A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
X -
Index
A
abbreviating commands 2-4
AC (command switch) 7-9
access-class command 34-16
access control entries
See ACEs
access-denied response, VMPS 15-24
access groups, applying IPv4 ACLs to interfaces 34-17
accessing
clusters, switch 7-12
command switches 7-10
member switches 7-12
switch clusters 7-12
access lists
See ACLs
access ports
in switch clusters 7-8
access ports, defined 13-2
accounting
with 802.1x 12-41
with IEEE 802.1x 12-12
with RADIUS 11-28
with TACACS+ 11-11, 11-17
ACEs
and QoS 36-7
defined 34-2
Ethernet 34-2
IP 34-2
ACLs
ACEs 34-2
any keyword 34-9
applying
time ranges to 34-14
to an interface 34-16
to QoS 36-7
classifying traffic for QoS 36-39
comments in 34-15
compiling 34-18
defined 34-1, 34-5
examples of 34-18, 36-39
extended IP, configuring for QoS classification 36-40
extended IPv4
creating 34-8
matching criteria 34-5
hardware and software handling 34-17
host keyword 34-10
IP
creating 34-5
fragments and QoS guidelines 36-31
implicit deny 34-7, 34-11, 34-13
implicit masks 34-7
matching criteria 34-5
undefined 34-17
IPv4
applying to interfaces 34-16
creating 34-5
matching criteria 34-5
named 34-12
numbers 34-6
terminal lines, setting on 34-16
unsupported features 34-4
MAC extended 34-20, 36-41
matching 34-5, 34-17
monitoring 34-23
named, IPv4 34-12
number per QoS class map 36-31
QoS 36-7, 36-39
resequencing entries 34-12
standard IP, configuring for QoS classification 36-39
standard IPv4
creating 34-7
matching criteria 34-5
support for 1-8
support in hardware 34-17
time ranges 34-14
unsupported features, IPv4 34-4
active link 22-4, 22-5, 22-6
active links 22-2
active traffic monitoring, IP SLAs 35-1
address aliasing 25-2
addresses
displaying the MAC address table 8-27
dynamic
accelerated aging 18-8
changing the aging time 8-21
default aging 18-8
defined 8-19
learning 8-20
removing 8-21
IPv6 37-2
MAC, discovering 8-27
multicast, STP address management 18-8
static
adding and removing 8-23
defined 8-19
address resolution 8-27
Address Resolution Protocol
See ARP
administrative VLAN
REP, configuring 21-8
administrative VLAN, REP 21-8
advertisements
CDP 28-1
LLDP 27-1, 27-2
VTP 15-16, 16-3
age timer, REP 21-8
aggregatable global unicast addresses 37-3
aggregated ports
See EtherChannel
aggregate policers 36-48
aggregate policing 1-10
aging, accelerating 18-8
aging time
accelerated
for MSTP 19-23
for STP 18-8, 18-21
MAC address table 8-21
maximum
for MSTP 19-23, 19-24
for STP 18-21, 18-22
alarm profiles
configuring 3-11
creating or modifying 3-10
alarms
default configuration 3-4
displaying 3-12
power supply 3-2
temperature 3-2
alarms, RMON 31-3
allowed-VLAN list 15-18
ARP
defined 1-5, 8-27
table
address resolution 8-27
managing 8-27
associating the temperature alarms to a relay 3-7
attaching an alarm profile to a port 3-11
attributes, RADIUS
vendor-proprietary 11-31
vendor-specific 11-29
attribute-value pairs 12-11, 12-13, 12-16, 12-25
authentication
local mode with AAA 11-32
NTP associations 8-4
open1x 12-24
RADIUS
key 11-21
login 11-23
TACACS+
defined 11-11
key 11-13
login 11-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 12-8
authentication failed VLAN
See restricted VLAN
authentication manager
CLI commands 12-8
compatibility with older 802.1x CLI commands12-8to 12-9
overview 12-7
authoritative time source, described 8-2
authorization
with RADIUS 11-27
with TACACS+ 11-11, 11-16
authorized ports with IEEE 802.1x 12-9
autoconfiguration 4-3
auto enablement 12-24
automatic discovery
considerations
beyond a noncandidate device 7-7
brand new switches 7-8
connectivity 7-4
different VLANs 7-6
management VLANs 7-7
automatic discovery (continued)
non-CDP-capable devices 7-6
noncluster-capable devices 7-6
in switch clusters 7-4
See also CDP
automatic QoS
See QoS
automatic recovery, clusters 7-9
See also HSRP
auto-MDIX
configuring 13-16
described 13-16
autonegotiation
duplex mode 1-3
interface configuration guidelines 13-13
mismatches 39-7
autosensing, port speed 1-3
Auto Smartports macros
displaying 14-5
auxiliary VLAN
See voice VLAN
availability, features 1-6
B
BackboneFast
described 20-5
disabling 20-14
enabling 20-13
support for 1-6
backup interfaces
See Flex Links
backup links 22-2
banners
configuring
login 8-18
message-of-the-day login 8-18
default configuration 8-17
when displayed 8-17
Berkeley r-tools replacement 11-44
binding database
DHCP snooping
See DHCP snooping binding database
bindings
DHCP snooping database 23-5
IP source guard 23-12
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 26-7
booting
boot loader, function of 4-2
boot process 4-1
manually 4-17
specific image 4-18
boot loader
accessing 4-18
described 4-2
environment variables 4-18
prompt 4-18
trap-door mechanism 4-2
BPDU
error-disabled state 20-2
filtering 20-3
RSTP format 19-12
BPDU filtering
described 20-3
disabling 20-12
enabling 20-12
support for 1-7
BPDU guard
described 20-2
disabling 20-12
enabling 20-11
support for 1-7
bridge protocol data unit
See BPDU
broadcast storm-control command 26-4
broadcast storms 26-1
C
cables, monitoring for unidirectional links 29-1
candidate switch
automatic discovery 7-4
defined 7-3
requirements 7-3
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility 12-8
CA trustpoint
configuring 11-40
defined 11-38
CDP
and trusted boundary 36-35
automatic discovery in switch clusters 7-4
configuring 28-2
default configuration 28-2
defined with LLDP 27-1
described 28-1
disabling for routing device28-3to 28-4
enabling and disabling
on an interface 28-4
on a switch 28-3
monitoring 28-5
overview 28-1
support for 1-5
transmission timer and holdtime, setting 28-2
updates 28-2
CGMP
as IGMP snooping learning method 25-8
joining multicast group 25-3
CipherSuites 11-39
Cisco 7960 IP Phone 17-1
Cisco Discovery Protocol
See CDP
Cisco IOS File System
See IFS
Cisco IOS IP Service Level Agreements (SLAs) responder 1-4
Cisco IOS IP SLAs 35-1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 12-16
attribute-value pairs for redirect URL 12-16
Cisco Secure ACS configuration guide 12-52
CiscoWorks 2000 1-4, 33-4
CISP 12-24
CIST regional root
See MSTP
CIST root
See MSTP
civic location 27-3
class maps for QoS
configuring 36-42
described 36-7
displaying 36-68
class of service
See CoS
clearing interfaces 13-19
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-4
editing features
enabling and disabling 2-7
keystroke editing 2-7
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
managing clusters 7-14
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client mode, VTP 16-3
clock
See system clock
clusters, switch
accessing 7-12
automatic discovery 7-4
automatic recovery 7-9
benefits 1-2
compatibility 7-4
described 7-1
LRE profile considerations 7-13
managing
through CLI 7-14
through SNMP 7-14
planning 7-4
planning considerations
automatic discovery 7-4
automatic recovery 7-9
CLI 7-14
host names 7-12
IP addresses 7-12
LRE profiles 7-13
passwords 7-12
RADIUS 7-13
SNMP 7-13, 7-14
TACACS+ 7-13
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
automatic recovery 7-11
considerations 7-10
defined 7-2
requirements 7-3
cluster standby group (continued)
virtual IP address 7-10
See also HSRP
CNS 1-5
Configuration Engine
configID, deviceID, hostname 6-3
configuration service 6-2
described 6-1
event service 6-3
embedded agents
described 6-5
enabling automated configuration 6-6
enabling configuration agent 6-9
enabling event agent 6-7
management functions 1-4
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 11-8
command switch
accessing 7-10
active (AC) 7-9
configuration conflicts 39-7
defined 7-2
passive (PC) 7-9
password privilege levels 7-14
priority 7-9
recovery
from command-switch failure 7-9, 39-4
from lost member connectivity 39-7
redundant 7-9
replacing
with another switch 39-6
with cluster member 39-4
requirements 7-3
standby (SC) 7-9
command switch (continued)
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
configuring 7-13, 33-8
for cluster switches 33-4
in clusters 7-13
overview 33-4
SNMP 7-13
compatibility, feature 26-12
config.text 4-16
configurable leave timer, IGMP 25-5
configuration, initial
defaults 1-11
Express Setup 1-2
configuration changes, logging 32-10
configuration conflicts, recovering from lost member connectivity 39-7
configuration examples, network 1-13
configuration files
archiving B-19
clearing the startup configuration B-19
creating using a text editor B-10
default name 4-16
deleting a stored configuration B-19
described B-8
downloading
automatically 4-16
preparing B-10, B-13, B-16
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-11
guidelines for creating and using B-9
guidelines for replacing and rolling back B-21
invalid combinations when copying B-5
limiting TFTP server access 33-16
obtaining with DHCP 4-8
password recovery disable considerations 11-5
configuration files (continued)
replacing a running configuration B-19, B-20
rolling back a running configuration B-19, B-20
specifying the filename 4-16
system contact and location information 33-16
types and location B-9
uploading
preparing B-10, B-13, B-16
reasons for B-8
using FTP B-14
using RCP B-18
using TFTP B-11
configuration guidelines
REP 21-7
configuration logger 32-10
configuration logging 2-5
configuration replacement B-19
configuration rollback B-19
configuration settings, saving 4-14
configure terminal command 13-6
configuring port-based authentication violation modes 12-32
configuring small-frame arrival rate 26-5
config-vlan mode 2-2, 15-6
conflicts, configuration 39-7
connections, secure remote 11-33
connectivity problems 39-8, 39-10, 39-11
consistency checks in VTP Version 2 16-4
console port, connecting to 2-10
control protocol, IP SLAs 35-3
convergence
REP 21-4
corrupted software, recovery steps with Xmodem 39-2
CoS
in Layer 2 frames 36-2
override priority 17-6
trust priority 17-6
CoS input queue threshold map for QoS 36-14
CoS output queue threshold map for QoS 36-17
CoS-to-DSCP map for QoS 36-51
counters, clearing interface 13-19
CPU utilization, troubleshooting 39-18
crashinfo file 39-17
critical authentication, IEEE 802.1x 12-45
cryptographic software image
SSH 11-33
SSL 11-37
D
DACL
See downloadable ACL
daylight saving time 8-13
debugging
enabling all system diagnostics 39-15
enabling for a specific feature 39-14
redirecting error message output 39-15
using commands 39-14
default alarm configuration 3-4
default commands 2-4
default configuration
802.1x 12-27
auto-QoS 36-19
banners 8-17
booting 4-16
CDP 28-2
DHCP 23-6
DHCP option 82 23-7
DHCP snooping 23-7
DHCP snooping binding database 23-7
DNS 8-16
dynamic ARP inspection 24-5
EtherChannel 38-9
Ethernet interfaces 13-10
Flex Links 22-8
IGMP filtering 25-24
IGMP snooping 25-6
IGMP throttling 25-24
default configuration (continued)
initial switch information 4-3
IP SLAs 35-5
IP source guard 23-13
IPv6 37-6
Layer 2 interfaces 13-10
LLDP 27-4
MAC address table 8-20
MAC address-table move update 22-8
MSTP 19-14
MVR 25-19
NTP 8-4
optional spanning-tree configuration 20-9
password and privilege level 11-2
PTP 9-2
RADIUS 11-20
REP 21-7
RMON 31-3
RSPAN 30-9
SDM template 10-2
SNMP 33-6
SPAN 30-9
SSL 11-40
standard QoS 36-28
STP 18-11
system message logging 32-3
system name and prompt 8-15
TACACS+ 11-13
UDLD 29-4
VLAN, Layer 2 Ethernet interfaces 15-16
VLANs 15-7
VMPS 15-25
voice VLAN 17-3
VTP 16-6
default gateway 4-14
deleting VLANs 15-9
denial-of-service attack 26-1
description command 13-17
designing your network, examples 1-13
destination addresses
in IPv4 ACLs 34-9
destination-IP address-based forwarding, EtherChannel 38-7
destination-MAC address forwarding, EtherChannel 38-7
detecting indirect link failures, STP 20-5
device B-23
device discovery protocol 27-1, 28-1
device manager
benefits 1-2
described 1-2, 1-4
in-band management 1-5
upgrading a switch B-23
DHCP
Cisco IOS server database
configuring 23-10
enabling
relay agent 23-8
DHCP-based autoconfiguration
client request message exchange 4-4
configuring
client side 4-3
DNS 4-7
relay device 4-8
server side 4-6
TFTP server 4-7
example 4-9
lease options
for IP address information 4-6
for receiving the configuration file 4-6
overview 4-3
relationship to BOOTP 4-4
relay support 1-5
support for 1-5
DHCP-based autoconfiguration and image update
configuring4-11to 4-13
understanding 4-5
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 23-5
configuration guidelines 23-7
default configuration 23-6
displaying 23-12
overview 23-3
packet format, suboption
circuit ID 23-5
remote ID 23-5
remote ID suboption 23-5
DHCP server port-based address allocation
configuration guidelines 23-16
default configuration 23-16
described 23-16
displaying 23-19
enabling 23-17
DHCP server port-based address assignment
support for 1-5
DHCP snooping
accepting untrusted packets form edge switch 23-3, 23-9
binding database
See DHCP snooping binding database
configuration guidelines 23-7
default configuration 23-6
displaying binding tables 23-12
message exchange process 23-4
option 82 data insertion 23-3
trusted interface 23-2
untrusted interface 23-2
untrusted messages 23-2
DHCP snooping binding database
adding bindings 23-11
binding entries, displaying 23-12
binding file
format 23-6
location 23-5
DHCP snooping binding database (continued)
bindings 23-5
clearing agent statistics 23-11
configuration guidelines 23-8
configuring 23-11
default configuration 23-6, 23-7
deleting
binding file 23-11
bindings 23-11
database agent 23-11
described 23-5
displaying 23-12
displaying status and statistics 23-12
enabling 23-11
entry 23-5
renewing database 23-11
resetting
delay value 23-11
timeout value 23-11
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 36-2
Differentiated Services Code Point 36-2
directed unicast requests 1-5
directories
changing B-4
creating and removing B-4
displaying the working B-4
discovery, clusters
See automatic discovery
displaying switch alarms 3-12
DNS
and DHCP-based autoconfiguration 4-7
default configuration 8-16
displaying the configuration 8-17
in IPv6 37-3
overview 8-15
setting up 8-16
support for 1-5
domain names
DNS 8-15
VTP 16-7
Domain Name System
See DNS
downloadable ACL 12-15, 12-16, 12-52
downloading
configuration files
preparing B-10, B-13, B-16
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-11
image files
deleting old image B-27
preparing B-25, B-29, B-33
reasons for B-23
using CMS 1-2
using FTP B-30
using HTTP 1-2, B-23
using RCP B-34
using TFTP B-26
using the device manager or Network Assistant B-23
DSCP 1-9, 36-2
DSCP input queue threshold map for QoS 36-14
DSCP output queue threshold map for QoS 36-17
DSCP-to-CoS map for QoS 36-54
DSCP-to-DSCP-mutation map for QoS 36-55
DSCP transparency 36-36
DTP 1-7, 15-14
dual-action detection 38-5
dual IPv4 and IPv6 templates 37-4, 37-5
dual protocol stacks
IPv4 and IPv6 37-5
SDM templates supporting 37-5
dual-purpose uplinks
defined 13-4
LEDs 13-4
link selection 13-4, 13-11
setting the type 13-11
dynamic access ports
characteristics 15-3
configuring 15-26
defined 13-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 24-1
ARP requests, described 24-1
ARP spoofing attack 24-1
clearing
log buffer 24-15
statistics 24-14
configuration guidelines 24-6
configuring
ACLs for non-DHCP environments 24-8
in DHCP environments 24-7
log buffer 24-13
rate limit for incoming ARP packets 24-4, 24-10
default configuration 24-5
denial-of-service attacks, preventing 24-10
described 24-1
DHCP snooping binding database 24-2
displaying
ARP ACLs 24-14
configuration and operating state 24-14
log buffer 24-15
statistics 24-14
trust state and rate limit 24-14
error-disabled state for exceeding rate limit 24-4
function of 24-2
interface trust states 24-3
dynamic ARP inspection (continued)
log buffer
clearing 24-15
configuring 24-13
displaying 24-15
logging of dropped packets, described 24-4
man-in-the middle attack, described 24-2
network security issues and interface trust states 24-3
priority of ARP ACLs and DHCP snooping entries 24-4
rate limiting of ARP packets
configuring 24-10
described 24-4
error-disabled state 24-4
statistics
clearing 24-14
displaying 24-14
validation checks, performing 24-12
dynamic auto trunking mode 15-15
dynamic desirable trunking mode 15-15
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 15-24
reconfirming 15-27
troubleshooting 15-29
types of connections 15-26
Dynamic Trunking Protocol
See DTP
E
editing features
enabling and disabling 2-7
keystrokes used 2-7
wrapped lines 2-9
ELIN location 27-3
enable password 11-3
enable secret password 11-3
enabling SNMP traps 3-11
encryption, CipherSuite 11-39
encryption for passwords 11-3
environment variables, function of 4-19
error-disabled state, BPDU 20-2
error messages during command entry 2-5
EtherChannel
automatic creation of 38-4, 38-5
channel groups
binding physical and logical interfaces 38-3
numbering of 38-3
configuration guidelines 38-9
configuring Layer 2 interfaces 38-10
default configuration 38-9
described 38-2
displaying status 38-17
forwarding methods 38-7, 38-13
IEEE 802.3ad, described 38-5
interaction
with STP 38-10
with VLANs 38-10
LACP
described 38-5
displaying status 38-17
hot-standby ports 38-15
interaction with other features 38-6
modes 38-6
port priority 38-16
system priority 38-16
load balancing 38-7, 38-13
PAgP
aggregate-port learners 38-14
compatibility with Catalyst 1900 38-14
described 38-4
displaying status 38-17
interaction with other features 38-5
interaction with virtual switches 38-5
learn method and priority configuration 38-14
modes 38-4
support for 1-3
with dual-action detection 38-5
port-channel interfaces
described 38-3
numbering of 38-3
port groups 13-3
support for 1-3
EtherChannel guard
described 20-7
disabling 20-14
enabling 20-14
Ethernet VLANs
adding 15-8
defaults and ranges 15-7
modifying 15-8
EUI 37-3
events, RMON 31-3
examples
network configuration 1-13
expedite queue for QoS 36-67
Express Setup 1-2
See also getting started guide
extended crashinfo file 39-17
extended-range VLANs
configuration guidelines 15-12
configuring 15-11
creating 15-12
defined 15-1
extended system ID
MSTP 19-17
STP 18-4, 18-14
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 12-1
F
fa0 interface 1-6
Fast Convergence 22-3
FCS bit error rate alarm
configuring 3-8, 3-9
defined 3-3
FCS error hysteresis threshold 3-2
features, incompatible 26-12
fiber-optic, detecting unidirectional links 29-1
files
basic crashinfo
description 39-17
location 39-17
copying B-5
crashinfo, description 39-17
deleting B-5
displaying the contents of B-8
extended crashinfo
description 39-18
location 39-18
tar
creating B-6
displaying the contents of B-6
extracting B-7
image file format B-24
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-5
setting the default B-2
filtering
non-IP traffic 34-20
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
See ACLs, IP
flash device, number of B-1
flexible authentication ordering
configuring 12-54
overview 12-23
Flex Link Multicast Fast Convergence 22-3
Flex Links
configuration guidelines 22-8
configuring 22-9
configuring preferred VLAN 22-12
configuring VLAN load balancing 22-11
default configuration 22-8
description 22-1
link load balancing 22-2
monitoring 22-14
VLANs 22-2
flooded traffic, blocking 26-8
flow-based packet classification 1-9
flowcharts
QoS classification 36-6
QoS egress queueing and scheduling 36-16
QoS ingress queueing and scheduling 36-13
QoS policing and marking 36-10
flowcontrol
configuring 13-15
described 13-15
forward-delay time
MSTP 19-23
STP 18-21
FTP
accessing MIB files A-3
configuration files
downloading B-13
overview B-12
preparing the server B-13
uploading B-14
image files
deleting old image B-31
downloading B-30
preparing the server B-29
uploading B-31
G
general query 22-5
Generating IGMP Reports 22-3
get-bulk-request operation 33-3
get-next-request operation 33-3, 33-4
get-request operation 33-3, 33-4
get-response operation 33-3
global configuration mode 2-2
global leave, IGMP 25-12
global status monitoring alarms 3-2
guest VLAN and 802.1x 12-17
guide mode 1-2
GUIs
See device manager and Network Assistant
H
hello time
MSTP 19-22
STP 18-20
help, for the command line 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 32-10
host names, in clusters 7-12
hosts, limit on dynamic ports 15-29
HP OpenView 1-4
HSRP
automatic cluster recovery 7-11
cluster standby group considerations 7-10
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
see HTTPS
HTTPS 11-38
configuring 11-41
self-signed certificate 11-38
HTTP secure server 11-38
I
ICMP
IPv6 37-3
time-exceeded messages 39-12
traceroute and 39-12
ICMP ping
executing 39-9
overview 39-9
ICMPv6 37-3
IDS appliances
and ingress RSPAN 30-20
and ingress SPAN 30-13
IEEE 1588 standard 9-1
IEEE 802.1D
See STP
IEEE 802.1p 17-1
IEEE 802.1Q
and trunk ports 13-3
configuration limitations 15-15
encapsulation 15-14
native VLAN for untagged traffic 15-19
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3x flow control 13-15
ifIndex values, SNMP 33-5
IFS 1-5
IGMP
configurable leave timer
described 25-5
enabling 25-10
flooded multicast traffic
controlling the length of time 25-11
disabling on an interface 25-13
global leave 25-12
query solicitation 25-12
recovering from flood mode 25-12
joining multicast group 25-3
join messages 25-3
leave processing, enabling 25-10
leaving multicast group 25-5
queries 25-4
report suppression
described 25-6
disabling 25-15
supported versions 25-2
support for 1-3
IGMP filtering
configuring 25-24
default configuration 25-24
described 25-23
monitoring 25-28
support for 1-3
IGMP groups
configuring filtering 25-27
setting the maximum number 25-26
IGMP Immediate Leave
configuration guidelines 25-10
described 25-5
enabling 25-10
IGMP profile
applying 25-25
configuration mode 25-24
configuring 25-25
IGMP snooping
and address aliasing 25-2
configuring 25-6
default configuration 25-6
definition 25-1
enabling and disabling 25-7
global configuration 25-7
Immediate Leave 25-5
method 25-8
monitoring 25-15
querier
configuration guidelines 25-13
configuring 25-13
supported versions 25-2
support for 1-3
VLAN configuration 25-7
IGMP throttling
configuring 25-27
default configuration 25-24
described 25-24
displaying action 25-28
Immediate Leave, IGMP 25-5
inaccessible authentication bypass 12-19
initial configuration
defaults 1-11
Express Setup 1-2
interface
range macros 13-8
interface command13-5to 13-6
interface configuration
REP 21-9
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 13-16
configuration guidelines
duplex and speed 13-13
configuring
procedure 13-6
counters, clearing 13-19
default configuration 13-10
described 13-17
descriptive name, adding 13-17
displaying information about 13-19
flow control 13-15
management 1-4
monitoring 13-18
naming 13-17
physical, identifying 13-5
range of 13-6
restarting 13-20
shutting down 13-20
speed and duplex, configuring 13-14
status 13-18
supported 13-4
types of 13-1
interfaces range macro command 13-8
interface types 13-5
Internet Protocol version 6
See IPv6
Intrusion Detection System
See IDS appliances
inventory management TLV 27-2, 27-6
IP ACLs
for QoS classification 36-7
implicit deny 34-7, 34-11
implicit masks 34-7
named 34-12
undefined 34-17
IP addresses
128-bit 37-2
candidate or member 7-3, 7-12
cluster access 7-2
command switch 7-3, 7-10, 7-12
discovering 8-27
IPv6 37-2
redundant clusters 7-10
standby command switch 7-10, 7-12
IP addresses (continued)
See also IP information
ip igmp profile command 25-24
IP information
assigned
manually 4-14
through DHCP-based autoconfiguration 4-3
default configuration 4-3
IP phones
and QoS 17-1
automatic classification and queueing 36-19
configuring 17-4
ensuring port security with QoS 36-35
trusted boundary for QoS 36-35
IP precedence 36-2
IP-precedence-to-DSCP map for QoS 36-52
IP protocols in ACLs 34-9
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 35-1
IP SLAs
benefits 35-2
configuration guidelines 35-5
Control Protocol 35-3
default configuration 35-5
definition 35-1
measuring network performance 35-2
monitoring 35-6
operation 35-3
responder
described 35-3
enabling 35-6
response time 35-4
SNMP support 35-2
supported metrics 35-2
IP source guard
and 802.1x 23-14
and DHCP snooping 23-12
and EtherChannels 23-14
IP source guard (continued)
and port security 23-14
and private VLANs 23-14
and routed ports 23-13
and TCAM entries 23-14
and trunk interfaces 23-14
and VRF 23-14
binding configuration
automatic 23-12
manual 23-12
binding table 23-12
configuration guidelines 23-13
default configuration 23-13
described 23-12
disabling 23-15
displaying
bindings 23-15
configuration 23-15
enabling 23-14
filtering
source IP address 23-13
source IP and MAC address 23-13
source IP address filtering 23-13
source IP and MAC address filtering 23-13
static bindings
adding 23-14
deleting 23-15
IP traceroute
executing 39-12
overview 39-11
IPv4 ACLs
applying to interfaces 34-16
extended, creating 34-8
named 34-12
standard, creating 34-7
IPv4 and IPv6
dual protocol stacks 37-4
IPv6
addresses 37-2
address formats 37-2
applications 37-4
assigning address 37-6
autoconfiguration 37-4
configuring static routes 37-9
default configuration 37-6
defined 37-1
forwarding 37-6
ICMP 37-3
monitoring 37-10
neighbor discovery 37-3
Stateless Autoconfiguration 37-4
supported features 37-2
understanding static routes 37-5
J
join messages, IGMP 25-3
L
LACP
See EtherChannel
Layer 2 frames, classification with CoS 36-2
Layer 2 interfaces, default configuration 13-10
Layer 2 traceroute
and ARP 39-11
and CDP 39-10
broadcast traffic 39-10
described 39-10
IP addresses and subnets 39-11
MAC addresses and VLANs 39-11
multicast traffic 39-11
multiple devices on a port 39-11
unicast traffic 39-10
usage guidelines 39-10
Layer 3 interfaces
assigning IPv6 addresses to 37-7
Layer 3 packets, classification methods 36-2
LDAP 6-2
Leaking IGMP Reports 22-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-3
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 19-7
link fault alarm 3-3
link integrity, verifying with REP 21-3
Link Layer Discovery Protocol
See CDP
link local unicast addresses 37-3
link redundancy
See Flex Links
links, unidirectional 29-1
link-state tracking
configuring 38-20
described 38-18
LLDP
configuring 27-4
characteristics 27-5
default configuration 27-4
enabling 27-5
monitoring and maintaining 27-10
overview 27-1
supported TLVs 27-2
switch stack considerations 27-2
transmission timer and holdtime, setting 27-5
LLDP-MED
configuring
procedures 27-4
TLVs 27-6
monitoring and maintaining 27-10
overview 27-1, 27-2
supported TLVs 27-2
LLDP Media Endpoint Discovery
See LLDP-MED
local SPAN 30-2
location TLV 27-3, 27-6
login authentication
with RADIUS 11-23
with TACACS+ 11-14
login banners 8-17
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-14
loop guard
described 20-9
enabling 20-15
support for 1-7
LRE profiles, considerations in switch clusters 7-13
M
MAB
See MAC authentication bypass
MAB inactivity timer
default setting 12-28
range 12-30
MAC/PHY configuration status TLV 27-2
MAC addresses
aging time 8-21
and VLAN association 8-20
building the address table 8-20
default configuration 8-20
disabling learning on a VLAN 8-26
discovering 8-27
displaying 8-27
displaying in the IP source binding table 23-15
MAC addresses (continued)
dynamic
learning 8-20
removing 8-21
in ACLs 34-20
static
adding 8-24
allowing 8-25, 8-26
characteristics of 8-23
dropping 8-25
removing 8-24
MAC address learning 1-5
MAC address learning, disabling on a VLAN 8-26
MAC address notification, support for 1-10
MAC address-table move update
configuration guidelines 22-8
configuring 22-12
default configuration 22-8
description 22-6
monitoring 22-14
MAC address-to-VLAN mapping 15-24
MAC authentication bypass 12-30
configuring 12-48
overview 12-14
MAC extended access lists
applying to Layer 2 interfaces 34-22
configuring for QoS 36-41
creating 34-20
defined 34-20
for QoS classification 36-5
magic packet 12-21
manageability features 1-5
management access
in-band
browser session 1-5
CLI session 1-6
device manager 1-5
SNMP 1-6
out-of-band console port connection 1-6
management address TLV 27-2
management options
CLI 2-1
clustering 1-2
CNS 6-1
Network Assistant 1-2
overview 1-4
management VLAN
considerations in switch clusters 7-7
discovery through different management VLANs 7-7
manual preemption, REP, configuring 21-12
mapping tables for QoS
configuring
CoS-to-DSCP 36-51
DSCP 36-50
DSCP-to-CoS 36-54
DSCP-to-DSCP-mutation 36-55
IP-precedence-to-DSCP 36-52
policed-DSCP 36-53
described 36-10
marking
action with aggregate policers 36-48
described 36-4, 36-8
matching, IPv4 ACLs 34-5
maximum aging time
MSTP 19-23
STP 18-21
maximum hop count, MSTP 19-24
maximum number of allowed devices, port-based authentication 12-30
MDA
configuration guidelines12-11to 12-12
described 1-8, 12-11
exceptions with authentication process 12-5
membership mode, VLAN port 15-3
member switch
automatic discovery 7-4
defined 7-2
managing 7-14
member switch (continued)
passwords 7-12
recovering from lost connectivity 39-7
requirements 7-3
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 8-17
MIBs
accessing files with FTP A-3
location of files A-3
overview 33-1
SNMP interaction with 33-4
supported A-1
mirroring traffic for analysis 30-1
mismatches, autonegotiation 39-7
module number 13-5
monitoring
access groups 34-23
alarms 3-12
cables for unidirectional links 29-1
CDP 28-5
features 1-10
Flex Links 22-14
IGMP
filters 25-28
snooping 25-15
interfaces 13-18
IP SLAs operations 35-6
IPv4 ACL configuration 34-23
IPv6 37-10
MAC address-table move update 22-14
multicast router interfaces 25-16
MVR 25-23
network traffic for analysis with probe 30-2
port
blocking 26-19
protection 26-19
PTP 9-4
REP 21-13
SFP status 13-19, 39-8
speed and duplex mode 13-14
traffic flowing among switches 31-1
traffic suppression 26-19
VLANs 15-13
VMPS 15-28
VTP 16-16
mrouter Port 22-3
mrouter port 22-5
MSTP
boundary ports
configuration guidelines 19-15
described 19-6
BPDU filtering
described 20-3
enabling 20-12
BPDU guard
described 20-2
enabling 20-11
CIST, described 19-3
CIST regional root 19-3
CIST root 19-5
configuration guidelines 19-14, 20-10
configuring
forward-delay time 19-23
hello time 19-22
link type for rapid convergence 19-24
maximum aging time 19-23
maximum hop count 19-24
MST region 19-15
neighbor type 19-25
path cost 19-20
port priority 19-19
root switch 19-17
secondary root switch 19-18
switch priority 19-21
CST
defined 19-3
operations between regions 19-3
default configuration 19-14
default optional feature configuration 20-9
displaying status 19-26
enabling the mode 19-15
EtherChannel guard
described 20-7
enabling 20-14
extended system ID
effects on root switch 19-17
effects on secondary root switch 19-18
unexpected behavior 19-17
IEEE 802.1s
implementation 19-6
port role naming change 19-6
terminology 19-5
instances supported 18-9
interface state, blocking to forwarding 20-2
interoperability and compatibility among modes 18-10
interoperability with IEEE 802.1D
described 19-8
restarting migration process 19-25
IST
defined 19-2
master 19-3
operations within a region 19-3
loop guard
described 20-9
enabling 20-15
mapping VLANs to MST instance 19-16
MST region
CIST 19-3
configuring 19-15
described 19-2
hop-count mechanism 19-5
IST 19-2
supported spanning-tree instances 19-2
optional features supported 1-7
overview 19-2
Port Fast
described 20-2
enabling 20-10
preventing root switch selection 20-8
root guard
described 20-8
enabling 20-15
root switch
configuring 19-17
effects of extended system ID 19-17
unexpected behavior 19-17
shutdown Port Fast-enabled port 20-2
status, displaying 19-26
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 25-5
joining 25-3
leaving 25-5
static joins 25-9
multicast router interfaces, monitoring 25-16
multicast router ports, adding 25-9
multicast storm 26-1
multicast storm-control command 26-4
multicast television application 25-17
multicast VLAN 25-16
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multiple authentication 12-12
multiple authentication mode
configuring 12-35
MVR
and address aliasing 25-20
and IGMPv3 25-20
configuration guidelines 25-19
configuring interfaces 25-21
default configuration 25-19
described 25-16
example application 25-17
modes 25-20
monitoring 25-23
multicast television application 25-17
setting global parameters 25-20
support for 1-3
N
NAC
critical authentication 12-19, 12-45
IEEE 802.1x authentication using a RADIUS server 12-49
IEEE 802.1x validation using RADIUS server 12-49
inaccessible authentication bypass 12-45
Layer 2 IEEE 802.1x validation 1-9, 12-23, 12-49
named IPv4 ACLs 34-12
NameSpace Mapper
See NSM
native VLAN
configuring 15-19
default 15-19
NEAT
configuring 12-50
overview 12-24
neighbor discovery, IPv6 37-3
neighbor offset numbers, REP 21-4
Network Admission Control
See NAC
Network Admission Control Software Configuration Guide 12-57, 12-58
Network Assistant
benefits 1-2
described 1-4
downloading image files 1-2
guide mode 1-2
management options 1-2
upgrading a switch B-23
wizards 1-2
network configuration examples
increasing network performance 1-13
providing network services 1-14
network design
performance 1-13
services 1-14
Network Edge Access Topology
See NEAT
network management
CDP 28-1
RMON 31-1
SNMP 33-1
network performance, measuring with IP SLAs 35-2
network policy TLV 27-2, 27-7
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
described 36-8
non-IP traffic filtering 34-20
nontrunking mode 15-15
normal-range VLANs 15-4
configuration guidelines 15-5
configuration modes 15-6
configuring 15-4
defined 15-1
NSM 6-3
NTP
associations
authenticating 8-4
defined 8-2
enabling broadcast messages 8-6
peer 8-5
server 8-5
default configuration 8-4
displaying the configuration 8-11
overview 8-2
restricting access
creating an access group 8-8
disabling NTP services per interface 8-10
source IP address, configuring 8-10
stratum 8-2
support for 1-5
synchronizing devices 8-5
time
services 8-2
synchronizing 8-2
O
open1x
configuring 12-55
open1x authentication
overview 12-24
optimizing system resources 10-1
options, management 1-4
out-of-profile markdown 1-10
P
packet modification, with QoS 36-18
PAgP
See EtherChannel
passwords
default configuration 11-2
disabling recovery of 11-5
encrypting 11-3
for security 1-8
in clusters 7-12
overview 11-1
recovery of 39-3
setting
enable 11-3
enable secret 11-3
Telnet 11-6
with usernames 11-6
VTP domain 16-8
path cost
MSTP 19-20
STP 18-18
PC (passive command switch) 7-9
performance, network design 1-13
performance features 1-3
persistent self-signed certificate 11-38
per-user ACLs and Filter-Ids 12-8
per-VLAN spanning-tree plus
See PVST+
physical ports 13-2
PIM-DVMRP, as snooping method 25-8
ping
character output description 39-9
executing 39-9
overview 39-9
policed-DSCP map for QoS 36-53
policers
configuring
for each matched traffic class 36-44
for more than one traffic class 36-48
described 36-4
displaying 36-68
number of 36-31
types of 36-8
policing
described 36-4
token-bucket algorithm 36-9
policy maps for QoS
characteristics of 36-44
described 36-7
displaying 36-69
nonhierarchical on physical ports
described 36-8
port ACLs, described 34-2
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 12-12
authentication server
defined 12-2
RADIUS server 12-3
client, defined 12-2
configuration guidelines 12-28
configuring
802.1x authentication 12-32
guest VLAN 12-42
host mode 12-35
inaccessible authentication bypass 12-45
manual re-authentication of a client 12-38
periodic re-authentication 12-37
quiet period 12-38
RADIUS server 12-35
RADIUS server parameters on the switch 12-34
restricted VLAN 12-43
switch-to-client frame-retransmission number 12-39, 12-40
switch-to-client retransmission time 12-39
violation modes 12-32
default configuration 12-27
described 12-1
device roles 12-2
displaying statistics 12-59
port-based authentication (continued)
downloadable ACLs and redirect URLs
configuring12-52to 12-54
overview12-15to 12-16
EAPOL-start frame 12-5
EAP-request/identity frame 12-5
EAP-response/identity frame 12-5
encapsulation 12-3
flexible authentication ordering
configuring 12-54
overview 12-23
guest VLAN
configuration guidelines 12-17, 12-18
described 12-17
host mode 12-10
inaccessible authentication bypass
configuring 12-45
described 12-19
guidelines 12-30
initiation and message exchange 12-5
magic packet 12-21
maximum number of allowed devices per port 12-30
method lists 12-32
multiple authentication 12-12
ports
authorization state and dot1x port-control command 12-9
authorized and unauthorized 12-9
critical 12-19
voice VLAN 12-20
port security
and voice VLAN 12-21
described 12-20
interactions 12-20
multiple-hosts mode 12-10
readiness check
configuring 12-31
described 12-14, 12-31
resetting to default values 12-59
port-based authentication (continued)
statistics, displaying 12-59
switch
as proxy 12-3
RADIUS client 12-3
switch supplicant
configuring 12-50
overview 12-24
VLAN assignment
AAA authorization 12-32
characteristics 12-14
configuration tasks 12-15
described 12-14
voice VLAN
described 12-20
PVID 12-20
VVID 12-20
wake-on-LAN, described 12-21
with ACLs and RADIUS Filter-Id attribute 12-26
port-based authentication methods, supported 12-7
port blocking 1-3, 26-7
port-channel
See EtherChannel
port description TLV 27-2
Port Fast
described 20-2
enabling 20-10
mode, spanning tree 15-25
support for 1-7
port membership modes, VLAN 15-3
port not forwarding alarm 3-3
port not operating alarm 3-3
port priority
MSTP 19-19
STP 18-16
ports
access 13-2
blocking 26-7
dual-purpose uplink 13-4
dynamic access 15-3
protected 26-6
REP 21-6
secure 26-8
static-access 15-3, 15-10
switch 13-2
trunks 15-3, 15-14
VLAN assignments 15-10
port security
aging 26-17
and QoS trusted boundary 36-35
configuring 26-12
default configuration 26-11
described 26-8
displaying 26-19
on trunk ports 26-14
sticky learning 26-9
violations 26-10
with other features 26-11
port-shutdown response, VMPS 15-24
port status monitoring alarms
FCS bit error rate alarm 3-3
link fault alarm 3-3
port not forwarding alarm 3-3
port not operating alarm 3-3
port VLAN ID TLV 27-2
power management TLV 27-2, 27-7
power supply alarm, configuring 3-5
Precision Time Protocol
See PTP
preempt delay time, REP 21-5
preemption, default configuration 22-8
preemption delay, default configuration 22-8
preferential treatment of traffic
See QoS
preventing unauthorized access 11-1
primary edge port, REP 21-4
primary links 22-2
priority
overriding CoS 17-6
trusting CoS 17-6
private VLAN edge ports
See protected ports
privileged EXEC mode 2-2
privilege levels
changing the default for lines 11-9
command switch 7-14
exiting 11-9
logging into 11-9
mapping on member switches 7-14
overview 11-2, 11-7
setting a command with 11-8
protected ports 1-8, 26-6
proxy reports 22-3
pruning, VTP
disabling
in VTP domain 16-14
on a port 15-19
enabling
in VTP domain 16-14
on a port 15-19
examples 16-5
overview 16-4
pruning-eligible list
changing 15-19
for VTP pruning 16-4
VLANs 16-14
PTP 9-1
configuring 9-3
default configuration 9-2
displaying configuration 9-4
PVST+
described 18-9
IEEE 802.1Q trunking interoperability 18-10
instances supported 18-9
Q
QoS
and MQC commands 36-1
auto-QoS
categorizing traffic 36-19
configuration and defaults display 36-27
configuration guidelines 36-24
described 36-19
disabling 36-25
displaying generated commands 36-25
displaying the initial configuration 36-27
effects on running configuration 36-24
egress queue defaults 36-20
enabling for VoIP 36-25
example configuration 36-26
ingress queue defaults 36-20
list of generated commands 36-21
basic model 36-4
classification
class maps, described 36-7
defined 36-4
DSCP transparency, described 36-36
flowchart 36-6
forwarding treatment 36-3
in frames and packets 36-3
IP ACLs, described 36-5, 36-7
MAC ACLs, described 36-5, 36-7
options for IP traffic 36-5
options for non-IP traffic 36-5
policy maps, described 36-7
trust DSCP, described 36-5
trusted CoS, described 36-5
trust IP precedence, described 36-5
class maps
configuring 36-42
displaying 36-68
configuration guidelines
auto-QoS 36-24
standard QoS 36-31
configuring
aggregate policers 36-48
auto-QoS 36-19
default port CoS value 36-34
DSCP maps 36-50
DSCP transparency 36-36
DSCP trust states bordering another domain 36-37
egress queue characteristics 36-61
ingress queue characteristics 36-56
IP extended ACLs 36-40
IP standard ACLs 36-39
MAC ACLs 36-41
port trust states within the domain 36-33
trusted boundary 36-35
default auto configuration 36-19
default standard configuration 36-28
displaying statistics 36-68
DSCP transparency 36-36
egress queues
allocating buffer space 36-61
buffer allocation scheme, described 36-16
configuring shaped weights for SRR 36-65
configuring shared weights for SRR 36-66
described 36-4
displaying the threshold map 36-64
flowchart 36-16
mapping DSCP or CoS values 36-64
scheduling, described 36-4
setting WTD thresholds 36-61
WTD, described 36-17
enabling globally 36-32
flowcharts
classification 36-6
egress queueing and scheduling 36-16
ingress queueing and scheduling 36-13
policing and marking 36-10
implicit deny 36-7
ingress queues
allocating bandwidth 36-59
allocating buffer space 36-58
buffer and bandwidth allocation, described 36-14
configuring shared weights for SRR 36-59
configuring the priority queue 36-60
described 36-4
displaying the threshold map 36-58
flowchart 36-13
mapping DSCP or CoS values 36-57
priority queue, described 36-14
scheduling, described 36-4
setting WTD thresholds 36-57
WTD, described 36-14
IP phones
automatic classification and queueing 36-19
detection and trusted settings 36-19, 36-35
limiting bandwidth on egress interface 36-67
mapping tables
CoS-to-DSCP 36-51
displaying 36-68
DSCP-to-CoS 36-54
DSCP-to-DSCP-mutation 36-55
IP-precedence-to-DSCP 36-52
policed-DSCP 36-53
types of 36-10
marked-down actions 36-47
marking, described 36-4, 36-8
overview 36-1
packet modification 36-18
policers
configuring 36-47, 36-49
described 36-8
displaying 36-68
number of 36-31
types of 36-8
policies, attaching to an interface 36-8
policing
described 36-4, 36-8
token bucket algorithm 36-9
policy maps
characteristics of 36-44
displaying 36-69
nonhierarchical on physical ports 36-44
QoS label, defined 36-4
queues
configuring egress characteristics 36-61
configuring ingress characteristics 36-56
high priority (expedite) 36-18, 36-67
location of 36-11
SRR, described 36-12
WTD, described 36-11
rewrites 36-18
support for 1-9
trust states
bordering another domain 36-37
described 36-5
trusted device 36-35
within the domain 36-33
quality of service
See QoS
queries, IGMP 25-4
query solicitation, IGMP 25-12
R
RADIUS
attributes
vendor-proprietary 11-31
vendor-specific 11-29
configuring
accounting 11-28
authentication 11-23
authorization 11-27
communication, global 11-21, 11-29
communication, per-server 11-20, 11-21
multiple UDP ports 11-20
default configuration 11-20
defining AAA server groups 11-25
displaying the configuration 11-32
identifying the server 11-20
in clusters 7-13
limiting the services to the user 11-27
method list, defined 11-19
operation of 11-19
overview 11-18
server load balancing 11-31
suggested network environments 11-18
support for 1-9
tracking services accessed by user 11-28
range
macro 13-8
of interfaces 13-7
rapid convergence 19-9
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 18-9
IEEE 802.1Q trunking interoperability 18-10
instances supported 18-9
Rapid Spanning Tree Protocol
See RSTP
rcommand command 7-14
RCP
configuration files
downloading B-17
overview B-15
preparing the server B-16
uploading B-18
image files
deleting old image B-36
downloading B-34
preparing the server B-33
uploading B-36
readiness check
port-based authentication
configuring 12-31
described 12-14, 12-31
real-time clock synchronization 9-1
reconfirmation interval, VMPS, changing 15-27
reconfirming dynamic VLAN membership 15-27
recovery procedures 39-1
redirect URL 12-15, 12-16, 12-52
redundancy
EtherChannel 38-2
STP
backbone 18-8
path cost 15-22
port priority 15-20
redundant links and UplinkFast 20-13
reloading software 4-20
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 30-2
REP
administrative VLAN 21-8
administrative VLAN, configuring 21-8
age timer 21-8
and STP 21-6
configuration guidelines 21-7
configuring interfaces 21-9
convergence 21-4
default configuration 21-7
manual preemption, configuring 21-12
monitoring 21-13
neighbor offset numbers 21-4
open segment 21-2
ports 21-6
preempt delay time 21-5
primary edge port 21-4
ring segment 21-2
secondary edge port 21-4
segments 21-1
characteristics 21-2
SNMP traps, configuring 21-13
supported interfaces 21-1
triggering VLAN load balancing 21-5
verifying link integrity 21-3
VLAN blocking 21-12
VLAN load balancing 21-4
report suppression, IGMP
described 25-6
disabling 25-15
resequencing ACL entries 34-12
resetting a UDLD-shutdown interface 29-6
Resilient Ethernet Protocol
See REP
responder, IP SLAs
described 35-3
enabling 35-6
response time, measuring with IP SLAs 35-4
restricted VLAN
configuring 12-43
described 12-18
using with IEEE 802.1x 12-18
restricting access
NTP services 8-8
overview 11-1
passwords and privilege levels 11-2
RADIUS 11-17
TACACS+ 11-10
retry count, VMPS, changing 15-28
RFC
1112, IP multicast and IGMP 25-2
1157, SNMPv1 33-2
1305, NTP 8-2
1757, RMON 31-2
1901, SNMPv2C 33-2
1902 to 1907, SNMPv2 33-2
2236, IP multicast and IGMP 25-2
2273-2275, SNMPv3 33-2
RMON
default configuration 31-3
displaying status 31-6
enabling alarms and events 31-3
groups supported 31-2
overview 31-1
statistics
collecting group Ethernet 31-5
collecting group history 31-5
support for 1-10
root guard
described 20-8
enabling 20-15
support for 1-7
root switch
MSTP 19-17
STP 18-14
RSPAN
characteristics 30-7
configuration guidelines 30-16
default configuration 30-9
defined 30-2
destination ports 30-6
displaying status 30-23
interaction with other features 30-8
monitored ports 30-5
monitoring ports 30-6
overview 1-10, 30-1
received traffic 30-4
sessions
creating 30-17
defined 30-3
limiting source traffic to specific VLANs 30-22
specifying monitored ports 30-17
with ingress traffic enabled 30-20
source ports 30-5
transmitted traffic 30-5
VLAN-based 30-6
RSTP
active topology 19-9
BPDU
format 19-12
processing 19-12
designated port, defined 19-9
designated switch, defined 19-9
interoperability with IEEE 802.1D
described 19-8
restarting migration process 19-25
topology changes 19-13
overview 19-8
port roles
described 19-9
synchronized 19-11
proposal-agreement handshake process 19-10
rapid convergence
described 19-9
edge ports and Port Fast 19-9
point-to-point links 19-10, 19-24
root ports 19-10
root port, defined 19-9
See also MSTP
running configuration
replacing B-19, B-20
rolling back B-19, B-20
running configuration, saving 4-14
S
SC (standby command switch) 7-9
scheduled reloads 4-20
SCP
and SSH 11-44
configuring 11-44
SDM
described 10-1
templates
configuring 10-3
number of 10-1
SDM template
configuration guidelines 10-2
configuring 10-2
types of 10-1
secondary edge port, REP 21-4
Secure Copy Protocol
secure HTTP client
configuring 11-43
displaying 11-43
secure HTTP server
configuring 11-41
displaying 11-43
secure MAC addresses
deleting 26-16
maximum number of 26-9
types of 26-9
secure ports, configuring 26-8
secure remote connections 11-33
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 26-8
security features 1-8
See SCP
sequence numbers in log messages 32-8
server mode, VTP 16-3
service-provider network, MSTP and RSTP 19-1
set-request operation 33-4
setting a secondary temperature threshold 3-6, 3-7
setting power supply alarm options 3-5
setting the FCS error hysteresis threshold 3-9
setting the FCS error threshold 3-8
setup program
failed command switch replacement 39-6
replacing failed command switch 39-4
severity levels, defining in system messages 32-8
SFPs
monitoring status of 13-19, 39-8
security and identification 39-8
status, displaying 39-8
shaped round robin
See SRR
show access-lists hw-summary command 34-17
show alarm commands 3-12
show and more command output, filtering 2-10
show cdp traffic command 28-5
show cluster members command 7-14
show configuration command 13-17
show forward command 39-16
show interfaces command 13-14, 13-17
show interfaces switchport 22-4
show lldp traffic command 27-11
show platform forward command 39-16
show running-config command
displaying ACLs 34-16, 34-17
interface description in 13-17
shutdown command on interfaces 13-20
Simple Network Management Protocol
See SNMP
small-frame arrival rate, configuring 26-5
Smartports macros
applying Cisco-default macros 14-3
applying global parameter values 14-3
configuration guidelines 14-2
default configuration 14-1
displaying 14-5
tracing 14-2
SNAP 28-1
SNMP
accessing MIB variables with 33-4
agent
described 33-3
disabling 33-7
and IP SLAs 35-2
authentication level 33-10
community strings
configuring 33-8
for cluster switches 33-4
overview 33-4
configuration examples 33-17
default configuration 33-6
engine ID 33-7
groups 33-6, 33-9
host 33-6
ifIndex values 33-5
in-band management 1-6
in clusters 7-13
informs
and trap keyword 33-11
described 33-5
differences from traps 33-5
disabling 33-15
enabling 33-15
limiting access by TFTP servers 33-16
limiting system log messages to NMS 32-10
manager functions 1-4, 33-3
managing clusters with 7-14
MIBs
location of A-3
supported A-1
notifications 33-5
overview 33-1, 33-4
security levels 33-3
setting CPU threshold notification 33-15
status, displaying 33-18
system contact and location 33-16
trap manager, configuring 33-13
traps
described 33-3, 33-5
differences from informs 33-5
disabling 33-15
enabling 33-11
enabling MAC address notification 8-21
overview 33-1, 33-4
types of 33-11
users 33-6, 33-9
versions supported 33-2
SNMP and Syslog Over IPv6 37-5
SNMP traps
REP 21-13
SNMPv1 33-2
SNMPv2C 33-2
SNMPv3 33-2
snooping, IGMP 25-1
software images
location in flash B-24
recovery procedures 39-2
scheduling reloads 4-20
tar file format, described B-24
See also downloading and uploading
source addresses
in IPv4 ACLs 34-9
source-and-destination-IP address based forwarding, EtherChannel 38-7
source-and-destination MAC address forwarding, EtherChannel 38-7
source-IP address based forwarding, EtherChannel 38-7
source-MAC address forwarding, EtherChannel 38-7
SPAN
configuration guidelines 30-10
default configuration 30-9
destination ports 30-6
displaying status 30-23
interaction with other features 30-8
monitored ports 30-5
monitoring ports 30-6
overview 1-10, 30-1
ports, restrictions 26-12
received traffic 30-4
sessions
configuring ingress forwarding 30-14, 30-21
creating 30-10
defined 30-3
limiting source traffic to specific VLANs 30-15
removing destination (monitoring) ports 30-12
specifying monitored ports 30-10
with ingress traffic enabled 30-13
source ports 30-5
transmitted traffic 30-5
VLAN-based 30-6
spanning tree and native VLANs 15-15
Spanning Tree Protocol
See STP
SPAN traffic 30-4
SRR
configuring
shaped weights on egress queues 36-65
shared weights on egress queues 36-66
shared weights on ingress queues 36-59
described 36-12
shaped mode 36-12
shared mode 36-12
support for 1-10
SSH
configuring 11-34
cryptographic software image 11-33
described 1-6, 11-33
encryption methods 11-34
user authentication methods, supported 11-34
SSL
configuration guidelines 11-40
configuring a secure HTTP client 11-43
configuring a secure HTTP server 11-41
cryptographic software image 11-37
described 11-37
monitoring 11-43
standby command switch
configuring
considerations 7-10
defined 7-2
priority 7-9
requirements 7-3
virtual IP address 7-10
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby links 22-2
startup configuration
booting
manually 4-17
specific image 4-18
clearing B-19
startup configuration (continued)
configuration file
automatically downloading 4-16
specifying the filename 4-16
default boot configuration 4-16
static access ports
assigning to VLAN 15-10
defined 13-3, 15-3
static addresses
See addresses
static MAC addressing 1-8
static routes
configuring for IPv6 37-9
understanding 37-5
static VLAN membership 15-2
statistics
802.1x 12-59
CDP 28-5
interface 13-19
LLDP 27-10
LLDP-MED 27-10
NMSP 27-10
QoS ingress and egress 36-68
RMON group Ethernet 31-5
RMON group history 31-5
SNMP input and output 33-18
VTP 16-16
sticky learning 26-9
storm control
configuring 26-3
described 26-1
disabling 26-5
displaying 26-19
support for 1-3
thresholds 26-1
STP
accelerating root port selection 20-4
and REP 21-6
BackboneFast
described 20-5
disabling 20-14
enabling 20-13
BPDU filtering
described 20-3
disabling 20-12
enabling 20-12
BPDU guard
described 20-2
disabling 20-12
enabling 20-11
BPDU message exchange 18-3
configuration guidelines 18-12, 20-10
configuring
forward-delay time 18-21
hello time 18-20
maximum aging time 18-21
path cost 18-18
port priority 18-16
root switch 18-14
secondary root switch 18-16
spanning-tree mode 18-13
switch priority 18-19
transmit hold-count 18-22
counters, clearing 18-22
default configuration 18-11
default optional feature configuration 20-9
designated port, defined 18-3
designated switch, defined 18-3
detecting indirect link failures 20-5
disabling 18-14
displaying status 18-22
EtherChannel guard
described 20-7
disabling 20-14
enabling 20-14
extended system ID
effects on root switch 18-14
effects on the secondary root switch 18-16
overview 18-4
unexpected behavior 18-14
features supported 1-6
IEEE 802.1D and bridge ID 18-4
IEEE 802.1D and multicast addresses 18-8
IEEE 802.1t and VLAN identifier 18-4
inferior BPDU 18-3
instances supported 18-9
interface state, blocking to forwarding 20-2
interface states
blocking 18-5
disabled 18-7
forwarding 18-5, 18-6
learning 18-6
listening 18-6
overview 18-4
interoperability and compatibility among modes 18-10
limitations with IEEE 802.1Q trunks 18-10
load sharing
overview 15-20
using path costs 15-22
using port priorities 15-20
loop guard
described 20-9
enabling 20-15
modes supported 18-9
multicast addresses, effect of 18-8
optional features supported 1-7
overview 18-2
path costs 15-22
Port Fast
described 20-2
enabling 20-10
port priorities 15-21
preventing root switch selection 20-8
protocols supported 18-9
redundant connectivity 18-8
root guard
described 20-8
enabling 20-15
root port, defined 18-3
root switch
configuring 18-14
effects of extended system ID 18-4, 18-14
election 18-3
unexpected behavior 18-14
shutdown Port Fast-enabled port 20-2
status, displaying 18-22
superior BPDU 18-3
timers, described 18-20
UplinkFast
described 20-3
enabling 20-13
stratum, NTP 8-2
success response, VMPS 15-24
summer time 8-13
SunNet Manager 1-4
supported port-based authentication methods 12-7
switch 37-2
switch clustering technology 7-1
See also clusters, switch
switch console port 1-6
Switch Database Management
See SDM
Switched Port Analyzer
See SPAN
switched ports 13-2
switchport backup interface 22-4, 22-5
switchport block multicast command 26-8
switchport block unicast command 26-8
switchport protected command 26-7
switch priority
MSTP 19-21
STP 18-19
switch software features 1-1
synchronization, real-time clocks 9-1
syslog
See system message logging
system capabilities TLV 27-2
system clock
configuring
daylight saving time 8-13
manually 8-11
summer time 8-13
time zones 8-12
displaying the time and date 8-12
overview 8-1
See also NTP
system description TLV 27-2
system message logging
default configuration 32-3
defining error message severity levels 32-8
disabling 32-4
displaying the configuration 32-13
enabling 32-4
facility keywords, described 32-13
level keywords, described 32-9
limiting messages 32-10
message format 32-2
overview 32-1
sequence numbers, enabling and disabling 32-8
setting the display destination device 32-5
synchronizing log messages 32-6
syslog facility 1-10
time stamps, enabling and disabling 32-7
system message logging (continued)
UNIX syslog servers
configuring the daemon 32-12
configuring the logging facility 32-12
facilities supported 32-13
system name
default configuration 8-15
default setting 8-15
manual configuration 8-15
See also DNS
system name TLV 27-2
system prompt, default setting 8-14, 8-15
system resources, optimizing 10-1
T
TACACS+
accounting, defined 11-11
authentication, defined 11-11
authorization, defined 11-11
configuring
accounting 11-17
authentication key 11-13
authorization 11-16
login authentication 11-14
default configuration 11-13
displaying the configuration 11-17
identifying the server 11-13
in clusters 7-13
limiting the services to the user 11-16
operation of 11-12
overview 11-10
support for 1-9
tracking services accessed by user 11-17
tar files
creating B-6
displaying the contents of B-6
extracting B-7
image file format B-24
TDR 1-11
Telnet
accessing management interfaces 2-10
number of connections 1-6
setting a password 11-6
temperature alarms, configuring 3-6, 3-7
templates, SDM 10-1
temporary self-signed certificate 11-38
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 11-6
TFTP
configuration files
downloading B-11
preparing the server B-10
uploading B-11
configuration files in base directory 4-7
configuring for autoconfiguration 4-7
image files
deleting B-27
downloading B-26
preparing the server B-25
uploading B-28
limiting access by servers 33-16
TFTP server 1-5
threshold, traffic level 26-2
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 34-14
time ranges in ACLs 34-14
time stamps in log messages 32-7
time zones 8-12
TLVs
defined 27-1
LLDP 27-2
LLDP-MED 27-2
Token Ring VLANs
support for 15-5
VTP support 16-4
ToS 1-9
traceroute, Layer 2
and ARP 39-11
and CDP 39-10
broadcast traffic 39-10
described 39-10
IP addresses and subnets 39-11
MAC addresses and VLANs 39-11
multicast traffic 39-11
multiple devices on a port 39-11
unicast traffic 39-10
usage guidelines 39-10
traceroute command 39-12
See also IP traceroute
traffic
blocking flooded 26-8
fragmented 34-3
unfragmented 34-3
traffic policing 1-10
traffic suppression 26-1
transmit hold-count
see STP
transparent mode, VTP 16-3, 16-12
trap-door mechanism 4-2
traps
configuring MAC address notification 8-21
configuring managers 33-11
defined 33-3
enabling 8-21, 33-11
notification types 33-11
overview 33-1, 33-4
triggering alarm options
configurable relays 3-3
methods 3-3
SNMP traps 3-4
syslog messages 3-4
troubleshooting
connectivity problems 39-8, 39-10, 39-11
CPU utilization 39-18
detecting unidirectional links 29-1
displaying crash information 39-17
setting packet forwarding 39-16
SFP security and identification 39-8
show forward command 39-16
with CiscoWorks 33-4
with debug commands 39-14
with ping 39-9
with system message logging 32-1
with traceroute 39-11
trunk failover
See link-state tracking
trunking encapsulation 1-7
trunk ports
configuring 15-17
defined 13-3, 15-3
trunks
allowed-VLAN list 15-18
load sharing
setting STP path costs 15-22
using STP port priorities 15-20, 15-21
native VLAN for untagged traffic 15-19
parallel 15-22
pruning-eligible list 15-19
to non-DTP device 15-14
trusted boundary for QoS 36-35
trusted port states
between QoS domains 36-37
classification options 36-5
ensuring port security for IP phones 36-35
support for 1-9
within a QoS domain 36-33
trustpoints, CA 11-38
twisted-pair Ethernet, detecting unidirectional links 29-1
type of service
See ToS
U
UDLD
configuration guidelines 29-4
default configuration 29-4
disabling
globally 29-5
on fiber-optic interfaces 29-5
per interface 29-5
echoing detection mechanism 29-2
enabling
globally 29-5
per interface 29-5
link-detection mechanism 29-1
neighbor database 29-2
overview 29-1
resetting an interface 29-6
status, displaying 29-6
support for 1-6
unauthorized ports with IEEE 802.1x 12-9
unicast MAC address filtering 1-5
and adding static addresses 8-25
and broadcast MAC addresses 8-24
and CPU packets 8-24
and multicast addresses 8-24
and router MAC addresses 8-24
configuration guidelines 8-24
described 8-24
unicast storm 26-1
unicast storm control command 26-4
unicast traffic, blocking 26-8
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 32-12
facilities supported 32-13
message logging configuration 32-12
unrecognized Type-Length-Value (TLV) support 16-4
upgrading software images
See downloading
UplinkFast
described 20-3
disabling 20-13
enabling 20-13
support for 1-6
uploading
configuration files
preparing B-10, B-13, B-16
reasons for B-8
using FTP B-14
using RCP B-18
using TFTP B-11
image files
preparing B-25, B-29, B-33
reasons for B-23
using FTP B-31
using RCP B-36
using TFTP B-28
user EXEC mode 2-2
username-based authentication 11-6
V
version-dependent transparent mode 16-4
virtual IP address
cluster standby group 7-10
command switch 7-10
virtual switches and PAgP 38-5
vlan.dat file 15-4
VLAN 1, disabling on a trunk port 15-18
VLAN 1 minimization 15-18
vlan-assignment response, VMPS 15-24
VLAN blocking, REP 21-12
VLAN configuration
at bootup 15-7
saving 15-7
VLAN configuration mode 2-2, 15-6
VLAN database
and startup configuration file 15-7
and VTP 16-1
VLAN configuration saved in 15-6
VLANs saved in 15-4
vlan database command 15-6
VLAN filtering and SPAN 30-6
vlan global configuration command 15-6
VLAN ID, discovering 8-27
VLAN load balancing
REP 21-4
VLAN load balancing, triggering 21-5
VLAN load balancing on flex links 22-2
configuration guidelines 22-8
VLAN management domain 16-2
VLAN Management Policy Server
See VMPS
VLAN membership
confirming 15-27
modes 15-3
VLAN Query Protocol
See VQP
VLANs
adding 15-8
adding to VLAN database 15-8
aging dynamic addresses 18-9
allowed on trunk 15-18
and spanning-tree instances 15-2, 15-6, 15-12
configuration guidelines, extended-range VLANs 15-12
configuration guidelines, normal-range VLANs 15-5
configuration options 15-6
configuring 15-1
configuring IDs 1006 to 4094 15-12
creating in config-vlan mode 15-8
creating in VLAN configuration mode 15-9
default configuration 15-7
deleting 15-9
described 13-2, 15-1
displaying 15-13
extended-range 15-1, 15-11
features 1-7
illustrated 15-2
limiting source traffic with RSPAN 30-22
limiting source traffic with SPAN 30-15
modifying 15-8
multicast 25-16
native, configuring 15-19
normal-range 15-1, 15-4
number supported 1-7
parameters 15-4
port membership modes 15-3
static-access ports 15-10
STP and IEEE 802.1Q trunks 18-10
supported 15-2
Token Ring 15-5
traffic between 15-2
VTP modes 16-3
VLAN Trunking Protocol
See VTP
VLAN trunks 15-14
VMPS
administering 15-28
configuration example 15-29
configuration guidelines 15-25
default configuration 15-25
description 15-23
dynamic port membership
described 15-24
reconfirming 15-27
troubleshooting 15-29
entering server address 15-26
mapping MAC addresses to VLANs 15-24
monitoring 15-28
reconfirmation interval, changing 15-27
reconfirming membership 15-27
retry count, changing 15-28
voice-over-IP 17-1
voice VLAN
Cisco 7960 phone, port connections 17-1
configuration guidelines 17-3
configuring IP phones for data traffic
override CoS of incoming frame 17-6
trust CoS priority of incoming frame 17-6
configuring ports for voice traffic in
802.1p priority tagged frames 17-5
802.1Q frames 17-4
connecting to an IP phone 17-4
default configuration 17-3
described 17-1
displaying 17-6
IP phone data traffic, described 17-2
IP phone voice traffic, described 17-2
VQP 1-7, 15-23
VTP
adding a client to a domain 16-14
advertisements 15-16, 16-3
and extended-range VLANs 16-1
and normal-range VLANs 16-1
client mode, configuring 16-11
configuration
global configuration mode 16-7
guidelines 16-7
privileged EXEC mode 16-7
requirements 16-8
saving 16-7
VLAN configuration mode 16-7
configuration mode options 16-7
configuration requirements 16-8
configuration revision number
guideline 16-14
resetting 16-15
configuring
client mode 16-11
server mode 16-9
transparent mode 16-12
consistency checks 16-4
default configuration 16-6
described 16-1
disabling 16-12
domain names 16-7
domains 16-2
modes
client 16-3, 16-11
server 16-3, 16-9
transitions 16-3
transparent 16-3, 16-12
monitoring 16-16
passwords 16-8
pruning
disabling 16-14
enabling 16-14
examples 16-5
overview 16-4
support for 1-7
pruning-eligible list, changing 15-19
server mode, configuring 16-9
statistics 16-16
support for 1-7
Token Ring support 16-4
transparent mode, configuring 16-12
using 16-1
version, guidelines 16-8
Version 1 16-4
Version 2
configuration guidelines 16-8
disabling 16-13
enabling 16-13
overview 16-4
W
web authentication 12-14
configuring12-55to 12-58
described 1-8, 12-25
fallback for IEEE 802.1x 12-57
weighted tail drop
See WTD
wired location service
configuring 27-9
displaying 27-10
location TLV 27-3
understanding 27-3
wizards 1-2
WTD
described 36-11
setting thresholds
egress queue-sets 36-61
ingress queues 36-57
support for 1-10
X
Xmodem protocol 39-2