Catalyst 3750-X and Catalyst 3560-X Switch Software Configuration Guide, Cisco IOS Release 15.2(1)E
Index
Downloads: This chapterpdf (PDF - 1.81MB) The complete bookPDF (PDF - 16.68MB) | Feedback

Index

Numerics

10-Gigabit Ethernet interfaces 1-7

802.1AE

standard 1-2

802.1AE Tagging 1-2

802.1x-REV 1-2

A

AAA down policy, NAC Layer 2 IP validation 1-13

abbreviating commands 1-3

ABRs 1-27

AC (command switch) 1-10

access control entries

See ACEs

access-denied response, VMPS 1-26

access groups

applying IPv4 ACLs to interfaces 1-22

Layer 3 1-22

access groups, applying IPv4 ACLs to interfaces 1-22

accessing

clusters, switch 1-13

command switches 1-11

member switches 1-13

switch clusters 1-13

accessing stack members 1-30

access lists

See ACLs

access ports

and Layer 2 protocol tunneling 1-12

defined 1-3

in switch clusters 1-9

access template 1-2

accounting

with 802.1x 1-53

with IEEE 802.1x 1-14

with RADIUS 1-34

with TACACS+ 1-11, 1-17

ACEs

and QoS 1-8

defined 1-2

Ethernet 1-2

IP 1-2

ACLs

ACEs 1-2

applying

on bridged packets 1-42

on multicast packets 1-43

on routed packets 1-43

on switched packets 1-41

time ranges to 1-18

to an interface 1-21, 1-7

to QoS 1-7

classifying traffic for QoS 1-50

comments in 1-20

compiling 1-24

defined 1-2, 1-8

examples of 1-24, 1-50

extended IP, configuring for QoS classification 1-51

extended IPv4

creating 1-11

matching criteria 1-8

hardware and software handling 1-23

IP

creating 1-8

fragments and QoS guidelines 1-40

implicit deny 1-11, 1-15, 1-18

implicit masks 1-11

matching criteria 1-8

undefined 1-23

IPv4

applying to interfaces 1-21

creating 1-8

matching criteria 1-8

named 1-16

numbers 1-9

terminal lines, setting on 1-20

unsupported features 1-7

IPv6

and stacking 1-3

applying to interfaces 1-7

configuring 1-4, 1-5

displaying 1-8

interactions with other features 1-4

limitations 1-3

matching criteria 1-3

named 1-3

precedence of 1-2

supported 1-2

unsupported features 1-3

Layer 4 information in 1-41

logging messages 1-9

MAC extended 1-29, 1-54

matching 1-8, 1-22

monitoring 1-44, 1-8

named

IPv4 1-16

IPv6 1-3

names 1-4

number per QoS class map 1-40

port 1-3, 1-2

precedence of 1-3

QoS 1-7, 1-50

resequencing entries 1-16

router 1-3, 1-2

router ACLs and VLAN map configuration guidelines 1-40

standard IP, configuring for QoS classification 1-50, 1-52

standard IPv4

creating 1-10

matching criteria 1-8

support for 1-12

support in hardware 1-23

time ranges 1-18

types supported 1-2

unsupported features

IPv4 1-7

IPv6 1-3

using router ACLs with VLAN maps 1-40

VLAN maps

configuration guidelines 1-33

configuring 1-32

active link 1-4, 1-5, 1-6

active links 1-2

active router 1-2

active traffic monitoring, IP SLAs 1-1

address aliasing 1-2

addresses

displaying the MAC address table 1-23

dynamic

accelerated aging 1-9

changing the aging time 1-14

default aging 1-9

defined 1-12

learning 1-13

removing 1-15

IPv6 1-2

MAC, discovering 1-24

multicast

group address range 1-3

STP address management 1-9

static

adding and removing 1-20

defined 1-12

address resolution 1-24, 1-10

Address Resolution Protocol

See ARP

adjacency tables, with CEF 1-92

administrative distances

defined 1-104

OSPF 1-35

routing protocol defaults 1-94

administrative VLAN

REP, configuring 1-8

administrative VLAN, REP 1-8

advertisements

CDP 1-1

LLDP 1-2

RIP 1-21

VTP 1-17, 1-3, 1-4

age timer, REP 1-8

aggregatable global unicast addresses 1-3

aggregate addresses, BGP 1-62

aggregated ports

See EtherChannel

aggregate policers 1-72

aggregate policing 1-15

aging, accelerating 1-9

aging time

accelerated

for MSTP 1-24

for STP 1-9, 1-24

MAC address table 1-14

maximum

for MSTP 1-24, 1-25

for STP 1-24, 1-25

alarms, RMON 1-3

allowed-VLAN list 1-19

AP1250 (wireless access point) 1-18

application engines, redirecting traffic to 1-1

area border routers

See ABRs

area routing

IS-IS 1-67

ISO IGRP 1-67

ARP

configuring 1-11

defined 1-7, 1-24, 1-11

encapsulation 1-12

static cache configuration 1-11

table

address resolution 1-24

managing 1-24

ASBRs 1-27

AS-path filters, BGP 1-56

asymmetrical links, and IEEE 802.1Q tunneling 1-4

attributes, RADIUS

vendor-proprietary 1-36

vendor-specific 1-35

attribute-value pairs 1-20

authentication

EIGRP 1-43

HSRP 1-10

local mode with AAA 1-43

open1x 1-31

RADIUS

key 1-27

login 1-29

TACACS+

defined 1-11

key 1-13

login 1-14

See also port-based authentication

authentication compatibility with Catalyst 6000 switches 1-8

authentication failed VLAN

See restricted VLAN

authentication keys, and routing protocols 1-105

authentication manager

CLI commands 1-9

compatibility with older 802.1x CLI commands 1-9 to 1-10

overview 1-7

single session ID 1-35

authoritative time source, described 1-2

authorization

with RADIUS 1-33

with TACACS+ 1-11, 1-16

authorized ports with IEEE 802.1x 1-10

autoconfiguration 1-3

auto enablement 1-33

automatic advise (auto-advise) in switch stacks 1-13

automatic copy (auto-copy) in switch stacks 1-13

automatic discovery

considerations

beyond a noncandidate device 1-8

brand new switches 1-9

connectivity 1-5

different VLANs 1-7

management VLANs 1-7

non-CDP-capable devices 1-6

noncluster-capable devices 1-6

routed ports 1-8

in switch clusters 1-5

See also CDP

automatic extraction (auto-extract) in switch stacks 1-13

automatic QoS

See QoS

automatic recovery, clusters 1-10

See also HSRP

automatic upgrades (auto-upgrade) in switch stacks 1-12

auto-MDIX

configuring 1-33

described 1-32

autonegotiation

duplex mode 1-4

interface configuration guidelines 1-30

mismatches 1-13

autonomous system boundary routers

See ASBRs

autonomous systems, in BGP 1-50

Auto-RP, described 1-7

autosensing, port speed 1-4

autostate exclude 1-6

auxiliary VLAN

See voice VLAN

availability, features 1-9

B

BackboneFast

described 1-7

disabling 1-17

enabling 1-16

support for 1-9

backup interfaces

See Flex Links

backup links 1-2

backup static routing, configuring 1-12

banners

configuring

login 1-12

message-of-the-day login 1-11

default configuration 1-10

when displayed 1-10

Berkeley r-tools replacement 1-54

BFD

configuration example

BFD in an EIGRP network with echo mode enabled by default 1-17

BFD in an OSPF network 1-21

support for static routing 1-25

configuring

Echo mode 1-14

session parameters on the interface 1-7

Slow timer 1-15

support for BGP 1-8

support for dynamic routing protocols 1-8

support for EIGRP 1-9

support for OSPF 1-10

support for static routing 1-12

disabling echo mode without asymmetry 1-15

monitoring and troubleshooting 1-16

neighbor relationships 1-3

operation 1-2

prerequisites 1-2

restrictions 1-2

BGP

aggregate addresses 1-62

aggregate routes, configuring 1-62

CIDR 1-62

clear commands 1-65

community filtering 1-59

configuring neighbors 1-60

default configuration 1-47

described 1-47

enabling 1-50

monitoring 1-65

multipath support 1-54

neighbors, types of 1-50

path selection 1-54

peers, configuring 1-60

prefix filtering 1-58

resetting sessions 1-52

route dampening 1-64

route maps 1-56

route reflectors 1-63

routing domain confederation 1-63

routing session with multi-VRF CE 1-86, 1-45

show commands 1-65

supernets 1-62

support for 1-16

Version 4 1-47

binding cluster group and HSRP group 1-12

binding database

address, DHCP server

See DHCP, Cisco IOS server database

DHCP snooping

See DHCP snooping binding database

bindings

address, Cisco IOS DHCP server 1-6

DHCP snooping database 1-6

IP source guard 1-16

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets 1-7

Boolean expressions in tracked lists 1-4

booting

boot loader, function of 1-2

boot process 1-2

manually 1-19

specific image 1-20

boot loader

accessing 1-21

described 1-2

environment variables 1-21

prompt 1-21

trap-door mechanism 1-2

Boot Loader Upgrade and Image Verification for the FIPS Mode of Operation 1-25

bootstrap router (BSR), described 1-7

Border Gateway Protocol

See BGP

BPDU

error-disabled state 1-2

filtering 1-3

RSTP format 1-12

BPDU filtering

described 1-3

disabling 1-15

enabling 1-14

support for 1-9

BPDU guard

described 1-2

disabling 1-14

enabling 1-13

support for 1-9

bridged packets, ACLs on 1-42

bridge groups

See fallback bridging

bridge protocol data unit

See BPDU

broadcast flooding 1-18

broadcast packets

directed 1-15

flooded 1-15

broadcast storm-control command 1-4

broadcast storms 1-1, 1-15

C

cables, monitoring for unidirectional links 1-1

candidate switch

automatic discovery 1-5

defined 1-4

requirements 1-4

See also command switch, cluster standby group, and member switch

Catalyst 6000 switches, authentication compatibility 1-8

CA trustpoint

configuring 1-51

defined 1-49

CDP

and trusted boundary 1-46

automatic discovery in switch clusters 1-5

configuring 1-2

default configuration 1-2

defined with LLDP 1-1

described 1-1

disabling for routing device 1-4

enabling and disabling

on an interface 1-4

on a switch 1-4

Layer 2 protocol tunneling 1-8

monitoring 1-5

overview 1-1

power negotiation extensions 1-8

support for 1-7

switch stack considerations 1-2

transmission timer and holdtime, setting 1-2

updates 1-2

CEF

defined 1-92

distributed 1-92

IPv6 1-32

CGMP

as IGMP snooping learning method 1-9

enabling server support 1-45

joining multicast group 1-3

overview 1-9

server support only 1-9

switch support of 1-5

CIDR 1-62

CipherSuites 1-50

Cisco 7960 IP Phone 1-1

Cisco AP1250 (wireless access point) 1-18

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco intelligent power management 1-8

Cisco IOS DHCP server

See DHCP, Cisco IOS DHCP server

Cisco IOS File System

See IFS

Cisco IOS IP SLAs 1-2

Cisco Redundant Power System 2300

configuring 1-46

managing 1-46

Cisco Secure ACS

attribute-value pairs for downloadable ACLs 1-20

attribute-value pairs for redirect URL 1-20

Cisco StackWise Plus technology 1-3

See also stacks, switch

Cisco TrustSec

credentials 1-10

switch-to-switch security

802.1x mode 1-11

configuration example 1-14

manual mode 1-12

Cisco TrustSec Network Device Admission Control

See NDAC

CiscoWorks 2000 1-6, 1-4

CISP 1-33

CIST regional root

See MSTP

CIST root

See MSTP

civic location 1-3

classless interdomain routing

See CIDR

classless routing 1-9

class maps for QoS

configuring 1-55

described 1-8

class of service

See CoS

clearing interfaces 1-53

CLI

abbreviating commands 1-3

command modes 1-1

configuration logging 1-4

described 1-6

editing features

enabling and disabling 1-6

keystroke editing 1-7

wrapped lines 1-8

error messages 1-4

filtering command output 1-9

getting help 1-3

history

changing the buffer size 1-5

described 1-5

disabling 1-6

recalling commands 1-6

managing clusters 1-16

no and default forms of commands 1-4

Client Information Signalling Protocol

See CISP

client mode, VTP 1-3

client processes, tracking 1-1

CLNS

See ISO CLNS

clock

See system clock

clusters, switch

accessing 1-13

automatic discovery 1-5

automatic recovery 1-10

benefits 1-2

compatibility 1-4

described 1-1

LRE profile considerations 1-16

managing

through CLI 1-16

through SNMP 1-17

planning 1-4

planning considerations

automatic discovery 1-5

automatic recovery 1-10

CLI 1-16

host names 1-13

IP addresses 1-13

LRE profiles 1-16

passwords 1-14

RADIUS 1-16

SNMP 1-14, 1-17

switch stacks 1-14

TACACS+ 1-16

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

and HSRP group 1-12

automatic recovery 1-12

considerations 1-11

defined 1-2

requirements 1-3

virtual IP address 1-11

See also HSRP

CNS

Configuration Engine

configID, deviceID, hostname 1-3

configuration service 1-2

described 1-1

event service 1-3

embedded agents

described 1-5

enabling automated configuration 1-6

enabling configuration agent 1-9

enabling event agent 1-8

management functions 1-7

CoA Request Commands 1-23

Coarse Wave Division Multiplexer

See CWDM SFPs

command-line interface

See CLI

command modes 1-1

commands

abbreviating 1-3

no and default 1-4

commands, setting privilege levels 1-8

command switch

accessing 1-11

active (AC) 1-10

configuration conflicts 1-12

defined 1-2

passive (PC) 1-10

password privilege levels 1-17

priority 1-10

recovery

from command-switch failure 1-10, 1-9

from lost member connectivity 1-12

redundant 1-10

replacing

with another switch 1-11

with cluster member 1-9

requirements 1-3

standby (SC) 1-10

See also candidate switch, cluster standby group, member switch, and standby command switch

Common Criteria 1-11

common session ID

see single session ID 1-35

community list, BGP 1-59

community ports 1-2

community strings

configuring 1-14, 1-9

for cluster switches 1-4

in clusters 1-14

overview 1-4

SNMP 1-14

community VLANs 1-2, 1-3

compatibility, feature 1-12

compatibility, software

See stacks, switch

configurable leave timer, IGMP 1-6

configuration, initial

defaults 1-20

Express Setup 1-2

configuration conflicts, recovering from lost member connectivity 1-12

configuration examples, network 1-23

configuration files

archiving 1-21

clearing the startup configuration 1-20

creating and using, guidelines for 1-10

creating using a text editor 1-11

deleting a stored configuration 1-20

described 1-9

downloading

automatically 1-18

preparing 1-11, 1-14, 1-17

reasons for 1-9

using FTP 1-14

using RCP 1-18

using TFTP 1-12

invalid combinations when copying 1-6

limiting TFTP server access 1-19

obtaining with DHCP 1-9

password recovery disable considerations 1-5

replacing and rolling back, guidelines for 1-22

replacing a running configuration 1-20, 1-21

rolling back a running configuration 1-20, 1-22

specifying the filename 1-19

system contact and location information 1-18

types and location 1-10

uploading

preparing 1-11, 1-14, 1-17

reasons for 1-9

using FTP 1-16

using RCP 1-19

using TFTP 1-13

configuration guidelines

REP 1-7

configuration guidelines, multi-VRF CE 1-79

configuration logging 1-4

configuration replacement 1-20

configuration rollback 1-20, 1-21

configuration settings, saving 1-16

configure terminal command 1-20

Configuring First Hop Security in IPv6 1-20

Configuring IPv6 Source Guard 1-24

configuring multicast VRFs 1-85

configuring port-based authentication violation modes 1-43 to 1-44

configuring small-frame arrival rate 1-5

Configuring VACL Logging 1-39

conflicts, configuration 1-12

connections, secure remote 1-44

connectivity problems 1-15, 1-16, 1-18

consistency checks in VTP Version 2 1-5

console port

RJ-45 1-14

USB 1-14

console port, connecting to 1-10

content-routing technology

See WCCP

control protocol, IP SLAs 1-4

convergence

REP 1-4

corrupted software, recovery steps with Xmodem 1-2

CoS

in Layer 2 frames 1-2

override priority 1-6

trust priority 1-6

CoS input queue threshold map for QoS 1-18

CoS output queue threshold map for QoS 1-21

CoS-to-DSCP map for QoS 1-74

counters, clearing interface 1-53

CPU utilization, troubleshooting 1-30

crashinfo file 1-24

critical authentication, IEEE 802.1x 1-63

critical VLAN 1-23

cross-stack EtherChannel

configuration guidelines 1-13

configuring

on Layer 2 interfaces 1-13

on Layer 3 physical interfaces 1-16

described 1-3

illustration 1-4

support for 1-9

cross-stack UplinkFast, STP

described 1-5

disabling 1-16

enabling 1-16

fast-convergence events 1-7

Fast Uplink Transition Protocol 1-6

normal-convergence events 1-7

support for 1-9

cryptographic software image

switch stack considerations 1-3, 1-18

customer edge devices 1-77

customizeable web pages, web-based authentication 1-6

CWDM SFPs 1-36

D

DACL

See downloadable ACL

daylight saving time 1-6

dCEF in the switch stack 1-92

debugging

enabling all system diagnostics 1-21

enabling for a specific feature 1-21

redirecting error message output 1-22

using commands 1-20

default commands 1-4

default configuration

802.1x 1-38

auto-QoS 1-24

banners 1-10

BGP 1-47

booting 1-18

CDP 1-2

DHCP 1-8

DHCP option 82 1-8

DHCP snooping 1-8

DHCP snooping binding database 1-9

DNS 1-9

dynamic ARP inspection 1-5

EIGRP 1-39

EtherChannel 1-11

Ethernet interfaces 1-28

fallback bridging 1-3

Flex Links 1-8

HSRP 1-5

IEEE 802.1Q tunneling 1-4

IGMP 1-39

IGMP filtering 1-24

IGMP snooping 1-7, 1-6

IGMP throttling 1-25

initial switch information 1-3

IP addressing, IP routing 1-7

IP multicast routing 1-11

IP SLAs 1-6

IP source guard 1-18

IPv6 1-17

IS-IS 1-68

Layer 2 interfaces 1-28

Layer 2 protocol tunneling 1-12

LLDP 1-5

MAC address table 1-14

MAC address-table move update 1-8

MSDP 1-4

MSTP 1-14

multi-VRF CE 1-79, 1-41

MVR 1-20

optional spanning-tree configuration 1-12

OSPF 1-28

password and privilege level 1-2

PIM 1-11

private VLANs 1-6

RADIUS 1-27

REP 1-7

RIP 1-22

RMON 1-3

RSPAN 1-12

SDM template 1-5

SNMP 1-8

SPAN 1-12

SSL 1-51

standard QoS 1-37

STP 1-13

switch stacks 1-24

system message logging 1-4

system name and prompt 1-8

TACACS+ 1-13

UDLD 1-4

VLAN, Layer 2 Ethernet interfaces 1-17

VLANs 1-7

VMPS 1-27

voice VLAN 1-3

VTP 1-9

WCCP 1-5

default gateway 1-15, 1-13

default networks 1-95

default router preference

See DRP

default routes 1-95

default routing 1-3

default web-based authentication configuration

802.1X 1-9

deleting VLANs 1-9

denial-of-service attack 1-1

description command 1-38

designing your network, examples 1-23

desktop template 1-11

destination-IP address-based forwarding, EtherChannel 1-9

destination-MAC address forwarding, EtherChannel 1-9

detecting indirect link failures, STP 1-8

device discovery protocol 1-1

device manager

benefits 1-2

described 1-3, 1-6

in-band management 1-8

device sensor

configuring 1-54

DHCP

Cisco IOS server database

configuring 1-14

default configuration 1-9

described 1-6

DHCP for IPv6

See DHCPv6

enabling

relay agent 1-11

server 1-10

DHCP-based autoconfiguration

client request message exchange 1-4

configuring

client side 1-4

DNS 1-8

relay device 1-8

server side 1-7

server-side 1-10

TFTP server 1-7

example 1-10

lease options

for IP address information 1-7

for receiving the configuration file 1-7

overview 1-3

relationship to BOOTP 1-4

relay support 1-7, 1-17

support for 1-7

DHCP-based autoconfiguration and image update

configuring 1-11 to 1-14

understanding 1-5 to 1-6

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP object tracking, configuring primary interface 1-11

DHCP option 82

circuit ID suboption 1-5

configuration guidelines 1-9

default configuration 1-8

displaying 1-16

forwarding address, specifying 1-11

helper address 1-11

overview 1-3

packet format, suboption

circuit ID 1-5

remote ID 1-5

remote ID suboption 1-5

DHCP server port-based address allocation

configuration guidelines 1-27

default configuration 1-27

described 1-26

displaying 1-29, 1-12

enabling 1-27

reserved addresses 1-28

DHCP snooping

accepting untrusted packets form edge switch 1-3, 1-13

and private VLANs 1-14

binding database

See DHCP snooping binding database

configuration guidelines 1-9

default configuration 1-8

message exchange process 1-4

option 82 data insertion 1-3

trusted interface 1-2

untrusted interface 1-2

untrusted messages 1-2

DHCP snooping binding database

adding bindings 1-15

binding file

format 1-7

location 1-6

bindings 1-6

clearing agent statistics 1-15

configuration guidelines 1-9

configuring 1-15

default configuration 1-8, 1-9

deleting

binding file 1-15

bindings 1-15

database agent 1-15

described 1-6

enabling 1-15

entry 1-6

renewing database 1-15

resetting

delay value 1-15

timeout value 1-15

DHCP snooping binding table

See DHCP snooping binding database

DHCPv6

configuration guidelines 1-29

default configuration 1-29

described 1-12

enabling client function 1-31

enabling DHCPv6 server function 1-29

diagnostic schedule command 1-2

Differentiated Services architecture, QoS 1-2

Differentiated Services Code Point 1-2

Diffusing Update Algorithm (DUAL) 1-37

directed unicast requests 1-7

directories

changing 1-4

creating and removing 1-5

displaying the working 1-4

discovery, clusters

See automatic discovery

Distance Vector Multicast Routing Protocol

See DVMRP

distance-vector protocols 1-3

distribute-list command 1-104

DNS

and DHCP-based autoconfiguration 1-8

default configuration 1-9

displaying the configuration 1-10

in IPv6 1-4

overview 1-8

setting up 1-9

support for 1-7

DNS-based SSM mapping 1-18, 1-20

domain names

DNS 1-8

VTP 1-9

Domain Name System

See DNS

domains, ISO IGRP routing 1-67

dot1q-tunnel switchport mode 1-16

double-tagged packets

IEEE 802.1Q tunneling 1-2

Layer 2 protocol tunneling 1-11

downloadable ACL 1-18, 1-20, 1-71

downloading

configuration files

preparing 1-11, 1-14, 1-17

reasons for 1-9

using FTP 1-14

using RCP 1-18

using TFTP 1-12

image files

deleting old image 1-30

preparing 1-28, 1-31, 1-36

reasons for 1-25

using CMS 1-3

using FTP 1-32

using HTTP 1-3, 1-25

using RCP 1-37

using TFTP 1-28

using the device manager or Network Assistant 1-25

drop threshold for Layer 2 protocol packets 1-12

DRP

configuring 1-26

described 1-10

IPv6 1-10

DSCP 1-15, 1-2

DSCP input queue threshold map for QoS 1-18

DSCP output queue threshold map for QoS 1-21

DSCP-to-CoS map for QoS 1-77

DSCP-to-DSCP-mutation map for QoS 1-78

DSCP transparency 1-47

DTP 1-10, 1-15

dual-action detection 1-6

DUAL finite state machine, EIGRP 1-38

dual IPv4 and IPv6 templates 1-3, 1-11

dual protocol stacks

IPv4 and IPv6 1-11

SDM templates supporting 1-11

DVMRP

autosummarization

configuring a summary address 1-59

disabling 1-61

connecting PIM domain to DVMRP router 1-51

enabling unicast routing 1-54

interoperability

with Cisco devices 1-49

with Cisco IOS software 1-9

mrinfo requests, responding to 1-54

neighbors

advertising the default route to 1-53

discovery with Probe messages 1-49

displaying information 1-54

prevent peering with nonpruning 1-57

rejecting nonpruning 1-55

overview 1-9

routes

adding a metric offset 1-62

advertising all 1-61

advertising the default route to neighbors 1-53

caching DVMRP routes learned in report messages 1-55

changing the threshold for syslog messages 1-58

favoring one over another 1-62

limiting the number injected into MBONE 1-58

limiting unicast route advertisements 1-49

routing table 1-9

source distribution tree, building 1-9

support for 1-17

tunnels

configuring 1-51

displaying neighbor information 1-54

dynamic access ports

characteristics 1-4

configuring 1-29

defined 1-3

dynamic addresses

See addresses

dynamic ARP inspection

ARP cache poisoning 1-1

ARP requests, described 1-1

ARP spoofing attack 1-1

clearing

log buffer 1-15

statistics 1-15

configuration guidelines 1-6

configuring

ACLs for non-DHCP environments 1-9

in DHCP environments 1-7

log buffer 1-13

rate limit for incoming ARP packets 1-4, 1-10

default configuration 1-5

denial-of-service attacks, preventing 1-10

described 1-1

DHCP snooping binding database 1-2

displaying

statistics 1-15

error-disabled state for exceeding rate limit 1-4

function of 1-2

interface trust states 1-3

log buffer

clearing 1-15

configuring 1-13

logging of dropped packets, described 1-5

man-in-the middle attack, described 1-2

network security issues and interface trust states 1-3

priority of ARP ACLs and DHCP snooping entries 1-4

rate limiting of ARP packets

configuring 1-10

described 1-4

error-disabled state 1-4

statistics

clearing 1-15

displaying 1-15

validation checks, performing 1-12

dynamic auto trunking mode 1-16

dynamic desirable trunking mode 1-16

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described 1-27

reconfirming 1-29

troubleshooting 1-31

types of connections 1-29

dynamic routing 1-3

ISO CLNS 1-66

Dynamic Trunking Protocol

See DTP

E

EAC 1-2

EBGP 1-46

Echo mode,configuring BFD 1-14

editing features

enabling and disabling 1-6

keystrokes used 1-7

wrapped lines 1-8

EEM 3.2 1-5

EIGRP

authentication 1-43

components 1-38

configuring 1-41

default configuration 1-39

definition 1-37

interface parameters, configuring 1-42

monitoring 1-45

stub routing 1-44

support for 1-16

EIGRP IPv6 1-14

elections

See stack master

ELIN location 1-3

embedded event manager

3.2 1-5

actions 1-4

configuring 1-1, 1-6

displaying information 1-8

environmental variables 1-5

event detectors 1-3

policies 1-4

registering and defining an applet 1-6

registering and defining a TCL script 1-7

understanding 1-1

enable password 1-3

enable secret password 1-3

Enable the FIPS mode 1-25

encryption, CipherSuite 1-50

encryption for passwords 1-3

encryption keying 1-2

encryption keys, MKA 1-2

Endpoint Admission Control (EAC) 1-2

Enhanced IGRP

See EIGRP

enhanced object tracking

backup static routing 1-12

defined 1-1

DHCP primary interface 1-11

HSRP 1-7

IP routing state 1-2

IP SLAs 1-9

line-protocol state 1-2

network monitoring with IP SLAs 1-11

routing policy, configuring 1-12

static route primary interface 1-10

tracked lists 1-3

enhanced object tracking static routing 1-10

enhanced PoE 1-18, 1-8, 1-36

environmental variables, embedded event manager 1-5

environment variables, function of 1-22

equal-cost routing 1-17, 1-93

error-disabled state, BPDU 1-2

error messages during command entry 1-4

EtherChannel

automatic creation of 1-5, 1-7

channel groups

binding physical and logical interfaces 1-4

numbering of 1-4

configuration guidelines 1-12

configuring

Layer 2 interfaces 1-13

Layer 3 physical interfaces 1-16

Layer 3 port-channel logical interfaces 1-15

default configuration 1-11

described 1-2

displaying status 1-22

forwarding methods 1-8, 1-18

IEEE 802.3ad, described 1-7

interaction

with STP 1-12

with VLANs 1-12

LACP

described 1-7

displaying status 1-22

hot-standby ports 1-20

interaction with other features 1-8

modes 1-7

port priority 1-22

system priority 1-21

Layer 3 interface 1-5

load balancing 1-8, 1-18

logical interfaces, described 1-4

PAgP

aggregate-port learners 1-19

described 1-5

displaying status 1-22

interaction with other features 1-7

interaction with virtual switches 1-6

learn method and priority configuration 1-19

modes 1-6

support for 1-5

with dual-action detection 1-6

port-channel interfaces

described 1-4

numbering of 1-4

port groups 1-6

stack changes, effects of 1-10

support for 1-5

EtherChannel guard

described 1-10

disabling 1-17

enabling 1-17

Ethernet management port

active link 1-25

and routing 1-25

and routing protocols 1-25

and TFTP 1-27

configuring 1-27

connecting to 1-10

default setting 1-25

described 1-24

for network management 1-24

specifying 1-27

supported features 1-26

unsupported features 1-27

Ethernet management port, internal

and routing 1-25

and routing protocols 1-25

unsupported features 1-27

Ethernet VLANs

adding 1-8

defaults and ranges 1-7

modifying 1-8

EUI 1-4

event detectors, embedded event manager 1-3

events, RMON 1-3

examples

network configuration 1-23

expedite queue for QoS 1-90

Express Setup 1-2

See also getting started guide

extended crashinfo file 1-24

extended-range VLANs

configuration guidelines 1-11

configuring 1-10

creating 1-12

creating with an internal VLAN ID 1-13

defined 1-1

extended system ID

MSTP 1-18

STP 1-5, 1-17

extended universal identifier

See EUI

Extensible Authentication Protocol over LAN 1-2

external BGP

See EBGP

external neighbors, BGP 1-50

F

Fa0 port

See Ethernet management port

failover support 1-9

Failure detection, using BFD 1-6

fallback bridging

and protected ports 1-4

bridge groups

creating 1-4

described 1-2

function of 1-2

number supported 1-4

removing 1-5

configuration guidelines 1-4

connecting interfaces with 1-14

default configuration 1-3

described 1-1

frame forwarding

flooding packets 1-2

forwarding packets 1-2

overview 1-1

protocol, unsupported 1-4

stack changes, effects of 1-3

STP

disabling on an interface 1-9

forward-delay interval 1-8

hello BPDU interval 1-8

interface priority 1-6

keepalive messages 1-3

maximum-idle interval 1-9

path cost 1-7

VLAN-bridge spanning-tree priority 1-6

VLAN-bridge STP 1-2

support for 1-16

SVIs and routed ports 1-1

unsupported protocols 1-4

VLAN-bridge STP 1-12

Fast Convergence 1-3

fastethernet0 port

See Ethernet management port

Fast Uplink Transition Protocol 1-6

features, incompatible 1-12

FIB 1-92

fiber-optic, detecting unidirectional links 1-1

files

basic crashinfo

description 1-25

location 1-25

copying 1-5

crashinfo, description 1-24

deleting 1-6

displaying the contents of 1-8

extended crashinfo

description 1-25

location 1-25

tar

creating 1-7

displaying the contents of 1-7

extracting 1-8

image file format 1-26

file system

displaying available file systems 1-2

displaying file information 1-3

local file system names 1-1

network file system names 1-5

setting the default 1-3

filtering

in a VLAN 1-32

IPv6 traffic 1-4, 1-7

non-IP traffic 1-29

show and more command output 1-9

filtering show and more command output 1-9

filters, IP

See ACLs, IP

FIPS 140-2 1-11

flash device, number of 1-1

flexible authentication ordering

configuring 1-74

overview 1-31

Flexible NetFlow

components 1-1

configuring a flow monitor 1-6

configuring flow records 1-3

configuring the exported 1-3

configuring the exporter 1-5

interface configuration 1-7

purpose 1-1

sampling 1-9

unsupported features 1-2

Flex Link Multicast Fast Convergence 1-3

Flex Links

configuring 1-8, 1-9

configuring preferred VLAN 1-11

configuring VLAN load balancing 1-10

default configuration 1-8

description 1-1

link load balancing 1-2

monitoring 1-14

VLANs 1-2

flooded traffic, blocking 1-8

flow-based packet classification 1-15

flowcharts

QoS classification 1-7

QoS egress queueing and scheduling 1-19

QoS ingress queueing and scheduling 1-16

QoS policing and marking 1-11

flowcontrol

configuring 1-32

described 1-31

forward-delay time

MSTP 1-24

STP 1-24

Forwarding Information Base

See FIB

forwarding nonroutable protocols 1-1

FTP

configuration files

downloading 1-14

overview 1-13

preparing the server 1-14

uploading 1-16

image files

deleting old image 1-34

downloading 1-32

preparing the server 1-31

uploading 1-34

G

general query 1-5

Generating IGMP Reports 1-3

get-next-request operation 1-5

get-request operation 1-5

Gigabit modules

See SFPs

global leave, IGMP 1-13

guest VLAN and IEEE 802.1x 1-21

guide mode 1-3

GUIs

See device manager and Network Assistant

H

hardware limitations and Layer 3 interfaces 1-39

hello time

MSTP 1-23

STP 1-23

help, for the command line 1-3

hierarchical policy maps 1-9

configuration guidelines 1-41

configuring 1-64

described 1-12

history

changing the buffer size 1-5

described 1-5

disabling 1-6

recalling commands 1-6

history table, level and number of syslog messages 1-10

host modes, MACsec 1-4

host names in clusters 1-13

host ports

configuring 1-11

kinds of 1-2

hosts, limit on dynamic ports 1-31

Hot Standby Router Protocol

See HSRP

HP OpenView 1-6

HSRP

authentication string 1-10

automatic cluster recovery 1-12

binding to cluster group 1-12

cluster standby group considerations 1-11

command-switch redundancy 1-2, 1-9

configuring 1-5

default configuration 1-5

definition 1-1

guidelines 1-6

monitoring 1-13

object tracking 1-7

overview 1-1

priority 1-8

routing redundancy 1-16

support for ICMP redirect messages 1-12

switch stack considerations 1-5

timers 1-10

tracking 1-8

See also clusters, cluster standby group, and standby command switch

HSRP for IPv6

configuring 1-39

guidelines 1-38

HTTP(S) Over IPv6 1-15

HTTP over SSL

see HTTPS

HTTPS

configuring 1-52

described 1-48

self-signed certificate 1-49

HTTP secure server 1-48

I

IBPG 1-46

ICMP

IPv6 1-4

redirect messages 1-13

support for 1-17

time-exceeded messages 1-18

traceroute and 1-18

unreachable messages 1-22

unreachable messages and IPv6 1-4

unreachables and ACLs 1-23

ICMP Echo operation

configuring 1-11

IP SLAs 1-11

ICMP ping

executing 1-15

overview 1-15

ICMP Router Discovery Protocol

See IRDP

ICMPv6 1-4

IDS appliances

and ingress RSPAN 1-25

and ingress SPAN 1-16

IEEE 802.1D

See STP

IEEE 802.1p 1-1

IEEE 802.1Q

and trunk ports 1-4

configuration limitations 1-17

encapsulation 1-15

native VLAN for untagged traffic 1-21

tunneling

compatibility with other features 1-6

defaults 1-4

described 1-1

tunnel ports with other features 1-6

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3af

See PoE

IEEE 802.3x flow control 1-31

ifIndex values, SNMP 1-6

IFS 1-8

IGMP

configurable leave timer

described 1-6

enabling 1-11

configuring the switch

as a member of a group 1-39

statically connected member 1-44

controlling access to groups 1-40

default configuration 1-39

fast switching 1-44

flooded multicast traffic

controlling the length of time 1-12

disabling on an interface 1-13

global leave 1-13

query solicitation 1-13

recovering from flood mode 1-13

host-query interval, modifying 1-42

joining multicast group 1-3

join messages 1-3

leave processing, enabling 1-11, 1-9

leaving multicast group 1-5

multicast reachability 1-39

overview 1-3

queries 1-4

report suppression

described 1-6

disabling 1-16, 1-11

supported versions 1-3

support for 1-5

Version 1

changing to Version 2 1-41

described 1-3

Version 2

changing to Version 1 1-41

described 1-3

maximum query response time value 1-43

pruning groups 1-43

query timeout value 1-42

IGMP filtering

configuring 1-25

default configuration 1-24

described 1-24

support for 1-5

IGMP groups

configuring filtering 1-27

setting the maximum number 1-27

IGMP helper 1-6

IGMP Immediate Leave

configuration guidelines 1-11

described 1-6

enabling 1-11

IGMP profile

applying 1-26

configuration mode 1-25

configuring 1-25

IGMP snooping

and address aliasing 1-2

and stack changes 1-7

configuring 1-7

default configuration 1-7, 1-6

definition 1-2

enabling and disabling 1-8, 1-7

global configuration 1-8

Immediate Leave 1-6

in the switch stack 1-7

method 1-8

monitoring 1-16, 1-12

querier

configuration guidelines 1-14

configuring 1-14

supported versions 1-3

support for 1-5

VLAN configuration 1-8

IGMP throttling

configuring 1-27

default configuration 1-25

described 1-24

displaying action 1-29

IGP 1-27

Immediate Leave, IGMP

described 1-6

enabling 1-9

inaccessible authentication bypass

802.1x 1-23

support for multiauth ports 1-23

initial configuration

defaults 1-20

Express Setup 1-2

interface

number 1-19

range macros 1-22

interface command 1-19 to 1-20

interface configuration

REP 1-9

interfaces

auto-MDIX, configuring 1-32

configuring

procedure 1-20

counters, clearing 1-53

default configuration 1-28

described 1-38

descriptive name, adding 1-38

displaying information about 1-52

duplex and speed configuration guidelines 1-29

flow control 1-31

management 1-6

monitoring 1-51

naming 1-38

physical, identifying 1-19

range of 1-20

restarting 1-53, 1-54

shutting down 1-53

speed and duplex, configuring 1-30

status 1-51

supported 1-19

types of 1-1

interfaces range macro command 1-22

interface types 1-19

Interior Gateway Protocol

See IGP

internal BGP

See IBGP

internal neighbors, BGP 1-50

internal power supplies

See power supplies

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

Internet Protocol version 6

See IPv6

Inter-Switch Link

See ISL

inter-VLAN routing 1-16, 1-2

Intrusion Detection System

See IDS appliances

inventory management TLV 1-3

IP ACLs

for QoS classification 1-7

implicit deny 1-11, 1-15

implicit masks 1-11

named 1-16

undefined 1-23

IP addresses

128-bit 1-2

candidate or member 1-4, 1-13

classes of 1-7

cluster access 1-2

command switch 1-3, 1-11, 1-13

default configuration 1-7

discovering 1-24

for IP routing 1-6

IPv6 1-2

MAC address association 1-10

monitoring 1-19

redundant clusters 1-11

standby command switch 1-11, 1-13

See also IP information

IP base feature set 1-2

IP base software image 1-1

IP broadcast address 1-17

ip cef distributed command 1-92

IP directed broadcasts 1-16

ip igmp profile command 1-25

IP information

assigned

manually 1-15

through DHCP-based autoconfiguration 1-3

default configuration 1-3

IP multicast routing

addresses

all-hosts 1-3

all-multicast-routers 1-3

host group address range 1-3

administratively-scoped boundaries, described 1-47

and IGMP snooping 1-2

Auto-RP

adding to an existing sparse-mode cloud 1-26

benefits of 1-26

configuration guidelines 1-12

filtering incoming RP announcement messages 1-28

overview 1-7

preventing candidate RP spoofing 1-28

preventing join messages to false RPs 1-28

setting up in a new internetwork 1-26

using with BSR 1-34

bootstrap router

configuration guidelines 1-12

configuring candidate BSRs 1-32

configuring candidate RPs 1-33

defining the IP multicast boundary 1-31

defining the PIM domain border 1-30

overview 1-7

using with Auto-RP 1-34

Cisco implementation 1-2

configuring

basic multicast routing 1-12

IP multicast boundary 1-47

default configuration 1-11

enabling

PIM mode 1-13

group-to-RP mappings

Auto-RP 1-7

BSR 1-7

MBONE

described 1-46

enabling sdr listener support 1-46

limiting DVMRP routes advertised 1-58

limiting sdr cache entry lifetime 1-46

SAP packets for conference session announcement 1-46

Session Directory (sdr) tool, described 1-46

multicast forwarding, described 1-8

PIMv1 and PIMv2 interoperability 1-11

protocol interaction 1-2

reverse path check (RPF) 1-8

RP

assigning manually 1-24

configuring Auto-RP 1-26

configuring PIMv2 BSR 1-30

monitoring mapping information 1-35

using Auto-RP and BSR 1-34

stacking

stack master functions 1-10

stack member functions 1-10

statistics, displaying system and network 1-63

See also CGMP

See also DVMRP

See also IGMP

See also PIM

IP phones

and QoS 1-1

automatic classification and queueing 1-23

configuring 1-4

ensuring port security with QoS 1-46

trusted boundary for QoS 1-46

IP Port Security for Static Hosts

on a Layer 2 access port 1-20

on a PVLAN host port 1-24

IP precedence 1-2

IP-precedence-to-DSCP map for QoS 1-75

IP protocols

routing 1-16

IP routes, monitoring 1-106

IP routing

connecting interfaces with 1-14

disabling 1-20

enabling 1-20

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 1-1

IP services feature set 1-2

IP SLAs

benefits 1-2

configuration guidelines 1-6

configuring object tracking 1-9

Control Protocol 1-4

default configuration 1-6

definition 1-1

ICMP echo operation 1-11

measuring network performance 1-3

monitoring 1-13

multioperations scheduling 1-5

object tracking 1-9

operation 1-3

reachability tracking 1-9

responder

described 1-4

enabling 1-7

response time 1-4

scheduling 1-5

SNMP support 1-2

supported metrics 1-2

threshold monitoring 1-6

track object monitoring agent, configuring 1-11

track state 1-9

UDP jitter operation 1-8

IP source guard

and 802.1x 1-19

and DHCP snooping 1-16

and port security 1-19

and private VLANs 1-19

and routed ports 1-18

and TCAM entries 1-19

and trunk interfaces 1-18

and VRF 1-19

binding configuration

automatic 1-16

manual 1-16

binding table 1-16

configuration guidelines 1-18

default configuration 1-18

described 1-16

disabling 1-20

displaying

bindings 1-26

configuration 1-26

enabling 1-19, 1-21

filtering

source IP address 1-17

source IP and MAC address 1-17

source IP address filtering 1-17

source IP and MAC address filtering 1-17

static bindings

adding 1-19, 1-21

deleting 1-20

static hosts 1-21

IP traceroute

executing 1-18

overview 1-18

IP unicast routing

address resolution 1-10

administrative distances 1-94, 1-104

ARP 1-11

assigning IP addresses to Layer 3 interfaces 1-8

authentication keys 1-105

broadcast

address 1-17

flooding 1-18

packets 1-15

storms 1-15

classless routing 1-9

configuring static routes 1-94

default

addressing configuration 1-7

gateways 1-13

networks 1-95

routes 1-95

routing 1-3

directed broadcasts 1-16

disabling 1-20

dynamic routing 1-3

enabling 1-20

EtherChannel Layer 3 interface 1-5

IGP 1-27

inter-VLAN 1-2

IP addressing

classes 1-7

configuring 1-6

IPv6 1-3

IRDP 1-14

Layer 3 interfaces 1-5

MAC address and IP address 1-10

passive interfaces 1-103

protocols

distance-vector 1-3

dynamic 1-3

link-state 1-3

proxy ARP 1-11

redistribution 1-96

reverse address resolution 1-10

routed ports 1-5

static routing 1-3

steps to configure 1-6

subnet mask 1-8

subnet zero 1-8

supernet 1-9

UDP 1-17

unicast reverse path forwarding 1-17, 1-91

with SVIs 1-5

See also BGP

See also EIGRP

See also OSPF

See also RIP

IPv4 ACLs

applying to interfaces 1-21

extended, creating 1-11

named 1-16

standard, creating 1-10

IPv4 and IPv6

port-based trust 1-3

IPv6

ACLs

displaying 1-8

limitations 1-3

matching criteria 1-3

port 1-2

precedence 1-2

router 1-2

supported 1-2

addresses 1-2

address formats 1-2

and switch stacks 1-16

applications 1-11

assigning address 1-18

autoconfiguration 1-10

CEFv6 1-32

default configuration 1-17

default router preference (DRP) 1-10

defined 1-1

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 1-14

EIGRP IPv6 Commands 1-14

Router ID 1-14

features not supported 1-15

forwarding 1-18

ICMP 1-4

monitoring 1-49

neighbor discovery 1-4

OSPF 1-13

path MTU discovery 1-4

SDM templates 1-3, 1-1

stack master functions 1-16

Stateless Autoconfiguration 1-10

supported features 1-3

switch limitations 1-15

understanding static routes 1-12

IPv6 traffic, filtering 1-4

IRDP

configuring 1-14

definition 1-14

support for 1-17

IS-IS

addresses 1-67

area routing 1-67

default configuration 1-68

monitoring 1-76

show commands 1-76

system routing 1-67

ISL

and IPv6 1-3

and trunk ports 1-4

encapsulation 1-10, 1-15

trunking with IEEE 802.1 tunneling 1-5

ISO CLNS

clear commands 1-76

dynamic routing protocols 1-66

monitoring 1-76

NETs 1-66

NSAPs 1-66

OSI standard 1-66

ISO IGRP

area routing 1-67

system routing 1-67

isolated port 1-2

isolated VLANs 1-2, 1-3

J

join messages, IGMP 1-3

K

KDC

described 1-39

See also Kerberos

keepalive messages 1-3

Kerberos

authenticating to

boundary switch 1-41

KDC 1-41

network services 1-42

configuration examples 1-39

configuring 1-42

credentials 1-39

described 1-39

KDC 1-39

operation 1-41

realm 1-40

server 1-41

support for 1-14

switch as trusted third party 1-39

terms 1-40

TGT 1-41

tickets 1-39

key distribution center

See KDC

L

l2protocol-tunnel command 1-14

LACP

Layer 2 protocol tunneling 1-10

See EtherChannel

Layer 2 frames, classification with CoS 1-2

Layer 2 interfaces, default configuration 1-28

Layer 2 protocol tunneling

configuring 1-11

configuring for EtherChannels 1-15

default configuration 1-12

defined 1-8

guidelines 1-13

Layer 2 traceroute

and ARP 1-17

and CDP 1-17

broadcast traffic 1-16

described 1-16

IP addresses and subnets 1-17

MAC addresses and VLANs 1-17

multicast traffic 1-17

multiple devices on a port 1-17

unicast traffic 1-16

usage guidelines 1-17

Layer 3 features 1-16

Layer 3 interfaces

assigning IP addresses to 1-8

assigning IPv4 and IPv6 addresses to 1-27

assigning IPv6 addresses to 1-18

changing from Layer 2 mode 1-83, 1-43

types of 1-5

Layer 3 packets, classification methods 1-2

LDAP 1-2

Leaking IGMP Reports 1-4

LEDs, switch

See hardware installation guide

Lightweight Directory Access Protocol

See LDAP

Link Aggregation Control Protocol

See EtherChannel

Link Failure, detecting unidirectional 1-7

link integrity, verifying with REP 1-3

Link Layer Discovery Protocol

See CDP

link local unicast addresses 1-4

link redundancy

See Flex Links

links, unidirectional 1-1

link state advertisements (LSAs) 1-33

link-state protocols 1-3

link-state tracking

configuring 1-25

described 1-23

LLDP

configuring 1-5

characteristics 1-6

default configuration 1-5

enabling 1-6

monitoring and maintaining 1-11

overview 1-1

supported TLVs 1-2

switch stack considerations 1-2

transmission timer and holdtime, setting 1-6

LLDP-MED

configuring

procedures 1-5

TLVs 1-7

monitoring and maintaining 1-11

overview 1-1, 1-2

supported TLVs 1-2

LLDP Media Endpoint Discovery

See LLDP-MED

load balancing 1-4

local SPAN 1-2

location TLV 1-3

logging messages, ACL 1-9

login authentication

with RADIUS 1-29

with TACACS+ 1-14

login banners 1-10

log messages

See system message logging

Long-Reach Ethernet (LRE) technology 1-35

loop guard

described 1-11

enabling 1-18

support for 1-10

LRE profiles, considerations in switch clusters 1-16

M

MAC/PHY configuration status TLV 1-2

MAC addresses

aging time 1-14

and VLAN association 1-13

building the address table 1-13

default configuration 1-14

disabling learning on a VLAN 1-23

discovering 1-24

displaying 1-23

displaying in the IP source binding table 1-26

dynamic

learning 1-13

removing 1-15

in ACLs 1-29

IP address association 1-10

static

adding 1-20

allowing 1-22, 1-23

characteristics of 1-20

dropping 1-21

removing 1-20

MAC address learning 1-7

MAC address learning, disabling on a VLAN 1-23

MAC address notification, support for 1-18

MAC address-table move update

configuration guidelines 1-8

configuring 1-12

default configuration 1-8

description 1-6

monitoring 1-14

MAC address-to-VLAN mapping 1-26

MAC authentication bypass 1-15

MAC extended access lists

applying to Layer 2 interfaces 1-31

configuring for QoS 1-54

creating 1-29

defined 1-29

for QoS classification 1-5

MACSec 1-2

802.1AE Tagging 1-9

MACsec 1-2

and stacking 1-3

configuring on an interface 1-7

defined 1-1, 1-2

switch-to-switch security 1-1

MACsec Key Agreement Protocol

See MKA

magic packet 1-28

manageability features 1-7

management access

in-band

browser session 1-8

CLI session 1-8

device manager 1-8

SNMP 1-8

out-of-band console port connection 1-8

management address TLV 1-2

management options

CLI 1-1

clustering 1-4

CNS 1-1

Network Assistant 1-3

overview 1-6

switch stacks 1-3

management VLAN

considerations in switch clusters 1-7

discovery through different management VLANs 1-7

manual preemption, REP, configuring 1-13

mapping tables for QoS

configuring

CoS-to-DSCP 1-74

DSCP 1-74

DSCP-to-CoS 1-77

DSCP-to-DSCP-mutation 1-78

IP-precedence-to-DSCP 1-75

policed-DSCP 1-76

described 1-13

marking

action in policy map 1-59

action with aggregate policers 1-72

described 1-4, 1-9

matching IPv4 ACLs 1-8

maximum aging time

MSTP 1-24

STP 1-24

maximum hop count, MSTP 1-25

maximum number of allowed devices, port-based authentication 1-41

maximum-paths command 1-54, 1-93

MDA

configuration guidelines 1-31 to 1-32

described 1-12, 1-31

exceptions with authentication process 1-4

Media Access Control Security

See MACsec

membership mode, VLAN port 1-3

member switch

automatic discovery 1-5

defined 1-2

managing 1-16

passwords 1-13

recovering from lost connectivity 1-12

requirements 1-4

See also candidate switch, cluster standby group, and standby command switch

messages, to users through banners 1-10

metrics, in BGP 1-54

metric translations, between routing protocols 1-99

metro tags 1-2

MHSRP 1-4

MIBs

overview 1-1

SNMP interaction with 1-4

mini-point-of-presence

See POP

mini-type USB console port 1-14

mirroring traffic for analysis 1-1

mismatches, autonegotiation 1-13

MKA

configuring policies 1-6

defined 1-2

policies 1-2

replay protection 1-3

statistics 1-5

virtual ports 1-3

module number 1-19

monitoring

access groups 1-44

BGP 1-65

cables for unidirectional links 1-1

CDP 1-5

CEF 1-92

EIGRP 1-45

fallback bridging 1-10

features 1-18

Flex Links 1-14

HSRP 1-13

IEEE 802.1Q tunneling 1-19

IGMP

snooping 1-16, 1-12

interfaces 1-51

IP

address tables 1-19

multicast routing 1-63

routes 1-106

IP SLAs operations 1-13

IPv4 ACL configuration 1-44

IPv6 1-49

IPv6 ACL configuration 1-8

IS-IS 1-76

ISO CLNS 1-76

Layer 2 protocol tunneling 1-19

MAC address-table move update 1-14

MSDP peers 1-19

multicast router interfaces 1-17

multi-VRF CE 1-91

network traffic for analysis with probe 1-2

object tracking 1-12

OSPF 1-37

private VLANs 1-15

REP 1-14

RP mapping information 1-35

SFP status 1-14

source-active messages 1-19

speed and duplex mode 1-31

SSM mapping 1-22

traffic flowing among switches 1-1

traffic suppression 1-21

tunneling 1-19

VLAN

filters 1-45

maps 1-45

VLANs 1-14

VMPS 1-30

VTP 1-18

monitoring and troubleshooting

BFD 1-16

mrouter Port 1-3

mrouter port 1-5

MSDP

benefits of 1-3

clearing MSDP connections and statistics 1-19

controlling source information

forwarded by switch 1-12

originated by switch 1-8

received by switch 1-14

default configuration 1-4

dense-mode regions

sending SA messages to 1-17

specifying the originating address 1-18

filtering

incoming SA messages 1-14

SA messages to a peer 1-12

SA requests from a peer 1-11

join latency, defined 1-6

meshed groups

configuring 1-16

defined 1-16

originating address, changing 1-18

overview 1-1

peer-RPF flooding 1-2

peers

configuring a default 1-4

monitoring 1-19

peering relationship, overview 1-1

requesting source information from 1-8

shutting down 1-16

source-active messages

caching 1-6

defined 1-2

filtering from a peer 1-11

filtering incoming 1-14

filtering to a peer 1-12

limiting data with TTL 1-14

restricting advertised sources 1-9

support for 1-17

MSTP

boundary ports

configuration guidelines 1-16

described 1-6

BPDU filtering

described 1-3

enabling 1-14

BPDU guard

described 1-2

enabling 1-13

CIST, described 1-3

CIST regional root 1-3

CIST root 1-5

configuration guidelines 1-15, 1-12

configuring

forward-delay time 1-24

hello time 1-23

link type for rapid convergence 1-25

maximum aging time 1-24

maximum hop count 1-25

MST region 1-16

neighbor type 1-26

path cost 1-21

port priority 1-20

root switch 1-18

secondary root switch 1-19

switch priority 1-22

CST

defined 1-3

operations between regions 1-3

default configuration 1-14

default optional feature configuration 1-12

displaying status 1-27

enabling the mode 1-16

EtherChannel guard

described 1-10

enabling 1-17

extended system ID

effects on root switch 1-18

effects on secondary root switch 1-19

unexpected behavior 1-18

IEEE 802.1s

implementation 1-6

port role naming change 1-6

terminology 1-5

instances supported 1-10

interface state, blocking to forwarding 1-2

interoperability and compatibility among modes 1-11

interoperability with IEEE 802.1D

described 1-8

restarting migration process 1-26

IST

defined 1-2

master 1-3

operations within a region 1-3

loop guard

described 1-11

enabling 1-18

mapping VLANs to MST instance 1-17

MST region

CIST 1-3

configuring 1-16

described 1-2

hop-count mechanism 1-5

IST 1-2

supported spanning-tree instances 1-2

optional features supported 1-9

overview 1-2

Port Fast

described 1-2

enabling 1-12

preventing root switch selection 1-10

root guard

described 1-10

enabling 1-18

root switch

configuring 1-18

effects of extended system ID 1-18

unexpected behavior 1-18

shutdown Port Fast-enabled port 1-2

stack changes, effects of 1-8

status, displaying 1-27

MTU

system 1-41

system jumbo 1-41

system routing 1-41

multiauth

support for inaccessible authentication bypass 1-23

multiauth mode

See multiple-authentication mode

multicast groups

Immediate Leave 1-6

joining 1-3

leaving 1-5

static joins 1-10, 1-8

multicast packets

ACLs on 1-43

blocking 1-8

multicast router interfaces, monitoring 1-17

multicast router ports, adding 1-9, 1-8

Multicast Source Discovery Protocol

See MSDP

multicast storm 1-1

multicast storm-control command 1-4

multicast television application 1-18

multicast VLAN 1-17

Multicast VLAN Registration

See MVR

multidomain authentication

See MDA

multioperations scheduling, IP SLAs 1-5

multiple authentication 1-12

Multiple HSRP

See MHSRP

multiple VPN routing/forwarding in customer edge devices

See multi-VRF CE

multi-VRF CE

configuration example 1-87

configuration guidelines 1-79

configuring 1-79

default configuration 1-79, 1-41

defined 1-76

displaying 1-91

monitoring 1-91

network components 1-79

packet-forwarding process 1-78

support for 1-16

MVR

and address aliasing 1-20

and IGMPv3 1-21

configuring interfaces 1-22

default configuration 1-20

described 1-17

example application 1-18

in the switch stack 1-20

modes 1-21

multicast television application 1-18

setting global parameters 1-21

support for 1-5

N

NAC

AAA down policy 1-13

critical authentication 1-23, 1-63

IEEE 802.1x authentication using a RADIUS server 1-68

IEEE 802.1x validation using RADIUS server 1-68

inaccessible authentication bypass 1-13, 1-63

Layer 2 IEEE 802.1x validation 1-13, 1-68

Layer 2 IEEE802.1x validation 1-30

Layer 2 IP validation 1-13

named IPv4 ACLs 1-16

named IPv6 ACLs 1-3

NameSpace Mapper

See NSM

native VLAN

and IEEE 802.1Q tunneling 1-4

configuring 1-21

default 1-21

NDAC 1-9, 1-2

defined 1-9

MACsec 1-1

NEAT

configuring 1-69

overview 1-33

neighbor discovery, IPv6 1-4

neighbor discovery/recovery, EIGRP 1-38

neighbor offset numbers, REP 1-4

neighbors, BGP 1-60

Network Admission Control

See NAC

Network Assistant

benefits 1-2

described 1-6

downloading image files 1-3

guide mode 1-3

management options 1-3

managing switch stacks 1-3, 1-17

upgrading a switch 1-25

wizards 1-3

network configuration examples

cost-effective wiring closet 1-24

high-performance wiring closet 1-26

increasing network performance 1-23

large network 1-32

long-distance, high-bandwidth transport 1-36

multidwelling network 1-35

providing network services 1-23

redundant Gigabit backbone 1-28

server aggregation and Linux server cluster 1-28

small to medium-sized network 1-30

network design

performance 1-23

services 1-23

Network Device Admission Control (NDAC) 1-9, 1-2

Network Edge Access Topology

See NEAT

network management

CDP 1-1

RMON 1-1

SNMP 1-1

network performance, measuring with IP SLAs 1-3

network policy TLV 1-2

Network Time Protocol

See NTP

no commands 1-4

nonhierarchical policy maps

configuration guidelines 1-41

configuring 1-59

described 1-10

non-IP traffic filtering 1-29

nontrunking mode 1-16

normal-range VLANs 1-4

configuration guidelines 1-6

configuring 1-4

defined 1-1

no switchport command 1-5

not-so-stubby areas

See NSSA

NSAPs, as ISO IGRP addresses 1-67

NSF Awareness

IS-IS 1-69

NSM 1-3

NSSA, OSPF 1-33

NTP

associations

defined 1-2

overview 1-2

stratum 1-2

support for 1-7

time

services 1-2

synchronizing 1-2

O

OBFL

configuring 1-27

described 1-27

displaying 1-28

object tracking

HSRP 1-7

IP SLAs 1-9

IP SLAs, configuring 1-9

monitoring 1-12

offline configuration for switch stacks 1-8

off mode, VTP 1-4

on-board failure logging

See OBFL

online diagnostics

described 1-1

overview 1-1

running tests 1-5

open1x

configuring 1-74

open1x authentication

overview 1-31

Open Shortest Path First

See OSPF

optimizing system resources 1-1

options, management 1-6

OSPF

area parameters, configuring 1-33

configuring 1-31

default configuration

metrics 1-34

route 1-34

settings 1-28

described 1-27

for IPv6 1-13

interface parameters, configuring 1-32

LSA group pacing 1-36

monitoring 1-37

router IDs 1-36

route summarization 1-34

support for 1-16

virtual links 1-34

out-of-profile markdown 1-15

P

packet modification, with QoS 1-22

PAgP

Layer 2 protocol tunneling 1-10

See EtherChannel

parallel paths, in routing tables 1-93

passive interfaces

configuring 1-103

OSPF 1-35

passwords

default configuration 1-2

disabling recovery of 1-5

encrypting 1-3

for security 1-11

in clusters 1-14

overview 1-1

recovery of 1-3

setting

enable 1-3

enable secret 1-3

Telnet 1-6

with usernames 1-6

VTP domain 1-10

path cost

MSTP 1-21

STP 1-21

path MTU discovery 1-4

payload encryption 1-1

PBR

defined 1-99

enabling 1-101

fast-switched policy-based routing 1-102

local policy-based routing 1-102

PC (passive command switch) 1-10

peers, BGP 1-60

percentage thresholds in tracked lists 1-6

performance, network design 1-23

performance features 1-4

persistent self-signed certificate 1-49

per-user ACLs and Filter-Ids 1-8

per-VLAN spanning-tree plus

See PVST+

PE to CE routing, configuring 1-86, 1-45

physical ports 1-3

PIM

default configuration 1-11

dense mode

overview 1-4

rendezvous point (RP), described 1-5

RPF lookups 1-9

enabling a mode 1-13

overview 1-4

router-query message interval, modifying 1-38

shared tree and source tree, overview 1-35

shortest path tree, delaying the use of 1-37

sparse mode

join messages and shared tree 1-5

overview 1-5

prune messages 1-5

RPF lookups 1-9

stub routing

configuration guidelines 1-22

enabling 1-23

overview 1-5

support for 1-17

versions

interoperability 1-11

troubleshooting interoperability problems 1-35

v2 improvements 1-4

PIM-DVMRP, as snooping method 1-9

ping

character output description 1-16

executing 1-15

overview 1-15

PoE

auto mode 1-10

CDP with power consumption, described 1-8

CDP with power negotiation, described 1-8

Cisco intelligent power management 1-8

configuring 1-33

devices supported 1-7

high-power devices operating in low-power mode 1-8

IEEE power classification levels 1-9

monitoring 1-11

monitoring power 1-36

policing power consumption 1-36

policing power usage 1-11

power budgeting 1-35

power consumption 1-35

powered-device detection and initial power allocation 1-8

power management modes 1-10

power negotiation extensions to CDP 1-8

standards supported 1-8

static mode 1-10

supported watts per port 1-7

troubleshooting 1-13

policed-DSCP map for QoS 1-76

policers

configuring

for each matched traffic class 1-59

for more than one traffic class 1-72

described 1-4

number of 1-42

types of 1-10

policing

described 1-4

hierarchical

See hierarchical policy maps

token-bucket algorithm 1-10

policy-based routing

See PBR

policy maps for QoS

characteristics of 1-60

described 1-8

hierarchical 1-9

hierarchical on SVIs

configuration guidelines 1-41

configuring 1-64

described 1-12

nonhierarchical on physical ports

configuration guidelines 1-41

configuring 1-59

described 1-10

POP 1-35

port ACLs

defined 1-3

types of 1-4

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting 1-14

authentication server

defined 1-3, 1-2

RADIUS server 1-3

client, defined 1-3, 1-2

configuration guidelines 1-39, 1-9

configuring

802.1x authentication 1-44

guest VLAN 1-60

host mode 1-47

inaccessible authentication bypass 1-63

manual re-authentication of a client 1-49

periodic re-authentication 1-48

quiet period 1-49

RADIUS server 1-47, 1-13

RADIUS server parameters on the switch 1-46, 1-11

restricted VLAN 1-62

switch-to-client frame-retransmission number 1-50, 1-51

switch-to-client retransmission time 1-50

violation modes 1-43 to 1-44

default configuration 1-38, 1-9

described 1-1

device roles 1-3, 1-2

displaying statistics 1-76, 1-17

downloadable ACLs and redirect URLs

configuring 1-71 to 1-73, ?? to 1-73

overview 1-18 to 1-20

EAPOL-start frame 1-6

EAP-request/identity frame 1-6

EAP-response/identity frame 1-6

enabling

802.1X authentication 1-11

encapsulation 1-3

flexible authentication ordering

configuring 1-74

overview 1-31

guest VLAN

configuration guidelines 1-21, 1-22

described 1-21

host mode 1-12

inaccessible authentication bypass

configuring 1-63

described 1-23

guidelines 1-40

initiation and message exchange 1-6

magic packet 1-28

maximum number of allowed devices per port 1-41

method lists 1-44

multiple authentication 1-12

multiple-hosts mode, described 1-12

per-user ACLs

AAA authorization 1-44

configuration tasks 1-18

described 1-17

RADIUS server attributes 1-17

ports

authorization state and dot1x port-control command 1-11

authorized and unauthorized 1-10

voice VLAN 1-28

port security

described 1-28

readiness check

configuring 1-41

described 1-15, 1-41

resetting to default values 1-76

stack changes, effects of 1-11

statistics, displaying 1-76

switch

as proxy 1-3, 1-2

RADIUS client 1-3

switch supplicant

configuring 1-69

overview 1-33

user distribution

guidelines 1-27

overview 1-27

VLAN assignment

AAA authorization 1-44

characteristics 1-16

configuration tasks 1-17

described 1-16

voice aware 802.1x security

configuring 1-42

described 1-34, 1-42

voice VLAN

described 1-28

PVID 1-28

VVID 1-28

wake-on-LAN, described 1-28

port-based authentication methods, supported 1-8

port-based trust

IPv4 and IPv6 1-3

port blocking 1-5, 1-7

port-channel

See EtherChannel

port description TLV 1-2

Port Fast

described 1-2

enabling 1-12

mode, spanning tree 1-27

support for 1-9

port membership modes, VLAN 1-3

port priority

MSTP 1-20

STP 1-19

ports

10-Gigabit Ethernet 1-7

access 1-3

blocking 1-7

dynamic access 1-4

protected 1-6

REP 1-6

routed 1-4

secure 1-9

static-access 1-3, 1-9

switch 1-3

trunks 1-3, 1-15

VLAN assignments 1-9

port security

aging 1-17

and other features 1-11

and private VLANs 1-18

and QoS trusted boundary 1-46

and stacking 1-18

configuration guidelines 1-11

configuring 1-13

default configuration 1-11

described 1-8

on trunk ports 1-14

sticky learning 1-9

violations 1-10

port-shutdown response, VMPS 1-26

port VLAN ID TLV 1-2

power management TLV 1-3

Power over Ethernet

See PoE

power supply

configuring 1-45

managing 1-45

preempt delay time, REP 1-5

preemption, default configuration 1-8

preemption delay, default configuration 1-8

preferential treatment of traffic

See QoS

prefix lists, BGP 1-58

preventing unauthorized access 1-1

primary edge port, REP 1-4

primary interface for object tracking, DHCP, configuring 1-11

primary interface for static routing, configuring 1-10

primary links 1-2

primary VLANs 1-1, 1-3

priority

HSRP 1-8

overriding CoS 1-6

trusting CoS 1-6

private VLAN edge ports

See protected ports

private VLANs

across multiple switches 1-4

and SDM template 1-4

and SVIs 1-5

and switch stacks 1-5

benefits of 1-1

community ports 1-2

community VLANs 1-2, 1-3

configuration guidelines 1-7, 1-8

configuration tasks 1-6

configuring 1-10

default configuration 1-6

end station access to 1-3

IP addressing 1-3

isolated port 1-2

isolated VLANs 1-2, 1-3

mapping 1-13

monitoring 1-15

ports

community 1-2

configuration guidelines 1-8

configuring host ports 1-11

configuring promiscuous ports 1-13

isolated 1-2

promiscuous 1-2

primary VLANs 1-1, 1-3

promiscuous ports 1-2

secondary VLANs 1-2

subdomains 1-1

traffic in 1-5

privilege levels

changing the default for lines 1-9

command switch 1-17

exiting 1-9

logging into 1-9

mapping on member switches 1-17

overview 1-2, 1-7

setting a command with 1-8

promiscuous ports

configuring 1-13

defined 1-2

protected ports 1-11, 1-6

protocol-dependent modules, EIGRP 1-38

Protocol-Independent Multicast Protocol

See PIM

protocol storm protection 1-19

provider edge devices 1-77

provisioning new members for a switch stack 1-8

proxy ARP

configuring 1-13

definition 1-11

with IP routing disabled 1-13

proxy reports 1-3

pruning, VTP

disabling

in VTP domain 1-16

on a port 1-21

enabling

in VTP domain 1-16

on a port 1-21

examples 1-7

overview 1-6

pruning-eligible list

changing 1-21

for VTP pruning 1-6

VLANs 1-16

PVST+

described 1-10

IEEE 802.1Q trunking interoperability 1-12

instances supported 1-10

Q

QoS

and MQC commands 1-1

auto-QoS

categorizing traffic 1-24

configuration and defaults display 1-36

configuration guidelines 1-33

described 1-23

disabling 1-35

displaying generated commands 1-35

displaying the initial configuration 1-36

effects on running configuration 1-33

egress queue defaults 1-25

list of generated commands 1-26

basic model 1-4

classification

class maps, described 1-8

defined 1-4

DSCP transparency, described 1-47

flowchart 1-7

forwarding treatment 1-3

in frames and packets 1-3

IP ACLs, described 1-7, 1-8

MAC ACLs, described 1-5, 1-8

options for IP traffic 1-6

options for non-IP traffic 1-5

policy maps, described 1-8

trust DSCP, described 1-5

trusted CoS, described 1-5

trust IP precedence, described 1-5

class maps

configuring 1-55

configuration guidelines

auto-QoS 1-33

standard QoS 1-40

configuring

aggregate policers 1-72

auto-QoS 1-23

default port CoS value 1-45

DSCP maps 1-74

DSCP transparency 1-47

DSCP trust states bordering another domain 1-48

egress queue characteristics 1-84

ingress queue characteristics 1-80

IP extended ACLs 1-51

IP standard ACLs 1-50

MAC ACLs 1-54

policy maps, hierarchical 1-64

policy maps on physical ports 1-59

port trust states within the domain 1-44

trusted boundary 1-46

default auto configuration 1-24

default standard configuration 1-37

DSCP transparency 1-47

egress queues

allocating buffer space 1-85

buffer allocation scheme, described 1-20

configuring shaped weights for SRR 1-89

configuring shared weights for SRR 1-90

described 1-4

displaying the threshold map 1-88

flowchart 1-19

mapping DSCP or CoS values 1-87

scheduling, described 1-4

setting WTD thresholds 1-85

WTD, described 1-22

enabling globally 1-43

flowcharts

classification 1-7

egress queueing and scheduling 1-19

ingress queueing and scheduling 1-16

policing and marking 1-11

implicit deny 1-8

ingress queues

allocating bandwidth 1-82

allocating buffer space 1-82

buffer and bandwidth allocation, described 1-18

configuring shared weights for SRR 1-82

configuring the priority queue 1-83

described 1-4

displaying the threshold map 1-81

flowchart 1-16

mapping DSCP or CoS values 1-81

priority queue, described 1-18

scheduling, described 1-4

setting WTD thresholds 1-81

WTD, described 1-18

IP phones

automatic classification and queueing 1-23

detection and trusted settings 1-23, 1-46

limiting bandwidth on egress interface 1-91

mapping tables

CoS-to-DSCP 1-74

DSCP-to-CoS 1-77

DSCP-to-DSCP-mutation 1-78

IP-precedence-to-DSCP 1-75

policed-DSCP 1-76

types of 1-13

marked-down actions 1-62

marking, described 1-4, 1-9

overview 1-2

packet modification 1-22

policers

configuring 1-62, 1-72

described 1-9

number of 1-42

types of 1-10

policies, attaching to an interface 1-9

policing

described 1-4, 1-9

token bucket algorithm 1-10

policy maps

characteristics of 1-60

hierarchical 1-9

hierarchical on SVIs 1-64

nonhierarchical on physical ports 1-59

QoS label, defined 1-4

queues

configuring egress characteristics 1-84

configuring ingress characteristics 1-80

high priority (expedite) 1-22, 1-90

location of 1-14

SRR, described 1-15

WTD, described 1-15

rewrites 1-22

support for 1-15

trust states

bordering another domain 1-48

described 1-5

trusted device 1-46

within the domain 1-44

quality of service

See QoS

queries, IGMP 1-4

query solicitation, IGMP 1-13

R

RADIUS

attributes

vendor-proprietary 1-36

vendor-specific 1-35

configuring

accounting 1-34

authentication 1-29

authorization 1-33

communication, global 1-27, 1-35

communication, per-server 1-27

multiple UDP ports 1-27

default configuration 1-27

defining AAA server groups 1-31

displaying the configuration 1-39

identifying the server 1-27

in clusters 1-16

limiting the services to the user 1-33

method list, defined 1-26

operation of 1-19

overview 1-18

server load balancing 1-39

suggested network environments 1-18

support for 1-13

tracking services accessed by user 1-34

RADIUS Change of Authorization 1-20

range

macro 1-22

of interfaces 1-21

rapid convergence 1-10

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described 1-10

IEEE 802.1Q trunking interoperability 1-12

instances supported 1-10

Rapid Spanning Tree Protocol

See RSTP

RARP 1-11

rcommand command 1-16

RCP

configuration files

downloading 1-18

overview 1-17

preparing the server 1-17

uploading 1-19

image files

deleting old image 1-38

downloading 1-37

preparing the server 1-36

uploading 1-38

reachability, tracking IP SLAs IP host 1-9

readiness check

port-based authentication

configuring 1-41

described 1-15, 1-41

reconfirmation interval, VMPS, changing 1-29

reconfirming dynamic VLAN membership 1-29

redirect URL 1-18, 1-20, 1-71

redundancy

EtherChannel 1-3

HSRP 1-1

STP

backbone 1-9

multidrop backbone 1-5

path cost 1-24

port priority 1-22

redundant links and UplinkFast 1-15

redundant power system

See Cisco Redundant Power System 2300

reliable transport protocol, EIGRP 1-38

reloading software 1-23

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN 1-3

REP

administrative VLAN 1-8

administrative VLAN, configuring 1-8

age timer 1-8

and STP 1-6

configuration guidelines 1-7

configuring interfaces 1-9

convergence 1-4

default configuration 1-7

manual preemption, configuring 1-13

monitoring 1-14

neighbor offset numbers 1-4

open segment 1-2

ports 1-6

preempt delay time 1-5

primary edge port 1-4

ring segment 1-2

secondary edge port 1-4

segments 1-1

characteristics 1-2

SNMP traps, configuring 1-13

supported interfaces 1-1

triggering VLAN load balancing 1-5

verifying link integrity 1-3

VLAN blocking 1-12

VLAN load balancing 1-4

report suppression, IGMP

described 1-6

disabling 1-16, 1-11

resequencing ACL entries 1-16

reserved addresses in DHCP pools 1-28

resets, in BGP 1-52

resetting a UDLD-shutdown interface 1-6

Resilient Ethernet Protocol

See REP

responder, IP SLAs

described 1-4

enabling 1-7

response time, measuring with IP SLAs 1-4

restricted VLAN

configuring 1-62

described 1-22

using with IEEE 802.1x 1-22

restricting access

overview 1-1

passwords and privilege levels 1-2

RADIUS 1-17

TACACS+ 1-10

retry count, VMPS, changing 1-30

reverse address resolution 1-10

Reverse Address Resolution Protocol

See RARP

RFC

1058, RIP 1-21

1112, IP multicast and IGMP 1-2

1157, SNMPv1 1-2

1163, BGP 1-45

1166, IP addresses 1-7

1253, OSPF 1-27

1267, BGP 1-45

1305, NTP 1-2

1587, NSSAs 1-27

1757, RMON 1-2

1771, BGP 1-45

1901, SNMPv2C 1-2

1902 to 1907, SNMPv2 1-2

2236, IP multicast and IGMP 1-2

2273-2275, SNMPv3 1-2

RFC 5176 Compliance 1-21

RIP

advertisements 1-21

authentication 1-24

configuring 1-22

default configuration 1-22

described 1-21

for IPv6 1-12

hop counts 1-21

split horizon 1-24

summary addresses 1-25

support for 1-16

RMON

default configuration 1-3

displaying status 1-6

enabling alarms and events 1-3

groups supported 1-2

overview 1-1

statistics

collecting group Ethernet 1-5

collecting group history 1-5

support for 1-18

root guard

described 1-10

enabling 1-18

support for 1-10

root switch

MSTP 1-18

STP 1-17

route calculation timers, OSPF 1-35

route dampening, BGP 1-64

routed packets, ACLs on 1-43

routed ports

configuring 1-5

defined 1-4

in switch clusters 1-8

IP addresses on 1-39, 1-6

route-map command 1-102

route maps

BGP 1-56

policy-based routing 1-100

router ACLs

defined 1-3

types of 1-5

route reflectors, BGP 1-63

router ID, OSPF 1-36

route selection, BGP 1-54

route summarization, OSPF 1-34

route targets, VPN 1-79

routing

default 1-3

dynamic 1-3

redistribution of information 1-96

static 1-3

routing domain confederation, BGP 1-63

Routing Information Protocol

See RIP

routing protocol administrative distances 1-94

RPS

See Cisco Redundant Power System 2300

RPS 2300

See Cisco Redundant Power System 2300

RSPAN 1-3

and stack changes 1-11

characteristics 1-9

configuration guidelines 1-19

default configuration 1-12

destination ports 1-8

displaying status 1-31

in a switch stack 1-3

interaction with other features 1-10

monitored ports 1-7

monitoring ports 1-8

overview 1-18, 1-1

received traffic 1-6

session limits 1-13

sessions

creating 1-20

defined 1-4

limiting source traffic to specific VLANs 1-22

specifying monitored ports 1-20

with ingress traffic enabled 1-25

source ports 1-7

transmitted traffic 1-6

VLAN-based 1-7

RSTP

active topology 1-9

BPDU

format 1-12

processing 1-13

designated port, defined 1-9

designated switch, defined 1-9

interoperability with IEEE 802.1D

described 1-8

restarting migration process 1-26

topology changes 1-13

overview 1-9

port roles

described 1-9

synchronized 1-11

proposal-agreement handshake process 1-10

rapid convergence

cross-stack rapid convergence 1-11

described 1-10

edge ports and Port Fast 1-10

point-to-point links 1-10, 1-25

root ports 1-10

root port, defined 1-9

See also MSTP

running configuration

replacing 1-20, 1-21

rolling back 1-20, 1-22

saving 1-16

S

SAP

defined 1-9

negotiation 1-9

support 1-1

SC (standby command switch) 1-10

scheduled reloads 1-23

scheduling, IP SLAs operations 1-5

SCP

and SSH 1-55

configuring 1-55

SDM

described 1-1

switch stack consideration 1-11

templates

configuring 1-6

number of 1-1

SDM template

configuring 1-5

dual IPv4 and IPv6 1-3

types of 1-1

secondary edge port, REP 1-4

secondary VLANs 1-2

Secure Copy Protocol

secure HTTP client

configuring 1-54

displaying 1-54

secure HTTP server

configuring 1-52

displaying 1-54

secure MAC addresses

and switch stacks 1-18

deleting 1-16

maximum number of 1-10

types of 1-9

secure ports

and switch stacks 1-18

configuring 1-9

secure remote connections 1-44

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port 1-8

Security Exchange Protocol

See SXP

Security Exchange Protocol

See SAP

Security Exchange Protocol (SXP) 1-2

security features 1-11

Security Group Access Control List (SGACL) 1-2

Security Group Tag (SGT) 1-2

See SCP

sequence numbers in log messages 1-8

server mode, VTP 1-3

service-provider network, MSTP and RSTP 1-1

service-provider networks

and customer VLANs 1-2

and IEEE 802.1Q tunneling 1-1

Layer 2 protocols across 1-8

Layer 2 protocol tunneling for EtherChannels 1-10

session keys, MKA 1-2

set-request operation 1-5

setup program

failed command switch replacement 1-11

replacing failed command switch 1-9

severity levels, defining in system messages 1-9

SFPs

monitoring status of 1-14

numbering of 1-20

security and identification 1-14

status, displaying 1-14

SGACL 1-2

SGT 1-2

shaped round robin

See SRR

show access-lists hw-summary command 1-23

show and more command output, filtering 1-9

show cluster members command 1-16

show configuration command 1-38

show forward command 1-22

show interfaces command 1-31, 1-38

show interfaces switchport 1-4

show l2protocol command 1-14, 1-16, 1-17

show platform forward command 1-22

show running-config command

displaying ACLs 1-34, 1-36

interface description in 1-38

shutdown command on interfaces 1-53

shutdown threshold for Layer 2 protocol packets 1-12

Simple Network Management Protocol

See SNMP

single session ID 1-35

Slow timer, configuring BFD 1-15

small form-factor pluggable modules

See SFPs

small-frame arrival rate, configuring 1-5

smart logging 1-1, 1-14

SNAP 1-1

SNMP

accessing MIB variables with 1-4

agent

described 1-4

disabling 1-9

and IP SLAs 1-2

authentication level 1-12

community strings

configuring 1-9

for cluster switches 1-4

overview 1-4

configuration examples 1-19

default configuration 1-8

engine ID 1-8

groups 1-8, 1-11

host 1-8

ifIndex values 1-6

in-band management 1-8

in clusters 1-14

informs

and trap keyword 1-14

described 1-5

differences from traps 1-5

disabling 1-17

enabling 1-17

limiting access by TFTP servers 1-19

limiting system log messages to NMS 1-10

manager functions 1-6, 1-3

managing clusters with 1-17

notifications 1-5

overview 1-1, 1-4

security levels 1-3

setting CPU threshold notification 1-18

status, displaying 1-21

system contact and location 1-18

trap manager, configuring 1-16

traps

described 1-5

differences from informs 1-5

disabling 1-17

enabling 1-14

enabling MAC address notification 1-15, 1-17, 1-18

overview 1-1, 1-5

types of 1-14

users 1-8, 1-11

versions supported 1-2

SNMP and Syslog Over IPv6 1-14

SNMP traps

REP 1-13

SNMPv1 1-2

SNMPv2C 1-2

SNMPv3 1-3

snooping, IGMP 1-2

software compatibility

See stacks, switch

software images

location in flash 1-26

recovery procedures 1-2

scheduling reloads 1-24

tar file format, described 1-26

See also downloading and uploading

software images in mixed stacks

See the Cisco Software Activation and Compatibility Document

source-and-destination-IP address based forwarding, EtherChannel 1-9

source-and-destination MAC address forwarding, EtherChannel 1-9

source-IP address based forwarding, EtherChannel 1-9

source-MAC address forwarding, EtherChannel 1-8

Source-specific multicast

See SSM

SPAN

and stack changes 1-11

configuration guidelines 1-13

default configuration 1-12

destination ports 1-8

displaying status 1-31

interaction with other features 1-10

monitored ports 1-7

monitoring ports 1-8

overview 1-18, 1-1

ports, restrictions 1-12

received traffic 1-6

session limits 1-13

sessions

configuring ingress forwarding 1-17, 1-26

creating 1-14, 1-28

defined 1-4

limiting source traffic to specific VLANs 1-18

removing destination (monitoring) ports 1-15

specifying monitored ports 1-14, 1-28

with ingress traffic enabled 1-16

source ports 1-7

transmitted traffic 1-6

VLAN-based 1-7

spanning tree and native VLANs 1-17

Spanning Tree Protocol

See STP

SPAN traffic 1-6

split horizon, RIP 1-24

SRR

configuring

shaped weights on egress queues 1-89

shared weights on egress queues 1-90

shared weights on ingress queues 1-82

described 1-15

shaped mode 1-15

shared mode 1-16

support for 1-15, 1-16

SSH

configuring 1-45

described 1-8, 1-44

encryption methods 1-45

switch stack considerations 1-18

user authentication methods, supported 1-45

SSL

configuration guidelines 1-51

configuring a secure HTTP client 1-54

configuring a secure HTTP server 1-52

described 1-48

monitoring 1-54

SSM

address management restrictions 1-16

CGMP limitations 1-16

components 1-14

configuration guidelines 1-16

configuring 1-14, 1-17

differs from Internet standard multicast 1-14

IGMP snooping 1-16

IGMPv3 1-14

IGMPv3 Host Signalling 1-15

IP address range 1-15

monitoring 1-17

operations 1-15

PIM 1-14

state maintenance limitations 1-16

SSM mapping 1-17

configuration guidelines 1-17

configuring 1-17, 1-19

DNS-based 1-18, 1-20

monitoring 1-22

overview 1-18

restrictions 1-18

static 1-18, 1-20

static traffic forwarding 1-21

stack changes

effects on

IPv6 routing 1-16

stack changes, effects on

ACL configuration 1-7

CDP 1-2

cross-stack EtherChannel 1-13

EtherChannel 1-10

fallback bridging 1-3

HSRP 1-5

IEEE 802.1x port-based authentication 1-11

IGMP snooping 1-7

IP routing 1-4

IPv6 ACLs 1-3

MAC address tables 1-14

MSTP 1-8

multicast routing 1-10

MVR 1-18

port security 1-18

SDM template selection 1-4

SNMP 1-1

SPAN and RSPAN 1-11

STP 1-12

switch clusters 1-14

system message log 1-2

VLANs 1-6

VTP 1-8

stacking

and MACsec 1-3

stack master

bridge ID (MAC address) 1-7

defined 1-2

election 1-6

IPv6 1-16

re-election 1-6

See also stacks, switch

stack member

accessing CLI of specific member 1-30

configuring

member number 1-26

priority value 1-26

defined 1-2

displaying information of 1-30

IPv6 1-17

number 1-7

priority value 1-8

provisioning a new member 1-27

replacing 1-16

See also stacks, switch

stack member number 1-19

stack protocol version 1-12

stacks, switch

accessing CLI of specific member 1-30

assigning information

member number 1-26

priority value 1-26

provisioning a new member 1-27

auto-advise 1-13

auto-copy 1-13

auto-extract 1-13

auto-upgrade 1-12

bridge ID 1-7

Catalyst 3750-E-only 1-2

Catalyst 3750-X-only 1-2

CDP considerations 1-2

compatibility, software 1-11

configuration file 1-16

configuration scenarios 1-19

copying an image file from one member to another 1-39

default configuration 1-24

description of 1-2

displaying information of 1-30

enabling persistent MAC address timer 1-24

hardware compatibility and SDM mismatch mode 1-11

HSRP considerations 1-5

in clusters 1-14

incompatible software and image upgrades 1-15, 1-39

IPv6 on 1-16

MAC address considerations 1-14

MAC address of 1-24

management connectivity 1-17

managing 1-1

managing mixed

See Catalyst 3750-E and 3750 Switch Stacking Compatibility Guide

membership 1-4

merged 1-5

mixed

hardware 1-2

hardware and software 1-2

software 1-2

with Catalyst 3750-E and 3750 switches 1-2

mixed software images

See Cisco Software Activation and Compatibility Document

MSTP instances supported 1-10

multicast routing, stack master and member roles 1-10

offline configuration

described 1-8

effects of adding a provisioned switch 1-9

effects of removing a provisioned switch 1-11

effects of replacing a provisioned switch 1-11

provisioned configuration, defined 1-8

provisioned switch, defined 1-8

provisioning a new member 1-27

partitioned 1-5, 1-8

provisioned switch

adding 1-9

removing 1-11

replacing 1-11

replacing a failed member 1-16

software compatibility 1-11

software image version 1-11

stack protocol version 1-12

STP

bridge ID 1-3

instances supported 1-10

root port selection 1-3

stack root switch election 1-3

system messages

hostnames in the display 1-1

remotely monitoring 1-2

system prompt consideration 1-7

system-wide configuration considerations 1-16

upgrading 1-39

version-mismatch (VM) mode

automatic upgrades with auto-upgrade 1-12

described 1-12

examples 1-13

manual upgrades with auto-advise 1-13

upgrades with auto-extract 1-13

See also stack master and stack member

StackWise Plus technology, Cisco 1-3

See also stacks, switch

standby command switch

configuring

considerations 1-11

defined 1-2

priority 1-10

requirements 1-3

virtual IP address 1-11

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

standby ip command 1-6

standby links 1-2

standby router 1-2

standby timers, HSRP 1-10

startup configuration

booting

manually 1-19

specific image 1-20

clearing 1-20

configuration file

automatically downloading 1-18

specifying the filename 1-19

default boot configuration 1-18

static access ports

assigning to VLAN 1-9

defined 1-3

static addresses

See addresses

static IP routing 1-17

static MAC addressing 1-11

static route primary interface, configuring 1-10

static routes

configuring 1-94

understanding 1-12

static routing 1-3

static routing support, enhanced object tracking 1-10

static SSM mapping 1-18, 1-20

static traffic forwarding 1-21

static VLAN membership 1-2

statistics

802.1X 1-17

CDP 1-5

IEEE 802.1x 1-76

interface 1-52

IP multicast routing 1-63

MKA 1-5

OSPF 1-37

RMON group Ethernet 1-5

RMON group history 1-5

SNMP input and output 1-21

VTP 1-18

sticky learning 1-9

storm control

configuring 1-3

described 1-1

disabling 1-5

support for 1-5

thresholds 1-2

STP

accelerating root port selection 1-4

and REP 1-6

BackboneFast

described 1-7

disabling 1-17

enabling 1-16

BPDU filtering

described 1-3

disabling 1-15

enabling 1-14

BPDU guard

described 1-2

disabling 1-14

enabling 1-13

BPDU message exchange 1-3

configuration guidelines 1-14, 1-12

configuring

forward-delay time 1-24

hello time 1-23

maximum aging time 1-24

path cost 1-21

port priority 1-19

root switch 1-17

secondary root switch 1-18

spanning-tree mode 1-15

switch priority 1-22

transmit hold-count 1-25

counters, clearing 1-25

cross-stack UplinkFast

described 1-5

enabling 1-16

default configuration 1-13

default optional feature configuration 1-12

designated port, defined 1-4

designated switch, defined 1-4

detecting indirect link failures 1-8

disabling 1-16

displaying status 1-25

EtherChannel guard

described 1-10

disabling 1-17

enabling 1-17

extended system ID

effects on root switch 1-17

effects on the secondary root switch 1-18

overview 1-5

unexpected behavior 1-17

features supported 1-9

IEEE 802.1D and bridge ID 1-5

IEEE 802.1D and multicast addresses 1-9

IEEE 802.1t and VLAN identifier 1-5

inferior BPDU 1-3

instances supported 1-10

interface state, blocking to forwarding 1-2

interface states

blocking 1-6

disabled 1-8

forwarding 1-6, 1-7

learning 1-7

listening 1-7

overview 1-5

interoperability and compatibility among modes 1-11

keepalive messages 1-3

Layer 2 protocol tunneling 1-8

limitations with IEEE 802.1Q trunks 1-12

load sharing

overview 1-22

using path costs 1-24

using port priorities 1-22

loop guard

described 1-11

enabling 1-18

modes supported 1-10

multicast addresses, effect of 1-9

optional features supported 1-9

overview 1-2

path costs 1-24, 1-25

Port Fast

described 1-2

enabling 1-12

port priorities 1-23

preventing root switch selection 1-10

protocols supported 1-10

redundant connectivity 1-9

root guard

described 1-10

enabling 1-18

root port, defined 1-3

root port selection on a switch stack 1-3

root switch

configuring 1-17

effects of extended system ID 1-5, 1-17

election 1-3

unexpected behavior 1-17

shutdown Port Fast-enabled port 1-2

stack changes, effects of 1-12

status, displaying 1-25

superior BPDU 1-3

timers, described 1-23

UplinkFast

described 1-3

enabling 1-15

VLAN-bridge 1-12

stratum, NTP 1-2

stub areas, OSPF 1-33

stub routing, EIGRP 1-44

subdomains, private VLAN 1-1

subnet mask 1-8

subnet zero 1-8

success response, VMPS 1-26

summer time 1-6

SunNet Manager 1-6

supernet 1-9

supported port-based authentication methods 1-8

SVI autostate exclude

configuring 1-40

defined 1-6

SVI link state 1-6

SVIs

and IP unicast routing 1-5

and router ACLs 1-5

connecting VLANs 1-13

defined 1-5

routing between VLANs 1-2

switch 1-2

switch clustering technology 1-1

See also clusters, switch

switch console port 1-8

Switch Database Management

See SDM

switched packets, ACLs on 1-41

Switched Port Analyzer

See SPAN

switched ports 1-3

switchport backup interface 1-4, 1-5

switchport block multicast command 1-8

switchport block unicast command 1-8

switchport command 1-28

switchport mode dot1q-tunnel command 1-7

switchport protected command 1-7

switch priority

MSTP 1-22

STP 1-22

switch software features 1-1

switch virtual interface

See SVI

SXP 1-2

synchronization, BGP 1-50

syslog

See system message logging

system capabilities TLV 1-2

system clock

configuring

daylight saving time 1-6

manually 1-4

summer time 1-6

time zones 1-5

displaying the time and date 1-5

overview 1-2

See also NTP

system description TLV 1-2

system message logging

default configuration 1-4

defining error message severity levels 1-9

disabling 1-4

displaying the configuration 1-17

enabling 1-5

facility keywords, described 1-14

level keywords, described 1-10

limiting messages 1-10

message format 1-2

overview 1-1

sequence numbers, enabling and disabling 1-8

setting the display destination device 1-5

stack changes, effects of 1-2

synchronizing log messages 1-6

syslog facility 1-18

time stamps, enabling and disabling 1-8

UNIX syslog servers

configuring the daemon 1-12

configuring the logging facility 1-13

facilities supported 1-14

system MTU

and IS-IS LSPs 1-71

system MTU and IEEE 802.1Q tunneling 1-5

system name

default configuration 1-8

default setting 1-8

manual configuration 1-8

See also DNS

system name TLV 1-2

system prompt, default setting 1-7, 1-8

system resources, optimizing 1-1

system routing

IS-IS 1-67

ISO IGRP 1-67

T

TACACS+

accounting, defined 1-11

authentication, defined 1-11

authorization, defined 1-11

configuring

accounting 1-17

authentication key 1-13

authorization 1-16

login authentication 1-14

default configuration 1-13

displaying the configuration 1-17

identifying the server 1-13

in clusters 1-16

limiting the services to the user 1-16

operation of 1-12

overview 1-10

support for 1-13

tracking services accessed by user 1-17

tagged packets

IEEE 802.1Q 1-3

Layer 2 protocol 1-8

tar files

creating 1-7

displaying the contents of 1-7

extracting 1-8

image file format 1-26

TCL script, registering and defining with embedded event manager 1-7

TDR 1-18

Telnet

accessing management interfaces 1-10

number of connections 1-8

setting a password 1-6

templates, SDM 1-2

temporary self-signed certificate 1-49

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password 1-6

ternary content addressable memory 1-26

TFTP

configuration files

downloading 1-12

preparing the server 1-11

uploading 1-13

configuration files in base directory 1-8

configuring for autoconfiguration 1-7

image files

deleting 1-30

downloading 1-28

preparing the server 1-28

uploading 1-30

limiting access by servers 1-19

TFTP server 1-7

threshold, traffic level 1-2

threshold monitoring, IP SLAs 1-6

time

See NTP and system clock

Time Domain Reflector

See TDR

time-range command 1-18

time ranges in ACLs 1-18

time stamps in log messages 1-8

time zones 1-5

TLVs

defined 1-2

LLDP 1-2

LLDP-MED 1-2

Token Ring VLANs

support for 1-5

VTP support 1-5

ToS 1-15

traceroute, Layer 2

and ARP 1-17

and CDP 1-17

broadcast traffic 1-16

described 1-16

IP addresses and subnets 1-17

MAC addresses and VLANs 1-17

multicast traffic 1-17

multiple devices on a port 1-17

unicast traffic 1-16

usage guidelines 1-17

traceroute command

See also IP traceroute

tracked lists

configuring 1-3

types 1-3

tracked objects

by Boolean expression 1-4

by threshold percentage 1-6

by threshold weight 1-5

tracking interface line-protocol state 1-2

tracking IP routing state 1-2

tracking objects 1-1

tracking process 1-1

track state, tracking IP SLAs 1-9

traffic

blocking flooded 1-8

fragmented 1-6

fragmented IPv6 1-2

unfragmented 1-6

traffic policing 1-15

traffic suppression 1-2

transmit hold-count

see STP

transparent mode, VTP 1-4

trap-door mechanism 1-2

traps

configuring MAC address notification 1-15, 1-17, 1-18

configuring managers 1-14

enabling 1-15, 1-17, 1-18, 1-14

notification types 1-14

overview 1-1, 1-5

troubleshooting

connectivity problems 1-15, 1-16, 1-18

CPU utilization 1-30

detecting unidirectional links 1-1

displaying crash information 1-24

PIMv1 and PIMv2 interoperability problems 1-35

setting packet forwarding 1-22

SFP security and identification 1-14

show forward command 1-22

with CiscoWorks 1-4

with debug commands 1-20

with ping 1-15

with system message logging 1-1

with traceroute 1-18

trunk failover

See link-state tracking

trunking encapsulation 1-10

trunk ports

configuring 1-18

defined 1-4, 1-3

encapsulation 1-19, 1-23

trunks

allowed-VLAN list 1-19

configuring 1-19, 1-23

ISL 1-15

load sharing

setting STP path costs 1-24

using STP port priorities 1-22, 1-23

native VLAN for untagged traffic 1-21

parallel 1-24

pruning-eligible list 1-21

to non-DTP device 1-15

trusted boundary for QoS 1-46

trusted port states

between QoS domains 1-48

classification options 1-5

ensuring port security for IP phones 1-46

support for 1-15

within a QoS domain 1-44

trustpoints, CA 1-49

tunneling

defined 1-1

IEEE 802.1Q 1-1

Layer 2 protocol 1-8

tunnel ports

described 1-4, 1-2

IEEE 802.1Q, configuring 1-7

incompatibilities with other features 1-6

twisted-pair Ethernet, detecting unidirectional links 1-1

type of service

See ToS

U

UDLD

configuration guidelines 1-4

default configuration 1-4

disabling

globally 1-5

on fiber-optic interfaces 1-5

per interface 1-6

echoing detection mechanism 1-3

enabling

globally 1-5

per interface 1-6

Layer 2 protocol tunneling 1-11

link-detection mechanism 1-1

neighbor database 1-2

overview 1-1

resetting an interface 1-6

status, displaying 1-7

support for 1-9

UDP, configuring 1-17

UDP jitter, configuring 1-9

UDP jitter operation, IP SLAs 1-8

unauthorized ports with IEEE 802.1x 1-10

unicast MAC address filtering 1-7

and adding static addresses 1-21

and broadcast MAC addresses 1-21

and CPU packets 1-21

and multicast addresses 1-21

and router MAC addresses 1-21

configuration guidelines 1-21

described 1-21

unicast storm 1-1

unicast storm control command 1-4

unicast traffic, blocking 1-8

UniDirectional Link Detection protocol

See UDLD

universal software image 1-1

cryptographic 1-1

feature set

IP base 1-2

IP services 1-2

noncryptographic 1-1

UNIX syslog servers

daemon configuration 1-12

facilities supported 1-14

message logging configuration 1-13

unrecognized Type-Length-Value (TLV) support 1-5

upgrading software images

See downloading

UplinkFast

described 1-3

disabling 1-16

enabling 1-15

support for 1-9

uploading

configuration files

preparing 1-11, 1-14, 1-17

reasons for 1-9

using FTP 1-16

using RCP 1-19

using TFTP 1-13

image files

preparing 1-28, 1-31, 1-36

reasons for 1-25

using FTP 1-34

using RCP 1-38

using TFTP 1-30

USB flash devices 1-17

USB inactivity timer 1-16

USB port

mini-type B 1-14

USB ports 1-14

USB Type A port 1-9

USB type A port 1-17

User Datagram Protocol

See UDP

username-based authentication 1-6

Using Memory Consistency Check Routines 1-26

V

VACLs

logging

configuration example 1-40

version-dependent transparent mode 1-5

version-mismatch (VM) mode

automatic upgrades with auto-upgrade 1-12

described 1-12

displaying 1-12

manual upgrades with auto-advise 1-13

upgrades with auto-extract 1-13

virtual IP address

cluster standby group 1-11

command switch 1-11

virtual ports, MKA 1-3

Virtual Private Network

See VPN

virtual router 1-1, 1-2

virtual switches and PAgP 1-6

vlan.dat file 1-4

VLAN 1

disabling on a trunk port 1-20

minimization 1-20

VLAN ACLs

See VLAN maps

vlan-assignment response, VMPS 1-26

VLAN blocking, REP 1-12

VLAN configuration

at bootup 1-7

saving 1-7

VLAN database

and startup configuration file 1-7

and VTP 1-1

VLAN configuration saved in 1-7

VLANs saved in 1-4

vlan dot1q tag native command 1-5

VLAN filtering and SPAN 1-8

vlan global configuration command 1-6

VLAN ID, discovering 1-24

VLAN link state 1-6

VLAN load balancing

REP 1-4

VLAN load balancing, triggering 1-5

VLAN load balancing on flex links

configuration guidelines 1-8

described 1-2

VLAN management domain 1-2

VLAN Management Policy Server

See VMPS

VLAN map entries, order of 1-33

VLAN maps

applying 1-36

common uses for 1-36

configuration guidelines 1-33

configuring 1-32

creating 1-34

defined 1-3

denying access to a server example 1-38

denying and permitting packets 1-34

displaying 1-45

examples of ACLs and VLAN maps 1-34

removing 1-36

support for 1-12

wiring closet configuration example 1-37

VLAN membership

confirming 1-29

modes 1-3

VLAN Query Protocol

See VQP

VLANs

adding 1-8

adding to VLAN database 1-8

aging dynamic addresses 1-10

allowed on trunk 1-19

and spanning-tree instances 1-3, 1-6, 1-11

configuration guidelines, extended-range VLANs 1-11

configuration guidelines, normal-range VLANs 1-6

configuring 1-1

configuring IDs 1006 to 4094 1-11

connecting through SVIs 1-13

customer numbering in service-provider networks 1-3

default configuration 1-7

deleting 1-9

described 1-2, 1-1

displaying 1-14

extended-range 1-1, 1-10

features 1-10

illustrated 1-2

internal 1-11

in the switch stack 1-6

limiting source traffic with RSPAN 1-22

limiting source traffic with SPAN 1-18

modifying 1-8

multicast 1-17

native, configuring 1-21

normal-range 1-1, 1-4

number supported 1-10

parameters 1-5

port membership modes 1-3

static-access ports 1-9

STP and IEEE 802.1Q trunks 1-12

supported 1-2

Token Ring 1-5

traffic between 1-2

VLAN-bridge STP 1-12, 1-2

VTP modes 1-3

VLAN Trunking Protocol

See VTP

VLAN trunks 1-15

VMPS

administering 1-30

configuration example 1-31

configuration guidelines 1-27

default configuration 1-27

description 1-26

dynamic port membership

described 1-27

reconfirming 1-29

troubleshooting 1-31

entering server address 1-28

mapping MAC addresses to VLANs 1-26

monitoring 1-30

reconfirmation interval, changing 1-29

reconfirming membership 1-29

retry count, changing 1-30

voice aware 802.1x security

port-based authentication

configuring 1-42

described 1-34, 1-42

voice-over-IP 1-1

voice VLAN

Cisco 7960 phone, port connections 1-1

configuration guidelines 1-3

configuring IP phones for data traffic

override CoS of incoming frame 1-6

trust CoS priority of incoming frame 1-6

configuring ports for voice traffic in

802.1p priority tagged frames 1-5

IEEE 802.1Q frames 1-5

connecting to an IP phone 1-4

default configuration 1-3

described 1-1

displaying 1-7

IP phone data traffic, described 1-2

IP phone voice traffic, described 1-2

VPN

configuring routing in 1-86

forwarding 1-79

in service provider networks 1-76

routes 1-77

VPN routing and forwarding table

See VRF

VQP 1-10, 1-26

VRF

defining 1-79

tables 1-76

VRF-aware services

ARP 1-82

configuring 1-81

ftp 1-84

HSRP 1-82, 1-43

ping 1-82

RADIUS 1-83

SNMP 1-82

syslog 1-84

tftp 1-84

traceroute 1-84, 1-43

uRPF 1-83

VRFs, configuring multicast 1-85

VTP

adding a client to a domain 1-17

advertisements 1-17, 1-4

and extended-range VLANs 1-3, 1-2

and normal-range VLANs 1-2

client mode, configuring 1-13

configuration

requirements 1-11

saving 1-9

configuration requirements 1-11

configuration revision number

guideline 1-17

resetting 1-17

consistency checks 1-5

default configuration 1-9

described 1-1

domain names 1-9

domains 1-2

Layer 2 protocol tunneling 1-8

modes

client 1-3

off 1-4

server 1-3

transitions 1-3

transparent 1-4

monitoring 1-18

passwords 1-10

pruning

disabling 1-16

enabling 1-16

examples 1-7

overview 1-6

support for 1-10

pruning-eligible list, changing 1-21

server mode, configuring 1-11, 1-14

statistics 1-18

support for 1-10

Token Ring support 1-5

transparent mode, configuring 1-12

using 1-1

Version

enabling 1-15

version, guidelines 1-10

Version 1 1-5

Version 2

configuration guidelines 1-10

overview 1-5

Version 3

overview 1-5

W

WCCP

authentication 1-3

configuration guidelines 1-5

default configuration 1-5

described 1-2

displaying 1-10

dynamic service groups 1-3

enabling 1-6

features unsupported 1-5

forwarding method 1-3

Layer-2 header rewrite 1-3

MD5 security 1-3

message exchange 1-2

monitoring and maintaining 1-10

negotiation 1-3

packet redirection 1-3

packet-return method 1-3

redirecting traffic received from a client 1-6

setting the password 1-7

unsupported WCCPv2 features 1-5

web authentication