Catalyst 3550 Multilayer Switch Software Configuration Guide, Rel. 12.2(25)SEB
Index
Downloads: This chapterpdf (PDF - 1.6MB) The complete bookPDF (PDF - 11.32MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -

Index

Numerics

144-bit Layer 3 TCAM     6-26, 31-63

A

abbreviating commands     2-4

ABRs     31-24

access-class command     28-21

access control entries

See ACEs

access-denied response, VMPS     11-27

access groups

IP     28-22

Layer 3     28-22

access lists

See ACLs

access ports

and Layer 2 protocol tunneling     14-10

defined     9-3

accounting

with IEEE 802.1x     8-5, 8-22

with RADIUS     7-28

with TACACS+     7-11, 7-17

ACEs

and QoS     29-7

defined     28-2

Ethernet     28-2

IP     28-2

ACLs

ACEs     28-2

and logging     28-7

any keyword     28-14

ACLs (continued)

applying

on bridged packets     28-39

on multicast packets     28-40

on routed packets     28-39

on switched packets     28-38

time ranges to     28-18

to Layer 2 and Layer 3 interfaces     28-21

to QoS     29-7

classifying traffic for QoS     29-37

comments in     28-19

compatibility on the same switch     28-2

compiling     28-22

configuration conflict examples     28-44

configuring with VLAN maps     28-37

defined     28-1

examples, not fitting in hardware     28-45

examples of     28-22, 29-37

extended IP

configuring for QoS classification     29-38

creating     28-11

matching criteria     28-9

feature manager     28-43

hardware and software handling     28-6

hardware support for     28-6

host keyword     28-14

input router ACL configuration guidelines     28-7

IP

applying to interface     28-20

creating     28-8

defined     28-8

fragments and QoS guidelines     29-28

implicit deny     28-10, 28-15, 28-17

ACLs (continued)

IP (continued)

implicit masks     28-10

matching criteria     28-9

matching criteria for port ACLs     28-4

matching criteria for router ACLs     28-3

named     28-16

options and QoS guidelines     29-28

undefined     28-22

violations, logging     28-17

virtual terminal lines, setting on     28-20

limiting actions     28-38

logging messages     28-11

log keyword     28-17

MAC extended     28-27, 29-39

matching     28-8, 28-22, 28-29

merge failure examples     28-46

monitoring     28-41

named     28-16

not fitting in hardware     28-45

number per QoS class map     29-28

numbers     28-9

policy maps and QoS classification     29-28

port

and voice VLAN     28-4

defined     28-2

limitations     28-4

preventing excessive TCAM usage     28-8

QoS     29-7, 29-37

resequencing entries     28-16

router     28-2

standard IP

configuring for QoS classification     29-37

creating     28-10

matching criteria     28-9

support for     1-5

time ranges     28-18

undefined     28-29

unsupported features     28-8

ACLs (continued)

using router ACLs with VLAN maps     28-37

VLAN maps

configuration guidelines     28-31

configuring     28-30

defined     28-4

active router     32-1

addresses

displaying the MAC address table     6-26

dynamic

accelerated aging     15-8

changing the aging time     6-20

default aging     15-8

defined     6-19

learning     6-20

preventing frame forwarding     36-5

removing     6-21

filtering frames by MAC address     36-6

MAC, discovering     6-29

multicast

group address range     34-1, 34-3

STP address management     15-8

static

adding and removing     6-23

defined     6-19

address resolution     6-29, 31-8

Address Resolution Protocol

See ARP

See ARP table

adjacency tables, with CEF     31-70

administrative distances

defined     31-80

OSPF     31-29

routing protocol defaults     31-72

advertisements

CDP     22-1

RIP     31-19

VTP     11-18, 12-3

aggregate addresses, BGP     31-55

aggregated ports

See EtherChannel

aggregate policers     29-50

aggregate policing     1-6

aging, accelerating     15-8

aging time

accelerated

for MSTP     16-20

for STP     15-8, 15-22

bridge table for fallback bridging     36-6

MAC address table     6-20

maximum

for MSTP     16-21

for STP     15-22

alarms, RMON     25-3

allowed-VLAN list     11-20

area border routers

See ABRs

ARP

configuring     31-9

defined     31-8

encapsulation     31-10

static cache configuration     31-9

support for     1-3

ARP table

address resolution     6-29

managing     6-29

ASBRs     31-24

AS-path filters, BGP     31-49

asymmetrical links, and IEEE 802.1Q tunneling     14-4

attributes, RADIUS

vendor-proprietary     7-31

vendor-specific     7-29

audience     xxxv

authentication

EIGRP     31-37

HSRP     32-8

local mode with AAA     7-36

NTP associations     6-4

authentication (continued)

RADIUS

defined     7-18

key     7-21

login     7-23

TACACS+

defined     7-11

key     7-13

login     7-14

See also port-based authentication

authentication keys, and routing protocols     31-81

authoritative time source, described     6-2

authorization

with RADIUS     7-27

with TACACS+     7-11, 7-16

authorized ports with IEEE 802.1x     8-4

autoconfiguration     3-3

automatic QoS

See QoS

autonegotiation

duplex mode     1-2

interface configuration guidelines     9-16

mismatches     37-10

autonomous system boundary routers

See ASBRs

autonomous systems, in BGP     31-43

Auto-RP, described     34-5

autosensing, port speed     1-2

auxiliary VLAN

See voice VLAN

B

BackboneFast

described     17-9

enabling     17-19

support for     1-4

bandwidth for QoS

allocating     29-64

described     29-13

banners

configuring

login     6-18

message-of-the-day login     6-17

default configuration     6-17

when displayed     6-17

BGP

aggregate addresses     31-55

aggregate routes, configuring     31-55

CIDR     31-55

clear commands     31-58

community filtering     31-51

configuring neighbors     31-53

default configuration     31-41

described     31-40

enabling     31-43

monitoring     31-58

multipath support     31-46

neighbors, types of     31-43

path selection     31-46

peers, configuring     31-53

prefix filtering     31-50

resetting sessions     31-45

route dampening     31-57

route maps     31-48

route reflectors     31-56

routing domain confederation     31-55

routing session with multi-VRF CE     31-65

show commands     31-58

supernets     31-55

support for     1-7

Version 4     31-40

binding cluster group and HSRP group     32-10

binding database

address, DHCP server

See DHCP, Cisco IOS server database

DHCP snooping

See DHCP snooping binding database

binding database, DHCP snooping

See DHCP snooping binding database

bindings

address, Cisco IOS DHCP server     18-6

DHCP snooping database     18-6

IP source guard     18-17

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets     21-6

booting

boot loader, function of     3-2

boot process     3-1

manually     3-12

specific image     3-13

boot loader

accessing     3-14

described     3-2

environment variables     3-14

prompt     3-14

trap-door mechanism     3-2

bootstrap router (BSR), described     34-5

Border Gateway Protocol

See BGP

BPDU

error-disabled state     17-2

filtering     17-3

RSTP format     16-9

BPDU filtering

described     17-3

enabling     17-16

support for     1-4

BPDU guard

described     17-2

enabling     17-15

support for     1-4

bridged packets, ACLs on     28-39

bridge groups

See fallback bridging

bridge protocol data unit

See BPDU

broadcast flooding     31-16

broadcast packets

directed     31-13

flooded     31-13

broadcast storm control

See storm control

broadcast storm-control command     21-4

broadcast storms     31-13

C

cables, monitoring for unidirectional links     23-1

cache engines, redirecting traffic to     33-1

CAMs, ACLs not loading in     28-45

candidate switch

defined     5-2

requirements     5-2

See also command switch, cluster standby group, and member switch

CA trustpoint

configuring     7-44

defined     7-42

caution, described     xxxvi

CDP

and trusted boundary     29-33

configuring     22-2

default configuration     22-2

described     22-1

disabling for routing device     22-3, 22-4

enabling and disabling

CDP (continued)

on an interface     22-4

on a switch     22-3

Layer 2 protocol tunneling     14-7

monitoring     22-5

overview     22-1

power negotiation extensions     9-6

support for     1-3

transmission timer and holdtime, setting     22-2

updates     22-2

CEF     31-70

CGMP

as IGMP snooping learning method     20-10

clearing cached group entries     34-52

enabling server support     34-32

joining multicast group     20-3

overview     34-8

server support only     34-8

switch support of     1-2

CIDR     31-55

CipherSuites     7-43

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco Intelligence Engine 2100 Series Configuration Registrar

See IE2100

Cisco intelligent power management     9-6

Cisco IOS DHCP server

See DHCP, Cisco IOS DHCP server

Cisco IOS File System

See IFS

Cisco Network Assistant

See Network Assistant

Cisco Networking Services

See IE2100

CiscoWorks 2000     1-9, 27-4

classless interdomain routing

See CIDR

classless routing     31-7

class maps for QoS

configuring per physical port     29-40

configuring per-port per-VLAN     29-42

described     29-7

displaying     29-70

class of service

See CoS

clearing interfaces     9-22

CLI

abbreviating commands     2-4

command modes     2-1

described     1-8

editing features

enabling and disabling     2-7

keystroke editing     2-7

wrapped lines     2-8

error messages     2-5

filtering command output     2-9

getting help     2-3

history

changing the buffer size     2-5

described     2-5

disabling     2-6

recalling commands     2-6

managing clusters     5-3

no and default forms of commands     2-4

client mode, VTP     12-3

clock

See system clock

clusters, switch

benefits     1-9

described     5-1

clusters, switch (continued)

managing

through CLI     5-3

through SNMP     5-4

planning considerations

CLI     5-3

SNMP     5-4

cluster standby group

and HSRP group     32-10

requirements     5-2

Coarse Wave Division Multiplexer GBIC modules

See CWDM GBIC modules

command-line interface

See CLI

command modes     2-1

commands

abbreviating     2-4

no and default     2-4

setting privilege levels     7-8

command switch

configuration conflicts     37-10

defined     5-1

password privilege levels     5-4

recovery

from failure     37-6

from lost member connectivity     37-10

replacing

with another switch     37-8

with cluster member     37-7

requirements     5-2

See also candidate switch, cluster standby group, member switch, and standby command switch

community list, BGP     31-52

community strings

configuring     27-7

for cluster switches     27-4

overview     27-4

config.text     3-11

configurable leave timer, IGMP     20-6

configuration conflicts

ACL, displaying     28-44

recovering from lost member connectivity     37-10

configuration examples, network     1-10

configuration files

clearing the startup configuration     B-18

creating using a text editor     B-9

default name     3-11

deleting a stored configuration     B-18

described     B-7

downloading

automatically     3-12

preparing     B-10, B-12, B-15

reasons for     B-8

using FTP     B-13

using RCP     B-16

using TFTP     B-10

guidelines for creating and using     B-8

invalid combinations when copying     B-5

limiting TFTP server access     27-15

obtaining with DHCP     3-7

password recovery disable considerations     7-5

specifying the filename     3-12

system contact and location information     27-15

types and location     B-9

uploading

preparing     B-10, B-12, B-15

reasons for     B-8

using FTP     B-14

using RCP     B-17

using TFTP     B-11

VMPS database     11-28

configuration guidelines, multi-VRF CE     31-62

configuration settings, saving     3-11

configure terminal command     9-10

configuring PoE     9-17

config-vlan mode     2-2, 11-6

conflicts, configuration     37-10

congestion-avoidance techniques     29-12

congestion-management techniques     29-12, 29-15

connections, secure remote     7-38

connectivity problems     37-11

consistency checks in VTP version 2     12-4

console port, connecting to     2-10

content-routing technology

See WCCP

conventions

command     xxxvi

for examples     xxxvi

publication     xxxvi

text     xxxvi

CoS

in Layer 2 frames     29-2

override priority     13-5

trust priority     13-6

CoS-to-DSCP map for QoS     29-53

CoS-to-egress-queue map     29-59

counters, clearing interface     9-22

CPU q, in show forward command output     37-21

crashinfo file     37-21

cross-stack UplinkFast, STP

connecting stack ports     17-8

described     17-5

enabling     17-18

fast-convergence events     17-7

Fast Uplink Transition Protocol     17-6

limitations     17-8

normal-convergence events     17-7

Stack Membership Discovery Protocol     17-6

support for     1-4

cryptographic software image

Kerberos     7-32

SSL     7-41

customer edge devices     31-60

CWDM GBIC modules, network example     1-18

CWDM OADM modules     1-18

D

daylight saving time     6-13

debugging

enabling all system diagnostics     37-18

enabling for a specific feature     37-17

redirecting error message output     37-18

using commands     37-17

default commands     2-4

default configuration

auto-QoS     29-18

banners     6-17

BGP     31-41

booting     3-11

CDP     22-2

DHCP     18-8

DHCP option 82     18-8

DHCP snooping     18-8

DNS     6-16

dynamic ARP inspection     19-5

EIGRP     31-34

EtherChannel     30-8

fallback bridging     36-3

HSRP     32-4

IEEE 802.1Q tunneling     14-4

IEEE 802.1x     8-10

IGMP     34-26

IGMP filtering     20-24

IGMP snooping     20-8

IGMP throttling     20-24

initial switch information     3-3

IP addressing, IP routing     31-4

IP multicast routing     34-8

IP source guard     18-18

Layer 2 interfaces     9-14

Layer 2 protocol tunneling     14-10

MAC address table     6-20

MSDP     35-4

MSTP     16-12

default configuration (continued)

multi-VRF CE     31-62

MVR     20-19

NTP     6-4

optional spanning-tree features     17-14

OSPF     31-25

password and privilege level     7-2

port security     21-9

RADIUS     7-20

RIP     31-19

RMON     25-3

RSPAN     24-8

SNMP     27-6

SPAN     24-8

SSL     7-44

standard QoS     29-26

storm control     21-3

STP     15-11

system message logging     26-3

system name and prompt     6-15

TACACS+     7-13

UDLD     23-4

VLAN, Layer 2 Ethernet interfaces     11-18

VLANs     11-7

VMPS     11-28

voice VLAN     13-2

VTP     12-6

WCCP     33-5

default gateway     3-10, 31-11

default networks     31-73

default routes     31-73

default routing     31-2

deleting VLANs     11-10

description command     9-19

designing your network, examples     1-10

destination addresses, in ACLs     28-13

detecting indirect link failures, STP     17-10

device     B-18

device discovery protocol     22-1

device manager

described     1-1, 1-8

upgrading a switch     B-18

DHCP

Cisco IOS server database

configuring     18-15

described     18-6

DHCP-based autoconfiguration

client request message exchange     3-4

configuring

client side     3-3

DNS     3-6

relay device     3-6

server-side     3-5, 18-9

TFTP server     3-6

example     3-8

lease options

for IP address information     3-5

for receiving the configuration file     3-5

overview     3-3

relationship to BOOTP     3-3

relay support     1-7

support for     1-3

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP option 82

circuit ID suboption     18-5

configuration guidelines     18-8

default configuration     18-8

displaying     18-16

enabling

relay agent     18-10

relay agent information option     18-10

forwarding address, specifying     18-12

helper address     18-12

overview     18-3

DHCP option 82 (continued)

packet format

circuit ID suboption     18-5

remote ID suboption     18-5

policy for reforwarding     18-11

reforwarding policy     18-11

remote ID suboption     18-5

support for     1-3

validating     18-11

DHCP relay agent     18-10

DHCP server     18-9

DHCP snooping

accepting untrusted packets form edge switch     18-3, 18-13

and private VLANs     18-14

binding database

See DHCP snooping binding database

configuration guidelines     18-8

default configuration     18-8

displaying binding tables     18-16

displaying configuration     18-16

message exchange process     18-4

option 82 data insertion     18-3

trusted interface     18-2

untrusted interface     18-2

untrusted messages     18-2

DHCP snooping binding database

adding bindings     18-15

binding file

format     18-6

location     18-6

bindings     18-6

clearing agent statistics     18-16

configuring     18-15

deleting

binding file     18-16

bindings     18-16

database agent     18-16

described     18-2, 18-6

DHCP snooping binding database (continued)

displaying     18-16

status and statistics     18-16

enabling     18-15

entries     18-2

entry     18-6

renewing database     18-16

resetting

delay value     18-16

timeout value     18-16

DHCP snooping binding table

See DHCP snooping binding database

Differentiated Services architecture, QoS     29-2

Differentiated Services Code Point     29-2

Diffusing Update Algorithm (DUAL)     31-33

directed unicast requests     1-3

directories

changing     B-3

creating and removing     B-4

displaying the working     B-3

Distance Vector Multicast Routing Protocol

See DVMRP

distance-vector protocols     31-2

distribute-list command     31-80

DNS

and DHCP-based autoconfiguration     3-6

default configuration     6-16

displaying the configuration     6-17

overview     6-15

setting up     6-16

support for     1-3

documentation, related     xxxvii

document conventions     xxxvi

domain names

DNS     6-15

VTP     12-8

Domain Name System

See DNS

dot1q-tunnel switchport mode     11-17

double-tagged packets

IEEE 802.1Q tunneling     14-2

Layer 2 protocol tunneling     14-9

downloading

configuration files

preparing     B-10, B-12, B-15

reasons for     B-8

using FTP     B-13

using RCP     B-16

using TFTP     B-10

image files

deleting old image     B-22

preparing     B-20, B-23, B-27

reasons for     B-18

using CMS     1-2

using FTP     B-24

using HTTP     1-2, B-18

using Network Assistant     1-2

using RCP     B-28

using TFTP     B-21

using the device manager or Network Assistant     B-18

drop threshold for Layer 2 protocol packets     14-10

DSCP     1-6, 29-2

DSCP-to-CoS map for QoS     29-55

DSCP-to-DSCP-mutation map for QoS     29-57

DSCP-to-threshold map for QoS     29-61

DTP     1-4, 11-16

DUAL finite state machine, EIGRP     31-33

duplex mode, configuring     9-15

DVMRP

autosummarization

configuring a summary address     34-48

disabling     34-50

connecting PIM domain to DVMRP router     34-40

enabling unicast routing     34-44

interoperability

with Cisco devices     34-38

with IOS software     34-7

mrinfo requests, responding to     34-43

neighbors

advertising the default route to     34-42

discovery with Probe messages     34-38

displaying information     34-43

prevent peering with nonpruning     34-46

rejecting nonpruning     34-45

overview     34-7

routes

adding a metric offset     34-50

advertising all     34-50

advertising the default route to neighbors     34-42

caching DVMRP routes learned in report messages     34-44

changing the threshold for syslog messages     34-47

deleting     34-52

displaying     34-52

favoring one over another     34-50

limiting the number injected into MBONE     34-47

limiting unicast route advertisements     34-38

routing table     34-8

source distribution tree, building     34-8

support for     1-7

tunnels

configuring     34-40

displaying neighbor information     34-43

dynamic access ports

characteristics     11-3

configuring     11-30

defined     9-3

dynamic addresses

See addresses

dynamic ARP inspection

ARP cache poisoning     19-1

ARP requests, described     19-1

ARP spoofing attack     19-1

clearing

dynamic ARP inspection (continued)

clearing (continued)

log buffer     19-15

statistics     19-15

configuration guidelines     19-6

configuring

ACLs for non-DHCP environments     19-8

in DHCP environments     19-7

log buffer     19-12

rate limit for incoming ARP packets     19-4, 19-10

default configuration     19-5

denial-of-service attacks, preventing     19-10

described     19-1

DHCP snooping binding database     19-2

displaying

ARP ACLs     19-14

configuration and operating state     19-14

log buffer     19-15

statistics     19-15

trust state and rate limit     19-14

error-disabled state for exceeding rate limit     19-4

function of     19-2

interface trust states     19-3

log buffer

clearing     19-15

configuring     19-12

displaying     19-15

logging of dropped packets, described     19-4

man-in-the middle attack, described     19-2

network security issues and interface trust states     19-3

priority of ARP ACLs and DHCP snooping entries     19-4

rate limiting of ARP packets

configuring     19-10

described     19-4

error-disabled state     19-4

statistics

clearing     19-15

displaying     19-15

validation checks, performing     19-11

dynamic desirable trunking mode     11-17

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described     11-27

reconfirming     11-31

troubleshooting     11-33

types of connections     11-30

VMPS database configuration file     11-28

dynamic routing     31-2

Dynamic Trunking Protocol

See DTP

E

EBGP     31-39

editing features

enabling and disabling     2-7

keystrokes used     2-7

wrapped lines     2-8

egress q, in show forward command output     37-20

EIGRP

authentication     31-37

components     31-33

configuring     31-35

default configuration     31-34

definition     31-33

interface parameters, configuring     31-36

monitoring     31-38

support for     1-7

enable password     7-4

enable secret password     7-4

encryption, CipherSuite     7-43

encryption for passwords     7-4

Enhanced IGRP

See EIGRP

environment variables

function of     3-15

location in Flash     3-14

equal-cost routing     1-7, 31-71

error messages

during command entry     2-5

setting the display destination device     26-4

severity levels     26-8

system message format     26-2

EtherChannel

automatic creation of     30-3

channel groups

binding physical and logical interfaces     30-2

numbering of     30-3

configuration guidelines     30-8

configuring

Layer 2 interfaces     30-9

Layer 3 physical interfaces     30-13

Layer 3 port-channel logical interfaces     30-12

default configuration     30-8

destination MAC address forwarding     30-6

displaying status     30-19

forwarding methods     30-15

interaction

with STP     30-8

with VLANs     30-9

LACP, support for     1-2

Layer 3 interface     31-3

load balancing     30-6, 30-15

logical interfaces, described     30-2

number of interfaces per     30-2

overview     30-1

PAgP

aggregate-port learners     30-5

compatibility with Catalyst 1900     30-15

displaying status     30-19

interaction with other features     30-6

learn method and priority configuration     30-15

modes     30-4

overview     30-3

silent mode     30-4

support for     1-2

EtherChannel (continued)

port-channel interfaces

described     30-2

numbering of     30-3

port groups     9-5

source MAC address forwarding     30-6

support for     1-2

EtherChannel guard

described     17-11

enabling     17-19

Ethernet VLANs

adding     11-8

defaults and ranges     11-8

modifying     11-8

events, RMON     25-3

examples

conventions for     xxxvi

network configuration     1-10

expedite queue for QoS

10/100 Ethernet ports

allocating bandwidth     29-68

configuring     29-68

described     29-15

Gigabit-capable Ethernet ports

allocating bandwidth     29-64

configuring     29-64

described     29-12

Express Setup

overview     1-1

See also getting started guide

extended-range VLANs

configuration guidelines     11-12

configuring     11-11

creating     11-12, 11-13

defined     11-1

extended system ID

MSTP     16-14

STP     15-3, 15-14

Extensible Authentication Protocol over LAN     8-1

external BGP

See EBGP

external neighbors, BGP     31-43

F

fallback bridging

and protected ports     36-4

bridge groups

creating     36-4

described     36-2

displaying     36-12

function of     36-2

number supported     36-4

removing     36-4

bridge table

changing the aging time     36-6

clearing     36-12

displaying     36-12

configuration guidelines     36-3

connecting interfaces with     9-9

default configuration     36-3

described     36-1

frame forwarding

filtering by MAC address     36-6

flooding packets     36-2

for static addresses     36-5

forwarding packets     36-2

preventing for dynamically learned stations     36-5

to static addresses     36-5

overview     36-1

protocol, unsupported     36-3

STP

disabling on an interface     36-12

forward-delay interval     36-10

hello BPDU interval     36-10

interface priority     36-8

maximum-idle interval     36-11

path cost     36-9

fallback bridging (continued)

STP (continued)

switch priority     36-8

VLAN-bridge STP     36-1, 36-2

support for     1-7

SVIs and routed ports     36-1

unsupported protocols     36-3

VLAN-bridge STP     15-10

fallback VLAN name     11-28

Fast Uplink Transition Protocol     17-6

feature manager, ACL     28-43

FIB     31-70

fiber-optic, detecting unidirectional links     23-1

files

copying     B-4

crashinfo

description     37-21

displaying the contents of     37-21

location     37-21

deleting     B-5

displaying the contents of     B-7

tar

creating     B-5

displaying the contents of     B-6

extracting     B-7

image file format     B-19

file system

displaying available file systems     B-2

displaying file information     B-3

local file system names     B-1

network file system names     B-4

setting the default     B-3

filtering

in a VLAN     28-30

non-IP traffic     28-27

show and more command output     2-9

with fallback bridging     36-6

filters, IP

See ACLs, IP

flash device, number of     B-1

flooded traffic, blocking     21-6

flow-based packet classification     1-6

flowcharts

QoS classification     29-6

QoS policing and marking     29-10

QoS queueing and scheduling

10/100 ports     29-15

Gigabit-capable ports     29-12

flow control     1-2, 9-18

forward-delay time

MSTP     16-20

STP     15-5, 15-22

Forwarding Information Base

See FIB

forwarding non-routable protocols     36-1

FTP

accessing MIB files     A-2

configuration files

downloading     B-13

overview     B-11

preparing the server     B-12

uploading     B-14

image files

deleting old image     B-26

downloading     B-24

preparing the server     B-23

uploading     B-26

G

GBIC modules

See GBICs

GBICs

1000BASE-LX/LH module     1-13

1000BASE-SX module     1-13

1000BASE-T module     1-13

1000BASE-ZX module     1-13

CWDM module     1-18

GBICs (continued)

GigaStack module     1-11

security and identification     37-10

get-bulk-request operation     27-3

get-next-request operation     27-3, 27-4

get-request operation     27-3, 27-4

get-response operation     27-3

Gigabit Interface Converters

See GBICs

GigaStack GBIC

fast transition of redundant link     17-5

See also GBICs

global configuration mode     2-2

guide

audience     xxxv

purpose of     xxxv

guide mode     1-9

GUIs

See device manager and Network Assistant     1-8

H

hardware, determining ACL configuration fit     28-45

hello time

MSTP     16-19

STP     15-21

help, for the command line     2-3

history

changing the buffer size     2-5

described     2-5

disabling     2-6

recalling commands     2-6

history table, level and number of syslog messages     26-10

hosts, limit on dynamic ports     11-33

Hot Standby Router Protocol

See HSRP

HP OpenView     1-9

HSRP

authentication string     32-8

binding to cluster group     32-10

command-switch redundancy     1-3

default configuration     32-4

definition     32-1

monitoring     32-10

overview     32-1

priority     32-6

routing redundancy     1-7

timers     32-8

tracking     32-7

HTTP over SSL

see HTTPS

HTTPS     7-42

configuring     7-45

self-signed certificate     7-42

HTTP secure server     7-42

I

IBPG     31-39

ICMP

redirect messages     31-11

support for     1-7

time exceeded messages     37-13

traceroute and     37-13

unreachable messages     28-6

unreachables and ACLs     28-7

ICMP ping

executing     37-11

overview     37-11

ICMP Router Discovery Protocol

See IRDP

IDS, using with SPAN and RSPAN     24-2

IE2100

CNS embedded agents

described     4-5

enabling automated configuration     4-6

enabling configuration agent     4-9

enabling event agent     4-8

Configuration Registrar

configID, deviceID, hostname     4-3

configuration service     4-2

described     4-1

event service     4-3

described     1-8

support for     1-3

IEEE 802.1D

See STP

IEEE 802.1p     13-1

IEEE 802.1Q

and trunk ports     9-3

configuration limitations     11-18

encapsulation     11-15

native VLAN for untagged traffic     11-22

tunneling

compatibility with other features     14-5

defaults     14-4

described     14-1

tunnel ports and ACLs     28-3

tunnel ports with other features     14-6

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3af

See PoE

IEEE 802.3z flow control     9-18

ifIndex values, SNMP     27-5

IFS     1-3

IGMP

configurable leave timer, procedures     20-12

configuring the switch

as a member of a group     34-26

statically connected member     34-31

controlling access to groups     34-27

default configuration     34-26

deleting cache entries     34-52

displaying groups     34-52

fast switching     34-31

host-query interval, modifying     34-29

joining multicast group     20-3

join messages     20-3

leave processing, enabling     20-12

leaving multicast group     20-5

multicast reachability     34-26

overview     34-3

queries     20-4

report suppression

described     20-7

disabling     20-13

support for     1-2

throttling action     20-24

Version 1

changing to Version 2     34-28

described     34-3

Version 2

changing to Version 1     34-28

described     34-3

maximum query response time value     34-30

pruning groups     34-30

query timeout value     34-29

IGMP configurable leave timer, described     20-6

IGMP filtering

configuring     20-24

default configuration     20-24

described     20-23

monitoring     20-29

IGMP groups

configuring the throttling action     20-27

setting the maximum number     20-27

IGMP profile

applying     20-25

configuration mode     20-24

configuring     20-25

IGMP snooping

configuring     20-8

default configuration     20-8

definition     20-2

enabling and disabling     20-9

global configuration     20-9

Immediate Leave     20-6

method     20-9

monitoring     20-15

querier

configuring     20-14

guidelines and restrictions     20-7

support for     1-2

VLAN configuration     20-9

IGMP throttling

configuring     20-27

default configuration     20-24

described     20-24

displaying action     20-29

IGP     31-24

Immediate-Leave, IGMP     20-6

Intelligence Engine 2100 Series CNS Agents

See IE2100

interface

number     9-9

range macros     9-12

interface command     9-9, 9-10

interface configuration mode     2-3

interfaces

configuration guidelines     9-16

configuring     9-10

configuring duplex mode     9-15

configuring speed     9-15

counters, clearing     9-22

described     9-19

descriptive name, adding     9-19

displaying information about     9-21

flow control     9-18

management     1-8

monitoring     9-21

naming     9-19

physical, identifying     9-9

range of     9-10

restarting     9-23

shutting down     9-23

supported     9-9

types of     9-1

interfaces range macro command     9-12

Interior Gateway Protocol

See IGP

internal BGP

See IBGP

internal neighbors, BGP     31-43

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

Inter-Switch Link

See ISL

inter-VLAN routing     1-7, 31-2

Intrusion Detection System

See IDS

IOS File System

See IFS

ip access-group command     28-22

IP ACLs

applying to an interface     28-20

extended, creating     28-11

for QoS classification     29-7

implicit deny     28-10, 28-15, 28-17

implicit masks     28-10

logging     28-17

named     28-16

standard, creating     28-10

undefined     28-22

virtual terminal lines, setting on     28-20

IP addresses

candidate or member     5-2

classes of     31-5

command switch     5-2

default configuration     31-4

discovering     6-29

for IP routing     31-4

MAC address association     31-8

monitoring     31-17

See also IP information

IP broadcast address     31-15

ip cef command     31-70

IP directed broadcasts     31-13

ip igmp profile command     20-24

IP information

assigned

manually     3-10

through DHCP-based autoconfiguration     3-3

default configuration     3-3

IP multicast routing

addresses

all-hosts     34-1, 34-3

all-multicast-routers     34-1, 34-3

host group address range     34-1, 34-3

administratively-scoped boundaries, described     34-36

and IGMP snooping     20-2, 20-8

IP multicast routing (continued)

Auto-RP

adding to an existing sparse-mode cloud     34-14

benefits of     34-13

clearing the cache     34-52

configuration guidelines     34-10

filtering incoming RP announcement messages     34-16

overview     34-5

preventing candidate RP spoofing     34-16

preventing join messages to false RPs     34-15

setting up in a new internetwork     34-14

using with BSR     34-21

bootstrap router

configuration guidelines     34-10

configuring candidate BSRs     34-19

configuring candidate RPs     34-20

defining the IP multicast boundary     34-18

defining the PIM domain border     34-17

overview     34-5

using with Auto-RP     34-21

Cisco implementation     34-2

configuring

basic multicast routing     34-10

IP multicast boundary     34-36

TTL threshold     34-34

default configuration     34-8

enabling

multicast forwarding     34-11

PIM mode     34-11

group-to-RP mappings

Auto-RP     34-5

BSR     34-5

MBONE

deleting sdr cache entries     34-52

described     34-33

displaying sdr cache     34-53

enabling sdr listener support     34-33

limiting DVMRP routes advertised     34-47

limiting sdr cache entry lifetime     34-33

IP multicast routing (continued)

SAP packets for conference session announcement     34-33

Session Directory (sdr) tool, described     34-33

monitoring

packet rate loss     34-53

peering devices     34-53

tracing a path     34-53

multicast forwarding, described     34-6

PIMv1 and PIMv2 interoperability     34-9

protocol interaction     34-2

reverse path check (RPF)     34-6

routing table

deleting     34-52

displaying     34-52

RP

assigning manually     34-12

configuring Auto-RP     34-13

configuring PIMv2 BSR     34-17

monitoring mapping information     34-22

using Auto-RP and BSR     34-21

statistics, displaying system and network     34-52

TTL thresholds, described     34-34

See also CGMP

See also DVMRP

See also IGMP

See also PIM

IP phones

and IEEE 802.1x authentication     8-7

and QoS     13-1

automatic classification and queueing     29-17

configuring     13-3

trusted boundary for QoS     29-33

IP precedence     29-2

IP-precedence-to-DSCP map for QoS     29-54

IP protocols

in ACLs     28-13

routing     1-7

IP routes, monitoring     31-82

IP routing

connecting interfaces with     9-9

enabling     31-18

IP source guard

and 802.1x     18-18

and DHCP snooping     18-17

and EtherChannels     18-18

and port security     18-18

and private VLANs     18-18

and routed ports     18-18

and TCAM entries     18-18

and trunk interfaces     18-18

and VRF     18-18

binding configuration

automatic     18-17

manual     18-17

binding table     18-17

configuration guidelines     18-18

default configuration     18-18

described     18-16

disabling     18-19

displaying

bindings     18-19

configuration     18-19

enabling     18-18

filtering

source IP address     18-17

source IP and MAC address     18-17

source IP address filtering     18-17

source IP and MAC address filtering     18-17

static bindings

adding     18-18

deleting     18-19

IP traceroute

executing     37-13

overview     37-13

IP unicast routing

address resolution     31-8

administrative distances     31-72, 31-80

ARP     31-8

assigning IP addresses to Layer 3 interfaces     31-6

authentication keys     31-81

broadcast

address     31-15

flooding     31-16

packets     31-13

storms     31-13

classless routing     31-7

configuring static routes     31-72

default

addressing configuration     31-4

gateways     31-11

networks     31-73

routes     31-73

routing     31-2

directed broadcasts     31-13

dynamic routing     31-2

enabling     31-18

EtherChannel Layer 3 interface     31-3

IGP     31-24

inter-VLAN     31-2

IP addressing

classes     31-5

configuring     31-4

IRDP     31-12

Layer 3 interfaces     31-3

MAC address and IP address     31-8

passive interfaces     31-79

protocols

distance-vector     31-2

dynamic     31-2

link-state     31-2

proxy ARP     31-8

redistribution     31-74

reverse address resolution     31-8

IP unicast routing (continued)

routed ports     31-3

static routing     31-2

steps to configure     31-3

subnet mask     31-5

subnet zero     31-6

supernet     31-7

UDP     31-15

with SVIs     31-3

See also BGP

See also EIGRP

See also OSPF

See also RIP

ip unreachables command     28-6

IRDP

configuring     31-12

definition     31-12

support for     1-7

ISL

and trunk ports     9-3

encapsulation     1-4, 11-15

trunking with IEEE 802.1 tunneling     14-4

J

join messages, IGMP     20-3

K

KDC

described     7-32

See also Kerberos

Kerberos

authenticating to

boundary switch     7-34

KDC     7-34

network services     7-35

configuration examples     7-32

Kerberos (continued)

configuring     7-35

credentials     7-32

cryptographic software image     7-32

described     7-32

KDC     7-32

operation     7-34

realm     7-33

server     7-33

switch as trusted third party     7-32

terms     7-33

TGT     7-34

tickets     7-32

key distribution center

See KDC

L

l2protocol-tunnel command     14-11

LACP

Layer 2 protocol tunneling     14-9

See EtherChannel

Layer 2 frames, classification with CoS     29-2

Layer 2 interfaces, default configuration     9-14

Layer 2 protocol tunneling

configuring     14-9

configuring for EtherChannels     14-13

default configuration     14-10

defined     14-7

guidelines     14-10

Layer 2 traceroute

and ARP     37-15

and CDP     37-15

described     37-14

IP addresses and subnets     37-15

MAC addresses and VLANs     37-15

multicast traffic     37-15

multiple devices on a port     37-15

Layer 2 traceroute (continued)

unicast traffic     37-14

usage guidelines     37-15

Layer 3 features     1-7

Layer 3 interfaces

assigning IP addresses to     31-6

changing from Layer 2 mode     31-6

types of     31-3

Layer 3 packets, classification methods     29-2

LDAP     4-2

leave processing, IGMP     20-12

lightweight directory access protocol

See LDAP

line configuration mode     2-3

Link Aggregation Control Protocol

See EtherChannel

links, unidirectional     23-1

link state advertisements (LSAs)     31-28

link-state protocols     31-2

logging messages, ACL     28-11

login authentication

with RADIUS     7-23

with TACACS+     7-14

login banners     6-17

log messages

See system message logging

long-distance, high-bandwidth transport configuration example     1-18

Long-Reach Ethernet (LRE) technology     1-11

loop guard

described     17-13

enabling     17-20

support for     1-4

M

mac access-group command     28-29

MAC ACLs and Layer 2 interfaces     28-29

MAC addresses

aging time     6-20

and VLAN association     6-20

building the address table     6-20

default configuration     6-20

discovering     6-29

displaying     6-26

displaying in DHCP snooping binding table     18-16

displaying in the IP source binding table     18-19

dynamic

learning     6-20

removing     6-21

in ACLs     28-27

IP address association     31-8

static

adding     6-24

allowing     6-25

characteristics of     6-23

dropping     6-25

removing     6-24

sticky secure, adding     21-8

MAC address multicast entries, monitoring     20-15

MAC address-to-VLAN mapping     11-27

MAC extended access lists     28-27, 29-5, 29-39

macros

See Smartports macros

manageability features     1-3

management options

benefits

clustering     1-9

Network Assistant     1-9

CLI     2-1

CNS     4-1

overview     1-8

MANs

CWDM configuration example     1-18

long-distance, high-bandwidth transport configuration example     1-18

mapping tables for QoS

configuring

CoS-to-DSCP     29-53

CoS-to-egress-queue     29-59

DSCP     29-52

DSCP-to-CoS     29-55

DSCP-to-DSCP-mutation     29-57

DSCP-to-threshold     29-61

IP-precedence-to-DSCP     29-54

policed-DSCP     29-55

described     29-10

marking

action in policy map     29-44

action with aggregate policers     29-50

described     29-4, 29-8

matching, ACLs     28-8

maximum aging time

MSTP     16-21

STP     15-22

maximum hop count, MSTP     16-21

maximum-paths command     31-46, 31-71

membership mode, VLAN port     11-3

member switch

defined     5-1

managing     5-3

recovering from lost connectivity     37-10

requirements     5-2

See also candidate switch, cluster standby group, and standby command switch

memory, optimizing     6-26

messages

logging ACL violations     28-17

to users through banners     6-17

metrics, in BGP     31-47

metric translations, between routing protocols     31-76

metropolitan-area networks

See MANs

metro tags     14-2

MIBs

accessing files with FTP     A-2

location of files     A-2

overview     27-1

SNMP interaction with     27-4

supported     A-1

minimum-reserve levels

assigning to a queue     29-15, 29-67

configuring the buffer size     29-16, 29-67

default size     29-15

mini-point-of-presence

See POP

mirroring traffic for analysis     24-1

mismatches, autonegotiation     37-10

modules, GBIC

1000BASE-LX/LH     1-13

1000BASE-SX     1-13

1000BASE-T     1-13

1000BASE-ZX     1-13

CWDM     1-18

GigaStack     1-11

monitoring

access groups     28-41

ACL

configuration     28-41

configuration conflicts     28-44

fit in hardware     28-45

information     28-41

BGP     31-58

cables for unidirectional links     23-1

CDP     22-5

CEF     31-71

EIGRP     31-38

fallback bridging     36-12

features     1-7

HSRP     32-10

monitoring (continued)

IEEE 802.1Q tunneling     14-17

IGMP

filters     20-29

snooping     20-15

interfaces     9-21

IP

address tables     31-17

multicast routing     34-51

routes     31-82

Layer 2 protocol tunneling     14-17

MSDP peers     35-19

multicast router ports     20-15

multi-VRF CE     31-69

MVR     20-23

network traffic for analysis with probe     24-1

OSPF     31-32

port blocking     21-16

port protection     21-16

RP mapping information     34-22

source-active messages     35-19

speed and duplex mode     9-17

traffic flowing among switches     25-1

traffic suppression     21-16

tunneling     14-17

VLAN

filters     28-42

maps     28-42

VLANs     11-14

VMPS     11-32

VTP     12-15

MSDP

and dense-mode regions

sending SA messages to     35-17

specifying the originating address     35-18

benefits of     35-3

clearing MSDP connections and statistics     35-19

MSDP (continued)

controlling source information

forwarded by switch     35-12

originated by switch     35-8

received by switch     35-14

default configuration     35-4

filtering

incoming SA messages     35-14

SA messages to a peer     35-12

SA requests from a peer     35-11

join latency, defined     35-6

meshed groups

configuring     35-16

defined     35-16

originating address, changing     35-18

overview     35-1

peer-RPF flooding     35-2

peers

configuring a default     35-4

monitoring     35-19

peering relationship, overview     35-1

requesting source information from     35-8

shutting down     35-16

source-active messages

caching     35-6

clearing cache entries     35-19

defined     35-2

filtering from a peer     35-11

filtering incoming     35-14

filtering to a peer     35-12

limiting data with TTL     35-14

monitoring     35-19

restricting advertised sources     35-9

MSTP

boundary ports

configuration guidelines     16-13

described     16-5

MSDP (continued)

BPDU filtering

described     17-3

enabling     17-16

BPDU guard

described     17-2

enabling     17-15

CIST, described     16-3

configuration guidelines     16-12, 17-14

configuring

forward-delay time     16-20

hello time     16-19

link type for rapid convergence     16-22

maximum aging time     16-21

maximum hop count     16-21

MST region     16-13

path cost     16-18

port priority     16-17

root switch     16-14

secondary root switch     16-16

switch priority     16-19

CST

defined     16-3

operations between regions     16-3

default configuration     16-12

default optional feature configuration     17-14

described     16-2

displaying status     16-23

enabling the mode     16-13

EtherChannel guard

described     17-11

enabling     17-19

extended system ID

effects on root switch     16-14

effects on secondary root switch     16-16

unexpected behavior     16-15

instances supported     15-9

interface state, blocking to forwarding     17-2

interoperability and compatibility among modes     15-10

MSDP (continued)

interoperability with IEEE 802.1D

described     16-5

restarting migration process     16-22

IST

defined     16-2

master     16-3

operations within a region     16-3

loop guard

described     17-13

enabling     17-20

mapping VLANs to MST instance     16-13

MST region

described     16-2

hop-count mechanism     16-4

supported spanning-tree instances     16-2

optional features supported     1-4

Port Fast

described     17-2

enabling     17-14

preventing root switch selection     17-12

root guard

described     17-12

enabling     17-20

root switch

configuring     16-15

effects of extended system ID     16-14

unexpected behavior     16-15

shutdown Port Fast-enabled port     17-2

multicast groups

and IGMP snooping     20-8

Immediate Leave     20-6

joining     20-3

leaving     20-5

static joins     20-11

multicast packets

ACLs on     28-40

multicast packets, blocking     21-6

multicast router ports

adding     20-10

monitoring     20-15

Multicast Source Discovery Protocol

See MSDP

multicast storm control

See storm control

multicast storm-control command     21-4

Multicast VLAN Registration

See MVR

Multiple Spanning Tree Protocol

See MSTP

multiple VPN routing/forwarding in customer edge devices

See multi-VRF CE

multi-VRF CE

configuration example     31-65

configuration guidelines     31-62

configuring     31-62

default configuration     31-62

defined     31-59

displaying     31-69

monitoring     31-69

network components     31-62

packet-forwarding process     31-61

support for     1-7

MVR

configuring interfaces     20-21

default configuration     20-19

described     20-16

modes     20-20

monitoring     20-23

setting global parameters     20-20

support for     1-2

N

named IP ACLs     28-16

NameSpace Mapper

See NSM

native VLAN

and IEEE 802.1Q tunneling     14-4

configuring     11-22

default     11-22

neighbor discovery/recovery, EIGRP     31-33

neighbors, BGP     31-53

Network Assistant

described     1-2, 1-8

downloading image files     1-2

upgrading a switch     B-18

network configuration examples

increasing network performance     1-10

large network     1-15

long-distance, high-bandwidth transport     1-18

providing network services     1-11

small to medium-sized network     1-13

network design

performance     1-10

services     1-11

network management

CDP     22-1

RMON     25-1

SNMP     27-1

Network Time Protocol

See NTP

no commands     2-4

non-IP traffic filtering     28-27

nontrunking mode     11-17

normal-range VLANs

configuration modes     11-6

defined     11-1

no switchport command     9-5

note, described     xxxvi

not-so-stubby areas

See NSSA

NSM     4-3

NSSA, OSPF     31-28

NTP

associations

authenticating     6-4

defined     6-2

enabling broadcast messages     6-6

peer     6-5

server     6-5

default configuration     6-4

displaying the configuration     6-10

overview     6-2

restricting access

creating an access group     6-8

disabling NTP services per interface     6-9

source IP address, configuring     6-10

stratum     6-2

support for     1-3

synchronizing devices     6-5

time

services     6-2

synchronizing     6-2

O

OADM modules

See CWDM OADM modules

Open Shortest Path First

See OSPF

optical add/drop multiplexer modules

See CWDM OADM modules

optimizing system resources     6-26

options, management     1-8

OSPF

area parameters, configuring     31-28

configuring     31-26

OSPF (continued)

default configuration

metrics     31-29

route     31-29

settings     31-25

described     31-24

interface parameters, configuring     31-27

LSA group pacing     31-31

monitoring     31-32

router IDs     31-31

route summarization     31-29

support for     1-7

virtual links     31-29

out-of-profile markdown     1-6

output interface, getting information about     37-20

P

packet modification, with QoS     29-17

PAgP

Layer 2 protocol tunneling     14-9

See EtherChannel

parallel paths, in routing tables     31-71

passive interfaces

configuring     31-79

OSPF     31-29

pass-through mode     29-34

passwords

default configuration     7-2

disabling recovery of     7-5

encrypting     7-4

for security     1-5

overview     7-1

setting

enable     7-3

enable secret     7-4

Telnet     7-6

with usernames     7-7

VTP domain     12-8

path cost

MSTP     16-18

STP     15-18

PBR

defined     31-77

enabling     31-78

fast-switched policy-based routing     31-78

local policy-based routing     31-78

support for     1-7

peers, BGP     31-53

performance, network design     1-10

performance features     1-2

persistent self-signed certificate     7-42

per-VLAN spanning-tree plus

See PVST+

PE to CE routing, configuring     31-65

physical ports     9-2

PIM

default configuration     34-8

dense mode

overview     34-4

rendezvous point (RP), described     34-5

RPF lookups     34-7

displaying neighbors     34-53

enabling a mode     34-11

overview     34-4

router-query message interval, modifying     34-25

shared tree and source tree, overview     34-23

shortest path tree, delaying the use of     34-24

sparse mode

join messages and shared tree     34-5

overview     34-5

prune messages     34-5

RPF lookups     34-7

support for     1-7

versions

interoperability     34-9

troubleshooting interoperability problems     34-22

v2 improvements     34-4

PIM-DVMRP, as snooping method     20-10

ping

character output description     37-12

executing     37-11

overview     37-11

PoE

auto mode     9-7

CDP with power consumption, described     9-6

CDP with power negotiation, described     9-6

Cisco intelligent power management     9-6

configuring     9-17

devices supported     9-5

high-power devices operating in low-power mode     9-6

powered-device detection and initial power allocation     9-6

power management modes     9-7

power negotiation extensions to CDP     9-6

standards supported     9-6

troubleshooting     37-16

policed-DSCP map for QoS     29-55

policers

configuring

for each matched traffic class     29-44

for more than one traffic class     29-50

described     29-4

displaying     29-70

number of     1-6, 29-9

types of     29-8

policing

described     29-4

token bucket algorithm     29-8

policy-based routing

See PBR

policy maps for QoS

characteristics of     29-44

configuring     29-44

described     29-7

displaying     29-70

POP     1-16

port ACLs

and voice VLAN     28-4

defined     28-2

limitations     28-4

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting     8-5

accounting services     1-5

authentication server

defined     8-2

RADIUS server     8-2

client, defined     8-2

configuration guidelines     8-11

configuring

guest VLAN     8-19

host mode     8-19

IEEE 802.1x accounting     8-22

IEEE 802.1x authentication     8-13, 8-21

manual re-authentication of a client     8-16

periodic re-authentication     8-15

quiet period     8-16

RADIUS server     8-15

RADIUS server parameters on the switch     8-14

switch-to-client frame-retransmission number     8-17, 8-18

switch-to-client retransmission time     8-17

default configuration     8-10

described     8-1

device roles     8-2

displaying statistics     8-24

EAPOL-start frame     8-3

EAP-request/identity frame     8-3

EAP-response/identity frame     8-3

port-based authentication (continued)

enabling

IEEE 802.1x with guest VLAN     8-8

IEEE 802.1x with per-user ACLs     8-9, 8-13

IEEE 802.1x with port security     8-6

IEEE 802.1x with VLAN assignment     8-7, 8-13

IEEE 802.1x with voice VLAN     8-7

encapsulation     8-3

guest VLAN

configuration guidelines     8-8

host mode     8-5

initiation and message exchange     8-3

method lists     8-13, 8-21

multiple-hosts mode, described     8-5

per-user ACLs, AAA authorization     8-21

ports

authorization state and dot1x port-control command     8-4

authorized and unauthorized     8-4

port security, multiple-hosts mode     8-5

resetting to default values     8-21

software upgrade changes     8-12

support for     1-5

switch

as proxy     8-2

RADIUS client     8-2

upgrading from a previous release     29-22

VLAN assignment, AAA authorization     8-21

port blocking     1-2, 21-6

port-channel

See EtherChannel

Port Fast

described     17-2

enabling     17-14

mode, spanning tree     11-28

support for     1-4

port membership modes, VLAN     11-3

port priority

MSTP     16-17

STP     15-17

ports

access     9-3

blocking     21-6

dynamic access     11-3

forwarding, resuming     21-7

IEEE 802.1Q tunnel     11-3

protected     21-5

routed     9-4

secure     21-7

static-access     11-3, 11-10

switch     9-2

trunks     11-3, 11-15

VLAN assignments     11-10

port security

aging     21-14

and QoS trusted boundary     29-33

configuration guidelines     21-9

configuring     21-11

default configuration     21-9

described     21-7

displaying     21-16

on trunk ports     21-12

sticky learning     21-8

violations     21-8

with other features     21-9

port-shutdown response, VMPS     11-27

Power over Ethernet

See PoE

preferential treatment of traffic

See QoS

prefix lists, BGP     31-50

preventing unauthorized access     7-1

priority

HSRP     32-6

overriding CoS     13-5

trusting CoS     13-6

private VLAN edge ports

See protected ports

privileged EXEC mode     2-2

privilege levels

changing the default for lines     7-9

command switch     5-4

exiting     7-10

logging into     7-10

mapping on member switches     5-4

overview     7-2, 7-8

setting a command with     7-8

protected ports     1-5, 21-5

protocol-dependent modules, EIGRP     31-34

Protocol-Independent Multicast Protocol

See PIM

provider edge devices     31-60

proxy ARP

configuring     31-10

definition     31-8

with IP routing disabled     31-11

pruning, VTP

enabling     12-13

enabling on a port     11-21

examples     12-5

overview     12-4

pruning-eligible list

changing     11-21

for VTP pruning     12-4

VLANs     12-14

publications, related     xxxvii

PVST+

described     15-9

IEEE 802.1Q trunking interoperability     15-10

instances supported     15-9

Q

QoS

and MQC commands     29-1

auto-QoS

categorizing traffic     29-18

configuration and defaults display     29-23

configuration guidelines     29-21

described     29-17

displaying     29-23

effects on NVRAM configuration     29-21

egress queue defaults     29-18

enabling for VoIP     29-22

generated commands     29-19

basic model     29-4

classification

class maps, described     29-7

defined     29-4

flowchart     29-6

forwarding treatment     29-3

in frames and packets     29-3

IP ACLs, described     29-5, 29-7

MAC ACLs, described     29-5, 29-7

pass-through mode, described     29-34

per physical port     29-40

per-port per-VLAN     29-42

policy maps, described     29-7

port default, described     29-5

trust DSCP, described     29-5

trusted CoS, described     29-5

trust IP precedence, described     29-5

types for IP traffic     29-5

types for non-IP traffic     29-5

class maps

configuring per physical port     29-40

configuring per-port per-VLAN     29-42

displaying     29-70

QoS (continued)

configuration examples

distribution layer     29-73

existing wiring closet     29-71

intelligent wiring closet     29-72

configuration guidelines

auto-QoS     29-21

standard QoS     29-27

configuring

aggregate policers     29-50

auto-QoS     29-17

default port CoS value     29-32

DSCP maps     29-52

DSCP trust states bordering another domain     29-35

egress queues on 10/100 Ethernet ports     29-65

egress queues on Gigabit-capable Ethernet ports     29-58

IP extended ACLs     29-38

IP standard ACLs     29-37

MAC ACLs     29-39

pass-through mode     29-34

policy maps     29-44

port trust states within the domain     29-30

trusted boundary     29-33

default auto configuration     29-18

default standard configuration     29-26

displaying statistics     29-70

enabling globally     29-29

flowcharts

classification     29-6

policing and marking     29-10

queueing and scheduling     29-12, 29-15

implicit deny     29-7

IP phones

automatic classification and queueing     29-17

detection and trusted settings     29-17, 29-33

QoS (continued)

mapping tables

CoS-to-DSCP     29-53

CoS-to-egress-queue     29-59

displaying     29-70

DSCP-to-CoS     29-55

DSCP-to-DSCP-mutation     29-57

DSCP-to-threshold     29-61

IP-precedence-to-DSCP     29-54

policed-DSCP     29-55

types of     29-10

marked-down actions     29-47

marking, described     29-4, 29-8

overview     29-2

packet modification     29-17

pass-through mode     29-34

policers

configuring     29-47, 29-50

described     29-8

displaying     29-70

number of     29-9

types of     29-8

policies, attaching to an interface     29-9

policing

described     29-4, 29-8

token bucket algorithm     29-8

policy maps

characteristics of     29-44

configuring     29-44

displaying     29-70

queueing, defined     29-4

queues

CoS-to-egress-queue map     29-59

for 10/100 Ethernet ports     29-15

high priority (expedite)     29-13, 29-64

minimum-reserve levels     29-67

serviced by WRR     29-13, 29-16

size of     29-12, 29-15

size ratios     29-60

QoS (continued)

queues (continued)

tail-drop threshold percentages     29-13, 29-60

WRED drop-percentage thresholds     29-13, 29-62

WRR scheduling     29-64

scheduling

allocating bandwidth on 10/100 Ethernet ports     29-68

allocating bandwidth on Gigabit-capable ports     29-64

defined     29-4

support for     1-6

tail drop

configuring drop threshold percentages     29-60

described     29-13

trust states

bordering another domain     29-35

described     29-5

trusted device     29-33

within the domain     29-30

WRED

configuring drop-percentage thresholds     29-62

described     29-14

WRR scheduling     29-64

quality of service

See QoS

queries, IGMP     20-4

R

RADIUS

attributes

vendor-proprietary     7-31

vendor-specific     7-29

configuring

accounting     7-28

authentication     7-23

authorization     7-27

communication, global     7-21, 7-29

communication, per-server     7-20, 7-21

multiple UDP ports     7-21

RADIUS (continued)

default configuration     7-20

defining AAA server groups     7-25

described     7-18

displaying the configuration     7-31

identifying the server     7-20

limiting the services to the user     7-27

method list, defined     7-20

operation of     7-19

suggested network environments     7-18

tracking services accessed by user     7-28

Random Early Detection, described     29-14

range

macro     9-12

of interfaces     9-11

rapid convergence     16-7

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described     15-9

IEEE 802.1Q trunking interoperability     15-10

instances supported     15-9

rapid-PVST+     11-2

Rapid Spanning Tree Protocol

See RSTP

RARP     31-8

rcommand command     5-3

RCP

configuration files

downloading     B-16

overview     B-14

preparing the server     B-15

uploading     B-17

image files

deleting old image     B-30

downloading     B-28

preparing the server     B-27

uploading     B-30

reconfirmation interval, VMPS, changing     11-31

recovery procedures     37-1

redundancy

EtherChannel     30-2

features     1-3

HSRP     32-1

STP

backbone     15-7

multidrop backbone     17-5

path cost     11-25

port priority     11-23

redundant links and UplinkFast     17-17

reliable transport protocol, EIGRP     31-33

reloading software     3-16

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

report suppression, IGMP

described     20-7

disabling     20-13

resequencing ACL entries     28-16

resets, in BGP     31-45

resetting a UDLD-shutdown interface     23-6

restricting access

NTP services     6-8

overview     7-1

passwords and privilege levels     7-2

RADIUS     7-17

TACACS+     7-10

retry count, VMPS, changing     11-32

reverse address resolution     31-8

Reverse Address Resolution Protocol

See RARP

RFC

1058, RIP     31-19

1112, IP multicast and IGMP     20-2

1157, SNMPv1     27-2

RFC (continued)

1163, BGP     31-39

1166, IP addresses     31-5

1253, OSPF     31-24

1267, BGP     31-39

1305, NTP     6-2

1587, NSSAs     31-24

1757, RMON     25-2

1771, BGP     31-39

1901, SNMPv2C     27-2

1902 to 1907, SNMPv2     27-2

2236, IP multicast and IGMP     20-2

2273-2275, SNMPv3     27-2

RIP

advertisements     31-19

authentication     31-22

configuring     31-20

default configuration     31-19

described     31-19

hop counts     31-19

split horizon     31-22

summary addresses     31-22

support for     1-7

RMON

default configuration     25-3

displaying status     25-6

enabling alarms and events     25-3

groups supported     25-2

overview     25-1

statistics

collecting group Ethernet     25-5

collecting group history     25-5

support for     1-7

root guard

described     17-12

enabling     17-20

support for     1-4

root switch

MSTP     16-14

STP     15-14

route calculation timers, OSPF     31-30

route dampening, BGP     31-57

routed packets, ACLs on     28-39

routed ports

configuring     31-3

defined     9-4

IP addresses on     9-20, 31-3

route-map command for policy-based routing     31-78

route maps

BGP     31-48

policy-based routing, defined     31-77

router ACLs     28-2

route reflectors, BGP     31-56

router ID, OSPF     31-31

route selection, BGP     31-46

route summarization, OSPF     31-29

route targets, VPN     31-62

routing

default     31-2

dynamic     31-2

redistribution of information     31-74

static     31-2

routing domain confederation, BGP     31-55

Routing Information Protocol

See RIP

routing protocol administrative distances     31-72

RSPAN

configuration guidelines     24-16

default configuration     24-8

destination ports     24-5

displaying status     24-24

IDS     24-2

interaction with other features     24-6

monitored ports     24-4

monitoring ports     24-5

overview     1-7, 24-1

RSPAN (continued)

received traffic     24-3

reflector port     24-5

session limits     24-8

sessions

creating     24-17

defined     24-3

limiting source traffic to specific VLANs     24-23

monitoring VLANs     24-22

removing source (monitored) ports     24-21

specifying monitored ports     24-17

source ports     24-4

transmitted traffic     24-4

VLAN-based     24-6

RSTP

active topology, determining     16-6

BPDU

format     16-9

processing     16-10

designated port, defined     16-6

designated switch, defined     16-6

interoperability with IEEE 802.1D

described     16-5

restarting migration process     16-22

topology changes     16-10

overview     16-6

port roles

described     16-6

synchronized     16-8

proposal-agreement handshake process     16-7

rapid convergence

described     16-7

edge ports and Port Fast     16-7

point-to-point links     16-7, 16-22

root ports     16-7

root port, defined     16-6

See also MSTP

running configuration, saving     3-11

S

scheduled reloads     3-16

SDM

configuring     6-29

described     6-26

templates

number of     6-26

resources used for Fast Ethernet switches     6-27

resources used for Gigabit Ethernet switches     6-27

sdm prefer extended-match command     31-63

secure HTTP client

configuring     7-47

displaying     7-47

secure HTTP server

configuring     7-45

displaying     7-47

secure ports, configuring     21-7

secure remote connections     7-38

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port     21-7

security features     1-5

sequence numbers in log messages     26-8

server mode, VTP     12-3

service-provider networks

and customer VLANs     14-2

and IEEE 802.1Q tunneling     14-1

Layer 2 protocols across     14-7

Layer 2 protocol tunneling for EtherChannels     14-9

MSTP and RSTP     16-1

set-request operation     27-4

setup program, failed command switch replacement     37-7, 37-8

severity levels, defining in system messages     26-8

show access-lists hw-summary command     28-7

show cdp traffic command     22-5

show cluster members command     5-3

show configuration command     9-19

show fm command     28-43

show forward command     37-20

show interfaces command     9-17, 9-19

show l2protocol command     14-12, 14-14, 14-15

show mac access-group command     28-29

show running-config command

displaying ACLs     28-21, 28-22, 28-31, 28-34

interface description in     9-19

show tcam command     28-43

shutdown command on interfaces     9-23

shutdown threshold for Layer 2 protocol packets     14-10

Simple Network Management Protocol

See SNMP

Smartports macros

applying Cisco-default macros     10-6

applying global parameter values     10-5, 10-6

applying macros     10-5

applying parameter values     10-5, 10-7

configuration guidelines     10-3

creating     10-4

default configuration     10-2

defined     10-1

displaying     10-8

tracing     10-3

website     10-2

SNAP     22-1

SNMP

accessing MIB variables with     27-4

agent

described     27-4

disabling     27-7

community strings

configuring     27-7

for cluster switches     27-4

overview     27-4

configuration examples     27-16

default configuration     27-6

SNMP (continued)

groups     27-9

ifIndex values     27-5

in-band management     1-3

informs

and trap keyword     27-11

described     27-5

differences from traps     27-5

enabling     27-14

limiting access by TFTP servers     27-15

limiting system log messages to NMS     26-10

manager functions     1-9, 27-3

managing clusters with     5-4

MIBs

location of     A-2

supported     A-1

notifications     27-5

overview     27-1, 27-4

status, displaying     27-17

system contact and location     27-15

trap manager, configuring     27-13, 27-14

traps

described     27-3, 27-5

differences from informs     27-5

enabling     27-11, 27-14

enabling MAC address notification     6-21

overview     27-1, 27-4

types of     27-11

users     27-9

versions supported     27-2

snooping, IGMP     20-2

software images

location in flash     B-19

recovery procedures     37-2

scheduling reloads     3-16

tar file format, described     B-19

See also downloading and uploading

source addresses, in ACLs     28-13

SPAN

configuration guidelines     24-8

default configuration     24-8

destination ports     24-5

displaying status     24-24

IDS     24-2

interaction with other features     24-6

monitored ports     24-4

monitoring ports     24-5

overview     1-7, 24-1

ports, restrictions     21-10

received traffic     24-3

session limits     24-8

sessions

creating     24-10

defined     24-3

limiting source traffic to specific VLANs     24-15

monitoring VLANs     24-14

removing destination (monitoring) ports     24-13

removing source (monitored) ports     24-13

specifying monitored ports     24-10

source ports     24-4

transmitted traffic     24-4

VLAN-based     24-6

spanning tree and native VLANs     11-18

Spanning Tree Protocol

See STP

speed, configuring on interfaces     9-15

split horizon, RIP     31-22

SSH

configuring     7-39

cryptographic software image     7-37

described     7-38

encryption methods     7-38

user authentication methods, supported     7-38

SSL

configuration guidelines     7-44

configuring a secure HTTP client     7-47

configuring a secure HTTP server     7-45

SSL (continued)

cryptographic software image     7-41

described     7-41

monitoring     7-47

Stack Membership Discovery Protocol     17-6

standby command switch, requirements     5-2

standby ip command     32-5

standby router     32-1

standby timers, HSRP     32-8

startup configuration

booting

manually     3-12

specific image     3-13

clearing     B-18

configuration file

automatically downloading     3-12

specifying the filename     3-12

default boot configuration     3-11

static access ports

assigning to VLAN     11-10

defined     9-3, 11-3

static addresses

See addresses

static IP routing     1-7

static MAC addressing     1-5

static routes, configuring     31-72

static routing     31-2

static VLAN membership     11-2

statistics

CDP     22-5

IEEE 802.1x     8-24

interface     9-22

IP multicast routing     34-52

OSPF     31-32

QoS ingress and egress     29-70

RMON group Ethernet     25-5

RMON group history     25-5

SNMP input and output     27-17

VTP     12-15

sticky learning

configuration file     21-8

defined     21-8

disabling     21-8

enabling     21-8

saving addresses     21-8

storm control

configuring     21-3

default configuration     21-3

described     21-1

disabling     21-4

displaying     21-16

thresholds     21-1

STP

accelerating root port selection     17-4

BackboneFast

described     17-9

enabling     17-19

BPDU filtering

described     17-3

enabling     17-16

BPDU guard

described     17-2

enabling     17-15

BPDU message exchange     15-2

configuration guidelines     15-12, 17-14

configuring

forward-delay time     15-22

hello time     15-21

in cascaded stack     15-23

maximum aging time     15-22

path cost     15-18

port priority     15-17

root switch     15-14

secondary root switch     15-16

spanning-tree mode     15-13

switch priority     15-20

STP (continued)

counters, clearing     15-24

cross-stack UplinkFast

described     17-5

enabling     17-18

default configuration     15-11

default optional feature configuration     17-14

designated port, defined     15-3

designated switch, defined     15-3

detecting indirect link failures     17-10

disabling     15-14

displaying status     15-23

EtherChannel guard

described     17-11

enabling     17-19

extended system ID

affects on root switch     15-14

affects on the secondary root switch     15-16

overview     15-3

unexpected behavior     15-15

features supported     1-4

inferior BPDU     15-3

instances supported     15-9

interface state, blocking to forwarding     17-2

interface states

blocking     15-5

disabled     15-6

forwarding     15-5, 15-6

learning     15-6

listening     15-6

overview     15-4

interoperability and compatibility among modes     15-10

Layer 2 protocol tunneling     14-7

limitations with 802.1Q trunks     15-10

load sharing

overview     11-23

using path costs     11-25

using port priorities     11-23

STP (continued)

loop guard

described     17-13

enabling     17-20

modes supported     15-9

multicast addresses, affect of     15-8

optional features supported     1-4

overview     15-2

path costs     11-25

Port Fast

described     17-2

enabling     17-14

port priorities     11-24

preventing root switch selection     17-12

protocols supported     15-9

redundant connectivity     15-7

root guard

described     17-12

enabling     17-20

root port, defined     15-3

root switch

affects of extended system ID     15-3, 15-14

configuring     15-14

election     15-3

unexpected behavior     15-15

settings in a cascaded stack     15-23

shutdown Port Fast-enabled port     17-2

superior BPDU     15-3

timers, described     15-20

UplinkFast

described     17-3

enabling     17-17

VLAN-bridge     15-10

stratum, NTP     6-2

stub areas, OSPF     31-28

subnet mask     31-5

subnet zero     31-6

summer time     6-13

SunNet Manager     1-9

supernet     31-7

SVIs

and IP unicast routing     31-3

and router ACLs     28-3

connecting VLANs     9-8

defined     9-4

routing between VLANs     11-2

switch clustering technology

See clusters, switch

switch console port     1-3

switched packets, ACLs on     28-38

switched ports     9-2

switchport block multicast command     21-6

switchport block unicast command     21-6

switchport command     9-14

switchport mode dot1q-tunnel command     14-6

switchport protected command     21-5

switch priority

MSTP     16-19

STP     15-20

switch software features     1-1

switch virtual interfaces

See SVIs

synchronization, BGP     31-43

syslog

See system message logging

system clock

configuring

daylight saving time     6-13

manually     6-11

summer time     6-13

time zones     6-12

displaying the time and date     6-12

overview     6-1

See also NTP

System Database Management

See SDM

system message logging

default configuration     26-3

defining error message severity levels     26-8

disabling     26-4

displaying the configuration     26-12

enabling     26-4

facility keywords, described     26-12

level keywords, described     26-9

limiting messages     26-10

message format     26-2

overview     26-1

sequence numbers, enabling and disabling     26-8

setting the display destination device     26-4

synchronizing log messages     26-6

syslog facility     1-7

timestamps, enabling and disabling     26-7

UNIX syslog servers

configuring the daemon     26-11

configuring the logging facility     26-11

facilities supported     26-12

system MTU

IEEE 802.1Q tunneling     14-5

maximums     14-5

system name

default configuration     6-15

default setting     6-15

manual configuration     6-15

See also DNS

system prompt

default setting     6-14, 6-15

system resource templates     6-26

T

TACACS+

accounting, defined     7-11

authentication, defined     7-11

TACACS+ (continued)

authorization, defined     7-11

configuring

accounting     7-17

authentication key     7-13

authorization     7-16

login authentication     7-14

default configuration     7-13

displaying the configuration     7-17

identifying the server     7-13

limiting the services to the user     7-16

operation of     7-12

overview     7-10

tracking services accessed by user     7-17

tagged packets

IEEE 802.1Q     14-3

Layer 2 protocol     14-7

tail drop

described     29-13

support for     1-6

tar files

creating     B-5

displaying the contents of     B-6

extracting     B-7

image file format     B-19

TCAMs

ACL regions     28-47

ACLs not loading in     28-45

allocations, monitoring     28-48

monitoring usage     28-47

Telnet

accessing management interfaces     2-10

number of connections     1-3

setting a password     7-6

templates, system resources     6-26

temporary self-signed certificate     7-42

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password     7-6

ternary content addressable memory

See TCAM

TFTP

configuration files

downloading     B-10

preparing the server     B-10

uploading     B-11

configuration files in base directory     3-6

configuring for autoconfiguration     3-6

image files

deleting     B-22

downloading     B-21

preparing the server     B-20

uploading     B-22

limiting access by servers     27-15

TFTP server     1-3

threshold, traffic level     21-2

time

See NTP and system clock

time-range command     28-18

time ranges in ACLs     28-18

timestamps in log messages     26-7

time zones     6-12

Token Ring VLANs

support for     11-5

VTP support     12-4

TOS     1-6

traceroute, Layer 2

and ARP     37-15

and CDP     37-15

described     37-14

IP addresses and subnets     37-15

MAC addresses and VLANs     37-15

multicast traffic     37-15

multiple devices on a port     37-15

unicast traffic     37-14

usage guidelines     37-15

traceroute command     37-13

See also IP traceroute

traffic

blocking flooded     21-6

fragmented     28-5

unfragmented     28-5

traffic policing     1-6

traffic suppression     21-1

transparent mode, VTP     12-3, 12-11

trap-door mechanism     3-2

traps

configuring MAC address notification     6-21

configuring managers     27-11, 27-14

defined     27-3

enabling     6-21, 27-11, 27-14

notification types     27-11

overview     27-1, 27-4

troubleshooting

connectivity problems     37-11

detecting unidirectional links     23-1

determining packet disposition     37-20

displaying crash information     37-21

GBIC security and identification     37-10

PIMv1 and PIMv2 interoperability problems     34-22

PoE ports     37-16

show forward command     37-20

with CiscoWorks     27-4

with debug commands     37-17

with ping     37-11

with system message logging     26-1

with traceroute     37-13

trunking encapsulation     1-4

trunk ports

configuring     11-19

defined     9-3, 11-3

encapsulation     11-19, 11-24, 11-26

trunks

allowed-VLAN list     11-20

configuring     11-19, 11-24, 11-26

trunks (continued)

ISL     11-15

load sharing

setting STP path costs     11-25

using STP port priorities     11-23, 11-24

native VLAN for untagged traffic     11-22

parallel     11-25

pruning-eligible list     11-21

to non-DTP device     11-16

VLAN 1 minimization     11-20

trusted boundary for QoS     29-33

trustpoints, CA     7-42

tunneling

defined     14-1

IEEE 802.1Q     14-1

Layer 2 protocol     14-7

tunnel ports

defined     11-3

described     9-4, 14-1

IEEE 802.1Q, configuring     14-6

IEEE 802.1Q and ACLs     28-3

incompatibilities with other features     14-5

twisted-pair Ethernet, detecting unidirectional links     23-1

type of service

See TOS

U

UDLD

default configuration     23-4

echoing detection mechanism     23-3

enabling

globally     23-5

per interface     23-5

Layer 2 protocol tunneling     14-9

link-detection mechanism     23-1

neighbor database     23-2

overview     23-1

resetting an interface     23-6

UDLD (continued)

status, displaying     23-7

support for     1-3

UDP, configuring     31-15

unauthorized ports with IEEE 802.1x     8-4

unicast MAC address filtering

and adding static addresses     6-25

and broadcast MAC addresses     6-24

and CPU packets     6-24

and multicast addresses     6-24

and router MAC addresses     6-24

configuration guidelines     6-24

described     6-24

unicast storm control

See storm control

unicast storm control command     21-4

unicast traffic, blocking     21-6

UniDirectional Link Detection protocol

See UDLD

UNIX syslog servers

daemon configuration     26-11

facilities supported     26-12

message logging configuration     26-11

unrecognized Type-Length-Value (TLV) support     12-4

upgrading software images

See downloading

UplinkFast

described     17-3

enabling     17-17

support for     1-4

uploading

configuration files

preparing     B-10, B-12, B-15

reasons for     B-8

using FTP     B-14

using RCP     B-17

using TFTP     B-11

uploading (continued)

image files

preparing     B-20, B-23, B-27

reasons for     B-18

using FTP     B-26

using RCP     B-30

using TFTP     B-22

User Datagram Protocol

See UDP

user EXEC mode     2-2

username-based authentication     7-7

V

version-dependent transparent mode     12-4

Virtual Private Network

See VPN

virtual router     32-1, 32-3

vlan.dat file     11-4

VLAN 1 minimization, support for     1-4

VLAN ACLs

See VLAN maps

VLAN configuration

at bootup     11-7

saving     11-7

VLAN configuration mode     2-2, 11-6

VLAN database

and startup configuration file     11-7

and VTP     12-1

VLAN configuration saved in     11-7

VLANs saved in     11-4

vlan database command     11-6

vlan dot1q tag native command     14-4

vlan global configuration command     11-6

VLAN ID, discovering     6-29

VLAN management domain     12-2

VLAN Management Policy Server

See VMPS

VLAN map entries, order of     28-31

VLAN maps

applying     28-34

common uses for     28-34

configuration example     28-35

configuration guidelines     28-31

configuring     28-30

creating     28-31

defined     28-2

denying access example     28-36

denying and permitting packets     28-32

displaying     28-42

examples     28-36

support for     1-5

usage     28-4

VLAN membership

confirming     11-31

modes     11-3

VLAN Query Protocol

See VQP

VLANs

adding     11-8

adding to VLAN database     11-8

aging dynamic addresses     15-8

allowed on trunk     11-20

and spanning-tree instances     11-2, 11-6, 11-12

configuration guidelines, normal-range VLANs     11-5

configuration options     11-6

configuring     11-1

configuring IDs 1006 to 4094     11-12

connecting through SVIs     9-8

creating in config-vlan mode     11-8

creating in VLAN configuration mode     11-9

customer numbering in service-provider networks     14-3

default configuration     11-7

deleting     11-10

described     9-2, 11-1

displaying     11-14

extended-range     11-1, 11-11

features     1-4

VLANs (continued)

illustrated     11-2

internal     11-12

limiting source traffic with RSPAN     24-23

limiting source traffic with SPAN     24-15

modifying     11-8

monitoring with RSPAN     24-22

monitoring with SPAN     24-14

native, configuring     11-22

normal-range     11-1, 11-4

number supported     1-4

parameters     11-4

port membership modes     11-3

static-access ports     11-10

STP and IEEE 802.1Q trunks     15-10

supported     11-2

Token Ring     11-5

traffic between     11-2

trunks, VLAN 1 minimization     11-20

VLAN-bridge STP     15-10, 36-1

VTP modes     12-2

VLAN Trunking Protocol

See VTP

VLAN trunks     11-15

VMPS

administering     11-32

configuration example     11-33

configuration guidelines     11-28

default configuration     11-28

description     11-26

dynamic port membership

described     11-27

reconfirming     11-31

troubleshooting     11-33

entering server address     11-29

mapping MAC addresses to VLANs     11-27

monitoring     11-32

reconfirmation interval, changing     11-31

VMPS (continued)

reconfirming membership     11-31

retry count, changing     11-32

voice VLAN

Cisco 7960 phone, port connections     13-1

configuration guidelines     13-3

configuring IP phones for data traffic

override CoS of incoming frame     13-5

trust CoS priority of incoming frame     13-6

configuring ports for voice traffic in

802.1p priority tagged frames     13-4

802.1Q frames     13-4

connecting to an IP phone     13-3

default configuration     13-2

described     13-1

displaying     13-6

VPN

configuring routing in     31-64

forwarding     31-62

in service provider networks     31-59

routes     31-60

VPN routing and forwarding table

See VRF

VQP     1-4, 11-26

VRF

defining     31-62

tables     31-59

VTP

adding a client to a domain     12-14

advertisements     11-18, 12-3

and extended-range VLANs     12-1

and normal-range VLANs     12-1

client mode, configuring     12-10

VTP (continued)

configuration

global configuration mode     12-7

guidelines     12-8

privileged EXEC mode     12-7

requirements     12-9

saving     12-7

VLAN configuration mode     12-7

configuration mode options     12-7

configuration requirements     12-9

configuration revision number

guideline     12-14

resetting     12-14

configuring

client mode     12-10

server mode     12-9

transparent mode     12-11

consistency checks     12-4

default configuration     12-6

described     12-1

disabling     12-11

domain names     12-8

domains     12-2

Layer 2 protocol tunneling     14-7

modes

client     12-3, 12-10

server     12-3, 12-9

transitions     12-2

transparent     12-3, 12-11

monitoring     12-15

passwords     12-8

pruning

disabling     12-13

enabling     12-13

examples     12-5

overview     12-4

support for     1-4

pruning-eligible list, changing     11-21

server mode, configuring     12-9

VTP (continued)

statistics     12-15

support for     1-4

Token Ring support     12-4

transparent mode, configuring     12-11

using     12-1

version, guidelines     12-8

version 1     12-4

version 2

configuration guidelines     12-8

disabling     12-13

enabling     12-12

overview     12-4

W

WCCP

authentication     33-4

configuration guidelines     33-5

default configuration     33-5

described     33-2

displaying     33-9

enabling     33-6

features unsupported     33-4

forwarding method     33-3

Layer-2 header rewrite     33-3

MD5 security     33-4

message exchange     33-3

monitoring and maintaining     33-9

negotiation     33-3

packet redirection     33-4

packet-return method     33-3

redirecting traffic received from a client     33-6

setting the password     33-6

unsupported WCCPv2 features     33-4

Web Cache Communication Protocol

See WCCP

Weighted Random Early Detection

See WRED

Weighted Round Robin

See WRR

weighted round robin, described     29-4

wizards     1-9

WRED     1-6, 29-14

WRR     1-6, 29-4

X

Xmodem protocol     37-2