Catalyst 3560 Switch Software Configuration Guide, Rel. 12.2(25)SEE
Index
Downloads: This chapterpdf (PDF - 1.77MB) The complete bookPDF (PDF - 12.65MB) | Feedback

Index

Table Of Contents

A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -

Index

A

AAA down policy with NAC Layer 2 IP validation 1-8

abbreviating commands 2-4

ABRs 34-24

AC (command switch) 5-10

access

templates 7-1

access-class command 31-19

access control entries

See ACEs

access-denied response, VMPS 12-28

access groups

applying IPv4 ACLs to interfaces 31-20

Layer 2 31-20

Layer 3 31-20

accessing

clusters, switch 5-13

command switches 5-11

member switches 5-13

switch clusters 5-13

access lists

See ACLs

access ports

and Layer 2 protocol tunneling 16-11

defined 10-3

in switch clusters 5-9

access template 7-1

accounting

with 802.1x 9-30

with IEEE 802.1x 9-9

with RADIUS 8-28

with TACACS+ 8-11, 8-17

ACEs

and QoS 32-7

defined 31-2

Ethernet 31-2

IP 31-2

ACLs

ACEs 31-2

any keyword 31-12

applying

on bridged packets 31-38

on multicast packets 31-39

on routed packets 31-39

on switched packets 31-37

time ranges to 31-16

to an interface 31-19, 37-8

to IPv6 interfaces 37-8

to QoS 32-7

classifying traffic for QoS 32-43

comments in 31-18

compiling 31-21

defined 31-1, 31-7

examples of 31-21, 32-43

extended IP

configuring for QoS classification 32-44

extended IPv4

creating 31-10

matching criteria 31-7

hardware and software handling 31-21

host keyword 31-12

ACLs (continued)

IP

creating 31-7

fragments and QoS guidelines 32-33

implicit deny 31-9, 31-13, 31-15

implicit masks 31-9

matching criteria 31-7

undefined 31-20

IPv4

applying to interfaces 31-19

creating 31-7

matching criteria 31-7

named 31-14

numbers 31-8

terminal lines, setting on 31-18

unsupported features 31-7

IPv6

applying to interfaces 37-8

configuring 37-4, 37-5

displaying 37-9

interactions with other features 37-4

limitations 37-3

matching criteria 37-3

named 37-3

precedence of 37-2

supported 37-2

unsupported features 37-3

Layer 4 information in 31-37

logging messages 31-8

MAC extended 31-26, 32-45

matching 31-7, 31-20, 37-3

monitoring 31-40, 37-9

named

IPv6 37-3

named, IPv4 31-14

names 37-4

number per QoS class map 32-33

port 31-2, 37-2

precedence of 31-2

ACLs (continued)

QoS 32-7, 32-43

resequencing entries 31-14

router 31-2, 37-2

router ACLs and VLAN map configuration guidelines 31-36

standard IP, configuring for QoS classification 32-43

standard IPv4

creating 31-9

matching criteria 31-7

support for 1-7

support in hardware 31-21

time ranges 31-16

types supported 31-2

unsupported features

IPv6 37-3

unsupported features, IPv4 31-7

using router ACLs with VLAN maps 31-36

VLAN maps

configuration guidelines 31-30

configuring 31-29

active links 20-1

active router 38-1

address aliasing 23-2

addresses

displaying the MAC address table 6-26

dynamic

accelerated aging 17-8

changing the aging time 6-21

default aging 17-8

defined 6-19

learning 6-20

removing 6-22

MAC, discovering 6-26

multicast

group address range 39-3

STP address management 17-8

addresses (continued)

static

adding and removing 6-24

defined 6-19

address resolution 6-26, 34-8

Address Resolution Protocol

See ARP

adjacency tables, with CEF 34-74

administrative distances

defined 34-85

OSPF 34-30

routing protocol defaults 34-76

advanced IP services image 35-1

advertisements

CDP 25-1

RIP 34-19

VTP 12-19, 13-3

aggregatable global unicast addresses 35-3

aggregate addresses, BGP 34-57

aggregated ports

See EtherChannel

aggregate policers 32-58

aggregate policing 1-9

aging, accelerating 17-8

aging time

accelerated

for MSTP 18-23

for STP 17-8, 17-21

MAC address table 6-21

maximum

for MSTP 18-23, 18-24

for STP 17-21, 17-22

alarms, RMON 28-3

allowed-VLAN list 12-21

area border routers

See ABRs

ARP

configuring 34-8

defined 1-5, 6-26, 34-8

encapsulation 34-9

static cache configuration 34-8

table

address resolution 6-26

managing 6-26

ASBRs 34-24

AS-path filters, BGP 34-52

asymmetrical links, and IEEE 802.1Q tunneling 16-4

attributes, RADIUS

vendor-proprietary 8-30

vendor-specific 8-29

audience xxxix

authentication

EIGRP 34-39

HSRP 38-9

local mode with AAA 8-36

NTP associations 6-4

RADIUS

key 8-21

login 8-23

TACACS+

defined 8-11

key 8-13

login 8-14

See also port-based authentication

authentication failed VLAN

See restricted VLAN

authentication keys, and routing protocols 34-86

authoritative time source, described 6-2

authorization

with RADIUS 8-27

with TACACS+ 8-11, 8-16

authorized ports with IEEE 802.1x 9-7

autoconfiguration 3-3

automatic discovery

considerations

beyond a noncandidate device 5-7

brand new switches 5-9

connectivity 5-4

different VLANs 5-6

management VLANs 5-7

non-CDP-capable devices 5-6

noncluster-capable devices 5-6

routed ports 5-8

in switch clusters 5-4

See also CDP

automatic QoS

See QoS

automatic recovery, clusters 5-10

See also HSRP

auto-MDIX

configuring 10-19

described 10-19

autonegotiation

duplex mode 1-3

interface configuration guidelines 10-16

mismatches 42-11

autonomous system boundary routers

See ASBRs

autonomous systems, in BGP 34-45

Auto-RP, described 39-5

autosensing, port speed 1-3

auxiliary VLAN

See voice VLAN

availability, features 1-6

B

BackboneFast

described 19-5

disabling 19-14

enabling 19-13

support for 1-6

backup interfaces

See Flex Links

backup links 20-1

banners

configuring

login 6-19

message-of-the-day login 6-18

default configuration 6-17

when displayed 6-17

BGP

aggregate addresses 34-57

aggregate routes, configuring 34-57

CIDR 34-57

clear commands 34-61

community filtering 34-54

configuring neighbors 34-56

default configuration 34-43

described 34-42

enabling 34-45

monitoring 34-61

multipath support 34-49

neighbors, types of 34-45

path selection 34-49

peers, configuring 34-56

prefix filtering 34-53

resetting sessions 34-48

route dampening 34-60

route maps 34-51

route reflectors 34-59

routing domain confederation 34-58

routing session with multi-VRF CE 34-68

show commands 34-61

supernets 34-57

support for 1-10

Version 4 34-42

binding cluster group and HSRP group 38-11

binding database

address, DHCP server

See DHCP, Cisco IOS server database

DHCP snooping

See DHCP snooping binding database

bindings

address, Cisco IOS DHCP server 21-6

DHCP snooping database 21-7

IP source guard 21-15

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets 24-6

booting

boot loader, function of 3-2

boot process 3-2

manually 3-13

specific image 3-13

boot loader

accessing 3-14

described 3-2

environment variables 3-14

prompt 3-14

trap-door mechanism 3-2

bootstrap router (BSR), described 39-5

Border Gateway Protocol

See BGP

BPDU

error-disabled state 19-2

filtering 19-3

RSTP format 18-12

BPDU filtering

described 19-3

disabling 19-12

enabling 19-12

support for 1-6

BPDU guard

described 19-2

disabling 19-11

enabling 19-11

support for 1-6

bridged packets, ACLs on 31-38

bridge groups

See fallback bridging

bridge protocol data unit

See BPDU

broadcast flooding 34-16

broadcast packets

directed 34-13

flooded 34-13

broadcast storm-control command 24-4

broadcast storms 24-1, 34-13

C

cables, monitoring for unidirectional links 26-1

candidate switch

automatic discovery 5-4

defined 5-3

requirements 5-3

See also command switch, cluster standby group, and member switch

CA trustpoint

configuring 8-45

defined 8-43

caution, described xl

CDP

and trusted boundary 32-39

automatic discovery in switch clusters 5-4

configuring 25-2

default configuration 25-2

described 25-1

disabling for routing device25-3to 25-4

CDP (continued)

enabling and disabling

on an interface 25-4

on a switch 25-3

Layer 2 protocol tunneling 16-8

monitoring 25-4

overview 25-1

power negotiation extensions 10-6

support for 1-5

transmission timer and holdtime, setting 25-2

updates 25-2

CEF

defined 34-74

enabling 34-74

IPv6 35-14

CGMP

as IGMP snooping learning method 23-9

clearing cached group entries 39-49

enabling server support 39-32

joining multicast group 23-3

overview 39-8

server support only 39-8

switch support of 1-4

CIDR 34-57

CipherSuites 8-44

Cisco 7960 IP Phone 15-1

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco Intelligence Engine 2100 Series Configuration Registrar

See IE2100

Cisco intelligent power management 10-6

Cisco IOS DHCP server

See DHCP, Cisco IOS DHCP server

Cisco IOS File System

See IFS

Cisco Network Assistant

See Network Assistant

CiscoWorks 2000 1-4, 30-4

CIST regional root

See MSTP

CIST root

See MSTP

classless interdomain routing

See CIDR

classless routing 34-6

class maps for QoS

configuring 32-46

described 32-7

displaying 32-78

class of service

See CoS

clearing interfaces 10-27

CLI

abbreviating commands 2-4

command modes 2-1

configuration logging 2-5

described 1-4

editing features

enabling and disabling 2-7

keystroke editing 2-7

wrapped lines 2-9

error messages 2-5

filtering command output 2-10

getting help 2-3

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

managing clusters 5-15

no and default forms of commands 2-4

client mode, VTP 13-3

clock

See system clock

cluster requirements xli

clusters, switch

accessing 5-13

automatic discovery 5-4

automatic recovery 5-10

benefits 1-2

compatibility 5-4

described 5-1

LRE profile considerations 5-15

managing

through CLI 5-15

through SNMP 5-16

planning 5-4

planning considerations

automatic discovery 5-4

automatic recovery 5-10

CLI 5-15

host names 5-13

IP addresses 5-13

LRE profiles 5-15

passwords 5-14

RADIUS 5-15

SNMP 5-14, 5-16

TACACS+ 5-15

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

and HSRP group 38-11

automatic recovery 5-12

considerations 5-11

defined 5-2

requirements 5-3

virtual IP address 5-11

See also HSRP

CNS

Configuration Engine

configID, deviceID, hostname 4-3

configuration service 4-2

described 4-1

event service 4-3

embedded agents

described 4-5

enabling automated configuration 4-6

enabling configuration agent 4-9

enabling event agent 4-8

Coarse Wave Division Multiplexer

See CWDM SFPs

command-line interface

See CLI

command modes 2-1

commands

abbreviating 2-4

no and default 2-4

commands, setting privilege levels 8-8

command switch

accessing 5-11

active (AC) 5-10

configuration conflicts 42-11

defined 5-2

passive (PC) 5-10

password privilege levels 5-16

priority 5-10

recovery

from command-switch failure 5-10, 42-7

from lost member connectivity 42-11

redundant 5-10

replacing

with another switch 42-9

with cluster member 42-8

requirements 5-3

standby (SC) 5-10

See also candidate switch, cluster standby group, member switch, and standby command switch

community list, BGP 34-55

community ports 14-2

community strings

configuring 5-14, 30-8

for cluster switches 30-4

in clusters 5-14

overview 30-4

SNMP 5-14

community VLANs 14-2, 14-3

compatibility, feature 24-11

config.text 3-12

configurable leave timer, IGMP 23-6

configuration, initial

defaults 1-12

Express Setup 1-2

See also getting started guide and hardware installation guide

configuration conflicts, recovering from lost member connectivity 42-11

configuration examples, network 1-14

configuration files

clearing the startup configuration B-18

creating using a text editor B-9

default name 3-12

deleting a stored configuration B-18

described B-8

downloading

automatically 3-12

preparing B-10, B-12, B-15

reasons for B-8

using FTP B-13

using RCP B-16

using TFTP B-10

guidelines for creating and using B-8

invalid combinations when copying B-5

limiting TFTP server access 30-16

obtaining with DHCP 3-7

password recovery disable considerations 8-5

specifying the filename 3-12

configuration files (continued)

system contact and location information 30-15

types and location B-9

uploading

preparing B-10, B-12, B-15

reasons for B-8

using FTP B-14

using RCP B-17

using TFTP B-11

configuration guidelines, multi-VRF CE 34-66

configuration logging 2-5

configuration settings, saving 3-10

configure terminal command 10-10

config-vlan mode 2-2, 12-7

conflicts, configuration 42-11

connections, secure remote 8-38

connectivity problems 42-13, 42-14, 42-16

consistency checks in VTP Version 2 13-4

console port, connecting to 2-11

conventions

command xl

for examples xl

publication xl

text xl

corrupted software, recovery steps with Xmodem 42-2

CoS

in Layer 2 frames 32-2

override priority 15-6

trust priority 15-6

CoS input queue threshold map for QoS 32-16

CoS output queue threshold map for QoS 32-19

CoS-to-DSCP map for QoS 32-60

counters, clearing interface 10-27

crashinfo file 42-23

critical authentication, IEEE 802.1x 9-34

cryptographic software image

Kerberos 8-32

SSH 8-37

SSL 8-42

customer edge devices 34-63

CWDM SFPs 1-21

D

daylight saving time 6-13

debugging

enabling all system diagnostics 42-20

enabling for a specific feature 42-19

redirecting error message output 42-20

using commands 42-19

default commands 2-4

default configuration

802.1x 9-20

auto-QoS 32-21

banners 6-17

BGP 34-43

booting 3-12

CDP 25-2

DHCP 21-8

DHCP option 82 21-8

DHCP snooping 21-8

DHCP snooping binding database 21-9

DNS 6-16

dynamic ARP inspection 22-5

EIGRP 34-35

EtherChannel 33-9

Ethernet interfaces 10-14

fallback bridging 41-4

Flex Links 20-4

HSRP 38-5

IEEE 802.1Q tunneling 16-4

IGMP 39-27

IGMP filtering 23-25

IGMP snooping 23-7, 36-5, 36-6

IGMP throttling 23-25

initial switch information 3-3

IP addressing, IP routing 34-4

IP multicast routing 39-8

default configuration (continued)

IP source guard 21-16

IPv6 35-9

Layer 2 interfaces 10-14

Layer 2 protocol tunneling 16-11

MAC address table 6-21

MAC address-table move update 20-4

MSDP 40-4

MSTP 18-14

multi-VRF CE 34-65

MVR 23-20

NTP 6-4

optional spanning-tree configuration 19-9

OSPF 34-25

password and privilege level 8-2

PIM 39-8

private VLANs 14-6

RADIUS 8-20

RIP 34-19

RMON 28-3

RSPAN 27-9

SDM template 7-3

SNMP 30-7

SPAN 27-9

SSL 8-44

standard QoS 32-31

STP 17-11

system message logging 29-3

system name and prompt 6-15

TACACS+ 8-13

UDLD 26-4

VLAN, Layer 2 Ethernet interfaces 12-19

VLANs 12-8

VMPS 12-29

voice VLAN 15-3

VTP 13-6

default gateway 3-10, 34-11

default networks 34-77

default routes 34-77

default routing 34-2

deleting VLANs 12-10

denial-of-service attack 24-1

description command 10-22

designing your network, examples 1-14

destination addresses

in IPv6 ACLs 37-6

destination addresses, in IPv4 ACLs 31-11

destination-IP address-based forwarding, EtherChannel 33-7

destination-MAC address forwarding, EtherChannel 33-7

detecting indirect link failures, STP 19-5

device B-18

device discovery protocol 25-1

device manager

benefits 1-2

described 1-2, 1-4

in-band management 1-5

requirements xl

upgrading a switch B-18

DHCP

Cisco IOS server database

configuring 21-14

default configuration 21-9

described 21-6

enabling

relay agent 21-10

server 21-10

DHCP-based autoconfiguration

client request message exchange 3-4

configuring

client side 3-3

DNS 3-6

relay device 3-6

server side 3-5

server-side 21-10

TFTP server 3-5

example 3-8

DHCP-based autoconfiguration (continued)

lease options

for IP address information 3-5

for receiving the configuration file 3-5

overview 3-3

relationship to BOOTP 3-4

relay support 1-5, 1-11

support for 1-5

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP option 82

circuit ID suboption 21-5

configuration guidelines 21-9

default configuration 21-8

displaying 21-15

forwarding address, specifying 21-11

helper address 21-11

overview 21-3

packet format, suboption

circuit ID 21-5

remote ID 21-5

remote ID suboption 21-5

DHCP snooping

accepting untrusted packets form edge switch 21-3, 21-12

and private VLANs 21-13

binding database

See DHCP snooping binding database

configuration guidelines 21-9

default configuration 21-8

displaying binding tables 21-15

message exchange process 21-4

option 82 data insertion 21-3

trusted interface 21-2

untrusted interface 21-2

untrusted messages 21-2

DHCP snooping binding database

adding bindings 21-14

binding file

format 21-7

location 21-7

bindings 21-7

clearing agent statistics 21-15

configuration guidelines 21-10

configuring 21-14

default configuration 21-8, 21-9

deleting

binding file 21-14

bindings 21-15

database agent 21-14

described 21-7

displaying 21-15

binding entries 21-15

status and statistics 21-15

enabling 21-14

entry 21-7

renewing database 21-15

resetting

delay value 21-14

timeout value 21-14

DHCP snooping binding table

See DHCP snooping binding database

Differentiated Services architecture, QoS 32-2

Differentiated Services Code Point 32-2

Diffusing Update Algorithm (DUAL) 34-33

directed unicast requests 1-5

directories

changing B-3

creating and removing B-4

displaying the working B-3

discovery, clusters

See automatic discovery

Distance Vector Multicast Routing Protocol

See DVMRP

distance-vector protocols 34-3

distribute-list command 34-85

DNS

and DHCP-based autoconfiguration 3-6

default configuration 6-16

displaying the configuration 6-17

in IPv6 35-4

overview 6-15

setting up 6-16

support for 1-5

documentation, related xl

document conventions xl

domain names

DNS 6-15

VTP 13-8

Domain Name System

See DNS

dot1q-tunnel switchport mode 12-18

double-tagged packets

IEEE 802.1Q tunneling 16-2

Layer 2 protocol tunneling 16-10

downloading

configuration files

preparing B-10, B-12, B-15

reasons for B-8

using FTP B-13

using RCP B-16

using TFTP B-10

image files

deleting old image B-22

preparing B-21, B-24, B-28

reasons for B-19

using CMS 1-3

using FTP B-25

using HTTP 1-3, B-18

using RCP B-29

using TFTP B-21

using the device manager or Network Assistant B-18

drop threshold for Layer 2 protocol packets 16-11

DSCP 1-9, 32-2

DSCP input queue threshold map for QoS 32-16

DSCP output queue threshold map for QoS 32-19

DSCP-to-CoS map for QoS 32-63

DSCP-to-DSCP-mutation map for QoS 32-64

DSCP transparency 32-39

DTP 1-7, 12-17

DUAL finite state machine, EIGRP 34-34

dual IPv4 and IPv6 templates 7-2, 35-1, 35-8

dual protocol stacks

configuring 35-12

IPv4 and IPv6 35-8

SDM templates supporting 35-8

DVMRP

autosummarization

configuring a summary address 39-46

disabling 39-48

connecting PIM domain to DVMRP router 39-39

enabling unicast routing 39-42

interoperability

with Cisco devices 39-37

with Cisco IOS software 39-7

mrinfo requests, responding to 39-41

neighbors

advertising the default route to 39-40

discovery with Probe messages 39-37

displaying information 39-41

prevent peering with nonpruning 39-44

rejecting nonpruning 39-43

overview 39-7

routes

adding a metric offset 39-48

advertising all 39-48

advertising the default route to neighbors 39-40

caching DVMRP routes learned in report messages 39-42

changing the threshold for syslog messages 39-45

deleting 39-49

displaying 39-50

favoring one over another 39-48

DVMRP (continued)

routes (continued)

limiting the number injected into MBONE 39-45

limiting unicast route advertisements 39-37

routing table 39-7

source distribution tree, building 39-7

support for 1-10

tunnels

configuring 39-39

displaying neighbor information 39-41

dynamic access ports

characteristics 12-3

configuring 12-30

defined 10-3

dynamic addresses

See addresses

dynamic ARP inspection

ARP cache poisoning 22-1

ARP requests, described 22-1

ARP spoofing attack 22-1

clearing

log buffer 22-15

statistics 22-15

configuration guidelines 22-6

configuring

ACLs for non-DHCP environments 22-8

in DHCP environments 22-6

log buffer 22-12

rate limit for incoming ARP packets 22-4, 22-10

default configuration 22-5

denial-of-service attacks, preventing 22-10

described 22-1

DHCP snooping binding database 22-2

displaying

ARP ACLs 22-14

configuration and operating state 22-14

log buffer 22-15

statistics 22-15

trust state and rate limit 22-14

dynamic ARP inspection (continued)

error-disabled state for exceeding rate limit 22-4

function of 22-2

interface trust states 22-3

log buffer

clearing 22-15

configuring 22-12

displaying 22-15

logging of dropped packets, described 22-4

man-in-the middle attack, described 22-2

network security issues and interface trust states 22-3

priority of ARP ACLs and DHCP snooping entries 22-4

rate limiting of ARP packets

configuring 22-10

described 22-4

error-disabled state 22-4

statistics

clearing 22-15

displaying 22-15

validation checks, performing 22-11

dynamic auto trunking mode 12-18

dynamic desirable trunking mode 12-18

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described 12-28

reconfirming 12-31

troubleshooting 12-33

types of connections 12-30

dynamic routing 34-3

Dynamic Trunking Protocol

See DTP

E

EBGP 34-41

editing features

enabling and disabling 2-7

keystrokes used 2-7

wrapped lines 2-9

EIGRP

authentication 34-39

components 34-34

configuring 34-37

default configuration 34-35

definition 34-33

interface parameters, configuring 34-38

monitoring 34-40

stub routing 34-39

support for 1-10

enable password 8-3

enable secret password 8-3

encryption, CipherSuite 8-44

encryption for passwords 8-3

Enhanced IGRP

See EIGRP

environment variables, function of 3-15

equal-cost routing 1-10, 34-75

error messages during command entry 2-5

EtherChannel

automatic creation of 33-4, 33-5

channel groups

binding physical and logical interfaces 33-3

numbering of 33-3

configuration guidelines 33-9

configuring

Layer 2 interfaces 33-10

Layer 3 physical interfaces 33-14

Layer 3 port-channel logical interfaces 33-13

EtherChannel (continued)

default configuration 33-9

described 33-2

displaying status 33-20

forwarding methods 33-6, 33-16

IEEE 802.3ad, described 33-5

interaction

with STP 33-9

with VLANs 33-10

LACP

described 33-5

displaying status 33-20

hot-standby ports 33-18

interaction with other features 33-6

modes 33-5

port priority 33-19

system priority 33-19

Layer 3 interface 34-3

load balancing 33-6, 33-16

logical interfaces, described 33-3

PAgP

aggregate-port learners 33-17

compatibility with Catalyst 1900 33-17

described 33-4

displaying status 33-20

interaction with other features 33-5

learn method and priority configuration 33-17

modes 33-4

support for 1-3

port-channel interfaces

described 33-3

numbering of 33-3

port groups 10-6

support for 1-3

EtherChannel guard

described 19-7

disabling 19-14

enabling 19-14

Ethernet VLANs

adding 12-9

defaults and ranges 12-8

modifying 12-9

EUI 35-3

events, RMON 28-3

examples

conventions for xl

network configuration 1-14

expedite queue for QoS 32-76

Express Setup 1-2

See also getting started guide

extended crashinfo file 42-23

extended-range VLANs

configuration guidelines 12-13

configuring 12-12

creating 12-13

creating with an internal VLAN ID 12-15

defined 12-1

extended system ID

MSTP 18-17

STP 17-4, 17-14

extended universal identifier

See EUI

Extensible Authentication Protocol over LAN 9-1

external BGP

See EBGP

external neighbors, BGP 34-45

F

fallback bridging

and protected ports 41-4

bridge groups

creating 41-4

described 41-2

displaying 41-11

function of 41-2

fallback bridging(continued)

bridge groups (continued)

number supported 41-5

removing 41-5

bridge table

clearing 41-11

displaying 41-11

configuration guidelines 41-4

connecting interfaces with 10-9

default configuration 41-4

described 41-1

frame forwarding

flooding packets 41-2

forwarding packets 41-2

overview 41-1

protocol, unsupported 41-4

STP

disabling on an interface 41-11

forward-delay interval 41-10

hello BPDU interval 41-9

interface priority 41-7

keepalive messages 17-2

maximum-idle interval 41-10

path cost 41-8

VLAN-bridge spanning-tree priority 41-7

VLAN-bridge STP 41-2

support for 1-10

SVIs and routed ports 41-2

unsupported protocols 41-4

VLAN-bridge STP 17-10

features, incompatible 24-11

FIB 34-74

fiber-optic, detecting unidirectional links 26-1

files

basic crashinfo

description 42-23

location 42-23

copying B-4

files (continued)

crashinfo

description 42-23

deleting B-5

displaying the contents of B-7

extended crashinfo

description 42-23

location 42-23

tar

creating B-5

displaying the contents of B-6

extracting B-7

image file format B-19

file system

displaying available file systems B-2

displaying file information B-3

local file system names B-1

network file system names B-4

setting the default B-3

filtering

in a VLAN 31-29

IPv6 traffic 37-4, 37-8

non-IP traffic 31-26

show and more command output 2-10

filtering show and more command output 2-10

filters, IP

See ACLs, IP

flash device, number of B-1

Flex Links

configuration guidelines 20-4

configuring 20-5

default configuration 20-4

description 20-1

monitoring 20-8

flooded traffic, blocking 24-7

flow-based packet classification 1-9

flowcharts

QoS classification 32-6

QoS egress queueing and scheduling 32-17

QoS ingress queueing and scheduling 32-15

QoS policing and marking 32-10

flowcontrol

configuring 10-18

described 10-18

forward-delay time

MSTP 18-23

STP 17-21

Forwarding Information Base

See FIB

forwarding nonroutable protocols 41-1

FTP

accessing MIB files A-4

configuration files

downloading B-13

overview B-12

preparing the server B-12

uploading B-14

image files

deleting old image B-27

downloading B-25

preparing the server B-24

uploading B-27

G

get-bulk-request operation 30-3

get-next-request operation 30-3, 30-5

get-request operation 30-3, 30-5

get-response operation 30-3

global configuration mode 2-2

global leave, IGMP 23-13

guest VLAN and 802.1x 9-12

guide

audience xxxix

purpose of xxxix

guide mode 1-3

GUIs

See device manager and Network Assistant

H

hardware limitations and Layer 3 interfaces 10-23

hello time

MSTP 18-22

STP 17-20

help, for the command line 2-3

hierarchical policy maps 32-8

configuration guidelines 32-33

configuring 32-52

described 32-11

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

history table, level and number of syslog messages 29-9

host names

in clusters 5-13

host ports

configuring 14-11

kinds of 14-2

hosts, limit on dynamic ports 12-33

Hot Standby Router Protocol

See HSRP

HP OpenView 1-4

HSRP

authentication string 38-9

automatic cluster recovery 5-12

binding to cluster group 38-11

cluster standby group considerations 5-11

command-switch redundancy 1-1, 1-6

configuring 38-4

default configuration 38-5

definition 38-1

HSRP (continued)

guidelines 38-5

monitoring 38-11

overview 38-1

priority 38-7

routing redundancy 1-10

support for ICMP redirect messages 38-11

timers 38-9

tracking 38-7

See also clusters, cluster standby group, and standby command switch

HTTP over SSL

see HTTPS

HTTPS 8-42

configuring 8-46

self-signed certificate 8-43

HTTP secure server 8-42

I

IBPG 34-41

ICMP

IPv6 35-4

redirect messages 34-11

support for 1-10

time-exceeded messages 42-16

traceroute and 42-16

unreachable messages 31-19

unreachable messages and IPv6 37-4

unreachables and ACLs 31-21

ICMP ping

executing 42-13

overview 42-13

ICMP Router Discovery Protocol

See IRDP

ICMPv6 35-4

IDS appliances

and ingress RSPAN 27-20

and ingress SPAN 27-13

IEEE 802.1D

See STP

IEEE 802.1p 15-1

IEEE 802.1Q

and trunk ports 10-3

configuration limitations 12-19

encapsulation 12-16

native VLAN for untagged traffic 12-23

tunneling

compatibility with other features 16-6

defaults 16-4

described 16-1

tunnel ports with other features 16-6

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3af

See PoE

IEEE 802.3x flow control 10-18

ifIndex values, SNMP 30-6

IFS 1-5

IGMP

configurable leave timer

described 23-6

enabling 23-12

configuring the switch

as a member of a group 39-27

statically connected member 39-31

controlling access to groups 39-28

default configuration 39-27

deleting cache entries 39-50

displaying groups 39-50

fast switching 39-32

IGMP (continued)

flooded multicast traffic

controlling the length of time 23-13

disabling on an interface 23-14

global leave 23-13

query solicitation 23-13

recovering from flood mode 23-13

host-query interval, modifying 39-29

joining multicast group 23-3

join messages 23-3

leave processing, enabling 23-11, 36-9

leaving multicast group 23-5

multicast reachability 39-27

overview 39-2

queries 23-4

report suppression

described 23-6

disabling 23-16, 36-11

supported versions 23-3

support for 1-4

Version 1

changing to Version 2 39-29

described 39-3

Version 2

changing to Version 1 39-29

described 39-3

maximum query response time value 39-31

pruning groups 39-31

query timeout value 39-30

IGMP filtering

configuring 23-25

default configuration 23-25

described 23-24

monitoring 23-29

support for 1-4

IGMP groups

configuring filtering 23-28

setting the maximum number 23-27

IGMP Immediate Leave

configuration guidelines 23-12

described 23-6

enabling 23-11

IGMP profile

applying 23-26

configuration mode 23-25

configuring 23-26

IGMP snooping

and address aliasing 23-2

configuring 23-7

default configuration 23-7, 36-5, 36-6

definition 23-2

enabling and disabling 23-7, 36-6

global configuration 23-7

Immediate Leave 23-6

method 23-8

monitoring 23-16, 36-11

querier

configuration guidelines 23-15

configuring 23-15

supported versions 23-3

support for 1-4

VLAN configuration 23-8

IGMP throttling

configuring 23-28

default configuration 23-25

described 23-25

displaying action 23-29

IGP 34-24

Immediate Leave, IGMP 23-6, 36-9

inaccessible authentication bypass 9-14

initial configuration

defaults 1-12

Express Setup 1-2

See also getting started guide and hardware installation guide

interface

number 10-10

range macros 10-12

interface command 10-10

interface configuration mode 2-3

interfaces

auto-MDIX, configuring 10-19

configuration guidelines

duplex and speed 10-16

configuring

procedure 10-10

configuring for IPv4 and IPv6 35-12

counters, clearing 10-27

default configuration 10-14

described 10-22

descriptive name, adding 10-22

displaying information about 10-27

flow control 10-18

management 1-4

monitoring 10-26

naming 10-22

physical, identifying 10-10

range of 10-11

restarting 10-28

shutting down 10-28

speed and duplex, configuring 10-17

status 10-26

supported 10-10

types of 10-1

interfaces range macro command 10-12

interface types 10-10

Interior Gateway Protocol

See IGP

internal BGP

See IBGP

internal neighbors, BGP 34-45

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

Internet Protocol version 6

See IPv6

Inter-Switch Link

See ISL

inter-VLAN routing 1-10, 34-2

Intrusion Detection System

See IDS appliances

IP ACLs

for QoS classification 32-7

implicit deny 31-9, 31-13

implicit masks 31-9

named 31-14

undefined 31-20

IP addresses

128-bit 35-2

candidate or member 5-3, 5-13

classes of 34-5

cluster access 5-2

command switch 5-3, 5-11, 5-13

default configuration 34-4

discovering 6-26

for IP routing 34-4

IPv6 35-2

MAC address association 34-8

monitoring 34-17

redundant clusters 5-11

standby command switch 5-11, 5-13

See also IP information

IP base image 1-1

IP broadcast address 34-15

ip cef distributed command 34-74

IP directed broadcasts 34-13

ip igmp profile command 23-25

IP information

assigned

manually 3-9

through DHCP-based autoconfiguration 3-3

default configuration 3-3

IP multicast routing

addresses

all-hosts 39-3

all-multicast-routers 39-3

host group address range 39-3

administratively-scoped boundaries, described 39-35

and IGMP snooping 23-2

Auto-RP

adding to an existing sparse-mode cloud 39-15

benefits of 39-13

clearing the cache 39-50

configuration guidelines 39-10

filtering incoming RP announcement messages 39-17

overview 39-5

preventing candidate RP spoofing 39-17

preventing join messages to false RPs 39-16

setting up in a new internetwork 39-14

using with BSR 39-22

bootstrap router

configuration guidelines 39-10

configuring candidate BSRs 39-20

configuring candidate RPs 39-21

defining the IP multicast boundary 39-19

defining the PIM domain border 39-18

overview 39-5

using with Auto-RP 39-22

Cisco implementation 39-2

configuring

basic multicast routing 39-10

IP multicast boundary 39-35

default configuration 39-8

enabling

multicast forwarding 39-10

PIM mode 39-11

IP multicast routing (continued)

group-to-RP mappings

Auto-RP 39-5

BSR 39-5

MBONE

deleting sdr cache entries 39-50

described 39-33

displaying sdr cache 39-51

enabling sdr listener support 39-34

limiting DVMRP routes advertised 39-45

limiting sdr cache entry lifetime 39-34

SAP packets for conference session announcement 39-33

Session Directory (sdr) tool, described 39-33

monitoring

packet rate loss 39-51

peering devices 39-51

tracing a path 39-51

multicast forwarding, described 39-6

PIMv1 and PIMv2 interoperability 39-9

protocol interaction 39-2

reverse path check (RPF) 39-6

routing table

deleting 39-50

displaying 39-50

RP

assigning manually 39-12

configuring Auto-RP 39-13

configuring PIMv2 BSR 39-18

monitoring mapping information 39-23

using Auto-RP and BSR 39-22

statistics, displaying system and network 39-50

See also CGMP

See also DVMRP

See also IGMP

See also PIM

IP phones

and QoS 15-1

automatic classification and queueing 32-20

configuring 15-4

ensuring port security with QoS 32-38

trusted boundary for QoS 32-38

IP precedence 32-2

IP-precedence-to-DSCP map for QoS 32-61

IP protocols

in ACLs 31-11

routing 1-10

IP routes, monitoring 34-87

IP routing

connecting interfaces with 10-9

disabling 34-18

enabling 34-18

IP services image 1-1

IP source guard

and 802.1x 21-17

and DHCP snooping 21-15

and EtherChannels 21-17

and port security 21-17

and private VLANs 21-17

and routed ports 21-17

and TCAM entries 21-17

and trunk interfaces 21-17

and VRF 21-17

binding configuration

automatic 21-15

manual 21-15

binding table 21-15

configuration guidelines 21-17

default configuration 21-16

described 21-15

disabling 21-18

displaying

bindings 21-19

configuration 21-19

enabling 21-17

IP source guard(continued)

filtering

source IP address 21-16

source IP and MAC address 21-16

source IP address filtering 21-16

source IP and MAC address filtering 21-16

static bindings

adding 21-17

deleting 21-18

IP traceroute

executing 42-17

overview 42-16

IP unicast routing

address resolution 34-8

administrative distances 34-76, 34-85

ARP 34-8

assigning IP addresses to Layer 3 interfaces 34-5

authentication keys 34-86

broadcast

address 34-15

flooding 34-16

packets 34-13

storms 34-13

classless routing 34-6

configuring static routes 34-75

default

addressing configuration 34-4

gateways 34-11

networks 34-77

routes 34-77

routing 34-2

directed broadcasts 34-13

disabling 34-18

dynamic routing 34-3

enabling 34-18

EtherChannel Layer 3 interface 34-3

IGP 34-24

inter-VLAN 34-2

IP unicast routing (continued)

IP addressing

classes 34-5

configuring 34-4

IPv6 35-3

IRDP 34-11

Layer 3 interfaces 34-3

MAC address and IP address 34-8

passive interfaces 34-84

protocols

distance-vector 34-3

dynamic 34-3

link-state 34-3

proxy ARP 34-8

redistribution 34-78

reverse address resolution 34-8

routed ports 34-3

static routing 34-3

steps to configure 34-4

subnet mask 34-5

subnet zero 34-6

supernet 34-6

UDP 34-14

with SVIs 34-3

See also BGP

See also EIGRP

See also OSPF

See also RIP

IPv4 ACLs

applying to interfaces 31-19

extended, creating 31-10

named 31-14

standard, creating 31-9

IPv4 and IPv6

configuring on an interface 35-12

differences 35-2

dual protocol stacks 35-6

IPv6

ACLs

displaying 37-9

limitations 37-3

matching criteria 37-3

port 37-2

precedence 37-2

router 37-2

supported 37-2

addresses 35-2

address formats 35-2

advantages 35-2

applications 35-5

assigning address 35-10

autoconfiguration 35-5

CEFv6 35-14

configuring static routes 35-15

default configuration 35-9

defined 35-1

enabling 35-10

feature limitations 35-7

features not supported 35-6

ICMP 35-4

ICMP rate limiting 35-14

monitoring 35-21

neighbor discovery 35-4

OSPF 35-19

path MTU discovery 35-4

reasons for 35-1

RIP 35-17

SDM templates 7-2, 35-7, 36-1, 37-1

supported features 35-3

switch limitations 35-7

IPv6 traffic, filtering 37-4

IRDP

configuring 34-12

definition 34-11

support for 1-10

ISL

and IPv6 35-3

and trunk ports 10-3

encapsulation 1-7, 12-16

trunking with IEEE 802.1 tunneling 16-5

isolated port 14-2

isolated VLANs 14-2, 14-3

J

join messages, IGMP 23-3

K

KDC

described 8-32

See also Kerberos

keepalive messages 17-2

Kerberos

authenticating to

boundary switch 8-34

KDC 8-34

network services 8-35

configuration examples 8-32

configuring 8-35

credentials 8-32

cryptographic software image 8-32

described 8-32

KDC 8-32

operation 8-34

realm 8-33

server 8-33

support for 1-9

switch as trusted third party 8-32

terms 8-33

TGT 8-34

tickets 8-32

key distribution center

See KDC

L

l2protocol-tunnel command 16-13

LACP

Layer 2 protocol tunneling 16-9

See EtherChannel

Layer 2 frames, classification with CoS 32-2

Layer 2 interfaces, default configuration 10-14

Layer 2 protocol tunneling

configuring 16-10

configuring for EtherChannels 16-14

default configuration 16-11

defined 16-8

guidelines 16-12

Layer 2 traceroute

and ARP 42-15

and CDP 42-15

broadcast traffic 42-15

described 42-15

IP addresses and subnets 42-15

MAC addresses and VLANs 42-15

multicast traffic 42-15

multiple devices on a port 42-16

unicast traffic 42-15

usage guidelines 42-15

Layer 3 features 1-10

Layer 3 interfaces

assigning IP addresses to 34-5

assigning IPv4 and IPv6 addresses to 35-12

assigning IPv6 addresses to 35-11

changing from Layer 2 mode 34-5

types of 34-3

Layer 3 packets, classification methods 32-2

LDAP 4-2

LEDs, switch

See hardware installation guide

lightweight directory access protocol

See LDAP

line configuration mode 2-3

Link Aggregation Control Protocol

See EtherChannel

Link Failure

detecting unidirectional 18-8

link local unicast addresses 35-3

link redundancy

See Flex Links

links, unidirectional 26-1

link state advertisements (LSAs) 34-28

link-state protocols 34-3

link-state tracking

configuring 33-23

described 33-21

load balancing 38-3

local SPAN 27-2

logging messages, ACL 31-8

login authentication

with RADIUS 8-23

with TACACS+ 8-14

login banners 6-17

log messages

See system message logging

Long-Reach Ethernet (LRE) technology 1-16

loop guard

described 19-9

enabling 19-15

support for 1-6

LRE profiles, considerations in switch clusters 5-15

M

MAC addresses

aging time 6-21

and VLAN association 6-20

building the address table 6-20

default configuration 6-21

MAC addresses (continued)

discovering 6-26

displaying 6-26

displaying in the IP source binding table 21-19

dynamic

learning 6-20

removing 6-22

in ACLs 31-26

IP address association 34-8

static

adding 6-24

allowing 6-26

characteristics of 6-24

dropping 6-25

removing 6-24

MAC address notification, support for 1-11

MAC address-table move update

configuration guidelines 20-4

configuring 20-6

default configuration 20-4

description 20-2

monitoring 20-8

MAC address-to-VLAN mapping 12-28

MAC authentication bypass

configuring 9-36

described 9-17

guidelines 9-23

MAC extended access lists

applying to Layer 2 interfaces 31-28

configuring for QoS 32-45

creating 31-26

defined 31-26

for QoS classification 32-5

macros

See Smartports macros

magic packet 9-17

manageability features 1-5

management access

in-band

browser session 1-5

CLI session 1-5

device manager 1-5

SNMP 1-5

out-of-band console port connection 1-5

management options

CLI 2-1

clustering 1-3

CNS 4-1

Network Assistant 1-2

overview 1-4

management VLAN

considerations in switch clusters 5-7

discovery through different management VLANs 5-7

mapping tables for QoS

configuring

CoS-to-DSCP 32-60

DSCP 32-60

DSCP-to-CoS 32-63

DSCP-to-DSCP-mutation 32-64

IP-precedence-to-DSCP 32-61

policed-DSCP 32-62

described 32-12

marking

action in policy map 32-48

action with aggregate policers 32-58

described 32-4, 32-8

matching

IPv6 ACLs 37-3

matching, IPv4 ACLs 31-7

maximum aging time

MSTP 18-23

STP 17-21

maximum hop count, MSTP 18-24

maximum-paths command 34-49, 34-75

membership mode, VLAN port 12-3

member switch

automatic discovery 5-4

defined 5-2

managing 5-15

passwords 5-13

recovering from lost connectivity 42-11

requirements 5-3

See also candidate switch, cluster standby group, and standby command switch

messages

to users through banners 6-17

messages, to users through banners 6-17

metrics, in BGP 34-50

metric translations, between routing protocols 34-81

metro tags 16-2

MHSRP 38-3

MIBs

accessing files with FTP A-4

location of files A-4

overview 30-1

SNMP interaction with 30-4

supported A-1

mirroring traffic for analysis 27-1

mismatches, autonegotiation 42-11

module number 10-10

monitoring

access groups 31-40

BGP 34-61

cables for unidirectional links 26-1

CDP 25-4

CEF 34-74

EIGRP 34-40

fallback bridging 41-11

features 1-11

Flex Links 20-8

HSRP 38-11

IEEE 802.1Q tunneling 16-18

monitoring (continued)

IGMP

filters 23-29

snooping 23-16, 36-11

interfaces 10-26

IP

address tables 34-17

multicast routing 39-49

routes 34-87

IPv4 ACL configuration 31-40

IPv6 35-21

IPv6 ACL configuration 37-9

Layer 2 protocol tunneling 16-18

MAC address-table move update 20-8

MSDP peers 40-19

multicast router interfaces 23-17, 36-11

multi-VRF CE 34-73

MVR 23-24

network traffic for analysis with probe 27-2

OSPF 34-33

port

blocking 24-17

protection 24-17

private VLANs 14-14

RP mapping information 39-23

SFP status 10-27, 42-13

source-active messages 40-19

speed and duplex mode 10-17

traffic flowing among switches 28-1

traffic suppression 24-16

tunneling 16-18

VLAN

filters 31-41

maps 31-41

VLANs 12-16

VMPS 12-32

VTP 13-16

MSDP

benefits of 40-3

clearing MSDP connections and statistics 40-19

controlling source information

forwarded by switch 40-12

originated by switch 40-9

received by switch 40-14

default configuration 40-4

dense-mode regions

sending SA messages to 40-17

specifying the originating address 40-18

filtering

incoming SA messages 40-14

SA messages to a peer 40-12

SA requests from a peer 40-11

join latency, defined 40-6

meshed groups

configuring 40-16

defined 40-16

originating address, changing 40-18

overview 40-1

peer-RPF flooding 40-2

peers

configuring a default 40-4

monitoring 40-19

peering relationship, overview 40-1

requesting source information from 40-8

shutting down 40-16

source-active messages

caching 40-6

clearing cache entries 40-19

defined 40-2

filtering from a peer 40-11

filtering incoming 40-14

filtering to a peer 40-12

limiting data with TTL 40-14

monitoring 40-19

restricting advertised sources 40-9

support for 1-10

MSTP

boundary ports

configuration guidelines 18-15

described 18-6

BPDU filtering

described 19-3

enabling 19-12

BPDU guard

described 19-2

enabling 19-11

CIST, described 18-3

CIST regional root 18-3

CIST root 18-5

configuration guidelines 18-15, 19-10

configuring

forward-delay time 18-23

hello time 18-22

link type for rapid convergence 18-24

maximum aging time 18-23

maximum hop count 18-24

MST region 18-16

neighbor type 18-25

path cost 18-20

port priority 18-19

root switch 18-17

secondary root switch 18-18

switch priority 18-21

CST

defined 18-3

operations between regions 18-4

default configuration 18-14

default optional feature configuration 19-9

displaying status 18-26

enabling the mode 18-16

EtherChannel guard

described 19-7

enabling 19-14

MSTP (continued)

extended system ID

effects on root switch 18-17

effects on secondary root switch 18-18

unexpected behavior 18-17

IEEE 802.1s

implementation 18-6

port role naming change 18-7

terminology 18-5

instances supported 17-9

interface state, blocking to forwarding 19-2

interoperability and compatibility among modes 17-10

interoperability with IEEE 802.1D

described 18-8

restarting migration process 18-25

IST

defined 18-3

master 18-3

operations within a region 18-3

loop guard

described 19-9

enabling 19-15

mapping VLANs to MST instance 18-16

MST region

CIST 18-3

configuring 18-16

described 18-2

hop-count mechanism 18-5

IST 18-3

supported spanning-tree instances 18-2

optional features supported 1-6

overview 18-2

Port Fast

described 19-2

enabling 19-10

preventing root switch selection 19-8

MSTP (continued)

root guard

described 19-8

enabling 19-15

root switch

configuring 18-17

effects of extended system ID 18-17

unexpected behavior 18-17

shutdown Port Fast-enabled port 19-2

status, displaying 18-26

multicast groups

Immediate Leave 23-6

joining 23-3

leaving 23-5

static joins 23-11, 36-7

multicast packets

ACLs on 31-39

blocking 24-7

multicast router interfaces, monitoring 23-17, 36-11

multicast router ports, adding 23-10, 36-8

Multicast Source Discovery Protocol

See MSDP

multicast storm 24-1

multicast storm-control command 24-4

multicast television application 23-19

multicast VLAN 23-18

Multicast VLAN Registration

See MVR

Multiple HSRP

See MHSRP

multiple VPN routing/forwarding in customer edge devices

See multi-VRF CE

multi-VRF CE

configuration example 34-69

configuration guidelines 34-66

configuring 34-65

default configuration 34-65

defined 34-62

multi-VRF CE (continued)

displaying 34-73

monitoring 34-73

network components 34-65

packet-forwarding process 34-64

support for 1-10

MVR

and address aliasing 23-21

and IGMPv3 23-21

configuration guidelines 23-21

configuring interfaces 23-22

default configuration 23-20

described 23-18

example application 23-19

modes 23-22

monitoring 23-24

multicast television application 23-19

setting global parameters 23-21

support for 1-4

N

NAC

AAA down policy 1-8

critical authentication 9-14, 9-34

IEEE 802.1x authentication using a RADIUS server 9-37

IEEE 802.1x validation using a RADIUS server 9-37

inaccessible authentication bypass 1-8, 9-34

Layer 2 IEEE 802.1x validation 1-8, 9-37

Layer 2 IEEE802.1x validation 9-18

Layer 2 IP validation 1-8

named IPv4 ACLs 31-14

NameSpace Mapper

See NSM

native VLAN

and IEEE 802.1Q tunneling 16-4

configuring 12-23

default 12-23

neighbor discovery, IPv6 35-4

neighbor discovery/recovery, EIGRP 34-34

neighbors, BGP 34-56

Network Admission Control

see NAC

Network Assistant

benefits 1-2

described 1-4

downloading image files 1-3

guide mode 1-3

management options 1-2

requirements xl

upgrading a switch B-18

wizards 1-3

network configuration examples

increasing network performance 1-15

large network 1-20

long-distance, high-bandwidth transport 1-21

providing network services 1-15

server aggregation and Linux server cluster 1-17

small to medium-sized network 1-18

network design

performance 1-15

services 1-15

network management

CDP 25-1

RMON 28-1

SNMP 30-1

Network Time Protocol

See NTP

no commands 2-4

nonhierarchical policy maps

configuration guidelines 32-33

configuring 32-48

described 32-9

non-IP traffic filtering 31-26

nontrunking mode 12-18

normal-range VLANs 12-4

configuration guidelines 12-6

configuration modes 12-7

configuring 12-4

defined 12-1

no switchport command 10-4

note, described xl

not-so-stubby areas

See NSSA

NSM 4-3

NSSA, OSPF 34-28

NTP

associations

authenticating 6-4

defined 6-2

enabling broadcast messages 6-6

peer 6-5

server 6-5

default configuration 6-4

displaying the configuration 6-11

overview 6-2

restricting access

creating an access group 6-8

disabling NTP services per interface 6-10

source IP address, configuring 6-10

stratum 6-2

support for 1-5

synchronizing devices 6-5

time

services 6-2

synchronizing 6-2

O

Open Shortest Path First

See OSPF

optimizing system resources 7-1

options, management 1-4

OSPF

area parameters, configuring 34-28

configuring 34-26

default configuration

metrics 34-30

route 34-30

settings 34-25

described 34-24

for IPv6 35-19

interface parameters, configuring 34-27

LSA group pacing 34-32

monitoring 34-33

router IDs 34-32

route summarization 34-30

support for 1-10

virtual links 34-30

out-of-profile markdown 1-9

P

packet modification, with QoS 32-19

PAgP

Layer 2 protocol tunneling 16-9

See EtherChannel

parallel paths, in routing tables 34-75

passive interfaces

configuring 34-84

OSPF 34-30

passwords

default configuration 8-2

disabling recovery of 8-5

encrypting 8-3

for security 1-7

in clusters 5-14

overview 8-1

recovery of 42-3

passwords (continued)

setting

enable 8-3

enable secret 8-3

Telnet 8-6

with usernames 8-6

VTP domain 13-8

path cost

MSTP 18-20

STP 17-18

path MTU discovery 35-4

PBR

defined 34-81

enabling 34-82

fast-switched policy-based routing 34-83

local policy-based routing 34-83

PC (passive command switch) 5-10

peers, BGP 34-56

performance, network design 1-15

performance features 1-3

persistent self-signed certificate 8-43

per-VLAN spanning-tree plus

See PVST+

PE to CE routing, configuring 34-68

physical ports 10-2

PIM

default configuration 39-8

dense mode

overview 39-4

rendezvous point (RP), described 39-4

RPF lookups 39-7

displaying neighbors 39-50

enabling a mode 39-11

overview 39-3

router-query message interval, modifying 39-26

shared tree and source tree, overview 39-23

shortest path tree, delaying the use of 39-25

PIM (continued)

sparse mode

join messages and shared tree 39-4

overview 39-4

prune messages 39-5

RPF lookups 39-7

support for 1-10

versions

interoperability 39-9

troubleshooting interoperability problems 39-23

v2 improvements 39-4

PIM-DVMRP, as snooping method 23-8

ping

character output description 42-14

executing 42-13

overview 42-13

PoE

auto mode 10-8

CDP with power consumption, described 10-6

CDP with power negotiation, described 10-6

Cisco intelligent power management 10-6

configuring 10-20

devices supported 10-6

high-power devices operating in low-power mode 10-6

IEEE power classification levels 10-7

power budgeting 10-21

power consumption 10-21

powered-device detection and initial power allocation 10-7

power management modes 10-8

power negotiation extensions to CDP 10-6

standards supported 10-6

static mode 10-8

supported watts per port 10-6

troubleshooting 42-11

policed-DSCP map for QoS 32-62

policers

configuring

for each matched traffic class 32-48

for more than one traffic class 32-58

described 32-4

displaying 32-78

number of 32-34

types of 32-9

policing

described 32-4

hierarchical

See hierarchical policy maps

token-bucket algorithm 32-9

policy-based routing

See PBR

policy maps for QoS

characteristics of 32-48

described 32-7

displaying 32-79

hierarchical 32-8

hierarchical on SVIs

configuration guidelines 32-33

configuring 32-52

described 32-11

nonhierarchical on physical ports

configuration guidelines 32-33

configuring 32-48

described 32-9

port ACLs

defined 31-2

types of 31-3

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting 9-9

authentication server

defined 9-2

RADIUS server 9-2

client, defined 9-2

port-based authentication (continued)

configuration guidelines 9-21

configuring

802.1x authentication 9-23

guest VLAN 9-31

host mode 9-26

inaccessible authentication bypass 9-34

manual re-authentication of a client 9-27

periodic re-authentication 9-26

quiet period 9-27

RADIUS server 9-26

RADIUS server parameters on the switch 9-25

restricted VLAN 9-32

switch-to-client frame-retransmission number 9-29

switch-to-client retransmission time 9-28

default configuration 9-20

described 9-1

device roles 9-2

displaying statistics 9-39

EAPOL-start frame 9-5

EAP-request/identity frame 9-5

EAP-response/identity frame 9-5

encapsulation 9-3

guest VLAN

configuration guidelines 9-13, 9-14

described 9-12

host mode 9-8

inaccessible authentication bypass

configuring 9-34

described 9-14

guidelines 9-22

initiation and message exchange 9-5

MAC authentication bypass

configuring 9-36

described 9-17

guidelines 9-23

magic packet 9-17

method lists 9-23

multiple-hosts mode, described 9-8

port-based authentication (continued)

per-user ACLs

AAA authorization 9-23

configuration tasks 9-12

described 9-11

RADIUS server attributes 9-11

ports

authorization state and dot1x port-control command 9-7

authorized and unauthorized 9-7

critical 9-14

voice VLAN 9-15

port security

and voice VLAN 9-16

described 9-16

interactions 9-16

multiple-hosts mode 9-8

resetting to default values 9-38

statistics, displaying 9-39

switch

as proxy 9-3

RADIUS client 9-3

upgrading from a previous release 9-23, 32-26

VLAN assignment

AAA authorization 9-23

characteristics 9-10

configuration tasks 9-11

described 9-10

voice VLAN

described 9-15

PVID 9-15

VVID 9-15

wake-on-LAN, described 9-17

port blocking 1-4, 24-6

port-channel

See EtherChannel

Port Fast

described 19-2

enabling 19-10

mode, spanning tree 12-29

support for 1-6

port membership modes, VLAN 12-3

port priority

MSTP 18-19

STP 17-16

ports

access 10-3

blocking 24-6

dynamic access 12-3

IEEE 802.1Q tunnel 12-4

protected 24-5

routed 10-4

secure 24-7

static-access 12-3, 12-11

switch 10-2

trunks 12-3, 12-16

VLAN assignments 12-11

port security

aging 24-15

and QoS trusted boundary 32-38

configuring 24-12

default configuration 24-10

described 24-7

displaying 24-17

on trunk ports 24-13

sticky learning 24-8

violations 24-9

with other features 24-10

port-shutdown response, VMPS 12-28

Power over Ethernet

See PoE

preemption

default configuration 20-4

preemption delay

default configuration 20-4

preferential treatment of traffic

See QoS

prefix lists, BGP 34-53

preventing unauthorized access 8-1

primary links 20-2

primary VLANs 14-1, 14-3

priority

HSRP 38-7

overriding CoS 15-6

trusting CoS 15-6

private VLAN edge ports

See protected ports

private VLANs

across multiple switches 14-4

and SDM template 14-4

and SVIs 14-5

benefits of 14-1

community ports 14-2

community VLANs 14-2, 14-3

configuration guidelines 14-6, 14-8

configuration tasks 14-6

configuring 14-9

default configuration 14-6

end station access to 14-3

IP addressing 14-3

isolated port 14-2

isolated VLANs 14-2, 14-3

mapping 14-13

monitoring 14-14

ports

community 14-2

configuration guidelines 14-8

configuring host ports 14-11

configuring promiscuous ports 14-12

described 12-4

isolated 14-2

promiscuous 14-2

primary VLANs 14-1, 14-3

promiscuous ports 14-2

private VLANs (continued)

secondary VLANs 14-2

subdomains 14-1

traffic in 14-5

privileged EXEC mode 2-2

privilege levels

changing the default for lines 8-9

command switch 5-16

exiting 8-9

logging into 8-9

mapping on member switches 5-16

overview 8-2, 8-7

setting a command with 8-8

promiscuous ports

configuring 14-12

defined 14-2

protected ports 1-7, 24-5

protocol-dependent modules, EIGRP 34-34

Protocol-Independent Multicast Protocol

See PIM

provider edge devices 34-63

proxy ARP

configuring 34-10

definition 34-8

with IP routing disabled 34-11

pruning, VTP

disabling

in VTP domain 13-14

on a port 12-23

enabling

in VTP domain 13-14

on a port 12-23

examples 13-5

overview 13-4

pruning-eligible list

changing 12-23

for VTP pruning 13-4

VLANs 13-14

PVST+

described 17-9

IEEE 802.1Q trunking interoperability 17-10

instances supported 17-9

Q

QoS

and MQC commands 32-1

auto-QoS

categorizing traffic 32-21

configuration and defaults display 32-30

configuration guidelines 32-25

described 32-20

disabling 32-27

displaying generated commands 32-27

displaying the initial configuration 32-30

effects on running configuration 32-25

egress queue defaults 32-21

enabling for VoIP 32-26

example configuration 32-28

ingress queue defaults 32-21

list of generated commands 32-22

basic model 32-4

classification

class maps, described 32-7

defined 32-4

DSCP transparency, described 32-39

flowchart 32-6

forwarding treatment 32-3

in frames and packets 32-3

IP ACLs, described 32-5, 32-7

MAC ACLs, described 32-5, 32-7

options for IP traffic 32-5

options for non-IP traffic 32-5

policy maps, described 32-7

trust DSCP, described 32-5

trusted CoS, described 32-5

trust IP precedence, described 32-5

QoS (continued)

class maps

configuring 32-46

displaying 32-78

configuration guidelines

auto-QoS 32-25

standard QoS 32-33

configuring

aggregate policers 32-58

auto-QoS 32-20

default port CoS value 32-37

DSCP maps 32-60

DSCP transparency 32-39

DSCP trust states bordering another domain 32-40

egress queue characteristics 32-70

ingress queue characteristics 32-66

IP extended ACLs 32-44

IP standard ACLs 32-43

MAC ACLs 32-45

policy maps, hierarchical 32-52

policy maps on physical ports 32-48

port trust states within the domain 32-36

trusted boundary 32-38

default auto configuration 32-21

default standard configuration 32-31

displaying statistics 32-78

DSCP transparency 32-39

egress queues

allocating buffer space 32-71

buffer allocation scheme, described 32-18

configuring shaped weights for SRR 32-75

configuring shared weights for SRR 32-76

described 32-4

displaying the threshold map 32-74

flowchart 32-17

mapping DSCP or CoS values 32-73

scheduling, described 32-4

setting WTD thresholds 32-71

WTD, described 32-19

QoS (continued)

enabling globally 32-35

flowcharts

classification 32-6

egress queueing and scheduling 32-17

ingress queueing and scheduling 32-15

policing and marking 32-10

implicit deny 32-7

ingress queues

allocating bandwidth 32-68

allocating buffer space 32-68

buffer and bandwidth allocation, described 32-16

configuring shared weights for SRR 32-68

configuring the priority queue 32-69

described 32-4

displaying the threshold map 32-67

flowchart 32-15

mapping DSCP or CoS values 32-67

priority queue, described 32-16

scheduling, described 32-4

setting WTD thresholds 32-67

WTD, described 32-16

IP phones

automatic classification and queueing 32-20

detection and trusted settings 32-20, 32-38

limiting bandwidth on egress interface 32-77

mapping tables

CoS-to-DSCP 32-60

displaying 32-78

DSCP-to-CoS 32-63

DSCP-to-DSCP-mutation 32-64

IP-precedence-to-DSCP 32-61

policed-DSCP 32-62

types of 32-12

marked-down actions 32-50, 32-55

marking, described 32-4, 32-8

overview 32-2

packet modification 32-19

QoS (continued)

policers

configuring 32-50, 32-55, 32-58

described 32-8

displaying 32-78

number of 32-34

types of 32-9

policies, attaching to an interface 32-8

policing

described 32-4, 32-8

token bucket algorithm 32-9

policy maps

characteristics of 32-48

displaying 32-79

hierarchical 32-8

hierarchical on SVIs 32-52

nonhierarchical on physical ports 32-48

QoS label, defined 32-4

queues

configuring egress characteristics 32-70

configuring ingress characteristics 32-66

high priority (expedite) 32-19, 32-76

location of 32-13

SRR, described 32-14

WTD, described 32-13

rewrites 32-19

support for 1-9

trust states

bordering another domain 32-40

described 32-5

trusted device 32-38

within the domain 32-36

quality of service

See QoS

queries, IGMP 23-4

query solicitation, IGMP 23-13

R

RADIUS

attributes

vendor-proprietary 8-30

vendor-specific 8-29

configuring

accounting 8-28

authentication 8-23

authorization 8-27

communication, global 8-21, 8-29

communication, per-server 8-20, 8-21

multiple UDP ports 8-21

default configuration 8-20

defining AAA server groups 8-25

displaying the configuration 8-31

identifying the server 8-20

in clusters 5-15

limiting the services to the user 8-27

method list, defined 8-20

operation of 8-19

overview 8-18

suggested network environments 8-18

support for 1-8

tracking services accessed by user 8-28

range

macro 10-12

of interfaces 10-11

rapid convergence 18-10

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described 17-9

IEEE 802.1Q trunking interoperability 17-10

instances supported 17-9

Rapid Spanning Tree Protocol

See RSTP

RARP 34-8

rcommand command 5-15

RCP

configuration files

downloading B-16

overview B-15

preparing the server B-15

uploading B-17

image files

deleting old image B-31

downloading B-29

preparing the server B-28

uploading B-31

reconfirmation interval, VMPS, changing 12-31

reconfirming dynamic VLAN membership 12-31

recovery procedures 42-1

redundancy

EtherChannel 33-3

HSRP 38-1

STP

backbone 17-8

path cost 12-26

port priority 12-24

redundant links and UplinkFast 19-13

reliable transport protocol, EIGRP 34-34

reloading software 3-15

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN 27-2

report suppression, IGMP

described 23-6

disabling 23-16, 36-11

requirements

cluster xli

device manager xl

Network Assistant xl

resequencing ACL entries 31-14

resets, in BGP 34-48

resetting a UDLD-shutdown interface 26-6

restricted VLAN

configuring 9-32

described 9-13

using with IEEE 802.1x 9-13

restricting access

NTP services 6-8

overview 8-1

passwords and privilege levels 8-2

RADIUS 8-17

TACACS+ 8-10

retry count, VMPS, changing 12-32

reverse address resolution 34-8

Reverse Address Resolution Protocol

See RARP

RFC

1058, RIP 34-18

1112, IP multicast and IGMP 23-2

1157, SNMPv1 30-2

1163, BGP 34-41

1166, IP addresses 34-5

1253, OSPF 34-24

1267, BGP 34-41

1305, NTP 6-2

1587, NSSAs 34-24

1757, RMON 28-2

1771, BGP 34-41

1901, SNMPv2C 30-2

1902 to 1907, SNMPv2 30-2

2236, IP multicast and IGMP 23-2

2273-2275, SNMPv3 30-2

RIP

advertisements 34-19

authentication 34-21

configuring 34-20

default configuration 34-19

described 34-19

for IPv6 35-17

hop counts 34-19

split horizon 34-22

summary addresses 34-22

support for 1-10

RMON

default configuration 28-3

displaying status 28-6

enabling alarms and events 28-3

groups supported 28-2

overview 28-1

statistics

collecting group Ethernet 28-5

collecting group history 28-5

support for 1-11

root guard

described 19-8

enabling 19-15

support for 1-6

root switch

MSTP 18-17

STP 17-14

route calculation timers, OSPF 34-30

route dampening, BGP 34-60

routed packets, ACLs on 31-39

routed ports

configuring 34-3

defined 10-4

in switch clusters 5-8

IP addresses on 10-23, 34-4

route-map command 34-83

route maps

BGP 34-51

policy-based routing 34-81

router ACLs

defined 31-2

types of 31-4

route reflectors, BGP 34-59

router ID, OSPF 34-32

route selection, BGP 34-49

route summarization, OSPF 34-30

route targets, VPN 34-65

routing

default 34-2

dynamic 34-3

redistribution of information 34-78

static 34-3

routing domain confederation, BGP 34-58

Routing Information Protocol

See RIP

routing protocol administrative distances 34-76

RSPAN 27-2

characteristics 27-8

configuration guidelines 27-15

default configuration 27-9

destination ports 27-7

displaying status 27-23

interaction with other features 27-8

monitored ports 27-5

monitoring ports 27-7

overview 1-11, 27-1

received traffic 27-4

sessions

creating 27-16

defined 27-3

limiting source traffic to specific VLANs 27-22

specifying monitored ports 27-16

with ingress traffic enabled 27-20

source ports 27-5

RSPAN (continued)

transmitted traffic 27-5

VLAN-based 27-6

RSTP

active topology 18-9

BPDU

format 18-12

processing 18-13

designated port, defined 18-9

designated switch, defined 18-9

interoperability with IEEE 802.1D

described 18-8

restarting migration process 18-25

topology changes 18-13

overview 18-8

port roles

described 18-9

synchronized 18-11

proposal-agreement handshake process 18-10

rapid convergence

described 18-10

edge ports and Port Fast 18-10

point-to-point links 18-10, 18-24

root ports 18-10

root port, defined 18-9

See also MSTP

running configuration, saving 3-10

S

SC (standby command switch) 5-10

scheduled reloads 3-15

SDM

described 7-1

templates

configuring 7-4

number of 7-1

SDM template

configuration guidelines 7-4

configuring 7-3

dual IPv4 and IPv6 7-2

types of 7-1

secondary VLANs 14-2

secure HTTP client

configuring 8-47

displaying 8-48

secure HTTP server

configuring 8-46

displaying 8-48

secure MAC addresses

deleting 24-14

maximum number of 24-9

types of 24-8

secure ports, configuring 24-7

secure remote connections 8-38

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port 24-7

security features 1-7

sequence numbers in log messages 29-7

server mode, VTP 13-3

service-provider network, MSTP and RSTP 18-1

service-provider networks

and customer VLANs 16-2

and IEEE 802.1Q tunneling 16-1

Layer 2 protocols across 16-8

Layer 2 protocol tunneling for EtherChannels 16-9

set-request operation 30-5

setup program

failed command switch replacement 42-9

replacing failed command switch 42-8

severity levels, defining in system messages 29-8

SFPs

monitoring status of 10-27, 42-13

security and identification 42-12

status, displaying 42-13

shaped round robin

See SRR

show access-lists hw-summary command 31-21

show and more command output, filtering 2-10

show cdp traffic command 25-5

show cluster members command 5-15

show configuration command 10-22

show forward command 42-20

show interfaces command 10-17, 10-22

show l2protocol command 16-13, 16-15, 16-16

show platform forward command 42-20

show running-config command

displaying ACLs 31-19, 31-20, 31-31, 31-33

interface description in 10-22

shutdown command on interfaces 10-28

shutdown threshold for Layer 2 protocol packets 16-11

Simple Network Management Protocol

See SNMP

Smartports macros

applying Cisco-default macros 11-6

applying global parameter values 11-5, 11-6

applying macros 11-5

applying parameter values 11-5, 11-7

configuration guidelines 11-3

creating 11-4

default configuration 11-2

defined 11-1

displaying 11-8

tracing 11-3

website 11-2

SNAP 25-1

SNMP

accessing MIB variables with 30-4

agent

described 30-4

disabling 30-8

authentication level 30-11

community strings

configuring 30-8

for cluster switches 30-4

overview 30-4

configuration examples 30-16

default configuration 30-7

engine ID 30-7

groups 30-7, 30-10

host 30-7

ifIndex values 30-6

in-band management 1-5

in clusters 5-14

informs

and trap keyword 30-12

described 30-5

differences from traps 30-5

disabling 30-15

enabling 30-15

limiting access by TFTP servers 30-16

limiting system log messages to NMS 29-9

manager functions 1-4, 30-3

managing clusters with 5-16

MIBs

location of A-4

supported A-1

notifications 30-5

overview 30-1, 30-4

security levels 30-3

status, displaying 30-17

system contact and location 30-15

trap manager, configuring 30-14

SNMP (continued)

traps

described 30-3, 30-5

differences from informs 30-5

disabling 30-15

enabling 30-12

enabling MAC address notification 6-22

overview 30-1, 30-5

types of 30-12

users 30-7, 30-10

versions supported 30-2

SNMPv1 30-2

SNMPv2C 30-2

SNMPv3 30-2

snooping, IGMP 23-2

software images

location in flash B-19

recovery procedures 42-2

scheduling reloads 3-16

tar file format, described B-19

See also downloading and uploading

source addresses

in IPv6 ACLs 37-6

source addresses, in IPv4 ACLs 31-11

source-and-destination-IP address based forwarding, EtherChannel 33-7

source-and-destination MAC address forwarding, EtherChannel 33-7

source-IP address based forwarding, EtherChannel 33-7

source-MAC address forwarding, EtherChannel 33-6

SPAN

configuration guidelines 27-10

default configuration 27-9

destination ports 27-7

displaying status 27-23

interaction with other features 27-8

monitored ports 27-5

monitoring ports 27-7

overview 1-11, 27-1

SPAN (continued)

ports, restrictions 24-11

received traffic 27-4

sessions

configuring ingress forwarding 27-14, 27-21

creating 27-11

defined 27-3

limiting source traffic to specific VLANs 27-14

removing destination (monitoring) ports 27-12

specifying monitored ports 27-11

with ingress traffic enabled 27-13

source ports 27-5

transmitted traffic 27-5

VLAN-based 27-6

spanning tree and native VLANs 12-19

Spanning Tree Protocol

See STP

SPAN traffic 27-4

split horizon, RIP 34-22

SRR

configuring

shaped weights on egress queues 32-75

shared weights on egress queues 32-76

shared weights on ingress queues 32-68

described 32-14

shaped mode 32-14

shared mode 32-14

support for 1-9, 1-10

SSH

configuring 8-39

cryptographic software image 8-37

described 1-5, 8-38

encryption methods 8-38

user authentication methods, supported 8-38

SSL

configuration guidelines 8-45

configuring a secure HTTP client 8-47

configuring a secure HTTP server 8-46

cryptographic software image 8-42

SSL (continued)

described 8-42

monitoring 8-48

standby command switch

configuring

considerations 5-11

defined 5-2

priority 5-10

requirements 5-3

virtual IP address 5-11

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

standby ip command 38-5

standby links 20-2

standby router 38-1

standby timers, HSRP 38-9

startup configuration

booting

manually 3-13

specific image 3-13

clearing B-18

configuration file

automatically downloading 3-12

specifying the filename 3-12

default boot configuration 3-12

stateless autoconfiguration 35-5

static access ports

assigning to VLAN 12-11

defined 10-3, 12-3

static addresses

See addresses

static IP routing 1-10

static MAC addressing 1-7

static routes

configuring 34-75

configuring for IPv6 35-15

static routing 34-3

static VLAN membership 12-2

statistics

802.1x 9-39

CDP 25-4

interface 10-27

IP multicast routing 39-50

OSPF 34-33

QoS ingress and egress 32-78

RMON group Ethernet 28-5

RMON group history 28-5

SNMP input and output 30-17

VTP 13-16

sticky learning 24-8

storm control

configuring 24-3

described 24-1

disabling 24-5

displaying 24-17

support for 1-3

thresholds 24-1

STP

accelerating root port selection 19-4

BackboneFast

described 19-5

disabling 19-14

enabling 19-13

BPDU filtering

described 19-3

disabling 19-12

enabling 19-12

BPDU guard

described 19-2

disabling 19-11

enabling 19-11

BPDU message exchange 17-3

configuration guidelines 17-12, 19-10

STP (continued)

configuring

forward-delay time 17-21

hello time 17-20

maximum aging time 17-21

path cost 17-18

port priority 17-16

root switch 17-14

secondary root switch 17-16

spanning-tree mode 17-13

switch priority 17-19

transmit hold-count 17-22

counters, clearing 17-22

default configuration 17-11

default optional feature configuration 19-9

designated port, defined 17-3

designated switch, defined 17-3

detecting indirect link failures 19-5

disabling 17-14

displaying status 17-22

EtherChannel guard

described 19-7

disabling 19-14

enabling 19-14

extended system ID

effects on root switch 17-14

effects on the secondary root switch 17-16

overview 17-4

unexpected behavior 17-15

features supported 1-6

IEEE 802.1D and bridge ID 17-4

IEEE 802.1D and multicast addresses 17-8

IEEE 802.1t and VLAN identifier 17-4

inferior BPDU 17-3

instances supported 17-9

interface state, blocking to forwarding 19-2

STP (continued)

interface states

blocking 17-6

disabled 17-7

forwarding 17-5, 17-6

learning 17-6

listening 17-6

overview 17-4

interoperability and compatibility among modes 17-10

keepalive messages 17-2

Layer 2 protocol tunneling 16-8

limitations with IEEE 802.1Q trunks 17-10

load sharing

overview 12-24

using path costs 12-26

using port priorities 12-24

loop guard

described 19-9

enabling 19-15

modes supported 17-9

multicast addresses, effect of 17-8

optional features supported 1-6

overview 17-2

path costs 12-26

Port Fast

described 19-2

enabling 19-10

port priorities 12-25

preventing root switch selection 19-8

protocols supported 17-9

redundant connectivity 17-8

root guard

described 19-8

enabling 19-15

root port, defined 17-3

STP (continued)

root switch

configuring 17-14

effects of extended system ID 17-4, 17-14

election 17-3

unexpected behavior 17-15

shutdown Port Fast-enabled port 19-2

status, displaying 17-22

superior BPDU 17-3

timers, described 17-20

UplinkFast

described 19-3

enabling 19-13

VLAN-bridge 17-10

stratum, NTP 6-2

stub areas, OSPF 34-28

stub routing, EIGRP 34-39

subdomains, private VLAN 14-1

subnet mask 34-5

subnet zero 34-6

success response, VMPS 12-28

summer time 6-13

SunNet Manager 1-4

supernet 34-6

SVIs

and IP unicast routing 34-3

and router ACLs 31-4

connecting VLANs 10-9

defined 10-4

routing between VLANs 12-2

switch clustering technology 5-1

See also clusters, switch

switch console port 1-5

Switch Database Management

See SDM

switched packets, ACLs on 31-37

Switched Port Analyzer

See SPAN

switched ports 10-2

switchport block multicast command 24-7

switchport block unicast command 24-7

switchport command 10-15

switchport mode dot1q-tunnel command 16-6

switchport protected command 24-6

switch priority

MSTP 18-21

STP 17-19

switch software features 1-1

switch virtual interface

See SVI

synchronization, BGP 34-45

syslog

See system message logging

system clock

configuring

daylight saving time 6-13

manually 6-11

summer time 6-13

time zones 6-12

displaying the time and date 6-12

overview 6-1

See also NTP

system message logging

default configuration 29-3

defining error message severity levels 29-8

disabling 29-3

displaying the configuration 29-12

enabling 29-4

facility keywords, described 29-11

level keywords, described 29-9

limiting messages 29-9

message format 29-2

overview 29-1

sequence numbers, enabling and disabling 29-7

setting the display destination device 29-4

synchronizing log messages 29-5

syslog facility 1-11

time stamps, enabling and disabling 29-7

system message logging (continued)

UNIX syslog servers

configuring the daemon 29-10

configuring the logging facility 29-11

facilities supported 29-11

system MTU and IEEE 802.1Q tunneling 16-5

system name

default configuration 6-15

default setting 6-15

manual configuration 6-15

See also DNS

system prompt, default setting 6-14, 6-15

system resources, optimizing 7-1

T

TACACS+

accounting, defined 8-11

authentication, defined 8-11

authorization, defined 8-11

configuring

accounting 8-17

authentication key 8-13

authorization 8-16

login authentication 8-14

default configuration 8-13

displaying the configuration 8-17

identifying the server 8-13

in clusters 5-15

limiting the services to the user 8-16

operation of 8-12

overview 8-10

support for 1-8

tracking services accessed by user 8-17

tagged packets

IEEE 802.1Q 16-3

Layer 2 protocol 16-8

tar files

creating B-5

displaying the contents of B-6

extracting B-7

image file format B-19

TDR 1-11

Telnet

accessing management interfaces 2-11

number of connections 1-5

setting a password 8-6

templates, SDM 7-1

temporary self-signed certificate 8-43

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password 8-6

TFTP

configuration files

downloading B-10

preparing the server B-10

uploading B-11

configuration files in base directory 3-6

configuring for autoconfiguration 3-5

image files

deleting B-22

downloading B-21

preparing the server B-21

uploading B-23

limiting access by servers 30-16

TFTP server 1-5

threshold, traffic level 24-2

time

See NTP and system clock

Time Domain Reflector

See TDR

time-range command 31-16

time ranges in ACLs 31-16

time stamps in log messages 29-7

time zones 6-12

Token Ring VLANs

support for 12-6

VTP support 13-4

ToS 1-9

traceroute, Layer 2

and ARP 42-15

and CDP 42-15

broadcast traffic 42-15

described 42-15

IP addresses and subnets 42-15

MAC addresses and VLANs 42-15

multicast traffic 42-15

multiple devices on a port 42-16

unicast traffic 42-15

usage guidelines 42-15

traceroute command 42-17

See also IP traceroute

traffic

blocking flooded 24-7

fragmented 31-5

fragmented IPv6 37-2

unfragmented 31-5

traffic policing 1-9

traffic suppression 24-1

transmit hold-count

see STP

transparent mode, VTP 13-3, 13-12

trap-door mechanism 3-2

traps

configuring MAC address notification 6-22

configuring managers 30-12

defined 30-3

enabling 6-22, 30-12

notification types 30-12

overview 30-1, 30-5

troubleshooting

connectivity problems 42-13, 42-14, 42-16

detecting unidirectional links 26-1

displaying crash information 42-23

PIMv1 and PIMv2 interoperability problems 39-23

setting packet forwarding 42-20

SFP security and identification 42-12

show forward command 42-20

with CiscoWorks 30-4

with debug commands 42-19

with ping 42-13

with system message logging 29-1

with traceroute 42-16

trunk failover

See link-state tracking

trunking encapsulation 1-7

trunk ports

configuring 12-20

defined 10-3, 12-3

encapsulation 12-21, 12-25, 12-27

trunks

allowed-VLAN list 12-21

configuring 12-21, 12-25, 12-27

ISL 12-16

load sharing

setting STP path costs 12-26

using STP port priorities 12-24, 12-25

native VLAN for untagged traffic 12-23

parallel 12-26

pruning-eligible list 12-23

to non-DTP device 12-17

trusted boundary for QoS 32-38

trusted port states

between QoS domains 32-40

classification options 32-5

ensuring port security for IP phones 32-38

support for 1-9

within a QoS domain 32-36

trustpoints, CA 8-42

tunneling

defined 16-1

IEEE 802.1Q 16-1

Layer 2 protocol 16-8

tunnel ports

defined 12-4

described 10-3, 16-1

IEEE 802.1Q, configuring 16-6

incompatibilities with other features 16-6

twisted-pair Ethernet, detecting unidirectional links 26-1

type of service

See ToS

U

UDLD

configuration guidelines 26-4

default configuration 26-4

disabling

globally 26-5

on fiber-optic interfaces 26-5

per interface 26-5

echoing detection mechanism 26-3

enabling

globally 26-5

per interface 26-5

Layer 2 protocol tunneling 16-10

link-detection mechanism 26-1

neighbor database 26-2

overview 26-1

resetting an interface 26-6

status, displaying 26-6

support for 1-6

UDP, configuring 34-14

unauthorized ports with IEEE 802.1x 9-7

unicast MAC address filtering 1-5

and adding static addresses 6-25

and broadcast MAC addresses 6-25

and CPU packets 6-25

and multicast addresses 6-25

and router MAC addresses 6-25

configuration guidelines 6-25

described 6-25

unicast storm 24-1

unicast storm control command 24-4

unicast traffic, blocking 24-7

UniDirectional Link Detection protocol

See UDLD

UNIX syslog servers

daemon configuration 29-10

facilities supported 29-11

message logging configuration 29-11

unrecognized Type-Length-Value (TLV) support 13-4

upgrading information

See release notes

upgrading software images

See downloading

UplinkFast

described 19-3

disabling 19-13

enabling 19-13

support for 1-6

uploading

configuration files

preparing B-10, B-12, B-15

reasons for B-8

using FTP B-14

using RCP B-17

using TFTP B-11

uploading (continued)

image files

preparing B-21, B-24, B-28

reasons for B-19

using FTP B-27

using RCP B-31

using TFTP B-23

User Datagram Protocol

See UDP

user EXEC mode 2-2

username-based authentication 8-6

V

version-dependent transparent mode 13-4

virtual IP address

cluster standby group 5-11

command switch 5-11

Virtual Private Network

See VPN

virtual router 38-1, 38-2

vlan.dat file 12-5

VLAN 1, disabling on a trunk port 12-22

VLAN 1 minimization 12-22

VLAN ACLs

See VLAN maps

vlan-assignment response, VMPS 12-28

VLAN configuration

at bootup 12-8

saving 12-8

VLAN configuration mode 2-2, 12-7

VLAN database

and startup configuration file 12-8

and VTP 13-1

VLAN configuration saved in 12-7

VLANs saved in 12-4

vlan database command 12-7

vlan dot1q tag native command 16-5

VLAN filtering and SPAN 27-6

vlan global configuration command 12-7

VLAN ID, discovering 6-26

VLAN management domain 13-2

VLAN Management Policy Server

See VMPS

VLAN map entries, order of 31-30

VLAN maps

applying 31-33

common uses for 31-34

configuration guidelines 31-30

configuring 31-29

creating 31-31

defined 31-2

denying access to a server example 31-35

denying and permitting packets 31-31

displaying 31-41

examples of ACLs and VLAN maps 31-31

removing 31-33

support for 1-7

wiring closet configuration example 31-34

VLAN membership

confirming 12-31

modes 12-3

VLAN Query Protocol

See VQP

VLANs

adding 12-9

adding to VLAN database 12-9

aging dynamic addresses 17-9

allowed on trunk 12-21

and spanning-tree instances 12-3, 12-6, 12-13

configuration guidelines, extended-range VLANs 12-13

configuration guidelines, normal-range VLANs 12-6

configuration options 12-7

configuring 12-1

configuring IDs 1006 to 4094 12-13

connecting through SVIs 10-9

creating in config-vlan mode 12-9

creating in VLAN configuration mode 12-10

VLANs (continued)

customer numbering in service-provider networks 16-3

default configuration 12-8

deleting 12-10

described 10-2, 12-1

displaying 12-16

extended-range 12-1, 12-12

features 1-7

illustrated 12-2

internal 12-13

limiting source traffic with RSPAN 27-22

limiting source traffic with SPAN 27-14

modifying 12-9

multicast 23-18

native, configuring 12-23

normal-range 12-1, 12-4

number supported 1-7

parameters 12-5

port membership modes 12-3

static-access ports 12-11

STP and IEEE 802.1Q trunks 17-10

supported 12-2

Token Ring 12-6

traffic between 12-2

VLAN-bridge STP 17-10, 41-2

VTP modes 13-3

VLAN Trunking Protocol

See VTP

VLAN trunks 12-16

VMPS

administering 12-32

configuration example 12-33

configuration guidelines 12-29

default configuration 12-29

description 12-27

VMPS (continued)

dynamic port membership

described 12-28

reconfirming 12-31

troubleshooting 12-33

entering server address 12-30

mapping MAC addresses to VLANs 12-28

monitoring 12-32

reconfirmation interval, changing 12-31

reconfirming membership 12-31

retry count, changing 12-32

voice-over-IP 15-1

voice VLAN

Cisco 7960 phone, port connections 15-1

configuration guidelines 15-3

configuring IP phones for data traffic

override CoS of incoming frame 15-6

trust CoS priority of incoming frame 15-6

configuring ports for voice traffic in

802.1p priority tagged frames 15-5

802.1Q frames 15-5

connecting to an IP phone 15-4

default configuration 15-3

described 15-1

displaying 15-6

IP phone data traffic, described 15-2

IP phone voice traffic, described 15-2

VPN

configuring routing in 34-68

forwarding 34-65

in service provider networks 34-62

routes 34-63

VPN routing and forwarding table

See VRF

VQP 1-7, 12-27

VRF

defining 34-65

tables 34-62

VTP

adding a client to a domain 13-14

advertisements 12-19, 13-3

and extended-range VLANs 13-1

and normal-range VLANs 13-1

client mode, configuring 13-11

configuration

global configuration mode 13-7

guidelines 13-8

privileged EXEC mode 13-7

requirements 13-9

saving 13-7

VLAN configuration mode 13-7

configuration mode options 13-7

configuration requirements 13-9

configuration revision number

guideline 13-14

resetting 13-15

configuring

client mode 13-11

server mode 13-9

transparent mode 13-12

consistency checks 13-4

default configuration 13-6

described 13-1

disabling 13-12

domain names 13-8

domains 13-2

Layer 2 protocol tunneling 16-8

modes

client 13-3, 13-11

server 13-3, 13-9

transitions 13-3

transparent 13-3, 13-12

monitoring 13-16

passwords 13-8

VTP (continued)

pruning

disabling 13-14

enabling 13-14

examples 13-5

overview 13-4

support for 1-7

pruning-eligible list, changing 12-23

server mode, configuring 13-9

statistics 13-16

support for 1-7

Token Ring support 13-4

transparent mode, configuring 13-12

using 13-1

version, guidelines 13-8

Version 1 13-4

Version 2

configuration guidelines 13-8

disabling 13-13

enabling 13-13

overview 13-4

W

weighted tail drop

See WTD

wizards 1-3

WTD

described 32-13

setting thresholds

egress queue-sets 32-71

ingress queues 32-67

support for 1-9, 1-10

X

Xmodem protocol 42-2