Catalyst 2960, 2960-S, 2960-C, and 2960-Plus Switches Software Configuration Guide, Cisco IOS Release 15.0(2)SE and Later
Index
Downloads: This chapterpdf (PDF - 1.5MB) The complete bookPDF (PDF - 10.87MB) | Feedback

Index

Table Of Contents

Symbols - Numerics - A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - Q - R - S - T - U - V - W - X -

Index

Symbols

36-6

Numerics

802.1AE Tagging 12-2

A

abbreviating commands 2-3

AC (command switch) 6-9

access-class command 32-19

access control entries

See ACEs

access control entry (ACE) 38-3

access-denied response, VMPS 14-24

access groups

Layer 3 32-20

access groups, applying IPv4 ACLs to interfaces 32-20

accessing

clusters, switch 6-13

command switches 6-11

member switches 6-13

switch clusters 6-13

accessing stack members 7-22

access lists

See ACLs

access ports

in switch clusters 6-8

access ports, defined 13-3

accounting

with 802.1x 10-52

with IEEE 802.1x 10-16

with RADIUS 9-35

with TACACS+ 9-12, 9-17

ACEs

and QoS 34-8

defined 32-2

Ethernet 32-2

IP 32-2

ACLs

ACEs 32-2

any keyword 32-11

applying

time ranges to 32-16

to an interface 32-19, 38-7

to IPv6 interfaces 38-7

to QoS 34-8

classifying traffic for QoS 34-47

comments in 32-18

compiling 32-22

defined 32-2, 32-7

examples of 32-22, 34-47

extended IP, configuring for QoS classification 34-49

extended IPv4

creating 32-10

matching criteria 32-7

hardware and software handling 32-21

host keyword 32-12

IP

creating 32-7

fragments and QoS guidelines 34-38

implicit deny 32-9, 32-14, 32-15

implicit masks 32-9

matching criteria 32-7

undefined 32-21

IPv4

applying to interfaces 32-19

creating 32-7

matching criteria 32-7

named 32-14

numbers 32-8

terminal lines, setting on 32-19

unsupported features 32-6

IPv6

applying to interfaces 38-7

configuring 38-3, 38-4

displaying 38-8

interactions with other features 38-4

limitations 38-2, 38-3

matching criteria 38-3

named 38-2

precedence of 38-2

supported 38-2

unsupported features 38-3

MAC extended 32-24, 34-52

matching 32-7, 32-20, 38-3

monitoring 32-27, 38-8

named, IPv4 32-14

named, IPv6 38-2

names 38-4

number per QoS class map 34-38

port 32-2, 38-1

precedence of 32-3

QoS 34-8, 34-47

resequencing entries 32-14

router 32-2, 38-1

standard IP, configuring for QoS classification 34-48, 34-50

standard IPv4

creating 32-9

matching criteria 32-7

support for 1-11

support in hardware 32-21

time ranges 32-16

types supported 32-2

unsupported features, IPv4 32-6

unsupported features, IPv6 38-3

active link 20-4, 20-5, 20-6

active links 20-2

active traffic monitoring, IP SLAs 33-1

address aliasing 22-2

addresses

displaying the MAC address table 5-24

dynamic

accelerated aging 17-9

changing the aging time 5-16

default aging 17-9

defined 5-14

learning 5-15

removing 5-17

IPv6 36-2

MAC, discovering 5-25

multicast, STP address management 17-9

static

adding and removing 5-21

defined 5-14

address resolution 5-25

Address Resolution Protocol

See ARP

advertisements

CDP 26-1

LLDP 27-2

VTP 14-16, 15-3, 15-4

aggregatable global unicast addresses 36-3

aggregated ports

See EtherChannel

aggregate policers 34-62

aggregate policing 1-15

aging, accelerating 17-9

aging time

accelerated

for MSTP 18-24

for STP 17-9, 17-23

MAC address table 5-16

maximum

for MSTP 18-25

for STP 17-23, 17-24

alarms, RMON 29-4

allowed-VLAN list 14-18

ARP

defined 1-6, 5-25

table

address resolution 5-25

managing 5-25

attributes, RADIUS

vendor-proprietary 9-38

vendor-specific 9-36

attribute-value pairs 10-13, 10-16, 10-22

authentication

local mode with AAA 9-40

open1x 10-31

RADIUS

key 9-28

login 9-30

TACACS+

defined 9-11

key 9-13

login 9-14

See also port-based authentication

authentication compatibility with Catalyst 6000 switches 10-8

authentication failed VLAN

See restricted VLAN

authentication manager

CLI commands 10-9

compatibility with older 802.1x CLI commands10-9to ??

overview 10-7

authoritative time source, described 5-3

authorization

with RADIUS 9-34

with TACACS+ 9-12, 9-16

authorized ports with IEEE 802.1x 10-10

autoconfiguration 3-3

auto enablement 10-33

automatic advise (auto-advise) in switch stacks 7-11

automatic copy (auto-copy) in switch stacks 7-11

automatic discovery

considerations

beyond a noncandidate device 6-8

brand new switches 6-8

connectivity 6-5

different VLANs 6-7

management VLANs 6-7

non-CDP-capable devices 6-6

noncluster-capable devices 6-6

in switch clusters 6-5

See also CDP

automatic extraction (auto-extract) in switch stacks 7-11

automatic QoS

See QoS

automatic recovery, clusters 6-9

See also HSRP

automatic upgrades (auto-upgrade) in switch stacks 7-11

auto-MDIX

configuring 13-33

described 13-33

autonegotiation

duplex mode 1-4

interface configuration guidelines 13-30

mismatches 40-12

Auto-QoS video devices 1-15

autosensing, port speed 1-4

auxiliary VLAN

See voice VLAN

availability, features 1-8

B

BackboneFast

described 19-8

disabling 19-17

enabling 19-17

support for 1-8

backup interfaces

See Flex Links

backup links 20-2

banners

configuring

login 5-14

message-of-the-day login 5-13

default configuration 5-12

when displayed 5-12

Berkeley r-tools replacement 9-52

binding database

DHCP snooping

See DHCP snooping binding database

bindings

DHCP snooping database 21-6

IP source guard 21-13

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets 24-7

booting

boot loader, function of 3-1

boot process 3-1

manually 3-19

specific image 3-19

boot loader

accessing 3-20

described 3-1

environment variables 3-20

prompt 3-20

trap-door mechanism 3-2

Boot Loader Upgrade and Image Verification for the FIPS Mode of Operation 3-23

BPDU

error-disabled state 19-2

filtering 19-3

RSTP format 18-12

BPDU filtering

described 19-3

disabling 19-15

enabling 19-15

support for 1-9

BPDU guard

described 19-2

disabling 19-14

enabling 19-14

support for 1-9

bridge protocol data unit

See BPDU

broadcast storm-control command 24-4

broadcast storms 24-1

C

cables, monitoring for unidirectional links 25-1

candidate switch

automatic discovery 6-5

defined 6-4

requirements 6-4

See also command switch, cluster standby group, and member switch

Catalyst 6000 switches

authentication compatibility 10-8

CA trustpoint

configuring 9-49

defined 9-47

CDP

and trusted boundary 34-44

automatic discovery in switch clusters 6-5

configuring 26-2

default configuration 26-2

defined with LLDP 27-1

described 26-1

disabling for routing device 26-4

enabling and disabling

on an interface 26-4

on a switch 26-4

monitoring 26-5

overview 26-1

power negotiation extensions 13-5

support for 1-6

switch stack considerations 26-2

transmission timer and holdtime, setting 26-3

updates 26-3

CGMP

as IGMP snooping learning method 22-9

joining multicast group 22-3

CipherSuites 9-48

Cisco 7960 IP Phone 16-1

Cisco Discovery Protocol

See CDP

Cisco intelligent power management 13-5

Cisco IOS File System

See IFS

Cisco IOS IP SLAs 33-1

Cisco Secure ACS

attribute-value pairs for downloadable ACLs 10-22

attribute-value pairs for redirect URL 10-22

Cisco Secure ACS configuration guide 10-63

CiscoWorks 2000 1-6, 31-5

CISP 10-33

CIST regional root

See MSTP

CIST root

See MSTP

civic location 27-3

class maps for QoS

configuring 34-53

described 34-8

displaying 34-83

class of service

See CoS

clearing interfaces 13-45

CLI

abbreviating commands 2-3

command modes 2-1

configuration logging 2-4

described 1-5

editing features

enabling and disabling 2-6

keystroke editing 2-7

wrapped lines 2-8

error messages 2-4

filtering command output 2-9

getting help 2-3

history

changing the buffer size 2-5

described 2-5

disabling 2-6

recalling commands 2-6

managing clusters 6-16

no and default forms of commands 2-4

Client Information Signalling Protocol

See CISP

client mode, VTP 15-3

clock

See system clock

clusters, switch

accessing 6-13

automatic discovery 6-5

automatic recovery 6-9

benefits 1-2

compatibility 6-4

described 6-1

LRE profile considerations 6-16

managing

through CLI 6-16

through SNMP 6-17

planning 6-4

planning considerations

automatic discovery 6-5

automatic recovery 6-9

CLI 6-16

host names 6-13

IP addresses 6-13

LRE profiles 6-16

passwords 6-13

RADIUS 6-16

SNMP 6-14, 6-17

switch stacks 6-14

TACACS+ 6-16

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

automatic recovery 6-12

considerations 6-11

defined 6-2

requirements 6-3

virtual IP address 6-11

See also HSRP

CNS 1-6

Configuration Engine

configID, deviceID, hostname 4-3

configuration service 4-2

described 4-1

event service 4-3

embedded agents

described 4-5

enabling automated configuration 4-6

enabling configuration agent 4-9

enabling event agent 4-8

management functions 1-6

CoA Request Commands 9-23

Coarse Wave Division Multiplexer

See CWDM SFPs

command-line interface

See CLI

command modes 2-1

commands

abbreviating 2-3

no and default 2-4

commands, setting privilege levels 9-8

command switch

accessing 6-11

active (AC) 6-9

configuration conflicts 40-12

defined 6-2

passive (PC) 6-9

password privilege levels 6-17

priority 6-9

recovery

from command-switch failure 6-9, 40-8

from lost member connectivity 40-12

redundant 6-9

replacing

with another switch 40-11

with cluster member 40-9

requirements 6-3

standby (SC) 6-9

See also candidate switch, cluster standby group, member switch, and standby command switch

community strings

configuring 6-14, 31-8

for cluster switches 31-4

in clusters 6-14

overview 31-4

SNMP 6-14

compatibility, feature 24-12

compatibility, software

See stacks, switch

config.text 3-18

configurable leave timer, IGMP 22-6

configuration, initial

defaults 1-17

Express Setup 1-2

configuration changes, logging 30-11

configuration conflicts, recovering from lost member connectivity 40-12

configuration examples, network 1-20

configuration files

archiving A-20

clearing the startup configuration A-19

creating using a text editor A-10

default name 3-18

deleting a stored configuration A-19

described A-8

downloading

automatically 3-18

preparing A-10, A-13, A-16

reasons for A-8

using FTP A-13

using RCP A-17

using TFTP A-11

guidelines for creating and using A-9

guidelines for replacing and rolling back A-21

invalid combinations when copying A-5

limiting TFTP server access 31-17

obtaining with DHCP 3-8

password recovery disable considerations 9-5

replacing a running configuration A-19, A-20

rolling back a running configuration A-19, A-21

specifying the filename 3-18

system contact and location information 31-17

types and location A-10

uploading

preparing A-10, A-13, A-16

reasons for A-9

using FTP A-15

using RCP A-18

using TFTP A-12

configuration logger 30-11

configuration logging 2-4

configuration replacement A-19

configuration rollback A-19, A-20

configuration settings, saving 3-15

configure terminal command 13-20

configuring 802.1x user distribution 10-58

configuring port-based authentication violation modes 10-42

configuring small-frame arrival rate 24-5

conflicts, configuration 40-12

connections, secure remote 9-42

connectivity problems 40-14, 40-15, 40-17

consistency checks in VTP Version 2 15-5

console port, connecting to 2-10

control protocol, IP SLAs 33-4

corrupted software, recovery steps with Xmodem 40-2

CoS

in Layer 2 frames 34-2

override priority 16-6

trust priority 16-6

CoS input queue threshold map for QoS 34-15

CoS output queue threshold map for QoS 34-18

CoS-to-DSCP map for QoS 34-65

counters, clearing interface 13-45

CPU utilization, troubleshooting 40-28

crashinfo file 40-23

critical authentication, IEEE 802.1x 10-55

critical VLAN 10-25

critical voice VLAN

configuring 10-55

cross-stack EtherChannel

configuration guidelines 39-13

described 39-3

illustration 39-4

support for 1-8

cross-stack UplinkFast, STP

described 19-5

disabling 19-17

enabling 19-17

fast-convergence events 19-7

Fast Uplink Transition Protocol 19-6

normal-convergence events 19-7

support for 1-8

cryptographic software image

SSH 9-41

SSL 9-46

switch stack considerations 7-15

customjzeable web pages, web-based authentication 11-6

CWDM SFPs 1-25

D

DACL

See downloadable ACL

data address gleaning 36-6

daylight saving time 5-8

debugging

enabling all system diagnostics 40-21

enabling for a specific feature 40-20

redirecting error message output 40-21

using commands 40-19

default commands 2-4

default configuration

802.1x 10-36

auto-QoS 34-20

banners 5-12

CDP 26-2

DHCP 21-8

DHCP option 82 21-8

DHCP snooping 21-8

DHCP snooping binding database 21-8

DNS 5-11

dynamic ARP inspection 23-5

EtherChannel 39-11

Ethernet interfaces 13-27

Flex Links 20-8

IGMP filtering 22-24

IGMP snooping 22-7, 37-6

IGMP throttling 22-24

initial switch information 3-3

IP SLAs 33-5

IP source guard 21-15

IPv6 36-11

Layer 2 interfaces 13-27

LLDP 27-5

MAC address table 5-16

MAC address-table move update 20-8

MSTP 18-14

MVR 22-19

optional spanning-tree configuration 19-12

password and privilege level 9-2

RADIUS 9-27

RMON 29-3

RSPAN 28-10

SDM template 8-4

SNMP 31-7

SPAN 28-10

SSL 9-48

standard QoS 34-35

STP 17-13

switch stacks 7-17

system message logging 30-4

system name and prompt 5-10

TACACS+ 9-13

UDLD 25-4

VLAN, Layer 2 Ethernet interfaces 14-15

VLANs 14-8

VMPS 14-25

voice VLAN 16-3

VTP 15-9

default gateway 3-14

default web-based authentication configuration

802.1X 11-9

deleting VLANs 14-9

denial-of-service attack 24-1

description command 13-41

designing your network, examples 1-20

destination addresses

in IPv4 ACLs 32-11

in IPv6 ACLs 38-5

destination-IP address-based forwarding, EtherChannel 39-9

destination-MAC address forwarding, EtherChannel 39-9

detecting indirect link failures, STP 19-8

device A-24

device discovery protocol 26-1, 27-1

device manager

benefits 1-2

described 1-2, 1-5

in-band management 1-7

upgrading a switch A-24

device tracking 36-7

DHCP

enabling

relay agent 21-9

DHCP address gleaning 36-5

DHCP-based autoconfiguration

client request message exchange 3-4

configuring

client side 3-3

DNS 3-7

relay device 3-7

server side 3-6

TFTP server 3-7

example 3-9

lease options

for IP address information 3-6

for receiving the configuration file 3-6

overview 3-3

relationship to BOOTP 3-3

relay support 1-6

support for 1-6

DHCP-based autoconfiguration and image update

configuring3-11to 3-14

understanding 3-5

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP Guard 36-7, 36-15

DHCP option 82

circuit ID suboption 21-5

configuration guidelines 21-8

default configuration 21-8

displaying 21-12

overview 21-3

packet format, suboption

circuit ID 21-5

remote ID 21-5

remote ID suboption 21-5

DHCP server port-based address allocation

configuration guidelines 21-22

default configuration 21-22

described 21-22

displaying 21-25

enabling 21-23

reserved addresses 21-23

DHCP server port-based address assignment

support for 1-6

DHCP snooping

accepting untrusted packets form edge switch 21-3, 21-10

binding database

See DHCP snooping binding database

configuration guidelines 21-8

default configuration 21-8

displaying binding tables 21-12

message exchange process 21-4

option 82 data insertion 21-3

trusted interface 21-2

untrusted interface 21-2

untrusted messages 21-2

DHCP snooping binding database

adding bindings 21-11

binding entries, displaying 21-12

binding file

format 21-6

location 21-6

bindings 21-6

clearing agent statistics 21-12

configuration guidelines 21-9

configuring 21-11

default configuration 21-8

deleting

binding file 21-12

bindings 21-12

database agent 21-12

described 21-6

displaying 21-12

displaying status and statistics 21-12

enabling 21-11

entry 21-6

renewing database 21-12

resetting

delay value 21-12

timeout value 21-12

DHCP snooping binding table

See DHCP snooping binding database

Differentiated Services architecture, QoS 34-2

Differentiated Services Code Point 34-2

directed unicast requests 1-6

directories

changing A-4

creating and removing A-4

displaying the working A-4

discovery, clusters

See automatic discovery

DNS

and DHCP-based autoconfiguration 3-7

default configuration 5-11

displaying the configuration 5-12

in IPv6 36-3

overview 5-10

setting up 5-11

support for 1-6

domain names

DNS 5-10

VTP 15-10

Domain Name System

See DNS

downloadable ACL 10-20, 10-22, 10-63

downloading

configuration files

preparing A-10, A-13, A-16

reasons for A-8

using FTP A-13

using RCP A-17

using TFTP A-11

image files

deleting old image A-28

preparing A-26, A-30, A-34

reasons for A-24

using CMS 1-2

using FTP A-31

using HTTP 1-2, A-24

using RCP A-35

using TFTP A-27

using the device manager or Network Assistant A-24

DRP

support for 1-15

DSCP 1-14, 34-2

DSCP input queue threshold map for QoS 34-15

DSCP output queue threshold map for QoS 34-18

DSCP-to-CoS map for QoS 34-68

DSCP-to-DSCP-mutation map for QoS 34-69

DSCP transparency 34-45

DTP 1-9, 14-14

dual-action detection 39-6

dual IPv4 and IPv6 templates 36-9

dual protocol stacks

IPv4 and IPv6 36-9

SDM templates supporting 36-9

dual-purpose uplinks

defined 13-4

LEDs 13-5

link selection 13-4, 13-28

setting the type 13-28

dynamic access ports

characteristics 14-4

configuring 14-27

defined 13-3

dynamic addresses

See addresses

dynamic ARP inspection

ARP cache poisoning 23-1

ARP requests, described 23-1

ARP spoofing attack 23-1

clearing

log buffer 23-16

statistics 23-16

configuration guidelines 23-6

configuring

ACLs for non-DHCP environments 23-9

in DHCP environments 23-7

log buffer 23-14

rate limit for incoming ARP packets 23-4, 23-11

default configuration 23-5

denial-of-service attacks, preventing 23-11

described 23-1

DHCP snooping binding database 23-2

displaying

ARP ACLs 23-15

configuration and operating state 23-15

log buffer 23-16

statistics 23-16

trust state and rate limit 23-15

error-disabled state for exceeding rate limit 23-4

function of 23-2

interface trust states 23-3

log buffer

clearing 23-16

configuring 23-14

displaying 23-16

logging of dropped packets, described 23-5

man-in-the middle attack, described 23-2

network security issues and interface trust states 23-3

priority of ARP ACLs and DHCP snooping entries 23-4

rate limiting of ARP packets

configuring 23-11

described 23-4

error-disabled state 23-4

statistics

clearing 23-16

displaying 23-16

validation checks, performing 23-13

dynamic auto trunking mode 14-14

dynamic desirable trunking mode 14-14

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described 14-25

reconfirming 14-28

troubleshooting 14-29

types of connections 14-27

Dynamic Trunking Protocol

See DTP

E

EAC 12-2

editing features

enabling and disabling 2-6

keystrokes used 2-7

wrapped lines 2-8

elections

See stack master

ELIN location 27-3

enable password 9-3

enable secret password 9-3

Enable the FIPS mode 3-23

encryption, CipherSuite 9-48

encryption for passwords 9-3

Endpoint Admission Control (EAC) 12-2

environment variables, function of 3-21

error-disabled state, BPDU 19-2

error messages during command entry 2-4

EtherChannel

automatic creation of 39-5, 39-7

channel groups

binding physical and logical interfaces 39-4

numbering of 39-4

configuration guidelines 39-11

configuring Layer 2 interfaces 39-13

default configuration 39-11

described 39-2

displaying status 39-21

forwarding methods 39-8, 39-15

IEEE 802.3ad, described 39-7

interaction

with STP 39-12

with VLANs 39-12

LACP

described 39-7

displaying status 39-21

hot-standby ports 39-18

interaction with other features 39-8

modes 39-7

port priority 39-19

system priority 39-18

load balancing 39-8, 39-15

PAgP

aggregate-port learners 39-16

compatibility with Catalyst 1900 39-17

described 39-5

displaying status 39-21

interaction with other features 39-7

interaction with virtual switches 39-6

learn method and priority configuration 39-16

modes 39-6

support for 1-4

with dual-action detection 39-6

port-channel interfaces

described 39-4

numbering of 39-4

port groups 13-4

stack changes, effects of 39-10

support for 1-4

EtherChannel guard

described 19-10

disabling 19-18

enabling 19-17

Ethernet management port

active link 13-25

and routing 13-25

and TFTP 13-26

configuring 13-26

default setting 13-25

described 13-24

for network management 13-24

specifying 13-26

supported features 13-25

unsupported features 13-26

Ethernet management port, internal

and routing 13-25

unsupported features 13-26

Ethernet VLANs

adding 14-8

defaults and ranges 14-8

modifying 14-8

EUI 36-3

events, RMON 29-4

examples

network configuration 1-20

expedite queue for QoS 34-82

Express Setup 1-2

See also getting started guide

extended crashinfo file 40-23

extended-range VLANs

configuration guidelines 14-11

configuring 14-11

creating 14-12

defined 14-1

extended system ID

MSTP 18-18

STP 17-4, 17-16

extended universal identifier

See EUI

Extensible Authentication Protocol over LAN 10-1

F

fa0 interface 1-7

Fa0 port

See Ethernet management port

failover support 1-8

Fast Convergence 20-3

fastethernet0 port

See Ethernet management port

Fast Uplink Transition Protocol 19-6

features, incompatible 24-12

fiber-optic, detecting unidirectional links 25-1

files

basic crashinfo

description 40-23

location 40-23

copying A-5

crashinfo, description 40-23

deleting A-5

displaying the contents of A-8

extended crashinfo

description 40-25

location 40-25

tar

creating A-6

displaying the contents of A-7

extracting A-7

image file format A-25

file system

displaying available file systems A-2

displaying file information A-3

local file system names A-1

network file system names A-5

setting the default A-3

filtering

IPv6 traffic 38-3, 38-7

non-IP traffic 32-24

show and more command output 2-9

filtering show and more command output 2-9

filters, IP

See ACLs, IP

First Hop Security 36-16

flash device, number of A-1

flexible authentication ordering

configuring 10-65

overview 10-31

Flex Link Multicast Fast Convergence 20-3

Flex Links

configuration guidelines 20-8

configuring 20-9

configuring preferred VLAN 20-12

configuring VLAN load balancing 20-11

default configuration 20-8

description 20-2

link load balancing 20-3

monitoring 20-15

VLANs 20-3

flooded traffic, blocking 24-8

flow-based packet classification 1-14

flowcharts

QoS classification 34-7

QoS egress queueing and scheduling 34-16

QoS ingress queueing and scheduling 34-14

QoS policing and marking 34-11

flowcontrol

configuring 13-32

described 13-32

forward-delay time

MSTP 18-24

STP 17-23

FTP

configuration files

downloading A-13

overview A-12

preparing the server A-13

uploading A-15

image files

deleting old image A-32

downloading A-31

preparing the server A-30

uploading A-32

G

general query 20-5

Generating IGMP Reports 20-4

get-bulk-request operation 31-4

get-next-request operation 31-3, 31-5

get-request operation 31-3, 31-4, 31-5

get-response operation 31-4

Gigabit modules

See SFPs

global configuration mode 2-2

global leave, IGMP 22-13

guest VLAN and 802.1x 10-23

guide mode 1-2

GUIs

See device manager and Network Assistant

H

hello time

MSTP 18-24

STP 17-22

help, for the command line 2-3

HFTM space 40-27

history

changing the buffer size 2-5

described 2-5

disabling 2-6

recalling commands 2-6

history table, level and number of syslog messages 30-10

host names, in clusters 6-13

hosts, limit on dynamic ports 14-29

HP OpenView 1-6

HQATM space 40-27

HSRP

automatic cluster recovery 6-12

cluster standby group considerations 6-11

See also clusters, cluster standby group, and standby command switch

HTTP over SSL

see HTTPS

HTTPS 9-46

configuring 9-50

self-signed certificate 9-47

HTTP secure server 9-46

Hulc Forwarding TCAM Manager

See HFTM space

Hulc QoS/ACL TCAM Manager

See HQATM space

I

ICMP

IPv6 36-3

time-exceeded messages 40-17

traceroute and 40-17

unreachable messages and IPv6 38-4

ICMP ping

executing 40-14

overview 40-14

ICMPv6 36-3

IDS appliances

and ingress RSPAN 28-20

and ingress SPAN 28-14

IEEE 802.1D

See STP

IEEE 802.1p 16-1

IEEE 802.1Q

and trunk ports 13-3

configuration limitations 14-15

encapsulation 14-14

native VLAN for untagged traffic 14-20

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3ad, PoE+ 1-16, 13-6

IEEE 802.3af

See PoE

IEEE 802.3x flow control 13-32

ifIndex values, SNMP 31-6

IFS 1-7

IGMP

configurable leave timer

described 22-6

enabling 22-11

flooded multicast traffic

controlling the length of time 22-12

disabling on an interface 22-13

global leave 22-13

query solicitation 22-13

recovering from flood mode 22-13

joining multicast group 22-3

join messages 22-3

leave processing, enabling 22-10, 37-9

leaving multicast group 22-5

queries 22-4

report suppression

described 22-6

disabling 22-15, 37-11

supported versions 22-3

support for 1-4

IGMP filtering

configuring 22-24

default configuration 22-24

described 22-23

monitoring 22-28

support for 1-5

IGMP groups

configuring filtering 22-27

setting the maximum number 22-26

IGMP Immediate Leave

configuration guidelines 22-11

described 22-5

enabling 22-10

IGMP profile

applying 22-26

configuration mode 22-24

configuring 22-25

IGMP snooping

and address aliasing 22-2

and stack changes 22-6

configuring 22-7

default configuration 22-7, 37-6

definition 22-2

enabling and disabling 22-7, 37-7

global configuration 22-7

Immediate Leave 22-5

in the switch stack 22-6

method 22-8

monitoring 22-16, 37-12

querier

configuration guidelines 22-14

configuring 22-14

supported versions 22-3

support for 1-4

VLAN configuration 22-8

IGMP throttling

configuring 22-27

default configuration 22-24

described 22-24

displaying action 22-28

Immediate Leave, IGMP 22-5

enabling 37-9

inaccessible authentication bypass 10-25

support for multiauth ports 10-25

initial configuration

defaults 1-17

Express Setup 1-2

interface

number 13-19

range macros 13-22

interface command13-19to??, 13-19to 13-20

interface configuration mode 2-2

interfaces

auto-MDIX, configuring 13-33

configuration guidelines

duplex and speed 13-30

configuring

procedure 13-20

counters, clearing 13-45

default configuration 13-27

described 13-41

descriptive name, adding 13-41

displaying information about 13-44

flow control 13-32

management 1-5

monitoring 13-44

naming 13-41

physical, identifying 13-19

range of 13-21

restarting 13-45

shutting down 13-45

speed and duplex, configuring 13-31

status 13-44

supported 13-19

types of 13-1

interfaces range macro command 13-22

interface types 13-19

Internet Protocol version 6

See IPv6

inter-VLAN routing 35-1

Intrusion Detection System

See IDS appliances

inventory management TLV 27-3, 27-7

IP ACLs

for QoS classification 34-8

implicit deny 32-9, 32-14

implicit masks 32-9

named 32-14

undefined 32-21

IP addresses

128-bit 36-2

candidate or member 6-4, 6-13

classes of 35-4

cluster access 6-2

command switch 6-3, 6-11, 6-13

discovering 5-25

for IP routing 35-4

IPv6 36-2

redundant clusters 6-11

standby command switch 6-11, 6-13

See also IP information

ip igmp profile command 22-24

IP information

assigned

manually 3-14

through DHCP-based autoconfiguration 3-3

default configuration 3-3

IP phones

and QoS 16-1

automatic classification and queueing 34-19

configuring 16-4

ensuring port security with QoS 34-43

trusted boundary for QoS 34-43

IP Port Security for Static Hosts

on a Layer 2 access port 21-17

IP precedence 34-2

IP-precedence-to-DSCP map for QoS 34-66

IP protocols in ACLs 32-11

IP routing

disabling 35-4

enabling 35-3

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 33-1

IP SLAs

benefits 33-2

configuration guidelines 33-5

Control Protocol 33-4

default configuration 33-5

definition 33-1

measuring network performance 33-3

monitoring 33-6

operation 33-3

responder

described 33-4

enabling 33-6

response time 33-4

SNMP support 33-2

supported metrics 33-2

IP source guard

and 802.1x 21-16

and DHCP snooping 21-13

and port security 21-16

and private VLANs 21-16

and routed ports 21-16

and TCAM entries 21-16

and trunk interfaces 21-16

and VRF 21-16

binding configuration

automatic 21-13

manual 21-13

binding table 21-13

configuration guidelines 21-16

default configuration 21-15

described 21-13

disabling 21-17

displaying

active IP or MAC bindings 21-21

bindings 21-21

configuration 21-21

enabling 21-16, 21-18

filtering

source IP address 21-13

source IP and MAC address 21-13

on provisioned switches 21-16

source IP address filtering 21-13

source IP and MAC address filtering 21-13

static bindings

adding 21-16, 21-18

deleting 21-17

static hosts 21-18

IP traceroute

executing 40-18

overview 40-17

IP unicast routing

assigning IP addresses to Layer 3 interfaces 35-4

configuring static routes 35-5

disabling 35-4

enabling 35-3

inter-VLAN 35-1

IP addressing

classes 35-4

configuring 35-4

steps to configure 35-3

subnet mask 35-4

with SVIs 35-3

IPv4 ACLs

applying to interfaces 32-19

extended, creating 32-10

named 32-14

standard, creating 32-9

IPv4 and IPv6

dual protocol stacks 36-8

IPv6

ACLs

displaying 38-8

limitations 38-2

matching criteria 38-3

port 38-1

precedence 38-2

router 38-1

supported 38-2

addresses 36-2

address formats 36-2

and switch stacks 36-10

applications 36-8

assigning address 36-11

autoconfiguration 36-8

configuring static routes 36-20

default configuration 36-11

defined 36-1

forwarding 36-11

ICMP 36-3

monitoring 36-21

neighbor discovery 36-3

SDM templates 37-1, 38-1

stack master functions 36-10

Stateless Autoconfiguration 36-8

supported features 36-2

IPv6 Snooping 36-13

IPv6 traffic, filtering 38-3

J

join messages, IGMP 22-3

L

LACP

See EtherChannel

Layer 2 frames, classification with CoS 34-2

Layer 2 interfaces, default configuration 13-27

Layer 2 traceroute

and ARP 40-16

and CDP 40-16

broadcast traffic 40-15

described 40-15

IP addresses and subnets 40-16

MAC addresses and VLANs 40-16

multicast traffic 40-16

multiple devices on a port 40-16

unicast traffic 40-15

usage guidelines 40-16

Layer 3 features 1-15

Layer 3 interfaces

assigning IP addresses to 35-4

assigning IPv6 addresses to 36-11

changing from Layer 2 mode 35-4

Layer 3 packets, classification methods 34-2

LDAP 4-2

Leaking IGMP Reports 20-4

LEDs, switch

See hardware installation guide

lightweight directory access protocol

See LDAP

line configuration mode 2-2

Link Aggregation Control Protocol

See EtherChannel

link failure, detecting unidirectional 18-8

Link Layer Discovery Protocol

See CDP

link local unicast addresses 36-3

link redundancy

See Flex Links

links, unidirectional 25-1

link-state tracking

configuring 39-23

described 39-21

LLDP

configuring 27-5

characteristics 27-6

default configuration 27-5

enabling 27-6

monitoring and maintaining 27-11

overview 27-1

supported TLVs 27-2

switch stack considerations 27-2

transmission timer and holdtime, setting 27-6

LLDP-MED

configuring

procedures 27-5

TLVs 27-7

monitoring and maintaining 27-11

overview 27-1, 27-2

supported TLVs 27-2

LLDP Media Endpoint Discovery

See LLDP-MED

local SPAN 28-2

location TLV 27-3, 27-7

login authentication

with RADIUS 9-30

with TACACS+ 9-14

login banners 5-12

log messages

See system message logging

Long-Reach Ethernet (LRE) technology 1-21

loop guard

described 19-11

enabling 19-19

support for 1-9

LRE profiles, considerations in switch clusters 6-16

M

MAB

See MAC authentication bypass

MAB inactivity timer

default setting 10-37

range 10-39

MAC/PHY configuration status TLV 27-2

MAC addresses

aging time 5-16

and VLAN association 5-15

building the address table 5-15

default configuration 5-16

disabling learning on a VLAN 5-24

discovering 5-25

displaying 5-24

displaying in the IP source binding table 21-21

dynamic

learning 5-15

removing 5-17

in ACLs 32-24

static

adding 5-21

allowing 5-23, 5-24

characteristics of 5-21

dropping 5-23

removing 5-22

MAC address learning 1-6

MAC address learning, disabling on a VLAN 5-24

MAC address notification, support for 1-16

MAC address-table move update

configuration guidelines 20-8

configuring 20-13

default configuration 20-8

description 20-6

monitoring 20-15

MAC address-to-VLAN mapping 14-24

MAC authentication bypass 10-39

configuring 10-58

overview 10-17

MAC extended access lists

applying to Layer 2 interfaces 32-25

configuring for QoS 34-52

creating 32-24

defined 32-24

for QoS classification 34-5

MACSec 12-2

magic packet 10-28

manageability features 1-6

management access

in-band

browser session 1-7

CLI session 1-7

device manager 1-7

SNMP 1-7

out-of-band console port connection 1-7

management address TLV 27-2

management options

CLI 2-1

clustering 1-3

CNS 4-1

Network Assistant 1-2

overview 1-5

management VLAN

considerations in switch clusters 6-7

discovery through different management VLANs 6-7

mapping tables for QoS

configuring

CoS-to-DSCP 34-65

DSCP 34-65

DSCP-to-CoS 34-68

DSCP-to-DSCP-mutation 34-69

IP-precedence-to-DSCP 34-66

policed-DSCP 34-67

described 34-11

marking

action with aggregate policers 34-62

described 34-4, 34-9

matching

IPv6 ACLs 38-3

matching, IPv4 ACLs 32-7

maximum aging time

MSTP 18-25

STP 17-23

maximum hop count, MSTP 18-25

maximum number of allowed devices, port-based authentication 10-39

MDA

configuration guidelines10-13to 10-14

described 1-11, 10-13

exceptions with authentication process 10-5

membership mode, VLAN port 14-4

member switch

automatic discovery 6-5

defined 6-2

managing 6-16

passwords 6-13

recovering from lost connectivity 40-12

requirements 6-4

See also candidate switch, cluster standby group, and standby command switch

memory consistency check errors

example 40-27

memory consistency check routines 1-5, 40-27

memory consistency integrity 1-5, 40-27

messages, to users through banners 5-12

MIBs

overview 31-1

SNMP interaction with 31-5

mirroring traffic for analysis 28-1

mismatches, autonegotiation 40-12

module number 13-19

monitoring

access groups 32-27

cables for unidirectional links 25-1

CDP 26-5

features 1-16

Flex Links 20-15

IGMP

filters 22-28

snooping 22-16, 37-12

interfaces 13-44

IP SLAs operations 33-6

IPv4 ACL configuration 32-27

IPv6 36-21

IPv6 ACL configuration 38-8

MAC address-table move update 20-15

multicast router interfaces 22-16, 37-12

MVR 22-23

network traffic for analysis with probe 28-2

port

blocking 24-21

protection 24-21

SFP status 13-44, 40-14

speed and duplex mode 13-31

traffic flowing among switches 29-2

traffic suppression 24-21

VLANs 14-13

VMPS 14-29

VTP 15-18

mrouter Port 20-3

mrouter port 20-5

MSTP

boundary ports

configuration guidelines 18-15

described 18-6

BPDU filtering

described 19-3

enabling 19-15

BPDU guard

described 19-2

enabling 19-14

CIST, described 18-3

CIST regional root 18-3

CIST root 18-5

configuration guidelines 18-15, 19-12

configuring

forward-delay time 18-24

hello time 18-24

link type for rapid convergence 18-26

maximum aging time 18-25

maximum hop count 18-25

MST region 18-16

neighbor type 18-26

path cost 18-22

port priority 18-20

root switch 18-18

secondary root switch 18-19

switch priority 18-23

CST

defined 18-3

operations between regions 18-4

default configuration 18-14

default optional feature configuration 19-12

displaying status 18-27

enabling the mode 18-16

EtherChannel guard

described 19-10

enabling 19-17

extended system ID

effects on root switch 18-18

effects on secondary root switch 18-19

unexpected behavior 18-18

IEEE 802.1s

implementation 18-6

port role naming change 18-7

terminology 18-5

instances supported 17-10

interface state, blocking to forwarding 19-2

interoperability and compatibility among modes 17-11

interoperability with IEEE 802.1D

described 18-9

restarting migration process 18-27

IST

defined 18-3

master 18-3

operations within a region 18-3

loop guard

described 19-11

enabling 19-19

mapping VLANs to MST instance 18-16

MST region

CIST 18-3

configuring 18-16

described 18-2

hop-count mechanism 18-5

IST 18-3

supported spanning-tree instances 18-2

optional features supported 1-9

overview 18-2

Port Fast

described 19-2

enabling 19-13

preventing root switch selection 19-10

root guard

described 19-10

enabling 19-18

root switch

configuring 18-18

effects of extended system ID 18-18

unexpected behavior 18-18

shutdown Port Fast-enabled port 19-2

stack changes, effects of 18-8

status, displaying 18-27

multiauth

support for inaccessible authentication bypass 10-25

multiauth mode

See multiple-authentication mode

multicast groups

Immediate Leave 22-5

joining 22-3

leaving 22-5

static joins 22-10, 37-8

multicast router interfaces, monitoring 22-16, 37-12

multicast router ports, adding 22-9, 37-8

multicast storm 24-1

multicast storm-control command 24-4

multicast television application 22-18

multicast VLAN 22-17

Multicast VLAN Registration

See MVR

multidomain authentication

See MDA

multiple authentication 10-14

multiple authentication mode

configuring 10-45

MVR

and address aliasing 22-20

and IGMPv3 22-20

configuration guidelines 22-20

configuring interfaces 22-21

default configuration 22-19

described 22-17

example application 22-18

modes 22-21

monitoring 22-23

multicast television application 22-18

setting global parameters 22-20

support for 1-5

N

NAC

critical authentication 10-25, 10-55

IEEE 802.1x authentication using a RADIUS server 10-60

IEEE 802.1x validation using RADIUS server 10-60

inaccessible authentication bypass 10-55

Layer 2 IEEE 802.1x validation 1-12, 10-31, 10-60

named IPv4 ACLs 32-14

NameSpace Mapper

See NSM

native VLAN

configuring 14-20

default 14-20

NDAC 12-2

NDP address gleaning 36-5

NEAT

configuring 10-61

overview 10-32

neighbor discovery, IPv6 36-3

Network Admission Control

See NAC

Network Assistant

benefits 1-2

described 1-5

downloading image files 1-2

guide mode 1-2

management options 1-2

managing switch stacks 7-2, 7-15

upgrading a switch A-24

wizards 1-2

network configuration examples

cost-effective wiring closet 1-21

increasing network performance 1-20

long-distance, high-bandwidth transport 1-25

providing network services 1-20

server aggregation and Linux server cluster 1-23

small to medium-sized network 1-24

network design

performance 1-20

services 1-20

Network Device Admission Control (NDAC) 12-2

Network Edge Access Topology

See NEAT

network management

CDP 26-1

RMON 29-1

SNMP 31-1

network performance, measuring with IP SLAs 33-3

network policy TLV 27-2, 27-7

Network Time Protocol

See NTP

no commands 2-4

nonhierarchical policy maps

described 34-10

non-IP traffic filtering 32-24

nontrunking mode 14-14

normal-range VLANs 14-5

configuration guidelines 14-6

configuring 14-5

defined 14-1

NSM 4-3

NTP

associations

defined 5-3

overview 5-3

stratum 5-3

support for 1-7

time

services 5-3

synchronizing 5-3

O

OBFL

configuring 40-26

described 40-25

displaying 40-26

offline configuration for switch stacks 7-7

off mode, VTP 15-4

on-board failure logging

See OBFL

online diagnostics

overview 41-1

running tests 41-3

understanding 41-1

open1x

configuring 10-66

open1x authentication

overview 10-31

optimizing system resources 8-1

options, management 1-5

out-of-profile markdown 1-15

P

packet modification, with QoS 34-18

PACL 36-7

PAgP

See EtherChannel

passwords

default configuration 9-2

disabling recovery of 9-5

encrypting 9-3

for security 1-11

in clusters 6-13

overview 9-1

recovery of 40-3

setting

enable 9-3

enable secret 9-3

Telnet 9-6

with usernames 9-7

VTP domain 15-10

path cost

MSTP 18-22

STP 17-20

PC (passive command switch) 6-9

performance, network design 1-20

performance features 1-4

persistent self-signed certificate 9-47

per-user ACLs and Filter-Ids 10-8

per-VLAN spanning-tree plus

See PVST+

physical ports 13-2

PIM-DVMRP, as snooping method 22-8

ping

character output description 40-15

executing 40-14

overview 40-14

PoE

auto mode 13-7

CDP with power consumption, described 13-5

CDP with power negotiation, described 13-5

Cisco intelligent power management 13-5

configuring 13-34

cutoff power

determining 13-8

cutoff-power

support for 13-8

devices supported 13-5

high-power devices operating in low-power mode 13-5

IEEE power classification levels 13-6

monitoring 13-8

monitoring power 13-37

policing power consumption 13-37

policing power usage 13-8

power budgeting 13-35

power consumption 13-9, 13-35

powered-device detection and initial power allocation 13-6

power management modes 13-7

power monitoring 13-8

power negotiation extensions to CDP 13-5

power sensing 13-8

standards supported 13-5

static mode 13-7

total available power 13-10

troubleshooting 40-13

PoE+ 1-16, 13-5, 13-6, 13-34

policed-DSCP map for QoS 34-67

policers

configuring

for each matched traffic class 34-57

for more than one traffic class 34-62

described 34-4

displaying 34-83

number of 34-39

types of 34-10

policing

described 34-4

token-bucket algorithm 34-10

policy maps for QoS

characteristics of 34-57

described 34-8

displaying 34-84

nonhierarchical on physical ports

described 34-10

port ACLs

defined 32-2

types of 32-3

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting 10-16

authentication server

defined 10-3, 11-2

RADIUS server 10-3

client, defined 10-3, 11-2

configuration guidelines 10-37, 11-9

configuring

802.1x authentication 10-43

guest VLAN 10-53

host mode 10-45

inaccessible authentication bypass 10-55

manual re-authentication of a client 10-48

periodic re-authentication 10-47

quiet period 10-48

RADIUS server 10-45, 11-13

RADIUS server parameters on the switch 10-44, 11-11

restricted VLAN 10-54

switch-to-client frame-retransmission number 10-49, 10-50

switch-to-client retransmission time 10-48

violation modes 10-42

default configuration 10-36, 11-9

described 10-1

device roles 10-3, 11-2

displaying statistics 10-68, 11-17

downloadable ACLs and redirect URLs

configuring10-63to10-65, ??to 10-65

overview10-20to 10-22

EAPOL-start frame 10-5

EAP-request/identity frame 10-5

EAP-response/identity frame 10-5

enabling

802.1X authentication 11-11

encapsulation 10-3

flexible authentication ordering

configuring 10-65

overview 10-31

guest VLAN

configuration guidelines 10-23, 10-24

described 10-23

host mode 10-12

inaccessible authentication bypass

configuring 10-55

described 10-25

guidelines 10-38

initiation and message exchange 10-5

magic packet 10-28

maximum number of allowed devices per port 10-39

method lists 10-43

multiple authentication 10-14

per-user ACLs

configuration tasks 10-20

described 10-19

RADIUS server attributes 10-19

ports

authorization state and dot1x port-control command 10-11

authorized and unauthorized 10-10

voice VLAN 10-27

port security

described 10-28

readiness check

configuring 10-39

described 10-17, 10-39

resetting to default values 10-67

stack changes, effects of 10-11

statistics, displaying 10-68

switch

as proxy 10-3, 11-2

RADIUS client 10-3

switch supplicant

configuring 10-61

overview 10-32

user distribution

guidelines 10-30

overview 10-30

VLAN assignment

AAA authorization 10-43

characteristics 10-18

configuration tasks 10-19

described 10-18

voice aware 802.1x security

configuring 10-40

described 10-32, 10-40

voice VLAN

described 10-27

PVID 10-27

VVID 10-27

wake-on-LAN, described 10-28

with ACLs and RADIUS Filter-Id attribute 10-34

port-based authentication methods, supported 10-7

port blocking 1-4, 24-7

port-channel

See EtherChannel

port description TLV 27-2

Port Fast

described 19-2

enabling 19-13

mode, spanning tree 14-26

support for 1-9

port membership modes, VLAN 14-4

port priority

MSTP 18-20

STP 17-18

ports

access 13-3

blocking 24-7

dual-purpose uplink 13-4

dynamic access 14-4

protected 24-6

secure 24-9

static-access 14-4, 14-10

switch 13-2

trunks 14-4, 14-14

VLAN assignments 14-10

port security

aging 24-17

and QoS trusted boundary 34-43

and stacking 24-19

configuring 24-12

default configuration 24-11

described 24-8

displaying 24-21

on trunk ports 24-14

sticky learning 24-9

violations 24-10

with other features 24-11

port-shutdown response, VMPS 14-24

port VLAN ID TLV 27-2

power inline consumption command 13-12

power management TLV 27-3, 27-7

Power over Ethernet

See PoE

preemption, default configuration 20-8

preemption delay, default configuration 20-8

preferential treatment of traffic

See QoS

preventing unauthorized access 9-1

primary links 20-2

priority

overriding CoS 16-6

trusting CoS 16-6

private VLAN edge ports

See protected ports

privileged EXEC mode 2-2

privilege levels

changing the default for lines 9-9

command switch 6-17

exiting 9-10

logging into 9-10

mapping on member switches 6-17

overview 9-2, 9-8

setting a command with 9-8

protected ports 1-11, 24-6

protocol storm protection 24-19

provisioned switches and IP source guard 21-16

provisioning new members for a switch stack 7-7

proxy reports 20-4

pruning, VTP

disabling

in VTP domain 15-16

on a port 14-19

enabling

in VTP domain 15-16

on a port 14-19

examples 15-7

overview 15-6

pruning-eligible list

changing 14-19

for VTP pruning 15-6

VLANs 15-16

PVST+

described 17-10

IEEE 802.1Q trunking interoperability 17-11

instances supported 17-10

Q

QoS

and MQC commands 34-1

auto-QoS

categorizing traffic 34-20

configuration and defaults display 34-34

configuration guidelines 34-32

described 34-19

disabling 34-34

displaying generated commands 34-34

displaying the initial configuration 34-34

effects on running configuration 34-31

list of generated commands 34-22, 34-26

basic model 34-4

classification

class maps, described 34-8

defined 34-4

DSCP transparency, described 34-45

flowchart 34-7

forwarding treatment 34-3

in frames and packets 34-3

IP ACLs, described 34-8

MAC ACLs, described 34-5, 34-8

options for IP traffic 34-6

options for non-IP traffic 34-5

policy maps, described 34-8

trust DSCP, described 34-5

trusted CoS, described 34-5

trust IP precedence, described 34-5

class maps

configuring 34-53

displaying 34-83

configuration guidelines

auto-QoS 34-32

standard QoS 34-37

configuring

aggregate policers 34-62

auto-QoS 34-19

default port CoS value 34-43

DSCP maps 34-65

DSCP transparency 34-45

DSCP trust states bordering another domain 34-45

egress queue characteristics 34-75

ingress queue characteristics 34-71

IP extended ACLs 34-49

IP standard ACLs 34-47

MAC ACLs 34-52

port trust states within the domain 34-41

trusted boundary 34-43

default auto configuration 34-20

default standard configuration 34-35

displaying statistics 34-83

DSCP transparency 34-45

egress queues

allocating buffer space 34-76

buffer allocation scheme, described 34-17

configuring shaped weights for SRR 34-80

configuring shared weights for SRR 34-81

described 34-4

displaying the threshold map 34-79

flowchart 34-16

mapping DSCP or CoS values 34-78

scheduling, described 34-4

setting WTD thresholds 34-76

WTD, described 34-18

enabling globally 34-40

flowcharts

classification 34-7

egress queueing and scheduling 34-16

ingress queueing and scheduling 34-14

policing and marking 34-11

implicit deny 34-8

ingress queues

allocating bandwidth 34-73

allocating buffer space 34-73

buffer and bandwidth allocation, described 34-15

configuring shared weights for SRR 34-73

configuring the priority queue 34-74

described 34-4

displaying the threshold map 34-72

flowchart 34-14

mapping DSCP or CoS values 34-71

priority queue, described 34-15

scheduling, described 34-4

setting WTD thresholds 34-71

WTD, described 34-15

IP phones

automatic classification and queueing 34-19

detection and trusted settings 34-19, 34-43

limiting bandwidth on egress interface 34-82

mapping tables

CoS-to-DSCP 34-65

displaying 34-83

DSCP-to-CoS 34-68

DSCP-to-DSCP-mutation 34-69

IP-precedence-to-DSCP 34-66

policed-DSCP 34-67

types of 34-11

marked-down actions 34-60

marking, described 34-4, 34-9

overview 34-2

packet modification 34-18

policers

configuring 34-60, 34-63

described 34-9

displaying 34-83

number of 34-39

types of 34-10

policies, attaching to an interface 34-9

policing

described 34-4, 34-9

token bucket algorithm 34-10

policy maps

characteristics of 34-57

displaying 34-84

nonhierarchical on physical ports 34-57

QoS label, defined 34-4

queues

configuring egress characteristics 34-75

configuring ingress characteristics 34-71

high priority (expedite) 34-18, 34-82

location of 34-12

SRR, described 34-13

WTD, described 34-12

rewrites 34-18

support for 1-14

trust states

bordering another domain 34-45

described 34-5

trusted device 34-43

within the domain 34-41

quality of service

See QoS

queries, IGMP 22-4

query solicitation, IGMP 22-13

R

RADIUS

attributes

vendor-proprietary 9-38

vendor-specific 9-36

configuring

accounting 9-35

authentication 9-30

authorization 9-34

communication, global 9-28, 9-36

communication, per-server 9-28

multiple UDP ports 9-28

default configuration 9-27

defining AAA server groups 9-32

displaying the configuration 9-40

identifying the server 9-28

in clusters 6-16

limiting the services to the user 9-34

method list, defined 9-27

operation of 9-20

overview 9-18

server load balancing 9-40

suggested network environments 9-19

support for 1-13

tracking services accessed by user 9-35

RADIUS Change of Authorization 9-20

RA Guard 36-7

range

macro 13-22

of interfaces 13-21

rapid convergence 18-10

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described 17-10

IEEE 802.1Q trunking interoperability 17-11

instances supported 17-10

Rapid Spanning Tree Protocol

See RSTP

rcommand command 6-16

RCP

configuration files

downloading A-17

overview A-16

preparing the server A-16

uploading A-18

image files

deleting old image A-37

downloading A-35

preparing the server A-34

uploading A-37

readiness check

port-based authentication

configuring 10-39

described 10-17, 10-39

reconfirmation interval, VMPS, changing 14-28

reconfirming dynamic VLAN membership 14-28

recovery procedures 40-1

redirect URL 10-20, 10-22, 10-63

redundancy

EtherChannel 39-3

STP

backbone 17-9

multidrop backbone 19-5

path cost 14-23

port priority 14-21

redundant links and UplinkFast 19-16

reloading software 3-21

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN 28-3

report suppression, IGMP

described 22-6

disabling 22-15, 37-11

resequencing ACL entries 32-14

reserved addresses in DHCP pools 21-23

resetting a UDLD-shutdown interface 25-6

responder, IP SLAs

described 33-4

enabling 33-6

response time, measuring with IP SLAs 33-4

restricted VLAN

configuring 10-54

described 10-24

using with IEEE 802.1x 10-24

restricting access

overview 9-1

passwords and privilege levels 9-2

RADIUS 9-18

TACACS+ 9-10

retry count, VMPS, changing 14-28

RFC

1112, IP multicast and IGMP 22-2

1157, SNMPv1 31-2

1166, IP addresses 35-4

1305, NTP 5-3

1757, RMON 29-2

1901, SNMPv2C 31-2

1902 to 1907, SNMPv2 31-2

2236, IP multicast and IGMP 22-2

2273-2275, SNMPv3 31-2

RFC 5176 Compliance 9-21

RMON

default configuration 29-3

displaying status 29-6

enabling alarms and events 29-3

groups supported 29-2

overview 29-2

statistics

collecting group Ethernet 29-6

collecting group history 29-5

support for 1-17

root guard

described 19-10

enabling 19-18

support for 1-9

root switch

MSTP 18-18

STP 17-16

router ACLs

defined 32-2

types of 32-4

RSPAN

and stack changes 28-10

characteristics 28-8

configuration guidelines 28-16

default configuration 28-10

defined 28-3

destination ports 28-7

displaying status 28-23

in a switch stack 28-2

interaction with other features 28-9

monitored ports 28-6

monitoring ports 28-7

overview 1-16, 28-1

received traffic 28-5

sessions

creating 28-17

defined 28-4

limiting source traffic to specific VLANs 28-22

specifying monitored ports 28-17

with ingress traffic enabled 28-20

source ports 28-6

transmitted traffic 28-6

VLAN-based 28-7

RSTP

active topology 18-10

BPDU

format 18-12

processing 18-13

designated port, defined 18-9

designated switch, defined 18-9

interoperability with IEEE 802.1D

described 18-9

restarting migration process 18-27

topology changes 18-13

overview 18-9

port roles

described 18-9

synchronized 18-11

proposal-agreement handshake process 18-10

rapid convergence

cross-stack rapid convergence 18-11

described 18-10

edge ports and Port Fast 18-10

point-to-point links 18-10, 18-26

root ports 18-10

root port, defined 18-9

See also MSTP

running configuration

replacing A-19, A-20

rolling back A-19, A-21

running configuration, saving 3-15

S

SC (standby command switch) 6-9

scheduled reloads 3-21

SCP

and SSH 9-52

configuring 9-53

SDM

templates

configuring 8-5

number of 8-1

SDM template 38-3

configuration guidelines 8-4

configuring 8-4

types of 8-1

Secure Copy Protocol

secure HTTP client

configuring 9-51

displaying 9-52

secure HTTP server

configuring 9-50

displaying 9-52

secure MAC addresses

and switch stacks 24-19

deleting 24-15

maximum number of 24-10

types of 24-9

secure ports

and switch stacks 24-19

secure ports, configuring 24-9

secure remote connections 9-42

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port 24-8

Security Exchange Protocol (SXP) 12-2

security features 1-10

Security Group Access Control List (SGACL) 12-2

Security Group Tag (SGT) 12-2

See SCP

sequence numbers in log messages 30-8

server mode, VTP 15-3

service-provider network, MSTP and RSTP 18-1

set-request operation 31-5

setup program

failed command switch replacement 40-11

replacing failed command switch 40-9

severity levels, defining in system messages 30-9

SFPs

monitoring status of 13-44, 40-14

security and identification 40-13

status, displaying 40-14

SGACL 12-2

SGT 12-2

shaped round robin

See SRR

show access-lists hw-summary command 32-21

show and more command output, filtering 2-9

show cdp traffic command 26-5

show cluster members command 6-16

show configuration command 13-41

show forward command 40-22

show interfaces command 13-31, 13-41

show interfaces switchport 20-4

show lldp traffic command 27-11

show platform forward command 40-22

show platform tcam command 40-27

show running-config command

displaying ACLs 32-19, 32-20

interface description in 13-41

shutdown command on interfaces 13-45

Simple Network Management Protocol

See SNMP

small form-factor pluggable modules

See SFPs

small-frame arrival rate, configuring 24-5

SNAP 26-1

SNMP

accessing MIB variables with 31-5

agent

described 31-4

disabling 31-8

and IP SLAs 33-2

authentication level 31-11

community strings

configuring 31-8

for cluster switches 31-4

overview 31-4

configuration examples 31-18

default configuration 31-7

engine ID 31-7

groups 31-7, 31-10

host 31-7

ifIndex values 31-6

in-band management 1-7

in clusters 6-14

informs

and trap keyword 31-13

described 31-5

differences from traps 31-5

disabling 31-16

enabling 31-16

limiting access by TFTP servers 31-17

limiting system log messages to NMS 30-10

manager functions 1-6, 31-3

managing clusters with 6-17

notifications 31-5

overview 31-1, 31-5

security levels 31-3

setting CPU threshold notification 31-16

status, displaying 31-19

system contact and location 31-17

trap manager, configuring 31-14

traps

described 31-4, 31-5

differences from informs 31-5

disabling 31-16

enabling 31-13

enabling MAC address notification 5-17, 5-19, 5-20

overview 31-1, 31-5

types of 31-13

users 31-7, 31-10

versions supported 31-2

SNMP and Syslog Over IPv6 36-9

SNMPv1 31-2

SNMPv2C 31-3

SNMPv3 31-3

snooping, IGMP 22-2

software compatibility

See stacks, switch

software images

location in flash A-25

recovery procedures 40-2

scheduling reloads 3-22

tar file format, described A-25

See also downloading and uploading

source addresses

in IPv4 ACLs 32-11

in IPv6 ACLs 38-5

source-and-destination-IP address based forwarding, EtherChannel 39-9

source-and-destination MAC address forwarding, EtherChannel 39-9

Source Guard 36-7, 36-16

source-IP address based forwarding, EtherChannel 39-9

source-MAC address forwarding, EtherChannel 39-8

SPAN

and stack changes 28-10

configuration guidelines 28-11

default configuration 28-10

destination ports 28-7

displaying status 28-23

interaction with other features 28-9

monitored ports 28-6

monitoring ports 28-7

overview 1-16, 28-1

ports, restrictions 24-12

received traffic 28-5

sessions

configuring ingress forwarding 28-15, 28-21

creating 28-11

defined 28-4

limiting source traffic to specific VLANs 28-15

removing destination (monitoring) ports 28-13

specifying monitored ports 28-11

with ingress traffic enabled 28-14

source ports 28-6

transmitted traffic 28-6

VLAN-based 28-7

spanning tree and native VLANs 14-15

Spanning Tree Protocol

See STP

SPAN traffic 28-5

SRR

configuring

shaped weights on egress queues 34-80

shared weights on egress queues 34-81

shared weights on ingress queues 34-73

described 34-13

shaped mode 34-13

shared mode 34-13

support for 1-15

SSH

configuring 9-43

cryptographic software image 9-41

described 1-7, 9-42

encryption methods 9-42

switch stack considerations 7-15

user authentication methods, supported 9-42

SSL

configuration guidelines 9-49

configuring a secure HTTP client 9-51

configuring a secure HTTP server 9-50

cryptographic software image 9-46

described 9-46

monitoring 9-52

stack, switch

MAC address of 7-6, 7-18

stack changes, effects on

802.1x port-based authentication 10-11

ACL configuration 32-6

CDP 26-2

cross-stack EtherChannel 39-13

EtherChannel 39-10

IGMP snooping 22-6

IP routing 35-2

MAC address tables 5-16

MSTP 18-8

MVR 22-17

port security 24-19

SDM template selection 8-3

SNMP 31-2

SPAN and RSPAN 28-10

STP 17-12

switch clusters 6-14

system message log 30-2

VLANs 14-7

VTP 15-8

stack master

bridge ID (MAC address) 7-6

defined 7-1

election 7-5

IPv6 36-10

See also stacks, switch

stack member

accessing CLI of specific member 7-22

configuring

member number 7-20

priority value 7-20

defined 7-1

displaying information of 7-22

number 7-6

priority value 7-7

provisioning a new member 7-21

replacing 7-14

See also stacks, switch

stack member number 13-19

stack protocol version 7-10

stacks, switch

accessing CLI of specific member 7-22

assigning information

member number 7-20

priority value 7-20

provisioning a new member 7-21

auto-advise 7-11

auto-copy 7-11

auto-extract 7-11

auto-upgrade 7-11

bridge ID 7-6

CDP considerations 26-2

compatibility, software 7-9

configuration file 7-14

configuration scenarios 7-16

copying an image file from one member to another A-38

default configuration 7-17

description of 7-1

displaying information of 7-22

enabling persistent MAC address timer 7-18

in clusters 6-14

incompatible software and image upgrades 7-13, A-38

IPv6 on 36-10

MAC address considerations 5-16

management connectivity 7-15

managing 7-1

membership 7-3

merged 7-3

MSTP instances supported 17-10

offline configuration

described 7-7

effects of adding a provisioned switch 7-8

effects of removing a provisioned switch 7-9

effects of replacing a provisioned switch 7-9

provisioned configuration, defined 7-7

provisioned switch, defined 7-7

provisioning a new member 7-21

partitioned 7-3, 40-8

provisioned switch

adding 7-8

removing 7-9

replacing 7-9

replacing a failed member 7-14

software compatibility 7-9

software image version 7-9

stack protocol version 7-10

STP

bridge ID 17-3

root port selection 17-3

stack root switch election 17-3

system messages

hostnames in the display 30-1

remotely monitoring 30-2

system prompt consideration 5-9

system-wide configuration considerations 7-14

upgrading A-38

version-mismatch (VM) mode

automatic upgrades with auto-upgrade 7-11

examples 7-12

manual upgrades with auto-advise 7-11

upgrades with auto-extract 7-11

version-mismatch mode

described 7-10

See also stack master and stack member

standby command switch

configuring

considerations 6-11

defined 6-2

priority 6-9

requirements 6-3

virtual IP address 6-11

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

standby links 20-2

startup configuration

booting

manually 3-19

specific image 3-19

clearing A-19

configuration file

automatically downloading 3-18

specifying the filename 3-18

static access ports

assigning to VLAN 14-10

defined 13-3, 14-4

static addresses

See addresses

static MAC addressing 1-11

static routes

configuring 35-5

configuring for IPv6 36-20

static VLAN membership 14-2

statistics

802.1X 11-17

802.1x 10-68

CDP 26-5

interface 13-44

LLDP 27-11

LLDP-MED 27-11

NMSP 27-11

QoS ingress and egress 34-83

RMON group Ethernet 29-6

RMON group history 29-5

SNMP input and output 31-19

VTP 15-18

sticky learning 24-9

storm control

configuring 24-3

described 24-1

disabling 24-5

displaying 24-21

support for 1-4

thresholds 24-2

STP

accelerating root port selection 19-4

BackboneFast

described 19-8

disabling 19-17

enabling 19-17

BPDU filtering

described 19-3

disabling 19-15

enabling 19-15

BPDU guard

described 19-2

disabling 19-14

enabling 19-14

BPDU message exchange 17-3

configuration guidelines 17-14, 19-12

configuring

forward-delay time 17-23

hello time 17-22

maximum aging time 17-23

path cost 17-20

port priority 17-18

root switch 17-16

secondary root switch 17-18

spanning-tree mode 17-15

switch priority 17-21

transmit hold-count 17-24

counters, clearing 17-24

cross-stack UplinkFast

described 19-5

enabling 19-17

default configuration 17-13

default optional feature configuration 19-12

designated port, defined 17-4

designated switch, defined 17-4

detecting indirect link failures 19-8

disabling 17-16

displaying status 17-24

EtherChannel guard

described 19-10

disabling 19-18

enabling 19-17

extended system ID

effects on root switch 17-16

effects on the secondary root switch 17-18

overview 17-4

unexpected behavior 17-16

features supported 1-8

IEEE 802.1D and bridge ID 17-4

IEEE 802.1D and multicast addresses 17-9

IEEE 802.1t and VLAN identifier 17-5

inferior BPDU 17-3

instances supported 17-10

interface state, blocking to forwarding 19-2

interface states

blocking 17-6

disabled 17-8

forwarding 17-6, 17-7

learning 17-7

listening 17-7

overview 17-5

interoperability and compatibility among modes 17-11

limitations with IEEE 802.1Q trunks 17-11

load sharing

overview 14-20

using path costs 14-23

using port priorities 14-21

loop guard

described 19-11

enabling 19-19

modes supported 17-10

multicast addresses, effect of 17-9

optional features supported 1-9

overview 17-2

path costs 14-23

Port Fast

described 19-2

enabling 19-13

port priorities 14-22

preventing root switch selection 19-10

protocols supported 17-10

redundant connectivity 17-9

root guard

described 19-10

enabling 19-18

root port, defined 17-3

root port selection on a switch stack 17-3

root switch

configuring 17-16

effects of extended system ID 17-4, 17-16

election 17-3

unexpected behavior 17-16

shutdown Port Fast-enabled port 19-2

stack changes, effects of 17-12

status, displaying 17-24

superior BPDU 17-3

timers, described 17-22

UplinkFast

described 19-4

enabling 19-16

stratum, NTP 5-3

subnet mask 35-4

success response, VMPS 14-25

summer time 5-8

SunNet Manager 1-6

supported port-based authentication methods 10-7

SVIs

and IP unicast routing 35-3

and router ACLs 32-4

connecting VLANs 13-13

defined 13-3

switch 36-2

switch clustering technology 6-1

See also clusters, switch

switch console port 1-7

Switch Database Management

See SDM

Switched Port Analyzer

See SPAN

switched ports 13-2

switchport backup interface 20-4, 20-5

switchport block multicast command 24-8

switchport block unicast command 24-8

switchport protected command 24-7

switch priority

MSTP 18-23

STP 17-21

switch software features 1-1

switch virtual interface

See SVI

SXP 12-2

syslog

See system message logging

system capabilities TLV 27-2

system clock

configuring

daylight saving time 5-8

manually 5-6

summer time 5-8

time zones 5-7

displaying the time and date 5-6

overview 5-2

See also NTP

system description TLV 27-2

system message logging

default configuration 30-4

defining error message severity levels 30-9

disabling 30-4

displaying the configuration 30-14

enabling 30-5

facility keywords, described 30-14

level keywords, described 30-10

limiting messages 30-10

message format 30-2

overview 30-1

sequence numbers, enabling and disabling 30-8

setting the display destination device 30-5

stack changes, effects of 30-2

synchronizing log messages 30-6

syslog facility 1-17

time stamps, enabling and disabling 30-8

UNIX syslog servers

configuring the daemon 30-13

configuring the logging facility 30-13

facilities supported 30-14

system name

default configuration 5-10

default setting 5-10

manual configuration 5-10

See also DNS

system name TLV 27-2

system prompt, default setting 5-9, 5-10

system resources, optimizing 8-1

T

TACACS+

accounting, defined 9-12

authentication, defined 9-11

authorization, defined 9-12

configuring

accounting 9-17

authentication key 9-13

authorization 9-16

login authentication 9-14

default configuration 9-13

displaying the configuration 9-18

identifying the server 9-13

in clusters 6-16

limiting the services to the user 9-16

operation of 9-12

overview 9-10

support for 1-13

tracking services accessed by user 9-17

tar files

creating A-6

displaying the contents of A-7

extracting A-7

image file format A-25

TCAM

memory consistency check errors

example 40-27

memory consistency check routines 1-5, 40-27

memory consistency integrity 1-5, 40-27

space

HFTM 40-27

HQATM 40-27

unassigned 40-27

TDR 1-17

Telnet

accessing management interfaces 2-10

number of connections 1-7

setting a password 9-6

temporary self-signed certificate 9-47

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password 9-6

ternary content addressable memory

See TCAM

TFTP

configuration files

downloading A-11

preparing the server A-10

uploading A-12

configuration files in base directory 3-7

configuring for autoconfiguration 3-7

image files

deleting A-28

downloading A-27

preparing the server A-26

uploading A-29

limiting access by servers 31-17

TFTP server 1-6

threshold, traffic level 24-2

time

See NTP and system clock

Time Domain Reflector

See TDR

time-range command 32-16

time ranges in ACLs 32-16

time stamps in log messages 30-8

time zones 5-7

TLVs

defined 27-2

LLDP 27-2

LLDP-MED 27-2

Token Ring VLANs

support for 14-6

VTP support 15-5

ToS 1-14

traceroute, Layer 2

and ARP 40-16

and CDP 40-16

broadcast traffic 40-15

described 40-15

IP addresses and subnets 40-16

MAC addresses and VLANs 40-16

multicast traffic 40-16

multiple devices on a port 40-16

unicast traffic 40-15

usage guidelines 40-16

traceroute command 40-18

See also IP traceroute

traffic

blocking flooded 24-8

fragmented 32-5

fragmented IPv6 38-2

unfragmented 32-5

traffic policing 1-14

traffic suppression 24-2

transmit hold-count

see STP

transparent mode, VTP 15-4

trap-door mechanism 3-2

traps

configuring MAC address notification 5-17, 5-19, 5-20

configuring managers 31-13

defined 31-4

enabling 5-17, 5-19, 5-20, 31-13

notification types 31-13

overview 31-1, 31-5

troubleshooting

connectivity problems 40-14, 40-15, 40-17

CPU utilization 40-28

detecting unidirectional links 25-1

displaying crash information 40-23

setting packet forwarding 40-22

SFP security and identification 40-13

show forward command 40-22

with CiscoWorks 31-5

with debug commands 40-19

with ping 40-14

with system message logging 30-1

with traceroute 40-17

trunk failover

See link-state tracking

trunking encapsulation 1-9

trunk ports

configuring 14-17

defined 13-3, 14-4

trunks

allowed-VLAN list 14-18

load sharing

setting STP path costs 14-23

using STP port priorities 14-21, 14-22

native VLAN for untagged traffic 14-20

parallel 14-23

pruning-eligible list 14-19

to non-DTP device 14-14

trusted boundary for QoS 34-43

trusted port states

between QoS domains 34-45

classification options 34-5

ensuring port security for IP phones 34-43

support for 1-14

within a QoS domain 34-41

trustpoints, CA 9-46

twisted-pair Ethernet, detecting unidirectional links 25-1

type of service

See ToS

U

UDLD

configuration guidelines 25-4

default configuration 25-4

disabling

globally 25-5

on fiber-optic interfaces 25-5

per interface 25-6

echoing detection mechanism 25-3

enabling

globally 25-5

per interface 25-6

link-detection mechanism 25-1

neighbor database 25-2

overview 25-1

resetting an interface 25-6

status, displaying 25-7

support for 1-8

unauthorized ports with IEEE 802.1x 10-10

unicast MAC address filtering 1-6

and adding static addresses 5-22

and broadcast MAC addresses 5-22

and CPU packets 5-22

and multicast addresses 5-22

and router MAC addresses 5-22

configuration guidelines 5-22

described 5-22

unicast storm 24-1

unicast storm control command 24-4

unicast traffic, blocking 24-8

UniDirectional Link Detection protocol

See UDLD

UNIX syslog servers

daemon configuration 30-13

facilities supported 30-14

message logging configuration 30-13

unrecognized Type-Length-Value (TLV) support 15-5

upgrading a Catalyst 2950 switch

configuration compatibility issues C-1

differences in configuration commands C-1

feature behavior incompatibilities C-5

incompatible command messages C-1

recommendations C-1

upgrading software images

See downloading

UplinkFast

described 19-4

disabling 19-16

enabling 19-16

support for 1-8

uploading

configuration files

preparing A-10, A-13, A-16

reasons for A-9

using FTP A-15

using RCP A-18

using TFTP A-12

image files

preparing A-26, A-30, A-34

reasons for A-24

using FTP A-32

using RCP A-37

using TFTP A-29

USB mini-Type B console port 13-14

USB Type A port 1-8

user EXEC mode 2-2

username-based authentication 9-7

V

version-dependent transparent mode 15-5

version-mismatch (VM) mode

automatic upgrades with auto-upgrade 7-11

manual upgrades with auto-advise 7-11

upgrades with auto-extract 7-11

version-mismatch mode

described 7-10

virtual IP address

cluster standby group 6-11

command switch 6-11

virtual switches and PAgP 39-6

vlan.dat file 14-5

VLAN 1, disabling on a trunk port 14-18

VLAN 1 minimization 14-18

vlan-assignment response, VMPS 14-24

VLAN configuration

at bootup 14-7

saving 14-7

VLAN configuration mode 2-2

VLAN database

and startup configuration file 14-7

and VTP 15-1

VLAN configuration saved in 14-7

VLANs saved in 14-5

VLAN filtering and SPAN 28-7

vlan global configuration command 14-7

VLAN ID, discovering 5-25

VLAN load balancing on flex links 20-3

configuration guidelines 20-8

VLAN management domain 15-2

VLAN Management Policy Server

See VMPS

VLAN membership

confirming 14-28

modes 14-4

VLAN Query Protocol

See VQP

VLANs

adding 14-8

adding to VLAN database 14-8

aging dynamic addresses 17-10

allowed on trunk 14-18

and spanning-tree instances 14-3, 14-7, 14-12

configuration guidelines, extended-range VLANs 14-11

configuration guidelines, normal-range VLANs 14-6

configuring 14-1

configuring IDs 1006 to 4094 14-11

connecting through SVIs 13-13

creating 14-9

default configuration 14-8

deleting 14-9

described 13-2, 14-1

displaying 14-13

extended-range 14-1, 14-11

features 1-9

illustrated 14-2

in the switch stack 14-7

limiting source traffic with RSPAN 28-22

limiting source traffic with SPAN 28-15

modifying 14-8

multicast 22-17

native, configuring 14-20

normal-range 14-1, 14-5

number supported 1-9

parameters 14-5

port membership modes 14-4

static-access ports 14-10

STP and IEEE 802.1Q trunks 17-11

supported 14-3

Token Ring 14-6

traffic between 14-2

VTP modes 15-3

VLAN Trunking Protocol

See VTP

VLAN trunks 14-14

VMPS

administering 14-29

configuration example 14-29

configuration guidelines 14-26

default configuration 14-25

description 14-24

dynamic port membership

described 14-25

reconfirming 14-28

troubleshooting 14-29

entering server address 14-26

mapping MAC addresses to VLANs 14-24

monitoring 14-29

reconfirmation interval, changing 14-28

reconfirming membership 14-28

retry count, changing 14-28

voice aware 802.1x security

port-based authentication

configuring 10-40

described 10-32, 10-40

voice-over-IP 16-1

voice VLAN

Cisco 7960 phone, port connections 16-1

configuration guidelines 16-3

configuring IP phones for data traffic

override CoS of incoming frame 16-6

trust CoS priority of incoming frame 16-6

configuring ports for voice traffic in

802.1p priority tagged frames 16-5

802.1Q frames 16-5

connecting to an IP phone 16-4

default configuration 16-3

described 16-1

displaying 16-7

IP phone data traffic, described 16-2

IP phone voice traffic, described 16-2

VQP 1-9, 14-24

VTP

adding a client to a domain 15-17

advertisements 14-16, 15-4

and extended-range VLANs 14-3, 15-2

and normal-range VLANs 14-3, 15-2

client mode, configuring 15-13

configuration

guidelines 15-9

requirements 15-11

saving 15-9

configuration requirements 15-11

configuration revision number

guideline 15-17

resetting 15-17

consistency checks 15-5

default configuration 15-9

described 15-1

domain names 15-10

domains 15-2

modes

client 15-3

off 15-4

server 15-3

transitions 15-3

transparent 15-4

monitoring 15-18

passwords 15-10

pruning

disabling 15-16

enabling 15-16

examples 15-7

overview 15-6

support for 1-9

pruning-eligible list, changing 14-19

server mode, configuring 15-11, 15-14

statistics 15-18

support for 1-9

Token Ring support 15-5

transparent mode, configuring 15-12

using 15-1

Version

enabling 15-15

version, guidelines 15-10

Version 1 15-5

Version 2

configuration guidelines 15-10

overview 15-5

Version 3

overview 15-5

W

web authentication 10-17

configuring11-16to ??

described 1-10

web-based authentication

customizeable web pages 11-6

description 11-1

web-based authentication, interactions with other features 11-7

weighted tail drop

See WTD

wired location service

configuring 27-9

displaying 27-11

location TLV 27-3

understanding 27-4

wizards 1-2

WTD

described 34-12

setting thresholds

egress queue-sets 34-76

ingress queues 34-71

support for 1-15

X

Xmodem protocol 40-2