD thresholds 33-72
WTD, described 33-19
enabling globally 33-40
flowcharts
classification 33-7
egress queueing and scheduling 33-18
ingress queueing and scheduling 33-15
policing and marking 33-11
implicit deny 33-8
ingress queues
allocating bandwidth 33-70
allocating buffer space 33-69
buffer and bandwidth allocation, described 33-16
configuring shared weights for SRR 33-70
configuring the priority queue 33-71
described 33-4
displaying the threshold map 33-68
flowchart 33-15
mapping DSCP or CoS values 33-67
priority queue, described 33-17
scheduling, described 33-4
setting WTD thresholds 33-67
WTD, described 33-16
IP phones
automatic classification and queueing 33-21
detection and trusted settings 33-21, 33-43
limiting bandwidth on egress interface 33-78
mapping tables
CoS-to-DSCP 33-61
displaying 33-80
DSCP-to-CoS 33-64
DSCP-to-DSCP-mutation 33-65
IP-precedence-to-DSCP 33-62
policed-DSCP 33-63
types of 33-11
marked-down actions 33-56
marking, described 33-4, 33-9
overview 33-2
packet modification 33-20
policers
configuring 33-56, 33-59
described 33-9
displaying 33-79
number of 33-39
types of 33-10
policies, attaching to an interface 33-9
policing
described 33-4, 33-9
token bucket algorithm 33-10
policy maps
characteristics of 33-53
displaying 33-80
nonhierarchical on physical ports 33-53
QoS label, defined 33-4
queues
configuring egress characteristics 33-72
configuring ingress characteristics 33-67
high priority (expedite) 33-20, 33-78
location of 33-12
SRR, described 33-14
WTD, described 33-13
rewrites 33-20
support for 1-13
trust states
bordering another domain 33-45
described 33-5
trusted device 33-43
within the domain 33-40
quality of service
See QoS
queries, IGMP 22-4
query solicitation, IGMP 22-13
R
RADIUS
attributes
vendor-proprietary 9-38
vendor-specific 9-36
configuring
accounting 9-35
authentication 9-30
authorization 9-34
communication, global 9-28, 9-36
communication, per-server 9-27, 9-28
multiple UDP ports 9-28
default configuration 9-27
defining AAA server groups 9-32
displaying the configuration 9-40
identifying the server 9-27
in clusters 6-16
limiting the services to the user 9-34
method list, defined 9-27
operation of 9-20
overview 9-18
server load balancing 9-40
suggested network environments 9-19
support for 1-12
tracking services accessed by user 9-35
RADIUS Change of Authorization 9-20
range
macro 12-19
of interfaces 12-17
rapid convergence 17-11
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 16-10
IEEE 802.1Q trunking interoperability 16-11
instances supported 16-10
Rapid Spanning Tree Protocol
See RSTP
rcommand command 6-16
RCP
configuration files
downloading A-17
overview A-15
preparing the server A-16
uploading A-18
image files
deleting old image A-36
downloading A-34
preparing the server A-33
uploading A-36
readiness check
port-based authentication
configuring 10-40
described 10-18, 10-40
reconfirmation interval, VMPS, changing 13-26
reconfirming dynamic VLAN membership 13-26
recovery procedures 38-1
redirect URL 10-21, 10-22, 10-67
redundancy
EtherChannel 37-3
STP
backbone 16-8
multidrop backbone 18-5
path cost 13-21
port priority 13-19
redundant links and UplinkFast 18-16
reloading software 3-22
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 27-3
report suppression, IGMP
described 22-6
disabling 22-15, 36-11
resequencing ACL entries 31-13
reserved addresses in DHCP pools 20-23
resetting a UDLD-shutdown interface 24-6
responder, IP SLAs
described 32-4
enabling 32-6
response time, measuring with IP SLAs 32-4
restricted VLAN
configuring 10-58
described 10-25
using with IEEE 802.1x 10-25
restricting access
NTP services 5-9
overview 9-1
passwords and privilege levels 9-2
RADIUS 9-18
TACACS+ 9-10
retry count, VMPS, changing 13-27
RFC
1112, IP multicast and IGMP 22-2
1157, SNMPv1 30-2
1166, IP addresses 34-4
1305, NTP 5-3
1757, RMON 28-2
1901, SNMPv2C 30-2
1902 to 1907, SNMPv2 30-2
2236, IP multicast and IGMP 22-2
2273-2275, SNMPv3 30-2
RFC 5176 Compliance 9-21
RMON
default configuration 28-3
displaying status 28-6
enabling alarms and events 28-3
groups supported 28-2
overview 28-1
statistics
collecting group Ethernet 28-5
collecting group history 28-5
support for 1-15
root guard
described 18-10
enabling 18-18
support for 1-8
root switch
MSTP 17-19
STP 16-16
router ACLs
defined 31-2
types of 31-4
RSPAN
and stack changes 27-10
characteristics 27-9
configuration guidelines 27-17
default configuration 27-11
defined 27-3
destination ports 27-8
displaying status 27-24
in a switch stack 27-3
interaction with other features 27-9
monitored ports 27-6
monitoring ports 27-8
overview 1-15, 27-1
received traffic 27-5
sessions
creating 27-18
defined 27-4
limiting source traffic to specific VLANs 27-23
specifying monitored ports 27-18
with ingress traffic enabled 27-21
source ports 27-6
transmitted traffic 27-6
VLAN-based 27-7
RSTP
active topology 17-10
BPDU
format 17-13
processing 17-14
designated port, defined 17-10
designated switch, defined 17-10
interoperability with IEEE 802.1D
described 17-9
restarting migration process 17-28
topology changes 17-14
overview 17-10
port roles
described 17-10
synchronized 17-12
proposal-agreement handshake process 17-11
rapid convergence
cross-stack rapid convergence 17-11
described 17-11
edge ports and Port Fast 17-11
point-to-point links 17-11, 17-27
root ports 17-11
root port, defined 17-10
See also MSTP
running configuration
replacing A-19, A-20
rolling back A-19, A-20
running configuration, saving 3-15
S
SC (standby command switch) 6-10
scheduled reloads 3-22
SCP
and SSH 9-52
configuring 9-53
SDM
templates
configuring 8-4
number of 8-1
SDM template
configuration guidelines 8-3
configuring 8-3
types of 8-1
Secure Copy Protocol
secure HTTP client
configuring 9-51
displaying 9-52
secure HTTP server
configuring 9-50
displaying 9-52
secure MAC addresses
and switch stacks 23-18
deleting 23-15
maximum number of 23-10
types of 23-9
secure ports
and switch stacks 23-18
secure ports, configuring 23-9
secure remote connections 9-42
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 23-8
security features 1-10
See SCP
sequence numbers in log messages 29-8
server mode, VTP 14-3
service-provider network, MSTP and RSTP 17-1
set-request operation 30-4
setup program
failed command switch replacement 38-11
replacing failed command switch 38-9
severity levels, defining in system messages 29-9
SFPs
monitoring status of 12-38, 38-14
security and identification 38-13
status, displaying 38-14
shaped round robin
See SRR
show access-lists hw-summary command 31-19
show and more command output, filtering 2-9
show cdp traffic command 25-6
show cluster members command 6-16
show configuration command 12-34
show forward command 38-22
show interfaces command 12-28, 12-34
show interfaces switchport 19-4
show lldp traffic command 26-11
show platform forward command 38-22
show platform tcam command 38-26, 38-27
show running-config command
displaying ACLs 31-17, 31-18
interface description in 12-34
shutdown command on interfaces 12-39
Simple Network Management Protocol
See SNMP
small form-factor pluggable modules
See SFPs
small-frame arrival rate, configuring 23-5
SNAP 25-1
SNMP
accessing MIB variables with 30-4
agent
described 30-4
disabling 30-7
and IP SLAs 32-2
authentication level 30-10
community strings
configuring 30-8
for cluster switches 30-4
overview 30-4
configuration examples 30-17
default configuration 30-6
engine ID 30-7
groups 30-7, 30-9
host 30-7
ifIndex values 30-5
in-band management 1-7
in clusters 6-14
informs
and trap keyword 30-12
described 30-5
differences from traps 30-5
disabling 30-15
enabling 30-15
limiting access by TFTP servers 30-16
limiting system log messages to NMS 29-10
manager functions 1-5, 30-3
managing clusters with 6-17
MIBs
location of B-4
supported B-1
notifications 30-5
overview 30-1, 30-4
security levels 30-3
setting CPU threshold notification 30-15
status, displaying 30-18
system contact and location 30-16
trap manager, configuring 30-13
traps
described 30-3, 30-5
differences from informs 30-5
disabling 30-15
enabling 30-12
enabling MAC address notification 5-23, 5-25, 5-26
overview 30-1, 30-4
types of 30-12
users 30-7, 30-9
versions supported 30-2
SNMP and Syslog Over IPv6 35-5
SNMPv1 30-2
SNMPv2C 30-2
SNMPv3 30-2
snooping, IGMP 22-2
software compatibility
See stacks, switch
software images
location in flash A-24
recovery procedures 38-2
scheduling reloads 3-23
tar file format, described A-24
See also downloading and uploading
source addresses
in IPv4 ACLs 31-10
source-and-destination-IP address based forwarding, EtherChannel 37-9
source-and-destination MAC address forwarding, EtherChannel 37-9
source-IP address based forwarding, EtherChannel 37-9
source-MAC address forwarding, EtherChannel 37-8
SPAN
and stack changes 27-10
configuration guidelines 27-11
default configuration 27-11
destination ports 27-8
displaying status 27-24
interaction with other features 27-9
monitored ports 27-6
monitoring ports 27-8
overview 1-15, 27-1
ports, restrictions 23-12
received traffic 27-5
sessions
configuring ingress forwarding 27-15, 27-22
creating 27-12
defined 27-4
limiting source traffic to specific VLANs 27-16
removing destination (monitoring) ports 27-13
specifying monitored ports 27-12
with ingress traffic enabled 27-14
source ports 27-6
transmitted traffic 27-6
VLAN-based 27-7
spanning tree and native VLANs 13-14
Spanning Tree Protocol
See STP
SPAN traffic 27-5
SRR
configuring
shaped weights on egress queues 33-76
shared weights on egress queues 33-77
shared weights on ingress queues 33-70
described 33-14
shaped mode 33-14
shared mode 33-14
support for 1-14
SSH
configuring 9-43
cryptographic software image 9-41
described 1-7, 9-42
encryption methods 9-42
switch stack considerations 7-14
user authentication methods, supported 9-42
SSL
configuration guidelines 9-49
configuring a secure HTTP client 9-51
configuring a secure HTTP server 9-50
cryptographic software image 9-46
described 9-46
monitoring 9-52
stack, switch
MAC address of 7-6, 7-17
stack changes, effects on
802.1x port-based authentication 10-12
ACL configuration 31-6
CDP 25-2
cross-stack EtherChannel 37-13
EtherChannel 37-10
IGMP snooping 22-6
IP routing 34-3
MAC address tables 5-22
MSTP 17-9
MVR 22-17
port security 23-18
SDM template selection 8-2
SNMP 30-1
SPAN and RSPAN 27-10
STP 16-12
switch clusters 6-14
system message log 29-2
VLANs 13-6
VTP 14-8
stack master
bridge ID (MAC address) 7-6
defined 7-1
election 7-5
IPv6 35-6
See also stacks, switch
stack member
accessing CLI of specific member 7-21
configuring
member number 7-19
priority value 7-20
defined 7-1
displaying information of 7-22
number 7-6
priority value 7-7
provisioning a new member 7-20
replacing 7-13
See also stacks, switch
stack member number 12-16
stack protocol version 7-9
stacks, switch
accessing CLI of specific member 7-21
assigning information
member number 7-19
priority value 7-20
provisioning a new member 7-20
auto-advise 7-11
auto-copy 7-10
auto-extract 7-10
auto-upgrade 7-10
bridge ID 7-6
CDP considerations 25-2
compatibility, software 7-9
configuration file 7-13
configuration scenarios 7-15
copying an image file from one member to another A-37
default configuration 7-17
description of 7-1
displaying information of 7-22
enabling persistent MAC address timer 7-17
in clusters 6-14
incompatible software and image upgrades 7-13, A-37
IPv6 on 35-6
MAC address considerations 5-22
management connectivity 7-14
managing 7-1
membership 7-3
merged 7-3
MSTP instances supported 16-10
offline configuration
described 7-7
effects of adding a provisioned switch 7-7
effects of removing a provisioned switch 7-9
effects of replacing a provisioned switch 7-9
provisioned configuration, defined 7-7
provisioned switch, defined 7-7
provisioning a new member 7-20
partitioned 7-3, 38-8
provisioned switch
adding 7-7
removing 7-9
replacing 7-9
replacing a failed member 7-13
software compatibility 7-9
software image version 7-9
stack protocol version 7-9
STP
bridge ID 16-3
instances supported 16-10
root port selection 16-3
stack root switch election 16-3
system messages
hostnames in the display 29-1
remotely monitoring 29-2
system prompt consideration 5-15
system-wide configuration considerations 7-13
upgrading A-37
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 7-10
examples 7-11
manual upgrades with auto-advise 7-11
upgrades with auto-extract 7-10
version-mismatch mode
described 7-10
See also stack master and stack member
standby command switch
configuring
considerations 6-11
defined 6-2
priority 6-10
requirements 6-3
virtual IP address 6-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby links 19-2
startup configuration
booting
manually 3-19
specific image 3-20
clearing A-19
configuration file
automatically downloading 3-18
specifying the filename 3-18
default boot configuration 3-18
static access ports
assigning to VLAN 13-9
defined 12-3, 13-3
static addresses
See addresses
static MAC addressing 1-10
static routes
configuring 34-5
configuring for IPv6 35-10
static VLAN membership 13-2
statistics
802.1X 11-17
802.1x 10-73
CDP 25-5
interface 12-38
LLDP 26-11
LLDP-MED 26-11
NMSP 26-11
QoS ingress and egress 33-79
RMON group Ethernet 28-5
RMON group history 28-5
SNMP input and output 30-18
VTP 14-18
sticky learning 23-9
storm control
configuring 23-3
described 23-1
disabling 23-5
displaying 23-18
support for 1-4
thresholds 23-2
STP
accelerating root port selection 18-4
BackboneFast
described 18-7
disabling 18-17
enabling 18-17
BPDU filtering
described 18-3
disabling 18-15
enabling 18-15
BPDU guard
described 18-2
disabling 18-14
enabling 18-14
BPDU message exchange 16-3
configuration guidelines 16-13, 18-12
configuring
forward-delay time 16-23
hello time 16-22
maximum aging time 16-23
path cost 16-20
port priority 16-18
root switch 16-16
secondary root switch 16-18
spanning-tree mode 16-15
switch priority 16-21
transmit hold-count 16-24
counters, clearing 16-24
cross-stack UplinkFast
described 18-5
enabling 18-17
default configuration 16-13
default optional feature configuration 18-12
designated port, defined 16-4
designated switch, defined 16-4
detecting indirect link failures 18-8
disabling 16-16
displaying status 16-24
EtherChannel guard
described 18-10
disabling 18-18
enabling 18-18
extended system ID
effects on root switch 16-16
effects on the secondary root switch 16-18
overview 16-4
unexpected behavior 16-16
features supported 1-8
IEEE 802.1D and bridge ID 16-4
IEEE 802.1D and multicast addresses 16-9
IEEE 802.1t and VLAN identifier 16-5
inferior BPDU 16-3
instances supported 16-10
interface state, blocking to forwarding 18-2
interface states
blocking 16-6
disabled 16-7
forwarding 16-6, 16-7
learning 16-7
listening 16-7
overview 16-5
interoperability and compatibility among modes 16-11
limitations with IEEE 802.1Q trunks 16-11
load sharing
overview 13-19
using path costs 13-21
using port priorities 13-19
loop guard
described 18-11
enabling 18-19
modes supported 16-10
multicast addresses, effect of 16-9
optional features supported 1-8
overview 16-2
path costs 13-21, 13-22
Port Fast
described 18-2
enabling 18-13
port priorities 13-20
preventing root switch selection 18-10
protocols supported 16-10
redundant connectivity 16-8
root guard
described 18-10
enabling 18-18
root port, defined 16-3
root port selection on a switch stack 16-3
root switch
configuring 16-16
effects of extended system ID 16-4, 16-16
election 16-3
unexpected behavior 16-16
shutdown Port Fast-enabled port 18-2
stack changes, effects of 16-12
status, displaying 16-24
superior BPDU 16-3
timers, described 16-22
UplinkFast
described 18-3
enabling 18-16
stratum, NTP 5-3
subnet mask 34-4
success response, VMPS 13-23
summer time 5-14
SunNet Manager 1-5
supported port-based authentication methods 10-8
SVIs
and IP unicast routing 34-3
and router ACLs 31-4
connecting VLANs 12-10
defined 12-4
switch 35-2
switch clustering technology 6-1
See also clusters, switch
switch console port 1-7
Switch Database Management
See SDM
Switched Port Analyzer
See SPAN
switched ports 12-2
switchport backup interface 19-4, 19-5
switchport block multicast command 23-8
switchport block unicast command 23-8
switchport protected command 23-7
switch priority
MSTP 17-24
STP 16-21
switch software features 1-1
switch virtual interface
See SVI
syslog
See system message logging
system capabilities TLV 26-2
system clock
configuring
daylight saving time 5-14
manually 5-12
summer time 5-14
time zones 5-13
displaying the time and date 5-13
overview 5-2
See also NTP
system description TLV 26-2
system message logging
default configuration 29-4
defining error message severity levels 29-9
disabling 29-4
displaying the configuration 29-14
enabling 29-5
facility keywords, described 29-14
level keywords, described 29-10
limiting messages 29-10
message format 29-2
overview 29-1
sequence numbers, enabling and disabling 29-8
setting the display destination device 29-5
stack changes, effects of 29-2
synchronizing log messages 29-6
syslog facility 1-15
time stamps, enabling and disabling 29-8
UNIX syslog servers
configuring the daemon 29-13
configuring the logging facility 29-13
facilities supported 29-14
system name
default configuration 5-16
default setting 5-16
manual configuration 5-16
See also DNS
system name TLV 26-2
system prompt, default setting 5-15, 5-16
system resources, optimizing 8-1
T
TACACS+
accounting, defined 9-11
authentication, defined 9-11
authorization, defined 9-11
configuring
accounting 9-17
authentication key 9-13
authorization 9-16
login authentication 9-14
default configuration 9-13
displaying the configuration 9-18
identifying the server 9-13
in clusters 6-16
limiting the services to the user 9-16
operation of 9-12
overview 9-10
support for 1-12
tracking services accessed by user 9-17
tar files
creating A-6
displaying the contents of A-7
extracting A-7
image file format A-24
TCAM
memory consistency check errors
displaying 38-27
example 38-27
memory consistency check routines 1-5, 38-26
memory consistency integrity 1-5, 38-26
portions 38-27
space
HFTM 38-26
HQATM 38-26
unassigned 38-26
TDR 1-16
Telnet
accessing management interfaces 2-10
number of connections 1-7
setting a password 9-6
temporary self-signed certificate 9-47
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 9-6
ternary content addressable memory
See TCAM
TFTP
configuration files
downloading A-11
preparing the server A-11
uploading A-12
configuration files in base directory 3-7
configuring for autoconfiguration 3-7
image files
deleting A-27
downloading A-26
preparing the server A-25
uploading A-28
limiting access by servers 30-16
TFTP server 1-6
threshold, traffic level 23-2
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 31-15
time ranges in ACLs 31-15
time stamps in log messages 29-8
time zones 5-13
TLVs
defined 26-2
LLDP 26-2
LLDP-MED 26-2
Token Ring VLANs
support for 13-5
VTP support 14-5
ToS 1-13
traceroute, Layer 2
and ARP 38-16
and CDP 38-16
broadcast traffic 38-15
described 38-15
IP addresses and subnets 38-16
MAC addresses and VLANs 38-16
multicast traffic 38-16
multiple devices on a port 38-16
unicast traffic 38-15
usage guidelines 38-16
traceroute command 38-18
See also IP traceroute
traffic
blocking flooded 23-8
fragmented 31-4
unfragmented 31-4
traffic policing 1-14
traffic suppression 23-2
transmit hold-count
see STP
transparent mode, VTP 14-4
trap-door mechanism 3-2
traps
configuring MAC address notification 5-23, 5-25, 5-26
configuring managers 30-12
defined 30-3
enabling 5-23, 5-25, 5-26, 30-12
notification types 30-12
overview 30-1, 30-4
troubleshooting
connectivity problems 38-14, 38-15, 38-17
CPU utilization 38-28
detecting unidirectional links 24-1
displaying crash information 38-23
setting packet forwarding 38-22
SFP security and identification 38-13
show forward command 38-22
with CiscoWorks 30-4
with debug commands 38-20
with ping 38-14
with system message logging 29-1
with traceroute 38-17
trunk failover
See link-state tracking
trunking encapsulation 1-9
trunk ports
configuring 13-16
defined 12-3, 13-3
trunks
allowed-VLAN list 13-17
load sharing
setting STP path costs 13-21
using STP port priorities 13-19, 13-20
native VLAN for untagged traffic 13-18
parallel 13-21
pruning-eligible list 13-18
to non-DTP device 13-13
trusted boundary for QoS 33-43
trusted port states
between QoS domains 33-45
classification options 33-5
ensuring port security for IP phones 33-43
support for 1-13
within a QoS domain 33-40
trustpoints, CA 9-46
twisted-pair Ethernet, detecting unidirectional links 24-1
type of service
See ToS
U
UDLD
configuration guidelines 24-4
default configuration 24-4
disabling
globally 24-5
on fiber-optic interfaces 24-5
per interface 24-6
echoing detection mechanism 24-3
enabling
globally 24-5
per interface 24-6
link-detection mechanism 24-1
neighbor database 24-2
overview 24-1
resetting an interface 24-6
status, displaying 24-7
support for 1-8
unauthorized ports with IEEE 802.1x 10-11
unicast MAC address filtering 1-6
and adding static addresses 5-28
and broadcast MAC addresses 5-28
and CPU packets 5-28
and multicast addresses 5-28
and router MAC addresses 5-28
configuration guidelines 5-28
described 5-28
unicast storm 23-1
unicast storm control command 23-4
unicast traffic, blocking 23-8
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 29-13
facilities supported 29-14
message logging configuration 29-13
unrecognized Type-Length-Value (TLV) support 14-5
upgrading a Catalyst 2950 switch
configuration compatibility issues D-1
differences in configuration commands D-1
feature behavior incompatibilities D-5
incompatible command messages D-1
recommendations D-1
upgrading software images
See downloading
UplinkFast
described 18-3
disabling 18-16
enabling 18-16
support for 1-8
uploading
configuration files
preparing A-11, A-13, A-16
reasons for A-9
using FTP A-15
using RCP A-18
using TFTP A-12
image files
preparing A-25, A-29, A-33
reasons for A-23
using FTP A-32
using RCP A-36
using TFTP A-28
USB mini-Type B console port 12-11
USB Type A port 1-8
user EXEC mode 2-2
username-based authentication 9-7
V
version-dependent transparent mode 14-5
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 7-10
manual upgrades with auto-advise 7-11
upgrades with auto-extract 7-10
version-mismatch mode
described 7-10
virtual IP address
cluster standby group 6-11
command switch 6-11
virtual switches and PAgP 37-6
vlan.dat file 13-4
VLAN 1, disabling on a trunk port 13-17
VLAN 1 minimization 13-17
vlan-assignment response, VMPS 13-23
VLAN configuration
at bootup 13-7
saving 13-7
VLAN configuration mode 2-2
VLAN database
and startup configuration file 13-7
and VTP 14-1
VLAN configuration saved in 13-7
VLANs saved in 13-4
VLAN filtering and SPAN 27-7
vlan global configuration command 13-6
VLAN ID, discovering 5-31
VLAN load balancing on flex links 19-3
configuration guidelines 19-8
VLAN management domain 14-2
VLAN Management Policy Server
See VMPS
VLAN membership
confirming 13-26
modes 13-3
VLAN Query Protocol
See VQP
VLANs
adding 13-8
adding to VLAN database 13-8
aging dynamic addresses 16-9
allowed on trunk 13-17
and spanning-tree instances 13-3, 13-6, 13-11
configuration guidelines, extended-range VLANs 13-11
configuration guidelines, normal-range VLANs 13-6
configuring 13-1
configuring IDs 1006 to 4094 13-11
connecting through SVIs 12-10
creating 13-8
default configuration 13-7
deleting 13-9
described 12-2, 13-1
displaying 13-13
extended-range 13-1, 13-10
features 1-9
illustrated 13-2
in the switch stack 13-6
limiting source traffic with RSPAN 27-23
limiting source traffic with SPAN 27-16
modifying 13-8
multicast 22-17
native, configuring 13-18
normal-range 13-1, 13-4
number supported 1-9
parameters 13-5
port membership modes 13-3
static-access ports 13-9
STP and IEEE 802.1Q trunks 16-11
supported 13-2
Token Ring 13-5
traffic between 13-2
VTP modes 14-3
VLAN Trunking Protocol
See VTP
VLAN trunks 13-13
VMPS
administering 13-27
configuration example 13-28
configuration guidelines 13-24
default configuration 13-24
description 13-22
dynamic port membership
described 13-23
reconfirming 13-26
troubleshooting 13-28
entering server address 13-25
mapping MAC addresses to VLANs 13-23
monitoring 13-27
reconfirmation interval, changing 13-26
reconfirming membership 13-26
retry count, changing 13-27
voice aware 802.1x security
port-based authentication
configuring 10-42
described 10-33, 10-42
voice-over-IP 15-1
voice VLAN
Cisco 7960 phone, port connections 15-1
configuration guidelines 15-3
configuring IP phones for data traffic
override CoS of incoming frame 15-6
trust CoS priority of incoming frame 15-6
configuring ports for voice traffic in
802.1p priority tagged frames 15-5
802.1Q frames 15-5
connecting to an IP phone 15-4
default configuration 15-3
described 15-1
displaying 15-7
IP phone data traffic, described 15-2
IP phone voice traffic, described 15-2
VQP 1-9, 13-22
VTP
adding a client to a domain 14-17
advertisements 13-15, 14-4
and extended-range VLANs 13-2, 14-2
and normal-range VLANs 13-2, 14-2
client mode, configuring 14-13
configuration
guidelines 14-9
requirements 14-11
saving 14-9
configuration requirements 14-11
configuration revision number
guideline 14-17
resetting 14-17
consistency checks 14-5
default configuration 14-9
described 14-1
domain names 14-10
domains 14-2
modes
client 14-3
off 14-4
server 14-3
transitions 14-3
transparent 14-4
monitoring 14-18
passwords 14-10
pruning
disabling 14-16
enabling 14-16
examples 14-7
overview 14-6
support for 1-9
pruning-eligible list, changing 13-18
server mode, configuring 14-11, 14-14
statistics 14-18
support for 1-9
Token Ring support 14-5
transparent mode, configuring 14-12
using 14-1
Version
enabling 14-15
version, guidelines 14-10
Version 1 14-5
Version 2
configuration guidelines 14-10
overview 14-5
Version 3
overview 14-5
W
web authentication 10-18
configuring 11-16 to ??
described 1-10
web-based authentication
customizeable web pages 11-6
description 11-1
web-based authentication, interactions with other features 11-7
weighted tail drop
See WTD
wired location service
configuring 26-9
displaying 26-11
location TLV 26-3
understanding 26-3
wizards 1-2
WTD
described 33-13
setting thresholds
egress queue-sets 33-72
ingress queues 33-67
support for 1-14
X
Xmodem protocol 38-2
Index
A
abbreviating commands 2-3
AC (command switch) 6-10
access-class command 31-17
access control entries
See ACEs
access-denied response, VMPS 13-23
access groups
Layer 3 31-19
access groups, applying IPv4 ACLs to interfaces 31-18
accessing
clusters, switch 6-13
command switches 6-11
member switches 6-13
switch clusters 6-13
accessing stack members 7-21
access lists
See ACLs
access ports
in switch clusters 6-9
access ports, defined 12-3
accounting
with 802.1x 10-55
with IEEE 802.1x 10-17
with RADIUS 9-35
with TACACS+ 9-11, 9-17
ACEs
and QoS 33-8
defined 31-2
Ethernet 31-2
IP 31-2
ACLs
ACEs 31-2
any keyword 31-11
applying
time ranges to 31-15
to an interface 31-18
to QoS 33-8
classifying traffic for QoS 33-48
comments in 31-16
compiling 31-20
defined 31-1, 31-7
examples of 31-20, 33-48
extended IP, configuring for QoS classification 33-49
extended IPv4
creating 31-9
matching criteria 31-7
hardware and software handling 31-19
host keyword 31-11
IP
creating 31-7
fragments and QoS guidelines 33-38
implicit deny 31-9, 31-12, 31-14
implicit masks 31-9
matching criteria 31-7
undefined 31-19
IPv4
applying to interfaces 31-18
creating 31-7
matching criteria 31-7
named 31-13
numbers 31-7
terminal lines, setting on 31-17
unsupported features 31-6
MAC extended 31-22, 33-50
matching 31-7, 31-19
monitoring 31-25
named, IPv4 31-13
number per QoS class map 33-38
port 31-2
precedence of 31-2
QoS 33-8, 33-48
resequencing entries 31-13
router 31-2
standard IP, configuring for QoS classification 33-48
standard IPv4
creating 31-8
matching criteria 31-7
support for 1-10
support in hardware 31-19
time ranges 31-15
types supported 31-2
unsupported features, IPv4 31-6
active link 19-4, 19-5, 19-6
active links 19-2
active traffic monitoring, IP SLAs 32-1
address aliasing 22-2
addresses
displaying the MAC address table 5-30
dynamic
accelerated aging 16-9
changing the aging time 5-22
default aging 16-9
defined 5-20
learning 5-21
removing 5-23
IPv6 35-2
MAC, discovering 5-31
multicast, STP address management 16-9
static
adding and removing 5-27
defined 5-20
address resolution 5-31
Address Resolution Protocol
See ARP
advertisements
CDP 25-1
LLDP 26-2
VTP 13-15, 14-3, 14-4
aggregatable global unicast addresses 35-3
aggregated ports
See EtherChannel
aggregate policers 33-58
aggregate policing 1-14
aging, accelerating 16-9
aging time
accelerated
for MSTP 17-25
for STP 16-9, 16-23
MAC address table 5-22
maximum
for MSTP 17-26
for STP 16-23, 16-24
alarms, RMON 28-3
allowed-VLAN list 13-17
ARP
defined 1-6, 5-31
table
address resolution 5-31
managing 5-31
attributes, RADIUS
vendor-proprietary 9-38
vendor-specific 9-36
attribute-value pairs 10-14, 10-17, 10-22, 10-23
authentication
local mode with AAA 9-40
NTP associations 5-5
open1x 10-33
RADIUS
key 9-28
login 9-30
TACACS+
defined 9-11
key 9-13
login 9-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 10-9
authentication failed VLAN
See restricted VLAN
authentication manager
CLI commands 10-10
compatibility with older 802.1x CLI commands 10-10 to ??
overview 10-8
authoritative time source, described 5-3
authorization
with RADIUS 9-34
with TACACS+ 9-11, 9-16
authorized ports with IEEE 802.1x 10-11
autoconfiguration 3-3
auto enablement 10-34
automatic advise (auto-advise) in switch stacks 7-11
automatic copy (auto-copy) in switch stacks 7-10
automatic discovery
considerations
beyond a noncandidate device 6-8
brand new switches 6-9
connectivity 6-5
different VLANs 6-7
management VLANs 6-8
non-CDP-capable devices 6-7
noncluster-capable devices 6-7
in switch clusters 6-5
See also CDP
automatic extraction (auto-extract) in switch stacks 7-10
automatic QoS
See QoS
automatic recovery, clusters 6-10
See also HSRP
automatic upgrades (auto-upgrade) in switch stacks 7-10
auto-MDIX
configuring 12-30
described 12-29
autonegotiation
duplex mode 1-4
interface configuration guidelines 12-27
mismatches 38-12
Auto-QoS video devices 1-14
autosensing, port speed 1-4
auxiliary VLAN
See voice VLAN
availability, features 1-8
B
BackboneFast
described 18-7
disabling 18-17
enabling 18-17
support for 1-8
backup interfaces
See Flex Links
backup links 19-2
banners
configuring
login 5-20
message-of-the-day login 5-19
default configuration 5-18
when displayed 5-18
Berkeley r-tools replacement 9-52
binding database
DHCP snooping
See DHCP snooping binding database
bindings
DHCP snooping database 20-7
IP source guard 20-14
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 23-7
booting
boot loader, function of 3-2
boot process 3-2
manually 3-19
specific image 3-20
boot loader
accessing 3-21
described 3-2
environment variables 3-21
prompt 3-21
trap-door mechanism 3-2
BPDU
error-disabled state 18-3
filtering 18-3
RSTP format 17-13
BPDU filtering
described 18-3
disabling 18-15
enabling 18-15
support for 1-8
BPDU guard
described 18-2
disabling 18-14
enabling 18-14
support for 1-8
bridge protocol data unit
See BPDU
broadcast storm-control command 23-4
broadcast storms 23-1
C
cables, monitoring for unidirectional links 24-1
candidate switch
automatic discovery 6-5
defined 6-4
requirements 6-4
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility 10-9
CA trustpoint
configuring 9-49
defined 9-47
CDP
and trusted boundary 33-43
automatic discovery in switch clusters 6-5
configuring 25-2
default configuration 25-2
defined with LLDP 26-1
described 25-1
disabling for routing device 25-4
enabling and disabling
on an interface 25-4
on a switch 25-4
monitoring 25-5
overview 25-1
power negotiation extensions 12-5
support for 1-6
switch stack considerations 25-2
transmission timer and holdtime, setting 25-3
updates 25-3
CGMP
as IGMP snooping learning method 22-9
joining multicast group 22-3
CipherSuites 9-48
Cisco 7960 IP Phone 15-1
Cisco Discovery Protocol
See CDP
Cisco intelligent power management 12-5
Cisco IOS File System
See IFS
Cisco IOS IP Service Level Agreements (SLAs) responder 1-5
Cisco IOS IP SLAs 32-2
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 10-23
attribute-value pairs for redirect URL 10-22
Cisco Secure ACS configuration guide 10-67
CiscoWorks 2000 1-5, 30-4
CISP 10-34
CIST regional root
See MSTP
CIST root
See MSTP
civic location 26-3
class maps for QoS
configuring 33-51
described 33-8
displaying 33-79
class of service
See CoS
clearing interfaces 12-38
CLI
abbreviating commands 2-3
command modes 2-1
configuration logging 2-4
described 1-5
editing features
enabling and disabling 2-6
keystroke editing 2-7
wrapped lines 2-8
error messages 2-4
filtering command output 2-9
getting help 2-3
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
managing clusters 6-16
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client mode, VTP 14-3
clock
See system clock
clusters, switch
accessing 6-13
automatic discovery 6-5
automatic recovery 6-10
benefits 1-2
compatibility 6-5
described 6-1
LRE profile considerations 6-16
managing
through CLI 6-16
through SNMP 6-17
planning 6-5
planning considerations
automatic discovery 6-5
automatic recovery 6-10
CLI 6-16
host names 6-13
IP addresses 6-13
LRE profiles 6-16
passwords 6-13
RADIUS 6-16
SNMP 6-14, 6-17
switch stacks 6-14
TACACS+ 6-16
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
automatic recovery 6-12
considerations 6-11
defined 6-2
requirements 6-3
virtual IP address 6-11
See also HSRP
CNS 1-6
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-7
management functions 1-6
CoA Request Commands 9-23
Coarse Wave Division Multiplexer
See CWDM SFPs
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-3
no and default 2-4
commands, setting privilege levels 9-8
command switch
accessing 6-11
active (AC) 6-10
configuration conflicts 38-12
defined 6-2
passive (PC) 6-10
password privilege levels 6-17
priority 6-10
recovery
from command-switch failure 6-10, 38-8
from lost member connectivity 38-12
redundant 6-10
replacing
with another switch 38-11
with cluster member 38-9
requirements 6-3
standby (SC) 6-10
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
configuring 6-14, 30-8
for cluster switches 30-4
in clusters 6-14
overview 30-4
SNMP 6-14
compatibility, feature 23-12
compatibility, software
See stacks, switch
config.text 3-18
configurable leave timer, IGMP 22-6
configuration, initial
defaults 1-16
Express Setup 1-2
configuration changes, logging 29-11
configuration conflicts, recovering from lost member connectivity 38-12
configuration examples, network 1-18
configuration files
archiving A-20
clearing the startup configuration A-19
creating using a text editor A-10
default name 3-18
deleting a stored configuration A-19
described A-8
downloading
automatically 3-18
preparing A-11, A-13, A-16
reasons for A-9
using FTP A-13
using RCP A-17
using TFTP A-11
guidelines for creating and using A-9
guidelines for replacing and rolling back A-21
invalid combinations when copying A-5
limiting TFTP server access 30-16
obtaining with DHCP 3-9
password recovery disable considerations 9-5
replacing a running configuration A-19, A-20
rolling back a running configuration A-19, A-20
specifying the filename 3-18
system contact and location information 30-16
types and location A-10
uploading
preparing A-11, A-13, A-16
reasons for A-9
using FTP A-15
using RCP A-18
using TFTP A-12
configuration logger 29-11
configuration logging 2-4
configuration replacement A-19
configuration rollback A-19, A-20
configuration settings, saving 3-15
configure terminal command 12-16
configuring 802.1x user distribution 10-63
configuring port-based authentication violation modes 10-44
configuring small-frame arrival rate 23-5
conflicts, configuration 38-12
connections, secure remote 9-42
connectivity problems 38-14, 38-15, 38-17
consistency checks in VTP Version 2 14-5
console port, connecting to 2-10
control protocol, IP SLAs 32-4
corrupted software, recovery steps with Xmodem 38-2
CoS
in Layer 2 frames 33-2
override priority 15-6
trust priority 15-6
CoS input queue threshold map for QoS 33-16
CoS output queue threshold map for QoS 33-19
CoS-to-DSCP map for QoS 33-61
counters, clearing interface 12-38
CPU utilization, troubleshooting 38-28
crashinfo file 38-23
critical authentication, IEEE 802.1x 10-60
critical VLAN 10-26
critical voice VLAN
configuring 10-60
cross-stack EtherChannel
configuration guidelines 37-13
described 37-3
illustration 37-4
support for 1-8
cross-stack UplinkFast, STP
described 18-5
disabling 18-17
enabling 18-17
fast-convergence events 18-7
Fast Uplink Transition Protocol 18-6
normal-convergence events 18-7
support for 1-8
cryptographic software image
SSH 9-41
SSL 9-46
switch stack considerations 7-14
customjzeable web pages, web-based authentication 11-6
CWDM SFPs 1-23
D
DACL
See downloadable ACL
daylight saving time 5-14
debugging
enabling all system diagnostics 38-21
enabling for a specific feature 38-20
redirecting error message output 38-21
using commands 38-20
default commands 2-4
default configuration
802.1x 10-37
auto-QoS 33-22
banners 5-18
booting 3-18
CDP 25-2
DHCP 20-9
DHCP option 82 20-9
DHCP snooping 20-9
DHCP snooping binding database 20-9
DNS 5-17
dynamic ARP inspection 21-5
EtherChannel 37-11
Ethernet interfaces 12-23
Flex Links 19-8
IGMP filtering 22-24
IGMP snooping 22-7, 36-6
IGMP throttling 22-24
initial switch information 3-3
IP SLAs 32-5
IP source guard 20-16
IPv6 35-6
Layer 2 interfaces 12-23
LLDP 26-5
MAC address table 5-22
MAC address-table move update 19-8
MSTP 17-16
MVR 22-19
NTP 5-5
optional spanning-tree configuration 18-12
password and privilege level 9-2
RADIUS 9-27
RMON 28-3
RSPAN 27-11
SDM template 8-3
SNMP 30-6
SPAN 27-11
SSL 9-48
standard QoS 33-36
STP 16-13
switch stacks 7-17
system message logging 29-4
system name and prompt 5-16
TACACS+ 9-13
UDLD 24-4
VLAN, Layer 2 Ethernet interfaces 13-15
VLANs 13-7
VMPS 13-24
voice VLAN 15-3
VTP 14-9
default gateway 3-15
default web-based authentication configuration
802.1X 11-9
deleting VLANs 13-9
denial-of-service attack 23-1
description command 12-34
designing your network, examples 1-18
destination addresses
in IPv4 ACLs 31-10
destination-IP address-based forwarding, EtherChannel 37-9
destination-MAC address forwarding, EtherChannel 37-9
detecting indirect link failures, STP 18-8
device A-23
device discovery protocol 25-1, 26-1
device manager
benefits 1-2
described 1-2, 1-5
in-band management 1-7
upgrading a switch A-23
DHCP
enabling
relay agent 20-11
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-8
relay device 3-8
server side 3-6
TFTP server 3-7
example 3-10
lease options
for IP address information 3-6
for receiving the configuration file 3-6
overview 3-3
relationship to BOOTP 3-4
relay support 1-6
support for 1-6
DHCP-based autoconfiguration and image update
configuring 3-11 to 3-14
understanding 3-5 to 3-6
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 20-5
configuration guidelines 20-9
default configuration 20-9
displaying 20-14
overview 20-4
packet format, suboption
circuit ID 20-5
remote ID 20-5
remote ID suboption 20-5
DHCP server port-based address allocation
configuration guidelines 20-23
default configuration 20-23
described 20-22
displaying 20-25
enabling 20-23
reserved addresses 20-23
DHCP server port-based address assignment
support for 1-6
DHCP snooping
accepting untrusted packets form edge switch 20-3, 20-11
binding database
See DHCP snooping binding database
configuration guidelines 20-9
default configuration 20-9
displaying binding tables 20-14
message exchange process 20-4
option 82 data insertion 20-4
trusted interface 20-3
untrusted interface 20-3
untrusted messages 20-3
DHCP snooping binding database
adding bindings 20-13
binding entries, displaying 20-14
binding file
format 20-8
location 20-7
bindings 20-7
clearing agent statistics 20-13
configuration guidelines 20-10
configuring 20-13
default configuration 20-9
deleting
binding file 20-13
bindings 20-13
database agent 20-13
described 20-7
displaying 20-14
displaying status and statistics 20-14
enabling 20-13
entry 20-7
renewing database 20-13
resetting
delay value 20-13
timeout value 20-13
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 33-2
Differentiated Services Code Point 33-2
directed unicast requests 1-6
directories
changing A-4
creating and removing A-4
displaying the working A-4
discovery, clusters
See automatic discovery
DNS
and DHCP-based autoconfiguration 3-8
default configuration 5-17
displaying the configuration 5-18
in IPv6 35-3
overview 5-16
setting up 5-17
support for 1-6
domain names
DNS 5-16
VTP 14-10
Domain Name System
See DNS
downloadable ACL 10-21, 10-23, 10-67
downloading
configuration files
preparing A-11, A-13, A-16
reasons for A-9
using FTP A-13
using RCP A-17
using TFTP A-11
image files
deleting old image A-27
preparing A-25, A-29, A-33
reasons for A-23
using CMS 1-2
using FTP A-30
using HTTP 1-2, A-23
using RCP A-34
using TFTP A-26
using the device manager or Network Assistant A-23
DRP
support for 1-15
DSCP 1-13, 33-2
DSCP input queue threshold map for QoS 33-16
DSCP output queue threshold map for QoS 33-19
DSCP-to-CoS map for QoS 33-64
DSCP-to-DSCP-mutation map for QoS 33-65
DSCP transparency 33-44
DTP 1-9, 13-13
dual-action detection 37-6
dual IPv4 and IPv6 templates 35-4, 35-5
dual protocol stacks
IPv4 and IPv6 35-4
SDM templates supporting 35-5
dual-purpose uplinks
defined 12-4
LEDs 12-5
link selection 12-5, 12-25
setting the type 12-25
dynamic access ports
characteristics 13-4
configuring 13-25
defined 12-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 21-1
ARP requests, described 21-1
ARP spoofing attack 21-1
clearing
log buffer 21-16
statistics 21-16
configuration guidelines 21-6
configuring
ACLs for non-DHCP environments 21-9
in DHCP environments 21-7
log buffer 21-13
rate limit for incoming ARP packets 21-4, 21-11
default configuration 21-5
denial-of-service attacks, preventing 21-11
described 21-1
DHCP snooping binding database 21-2
displaying
ARP ACLs 21-15
configuration and operating state 21-15
log buffer 21-16
statistics 21-16
trust state and rate limit 21-15
error-disabled state for exceeding rate limit 21-4
function of 21-2
interface trust states 21-3
log buffer
clearing 21-16
configuring 21-13
displaying 21-16
logging of dropped packets, described 21-5
man-in-the middle attack, described 21-2
network security issues and interface trust states 21-3
priority of ARP ACLs and DHCP snooping entries 21-4
rate limiting of ARP packets
configuring 21-11
described 21-4
error-disabled state 21-4
statistics
clearing 21-16
displaying 21-16
validation checks, performing 21-12
dynamic auto trunking mode 13-14
dynamic desirable trunking mode 13-14
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 13-23
reconfirming 13-26
troubleshooting 13-28
types of connections 13-25
Dynamic Trunking Protocol
See DTP
E
editing features
enabling and disabling 2-6
keystrokes used 2-7
wrapped lines 2-8
elections
See stack master
ELIN location 26-3
enable password 9-3
enable secret password 9-3
encryption, CipherSuite 9-48
encryption for passwords 9-3
environment variables, function of 3-21
error-disabled state, BPDU 18-3
error messages during command entry 2-4
EtherChannel
automatic creation of 37-5, 37-7
channel groups
binding physical and logical interfaces 37-4
numbering of 37-4
configuration guidelines 37-12
configuring Layer 2 interfaces 37-13
default configuration 37-11
described 37-2
displaying status 37-20
forwarding methods 37-8, 37-15
IEEE 802.3ad, described 37-7
interaction
with STP 37-12
with VLANs 37-13
LACP
described 37-7
displaying status 37-20
hot-standby ports 37-18
interaction with other features 37-8
modes 37-7
port priority 37-19
system priority 37-18
load balancing 37-8, 37-15
PAgP
aggregate-port learners 37-16
compatibility with Catalyst 1900 37-17
described 37-5
displaying status 37-20
interaction with other features 37-7
interaction with virtual switches 37-6
learn method and priority configuration 37-16
modes 37-6
support for 1-4
with dual-action detection 37-6
port-channel interfaces
described 37-4
numbering of 37-4
port groups 12-4
stack changes, effects of 37-10
support for 1-4
EtherChannel guard
described 18-10
disabling 18-18
enabling 18-18
Ethernet management port
active link 12-21
and routing 12-21
and TFTP 12-22
configuring 12-22
default setting 12-21
described 12-21
for network management 12-21
specifying 12-22
supported features 12-21
unsupported features 12-22
Ethernet management port, internal
and routing 12-21
unsupported features 12-22
Ethernet VLANs
adding 13-8
defaults and ranges 13-7
modifying 13-8
EUI 35-3
events, RMON 28-3
examples
network configuration 1-18
expedite queue for QoS 33-78
Express Setup 1-2
See also getting started guide
extended crashinfo file 38-23
extended-range VLANs
configuration guidelines 13-11
configuring 13-10
creating 13-11
defined 13-1
extended system ID
MSTP 17-19
STP 16-4, 16-16
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 10-1
F
fa0 interface 1-7
Fa0 port
See Ethernet management port
failover support 1-8
Fast Convergence 19-3
fastethernet0 port
See Ethernet management port
Fast Uplink Transition Protocol 18-6
features, incompatible 23-12
fiber-optic, detecting unidirectional links 24-1
files
basic crashinfo
description 38-23
location 38-23
copying A-5
crashinfo, description 38-23
deleting A-5
displaying the contents of A-8
extended crashinfo
description 38-24
location 38-24
tar
creating A-6
displaying the contents of A-7
extracting A-7
image file format A-24
file system
displaying available file systems A-2
displaying file information A-3
local file system names A-1
network file system names A-5
setting the default A-3
filtering
non-IP traffic 31-22
show and more command output 2-9
filtering show and more command output 2-9
filters, IP
See ACLs, IP
flash device, number of A-1
flexible authentication ordering
configuring 10-70
overview 10-33
Flex Link Multicast Fast Convergence 19-3
Flex Links
configuration guidelines 19-8
configuring 19-9, 19-10
configuring preferred VLAN 19-12
configuring VLAN load balancing 19-11
default configuration 19-8
description 19-2
link load balancing 19-3
monitoring 19-14
VLANs 19-3
flooded traffic, blocking 23-8
flow-based packet classification 1-13
flowcharts
QoS classification 33-7
QoS egress queueing and scheduling 33-18
QoS ingress queueing and scheduling 33-15
QoS policing and marking 33-11
flowcontrol
configuring 12-29
described 12-28
forward-delay time
MSTP 17-25
STP 16-23
FTP
accessing MIB files B-4
configuration files
downloading A-13
overview A-12
preparing the server A-13
uploading A-15
image files
deleting old image A-31
downloading A-30
preparing the server A-29
uploading A-32
G
general query 19-5
Generating IGMP Reports 19-4
get-bulk-request operation 30-3
get-next-request operation 30-3, 30-4
get-request operation 30-3, 30-4
get-response operation 30-3
Gigabit modules
See SFPs
global configuration mode 2-2
global leave, IGMP 22-13
guest VLAN and 802.1x 10-24
guide mode 1-2
GUIs
See device manager and Network Assistant
H
hello time
MSTP 17-25
STP 16-22
help, for the command line 2-3
HFTM space 38-26
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 29-10
host names, in clusters 6-13
hosts, limit on dynamic ports 13-28
HP OpenView 1-5
HQATM space 38-26
HSRP
automatic cluster recovery 6-12
cluster standby group considerations 6-11
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
see HTTPS
HTTPS 9-46
configuring 9-50
self-signed certificate 9-47
HTTP secure server 9-46
Hulc Forwarding TCAM Manager
See HFTM space
Hulc QoS/ACL TCAM Manager
See HQATM space
I
ICMP
IPv6 35-3
time-exceeded messages 38-17
traceroute and 38-17
ICMP ping
executing 38-14
overview 38-14
ICMPv6 35-3
IDS appliances
and ingress RSPAN 27-21
and ingress SPAN 27-14
IEEE 802.1D
See STP
IEEE 802.1p 15-1
IEEE 802.1Q
and trunk ports 12-3
configuration limitations 13-14
encapsulation 13-13
native VLAN for untagged traffic 13-18
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3ad, PoE+ 1-15, 12-6
IEEE 802.3af
See PoE
IEEE 802.3x flow control 12-28
ifIndex values, SNMP 30-5
IFS 1-6
IGMP
configurable leave timer
described 22-6
enabling 22-11
flooded multicast traffic
controlling the length of time 22-12
disabling on an interface 22-13
global leave 22-13
query solicitation 22-13
recovering from flood mode 22-13
joining multicast group 22-3
join messages 22-3
leave processing, enabling 22-10, 36-9
leaving multicast group 22-5
queries 22-4
report suppression
described 22-6
disabling 22-15, 36-11
supported versions 22-3
support for 1-4
IGMP filtering
configuring 22-24
default configuration 22-24
described 22-23
monitoring 22-28
support for 1-4
IGMP groups
configuring filtering 22-27
setting the maximum number 22-26
IGMP Immediate Leave
configuration guidelines 22-11
described 22-5
enabling 22-10
IGMP profile
applying 22-25
configuration mode 22-24
configuring 22-25
IGMP snooping
and address aliasing 22-2
and stack changes 22-6
configuring 22-7
default configuration 22-7, 36-6
definition 22-2
enabling and disabling 22-7, 36-7
global configuration 22-7
Immediate Leave 22-5
in the switch stack 22-6
method 22-8
monitoring 22-16, 36-12
querier
configuration guidelines 22-14
configuring 22-14
supported versions 22-3
support for 1-4
VLAN configuration 22-8
IGMP throttling
configuring 22-27
default configuration 22-24
described 22-24
displaying action 22-28
Immediate Leave, IGMP 22-5
enabling 36-9
inaccessible authentication bypass 10-26
support for multiauth ports 10-26
initial configuration
defaults 1-16
Express Setup 1-2
interface
number 12-16
range macros 12-19
interface command 12-16 to ??, 12-16
interface configuration mode 2-2
interfaces
auto-MDIX, configuring 12-29
configuration guidelines
duplex and speed 12-26
configuring
procedure 12-16
counters, clearing 12-38
default configuration 12-23
described 12-34
descriptive name, adding 12-34
displaying information about 12-38
flow control 12-28
management 1-5
monitoring 12-37
naming 12-34
physical, identifying 12-15, 12-16
range of 12-17
restarting 12-39
shutting down 12-39
speed and duplex, configuring 12-27
status 12-37
supported 12-15
types of 12-1
interfaces range macro command 12-19
interface types 12-16
Internet Protocol version 6
See IPv6
inter-VLAN routing 34-1
Intrusion Detection System
See IDS appliances
inventory management TLV 26-3, 26-7
IP ACLs
for QoS classification 33-8
implicit deny 31-9, 31-12
implicit masks 31-9
named 31-13
undefined 31-19
IP addresses
128-bit 35-2
candidate or member 6-4, 6-13
classes of 34-4
cluster access 6-2
command switch 6-3, 6-11, 6-13
discovering 5-31
for IP routing 34-4
IPv6 35-2
redundant clusters 6-11
standby command switch 6-11, 6-13
See also IP information
ip igmp profile command 22-24
IP information
assigned
manually 3-15
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP phones
and QoS 15-1
automatic classification and queueing 33-21
configuring 15-4
ensuring port security with QoS 33-43
trusted boundary for QoS 33-43
IP Port Security for Static Hosts
on a Layer 2 access port 20-18
IP precedence 33-2
IP-precedence-to-DSCP map for QoS 33-62
IP protocols in ACLs 31-10
IP routing
disabling 34-4
enabling 34-4
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 32-1
IP SLAs
benefits 32-2
configuration guidelines 32-5
Control Protocol 32-4
default configuration 32-5
definition 32-1
measuring network performance 32-3
monitoring 32-6
operation 32-3
responder
described 32-4
enabling 32-6
response time 32-4
SNMP support 32-2
supported metrics 32-2
IP source guard
and 802.1x 20-17
and DHCP snooping 20-14
and EtherChannels 20-17
and port security 20-17
and private VLANs 20-17
and routed ports 20-16
and TCAM entries 20-17
and trunk interfaces 20-16
and VRF 20-17
binding configuration
automatic 20-14
manual 20-14
binding table 20-14
configuration guidelines 20-16
default configuration 20-16
described 20-14
disabling 20-18
displaying
active IP or MAC bindings 20-22
bindings 20-22
configuration 20-22
enabling 20-17, 20-18
filtering
source IP address 20-15
source IP and MAC address 20-15
on provisioned switches 20-17
source IP address filtering 20-15
source IP and MAC address filtering 20-15
static bindings
adding 20-17, 20-18
deleting 20-18
static hosts 20-18
IP traceroute
executing 38-18
overview 38-17
IP unicast routing
assigning IP addresses to Layer 3 interfaces 34-4
configuring static routes 34-5
disabling 34-4
enabling 34-4
inter-VLAN 34-1
IP addressing
classes 34-4
configuring 34-4
steps to configure 34-3
subnet mask 34-4
with SVIs 34-3
IPv4 ACLs
applying to interfaces 31-18
extended, creating 31-9
named 31-13
standard, creating 31-8
IPv4 and IPv6
dual protocol stacks 35-4
IPv6
addresses 35-2
address formats 35-2
and switch stacks 35-6
applications 35-4
assigning address 35-7
autoconfiguration 35-4
configuring static routes 35-10
default configuration 35-6
defined 35-1
forwarding 35-7
ICMP 35-3
monitoring 35-11
neighbor discovery 35-3
SDM templates 36-1
stack master functions 35-6
Stateless Autoconfiguration 35-4
supported features 35-2
J
join messages, IGMP 22-3
L
LACP
See EtherChannel
Layer 2 frames, classification with CoS 33-2
Layer 2 interfaces, default configuration 12-23
Layer 2 traceroute
and ARP 38-16
and CDP 38-16
broadcast traffic 38-15
described 38-15
IP addresses and subnets 38-16
MAC addresses and VLANs 38-16
multicast traffic 38-16
multiple devices on a port 38-16
unicast traffic 38-15
usage guidelines 38-16
Layer 3 features 1-15
Layer 3 interfaces
assigning IP addresses to 34-4
assigning IPv6 addresses to 35-7
changing from Layer 2 mode 34-4
Layer 3 packets, classification methods 33-2
LDAP 4-2
Leaking IGMP Reports 19-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-2
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 17-8
Link Layer Discovery Protocol
See CDP
link local unicast addresses 35-3
link redundancy
See Flex Links
links, unidirectional 24-1
link-state tracking
configuring 37-23
described 37-20
LLDP
configuring 26-5
characteristics 26-6
default configuration 26-5
enabling 26-6
monitoring and maintaining 26-11
overview 26-1
supported TLVs 26-2
switch stack considerations 26-2
transmission timer and holdtime, setting 26-6
LLDP-MED
configuring
procedures 26-5
TLVs 26-7
monitoring and maintaining 26-11
overview 26-1, 26-2
supported TLVs 26-2
LLDP Media Endpoint Discovery
See LLDP-MED
local SPAN 27-2
location TLV 26-3, 26-7
login authentication
with RADIUS 9-30
with TACACS+ 9-14
login banners 5-18
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-20
loop guard
described 18-11
enabling 18-19
support for 1-9
LRE profiles, considerations in switch clusters 6-16
M
MAB
See MAC authentication bypass
MAB inactivity timer
default setting 10-38
range 10-40
MAC/PHY configuration status TLV 26-2
MAC addresses
aging time 5-22
and VLAN association 5-21
building the address table 5-21
default configuration 5-22
disabling learning on a VLAN 5-30
discovering 5-31
displaying 5-30
displaying in the IP source binding table 20-22
dynamic
learning 5-21
removing 5-23
in ACLs 31-22
static
adding 5-27
allowing 5-29, 5-30
characteristics of 5-27
dropping 5-29
removing 5-28
MAC address learning 1-6
MAC address learning, disabling on a VLAN 5-30
MAC address notification, support for 1-15
MAC address-table move update
configuration guidelines 19-8
configuring 19-12
default configuration 19-8
description 19-6
monitoring 19-14
MAC address-to-VLAN mapping 13-23
MAC authentication bypass 10-40
configuring 10-63
overview 10-18
MAC extended access lists
applying to Layer 2 interfaces 31-24
configuring for QoS 33-50
creating 31-22
defined 31-22
for QoS classification 33-5
magic packet 10-30
manageability features 1-6
management access
in-band
browser session 1-7
CLI session 1-7
device manager 1-7
SNMP 1-7
out-of-band console port connection 1-7
management address TLV 26-2
management options
CLI 2-1
clustering 1-3
CNS 4-1
Network Assistant 1-2
overview 1-5
management VLAN
considerations in switch clusters 6-8
discovery through different management VLANs 6-8
mapping tables for QoS
configuring
CoS-to-DSCP 33-61
DSCP 33-61
DSCP-to-CoS 33-64
DSCP-to-DSCP-mutation 33-65
IP-precedence-to-DSCP 33-62
policed-DSCP 33-63
described 33-11
marking
action with aggregate policers 33-58
described 33-4, 33-9
matching, IPv4 ACLs 31-7
maximum aging time
MSTP 17-26
STP 16-23
maximum hop count, MSTP 17-26
maximum number of allowed devices, port-based authentication 10-40
MDA
configuration guidelines 10-13 to 10-14
described 1-11, 10-13
exceptions with authentication process 10-6
membership mode, VLAN port 13-3
member switch
automatic discovery 6-5
defined 6-2
managing 6-16
passwords 6-13
recovering from lost connectivity 38-12
requirements 6-4
See also candidate switch, cluster standby group, and standby command switch
memory consistency check errors
displaying 38-27
example 38-27
memory consistency check routines 1-5, 38-26
memory consistency integrity 1-5, 38-26
messages, to users through banners 5-18
MIBs
accessing files with FTP B-4
location of files B-4
overview 30-1
SNMP interaction with 30-4
supported B-1
mirroring traffic for analysis 27-1
mismatches, autonegotiation 38-12
module number 12-16
monitoring
access groups 31-25
cables for unidirectional links 24-1
CDP 25-5
features 1-15
Flex Links 19-14
IGMP
filters 22-28
snooping 22-16, 36-12
interfaces 12-37
IP SLAs operations 32-6
IPv4 ACL configuration 31-25
IPv6 35-11
MAC address-table move update 19-14
multicast router interfaces 22-16, 36-12
MVR 22-23
network traffic for analysis with probe 27-2
port
blocking 23-18
protection 23-18
SFP status 12-38, 38-14
speed and duplex mode 12-28
traffic flowing among switches 28-1
traffic suppression 23-18
VLANs 13-13
VMPS 13-27
VTP 14-18
mrouter Port 19-3
mrouter port 19-5
MSTP
boundary ports
configuration guidelines 17-17
described 17-6
BPDU filtering
described 18-3
enabling 18-15
BPDU guard
described 18-2
enabling 18-14
CIST, described 17-3
CIST regional root 17-3
CIST root 17-5
configuration guidelines 17-16, 18-12
configuring
forward-delay time 17-25
hello time 17-25
link type for rapid convergence 17-27
maximum aging time 17-26
maximum hop count 17-26
MST region 17-17
neighbor type 17-27
path cost 17-23
port priority 17-21
root switch 17-19
secondary root switch 17-20
switch priority 17-24
CST
defined 17-3
operations between regions 17-4
default configuration 17-16
default optional feature configuration 18-12
displaying status 17-28
enabling the mode 17-17
EtherChannel guard
described 18-10
enabling 18-18
extended system ID
effects on root switch 17-19
effects on secondary root switch 17-20
unexpected behavior 17-19
IEEE 802.1s
implementation 17-7
port role naming change 17-7
terminology 17-5
instances supported 16-10
interface state, blocking to forwarding 18-2
interoperability and compatibility among modes 16-11
interoperability with IEEE 802.1D
described 17-9
restarting migration process 17-28
IST
defined 17-3
master 17-3
operations within a region 17-3
loop guard
described 18-11
enabling 18-19
mapping VLANs to MST instance 17-18
MST region
CIST 17-3
configuring 17-17
described 17-2
hop-count mechanism 17-6
IST 17-3
supported spanning-tree instances 17-2
optional features supported 1-8
overview 17-2
Port Fast
described 18-2
enabling 18-13
preventing root switch selection 18-10
root guard
described 18-10
enabling 18-18
root switch
configuring 17-19
effects of extended system ID 17-19
unexpected behavior 17-19
shutdown Port Fast-enabled port 18-2
stack changes, effects of 17-9
status, displaying 17-28
multiauth
support for inaccessible authentication bypass 10-26
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 22-5
joining 22-3
leaving 22-5
static joins 22-10, 36-8
multicast router interfaces, monitoring 22-16, 36-12
multicast router ports, adding 22-9, 36-8
multicast storm 23-1
multicast storm-control command 23-4
multicast television application 22-18
multicast VLAN 22-17
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multiple authentication 10-15
multiple authentication mode
configuring 10-48
MVR
and address aliasing 22-20
and IGMPv3 22-20
configuration guidelines 22-20
configuring interfaces 22-21
default configuration 22-19
described 22-17
example application 22-18
modes 22-21
monitoring 22-23
multicast television application 22-18
setting global parameters 22-20
support for 1-4
N
NAC
critical authentication 10-26, 10-60
IEEE 802.1x authentication using a RADIUS server 10-65
IEEE 802.1x validation using RADIUS server 10-65
inaccessible authentication bypass 10-60
Layer 2 IEEE 802.1x validation 1-12, 10-32, 10-65
named IPv4 ACLs 31-13
NameSpace Mapper
See NSM
native VLAN
configuring 13-18
default 13-18
NEAT
configuring 10-66
overview 10-34
neighbor discovery, IPv6 35-3
Network Admission Control
See NAC
Network Assistant
benefits 1-2
described 1-5
downloading image files 1-2
guide mode 1-2
management options 1-2
managing switch stacks 7-2, 7-14
upgrading a switch A-23
wizards 1-2
network configuration examples
increasing network performance 1-19
long-distance, high-bandwidth transport 1-23
providing network services 1-19
server aggregation and Linux server cluster 1-21
small to medium-sized network 1-22
network design
performance 1-19
services 1-19
Network Edge Access Topology
See NEAT
network management
CDP 25-1
RMON 28-1
SNMP 30-1
network performance, measuring with IP SLAs 32-3
network policy TLV 26-2, 26-7
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
described 33-10
non-IP traffic filtering 31-22
nontrunking mode 13-14
normal-range VLANs 13-4
configuration guidelines 13-6
configuring 13-4
defined 13-1
NSM 4-3
NTP
associations
authenticating 5-5
defined 5-3
enabling broadcast messages 5-7
peer 5-6
server 5-6
default configuration 5-5
displaying the configuration 5-12
overview 5-3
restricting access
creating an access group 5-9
disabling NTP services per interface 5-11
source IP address, configuring 5-11
stratum 5-3
support for 1-6
synchronizing devices 5-6
time
services 5-3
synchronizing 5-3
O
OBFL
configuring 38-25
described 38-24
displaying 38-26
offline configuration for switch stacks 7-7
off mode, VTP 14-4
on-board failure logging
See OBFL
online diagnostics
overview 39-1
running tests 39-3
understanding 39-1
open1x
configuring 10-71
open1x authentication
overview 10-33
optimizing system resources 8-1
options, management 1-5
out-of-profile markdown 1-14
P
packet modification, with QoS 33-20
PAgP
See EtherChannel
passwords
default configuration 9-2
disabling recovery of 9-5
encrypting 9-3
for security 1-10
in clusters 6-13
overview 9-1
recovery of 38-3
setting
enable 9-3
enable secret 9-3
Telnet 9-6
with usernames 9-7
VTP domain 14-10
path cost
MSTP 17-23
STP 16-20
PC (passive command switch) 6-10
performance, network design 1-19
performance features 1-4
persistent self-signed certificate 9-47
per-user ACLs and Filter-Ids 10-9
per-VLAN spanning-tree plus
See PVST+
physical ports 12-2
PIM-DVMRP, as snooping method 22-8
ping
character output description 38-15
executing 38-14
overview 38-14
PoE
auto mode 12-7
CDP with power consumption, described 12-5
CDP with power negotiation, described 12-5
Cisco intelligent power management 12-5
configuring 12-30
cutoff power
determining 12-8
cutoff-power
support for 12-8
devices supported 12-5
high-power devices operating in low-power mode 12-6
IEEE power classification levels 12-6
monitoring 12-8
monitoring power 12-33
policing power consumption 12-33
policing power usage 12-8
power budgeting 12-31
power consumption 12-9, 12-31
powered-device detection and initial power allocation 12-6
power management modes 12-7
power monitoring 12-8
power negotiation extensions to CDP 12-5
power sensing 12-8
standards supported 12-5
static mode 12-7
total available power 12-10
troubleshooting 38-13
PoE+ 1-15, 12-5, 12-6, 12-30
policed-DSCP map for QoS 33-63
policers
configuring
for each matched traffic class 33-53
for more than one traffic class 33-58
described 33-4
displaying 33-79
number of 33-39
types of 33-10
policing
described 33-4
token-bucket algorithm 33-10
policy maps for QoS
characteristics of 33-53
described 33-8
displaying 33-80
nonhierarchical on physical ports
described 33-10
port ACLs
defined 31-2
types of 31-3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 10-17
authentication server
defined 10-3, 11-2
RADIUS server 10-3
client, defined 10-3, 11-2
configuration guidelines 10-38, 11-9
configuring
802.1x authentication 10-45
guest VLAN 10-57
host mode 10-48
inaccessible authentication bypass 10-60
manual re-authentication of a client 10-50
periodic re-authentication 10-49
quiet period 10-51
RADIUS server 10-47, 11-13
RADIUS server parameters on the switch 10-46, 11-11
restricted VLAN 10-58
switch-to-client frame-retransmission number 10-53, 10-54
switch-to-client retransmission time 10-51
violation modes 10-44
default configuration 10-37, 11-9
described 10-1
device roles 10-3, 11-2
displaying statistics 10-73, 11-17
downloadable ACLs and redirect URLs
configuring 10-67 to 10-69, ?? to 10-70
overview 10-21 to 10-23
EAPOL-start frame 10-6
EAP-request/identity frame 10-6
EAP-response/identity frame 10-6
enabling
802.1X authentication 11-11
encapsulation 10-3
flexible authentication ordering
configuring 10-70
overview 10-33
guest VLAN
configuration guidelines 10-24, 10-25
described 10-24
host mode 10-13
inaccessible authentication bypass
configuring 10-60
described 10-26
guidelines 10-39
initiation and message exchange 10-6
magic packet 10-30
maximum number of allowed devices per port 10-40
method lists 10-45
multiple authentication 10-15
per-user ACLs
configuration tasks 10-21
described 10-20
RADIUS server attributes 10-20
ports
authorization state and dot1x port-control command 10-11
authorized and unauthorized 10-11
voice VLAN 10-28
port security
and voice VLAN 10-29
described 10-29
interactions 10-29
multiple-hosts mode 10-13
readiness check
configuring 10-40
described 10-18, 10-40
resetting to default values 10-72
stack changes, effects of 10-12
statistics, displaying 10-73
switch
as proxy 10-3, 11-2
RADIUS client 10-3
switch supplicant
configuring 10-66
overview 10-34
user distribution
guidelines 10-32
overview 10-31
VLAN assignment
AAA authorization 10-45
characteristics 10-19
configuration tasks 10-20
described 10-19
voice aware 802.1x security
configuring 10-42
described 10-33, 10-42
voice VLAN
described 10-28
PVID 10-28
VVID 10-28
wake-on-LAN, described 10-30
with ACLs and RADIUS Filter-Id attribute 10-35
port-based authentication methods, supported 10-8
port blocking 1-4, 23-7
port-channel
See EtherChannel
port description TLV 26-2
Port Fast
described 18-2
enabling 18-13
mode, spanning tree 13-24
support for 1-8
port membership modes, VLAN 13-3
port priority
MSTP 17-21
STP 16-18
ports
access 12-3
blocking 23-7
dual-purpose uplink 12-4
dynamic access 13-4
protected 23-6
secure 23-9
static-access 13-3, 13-9
switch 12-2
trunks 13-3, 13-13
VLAN assignments 13-9
port security
aging 23-16
and QoS trusted boundary 33-43
and stacking 23-18
configuring 23-13
default configuration 23-11
described 23-8
displaying 23-18
on trunk ports 23-14
sticky learning 23-9
violations 23-10
with other features 23-11
port-shutdown response, VMPS 13-23
port VLAN ID TLV 26-2
power management TLV 26-3, 26-7
Power over Ethernet
See PoE
preemption, default configuration 19-8
preemption delay, default configuration 19-8
preferential treatment of traffic
See QoS
preventing unauthorized access 9-1
primary links 19-2
priority
overriding CoS 15-6
trusting CoS 15-6
private VLAN edge ports
See protected ports
privileged EXEC mode 2-2
privilege levels
changing the default for lines 9-9
command switch 6-17
exiting 9-10
logging into 9-10
mapping on member switches 6-17
overview 9-2, 9-8
setting a command with 9-8
protected ports 1-10, 23-6
provisioned switches and IP source guard 20-17
provisioning new members for a switch stack 7-7
proxy reports 19-4
pruning, VTP
disabling
in VTP domain 14-16
on a port 13-18
enabling
in VTP domain 14-16
on a port 13-18
examples 14-7
overview 14-6
pruning-eligible list
changing 13-18
for VTP pruning 14-6
VLANs 14-16
PVST+
described 16-10
IEEE 802.1Q trunking interoperability 16-11
instances supported 16-10
Q
QoS
and MQC commands 33-1
auto-QoS
categorizing traffic 33-22
configuration and defaults display 33-35
configuration guidelines 33-32
described 33-21
disabling 33-34
displaying generated commands 33-34
displaying the initial configuration 33-35
effects on running configuration 33-32
list of generated commands 33-25
basic model 33-4
classification
class maps, described 33-8
defined 33-4
DSCP transparency, described 33-44
flowchart 33-7
forwarding treatment 33-3
in frames and packets 33-3
IP ACLs, described 33-6, 33-8
MAC ACLs, described 33-5, 33-8
options for IP traffic 33-6
options for non-IP traffic 33-5
policy maps, described 33-8
trust DSCP, described 33-5
trusted CoS, described 33-5
trust IP precedence, described 33-5
class maps
configuring 33-51
displaying 33-79
configuration guidelines
auto-QoS 33-32
standard QoS 33-38
configuring
aggregate policers 33-58
auto-QoS 33-21
default port CoS value 33-42
DSCP maps 33-61
DSCP transparency 33-44
DSCP trust states bordering another domain 33-45
egress queue characteristics 33-72
ingress queue characteristics 33-67
IP extended ACLs 33-49
IP standard ACLs 33-48
MAC ACLs 33-50
port trust states within the domain 33-40
trusted boundary 33-43
default auto configuration 33-22
default standard configuration 33-36
displaying statistics 33-79
DSCP transparency 33-44
egress queues
allocating buffer space 33-72
buffer allocation scheme, described 33-18
configuring shaped weights for SRR 33-76
configuring shared weights for SRR 33-77
described 33-4
displaying the threshold map 33-75
flowchart 33-18
mapping DSCP or CoS values 33-74
scheduling, described 33-4
setting WTD thresholds 33-72
WTD, described 33-19
enabling globally 33-40
flowcharts
classification 33-7
egress queueing and scheduling 33-18
ingress queueing and scheduling 33-15
policing and marking 33-11
implicit deny 33-8
ingress queues
allocating bandwidth 33-70
allocating buffer space 33-69
buffer and bandwidth allocation, described 33-16
configuring shared weights for SRR 33-70
configuring the priority queue 33-71
described 33-4
displaying the threshold map 33-68
flowchart 33-15
mapping DSCP or CoS values 33-67
priority queue, described 33-17
scheduling, described 33-4
setting WTD thresholds 33-67
WTD, described 33-16
IP phones
automatic classification and queueing 33-21
detection and trusted settings 33-21, 33-43
limiting bandwidth on egress interface 33-78
mapping tables
CoS-to-DSCP 33-61
displaying 33-80
DSCP-to-CoS 33-64
DSCP-to-DSCP-mutation 33-65
IP-precedence-to-DSCP 33-62
policed-DSCP 33-63
types of 33-11
marked-down actions 33-56
marking, described 33-4, 33-9
overview 33-2
packet modification 33-20
policers
configuring 33-56, 33-59
described 33-9
displaying 33-79
number of 33-39
types of 33-10
policies, attaching to an interface 33-9
policing
described 33-4, 33-9
token bucket algorithm 33-10
policy maps
characteristics of 33-53
displaying 33-80
nonhierarchical on physical ports 33-53
QoS label, defined 33-4
queues
configuring egress characteristics 33-72
configuring ingress characteristics 33-67
high priority (expedite) 33-20, 33-78
location of 33-12
SRR, described 33-14
WTD, described 33-13
rewrites 33-20
support for 1-13
trust states
bordering another domain 33-45
described 33-5
trusted device 33-43
within the domain 33-40
quality of service
See QoS
queries, IGMP 22-4
query solicitation, IGMP 22-13
R
RADIUS
attributes
vendor-proprietary 9-38
vendor-specific 9-36
configuring
accounting 9-35
authentication 9-30
authorization 9-34
communication, global 9-28, 9-36
communication, per-server 9-27, 9-28
multiple UDP ports 9-28
default configuration 9-27
defining AAA server groups 9-32
displaying the configuration 9-40
identifying the server 9-27
in clusters 6-16
limiting the services to the user 9-34
method list, defined 9-27
operation of 9-20
overview 9-18
server load balancing 9-40
suggested network environments 9-19
support for 1-12
tracking services accessed by user 9-35
RADIUS Change of Authorization 9-20
range
macro 12-19
of interfaces 12-17
rapid convergence 17-11
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 16-10
IEEE 802.1Q trunking interoperability 16-11
instances supported 16-10
Rapid Spanning Tree Protocol
See RSTP
rcommand command 6-16
RCP
configuration files
downloading A-17
overview A-15
preparing the server A-16
uploading A-18
image files
deleting old image A-36
downloading A-34
preparing the server A-33
uploading A-36
readiness check
port-based authentication
configuring 10-40
described 10-18, 10-40
reconfirmation interval, VMPS, changing 13-26
reconfirming dynamic VLAN membership 13-26
recovery procedures 38-1
redirect URL 10-21, 10-22, 10-67
redundancy
EtherChannel 37-3
STP
backbone 16-8
multidrop backbone 18-5
path cost 13-21
port priority 13-19
redundant links and UplinkFast 18-16
reloading software 3-22
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 27-3
report suppression, IGMP
described 22-6
disabling 22-15, 36-11
resequencing ACL entries 31-13
reserved addresses in DHCP pools 20-23
resetting a UDLD-shutdown interface 24-6
responder, IP SLAs
described 32-4
enabling 32-6
response time, measuring with IP SLAs 32-4
restricted VLAN
configuring 10-58
described 10-25
using with IEEE 802.1x 10-25
restricting access
NTP services 5-9
overview 9-1
passwords and privilege levels 9-2
RADIUS 9-18
TACACS+ 9-10
retry count, VMPS, changing 13-27
RFC
1112, IP multicast and IGMP 22-2
1157, SNMPv1 30-2
1166, IP addresses 34-4
1305, NTP 5-3
1757, RMON 28-2
1901, SNMPv2C 30-2
1902 to 1907, SNMPv2 30-2
2236, IP multicast and IGMP 22-2
2273-2275, SNMPv3 30-2
RFC 5176 Compliance 9-21
RMON
default configuration 28-3
displaying status 28-6
enabling alarms and events 28-3
groups supported 28-2
overview 28-1
statistics
collecting group Ethernet 28-5
collecting group history 28-5
support for 1-15
root guard
described 18-10
enabling 18-18
support for 1-8
root switch
MSTP 17-19
STP 16-16
router ACLs
defined 31-2
types of 31-4
RSPAN
and stack changes 27-10
characteristics 27-9
configuration guidelines 27-17
default configuration 27-11
defined 27-3
destination ports 27-8
displaying status 27-24
in a switch stack 27-3
interaction with other features 27-9
monitored ports 27-6
monitoring ports 27-8
overview 1-15, 27-1
received traffic 27-5
sessions
creating 27-18
defined 27-4
limiting source traffic to specific VLANs 27-23
specifying monitored ports 27-18
with ingress traffic enabled 27-21
source ports 27-6
transmitted traffic 27-6
VLAN-based 27-7
RSTP
active topology 17-10
BPDU
format 17-13
processing 17-14
designated port, defined 17-10
designated switch, defined 17-10
interoperability with IEEE 802.1D
described 17-9
restarting migration process 17-28
topology changes 17-14
overview 17-10
port roles
described 17-10
synchronized 17-12
proposal-agreement handshake process 17-11
rapid convergence
cross-stack rapid convergence 17-11
described 17-11
edge ports and Port Fast 17-11
point-to-point links 17-11, 17-27
root ports 17-11
root port, defined 17-10
See also MSTP
running configuration
replacing A-19, A-20
rolling back A-19, A-20
running configuration, saving 3-15
S
SC (standby command switch) 6-10
scheduled reloads 3-22
SCP
and SSH 9-52
configuring 9-53
SDM
templates
configuring 8-4
number of 8-1
SDM template
configuration guidelines 8-3
configuring 8-3
types of 8-1
Secure Copy Protocol
secure HTTP client
configuring 9-51
displaying 9-52
secure HTTP server
configuring 9-50
displaying 9-52
secure MAC addresses
and switch stacks 23-18
deleting 23-15
maximum number of 23-10
types of 23-9
secure ports
and switch stacks 23-18
secure ports, configuring 23-9
secure remote connections 9-42
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 23-8
security features 1-10
See SCP
sequence numbers in log messages 29-8
server mode, VTP 14-3
service-provider network, MSTP and RSTP 17-1
set-request operation 30-4
setup program
failed command switch replacement 38-11
replacing failed command switch 38-9
severity levels, defining in system messages 29-9
SFPs
monitoring status of 12-38, 38-14
security and identification 38-13
status, displaying 38-14
shaped round robin
See SRR
show access-lists hw-summary command 31-19
show and more command output, filtering 2-9
show cdp traffic command 25-6
show cluster members command 6-16
show configuration command 12-34
show forward command 38-22
show interfaces command 12-28, 12-34
show interfaces switchport 19-4
show lldp traffic command 26-11
show platform forward command 38-22
show platform tcam command 38-26, 38-27
show running-config command
displaying ACLs 31-17, 31-18
interface description in 12-34
shutdown command on interfaces 12-39
Simple Network Management Protocol
See SNMP
small form-factor pluggable modules
See SFPs
small-frame arrival rate, configuring 23-5
SNAP 25-1
SNMP
accessing MIB variables with 30-4
agent
described 30-4
disabling 30-7
and IP SLAs 32-2
authentication level 30-10
community strings
configuring 30-8
for cluster switches 30-4
overview 30-4
configuration examples 30-17
default configuration 30-6
engine ID 30-7
groups 30-7, 30-9
host 30-7
ifIndex values 30-5
in-band management 1-7
in clusters 6-14
informs
and trap keyword 30-12
described 30-5
differences from traps 30-5
disabling 30-15
enabling 30-15
limiting access by TFTP servers 30-16
limiting system log messages to NMS 29-10
manager functions 1-5, 30-3
managing clusters with 6-17
MIBs
location of B-4
supported B-1
notifications 30-5
overview 30-1, 30-4
security levels 30-3
setting CPU threshold notification 30-15
status, displaying 30-18
system contact and location 30-16
trap manager, configuring 30-13
traps
described 30-3, 30-5
differences from informs 30-5
disabling 30-15
enabling 30-12
enabling MAC address notification 5-23, 5-25, 5-26
overview 30-1, 30-4
types of 30-12
users 30-7, 30-9
versions supported 30-2
SNMP and Syslog Over IPv6 35-5
SNMPv1 30-2
SNMPv2C 30-2
SNMPv3 30-2
snooping, IGMP 22-2
software compatibility
See stacks, switch
software images
location in flash A-24
recovery procedures 38-2
scheduling reloads 3-23
tar file format, described A-24
See also downloading and uploading
source addresses
in IPv4 ACLs 31-10
source-and-destination-IP address based forwarding, EtherChannel 37-9
source-and-destination MAC address forwarding, EtherChannel 37-9
source-IP address based forwarding, EtherChannel 37-9
source-MAC address forwarding, EtherChannel 37-8
SPAN
and stack changes 27-10
configuration guidelines 27-11
default configuration 27-11
destination ports 27-8
displaying status 27-24
interaction with other features 27-9
monitored ports 27-6
monitoring ports 27-8
overview 1-15, 27-1
ports, restrictions 23-12
received traffic 27-5
sessions
configuring ingress forwarding 27-15, 27-22
creating 27-12
defined 27-4
limiting source traffic to specific VLANs 27-16
removing destination (monitoring) ports 27-13
specifying monitored ports 27-12
with ingress traffic enabled 27-14
source ports 27-6
transmitted traffic 27-6
VLAN-based 27-7
spanning tree and native VLANs 13-14
Spanning Tree Protocol
See STP
SPAN traffic 27-5
SRR
configuring
shaped weights on egress queues 33-76
shared weights on egress queues 33-77
shared weights on ingress queues 33-70
described 33-14
shaped mode 33-14
shared mode 33-14
support for 1-14
SSH
configuring 9-43
cryptographic software image 9-41
described 1-7, 9-42
encryption methods 9-42
switch stack considerations 7-14
user authentication methods, supported 9-42
SSL
configuration guidelines 9-49
configuring a secure HTTP client 9-51
configuring a secure HTTP server 9-50
cryptographic software image 9-46
described 9-46
monitoring 9-52
stack, switch
MAC address of 7-6, 7-17
stack changes, effects on
802.1x port-based authentication 10-12
ACL configuration 31-6
CDP 25-2
cross-stack EtherChannel 37-13
EtherChannel 37-10
IGMP snooping 22-6
IP routing 34-3
MAC address tables 5-22
MSTP 17-9
MVR 22-17
port security 23-18
SDM template selection 8-2
SNMP 30-1
SPAN and RSPAN 27-10
STP 16-12
switch clusters 6-14
system message log 29-2
VLANs 13-6
VTP 14-8
stack master
bridge ID (MAC address) 7-6
defined 7-1
election 7-5
IPv6 35-6
See also stacks, switch
stack member
accessing CLI of specific member 7-21
configuring
member number 7-19
priority value 7-20
defined 7-1
displaying information of 7-22
number 7-6
priority value 7-7
provisioning a new member 7-20
replacing 7-13
See also stacks, switch
stack member number 12-16
stack protocol version 7-9
stacks, switch
accessing CLI of specific member 7-21
assigning information
member number 7-19
priority value 7-20
provisioning a new member 7-20
auto-advise 7-11
auto-copy 7-10
auto-extract 7-10
auto-upgrade 7-10
bridge ID 7-6
CDP considerations 25-2
compatibility, software 7-9
configuration file 7-13
configuration scenarios 7-15
copying an image file from one member to another A-37
default configuration 7-17
description of 7-1
displaying information of 7-22
enabling persistent MAC address timer 7-17
in clusters 6-14
incompatible software and image upgrades 7-13, A-37
IPv6 on 35-6
MAC address considerations 5-22
management connectivity 7-14
managing 7-1
membership 7-3
merged 7-3
MSTP instances supported 16-10
offline configuration
described 7-7
effects of adding a provisioned switch 7-7
effects of removing a provisioned switch 7-9
effects of replacing a provisioned switch 7-9
provisioned configuration, defined 7-7
provisioned switch, defined 7-7
provisioning a new member 7-20
partitioned 7-3, 38-8
provisioned switch
adding 7-7
removing 7-9
replacing 7-9
replacing a failed member 7-13
software compatibility 7-9
software image version 7-9
stack protocol version 7-9
STP
bridge ID 16-3
instances supported 16-10
root port selection 16-3
stack root switch election 16-3
system messages
hostnames in the display 29-1
remotely monitoring 29-2
system prompt consideration 5-15
system-wide configuration considerations 7-13
upgrading A-37
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 7-10
examples 7-11
manual upgrades with auto-advise 7-11
upgrades with auto-extract 7-10
version-mismatch mode
described 7-10
See also stack master and stack member
standby command switch
configuring
considerations 6-11
defined 6-2
priority 6-10
requirements 6-3
virtual IP address 6-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby links 19-2
startup configuration
booting
manually 3-19
specific image 3-20
clearing A-19
configuration file
automatically downloading 3-18
specifying the filename 3-18
default boot configuration 3-18
static access ports
assigning to VLAN 13-9
defined 12-3, 13-3
static addresses
See addresses
static MAC addressing 1-10
static routes
configuring 34-5
configuring for IPv6 35-10
static VLAN membership 13-2
statistics
802.1X 11-17
802.1x 10-73
CDP 25-5
interface 12-38
LLDP 26-11
LLDP-MED 26-11
NMSP 26-11
QoS ingress and egress 33-79
RMON group Ethernet 28-5
RMON group history 28-5
SNMP input and output 30-18
VTP 14-18
sticky learning 23-9
storm control
configuring 23-3
described 23-1
disabling 23-5
displaying 23-18
support for 1-4
thresholds 23-2
STP
accelerating root port selection 18-4
BackboneFast
described 18-7
disabling 18-17
enabling 18-17
BPDU filtering
described 18-3
disabling 18-15
enabling 18-15
BPDU guard
described 18-2
disabling 18-14
enabling 18-14
BPDU message exchange 16-3
configuration guidelines 16-13, 18-12
configuring
forward-delay time 16-23
hello time 16-22
maximum aging time 16-23
path cost 16-20
port priority 16-18
root switch 16-16
secondary root switch 16-18
spanning-tree mode 16-15
switch priority 16-21
transmit hold-count 16-24
counters, clearing 16-24
cross-stack UplinkFast
described 18-5
enabling 18-17
default configuration 16-13
default optional feature configuration 18-12
designated port, defined 16-4
designated switch, defined 16-4
detecting indirect link failures 18-8
disabling 16-16
displaying status 16-24
EtherChannel guard
described 18-10
disabling 18-18
enabling 18-18
extended system ID
effects on root switch 16-16
effects on the secondary root switch 16-18
overview 16-4
unexpected behavior 16-16
features supported 1-8
IEEE 802.1D and bridge ID 16-4
IEEE 802.1D and multicast addresses 16-9
IEEE 802.1t and VLAN identifier 16-5
inferior BPDU 16-3
instances supported 16-10
interface state, blocking to forwarding 18-2
interface states
blocking 16-6
disabled 16-7
forwarding 16-6, 16-7
learning 16-7
listening 16-7
overview 16-5
interoperability and compatibility among modes 16-11
limitations with IEEE 802.1Q trunks 16-11
load sharing
overview 13-19
using path costs 13-21
using port priorities 13-19
loop guard
described 18-11
enabling 18-19
modes supported 16-10
multicast addresses, effect of 16-9
optional features supported 1-8
overview 16-2
path costs 13-21, 13-22
Port Fast
described 18-2
enabling 18-13
port priorities 13-20
preventing root switch selection 18-10
protocols supported 16-10
redundant connectivity 16-8
root guard
described 18-10
enabling 18-18
root port, defined 16-3
root port selection on a switch stack 16-3
root switch
configuring 16-16
effects of extended system ID 16-4, 16-16
election 16-3
unexpected behavior 16-16
shutdown Port Fast-enabled port 18-2
stack changes, effects of 16-12
status, displaying 16-24
superior BPDU 16-3
timers, described 16-22
UplinkFast
described 18-3
enabling 18-16
stratum, NTP 5-3
subnet mask 34-4
success response, VMPS 13-23
summer time 5-14
SunNet Manager 1-5
supported port-based authentication methods 10-8
SVIs
and IP unicast routing 34-3
and router ACLs 31-4
connecting VLANs 12-10
defined 12-4
switch 35-2
switch clustering technology 6-1
See also clusters, switch
switch console port 1-7
Switch Database Management
See SDM
Switched Port Analyzer
See SPAN
switched ports 12-2
switchport backup interface 19-4, 19-5
switchport block multicast command 23-8
switchport block unicast command 23-8
switchport protected command 23-7
switch priority
MSTP 17-24
STP 16-21
switch software features 1-1
switch virtual interface
See SVI
syslog
See system message logging
system capabilities TLV 26-2
system clock
configuring
daylight saving time 5-14
manually 5-12
summer time 5-14
time zones 5-13
displaying the time and date 5-13
overview 5-2
See also NTP
system description TLV 26-2
system message logging
default configuration 29-4
defining error message severity levels 29-9
disabling 29-4
displaying the configuration 29-14
enabling 29-5
facility keywords, described 29-14
level keywords, described 29-10
limiting messages 29-10
message format 29-2
overview 29-1
sequence numbers, enabling and disabling 29-8
setting the display destination device 29-5
stack changes, effects of 29-2
synchronizing log messages 29-6
syslog facility 1-15
time stamps, enabling and disabling 29-8
UNIX syslog servers
configuring the daemon 29-13
configuring the logging facility 29-13
facilities supported 29-14
system name
default configuration 5-16
default setting 5-16
manual configuration 5-16
See also DNS
system name TLV 26-2
system prompt, default setting 5-15, 5-16
system resources, optimizing 8-1
T
TACACS+
accounting, defined 9-11
authentication, defined 9-11
authorization, defined 9-11
configuring
accounting 9-17
authentication key 9-13
authorization 9-16
login authentication 9-14
default configuration 9-13
displaying the configuration 9-18
identifying the server 9-13
in clusters 6-16
limiting the services to the user 9-16
operation of 9-12
overview 9-10
support for 1-12
tracking services accessed by user 9-17
tar files
creating A-6
displaying the contents of A-7
extracting A-7
image file format A-24
TCAM
memory consistency check errors
displaying 38-27
example 38-27
memory consistency check routines 1-5, 38-26
memory consistency integrity 1-5, 38-26
portions 38-27
space
HFTM 38-26
HQATM 38-26
unassigned 38-26
TDR 1-16
Telnet
accessing management interfaces 2-10
number of connections 1-7
setting a password 9-6
temporary self-signed certificate 9-47
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 9-6
ternary content addressable memory
See TCAM
TFTP
configuration files
downloading A-11
preparing the server A-11
uploading A-12
configuration files in base directory 3-7
configuring for autoconfiguration 3-7
image files
deleting A-27
downloading A-26
preparing the server A-25
uploading A-28
limiting access by servers 30-16
TFTP server 1-6
threshold, traffic level 23-2
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 31-15
time ranges in ACLs 31-15
time stamps in log messages 29-8
time zones 5-13
TLVs
defined 26-2
LLDP 26-2
LLDP-MED 26-2
Token Ring VLANs
support for 13-5
VTP support 14-5
ToS 1-13
traceroute, Layer 2
and ARP 38-16
and CDP 38-16
broadcast traffic 38-15
described 38-15
IP addresses and subnets 38-16
MAC addresses and VLANs 38-16
multicast traffic 38-16
multiple devices on a port 38-16
unicast traffic 38-15
usage guidelines 38-16
traceroute command 38-18
See also IP traceroute
traffic
blocking flooded 23-8
fragmented 31-4
unfragmented 31-4
traffic policing 1-14
traffic suppression 23-2
transmit hold-count
see STP
transparent mode, VTP 14-4
trap-door mechanism 3-2
traps
configuring MAC address notification 5-23, 5-25, 5-26
configuring managers 30-12
defined 30-3
enabling 5-23, 5-25, 5-26, 30-12
notification types 30-12
overview 30-1, 30-4
troubleshooting
connectivity problems 38-14, 38-15, 38-17
CPU utilization 38-28
detecting unidirectional links 24-1
displaying crash information 38-23
setting packet forwarding 38-22
SFP security and identification 38-13
show forward command 38-22
with CiscoWorks 30-4
with debug commands 38-20
with ping 38-14
with system message logging 29-1
with traceroute 38-17
trunk failover
See link-state tracking
trunking encapsulation 1-9
trunk ports
configuring 13-16
defined 12-3, 13-3
trunks
allowed-VLAN list 13-17
load sharing
setting STP path costs 13-21
using STP port priorities 13-19, 13-20
native VLAN for untagged traffic 13-18
parallel 13-21
pruning-eligible list 13-18
to non-DTP device 13-13
trusted boundary for QoS 33-43
trusted port states
between QoS domains 33-45
classification options 33-5
ensuring port security for IP phones 33-43
support for 1-13
within a QoS domain 33-40
trustpoints, CA 9-46
twisted-pair Ethernet, detecting unidirectional links 24-1
type of service
See ToS
U
UDLD
configuration guidelines 24-4
default configuration 24-4
disabling
globally 24-5
on fiber-optic interfaces 24-5
per interface 24-6
echoing detection mechanism 24-3
enabling
globally 24-5
per interface 24-6
link-detection mechanism 24-1
neighbor database 24-2
overview 24-1
resetting an interface 24-6
status, displaying 24-7
support for 1-8
unauthorized ports with IEEE 802.1x 10-11
unicast MAC address filtering 1-6
and adding static addresses 5-28
and broadcast MAC addresses 5-28
and CPU packets 5-28
and multicast addresses 5-28
and router MAC addresses 5-28
configuration guidelines 5-28
described 5-28
unicast storm 23-1
unicast storm control command 23-4
unicast traffic, blocking 23-8
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 29-13
facilities supported 29-14
message logging configuration 29-13
unrecognized Type-Length-Value (TLV) support 14-5
upgrading a Catalyst 2950 switch
configuration compatibility issues D-1
differences in configuration commands D-1
feature behavior incompatibilities D-5
incompatible command messages D-1
recommendations D-1
upgrading software images
See downloading
UplinkFast
described 18-3
disabling 18-16
enabling 18-16
support for 1-8
uploading
configuration files
preparing A-11, A-13, A-16
reasons for A-9
using FTP A-15
using RCP A-18
using TFTP A-12
image files
preparing A-25, A-29, A-33
reasons for A-23
using FTP A-32
using RCP A-36
using TFTP A-28
USB mini-Type B console port 12-11
USB Type A port 1-8
user EXEC mode 2-2
username-based authentication 9-7
V
version-dependent transparent mode 14-5
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 7-10
manual upgrades with auto-advise 7-11
upgrades with auto-extract 7-10
version-mismatch mode
described 7-10
virtual IP address
cluster standby group 6-11
command switch 6-11
virtual switches and PAgP 37-6
vlan.dat file 13-4
VLAN 1, disabling on a trunk port 13-17
VLAN 1 minimization 13-17
vlan-assignment response, VMPS 13-23
VLAN configuration
at bootup 13-7
saving 13-7
VLAN configuration mode 2-2
VLAN database
and startup configuration file 13-7
and VTP 14-1
VLAN configuration saved in 13-7
VLANs saved in 13-4
VLAN filtering and SPAN 27-7
vlan global configuration command 13-6
VLAN ID, discovering 5-31
VLAN load balancing on flex links 19-3
configuration guidelines 19-8
VLAN management domain 14-2
VLAN Management Policy Server
See VMPS
VLAN membership
confirming 13-26
modes 13-3
VLAN Query Protocol
See VQP
VLANs
adding 13-8
adding to VLAN database 13-8
aging dynamic addresses 16-9
allowed on trunk 13-17
and spanning-tree instances 13-3, 13-6, 13-11
configuration guidelines, extended-range VLANs 13-11
configuration guidelines, normal-range VLANs 13-6
configuring 13-1
configuring IDs 1006 to 4094 13-11
connecting through SVIs 12-10
creating 13-8
default configuration 13-7
deleting 13-9
described 12-2, 13-1
displaying 13-13
extended-range 13-1, 13-10
features 1-9
illustrated 13-2
in the switch stack 13-6
limiting source traffic with RSPAN 27-23
limiting source traffic with SPAN 27-16
modifying 13-8
multicast 22-17
native, configuring 13-18
normal-range 13-1, 13-4
number supported 1-9
parameters 13-5
port membership modes 13-3
static-access ports 13-9
STP and IEEE 802.1Q trunks 16-11
supported 13-2
Token Ring 13-5
traffic between 13-2
VTP modes 14-3
VLAN Trunking Protocol
See VTP
VLAN trunks 13-13
VMPS
administering 13-27
configuration example 13-28
configuration guidelines 13-24
default configuration 13-24
description 13-22
dynamic port membership
described 13-23
reconfirming 13-26
troubleshooting 13-28
entering server address 13-25
mapping MAC addresses to VLANs 13-23
monitoring 13-27
reconfirmation interval, changing 13-26
reconfirming membership 13-26
retry count, changing 13-27
voice aware 802.1x security
port-based authentication
configuring 10-42
described 10-33, 10-42
voice-over-IP 15-1
voice VLAN
Cisco 7960 phone, port connections 15-1
configuration guidelines 15-3
configuring IP phones for data traffic
override CoS of incoming frame 15-6
trust CoS priority of incoming frame 15-6
configuring ports for voice traffic in
802.1p priority tagged frames 15-5
802.1Q frames 15-5
connecting to an IP phone 15-4
default configuration 15-3
described 15-1
displaying 15-7
IP phone data traffic, described 15-2
IP phone voice traffic, described 15-2
VQP 1-9, 13-22
VTP
adding a client to a domain 14-17
advertisements 13-15, 14-4
and extended-range VLANs 13-2, 14-2
and normal-range VLANs 13-2, 14-2
client mode, configuring 14-13
configuration
guidelines 14-9
requirements 14-11
saving 14-9
configuration requirements 14-11
configuration revision number
guideline 14-17
resetting 14-17
consistency checks 14-5
default configuration 14-9
described 14-1
domain names 14-10
domains 14-2
modes
client 14-3
off 14-4
server 14-3
transitions 14-3
transparent 14-4
monitoring 14-18
passwords 14-10
pruning
disabling 14-16
enabling 14-16
examples 14-7
overview 14-6
support for 1-9
pruning-eligible list, changing 13-18
server mode, configuring 14-11, 14-14
statistics 14-18
support for 1-9
Token Ring support 14-5
transparent mode, configuring 14-12
using 14-1
Version
enabling 14-15
version, guidelines 14-10
Version 1 14-5
Version 2
configuration guidelines 14-10
overview 14-5
Version 3
overview 14-5
W
web authentication 10-18
configuring 11-16 to ??
described 1-10
web-based authentication
customizeable web pages 11-6
description 11-1
web-based authentication, interactions with other features 11-7
weighted tail drop
See WTD
wired location service
configuring 26-9
displaying 26-11
location TLV 26-3
understanding 26-3
wizards 1-2
WTD
described 33-13
setting thresholds
egress queue-sets 33-72
ingress queues 33-67
support for 1-14
X
Xmodem protocol 38-2