Catalyst 3750-E and 3560-E Switch Software Configuration Guide, Cisco IOS Release 15.0(1)SE
Index
Downloads: This chapterpdf (PDF - 1.94MB) The complete bookPDF (PDF - 39.15MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W -

Index

Numerics

10-Gigabit Ethernet interfaces 12-6

A

AAA down policy, NAC Layer 2 IP validation 1-12

abbreviating commands 2-3

ABRs 40-26

AC (command switch) 6-10

access control entries

See ACEs

access-denied response, VMPS 13-26

access groups

applying IPv4 ACLs to interfaces 35-21

Layer 3 35-21

access groups, applying IPv4 ACLs to interfaces 35-21

accessing

clusters, switch 6-13

command switches 6-11

member switches 6-13

switch clusters 6-13

accessing stack members 5-29

access lists

See ACLs

access ports

and Layer 2 protocol tunneling 17-11

defined 12-3

in switch clusters 6-9

access template 8-1

accounting

with 802.1x 10-52

with IEEE 802.1x 10-14

with RADIUS 9-34

with TACACS+ 9-11, 9-17

ACEs

and QoS 37-8

defined 35-2

Ethernet 35-2

IP 35-2

ACLs

ACEs 35-2

applying

on bridged packets 35-41

on multicast packets 35-42

on routed packets 35-42

on switched packets 35-40

time ranges to 35-17

to an interface 35-20, 36-7

to QoS 37-7

classifying traffic for QoS 37-50

comments in 35-19

compiling 35-23

defined 35-2, 35-8

examples of 35-23, 37-50

extended IP, configuring for QoS classification 37-51

extended IPv4

creating 35-11

matching criteria 35-8

hardware and software handling 35-22

IP

creating 35-8

fragments and QoS guidelines 37-40

implicit deny 35-10, 35-14, 35-17

implicit masks 35-10

matching criteria 35-8

undefined 35-22

IPv4

applying to interfaces 35-20

creating 35-8

matching criteria 35-8

named 35-15

numbers 35-8

terminal lines, setting on 35-19

unsupported features 35-7

IPv6

and stacking 36-3

applying to interfaces 36-7

configuring 36-3, 36-4

displaying 36-8

interactions with other features 36-4

limitations 36-3

matching criteria 36-3

named 36-3

precedence of 36-2

supported 36-2

unsupported features 36-3

Layer 4 information in 35-40

logging messages 35-9

MAC extended 35-28, 37-54

matching 35-8, 35-21

monitoring 35-43, 36-8

named

IPv4 35-15

IPv6 36-3

names 36-4

number per QoS class map 37-40

port 35-2, 36-1

precedence of 35-3

QoS 37-7, 37-50

resequencing entries 35-15

router 35-2, 36-1

router ACLs and VLAN map configuration guidelines 35-39

standard IP, configuring for QoS classification 37-50, 37-52

standard IPv4

creating 35-10

matching criteria 35-8

support for 1-11

support in hardware 35-22

time ranges 35-17

types supported 35-2

unsupported features

IPv4 35-7

IPv6 36-3

using router ACLs with VLAN maps 35-39

VLAN maps

configuration guidelines 35-31

configuring 35-31

active link 21-4, 21-5, 21-6

active links 21-2

active router 42-2

active traffic monitoring, IP SLAs 43-1

address aliasing 24-2

addresses

displaying the MAC address table 7-23

dynamic

accelerated aging 18-9

changing the aging time 7-14

default aging 18-9

defined 7-12

learning 7-13

removing 7-15

IPv6 41-2

MAC, discovering 7-24

multicast

group address range 46-3

STP address management 18-9

static

adding and removing 7-20

defined 7-12

address resolution 7-24, 40-9

Address Resolution Protocol

See ARP

adjacency tables, with CEF 40-91

administrative distances

defined 40-103

OSPF 40-34

routing protocol defaults 40-93

advertisements

CDP 27-1

LLDP 28-2

RIP 40-20

VTP 13-17, 14-3, 14-4

aggregatable global unicast addresses 41-3

aggregate addresses, BGP 40-61

aggregated ports

See EtherChannel

aggregate policers 37-72

aggregate policing 1-14

aging, accelerating 18-9

aging time

accelerated

for MSTP 19-24

for STP 18-9, 18-23

MAC address table 7-14

maximum

for MSTP 19-24, 19-25

for STP 18-23, 18-24

alarms, RMON 31-3

allowed-VLAN list 13-19

AP1250 (wireless access point) 1-16

application engines, redirecting traffic to 45-1

area border routers

See ABRs

area routing

IS-IS 40-66

ISO IGRP 40-66

ARP

configuring 40-10

defined 1-7, 7-24, 40-10

encapsulation 40-11

static cache configuration 40-10

table

address resolution 7-24

managing 7-24

ASBRs 40-26

AS-path filters, BGP 40-55

asymmetrical links, and IEEE 802.1Q tunneling 17-4

attributes, RADIUS

vendor-proprietary 9-36

vendor-specific 9-35

attribute-value pairs 10-20

authentication

EIGRP 40-42

HSRP 42-10

local mode with AAA 9-43

open1x 10-31

RADIUS

key 9-27

login 9-29

TACACS+

defined 9-11

key 9-13

login 9-14

See also port-based authentication

authentication compatibility with Catalyst 6000 switches 10-8

authentication failed VLAN

See restricted VLAN

authentication keys, and routing protocols 40-104

authentication manager

CLI commands 10-9

compatibility with older 802.1x CLI commands10-9to 10-10

overview 10-7

single session ID 10-35

authoritative time source, described 7-2

authorization

with RADIUS 9-33

with TACACS+ 9-11, 9-16

authorized ports with IEEE 802.1x 10-10

autoconfiguration 3-3

auto enablement 10-33

automatic advise (auto-advise) in switch stacks 5-12

automatic copy (auto-copy) in switch stacks 5-12

automatic discovery

considerations

beyond a noncandidate device 6-8

brand new switches 6-9

connectivity 6-5

different VLANs 6-7

management VLANs 6-7

non-CDP-capable devices 6-6

noncluster-capable devices 6-6

routed ports 6-8

in switch clusters 6-5

See also CDP

automatic extraction (auto-extract) in switch stacks 5-12

automatic QoS

See QoS

automatic recovery, clusters 6-10

See also HSRP

automatic upgrades (auto-upgrade) in switch stacks 5-12

auto-MDIX

configuring 12-27

described 12-26

autonegotiation

duplex mode 1-4

interface configuration guidelines 12-24

mismatches 49-13

autonomous system boundary routers

See ASBRs

autonomous systems, in BGP 40-49

Auto-RP, described 46-7

autosensing, port speed 1-4

autostate exclude 12-6

auxiliary VLAN

See voice VLAN

availability, features 1-8

B

BackboneFast

described 20-7

disabling 20-17

enabling 20-16

support for 1-9

backup interfaces

See Flex Links

backup links 21-2

backup static routing, configuring 44-12

banners

configuring

login 7-12

message-of-the-day login 7-11

default configuration 7-10

when displayed 7-10

Berkeley r-tools replacement 9-54

BGP

aggregate addresses 40-61

aggregate routes, configuring 40-61

CIDR 40-61

clear commands 40-64

community filtering 40-58

configuring neighbors 40-59

default configuration 40-46

described 40-46

enabling 40-49

monitoring 40-64

multipath support 40-53

neighbors, types of 40-49

path selection 40-53

peers, configuring 40-59

prefix filtering 40-57

resetting sessions 40-51

route dampening 40-63

route maps 40-55

route reflectors 40-62

routing domain confederation 40-62

routing session with multi-VRF CE 40-85

show commands 40-64

supernets 40-61

support for 1-15

Version 4 40-46

binding cluster group and HSRP group 42-12

binding database

address, DHCP server

See DHCP, Cisco IOS server database

DHCP snooping

See DHCP snooping binding database

bindings

address, Cisco IOS DHCP server 22-6

DHCP snooping database 22-6

IP source guard 22-16

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets 26-7

Boolean expressions in tracked lists 44-4

booting

boot loader, function of 3-2

boot process 3-2

manually 3-19

specific image 3-20

boot loader

accessing 3-21

described 3-2

environment variables 3-21

prompt 3-21

trap-door mechanism 3-2

bootstrap router (BSR), described 46-7

Border Gateway Protocol

See BGP

BPDU

error-disabled state 20-2

filtering 20-3

RSTP format 19-12

BPDU filtering

described 20-3

disabling 20-15

enabling 20-14

support for 1-9

BPDU guard

described 20-2

disabling 20-14

enabling 20-13

support for 1-9

bridged packets, ACLs on 35-41

bridge groups

See fallback bridging

bridge protocol data unit

See BPDU

broadcast flooding 40-17

broadcast packets

directed 40-14

flooded 40-14

broadcast storm-control command 26-4

broadcast storms 26-1, 40-14

C

cables, monitoring for unidirectional links 29-1

candidate switch

automatic discovery 6-5

defined 6-4

requirements 6-4

See also command switch, cluster standby group, and member switch

Catalyst 6000 switches, authentication compatibility 10-8

CA trustpoint

configuring 9-51

defined 9-49

CDP

and trusted boundary 37-46

automatic discovery in switch clusters 6-5

configuring 27-2

default configuration 27-2

defined with LLDP 28-1

described 27-1

disabling for routing device 27-4

enabling and disabling

on an interface 27-4

on a switch 27-4

Layer 2 protocol tunneling 17-8

monitoring 27-5

overview 27-1

power negotiation extensions 12-7

support for 1-7

switch stack considerations 27-2

transmission timer and holdtime, setting 27-2

updates 27-2

CEF

defined 40-90

distributed 40-91

IPv6 41-19

CGMP

as IGMP snooping learning method 24-9

enabling server support 46-45

joining multicast group 24-3

overview 46-9

server support only 46-9

switch support of 1-5

CIDR 40-61

CipherSuites 9-50

Cisco 7960 IP Phone 15-1

Cisco AP1250 (wireless access point) 1-16

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco intelligent power management 12-7

Cisco IOS DHCP server

See DHCP, Cisco IOS DHCP server

Cisco IOS File System

See IFS

Cisco IOS IP SLAs 43-2

Cisco Redundant Power System 2300

configuring 12-38

managing 12-38

Cisco Secure ACS

attribute-value pairs for downloadable ACLs 10-20

attribute-value pairs for redirect URL 10-20

Cisco StackWise Plus technology 1-3

See also stacks, switch

CiscoWorks 2000 1-6, 33-4

CISP 10-33

CIST regional root

See MSTP

CIST root

See MSTP

civic location 28-3

classless interdomain routing

See CIDR

classless routing 40-8

class maps for QoS

configuring 37-55

described 37-8

class of service

See CoS

clearing interfaces 12-41

CLI

abbreviating commands 2-3

command modes 2-1

configuration logging 2-4

described 1-6

editing features

enabling and disabling 2-6

keystroke editing 2-7

wrapped lines 2-8

error messages 2-4

filtering command output 2-9

getting help 2-3

history

changing the buffer size 2-5

described 2-5

disabling 2-6

recalling commands 2-6

managing clusters 6-16

no and default forms of commands 2-4

Client Information Signalling Protocol

See CISP

client mode, VTP 14-3

client processes, tracking 44-1

CLNS

See ISO CLNS

clock

See system clock

clusters, switch

accessing 6-13

automatic discovery 6-5

automatic recovery 6-10

benefits 1-2

compatibility 6-4

described 6-1

LRE profile considerations 6-16

managing

through CLI 6-16

through SNMP 6-17

planning 6-4

planning considerations

automatic discovery 6-5

automatic recovery 6-10

CLI 6-16

host names 6-13

IP addresses 6-13

LRE profiles 6-16

passwords 6-14

RADIUS 6-16

SNMP 6-14, 6-17

switch stacks 6-14

TACACS+ 6-16

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

and HSRP group 42-12

automatic recovery 6-12

considerations 6-11

defined 6-2

requirements 6-3

virtual IP address 6-11

See also HSRP

CNS

Configuration Engine

configID, deviceID, hostname 4-3

configuration service 4-2

described 4-1

event service 4-3

embedded agents

described 4-5

enabling automated configuration 4-6

enabling configuration agent 4-9

enabling event agent 4-8

management functions 1-6

CoA Request Commands 9-23

Coarse Wave Division Multiplexer

See CWDM SFPs

command-line interface

See CLI

command modes 2-1

commands

abbreviating 2-3

no and default 2-4

commands, setting privilege levels 9-8

command switch

accessing 6-11

active (AC) 6-10

configuration conflicts 49-12

defined 6-2

passive (PC) 6-10

password privilege levels 6-17

priority 6-10

recovery

from command-switch failure 6-10, 49-9

from lost member connectivity 49-12

redundant 6-10

replacing

with another switch 49-11

with cluster member 49-9

requirements 6-3

standby (SC) 6-10

See also candidate switch, cluster standby group, member switch, and standby command switch

common session ID

see single session ID 10-35

community list, BGP 40-58

community ports 16-2

community strings

configuring 6-14, 33-8

for cluster switches 33-4

in clusters 6-14

overview 33-4

SNMP 6-14

community VLANs 16-2, 16-3

compatibility, feature 26-12

compatibility, software

See stacks, switch

configurable leave timer, IGMP 24-6

configuration, initial

defaults 1-19

Express Setup 1-2

configuration conflicts, recovering from lost member connectivity 49-12

configuration examples, network 1-21

configuration files

archiving A-21

clearing the startup configuration A-20

creating and using, guidelines for A-10

creating using a text editor A-11

deleting a stored configuration A-20

described A-9

downloading

automatically 3-18

preparing A-11, A-14, A-17

reasons for A-9

using FTP A-14

using RCP A-18

using TFTP A-12

invalid combinations when copying A-6

limiting TFTP server access 33-17

obtaining with DHCP 3-9

password recovery disable considerations 9-5

replacing and rolling back, guidelines for A-22

replacing a running configuration A-20, A-21

rolling back a running configuration A-20, A-22

specifying the filename 3-19

system contact and location information 33-16

types and location A-10

uploading

preparing A-11, A-14, A-17

reasons for A-9

using FTP A-16

using RCP A-19

using TFTP A-13

configuration guidelines, multi-VRF CE 40-78

configuration logging 2-4

configuration replacement A-20

configuration rollback A-20, A-21

configuration settings, saving 3-16

configure terminal command 12-13

configuring multicast VRFs 40-84

configuring port-based authentication violation modes10-42to 10-43

configuring small-frame arrival rate 26-5

Configuring VACL Logging 35-37

conflicts, configuration 49-12

connections, secure remote 9-44

connectivity problems 49-15, 49-16, 49-18

consistency checks in VTP Version 2 14-5

console port, connecting to 2-10

content-routing technology

See WCCP

control protocol, IP SLAs 43-4

corrupted software, recovery steps with Xmodem 49-2

CoS

in Layer 2 frames 37-2

override priority 15-6

trust priority 15-6

CoS input queue threshold map for QoS 37-18

CoS output queue threshold map for QoS 37-21

CoS-to-DSCP map for QoS 37-74

counters, clearing interface 12-41

CPU utilization, troubleshooting 49-30

crashinfo file 49-24

critical authentication, IEEE 802.1x 10-55

critical VLAN 10-23

cross-stack EtherChannel

configuration guidelines 38-13

configuring

on Layer 2 interfaces 38-13

on Layer 3 physical interfaces 38-16

described 38-3

illustration 38-4

support for 1-9

cross-stack UplinkFast, STP

described 20-5

disabling 20-16

enabling 20-16

fast-convergence events 20-7

Fast Uplink Transition Protocol 20-6

normal-convergence events 20-7

support for 1-9

cryptographic software image

switch stack considerations 5-2, 5-17

customer edge devices 40-76

customizeable web pages, web-based authentication 11-6

CWDM SFPs 1-35

D

DACL

See downloadable ACL

daylight saving time 7-6

dCEF in the switch stack 40-90

debugging

enabling all system diagnostics 49-21

enabling for a specific feature 49-21

redirecting error message output 49-22

using commands 49-20

default commands 2-4

default configuration

802.1x 10-36

auto-QoS 37-24

banners 7-10

BGP 40-46

booting 3-18

CDP 27-2

DHCP 22-8

DHCP option 82 22-8

DHCP snooping 22-8

DHCP snooping binding database 22-9

DNS 7-9

dynamic ARP inspection 23-5

EIGRP 40-38

EtherChannel 38-11

Ethernet interfaces 12-22

fallback bridging 48-3

Flex Links 21-8

HSRP 42-5

IEEE 802.1Q tunneling 17-4

IGMP 46-39

IGMP filtering 24-24

IGMP snooping 24-7, 25-6

IGMP throttling 24-25

initial switch information 3-3

IP addressing, IP routing 40-6

IP multicast routing 46-11

IP SLAs 43-6

IP source guard 22-18

IPv6 41-11

IS-IS 40-67

Layer 2 interfaces 12-22

Layer 2 protocol tunneling 17-11

LLDP 28-5

MAC address table 7-14

MAC address-table move update 21-8

MSDP 47-4

MSTP 19-14

multi-VRF CE 40-78

MVR 24-20

optional spanning-tree configuration 20-12

OSPF 40-27

password and privilege level 9-2

PIM 46-11

private VLANs 16-6

RADIUS 9-27

RIP 40-21

RMON 31-3

RSPAN 30-12

SDM template 8-4

SNMP 33-6

SPAN 30-12

SSL 9-51

standard QoS 37-37

STP 18-13

switch stacks 5-23

system message logging 32-4

system name and prompt 7-8

TACACS+ 9-13

UDLD 29-4

VLAN, Layer 2 Ethernet interfaces 13-17

VLANs 13-7

VMPS 13-27

voice VLAN 15-3

VTP 14-9

WCCP 45-5

default gateway 3-15, 40-12

default networks 40-94

default router preference

See DRP

default routes 40-94

default routing 40-3

default web-based authentication configuration

802.1X 11-9

deleting VLANs 13-9

denial-of-service attack 26-1

description command 12-31

designing your network, examples 1-21

desktop template 5-10

destination-IP address-based forwarding, EtherChannel 38-9

destination-MAC address forwarding, EtherChannel 38-9

detecting indirect link failures, STP 20-8

device discovery protocol 27-1, 28-1

device manager

benefits 1-2

described 1-2, 1-6

in-band management 1-7

DHCP

Cisco IOS server database

configuring 22-14

default configuration 22-9

described 22-6

DHCP for IPv6

See DHCPv6

enabling

relay agent 22-11

server 22-10

DHCP-based autoconfiguration

client request message exchange 3-4

configuring

client side 3-4

DNS 3-8

relay device 3-8

server side 3-7

server-side 22-10

TFTP server 3-7

example 3-10

lease options

for IP address information 3-7

for receiving the configuration file 3-7

overview 3-3

relationship to BOOTP 3-4

relay support 1-7, 1-16

support for 1-6

DHCP-based autoconfiguration and image update

configuring3-11to 3-14

understanding3-5to 3-6

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP object tracking, configuring primary interface 44-11

DHCP option 82

circuit ID suboption 22-5

configuration guidelines 22-9

default configuration 22-8

displaying 22-16

forwarding address, specifying 22-11

helper address 22-11

overview 22-3

packet format, suboption

circuit ID 22-5

remote ID 22-5

remote ID suboption 22-5

DHCP server port-based address allocation

configuration guidelines 22-27

default configuration 22-27

described 22-26

displaying 22-29, 23-12

enabling 22-27

reserved addresses 22-28

DHCP snooping

accepting untrusted packets form edge switch 22-3, 22-13

and private VLANs 22-14

binding database

See DHCP snooping binding database

configuration guidelines 22-9

default configuration 22-8

message exchange process 22-4

option 82 data insertion 22-3

trusted interface 22-2

untrusted interface 22-2

untrusted messages 22-2

DHCP snooping binding database

adding bindings 22-15

binding file

format 22-7

location 22-6

bindings 22-6

clearing agent statistics 22-15

configuration guidelines 22-9

configuring 22-15

default configuration 22-8, 22-9

deleting

binding file 22-15

bindings 22-15

database agent 22-15

described 22-6

enabling 22-15

entry 22-6

renewing database 22-15

resetting

delay value 22-15

timeout value 22-15

DHCP snooping binding table

See DHCP snooping binding database

DHCPv6

configuration guidelines 41-16

default configuration 41-16

described 41-6

enabling client function 41-18

enabling DHCPv6 server function 41-16

diagnostic schedule command 50-2

Differentiated Services architecture, QoS 37-2

Differentiated Services Code Point 37-2

Diffusing Update Algorithm (DUAL) 40-36

directed unicast requests 1-7

directories

changing A-4

creating and removing A-5

displaying the working A-4

discovery, clusters

See automatic discovery

Distance Vector Multicast Routing Protocol

See DVMRP

distance-vector protocols 40-3

distribute-list command 40-102

DNS

and DHCP-based autoconfiguration 3-8

default configuration 7-9

displaying the configuration 7-10

in IPv6 41-4

overview 7-8

setting up 7-9

support for 1-6

DNS-based SSM mapping 46-18, 46-20

domain names

DNS 7-8

VTP 14-9

Domain Name System

See DNS

domains, ISO IGRP routing 40-66

dot1q-tunnel switchport mode 13-16

double-tagged packets

IEEE 802.1Q tunneling 17-2

Layer 2 protocol tunneling 17-10

downloadable ACL 10-18, 10-20, 10-63

downloading

configuration files

preparing A-11, A-14, A-17

reasons for A-9

using FTP A-14

using RCP A-18

using TFTP A-12

image files

deleting old image A-30

preparing A-28, A-31, A-36

reasons for A-25

using CMS 1-3

using FTP A-32

using HTTP 1-3, A-25

using RCP A-37

using TFTP A-28

using the device manager or Network Assistant A-25

drop threshold for Layer 2 protocol packets 17-11

DRP

configuring 41-14

described 41-4

IPv6 41-4

DSCP 1-14, 37-2

DSCP input queue threshold map for QoS 37-18

DSCP output queue threshold map for QoS 37-21

DSCP-to-CoS map for QoS 37-77

DSCP-to-DSCP-mutation map for QoS 37-78

DSCP transparency 37-47

DTP 1-10, 13-15

dual-action detection 38-6

DUAL finite state machine, EIGRP 40-37

dual IPv4 and IPv6 templates 8-2, 41-5, 41-6

dual protocol stacks

IPv4 and IPv6 41-6

SDM templates supporting 41-6

DVMRP

autosummarization

configuring a summary address 46-59

disabling 46-61

connecting PIM domain to DVMRP router 46-51

enabling unicast routing 46-54

interoperability

with Cisco devices 46-49

with Cisco IOS software 46-9

mrinfo requests, responding to 46-54

neighbors

advertising the default route to 46-53

discovery with Probe messages 46-49

displaying information 46-54

prevent peering with nonpruning 46-57

rejecting nonpruning 46-55

overview 46-9

routes

adding a metric offset 46-62

advertising all 46-61

advertising the default route to neighbors 46-53

caching DVMRP routes learned in report messages 46-55

changing the threshold for syslog messages 46-58

favoring one over another 46-62

limiting the number injected into MBONE 46-58

limiting unicast route advertisements 46-49

routing table 46-9

source distribution tree, building 46-9

support for 1-16

tunnels

configuring 46-51

displaying neighbor information 46-54

dynamic access ports

characteristics 13-3

configuring 13-28

defined 12-3

dynamic addresses

See addresses

dynamic ARP inspection

ARP cache poisoning 23-1

ARP requests, described 23-1

ARP spoofing attack 23-1

clearing

log buffer 23-15

statistics 23-15

configuration guidelines 23-6

configuring

ACLs for non-DHCP environments 23-9

in DHCP environments 23-7

log buffer 23-13

rate limit for incoming ARP packets 23-4, 23-10

default configuration 23-5

denial-of-service attacks, preventing 23-10

described 23-1

DHCP snooping binding database 23-2

displaying

statistics 23-15

error-disabled state for exceeding rate limit 23-4

function of 23-2

interface trust states 23-3

log buffer

clearing 23-15

configuring 23-13

logging of dropped packets, described 23-5

man-in-the middle attack, described 23-2

network security issues and interface trust states 23-3

priority of ARP ACLs and DHCP snooping entries 23-4

rate limiting of ARP packets

configuring 23-10

described 23-4

error-disabled state 23-4

statistics

clearing 23-15

displaying 23-15

validation checks, performing 23-12

dynamic auto trunking mode 13-16

dynamic desirable trunking mode 13-16

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described 13-26

reconfirming 13-29

troubleshooting 13-31

types of connections 13-29

dynamic routing 40-3

ISO CLNS 40-65

Dynamic Trunking Protocol

See DTP

E

EBGP 40-45

editing features

enabling and disabling 2-6

keystrokes used 2-7

wrapped lines 2-8

EEM 3.2 34-5

EIGRP

authentication 40-42

components 40-37

configuring 40-40

default configuration 40-38

definition 40-36

interface parameters, configuring 40-41

monitoring 40-44

stub routing 40-43

support for 1-15

EIGRP IPv6 41-7

elections

See stack master

ELIN location 28-3

embedded event manager

3.2 34-5

actions 34-4

configuring 34-1, 34-6

displaying information 34-8

environmental variables 34-5

event detectors 34-3

policies 34-4

registering and defining an applet 34-6

registering and defining a TCL script 34-7

understanding 34-1

enable password 9-3

enable secret password 9-3

encryption, CipherSuite 9-50

encryption for passwords 9-3

Enhanced IGRP

See EIGRP

enhanced object tracking

backup static routing 44-12

defined 44-1

DHCP primary interface 44-11

HSRP 44-7

IP routing state 44-2

IP SLAs 44-9

line-protocol state 44-2

network monitoring with IP SLAs 44-11

routing policy, configuring 44-12

static route primary interface 44-10

tracked lists 44-3

enhanced object tracking static routing 44-10

enhanced PoE 1-16, 12-7, 12-30

environmental variables, embedded event manager 34-5

environment variables, function of 3-22

equal-cost routing 1-15, 40-92

error-disabled state, BPDU 20-2

error messages during command entry 2-4

EtherChannel

automatic creation of 38-5, 38-7

channel groups

binding physical and logical interfaces 38-4

numbering of 38-4

configuration guidelines 38-12

configuring

Layer 2 interfaces 38-13

Layer 3 physical interfaces 38-16

Layer 3 port-channel logical interfaces 38-15

default configuration 38-11

described 38-2

displaying status 38-22

forwarding methods 38-8, 38-18

IEEE 802.3ad, described 38-7

interaction

with STP 38-12

with VLANs 38-12

LACP

described 38-7

displaying status 38-22

hot-standby ports 38-20

interaction with other features 38-8

modes 38-7

port priority 38-22

system priority 38-21

Layer 3 interface 40-5

load balancing 38-8, 38-18

logical interfaces, described 38-4

PAgP

aggregate-port learners 38-19

described 38-5

displaying status 38-22

interaction with other features 38-7

interaction with virtual switches 38-6

learn method and priority configuration 38-19

modes 38-6

support for 1-5

with dual-action detection 38-6

port-channel interfaces

described 38-4

numbering of 38-4

port groups 12-6

stack changes, effects of 38-10

support for 1-5

EtherChannel guard

described 20-10

disabling 20-17

enabling 20-17

Ethernet management port

active link 12-19

and routing 12-19

and routing protocols 12-19

and TFTP 12-21

configuring 12-21

connecting to 2-10

default setting 12-19

described 12-18

for network management 12-18

specifying 12-21

supported features 12-20

unsupported features 12-21

Ethernet management port, internal

and routing 12-19

and routing protocols 12-19

unsupported features 12-21

Ethernet VLANs

adding 13-8

defaults and ranges 13-7

modifying 13-8

EUI 41-3

event detectors, embedded event manager 34-3

events, RMON 31-3

examples

network configuration 1-21

expedite queue for QoS 37-90

Express Setup 1-2

See also getting started guide

extended crashinfo file 49-24

extended-range VLANs

configuration guidelines 13-11

configuring 13-10

creating 13-11

creating with an internal VLAN ID 13-13

defined 13-1

extended system ID

MSTP 19-18

STP 18-4, 18-16

extended universal identifier

See EUI

Extensible Authentication Protocol over LAN 10-2

external BGP

See EBGP

external neighbors, BGP 40-49

F

Fa0 port

See Ethernet management port

failover support 1-8

fallback bridging

and protected ports 48-4

bridge groups

creating 48-4

described 48-2

function of 48-2

number supported 48-4

removing 48-5

configuration guidelines 48-4

connecting interfaces with 12-12

default configuration 48-3

described 48-1

frame forwarding

flooding packets 48-2

forwarding packets 48-2

overview 48-1

protocol, unsupported 48-4

stack changes, effects of 48-3

STP

disabling on an interface 48-9

forward-delay interval 48-8

hello BPDU interval 48-8

interface priority 48-6

keepalive messages 18-2

maximum-idle interval 48-9

path cost 48-7

VLAN-bridge spanning-tree priority 48-6

VLAN-bridge STP 48-2

support for 1-15

SVIs and routed ports 48-1

unsupported protocols 48-4

VLAN-bridge STP 18-11

Fast Convergence 21-3

fastethernet0 port

See Ethernet management port

Fast Uplink Transition Protocol 20-6

features, incompatible 26-12

FIB 40-91

fiber-optic, detecting unidirectional links 29-1

files

basic crashinfo

description 49-25

location 49-25

copying A-5

crashinfo, description 49-24

deleting A-6

displaying the contents of A-8

extended crashinfo

description 49-25

location 49-25

tar

creating A-7

displaying the contents of A-7

extracting A-8

image file format A-26

file system

displaying available file systems A-2

displaying file information A-3

local file system names A-1

network file system names A-5

setting the default A-3

filtering

in a VLAN 35-31

IPv6 traffic 36-3, 36-7

non-IP traffic 35-28

show and more command output 2-9

filtering show and more command output 2-9

filters, IP

See ACLs, IP

flash device, number of A-1

flexible authentication ordering

configuring 10-66

overview 10-31

Flex Link Multicast Fast Convergence 21-3

Flex Links

configuring 21-8, 21-9

configuring preferred VLAN 21-11

configuring VLAN load balancing 21-10

default configuration 21-8

description 21-1

link load balancing 21-2

monitoring 21-14

VLANs 21-2

flooded traffic, blocking 26-8

flow-based packet classification 1-14

flowcharts

QoS classification 37-7

QoS egress queueing and scheduling 37-19

QoS ingress queueing and scheduling 37-16

QoS policing and marking 37-11

flowcontrol

configuring 12-26

described 12-25

forward-delay time

MSTP 19-24

STP 18-23

Forwarding Information Base

See FIB

forwarding nonroutable protocols 48-1

FTP

configuration files

downloading A-14

overview A-13

preparing the server A-14

uploading A-16

image files

deleting old image A-34

downloading A-32

preparing the server A-31

uploading A-34

G

general query 21-5

Generating IGMP Reports 21-3

get-next-request operation 33-4

get-request operation 33-4

Gigabit modules

See SFPs

global leave, IGMP 24-13

guest VLAN and IEEE 802.1x 10-21

guide mode 1-3

GUIs

See device manager and Network Assistant

H

hardware limitations and Layer 3 interfaces 12-33

hello time

MSTP 19-23

STP 18-22

help, for the command line 2-3

hierarchical policy maps 37-9

configuration guidelines 37-40

configuring 37-64

described 37-12

history

changing the buffer size 2-5

described 2-5

disabling 2-6

recalling commands 2-6

history table, level and number of syslog messages 32-10

host names in clusters 6-13

host ports

configuring 16-11

kinds of 16-2

hosts, limit on dynamic ports 13-31

Hot Standby Router Protocol

See HSRP

HP OpenView 1-6

HSRP

authentication string 42-10

automatic cluster recovery 6-12

binding to cluster group 42-12

cluster standby group considerations 6-11

command-switch redundancy 1-1, 1-8

configuring 42-5

default configuration 42-5

definition 42-1

guidelines 42-6

monitoring 42-13

object tracking 44-7

overview 42-1

priority 42-8

routing redundancy 1-15

support for ICMP redirect messages 42-12

switch stack considerations 42-5

timers 42-10

tracking 42-8

See also clusters, cluster standby group, and standby command switch

HSRP for IPv6

configuring 41-25

guidelines 41-24

HTTP(S) Over IPv6 41-8

HTTP over SSL

see HTTPS

HTTPS

configuring 9-52

described 9-48

self-signed certificate 9-49

HTTP secure server 9-48

I

IBPG 40-45

ICMP

IPv6 41-4

redirect messages 40-12

support for 1-15

time-exceeded messages 49-18

traceroute and 49-18

unreachable messages 35-21

unreachable messages and IPv6 36-4

unreachables and ACLs 35-22

ICMP Echo operation

configuring 43-11

IP SLAs 43-11

ICMP ping

executing 49-15

overview 49-15

ICMP Router Discovery Protocol

See IRDP

ICMPv6 41-4

IDS appliances

and ingress RSPAN 30-25

and ingress SPAN 30-16

IEEE 802.1D

See STP

IEEE 802.1p 15-1

IEEE 802.1Q

and trunk ports 12-3

configuration limitations 13-17

encapsulation 13-14

native VLAN for untagged traffic 13-21

tunneling

compatibility with other features 17-6

defaults 17-4

described 17-1

tunnel ports with other features 17-6

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3af

See PoE

IEEE 802.3x flow control 12-25

ifIndex values, SNMP 33-5

IFS 1-7

IGMP

configurable leave timer

described 24-6

enabling 24-11

configuring the switch

as a member of a group 46-39

statically connected member 46-44

controlling access to groups 46-40

default configuration 46-39

fast switching 46-44

flooded multicast traffic

controlling the length of time 24-12

disabling on an interface 24-13

global leave 24-13

query solicitation 24-13

recovering from flood mode 24-13

host-query interval, modifying 46-42

joining multicast group 24-3

join messages 24-3

leave processing, enabling 24-11, 25-9

leaving multicast group 24-5

multicast reachability 46-39

overview 46-3

queries 24-4

report suppression

described 24-6

disabling 24-16, 25-11

supported versions 24-3

support for 1-5

Version 1

changing to Version 2 46-41

described 46-3

Version 2

changing to Version 1 46-41

described 46-3

maximum query response time value 46-43

pruning groups 46-43

query timeout value 46-42

IGMP filtering

configuring 24-25

default configuration 24-24

described 24-24

support for 1-5

IGMP groups

configuring filtering 24-27

setting the maximum number 24-27

IGMP helper 46-6

IGMP Immediate Leave

configuration guidelines 24-11

described 24-6

enabling 24-11

IGMP profile

applying 24-26

configuration mode 24-25

configuring 24-25

IGMP snooping

and address aliasing 24-2

and stack changes 24-7

configuring 24-7

default configuration 24-7, 25-6

definition 24-2

enabling and disabling 24-8, 25-7

global configuration 24-8

Immediate Leave 24-6

in the switch stack 24-7

method 24-8

monitoring 24-16, 25-12

querier

configuration guidelines 24-14

configuring 24-14

supported versions 24-3

support for 1-5

VLAN configuration 24-8

IGMP throttling

configuring 24-27

default configuration 24-25

described 24-24

displaying action 24-29

IGP 40-26

Immediate Leave, IGMP

described 24-6

enabling 25-9

inaccessible authentication bypass

802.1x 10-23

support for multiauth ports 10-23

initial configuration

defaults 1-19

Express Setup 1-2

interface

number 12-13

range macros 12-16

interface command12-12to 12-14

interfaces

auto-MDIX, configuring 12-26

configuring

procedure 12-13

counters, clearing 12-41

default configuration 12-22

described 12-31

descriptive name, adding 12-31

displaying information about 12-40

duplex and speed configuration guidelines 12-23

flow control 12-25

management 1-6

monitoring 12-39

naming 12-31

physical, identifying 12-12

range of 12-14

restarting 12-41, 12-42

shutting down 12-41

speed and duplex, configuring 12-24

status 12-39

supported 12-12

types of 12-1

interfaces range macro command 12-16

interface types 12-12

Interior Gateway Protocol

See IGP

internal BGP

See IBGP

internal neighbors, BGP 40-49

internal power supplies

See power supplies

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

Internet Protocol version 6

See IPv6

Inter-Switch Link

See ISL

inter-VLAN routing 1-15, 40-2

Intrusion Detection System

See IDS appliances

inventory management TLV 28-3

IP ACLs

for QoS classification 37-7

implicit deny 35-10, 35-14

implicit masks 35-10

named 35-15

undefined 35-22

IP addresses

128-bit 41-2

candidate or member 6-4, 6-13

classes of 40-7

cluster access 6-2

command switch 6-3, 6-11, 6-13

default configuration 40-6

discovering 7-24

for IP routing 40-5

IPv6 41-2

MAC address association 40-9

monitoring 40-18

redundant clusters 6-11

standby command switch 6-11, 6-13

See also IP information

IP base feature set 1-1

IP broadcast address 40-16

ip cef distributed command 40-91

IP directed broadcasts 40-15

ip igmp profile command 24-25

IP information

assigned

manually 3-15

through DHCP-based autoconfiguration 3-3

default configuration 3-3

IP multicast routing

addresses

all-hosts 46-3

all-multicast-routers 46-3

host group address range 46-3

administratively-scoped boundaries, described 46-47

and IGMP snooping 24-2

Auto-RP

adding to an existing sparse-mode cloud 46-26

benefits of 46-26

configuration guidelines 46-12

filtering incoming RP announcement messages 46-28

overview 46-7

preventing candidate RP spoofing 46-28

preventing join messages to false RPs 46-28

setting up in a new internetwork 46-26

using with BSR 46-34

bootstrap router

configuration guidelines 46-12

configuring candidate BSRs 46-32

configuring candidate RPs 46-33

defining the IP multicast boundary 46-31

defining the PIM domain border 46-30

overview 46-7

using with Auto-RP 46-34

Cisco implementation 46-2

configuring

basic multicast routing 46-12

IP multicast boundary 46-47

default configuration 46-11

enabling

PIM mode 46-13

group-to-RP mappings

Auto-RP 46-7

BSR 46-7

MBONE

described 46-46

enabling sdr listener support 46-46

limiting DVMRP routes advertised 46-58

limiting sdr cache entry lifetime 46-46

SAP packets for conference session announcement 46-46

Session Directory (sdr) tool, described 46-46

multicast forwarding, described 46-8

PIMv1 and PIMv2 interoperability 46-11

protocol interaction 46-2

reverse path check (RPF) 46-8

RP

assigning manually 46-24

configuring Auto-RP 46-26

configuring PIMv2 BSR 46-30

monitoring mapping information 46-35

using Auto-RP and BSR 46-34

stacking

stack master functions 46-10

stack member functions 46-10

statistics, displaying system and network 46-63

See also CGMP

See also DVMRP

See also IGMP

See also PIM

IP phones

and QoS 15-1

automatic classification and queueing 37-23

configuring 15-4

ensuring port security with QoS 37-46

trusted boundary for QoS 37-46

IP Port Security for Static Hosts

on a Layer 2 access port 22-20

on a PVLAN host port 22-24

IP precedence 37-2

IP-precedence-to-DSCP map for QoS 37-75

IP protocols

routing 1-15

IP routes, monitoring 40-105

IP routing

connecting interfaces with 12-12

disabling 40-19

enabling 40-19

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 43-1

IP services feature set 1-1

IP SLAs

benefits 43-2

configuration guidelines 43-6

configuring object tracking 44-9

Control Protocol 43-4

default configuration 43-6

definition 43-1

ICMP echo operation 43-11

measuring network performance 43-3

monitoring 43-13

multioperations scheduling 43-5

object tracking 44-9

operation 43-3

reachability tracking 44-9

responder

described 43-4

enabling 43-7

response time 43-4

scheduling 43-5

SNMP support 43-2

supported metrics 43-2

threshold monitoring 43-6

track object monitoring agent, configuring 44-11

track state 44-9

UDP jitter operation 43-8

IP source guard

and 802.1x 22-19

and DHCP snooping 22-16

and EtherChannels 22-19

and port security 22-19

and private VLANs 22-19

and routed ports 22-18

and TCAM entries 22-19

and trunk interfaces 22-18

and VRF 22-19

binding configuration

automatic 22-16

manual 22-16

binding table 22-16

configuration guidelines 22-18

default configuration 22-18

described 22-16

disabling 22-20

displaying

bindings 22-26

configuration 22-26

enabling 22-19, 22-21

filtering

source IP address 22-17

source IP and MAC address 22-17

source IP address filtering 22-17

source IP and MAC address filtering 22-17

static bindings

adding 22-19, 22-21

deleting 22-20

static hosts 22-21

IP traceroute

executing 49-18

overview 49-18

IP unicast routing

address resolution 40-9

administrative distances 40-93, 40-103

ARP 40-10

assigning IP addresses to Layer 3 interfaces 40-7

authentication keys 40-104

broadcast

address 40-16

flooding 40-17

packets 40-14

storms 40-14

classless routing 40-8

configuring static routes 40-93

default

addressing configuration 40-6

gateways 40-12

networks 40-94

routes 40-94

routing 40-3

directed broadcasts 40-15

disabling 40-19

dynamic routing 40-3

enabling 40-19

EtherChannel Layer 3 interface 40-5

IGP 40-26

inter-VLAN 40-2

IP addressing

classes 40-7

configuring 40-5

IPv6 41-3

IRDP 40-13

Layer 3 interfaces 40-5

MAC address and IP address 40-9

passive interfaces 40-102

protocols

distance-vector 40-3

dynamic 40-3

link-state 40-3

proxy ARP 40-10

redistribution 40-95

reverse address resolution 40-9

routed ports 40-5

static routing 40-3

steps to configure 40-5

subnet mask 40-7

subnet zero 40-7

supernet 40-8

UDP 40-16

unicast reverse path forwarding 1-16, 40-90

with SVIs 40-5

See also BGP

See also EIGRP

See also OSPF

See also RIP

IPv4 ACLs

applying to interfaces 35-20

extended, creating 35-11

named 35-15

standard, creating 35-10

IPv4 and IPv6

port-based trust 8-2

IPv6

ACLs

displaying 36-8

limitations 36-3

matching criteria 36-3

port 36-1

precedence 36-2

router 36-1

supported 36-2

addresses 41-2

address formats 41-2

and switch stacks 41-10

applications 41-5

assigning address 41-11

autoconfiguration 41-5

CEFv6 41-19

default configuration 41-11

default router preference (DRP) 41-4

defined 41-1

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 41-7

EIGRP IPv6 Commands 41-8

Router ID 41-7

feature limitations 41-9

features not supported 41-9

forwarding 41-11

ICMP 41-4

monitoring 41-27

neighbor discovery 41-4

OSPF 41-7

path MTU discovery 41-4

SDM templates 8-2, 25-1, 36-1

stack master functions 41-10

Stateless Autoconfiguration 41-5

supported features 41-2

switch limitations 41-9

understanding static routes 41-6

IPv6 traffic, filtering 36-3

IRDP

configuring 40-13

definition 40-13

support for 1-15

IS-IS

addresses 40-66

area routing 40-66

default configuration 40-67

monitoring 40-75

show commands 40-75

system routing 40-66

ISL

and IPv6 41-3

and trunk ports 12-3

encapsulation 1-10, 13-14

trunking with IEEE 802.1 tunneling 17-5

ISO CLNS

clear commands 40-75

dynamic routing protocols 40-65

monitoring 40-75

NETs 40-65

NSAPs 40-65

OSI standard 40-65

ISO IGRP

area routing 40-66

system routing 40-66

isolated port 16-2

isolated VLANs 16-2, 16-3

J

join messages, IGMP 24-3

K

KDC

described 9-39

See also Kerberos

keepalive messages 18-2

Kerberos

authenticating to

boundary switch 9-41

KDC 9-41

network services 9-42

configuration examples 9-39

configuring 9-42

credentials 9-39

described 9-39

KDC 9-39

operation 9-41

realm 9-40

server 9-41

support for 1-13

switch as trusted third party 9-39

terms 9-40

TGT 9-41

tickets 9-39

key distribution center

See KDC

L

l2protocol-tunnel command 17-13

LACP

Layer 2 protocol tunneling 17-9

See EtherChannel

Layer 2 frames, classification with CoS 37-2

Layer 2 interfaces, default configuration 12-22

Layer 2 protocol tunneling

configuring 17-10

configuring for EtherChannels 17-14

default configuration 17-11

defined 17-8

guidelines 17-12

Layer 2 traceroute

and ARP 49-17

and CDP 49-17

broadcast traffic 49-16

described 49-16

IP addresses and subnets 49-17

MAC addresses and VLANs 49-17

multicast traffic 49-17

multiple devices on a port 49-17

unicast traffic 49-16

usage guidelines 49-17

Layer 3 features 1-15

Layer 3 interfaces

assigning IP addresses to 40-7

assigning IPv4 and IPv6 addresses to 41-15

assigning IPv6 addresses to 41-12

changing from Layer 2 mode 40-81

types of 40-5

Layer 3 packets, classification methods 37-2

LDAP 4-2

Leaking IGMP Reports 21-4

LEDs, switch

See hardware installation guide

Lightweight Directory Access Protocol

See LDAP

Link Aggregation Control Protocol

See EtherChannel

Link Failure, detecting unidirectional 19-7

Link Layer Discovery Protocol

See CDP

link local unicast addresses 41-3

link redundancy

See Flex Links

links, unidirectional 29-1

link state advertisements (LSAs) 40-32

link-state protocols 40-3

link-state tracking

configuring 38-25

described 38-23

LLDP

configuring 28-5

characteristics 28-6

default configuration 28-5

enabling 28-6

monitoring and maintaining 28-11

overview 28-1

supported TLVs 28-2

switch stack considerations 28-2

transmission timer and holdtime, setting 28-6

LLDP-MED

configuring

procedures 28-5

TLVs 28-7

monitoring and maintaining 28-11

overview 28-1, 28-2

supported TLVs 28-2

LLDP Media Endpoint Discovery

See LLDP-MED

load balancing 42-4

local SPAN 30-2

location TLV 28-3

logging messages, ACL 35-9

login authentication

with RADIUS 9-29

with TACACS+ 9-14

login banners 7-10

log messages

See system message logging

Long-Reach Ethernet (LRE) technology 1-34

loop guard

described 20-11

enabling 20-18

support for 1-9

LRE profiles, considerations in switch clusters 6-16

M

MAC/PHY configuration status TLV 28-2

MAC addresses

aging time 7-14

and VLAN association 7-13

building the address table 7-13

default configuration 7-14

disabling learning on a VLAN 7-23

discovering 7-24

displaying 7-23

displaying in the IP source binding table 22-26

dynamic

learning 7-13

removing 7-15

in ACLs 35-28

IP address association 40-9

static

adding 7-20

allowing 7-22, 7-23

characteristics of 7-20

dropping 7-21

removing 7-20

MAC address learning 1-7

MAC address learning, disabling on a VLAN 7-23

MAC address notification, support for 1-17

MAC address-table move update

configuration guidelines 21-8

configuring 21-12

default configuration 21-8

description 21-6

monitoring 21-14

MAC address-to-VLAN mapping 13-26

MAC authentication bypass 10-15

MAC extended access lists

applying to Layer 2 interfaces 35-30

configuring for QoS 37-54

creating 35-28

defined 35-28

for QoS classification 37-5

magic packet 10-28

manageability features 1-6

management access

in-band

browser session 1-7

CLI session 1-7

device manager 1-7

SNMP 1-7

out-of-band console port connection 1-8

management address TLV 28-2

management options

CLI 2-1

clustering 1-4

CNS 4-1

Network Assistant 1-3

overview 1-6

switch stacks 1-3

management VLAN

considerations in switch clusters 6-7

discovery through different management VLANs 6-7

mapping tables for QoS

configuring

CoS-to-DSCP 37-74

DSCP 37-74

DSCP-to-CoS 37-77

DSCP-to-DSCP-mutation 37-78

IP-precedence-to-DSCP 37-75

policed-DSCP 37-76

described 37-13

marking

action in policy map 37-59

action with aggregate policers 37-72

described 37-4, 37-9

matching IPv4 ACLs 35-8

maximum aging time

MSTP 19-24

STP 18-23

maximum hop count, MSTP 19-25

maximum number of allowed devices, port-based authentication 10-40

maximum-paths command 40-53, 40-92

MDA

configuration guidelines10-31to 10-32

described 1-11, 10-31

exceptions with authentication process 10-4

membership mode, VLAN port 13-3

member switch

automatic discovery 6-5

defined 6-2

managing 6-16

passwords 6-13

recovering from lost connectivity 49-12

requirements 6-4

See also candidate switch, cluster standby group, and standby command switch

messages, to users through banners 7-10

metrics, in BGP 40-53

metric translations, between routing protocols 40-98

metro tags 17-2

MHSRP 42-4

MIBs

overview 33-1

SNMP interaction with 33-4

mini-point-of-presence

See POP

mirroring traffic for analysis 30-1

mismatches, autonegotiation 49-13

module number 12-13

monitoring

access groups 35-43

BGP 40-64

cables for unidirectional links 29-1

CDP 27-5

CEF 40-91

EIGRP 40-44

fallback bridging 48-10

features 1-17

Flex Links 21-14

HSRP 42-13

IEEE 802.1Q tunneling 17-18

IGMP

snooping 24-16, 25-12

interfaces 12-39

IP

address tables 40-18

multicast routing 46-63

routes 40-105

IP SLAs operations 43-13

IPv4 ACL configuration 35-43

IPv6 41-27

IPv6 ACL configuration 36-8

IS-IS 40-75

ISO CLNS 40-75

Layer 2 protocol tunneling 17-18

MAC address-table move update 21-14

MSDP peers 47-19

multicast router interfaces 24-17

multi-VRF CE 40-89

network traffic for analysis with probe 30-2

object tracking 44-12

OSPF 40-36

private VLANs 16-15

RP mapping information 46-35

SFP status 49-14

source-active messages 47-19

speed and duplex mode 12-25

SSM mapping 46-22

traffic flowing among switches 31-1

traffic suppression 26-21

tunneling 17-18

VLAN

filters 35-44

maps 35-44

VLANs 13-14

VMPS 13-30

VTP 14-18

mrouter Port 21-3

mrouter port 21-5

MSDP

benefits of 47-3

clearing MSDP connections and statistics 47-19

controlling source information

forwarded by switch 47-12

originated by switch 47-8

received by switch 47-14

default configuration 47-4

dense-mode regions

sending SA messages to 47-17

specifying the originating address 47-18

filtering

incoming SA messages 47-14

SA messages to a peer 47-12

SA requests from a peer 47-11

join latency, defined 47-6

meshed groups

configuring 47-16

defined 47-16

originating address, changing 47-18

overview 47-1

peer-RPF flooding 47-2

peers

configuring a default 47-4

monitoring 47-19

peering relationship, overview 47-1

requesting source information from 47-8

shutting down 47-16

source-active messages

caching 47-6

defined 47-2

filtering from a peer 47-11

filtering incoming 47-14

filtering to a peer 47-12

limiting data with TTL 47-14

restricting advertised sources 47-9

support for 1-16

MSTP

boundary ports

configuration guidelines 19-16

described 19-6

BPDU filtering

described 20-3

enabling 20-14

BPDU guard

described 20-2

enabling 20-13

CIST, described 19-3

CIST regional root 19-3

CIST root 19-5

configuration guidelines 19-15, 20-12

configuring

forward-delay time 19-24

hello time 19-23

link type for rapid convergence 19-25

maximum aging time 19-24

maximum hop count 19-25

MST region 19-16

neighbor type 19-26

path cost 19-21

port priority 19-20

root switch 19-18

secondary root switch 19-19

switch priority 19-22

CST

defined 19-3

operations between regions 19-3

default configuration 19-14

default optional feature configuration 20-12

displaying status 19-27

enabling the mode 19-16

EtherChannel guard

described 20-10

enabling 20-17

extended system ID

effects on root switch 19-18

effects on secondary root switch 19-19

unexpected behavior 19-18

IEEE 802.1s

implementation 19-6

port role naming change 19-6

terminology 19-5

instances supported 18-10

interface state, blocking to forwarding 20-2

interoperability and compatibility among modes 18-11

interoperability with IEEE 802.1D

described 19-8

restarting migration process 19-26

IST

defined 19-2

master 19-3

operations within a region 19-3

loop guard

described 20-11

enabling 20-18

mapping VLANs to MST instance 19-17

MST region

CIST 19-3

configuring 19-16

described 19-2

hop-count mechanism 19-5

IST 19-2

supported spanning-tree instances 19-2

optional features supported 1-9

overview 19-2

Port Fast

described 20-2

enabling 20-12

preventing root switch selection 20-10

root guard

described 20-10

enabling 20-18

root switch

configuring 19-18

effects of extended system ID 19-18

unexpected behavior 19-18

shutdown Port Fast-enabled port 20-2

stack changes, effects of 19-8

status, displaying 19-27

MTU

system 12-35

system jumbo 12-34

system routing 12-35

multiauth

support for inaccessible authentication bypass 10-23

multiauth mode

See multiple-authentication mode

multicast groups

Immediate Leave 24-6

joining 24-3

leaving 24-5

static joins 24-10, 25-8

multicast packets

ACLs on 35-42

blocking 26-8

multicast router interfaces, monitoring 24-17

multicast router ports, adding 24-9, 25-8

Multicast Source Discovery Protocol

See MSDP

multicast storm 26-1

multicast storm-control command 26-4

multicast television application 24-18

multicast VLAN 24-17

Multicast VLAN Registration

See MVR

multidomain authentication

See MDA

multioperations scheduling, IP SLAs 43-5

multiple authentication 10-12

Multiple HSRP

See MHSRP

multiple VPN routing/forwarding in customer edge devices

See multi-VRF CE

multi-VRF CE

configuration example 40-86

configuration guidelines 40-78

configuring 40-78

default configuration 40-78

defined 40-75

displaying 40-89

monitoring 40-89

network components 40-78

packet-forwarding process 40-77

support for 1-15

MVR

and address aliasing 24-20

and IGMPv3 24-21

configuring interfaces 24-22

default configuration 24-20

described 24-17

example application 24-18

in the switch stack 24-20

modes 24-21

multicast television application 24-18

setting global parameters 24-21

support for 1-5

N

NAC

AAA down policy 1-12

critical authentication 10-23, 10-55

IEEE 802.1x authentication using a RADIUS server 10-60

IEEE 802.1x validation using RADIUS server 10-60

inaccessible authentication bypass 1-12, 10-55

Layer 2 IEEE 802.1x validation 1-12, 10-60

Layer 2 IEEE802.1x validation 10-30

Layer 2 IP validation 1-12

named IPv4 ACLs 35-15

named IPv6 ACLs 36-3

NameSpace Mapper

See NSM

native VLAN

and IEEE 802.1Q tunneling 17-4

configuring 13-21

default 13-21

NEAT

configuring 10-61

overview 10-33

neighbor discovery, IPv6 41-4

neighbor discovery/recovery, EIGRP 40-37

neighbors, BGP 40-59

Network Admission Control

See NAC

Network Assistant

benefits 1-2

described 1-6

downloading image files 1-3

guide mode 1-3

management options 1-3

managing switch stacks 5-3, 5-16

upgrading a switch A-25

wizards 1-3

network configuration examples

cost-effective wiring closet 1-23

high-performance wiring closet 1-25

increasing network performance 1-22

large network 1-31

long-distance, high-bandwidth transport 1-35

multidwelling network 1-34

providing network services 1-22

redundant Gigabit backbone 1-27

server aggregation and Linux server cluster 1-27

small to medium-sized network 1-29

network design

performance 1-22

services 1-22

Network Edge Access Topology

See NEAT

network management

CDP 27-1

RMON 31-1

SNMP 33-1

network performance, measuring with IP SLAs 43-3

network policy TLV 28-2

Network Time Protocol

See NTP

no commands 2-4

nonhierarchical policy maps

configuration guidelines 37-40

configuring 37-59

described 37-10

non-IP traffic filtering 35-28

nontrunking mode 13-16

normal-range VLANs 13-4

configuration guidelines 13-5

configuring 13-4

defined 13-1

no switchport command 12-4

not-so-stubby areas

See NSSA

NSAPs, as ISO IGRP addresses 40-66

NSF Awareness

IS-IS 40-68

NSM 4-3

NSSA, OSPF 40-32

NTP

associations

defined 7-2

overview 7-2

stratum 7-2

support for 1-7

time

services 7-2

synchronizing 7-2

O

OBFL

configuring 49-27

described 49-27

displaying 49-28

object tracking

HSRP 44-7

IP SLAs 44-9

IP SLAs, configuring 44-9

monitoring 44-12

offline configuration for switch stacks 5-8

off mode, VTP 14-3

on-board failure logging

See OBFL

online diagnostics

described 50-1

overview 50-1

running tests 50-5

open1x

configuring 10-66

open1x authentication

overview 10-31

Open Shortest Path First

See OSPF

optimizing system resources 8-1

options, management 1-6

OSPF

area parameters, configuring 40-32

configuring 40-30

default configuration

metrics 40-33

route 40-33

settings 40-27

described 40-26

for IPv6 41-7

interface parameters, configuring 40-31

LSA group pacing 40-35

monitoring 40-36

router IDs 40-35

route summarization 40-33

support for 1-15

virtual links 40-33

out-of-profile markdown 1-14

P

packet modification, with QoS 37-22

PAgP

Layer 2 protocol tunneling 17-9

See EtherChannel

parallel paths, in routing tables 40-92

passive interfaces

configuring 40-102

OSPF 40-34

passwords

default configuration 9-2

disabling recovery of 9-5

encrypting 9-3

for security 1-10

in clusters 6-14

overview 9-1

recovery of 49-3

setting

enable 9-3

enable secret 9-3

Telnet 9-6

with usernames 9-6

VTP domain 14-10

path cost

MSTP 19-21

STP 18-20

path MTU discovery 41-4

PBR

defined 40-98

enabling 40-100

fast-switched policy-based routing 40-101

local policy-based routing 40-101

PC (passive command switch) 6-10

peers, BGP 40-59

percentage thresholds in tracked lists 44-6

performance, network design 1-22

performance features 1-4

persistent self-signed certificate 9-49

per-user ACLs and Filter-Ids 10-8

per-VLAN spanning-tree plus

See PVST+

PE to CE routing, configuring 40-85

physical ports 12-2

PIM

default configuration 46-11

dense mode

overview 46-4

rendezvous point (RP), described 46-5

RPF lookups 46-9

enabling a mode 46-13

overview 46-4

router-query message interval, modifying 46-38

shared tree and source tree, overview 46-35

shortest path tree, delaying the use of 46-37

sparse mode

join messages and shared tree 46-5

overview 46-5

prune messages 46-5

RPF lookups 46-9

stub routing

configuration guidelines 46-22

enabling 46-23

overview 46-5

support for 1-16

versions

interoperability 46-11

troubleshooting interoperability problems 46-35

v2 improvements 46-4

PIM-DVMRP, as snooping method 24-9

ping

character output description 49-16

executing 49-15

overview 49-15

PoE

auto mode 12-9

CDP with power consumption, described 12-7

CDP with power negotiation, described 12-7

Cisco intelligent power management 12-7

configuring 12-27

devices supported 12-7

high-power devices operating in low-power mode 12-7

IEEE power classification levels 12-8

monitoring 12-10

monitoring power 12-30

policing power consumption 12-30

policing power usage 12-10

power budgeting 12-28

power consumption 12-28

powered-device detection and initial power allocation 12-8

power management modes 12-9

power negotiation extensions to CDP 12-7

standards supported 12-7

static mode 12-9

supported watts per port 12-7

troubleshooting 49-13

policed-DSCP map for QoS 37-76

policers

configuring

for each matched traffic class 37-59

for more than one traffic class 37-72

described 37-4

number of 37-41

types of 37-10

policing

described 37-4

hierarchical

See hierarchical policy maps

token-bucket algorithm 37-10

policy-based routing

See PBR

policy maps for QoS

characteristics of 37-59

described 37-8

hierarchical 37-9

hierarchical on SVIs

configuration guidelines 37-40

configuring 37-64

described 37-12

nonhierarchical on physical ports

configuration guidelines 37-40

configuring 37-59

described 37-10

POP 1-34

port ACLs

defined 35-2

types of 35-3

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting 10-14

authentication server

defined 10-3, 11-2

RADIUS server 10-3

client, defined 10-3, 11-2

configuration guidelines 10-37, 11-9

configuring

802.1x authentication 10-43

guest VLAN 10-53

host mode 10-46

inaccessible authentication bypass 10-55

manual re-authentication of a client 10-48

periodic re-authentication 10-47

quiet period 10-48

RADIUS server 10-45, 11-13

RADIUS server parameters on the switch 10-44, 11-11

restricted VLAN 10-54

switch-to-client frame-retransmission number 10-49, 10-50

switch-to-client retransmission time 10-49

violation modes10-42to 10-43

default configuration 10-36, 11-9

described 10-1

device roles 10-3, 11-2

displaying statistics 10-68, 11-17

downloadable ACLs and redirect URLs

configuring10-63to10-65, ??to 10-65

overview10-18to 10-20

EAPOL-start frame 10-6

EAP-request/identity frame 10-6

EAP-response/identity frame 10-6

enabling

802.1X authentication 11-11

encapsulation 10-3

flexible authentication ordering

configuring 10-66

overview 10-31

guest VLAN

configuration guidelines 10-21, 10-22

described 10-21

host mode 10-12

inaccessible authentication bypass

configuring 10-55

described 10-23

guidelines 10-39

initiation and message exchange 10-6

magic packet 10-28

maximum number of allowed devices per port 10-40

method lists 10-43

multiple authentication 10-12

multiple-hosts mode, described 10-12

per-user ACLs

AAA authorization 10-43

configuration tasks 10-18

described 10-17

RADIUS server attributes 10-17

ports

authorization state and dot1x port-control command 10-11

authorized and unauthorized 10-10

voice VLAN 10-28

port security

described 10-28

readiness check

configuring 10-40

described 10-15, 10-40

resetting to default values 10-68

stack changes, effects of 10-11

statistics, displaying 10-68

switch

as proxy 10-3, 11-2

RADIUS client 10-3

switch supplicant

configuring 10-61

overview 10-33

user distribution

guidelines 10-27

overview 10-27

VLAN assignment

AAA authorization 10-43

characteristics 10-16

configuration tasks 10-17

described 10-16

voice aware 802.1x security

configuring 10-41

described 10-34, 10-41

voice VLAN

described 10-28

PVID 10-28

VVID 10-28

wake-on-LAN, described 10-28

port-based authentication methods, supported 10-8

port-based trust

IPv4 and IPv6 8-2

port blocking 1-5, 26-7

port-channel

See EtherChannel

port description TLV 28-2

Port Fast

described 20-2

enabling 20-12

mode, spanning tree 13-27

support for 1-9

port membership modes, VLAN 13-3

port priority

MSTP 19-20

STP 18-18

ports

10-Gigabit Ethernet 12-6

access 12-3

blocking 26-7

dynamic access 13-3

protected 26-6

routed 12-4

secure 26-9

static-access 13-3, 13-9

switch 12-2

trunks 13-3, 13-14

VLAN assignments 13-9

port security

aging 26-17

and other features 26-11

and private VLANs 26-18

and QoS trusted boundary 37-46

and stacking 26-18

configuration guidelines 26-11

configuring 26-13

default configuration 26-11

described 26-8

on trunk ports 26-14

sticky learning 26-9

violations 26-10

port-shutdown response, VMPS 13-26

port VLAN ID TLV 28-2

power management TLV 28-3

Power over Ethernet

See PoE

power supply

configuring 12-37

managing 12-37

preemption, default configuration 21-8

preemption delay, default configuration 21-8

preferential treatment of traffic

See QoS

prefix lists, BGP 40-57

preventing unauthorized access 9-1

primary interface for object tracking, DHCP, configuring 44-11

primary interface for static routing, configuring 44-10

primary links 21-2

primary VLANs 16-1, 16-3

priority

HSRP 42-8

overriding CoS 15-6

trusting CoS 15-6

private VLAN edge ports

See protected ports

private VLANs

across multiple switches 16-4

and SDM template 16-4

and SVIs 16-5

and switch stacks 16-5

benefits of 16-1

community ports 16-2

community VLANs 16-2, 16-3

configuration guidelines 16-7, 16-8

configuration tasks 16-6

configuring 16-10

default configuration 16-6

end station access to 16-3

IP addressing 16-3

isolated port 16-2

isolated VLANs 16-2, 16-3

mapping 16-13

monitoring 16-15

ports

community 16-2

configuration guidelines 16-8

configuring host ports 16-11

configuring promiscuous ports 16-13

isolated 16-2

promiscuous 16-2

primary VLANs 16-1, 16-3

promiscuous ports 16-2

secondary VLANs 16-2

subdomains 16-1

traffic in 16-5

privilege levels

changing the default for lines 9-9

command switch 6-17

exiting 9-9

logging into 9-9

mapping on member switches 6-17

overview 9-2, 9-7

setting a command with 9-8

promiscuous ports

configuring 16-13

defined 16-2

protected ports 1-10, 26-6

protocol-dependent modules, EIGRP 40-37

Protocol-Independent Multicast Protocol

See PIM

protocol storm protection 26-19

provider edge devices 40-76

provisioning new members for a switch stack 5-8

proxy ARP

configuring 40-12

definition 40-10

with IP routing disabled 40-12

proxy reports 21-3

pruning, VTP

disabling

in VTP domain 14-16

on a port 13-21

enabling

in VTP domain 14-16

on a port 13-20

examples 14-7

overview 14-6

pruning-eligible list

changing 13-20

for VTP pruning 14-6

VLANs 14-16

PVST+

described 18-10

IEEE 802.1Q trunking interoperability 18-11

instances supported 18-10

Q

QoS

and MQC commands 37-1

auto-QoS

categorizing traffic 37-24

configuration and defaults display 37-36

configuration guidelines 37-33

described 37-23

disabling 37-35

displaying generated commands 37-35

displaying the initial configuration 37-36

effects on running configuration 37-33

egress queue defaults 37-25

list of generated commands 37-26

basic model 37-4

classification

class maps, described 37-8

defined 37-4

DSCP transparency, described 37-47

flowchart 37-7

forwarding treatment 37-3

in frames and packets 37-3

IP ACLs, described 37-7, 37-8

MAC ACLs, described 37-5, 37-8

options for IP traffic 37-6

options for non-IP traffic 37-5

policy maps, described 37-8

trust DSCP, described 37-5

trusted CoS, described 37-5

trust IP precedence, described 37-5

class maps

configuring 37-55

configuration guidelines

auto-QoS 37-33

standard QoS 37-40

configuring

aggregate policers 37-72

auto-QoS 37-23

default port CoS value 37-45

DSCP maps 37-74

DSCP transparency 37-47

DSCP trust states bordering another domain 37-48

egress queue characteristics 37-84

ingress queue characteristics 37-80

IP extended ACLs 37-51

IP standard ACLs 37-50

MAC ACLs 37-54

policy maps, hierarchical 37-64

policy maps on physical ports 37-59

port trust states within the domain 37-44

trusted boundary 37-46

default auto configuration 37-24

default standard configuration 37-37

DSCP transparency 37-47

egress queues

allocating buffer space 37-85

buffer allocation scheme, described 37-20

configuring shaped weights for SRR 37-89

configuring shared weights for SRR 37-90

described 37-4

displaying the threshold map 37-88

flowchart 37-19

mapping DSCP or CoS values 37-87

scheduling, described 37-4

setting WTD thresholds 37-85

WTD, described 37-22

enabling globally 37-42

flowcharts

classification 37-7

egress queueing and scheduling 37-19

ingress queueing and scheduling 37-16

policing and marking 37-11

implicit deny 37-8

ingress queues

allocating bandwidth 37-82

allocating buffer space 37-82

buffer and bandwidth allocation, described 37-18

configuring shared weights for SRR 37-82

configuring the priority queue 37-83

described 37-4

displaying the threshold map 37-81

flowchart 37-16

mapping DSCP or CoS values 37-81

priority queue, described 37-18

scheduling, described 37-4

setting WTD thresholds 37-81

WTD, described 37-18

IP phones

automatic classification and queueing 37-23

detection and trusted settings 37-23, 37-46

limiting bandwidth on egress interface 37-91

mapping tables

CoS-to-DSCP 37-74

DSCP-to-CoS 37-77

DSCP-to-DSCP-mutation 37-78

IP-precedence-to-DSCP 37-75

policed-DSCP 37-76

types of 37-13

marked-down actions 37-62

marking, described 37-4, 37-9

overview 37-2

packet modification 37-22

policers

configuring 37-62, 37-72

described 37-9

number of 37-41

types of 37-10

policies, attaching to an interface 37-9

policing

described 37-4, 37-9

token bucket algorithm 37-10

policy maps

characteristics of 37-59

hierarchical 37-9

hierarchical on SVIs 37-64

nonhierarchical on physical ports 37-59

QoS label, defined 37-4

queues

configuring egress characteristics 37-84

configuring ingress characteristics 37-80

high priority (expedite) 37-22, 37-90

location of 37-14

SRR, described 37-15

WTD, described 37-15

rewrites 37-22

support for 1-14

trust states

bordering another domain 37-48

described 37-5

trusted device 37-46

within the domain 37-44

quality of service

See QoS

queries, IGMP 24-4

query solicitation, IGMP 24-13

R

RADIUS

attributes

vendor-proprietary 9-36

vendor-specific 9-35

configuring

accounting 9-34

authentication 9-29

authorization 9-33

communication, global 9-27, 9-35

communication, per-server 9-27

multiple UDP ports 9-27

default configuration 9-27

defining AAA server groups 9-31

displaying the configuration 9-39

identifying the server 9-27

in clusters 6-16

limiting the services to the user 9-33

method list, defined 9-26

operation of 9-19

overview 9-18

server load balancing 9-39

suggested network environments 9-18

support for 1-12

tracking services accessed by user 9-34

RADIUS Change of Authorization 9-20

range

macro 12-16

of interfaces 12-14

rapid convergence 19-10

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described 18-10

IEEE 802.1Q trunking interoperability 18-11

instances supported 18-10

Rapid Spanning Tree Protocol

See RSTP

RARP 40-10

rcommand command 6-16

RCP

configuration files

downloading A-18

overview A-17

preparing the server A-17

uploading A-19

image files

deleting old image A-38

downloading A-37

preparing the server A-36

uploading A-38

reachability, tracking IP SLAs IP host 44-9

readiness check

port-based authentication

configuring 10-40

described 10-15, 10-40

reconfirmation interval, VMPS, changing 13-29

reconfirming dynamic VLAN membership 13-29

redirect URL 10-18, 10-20, 10-63

redundancy

EtherChannel 38-3

HSRP 42-1

STP

backbone 18-8

multidrop backbone 20-5

path cost 13-24

port priority 13-22

redundant links and UplinkFast 20-15

redundant power system

See Cisco Redundant Power System 2300

reliable transport protocol, EIGRP 40-37

reloading software 3-24

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN 30-3

report suppression, IGMP

described 24-6

disabling 24-16, 25-11

resequencing ACL entries 35-15

reserved addresses in DHCP pools 22-28

resets, in BGP 40-51

resetting a UDLD-shutdown interface 29-6

responder, IP SLAs

described 43-4

enabling 43-7

response time, measuring with IP SLAs 43-4

restricted VLAN

configuring 10-54

described 10-22

using with IEEE 802.1x 10-22

restricting access

overview 9-1

passwords and privilege levels 9-2

RADIUS 9-17

TACACS+ 9-10

retry count, VMPS, changing 13-30

reverse address resolution 40-9

Reverse Address Resolution Protocol

See RARP

RFC

1058, RIP 40-20

1112, IP multicast and IGMP 24-2

1157, SNMPv1 33-2

1163, BGP 40-44

1166, IP addresses 40-7

1253, OSPF 40-26

1267, BGP 40-44

1305, NTP 7-2

1587, NSSAs 40-26

1757, RMON 31-2

1771, BGP 40-44

1901, SNMPv2C 33-2

1902 to 1907, SNMPv2 33-2

2236, IP multicast and IGMP 24-2

2273-2275, SNMPv3 33-2

RFC 5176 Compliance 9-21

RIP

advertisements 40-20

authentication 40-23

configuring 40-21

default configuration 40-21

described 40-20

for IPv6 41-7

hop counts 40-20

split horizon 40-23

summary addresses 40-24

support for 1-15

RMON

default configuration 31-3

displaying status 31-6

enabling alarms and events 31-3

groups supported 31-2

overview 31-1

statistics

collecting group Ethernet 31-5

collecting group history 31-5

support for 1-17

root guard

described 20-10

enabling 20-18

support for 1-9

root switch

MSTP 19-18

STP 18-16

route calculation timers, OSPF 40-34

route dampening, BGP 40-63

routed packets, ACLs on 35-42

routed ports

configuring 40-5

defined 12-4

in switch clusters 6-8

IP addresses on 12-33, 40-5

route-map command 40-100

route maps

BGP 40-55

policy-based routing 40-98

router ACLs

defined 35-2

types of 35-4

route reflectors, BGP 40-62

router ID, OSPF 40-35

route selection, BGP 40-53

route summarization, OSPF 40-33

route targets, VPN 40-78

routing

default 40-3

dynamic 40-3

redistribution of information 40-95

static 40-3

routing domain confederation, BGP 40-62

Routing Information Protocol

See RIP

routing protocol administrative distances 40-93

RPS

See Cisco Redundant Power System 2300

RPS 2300

See Cisco Redundant Power System 2300

RSPAN 30-3

and stack changes 30-11

characteristics 30-9

configuration guidelines 30-19

default configuration 30-12

destination ports 30-8

displaying status 30-31

in a switch stack 30-3

interaction with other features 30-10

monitored ports 30-7

monitoring ports 30-8

overview 1-17, 30-1

received traffic 30-6

session limits 30-13

sessions

creating 30-20

defined 30-4

limiting source traffic to specific VLANs 30-22

specifying monitored ports 30-20

with ingress traffic enabled 30-25

source ports 30-7

transmitted traffic 30-6

VLAN-based 30-7

RSTP

active topology 19-9

BPDU

format 19-12

processing 19-13

designated port, defined 19-9

designated switch, defined 19-9

interoperability with IEEE 802.1D

described 19-8

restarting migration process 19-26

topology changes 19-13

overview 19-9

port roles

described 19-9

synchronized 19-11

proposal-agreement handshake process 19-10

rapid convergence

cross-stack rapid convergence 19-11

described 19-10

edge ports and Port Fast 19-10

point-to-point links 19-10, 19-25

root ports 19-10

root port, defined 19-9

See also MSTP

running configuration

replacing A-20, A-21

rolling back A-20, A-22

saving 3-16

S

SC (standby command switch) 6-10

scheduled reloads 3-24

scheduling, IP SLAs operations 43-5

SCP

and SSH 9-55

configuring 9-55

SDM

described 8-1

switch stack consideration 5-10

templates

configuring 8-5

number of 8-1

SDM template

configuring 8-4

dual IPv4 and IPv6 8-2

types of 8-1

secondary VLANs 16-2

Secure Copy Protocol

secure HTTP client

configuring 9-54

displaying 9-54

secure HTTP server

configuring 9-52

displaying 9-54

secure MAC addresses

and switch stacks 26-18

deleting 26-16

maximum number of 26-10

types of 26-9

secure ports

and switch stacks 26-18

configuring 26-9

secure remote connections 9-44

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port 26-8

security features 1-10

See SCP

sequence numbers in log messages 32-8

server mode, VTP 14-3

service-provider network, MSTP and RSTP 19-1

service-provider networks

and customer VLANs 17-2

and IEEE 802.1Q tunneling 17-1

Layer 2 protocols across 17-8

Layer 2 protocol tunneling for EtherChannels 17-9

set-request operation 33-4

setup program

failed command switch replacement 49-11

replacing failed command switch 49-9

severity levels, defining in system messages 32-9

SFPs

monitoring status of 49-14

numbering of 12-13

security and identification 49-14

status, displaying 49-14

shaped round robin

See SRR

show access-lists hw-summary command 35-22

show and more command output, filtering 2-9

show cluster members command 6-16

show configuration command 12-31

show forward command 49-22

show interfaces command 12-25, 12-31

show interfaces switchport 21-4

show l2protocol command 17-13, 17-15, 17-16

show platform forward command 49-22

show running-config command

displaying ACLs 35-33, 35-35

interface description in 12-31

shutdown command on interfaces 12-41

shutdown threshold for Layer 2 protocol packets 17-11

Simple Network Management Protocol

See SNMP

single session ID 10-35

small form-factor pluggable modules

See SFPs

small-frame arrival rate, configuring 26-5

smart logging 32-1, 32-14

SNAP 27-1

SNMP

accessing MIB variables with 33-4

agent

described 33-4

disabling 33-7

and IP SLAs 43-2

authentication level 33-10

community strings

configuring 33-8

for cluster switches 33-4

overview 33-4

configuration examples 33-17

default configuration 33-6

engine ID 33-7

groups 33-7, 33-9

host 33-7

ifIndex values 33-5

in-band management 1-7

in clusters 6-14

informs

and trap keyword 33-12

described 33-5

differences from traps 33-5

disabling 33-15

enabling 33-15

limiting access by TFTP servers 33-17

limiting system log messages to NMS 32-10

manager functions 1-6, 33-3

managing clusters with 6-17

notifications 33-5

overview 33-1, 33-4

security levels 33-3

setting CPU threshold notification 33-16

status, displaying 33-19

system contact and location 33-16

trap manager, configuring 33-14

traps

described 33-5

differences from informs 33-5

disabling 33-15

enabling 33-12

enabling MAC address notification 7-15, 7-17, 7-18

overview 33-1, 33-4

types of 33-12

users 33-7, 33-9

versions supported 33-2

SNMP and Syslog Over IPv6 41-8

SNMPv1 33-2

SNMPv2C 33-2

SNMPv3 33-2

snooping, IGMP 24-2

software compatibility

See stacks, switch

software images

location in flash A-26

recovery procedures 49-2

scheduling reloads 3-24

tar file format, described A-26

See also downloading and uploading

software images in mixed stacks

See the Cisco Software Activation and Compatibility Document

source-and-destination-IP address based forwarding, EtherChannel 38-9

source-and-destination MAC address forwarding, EtherChannel 38-9

source-IP address based forwarding, EtherChannel 38-9

source-MAC address forwarding, EtherChannel 38-8

Source-specific multicast

See SSM

SPAN

and stack changes 30-11

configuration guidelines 30-13

default configuration 30-12

destination ports 30-8

displaying status 30-31

interaction with other features 30-10

monitored ports 30-7

monitoring ports 30-8

overview 1-17, 30-1

ports, restrictions 26-12

received traffic 30-6

session limits 30-13

sessions

configuring ingress forwarding 30-17, 30-26

creating 30-14, 30-28

defined 30-4

limiting source traffic to specific VLANs 30-18

removing destination (monitoring) ports 30-15

specifying monitored ports 30-14, 30-28

with ingress traffic enabled 30-16

source ports 30-7

transmitted traffic 30-6

VLAN-based 30-7

spanning tree and native VLANs 13-17

Spanning Tree Protocol

See STP

SPAN traffic 30-6

split horizon, RIP 40-23

SRR

configuring

shaped weights on egress queues 37-89

shared weights on egress queues 37-90

shared weights on ingress queues 37-82

described 37-15

shaped mode 37-15

shared mode 37-16

support for 1-14, 1-15

SSH

configuring 9-45

described 1-7, 9-44

encryption methods 9-45

switch stack considerations 5-17

user authentication methods, supported 9-45

SSL

configuration guidelines 9-51

configuring a secure HTTP client 9-54

configuring a secure HTTP server 9-52

described 9-48

monitoring 9-54

SSM

address management restrictions 46-16

CGMP limitations 46-16

components 46-14

configuration guidelines 46-16

configuring 46-14, 46-17

differs from Internet standard multicast 46-14

IGMP snooping 46-16

IGMPv3 46-14

IGMPv3 Host Signalling 46-15

IP address range 46-15

monitoring 46-17

operations 46-15

PIM 46-14

state maintenance limitations 46-16

SSM mapping 46-17

configuration guidelines 46-17

configuring 46-17, 46-19

DNS-based 46-18, 46-20

monitoring 46-22

overview 46-18

restrictions 46-18

static 46-18, 46-20

static traffic forwarding 46-21

stack changes

effects on

IPv6 routing 41-10

stack changes, effects on

ACL configuration 35-7

CDP 27-2

cross-stack EtherChannel 38-13

EtherChannel 38-10

fallback bridging 48-3

HSRP 42-5

IEEE 802.1x port-based authentication 10-11

IGMP snooping 24-7

IP routing 40-4

IPv6 ACLs 36-3

MAC address tables 7-14

MSTP 19-8

multicast routing 46-10

MVR 24-18

port security 26-18

SDM template selection 8-3

SNMP 33-1

SPAN and RSPAN 30-11

STP 18-12

switch clusters 6-14

system message log 32-2

VLANs 13-6

VTP 14-8

stack master

bridge ID (MAC address) 5-6

defined 5-2

election 5-5

IPv6 41-10

re-election 5-5

See also stacks, switch

stack member

accessing CLI of specific member 5-29

configuring

member number 5-25

priority value 5-25

defined 5-2

displaying information of 5-29

IPv6 41-10

number 5-7

priority value 5-7

provisioning a new member 5-26

replacing 5-15

See also stacks, switch

stack member number 12-13

stack protocol version 5-11

stacks, switch

accessing CLI of specific member 5-29

assigning information

member number 5-25

priority value 5-25

provisioning a new member 5-26

auto-advise 5-12

auto-copy 5-12

auto-extract 5-12

auto-upgrade 5-12

bridge ID 5-6

Catalyst 3750-E-only 5-1

CDP considerations 27-2

compatibility, software 5-10

configuration file 5-15

configuration scenarios 5-18

copying an image file from one member to another A-39

default configuration 5-23

description of 5-1

displaying information of 5-29

enabling persistent MAC address timer 5-23

hardware compatibility and SDM mismatch mode 5-10

HSRP considerations 42-5

in clusters 6-14

incompatible software and image upgrades 5-15, A-39

IPv6 on 41-10

MAC address considerations 7-14

MAC address of 5-23

management connectivity 5-16

managing 5-1

managing mixed

See Catalyst 3750-E and 3750 Switch Stacking Compatibility Guide

membership 5-4

merged 5-4

mixed

hardware 5-1

hardware and software 5-2

software 5-2

with Catalyst 3750-E and 3750 switches 5-1

mixed software images

See Cisco Software Activation and Compatibility Document

MSTP instances supported 18-10

multicast routing, stack master and member roles 46-10

offline configuration

described 5-8

effects of adding a provisioned switch 5-8

effects of removing a provisioned switch 5-10

effects of replacing a provisioned switch 5-10

provisioned configuration, defined 5-8

provisioned switch, defined 5-8

provisioning a new member 5-26

partitioned 5-4, 49-8

provisioned switch

adding 5-8

removing 5-10

replacing 5-10

replacing a failed member 5-15

software compatibility 5-10

software image version 5-10

stack protocol version 5-11

STP

bridge ID 18-3

instances supported 18-10

root port selection 18-3

stack root switch election 18-3

system messages

hostnames in the display 32-1

remotely monitoring 32-2

system prompt consideration 7-7

system-wide configuration considerations 5-16

upgrading A-39

version-mismatch (VM) mode

automatic upgrades with auto-upgrade 5-12

described 5-11

examples 5-13

manual upgrades with auto-advise 5-12

upgrades with auto-extract 5-12

See also stack master and stack member

StackWise Plus technology, Cisco 1-3

See also stacks, switch

standby command switch

configuring

considerations 6-11

defined 6-2

priority 6-10

requirements 6-3

virtual IP address 6-11

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

standby ip command 42-6

standby links 21-2

standby router 42-2

standby timers, HSRP 42-10

startup configuration

booting

manually 3-19

specific image 3-20

clearing A-20

configuration file

automatically downloading 3-18

specifying the filename 3-19

default boot configuration 3-18

static access ports

assigning to VLAN 13-9

defined 12-3, 13-3

static addresses

See addresses

static IP routing 1-15

static MAC addressing 1-10

static route primary interface, configuring 44-10

static routes

configuring 40-93

understanding 41-6

static routing 40-3

static routing support, enhanced object tracking 44-10

static SSM mapping 46-18, 46-20

static traffic forwarding 46-21

static VLAN membership 13-2

statistics

802.1X 11-17

CDP 27-5

IEEE 802.1x 10-68

interface 12-40

IP multicast routing 46-63

OSPF 40-36

RMON group Ethernet 31-5

RMON group history 31-5

SNMP input and output 33-19

VTP 14-18

sticky learning 26-9

storm control

configuring 26-3

described 26-1

disabling 26-5

support for 1-5

thresholds 26-1

STP

accelerating root port selection 20-4

BackboneFast

described 20-7

disabling 20-17

enabling 20-16

BPDU filtering

described 20-3

disabling 20-15

enabling 20-14

BPDU guard

described 20-2

disabling 20-14

enabling 20-13

BPDU message exchange 18-3

configuration guidelines 18-13, 20-12

configuring

forward-delay time 18-23

hello time 18-22

maximum aging time 18-23

path cost 18-20

port priority 18-18

root switch 18-16

secondary root switch 18-18

spanning-tree mode 18-15

switch priority 18-21

transmit hold-count 18-24

counters, clearing 18-24

cross-stack UplinkFast

described 20-5

enabling 20-16

default configuration 18-13

default optional feature configuration 20-12

designated port, defined 18-4

designated switch, defined 18-4

detecting indirect link failures 20-8

disabling 18-16

displaying status 18-24

EtherChannel guard

described 20-10

disabling 20-17

enabling 20-17

extended system ID

effects on root switch 18-16

effects on the secondary root switch 18-18

overview 18-4

unexpected behavior 18-16

features supported 1-9

IEEE 802.1D and bridge ID 18-4

IEEE 802.1D and multicast addresses 18-9

IEEE 802.1t and VLAN identifier 18-5

inferior BPDU 18-3

instances supported 18-10

interface state, blocking to forwarding 20-2

interface states

blocking 18-6

disabled 18-7

forwarding 18-6, 18-7

learning 18-7

listening 18-7

overview 18-5

interoperability and compatibility among modes 18-11

keepalive messages 18-2

Layer 2 protocol tunneling 17-8

limitations with IEEE 802.1Q trunks 18-11

load sharing

overview 13-22

using path costs 13-24

using port priorities 13-22

loop guard

described 20-11

enabling 20-18

modes supported 18-10

multicast addresses, effect of 18-9

optional features supported 1-9

overview 18-2

path costs 13-24, 13-25

Port Fast

described 20-2

enabling 20-12

port priorities 13-23

preventing root switch selection 20-10

protocols supported 18-10

redundant connectivity 18-8

root guard

described 20-10

enabling 20-18

root port, defined 18-3

root port selection on a switch stack 18-3

root switch

configuring 18-16

effects of extended system ID 18-4, 18-16

election 18-3

unexpected behavior 18-16

shutdown Port Fast-enabled port 20-2

stack changes, effects of 18-12

status, displaying 18-24

superior BPDU 18-3

timers, described 18-22

UplinkFast

described 20-3

enabling 20-15

VLAN-bridge 18-11

stratum, NTP 7-2

stub areas, OSPF 40-32

stub routing, EIGRP 40-43

subdomains, private VLAN 16-1

subnet mask 40-7

subnet zero 40-7

success response, VMPS 13-26

summer time 7-6

SunNet Manager 1-6

supernet 40-8

supported port-based authentication methods 10-8

SVI autostate exclude

configuring 12-34

defined 12-6

SVI link state 12-6

SVIs

and IP unicast routing 40-5

and router ACLs 35-4

connecting VLANs 12-11

defined 12-5

routing between VLANs 13-2

switch 41-2

switch clustering technology 6-1

See also clusters, switch

switch console port 1-8

Switch Database Management

See SDM

switched packets, ACLs on 35-40

Switched Port Analyzer

See SPAN

switched ports 12-2

switchport backup interface 21-4, 21-5

switchport block multicast command 26-8

switchport block unicast command 26-8

switchport command 12-22

switchport mode dot1q-tunnel command 17-7

switchport protected command 26-7

switch priority

MSTP 19-22

STP 18-21

switch software features 1-1

switch virtual interface

See SVI

synchronization, BGP 40-49

syslog

See system message logging

system capabilities TLV 28-2

system clock

configuring

daylight saving time 7-6

manually 7-4

summer time 7-6

time zones 7-5

displaying the time and date 7-5

overview 7-2

See also NTP

system description TLV 28-2

system message logging

default configuration 32-4

defining error message severity levels 32-9

disabling 32-4

displaying the configuration 32-17

enabling 32-5

facility keywords, described 32-14

level keywords, described 32-10

limiting messages 32-10

message format 32-2

overview 32-1

sequence numbers, enabling and disabling 32-8

setting the display destination device 32-5

stack changes, effects of 32-2

synchronizing log messages 32-6

syslog facility 1-17

time stamps, enabling and disabling 32-8

UNIX syslog servers

configuring the daemon 32-12

configuring the logging facility 32-13

facilities supported 32-14

system MTU

and IS-IS LSPs 40-70

system MTU and IEEE 802.1Q tunneling 17-5

system name

default configuration 7-8

default setting 7-8

manual configuration 7-8

See also DNS

system name TLV 28-2

system prompt, default setting 7-7, 7-8

system resources, optimizing 8-1

system routing

IS-IS 40-66

ISO IGRP 40-66

T

TACACS+

accounting, defined 9-11

authentication, defined 9-11

authorization, defined 9-11

configuring

accounting 9-17

authentication key 9-13

authorization 9-16

login authentication 9-14

default configuration 9-13

displaying the configuration 9-17

identifying the server 9-13

in clusters 6-16

limiting the services to the user 9-16

operation of 9-12

overview 9-10

support for 1-12

tracking services accessed by user 9-17

tagged packets

IEEE 802.1Q 17-3

Layer 2 protocol 17-8

tar files

creating A-7

displaying the contents of A-7

extracting A-8

image file format A-26

TCL script, registering and defining with embedded event manager 34-7

TDR 1-17

Telnet

accessing management interfaces 2-10

number of connections 1-7

setting a password 9-6

templates, SDM 8-1

temporary self-signed certificate 9-49

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password 9-6

ternary content addressable memory 49-26

TFTP

configuration files

downloading A-12

preparing the server A-11

uploading A-13

configuration files in base directory 3-8

configuring for autoconfiguration 3-7

image files

deleting A-30

downloading A-28

preparing the server A-28

uploading A-30

limiting access by servers 33-17

TFTP server 1-6

threshold, traffic level 26-2

threshold monitoring, IP SLAs 43-6

time

See NTP and system clock

Time Domain Reflector

See TDR

time-range command 35-17

time ranges in ACLs 35-17

time stamps in log messages 32-8

time zones 7-5

TLVs

defined 28-2

LLDP 28-2

LLDP-MED 28-2

Token Ring VLANs

support for 13-5

VTP support 14-4

ToS 1-14

traceroute, Layer 2

and ARP 49-17

and CDP 49-17

broadcast traffic 49-16

described 49-16

IP addresses and subnets 49-17

MAC addresses and VLANs 49-17

multicast traffic 49-17

multiple devices on a port 49-17

unicast traffic 49-16

usage guidelines 49-17

traceroute command

See also IP traceroute

tracked lists

configuring 44-3

types 44-3

tracked objects

by Boolean expression 44-4

by threshold percentage 44-6

by threshold weight 44-5

tracking interface line-protocol state 44-2

tracking IP routing state 44-2

tracking objects 44-1

tracking process 44-1

track state, tracking IP SLAs 44-9

traffic

blocking flooded 26-8

fragmented 35-5

fragmented IPv6 36-2

unfragmented 35-5

traffic policing 1-14

traffic suppression 26-1

transmit hold-count

see STP

transparent mode, VTP 14-3

trap-door mechanism 3-2

traps

configuring MAC address notification 7-15, 7-17, 7-18

configuring managers 33-12

enabling 7-15, 7-17, 7-18, 33-12

notification types 33-12

overview 33-1, 33-4

troubleshooting

connectivity problems 49-15, 49-16, 49-18

CPU utilization 49-30

detecting unidirectional links 29-1

displaying crash information 49-24

PIMv1 and PIMv2 interoperability problems 46-35

setting packet forwarding 49-22

SFP security and identification 49-14

show forward command 49-22

with CiscoWorks 33-4

with debug commands 49-20

with ping 49-15

with system message logging 32-1

with traceroute 49-18

trunk failover

See link-state tracking

trunking encapsulation