Catalyst 3750 Software Configuration Guide, Release 12.2(55)SE
Index
Downloads: This chapterpdf (PDF - 2.04MB) The complete bookPDF (PDF - 14.53MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -

Index

ACLs (continued)
ACLs (continued)
authentication (continued)
banners (continued)
CLI (continued)
clusters, switch (continued)
cross-stack EtherChannel (continued)
default configuration (continued)
default configuration (continued)
DHCP snooping (continued)
downloading (continued)
DVMRP (continued)
dynamic ARP inspection (continued)
EtherChannel (continued)
EtherChannel (continued)
IGMP (continued)
IGMP snooping (continued)
interfaces (continued)
IP multicast routing (continued)
IP multicast routing (continued)
IP SLAs (continued)
IP source guard (continued)
IP unicast routing (continued)
monitoring (continued)
MSDP (continued)
MSTP (continued)
MSTP (continued)
Multi-VRF CE (continued)
NTP (continued)
OSPF (continued)
port-based authentication (continued)
port-base authentication(continued)
port-base authentication (continued)
port security (continued)
private VLANs (continued)
QoS (continued)
QoS (continued)
QoS (continued)
QoS (continued)
RADIUS (continued)
RIP (continued)
SNMP (continued)
stacks, switch (continued)
stacks, switch (continued)
STP (continued)
STP (continued)
VLANs (continued)
VMPS (continued)
VTP (continued)
WCCP (continued)

Numerics

10-Gigabit Ethernet interfaces

configuration guidelines 12-17

defined 12-6

3750G integrated wireless LAN controller switch

configuring the switch A-4

controller and switch interaction A-3

internal ports

configuring A-4

reconfiguring A-5

A

AAA down policy, NAC Layer 2 IP validation 1-12

abbreviating commands 2-4

ABRs 38-25

AC (command switch) 6-11

access-class command 34-20

access control entries

See ACEs

access control entry (ACE) 41-3

access-denied response, VMPS 13-28

access groups

applying IPv4 ACLs to interfaces 34-21

Layer 2 34-21

Layer 3 34-21

accessing

clusters, switch 6-14

command switches 6-12

member switches 6-14

switch clusters 6-14

accessing stack members 5-23

access lists

See ACLs

access ports

and Layer 2 protocol tunneling 17-11

defined 12-3

in switch clusters 6-10

access template 8-1

accounting

with 802.1x 10-53

with IEEE 802.1x 10-17

with RADIUS 9-35

with TACACS+ 9-11, 9-17

ACEs

and QoS 35-8

defined 34-2

Ethernet 34-2

IP 34-2

ACLs

ACEs 34-2

any keyword 34-13

applying

on bridged packets 34-39

on multicast packets 34-41

on routed packets 34-40

on switched packets 34-39

time ranges to 34-17

to an interface 34-20, 41-7

to IPv6 interfaces 41-7

to QoS 35-8

classifying traffic for QoS 35-48

comments in 34-19

compiling 34-23

defined 34-1, 34-8

examples of 34-23, 35-48

extended IP, configuring for QoS classification 35-49

extended IPv4

creating 34-11

matching criteria 34-8

hardware and software handling 34-22

host keyword 34-13

IP

creating 34-8

fragments and QoS guidelines 35-38

implicit deny 34-10, 34-15, 34-17

implicit masks 34-10

matching criteria 34-8

undefined 34-21

IPv4

applying to interfaces 34-20

creating 34-8

matching criteria 34-8

named 34-15

numbers 34-8

terminal lines, setting on 34-20

unsupported features 34-7

IPv6

and stacking 41-3

applying to interfaces 41-7

configuring 41-4, 41-5

displaying 41-8

interactions with other features 41-4

limitations 41-3

matching criteria 41-3

named 41-3

precedence of 41-2

supported 41-2

unsupported features 41-3

Layer 4 information in 34-38

logging messages 34-9

MAC extended 34-28, 35-50

matching 34-8, 34-21, 41-3

monitoring 34-42, 41-8

named, IPv4 34-15

named, IPv6 41-3

names 41-4

number per QoS class map 35-38

port 34-2, 41-1

precedence of 34-2

QoS 35-8, 35-48

resequencing entries 34-15

router 34-2, 41-1

router ACLs and VLAN map configuration guidelines 34-38

standard IP, configuring for QoS classification 35-48

standard IPv4

creating 34-10

matching criteria 34-8

support for 1-10

support in hardware 34-22

time ranges 34-17

types supported 34-2

unsupported features, IPv4 34-7

unsupported features, IPv6 41-3

using router ACLs with VLAN maps 34-37

VLAN maps

configuration guidelines 34-31

configuring 34-30

active link 21-4, 21-5, 21-6

active links 21-2

active router 42-1

active traffic monitoring, IP SLAs 43-1

address aliasing 24-2

addresses

displaying the MAC address table 7-31

dynamic

accelerated aging 18-9

changing the aging time 7-21

default aging 18-9

defined 7-19

learning 7-20

removing 7-22

IPv6 39-2

MAC, discovering 7-31

multicast

group address range 46-3

STP address management 18-9

static

adding and removing 7-27

defined 7-19

address resolution 7-31, 38-9

Address Resolution Protocol

See ARP

adjacency tables, with CEF 38-91

administrative distances

defined 38-103

OSPF 38-33

routing protocol defaults 38-93

advertisements

CDP 26-1

LLDP 27-1, 27-2

RIP 38-20

VTP 13-19, 14-3, 14-4

aggregatable global unicast addresses 39-3

aggregate addresses, BGP 38-61

aggregated ports

See EtherChannel

aggregate policers 35-64

aggregate policing 1-13

aggregator template 5-9, 8-1

aging, accelerating 18-9

aging time

accelerated

for MSTP 19-25

for STP 18-9, 18-23

MAC address table 7-21

maximum

for MSTP 19-26

for STP 18-23, 18-24

alarms, RMON 30-4

allowed-VLAN list 13-22

application engines, redirecting traffic to 45-1

area border routers

See ABRs

area routing

IS-IS 38-66

ISO IGRP 38-66

ARP

configuring 38-10

defined 1-6, 7-31, 38-10

encapsulation 38-11

static cache configuration 38-10

table

address resolution 7-31

managing 7-31

ASBRs 38-25

AS-path filters, BGP 38-55

asymmetrical links, and IEEE 802.1Q tunneling 17-4

attributes, RADIUS

vendor-proprietary 9-38

vendor-specific 9-36

attribute-value pairs 10-14, 10-17, 10-22, 10-23

authentication

EIGRP 38-41

HSRP 42-10

local mode with AAA 9-44

NTP associations 7-5

open1x 10-32

RADIUS

key 9-28

login 9-30

TACACS+

defined 9-11

key 9-13

login 9-14

See also port-based authentication

authentication compatibility with Catalyst 6000 switches 10-9

authentication failed VLAN

See restricted VLAN

authentication keys, and routing protocols 38-104

authentication manager

CLI commands 10-10

compatibility with older 802.1x CLI commands10-10to ??

overview 10-8

authoritative time source, described 7-2

authorization

with RADIUS 9-34

with TACACS+ 9-11, 9-16

authorized ports with IEEE 802.1x 10-11

autoconfiguration 3-4

auto enablement 10-34

automatic advise (auto-advise) in switch stacks 5-12

automatic copy (auto-copy) in switch stacks 5-11

automatic discovery

considerations

beyond a noncandidate device 6-8

brand new switches 6-10

connectivity 6-5

different VLANs 6-7

management VLANs 6-8

non-CDP-capable devices 6-7

noncluster-capable devices 6-7

routed ports 6-9

in switch clusters 6-5

See also CDP

automatic extraction (auto-extract) in switch stacks 5-11

automatic QoS

See QoS

automatic recovery, clusters 6-11

See also HSRP

automatic upgrades (auto-upgrade) in switch stacks 5-11

auto-MDIX

configuring 12-21

described 12-21

autonegotiation

duplex mode 1-4

interface configuration guidelines 12-18

mismatches 49-12

autonomous system boundary routers

See ASBRs

autonomous systems, in BGP 38-49

Auto-QoS video devices 1-14

Auto-RP, described 46-6

autosensing, port speed 1-4

autostate exclude 12-5

auxiliary VLAN

See voice VLAN

availability, features 1-8

B

BackboneFast

described 20-7

disabling 20-17

enabling 20-17

support for 1-8

backup interfaces

See Flex Links

backup links 21-2

backup static routing, configuring 44-12

banners

configuring

login 7-19

message-of-the-day login 7-18

default configuration 7-17

when displayed 7-17

Berkeley r-tools replacement 9-57

BGP

aggregate addresses 38-61

aggregate routes, configuring 38-61

CIDR 38-61

clear commands 38-64

community filtering 38-58

configuring neighbors 38-59

default configuration 38-46

described 38-45

enabling 38-49

monitoring 38-64

multipath support 38-53

neighbors, types of 38-49

path selection 38-53

peers, configuring 38-59

prefix filtering 38-57

resetting sessions 38-52

route dampening 38-63

route maps 38-55

route reflectors 38-62

routing domain confederation 38-62

routing session with multi-VRF CE 38-85

show commands 38-64

supernets 38-61

support for 1-14

Version 4 38-46

binding cluster group and HSRP group 42-12

binding database

address, DHCP server

See DHCP, Cisco IOS server database

DHCP snooping

See DHCP snooping binding database

bindings

address, Cisco IOS DHCP server 22-7

DHCP snooping database 22-8

IP source guard 22-18

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets 25-8

Boolean expressions in tracked lists 44-4

booting

boot loader, function of 3-2

boot process 3-2

manually 3-21

specific image 3-22

boot loader

accessing 3-23

described 3-2

environment variables 3-23

prompt 3-23

trap-door mechanism 3-2

bootstrap router (BSR), described 46-7

Border Gateway Protocol

See BGP

BPDU

error-disabled state 20-3

filtering 20-3

RSTP format 19-13

BPDU filtering

described 20-3

disabling 20-15

enabling 20-15

support for 1-8

BPDU guard

described 20-2

disabling 20-14

enabling 20-14

support for 1-8

bridged packets, ACLs on 34-39

bridge groups

See fallback bridging

bridge protocol data unit

See BPDU

broadcast flooding 38-17

broadcast packets

directed 38-14

flooded 38-14

broadcast storm-control command 25-4

broadcast storms 25-2, 38-14

C

cables, monitoring for unidirectional links 28-1

candidate switch

automatic discovery 6-5

defined 6-4

requirements 6-4

See also command switch, cluster standby group, and member switch

Catalyst 3750G wireless LAN controller switch

accessing the controller A-6

displaying controller information A-7

features A-2

interaction with the controller A-3

internal port configuration A-4

internal port EtherChannel A-4

internal ports A-3

internal VLAN A-3

reconfiguring the internal ports A-5

switch stacks A-2

Catalyst 6000 switches

authentication compatibility 10-9

CA trustpoint

configuring 9-54

defined 9-51

CDP

and trusted boundary 35-44

automatic discovery in switch clusters 6-5

configuring 26-2

default configuration 26-2

defined with LLDP 27-1

described 26-1

disabling for routing device 26-4

enabling and disabling

on an interface 26-4

on a switch 26-4

Layer 2 protocol tunneling 17-8

monitoring 26-5

overview 26-1

power negotiation extensions 12-7

support for 1-6

switch stack considerations 26-2

transmission timer and holdtime, setting 26-3

updates 26-3

CEF

defined 38-91

distributed 38-91

enabling 38-91

IPv6 39-20

CGMP

as IGMP snooping learning method 24-9

clearing cached group entries 46-62

enabling server support 46-44

joining multicast group 24-3

overview 46-9

server support only 46-9

switch support of 1-4

CIDR 38-61

CipherSuites 9-52

Cisco 7960 IP Phone 15-1

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco intelligent power management 12-7

Cisco IOS DHCP server

See DHCP, Cisco IOS DHCP server

Cisco IOS File System

See IFS

Cisco IOS IP SLAs 43-1

Cisco Redundant Power System 2300

configuring 12-29

managing 12-29

Cisco Secure ACS

attribute-value pairs for downloadable ACLs 10-23

attribute-value pairs for redirect URL 10-22

Cisco Secure ACS configuration guide 10-64

CiscoWorks 2000 1-6, 32-5

CISP 10-34

CIST regional root

See MSTP

CIST root

See MSTP

civic location 27-3

classless interdomain routing

See CIDR

classless routing 38-8

class maps for QoS

configuring 35-51

described 35-8

displaying 35-85

class of service

See CoS

clearing interfaces 12-32

CLI

abbreviating commands 2-4

command modes 2-1

configuration logging 2-5

described 1-5

editing features

enabling and disabling 2-7

keystroke editing 2-8

wrapped lines 2-9

error messages 2-5

filtering command output 2-10

getting help 2-3

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

managing clusters 6-17

no and default forms of commands 2-4

Client Information Signalling Protocol

See CISP

client mode, VTP 14-3

client processes, tracking 44-1

CLNS

See ISO CLNS

clock

See system clock

clusters, switch

accessing 6-14

automatic discovery 6-5

automatic recovery 6-11

benefits 1-2

compatibility 6-5

described 6-1

LRE profile considerations 6-17

managing

through CLI 6-17

through SNMP 6-18

planning 6-5

planning considerations

automatic discovery 6-5

automatic recovery 6-11

CLI 6-17

host names 6-14

IP addresses 6-14

LRE profiles 6-17

passwords 6-14

RADIUS 6-17

SNMP 6-15, 6-18

switch stacks 6-15

TACACS+ 6-17

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

and HSRP group 42-12

automatic recovery 6-13

considerations 6-12

defined 6-2

requirements 6-3

virtual IP address 6-12

See also HSRP

CNS 1-6

Configuration Engine

configID, deviceID, hostname 4-3

configuration service 4-2

described 4-1

event service 4-3

embedded agents

described 4-5

enabling automated configuration 4-6

enabling configuration agent 4-9

enabling event agent 4-7

management functions 1-6

CoA Request Commands 9-23

Coarse Wave Division Multiplexer

See CWDM SFPs

command-line interface

See CLI

command modes 2-1

commands

abbreviating 2-4

no and default 2-4

commands, setting privilege levels 9-8

command switch

accessing 6-12

active (AC) 6-11

configuration conflicts 49-12

defined 6-2

passive (PC) 6-11

password privilege levels 6-18

priority 6-11

recovery

from command-switch failure 6-11, 49-8

from lost member connectivity 49-12

redundant 6-11

replacing

with another switch 49-11

with cluster member 49-9

requirements 6-3

standby (SC) 6-11

See also candidate switch, cluster standby group, member switch, and standby command switch

community list, BGP 38-58

community ports 16-2

community strings

configuring 6-15, 32-8

for cluster switches 32-5

in clusters 6-15

overview 32-4

SNMP 6-15

community VLANs 16-2, 16-3

compatibility, feature 25-13

compatibility, software

See stacks, switch

config.text 3-20

configurable leave timer, IGMP 24-6

configuration, initial

defaults 1-17

Express Setup 1-2

configuration changes, logging 31-11

configuration conflicts, recovering from lost member connectivity 49-12

configuration examples, network 1-20

configuration files

archiving C-21

clearing the startup configuration C-20

creating using a text editor C-11

default name 3-20

deleting a stored configuration C-20

described C-9

downloading

automatically 3-20

preparing C-11, C-14, C-17

reasons for C-9

using FTP C-14

using RCP C-18

using TFTP C-12

guidelines for creating and using C-10

guidelines for replacing and rolling back C-22

invalid combinations when copying C-5

limiting TFTP server access 32-17

obtaining with DHCP 3-10

password recovery disable considerations 9-5

replacing a running configuration C-20, C-21

rolling back a running configuration C-20, C-22

specifying the filename 3-20

system contact and location information 32-17

types and location C-10

uploading

preparing C-11, C-14, C-17

reasons for C-9

using FTP C-16

using RCP C-19

using TFTP C-13

configuration guidelines, multi-VRF CE 38-78

configuration logger 31-11

configuration logging 2-5

configuration replacement C-20

configuration rollback C-20, C-21

configuration settings, saving 3-17

configure terminal command 12-12

configuring 802.1x user distribution 10-60

configuring port-based authentication violation modes10-42to 10-43

configuring small-frame arrival rate 25-5

config-vlan mode 2-2

conflicts, configuration 49-12

connections, secure remote 9-46

connectivity problems 49-14, 49-16, 49-17

consistency checks in VTP Version 2 14-5

console port, connecting to 2-11

content-routing technology

See WCCP

control protocol, IP SLAs 43-4

corrupted software, recovery steps with Xmodem 49-2

CoS

in Layer 2 frames 35-2

override priority 15-7

trust priority 15-7

CoS input queue threshold map for QoS 35-17

CoS output queue threshold map for QoS 35-19

CoS-to-DSCP map for QoS 35-67

counters, clearing interface 12-32

CPU utilization, troubleshooting 49-26

crashinfo file 49-24

critical authentication, IEEE 802.1x 10-57

critical VLAN 10-25

cross-stack EtherChannel

configuration guidelines 36-13

configuring

on Layer 2 interfaces 36-13

on Layer 3 physical interfaces 36-16

described 36-3

illustration 36-4

support for 1-8

cross-stack UplinkFast, STP

described 20-5

disabling 20-17

enabling 20-17

fast-convergence events 20-7

Fast Uplink Transition Protocol 20-6

normal-convergence events 20-7

support for 1-8

cryptographic software image

Kerberos 9-40

SSH 9-45

SSL 9-50

switch stack considerations 5-2, 5-16, 9-46

customer edge devices 38-76

customjzeable web pages, web-based authentication 11-6

CWDM SFPs 1-29

D

DACL

See downloadable ACL

daylight saving time 7-13

dCEF, in the switch stack 38-91

debugging

enabling all system diagnostics 49-21

enabling for a specific feature 49-20

redirecting error message output 49-21

using commands 49-20

default commands 2-4

default configuration

802.1x 10-37

auto-QoS 35-22

banners 7-17

BGP 38-46

booting 3-20

CDP 26-2

DHCP 22-10

DHCP option 82 22-10

DHCP snooping 22-10

DHCP snooping binding database 22-10

DNS 7-16

dynamic ARP inspection 23-5

EIGRP 38-37

EtherChannel 36-11

Ethernet interfaces 12-16

fallback bridging 48-4

Flex Links 21-8

HSRP 42-5

IEEE 802.1Q tunneling 17-4

IGMP 46-39

IGMP filtering 24-26

IGMP snooping 24-7, 40-6

IGMP throttling 24-26

initial switch information 3-3

IP addressing, IP routing 38-6

IP multicast routing 46-11

IP SLAs 43-6

IP source guard 22-20

IPv6 39-11

IS-IS 38-67

Layer 2 interfaces 12-16

Layer 2 protocol tunneling 17-11

LLDP 27-5

MAC address table 7-21

MAC address-table move update 21-8

MSDP 47-4

MSTP 19-16

multi-VRF CE 38-78

MVR 24-21

NTP 7-4

optional spanning-tree configuration 20-12

OSPF 38-26

password and privilege level 9-3

PIM 46-11

private VLANs 16-7

RADIUS 9-27

RIP 38-20

RMON 30-3

RSPAN 29-11

SDM template 8-4

SNMP 32-7

SPAN 29-11

SSL 9-53

standard QoS 35-35

STP 18-13

switch stacks 5-19

system message logging 31-4

system name and prompt 7-15

TACACS+ 9-13

UDLD 28-4

VLAN, Layer 2 Ethernet interfaces 13-19

VLANs 13-7

VMPS 13-29

voice VLAN 15-3

VTP 14-8

WCCP 45-5

default gateway 3-17, 38-12

default networks 38-94

default router preference

See DRP

default routes 38-94

default routing 38-3

default web-based authentication configuration

802.1X 11-9

deleting VLANs 13-9

denial-of-service attack 25-2

description command 12-25

designing your network, examples 1-20

desktop template 5-9, 8-1

destination addresses

in IPv4 ACLs 34-12

in IPv6 ACLs 41-5

destination-IP address-based forwarding, EtherChannel 36-9

destination-MAC address forwarding, EtherChannel 36-9

detecting indirect link failures, STP 20-8

device C-25

device discovery protocol 26-1, 27-1

device manager

benefits 1-2

described 1-2, 1-5

in-band management 1-7

upgrading a switch C-25

DHCP

Cisco IOS server database

configuring 22-15

default configuration 22-10

described 22-7

DHCP for IPv6

See DHCPv6

enabling

relay agent 22-11

DHCP-based autoconfiguration

client request message exchange 3-4

configuring

client side 3-4

DNS 3-8

relay device 3-9

server side 3-7

TFTP server 3-8

example 3-11

lease options

for IP address information 3-7

for receiving the configuration file 3-7

overview 3-4

relationship to BOOTP 3-4

relay support 1-6, 1-15

support for 1-6

DHCP-based autoconfiguration and image update

configuring3-12to 3-16

understanding3-5to 3-6

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP object tracking, configuring primary interface 44-10

DHCP option 82

circuit ID suboption 22-5

configuration guidelines 22-10

default configuration 22-10

displaying 22-16

forwarding address, specifying 22-12

helper address 22-12

overview 22-4

packet format, suboption

circuit ID 22-5

remote ID 22-5

remote ID suboption 22-5

DHCP server port-based address allocation

configuration guidelines 22-29

default configuration 22-29

described 22-28

displaying 22-31

enabling 22-29

reserved addresses 22-29

DHCP server port-based address assignment

support for 1-6

DHCP snooping

accepting untrusted packets form edge switch 22-3, 22-13

and private VLANs 22-15

binding database

See DHCP snooping binding database

configuration guidelines 22-10

default configuration 22-10

displaying binding tables 22-16

message exchange process 22-4

option 82 data insertion 22-4

trusted interface 22-3

untrusted interface 22-3

untrusted messages 22-2

DHCP snooping binding database

adding bindings 22-15

binding file

format 22-8

location 22-8

bindings 22-8

clearing agent statistics 22-16

configuration guidelines 22-11

configuring 22-15

default configuration 22-10

deleting

binding file 22-16

bindings 22-16

database agent 22-16

described 22-8

displaying 22-16

binding entries 22-16

status and statistics 22-16

enabling 22-15

entry 22-8

renewing database 22-16

resetting

delay value 22-16

timeout value 22-16

DHCP snooping binding table

See DHCP snooping binding database

DHCPv6

configuration guidelines 39-16

default configuration 39-16

described 39-6

enabling client function 39-19

enabling DHCPv6 server function 39-17

support for 1-15

Differentiated Services architecture, QoS 35-2

Differentiated Services Code Point 35-2

Diffusing Update Algorithm (DUAL) 38-36

directed unicast requests 1-6

directories

changing C-4

creating and removing C-4

displaying the working C-4

discovery, clusters

See automatic discovery

Distance Vector Multicast Routing Protocol

See DVMRP

distance-vector protocols 38-3

distribute-list command 38-103

DNS

and DHCP-based autoconfiguration 3-8

default configuration 7-16

displaying the configuration 7-17

in IPv6 39-4

overview 7-15

setting up 7-16

support for 1-6

DNS-based SSM mapping 46-19, 46-21

domain names

DNS 7-15

VTP 14-9

Domain Name System

See DNS

domains, ISO IGRP routing 38-66

dot1q-tunnel switchport mode 13-17

double-tagged packets

IEEE 802.1Q tunneling 17-2

Layer 2 protocol tunneling 17-10

downloadable ACL 10-21, 10-23, 10-64

downloading

configuration files

preparing C-11, C-14, C-17

reasons for C-9

using FTP C-14

using RCP C-18

using TFTP C-12

image files

deleting old image C-29

preparing C-27, C-31, C-36

reasons for C-25

using CMS 1-2

using FTP C-32

using HTTP 1-2, C-25

using RCP C-37

using TFTP C-28

using the device manager or Network Assistant C-25

drop threshold for Layer 2 protocol packets 17-11

DRP

configuring 39-14

described 39-5

IPv6 39-5

support for 1-15

DSCP 1-13, 35-2

DSCP input queue threshold map for QoS 35-17

DSCP output queue threshold map for QoS 35-19

DSCP-to-CoS map for QoS 35-70

DSCP-to-DSCP-mutation map for QoS 35-71

DSCP transparency 35-45

DTP 1-9, 13-17

dual-action detection 36-6

DUAL finite state machine, EIGRP 38-36

dual IPv4 and IPv6 templates 8-2, 39-6

dual protocol stacks

IPv4 and IPv6 39-6

SDM templates supporting 39-6

DVMRP

autosummarization

configuring a summary address 46-58

disabling 46-60

connecting PIM domain to DVMRP router 46-51

enabling unicast routing 46-54

interoperability

with Cisco devices 46-49

with Cisco IOS software 46-9

mrinfo requests, responding to 46-53

neighbors

advertising the default route to 46-52

discovery with Probe messages 46-49

displaying information 46-53

prevent peering with nonpruning 46-56

rejecting nonpruning 46-55

overview 46-9

routes

adding a metric offset 46-60

advertising all 46-60

advertising the default route to neighbors 46-52

caching DVMRP routes learned in report messages 46-54

changing the threshold for syslog messages 46-57

deleting 46-62

displaying 46-62

favoring one over another 46-60

limiting the number injected into MBONE 46-57

limiting unicast route advertisements 46-49

routing table 46-9

source distribution tree, building 46-9

support for 1-15

tunnels

configuring 46-51

displaying neighbor information 46-53

dynamic access ports

characteristics 13-3

configuring 13-31

defined 12-3

dynamic addresses

See addresses

dynamic ARP inspection

ARP cache poisoning 23-1

ARP requests, described 23-1

ARP spoofing attack 23-1

clearing

log buffer 23-16

statistics 23-16

configuration guidelines 23-6

configuring

ACLs for non-DHCP environments 23-9

in DHCP environments 23-7

log buffer 23-13

rate limit for incoming ARP packets 23-4, 23-11

default configuration 23-5

denial-of-service attacks, preventing 23-11

described 23-1

DHCP snooping binding database 23-2

displaying

ARP ACLs 23-15

configuration and operating state 23-15

log buffer 23-16

statistics 23-16

trust state and rate limit 23-15

error-disabled state for exceeding rate limit 23-4

function of 23-2

interface trust states 23-3

log buffer

clearing 23-16

configuring 23-13

displaying 23-16

logging of dropped packets, described 23-5

man-in-the middle attack, described 23-2

network security issues and interface trust states 23-3

priority of ARP ACLs and DHCP snooping entries 23-4

rate limiting of ARP packets

configuring 23-11

described 23-4

error-disabled state 23-4

statistics

clearing 23-16

displaying 23-16

validation checks, performing 23-12

dynamic auto trunking mode 13-17

dynamic desirable trunking mode 13-17

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described 13-29

reconfirming 13-32

troubleshooting 13-33

types of connections 13-31

dynamic routing 38-3

ISO CLNS 38-65

Dynamic Trunking Protocol

See DTP

E

EBGP 38-44

editing features

enabling and disabling 2-7

keystrokes used 2-8

wrapped lines 2-9

EEM 3.2 33-5

EIGRP

authentication 38-41

components 38-36

configuring 38-40

default configuration 38-37

definition 38-36

interface parameters, configuring 38-41

monitoring 38-44

stub routing 38-42

elections

See stack master

ELIN location 27-3

embedded event manager

3.2 33-5

actions 33-4

configuring 33-1, 33-6

displaying information 33-7

environmental variables 33-5

event detectors 33-2

policies 33-4

registering and defining an applet 33-6

registering and defining a TCL script 33-7

understanding 33-1

enable password 9-4

enable secret password 9-4

encryption, CipherSuite 9-52

encryption for passwords 9-4

Enhanced IGRP

See EIGRP

enhanced object tracking

backup static routing 44-12

commands 44-1

defined 44-1

DHCP primary interface 44-10

HSRP 44-7

IP routing state 44-2

IP SLAs 44-9

line-protocol state 44-2

network monitoring with IP SLAs 44-11

routing policy, configuring 44-12

static route primary interface 44-10

tracked lists 44-3

enhanced object tracking static routing 44-10

environmental variables, embedded event manager 33-5

environment variables, function of 3-24

equal-cost routing 1-14, 38-92

error-disabled state, BPDU 20-3

error messages during command entry 2-5

EtherChannel

automatic creation of 36-5, 36-7

channel groups

binding physical and logical interfaces 36-4

numbering of 36-4

configuration guidelines 36-12

configuring

Layer 2 interfaces 36-13

Layer 3 physical interfaces 36-16

Layer 3 port-channel logical interfaces 36-15

default configuration 36-11

described 36-2

displaying status 36-23

forwarding methods 36-8, 36-18

IEEE 802.3ad, described 36-7

interaction

with STP 36-12

with VLANs 36-13

LACP

described 36-7

displaying status 36-23

hot-standby ports 36-20

interaction with other features 36-8

modes 36-7

port priority 36-22

system priority 36-21

Layer 3 interface 38-5

load balancing 36-8, 36-18

logical interfaces, described 36-4

PAgP

aggregate-port learners 36-19

compatibility with Catalyst 1900 36-19

described 36-5

displaying status 36-23

interaction with other features 36-7

interaction with virtual switches 36-6

learn method and priority configuration 36-19

modes 36-6

support for 1-4

with dual-action detection 36-6

port-channel interfaces

described 36-4

numbering of 36-4

port groups 12-6

stack changes, effects of 36-10

support for 1-4

EtherChannel guard

described 20-10

disabling 20-18

enabling 20-18

Ethernet VLANs

adding 13-8

defaults and ranges 13-8

modifying 13-8

EUI 39-4

event detectors, embedded event manager 33-2

events, RMON 30-4

examples

network configuration 1-20

expedite queue for QoS 35-84

Express Setup 1-2

See also getting started guide

extended crashinfo file 49-24

extended-range VLANs

configuration guidelines 13-11

configuring 13-11

creating 13-12

creating with an internal VLAN ID 13-13

defined 13-1

extended system ID

MSTP 19-19

STP 18-5, 18-16

extended universal identifier

See EUI

Extensible Authentication Protocol over LAN 10-1

external BGP

See EBGP

external neighbors, BGP 38-49

F

fa0 interface 1-7

failover support 1-8

fallback bridging

and protected ports 48-4

bridge groups

creating 48-4

described 48-2

displaying 48-11

function of 48-2

number supported 48-5

removing 48-5

bridge table

clearing 48-11

displaying 48-11

configuration guidelines 48-4

connecting interfaces with 12-10

default configuration 48-4

described 48-1

frame forwarding

flooding packets 48-2

forwarding packets 48-2

overview 48-1

protocol, unsupported 48-4

stack changes, effects of 48-3

STP

disabling on an interface 48-10

forward-delay interval 48-9

hello BPDU interval 48-9

interface priority 48-7

maximum-idle interval 48-10

path cost 48-7

VLAN-bridge spanning-tree priority 48-6

VLAN-bridge STP 48-2

support for 1-14

SVIs and routed ports 48-1

unsupported protocols 48-4

VLAN-bridge STP 18-11

Fast Convergence 21-3

Fast Uplink Transition Protocol 20-6

features, incompatible 25-13

FIB 38-91

fiber-optic, detecting unidirectional links 28-1

files

basic crashinfo

description 49-24

location 49-24

copying C-5

crashinfo, description 49-24

deleting C-6

displaying the contents of C-8

extended crashinfo

description 49-24

location 49-25

tar

creating C-6

displaying the contents of C-7

extracting C-8

image file format C-26

file system

displaying available file systems C-2

displaying file information C-3

local file system names C-1

network file system names C-5

setting the default C-3

filtering

in a VLAN 34-30

IPv6 traffic 41-4, 41-7

non-IP traffic 34-28

show and more command output 2-10

filtering show and more command output 2-10

filters, IP

See ACLs, IP

flash device, number of C-1

flexible authentication ordering

configuring 10-67

overview 10-32

Flex Link Multicast Fast Convergence 21-3

Flex Links

configuration guidelines 21-8

configuring 21-9, 21-10

configuring preferred VLAN 21-12

configuring VLAN load balancing 21-11

default configuration 21-8

description 21-1

link load balancing 21-3

monitoring 21-14

VLANs 21-3

flooded traffic, blocking 25-8

flow-based packet classification 1-13

flowcharts

QoS classification 35-7

QoS egress queueing and scheduling 35-18

QoS ingress queueing and scheduling 35-16

QoS policing and marking 35-11

flowcontrol

configuring 12-20

described 12-20

forward-delay time

MSTP 19-25

STP 18-23

Forwarding Information Base

See FIB

forwarding nonroutable protocols 48-1

FTP

accessing MIB files B-4

configuration files

downloading C-14

overview C-13

preparing the server C-14

uploading C-16

image files

deleting old image C-34

downloading C-32

preparing the server C-31

uploading C-35

G

general query 21-5

Generating IGMP Reports 21-4

get-bulk-request operation 32-4

get-next-request operation 32-4, 32-5

get-request operation 32-4, 32-5

get-response operation 32-4

Gigabit modules

See SFPs

global configuration mode 2-2

global leave, IGMP 24-13

guest VLAN and 802.1x 10-23

guide mode 1-2

GUIs

See device manager and Network Assistant

H

hardware limitations and Layer 3 interfaces 12-26

hello time

MSTP 19-25

STP 18-22

help, for the command line 2-3

HFTM space 49-25

hierarchical policy maps 35-9

configuration guidelines 35-38

configuring 35-57

described 35-12

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

history table, level and number of syslog messages 31-10

host names, in clusters 6-14

host ports

configuring 16-12

kinds of 16-2

hosts, limit on dynamic ports 13-33

Hot Standby Router Protocol

See HSRP

HP OpenView 1-6

HQATM space 49-25

HSRP

authentication string 42-10

automatic cluster recovery 6-13

binding to cluster group 42-12

cluster standby group considerations 6-12

command-switch redundancy 1-1, 1-8

configuring 42-5

default configuration 42-5

definition 42-1

guidelines 42-6

monitoring 42-13

object tracking 44-7

overview 42-1

priority 42-8

routing redundancy 1-14

support for ICMP redirect messages 42-12

switch stack considerations 42-5

timers 42-10

tracking 42-8

See also clusters, cluster standby group, and standby command switch

HSRP for IPv6

configuring 39-26

guidelines 39-25

HTTP over SSL

see HTTPS

HTTPS 9-51

configuring 9-55

self-signed certificate 9-51

HTTP secure server 9-51

Hulc Forwarding TCAM Manager

See HFTM space

Hulc QoS/ACL TCAM Manager

See HQATM space

I

IBPG 38-44

ICMP

IPv6 39-4

redirect messages 38-12

support for 1-14

time-exceeded messages 49-18

traceroute and 49-18

unreachable messages 34-21

unreachable messages and IPv6 41-4

unreachables and ACLs 34-22

ICMP Echo operation

configuring 43-12

IP SLAs 43-12

ICMP ping

executing 49-15

overview 49-14

ICMP Router Discovery Protocol

See IRDP

ICMPv6 39-4

IDS appliances

and ingress RSPAN 29-22

and ingress SPAN 29-15

IEEE 802.1D

See STP

IEEE 802.1p 15-1

IEEE 802.1Q

and trunk ports 12-3

configuration limitations 13-18

encapsulation 13-16

native VLAN for untagged traffic 13-24

tunneling

compatibility with other features 17-6

defaults 17-4

described 17-1

tunnel ports with other features 17-6

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3af

See PoE

IEEE 802.3x flow control 12-20

ifIndex values, SNMP 32-6

IFS 1-6

IGMP

configurable leave timer

described 24-6

enabling 24-12

configuring the switch

as a member of a group 46-39

statically connected member 46-43

controlling access to groups 46-40

default configuration 46-39

deleting cache entries 46-62

displaying groups 46-62

fast switching 46-44

flooded multicast traffic

controlling the length of time 24-13

disabling on an interface 24-14

global leave 24-13

query solicitation 24-13

recovering from flood mode 24-13

host-query interval, modifying 46-41

joining multicast group 24-3

join messages 24-3

leave processing, enabling 24-11, 40-9

leaving multicast group 24-5

multicast reachability 46-39

overview 46-3

queries 24-4

report suppression

described 24-6

disabling 24-16, 40-11

supported versions 24-3

support for 1-4

Version 1

changing to Version 2 46-41

described 46-3

Version 2

changing to Version 1 46-41

described 46-3

maximum query response time value 46-43

pruning groups 46-43

query timeout value 46-42

IGMP filtering

configuring 24-26

default configuration 24-26

described 24-25

monitoring 24-30

support for 1-5

IGMP groups

configuring filtering 24-29

setting the maximum number 24-28

IGMP helper 1-4, 46-6

IGMP Immediate Leave

configuration guidelines 24-12

described 24-6

enabling 24-11

IGMP profile

applying 24-27

configuration mode 24-26

configuring 24-27

IGMP snooping

and address aliasing 24-2

and stack changes 24-7

configuring 24-7

default configuration 24-7, 40-6

definition 24-2

enabling and disabling 24-8, 40-7

global configuration 24-8

Immediate Leave 24-6

in the switch stack 24-7

method 24-9

monitoring 24-17, 40-12

querier

configuration guidelines 24-15

configuring 24-15

supported versions 24-3

support for 1-4

VLAN configuration 24-8

IGMP throttling

configuring 24-29

default configuration 24-26

described 24-25

displaying action 24-30

IGP 38-25

Immediate Leave, IGMP 24-6

enabling 40-9

inaccessible authentication bypass 10-25

support for multiauth ports 10-26

initial configuration

defaults 1-17

Express Setup 1-2

integrated wireless LAN controller switch

see 3750G integrated wireless LAN controller switch

interface

number 12-11

range macros 12-14

interface command12-11to 12-12

interface configuration mode 2-3

interfaces

auto-MDIX, configuring 12-21

configuration guidelines

10-Gigabit Ethernet 12-17

duplex and speed 12-18

configuring

procedure 12-12

counters, clearing 12-32

default configuration 12-16

described 12-25

descriptive name, adding 12-25

displaying information about 12-31

flow control 12-20

management 1-5

monitoring 12-31

naming 12-25

physical, identifying 12-11

range of 12-13

restarting 12-33

shutting down 12-33

speed and duplex, configuring 12-19

status 12-31

supported 12-11

types of 12-1

interfaces range macro command 12-14

interface types 12-11

Interior Gateway Protocol

See IGP

internal BGP

See IBGP

internal neighbors, BGP 38-49

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

Internet Protocol version 6

See IPv6

Inter-Switch Link

See ISL

inter-VLAN routing 1-14, 38-2

Intrusion Detection System

See IDS appliances

inventory management TLV 27-3, 27-8

IP ACLs

for QoS classification 35-8

implicit deny 34-10, 34-15

implicit masks 34-10

named 34-15

undefined 34-21

IP addresses

128-bit 39-2

candidate or member 6-4, 6-14

classes of 38-7

cluster access 6-2

command switch 6-3, 6-12, 6-14

default configuration 38-6

discovering 7-31

for IP routing 38-6

IPv6 39-2

MAC address association 38-9

monitoring 38-18

redundant clusters 6-12

standby command switch 6-12, 6-14

See also IP information

IP base image 1-1

IP broadcast address 38-16

ip cef distributed command 38-91

IP directed broadcasts 38-15

ip igmp profile command 24-26

IP information

assigned

manually 3-16

through DHCP-based autoconfiguration 3-4

default configuration 3-3

IP multicast routing

addresses

all-hosts 46-3

all-multicast-routers 46-3

host group address range 46-3

administratively-scoped boundaries, described 46-47

and IGMP snooping 24-2

Auto-RP

adding to an existing sparse-mode cloud 46-26

benefits of 46-26

clearing the cache 46-62

configuration guidelines 46-12

filtering incoming RP announcement messages 46-29

overview 46-6

preventing candidate RP spoofing 46-29

preventing join messages to false RPs 46-28

setting up in a new internetwork 46-26

using with BSR 46-34

bootstrap router

configuration guidelines 46-12

configuring candidate BSRs 46-32

configuring candidate RPs 46-33

defining the IP multicast boundary 46-31

defining the PIM domain border 46-30

overview 46-7

using with Auto-RP 46-34

Cisco implementation 46-2

configuring

basic multicast routing 46-12

IP multicast boundary 46-47

default configuration 46-11

enabling

multicast forwarding 46-13

PIM mode 46-13

group-to-RP mappings

Auto-RP 46-6

BSR 46-7

MBONE

deleting sdr cache entries 46-62

described 46-45

displaying sdr cache 46-63

enabling sdr listener support 46-46

limiting DVMRP routes advertised 46-57

limiting sdr cache entry lifetime 46-46

SAP packets for conference session announcement 46-46

Session Directory (sdr) tool, described 46-45

monitoring

packet rate loss 46-63

peering devices 46-63

tracing a path 46-63

multicast forwarding, described 46-8

PIMv1 and PIMv2 interoperability 46-11

protocol interaction 46-2

reverse path check (RPF) 46-8

routing table

deleting 46-62

displaying 46-63

RP

assigning manually 46-24

configuring Auto-RP 46-26

configuring PIMv2 BSR 46-30

monitoring mapping information 46-34

using Auto-RP and BSR 46-34

stacking

stack master functions 46-10

stack member functions 46-10

statistics, displaying system and network 46-62

See also CGMP

See also DVMRP

See also IGMP

See also PIM

IP phones

and QoS 15-1

automatic classification and queueing 35-21

configuring 15-5

ensuring port security with QoS 35-43

trusted boundary for QoS 35-43

IP Port Security for Static Hosts

on a Layer 2 access port 22-22

on a PVLAN host port 22-26

IP precedence 35-2

IP-precedence-to-DSCP map for QoS 35-68

IP protocols

in ACLs 34-12

routing 1-14

IP routes, monitoring 38-106

IP routing

connecting interfaces with 12-10

disabling 38-19

enabling 38-19

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 43-1

IP services image 1-1

IP SLAs

benefits 43-2

configuration guidelines 43-6

configuring object tracking 44-9

Control Protocol 43-4

default configuration 43-6

definition 43-1

ICMP echo operation 43-12

measuring network performance 43-3

monitoring 43-14

multioperations scheduling 43-5

object tracking 44-9

operation 43-3

reachability tracking 44-9

responder

described 43-4

enabling 43-8

response time 43-4

scheduling 43-5

SNMP support 43-2

supported metrics 43-2

threshold monitoring 43-6

track object monitoring agent, configuring 44-11

track state 44-9

UDP jitter operation 43-9

IP source guard

and 802.1x 22-20

and DHCP snooping 22-18

and EtherChannels 22-20

and port security 22-20

and private VLANs 22-20

and routed ports 22-20

and TCAM entries 22-21

and trunk interfaces 22-20

and VRF 22-20

binding configuration

automatic 22-18

manual 22-18

binding table 22-18

configuration guidelines 22-20

default configuration 22-20

described 22-18

disabling 22-22

displaying

active IP or MAC bindings 22-28

bindings 22-28

configuration 22-28

enabling 22-21, 22-22

filtering

source IP address 22-18

source IP and MAC address 22-18

on provisioned switches 22-21

source IP address filtering 22-18

source IP and MAC address filtering 22-18

static bindings

adding 22-21, 22-22

deleting 22-22

static hosts 22-22

IP traceroute

executing 49-18

overview 49-17

IP unicast routing

address resolution 38-9

administrative distances 38-93, 38-103

ARP 38-10

assigning IP addresses to Layer 3 interfaces 38-7

authentication keys 38-104

broadcast

address 38-16

flooding 38-17

packets 38-14

storms 38-14

classless routing 38-8

configuring static routes 38-92

default

addressing configuration 38-6

gateways 38-12

networks 38-94

routes 38-94

routing 38-3

directed broadcasts 38-15

disabling 38-19

dynamic routing 38-3

enabling 38-19

EtherChannel Layer 3 interface 38-5

IGP 38-25

inter-VLAN 38-2

IP addressing

classes 38-7

configuring 38-6

IPv6 39-3

IRDP 38-13

Layer 3 interfaces 38-5

MAC address and IP address 38-9

passive interfaces 38-102

protocols

distance-vector 38-3

dynamic 38-3

link-state 38-3

proxy ARP 38-10

redistribution 38-94

reverse address resolution 38-9

routed ports 38-5

static routing 38-3

steps to configure 38-5

subnet mask 38-7

subnet zero 38-7

supernet 38-8

UDP 38-16

with SVIs 38-5

See also BGP

See also EIGRP

See also OSPF

See also RIP

IPv4 ACLs

applying to interfaces 34-20

extended, creating 34-11

named 34-15

standard, creating 34-10

IPv4 and IPv6

dual protocol stacks 39-5

IPv6

ACLs

displaying 41-8

limitations 41-3

matching criteria 41-3

port 41-1

precedence 41-2

router 41-1

supported 41-2

addresses 39-2

address formats 39-2

and switch stacks 39-9

applications 39-5

assigning address 39-12

autoconfiguration 39-5

CEFv6 39-20

configuring static routes 39-21

default configuration 39-11

default router preference (DRP) 39-5

defined 39-2

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 39-7

EIGRP IPv6 Commands 39-7

Router ID 39-7

feature limitations 39-9

features not supported 39-8

forwarding 39-12

ICMP 39-4

monitoring 39-28

neighbor discovery 39-4

OSPF 39-7

path MTU discovery 39-4

SDM templates 8-2, 40-1, 41-1

stack master functions 39-10

Stateless Autoconfiguration 39-5

supported features 39-3

switch limitations 39-9

understanding static routes 39-6

IPv6 traffic, filtering 41-4

IRDP

configuring 38-13

definition 38-13

support for 1-14

IS-IS

addresses 38-66

area routing 38-66

default configuration 38-67

monitoring 38-75

show commands 38-75

system routing 38-66

ISL

and IPv6 39-3

and trunk ports 12-3

encapsulation 1-9, 13-16

trunking with IEEE 802.1 tunneling 17-5

ISO CLNS

clear commands 38-75

dynamic routing protocols 38-65

monitoring 38-75

NETs 38-65

NSAPs 38-65

OSI standard 38-65

ISO IGRP

area routing 38-66

system routing 38-66

isolated port 16-2

isolated VLANs 16-2, 16-3

J

join messages, IGMP 24-3

K

KDC

described 9-41

See also Kerberos

Kerberos

authenticating to

boundary switch 9-43

KDC 9-43

network services 9-44

configuration examples 9-40

configuring 9-44

credentials 9-41

cryptographic software image 9-40

described 9-41

KDC 9-41

operation 9-43

realm 9-42

server 9-42

support for 1-12

switch as trusted third party 9-40

terms 9-41

TGT 9-42

tickets 9-41

key distribution center

See KDC

L

l2protocol-tunnel command 17-13

LACP

Layer 2 protocol tunneling 17-9

See EtherChannel

Layer 2 frames, classification with CoS 35-2

Layer 2 interfaces, default configuration 12-16

Layer 2 protocol tunneling

configuring 17-10

configuring for EtherChannels 17-14

default configuration 17-11

defined 17-8

guidelines 17-12

Layer 2 traceroute

and ARP 49-17

and CDP 49-16

broadcast traffic 49-16

described 49-16

IP addresses and subnets 49-17

MAC addresses and VLANs 49-16

multicast traffic 49-16

multiple devices on a port 49-17

unicast traffic 49-16

usage guidelines 49-16

Layer 3 features 1-14

Layer 3 interfaces

assigning IP addresses to 38-7

assigning IPv4 and IPv6 addresses to 39-15

assigning IPv6 addresses to 39-12

changing from Layer 2 mode 38-7, 38-83

types of 38-5

Layer 3 packets, classification methods 35-2

LDAP 4-2

Leaking IGMP Reports 21-4

LEDs, switch

See hardware installation guide

lightweight directory access protocol

See LDAP

line configuration mode 2-3

Link Aggregation Control Protocol

See EtherChannel

link failure, detecting unidirectional 19-8

Link Layer Discovery Protocol

See CDP

link local unicast addresses 39-4

link redundancy

See Flex Links

links, unidirectional 28-1

link state advertisements (LSAs) 38-31

link-state protocols 38-3

link-state tracking

configuring 36-25

described 36-23

LLDP

configuring 27-5

characteristics 27-7

default configuration 27-5

enabling 27-6

monitoring and maintaining 27-12

overview 27-1

supported TLVs 27-2

switch stack considerations 27-2

transmission timer and holdtime, setting 27-7

LLDP-MED

configuring

procedures 27-5

TLVs 27-8

monitoring and maintaining 27-12

overview 27-1, 27-2

supported TLVs 27-2

LLDP Media Endpoint Discovery

See LLDP-MED

load balancing 42-4

local SPAN 29-2

location TLV 27-3, 27-8

logging messages, ACL 34-9

login authentication

with RADIUS 9-30

with TACACS+ 9-14

login banners 7-17

log messages

See system message logging

Long-Reach Ethernet (LRE) technology 1-21, 1-28

loop guard

described 20-11

enabling 20-19

support for 1-8

LRE profiles, considerations in switch clusters 6-17

M

MAB

See MAC authentication bypass

MAB aging timer 1-10

MAB inactivity timer

default setting 10-37

range 10-40

MAC/PHY configuration status TLV 27-2

MAC addresses

aging time 7-21

and VLAN association 7-20

building the address table 7-20

default configuration 7-21

disabling learning on a VLAN 7-30

discovering 7-31

displaying 7-31

displaying in the IP source binding table 22-28

dynamic

learning 7-20

removing 7-22

in ACLs 34-28

IP address association 38-9

static

adding 7-28

allowing 7-29, 7-30

characteristics of 7-27

dropping 7-29

removing 7-28

MAC address learning 1-6

MAC address learning, disabling on a VLAN 7-30

MAC address notification, support for 1-16

MAC address-table move update

configuration guidelines 21-8

configuring 21-12

default configuration 21-8

description 21-6

monitoring 21-14

MAC address-to-VLAN mapping 13-28

MAC authentication bypass 10-40

configuring 10-60

overview 10-18

See MAB

MAC extended access lists

applying to Layer 2 interfaces 34-29

configuring for QoS 35-50

creating 34-28

defined 34-28

for QoS classification 35-6

magic packet 10-29

manageability features 1-6

management access

in-band

browser session 1-7

CLI session 1-7

device manager 1-7

SNMP 1-7

out-of-band console port connection 1-7

management address TLV 27-2

management options

CLI 2-1

clustering 1-3

CNS 4-1

Network Assistant 1-2

overview 1-5

management VLAN

considerations in switch clusters 6-8

discovery through different management VLANs 6-8

mapping tables for QoS

configuring

CoS-to-DSCP 35-67

DSCP 35-67

DSCP-to-CoS 35-70

DSCP-to-DSCP-mutation 35-71

IP-precedence-to-DSCP 35-68

policed-DSCP 35-69

described 35-13

marking

action with aggregate policers 35-64

described 35-4, 35-9

matching

IPv6 ACLs 41-3

matching, IPv4 ACLs 34-8

maximum aging time

MSTP 19-26

STP 18-23

maximum hop count, MSTP 19-26

maximum number of allowed devices, port-based authentication 10-40

maximum-paths command 38-53, 38-92

MDA

configuration guidelines10-13to 10-14

described 1-11, 10-13

exceptions with authentication process 10-6

membership mode, VLAN port 13-3

member switch

automatic discovery 6-5

defined 6-2

managing 6-17

passwords 6-14

recovering from lost connectivity 49-12

requirements 6-4

See also candidate switch, cluster standby group, and standby command switch

memory consistency check errors

displaying 49-25

example 49-25

memory consistency check routines 1-5, 49-25

memory consistency integrity 1-5, 49-25

messages, to users through banners 7-17

metrics, in BGP 38-53

metric translations, between routing protocols 38-98

metro tags 17-2

MHSRP 42-4

MIBs

accessing files with FTP B-4

location of files B-4

overview 32-1

SNMP interaction with 32-5

supported B-1

mini-point-of-presence

See POP

mirroring traffic for analysis 29-1

mismatches, autonegotiation 49-12

module number 12-11

monitoring

access groups 34-42

BGP 38-64

cables for unidirectional links 28-1

CDP 26-5

CEF 38-91

EIGRP 38-44

fallback bridging 48-11

features 1-15

Flex Links 21-14

HSRP 42-13

IEEE 802.1Q tunneling 17-18

IGMP

filters 24-30

snooping 24-17, 40-12

interfaces 12-31

IP

address tables 38-18

multicast routing 46-61

routes 38-106

IP SLAs operations 43-14

IPv4 ACL configuration 34-42

IPv6 39-28

IPv6 ACL configuration 41-8

IS-IS 38-75

ISO CLNS 38-75

Layer 2 protocol tunneling 17-18

MAC address-table move update 21-14

MSDP peers 47-18

multicast router interfaces 24-17, 40-12

multi-VRF CE 38-90

MVR 24-24

network traffic for analysis with probe 29-2

object tracking 44-13

OSPF 38-35

port

blocking 25-20

protection 25-20

private VLANs 16-15

RP mapping information 46-34

SFP status 12-32, 49-14

source-active messages 47-18

speed and duplex mode 12-19

SSM mapping 46-22

traffic flowing among switches 30-2

traffic suppression 25-20

tunneling 17-18

VLAN

filters 34-42

maps 34-42

VLANs 13-15

VMPS 13-33

VTP 14-17

mrouter Port 21-3

mrouter port 21-5

MSDP

benefits of 47-3

clearing MSDP connections and statistics 47-18

controlling source information

forwarded by switch 47-11

originated by switch 47-8

received by switch 47-13

default configuration 47-4

dense-mode regions

sending SA messages to 47-16

specifying the originating address 47-17

filtering

incoming SA messages 47-14

SA messages to a peer 47-12

SA requests from a peer 47-10

join latency, defined 47-6

meshed groups

configuring 47-15

defined 47-15

originating address, changing 47-17

overview 47-1

peer-RPF flooding 47-2

peers

configuring a default 47-4

monitoring 47-18

peering relationship, overview 47-1

requesting source information from 47-8

shutting down 47-15

source-active messages

caching 47-6

clearing cache entries 47-18

defined 47-2

filtering from a peer 47-10

filtering incoming 47-14

filtering to a peer 47-12

limiting data with TTL 47-13

monitoring 47-18

restricting advertised sources 47-9

support for 1-15

MSTP

boundary ports

configuration guidelines 19-17

described 19-6

BPDU filtering

described 20-3

enabling 20-15

BPDU guard

described 20-2

enabling 20-14

CIST, described 19-3

CIST regional root 19-3

CIST root 19-5

configuration guidelines 19-16, 20-12

configuring

forward-delay time 19-25

hello time 19-25

link type for rapid convergence 19-27

maximum aging time 19-26

maximum hop count 19-26

MST region 19-17

neighbor type 19-27

path cost 19-23

port priority 19-21

root switch 19-19

secondary root switch 19-20

switch priority 19-24

CST

defined 19-3

operations between regions 19-4

default configuration 19-16

default optional feature configuration 20-12

displaying status 19-28

enabling the mode 19-17

EtherChannel guard

described 20-10

enabling 20-18

extended system ID

effects on root switch 19-19

effects on secondary root switch 19-20

unexpected behavior 19-19

IEEE 802.1s

implementation 19-7

port role naming change 19-7

terminology 19-5

instances supported 18-10

interface state, blocking to forwarding 20-2

interoperability and compatibility among modes 18-11

interoperability with IEEE 802.1D

described 19-9

restarting migration process 19-28

IST

defined 19-3

master 19-3

operations within a region 19-3

loop guard

described 20-11

enabling 20-19

mapping VLANs to MST instance 19-18

MST region

CIST 19-3

configuring 19-17

described 19-2

hop-count mechanism 19-6

IST 19-3

supported spanning-tree instances 19-2

optional features supported 1-8

overview 19-2

Port Fast

described 20-2

enabling 20-13

preventing root switch selection 20-10

root guard

described 20-10

enabling 20-18

root switch

configuring 19-19

effects of extended system ID 19-19

unexpected behavior 19-19

shutdown Port Fast-enabled port 20-2

stack changes, effects of 19-9

status, displaying 19-28

multiauth

support for inaccessible authentication bypass 10-26

multiauth mode

See multiple-authentication mode

multicast groups

Immediate Leave 24-6

joining 24-3

leaving 24-5

static joins 24-11, 40-8

multicast packets

ACLs on 34-41

blocking 25-8

multicast router interfaces, monitoring 24-17, 40-12

multicast router ports, adding 24-10, 40-8

Multicast Source Discovery Protocol

See MSDP

multicast storm 25-2

multicast storm-control command 25-4

multicast television application 24-19

multicast VLAN 24-18

Multicast VLAN Registration

See MVR

multidomain authentication

See MDA

multioperations scheduling, IP SLAs 43-5

multiple authentication 10-14

multiple authentication mode

configuring 10-46

Multiple HSRP

See MHSRP

multiple VPN routing/forwarding in customer edge devices

See multi-VRF CE

multi-VRF CE

configuration example 38-86

configuration guidelines 38-78

configuring 38-78

default configuration 38-78

defined 38-76

displaying 38-90

monitoring 38-90

network components 38-78

packet-forwarding process 38-77

support for 1-14

MVR

and address aliasing 24-21

and IGMPv3 24-21

configuration guidelines 24-21

configuring interfaces 24-23

default configuration 24-21

described 24-18

example application 24-19

in the switch stack 24-20

modes 24-22

monitoring 24-24

multicast television application 24-19

setting global parameters 24-21

support for 1-5

N

NAC

AAA down policy 1-12

critical authentication 10-25, 10-57

IEEE 802.1x authentication using a RADIUS server 10-62

IEEE 802.1x validation using RADIUS server 10-62

inaccessible authentication bypass 1-12, 10-57

Layer 2 IEEE 802.1x validation 1-11, 10-32, 10-62

Layer 2 IP validation 1-12

named IPv4 ACLs 34-15

NameSpace Mapper

See NSM

native VLAN

and IEEE 802.1Q tunneling 17-4

configuring 13-24

default 13-24

NEAT

configuring 10-63

overview 10-33

neighbor discovery, IPv6 39-4

neighbor discovery/recovery, EIGRP 38-36

neighbors, BGP 38-59

Network Admission Control

NAC

Network Assistant

benefits 1-2

described 1-5

downloading image files 1-2

guide mode 1-2

management options 1-2

managing switch stacks 5-2, 5-15

upgrading a switch C-25

wizards 1-2

network configuration examples

cost-effective wiring closet 1-22

high-performance wiring closet 1-22

increasing network performance 1-20

large network 1-26

long-distance, high-bandwidth transport 1-29

multidwelling network 1-28

providing network services 1-20

redundant Gigabit backbone 1-23

server aggregation and Linux server cluster 1-23

small to medium-sized network 1-25

network design

performance 1-20

services 1-20

Network Edge Access Topology

See NEAT

network management

CDP 26-1

RMON 30-1

SNMP 32-1

network performance, measuring with IP SLAs 43-3

network policy TLV 27-2, 27-8

Network Time Protocol

See NTP

no commands 2-4

nonhierarchical policy maps

configuration guidelines 35-38

described 35-10

non-IP traffic filtering 34-28

nontrunking mode 13-17

normal-range VLANs 13-4

configuration guidelines 13-6

configuring 13-4

defined 13-1

no switchport command 12-4

not-so-stubby areas

See NSSA

NSAPs, as ISO IGRP addresses 38-66

NSF Awareness

IS-IS 38-68

NSM 4-3

NSSA, OSPF 38-31

NTP

associations

authenticating 7-5

defined 7-2

enabling broadcast messages 7-7

peer 7-6

server 7-6

default configuration 7-4

displaying the configuration 7-11

overview 7-2

restricting access

creating an access group 7-9

disabling NTP services per interface 7-10

source IP address, configuring 7-10

stratum 7-2

support for 1-6

synchronizing devices 7-6

time

services 7-2

synchronizing 7-2

O

object tracking

HSRP 44-7

IP SLAs 44-9

IP SLAs, configuring 44-9

monitoring 44-13

offline configuration for switch stacks 5-7

off mode, VTP 14-3

online diagnostics

overview 50-1

running tests 50-3

understanding 50-1

open1x

configuring 10-68

open1x authentication

overview 10-32

Open Shortest Path First

See OSPF

optimizing system resources 8-1

options, management 1-5

OSPF

area parameters, configuring 38-31

configuring 38-29

default configuration

metrics 38-33

route 38-32

settings 38-26

described 38-25

for IPv6 39-7

interface parameters, configuring 38-30

LSA group pacing 38-34

monitoring 38-35

router IDs 38-34

route summarization 38-32

support for 1-14

virtual links 38-32

out-of-profile markdown 1-13

P

packet modification, with QoS 35-20

PAgP

Layer 2 protocol tunneling 17-9

See EtherChannel

parallel paths, in routing tables 38-92

passive interfaces

configuring 38-102

OSPF 38-33

passwords

default configuration 9-3

disabling recovery of 9-5

encrypting 9-4

for security 1-10

in clusters 6-14

overview 9-1

recovery of 49-3

setting

enable 9-3

enable secret 9-4

Telnet 9-6

with usernames 9-7

VTP domain 14-9

path cost

MSTP 19-23

STP 18-20

path MTU discovery 39-4

PBR

defined 38-98

enabling 38-100

fast-switched policy-based routing 38-101

local policy-based routing 38-101

PC (passive command switch) 6-11

peers, BGP 38-59

percentage thresholds in tracked lists 44-6

performance, network design 1-20

performance features 1-4

persistent self-signed certificate 9-51

per-user ACLs and Filter-Ids 10-9

per-VLAN spanning-tree plus

See PVST+

PE to CE routing, configuring 38-85

physical ports 12-2

PIM

default configuration 46-11

dense mode

overview 46-4

rendezvous point (RP), described 46-5

RPF lookups 46-8

displaying neighbors 46-63

enabling a mode 46-13

overview 46-4

router-query message interval, modifying 46-37

shared tree and source tree, overview 46-35

shortest path tree, delaying the use of 46-36

sparse mode

join messages and shared tree 46-5

overview 46-5

prune messages 46-5

RPF lookups 46-9

stub routing

configuration guidelines 46-23

displaying 46-63

enabling 46-23

overview 46-5

support for 1-15

versions

interoperability 46-11

troubleshooting interoperability problems 46-35

v2 improvements 46-4

PIM-DVMRP, as snooping method 24-9

ping

character output description 49-15

executing 49-15

overview 49-14

PoE

auto mode 12-9

CDP with power consumption, described 12-7

CDP with power negotiation, described 12-7

Cisco intelligent power management 12-7

configuring 12-22

devices supported 12-7

high-power devices operating in low-power mode 12-7

IEEE power classification levels 12-8

power budgeting 12-23

power consumption 12-23

powered-device detection and initial power allocation 12-8

power management modes 12-9

power negotiation extensions to CDP 12-7

standards supported 12-7

static mode 12-9

troubleshooting 49-13

policed-DSCP map for QoS 35-69

policers

configuring

for each matched traffic class 35-53

for more than one traffic class 35-64

described 35-4

displaying 35-85

number of 35-39

types of 35-10

policing

described 35-4

hierarchical

See hierarchical policy maps

token-bucket algorithm 35-10

policy-based routing

See PBR

policy maps for QoS

characteristics of 35-53

described 35-8

displaying 35-86

hierarchical 35-9

hierarchical on SVIs

configuration guidelines 35-38

configuring 35-57

described 35-12

nonhierarchical on physical ports

configuration guidelines 35-38

described 35-10

POP 1-28

port ACLs

defined 34-2

types of 34-3

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting 10-17

authentication server

defined 10-3, 11-2

RADIUS server 10-3

client, defined 10-3, 11-2

configuration guidelines 10-38, 11-9

configuring

802.1x authentication 10-43

guest VLAN 10-54

host mode 10-46

inaccessible authentication bypass 10-57

manual re-authentication of a client 10-48

periodic re-authentication 10-47

quiet period 10-49

RADIUS server 10-46, 11-13

RADIUS server parameters on the switch 10-45, 11-11

restricted VLAN 10-55

switch-to-client frame-retransmission number 10-50, 10-51

switch-to-client retransmission time 10-49

violation modes10-42to 10-43

default configuration 10-37, 11-9

described 10-1

device roles 10-3, 11-2

displaying statistics 10-70, 11-17

downloadable ACLs and redirect URLs

configuring10-64to10-66, ??to 10-67

overview10-21to 10-23

EAPOL-start frame 10-6

EAP-request/identity frame 10-6

EAP-response/identity frame 10-6

enabling

802.1X authentication 11-11

encapsulation 10-3

flexible authentication ordering

configuring 10-67

overview 10-32

guest VLAN

configuration guidelines 10-24, 10-25

described 10-23

host mode 10-13

inaccessible authentication bypass

configuring 10-57

described 10-25

guidelines 10-39

initiation and message exchange 10-6

magic packet 10-29

maximum number of allowed devices per port 10-40

method lists 10-43

multiple authentication 10-14

per-user ACLs

AAA authorization 10-43

configuration tasks 10-21

described 10-20

RADIUS server attributes 10-20

ports

authorization state and dot1x port-control command 10-11

authorized and unauthorized 10-11

voice VLAN 10-27

port security

and voice VLAN 10-28

described 10-28

interactions 10-28

multiple-hosts mode 10-13

readiness check

configuring 10-40

described 10-18, 10-40

resetting to default values 10-69

stack changes, effects of 10-12

statistics, displaying 10-70

switch

as proxy 10-3, 11-2

RADIUS client 10-3

switch supplicant

configuring 10-63

overview 10-33

upgrading from a previous release 35-32

user distribution

guidelines 10-31

overview 10-31

VLAN assignment

AAA authorization 10-43

characteristics 10-19

configuration tasks 10-19

described 10-18

voice aware 802.1x security

configuring 10-41

described 10-33, 10-41

voice VLAN

described 10-27

PVID 10-27

VVID 10-27

wake-on-LAN, described 10-29

with ACLs and RADIUS Filter-Id attribute 10-34

port-based authentication methods, supported 10-8

port blocking 1-4, 25-8

port-channel

See EtherChannel

port description TLV 27-2

Port Fast

described 20-2

enabling 20-13

mode, spanning tree 13-30

support for 1-8

port membership modes, VLAN 13-3

port priority

MSTP 19-21

STP 18-18

ports

10-Gigabit Ethernet module 12-6

access 12-3

blocking 25-8

dynamic access 13-3

IEEE 802.1Q tunnel 13-4

protected 25-6

routed 12-4

secure 25-9

static-access 13-3, 13-10

switch 12-2

trunks 13-3, 13-16

VLAN assignments 13-10

port security

aging 25-18

and private VLANs 25-19

and QoS trusted boundary 35-43

and stacking 25-19

configuring 25-13

default configuration 25-12

described 25-9

displaying 25-20

enabling 25-19

on trunk ports 25-15

sticky learning 25-10

violations 25-11

with other features 25-12

port-shutdown response, VMPS 13-28

port VLAN ID TLV 27-2

power management TLV 27-2, 27-8

Power over Ethernet

See PoE

preemption, default configuration 21-8

preemption delay, default configuration 21-8

preferential treatment of traffic

See QoS

prefix lists, BGP 38-57

preventing unauthorized access 9-1

primary interface for object tracking, DHCP, configuring 44-10

primary interface for static routing, configuring 44-10

primary links 21-2

primary VLANs 16-1, 16-3

priority

HSRP 42-8

overriding CoS 15-7

trusting CoS 15-7

private VLAN edge ports

See protected ports

private VLANs

across multiple switches 16-4

and SDM template 16-4

and SVIs 16-5

and switch stacks 16-6

benefits of 16-1

community ports 16-2

community VLANs 16-2, 16-3

configuration guidelines 16-7, 16-9

configuration tasks 16-6

configuring 16-10

default configuration 16-7

end station access to 16-3

IP addressing 16-3

isolated port 16-2

isolated VLANs 16-2, 16-3

mapping 16-14

monitoring 16-15

ports

community 16-2

configuration guidelines 16-9

configuring host ports 16-12

configuring promiscuous ports 16-13

described 13-4

isolated 16-2

promiscuous 16-2

primary VLANs 16-1, 16-3

promiscuous ports 16-2

secondary VLANs 16-2

subdomains 16-1

traffic in 16-5

privileged EXEC mode 2-2

privilege levels

changing the default for lines 9-9

command switch 6-18

exiting 9-10

logging into 9-10

mapping on member switches 6-18

overview 9-2, 9-8

setting a command with 9-8

promiscuous ports

configuring 16-13

defined 16-2

protected ports 1-10, 25-6

protocol-dependent modules, EIGRP 38-37

Protocol-Independent Multicast Protocol

See PIM

provider edge devices 38-76

provisioned switches and IP source guard 22-21

provisioning new members for a switch stack 5-7

proxy ARP

configuring 38-12

definition 38-10

with IP routing disabled 38-12

proxy reports 21-4

pruning, VTP

disabling

in VTP domain 14-15

on a port 13-23

enabling

in VTP domain 14-15

on a port 13-23

examples 14-6

overview 14-6

pruning-eligible list

changing 13-23

for VTP pruning 14-6

VLANs 14-15

PVST+

described 18-10

IEEE 802.1Q trunking interoperability 18-11

instances supported 18-10

Q

QoS

and MQC commands 35-1

auto-QoS

categorizing traffic 35-22

configuration and defaults display 35-34

configuration guidelines 35-31

described 35-21

disabling 35-34

displaying generated commands 35-34

displaying the initial configuration 35-34

effects on running configuration 35-31

list of generated commands 35-24

basic model 35-4

classification

class maps, described 35-8

defined 35-4

DSCP transparency, described 35-45

flowchart 35-7

forwarding treatment 35-3

in frames and packets 35-3

IP ACLs, described 35-6, 35-8

MAC ACLs, described 35-6, 35-8

options for IP traffic 35-6

options for non-IP traffic 35-6

policy maps, described 35-8

trust DSCP, described 35-6

trusted CoS, described 35-6

trust IP precedence, described 35-6

class maps

configuring 35-51

displaying 35-85

configuration guidelines

auto-QoS 35-31

standard QoS 35-37

configuring

aggregate policers 35-64

auto-QoS 35-21

default port CoS value 35-43

DSCP maps 35-67

DSCP transparency 35-45

DSCP trust states bordering another domain 35-45

egress queue characteristics 35-77

ingress queue characteristics 35-73

IP extended ACLs 35-49

IP standard ACLs 35-48

MAC ACLs 35-50

policy maps, hierarchical 35-57

port trust states within the domain 35-41

trusted boundary 35-43

default auto configuration 35-22

default standard configuration 35-35

displaying statistics 35-85

DSCP transparency 35-45

egress queues

allocating buffer space 35-78

buffer allocation scheme, described 35-18

configuring shaped weights for SRR 35-82

configuring shared weights for SRR 35-83

described 35-5

displaying the threshold map 35-81

flowchart 35-18

mapping DSCP or CoS values 35-80

scheduling, described 35-5

setting WTD thresholds 35-78

WTD, described 35-19

enabling globally 35-40

flowcharts

classification 35-7

egress queueing and scheduling 35-18

ingress queueing and scheduling 35-16

policing and marking 35-11

implicit deny 35-8

ingress queues

allocating bandwidth 35-75

allocating buffer space 35-75

buffer and bandwidth allocation, described 35-17

configuring shared weights for SRR 35-75

configuring the priority queue 35-76

described 35-4

displaying the threshold map 35-74

flowchart 35-16

mapping DSCP or CoS values 35-73

priority queue, described 35-17

scheduling, described 35-4

setting WTD thresholds 35-73

WTD, described 35-17

IP phones

automatic classification and queueing 35-21

detection and trusted settings 35-21, 35-43

limiting bandwidth on egress interface 35-84

mapping tables

CoS-to-DSCP 35-67

displaying 35-86

DSCP-to-CoS 35-70

DSCP-to-DSCP-mutation 35-71

IP-precedence-to-DSCP 35-68

policed-DSCP 35-69

types of 35-13

marked-down actions 35-55, 35-61

marking, described 35-4, 35-9

overview 35-2

packet modification 35-20

policers

configuring 35-55, 35-61, 35-65

described 35-9

displaying 35-85

number of 35-39

types of 35-10

policies, attaching to an interface 35-9

policing

described 35-4, 35-9

token bucket algorithm 35-10

policy maps

characteristics of 35-53

displaying 35-86

hierarchical 35-9

hierarchical on SVIs 35-57

nonhierarchical on physical ports 35-53

QoS label, defined 35-4

queues

configuring egress characteristics 35-77

configuring ingress characteristics 35-73

high priority (expedite) 35-20, 35-84

location of 35-14

SRR, described 35-15

WTD, described 35-14

rewrites 35-20

support for 1-13

trust states

bordering another domain 35-45

described 35-6

trusted device 35-43

within the domain 35-41

quality of service

See QoS

queries, IGMP 24-4

query solicitation, IGMP 24-13

R

RADIUS

attributes

vendor-proprietary 9-38

vendor-specific 9-36

configuring

accounting 9-35

authentication 9-30

authorization 9-34

communication, global 9-28, 9-36

communication, per-server 9-28

multiple UDP ports 9-28

default configuration 9-27

defining AAA server groups 9-32

displaying the configuration 9-40

identifying the server 9-28

in clusters 6-17

limiting the services to the user 9-34

method list, defined 9-27

operation of 9-20

overview 9-18

server load balancing 9-40

suggested network environments 9-19

support for 1-12

tracking services accessed by user 9-35

RADIUS Change of Authorization 9-20

range

macro 12-14

of interfaces 12-13

rapid convergence 19-11

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described 18-10

IEEE 802.1Q trunking interoperability 18-11

instances supported 18-10

Rapid Spanning Tree Protocol

See RSTP

RARP 38-10

rcommand command 6-17

RCP

configuration files

downloading C-18

overview C-17

preparing the server C-17

uploading C-19

image files

deleting old image C-39

downloading C-37

preparing the server C-36

uploading C-39

reachability, tracking IP SLAs IP host 44-9

readiness check

port-based authentication

configuring 10-40

described 10-18, 10-40

reconfirmation interval, VMPS, changing 13-32

reconfirming dynamic VLAN membership 13-32

recovery procedures 49-1

redirect URL 10-21, 10-22, 10-64

redundancy

EtherChannel 36-3

HSRP 42-1

STP

backbone 18-9

multidrop backbone 20-5

path cost 13-26

port priority 13-25

redundant links and UplinkFast 20-16

redundant power system

See Cisco Redundant Power System 2300

reliable transport protocol, EIGRP 38-36

reloading software 3-24

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN 29-3

report suppression, IGMP

described 24-6

disabling 24-16, 40-11

resequencing ACL entries 34-15

reserved addresses in DHCP pools 22-29

resets, in BGP 38-52

resetting a UDLD-shutdown interface 28-6

responder, IP SLAs

described 43-4

enabling 43-8

response time, measuring with IP SLAs 43-4

restricted VLAN

configuring 10-55

described 10-24

using with IEEE 802.1x 10-24

restricting access

NTP services 7-8

overview 9-1

passwords and privilege levels 9-2

RADIUS 9-18

TACACS+ 9-10

retry count, VMPS, changing 13-32

reverse address resolution 38-9

Reverse Address Resolution Protocol

See RARP

RFC

1058, RIP 38-20

1112, IP multicast and IGMP 24-2

1157, SNMPv1 32-2

1163, BGP 38-44

1166, IP addresses 38-7

1253, OSPF 38-25

1267, BGP 38-44

1305, NTP 7-2

1587, NSSAs 38-25

1757, RMON 30-2

1771, BGP 38-44

1901, SNMPv2C 32-2

1902 to 1907, SNMPv2 32-2

2236, IP multicast and IGMP 24-2

2273-2275, SNMPv3 32-2

RFC 5176 Compliance 9-21

RIP

advertisements 38-20

authentication 38-23

configuring 38-21

default configuration 38-20

described 38-20

for IPv6 39-7

hop counts 38-20

split horizon 38-23

summary addresses 38-23

support for 1-14

RMON

default configuration 30-3

displaying status 30-7

enabling alarms and events 30-3

groups supported 30-2

overview 30-2

statistics

collecting group Ethernet 30-6

collecting group history 30-5

support for 1-16

root guard

described 20-10

enabling 20-18

support for 1-8

root switch

MSTP 19-19

STP 18-16

route calculation timers, OSPF 38-33

route dampening, BGP 38-63

routed packets, ACLs on 34-40

routed ports

configuring 38-5

defined 12-4

in switch clusters 6-9

IP addresses on 12-26, 38-5

route-map command 38-101

route maps

BGP 38-55

policy-based routing 38-98

router ACLs

defined 34-2

types of 34-4

route reflectors, BGP 38-62

router ID, OSPF 38-34

route selection, BGP 38-53

route summarization, OSPF 38-32

route targets, VPN 38-78

routing

default 38-3

dynamic 38-3

redistribution of information 38-94

static 38-3

routing domain confederation, BGP 38-62

Routing Information Protocol

See RIP

routing protocol administrative distances 38-93

RPS

See Cisco Redundant Power System 2300

RPS 2300

See Cisco Redundant Power System 2300

RSPAN

and stack changes 29-10

characteristics 29-9

configuration guidelines 29-17

default configuration 29-11

defined 29-3

destination ports 29-8

displaying status 29-24

in a switch stack 29-3

interaction with other features 29-9

monitored ports 29-6

monitoring ports 29-8

overview 1-16, 29-1

received traffic 29-5

session limits 29-11

sessions

creating 29-18

defined 29-4

limiting source traffic to specific VLANs 29-23

specifying monitored ports 29-18

with ingress traffic enabled 29-22

source ports 29-6

transmitted traffic 29-6

VLAN-based 29-7

RSTP

active topology 19-10

BPDU

format 19-13

processing 19-14

designated port, defined 19-10

designated switch, defined 19-10

interoperability with IEEE 802.1D

described 19-9

restarting migration process 19-28

topology changes 19-14

overview 19-9

port roles

described 19-10

synchronized 19-12

proposal-agreement handshake process 19-11

rapid convergence

cross-stack rapid convergence 19-11

described 19-11

edge ports and Port Fast 19-11

point-to-point links 19-11, 19-27

root ports 19-11

root port, defined 19-10

See also MSTP

running configuration

replacing C-20, C-21

rolling back C-20, C-22

running configuration, saving 3-17

S

SC (standby command switch) 6-11

scheduled reloads 3-24

scheduling, IP SLAs operations 43-5

SCP

and SSH 9-57

configuring 9-58

SDM

switch stack consideration 5-9

templates

configuring 8-6

number of 8-1

SDM mismatch mode 5-10, 8-4

SDM template 41-4

aggregator 8-1

configuration guidelines 8-5

configuring 8-4

desktop 8-1

dual IPv4 and IPv6 8-2

types of 8-1

secondary VLANs 16-2

Secure Copy Protocol

secure HTTP client

configuring 9-56

displaying 9-57

secure HTTP server

configuring 9-55

displaying 9-57

secure MAC addresses

and switch stacks 25-19

deleting 25-17

maximum number of 25-10

types of 25-10

secure ports

and switch stacks 25-19

configuring 25-9

secure remote connections 9-46

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port 25-9

security features 1-10

See SCP

sequence numbers in log messages 31-8

server mode, VTP 14-3

service-provider network, MSTP and RSTP 19-1

service-provider networks

and customer VLANs 17-2

and IEEE 802.1Q tunneling 17-1

Layer 2 protocols across 17-8

Layer 2 protocol tunneling for EtherChannels 17-9

set-request operation 32-5

setup program

failed command switch replacement 49-11

replacing failed command switch 49-9

severity levels, defining in system messages 31-9

SFPs

monitoring status of 12-32, 49-14

numbering of 12-12

security and identification 49-13

status, displaying 49-14

shaped round robin

See SRR

show access-lists hw-summary command 34-22

show and more command output, filtering 2-10

show cdp traffic command 26-5

show cluster members command 6-17

show configuration command 12-25

show forward command 49-22

show interfaces command 12-19, 12-25

show interfaces switchport 21-4

show l2protocol command 17-13, 17-15, 17-16

show lldp traffic command 27-12

show platform forward command 49-22

show platform tcam command 49-25

show running-config command

displaying ACLs 34-20, 34-21, 34-32, 34-35

interface description in 12-25

shutdown command on interfaces 12-33

shutdown threshold for Layer 2 protocol packets 17-11

Simple Network Management Protocol

See SNMP

small form-factor pluggable modules

See SFPs

small-frame arrival rate, configuring 25-5

SNAP 26-1

SNMP

accessing MIB variables with 32-5

agent

described 32-4

disabling 32-8

and IP SLAs 43-2

authentication level 32-11

community strings

configuring 32-8

for cluster switches 32-5

overview 32-4

configuration examples 32-18

default configuration 32-7

engine ID 32-7

groups 32-7, 32-10

host 32-7

ifIndex values 32-6

in-band management 1-7

in clusters 6-15

informs

and trap keyword 32-13

described 32-5

differences from traps 32-5

disabling 32-16

enabling 32-16

limiting access by TFTP servers 32-17

limiting system log messages to NMS 31-10

manager functions 1-6, 32-4

managing clusters with 6-18

MIBs

location of B-4

supported B-1

notifications 32-5

overview 32-1, 32-5

security levels 32-3

setting CPU threshold notification 32-16

status, displaying 32-19

system contact and location 32-17

trap manager, configuring 32-14

traps

described 32-4, 32-5

differences from informs 32-5

disabling 32-16

enabling 32-13

enabling MAC address notification 7-22, 7-24, 7-26

overview 32-1, 32-5

types of 32-13

users 32-7, 32-10

versions supported 32-2

SNMP and Syslog Over IPv6 39-7

SNMPv1 32-2

SNMPv2C 32-2

SNMPv3 32-2

snooping, IGMP 24-2

software compatibility

See stacks, switch

software images

location in flash C-26

recovery procedures 49-2

scheduling reloads 3-25

tar file format, described C-26

See also downloading and uploading

source addresses

in IPv4 ACLs 34-12

in IPv6 ACLs 41-5

source-and-destination-IP address based forwarding, EtherChannel 36-9

source-and-destination MAC address forwarding, EtherChannel 36-9

source-IP address based forwarding, EtherChannel 36-9

source-MAC address forwarding, EtherChannel 36-8

Source-specific multicast

See SSM

SPAN

and stack changes 29-10

configuration guidelines 29-11

default configuration 29-11

destination ports 29-8

displaying status 29-24

interaction with other features 29-9

monitored ports 29-6

monitoring ports 29-8

overview 1-16, 29-1

ports, restrictions 25-13

received traffic 29-5

session limits 29-11

sessions

configuring ingress forwarding 29-16, 29-23

creating 29-12

defined 29-4

limiting source traffic to specific VLANs 29-16

removing destination (monitoring) ports 29-14

specifying monitored ports 29-12

with ingress traffic enabled 29-15

source ports 29-6

transmitted traffic 29-6

VLAN-based 29-7

spanning tree and native VLANs 13-18

Spanning Tree Protocol

See STP

SPAN traffic 29-5

split horizon, RIP 38-23

SRR

configuring

shaped weights on egress queues 35-82

shared weights on egress queues 35-83

shared weights on ingress queues 35-75

described 35-15

shaped mode 35-15

shared mode 35-15

support for 1-13, 1-14

SSH

configuring 9-47

cryptographic software image 9-45

described 1-7, 9-46

encryption methods 9-46

switch stack considerations 5-16, 9-46

user authentication methods, supported 9-46

SSL

configuration guidelines 9-53

configuring a secure HTTP client 9-56

configuring a secure HTTP server 9-55

cryptographic software image 9-50

described 9-50

monitoring 9-57

SSM

address management restrictions 46-16

CGMP limitations 46-16

components 46-14

configuration guidelines 46-16

configuring 46-14, 46-17

differs from Internet standard multicast 46-14

IGMP snooping 46-16

IGMPv3 46-14

IGMPv3 Host Signalling 46-15

IP address range 46-15

monitoring 46-17

operations 46-15

PIM 46-14

state maintenance limitations 46-16

SSM mapping 46-17

configuration guidelines 46-18

configuring 46-17, 46-20

DNS-based 46-19, 46-21

monitoring 46-22

overview 46-18

restrictions 46-18

static 46-19, 46-20

static traffic forwarding 46-22

stack, switch

MAC address of 5-6, 5-19

stack changes

effects on

IPv6 routing 39-10

stack changes, effects on

802.1x port-based authentication 10-12

ACL configuration 34-7

CDP 26-2

cross-stack EtherChannel 36-13

EtherChannel 36-10

fallback bridging 48-3

HSRP 42-5

IGMP snooping 24-7

IP routing 38-4

IPv6 ACLs 41-3

MAC address tables 7-21

MSTP 19-9

multicast routing 46-10

MVR 24-18

port security 25-19

SDM template selection 8-3

SNMP 32-1

SPAN and RSPAN 29-10

STP 18-12

switch clusters 6-15

system message log 31-2

VLANs 13-7

VTP 14-7

stack master

bridge ID (MAC address) 5-6

defined 5-1

election 5-4

IPv6 39-10

See also stacks, switch

stack member

accessing CLI of specific member 5-23

configuring

member number 5-21

priority value 5-22

defined 5-1

displaying information of 5-24

IPv6 39-10

number 5-6

priority value 5-7

provisioning a new member 5-22

replacing 5-14

See also stacks, switch

stack member number 12-11

stack protocol version 5-10

stacks, switch

accessing CLI of specific member 5-23

assigning information

member number 5-21

priority value 5-22

provisioning a new member 5-22

auto-advise 5-12

auto-copy 5-11

auto-extract 5-11

auto-upgrade 5-11

benefits 1-2

bridge ID 5-6

CDP considerations 26-2

compatibility, software 5-10

configuration file 5-14

configuration scenarios 5-16

copying an image file from one member to another C-40

default configuration 5-19

description of 5-1

displaying information of 5-24

enabling persistent MAC address timer 5-19

hardware compatibility and SDM mismatch mode 5-9

HSRP considerations 42-5

in clusters 6-15

incompatible software and image upgrades 5-14, C-40

IPv6 on 39-9

MAC address considerations 7-21

management connectivity 5-15

managing 5-1

membership 5-3

merged 5-3

MSTP instances supported 18-10

multicast routing, stack master and member roles 46-10

offline configuration

described 5-7

effects of adding a provisioned switch 5-8

effects of removing a provisioned switch 5-9

effects of replacing a provisioned switch 5-9

provisioned configuration, defined 5-7

provisioned switch, defined 5-7

provisioning a new member 5-22

partitioned 5-3, 49-8

provisioned switch

adding 5-8

removing 5-9

replacing 5-9

replacing a failed member 5-14

software compatibility 5-10

software image version 5-10

stack protocol version 5-10

STP

bridge ID 18-3

instances supported 18-10

root port selection 18-3

stack root switch election 18-3

system messages

hostnames in the display 31-1

remotely monitoring 31-2

system prompt consideration 7-14

system-wide configuration considerations 5-15

upgrading C-40

version-mismatch (VM) mode

automatic upgrades with auto-upgrade 5-11

examples 5-12

manual upgrades with auto-advise 5-12

upgrades with auto-extract 5-11

version-mismatch mode

described 5-10

See also stack master and stack member

standby command switch

configuring

considerations 6-12

defined 6-2

priority 6-11

requirements 6-3

virtual IP address 6-12

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

standby ip command 42-6

standby links 21-2

standby router 42-1

standby timers, HSRP 42-10

startup configuration

booting

manually 3-21

specific image 3-22

clearing C-20

configuration file

automatically downloading 3-20

specifying the filename 3-20

default boot configuration 3-20

static access ports

assigning to VLAN 13-10

defined 12-3, 13-3

static addresses

See addresses

static IP routing 1-14

static MAC addressing 1-10

static route primary interface,configuring 44-10

static routes

configuring 38-92

configuring for IPv6 39-21

understanding 39-6

static routing 38-3

static routing support, enhanced object tracking 44-10

static SSM mapping 46-19, 46-20

static traffic forwarding 46-22

static VLAN membership 13-2

statistics

802.1X 11-17

802.1x 10-70

CDP 26-5

interface 12-31

IP multicast routing 46-62

LLDP 27-12

LLDP-MED 27-12

NMSP 27-12

OSPF 38-35

QoS ingress and egress 35-85

RMON group Ethernet 30-6

RMON group history 30-5

SNMP input and output 32-19

VTP 14-17

sticky learning 25-10

storm control

configuring 25-3

described 25-2

disabling 25-5

displaying 25-20

support for 1-4

thresholds 25-2

STP

accelerating root port selection 20-4

BackboneFast

described 20-7

disabling 20-17

enabling 20-17

BPDU filtering

described 20-3

disabling 20-15

enabling 20-15

BPDU guard

described 20-2

disabling 20-14

enabling 20-14

BPDU message exchange 18-3

configuration guidelines 18-13, 20-12

configuring

forward-delay time 18-23

hello time 18-22

maximum aging time 18-23

path cost 18-20

port priority 18-18

root switch 18-16

secondary root switch 18-18

spanning-tree mode 18-15

switch priority 18-21

transmit hold-count 18-24

counters, clearing 18-24

cross-stack UplinkFast

described 20-5

enabling 20-17

default configuration 18-13

default optional feature configuration 20-12

designated port, defined 18-4

designated switch, defined 18-4

detecting indirect link failures 20-8

disabling 18-16

displaying status 18-24

EtherChannel guard

described 20-10

disabling 20-18

enabling 20-18

extended system ID

effects on root switch 18-16

effects on the secondary root switch 18-18

overview 18-5

unexpected behavior 18-16

features supported 1-8

IEEE 802.1D and bridge ID 18-5

IEEE 802.1D and multicast addresses 18-9

IEEE 802.1t and VLAN identifier 18-5

inferior BPDU 18-3

instances supported 18-10

interface state, blocking to forwarding 20-2

interface states

blocking 18-7

disabled 18-8

forwarding 18-6, 18-7

learning 18-7

listening 18-7

overview 18-5

interoperability and compatibility among modes 18-11

Layer 2 protocol tunneling 17-8

limitations with IEEE 802.1Q trunks 18-11

load sharing

overview 13-24

using path costs 13-26

using port priorities 13-25

loop guard

described 20-11

enabling 20-19

modes supported 18-10

multicast addresses, effect of 18-9

optional features supported 1-8

overview 18-2

path costs 13-26, 13-27

Port Fast

described 20-2

enabling 20-13

port priorities 13-25

preventing root switch selection 20-10

protocols supported 18-10

redundant connectivity 18-9

root guard

described 20-10

enabling 20-18

root port, defined 18-3

root port selection on a switch stack 18-3

root switch

configuring 18-16

effects of extended system ID 18-5, 18-16

election 18-3

unexpected behavior 18-16

shutdown Port Fast-enabled port 20-2

stack changes, effects of 18-12

status, displaying 18-24

superior BPDU 18-3

timers, described 18-22

UplinkFast

described 20-3

enabling 20-16

VLAN-bridge 18-11

stratum, NTP 7-2

stub areas, OSPF 38-31

stub routing, EIGRP 38-42

subdomains, private VLAN 16-1

subnet mask 38-7

subnet zero 38-7

success response, VMPS 13-29

summer time 7-13

SunNet Manager 1-6

supernet 38-8

supported port-based authentication methods 10-8

SVI autostate exclude

configuring 12-27

defined 12-5

SVI link state 12-5

SVIs

and IP unicast routing 38-5

and router ACLs 34-4

connecting VLANs 12-10

defined 12-5

routing between VLANs 13-2

switch 39-2

switch clustering technology 6-1

See also clusters, switch

switch console port 1-7

Switch Database Management

See SDM

switched packets, ACLs on 34-39

Switched Port Analyzer

See SPAN

switched ports 12-2

switchport backup interface 21-4, 21-5

switchport block multicast command 25-8

switchport block unicast command 25-8

switchport command 12-16

switchport mode dot1q-tunnel command 17-6

switchport protected command 25-7

switch priority

MSTP 19-24

STP 18-21

switch software features 1-1

switch stacks

Catalyst 3750G wireless LAN controller switch A-2

switch virtual interface

See SVI

synchronization, BGP 38-49

syslog

See system message logging

system capabilities TLV 27-2

system clock

configuring

daylight saving time 7-13

manually 7-11

summer time 7-13

time zones 7-12

displaying the time and date 7-12

overview 7-1

See also NTP

system description TLV 27-2

system message logging

default configuration 31-4

defining error message severity levels 31-9

disabling 31-4

displaying the configuration 31-14

enabling 31-5

facility keywords, described 31-14

level keywords, described 31-10

limiting messages 31-10

message format 31-2

overview 31-1

sequence numbers, enabling and disabling 31-8

setting the display destination device 31-5

stack changes, effects of 31-2

synchronizing log messages 31-7

syslog facility 1-16

time stamps, enabling and disabling 31-8

UNIX syslog servers

configuring the daemon 31-13

configuring the logging facility 31-13

facilities supported 31-14

system MTU

and IS-IS LSPs 38-70

system MTU and IEEE 802.1Q tunneling 17-5

system name

default configuration 7-15

default setting 7-15

manual configuration 7-15

See also DNS

system name TLV 27-2

system prompt, default setting 7-14, 7-15

system resources, optimizing 8-1

system routing

IS-IS 38-66

ISO IGRP 38-66

T

TACACS+

accounting, defined 9-11

authentication, defined 9-11

authorization, defined 9-11

configuring

accounting 9-17

authentication key 9-13

authorization 9-16

login authentication 9-14

default configuration 9-13

displaying the configuration 9-18

identifying the server 9-13

in clusters 6-17

limiting the services to the user 9-16

operation of 9-12

overview 9-10

support for 1-12

tracking services accessed by user 9-17

tagged packets

IEEE 802.1Q 17-3

Layer 2 protocol 17-8

tar files

creating C-6

displaying the contents of C-7

extracting C-8

image file format C-26

TCAM

memory consistency check errors

displaying 49-25

example 49-25

memory consistency check routines 1-5, 49-25

memory consistency integrity 1-5, 49-25

portions 49-25

space

HFTM 49-25

HQATM 49-25

unassigned 49-25

TCL script, registering and defining with embedded event manager 33-7

TDR 1-16

Telnet

accessing management interfaces 2-11

number of connections 1-7

setting a password 9-6

templates, SDM 8-2

temporary self-signed certificate 9-51

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password 9-6