Catalyst 3750 Switch Software Configuration Guide, Cisco IOS Release 15.0(2)SE and Later
Index
Downloads: This chapterpdf (PDF - 1.79MB) The complete bookPDF (PDF - 14.04MB) | Feedback

Index

Numerics

10-Gigabit Ethernet interfaces

configuration guidelines 13-17

defined 13-6

802.1AE Tagging 12-2

A

AAA down policy, NAC Layer 2 IP validation 1-12

abbreviating commands 2-3

ABRs 39-25

AC (command switch) 6-10

access-class command 35-20

access control entries

See ACEs

access control entry (ACE) 41-3

access-denied response, VMPS 14-27

access groups

applying IPv4 ACLs to interfaces 35-21

Layer 2 35-21

Layer 3 35-21

accessing

clusters, switch 6-13

command switches 6-11

member switches 6-13

switch clusters 6-13

accessing stack members 5-23

access lists

See ACLs

access ports

and Layer 2 protocol tunneling 18-10

defined 13-3

in switch clusters 6-9

access template 8-1

accounting

with 802.1x 10-54

with IEEE 802.1x 10-16

with RADIUS 9-35

with TACACS+ 9-12, 9-17

ACEs

and QoS 36-8

defined 35-2

Ethernet 35-2

IP 35-2

ACLs

ACEs 35-2

any keyword 35-13

applying

on bridged packets 35-41

on multicast packets 35-42

on routed packets 35-42

on switched packets 35-40

time ranges to 35-17

to an interface 35-20, 41-7

to IPv6 interfaces 41-7

to QoS 36-8

classifying traffic for QoS 36-49

comments in 35-19

compiling 35-24

defined 35-1, 35-8

examples of 35-24, 36-49

extended IP, configuring for QoS classification 36-51

extended IPv4

creating 35-11

matching criteria 35-8

hardware and software handling 35-22

host keyword 35-13

IP

creating 35-8

fragments and QoS guidelines 36-40

implicit deny 35-10, 35-15, 35-17

implicit masks 35-10

matching criteria 35-8

undefined 35-22

IPv4

applying to interfaces 35-20

creating 35-8

matching criteria 35-8

named 35-15

numbers 35-8

terminal lines, setting on 35-20

unsupported features 35-7

IPv6

and stacking 41-3

applying to interfaces 41-7

configuring 41-4, 41-5

displaying 41-8

interactions with other features 41-4

limitations 41-3

matching criteria 41-3

named 41-3

precedence of 41-2

supported 41-2

unsupported features 41-3

Layer 4 information in 35-40

logging messages 35-9

MAC extended 35-28, 36-52

matching 35-8, 35-21, 41-3

monitoring 35-44, 41-8

named, IPv4 35-15

named, IPv6 41-3

names 41-4

number per QoS class map 36-40

port 35-2, 41-1

precedence of 35-2

QoS 36-8, 36-49

resequencing entries 35-15

router 35-2, 41-1

router ACLs and VLAN map configuration guidelines 35-39

standard IP, configuring for QoS classification 36-50

standard IPv4

creating 35-10

matching criteria 35-8

support for 1-11

support in hardware 35-22

time ranges 35-17

types supported 35-2

unsupported features, IPv4 35-7

unsupported features, IPv6 41-3

using router ACLs with VLAN maps 35-39

VLAN maps

configuration guidelines 35-31

configuring 35-30

active link 21-4, 21-5, 21-6

active links 21-2

active router 43-2

active traffic monitoring, IP SLAs 44-1

address aliasing 25-2

addresses

displaying the MAC address table 7-25

dynamic

accelerated aging 19-9

changing the aging time 7-15

default aging 19-9

defined 7-13

learning 7-14

removing 7-16

IPv6 40-2

MAC, discovering 7-25

multicast

group address range 47-3

STP address management 19-9

static

adding and removing 7-21

defined 7-13

address resolution 7-25, 39-9

Address Resolution Protocol

See ARP

adjacency tables, with CEF 39-90

administrative distances

defined 39-103

OSPF 39-33

routing protocol defaults 39-92

advertisements

CDP 27-1

LLDP 28-1, 28-2

RIP 39-20

VTP 14-18, 15-3, 15-4

aggregatable global unicast addresses 40-3

aggregate addresses, BGP 39-60

aggregated ports

See EtherChannel

aggregate policers 36-67

aggregate policing 1-14

aggregator template 5-10, 8-1

aging, accelerating 19-9

aging time

accelerated

for MSTP 20-23

for STP 19-9, 19-23

MAC address table 7-15

maximum

for MSTP 20-24

for STP 19-23, 19-24

alarms, RMON 31-4

allowed-VLAN list 14-20

application engines, redirecting traffic to 46-1

area border routers

See ABRs

area routing

IS-IS 39-65

ISO IGRP 39-65

ARP

configuring 39-10

defined 1-6, 7-25, 39-9

encapsulation 39-11

static cache configuration 39-10

table

address resolution 7-25

managing 7-25

ASBRs 39-25

AS-path filters, BGP 39-55

asymmetrical links, and IEEE 802.1Q tunneling 18-4

attributes, RADIUS

vendor-proprietary 9-38

vendor-specific 9-36

attribute-value pairs 10-13, 10-16, 10-21, 10-22

authentication

EIGRP 39-41

HSRP 43-10

local mode with AAA 9-44

open1x 10-31

RADIUS

key 9-28

login 9-30

TACACS+

defined 9-11

key 9-13

login 9-14

See also port-based authentication

authentication compatibility with Catalyst 6000 switches 10-8

authentication failed VLAN

See restricted VLAN

authentication keys, and routing protocols 39-103

authentication manager

CLI commands 10-9

compatibility with older 802.1x CLI commands 10-9 to ??

overview 10-7

authoritative time source, described 7-2

authorization

with RADIUS 9-34

with TACACS+ 9-12, 9-16

authorized ports with IEEE 802.1x 10-10

autoconfiguration 3-3

auto enablement 10-33

automatic advise (auto-advise) in switch stacks 5-12

automatic copy (auto-copy) in switch stacks 5-11

automatic discovery

considerations

beyond a noncandidate device 6-8

brand new switches 6-9

connectivity 6-5

different VLANs 6-7

management VLANs 6-7

non-CDP-capable devices 6-6

noncluster-capable devices 6-6

routed ports 6-8

in switch clusters 6-5

See also CDP

automatic extraction (auto-extract) in switch stacks 5-11

automatic QoS

See QoS

automatic recovery, clusters 6-10

See also HSRP

automatic upgrades (auto-upgrade) in switch stacks 5-11

auto-MDIX

configuring 13-21

described 13-21

autonegotiation

duplex mode 1-4

interface configuration guidelines 13-18

mismatches 50-12

autonomous system boundary routers

See ASBRs

autonomous systems, in BGP 39-48

Auto-QoS video devices 1-14

Auto-RP, described 47-6

autosensing, port speed 1-4

autostate exclude 13-5

auxiliary VLAN

See voice VLAN

availability, features 1-8

B

BackboneFast

described 22-7

disabling 22-17

enabling 22-17

support for 1-8

backup interfaces

See Flex Links

backup links 21-2

backup static routing, configuring 45-12

banners

configuring

login 7-13

message-of-the-day login 7-12

default configuration 7-11

when displayed 7-11

Berkeley r-tools replacement 9-56

BGP

aggregate addresses 39-60

aggregate routes, configuring 39-60

CIDR 39-60

clear commands 39-64

community filtering 39-57

configuring neighbors 39-59

default configuration 39-46

described 39-45

enabling 39-48

monitoring 39-64

multipath support 39-52

neighbors, types of 39-48

path selection 39-52

peers, configuring 39-59

prefix filtering 39-56

resetting sessions 39-51

route dampening 39-63

route maps 39-54

route reflectors 39-62

routing domain confederation 39-61

routing session with multi-VRF CE 39-84

show commands 39-64

supernets 39-60

support for 1-15

Version 4 39-45

binding cluster group and HSRP group 43-12

binding database

address, DHCP server

See DHCP, Cisco IOS server database

DHCP snooping

See DHCP snooping binding database

bindings

address, Cisco IOS DHCP server 23-6

DHCP snooping database 23-6

IP source guard 23-16

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets 26-7

Boolean expressions in tracked lists 45-4

booting

boot loader, function of 3-2

boot process 3-2

manually 3-20

specific image 3-21

boot loader

accessing 3-22

described 3-2

environment variables 3-22

prompt 3-22

trap-door mechanism 3-2

Boot Loader Upgrade and Image Verification for the FIPS Mode of Operation 3-25

bootstrap router (BSR), described 47-7

Border Gateway Protocol

See BGP

BPDU

error-disabled state 22-2

filtering 22-3

RSTP format 20-12

BPDU filtering

described 22-3

disabling 22-15

enabling 22-14

support for 1-8

BPDU guard

described 22-2

disabling 22-14

enabling 22-13

support for 1-8

bridged packets, ACLs on 35-41

bridge groups

See fallback bridging

bridge protocol data unit

See BPDU

broadcast flooding 39-17

broadcast packets

directed 39-14

flooded 39-14

broadcast storm-control command 26-4

broadcast storms 26-1, 39-14

C

cables, monitoring for unidirectional links 29-1

candidate switch

automatic discovery 6-5

defined 6-4

requirements 6-4

See also command switch, cluster standby group, and member switch

Catalyst 6000 switches

authentication compatibility 10-8

CA trustpoint

configuring 9-53

defined 9-51

CDP

and trusted boundary 36-46

automatic discovery in switch clusters 6-5

configuring 27-2

default configuration 27-2

defined with LLDP 28-1

described 27-1

disabling for routing device 27-4

enabling and disabling

on an interface 27-4

on a switch 27-4

Layer 2 protocol tunneling 18-7

monitoring 27-5

overview 27-1

power negotiation extensions 13-7

support for 1-6

switch stack considerations 27-2

transmission timer and holdtime, setting 27-3

updates 27-3

CEF

defined 39-90

distributed 39-90

enabling 39-90

IPv6 40-21

CGMP

as IGMP snooping learning method 25-9

clearing cached group entries 47-62

enabling server support 47-44

joining multicast group 25-3

overview 47-9

server support only 47-9

switch support of 1-5

CIDR 39-60

CipherSuites 9-52

Cisco 7960 IP Phone 16-1

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco intelligent power management 13-7

Cisco IOS DHCP server

See DHCP, Cisco IOS DHCP server

Cisco IOS File System

See IFS

Cisco IOS IP SLAs 44-2

Cisco Redundant Power System 2300

configuring 13-29

managing 13-29

Cisco Secure ACS

attribute-value pairs for downloadable ACLs 10-22

attribute-value pairs for redirect URL 10-21

Cisco Secure ACS configuration guide 10-72

CiscoWorks 2000 1-6, 33-4

CISP 10-33

CIST regional root

See MSTP

CIST root

See MSTP

civic location 28-3

classless interdomain routing

See CIDR

classless routing 39-8

class maps for QoS

configuring 36-53

described 36-8

displaying 36-87

class of service

See CoS

clearing interfaces 13-32

CLI

abbreviating commands 2-3

command modes 2-1

configuration logging 2-5

described 1-6

editing features

enabling and disabling 2-6

keystroke editing 2-7

wrapped lines 2-8

error messages 2-4

filtering command output 2-9

getting help 2-3

history

changing the buffer size 2-5

described 2-5

disabling 2-6

recalling commands 2-6

managing clusters 6-16

no and default forms of commands 2-4

Client Information Signalling Protocol

See CISP

client mode, VTP 15-3

client processes, tracking 45-1

CLNS

See ISO CLNS

clock

See system clock

clusters, switch

accessing 6-13

automatic discovery 6-5

automatic recovery 6-10

benefits 1-2

compatibility 6-4

described 6-1

LRE profile considerations 6-16

managing

through CLI 6-16

through SNMP 6-17

planning 6-4

planning considerations

automatic discovery 6-5

automatic recovery 6-10

CLI 6-16

host names 6-13

IP addresses 6-13

LRE profiles 6-16

passwords 6-13

RADIUS 6-16

SNMP 6-14, 6-17

switch stacks 6-14

TACACS+ 6-16

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

and HSRP group 43-12

automatic recovery 6-12

considerations 6-11

defined 6-2

requirements 6-3

virtual IP address 6-11

See also HSRP

CNS 1-6

Configuration Engine

configID, deviceID, hostname 4-3

configuration service 4-2

described 4-1

event service 4-3

embedded agents

described 4-5

enabling automated configuration 4-6

enabling configuration agent 4-9

enabling event agent 4-8

management functions 1-6

CoA Request Commands 9-23

Coarse Wave Division Multiplexer

See CWDM SFPs

command-line interface

See CLI

command modes 2-1

commands

abbreviating 2-3

no and default 2-4

commands, setting privilege levels 9-8

command switch

accessing 6-11

active (AC) 6-10

configuration conflicts 50-12

defined 6-2

passive (PC) 6-10

password privilege levels 6-17

priority 6-10

recovery

from command-switch failure 6-10, 50-8

from lost member connectivity 50-12

redundant 6-10

replacing

with another switch 50-11

with cluster member 50-9

requirements 6-3

standby (SC) 6-10

See also candidate switch, cluster standby group, member switch, and standby command switch

community list, BGP 39-58

community ports 17-2

community strings

configuring 6-14, 33-8

for cluster switches 33-4

in clusters 6-14

overview 33-4

SNMP 6-14

community VLANs 17-2, 17-3

compatibility, feature 26-12

compatibility, software

See stacks, switch

config.text 3-19

configurable leave timer, IGMP 25-6

configuration, initial

defaults 1-18

Express Setup 1-2

configuration changes, logging 32-11

configuration conflicts, recovering from lost member connectivity 50-12

configuration examples, network 1-21

configuration files

archiving 52-20

clearing the startup configuration 52-19

creating using a text editor 52-10

default name 3-19

deleting a stored configuration 52-19

described 52-8

downloading

automatically 3-19

preparing 52-10, 52-13, 52-16

reasons for 52-8

using FTP 52-13

using RCP 52-17

using TFTP 52-11

guidelines for creating and using 52-9

guidelines for replacing and rolling back 52-21

invalid combinations when copying 52-5

limiting TFTP server access 33-16

obtaining with DHCP 3-9

password recovery disable considerations 9-5

replacing a running configuration 52-19, 52-20

rolling back a running configuration 52-19, 52-21

specifying the filename 3-19

system contact and location information 33-16

types and location 52-10

uploading

preparing 52-10, 52-13, 52-16

reasons for 52-9

using FTP 52-15

using RCP 52-18

using TFTP 52-12

configuration guidelines, multi-VRF CE 39-77

configuration logger 32-11

configuration logging 2-5

configuration replacement 52-19

configuration rollback 52-19, 52-20

configuration settings, saving 3-16

configure terminal command 13-12

configuring 802.1x user distribution 10-67

configuring port-based authentication violation modes 10-43

configuring small-frame arrival rate 26-5

Configuring VACL Logging 35-37

conflicts, configuration 50-12

connections, secure remote 9-46

connectivity problems 50-14, 50-16, 50-17

consistency checks in VTP Version 2 15-5

console port, connecting to 2-10

content-routing technology

See WCCP

control protocol, IP SLAs 44-4

corrupted software, recovery steps with Xmodem 50-2

CoS

in Layer 2 frames 36-2

override priority 16-6

trust priority 16-6

CoS input queue threshold map for QoS 36-17

CoS output queue threshold map for QoS 36-19

CoS-to-DSCP map for QoS 36-69

counters, clearing interface 13-32

CPU utilization, troubleshooting 50-26

crashinfo file 50-24

critical authentication, IEEE 802.1x 10-64

critical VLAN 10-24

critical voice VLAN

configuring 10-64

cross-stack EtherChannel

configuration guidelines 37-13

configuring

on Layer 2 interfaces 37-13

on Layer 3 physical interfaces 37-16

described 37-3

illustration 37-4

support for 1-8

cross-stack UplinkFast, STP

described 22-5

disabling 22-16

enabling 22-16

fast-convergence events 22-7

Fast Uplink Transition Protocol 22-6

normal-convergence events 22-7

support for 1-8

cryptographic software image

Kerberos 9-40

SSH 9-45

SSL 9-50

switch stack considerations 5-16

customer edge devices 39-75

customjzeable web pages, web-based authentication 11-6

CWDM SFPs 1-31

D

DACL

See downloadable ACL

daylight saving time 7-7

dCEF, in the switch stack 39-90

debugging

enabling all system diagnostics 50-21

enabling for a specific feature 50-20

redirecting error message output 50-21

using commands 50-20

default commands 2-4

default configuration

802.1x 10-37

auto-QoS 36-22

banners 7-11

BGP 39-46

CDP 27-2

DHCP 23-8

DHCP option 82 23-8

DHCP snooping 23-8

DHCP snooping binding database 23-9

DNS 7-10

dynamic ARP inspection 24-5

EIGRP 39-37

EtherChannel 37-11

Ethernet interfaces 13-16

fallback bridging 49-3

Flex Links 21-8

HSRP 43-5

IEEE 802.1Q tunneling 18-4

IGMP 47-39

IGMP filtering 25-25

IGMP snooping 25-7, 42-6

IGMP throttling 25-25

initial switch information 3-3

IP addressing, IP routing 39-6

IP multicast routing 47-11

IP SLAs 44-6

IP source guard 23-17

IPv6 40-12

IS-IS 39-66

Layer 2 interfaces 13-16

Layer 2 protocol tunneling 18-11

LLDP 28-4

MAC address table 7-15

MAC address-table move update 21-8

MSDP 48-4

MSTP 20-14

multi-VRF CE 39-77

MVR 25-20

optional spanning-tree configuration 22-12

OSPF 39-26

password and privilege level 9-2

PIM 47-11

private VLANs 17-7

RADIUS 9-27

RIP 39-20

RMON 31-3

RSPAN 30-10

SDM template 8-4

SNMP 33-6

SPAN 30-10

SSL 9-52

standard QoS 36-37

STP 19-13

switch stacks 5-19

system message logging 32-4

system name and prompt 7-9

TACACS+ 9-13

UDLD 29-4

VLAN, Layer 2 Ethernet interfaces 14-18

VLANs 14-8

VMPS 14-28

voice VLAN 16-3

VTP 15-8

WCCP 46-5

default gateway 3-16, 39-12

default networks 39-93

default router preference

See DRP

default routes 39-93

default routing 39-3

default web-based authentication configuration

802.1X 11-9

deleting VLANs 14-9

denial-of-service attack 26-1

description command 13-25

designing your network, examples 1-21

desktop template 5-10, 8-1

destination addresses

in IPv4 ACLs 35-12

in IPv6 ACLs 41-5

destination-IP address-based forwarding, EtherChannel 37-9

destination-MAC address forwarding, EtherChannel 37-9

detecting indirect link failures, STP 22-8

device 52-24

device discovery protocol 27-1, 28-1

device manager

benefits 1-2

described 1-2, 1-5

in-band management 1-7

upgrading a switch 52-24

device sensor

configuring 10-55

restrictions 10-55

DHCP

Cisco IOS server database

configuring 23-14

default configuration 23-9

described 23-6

DHCP for IPv6

See DHCPv6

enabling

relay agent 23-10

DHCP-based autoconfiguration

client request message exchange 3-4

configuring

client side 3-4

DNS 3-8

relay device 3-8

server side 3-6

TFTP server 3-7

example 3-10

lease options

for IP address information 3-6

for receiving the configuration file 3-7

overview 3-3

relationship to BOOTP 3-4

relay support 1-6, 1-15

support for 1-6

DHCP-based autoconfiguration and image update

configuring 3-11 to 3-15

understanding 3-5 to 3-6

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP object tracking, configuring primary interface 45-10

DHCP option 82

circuit ID suboption 23-5

configuration guidelines 23-9

default configuration 23-8

displaying 23-15

forwarding address, specifying 23-10

helper address 23-10

overview 23-3

packet format, suboption

circuit ID 23-5

remote ID 23-5

remote ID suboption 23-5

DHCP server port-based address allocation

configuration guidelines 23-26

default configuration 23-26

described 23-25

displaying 23-29

enabling 23-26

reserved addresses 23-27

DHCP server port-based address assignment

support for 1-6

DHCP snooping

accepting untrusted packets form edge switch 23-3, 23-12

and private VLANs 23-13

binding database

See DHCP snooping binding database

configuration guidelines 23-9

default configuration 23-8

displaying binding tables 23-15

message exchange process 23-4

option 82 data insertion 23-3

trusted interface 23-2

untrusted interface 23-2

untrusted messages 23-2

DHCP snooping binding database

adding bindings 23-14

binding file

format 23-7

location 23-6

bindings 23-6

clearing agent statistics 23-15

configuration guidelines 23-9

configuring 23-14

default configuration 23-8, 23-9

deleting

binding file 23-15

bindings 23-15

database agent 23-15

described 23-6

displaying 23-15

binding entries 23-15

status and statistics 23-15

enabling 23-14

entry 23-6

renewing database 23-15

resetting

delay value 23-15

timeout value 23-15

DHCP snooping binding table

See DHCP snooping binding database

DHCPv6

configuration guidelines 40-17

default configuration 40-17

described 40-6

enabling client function 40-19

enabling DHCPv6 server function 40-17

support for 1-15

Differentiated Services architecture, QoS 36-2

Differentiated Services Code Point 36-2

Diffusing Update Algorithm (DUAL) 39-35

directed unicast requests 1-6

directories

changing 52-4

creating and removing 52-4

displaying the working 52-4

discovery, clusters

See automatic discovery

Distance Vector Multicast Routing Protocol

See DVMRP

distance-vector protocols 39-3

distribute-list command 39-102

DNS

and DHCP-based autoconfiguration 3-8

default configuration 7-10

displaying the configuration 7-11

in IPv6 40-4

overview 7-9

setting up 7-10

support for 1-6

DNS-based SSM mapping 47-19, 47-21

domain names

DNS 7-9

VTP 15-9

Domain Name System

See DNS

domains, ISO IGRP routing 39-65

dot1q-tunnel switchport mode 14-17

double-tagged packets

IEEE 802.1Q tunneling 18-2

Layer 2 protocol tunneling 18-10

downloadable ACL 10-20, 10-22, 10-72

downloading

configuration files

preparing 52-10, 52-13, 52-16

reasons for 52-8

using FTP 52-13

using RCP 52-17

using TFTP 52-11

image files

deleting old image 52-28

preparing 52-26, 52-30, 52-35

reasons for 52-24

using CMS 1-2

using FTP 52-31

using HTTP 1-2, 52-24

using RCP 52-36

using TFTP 52-27

using the device manager or Network Assistant 52-24

drop threshold for Layer 2 protocol packets 18-11

DRP

configuring 40-15

described 40-5

IPv6 40-5

support for 1-16

DSCP 1-14, 36-2

DSCP input queue threshold map for QoS 36-17

DSCP output queue threshold map for QoS 36-19

DSCP-to-CoS map for QoS 36-72

DSCP-to-DSCP-mutation map for QoS 36-73

DSCP transparency 36-47

DTP 1-9, 14-16

dual-action detection 37-6

DUAL finite state machine, EIGRP 39-36

dual IPv4 and IPv6 templates 8-2, 40-6

dual protocol stacks

IPv4 and IPv6 40-6

SDM templates supporting 40-6

DVMRP

autosummarization

configuring a summary address 47-58

disabling 47-60

connecting PIM domain to DVMRP router 47-51

enabling unicast routing 47-54

interoperability

with Cisco devices 47-49

with Cisco IOS software 47-9

mrinfo requests, responding to 47-53

neighbors

advertising the default route to 47-53

discovery with Probe messages 47-49

displaying information 47-53

prevent peering with nonpruning 47-56

rejecting nonpruning 47-55

overview 47-9

routes

adding a metric offset 47-60

advertising all 47-60

advertising the default route to neighbors 47-53

caching DVMRP routes learned in report messages 47-54

changing the threshold for syslog messages 47-57

deleting 47-62

displaying 47-62

favoring one over another 47-60

limiting the number injected into MBONE 47-57

limiting unicast route advertisements 47-49

routing table 47-9

source distribution tree, building 47-9

support for 1-15

tunnels

configuring 47-51

displaying neighbor information 47-53

dynamic access ports

characteristics 14-4

configuring 14-29

defined 13-3

dynamic addresses

See addresses

dynamic ARP inspection

ARP cache poisoning 24-1

ARP requests, described 24-1

ARP spoofing attack 24-1

clearing

log buffer 24-16

statistics 24-16

configuration guidelines 24-6

configuring

ACLs for non-DHCP environments 24-9

in DHCP environments 24-7

log buffer 24-13

rate limit for incoming ARP packets 24-4, 24-11

default configuration 24-5

denial-of-service attacks, preventing 24-11

described 24-1

DHCP snooping binding database 24-2

displaying

ARP ACLs 24-15

configuration and operating state 24-15

log buffer 24-16

statistics 24-16

trust state and rate limit 24-15

error-disabled state for exceeding rate limit 24-4

function of 24-2

interface trust states 24-3

log buffer

clearing 24-16

configuring 24-13

displaying 24-16

logging of dropped packets, described 24-5

man-in-the middle attack, described 24-2

network security issues and interface trust states 24-3

priority of ARP ACLs and DHCP snooping entries 24-4

rate limiting of ARP packets

configuring 24-11

described 24-4

error-disabled state 24-4

statistics

clearing 24-16

displaying 24-16

validation checks, performing 24-13

dynamic auto trunking mode 14-17

dynamic desirable trunking mode 14-17

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described 14-27

reconfirming 14-30

troubleshooting 14-32

types of connections 14-29

dynamic routing 39-3

ISO CLNS 39-65

Dynamic Trunking Protocol

See DTP

E

EAC 12-2

EBGP 39-44

editing features

enabling and disabling 2-6

keystrokes used 2-7

wrapped lines 2-8

EEM 3.2 34-5

EIGRP

authentication 39-41

components 39-36

configuring 39-39

default configuration 39-37

definition 39-35

interface parameters, configuring 39-40

monitoring 39-43

stub routing 39-42

elections

See stack master

ELIN location 28-3

embedded event manager

3.2 34-5

actions 34-4

configuring 34-1, 34-6

displaying information 34-8

environmental variables 34-5

event detectors 34-3

policies 34-4

registering and defining an applet 34-6

registering and defining a TCL script 34-7

understanding 34-1

enable password 9-3

enable secret password 9-3

Enable the FIPS mode 3-25

encryption, CipherSuite 9-52

encryption for passwords 9-3

Endpoint Admission Control (EAC) 12-2

Enhanced IGRP

See EIGRP

enhanced object tracking

backup static routing 45-12

commands 45-1

defined 45-1

DHCP primary interface 45-10

HSRP 45-7

IP routing state 45-2

IP SLAs 45-9

line-protocol state 45-2

network monitoring with IP SLAs 45-11

routing policy, configuring 45-12

static route primary interface 45-10

tracked lists 45-3

enhanced object tracking static routing 45-10

environmental variables, embedded event manager 34-5

environment variables, function of 3-23

equal-cost routing 1-15, 39-91

error-disabled state, BPDU 22-2

error messages during command entry 2-4

EtherChannel

automatic creation of 37-5, 37-7

channel groups

binding physical and logical interfaces 37-4

numbering of 37-4

configuration guidelines 37-12

configuring

Layer 2 interfaces 37-13

Layer 3 physical interfaces 37-16

Layer 3 port-channel logical interfaces 37-15

default configuration 37-11

described 37-2

displaying status 37-23

forwarding methods 37-8, 37-18

IEEE 802.3ad, described 37-7

interaction

with STP 37-12

with VLANs 37-12

LACP

described 37-7

displaying status 37-23

hot-standby ports 37-20

interaction with other features 37-8

modes 37-7

port priority 37-22

system priority 37-21

Layer 3 interface 39-5

load balancing 37-8, 37-18

logical interfaces, described 37-4

PAgP

aggregate-port learners 37-19

compatibility with Catalyst 1900 37-19

described 37-5

displaying status 37-23

interaction with other features 37-7

interaction with virtual switches 37-6

learn method and priority configuration 37-19

modes 37-6

support for 1-4

with dual-action detection 37-6

port-channel interfaces

described 37-4

numbering of 37-4

port groups 13-6

stack changes, effects of 37-10

support for 1-4

EtherChannel guard

described 22-10

disabling 22-17

enabling 22-17

Ethernet VLANs

adding 14-8

defaults and ranges 14-8

modifying 14-8

EUI 40-4

event detectors, embedded event manager 34-3

events, RMON 31-4

examples

network configuration 1-21

expedite queue for QoS 36-86

Express Setup 1-2

See also getting started guide

extended crashinfo file 50-24

extended-range VLANs

configuration guidelines 14-11

configuring 14-11

creating 14-12

creating with an internal VLAN ID 14-14

defined 14-1

extended system ID

MSTP 20-18

STP 19-4, 19-16

extended universal identifier

See EUI

Extensible Authentication Protocol over LAN 10-1

external BGP

See EBGP

external neighbors, BGP 39-48

F

fa0 interface 1-7

failover support 1-8

fallback bridging

and protected ports 49-4

bridge groups

creating 49-4

described 49-2

displaying 49-10

function of 49-2

number supported 49-4

removing 49-5

bridge table

clearing 49-10

displaying 49-10

configuration guidelines 49-4

connecting interfaces with 13-10

default configuration 49-3

described 49-1

frame forwarding

flooding packets 49-2

forwarding packets 49-2

overview 49-1

protocol, unsupported 49-4

stack changes, effects of 49-3

STP

disabling on an interface 49-9

forward-delay interval 49-8

hello BPDU interval 49-8

interface priority 49-6

maximum-idle interval 49-9

path cost 49-7

VLAN-bridge spanning-tree priority 49-6

VLAN-bridge STP 49-2

support for 1-15

SVIs and routed ports 49-1

unsupported protocols 49-4

VLAN-bridge STP 19-12

Fast Convergence 21-3

Fast Uplink Transition Protocol 22-6

features, incompatible 26-12

FIB 39-90

fiber-optic, detecting unidirectional links 29-1

files

basic crashinfo

description 50-24

location 50-24

copying 52-5

crashinfo, description 50-24

deleting 52-5

displaying the contents of 52-8

extended crashinfo

description 50-25

location 50-25

tar

creating 52-6

displaying the contents of 52-7

extracting 52-7

image file format 52-25

file system

displaying available file systems 52-2

displaying file information 52-3

local file system names 52-1

network file system names 52-5

setting the default 52-3

filtering

in a VLAN 35-30

IPv6 traffic 41-4, 41-7

non-IP traffic 35-28

show and more command output 2-9

filtering show and more command output 2-9

filters, IP

See ACLs, IP

flash device, number of 52-1

flexible authentication ordering

configuring 10-74

overview 10-31

Flex Link Multicast Fast Convergence 21-3

Flex Links

configuration guidelines 21-8

configuring 21-9

configuring preferred VLAN 21-12

configuring VLAN load balancing 21-11

default configuration 21-8

description 21-1

link load balancing 21-2

monitoring 21-14

VLANs 21-2

flooded traffic, blocking 26-8

flow-based packet classification 1-14

flowcharts

QoS classification 36-7

QoS egress queueing and scheduling 36-18

QoS ingress queueing and scheduling 36-16

QoS policing and marking 36-11

flowcontrol

configuring 13-20

described 13-20

forward-delay time

MSTP 20-23

STP 19-23

Forwarding Information Base

See FIB

forwarding nonroutable protocols 49-1

FTP

configuration files

downloading 52-13

overview 52-12

preparing the server 52-13

uploading 52-15

image files

deleting old image 52-33

downloading 52-31

preparing the server 52-30

uploading 52-33

G

general query 21-5

Generating IGMP Reports 21-3

get-bulk-request operation 33-3

get-next-request operation 33-3, 33-4

get-request operation 33-3, 33-4

get-response operation 33-3

Gigabit modules

See SFPs

global configuration mode 2-2

global leave, IGMP 25-13

guest VLAN and 802.1x 10-22

guide mode 1-2

GUIs

See device manager and Network Assistant

H

hardware limitations and Layer 3 interfaces 13-26

hello time

MSTP 20-23

STP 19-22

help, for the command line 2-3

HFTM space 50-25

hierarchical policy maps 36-9

configuration guidelines 36-40

configuring 36-59

described 36-12

history

changing the buffer size 2-5

described 2-5

disabling 2-6

recalling commands 2-6

history table, level and number of syslog messages 32-10

host names, in clusters 6-13

host ports

configuring 17-12

kinds of 17-2

hosts, limit on dynamic ports 14-32

Hot Standby Router Protocol

See HSRP

HP OpenView 1-6

HQATM space 50-25

HSRP

authentication string 43-10

automatic cluster recovery 6-12

binding to cluster group 43-12

cluster standby group considerations 6-11

command-switch redundancy 1-1, 1-8

configuring 43-5

default configuration 43-5

definition 43-1

guidelines 43-6

monitoring 43-13

object tracking 45-7

overview 43-1

priority 43-8

routing redundancy 1-15

support for ICMP redirect messages 43-12

switch stack considerations 43-5

timers 43-10

tracking 43-8

See also clusters, cluster standby group, and standby command switch

HSRP for IPv6

configuring 40-28

guidelines 40-27

HTTP over SSL

see HTTPS

HTTPS 9-50

configuring 9-54

self-signed certificate 9-51

HTTP secure server 9-50

Hulc Forwarding TCAM Manager

See HFTM space

Hulc QoS/ACL TCAM Manager

See HQATM space

I

IBPG 39-44

ICMP

IPv6 40-4

redirect messages 39-12

support for 1-15

time-exceeded messages 50-18

traceroute and 50-18

unreachable messages 35-21

unreachable messages and IPv6 41-4

unreachables and ACLs 35-22

ICMP Echo operation

configuring 44-12

IP SLAs 44-12

ICMP ping

executing 50-15

overview 50-14

ICMP Router Discovery Protocol

See IRDP

ICMPv6 40-4

IDS appliances

and ingress RSPAN 30-20

and ingress SPAN 30-14

IEEE 802.1D

See STP

IEEE 802.1p 16-1

IEEE 802.1Q

and trunk ports 13-3

configuration limitations 14-18

encapsulation 14-15

native VLAN for untagged traffic 14-22

tunneling

compatibility with other features 18-5

defaults 18-4

described 18-1

tunnel ports with other features 18-6

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3af

See PoE

IEEE 802.3x flow control 13-20

ifIndex values, SNMP 33-5

IFS 1-7

IGMP

configurable leave timer

described 25-6

enabling 25-11

configuring the switch

as a member of a group 47-39

statically connected member 47-43

controlling access to groups 47-40

default configuration 47-39

deleting cache entries 47-62

displaying groups 47-62

fast switching 47-44

flooded multicast traffic

controlling the length of time 25-12

disabling on an interface 25-13

global leave 25-13

query solicitation 25-13

recovering from flood mode 25-13

host-query interval, modifying 47-41

joining multicast group 25-3

join messages 25-3

leave processing, enabling 25-11, 42-9

leaving multicast group 25-5

multicast reachability 47-39

overview 47-3

queries 25-4

report suppression

described 25-6

disabling 25-16, 42-11

supported versions 25-3

support for 1-5

Version 1

changing to Version 2 47-41

described 47-3

Version 2

changing to Version 1 47-41

described 47-3

maximum query response time value 47-43

pruning groups 47-43

query timeout value 47-42

IGMP filtering

configuring 25-25

default configuration 25-25

described 25-24

monitoring 25-29

support for 1-5

IGMP groups

configuring filtering 25-28

setting the maximum number 25-27

IGMP helper 1-5, 47-6

IGMP Immediate Leave

configuration guidelines 25-11

described 25-5

enabling 25-11

IGMP profile

applying 25-26

configuration mode 25-25

configuring 25-26

IGMP snooping

and address aliasing 25-2

and stack changes 25-6

configuring 25-7

default configuration 25-7, 42-6

definition 25-2

enabling and disabling 25-7, 42-7

global configuration 25-7

Immediate Leave 25-5

in the switch stack 25-6

method 25-8

monitoring 25-16, 42-12

querier

configuration guidelines 25-14

configuring 25-14

supported versions 25-3

support for 1-5

VLAN configuration 25-8

IGMP throttling

configuring 25-28

default configuration 25-25

described 25-24

displaying action 25-29

IGP 39-25

Immediate Leave, IGMP 25-5

enabling 42-9

inaccessible authentication bypass 10-24

support for multiauth ports 10-25

initial configuration

defaults 1-18

Express Setup 1-2

interface

number 13-11

range macros 13-14

interface command 13-11 to 13-12

interface configuration mode 2-2

interfaces

auto-MDIX, configuring 13-21

configuration guidelines

10-Gigabit Ethernet 13-17

duplex and speed 13-18

configuring

procedure 13-12

counters, clearing 13-32

default configuration 13-16

described 13-25

descriptive name, adding 13-25

displaying information about 13-31

flow control 13-20

management 1-5

monitoring 13-31

naming 13-25

physical, identifying 13-11

range of 13-13

restarting 13-33

shutting down 13-33

speed and duplex, configuring 13-19

status 13-31

supported 13-11

types of 13-1

interfaces range macro command 13-14

interface types 13-11

Interior Gateway Protocol

See IGP

internal BGP

See IBGP

internal neighbors, BGP 39-48

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

Internet Protocol version 6

See IPv6

Inter-Switch Link

See ISL

inter-VLAN routing 1-15, 39-2

Intrusion Detection System

See IDS appliances

inventory management TLV 28-3, 28-7

IP ACLs

for QoS classification 36-8

implicit deny 35-10, 35-15

implicit masks 35-10

named 35-15

undefined 35-22

IP addresses

128-bit 40-2

candidate or member 6-4, 6-13

classes of 39-7

cluster access 6-2

command switch 6-3, 6-11, 6-13

default configuration 39-6

discovering 7-25

for IP routing 39-5

IPv6 40-2

MAC address association 39-9

monitoring 39-18

redundant clusters 6-11

standby command switch 6-11, 6-13

See also IP information

IP base image 1-1

IP broadcast address 39-16

ip cef distributed command 39-90

IP directed broadcasts 39-14

ip igmp profile command 25-25

IP information

assigned

manually 3-15

through DHCP-based autoconfiguration 3-3

default configuration 3-3

IP multicast routing

addresses

all-hosts 47-3

all-multicast-routers 47-3

host group address range 47-3

administratively-scoped boundaries, described 47-47

and IGMP snooping 25-2

Auto-RP

adding to an existing sparse-mode cloud 47-27

benefits of 47-26

clearing the cache 47-62

configuration guidelines 47-12

filtering incoming RP announcement messages 47-29

overview 47-6

preventing candidate RP spoofing 47-29

preventing join messages to false RPs 47-28

setting up in a new internetwork 47-26

using with BSR 47-34

bootstrap router

configuration guidelines 47-12

configuring candidate BSRs 47-32

configuring candidate RPs 47-33

defining the IP multicast boundary 47-31

defining the PIM domain border 47-30

overview 47-7

using with Auto-RP 47-34

Cisco implementation 47-2

configuring

basic multicast routing 47-12

IP multicast boundary 47-47

default configuration 47-11

enabling

multicast forwarding 47-13

PIM mode 47-13

group-to-RP mappings

Auto-RP 47-6

BSR 47-7

MBONE

deleting sdr cache entries 47-62

described 47-45

displaying sdr cache 47-63

enabling sdr listener support 47-46

limiting DVMRP routes advertised 47-57

limiting sdr cache entry lifetime 47-46

SAP packets for conference session announcement 47-46

Session Directory (sdr) tool, described 47-45

monitoring

packet rate loss 47-63

peering devices 47-63

tracing a path 47-63

multicast forwarding, described 47-8

PIMv1 and PIMv2 interoperability 47-11

protocol interaction 47-2

reverse path check (RPF) 47-8

routing table

deleting 47-62

displaying 47-62

RP

assigning manually 47-25

configuring Auto-RP 47-26

configuring PIMv2 BSR 47-30

monitoring mapping information 47-34

using Auto-RP and BSR 47-34

stacking

stack master functions 47-10

stack member functions 47-10

statistics, displaying system and network 47-62

See also CGMP

See also DVMRP

See also IGMP

See also PIM

IP phones

and QoS 16-1

automatic classification and queueing 36-21

configuring 16-4

ensuring port security with QoS 36-45

trusted boundary for QoS 36-45

IP Port Security for Static Hosts

on a Layer 2 access port 23-20

on a PVLAN host port 23-23

IP precedence 36-2

IP-precedence-to-DSCP map for QoS 36-70

IP protocols

in ACLs 35-12

routing 1-15

IP routes, monitoring 39-105

IP routing

connecting interfaces with 13-10

disabling 39-19

enabling 39-19

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 44-1

IP services image 1-1

IP SLAs

benefits 44-2

configuration guidelines 44-6

configuring object tracking 45-9

Control Protocol 44-4

default configuration 44-6

definition 44-1

ICMP echo operation 44-12

measuring network performance 44-3

monitoring 44-14

multioperations scheduling 44-5

object tracking 45-9

operation 44-3

reachability tracking 45-9

responder

described 44-4

enabling 44-8

response time 44-4

scheduling 44-5

SNMP support 44-2

supported metrics 44-2

threshold monitoring 44-6

track object monitoring agent, configuring 45-11

track state 45-9

UDP jitter operation 44-9

IP source guard

and 802.1x 23-18

and DHCP snooping 23-15

and port security 23-18

and private VLANs 23-18

and routed ports 23-18

and TCAM entries 23-18

and trunk interfaces 23-18

and VRF 23-18

binding configuration

automatic 23-16

manual 23-16

binding table 23-16

configuration guidelines 23-18

default configuration 23-17

described 23-15

disabling 23-19

displaying

active IP or MAC bindings 23-25

bindings 23-25

configuration 23-25

enabling 23-19, 23-20

filtering

source IP address 23-16

source IP and MAC address 23-16

on provisioned switches 23-18

source IP address filtering 23-16

source IP and MAC address filtering 23-16

static bindings

adding 23-19, 23-20

deleting 23-19

static hosts 23-20

IP traceroute

executing 50-18

overview 50-17

IP unicast routing

address resolution 39-9

administrative distances 39-92, 39-103

ARP 39-9

assigning IP addresses to Layer 3 interfaces 39-7

authentication keys 39-103

broadcast

address 39-16

flooding 39-17

packets 39-14

storms 39-14

classless routing 39-8

configuring static routes 39-92

default

addressing configuration 39-6

gateways 39-12

networks 39-93

routes 39-93

routing 39-3

directed broadcasts 39-14

disabling 39-19

dynamic routing 39-3

enabling 39-19

EtherChannel Layer 3 interface 39-5

IGP 39-25

inter-VLAN 39-2

IP addressing

classes 39-7

configuring 39-5

IPv6 40-3

IRDP 39-13

Layer 3 interfaces 39-5

MAC address and IP address 39-9

passive interfaces 39-101

protocols

distance-vector 39-3

dynamic 39-3

link-state 39-3

proxy ARP 39-9

redistribution 39-94

reverse address resolution 39-9

routed ports 39-5

static routing 39-3

steps to configure 39-5

subnet mask 39-7

subnet zero 39-7

supernet 39-8

UDP 39-16

with SVIs 39-5

See also BGP

See also EIGRP

See also OSPF

See also RIP

IPv4 ACLs

applying to interfaces 35-20

extended, creating 35-11

named 35-15

standard, creating 35-10

IPv4 and IPv6

dual protocol stacks 40-5

IPv6

ACLs

displaying 41-8

limitations 41-3

matching criteria 41-3

port 41-1

precedence 41-2

router 41-1

supported 41-2

addresses 40-2

address formats 40-2

and switch stacks 40-11

applications 40-5

assigning address 40-12

autoconfiguration 40-5

CEFv6 40-21

configuring static routes 40-22

default configuration 40-12

default router preference (DRP) 40-5

defined 40-1

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 40-8

EIGRP IPv6 Commands 40-9

Router ID 40-8

feature limitations 40-10

features not supported 40-10

forwarding 40-12

ICMP 40-4

monitoring 40-30

neighbor discovery 40-4

OSPF 40-7

path MTU discovery 40-4

SDM templates 8-2, 41-1, 42-1

stack master functions 40-11

Stateless Autoconfiguration 40-5

supported features 40-3

switch limitations 40-10

understanding static routes 40-7

IPv6 traffic, filtering 41-4

IRDP

configuring 39-13

definition 39-13

support for 1-15

IS-IS

addresses 39-65

area routing 39-65

default configuration 39-66

monitoring 39-74

show commands 39-74

system routing 39-65

ISL

and IPv6 40-3

and trunk ports 13-3

encapsulation 1-9, 14-15

trunking with IEEE 802.1 tunneling 18-4

ISO CLNS

clear commands 39-74

dynamic routing protocols 39-65

monitoring 39-74

NETs 39-65

NSAPs 39-65

OSI standard 39-65

ISO IGRP

area routing 39-65

system routing 39-65

isolated port 17-2

isolated VLANs 17-2, 17-3

J

join messages, IGMP 25-3

K

KDC

described 9-41

See also Kerberos

Kerberos

authenticating to

boundary switch 9-43

KDC 9-43

network services 9-44

configuration examples 9-40

configuring 9-44

credentials 9-41

cryptographic software image 9-40

described 9-41

KDC 9-41

operation 9-43

realm 9-42

server 9-42

support for 1-12

switch as trusted third party 9-40

terms 9-41

TGT 9-42

tickets 9-41

key distribution center

See KDC

L

l2protocol-tunnel command 18-12

LACP

Layer 2 protocol tunneling 18-9

See EtherChannel

Layer 2 frames, classification with CoS 36-2

Layer 2 interfaces, default configuration 13-16

Layer 2 protocol tunneling

configuring 18-9

configuring for EtherChannels 18-14

default configuration 18-11

defined 18-8

guidelines 18-11

Layer 2 traceroute

and ARP 50-17

and CDP 50-16

broadcast traffic 50-16

described 50-16

IP addresses and subnets 50-17

MAC addresses and VLANs 50-16

multicast traffic 50-16

multiple devices on a port 50-17

unicast traffic 50-16

usage guidelines 50-16

Layer 3 features 1-15

Layer 3 interfaces

assigning IP addresses to 39-7

assigning IPv4 and IPv6 addresses to 40-16

assigning IPv6 addresses to 40-13

changing from Layer 2 mode 39-7, 39-82

types of 39-5

Layer 3 packets, classification methods 36-2

LDAP 4-2

Leaking IGMP Reports 21-4

LEDs, switch

See hardware installation guide

lightweight directory access protocol

See LDAP

line configuration mode 2-2

Link Aggregation Control Protocol

See EtherChannel

link failure, detecting unidirectional 20-7

Link Layer Discovery Protocol

See CDP

link local unicast addresses 40-4

link redundancy

See Flex Links

links, unidirectional 29-1

link state advertisements (LSAs) 39-31

link-state protocols 39-3

link-state tracking

configuring 37-25

described 37-23

LLDP

configuring 28-4

characteristics 28-6

default configuration 28-4

enabling 28-5

monitoring and maintaining 28-11

overview 28-1

supported TLVs 28-2

switch stack considerations 28-2

transmission timer and holdtime, setting 28-6

LLDP-MED

configuring

procedures 28-4

TLVs 28-7

monitoring and maintaining 28-11

overview 28-1, 28-2

supported TLVs 28-2

LLDP Media Endpoint Discovery

See LLDP-MED

load balancing 43-4

local SPAN 30-2

location TLV 28-3, 28-7

logging messages, ACL 35-9

login authentication

with RADIUS 9-30

with TACACS+ 9-14

login banners 7-11

log messages

See system message logging

Long-Reach Ethernet (LRE) technology 1-23, 1-29

loop guard

described 22-11

enabling 22-18

support for 1-9

LRE profiles, considerations in switch clusters 6-16

M

MAB

See MAC authentication bypass

MAB aging timer 1-10

MAB inactivity timer

default setting 10-38

range 10-40

MAC/PHY configuration status TLV 28-2

MAC addresses

aging time 7-15

and VLAN association 7-14

building the address table 7-14

default configuration 7-15

disabling learning on a VLAN 7-24

discovering 7-25

displaying 7-25

displaying in the IP source binding table 23-25

dynamic

learning 7-14

removing 7-16

in ACLs 35-28

IP address association 39-9

static

adding 7-22

allowing 7-23, 7-24

characteristics of 7-21

dropping 7-23

removing 7-22

MAC address learning 1-6

MAC address learning, disabling on a VLAN 7-24

MAC address notification, support for 1-16

MAC address-table move update

configuration guidelines 21-8

configuring 21-12

default configuration 21-8

description 21-6

monitoring 21-14

MAC address-to-VLAN mapping 14-27

MAC authentication bypass 10-40

configuring 10-67

overview 10-17

See MAB

MAC extended access lists

applying to Layer 2 interfaces 35-29

configuring for QoS 36-52

creating 35-28

defined 35-28

for QoS classification 36-5

MACSec 12-2

magic packet 10-27

manageability features 1-6

management access

in-band

browser session 1-7

CLI session 1-7

device manager 1-7

SNMP 1-7

out-of-band console port connection 1-7

management address TLV 28-2

management options

CLI 2-1

clustering 1-3

CNS 4-1

Network Assistant 1-2

overview 1-5

management VLAN

considerations in switch clusters 6-7

discovery through different management VLANs 6-7

mapping tables for QoS

configuring

CoS-to-DSCP 36-69

DSCP 36-69

DSCP-to-CoS 36-72

DSCP-to-DSCP-mutation 36-73

IP-precedence-to-DSCP 36-70

policed-DSCP 36-71

described 36-13

marking

action with aggregate policers 36-67

described 36-4, 36-9

matching

IPv6 ACLs 41-3

matching, IPv4 ACLs 35-8

maximum aging time

MSTP 20-24

STP 19-23

maximum hop count, MSTP 20-24

maximum number of allowed devices, port-based authentication 10-40

maximum-paths command 39-52, 39-91

MDA

configuration guidelines 10-13 to 10-14

described 1-11, 10-13

exceptions with authentication process 10-5

membership mode, VLAN port 14-3

member switch

automatic discovery 6-5

defined 6-2

managing 6-16

passwords 6-13

recovering from lost connectivity 50-12

requirements 6-4

See also candidate switch, cluster standby group, and standby command switch

memory consistency check errors

example 50-25

memory consistency check routines 1-5, 50-25

memory consistency integrity 1-5, 50-25

messages, to users through banners 7-11

metrics, in BGP 39-52

metric translations, between routing protocols 39-97

metro tags 18-2

MHSRP 43-4

MIBs

overview 33-1

SNMP interaction with 33-4

mini-point-of-presence

See POP

mirroring traffic for analysis 30-1

mismatches, autonegotiation 50-12

module number 13-11

monitoring

access groups 35-44

BGP 39-64

cables for unidirectional links 29-1

CDP 27-5

CEF 39-90

EIGRP 39-43

fallback bridging 49-10

features 1-16

Flex Links 21-14

HSRP 43-13

IEEE 802.1Q tunneling 18-17

IGMP

filters 25-29

snooping 25-16, 42-12

interfaces 13-31

IP

address tables 39-18

multicast routing 47-61

routes 39-105

IP SLAs operations 44-14

IPv4 ACL configuration 35-44

IPv6 40-30

IPv6 ACL configuration 41-8

IS-IS 39-74

ISO CLNS 39-74

Layer 2 protocol tunneling 18-17

MAC address-table move update 21-14

MSDP peers 48-18

multicast router interfaces 25-17, 42-12

multi-VRF CE 39-89

MVR 25-23

network traffic for analysis with probe 30-2

object tracking 45-13

OSPF 39-35

port

blocking 26-21

protection 26-21

private VLANs 17-15

RP mapping information 47-34

SFP status 13-32, 50-14

source-active messages 48-18

speed and duplex mode 13-19

SSM mapping 47-22

traffic flowing among switches 31-1

traffic suppression 26-21

tunneling 18-17

VLAN

filters 35-44

maps 35-44

VLANs 14-15

VMPS 14-31

VTP 15-17

mrouter Port 21-3

mrouter port 21-5

MSDP

benefits of 48-3

clearing MSDP connections and statistics 48-18

controlling source information

forwarded by switch 48-11

originated by switch 48-8

received by switch 48-13

default configuration 48-4

dense-mode regions

sending SA messages to 48-16

specifying the originating address 48-17

filtering

incoming SA messages 48-14

SA messages to a peer 48-12

SA requests from a peer 48-10

join latency, defined 48-6

meshed groups

configuring 48-15

defined 48-15

originating address, changing 48-17

overview 48-1

peer-RPF flooding 48-2

peers

configuring a default 48-4

monitoring 48-18

peering relationship, overview 48-1

requesting source information from 48-8

shutting down 48-15

source-active messages

caching 48-6

clearing cache entries 48-18

defined 48-2

filtering from a peer 48-10

filtering incoming 48-14

filtering to a peer 48-12

limiting data with TTL 48-13

monitoring 48-18

restricting advertised sources 48-9

support for 1-15

MSTP

boundary ports

configuration guidelines 20-15

described 20-6

BPDU filtering

described 22-3

enabling 22-14

BPDU guard

described 22-2

enabling 22-13

CIST, described 20-3

CIST regional root 20-3

CIST root 20-5

configuration guidelines 20-15, 22-12

configuring

forward-delay time 20-23

hello time 20-23

link type for rapid convergence 20-25

maximum aging time 20-24

maximum hop count 20-24

MST region 20-16

neighbor type 20-25

path cost 20-21

port priority 20-19

root switch 20-17

secondary root switch 20-19

switch priority 20-22

CST

defined 20-3

operations between regions 20-4

default configuration 20-14

default optional feature configuration 22-12

displaying status 20-26

enabling the mode 20-16

EtherChannel guard

described 22-10

enabling 22-17

extended system ID

effects on root switch 20-18

effects on secondary root switch 20-19

unexpected behavior 20-18

IEEE 802.1s

implementation 20-6

port role naming change 20-6

terminology 20-5

instances supported 19-10

interface state, blocking to forwarding 22-2

interoperability and compatibility among modes 19-11

interoperability with IEEE 802.1D

described 20-8

restarting migration process 20-26

IST

defined 20-2

master 20-3

operations within a region 20-3

loop guard

described 22-11

enabling 22-18

mapping VLANs to MST instance 20-16

MST region

CIST 20-3

configuring 20-16

described 20-2

hop-count mechanism 20-5

IST 20-2

supported spanning-tree instances 20-2

optional features supported 1-8

overview 20-2

Port Fast

described 22-2

enabling 22-12

preventing root switch selection 22-10

root guard

described 22-10

enabling 22-18

root switch

configuring 20-18

effects of extended system ID 20-18

unexpected behavior 20-18

shutdown Port Fast-enabled port 22-2

stack changes, effects of 20-8

status, displaying 20-26

multiauth

support for inaccessible authentication bypass 10-25

multiauth mode

See multiple-authentication mode

multicast groups

Immediate Leave 25-5

joining 25-3

leaving 25-5

static joins 25-10, 42-8

multicast packets

ACLs on 35-42

blocking 26-8

multicast router interfaces, monitoring 25-17, 42-12

multicast router ports, adding 25-9, 42-8

Multicast Source Discovery Protocol

See MSDP

multicast storm 26-1

multicast storm-control command 26-4

multicast television application 25-18

multicast VLAN 25-17

Multicast VLAN Registration

See MVR

multidomain authentication

See MDA

multioperations scheduling, IP SLAs 44-5

multiple authentication 10-14

multiple authentication mode

configuring 10-47

Multiple HSRP

See MHSRP

multiple VPN routing/forwarding in customer edge devices

See multi-VRF CE

multi-VRF CE

configuration example 39-85

configuration guidelines 39-77

configuring 39-77

default configuration 39-77

defined 39-75

displaying 39-89

monitoring 39-89

network components 39-77

packet-forwarding process 39-76

support for 1-15

MVR

and address aliasing 25-20

and IGMPv3 25-21

configuration guidelines 25-20

configuring interfaces 25-22

default configuration 25-20

described 25-17

example application 25-18

in the switch stack 25-20

modes 25-21

monitoring 25-23

multicast television application 25-18

setting global parameters 25-21

support for 1-5

N

NAC

AAA down policy 1-12

critical authentication 10-24, 10-64

IEEE 802.1x authentication using a RADIUS server 10-69

IEEE 802.1x validation using RADIUS server 10-69

inaccessible authentication bypass 1-12, 10-64

Layer 2 IEEE 802.1x validation 1-12, 10-30, 10-69

Layer 2 IP validation 1-12

named IPv4 ACLs 35-15

NameSpace Mapper

See NSM

native VLAN

and IEEE 802.1Q tunneling 18-4

configuring 14-22

default 14-22

NDAC 12-2

NEAT

configuring 10-70

overview 10-32

neighbor discovery, IPv6 40-4

neighbor discovery/recovery, EIGRP 39-36

neighbors, BGP 39-59

Network Admission Control

NAC

Network Assistant

benefits 1-2

described 1-5

downloading image files 1-2

guide mode 1-2

management options 1-2

managing switch stacks 5-2, 5-16

upgrading a switch 52-24

wizards 1-2

network configuration examples

cost-effective wiring closet 1-23

high-performance wiring closet 1-23

increasing network performance 1-22

large network 1-28

long-distance, high-bandwidth transport 1-31

multidwelling network 1-29

providing network services 1-22

redundant Gigabit backbone 1-24

server aggregation and Linux server cluster 1-25

small to medium-sized network 1-26

network design

performance 1-22

services 1-22

Network Device Admission Control (NDAC) 12-2

Network Edge Access Topology

See NEAT

network management

CDP 27-1

RMON 31-1

SNMP 33-1

network performance, measuring with IP SLAs 44-3

network policy TLV 28-2, 28-7

Network Time Protocol

See NTP

no commands 2-4

nonhierarchical policy maps

configuration guidelines 36-40

described 36-10

non-IP traffic filtering 35-28

nontrunking mode 14-17

normal-range VLANs 14-5

configuration guidelines 14-6

configuring 14-5

defined 14-1

no switchport command 13-4

not-so-stubby areas

See NSSA

NSAPs, as ISO IGRP addresses 39-65

NSF Awareness

IS-IS 39-67

NSM 4-3

NSSA, OSPF 39-31

NTP

associations

defined 7-2

overview 7-2

stratum 7-2

support for 1-7

time

services 7-2

synchronizing 7-2

O

object tracking

HSRP 45-7

IP SLAs 45-9

IP SLAs, configuring 45-9

monitoring 45-13

offline configuration for switch stacks 5-7

off mode, VTP 15-3

online diagnostics

overview 51-1

running tests 51-3

understanding 51-1

open1x

configuring 10-75

open1x authentication

overview 10-31

Open Shortest Path First

See OSPF

optimizing system resources 8-1

options, management 1-5

OSPF

area parameters, configuring 39-31

configuring 39-29

default configuration

metrics 39-32

route 39-32

settings 39-26

described 39-25

for IPv6 40-7

interface parameters, configuring 39-30

LSA group pacing 39-34

monitoring 39-35

router IDs 39-34

route summarization 39-32

support for 1-15

virtual links 39-32

out-of-profile markdown 1-14

P

packet modification, with QoS 36-20

PAgP

Layer 2 protocol tunneling 18-9

See EtherChannel

parallel paths, in routing tables 39-91

passive interfaces

configuring 39-101

OSPF 39-33

passwords

default configuration 9-2

disabling recovery of 9-5

encrypting 9-3

for security 1-10

in clusters 6-13

overview 9-1

recovery of 50-3

setting

enable 9-3

enable secret 9-3

Telnet 9-6

with usernames 9-7

VTP domain 15-9

path cost

MSTP 20-21

STP 19-20

path MTU discovery 40-4

PBR

defined 39-97

enabling 39-99

fast-switched policy-based routing 39-100

local policy-based routing 39-100

PC (passive command switch) 6-10

peers, BGP 39-59

percentage thresholds in tracked lists 45-6

performance, network design 1-22

performance features 1-4

persistent self-signed certificate 9-51

per-user ACLs and Filter-Ids 10-8

per-VLAN spanning-tree plus

See PVST+

PE to CE routing, configuring 39-84

physical ports 13-2

PIM

default configuration 47-11

dense mode

overview 47-4

rendezvous point (RP), described 47-5

RPF lookups 47-8

displaying neighbors 47-63

enabling a mode 47-13

overview 47-4

router-query message interval, modifying 47-37

shared tree and source tree, overview 47-35

shortest path tree, delaying the use of 47-36

sparse mode

join messages and shared tree 47-5

overview 47-5

prune messages 47-5

RPF lookups 47-9

stub routing

configuration guidelines 47-23

displaying 47-62

enabling 47-23

overview 47-5

support for 1-15

versions

interoperability 47-11

troubleshooting interoperability problems 47-35

v2 improvements 47-4

PIM-DVMRP, as snooping method 25-8

ping

character output description 50-15

executing 50-15

overview 50-14

PoE

auto mode 13-9

CDP with power consumption, described 13-7

CDP with power negotiation, described 13-7

Cisco intelligent power management 13-7

configuring 13-22

devices supported 13-7

high-power devices operating in low-power mode 13-7

IEEE power classification levels 13-8

power budgeting 13-23

power consumption 13-23

powered-device detection and initial power allocation 13-8

power management modes 13-9

power negotiation extensions to CDP 13-7

standards supported 13-7

static mode 13-9

troubleshooting 50-13

policed-DSCP map for QoS 36-71

policers

configuring

for each matched traffic class 36-55

for more than one traffic class 36-67

described 36-4

displaying 36-87

number of 36-40

types of 36-10

policing

described 36-4

hierarchical

See hierarchical policy maps

token-bucket algorithm 36-10

policy-based routing

See PBR

policy maps for QoS

characteristics of 36-55

described 36-8

displaying 36-88

hierarchical 36-9

hierarchical on SVIs

configuration guidelines 36-40

configuring 36-59

described 36-12

nonhierarchical on physical ports

configuration guidelines 36-40

described 36-10

POP 1-29

port ACLs

defined 35-2

types of 35-3

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting 10-16

authentication server

defined 10-3, 11-2

RADIUS server 10-3

client, defined 10-3, 11-2

configuration guidelines 10-38, 11-9

configuring

802.1x authentication 10-44

guest VLAN 10-61

host mode 10-47

inaccessible authentication bypass 10-64

manual re-authentication of a client 10-50

periodic re-authentication 10-49

quiet period 10-50

RADIUS server 10-47, 11-13

RADIUS server parameters on the switch 10-45, 11-11

restricted VLAN 10-62

switch-to-client frame-retransmission number 10-51, 10-52

switch-to-client retransmission time 10-50

violation modes 10-43

default configuration 10-37, 11-9

described 10-1

device roles 10-3, 11-2

displaying statistics 10-77, 11-17

downloadable ACLs and redirect URLs

configuring 10-72 to 10-74, ?? to 10-74

overview 10-20 to 10-22

EAPOL-start frame 10-5

EAP-request/identity frame 10-5

EAP-response/identity frame 10-5

enabling

802.1X authentication 11-11

encapsulation 10-3

flexible authentication ordering

configuring 10-74

overview 10-31

guest VLAN

configuration guidelines 10-23, 10-24

described 10-22

host mode 10-12

inaccessible authentication bypass

configuring 10-64

described 10-24

guidelines 10-39

initiation and message exchange 10-5

magic packet 10-27

maximum number of allowed devices per port 10-40

method lists 10-44

multiple authentication 10-14

per-user ACLs

AAA authorization 10-44

configuration tasks 10-20

described 10-19

RADIUS server attributes 10-19

ports

authorization state and dot1x port-control command 10-11

authorized and unauthorized 10-10

voice VLAN 10-27

port security

described 10-27

readiness check

configuring 10-40

described 10-17, 10-40

resetting to default values 10-76

stack changes, effects of 10-11

statistics, displaying 10-77

switch

as proxy 10-3, 11-2

RADIUS client 10-3

switch supplicant

configuring 10-70

overview 10-32

upgrading from a previous release 36-34

user distribution

guidelines 10-30

overview 10-29

VLAN assignment

AAA authorization 10-44

characteristics 10-18

configuration tasks 10-18

described 10-17

voice aware 802.1x security

configuring 10-41

described 10-31, 10-41

voice VLAN

described 10-27

PVID 10-27

VVID 10-27

wake-on-LAN, described 10-27

with ACLs and RADIUS Filter-Id attribute 10-34

port-based authentication methods, supported 10-7

port blocking 1-5, 26-7

port-channel

See EtherChannel

port description TLV 28-2

Port Fast

described 22-2

enabling 22-12

mode, spanning tree 14-28

support for 1-8

port membership modes, VLAN 14-3

port priority

MSTP 20-19

STP 19-18

ports

10-Gigabit Ethernet module 13-6

access 13-3

blocking 26-7

dynamic access 14-4

IEEE 802.1Q tunnel 14-4

protected 26-6

routed 13-4

secure 26-9

static-access 14-3, 14-10

switch 13-2

trunks 14-3, 14-15

VLAN assignments 14-10

port security

aging 26-17

and private VLANs 26-18

and QoS trusted boundary 36-45

and stacking 26-18

configuring 26-13

default configuration 26-11

described 26-8

displaying 26-21

enabling 26-18

on trunk ports 26-14

sticky learning 26-9

violations 26-10

with other features 26-11

port-shutdown response, VMPS 14-27

port VLAN ID TLV 28-2

power management TLV 28-2, 28-7

Power over Ethernet

See PoE

preemption, default configuration 21-8

preemption delay, default configuration 21-8

preferential treatment of traffic

See QoS

prefix lists, BGP 39-56

preventing unauthorized access 9-1

primary interface for object tracking, DHCP, configuring 45-10

primary interface for static routing, configuring 45-10

primary links 21-2

primary VLANs 17-1, 17-3

priority

HSRP 43-8

overriding CoS 16-6

trusting CoS 16-6

private VLAN edge ports

See protected ports

private VLANs

across multiple switches 17-4

and SDM template 17-4

and SVIs 17-5

and switch stacks 17-6

benefits of 17-1

community ports 17-2

community VLANs 17-2, 17-3

configuration guidelines 17-7, 17-9

configuration tasks 17-6

configuring 17-10

default configuration 17-7

end station access to 17-3

IP addressing 17-3

isolated port 17-2

isolated VLANs 17-2, 17-3

mapping 17-14

monitoring 17-15

ports

community 17-2

configuration guidelines 17-9

configuring host ports 17-12

configuring promiscuous ports 17-13

described 14-4

isolated 17-2

promiscuous 17-2

primary VLANs 17-1, 17-3

promiscuous ports 17-2

secondary VLANs 17-2

subdomains 17-1

traffic in 17-5

privileged EXEC mode 2-2

privilege levels

changing the default for lines 9-9

command switch 6-17

exiting 9-10

logging into 9-10

mapping on member switches 6-17

overview 9-2, 9-8

setting a command with 9-8

promiscuous ports

configuring 17-13

defined 17-2

protected ports 1-10, 26-6

protocol-dependent modules, EIGRP 39-36

Protocol-Independent Multicast Protocol

See PIM

protocol storm protection 26-19

provider edge devices 39-75

provisioned switches and IP source guard 23-18

provisioning new members for a switch stack 5-7

proxy ARP

configuring 39-11

definition 39-9

with IP routing disabled 39-12

proxy reports 21-3

pruning, VTP

disabling

in VTP domain 15-15

on a port 14-22

enabling

in VTP domain 15-15

on a port 14-21

examples 15-6

overview 15-6

pruning-eligible list

changing 14-21

for VTP pruning 15-6

VLANs 15-15

PVST+

described 19-10

IEEE 802.1Q trunking interoperability 19-11

instances supported 19-10

Q

QoS

and MQC commands 36-1

auto-QoS

categorizing traffic 36-22

configuration and defaults display 36-36

configuration guidelines 36-33

described 36-21

disabling 36-36

displaying generated commands 36-36

displaying the initial configuration 36-36

effects on running configuration 36-33

list of generated commands 36-24, 36-28

basic model 36-4

classification

class maps, described 36-8

defined 36-4

DSCP transparency, described 36-47

flowchart 36-7

forwarding treatment 36-3

in frames and packets 36-3

IP ACLs, described 36-8

MAC ACLs, described 36-5, 36-8

options for IP traffic 36-6

options for non-IP traffic 36-5

policy maps, described 36-8

trust DSCP, described 36-5

trusted CoS, described 36-5

trust IP precedence, described 36-5

class maps

configuring 36-53

displaying 36-87

configuration guidelines

auto-QoS 36-33

standard QoS 36-39

configuring

aggregate policers 36-67

auto-QoS 36-21

default port CoS value 36-45

DSCP maps 36-69

DSCP transparency 36-47

DSCP trust states bordering another domain 36-47

egress queue characteristics 36-79

ingress queue characteristics 36-75

IP extended ACLs 36-51

IP standard ACLs 36-49

MAC ACLs 36-52

policy maps, hierarchical 36-59

port trust states within the domain 36-43

trusted boundary 36-45

default auto configuration 36-22

default standard configuration 36-37

displaying statistics 36-87

DSCP transparency 36-47

egress queues

allocating buffer space 36-80

buffer allocation scheme, described 36-18

configuring shaped weights for SRR 36-84

configuring shared weights for SRR 36-85

described 36-4

displaying the threshold map 36-83

flowchart 36-18

mapping DSCP or CoS values 36-82

scheduling, described 36-4

setting WTD thresholds 36-80

WTD, described 36-19

enabling globally 36-42

flowcharts

classification 36-7

egress queueing and scheduling 36-18

ingress queueing and scheduling 36-16

policing and marking 36-11

implicit deny 36-8

ingress queues

allocating bandwidth 36-77

allocating buffer space 36-77

buffer and bandwidth allocation, described 36-17

configuring shared weights for SRR 36-77

configuring the priority queue 36-78

described 36-4

displaying the threshold map 36-76

flowchart 36-16

mapping DSCP or CoS values 36-75

priority queue, described 36-17

scheduling, described 36-4

setting WTD thresholds 36-75

WTD, described 36-17

IP phones

automatic classification and queueing 36-21

detection and trusted settings 36-21, 36-45

limiting bandwidth on egress interface 36-86

mapping tables

CoS-to-DSCP 36-69

displaying 36-87

DSCP-to-CoS 36-72

DSCP-to-DSCP-mutation 36-73

IP-precedence-to-DSCP 36-70

policed-DSCP 36-71

types of 36-13

marked-down actions 36-57, 36-63

marking, described 36-4, 36-9

overview 36-2

packet modification 36-20

policers

configuring 36-57, 36-63, 36-67

described 36-9

displaying 36-87

number of 36-40

types of 36-10

policies, attaching to an interface 36-9

policing

described 36-4, 36-9

token bucket algorithm 36-10

policy maps

characteristics of 36-55

displaying 36-88

hierarchical 36-9

hierarchical on SVIs 36-59

nonhierarchical on physical ports 36-55

QoS label, defined 36-4

queues

configuring egress characteristics 36-79

configuring ingress characteristics 36-75

high priority (expedite) 36-20, 36-86

location of 36-14

SRR, described 36-15

WTD, described 36-14

rewrites 36-20

support for 1-13

trust states

bordering another domain 36-47

described 36-5

trusted device 36-45

within the domain 36-43

quality of service

See QoS

queries, IGMP 25-4

query solicitation, IGMP 25-13

R

RADIUS

attributes

vendor-proprietary 9-38

vendor-specific 9-36

configuring

accounting 9-35

authentication 9-30

authorization 9-34

communication, global 9-28, 9-36

communication, per-server 9-28

multiple UDP ports 9-28

default configuration 9-27

defining AAA server groups 9-32

displaying the configuration 9-40

identifying the server 9-28

in clusters 6-16

limiting the services to the user 9-34

method list, defined 9-27

operation of 9-20

overview 9-18

server load balancing 9-40

suggested network environments 9-19

support for 1-12

tracking services accessed by user 9-35

RADIUS Change of Authorization 9-20

range

macro 13-14

of interfaces 13-13

rapid convergence 20-10

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described 19-10

IEEE 802.1Q trunking interoperability 19-11

instances supported 19-10

Rapid Spanning Tree Protocol

See RSTP

RARP 39-9

rcommand command 6-16

RCP

configuration files

downloading 52-17

overview 52-16

preparing the server 52-16

uploading 52-18

image files

deleting old image 52-37

downloading 52-36

preparing the server 52-35

uploading 52-37

reachability, tracking IP SLAs IP host 45-9

readiness check

port-based authentication

configuring 10-40

described 10-17, 10-40

reconfirmation interval, VMPS, changing 14-30

reconfirming dynamic VLAN membership 14-30

recovery procedures 50-1

redirect URL 10-20, 10-21, 10-72

redundancy

EtherChannel 37-3

HSRP 43-1

STP

backbone 19-8

multidrop backbone 22-5

path cost 14-25

port priority 14-23

redundant links and UplinkFast 22-15

redundant power system

See Cisco Redundant Power System 2300

reliable transport protocol, EIGRP 39-36

reloading software 3-24

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN 30-3

report suppression, IGMP

described 25-6

disabling 25-16, 42-11

resequencing ACL entries 35-15

reserved addresses in DHCP pools 23-27

resets, in BGP 39-51

resetting a UDLD-shutdown interface 29-6

responder, IP SLAs

described 44-4

enabling 44-8

response time, measuring with IP SLAs 44-4

restricted VLAN

configuring 10-62

described 10-23

using with IEEE 802.1x 10-23

restricting access

overview 9-1

passwords and privilege levels 9-2

RADIUS 9-18

TACACS+ 9-10

retry count, VMPS, changing 14-31

reverse address resolution 39-9

Reverse Address Resolution Protocol

See RARP

RFC

1058, RIP 39-19

1112, IP multicast and IGMP 25-2

1157, SNMPv1 33-2

1163, BGP 39-44

1166, IP addresses 39-7

1253, OSPF 39-25

1267, BGP 39-44

1305, NTP 7-2

1587, NSSAs 39-25

1757, RMON 31-2

1771, BGP 39-44

1901, SNMPv2C 33-2

1902 to 1907, SNMPv2 33-2

2236, IP multicast and IGMP 25-2

2273-2275, SNMPv3 33-2

RFC 5176 Compliance 9-21

RIP

advertisements 39-20

authentication 39-22

configuring 39-21

default configuration 39-20

described 39-20

for IPv6 40-7

hop counts 39-20

split horizon 39-23

summary addresses 39-23

support for 1-15

RMON

default configuration 31-3

displaying status 31-6

enabling alarms and events 31-3

groups supported 31-2

overview 31-1

statistics

collecting group Ethernet 31-6

collecting group history 31-5

support for 1-17

root guard

described 22-10

enabling 22-18

support for 1-9

root switch

MSTP 20-17

STP 19-16

route calculation timers, OSPF 39-33

route dampening, BGP 39-63

routed packets, ACLs on 35-42

routed ports

configuring 39-5

defined 13-4

in switch clusters 6-8

IP addresses on 13-26, 39-5

route-map command 39-100

route maps

BGP 39-54

policy-based routing 39-98

router ACLs

defined 35-2

types of 35-4

route reflectors, BGP 39-62

router ID, OSPF 39-34

route selection, BGP 39-52

route summarization, OSPF 39-32

route targets, VPN 39-77

routing

default 39-3

dynamic 39-3

redistribution of information 39-94

static 39-3

routing domain confederation, BGP 39-61

Routing Information Protocol

See RIP

routing protocol administrative distances 39-92

RPS

See Cisco Redundant Power System 2300

RPS 2300

See Cisco Redundant Power System 2300

RSPAN

and stack changes 30-9

characteristics 30-8

configuration guidelines 30-16

default configuration 30-10

defined 30-3

destination ports 30-7

displaying status 30-23

in a switch stack 30-2

interaction with other features 30-8

monitored ports 30-6

monitoring ports 30-7

overview 1-17, 30-1

received traffic 30-5

session limits 30-10

sessions

creating 30-17

defined 30-3

limiting source traffic to specific VLANs 30-22

specifying monitored ports 30-17

with ingress traffic enabled 30-20

source ports 30-6

transmitted traffic 30-5

VLAN-based 30-6

RSTP

active topology 20-9

BPDU

format 20-12

processing 20-13

designated port, defined 20-9

designated switch, defined 20-9

interoperability with IEEE 802.1D

described 20-8

restarting migration process 20-26

topology changes 20-13

overview 20-9

port roles

described 20-9

synchronized 20-11

proposal-agreement handshake process 20-10

rapid convergence

cross-stack rapid convergence 20-11

described 20-10

edge ports and Port Fast 20-10

point-to-point links 20-10, 20-25

root ports 20-10

root port, defined 20-9

See also MSTP

running configuration

replacing 52-19, 52-20

rolling back 52-19, 52-21

running configuration, saving 3-16

S

SC (standby command switch) 6-10

scheduled reloads 3-24

scheduling, IP SLAs operations 44-5

SCP

and SSH 9-56

configuring 9-57

SDM

switch stack consideration 5-10

templates

configuring 8-6

number of 8-1

SDM mismatch mode 5-10, 8-4

SDM template 41-4

aggregator 8-1

configuration guidelines 8-5

configuring 8-4

desktop 8-1

dual IPv4 and IPv6 8-2

types of 8-1

secondary VLANs 17-2

Secure Copy Protocol

secure HTTP client

configuring 9-55

displaying 9-56

secure HTTP server

configuring 9-54

displaying 9-56

secure MAC addresses

and switch stacks 26-18

deleting 26-16

maximum number of 26-10

types of 26-9

secure ports

and switch stacks 26-18

configuring 26-9

secure remote connections 9-46

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port 26-8

Security Exchange Protocol (SXP) 12-2

security features 1-10

Security Group Access Control List (SGACL) 12-2

Security Group Tag (SGT) 12-2

See SCP

sequence numbers in log messages 32-8

server mode, VTP 15-3

service-provider network, MSTP and RSTP 20-1

service-provider networks

and customer VLANs 18-2

and IEEE 802.1Q tunneling 18-1

Layer 2 protocols across 18-8

Layer 2 protocol tunneling for EtherChannels 18-9

set-request operation 33-4

setup program

failed command switch replacement 50-11

replacing failed command switch 50-9

severity levels, defining in system messages 32-9

SFPs

monitoring status of 13-32, 50-14

numbering of 13-12

security and identification 50-13

status, displaying 50-14

SGACL 12-2

SGT 12-2

shaped round robin

See SRR

show access-lists hw-summary command 35-22

show and more command output, filtering 2-9

show cdp traffic command 27-5

show cluster members command 6-16

show configuration command 13-25

show forward command 50-22

show interfaces command 13-19, 13-25

show interfaces switchport 21-4

show l2protocol command 18-13, 18-15

show lldp traffic command 28-11

show platform forward command 50-22

show platform tcam command 50-25

show running-config command

displaying ACLs 35-20, 35-21, 35-32, 35-35

interface description in 13-25

shutdown command on interfaces 13-33

shutdown threshold for Layer 2 protocol packets 18-11

Simple Network Management Protocol

See SNMP

small form-factor pluggable modules

See SFPs

small-frame arrival rate, configuring 26-5

smart logging 32-1, 32-14

SNAP 27-1

SNMP

accessing MIB variables with 33-4

agent

described 33-4

disabling 33-7

and IP SLAs 44-2

authentication level 33-10

community strings

configuring 33-8

for cluster switches 33-4

overview 33-4

configuration examples 33-17

default configuration 33-6

engine ID 33-7

groups 33-7, 33-9

host 33-7

ifIndex values 33-5

in-band management 1-7

in clusters 6-14

informs

and trap keyword 33-12

described 33-5

differences from traps 33-5

disabling 33-15

enabling 33-15

limiting access by TFTP servers 33-16

limiting system log messages to NMS 32-10

manager functions 1-6, 33-3

managing clusters with 6-17

notifications 33-5

overview 33-1, 33-4

security levels 33-3

setting CPU threshold notification 33-15

status, displaying 33-18

system contact and location 33-16

trap manager, configuring 33-13

traps

described 33-3, 33-5

differences from informs 33-5

disabling 33-15

enabling 33-12

enabling MAC address notification 7-16, 7-19, 7-20

overview 33-1, 33-4

types of 33-12

users 33-7, 33-9

versions supported 33-2

SNMP and Syslog Over IPv6 40-9

SNMPv1 33-2

SNMPv2C 33-2

SNMPv3 33-2

snooping, IGMP 25-2

software compatibility

See stacks, switch

software images

location in flash 52-25

recovery procedures 50-2

scheduling reloads 3-24

tar file format, described 52-25

See also downloading and uploading

source addresses

in IPv4 ACLs 35-12

in IPv6 ACLs 41-5

source-and-destination-IP address based forwarding, EtherChannel 37-9

source-and-destination MAC address forwarding, EtherChannel 37-9

source-IP address based forwarding, EtherChannel 37-9

source-MAC address forwarding, EtherChannel 37-8

Source-specific multicast

See SSM

SPAN

and stack changes 30-9

configuration guidelines 30-10

default configuration 30-10

destination ports 30-7

displaying status 30-23

interaction with other features 30-8

monitored ports 30-6

monitoring ports 30-7

overview 1-17, 30-1

ports, restrictions 26-12

received traffic 30-5

session limits 30-10

sessions

configuring ingress forwarding 30-15, 30-21

creating 30-11

defined 30-3

limiting source traffic to specific VLANs 30-15

removing destination (monitoring) ports 30-13

specifying monitored ports 30-11

with ingress traffic enabled 30-14

source ports 30-6

transmitted traffic 30-5

VLAN-based 30-6

spanning tree and native VLANs 14-18

Spanning Tree Protocol

See STP

SPAN traffic 30-5

split horizon, RIP 39-23

SRR

configuring

shaped weights on egress queues 36-84

shared weights on egress queues 36-85

shared weights on ingress queues 36-77

described 36-15

shaped mode 36-15

shared mode 36-15

support for 1-14

SSH

configuring 9-47

cryptographic software image 9-45

described 1-7, 9-46

encryption methods 9-46

switch stack considerations 5-16

user authentication methods, supported 9-46

SSL

configuration guidelines 9-53

configuring a secure HTTP client 9-55

configuring a secure HTTP server 9-54

cryptographic software image 9-50

described 9-50

monitoring 9-56

SSM

address management restrictions 47-16

CGMP limitations 47-16

components 47-14

configuration guidelines 47-16

configuring 47-14, 47-17

differs from Internet standard multicast 47-14

IGMP snooping 47-16

IGMPv3 47-14

IGMPv3 Host Signalling 47-15

IP address range 47-15

monitoring 47-17

operations 47-15

PIM 47-14

state maintenance limitations 47-16

SSM mapping 47-17

configuration guidelines 47-18

configuring 47-17, 47-20

DNS-based 47-19, 47-21

monitoring 47-22

overview 47-18

restrictions 47-18

static 47-19, 47-20

static traffic forwarding 47-22

stack, switch

MAC address of 5-6, 5-19

stack changes

effects on

IPv6 routing 40-11

stack changes, effects on

802.1x port-based authentication 10-11

ACL configuration 35-7

CDP 27-2

cross-stack EtherChannel 37-13

EtherChannel 37-10

fallback bridging 49-3

HSRP 43-5

IGMP snooping 25-6

IP routing 39-4

IPv6 ACLs 41-3

MAC address tables 7-15

MSTP 20-8

multicast routing 47-10

MVR 25-18

port security 26-18

SDM template selection 8-3

SNMP 33-1

SPAN and RSPAN 30-9

STP 19-12

switch clusters 6-14

system message log 32-2

VLANs 14-7

VTP 15-7

stack master

bridge ID (MAC address) 5-6

defined 5-1

election 5-4

IPv6 40-11

See also stacks, switch

stack member

accessing CLI of specific member 5-23

configuring

member number 5-21

priority value 5-22

defined 5-1

displaying information of 5-24

IPv6 40-11

number 5-6

priority value 5-7

provisioning a new member 5-22

replacing 5-14

See also stacks, switch

stack member number 13-11

stack protocol version 5-10

stacks, switch

accessing CLI of specific member 5-23

assigning information

member number 5-21

priority value 5-22

provisioning a new member 5-22

auto-advise 5-12

auto-copy 5-11

auto-extract 5-11

auto-upgrade 5-11

bridge ID 5-6

CDP considerations 27-2

compatibility, software 5-10

configuration file 5-14

configuration scenarios 5-17

copying an image file from one member to another 52-38

default configuration 5-19

description of 5-1

displaying information of 5-24

enabling persistent MAC address timer 5-19

hardware compatibility and SDM mismatch mode 5-10

HSRP considerations 43-5

in clusters 6-14

incompatible software and image upgrades 5-14, 52-38

IPv6 on 40-11

MAC address considerations 7-15

management connectivity 5-16

managing 5-1

membership 5-3

merged 5-3

MSTP instances supported 19-10

multicast routing, stack master and member roles 47-10

offline configuration

described 5-7

effects of adding a provisioned switch 5-8

effects of removing a provisioned switch 5-9

effects of replacing a provisioned switch 5-9

provisioned configuration, defined 5-7

provisioned switch, defined 5-7

provisioning a new member 5-22

partitioned 5-3, 50-8

provisioned switch

adding 5-8

removing 5-9

replacing 5-9

replacing a failed member 5-14

software compatibility 5-10

software image version 5-10

stack protocol version 5-10

STP

bridge ID 19-3

instances supported 19-10

root port selection 19-3

stack root switch election 19-3

system messages

hostnames in the display 32-1

remotely monitoring 32-2

system prompt consideration 7-8

system-wide configuration considerations 5-15

upgrading 52-38

version-mismatch (VM) mode

automatic upgrades with auto-upgrade 5-11

examples 5-12

manual upgrades with auto-advise 5-12

upgrades with auto-extract 5-11

version-mismatch mode

described 5-11

See also stack master and stack member

standby command switch

configuring

considerations 6-11

defined 6-2

priority 6-10

requirements 6-3

virtual IP address 6-11

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

standby ip command 43-6

standby links 21-2

standby router 43-2

standby timers, HSRP 43-10

startup configuration

booting

manually 3-20

specific image 3-21

clearing 52-19

configuration file

automatically downloading 3-19

specifying the filename 3-19

static access ports

assigning to VLAN 14-10

defined 13-3, 14-3

static addresses

See addresses

static IP routing 1-15

static MAC addressing 1-10

static route primary interface,configuring 45-10

static routes

configuring 39-92

configuring for IPv6 40-22

understanding 40-7

static routing 39-3

static routing support, enhanced object tracking 45-10

static SSM mapping 47-19, 47-20

static traffic forwarding 47-22

static VLAN membership 14-2

statistics

802.1X 11-17

802.1x 10-77

CDP 27-5

interface 13-31

IP multicast routing 47-62

LLDP 28-11

LLDP-MED 28-11

NMSP 28-11

OSPF 39-35

QoS ingress and egress 36-87

RMON group Ethernet 31-6

RMON group history 31-5

SNMP input and output 33-18

VTP 15-17

sticky learning 26-9

storm control

configuring 26-3

described 26-1

disabling 26-5

displaying 26-21

support for 1-4

thresholds 26-1

STP

accelerating root port selection 22-4

BackboneFast

described 22-7

disabling 22-17

enabling 22-17

BPDU filtering

described 22-3

disabling 22-15

enabling 22-14

BPDU guard

described 22-2

disabling 22-14

enabling 22-13

BPDU message exchange 19-3

configuration guidelines 19-14, 22-12

configuring

forward-delay time 19-23

hello time 19-22

maximum aging time 19-23

path cost 19-20

port priority 19-18

root switch 19-16

secondary root switch 19-18

spanning-tree mode 19-15

switch priority 19-21

transmit hold-count 19-24

counters, clearing 19-24

cross-stack UplinkFast

described 22-5

enabling 22-16

default configuration 19-13

default optional feature configuration 22-12

designated port, defined 19-4

designated switch, defined 19-4

detecting indirect link failures 22-8

disabling 19-16

displaying status 19-24

EtherChannel guard

described 22-10

disabling 22-17

enabling 22-17

extended system ID

effects on root switch 19-16

effects on the secondary root switch 19-18

overview 19-4

unexpected behavior 19-16

features supported 1-8

IEEE 802.1D and bridge ID 19-4

IEEE 802.1D and multicast addresses 19-9

IEEE 802.1t and VLAN identifier 19-5

inferior BPDU 19-3

instances supported 19-10

interface state, blocking to forwarding 22-2

interface states

blocking 19-6

disabled 19-7

forwarding 19-6, 19-7

learning 19-7

listening 19-7

overview 19-5

interoperability and compatibility among modes 19-11

Layer 2 protocol tunneling 18-7

limitations with IEEE 802.1Q trunks 19-11

load sharing

overview 14-23

using path costs 14-25

using port priorities 14-23

loop guard

described 22-11

enabling 22-18

modes supported 19-10

multicast addresses, effect of 19-9

optional features supported 1-8

overview 19-2

path costs 14-25, 14-26

Port Fast

described 22-2

enabling 22-12

port priorities 14-24

preventing root switch selection 22-10

protocols supported 19-10

redundant connectivity 19-8

root guard

described 22-10

enabling 22-18

root port, defined 19-3

root port selection on a switch stack 19-3

root switch

configuring 19-16

effects of extended system ID 19-4, 19-16

election 19-3

unexpected behavior 19-16

shutdown Port Fast-enabled port 22-2

stack changes, effects of 19-12

status, displaying 19-24

superior BPDU 19-3

timers, described 19-22

UplinkFast

described 22-4

enabling 22-15

VLAN-bridge 19-12

stratum, NTP 7-2

stub areas, OSPF 39-31

stub routing, EIGRP 39-42

subdomains, private VLAN 17-1

subnet mask 39-7

subnet zero 39-7

success response, VMPS 14-27

summer time 7-7

SunNet Manager 1-6

supernet 39-8

supported port-based authentication methods 10-7

SVI autostate exclude

configuring 13-27

defined 13-5

SVI link state 13-5

SVIs

and IP unicast routing 39-5

and router ACLs 35-4

connecting VLANs 13-10

defined 13-5

routing between VLANs 14-2

switch 40-2

switch clustering technology 6-1

See also clusters, switch

switch console port 1-7

Switch Database Management

See SDM

switched packets, ACLs on 35-40

Switched Port Analyzer

See SPAN

switched ports 13-2

switchport backup interface 21-4, 21-5

switchport block multicast command 26-8

switchport block unicast command 26-8

switchport command 13-16

switchport mode dot1q-tunnel command 18-6

switchport protected command 26-7

switch priority

MSTP 20-22

STP 19-21

switch software features 1-1

switch virtual interface

See SVI

SXP 12-2

synchronization, BGP 39-48

syslog

See system message logging

system capabilities TLV 28-2

system clock

configuring

daylight saving time 7-7

manually 7-5

summer time 7-7

time zones 7-6

displaying the time and date 7-5

overview 7-1

See also NTP

system description TLV 28-2

system message logging

default configuration 32-4

defining error message severity levels 32-9

disabling 32-4

displaying the configuration 32-17

enabling 32-5

facility keywords, described 32-14

level keywords, described 32-10

limiting messages 32-10

message format 32-2

overview 32-1

sequence numbers, enabling and disabling 32-8

setting the display destination device 32-5

stack changes, effects of 32-2

synchronizing log messages 32-6

syslog facility 1-17

time stamps, enabling and disabling 32-8

UNIX syslog servers

configuring the daemon 32-13

configuring the logging facility 32-13

facilities supported 32-14

system MTU

and IS-IS LSPs 39-69

system MTU and IEEE 802.1Q tunneling 18-5

system name

default configuration 7-9

default setting 7-9

manual configuration 7-9

See also DNS

system name TLV 28-2

system prompt, default setting 7-8, 7-9

system resources, optimizing 8-1

system routing

IS-IS 39-65

ISO IGRP 39-65

T

TACACS+

accounting, defined 9-12

authentication, defined 9-11

authorization, defined 9-12

configuring

accounting 9-17

authentication key 9-13

authorization 9-16

login authentication 9-14

default configuration 9-13

displaying the configuration 9-18

identifying the server 9-13

in clusters 6-16

limiting the services to the user 9-16

operation of 9-12

overview 9-10

support for 1-12

tracking services accessed by user 9-17

tagged packets

IEEE 802.1Q 18-3

Layer 2 protocol 18-7

tar files

creating 52-6

displaying the contents of 52-7

extracting 52-7

image file format 52-25

TCAM

memory consistency check errors

example 50-25

memory consistency check routines 1-5, 50-25

memory consistency integrity 1-5, 50-25

space

HFTM 50-25

HQATM 50-25

unassigned 50-25

TCL script, registering and defining with embedded event manager 34-7

TDR 1-17

Telnet

accessing management interfaces 2-10

number of connections 1-7

setting a password 9-6

templates, SDM 8-2

temporary self-signed certificate 9-51

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password 9-6

ternary content addressable memory

See TCAM

TFTP

configuration files

downloading 52-11

preparing the server 52-10

uploading 52-12

configuration files in base directory 3-8

configuring for autoconfiguration 3-7

image files

deleting 52-28

downloading 52-27

preparing the server 52-26

uploading 52-29

limiting access by servers 33-16

TFTP server 1-6

threshold, traffic level 26-2

threshold monitoring, IP SLAs 44-6

time

See NTP and system clock

Time Domain Reflector

See TDR

time-range command 35-17

time ranges in ACLs 35-17

time stamps in log messages 32-8

time zones 7-6

TLVs

defined 28-1

LLDP 28-2

LLDP-MED 28-2

Token Ring VLANs

support for 14-6

VTP support 15-4

ToS 1-14

traceroute, Layer 2

and ARP 50-17

and CDP 50-16

broadcast traffic 50-16

described 50-16

IP addresses and subnets 50-17

MAC addresses and VLANs 50-16

multicast traffic 50-16

multiple devices on a port 50-17

unicast traffic 50-16

usage guidelines 50-16

traceroute command 50-18

See also IP traceroute

tracked lists

configuring 45-3

types 45-3

tracked objects

by Boolean expression 45-4

by threshold percentage 45-6

by threshold weight 45-5

tracking interface line-protocol state 45-2

tracking IP routing state 45-2

tracking objects 45-1

tracking process 45-1

track state, tracking IP SLAs 45-9

traffic

blocking flooded 26-8

fragmented 35-5

fragmented IPv6 41-2

unfragmented 35-5

traffic policing 1-14

traffic suppression 26-1

transmit hold-count

see STP

transparent mode, VTP 15-3

trap-door mechanism 3-2

traps

configuring MAC address notification 7-16, 7-19, 7-20

configuring managers 33-12

defined 33-3

enabling 7-16, 7-19, 7-20, 33-12

notification types 33-12

overview 33-1, 33-4

troubleshooting

connectivity problems 50-14, 50-16, 50-17

CPU utilization 50-26

detecting unidirectional links 29-1

displaying crash information 50-24

PIMv1 and PIMv2 interoperability problems 47-35

setting packet forwarding 50-22

SFP security and identification 50-13

show forward command 50-22

with CiscoWorks 33-4

with debug commands 50-20

with ping 50-14

with system message logging 32-1

with traceroute 50-17

trunk failover

See link-state tracking

trunking encapsulation 1-9

trunk ports

configuring 14-19

defined 13-3, 14-3

encapsulation 14-19, 14-24, 14-26

trunks

allowed-VLAN list 14-20

configuring 14-19, 14-24, 14-26

ISL 14-15

load sharing

setting STP path costs 14-25

using STP port priorities 14-23, 14-24

native VLAN for untagged traffic 14-22

parallel 14-25

pruning-eligible list 14-21

to non-DTP device 14-16

trusted boundary for QoS 36-45

trusted port states

between QoS domains 36-47

classification options 36-5

ensuring port security for IP phones 36-45

support for 1-14

within a QoS domain 36-43

trustpoints, CA 9-50

tunneling

defined 18-1

IEEE 802.1Q 18-1

Layer 2 protocol 18-8

tunnel ports

defined 14-4

described 13-4, 18-1

IEEE 802.1Q, configuring 18-6

incompatibilities with other features 18-5

twisted-pair Ethernet, detecting unidirectional links 29-1

type of service

See ToS

U

UDLD

configuration guidelines 29-4

default configuration 29-4

disabling

globally 29-5

on fiber-optic interfaces 29-5

per interface 29-6

echoing detection mechanism 29-3

enabling

globally 29-5

per interface 29-6

Layer 2 protocol tunneling 18-10

link-detection mechanism 29-1

neighbor database 29-2

overview 29-1

resetting an interface 29-6

status, displaying 29-7

support for 1-8

UDP, configuring 39-16

UDP jitter, configuring 44-10

UDP jitter operation, IP SLAs 44-9

unauthorized ports with IEEE 802.1x 10-10

unicast MAC address filtering 1-6

and adding static addresses 7-23

and broadcast MAC addresses 7-22

and CPU packets 7-22

and multicast addresses 7-22

and router MAC addresses 7-22

configuration guidelines 7-22

described 7-22

unicast storm 26-1

unicast storm control command 26-4

unicast traffic, blocking 26-8

UniDirectional Link Detection protocol

See UDLD

UNIX syslog servers

daemon configuration 32-13

facilities supported 32-14

message logging configuration 32-13

unrecognized Type-Length-Value (TLV) support 15-4

upgrading software images

See downloading

UplinkFast

described 22-4

disabling 22-16

enabling 22-15

support for 1-8

uploading

configuration files

preparing 52-10, 52-13, 52-16

reasons for 52-9

using FTP 52-15

using RCP 52-18

using TFTP 52-12

image files

preparing 52-26, 52-30, 52-35

reasons for 52-24

using FTP 52-33

using RCP 52-37

using TFTP 52-29

User Datagram Protocol

See UDP

user EXEC mode 2-2

username-based authentication 9-7

V

VACL logging parameters 35-38

VACLs

logging

configuration example 35-39

version-dependent transparent mode 15-4

version-mismatch (VM) mode

automatic upgrades with auto-upgrade 5-11

manual upgrades with auto-advise 5-12

upgrades with auto-extract 5-11

version-mismatch mode

described 5-11

virtual IP address

cluster standby group 6-11

command switch 6-11

Virtual Private Network

See VPN

virtual router 43-1, 43-2

virtual switches and PAgP 37-6

vlan.dat file 14-5

VLAN 1, disabling on a trunk port 14-21

VLAN 1 minimization 14-20

VLAN ACLs

See VLAN maps

vlan-assignment response, VMPS 14-27

VLAN configuration

at bootup 14-7

saving 14-7

VLAN configuration mode 2-2

VLAN database

and startup configuration file 14-7

and VTP 15-1

VLAN configuration saved in 14-7

VLANs saved in 14-5

vlan dot1q tag native command 18-4

VLAN filtering and SPAN 30-7

vlan global configuration command 14-7

VLAN ID, discovering 7-25

VLAN link state 13-5

VLAN load balancing on flex links 21-2

configuration guidelines 21-8

VLAN management domain 15-2

VLAN Management Policy Server

See VMPS

VLAN map entries, order of 35-31

VLAN maps

applying 35-35

common uses for 35-35

configuration guidelines 35-31

configuring 35-30

creating 35-32

defined 35-2

denying access to a server example 35-36

denying and permitting packets 35-32

displaying 35-44

examples of ACLs and VLAN maps 35-33

removing 35-35

support for 1-11

wiring closet configuration example 35-36

VLAN membership

confirming 14-30

modes 14-3

VLAN Query Protocol

See VQP

VLANs

adding 14-8

adding to VLAN database 14-8

aging dynamic addresses 19-9

allowed on trunk 14-20

and spanning-tree instances 14-3, 14-7, 14-12

configuration guidelines, extended-range VLANs 14-11

configuration guidelines, normal-range VLANs 14-6

configuring 14-1

configuring IDs 1006 to 4094 14-11

connecting through SVIs 13-10

creating 14-9

customer numbering in service-provider networks 18-3

default configuration 14-8

deleting 14-9

described 13-2, 14-1

displaying 14-15

extended-range 14-1, 14-11

features 1-9

illustrated 14-2

internal 14-12

in the switch stack 14-7

limiting source traffic with RSPAN 30-22

limiting source traffic with SPAN 30-15

modifying 14-8

multicast 25-17

native, configuring 14-22

normal-range 14-1, 14-5

number supported 1-9

parameters 14-5

port membership modes 14-3

static-access ports 14-10

STP and IEEE 802.1Q trunks 19-11

supported 14-3

Token Ring 14-6

traffic between 14-2

VLAN-bridge STP 19-12, 49-2

VTP modes 15-3

VLAN Trunking Protocol

See VTP

VLAN trunks 14-15

VMPS

administering 14-31

configuration example 14-32

configuration guidelines 14-28

default configuration 14-28

description 14-26

dynamic port membership

described 14-27

reconfirming 14-30

troubleshooting 14-32

entering server address 14-29

mapping MAC addresses to VLANs 14-27

monitoring 14-31

reconfirmation interval, changing 14-30

reconfirming membership 14-30

retry count, changing 14-31

voice aware 802.1x security

port-based authentication

configuring 10-41

described 10-31, 10-41

voice-over-IP 16-1

voice VLAN

Cisco 7960 phone, port connections 16-1

configuration guidelines 16-3

configuring IP phones for data traffic

override CoS of incoming frame 16-6

trust CoS priority of incoming frame 16-6

configuring ports for voice traffic in

802.1p priority tagged frames 16-5

802.1Q frames 16-5

connecting to an IP phone 16-4

default configuration 16-3

described 16-1

displaying 16-7

IP phone data traffic, described 16-2

IP phone voice traffic, described 16-2

VPN

configuring routing in 39-84

forwarding 39-77

in service provider networks 39-75

routes 39-75

VPN routing and forwarding table

See VRF

VQP 1-9, 14-26

VRF

defining 39-77

tables 39-75

VRF-aware services

ARP 39-81

configuring 39-80

ftp 39-83

HSRP 39-82

ping 39-81

RADIUS 39-82

SNMP 39-81

syslog 39-82

tftp 39-83

traceroute 39-83

VTP

adding a client to a domain 15-16

advertisements 14-18, 15-4

and extended-range VLANs 14-3, 15-2

and normal-range VLANs 14-3, 15-2

client mode, configuring 15-12

configuration

guidelines 15-9

requirements 15-11

saving 15-9

configuration requirements 15-11

configuration revision number

guideline 15-16

resetting 15-17

consistency checks 15-5

default configuration 15-8

described 15-1

domain names 15-9

domains 15-2

Layer 2 protocol tunneling 18-7

modes

client 15-3

off 15-3

server 15-3

transitions 15-3

transparent 15-3

monitoring 15-17

passwords 15-9

pruning

disabling 15-15

enabling 15-15

examples 15-6

overview 15-6

support for 1-9

pruning-eligible list, changing 14-21

server mode, configuring 15-11, 15-14

statistics 15-17

support for 1-9

Token Ring support 15-4

transparent mode, configuring 15-11

using 15-1

Version

enabling 15-14

version, guidelines 15-10

Version 1 15-4

Version 2

configuration guidelines 15-10

overview 15-4

Version 3

overview 15-5

W

WCCP

authentication 46-3

configuration guidelines 46-6

default configuration 46-5

described 46-1

displaying 46-10

dynamic service groups 46-3

enabling 46-6

features unsupported 46-5

forwarding method 46-3

Layer-2 header rewrite 46-3

MD5 security 46-3

message exchange 46-2

monitoring and maintaining 46-10

negotiation 46-3

packet redirection 46-3

packet-return method 46-3

redirecting traffic received from a client 46-6

setting the password 46-7

unsupported WCCPv2 features 46-5

web authentication 10-17

configuring 11-16 to ??

described 1-10

web-based authentication

customizeable web pages 11-6

description 11-1

web-based authentication, interactions with other features 11-7

Web Cache Communication Protocol

See WCCP

weighted tail drop

See WTD

weight thresholds in tracked lists 45-5

wired location service

configuring 28-9

displaying 28-11

location TLV 28-3

understanding 28-3

wizards 1-2

WTD

described 36-14

setting thresholds

egress queue-sets 36-80

ingress queues 36-75

support for 1-14

X

Xmodem protocol 50-2