-
Catalyst 2940 Switch Software Configuration Guide, 12.1(22)E11 and Later
-
Index
-
Preface
-
Overview
-
Using the Command-Line Interface
-
Assigning the Switch IP Address and Default Gateway
-
Clustering Switches
-
Administering the Switch
-
Configuring Switch-Based Authentication
-
Configuring IEEE 802.1x Port-Based Authentication
-
Configuring Interface Characteristics
-
Configuring SmartPort Macros
-
Configuring STP
-
Configuring MSTP
-
Configuring Optional Spanning-Tree Features
-
Configuring VLANs
-
Configuring VTP
-
Configuring Voice VLAN
-
Configuring DHCP Features
-
Configuring IGMP Snooping and MVR
-
Configuring Port-Based Traffic Control
-
Configuring UDLD
-
Configuring CDP
-
Configuring SPAN
-
Configuring RMON
-
Configuring System Message Logging
-
Configuring SNMP
-
Configuring QoS
-
Configuring EtherChannels
-
Troubleshooting
-
Supported MIBs
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - L - M - N - P - Q - R - S - T - U - V - W - X -
Index
Numerics
802.1Q
and trunk ports 8-2
encapsulation 13-14
802.3x flow control 8-12
A
abbreviating commands 2-4
AC (command switch) 4-8
access control list
access-denied response, VMPS 13-24
accessing
clusters, switch 4-11
command switches 4-9
member switches 4-11
switch clusters 4-11
access list
access ports
defined 8-2
in switch clusters 4-7
accounting
with RADIUS 6-27
ACL 1-5
addresses
displaying the MAC address table 5-24
dynamic
accelerated aging 10-8
changing the aging time 5-20
default aging 10-8
defined 5-19
learning 5-20
removing 5-21
MAC, discovering 5-25
multicast STP address management 10-8
static
adding and removing 5-23
defined 5-19
address resolution 5-25
Address Resolution Protocol
advertisements
CDP 20-1
aggregated ports
aging, accelerating 10-8
aging time
accelerated
for MSTP 11-20
MAC address table 5-20
maximum
for STP 10-21
alarms, RMON 22-3
allowed-VLAN list 13-18
ARP table
address resolution 5-25
managing 5-25
attributes, RADIUS
vendor-proprietary 6-29
vendor-specific 6-28
authentication
local mode with AAA 6-30
NTP associations 5-4
RADIUS
defined 6-17
key 6-20
login 6-22
TACACS+
defined 6-11
key 6-12
login 6-13
See also port-based authentication
authentication failed VLAN
authoritative time source, described 5-2
authorization
with RADIUS 6-26
authorized ports with IEEE 802.1x 7-4
automatic discovery
considerations
beyond a noncandidate device 4-7
brand new switches 4-7
connectivity 4-4
different VLANs 4-6
management VLANs 4-6
non-CDP-capable devices 4-5
noncluster-capable devices 4-5
in switch clusters 4-4
automatic recovery, clusters 4-8
autonegotiation
interface configuration guidelines 8-10
mismatches 27-9
auxiliary VLAN
B
BackboneFast
described 12-5
enabling 12-13
support for 1-4
banners
configuring
login 5-18
message-of-the-day login 5-17
default configuration 5-17
when displayed 5-17
binding database, DHCP snooping
See DHCP snooping binding database
binding table, DHCP snooping
See DHCP snooping binding database
booting
boot loader, function of 3-1
boot process 3-1
boot loader
described 3-1
trap-door mechanism 3-2
BPDU
error-disabled state 12-2
filtering 12-3
RSTP format 11-9
BPDU filtering
described 12-3
enabling 12-12
support for 1-4
BPDU guard
described 12-2
enabling 12-11
support for 1-4
broadcast storm control
C
cables, monitoring for unidirectional links 19-1
candidate switch
automatic discovery 4-4
defined 4-3
requirements 4-3
See also command switch, cluster standby group, and member switch
CDP
and trusted boundary 25-6
automatic discovery in switch clusters 4-4
configuring 20-2
default configuration 20-2
described 20-1
disabling for routing device 20-3, 20-4
enabling and disabling
on an interface 20-4
on a switch 20-3
monitoring 20-4
overview 20-1
transmission timer and holdtime, setting 20-2
updates 20-2
Cisco Access Analog Trunk Gateway 1-12
Cisco CallManager software 1-11, 1-12
Cisco Discovery Protocol
Cisco IOS command-line interface
Cisco IP Phones 1-11
Cisco Network Assistant
Cisco SoftPhone software 1-12
clearing interfaces 8-15
CLI
abbreviating commands 2-4
command modes 2-1
described 1-7
editing features
enabling and disabling 2-6
keystroke editing 2-7
wrapped lines 2-8
error messages 2-5
getting help 2-3
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
no and default forms of commands 2-4
client mode, VTP 14-3
clock
clusters, switch
accessing 4-11
automatic discovery 4-4
automatic recovery 4-8
compatibility 4-3
described 4-1
managing
through SNMP 4-13
planning 4-3
planning considerations
automatic discovery 4-4
automatic recovery 4-8
host names 4-11
IP addresses 4-11
passwords 4-11
RADIUS 4-12
TACACS+ 4-12
cluster standby group
automatic recovery 4-10
considerations 4-9
defined 4-2
requirements 4-3
virtual IP address 4-9
command-line interface
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
setting privilege levels 6-8
command switch
accessing 4-9
active (AC) 4-8
configuration conflicts 27-9
defined 4-1
passive (PC) 4-8
password privilege levels 4-12
priority 4-8
recovery
from command-switch failure 4-8
from failure 27-6
from lost member connectivity 27-9
redundant 4-8
replacing
with another switch 27-8
with cluster member 27-6
requirements 4-2
standby (SC) 4-8
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
for cluster switches 24-4
in clusters 4-12
overview 24-3
SNMP 4-12
configurable leave timer, IGMP 17-5
configuration conflicts, recovering from lost member connectivity 27-9
configuration examples, network
collapsed backbone and switch cluster 1-10
design concepts
network performance 1-8
network services 1-9
large campus 1-12
small to medium-sized network 1-9
configuration files
limiting TFTP server access 24-13
obtaining with DHCP 3-7
password recovery disable considerations 6-5
system contact and location information 24-12
VMPS database 13-25
configuration settings, saving 3-12
configure terminal command 8-5
Configuring a Restricted VLAN 7-25
conflicts, configuration 27-9
connections, secure remote 6-32
connectivity problems 27-10
consistency checks in VTP version 2 14-4
console port, connecting to 2-9
CoS
configuring 25-2
configuring priority queues 25-8
defining 25-3
override priority 15-5
trust priority 15-5
counters, clearing interface 8-15
crashinfo file 27-15
D
daylight saving time 5-12
debugging
enabling all system diagnostics 27-14
enabling for a specific feature 27-13
redirecting error message output 27-14
using commands 27-13
default commands 2-4
default configuration
banners 5-17
CDP 20-2
DHCP 16-4
DHCP option 82 16-5
DHCP snooping 16-5
DNS 5-16
EtherChannel 26-8
IEEE 802.1x 7-14
IGMP filtering 17-21
IGMP snooping 17-7
IGMP throttling 17-22
initial switch information 3-3
Layer 2 interfaces 8-9
MAC address table 5-20
MSTP 11-11
MVR 17-17
NTP 5-4
optional spanning-tree features 12-9
password and privilege level 6-2
port security 18-6
QoS 25-3
RADIUS 6-19
RMON 22-3
RSPAN 21-5
SNMP 24-5
SPAN 21-5
storm control 18-2
STP 10-11
system message logging 23-3
system name and prompt 5-15
TACACS+ 6-12
UDLD 19-4
VLAN, Layer 2 Ethernet interfaces 13-15
VLANs 13-7
VMPS 13-25
voice VLAN 15-2
VTP 14-6
default gateway 3-11
deleting VLANs 13-9
denial-of-service attack 18-1
description command 8-14
detecting indirect link failures, STP 12-5
device discovery protocol 20-1
device manager
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-6
relay device 3-6
server-side 3-5
TFTP server 3-5
example 3-8
lease options
for IP address information 3-5
for receiving the configuration file 3-5
relationship to BOOTP 3-3
support for 1-3
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
configuration guidelines 16-5
default configuration 16-4
displaying 16-7
overview 16-3
support for 1-3
DHCP snooping
accepting untrusted packets form edge switch 16-2, 16-6
binding database
See DHCP snooping binding database
configuration guidelines 16-5
default configuration 16-4
displaying binding tables 16-7
displaying configuration 16-7
message exchange process 16-3
option 82 data insertion 16-3
trusted interface 16-2
untrusted interface 16-2
untrusted messages 16-2
DHCP snooping binding database
described 16-2
displaying 16-7
entries 16-2
DHCP snooping binding table
See DHCP snooping binding database
discovery, clusters
DNS
and DHCP-based autoconfiguration 3-6
default configuration 5-16
displaying the configuration 5-17
overview 5-15
setting up 5-16
support for 1-3
domain names
DNS 5-15
VTP 14-7
Domain Name System
downloading
image files
using HTTP 1-2
using Network Assistant 1-2
duplex mode, configuring 8-10
dynamic access ports
characteristics 13-3
configuring 13-27
defined 8-2
dynamic addresses
dynamic desirable trunking mode 13-15
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 13-24
troubleshooting 13-29
types of connections 13-27
VMPS database configuration file 13-25
Dynamic Trunking Protocol
E
editing features
enabling and disabling 2-6
keystrokes used 2-7
wrapped lines 2-8
enable password 6-3
enable secret password 6-3
encapsulation 25-2
encryption for passwords 6-3
error messages
during command entry 2-5
setting the display destination device 23-4
severity levels 23-8
system message format 23-2
EtherChannel
automatic creation of 26-3
configuration guidelines 26-8
default configuration 26-8
destination MAC address forwarding 26-6
displaying status 26-14
forwarding methods 26-11
number of interfaces per 26-2
overview 26-1
PAgP
aggregate-port learners 26-5
compatibility with Catalyst 1900 26-12
displaying status 26-14
interaction with other features 26-5
learn method and priority configuration 26-12
modes 26-4
overview 26-3
silent mode 26-4
support for 1-3
port-channel interfaces
described 26-3
numbering of 26-3
port groups 8-3
source MAC address forwarding 26-6
EtherChannel guard
described 12-7
enabling 12-14
Ethernet VLANs
adding 13-7
defaults and ranges 13-7
modifying 13-7
events, RMON 22-3
examples
network configuration 1-8
extended-range VLANs
configuration guidelines 13-11
configuring 13-11
extended system ID
MSTP 11-14
Extensible Authentication Protocol over LAN 7-1
F
fallback VLAN name 13-25
fiber-optic, detecting unidirectional links 19-1
files, crashinfo
description 27-15
displaying the contents of 27-15
location 27-15
filtering show and more command output 2-9
flow control 8-12
forward-delay time
MSTP 11-20
forwarding
FTP
accessing MIB files A-3
G
GBICs
security and identification 27-10
get-bulk-request operation 24-3
get-next-request operation 24-3, 24-4
get-request operation 24-3, 24-4
get-response operation 24-3
global configuration mode 2-2
guide mode 1-2
GUIs
See device manager and Network Assistant 1-7
H
hello time
MSTP 11-19
STP 10-20
help, for the command line 2-3
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 23-9
host names
in clusters 4-11
hosts, limit on dynamic ports 13-29
HP OpenView 1-7
HSRP
automatic cluster recovery 4-10
cluster standby group considerations 4-9
See also clusters, cluster standby group, and standby command switch
I
ICMP ping
executing 27-11
overview 27-10
IDS, using with SPAN 21-2
IEEE 802.1D
IEEE 802.1p 15-1
IEEE 802.1Q
configuration limitations 13-15
native VLAN for untagged traffic 13-19
IEEE 802.1s
IEEE 802.1w
IEEE 802.1x
IGMP
configurable leave timer, procedures 17-11
joining multicast group 17-3
join messages 17-3
leave processing, enabling 17-10
leaving multicast group 17-5
queries 17-3
report suppression
described 17-6
disabling 17-12
throttling action 17-21
IGMP, joining multicast group 17-3
IGMP configurable leave timer, described 17-5
IGMP filtering
configuring 17-22
default configuration 17-21
described 17-21
monitoring 17-26
IGMP groups
configuring the throttling action 17-24
setting the maximum number 17-24
IGMP profile
applying 17-23
configuration mode 17-22
configuring 17-22
IGMP snooping
configuring 17-6
default configuration 17-7
definition 17-1
enabling and disabling 17-7
global configuration 17-7
Immediate Leave 17-5
method 17-8
monitoring 17-13
VLAN configuration 17-8
IGMP throttling
configuring 17-24
default configuration 17-22
described 17-21
displaying action 17-25
Immediate-Leave, IGMP 17-5
ingress port scheduling 25-3
interface
number 8-4
range macros 8-7
interface configuration mode 2-3
interfaces
Cisco IOS supported 1-7
configuration guidelines 8-10
configuring 8-4
configuring duplex mode 8-10
configuring speed 8-10
counters, clearing 8-15
described 8-14
descriptive name, adding 8-14
displaying information about 8-14
flow control 8-12
IOS supported 1-6
monitoring 8-14
naming 8-14
physical, identifying 8-4
range of 8-5
restarting 8-16
shutting down 8-16
supported 8-8
types of 8-1
interfaces range macro command 8-7
Intrusion Detection System
IP addresses
cluster access 4-2
discovering 5-25
redundant clusters 4-9
standby command switch 4-9, 4-11
ip igmp profile command 17-22
IP information
assigned
manually 3-11
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing and IGMP snooping 17-1, 17-6
IP phones
and IEEE 802.1x authentication 7-10
and QoS 15-1
configuring 15-3
trusted boundary for QoS 25-6
IPv4 1-1
IPv6 1-1
IP version 4 1-1
IP version 6 1-1
J
join messages, IGMP 17-3
L
LACP
Layer 2 frames, classification with CoS 25-1
Layer 2 interfaces, default configuration 8-9
Layer 2 traceroute
and ARP 27-12
and CDP 27-12
described 27-12
IP addresses and subnets 27-12
MAC addresses and VLANs 27-12
multicast traffic 27-12
multiple devices on a port 27-13
unicast traffic 27-12
usage guidelines 27-12
leave processing, IGMP 17-10
line configuration mode 2-3
links, unidirectional 19-1
login authentication
with RADIUS 6-22
with TACACS+ 6-13
login banners 5-17
log messages
loop guard
described 12-9
enabling 12-15
support for 1-4
M
MAC addresses
aging time 5-20
and VLAN association 5-20
building the address table 5-20
default configuration 5-20
discovering 5-25
displaying 5-24
displaying in DHCP snooping binding table 16-7
dynamic
learning 5-20
removing 5-21
static
adding 5-24
characteristics of 5-23
removing 5-24
sticky secure, adding 18-5
MAC address multicast entries, monitoring 17-14
MAC address-to-VLAN mapping 13-24
macros
magic packet 7-11
management options
benefits
clustering 1-7
Network Assistant 1-7
CLI 2-1
Network Assistant 1-1
management VLAN
considerations in switch clusters 4-6
discovery through different management VLANs 4-6
maximum aging time
MSTP 11-20
STP 10-21
maximum hop count, MSTP 11-21
membership mode, VLAN port 13-3
member switch
automatic discovery 4-4
defined 4-1
passwords 4-11
recovering from lost connectivity 27-9
requirements 4-3
See also candidate switch, cluster standby group, and standby command switch
messages to users through banners 5-17
MIBs
accessing files with FTP A-3
location of files A-3
overview 24-1
SNMP interaction with 24-4
supported A-1
mirroring traffic for analysis 21-1
mismatches, autonegotiation 27-9
monitoring
cables for unidirectional links 19-1
CDP 20-4
IGMP
filters 17-26
snooping 17-13
interfaces 8-14
multicast router ports 17-14
MVR 17-20
network traffic for analysis with probe 21-1
port protection 18-12
speed and duplex mode 8-11
traffic flowing among switches 22-1
traffic suppression 18-12
VLANs 13-13
VMPS 13-29
VTP 14-15
MSTP
boundary ports
configuration guidelines 11-12
described 11-5
BPDU filtering
described 12-3
enabling 12-12
BPDU guard
described 12-2
enabling 12-11
CIST, described 11-3
configuration guidelines 11-12, 12-10
configuring
forward-delay time 11-20
hello time 11-19
link type for rapid convergence 11-21
maximum aging time 11-20
maximum hop count 11-21
MST region 11-13
path cost 11-17
port priority 11-16
root switch 11-14
secondary root switch 11-15
switch priority 11-18
CST
defined 11-3
operations between regions 11-3
default configuration 11-11
default optional feature configuration 12-9
described 11-2
displaying status 11-22
enabling the mode 11-13
EtherChannel guard
described 12-7
enabling 12-14
extended system ID
effects on root switch 11-14
effects on secondary root switch 11-15
unexpected behavior 11-14
instances supported 10-9
interface state, blocking to forwarding 12-2
interoperability and compatibility among modes 10-9
interoperability with IEEE 802.1D
described 11-5
restarting migration process 11-22
IST
defined 11-2
operations within a region 11-3
loop guard
described 12-9
enabling 12-15
mapping VLANs to MST instance 11-13
MST region
described 11-2
hop-count mechanism 11-4
supported spanning-tree instances 11-2
Port Fast
described 12-2
enabling 12-10
preventing root switch selection 12-8
root guard
described 12-8
enabling 12-14
root switch
configuring 11-14
effects of extended system ID 11-14
unexpected behavior 11-14
shutdown Port Fast-enabled port 12-2
multicast groups
and IGMP snooping 17-6
Immediate Leave 17-5
joining 17-3
leaving 17-5
static joins 17-9
multicast router ports
adding 17-9
monitoring 17-14
multicast storm control
Multicast VLAN Registration
Multiple Spanning Tree Protocol
MVR
configuring interfaces 17-19
default configuration 17-17
described 17-14
modes 17-18
monitoring 17-20
setting global parameters 17-18
N
NAC 1-5
IEEE 802.1x authentication using a RADIUS server 7-28
IEEE 802.1x validation using RADIUS server 7-28
Layer 2 IEEE 802.1x validation 7-28
NAC Layer 2 IEEE 802.1x validation 1-5
native VLAN
configuring 13-19
default 13-19
Network Admission Control
See NAC Layer 2 IEEE 802.1x validation
Network Assistant
advantages with switch clustering 1-7
described 1-7
guide mode 1-2
management options 1-1
wizards 1-2
network examples
collapsed backbone and switch cluster 1-10
design concepts
network performance 1-8
network services 1-9
large campus 1-12
small to medium-sized network 1-9
network management
CDP 20-1
RMON 22-1
SNMP 24-1
Network Time Protocol
no commands 2-4
nontrunking mode 13-15
normal-range VLANs
configuration modes 13-6
defined 13-1
NTP
associations
authenticating 5-4
defined 5-2
enabling broadcast messages 5-6
peer 5-5
server 5-5
default configuration 5-4
displaying the configuration 5-10
overview 5-2
restricting access
creating an access group 5-8
disabling NTP services per interface 5-9
source IP address, configuring 5-10
stratum 5-2
synchronizing devices 5-5
time
services 5-2
synchronizing 5-2
P
PAgP
pass-through mode 25-7
passwords
default configuration 6-2
disabling recovery of 6-5
encrypting 6-3
in clusters 4-11
overview 6-1
setting
enable 6-3
enable secret 6-3
Telnet 6-6
with usernames 6-6
VTP domain 14-8
path cost
MSTP 11-17
STP 10-17
PC (passive command switch) 4-8
per-VLAN spanning-tree plus
physical ports 8-1
PIM-DVMRP, as snooping method 17-8
ping
character output description 27-11
executing 27-11
overview 27-10
Port Aggregation Protocol
port-based authentication
accounting 7-6
accounting services 1-5
authentication server
defined 7-2
RADIUS server 7-2
client, defined 7-2
configuration guidelines 7-15
configuring
guest VLAN 7-24
host mode 7-19
IEEE 802.1x accounting 7-23
IEEE 802.1x authentication 7-16
manual re-authentication of a client 7-20
periodic re-authentication 7-20
quiet period 7-21
RADIUS server 7-19
RADIUS server parameters on the switch 7-18
restricted VLAN 7-25
switch-to-client frame-retransmission number 7-22
switch-to-client retransmission time 7-21
default configuration 7-14
described 7-1
device roles 7-2
displaying statistics 7-30
EAPOL-start frame 7-3
EAP-request/identity frame 7-3
EAP-response/identity frame 7-3
enabling
IEEE 802.1x with guest VLAN 7-8
IEEE 802.1x with port security 7-10
IEEE 802.1x with restricted VLAN 7-9
IEEE 802.1x with VLAN assignment 7-7
IEEE 802.1x with voice VLAN 7-10
encapsulation 7-3
guest VLAN
configuration guidelines 7-8, 7-9
host mode 7-5
initiation and message exchange 7-3
magic packet 7-11
method lists 7-16
multiple-hosts mode, described 7-5
ports
authorization state and dot1x port-control command 7-4
authorized and unauthorized 7-4
port security, multiple-hosts mode 7-5
resetting to default values 7-29
software upgrade changes 7-16
switch
as proxy 7-2
RADIUS client 7-3
VLAN assignment, AAA authorization 7-16
wake-on-LAN, described 7-11
port-channel
Port Fast
described 12-2
enabling 12-10
mode, spanning tree 13-25
support for 1-4
port membership modes, VLAN 13-2
port priority
MSTP 11-16
STP 10-16
ports
access 8-2
dynamic access 13-3
priority 25-2
protected 18-4
secure 18-4
switch 8-1
trunks 13-14
VLAN assignments 13-10
port security
aging 18-10
configuration guidelines 18-7
configuring 18-8
default configuration 18-6
described 18-4
displaying 18-12
sticky learning 18-5
violations 18-5
with other features 18-7
port-shutdown response, VMPS 13-24
preferential treatment of traffic
preventing unauthorized access 6-1
priority
overriding CoS 15-5
port, described 25-2
trusting CoS 15-5
private VLAN edge ports
privileged EXEC mode 2-2
privilege levels
changing the default for lines 6-8
command switch 4-12
exiting 6-9
logging into 6-9
mapping on member switches 4-12
setting a command with 6-8
pruning, VTP
enabling 14-13
enabling on a port 13-19
examples 14-5
overview 14-4
pruning-eligible list
changing 13-19
for VTP pruning 14-4
VLANs 14-13
PSTN 1-12
PVST+
described 10-9
IEEE 802.1Q trunking interoperability 10-10
instances supported 10-9
Q
QoS
classification
in frames and packets 25-2
pass-through mode, described 25-7
trusted boundary, described 25-6
configuring
CoS and WRR 25-8
default port CoS value 25-5
egress queues 25-8
port trust states within the domain 25-4
trusted boundary 25-6
default configuration 25-3
ingress port scheduling 25-3
IP phones, detection and trusted settings 25-6
overview 25-1
pass-through mode 25-7
support for 1-6
trusted boundary 25-6
understanding 25-1
quality of service
queries, IGMP 17-3
R
RADIUS
attributes
vendor-proprietary 6-29
vendor-specific 6-28
configuring
accounting 6-27
authentication 6-22
authorization 6-26
communication, global 6-20, 6-27
communication, per-server 6-19, 6-20
multiple UDP ports 6-19
default configuration 6-19
defining AAA server groups 6-24
described 6-17
displaying the configuration 6-30
identifying the server 6-19
in clusters 4-12
limiting the services to the user 6-26
method list, defined 6-18
operation of 6-18
suggested network environments 6-17
tracking services accessed by user 6-27
range
macro 8-7
of interfaces 8-6
rapid convergence 11-7
rapid per-VLAN spanning-tree plus
rapid PVST+
described 10-9
IEEE 802.1Q trunking interoperability 10-10
instances supported 10-9
Rapid Spanning Tree Protocol
reconfirmation interval, VMPS, changing 13-28
recovery procedures 27-1
redundancy
EtherChannel 26-2
STP
backbone 10-7
path cost 13-22
port priority 13-20
redundant links and UplinkFast 12-12
Remote Authentication Dial-In User Service
Remote Network Monitoring
report suppression, IGMP
described 17-6
disabling 17-12
resetting a UDLD-shutdown interface 19-6
restricted VLAN
configuring 7-25
using with port-based authentication 7-9
restricting access
NTP services 5-8
overview 6-1
passwords and privilege levels 6-2
RADIUS 6-16
TACACS+ 6-9
retry count, VMPS, changing 13-28
RFC
1112, IP multicast and IGMP 17-2
1157, SNMPv1 24-2
1305, NTP 5-2
1757, RMON 22-2
1901, SNMPv2C 24-2
1902 to 1907, SNMPv2 24-2
2236, IP multicast and IGMP 17-2
2273-2275, SNMPv3 24-2
RMON
default configuration 22-3
displaying status 22-6
enabling alarms and events 22-3
groups supported 22-2
overview 22-1
statistics
collecting group Ethernet 22-5
collecting group history 22-4
root guard
described 12-8
enabling 12-14
support for 1-4
root switch
MSTP 11-14
STP 10-14
RSPAN
default configuration 21-5
displaying status 21-9
interaction with other features 21-4
overview 21-1
sessions
defined 21-2
RSTP
active topology, determining 11-6
BPDU
format 11-9
processing 11-10
designated port, defined 11-6
designated switch, defined 11-6
interoperability with IEEE 802.1D
described 11-5
restarting migration process 11-22
topology changes 11-10
overview 11-6
port roles
described 11-6
synchronized 11-8
proposal-agreement handshake process 11-7
rapid convergence
described 11-7
edge ports and Port Fast 11-7
point-to-point links 11-7, 11-21
root ports 11-7
root port, defined 11-6
running configuration, saving 3-11
S
SC (standby command switch) 4-8
secure ports, configuring 18-4
secure remote connections 6-32
Secure Shell
security, port 18-4
sequence numbers in log messages 23-7
server mode, VTP 14-2
service-provider network, MSTP and RSTP 11-1
set-request operation 24-4
setup program, failed command switch replacement 27-6, 27-8
severity levels, defining in system messages 23-8
show and more command output, filtering 2-9
show cdp traffic command 20-5
show configuration command 8-14
show interfaces command 8-11, 8-14
show running-config command
interface description in 8-14
shutdown command on interfaces 8-16
Simple Network Management Protocol
Smartports macros
applying Cisco-default macros 9-6
applying global parameter values 9-5, 9-6
applying macros 9-4
applying parameter values 9-5, 9-7
configuration guidelines 9-2
creating 9-4
default configuration 9-2
defined 9-1
displaying 9-8
tracing 9-3
website 9-2
SNAP 20-1
SNMP
accessing MIB variables with 24-4
agent
described 24-3
disabling 24-6
community strings
configuring 24-7
for cluster switches 24-4
overview 24-3
configuration examples 24-13
default configuration 24-5
groups 24-8
in clusters 4-12
informs
and trap keyword 24-10
described 24-4
differences from traps 24-5
enabling 24-12
limiting access by TFTP servers 24-13
limiting system log messages to NMS 23-9
manager functions 24-3
managing clusters with 4-13
MIBs
location of A-3
supported A-1
notifications 24-4
status, displaying 24-14
system contact and location 24-12
trap manager, configuring 24-11
traps
differences from informs 24-5
enabling 24-10
enabling MAC address notification 5-21
types of 24-10
users 24-8
versions supported 24-2
snooping, IGMP 17-1
software images
recovery procedures 27-1
See also downloading and uploading
SPAN
configuration guidelines 21-5
default configuration 21-5
destination ports 21-3
displaying status 21-9
IDS 21-2
interaction with other features 21-4
monitored ports 21-3
monitoring ports 21-3
ports, restrictions 18-7
received traffic 21-2
session limits 21-5
sessions
creating 21-6
defined 21-2
removing destination (monitoring) ports 21-9
removing source (monitored) ports 21-9
specifying monitored ports 21-6
source ports 21-3
transmitted traffic 21-3
spanning tree and native VLANs 13-15
Spanning Tree Protocol
speed
configuring on interfaces 8-10
SSH
configuring 6-33
cryptographic software image 6-31
described 6-32
encryption methods 6-32
user authentication methods, supported 6-32
standby command switch
considerations 4-9
defined 4-2
priority 4-8
requirements 4-3
virtual IP address 4-9
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
static access ports
assigning to VLAN 13-10
static addresses
static VLAN membership 13-2
statistics
CDP 20-4
IEEE 802.1x 7-30
interface 8-15
RMON group Ethernet 22-5
RMON group history 22-4
SNMP input and output 24-14
VTP 14-15
sticky learning
configuration file 18-5
defined 18-5
disabling 18-5
enabling 18-5
saving addresses 18-5
storm control
configuring 18-2
default configuration 18-2
described 18-1
disabling 18-3
displaying 18-12
STP
accelerating root port selection 12-4
BackboneFast
described 12-5
enabling 12-13
BPDU filtering
described 12-3
enabling 12-12
BPDU guard
described 12-2
enabling 12-11
BPDU message exchange 10-2
configuration guidelines 10-11, 12-10
configuring
forward-delay time 10-20
hello time 10-20
maximum aging time 10-21
path cost 10-17
port priority 10-16
root switch 10-14
secondary root switch 10-15
spanning-tree mode 10-12
switch priority 10-18
counters, clearing 10-22
default configuration 10-11
default optional feature configuration 12-9
designated port, defined 10-3
designated switch, defined 10-3
detecting indirect link failures 12-5
disabling 10-13
displaying status 10-21
EtherChannel guard
described 12-7
enabling 12-14
extended system ID
affects on root switch 10-14
affects on the secondary root switch 10-15
overview 10-3
unexpected behavior 10-14
features supported 1-4
inferior BPDU 10-3
instances supported 10-9
interface state, blocking to forwarding 12-2
interface states
blocking 10-5
disabled 10-6
learning 10-6
listening 10-6
overview 10-4
interoperability and compatibility among modes 10-9
limitations with IEEE 802.1Q trunks 10-10
load sharing
overview 13-20
using path costs 13-22
using port priorities 13-20
loop guard
described 12-9
enabling 12-15
modes supported 10-8
multicast addresses, affect of 10-8
overview 10-2
path costs 13-22
Port Fast
described 12-2
enabling 12-10
port priorities 13-21
preventing root switch selection 12-8
protocols supported 10-8
redundant connectivity 10-7
root guard
described 12-8
enabling 12-14
root port, defined 10-3
root switch
affects of extended system ID 10-3, 10-14
configuring 10-14
election 10-3
unexpected behavior 10-14
shutdown Port Fast-enabled port 12-2
superior BPDU 10-3
timers, described 10-19
UplinkFast
described 12-3
enabling 12-12
stratum, NTP 5-2
summer time 5-12
SunNet Manager 1-7
switch clustering technology 4-1
switched ports 8-1
switchport protected command 18-4
switch priority
MSTP 11-18
STP 10-18
syslog
system clock
configuring
daylight saving time 5-12
manually 5-11
summer time 5-12
time zones 5-12
displaying the time and date 5-11
overview 5-1
system message logging
default configuration 23-3
defining error message severity levels 23-8
disabling 23-3
displaying the configuration 23-12
enabling 23-3
facility keywords, described 23-11
level keywords, described 23-8
limiting messages 23-9
message format 23-2
overview 23-1
sequence numbers, enabling and disabling 23-7
setting the display destination device 23-4
synchronizing log messages 23-5
timestamps, enabling and disabling 23-6
UNIX syslog servers
configuring the daemon 23-10
configuring the logging facility 23-11
facilities supported 23-11
system name
default configuration 5-15
default setting 5-15
manual configuration 5-15
system prompt
T
TACACS+
accounting, defined 6-11
authentication, defined 6-11
authorization, defined 6-11
configuring
accounting 6-16
authentication key 6-12
authorization 6-15
login authentication 6-13
default configuration 6-12
displaying the configuration 6-16
identifying the server 6-12
in clusters 4-12
limiting the services to the user 6-15
operation of 6-11
overview 6-10
tracking services accessed by user 6-16
Telnet
accessing management interfaces 2-9
accessing the CLI 1-7
setting a password 6-6
Terminal Access Controller Access Control System Plus
terminal lines, setting a password 6-6
TFTP
configuration files in base directory 3-5
configuring for autoconfiguration 3-5
limiting access by servers 24-13
TFTP server 1-3
time
timestamps in log messages 23-6
time zones 5-12
Token Ring VLANs
support for 13-5
VTP support 14-4
traceroute, Layer 2
and ARP 27-12
and CDP 27-12
described 27-12
IP addresses and subnets 27-12
MAC addresses and VLANs 27-12
multicast traffic 27-12
multiple devices on a port 27-13
unicast traffic 27-12
usage guidelines 27-12
transparent mode, VTP 14-3, 14-11
trap-door mechanism 3-2
traps
configuring MAC address notification 5-21
configuring managers 24-10
defined 24-3
notification types 24-10
troubleshooting
connectivity problems 27-10
detecting unidirectional links 19-1
displaying crash information 27-15
GBIC security and identification 27-10
with CiscoWorks 24-4
with debug commands 27-13
with ping 27-10
with system message logging 23-1
trunk ports
configuring 13-17
defined 8-2
trunks
allowed-VLAN list 13-18
load sharing
setting STP path costs 13-22
using STP port priorities 13-20, 13-21
native VLAN for untagged traffic 13-19
parallel 13-22
pruning-eligible list 13-19
to non-DTP device 13-14
VLAN 1 minimization 13-18
trusted boundary 25-6
twisted-pair Ethernet, detecting unidirectional links 19-1
U
UDLD
default configuration 19-4
echoing detection mechanism 19-2
enabling
globally 19-4
per interface 19-5
link-detection mechanism 19-1
neighbor database 19-2
overview 19-1
resetting an interface 19-6
status, displaying 19-7
unauthorized ports with IEEE 802.1x 7-4
unicast storm control
UniDirectional Link Detection protocol
UNIX syslog servers
daemon configuration 23-10
facilities supported 23-11
message logging configuration 23-11
unrecognized Type-Length-Value (TLV) support 14-4
UplinkFast
described 12-3
enabling 12-12
support for 1-4
user EXEC mode 2-2
username-based authentication 6-6
V
version-dependent transparent mode 14-4
virtual IP address
cluster standby group 4-9
command switch 4-9
vlan.dat file 13-4
VLAN 1 minimization, support for 1-5
VLAN configuration
at bootup 13-6
saving 13-6
VLAN configuration mode 2-2, 13-6
VLAN database
and startup configuration file 13-7
and VTP 14-1
VLAN configuration saved in 13-6
VLANs saved in 13-3
vlan database command 13-6
vlan global configuration command 13-6
VLAN ID, discovering 5-25
VLAN management domain 14-2
VLAN Management Policy Server
VLAN membership
confirming 13-27
modes 13-3
VLAN Query Protocol
VLANs
adding 13-7
adding to VLAN database 13-7
aging dynamic addresses 10-8
allowed on trunk 13-18
and spanning-tree instances 13-2, 13-5, 13-12
configuration guidelines, normal-range VLANs 13-5
configuration options 13-6
configuring 13-1
configuring IDs 1006 to 4094 13-11
creating in config-vlan mode 13-8
creating in VLAN configuration mode 13-9
default configuration 13-7
deleting 13-9
displaying 13-13
extended-range 13-11
illustrated 13-2
modifying 13-7
native, configuring 13-19
parameters 13-4
port membership modes 13-2
static-access ports 13-10
STP and IEEE 802.1Q trunks 10-10
supported 13-2
Token Ring 13-5
trunks, VLAN 1 minimization 13-18
VTP modes 14-2
VLAN Trunking Protocol
VLAN trunks 13-14
VMPS
administering 13-29
configuration example 13-30
configuration guidelines 13-25
default configuration 13-25
description 13-23
dynamic port membership
described 13-24
reconfirming 13-28
troubleshooting 13-29
entering server address 13-26
mapping MAC addresses to VLANs 13-24
monitoring 13-29
reconfirmation interval, changing 13-28
reconfirming membership 13-27
retry count, changing 13-28
voice VLAN
Cisco 7960 phone, port connections 15-1
configuration guidelines 15-2
configuring IP phones for data traffic
override CoS of incoming frame 15-5
trust CoS priority of incoming frame 15-5
configuring ports for voice traffic in
802.1p priority tagged frames 15-4
802.1Q frames 15-4
connecting to an IP phone 15-3
default configuration 15-2
described 15-1
displaying 15-6
VQP 13-23
VTP
adding a client to a domain 14-14
and extended-range VLANs 14-1
and normal-range VLANs 14-1
client mode, configuring 14-10
configuration
global configuration mode 14-7
guidelines 14-7
privileged EXEC mode 14-7
requirements 14-8
saving 14-7
VLAN configuration mode 14-7
configuration mode options 14-6
configuration requirements 14-8
configuration revision number
guideline 14-14
resetting 14-14
configuring
client mode 14-10
server mode 14-9
transparent mode 14-11
consistency checks 14-4
default configuration 14-6
described 14-1
disabling 14-11
domain names 14-7
domains 14-2
modes
transitions 14-2
monitoring 14-15
passwords 14-8
pruning
disabling 14-13
enabling 14-13
examples 14-5
overview 14-4
pruning-eligible list, changing 13-19
server mode, configuring 14-9
statistics 14-15
Token Ring support 14-4
transparent mode, configuring 14-11
using 14-1
version, guidelines 14-8
version 1 14-4
version 2
configuration guidelines 14-8
disabling 14-13
enabling 14-12
overview 14-4
W
Weighted Round Robin
wizards 1-2
WRR
configuring 25-9
defining 25-3
description 25-3
X
Xmodem protocol 27-1