Catalyst 3750-E and Catalyst 3560-E Switch Software Configuration Guide, Cisco IOS Release 15.0(2)SE and Later
Index
Downloads: This chapterpdf (PDF - 2.01MB) The complete bookPDF (PDF - 15.84MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W -

Index

Numerics

10-Gigabit Ethernet interfaces 13-6

802.1AE Tagging 12-2

A

AAA down policy, NAC Layer 2 IP validation 1-12

abbreviating commands 2-3

ABRs 42-26

AC (command switch) 6-10

access control entries

See ACEs

access-denied response, VMPS 14-27

access groups

applying IPv4 ACLs to interfaces 37-21

Layer 3 37-21

access groups, applying IPv4 ACLs to interfaces 37-21

accessing

clusters, switch 6-13

command switches 6-11

member switches 6-13

switch clusters 6-13

accessing stack members 5-30

access lists

See ACLs

access ports

and Layer 2 protocol tunneling 18-12

defined 13-3

in switch clusters 6-9

access template 8-1

accounting

with 802.1x 10-52

with IEEE 802.1x 10-14

with RADIUS 9-36

with TACACS+ 9-12, 9-17

ACEs

and QoS 38-8

defined 37-2

Ethernet 37-2

IP 37-2

ACLs

ACEs 37-2

applying

on bridged packets 37-41

on multicast packets 37-42

on routed packets 37-42

on switched packets 37-40

time ranges to 37-17

to an interface 37-20, 39-8

to QoS 38-7

classifying traffic for QoS 38-51

comments in 37-19

compiling 37-24

defined 37-2, 37-8

examples of 37-24, 38-51

extended IP, configuring for QoS classification 38-52

extended IPv4

creating 37-11

matching criteria 37-8

hardware and software handling 37-22

IP

creating 37-8

fragments and QoS guidelines 38-40

implicit deny 37-10, 37-14, 37-17

implicit masks 37-10

matching criteria 37-8

undefined 37-22

IPv4

applying to interfaces 37-20

creating 37-8

matching criteria 37-8

named 37-15

numbers 37-8

terminal lines, setting on 37-19

unsupported features 37-7

IPv6

and stacking 39-4

applying to interfaces 39-8

configuring 39-4, 39-5

displaying 39-9

interactions with other features 39-5

limitations 39-3

matching criteria 39-3

named 39-3

precedence of 39-2

supported 39-3

unsupported features 39-3

Layer 4 information in 37-40

logging messages 37-9

MAC extended 37-29, 38-55

matching 37-8, 37-21

monitoring 37-43, 39-9

named

IPv4 37-15

IPv6 39-3

names 39-5

number per QoS class map 38-40

port 37-2, 39-2

precedence of 37-3

QoS 38-7, 38-51

resequencing entries 37-15

router 37-2, 39-2

router ACLs and VLAN map configuration guidelines 37-39

standard IP, configuring for QoS classification 38-51, 38-53

standard IPv4

creating 37-10

matching criteria 37-8

support for 1-11

support in hardware 37-22

time ranges 37-17

types supported 37-2

unsupported features

IPv4 37-7

IPv6 39-3

using router ACLs with VLAN maps 37-39

VLAN maps

configuration guidelines 37-32

configuring 37-31

active link 23-4, 23-5, 23-6

active links 23-2

active router 45-2

active traffic monitoring, IP SLAs 46-1

address aliasing 26-2

addresses

displaying the MAC address table 7-25

dynamic

accelerated aging 19-9

changing the aging time 7-15

default aging 19-9

defined 7-13

learning 7-14

removing 7-16

IPv6 43-2

MAC, discovering 7-25

multicast

group address range 49-3

STP address management 19-9

static

adding and removing 7-21

defined 7-13

address resolution 7-25, 42-10

Address Resolution Protocol

See ARP

adjacency tables, with CEF 42-91

administrative distances

defined 42-103

OSPF 42-34

routing protocol defaults 42-94

administrative VLAN

REP, configuring 22-8

administrative VLAN, REP 22-8

advertisements

CDP 28-1

LLDP 30-2

RIP 42-21

VTP 14-18, 15-3, 15-4

age timer, REP 22-8

aggregatable global unicast addresses 43-3

aggregate addresses, BGP 42-61

aggregated ports

See EtherChannel

aggregate policers 38-73

aggregate policing 1-14

aging, accelerating 19-9

aging time

accelerated

for MSTP 20-25

for STP 19-9, 19-23

MAC address table 7-15

maximum

for MSTP 20-26

for STP 19-23, 19-24

alarms, RMON 33-4

allowed-VLAN list 14-20

AP1250 (wireless access point) 1-16

application engines, redirecting traffic to 48-1

area border routers

See ABRs

area routing

IS-IS 42-66

ISO IGRP 42-66

ARP

configuring 42-11

defined 1-7, 7-25, 42-10

encapsulation 42-11

static cache configuration 42-11

table

address resolution 7-25

managing 7-25

ASBRs 42-26

AS-path filters, BGP 42-55

asymmetrical links, and IEEE 802.1Q tunneling 18-4

attributes, RADIUS

vendor-proprietary 9-39

vendor-specific 9-37

attribute-value pairs 10-20

authentication

EIGRP 42-42

HSRP 45-10

local mode with AAA 9-46

open1x 10-31

RADIUS

key 9-29

login 9-31

TACACS+

defined 9-11

key 9-13

login 9-14

See also port-based authentication

authentication compatibility with Catalyst 6000 switches 10-8

authentication failed VLAN

See restricted VLAN

authentication keys, and routing protocols 42-104

authentication manager

CLI commands 10-9

compatibility with older 802.1x CLI commands10-9to 10-10

overview 10-7

single session ID 10-35

authoritative time source, described 7-2

authorization

with RADIUS 9-35

with TACACS+ 9-12, 9-16

authorized ports with IEEE 802.1x 10-10

autoconfiguration 4-3

auto enablement 10-34

automatic advise (auto-advise) in switch stacks 5-12

automatic copy (auto-copy) in switch stacks 5-12

automatic discovery

considerations

beyond a noncandidate device 6-8

brand new switches 6-9

connectivity 6-5

different VLANs 6-7

management VLANs 6-7

non-CDP-capable devices 6-6

noncluster-capable devices 6-6

routed ports 6-8

in switch clusters 6-5

See also CDP

automatic extraction (auto-extract) in switch stacks 5-12

automatic QoS

See QoS

automatic recovery, clusters 6-10

See also HSRP

automatic upgrades (auto-upgrade) in switch stacks 5-12

auto-MDIX

configuring 13-26

described 13-26

autonegotiation

duplex mode 1-4

interface configuration guidelines 13-23

mismatches 52-13

autonomous system boundary routers

See ASBRs

autonomous systems, in BGP 42-49

Auto-RP, described 49-7

autosensing, port speed 1-4

autostate exclude 13-6

auxiliary VLAN

See voice VLAN

availability, features 1-9

B

BackboneFast

described 21-7

disabling 21-17

enabling 21-17

support for 1-9

backup interfaces

See Flex Links

backup links 23-2

backup static routing, configuring 47-12

banners

configuring

login 7-13

message-of-the-day login 7-12

default configuration 7-11

when displayed 7-11

Berkeley r-tools replacement 9-58

BGP

aggregate addresses 42-61

aggregate routes, configuring 42-61

CIDR 42-61

clear commands 42-64

community filtering 42-58

configuring neighbors 42-59

default configuration 42-46

described 42-46

enabling 42-49

monitoring 42-64

multipath support 42-53

neighbors, types of 42-49

path selection 42-53

peers, configuring 42-59

prefix filtering 42-57

resetting sessions 42-51

route dampening 42-63

route maps 42-55

route reflectors 42-62

routing domain confederation 42-62

routing session with multi-VRF CE 42-85

show commands 42-64

supernets 42-61

support for 1-15

Version 4 42-46

binding cluster group and HSRP group 45-12

binding database

address, DHCP server

See DHCP, Cisco IOS server database

DHCP snooping

See DHCP snooping binding database

bindings

address, Cisco IOS DHCP server 24-6

DHCP snooping database 24-6

IP source guard 24-16

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets 29-7

Boolean expressions in tracked lists 47-4

booting

boot loader, function of 4-2

boot process 4-2

manually 4-19

specific image 4-20

boot loader

accessing 4-21

described 4-2

environment variables 4-21

prompt 4-21

trap-door mechanism 4-2

bootstrap router (BSR), described 49-7

Border Gateway Protocol

See BGP

BPDU

error-disabled state 21-2

filtering 21-3

RSTP format 20-12

BPDU filtering

described 21-3

disabling 21-15

enabling 21-15

support for 1-9

BPDU guard

described 21-2

disabling 21-14

enabling 21-14

support for 1-9

bridged packets, ACLs on 37-41

bridge groups

See fallback bridging

bridge protocol data unit

See BPDU

broadcast flooding 42-18

broadcast packets

directed 42-15

flooded 42-15

broadcast storm-control command 29-4

broadcast storms 29-1, 42-15

C

cables, monitoring for unidirectional links 31-1

candidate switch

automatic discovery 6-5

defined 6-4

requirements 6-4

See also command switch, cluster standby group, and member switch

Catalyst 6000 switches, authentication compatibility 10-8

CA trustpoint

configuring 9-54

defined 9-52

CDP

and trusted boundary 38-47

automatic discovery in switch clusters 6-5

configuring 28-2

default configuration 28-2

defined with LLDP 30-1

described 28-1

disabling for routing device 28-4

enabling and disabling

on an interface 28-4

on a switch 28-4

Layer 2 protocol tunneling 18-8

monitoring 28-5

overview 28-1

power negotiation extensions 13-7

support for 1-7

switch stack considerations 28-2

transmission timer and holdtime, setting 28-3

updates 28-3

CEF

defined 42-91

distributed 42-91

IPv6 43-30

CGMP

as IGMP snooping learning method 26-9

enabling server support 49-45

joining multicast group 26-3

overview 49-9

server support only 49-9

switch support of 1-5

CIDR 42-61

CipherSuites 9-53

Cisco 7960 IP Phone 16-1

Cisco AP1250 (wireless access point) 1-16

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco intelligent power management 13-7

Cisco IOS DHCP server

See DHCP, Cisco IOS DHCP server

Cisco IOS File System

See IFS

Cisco IOS IP SLAs 46-2

Cisco Redundant Power System 2300

configuring 13-38

managing 13-38

Cisco Secure ACS

attribute-value pairs for downloadable ACLs 10-20

attribute-value pairs for redirect URL 10-20

Cisco StackWise Plus technology 1-3

See also stacks, switch

CiscoWorks 2000 1-6, 35-4

CISP 10-33

CIST regional root

See MSTP

CIST root

See MSTP

civic location 30-3

classless interdomain routing

See CIDR

classless routing 42-8

class maps for QoS

configuring 38-56

described 38-8

class of service

See CoS

clearing interfaces 13-41

CLI

abbreviating commands 2-3

command modes 2-1

configuration logging 2-5

described 1-6

editing features

enabling and disabling 2-7

keystroke editing 2-7

wrapped lines 2-8

error messages 2-4

filtering command output 2-9

getting help 2-3

history

changing the buffer size 2-5

described 2-5

disabling 2-6

recalling commands 2-6

managing clusters 6-16

no and default forms of commands 2-4

Client Information Signalling Protocol

See CISP

client mode, VTP 15-3

client processes, tracking 47-1

CLNS

See ISO CLNS

clock

See system clock

clusters, switch

accessing 6-13

automatic discovery 6-5

automatic recovery 6-10

benefits 1-2

compatibility 6-4

described 6-1

LRE profile considerations 6-16

managing

through CLI 6-16

through SNMP 6-17

planning 6-4

planning considerations

automatic discovery 6-5

automatic recovery 6-10

CLI 6-16

host names 6-13

IP addresses 6-13

LRE profiles 6-16

passwords 6-14

RADIUS 6-16

SNMP 6-14, 6-17

switch stacks 6-14

TACACS+ 6-16

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

and HSRP group 45-12

automatic recovery 6-12

considerations 6-11

defined 6-2

requirements 6-3

virtual IP address 6-11

See also HSRP

CNS

Configuration Engine

configID, deviceID, hostname 3-3

configuration service 3-2

described 3-1

event service 3-3

embedded agents

described 3-5

enabling automated configuration 3-6

enabling configuration agent 3-9

enabling event agent 3-8

management functions 1-6

CoA Request Commands 9-24

Coarse Wave Division Multiplexer

See CWDM SFPs

command-line interface

See CLI

command modes 2-1

commands

abbreviating 2-3

no and default 2-4

commands, setting privilege levels 9-8

command switch

accessing 6-11

active (AC) 6-10

configuration conflicts 52-12

defined 6-2

passive (PC) 6-10

password privilege levels 6-17

priority 6-10

recovery

from command-switch failure 6-10, 52-9

from lost member connectivity 52-12

redundant 6-10

replacing

with another switch 52-11

with cluster member 52-9

requirements 6-3

standby (SC) 6-10

See also candidate switch, cluster standby group, member switch, and standby command switch

common session ID

see single session ID 10-35

community list, BGP 42-58

community ports 17-2

community strings

configuring 6-14, 35-8

for cluster switches 35-4

in clusters 6-14

overview 35-4

SNMP 6-14

community VLANs 17-2, 17-3

compatibility, feature 29-12

compatibility, software

See stacks, switch

configurable leave timer, IGMP 26-6

configuration, initial

defaults 1-19

Express Setup 1-2

configuration conflicts, recovering from lost member connectivity 52-12

configuration examples, network 1-21

configuration files

archiving A-21

clearing the startup configuration A-20

creating and using, guidelines for A-10

creating using a text editor A-11

deleting a stored configuration A-20

described A-9

downloading

automatically 4-18

preparing A-11, A-14, A-17

reasons for A-9

using FTP A-14

using RCP A-18

using TFTP A-12

invalid combinations when copying A-6

limiting TFTP server access 35-18

obtaining with DHCP 4-9

password recovery disable considerations 9-5

replacing and rolling back, guidelines for A-22

replacing a running configuration A-21

rolling back a running configuration A-21, A-22

specifying the filename 4-19

system contact and location information 35-17

types and location A-10

uploading

preparing A-11, A-14, A-17

reasons for A-9

using FTP A-16

using RCP A-19

using TFTP A-13

configuration guidelines

REP 22-7

configuration guidelines, multi-VRF CE 42-78

configuration logging 2-5

configuration replacement A-21

configuration rollback A-21

configuration settings, saving 4-16

configure terminal command 13-13

Configuring First Hop Security in IPv6 43-5, 43-19

Configuring IPv6 Source Guard 43-22

configuring multicast VRFs 42-84

configuring port-based authentication violation modes 10-43

configuring small-frame arrival rate 29-5

Configuring VACL Logging 37-38

conflicts, configuration 52-12

connections, secure remote 9-47

connectivity problems 52-15, 52-16, 52-18

consistency checks in VTP Version 2 15-5

console port, connecting to 2-10

content-routing technology

See WCCP

control protocol, IP SLAs 46-4

convergence

REP 22-4

corrupted software, recovery steps with Xmodem 52-2

CoS

in Layer 2 frames 38-2

override priority 16-7

trust priority 16-7

CoS input queue threshold map for QoS 38-18

CoS output queue threshold map for QoS 38-21

CoS-to-DSCP map for QoS 38-75

counters, clearing interface 13-41

CPU utilization, troubleshooting 52-30

crashinfo file 52-25

critical authentication, IEEE 802.1x 10-56

critical VLAN 10-23

cross-stack EtherChannel

configuration guidelines 40-13

configuring

on Layer 2 interfaces 40-13

on Layer 3 physical interfaces 40-16

described 40-3

illustration 40-4

support for 1-9

cross-stack UplinkFast, STP

described 21-5

disabling 21-17

enabling 21-17

fast-convergence events 21-7

Fast Uplink Transition Protocol 21-6

normal-convergence events 21-7

support for 1-9

cryptographic software image

switch stack considerations 5-2, 5-17

customer edge devices 42-76

customizeable web pages, web-based authentication 11-6

CWDM SFPs 1-35

D

DACL

See downloadable ACL

daylight saving time 7-7

dCEF in the switch stack 42-91

debugging

enabling all system diagnostics 52-22

enabling for a specific feature 52-21

redirecting error message output 52-22

using commands 52-21

default commands 2-4

default configuration

802.1x 10-36

auto-QoS 38-24

banners 7-11

BGP 42-46

booting 4-18

CDP 28-2

DHCP 24-8

DHCP option 82 24-8

DHCP snooping 24-8

DHCP snooping binding database 24-9

DNS 7-10

dynamic ARP inspection 25-5

EIGRP 42-38

EtherChannel 40-11

Ethernet interfaces 13-22

fallback bridging 51-3

Flex Links 23-8

HSRP 45-5

IEEE 802.1Q tunneling 18-4

IGMP 49-39

IGMP filtering 26-25

IGMP snooping 26-7, 27-6

IGMP throttling 26-25

initial switch information 4-3

IP addressing, IP routing 42-6

IP multicast routing 49-11

IP SLAs 46-6

IP source guard 24-18

IPv6 43-16

IS-IS 42-67

Layer 2 interfaces 13-22

Layer 2 protocol tunneling 18-12

LLDP 30-5

MAC address table 7-15

MAC address-table move update 23-8

MSDP 50-4

MSTP 20-15

multi-VRF CE 42-78

MVR 26-20

optional spanning-tree configuration 21-12

OSPF 42-27

password and privilege level 9-2

PIM 49-11

private VLANs 17-7

RADIUS 9-28

REP 22-7

RIP 42-21

RMON 33-3

RSPAN 32-12

SDM template 8-4

SNMP 35-6

SPAN 32-12

SSL 9-54

standard QoS 38-37

STP 19-13

switch stacks 5-24

system message logging 34-4

system name and prompt 7-9

TACACS+ 9-13

UDLD 31-4

VLAN, Layer 2 Ethernet interfaces 14-17

VLANs 14-7

VMPS 14-28

voice VLAN 16-3

VTP 15-8

WCCP 48-5

default gateway 4-15, 42-13

default networks 42-94

default router preference

See DRP

default routes 42-94

default routing 42-3

default web-based authentication configuration

802.1X 11-9

deleting VLANs 14-9

denial-of-service attack 29-1

description command 13-31

designing your network, examples 1-21

desktop template 5-10

destination-IP address-based forwarding, EtherChannel 40-9

destination-MAC address forwarding, EtherChannel 40-9

detecting indirect link failures, STP 21-8

device discovery protocol 28-1, 30-1

device manager

benefits 1-2

described 1-2, 1-6

in-band management 1-8

DHCP

Cisco IOS server database

configuring 24-14

default configuration 24-9

described 24-6

DHCP for IPv6

See DHCPv6

enabling

relay agent 24-11

server 24-10

DHCP-based autoconfiguration

client request message exchange 4-4

configuring

client side 4-4

DNS 4-8

relay device 4-8

server side 4-7

server-side 24-10

TFTP server 4-7

example 4-10

lease options

for IP address information 4-7

for receiving the configuration file 4-7

overview 4-3

relationship to BOOTP 4-4

relay support 1-7, 1-16

support for 1-7

DHCP-based autoconfiguration and image update

configuring4-11to 4-14

understanding4-5to 4-6

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP object tracking, configuring primary interface 47-11

DHCP option 82

circuit ID suboption 24-5

configuration guidelines 24-9

default configuration 24-8

displaying 24-16

forwarding address, specifying 24-11

helper address 24-11

overview 24-3

packet format, suboption

circuit ID 24-5

remote ID 24-5

remote ID suboption 24-5

DHCP server port-based address allocation

configuration guidelines 24-27

default configuration 24-27

described 24-26

displaying 24-29, 25-12

enabling 24-27

reserved addresses 24-28

DHCP snooping

accepting untrusted packets form edge switch 24-3, 24-13

and private VLANs 24-14

binding database

See DHCP snooping binding database

configuration guidelines 24-9

default configuration 24-8

message exchange process 24-4

option 82 data insertion 24-3

trusted interface 24-2

untrusted interface 24-2

untrusted messages 24-2

DHCP snooping binding database

adding bindings 24-15

binding file

format 24-7

location 24-6

bindings 24-6

clearing agent statistics 24-15

configuration guidelines 24-9

configuring 24-15

default configuration 24-8, 24-9

deleting

binding file 24-15

bindings 24-15

database agent 24-15

described 24-6

enabling 24-15

entry 24-6

renewing database 24-15

resetting

delay value 24-15

timeout value 24-15

DHCP snooping binding table

See DHCP snooping binding database

DHCPv6

configuration guidelines 43-26

default configuration 43-26

described 43-10

enabling client function 43-29

enabling DHCPv6 server function 43-27

diagnostic schedule command 53-2

Differentiated Services architecture, QoS 38-2

Differentiated Services Code Point 38-2

Diffusing Update Algorithm (DUAL) 42-36

directed unicast requests 1-7

directories

changing A-4

creating and removing A-5

displaying the working A-4

discovery, clusters

See automatic discovery

Distance Vector Multicast Routing Protocol

See DVMRP

distance-vector protocols 42-3

distribute-list command 42-103

DNS

and DHCP-based autoconfiguration 4-8

default configuration 7-10

displaying the configuration 7-11

in IPv6 43-4

overview 7-9

setting up 7-10

support for 1-7

DNS-based SSM mapping 49-19, 49-20

domain names

DNS 7-9

VTP 15-9

Domain Name System

See DNS

domains, ISO IGRP routing 42-66

dot1q-tunnel switchport mode 14-16

double-tagged packets

IEEE 802.1Q tunneling 18-2

Layer 2 protocol tunneling 18-11

downloadable ACL 10-18, 10-20, 10-64

downloading

configuration files

preparing A-11, A-14, A-17

reasons for A-9

using FTP A-14

using RCP A-18

using TFTP A-12

image files

deleting old image A-30

preparing A-28, A-31, A-36

reasons for A-25

using CMS 1-3

using FTP A-32

using HTTP 1-3, A-25

using RCP A-37

using TFTP A-28

using the device manager or Network Assistant A-25

drop threshold for Layer 2 protocol packets 18-12

DRP

configuring 43-24

described 43-9

IPv6 43-9

DSCP 1-14, 38-2

DSCP input queue threshold map for QoS 38-18

DSCP output queue threshold map for QoS 38-21

DSCP-to-CoS map for QoS 38-78

DSCP-to-DSCP-mutation map for QoS 38-79

DSCP transparency 38-48

DTP 1-10, 14-15

dual-action detection 40-6

DUAL finite state machine, EIGRP 42-37

dual IPv4 and IPv6 templates 8-2, 43-10

dual protocol stacks

IPv4 and IPv6 43-10

SDM templates supporting 43-10

DVMRP

autosummarization

configuring a summary address 49-59

disabling 49-61

connecting PIM domain to DVMRP router 49-51

enabling unicast routing 49-55

interoperability

with Cisco devices 49-49

with Cisco IOS software 49-9

mrinfo requests, responding to 49-54

neighbors

advertising the default route to 49-53

discovery with Probe messages 49-49

displaying information 49-54

prevent peering with nonpruning 49-57

rejecting nonpruning 49-56

overview 49-9

routes

adding a metric offset 49-62

advertising all 49-61

advertising the default route to neighbors 49-53

caching DVMRP routes learned in report messages 49-55

changing the threshold for syslog messages 49-58

favoring one over another 49-62

limiting the number injected into MBONE 49-58

limiting unicast route advertisements 49-49

routing table 49-9

source distribution tree, building 49-9

support for 1-16

tunnels

configuring 49-51

displaying neighbor information 49-54

dynamic access ports

characteristics 14-3

configuring 14-29

defined 13-3

dynamic addresses

See addresses

dynamic ARP inspection

ARP cache poisoning 25-1

ARP requests, described 25-1

ARP spoofing attack 25-1

clearing

log buffer 25-15

statistics 25-15

configuration guidelines 25-6

configuring

ACLs for non-DHCP environments 25-9

in DHCP environments 25-7

log buffer 25-13

rate limit for incoming ARP packets 25-4, 25-10

default configuration 25-5

denial-of-service attacks, preventing 25-10

described 25-1

DHCP snooping binding database 25-2

displaying

statistics 25-15

error-disabled state for exceeding rate limit 25-4

function of 25-2

interface trust states 25-3

log buffer

clearing 25-15

configuring 25-13

logging of dropped packets, described 25-5

man-in-the middle attack, described 25-2

network security issues and interface trust states 25-3

priority of ARP ACLs and DHCP snooping entries 25-4

rate limiting of ARP packets

configuring 25-10

described 25-4

error-disabled state 25-4

statistics

clearing 25-15

displaying 25-15

validation checks, performing 25-12

dynamic auto trunking mode 14-16

dynamic desirable trunking mode 14-16

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described 14-27

reconfirming 14-30

troubleshooting 14-32

types of connections 14-29

dynamic routing 42-3

ISO CLNS 42-65

Dynamic Trunking Protocol

See DTP

E

EAC 12-2

EBGP 42-45

editing features

enabling and disabling 2-7

keystrokes used 2-7

wrapped lines 2-8

EEM 3.2 36-5

EIGRP

authentication 42-42

components 42-37

configuring 42-40

default configuration 42-38

definition 42-36

interface parameters, configuring 42-41

monitoring 42-44

stub routing 42-43

support for 1-15

EIGRP IPv6 43-12

elections

See stack master

ELIN location 30-3

embedded event manager

3.2 36-5

actions 36-4

configuring 36-1, 36-6

displaying information 36-8

environmental variables 36-5

event detectors 36-3

policies 36-4

registering and defining an applet 36-6

registering and defining a TCL script 36-7

understanding 36-1

enable password 9-3

enable secret password 9-3

encryption, CipherSuite 9-53

encryption for passwords 9-3

Endpoint Admission Control (EAC) 12-2

Enhanced IGRP

See EIGRP

enhanced object tracking

backup static routing 47-12

defined 47-1

DHCP primary interface 47-11

HSRP 47-7

IP routing state 47-2

IP SLAs 47-9

line-protocol state 47-2

network monitoring with IP SLAs 47-11

routing policy, configuring 47-12

static route primary interface 47-10

tracked lists 47-3

enhanced object tracking static routing 47-10

enhanced PoE 1-16, 13-7, 13-30

environmental variables, embedded event manager 36-5

environment variables, function of 4-22

equal-cost routing 1-15, 42-93

error-disabled state, BPDU 21-2

error messages during command entry 2-4

EtherChannel

automatic creation of 40-5, 40-7

channel groups

binding physical and logical interfaces 40-4

numbering of 40-4

configuration guidelines 40-12

configuring

Layer 2 interfaces 40-13

Layer 3 physical interfaces 40-16

Layer 3 port-channel logical interfaces 40-15

default configuration 40-11

described 40-2

displaying status 40-23

forwarding methods 40-8, 40-18

IEEE 802.3ad, described 40-7

interaction

with STP 40-12

with VLANs 40-12

LACP

described 40-7

displaying status 40-23

hot-standby ports 40-21

interaction with other features 40-8

modes 40-7

port priority 40-22

system priority 40-21

Layer 3 interface 42-5

load balancing 40-8, 40-18

logical interfaces, described 40-4

PAgP

aggregate-port learners 40-19

described 40-5

displaying status 40-23

interaction with other features 40-7

interaction with virtual switches 40-6

learn method and priority configuration 40-19

modes 40-6

support for 1-5

with dual-action detection 40-6

port-channel interfaces

described 40-4

numbering of 40-4

port groups 13-6

stack changes, effects of 40-10

support for 1-5

EtherChannel guard

described 21-10

disabling 21-18

enabling 21-17

Ethernet management port

active link 13-18

and routing 13-19

and routing protocols 13-19

and TFTP 13-21

configuring 13-20

connecting to 2-10

default setting 13-19

described 13-18

for network management 13-18

specifying 13-20

supported features 13-20

unsupported features 13-20

Ethernet management port, internal

and routing 13-19

and routing protocols 13-19

unsupported features 13-20

Ethernet VLANs

adding 14-8

defaults and ranges 14-7

modifying 14-8

EUI 43-4

event detectors, embedded event manager 36-3

events, RMON 33-4

examples

network configuration 1-21

expedite queue for QoS 38-91

Express Setup 1-2

See also getting started guide

extended crashinfo file 52-25

extended-range VLANs

configuration guidelines 14-11

configuring 14-10

creating 14-12

creating with an internal VLAN ID 14-13

defined 14-1

extended system ID

MSTP 20-19

STP 19-5, 19-16

extended universal identifier

See EUI

Extensible Authentication Protocol over LAN 10-2

external BGP

See EBGP

external neighbors, BGP 42-49

F

Fa0 port

See Ethernet management port

failover support 1-9

fallback bridging

and protected ports 51-4

bridge groups

creating 51-4

described 51-2

function of 51-2

number supported 51-4

removing 51-5

configuration guidelines 51-4

connecting interfaces with 13-12

default configuration 51-3

described 51-1

frame forwarding

flooding packets 51-2

forwarding packets 51-2

overview 51-1

protocol, unsupported 51-4

stack changes, effects of 51-3

STP

disabling on an interface 51-9

forward-delay interval 51-8

hello BPDU interval 51-8

interface priority 51-6

keepalive messages 19-2

maximum-idle interval 51-9

path cost 51-7

VLAN-bridge spanning-tree priority 51-6

VLAN-bridge STP 51-2

support for 1-15

SVIs and routed ports 51-1

unsupported protocols 51-4

VLAN-bridge STP 19-11

Fast Convergence 23-3

fastethernet0 port

See Ethernet management port

Fast Uplink Transition Protocol 21-6

features, incompatible 29-12

FIB 42-91

fiber-optic, detecting unidirectional links 31-1

files

basic crashinfo

description 52-26

location 52-26

copying A-5

crashinfo, description 52-25

deleting A-6

displaying the contents of A-8

extended crashinfo

description 52-26

location 52-26

tar

creating A-7

displaying the contents of A-7

extracting A-8

image file format A-26

file system

displaying available file systems A-2

displaying file information A-4

local file system names A-1

network file system names A-5

setting the default A-3

filtering

in a VLAN 37-31

IPv6 traffic 39-4, 39-8

non-IP traffic 37-29

show and more command output 2-9

filtering show and more command output 2-9

filters, IP

See ACLs, IP

flash device, number of A-1

flexible authentication ordering

configuring 10-67

overview 10-31

Flex Link Multicast Fast Convergence 23-3

Flex Links

configuring 23-9

configuring preferred VLAN 23-12

configuring VLAN load balancing 23-11

default configuration 23-8

description 23-2

link load balancing 23-2

monitoring 23-14

VLANs 23-2

flooded traffic, blocking 29-8

flow-based packet classification 1-14

flowcharts

QoS classification 38-7

QoS egress queueing and scheduling 38-19

QoS ingress queueing and scheduling 38-16

QoS policing and marking 38-11

flowcontrol

configuring 13-25

described 13-25

forward-delay time

MSTP 20-25

STP 19-23

Forwarding Information Base

See FIB

forwarding nonroutable protocols 51-1

FTP

configuration files

downloading A-14

overview A-13

preparing the server A-14

uploading A-16

image files

deleting old image A-34

downloading A-32

preparing the server A-31

uploading A-34

G

general query 23-5

Generating IGMP Reports 23-3

get-next-request operation 35-4

get-request operation 35-4

Gigabit modules

See SFPs

global leave, IGMP 26-13

guest VLAN and IEEE 802.1x 10-21

guide mode 1-3

GUIs

See device manager and Network Assistant

H

hardware limitations and Layer 3 interfaces 13-32

hello time

MSTP 20-24

STP 19-22

help, for the command line 2-3

hierarchical policy maps 38-9

configuration guidelines 38-40

configuring 38-65

described 38-12

history

changing the buffer size 2-5

described 2-5

disabling 2-6

recalling commands 2-6

history table, level and number of syslog messages 34-10

host names in clusters 6-13

host ports

configuring 17-11

kinds of 17-2

hosts, limit on dynamic ports 14-32

Hot Standby Router Protocol

See HSRP

HP OpenView 1-6

HSRP

authentication string 45-10

automatic cluster recovery 6-12

binding to cluster group 45-12

cluster standby group considerations 6-11

command-switch redundancy 1-1, 1-9

configuring 45-5

default configuration 45-5

definition 45-1

guidelines 45-6

monitoring 45-13

object tracking 47-7

overview 45-1

priority 45-8

routing redundancy 1-15

support for ICMP redirect messages 45-12

switch stack considerations 45-5

timers 45-10

tracking 45-8

See also clusters, cluster standby group, and standby command switch

HSRP for IPv6

configuring 43-37

guidelines 43-36

HTTP(S) Over IPv6 43-14

HTTP over SSL

see HTTPS

HTTPS

configuring 9-55

described 9-51

self-signed certificate 9-52

HTTP secure server 9-51

I

IBPG 42-45

ICMP

IPv6 43-4

redirect messages 42-13

support for 1-15

time-exceeded messages 52-18

traceroute and 52-18

unreachable messages 37-21

unreachable messages and IPv6 39-5

unreachables and ACLs 37-22

ICMP Echo operation

configuring 46-11

IP SLAs 46-11

ICMP ping

executing 52-15

overview 52-15

ICMP Router Discovery Protocol

See IRDP

ICMPv6 43-4

IDS appliances

and ingress RSPAN 32-25

and ingress SPAN 32-16

IEEE 802.1D

See STP

IEEE 802.1p 16-1

IEEE 802.1Q

and trunk ports 13-3

configuration limitations 14-17

encapsulation 14-15

native VLAN for untagged traffic 14-22

tunneling

compatibility with other features 18-6

defaults 18-4

described 18-1

tunnel ports with other features 18-6

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3af

See PoE

IEEE 802.3x flow control 13-25

ifIndex values, SNMP 35-5

IFS 1-7

IGMP

configurable leave timer

described 26-6

enabling 26-12

configuring the switch

as a member of a group 49-39

statically connected member 49-44

controlling access to groups 49-40

default configuration 49-39

fast switching 49-44

flooded multicast traffic

controlling the length of time 26-13

disabling on an interface 26-14

global leave 26-13

query solicitation 26-13

recovering from flood mode 26-13

host-query interval, modifying 49-42

joining multicast group 26-3

join messages 26-3

leave processing, enabling 26-11, 27-9

leaving multicast group 26-5

multicast reachability 49-39

overview 49-3

queries 26-4

report suppression

described 26-6

disabling 26-16, 27-11

supported versions 26-3

support for 1-5

Version 1

changing to Version 2 49-41

described 49-3

Version 2

changing to Version 1 49-41

described 49-3

maximum query response time value 49-43

pruning groups 49-43

query timeout value 49-43

IGMP filtering

configuring 26-25

default configuration 26-25

described 26-24

support for 1-5

IGMP groups

configuring filtering 26-28

setting the maximum number 26-27

IGMP helper 49-6

IGMP Immediate Leave

configuration guidelines 26-12

described 26-6

enabling 26-11

IGMP profile

applying 26-26

configuration mode 26-25

configuring 26-26

IGMP snooping

and address aliasing 26-2

and stack changes 26-7

configuring 26-7

default configuration 26-7, 27-6

definition 26-2

enabling and disabling 26-8, 27-7

global configuration 26-8

Immediate Leave 26-6

in the switch stack 26-7

method 26-8

monitoring 26-17, 27-12

querier

configuration guidelines 26-15

configuring 26-15

supported versions 26-3

support for 1-5

VLAN configuration 26-8

IGMP throttling

configuring 26-28

default configuration 26-25

described 26-25

displaying action 26-29

IGP 42-26

Immediate Leave, IGMP

described 26-6

enabling 27-9

inaccessible authentication bypass

802.1x 10-23

support for multiauth ports 10-23

initial configuration

defaults 1-19

Express Setup 1-2

interface

number 13-13

range macros 13-16

interface command13-12to 13-14

interface configuration

REP 22-9

interfaces

auto-MDIX, configuring 13-26

configuring

procedure 13-13

counters, clearing 13-41

default configuration 13-22

described 13-31

descriptive name, adding 13-31

displaying information about 13-40

duplex and speed configuration guidelines 13-23

flow control 13-25

management 1-6

monitoring 13-40

naming 13-31

physical, identifying 13-12

range of 13-14

restarting 13-42

shutting down 13-42

speed and duplex, configuring 13-24

status 13-40

supported 13-12

types of 13-1

interfaces range macro command 13-16

interface types 13-12

Interior Gateway Protocol

See IGP

internal BGP

See IBGP

internal neighbors, BGP 42-49

internal power supplies

See power supplies

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

Internet Protocol version 6

See IPv6

Inter-Switch Link

See ISL

inter-VLAN routing 1-15, 42-2

Intrusion Detection System

See IDS appliances

inventory management TLV 30-3

IP ACLs

for QoS classification 38-7

implicit deny 37-10, 37-14

implicit masks 37-10

named 37-15

undefined 37-22

IP addresses

128-bit 43-2

candidate or member 6-4, 6-13

classes of 42-7

cluster access 6-2

command switch 6-3, 6-11, 6-13

default configuration 42-6

discovering 7-25

for IP routing 42-6

IPv6 43-2

MAC address association 42-10

monitoring 42-19

redundant clusters 6-11

standby command switch 6-11, 6-13

See also IP information

IP base feature set 1-1

IP broadcast address 42-17

ip cef distributed command 42-91

IP directed broadcasts 42-15

ip igmp profile command 26-25

IP information

assigned

manually 4-15

through DHCP-based autoconfiguration 4-3

default configuration 4-3

IP multicast routing

addresses

all-hosts 49-3

all-multicast-routers 49-3

host group address range 49-3

administratively-scoped boundaries, described 49-47

and IGMP snooping 26-2

Auto-RP

adding to an existing sparse-mode cloud 49-26

benefits of 49-26

configuration guidelines 49-12

filtering incoming RP announcement messages 49-28

overview 49-7

preventing candidate RP spoofing 49-28

preventing join messages to false RPs 49-28

setting up in a new internetwork 49-26

using with BSR 49-34

bootstrap router

configuration guidelines 49-12

configuring candidate BSRs 49-32

configuring candidate RPs 49-33

defining the IP multicast boundary 49-31

defining the PIM domain border 49-30

overview 49-7

using with Auto-RP 49-34

Cisco implementation 49-2

configuring

basic multicast routing 49-12

IP multicast boundary 49-47

default configuration 49-11

enabling

PIM mode 49-13

group-to-RP mappings

Auto-RP 49-7

BSR 49-7

MBONE

described 49-46

enabling sdr listener support 49-46

limiting DVMRP routes advertised 49-58

limiting sdr cache entry lifetime 49-46

SAP packets for conference session announcement 49-46

Session Directory (sdr) tool, described 49-46

multicast forwarding, described 49-8

PIMv1 and PIMv2 interoperability 49-11

protocol interaction 49-2

reverse path check (RPF) 49-8

RP

assigning manually 49-24

configuring Auto-RP 49-26

configuring PIMv2 BSR 49-30

monitoring mapping information 49-35

using Auto-RP and BSR 49-34

stacking

stack master functions 49-10

stack member functions 49-10

statistics, displaying system and network 49-63

See also CGMP

See also DVMRP

See also IGMP

See also PIM

IP phones

and QoS 16-1

automatic classification and queueing 38-23

configuring 16-4

ensuring port security with QoS 38-46

trusted boundary for QoS 38-46

IP Port Security for Static Hosts

on a Layer 2 access port 24-21

on a PVLAN host port 24-24

IP precedence 38-2

IP-precedence-to-DSCP map for QoS 38-76

IP protocols

routing 1-15

IP routes, monitoring 42-106

IP routing

connecting interfaces with 13-12

disabling 42-20

enabling 42-20

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 46-1

IP services feature set 1-1

IP SLAs

benefits 46-2

configuration guidelines 46-6

configuring object tracking 47-9

Control Protocol 46-4

default configuration 46-6

definition 46-1

ICMP echo operation 46-11

measuring network performance 46-3

monitoring 46-13

multioperations scheduling 46-5

object tracking 47-9

operation 46-3

reachability tracking 47-9

responder

described 46-4

enabling 46-7

response time 46-4

scheduling 46-5

SNMP support 46-2

supported metrics 46-2

threshold monitoring 46-6

track object monitoring agent, configuring 47-11

track state 47-9

UDP jitter operation 46-8

IP source guard

and 802.1x 24-19

and DHCP snooping 24-16

and port security 24-19

and private VLANs 24-19

and routed ports 24-18

and TCAM entries 24-19

and trunk interfaces 24-18

and VRF 24-19

binding configuration

automatic 24-16

manual 24-16

binding table 24-16

configuration guidelines 24-18

default configuration 24-18

described 24-16

disabling 24-20

displaying

bindings 24-26

configuration 24-26

enabling 24-19, 24-21

filtering

source IP address 24-17

source IP and MAC address 24-17

source IP address filtering 24-17

source IP and MAC address filtering 24-17

static bindings

adding 24-19, 24-21

deleting 24-20

static hosts 24-21

IP traceroute

executing 52-18

overview 52-18

IP unicast routing

address resolution 42-10

administrative distances 42-94, 42-103

ARP 42-10

assigning IP addresses to Layer 3 interfaces 42-7

authentication keys 42-104

broadcast

address 42-17

flooding 42-18

packets 42-15

storms 42-15

classless routing 42-8

configuring static routes 42-93

default

addressing configuration 42-6

gateways 42-13

networks 42-94

routes 42-94

routing 42-3

directed broadcasts 42-15

disabling 42-20

dynamic routing 42-3

enabling 42-20

EtherChannel Layer 3 interface 42-5

IGP 42-26

inter-VLAN 42-2

IP addressing

classes 42-7

configuring 42-6

IPv6 43-3

IRDP 42-13

Layer 3 interfaces 42-5

MAC address and IP address 42-10

passive interfaces 42-102

protocols

distance-vector 42-3

dynamic 42-3

link-state 42-3

proxy ARP 42-10

redistribution 42-95

reverse address resolution 42-10

routed ports 42-5

static routing 42-3

steps to configure 42-5

subnet mask 42-7

subnet zero 42-8

supernet 42-8

UDP 42-16

unicast reverse path forwarding 1-16, 42-90

with SVIs 42-5

See also BGP

See also EIGRP

See also OSPF

See also RIP

IPv4 ACLs

applying to interfaces 37-20

extended, creating 37-11

named 37-15

standard, creating 37-10

IPv4 and IPv6

port-based trust 8-2

IPv6

ACLs

displaying 39-9

limitations 39-3

matching criteria 39-3

port 39-2

precedence 39-2

router 39-2

supported 39-3

addresses 43-2

address formats 43-2

and switch stacks 43-15

applications 43-9

assigning address 43-17

autoconfiguration 43-9

CEFv6 43-30

default configuration 43-16

default router preference (DRP) 43-9

defined 43-2

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 43-12

EIGRP IPv6 Commands 43-13

Router ID 43-12

feature limitations 43-14

features not supported 43-14

forwarding 43-17

ICMP 43-4

monitoring 43-39

neighbor discovery 43-4

OSPF 43-11

path MTU discovery 43-4

SDM templates 8-2, 27-1, 39-1

stack master functions 43-15

Stateless Autoconfiguration 43-9

supported features 43-3

switch limitations 43-14

understanding static routes 43-11

IPv6 traffic, filtering 39-4

IRDP

configuring 42-14

definition 42-13

support for 1-15

IS-IS

addresses 42-66

area routing 42-66

default configuration 42-67

monitoring 42-75

show commands 42-75

system routing 42-66

ISL

and IPv6 43-3

and trunk ports 13-3

encapsulation 1-10, 14-15

trunking with IEEE 802.1 tunneling 18-5

ISO CLNS

clear commands 42-75

dynamic routing protocols 42-65

monitoring 42-75

NETs 42-65

NSAPs 42-65

OSI standard 42-65

ISO IGRP

area routing 42-66

system routing 42-66

isolated port 17-2

isolated VLANs 17-2, 17-3

J

join messages, IGMP 26-3

K

KDC

described 9-42

See also Kerberos

keepalive messages 19-2

Kerberos

authenticating to

boundary switch 9-44

KDC 9-44

network services 9-45

configuration examples 9-41

configuring 9-45

credentials 9-42

described 9-42

KDC 9-42

operation 9-44

realm 9-43

server 9-43

support for 1-13

switch as trusted third party 9-41

terms 9-42

TGT 9-43

tickets 9-42

key distribution center

See KDC

L

l2protocol-tunnel command 18-14

LACP

Layer 2 protocol tunneling 18-10

See EtherChannel

Layer 2 frames, classification with CoS 38-2

Layer 2 interfaces, default configuration 13-22

Layer 2 protocol tunneling

configuring 18-11

configuring for EtherChannels 18-15

default configuration 18-12

defined 18-8

guidelines 18-13

Layer 2 traceroute

and ARP 52-17

and CDP 52-17

broadcast traffic 52-16

described 52-16

IP addresses and subnets 52-17

MAC addresses and VLANs 52-17

multicast traffic 52-17

multiple devices on a port 52-17

unicast traffic 52-16

usage guidelines 52-17

Layer 3 features 1-15

Layer 3 interfaces

assigning IP addresses to 42-7

assigning IPv4 and IPv6 addresses to 43-25

assigning IPv6 addresses to 43-17

changing from Layer 2 mode 42-82

types of 42-5

Layer 3 packets, classification methods 38-2

LDAP 3-2

Leaking IGMP Reports 23-4

LEDs, switch

See hardware installation guide

Lightweight Directory Access Protocol

See LDAP

Link Aggregation Control Protocol

See EtherChannel

Link Failure, detecting unidirectional 20-7

link integrity, verifying with REP 22-3

Link Layer Discovery Protocol

See CDP

link local unicast addresses 43-4

link redundancy

See Flex Links

links, unidirectional 31-1

link state advertisements (LSAs) 42-32

link-state protocols 42-3

link-state tracking

configuring 40-25

described 40-23

LLDP

configuring 30-5

characteristics 30-7

default configuration 30-5

enabling 30-6

monitoring and maintaining 30-11

overview 30-1

supported TLVs 30-2

switch stack considerations 30-2

transmission timer and holdtime, setting 30-7

LLDP-MED

configuring

procedures 30-5

TLVs 30-8

monitoring and maintaining 30-11

overview 30-1, 30-2

supported TLVs 30-2

LLDP Media Endpoint Discovery

See LLDP-MED

load balancing 45-4

local SPAN 32-2

location TLV 30-3

logging messages, ACL 37-9

login authentication

with RADIUS 9-31

with TACACS+ 9-14

login banners 7-11

log messages

See system message logging

Long-Reach Ethernet (LRE) technology 1-34

loop guard

described 21-11

enabling 21-19

support for 1-9

LRE profiles, considerations in switch clusters 6-16

M

MAC/PHY configuration status TLV 30-2

MAC addresses

aging time 7-15

and VLAN association 7-14

building the address table 7-14

default configuration 7-15

disabling learning on a VLAN 7-24

discovering 7-25

displaying 7-25

displaying in the IP source binding table 24-26

dynamic

learning 7-14

removing 7-16

in ACLs 37-29

IP address association 42-10

static

adding 7-21

allowing 7-23, 7-24

characteristics of 7-21

dropping 7-23

removing 7-22

MAC address learning 1-7

MAC address learning, disabling on a VLAN 7-24

MAC address notification, support for 1-17

MAC address-table move update

configuration guidelines 23-8

configuring 23-12

default configuration 23-8

description 23-6

monitoring 23-14

MAC address-to-VLAN mapping 14-26

MAC authentication bypass 10-16

MAC extended access lists

applying to Layer 2 interfaces 37-30

configuring for QoS 38-55

creating 37-29

defined 37-29

for QoS classification 38-5

MACSec 12-2

magic packet 10-29

manageability features 1-7

management access

in-band

browser session 1-8

CLI session 1-8

device manager 1-8

SNMP 1-8

out-of-band console port connection 1-8

management address TLV 30-2

management options

CLI 2-1

clustering 1-4

CNS 3-1

Network Assistant 1-3

overview 1-6

switch stacks 1-3

management VLAN

considerations in switch clusters 6-7

discovery through different management VLANs 6-7

manual preemption, REP, configuring 22-13

mapping tables for QoS

configuring

CoS-to-DSCP 38-75

DSCP 38-75

DSCP-to-CoS 38-78

DSCP-to-DSCP-mutation 38-79

IP-precedence-to-DSCP 38-76

policed-DSCP 38-77

described 38-13

marking

action in policy map 38-60

action with aggregate policers 38-73

described 38-4, 38-9

matching IPv4 ACLs 37-8

maximum aging time

MSTP 20-26

STP 19-23

maximum hop count, MSTP 20-26

maximum number of allowed devices, port-based authentication 10-40

maximum-paths command 42-53, 42-93

MDA

configuration guidelines10-32to 10-33

described 1-11, 10-32

exceptions with authentication process 10-4

membership mode, VLAN port 14-3

member switch

automatic discovery 6-5

defined 6-2

managing 6-16

passwords 6-13

recovering from lost connectivity 52-12

requirements 6-4

See also candidate switch, cluster standby group, and standby command switch

messages, to users through banners 7-11

metrics, in BGP 42-53

metric translations, between routing protocols 42-98

metro tags 18-2

MHSRP 45-4

MIBs

overview 35-1

SNMP interaction with 35-4

mini-point-of-presence

See POP

mirroring traffic for analysis 32-1

mismatches, autonegotiation 52-13

module number 13-13

monitoring

access groups 37-43

BGP 42-64

cables for unidirectional links 31-1

CDP 28-5

CEF 42-92

EIGRP 42-44

fallback bridging 51-10

features 1-17

Flex Links 23-14

HSRP 45-13

IEEE 802.1Q tunneling 18-19

IGMP

snooping 26-17, 27-12

interfaces 13-40

IP

address tables 42-19

multicast routing 49-63

routes 42-106

IP SLAs operations 46-13

IPv4 ACL configuration 37-43

IPv6 43-39

IPv6 ACL configuration 39-9

IS-IS 42-75

ISO CLNS 42-75

Layer 2 protocol tunneling 18-19

MAC address-table move update 23-14

MSDP peers 50-19

multicast router interfaces 26-17

multi-VRF CE 42-90

network traffic for analysis with probe 32-2

object tracking 47-13

OSPF 42-36

private VLANs 17-15

REP 22-14

RP mapping information 49-35

SFP status 52-14

source-active messages 50-19

speed and duplex mode 13-24

SSM mapping 49-22

traffic flowing among switches 33-1

traffic suppression 29-21

tunneling 18-19

VLAN

filters 37-44

maps 37-44

VLANs 14-14

VMPS 14-31

VTP 15-17

mrouter Port 23-3

mrouter port 23-5

MSDP

benefits of 50-3

clearing MSDP connections and statistics 50-19

controlling source information

forwarded by switch 50-12

originated by switch 50-8

received by switch 50-14

default configuration 50-4

dense-mode regions

sending SA messages to 50-17

specifying the originating address 50-18

filtering

incoming SA messages 50-14

SA messages to a peer 50-12

SA requests from a peer 50-11

join latency, defined 50-6

meshed groups

configuring 50-16

defined 50-16

originating address, changing 50-18

overview 50-1

peer-RPF flooding 50-2

peers

configuring a default 50-4

monitoring 50-19

peering relationship, overview 50-1

requesting source information from 50-8

shutting down 50-16

source-active messages

caching 50-6

defined 50-2

filtering from a peer 50-11

filtering incoming 50-14

filtering to a peer 50-12

limiting data with TTL 50-14

restricting advertised sources 50-9

support for 1-16

MSTP

boundary ports

configuration guidelines 20-16

described 20-6

BPDU filtering

described 21-3

enabling 21-15

BPDU guard

described 21-2

enabling 21-14

CIST, described 20-3

CIST regional root 20-3

CIST root 20-5

configuration guidelines 20-15, 21-12

configuring

forward-delay time 20-25

hello time 20-24

link type for rapid convergence 20-27

maximum aging time 20-26

maximum hop count 20-26

MST region 20-17

neighbor type 20-27

path cost 20-23

port priority 20-21

root switch 20-19

secondary root switch 20-20

switch priority 20-24

CST

defined 20-3

operations between regions 20-4

default configuration 20-15

default optional feature configuration 21-12

displaying status 20-28

enabling the mode 20-17

EtherChannel guard

described 21-10

enabling 21-17

extended system ID

effects on root switch 20-19

effects on secondary root switch 20-20

unexpected behavior 20-19

IEEE 802.1s

implementation 20-6

port role naming change 20-6

terminology 20-5

instances supported 19-10

interface state, blocking to forwarding 21-2

interoperability and compatibility among modes 19-11

interoperability with IEEE 802.1D

described 20-8

restarting migration process 20-28

IST

defined 20-2

master 20-3

operations within a region 20-3

loop guard

described 21-11

enabling 21-19

mapping VLANs to MST instance 20-17

MST region

CIST 20-3

configuring 20-17

described 20-2

hop-count mechanism 20-5

IST 20-2

supported spanning-tree instances 20-2

optional features supported 1-9

overview 20-2

Port Fast

described 21-2

enabling 21-13

preventing root switch selection 21-10

root guard

described 21-10

enabling 21-18

root switch

configuring 20-19

effects of extended system ID 20-19

unexpected behavior 20-19

shutdown Port Fast-enabled port 21-2

stack changes, effects of 20-8

status, displaying 20-28

MTU

system 13-35

system jumbo 13-35

system routing 13-35

multiauth

support for inaccessible authentication bypass 10-23

multiauth mode

See multiple-authentication mode

multicast groups

Immediate Leave 26-6

joining 26-3

leaving 26-5

static joins 26-11, 27-8

multicast packets

ACLs on 37-42

blocking 29-8

multicast router interfaces, monitoring 26-17

multicast router ports, adding 26-10, 27-8

Multicast Source Discovery Protocol

See MSDP

multicast storm 29-1

multicast storm-control command 29-4

multicast television application 26-19

multicast VLAN 26-18

Multicast VLAN Registration

See MVR

multidomain authentication

See MDA

multioperations scheduling, IP SLAs 46-5

multiple authentication 10-12

Multiple HSRP

See MHSRP

multiple VPN routing/forwarding in customer edge devices

See multi-VRF CE

multi-VRF CE

configuration example 42-86

configuration guidelines 42-78

configuring 42-78

default configuration 42-78

defined 42-75

displaying 42-90

monitoring 42-90

network components 42-78

packet-forwarding process 42-77

support for 1-15

MVR

and address aliasing 26-21

and IGMPv3 26-21

configuring interfaces 26-22

default configuration 26-20

described 26-18

example application 26-19

in the switch stack 26-20

modes 26-22

multicast television application 26-19

setting global parameters 26-21

support for 1-5

N

NAC

AAA down policy 1-12

critical authentication 10-23, 10-56

IEEE 802.1x authentication using a RADIUS server 10-61

IEEE 802.1x validation using RADIUS server 10-61

inaccessible authentication bypass 1-12, 10-56

Layer 2 IEEE 802.1x validation 1-12, 10-61

Layer 2 IEEE802.1x validation 10-30

Layer 2 IP validation 1-12

named IPv4 ACLs 37-15

named IPv6 ACLs 39-3

NameSpace Mapper

See NSM

native VLAN

and IEEE 802.1Q tunneling 18-4

configuring 14-22

default 14-22

NDAC 12-2

NEAT

configuring 10-62

overview 10-33

neighbor discovery, IPv6 43-4

neighbor discovery/recovery, EIGRP 42-37

neighbor offset numbers, REP 22-4

neighbors, BGP 42-59

Network Admission Control

See NAC

Network Assistant

benefits 1-2

described 1-6

downloading image files 1-3

guide mode 1-3

management options 1-3

managing switch stacks 5-3, 5-17

upgrading a switch A-25

wizards 1-3

network configuration examples

cost-effective wiring closet 1-23

high-performance wiring closet 1-24

increasing network performance 1-22

large network 1-31

long-distance, high-bandwidth transport 1-35

multidwelling network 1-34

providing network services 1-22

redundant Gigabit backbone 1-27

server aggregation and Linux server cluster 1-27

small to medium-sized network 1-29

network design

performance 1-22

services 1-22

Network Device Admission Control (NDAC) 12-2

Network Edge Access Topology

See NEAT

network management

CDP 28-1

RMON 33-1

SNMP 35-1

network performance, measuring with IP SLAs 46-3

network policy TLV 30-2

Network Time Protocol

See NTP

no commands 2-4

nonhierarchical policy maps

configuration guidelines 38-40

configuring 38-60

described 38-10

non-IP traffic filtering 37-29

nontrunking mode 14-16

normal-range VLANs 14-4

configuration guidelines 14-5

configuring 14-4

defined 14-1

no switchport command 13-4

not-so-stubby areas

See NSSA

NSAPs, as ISO IGRP addresses 42-66

NSF Awareness

IS-IS 42-68

NSM 3-3

NSSA, OSPF 42-32

NTP

associations

defined 7-2

overview 7-2

stratum 7-2

support for 1-7

time

services 7-2

synchronizing 7-2

O

OBFL

configuring 52-28

described 52-28

displaying 52-29

object tracking

HSRP 47-7

IP SLAs 47-9

IP SLAs, configuring 47-9

monitoring 47-13

offline configuration for switch stacks 5-8

off mode, VTP 15-3

on-board failure logging

See OBFL

online diagnostics

described 53-1

overview 53-1

running tests 53-5

open1x

configuring 10-67

open1x authentication

overview 10-31

Open Shortest Path First

See OSPF

optimizing system resources 8-1

options, management 1-6

OSPF

area parameters, configuring 42-32

configuring 42-30

default configuration

metrics 42-33

route 42-33

settings 42-27

described 42-26

for IPv6 43-11

interface parameters, configuring 42-31

LSA group pacing 42-35

monitoring 42-36

router IDs 42-35

route summarization 42-33

support for 1-15

virtual links 42-33

out-of-profile markdown 1-14

P

packet modification, with QoS 38-22

PAgP

Layer 2 protocol tunneling 18-10

See EtherChannel

parallel paths, in routing tables 42-93

passive interfaces

configuring 42-102

OSPF 42-34

passwords

default configuration 9-2

disabling recovery of 9-5

encrypting 9-3

for security 1-10

in clusters 6-14

overview 9-1

recovery of 52-3

setting

enable 9-3

enable secret 9-3

Telnet 9-6

with usernames 9-7

VTP domain 15-9

path cost

MSTP 20-23

STP 19-20

path MTU discovery 43-4

PBR

defined 42-98

enabling 42-100

fast-switched policy-based routing 42-101

local policy-based routing 42-101

PC (passive command switch) 6-10

peers, BGP 42-59

percentage thresholds in tracked lists 47-6

performance, network design 1-22

performance features 1-4

persistent self-signed certificate 9-52

per-user ACLs and Filter-Ids 10-8

per-VLAN spanning-tree plus

See PVST+

PE to CE routing, configuring 42-85

physical ports 13-2

PIM

default configuration 49-11

dense mode

overview 49-4

rendezvous point (RP), described 49-5

RPF lookups 49-9

enabling a mode 49-13

overview 49-4

router-query message interval, modifying 49-38

shared tree and source tree, overview 49-36

shortest path tree, delaying the use of 49-37

sparse mode

join messages and shared tree 49-5

overview 49-5

prune messages 49-5

RPF lookups 49-9

stub routing

configuration guidelines 49-22

enabling 49-23

overview 49-5

support for 1-16

versions

interoperability 49-11

troubleshooting interoperability problems 49-35

v2 improvements 49-4

PIM-DVMRP, as snooping method 26-9

ping

character output description 52-16

executing 52-15

overview 52-15

PoE

auto mode 13-9

CDP with power consumption, described 13-7

CDP with power negotiation, described 13-7

Cisco intelligent power management 13-7

configuring 13-27

devices supported 13-7

high-power devices operating in low-power mode 13-7

IEEE power classification levels 13-8

monitoring 13-10

monitoring power 13-30

policing power consumption 13-30

policing power usage 13-10

power budgeting 13-28

power consumption 13-28

powered-device detection and initial power allocation 13-8

power management modes 13-9

power negotiation extensions to CDP 13-7

standards supported 13-7

static mode 13-9

supported watts per port 13-7

troubleshooting 52-13

policed-DSCP map for QoS 38-77

policers

configuring

for each matched traffic class 38-60

for more than one traffic class 38-73

described 38-4

number of 38-41

types of 38-10

policing

described 38-4

hierarchical

See hierarchical policy maps

token-bucket algorithm 38-10

policy-based routing

See PBR

policy maps for QoS

characteristics of 38-60

described 38-8

hierarchical 38-9

hierarchical on SVIs

configuration guidelines 38-40

configuring 38-65

described 38-12

nonhierarchical on physical ports

configuration guidelines 38-40

configuring 38-60

described 38-10

POP 1-34

port ACLs

defined 37-2

types of 37-3

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting 10-14

authentication server

defined 10-3, 11-2

RADIUS server 10-3

client, defined 10-3, 11-2

configuration guidelines 10-38, 11-9

configuring

802.1x authentication 10-43

guest VLAN 10-53

host mode 10-46

inaccessible authentication bypass 10-56

manual re-authentication of a client 10-48

periodic re-authentication 10-47

quiet period 10-49

RADIUS server 10-46, 11-13

RADIUS server parameters on the switch 10-45, 11-12

restricted VLAN 10-55

switch-to-client frame-retransmission number 10-50, 10-51

switch-to-client retransmission time 10-49

violation modes 10-43

default configuration 10-36, 11-9

described 10-1

device roles 10-3, 11-2

displaying statistics 10-69, 11-17

downloadable ACLs and redirect URLs

configuring10-64to10-66, ??to 10-66

overview10-18to 10-20

EAPOL-start frame 10-6

EAP-request/identity frame 10-6

EAP-response/identity frame 10-6

enabling

802.1X authentication 11-12

encapsulation 10-3

flexible authentication ordering

configuring 10-67

overview 10-31

guest VLAN

configuration guidelines 10-22, 10-23

described 10-21

host mode 10-12

inaccessible authentication bypass

configuring 10-56

described 10-23

guidelines 10-39

initiation and message exchange 10-6

magic packet 10-29

maximum number of allowed devices per port 10-40

method lists 10-43

multiple authentication 10-12

multiple-hosts mode, described 10-12

per-user ACLs

AAA authorization 10-43

configuration tasks 10-18

described 10-17

RADIUS server attributes 10-18

ports

authorization state and dot1x port-control command 10-11

authorized and unauthorized 10-10

voice VLAN 10-28

port security

described 10-28

readiness check

configuring 10-40

described 10-16, 10-40

resetting to default values 10-69

stack changes, effects of 10-11

statistics, displaying 10-69

switch

as proxy 10-3, 11-2

RADIUS client 10-3

switch supplicant

configuring 10-62

overview 10-33

user distribution

guidelines 10-27

overview 10-27

VLAN assignment

AAA authorization 10-43

characteristics 10-16

configuration tasks 10-17

described 10-16

voice aware 802.1x security

configuring 10-41

described 10-34, 10-41

voice VLAN

described 10-28

PVID 10-28

VVID 10-28

wake-on-LAN, described 10-29

port-based authentication methods, supported 10-8

port-based trust

IPv4 and IPv6 8-2

port blocking 1-5, 29-7

port-channel

See EtherChannel

port description TLV 30-2

Port Fast

described 21-2

enabling 21-13

mode, spanning tree 14-28

support for 1-9

port membership modes, VLAN 14-3

port priority

MSTP 20-21

STP 19-18

ports

10-Gigabit Ethernet 13-6

access 13-3

blocking 29-7

dynamic access 14-3

protected 29-6

REP 22-6

routed 13-4

secure 29-9

static-access 14-3, 14-9

switch 13-2

trunks 14-3, 14-15

VLAN assignments 14-9

port security

aging 29-17

and other features 29-11

and private VLANs 29-18

and QoS trusted boundary 38-46

and stacking 29-18

configuration guidelines 29-11

configuring 29-13

default configuration 29-11

described 29-8

on trunk ports 29-14

sticky learning 29-9

violations 29-10

port-shutdown response, VMPS 14-27

port VLAN ID TLV 30-2

power management TLV 30-3

Power over Ethernet

See PoE

power supply

configuring 13-37

managing 13-37

preempt delay time, REP 22-5

preemption, default configuration 23-8

preemption delay, default configuration 23-8

preferential treatment of traffic

See QoS

prefix lists, BGP 42-57

preventing unauthorized access 9-1

primary edge port, REP 22-4

primary interface for object tracking, DHCP, configuring 47-11

primary interface for static routing, configuring 47-10

primary links 23-2

primary VLANs 17-1, 17-3

priority

HSRP 45-8

overriding CoS 16-7

trusting CoS 16-7

private VLAN edge ports

See protected ports

private VLANs

across multiple switches 17-4

and SDM template 17-4

and SVIs 17-5

and switch stacks 17-6

benefits of 17-1

community ports 17-2

community VLANs 17-2, 17-3

configuration guidelines 17-7, 17-8

configuration tasks 17-6

configuring 17-10

default configuration 17-7

end station access to 17-3

IP addressing 17-3

isolated port 17-2

isolated VLANs 17-2, 17-3

mapping 17-14

monitoring 17-15

ports

community 17-2

configuration guidelines 17-8

configuring host ports 17-11

configuring promiscuous ports 17-13

isolated 17-2

promiscuous 17-2

primary VLANs 17-1, 17-3

promiscuous ports 17-2

secondary VLANs 17-2

subdomains 17-1

traffic in 17-5

privilege levels

changing the default for lines 9-9

command switch 6-17

exiting 9-10

logging into 9-10

mapping on member switches 6-17

overview 9-2, 9-8

setting a command with 9-8

promiscuous ports

configuring 17-13

defined 17-2

protected ports 1-11, 29-6

protocol-dependent modules, EIGRP 42-37

Protocol-Independent Multicast Protocol

See PIM

protocol storm protection 29-19

provider edge devices 42-76

provisioning new members for a switch stack 5-8

proxy ARP

configuring 42-12

definition 42-10

with IP routing disabled 42-13

proxy reports 23-4

pruning, VTP

disabling

in VTP domain 15-15

on a port 14-21

enabling

in VTP domain 15-15

on a port 14-21

examples 15-7

overview 15-6

pruning-eligible list

changing 14-21

for VTP pruning 15-6

VLANs 15-15

PVST+

described 19-10

IEEE 802.1Q trunking interoperability 19-11

instances supported 19-10

Q

QoS

and MQC commands 38-1

auto-QoS

categorizing traffic 38-24

configuration and defaults display 38-36

configuration guidelines 38-33

described 38-23

disabling 38-36

displaying generated commands 38-36

displaying the initial configuration 38-36

effects on running configuration 38-33

egress queue defaults 38-25

list of generated commands 38-26

basic model 38-4

classification

class maps, described 38-8

defined 38-4

DSCP transparency, described 38-48

flowchart 38-7

forwarding treatment 38-3

in frames and packets 38-3

IP ACLs, described 38-7, 38-8

MAC ACLs, described 38-5, 38-8

options for IP traffic 38-6

options for non-IP traffic 38-5

policy maps, described 38-8

trust DSCP, described 38-5

trusted CoS, described 38-5

trust IP precedence, described 38-5

class maps

configuring 38-56

configuration guidelines

auto-QoS 38-33

standard QoS 38-39

configuring

aggregate policers 38-73

auto-QoS 38-23

default port CoS value 38-46

DSCP maps 38-75

DSCP transparency 38-48

DSCP trust states bordering another domain 38-48

egress queue characteristics 38-85

ingress queue characteristics 38-81

IP extended ACLs 38-52

IP standard ACLs 38-51

MAC ACLs 38-55

policy maps, hierarchical 38-65

policy maps on physical ports 38-60

port trust states within the domain 38-44

trusted boundary 38-46

default auto configuration 38-24

default standard configuration 38-37

DSCP transparency 38-48

egress queues

allocating buffer space 38-86

buffer allocation scheme, described 38-20

configuring shaped weights for SRR 38-90

configuring shared weights for SRR 38-91

described 38-4

displaying the threshold map 38-89

flowchart 38-19

mapping DSCP or CoS values 38-88

scheduling, described 38-4

setting WTD thresholds 38-86

WTD, described 38-22

enabling globally 38-42

flowcharts

classification 38-7

egress queueing and scheduling 38-19

ingress queueing and scheduling 38-16

policing and marking 38-11

implicit deny 38-8

ingress queues

allocating bandwidth 38-83

allocating buffer space 38-83

buffer and bandwidth allocation, described 38-18

configuring shared weights for SRR 38-83

configuring the priority queue 38-84

described 38-4

displaying the threshold map 38-82

flowchart 38-16

mapping DSCP or CoS values 38-82

priority queue, described 38-18

scheduling, described 38-4

setting WTD thresholds 38-82

WTD, described 38-18

IP phones

automatic classification and queueing 38-23

detection and trusted settings 38-23, 38-46

limiting bandwidth on egress interface 38-92

mapping tables

CoS-to-DSCP 38-75

DSCP-to-CoS 38-78

DSCP-to-DSCP-mutation 38-79

IP-precedence-to-DSCP 38-76

policed-DSCP 38-77

types of 38-13

marked-down actions 38-63

marking, described 38-4, 38-9

overview 38-2

packet modification 38-22

policers

configuring 38-63, 38-73

described 38-9

number of 38-41

types of 38-10

policies, attaching to an interface 38-9

policing

described 38-4, 38-9

token bucket algorithm 38-10

policy maps

characteristics of 38-60

hierarchical 38-9

hierarchical on SVIs 38-65

nonhierarchical on physical ports 38-60

QoS label, defined 38-4

queues

configuring egress characteristics 38-85

configuring ingress characteristics 38-81

high priority (expedite) 38-22, 38-91

location of 38-14

SRR, described 38-15

WTD, described 38-15

rewrites 38-22

support for 1-14

trust states

bordering another domain 38-48

described 38-5

trusted device 38-46

within the domain 38-44

quality of service

See QoS

queries, IGMP 26-4

query solicitation, IGMP 26-13

R

RADIUS

attributes

vendor-proprietary 9-39

vendor-specific 9-37

configuring

accounting 9-36

authentication 9-31

authorization 9-35

communication, global 9-29, 9-37

communication, per-server 9-28, 9-29

multiple UDP ports 9-29

default configuration 9-28

defining AAA server groups 9-33

displaying the configuration 9-41

identifying the server 9-28

in clusters 6-16

limiting the services to the user 9-35

method list, defined 9-28

operation of 9-20

overview 9-19

server load balancing 9-41

suggested network environments 9-19

support for 1-13

tracking services accessed by user 9-36

RADIUS Change of Authorization 9-21

range

macro 13-16

of interfaces 13-14

rapid convergence 20-10

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described 19-10

IEEE 802.1Q trunking interoperability 19-11

instances supported 19-10

Rapid Spanning Tree Protocol

See RSTP

RARP 42-10

rcommand command 6-16

RCP

configuration files

downloading A-18

overview A-17

preparing the server A-17

uploading A-19

image files

deleting old image A-38

downloading A-37

preparing the server A-36

uploading A-38

reachability, tracking IP SLAs IP host 47-9

readiness check

port-based authentication

configuring 10-40

described 10-16, 10-40

reconfirmation interval, VMPS, changing 14-30

reconfirming dynamic VLAN membership 14-30

redirect URL 10-18, 10-20, 10-64

redundancy

EtherChannel 40-3

HSRP 45-1

STP

backbone 19-9

multidrop backbone 21-5

path cost 14-25

port priority 14-23

redundant links and UplinkFast 21-16

redundant power system

See Cisco Redundant Power System 2300

reliable transport protocol, EIGRP 42-37

reloading software 4-24

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN 32-3

REP

administrative VLAN 22-8

administrative VLAN, configuring 22-8

age timer 22-8

and STP 22-6

configuration guidelines 22-7

configuring interfaces 22-9

convergence 22-4

default configuration 22-7

manual preemption, configuring 22-13

monitoring 22-14

neighbor offset numbers 22-4

open segment 22-2

ports 22-6

preempt delay time 22-5

primary edge port 22-4

ring segment 22-2

secondary edge port 22-4

segments 22-1

characteristics 22-2

SNMP traps, configuring 22-13

supported interfaces 22-1

triggering VLAN load balancing 22-5

verifying link integrity 22-3

VLAN blocking 22-12

VLAN load balancing 22-4

report suppression, IGMP

described 26-6

disabling 26-16, 27-11

resequencing ACL entries 37-15

reserved addresses in DHCP pools 24-28

resets, in BGP 42-51

resetting a UDLD-shutdown interface 31-6

Resilient Ethernet Protocol

See REP

responder, IP SLAs

described 46-4

enabling 46-7

response time, measuring with IP SLAs 46-4

restricted VLAN

configuring 10-55

described 10-22

using with IEEE 802.1x 10-22

restricting access

overview 9-1

passwords and privilege levels 9-2

RADIUS 9-18

TACACS+ 9-10

retry count, VMPS, changing 14-31

reverse address resolution 42-10

Reverse Address Resolution Protocol

See RARP

RFC

1058, RIP 42-21

1112, IP multicast and IGMP 26-2

1157, SNMPv1 35-2

1163, BGP 42-44

1166, IP addresses 42-7

1253, OSPF 42-26

1267, BGP 42-44

1305, NTP 7-2

1587, NSSAs 42-26

1757, RMON 33-2

1771, BGP 42-44

1901, SNMPv2C 35-2

1902 to 1907, SNMPv2 35-2

2236, IP multicast and IGMP 26-2

2273-2275, SNMPv3 35-2

RFC 5176 Compliance 9-22

RIP

advertisements 42-21

authentication 42-24

configuring 42-22

default configuration 42-21

described 42-21

for IPv6 43-11

hop counts 42-21

split horizon 42-24

summary addresses 42-24

support for 1-15

RMON

default configuration 33-3

displaying status 33-7

enabling alarms and events 33-3

groups supported 33-2

overview 33-1

statistics

collecting group Ethernet 33-6

collecting group history 33-5

support for 1-17

root guard

described 21-10

enabling 21-18

support for 1-9

root switch

MSTP 20-19

STP 19-16

route calculation timers, OSPF 42-34

route dampening, BGP 42-63

routed packets, ACLs on 37-42

routed ports

configuring 42-5

defined 13-4

in switch clusters 6-8

IP addresses on 13-32, 42-5

route-map command 42-101

route maps

BGP 42-55

policy-based routing 42-99

router ACLs

defined 37-2

types of 37-4

route reflectors, BGP 42-62

router ID, OSPF 42-35

route selection, BGP 42-53

route summarization, OSPF 42-33

route targets, VPN 42-78

routing

default 42-3

dynamic 42-3

redistribution of information 42-95

static 42-3

routing domain confederation, BGP 42-62

Routing Information Protocol

See RIP

routing protocol administrative distances 42-94

RPS

See Cisco Redundant Power System 2300

RPS 2300

See Cisco Redundant Power System 2300

RSPAN 32-3

and stack changes 32-11

characteristics 32-9

configuration guidelines 32-19

default configuration 32-12

destination ports 32-8

displaying status 32-31

in a switch stack 32-3

interaction with other features 32-10

monitored ports 32-7

monitoring ports 32-8

overview 1-17, 32-1

received traffic 32-6

session limits 32-13

sessions

creating 32-20

defined 32-4

limiting source traffic to specific VLANs 32-22

specifying monitored ports 32-20

with ingress traffic enabled 32-25

source ports 32-7

transmitted traffic 32-6

VLAN-based 32-7

RSTP

active topology 20-9

BPDU

format 20-12

processing 20-13

designated port, defined 20-9

designated switch, defined 20-9

interoperability with IEEE 802.1D

described 20-8

restarting migration process 20-28

topology changes 20-13

overview 20-9

port roles

described 20-9

synchronized 20-11

proposal-agreement handshake process 20-10

rapid convergence

cross-stack rapid convergence 20-11

described 20-10

edge ports and Port Fast 20-10

point-to-point links 20-10, 20-27

root ports 20-10

root port, defined 20-9

See also MSTP

running configuration

replacing A-21

rolling back A-21, A-22

saving 4-16

S

SC (standby command switch) 6-10

scheduled reloads 4-24

scheduling, IP SLAs operations 46-5

SCP

and SSH 9-58

configuring 9-58

SDM

described 8-1

switch stack consideration 5-10

templates

configuring 8-5

number of 8-1

SDM template

configuring 8-4

dual IPv4 and IPv6 8-2

types of 8-1

secondary edge port, REP 22-4

secondary VLANs 17-2

Secure Copy Protocol

secure HTTP client

configuring 9-57

displaying 9-57

secure HTTP server

configuring 9-55

displaying 9-57

secure MAC addresses

and switch stacks 29-18

deleting 29-16

maximum number of 29-10

types of 29-9

secure ports

and switch stacks 29-18

configuring 29-9

secure remote connections 9-47

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port 29-8

Security Exchange Protocol (SXP) 12-2

security features 1-10

Security Group Access Control List (SGACL) 12-2

Security Group Tag (SGT) 12-2

See SCP

sequence numbers in log messages 34-8

server mode, VTP 15-3

service-provider network, MSTP and RSTP 20-1

service-provider networks

and customer VLANs 18-2

and IEEE 802.1Q tunneling 18-1

Layer 2 protocols across 18-8

Layer 2 protocol tunneling for EtherChannels 18-10

set-request operation 35-4

setup program

failed command switch replacement 52-11

replacing failed command switch 52-9

severity levels, defining in system messages 34-9

SFPs

monitoring status of 52-14

numbering of 13-13

security and identification 52-14

status, displaying 52-14

SGACL 12-2

SGT 12-2

shaped round robin

See SRR

show access-lists hw-summary command 37-22

show and more command output, filtering 2-9

show cluster members command 6-16

show configuration command 13-31

show forward command 52-23

show interfaces command 13-24, 13-31

show interfaces switchport 23-4

show l2protocol command 18-14, 18-16, 18-17

show platform forward command 52-23

show running-config command

displaying ACLs 37-33, 37-35

interface description in 13-31

shutdown command on interfaces 13-42

shutdown threshold for Layer 2 protocol packets 18-12

Simple Network Management Protocol

See SNMP

single session ID 10-35

small form-factor pluggable modules

See SFPs

small-frame arrival rate, configuring 29-5

smart logging 34-1, 34-15

SNAP 28-1

SNMP

accessing MIB variables with 35-4

agent

described 35-4

disabling 35-7

and IP SLAs 46-2

authentication level 35-11

community strings

configuring 35-8

for cluster switches 35-4

overview 35-4

configuration examples 35-19

default configuration 35-6

engine ID 35-7

groups 35-7, 35-10

host 35-7

ifIndex values 35-5

in-band management 1-8

in clusters 6-14

informs

and trap keyword 35-13

described 35-5

differences from traps 35-5

disabling 35-16

enabling 35-16

limiting access by TFTP servers 35-18

limiting system log messages to NMS 34-10

manager functions 1-6, 35-3

managing clusters with 6-17

notifications 35-5

overview 35-1, 35-4

security levels 35-3

setting CPU threshold notification 35-17

status, displaying 35-20

system contact and location 35-17

trap manager, configuring 35-15

traps

described 35-5

differences from informs 35-5

disabling 35-16

enabling 35-13

enabling MAC address notification 7-16, 7-18, 7-20

overview 35-1, 35-4

types of 35-13

users 35-7, 35-10

versions supported 35-2

SNMP and Syslog Over IPv6 43-13

SNMP traps

REP 22-13

SNMPv1 35-2

SNMPv2C 35-2

SNMPv3 35-2

snooping, IGMP 26-2

software compatibility

See stacks, switch

software images

location in flash A-26

recovery procedures 52-2

scheduling reloads 4-24

tar file format, described A-26

See also downloading and uploading

software images in mixed stacks

See the Cisco Software Activation and Compatibility Document

source-and-destination-IP address based forwarding, EtherChannel 40-9

source-and-destination MAC address forwarding, EtherChannel 40-9

source-IP address based forwarding, EtherChannel 40-9

source-MAC address forwarding, EtherChannel 40-8

Source-specific multicast

See SSM

SPAN

and stack changes 32-11

configuration guidelines 32-13

default configuration 32-12

destination ports 32-8

displaying status 32-31

interaction with other features 32-10

monitored ports 32-7

monitoring ports 32-8

overview 1-17, 32-1

ports, restrictions 29-12

received traffic 32-6

session limits 32-13

sessions

configuring ingress forwarding 32-17, 32-26

creating 32-14, 32-28

defined 32-4

limiting source traffic to specific VLANs 32-18

removing destination (monitoring) ports 32-15

specifying monitored ports 32-14, 32-28

with ingress traffic enabled 32-16

source ports 32-7

transmitted traffic 32-6

VLAN-based 32-7

spanning tree and native VLANs 14-17

Spanning Tree Protocol

See STP

SPAN traffic 32-6

split horizon, RIP 42-24

SRR

configuring

shaped weights on egress queues 38-90

shared weights on egress queues 38-91

shared weights on ingress queues 38-83

described 38-15

shaped mode 38-15

shared mode 38-16

support for 1-14, 1-15

SSH

configuring 9-48

described 1-8, 9-47

encryption methods 9-47

switch stack considerations 5-17

user authentication methods, supported 9-48

SSL

configuration guidelines 9-54

configuring a secure HTTP client 9-57

configuring a secure HTTP server 9-55

described 9-51

monitoring 9-57

SSM

address management restrictions 49-16

CGMP limitations 49-16

components 49-14

configuration guidelines 49-16

configuring 49-14, 49-17

differs from Internet standard multicast 49-14

IGMP snooping 49-16

IGMPv3 49-14

IGMPv3 Host Signalling 49-15

IP address range 49-15

monitoring 49-17

operations 49-15

PIM 49-14

state maintenance limitations 49-16

SSM mapping 49-17

configuration guidelines 49-17

configuring 49-17, 49-19

DNS-based 49-19, 49-20

monitoring 49-22

overview 49-18

restrictions 49-18

static 49-18, 49-20

static traffic forwarding 49-21

stack changes

effects on

IPv6 routing 43-15

stack changes, effects on

ACL configuration 37-7

CDP 28-2

cross-stack EtherChannel 40-13

EtherChannel 40-10

fallback bridging 51-3

HSRP 45-5

IEEE 802.1x port-based authentication 10-11

IGMP snooping 26-7

IP routing 42-4

IPv6 ACLs 39-4

MAC address tables 7-15

MSTP 20-8

multicast routing 49-10

MVR 26-18

port security 29-18

SDM template selection 8-3

SNMP 35-1

SPAN and RSPAN 32-11

STP 19-12

switch clusters 6-14

system message log 34-2

VLANs 14-6

VTP 15-7

stack master

bridge ID (MAC address) 5-6

defined 5-2

election 5-5

IPv6 43-15

re-election 5-5

See also stacks, switch

stack member

accessing CLI of specific member 5-30

configuring

member number 5-26

priority value 5-26

defined 5-2

displaying information of 5-30

IPv6 43-16

number 5-7

priority value 5-7

provisioning a new member 5-27

replacing 5-16

See also stacks, switch

stack member number 13-13

stack protocol version 5-11

stacks, switch

accessing CLI of specific member 5-30

assigning information

member number 5-26

priority value 5-26

provisioning a new member 5-27

auto-advise 5-12

auto-copy 5-12

auto-extract 5-12

auto-upgrade 5-12

bridge ID 5-6

Catalyst 3750-E-only 5-1

CDP considerations 28-2

compatibility, software 5-11

configuration file 5-15

configuration scenarios 5-18

copying an image file from one member to another A-40

default configuration 5-24

description of 5-1

displaying information of 5-30

enabling persistent MAC address timer 5-24

hardware compatibility and SDM mismatch mode 5-10

HSRP considerations 45-5

in clusters 6-14

incompatible software and image upgrades 5-15, A-40

IPv6 on 43-15

MAC address considerations 7-15

MAC address of 5-24

management connectivity 5-17

managing 5-1

managing mixed

See Catalyst 3750-E and 3750 Switch Stacking Compatibility Guide

membership 5-4

merged 5-4

mixed

hardware 5-1

hardware and software 5-2

software 5-2

with Catalyst 3750-E and 3750 switches 5-1

mixed software images

See Cisco Software Activation and Compatibility Document

MSTP instances supported 19-10

multicast routing, stack master and member roles 49-10

offline configuration

described 5-8

effects of adding a provisioned switch 5-8

effects of removing a provisioned switch 5-10

effects of replacing a provisioned switch 5-10

provisioned configuration, defined 5-8

provisioned switch, defined 5-8

provisioning a new member 5-27

partitioned 5-4, 52-8

provisioned switch

adding 5-8

removing 5-10

replacing 5-10

replacing a failed member 5-16

software compatibility 5-11

software image version 5-11

stack protocol version 5-11

STP

bridge ID 19-3

instances supported 19-10

root port selection 19-3

stack root switch election 19-3

system messages

hostnames in the display 34-1

remotely monitoring 34-2

system prompt consideration 7-8

system-wide configuration considerations 5-16

upgrading A-40

version-mismatch (VM) mode

automatic upgrades with auto-upgrade 5-12

described 5-11

examples 5-13

manual upgrades with auto-advise 5-12

upgrades with auto-extract 5-12

See also stack master and stack member

StackWise Plus technology, Cisco 1-3

See also stacks, switch

standby command switch

configuring

considerations 6-11

defined 6-2

priority 6-10

requirements 6-3

virtual IP address 6-11

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

standby ip command 45-6

standby links 23-2

standby router 45-2

standby timers, HSRP 45-10

startup configuration

booting

manually 4-19

specific image 4-20

clearing A-20

configuration file

automatically downloading 4-18

specifying the filename 4-19

default boot configuration 4-18

static access ports

assigning to VLAN 14-9

defined 13-3, 14-3

static addresses

See addresses

static IP routing 1-15

static MAC addressing 1-11

static route primary interface, configuring 47-10

static routes

configuring 42-93

understanding 43-11

static routing 42-3

static routing support, enhanced object tracking 47-10

static SSM mapping 49-18, 49-20

static traffic forwarding 49-21

static VLAN membership 14-2

statistics

802.1X 11-17

CDP 28-5

IEEE 802.1x 10-69

interface 13-40

IP multicast routing 49-63

OSPF 42-36

RMON group Ethernet 33-6

RMON group history 33-5

SNMP input and output 35-20

VTP 15-17

sticky learning 29-9

storm control

configuring 29-3

described 29-1

disabling 29-5

support for 1-5

thresholds 29-1

STP

accelerating root port selection 21-4

and REP 22-6

BackboneFast

described 21-7

disabling 21-17

enabling 21-17

BPDU filtering

described 21-3

disabling 21-15

enabling 21-15

BPDU guard

described 21-2

disabling 21-14

enabling 21-14

BPDU message exchange 19-3

configuration guidelines 19-14, 21-12

configuring

forward-delay time 19-23

hello time 19-22

maximum aging time 19-23

path cost 19-20

port priority 19-18

root switch 19-16

secondary root switch 19-18

spanning-tree mode 19-15

switch priority 19-21

transmit hold-count 19-24

counters, clearing 19-24

cross-stack UplinkFast

described 21-5

enabling 21-17

default configuration 19-13

default optional feature configuration 21-12

designated port, defined 19-4

designated switch, defined 19-4

detecting indirect link failures 21-8

disabling 19-16

displaying status 19-24

EtherChannel guard

described 21-10

disabling 21-18

enabling 21-17

extended system ID

effects on root switch 19-16

effects on the secondary root switch 19-18

overview 19-5

unexpected behavior 19-16

features supported 1-9

IEEE 802.1D and bridge ID 19-5

IEEE 802.1D and multicast addresses 19-9

IEEE 802.1t and VLAN identifier 19-5

inferior BPDU 19-3

instances supported 19-10

interface state, blocking to forwarding 21-2

interface states

blocking 19-7

disabled 19-8

forwarding 19-6, 19-7

learning 19-7

listening 19-7

overview 19-5

interoperability and compatibility among modes 19-11

keepalive messages 19-2

Layer 2 protocol tunneling 18-8

limitations with IEEE 802.1Q trunks 19-11

load sharing

overview 14-22

using path costs 14-25

using port priorities 14-23

loop guard

described 21-11

enabling 21-19

modes supported 19-10

multicast addresses, effect of 19-9

optional features supported 1-9

overview 19-2

path costs 14-25

Port Fast

described 21-2

enabling 21-13

port priorities 14-23

preventing root switch selection 21-10

protocols supported 19-10

redundant connectivity 19-9

root guard

described 21-10

enabling 21-18

root port, defined 19-3

root port selection on a switch stack 19-3

root switch

configuring 19-16

effects of extended system ID 19-5, 19-16

election 19-3

unexpected behavior 19-16

shutdown Port Fast-enabled port 21-2

stack changes, effects of 19-12

status, displaying 19-24

superior BPDU 19-3

timers, described 19-22

UplinkFast

described 21-4

enabling 21-16

VLAN-bridge 19-11

stratum, NTP 7-2

stub areas, OSPF 42-32

stub routing, EIGRP 42-43

subdomains, private VLAN 17-1

subnet mask 42-7

subnet zero 42-8

success response, VMPS 14-27

summer time 7-7

SunNet Manager 1-6

supernet 42-8

supported port-based authentication methods 10-8

SVI autostate exclude

configuring 13-34

defined 13-6

SVI link state 13-6

SVIs

and IP unicast routing 42-5

and router ACLs 37-4

connecting VLANs 13-11

defined 13-5

routing between VLANs 14-2

switch 43-2

switch clustering technology 6-1

See also clusters, switch

switch console port 1-8

Switch Database Management

See SDM

switched packets, ACLs on 37-40

Switched Port Analyzer

See SPAN

switched ports 13-2

switchport backup interface 23-4, 23-5

switchport block multicast command 29-8

switchport block unicast command 29-8

switchport command 13-22

switchport mode dot1q-tunnel command 18-7

switchport protected command 29-7

switch priority

MSTP 20-24

STP 19-21

switch software features 1-1

switch virtual interface

See SVI

SXP 12-2

synchronization, BGP 42-49

syslog

See system message logging

system capabilities TLV 30-2

system clock

configuring

daylight saving time 7-7

manually 7-5

summer time 7-7

time zones 7-6

displaying the time and date 7-5

overview 7-2

See also NTP

system description TLV 30-2

system message logging

default configuration 34-4

defining error message severity levels 34-9

disabling 34-4

displaying the configuration 34-18

enabling 34-5

facility keywords, described 34-15

level keywords, described 34-10

limiting messages 34-10

message format 34-2

overview 34-1

sequence numbers, enabling and disabling 34-8

setting the display destination device 34-5

stack changes, effects of 34-2

synchronizing log messages 34-6

syslog facility 1-17

time stamps, enabling and disabling 34-8

UNIX syslog servers

configuring the daemon 34-13

configuring the logging facility 34-14

facilities supported 34-15

system MTU

and IS-IS LSPs 42-70

system MTU and IEEE 802.1Q tunneling 18-5

system name

default configuration 7-9

default setting 7-9

manual configuration 7-9

See also DNS

system name TLV 30-2

system prompt, default setting 7-8, 7-9

system resources, optimizing 8-1

system routing

IS-IS 42-66

ISO IGRP 42-66

T

TACACS+

accounting, defined 9-12

authentication, defined 9-11

authorization, defined 9-11

configuring

accounting 9-17

authentication key 9-13

authorization 9-16

login authentication 9-14

default configuration 9-13

displaying the configuration 9-18

identifying the server 9-13

in clusters 6-16

limiting the services to the user 9-16

operation of 9-12

overview 9-10

support for 1-12

tracking services accessed by user 9-17

tagged packets

IEEE 802.1Q 18-3

Layer 2 protocol 18-8

tar files

creating A-7

displaying the contents of A-7

extracting A-8

image file format A-26

TCL script, registering and defining with embedded event manager 36-7

TDR 1-17

Telnet

accessing management interfaces 2-10

number of connections 1-8

setting a password 9-6

templates, SDM 8-1

temporary self-signed certificate 9-52

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password 9-6

ternary content addressable memory 52-27

TFTP

configuration files

downloading A-12

preparing the server A-11

uploading A-13

configuration files in base directory 4-8

configuring for autoconfiguration 4-7

image files

deleting A-30

downloading A-28

preparing the server A-28

uploading A-30

limiting access by servers 35-18

TFTP server 1-7

threshold, traffic level 29-2

threshold monitoring, IP SLAs 46-6

time

See NTP and system clock

Time Domain Reflector

See TDR

time-range command 37-17

time ranges in ACLs 37-17

time stamps in log messages 34-8

time zones 7-6

TLVs

defined 30-2

LLDP 30-2

LLDP-MED 30-2

Token Ring VLANs

support for 14-5

VTP support 15-4