Catalyst 3750-E and 3560-E Switch Software Configuration Guide, 12.2(50)SE
Index
Downloads: This chapterpdf (PDF - 2.04MB) The complete bookPDF (PDF - 38.53MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W -

Index

Numerics

10-Gigabit Ethernet interfaces 12-6

A

AAA down policy, NAC Layer 2 IP validation 1-11

abbreviating commands 2-4

ABRs 40-26

AC (command switch) 7-11

access

templates 9-1

access-class command 36-20

access control entries

See ACEs

access-denied response, VMPS 14-28

access groups

applying IPv4 ACLs to interfaces 36-21

Layer 2 36-21

Layer 3 36-21

access groups, applying IPv4 ACLs to interfaces 36-21

accessing

clusters, switch 7-14

command switches 7-12

member switches 7-14

switch clusters 7-14

accessing stack members 6-24

access lists

See ACLs

access ports

and Layer 2 protocol tunneling 18-11

defined 12-3

in switch clusters 7-10

access template 9-1

accounting

with 802.1x 11-46

with IEEE 802.1x 11-12

with RADIUS 10-28

with TACACS+ 10-11, 10-17

ACEs

and QoS 38-7

defined 36-2

Ethernet 36-2

IP 36-2

ACLs

ACEs 36-2

any keyword 36-13

applying

on bridged packets 36-39

on multicast packets 36-41

on routed packets 36-40

on switched packets 36-39

time ranges to 36-17

to an interface 36-20, 37-8

to IPv6 interfaces 37-8

to QoS 38-7

classifying traffic for QoS 38-45

comments in 36-19

compiling 36-23

defined 36-1, 36-8

examples of 36-23, 38-45

extended IP, configuring for QoS classification 38-46

extended IPv4

creating 36-11

matching criteria 36-8

hardware and software handling 36-22

ACLs (continued)

host keyword 36-13

IP

creating 36-8

fragments and QoS guidelines 38-35

implicit deny 36-10, 36-14, 36-17

implicit masks 36-10

matching criteria 36-8

undefined 36-21

IPv4

applying to interfaces 36-20

creating 36-8

matching criteria 36-8

named 36-15

numbers 36-8

terminal lines, setting on 36-19

unsupported features 36-7

IPv6

and stacking 37-3

applying to interfaces 37-8

configuring 37-4, 37-5

displaying 37-9

interactions with other features 37-4

limitations 37-3

matching criteria 37-3

named 37-3

precedence of 37-2

supported 37-2

unsupported features 37-3

Layer 4 information in 36-38

logging messages 36-9

MAC extended 36-28, 38-47

matching 36-8, 36-21

monitoring 36-41, 37-9

named

IPv4 36-15

IPv6 37-3

names 37-4

number per QoS class map 38-35

ACLs (continued)

port 36-2, 37-2

precedence of 36-2

QoS 38-7, 38-45

resequencing entries 36-15

router 36-2, 37-2

router ACLs and VLAN map configuration guidelines 36-38

standard IP, configuring for QoS classification 38-45

standard IPv4

creating 36-10

matching criteria 36-8

support for 1-10

support in hardware 36-22

time ranges 36-17

types supported 36-2

unsupported features

IPv4 36-7

IPv6 37-3

using router ACLs with VLAN maps 36-37

VLAN maps

configuration guidelines 36-31

configuring 36-30

active link 22-4, 22-5, 22-6

active links 22-2

active router 42-1

active traffic monitoring, IP SLAs 43-1

address aliasing 25-2

addresses

displaying the MAC address table 8-28

dynamic

accelerated aging 19-9

changing the aging time 8-21

default aging 19-9

defined 8-19

learning 8-20

removing 8-22

IPv6 41-2

MAC, discovering 8-28

addresses (continued)

multicast

group address range 46-3

STP address management 19-9

static

adding and removing 8-24

defined 8-19

address resolution 8-28, 40-9

Address Resolution Protocol

See ARP

adjacency tables, with CEF 40-91

administrative distances

defined 40-104

OSPF 40-33

routing protocol defaults 40-94

advertisements

CDP 28-1

LLDP 29-1, 29-2

RIP 40-20

VTP 14-19, 15-3

aggregatable global unicast addresses 41-3

aggregate addresses, BGP 40-61

aggregated ports

See EtherChannel

aggregate policers 38-60

aggregate policing 1-12

aging, accelerating 19-9

aging time

accelerated

for MSTP 20-23

for STP 19-9, 19-23

MAC address table 8-21

maximum

for MSTP 20-24

for STP 19-23, 19-24

alarms, RMON 32-3

allowed-VLAN list 14-21

AP1250 (wireless access point) 1-14

application engines, redirecting traffic to 45-1

area border routers

See ABRs

area routing

IS-IS 40-66

ISO IGRP 40-66

ARP

configuring 40-10

defined 1-6, 8-28, 40-10

encapsulation 40-11

static cache configuration 40-10

table

address resolution 8-28

managing 8-28

ASBRs 40-26

AS-path filters, BGP 40-55

asymmetrical links, and IEEE 802.1Q tunneling 18-4

attributes, RADIUS

vendor-proprietary 10-30

vendor-specific 10-29

attribute-value pairs 11-16, 11-17

audience xlv

authentication

EIGRP 40-42

HSRP 42-11

local mode with AAA 10-36

NTP associations 8-4

open1x 11-24

RADIUS

key 10-21

login 10-23

TACACS+

defined 10-11

key 10-13

login 10-14

See also port-based authentication

authentication compatibility with Catalyst 6000 switches 11-8

authentication failed VLAN

See restricted VLAN

authentication keys, and routing protocols 40-105

authentication manager

CLI commands 11-8

compatibility with older 802.1x CLI commands11-8to 11-9

overview 11-7

authoritative time source, described 8-2

authorization

with RADIUS 10-27

with TACACS+ 10-11, 10-16

authorized ports with IEEE 802.1x 11-9

autoconfiguration 3-3

auto enablement 11-26

automatic advise (auto-advise) in switch stacks 6-12

automatic copy (auto-copy) in switch stacks 6-12

automatic discovery

considerations

beyond a noncandidate device 7-8

brand new switches 7-10

connectivity 7-5

different VLANs 7-7

management VLANs 7-8

non-CDP-capable devices 7-6

noncluster-capable devices 7-6

routed ports 7-9

in switch clusters 7-5

See also CDP

automatic extraction (auto-extract) in switch stacks 6-12

automatic QoS

See QoS

automatic recovery, clusters 7-11

See also HSRP

automatic upgrades (auto-upgrade) in switch stacks 6-12

auto-MDIX

configuring 12-27

described 12-26

autonegotiation

duplex mode 1-4

interface configuration guidelines 12-24

mismatches 49-12

autonomous system boundary routers

See ASBRs

autonomous systems, in BGP 40-49

Auto-RP, described 46-6

autosensing, port speed 1-4

Auto Smartports macros

built-in macros 13-2, 13-4

configuration guidelines 13-3

default configuration 13-2

defined 13-1

displaying 13-14

enabling 13-4

event triggers 13-6

IOS shell 13-1, 13-9

mapping 13-4

user-defined macros 13-9

autostate exclude 12-6

Auto Smartports macros

See also Smartports macros

auxiliary VLAN

See voice VLAN

availability, features 1-8

B

BackboneFast

described 21-7

disabling 21-17

enabling 21-16

support for 1-8

backup interfaces

See Flex Links

backup links 22-2

backup static routing, configuring 44-12

banners

configuring

login 8-19

message-of-the-day login 8-18

default configuration 8-17

when displayed 8-17

Berkeley r-tools replacement 10-49

BGP

aggregate addresses 40-61

aggregate routes, configuring 40-61

CIDR 40-61

clear commands 40-64

community filtering 40-58

configuring neighbors 40-59

default configuration 40-46

described 40-46

enabling 40-49

monitoring 40-64

multipath support 40-53

neighbors, types of 40-49

path selection 40-53

peers, configuring 40-59

prefix filtering 40-57

resetting sessions 40-51

route dampening 40-63

route maps 40-55

route reflectors 40-62

routing domain confederation 40-62

routing session with multi-VRF CE 40-85

show commands 40-64

supernets 40-61

support for 1-13

Version 4 40-46

binding cluster group and HSRP group 42-12

binding database

address, DHCP server

See DHCP, Cisco IOS server database

DHCP snooping

See DHCP snooping binding database

bindings

address, Cisco IOS DHCP server 23-6

DHCP snooping database 23-7

IP source guard 23-16

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets 27-7

Boolean expressions in tracked lists 44-4

booting

boot loader, function of 3-2

boot process 3-2

manually 3-18

specific image 3-18

boot loader

accessing 3-19

described 3-2

environment variables 3-19

prompt 3-19

trap-door mechanism 3-2

bootstrap router (BSR), described 46-7

Border Gateway Protocol

See BGP

BPDU

error-disabled state 21-2

filtering 21-3

RSTP format 20-12

BPDU filtering

described 21-3

disabling 21-15

enabling 21-14

support for 1-8

BPDU guard

described 21-2

disabling 21-14

enabling 21-13

support for 1-8

bridged packets, ACLs on 36-39

bridge groups

See fallback bridging

bridge protocol data unit

See BPDU

broadcast flooding 40-17

broadcast packets

directed 40-14

flooded 40-14

broadcast storm-control command 27-4

broadcast storms 27-1, 40-14

C

cables, monitoring for unidirectional links 30-1

candidate switch

automatic discovery 7-5

defined 7-4

requirements 7-4

See also command switch, cluster standby group, and member switch

Catalyst 6000 switches

authentication compatibility 11-8

CA trustpoint

configuring 10-45

defined 10-43

caution, described xlvi

CDP

and trusted boundary 38-41

automatic discovery in switch clusters 7-5

configuring 28-2

default configuration 28-2

defined with LLDP 29-1

described 28-1

disabling for routing device28-3to 28-4

enabling and disabling

on an interface 28-4

on a switch 28-3

Layer 2 protocol tunneling 18-8

monitoring 28-5

overview 28-1

power negotiation extensions 12-7

CDP (continued)

support for 1-6

switch stack considerations 28-2

transmission timer and holdtime, setting 28-2

updates 28-2

CEF

defined 40-91

distributed 40-91

IPv6 41-19

CGMP

as IGMP snooping learning method 25-9

clearing cached group entries 46-62

enabling server support 46-44

joining multicast group 25-3

overview 46-9

server support only 46-9

switch support of 1-4

CIDR 40-61

CipherSuites 10-44

Cisco 7960 IP Phone 16-1

Cisco AP1250 (wireless access point) 1-14

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco intelligent power management 12-7

Cisco IOS DHCP server

See DHCP, Cisco IOS DHCP server

Cisco IOS File System

See IFS

Cisco IOS IP SLAs 43-1

Cisco Network Assistant

See Network Assistant

Cisco Redundant Power System 2300

configuring 12-37

managing 12-37

Cisco Secure ACS

attribute-value pairs for downloadable ACLs 11-17

attribute-value pairs for redirect URL 11-16

Cisco Secure ACS configuration guide 11-58

Cisco StackWise Plus technology 1-3

See also stacks, switch

CiscoWorks 2000 1-6, 34-4

CISP 11-26

CIST regional root

See MSTP

CIST root

See MSTP

civic location 29-3

classless interdomain routing

See CIDR

classless routing 40-8

class maps for QoS

configuring 38-48

described 38-7

displaying 38-80

class of service

See CoS

clearing interfaces 12-41

CLI

abbreviating commands 2-4

command modes 2-1

configuration logging 2-5

described 1-5

editing features

enabling and disabling 2-7

keystroke editing 2-8

wrapped lines 2-9

error messages 2-5

filtering command output 2-10

getting help 2-3

CLI (continued)

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

managing clusters 7-17

no and default forms of commands 2-4

Client Information Signalling Protocol

See CISP

client mode, VTP 15-3

client processes, tracking 44-1

CLNS

See ISO CLNS

clock

See system clock

cluster requirements xlvi

clusters, switch

accessing 7-14

automatic discovery 7-5

automatic recovery 7-11

benefits 1-2

compatibility 7-4

described 7-1

LRE profile considerations 7-17

managing

through CLI 7-17

through SNMP 7-18

planning 7-4

planning considerations

automatic discovery 7-5

automatic recovery 7-11

CLI 7-17

host names 7-14

IP addresses 7-14

LRE profiles 7-17

passwords 7-15

RADIUS 7-17

SNMP 7-15, 7-18

clusters, switch (continued)

switch stacks 7-15

TACACS+ 7-17

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

and HSRP group 42-12

automatic recovery 7-13

considerations 7-12

defined 7-2

requirements 7-3

virtual IP address 7-12

See also HSRP

CNS

Configuration Engine

configID, deviceID, hostname 5-3

configuration service 5-2

described 5-1

event service 5-3

embedded agents

described 5-5

enabling automated configuration 5-6

enabling configuration agent 5-9

enabling event agent 5-8

management functions 1-6

Coarse Wave Division Multiplexer

See CWDM SFPs

command-line interface

See CLI

command modes 2-1

commands

abbreviating 2-4

no and default 2-4

commands, setting privilege levels 10-8

command switch

accessing 7-12

active (AC) 7-11

configuration conflicts 49-12

command switch (continued)

defined 7-2

passive (PC) 7-11

password privilege levels 7-18

priority 7-11

recovery

from command-switch failure 7-11, 49-9

from lost member connectivity 49-12

redundant 7-11

replacing

with another switch 49-11

with cluster member 49-9

requirements 7-3

standby (SC) 7-11

See also candidate switch, cluster standby group, member switch, and standby command switch

community list, BGP 40-58

community ports 17-2

community strings

configuring 7-15, 34-8

for cluster switches 34-4

in clusters 7-15

overview 34-4

SNMP 7-15

community VLANs 17-2, 17-3

compatibility, feature 27-12

compatibility, software

See stacks, switch

config.text 3-17

configurable leave timer, IGMP 25-6

configuration, initial

defaults 1-16

Express Setup 1-2

See also getting started guide and hardware installation guide

configuration conflicts, recovering from lost member connectivity 49-12

configuration examples, network 1-18

configuration files

archiving B-20

clearing the startup configuration B-20

creating and using, guidelines for B-10

creating using a text editor B-11

default name 3-17

deleting a stored configuration B-20

described B-9

downloading

automatically 3-17

preparing B-11, B-14, B-17

reasons for B-9

using FTP B-14

using RCP B-18

using TFTP B-12

invalid combinations when copying B-6

limiting TFTP server access 34-17

obtaining with DHCP 3-9

password recovery disable considerations 10-5

replacing and rolling back, guidelines for B-21

replacing a running configuration B-20, B-21

rolling back a running configuration B-20, B-21

specifying the filename 3-17

system contact and location information 34-17

types and location B-10

uploading

preparing B-11, B-14, B-17

reasons for B-9

using FTP B-15

using RCP B-19

using TFTP B-12

configuration guidelines, multi-VRF CE 40-78

configuration logging 2-5

configuration replacement B-20

configuration rollback B-20

configuration settings, saving 3-15

configure terminal command 12-13

configuring multicast VRFs 40-84

configuring port-based authentication violation modes11-37to 11-38

configuring small-frame arrival rate 27-5

config-vlan mode 2-2, 14-7

conflicts, configuration 49-12

connections, secure remote 10-38

connectivity problems 49-14, 49-16, 49-17

consistency checks in VTP Version 2 15-4

console port, connecting to 2-11

content-routing technology

See WCCP

control protocol, IP SLAs 43-4

conventions

command xlv

for examples xlvi

publication xlv

text xlv

corrupted software, recovery steps with Xmodem 49-2

CoS

in Layer 2 frames 38-2

override priority 16-6

trust priority 16-6

CoS input queue threshold map for QoS 38-17

CoS output queue threshold map for QoS 38-21

CoS-to-DSCP map for QoS 38-62

counters, clearing interface 12-41

CPU utilization, troubleshooting 49-28

crashinfo file 49-25

critical authentication, IEEE 802.1x 11-50

cross-stack EtherChannel

configuration guidelines 39-13

configuring

on Layer 2 interfaces 39-13

on Layer 3 physical interfaces 39-16

described 39-3

illustration 39-4

support for 1-8

cross-stack UplinkFast, STP

described 21-5

disabling 21-16

enabling 21-16

fast-convergence events 21-7

Fast Uplink Transition Protocol 21-6

normal-convergence events 21-7

support for 1-8

cryptographic software image

Kerberos 10-32

SSH 10-37

SSL 10-42

switch stack considerations 6-2, 6-17, 10-38

customer edge devices 40-76

CWDM SFPs 1-32

D

DACL

See downloadable ACL

daylight saving time 8-13

dCEF in the switch stack 40-91

debugging

enabling all system diagnostics 49-21

enabling for a specific feature 49-21

redirecting error message output 49-22

using commands 49-20

default commands 2-4

default configuration

802.1x 11-31

auto-QoS 38-23

banners 8-17

BGP 40-46

booting 3-17

CDP 28-2

DHCP 23-8

DHCP option 82 23-8

DHCP snooping 23-8

DHCP snooping binding database 23-9

default configuration (continued)

DNS 8-16

dynamic ARP inspection 24-5

EIGRP 40-38

EtherChannel 39-11

Ethernet interfaces 12-22

fallback bridging 48-4

Flex Links 22-8

HSRP 42-5

IEEE 802.1Q tunneling 18-4

IGMP 46-39

IGMP filtering 25-25

IGMP snooping 25-7, 26-6

IGMP throttling 25-25

initial switch information 3-3

IP addressing, IP routing 40-6

IP multicast routing 46-11

IP SLAs 43-6

IP source guard 23-17

IPv6 41-10

IS-IS 40-67

Layer 2 interfaces 12-22

Layer 2 protocol tunneling 18-11

LLDP 29-4

MAC address table 8-21

MAC address-table move update 22-8

MSDP 47-4

MSTP 20-15

multi-VRF CE 40-78

MVR 25-20

NTP 8-4

optional spanning-tree configuration 21-12

OSPF 40-27

password and privilege level 10-2

PIM 46-11

private VLANs 17-6

RADIUS 10-20

RIP 40-21

RMON 32-3

default configuration (continued)

RSPAN 31-12

SDM template 9-4

SNMP 34-7

SPAN 31-12

SSL 10-45

standard QoS 38-33

STP 19-13

switch stacks 6-20

system message logging 33-4

system name and prompt 8-15

TACACS+ 10-13

UDLD 30-4

VLAN, Layer 2 Ethernet interfaces 14-19

VLANs 14-8

VMPS 14-29

voice VLAN 16-3

VTP 15-7

WCCP 45-5

default gateway 3-15, 40-12

default networks 40-94

default router preference

See DRP

default routes 40-94

default routing 40-3

deleting VLANs 14-10

denial-of-service attack 27-1

description command 12-31

designing your network, examples 1-18

desktop template 6-10, 9-1

destination addresses

in IPv4 ACLs 36-12

in IPv6 ACLs 37-6

destination-IP address-based forwarding, EtherChannel 39-9

destination-MAC address forwarding, EtherChannel 39-9

detecting indirect link failures, STP 21-8

device discovery protocol 28-1, 29-1

device manager

benefits 1-2

described 1-3, 1-5

in-band management 1-7

requirements xlvi

DHCP

Cisco IOS server database

configuring 23-14

default configuration 23-9

described 23-6

DHCP for IPv6

See DHCPv6

enabling

relay agent 23-11

server 23-10

DHCP-based autoconfiguration

client request message exchange 3-4

configuring

client side 3-4

DNS 3-7

relay device 3-8

server side 3-6

server-side 23-10

TFTP server 3-7

example 3-10

lease options

for IP address information 3-6

for receiving the configuration file 3-7

overview 3-3

relationship to BOOTP 3-4

relay support 1-6, 1-14

support for 1-6

DHCP-based autoconfiguration and image update

configuring3-11to 3-14

understanding3-5to 3-6

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP object tracking, configuring primary interface 44-11

DHCP option 82

circuit ID suboption 23-5

configuration guidelines 23-9

default configuration 23-8

displaying 23-16

forwarding address, specifying 23-11

helper address 23-11

overview 23-3

packet format, suboption

circuit ID 23-5

remote ID 23-5

remote ID suboption 23-5

DHCP server port-based address allocation

configuration guidelines 23-21

default configuration 23-20

described 23-20

displaying 23-23

enabling 23-21

DHCP snooping

accepting untrusted packets form edge switch 23-3, 23-13

and private VLANs 23-14

binding database

See DHCP snooping binding database

configuration guidelines 23-9

default configuration 23-8

displaying binding tables 23-16

message exchange process 23-4

option 82 data insertion 23-3

trusted interface 23-2

untrusted interface 23-2

untrusted messages 23-2

DHCP snooping binding database

adding bindings 23-14

binding entries, displaying 23-16

DHCP snooping binding database (continued)

binding file

format 23-7

location 23-7

bindings 23-7

clearing agent statistics 23-15

configuration guidelines 23-10

configuring 23-14

default configuration 23-8, 23-9

deleting

binding file 23-15

bindings 23-15

database agent 23-15

described 23-6

displaying 23-16

binding entries 23-16

status and statistics 23-16

displaying status and statistics 23-16

enabling 23-14

entry 23-7

renewing database 23-15

resetting

delay value 23-15

timeout value 23-15

DHCP snooping binding table

See DHCP snooping binding database

DHCPv6

configuration guidelines 41-15

default configuration 41-15

described 41-6

enabling client function 41-17

enabling DHCPv6 server function 41-15

diagnostic schedule command 50-2

Differentiated Services architecture, QoS 38-2

Differentiated Services Code Point 38-2

Diffusing Update Algorithm (DUAL) 40-36

Digital Optical Monitoring (DOM) 12-41

directed unicast requests 1-6

directories

changing B-4

creating and removing B-5

displaying the working B-4

discovery, clusters

See automatic discovery

Distance Vector Multicast Routing Protocol

See DVMRP

distance-vector protocols 40-3

distribute-list command 40-103

DNS

and DHCP-based autoconfiguration 3-7

default configuration 8-16

displaying the configuration 8-17

in IPv6 41-4

overview 8-15

setting up 8-16

support for 1-6

DNS-based SSM mapping 46-19, 46-21

documentation, related xlvi

document conventions xlv

DOM (Digital Optical Monitoring) 12-41

domain names

DNS 8-15

VTP 15-8

Domain Name System

See DNS

domains, ISO IGRP routing 40-66

dot1q-tunnel switchport mode 14-18

double-tagged packets

IEEE 802.1Q tunneling 18-2

Layer 2 protocol tunneling 18-10

downloadable ACL 11-16, 11-17, 11-58

downloading

configuration files

preparing B-11, B-14, B-17

reasons for B-9

using FTP B-14

using RCP B-18

using TFTP B-12

image files

deleting old image B-29

preparing B-26, B-30, B-35

reasons for B-24

using CMS 1-3

using FTP B-31

using HTTP 1-3, B-24

using RCP B-36

using TFTP B-27

using the device manager or Network Assistant B-24

drop threshold for Layer 2 protocol packets 18-11

DRP

configuring 41-13

described 41-4

IPv6 41-4

DSCP 1-12, 38-2

DSCP input queue threshold map for QoS 38-17

DSCP output queue threshold map for QoS 38-21

DSCP-to-CoS map for QoS 38-65

DSCP-to-DSCP-mutation map for QoS 38-66

DSCP transparency 38-41

DTP 1-9, 14-17

dual-action detection 39-6

DUAL finite state machine, EIGRP 40-37

dual IPv4 and IPv6 templates 9-2, 41-5, 41-6

dual protocol stacks

IPv4 and IPv6 41-6

SDM templates supporting 41-6

DVMRP

autosummarization

configuring a summary address 46-58

disabling 46-60

connecting PIM domain to DVMRP router 46-51

enabling unicast routing 46-54

interoperability

with Cisco devices 46-49

with Cisco IOS software 46-9

mrinfo requests, responding to 46-53

neighbors

advertising the default route to 46-52

discovery with Probe messages 46-49

displaying information 46-53

prevent peering with nonpruning 46-56

rejecting nonpruning 46-55

overview 46-9

routes

adding a metric offset 46-61

advertising all 46-60

advertising the default route to neighbors 46-52

caching DVMRP routes learned in report messages 46-54

changing the threshold for syslog messages 46-57

deleting 46-62

displaying 46-62

favoring one over another 46-61

limiting the number injected into MBONE 46-57

limiting unicast route advertisements 46-49

routing table 46-9

source distribution tree, building 46-9

support for 1-14

tunnels

configuring 46-51

displaying neighbor information 46-53

dynamic access ports

characteristics 14-4

configuring 14-31

defined 12-3

dynamic addresses

See addresses

dynamic ARP inspection

ARP cache poisoning 24-1

ARP requests, described 24-1

ARP spoofing attack 24-1

clearing

log buffer 24-16

statistics 24-16

configuration guidelines 24-6

configuring

ACLs for non-DHCP environments 24-8

in DHCP environments 24-7

log buffer 24-13

rate limit for incoming ARP packets 24-4, 24-11

default configuration 24-5

denial-of-service attacks, preventing 24-11

described 24-1

DHCP snooping binding database 24-2

displaying

ARP ACLs 24-15

configuration and operating state 24-15

log buffer 24-16

statistics 24-16

trust state and rate limit 24-15

error-disabled state for exceeding rate limit 24-4

function of 24-2

interface trust states 24-3

log buffer

clearing 24-16

configuring 24-13

displaying 24-16

logging of dropped packets, described 24-5

man-in-the middle attack, described 24-2

network security issues and interface trust states 24-3

priority of ARP ACLs and DHCP snooping entries 24-4

dynamic ARP inspection (continued)

rate limiting of ARP packets

configuring 24-11

described 24-4

error-disabled state 24-4

statistics

clearing 24-16

displaying 24-16

validation checks, performing 24-12

dynamic auto trunking mode 14-18

dynamic desirable trunking mode 14-18

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described 14-29

reconfirming 14-31

troubleshooting 14-33

types of connections 14-31

dynamic routing 40-3

ISO CLNS 40-65

Dynamic Trunking Protocol

See DTP

E

EBGP 40-45

editing features

enabling and disabling 2-7

keystrokes used 2-8

wrapped lines 2-9

EIGRP

authentication 40-42

components 40-37

configuring 40-40

default configuration 40-38

definition 40-36

interface parameters, configuring 40-41

monitoring 40-44

EIGRP (continued)

stub routing 40-43

support for 1-13

EIGRP IPv6 41-7

elections

See stack master

ELIN location 29-3

embedded event manager

actions 35-4

configuring 35-1, 35-5

displaying information 35-7

environmental variables 35-5

event detectors 35-2

policies 35-4

registering and defining an applet 35-5

registering and defining a TCL script 35-6

understanding 35-1

enable password 10-3

enable secret password 10-3

encryption, CipherSuite 10-44

encryption for passwords 10-3

Enhanced IGRP

See EIGRP

enhanced object tracking

backup static routing 44-12

commands 44-1

defined 44-1

DHCP primary interface 44-11

HSRP 44-7

IP routing state 44-2

IP SLAs 44-9

line-protocol state 44-2

network monitoring with IP SLAs 44-11

routing policy, configuring 44-12

static route primary interface 44-10

tracked lists 44-3

enhanced object tracking static routing 44-10

enhanced PoE 1-14, 12-7, 12-30

environmental variables, embedded event manager 35-5

environment variables, function of 3-20

equal-cost routing 1-13, 40-92

error-disabled state, BPDU 21-2

error messages during command entry 2-5

EtherChannel

automatic creation of 39-5, 39-7

channel groups

binding physical and logical interfaces 39-4

numbering of 39-4

configuration guidelines 39-12

configuring

Layer 2 interfaces 39-13

Layer 3 physical interfaces 39-16

Layer 3 port-channel logical interfaces 39-15

default configuration 39-11

described 39-2

displaying status 39-23

forwarding methods 39-8, 39-18

IEEE 802.3ad, described 39-7

interaction

with STP 39-12

with VLANs 39-12

LACP

described 39-7

displaying status 39-23

hot-standby ports 39-20

interaction with other features 39-8

modes 39-7

port priority 39-22

system priority 39-21

Layer 3 interface 40-5

load balancing 39-8, 39-18

logical interfaces, described 39-4

PAgP

aggregate-port learners 39-19

compatibility with Catalyst 1900 39-19

described 39-5

displaying status 39-23

interaction with other features 39-7

EtherChannel (continued)

interaction with virtual switches 39-6

learn method and priority configuration 39-19

modes 39-6

support for 1-4

with dual-action detection 39-6

port-channel interfaces

described 39-4

numbering of 39-4

port groups 12-6

stack changes, effects of 39-10

support for 1-4

EtherChannel guard

described 21-10

disabling 21-17

enabling 21-17

Ethernet management port

active link 12-19

and routing 12-19

and routing protocols 12-19

and TFTP 12-21

configuring 12-21

connecting to 2-11

default setting 12-19

described 12-18

for network management 12-18

specifying 12-21

supported features 12-20

unsupported features 12-21

Ethernet management port, internal

and routing 12-19

and routing protocols 12-19

unsupported features 12-21

Ethernet VLANs

adding 14-9

defaults and ranges 14-8

modifying 14-9

EUI 41-3

event detectors, embedded event manager 35-2

events, RMON 32-3

examples

conventions for xlvi

network configuration 1-18

expedite queue for QoS 38-78

Express Setup 1-2

See also getting started guide

extended crashinfo file 49-25

extended-range VLANs

configuration guidelines 14-13

configuring 14-12

creating 14-14

creating with an internal VLAN ID 14-15

defined 14-1

extended system ID

MSTP 20-18

STP 19-4, 19-16

extended universal identifier

See EUI

Extensible Authentication Protocol over LAN 11-1

external BGP

See EBGP

external neighbors, BGP 40-49

F

Fa0 port

See Ethernet management port

failover support 1-8

fallback bridging

and protected ports 48-4

bridge groups

creating 48-4

described 48-2

displaying 48-11

function of 48-2

number supported 48-5

removing 48-5

fallback bridging (continued)

bridge table

clearing 48-11

displaying 48-11

configuration guidelines 48-4

connecting interfaces with 12-12

default configuration 48-4

described 48-1

frame forwarding

flooding packets 48-2

forwarding packets 48-2

overview 48-1

protocol, unsupported 48-4

stack changes, effects of 48-3

STP

disabling on an interface 48-10

forward-delay interval 48-9

hello BPDU interval 48-9

interface priority 48-7

keepalive messages 19-2

maximum-idle interval 48-10

path cost 48-8

VLAN-bridge spanning-tree priority 48-6

VLAN-bridge STP 48-2

support for 1-13

SVIs and routed ports 48-2

unsupported protocols 48-4

VLAN-bridge STP 19-11

Fast Convergence 22-3

fastethernet0 port

See Ethernet management port

Fast Uplink Transition Protocol 21-6

features, incompatible 27-12

FIB 40-91

fiber-optic, detecting unidirectional links 30-1

files

basic crashinfo

description 49-25

location 49-25

files (continued)

copying B-5

crashinfo, description 49-25

deleting B-6

displaying the contents of B-8

extended crashinfo

description 49-25

location 49-25

tar

creating B-7

displaying the contents of B-7

extracting B-8

image file format B-25

file system

displaying available file systems B-2

displaying file information B-4

local file system names B-1

network file system names B-5

setting the default B-3

filtering

in a VLAN 36-30

IPv6 traffic 37-4, 37-8

non-IP traffic 36-28

show and more command output 2-10

filtering show and more command output 2-10

filters, IP

See ACLs, IP

flash device, number of B-1

flexible authentication ordering

configuring 11-60

overview 11-24

Flex Link Multicast Fast Convergence 22-3

Flex Links

configuration guidelines 22-8

configuring 22-9, 22-10

configuring preferred VLAN 22-12

configuring VLAN load balancing 22-11

default configuration 22-8

description 22-2

Flex Links (continued)

link load balancing 22-3

monitoring 22-14

VLANs 22-3

flooded traffic, blocking 27-8

flow-based packet classification 1-12

flowcharts

QoS classification 38-6

QoS egress queueing and scheduling 38-18

QoS ingress queueing and scheduling 38-15

QoS policing and marking 38-10

flowcontrol

configuring 12-26

described 12-25

forward-delay time

MSTP 20-23

STP 19-23

Forwarding Information Base

See FIB

forwarding nonroutable protocols 48-1

FTP

accessing MIB files A-4

configuration files

downloading B-14

overview B-13

preparing the server B-14

uploading B-15

image files

deleting old image B-33

downloading B-31

preparing the server B-30

uploading B-33

G

general query 22-5

Generating IGMP Reports 22-4

get-bulk-request operation 34-3

get-next-request operation 34-3, 34-5

get-request operation 34-3, 34-5

get-response operation 34-3

Gigabit modules

See SFPs

global configuration mode 2-2

global leave, IGMP 25-13

guest VLAN and IEEE 802.1x 11-17

guide

audience xlv

purpose of xlv

guide mode 1-3

GUIs

See device manager and Network Assistant

H

hardware limitations and Layer 3 interfaces 12-33

hello time

MSTP 20-22

STP 19-22

help, for the command line 2-3

hierarchical policy maps 38-8

configuration guidelines 38-35

configuring 38-54

described 38-11

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

history table, level and number of syslog messages 33-10

host names in clusters 7-14

host ports

configuring 17-11

kinds of 17-2

hosts, limit on dynamic ports 14-33

Hot Standby Router Protocol

See HSRP

HP OpenView 1-6

HSRP

authentication string 42-11

automatic cluster recovery 7-13

binding to cluster group 42-12

cluster standby group considerations 7-12

command-switch redundancy 1-1, 1-8

configuring 42-5

default configuration 42-5

definition 42-1

guidelines 42-6

monitoring 42-13

object tracking 44-7

overview 42-1

priority 42-8

routing redundancy 1-13

support for ICMP redirect messages 42-12

switch stack considerations 42-5

timers 42-11

tracking 42-8

See also clusters, cluster standby group, and standby command switch

HSRP for IPv6

configuring 41-25

guidelines 41-24

HTTP(S) Over IPv6 41-8

HTTP over SSL

see HTTPS

HTTPS

configuring 10-46

described 10-43

self-signed certificate 10-43

HTTP secure server 10-43

I

IBPG 40-45

ICMP

IPv6 41-4

redirect messages 40-12

support for 1-13

time-exceeded messages 49-18

traceroute and 49-18

unreachable messages 36-20

unreachable messages and IPv6 37-4

unreachables and ACLs 36-22

ICMP Echo operation

configuring 43-12

IP SLAs 43-11

ICMP ping

executing 49-15

overview 49-15

ICMP Router Discovery Protocol

See IRDP

ICMPv6 41-4

IDS appliances

and ingress RSPAN 31-25

and ingress SPAN 31-16

IEEE 802.1D

See STP

IEEE 802.1p 16-1

IEEE 802.1Q

and trunk ports 12-3

configuration limitations 14-19

encapsulation 14-16

native VLAN for untagged traffic 14-23

tunneling

compatibility with other features 18-6

defaults 18-4

described 18-1

tunnel ports with other features 18-6

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3af

See PoE

IEEE 802.3x flow control 12-25

ifIndex values, SNMP 34-6

IFS 1-6

IGMP

configurable leave timer

described 25-6

enabling 25-12

configuring the switch

as a member of a group 46-39

statically connected member 46-43

controlling access to groups 46-40

default configuration 46-39

deleting cache entries 46-62

displaying groups 46-63

fast switching 46-44

flooded multicast traffic

controlling the length of time 25-13

disabling on an interface 25-14

global leave 25-13

query solicitation 25-13

recovering from flood mode 25-13

host-query interval, modifying 46-41

joining multicast group 25-3

join messages 25-3

leave processing, enabling 25-11, 26-9

leaving multicast group 25-5

multicast reachability 46-39

overview 46-3

queries 25-4

IGMP (continued)

report suppression

described 25-6

disabling 25-16, 26-11

supported versions 25-3

support for 1-4

Version 1

changing to Version 2 46-41

described 46-3

Version 2

changing to Version 1 46-41

described 46-3

maximum query response time value 46-43

pruning groups 46-43

query timeout value 46-42

IGMP filtering

configuring 25-25

default configuration 25-25

described 25-24

monitoring 25-29

support for 1-5

IGMP groups

configuring filtering 25-28

setting the maximum number 25-27

IGMP helper 46-6

IGMP Immediate Leave

configuration guidelines 25-12

described 25-6

enabling 25-11

IGMP profile

applying 25-26

configuration mode 25-25

configuring 25-26

IGMP snooping

and address aliasing 25-2

and stack changes 25-7

configuring 25-7

default configuration 25-7, 26-6

definition 25-2

IGMP snooping (continued)

enabling and disabling 25-8, 26-7

global configuration 25-8

Immediate Leave 25-6

in the switch stack 25-7

method 25-9

monitoring 25-16, 26-11

querier

configuration guidelines 25-15

configuring 25-15

supported versions 25-3

support for 1-4

VLAN configuration 25-8

IGMP throttling

configuring 25-28

default configuration 25-25

described 25-25

displaying action 25-29

IGP 40-25

Immediate Leave, IGMP

described 25-6

enabling 26-9

inaccessible authentication bypass 11-19

initial configuration

defaults 1-16

Express Setup 1-2

See also getting started guide and hardware installation guide

interface

number 12-13

range macros 12-16

interface command12-13to 12-14

interface configuration mode 2-3

interfaces

auto-MDIX, configuring 12-26

configuring

procedure 12-13

counters, clearing 12-41

default configuration 12-22

interfaces (continued)

described 12-31

descriptive name, adding 12-31

displaying information about 12-40

duplex and speed configuration guidelines 12-23

flow control 12-25

management 1-5

monitoring 12-40

naming 12-31

physical, identifying 12-12, 12-13

range of 12-14

restarting 12-42

shutting down 12-42

speed and duplex, configuring 12-24

status 12-40

supported 12-12

types of 12-1

interfaces range macro command 12-16

interface types 12-13

Interior Gateway Protocol

See IGP

internal BGP

See IBGP

internal neighbors, BGP 40-49

internal power supplies

See power supplies

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

Internet Protocol version 6

See IPv6

Inter-Switch Link

See ISL

inter-VLAN routing 1-13, 40-2

Intrusion Detection System

See IDS appliances

inventory management TLV 29-2, 29-6

IOS shell

See Auto Smartports macros

IP ACLs

for QoS classification 38-7

implicit deny 36-10, 36-14

implicit masks 36-10

named 36-15

undefined 36-21

IP addresses

128-bit 41-2

candidate or member 7-4, 7-14

classes of 40-7

cluster access 7-2

command switch 7-3, 7-12, 7-14

default configuration 40-6

discovering 8-28

for IP routing 40-5

IPv6 41-2

MAC address association 40-9

monitoring 40-18

redundant clusters 7-12

standby command switch 7-12, 7-14

See also IP information

IP base feature set 1-1

IP broadcast address 40-17

ip cef distributed command 40-91

IP directed broadcasts 40-15

ip igmp profile command 25-25

IP information

assigned

manually 3-14

through DHCP-based autoconfiguration 3-3

default configuration 3-3

IP multicast routing

addresses

all-hosts 46-3

all-multicast-routers 46-3

host group address range 46-3

administratively-scoped boundaries, described 46-47

IP multicast routing (continued)

and IGMP snooping 25-2

Auto-RP

adding to an existing sparse-mode cloud 46-27

benefits of 46-26

clearing the cache 46-62

configuration guidelines 46-12

filtering incoming RP announcement messages 46-28

overview 46-6

preventing candidate RP spoofing 46-28

preventing join messages to false RPs 46-28

setting up in a new internetwork 46-26

using with BSR 46-34

bootstrap router

configuration guidelines 46-12

configuring candidate BSRs 46-32

configuring candidate RPs 46-33

defining the IP multicast boundary 46-31

defining the PIM domain border 46-30

overview 46-7

using with Auto-RP 46-34

Cisco implementation 46-2

configuring

basic multicast routing 46-12

IP multicast boundary 46-47

default configuration 46-11

enabling

multicast forwarding 46-13

PIM mode 46-14

group-to-RP mappings

Auto-RP 46-6

BSR 46-7

MBONE

deleting sdr cache entries 46-62

described 46-45

displaying sdr cache 46-63

enabling sdr listener support 46-46

limiting DVMRP routes advertised 46-57

IP multicast routing (continued)

limiting sdr cache entry lifetime 46-46

SAP packets for conference session announcement 46-45

Session Directory (sdr) tool, described 46-45

monitoring

packet rate loss 46-63

peering devices 46-63

tracing a path 46-63

multicast forwarding, described 46-8

PIMv1 and PIMv2 interoperability 46-11

protocol interaction 46-2

reverse path check (RPF) 46-8

routing table

deleting 46-62

displaying 46-63

RP

assigning manually 46-25

configuring Auto-RP 46-26

configuring PIMv2 BSR 46-30

monitoring mapping information 46-35

using Auto-RP and BSR 46-34

stacking

stack master functions 46-10

stack member functions 46-10

statistics, displaying system and network 46-62

See also CGMP

See also DVMRP

See also IGMP

See also PIM

IP phones

and QoS 16-1

automatic classification and queueing 38-22

configuring 16-4

ensuring port security with QoS 38-40

trusted boundary for QoS 38-40

IP precedence 38-2

IP-precedence-to-DSCP map for QoS 38-63

IP protocols

in ACLs 36-12

routing 1-13

IP protocols in ACLs 36-12

IP routes, monitoring 40-106

IP routing

connecting interfaces with 12-12

disabling 40-19

enabling 40-19

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 43-1

IP services feature set 1-2

IP SLAs

benefits 43-2

configuration guidelines 43-6

configuring object tracking 44-9

Control Protocol 43-4

default configuration 43-6

definition 43-1

ICMP echo operation 43-11

measuring network performance 43-3

monitoring 43-14

multioperations scheduling 43-5

object tracking 44-9

operation 43-3

reachability tracking 44-9

responder

described 43-4

enabling 43-8

response time 43-4

scheduling 43-5

SNMP support 43-2

supported metrics 43-2

threshold monitoring 43-6

track object monitoring agent, configuring 44-11

track state 44-9

UDP jitter operation 43-8

IP source guard

and DHCP snooping 23-16

and EtherChannels 23-18

and hardware entries 23-18

and IEEE 802.1x 23-18

and port security 23-18

and private VLANs 23-18

and routed ports 23-17

and trunk interfaces 23-18

and VRF 23-18

binding configuration

automatic 23-16

manual 23-16

binding table 23-16

configuration guidelines 23-17

default configuration 23-17

described 23-16

disabling 23-19

displaying

bindings 23-20

configuration 23-20

enabling 23-18

filtering

source IP address 23-17

source IP and MAC address 23-17

source IP address filtering 23-17

source IP and MAC address filtering 23-17

static bindings

adding 23-18

deleting 23-19

IP traceroute

executing 49-18

overview 49-18

IP unicast routing

address resolution 40-9

administrative distances 40-94, 40-104

ARP 40-10

assigning IP addresses to Layer 3 interfaces 40-7

authentication keys 40-105

IP unicast routing (continued)

broadcast

address 40-17

flooding 40-17

packets 40-14

storms 40-14

classless routing 40-8

configuring static routes 40-93

default

addressing configuration 40-6

gateways 40-12

networks 40-94

routes 40-94

routing 40-3

directed broadcasts 40-15

disabling 40-19

dynamic routing 40-3

enabling 40-19

EtherChannel Layer 3 interface 40-5

IGP 40-25

inter-VLAN 40-2

IP addressing

classes 40-7

configuring 40-5

IPv6 41-3

IRDP 40-13

Layer 3 interfaces 40-5

MAC address and IP address 40-9

passive interfaces 40-103

protocols

distance-vector 40-3

dynamic 40-3

link-state 40-3

proxy ARP 40-10

redistribution 40-95

reverse address resolution 40-9

routed ports 40-5

static routing 40-3

steps to configure 40-5

IP unicast routing (continued)

subnet mask 40-7

subnet zero 40-7

supernet 40-8

UDP 40-16

unicast reverse path forwarding 1-14, 40-90

with SVIs 40-5

See also BGP

See also EIGRP

See also OSPF

See also RIP

IPv4 ACLs

applying to interfaces 36-20

extended, creating 36-11

named 36-15

standard, creating 36-10

IPv4 and IPv6

port-based trust 9-2, 38-2

IPv6

ACLs

displaying 37-9

limitations 37-3

matching criteria 37-3

port 37-2

precedence 37-2

router 37-2

supported 37-2

addresses 41-2

address formats 41-2

and switch stacks 41-9

applications 41-5

assigning address 41-11

autoconfiguration 41-5

CEFv6 41-19

default configuration 41-10

default router preference (DRP) 41-4

defined 41-1

IPv6 (continued)

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 41-7

EIGRP IPv6 Commands 41-7

Router ID 41-7

feature limitations 41-8

features not supported 41-8

forwarding 41-11

ICMP 41-4

monitoring 41-27

neighbor discovery 41-4

OSPF 41-6

path MTU discovery 41-4

SDM templates 9-2, 26-1, 37-1

stack master functions 41-9

Stateless Autoconfiguration 41-5

supported features 41-2

switch limitations 41-8

understanding static routes 41-6

IPv6 traffic, filtering 37-4

IRDP

configuring 40-13

definition 40-13

support for 1-13

IS-IS

addresses 40-66

area routing 40-66

default configuration 40-67

monitoring 40-75

show commands 40-75

system routing 40-66

ISL

and IPv6 41-3

and trunk ports 12-3

encapsulation 1-9, 14-16

trunking with IEEE 802.1 tunneling 18-5

ISO CLNS

clear commands 40-75

dynamic routing protocols 40-65

monitoring 40-75

NETs 40-65

NSAPs 40-65

OSI standard 40-65

ISO IGRP

area routing 40-66

system routing 40-66

isolated port 17-2

isolated VLANs 17-2, 17-3

J

join messages, IGMP 25-3

K

KDC

described 10-32

See also Kerberos

keepalive messages 19-2

Kerberos

authenticating to

boundary switch 10-34

KDC 10-34

network services 10-35

configuration examples 10-32

configuring 10-35

credentials 10-32

cryptographic software image 10-32

described 10-32

KDC 10-32

operation 10-34

realm 10-33

server 10-33

support for 1-11

Kerberos (continued)

switch as trusted third party 10-32

terms 10-33

TGT 10-34

tickets 10-32

key distribution center

See KDC

L

l2protocol-tunnel command 18-13

LACP

Layer 2 protocol tunneling 18-9

See EtherChannel

Layer 2 frames, classification with CoS 38-2

Layer 2 interfaces, default configuration 12-22

Layer 2 protocol tunneling

configuring 18-10

configuring for EtherChannels 18-14

default configuration 18-11

defined 18-8

guidelines 18-12

Layer 2 traceroute

and ARP 49-17

and CDP 49-16

broadcast traffic 49-16

described 49-16

IP addresses and subnets 49-17

MAC addresses and VLANs 49-17

multicast traffic 49-17

multiple devices on a port 49-17

unicast traffic 49-16

usage guidelines 49-16

Layer 3 features 1-13

Layer 3 interfaces

assigning IP addresses to 40-7

assigning IPv4 and IPv6 addresses to 41-14

assigning IPv6 addresses to 41-11

Layer 3 interfaces (continued)

changing from Layer 2 mode 40-7, 40-82

types of 40-5

Layer 3 packets, classification methods 38-2

LDAP 5-2

Leaking IGMP Reports 22-4

LEDs, switch

See hardware installation guide

Lightweight Directory Access Protocol

See LDAP

line configuration mode 2-3

Link Aggregation Control Protocol

See EtherChannel

Link Failure, detecting unidirectional 20-8

Link Layer Discovery Protocol

See CDP

link local unicast addresses 41-3

link redundancy

See Flex Links

links, unidirectional 30-1

link state advertisements (LSAs) 40-31

link-state protocols 40-3

link-state tracking

configuring 39-26

described 39-23

LLDP

configuring 29-4

characteristics 29-5

default configuration 29-4

enabling 29-5

monitoring and maintaining 29-10

overview 29-1

supported TLVs 29-1

switch stack considerations 29-2

transmission timer and holdtime, setting 29-5

LLDP-MED

configuring

procedures 29-4

TLVs 29-6

LLDP-MED (continued)

monitoring and maintaining 29-10

overview 29-1, 29-2

supported TLVs 29-2

LLDP Media Endpoint Discovery

See LLDP-MED

load balancing 42-4

local SPAN 31-2

location TLV 29-2, 29-6

logging messages, ACL 36-9

login authentication

with RADIUS 10-23

with TACACS+ 10-14

login banners 8-17

log messages

See system message logging

Long-Reach Ethernet (LRE) technology 1-20, 1-31

loop guard

described 21-11

enabling 21-18

support for 1-8

LRE profiles, considerations in switch clusters 7-17

M

MAC/PHY configuration status TLV 29-2

MAC addresses

aging time 8-21

and VLAN association 8-20

building the address table 8-20

default configuration 8-21

disabling learning on a VLAN 8-27

discovering 8-28

displaying 8-28

displaying in the IP source binding table 23-20

dynamic

learning 8-20

removing 8-22

in ACLs 36-28

MAC addresses (continued)

IP address association 40-9

static

adding 8-25

allowing 8-26, 8-27

characteristics of 8-24

dropping 8-26

removing 8-25

MAC address learning 1-6

MAC address learning, disabling on a VLAN 8-27

MAC address notification, support for 1-15

MAC address-table move update

configuration guidelines 22-8

configuring 22-12

default configuration 22-8

description 22-6

monitoring 22-14

MAC address-to-VLAN mapping 14-28

MAC authentication bypass 11-13

MAC extended access lists

applying to Layer 2 interfaces 36-29

configuring for QoS 38-47

creating 36-28

defined 36-28

for QoS classification 38-5

macros

See Auto Smartports macros

See Smartports macros

magic packet 11-22

manageability features 1-6

management access

in-band

browser session 1-7

CLI session 1-7

device manager 1-7

SNMP 1-7

out-of-band console port connection 1-7

management address TLV 29-2

management options

CLI 2-1

clustering 1-4

CNS 5-1

Network Assistant 1-3

overview 1-5

switch stacks 1-3

management VLAN

considerations in switch clusters 7-8

discovery through different management VLANs 7-8

mapping tables for QoS

configuring

CoS-to-DSCP 38-62

DSCP 38-62

DSCP-to-CoS 38-65

DSCP-to-DSCP-mutation 38-66

IP-precedence-to-DSCP 38-63

policed-DSCP 38-64

described 38-12

marking

action in policy map 38-50

action with aggregate policers 38-60

described 38-4, 38-8

matching IPv4 ACLs 36-8

maximum aging time

MSTP 20-24

STP 19-23

maximum hop count, MSTP 20-24

maximum number of allowed devices, port-based authentication 11-35

maximum-paths command 40-53, 40-93

MDA

configuration guidelines11-25to 11-26

described 1-10, 11-25

exceptions with authentication process 11-4

membership mode, VLAN port 14-3

member switch

automatic discovery 7-5

defined 7-2

managing 7-17

passwords 7-14

recovering from lost connectivity 49-12

requirements 7-4

See also candidate switch, cluster standby group, and standby command switch

messages, to users through banners 8-17

metrics, in BGP 40-53

metric translations, between routing protocols 40-98

metro tags 18-2

MHSRP 42-4

MIBs

accessing files with FTP A-4

location of files A-4

overview 34-1

SNMP interaction with 34-4

supported A-1

mini-point-of-presence

See POP

mirroring traffic for analysis 31-1

mismatches, autonegotiation 49-12

module number 12-13

monitoring

access groups 36-41

BGP 40-64

cables for unidirectional links 30-1

CDP 28-5

CEF 40-92

EIGRP 40-44

fallback bridging 48-11

features 1-15

Flex Links 22-14

HSRP 42-13

monitoring (continued)

IEEE 802.1Q tunneling 18-18

IGMP

filters 25-29

snooping 25-16, 26-11

interfaces 12-40

IP

address tables 40-18

multicast routing 46-62

routes 40-106

IP SLAs operations 43-14

IPv4 ACL configuration 36-41

IPv6 41-27

IPv6 ACL configuration 37-9

IS-IS 40-75

ISO CLNS 40-75

Layer 2 protocol tunneling 18-18

MAC address-table move update 22-14

MSDP peers 47-19

multicast router interfaces 25-17, 26-12

multi-VRF CE 40-90

MVR 25-24

network traffic for analysis with probe 31-2

object tracking 44-12

OSPF 40-36

port

blocking 27-19

protection 27-19

private VLANs 17-15

RP mapping information 46-35

SFP status 12-41, 49-14

source-active messages 47-19

speed and duplex mode 12-25

SSM mapping 46-22

traffic flowing among switches 32-1

traffic suppression 27-19

tunneling 18-18

monitoring (continued)

VLAN

filters 36-42

maps 36-42

VLANs 14-16

VMPS 14-32

VTP 15-16

mrouter Port 22-3

mrouter port 22-5

MSDP

benefits of 47-3

clearing MSDP connections and statistics 47-19

controlling source information

forwarded by switch 47-12

originated by switch 47-8

received by switch 47-14

default configuration 47-4

dense-mode regions

sending SA messages to 47-17

specifying the originating address 47-18

filtering

incoming SA messages 47-14

SA messages to a peer 47-12

SA requests from a peer 47-11

join latency, defined 47-6

meshed groups

configuring 47-16

defined 47-16

originating address, changing 47-18

overview 47-1

peer-RPF flooding 47-2

peers

configuring a default 47-4

monitoring 47-19

peering relationship, overview 47-1

requesting source information from 47-8

shutting down 47-16

MSDP (continued)

source-active messages

caching 47-6

clearing cache entries 47-19

defined 47-2

filtering from a peer 47-11

filtering incoming 47-14

filtering to a peer 47-12

limiting data with TTL 47-14

monitoring 47-19

restricting advertised sources 47-9

support for 1-14

MSTP

boundary ports

configuration guidelines 20-16

described 20-6

BPDU filtering

described 21-3

enabling 21-14

BPDU guard

described 21-2

enabling 21-13

CIST, described 20-3

CIST regional root 20-3

CIST root 20-5

configuration guidelines 20-15, 21-12

configuring

forward-delay time 20-23

hello time 20-22

link type for rapid convergence 20-24

maximum aging time 20-24

maximum hop count 20-24

MST region 20-16

neighbor type 20-25

path cost 20-21

port priority 20-20

root switch 20-17

secondary root switch 20-19

switch priority 20-22

MSTP (continued)

CST

defined 20-3

operations between regions 20-4

default configuration 20-15

default optional feature configuration 21-12

displaying status 20-26

enabling the mode 20-16

EtherChannel guard

described 21-10

enabling 21-17

extended system ID

effects on root switch 20-18

effects on secondary root switch 20-19

unexpected behavior 20-18

IEEE 802.1s

implementation 20-6

port role naming change 20-7

terminology 20-5

instances supported 19-10

interface state, blocking to forwarding 21-2

interoperability and compatibility among modes 19-11

interoperability with IEEE 802.1D

described 20-9

restarting migration process 20-26

IST

defined 20-3

master 20-3

operations within a region 20-3

loop guard

described 21-11

enabling 21-18

mapping VLANs to MST instance 20-16

MSTP (continued)

MST region

CIST 20-3

configuring 20-16

described 20-2

hop-count mechanism 20-5

IST 20-3

supported spanning-tree instances 20-2

optional features supported 1-8

overview 20-2

Port Fast

described 21-2

enabling 21-12

preventing root switch selection 21-10

root guard

described 21-10

enabling 21-18

root switch

configuring 20-18

effects of extended system ID 20-18

unexpected behavior 20-18

shutdown Port Fast-enabled port 21-2

stack changes, effects of 20-8

status, displaying 20-26

MTU

system 12-35

system jumbo 12-34

system routing 12-35

multiauth mode

See multiple-authentication mode

multicast groups

Immediate Leave 25-6

joining 25-3

leaving 25-5

static joins 25-11, 26-8

multicast packets

ACLs on 36-41

blocking 27-8

multicast router interfaces, monitoring 25-17, 26-12

multicast router ports, adding 25-10, 26-8

Multicast Source Discovery Protocol

See MSDP

multicast storm 27-1

multicast storm-control command 27-4

multicast television application 25-19

multicast VLAN 25-18

Multicast VLAN Registration

See MVR

multidomain authentication

See MDA

multioperations scheduling, IP SLAs 43-5

multiple authentication 11-11

Multiple HSRP

See MHSRP

multiple VPN routing/forwarding in customer edge devices

See multi-VRF CE

multi-VRF CE

configuration example 40-86

configuration guidelines 40-78

configuring 40-78

default configuration 40-78

defined 40-76

displaying 40-90

monitoring 40-90

network components 40-78

packet-forwarding process 40-77

support for 1-13

MVR

and address aliasing 25-21

and IGMPv3 25-21

configuration guidelines 25-21

configuring interfaces 25-22

default configuration 25-20

described 25-18

example application 25-19

in the switch stack 25-20

modes 25-22

MVR (continued)

monitoring 25-24

multicast television application 25-19

setting global parameters 25-21

support for 1-5

N

NAC

AAA down policy 1-11

critical authentication 11-19, 11-50

IEEE 802.1x authentication using a RADIUS server 11-55

IEEE 802.1x validation using RADIUS server 11-55

inaccessible authentication bypass 1-11, 11-50

Layer 2 IEEE 802.1x validation 1-11, 11-55

Layer 2 IEEE802.1x validation 11-24

Layer 2 IP validation 1-11

named IPv4 ACLs 36-15

named IPv6 ACLs 37-3

NameSpace Mapper

See NSM

native VLAN

and IEEE 802.1Q tunneling 18-4

configuring 14-23

default 14-23

NEAT

configuring 11-56

overview 11-26

neighbor discovery, IPv6 41-4

neighbor discovery/recovery, EIGRP 40-37

neighbors, BGP 40-59

Network Admission Control

See NAC

Network Assistant

benefits 1-2

described 1-5

downloading image files 1-3

guide mode 1-3

Network Assistan (continued)t

management options 1-3

managing switch stacks 6-2, 6-16

requirements xlvi

upgrading a switch B-24

wizards 1-3

network configuration examples

cost-effective wiring closet 1-21

high-performance wiring closet 1-22

increasing network performance 1-19

large network 1-28

long-distance, high-bandwidth transport 1-32

multidwelling network 1-31

providing network services 1-19

redundant Gigabit backbone 1-24

server aggregation and Linux server cluster 1-24

small to medium-sized network 1-26

network design

performance 1-19

services 1-19

Network Edge Access Topology

See NEAT

network management

CDP 28-1

RMON 32-1

SNMP 34-1

network performance, measuring with IP SLAs 43-3

network policy TLV 29-2, 29-6

Network Time Protocol

See NTP

no commands 2-4

nonhierarchical policy maps

configuration guidelines 38-35

configuring 38-50

described 38-9

non-IP traffic filtering 36-28

nontrunking mode 14-18

normal-range VLANs 14-4

configuration guidelines 14-6

configuration modes 14-7

configuring 14-4

defined 14-1

no switchport command 12-4

note, described xlvi

not-so-stubby areas

See NSSA

NSAPs, as ISO IGRP addresses 40-66

NSF Awareness

IS-IS 40-68

NSM 5-3

NSSA, OSPF 40-31

NTP

associations

authenticating 8-4

defined 8-2

enabling broadcast messages 8-6

peer 8-5

server 8-5

default configuration 8-4

displaying the configuration 8-11

overview 8-2

restricting access

creating an access group 8-8

disabling NTP services per interface 8-10

source IP address, configuring 8-10

stratum 8-2

support for 1-6

synchronizing devices 8-5

time

services 8-2

synchronizing 8-2

O

OBFL

configuring 49-27

described 49-26

displaying 49-27

object tracking

HSRP 44-7

IP SLAs 44-9

IP SLAs, configuring 44-9

monitoring 44-12

offline configuration for switch stacks 6-8

on-board failure logging

See OBFL

online diagnostics

described 50-1

overview 50-1

running tests 50-5

open1x

configuring 11-60

open1x authentication

overview 11-24

Open Shortest Path First

See OSPF

optimizing system resources 9-1

options, management 1-5

OSPF

area parameters, configuring 40-31

configuring 40-29

default configuration

metrics 40-33

route 40-33

settings 40-27

described 40-25

for IPv6 41-6

interface parameters, configuring 40-30

LSA group pacing 40-35

monitoring 40-36

router IDs 40-35

OSPF (continued)

route summarization 40-32

support for 1-13

virtual links 40-33

out-of-profile markdown 1-12

P

packet modification, with QoS 38-21

PAgP

Layer 2 protocol tunneling 18-9

See EtherChannel

parallel paths, in routing tables 40-92

passive interfaces

configuring 40-103

OSPF 40-33

passwords

default configuration 10-2

disabling recovery of 10-5

encrypting 10-3

for security 1-9

in clusters 7-15

overview 10-1

recovery of 49-3

setting

enable 10-3

enable secret 10-3

Telnet 10-6

with usernames 10-6

VTP domain 15-8

path cost

MSTP 20-21

STP 19-20

path MTU discovery 41-4

PBR

defined 40-99

enabling 40-101

fast-switched policy-based routing 40-102

local policy-based routing 40-102

PC (passive command switch) 7-11

peers, BGP 40-59

percentage thresholds in tracked lists 44-6

performance, network design 1-19

performance features 1-4

persistent self-signed certificate 10-43

per-user ACLs and Filter-Ids 11-8

per-VLAN spanning-tree plus

See PVST+

PE to CE routing, configuring 40-85

physical ports 12-2

PIM

default configuration 46-11

dense mode

overview 46-4

rendezvous point (RP), described 46-5

RPF lookups 46-8

displaying neighbors 46-63

enabling a mode 46-14

overview 46-4

router-query message interval, modifying 46-38

shared tree and source tree, overview 46-35

shortest path tree, delaying the use of 46-37

sparse mode

join messages and shared tree 46-5

overview 46-5

prune messages 46-5

RPF lookups 46-9

stub routing

configuration guidelines 46-23

enabling 46-23

overview 46-5

support for 1-13

versions

interoperability 46-11

troubleshooting interoperability problems 46-35

v2 improvements 46-4

PIM-DVMRP, as snooping method 25-9

ping

character output description 49-16

executing 49-15

overview 49-15

PoE

auto mode 12-9

CDP with power consumption, described 12-7

CDP with power negotiation, described 12-7

Cisco intelligent power management 12-7

configuring 12-27

devices supported 12-6

high-power devices operating in low-power mode 12-7

IEEE power classification levels 12-8

monitoring 12-10

monitoring power 12-30

policing power consumption 12-30

policing power usage 12-10

power budgeting 12-28

power consumption 12-28

powered-device detection and initial power allocation 12-7

power management modes 12-9

power negotiation extensions to CDP 12-7

standards supported 12-7

static mode 12-9

supported watts per port 12-7

troubleshooting 49-13

policed-DSCP map for QoS 38-64

policers

configuring

for each matched traffic class 38-50

for more than one traffic class 38-60

described 38-4

displaying 38-80

number of 38-36

types of 38-9

policing

described 38-4

hierarchical

See hierarchical policy maps

token-bucket algorithm 38-9

policy-based routing

See PBR

policy maps for QoS

characteristics of 38-50

described 38-7

displaying 38-80

hierarchical 38-8

hierarchical on SVIs

configuration guidelines 38-35

configuring 38-54

described 38-11

nonhierarchical on physical ports

configuration guidelines 38-35

configuring 38-50

described 38-9

POP 1-31

port ACLs

defined 36-2

types of 36-3

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting 11-12

authentication server

defined 11-3

RADIUS server 11-3

client, defined 11-3

configuration guidelines 11-33

port-based authentication (continued)

configuring

802.1x authentication 11-38

guest VLAN 11-47

host mode 11-41

inaccessible authentication bypass 11-50

manual re-authentication of a client 11-43

periodic re-authentication 11-42

quiet period 11-43

RADIUS server 11-40

RADIUS server parameters on the switch 11-39

restricted VLAN 11-48

switch-to-client frame-retransmission number 11-44, 11-46

switch-to-client retransmission time 11-44

violation mode 11-22

violation modes11-37to 11-38

default configuration 11-31

described 11-1

device roles 11-2

displaying statistics 11-66

downloadable ACLs and redirect URLs

configuring11-58to 11-60

overview11-16to 11-17

EAPOL-start frame 11-5

EAP-request/identity frame 11-5

EAP-response/identity frame 11-5

encapsulation 11-3

flexible authentication ordering

configuring 11-60

overview 11-24

guest VLAN

configuration guidelines 11-18, 11-19

described 11-17

host mode 11-11

inaccessible authentication bypass

configuring 11-50

described 11-19

guidelines 11-34

port-based authentication (continued)

initiation and message exchange 11-5

magic packet 11-22

maximum number of allowed devices per port 11-35

method lists 11-38

multiple authentication 11-11

multiple-hosts mode, described 11-11

per-user ACLs

AAA authorization 11-38

configuration tasks 11-16

described 11-15

RADIUS server attributes 11-15

ports

authorization state and dot1x port-control command 11-9

authorized and unauthorized 11-9

critical 11-19

voice VLAN 11-20

port security

and voice VLAN 11-22

described 11-21

interactions 11-21

multiple-hosts mode 11-11

readiness check

configuring 11-35

described 11-13, 11-35

resetting to default values 11-65

stack changes, effects of 11-10

statistics, displaying 11-66

switch

as proxy 11-3

RADIUS client 11-3

switch supplicant

configuring 11-56

overview 11-26

port-based authentication (continued)

VLAN assignment

AAA authorization 11-38

characteristics 11-14

configuration tasks 11-14

described 11-13

voice aware 802.1x security

configuring 11-36

described 11-30, 11-36

voice VLAN

described 11-20

PVID 11-20

VVID 11-20

wake-on-LAN, described 11-22

port-based authentication methods, supported 11-7

port-based trust

IPv4 and IPv6 9-2, 38-2

port blocking 1-4, 27-7

port-channel

See EtherChannel

port description TLV 29-2

Port Fast

described 21-2

enabling 21-12

mode, spanning tree 14-29

support for 1-8

port membership modes, VLAN 14-3

port priority

MSTP 20-20

STP 19-18

ports

10-Gigabit Ethernet 12-6

access 12-3

blocking 27-7

dynamic access 14-4

protected 27-6

routed 12-4

secure 27-8

static-access 14-3, 14-11

ports (continued)

switch 12-2

trunks 14-3, 14-16

VLAN assignments 14-11

port security

aging 27-17

and private VLANs 27-18

and QoS trusted boundary 38-40

and stacking 27-18

configuring 27-13

default configuration 27-11

described 27-8

displaying 27-19

enabling 27-18

on trunk ports 27-14

sticky learning 27-9

violations 27-10

with other features 27-11

port-shutdown response, VMPS 14-28

port VLAN ID TLV 29-2

power management TLV 29-2, 29-6

Power over Ethernet

See PoE

power supply

configuring 12-39

managing 12-39

preemption, default configuration 22-8

preemption delay, default configuration 22-8

preferential treatment of traffic

See QoS

prefix lists, BGP 40-57

preventing unauthorized access 10-1

primary interface for object tracking, DHCP, configuring 44-11

primary interface for static routing, configuring 44-10

primary links 22-2

primary VLANs 17-1, 17-3

priority

HSRP 42-8

overriding CoS 16-6

trusting CoS 16-6

private VLAN edge ports

See protected ports

private VLANs

across multiple switches 17-4

and SDM template 17-4

and SVIs 17-5

and switch stacks 17-5

benefits of 17-1

community ports 17-2

community VLANs 17-2, 17-3

configuration guidelines 17-7, 17-8

configuration tasks 17-6

configuring 17-10

default configuration 17-6

end station access to 17-3

IP addressing 17-3

isolated port 17-2

isolated VLANs 17-2, 17-3

mapping 17-14

monitoring 17-15

ports

community 17-2

configuration guidelines 17-8

configuring host ports 17-11

configuring promiscuous ports 17-13

isolated 17-2

promiscuous 17-2

primary VLANs 17-1, 17-3

promiscuous ports 17-2

secondary VLANs 17-2

subdomains 17-1

traffic in 17-5

privileged EXEC mode 2-2

privilege levels

changing the default for lines 10-9

command switch 7-18

exiting 10-9

logging into 10-9

mapping on member switches 7-18

overview 10-2, 10-7

setting a command with 10-8

promiscuous ports

configuring 17-13

defined 17-2

protected ports 1-10, 27-6

protocol-dependent modules, EIGRP 40-37

Protocol-Independent Multicast Protocol

See PIM

provider edge devices 40-76

provisioning new members for a switch stack 6-8

proxy ARP

configuring 40-12

definition 40-10

with IP routing disabled 40-12

proxy reports 22-4

pruning, VTP

disabling

in VTP domain 15-14

on a port 14-23

enabling

in VTP domain 15-14

on a port 14-22

examples 15-5

overview 15-4

pruning-eligible list

changing 14-22

for VTP pruning 15-5

VLANs 15-14

PVST+

described 19-10

IEEE 802.1Q trunking interoperability 19-11

instances supported 19-10

Q

QoS

and MQC commands 38-1

auto-QoS

categorizing traffic 38-23

configuration and defaults display 38-32

configuration guidelines 38-27

described 38-22

disabling 38-29

displaying generated commands 38-29

displaying the initial configuration 38-32

effects on running configuration 38-27

egress queue defaults 38-23

enabling for VoIP 38-28

example configuration 38-30

ingress queue defaults 38-23

list of generated commands 38-24

basic model 38-4

classification

class maps, described 38-7

defined 38-4

DSCP transparency, described 38-41

flowchart 38-6

forwarding treatment 38-3

in frames and packets 38-3

IP ACLs, described 38-5, 38-7

MAC ACLs, described 38-5, 38-7

options for IP traffic 38-5

options for non-IP traffic 38-5

policy maps, described 38-7

trust DSCP, described 38-5

trusted CoS, described 38-5

trust IP precedence, described 38-5

class maps

configuring 38-48

displaying 38-80

QoS (continued)

configuration guidelines

auto-QoS 38-27

standard QoS 38-35

configuring

aggregate policers 38-60

auto-QoS 38-22

default port CoS value 38-39

DSCP maps 38-62

DSCP transparency 38-41

DSCP trust states bordering another domain 38-42

egress queue characteristics 38-72

ingress queue characteristics 38-68

IP extended ACLs 38-46

IP standard ACLs 38-45

MAC ACLs 38-47

policy maps, hierarchical 38-54

policy maps on physical ports 38-50

port trust states within the domain 38-38

trusted boundary 38-40

default auto configuration 38-23

default standard configuration 38-33

displaying statistics 38-80

DSCP transparency 38-41

egress queues

allocating buffer space 38-73

buffer allocation scheme, described 38-19

configuring shaped weights for SRR 38-77

configuring shared weights for SRR 38-78

described 38-4

displaying the threshold map 38-76

flowchart 38-18

mapping DSCP or CoS values 38-75

scheduling, described 38-4

setting WTD thresholds 38-73

WTD, described 38-21

enabling globally 38-37

QoS (continued)

flowcharts

classification 38-6

egress queueing and scheduling 38-18

ingress queueing and scheduling 38-15

policing and marking 38-10

implicit deny 38-7

ingress queues

allocating bandwidth 38-70

allocating buffer space 38-70

buffer and bandwidth allocation, described 38-17

configuring shared weights for SRR 38-70

configuring the priority queue 38-71

described 38-4

displaying the threshold map 38-69

flowchart 38-15

mapping DSCP or CoS values 38-69

priority queue, described 38-17

scheduling, described 38-4

setting WTD thresholds 38-69

WTD, described 38-17

IP phones

automatic classification and queueing 38-22

detection and trusted settings 38-22, 38-40

limiting bandwidth on egress interface 38-79

mapping tables

CoS-to-DSCP 38-62

displaying 38-80

DSCP-to-CoS 38-65

DSCP-to-DSCP-mutation 38-66

IP-precedence-to-DSCP 38-63

policed-DSCP 38-64

types of 38-12

marked-down actions 38-52, 38-57

marking, described 38-4, 38-8

overview 38-2

packet modification 38-21

QoS (continued)

policers

configuring 38-52, 38-57, 38-60

described 38-8

displaying 38-80

number of 38-36

types of 38-9

policies, attaching to an interface 38-8

policing

described 38-4, 38-8

token bucket algorithm 38-9

policy maps

characteristics of 38-50

displaying 38-80

hierarchical 38-8

hierarchical on SVIs 38-54

nonhierarchical on physical ports 38-50

QoS label, defined 38-4

queues

configuring egress characteristics 38-72

configuring ingress characteristics 38-68

high priority (expedite) 38-21, 38-78

location of 38-13

SRR, described 38-14

WTD, described 38-14

rewrites 38-21

support for 1-12

trust states

bordering another domain 38-42

described 38-5

trusted device 38-40

within the domain 38-38

quality of service

See QoS

queries, IGMP 25-4

query solicitation, IGMP 25-13

R

RADIUS

attributes

vendor-proprietary 10-30

vendor-specific 10-29

configuring

accounting 10-28

authentication 10-23

authorization 10-27

communication, global 10-21, 10-29

communication, per-server 10-20, 10-21

multiple UDP ports 10-21

default configuration 10-20

defining AAA server groups 10-25

displaying the configuration 10-31

identifying the server 10-20

in clusters 7-17

limiting the services to the user 10-27

method list, defined 10-20

operation of 10-19

overview 10-18

server load balancing 10-31

suggested network environments 10-18

support for 1-11

tracking services accessed by user 10-28

range

macro 12-16

of interfaces 12-15

rapid convergence 20-10

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described 19-10

IEEE 802.1Q trunking interoperability 19-11

instances supported 19-10

Rapid Spanning Tree Protocol

See RSTP

RARP 40-10

rcommand command 7-17

RCP

configuration files

downloading B-18

overview B-16

preparing the server B-17

uploading B-19

image files

deleting old image B-38

downloading B-36

preparing the server B-35

uploading B-38

reachability, tracking IP SLAs IP host 44-9

readiness check

port-based authentication

configuring 11-35

described 11-13, 11-35

reconfirmation interval, VMPS, changing 14-31

reconfirming dynamic VLAN membership 14-31

recovery procedures 49-1

redirect URL 11-16, 11-58

redundancy

EtherChannel 39-3

HSRP 42-1

STP

backbone 19-8

multidrop backbone 21-5

path cost 14-26

port priority 14-24

redundant links and UplinkFast 21-15

redundant power system

See Cisco Redundant Power System 2300

reliable transport protocol, EIGRP 40-37

reloading software 3-21

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN 31-3

report suppression, IGMP

described 25-6

disabling 25-16, 26-11

requirements

cluster xlvi

device manager xlvi

Network Assistant xlvi

resequencing ACL entries 36-15

resets, in BGP 40-51

resetting a UDLD-shutdown interface 30-6

responder, IP SLAs

described 43-4

enabling 43-8

response time, measuring with IP SLAs 43-4

restricted VLAN

configuring 11-48

described 11-18

using with IEEE 802.1x 11-18

restricting access

NTP services 8-8

overview 10-1

passwords and privilege levels 10-2

RADIUS 10-17

TACACS+ 10-10

retry count, VMPS, changing 14-32

reverse address resolution 40-9

Reverse Address Resolution Protocol

See RARP

RFC

1058, RIP 40-20

1112, IP multicast and IGMP 25-2

1157, SNMPv1 34-2

1163, BGP 40-44

1166, IP addresses 40-7

RFC (continued)

1253, OSPF 40-25

1267, BGP 40-44

1305, NTP 8-2

1587, NSSAs 40-26

1757, RMON 32-2

1771, BGP 40-44

1901, SNMPv2C 34-2

1902 to 1907, SNMPv2 34-2

2236, IP multicast and IGMP 25-2

2273-2275, SNMPv3 34-2

RIP

advertisements 40-20

authentication 40-23

configuring 40-21

default configuration 40-21

described 40-20

for IPv6 41-6

hop counts 40-20

split horizon 40-23

summary addresses 40-24

support for 1-13

RMON

default configuration 32-3

displaying status 32-6

enabling alarms and events 32-3

groups supported 32-2

overview 32-1

statistics

collecting group Ethernet 32-5

collecting group history 32-5

support for 1-15

root guard

described 21-10

enabling 21-18

support for 1-8

root switch

MSTP 20-17

STP 19-16

route calculation timers, OSPF 40-33

route dampening, BGP 40-63

routed packets, ACLs on 36-40

routed ports

configuring 40-5

defined 12-4

in switch clusters 7-9

IP addresses on 12-33, 40-5

route-map command 40-101

route maps

BGP 40-55

policy-based routing 40-99

router ACLs

defined 36-2

types of 36-4

route reflectors, BGP 40-62

router ID, OSPF 40-35

route selection, BGP 40-53

route summarization, OSPF 40-32

route targets, VPN 40-78

routing

default 40-3

dynamic 40-3

redistribution of information 40-95

static 40-3

routing domain confederation, BGP 40-62

Routing Information Protocol

See RIP

routing protocol administrative distances 40-94

RPS

See Cisco Redundant Power System 2300

RPS 2300

See Cisco Redundant Power System 2300

RSPAN 31-3

and stack changes 31-11

characteristics 31-9

configuration guidelines 31-19

default configuration 31-12

destination ports 31-8

RSPAN (continued)      31-3

displaying status 31-31

in a switch stack 31-2

interaction with other features 31-10

monitored ports 31-7

monitoring ports 31-8

overview 1-15, 31-1

received traffic 31-6

session limits 31-13

sessions

creating 31-20

defined 31-4

limiting source traffic to specific VLANs 31-22

specifying monitored ports 31-20

with ingress traffic enabled 31-25

source ports 31-7

transmitted traffic 31-6

VLAN-based 31-7

RSTP

active topology 20-10

BPDU

format 20-12

processing 20-13

designated port, defined 20-9

designated switch, defined 20-9

interoperability with IEEE 802.1D

described 20-9

restarting migration process 20-26

topology changes 20-13

overview 20-9

port roles

described 20-9

synchronized 20-11

proposal-agreement handshake process 20-10

RSTP (continued)

rapid convergence

cross-stack rapid convergence 20-11

described 20-10

edge ports and Port Fast 20-10

point-to-point links 20-10, 20-24

root ports 20-10

root port, defined 20-9

See also MSTP

running configuration

replacing B-20, B-21

rolling back B-20, B-21

saving 3-15

S

SC (standby command switch) 7-11

scheduled reloads 3-21

scheduling, IP SLAs operations 43-5

SCP

and SSH 10-49

configuring 10-49

SDM

described 9-1

switch stack consideration 6-10

templates

configuring 9-5

number of 9-1

SDM template

configuring 9-4

dual IPv4 and IPv6 9-2

types of 9-1

secondary VLANs 17-2

Secure Copy Protocol

secure HTTP client

configuring 10-48

displaying 10-49

secure HTTP server

configuring 10-46

displaying 10-49

secure MAC addresses

and switch stacks 27-18

deleting 27-16

maximum number of 27-10

types of 27-9

secure ports

and switch stacks 27-18

configuring 27-8

secure remote connections 10-38

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port 27-8

security features 1-9

See SCP

sequence numbers in log messages 33-8

server mode, VTP 15-3

service-provider network, MSTP and RSTP 20-1

service-provider networks

and customer VLANs 18-2

and IEEE 802.1Q tunneling 18-1

Layer 2 protocols across 18-8

Layer 2 protocol tunneling for EtherChannels 18-9

set-request operation 34-5

setup program

failed command switch replacement 49-11

replacing failed command switch 49-9

severity levels, defining in system messages 33-9

SFPs

monitoring status of 12-41, 49-14

numbering of 12-13

security and identification 49-13

status, displaying 49-14

shaped round robin

See SRR

Shell functions

See Auto Smartports macros

Shell triggers

See Auto Smartports macros

show access-lists hw-summary command 36-22

show and more command output, filtering 2-10

show cdp traffic command 28-5

show cluster members command 7-17

show configuration command 12-31

show forward command 49-22

show interfaces command 12-25, 12-31

show interfaces switchport 22-4

show l2protocol command 18-13, 18-15, 18-16

show lldp traffic command 29-11

show platform forward command 49-22

show running-config command

displaying ACLs 36-20, 36-21, 36-32, 36-35

interface description in 12-31

shutdown command on interfaces 12-42

shutdown threshold for Layer 2 protocol packets 18-11

Simple Network Management Protocol

See SNMP

small form-factor pluggable modules

See SFPs

small-frame arrival rate, configuring 27-5

Smartports macros

applying Cisco-default macros 13-13

applying global parameter values 13-13

configuration guidelines 13-12

default configuration 13-12

defined 13-1

displaying 13-14

tracing 13-12

SNAP 28-1

SNMP

accessing MIB variables with 34-4

agent

described 34-4

disabling 34-8

SNMP (continued)

and IP SLAs 43-2

authentication level 34-11

community strings

configuring 34-8

for cluster switches 34-4

overview 34-4

configuration examples 34-18

default configuration 34-7

engine ID 34-7

groups 34-7, 34-10

host 34-7

ifIndex values 34-6

in-band management 1-7

in clusters 7-15

informs

and trap keyword 34-12

described 34-5

differences from traps 34-5

disabling 34-16

enabling 34-16

limiting access by TFTP servers 34-17

limiting system log messages to NMS 33-10

manager functions 1-6, 34-3

managing clusters with 7-18

MIBs

location of A-4

supported A-1

notifications 34-5

overview 34-1, 34-4

security levels 34-3

setting CPU threshold notification 34-16

status, displaying 34-19

system contact and location 34-17

trap manager, configuring 34-14

SNMP (continued)

traps

described 34-3, 34-5

differences from informs 34-5

disabling 34-16

enabling 34-12

enabling MAC address notification 8-22

overview 34-1, 34-5

types of 34-12

users 34-7, 34-10

versions supported 34-2

SNMP and Syslog Over IPv6 41-7

SNMPv1 34-2

SNMPv2C 34-2

SNMPv3 34-2

snooping, IGMP 25-2

software compatibility

See stacks, switch

software images

location in flash B-25

recovery procedures 49-2

scheduling reloads 3-22

tar file format, described B-25

See also downloading and uploading

software images in mixed stacks

See the Cisco Software Activation and Compatibility Document

source addresses

in IPv4 ACLs 36-12

in IPv6 ACLs 37-6

source-and-destination-IP address based forwarding, EtherChannel 39-9

source-and-destination MAC address forwarding, EtherChannel 39-9

source-IP address based forwarding, EtherChannel 39-9

source-MAC address forwarding, EtherChannel 39-8

Source-specific multicast

See SSM

SPAN

and stack changes 31-11

configuration guidelines 31-13

default configuration 31-12

destination ports 31-8

displaying status 31-31

interaction with other features 31-10

monitored ports 31-7

monitoring ports 31-8

overview 1-15, 31-1

ports, restrictions 27-12

received traffic 31-6

session limits 31-13

sessions

configuring ingress forwarding 31-17, 31-26

creating 31-14, 31-28

defined 31-4

limiting source traffic to specific VLANs 31-18

removing destination (monitoring) ports 31-15

specifying monitored ports 31-14, 31-28

with ingress traffic enabled 31-16

source ports 31-7

transmitted traffic 31-6

VLAN-based 31-7

spanning tree and native VLANs 14-19

Spanning Tree Protocol

See STP

SPAN traffic 31-6

split horizon, RIP 40-23

SRR

configuring

shaped weights on egress queues 38-77

shared weights on egress queues 38-78

shared weights on ingress queues 38-70

described 38-14

shaped mode 38-14

shared mode 38-15

support for 1-12, 1-13

SSH

configuring 10-39

cryptographic software image 10-37

described 1-7, 10-38

encryption methods 10-38

switch stack considerations 6-17, 10-38

user authentication methods, supported 10-39

SSL

configuration guidelines 10-45

configuring a secure HTTP client 10-48

configuring a secure HTTP server 10-46

cryptographic software image 10-42

described 10-42

monitoring 10-49

SSM

address management restrictions 46-16

CGMP limitations 46-16

components 46-14

configuration guidelines 46-16

configuring 46-14, 46-17

differs from Internet standard multicast 46-15

IGMP snooping 46-16

IGMPv3 46-14

IGMPv3 Host Signalling 46-16

IP address range 46-15

monitoring 46-17

operations 46-15

PIM 46-14

state maintenance limitations 46-17

SSM mapping 46-17

configuration guidelines 46-18

configuring 46-17, 46-20

DNS-based 46-19, 46-21

monitoring 46-22

overview 46-18

restrictions 46-18

static 46-19, 46-20

static traffic forwarding 46-21

stack changes

effects on

IPv6 routing 41-9

stack changes, effects on

ACL configuration 36-7

CDP 28-2

cross-stack EtherChannel 39-13

EtherChannel 39-10

fallback bridging 48-3

HSRP 42-5

IEEE 802.1x port-based authentication 11-10

IGMP snooping 25-7

IP routing 40-4

IPv6 ACLs 37-3

MAC address tables 8-21

MSTP 20-8

multicast routing 46-10

MVR 25-18

port security 27-18

SDM template selection 9-3

SNMP 34-1

SPAN and RSPAN 31-11

STP 19-12

switch clusters 7-15

system message log 33-2

VLANs 14-6

VTP 15-6

stack master

bridge ID (MAC address) 6-6

defined 6-2

election 6-5

IPv6 41-9

re-election 6-5

See also stacks, switch

stack member

accessing CLI of specific member 6-24

configuring

member number 6-22

priority value 6-22

defined 6-2

displaying information of 6-25

IPv6 41-10

number 6-6

priority value 6-7

provisioning a new member 6-23

replacing 6-15

See also stacks, switch

stack member number 12-13

stack protocol version 6-11

stacks, switch

accessing CLI of specific member 6-24

assigning information

member number 6-22

priority value 6-22

provisioning a new member 6-23

auto-advise 6-12

auto-copy 6-12

auto-extract 6-12

auto-upgrade 6-12

bridge ID 6-6

Catalyst 3750-E-only 6-1

CDP considerations 28-2

compatibility, software 6-10

configuration file 6-15

configuration scenarios 6-18

copying an image file from one member to another B-39

default configuration 6-20

description of 6-1

displaying information of 6-25

enabling persistent MAC address timer 6-20

hardware compatibility and SDM mismatch mode 6-10

stacks, switch (continued)

HSRP considerations 42-5

in clusters 7-15

incompatible software and image upgrades 6-15, B-39

IPv6 on 41-9

MAC address considerations 8-21

MAC address of 6-20

management connectivity 6-16

managing 6-1

managing mixed

See Catalyst 3750-E and 3750 Switch Stacking Compatibility Guide

membership 6-3

merged 6-4

mixed

hardware 6-1

hardware and software 6-2

software 6-2

with Catalyst 3750-E and 3750 switches 6-1

mixed software images

See Cisco Software Activation and Compatibility Document

MSTP instances supported 19-10

multicast routing, stack master and member roles 46-10

offline configuration

described 6-8

effects of adding a provisioned switch 6-8

effects of removing a provisioned switch 6-10

effects of replacing a provisioned switch 6-10

provisioned configuration, defined 6-8

provisioned switch, defined 6-8

provisioning a new member 6-23

partitioned 6-4, 49-8

provisioned switch

adding 6-8

removing 6-10

replacing 6-10

replacing a failed member 6-15

software compatibility 6-10

stacks, switch (continued)

software image version 6-10

stack protocol version 6-11

STP

bridge ID 19-3

instances supported 19-10

root port selection 19-3

stack root switch election 19-3

system messages

hostnames in the display 33-1

remotely monitoring 33-2

system prompt consideration 8-14

system-wide configuration considerations 6-16

upgrading B-39

version-mismatch (VM) mode

automatic upgrades with auto-upgrade 6-12

described 6-11

examples 6-13

manual upgrades with auto-advise 6-12

upgrades with auto-extract 6-12

See also stack master and stack member

StackWise Plus technology, Cisco 1-3

See also stacks, switch

standby command switch

configuring

considerations 7-12

defined 7-2

priority 7-11

requirements 7-3

virtual IP address 7-12

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

standby ip command 42-7

standby links 22-2

standby router 42-1

standby timers, HSRP 42-11

startup configuration

booting

manually 3-18

specific image 3-18

clearing B-20

configuration file

automatically downloading 3-17

specifying the filename 3-17

default boot configuration 3-17

static access ports

assigning to VLAN 14-11

defined 12-3, 14-3

static addresses

See addresses

static IP routing 1-13

static MAC addressing 1-9

static route primary interface, configuring 44-10

static routes

configuring 40-93

understanding 41-6

static routing 40-3

static routing support, enhanced object tracking 44-10

static SSM mapping 46-19, 46-20

static traffic forwarding 46-21

static VLAN membership 14-2

statistics

CDP 28-5

IEEE 802.1x 11-66

interface 12-40

IP multicast routing 46-62

LLDP 29-10

LLDP-MED 29-10

NMSP 29-10

OSPF 40-36

QoS ingress and egress 38-80

RMON group Ethernet 32-5

RMON group history 32-5

SNMP input and output 34-19

VTP 15-16

sticky learning 27-9

storm control

configuring 27-3

described 27-1

disabling 27-5

displaying 27-19

support for 1-4

thresholds 27-2

STP

accelerating root port selection 21-4

BackboneFast

described 21-7

disabling 21-17

enabling 21-16

BPDU filtering

described 21-3

disabling 21-15

enabling 21-14

BPDU guard

described 21-2

disabling 21-14

enabling 21-13

BPDU message exchange 19-3

configuration guidelines 19-13, 21-12

configuring

forward-delay time 19-23

hello time 19-22

maximum aging time 19-23

path cost 19-20

port priority 19-18

root switch 19-16

secondary root switch 19-18

spanning-tree mode 19-15

switch priority 19-21

transmit hold-count 19-24

counters, clearing 19-24

cross-stack UplinkFast

described 21-5

enabling 21-16

STP (continued)

default configuration 19-13

default optional feature configuration 21-12

designated port, defined 19-4

designated switch, defined 19-4

detecting indirect link failures 21-8

disabling 19-16

displaying status 19-24

EtherChannel guard

described 21-10

disabling 21-17

enabling 21-17

extended system ID

effects on root switch 19-16

effects on the secondary root switch 19-18

overview 19-4

unexpected behavior 19-16

features supported 1-8

IEEE 802.1D and bridge ID 19-4

IEEE 802.1D and multicast addresses 19-9

IEEE 802.1t and VLAN identifier 19-5

inferior BPDU 19-3

instances supported 19-10

interface state, blocking to forwarding 21-2

interface states

blocking 19-6

disabled 19-7

forwarding 19-6, 19-7

learning 19-7

listening 19-7

overview 19-5

interoperability and compatibility among modes 19-11

keepalive messages 19-2

Layer 2 protocol tunneling 18-8

limitations with IEEE 802.1Q trunks 19-11

STP (continued)

load sharing

overview 14-24

using path costs 14-26

using port priorities 14-24

loop guard

described 21-11

enabling 21-18

modes supported 19-10

multicast addresses, effect of 19-9

optional features supported 1-8

overview 19-2

path costs 14-26, 14-27

Port Fast

described 21-2

enabling 21-12

port priorities 14-25

preventing root switch selection 21-10

protocols supported 19-10

redundant connectivity 19-8

root guard

described 21-10

enabling 21-18

root port, defined 19-3

root port selection on a switch stack 19-3

root switch

configuring 19-16

effects of extended system ID 19-4, 19-16

election 19-3

unexpected behavior 19-16

shutdown Port Fast-enabled port 21-2

stack changes, effects of 19-12

status, displaying 19-24

superior BPDU 19-3

timers, described 19-22

UplinkFast

described 21-3

enabling 21-15

VLAN-bridge 19-11

stratum, NTP 8-2

stub areas, OSPF 40-31

stub routing, EIGRP 40-43

subdomains, private VLAN 17-1

subnet mask 40-7

subnet zero 40-7

success response, VMPS 14-28

summer time 8-13

SunNet Manager 1-6

supernet 40-8

supported port-based authentication methods 11-7

Smartports macros

See also Auto Smartports macros

SVI autostate exclude

configuring 12-34

defined 12-6

SVI link state 12-6

SVIs

and IP unicast routing 40-5

and router ACLs 36-4

connecting VLANs 12-12

defined 12-5

routing between VLANs 14-2

switch 41-2

switch clustering technology 7-1

See also clusters, switch

switch console port 1-7

Switch Database Management

See SDM

switched packets, ACLs on 36-39

Switched Port Analyzer

See SPAN

switched ports 12-2

switchport backup interface 22-4, 22-5

switchport block multicast command 27-8

switchport block unicast command 27-8

switchport command 12-22

switchport mode dot1q-tunnel command 18-7

switchport protected command 27-7

switch priority

MSTP 20-22

STP 19-21

switch software features 1-1

switch virtual interface

See SVI

synchronization, BGP 40-49

syslog

See system message logging

system capabilities TLV 29-2

system clock

configuring

daylight saving time 8-13

manually 8-11

summer time 8-13

time zones 8-12

displaying the time and date 8-12

overview 8-1

See also NTP

system description TLV 29-2

system message logging

default configuration