Catalyst 3750 Switch Software Configuration Guide, 12.2(50)SE
Index
Downloads: This chapterpdf (PDF - 2.01MB) The complete bookPDF (PDF - 37.32MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -

Index

ACLs (continued)
addresses (continued)
authentication (continued)
automatic discovery (continued)
BGP (continued)
Catalyst 3750G wireless LAN controller switch (continued)
CGMP (continued)
clusters, switch (continued)
configuration files (continued)
default configuration (continued)
DHCP snooping (continued)
EIGRP (continued)
fallback bridging (continued)
FTP (continued)
IGMP (continued)
IP multicast routing (continued)
IP multicast routing (continued)
IP SLAs (continued)
IP source guard (continued)
IP unicast routing (continued)
IPv6 (continued)
mapping tables for QoS (continued)
monitoring (continued)
MSDP (continued)
MSTP (continued)
MSTP (continued)
MSTP (continued)
multi-VRF CE (continued)
NTP (continued)
OSPF (continued)
port-based authentication (continued)
port-based authentication (continued)
private VLANs (continued)
QoS (continued)
QoS (continued)
QoS (continued)
QoS (continued)
RADIUS (continued)
RSTP (continued)
SNMP (continued)
stacks, switch (continued)
stacks, switch (continued)
statistics (continued)
STP (continued)
STP (continued)
system message logging (continued)
TACACS+ (continued)
VLAN maps (continued)
VLANs (continued)
VRF-aware services (continued)
VTP (continued)
WCCP (continued)

Numerics

10-Gigabit Ethernet interfaces

configuration guidelines 12-17

defined 12-6

3750G integrated wireless LAN controller switch

configuring the switch A-4

controller and switch interaction A-3

internal ports

configuring A-4

reconfiguring A-5

A

AAA down policy, NAC Layer 2 IP validation 1-11

abbreviating commands 2-4

ABRs 38-25

AC (command switch) 7-10

access-class command 35-20

access control entries

See ACEs

access control entry (ACE) 41-3

access-denied response, VMPS 14-28

access groups

applying IPv4 ACLs to interfaces 35-21

Layer 2 35-21

Layer 3 35-21

accessing

clusters, switch 7-13

command switches 7-11

member switches 7-13

switch clusters 7-13

accessing stack members 6-23

access lists

See ACLs

access ports

and Layer 2 protocol tunneling 18-11

defined 12-3

in switch clusters 7-9

access template 9-1

accounting

with 802.1x 11-46

with IEEE 802.1x 11-13

with RADIUS 10-28

with TACACS+ 10-11, 10-17

ACEs

and QoS 36-7

defined 35-2

Ethernet 35-2

IP 35-2

ACLs

ACEs 35-2

any keyword 35-13

applying

on bridged packets 35-39

on multicast packets 35-41

on routed packets 35-40

on switched packets 35-39

time ranges to 35-17

to an interface 35-20, 41-7

to IPv6 interfaces 41-7

to QoS 36-7

classifying traffic for QoS 36-43

comments in 35-19

compiling 35-23

defined 35-1, 35-8

examples of 35-23, 36-43

extended IP, configuring for QoS classification 36-44

extended IPv4

creating 35-11

matching criteria 35-8

hardware and software handling 35-22

host keyword 35-13

IP

creating 35-8

fragments and QoS guidelines 36-33

implicit deny 35-10, 35-14, 35-16

implicit masks 35-10

matching criteria 35-8

undefined 35-21

IPv4

applying to interfaces 35-20

creating 35-8

matching criteria 35-8

named 35-15

numbers 35-8

terminal lines, setting on 35-19

unsupported features 35-7

IPv6

and stacking 41-3

applying to interfaces 41-7

configuring 41-4, 41-5

displaying 41-8

interactions with other features 41-4

limitations 41-3

matching criteria 41-3

named 41-3

precedence of 41-2

supported 41-2

unsupported features 41-3

Layer 4 information in 35-38

logging messages 35-9

MAC extended 35-28, 36-45

matching 35-8, 35-21, 41-3

monitoring 35-41, 41-8

named, IPv4 35-15

named, IPv6 41-3

names 41-4

number per QoS class map 36-33

port 35-2, 41-1

precedence of 35-2

QoS 36-7, 36-43

resequencing entries 35-15

router 35-2, 41-1

router ACLs and VLAN map configuration guidelines 35-38

standard IP, configuring for QoS classification 36-43

standard IPv4

creating 35-10

matching criteria 35-8

support for 1-9

support in hardware 35-22

time ranges 35-17

types supported 35-2

unsupported features, IPv4 35-7

unsupported features, IPv6 41-3

using router ACLs with VLAN maps 35-37

VLAN maps

configuration guidelines 35-31

configuring 35-30

active link 22-4, 22-5, 22-6

active links 22-2

active router 42-1

active traffic monitoring, IP SLAs 43-1

address aliasing 25-2

addresses

displaying the MAC address table 8-27

dynamic

accelerated aging 19-9

changing the aging time 8-21

default aging 19-9

defined 8-19

learning 8-20

removing 8-22

IPv6 39-2

MAC, discovering 8-28

multicast

group address range 46-3

STP address management 19-9

static

adding and removing 8-24

defined 8-19

address resolution 8-28, 38-9

Address Resolution Protocol

See ARP

adjacency tables, with CEF 38-89

administrative distances

defined 38-102

OSPF 38-32

routing protocol defaults 38-91

advertisements

CDP 27-1

LLDP 28-1, 28-2

RIP 38-20

VTP 14-19, 15-3

aggregatable global unicast addresses 39-3

aggregate addresses, BGP 38-60

aggregated ports

See EtherChannel

aggregate policers 36-59

aggregate policing 1-12

aggregator template 6-9, 9-2

aging, accelerating 19-9

aging time

accelerated

for MSTP 20-23

for STP 19-9, 19-23

MAC address table 8-21

maximum

for MSTP 20-24

for STP 19-23, 19-24

alarms, RMON 31-3

allowed-VLAN list 14-21

application engines, redirecting traffic to 45-1

area border routers

See ABRs

area routing

IS-IS 38-64

ISO IGRP 38-64

ARP

configuring 38-10

defined 1-6, 8-28, 38-9

encapsulation 38-11

static cache configuration 38-10

table

address resolution 8-28

managing 8-28

ASBRs 38-25

AS-path filters, BGP 38-54

asymmetrical links, and IEEE 802.1Q tunneling 18-4

attributes, RADIUS

vendor-proprietary 10-31

vendor-specific 10-29

attribute-value pairs 11-12, 11-13, 11-17, 11-18, 11-27

authentication

EIGRP 38-40

HSRP 42-10

local mode with AAA 10-36

NTP associations 8-4

open1x 11-25

RADIUS

key 10-21

login 10-23

TACACS+

defined 10-11

key 10-13

login 10-14

See also port-based authentication

authentication compatibility with Catalyst 6000 switches 11-8

authentication failed VLAN

See restricted VLAN

authentication keys, and routing protocols 38-102

authentication manager

CLI commands 11-8

compatibility with older 802.1x CLI commands11-8to 11-9

overview 11-7

authoritative time source, described 8-2

authorization

with RADIUS 10-27

with TACACS+ 10-11, 10-16

authorized ports with IEEE 802.1x 11-9

autoconfiguration 3-3

auto enablement 11-26

automatic advise (auto-advise) in switch stacks 6-11

automatic copy (auto-copy) in switch stacks 6-10

automatic discovery

considerations

beyond a noncandidate device 7-8

brand new switches 7-9

connectivity 7-5

different VLANs 7-7

management VLANs 7-7

non-CDP-capable devices 7-6

noncluster-capable devices 7-6

routed ports 7-8

in switch clusters 7-5

See also CDP

automatic extraction (auto-extract) in switch stacks 6-11

automatic QoS

See QoS

automatic recovery, clusters 7-10

See also HSRP

automatic upgrades (auto-upgrade) in switch stacks 6-10

auto-MDIX

configuring 12-21

described 12-21

autonegotiation

duplex mode 1-4

interface configuration guidelines 12-18

mismatches 49-12

autonomous system boundary routers

See ASBRs

autonomous systems, in BGP 38-48

Auto-RP, described 46-6

autosensing, port speed 1-4

Auto Smartports macros

built-in macros 13-2, 13-4

configuration guidelines 13-3

default configuration 13-2

defined 13-1

displaying 13-14

enabling 13-3

event triggers 13-6

IOS shell 13-1, 13-9

mapping 13-4

user-defined macros 13-9

autostate exclude 12-6

Auto Smartports macros

See also Smartports macros

auxiliary VLAN

See voice VLAN

availability, features 1-7

B

BackboneFast

described 21-7

disabling 21-17

enabling 21-16

support for 1-8

backup interfaces

See Flex Links

backup links 22-2

backup static routing, configuring 44-12

banners

configuring

login 8-18

message-of-the-day login 8-18

default configuration 8-17

when displayed 8-17

Berkeley r-tools replacement 10-49

BGP

aggregate addresses 38-60

aggregate routes, configuring 38-60

CIDR 38-60

clear commands 38-63

community filtering 38-57

configuring neighbors 38-58

default configuration 38-45

described 38-44

enabling 38-48

monitoring 38-63

multipath support 38-52

neighbors, types of 38-48

path selection 38-52

peers, configuring 38-58

prefix filtering 38-56

resetting sessions 38-50

route dampening 38-62

route maps 38-54

route reflectors 38-61

routing domain confederation 38-61

routing session with multi-VRF CE 38-84

show commands 38-63

supernets 38-60

support for 1-13

Version 4 38-45

binding cluster group and HSRP group 42-12

binding database

address, DHCP server

See DHCP, Cisco IOS server database

DHCP snooping

See DHCP snooping binding database

bindings

address, Cisco IOS DHCP server 23-6

DHCP snooping database 23-6

IP source guard 23-16

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets 26-7

Boolean expressions in tracked lists 44-4

booting

boot loader, function of 3-2

boot process 3-2

manually 3-18

specific image 3-19

boot loader

accessing 3-19

described 3-2

environment variables 3-19

prompt 3-19

trap-door mechanism 3-2

bootstrap router (BSR), described 46-7

Border Gateway Protocol

See BGP

BPDU

error-disabled state 21-2

filtering 21-3

RSTP format 20-12

BPDU filtering

described 21-3

disabling 21-15

enabling 21-14

support for 1-8

BPDU guard

described 21-2

disabling 21-14

enabling 21-13

support for 1-8

bridged packets, ACLs on 35-39

bridge groups

See fallback bridging

bridge protocol data unit

See BPDU

broadcast flooding 38-17

broadcast packets

directed 38-14

flooded 38-14

broadcast storm-control command 26-4

broadcast storms 26-1, 38-14

C

cables, monitoring for unidirectional links 29-1

candidate switch

automatic discovery 7-5

defined 7-4

requirements 7-4

See also command switch, cluster standby group, and member switch

Catalyst 3750G wireless LAN controller switch

accessing the controller A-6

displaying controller information A-7

features A-2

interaction with the controller A-3

internal port configuration A-4

internal port EtherChannel A-4

internal ports A-3

internal VLAN A-3

reconfiguring the internal ports A-5

switch stacks A-2

Catalyst 6000 switches

authentication compatibility 11-8

CA trustpoint

configuring 10-45

defined 10-43

CDP

and trusted boundary 36-39

automatic discovery in switch clusters 7-5

configuring 27-2

default configuration 27-2

defined with LLDP 28-1

described 27-1

disabling for routing device27-3to 27-4

enabling and disabling

on an interface 27-4

on a switch 27-3

Layer 2 protocol tunneling 18-7

monitoring 27-5

overview 27-1

power negotiation extensions 12-7

support for 1-6

switch stack considerations 27-2

transmission timer and holdtime, setting 27-2

updates 27-2

CEF

defined 38-89

distributed 38-89

enabling 38-90

IPv6 39-18

CGMP

as IGMP snooping learning method 25-9

clearing cached group entries 46-61

enabling server support 46-44

joining multicast group 25-3

overview 46-9

server support only 46-9

switch support of 1-4

CIDR 38-60

CipherSuites 10-44

Cisco 7960 IP Phone 16-1

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco intelligent power management 12-7

Cisco IOS DHCP server

See DHCP, Cisco IOS DHCP server

Cisco IOS File System

See IFS

Cisco IOS IP SLAs 43-1

Cisco Secure ACS

attribute-value pairs for downloadable ACLs 11-18

attribute-value pairs for redirect URL 11-17

Cisco Secure ACS configuration guide 11-57

Cisco StackWise technology 1-3

See also stacks, switch

CiscoWorks 2000 1-5, 33-4

CISP 11-26

CIST regional root

See MSTP

CIST root

See MSTP

civic location 28-3

classless interdomain routing

See CIDR

classless routing 38-8

class maps for QoS

configuring 36-46

described 36-7

displaying 36-79

class of service

See CoS

clearing interfaces 12-30

CLI

abbreviating commands 2-4

command modes 2-1

configuration logging 2-5

described 1-5

editing features

enabling and disabling 2-7

keystroke editing 2-7

wrapped lines 2-9

error messages 2-5

filtering command output 2-10

getting help 2-3

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

managing clusters 7-16

no and default forms of commands 2-4

Client Information Signalling Protocol

See CISP

client mode, VTP 15-3

client processes, tracking 44-1

CLNS

See ISO CLNS

clock

See system clock

clusters, switch

accessing 7-13

automatic discovery 7-5

automatic recovery 7-10

benefits 1-2

compatibility 7-4

described 7-1

LRE profile considerations 7-16

managing

through CLI 7-16

through SNMP 7-17

planning 7-4

planning considerations

automatic discovery 7-5

automatic recovery 7-10

CLI 7-16

host names 7-13

IP addresses 7-13

LRE profiles 7-16

passwords 7-13

RADIUS 7-16

SNMP 7-14, 7-17

switch stacks 7-14

TACACS+ 7-16

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

and HSRP group 42-12

automatic recovery 7-12

considerations 7-11

defined 7-2

requirements 7-3

virtual IP address 7-11

See also HSRP

CNS 1-5

Configuration Engine

configID, deviceID, hostname 5-3

configuration service 5-2

described 5-1

event service 5-3

embedded agents

described 5-5

enabling automated configuration 5-6

enabling configuration agent 5-9

enabling event agent 5-7

management functions 1-5

Coarse Wave Division Multiplexer

See CWDM SFPs

command-line interface

See CLI

command modes 2-1

commands

abbreviating 2-4

no and default 2-4

commands, setting privilege levels 10-8

command switch

accessing 7-11

active (AC) 7-10

configuration conflicts 49-12

defined 7-2

passive (PC) 7-10

password privilege levels 7-17

priority 7-10

recovery

from command-switch failure 7-10, 49-8

from lost member connectivity 49-12

redundant 7-10

replacing

with another switch 49-11

with cluster member 49-9

requirements 7-3

standby (SC) 7-10

See also candidate switch, cluster standby group, member switch, and standby command switch

community list, BGP 38-57

community ports 17-2

community strings

configuring 7-14, 33-8

for cluster switches 33-4

in clusters 7-14

overview 33-4

SNMP 7-14

community VLANs 17-2, 17-3

compatibility, feature 26-12

compatibility, software

See stacks, switch

config.text 3-17

configurable leave timer, IGMP 25-6

configuration, initial

defaults 1-15

Express Setup 1-2

configuration changes, logging 32-11

configuration conflicts, recovering from lost member connectivity 49-12

configuration examples, network 1-17

configuration files

archiving C-19

clearing the startup configuration C-19

creating using a text editor C-10

default name 3-17

deleting a stored configuration C-19

described C-8

downloading

automatically 3-17

preparing C-10, C-13, C-16

reasons for C-8

using FTP C-13

using RCP C-17

using TFTP C-11

guidelines for creating and using C-9

guidelines for replacing and rolling back C-21

invalid combinations when copying C-5

limiting TFTP server access 33-17

obtaining with DHCP 3-9

password recovery disable considerations 10-5

replacing a running configuration C-19, C-20

rolling back a running configuration C-19, C-20

specifying the filename 3-17

system contact and location information 33-17

types and location C-10

uploading

preparing C-10, C-13, C-16

reasons for C-9

using FTP C-14

using RCP C-18

using TFTP C-12

configuration guidelines, multi-VRF CE 38-77

configuration logger 32-11

configuration logging 2-5

configuration replacement C-19

configuration rollback C-19

configuration settings, saving 3-15

configure terminal command 12-11

configuring port-based authentication violation modes 11-37

configuring small-frame arrival rate 26-5

config-vlan mode 2-2, 14-7

conflicts, configuration 49-12

connections, secure remote 10-38

connectivity problems 49-14, 49-16, 49-17

consistency checks in VTP Version 2 15-4

console port, connecting to 2-11

content-routing technology

See WCCP

control protocol, IP SLAs 43-4

corrupted software, recovery steps with Xmodem 49-2

CoS

in Layer 2 frames 36-2

override priority 16-6

trust priority 16-6

CoS input queue threshold map for QoS 36-16

CoS output queue threshold map for QoS 36-18

CoS-to-DSCP map for QoS 36-61

counters, clearing interface 12-30

CPU utilization, troubleshooting 49-25

crashinfo file 49-24

critical authentication, IEEE 802.1x 11-50

cross-stack EtherChannel

configuration guidelines 37-13

configuring

on Layer 2 interfaces 37-13

on Layer 3 physical interfaces 37-16

described 37-3

illustration 37-4

support for 1-7

cross-stack UplinkFast, STP

described 21-5

disabling 21-16

enabling 21-16

fast-convergence events 21-7

Fast Uplink Transition Protocol 21-6

normal-convergence events 21-7

support for 1-8

cryptographic software image

Kerberos 10-32

SSH 10-37

SSL 10-42

switch stack considerations 6-2, 6-15, 10-38

customer edge devices 38-75

CWDM SFPs 1-27

D

DACL

See downloadable ACL

daylight saving time 8-13

dCEF, in the switch stack 38-89

debugging

enabling all system diagnostics 49-21

enabling for a specific feature 49-20

redirecting error message output 49-21

using commands 49-20

default commands 2-4

default configuration

802.1x 11-31

auto-QoS 36-20

banners 8-17

BGP 38-45

booting 3-17

CDP 27-2

DHCP 23-8

DHCP option 82 23-8

DHCP snooping 23-8

DHCP snooping binding database 23-9

DNS 8-16

dynamic ARP inspection 24-5

EIGRP 38-36

EtherChannel 37-11

Ethernet interfaces 12-16

fallback bridging 48-3

Flex Links 22-7, 22-8

HSRP 42-5

IEEE 802.1Q tunneling 18-4

IGMP 46-39

IGMP filtering 25-25

IGMP snooping 25-7, 40-5, 40-6

IGMP throttling 25-25

initial switch information 3-3

IP addressing, IP routing 38-6

IP multicast routing 46-10

IP SLAs 43-6

IP source guard 23-17

IPv6 39-10

IS-IS 38-66

Layer 2 interfaces 12-16

Layer 2 protocol tunneling 18-11

LLDP 28-4

MAC address table 8-21

MAC address-table move update 22-8

MSDP 47-4

MSTP 20-15

multi-VRF CE 38-76

MVR 25-20

NTP 8-4

optional spanning-tree configuration 21-12

OSPF 38-26

password and privilege level 10-2

PIM 46-10

private VLANs 17-6

RADIUS 10-20

RIP 38-20

RMON 31-3

RSPAN 30-11

SDM template 9-5

SNMP 33-7

SPAN 30-11

SSL 10-45

standard QoS 36-30

STP 19-13

switch stacks 6-18

system message logging 32-4

system name and prompt 8-15

TACACS+ 10-13

UDLD 29-4

VLAN, Layer 2 Ethernet interfaces 14-19

VLANs 14-8

VMPS 14-29

voice VLAN 16-3

VTP 15-7

WCCP 45-5

default gateway 3-15, 38-12

default networks 38-92

default router preference

See DRP

default routes 38-92

default routing 38-3

deleting VLANs 14-10

denial-of-service attack 26-1

description command 12-24

designing your network, examples 1-17

desktop template 6-9, 9-2

destination addresses

in IPv4 ACLs 35-12

in IPv6 ACLs 41-5

destination-IP address-based forwarding, EtherChannel 37-9

destination-MAC address forwarding, EtherChannel 37-9

detecting indirect link failures, STP 21-8

device C-23

device discovery protocol 27-1, 28-1

device manager

benefits 1-2

described 1-2, 1-5

in-band management 1-6

upgrading a switch C-23

DHCP

Cisco IOS server database

configuring 23-14

default configuration 23-9

described 23-6

DHCP for IPv6

See DHCPv6

enabling

relay agent 23-11

server 23-10

DHCP-based autoconfiguration

client request message exchange 3-4

configuring

client side 3-4

DNS 3-7

relay device 3-8

server side 3-6

server-side 23-10

TFTP server 3-7

example 3-10

lease options

for IP address information 3-6

for receiving the configuration file 3-7

overview 3-3

relationship to BOOTP 3-4

relay support 1-5, 1-13

support for 1-5

DHCP-based autoconfiguration and image update

configuring3-11to 3-14

understanding3-5to 3-6

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP object tracking, configuring primary interface 44-11

DHCP option 82

circuit ID suboption 23-5

configuration guidelines 23-9

default configuration 23-8

displaying 23-16

forwarding address, specifying 23-11

helper address 23-11

overview 23-3

packet format, suboption

circuit ID 23-5

remote ID 23-5

remote ID suboption 23-5

DHCP server port-based address allocation

configuration guidelines 23-21

default configuration 23-20

described 23-20

displaying 23-23

enabling 23-21

DHCP server port-based address assignment

support for 1-6

DHCP snooping

accepting untrusted packets form edge switch 23-3, 23-13

and private VLANs 23-14

binding database

See DHCP snooping binding database

configuration guidelines 23-9

default configuration 23-8

displaying binding tables 23-16

message exchange process 23-4

option 82 data insertion 23-3

trusted interface 23-2

untrusted interface 23-2

untrusted messages 23-2

DHCP snooping binding database

adding bindings 23-15

binding file

format 23-7

location 23-6

bindings 23-6

clearing agent statistics 23-15

configuration guidelines 23-10

configuring 23-15

default configuration 23-8, 23-9

deleting

binding file 23-15

bindings 23-16

database agent 23-15

described 23-6

displaying 23-16

binding entries 23-16

status and statistics 23-16

enabling 23-15

entry 23-6

renewing database 23-15

resetting

delay value 23-15

timeout value 23-15

DHCP snooping binding table

See DHCP snooping binding database

DHCPv6

configuration guidelines 39-15

default configuration 39-15

described 39-6

enabling client function 39-17

enabling DHCPv6 server function 39-15

support for 1-13

Differentiated Services architecture, QoS 36-2

Differentiated Services Code Point 36-2

Diffusing Update Algorithm (DUAL) 38-35

directed unicast requests 1-6

directories

changing C-4

creating and removing C-4

displaying the working C-4

discovery, clusters

See automatic discovery

Distance Vector Multicast Routing Protocol

See DVMRP

distance-vector protocols 38-3

distribute-list command 38-101

DNS

and DHCP-based autoconfiguration 3-7

default configuration 8-16

displaying the configuration 8-17

in IPv6 39-4

overview 8-15

setting up 8-16

support for 1-5

DNS-based SSM mapping 46-18, 46-20

domain names

DNS 8-15

VTP 15-8

Domain Name System

See DNS

domains, ISO IGRP routing 38-64

dot1q-tunnel switchport mode 14-18

double-tagged packets

IEEE 802.1Q tunneling 18-2

Layer 2 protocol tunneling 18-10

downloadable ACL 11-17, 11-18, 11-57

downloading

configuration files

preparing C-10, C-13, C-16

reasons for C-8

using FTP C-13

using RCP C-17

using TFTP C-11

image files

deleting old image C-27

preparing C-26, C-29, C-34

reasons for C-23

using CMS 1-3

using FTP C-30

using HTTP 1-3, C-23

using RCP C-35

using TFTP C-26

using the device manager or Network Assistant C-23

drop threshold for Layer 2 protocol packets 18-11

DRP

configuring 39-13

described 39-4

IPv6 39-4

support for 1-13

DSCP 1-11, 36-2

DSCP input queue threshold map for QoS 36-16

DSCP output queue threshold map for QoS 36-18

DSCP-to-CoS map for QoS 36-65

DSCP-to-DSCP-mutation map for QoS 36-66

DSCP transparency 36-40

DTP 1-8, 14-17

dual-action detection 37-6

DUAL finite state machine, EIGRP 38-35

dual IPv4 and IPv6 templates 9-2, 39-5, 39-6

dual protocol stacks

IPv4 and IPv6 39-5

SDM templates supporting 39-6

DVMRP

autosummarization

configuring a summary address 46-58

disabling 46-60

connecting PIM domain to DVMRP router 46-51

enabling unicast routing 46-54

interoperability

with Cisco devices 46-49

with Cisco IOS software 46-9

mrinfo requests, responding to 46-53

neighbors

advertising the default route to 46-52

discovery with Probe messages 46-49

displaying information 46-53

prevent peering with nonpruning 46-56

rejecting nonpruning 46-55

overview 46-8

routes

adding a metric offset 46-60

advertising all 46-60

advertising the default route to neighbors 46-52

caching DVMRP routes learned in report messages 46-54

changing the threshold for syslog messages 46-57

deleting 46-61

displaying 46-62

favoring one over another 46-60

limiting the number injected into MBONE 46-57

limiting unicast route advertisements 46-49

routing table 46-9

source distribution tree, building 46-9

support for 1-13

tunnels

configuring 46-51

displaying neighbor information 46-53

dynamic access ports

characteristics 14-3

configuring 14-31

defined 12-3

dynamic addresses

See addresses

dynamic ARP inspection

ARP cache poisoning 24-1

ARP requests, described 24-1

ARP spoofing attack 24-1

clearing

log buffer 24-16

statistics 24-15

configuration guidelines 24-6

configuring

ACLs for non-DHCP environments 24-8

in DHCP environments 24-7

log buffer 24-13

rate limit for incoming ARP packets 24-4, 24-11

default configuration 24-5

denial-of-service attacks, preventing 24-11

described 24-1

DHCP snooping binding database 24-2

displaying

ARP ACLs 24-15

configuration and operating state 24-15

log buffer 24-16

statistics 24-15

trust state and rate limit 24-15

error-disabled state for exceeding rate limit 24-4

function of 24-2

interface trust states 24-3

log buffer

clearing 24-16

configuring 24-13

displaying 24-16

logging of dropped packets, described 24-5

man-in-the middle attack, described 24-2

network security issues and interface trust states 24-3

priority of ARP ACLs and DHCP snooping entries 24-4

rate limiting of ARP packets

configuring 24-11

described 24-4

error-disabled state 24-4

statistics

clearing 24-15

displaying 24-15

validation checks, performing 24-12

dynamic auto trunking mode 14-18

dynamic desirable trunking mode 14-18

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described 14-29

reconfirming 14-31

troubleshooting 14-33

types of connections 14-31

dynamic routing 38-3

ISO CLNS 38-64

Dynamic Trunking Protocol

See DTP

E

EBGP 38-43

editing features

enabling and disabling 2-7

keystrokes used 2-7

wrapped lines 2-9

EIGRP

authentication 38-40

components 38-35

configuring 38-39

default configuration 38-36

definition 38-35

interface parameters, configuring 38-40

monitoring 38-42

stub routing 38-41

elections

See stack master

ELIN location 28-3

embedded event manager

actions 34-4

configuring 34-1, 34-5

displaying information 34-7

environmental variables 34-4

event detectors 34-2

policies 34-4

registering and defining an applet 34-5

registering and defining a TCL script 34-6

understanding 34-1

enable password 10-3

enable secret password 10-3

encryption, CipherSuite 10-44

encryption for passwords 10-3

Enhanced IGRP

See EIGRP

enhanced object tracking

backup static routing 44-12

commands 44-1

defined 44-1

DHCP primary interface 44-11

HSRP 44-7

IP routing state 44-2

IP SLAs 44-9

line-protocol state 44-2

network monitoring with IP SLAs 44-11

routing policy, configuring 44-12

static route primary interface 44-10

tracked lists 44-3

enhanced object tracking static routing 44-10

environmental variables, embedded event manager 34-4

environment variables, function of 3-20

equal-cost routing 1-13, 38-90

error-disabled state, BPDU 21-2

error messages during command entry 2-5

EtherChannel

automatic creation of 37-5, 37-7

channel groups

binding physical and logical interfaces 37-4

numbering of 37-4

configuration guidelines 37-12

configuring

Layer 2 interfaces 37-13

Layer 3 physical interfaces 37-16

Layer 3 port-channel logical interfaces 37-15

default configuration 37-11

described 37-2

displaying status 37-23

forwarding methods 37-8, 37-18

IEEE 802.3ad, described 37-7

interaction

with STP 37-12

with VLANs 37-12

LACP

described 37-7

displaying status 37-23

hot-standby ports 37-20

interaction with other features 37-8

modes 37-7

port priority 37-22

system priority 37-21

Layer 3 interface 38-5

load balancing 37-8, 37-18

logical interfaces, described 37-4

PAgP

aggregate-port learners 37-19

compatibility with Catalyst 1900 37-19

described 37-5

displaying status 37-23

interaction with other features 37-7

interaction with virtual switches 37-6

learn method and priority configuration 37-19

modes 37-6

support for 1-4

with dual-action detection 37-6

port-channel interfaces

described 37-4

numbering of 37-4

port groups 12-6

stack changes, effects of 37-10

support for 1-4

EtherChannel guard

described 21-10

disabling 21-17

enabling 21-17

Ethernet VLANs

adding 14-9

defaults and ranges 14-8

modifying 14-9

EUI 39-3

event detectors, embedded event manager 34-2

events, RMON 31-3

examples

network configuration 1-17

expedite queue for QoS 36-78

Express Setup 1-2

See also getting started guide

extended crashinfo file 49-24

extended-range VLANs

configuration guidelines 14-13

configuring 14-12

creating 14-14

creating with an internal VLAN ID 14-15

defined 14-1

extended system ID

MSTP 20-17

STP 19-4, 19-16

extended universal identifier

See EUI

Extensible Authentication Protocol over LAN 11-1

external BGP

See EBGP

external neighbors, BGP 38-48

F

fa0 interface 1-6

failover support 1-7

fallback bridging

and protected ports 48-4

bridge groups

creating 48-4

described 48-2

displaying 48-11

function of 48-2

number supported 48-5

removing 48-5

bridge table

clearing 48-11

displaying 48-11

configuration guidelines 48-4

connecting interfaces with 12-10

default configuration 48-3

described 48-1

frame forwarding

flooding packets 48-2

forwarding packets 48-2

overview 48-1

protocol, unsupported 48-4

stack changes, effects of 48-3

STP

disabling on an interface 48-10

forward-delay interval 48-9

hello BPDU interval 48-8

interface priority 48-7

keepalive messages 19-2

maximum-idle interval 48-9

path cost 48-7

VLAN-bridge spanning-tree priority 48-6

VLAN-bridge STP 48-2

support for 1-13

SVIs and routed ports 48-1

unsupported protocols 48-4

VLAN-bridge STP 19-11

Fast Convergence 22-3

Fast Uplink Transition Protocol 21-6

features, incompatible 26-12

FIB 38-89

fiber-optic, detecting unidirectional links 29-1

files

basic crashinfo

description 49-24

location 49-24

copying C-5

crashinfo, description 49-24

deleting C-5

displaying the contents of C-8

extended crashinfo

description 49-24

location 49-24

tar

creating C-6

displaying the contents of C-7

extracting C-7

image file format C-24

file system

displaying available file systems C-2

displaying file information C-3

local file system names C-1

network file system names C-5

setting the default C-3

filtering

in a VLAN 35-30

IPv6 traffic 41-4, 41-7

non-IP traffic 35-28

show and more command output 2-10

filtering show and more command output 2-10

filters, IP

See ACLs, IP

flash device, number of C-1

flexible authentication ordering

configuring 11-59

overview 11-25

Flex Link Multicast Fast Convergence 22-3

Flex Links

configuration guidelines 22-8

configuring 22-8, 22-9

configuring preferred VLAN 22-11

configuring VLAN load balancing 22-10

default configuration 22-7

description 22-1

link load balancing 22-2

monitoring 22-14

VLANs 22-2

flooded traffic, blocking 26-8

flow-based packet classification 1-11

flowcharts

QoS classification 36-6

QoS egress queueing and scheduling 36-17

QoS ingress queueing and scheduling 36-15

QoS policing and marking 36-10

flowcontrol

configuring 12-20

described 12-20

forward-delay time

MSTP 20-23

STP 19-23

Forwarding Information Base

See FIB

forwarding nonroutable protocols 48-1

FTP

accessing MIB files B-3

configuration files

downloading C-13

overview C-12

preparing the server C-13

uploading C-14

image files

deleting old image C-32

downloading C-30

preparing the server C-29

uploading C-32

G

general query 22-5

Generating IGMP Reports 22-3

get-bulk-request operation 33-3

get-next-request operation 33-3, 33-5

get-request operation 33-3, 33-5

get-response operation 33-3

Gigabit modules

See SFPs

global configuration mode 2-2

global leave, IGMP 25-13

guest VLAN and 802.1x 11-18

guide mode 1-2

GUIs

See device manager and Network Assistant

H

hardware limitations and Layer 3 interfaces 12-26

hello time

MSTP 20-22

STP 19-22

help, for the command line 2-3

hierarchical policy maps 36-8

configuration guidelines 36-33

configuring 36-52

described 36-11

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

history table, level and number of syslog messages 32-10

host names, in clusters 7-13

host ports

configuring 17-11

kinds of 17-2

hosts, limit on dynamic ports 14-33

Hot Standby Router Protocol

See HSRP

HP OpenView 1-5

HSRP

authentication string 42-10

automatic cluster recovery 7-12

binding to cluster group 42-12

cluster standby group considerations 7-11

command-switch redundancy 1-1, 1-7

configuring 42-5

default configuration 42-5

definition 42-1

guidelines 42-6

monitoring 42-13

object tracking 44-7

overview 42-1

priority 42-8

routing redundancy 1-12

support for ICMP redirect messages 42-12

switch stack considerations 42-5

timers 42-11

tracking 42-8

See also clusters, cluster standby group, and standby command switch

HSRP for IPv6

configuring 39-24

guidelines 39-23

HTTP over SSL

see HTTPS

HTTPS 10-43

configuring 10-46

self-signed certificate 10-43

HTTP secure server 10-43

I

IBPG 38-43

ICMP

IPv6 39-4

redirect messages 38-12

support for 1-13

time-exceeded messages 49-18

traceroute and 49-18

unreachable messages 35-20

unreachable messages and IPv6 41-4

unreachables and ACLs 35-22

ICMP Echo operation

configuring 43-12

IP SLAs 43-11

ICMP ping

executing 49-15

overview 49-14

ICMP Router Discovery Protocol

See IRDP

ICMPv6 39-4

IDS appliances

and ingress RSPAN 30-22

and ingress SPAN 30-15

IEEE 802.1D

See STP

IEEE 802.1p 16-1

IEEE 802.1Q

and trunk ports 12-3

configuration limitations 14-19

encapsulation 14-16

native VLAN for untagged traffic 14-23

tunneling

compatibility with other features 18-6

defaults 18-4

described 18-1

tunnel ports with other features 18-6

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3af

See PoE

IEEE 802.3x flow control 12-20

ifIndex values, SNMP 33-6

IFS 1-6

IGMP

configurable leave timer

described 25-6

enabling 25-11

configuring the switch

as a member of a group 46-39

statically connected member 46-43

controlling access to groups 46-40

default configuration 46-39

deleting cache entries 46-62

displaying groups 46-62

fast switching 46-43

flooded multicast traffic

controlling the length of time 25-12

disabling on an interface 25-13

global leave 25-13

query solicitation 25-13

recovering from flood mode 25-13

host-query interval, modifying 46-41

joining multicast group 25-3

join messages 25-3

leave processing, enabling 25-11, 40-9

leaving multicast group 25-5

multicast reachability 46-39

overview 46-3

queries 25-4

report suppression

described 25-6

disabling 25-16, 40-11

supported versions 25-3

support for 1-4

Version 1

changing to Version 2 46-41

described 46-3

Version 2

changing to Version 1 46-41

described 46-3

maximum query response time value 46-43

pruning groups 46-43

query timeout value 46-42

IGMP filtering

configuring 25-25

default configuration 25-25

described 25-24

monitoring 25-29

support for 1-4

IGMP groups

configuring filtering 25-28

setting the maximum number 25-27

IGMP helper 1-4, 46-6

IGMP Immediate Leave

configuration guidelines 25-11

described 25-5

enabling 25-11

IGMP profile

applying 25-27

configuration mode 25-25

configuring 25-26

IGMP snooping

and address aliasing 25-2

and stack changes 25-6

configuring 25-7

default configuration 25-7, 40-5, 40-6

definition 25-2

enabling and disabling 25-7, 40-6

global configuration 25-7

Immediate Leave 25-5

in the switch stack 25-6

method 25-8

monitoring 25-16, 40-11

querier

configuration guidelines 25-14

configuring 25-14

supported versions 25-3

support for 1-4

VLAN configuration 25-8

IGMP throttling

configuring 25-28

default configuration 25-25

described 25-25

displaying action 25-29

IGP 38-25

Immediate Leave, IGMP 25-5

enabling 40-9

inaccessible authentication bypass 11-20

initial configuration

defaults 1-15

Express Setup 1-2

integrated wireless LAN controller switch

see 3750G integrated wireless LAN controller switch

interface

number 12-11

range macros 12-14

interface command12-10to 12-12

interface configuration mode 2-3

interfaces

auto-MDIX, configuring 12-21

configuration guidelines

10-Gigabit Ethernet 12-17

duplex and speed 12-18

configuring

procedure 12-11

counters, clearing 12-30

default configuration 12-16

described 12-24

descriptive name, adding 12-24

displaying information about 12-29

flow control 12-20

management 1-5

monitoring 12-29

naming 12-24

physical, identifying 12-10

range of 12-12

restarting 12-31

shutting down 12-31

speed and duplex, configuring 12-18

status 12-29

supported 12-10

types of 12-1

interfaces range macro command 12-14

interface types 12-10

Interior Gateway Protocol

See IGP

internal BGP

See IBGP

internal neighbors, BGP 38-48

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

Internet Protocol version 6

See IPv6

Inter-Switch Link

See ISL

inter-VLAN routing 1-13, 38-2

Intrusion Detection System

See IDS appliances

inventory management TLV 28-2, 28-6

IOS shell

See Auto Smartports macros

IP ACLs

for QoS classification 36-7

implicit deny 35-10, 35-14

implicit masks 35-10

named 35-15

undefined 35-21

IP addresses

128-bit 39-2

candidate or member 7-4, 7-13

classes of 38-7

cluster access 7-2

command switch 7-3, 7-11, 7-13

default configuration 38-6

discovering 8-28

for IP routing 38-5

IPv6 39-2

MAC address association 38-9

monitoring 38-18

redundant clusters 7-11

standby command switch 7-11, 7-13

See also IP information

IP base image 1-1

IP broadcast address 38-16

ip cef distributed command 38-89

IP directed broadcasts 38-14

ip igmp profile command 25-25

IP information

assigned

manually 3-14

through DHCP-based autoconfiguration 3-3

default configuration 3-3

IP multicast routing

addresses

all-hosts 46-3

all-multicast-routers 46-3

host group address range 46-3

administratively-scoped boundaries, described 46-46

and IGMP snooping 25-2

Auto-RP

adding to an existing sparse-mode cloud 46-26

benefits of 46-26

clearing the cache 46-62

configuration guidelines 46-12

filtering incoming RP announcement messages 46-29

overview 46-6

preventing candidate RP spoofing 46-29

preventing join messages to false RPs 46-28

setting up in a new internetwork 46-26

using with BSR 46-34

bootstrap router

configuration guidelines 46-12

configuring candidate BSRs 46-32

configuring candidate RPs 46-33

defining the IP multicast boundary 46-31

defining the PIM domain border 46-30

overview 46-7

using with Auto-RP 46-34

Cisco implementation 46-2

configuring

basic multicast routing 46-12

IP multicast boundary 46-46

default configuration 46-10

enabling

multicast forwarding 46-13

PIM mode 46-13

group-to-RP mappings

Auto-RP 46-6

BSR 46-7

MBONE

deleting sdr cache entries 46-62

described 46-45

displaying sdr cache 46-63

enabling sdr listener support 46-46

limiting DVMRP routes advertised 46-57

limiting sdr cache entry lifetime 46-46

SAP packets for conference session announcement 46-45

Session Directory (sdr) tool, described 46-45

monitoring

packet rate loss 46-63

peering devices 46-63

tracing a path 46-63

multicast forwarding, described 46-7

PIMv1 and PIMv2 interoperability 46-11

protocol interaction 46-2

reverse path check (RPF) 46-7

routing table

deleting 46-62

displaying 46-62

RP

assigning manually 46-24

configuring Auto-RP 46-26

configuring PIMv2 BSR 46-30

monitoring mapping information 46-34

using Auto-RP and BSR 46-34

stacking

stack master functions 46-9

stack member functions 46-9

statistics, displaying system and network 46-62

See also CGMP

See also DVMRP

See also IGMP

See also PIM

IP phones

and QoS 16-1

automatic classification and queueing 36-20

configuring 16-4

ensuring port security with QoS 36-38

trusted boundary for QoS 36-38

IP precedence 36-2

IP-precedence-to-DSCP map for QoS 36-63

IP protocols

in ACLs 35-12

routing 1-12

IP routes, monitoring 38-103

IP routing

connecting interfaces with 12-10

disabling 38-19

enabling 38-19

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 43-1

IP services image 1-1

IP SLAs

benefits 43-2

configuration guidelines 43-6

configuring object tracking 44-9

Control Protocol 43-4

default configuration 43-6

definition 43-1

ICMP echo operation 43-11

measuring network performance 43-3

monitoring 43-13

multioperations scheduling 43-5

object tracking 44-9

operation 43-3

reachability tracking 44-9

responder

described 43-4

enabling 43-8

response time 43-4

scheduling 43-5

SNMP support 43-2

supported metrics 43-2

threshold monitoring 43-6

track object monitoring agent, configuring 44-11

track state 44-9

UDP jitter operation 43-9

IP source guard

and 802.1x 23-18

and DHCP snooping 23-16

and EtherChannels 23-18

and port security 23-18

and private VLANs 23-18

and routed ports 23-18

and TCAM entries 23-18

and trunk interfaces 23-18

and VRF 23-18

binding configuration

automatic 23-16

manual 23-16

binding table 23-16

configuration guidelines 23-17

default configuration 23-17

described 23-16

disabling 23-19

displaying

bindings 23-20

configuration 23-20

enabling 23-18

filtering

source IP address 23-17

source IP and MAC address 23-17

on provisioned switches 23-18

source IP address filtering 23-17

source IP and MAC address filtering 23-17

static bindings

adding 23-18

deleting 23-19

IP traceroute

executing 49-18

overview 49-17

IP unicast routing

address resolution 38-9

administrative distances 38-91, 38-102

ARP 38-9

assigning IP addresses to Layer 3 interfaces 38-7

authentication keys 38-102

broadcast

address 38-16

flooding 38-17

packets 38-14

storms 38-14

classless routing 38-8

configuring static routes 38-91

default

addressing configuration 38-6

gateways 38-12

networks 38-92

routes 38-92

routing 38-3

directed broadcasts 38-14

disabling 38-19

dynamic routing 38-3

enabling 38-19

EtherChannel Layer 3 interface 38-5

IGP 38-25

inter-VLAN 38-2

IP addressing

classes 38-7

configuring 38-5

IPv6 39-3

IRDP 38-12

Layer 3 interfaces 38-5

MAC address and IP address 38-9

passive interfaces 38-100

protocols

distance-vector 38-3

dynamic 38-3

link-state 38-3

proxy ARP 38-9

redistribution 38-93

reverse address resolution 38-9

routed ports 38-5

static routing 38-3

steps to configure 38-5

subnet mask 38-7

subnet zero 38-7

supernet 38-8

UDP 38-15

with SVIs 38-5

See also BGP

See also EIGRP

See also OSPF

See also RIP

IPv4 ACLs

applying to interfaces 35-20

extended, creating 35-11

named 35-15

standard, creating 35-10

IPv4 and IPv6

dual protocol stacks 39-5

IPv6

ACLs

displaying 41-8

limitations 41-3

matching criteria 41-3

port 41-1

precedence 41-2

router 41-1

supported 41-2

addresses 39-2

address formats 39-2

and switch stacks 39-9

applications 39-5

assigning address 39-11

autoconfiguration 39-5

CEFv6 39-18

configuring static routes 39-19

default configuration 39-10

default router preference (DRP) 39-4

defined 39-1

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 39-7

EIGRP IPv6 Commands 39-7

Router ID 39-7

feature limitations 39-8

features not supported 39-8

forwarding 39-11

ICMP 39-4

monitoring 39-26

neighbor discovery 39-4

OSPF 39-6

path MTU discovery 39-4

SDM templates 9-2, 40-1, 41-1

stack master functions 39-9

Stateless Autoconfiguration 39-5

supported features 39-2

switch limitations 39-8

understanding static routes 39-6

IPv6 traffic, filtering 41-4

IRDP

configuring 38-13

definition 38-12

support for 1-13

IS-IS

addresses 38-64

area routing 38-64

default configuration 38-66

monitoring 38-73

show commands 38-73

system routing 38-64

ISL

and IPv6 39-3

and trunk ports 12-3

encapsulation 1-8, 14-16

trunking with IEEE 802.1 tunneling 18-4

ISO CLNS

clear commands 38-73

dynamic routing protocols 38-64

monitoring 38-73

NETs 38-64

NSAPs 38-64

OSI standard 38-64

ISO IGRP

area routing 38-64

system routing 38-64

isolated port 17-2

isolated VLANs 17-2, 17-3

J

join messages, IGMP 25-3

K

KDC

described 10-32

See also Kerberos

keepalive messages 19-2

Kerberos

authenticating to

boundary switch 10-35

KDC 10-35

network services 10-35

configuration examples 10-32

configuring 10-35

credentials 10-32

cryptographic software image 10-32

described 10-32

KDC 10-32

operation 10-34

realm 10-34

server 10-34

support for 1-11

switch as trusted third party 10-32

terms 10-33

TGT 10-34

tickets 10-32

key distribution center

See KDC

L

l2protocol-tunnel command 18-13

LACP

Layer 2 protocol tunneling 18-9

See EtherChannel

Layer 2 frames, classification with CoS 36-2

Layer 2 interfaces, default configuration 12-16

Layer 2 protocol tunneling

configuring 18-10

configuring for EtherChannels 18-14

default configuration 18-11

defined 18-8

guidelines 18-12

Layer 2 traceroute

and ARP 49-17

and CDP 49-16

broadcast traffic 49-16

described 49-16

IP addresses and subnets 49-17

MAC addresses and VLANs 49-16

multicast traffic 49-16

multiple devices on a port 49-17

unicast traffic 49-16

usage guidelines 49-16

Layer 3 features 1-12

Layer 3 interfaces

assigning IP addresses to 38-7

assigning IPv4 and IPv6 addresses to 39-14

assigning IPv6 addresses to 39-11

changing from Layer 2 mode 38-7, 38-81

types of 38-5

Layer 3 packets, classification methods 36-2

LDAP 5-2

Leaking IGMP Reports 22-4

LEDs, switch

See hardware installation guide

lightweight directory access protocol

See LDAP

line configuration mode 2-3

Link Aggregation Control Protocol

See EtherChannel

link failure, detecting unidirectional 20-8

Link Layer Discovery Protocol

See CDP

link local unicast addresses 39-3

link redundancy

See Flex Links

links, unidirectional 29-1

link state advertisements (LSAs) 38-30

link-state protocols 38-3

link-state tracking

configuring 37-25

described 37-23

LLDP

configuring 28-4

characteristics 28-5

default configuration 28-4

enabling 28-5

monitoring and maintaining 28-10

overview 28-1

supported TLVs 28-2

switch stack considerations 28-2

transmission timer and holdtime, setting 28-5

LLDP-MED

configuring

procedures 28-4

TLVs 28-6

monitoring and maintaining 28-10

overview 28-1, 28-2

supported TLVs 28-2

LLDP Media Endpoint Discovery

See LLDP-MED

load balancing 42-4

local SPAN 30-2

location TLV 28-3, 28-6

logging messages, ACL 35-9

login authentication

with RADIUS 10-23

with TACACS+ 10-14

login banners 8-17

log messages

See system message logging

Long-Reach Ethernet (LRE) technology 1-19, 1-25

loop guard

described 21-11

enabling 21-18

support for 1-8

LRE profiles, considerations in switch clusters 7-16

M

MAB

See MAC authentication bypass

MAB aging timer 1-9

MAB inactivity timer

default setting 11-32

range 11-34

MAC/PHY configuration status TLV 28-2

MAC addresses

aging time 8-21

and VLAN association 8-20

building the address table 8-20

default configuration 8-21

disabling learning on a VLAN 8-27

discovering 8-28

displaying 8-27

displaying in the IP source binding table 23-20

dynamic

learning 8-20

removing 8-22

in ACLs 35-28

IP address association 38-9

static

adding 8-24

allowing 8-26, 8-27

characteristics of 8-24

dropping 8-25

removing 8-24

MAC address learning 1-6

MAC address learning, disabling on a VLAN 8-27

MAC address notification, support for 1-14

MAC address-table move update

configuration guidelines 22-8

configuring 22-12

default configuration 22-8

description 22-6

monitoring 22-14

MAC address-to-VLAN mapping 14-28

MAC authentication bypass 11-34

configuring 11-53

overview 11-14

See MAB

MAC extended access lists

applying to Layer 2 interfaces 35-29

configuring for QoS 36-45

creating 35-28

defined 35-28

for QoS classification 36-5

macros

See Auto Smartports macros

See Smartports macros

magic packet 11-23

manageability features 1-5

management access

in-band

browser session 1-6

CLI session 1-6

device manager 1-6

SNMP 1-6

out-of-band console port connection 1-6

management address TLV 28-2

management options

CLI 2-1

clustering 1-3

CNS 5-1

Network Assistant 1-2

overview 1-5

switch stacks 1-3

management VLAN

considerations in switch clusters 7-7

discovery through different management VLANs 7-7

mapping tables for QoS

configuring

CoS-to-DSCP 36-61

DSCP 36-61

DSCP-to-CoS 36-65

DSCP-to-DSCP-mutation 36-66

IP-precedence-to-DSCP 36-63

policed-DSCP 36-64

described 36-12

marking

action with aggregate policers 36-59

described 36-4, 36-8

matching

IPv6 ACLs 41-3

matching, IPv4 ACLs 35-8

maximum aging time

MSTP 20-24

STP 19-23

maximum hop count, MSTP 20-24

maximum number of allowed devices, port-based authentication 11-34

maximum-paths command 38-52, 38-90

MDA

configuration guidelines11-11to 11-12

described 1-10, 11-11

exceptions with authentication process 11-5

membership mode, VLAN port 14-3

member switch

automatic discovery 7-5

defined 7-2

managing 7-16

passwords 7-13

recovering from lost connectivity 49-12

requirements 7-4

See also candidate switch, cluster standby group, and standby command switch

messages, to users through banners 8-17

metrics, in BGP 38-52

metric translations, between routing protocols 38-96

metro tags 18-2

MHSRP 42-4

MIBs

accessing files with FTP B-3

location of files B-3

overview 33-1

SNMP interaction with 33-4

supported B-1

mini-point-of-presence

See POP

mirroring traffic for analysis 30-1

mismatches, autonegotiation 49-12

module number 12-11

monitoring

access groups 35-41

BGP 38-63

cables for unidirectional links 29-1

CDP 27-5

CEF 38-90

EIGRP 38-42

fallback bridging 48-11

features 1-14

Flex Links 22-14

HSRP 42-13

IEEE 802.1Q tunneling 18-18

IGMP

filters 25-29

snooping 25-16, 40-11

interfaces 12-29

IP

address tables 38-18

multicast routing 46-61

routes 38-103

IP SLAs operations 43-13

IPv4 ACL configuration 35-41

IPv6 39-26

IPv6 ACL configuration 41-8

IS-IS 38-73

ISO CLNS 38-73

Layer 2 protocol tunneling 18-18

MAC address-table move update 22-14

MSDP peers 47-18

multicast router interfaces 25-17, 40-12

multi-VRF CE 38-88

MVR 25-24

network traffic for analysis with probe 30-2

object tracking 44-12

OSPF 38-34

port

blocking 26-19

protection 26-19

private VLANs 17-14

RP mapping information 46-34

SFP status 12-30, 49-14

source-active messages 47-18

speed and duplex mode 12-19

SSM mapping 46-22

traffic flowing among switches 31-1

traffic suppression 26-19

tunneling 18-18

VLAN

filters 35-42

maps 35-42

VLANs 14-16

VMPS 14-32

VTP 15-16

mrouter Port 22-3

mrouter port 22-5

MSDP

benefits of 47-3

clearing MSDP connections and statistics 47-18

controlling source information

forwarded by switch 47-11

originated by switch 47-8

received by switch 47-13

default configuration 47-4

dense-mode regions

sending SA messages to 47-16

specifying the originating address 47-17

filtering

incoming SA messages 47-14

SA messages to a peer 47-12

SA requests from a peer 47-10

join latency, defined 47-6

meshed groups

configuring 47-15

defined 47-15

originating address, changing 47-17

overview 47-1

peer-RPF flooding 47-2

peers

configuring a default 47-4

monitoring 47-18

peering relationship, overview 47-1

requesting source information from 47-8

shutting down 47-15

source-active messages

caching 47-6

clearing cache entries 47-18

defined 47-2

filtering from a peer 47-10

filtering incoming 47-14

filtering to a peer 47-12

limiting data with TTL 47-13

monitoring 47-18

restricting advertised sources 47-9

support for 1-13

MSTP

boundary ports

configuration guidelines 20-16

described 20-6

BPDU filtering

described 21-3

enabling 21-14

BPDU guard

described 21-2

enabling 21-13

CIST, described 20-3

CIST regional root 20-3

CIST root 20-5

configuration guidelines 20-15, 21-12

configuring

forward-delay time 20-23

hello time 20-22

link type for rapid convergence 20-24

maximum aging time 20-24

maximum hop count 20-24

MST region 20-16

neighbor type 20-25

path cost 20-21

port priority 20-20

root switch 20-17

secondary root switch 20-19

switch priority 20-22

CST

defined 20-3

operations between regions 20-4

default configuration 20-15

default optional feature configuration 21-12

displaying status 20-26

enabling the mode 20-16

EtherChannel guard

described 21-10

enabling 21-17

extended system ID

effects on root switch 20-17

effects on secondary root switch 20-19

unexpected behavior 20-18

IEEE 802.1s

implementation 20-6

port role naming change 20-7

terminology 20-5

instances supported 19-10

interface state, blocking to forwarding 21-2

interoperability and compatibility among modes 19-11

interoperability with IEEE 802.1D

described 20-9

restarting migration process 20-26

IST

defined 20-3

master 20-3

operations within a region 20-3

loop guard

described 21-11

enabling 21-18

mapping VLANs to MST instance 20-16

MST region

CIST 20-3

configuring 20-16

described 20-2

hop-count mechanism 20-5

IST 20-3

supported spanning-tree instances 20-2

optional features supported 1-8

overview 20-2

Port Fast

described 21-2

enabling 21-12

preventing root switch selection 21-10

root guard

described 21-10

enabling 21-18

root switch

configuring 20-18

effects of extended system ID 20-17

unexpected behavior 20-18

shutdown Port Fast-enabled port 21-2

stack changes, effects of 20-8

status, displaying 20-26

multiauth mode

See multiple-authentication mode

multicast groups

Immediate Leave 25-5

joining 25-3

leaving 25-5

static joins 25-10, 40-8

multicast packets

ACLs on 35-41

blocking 26-8

multicast router interfaces, monitoring 25-17, 40-12

multicast router ports, adding 25-9, 40-8

Multicast Source Discovery Protocol

See MSDP

multicast storm 26-1

multicast storm-control command 26-4

multicast television application 25-18

multicast VLAN 25-17

Multicast VLAN Registration

See MVR

multidomain authentication

See MDA

multioperations scheduling, IP SLAs 43-5

multiple authentication 11-12

multiple authentication mode

configuring 11-41

Multiple HSRP

See MHSRP

multiple VPN routing/forwarding in customer edge devices

See multi-VRF CE

multi-VRF CE

configuration example 38-84

configuration guidelines 38-77

configuring 38-76

default configuration 38-76

defined 38-74

displaying 38-88

monitoring 38-88

network components 38-76

packet-forwarding process 38-76

support for 1-13

MVR

and address aliasing 25-21

and IGMPv3 25-21

configuration guidelines 25-20

configuring interfaces 25-22

default configuration 25-20

described 25-17

example application 25-18

in the switch stack 25-20

modes 25-21

monitoring 25-24

multicast television application 25-18

setting global parameters 25-21

support for 1-4

N

NAC

AAA down policy 1-11

critical authentication 11-20, 11-50

IEEE 802.1x authentication using a RADIUS server 11-54

IEEE 802.1x validation using RADIUS server 11-54

inaccessible authentication bypass 1-11, 11-50

Layer 2 IEEE 802.1x validation 1-11, 11-25, 11-54

Layer 2 IP validation 1-11

named IPv4 ACLs 35-15

NameSpace Mapper

See NSM

native VLAN

and IEEE 802.1Q tunneling 18-4

configuring 14-23

default 14-23

NEAT

configuring 11-55

overview 11-26

neighbor discovery, IPv6 39-4

neighbor discovery/recovery, EIGRP 38-35

neighbors, BGP 38-58

Network Admission Control

NAC

Network Admission Control Software Configuration Guide 11-62, 11-63

Network Assistant

benefits 1-2

described 1-5

downloading image files 1-3

guide mode 1-2

management options 1-2

managing switch stacks 6-2, 6-15

upgrading a switch C-23

wizards 1-3

network configuration examples

cost-effective wiring closet 1-19

high-performance wiring closet 1-20

increasing network performance 1-18

large network 1-24

long-distance, high-bandwidth transport 1-27

multidwelling network 1-25

providing network services 1-18

redundant Gigabit backbone 1-20

server aggregation and Linux server cluster 1-21

small to medium-sized network 1-23

network design

performance 1-18

services 1-18

Network Edge Access Topology

See NEAT

network management

CDP 27-1

RMON 31-1

SNMP 33-1

network performance, measuring with IP SLAs 43-3

network policy TLV 28-2, 28-7

Network Time Protocol

See NTP

no commands 2-4

nonhierarchical policy maps

configuration guidelines 36-33

described 36-9

non-IP traffic filtering 35-28

nontrunking mode 14-18

normal-range VLANs 14-4

configuration guidelines 14-6

configuration modes 14-7

configuring 14-4

defined 14-1

no switchport command 12-4

not-so-stubby areas

See NSSA

NSAPs, as ISO IGRP addresses 38-64

NSF Awareness

IS-IS 38-66

NSM 5-3

NSSA, OSPF 38-30

NTP

associations

authenticating 8-4

defined 8-2

enabling broadcast messages 8-6

peer 8-5

server 8-5

default configuration 8-4

displaying the configuration 8-11

overview 8-2

restricting access

creating an access group 8-8

disabling NTP services per interface 8-10

source IP address, configuring 8-10

stratum 8-2

support for 1-6

synchronizing devices 8-5

time

services 8-2

synchronizing 8-2

O

object tracking

HSRP 44-7

IP SLAs 44-9

IP SLAs, configuring 44-9

monitoring 44-12

offline configuration for switch stacks 6-6

online diagnostics

overview 50-1

running tests 50-3

understanding 50-1

open1x

configuring 11-59

open1x authentication

overview 11-25

Open Shortest Path First

See OSPF

optimizing system resources 9-1

options, management 1-5

OSPF

area parameters, configuring 38-30

configuring 38-28

default configuration

metrics 38-32

route 38-31

settings 38-26

described 38-25

for IPv6 39-6

interface parameters, configuring 38-29

LSA group pacing 38-33

monitoring 38-34

router IDs 38-33

route summarization 38-31

support for 1-12

virtual links 38-31

out-of-profile markdown 1-12

P

packet modification, with QoS 36-19

PAgP

Layer 2 protocol tunneling 18-9

See EtherChannel

parallel paths, in routing tables 38-90

passive interfaces

configuring 38-100

OSPF 38-32

passwords

default configuration 10-2

disabling recovery of 10-5

encrypting 10-3

for security 1-9

in clusters 7-13

overview 10-1

recovery of 49-3

setting

enable 10-3

enable secret 10-3

Telnet 10-6

with usernames 10-6

VTP domain 15-8

path cost

MSTP 20-21

STP 19-20

path MTU discovery 39-4

PBR

defined 38-97

enabling 38-98

fast-switched policy-based routing 38-100

local policy-based routing 38-100

PC (passive command switch) 7-10

peers, BGP 38-58

percentage thresholds in tracked lists 44-6

performance, network design 1-18

performance features 1-4

persistent self-signed certificate 10-43

per-user ACLs and Filter-Ids 11-8

per-VLAN spanning-tree plus

See PVST+

PE to CE routing, configuring 38-84

physical ports 12-2

PIM

default configuration 46-10

dense mode

overview 46-4

rendezvous point (RP), described 46-5

RPF lookups 46-8

displaying neighbors 46-62

enabling a mode 46-13

overview 46-4

router-query message interval, modifying 46-37

shared tree and source tree, overview 46-35

shortest path tree, delaying the use of 46-36

sparse mode

join messages and shared tree 46-5

overview 46-5

prune messages 46-5

RPF lookups 46-8

stub routing

configuration guidelines 46-22

displaying 46-62

enabling 46-23

overview 46-5

support for 1-13

versions

interoperability 46-11

troubleshooting interoperability problems 46-35

v2 improvements 46-4

PIM-DVMRP, as snooping method 25-8

ping

character output description 49-15

executing 49-15

overview 49-14

PoE

auto mode 12-8

CDP with power consumption, described 12-7

CDP with power negotiation, described 12-7

Cisco intelligent power management 12-7

configuring 12-22

devices supported 12-7

high-power devices operating in low-power mode 12-7

IEEE power classification levels 12-8

power budgeting 12-23

power consumption 12-23

powered-device detection and initial power allocation 12-7

power management modes 12-8

power negotiation extensions to CDP 12-7

standards supported 12-7

static mode 12-9

troubleshooting 49-13

policed-DSCP map for QoS 36-64

policers

configuring

for each matched traffic class 36-48

for more than one traffic class 36-59

described 36-4

displaying 36-79

number of 36-34

types of 36-9

policing

described 36-4

hierarchical

See hierarchical policy maps

token-bucket algorithm 36-9

policy-based routing

See PBR

policy maps for QoS

characteristics of 36-48

described 36-7

displaying 36-80

hierarchical 36-8

hierarchical on SVIs

configuration guidelines 36-33

configuring 36-52

described 36-11

nonhierarchical on physical ports

configuration guidelines 36-33

described 36-9

POP 1-25

port ACLs

defined 35-2

types of 35-3

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting 11-13

authentication server

defined 11-3

RADIUS server 11-3

client, defined 11-3

configuration guidelines 11-32

configuring

802.1x authentication 11-38

guest VLAN 11-47

host mode 11-41

inaccessible authentication bypass 11-50

manual re-authentication of a client 11-43

periodic re-authentication 11-42

quiet period 11-43

RADIUS server 11-40

RADIUS server parameters on the switch 11-39

restricted VLAN 11-48

switch-to-client frame-retransmission number 11-45

switch-to-client retransmission time 11-44

violation modes 11-37

default configuration 11-31

described 11-1

device roles 11-2

displaying statistics 11-65

downloadable ACLs and redirect URLs

configuring11-57to 11-59

overview11-17to 11-18

EAPOL-start frame 11-5

EAP-request/identity frame 11-5

EAP-response/identity frame 11-5

encapsulation 11-3

flexible authentication ordering

configuring 11-59

overview 11-25

guest VLAN

configuration guidelines 11-19, 11-20

described 11-18

host mode 11-11

inaccessible authentication bypass

configuring 11-50

described 11-20

guidelines 11-33

initiation and message exchange 11-5

magic packet 11-23

maximum number of allowed devices per port 11-34

method lists 11-38

multiple authentication 11-12

per-user ACLs

AAA authorization 11-38

configuration tasks 11-17

described 11-16

RADIUS server attributes 11-16

ports

authorization state and dot1x port-control command 11-9

authorized and unauthorized 11-9

critical 11-20

voice VLAN 11-21

port security

and voice VLAN 11-23

described 11-22

interactions 11-22

multiple-hosts mode 11-11

readiness check

configuring 11-35

described 11-14, 11-35

resetting to default values 11-64

stack changes, effects of 11-10

statistics, displaying 11-65

switch

as proxy 11-3

RADIUS client 11-3

switch supplicant

configuring 11-55

overview 11-26

upgrading from a previous release 36-26

VLAN assignment

AAA authorization 11-38

characteristics 11-15

configuration tasks 11-16

described 11-15

voice aware 802.1x security

configuring 11-36

described 11-26, 11-36

voice VLAN

described 11-21

PVID 11-21

VVID 11-21

wake-on-LAN, described 11-23

port-based authentication methods, supported 11-7

port blocking 1-4, 26-7

port-channel

See EtherChannel

port description TLV 28-2

Port Fast

described 21-2

enabling 21-12

mode, spanning tree 14-29

support for 1-8

port membership modes, VLAN 14-3

port priority

MSTP 20-20

STP 19-18

ports

10-Gigabit Ethernet module 12-6

access 12-3

blocking 26-7

dynamic access 14-3

IEEE 802.1Q tunnel 14-4

protected 26-6

routed 12-4

secure 26-8

static-access 14-3, 14-11

switch 12-2

trunks 14-3, 14-16

VLAN assignments 14-11

port security

aging 26-17

and private VLANs 26-18

and QoS trusted boundary 36-38

and stacking 26-18

configuring 26-13

default configuration 26-11

described 26-8

displaying 26-19

enabling 26-18

on trunk ports 26-14

sticky learning 26-9

violations 26-10

with other features 26-11

port-shutdown response, VMPS 14-28

port VLAN ID TLV 28-2

power management TLV 28-2, 28-7

Power over Ethernet

See PoE

preemption, default configuration 22-7

preemption delay, default configuration 22-8

preferential treatment of traffic

See QoS

prefix lists, BGP 38-56

preventing unauthorized access 10-1

primary interface for object tracking, DHCP, configuring 44-11

primary interface for static routing, configuring 44-10

primary links 22-2

primary VLANs 17-1, 17-3

priority

HSRP 42-8

overriding CoS 16-6

trusting CoS 16-6

private VLAN edge ports

See protected ports

private VLANs

across multiple switches 17-4

and SDM template 17-4

and SVIs 17-5

and switch stacks 17-5

benefits of 17-1

community ports 17-2

community VLANs 17-2, 17-3

configuration guidelines 17-7, 17-8

configuration tasks 17-6

configuring 17-9

default configuration 17-6

end station access to 17-3

IP addressing 17-3

isolated port 17-2

isolated VLANs 17-2, 17-3

mapping 17-13

monitoring 17-14

ports

community 17-2

configuration guidelines 17-8

configuring host ports 17-11

configuring promiscuous ports 17-12

described 14-4

isolated 17-2

promiscuous 17-2

primary VLANs 17-1, 17-3

promiscuous ports 17-2

secondary VLANs 17-2

subdomains 17-1

traffic in 17-5

privileged EXEC mode 2-2

privilege levels

changing the default for lines 10-9

command switch 7-17

exiting 10-9

logging into 10-9

mapping on member switches 7-17

overview 10-2, 10-7

setting a command with 10-8

promiscuous ports

configuring 17-12

defined 17-2

protected ports 1-9, 26-6

protocol-dependent modules, EIGRP 38-36

Protocol-Independent Multicast Protocol

See PIM

provider edge devices 38-75

provisioned switches and IP source guard 23-18

provisioning new members for a switch stack 6-6

proxy ARP

configuring 38-11

definition 38-9

with IP routing disabled 38-12

proxy reports 22-3

pruning, VTP

disabling

in VTP domain 15-14

on a port 14-23

enabling

in VTP domain 15-14

on a port 14-23

examples 15-5

overview 15-4

pruning-eligible list

changing 14-23

for VTP pruning 15-5

VLANs 15-14

PVST+

described 19-10

IEEE 802.1Q trunking interoperability 19-11

instances supported 19-10

Q

QoS

and MQC commands 36-1

auto-QoS

categorizing traffic 36-20

configuration and defaults display 36-29

configuration guidelines 36-25

described 36-20

disabling 36-27

displaying generated commands 36-27

displaying the initial configuration 36-29

effects on running configuration 36-25

egress queue defaults 36-21

enabling for VoIP 36-27

example configuration 36-28

ingress queue defaults 36-21

list of generated commands 36-22

basic model 36-4

classification

class maps, described 36-7

defined 36-4

DSCP transparency, described 36-40

flowchart 36-6

forwarding treatment 36-3

in frames and packets 36-3

IP ACLs, described 36-5, 36-7

MAC ACLs, described 36-5, 36-7

options for IP traffic 36-5

options for non-IP traffic 36-5

policy maps, described 36-7

trust DSCP, described 36-5

trusted CoS, described 36-5

trust IP precedence, described 36-5

class maps

configuring 36-46

displaying 36-79

configuration guidelines

auto-QoS 36-25

standard QoS 36-33

configuring

aggregate policers 36-59

auto-QoS 36-20

default port CoS value 36-38

DSCP maps 36-61

DSCP transparency 36-40

DSCP trust states bordering another domain 36-40

egress queue characteristics 36-71

ingress queue characteristics 36-67

IP extended ACLs 36-44

IP standard ACLs 36-43

MAC ACLs 36-45

policy maps, hierarchical 36-52

port trust states within the domain 36-36

trusted boundary 36-38

default auto configuration 36-20

default standard configuration 36-30

displaying statistics 36-79

DSCP transparency 36-40

egress queues

allocating buffer space 36-72

buffer allocation scheme, described 36-17

configuring shaped weights for SRR 36-75

configuring shared weights for SRR 36-77

described 36-4

displaying the threshold map 36-75

flowchart 36-17

mapping DSCP or CoS values 36-74

scheduling, described 36-4

setting WTD thresholds 36-72

WTD, described 36-18

enabling globally 36-35

flowcharts

classification 36-6

egress queueing and scheduling 36-17

ingress queueing and scheduling 36-15

policing and marking 36-10

implicit deny 36-7

ingress queues

allocating bandwidth 36-69

allocating buffer space 36-69

buffer and bandwidth allocation, described 36-16

configuring shared weights for SRR 36-69

configuring the priority queue 36-70

described 36-4

displaying the threshold map 36-68

flowchart 36-15

mapping DSCP or CoS values 36-68

priority queue, described 36-16

scheduling, described 36-4

setting WTD thresholds 36-68

WTD, described 36-16

IP phones

automatic classification and queueing 36-20

detection and trusted settings 36-20, 36-38

limiting bandwidth on egress interface 36-78

mapping tables

CoS-to-DSCP 36-61

displaying 36-79

DSCP-to-CoS 36-65

DSCP-to-DSCP-mutation 36-66

IP-precedence-to-DSCP 36-63

policed-DSCP 36-64

types of 36-12

marked-down actions 36-50, 36-56

marking, described 36-4, 36-8

overview 36-2

packet modification 36-19

policers

configuring 36-50, 36-56, 36-59

described 36-8

displaying 36-79

number of 36-34

types of 36-9

policies, attaching to an interface 36-8

policing

described 36-4, 36-8

token bucket algorithm 36-9

policy maps

characteristics of 36-48

displaying 36-80

hierarchical 36-8

hierarchical on SVIs 36-52

nonhierarchical on physical ports 36-48

QoS label, defined 36-4

queues

configuring egress characteristics 36-71

configuring ingress characteristics 36-67

high priority (expedite) 36-19, 36-78

location of 36-13

SRR, described 36-14

WTD, described 36-13

rewrites 36-19

support for 1-11

trust states

bordering another domain 36-40

described 36-5

trusted device 36-38

within the domain 36-36

quality of service

See QoS

queries, IGMP 25-4

query solicitation, IGMP 25-13

R

RADIUS

attributes

vendor-proprietary 10-31

vendor-specific 10-29

configuring

accounting 10-28

authentication 10-23

authorization 10-27

communication, global 10-21, 10-29

communication, per-server 10-20, 10-21

multiple UDP ports 10-20

default configuration 10-20

defining AAA server groups 10-25

displaying the configuration 10-32

identifying the server 10-20

in clusters 7-16

limiting the services to the user 10-27

method list, defined 10-19

operation of 10-19

overview 10-18

server load balancing 10-31

suggested network environments 10-18

support for 1-11

tracking services accessed by user 10-28

range

macro 12-14

of interfaces 12-12

rapid convergence 20-10

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described 19-10

IEEE 802.1Q trunking interoperability 19-11

instances supported 19-10

Rapid Spanning Tree Protocol

See RSTP

RARP 38-9

rcommand command 7-16

RCP

configuration files

downloading C-17

overview C-15

preparing the server C-16

uploading C-18

image files

deleting old image C-36

downloading C-35

preparing the server C-34

uploading C-36

reachability, tracking IP SLAs IP host 44-9

readiness check

port-based authentication

configuring 11-35

described 11-14, 11-35

reconfirmation interval, VMPS, changing 14-31

reconfirming dynamic VLAN membership 14-31

recovery procedures 49-1

redirect URL 11-17, 11-57

redundancy

EtherChannel 37-3

HSRP 42-1

STP

backbone 19-8

multidrop backbone 21-5

path cost 14-26

port priority 14-24

redundant links and UplinkFast 21-15

reliable transport protocol, EIGRP 38-35

reloading software 3-21

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN 30-3

report suppression, IGMP

described 25-6

disabling 25-16, 40-11

resequencing ACL entries 35-15

resets, in BGP 38-50

resetting a UDLD-shutdown interface 29-6

responder, IP SLAs

described 43-4

enabling 43-8

response time, measuring with IP SLAs 43-4

restricted VLAN

configuring 11-48

described 11-19

using with IEEE 802.1x 11-19

restricting access

NTP services 8-8

overview 10-1

passwords and privilege levels 10-2

RADIUS 10-17

TACACS+ 10-10

retry count, VMPS, changing 14-32

reverse address resolution 38-9

Reverse Address Resolution Protocol

See RARP

RFC

1058, RIP 38-19

1112, IP multicast and IGMP 25-2

1157, SNMPv1 33-2

1163, BGP 38-43

1166, IP addresses 38-7

1253, OSPF 38-25

1267, BGP 38-43

1305, NTP 8-2

1587, NSSAs 38-25

1757, RMON 31-2

1771, BGP 38-43

1901, SNMPv2C 33-2

1902 to 1907, SNMPv2 33-2

2236, IP multicast and IGMP 25-2

2273-2275, SNMPv3 33-2

RIP

advertisements 38-20

authentication 38-22

configuring 38-21

default configuration 38-20

described 38-20

for IPv6 39-6

hop counts 38-20

split horizon 38-23

summary addresses 38-23

support for 1-12

RMON

default configuration 31-3

displaying status 31-6

enabling alarms and events 31-3

groups supported 31-2

overview 31-1

statistics

collecting group Ethernet 31-5

collecting group history 31-5

support for 1-14

root guard

described 21-10

enabling 21-18

support for 1-8

root switch

MSTP 20-17

STP 19-16

route calculation timers, OSPF 38-32

route dampening, BGP 38-62

routed packets, ACLs on 35-40

routed ports

configuring 38-5

defined 12-4

in switch clusters 7-8

IP addresses on 12-26, 38-5

route-map command 38-99

route maps

BGP 38-54

policy-based routing 38-97

router ACLs

defined 35-2

types of 35-4

route reflectors, BGP 38-61

router ID, OSPF 38-33

route selection, BGP 38-52

route summarization, OSPF 38-31

route targets, VPN 38-76

routing

default 38-3

dynamic 38-3

redistribution of information 38-93

static 38-3

routing domain confederation, BGP 38-61

Routing Information Protocol

See RIP

routing protocol administrative distances 38-91

RSPAN

and stack changes 30-10

characteristics 30-9

configuration guidelines 30-18

default configuration 30-11

defined 30-3

destination ports 30-8

displaying status 30-25

in a switch stack 30-2

interaction with other features 30-9

monitored ports 30-6

monitoring ports 30-8

overview 1-14, 30-1

received traffic 30-5

session limits 30-11

sessions

creating 30-19

defined 30-4

limiting source traffic to specific VLANs 30-24

specifying monitored ports 30-19

with ingress traffic enabled 30-22

source ports 30-6

transmitted traffic 30-6

VLAN-based 30-7

RSTP

active topology 20-10

BPDU

format 20-12

processing 20-13

designated port, defined 20-9

designated switch, defined 20-9

interoperability with IEEE 802.1D

described 20-9

restarting migration process 20-26

topology changes 20-13

overview 20-9

port roles

described 20-9

synchronized 20-11

proposal-agreement handshake process 20-10

rapid convergence

cross-stack rapid convergence 20-11

described 20-10

edge ports and Port Fast 20-10

point-to-point links 20-10, 20-24

root ports 20-10

root port, defined 20-9

See also MSTP

running configuration

replacing C-19, C-20

rolling back C-19, C-20

running configuration, saving 3-15

S

SC (standby command switch) 7-10

scheduled reloads 3-21

scheduling, IP SLAs operations 43-5

SCP

and SSH 10-49

configuring 10-49

SDM

described 9-1

switch stack consideration 6-9

templates

configuring 9-6

number of 9-1

SDM mismatch mode 6-9, 9-4

SDM template 41-4

aggregator 9-2

configuration guidelines 9-5

configuring 9-4

desktop 9-2

dual IPv4 and IPv6 9-2

types of 9-1

secondary VLANs 17-2

Secure Copy Protocol

secure HTTP client

configuring 10-48

displaying 10-49

secure HTTP server

configuring 10-47

displaying 10-49

secure MAC addresses

and switch stacks 26-18

deleting 26-16

maximum number of 26-10

types of 26-9

secure ports

and switch stacks 26-18

configuring 26-8

secure remote connections 10-38

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port 26-8

security features 1-9

See SCP

sequence numbers in log messages 32-8

server mode, VTP 15-3

service-provider network, MSTP and RSTP 20-1

service-provider networks

and customer VLANs 18-2

and IEEE 802.1Q tunneling 18-1

Layer 2 protocols across 18-8

Layer 2 protocol tunneling for EtherChannels 18-9

set-request operation 33-5

setup program

failed command switch replacement 49-11

replacing failed command switch 49-9

severity levels, defining in system messages 32-9

SFPs

monitoring status of 12-30, 49-14

numbering of 12-11

security and identification 49-13

status, displaying 49-14

shaped round robin

See SRR

Shell functions

See Auto Smartports macros

Shell triggers

See Auto Smartports macros

show access-lists hw-summary command 35-22

show and more command output, filtering 2-10

show cdp traffic command 27-5

show cluster members command 7-16

show configuration command 12-24

show forward command 49-22

show interfaces command 12-19, 12-24

show interfaces switchport 22-4

show l2protocol command 18-13, 18-15, 18-16

show lldp traffic command 28-11

show platform forward command 49-22

show running-config command

displaying ACLs 35-20, 35-21, 35-32, 35-35

interface description in 12-24

shutdown command on interfaces 12-31

shutdown threshold for Layer 2 protocol packets 18-11

Simple Network Management Protocol

See SNMP

small form-factor pluggable modules

See SFPs

small-frame arrival rate, configuring 26-5

Smartports macros

applying Cisco-default macros 13-12

applying global parameter values 13-13

configuration guidelines 13-12

default configuration 13-11

defined 13-1

displaying 13-14

tracing 13-12

SNAP 27-1

SNMP

accessing MIB variables with 33-4

agent

described 33-4

disabling 33-8

and IP SLAs 43-2

authentication level 33-11

community strings

configuring 33-8

for cluster switches 33-4

overview 33-4

configuration examples 33-18

default configuration 33-7

engine ID 33-7

groups 33-7, 33-10

host 33-7

ifIndex values 33-6

in-band management 1-6

in clusters 7-14

informs

and trap keyword 33-12

described 33-5

differences from traps 33-5

disabling 33-16

enabling 33-16

limiting access by TFTP servers 33-17

limiting system log messages to NMS 32-10

manager functions 1-5, 33-3

managing clusters with 7-17

MIBs

location of B-3

supported B-1

notifications 33-5

overview 33-1, 33-4

security levels 33-3

setting CPU threshold notification 33-16

status, displaying 33-19

system contact and location 33-17

trap manager, configuring 33-14

traps

described 33-3, 33-5

differences from informs 33-5

disabling 33-16

enabling 33-12

enabling MAC address notification 8-22

overview 33-1, 33-5

types of 33-12

users 33-7, 33-10

versions supported 33-2

SNMP and Syslog Over IPv6 39-7

SNMPv1 33-2

SNMPv2C 33-2

SNMPv3 33-3

snooping, IGMP 25-2

software compatibility

See stacks, switch

software images

location in flash C-24

recovery procedures 49-2

scheduling reloads 3-21

tar file format, described C-24

See also downloading and uploading

source addresses

in IPv4 ACLs 35-12

in IPv6 ACLs 41-5

source-and-destination-IP address based forwarding, EtherChannel 37-9

source-and-destination MAC address forwarding, EtherChannel 37-9

source-IP address based forwarding, EtherChannel 37-9

source-MAC address forwarding, EtherChannel 37-8

Source-specific multicast

See SSM

SPAN

and stack changes 30-10

configuration guidelines 30-11

default configuration 30-11

destination ports 30-8

displaying status 30-25

interaction with other features 30-9

monitored ports 30-6

monitoring ports 30-8

overview 1-14, 30-1

ports, restrictions 26-12

received traffic 30-5

session limits 30-11

sessions

configuring ingress forwarding 30-16, 30-23

creating 30-12

defined 30-4

limiting source traffic to specific VLANs 30-17

removing destination (monitoring) ports 30-14

specifying monitored ports 30-12

with ingress traffic enabled 30-15

source ports 30-6

transmitted traffic 30-6

VLAN-based 30-7

spanning tree and native VLANs 14-19

Spanning Tree Protocol

See STP

SPAN traffic 30-5

split horizon, RIP 38-23

SRR

configuring

shaped weights on egress queues 36-75

shared weights on egress queues 36-77

shared weights on ingress queues 36-69

described 36-14

shaped mode 36-14

shared mode 36-14

support for 1-12

SSH

configuring 10-39

cryptographic software image 10-37

described 1-6, 10-38

encryption methods 10-38

switch stack considerations 6-15, 10-38

user authentication methods, supported 10-39

SSL

configuration guidelines 10-45

configuring a secure HTTP client 10-48

configuring a secure HTTP server 10-46

cryptographic software image 10-42

described 10-42

monitoring 10-49

SSM

address management restrictions 46-16

CGMP limitations 46-16

components 46-14

configuration guidelines 46-15

configuring 46-14, 46-16

differs from Internet standard multicast 46-14

IGMP snooping 46-16

IGMPv3 46-14

IGMPv3 Host Signalling 46-15

IP address range 46-15

monitoring 46-16

operations 46-15

PIM 46-14

state maintenance limitations 46-16

SSM mapping 46-17

configuration guidelines 46-17

configuring 46-17, 46-19

DNS-based 46-18, 46-20

monitoring 46-22

overview 46-18

restrictions 46-18

static 46-18, 46-20

static traffic forwarding 46-21

stack, switch

MAC address of 6-5, 6-18

stack changes

effects on

IPv6 routing 39-9

stack changes, effects on

802.1x port-based authentication 11-10

ACL configuration 35-7

CDP 27-2

cross-stack EtherChannel 37-13

EtherChannel 37-10

fallback bridging 48-3

HSRP 42-5

IGMP snooping 25-6

IP routing 38-4

IPv6 ACLs 41-3

MAC address tables 8-21

MSTP 20-8

multicast routing 46-10

MVR 25-18

port security 26-18

SDM template selection 9-3

SNMP 33-1

SPAN and RSPAN 30-10

STP 19-12

switch clusters 7-14

system message log 32-2

VLANs 14-6

VTP 15-6

stack master

bridge ID (MAC address) 6-5

defined 6-1

election 6-4

IPv6 39-9

See also stacks, switch

stack member

accessing CLI of specific member 6-23

configuring

member number 6-20

priority value 6-21

defined 6-1

displaying information of 6-23

IPv6 39-10

number 6-5

priority value 6-6

provisioning a new member 6-21

replacing 6-14

See also stacks, switch

stack member number 12-11

stack protocol version 6-9

stacks, switch

accessing CLI of specific member 6-23

assigning information

member number 6-20

priority value 6-21

provisioning a new member 6-21

auto-advise 6-11

auto-copy 6-10

auto-extract 6-11

auto-upgrade 6-10

benefits 1-2

bridge ID 6-5

CDP considerations 27-2

compatibility, software 6-9

configuration file 6-14

configuration scenarios 6-16

copying an image file from one member to another C-37

default configuration 6-18

description of 6-1

displaying information of 6-23

enabling persistent MAC address timer 6-18

hardware compatibility and SDM mismatch mode 6-9

HSRP considerations 42-5

in clusters 7-14

incompatible software and image upgrades 6-13, C-37

IPv6 on 39-9

MAC address considerations 8-21

management connectivity 6-15

managing 6-1

membership 6-3

merged 6-3

MSTP instances supported 19-10

multicast routing, stack master and member roles 46-9

offline configuration

described 6-6

effects of adding a provisioned switch 6-7

effects of removing a provisioned switch 6-9

effects of replacing a provisioned switch 6-9

provisioned configuration, defined 6-6

provisioned switch, defined 6-6

provisioning a new member 6-21

partitioned 6-3, 49-8

provisioned switch

adding 6-7

removing 6-9

replacing 6-9

replacing a failed member 6-14

software compatibility 6-9

software image version 6-9

stack protocol version 6-9

STP

bridge ID 19-3

instances supported 19-10

root port selection 19-3

stack root switch election 19-3

system messages

hostnames in the display 32-1

remotely monitoring 32-2

system prompt consideration 8-14

system-wide configuration considerations 6-14

upgrading C-37

version-mismatch (VM) mode

automatic upgrades with auto-upgrade 6-10

examples 6-11

manual upgrades with auto-advise 6-11

upgrades with auto-extract 6-11

version-mismatch mode

described 6-10

See also stack master and stack member

StackWise technology, Cisco 1-3

See also stacks, switch

standby command switch

configuring

considerations 7-11

defined 7-2

priority 7-10

requirements 7-3

virtual IP address 7-11

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

standby ip command 42-6

standby links 22-2

standby router 42-1

standby timers, HSRP 42-11

startup configuration

booting

manually 3-18

specific image 3-19

clearing C-19

configuration file

automatically downloading 3-17

specifying the filename 3-17

default boot configuration 3-17

static access ports

assigning to VLAN 14-11

defined 12-3, 14-3

static addresses

See addresses

static IP routing 1-13

static MAC addressing 1-9

static route primary interface,configuring 44-10

static routes

configuring 38-91

configuring for IPv6 39-19

understanding 39-6

static routing 38-3

static routing support, enhanced object tracking 44-10

static SSM mapping 46-18, 46-20

static traffic forwarding 46-21

static VLAN membership 14-2

statistics

802.1x 11-65

CDP 27-5

interface 12-29

IP multicast routing 46-62

LLDP 28-10

LLDP-MED 28-10

NMSP 28-10

OSPF 38-34

QoS ingress and egress 36-79

RMON group Ethernet 31-5

RMON group history 31-5

SNMP input and output 33-19

VTP 15-16

sticky learning 26-9

storm control

configuring 26-3

described 26-1

disabling 26-5

displaying 26-19

support for 1-4

thresholds 26-1

STP

accelerating root port selection 21-4

BackboneFast

described 21-7

disabling 21-17

enabling 21-16

BPDU filtering

described 21-3

disabling 21-15

enabling 21-14

BPDU guard

described 21-2

disabling 21-14

enabling 21-13

BPDU message exchange 19-3

configuration guidelines 19-13, 21-12

configuring

forward-delay time 19-23

hello time 19-22

maximum aging time 19-23

path cost 19-20

port priority 19-18

root switch 19-16

secondary root switch 19-18

spanning-tree mode 19-15

switch priority 19-21

transmit hold-count 19-24

counters, clearing 19-24

cross-stack UplinkFast

described 21-5

enabling 21-16

default configuration 19-13

default optional feature configuration 21-12

designated port, defined 19-4

designated switch, defined 19-4

detecting indirect link failures 21-8

disabling 19-16

displaying status 19-24

EtherChannel guard

described 21-10

disabling 21-17

enabling 21-17

extended system ID

effects on root switch 19-16

effects on the secondary root switch 19-18

overview 19-4

unexpected behavior 19-16

features supported 1-7

IEEE 802.1D and bridge ID 19-4

IEEE 802.1D and multicast addresses 19-9

IEEE 802.1t and VLAN identifier 19-5

inferior BPDU 19-3

instances supported 19-10

interface state, blocking to forwarding 21-2

interface states

blocking 19-6

disabled 19-7

forwarding 19-6, 19-7

learning 19-7

listening 19-7

overview 19-5

interoperability and compatibility among modes 19-11

keepalive messages 19-2

Layer 2 protocol tunneling 18-7

limitations with IEEE 802.1Q trunks 19-11

load sharing

overview 14-24

using path costs 14-26

using port priorities 14-24

loop guard

described 21-11

enabling 21-18

modes supported 19-10

multicast addresses, effect of 19-9

optional features supported 1-8

overview 19-2

path costs 14-26, 14-27

Port Fast

described 21-2

enabling 21-12

port priorities 14-25

preventing root switch selection 21-10

protocols supported 19-10

redundant connectivity 19-8

root guard

described 21-10

enabling 21-18

root port, defined 19-3

root port selection on a switch stack 19-3

root switch

configuring 19-16

effects of extended system ID 19-4, 19-16

election 19-3

unexpected behavior 19-16

shutdown Port Fast-enabled port 21-2

stack changes, effects of 19-12

status, displaying 19-24

superior BPDU 19-3

timers, described 19-22

UplinkFast

described 21-3

enabling 21-15

VLAN-bridge 19-11

stratum, NTP 8-2

stub areas, OSPF 38-30

stub routing, EIGRP 38-41

subdomains, private VLAN 17-1

subnet mask 38-7

subnet zero 38-7

success response, VMPS 14-28

summer time 8-13

SunNet Manager 1-5

supernet 38-8

supported port-based authentication methods 11-7

Smartports macros

See also Auto Smartports macros

SVI autostate exclude

configuring 12-27

defined 12-6

SVI link state 12-6

SVIs

and IP unicast routing 38-5

and router ACLs 35-4

connecting VLANs 12-9

defined 12-5

routing between VLANs 14-2

switch 39-2

switch clustering technology 7-1

See also clusters, switch

switch console port 1-6

Switch Database Management

See SDM

switched packets, ACLs on 35-39

Switched Port Analyzer

See SPAN

switched ports 12-2

switchport backup interface 22-4, 22-5

switchport block multicast command 26-8

switchport block unicast command 26-8

switchport command 12-16

switchport mode dot1q-tunnel command 18-6

switchport protected command 26-7

switch priority

MSTP 20-22

STP 19-21

switch software features 1-1

switch stacks

Catalyst 3750G wireless LAN controller switch A-2

switch virtual interface

See SVI

synchronization, BGP 38-48

syslog

See system message logging

system capabilities TLV 28-2

system clock

configuring

daylight saving time 8-13

manually 8-11

summer time 8-13

time zones 8-12

displaying the time and date 8-12

overview 8-1

See also NTP

system description TLV 28-2

system message logging

default configuration 32-4

defining error message severity levels 32-9

disabling 32-4

displaying the configuration 32-14

enabling 32-5

facility keywords, described 32-14

level keywords, described 32-10

limiting messages 32-10

message format 32-2

overview 32-1

sequence numbers, enabling and disabling 32-8

setting the display destination device 32-5

stack changes, effects of 32-2

synchronizing log messages 32-6

syslog facility 1-14

time stamps, enabling and disabling 32-8

UNIX syslog servers

configuring the daemon 32-12

configuring the logging facility 32-13

facilities supported 32-14

system MTU

and IS-IS LSPs 38-69

system MTU and IEEE 802.1Q tunneling 18-5

system name

default configuration 8-15

default setting 8-15

manual configuration 8-15

See also DNS

system name TLV 28-2

system prompt, default setting 8-14, 8-15

system resources, optimizing 9-1

system routing

IS-IS 38-64

ISO IGRP 38-64

T

TACACS+

accounting, defined 10-11

authentication, defined 10-11

authorization, defined 10-11

configuring

accounting 10-17

authentication key 10-13

authorization 10-16

login authentication 10-14

default configuration 10-13

displaying the configuration 10-17

identifying the server 10-13

in clusters 7-16

limiting the services to the user 10-16

operation of 10-12

overview 10-10

support for 1-11

tracking services accessed by user 10-17

tagged packets

IEEE 802.1Q 18-3

Layer 2 protocol 18-7

tar files

creating C-6

displaying the contents of C-7

extracting C-7

image file format C-24

TCL script, registering and defining with embedded event manager 34-6

TDR 1-14

Telnet

accessing management interfaces 2-11

number of connections 1-6

setting a password 10-6

templates, SDM 9-2

temporary self-signed certificate 10-43

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password 10-6

TFTP

configuration files

downloading C-11

preparing the server C-10

uploading C-12

configuration files in base directory 3-7

configuring for autoconfiguration 3-7

image files

deleting C-27

downloading C-26

preparing the server C-26

uploading C-28

limiting access by servers 33-17

TFTP server 1-5

threshold, traffic level 26-2

threshold monitoring, IP SLAs 43-6

time

See NTP and system clock

Time Domain Reflector

See TDR

time-range command 35-17

time ranges in ACLs 35-17

time stamps in log messages 32-8

time zones 8-12

TLVs

defined 28-1

LLDP 28-2

LLDP-MED 28-2

Token Ring VLANs

support for 14-6

VTP support 15-4

ToS 1-11

traceroute, Layer 2

and ARP 49-17

and CDP 49-16

broadcast traffic 49-16

described 49-16

IP addresses and subnets 49-17

MAC addresses and VLANs 49-16

multicast traffic 49-16

multiple devices on a port 49-17

unicast traffic 49-16

usage guidelines 49-16

traceroute command 49-18

See also IP traceroute

tracked lists

configuring 44-3

types 44-3

tracked objects

by Boolean expression 44-4

by threshold percentage 44-6

by threshold weight 44-5

tracking interface line-protocol state 44-2

tracking IP routing state 44-2

tracking objects 44-1

tracking process 44-1

track state, tracking IP SLAs 44-9

traffic

blocking flooded 26-8

fragmented 35-5

fragmented IPv6 41-2

unfragmented 35-5

traffic policing 1-12

traffic suppression 26-1

transmit hold-count

see STP

transparent mode, VTP 15-3, 15-12