Index A
abbreviating commands 2-3
AC (command switch) 6-9
access-class command 31-18
access control entries
See ACEs
access control entry (ACE) 37-3
access-denied response, VMPS 13-24
access groups
Layer 3 31-19
access groups, applying IPv4 ACLs to interfaces 31-19
accessing
clusters, switch 6-12
command switches 6-10
member switches 6-12
switch clusters 6-12
accessing stack members 7-22
access lists
See ACLs
access ports
in switch clusters 6-8
access ports, defined 12-3
accounting
with 802.1x 10-51
with IEEE 802.1x 10-16
with RADIUS 9-35
with TACACS+ 9-11, 9-17
ACEs
and QoS 33-8
defined 31-2
Ethernet 31-2
IP 31-2
ACLs
ACEs 31-2
any keyword 31-10
applying
time ranges to 31-15
to an interface 31-18, 37-7
to IPv6 interfaces 37-7
to QoS 33-8
classifying traffic for QoS 33-50
comments in 31-17
compiling 31-21
defined 31-1, 31-7
examples of 31-21, 33-50
extended IP, configuring for QoS classification 33-51
extended IPv4
creating 31-9
matching criteria 31-7
hardware and software handling 31-20
host keyword 31-11
IP
creating 31-7
fragments and QoS guidelines 33-40
implicit deny 31-9, 31-13, 31-14
implicit masks 31-9
matching criteria 31-7
undefined 31-19
IPv4
applying to interfaces 31-18
creating 31-7
matching criteria 31-7
named 31-13
numbers 31-7
terminal lines, setting on 31-18
unsupported features 31-6
IPv6
applying to interfaces 37-7
configuring 37-3, 37-4
displaying 37-8
interactions with other features 37-4
limitations 37-2, 37-3
matching criteria 37-3
named 37-2
precedence of 37-2
supported 37-2
unsupported features 37-3
MAC extended 31-23, 33-52
matching 31-7, 31-19, 37-3
monitoring 31-26, 37-8
named, IPv4 31-13
named, IPv6 37-2
names 37-4
number per QoS class map 33-40
port 31-2, 37-1
precedence of 31-2
QoS 33-8, 33-50
resequencing entries 31-13
router 31-2, 37-1
standard IP, configuring for QoS classification 33-50
standard IPv4
creating 31-8
matching criteria 31-7
support for 1-10
support in hardware 31-20
time ranges 31-15
types supported 31-2
unsupported features, IPv4 31-6
unsupported features, IPv6 37-3
active link 19-4, 19-5, 19-6
active links 19-2
active traffic monitoring, IP SLAs 32-1
address aliasing 21-2
addresses
displaying the MAC address table 5-24
dynamic
accelerated aging 16-9
changing the aging time 5-15
default aging 16-9
defined 5-13
learning 5-14
removing 5-16
IPv6 35-2
MAC, discovering 5-24
multicast, STP address management 16-9
static
adding and removing 5-20
defined 5-13
address resolution 5-24
Address Resolution Protocol
See ARP
advertisements
CDP 25-1
LLDP 26-2
VTP 13-15, 14-3, 14-4
aggregatable global unicast addresses 35-3
aggregated ports
See EtherChannel
aggregate policers 33-60
aggregate policing 1-14
aging, accelerating 16-9
aging time
accelerated
for MSTP 17-24
for STP 16-9, 16-23
MAC address table 5-15
maximum
for MSTP 17-25
for STP 16-23, 16-24
alarms, RMON 28-4
allowed-VLAN list 13-17
ARP
defined 1-6, 5-24
table
address resolution 5-24
managing 5-24
attributes, RADIUS
vendor-proprietary 9-38
vendor-specific 9-37
attribute-value pairs 10-13, 10-16, 10-21, 10-22
authentication
local mode with AAA 9-41
open1x 10-31
RADIUS
key 9-27
login 9-30
TACACS+
defined 9-11
key 9-13
login 9-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 10-8
authentication failed VLAN
See restricted VLAN
authentication manager
CLI commands 10-9
compatibility with older 802.1x CLI commands 10-9 to ??
overview 10-7
authoritative time source, described 5-3
authorization
with RADIUS 9-34
with TACACS+ 9-11, 9-16
authorized ports with IEEE 802.1x 10-10
autoconfiguration 3-3
auto enablement 10-32
automatic advise (auto-advise) in switch stacks 7-11
automatic copy (auto-copy) in switch stacks 7-11
automatic discovery
considerations
beyond a noncandidate device 6-8
brand new switches 6-8
connectivity 6-5
different VLANs 6-7
management VLANs 6-7
non-CDP-capable devices 6-6
noncluster-capable devices 6-6
in switch clusters 6-5
See also CDP
automatic extraction (auto-extract) in switch stacks 7-11
automatic QoS
See QoS
automatic recovery, clusters 6-9
See also HSRP
automatic upgrades (auto-upgrade) in switch stacks 7-11
auto-MDIX
configuring 12-30
described 12-30
autonegotiation
duplex mode 1-4
interface configuration guidelines 12-27
mismatches 39-12
Auto-QoS video devices 1-14
autosensing, port speed 1-4
auxiliary VLAN
See voice VLAN
availability, features 1-8
B
BackboneFast
described 18-7
disabling 18-17
enabling 18-17
support for 1-8
backup interfaces
See Flex Links
backup links 19-2
banners
configuring
login 5-13
message-of-the-day login 5-12
default configuration 5-11
when displayed 5-11
Berkeley r-tools replacement 9-52
binding database
DHCP snooping
See DHCP snooping binding database
bindings
DHCP snooping database 20-6
IP source guard 20-13
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 23-7
booting
boot loader, function of 3-1
boot process 3-1
manually 3-19
specific image 3-20
boot loader
accessing 3-21
described 3-1
environment variables 3-21
prompt 3-21
trap-door mechanism 3-2
BPDU
error-disabled state 18-2
filtering 18-3
RSTP format 17-12
BPDU filtering
described 18-3
disabling 18-15
enabling 18-14
support for 1-8
BPDU guard
described 18-2
disabling 18-14
enabling 18-13
support for 1-8
bridge protocol data unit
See BPDU
broadcast storm-control command 23-4
broadcast storms 23-1
C
cables, monitoring for unidirectional links 24-1
candidate switch
automatic discovery 6-5
defined 6-4
requirements 6-4
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility 10-8
CA trustpoint
configuring 9-49
defined 9-47
CDP
and trusted boundary 33-45
automatic discovery in switch clusters 6-5
configuring 25-2
default configuration 25-2
defined with LLDP 26-1
described 25-1
disabling for routing device 25-4
enabling and disabling
on an interface 25-4
on a switch 25-4
monitoring 25-5
overview 25-1
power negotiation extensions 12-5
support for 1-6
switch stack considerations 25-2
transmission timer and holdtime, setting 25-3
updates 25-3
CGMP
as IGMP snooping learning method 21-9
joining multicast group 21-3
CipherSuites 9-48
Cisco 7960 IP Phone 15-1
Cisco Discovery Protocol
See CDP
Cisco intelligent power management 12-5
Cisco IOS File System
See IFS
Cisco IOS IP SLAs 32-1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 10-22
attribute-value pairs for redirect URL 10-21
Cisco Secure ACS configuration guide 10-61
CiscoWorks 2000 1-5, 30-5
CISP 10-32
CIST regional root
See MSTP
CIST root
See MSTP
civic location 26-3
class maps for QoS
configuring 33-53
described 33-8
displaying 33-81
class of service
See CoS
clearing interfaces 12-41
CLI
abbreviating commands 2-3
command modes 2-1
configuration logging 2-4
described 1-5
editing features
enabling and disabling 2-6
keystroke editing 2-7
wrapped lines 2-8
error messages 2-4
filtering command output 2-9
getting help 2-3
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
managing clusters 6-15
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client mode, VTP 14-3
clock
See system clock
clusters, switch
accessing 6-12
automatic discovery 6-5
automatic recovery 6-9
benefits 1-1
compatibility 6-4
described 6-1
LRE profile considerations 6-15
managing
through CLI 6-15
through SNMP 6-16
planning 6-4
planning considerations
automatic discovery 6-5
automatic recovery 6-9
CLI 6-15
host names 6-12
IP addresses 6-12
LRE profiles 6-15
passwords 6-13
RADIUS 6-15
SNMP 6-13, 6-16
switch stacks 6-13
TACACS+ 6-15
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
automatic recovery 6-11
considerations 6-10
defined 6-2
requirements 6-3
virtual IP address 6-10
See also HSRP
CNS 1-6
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-7
management functions 1-6
CoA Request Commands 9-23
Coarse Wave Division Multiplexer
See CWDM SFPs
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-3
no and default 2-4
commands, setting privilege levels 9-8
command switch
accessing 6-10
active (AC) 6-9
configuration conflicts 39-12
defined 6-2
passive (PC) 6-9
password privilege levels 6-16
priority 6-9
recovery
from command-switch failure 6-9, 39-8
from lost member connectivity 39-12
redundant 6-9
replacing
with another switch 39-11
with cluster member 39-9
requirements 6-3
standby (SC) 6-9
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
configuring 6-13, 30-8
for cluster switches 30-4
in clusters 6-13
overview 30-4
SNMP 6-13
compatibility, feature 23-12
compatibility, software
See stacks, switch
config.text 3-18
configurable leave timer, IGMP 21-6
configuration, initial
defaults 1-16
Express Setup 1-1
configuration changes, logging 29-11
configuration conflicts, recovering from lost member connectivity 39-12
configuration examples, network 1-18
configuration files
archiving A-20
clearing the startup configuration A-19
creating using a text editor A-10
default name 3-18
deleting a stored configuration A-19
described A-8
downloading
automatically 3-18
preparing A-11, A-13, A-16
reasons for A-8
using FTP A-13
using RCP A-17
using TFTP A-11
guidelines for creating and using A-9
guidelines for replacing and rolling back A-21
invalid combinations when copying A-5
limiting TFTP server access 30-17
obtaining with DHCP 3-8
password recovery disable considerations 9-5
replacing a running configuration A-19, A-20
rolling back a running configuration A-19, A-21
specifying the filename 3-18
system contact and location information 30-17
types and location A-10
uploading
preparing A-11, A-13, A-16
reasons for A-9
using FTP A-15
using RCP A-18
using TFTP A-12
configuration logger 29-11
configuration logging 2-4
configuration replacement A-19
configuration rollback A-19, A-20
configuration settings, saving 3-15
configure terminal command 12-17
configuring 802.1x user distribution 10-57
configuring port-based authentication violation modes 10-41
configuring small-frame arrival rate 23-5
conflicts, configuration 39-12
connections, secure remote 9-42
connectivity problems 39-14, 39-15, 39-17
consistency checks in VTP Version 2 14-5
console port, connecting to 2-10
control protocol, IP SLAs 32-4
corrupted software, recovery steps with Xmodem 39-2
CoS
in Layer 2 frames 33-2
override priority 15-6
trust priority 15-6
CoS input queue threshold map for QoS 33-16
CoS output queue threshold map for QoS 33-19
CoS-to-DSCP map for QoS 33-63
counters, clearing interface 12-41
CPU utilization, troubleshooting 39-28
crashinfo file 39-23
critical authentication, IEEE 802.1x 10-54
critical VLAN 10-24
critical voice VLAN
configuring 10-54
cross-stack EtherChannel
configuration guidelines 38-13
described 38-3
illustration 38-4
support for 1-8
cross-stack UplinkFast, STP
described 18-5
disabling 18-16
enabling 18-16
fast-convergence events 18-7
Fast Uplink Transition Protocol 18-6
normal-convergence events 18-7
support for 1-8
cryptographic software image
SSH 9-42
SSL 9-46
switch stack considerations 7-15
customjzeable web pages, web-based authentication 11-6
CWDM SFPs 1-24
D
DACL
See downloadable ACL
daylight saving time 5-7
debugging
enabling all system diagnostics 39-21
enabling for a specific feature 39-20
redirecting error message output 39-21
using commands 39-20
default commands 2-4
default configuration
802.1x 10-35
auto-QoS 33-22
banners 5-11
CDP 25-2
DHCP 20-8
DHCP option 82 20-8
DHCP snooping 20-8
DHCP snooping binding database 20-8
DNS 5-10
dynamic ARP inspection 22-5
EtherChannel 38-11
Ethernet interfaces 12-24
Flex Links 19-8
IGMP filtering 21-25
IGMP snooping 21-7, 36-6
IGMP throttling 21-25
initial switch information 3-3
IP SLAs 32-5
IP source guard 20-15
IPv6 35-7
Layer 2 interfaces 12-24
LLDP 26-5
MAC address table 5-15
MAC address-table move update 19-8
MSTP 17-14
MVR 21-20
optional spanning-tree configuration 18-12
password and privilege level 9-2
RADIUS 9-27
RMON 28-3
RSPAN 27-10
SDM template 8-4
SNMP 30-7
SPAN 27-10
SSL 9-49
standard QoS 33-38
STP 16-13
switch stacks 7-17
system message logging 29-4
system name and prompt 5-9
TACACS+ 9-13
UDLD 24-4
VLAN, Layer 2 Ethernet interfaces 13-15
VLANs 13-7
VMPS 13-25
voice VLAN 15-3
VTP 14-9
default gateway 3-14
default web-based authentication configuration
802.1X 11-9
deleting VLANs 13-9
denial-of-service attack 23-1
description command 12-37
designing your network, examples 1-18
destination addresses
in IPv4 ACLs 31-10
in IPv6 ACLs 37-5
destination-IP address-based forwarding, EtherChannel 38-9
destination-MAC address forwarding, EtherChannel 38-9
detecting indirect link failures, STP 18-8
device A-24
device discovery protocol 25-1, 26-1
device manager
benefits 1-1
described 1-2, 1-5
in-band management 1-7
upgrading a switch A-24
DHCP
enabling
relay agent 20-9
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-7
relay device 3-7
server side 3-6
TFTP server 3-7
example 3-9
lease options
for IP address information 3-6
for receiving the configuration file 3-6
overview 3-3
relationship to BOOTP 3-3
relay support 1-6
support for 1-6
DHCP-based autoconfiguration and image update
configuring 3-11 to 3-14
understanding 3-5
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 20-5
configuration guidelines 20-8
default configuration 20-8
displaying 20-12
overview 20-3
packet format, suboption
circuit ID 20-5
remote ID 20-5
remote ID suboption 20-5
DHCP server port-based address allocation
configuration guidelines 20-21
default configuration 20-21
described 20-21
displaying 20-24
enabling 20-21
reserved addresses 20-22
DHCP server port-based address assignment
support for 1-6
DHCP snooping
accepting untrusted packets form edge switch 20-3, 20-10
binding database
See DHCP snooping binding database
configuration guidelines 20-8
default configuration 20-8
displaying binding tables 20-12
message exchange process 20-4
option 82 data insertion 20-3
trusted interface 20-2
untrusted interface 20-2
untrusted messages 20-2
DHCP snooping binding database
adding bindings 20-11
binding entries, displaying 20-12
binding file
format 20-6
location 20-6
bindings 20-6
clearing agent statistics 20-12
configuration guidelines 20-9
configuring 20-11
default configuration 20-8
deleting
binding file 20-12
bindings 20-12
database agent 20-12
described 20-6
displaying 20-12
displaying status and statistics 20-12
enabling 20-11
entry 20-6
renewing database 20-12
resetting
delay value 20-12
timeout value 20-12
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 33-2
Differentiated Services Code Point 33-2
directed unicast requests 1-6
directories
changing A-4
creating and removing A-4
displaying the working A-4
discovery, clusters
See automatic discovery
DNS
and DHCP-based autoconfiguration 3-7
default configuration 5-10
displaying the configuration 5-11
in IPv6 35-3
overview 5-9
setting up 5-10
support for 1-6
domain names
DNS 5-9
VTP 14-10
Domain Name System
See DNS
downloadable ACL 10-20, 10-22, 10-61
downloading
configuration files
preparing A-11, A-13, A-16
reasons for A-8
using FTP A-13
using RCP A-17
using TFTP A-11
image files
deleting old image A-28
preparing A-26, A-30, A-34
reasons for A-24
using CMS 1-2
using FTP A-31
using HTTP 1-2, A-24
using RCP A-35
using TFTP A-27
using the device manager or Network Assistant A-24
DRP
support for 1-15
DSCP 1-13, 33-2
DSCP input queue threshold map for QoS 33-16
DSCP output queue threshold map for QoS 33-19
DSCP-to-CoS map for QoS 33-66
DSCP-to-DSCP-mutation map for QoS 33-67
DSCP transparency 33-46
DTP 1-9, 13-14
dual-action detection 38-6
dual IPv4 and IPv6 templates 35-5
dual protocol stacks
IPv4 and IPv6 35-5
SDM templates supporting 35-5
dual-purpose uplinks
defined 12-4
LEDs 12-5
link selection 12-4, 12-25
setting the type 12-25
dynamic access ports
characteristics 13-4
configuring 13-26
defined 12-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 22-1
ARP requests, described 22-1
ARP spoofing attack 22-1
clearing
log buffer 22-16
statistics 22-16
configuration guidelines 22-6
configuring
ACLs for non-DHCP environments 22-9
in DHCP environments 22-7
log buffer 22-13
rate limit for incoming ARP packets 22-4, 22-11
default configuration 22-5
denial-of-service attacks, preventing 22-11
described 22-1
DHCP snooping binding database 22-2
displaying
ARP ACLs 22-15
configuration and operating state 22-15
log buffer 22-16
statistics 22-16
trust state and rate limit 22-15
error-disabled state for exceeding rate limit 22-4
function of 22-2
interface trust states 22-3
log buffer
clearing 22-16
configuring 22-13
displaying 22-16
logging of dropped packets, described 22-5
man-in-the middle attack, described 22-2
network security issues and interface trust states 22-3
priority of ARP ACLs and DHCP snooping entries 22-4
rate limiting of ARP packets
configuring 22-11
described 22-4
error-disabled state 22-4
statistics
clearing 22-16
displaying 22-16
validation checks, performing 22-12
dynamic auto trunking mode 13-14
dynamic desirable trunking mode 13-14
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 13-24
reconfirming 13-27
troubleshooting 13-29
types of connections 13-26
Dynamic Trunking Protocol
See DTP
E
editing features
enabling and disabling 2-6
keystrokes used 2-7
wrapped lines 2-8
elections
See stack master
ELIN location 26-3
enable password 9-3
enable secret password 9-3
encryption, CipherSuite 9-48
encryption for passwords 9-3
environment variables, function of 3-22
error-disabled state, BPDU 18-2
error messages during command entry 2-4
EtherChannel
automatic creation of 38-5, 38-7
channel groups
binding physical and logical interfaces 38-4
numbering of 38-4
configuration guidelines 38-12
configuring Layer 2 interfaces 38-13
default configuration 38-11
described 38-2
displaying status 38-21
forwarding methods 38-8, 38-16
IEEE 802.3ad, described 38-7
interaction
with STP 38-12
with VLANs 38-12
LACP
described 38-7
displaying status 38-21
hot-standby ports 38-18
interaction with other features 38-8
modes 38-7
port priority 38-19
system priority 38-19
load balancing 38-8, 38-16
PAgP
aggregate-port learners 38-16
compatibility with Catalyst 1900 38-17
described 38-5
displaying status 38-21
interaction with other features 38-7
interaction with virtual switches 38-6
learn method and priority configuration 38-16
modes 38-6
support for 1-4
with dual-action detection 38-6
port-channel interfaces
described 38-4
numbering of 38-4
port groups 12-4
stack changes, effects of 38-10
support for 1-4
EtherChannel guard
described 18-10
disabling 18-17
enabling 18-17
Ethernet management port
active link 12-22
and routing 12-22
and TFTP 12-23
configuring 12-23
default setting 12-22
described 12-21
for network management 12-21
specifying 12-23
supported features 12-22
unsupported features 12-23
Ethernet management port, internal
and routing 12-22
unsupported features 12-23
Ethernet VLANs
adding 13-8
defaults and ranges 13-8
modifying 13-8
EUI 35-3
events, RMON 28-4
examples
network configuration 1-18
expedite queue for QoS 33-80
Express Setup 1-1
See also getting started guide
extended crashinfo file 39-23
extended-range VLANs
configuration guidelines 13-11
configuring 13-11
creating 13-12
defined 13-1
extended system ID
MSTP 17-18
STP 16-4, 16-16
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 10-1
F
fa0 interface 1-7
Fa0 port
See Ethernet management port
failover support 1-8
Fast Convergence 19-3
fastethernet0 port
See Ethernet management port
Fast Uplink Transition Protocol 18-6
features, incompatible 23-12
fiber-optic, detecting unidirectional links 24-1
files
basic crashinfo
description 39-23
location 39-23
copying A-5
crashinfo, description 39-23
deleting A-5
displaying the contents of A-8
extended crashinfo
description 39-24
location 39-24
tar
creating A-6
displaying the contents of A-7
extracting A-7
image file format A-25
file system
displaying available file systems A-2
displaying file information A-3
local file system names A-1
network file system names A-5
setting the default A-3
filtering
IPv6 traffic 37-3, 37-7
non-IP traffic 31-23
show and more command output 2-9
filtering show and more command output 2-9
filters, IP
See ACLs, IP
flash device, number of A-1
flexible authentication ordering
configuring 10-64
overview 10-30
Flex Link Multicast Fast Convergence 19-3
Flex Links
configuration guidelines 19-8
configuring 19-9
configuring preferred VLAN 19-12
configuring VLAN load balancing 19-11
default configuration 19-8
description 19-2
link load balancing 19-3
monitoring 19-14
VLANs 19-3
flooded traffic, blocking 23-8
flow-based packet classification 1-13
flowcharts
QoS classification 33-7
QoS egress queueing and scheduling 33-18
QoS ingress queueing and scheduling 33-15
QoS policing and marking 33-11
flowcontrol
configuring 12-29
described 12-29
forward-delay time
MSTP 17-24
STP 16-23
FTP
configuration files
downloading A-13
overview A-12
preparing the server A-13
uploading A-15
image files
deleting old image A-32
downloading A-31
preparing the server A-30
uploading A-32
G
general query 19-5
Generating IGMP Reports 19-4
get-bulk-request operation 30-4
get-next-request operation 30-3, 30-5
get-request operation 30-3, 30-4, 30-5
get-response operation 30-4
Gigabit modules
See SFPs
global configuration mode 2-2
global leave, IGMP 21-13
guest VLAN and 802.1x 10-22
guide mode 1-2
GUIs
See device manager and Network Assistant
H
hello time
MSTP 17-24
STP 16-22
help, for the command line 2-3
HFTM space 39-26
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 29-10
host names, in clusters 6-12
hosts, limit on dynamic ports 13-29
HP OpenView 1-5
HQATM space 39-26
HSRP
automatic cluster recovery 6-11
cluster standby group considerations 6-10
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
see HTTPS
HTTPS 9-46
configuring 9-50
self-signed certificate 9-47
HTTP secure server 9-46
Hulc Forwarding TCAM Manager
See HFTM space
Hulc QoS/ACL TCAM Manager
See HQATM space
I
ICMP
IPv6 35-3
time-exceeded messages 39-17
traceroute and 39-17
unreachable messages and IPv6 37-4
ICMP ping
executing 39-15
overview 39-14
ICMPv6 35-3
IDS appliances
and ingress RSPAN 27-21
and ingress SPAN 27-14
IEEE 802.1D
See STP
IEEE 802.1p 15-1
IEEE 802.1Q
and trunk ports 12-3
configuration limitations 13-15
encapsulation 13-14
native VLAN for untagged traffic 13-19
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3ad, PoE+ 1-15, 12-6
IEEE 802.3af
See PoE
IEEE 802.3x flow control 12-29
ifIndex values, SNMP 30-6
IFS 1-6
IGMP
configurable leave timer
described 21-6
enabling 21-11
flooded multicast traffic
controlling the length of time 21-12
disabling on an interface 21-13
global leave 21-13
query solicitation 21-13
recovering from flood mode 21-13
joining multicast group 21-3
join messages 21-3
leave processing, enabling 21-10, 36-9
leaving multicast group 21-5
queries 21-4
report suppression
described 21-6
disabling 21-16, 36-11
supported versions 21-3
support for 1-4
IGMP filtering
configuring 21-25
default configuration 21-25
described 21-24
monitoring 21-29
support for 1-5
IGMP groups
configuring filtering 21-28
setting the maximum number 21-27
IGMP Immediate Leave
configuration guidelines 21-11
described 21-5
enabling 21-10
IGMP profile
applying 21-26
configuration mode 21-25
configuring 21-26
IGMP snooping
and address aliasing 21-2
and stack changes 21-6
configuring 21-7
default configuration 21-7, 36-6
definition 21-2
enabling and disabling 21-7, 36-7
global configuration 21-7
Immediate Leave 21-5
in the switch stack 21-6
method 21-8
monitoring 21-16, 36-11
querier
configuration guidelines 21-14
configuring 21-14
supported versions 21-3
support for 1-4
VLAN configuration 21-8
IGMP throttling
configuring 21-28
default configuration 21-25
described 21-24
displaying action 21-29
Immediate Leave, IGMP 21-5
enabling 36-9
inaccessible authentication bypass 10-24
support for multiauth ports 10-25
initial configuration
defaults 1-16
Express Setup 1-1
interface
number 12-16
range macros 12-19
interface command 12-16 to ??, 12-16 to 12-17
interface configuration mode 2-2
interfaces
auto-MDIX, configuring 12-30
configuration guidelines
duplex and speed 12-27
configuring
procedure 12-17
counters, clearing 12-41
default configuration 12-24
described 12-37
descriptive name, adding 12-37
displaying information about 12-40
flow control 12-29
management 1-5
monitoring 12-40
naming 12-37
physical, identifying 12-16
range of 12-18
restarting 12-41
shutting down 12-41
speed and duplex, configuring 12-28
status 12-40
supported 12-16
types of 12-1
interfaces range macro command 12-19
interface types 12-16
Internet Protocol version 6
See IPv6
inter-VLAN routing 34-1
Intrusion Detection System
See IDS appliances
inventory management TLV 26-3, 26-7
IP ACLs
for QoS classification 33-8
implicit deny 31-9, 31-13
implicit masks 31-9
named 31-13
undefined 31-19
IP addresses
128-bit 35-2
candidate or member 6-4, 6-12
classes of 34-4
cluster access 6-2
command switch 6-3, 6-10, 6-12
discovering 5-24
for IP routing 34-4
IPv6 35-2
redundant clusters 6-10
standby command switch 6-10, 6-12
See also IP information
ip igmp profile command 21-25
IP information
assigned
manually 3-14
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP phones
and QoS 15-1
automatic classification and queueing 33-21
configuring 15-4
ensuring port security with QoS 33-45
trusted boundary for QoS 33-45
IP Port Security for Static Hosts
on a Layer 2 access port 20-17
IP precedence 33-2
IP-precedence-to-DSCP map for QoS 33-64
IP protocols in ACLs 31-10
IP routing
disabling 34-4
enabling 34-4
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 32-1
IP SLAs
benefits 32-2
configuration guidelines 32-5
Control Protocol 32-4
default configuration 32-5
definition 32-1
measuring network performance 32-3
monitoring 32-6
operation 32-3
responder
described 32-4
enabling 32-6
response time 32-4
SNMP support 32-2
supported metrics 32-2
IP source guard
and 802.1x 20-15
and DHCP snooping 20-13
and EtherChannels 20-15
and port security 20-15
and private VLANs 20-15
and routed ports 20-15
and TCAM entries 20-15
and trunk interfaces 20-15
and VRF 20-15
binding configuration
automatic 20-13
manual 20-13
binding table 20-13
configuration guidelines 20-15
default configuration 20-15
described 20-13
disabling 20-16
displaying
active IP or MAC bindings 20-20
bindings 20-20
configuration 20-20
enabling 20-16, 20-17
filtering
source IP address 20-13
source IP and MAC address 20-13
on provisioned switches 20-15
source IP address filtering 20-13
source IP and MAC address filtering 20-13
static bindings
adding 20-16, 20-17
deleting 20-16
static hosts 20-17
IP traceroute
executing 39-18
overview 39-17
IP unicast routing
assigning IP addresses to Layer 3 interfaces 34-4
configuring static routes 34-5
disabling 34-4
enabling 34-4
inter-VLAN 34-1
IP addressing
classes 34-4
configuring 34-4
steps to configure 34-3
subnet mask 34-4
with SVIs 34-3
IPv4 ACLs
applying to interfaces 31-18
extended, creating 31-9
named 31-13
standard, creating 31-8
IPv4 and IPv6
dual protocol stacks 35-4
IPv6
ACLs
displaying 37-8
limitations 37-2
matching criteria 37-3
port 37-1
precedence 37-2
router 37-1
supported 37-2
addresses 35-2
address formats 35-2
and switch stacks 35-6
applications 35-4
assigning address 35-7
autoconfiguration 35-4
configuring static routes 35-10
default configuration 35-7
defined 35-1
forwarding 35-7
ICMP 35-3
monitoring 35-11
neighbor discovery 35-4
SDM templates 36-1, 37-1
stack master functions 35-6
Stateless Autoconfiguration 35-4
supported features 35-2
IPv6 traffic, filtering 37-3
J
join messages, IGMP 21-3
L
LACP
See EtherChannel
Layer 2 frames, classification with CoS 33-2
Layer 2 interfaces, default configuration 12-24
Layer 2 traceroute
and ARP 39-16
and CDP 39-16
broadcast traffic 39-16
described 39-16
IP addresses and subnets 39-16
MAC addresses and VLANs 39-16
multicast traffic 39-16
multiple devices on a port 39-17
unicast traffic 39-16
usage guidelines 39-16
Layer 3 features 1-15
Layer 3 interfaces
assigning IP addresses to 34-4
assigning IPv6 addresses to 35-7
changing from Layer 2 mode 34-4
Layer 3 packets, classification methods 33-2
LDAP 4-2
Leaking IGMP Reports 19-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-2
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 17-8
Link Layer Discovery Protocol
See CDP
link local unicast addresses 35-3
link redundancy
See Flex Links
links, unidirectional 24-1
link-state tracking
configuring 38-23
described 38-21
LLDP
configuring 26-5
characteristics 26-6
default configuration 26-5
enabling 26-6
monitoring and maintaining 26-11
overview 26-1
supported TLVs 26-2
switch stack considerations 26-2
transmission timer and holdtime, setting 26-6
LLDP-MED
configuring
procedures 26-5
TLVs 26-7
monitoring and maintaining 26-11
overview 26-1, 26-2
supported TLVs 26-2
LLDP Media Endpoint Discovery
See LLDP-MED
local SPAN 27-2
location TLV 26-3, 26-7
login authentication
with RADIUS 9-30
with TACACS+ 9-14
login banners 5-11
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-20
loop guard
described 18-11
enabling 18-18
support for 1-9
LRE profiles, considerations in switch clusters 6-15
M
MAB
See MAC authentication bypass
MAB inactivity timer
default setting 10-36
range 10-38
MAC/PHY configuration status TLV 26-2
MAC addresses
aging time 5-15
and VLAN association 5-14
building the address table 5-14
default configuration 5-15
disabling learning on a VLAN 5-23
discovering 5-24
displaying 5-24
displaying in the IP source binding table 20-20
dynamic
learning 5-14
removing 5-16
in ACLs 31-23
static
adding 5-21
allowing 5-22, 5-23
characteristics of 5-20
dropping 5-22
removing 5-21
MAC address learning 1-6
MAC address learning, disabling on a VLAN 5-23
MAC address notification, support for 1-15
MAC address-table move update
configuration guidelines 19-8
configuring 19-12
default configuration 19-8
description 19-6
monitoring 19-14
MAC address-to-VLAN mapping 13-23
MAC authentication bypass 10-38
configuring 10-57
overview 10-17
MAC extended access lists
applying to Layer 2 interfaces 31-24
configuring for QoS 33-52
creating 31-23
defined 31-23
for QoS classification 33-5
magic packet 10-27
manageability features 1-6
management access
in-band
browser session 1-7
CLI session 1-7
device manager 1-7
SNMP 1-7
out-of-band console port connection 1-7
management address TLV 26-2
management options
CLI 2-1
clustering 1-3
CNS 4-1
Network Assistant 1-2
overview 1-5
management VLAN
considerations in switch clusters 6-7
discovery through different management VLANs 6-7
mapping tables for QoS
configuring
CoS-to-DSCP 33-63
DSCP 33-63
DSCP-to-CoS 33-66
DSCP-to-DSCP-mutation 33-67
IP-precedence-to-DSCP 33-64
policed-DSCP 33-65
described 33-11
marking
action with aggregate policers 33-60
described 33-4, 33-9
matching
IPv6 ACLs 37-3
matching, IPv4 ACLs 31-7
maximum aging time
MSTP 17-25
STP 16-23
maximum hop count, MSTP 17-25
maximum number of allowed devices, port-based authentication 10-38
MDA
configuration guidelines 10-13
described 1-11, 10-12
exceptions with authentication process 10-5
membership mode, VLAN port 13-3
member switch
automatic discovery 6-5
defined 6-2
managing 6-15
passwords 6-12
recovering from lost connectivity 39-12
requirements 6-4
See also candidate switch, cluster standby group, and standby command switch
memory consistency check errors
example 39-27
memory consistency check routines 1-5, 39-26
memory consistency integrity 1-5, 39-26
messages, to users through banners 5-11
MIBs
overview 30-1
SNMP interaction with 30-5
mirroring traffic for analysis 27-1
mismatches, autonegotiation 39-12
module number 12-16
monitoring
access groups 31-26
cables for unidirectional links 24-1
CDP 25-5
features 1-15
Flex Links 19-14
IGMP
filters 21-29
snooping 21-16, 36-11
interfaces 12-40
IP SLAs operations 32-6
IPv4 ACL configuration 31-26
IPv6 35-11
IPv6 ACL configuration 37-8
MAC address-table move update 19-14
multicast router interfaces 21-17, 36-12
MVR 21-23
network traffic for analysis with probe 27-2
port
blocking 23-20
protection 23-20
SFP status 12-40, 39-14
speed and duplex mode 12-28
traffic flowing among switches 28-1
traffic suppression 23-20
VLANs 13-13
VMPS 13-28
VTP 14-18
mrouter Port 19-3
mrouter port 19-5
MSTP
boundary ports
configuration guidelines 17-15
described 17-6
BPDU filtering
described 18-3
enabling 18-14
BPDU guard
described 18-2
enabling 18-13
CIST, described 17-3
CIST regional root 17-3
CIST root 17-5
configuration guidelines 17-15, 18-12
configuring
forward-delay time 17-24
hello time 17-24
link type for rapid convergence 17-25
maximum aging time 17-25
maximum hop count 17-25
MST region 17-16
neighbor type 17-26
path cost 17-22
port priority 17-20
root switch 17-18
secondary root switch 17-19
switch priority 17-23
CST
defined 17-3
operations between regions 17-4
default configuration 17-14
default optional feature configuration 18-12
displaying status 17-27
enabling the mode 17-16
EtherChannel guard
described 18-10
enabling 18-17
extended system ID
effects on root switch 17-18
effects on secondary root switch 17-19
unexpected behavior 17-18
IEEE 802.1s
implementation 17-6
port role naming change 17-7
terminology 17-5
instances supported 16-10
interface state, blocking to forwarding 18-2
interoperability and compatibility among modes 16-11
interoperability with IEEE 802.1D
described 17-9
restarting migration process 17-27
IST
defined 17-3
master 17-3
operations within a region 17-3
loop guard
described 18-11
enabling 18-18
mapping VLANs to MST instance 17-16
MST region
CIST 17-3
configuring 17-16
described 17-2
hop-count mechanism 17-5
IST 17-3
supported spanning-tree instances 17-2
optional features supported 1-8
overview 17-2
Port Fast
described 18-2
enabling 18-12
preventing root switch selection 18-10
root guard
described 18-10
enabling 18-18
root switch
configuring 17-18
effects of extended system ID 17-18
unexpected behavior 17-18
shutdown Port Fast-enabled port 18-2
stack changes, effects of 17-8
status, displaying 17-27
multiauth
support for inaccessible authentication bypass 10-25
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 21-5
joining 21-3
leaving 21-5
static joins 21-10, 36-8
multicast router interfaces, monitoring 21-17, 36-12
multicast router ports, adding 21-9, 36-8
multicast storm 23-1
multicast storm-control command 23-4
multicast television application 21-18
multicast VLAN 21-17
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multiple authentication 10-14
multiple authentication mode
configuring 10-44
MVR
and address aliasing 21-20
and IGMPv3 21-21
configuration guidelines 21-20
configuring interfaces 21-22
default configuration 21-20
described 21-17
example application 21-18
modes 21-21
monitoring 21-23
multicast television application 21-18
setting global parameters 21-21
support for 1-4
N
NAC
critical authentication 10-24, 10-54
IEEE 802.1x authentication using a RADIUS server 10-58
IEEE 802.1x validation using RADIUS server 10-58
inaccessible authentication bypass 10-54
Layer 2 IEEE 802.1x validation 1-12, 10-30, 10-58
named IPv4 ACLs 31-13
NameSpace Mapper
See NSM
native VLAN
configuring 13-19
default 13-19
NEAT
configuring 10-59
overview 10-31
neighbor discovery, IPv6 35-4
Network Admission Control
See NAC
Network Assistant
benefits 1-1
described 1-5
downloading image files 1-2
guide mode 1-2
management options 1-2
managing switch stacks 7-2, 7-15
upgrading a switch A-24
wizards 1-2
network configuration examples
cost-effective wiring closet 1-20
increasing network performance 1-19
long-distance, high-bandwidth transport 1-24
providing network services 1-19
server aggregation and Linux server cluster 1-22
small to medium-sized network 1-23
network design
performance 1-19
services 1-19
Network Edge Access Topology
See NEAT
network management
CDP 25-1
RMON 28-1
SNMP 30-1
network performance, measuring with IP SLAs 32-3
network policy TLV 26-2, 26-7
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
described 33-10
non-IP traffic filtering 31-23
nontrunking mode 13-14
normal-range VLANs 13-4
configuration guidelines 13-6
configuring 13-4
defined 13-1
NSM 4-3
NTP
associations
defined 5-3
overview 5-3
stratum 5-3
support for 1-6
time
services 5-3
synchronizing 5-3
O
OBFL
configuring 39-25
described 39-24
displaying 39-26
offline configuration for switch stacks 7-7
off mode, VTP 14-4
on-board failure logging
See OBFL
online diagnostics
overview 40-1
running tests 40-3
understanding 40-1
open1x
configuring 10-64
open1x authentication
overview 10-31
optimizing system resources 8-1
options, management 1-5
out-of-profile markdown 1-14
P
packet modification, with QoS 33-20
PAgP
See EtherChannel
passwords
default configuration 9-2
disabling recovery of 9-5
encrypting 9-3
for security 1-10
in clusters 6-13
overview 9-1
recovery of 39-3
setting
enable 9-3
enable secret 9-3
Telnet 9-6
with usernames 9-6
VTP domain 14-10
path cost
MSTP 17-22
STP 16-20
PC (passive command switch) 6-9
performance, network design 1-19
performance features 1-4
persistent self-signed certificate 9-47
per-user ACLs and Filter-Ids 10-8
per-VLAN spanning-tree plus
See PVST+
physical ports 12-2
PIM-DVMRP, as snooping method 21-8
ping
character output description 39-15
executing 39-15
overview 39-14
PoE
auto mode 12-7
CDP with power consumption, described 12-5
CDP with power negotiation, described 12-5
Cisco intelligent power management 12-5
configuring 12-31
cutoff power
determining 12-8
cutoff-power
support for 12-8
devices supported 12-5
high-power devices operating in low-power mode 12-5
IEEE power classification levels 12-6
monitoring 12-8
monitoring power 12-34
policing power consumption 12-34
policing power usage 12-8
power budgeting 12-32
power consumption 12-9, 12-32
powered-device detection and initial power allocation 12-6
power management modes 12-7
power monitoring 12-8
power negotiation extensions to CDP 12-5
power sensing 12-8
standards supported 12-5
static mode 12-7
total available power 12-10
troubleshooting 39-13
PoE+ 1-15, 12-5, 12-6, 12-31
policed-DSCP map for QoS 33-65
policers
configuring
for each matched traffic class 33-55
for more than one traffic class 33-60
described 33-4
displaying 33-81
number of 33-41
types of 33-10
policing
described 33-4
token-bucket algorithm 33-10
policy maps for QoS
characteristics of 33-55
described 33-8
displaying 33-82
nonhierarchical on physical ports
described 33-10
port ACLs
defined 31-2
types of 31-3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 10-16
authentication server
defined 10-3, 11-2
RADIUS server 10-3
client, defined 10-3, 11-2
configuration guidelines 10-36, 11-9
configuring
802.1x authentication 10-42
guest VLAN 10-52
host mode 10-44
inaccessible authentication bypass 10-54
manual re-authentication of a client 10-47
periodic re-authentication 10-46
quiet period 10-47
RADIUS server 10-44, 11-13
RADIUS server parameters on the switch 10-43, 11-11
restricted VLAN 10-53
switch-to-client frame-retransmission number 10-48, 10-49
switch-to-client retransmission time 10-47
violation modes 10-41
default configuration 10-35, 11-9
described 10-1
device roles 10-3, 11-2
displaying statistics 10-66, 11-17
downloadable ACLs and redirect URLs
configuring 10-61 to 10-63, ?? to 10-63
overview 10-20 to 10-22
EAPOL-start frame 10-5
EAP-request/identity frame 10-5
EAP-response/identity frame 10-5
enabling
802.1X authentication 11-11
encapsulation 10-3
flexible authentication ordering
configuring 10-64
overview 10-30
guest VLAN
configuration guidelines 10-23, 10-24
described 10-22
host mode 10-12
inaccessible authentication bypass
configuring 10-54
described 10-24
guidelines 10-37
initiation and message exchange 10-5
magic packet 10-27
maximum number of allowed devices per port 10-38
method lists 10-42
multiple authentication 10-14
per-user ACLs
configuration tasks 10-20
described 10-19
RADIUS server attributes 10-19
ports
authorization state and dot1x port-control command 10-11
authorized and unauthorized 10-10
voice VLAN 10-27
port security
described 10-27
readiness check
configuring 10-38
described 10-17, 10-38
resetting to default values 10-66
stack changes, effects of 10-11
statistics, displaying 10-66
switch
as proxy 10-3, 11-2
RADIUS client 10-3
switch supplicant
configuring 10-59
overview 10-31
user distribution
guidelines 10-29
overview 10-29
VLAN assignment
AAA authorization 10-42
characteristics 10-18
configuration tasks 10-18
described 10-17
voice aware 802.1x security
configuring 10-39
described 10-31, 10-39
voice VLAN
described 10-27
PVID 10-27
VVID 10-27
wake-on-LAN, described 10-27
with ACLs and RADIUS Filter-Id attribute 10-33
port-based authentication methods, supported 10-7
port blocking 1-4, 23-7
port-channel
See EtherChannel
port description TLV 26-2
Port Fast
described 18-2
enabling 18-12
mode, spanning tree 13-25
support for 1-8
port membership modes, VLAN 13-3
port priority
MSTP 17-20
STP 16-18
ports
access 12-3
blocking 23-7
dual-purpose uplink 12-4
dynamic access 13-4
protected 23-6
secure 23-9
static-access 13-3, 13-10
switch 12-2
trunks 13-3, 13-14
VLAN assignments 13-10
port security
aging 23-17
and QoS trusted boundary 33-45
and stacking 23-18
configuring 23-12
default configuration 23-11
described 23-8
displaying 23-20
on trunk ports 23-14
sticky learning 23-9
violations 23-10
with other features 23-11
port-shutdown response, VMPS 13-24
port VLAN ID TLV 26-2
power management TLV 26-3, 26-7
Power over Ethernet
See PoE
preemption, default configuration 19-8
preemption delay, default configuration 19-8
preferential treatment of traffic
See QoS
preventing unauthorized access 9-1
primary links 19-2
priority
overriding CoS 15-6
trusting CoS 15-6
private VLAN edge ports
See protected ports
privileged EXEC mode 2-2
privilege levels
changing the default for lines 9-9
command switch 6-16
exiting 9-9
logging into 9-9
mapping on member switches 6-16
overview 9-2, 9-7
setting a command with 9-8
protected ports 1-10, 23-6
protocol storm protection 23-18
provisioned switches and IP source guard 20-15
provisioning new members for a switch stack 7-7
proxy reports 19-4
pruning, VTP
disabling
in VTP domain 14-16
on a port 13-19
enabling
in VTP domain 14-16
on a port 13-18
examples 14-7
overview 14-6
pruning-eligible list
changing 13-18
for VTP pruning 14-6
VLANs 14-16
PVST+
described 16-10
IEEE 802.1Q trunking interoperability 16-11
instances supported 16-10
Q
QoS
and MQC commands 33-1
auto-QoS
categorizing traffic 33-22
configuration and defaults display 33-37
configuration guidelines 33-34
described 33-21
disabling 33-36
displaying generated commands 33-36
displaying the initial configuration 33-37
effects on running configuration 33-34
list of generated commands 33-25, 33-29
basic model 33-4
classification
class maps, described 33-8
defined 33-4
DSCP transparency, described 33-46
flowchart 33-7
forwarding treatment 33-3
in frames and packets 33-3
IP ACLs, described 33-6, 33-8
MAC ACLs, described 33-5, 33-8
options for IP traffic 33-6
options for non-IP traffic 33-5
policy maps, described 33-8
trust DSCP, described 33-5
trusted CoS, described 33-5
trust IP precedence, described 33-5
class maps
configuring 33-53
displaying 33-81
configuration guidelines
auto-QoS 33-34
standard QoS 33-40
configuring
aggregate policers 33-60
auto-QoS 33-21
default port CoS value 33-44
DSCP maps 33-63
DSCP transparency 33-46
DSCP trust states bordering another domain 33-47
egress queue characteristics 33-74
ingress queue characteristics 33-69
IP extended ACLs 33-51
IP standard ACLs 33-50
MAC ACLs 33-52
port trust states within the domain 33-42
trusted boundary 33-45
default auto configuration 33-22
default standard configuration 33-38
displaying statistics 33-81
DSCP transparency 33-46
egress queues
allocating buffer space 33-74
buffer allocation scheme, described 33-18
configuring shaped weights for SRR 33-78
configuring shared weights for SRR 33-79
described 33-4
displaying the threshold map 33-77
flowchart 33-18
mapping DSCP or CoS values 33-76
scheduling, described 33-4
setting WTD thresholds 33-74
WTD, described 33-19
enabling globally 33-42
flowcharts
classification 33-7
egress queueing and scheduling 33-18
ingress queueing and scheduling 33-15
policing and marking 33-11
implicit deny 33-8
ingress queues
allocating bandwidth 33-72
allocating buffer space 33-71
buffer and bandwidth allocation, described 33-16
configuring shared weights for SRR 33-72
configuring the priority queue 33-73
described 33-4
displaying the threshold map 33-70
flowchart 33-15
mapping DSCP or CoS values 33-69
priority queue, described 33-17
scheduling, described 33-4
setting WTD thresholds 33-69
WTD, described 33-16
IP phones
automatic classification and queueing 33-21
detection and trusted settings 33-21, 33-45
limiting bandwidth on egress interface 33-80
mapping tables
CoS-to-DSCP 33-63
displaying 33-81
DSCP-to-CoS 33-66
DSCP-to-DSCP-mutation 33-67
IP-precedence-to-DSCP 33-64
policed-DSCP 33-65
types of 33-11
marked-down actions 33-58
marking, described 33-4, 33-9
overview 33-2
packet modification 33-20
policers
configuring 33-58, 33-61
described 33-9
displaying 33-81
number of 33-41
types of 33-10
policies, attaching to an interface 33-9
policing
described 33-4, 33-9
token bucket algorithm 33-10
policy maps
characteristics of 33-55
displaying 33-82
nonhierarchical on physical ports 33-55
QoS label, defined 33-4
queues
configuring egress characteristics 33-74
configuring ingress characteristics 33-69
high priority (expedite) 33-20, 33-80
location of 33-12
SRR, described 33-14
WTD, described 33-13
rewrites 33-20
support for 1-13
trust states
bordering another domain 33-47
described 33-5
trusted device 33-45
within the domain 33-42
quality of service
See QoS
queries, IGMP 21-4
query solicitation, IGMP 21-13
R
RADIUS
attributes
vendor-proprietary 9-38
vendor-specific 9-37
configuring
accounting 9-35
authentication 9-30
authorization 9-34
communication, global 9-27, 9-36
communication, per-server 9-27
multiple UDP ports 9-27
default configuration 9-27
defining AAA server groups 9-32
displaying the configuration 9-41
identifying the server 9-27
in clusters 6-15
limiting the services to the user 9-34
method list, defined 9-26
operation of 9-19
overview 9-18
server load balancing 9-40
suggested network environments 9-18
support for 1-12
tracking services accessed by user 9-35
RADIUS Change of Authorization 9-20
range
macro 12-19
of interfaces 12-18
rapid convergence 17-10
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 16-10
IEEE 802.1Q trunking interoperability 16-11
instances supported 16-10
Rapid Spanning Tree Protocol
See RSTP
rcommand command 6-15
RCP
configuration files
downloading A-17
overview A-16
preparing the server A-16
uploading A-18
image files
deleting old image A-37
downloading A-35
preparing the server A-34
uploading A-37
readiness check
port-based authentication
configuring 10-38
described 10-17, 10-38
reconfirmation interval, VMPS, changing 13-27
reconfirming dynamic VLAN membership 13-27
recovery procedures 39-1
redirect URL 10-20, 10-21, 10-61
redundancy
EtherChannel 38-3
STP
backbone 16-8
multidrop backbone 18-5
path cost 13-22
port priority 13-20
redundant links and UplinkFast 18-15
reloading software 3-22
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 27-3
report suppression, IGMP
described 21-6
disabling 21-16, 36-11
resequencing ACL entries 31-13
reserved addresses in DHCP pools 20-22
resetting a UDLD-shutdown interface 24-6
responder, IP SLAs
described 32-4
enabling 32-6
response time, measuring with IP SLAs 32-4
restricted VLAN
configuring 10-53
described 10-23
using with IEEE 802.1x 10-23
restricting access
overview 9-1
passwords and privilege levels 9-2
RADIUS 9-17
TACACS+ 9-10
retry count, VMPS, changing 13-28
RFC
1112, IP multicast and IGMP 21-2
1157, SNMPv1 30-2
1166, IP addresses 34-4
1305, NTP 5-3
1757, RMON 28-2
1901, SNMPv2C 30-2
1902 to 1907, SNMPv2 30-2
2236, IP multicast and IGMP 21-2
2273-2275, SNMPv3 30-2
RFC 5176 Compliance 9-21
RMON
default configuration 28-3
displaying status 28-6
enabling alarms and events 28-3
groups supported 28-2
overview 28-1
statistics
collecting group Ethernet 28-6
collecting group history 28-5
support for 1-15
root guard
described 18-10
enabling 18-18
support for 1-9
root switch
MSTP 17-18
STP 16-16
router ACLs
defined 31-2
types of 31-4
RSPAN
and stack changes 27-10
characteristics 27-9
configuration guidelines 27-17
default configuration 27-10
defined 27-3
destination ports 27-8
displaying status 27-23
in a switch stack 27-2
interaction with other features 27-9
monitored ports 27-6
monitoring ports 27-8
overview 1-15, 27-1
received traffic 27-5
sessions
creating 27-18
defined 27-4
limiting source traffic to specific VLANs 27-22
specifying monitored ports 27-18
with ingress traffic enabled 27-21
source ports 27-6
transmitted traffic 27-6
VLAN-based 27-7
RSTP
active topology 17-10
BPDU
format 17-12
processing 17-13
designated port, defined 17-9
designated switch, defined 17-9
interoperability with IEEE 802.1D
described 17-9
restarting migration process 17-27
topology changes 17-13
overview 17-9
port roles
described 17-9
synchronized 17-11
proposal-agreement handshake process 17-10
rapid convergence
cross-stack rapid convergence 17-11
described 17-10
edge ports and Port Fast 17-10
point-to-point links 17-10, 17-25
root ports 17-10
root port, defined 17-9
See also MSTP
running configuration
replacing A-19, A-20
rolling back A-19, A-21
running configuration, saving 3-15
S
SC (standby command switch) 6-9
scheduled reloads 3-22
SCP
and SSH 9-53
configuring 9-53
SDM
templates
configuring 8-5
number of 8-1
SDM template 37-3
configuration guidelines 8-4
configuring 8-4
types of 8-1
Secure Copy Protocol
secure HTTP client
configuring 9-51
displaying 9-52
secure HTTP server
configuring 9-50
displaying 9-52
secure MAC addresses
and switch stacks 23-18
deleting 23-16
maximum number of 23-10
types of 23-9
secure ports
and switch stacks 23-18
secure ports, configuring 23-9
secure remote connections 9-42
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 23-8
security features 1-10
See SCP
sequence numbers in log messages 29-8
server mode, VTP 14-3
service-provider network, MSTP and RSTP 17-1
set-request operation 30-5
setup program
failed command switch replacement 39-11
replacing failed command switch 39-9
severity levels, defining in system messages 29-9
SFPs
monitoring status of 12-40, 39-14
security and identification 39-13
status, displaying 39-14
shaped round robin
See SRR
show access-lists hw-summary command 31-20
show and more command output, filtering 2-9
show cdp traffic command 25-5
show cluster members command 6-15
show configuration command 12-37
show forward command 39-22
show interfaces command 12-28, 12-37
show interfaces switchport 19-4
show lldp traffic command 26-11
show platform forward command 39-22
show platform tcam command 39-26, 39-27
show running-config command
displaying ACLs 31-18, 31-19
interface description in 12-37
shutdown command on interfaces 12-41
Simple Network Management Protocol
See SNMP
small form-factor pluggable modules
See SFPs
small-frame arrival rate, configuring 23-5
SNAP 25-1
SNMP
accessing MIB variables with 30-5
agent
described 30-4
disabling 30-8
and IP SLAs 32-2
authentication level 30-11
community strings
configuring 30-8
for cluster switches 30-4
overview 30-4
configuration examples 30-18
default configuration 30-7
engine ID 30-7
groups 30-7, 30-10
host 30-7
ifIndex values 30-6
in-band management 1-7
in clusters 6-13
informs
and trap keyword 30-13
described 30-5
differences from traps 30-5
disabling 30-16
enabling 30-16
limiting access by TFTP servers 30-17
limiting system log messages to NMS 29-10
manager functions 1-5, 30-3
managing clusters with 6-16
notifications 30-5
overview 30-1, 30-5
security levels 30-3
setting CPU threshold notification 30-16
status, displaying 30-19
system contact and location 30-17
trap manager, configuring 30-14
traps
described 30-4, 30-5
differences from informs 30-5
disabling 30-16
enabling 30-13
enabling MAC address notification 5-16, 5-18, 5-19
overview 30-1, 30-5
types of 30-13
users 30-7, 30-10
versions supported 30-2
SNMP and Syslog Over IPv6 35-5
SNMPv1 30-2
SNMPv2C 30-3
SNMPv3 30-3
snooping, IGMP 21-2
software compatibility
See stacks, switch
software images
location in flash A-25
recovery procedures 39-2
scheduling reloads 3-23
tar file format, described A-25
See also downloading and uploading
source addresses
in IPv4 ACLs 31-10
in IPv6 ACLs 37-5
source-and-destination-IP address based forwarding, EtherChannel 38-9
source-and-destination MAC address forwarding, EtherChannel 38-9
source-IP address based forwarding, EtherChannel 38-9
source-MAC address forwarding, EtherChannel 38-8
SPAN
and stack changes 27-10
configuration guidelines 27-11
default configuration 27-10
destination ports 27-8
displaying status 27-23
interaction with other features 27-9
monitored ports 27-6
monitoring ports 27-8
overview 1-15, 27-1
ports, restrictions 23-12
received traffic 27-5
sessions
configuring ingress forwarding 27-15, 27-22
creating 27-12
defined 27-4
limiting source traffic to specific VLANs 27-16
removing destination (monitoring) ports 27-13
specifying monitored ports 27-12
with ingress traffic enabled 27-14
source ports 27-6
transmitted traffic 27-6
VLAN-based 27-7
spanning tree and native VLANs 13-15
Spanning Tree Protocol
See STP
SPAN traffic 27-5
SRR
configuring
shaped weights on egress queues 33-78
shared weights on egress queues 33-79
shared weights on ingress queues 33-72
described 33-14
shaped mode 33-14
shared mode 33-14
support for 1-14
SSH
configuring 9-43
cryptographic software image 9-42
described 1-7, 9-42
encryption methods 9-43
switch stack considerations 7-15
user authentication methods, supported 9-43
SSL
configuration guidelines 9-49
configuring a secure HTTP client 9-51
configuring a secure HTTP server 9-50
cryptographic software image 9-46
described 9-46
monitoring 9-52
stack, switch
MAC address of 7-6, 7-17
stack changes, effects on
802.1x port-based authentication 10-11
ACL configuration 31-6
CDP 25-2
cross-stack EtherChannel 38-13
EtherChannel 38-10
IGMP snooping 21-6
IP routing 34-2
MAC address tables 5-15
MSTP 17-8
MVR 21-18
port security 23-18
SDM template selection 8-3
SNMP 30-2
SPAN and RSPAN 27-10
STP 16-12
switch clusters 6-13
system message log 29-2
VLANs 13-7
VTP 14-8
stack master
bridge ID (MAC address) 7-6
defined 7-1
election 7-5
IPv6 35-6
See also stacks, switch
stack member
accessing CLI of specific member 7-22
configuring
member number 7-20
priority value 7-21
defined 7-1
displaying information of 7-23
number 7-6
priority value 7-7
provisioning a new member 7-21
replacing 7-14
See also stacks, switch
stack member number 12-16
stack protocol version 7-10
stacks, switch
accessing CLI of specific member 7-22
assigning information
member number 7-20
priority value 7-21
provisioning a new member 7-21
auto-advise 7-11
auto-copy 7-11
auto-extract 7-11
auto-upgrade 7-11
bridge ID 7-6
CDP considerations 25-2
compatibility, software 7-9
configuration file 7-14
configuration scenarios 7-16
copying an image file from one member to another A-38
default configuration 7-17
description of 7-1
displaying information of 7-23
enabling persistent MAC address timer 7-17
in clusters 6-13
incompatible software and image upgrades 7-13, A-38
IPv6 on 35-6
MAC address considerations 5-15
management connectivity 7-15
managing 7-1
membership 7-3
merged 7-3
MSTP instances supported 16-10
offline configuration
described 7-7
effects of adding a provisioned switch 7-8
effects of removing a provisioned switch 7-9
effects of replacing a provisioned switch 7-9
provisioned configuration, defined 7-7
provisioned switch, defined 7-7
provisioning a new member 7-21
partitioned 7-3, 39-8
provisioned switch
adding 7-8
removing 7-9
replacing 7-9
replacing a failed member 7-14
software compatibility 7-9
software image version 7-9
stack protocol version 7-10
STP
bridge ID 16-3
root port selection 16-3
stack root switch election 16-3
system messages
hostnames in the display 29-1
remotely monitoring 29-2
system prompt consideration 5-8
system-wide configuration considerations 7-14
upgrading A-38
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 7-11
examples 7-12
manual upgrades with auto-advise 7-11
upgrades with auto-extract 7-11
version-mismatch mode
described 7-10
See also stack master and stack member
standby command switch
configuring
considerations 6-10
defined 6-2
priority 6-9
requirements 6-3
virtual IP address 6-10
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby links 19-2
startup configuration
booting
manually 3-19
specific image 3-20
clearing A-19
configuration file
automatically downloading 3-18
specifying the filename 3-18
static access ports
assigning to VLAN 13-10
defined 12-3, 13-3
static addresses
See addresses
static MAC addressing 1-10
static routes
configuring 34-5
configuring for IPv6 35-10
static VLAN membership 13-2
statistics
802.1X 11-17
802.1x 10-66
CDP 25-5
interface 12-40
LLDP 26-11
LLDP-MED 26-11
NMSP 26-11
QoS ingress and egress 33-81
RMON group Ethernet 28-6
RMON group history 28-5
SNMP input and output 30-19
VTP 14-18
sticky learning 23-9
storm control
configuring 23-3
described 23-1
disabling 23-5
displaying 23-20
support for 1-4
thresholds 23-2
STP
accelerating root port selection 18-4
BackboneFast
described 18-7
disabling 18-17
enabling 18-17
BPDU filtering
described 18-3
disabling 18-15
enabling 18-14
BPDU guard
described 18-2
disabling 18-14
enabling 18-13
BPDU message exchange 16-3
configuration guidelines 16-13, 18-12
configuring
forward-delay time 16-23
hello time 16-22
maximum aging time 16-23
path cost 16-20
port priority 16-18
root switch 16-16
secondary root switch 16-18
spanning-tree mode 16-15
switch priority 16-21
transmit hold-count 16-24
counters, clearing 16-24
cross-stack UplinkFast
described 18-5
enabling 18-16
default configuration 16-13
default optional feature configuration 18-12
designated port, defined 16-4
designated switch, defined 16-4
detecting indirect link failures 18-8
disabling 16-16
displaying status 16-24
EtherChannel guard
described 18-10
disabling 18-17
enabling 18-17
extended system ID
effects on root switch 16-16
effects on the secondary root switch 16-18
overview 16-4
unexpected behavior 16-16
features supported 1-8
IEEE 802.1D and bridge ID 16-4
IEEE 802.1D and multicast addresses 16-9
IEEE 802.1t and VLAN identifier 16-5
inferior BPDU 16-3
instances supported 16-10
interface state, blocking to forwarding 18-2
interface states
blocking 16-6
disabled 16-7
forwarding 16-6, 16-7
learning 16-7
listening 16-7
overview 16-5
interoperability and compatibility among modes 16-11
limitations with IEEE 802.1Q trunks 16-11
load sharing
overview 13-20
using path costs 13-22
using port priorities 13-20
loop guard
described 18-11
enabling 18-18
modes supported 16-10
multicast addresses, effect of 16-9
optional features supported 1-8
overview 16-2
path costs 13-22
Port Fast
described 18-2
enabling 18-12
port priorities 13-21
preventing root switch selection 18-10
protocols supported 16-10
redundant connectivity 16-8
root guard
described 18-10
enabling 18-18
root port, defined 16-3
root port selection on a switch stack 16-3
root switch
configuring 16-16
effects of extended system ID 16-4, 16-16
election 16-3
unexpected behavior 16-16
shutdown Port Fast-enabled port 18-2
stack changes, effects of 16-12
status, displaying 16-24
superior BPDU 16-3
timers, described 16-22
UplinkFast
described 18-3
enabling 18-15
stratum, NTP 5-3
subnet mask 34-4
success response, VMPS 13-24
summer time 5-7
SunNet Manager 1-5
supported port-based authentication methods 10-7
SVIs
and IP unicast routing 34-3
and router ACLs 31-4
connecting VLANs 12-11
defined 12-3
switch 35-2
switch clustering technology 6-1
See also clusters, switch
switch console port 1-7
Switch Database Management
See SDM
Switched Port Analyzer
See SPAN
switched ports 12-2
switchport backup interface 19-4, 19-5
switchport block multicast command 23-8
switchport block unicast command 23-8
switchport protected command 23-7
switch priority
MSTP 17-23
STP 16-21
switch software features 1-1
switch virtual interface
See SVI
syslog
See system message logging
system capabilities TLV 26-2
system clock
configuring
daylight saving time 5-7
manually 5-5
summer time 5-7
time zones 5-6
displaying the time and date 5-6
overview 5-2
See also NTP
system description TLV 26-2
system message logging
default configuration 29-4
defining error message severity levels 29-9
disabling 29-4
displaying the configuration 29-14
enabling 29-5
facility keywords, described 29-14
level keywords, described 29-10
limiting messages 29-10
message format 29-2
overview 29-1
sequence numbers, enabling and disabling 29-8
setting the display destination device 29-5
stack changes, effects of 29-2
synchronizing log messages 29-6
syslog facility 1-15
time stamps, enabling and disabling 29-8
UNIX syslog servers
configuring the daemon 29-13
configuring the logging facility 29-13
facilities supported 29-14
system name
default configuration 5-9
default setting 5-9
manual configuration 5-9
See also DNS
system name TLV 26-2
system prompt, default setting 5-8, 5-9
system resources, optimizing 8-1
T
TACACS+
accounting, defined 9-11
authentication, defined 9-11
authorization, defined 9-11
configuring
accounting 9-17
authentication key 9-13
authorization 9-16
login authentication 9-14
default configuration 9-13
displaying the configuration 9-17
identifying the server 9-13
in clusters 6-15
limiting the services to the user 9-16
operation of 9-12
overview 9-10
support for 1-12
tracking services accessed by user 9-17
tar files
creating A-6
displaying the contents of A-7
extracting A-7
image file format A-25
TCAM
memory consistency check errors
example 39-27
memory consistency check routines 1-5, 39-26
memory consistency integrity 1-5, 39-26
space
HFTM 39-26
HQATM 39-26
unassigned 39-26
TDR 1-16
Telnet
accessing management interfaces 2-10
number of connections 1-7
setting a password 9-6
temporary self-signed certificate 9-47
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 9-6
ternary content addressable memory
See TCAM
TFTP
configuration files
downloading A-11
preparing the server A-11
uploading A-12
configuration files in base directory 3-7
configuring for autoconfiguration 3-7
image files
deleting A-28
downloading A-27
preparing the server A-26
uploading A-29
limiting access by servers 30-17
TFTP server 1-6
threshold, traffic level 23-2
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 31-15
time ranges in ACLs 31-15
time stamps in log messages 29-8
time zones 5-6
TLVs
defined 26-2
LLDP 26-2
LLDP-MED 26-2
Token Ring VLANs
support for 13-6
VTP support 14-5
ToS 1-13
traceroute, Layer 2
and ARP 39-16
and CDP 39-16
broadcast traffic 39-16
described 39-16
IP addresses and subnets 39-16
MAC addresses and VLANs 39-16
multicast traffic 39-16
multiple devices on a port 39-17
unicast traffic 39-16
usage guidelines 39-16
traceroute command 39-18
See also IP traceroute
traffic
blocking flooded 23-8
fragmented 31-4
fragmented IPv6 37-2
unfragmented 31-4
traffic policing 1-14
traffic suppression 23-2
transmit hold-count
see STP
transparent mode, VTP 14-4
trap-door mechanism 3-2
traps
configuring MAC address notification 5-16, 5-18, 5-19
configuring managers 30-13
defined 30-4
enabling 5-16, 5-18, 5-19, 30-13
notification types 30-13
overview 30-1, 30-5
troubleshooting
connectivity problems 39-14, 39-15, 39-17
CPU utilization 39-28
detecting unidirectional links 24-1
displaying crash information 39-23
setting packet forwarding 39-22
SFP security and identification 39-13
show forward command 39-22
with CiscoWorks 30-5
with debug commands 39-20
with ping 39-14
with system message logging 29-1
with traceroute 39-17
trunk failover
See link-state tracking
trunking encapsulation 1-9
trunk ports
configuring 13-16
defined 12-3, 13-3
trunks
allowed-VLAN list 13-17
load sharing
setting STP path costs 13-22
using STP port priorities 13-20, 13-21
native VLAN for untagged traffic 13-19
parallel 13-22
pruning-eligible list 13-18
to non-DTP device 13-14
trusted boundary for QoS 33-45
trusted port states
between QoS domains 33-47
classification options 33-5
ensuring port security for IP phones 33-45
support for 1-13
within a QoS domain 33-42
trustpoints, CA 9-47
twisted-pair Ethernet, detecting unidirectional links 24-1
type of service
See ToS
U
UDLD
configuration guidelines 24-4
default configuration 24-4
disabling
globally 24-5
on fiber-optic interfaces 24-5
per interface 24-6
echoing detection mechanism 24-3
enabling
globally 24-5
per interface 24-6
link-detection mechanism 24-1
neighbor database 24-2
overview 24-1
resetting an interface 24-6
status, displaying 24-7
support for 1-8
unauthorized ports with IEEE 802.1x 10-10
unicast MAC address filtering 1-6
and adding static addresses 5-22
and broadcast MAC addresses 5-21
and CPU packets 5-21
and multicast addresses 5-21
and router MAC addresses 5-21
configuration guidelines 5-21
described 5-21
unicast storm 23-1
unicast storm control command 23-4
unicast traffic, blocking 23-8
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 29-13
facilities supported 29-14
message logging configuration 29-13
unrecognized Type-Length-Value (TLV) support 14-5
upgrading a Catalyst 2950 switch
configuration compatibility issues C-1
differences in configuration commands C-1
feature behavior incompatibilities C-5
incompatible command messages C-1
recommendations C-1
upgrading software images
See downloading
UplinkFast
described 18-3
disabling 18-16
enabling 18-15
support for 1-8
uploading
configuration files
preparing A-11, A-13, A-16
reasons for A-9
using FTP A-15
using RCP A-18
using TFTP A-12
image files
preparing A-26, A-30, A-34
reasons for A-24
using FTP A-32
using RCP A-37
using TFTP A-29
USB mini-Type B console port 12-12
USB Type A port 1-8
user EXEC mode 2-2
username-based authentication 9-6
V
version-dependent transparent mode 14-5
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 7-11
manual upgrades with auto-advise 7-11
upgrades with auto-extract 7-11
version-mismatch mode
described 7-10
virtual IP address
cluster standby group 6-10
command switch 6-10
virtual switches and PAgP 38-6
vlan.dat file 13-5
VLAN 1, disabling on a trunk port 13-17
VLAN 1 minimization 13-17
vlan-assignment response, VMPS 13-23
VLAN configuration
at bootup 13-7
saving 13-7
VLAN configuration mode 2-2
VLAN database
and startup configuration file 13-7
and VTP 14-1
VLAN configuration saved in 13-7
VLANs saved in 13-4
VLAN filtering and SPAN 27-7
vlan global configuration command 13-7
VLAN ID, discovering 5-24
VLAN load balancing on flex links 19-3
configuration guidelines 19-8
VLAN management domain 14-2
VLAN Management Policy Server
See VMPS
VLAN membership
confirming 13-27
modes 13-3
VLAN Query Protocol
See VQP
VLANs
adding 13-8
adding to VLAN database 13-8
aging dynamic addresses 16-9
allowed on trunk 13-17
and spanning-tree instances 13-3, 13-6, 13-12
configuration guidelines, extended-range VLANs 13-11
configuration guidelines, normal-range VLANs 13-6
configuring 13-1
configuring IDs 1006 to 4094 13-11
connecting through SVIs 12-11
creating 13-8
default configuration 13-7
deleting 13-9
described 12-2, 13-1
displaying 13-13
extended-range 13-1, 13-11
features 1-9
illustrated 13-2
in the switch stack 13-7
limiting source traffic with RSPAN 27-22
limiting source traffic with SPAN 27-16
modifying 13-8
multicast 21-17
native, configuring 13-19
normal-range 13-1, 13-4
number supported 1-9
parameters 13-5
port membership modes 13-3
static-access ports 13-10
STP and IEEE 802.1Q trunks 16-11
supported 13-2
Token Ring 13-6
traffic between 13-2
VTP modes 14-3
VLAN Trunking Protocol
See VTP
VLAN trunks 13-14
VMPS
administering 13-28
configuration example 13-29
configuration guidelines 13-25
default configuration 13-25
description 13-23
dynamic port membership
described 13-24
reconfirming 13-27
troubleshooting 13-29
entering server address 13-26
mapping MAC addresses to VLANs 13-23
monitoring 13-28
reconfirmation interval, changing 13-27
reconfirming membership 13-27
retry count, changing 13-28
voice aware 802.1x security
port-based authentication
configuring 10-39
described 10-31, 10-39
voice-over-IP 15-1
voice VLAN
Cisco 7960 phone, port connections 15-1
configuration guidelines 15-3
configuring IP phones for data traffic
override CoS of incoming frame 15-6
trust CoS priority of incoming frame 15-6
configuring ports for voice traffic in
802.1p priority tagged frames 15-5
802.1Q frames 15-5
connecting to an IP phone 15-4
default configuration 15-3
described 15-1
displaying 15-7
IP phone data traffic, described 15-2
IP phone voice traffic, described 15-2
VQP 1-9, 13-23
VTP
adding a client to a domain 14-17
advertisements 13-15, 14-4
and extended-range VLANs 13-2, 14-2
and normal-range VLANs 13-2, 14-2
client mode, configuring 14-13
configuration
guidelines 14-9
requirements 14-11
saving 14-9
configuration requirements 14-11
configuration revision number
guideline 14-17
resetting 14-17
consistency checks 14-5
default configuration 14-9
described 14-1
domain names 14-10
domains 14-2
modes
client 14-3
off 14-4
server 14-3
transitions 14-3
transparent 14-4
monitoring 14-18
passwords 14-10
pruning
disabling 14-16
enabling 14-16
examples 14-7
overview 14-6
support for 1-9
pruning-eligible list, changing 13-18
server mode, configuring 14-11, 14-14
statistics 14-18
support for 1-9
Token Ring support 14-5
transparent mode, configuring 14-12
using 14-1
Version
enabling 14-15
version, guidelines 14-10
Version 1 14-5
Version 2
configuration guidelines 14-10
overview 14-5
Version 3
overview 14-5
W
web authentication 10-17
configuring 11-16 to ??
described 1-10
web-based authentication
customizeable web pages 11-6
description 11-1
web-based authentication, interactions with other features 11-7
weighted tail drop
See WTD
wired location service
configuring 26-9
displaying 26-11
location TLV 26-3
understanding 26-4
wizards 1-2
WTD
described 33-13
setting thresholds
egress queue-sets 33-74
ingress queues 33-69
support for 1-14
X
Xmodem protocol 39-2
Index
A
abbreviating commands 2-3
AC (command switch) 6-9
access-class command 31-18
access control entries
See ACEs
access control entry (ACE) 37-3
access-denied response, VMPS 13-24
access groups
Layer 3 31-19
access groups, applying IPv4 ACLs to interfaces 31-19
accessing
clusters, switch 6-12
command switches 6-10
member switches 6-12
switch clusters 6-12
accessing stack members 7-22
access lists
See ACLs
access ports
in switch clusters 6-8
access ports, defined 12-3
accounting
with 802.1x 10-51
with IEEE 802.1x 10-16
with RADIUS 9-35
with TACACS+ 9-11, 9-17
ACEs
and QoS 33-8
defined 31-2
Ethernet 31-2
IP 31-2
ACLs
ACEs 31-2
any keyword 31-10
applying
time ranges to 31-15
to an interface 31-18, 37-7
to IPv6 interfaces 37-7
to QoS 33-8
classifying traffic for QoS 33-50
comments in 31-17
compiling 31-21
defined 31-1, 31-7
examples of 31-21, 33-50
extended IP, configuring for QoS classification 33-51
extended IPv4
creating 31-9
matching criteria 31-7
hardware and software handling 31-20
host keyword 31-11
IP
creating 31-7
fragments and QoS guidelines 33-40
implicit deny 31-9, 31-13, 31-14
implicit masks 31-9
matching criteria 31-7
undefined 31-19
IPv4
applying to interfaces 31-18
creating 31-7
matching criteria 31-7
named 31-13
numbers 31-7
terminal lines, setting on 31-18
unsupported features 31-6
IPv6
applying to interfaces 37-7
configuring 37-3, 37-4
displaying 37-8
interactions with other features 37-4
limitations 37-2, 37-3
matching criteria 37-3
named 37-2
precedence of 37-2
supported 37-2
unsupported features 37-3
MAC extended 31-23, 33-52
matching 31-7, 31-19, 37-3
monitoring 31-26, 37-8
named, IPv4 31-13
named, IPv6 37-2
names 37-4
number per QoS class map 33-40
port 31-2, 37-1
precedence of 31-2
QoS 33-8, 33-50
resequencing entries 31-13
router 31-2, 37-1
standard IP, configuring for QoS classification 33-50
standard IPv4
creating 31-8
matching criteria 31-7
support for 1-10
support in hardware 31-20
time ranges 31-15
types supported 31-2
unsupported features, IPv4 31-6
unsupported features, IPv6 37-3
active link 19-4, 19-5, 19-6
active links 19-2
active traffic monitoring, IP SLAs 32-1
address aliasing 21-2
addresses
displaying the MAC address table 5-24
dynamic
accelerated aging 16-9
changing the aging time 5-15
default aging 16-9
defined 5-13
learning 5-14
removing 5-16
IPv6 35-2
MAC, discovering 5-24
multicast, STP address management 16-9
static
adding and removing 5-20
defined 5-13
address resolution 5-24
Address Resolution Protocol
See ARP
advertisements
CDP 25-1
LLDP 26-2
VTP 13-15, 14-3, 14-4
aggregatable global unicast addresses 35-3
aggregated ports
See EtherChannel
aggregate policers 33-60
aggregate policing 1-14
aging, accelerating 16-9
aging time
accelerated
for MSTP 17-24
for STP 16-9, 16-23
MAC address table 5-15
maximum
for MSTP 17-25
for STP 16-23, 16-24
alarms, RMON 28-4
allowed-VLAN list 13-17
ARP
defined 1-6, 5-24
table
address resolution 5-24
managing 5-24
attributes, RADIUS
vendor-proprietary 9-38
vendor-specific 9-37
attribute-value pairs 10-13, 10-16, 10-21, 10-22
authentication
local mode with AAA 9-41
open1x 10-31
RADIUS
key 9-27
login 9-30
TACACS+
defined 9-11
key 9-13
login 9-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 10-8
authentication failed VLAN
See restricted VLAN
authentication manager
CLI commands 10-9
compatibility with older 802.1x CLI commands 10-9 to ??
overview 10-7
authoritative time source, described 5-3
authorization
with RADIUS 9-34
with TACACS+ 9-11, 9-16
authorized ports with IEEE 802.1x 10-10
autoconfiguration 3-3
auto enablement 10-32
automatic advise (auto-advise) in switch stacks 7-11
automatic copy (auto-copy) in switch stacks 7-11
automatic discovery
considerations
beyond a noncandidate device 6-8
brand new switches 6-8
connectivity 6-5
different VLANs 6-7
management VLANs 6-7
non-CDP-capable devices 6-6
noncluster-capable devices 6-6
in switch clusters 6-5
See also CDP
automatic extraction (auto-extract) in switch stacks 7-11
automatic QoS
See QoS
automatic recovery, clusters 6-9
See also HSRP
automatic upgrades (auto-upgrade) in switch stacks 7-11
auto-MDIX
configuring 12-30
described 12-30
autonegotiation
duplex mode 1-4
interface configuration guidelines 12-27
mismatches 39-12
Auto-QoS video devices 1-14
autosensing, port speed 1-4
auxiliary VLAN
See voice VLAN
availability, features 1-8
B
BackboneFast
described 18-7
disabling 18-17
enabling 18-17
support for 1-8
backup interfaces
See Flex Links
backup links 19-2
banners
configuring
login 5-13
message-of-the-day login 5-12
default configuration 5-11
when displayed 5-11
Berkeley r-tools replacement 9-52
binding database
DHCP snooping
See DHCP snooping binding database
bindings
DHCP snooping database 20-6
IP source guard 20-13
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 23-7
booting
boot loader, function of 3-1
boot process 3-1
manually 3-19
specific image 3-20
boot loader
accessing 3-21
described 3-1
environment variables 3-21
prompt 3-21
trap-door mechanism 3-2
BPDU
error-disabled state 18-2
filtering 18-3
RSTP format 17-12
BPDU filtering
described 18-3
disabling 18-15
enabling 18-14
support for 1-8
BPDU guard
described 18-2
disabling 18-14
enabling 18-13
support for 1-8
bridge protocol data unit
See BPDU
broadcast storm-control command 23-4
broadcast storms 23-1
C
cables, monitoring for unidirectional links 24-1
candidate switch
automatic discovery 6-5
defined 6-4
requirements 6-4
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility 10-8
CA trustpoint
configuring 9-49
defined 9-47
CDP
and trusted boundary 33-45
automatic discovery in switch clusters 6-5
configuring 25-2
default configuration 25-2
defined with LLDP 26-1
described 25-1
disabling for routing device 25-4
enabling and disabling
on an interface 25-4
on a switch 25-4
monitoring 25-5
overview 25-1
power negotiation extensions 12-5
support for 1-6
switch stack considerations 25-2
transmission timer and holdtime, setting 25-3
updates 25-3
CGMP
as IGMP snooping learning method 21-9
joining multicast group 21-3
CipherSuites 9-48
Cisco 7960 IP Phone 15-1
Cisco Discovery Protocol
See CDP
Cisco intelligent power management 12-5
Cisco IOS File System
See IFS
Cisco IOS IP SLAs 32-1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 10-22
attribute-value pairs for redirect URL 10-21
Cisco Secure ACS configuration guide 10-61
CiscoWorks 2000 1-5, 30-5
CISP 10-32
CIST regional root
See MSTP
CIST root
See MSTP
civic location 26-3
class maps for QoS
configuring 33-53
described 33-8
displaying 33-81
class of service
See CoS
clearing interfaces 12-41
CLI
abbreviating commands 2-3
command modes 2-1
configuration logging 2-4
described 1-5
editing features
enabling and disabling 2-6
keystroke editing 2-7
wrapped lines 2-8
error messages 2-4
filtering command output 2-9
getting help 2-3
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
managing clusters 6-15
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client mode, VTP 14-3
clock
See system clock
clusters, switch
accessing 6-12
automatic discovery 6-5
automatic recovery 6-9
benefits 1-1
compatibility 6-4
described 6-1
LRE profile considerations 6-15
managing
through CLI 6-15
through SNMP 6-16
planning 6-4
planning considerations
automatic discovery 6-5
automatic recovery 6-9
CLI 6-15
host names 6-12
IP addresses 6-12
LRE profiles 6-15
passwords 6-13
RADIUS 6-15
SNMP 6-13, 6-16
switch stacks 6-13
TACACS+ 6-15
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
automatic recovery 6-11
considerations 6-10
defined 6-2
requirements 6-3
virtual IP address 6-10
See also HSRP
CNS 1-6
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-7
management functions 1-6
CoA Request Commands 9-23
Coarse Wave Division Multiplexer
See CWDM SFPs
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-3
no and default 2-4
commands, setting privilege levels 9-8
command switch
accessing 6-10
active (AC) 6-9
configuration conflicts 39-12
defined 6-2
passive (PC) 6-9
password privilege levels 6-16
priority 6-9
recovery
from command-switch failure 6-9, 39-8
from lost member connectivity 39-12
redundant 6-9
replacing
with another switch 39-11
with cluster member 39-9
requirements 6-3
standby (SC) 6-9
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
configuring 6-13, 30-8
for cluster switches 30-4
in clusters 6-13
overview 30-4
SNMP 6-13
compatibility, feature 23-12
compatibility, software
See stacks, switch
config.text 3-18
configurable leave timer, IGMP 21-6
configuration, initial
defaults 1-16
Express Setup 1-1
configuration changes, logging 29-11
configuration conflicts, recovering from lost member connectivity 39-12
configuration examples, network 1-18
configuration files
archiving A-20
clearing the startup configuration A-19
creating using a text editor A-10
default name 3-18
deleting a stored configuration A-19
described A-8
downloading
automatically 3-18
preparing A-11, A-13, A-16
reasons for A-8
using FTP A-13
using RCP A-17
using TFTP A-11
guidelines for creating and using A-9
guidelines for replacing and rolling back A-21
invalid combinations when copying A-5
limiting TFTP server access 30-17
obtaining with DHCP 3-8
password recovery disable considerations 9-5
replacing a running configuration A-19, A-20
rolling back a running configuration A-19, A-21
specifying the filename 3-18
system contact and location information 30-17
types and location A-10
uploading
preparing A-11, A-13, A-16
reasons for A-9
using FTP A-15
using RCP A-18
using TFTP A-12
configuration logger 29-11
configuration logging 2-4
configuration replacement A-19
configuration rollback A-19, A-20
configuration settings, saving 3-15
configure terminal command 12-17
configuring 802.1x user distribution 10-57
configuring port-based authentication violation modes 10-41
configuring small-frame arrival rate 23-5
conflicts, configuration 39-12
connections, secure remote 9-42
connectivity problems 39-14, 39-15, 39-17
consistency checks in VTP Version 2 14-5
console port, connecting to 2-10
control protocol, IP SLAs 32-4
corrupted software, recovery steps with Xmodem 39-2
CoS
in Layer 2 frames 33-2
override priority 15-6
trust priority 15-6
CoS input queue threshold map for QoS 33-16
CoS output queue threshold map for QoS 33-19
CoS-to-DSCP map for QoS 33-63
counters, clearing interface 12-41
CPU utilization, troubleshooting 39-28
crashinfo file 39-23
critical authentication, IEEE 802.1x 10-54
critical VLAN 10-24
critical voice VLAN
configuring 10-54
cross-stack EtherChannel
configuration guidelines 38-13
described 38-3
illustration 38-4
support for 1-8
cross-stack UplinkFast, STP
described 18-5
disabling 18-16
enabling 18-16
fast-convergence events 18-7
Fast Uplink Transition Protocol 18-6
normal-convergence events 18-7
support for 1-8
cryptographic software image
SSH 9-42
SSL 9-46
switch stack considerations 7-15
customjzeable web pages, web-based authentication 11-6
CWDM SFPs 1-24
D
DACL
See downloadable ACL
daylight saving time 5-7
debugging
enabling all system diagnostics 39-21
enabling for a specific feature 39-20
redirecting error message output 39-21
using commands 39-20
default commands 2-4
default configuration
802.1x 10-35
auto-QoS 33-22
banners 5-11
CDP 25-2
DHCP 20-8
DHCP option 82 20-8
DHCP snooping 20-8
DHCP snooping binding database 20-8
DNS 5-10
dynamic ARP inspection 22-5
EtherChannel 38-11
Ethernet interfaces 12-24
Flex Links 19-8
IGMP filtering 21-25
IGMP snooping 21-7, 36-6
IGMP throttling 21-25
initial switch information 3-3
IP SLAs 32-5
IP source guard 20-15
IPv6 35-7
Layer 2 interfaces 12-24
LLDP 26-5
MAC address table 5-15
MAC address-table move update 19-8
MSTP 17-14
MVR 21-20
optional spanning-tree configuration 18-12
password and privilege level 9-2
RADIUS 9-27
RMON 28-3
RSPAN 27-10
SDM template 8-4
SNMP 30-7
SPAN 27-10
SSL 9-49
standard QoS 33-38
STP 16-13
switch stacks 7-17
system message logging 29-4
system name and prompt 5-9
TACACS+ 9-13
UDLD 24-4
VLAN, Layer 2 Ethernet interfaces 13-15
VLANs 13-7
VMPS 13-25
voice VLAN 15-3
VTP 14-9
default gateway 3-14
default web-based authentication configuration
802.1X 11-9
deleting VLANs 13-9
denial-of-service attack 23-1
description command 12-37
designing your network, examples 1-18
destination addresses
in IPv4 ACLs 31-10
in IPv6 ACLs 37-5
destination-IP address-based forwarding, EtherChannel 38-9
destination-MAC address forwarding, EtherChannel 38-9
detecting indirect link failures, STP 18-8
device A-24
device discovery protocol 25-1, 26-1
device manager
benefits 1-1
described 1-2, 1-5
in-band management 1-7
upgrading a switch A-24
DHCP
enabling
relay agent 20-9
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-7
relay device 3-7
server side 3-6
TFTP server 3-7
example 3-9
lease options
for IP address information 3-6
for receiving the configuration file 3-6
overview 3-3
relationship to BOOTP 3-3
relay support 1-6
support for 1-6
DHCP-based autoconfiguration and image update
configuring 3-11 to 3-14
understanding 3-5
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 20-5
configuration guidelines 20-8
default configuration 20-8
displaying 20-12
overview 20-3
packet format, suboption
circuit ID 20-5
remote ID 20-5
remote ID suboption 20-5
DHCP server port-based address allocation
configuration guidelines 20-21
default configuration 20-21
described 20-21
displaying 20-24
enabling 20-21
reserved addresses 20-22
DHCP server port-based address assignment
support for 1-6
DHCP snooping
accepting untrusted packets form edge switch 20-3, 20-10
binding database
See DHCP snooping binding database
configuration guidelines 20-8
default configuration 20-8
displaying binding tables 20-12
message exchange process 20-4
option 82 data insertion 20-3
trusted interface 20-2
untrusted interface 20-2
untrusted messages 20-2
DHCP snooping binding database
adding bindings 20-11
binding entries, displaying 20-12
binding file
format 20-6
location 20-6
bindings 20-6
clearing agent statistics 20-12
configuration guidelines 20-9
configuring 20-11
default configuration 20-8
deleting
binding file 20-12
bindings 20-12
database agent 20-12
described 20-6
displaying 20-12
displaying status and statistics 20-12
enabling 20-11
entry 20-6
renewing database 20-12
resetting
delay value 20-12
timeout value 20-12
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 33-2
Differentiated Services Code Point 33-2
directed unicast requests 1-6
directories
changing A-4
creating and removing A-4
displaying the working A-4
discovery, clusters
See automatic discovery
DNS
and DHCP-based autoconfiguration 3-7
default configuration 5-10
displaying the configuration 5-11
in IPv6 35-3
overview 5-9
setting up 5-10
support for 1-6
domain names
DNS 5-9
VTP 14-10
Domain Name System
See DNS
downloadable ACL 10-20, 10-22, 10-61
downloading
configuration files
preparing A-11, A-13, A-16
reasons for A-8
using FTP A-13
using RCP A-17
using TFTP A-11
image files
deleting old image A-28
preparing A-26, A-30, A-34
reasons for A-24
using CMS 1-2
using FTP A-31
using HTTP 1-2, A-24
using RCP A-35
using TFTP A-27
using the device manager or Network Assistant A-24
DRP
support for 1-15
DSCP 1-13, 33-2
DSCP input queue threshold map for QoS 33-16
DSCP output queue threshold map for QoS 33-19
DSCP-to-CoS map for QoS 33-66
DSCP-to-DSCP-mutation map for QoS 33-67
DSCP transparency 33-46
DTP 1-9, 13-14
dual-action detection 38-6
dual IPv4 and IPv6 templates 35-5
dual protocol stacks
IPv4 and IPv6 35-5
SDM templates supporting 35-5
dual-purpose uplinks
defined 12-4
LEDs 12-5
link selection 12-4, 12-25
setting the type 12-25
dynamic access ports
characteristics 13-4
configuring 13-26
defined 12-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 22-1
ARP requests, described 22-1
ARP spoofing attack 22-1
clearing
log buffer 22-16
statistics 22-16
configuration guidelines 22-6
configuring
ACLs for non-DHCP environments 22-9
in DHCP environments 22-7
log buffer 22-13
rate limit for incoming ARP packets 22-4, 22-11
default configuration 22-5
denial-of-service attacks, preventing 22-11
described 22-1
DHCP snooping binding database 22-2
displaying
ARP ACLs 22-15
configuration and operating state 22-15
log buffer 22-16
statistics 22-16
trust state and rate limit 22-15
error-disabled state for exceeding rate limit 22-4
function of 22-2
interface trust states 22-3
log buffer
clearing 22-16
configuring 22-13
displaying 22-16
logging of dropped packets, described 22-5
man-in-the middle attack, described 22-2
network security issues and interface trust states 22-3
priority of ARP ACLs and DHCP snooping entries 22-4
rate limiting of ARP packets
configuring 22-11
described 22-4
error-disabled state 22-4
statistics
clearing 22-16
displaying 22-16
validation checks, performing 22-12
dynamic auto trunking mode 13-14
dynamic desirable trunking mode 13-14
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 13-24
reconfirming 13-27
troubleshooting 13-29
types of connections 13-26
Dynamic Trunking Protocol
See DTP
E
editing features
enabling and disabling 2-6
keystrokes used 2-7
wrapped lines 2-8
elections
See stack master
ELIN location 26-3
enable password 9-3
enable secret password 9-3
encryption, CipherSuite 9-48
encryption for passwords 9-3
environment variables, function of 3-22
error-disabled state, BPDU 18-2
error messages during command entry 2-4
EtherChannel
automatic creation of 38-5, 38-7
channel groups
binding physical and logical interfaces 38-4
numbering of 38-4
configuration guidelines 38-12
configuring Layer 2 interfaces 38-13
default configuration 38-11
described 38-2
displaying status 38-21
forwarding methods 38-8, 38-16
IEEE 802.3ad, described 38-7
interaction
with STP 38-12
with VLANs 38-12
LACP
described 38-7
displaying status 38-21
hot-standby ports 38-18
interaction with other features 38-8
modes 38-7
port priority 38-19
system priority 38-19
load balancing 38-8, 38-16
PAgP
aggregate-port learners 38-16
compatibility with Catalyst 1900 38-17
described 38-5
displaying status 38-21
interaction with other features 38-7
interaction with virtual switches 38-6
learn method and priority configuration 38-16
modes 38-6
support for 1-4
with dual-action detection 38-6
port-channel interfaces
described 38-4
numbering of 38-4
port groups 12-4
stack changes, effects of 38-10
support for 1-4
EtherChannel guard
described 18-10
disabling 18-17
enabling 18-17
Ethernet management port
active link 12-22
and routing 12-22
and TFTP 12-23
configuring 12-23
default setting 12-22
described 12-21
for network management 12-21
specifying 12-23
supported features 12-22
unsupported features 12-23
Ethernet management port, internal
and routing 12-22
unsupported features 12-23
Ethernet VLANs
adding 13-8
defaults and ranges 13-8
modifying 13-8
EUI 35-3
events, RMON 28-4
examples
network configuration 1-18
expedite queue for QoS 33-80
Express Setup 1-1
See also getting started guide
extended crashinfo file 39-23
extended-range VLANs
configuration guidelines 13-11
configuring 13-11
creating 13-12
defined 13-1
extended system ID
MSTP 17-18
STP 16-4, 16-16
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 10-1
F
fa0 interface 1-7
Fa0 port
See Ethernet management port
failover support 1-8
Fast Convergence 19-3
fastethernet0 port
See Ethernet management port
Fast Uplink Transition Protocol 18-6
features, incompatible 23-12
fiber-optic, detecting unidirectional links 24-1
files
basic crashinfo
description 39-23
location 39-23
copying A-5
crashinfo, description 39-23
deleting A-5
displaying the contents of A-8
extended crashinfo
description 39-24
location 39-24
tar
creating A-6
displaying the contents of A-7
extracting A-7
image file format A-25
file system
displaying available file systems A-2
displaying file information A-3
local file system names A-1
network file system names A-5
setting the default A-3
filtering
IPv6 traffic 37-3, 37-7
non-IP traffic 31-23
show and more command output 2-9
filtering show and more command output 2-9
filters, IP
See ACLs, IP
flash device, number of A-1
flexible authentication ordering
configuring 10-64
overview 10-30
Flex Link Multicast Fast Convergence 19-3
Flex Links
configuration guidelines 19-8
configuring 19-9
configuring preferred VLAN 19-12
configuring VLAN load balancing 19-11
default configuration 19-8
description 19-2
link load balancing 19-3
monitoring 19-14
VLANs 19-3
flooded traffic, blocking 23-8
flow-based packet classification 1-13
flowcharts
QoS classification 33-7
QoS egress queueing and scheduling 33-18
QoS ingress queueing and scheduling 33-15
QoS policing and marking 33-11
flowcontrol
configuring 12-29
described 12-29
forward-delay time
MSTP 17-24
STP 16-23
FTP
configuration files
downloading A-13
overview A-12
preparing the server A-13
uploading A-15
image files
deleting old image A-32
downloading A-31
preparing the server A-30
uploading A-32
G
general query 19-5
Generating IGMP Reports 19-4
get-bulk-request operation 30-4
get-next-request operation 30-3, 30-5
get-request operation 30-3, 30-4, 30-5
get-response operation 30-4
Gigabit modules
See SFPs
global configuration mode 2-2
global leave, IGMP 21-13
guest VLAN and 802.1x 10-22
guide mode 1-2
GUIs
See device manager and Network Assistant
H
hello time
MSTP 17-24
STP 16-22
help, for the command line 2-3
HFTM space 39-26
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 29-10
host names, in clusters 6-12
hosts, limit on dynamic ports 13-29
HP OpenView 1-5
HQATM space 39-26
HSRP
automatic cluster recovery 6-11
cluster standby group considerations 6-10
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
see HTTPS
HTTPS 9-46
configuring 9-50
self-signed certificate 9-47
HTTP secure server 9-46
Hulc Forwarding TCAM Manager
See HFTM space
Hulc QoS/ACL TCAM Manager
See HQATM space
I
ICMP
IPv6 35-3
time-exceeded messages 39-17
traceroute and 39-17
unreachable messages and IPv6 37-4
ICMP ping
executing 39-15
overview 39-14
ICMPv6 35-3
IDS appliances
and ingress RSPAN 27-21
and ingress SPAN 27-14
IEEE 802.1D
See STP
IEEE 802.1p 15-1
IEEE 802.1Q
and trunk ports 12-3
configuration limitations 13-15
encapsulation 13-14
native VLAN for untagged traffic 13-19
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3ad, PoE+ 1-15, 12-6
IEEE 802.3af
See PoE
IEEE 802.3x flow control 12-29
ifIndex values, SNMP 30-6
IFS 1-6
IGMP
configurable leave timer
described 21-6
enabling 21-11
flooded multicast traffic
controlling the length of time 21-12
disabling on an interface 21-13
global leave 21-13
query solicitation 21-13
recovering from flood mode 21-13
joining multicast group 21-3
join messages 21-3
leave processing, enabling 21-10, 36-9
leaving multicast group 21-5
queries 21-4
report suppression
described 21-6
disabling 21-16, 36-11
supported versions 21-3
support for 1-4
IGMP filtering
configuring 21-25
default configuration 21-25
described 21-24
monitoring 21-29
support for 1-5
IGMP groups
configuring filtering 21-28
setting the maximum number 21-27
IGMP Immediate Leave
configuration guidelines 21-11
described 21-5
enabling 21-10
IGMP profile
applying 21-26
configuration mode 21-25
configuring 21-26
IGMP snooping
and address aliasing 21-2
and stack changes 21-6
configuring 21-7
default configuration 21-7, 36-6
definition 21-2
enabling and disabling 21-7, 36-7
global configuration 21-7
Immediate Leave 21-5
in the switch stack 21-6
method 21-8
monitoring 21-16, 36-11
querier
configuration guidelines 21-14
configuring 21-14
supported versions 21-3
support for 1-4
VLAN configuration 21-8
IGMP throttling
configuring 21-28
default configuration 21-25
described 21-24
displaying action 21-29
Immediate Leave, IGMP 21-5
enabling 36-9
inaccessible authentication bypass 10-24
support for multiauth ports 10-25
initial configuration
defaults 1-16
Express Setup 1-1
interface
number 12-16
range macros 12-19
interface command 12-16 to ??, 12-16 to 12-17
interface configuration mode 2-2
interfaces
auto-MDIX, configuring 12-30
configuration guidelines
duplex and speed 12-27
configuring
procedure 12-17
counters, clearing 12-41
default configuration 12-24
described 12-37
descriptive name, adding 12-37
displaying information about 12-40
flow control 12-29
management 1-5
monitoring 12-40
naming 12-37
physical, identifying 12-16
range of 12-18
restarting 12-41
shutting down 12-41
speed and duplex, configuring 12-28
status 12-40
supported 12-16
types of 12-1
interfaces range macro command 12-19
interface types 12-16
Internet Protocol version 6
See IPv6
inter-VLAN routing 34-1
Intrusion Detection System
See IDS appliances
inventory management TLV 26-3, 26-7
IP ACLs
for QoS classification 33-8
implicit deny 31-9, 31-13
implicit masks 31-9
named 31-13
undefined 31-19
IP addresses
128-bit 35-2
candidate or member 6-4, 6-12
classes of 34-4
cluster access 6-2
command switch 6-3, 6-10, 6-12
discovering 5-24
for IP routing 34-4
IPv6 35-2
redundant clusters 6-10
standby command switch 6-10, 6-12
See also IP information
ip igmp profile command 21-25
IP information
assigned
manually 3-14
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP phones
and QoS 15-1
automatic classification and queueing 33-21
configuring 15-4
ensuring port security with QoS 33-45
trusted boundary for QoS 33-45
IP Port Security for Static Hosts
on a Layer 2 access port 20-17
IP precedence 33-2
IP-precedence-to-DSCP map for QoS 33-64
IP protocols in ACLs 31-10
IP routing
disabling 34-4
enabling 34-4
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 32-1
IP SLAs
benefits 32-2
configuration guidelines 32-5
Control Protocol 32-4
default configuration 32-5
definition 32-1
measuring network performance 32-3
monitoring 32-6
operation 32-3
responder
described 32-4
enabling 32-6
response time 32-4
SNMP support 32-2
supported metrics 32-2
IP source guard
and 802.1x 20-15
and DHCP snooping 20-13
and EtherChannels 20-15
and port security 20-15
and private VLANs 20-15
and routed ports 20-15
and TCAM entries 20-15
and trunk interfaces 20-15
and VRF 20-15
binding configuration
automatic 20-13
manual 20-13
binding table 20-13
configuration guidelines 20-15
default configuration 20-15
described 20-13
disabling 20-16
displaying
active IP or MAC bindings 20-20
bindings 20-20
configuration 20-20
enabling 20-16, 20-17
filtering
source IP address 20-13
source IP and MAC address 20-13
on provisioned switches 20-15
source IP address filtering 20-13
source IP and MAC address filtering 20-13
static bindings
adding 20-16, 20-17
deleting 20-16
static hosts 20-17
IP traceroute
executing 39-18
overview 39-17
IP unicast routing
assigning IP addresses to Layer 3 interfaces 34-4
configuring static routes 34-5
disabling 34-4
enabling 34-4
inter-VLAN 34-1
IP addressing
classes 34-4
configuring 34-4
steps to configure 34-3
subnet mask 34-4
with SVIs 34-3
IPv4 ACLs
applying to interfaces 31-18
extended, creating 31-9
named 31-13
standard, creating 31-8
IPv4 and IPv6
dual protocol stacks 35-4
IPv6
ACLs
displaying 37-8
limitations 37-2
matching criteria 37-3
port 37-1
precedence 37-2
router 37-1
supported 37-2
addresses 35-2
address formats 35-2
and switch stacks 35-6
applications 35-4
assigning address 35-7
autoconfiguration 35-4
configuring static routes 35-10
default configuration 35-7
defined 35-1
forwarding 35-7
ICMP 35-3
monitoring 35-11
neighbor discovery 35-4
SDM templates 36-1, 37-1
stack master functions 35-6
Stateless Autoconfiguration 35-4
supported features 35-2
IPv6 traffic, filtering 37-3
J
join messages, IGMP 21-3
L
LACP
See EtherChannel
Layer 2 frames, classification with CoS 33-2
Layer 2 interfaces, default configuration 12-24
Layer 2 traceroute
and ARP 39-16
and CDP 39-16
broadcast traffic 39-16
described 39-16
IP addresses and subnets 39-16
MAC addresses and VLANs 39-16
multicast traffic 39-16
multiple devices on a port 39-17
unicast traffic 39-16
usage guidelines 39-16
Layer 3 features 1-15
Layer 3 interfaces
assigning IP addresses to 34-4
assigning IPv6 addresses to 35-7
changing from Layer 2 mode 34-4
Layer 3 packets, classification methods 33-2
LDAP 4-2
Leaking IGMP Reports 19-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-2
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 17-8
Link Layer Discovery Protocol
See CDP
link local unicast addresses 35-3
link redundancy
See Flex Links
links, unidirectional 24-1
link-state tracking
configuring 38-23
described 38-21
LLDP
configuring 26-5
characteristics 26-6
default configuration 26-5
enabling 26-6
monitoring and maintaining 26-11
overview 26-1
supported TLVs 26-2
switch stack considerations 26-2
transmission timer and holdtime, setting 26-6
LLDP-MED
configuring
procedures 26-5
TLVs 26-7
monitoring and maintaining 26-11
overview 26-1, 26-2
supported TLVs 26-2
LLDP Media Endpoint Discovery
See LLDP-MED
local SPAN 27-2
location TLV 26-3, 26-7
login authentication
with RADIUS 9-30
with TACACS+ 9-14
login banners 5-11
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-20
loop guard
described 18-11
enabling 18-18
support for 1-9
LRE profiles, considerations in switch clusters 6-15
M
MAB
See MAC authentication bypass
MAB inactivity timer
default setting 10-36
range 10-38
MAC/PHY configuration status TLV 26-2
MAC addresses
aging time 5-15
and VLAN association 5-14
building the address table 5-14
default configuration 5-15
disabling learning on a VLAN 5-23
discovering 5-24
displaying 5-24
displaying in the IP source binding table 20-20
dynamic
learning 5-14
removing 5-16
in ACLs 31-23
static
adding 5-21
allowing 5-22, 5-23
characteristics of 5-20
dropping 5-22
removing 5-21
MAC address learning 1-6
MAC address learning, disabling on a VLAN 5-23
MAC address notification, support for 1-15
MAC address-table move update
configuration guidelines 19-8
configuring 19-12
default configuration 19-8
description 19-6
monitoring 19-14
MAC address-to-VLAN mapping 13-23
MAC authentication bypass 10-38
configuring 10-57
overview 10-17
MAC extended access lists
applying to Layer 2 interfaces 31-24
configuring for QoS 33-52
creating 31-23
defined 31-23
for QoS classification 33-5
magic packet 10-27
manageability features 1-6
management access
in-band
browser session 1-7
CLI session 1-7
device manager 1-7
SNMP 1-7
out-of-band console port connection 1-7
management address TLV 26-2
management options
CLI 2-1
clustering 1-3
CNS 4-1
Network Assistant 1-2
overview 1-5
management VLAN
considerations in switch clusters 6-7
discovery through different management VLANs 6-7
mapping tables for QoS
configuring
CoS-to-DSCP 33-63
DSCP 33-63
DSCP-to-CoS 33-66
DSCP-to-DSCP-mutation 33-67
IP-precedence-to-DSCP 33-64
policed-DSCP 33-65
described 33-11
marking
action with aggregate policers 33-60
described 33-4, 33-9
matching
IPv6 ACLs 37-3
matching, IPv4 ACLs 31-7
maximum aging time
MSTP 17-25
STP 16-23
maximum hop count, MSTP 17-25
maximum number of allowed devices, port-based authentication 10-38
MDA
configuration guidelines 10-13
described 1-11, 10-12
exceptions with authentication process 10-5
membership mode, VLAN port 13-3
member switch
automatic discovery 6-5
defined 6-2
managing 6-15
passwords 6-12
recovering from lost connectivity 39-12
requirements 6-4
See also candidate switch, cluster standby group, and standby command switch
memory consistency check errors
example 39-27
memory consistency check routines 1-5, 39-26
memory consistency integrity 1-5, 39-26
messages, to users through banners 5-11
MIBs
overview 30-1
SNMP interaction with 30-5
mirroring traffic for analysis 27-1
mismatches, autonegotiation 39-12
module number 12-16
monitoring
access groups 31-26
cables for unidirectional links 24-1
CDP 25-5
features 1-15
Flex Links 19-14
IGMP
filters 21-29
snooping 21-16, 36-11
interfaces 12-40
IP SLAs operations 32-6
IPv4 ACL configuration 31-26
IPv6 35-11
IPv6 ACL configuration 37-8
MAC address-table move update 19-14
multicast router interfaces 21-17, 36-12
MVR 21-23
network traffic for analysis with probe 27-2
port
blocking 23-20
protection 23-20
SFP status 12-40, 39-14
speed and duplex mode 12-28
traffic flowing among switches 28-1
traffic suppression 23-20
VLANs 13-13
VMPS 13-28
VTP 14-18
mrouter Port 19-3
mrouter port 19-5
MSTP
boundary ports
configuration guidelines 17-15
described 17-6
BPDU filtering
described 18-3
enabling 18-14
BPDU guard
described 18-2
enabling 18-13
CIST, described 17-3
CIST regional root 17-3
CIST root 17-5
configuration guidelines 17-15, 18-12
configuring
forward-delay time 17-24
hello time 17-24
link type for rapid convergence 17-25
maximum aging time 17-25
maximum hop count 17-25
MST region 17-16
neighbor type 17-26
path cost 17-22
port priority 17-20
root switch 17-18
secondary root switch 17-19
switch priority 17-23
CST
defined 17-3
operations between regions 17-4
default configuration 17-14
default optional feature configuration 18-12
displaying status 17-27
enabling the mode 17-16
EtherChannel guard
described 18-10
enabling 18-17
extended system ID
effects on root switch 17-18
effects on secondary root switch 17-19
unexpected behavior 17-18
IEEE 802.1s
implementation 17-6
port role naming change 17-7
terminology 17-5
instances supported 16-10
interface state, blocking to forwarding 18-2
interoperability and compatibility among modes 16-11
interoperability with IEEE 802.1D
described 17-9
restarting migration process 17-27
IST
defined 17-3
master 17-3
operations within a region 17-3
loop guard
described 18-11
enabling 18-18
mapping VLANs to MST instance 17-16
MST region
CIST 17-3
configuring 17-16
described 17-2
hop-count mechanism 17-5
IST 17-3
supported spanning-tree instances 17-2
optional features supported 1-8
overview 17-2
Port Fast
described 18-2
enabling 18-12
preventing root switch selection 18-10
root guard
described 18-10
enabling 18-18
root switch
configuring 17-18
effects of extended system ID 17-18
unexpected behavior 17-18
shutdown Port Fast-enabled port 18-2
stack changes, effects of 17-8
status, displaying 17-27
multiauth
support for inaccessible authentication bypass 10-25
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 21-5
joining 21-3
leaving 21-5
static joins 21-10, 36-8
multicast router interfaces, monitoring 21-17, 36-12
multicast router ports, adding 21-9, 36-8
multicast storm 23-1
multicast storm-control command 23-4
multicast television application 21-18
multicast VLAN 21-17
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multiple authentication 10-14
multiple authentication mode
configuring 10-44
MVR
and address aliasing 21-20
and IGMPv3 21-21
configuration guidelines 21-20
configuring interfaces 21-22
default configuration 21-20
described 21-17
example application 21-18
modes 21-21
monitoring 21-23
multicast television application 21-18
setting global parameters 21-21
support for 1-4
N
NAC
critical authentication 10-24, 10-54
IEEE 802.1x authentication using a RADIUS server 10-58
IEEE 802.1x validation using RADIUS server 10-58
inaccessible authentication bypass 10-54
Layer 2 IEEE 802.1x validation 1-12, 10-30, 10-58
named IPv4 ACLs 31-13
NameSpace Mapper
See NSM
native VLAN
configuring 13-19
default 13-19
NEAT
configuring 10-59
overview 10-31
neighbor discovery, IPv6 35-4
Network Admission Control
See NAC
Network Assistant
benefits 1-1
described 1-5
downloading image files 1-2
guide mode 1-2
management options 1-2
managing switch stacks 7-2, 7-15
upgrading a switch A-24
wizards 1-2
network configuration examples
cost-effective wiring closet 1-20
increasing network performance 1-19
long-distance, high-bandwidth transport 1-24
providing network services 1-19
server aggregation and Linux server cluster 1-22
small to medium-sized network 1-23
network design
performance 1-19
services 1-19
Network Edge Access Topology
See NEAT
network management
CDP 25-1
RMON 28-1
SNMP 30-1
network performance, measuring with IP SLAs 32-3
network policy TLV 26-2, 26-7
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
described 33-10
non-IP traffic filtering 31-23
nontrunking mode 13-14
normal-range VLANs 13-4
configuration guidelines 13-6
configuring 13-4
defined 13-1
NSM 4-3
NTP
associations
defined 5-3
overview 5-3
stratum 5-3
support for 1-6
time
services 5-3
synchronizing 5-3
O
OBFL
configuring 39-25
described 39-24
displaying 39-26
offline configuration for switch stacks 7-7
off mode, VTP 14-4
on-board failure logging
See OBFL
online diagnostics
overview 40-1
running tests 40-3
understanding 40-1
open1x
configuring 10-64
open1x authentication
overview 10-31
optimizing system resources 8-1
options, management 1-5
out-of-profile markdown 1-14
P
packet modification, with QoS 33-20
PAgP
See EtherChannel
passwords
default configuration 9-2
disabling recovery of 9-5
encrypting 9-3
for security 1-10
in clusters 6-13
overview 9-1
recovery of 39-3
setting
enable 9-3
enable secret 9-3
Telnet 9-6
with usernames 9-6
VTP domain 14-10
path cost
MSTP 17-22
STP 16-20
PC (passive command switch) 6-9
performance, network design 1-19
performance features 1-4
persistent self-signed certificate 9-47
per-user ACLs and Filter-Ids 10-8
per-VLAN spanning-tree plus
See PVST+
physical ports 12-2
PIM-DVMRP, as snooping method 21-8
ping
character output description 39-15
executing 39-15
overview 39-14
PoE
auto mode 12-7
CDP with power consumption, described 12-5
CDP with power negotiation, described 12-5
Cisco intelligent power management 12-5
configuring 12-31
cutoff power
determining 12-8
cutoff-power
support for 12-8
devices supported 12-5
high-power devices operating in low-power mode 12-5
IEEE power classification levels 12-6
monitoring 12-8
monitoring power 12-34
policing power consumption 12-34
policing power usage 12-8
power budgeting 12-32
power consumption 12-9, 12-32
powered-device detection and initial power allocation 12-6
power management modes 12-7
power monitoring 12-8
power negotiation extensions to CDP 12-5
power sensing 12-8
standards supported 12-5
static mode 12-7
total available power 12-10
troubleshooting 39-13
PoE+ 1-15, 12-5, 12-6, 12-31
policed-DSCP map for QoS 33-65
policers
configuring
for each matched traffic class 33-55
for more than one traffic class 33-60
described 33-4
displaying 33-81
number of 33-41
types of 33-10
policing
described 33-4
token-bucket algorithm 33-10
policy maps for QoS
characteristics of 33-55
described 33-8
displaying 33-82
nonhierarchical on physical ports
described 33-10
port ACLs
defined 31-2
types of 31-3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 10-16
authentication server
defined 10-3, 11-2
RADIUS server 10-3
client, defined 10-3, 11-2
configuration guidelines 10-36, 11-9
configuring
802.1x authentication 10-42
guest VLAN 10-52
host mode 10-44
inaccessible authentication bypass 10-54
manual re-authentication of a client 10-47
periodic re-authentication 10-46
quiet period 10-47
RADIUS server 10-44, 11-13
RADIUS server parameters on the switch 10-43, 11-11
restricted VLAN 10-53
switch-to-client frame-retransmission number 10-48, 10-49
switch-to-client retransmission time 10-47
violation modes 10-41
default configuration 10-35, 11-9
described 10-1
device roles 10-3, 11-2
displaying statistics 10-66, 11-17
downloadable ACLs and redirect URLs
configuring 10-61 to 10-63, ?? to 10-63
overview 10-20 to 10-22
EAPOL-start frame 10-5
EAP-request/identity frame 10-5
EAP-response/identity frame 10-5
enabling
802.1X authentication 11-11
encapsulation 10-3
flexible authentication ordering
configuring 10-64
overview 10-30
guest VLAN
configuration guidelines 10-23, 10-24
described 10-22
host mode 10-12
inaccessible authentication bypass
configuring 10-54
described 10-24
guidelines 10-37
initiation and message exchange 10-5
magic packet 10-27
maximum number of allowed devices per port 10-38
method lists 10-42
multiple authentication 10-14
per-user ACLs
configuration tasks 10-20
described 10-19
RADIUS server attributes 10-19
ports
authorization state and dot1x port-control command 10-11
authorized and unauthorized 10-10
voice VLAN 10-27
port security
described 10-27
readiness check
configuring 10-38
described 10-17, 10-38
resetting to default values 10-66
stack changes, effects of 10-11
statistics, displaying 10-66
switch
as proxy 10-3, 11-2
RADIUS client 10-3
switch supplicant
configuring 10-59
overview 10-31
user distribution
guidelines 10-29
overview 10-29
VLAN assignment
AAA authorization 10-42
characteristics 10-18
configuration tasks 10-18
described 10-17
voice aware 802.1x security
configuring 10-39
described 10-31, 10-39
voice VLAN
described 10-27
PVID 10-27
VVID 10-27
wake-on-LAN, described 10-27
with ACLs and RADIUS Filter-Id attribute 10-33
port-based authentication methods, supported 10-7
port blocking 1-4, 23-7
port-channel
See EtherChannel
port description TLV 26-2
Port Fast
described 18-2
enabling 18-12
mode, spanning tree 13-25
support for 1-8
port membership modes, VLAN 13-3
port priority
MSTP 17-20
STP 16-18
ports
access 12-3
blocking 23-7
dual-purpose uplink 12-4
dynamic access 13-4
protected 23-6
secure 23-9
static-access 13-3, 13-10
switch 12-2
trunks 13-3, 13-14
VLAN assignments 13-10
port security
aging 23-17
and QoS trusted boundary 33-45
and stacking 23-18
configuring 23-12
default configuration 23-11
described 23-8
displaying 23-20
on trunk ports 23-14
sticky learning 23-9
violations 23-10
with other features 23-11
port-shutdown response, VMPS 13-24
port VLAN ID TLV 26-2
power management TLV 26-3, 26-7
Power over Ethernet
See PoE
preemption, default configuration 19-8
preemption delay, default configuration 19-8
preferential treatment of traffic
See QoS
preventing unauthorized access 9-1
primary links 19-2
priority
overriding CoS 15-6
trusting CoS 15-6
private VLAN edge ports
See protected ports
privileged EXEC mode 2-2
privilege levels
changing the default for lines 9-9
command switch 6-16
exiting 9-9
logging into 9-9
mapping on member switches 6-16
overview 9-2, 9-7
setting a command with 9-8
protected ports 1-10, 23-6
protocol storm protection 23-18
provisioned switches and IP source guard 20-15
provisioning new members for a switch stack 7-7
proxy reports 19-4
pruning, VTP
disabling
in VTP domain 14-16
on a port 13-19
enabling
in VTP domain 14-16
on a port 13-18
examples 14-7
overview 14-6
pruning-eligible list
changing 13-18
for VTP pruning 14-6
VLANs 14-16
PVST+
described 16-10
IEEE 802.1Q trunking interoperability 16-11
instances supported 16-10
Q
QoS
and MQC commands 33-1
auto-QoS
categorizing traffic 33-22
configuration and defaults display 33-37
configuration guidelines 33-34
described 33-21
disabling 33-36
displaying generated commands 33-36
displaying the initial configuration 33-37
effects on running configuration 33-34
list of generated commands 33-25, 33-29
basic model 33-4
classification
class maps, described 33-8
defined 33-4
DSCP transparency, described 33-46
flowchart 33-7
forwarding treatment 33-3
in frames and packets 33-3
IP ACLs, described 33-6, 33-8
MAC ACLs, described 33-5, 33-8
options for IP traffic 33-6
options for non-IP traffic 33-5
policy maps, described 33-8
trust DSCP, described 33-5
trusted CoS, described 33-5
trust IP precedence, described 33-5
class maps
configuring 33-53
displaying 33-81
configuration guidelines
auto-QoS 33-34
standard QoS 33-40
configuring
aggregate policers 33-60
auto-QoS 33-21
default port CoS value 33-44
DSCP maps 33-63
DSCP transparency 33-46
DSCP trust states bordering another domain 33-47
egress queue characteristics 33-74
ingress queue characteristics 33-69
IP extended ACLs 33-51
IP standard ACLs 33-50
MAC ACLs 33-52
port trust states within the domain 33-42
trusted boundary 33-45
default auto configuration 33-22
default standard configuration 33-38
displaying statistics 33-81
DSCP transparency 33-46
egress queues
allocating buffer space 33-74
buffer allocation scheme, described 33-18
configuring shaped weights for SRR 33-78
configuring shared weights for SRR 33-79
described 33-4
displaying the threshold map 33-77
flowchart 33-18
mapping DSCP or CoS values 33-76
scheduling, described 33-4
setting WTD thresholds 33-74
WTD, described 33-19
enabling globally 33-42
flowcharts
classification 33-7
egress queueing and scheduling 33-18
ingress queueing and scheduling 33-15
policing and marking 33-11
implicit deny 33-8
ingress queues
allocating bandwidth 33-72
allocating buffer space 33-71
buffer and bandwidth allocation, described 33-16
configuring shared weights for SRR 33-72
configuring the priority queue 33-73
described 33-4
displaying the threshold map 33-70
flowchart 33-15
mapping DSCP or CoS values 33-69
priority queue, described 33-17
scheduling, described 33-4
setting WTD thresholds 33-69
WTD, described 33-16
IP phones
automatic classification and queueing 33-21
detection and trusted settings 33-21, 33-45
limiting bandwidth on egress interface 33-80
mapping tables
CoS-to-DSCP 33-63
displaying 33-81
DSCP-to-CoS 33-66
DSCP-to-DSCP-mutation 33-67
IP-precedence-to-DSCP 33-64
policed-DSCP 33-65
types of 33-11
marked-down actions 33-58
marking, described 33-4, 33-9
overview 33-2
packet modification 33-20
policers
configuring 33-58, 33-61
described 33-9
displaying 33-81
number of 33-41
types of 33-10
policies, attaching to an interface 33-9
policing
described 33-4, 33-9
token bucket algorithm 33-10
policy maps
characteristics of 33-55
displaying 33-82
nonhierarchical on physical ports 33-55
QoS label, defined 33-4
queues
configuring egress characteristics 33-74
configuring ingress characteristics 33-69
high priority (expedite) 33-20, 33-80
location of 33-12
SRR, described 33-14
WTD, described 33-13
rewrites 33-20
support for 1-13
trust states
bordering another domain 33-47
described 33-5
trusted device 33-45
within the domain 33-42
quality of service
See QoS
queries, IGMP 21-4
query solicitation, IGMP 21-13
R
RADIUS
attributes
vendor-proprietary 9-38
vendor-specific 9-37
configuring
accounting 9-35
authentication 9-30
authorization 9-34
communication, global 9-27, 9-36
communication, per-server 9-27
multiple UDP ports 9-27
default configuration 9-27
defining AAA server groups 9-32
displaying the configuration 9-41
identifying the server 9-27
in clusters 6-15
limiting the services to the user 9-34
method list, defined 9-26
operation of 9-19
overview 9-18
server load balancing 9-40
suggested network environments 9-18
support for 1-12
tracking services accessed by user 9-35
RADIUS Change of Authorization 9-20
range
macro 12-19
of interfaces 12-18
rapid convergence 17-10
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 16-10
IEEE 802.1Q trunking interoperability 16-11
instances supported 16-10
Rapid Spanning Tree Protocol
See RSTP
rcommand command 6-15
RCP
configuration files
downloading A-17
overview A-16
preparing the server A-16
uploading A-18
image files
deleting old image A-37
downloading A-35
preparing the server A-34
uploading A-37
readiness check
port-based authentication
configuring 10-38
described 10-17, 10-38
reconfirmation interval, VMPS, changing 13-27
reconfirming dynamic VLAN membership 13-27
recovery procedures 39-1
redirect URL 10-20, 10-21, 10-61
redundancy
EtherChannel 38-3
STP
backbone 16-8
multidrop backbone 18-5
path cost 13-22
port priority 13-20
redundant links and UplinkFast 18-15
reloading software 3-22
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 27-3
report suppression, IGMP
described 21-6
disabling 21-16, 36-11
resequencing ACL entries 31-13
reserved addresses in DHCP pools 20-22
resetting a UDLD-shutdown interface 24-6
responder, IP SLAs
described 32-4
enabling 32-6
response time, measuring with IP SLAs 32-4
restricted VLAN
configuring 10-53
described 10-23
using with IEEE 802.1x 10-23
restricting access
overview 9-1
passwords and privilege levels 9-2
RADIUS 9-17
TACACS+ 9-10
retry count, VMPS, changing 13-28
RFC
1112, IP multicast and IGMP 21-2
1157, SNMPv1 30-2
1166, IP addresses 34-4
1305, NTP 5-3
1757, RMON 28-2
1901, SNMPv2C 30-2
1902 to 1907, SNMPv2 30-2
2236, IP multicast and IGMP 21-2
2273-2275, SNMPv3 30-2
RFC 5176 Compliance 9-21
RMON
default configuration 28-3
displaying status 28-6
enabling alarms and events 28-3
groups supported 28-2
overview 28-1
statistics
collecting group Ethernet 28-6
collecting group history 28-5
support for 1-15
root guard
described 18-10
enabling 18-18
support for 1-9
root switch
MSTP 17-18
STP 16-16
router ACLs
defined 31-2
types of 31-4
RSPAN
and stack changes 27-10
characteristics 27-9
configuration guidelines 27-17
default configuration 27-10
defined 27-3
destination ports 27-8
displaying status 27-23
in a switch stack 27-2
interaction with other features 27-9
monitored ports 27-6
monitoring ports 27-8
overview 1-15, 27-1
received traffic 27-5
sessions
creating 27-18
defined 27-4
limiting source traffic to specific VLANs 27-22
specifying monitored ports 27-18
with ingress traffic enabled 27-21
source ports 27-6
transmitted traffic 27-6
VLAN-based 27-7
RSTP
active topology 17-10
BPDU
format 17-12
processing 17-13
designated port, defined 17-9
designated switch, defined 17-9
interoperability with IEEE 802.1D
described 17-9
restarting migration process 17-27
topology changes 17-13
overview 17-9
port roles
described 17-9
synchronized 17-11
proposal-agreement handshake process 17-10
rapid convergence
cross-stack rapid convergence 17-11
described 17-10
edge ports and Port Fast 17-10
point-to-point links 17-10, 17-25
root ports 17-10
root port, defined 17-9
See also MSTP
running configuration
replacing A-19, A-20
rolling back A-19, A-21
running configuration, saving 3-15
S
SC (standby command switch) 6-9
scheduled reloads 3-22
SCP
and SSH 9-53
configuring 9-53
SDM
templates
configuring 8-5
number of 8-1
SDM template 37-3
configuration guidelines 8-4
configuring 8-4
types of 8-1
Secure Copy Protocol
secure HTTP client
configuring 9-51
displaying 9-52
secure HTTP server
configuring 9-50
displaying 9-52
secure MAC addresses
and switch stacks 23-18
deleting 23-16
maximum number of 23-10
types of 23-9
secure ports
and switch stacks 23-18
secure ports, configuring 23-9
secure remote connections 9-42
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 23-8
security features 1-10
See SCP
sequence numbers in log messages 29-8
server mode, VTP 14-3
service-provider network, MSTP and RSTP 17-1
set-request operation 30-5
setup program
failed command switch replacement 39-11
replacing failed command switch 39-9
severity levels, defining in system messages 29-9
SFPs
monitoring status of 12-40, 39-14
security and identification 39-13
status, displaying 39-14
shaped round robin
See SRR
show access-lists hw-summary command 31-20
show and more command output, filtering 2-9
show cdp traffic command 25-5
show cluster members command 6-15
show configuration command 12-37
show forward command 39-22
show interfaces command 12-28, 12-37
show interfaces switchport 19-4
show lldp traffic command 26-11
show platform forward command 39-22
show platform tcam command 39-26, 39-27
show running-config command
displaying ACLs 31-18, 31-19
interface description in 12-37
shutdown command on interfaces 12-41
Simple Network Management Protocol
See SNMP
small form-factor pluggable modules
See SFPs
small-frame arrival rate, configuring 23-5
SNAP 25-1
SNMP
accessing MIB variables with 30-5
agent
described 30-4
disabling 30-8
and IP SLAs 32-2
authentication level 30-11
community strings
configuring 30-8
for cluster switches 30-4
overview 30-4
configuration examples 30-18
default configuration 30-7
engine ID 30-7
groups 30-7, 30-10
host 30-7
ifIndex values 30-6
in-band management 1-7
in clusters 6-13
informs
and trap keyword 30-13
described 30-5
differences from traps 30-5
disabling 30-16
enabling 30-16
limiting access by TFTP servers 30-17
limiting system log messages to NMS 29-10
manager functions 1-5, 30-3
managing clusters with 6-16
notifications 30-5
overview 30-1, 30-5
security levels 30-3
setting CPU threshold notification 30-16
status, displaying 30-19
system contact and location 30-17
trap manager, configuring 30-14
traps
described 30-4, 30-5
differences from informs 30-5
disabling 30-16
enabling 30-13
enabling MAC address notification 5-16, 5-18, 5-19
overview 30-1, 30-5
types of 30-13
users 30-7, 30-10
versions supported 30-2
SNMP and Syslog Over IPv6 35-5
SNMPv1 30-2
SNMPv2C 30-3
SNMPv3 30-3
snooping, IGMP 21-2
software compatibility
See stacks, switch
software images
location in flash A-25
recovery procedures 39-2
scheduling reloads 3-23
tar file format, described A-25
See also downloading and uploading
source addresses
in IPv4 ACLs 31-10
in IPv6 ACLs 37-5
source-and-destination-IP address based forwarding, EtherChannel 38-9
source-and-destination MAC address forwarding, EtherChannel 38-9
source-IP address based forwarding, EtherChannel 38-9
source-MAC address forwarding, EtherChannel 38-8
SPAN
and stack changes 27-10
configuration guidelines 27-11
default configuration 27-10
destination ports 27-8
displaying status 27-23
interaction with other features 27-9
monitored ports 27-6
monitoring ports 27-8
overview 1-15, 27-1
ports, restrictions 23-12
received traffic 27-5
sessions
configuring ingress forwarding 27-15, 27-22
creating 27-12
defined 27-4
limiting source traffic to specific VLANs 27-16
removing destination (monitoring) ports 27-13
specifying monitored ports 27-12
with ingress traffic enabled 27-14
source ports 27-6
transmitted traffic 27-6
VLAN-based 27-7
spanning tree and native VLANs 13-15
Spanning Tree Protocol
See STP
SPAN traffic 27-5
SRR
configuring
shaped weights on egress queues 33-78
shared weights on egress queues 33-79
shared weights on ingress queues 33-72
described 33-14
shaped mode 33-14
shared mode 33-14
support for 1-14
SSH
configuring 9-43
cryptographic software image 9-42
described 1-7, 9-42
encryption methods 9-43
switch stack considerations 7-15
user authentication methods, supported 9-43
SSL
configuration guidelines 9-49
configuring a secure HTTP client 9-51
configuring a secure HTTP server 9-50
cryptographic software image 9-46
described 9-46
monitoring 9-52
stack, switch
MAC address of 7-6, 7-17
stack changes, effects on
802.1x port-based authentication 10-11
ACL configuration 31-6
CDP 25-2
cross-stack EtherChannel 38-13
EtherChannel 38-10
IGMP snooping 21-6
IP routing 34-2
MAC address tables 5-15
MSTP 17-8
MVR 21-18
port security 23-18
SDM template selection 8-3
SNMP 30-2
SPAN and RSPAN 27-10
STP 16-12
switch clusters 6-13
system message log 29-2
VLANs 13-7
VTP 14-8
stack master
bridge ID (MAC address) 7-6
defined 7-1
election 7-5
IPv6 35-6
See also stacks, switch
stack member
accessing CLI of specific member 7-22
configuring
member number 7-20
priority value 7-21
defined 7-1
displaying information of 7-23
number 7-6
priority value 7-7
provisioning a new member 7-21
replacing 7-14
See also stacks, switch
stack member number 12-16
stack protocol version 7-10
stacks, switch
accessing CLI of specific member 7-22
assigning information
member number 7-20
priority value 7-21
provisioning a new member 7-21
auto-advise 7-11
auto-copy 7-11
auto-extract 7-11
auto-upgrade 7-11
bridge ID 7-6
CDP considerations 25-2
compatibility, software 7-9
configuration file 7-14
configuration scenarios 7-16
copying an image file from one member to another A-38
default configuration 7-17
description of 7-1
displaying information of 7-23
enabling persistent MAC address timer 7-17
in clusters 6-13
incompatible software and image upgrades 7-13, A-38
IPv6 on 35-6
MAC address considerations 5-15
management connectivity 7-15
managing 7-1
membership 7-3
merged 7-3
MSTP instances supported 16-10
offline configuration
described 7-7
effects of adding a provisioned switch 7-8
effects of removing a provisioned switch 7-9
effects of replacing a provisioned switch 7-9
provisioned configuration, defined 7-7
provisioned switch, defined 7-7
provisioning a new member 7-21
partitioned 7-3, 39-8
provisioned switch
adding 7-8
removing 7-9
replacing 7-9
replacing a failed member 7-14
software compatibility 7-9
software image version 7-9
stack protocol version 7-10
STP
bridge ID 16-3
root port selection 16-3
stack root switch election 16-3
system messages
hostnames in the display 29-1
remotely monitoring 29-2
system prompt consideration 5-8
system-wide configuration considerations 7-14
upgrading A-38
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 7-11
examples 7-12
manual upgrades with auto-advise 7-11
upgrades with auto-extract 7-11
version-mismatch mode
described 7-10
See also stack master and stack member
standby command switch
configuring
considerations 6-10
defined 6-2
priority 6-9
requirements 6-3
virtual IP address 6-10
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby links 19-2
startup configuration
booting
manually 3-19
specific image 3-20
clearing A-19
configuration file
automatically downloading 3-18
specifying the filename 3-18
static access ports
assigning to VLAN 13-10
defined 12-3, 13-3
static addresses
See addresses
static MAC addressing 1-10
static routes
configuring 34-5
configuring for IPv6 35-10
static VLAN membership 13-2
statistics
802.1X 11-17
802.1x 10-66
CDP 25-5
interface 12-40
LLDP 26-11
LLDP-MED 26-11
NMSP 26-11
QoS ingress and egress 33-81
RMON group Ethernet 28-6
RMON group history 28-5
SNMP input and output 30-19
VTP 14-18
sticky learning 23-9
storm control
configuring 23-3
described 23-1
disabling 23-5
displaying 23-20
support for 1-4
thresholds 23-2
STP
accelerating root port selection 18-4
BackboneFast
described 18-7
disabling 18-17
enabling 18-17
BPDU filtering
described 18-3
disabling 18-15
enabling 18-14
BPDU guard
described 18-2
disabling 18-14
enabling 18-13
BPDU message exchange 16-3
configuration guidelines 16-13, 18-12
configuring
forward-delay time 16-23
hello time 16-22
maximum aging time 16-23
path cost 16-20
port priority 16-18
root switch 16-16
secondary root switch 16-18
spanning-tree mode 16-15
switch priority 16-21
transmit hold-count 16-24
counters, clearing 16-24
cross-stack UplinkFast
described 18-5
enabling 18-16
default configuration 16-13
default optional feature configuration 18-12
designated port, defined 16-4
designated switch, defined 16-4
detecting indirect link failures 18-8
disabling 16-16
displaying status 16-24
EtherChannel guard
described 18-10
disabling 18-17
enabling 18-17
extended system ID
effects on root switch 16-16
effects on the secondary root switch 16-18
overview 16-4
unexpected behavior 16-16
features supported 1-8
IEEE 802.1D and bridge ID 16-4
IEEE 802.1D and multicast addresses 16-9
IEEE 802.1t and VLAN identifier 16-5
inferior BPDU 16-3
instances supported 16-10
interface state, blocking to forwarding 18-2
interface states
blocking 16-6
disabled 16-7
forwarding 16-6, 16-7
learning 16-7
listening 16-7
overview 16-5
interoperability and compatibility among modes 16-11
limitations with IEEE 802.1Q trunks 16-11
load sharing
overview 13-20
using path costs 13-22
using port priorities 13-20
loop guard
described 18-11
enabling 18-18
modes supported 16-10
multicast addresses, effect of 16-9
optional features supported 1-8
overview 16-2
path costs 13-22
Port Fast
described 18-2
enabling 18-12
port priorities 13-21
preventing root switch selection 18-10
protocols supported 16-10
redundant connectivity 16-8
root guard
described 18-10
enabling 18-18
root port, defined 16-3
root port selection on a switch stack 16-3
root switch
configuring 16-16
effects of extended system ID 16-4, 16-16
election 16-3
unexpected behavior 16-16
shutdown Port Fast-enabled port 18-2
stack changes, effects of 16-12
status, displaying 16-24
superior BPDU 16-3
timers, described 16-22
UplinkFast
described 18-3
enabling 18-15
stratum, NTP 5-3
subnet mask 34-4
success response, VMPS 13-24
summer time 5-7
SunNet Manager 1-5
supported port-based authentication methods 10-7
SVIs
and IP unicast routing 34-3
and router ACLs 31-4
connecting VLANs 12-11
defined 12-3
switch 35-2
switch clustering technology 6-1
See also clusters, switch
switch console port 1-7
Switch Database Management
See SDM
Switched Port Analyzer
See SPAN
switched ports 12-2
switchport backup interface 19-4, 19-5
switchport block multicast command 23-8
switchport block unicast command 23-8
switchport protected command 23-7
switch priority
MSTP 17-23
STP 16-21
switch software features 1-1
switch virtual interface
See SVI
syslog
See system message logging
system capabilities TLV 26-2
system clock
configuring
daylight saving time 5-7
manually 5-5
summer time 5-7
time zones 5-6
displaying the time and date 5-6
overview 5-2
See also NTP
system description TLV 26-2
system message logging
default configuration 29-4
defining error message severity levels 29-9
disabling 29-4
displaying the configuration 29-14
enabling 29-5
facility keywords, described 29-14
level keywords, described 29-10
limiting messages 29-10
message format 29-2
overview 29-1
sequence numbers, enabling and disabling 29-8
setting the display destination device 29-5
stack changes, effects of 29-2
synchronizing log messages 29-6
syslog facility 1-15
time stamps, enabling and disabling 29-8
UNIX syslog servers
configuring the daemon 29-13
configuring the logging facility 29-13
facilities supported 29-14
system name
default configuration 5-9
default setting 5-9
manual configuration 5-9
See also DNS
system name TLV 26-2
system prompt, default setting 5-8, 5-9
system resources, optimizing 8-1
T
TACACS+
accounting, defined 9-11
authentication, defined 9-11
authorization, defined 9-11
configuring
accounting 9-17
authentication key 9-13
authorization 9-16
login authentication 9-14
default configuration 9-13
displaying the configuration 9-17
identifying the server 9-13
in clusters 6-15
limiting the services to the user 9-16
operation of 9-12
overview 9-10
support for 1-12
tracking services accessed by user 9-17
tar files
creating A-6
displaying the contents of A-7
extracting A-7
image file format A-25
TCAM
memory consistency check errors
example 39-27
memory consistency check routines 1-5, 39-26
memory consistency integrity 1-5, 39-26
space
HFTM 39-26
HQATM 39-26
unassigned 39-26
TDR 1-16
Telnet
accessing management interfaces 2-10
number of connections 1-7
setting a password 9-6
temporary self-signed certificate 9-47
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 9-6
ternary content addressable memory
See TCAM
TFTP
configuration files
downloading A-11
preparing the server A-11
uploading A-12
configuration files in base directory 3-7
configuring for autoconfiguration 3-7
image files
deleting A-28
downloading A-27
preparing the server A-26
uploading A-29
limiting access by servers 30-17
TFTP server 1-6
threshold, traffic level 23-2
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 31-15
time ranges in ACLs 31-15
time stamps in log messages 29-8
time zones 5-6
TLVs
defined 26-2
LLDP 26-2
LLDP-MED 26-2
Token Ring VLANs
support for 13-6
VTP support 14-5
ToS 1-13
traceroute, Layer 2
and ARP 39-16
and CDP 39-16
broadcast traffic 39-16
described 39-16
IP addresses and subnets 39-16
MAC addresses and VLANs 39-16
multicast traffic 39-16
multiple devices on a port 39-17
unicast traffic 39-16
usage guidelines 39-16
traceroute command 39-18
See also IP traceroute
traffic
blocking flooded 23-8
fragmented 31-4
fragmented IPv6 37-2
unfragmented 31-4
traffic policing 1-14
traffic suppression 23-2
transmit hold-count
see STP
transparent mode, VTP 14-4
trap-door mechanism 3-2
traps
configuring MAC address notification 5-16, 5-18, 5-19
configuring managers 30-13
defined 30-4
enabling 5-16, 5-18, 5-19, 30-13
notification types 30-13
overview 30-1, 30-5
troubleshooting
connectivity problems 39-14, 39-15, 39-17
CPU utilization 39-28
detecting unidirectional links 24-1
displaying crash information 39-23
setting packet forwarding 39-22
SFP security and identification 39-13
show forward command 39-22
with CiscoWorks 30-5
with debug commands 39-20
with ping 39-14
with system message logging 29-1
with traceroute 39-17
trunk failover
See link-state tracking
trunking encapsulation 1-9
trunk ports
configuring 13-16
defined 12-3, 13-3
trunks
allowed-VLAN list 13-17
load sharing
setting STP path costs 13-22
using STP port priorities 13-20, 13-21
native VLAN for untagged traffic 13-19
parallel 13-22
pruning-eligible list 13-18
to non-DTP device 13-14
trusted boundary for QoS 33-45
trusted port states
between QoS domains 33-47
classification options 33-5
ensuring port security for IP phones 33-45
support for 1-13
within a QoS domain 33-42
trustpoints, CA 9-47
twisted-pair Ethernet, detecting unidirectional links 24-1
type of service
See ToS
U
UDLD
configuration guidelines 24-4
default configuration 24-4
disabling
globally 24-5
on fiber-optic interfaces 24-5
per interface 24-6
echoing detection mechanism 24-3
enabling
globally 24-5
per interface 24-6
link-detection mechanism 24-1
neighbor database 24-2
overview 24-1
resetting an interface 24-6
status, displaying 24-7
support for 1-8
unauthorized ports with IEEE 802.1x 10-10
unicast MAC address filtering 1-6
and adding static addresses 5-22
and broadcast MAC addresses 5-21
and CPU packets 5-21
and multicast addresses 5-21
and router MAC addresses 5-21
configuration guidelines 5-21
described 5-21
unicast storm 23-1
unicast storm control command 23-4
unicast traffic, blocking 23-8
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 29-13
facilities supported 29-14
message logging configuration 29-13
unrecognized Type-Length-Value (TLV) support 14-5
upgrading a Catalyst 2950 switch
configuration compatibility issues C-1
differences in configuration commands C-1
feature behavior incompatibilities C-5
incompatible command messages C-1
recommendations C-1
upgrading software images
See downloading
UplinkFast
described 18-3
disabling 18-16
enabling 18-15
support for 1-8
uploading
configuration files
preparing A-11, A-13, A-16
reasons for A-9
using FTP A-15
using RCP A-18
using TFTP A-12
image files
preparing A-26, A-30, A-34
reasons for A-24
using FTP A-32
using RCP A-37
using TFTP A-29
USB mini-Type B console port 12-12
USB Type A port 1-8
user EXEC mode 2-2
username-based authentication 9-6
V
version-dependent transparent mode 14-5
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 7-11
manual upgrades with auto-advise 7-11
upgrades with auto-extract 7-11
version-mismatch mode
described 7-10
virtual IP address
cluster standby group 6-10
command switch 6-10
virtual switches and PAgP 38-6
vlan.dat file 13-5
VLAN 1, disabling on a trunk port 13-17
VLAN 1 minimization 13-17
vlan-assignment response, VMPS 13-23
VLAN configuration
at bootup 13-7
saving 13-7
VLAN configuration mode 2-2
VLAN database
and startup configuration file 13-7
and VTP 14-1
VLAN configuration saved in 13-7
VLANs saved in 13-4
VLAN filtering and SPAN 27-7
vlan global configuration command 13-7
VLAN ID, discovering 5-24
VLAN load balancing on flex links 19-3
configuration guidelines 19-8
VLAN management domain 14-2
VLAN Management Policy Server
See VMPS
VLAN membership
confirming 13-27
modes 13-3
VLAN Query Protocol
See VQP
VLANs
adding 13-8
adding to VLAN database 13-8
aging dynamic addresses 16-9
allowed on trunk 13-17
and spanning-tree instances 13-3, 13-6, 13-12
configuration guidelines, extended-range VLANs 13-11
configuration guidelines, normal-range VLANs 13-6
configuring 13-1
configuring IDs 1006 to 4094 13-11
connecting through SVIs 12-11
creating 13-8
default configuration 13-7
deleting 13-9
described 12-2, 13-1
displaying 13-13
extended-range 13-1, 13-11
features 1-9
illustrated 13-2
in the switch stack 13-7
limiting source traffic with RSPAN 27-22
limiting source traffic with SPAN 27-16
modifying 13-8
multicast 21-17
native, configuring 13-19
normal-range 13-1, 13-4
number supported 1-9
parameters 13-5
port membership modes 13-3
static-access ports 13-10
STP and IEEE 802.1Q trunks 16-11
supported 13-2
Token Ring 13-6
traffic between 13-2
VTP modes 14-3
VLAN Trunking Protocol
See VTP
VLAN trunks 13-14
VMPS
administering 13-28
configuration example 13-29
configuration guidelines 13-25
default configuration 13-25
description 13-23
dynamic port membership
described 13-24
reconfirming 13-27
troubleshooting 13-29
entering server address 13-26
mapping MAC addresses to VLANs 13-23
monitoring 13-28
reconfirmation interval, changing 13-27
reconfirming membership 13-27
retry count, changing 13-28
voice aware 802.1x security
port-based authentication
configuring 10-39
described 10-31, 10-39
voice-over-IP 15-1
voice VLAN
Cisco 7960 phone, port connections 15-1
configuration guidelines 15-3
configuring IP phones for data traffic
override CoS of incoming frame 15-6
trust CoS priority of incoming frame 15-6
configuring ports for voice traffic in
802.1p priority tagged frames 15-5
802.1Q frames 15-5
connecting to an IP phone 15-4
default configuration 15-3
described 15-1
displaying 15-7
IP phone data traffic, described 15-2
IP phone voice traffic, described 15-2
VQP 1-9, 13-23
VTP
adding a client to a domain 14-17
advertisements 13-15, 14-4
and extended-range VLANs 13-2, 14-2
and normal-range VLANs 13-2, 14-2
client mode, configuring 14-13
configuration
guidelines 14-9
requirements 14-11
saving 14-9
configuration requirements 14-11
configuration revision number
guideline 14-17
resetting 14-17
consistency checks 14-5
default configuration 14-9
described 14-1
domain names 14-10
domains 14-2
modes
client 14-3
off 14-4
server 14-3
transitions 14-3
transparent 14-4
monitoring 14-18
passwords 14-10
pruning
disabling 14-16
enabling 14-16
examples 14-7
overview 14-6
support for 1-9
pruning-eligible list, changing 13-18
server mode, configuring 14-11, 14-14
statistics 14-18
support for 1-9
Token Ring support 14-5
transparent mode, configuring 14-12
using 14-1
Version
enabling 14-15
version, guidelines 14-10
Version 1 14-5
Version 2
configuration guidelines 14-10
overview 14-5
Version 3
overview 14-5
W
web authentication 10-17
configuring 11-16 to ??
described 1-10
web-based authentication
customizeable web pages 11-6
description 11-1
web-based authentication, interactions with other features 11-7
weighted tail drop
See WTD
wired location service
configuring 26-9
displaying 26-11
location TLV 26-3
understanding 26-4
wizards 1-2
WTD
described 33-13
setting thresholds
egress queue-sets 33-74
ingress queues 33-69
support for 1-14
X
Xmodem protocol 39-2