Catalyst 3750-X and Catalyst 3560-X Switch Software Configuration Guide, Cisco IOS Release 15.2(1)E
Index
Downloads: This chapterpdf (PDF - 1.99MB) The complete bookPDF (PDF - 17.26MB) | Feedback

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W -

Index

Numerics

10-Gigabit Ethernet interfaces 15-7

802.1AE

standard 12-2

802.1AE Tagging 14-2

802.1x-REV 12-2

A

AAA down policy, NAC Layer 2 IP validation 1-13

abbreviating commands 2-3

ABRs 45-27

AC (command switch) 6-10

access control entries

See ACEs

access-denied response, VMPS 16-26

access groups

applying IPv4 ACLs to interfaces 40-22

Layer 3 40-22

access groups, applying IPv4 ACLs to interfaces 40-22

accessing

clusters, switch 6-13

command switches 6-11

member switches 6-13

switch clusters 6-13

accessing stack members 5-30

access lists

See ACLs

access ports

and Layer 2 protocol tunneling 20-12

defined 15-3

in switch clusters 6-9

access template 8-2

accounting

with 802.1x 11-53

with IEEE 802.1x 11-14

with RADIUS 10-34

with TACACS+ 10-11, 10-17

ACEs

and QoS 41-8

defined 40-2

Ethernet 40-2

IP 40-2

ACLs

ACEs 40-2

applying

on bridged packets 40-42

on multicast packets 40-43

on routed packets 40-43

on switched packets 40-41

time ranges to 40-18

to an interface 40-21, 42-7

to QoS 41-7

classifying traffic for QoS 41-50

comments in 40-20

compiling 40-24

defined 40-2, 40-8

examples of 40-24, 41-50

extended IP, configuring for QoS classification 41-51

extended IPv4

creating 40-11

matching criteria 40-8

hardware and software handling 40-23

IP

creating 40-8

fragments and QoS guidelines 41-40

implicit deny 40-11, 40-15, 40-18

implicit masks 40-11

matching criteria 40-8

undefined 40-23

IPv4

applying to interfaces 40-21

creating 40-8

matching criteria 40-8

named 40-16

numbers 40-9

terminal lines, setting on 40-20

unsupported features 40-7

IPv6

and stacking 42-3

applying to interfaces 42-7

configuring 42-4, 42-5

displaying 42-8

interactions with other features 42-4

limitations 42-3

matching criteria 42-3

named 42-3

precedence of 42-2

supported 42-2

unsupported features 42-3

Layer 4 information in 40-41

logging messages 40-9

MAC extended 40-29, 41-54

matching 40-8, 40-22

monitoring 40-44, 42-8

named

IPv4 40-16

IPv6 42-3

names 42-4

number per QoS class map 41-40

port 40-3, 42-2

precedence of 40-3

QoS 41-7, 41-50

resequencing entries 40-16

router 40-3, 42-2

router ACLs and VLAN map configuration guidelines 40-40

standard IP, configuring for QoS classification 41-50, 41-52

standard IPv4

creating 40-10

matching criteria 40-8

support for 1-12

support in hardware 40-23

time ranges 40-18

types supported 40-2

unsupported features

IPv4 40-7

IPv6 42-3

using router ACLs with VLAN maps 40-40

VLAN maps

configuration guidelines 40-33

configuring 40-32

active link 26-4, 26-5, 26-6

active links 26-2

active router 48-2

active traffic monitoring, IP SLAs 49-1

address aliasing 29-2

addresses

displaying the MAC address table 7-23

dynamic

accelerated aging 21-9

changing the aging time 7-14

default aging 21-9

defined 7-12

learning 7-13

removing 7-15

IPv6 46-2

MAC, discovering 7-24

multicast

group address range 53-3

STP address management 21-9

static

adding and removing 7-20

defined 7-12

address resolution 7-24, 45-10

Address Resolution Protocol

See ARP

adjacency tables, with CEF 45-92

administrative distances

defined 45-104

OSPF 45-35

routing protocol defaults 45-94

administrative VLAN

REP, configuring 25-8

administrative VLAN, REP 25-8

advertisements

CDP 31-1

LLDP 33-2

RIP 45-21

VTP 16-18, 17-3, 17-4

age timer, REP 25-8

aggregatable global unicast addresses 46-3

aggregate addresses, BGP 45-62

aggregated ports

See EtherChannel

aggregate policers 41-72

aggregate policing 1-15

aging, accelerating 21-9

aging time

accelerated

for MSTP 22-24

for STP 21-9, 21-24

MAC address table 7-14

maximum

for MSTP 22-24, 22-25

for STP 21-24, 21-25

alarms, RMON 36-3

allowed-VLAN list 16-20

AP1250 (wireless access point) 1-18

application engines, redirecting traffic to 52-1

area border routers

See ABRs

area routing

IS-IS 45-67

ISO IGRP 45-67

ARP

configuring 45-11

defined 1-7, 7-24, 45-11

encapsulation 45-12

static cache configuration 45-11

table

address resolution 7-24

managing 7-24

ASBRs 45-27

AS-path filters, BGP 45-56

asymmetrical links, and IEEE 802.1Q tunneling 20-4

attributes, RADIUS

vendor-proprietary 10-36

vendor-specific 10-35

attribute-value pairs 11-20

authentication

EIGRP 45-43

HSRP 48-10

local mode with AAA 10-43

open1x 11-31

RADIUS

key 10-27

login 10-29

TACACS+

defined 10-11

key 10-13

login 10-14

See also port-based authentication

authentication compatibility with Catalyst 6000 switches 11-8

authentication failed VLAN

See restricted VLAN

authentication keys, and routing protocols 45-105

authentication manager

CLI commands 11-9

compatibility with older 802.1x CLI commands11-9to 11-10

overview 11-7

single session ID 11-35

authoritative time source, described 7-2

authorization

with RADIUS 10-33

with TACACS+ 10-11, 10-16

authorized ports with IEEE 802.1x 11-10

autoconfiguration 4-3

auto enablement 11-33

automatic advise (auto-advise) in switch stacks 5-13

automatic copy (auto-copy) in switch stacks 5-13

automatic discovery

considerations

beyond a noncandidate device 6-8

brand new switches 6-9

connectivity 6-5

different VLANs 6-7

management VLANs 6-7

non-CDP-capable devices 6-6

noncluster-capable devices 6-6

routed ports 6-8

in switch clusters 6-5

See also CDP

automatic extraction (auto-extract) in switch stacks 5-13

automatic QoS

See QoS

automatic recovery, clusters 6-10

See also HSRP

automatic upgrades (auto-upgrade) in switch stacks 5-12

auto-MDIX

configuring 15-33

described 15-32

autonegotiation

duplex mode 1-4

interface configuration guidelines 15-30

mismatches 56-13

autonomous system boundary routers

See ASBRs

autonomous systems, in BGP 45-50

Auto-RP, described 53-7

autosensing, port speed 1-4

autostate exclude 15-6

auxiliary VLAN

See voice VLAN

availability, features 1-9

B

BackboneFast

described 23-7

disabling 23-17

enabling 23-16

support for 1-9

backup interfaces

See Flex Links

backup links 26-2

backup static routing, configuring 51-12

banners

configuring

login 7-12

message-of-the-day login 7-11

default configuration 7-10

when displayed 7-10

Berkeley r-tools replacement 10-54

BFD

configuration example

BFD in an EIGRP network with echo mode enabled by default 24-17

BFD in an OSPF network 24-21

support for static routing 24-25

configuring

Echo mode 24-14

session parameters on the interface 24-7

Slow timer 24-15

support for BGP 24-8

support for dynamic routing protocols 24-8

support for EIGRP 24-9

support for OSPF 24-10

support for static routing 24-12

disabling echo mode without asymmetry 24-15

monitoring and troubleshooting 24-16

neighbor relationships 24-3

operation 24-2

prerequisites 24-2

restrictions 24-2

BGP

aggregate addresses 45-62

aggregate routes, configuring 45-62

CIDR 45-62

clear commands 45-65

community filtering 45-59

configuring neighbors 45-60

default configuration 45-47

described 45-47

enabling 45-50

monitoring 45-65

multipath support 45-54

neighbors, types of 45-50

path selection 45-54

peers, configuring 45-60

prefix filtering 45-58

resetting sessions 45-52

route dampening 45-64

route maps 45-56

route reflectors 45-63

routing domain confederation 45-63

routing session with multi-VRF CE 45-86, 46-45

show commands 45-65

supernets 45-62

support for 1-16

Version 4 45-47

binding cluster group and HSRP group 48-12

binding database

address, DHCP server

See DHCP, Cisco IOS server database

DHCP snooping

See DHCP snooping binding database

bindings

address, Cisco IOS DHCP server 27-6

DHCP snooping database 27-6

IP source guard 27-16

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets 32-7

Boolean expressions in tracked lists 51-4

booting

boot loader, function of 4-2

boot process 4-2

manually 4-19

specific image 4-20

boot loader

accessing 4-21

described 4-2

environment variables 4-21

prompt 4-21

trap-door mechanism 4-2

Boot Loader Upgrade and Image Verification for the FIPS Mode of Operation 4-25

bootstrap router (BSR), described 53-7

Border Gateway Protocol

See BGP

BPDU

error-disabled state 23-2

filtering 23-3

RSTP format 22-12

BPDU filtering

described 23-3

disabling 23-15

enabling 23-14

support for 1-9

BPDU guard

described 23-2

disabling 23-14

enabling 23-13

support for 1-9

bridged packets, ACLs on 40-42

bridge groups

See fallback bridging

bridge protocol data unit

See BPDU

broadcast flooding 45-18

broadcast packets

directed 45-15

flooded 45-15

broadcast storm-control command 32-4

broadcast storms 32-1, 45-15

C

cables, monitoring for unidirectional links 34-1

candidate switch

automatic discovery 6-5

defined 6-4

requirements 6-4

See also command switch, cluster standby group, and member switch

Catalyst 6000 switches, authentication compatibility 11-8

CA trustpoint

configuring 10-51

defined 10-49

CDP

and trusted boundary 41-46

automatic discovery in switch clusters 6-5

configuring 31-2

default configuration 31-2

defined with LLDP 33-1

described 31-1

disabling for routing device 31-4

enabling and disabling

on an interface 31-4

on a switch 31-4

Layer 2 protocol tunneling 20-8

monitoring 31-5

overview 31-1

power negotiation extensions 15-8

support for 1-7

switch stack considerations 31-2

transmission timer and holdtime, setting 31-2

updates 31-2

CEF

defined 45-92

distributed 45-92

IPv6 46-32

CGMP

as IGMP snooping learning method 29-9

enabling server support 53-45

joining multicast group 29-3

overview 53-9

server support only 53-9

switch support of 1-5

CIDR 45-62

CipherSuites 10-50

Cisco 7960 IP Phone 18-1

Cisco AP1250 (wireless access point) 1-18

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco intelligent power management 15-8

Cisco IOS DHCP server

See DHCP, Cisco IOS DHCP server

Cisco IOS File System

See IFS

Cisco IOS IP SLAs 49-2

Cisco Redundant Power System 2300

configuring 15-46

managing 15-46

Cisco Secure ACS

attribute-value pairs for downloadable ACLs 11-20

attribute-value pairs for redirect URL 11-20

Cisco StackWise Plus technology 1-3

See also stacks, switch

Cisco TrustSec

credentials 12-10

switch-to-switch security

802.1x mode 12-11

configuration example 12-14

manual mode 12-12

Cisco TrustSec Network Device Admission Control

See NDAC

CiscoWorks 2000 1-6, 38-4

CISP 11-33

CIST regional root

See MSTP

CIST root

See MSTP

civic location 33-3

classless interdomain routing

See CIDR

classless routing 45-9

class maps for QoS

configuring 41-55

described 41-8

class of service

See CoS

clearing interfaces 15-53

CLI

abbreviating commands 2-3

command modes 2-1

configuration logging 2-4

described 1-6

editing features

enabling and disabling 2-6

keystroke editing 2-7

wrapped lines 2-8

error messages 2-4

filtering command output 2-9

getting help 2-3

history

changing the buffer size 2-5

described 2-5

disabling 2-6

recalling commands 2-6

managing clusters 6-16

no and default forms of commands 2-4

Client Information Signalling Protocol

See CISP

client mode, VTP 17-3

client processes, tracking 51-1

CLNS

See ISO CLNS

clock

See system clock

clusters, switch

accessing 6-13

automatic discovery 6-5

automatic recovery 6-10

benefits 1-2

compatibility 6-4

described 6-1

LRE profile considerations 6-16

managing

through CLI 6-16

through SNMP 6-17

planning 6-4

planning considerations

automatic discovery 6-5

automatic recovery 6-10

CLI 6-16

host names 6-13

IP addresses 6-13

LRE profiles 6-16

passwords 6-14

RADIUS 6-16

SNMP 6-14, 6-17

switch stacks 6-14

TACACS+ 6-16

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

and HSRP group 48-12

automatic recovery 6-12

considerations 6-11

defined 6-2

requirements 6-3

virtual IP address 6-11

See also HSRP

CNS

Configuration Engine

configID, deviceID, hostname 3-3

configuration service 3-2

described 3-1

event service 3-3

embedded agents

described 3-5

enabling automated configuration 3-6

enabling configuration agent 3-9

enabling event agent 3-8

management functions 1-7

CoA Request Commands 10-23

Coarse Wave Division Multiplexer

See CWDM SFPs

command-line interface

See CLI

command modes 2-1

commands

abbreviating 2-3

no and default 2-4

commands, setting privilege levels 10-8

command switch

accessing 6-11

active (AC) 6-10

configuration conflicts 56-12

defined 6-2

passive (PC) 6-10

password privilege levels 6-17

priority 6-10

recovery

from command-switch failure 6-10, 56-9

from lost member connectivity 56-12

redundant 6-10

replacing

with another switch 56-11

with cluster member 56-9

requirements 6-3

standby (SC) 6-10

See also candidate switch, cluster standby group, member switch, and standby command switch

Common Criteria 1-11

common session ID

see single session ID 11-35

community list, BGP 45-59

community ports 19-2

community strings

configuring 6-14, 38-9

for cluster switches 38-4

in clusters 6-14

overview 38-4

SNMP 6-14

community VLANs 19-2, 19-3

compatibility, feature 32-12

compatibility, software

See stacks, switch

configurable leave timer, IGMP 29-6

configuration, initial

defaults 1-20

Express Setup 1-2

configuration conflicts, recovering from lost member connectivity 56-12

configuration examples, network 1-23

configuration files

archiving 58-21

clearing the startup configuration 58-20

creating and using, guidelines for 58-10

creating using a text editor 58-11

deleting a stored configuration 58-20

described 58-9

downloading

automatically 4-18

preparing 58-11, 58-14, 58-17

reasons for 58-9

using FTP 58-14

using RCP 58-18

using TFTP 58-12

invalid combinations when copying 58-6

limiting TFTP server access 38-19

obtaining with DHCP 4-9

password recovery disable considerations 10-5

replacing and rolling back, guidelines for 58-22

replacing a running configuration 58-20, 58-21

rolling back a running configuration 58-20, 58-22

specifying the filename 4-19

system contact and location information 38-18

types and location 58-10

uploading

preparing 58-11, 58-14, 58-17

reasons for 58-9

using FTP 58-16

using RCP 58-19

using TFTP 58-13

configuration guidelines

REP 25-7

configuration guidelines, multi-VRF CE 45-79

configuration logging 2-4

configuration replacement 58-20

configuration rollback 58-20, 58-21

configuration settings, saving 4-16

configure terminal command 15-20

Configuring First Hop Security in IPv6 46-20

Configuring IPv6 Source Guard 46-24

configuring multicast VRFs 45-85

configuring port-based authentication violation modes11-43to 11-44

configuring small-frame arrival rate 32-5

Configuring VACL Logging 40-39

conflicts, configuration 56-12

connections, secure remote 10-44

connectivity problems 56-15, 56-16, 56-18

consistency checks in VTP Version 2 17-5

console port

RJ-45 15-14

USB 15-14

console port, connecting to 2-10

content-routing technology

See WCCP

control protocol, IP SLAs 49-4

convergence

REP 25-4

corrupted software, recovery steps with Xmodem 56-2

CoS

in Layer 2 frames 41-2

override priority 18-6

trust priority 18-6

CoS input queue threshold map for QoS 41-18

CoS output queue threshold map for QoS 41-21

CoS-to-DSCP map for QoS 41-74

counters, clearing interface 15-53

CPU utilization, troubleshooting 56-30

crashinfo file 56-24

critical authentication, IEEE 802.1x 11-63

critical VLAN 11-23

cross-stack EtherChannel

configuration guidelines 43-13

configuring

on Layer 2 interfaces 43-13

on Layer 3 physical interfaces 43-16

described 43-3

illustration 43-4

support for 1-9

cross-stack UplinkFast, STP

described 23-5

disabling 23-16

enabling 23-16

fast-convergence events 23-7

Fast Uplink Transition Protocol 23-6

normal-convergence events 23-7

support for 1-9

cryptographic software image

switch stack considerations 5-3, 5-18

customer edge devices 45-77

customizeable web pages, web-based authentication 13-6

CWDM SFPs 1-36

D

DACL

See downloadable ACL

daylight saving time 7-6

dCEF in the switch stack 45-92

debugging

enabling all system diagnostics 56-21

enabling for a specific feature 56-21

redirecting error message output 56-22

using commands 56-20

default commands 2-4

default configuration

802.1x 11-38

auto-QoS 41-24

banners 7-10

BGP 45-47

booting 4-18

CDP 31-2

DHCP 27-8

DHCP option 82 27-8

DHCP snooping 27-8

DHCP snooping binding database 27-9

DNS 7-9

dynamic ARP inspection 28-5

EIGRP 45-39

EtherChannel 43-11

Ethernet interfaces 15-28

fallback bridging 55-3

Flex Links 26-8

HSRP 48-5

IEEE 802.1Q tunneling 20-4

IGMP 53-39

IGMP filtering 29-24

IGMP snooping 29-7, 30-6

IGMP throttling 29-25

initial switch information 4-3

IP addressing, IP routing 45-7

IP multicast routing 53-11

IP SLAs 49-6

IP source guard 27-18

IPv6 46-17

IS-IS 45-68

Layer 2 interfaces 15-28

Layer 2 protocol tunneling 20-12

LLDP 33-5

MAC address table 7-14

MAC address-table move update 26-8

MSDP 54-4

MSTP 22-14

multi-VRF CE 45-79, 46-41

MVR 29-20

optional spanning-tree configuration 23-12

OSPF 45-28

password and privilege level 10-3

PIM 53-11

private VLANs 19-6

RADIUS 10-27

REP 25-7

RIP 45-22

RMON 36-3

RSPAN 35-12

SDM template 8-5

SNMP 38-8

SPAN 35-12

SSL 10-51

standard QoS 41-37

STP 21-13

switch stacks 5-24

system message logging 37-4

system name and prompt 7-8

TACACS+ 10-13

UDLD 34-4

VLAN, Layer 2 Ethernet interfaces 16-17

VLANs 16-7

VMPS 16-27

voice VLAN 18-3

VTP 17-9

WCCP 52-5

default gateway 4-15, 45-13

default networks 45-95

default router preference

See DRP

default routes 45-95

default routing 45-3

default web-based authentication configuration

802.1X 13-9

deleting VLANs 16-9

denial-of-service attack 32-1

description command 15-38

designing your network, examples 1-23

desktop template 5-11

destination-IP address-based forwarding, EtherChannel 43-9

destination-MAC address forwarding, EtherChannel 43-9

detecting indirect link failures, STP 23-8

device discovery protocol 31-1, 33-1

device manager

benefits 1-2

described 1-3, 1-6

in-band management 1-8

device sensor

configuring 11-54

DHCP

Cisco IOS server database

configuring 27-14

default configuration 27-9

described 27-6

DHCP for IPv6

See DHCPv6

enabling

relay agent 27-11

server 27-10

DHCP-based autoconfiguration

client request message exchange 4-4

configuring

client side 4-4

DNS 4-8

relay device 4-8

server side 4-7

server-side 27-10

TFTP server 4-7

example 4-10

lease options

for IP address information 4-7

for receiving the configuration file 4-7

overview 4-3

relationship to BOOTP 4-4

relay support 1-7, 1-17

support for 1-7

DHCP-based autoconfiguration and image update

configuring4-11to 4-14

understanding4-5to 4-6

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP object tracking, configuring primary interface 51-11

DHCP option 82

circuit ID suboption 27-5

configuration guidelines 27-9

default configuration 27-8

displaying 27-16

forwarding address, specifying 27-11

helper address 27-11

overview 27-3

packet format, suboption

circuit ID 27-5

remote ID 27-5

remote ID suboption 27-5

DHCP server port-based address allocation

configuration guidelines 27-27

default configuration 27-27

described 27-26

displaying 27-29, 28-12

enabling 27-27

reserved addresses 27-28

DHCP snooping

accepting untrusted packets form edge switch 27-3, 27-13

and private VLANs 27-14

binding database

See DHCP snooping binding database

configuration guidelines 27-9

default configuration 27-8

message exchange process 27-4

option 82 data insertion 27-3

trusted interface 27-2

untrusted interface 27-2

untrusted messages 27-2

DHCP snooping binding database

adding bindings 27-15

binding file

format 27-7

location 27-6

bindings 27-6

clearing agent statistics 27-15

configuration guidelines 27-9

configuring 27-15

default configuration 27-8, 27-9

deleting

binding file 27-15

bindings 27-15

database agent 27-15

described 27-6

enabling 27-15

entry 27-6

renewing database 27-15

resetting

delay value 27-15

timeout value 27-15

DHCP snooping binding table

See DHCP snooping binding database

DHCPv6

configuration guidelines 46-29

default configuration 46-29

described 46-12

enabling client function 46-31

enabling DHCPv6 server function 46-29

diagnostic schedule command 57-2

Differentiated Services architecture, QoS 41-2

Differentiated Services Code Point 41-2

Diffusing Update Algorithm (DUAL) 45-37

directed unicast requests 1-7

directories

changing 58-4

creating and removing 58-5

displaying the working 58-4

discovery, clusters

See automatic discovery

Distance Vector Multicast Routing Protocol

See DVMRP

distance-vector protocols 45-3

distribute-list command 45-104

DNS

and DHCP-based autoconfiguration 4-8

default configuration 7-9

displaying the configuration 7-10

in IPv6 46-4

overview 7-8

setting up 7-9

support for 1-7

DNS-based SSM mapping 53-18, 53-20

domain names

DNS 7-8

VTP 17-9

Domain Name System

See DNS

domains, ISO IGRP routing 45-67

dot1q-tunnel switchport mode 16-16

double-tagged packets

IEEE 802.1Q tunneling 20-2

Layer 2 protocol tunneling 20-11

downloadable ACL 11-18, 11-20, 11-71

downloading

configuration files

preparing 58-11, 58-14, 58-17

reasons for 58-9

using FTP 58-14

using RCP 58-18

using TFTP 58-12

image files

deleting old image 58-30

preparing 58-28, 58-31, 58-36

reasons for 58-25

using CMS 1-3

using FTP 58-32

using HTTP 1-3, 58-25

using RCP 58-37

using TFTP 58-28

using the device manager or Network Assistant 58-25

drop threshold for Layer 2 protocol packets 20-12

DRP

configuring 46-26

described 46-10

IPv6 46-10

DSCP 1-15, 41-2

DSCP input queue threshold map for QoS 41-18

DSCP output queue threshold map for QoS 41-21

DSCP-to-CoS map for QoS 41-77

DSCP-to-DSCP-mutation map for QoS 41-78

DSCP transparency 41-47

DTP 1-10, 16-15

dual-action detection 43-6

DUAL finite state machine, EIGRP 45-38

dual IPv4 and IPv6 templates 8-3, 46-11

dual protocol stacks

IPv4 and IPv6 46-11

SDM templates supporting 46-11

DVMRP

autosummarization

configuring a summary address 53-59

disabling 53-61

connecting PIM domain to DVMRP router 53-51

enabling unicast routing 53-54

interoperability

with Cisco devices 53-49

with Cisco IOS software 53-9

mrinfo requests, responding to 53-54

neighbors

advertising the default route to 53-53

discovery with Probe messages 53-49

displaying information 53-54

prevent peering with nonpruning 53-57

rejecting nonpruning 53-55

overview 53-9

routes

adding a metric offset 53-62

advertising all 53-61

advertising the default route to neighbors 53-53

caching DVMRP routes learned in report messages 53-55

changing the threshold for syslog messages 53-58

favoring one over another 53-62

limiting the number injected into MBONE 53-58

limiting unicast route advertisements 53-49

routing table 53-9

source distribution tree, building 53-9

support for 1-17

tunnels

configuring 53-51

displaying neighbor information 53-54

dynamic access ports

characteristics 16-4

configuring 16-29

defined 15-3

dynamic addresses

See addresses

dynamic ARP inspection

ARP cache poisoning 28-1

ARP requests, described 28-1

ARP spoofing attack 28-1

clearing

log buffer 28-15

statistics 28-15

configuration guidelines 28-6

configuring

ACLs for non-DHCP environments 28-9

in DHCP environments 28-7

log buffer 28-13

rate limit for incoming ARP packets 28-4, 28-10

default configuration 28-5

denial-of-service attacks, preventing 28-10

described 28-1

DHCP snooping binding database 28-2

displaying

statistics 28-15

error-disabled state for exceeding rate limit 28-4

function of 28-2

interface trust states 28-3

log buffer

clearing 28-15

configuring 28-13

logging of dropped packets, described 28-5

man-in-the middle attack, described 28-2

network security issues and interface trust states 28-3

priority of ARP ACLs and DHCP snooping entries 28-4

rate limiting of ARP packets

configuring 28-10

described 28-4

error-disabled state 28-4

statistics

clearing 28-15

displaying 28-15

validation checks, performing 28-12

dynamic auto trunking mode 16-16

dynamic desirable trunking mode 16-16

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described 16-27

reconfirming 16-29

troubleshooting 16-31

types of connections 16-29

dynamic routing 45-3

ISO CLNS 45-66

Dynamic Trunking Protocol

See DTP

E

EAC 14-2

EBGP 45-46

Echo mode,configuring BFD 24-14

editing features

enabling and disabling 2-6

keystrokes used 2-7

wrapped lines 2-8

EEM 3.2 39-5

EIGRP

authentication 45-43

components 45-38

configuring 45-41

default configuration 45-39

definition 45-37

interface parameters, configuring 45-42

monitoring 45-45

stub routing 45-44

support for 1-16

EIGRP IPv6 46-14

elections

See stack master

ELIN location 33-3

embedded event manager

3.2 39-5

actions 39-4

configuring 39-1, 39-6

displaying information 39-8

environmental variables 39-5

event detectors 39-3

policies 39-4

registering and defining an applet 39-6

registering and defining a TCL script 39-7

understanding 39-1

enable password 10-4

enable secret password 10-4

Enable the FIPS mode 4-25

encryption, CipherSuite 10-50

encryption for passwords 10-4

encryption keying 12-2

encryption keys, MKA 12-2

Endpoint Admission Control (EAC) 14-2

Enhanced IGRP

See EIGRP

enhanced object tracking

backup static routing 51-12

defined 51-1

DHCP primary interface 51-11

HSRP 51-7

IP routing state 51-2

IP SLAs 51-9

line-protocol state 51-2

network monitoring with IP SLAs 51-11

routing policy, configuring 51-12

static route primary interface 51-10

tracked lists 51-3

enhanced object tracking static routing 51-10

enhanced PoE 1-18, 15-8, 15-36

environmental variables, embedded event manager 39-5

environment variables, function of 4-22

equal-cost routing 1-17, 45-93

error-disabled state, BPDU 23-2

error messages during command entry 2-4

EtherChannel

automatic creation of 43-5, 43-7

channel groups

binding physical and logical interfaces 43-4

numbering of 43-4

configuration guidelines 43-12

configuring

Layer 2 interfaces 43-13

Layer 3 physical interfaces 43-16

Layer 3 port-channel logical interfaces 43-15

default configuration 43-11

described 43-2

displaying status 43-22

forwarding methods 43-8, 43-18

IEEE 802.3ad, described 43-7

interaction

with STP 43-12

with VLANs 43-12

LACP

described 43-7

displaying status 43-22

hot-standby ports 43-20

interaction with other features 43-8

modes 43-7

port priority 43-22

system priority 43-21

Layer 3 interface 45-5

load balancing 43-8, 43-18

logical interfaces, described 43-4

PAgP

aggregate-port learners 43-19

described 43-5

displaying status 43-22

interaction with other features 43-7

interaction with virtual switches 43-6

learn method and priority configuration 43-19

modes 43-6

support for 1-5

with dual-action detection 43-6

port-channel interfaces

described 43-4

numbering of 43-4

port groups 15-6

stack changes, effects of 43-10

support for 1-5

EtherChannel guard

described 23-10

disabling 23-17

enabling 23-17

Ethernet management port

active link 15-25

and routing 15-25

and routing protocols 15-25

and TFTP 15-27

configuring 15-27

connecting to 2-10

default setting 15-25

described 15-24

for network management 15-24

specifying 15-27

supported features 15-26

unsupported features 15-27

Ethernet management port, internal

and routing 15-25

and routing protocols 15-25

unsupported features 15-27

Ethernet VLANs

adding 16-8

defaults and ranges 16-7

modifying 16-8

EUI 46-4

event detectors, embedded event manager 39-3

events, RMON 36-3

examples

network configuration 1-23

expedite queue for QoS 41-90

Express Setup 1-2

See also getting started guide

extended crashinfo file 56-24

extended-range VLANs

configuration guidelines 16-11

configuring 16-10

creating 16-12

creating with an internal VLAN ID 16-13

defined 16-1

extended system ID

MSTP 22-18

STP 21-5, 21-17

extended universal identifier

See EUI

Extensible Authentication Protocol over LAN 11-2

external BGP

See EBGP

external neighbors, BGP 45-50

F

Fa0 port

See Ethernet management port

failover support 1-9

Failure detection, using BFD 24-6

fallback bridging

and protected ports 55-4

bridge groups

creating 55-4

described 55-2

function of 55-2

number supported 55-4

removing 55-5

configuration guidelines 55-4

connecting interfaces with 15-14

default configuration 55-3

described 55-1

frame forwarding

flooding packets 55-2

forwarding packets 55-2

overview 55-1

protocol, unsupported 55-4

stack changes, effects of 55-3

STP

disabling on an interface 55-9

forward-delay interval 55-8

hello BPDU interval 55-8

interface priority 55-6

keepalive messages 21-3

maximum-idle interval 55-9

path cost 55-7

VLAN-bridge spanning-tree priority 55-6

VLAN-bridge STP 55-2

support for 1-16

SVIs and routed ports 55-1

unsupported protocols 55-4

VLAN-bridge STP 21-12

Fast Convergence 26-3

fastethernet0 port

See Ethernet management port

Fast Uplink Transition Protocol 23-6

features, incompatible 32-12

FIB 45-92

fiber-optic, detecting unidirectional links 34-1

files

basic crashinfo

description 56-25

location 56-25

copying 58-5

crashinfo, description 56-24

deleting 58-6

displaying the contents of 58-8

extended crashinfo

description 56-25

location 56-25

tar

creating 58-7

displaying the contents of 58-7

extracting 58-8

image file format 58-26

file system

displaying available file systems 58-2

displaying file information 58-3

local file system names 58-1

network file system names 58-5

setting the default 58-3

filtering

in a VLAN 40-32

IPv6 traffic 42-4, 42-7

non-IP traffic 40-29

show and more command output 2-9

filtering show and more command output 2-9

filters, IP

See ACLs, IP

FIPS 140-2 1-11

flash device, number of 58-1

flexible authentication ordering

configuring 11-74

overview 11-31

Flexible NetFlow

components 50-1

configuring a flow monitor 50-6

configuring flow records 50-3

configuring the exported 50-3

configuring the exporter 50-5

interface configuration 50-7

purpose 50-1

sampling 50-9

unsupported features 50-2

Flex Link Multicast Fast Convergence 26-3

Flex Links

configuring 26-8, 26-9

configuring preferred VLAN 26-11

configuring VLAN load balancing 26-10

default configuration 26-8

description 26-1

link load balancing 26-2

monitoring 26-14

VLANs 26-2

flooded traffic, blocking 32-8

flow-based packet classification 1-15

flowcharts

QoS classification 41-7

QoS egress queueing and scheduling 41-19

QoS ingress queueing and scheduling 41-16

QoS policing and marking 41-11

flowcontrol

configuring 15-32

described 15-31

forward-delay time

MSTP 22-24

STP 21-24

Forwarding Information Base

See FIB

forwarding nonroutable protocols 55-1

FTP

configuration files

downloading 58-14

overview 58-13

preparing the server 58-14

uploading 58-16

image files

deleting old image 58-34

downloading 58-32

preparing the server 58-31

uploading 58-34

G

general query 26-5

Generating IGMP Reports 26-3

get-next-request operation 38-5

get-request operation 38-5

Gigabit modules

See SFPs

global leave, IGMP 29-13

guest VLAN and IEEE 802.1x 11-21

guide mode 1-3

GUIs

See device manager and Network Assistant

H

hardware limitations and Layer 3 interfaces 15-39

hello time

MSTP 22-23

STP 21-23

help, for the command line 2-3

hierarchical policy maps 41-9

configuration guidelines 41-41

configuring 41-64

described 41-12

history

changing the buffer size 2-5

described 2-5

disabling 2-6

recalling commands 2-6

history table, level and number of syslog messages 37-10

host modes, MACsec 12-4

host names in clusters 6-13

host ports

configuring 19-11

kinds of 19-2

hosts, limit on dynamic ports 16-31

Hot Standby Router Protocol

See HSRP

HP OpenView 1-6

HSRP

authentication string 48-10

automatic cluster recovery 6-12

binding to cluster group 48-12

cluster standby group considerations 6-11

command-switch redundancy 1-2, 1-9

configuring 48-5

default configuration 48-5

definition 48-1

guidelines 48-6

monitoring 48-13

object tracking 51-7

overview 48-1

priority 48-8

routing redundancy 1-16

support for ICMP redirect messages 48-12

switch stack considerations 48-5

timers 48-10

tracking 48-8

See also clusters, cluster standby group, and standby command switch

HSRP for IPv6

configuring 46-39

guidelines 46-38

HTTP(S) Over IPv6 46-15

HTTP over SSL

see HTTPS

HTTPS

configuring 10-52

described 10-48

self-signed certificate 10-49

HTTP secure server 10-48

I

IBPG 45-46

ICMP

IPv6 46-4

redirect messages 45-13

support for 1-17

time-exceeded messages 56-18

traceroute and 56-18

unreachable messages 40-22

unreachable messages and IPv6 42-4

unreachables and ACLs 40-23

ICMP Echo operation

configuring 49-11

IP SLAs 49-11

ICMP ping

executing 56-15

overview 56-15

ICMP Router Discovery Protocol

See IRDP

ICMPv6 46-4

IDS appliances

and ingress RSPAN 35-25

and ingress SPAN 35-16

IEEE 802.1D

See STP

IEEE 802.1p 18-1

IEEE 802.1Q

and trunk ports 15-4

configuration limitations 16-17

encapsulation 16-15

native VLAN for untagged traffic 16-21

tunneling

compatibility with other features 20-6

defaults 20-4

described 20-1

tunnel ports with other features 20-6

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3af

See PoE

IEEE 802.3x flow control 15-31

ifIndex values, SNMP 38-6

IFS 1-8

IGMP

configurable leave timer

described 29-6

enabling 29-11

configuring the switch

as a member of a group 53-39

statically connected member 53-44

controlling access to groups 53-40

default configuration 53-39

fast switching 53-44

flooded multicast traffic

controlling the length of time 29-12

disabling on an interface 29-13

global leave 29-13

query solicitation 29-13

recovering from flood mode 29-13

host-query interval, modifying 53-42

joining multicast group 29-3

join messages 29-3

leave processing, enabling 29-11, 30-9

leaving multicast group 29-5

multicast reachability 53-39

overview 53-3

queries 29-4

report suppression

described 29-6

disabling 29-16, 30-11

supported versions 29-3

support for 1-5

Version 1

changing to Version 2 53-41

described 53-3

Version 2

changing to Version 1 53-41

described 53-3

maximum query response time value 53-43

pruning groups 53-43

query timeout value 53-42

IGMP filtering

configuring 29-25

default configuration 29-24

described 29-24

support for 1-5

IGMP groups

configuring filtering 29-27

setting the maximum number 29-27

IGMP helper 53-6

IGMP Immediate Leave

configuration guidelines 29-11

described 29-6

enabling 29-11

IGMP profile

applying 29-26

configuration mode 29-25

configuring 29-25

IGMP snooping

and address aliasing 29-2

and stack changes 29-7

configuring 29-7

default configuration 29-7, 30-6

definition 29-2

enabling and disabling 29-8, 30-7

global configuration 29-8

Immediate Leave 29-6

in the switch stack 29-7

method 29-8

monitoring 29-16, 30-12

querier

configuration guidelines 29-14

configuring 29-14

supported versions 29-3

support for 1-5

VLAN configuration 29-8

IGMP throttling

configuring 29-27

default configuration 29-25

described 29-24

displaying action 29-29

IGP 45-27

Immediate Leave, IGMP

described 29-6

enabling 30-9

inaccessible authentication bypass

802.1x 11-23

support for multiauth ports 11-23

initial configuration

defaults 1-20

Express Setup 1-2

interface

number 15-19

range macros 15-22

interface command15-19to 15-20

interface configuration

REP 25-9

interfaces

auto-MDIX, configuring 15-32

configuring

procedure 15-20

counters, clearing 15-53

default configuration 15-28

described 15-38

descriptive name, adding 15-38

displaying information about 15-52

duplex and speed configuration guidelines 15-29

flow control 15-31

management 1-6

monitoring 15-51

naming 15-38

physical, identifying 15-19

range of 15-20

restarting 15-53, 15-54

shutting down 15-53

speed and duplex, configuring 15-30

status 15-51

supported 15-19

types of 15-1

interfaces range macro command 15-22

interface types 15-19

Interior Gateway Protocol

See IGP

internal BGP

See IBGP

internal neighbors, BGP 45-50

internal power supplies

See power supplies

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

Internet Protocol version 6

See IPv6

Inter-Switch Link

See ISL

inter-VLAN routing 1-16, 45-2

Intrusion Detection System

See IDS appliances

inventory management TLV 33-3

IP ACLs

for QoS classification 41-7

implicit deny 40-11, 40-15

implicit masks 40-11

named 40-16

undefined 40-23

IP addresses

128-bit 46-2

candidate or member 6-4, 6-13

classes of 45-7

cluster access 6-2

command switch 6-3, 6-11, 6-13

default configuration 45-7

discovering 7-24

for IP routing 45-6

IPv6 46-2

MAC address association 45-10

monitoring 45-19

redundant clusters 6-11

standby command switch 6-11, 6-13

See also IP information

IP base feature set 1-2

IP base software image 1-1

IP broadcast address 45-17

ip cef distributed command 45-92

IP directed broadcasts 45-16

ip igmp profile command 29-25

IP information

assigned

manually 4-15

through DHCP-based autoconfiguration 4-3

default configuration 4-3

IP multicast routing

addresses

all-hosts 53-3

all-multicast-routers 53-3

host group address range 53-3

administratively-scoped boundaries, described 53-47

and IGMP snooping 29-2

Auto-RP

adding to an existing sparse-mode cloud 53-26

benefits of 53-26

configuration guidelines 53-12

filtering incoming RP announcement messages 53-28

overview 53-7

preventing candidate RP spoofing 53-28

preventing join messages to false RPs 53-28

setting up in a new internetwork 53-26

using with BSR 53-34

bootstrap router

configuration guidelines 53-12

configuring candidate BSRs 53-32

configuring candidate RPs 53-33

defining the IP multicast boundary 53-31

defining the PIM domain border 53-30

overview 53-7

using with Auto-RP 53-34

Cisco implementation 53-2

configuring

basic multicast routing 53-12

IP multicast boundary 53-47

default configuration 53-11

enabling

PIM mode 53-13

group-to-RP mappings

Auto-RP 53-7

BSR 53-7

MBONE

described 53-46

enabling sdr listener support 53-46

limiting DVMRP routes advertised 53-58

limiting sdr cache entry lifetime 53-46

SAP packets for conference session announcement 53-46

Session Directory (sdr) tool, described 53-46

multicast forwarding, described 53-8

PIMv1 and PIMv2 interoperability 53-11

protocol interaction 53-2

reverse path check (RPF) 53-8

RP

assigning manually 53-24

configuring Auto-RP 53-26

configuring PIMv2 BSR 53-30

monitoring mapping information 53-35

using Auto-RP and BSR 53-34

stacking

stack master functions 53-10

stack member functions 53-10

statistics, displaying system and network 53-63

See also CGMP

See also DVMRP

See also IGMP

See also PIM

IP phones

and QoS 18-1

automatic classification and queueing 41-23

configuring 18-4

ensuring port security with QoS 41-46

trusted boundary for QoS 41-46

IP Port Security for Static Hosts

on a Layer 2 access port 27-20

on a PVLAN host port 27-24

IP precedence 41-2

IP-precedence-to-DSCP map for QoS 41-75

IP protocols

routing 1-16

IP routes, monitoring 45-106

IP routing

connecting interfaces with 15-14

disabling 45-20

enabling 45-20

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 49-1

IP services feature set 1-2

IP SLAs

benefits 49-2

configuration guidelines 49-6

configuring object tracking 51-9

Control Protocol 49-4

default configuration 49-6

definition 49-1

ICMP echo operation 49-11

measuring network performance 49-3

monitoring 49-13

multioperations scheduling 49-5

object tracking 51-9

operation 49-3

reachability tracking 51-9

responder

described 49-4

enabling 49-7

response time 49-4

scheduling 49-5

SNMP support 49-2

supported metrics 49-2

threshold monitoring 49-6

track object monitoring agent, configuring 51-11

track state 51-9

UDP jitter operation 49-8

IP source guard

and 802.1x 27-19

and DHCP snooping 27-16

and port security 27-19

and private VLANs 27-19

and routed ports 27-18

and TCAM entries 27-19

and trunk interfaces 27-18

and VRF 27-19

binding configuration

automatic 27-16

manual 27-16

binding table 27-16

configuration guidelines 27-18

default configuration 27-18

described 27-16

disabling 27-20

displaying

bindings 27-26

configuration 27-26

enabling 27-19, 27-21

filtering

source IP address 27-17

source IP and MAC address 27-17

source IP address filtering 27-17

source IP and MAC address filtering 27-17

static bindings

adding 27-19, 27-21

deleting 27-20

static hosts 27-21

IP traceroute

executing 56-18

overview 56-18

IP unicast routing

address resolution 45-10

administrative distances 45-94, 45-104

ARP 45-11

assigning IP addresses to Layer 3 interfaces 45-8

authentication keys 45-105

broadcast

address 45-17

flooding 45-18

packets 45-15

storms 45-15

classless routing 45-9

configuring static routes 45-94

default

addressing configuration 45-7

gateways 45-13

networks 45-95

routes 45-95

routing 45-3

directed broadcasts 45-16

disabling 45-20

dynamic routing 45-3

enabling 45-20

EtherChannel Layer 3 interface 45-5

IGP 45-27

inter-VLAN 45-2

IP addressing

classes 45-7

configuring 45-6

IPv6 46-3

IRDP 45-14

Layer 3 interfaces 45-5

MAC address and IP address 45-10

passive interfaces 45-103

protocols

distance-vector 45-3

dynamic 45-3

link-state 45-3

proxy ARP 45-11

redistribution 45-96

reverse address resolution 45-10

routed ports 45-5

static routing 45-3

steps to configure 45-6

subnet mask 45-8

subnet zero 45-8

supernet 45-9

UDP 45-17

unicast reverse path forwarding 1-17, 45-91

with SVIs 45-5

See also BGP

See also EIGRP

See also OSPF

See also RIP

IPv4 ACLs

applying to interfaces 40-21

extended, creating 40-11

named 40-16

standard, creating 40-10

IPv4 and IPv6

port-based trust 8-3

IPv6

ACLs

displaying 42-8

limitations 42-3

matching criteria 42-3

port 42-2

precedence 42-2

router 42-2

supported 42-2

addresses 46-2

address formats 46-2

and switch stacks 46-16

applications 46-11

assigning address 46-18

autoconfiguration 46-10

CEFv6 46-32

default configuration 46-17

default router preference (DRP) 46-10

defined 46-1

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 46-14

EIGRP IPv6 Commands 46-14

Router ID 46-14

features not supported 46-15

forwarding 46-18

ICMP 46-4

monitoring 46-49

neighbor discovery 46-4

OSPF 46-13

path MTU discovery 46-4

SDM templates 8-3, 30-1, 42-1

stack master functions 46-16

Stateless Autoconfiguration 46-10

supported features 46-3

switch limitations 46-15

understanding static routes 46-12

IPv6 traffic, filtering 42-4

IRDP

configuring 45-14

definition 45-14

support for 1-17

IS-IS

addresses 45-67

area routing 45-67

default configuration 45-68

monitoring 45-76

show commands 45-76

system routing 45-67

ISL

and IPv6 46-3

and trunk ports 15-4

encapsulation 1-10, 16-15

trunking with IEEE 802.1 tunneling 20-5

ISO CLNS

clear commands 45-76

dynamic routing protocols 45-66

monitoring 45-76

NETs 45-66

NSAPs 45-66

OSI standard 45-66

ISO IGRP

area routing 45-67

system routing 45-67

isolated port 19-2

isolated VLANs 19-2, 19-3

J

join messages, IGMP 29-3

K

KDC

described 10-39

See also Kerberos

keepalive messages 21-3

Kerberos

authenticating to

boundary switch 10-41

KDC 10-41

network services 10-42

configuration examples 10-39

configuring 10-42

credentials 10-39

described 10-39

KDC 10-39

operation 10-41

realm 10-40

server 10-41

support for 1-14

switch as trusted third party 10-39

terms 10-40

TGT 10-41

tickets 10-39

key distribution center

See KDC

L

l2protocol-tunnel command 20-14

LACP

Layer 2 protocol tunneling 20-10

See EtherChannel

Layer 2 frames, classification with CoS 41-2

Layer 2 interfaces, default configuration 15-28

Layer 2 protocol tunneling

configuring 20-11

configuring for EtherChannels 20-15

default configuration 20-12

defined 20-8

guidelines 20-13

Layer 2 traceroute

and ARP 56-17

and CDP 56-17

broadcast traffic 56-16

described 56-16

IP addresses and subnets 56-17

MAC addresses and VLANs 56-17

multicast traffic 56-17

multiple devices on a port 56-17

unicast traffic 56-16

usage guidelines 56-17

Layer 3 features 1-16

Layer 3 interfaces

assigning IP addresses to 45-8

assigning IPv4 and IPv6 addresses to 46-27

assigning IPv6 addresses to 46-18

changing from Layer 2 mode 45-83, 46-43

types of 45-5

Layer 3 packets, classification methods 41-2

LDAP 3-2

Leaking IGMP Reports 26-4

LEDs, switch

See hardware installation guide

Lightweight Directory Access Protocol

See LDAP

Link Aggregation Control Protocol

See EtherChannel

Link Failure, detecting unidirectional 22-7

link integrity, verifying with REP 25-3

Link Layer Discovery Protocol

See CDP

link local unicast addresses 46-4

link redundancy

See Flex Links

links, unidirectional 34-1

link state advertisements (LSAs) 45-33

link-state protocols 45-3

link-state tracking

configuring 43-25

described 43-23

LLDP

configuring 33-5

characteristics 33-6

default configuration 33-5

enabling 33-6

monitoring and maintaining 33-11

overview 33-1

supported TLVs 33-2

switch stack considerations 33-2

transmission timer and holdtime, setting 33-6

LLDP-MED

configuring

procedures 33-5

TLVs 33-7

monitoring and maintaining 33-11

overview 33-1, 33-2

supported TLVs 33-2

LLDP Media Endpoint Discovery

See LLDP-MED

load balancing 48-4

local SPAN 35-2

location TLV 33-3

logging messages, ACL 40-9

login authentication

with RADIUS 10-29

with TACACS+ 10-14

login banners 7-10

log messages

See system message logging

Long-Reach Ethernet (LRE) technology 1-35

loop guard

described 23-11

enabling 23-18

support for 1-10

LRE profiles, considerations in switch clusters 6-16

M

MAC/PHY configuration status TLV 33-2

MAC addresses

aging time 7-14

and VLAN association 7-13

building the address table 7-13

default configuration 7-14

disabling learning on a VLAN 7-23

discovering 7-24

displaying 7-23

displaying in the IP source binding table 27-26

dynamic

learning 7-13

removing 7-15

in ACLs 40-29

IP address association 45-10

static

adding 7-20

allowing 7-22, 7-23

characteristics of 7-20

dropping 7-21

removing 7-20

MAC address learning 1-7

MAC address learning, disabling on a VLAN 7-23

MAC address notification, support for 1-18

MAC address-table move update

configuration guidelines 26-8

configuring 26-12

default configuration 26-8

description 26-6

monitoring 26-14

MAC address-to-VLAN mapping 16-26

MAC authentication bypass 11-15

MAC extended access lists

applying to Layer 2 interfaces 40-31

configuring for QoS 41-54

creating 40-29

defined 40-29

for QoS classification 41-5

MACSec 14-2

802.1AE Tagging 12-9

MACsec 12-2

and stacking 12-3

configuring on an interface 12-7

defined 12-1, 12-2

switch-to-switch security 12-1

MACsec Key Agreement Protocol

See MKA

magic packet 11-28

manageability features 1-7

management access

in-band

browser session 1-8

CLI session 1-8

device manager 1-8

SNMP 1-8

out-of-band console port connection 1-8

management address TLV 33-2

management options

CLI 2-1

clustering 1-4

CNS 3-1

Network Assistant 1-3

overview 1-6

switch stacks 1-3

management VLAN

considerations in switch clusters 6-7

discovery through different management VLANs 6-7

manual preemption, REP, configuring 25-13

mapping tables for QoS

configuring

CoS-to-DSCP 41-74

DSCP 41-74

DSCP-to-CoS 41-77

DSCP-to-DSCP-mutation 41-78

IP-precedence-to-DSCP 41-75

policed-DSCP 41-76

described 41-13

marking

action in policy map 41-59

action with aggregate policers 41-72

described 41-4, 41-9

matching IPv4 ACLs 40-8

maximum aging time

MSTP 22-24

STP 21-24

maximum hop count, MSTP 22-25

maximum number of allowed devices, port-based authentication 11-41

maximum-paths command 45-54, 45-93

MDA

configuration guidelines11-31to 11-32

described 1-12, 11-31

exceptions with authentication process 11-4

Media Access Control Security

See MACsec

membership mode, VLAN port 16-3

member switch

automatic discovery 6-5

defined 6-2

managing 6-16

passwords 6-13

recovering from lost connectivity 56-12

requirements 6-4

See also candidate switch, cluster standby group, and standby command switch

messages, to users through banners 7-10

metrics, in BGP 45-54

metric translations, between routing protocols 45-99

metro tags 20-2

MHSRP 48-4

MIBs

overview 38-1

SNMP interaction with 38-4

mini-point-of-presence

See POP

mini-type USB console port 15-14

mirroring traffic for analysis 35-1

mismatches, autonegotiation 56-13

MKA

configuring policies 12-6

defined 12-2

policies 12-2

replay protection 12-3

statistics 12-5

virtual ports 12-3

module number 15-19

monitoring

access groups 40-44

BGP 45-65

cables for unidirectional links 34-1

CDP 31-5

CEF 45-92

EIGRP 45-45

fallback bridging 55-10

features 1-18

Flex Links 26-14

HSRP 48-13

IEEE 802.1Q tunneling 20-19

IGMP

snooping 29-16, 30-12

interfaces 15-51

IP

address tables 45-19

multicast routing 53-63

routes 45-106

IP SLAs operations 49-13

IPv4 ACL configuration 40-44

IPv6 46-49

IPv6 ACL configuration 42-8

IS-IS 45-76

ISO CLNS 45-76

Layer 2 protocol tunneling 20-19

MAC address-table move update 26-14

MSDP peers 54-19

multicast router interfaces 29-17

multi-VRF CE 45-91

network traffic for analysis with probe 35-2

object tracking 51-12

OSPF 45-37

private VLANs 19-15

REP 25-14

RP mapping information 53-35

SFP status 56-14

source-active messages 54-19

speed and duplex mode 15-31

SSM mapping 53-22

traffic flowing among switches 36-1

traffic suppression 32-21

tunneling 20-19

VLAN

filters 40-45

maps 40-45

VLANs 16-14

VMPS 16-30

VTP 17-18

monitoring and troubleshooting

BFD 24-16

mrouter Port 26-3

mrouter port 26-5

MSDP

benefits of 54-3

clearing MSDP connections and statistics 54-19

controlling source information

forwarded by switch 54-12

originated by switch 54-8

received by switch 54-14

default configuration 54-4

dense-mode regions

sending SA messages to 54-17

specifying the originating address 54-18

filtering

incoming SA messages 54-14

SA messages to a peer 54-12

SA requests from a peer 54-11

join latency, defined 54-6

meshed groups

configuring 54-16

defined 54-16

originating address, changing 54-18

overview 54-1

peer-RPF flooding 54-2

peers

configuring a default 54-4

monitoring 54-19

peering relationship, overview 54-1

requesting source information from 54-8

shutting down 54-16

source-active messages

caching 54-6

defined 54-2

filtering from a peer 54-11

filtering incoming 54-14

filtering to a peer 54-12

limiting data with TTL 54-14

restricting advertised sources 54-9

support for 1-17

MSTP

boundary ports

configuration guidelines 22-16

described 22-6

BPDU filtering

described 23-3

enabling 23-14

BPDU guard

described 23-2

enabling 23-13

CIST, described 22-3

CIST regional root 22-3

CIST root 22-5

configuration guidelines 22-15, 23-12

configuring

forward-delay time 22-24

hello time 22-23

link type for rapid convergence 22-25

maximum aging time 22-24

maximum hop count 22-25

MST region 22-16

neighbor type 22-26

path cost 22-21

port priority 22-20

root switch 22-18

secondary root switch 22-19

switch priority 22-22

CST

defined 22-3

operations between regions 22-3

default configuration 22-14

default optional feature configuration 23-12

displaying status 22-27

enabling the mode 22-16

EtherChannel guard

described 23-10

enabling 23-17

extended system ID

effects on root switch 22-18

effects on secondary root switch 22-19

unexpected behavior 22-18

IEEE 802.1s

implementation 22-6

port role naming change 22-6

terminology 22-5

instances supported 21-10

interface state, blocking to forwarding 23-2

interoperability and compatibility among modes 21-11

interoperability with IEEE 802.1D

described 22-8

restarting migration process 22-26

IST

defined 22-2

master 22-3

operations within a region 22-3

loop guard

described 23-11

enabling 23-18

mapping VLANs to MST instance 22-17

MST region

CIST 22-3

configuring 22-16

described 22-2

hop-count mechanism 22-5

IST 22-2

supported spanning-tree instances 22-2

optional features supported 1-9

overview 22-2

Port Fast

described 23-2

enabling 23-12

preventing root switch selection 23-10

root guard

described 23-10

enabling 23-18

root switch

configuring 22-18

effects of extended system ID 22-18

unexpected behavior 22-18

shutdown Port Fast-enabled port 23-2

stack changes, effects of 22-8

status, displaying 22-27

MTU

system 15-41

system jumbo 15-41

system routing 15-41

multiauth

support for inaccessible authentication bypass 11-23

multiauth mode

See multiple-authentication mode

multicast groups

Immediate Leave 29-6

joining 29-3

leaving 29-5

static joins 29-10, 30-8

multicast packets

ACLs on 40-43

blocking 32-8

multicast router interfaces, monitoring 29-17

multicast router ports, adding 29-9, 30-8

Multicast Source Discovery Protocol

See MSDP

multicast storm 32-1

multicast storm-control command 32-4

multicast television application 29-18

multicast VLAN 29-17

Multicast VLAN Registration

See MVR

multidomain authentication

See MDA

multioperations scheduling, IP SLAs 49-5

multiple authentication 11-12

Multiple HSRP

See MHSRP

multiple VPN routing/forwarding in customer edge devices

See multi-VRF CE

multi-VRF CE

configuration example 45-87

configuration guidelines 45-79

configuring 45-79

default configuration 45-79, 46-41

defined 45-76

displaying 45-91

monitoring 45-91

network components 45-79

packet-forwarding process 45-78

support for 1-16

MVR

and address aliasing 29-20

and IGMPv3 29-21

configuring interfaces 29-22

default configuration 29-20

described 29-17

example application 29-18

in the switch stack 29-20

modes 29-21

multicast television application 29-18

setting global parameters 29-21

support for 1-5

N

NAC

AAA down policy 1-13

critical authentication 11-23, 11-63

IEEE 802.1x authentication using a RADIUS server 11-68

IEEE 802.1x validation using RADIUS server 11-68

inaccessible authentication bypass 1-13, 11-63

Layer 2 IEEE 802.1x validation 1-13, 11-68

Layer 2 IEEE802.1x validation 11-30

Layer 2 IP validation 1-13

named IPv4 ACLs 40-16

named IPv6 ACLs 42-3

NameSpace Mapper

See NSM

native VLAN

and IEEE 802.1Q tunneling 20-4

configuring 16-21

default 16-21

NDAC 12-9, 14-2

defined 12-9

MACsec 12-1

NEAT

configuring 11-69

overview 11-33

neighbor discovery, IPv6 46-4

neighbor discovery/recovery, EIGRP 45-38

neighbor offset numbers, REP 25-4

neighbors, BGP 45-60

Network Admission Control

See NAC

Network Assistant

benefits 1-2

described 1-6

downloading image files 1-3

guide mode 1-3

management options 1-3

managing switch stacks 5-3, 5-17

upgrading a switch 58-25

wizards 1-3

network configuration examples

cost-effective wiring closet 1-24

high-performance wiring closet 1-26

increasing network performance 1-23

large network 1-32

long-distance, high-bandwidth transport 1-36

multidwelling network 1-35

providing network services 1-23

redundant Gigabit backbone 1-28

server aggregation and Linux server cluster 1-28

small to medium-sized network 1-30

network design

performance 1-23

services 1-23

Network Device Admission Control (NDAC) 12-9, 14-2

Network Edge Access Topology

See NEAT

network management

CDP 31-1

RMON 36-1

SNMP 38-1

network performance, measuring with IP SLAs 49-3

network policy TLV 33-2

Network Time Protocol

See NTP

no commands 2-4

nonhierarchical policy maps

configuration guidelines 41-41

configuring 41-59

described 41-10

non-IP traffic filtering 40-29

nontrunking mode 16-16

normal-range VLANs 16-4

configuration guidelines 16-6

configuring 16-4

defined 16-1

no switchport command 15-5

not-so-stubby areas

See NSSA

NSAPs, as ISO IGRP addresses 45-67

NSF Awareness

IS-IS 45-69

NSM 3-3

NSSA, OSPF 45-33

NTP

associations

defined 7-2

overview 7-2

stratum 7-2

support for 1-7

time

services 7-2

synchronizing 7-2

O

OBFL

configuring 56-27

described 56-27

displaying 56-28

object tracking

HSRP 51-7

IP SLAs 51-9

IP SLAs, configuring 51-9

monitoring 51-12

offline configuration for switch stacks 5-8

off mode, VTP 17-4

on-board failure logging

See OBFL

online diagnostics

described 57-1

overview 57-1

running tests 57-5

open1x

configuring 11-74

open1x authentication

overview 11-31

Open Shortest Path First

See OSPF

optimizing system resources 8-1

options, management 1-6

OSPF

area parameters, configuring 45-33

configuring 45-31

default configuration

metrics 45-34

route 45-34

settings 45-28

described 45-27

for IPv6 46-13

interface parameters, configuring 45-32

LSA group pacing 45-36

monitoring 45-37

router IDs 45-36

route summarization 45-34

support for 1-16

virtual links 45-34

out-of-profile markdown 1-15

P

packet modification, with QoS 41-22

PAgP

Layer 2 protocol tunneling 20-10

See EtherChannel

parallel paths, in routing tables 45-93

passive interfaces

configuring 45-103

OSPF 45-35

passwords

default configuration 10-3

disabling recovery of 10-5

encrypting 10-4

for security 1-11

in clusters 6-14

overview 10-1

recovery of 56-3

setting

enable 10-3

enable secret 10-4

Telnet 10-6

with usernames 10-7

VTP domain 17-10

path cost

MSTP 22-21

STP 21-21

path MTU discovery 46-4

payload encryption 1-1

PBR

defined 45-99

enabling 45-101

fast-switched policy-based routing 45-102

local policy-based routing 45-102

PC (passive command switch) 6-10

peers, BGP 45-60

percentage thresholds in tracked lists 51-6

performance, network design 1-23

performance features 1-4

persistent self-signed certificate 10-49

per-user ACLs and Filter-Ids 11-8

per-VLAN spanning-tree plus

See PVST+

PE to CE routing, configuring 45-86, 46-45

physical ports 15-3

PIM

default configuration 53-11

dense mode

overview 53-4

rendezvous point (RP), described 53-5

RPF lookups 53-9

enabling a mode 53-13

overview 53-4

router-query message interval, modifying 53-38

shared tree and source tree, overview 53-35

shortest path tree, delaying the use of 53-37

sparse mode

join messages and shared tree 53-5

overview 53-5

prune messages 53-5

RPF lookups 53-9

stub routing

configuration guidelines 53-22

enabling 53-23

overview 53-5

support for 1-17

versions

interoperability 53-11

troubleshooting interoperability problems 53-35

v2 improvements 53-4

PIM-DVMRP, as snooping method 29-9

ping

character output description 56-16

executing 56-15

overview 56-15

PoE

auto mode 15-10

CDP with power consumption, described 15-8

CDP with power negotiation, described 15-8

Cisco intelligent power management 15-8

configuring 15-33

devices supported 15-7

high-power devices operating in low-power mode 15-8

IEEE power classification levels 15-9

monitoring 15-11

monitoring power 15-36

policing power consumption 15-36

policing power usage 15-11

power budgeting 15-35

power consumption 15-35

powered-device detection and initial power allocation 15-8

power management modes 15-10

power negotiation extensions to CDP 15-8

standards supported 15-8

static mode 15-10

supported watts per port 15-7

troubleshooting 56-13

policed-DSCP map for QoS 41-76

policers

configuring

for each matched traffic class 41-59

for more than one traffic class 41-72

described 41-4

number of 41-42

types of 41-10

policing

described 41-4

hierarchical

See hierarchical policy maps

token-bucket algorithm 41-10

policy-based routing

See PBR

policy maps for QoS

characteristics of 41-60

described 41-8

hierarchical 41-9

hierarchical on SVIs

configuration guidelines 41-41

configuring 41-64

described 41-12

nonhierarchical on physical ports

configuration guidelines 41-41

configuring 41-59

described 41-10

POP 1-35

port ACLs

defined 40-3

types of 40-4

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting 11-14

authentication server

defined 11-3, 13-2

RADIUS server 11-3

client, defined 11-3, 13-2

configuration guidelines 11-39, 13-9

configuring

802.1x authentication 11-44

guest VLAN 11-60

host mode 11-47

inaccessible authentication bypass 11-63

manual re-authentication of a client 11-49

periodic re-authentication 11-48

quiet period 11-49

RADIUS server 11-47, 13-13

RADIUS server parameters on the switch 11-46, 13-11

restricted VLAN 11-62

switch-to-client frame-retransmission number 11-50, 11-51

switch-to-client retransmission time 11-50

violation modes11-43to 11-44

default configuration 11-38, 13-9

described 11-1

device roles 11-3, 13-2

displaying statistics 11-76, 13-17

downloadable ACLs and redirect URLs

configuring11-71to11-73, ??to 11-73

overview11-18to 11-20

EAPOL-start frame 11-6

EAP-request/identity frame 11-6

EAP-response/identity frame 11-6

enabling

802.1X authentication 13-11

encapsulation 11-3

flexible authentication ordering

configuring 11-74

overview 11-31

guest VLAN

configuration guidelines 11-21, 11-22

described 11-21

host mode 11-12

inaccessible authentication bypass

configuring 11-63

described 11-23

guidelines 11-40

initiation and message exchange 11-6

magic packet 11-28

maximum number of allowed devices per port 11-41

method lists 11-44

multiple authentication 11-12

multiple-hosts mode, described 11-12

per-user ACLs

AAA authorization 11-44

configuration tasks 11-18

described 11-17

RADIUS server attributes 11-17

ports

authorization state and dot1x port-control command 11-11

authorized and unauthorized 11-10

voice VLAN 11-28

port security

described 11-28

readiness check

configuring 11-41

described 11-15, 11-41

resetting to default values 11-76

stack changes, effects of 11-11

statistics, displaying 11-76

switch

as proxy 11-3, 13-2

RADIUS client 11-3

switch supplicant

configuring 11-69

overview 11-33

user distribution

guidelines 11-27

overview 11-27

VLAN assignment

AAA authorization 11-44

characteristics 11-16

configuration tasks 11-17

described 11-16

voice aware 802.1x security

configuring 11-42

described 11-34, 11-42

voice VLAN

described 11-28

PVID 11-28

VVID 11-28

wake-on-LAN, described 11-28

port-based authentication methods, supported 11-8

port-based trust

IPv4 and IPv6 8-3

port blocking 1-5, 32-7

port-channel

See EtherChannel

port description TLV 33-2

Port Fast

described 23-2

enabling 23-12

mode, spanning tree 16-27

support for 1-9

port membership modes, VLAN 16-3

port priority

MSTP 22-20

STP 21-19

ports

10-Gigabit Ethernet 15-7

access 15-3

blocking 32-7

dynamic access 16-4

protected 32-6

REP 25-6

routed 15-4

secure 32-9

static-access 16-3, 16-9

switch 15-3

trunks 16-3, 16-15

VLAN assignments 16-9

port security

aging 32-17

and other features 32-11

and private VLANs 32-18

and QoS trusted boundary 41-46

and stacking 32-18

configuration guidelines 32-11

configuring 32-13

default configuration 32-11

described 32-8

on trunk ports 32-14

sticky learning 32-9

violations 32-10

port-shutdown response, VMPS 16-26

port VLAN ID TLV 33-2

power management TLV 33-3

Power over Ethernet

See PoE

power supply

configuring 15-45

managing 15-45

preempt delay time, REP 25-5

preemption, default configuration 26-8

preemption delay, default configuration 26-8

preferential treatment of traffic

See QoS

prefix lists, BGP 45-58

preventing unauthorized access 10-1

primary edge port, REP 25-4

primary interface for object tracking, DHCP, configuring 51-11

primary interface for static routing, configuring 51-10

primary links 26-2

primary VLANs 19-1, 19-3

priority

HSRP 48-8

overriding CoS 18-6

trusting CoS 18-6

private VLAN edge ports

See protected ports

private VLANs

across multiple switches 19-4

and SDM template 19-4

and SVIs 19-5

and switch stacks 19-5

benefits of 19-1

community ports 19-2

community VLANs 19-2, 19-3

configuration guidelines 19-7, 19-8

configuration tasks 19-6

configuring 19-10

default configuration 19-6

end station access to 19-3

IP addressing 19-3

isolated port 19-2

isolated VLANs 19-2, 19-3

mapping 19-13

monitoring 19-15

ports

community 19-2

configuration guidelines 19-8

configuring host ports 19-11

configuring promiscuous ports 19-13

isolated 19-2

promiscuous 19-2

primary VLANs 19-1, 19-3

promiscuous ports 19-2

secondary VLANs 19-2

subdomains 19-1

traffic in 19-5

privilege levels

changing the default for lines 10-9

command switch 6-17

exiting 10-9

logging into 10-9

mapping on member switches 6-17

overview 10-2, 10-7

setting a command with 10-8

promiscuous ports

configuring 19-13

defined 19-2

protected ports 1-11, 32-6

protocol-dependent modules, EIGRP 45-38

Protocol-Independent Multicast Protocol

See PIM

protocol storm protection 32-19

provider edge devices 45-77

provisioning new members for a switch stack 5-8

proxy ARP

configuring 45-13

definition 45-11

with IP routing disabled 45-13

proxy reports 26-3

pruning, VTP

disabling

in VTP domain 17-16

on a port 16-21

enabling

in VTP domain 17-16

on a port 16-21

examples 17-7

overview 17-6

pruning-eligible list

changing 16-21

for VTP pruning 17-6

VLANs 17-16

PVST+

described 21-10

IEEE 802.1Q trunking interoperability 21-12

instances supported 21-10

Q

QoS

and MQC commands 41-1

auto-QoS

categorizing traffic 41-24

configuration and defaults display 41-36

configuration guidelines 41-33

described 41-23

disabling 41-35

displaying generated commands 41-35

displaying the initial configuration 41-36

effects on running configuration 41-33

egress queue defaults 41-25

list of generated commands 41-26

basic model 41-4

classification

class maps, described 41-8

defined 41-4

DSCP transparency, described 41-47

flowchart 41-7

forwarding treatment 41-3

in frames and packets 41-3

IP ACLs, described 41-7, 41-8

MAC ACLs, described 41-5, 41-8

options for IP traffic 41-6

options for non-IP traffic 41-5

policy maps, described 41-8

trust DSCP, described 41-5

trusted CoS, described 41-5

trust IP precedence, described 41-5

class maps

configuring 41-55

configuration guidelines

auto-QoS 41-33

standard QoS 41-40

configuring

aggregate policers 41-72

auto-QoS 41-23

default port CoS value 41-45

DSCP maps 41-74

DSCP transparency 41-47

DSCP trust states bordering another domain 41-48

egress queue characteristics 41-84

ingress queue characteristics 41-80

IP extended ACLs 41-51

IP standard ACLs 41-50

MAC ACLs 41-54

policy maps, hierarchical 41-64

policy maps on physical ports 41-59

port trust states within the domain 41-44

trusted boundary 41-46

default auto configuration 41-24

default standard configuration 41-37

DSCP transparency 41-47

egress queues

allocating buffer space 41-85

buffer allocation scheme, described 41-20

configuring shaped weights for SRR 41-89

configuring shared weights for SRR 41-90

described 41-4

displaying the threshold map 41-88

flowchart 41-19

mapping DSCP or CoS values 41-87

scheduling, described 41-4

setting WTD thresholds 41-85

WTD, described 41-22

enabling globally 41-43

flowcharts

classification 41-7

egress queueing and scheduling 41-19

ingress queueing and scheduling 41-16

policing and marking 41-11

implicit deny 41-8

ingress queues

allocating bandwidth 41-82

allocating buffer space 41-82

buffer and bandwidth allocation, described 41-18

configuring shared weights for SRR 41-82

configuring the priority queue 41-83

described 41-4

displaying the threshold map 41-81

flowchart 41-16

mapping DSCP or CoS values 41-81

priority queue, described 41-18

scheduling, described 41-4

setting WTD thresholds 41-81

WTD, described 41-18

IP phones

automatic classification and queueing 41-23

detection and trusted settings 41-23, 41-46

limiting bandwidth on egress interface 41-91

mapping tables

CoS-to-DSCP 41-74

DSCP-to-CoS 41-77

DSCP-to-DSCP-mutation 41-78

IP-precedence-to-DSCP 41-75

policed-DSCP 41-76

types of 41-13

marked-down actions 41-62

marking, described 41-4, 41-9

overview 41-2

packet modification 41-22

policers

configuring 41-62, 41-72

described 41-9

number of 41-42

types of 41-10

policies, attaching to an interface 41-9

policing

described 41-4, 41-9

token bucket algorithm 41-10

policy maps

characteristics of 41-60

hierarchical 41-9

hierarchical on SVIs 41-64

nonhierarchical on physical ports 41-59

QoS label, defined 41-4

queues

configuring egress characteristics 41-84

configuring ingress characteristics 41-80

high priority (expedite) 41-22, 41-90

location of 41-14

SRR, described 41-15

WTD, described 41-15

rewrites 41-22

support for 1-15

trust states

bordering another domain 41-48

described 41-5

trusted device 41-46

within the domain 41-44

quality of service

See QoS

queries, IGMP 29-4

query solicitation, IGMP 29-13

R

RADIUS

attributes

vendor-proprietary 10-36

vendor-specific 10-35

configuring

accounting 10-34

authentication 10-29

authorization 10-33

communication, global 10-27, 10-35

communication, per-server 10-27

multiple UDP ports 10-27

default configuration 10-27

defining AAA server groups 10-31

displaying the configuration 10-39

identifying the server 10-27

in clusters 6-16

limiting the services to the user 10-33

method list, defined 10-26

operation of 10-19

overview 10-18

server load balancing 10-39

suggested network environments 10-18

support for 1-13

tracking services accessed by user 10-34

RADIUS Change of Authorization 10-20

range

macro 15-22

of interfaces 15-21

rapid convergence 22-10

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described 21-10

IEEE 802.1Q trunking interoperability 21-12

instances supported 21-10

Rapid Spanning Tree Protocol

See RSTP

RARP 45-11

rcommand command 6-16

RCP

configuration files

downloading 58-18

overview 58-17

preparing the server 58-17

uploading 58-19

image files

deleting old image 58-38

downloading 58-37

preparing the server 58-36

uploading 58-38

reachability, tracking IP SLAs IP host 51-9

readiness check

port-based authentication

configuring 11-41

described 11-15, 11-41

reconfirmation interval, VMPS, changing 16-29

reconfirming dynamic VLAN membership 16-29

redirect URL 11-18, 11-20, 11-71

redundancy

EtherChannel 43-3

HSRP 48-1

STP

backbone 21-9

multidrop backbone 23-5

path cost 16-24

port priority 16-22

redundant links and UplinkFast 23-15

redundant power system

See Cisco Redundant Power System 2300

reliable transport protocol, EIGRP 45-38

reloading software 4-23

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN 35-3

REP

administrative VLAN 25-8

administrative VLAN, configuring 25-8

age timer 25-8

and STP 25-6

configuration guidelines 25-7

configuring interfaces 25-9

convergence 25-4

default configuration 25-7

manual preemption, configuring 25-13

monitoring 25-14

neighbor offset numbers 25-4

open segment 25-2

ports 25-6

preempt delay time 25-5

primary edge port 25-4

ring segment 25-2

secondary edge port 25-4

segments 25-1

characteristics 25-2

SNMP traps, configuring 25-13

supported interfaces 25-1

triggering VLAN load balancing 25-5

verifying link integrity 25-3

VLAN blocking 25-12

VLAN load balancing 25-4

report suppression, IGMP

described 29-6

disabling 29-16, 30-11

resequencing ACL entries 40-16

reserved addresses in DHCP pools 27-28

resets, in BGP 45-52

resetting a UDLD-shutdown interface 34-6

Resilient Ethernet Protocol

See REP

responder, IP SLAs

described 49-4

enabling 49-7

response time, measuring with IP SLAs 49-4

restricted VLAN

configuring 11-62

described 11-22

using with IEEE 802.1x 11-22

restricting access

overview 10-1

passwords and privilege levels 10-2

RADIUS 10-17

TACACS+ 10-10

retry count, VMPS, changing 16-30

reverse address resolution 45-10

Reverse Address Resolution Protocol

See RARP

RFC

1058, RIP 45-21

1112, IP multicast and IGMP 29-2

1157, SNMPv1 38-2

1163, BGP 45-45

1166, IP addresses 45-7

1253, OSPF 45-27

1267, BGP 45-45

1305, NTP 7-2

1587, NSSAs 45-27

1757, RMON 36-2

1771, BGP 45-45

1901, SNMPv2C 38-2

1902 to 1907, SNMPv2 38-2

2236, IP multicast and IGMP 29-2

2273-2275, SNMPv3 38-2

RFC 5176 Compliance 10-21

RIP

advertisements 45-21

authentication 45-24

configuring 45-22

default configuration 45-22

described 45-21

for IPv6 46-12

hop counts 45-21

split horizon 45-24

summary addresses 45-25

support for 1-16

RMON

default configuration 36-3

displaying status 36-6

enabling alarms and events 36-3

groups supported 36-2

overview 36-1

statistics

collecting group Ethernet 36-5

collecting group history 36-5

support for 1-18

root guard

described 23-10

enabling 23-18

support for 1-10

root switch

MSTP 22-18

STP 21-17

route calculation timers, OSPF 45-35

route dampening, BGP 45-64

routed packets, ACLs on 40-43

routed ports

configuring 45-5

defined 15-4

in switch clusters 6-8

IP addresses on 15-39, 45-6

route-map command 45-102

route maps

BGP 45-56

policy-based routing 45-100

router ACLs

defined 40-3

types of 40-5

route reflectors, BGP 45-63

router ID, OSPF 45-36

route selection, BGP 45-54

route summarization, OSPF 45-34

route targets, VPN 45-79

routing

default 45-3

dynamic 45-3

redistribution of information 45-96

static 45-3

routing domain confederation, BGP 45-63

Routing Information Protocol

See RIP

routing protocol administrative distances 45-94

RPS

See Cisco Redundant Power System 2300

RPS 2300

See Cisco Redundant Power System 2300

RSPAN 35-3

and stack changes 35-11

characteristics 35-9

configuration guidelines 35-19

default configuration 35-12

destination ports 35-8

displaying status 35-31

in a switch stack 35-3

interaction with other features 35-10

monitored ports 35-7

monitoring ports 35-8

overview 1-18, 35-1

received traffic 35-6

session limits 35-13

sessions

creating 35-20

defined 35-4

limiting source traffic to specific VLANs 35-22

specifying monitored ports 35-20

with ingress traffic enabled 35-25

source ports 35-7

transmitted traffic 35-6

VLAN-based 35-7

RSTP

active topology 22-9

BPDU

format 22-12

processing 22-13

designated port, defined 22-9

designated switch, defined 22-9

interoperability with IEEE 802.1D

described 22-8

restarting migration process 22-26

topology changes 22-13

overview 22-9

port roles

described 22-9

synchronized 22-11

proposal-agreement handshake process 22-10

rapid convergence

cross-stack rapid convergence 22-11

described 22-10

edge ports and Port Fast 22-10

point-to-point links 22-10, 22-25

root ports 22-10

root port, defined 22-9

See also MSTP

running configuration

replacing 58-20, 58-21

rolling back 58-20, 58-22

saving 4-16

S

SAP

defined 12-9

negotiation 12-9

support 12-1

SC (standby command switch) 6-10

scheduled reloads 4-23

scheduling, IP SLAs operations 49-5

SCP

and SSH 10-55

configuring 10-55

SDM

described 8-1

switch stack consideration 5-11

templates

configuring 8-6

number of 8-1

SDM template

configuring 8-5

dual IPv4 and IPv6 8-3

types of 8-1

secondary edge port, REP 25-4

secondary VLANs 19-2

Secure Copy Protocol

secure HTTP client

configuring 10-54

displaying 10-54

secure HTTP server

configuring 10-52

displaying 10-54

secure MAC addresses

and switch stacks 32-18

deleting 32-16

maximum number of 32-10

types of 32-9

secure ports

and switch stacks 32-18

configuring 32-9

secure remote connections 10-44

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port 32-8

Security Exchange Protocol

See SXP

Security Exchange Protocol

See SAP

Security Exchange Protocol (SXP) 14-2

security features 1-11

Security Group Access Control List (SGACL) 14-2

Security Group Tag (SGT) 14-2

See SCP

sequence numbers in log messages 37-8

server mode, VTP 17-3

service-provider network, MSTP and RSTP 22-1

service-provider networks

and customer VLANs 20-2

and IEEE 802.1Q tunneling 20-1

Layer 2 protocols across 20-8

Layer 2 protocol tunneling for EtherChannels 20-10

session keys, MKA 12-2

set-request operation 38-5

setup program

failed command switch replacement 56-11

replacing failed command switch 56-9

severity levels, defining in system messages 37-9

SFPs

monitoring status of 56-14

numbering of 15-20

security and identification 56-14

status, displaying 56-14

SGACL 14-2

SGT 14-2

shaped round robin

See SRR

show access-lists hw-summary command 40-23

show and more command output, filtering 2-9

show cluster members command 6-16

show configuration command 15-38

show forward command 56-22

show interfaces command 15-31, 15-38

show interfaces switchport 26-4

show l2protocol command 20-14, 20-16, 20-17

show platform forward command 56-22

show running-config command

displaying ACLs 40-34, 40-36

interface description in 15-38

shutdown command on interfaces 15-53

shutdown threshold for Layer 2 protocol packets 20-12

Simple Network Management Protocol

See SNMP

single session ID 11-35

Slow timer, configuring BFD 24-15

small form-factor pluggable modules

See SFPs

small-frame arrival rate, configuring 32-5

smart logging 37-1, 37-14

SNAP 31-1

SNMP

accessing MIB variables with 38-4

agent

described 38-4

disabling 38-9

and IP SLAs 49-2

authentication level 38-12

community strings

configuring 38-9

for cluster switches 38-4

overview 38-4

configuration examples 38-19

default configuration 38-8

engine ID 38-8

groups 38-8, 38-11

host 38-8

ifIndex values 38-6

in-band management 1-8

in clusters 6-14

informs

and trap keyword 38-14

described 38-5

differences from traps 38-5

disabling 38-17

enabling 38-17

limiting access by TFTP servers 38-19

limiting system log messages to NMS 37-10

manager functions 1-6, 38-3

managing clusters with 6-17

notifications 38-5

overview 38-1, 38-4

security levels 38-3

setting CPU threshold notification 38-18

status, displaying 38-21

system contact and location 38-18

trap manager, configuring 38-16

traps

described 38-5

differences from informs 38-5

disabling 38-17

enabling 38-14

enabling MAC address notification 7-15, 7-17, 7-18

overview 38-1, 38-5

types of 38-14

users 38-8, 38-11

versions supported 38-2

SNMP and Syslog Over IPv6 46-14

SNMP traps

REP 25-13

SNMPv1 38-2

SNMPv2C 38-2

SNMPv3 38-3

snooping, IGMP 29-2

software compatibility

See stacks, switch

software images

location in flash 58-26

recovery procedures 56-2

scheduling reloads 4-24

tar file format, described 58-26

See also downloading and uploading

software images in mixed stacks

See the Cisco Software Activation and Compatibility Document

source-and-destination-IP address based forwarding, EtherChannel 43-9

source-and-destination MAC address forwarding, EtherChannel 43-9

source-IP address based forwarding, EtherChannel 43-9

source-MAC address forwarding, EtherChannel 43-8

Source-specific multicast

See SSM

SPAN

and stack changes 35-11

configuration guidelines 35-13

default configuration 35-12

destination ports 35-8

displaying status 35-31

interaction with other features 35-10

monitored ports 35-7

monitoring ports 35-8

overview 1-18, 35-1

ports, restrictions 32-12

received traffic 35-6

session limits 35-13

sessions

configuring ingress forwarding 35-17, 35-26

creating 35-14, 35-28

defined 35-4

limiting source traffic to specific VLANs 35-18

removing destination (monitoring) ports 35-15

specifying monitored ports 35-14, 35-28

with ingress traffic enabled 35-16

source ports 35-7

transmitted traffic 35-6

VLAN-based 35-7

spanning tree and native VLANs 16-17

Spanning Tree Protocol

See STP

SPAN traffic 35-6

split horizon, RIP 45-24

SRR

configuring

shaped weights on egress queues 41-89

shared weights on egress queues 41-90

shared weights on ingress queues 41-82

described 41-15

shaped mode 41-15

shared mode 41-16

support for 1-15, 1-16

SSH

configuring 10-45

described 1-8, 10-44

encryption methods 10-45

switch stack considerations 5-18

user authentication methods, supported 10-45

SSL

configuration guidelines 10-51

configuring a secure HTTP client 10-54

configuring a secure HTTP server 10-52

described 10-48

monitoring 10-54

SSM

address management restrictions 53-16

CGMP limitations 53-16

components 53-14

configuration guidelines 53-16

configuring 53-14, 53-17

differs from Internet standard multicast 53-14

IGMP snooping 53-16

IGMPv3 53-14

IGMPv3 Host Signalling 53-15

IP address range 53-15

monitoring 53-17

operations 53-15

PIM 53-14

state maintenance limitations 53-16

SSM mapping 53-17

configuration guidelines 53-17

configuring 53-17, 53-19

DNS-based 53-18, 53-20

monitoring 53-22

overview 53-18

restrictions 53-18

static 53-18, 53-20

static traffic forwarding 53-21

stack changes

effects on

IPv6 routing 46-16

stack changes, effects on

ACL configuration 40-7

CDP 31-2

cross-stack EtherChannel 43-13

EtherChannel 43-10

fallback bridging 55-3

HSRP 48-5

IEEE 802.1x port-based authentication 11-11

IGMP snooping 29-7

IP routing 45-4

IPv6 ACLs 42-3

MAC address tables 7-14

MSTP 22-8

multicast routing 53-10

MVR 29-18

port security 32-18

SDM template selection 8-4

SNMP 38-1

SPAN and RSPAN 35-11

STP 21-12

switch clusters 6-14

system message log 37-2

VLANs 16-6

VTP 17-8

stacking

and MACsec 12-3

stack master

bridge ID (MAC address) 5-7

defined 5-2

election 5-6

IPv6 46-16

re-election 5-6

See also stacks, switch

stack member

accessing CLI of specific member 5-30

configuring

member number 5-26

priority value 5-26

defined 5-2

displaying information of 5-30

IPv6 46-17

number 5-7

priority value 5-8

provisioning a new member 5-27

replacing 5-16

See also stacks, switch

stack member number 15-19

stack protocol version 5-12

stacks, switch

accessing CLI of specific member 5-30

assigning information

member number 5-26

priority value 5-26

provisioning a new member 5-27

auto-advise 5-13

auto-copy 5-13

auto-extract 5-13

auto-upgrade 5-12

bridge ID 5-7

Catalyst 3750-E-only 5-2

Catalyst 3750-X-only 5-2

CDP considerations 31-2

compatibility, software 5-11

configuration file 5-16

configuration scenarios 5-19

copying an image file from one member to another 58-39

default configuration 5-24

description of 5-2

displaying information of 5-30

enabling persistent MAC address timer 5-24

hardware compatibility and SDM mismatch mode 5-11

HSRP considerations 48-5

in clusters 6-14

incompatible software and image upgrades 5-16, 58-39

IPv6 on 46-16

MAC address considerations 7-14

MAC address of 5-24

management connectivity 5-17

managing 5-1

managing mixed

See Catalyst 3750-E and 3750 Switch Stacking Compatibility Guide

membership 5-4

merged 5-5

mixed

hardware 5-2

hardware and software 5-2

software 5-2

with Catalyst 3750-E and 3750 switches 5-2

mixed software images

See Cisco Software Activation and Compatibility Document

MSTP instances supported 21-10

multicast routing, stack master and member roles 53-10

offline configuration

described 5-8

effects of adding a provisioned switch 5-9

effects of removing a provisioned switch 5-11

effects of replacing a provisioned switch 5-11

provisioned configuration, defined 5-8

provisioned switch, defined 5-8

provisioning a new member 5-27

partitioned 5-5, 56-8

provisioned switch

adding 5-9

removing 5-11

replacing 5-11

replacing a failed member 5-16

software compatibility 5-11

software image version 5-11

stack protocol version 5-12

STP

bridge ID 21-3

instances supported 21-10

root port selection 21-3

stack root switch election 21-3

system messages

hostnames in the display 37-1

remotely monitoring 37-2

system prompt consideration 7-7

system-wide configuration considerations 5-17

upgrading 58-39

version-mismatch (VM) mode

automatic upgrades with auto-upgrade 5-12

described 5-12

examples 5-13

manual upgrades with auto-advise 5-13

upgrades with auto-extract 5-13

See also stack master and stack member

StackWise Plus technology, Cisco 1-3

See also stacks, switch

standby command switch

configuring

considerations 6-11

defined 6-2

priority 6-10

requirements 6-3

virtual IP address 6-11

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

standby ip command 48-6

standby links 26-2

standby router 48-2

standby timers, HSRP 48-10

startup configuration

booting

manually 4-19

specific image 4-20

clearing 58-20

configuration file

automatically downloading 4-18

specifying the filename 4-19

default boot configuration 4-18

static access ports

assigning to VLAN 16-9

defined 15-3, 16-3

static addresses

See addresses

static IP routing 1-17

static MAC addressing 1-11

static route primary interface, configuring 51-10

static routes

configuring 45-94

understanding 46-12

static routing 45-3

static routing support, enhanced object tracking 51-10

static SSM mapping 53-18, 53-20

static traffic forwarding 53-21

static VLAN membership 16-2

statistics

802.1X 13-17

CDP 31-5

IEEE 802.1x 11-76

interface 15-52

IP multicast routing 53-63

MKA 12-5

OSPF 45-37

RMON group Ethernet 36-5

RMON group history 36-5

SNMP input and output 38-21

VTP 17-18

sticky learning 32-9

storm control

configuring 32-3

described 32-1

disabling 32-5

support for 1-5

thresholds 32-2

STP

accelerating root port selection 23-4

and REP 25-6

BackboneFast

described 23-7

disabling 23-17

enabling 23-16

BPDU filtering

described 23-3

disabling 23-15

enabling 23-14

BPDU guard

described 23-2

disabling 23-14

enabling 23-13

BPDU message exchange 21-3

configuration guidelines 21-14, 23-12

configuring

forward-delay time 21-24

hello time 21-23

maximum aging time 21-24

path cost 21-21

port priority 21-19

root switch 21-17

secondary root switch 21-18

spanning-tree mode 21-15

switch priority 21-22

transmit hold-count 21-25

counters, clearing 21-25

cross-stack UplinkFast

described 23-5

enabling 23-16

default configuration 21-13

default optional feature configuration 23-12

designated port, defined 21-4

designated switch, defined 21-4

detecting indirect link failures 23-8

disabling 21-16

displaying status 21-25

EtherChannel guard

described 23-10

disabling 23-17

enabling 23-17

extended system ID

effects on root switch 21-17

effects on the secondary root switch 21-18

overview 21-5

unexpected behavior 21-17

features supported 1-9

IEEE 802.1D and bridge ID 21-5

IEEE 802.1D and multicast addresses 21-9

IEEE 802.1t and VLAN identifier 21-5

inferior BPDU 21-3

instances supported 21-10

interface state, blocking to forwarding 23-2

interface states

blocking 21-6

disabled 21-8

forwarding 21-6, 21-7

learning 21-7

listening 21-7

overview 21-5

interoperability and compatibility among modes 21-11

keepalive messages 21-3

Layer 2 protocol tunneling 20-8

limitations with IEEE 802.1Q trunks 21-12

load sharing

overview 16-22

using path costs 16-24

using port priorities 16-22

loop guard

described 23-11

enabling 23-18

modes supported 21-10

multicast addresses, effect of 21-9

optional features supported 1-9

overview 21-2

path costs 16-24, 16-25

Port Fast

described 23-2

enabling 23-12

port priorities 16-23

preventing root switch selection 23-10

protocols supported 21-10

redundant connectivity 21-9

root guard

described 23-10

enabling 23-18

root port, defined 21-3

root port selection on a switch stack 21-3

root switch

configuring 21-17

effects of extended system ID 21-5, 21-17

election 21-3

unexpected behavior 21-17

shutdown Port Fast-enabled port 23-2

stack changes, effects of 21-12

status, displaying 21-25

superior BPDU 21-3

timers, described 21-23

UplinkFast

described 23-3

enabling 23-15

VLAN-bridge 21-12

stratum, NTP 7-2

stub areas, OSPF 45-33

stub routing, EIGRP 45-44

subdomains, private VLAN 19-1

subnet mask 45-8

subnet zero 45-8

success response, VMPS 16-26

summer time 7-6

SunNet Manager 1-6

supernet 45-9

supported port-based authentication methods 11-8

SVI autostate exclude

configuring 15-40

defined 15-6

SVI link state 15-6

SVIs

and IP unicast routing 45-5

and router ACLs 40-5

connecting VLANs 15-13

defined 15-5

routing between VLANs 16-2

switch 46-2

switch clustering technology 6-1

See also clusters, switch

switch console port 1-8

Switch Database Management

See SDM

switched packets, ACLs on 40-41

Switched Port Analyzer

See SPAN

switched ports 15-3

switchport backup interface 26-4, 26-5

switchport block multicast command 32-8

switchport block unicast command 32-8

switchport command 15-28

switchport mode dot1q-tunnel command 20-7

switchport protected command 32-7

switch priority

MSTP 22-22

STP 21-22

switch software features 1-1

switch virtual interface

See SVI

SXP 14-2

synchronization, BGP 45-50

syslog

See system message logging

system capabilities TLV 33-2

system clock

configuring

daylight saving time 7-6

manually 7-4

summer time 7-6

time zones 7-5

displaying the time and date 7-5

overview 7-2

See also NTP

system description TLV 33-2

system message logging

default configuration 37-4

defining error message severity levels 37-9

disabling 37-4

displaying the configuration 37-17

enabling 37-5

facility keywords, described 37-14

level keywords, described 37-10

limiting messages 37-10

message format 37-2

overview 37-1

sequence numbers, enabling and disabling 37-8

setting the display destination device 37-5

stack changes, effects of 37-2

synchronizing log messages 37-6

syslog facility 1-18

time stamps, enabling and disabling 37-8

UNIX syslog servers

configuring the daemon 37-12

configuring the logging facility 37-13

facilities supported 37-14

system MTU

and IS-IS LSPs 45-71

system MTU and IEEE 802.1Q tunneling 20-5

system name

default configuration 7-8

default setting 7-8

manual configuration 7-8

See also DNS

system name TLV 33-2

system prompt, default setting 7-7, 7-8

system resources, optimizing 8-1

system routing

IS-IS 45-67

ISO IGRP 45-67

T

TACACS+

accounting, defined 10-11

authentication, defined 10-11

authorization, defined 10-11

configuring

accounting 10-17

authentication key 10-13

authorization 10-16

login authentication 10-14

default configuration 10-13

displaying the configuration 10-17

identifying the server 10-13

in clusters 6-16

limiting the services to the user 10-16

operation of 10-12

overview 10-10

support for 1-13

tracking services accessed by user 10-17

tagged packets

IEEE 802.1Q 20-3

Layer 2 protocol 20-8

tar files

creating 58-7

displaying the contents of 58-7

extracting 58-8

image file format 58-26

TCL script, registering and defining with embedded event manager 39-7

TDR 1-18

Telnet

accessing management interfaces 2-10

number of connections 1-8

setting a password 10-6

templates, SDM 8-2

temporary self-signed certificate 10-49

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password 10-6

ternary content addressable memory 56-26

TFTP

configuration files

downloading