Catalyst 3750-E and 3560-E Switch Software Configuration Guide, 12.2(46)SE
Index
Downloads: This chapterpdf (PDF - 1.97MB) The complete bookPDF (PDF - 37.63MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W -

Index

Numerics

10-Gigabit Ethernet interfaces 11-6

A

AAA down policy, NAC Layer 2 IP validation 1-11

abbreviating commands 2-4

ABRs 39-26

AC (command switch) 6-11

access

templates 8-1

access-class command 35-20

access control entries

See ACEs

access-denied response, VMPS 13-28

access groups

applying IPv4 ACLs to interfaces 35-21

Layer 2 35-21

Layer 3 35-21

access groups, applying IPv4 ACLs to interfaces 35-21

accessing

clusters, switch 6-14

command switches 6-12

member switches 6-14

switch clusters 6-14

accessing stack members 5-24

access lists

See ACLs

access ports

and Layer 2 protocol tunneling 17-11

defined 11-3

in switch clusters 6-10

access template 8-1

accounting

with 802.1x 10-39

with IEEE 802.1x 10-9

with RADIUS 9-28

with TACACS+ 9-11, 9-17

ACEs

and QoS 37-7

defined 35-2

Ethernet 35-2

IP 35-2

ACLs

ACEs 35-2

any keyword 35-13

applying

on bridged packets 35-38

on multicast packets 35-40

on routed packets 35-39

on switched packets 35-38

time ranges to 35-17

to an interface 35-20, 36-8

to IPv6 interfaces 36-8

to QoS 37-7

classifying traffic for QoS 37-45

comments in 35-19

compiling 35-22

defined 35-1, 35-8

examples of 35-22, 37-45

extended IP, configuring for QoS classification 37-46

extended IPv4

creating 35-11

matching criteria 35-8

hardware and software handling 35-22

host keyword 35-13

IP

creating 35-8

fragments and QoS guidelines 37-35

implicit deny 35-10, 35-14, 35-17

implicit masks 35-10

matching criteria 35-8

undefined 35-21

IPv4

applying to interfaces 35-20

creating 35-8

matching criteria 35-8

named 35-15

numbers 35-8

terminal lines, setting on 35-19

unsupported features 35-7

IPv6

and stacking 36-3

applying to interfaces 36-8

configuring 36-4, 36-5

displaying 36-9

interactions with other features 36-4

limitations 36-3

matching criteria 36-3

named 36-3

precedence of 36-2

supported 36-3

unsupported features 36-3

Layer 4 information in 35-37

logging messages 35-9

MAC extended 35-27, 37-47

matching 35-8, 35-21

monitoring 35-40, 36-9

named

IPv4 35-15

IPv6 36-3

names 36-4

number per QoS class map 37-35

port 35-2, 36-2

precedence of 35-2

QoS 37-7, 37-45

resequencing entries 35-15

router 35-2, 36-2

router ACLs and VLAN map configuration guidelines 35-37

standard IP, configuring for QoS classification 37-45

standard IPv4

creating 35-10

matching criteria 35-8

support for 1-10

support in hardware 35-22

time ranges 35-17

types supported 35-2

unsupported features

IPv4 35-7

IPv6 36-3

using router ACLs with VLAN maps 35-36

VLAN maps

configuration guidelines 35-30

configuring 35-29

active link 21-4, 21-5, 21-6

active links 21-2

active router 41-1

active traffic monitoring, IP SLAs 42-1

address aliasing 24-2

addresses

displaying the MAC address table 7-28

dynamic

accelerated aging 18-9

changing the aging time 7-21

default aging 18-9

defined 7-19

learning 7-20

removing 7-22

IPv6 40-2

MAC, discovering 7-28

multicast

group address range 45-3

STP address management 18-9

static

adding and removing 7-24

defined 7-19

address resolution 7-28, 39-9

Address Resolution Protocol

See ARP

adjacency tables, with CEF 39-81

administrative distances

defined 39-93

OSPF 39-33

routing protocol defaults 39-84

advanced IP services feature set 1-2

advertisements

CDP 27-1

LLDP 28-2

RIP 39-20

VTP 13-19, 14-3

aggregatable global unicast addresses 40-3

aggregate addresses, BGP 39-61

aggregated ports

See EtherChannel

aggregate policers 37-60

aggregate policing 1-12

aging, accelerating 18-9

aging time

accelerated

for MSTP 19-23

for STP 18-9, 18-23

MAC address table 7-21

maximum

for MSTP 19-24

for STP 18-23, 18-24

alarms, RMON 31-3

allowed-VLAN list 13-21

AP1250 (wireless access point) 1-14

application engines, redirecting traffic to 44-1

area border routers

See ABRs

ARP

configuring 39-10

defined 1-6, 7-28, 39-10

encapsulation 39-11

static cache configuration 39-10

table

address resolution 7-28

managing 7-28

ASBRs 39-26

AS-path filters, BGP 39-55

asymmetrical links, and IEEE 802.1Q tunneling 17-4

attributes, RADIUS

vendor-proprietary 9-30

vendor-specific 9-29

audience xlv

authentication

EIGRP 39-42

HSRP 41-11

local mode with AAA 9-36

NTP associations 7-4

RADIUS

key 9-21

login 9-23

TACACS+

defined 9-11

key 9-13

login 9-14

See also port-based authentication

authentication failed VLAN

See restricted VLAN

authentication keys, and routing protocols 39-94

authoritative time source, described 7-2

authorization

with RADIUS 9-27

with TACACS+ 9-11, 9-16

authorized ports with IEEE 802.1x 10-7

autoconfiguration 3-3

automatic advise (auto-advise) in switch stacks 5-12

automatic copy (auto-copy) in switch stacks 5-12

automatic discovery

considerations

beyond a noncandidate device 6-8

brand new switches 6-10

connectivity 6-5

different VLANs 6-7

management VLANs 6-8

non-CDP-capable devices 6-6

noncluster-capable devices 6-6

routed ports 6-9

in switch clusters 6-5

See also CDP

automatic extraction (auto-extract) in switch stacks 5-12

automatic QoS

See QoS

automatic recovery, clusters 6-11

See also HSRP

automatic upgrades (auto-upgrade) in switch stacks 5-12

auto-MDIX

configuring 11-27

described 11-26

autonegotiation

duplex mode 1-4

interface configuration guidelines 11-24

mismatches 48-12

autonomous system boundary routers

See ASBRs

autonomous systems, in BGP 39-49

Auto-RP, described 45-6

autosensing, port speed 1-4

autostate exclude 11-6

auxiliary VLAN

See voice VLAN

availability, features 1-7

B

BackboneFast

described 20-7

disabling 20-17

enabling 20-16

support for 1-8

backup interfaces

See Flex Links

backup links 21-2

backup static routing, configuring 43-12

banners

configuring

login 7-19

message-of-the-day login 7-18

default configuration 7-17

when displayed 7-17

Berkeley r-tools replacement 9-49

BGP

aggregate addresses 39-61

aggregate routes, configuring 39-61

CIDR 39-61

clear commands 39-64

community filtering 39-58

configuring neighbors 39-59

default configuration 39-46

described 39-46

enabling 39-49

monitoring 39-64

multipath support 39-53

neighbors, types of 39-49

path selection 39-53

peers, configuring 39-59

prefix filtering 39-57

resetting sessions 39-51

route dampening 39-63

route maps 39-55

route reflectors 39-62

routing domain confederation 39-62

routing session with multi-VRF CE 39-75

show commands 39-64

supernets 39-61

support for 1-13

Version 4 39-46

binding cluster group and HSRP group 41-12

binding database

address, DHCP server

See DHCP, Cisco IOS server database

DHCP snooping

See DHCP snooping binding database

bindings

address, Cisco IOS DHCP server 22-6

DHCP snooping database 22-7

IP source guard 22-16

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets 26-7

Boolean expressions in tracked lists 43-4

booting

boot loader, function of 3-2

boot process 3-2

manually 3-18

specific image 3-18

boot loader

accessing 3-19

described 3-2

environment variables 3-19

prompt 3-19

trap-door mechanism 3-2

bootstrap router (BSR), described 45-7

Border Gateway Protocol

See BGP

BPDU

error-disabled state 20-2

filtering 20-3

RSTP format 19-12

BPDU filtering

described 20-3

disabling 20-15

enabling 20-14

support for 1-8

BPDU guard

described 20-2

disabling 20-14

enabling 20-13

support for 1-8

bridged packets, ACLs on 35-38

bridge groups

See fallback bridging

bridge protocol data unit

See BPDU

broadcast flooding 39-17

broadcast packets

directed 39-14

flooded 39-14

broadcast storm-control command 26-4

broadcast storms 26-1, 39-14

C

cables, monitoring for unidirectional links 29-1

candidate switch

automatic discovery 6-5

defined 6-4

requirements 6-4

See also command switch, cluster standby group, and member switch

CA trustpoint

configuring 9-45

defined 9-43

caution, described xlvi

CDP

and trusted boundary 37-41

automatic discovery in switch clusters 6-5

configuring 27-2

default configuration 27-2

defined with LLDP 28-1

described 27-1

disabling for routing device27-3to 27-4

enabling and disabling

on an interface 27-4

on a switch 27-3

Layer 2 protocol tunneling 17-8

monitoring 27-5

overview 27-1

power negotiation extensions 11-7

support for 1-6

switch stack considerations 27-2

transmission timer and holdtime, setting 27-2

updates 27-2

CEF

defined 39-81

distributed 39-81

IPv6 40-19

CGMP

as IGMP snooping learning method 24-9

clearing cached group entries 45-62

enabling server support 45-44

joining multicast group 24-3

overview 45-9

server support only 45-9

switch support of 1-4

CIDR 39-61

CipherSuites 9-44

Cisco 7960 IP Phone 15-1

Cisco AP1250 (wireless access point) 1-14

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco intelligent power management 11-7

Cisco IOS DHCP server

See DHCP, Cisco IOS DHCP server

Cisco IOS File System

See IFS

Cisco IOS IP SLAs 42-1

Cisco Network Assistant

See Network Assistant

Cisco Redundant Power System 2300

configuring 11-37

managing 11-37

Cisco StackWise Plus technology 1-3

See also stacks, switch

CiscoWorks 2000 1-6, 33-4

CIST regional root

See MSTP

CIST root

See MSTP

civic location 28-3

classless interdomain routing

See CIDR

classless routing 39-8

class maps for QoS

configuring 37-48

described 37-7

displaying 37-80

class of service

See CoS

clearing interfaces 11-41

CLI

abbreviating commands 2-4

command modes 2-1

configuration logging 2-5

described 1-5

editing features

enabling and disabling 2-7

keystroke editing 2-8

wrapped lines 2-9

error messages 2-5

filtering command output 2-10

getting help 2-3

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

managing clusters 6-17

no and default forms of commands 2-4

client mode, VTP 14-3

client processes, tracking 43-1

clock

See system clock

cluster requirements xlvi

clusters, switch

accessing 6-14

automatic discovery 6-5

automatic recovery 6-11

benefits 1-2

compatibility 6-4

described 6-1

LRE profile considerations 6-17

managing

through CLI 6-17

through SNMP 6-18

planning 6-4

planning considerations

automatic discovery 6-5

automatic recovery 6-11

CLI 6-17

host names 6-14

IP addresses 6-14

LRE profiles 6-17

passwords 6-15

RADIUS 6-17

SNMP 6-15, 6-18

switch stacks 6-15

TACACS+ 6-17

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

and HSRP group 41-12

automatic recovery 6-13

considerations 6-12

defined 6-2

requirements 6-3

virtual IP address 6-12

See also HSRP

CNS

Configuration Engine

configID, deviceID, hostname 4-3

configuration service 4-2

described 4-1

event service 4-3

embedded agents

described 4-5

enabling automated configuration 4-6

enabling configuration agent 4-9

enabling event agent 4-8

management functions 1-6

Coarse Wave Division Multiplexer

See CWDM SFPs

command-line interface

See CLI

command modes 2-1

commands

abbreviating 2-4

no and default 2-4

commands, setting privilege levels 9-8

command switch

accessing 6-12

active (AC) 6-11

configuration conflicts 48-12

defined 6-2

passive (PC) 6-11

password privilege levels 6-18

priority 6-11

recovery

from command-switch failure 6-11, 48-9

from lost member connectivity 48-12

redundant 6-11

replacing

with another switch 48-11

with cluster member 48-9

requirements 6-3

standby (SC) 6-11

See also candidate switch, cluster standby group, member switch, and standby command switch

community list, BGP 39-58

community ports 16-2

community strings

configuring 6-15, 33-8

for cluster switches 33-4

in clusters 6-15

overview 33-4

SNMP 6-15

community VLANs 16-2, 16-3

compatibility, feature 26-12

compatibility, software

See stacks, switch

config.text 3-17

configurable leave timer, IGMP 24-6

configuration, initial

defaults 1-15

Express Setup 1-2

See also getting started guide and hardware installation guide

configuration conflicts, recovering from lost member connectivity 48-12

configuration examples, network 1-18

configuration files

archiving 51-20

clearing the startup configuration 51-20

creating and using, guidelines for 51-10

creating using a text editor 51-11

default name 3-17

deleting a stored configuration 51-20

described 51-9

downloading

automatically 3-17

preparing 51-11, 51-14, 51-17

reasons for 51-9

using FTP 51-14

using RCP 51-18

using TFTP 51-12

invalid combinations when copying 51-6

limiting TFTP server access 33-16

obtaining with DHCP 3-9

password recovery disable considerations 9-5

replacing and rolling back, guidelines for 51-21

replacing a running configuration 51-20, 51-21

rolling back a running configuration 51-20, 51-21

specifying the filename 3-17

system contact and location information 33-16

types and location 51-10

uploading

preparing 51-11, 51-14, 51-17

reasons for 51-9

using FTP 51-15

using RCP 51-19

using TFTP 51-12

configuration guidelines, multi-VRF CE 39-68

configuration logging 2-5

configuration replacement 51-20

configuration rollback 51-20

configuration settings, saving 3-15

configure terminal command 11-13

configuring multicast VRFs 39-74

configuring port-based authentication violation modes10-31to 10-32

configuring small-frame arrival rate 26-5

config-vlan mode 2-2, 13-7

conflicts, configuration 48-12

connections, secure remote 9-38

connectivity problems 48-14, 48-16, 48-17

consistency checks in VTP Version 2 14-4

console port, connecting to 2-11

content-routing technology

See WCCP

control protocol, IP SLAs 42-4

conventions

command xlv

for examples xlvi

publication xlv

text xlv

corrupted software, recovery steps with Xmodem 48-2

CoS

in Layer 2 frames 37-2

override priority 15-6

trust priority 15-6

CoS input queue threshold map for QoS 37-17

CoS output queue threshold map for QoS 37-21

CoS-to-DSCP map for QoS 37-62

counters, clearing interface 11-41

crashinfo file 48-25

critical authentication, IEEE 802.1x 10-43

cross-stack EtherChannel

configuration guidelines 38-13

configuring

on Layer 2 interfaces 38-13

on Layer 3 physical interfaces 38-16

described 38-3

illustration 38-4

support for 1-7

cross-stack UplinkFast, STP

described 20-5

disabling 20-16

enabling 20-16

fast-convergence events 20-7

Fast Uplink Transition Protocol 20-6

normal-convergence events 20-7

support for 1-8

cryptographic software image

Kerberos 9-32

SSH 9-37

SSL 9-42

switch stack considerations 5-2, 5-17, 9-38

customer edge devices 39-66

CWDM SFPs 1-32

D

daylight saving time 7-13

dCEF in the switch stack 39-81

debugging

enabling all system diagnostics 48-21

enabling for a specific feature 48-21

redirecting error message output 48-22

using commands 48-20

default commands 2-4

default configuration

802.1x 10-25

auto-QoS 37-23

banners 7-17

BGP 39-46

booting 3-17

CDP 27-2

DHCP 22-8

DHCP option 82 22-8

DHCP snooping 22-8

DHCP snooping binding database 22-9

DNS 7-16

dynamic ARP inspection 23-5

EIGRP 39-38

EtherChannel 38-11

Ethernet interfaces 11-22

fallback bridging 47-4

Flex Links 21-8

HSRP 41-5

IEEE 802.1Q tunneling 17-4

IGMP 45-39

IGMP filtering 24-25

IGMP snooping 24-7, 25-6

IGMP throttling 24-25

initial switch information 3-3

IP addressing, IP routing 39-6

IP multicast routing 45-10

IP SLAs 42-6

IP source guard 22-17

IPv6 40-10

Layer 2 interfaces 11-22

Layer 2 protocol tunneling 17-11

LLDP 28-3

MAC address table 7-21

MAC address-table move update 21-8

MSDP 46-4

MSTP 19-15

multi-VRF CE 39-68

MVR 24-20

NTP 7-4

optional spanning-tree configuration 20-12

OSPF 39-27

password and privilege level 9-2

PIM 45-10

private VLANs 16-6

RADIUS 9-20

RIP 39-21

RMON 31-3

RSPAN 30-12

SDM template 8-4

SNMP 33-7

SPAN 30-12

SSL 9-45

standard QoS 37-33

STP 18-13

switch stacks 5-20

system message logging 32-4

system name and prompt 7-15

TACACS+ 9-13

UDLD 29-4

VLAN, Layer 2 Ethernet interfaces 13-19

VLANs 13-8

VMPS 13-29

voice VLAN 15-3

VTP 14-7

WCCP 44-5

default gateway 3-15, 39-12

default networks 39-84

default router preference

See DRP

default routes 39-84

default routing 39-3

deleting VLANs 13-10

denial-of-service attack 26-1

description command 11-31

designing your network, examples 1-18

desktop template 5-10, 8-1

destination addresses

in IPv4 ACLs 35-12

in IPv6 ACLs 36-6

destination-IP address-based forwarding, EtherChannel 38-9

destination-MAC address forwarding, EtherChannel 38-9

detecting indirect link failures, STP 20-8

device discovery protocol 27-1, 28-1

device manager

benefits 1-2

described 1-3, 1-5

in-band management 1-7

requirements xlvi

DHCP

Cisco IOS server database

configuring 22-14

default configuration 22-9

described 22-6

DHCP for IPv6

See DHCPv6

enabling

relay agent 22-11

server 22-10

DHCP-based autoconfiguration

client request message exchange 3-4

configuring

client side 3-4

DNS 3-7

relay device 3-8

server side 3-6

server-side 22-10

TFTP server 3-7

example 3-10

lease options

for IP address information 3-6

for receiving the configuration file 3-7

overview 3-3

relationship to BOOTP 3-4

relay support 1-6, 1-13

support for 1-6

DHCP-based autoconfiguration and image update

configuring3-11to 3-14

understanding3-5to 3-6

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP object tracking, configuring primary interface 43-11

DHCP option 82

circuit ID suboption 22-5

configuration guidelines 22-9

default configuration 22-8

displaying 22-16

forwarding address, specifying 22-11

helper address 22-11

overview 22-3

packet format, suboption

circuit ID 22-5

remote ID 22-5

remote ID suboption 22-5

DHCP server port-based address allocation

configuration guidelines 22-21

default configuration 22-20

described 22-20

displaying 22-23

enabling 22-21

DHCP snooping

accepting untrusted packets form edge switch 22-3, 22-13

and private VLANs 22-14

binding database

See DHCP snooping binding database

configuration guidelines 22-9

default configuration 22-8

displaying binding tables 22-16

message exchange process 22-4

option 82 data insertion 22-3

trusted interface 22-2

untrusted interface 22-2

untrusted messages 22-2

DHCP snooping binding database

adding bindings 22-14

binding entries, displaying 22-16

binding file

format 22-7

location 22-7

bindings 22-7

clearing agent statistics 22-15

configuration guidelines 22-10

configuring 22-14

default configuration 22-8, 22-9

deleting

binding file 22-15

bindings 22-15

database agent 22-15

described 22-6

displaying 22-16

binding entries 22-16

status and statistics 22-16

displaying status and statistics 22-16

enabling 22-14

entry 22-7

renewing database 22-15

resetting

delay value 22-15

timeout value 22-15

DHCP snooping binding table

See DHCP snooping binding database

DHCPv6

configuration guidelines 40-15

default configuration 40-15

described 40-6

enabling client function 40-17

enabling DHCPv6 server function 40-15

diagnostic schedule command 49-2

Differentiated Services architecture, QoS 37-2

Differentiated Services Code Point 37-2

Diffusing Update Algorithm (DUAL) 39-36

Digital Optical Monitoring (DOM) 11-41

directed unicast requests 1-6

directories

changing 51-4

creating and removing 51-5

displaying the working 51-4

discovery, clusters

See automatic discovery

Distance Vector Multicast Routing Protocol

See DVMRP

distance-vector protocols 39-3

distribute-list command 39-93

DNS

and DHCP-based autoconfiguration 3-7

default configuration 7-16

displaying the configuration 7-17

in IPv6 40-4

overview 7-15

setting up 7-16

support for 1-6

DNS-based SSM mapping 45-19, 45-21

documentation, related xlvi

document conventions xlv

DOM (Digital Optical Monitoring) 11-41

domain names

DNS 7-15

VTP 14-8

Domain Name System

See DNS

dot1q-tunnel switchport mode 13-18

double-tagged packets

IEEE 802.1Q tunneling 17-2

Layer 2 protocol tunneling 17-10

downloading

configuration files

preparing 51-11, 51-14, 51-17

reasons for 51-9

using FTP 51-14

using RCP 51-18

using TFTP 51-12

image files

deleting old image 51-29

preparing 51-26, 51-30, 51-35

reasons for 51-24

using CMS 1-3

using FTP 51-31

using HTTP 1-3, 51-24

using RCP 51-36

using TFTP 51-27

using the device manager or Network Assistant 51-24

drop threshold for Layer 2 protocol packets 17-11

DRP

configuring 40-13

described 40-4

IPv6 40-4

DSCP 1-11, 37-2

DSCP input queue threshold map for QoS 37-17

DSCP output queue threshold map for QoS 37-21

DSCP-to-CoS map for QoS 37-65

DSCP-to-DSCP-mutation map for QoS 37-66

DSCP transparency 37-41

DTP 1-9, 13-17

dual-action detection 38-6

DUAL finite state machine, EIGRP 39-37

dual IPv4 and IPv6 templates 8-2, 40-5, 40-6

dual protocol stacks

IPv4 and IPv6 40-6

SDM templates supporting 40-6

DVMRP

autosummarization

configuring a summary address 45-58

disabling 45-60

connecting PIM domain to DVMRP router 45-51

enabling unicast routing 45-54

interoperability

with Cisco devices 45-49

with Cisco IOS software 45-9

mrinfo requests, responding to 45-53

neighbors

advertising the default route to 45-52

discovery with Probe messages 45-49

displaying information 45-53

prevent peering with nonpruning 45-56

rejecting nonpruning 45-55

overview 45-9

routes

adding a metric offset 45-61

advertising all 45-60

advertising the default route to neighbors 45-52

caching DVMRP routes learned in report messages 45-54

changing the threshold for syslog messages 45-57

deleting 45-62

displaying 45-62

favoring one over another 45-61

limiting the number injected into MBONE 45-57

limiting unicast route advertisements 45-49

routing table 45-9

source distribution tree, building 45-9

support for 1-13

tunnels

configuring 45-51

displaying neighbor information 45-53

dynamic access ports

characteristics 13-4

configuring 13-31

defined 11-3

dynamic addresses

See addresses

dynamic ARP inspection

ARP cache poisoning 23-1

ARP requests, described 23-1

ARP spoofing attack 23-1

clearing

log buffer 23-16

statistics 23-16

configuration guidelines 23-6

configuring

ACLs for non-DHCP environments 23-8

in DHCP environments 23-7

log buffer 23-13

rate limit for incoming ARP packets 23-4, 23-11

default configuration 23-5

denial-of-service attacks, preventing 23-11

described 23-1

DHCP snooping binding database 23-2

displaying

ARP ACLs 23-15

configuration and operating state 23-15

log buffer 23-16

statistics 23-16

trust state and rate limit 23-15

error-disabled state for exceeding rate limit 23-4

function of 23-2

interface trust states 23-3

log buffer

clearing 23-16

configuring 23-13

displaying 23-16

logging of dropped packets, described 23-5

man-in-the middle attack, described 23-2

network security issues and interface trust states 23-3

priority of ARP ACLs and DHCP snooping entries 23-4

rate limiting of ARP packets

configuring 23-11

described 23-4

error-disabled state 23-4

statistics

clearing 23-16

displaying 23-16

validation checks, performing 23-12

dynamic auto trunking mode 13-18

dynamic desirable trunking mode 13-18

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described 13-29

reconfirming 13-31

troubleshooting 13-33

types of connections 13-31

dynamic routing 39-3

Dynamic Trunking Protocol

See DTP

E

EBGP 39-45

editing features

enabling and disabling 2-7

keystrokes used 2-8

wrapped lines 2-9

EIGRP

authentication 39-42

components 39-37

configuring 39-40

default configuration 39-38

definition 39-36

interface parameters, configuring 39-41

monitoring 39-44

stub routing 39-43

support for 1-13

EIGRP IPv6 40-7

elections

See stack master

ELIN location 28-3

embedded event manager

actions 34-4

configuring 34-1, 34-5

displaying information 34-7

environmental variables 34-4

event detectors 34-2

policies 34-4

registering and defining an applet 34-5

registering and defining a TCL script 34-6

understanding 34-1

enable password 9-3

enable secret password 9-3

encryption, CipherSuite 9-44

encryption for passwords 9-3

Enhanced IGRP

See EIGRP

enhanced object tracking

backup static routing 43-12

commands 43-1

defined 43-1

DHCP primary interface 43-11

HSRP 43-7

IP routing state 43-2

IP SLAs 43-9

line-protocol state 43-2

network monitoring with IP SLAs 43-11

routing policy, configuring 43-12

static route primary interface 43-10

tracked lists 43-3

enhanced object tracking static routing 43-10

enhanced PoE 1-14, 11-7, 11-30

environmental variables, embedded event manager 34-4

environment variables, function of 3-20

equal-cost routing 1-13, 39-82

error-disabled state, BPDU 20-2

error messages during command entry 2-5

EtherChannel

automatic creation of 38-5, 38-7

channel groups

binding physical and logical interfaces 38-4

numbering of 38-4

configuration guidelines 38-12

configuring

Layer 2 interfaces 38-13

Layer 3 physical interfaces 38-16

Layer 3 port-channel logical interfaces 38-15

default configuration 38-11

described 38-2

displaying status 38-23

forwarding methods 38-8, 38-18

IEEE 802.3ad, described 38-7

interaction

with STP 38-12

with VLANs 38-12

LACP

described 38-7

displaying status 38-23

hot-standby ports 38-20

interaction with other features 38-8

modes 38-7

port priority 38-22

system priority 38-21

Layer 3 interface 39-5

load balancing 38-8, 38-18

logical interfaces, described 38-4

PAgP

aggregate-port learners 38-19

compatibility with Catalyst 1900 38-19

described 38-5

displaying status 38-23

interaction with other features 38-7

interaction with virtual switches 38-6

learn method and priority configuration 38-19

modes 38-6

support for 1-4

with dual-action detection 38-6

port-channel interfaces

described 38-4

numbering of 38-4

port groups 11-6

stack changes, effects of 38-10

support for 1-4

EtherChannel guard

described 20-10

disabling 20-17

enabling 20-17

Ethernet management port

active link 11-19

and routing 11-19

and routing protocols 11-19

and TFTP 11-21

configuring 11-21

connecting to 2-11

default setting 11-19

described 11-18

for network management 11-18

specifying 11-21

supported features 11-20

unsupported features 11-21

Ethernet management port, internal

and routing 11-19

and routing protocols 11-19

unsupported features 11-21

Ethernet VLANs

adding 13-9

defaults and ranges 13-8

modifying 13-9

EUI 40-3

event detectors, embedded event manager 34-2

events, RMON 31-3

examples

conventions for xlvi

network configuration 1-18

expedite queue for QoS 37-78

Express Setup 1-2

See also getting started guide

extended crashinfo file 48-25

extended-range VLANs

configuration guidelines 13-13

configuring 13-12

creating 13-14

creating with an internal VLAN ID 13-15

defined 13-1

extended system ID

MSTP 19-18

STP 18-4, 18-16

extended universal identifier

See EUI

Extensible Authentication Protocol over LAN 10-1

external BGP

See EBGP

external neighbors, BGP 39-49

F

Fa0 port

See Ethernet management port

failover support 1-7

fallback bridging

and protected ports 47-4

bridge groups

creating 47-4

described 47-2

displaying 47-11

function of 47-2

number supported 47-5

removing 47-5

bridge table

clearing 47-11

displaying 47-11

configuration guidelines 47-4

connecting interfaces with 11-12

default configuration 47-4

described 47-1

frame forwarding

flooding packets 47-2

forwarding packets 47-2

overview 47-1

protocol, unsupported 47-4

stack changes, effects of 47-3

STP

disabling on an interface 47-10

forward-delay interval 47-9

hello BPDU interval 47-8

interface priority 47-7

keepalive messages 18-2

maximum-idle interval 47-9

path cost 47-7

VLAN-bridge spanning-tree priority 47-6

VLAN-bridge STP 47-2

support for 1-13

SVIs and routed ports 47-2

unsupported protocols 47-4

VLAN-bridge STP 18-11

Fast Convergence 21-3

fastethernet0 port

See Ethernet management port

Fast Uplink Transition Protocol 20-6

features, incompatible 26-12

FIB 39-81

fiber-optic, detecting unidirectional links 29-1

files

basic crashinfo

description 48-25

location 48-25

copying 51-5

crashinfo, description 48-25

deleting 51-6

displaying the contents of 51-8

extended crashinfo

description 48-25

location 48-25

tar

creating 51-7

displaying the contents of 51-7

extracting 51-8

image file format 51-25

file system

displaying available file systems 51-2

displaying file information 51-4

local file system names 51-1

network file system names 51-5

setting the default 51-3

filtering

in a VLAN 35-29

IPv6 traffic 36-4, 36-8

non-IP traffic 35-27

show and more command output 2-10

filtering show and more command output 2-10

filters, IP

See ACLs, IP

flash device, number of 51-1

Flex Link Multicast Fast Convergence 21-3

Flex Links

configuration guidelines 21-8

configuring 21-9, 21-10

configuring preferred VLAN 21-12

configuring VLAN load balancing 21-11

default configuration 21-8

description 21-2

link load balancing 21-3

monitoring 21-14

VLANs 21-3

flooded traffic, blocking 26-8

flow-based packet classification 1-11

flowcharts

QoS classification 37-6

QoS egress queueing and scheduling 37-18

QoS ingress queueing and scheduling 37-15

QoS policing and marking 37-10

flowcontrol

configuring 11-26

described 11-25

forward-delay time

MSTP 19-23

STP 18-23

Forwarding Information Base

See FIB

forwarding nonroutable protocols 47-1

FTP

accessing MIB files 50-4

configuration files

downloading 51-14

overview 51-13

preparing the server 51-14

uploading 51-15

image files

deleting old image 51-33

downloading 51-31

preparing the server 51-30

uploading 51-33

G

general query 21-5

Generating IGMP Reports 21-4

get-bulk-request operation 33-3

get-next-request operation 33-3, 33-5

get-request operation 33-3, 33-5

get-response operation 33-3

Gigabit modules

See SFPs

global configuration mode 2-2

global leave, IGMP 24-13

guest VLAN and IEEE 802.1x 10-13

guide

audience xlv

purpose of xlv

guide mode 1-3

GUIs

See device manager and Network Assistant

H

hardware limitations and Layer 3 interfaces 11-33

hello time

MSTP 19-22

STP 18-22

help, for the command line 2-3

hierarchical policy maps 37-8

configuration guidelines 37-35

configuring 37-54

described 37-11

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

history table, level and number of syslog messages 32-10

host names in clusters 6-14

host ports

configuring 16-11

kinds of 16-2

hosts, limit on dynamic ports 13-33

Hot Standby Router Protocol

See HSRP

HP OpenView 1-6

HSRP

authentication string 41-11

automatic cluster recovery 6-13

binding to cluster group 41-12

cluster standby group considerations 6-12

command-switch redundancy 1-1, 1-7

configuring 41-5

default configuration 41-5

definition 41-1

guidelines 41-6

monitoring 41-13

object tracking 43-7

overview 41-1

priority 41-8

routing redundancy 1-12

support for ICMP redirect messages 41-12

switch stack considerations 41-5

timers 41-11

tracking 41-8

See also clusters, cluster standby group, and standby command switch

HSRP for IPv6

configuring 40-25

guidelines 40-24

HTTP(S) Over IPv6 40-8

HTTP over SSL

see HTTPS

HTTPS

configuring 9-46

described 9-43

self-signed certificate 9-43

HTTP secure server 9-43

I

IBPG 39-45

ICMP

IPv6 40-4

redirect messages 39-12

support for 1-13

time-exceeded messages 48-18

traceroute and 48-18

unreachable messages 35-20

unreachable messages and IPv6 36-4

unreachables and ACLs 35-22

ICMP Echo operation

configuring 42-12

IP SLAs 42-11

ICMP ping

executing 48-15

overview 48-15

ICMP Router Discovery Protocol

See IRDP

ICMPv6 40-4

IDS appliances

and ingress RSPAN 30-25

and ingress SPAN 30-16

IEEE 802.1D

See STP

IEEE 802.1p 15-1

IEEE 802.1Q

and trunk ports 11-3

configuration limitations 13-19

encapsulation 13-16

native VLAN for untagged traffic 13-23

tunneling

compatibility with other features 17-6

defaults 17-4

described 17-1

tunnel ports with other features 17-6

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3af

See PoE

IEEE 802.3x flow control 11-25

ifIndex values, SNMP 33-6

IFS 1-6

IGMP

configurable leave timer

described 24-6

enabling 24-12

configuring the switch

as a member of a group 45-39

statically connected member 45-43

controlling access to groups 45-40

default configuration 45-39

deleting cache entries 45-62

displaying groups 45-63

fast switching 45-44

flooded multicast traffic

controlling the length of time 24-13

disabling on an interface 24-14

global leave 24-13

query solicitation 24-13

recovering from flood mode 24-13

host-query interval, modifying 45-41

joining multicast group 24-3

join messages 24-3

leave processing, enabling 24-11, 25-9

leaving multicast group 24-5

multicast reachability 45-39

overview 45-3

queries 24-4

report suppression

described 24-6

disabling 24-16, 25-11

supported versions 24-3

support for 1-4

Version 1

changing to Version 2 45-41

described 45-3

Version 2

changing to Version 1 45-41

described 45-3

maximum query response time value 45-43

pruning groups 45-43

query timeout value 45-42

IGMP filtering

configuring 24-25

default configuration 24-25

described 24-24

monitoring 24-29

support for 1-5

IGMP groups

configuring filtering 24-28

setting the maximum number 24-27

IGMP helper 45-6

IGMP Immediate Leave

configuration guidelines 24-12

described 24-6

enabling 24-11

IGMP profile

applying 24-26

configuration mode 24-25

configuring 24-26

IGMP snooping

and address aliasing 24-2

and stack changes 24-7

configuring 24-7

default configuration 24-7, 25-6

definition 24-2

enabling and disabling 24-8, 25-7

global configuration 24-8

Immediate Leave 24-6

in the switch stack 24-7

method 24-9

monitoring 24-16, 25-11

querier

configuration guidelines 24-15

configuring 24-15

supported versions 24-3

support for 1-4

VLAN configuration 24-8

IGMP throttling

configuring 24-28

default configuration 24-25

described 24-25

displaying action 24-29

IGP 39-25

Immediate Leave, IGMP

described 24-6

enabling 25-9

inaccessible authentication bypass 10-15

initial configuration

defaults 1-15

Express Setup 1-2

See also getting started guide and hardware installation guide

interface

number 11-13

range macros 11-16

interface command11-13to 11-14

interface configuration mode 2-3

interfaces

auto-MDIX, configuring 11-26

configuring

procedure 11-13

counters, clearing 11-41

default configuration 11-22

described 11-31

descriptive name, adding 11-31

displaying information about 11-40

duplex and speed configuration guidelines 11-23

flow control 11-25

management 1-5

monitoring 11-40

naming 11-31

physical, identifying 11-12, 11-13

range of 11-14

restarting 11-42

shutting down 11-42

speed and duplex, configuring 11-24

status 11-40

supported 11-12

types of 11-1

interfaces range macro command 11-16

interface types 11-13

Interior Gateway Protocol

See IGP

internal BGP

See IBGP

internal neighbors, BGP 39-49

internal power supplies

See power supplies

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

Internet Protocol version 6

See IPv6

Inter-Switch Link

See ISL

inter-VLAN routing 1-13, 39-2

Intrusion Detection System

See IDS appliances

inventory management TLV 28-6

IP ACLs

for QoS classification 37-7

implicit deny 35-10, 35-14

implicit masks 35-10

named 35-15

undefined 35-21

IP addresses

128-bit 40-2

candidate or member 6-4, 6-14

classes of 39-7

cluster access 6-2

command switch 6-3, 6-12, 6-14

default configuration 39-6

discovering 7-28

for IP routing 39-5

IPv6 40-2

MAC address association 39-9

monitoring 39-18

redundant clusters 6-12

standby command switch 6-12, 6-14

See also IP information

IP base feature set 1-1

IP broadcast address 39-17

ip cef distributed command 39-81

IP directed broadcasts 39-15

ip igmp profile command 24-25

IP information

assigned

manually 3-14

through DHCP-based autoconfiguration 3-3

default configuration 3-3

IP multicast routing

addresses

all-hosts 45-3

all-multicast-routers 45-3

host group address range 45-3

administratively-scoped boundaries, described 45-47

and IGMP snooping 24-2

Auto-RP

adding to an existing sparse-mode cloud 45-26

benefits of 45-26

clearing the cache 45-62

configuration guidelines 45-12

filtering incoming RP announcement messages 45-28

overview 45-6

preventing candidate RP spoofing 45-28

preventing join messages to false RPs 45-28

setting up in a new internetwork 45-26

using with BSR 45-34

bootstrap router

configuration guidelines 45-12

configuring candidate BSRs 45-32

configuring candidate RPs 45-33

defining the IP multicast boundary 45-31

defining the PIM domain border 45-30

overview 45-7

using with Auto-RP 45-34

Cisco implementation 45-2

configuring

basic multicast routing 45-12

IP multicast boundary 45-47

default configuration 45-10

enabling

multicast forwarding 45-13

PIM mode 45-14

group-to-RP mappings

Auto-RP 45-6

BSR 45-7

MBONE

deleting sdr cache entries 45-62

described 45-45

displaying sdr cache 45-63

enabling sdr listener support 45-46

limiting DVMRP routes advertised 45-57

limiting sdr cache entry lifetime 45-46

SAP packets for conference session announcement 45-45

Session Directory (sdr) tool, described 45-45

monitoring

packet rate loss 45-63

peering devices 45-63

tracing a path 45-63

multicast forwarding, described 45-8

PIMv1 and PIMv2 interoperability 45-11

protocol interaction 45-2

reverse path check (RPF) 45-8

routing table

deleting 45-62

displaying 45-63

RP

assigning manually 45-24

configuring Auto-RP 45-26

configuring PIMv2 BSR 45-30

monitoring mapping information 45-35

using Auto-RP and BSR 45-34

stacking

stack master functions 45-10

stack member functions 45-10

statistics, displaying system and network 45-62

See also CGMP

See also DVMRP

See also IGMP

See also PIM

IP phones

and QoS 15-1

automatic classification and queueing 37-22

configuring 15-4

ensuring port security with QoS 37-40

trusted boundary for QoS 37-40

IP precedence 37-2

IP-precedence-to-DSCP map for QoS 37-63

IP protocols

in ACLs 35-12

routing 1-12

IP protocols in ACLs 35-12

IP routes, monitoring 39-95

IP routing

connecting interfaces with 11-12

disabling 39-19

enabling 39-19

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 42-1

IP services feature set 1-2

IP SLAs

benefits 42-2

configuration guidelines 42-6

configuring object tracking 43-9

Control Protocol 42-4

default configuration 42-6

definition 42-1

ICMP echo operation 42-11

measuring network performance 42-3

monitoring 42-14

multioperations scheduling 42-5

object tracking 43-9

operation 42-3

reachability tracking 43-9

responder

described 42-4

enabling 42-8

response time 42-4

scheduling 42-5

SNMP support 42-2

supported metrics 42-2

threshold monitoring 42-6

track object monitoring agent, configuring 43-11

track state 43-9

UDP jitter operation 42-8

IP source guard

and DHCP snooping 22-16

and EtherChannels 22-18

and hardware entries 22-18

and IEEE 802.1x 22-18

and port security 22-18

and private VLANs 22-18

and routed ports 22-17

and trunk interfaces 22-18

and VRF 22-18

binding configuration

automatic 22-16

manual 22-16

binding table 22-16

configuration guidelines 22-17

default configuration 22-17

described 22-16

disabling 22-19

displaying

bindings 22-20

configuration 22-20

enabling 22-18

filtering

source IP address 22-17

source IP and MAC address 22-17

source IP address filtering 22-17

source IP and MAC address filtering 22-17

static bindings

adding 22-18

deleting 22-19

IP traceroute

executing 48-18

overview 48-18

IP unicast routing

address resolution 39-9

administrative distances 39-84, 39-93

ARP 39-10

assigning IP addresses to Layer 3 interfaces 39-7

authentication keys 39-94

broadcast

address 39-17

flooding 39-17

packets 39-14

storms 39-14

classless routing 39-8

configuring static routes 39-83

default

addressing configuration 39-6

gateways 39-12

networks 39-84

routes 39-84

routing 39-3

directed broadcasts 39-15

disabling 39-19

dynamic routing 39-3

enabling 39-19

EtherChannel Layer 3 interface 39-5

IGP 39-25

inter-VLAN 39-2

IP addressing

classes 39-7

configuring 39-5

IPv6 40-3

IRDP 39-13

Layer 3 interfaces 39-5

MAC address and IP address 39-9

passive interfaces 39-92

protocols

distance-vector 39-3

dynamic 39-3

link-state 39-3

proxy ARP 39-10

redistribution 39-85

reverse address resolution 39-9

routed ports 39-5

static routing 39-3

steps to configure 39-5

subnet mask 39-7

subnet zero 39-7

supernet 39-8

UDP 39-16

unicast reverse path forwarding 1-13, 39-80

with SVIs 39-5

See also BGP

See also EIGRP

See also OSPF

See also RIP

IPv4 ACLs

applying to interfaces 35-20

extended, creating 35-11

named 35-15

standard, creating 35-10

IPv4 and IPv6

port-based trust 8-2, 37-2

IPv6

ACLs

displaying 36-9

limitations 36-3

matching criteria 36-3

port 36-2

precedence 36-2

router 36-2

supported 36-3

addresses 40-2

address formats 40-2

and switch stacks 40-9

applications 40-5

assigning address 40-11

autoconfiguration 40-5

CEFv6 40-19

default configuration 40-10

default router preference (DRP) 40-4

defined 40-1

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 40-7

EIGRP IPv6 Commands 40-7

Router ID 40-7

feature limitations 40-8

features not supported 40-8

forwarding 40-11

ICMP 40-4

monitoring 40-27

neighbor discovery 40-4

OSPF 40-6

path MTU discovery 40-4

SDM templates 8-2, 25-1, 36-1

stack master functions 40-9

Stateless Autoconfiguration 40-5

supported features 40-2

switch limitations 40-8

understanding static routes 40-6

IPv6 traffic, filtering 36-4

IRDP

configuring 39-13

definition 39-13

support for 1-13

ISL

and IPv6 40-3

and trunk ports 11-3

encapsulation 1-9, 13-16

trunking with IEEE 802.1 tunneling 17-5

isolated port 16-2

isolated VLANs 16-2, 16-3

J

join messages, IGMP 24-3

K

KDC

described 9-32

See also Kerberos

keepalive messages 18-2

Kerberos

authenticating to

boundary switch 9-34

KDC 9-34

network services 9-35

configuration examples 9-32

configuring 9-35

credentials 9-32

cryptographic software image 9-32

described 9-32

KDC 9-32

operation 9-34

realm 9-33

server 9-33

support for 1-11

switch as trusted third party 9-32

terms 9-33

TGT 9-34

tickets 9-32

key distribution center

See KDC

L

l2protocol-tunnel command 17-13

LACP

Layer 2 protocol tunneling 17-9

See EtherChannel

Layer 2 frames, classification with CoS 37-2

Layer 2 interfaces, default configuration 11-22

Layer 2 protocol tunneling

configuring 17-10

configuring for EtherChannels 17-14

default configuration 17-11

defined 17-8

guidelines 17-12

Layer 2 traceroute

and ARP 48-17

and CDP 48-16

broadcast traffic 48-16

described 48-16

IP addresses and subnets 48-17

MAC addresses and VLANs 48-17

multicast traffic 48-17

multiple devices on a port 48-17

unicast traffic 48-16

usage guidelines 48-16

Layer 3 features 1-12

Layer 3 interfaces

assigning IP addresses to 39-7

assigning IPv4 and IPv6 addresses to 40-14

assigning IPv6 addresses to 40-11

changing from Layer 2 mode 39-7, 39-71, 39-72

types of 39-5

Layer 3 packets, classification methods 37-2

LDAP 4-2

Leaking IGMP Reports 21-4

LEDs, switch

See hardware installation guide

Lightweight Directory Access Protocol

See LDAP

line configuration mode 2-3

Link Aggregation Control Protocol

See EtherChannel

Link Failure, detecting unidirectional 19-8

Link Layer Discovery Protocol

See CDP

link local unicast addresses 40-3

link redundancy

See Flex Links

links, unidirectional 29-1

link state advertisements (LSAs) 39-31

link-state protocols 39-3

link-state tracking

configuring 38-26

described 38-23

LLDP

configuring

characteristics 28-4

default configuration 28-3

globally 28-5

on an interface 28-5

disabling and enabling

globally 28-5

on an interface 28-5

monitoring and maintaining 28-7

overview 28-1

supported TLVs 28-2

switch stack considerations 28-2

transmission timer and holdtime, setting 28-4

LLDP-MED

configuring 28-3

configuring TLVs 28-6

monitoring and maintaining 28-7

overview 28-1, 28-2

supported TLVs 28-2

LLDP Media Endpoint Discovery

See LLDP-MED

load balancing 41-4

local SPAN 30-2

location TLV 28-3, 28-6

logging messages, ACL 35-9

login authentication

with RADIUS 9-23

with TACACS+ 9-14

login banners 7-17

log messages

See system message logging

Long-Reach Ethernet (LRE) technology 1-19, 1-31

loop guard

described 20-11

enabling 20-18

support for 1-8

LRE profiles, considerations in switch clusters 6-17

M

MAC addresses

aging time 7-21

and VLAN association 7-20

building the address table 7-20

default configuration 7-21

disabling learning on a VLAN 7-27

discovering 7-28

displaying 7-28

displaying in the IP source binding table 22-20

dynamic

learning 7-20

removing 7-22

in ACLs 35-27

IP address association 39-9

static

adding 7-25

allowing 7-26, 7-27

characteristics of 7-24

dropping 7-26

removing 7-25

MAC address learning 1-6

MAC address learning, disabling on a VLAN 7-27

MAC address notification, support for 1-14

MAC address-table move update

configuration guidelines 21-8

configuring 21-12

default configuration 21-8

description 21-6

monitoring 21-14

MAC address-to-VLAN mapping 13-28

MAC authentication bypass 10-10

MAC extended access lists

applying to Layer 2 interfaces 35-28

configuring for QoS 37-47

creating 35-27

defined 35-27

for QoS classification 37-5

macros

See Smartports macros

magic packet 10-18

manageability features 1-6

management access

in-band

browser session 1-7

CLI session 1-7

device manager 1-7

SNMP 1-7

out-of-band console port connection 1-7

management options

CLI 2-1

clustering 1-4

CNS 4-1

Network Assistant 1-3

overview 1-5

switch stacks 1-3

management VLAN

considerations in switch clusters 6-8

discovery through different management VLANs 6-8

mapping tables for QoS

configuring

CoS-to-DSCP 37-62

DSCP 37-62

DSCP-to-CoS 37-65

DSCP-to-DSCP-mutation 37-66

IP-precedence-to-DSCP 37-63

policed-DSCP 37-64

described 37-12

marking

action in policy map 37-50

action with aggregate policers 37-60

described 37-4, 37-8

matching IPv4 ACLs 35-8

maximum aging time

MSTP 19-24

STP 18-23

maximum hop count, MSTP 19-24

maximum number of allowed devices, port-based authentication 10-29

maximum-paths command 39-53, 39-83

MDA

configuration guidelines10-20to 10-21

described 1-10, 10-20

exceptions with authentication process 10-4

membership mode, VLAN port 13-3

member switch

automatic discovery 6-5

defined 6-2

managing 6-17

passwords 6-14

recovering from lost connectivity 48-12

requirements 6-4

See also candidate switch, cluster standby group, and standby command switch

messages, to users through banners 7-17

metrics, in BGP 39-53

metric translations, between routing protocols 39-88

metro tags 17-2

MHSRP 41-4

MIBs

accessing files with FTP 50-4

location of files 50-4

overview 33-1

SNMP interaction with 33-4

supported 50-1

mini-point-of-presence

See POP

mirroring traffic for analysis 30-1

mismatches, autonegotiation 48-12

module number 11-13

monitoring

access groups 35-40

BGP 39-64

cables for unidirectional links 29-1

CDP 27-5

CEF 39-82

EIGRP 39-44

fallback bridging 47-11

features 1-14

Flex Links 21-14

HSRP 41-13

IEEE 802.1Q tunneling 17-18

IGMP

filters 24-29

snooping 24-16, 25-11

interfaces 11-40

IP

address tables 39-18

multicast routing 45-62

routes 39-95

IP SLAs operations 42-14

IPv4 ACL configuration 35-40

IPv6 40-27

IPv6 ACL configuration 36-9

Layer 2 protocol tunneling 17-18

MAC address-table move update 21-14

MSDP peers 46-19

multicast router interfaces 24-17, 25-12

multi-VRF CE 39-80

MVR 24-24

network traffic for analysis with probe 30-2

object tracking 43-12

OSPF 39-36

port

blocking 26-19

protection 26-19

private VLANs 16-15

RP mapping information 45-35

SFP status 11-41, 48-14

source-active messages 46-19

speed and duplex mode 11-25

SSM mapping 45-22

traffic flowing among switches 31-1

traffic suppression 26-19

tunneling 17-18

VLAN

filters 35-41

maps 35-41

VLANs 13-16

VMPS 13-32

VTP 14-16

mrouter Port 21-3

mrouter port 21-5

MSDP

benefits of 46-3

clearing MSDP connections and statistics 46-19

controlling source information

forwarded by switch 46-12

originated by switch 46-8

received by switch 46-14

default configuration 46-4

dense-mode regions

sending SA messages to 46-17

specifying the originating address 46-18

filtering

incoming SA messages 46-14

SA messages to a peer 46-12

SA requests from a peer 46-11

join latency, defined 46-6

meshed groups

configuring 46-16

defined 46-16

originating address, changing 46-18

overview 46-1

peer-RPF flooding 46-2

peers

configuring a default 46-4

monitoring 46-19

peering relationship, overview 46-1

requesting source information from 46-8

shutting down 46-16

source-active messages

caching 46-6

clearing cache entries 46-19

defined 46-2

filtering from a peer 46-11

filtering incoming 46-14

filtering to a peer 46-12

limiting data with TTL 46-14

monitoring 46-19

restricting advertised sources 46-9

support for 1-13

MSTP

boundary ports

configuration guidelines 19-16

described 19-6

BPDU filtering

described 20-3

enabling 20-14

BPDU guard

described 20-2

enabling 20-13

CIST, described 19-3

CIST regional root 19-3

CIST root 19-5

configuration guidelines 19-15, 20-12

configuring

forward-delay time 19-23

hello time 19-22

link type for rapid convergence 19-24

maximum aging time 19-24

maximum hop count 19-24

MST region 19-16

neighbor type 19-25

path cost 19-21

port priority 19-20

root switch 19-17

secondary root switch 19-19

switch priority 19-22

CST

defined 19-3

operations between regions 19-4

default configuration 19-15

default optional feature configuration 20-12

displaying status 19-26

enabling the mode 19-16

EtherChannel guard

described 20-10

enabling 20-17

extended system ID

effects on root switch 19-18

effects on secondary root switch 19-19

unexpected behavior 19-18

IEEE 802.1s

implementation 19-6

port role naming change 19-7

terminology 19-5

instances supported 18-10

interface state, blocking to forwarding 20-2

interoperability and compatibility among modes 18-11

interoperability with IEEE 802.1D

described 19-9

restarting migration process 19-26

IST

defined 19-3

master 19-3

operations within a region 19-3

loop guard

described 20-11

enabling 20-18

mapping VLANs to MST instance 19-16

MST region

CIST 19-3

configuring 19-16

described 19-2

hop-count mechanism 19-5

IST 19-3

supported spanning-tree instances 19-2

optional features supported 1-8

overview 19-2

Port Fast

described 20-2

enabling 20-12

preventing root switch selection 20-10

root guard

described 20-10

enabling 20-18

root switch

configuring 19-18

effects of extended system ID 19-18

unexpected behavior 19-18

shutdown Port Fast-enabled port 20-2

stack changes, effects of 19-8

status, displaying 19-26

MTU

system 11-35

system jumbo 11-34

system routing 11-35

multicast groups

Immediate Leave 24-6

joining 24-3

leaving 24-5

static joins 24-11, 25-8

multicast packets

ACLs on 35-40

blocking 26-8

multicast router interfaces, monitoring 24-17, 25-12

multicast router ports, adding 24-10, 25-8

Multicast Source Discovery Protocol

See MSDP

multicast storm 26-1

multicast storm-control command 26-4

multicast television application 24-19

multicast VLAN 24-18

Multicast VLAN Registration

See MVR

multidomain authentication

See MDA

multioperations scheduling, IP SLAs 42-5

Multiple HSRP

See MHSRP

multiple VPN routing/forwarding in customer edge devices

See multi-VRF CE

multi-VRF CE

configuration example 39-76

configuration guidelines 39-68

configuring 39-68

default configuration 39-68

defined 39-65

displaying 39-80

monitoring 39-80

network components 39-68

packet-forwarding process 39-67

support for 1-13

MVR

and address aliasing 24-21

and IGMPv3 24-21

configuration guidelines 24-21

configuring interfaces 24-22

default configuration 24-20

described 24-18

example application 24-19

in the switch stack 24-20

modes 24-22

monitoring 24-24

multicast television application 24-19

setting global parameters 24-21

support for 1-5

N

NAC

AAA down policy 1-11

critical authentication 10-15, 10-43

IEEE 802.1x authentication using a RADIUS server 10-47

IEEE 802.1x validation using RADIUS server 10-47

inaccessible authentication bypass 1-11, 10-43

Layer 2 IEEE 802.1x validation 1-11, 10-47

Layer 2 IEEE802.1x validation 10-19

Layer 2 IP validation 1-11

named IPv4 ACLs 35-15

named IPv6 ACLs 36-3

NameSpace Mapper

See NSM

native VLAN

and IEEE 802.1Q tunneling 17-4

configuring 13-23

default 13-23

neighbor discovery, IPv6 40-4

neighbor discovery/recovery, EIGRP 39-37

neighbors, BGP 39-59

Network Admission Control

See NAC

Network Assistant

benefits 1-2

described 1-5

downloading image files 1-3

guide mode 1-3

management options 1-3

managing switch stacks 5-2, 5-16

requirements xlvi

upgrading a switch 51-24

wizards 1-3

network configuration examples

cost-effective wiring closet 1-20

high-performance wiring closet 1-21

increasing network performance 1-18

large network 1-28

long-distance, high-bandwidth transport 1-32

multidwelling network 1-31

providing network services 1-19

redundant Gigabit backbone 1-23

server aggregation and Linux server cluster 1-23

small to medium-sized network 1-25

network design

performance 1-18

services 1-19

network management

CDP 27-1

RMON 31-1

SNMP 33-1

network performance, measuring with IP SLAs 42-3

network policy TLV 28-6

Network Time Protocol

See NTP

no commands 2-4

nonhierarchical policy maps

configuration guidelines 37-35

configuring 37-50

described 37-9

non-IP traffic filtering 35-27

nontrunking mode 13-18

normal-range VLANs 13-4

configuration guidelines 13-6

configuration modes 13-7

configuring 13-4

defined 13-1

no switchport command 11-4

note, described xlvi

not-so-stubby areas

See NSSA

NSM 4-3

NSSA, OSPF 39-31

NTP

associations

authenticating 7-4

defined 7-2

enabling broadcast messages 7-6

peer 7-5

server 7-5

default configuration 7-4

displaying the configuration 7-11

overview 7-2

restricting access

creating an access group 7-8

disabling NTP services per interface 7-10

source IP address, configuring 7-10

stratum 7-2

support for 1-6

synchronizing devices 7-5

time

services 7-2

synchronizing 7-2

O

OBFL

configuring 48-26

described 48-26

displaying 48-27

object tracking

HSRP 43-7

IP SLAs 43-9

IP SLAs, configuring 43-9

monitoring 43-12

offline configuration for switch stacks 5-8

on-board failure logging

See OBFL

online diagnostics

described 49-1

overview 49-1

running tests 49-5

Open Shortest Path First

See OSPF

optimizing system resources 8-1

options, management 1-5

OSPF

area parameters, configuring 39-31

configuring 39-29

default configuration

metrics 39-33

route 39-33

settings 39-27

described 39-25

for IPv6 40-6

interface parameters, configuring 39-30

LSA group pacing 39-35

monitoring 39-36

router IDs 39-35

route summarization 39-32

support for 1-13

virtual links 39-33

out-of-profile markdown 1-12

P

packet modification, with QoS 37-21

PAgP

Layer 2 protocol tunneling 17-9

See EtherChannel

parallel paths, in routing tables 39-82

passive interfaces

configuring 39-92

OSPF 39-33

passwords

default configuration 9-2

disabling recovery of 9-5

encrypting 9-3

for security 1-9

in clusters 6-15

overview 9-1

recovery of 48-3

setting

enable 9-3

enable secret 9-3

Telnet 9-6

with usernames 9-6

VTP domain 14-8

path cost

MSTP 19-21

STP 18-20

path MTU discovery 40-4

PBR

defined 39-88

enabling 39-90

fast-switched policy-based routing 39-91

local policy-based routing 39-91

PC (passive command switch) 6-11

peers, BGP 39-59

percentage thresholds in tracked lists 43-6

performance, network design 1-18

performance features 1-4

persistent self-signed certificate 9-43

per-VLAN spanning-tree plus

See PVST+

PE to CE routing, configuring 39-75

physical ports 11-2

PIM

default configuration 45-10

dense mode

overview 45-4

rendezvous point (RP), described 45-5

RPF lookups 45-8

displaying neighbors 45-63

enabling a mode 45-14

overview 45-4

router-query message interval, modifying 45-38

shared tree and source tree, overview 45-35

shortest path tree, delaying the use of 45-37

sparse mode

join messages and shared tree 45-5

overview 45-5

prune messages 45-5

RPF lookups 45-9

stub routing

configuration guidelines 45-23

enabling 45-23

overview 45-5

support for 1-13

versions

interoperability 45-11

troubleshooting interoperability problems 45-35

v2 improvements 45-4

PIM-DVMRP, as snooping method 24-9

ping

character output description 48-16

executing 48-15

overview 48-15

PoE

auto mode 11-9

CDP with power consumption, described 11-7

CDP with power negotiation, described 11-7

Cisco intelligent power management 11-7

configuring 11-27

devices supported 11-6

high-power devices operating in low-power mode 11-7

IEEE power classification levels 11-8

monitoring 11-10

monitoring power 11-30

policing power consumption 11-30

policing power usage 11-10

power budgeting 11-28

power consumption 11-28

powered-device detection and initial power allocation 11-7

power management modes 11-9

power negotiation extensions to CDP 11-7

standards supported 11-7

static mode 11-9

supported watts per port 11-7

troubleshooting 48-13

policed-DSCP map for QoS 37-64

policers

configuring

for each matched traffic class 37-50

for more than one traffic class 37-60

described 37-4

displaying 37-80

number of 37-36

types of 37-9

policing

described 37-4

hierarchical

See hierarchical policy maps

token-bucket algorithm 37-9

policy-based routing

See PBR

policy maps for QoS

characteristics of 37-50

described 37-7

displaying 37-80

hierarchical 37-8

hierarchical on SVIs

configuration guidelines 37-35

configuring 37-54

described 37-11

nonhierarchical on physical ports

configuration guidelines 37-35

configuring 37-50

described 37-9

POP 1-31

port ACLs

defined 35-2

types of 35-3

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting 10-9

authentication server

defined 10-3

RADIUS server 10-3

client, defined 10-2

configuration guidelines 10-27

configuring

802.1x authentication 10-32

guest VLAN 10-40

host mode 10-35

inaccessible authentication bypass 10-43

manual re-authentication of a client 10-36

periodic re-authentication 10-36

quiet period 10-37

RADIUS server 10-34

RADIUS server parameters on the switch 10-33

restricted VLAN 10-41

switch-to-client frame-retransmission number 10-38, 10-39

switch-to-client retransmission time 10-37

violation mode 10-18

violation modes10-31to 10-32

default configuration 10-25

described 10-1

device roles 10-2

displaying statistics 10-52

EAPOL-start frame 10-5

EAP-request/identity frame 10-5

EAP-response/identity frame 10-5

encapsulation 10-3

guest VLAN

configuration guidelines 10-14, 10-15

described 10-13

host mode 10-8

inaccessible authentication bypass

configuring 10-43

described 10-15

guidelines 10-28

initiation and message exchange 10-5

magic packet 10-18

maximum number of allowed devices per port 10-29

method lists 10-32

multiple-hosts mode, described 10-8

per-user ACLs

AAA authorization 10-32

configuration tasks 10-13

described 10-12

RADIUS server attributes 10-12

ports

authorization state and dot1x port-control command 10-7

authorized and unauthorized 10-7

critical 10-15

voice VLAN 10-16

port security

and voice VLAN 10-17

described 10-17

interactions 10-17

multiple-hosts mode 10-8

readiness check

configuring 10-29

described 10-10, 10-29

resetting to default values 10-51

stack changes, effects of 10-7

statistics, displaying 10-52

switch

as proxy 10-3

RADIUS client 10-3

VLAN assignment

AAA authorization 10-32

characteristics 10-11

configuration tasks 10-11

described 10-10

voice aware 802.1x security

configuring 10-30

described 10-24, 10-30

voice VLAN

described 10-16

PVID 10-16

VVID 10-16

wake-on-LAN, described 10-18

port-based trust

IPv4 and IPv6 8-2, 37-2

port blocking 1-4, 26-7

port-channel

See EtherChannel

Port Fast

described 20-2

enabling 20-12

mode, spanning tree 13-29

support for 1-8

port membership modes, VLAN 13-3

port priority

MSTP 19-20

STP 18-18

ports

10-Gigabit Ethernet 11-6

access 11-3

blocking 26-7

dynamic access 13-4

protected 26-6

routed 11-4

secure 26-8

static-access 13-3, 13-11

switch 11-2

trunks 13-3, 13-16

VLAN assignments 13-11

port security

aging 26-17

and private VLANs 26-18

and QoS trusted boundary 37-40

and stacking 26-18

configuring 26-13

default configuration 26-11

described 26-8

displaying 26-19

enabling 26-18

on trunk ports 26-14

sticky learning 26-9

violations 26-10

with other features 26-11

port-shutdown response, VMPS 13-28

power management TLV 28-6

Power over Ethernet

See PoE

power supply

configuring 11-39

managing 11-39

preemption, default configuration 21-8

preemption delay, default configuration 21-8

preferential treatment of traffic

See QoS

prefix lists, BGP 39-57

preventing unauthorized access 9-1

primary interface for object tracking, DHCP, configuring 43-11

primary interface for static routing, configuring 43-10

primary links 21-2

primary VLANs 16-1, 16-3

priority

HSRP 41-8

overriding CoS 15-6

trusting CoS 15-6

private VLAN edge ports

See protected ports

private VLANs

across multiple switches 16-4

and SDM template 16-4

and SVIs 16-5

and switch stacks 16-5

benefits of 16-1

community ports 16-2

community VLANs 16-2, 16-3

configuration guidelines 16-7, 16-8

configuration tasks 16-6

configuring 16-10

default configuration 16-6

end station access to 16-3

IP addressing 16-3

isolated port 16-2

isolated VLANs 16-2, 16-3

mapping 16-14

monitoring 16-15

ports

community 16-2

configuration guidelines 16-8

configuring host ports 16-11

configuring promiscuous ports 16-13

isolated 16-2

promiscuous 16-2

primary VLANs 16-1, 16-3

promiscuous ports 16-2

secondary VLANs 16-2

subdomains 16-1

traffic in 16-5

privileged EXEC mode 2-2

privilege levels

changing the default for lines 9-9

command switch 6-18

exiting 9-9

logging into 9-9

mapping on member switches 6-18

overview 9-2, 9-7

setting a command with 9-8

promiscuous ports

configuring 16-13

defined 16-2

protected ports 1-9, 26-6

protocol-dependent modules, EIGRP 39-37

Protocol-Independent Multicast Protocol

See PIM

provider edge devices 39-66

provisioning new members for a switch stack 5-8

proxy ARP

configuring 39-12

definition 39-10

with IP routing disabled 39-12

proxy reports 21-4

pruning, VTP

disabling

in VTP domain 14-14

on a port 13-23

enabling

in VTP domain 14-14

on a port 13-22

examples 14-5

overview 14-4

pruning-eligible list

changing 13-22

for VTP pruning 14-5

VLANs 14-14

PVST+

described 18-10

IEEE 802.1Q trunking interoperability 18-11

instances supported 18-10

Q

QoS

and MQC commands 37-1

auto-QoS

categorizing traffic 37-23

configuration and defaults display 37-32

configuration guidelines 37-27

described 37-22

disabling 37-29

displaying generated commands 37-29

displaying the initial configuration 37-32

effects on running configuration 37-27

egress queue defaults 37-23

enabling for VoIP 37-28

example configuration 37-30

ingress queue defaults 37-23

list of generated commands 37-24

basic model 37-4

classification

class maps, described 37-7

defined 37-4

DSCP transparency, described 37-41

flowchart 37-6

forwarding treatment 37-3

in frames and packets 37-3

IP ACLs, described 37-5, 37-7

MAC ACLs, described 37-5, 37-7

options for IP traffic 37-5

options for non-IP traffic 37-5

policy maps, described 37-7

trust DSCP, described 37-5

trusted CoS, described 37-5

trust IP precedence, described 37-5

class maps

configuring 37-48

displaying 37-80

configuration guidelines

auto-QoS 37-27

standard QoS 37-35

configuring

aggregate policers 37-60

auto-QoS 37-22

default port CoS value 37-39

DSCP maps 37-62

DSCP transparency 37-41

DSCP trust states bordering another domain 37-42

egress queue characteristics 37-72

ingress queue characteristics 37-68

IP extended ACLs 37-46

IP standard ACLs 37-45

MAC ACLs 37-47

policy maps, hierarchical 37-54

policy maps on physical ports 37-50

port trust states within the domain 37-38

trusted boundary 37-40

default auto configuration 37-23

default standard configuration 37-33

displaying statistics 37-80

DSCP transparency 37-41

egress queues

allocating buffer space 37-73

buffer allocation scheme, described 37-19

configuring shaped weights for SRR 37-77

configuring shared weights for SRR 37-78

described 37-4

displaying the threshold map 37-76

flowchart 37-18

mapping DSCP or CoS values 37-75

scheduling, described 37-4

setting WTD thresholds 37-73

WTD, described 37-21

enabling globally 37-37

flowcharts

classification 37-6

egress queueing and scheduling 37-18

ingress queueing and scheduling 37-15

policing and marking 37-10

implicit deny 37-7

ingress queues

allocating bandwidth 37-70

allocating buffer space 37-70

buffer and bandwidth allocation, described 37-17

configuring shared weights for SRR 37-70

configuring the priority queue 37-71

described 37-4

displaying the threshold map 37-69

flowchart 37-15

mapping DSCP or CoS values 37-69

priority queue, described 37-17

scheduling, described 37-4

setting WTD thresholds 37-69

WTD, described 37-17

IP phones

automatic classification and queueing 37-22

detection and trusted settings 37-22, 37-40

limiting bandwidth on egress interface 37-79

mapping tables

CoS-to-DSCP 37-62

displaying 37-80

DSCP-to-CoS 37-65

DSCP-to-DSCP-mutation 37-66

IP-precedence-to-DSCP 37-63

policed-DSCP 37-64

types of 37-12

marked-down actions 37-52, 37-57

marking, described 37-4, 37-8

overview 37-2

packet modification 37-21

policers

configuring 37-52, 37-57, 37-60

described 37-8

displaying 37-80

number of 37-36

types of 37-9

policies, attaching to an interface 37-8

policing

described 37-4, 37-8

token bucket algorithm 37-9

policy maps

characteristics of 37-50

displaying 37-80

hierarchical 37-8

hierarchical on SVIs 37-54

nonhierarchical on physical ports 37-50

QoS label, defined 37-4

queues

configuring egress characteristics 37-72

configuring ingress characteristics 37-68

high priority (expedite) 37-21, 37-78

location of 37-13

SRR, described 37-14

WTD, described 37-14

rewrites 37-21

support for 1-11

trust states

bordering another domain 37-42

described 37-5

trusted device 37-40

within the domain 37-38

quality of service

See QoS

queries, IGMP 24-4

query solicitation, IGMP 24-13

R

RADIUS

attributes

vendor-proprietary 9-30

vendor-specific 9-29

configuring

accounting 9-28

authentication 9-23

authorization 9-27

communication, global 9-21, 9-29

communication, per-server 9-20, 9-21

multiple UDP ports 9-21

default configuration 9-20

defining AAA server groups 9-25

displaying the configuration 9-31

identifying the server 9-20

in clusters 6-17

limiting the services to the user 9-27

method list, defined 9-20

operation of 9-19

overview 9-18

suggested network environments 9-18

support for 1-11

tracking services accessed by user 9-28

range

macro 11-16

of interfaces 11-15

rapid convergence 19-10

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described 18-10

IEEE 802.1Q trunking interoperability 18-11

instances supported 18-10

Rapid Spanning Tree Protocol

See RSTP

RARP 39-10

rcommand command 6-17

RCP

configuration files

downloading 51-18

overview 51-16

preparing the server 51-17

uploading 51-19

image files

deleting old image 51-38

downloading 51-36

preparing the server 51-35

uploading 51-38

reachability, tracking IP SLAs IP host 43-9

readiness check

port-based authentication

configuring 10-29

described 10-10, 10-29

reconfirmation interval, VMPS, changing 13-31

reconfirming dynamic VLAN membership 13-31

recovery procedures 48-1

redundancy

EtherChannel 38-3

HSRP 41-1

STP

backbone 18-8

multidrop backbone 20-5

path cost 13-26

port priority 13-24

redundant links and UplinkFast 20-15

redundant power system

See Cisco Redundant Power System 2300

reliable transport protocol, EIGRP 39-37

reloading software 3-21

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN 30-3

report suppression, IGMP

described 24-6

disabling 24-16, 25-11

requirements

cluster xlvi

device manager xlvi

Network Assistant xlvi

resequencing ACL entries 35-15

resets, in BGP 39-51

resetting a UDLD-shutdown interface 29-6

responder, IP SLAs

described 42-4

enabling 42-8

response time, measuring with IP SLAs 42-4

restricted VLAN

configuring 10-41

described 10-14

using with IEEE 802.1x 10-14

restricting access

NTP services 7-8

overview 9-1

passwords and privilege levels 9-2

RADIUS 9-17

TACACS+ 9-10

retry count, VMPS, changing 13-32

reverse address resolution 39-9

Reverse Address Resolution Protocol

See RARP

RFC

1058, RIP 39-20

1112, IP multicast and IGMP 24-2

1157, SNMPv1 33-2

1163, BGP 39-44

1166, IP addresses 39-7

1253, OSPF 39-25

1267, BGP 39-44

1305, NTP 7-2

1587, NSSAs 39-26

1757, RMON 31-2

1771, BGP 39-44

1901, SNMPv2C 33-2

1902 to 1907, SNMPv2 33-2

2236, IP multicast and IGMP 24-2

2273-2275, SNMPv3 33-2

RIP

advertisements 39-20

authentication 39-23

configuring 39-21

default configuration 39-21

described 39-20

for IPv6 40-6

hop counts 39-20

split horizon 39-23

summary addresses 39-24

support for 1-12

RMON

default configuration 31-3

displaying status 31-6

enabling alarms and events 31-3

groups supported 31-2

overview 31-1

statistics

collecting group Ethernet 31-5

collecting group history 31-5

support for 1-14

root guard

described 20-10

enabling 20-18

support for 1-8

root switch

MSTP 19-17

STP 18-16

route calculation timers, OSPF 39-33

route dampening, BGP 39-63

routed packets, ACLs on 35-39

routed ports

configuring 39-5

defined 11-4

in switch clusters 6-9

IP addresses on 11-33, 39-5

route-map command 39-91

route maps

BGP 39-55

policy-based routing 39-89

router ACLs

defined 35-2

types of 35-4

route reflectors, BGP 39-62

router ID, OSPF 39-35

route selection, BGP 39-53

route summarization, OSPF 39-32

route targets, VPN 39-68

routing

default 39-3

dynamic 39-3

redistribution of information 39-85

static 39-3

routing domain confederation, BGP 39-62

Routing Information Protocol

See RIP

routing protocol administrative distances 39-84

RPS

See Cisco Redundant Power System 2300

RPS 2300

See Cisco Redundant Power System 2300

RSPAN 30-3

and stack changes 30-11

characteristics 30-9

configuration guidelines 30-19

default configuration 30-12

destination ports 30-8

displaying status 30-31

in a switch stack 30-2

interaction with other features 30-10

monitored ports 30-7

monitoring ports 30-8

overview 1-14, 30-1

received traffic 30-6

session limits 30-13

sessions

creating 30-20

defined 30-4

limiting source traffic to specific VLANs 30-22

specifying monitored ports 30-20

with ingress traffic enabled 30-25

source ports 30-7

transmitted traffic 30-6

VLAN-based 30-7

RSTP

active topology 19-10

BPDU

format 19-12

processing 19-13

designated port, defined 19-9

designated switch, defined 19-9

interoperability with IEEE 802.1D

described 19-9

restarting migration process 19-26

topology changes 19-13

overview 19-9

port roles

described 19-9

synchronized 19-11

proposal-agreement handshake process 19-10

rapid convergence

cross-stack rapid convergence 19-11

described 19-10

edge ports and Port Fast 19-10

point-to-point links 19-10, 19-24

root ports 19-10

root port, defined 19-9

See also MSTP

running configuration

replacing 51-20, 51-21

rolling back 51-20, 51-21

saving 3-15

S

SC (standby command switch) 6-11

scheduled reloads 3-21

scheduling, IP SLAs operations 42-5

SCP

and SSH 9-49

configuring 9-49

SDM

described 8-1

switch stack consideration 5-10

templates

configuring 8-5

number of 8-1

SDM template

configuring 8-4

dual IPv4 and IPv6 8-2

types of 8-1

secondary VLANs 16-2

Secure Copy Protocol

secure HTTP client

configuring 9-48

displaying 9-49

secure HTTP server

configuring 9-46

displaying 9-49

secure MAC addresses

and switch stacks 26-18

deleting 26-16

maximum number of 26-10

types of 26-9

secure ports

and switch stacks 26-18

configuring 26-8

secure remote connections 9-38

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port 26-8

security features 1-9

See SCP

sequence numbers in log messages 32-8

server mode, VTP 14-3

service-provider network, MSTP and RSTP 19-1

service-provider networks

and customer VLANs 17-2

and IEEE 802.1Q tunneling 17-1

Layer 2 protocols across 17-8

Layer 2 protocol tunneling for EtherChannels 17-9

set-request operation 33-5

setup program

failed command switch replacement 48-11

replacing failed command switch 48-9

severity levels, defining in system messages 32-9

SFPs

monitoring status of 11-41, 48-14

numbering of 11-13

security and identification 48-13

status, displaying 48-14

shaped round robin

See SRR

show access-lists hw-summary command 35-22

show and more command output, filtering 2-10

show cdp traffic command 27-5

show cluster members command 6-17

show configuration command 11-31

show forward command 48-22

show interfaces command 11-25, 11-31

show interfaces switchport 21-4

show l2protocol command 17-13, 17-15, 17-16

show lldp traffic command 28-8

show platform forward command 48-22

show running-config command

displaying ACLs 35-20, 35-21, 35-31, 35-34

interface description in 11-31

shutdown command on interfaces 11-42

shutdown threshold for Layer 2 protocol packets 17-11

Simple Network Management Protocol

See SNMP

small form-factor pluggable modules

See SFPs

small-frame arrival rate, configuring 26-5

Smartports macros

applying Cisco-default macros 12-6

applying global parameter values 12-5, 12-6

applying macros 12-5

applying parameter values 12-5, 12-7

configuration guidelines 12-2

creating 12-4

default configuration 12-2

defined 12-1

displaying 12-8

tracing 12-3

SNAP 27-1

SNMP

accessing MIB variables with 33-4

agent

described 33-4

disabling 33-8

and IP SLAs 42-2

authentication level 33-11

community strings

configuring 33-8

for cluster switches 33-4

overview 33-4

configuration examples 33-17

default configuration 33-7

engine ID 33-7

groups 33-7, 33-10

host 33-7

ifIndex values 33-6

in-band management 1-7

in clusters 6-15

informs

and trap keyword 33-12

described 33-5

differences from traps 33-5

disabling 33-16

enabling 33-16

limiting access by TFTP servers 33-16

limiting system log messages to NMS 32-10

manager functions 1-6, 33-3

managing clusters with 6-18

MIBs

location of 50-4

supported 50-1

notifications 33-5

overview 33-1, 33-4

security levels 33-3

status, displaying 33-18

system contact and location 33-16

trap manager, configuring 33-14

traps

described 33-3, 33-5

differences from informs 33-5

disabling 33-16

enabling 33-12

enabling MAC address notification 7-22

overview 33-1, 33-5

types of 33-12

users 33-7, 33-10

versions supported 33-2

SNMP and Syslog Over IPv6 40-7

SNMPv1 33-2

SNMPv2C 33-2

SNMPv3 33-2

snooping, IGMP 24-2

software compatibility

See stacks, switch

software images

location in flash 51-25

recovery procedures 48-2

scheduling reloads 3-22

tar file format, described 51-25

See also downloading and uploading

software images in mixed stacks

See the Cisco Software Activation and Compatibility Document

source addresses

in IPv4 ACLs 35-12

in IPv6 ACLs 36-6

source-and-destination-IP address based forwarding, EtherChannel 38-9

source-and-destination MAC address forwarding, EtherChannel 38-9

source-IP address based forwarding, EtherChannel 38-9

source-MAC address forwarding, EtherChannel 38-8

Source-specific multicast

See SSM

SPAN

and stack changes 30-11

configuration guidelines 30-13

default configuration 30-12

destination ports 30-8

displaying status 30-31

interaction with other features 30-10

monitored ports 30-7

monitoring ports 30-8

overview 1-14, 30-1

ports, restrictions 26-12

received traffic 30-6

session limits 30-13

sessions

configuring ingress forwarding 30-17, 30-26

creating 30-14, 30-28

defined 30-4

limiting source traffic to specific VLANs 30-18

removing destination (monitoring) ports 30-15

specifying monitored ports 30-14, 30-28

with ingress traffic enabled 30-16

source ports 30-7

transmitted traffic 30-6

VLAN-based 30-7

spanning tree and native VLANs 13-19

Spanning Tree Protocol

See STP

SPAN traffic 30-6

split horizon, RIP 39-23

SRR

configuring

shaped weights on egress queues 37-77

shared weights on egress queues 37-78

shared weights on ingress queues 37-70

described 37-14

shaped mode 37-14

shared mode 37-15

support for 1-12

SSH

configuring 9-39

cryptographic software image 9-37

described 1-7, 9-38

encryption methods 9-38

switch stack considerations 5-17, 9-38

user authentication methods, supported 9-39

SSL

configuration guidelines 9-45

configuring a secure HTTP client 9-48

configuring a secure HTTP server 9-46

cryptographic software image 9-42

described 9-42

monitoring 9-49

SSM

address management restrictions 45-16

CGMP limitations 45-16

components 45-14

configuration guidelines 45-16

configuring 45-14, 45-17

differs from Internet standard multicast 45-15

IGMP snooping 45-16

IGMPv3 45-15

IGMPv3 Host Signalling 45-16

IP address range 45-15

monitoring 45-17

operations 45-15

PIM 45-14

state maintenance limitations 45-17

SSM mapping 45-17

configuration guidelines 45-18

configuring 45-17, 45-20

DNS-based 45-19, 45-21

monitoring 45-22

overview 45-18

restrictions 45-18

static 45-19, 45-20

static traffic forwarding 45-21

stack changes

effects on

IPv6 routing 40-9

stack changes, effects on

ACL configuration 35-7

CDP 27-2

cross-stack EtherChannel 38-13

EtherChannel 38-10

fallback bridging 47-3

HSRP 41-5

IEEE 802.1x port-based authentication 10-7

IGMP snooping 24-7

IP routing 39-4

IPv6 ACLs 36-4

MAC address tables 7-21

MSTP 19-8

multicast routing 45-10

MVR 24-18

port security 26-18

SDM template selection 8-3

SNMP 33-1

SPAN and RSPAN 30-11

STP 18-12

switch clusters 6-15

system message log 32-2

VLANs 13-6

VTP 14-6

stack master

bridge ID (MAC address) 5-6

defined 5-2

election 5-5

IPv6 40-9

re-election 5-5

See also stacks, switch

stack member

accessing CLI of specific member 5-24

configuring

member number 5-22

priority value 5-22

defined 5-2

displaying information of 5-25

IPv6 40-10

number 5-6

priority value 5-7

provisioning a new member 5-23

replacing 5-15

See also stacks, switch

stack member number 11-13

stack protocol version 5-11

stacks, switch

accessing CLI of specific member 5-24

assigning information

member number 5-22

priority value 5-22

provisioning a new member 5-23

auto-advise 5-12

auto-copy 5-12

auto-extract 5-12

auto-upgrade 5-12

bridge ID 5-6

Catalyst 3750-E-only 5-1

CDP considerations 27-2

compatibility, software 5-10

configuration file 5-15

configuration scenarios 5-18

copying an image file from one member to another 51-39

default configuration 5-20

description of 5-1

displaying information of 5-25

enabling persistent MAC address timer 5-20

hardware compatibility and SDM mismatch mode 5-10

HSRP considerations 41-5

in clusters 6-15

incompatible software and image upgrades 5-15, 51-39

IPv6 on 40-9

MAC address considerations 7-21

MAC address of 5-20

management connectivity 5-16

managing 5-1

managing mixed

See Catalyst 3750-E and 3750 Switch Stacking Compatibility Guide

membership 5-3

merged 5-4

mixed

hardware 5-1

hardware and software 5-2

software 5-2

with Catalyst 3750-E and 3750 switches 5-1

mixed software images

See Cisco Software Activation and Compatibility Document

MSTP instances supported 18-10

multicast routing, stack master and member roles 45-10

offline configuration

described 5-8

effects of adding a provisioned switch 5-8

effects of removing a provisioned switch 5-10

effects of replacing a provisioned switch 5-10

provisioned configuration, defined 5-8

provisioned switch, defined 5-8

provisioning a new member 5-23

partitioned 5-4, 48-8

provisioned switch

adding 5-8

removing 5-10

replacing 5-10

replacing a failed member 5-15

software compatibility 5-10

software image version 5-10

stack protocol version 5-11

STP

bridge ID 18-3

instances supported 18-10

root port selection 18-3

stack root switch election 18-3

system messages

hostnames in the display 32-1

remotely monitoring 32-2

system prompt consideration 7-14

system-wide configuration considerations 5-16

upgrading 51-39

version-mismatch (VM) mode

automatic upgrades with auto-upgrade 5-12

described 5-11

examples 5-13

manual upgrades with auto-advise 5-12

upgrades with auto-extract 5-12

See also stack master and stack member

StackWise Plus technology, Cisco 1-3

See also stacks, switch

standby command switch

configuring

considerations 6-12

defined 6-2

priority 6-11

requirements 6-3

virtual IP address 6-12

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

standby ip command 41-7

standby links 21-2

standby router 41-1

standby timers, HSRP 41-11

startup configuration

booting

manually 3-18

specific image 3-18

clearing 51-20

configuration file

automatically downloading 3-17

specifying the filename 3-17

default boot configuration 3-17

static access ports

assigning to VLAN 13-11

defined 11-3, 13-3

static addresses

See addresses

static IP routing 1-13

static MAC addressing 1-9

static route primary interface, configuring 43-10

static routes

configuring 39-83

understanding 40-6

static routing 39-3

static routing support, enhanced object tracking 43-10

static SSM mapping 45-19, 45-20

static traffic forwarding 45-21

static VLAN membership 13-2

statistics

CDP 27-5

IEEE 802.1x 10-52

interface 11-40

IP multicast routing 45-62

LLDP 28-7

LLDP-MED 28-7

OSPF 39-36

QoS ingress and egress 37-80

RMON group Ethernet 31-5

RMON group history 31-5

SNMP input and output 33-18

VTP 14-16

sticky learning 26-9

storm control

configuring 26-3

described 26-1

disabling 26-5

displaying 26-19

support for 1-4

thresholds 26-2

STP

accelerating root port selection 20-4

BackboneFast

described 20-7

disabling 20-17

enabling 20-16

BPDU filtering

described 20-3

disabling 20-15

enabling 20-14

BPDU guard

described 20-2

disabling 20-14

enabling 20-13

BPDU message exchange 18-3

configuration guidelines 18-13, 20-12

configuring

forward-delay time 18-23

hello time 18-22

maximum aging time 18-23

path cost 18-20

port priority 18-18

root switch 18-16

secondary root switch 18-18

spanning-tree mode 18-15

switch priority 18-21

transmit hold-count 18-24

counters, clearing 18-24

cross-stack UplinkFast

described 20-5

enabling 20-16

default configuration 18-13

default optional feature configuration 20-12

designated port, defined 18-4

designated switch, defined 18-4

detecting indirect link failures 20-8

disabling 18-16

displaying status 18-24

EtherChannel guard

described 20-10

disabling 20-17

enabling 20-17

extended system ID

effects on root switch 18-16

effects on the secondary root switch 18-18

overview 18-4

unexpected behavior 18-16

features supported 1-8

IEEE 802.1D and bridge ID 18-4

IEEE 802.1D and multicast addresses 18-9

IEEE 802.1t and VLAN identifier 18-5

inferior BPDU 18-3

instances supported 18-10

interface state, blocking to forwarding 20-2

interface states

blocking 18-6

disabled 18-7

forwarding 18-6, 18-7

learning 18-7

listening 18-7

overview 18-5

interoperability and compatibility among modes 18-11

keepalive messages 18-2

Layer 2 protocol tunneling 17-8

limitations with IEEE 802.1Q trunks 18-11

load sharing

overview 13-24

using path costs 13-26

using port priorities 13-24

loop guard

described 20-11

enabling 20-18

modes supported 18-10

multicast addresses, effect of 18-9

optional features supported 1-8

overview 18-2

path costs 13-26, 13-27

Port Fast

described 20-2

enabling 20-12

port priorities 13-25

preventing root switch selection 20-10

protocols supported 18-10

redundant connectivity 18-8

root guard

described 20-10

enabling 20-18

root port, defined 18-3

root port selection on a switch stack 18-3

root switch

configuring 18-16

effects of extended system ID 18-4, 18-16

election 18-3

unexpected behavior 18-16

shutdown Port Fast-enabled port 20-2

stack changes, effects of 18-12

status, displaying 18-24

superior BPDU 18-3

timers, described 18-22

UplinkFast

described 20-3

enabling 20-15

VLAN-bridge 18-11

stratum, NTP 7-2

stub areas, OSPF 39-31

stub routing, EIGRP 39-43

subdomains, private VLAN 16-1

subnet mask 39-7

subnet zero 39-7

success response, VMPS 13-28

summer time 7-13

SunNet Manager 1-6

supernet 39-8

SVI autostate exclude

configuring 11-34

defined 11-6

SVI link state 11-6

SVIs

and IP unicast routing 39-5

and router ACLs 35-4

connecting VLANs 11-12

defined 11-5

routing between VLANs 13-2

switch 40-2

switch clustering technology 6-1

See also clusters, switch

switch console port 1-7

Switch Database Management

See SDM

switched packets, ACLs on 35-38

Switched Port Analyzer

See SPAN

switched ports 11-2

switchport backup interface 21-4, 21-5

switchport block multicast command 26-8

switchport block unicast command 26-8

switchport command 11-22

switchport mode dot1q-tunnel command 17-7

switchport protected command 26-7

switch priority

MSTP 19-22

STP 18-21

switch software features 1-1

switch virtual interface

See SVI

synchronization, BGP 39-49

syslog

See system message logging

system clock

configuring

daylight saving time 7-13

manually 7-11

summer time 7-13

time zones 7-12

displaying the time and date 7-12

overview 7-1

See also NTP

system message logging

default configuration 32-4

defining error message severity levels 32-9

disabling 32-4

displaying the configuration 32-14

enabling 32-5

facility keywords, described 32-14

level keywords, described 32-10

limiting messages 32-10

message format 32-2

overview 32-1

sequence numbers, enabling and disabling 32-8

setting the display destination device 32-5

stack changes, effects of 32-2

synchronizing log messages 32-6

syslog facility 1-14

time stamps, enabling and disabling 32-8

UNIX syslog servers

configuring the daemon 32-12

configuring the logging facility 32-13

facilities supported 32-14

system MTU and IEEE 802.1Q tunneling 17-5

system name

default configuration 7-15

default setting 7-15

manual configuration 7-15

See also DNS

system prompt, default setting 7-14, 7-15

system resources, optimizing 8-1

T

TACACS+

accounting, defined 9-11

authentication, defined 9-11

authorization, defined 9-11

configuring

accounting 9-17

authentication key 9-13

authorization 9-16

login authentication 9-14

default configuration 9-13

displaying the configuration 9-17

identifying the server 9-13

in clusters 6-17

limiting the services to the user 9-16

operation of 9-12

overview 9-10

support for 1-11

tracking services accessed by user 9-17

tagged packets

IEEE 802.1Q 17-3

Layer 2 protocol 17-8

tar files

creating 51-7

displaying the contents of 51-7

extracting 51-8

image file format 51-25

TCL script, registering and defining with embedded event manager 34-6

TDR 1-15

Telnet

accessing management interfaces 2-11

number of connections 1-7

setting a password 9-6

templates, SDM 8-1

temporary self-signed certificate 9-43

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password 9-6

TFTP

configuration files

downloading 51-12

preparing the server 51-11

uploading 51-12

configuration files in base directory 3-7

configuring for autoconfiguration 3-7

image files

deleting 51-29

downloading 51-27

preparing the server 51-26

uploading 51-29

limiting access by servers 33-16

TFTP server 1-6

threshold, traffic level 26-2

threshold monitoring, IP SLAs 42-6

time

See NTP and system clock

Time Domain Reflector

See TDR

time-range command 35-17

time ranges in ACLs 35-17

time stamps in log messages 32-8

time zones 7-12

TLVs

defined 28-2

LLDP 28-2

LLDP-MED 28-2

Token Ring VLANs

support for 13-6

VTP support 14-4

ToS 1-11

traceroute, Layer 2

and ARP 48-17

and CDP 48-16

broadcast traffic 48-16

described 48-16

IP addresses and subnets 48-17

MAC addresses and VLANs 48-17

multicast traffic 48-17

multiple devices on a port 48-17

unicast traffic 48-16

usage guidelines 48-16

traceroute command 48-18

See also IP traceroute

tracked lists

configuring 43-3

types 43-3

tracked objects

by Boolean expression 43-4

by threshold percentage 43-6

by threshold weight 43-5

tracking interface line-protocol state 43-2

tracking IP routing state 43-2

tracking objects 43-1

tracking process 43-1

track state, tracking IP SLAs 43-9

traffic

blocking flooded 26-8

fragmented 35-5

fragmented IPv6 36-3

unfragmented 35-5

traffic policing 1-12

traffic suppression 26-2

transmit hold-count

see STP

transparent mode, VTP 14-3, 14-12

trap-door mechanism 3-2

traps

configuring MAC address notification 7-22

configuring managers 33-12

defined 33-3

enabling 7-22, 33-12

notification types 33-12

overview 33-1, 33-5

troubleshooting

connectivity problems 48-14, 48-16, 48-17

detecting unidirectional links 29-1

displaying crash information 48-25

PIMv1 and PIMv2 interoperability problems 45-35

setting packet forwarding 48-22

SFP security and identification 48-13

show forward command 48-22

with CiscoWorks 33-4

with debug commands 48-20

with ping 48-15

with system message logging 32-1

with traceroute 48-18

trunk failover

See link-state tracking

trunking encapsulation 1-9

trunk ports

configuring 13-20

defined 11-3, 13-3

encapsulation 13-20, 13-25, 13-27

trunks

allowed-VLAN list 13-21

configuring 13-20, 13-25, 13-27

ISL 13-16

load sharing

setting STP path costs 13-26

using STP port priorities 13-24, 13-25

native VLAN for untagged traffic 13-23

parallel 13-26

pruning-eligible list 13-22

to non-DTP device 13-17

trusted boundary for QoS 37-40

trusted port states

between QoS domains 37-42

classification options 37-5

ensuring port security for IP phones 37-40

support for 1-12

within a QoS domain 37-38

trustpoints, CA 9-43

tunneling

defined 17-1

IEEE 802.1Q 17-1

Layer 2 protocol 17-8

tunnel ports

described 11-4, 17-2

IEEE 802.1Q, configuring 17-7

incompatibilities with other features 17-6

twisted-pair Ethernet, detecting unidirectional links 29-1

type of service

See ToS

U

UDLD

configuration guidelines 29-4

default configuration 29-4

disabling

globally 29-5

on fiber-optic interfaces 29-5

per interface 29-6

echoing detection mechanism 29-3

enabling

globally 29-5

per interface 29-6

Layer 2 protocol tunneling 17-10

link-detection mechanism 29-1

neighbor database 29-2

overview 29-1

resetting an interface 29-6

status, displaying 29-7

support for 1-8

UDP, configuring 39-16

UDP jitter, configuring 42-9

UDP jitter operation, IP SLAs 42-8

unauthorized ports with IEEE 802.1x 10-7

unicast MAC address filtering 1-6

and adding static addresses 7-26

and broadcast MAC addresses 7-25

and CPU packets 7-25

and multicast addresses 7-25

and router MAC addresses 7-25

configuration guidelines 7-25

described 7-25

unicast storm 26-1

unicast storm control command 26-4

unicast traffic, blocking 26-8

UniDirectional Link Detection protocol

See UDLD

universal software image

cryptographic 1-1

feature set

advanced IP services 1-2

IP base 1-1

IP services 1-2

noncryptographic 1-1

UNIX syslog servers

daemon configuration 32-12

facilities supported 32-14

message logging configuration 32-13

unrecognized Type-Length-Value (TLV) support 14-4

upgrading information

See release notes

upgrading software images

See downloading

UplinkFast

described 20-3

disabling 20-16

enabling 20-15

support for 1-8

uploading

configuration files

preparing 51-11, 51-14, 51-17

reasons for 51-9

using FTP 51-15

using RCP 51-19

using TFTP 51-12

image files

preparing 51-26, 51-30, 51-35

reasons for 51-24

using FTP 51-33

using RCP 51-38

using TFTP 51-29

User Datagram Protocol

See UDP

user EXEC mode 2-2

username-based authentication 9-6

V

version-dependent transparent mode 14-4

version-mismatch (VM) mode

automatic upgrades with auto-upgrade 5-12

described 5-11

displaying 5-11

manual upgrades with auto-advise 5-12

upgrades with auto-extract 5-12

virtual IP address

cluster standby group 6-12

command switch 6-12

Virtual Private Network

See VPN

virtual router 41-1, 41-2

virtual switches and PAgP 38-6

vlan.dat file 13-5

VLAN 1

disabling on a trunk port 13-22

minimization 13-21

VLAN ACLs

See VLAN maps

vlan-assignment response, VMPS 13-28

VLAN configuration

at bootup 13-8

saving 13-8

VLAN configuration mode 2-2, 13-7

VLAN database

and startup configuration file 13-8

and VTP 14-1, 34-1

VLAN configuration saved in 13-7

VLANs saved in 13-4

vlan database command 13-7

vlan dot1q tag native command 17-5

VLAN filtering and SPAN 30-8

vlan global configuration command 13-7

VLAN ID, discovering 7-28

VLAN link state 11-5

VLAN load balancing on flex links

configuration guidelines 21-8

described 21-3

VLAN management domain 14-2

VLAN Management Policy Server

See VMPS

VLAN map entries, order of 35-30

VLAN maps

applying 35-34

common uses for 35-34

configuration guidelines 35-30

configuring 35-29

creating 35-31

defined 35-2

denying access to a server example 35-35

denying and permitting packets 35-31

displaying 35-41

examples of ACLs and VLAN maps 35-32

removing 35-34

support for 1-10

wiring closet configuration example 35-35

VLAN membership

confirming 13-31

modes 13-3

VLAN Query Protocol

See VQP

VLANs

adding 13-9

adding to VLAN database 13-9

aging dynamic addresses 18-9

allowed on trunk 13-21

and spanning-tree instances 13-3, 13-6, 13-13

configuration guidelines, extended-range VLANs 13-13

configuration guidelines, normal-range VLANs 13-6

configuration options 13-7

configuring 13-1

configuring IDs 1006 to 4094 13-13

connecting through SVIs 11-12

creating in config-vlan mode 13-9

creating in VLAN configuration mode 13-10

customer numbering in service-provider networks 17-3

default configuration 13-8

deleting 13-10

described 11-2, 13-1

displaying 13-16

extended-range 13-1, 13-12

features 1-9

illustrated 13-2

internal 13-13

in the switch stack 13-6

limiting source traffic with RSPAN 30-22

limiting source traffic with SPAN 30-18

modifying 13-9

multicast 24-18

native, configuring 13-23

normal-range 13-1, 13-4

number supported 1-9

parameters 13-5

port membership modes 13-3

static-access ports 13-11

STP and IEEE 802.1Q trunks 18-11

supported 13-2

Token Ring 13-6

traffic between 13-2

VLAN-bridge STP 18-11, 47-2

VTP modes 14-3

VLAN Trunking Protocol

See VTP

VLAN trunks 13-16

VMPS

administering 13-32

configuration example 13-33

configuration guidelines 13-29

default configuration 13-29

description 13-28

dynamic port membership

described 13-29

reconfirming 13-31

troubleshooting 13-33

entering server address 13-30

mapping MAC addresses to VLANs 13-28

monitoring 13-32

reconfirmation interval, changing 13-31

reconfirming membership 13-31

retry count, changing 13-32

voice aware 802.1x security

port-based authentication

configuring 10-30

described 10-24, 10-30

voice-over-IP 15-1

voice VLAN

Cisco 7960 phone, port connections 15-1

configuration guidelines 15-3

configuring IP phones for data traffic

override CoS of incoming frame 15-6

trust CoS priority of incoming frame 15-6

configuring ports for voice traffic in

IEEE 802.1p priority tagged frames 15-5

IEEE 802.1Q frames 15-5

connecting to an IP phone 15-4

default configuration 15-3

described 15-1

displaying 15-7

IP phone data traffic, described 15-2

IP phone voice traffic, described 15-2

VPN

configuring routing in 39-74

forwarding 39-68

in service provider networks 39-65

routes 39-66

VPN routing and forwarding table

See VRF

VQP 1-9, 13-28

VRF

defining 39-68

tables 39-65

VRF-aware services

ARP 39-70

configuring 39-70

ftp 39-73

HSRP 39-71

ping 39-71

SNMP 39-71

syslog 39-72

tftp 39-73

traceroute 39-73

uRPF 39-72

VRFs, configuring multicast 39-74

VTP

adding a client to a domain 14-14

advertisements 13-19, 14-3

and extended-range VLANs 14-2

and normal-range VLANs 14-2

client mode, configuring 14-11

configuration

global configuration mode 14-7

guidelines 14-8

privileged EXEC mode 14-7

requirements 14-9

saving 14-7

VLAN configuration mode 14-8

configuration mode options 14-7

configuration requirements 14-9

configuration revision number

guideline 14-14

resetting 14-15

configuring

client mode 14-11

server mode 14-9

transparent mode 14-12

consistency checks 14-4

default configuration 14-7

described 14-1

disabling 14-12

domain names 14-8

domains 14-2

Layer 2 protocol tunneling 17-8

modes

client 14-3, 14-11

server 14-3, 14-9

transitions 14-3

transparent 14-3, 14-12

monitoring 14-16

passwords 14-8

pruning

disabling 14-14

enabling 14-14

examples 14-5

overview 14-4

support for 1-9

pruning-eligible list, changing 13-22

server mode, configuring 14-9

statistics 14-16

support for 1-9

Token Ring support 14-4

transparent mode, configuring 14-12

using 14-1

version, guidelines 14-9

Version 1 14-4

Version 2

configuration guidelines 14-9

disabling 14-13

enabling 14-13

overview 14-4

W

WCCP

authentication 44-3

configuration guidelines 44-5

default configuration 44-5

described 44-1

displaying 44-10

dynamic service groups 44-3

enabling 44-6

features unsupported 44-5

forwarding method 44-3

Layer-2 header rewrite 44-3

MD5 security 44-3

message exchange 44-2

monitoring and maintaining 44-10

negotiation 44-3

packet redirection 44-3

packet-return method 44-3

redirecting traffic received from a client 44-6

setting the password 44-7

unsupported WCCPv2 features 44-5

web authentication 10-10

configuring10-48to 10-50

described 1-9, 10-21

fallback for IEEE 802.1x 10-49

Web Cache Communication Protocol

See WCCP

weighted tail drop

See WTD

weight thresholds in tracked lists 43-5

wizards 1-3

WTD

described 37-14

setting thresholds

egress queue-sets 37-73

ingress queues 37-69

support for 1-12