Catalyst 3750-X and 3560-X Switch Software Configuration Guide, Release 12.2(55)SE
Index
Downloads: This chapterpdf (PDF - 1.81MB) The complete bookPDF (PDF - 14.19MB) | Feedback

Index

Numerics

10-Gigabit Ethernet interfaces 13-7

802.1AE 11-33

802.1x-REV 11-33

A

AAA down policy, NAC Layer 2 IP validation 1-12

abbreviating commands 2-3

ABRs 41-26

AC (command switch) 6-10

access-class command 36-20

access control entries

See ACEs

access-denied response, VMPS 14-26

access groups

applying IPv4 ACLs to interfaces 36-21

Layer 2 36-21

Layer 3 36-21

access groups, applying IPv4 ACLs to interfaces 36-21

accessing

clusters, switch 6-13

command switches 6-11

member switches 6-13

switch clusters 6-13

accessing stack members 5-25

access lists

See ACLs

access ports

and Layer 2 protocol tunneling 18-11

defined 13-3

in switch clusters 6-9

access template 8-1

accounting

with 802.1x 11-53

with IEEE 802.1x 11-14

with RADIUS 10-34

with TACACS+ 10-11, 10-17

ACEs

and QoS 37-8

defined 36-2

Ethernet 36-2

IP 36-2

ACLs

ACEs 36-2

any keyword 36-13

applying

on bridged packets 36-39

on multicast packets 36-41

on routed packets 36-40

on switched packets 36-39

time ranges to 36-17

to an interface 36-20, 38-7

to IPv6 interfaces 38-7

to QoS 37-7

classifying traffic for QoS 37-49

comments in 36-19

compiling 36-23

defined 36-2, 36-8

examples of 36-23, 37-49

extended IP, configuring for QoS classification 37-50

extended IPv4

creating 36-11

matching criteria 36-8

hardware and software handling 36-22

host keyword 36-13

IP

creating 36-8

fragments and QoS guidelines 37-39

implicit deny 36-10, 36-14, 36-17

implicit masks 36-10

matching criteria 36-8

undefined 36-21

IPv4

applying to interfaces 36-20

creating 36-8

matching criteria 36-8

named 36-15

numbers 36-8

terminal lines, setting on 36-19

unsupported features 36-7

IPv6

and stacking 38-3

applying to interfaces 38-7

configuring 38-4, 38-5

displaying 38-8

interactions with other features 38-4

limitations 38-3

matching criteria 38-3

named 38-3

precedence of 38-2

supported 38-2

unsupported features 38-3

Layer 4 information in 36-38

logging messages 36-9

MAC extended 36-28, 37-53

matching 36-8, 36-21

monitoring 36-41, 38-8

named

IPv4 36-15

IPv6 38-3

names 38-4

number per QoS class map 37-39

port 36-2, 38-2

precedence of 36-3

QoS 37-7, 37-49

resequencing entries 36-15

router 36-2, 38-2

router ACLs and VLAN map configuration guidelines 36-38

standard IP, configuring for QoS classification 37-49, 37-51

standard IPv4

creating 36-10

matching criteria 36-8

support for 1-10

support in hardware 36-22

time ranges 36-17

types supported 36-2

unsupported features

IPv4 36-7

IPv6 38-3

using router ACLs with VLAN maps 36-37

VLAN maps

configuration guidelines 36-31

configuring 36-31

active link 22-4, 22-5, 22-6

active links 22-2

active router 43-1

active traffic monitoring, IP SLAs 44-1

address aliasing 26-2

addresses

displaying the MAC address table 7-30

dynamic

accelerated aging 19-9

changing the aging time 7-21

default aging 19-9

defined 7-19

learning 7-20

removing 7-22

IPv6 42-2

MAC, discovering 7-31

multicast

group address range 47-3

STP address management 19-8

static

adding and removing 7-27

defined 7-19

address resolution 7-31, 41-9

Address Resolution Protocol

See ARP

adjacency tables, with CEF 41-91

administrative distances

defined 41-103

OSPF 41-34

routing protocol defaults 41-93

advertisements

CDP 27-1

LLDP 29-2

RIP 41-20

VTP 14-17, 15-3, 15-4

aggregatable global unicast addresses 42-3

aggregate addresses, BGP 41-61

aggregated ports

See EtherChannel

aggregate policers 37-72

aggregate policing 1-13

aging, accelerating 19-9

aging time

accelerated

for MSTP 20-24

for STP 19-9, 19-23

MAC address table 7-21

maximum

for MSTP 20-24, 20-25

for STP 19-23, 19-24

alarms, RMON 32-3

allowed-VLAN list 14-19

application engines, redirecting traffic to 46-1

area border routers

See ABRs

area routing

IS-IS 41-66

ISO IGRP 41-66

ARP

configuring 41-10

defined 1-6, 7-31, 41-10

encapsulation 41-11

static cache configuration 41-10

table

address resolution 7-31

managing 7-31

ASBRs 41-26

AS-path filters, BGP 41-55

asymmetrical links, and IEEE 802.1Q tunneling 18-4

attributes, RADIUS

vendor-proprietary 10-36

vendor-specific 10-35

attribute-value pairs 11-20

authentication

EIGRP 41-42

HSRP 43-10

local mode with AAA 10-43

NTP associations 7-4

open1x 11-29

RADIUS

key 10-27

login 10-29

TACACS+

defined 10-11

key 10-13

login 10-14

See also port-based authentication

authentication failed VLAN

See restricted VLAN

authentication keys, and routing protocols 41-104

authentication manager

CLI commands 11-9

compatibility with older 802.1x CLI commands 11-9 to 11-10

overview 11-8

single session ID 11-32

authoritative time source, described 7-2

authorization

with RADIUS 10-33

with TACACS+ 10-11, 10-16

authorized ports with IEEE 802.1x 11-10

autoconfiguration 3-3

auto enablement 11-31

automatic advise (auto-advise) in switch stacks 5-13

automatic copy (auto-copy) in switch stacks 5-12

automatic discovery

considerations

beyond a noncandidate device 6-8

brand new switches 6-9

connectivity 6-5

different VLANs 6-7

management VLANs 6-7

non-CDP-capable devices 6-6

noncluster-capable devices 6-6

routed ports 6-8

in switch clusters 6-5

See also CDP

automatic extraction (auto-extract) in switch stacks 5-12

automatic QoS

See QoS

automatic recovery, clusters 6-10

See also HSRP

automatic upgrades (auto-upgrade) in switch stacks 5-12

auto-MDIX

configuring 13-31

described 13-31

autonegotiation

duplex mode 1-4

interface configuration guidelines 13-28

mismatches 50-13

autonomous system boundary routers

See ASBRs

autonomous systems, in BGP 41-49

Auto-RP, described 47-7

autosensing, port speed 1-4

autostate exclude 13-6

auxiliary VLAN

See voice VLAN

availability, features 1-8

B

BackboneFast

described 21-7

disabling 21-17

enabling 21-16

support for 1-8

backup interfaces

See Flex Links

backup links 22-2

backup static routing, configuring 45-12

banners

configuring

login 7-19

message-of-the-day login 7-18

default configuration 7-17

when displayed 7-17

Berkeley r-tools replacement 10-54

BGP

aggregate addresses 41-61

aggregate routes, configuring 41-61

CIDR 41-61

clear commands 41-64

community filtering 41-58

configuring neighbors 41-59

default configuration 41-46

described 41-46

enabling 41-49

monitoring 41-64

multipath support 41-53

neighbors, types of 41-49

path selection 41-53

peers, configuring 41-59

prefix filtering 41-57

resetting sessions 41-51

route dampening 41-63

route maps 41-55

route reflectors 41-62

routing domain confederation 41-62

routing session with multi-VRF CE 41-85

show commands 41-64

supernets 41-61

support for 1-14

Version 4 41-46

binding cluster group and HSRP group 43-12

binding database

address, DHCP server

See DHCP, Cisco IOS server database

DHCP snooping

See DHCP snooping binding database

bindings

address, Cisco IOS DHCP server 23-6

DHCP snooping database 23-6

IP source guard 23-16

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets 28-7

Boolean expressions in tracked lists 45-4

booting

boot loader, function of 3-2

boot process 3-2

manually 3-19

specific image 3-20

boot loader

accessing 3-21

described 3-2

environment variables 3-21

prompt 3-21

trap-door mechanism 3-2

bootstrap router (BSR), described 47-7

Border Gateway Protocol

See BGP

BPDU

error-disabled state 21-2

filtering 21-3

RSTP format 20-12

BPDU filtering

described 21-3

disabling 21-15

enabling 21-14

support for 1-9

BPDU guard

described 21-2

disabling 21-14

enabling 21-13

support for 1-9

bridged packets, ACLs on 36-39

bridge groups

See fallback bridging

bridge protocol data unit

See BPDU

broadcast flooding 41-17

broadcast packets

directed 41-14

flooded 41-14

broadcast storm-control command 28-4

broadcast storms 28-1, 41-14

C

cables, monitoring for unidirectional links 30-1

candidate switch

automatic discovery 6-5

defined 6-4

requirements 6-4

See also command switch, cluster standby group, and member switch

CA trustpoint

configuring 10-51

defined 10-49

CDP

and trusted boundary 37-45

automatic discovery in switch clusters 6-5

configuring 27-2

default configuration 27-2

defined with LLDP 29-1

described 27-1

disabling for routing device 27-3 to 27-4

enabling and disabling

on an interface 27-4

on a switch 27-3

Layer 2 protocol tunneling 18-8

monitoring 27-6

overview 27-1

power negotiation extensions 13-7

support for 1-6

switch stack considerations 27-2

transmission timer and holdtime, setting 27-2

updates 27-2

CEF

defined 41-90

distributed 41-91

IPv6 42-19

CGMP

as IGMP snooping learning method 26-8

clearing cached group entries 47-62

enabling server support 47-45

joining multicast group 26-3

overview 47-9

server support only 47-9

switch support of 1-4

CIDR 41-61

CipherSuites 10-50

Cisco 7960 IP Phone 16-1

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco intelligent power management 13-7

Cisco IOS DHCP server

See DHCP, Cisco IOS DHCP server

Cisco IOS File System

See IFS

Cisco IOS IP SLAs 44-1

Cisco Redundant Power System 2300

configuring 13-42

managing 13-42

Cisco Secure ACS

attribute-value pairs for downloadable ACLs 11-20

attribute-value pairs for redirect URL 11-20

Cisco StackWise Plus technology 1-3

See also stacks, switch

CiscoWorks 2000 1-6, 34-4

CISP 11-31

CIST regional root

See MSTP

CIST root

See MSTP

civic location 29-3

classless interdomain routing

See CIDR

classless routing 41-8

class maps for QoS

configuring 37-54

described 37-8

displaying 37-92

class of service

See CoS

clearing interfaces 13-46

CLI

abbreviating commands 2-3

command modes 2-1

configuration logging 2-4

described 1-6

editing features

enabling and disabling 2-6

keystroke editing 2-7

wrapped lines 2-8

error messages 2-4

filtering command output 2-9

getting help 2-3

history

changing the buffer size 2-5

described 2-5

disabling 2-6

recalling commands 2-6

managing clusters 6-16

no and default forms of commands 2-4

Client Information Signalling Protocol

See CISP

client mode, VTP 15-3

client processes, tracking 45-1

CLNS

See ISO CLNS

clock

See system clock

clusters, switch

accessing 6-13

automatic discovery 6-5

automatic recovery 6-10

benefits 1-2

compatibility 6-4

described 6-1

LRE profile considerations 6-16

managing

through CLI 6-16

through SNMP 6-17

planning 6-4

planning considerations

automatic discovery 6-5

automatic recovery 6-10

CLI 6-16

host names 6-13

IP addresses 6-13

LRE profiles 6-16

passwords 6-14

RADIUS 6-16

SNMP 6-14, 6-17

switch stacks 6-14

TACACS+ 6-16

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

and HSRP group 43-12

automatic recovery 6-12

considerations 6-11

defined 6-2

requirements 6-3

virtual IP address 6-11

See also HSRP

CNS

Configuration Engine

configID, deviceID, hostname 4-3

configuration service 4-2

described 4-1

event service 4-3

embedded agents

described 4-5

enabling automated configuration 4-6

enabling configuration agent 4-9

enabling event agent 4-8

management functions 1-6

CoA Request Commands 10-23

Coarse Wave Division Multiplexer

See CWDM SFPs

command-line interface

See CLI

command modes 2-1

commands

abbreviating 2-3

no and default 2-4

commands, setting privilege levels 10-8

command switch

accessing 6-11

active (AC) 6-10

configuration conflicts 50-12

defined 6-2

passive (PC) 6-10

password privilege levels 6-17

priority 6-10

recovery

from command-switch failure 6-10, 50-9

from lost member connectivity 50-12

redundant 6-10

replacing

with another switch 50-11

with cluster member 50-9

requirements 6-3

standby (SC) 6-10

See also candidate switch, cluster standby group, member switch, and standby command switch

common session ID

see single session ID 11-32

community list, BGP 41-58

community ports 17-2

community strings

configuring 6-14, 34-8

for cluster switches 34-4

in clusters 6-14

overview 34-4

SNMP 6-14

community VLANs 17-2, 17-3

compatibility, feature 28-12

compatibility, software

See stacks, switch

config.text 3-18

configurable leave timer, IGMP 26-5

configuration, initial

defaults 1-17

Express Setup 1-2

configuration conflicts, recovering from lost member connectivity 50-12

configuration examples, network 1-19

configuration files

archiving B-21

clearing the startup configuration B-20

creating and using, guidelines for B-10

creating using a text editor B-11

default name 3-18

deleting a stored configuration B-20

described B-9

downloading

automatically 3-18

preparing B-11, B-14, B-17

reasons for B-9

using FTP B-14

using RCP B-18

using TFTP B-12

invalid combinations when copying B-6

limiting TFTP server access 34-17

obtaining with DHCP 3-9

password recovery disable considerations 10-5

replacing and rolling back, guidelines for B-22

replacing a running configuration B-20, B-21

rolling back a running configuration B-20, B-22

specifying the filename 3-19

system contact and location information 34-16

types and location B-10

uploading

preparing B-11, B-14, B-17

reasons for B-9

using FTP B-16

using RCP B-19

using TFTP B-13

configuration guidelines, multi-VRF CE 41-78

configuration logging 2-4

configuration replacement B-20

configuration rollback B-20, B-21

configuration settings, saving 3-16

configure terminal command 13-18

configuring multicast VRFs 41-84

configuring port-based authentication violation modes 11-43 to 11-44

configuring small-frame arrival rate 28-5

conflicts, configuration 50-12

connections, secure remote 10-44

connectivity problems 50-15, 50-16, 50-18

consistency checks in VTP Version 2 15-5

console media type 13-14

console port

RJ-45 13-13

USB 13-13

console port, connecting to 2-10

content-routing technology

See WCCP

control protocol, IP SLAs 44-4

corrupted software, recovery steps with Xmodem 50-2

CoS

in Layer 2 frames 37-2

override priority 16-6

trust priority 16-6

CoS input queue threshold map for QoS 37-18

CoS output queue threshold map for QoS 37-21

CoS-to-DSCP map for QoS 37-74

counters, clearing interface 13-46

CPU utilization, troubleshooting 50-28

crashinfo file 50-24

critical authentication, IEEE 802.1x 11-57

critical VLAN 11-23

cross-stack EtherChannel

configuration guidelines 39-13

configuring

on Layer 2 interfaces 39-13

on Layer 3 physical interfaces 39-16

described 39-3

illustration 39-4

support for 1-8

cross-stack UplinkFast, STP

described 21-5

disabling 21-16

enabling 21-16

fast-convergence events 21-7

Fast Uplink Transition Protocol 21-6

normal-convergence events 21-7

support for 1-8

cryptographic software image

switch stack considerations 5-3, 5-17

customer edge devices 41-76

customizeable web pages, web-based authentication 12-6

CWDM SFPs 1-33

D

DACL

See downloadable ACL

daylight saving time 7-13

dCEF in the switch stack 41-90

debugging

enabling all system diagnostics 50-21

enabling for a specific feature 50-21

redirecting error message output 50-22

using commands 50-20

default commands 2-4

default configuration

802.1x 11-37

auto-QoS 37-24

banners 7-17

BGP 41-46

booting 3-18

CDP 27-2

DHCP 23-8

DHCP option 82 23-8

DHCP snooping 23-8

DHCP snooping binding database 23-9

DNS 7-16

dynamic ARP inspection 24-5

EIGRP 41-38

EtherChannel 39-11

Ethernet interfaces 13-27

fallback bridging 49-3

Flex Links 22-8

HSRP 43-5

IEEE 802.1Q tunneling 18-4

IGMP 47-39

IGMP filtering 26-23

IGMP snooping 25-6, 26-6

IGMP throttling 26-24

initial switch information 3-3

IP addressing, IP routing 41-6

IP multicast routing 47-11

IP SLAs 44-6

IP source guard 23-18

IPv6 42-10

IS-IS 41-67

Layer 2 interfaces 13-27

Layer 2 protocol tunneling 18-11

LLDP 29-5

MAC address table 7-21

MAC address-table move update 22-8

MSDP 48-4

MSTP 20-14

multi-VRF CE 41-78

MVR 26-19

NTP 7-4

optional spanning-tree configuration 21-12

OSPF 41-27

password and privilege level 10-2

PIM 47-11

private VLANs 17-6

RADIUS 10-27

RIP 41-21

RMON 32-3

RSPAN 31-12

SDM template 8-4

SNMP 34-6

SPAN 31-12

SSL 10-51

standard QoS 37-37

STP 19-12

switch stacks 5-20

system message logging 33-4

system name and prompt 7-15

TACACS+ 10-13

UDLD 30-4

VLAN, Layer 2 Ethernet interfaces 14-17

VLANs 14-7

VMPS 14-27

voice VLAN 16-3

VTP 15-8

WCCP 46-5

default gateway 3-15, 41-12

default networks 41-94

default router preference

See DRP

default routes 41-94

default routing 41-3

default web-based authentication configuration

802.1X 12-9

deleting VLANs 14-8

denial-of-service attack 28-1

description command 13-36

designing your network, examples 1-19

desktop template 5-10

destination addresses

in IPv4 ACLs 36-12

in IPv6 ACLs 38-5

destination-IP address-based forwarding, EtherChannel 39-9

destination-MAC address forwarding, EtherChannel 39-9

detecting indirect link failures, STP 21-8

device discovery protocol 27-1, 29-1

device manager

benefits 1-2

described 1-2, 1-5

in-band management 1-7

DHCP

Cisco IOS server database

configuring 23-14

default configuration 23-9

described 23-6

DHCP for IPv6

See DHCPv6

enabling

relay agent 23-10

server 23-10

DHCP-based autoconfiguration

client request message exchange 3-4

configuring

client side 3-4

DNS 3-8

relay device 3-8

server side 3-7

server-side 23-10

TFTP server 3-7

example 3-10

lease options

for IP address information 3-7

for receiving the configuration file 3-7

overview 3-3

relationship to BOOTP 3-4

relay support 1-6, 1-15

support for 1-6

DHCP-based autoconfiguration and image update

configuring 3-11 to 3-14

understanding 3-5 to 3-6

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP object tracking, configuring primary interface 45-11

DHCP option 82

circuit ID suboption 23-5

configuration guidelines 23-9

default configuration 23-8

displaying 23-15

forwarding address, specifying 23-11

helper address 23-11

overview 23-3

packet format, suboption

circuit ID 23-5

remote ID 23-5

remote ID suboption 23-5

DHCP server port-based address allocation

configuration guidelines 23-26

default configuration 23-26

described 23-25

displaying 23-28, 24-12

enabling 23-26

reserved addresses 23-27

DHCP snooping

accepting untrusted packets form edge switch 23-3, 23-12

and private VLANs 23-14

binding database

See DHCP snooping binding database

configuration guidelines 23-9

default configuration 23-8

displaying binding tables 23-15

message exchange process 23-4

option 82 data insertion 23-3

trusted interface 23-2

untrusted interface 23-2

untrusted messages 23-2

DHCP snooping binding database

adding bindings 23-14

binding entries, displaying 23-15

binding file

format 23-7

location 23-6

bindings 23-6

clearing agent statistics 23-15

configuration guidelines 23-9

configuring 23-14

default configuration 23-8, 23-9

deleting

binding file 23-15

bindings 23-15

database agent 23-15

described 23-6

displaying 23-15

binding entries 23-15

status and statistics 23-15

displaying status and statistics 23-15

enabling 23-14

entry 23-6

renewing database 23-15

resetting

delay value 23-15

timeout value 23-15

DHCP snooping binding table

See DHCP snooping binding database

DHCPv6

configuration guidelines 42-15

default configuration 42-15

described 42-6

enabling client function 42-18

enabling DHCPv6 server function 42-15

diagnostic schedule command 51-2

Differentiated Services architecture, QoS 37-2

Differentiated Services Code Point 37-2

Diffusing Update Algorithm (DUAL) 41-36

Digital Optical Monitoring (DOM) 13-46

directed unicast requests 1-6

directories

changing B-4

creating and removing B-5

displaying the working B-4

discovery, clusters

See automatic discovery

Distance Vector Multicast Routing Protocol

See DVMRP

distance-vector protocols 41-3

distribute-list command 41-102

DNS

and DHCP-based autoconfiguration 3-8

default configuration 7-16

displaying the configuration 7-17

in IPv6 42-4

overview 7-15

setting up 7-16

support for 1-6

DNS-based SSM mapping 47-18, 47-20

DOM (Digital Optical Monitoring) 13-46

domain names

DNS 7-15

VTP 15-9

Domain Name System

See DNS

domains, ISO IGRP routing 41-66

dot1q-tunnel switchport mode 14-16

double-tagged packets

IEEE 802.1Q tunneling 18-2

Layer 2 protocol tunneling 18-10

downloadable ACL 11-18, 11-20, 11-65

downloading

configuration files

preparing B-11, B-14, B-17

reasons for B-9

using FTP B-14

using RCP B-18

using TFTP B-12

image files

deleting old image B-30

preparing B-28, B-31, B-36

reasons for B-25

using CMS 1-3

using FTP B-32

using HTTP 1-3, B-25

using RCP B-37

using TFTP B-28

using the device manager or Network Assistant B-25

drop threshold for Layer 2 protocol packets 18-11

DRP

configuring 42-13

described 42-4

IPv6 42-4

DSCP 1-13, 37-2

DSCP input queue threshold map for QoS 37-18

DSCP output queue threshold map for QoS 37-21

DSCP-to-CoS map for QoS 37-77

DSCP-to-DSCP-mutation map for QoS 37-78

DSCP transparency 37-46

DTP 1-9, 14-15

dual-action detection 39-6

DUAL finite state machine, EIGRP 41-37

dual IPv4 and IPv6 templates 8-2, 42-5, 42-6

dual protocol stacks

IPv4 and IPv6 42-6

SDM templates supporting 42-6

DVMRP

autosummarization

configuring a summary address 47-59

disabling 47-61

connecting PIM domain to DVMRP router 47-51

enabling unicast routing 47-54

interoperability

with Cisco devices 47-49

with Cisco IOS software 47-9

mrinfo requests, responding to 47-54

neighbors

advertising the default route to 47-53

discovery with Probe messages 47-49

displaying information 47-54

prevent peering with nonpruning 47-57

rejecting nonpruning 47-55

overview 47-9

routes

adding a metric offset 47-61

advertising all 47-61

advertising the default route to neighbors 47-53

caching DVMRP routes learned in report messages 47-55

changing the threshold for syslog messages 47-58

deleting 47-62

displaying 47-63

favoring one over another 47-61

limiting the number injected into MBONE 47-58

limiting unicast route advertisements 47-49

routing table 47-9

source distribution tree, building 47-9

support for 1-15

tunnels

configuring 47-51

displaying neighbor information 47-54

dynamic access ports

characteristics 14-3

configuring 14-28

defined 13-3

dynamic addresses

See addresses

dynamic ARP inspection

ARP cache poisoning 24-1

ARP requests, described 24-1

ARP spoofing attack 24-1

clearing

log buffer 24-15

statistics 24-15

configuration guidelines 24-6

configuring

ACLs for non-DHCP environments 24-8

in DHCP environments 24-7

log buffer 24-13

rate limit for incoming ARP packets 24-4, 24-10

default configuration 24-5

denial-of-service attacks, preventing 24-10

described 24-1

DHCP snooping binding database 24-2

displaying

ARP ACLs 24-14

configuration and operating state 24-14

statistics 24-15

trust state and rate limit 24-14

error-disabled state for exceeding rate limit 24-4

function of 24-2

interface trust states 24-3

log buffer

clearing 24-15

configuring 24-13

logging of dropped packets, described 24-5

man-in-the middle attack, described 24-2

network security issues and interface trust states 24-3

priority of ARP ACLs and DHCP snooping entries 24-4

rate limiting of ARP packets

configuring 24-10

described 24-4

error-disabled state 24-4

statistics

clearing 24-15

displaying 24-15

validation checks, performing 24-12

dynamic auto trunking mode 14-16

dynamic desirable trunking mode 14-16

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described 14-26

reconfirming 14-29

troubleshooting 14-31

types of connections 14-29

dynamic routing 41-3

ISO CLNS 41-65

Dynamic Trunking Protocol

See DTP

E

EBGP 41-45

editing features

enabling and disabling 2-6

keystrokes used 2-7

wrapped lines 2-8

EEM 3.2 35-5

EIGRP

authentication 41-42

components 41-37

configuring 41-40

default configuration 41-38

definition 41-36

interface parameters, configuring 41-41

monitoring 41-44

stub routing 41-43

support for 1-14

EIGRP IPv6 42-7

elections

See stack master

ELIN location 29-3

embedded event manager

3.2 35-5

actions 35-4

configuring 35-1, 35-6

displaying information 35-8

environmental variables 35-5

event detectors 35-3

policies 35-4

registering and defining an applet 35-6

registering and defining a TCL script 35-7

understanding 35-1

enable password 10-3

enable secret password 10-3

encryption, CipherSuite 10-50

encryption for passwords 10-3

encryption keying 11-33

encryption keys, MKA 11-33

Enhanced IGRP

See EIGRP

enhanced object tracking

backup static routing 45-12

defined 45-1

DHCP primary interface 45-11

HSRP 45-7

IP routing state 45-2

IP SLAs 45-9

line-protocol state 45-2

network monitoring with IP SLAs 45-11

routing policy, configuring 45-12

static route primary interface 45-10

tracked lists 45-3

enhanced object tracking static routing 45-10

environmental variables, embedded event manager 35-5

environment variables, function of 3-22

equal-cost routing 1-14, 41-92

error-disabled state, BPDU 21-2

error messages during command entry 2-4

EtherChannel

automatic creation of 39-5, 39-7

channel groups

binding physical and logical interfaces 39-4

numbering of 39-4

configuration guidelines 39-12

configuring

Layer 2 interfaces 39-13

Layer 3 physical interfaces 39-16

Layer 3 port-channel logical interfaces 39-15

default configuration 39-11

described 39-2

displaying status 39-22

forwarding methods 39-8, 39-18

IEEE 802.3ad, described 39-7

interaction

with STP 39-12

with VLANs 39-12

LACP

described 39-7

displaying status 39-22

hot-standby ports 39-20

interaction with other features 39-8

modes 39-7

port priority 39-22

system priority 39-21

Layer 3 interface 41-5

load balancing 39-8, 39-18

logical interfaces, described 39-4

PAgP

aggregate-port learners 39-19

compatibility with Catalyst 1900 39-19

described 39-5

displaying status 39-22

interaction with other features 39-7

interaction with virtual switches 39-6

learn method and priority configuration 39-19

modes 39-6

support for 1-4

with dual-action detection 39-6

port-channel interfaces

described 39-4

numbering of 39-4

port groups 13-6

stack changes, effects of 39-10

support for 1-4

EtherChannel guard

described 21-10

disabling 21-17

enabling 21-17

Ethernet management port

active link 13-23

and routing 13-24

and routing protocols 13-24

and TFTP 13-26

configuring 13-25

connecting to 2-10

default setting 13-24

described 13-23

for network management 13-23

specifying 13-25

supported features 13-25

unsupported features 13-25

Ethernet management port, internal

and routing 13-24

and routing protocols 13-24

unsupported features 13-25

Ethernet VLANs

adding 14-7

defaults and ranges 14-7

modifying 14-7

EUI 42-3

event detectors, embedded event manager 35-3

events, RMON 32-3

examples

network configuration 1-19

expedite queue for QoS 37-90

Express Setup 1-2

See also getting started guide

extended crashinfo file 50-24

extended-range VLANs

configuration guidelines 14-10

configuring 14-10

creating 14-11

creating with an internal VLAN ID 14-13

defined 14-1

extended system ID

MSTP 20-18

STP 19-4, 19-16

extended universal identifier

See EUI

Extensible Authentication Protocol over LAN 11-2

external BGP

See EBGP

external neighbors, BGP 41-49

F

Fa0 port

See Ethernet management port

failover support 1-8

fallback bridging

and protected ports 49-4

bridge groups

creating 49-4

described 49-2

displaying 49-10

function of 49-2

number supported 49-4

removing 49-5

bridge table

clearing 49-10

displaying 49-10

configuration guidelines 49-4

connecting interfaces with 13-13

default configuration 49-3

described 49-1

frame forwarding

flooding packets 49-2

forwarding packets 49-2

overview 49-1

protocol, unsupported 49-4

stack changes, effects of 49-3

STP

disabling on an interface 49-9

forward-delay interval 49-8

hello BPDU interval 49-8

interface priority 49-6

keepalive messages 19-2

maximum-idle interval 49-9

path cost 49-7

VLAN-bridge spanning-tree priority 49-6

VLAN-bridge STP 49-2

support for 1-14

SVIs and routed ports 49-1

unsupported protocols 49-4

VLAN-bridge STP 19-11

Fast Convergence 22-3

fastethernet0 port

See Ethernet management port

Fast Uplink Transition Protocol 21-6

features, incompatible 28-12

FIB 41-91

fiber-optic, detecting unidirectional links 30-1

files

basic crashinfo

description 50-25

location 50-25

copying B-5

crashinfo, description 50-24

deleting B-6

displaying the contents of B-8

extended crashinfo

description 50-25

location 50-25

tar

creating B-7

displaying the contents of B-7

extracting B-8

image file format B-26

file system

displaying available file systems B-2

displaying file information B-3

local file system names B-1

network file system names B-5

setting the default B-3

filtering

in a VLAN 36-31

IPv6 traffic 38-4, 38-7

non-IP traffic 36-28

show and more command output 2-9

filtering show and more command output 2-9

filters, IP

See ACLs, IP

flash device, number of B-1

flexible authentication ordering

configuring 11-68

overview 11-29

Flex Link Multicast Fast Convergence 22-3

Flex Links

configuring 22-8, 22-9

configuring preferred VLAN 22-11

configuring VLAN load balancing 22-10

default configuration 22-8

description 22-1

link load balancing 22-2

monitoring 22-14

VLANs 22-2

flooded traffic, blocking 28-8

flow-based packet classification 1-13

flowcharts

QoS classification 37-7

QoS egress queueing and scheduling 37-19

QoS ingress queueing and scheduling 37-16

QoS policing and marking 37-11

flowcontrol

configuring 13-30

described 13-30

forward-delay time

MSTP 20-24

STP 19-23

Forwarding Information Base

See FIB

forwarding nonroutable protocols 49-1

FTP

accessing MIB files A-4

configuration files

downloading B-14

overview B-13

preparing the server B-14

uploading B-16

image files

deleting old image B-34

downloading B-32

preparing the server B-31

uploading B-34

G

general query 22-5

Generating IGMP Reports 22-3

get-bulk-request operation 34-3

get-next-request operation 34-3, 34-4

get-request operation 34-3, 34-4

get-response operation 34-3

Gigabit modules

See SFPs

global configuration mode 2-2

global leave, IGMP 26-12

guest VLAN and IEEE 802.1x 11-21

guide mode 1-3

GUIs

See device manager and Network Assistant

H

hardware limitations and Layer 3 interfaces 13-37

hello time

MSTP 20-23

STP 19-22

help, for the command line 2-3

hierarchical policy maps 37-9

configuration guidelines 37-40

configuring 37-64

described 37-12

history

changing the buffer size 2-5

described 2-5

disabling 2-6

recalling commands 2-6

history table, level and number of syslog messages 33-10

host modes, MACsec 11-35

host names in clusters 6-13

host ports

configuring 17-11

kinds of 17-2

hosts, limit on dynamic ports 14-31

Hot Standby Router Protocol

See HSRP

HP OpenView 1-6

HSRP

authentication string 43-10

automatic cluster recovery 6-12

binding to cluster group 43-12

cluster standby group considerations 6-11

command-switch redundancy 1-1, 1-8

configuring 43-5

default configuration 43-5

definition 43-1

guidelines 43-6

monitoring 43-13

object tracking 45-7

overview 43-1

priority 43-8

routing redundancy 1-14

support for ICMP redirect messages 43-12

switch stack considerations 43-5

timers 43-10

tracking 43-8

See also clusters, cluster standby group, and standby command switch

HSRP for IPv6

configuring 42-25

guidelines 42-24

HTTP(S) Over IPv6 42-8

HTTP over SSL

see HTTPS

HTTPS

configuring 10-52

described 10-48

self-signed certificate 10-49

HTTP secure server 10-48

I

IBPG 41-45

ICMP

IPv6 42-4

redirect messages 41-12

support for 1-15

time-exceeded messages 50-18

traceroute and 50-18

unreachable messages 36-20

unreachable messages and IPv6 38-4

unreachables and ACLs 36-22

ICMP Echo operation

configuring 44-11

IP SLAs 44-10

ICMP ping

executing 50-15

overview 50-15

ICMP Router Discovery Protocol

See IRDP

ICMPv6 42-4

IDS appliances

and ingress RSPAN 31-22

and ingress SPAN 31-15

IEEE 802.1D

See STP

IEEE 802.1p 16-1

IEEE 802.1Q

and trunk ports 13-3

configuration limitations 14-17

encapsulation 14-14

native VLAN for untagged traffic 14-21

tunneling

compatibility with other features 18-6

defaults 18-4

described 18-1

tunnel ports with other features 18-6

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3af

See PoE

IEEE 802.3x flow control 13-30

ifIndex values, SNMP 34-5

IFS 1-7

IGMP

configurable leave timer

described 26-5

enabling 26-10

configuring the switch

as a member of a group 47-39

statically connected member 47-44

controlling access to groups 47-40

default configuration 47-39

deleting cache entries 47-62

displaying groups 47-63

fast switching 47-44

flooded multicast traffic

controlling the length of time 26-11

disabling on an interface 26-12

global leave 26-12

query solicitation 26-12

recovering from flood mode 26-12

host-query interval, modifying 47-42

joining multicast group 26-3

join messages 26-3

leave processing, enabling 25-9, 26-10

leaving multicast group 26-4

multicast reachability 47-39

overview 47-3

queries 26-3

report suppression

described 26-5

disabling 25-11, 26-15

supported versions 26-3

support for 1-4

Version 1

changing to Version 2 47-41

described 47-3

Version 2

changing to Version 1 47-41

described 47-3

maximum query response time value 47-43

pruning groups 47-43

query timeout value 47-42

IGMP filtering

configuring 26-24

default configuration 26-23

described 26-23

support for 1-5

IGMP groups

configuring filtering 26-26

setting the maximum number 26-26

IGMP helper 47-6

IGMP Immediate Leave

configuration guidelines 26-10

described 26-5

enabling 26-10

IGMP profile

applying 26-25

configuration mode 26-24

configuring 26-24

IGMP snooping

and address aliasing 26-2

and stack changes 26-6

configuring 26-6

default configuration 25-6, 26-6

definition 26-2

enabling and disabling 25-7, 26-7

global configuration 26-7

Immediate Leave 26-5

in the switch stack 26-6

method 26-7

monitoring 25-12, 26-15

querier

configuration guidelines 26-13

configuring 26-13

supported versions 26-3

support for 1-5

VLAN configuration 26-7

IGMP throttling

configuring 26-26

default configuration 26-24

described 26-23

displaying action 26-28

IGP 41-26

Immediate Leave, IGMP

described 26-5

enabling 25-9

inaccessible authentication bypass 11-23

support for multiauth ports 11-23

initial configuration

defaults 1-17

Express Setup 1-2

interface

number 13-18

range macros 13-21

interface command 13-17 to 13-18

interface configuration mode 2-2

interfaces

auto-MDIX, configuring 13-31

configuring

procedure 13-18

counters, clearing 13-46

default configuration 13-27

described 13-36

descriptive name, adding 13-36

displaying information about 13-45

duplex and speed configuration guidelines 13-28

flow control 13-30

management 1-5

monitoring 13-45

naming 13-36

physical, identifying 13-17

range of 13-19

restarting 13-47

shutting down 13-47

speed and duplex, configuring 13-29

status 13-45

supported 13-17

types of 13-1

interfaces range macro command 13-21

interface types 13-17

Interior Gateway Protocol

See IGP

internal BGP

See IBGP

internal neighbors, BGP 41-49

internal power supplies

See power supplies

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

Internet Protocol version 6

See IPv6

Inter-Switch Link

See ISL

inter-VLAN routing 1-14, 41-2

Intrusion Detection System

See IDS appliances

inventory management TLV 29-3, 29-7

IP ACLs

for QoS classification 37-7

implicit deny 36-10, 36-14

implicit masks 36-10

named 36-15

undefined 36-21

IP addresses

128-bit 42-2

candidate or member 6-4, 6-13

classes of 41-7

cluster access 6-2

command switch 6-3, 6-11, 6-13

default configuration 41-6

discovering 7-31

for IP routing 41-6

IPv6 42-2

MAC address association 41-9

monitoring 41-18

redundant clusters 6-11

standby command switch 6-11, 6-13

See also IP information

IP base feature set 1-1

IP base software image 1-1

IP broadcast address 41-17

ip cef distributed command 41-91

IP directed broadcasts 41-15

ip igmp profile command 26-24

IP information

assigned

manually 3-15

through DHCP-based autoconfiguration 3-3

default configuration 3-3

IP multicast routing

addresses

all-hosts 47-3

all-multicast-routers 47-3

host group address range 47-3

administratively-scoped boundaries, described 47-47

and IGMP snooping 26-2

Auto-RP

adding to an existing sparse-mode cloud 47-26

benefits of 47-25

clearing the cache 47-63

configuration guidelines 47-12

filtering incoming RP announcement messages 47-28

overview 47-7

preventing candidate RP spoofing 47-28

preventing join messages to false RPs 47-28

setting up in a new internetwork 47-26

using with BSR 47-33

bootstrap router

configuration guidelines 47-12

configuring candidate BSRs 47-31

configuring candidate RPs 47-32

defining the IP multicast boundary 47-31

defining the PIM domain border 47-30

overview 47-7

using with Auto-RP 47-33

Cisco implementation 47-2

configuring

basic multicast routing 47-12

IP multicast boundary 47-47

default configuration 47-11

enabling

multicast forwarding 47-13

PIM mode 47-13

group-to-RP mappings

Auto-RP 47-7

BSR 47-7

MBONE

deleting sdr cache entries 47-63

described 47-46

displaying sdr cache 47-63

enabling sdr listener support 47-46

limiting DVMRP routes advertised 47-58

limiting sdr cache entry lifetime 47-46

SAP packets for conference session announcement 47-46

Session Directory (sdr) tool, described 47-46

monitoring

packet rate loss 47-64

peering devices 47-64

tracing a path 47-64

multicast forwarding, described 47-8

PIMv1 and PIMv2 interoperability 47-11

protocol interaction 47-2

reverse path check (RPF) 47-8

routing table

deleting 47-62

displaying 47-63

RP

assigning manually 47-24

configuring Auto-RP 47-25

configuring PIMv2 BSR 47-29

monitoring mapping information 47-35

using Auto-RP and BSR 47-33

stacking

stack master functions 47-10

stack member functions 47-10

statistics, displaying system and network 47-63

See also CGMP

See also DVMRP

See also IGMP

See also PIM

IP phones

and QoS 16-1

automatic classification and queueing 37-23

configuring 16-4

ensuring port security with QoS 37-45

trusted boundary for QoS 37-45

IP Port Security for Static Hosts

on a Layer 2 access port 23-20

on a PVLAN host port 23-23

IP precedence 37-2

IP-precedence-to-DSCP map for QoS 37-75

IP protocols

in ACLs 36-12

routing 1-14

IP protocols in ACLs 36-12

IP routes, monitoring 41-105

IP routing

connecting interfaces with 13-13

disabling 41-19

enabling 41-19

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 44-1

IP services feature set 1-2

IP SLAs

benefits 44-2

configuration guidelines 44-6

configuring object tracking 45-9

Control Protocol 44-4

default configuration 44-6

definition 44-1

ICMP echo operation 44-10

measuring network performance 44-3

monitoring 44-12

multioperations scheduling 44-5

object tracking 45-9

operation 44-3

reachability tracking 45-9

responder

described 44-4

enabling 44-7

response time 44-4

scheduling 44-5

SNMP support 44-2

supported metrics 44-2

threshold monitoring 44-6

track object monitoring agent, configuring 45-11

track state 45-9

UDP jitter operation 44-8

IP source guard

and 802.1x 23-18

and DHCP snooping 23-16

and EtherChannels 23-18

and port security 23-18

and private VLANs 23-18

and routed ports 23-18

and TCAM entries 23-18

and trunk interfaces 23-18

and VRF 23-18

binding configuration

automatic 23-16

manual 23-16

binding table 23-16

configuration guidelines 23-18

default configuration 23-18

described 23-16

disabling 23-19

displaying

bindings 23-25

configuration 23-25

enabling 23-19, 23-20

filtering

source IP address 23-16

source IP and MAC address 23-16

source IP address filtering 23-16

source IP and MAC address filtering 23-16

static bindings

adding 23-19, 23-20

deleting 23-19

static hosts 23-20

IP traceroute

executing 50-18

overview 50-18

IP unicast routing

address resolution 41-9

administrative distances 41-93, 41-103

ARP 41-10

assigning IP addresses to Layer 3 interfaces 41-7

authentication keys 41-104

broadcast

address 41-17

flooding 41-17

packets 41-14

storms 41-14

classless routing 41-8

configuring static routes 41-93

default

addressing configuration 41-6

gateways 41-12

networks 41-94

routes 41-94

routing 41-3

directed broadcasts 41-15

disabling 41-19

dynamic routing 41-3

enabling 41-19

EtherChannel Layer 3 interface 41-5

IGP 41-26

inter-VLAN 41-2

IP addressing

classes 41-7

configuring 41-6

IPv6 42-3

IRDP 41-13

Layer 3 interfaces 41-5

MAC address and IP address 41-9

passive interfaces 41-102

protocols

distance-vector 41-3

dynamic 41-3

link-state 41-3

proxy ARP 41-10

redistribution 41-95

reverse address resolution 41-9

routed ports 41-5

static routing 41-3

steps to configure 41-5

subnet mask 41-7

subnet zero 41-7

supernet 41-8

UDP 41-16

unicast reverse path forwarding 1-15, 41-90

with SVIs 41-5

See also BGP

See also EIGRP

See also OSPF

See also RIP

IPv4 ACLs

applying to interfaces 36-20

extended, creating 36-11

named 36-15

standard, creating 36-10

IPv6

ACLs

displaying 38-8

limitations 38-3

matching criteria 38-3

port 38-2

precedence 38-2

router 38-2

supported 38-2

addresses 42-2

address formats 42-2

and switch stacks 42-9

applications 42-5

assigning address 42-11

autoconfiguration 42-5

CEFv6 42-19

default configuration 42-10

default router preference (DRP) 42-4

defined 42-1

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 42-7

EIGRP IPv6 Commands 42-7

Router ID 42-7

feature limitations 42-8

features not supported 42-8

forwarding 42-11

ICMP 42-4

monitoring 42-27

neighbor discovery 42-4

OSPF 42-6

path MTU discovery 42-4

SDM templates 8-2, 25-1, 38-1

stack master functions 42-9

Stateless Autoconfiguration 42-5

supported features 42-2

switch limitations 42-8

understanding static routes 42-6

IPv6 traffic, filtering 38-4

IRDP

configuring 41-13

definition 41-13

support for 1-15

IS-IS

addresses 41-66

area routing 41-66

default configuration 41-67

monitoring 41-75

show commands 41-75

system routing 41-66

ISL

and IPv6 42-3

and trunk ports 13-3

encapsulation 1-9, 14-14

trunking with IEEE 802.1 tunneling 18-5

ISO CLNS

clear commands 41-75

dynamic routing protocols 41-65

monitoring 41-75

NETs 41-65

NSAPs 41-65

OSI standard 41-65

ISO IGRP

area routing 41-66

system routing 41-66

isolated port 17-2

isolated VLANs 17-2, 17-3

J

join messages, IGMP 26-3

K

KDC

described 10-39

See also Kerberos

keepalive messages 19-2

Kerberos

authenticating to

boundary switch 10-41

KDC 10-41

network services 10-42

configuration examples 10-39

configuring 10-42

credentials 10-39

described 10-39

KDC 10-39

operation 10-41

realm 10-40

server 10-41

support for 1-12

switch as trusted third party 10-39

terms 10-40

TGT 10-41

tickets 10-39

key distribution center

See KDC

L

l2protocol-tunnel command 18-13

LACP

Layer 2 protocol tunneling 18-9

See EtherChannel

Layer 2 frames, classification with CoS 37-2

Layer 2 interfaces, default configuration 13-27

Layer 2 protocol tunneling

configuring 18-10

configuring for EtherChannels 18-14

default configuration 18-11

defined 18-8

guidelines 18-12

Layer 2 traceroute

and ARP 50-17

and CDP 50-17

broadcast traffic 50-16

described 50-16

IP addresses and subnets 50-17

MAC addresses and VLANs 50-17

multicast traffic 50-17

multiple devices on a port 50-17

unicast traffic 50-16

usage guidelines 50-17

Layer 3 features 1-14

Layer 3 interfaces

assigning IP addresses to 41-7

assigning IPv4 and IPv6 addresses to 42-14

assigning IPv6 addresses to 42-11

changing from Layer 2 mode 41-7, 41-81, 41-82

types of 41-5

Layer 3 packets, classification methods 37-2

LDAP 4-2

Leaking IGMP Reports 22-4

LEDs, switch

See hardware installation guide

Lightweight Directory Access Protocol

See LDAP

line configuration mode 2-2

Link Aggregation Control Protocol

See EtherChannel

Link Failure, detecting unidirectional 20-7

Link Layer Discovery Protocol

See CDP

link local unicast addresses 42-3

link redundancy

See Flex Links

links, unidirectional 30-1

link state advertisements (LSAs) 41-32

link-state protocols 41-3

link-state tracking

configuring 39-25

described 39-23

LLDP

configuring 29-5

characteristics 29-6

default configuration 29-5

enabling 29-6

monitoring and maintaining 29-11

overview 29-1

supported TLVs 29-2

switch stack considerations 29-2

transmission timer and holdtime, setting 29-6

LLDP-MED

configuring

procedures 29-5

TLVs 29-7

monitoring and maintaining 29-11

overview 29-1, 29-2

supported TLVs 29-2

LLDP Media Endpoint Discovery

See LLDP-MED

load balancing 43-4

local SPAN 31-2

location TLV 29-3, 29-7

logging messages, ACL 36-9

login authentication

with RADIUS 10-29

with TACACS+ 10-14

login banners 7-17

log messages

See system message logging

Long-Reach Ethernet (LRE) technology 1-21, 1-32

loop guard

described 21-11

enabling 21-18

support for 1-9

LRE profiles, considerations in switch clusters 6-16

M

MAC/PHY configuration status TLV 29-2

MAC addresses

aging time 7-21

and VLAN association 7-20

building the address table 7-20

default configuration 7-21

disabling learning on a VLAN 7-30

discovering 7-31

displaying 7-30

displaying in the IP source binding table 23-25

dynamic

learning 7-20

removing 7-22

in ACLs 36-28

IP address association 41-9

static

adding 7-27

allowing 7-29, 7-30

characteristics of 7-27

dropping 7-28

removing 7-27

MAC address learning 1-6

MAC address learning, disabling on a VLAN 7-30

MAC address notification, support for 1-16

MAC address-table move update

configuration guidelines 22-8

configuring 22-12

default configuration 22-8

description 22-6

monitoring 22-14

MAC address-to-VLAN mapping 14-26

MAC authentication bypass 11-16

MAC extended access lists

applying to Layer 2 interfaces 36-30

configuring for QoS 37-53

creating 36-28

defined 36-28

for QoS classification 37-5

MACsec 11-33

and stacking 11-34

configuring on an interface 11-71

defined 11-33

MACsec Key Agreement Protocol

See MKA

magic packet 11-27

manageability features 1-6

management access

in-band

browser session 1-7

CLI session 1-7

device manager 1-7

SNMP 1-7

out-of-band console port connection 1-7

management address TLV 29-2

management options

CLI 2-1

clustering 1-3

CNS 4-1

Network Assistant 1-2

overview 1-5

switch stacks 1-3

management VLAN

considerations in switch clusters 6-7

discovery through different management VLANs 6-7

mapping tables for QoS

configuring

CoS-to-DSCP 37-74

DSCP 37-74

DSCP-to-CoS 37-77

DSCP-to-DSCP-mutation 37-78

IP-precedence-to-DSCP 37-75

policed-DSCP 37-76

described 37-13

marking

action in policy map 37-59

action with aggregate policers 37-72

described 37-4, 37-9

matching IPv4 ACLs 36-8

maximum aging time

MSTP 20-24

STP 19-23

maximum hop count, MSTP 20-25

maximum number of allowed devices, port-based authentication 11-41

maximum-paths command 41-53, 41-92

MDA

configuration guidelines 11-30 to 11-31

described 1-11, 11-30

exceptions with authentication process 11-4

Media Access Control Security

See MACsec

membership mode, VLAN port 14-3

member switch

automatic discovery 6-5

defined 6-2

managing 6-16

passwords 6-13

recovering from lost connectivity 50-12

requirements 6-4

See also candidate switch, cluster standby group, and standby command switch

messages, to users through banners 7-17

metrics, in BGP 41-53

metric translations, between routing protocols 41-98

metro tags 18-2

MHSRP 43-4

MIBs

accessing files with FTP A-4

location of files A-4

overview 34-1

SNMP interaction with 34-4

supported A-1

mini-point-of-presence

See POP

mini-type USB console port 13-13

mirroring traffic for analysis 31-1

mismatches, autonegotiation 50-13

MKA

configuring policies 11-71

defined 11-33

policies 11-34

replay protection 11-34

statistics 11-36

virtual ports 11-34

module number 13-18

monitoring

access groups 36-41

BGP 41-64

cables for unidirectional links 30-1

CDP 27-6

CEF 41-91

EIGRP 41-44

fallback bridging 49-10

features 1-16

Flex Links 22-14

HSRP 43-13

IEEE 802.1Q tunneling 18-18

IGMP

snooping 25-12, 26-15

interfaces 13-45

IP

address tables 41-18

multicast routing 47-62

routes 41-105

IP SLAs operations 44-12

IPv4 ACL configuration 36-41

IPv6 42-27

IPv6 ACL configuration 38-8

IS-IS 41-75

ISO CLNS 41-75

Layer 2 protocol tunneling 18-18

MAC address-table move update 22-14

MSDP peers 48-19

multicast router interfaces 25-12, 26-16

multi-VRF CE 41-89

network traffic for analysis with probe 31-2

object tracking 45-12

OSPF 41-36

port

blocking 28-19

protection 28-19

private VLANs 17-14

RP mapping information 47-35

SFP status 13-46, 50-14

source-active messages 48-19

speed and duplex mode 13-29

SSM mapping 47-21

traffic flowing among switches 32-1

traffic suppression 28-19

tunneling 18-18

VLAN

filters 36-42

maps 36-42

VLANs 14-14

VMPS 14-30

VTP 15-17

mrouter Port 22-3

mrouter port 22-5

MSDP

benefits of 48-3

clearing MSDP connections and statistics 48-19

controlling source information

forwarded by switch 48-12

originated by switch 48-8

received by switch 48-14

default configuration 48-4

dense-mode regions

sending SA messages to 48-17

specifying the originating address 48-18

filtering

incoming SA messages 48-14

SA messages to a peer 48-12

SA requests from a peer 48-11

join latency, defined 48-6

meshed groups

configuring 48-16

defined 48-16

originating address, changing 48-18

overview 48-1

peer-RPF flooding 48-2

peers

configuring a default 48-4

monitoring 48-19

peering relationship, overview 48-1

requesting source information from 48-8

shutting down 48-16

source-active messages

caching 48-6

clearing cache entries 48-19

defined 48-2

filtering from a peer 48-11

filtering incoming 48-14

filtering to a peer 48-12

limiting data with TTL 48-14

monitoring 48-19

restricting advertised sources 48-9

support for 1-15

MSTP

boundary ports

configuration guidelines 20-16

described 20-6

BPDU filtering

described 21-3

enabling 21-14

BPDU guard

described 21-2

enabling 21-13

CIST, described 20-3

CIST regional root 20-3

CIST root 20-5

configuration guidelines 20-15, 21-12

configuring

forward-delay time 20-24

hello time 20-23

link type for rapid convergence 20-25

maximum aging time 20-24

maximum hop count 20-25

MST region 20-16

neighbor type 20-26

path cost 20-21

port priority 20-20

root switch 20-18

secondary root switch 20-19

switch priority 20-22

CST

defined 20-3

operations between regions 20-3

default configuration 20-14

default optional feature configuration 21-12

displaying status 20-27

enabling the mode 20-16

EtherChannel guard

described 21-10

enabling 21-17

extended system ID

effects on root switch 20-18

effects on secondary root switch 20-19

unexpected behavior 20-18

IEEE 802.1s

implementation 20-6

port role naming change 20-6

terminology 20-5

instances supported 19-10

interface state, blocking to forwarding 21-2

interoperability and compatibility among modes 19-10

interoperability with IEEE 802.1D

described 20-8

restarting migration process 20-26

IST

defined 20-2

master 20-3

operations within a region 20-3

loop guard

described 21-11

enabling 21-18

mapping VLANs to MST instance 20-17

MST region

CIST 20-3

configuring 20-16

described 20-2

hop-count mechanism 20-5

IST 20-2

supported spanning-tree instances 20-2

optional features supported 1-8

overview 20-2

Port Fast

described 21-2

enabling 21-12

preventing root switch selection 21-10

root guard

described 21-10

enabling 21-18

root switch

configuring 20-18

effects of extended system ID 20-18

unexpected behavior 20-18

shutdown Port Fast-enabled port 21-2

stack changes, effects of 20-8

status, displaying 20-27

MTU

system 13-40

system jumbo 13-39

system routing 13-39

multiauth

support for inaccessible authentication bypass 11-23

multiauth mode

See multiple-authentication mode

multicast groups

Immediate Leave 26-5

joining 26-3

leaving 26-4

static joins 25-8, 26-9

multicast packets

ACLs on 36-41

blocking 28-8

multicast router interfaces, monitoring 25-12, 26-16

multicast router ports, adding 25-8, 26-8

Multicast Source Discovery Protocol

See MSDP

multicast storm 28-1

multicast storm-control command 28-4

multicast television application 26-17

multicast VLAN 26-16

Multicast VLAN Registration

See MVR

multidomain authentication

See MDA

multioperations scheduling, IP SLAs 44-5

multiple authentication 11-12

Multiple HSRP

See MHSRP

multiple VPN routing/forwarding in customer edge devices

See multi-VRF CE

multi-VRF CE

configuration example 41-86

configuration guidelines 41-78

configuring 41-78

default configuration 41-78

defined 41-75

displaying 41-89

monitoring 41-89

network components 41-78

packet-forwarding process 41-77

support for 1-14

MVR

and address aliasing 26-19

and IGMPv3 26-20

configuring interfaces 26-21

default configuration 26-19

described 26-16

example application 26-17

in the switch stack 26-19

modes 26-20

multicast television application 26-17

setting global parameters 26-20

support for 1-5

N

NAC

AAA down policy 1-12

critical authentication 11-23, 11-57

IEEE 802.1x authentication using a RADIUS server 11-62

IEEE 802.1x validation using RADIUS server 11-62

inaccessible authentication bypass 1-12, 11-57

Layer 2 IEEE 802.1x validation 1-11, 11-62

Layer 2 IP validation 1-11

named IPv4 ACLs 36-15

named IPv6 ACLs 38-3

NameSpace Mapper

See NSM

native VLAN

and IEEE 802.1Q tunneling 18-4

configuring 14-21

default 14-21

NEAT

configuring 11-63

overview 11-31

neighbor discovery, IPv6 42-4

neighbor discovery/recovery, EIGRP 41-37

neighbors, BGP 41-59

Network Admission Control

See NAC

Network Assistant

benefits 1-2

described 1-5

downloading image files 1-3

guide mode 1-3

management options 1-2

managing switch stacks 5-3, 5-17

upgrading a switch B-25

wizards 1-3

network configuration examples

cost-effective wiring closet 1-21

high-performance wiring closet 1-23

increasing network performance 1-20

large network 1-29

long-distance, high-bandwidth transport 1-33

multidwelling network 1-32

providing network services 1-20

redundant Gigabit backbone 1-25

server aggregation and Linux server cluster 1-25

small to medium-sized network 1-27

network design

performance 1-20

services 1-20

Network Edge Access Topology

See NEAT

network management

CDP 27-1

RMON 32-1

SNMP 34-1

network performance, measuring with IP SLAs 44-3

network policy TLV 29-2, 29-7

Network Time Protocol

See NTP

no commands 2-4

nonhierarchical policy maps

configuration guidelines 37-40

configuring 37-59

described 37-10

non-IP traffic filtering 36-28

nontrunking mode 14-16

normal-range VLANs 14-4

configuration guidelines 14-5

configuring 14-4

defined 14-1

no switchport command 13-4

not-so-stubby areas

See NSSA

NSAPs, as ISO IGRP addresses 41-66

NSF Awareness

IS-IS 41-68

NSM 4-3

NSSA, OSPF 41-32

NTP

associations

authenticating 7-4

defined 7-2

enabling broadcast messages 7-6

peer 7-5

server 7-5

default configuration 7-4

displaying the configuration 7-11

overview 7-2

restricting access

creating an access group 7-8

disabling NTP services per interface 7-10

source IP address, configuring 7-10

stratum 7-2

support for 1-7

synchronizing devices 7-5

time

services 7-2

synchronizing 7-2

O

OBFL

configuring 50-26

described 50-26

displaying 50-27

object tracking

HSRP 45-7

IP SLAs 45-9

IP SLAs, configuring 45-9

monitoring 45-12

offline configuration for switch stacks 5-8

off mode, VTP 15-3

on-board failure logging

See OBFL

online diagnostics

described 51-1

overview 51-1

running tests 51-4

open1x

configuring 11-68

open1x authentication

overview 11-29

Open Shortest Path First

See OSPF

optimizing system resources 8-1

options, management 1-5

OSPF

area parameters, configuring 41-32

configuring 41-30

default configuration

metrics 41-33

route 41-33

settings 41-27

described 41-26

for IPv6 42-6

interface parameters, configuring 41-31

LSA group pacing 41-35

monitoring 41-36

router IDs 41-35

route summarization 41-33

support for 1-14

virtual links 41-33

out-of-profile markdown 1-13

P

packet modification, with QoS 37-22

PAgP

Layer 2 protocol tunneling 18-9

See EtherChannel

parallel paths, in routing tables 41-92

passive interfaces

configuring 41-102

OSPF 41-34

passwords

default configuration 10-2

disabling recovery of 10-5

encrypting 10-3

for security 1-10

in clusters 6-14

overview 10-1

recovery of 50-3

setting

enable 10-3

enable secret 10-3

Telnet 10-6

with usernames 10-6

VTP domain 15-9

path cost

MSTP 20-21

STP 19-20

path MTU discovery 42-4

payload encryption 1-1

PBR

defined 41-98

enabling 41-100

fast-switched policy-based routing 41-101

local policy-based routing 41-101

PC (passive command switch) 6-10

peers, BGP 41-59

percentage thresholds in tracked lists 45-6

performance, network design 1-20

performance features 1-4

persistent self-signed certificate 10-49

per-user ACLs and Filter-Ids 11-9

per-VLAN spanning-tree plus

See PVST+

PE to CE routing, configuring 41-85

physical ports 13-2

PIM

default configuration 47-11

dense mode

overview 47-4

rendezvous point (RP), described 47-5

RPF lookups 47-9

displaying neighbors 47-63

enabling a mode 47-13

overview 47-4

router-query message interval, modifying 47-38

shared tree and source tree, overview 47-35

shortest path tree, delaying the use of 47-37

sparse mode

join messages and shared tree 47-5

overview 47-5

prune messages 47-5

RPF lookups 47-9

stub routing

configuration guidelines 47-22

enabling 47-22

overview 47-5

support for 1-15

versions

interoperability 47-11

troubleshooting interoperability problems 47-35

v2 improvements 47-4

PIM-DVMRP, as snooping method 26-8

ping

character output description 50-16

executing 50-15

overview 50-15

PoE

auto mode 13-9

CDP with power consumption, described 13-7

CDP with power negotiation, described 13-7

Cisco intelligent power management 13-7

configuring 13-32

devices supported 13-7

high-power devices operating in low-power mode 13-7

IEEE power classification levels 13-8

monitoring 13-10

monitoring power 13-35

policing power consumption 13-35

policing power usage 13-10

power budgeting 13-33

power consumption 13-33

powered-device detection and initial power allocation 13-8

power management modes 13-9

power negotiation extensions to CDP 13-7

standards supported 13-7

static mode 13-10

troubleshooting 50-13

policed-DSCP map for QoS 37-76

policers

configuring

for each matched traffic class 37-59

for more than one traffic class 37-72

described 37-4

displaying 37-92

number of 37-41

types of 37-10

policing

described 37-4

hierarchical

See hierarchical policy maps

token-bucket algorithm 37-10

policy-based routing

See PBR

policy maps for QoS

characteristics of 37-60

described 37-8

displaying 37-92

hierarchical 37-9

hierarchical on SVIs

configuration guidelines 37-40

configuring 37-64

described 37-12

nonhierarchical on physical ports

configuration guidelines 37-40

configuring 37-59

described 37-10

POP 1-32

port ACLs

defined 36-2

types of 36-3

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting 11-14

authentication server

defined 11-3, 12-2

RADIUS server 11-3

client, defined 11-3, 12-2

configuration guidelines 11-38, 12-9

configuring

802.1x authentication 11-44

guest VLAN 11-54

host mode 11-47

inaccessible authentication bypass 11-57

manual re-authentication of a client 11-49

periodic re-authentication 11-48

quiet period 11-49

RADIUS server 11-46, 12-12

RADIUS server parameters on the switch 11-45, 12-11

restricted VLAN 11-55

switch-to-client frame-retransmission number 11-50, 11-51

switch-to-client retransmission time 11-50

violation mode 11-27

violation modes 11-43 to 11-44

default configuration 11-37, 12-9

described 11-1

device roles 11-3, 12-2

displaying statistics 11-73, 12-17

downloadable ACLs and redirect URLs

configuring 11-65 to 11-67, ?? to 11-68

overview 11-18 to 11-20

EAPOL-start frame 11-6

EAP-request/identity frame 11-6

EAP-response/identity frame 11-6

enabling

802.1X authentication 12-11

encapsulation 11-3

flexible authentication ordering

configuring 11-68

overview 11-29

guest VLAN

configuration guidelines 11-22, 11-23

described 11-21

host mode 11-12

inaccessible authentication bypass

configuring 11-57

described 11-23

guidelines 11-40

initiation and message exchange 11-6

magic packet 11-27

maximum number of allowed devices per port 11-41

method lists 11-44

multiple authentication 11-12

multiple-hosts mode, described 11-12

per-user ACLs

AAA authorization 11-44

configuration tasks 11-18

described 11-17

RADIUS server attributes 11-18

ports

authorization state and dot1x port-control command 11-11

authorized and unauthorized 11-10

voice VLAN 11-25

port security

and voice VLAN 11-27

described 11-26

interactions 11-26

multiple-hosts mode 11-12

readiness check

configuring 11-41

described 11-16, 11-41

resetting to default values 11-70

stack changes, effects of 11-11

statistics, displaying 11-73

switch

as proxy 11-3, 12-2

RADIUS client 11-3

switch supplicant

configuring 11-63

overview 11-31

user distribution

guidelines 11-25

overview 11-24

VLAN assignment

AAA authorization 11-44

characteristics 11-16

configuration tasks 11-17

described 11-16

voice aware 802.1x security

configuring 11-42

described 11-32, 11-42

voice VLAN

described 11-25

PVID 11-25

VVID 11-25

wake-on-LAN, described 11-27

port-based authentication methods, supported 11-8

port blocking 1-4, 28-7

port-channel

See EtherChannel

port description TLV 29-2

Port Fast

described 21-2

enabling 21-12

mode, spanning tree 14-27

support for 1-9

port membership modes, VLAN 14-3

port priority

MSTP 20-20

STP 19-18

ports

10-Gigabit Ethernet 13-7

access 13-3

blocking 28-7

dynamic access 14-3

protected 28-6

routed 13-4

secure 28-9

static-access 14-3, 14-9

switch 13-2

trunks 14-3, 14-14

VLAN assignments 14-9

port security

aging 28-17

and other features 28-11

and private VLANs 28-18

and QoS trusted boundary 37-45

and stacking 28-18

configuration guidelines 28-11

configuring 28-13

default configuration 28-11

described 28-8

displaying 28-19

enabling 28-18

on trunk ports 28-14

sticky learning 28-9

violations 28-10

port-shutdown response, VMPS 14-26

port VLAN ID TLV 29-2

power management TLV 29-2, 29-7

Power over Ethernet

See PoE

power supply

configuring 13-44

managing 13-44

preemption, default configuration 22-8

preemption delay, default configuration 22-8

preferential treatment of traffic

See QoS

prefix lists, BGP 41-57

preventing unauthorized access 10-1

primary interface for object tracking, DHCP, configuring 45-11

primary interface for static routing, configuring 45-10

primary links 22-2

primary VLANs 17-1, 17-3

priority

HSRP 43-8

overriding CoS 16-6

trusting CoS 16-6

private VLAN edge ports

See protected ports

private VLANs

across multiple switches 17-4

and SDM template 17-4

and SVIs 17-5

and switch stacks 17-5

benefits of 17-1

community ports 17-2

community VLANs 17-2, 17-3

configuration guidelines 17-6, 17-8

configuration tasks 17-6

configuring 17-9

default configuration 17-6

end station access to 17-3

IP addressing 17-3

isolated port 17-2

isolated VLANs 17-2, 17-3

mapping 17-13

monitoring 17-14

ports

community 17-2

configuration guidelines 17-8

configuring host ports 17-11

configuring promiscuous ports 17-12

isolated 17-2

promiscuous 17-2

primary VLANs 17-1, 17-3

promiscuous ports 17-2

secondary VLANs 17-2

subdomains 17-1

traffic in 17-4

privileged EXEC mode 2-2

privilege levels

changing the default for lines 10-9

command switch 6-17

exiting 10-9

logging into 10-9

mapping on member switches 6-17

overview 10-2, 10-7

setting a command with 10-8

promiscuous ports

configuring 17-12

defined 17-2

protected ports 1-10, 28-6

protocol-dependent modules, EIGRP 41-37

Protocol-Independent Multicast Protocol

See PIM

provider edge devices 41-76

provisioning new members for a switch stack 5-8

proxy ARP

configuring 41-12

definition 41-10

with IP routing disabled 41-12

proxy reports 22-3

pruning, VTP

disabling

in VTP domain 15-15

on a port 14-21

enabling

in VTP domain 15-15

on a port 14-20

examples 15-7

overview 15-6

pruning-eligible list

changing 14-20

for VTP pruning 15-6

VLANs 15-15

PVST+

described 19-9

IEEE 802.1Q trunking interoperability 19-11

instances supported 19-10

Q

QoS

and MQC commands 37-1

auto-QoS

categorizing traffic 37-24

configuration and defaults display 37-36

configuration guidelines 37-33

described 37-23

disabling 37-35

displaying generated commands 37-35

displaying the initial configuration 37-36

effects on running configuration 37-33

egress queue defaults 37-25

list of generated commands 37-26

basic model 37-4

classification

class maps, described 37-8

defined 37-4

DSCP transparency, described 37-46

flowchart 37-7

forwarding treatment 37-3

in frames and packets 37-3

IP ACLs, described 37-7, 37-8

MAC ACLs, described 37-5, 37-8

options for IP traffic 37-6

options for non-IP traffic 37-5

policy maps, described 37-8

trust DSCP, described 37-5

trusted CoS, described 37-5

trust IP precedence, described 37-5

class maps

configuring 37-54

displaying 37-92

configuration guidelines

auto-QoS 37-33

standard QoS 37-39

configuring

aggregate policers 37-72

auto-QoS 37-23

default port CoS value 37-44

DSCP maps 37-74

DSCP transparency 37-46

DSCP trust states bordering another domain 37-47

egress queue characteristics 37-84

ingress queue characteristics 37-80

IP extended ACLs 37-50

IP standard ACLs 37-49

MAC ACLs 37-53

policy maps, hierarchical 37-64

policy maps on physical ports 37-59

port trust states within the domain 37-43

trusted boundary 37-45

default auto configuration 37-24

default standard configuration 37-37

displaying statistics 37-92

DSCP transparency 37-46

egress queues

allocating buffer space 37-85

buffer allocation scheme, described 37-20

configuring shaped weights for SRR 37-89

configuring shared weights for SRR 37-90

described 37-4

displaying the threshold map 37-88

flowchart 37-19

mapping DSCP or CoS values 37-87

scheduling, described 37-4

setting WTD thresholds 37-85

WTD, described 37-22

enabling globally 37-42

flowcharts

classification 37-7

egress queueing and scheduling 37-19

ingress queueing and scheduling 37-16

policing and marking 37-11

implicit deny 37-8

ingress queues

allocating bandwidth 37-82

allocating buffer space 37-82

buffer and bandwidth allocation, described 37-18

configuring shared weights for SRR 37-82

configuring the priority queue 37-83

described 37-4

displaying the threshold map 37-81

flowchart 37-16

mapping DSCP or CoS values 37-81

priority queue, described 37-18

scheduling, described 37-4

setting WTD thresholds 37-81

WTD, described 37-18

IP phones

automatic classification and queueing 37-23

detection and trusted settings 37-23, 37-45

limiting bandwidth on egress interface 37-91

mapping tables

CoS-to-DSCP 37-74

displaying 37-92

DSCP-to-CoS 37-77

DSCP-to-DSCP-mutation 37-78

IP-precedence-to-DSCP 37-75

policed-DSCP 37-76

types of 37-13

marked-down actions 37-62, 37-68

marking, described 37-4, 37-9

overview 37-2

packet modification 37-22

policers

configuring 37-62, 37-68, 37-72

described 37-9

displaying 37-92

number of 37-41

types of 37-10

policies, attaching to an interface 37-9

policing

described 37-4, 37-9

token bucket algorithm 37-10

policy maps

characteristics of 37-60

displaying 37-92

hierarchical 37-9

hierarchical on SVIs 37-64

nonhierarchical on physical ports 37-59

QoS label, defined 37-4

queues

configuring egress characteristics 37-84

configuring ingress characteristics 37-80

high priority (expedite) 37-22, 37-90

location of 37-14

SRR, described 37-15

WTD, described 37-15

rewrites 37-22

support for 1-13

trust states

bordering another domain 37-47

described 37-5

trusted device 37-45

within the domain 37-43

quality of service

See QoS

queries, IGMP 26-3

query solicitation, IGMP 26-12

R

RADIUS

attributes

vendor-proprietary 10-36

vendor-specific 10-35

configuring

accounting 10-34

authentication 10-29

authorization 10-33

communication, global 10-27, 10-35

communication, per-server 10-27

multiple UDP ports 10-27

default configuration 10-27

defining AAA server groups 10-31

displaying the configuration 10-39

identifying the server 10-27

in clusters 6-16

limiting the services to the user 10-33

method list, defined 10-26

operation of 10-19

overview 10-18

server load balancing 10-39

suggested network environments 10-18

support for 1-12

tracking services accessed by user 10-34

RADIUS Change of Authorization 10-20

range

macro 13-21

of interfaces 13-19

rapid convergence 20-10

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described 19-9

IEEE 802.1Q trunking interoperability 19-11

instances supported 19-10

Rapid Spanning Tree Protocol

See RSTP

RARP 41-10

rcommand command 6-16

RCP

configuration files

downloading B-18

overview B-17

preparing the server B-17

uploading B-19

image files

deleting old image B-38

downloading B-37

preparing the server B-36

uploading B-38

reachability, tracking IP SLAs IP host 45-9

readiness check

port-based authentication

configuring 11-41

described 11-16, 11-41

reconfirmation interval, VMPS, changing 14-29

reconfirming dynamic VLAN membership 14-29

redirect URL 11-18, 11-20, 11-65

redundancy

EtherChannel 39-3

HSRP 43-1

STP

backbone 19-8

multidrop backbone 21-5

path cost 14-24

port priority 14-22

redundant links and UplinkFast 21-15

redundant power system

See Cisco Redundant Power System 2300

reliable transport protocol, EIGRP 41-37

reloading software 3-24

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN 31-3

report suppression, IGMP

described 26-5

disabling 25-11, 26-15

resequencing ACL entries 36-15

reserved addresses in DHCP pools 23-27

resets, in BGP 41-51

resetting a UDLD-shutdown interface 30-6

responder, IP SLAs

described 44-4

enabling 44-7

response time, measuring with IP SLAs 44-4

restricted VLAN

configuring 11-55

described 11-22

using with IEEE 802.1x 11-22

restricting access

NTP services 7-8

overview 10-1

passwords and privilege levels 10-2

RADIUS 10-17

TACACS+ 10-10

retry count, VMPS, changing 14-30

reverse address resolution 41-9

Reverse Address Resolution Protocol

See RARP

RFC

1058, RIP 41-20

1112, IP multicast and IGMP 26-2

1157, SNMPv1 34-2

1163, BGP 41-44

1166, IP addresses 41-7

1253, OSPF 41-26

1267, BGP 41-44

1305, NTP 7-2

1587, NSSAs 41-26

1757, RMON 32-2

1771, BGP 41-44

1901, SNMPv2C 34-2

1902 to 1907, SNMPv2 34-2

2236, IP multicast and IGMP 26-2

2273-2275, SNMPv3 34-2

RFC 5176 Compliance 10-21

RIP

advertisements 41-20

authentication 41-23

configuring 41-21

default configuration 41-21

described 41-20

for IPv6 42-6

hop counts 41-20

split horizon 41-23

summary addresses 41-24

support for 1-14

RMON

default configuration 32-3

displaying status 32-6

enabling alarms and events 32-3

groups supported 32-2

overview 32-1

statistics

collecting group Ethernet 32-5

collecting group history 32-5

support for 1-16

root guard

described 21-10

enabling 21-18

support for 1-9

root switch

MSTP 20-18

STP 19-15

route calculation timers, OSPF 41-34

route dampening, BGP 41-63

routed packets, ACLs on 36-40

routed ports

configuring 41-5

defined 13-4

in switch clusters 6-8

IP addresses on 13-37, 41-5

route-map command 41-100

route maps

BGP 41-55

policy-based routing 41-98

router ACLs

defined 36-2

types of 36-4

route reflectors, BGP 41-62

router ID, OSPF 41-35

route selection, BGP 41-53

route summarization, OSPF 41-33

route targets, VPN 41-78

routing

default 41-3

dynamic 41-3

redistribution of information 41-95

static 41-3

routing domain confederation, BGP 41-62

Routing Information Protocol

See RIP

routing protocol administrative distances 41-93

RPS

See Cisco Redundant Power System 2300

RPS 2300

See Cisco Redundant Power System 2300

RSPAN 31-3

and stack changes 31-10

characteristics 31-9

configuration guidelines 31-17

default configuration 31-12

destination ports 31-8

displaying status 31-28

in a switch stack 31-3

interaction with other features 31-9

monitored ports 31-7

monitoring ports 31-8

overview 1-16, 31-1

received traffic 31-6

session limits 31-12

sessions

creating 31-18

defined 31-4

limiting source traffic to specific VLANs 31-20

specifying monitored ports 31-18

with ingress traffic enabled 31-22

source ports 31-7

transmitted traffic 31-6

VLAN-based 31-7

RSTP

active topology 20-9

BPDU

format 20-12

processing 20-13

designated port, defined 20-9

designated switch, defined 20-9

interoperability with IEEE 802.1D

described 20-8

restarting migration process 20-26

topology changes 20-13

overview 20-9

port roles

described 20-9

synchronized 20-11

proposal-agreement handshake process 20-10

rapid convergence

cross-stack rapid convergence 20-11

described 20-10

edge ports and Port Fast 20-10

point-to-point links 20-10, 20-25

root ports 20-10

root port, defined 20-9

See also MSTP

running configuration

replacing B-20, B-21

rolling back B-20, B-22

saving 3-16

S

SC (standby command switch) 6-10

scheduled reloads 3-24

scheduling, IP SLAs operations 44-5

SCP

and SSH 10-55

configuring 10-55

SDM

described 8-1

switch stack consideration 5-10

templates

configuring 8-5

number of 8-1

SDM template

configuring 8-4

dual IPv4 and IPv6 8-2

types of 8-1

secondary VLANs 17-2

Secure Copy Protocol

secure HTTP client

configuring 10-54

displaying 10-54

secure HTTP server

configuring 10-52

displaying 10-54

secure MAC addresses

and switch stacks 28-18

deleting 28-16

maximum number of 28-10

types of 28-9

secure ports

and switch stacks 28-18

configuring 28-9

secure remote connections 10-44

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port 28-8

security features 1-10

See SCP

sequence numbers in log messages 33-8

server mode, VTP 15-3

service-provider network, MSTP and RSTP 20-1

service-provider networks

and customer VLANs 18-2

and IEEE 802.1Q tunneling 18-1

Layer 2 protocols across 18-8

Layer 2 protocol tunneling for EtherChannels 18-9

session keys, MKA 11-33

set-request operation 34-4

setup program

failed command switch replacement 50-11

replacing failed command switch 50-9

severity levels, defining in system messages 33-9

SFPs

monitoring status of 13-46, 50-14

numbering of 13-18

security and identification 50-14

status, displaying 50-14

shaped round robin

See SRR

show access-lists hw-summary command 36-22

show and more command output, filtering 2-9

show cdp traffic command 27-6

show cluster members command 6-16

show configuration command 13-36

show forward command 50-22

show interfaces command 13-29, 13-36

show interfaces switchport 22-4

show l2protocol command 18-13, 18-15, 18-16

show lldp traffic command 29-12

show platform forward command 50-22

show running-config command

displaying ACLs 36-20, 36-21, 36-33, 36-35

interface description in 13-36

shutdown command on interfaces 13-47

shutdown threshold for Layer 2 protocol packets 18-11

Simple Network Management Protocol

See SNMP

single session ID 11-32

small form-factor pluggable modules

See SFPs

small-frame arrival rate, configuring 28-5

SNAP 27-1

SNMP

accessing MIB variables with 34-4

agent

described 34-4

disabling 34-7

and IP SLAs 44-2

authentication level 34-10

community strings

configuring 34-8

for cluster switches 34-4

overview 34-4

configuration examples 34-18

default configuration 34-6

engine ID 34-7

groups 34-7, 34-9

host 34-7

ifIndex values 34-5

in-band management 1-7

in clusters 6-14

informs

and trap keyword 34-12

described 34-5

differences from traps 34-5

disabling 34-15

enabling 34-15

limiting access by TFTP servers 34-17

limiting system log messages to NMS 33-10

manager functions 1-6, 34-3

managing clusters with 6-17

MIBs

location of A-4

supported A-1

notifications 34-5

overview 34-1, 34-4

security levels 34-3

setting CPU threshold notification 34-16

status, displaying 34-19

system contact and location 34-16

trap manager, configuring 34-14

traps

described 34-3, 34-5

differences from informs 34-5

disabling 34-15

enabling 34-12

enabling MAC address notification 7-22, 7-24, 7-25

overview 34-1, 34-4

types of 34-12

users 34-7, 34-9

versions supported 34-2

SNMP and Syslog Over IPv6 42-7

SNMPv1 34-2

SNMPv2C 34-2

SNMPv3 34-2

snooping, IGMP 26-2

software compatibility

See stacks, switch

software images

location in flash B-26

recovery procedures 50-2

scheduling reloads 3-24

tar file format, described B-26

See also downloading and uploading

software images in mixed stacks

See the Cisco Software Activation and Compatibility Document

source addresses

in IPv4 ACLs 36-12

in IPv6 ACLs 38-5

source-and-destination-IP address based forwarding, EtherChannel 39-9

source-and-destination MAC address forwarding, EtherChannel 39-9

source-IP address based forwarding, EtherChannel 39-9

source-MAC address forwarding, EtherChannel 39-8

Source-specific multicast

See SSM

SPAN

and stack changes 31-10

configuration guidelines 31-12

default configuration 31-12

destination ports 31-8

displaying status 31-28

interaction with other features 31-9

monitored ports 31-7

monitoring ports 31-8

overview 1-16, 31-1

ports, restrictions 28-12

received traffic 31-6

session limits 31-12

sessions

configuring ingress forwarding 31-16, 31-23

creating 31-13, 31-25

defined 31-4

limiting source traffic to specific VLANs 31-16

removing destination (monitoring) ports 31-14

specifying monitored ports 31-13, 31-25

with ingress traffic enabled 31-15

source ports 31-7

transmitted traffic 31-6

VLAN-based 31-7

spanning tree and native VLANs 14-17

Spanning Tree Protocol

See STP

SPAN traffic 31-6

split horizon, RIP 41-23

SRR

configuring

shaped weights on egress queues 37-89

shared weights on egress queues 37-90

shared weights on ingress queues 37-82

described 37-15

shaped mode 37-15

shared mode 37-16

support for 1-13, 1-14

SSH

configuring 10-45

described 1-7, 10-44

encryption methods 10-44

switch stack considerations 5-17

user authentication methods, supported 10-45

SSL

configuration guidelines 10-51

configuring a secure HTTP client 10-54

configuring a secure HTTP server 10-52

described 10-48

monitoring 10-54

SSM

address management restrictions 47-16

CGMP limitations 47-16

components 47-14

configuration guidelines 47-16

configuring 47-14, 47-17

differs from Internet standard multicast 47-14

IGMP snooping 47-16

IGMPv3 47-14

IGMPv3 Host Signalling 47-15

IP address range 47-15

monitoring 47-17

operations 47-15

PIM 47-14

state maintenance limitations 47-16

SSM mapping 47-17

configuration guidelines 47-17

configuring 47-17, 47-19

DNS-based 47-18, 47-20

monitoring 47-21

overview 47-18

restrictions 47-18

static 47-18, 47-20

static traffic forwarding 47-21

stack changes

effects on

IPv6 routing 42-9

stack changes, effects on

ACL configuration 36-7

CDP 27-2

cross-stack EtherChannel 39-13

EtherChannel 39-10

fallback bridging 49-3

HSRP 43-5

IEEE 802.1x port-based authentication 11-11

IGMP snooping 26-6

IP routing 41-4

IPv6 ACLs 38-3

MAC address tables 7-21

MSTP 20-8

multicast routing 47-10

MVR 26-17

port security 28-18

SDM template selection 8-3

SNMP 34-1

SPAN and RSPAN 31-10

STP 19-11

switch clusters 6-14

system message log 33-2

VLANs 14-6

VTP 15-7

stacking

and MACsec 11-34

stack master

bridge ID (MAC address) 5-7

defined 5-2

election 5-5

IPv6 42-9

re-election 5-5

See also stacks, switch

stack member

accessing CLI of specific member 5-25

configuring

member number 5-22

priority value 5-23

defined 5-2

displaying information of 5-25

IPv6 42-10

number 5-7

priority value 5-8

provisioning a new member 5-23

replacing 5-16

See also stacks, switch

stack member number 13-17

stack protocol version 5-11

stacks, switch

accessing CLI of specific member 5-25

assigning information

member number 5-22

priority value 5-23

provisioning a new member 5-23

auto-advise 5-13

auto-copy 5-12

auto-extract 5-12

auto-upgrade 5-12

bridge ID 5-7

Catalyst 3750-X-only 5-2

CDP considerations 27-2

compatibility, software 5-11

configuration file 5-15

configuration scenarios 5-18

copying an image file from one member to another B-39

default configuration 5-20

description of 5-2

displaying information of 5-25

enabling persistent MAC address timer 5-20

hardware compatibility and SDM mismatch mode 5-10

HSRP considerations 43-5

in clusters 6-14

incompatible software and image upgrades 5-15, B-39

IPv6 on 42-9

MAC address considerations 7-21

MAC address of 5-20

management connectivity 5-17

managing 5-1

managing mixed

See Catalyst 3750-E and 3750 Switch Stacking Compatibility Guide

membership 5-4

merged 5-4

mixed

hardware 5-2

hardware and software 5-2

software 5-2

with Catalyst 3750-E and 3750 switches 5-2

mixed software images

See Cisco Software Activation and Compatibility Document

MSTP instances supported 19-10

multicast routing, stack master and member roles 47-10

offline configuration

described 5-8

effects of adding a provisioned switch 5-9

effects of removing a provisioned switch 5-10

effects of replacing a provisioned switch 5-10

provisioned configuration, defined 5-8

provisioned switch, defined 5-8

provisioning a new member 5-23

partitioned 5-4, 50-8

provisioned switch

adding 5-9

removing 5-10

replacing 5-10

replacing a failed member 5-16

software compatibility 5-11

software image version 5-11

stack protocol version 5-11

STP

bridge ID 19-3

instances supported 19-10

root port selection 19-3

stack root switch election 19-3

system messages

hostnames in the display 33-1

remotely monitoring 33-2

system prompt consideration 7-14

system-wide configuration considerations 5-16

upgrading B-39

version-mismatch (VM) mode

automatic upgrades with auto-upgrade 5-12

described 5-12

examples 5-13

manual upgrades with auto-advise 5-13

upgrades with auto-extract 5-12

See also stack master and stack member

StackWise Plus technology, Cisco 1-3

See also stacks, switch

standby command switch

configuring

considerations 6-11

defined 6-2

priority 6-10

requirements 6-3

virtual IP address 6-11

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

standby ip command 43-6

standby links 22-2

standby router 43-1

standby timers, HSRP 43-10

startup configuration

booting

manually 3-19

specific image 3-20

clearing B-20

configuration file

automatically downloading 3-18

specifying the filename 3-19

default boot configuration 3-18

static access ports

assigning to VLAN 14-9

defined 13-3, 14-3

static addresses

See addresses

static IP routing 1-14

static MAC addressing 1-10

static route primary interface, configuring 45-10

static routes

configuring 41-93

understanding 42-6

static routing 41-3

static routing support, enhanced object tracking 45-10

static SSM mapping 47-18, 47-20

static traffic forwarding 47-21

static VLAN membership 14-2

statistics

802.1X 12-17

CDP 27-6

IEEE 802.1x 11-73

interface 13-45

IP multicast routing 47-63

MKA 11-36

OSPF 41-36

QoS ingress and egress 37-92

RMON group Ethernet 32-5

RMON group history 32-5

SNMP input and output 34-19

VTP 15-17

sticky learning 28-9

storm control

configuring 28-3

described 28-1

disabling 28-5

displaying 28-19

support for 1-4

thresholds 28-1

STP

accelerating root port selection 21-4

BackboneFast

described 21-7

disabling 21-17

enabling 21-16

BPDU filtering

described 21-3

disabling 21-15

enabling 21-14

BPDU guard

described 21-2

disabling 21-14

enabling 21-13

BPDU message exchange 19-3

configuration guidelines 19-13, 21-12

configuring

forward-delay time 19-23

hello time 19-22

maximum aging time 19-23

path cost 19-20

port priority 19-18

root switch 19-15

secondary root switch 19-17

spanning-tree mode 19-14

switch priority 19-21

transmit hold-count 19-24

counters, clearing 19-24

cross-stack UplinkFast

described 21-5

enabling 21-16

default configuration 19-12

default optional feature configuration 21-12

designated port, defined 19-4

designated switch, defined 19-4

detecting indirect link failures 21-8

disabling 19-15

displaying status 19-24

EtherChannel guard

described 21-10

disabling 21-17

enabling 21-17

extended system ID

effects on root switch 19-16

effects on the secondary root switch 19-17

overview 19-4

unexpected behavior 19-16

features supported 1-8

IEEE 802.1D and bridge ID 19-4

IEEE 802.1D and multicast addresses 19-8

IEEE 802.1t and VLAN identifier 19-5

inferior BPDU 19-3

instances supported 19-10

interface state, blocking to forwarding 21-2

interface states

blocking 19-6

disabled 19-7

forwarding 19-6, 19-7

learning 19-7

listening 19-7

overview 19-5

interoperability and compatibility among modes 19-10

keepalive messages 19-2

Layer 2 protocol tunneling 18-8

limitations with IEEE 802.1Q trunks 19-10

load sharing

overview 14-22

using path costs 14-24

using port priorities 14-22

loop guard

described 21-11

enabling 21-18

modes supported 19-9

multicast addresses, effect of 19-8

optional features supported 1-8

overview 19-2

path costs 14-24, 14-25

Port Fast

described 21-2

enabling 21-12

port priorities 14-23

preventing root switch selection 21-10

protocols supported 19-9

redundant connectivity 19-8

root guard

described 21-10

enabling 21-18

root port, defined 19-3

root port selection on a switch stack 19-3

root switch

configuring 19-16

effects of extended system ID 19-4, 19-16

election 19-3

unexpected behavior 19-16

shutdown Port Fast-enabled port 21-2

stack changes, effects of 19-11

status, displaying 19-24

superior BPDU 19-3

timers, described 19-22

UplinkFast

described 21-3

enabling 21-15

VLAN-bridge 19-11

stratum, NTP 7-2

stub areas, OSPF 41-32

stub routing, EIGRP 41-43

subdomains, private VLAN 17-1

subnet mask 41-7

subnet zero 41-7

success response, VMPS 14-26

summer time 7-13

SunNet Manager 1-6

supernet 41-8

supported port-based authentication methods 11-8

SVI autostate exclude

configuring 13-39

defined 13-6

SVI link state 13-6

SVIs

and IP unicast routing 41-5

and router ACLs 36-4

connecting VLANs 13-12

defined 13-5

routing between VLANs 14-2

switch 42-2

switch clustering technology 6-1

See also clusters, switch

switch console port 1-7

Switch Database Management

See SDM

switched packets, ACLs on 36-39

Switched Port Analyzer

See SPAN

switched ports 13-2

switchport backup interface 22-4, 22-5

switchport block multicast command 28-8

switchport block unicast command 28-8

switchport command 13-27

switchport mode dot1q-tunnel command 18-7

switchport protected command 28-7

switch priority

MSTP 20-22

STP 19-21

switch software features 1-1

switch virtual interface

See SVI

synchronization, BGP 41-49

syslog

See system message logging

system capabilities TLV 29-2

system clock

configuring

daylight saving time 7-13

manually 7-11

summer time 7-13

time zones 7-12

displaying the time and date 7-12

overview 7-2

See also NTP

system description TLV 29-2

system message logging

default configuration 33-4

defining error message severity levels 33-9

disabling 33-4

displaying the configuration 33-14

enabling 33-5

facility keywords, described 33-14

level keywords, described 33-10

limiting messages 33-10

message format 33-2

overview 33-1

sequence numbers, enabling and disabling 33-8

setting the display destination device 33-5

stack changes, effects of 33-2

synchronizing log messages 33-6

syslog facility 1-16

time stamps, enabling and disabling 33-8

UNIX syslog servers

configuring the daemon 33-12

configuring the logging facility 33-13

facilities supported 33-14

system MTU

and IS-IS LSPs 41-70

system MTU and IEEE 802.1Q tunneling 18-5

system name

default configuration 7-15

default setting 7-15

manual configuration 7-15

See also DNS

system name TLV 29-2

system prompt, default setting 7-14, 7-15

system resources, optimizing 8-1

system routing

IS-IS 41-66

ISO IGRP 41-66

T

TACACS+

accounting, defined 10-11

authentication, defined 10-11

authorization, defined 10-11

configuring

accounting 10-17

authentication key 10-13

authorization 10-16

login authentication 10-14

default configuration 10-13

displaying the configuration 10-17

identifying the server 10-13

in clusters 6-16

limiting the services to the user 10-16

operation of 10-12

overview 10-10

support for 1-12

tracking services accessed by user 10-17

tagged packets

IEEE 802.1Q 18-3

Layer 2 protocol 18-8

tar files

creating B-7

displaying the contents of B-7

extracting B-8

image file format B-26

TCL script, registering and defining with embedded event manager 35-7

TDR 1-16

Telnet

accessing management interfaces 2-10

number of connections 1-7

setting a password 10-6

templates, SDM 8-2

temporary self-signed certificate 10-49

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password 10-6

TFTP

configuration files

downloading B-12

preparing the server B-11

uploading B-13

configuration files in base directory 3-8

configuring for autoconfiguration 3-7

image files

deleting B-30

downloading B-28

preparing the server B-28

uploading B-30

limiting access by servers 34-17

TFTP server 1-6

threshold, traffic level 28-2

threshold monitoring, IP SLAs 44-6

time

See NTP and system clock

Time Domain Reflector

See TDR

time-range command 36-17

time ranges in ACLs 36-17

time stamps in log messages 33-8

time zones 7-12

TLVs

defined 29-2

LLDP 29-2

LLDP-MED 29-2

Token Ring VLANs

support for 14-5

VTP support 15-4

ToS 1-13

traceroute, Layer 2

and ARP 50-17

and CDP 50-17

broadcast traffic 50-16

described 50-16

IP addresses and subnets 50-17

MAC addresses and VLANs 50-17

multicast traffic 50-17

multiple devices on a port 50-17

unicast traffic 50-16

usage guidelines 50-17

traceroute command 50-18

See also IP traceroute

tracked lists

configuring 45-3

types 45-3

tracked objects

by Boolean expression 45-4

by threshold percentage 45-6

by threshold weight 45-5

tracking interface line-protocol state 45-2

tracking IP routing state 45-2

tracking objects 45-1

tracking process 45-1

track state, tracking IP SLAs 45-9

traffic

blocking flooded 28-8

fragmented 36-5

fragmented IPv6 38-2

unfragmented 36-5

traffic policing 1-13

traffic suppression 28-1

transmit hold-count

see STP

transparent mode, VTP 15-3

trap-door mechanism 3-2

traps

configuring MAC address notification 7-22, 7-24, 7-25

configuring managers 34-12

defined 34-3

enabling 7-22, 7-24, 7-25, 34-12

notification types 34-12

overview 34-1, 34-4

troubleshooting

connectivity problems 50-15, 50-16, 50-18

CPU utilization 50-28

detecting unidirectional links 30-1

displaying crash information 50-24

PIMv1 and PIMv2 interoperability problems 47-35

setting packet forwarding 50-22

SFP security and identification 50-14

show forward command 50-22

with CiscoWorks 34-4

with debug commands 50-20

with ping 50-15

with system message logging 33-1

with traceroute 50-18

trunk failover

See link-state tracking

trunking encapsulation 1-9

trunk ports

configuring 14-18

defined 13-3, 14-3

encapsulation 14-18, 14-23, 14-25

trunks

allowed-VLAN list 14-19

configuring 14-18, 14-23, 14-25

ISL 14-14

load sharing

setting STP path costs 14-24

using STP port priorities 14-22, 14-23

native VLAN for untagged traffic 14-21

parallel 14-24

pruning-eligible list 14-20

to non-DTP device 14-15

trusted boundary for QoS 37-45

trusted port states

between QoS domains 37-47

classification options 37-5

ensuring port security for IP phones 37-45

support for 1-13

within a QoS domain 37-43

trustpoints, CA 10-49

tunneling

defined 18-1

IEEE 802.1Q 18-1

Layer 2 protocol 18-8

tunnel ports

described 13-4, 18-2

IEEE 802.1Q, configuring 18-7

incompatibilities with other features 18-6

twisted-pair Ethernet, detecting unidirectional links 30-1

type of service

See ToS

U

UDLD

configuration guidelines 30-4

default configuration 30-4

disabling

globally 30-5

on fiber-optic interfaces 30-5

per interface 30-6

echoing detection mechanism 30-3

enabling

globally 30-5

per interface 30-6

Layer 2 protocol tunneling 18-10

link-detection mechanism 30-1

neighbor database 30-2

overview 30-1

resetting an interface 30-6

status, displaying 30-7

support for 1-8

UDP, configuring 41-16

UDP jitter, configuring 44-8

UDP jitter operation, IP SLAs 44-8

unauthorized ports with IEEE 802.1x 11-10

unicast MAC address filtering 1-6

and adding static addresses 7-28

and broadcast MAC addresses 7-28

and CPU packets 7-28

and multicast addresses 7-28

and router MAC addresses 7-28

configuration guidelines 7-28

described 7-28

unicast storm 28-1

unicast storm control command 28-4

unicast traffic, blocking 28-8

UniDirectional Link Detection protocol

See UDLD

universal software image 1-1

feature set

IP base 1-1

IP services 1-2

UNIX syslog servers

daemon configuration 33-12

facilities supported 33-14

message logging configuration 33-13

unrecognized Type-Length-Value (TLV) support 15-4

upgrading software images

See downloading

UplinkFast

described 21-3

disabling 21-16

enabling 21-15

support for 1-8

uploading

configuration files

preparing B-11, B-14, B-17

reasons for B-9

using FTP B-16

using RCP B-19

using TFTP B-13

image files

preparing B-28, B-31, B-36

reasons for B-25

using FTP B-34

using RCP B-38

using TFTP B-30

USB flash devices 13-16

USB inactivity timer 13-15

USB port

mini-type B 13-13

USB ports 13-13

USB Type A port 1-8

USB type A port 13-16

User Datagram Protocol

See UDP

user EXEC mode 2-2

username-based authentication 10-6

V

version-dependent transparent mode 15-4

version-mismatch (VM) mode

automatic upgrades with auto-upgrade 5-12

described 5-12

displaying 5-12

manual upgrades with auto-advise 5-13

upgrades with auto-extract 5-12

virtual IP address

cluster standby group 6-11

command switch 6-11

virtual ports, MKA 11-34

Virtual Private Network

See VPN

virtual router 43-1, 43-2

virtual switches and PAgP 39-6

vlan.dat file 14-4

VLAN 1

disabling on a trunk port 14-20

minimization 14-19

VLAN ACLs

See VLAN maps

vlan-assignment response, VMPS 14-26

VLAN configuration

at bootup 14-6

saving 14-6

VLAN configuration mode 2-2

VLAN database

and startup configuration file 14-6

and VTP 15-1

VLAN configuration saved in 14-6

VLANs saved in 14-4

vlan dot1q tag native command 18-5

VLAN filtering and SPAN 31-8

vlan global configuration command 14-6

VLAN ID, discovering 7-31

VLAN link state 13-6

VLAN load balancing on flex links

configuration guidelines 22-8

described 22-2

VLAN management domain 15-2

VLAN Management Policy Server

See VMPS

VLAN map entries, order of 36-31

VLAN maps

applying 36-35

common uses for 36-35

configuration guidelines 36-31

configuring 36-31

creating 36-32

defined 36-3

denying access to a server example 36-36

denying and permitting packets 36-33

displaying 36-42

examples of ACLs and VLAN maps 36-33

removing 36-35

support for 1-10

wiring closet configuration example 36-36

VLAN membership

confirming 14-29

modes 14-3

VLAN Query Protocol

See VQP

VLANs

adding 14-7

adding to VLAN database 14-7

aging dynamic addresses 19-9

allowed on trunk 14-19

and spanning-tree instances 14-3, 14-6, 14-11

configuration guidelines, extended-range VLANs 14-10

configuration guidelines, normal-range VLANs 14-5

configuring 14-1

configuring IDs 1006 to 4094 14-10

connecting through SVIs 13-12

customer numbering in service-provider networks 18-3

default configuration 14-7

deleting 14-8

described 13-2, 14-1

displaying 14-14

extended-range 14-1, 14-10

features 1-9

illustrated 14-2

internal 14-11

in the switch stack 14-6

limiting source traffic with RSPAN 31-20

limiting source traffic with SPAN 31-16

modifying 14-7

multicast 26-16

native, configuring 14-21

normal-range 14-1, 14-4

number supported 1-9

parameters 14-4

port membership modes 14-3

static-access ports 14-9

STP and IEEE 802.1Q trunks 19-10

supported 14-2

Token Ring 14-5

traffic between 14-2

VLAN-bridge STP 19-11, 49-2

VTP modes 15-3

VLAN Trunking Protocol

See VTP

VLAN trunks 14-14

VMPS

administering 14-30

configuration example 14-31

configuration guidelines 14-27

default configuration 14-27

description 14-25

dynamic port membership

described 14-26

reconfirming 14-29

troubleshooting 14-31

entering server address 14-28

mapping MAC addresses to VLANs 14-26

monitoring 14-30

reconfirmation interval, changing 14-29

reconfirming membership 14-29

retry count, changing 14-30

voice aware 802.1x security

port-based authentication

configuring 11-42

described 11-32, 11-42

voice-over-IP 16-1

voice VLAN

Cisco 7960 phone, port connections 16-1

configuration guidelines 16-3

configuring IP phones for data traffic

override CoS of incoming frame 16-6

trust CoS priority of incoming frame 16-6

configuring ports for voice traffic in

IEEE 802.1p priority tagged frames 16-5

IEEE 802.1Q frames 16-5

connecting to an IP phone 16-4

default configuration 16-3

described 16-1

displaying 16-7

IP phone data traffic, described 16-2

IP phone voice traffic, described 16-2

VPN

configuring routing in 41-84

forwarding 41-78

in service provider networks 41-75

routes 41-76

VPN routing and forwarding table

See VRF

VQP 1-9, 14-25

VRF

defining 41-78

tables 41-75

VRF-aware services

ARP 41-80

configuring 41-80

ftp 41-83

HSRP 41-81

ping 41-81

RADIUS 41-82

SNMP 41-81

syslog 41-82

tftp 41-83

traceroute 41-83

uRPF 41-82

VRFs, configuring multicast 41-84

VTP

adding a client to a domain 15-16

advertisements 14-17, 15-4

and extended-range VLANs 14-2, 15-2

and normal-range VLANs 14-2, 15-2

client mode, configuring 15-13

configuration

requirements 15-11

saving 15-9

configuration requirements 15-11

configuration revision number

guideline 15-16

resetting 15-17

consistency checks 15-5

default configuration 15-8

described 15-1

domain names 15-9

domains 15-2

Layer 2 protocol tunneling 18-8

modes