-
Catalyst 2970 Switch Software Configuration Guide, 12.1(19)EA1
-
Index
-
Preface
-
Overview
-
Using the Command-Line Interface
-
Getting Started with CMS
-
Assigning the Switch IP Address and Default Gateway
-
Clustering Switches
-
Administering the Switch
-
Configuring Switch-Based Authentication
-
Configuring 802.1X Port-Based Authentication
-
Configuring Interface Characteristics
-
Configuring SmartPort Macros
-
Configuring VLANs
-
Configuring VTP
-
Configuring Voice VLAN
-
Configuring STP
-
Configuring MSTP
-
Configuring Optional Spanning-Tree Features
-
Configuring DHCP Features
-
Configuring IGMP Snooping and MVR
-
Configuring Port-Based Traffic Control
-
Configuring CDP
-
Configuring UDLD
-
Configuring SPAN and RSPAN
-
Configuring RMON
-
Configuring System Message Logging
-
Configuring SNMP
-
Configuring Network Security with ACLs
-
Configuring QoS
-
Configuring EtherChannels
-
Troubleshooting
-
Supported MIBs
-
Working with the Cisco IOS File System, Configuration Files, and Software Images
-
Unsupported Commands in Cisco IOS Release 12.1(19)EA1\r\n
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
Numerics
802.1D
802.1Q
and trunk ports 9-3
configuration limitations 11-12
encapsulation 11-11
native VLAN for untagged traffic 11-16
802.1S
802.1W
802.1X
802.3AD
802.3Z flow control 9-12
A
abbreviating commands 2-4
AC (command switch) 5-10, 5-18
access-class command 26-16
access control entries
access-denied response, VMPS 11-21
access groups
applying ACLs to interfaces 26-17
IP 26-17
accessing
clusters, switch 5-13
command switches 5-11
member switches 5-13
switch clusters 5-13
access lists
access ports
defined 9-2
in switch clusters 5-9
accounting
with RADIUS 7-28
ACEs
defined 26-2
Ethernet 26-2
IP 26-2
ACLs
ACEs 26-2
any keyword 26-9
applying
time ranges to 26-13
to an interface 26-16
comments in 26-15
compiling 26-17
examples of 26-17
extended IP
creating 26-8
matching criteria 26-6
hardware and software handling 26-17
host keyword 26-10
IP
applying to interface 26-16
applying to interfaces 26-16
creating 26-6
implicit deny 26-8, 26-11, 26-13
implicit masks 26-8
matching criteria 26-6
named 26-11
terminal lines, setting on 26-16
undefined 26-17
MAC extended 26-20
monitoring 26-29
named 26-11
numbers 26-6
port 26-2
precedence of 26-2
standard IP
creating 26-7
matching criteria 26-6
supported features 26-17
support for 1-6
time ranges 26-13
unsupported features 26-5
VLAN maps
configuration guidelines 26-23
configuring 26-22
address aliasing 18-2
addresses
displaying the MAC address table 6-28
dynamic
accelerated aging 14-8
changing the aging time 6-23
default aging 14-8
defined 6-22
learning 6-22
removing 6-24
MAC, discovering 6-29
multicast STP address management 14-8
static
adding and removing 6-26
defined 6-22
address resolution 6-29
Address Resolution Protocol
advertisements
CDP 20-1
aggregated ports
aggregate policing 1-7
aging, accelerating 14-8
aging time
accelerated
for MSTP 15-20
MAC address table 6-23
maximum
for MSTP 15-21
for STP 14-21
alarms, RMON 23-3
allowed-VLAN list 11-15
ARP
ARP table
address resolution 6-29
managing 6-29
attributes, RADIUS
vendor-proprietary 7-31
vendor-specific 7-29
audience xxvii
authentication
local mode with AAA 7-36
NTP associations 6-5
RADIUS
key 7-21
login 7-23
See also port-based authentication
TACACS+
defined 7-11
key 7-13
login 7-14
authoritative time source, described 6-2
authorization
with RADIUS 7-27
authorized ports with 802.1X 8-4
autoconfiguration 4-3
automatic discovery
adding member switches 5-16
considerations
beyond a non-candidate device 5-8
brand new switches 5-9
connectivity 5-5
different VLANs 5-7
management VLANs 5-8
non-CDP-capable devices 5-6
non-cluster-capable devices 5-6
creating a cluster standby group 5-18
in switch clusters 5-5
automatic recovery, clusters 5-10
autonegotiation
duplex mode 1-3
interface configuration guidelines 9-10
mismatches 29-10
autosensing, port speed 1-3
auxiliary VLAN
availability, features 1-4
B
BackboneFast
described 16-5
enabling 16-14
support for 1-5
banners
configuring
login 6-21
message-of-the-day login 6-20
default configuration 6-19
when displayed 6-19
booting
boot loader, function of 4-2
boot process 4-1
manually 4-13
specific image 4-14
boot loader
accessing 4-15
described 4-2
environment variables 4-15
prompt 4-15
trap-door mechanism 4-2
BPDU
error-disabled state 16-2
filtering 16-3
RSTP format 15-9
BPDU filtering
described 16-3
enabling 16-12
support for 1-5
BPDU guard
described 16-2
enabling 16-11
support for 1-5
bridge protocol data unit
broadcast storm control
configuring 19-2
disabling 19-3
C
cables, monitoring for unidirectional links 21-1
candidate switch
adding 5-16
automatic discovery 5-5
defined 5-4
HC 5-18
passwords 5-17
requirements 5-4
standby group 5-18
See also command switch, cluster standby group, and member switch
caution, described xxviii
CC (command switch) 5-19
CDP
and trusted boundary 27-7
automatic discovery in switch clusters 5-5
configuring 20-2
default configuration 20-2
described 20-1
disabling for routing device 20-3, 20-4
enabling and disabling
on an interface 20-4
on a switch 20-3
monitoring 20-5
overview 20-1
support for 1-4
transmission timer and holdtime, setting 20-2
updates 20-2
CGMP
as IGMP snooping learning method 18-8
joining multicast group 18-3
Cisco Discovery Protocol
Cisco IOS File System
class of service
clearing interfaces 9-17
CLI
abbreviating commands 2-4
command modes 2-1
described 1-3
editing features
enabling and disabling 2-7
keystroke editing 2-7
wrapped lines 2-8
error messages 2-5
filtering command output 2-9
getting help 2-3
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
managing clusters 5-21
no and default forms of commands 2-4
client mode, VTP 12-3
clock
Cluster Management Suite
clusters, switch
accessing 5-13
adding member switches 5-16
automatic discovery 5-5
automatic recovery 5-10
benefits 1-2
command switch configuration 5-16
compatibility 5-4
creating 5-15
creating a cluster standby group 5-18
described 5-1
LRE profile considerations 5-15
managing
through CLI 5-21
through SNMP 5-21
planning 5-4
planning considerations
automatic discovery 5-5
automatic recovery 5-10
CLI 5-21
host names 5-13
IP addresses 5-13
LRE profiles 5-15
passwords 5-14
RADIUS 5-14
switch-specific features 5-15
TACACS+ 5-14
redundancy 5-18
troubleshooting 5-20
verifying 5-20
cluster standby group
automatic recovery 5-12
considerations 5-11
creating 5-18
defined 5-2
requirements 5-3
virtual IP address 5-11
CMS
benefits 1-2
configuration modes 3-5
Front Panel view
described 3-2
operating systems and supported browsers 3-8
Topology view 3-14
wizards 3-6
Coarse Wave Division Multiplexer
command-line interface
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
setting privilege levels 7-8
command switch
accessing 5-11
command switch with HSRP disabled (CC) 5-19
configuration conflicts 29-10
defined 5-2
enabling 5-16
password privilege levels 5-21
priority 5-10
recovery
from command-switch failure 5-10
from failure 29-6
from lost member connectivity 29-10
replacing
with another switch 29-9
with cluster member 29-7
requirements 5-3
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
for cluster switches 25-4
in clusters 5-14
overview 25-3
SNMP 5-14
config.text 4-12
configuration conflicts, recovering from lost member connectivity 29-10
configuration examples, network 1-10
configuration files
clearing the startup configuration B-19
creating using a text editor B-10
default name 4-12
deleting a stored configuration B-19
described B-8
downloading
automatically 4-13
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-11
guidelines for creating and using B-9
invalid combinations when copying B-5
limiting TFTP server access 25-13
obtaining with DHCP 4-7
password recovery disable considerations 7-5
specifying the filename 4-13
system contact and location information 25-12
types and location B-9
uploading
reasons for B-8
using FTP B-15
using RCP B-18
using TFTP B-11
VMPS database 11-22
configuration modes, CMS 3-5
configuration settings, saving 4-11
configure terminal command 9-5
conflicts, configuration 29-10
connections, secure remote 7-38
connectivity problems 29-11
consistency checks in VTP version 2 12-4
console port, connecting to 2-10
conventions
command xxviii
for examples xxviii
publication xxviii
text xxviii
CoS
configuring 27-2
configuring priority queues 27-9
defining 27-3
override priority 13-5
trust priority 13-5
counters, clearing interface 9-17
crashinfo file 29-16
cryptographic software image
Kerberos 7-32
SSH 7-37
CWDM 1-15
CWDM SFPs 1-15
D
daylight saving time 6-14
debugging
enabling all system diagnostics 29-15
enabling for a specific feature 29-14
redirecting error message output 29-15
using commands 29-14
default commands 2-4
default configuration
802.1X 8-10
banners 6-19
booting 4-12
CDP 20-2
DHCP 17-3
DNS 6-18
EtherChannel 28-9
IGMP filtering 18-21
IGMP snooping 18-7
IGMP throttling 18-21
initial switch information 4-3
Layer 2 interfaces 9-9
MAC address table 6-23
MSTP 15-12
MVR 18-16
NTP 6-4
optional spanning-tree features 16-10
password and privilege level 7-2
QoS 27-4
RADIUS 7-20
RMON 23-3
RSPAN 22-5
SNMP 25-5
SPAN 22-5
STP 14-11
system message logging 24-3
system name and prompt 6-16
TACACS+ 7-13
UDLD 21-4
VLAN, Layer 2 Ethernet interfaces 11-13
VLANs 11-6
VMPS 11-22
voice VLAN 13-2
VTP 12-6
default gateway 4-10
deleting VLANs 11-8
description command 9-14
designing your network, examples 1-10
destination addresses, in ACLs 26-9
destination-IP address based forwarding, EtherChannel 28-7
destination-MAC address forwarding, EtherChannel 28-7
detecting indirect link failures, STP 16-5
device discovery protocol 20-1
Device Manager 3-14
DHCP-based autoconfiguration
client request message exchange 4-4
configuring
client side 4-3
DNS 4-6
relay device 4-6
server-side 4-5
TFTP server 4-6
example 4-8
lease options
for IP address information 4-5
for receiving the configuration file 4-5
overview 4-3
relationship to BOOTP 4-4
relay support 1-4
support for 1-4
DHCP option 82
configuration guidelines 17-3
default configuration 17-3
displaying 17-5
overview 17-2
DHCP snooping
configuration guidelines 17-3
default configuration 17-3
displaying binding tables 17-5
displaying configuration 17-5
message exchange process 17-2
option 82 data insertion 17-2
directed unicast requests 1-4
directories
changing B-3
creating and removing B-4
displaying the working B-3
discovery, clusters
DNS
and DHCP-based autoconfiguration 4-6
default configuration 6-18
displaying the configuration 6-19
overview 6-17
setting up 6-18
support for 1-4
documentation
related xxix
document conventions xxviii
domain names
DNS 6-17
VTP 12-8
Domain Name System
downloading
configuration files
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-11
image files
deleting old image B-24
reasons for B-20
using FTP B-26
using RCP B-31
using TFTP B-23
DSCP 1-6
dynamic access ports
characteristics 11-3
configuring 11-24
defined 9-3
dynamic addresses
dynamic desirable trunking mode 11-12
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 11-21
troubleshooting 11-26
types of connections 11-24
VMPS database configuration file 11-22
Dynamic Trunking Protocol
E
editing features
enabling and disabling 2-7
keystrokes used 2-7
wrapped lines 2-8
enable password 7-4
enable secret password 7-4
encapsulation 27-2
encryption for passwords 7-4
environment variables
function of 4-16
error messages during command entry 2-5
EtherChannel
802.3AD, described 28-5
automatic creation of 28-3, 28-5
channel groups
binding physical and logical interfaces 28-3
numbering of 28-3
configuration guidelines 28-9
configuring Layer 2 interfaces 28-10
default configuration 28-9
described 28-2
displaying status 28-17
forwarding methods 28-6, 28-12
interaction
with STP 28-9
with VLANs 28-10
LACP
described 28-5
displaying status 28-17
hot-standby ports 28-15
interaction with other features 28-6
modes 28-6
port priority 28-16
system priority 28-15
LACP, support for 1-3
number of interfaces per 28-2
PAgP
aggregate-port learners 28-13
compatibility with Catalyst 1900 28-13
described 28-3
displaying status 28-17
interaction with other features 28-5
learn method and priority configuration 28-13
modes 28-4
silent mode 28-5
support for 1-3
port-channel interfaces
described 28-3
numbering of 28-3
port groups 9-4
support for 1-3
EtherChannel guard
described 16-7
enabling 16-14
Ethernet VLANs
adding 11-7
defaults and ranges 11-7
modifying 11-7
events, RMON 23-3
examples
conventions for xxviii
network configuration 1-10
expert mode 3-6
Express Setup 3-11
extended system ID
MSTP 15-14
Extensible Authentication Protocol over LAN 8-1
F
fallback VLAN name 11-22
fiber-optic, detecting unidirectional links 21-1
files
copying B-4
deleting B-5
displaying the contents of B-7
tar
creating B-6
displaying the contents of B-6
extracting B-7
image file format B-21
files, crashinfo
description 29-16
displaying the contents of 29-16
location 29-16
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-4
setting the default B-3
filtering
in a VLAN 26-22
non-IP traffic 26-20
show and more command output 2-9
filtering show and more command output 2-9
filters, IP
Flash device, number of B-1
flow-based packet classification 1-6
forward-delay time
MSTP 15-20
forwarding
FTP
accessing MIB files A-3
configuration files
downloading B-13
overview B-12
preparing the server B-13
uploading B-15
image files
deleting old image B-28
downloading B-26
preparing the server B-25
uploading B-28
G
GBICs
security and identification 29-11
get-bulk-request operation 25-3
get-next-request operation 25-3, 25-4
get-request operation 25-3, 25-4
get-response operation 25-3
global configuration mode 2-2
guest VLAN and 802.1X 8-8
guide
audience xxvii
purpose of xxvii
H
HC (candidate switch) 5-18
hello time
MSTP 15-19
STP 14-20
help, for the command line 2-3
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 24-9
host names
abbreviations appended to 5-18
in clusters 5-13
hosts, limit on dynamic ports 11-26
HP OpenView 1-3
HSRP
automatic cluster recovery 5-12
cluster standby group considerations 5-11
See also clusters, cluster standby group, and standby command switch
I
ICMP ping
executing 29-12
overview 29-11
IDS, using with SPAN 22-2
IEEE 802.1p 13-1
IFS 1-4
IGMP
joining multicast group 18-3
join messages 18-3
leave processing, enabling 18-10
leaving multicast group 18-5
queries 18-4
report suppression
described 18-6
disabling 18-11
support for 1-3
IGMP filtering
configuring 18-21
default configuration 18-21
described 18-20
monitoring 18-25
support for 1-3
IGMP groups
configuring the filtering action 18-24
setting the maximum number 18-23
IGMP profile
applying 18-22
configuration mode 18-21
configuring 18-21
IGMP snooping
and address aliasing 18-2
configuring 18-6
default configuration 18-7
definition 18-2
enabling and disabling 18-7
global configuration 18-7
Immediate Leave 18-6
method 18-8
monitoring 18-12
support for 1-3
VLAN configuration 18-7
IGMP throttling
configuring 18-24
default configuration 18-21
described 18-20
displaying action 18-25
Immediate-Leave, IGMP 18-6
ingress port scheduling 27-3
initial configuration
defaults 1-8
See also hardware installation guide
interface
number 9-5
range macros 9-7
interface command 9-5
interface configuration mode 2-3
interfaces
configuration guidelines 9-10
configuring 9-5
configuring speed 9-10
counters, clearing 9-17
described 9-14
descriptive name, adding 9-14
displaying information about 9-16
flow control 9-12
management 1-3
monitoring 9-16
naming 9-14
physical, identifying 9-5
range of 9-6
restarting 9-17
shutting down 9-17
supported 9-5
types of 9-1
interfaces range macro command 9-7
interface types 9-5
Inter-Switch Link
Intrusion Detection System
inventory, cluster 5-20
IOS File System
ip access group command 26-17
IP ACLs
applying to an interface 26-16
extended, creating 26-8
implicit deny 26-8, 26-11, 26-13
implicit masks 26-8
named 26-11
standard, creating 26-7
undefined 26-17
virtual terminal lines, setting on 26-16
IP addresses
cluster access 5-2
command switch 5-3, 5-11, 5-13
discovering 6-29
redundant clusters 5-11
standby command switch 5-11, 5-13
ip igmp profile command 18-21
IP information
assigned
manually 4-10
through DHCP-based autoconfiguration 4-3
default configuration 4-3
IP phones
and QoS 13-1
configuring 13-3
trusted boundary for QoS 27-7
IP protocols in ACLs 26-9
ISL
and trunk ports 9-3
encapsulation 1-5
J
join messages, IGMP 18-3
K
KDC
described 7-32
Kerberos
authenticating to
boundary switch 7-35
KDC 7-35
network services 7-35
configuration examples 7-32
configuring 7-36
credentials 7-32
cryptographic software image 7-32
described 7-32
KDC 7-32
operation 7-34
realm 7-33
server 7-33
support for 1-6
switch as trusted third party 7-32
terms 7-33
TGT 7-34
tickets 7-32
key distribution center
L
LACP
Layer 2 frames, classification with CoS 27-1
Layer 2 interfaces, default configuration 9-9
Layer 2 traceroute
and ARP 29-13
and CDP 29-13
described 29-13
IP addresses and subnets 29-13
MAC addresses and VLANs 29-13
multicast traffic 29-13
multiple devices on a port 29-14
unicast traffic 29-13
usage guidelines 29-13
leave processing, IGMP 18-10
line configuration mode 2-3
Link Aggregation Control Protocol
links, unidirectional 21-1
login authentication
with RADIUS 7-23
with TACACS+ 7-14
login banners 6-19
log messages
Long-Reach Ethernet (LRE) technology 1-11
loop guard
described 16-9
enabling 16-16
support for 1-5
LRE profiles, considerations in switch clusters 5-15
M
MAC addresses
aging time 6-23
and VLAN association 6-23
building the address table 6-22
default configuration 6-23
discovering 6-29
displaying 6-28
displaying in DHCP snooping binding table 17-5
dynamic
learning 6-22
removing 6-24
in ACLs 26-20
static
adding 6-27
allowing 6-28
characteristics of 6-26
dropping 6-28
removing 6-27
sticky secure, adding 19-5
MAC address notification, support for 1-7
MAC address-to-VLAN mapping 11-21
MAC extended access lists
applying to Layer 2 interfaces 26-21
creating 26-20
defined 26-20
macros
manageability features 1-4
management access
in-band
browser session 1-4
CLI session 1-4
SNMP 1-4
out-of-band console port connection 1-4
management options
benefits
clustering 1-2
CMS 1-2
CLI 2-1
overview 1-3
management VLAN
considerations in switch clusters 5-8
discovery through different management VLANs 5-8
matching, ACLs 26-6
maximum aging time
MSTP 15-21
STP 14-21
maximum hop count, MSTP 15-21
membership mode, VLAN port 11-3
member switch
adding 5-16
automatic discovery 5-5
defined 5-2
managing 5-21
passwords 5-13
recovering from lost connectivity 29-10
requirements 5-4
See also candidate switch, cluster standby group, and standby command switch
menu bar
variations 3-4
messages
to users through banners 6-19
MIBs
accessing files with FTP A-3
location of files A-3
overview 25-1
SNMP interaction with 25-4
supported A-1
mirroring traffic for analysis 22-1
mismatches, autonegotiation 29-10
module number 9-5
monitoring
access groups 26-29
ACL configuration 26-29
cables for unidirectional links 21-1
CDP 20-5
features 1-7
IGMP
filters 18-25
snooping 18-12
interfaces 9-16
multicast router interfaces 18-12
MVR 18-19
network traffic for analysis with probe 22-1
port
protection 19-11
port protection 19-11
speed and duplex mode 9-11
traffic flowing among switches 23-1
traffic suppression 19-11
VLAN
filters 26-29
maps 26-29
VLANs 11-10
VMPS 11-26
MSTP
boundary ports
configuration guidelines 15-13
described 15-5
BPDU filtering
described 16-3
enabling 16-12
BPDU guard
described 16-2
enabling 16-11
CIST, described 15-3
configuration guidelines 15-12, 16-10
configuring
forward-delay time 15-20
hello time 15-19
link type for rapid convergence 15-22
maximum aging time 15-21
maximum hop count 15-21
MST region 15-13
path cost 15-18
port priority 15-17
root switch 15-14
secondary root switch 15-16
switch priority 15-19
CST
defined 15-3
operations between regions 15-4
default configuration 15-12
default optional feature configuration 16-10
displaying status 15-23
enabling the mode 15-13
EtherChannel guard
described 16-7
enabling 16-14
extended system ID
effects on root switch 15-14
effects on secondary root switch 15-16
unexpected behavior 15-15
instances supported 14-9
interface state, blocking to forwarding 16-2
interoperability and compatibility among modes 14-10
interoperability with 802.1D
described 15-5
restarting migration process 15-22
IST
defined 15-3
master 15-3
operations within a region 15-3
loop guard
described 16-9
enabling 16-16
mapping VLANs to MST instance 15-13
MST region
CIST 15-3
configuring 15-13
described 15-2
hop-count mechanism 15-5
IST 15-3
supported spanning-tree instances 15-2
optional features supported 1-5
overview 15-2
Port Fast
described 16-2
enabling 16-10
preventing root switch selection 16-8
root guard
described 16-8
enabling 16-15
root switch
configuring 15-15
effects of extended system ID 15-14
unexpected behavior 15-15
shutdown Port Fast-enabled port 16-2
status, displaying 15-23
multicast groups
Immediate Leave 18-6
joining 18-3
leaving 18-5
static joins 18-10
multicast router interfaces, monitoring 18-12
multicast router ports, adding 18-9
Multicast VLAN Registration
Multiple Spanning Tree Protocol
MVR
and address aliasing 18-16
configuring interfaces 18-18
default configuration 18-16
described 18-13
modes 18-17
monitoring 18-19
setting global parameters 18-16
support for 1-3
N
named IP ACLs 26-11
native VLAN
configuring 11-16
default 11-16
network configuration examples
increasing network performance 1-10
long-distance, high-bandwidth transport 1-15
providing network services 1-11
server aggregation and Linux server cluster 1-13
small to medium-sized network 1-14
network design
performance 1-10
services 1-11
network management
CDP 20-1
RMON 23-1
SNMP 25-1
Network Time Protocol
no commands 2-4
non-IP traffic filtering 26-20
nontrunking mode 11-12
normal-range VLANs
configuration modes 11-5
defined 11-1
note, described xxviii
NTP
associations
authenticating 6-5
defined 6-2
enabling broadcast messages 6-7
peer 6-6
server 6-6
default configuration 6-4
displaying the configuration 6-11
overview 6-2
restricting access
creating an access group 6-9
disabling NTP services per interface 6-10
source IP address, configuring 6-10
stratum 6-2
support for 1-4
synchronizing devices 6-6
time
services 6-2
synchronizing 6-2
O
options, management 1-3
out-of-profile markdown 1-7
P
PAgP
pass-through mode 27-8
passwords
default configuration 7-2
disabling recovery of 7-5
encrypting 7-4
for security 1-5
overview 7-1
setting
enable 7-3
enable secret 7-4
Telnet 7-6
with usernames 7-7
VTP domain 12-8
path cost
MSTP 15-18
STP 14-18
PC (passive command switch) 5-10, 5-18
performance, network design 1-10
performance features 1-3
per-VLAN spanning-tree plus
physical ports 9-2
PIM-DVMRP, as snooping method 18-8
ping
character output description 29-12
executing 29-12
overview 29-11
port ACLs
defined 26-2
types of 26-2
Port Aggregation Protocol
port-based authentication
authentication server
defined 8-2
RADIUS server 8-2
client, defined 8-2
configuration guidelines 8-11
configuring
802.1X authentication 8-12
guest VLAN 8-18
host mode 8-17
manual re-authentication of a client 8-15
periodic re-authentication 8-14
quiet period 8-15
RADIUS server 8-14
RADIUS server parameters on the switch 8-13
switch-to-client frame-retransmission number 8-17
switch-to-client retransmission time 8-16
default configuration 8-10
described 8-1
device roles 8-2
displaying statistics 8-19
EAPOL-start frame 8-3
EAP-request/identity frame 8-3
EAP-response/identity frame 8-3
encapsulation 8-2
guest VLAN
configuration guidelines 8-8
described 8-8
initiation and message exchange 8-3
method lists 8-12
multiple-hosts mode, described 8-17
per-user ACLs
AAA authorization 8-12
configuration tasks 8-9
described 8-9
RADIUS server attributes 8-9
ports
authorization state and dot1x port-control command 8-4
authorized and unauthorized 8-4
voice VLAN 8-6
port security
and voice VLAN 8-6
described 8-6
interactions 8-6
multiple-hosts mode 8-18
resetting to default values 8-19
statistics, displaying 8-19
switch
as proxy 8-2
RADIUS client 8-2
topologies, supported 8-5
upgrading from a previous release 8-12
VLAN assignment
AAA authorization 8-12
characteristics 8-7
configuration tasks 8-8
described 8-7
voice VLAN
described 8-6
PVID 8-6
VVID 8-6
port blocking 1-3
port-channel
Port Fast
described 16-2
enabling 16-10
mode, spanning tree 11-22
support for 1-5
port membership modes, VLAN 11-3
port priority
MSTP 15-17
STP 14-17
ports
access 9-2
dynamic access 11-3
priority 27-2
protected 19-3
secure 19-5
switch 9-2
trunks 11-11
VLAN assignments 11-9
port security
aging 19-10
configuring 19-8
default configuration 19-7
described 19-5
displaying 19-11
sticky learning 19-5
violations 19-6
with other features 19-7
port-shutdown response, VMPS 11-21
preferential treatment of traffic
preventing unauthorized access 7-1
priority
overriding CoS 13-5
port, described 27-2
trusting CoS 13-5
private VLAN edge ports
privileged EXEC mode 2-2
privilege levels
changing the default for lines 7-9
command switch 5-21
exiting 7-10
logging into 7-10
mapping on member switches 5-21
setting a command with 7-8
pruning, VTP
enabling 12-13
enabling on a port 11-16
examples 12-5
overview 12-4
pruning-eligible list
changing 11-16
for VTP pruning 12-4
VLANs 12-13
PVST+
802.1Q trunking interoperability 14-10
described 14-9
instances supported 14-9
Q
QoS
classification
in frames and packets 27-2
pass-through mode, described 27-8
trusted boundary, described 27-7
configuring
CoS and WRR 27-9
default port CoS value 27-6
egress queues 27-9
port trust states within the domain 27-4
trusted boundary 27-7
default configuration 27-4
ingress port scheduling 27-3
IP phones, detection and trusted settings 27-7
overview 27-1
pass-through mode 27-8
support for 1-6
trusted boundary 27-7
understanding 27-1
quality of service
queries, IGMP 18-4
R
RADIUS
attributes
vendor-proprietary 7-31
vendor-specific 7-29
configuring
accounting 7-28
authentication 7-23
authorization 7-27
communication, global 7-21, 7-29
communication, per-server 7-21
multiple UDP ports 7-21
default configuration 7-20
defining AAA server groups 7-25
displaying the configuration 7-31
identifying the server 7-21
in clusters 5-14
limiting the services to the user 7-27
method list, defined 7-20
operation of 7-19
overview 7-18
suggested network environments 7-18
support for 1-6
tracking services accessed by user 7-28
range
macro 9-7
of interfaces 9-6
rapid convergence 15-7
rapid per-VLAN spanning-tree plus
rapid PVST+
802.1Q trunking interoperability 14-10
described 14-9
instances supported 14-9
Rapid Spanning Tree Protocol
rcommand command 5-21
RCP
configuration files
downloading B-17
overview B-16
preparing the server B-16
uploading B-18
image files
deleting old image B-32
downloading B-31
preparing the server B-29
uploading B-33
reconfirmation interval, VMPS, changing 11-25
recovery procedures 29-1
redundancy
EtherChannel 28-2
STP
backbone 14-7
path cost 11-19
port priority 11-17
redundant clusters
redundant links and UplinkFast 16-13
reloading software 4-17
Remote Authentication Dial-In User Service
Remote Copy Protocol
Remote Network Monitoring
report suppression, IGMP
described 18-6
disabling 18-11
resetting a UDLD-shutdown interface 21-6
restricting access
NTP services 6-8
overview 7-1
passwords and privilege levels 7-2
RADIUS 7-18
TACACS+ 7-10
retry count, VMPS, changing 11-25
RFC
1112, IP multicast and IGMP 18-2
1157, SNMPv1 25-2
1305, NTP 6-2
1757, RMON 23-2
1901, SNMPv2C 25-2
1902 to 1907, SNMPv2 25-2
2236, IP multicast and IGMP 18-2
2273-2275, SNMPv3 25-2
RMON
default configuration 23-3
displaying status 23-6
enabling alarms and events 23-3
groups supported 23-2
overview 23-1
statistics
collecting group Ethernet 23-5
collecting group history 23-5
support for 1-7
root guard
described 16-8
enabling 16-15
support for 1-5
root switch
MSTP 15-14
STP 14-14
RSPAN
default configuration 22-5
displaying status 22-10
interaction with other features 22-5
sessions
defined 22-3
RSTP
active topology, determining 15-6
BPDU
format 15-9
processing 15-10
designated port, defined 15-6
designated switch, defined 15-6
interoperability with 802.1D
described 15-5
restarting migration process 15-22
topology changes 15-10
overview 15-6
port roles
described 15-6
synchronized 15-8
proposal-agreement handshake process 15-7
rapid convergence
described 15-7
edge ports and Port Fast 15-7
point-to-point links 15-7, 15-22
root ports 15-7
root port, defined 15-6
running configuration, saving 4-11
S
SC (standby command switch) 5-10, 5-18
scheduled reloads 4-17
secure ports, configuring 19-5
secure remote connections 7-38
security, port 19-5
security features 1-5
sequence numbers in log messages 24-7
server mode, VTP 12-3
service-provider network
MSTP and RSTP 15-1
set-request operation 25-4
setup program, failed command switch replacement 29-7, 29-9
severity levels, defining in system messages 24-8
shaped round robin
show access-lists hw-summary command 26-17
show and more command output, filtering 2-9
show cdp traffic command 20-5
show cluster members command 5-21
show configuration command 9-14
show interfaces command 9-11, 9-14
show running-config command
displaying ACLs 26-16, 26-17, 26-23, 26-26
interface description in 9-14
shutdown command on interfaces 9-17
Simple Network Management Protocol
SmartPort macros
configuration guidelines 10-2
creating and applying 10-3
default configuration 10-2
defined 10-1
displaying 10-4
tracing 10-2
SNAP 20-1
SNMP
accessing MIB variables with 25-4
agent
described 25-3
disabling 25-6
community strings
configuring 25-7
for cluster switches 25-4
overview 25-3
configuration examples 25-13
default configuration 25-5
groups 25-8
in-band management 1-4
in clusters 5-14
informs
and trap keyword 25-10
described 25-4
differences from traps 25-5
enabling 25-12
limiting access by TFTP servers 25-13
limiting system log messages to NMS 24-9
managing clusters with 5-21
MIBs
location of A-3
supported A-1
notifications 25-4
status, displaying 25-14
system contact and location 25-12
trap manager, configuring 25-11
traps
differences from informs 25-5
enabling 25-10
enabling MAC address notification 6-24
types of 25-10
users 25-8
versions supported 25-2
snooping, IGMP 18-2
software images
location in Flash B-20
recovery procedures 29-2
scheduling reloads 4-17
tar file format, described B-21
See also downloading and uploading
source addresses, in ACLs 26-9
source-and-destination-IP address based forwarding, EtherChannel 28-7
source-and-destination MAC address forwarding, EtherChannel 28-7
source-IP address based forwarding, EtherChannel 28-7
source-MAC address forwarding, EtherChannel 28-7
SPAN
configuration guidelines 22-6
default configuration 22-5
destination ports 22-4
displaying status 22-10
IDS 22-2
interaction with other features 22-5
monitored ports 22-3
monitoring ports 22-4
received traffic 22-3
session limits 22-5
sessions
creating 22-7
defined 22-3
removing destination (monitoring) ports 22-9
removing source (monitored) ports 22-9
specifying monitored ports 22-7
source ports 22-3
transmitted traffic 22-3
spanning tree and native VLANs 11-12
Spanning Tree Protocol
speed, configuring on interfaces 9-10
SRR
support for 1-7
SSH
configuring 7-39
cryptographic software image 7-37
encryption methods 7-38
user authentication methods, supported 7-38
Standby Command Configuration window 5-19
standby command switch
considerations 5-11
defined 5-2
priority 5-10
requirements 5-3
virtual IP address 5-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
startup configuration
booting
manually 4-13
specific image 4-14
clearing B-19
configuration file
automatically downloading 4-13
specifying the filename 4-13
default boot configuration 4-12
static access ports
assigning to VLAN 11-9
static addresses
static MAC addressing 1-6
static VLAN membership 11-2
statistics
802.1X 8-19
CDP 20-5
interface 9-16
RMON group Ethernet 23-5
RMON group history 23-5
SNMP input and output 25-14
VTP 12-14
sticky learning
configuration file 19-5
defined 19-5
disabling 19-5
enabling 19-5
saving addresses 19-5
storm control
described 19-1
displaying 19-11
support for 1-3
STP
accelerating root port selection 16-4
BackboneFast
described 16-5
enabling 16-14
BPDU filtering
described 16-3
enabling 16-12
BPDU guard
described 16-2
enabling 16-11
BPDU message exchange 14-2
configuration guidelines 14-12, 16-10
configuring
forward-delay time 14-21
hello time 14-20
maximum aging time 14-21
path cost 14-18
port priority 14-17
root switch 14-14
secondary root switch 14-16
spanning-tree mode 14-13
switch priority 14-19
counters, clearing 14-22
default configuration 14-11
default optional feature configuration 16-10
designated port, defined 14-3
designated switch, defined 14-3
detecting indirect link failures 16-5
disabling 14-13
displaying status 14-22
EtherChannel guard
described 16-7
enabling 16-14
extended system ID
affects on root switch 14-14
affects on the secondary root switch 14-16
overview 14-3
unexpected behavior 14-15
features supported 1-4
inferior BPDU 14-3
instances supported 14-9
interface state, blocking to forwarding 16-2
interface states
blocking 14-5
disabled 14-6
learning 14-6
listening 14-6
overview 14-4
interoperability and compatibility among modes 14-10
limitations with 802.1Q trunks 14-10
load sharing
overview 11-17
using path costs 11-19
using port priorities 11-17
loop guard
described 16-9
enabling 16-16
modes supported 14-9
multicast addresses, affect of 14-8
optional features supported 1-5
overview 14-2
path costs 11-19
Port Fast
described 16-2
enabling 16-10
port priorities 11-18
preventing root switch selection 16-8
protocols supported 14-9
redundant connectivity 14-7
root guard
described 16-8
enabling 16-15
root port, defined 14-3
root switch
affects of extended system ID 14-3, 14-14
configuring 14-14
election 14-3
unexpected behavior 14-15
shutdown Port Fast-enabled port 16-2
superior BPDU 14-3
timers, described 14-20
UplinkFast
described 16-3
enabling 16-13
stratum, NTP 6-2
summer time 6-14
SunNet Manager 1-3
switch clustering technology 5-1
See also clusters, switch 1-2
switch console port 1-4
switched ports 9-2
Switch Manager 3-14
switchport protected command 19-4
switch priority
MSTP 15-19
STP 14-19
switch software features 1-1
syslog
system clock
configuring
daylight saving time 6-14
manually 6-12
summer time 6-14
time zones 6-13
displaying the time and date 6-12
overview 6-2
system message logging
default configuration 24-3
defining error message severity levels 24-8
disabling 24-4
displaying the configuration 24-12
enabling 24-4
facility keywords, described 24-12
level keywords, described 24-8
limiting messages 24-9
message format 24-2
overview 24-1
sequence numbers, enabling and disabling 24-7
setting the display destination device 24-4
synchronizing log messages 24-5
syslog facility 1-7
time stamps, enabling and disabling 24-7
UNIX syslog servers
configuring the daemon 24-10
configuring the logging facility 24-11
facilities supported 24-12
system name
default configuration 6-16
default setting 6-16
manual configuration 6-16
system prompt
default setting 6-16
manual configuration 6-17
T
TACACS+
accounting, defined 7-11
authentication, defined 7-11
authorization, defined 7-11
configuring
accounting 7-17
authentication key 7-13
authorization 7-16
login authentication 7-14
default configuration 7-13
displaying the configuration 7-17
identifying the server 7-13
in clusters 5-14
limiting the services to the user 7-16
operation of 7-12
overview 7-10
support for 1-6
tracking services accessed by user 7-17
tar files
creating B-6
displaying the contents of B-6
extracting B-7
image file format B-21
TDR 1-7
Telnet
accessing management interfaces 2-10
from a browser 2-10
number of connections 1-4
setting a password 7-6
Terminal Access Controller Access Control System Plus
terminal lines, setting a password 7-6
TFTP
configuration files
downloading B-11
preparing the server B-10
uploading B-11
configuration files in base directory 4-6
configuring for autoconfiguration 4-6
image files
deleting B-24
downloading B-23
preparing the server B-22
uploading B-24
limiting access by servers 25-13
TFTP server 1-4
time
Time Domain Reflector
time-range command 26-13
time ranges in ACLs 26-13
time stamps in log messages 24-7
time zones 6-13
Token Ring VLANs
support for 11-5
VTP support 12-4
Topology view
TOS 1-6
traceroute, Layer 2
and ARP 29-13
and CDP 29-13
described 29-13
IP addresses and subnets 29-13
MAC addresses and VLANs 29-13
multicast traffic 29-13
multiple devices on a port 29-14
unicast traffic 29-13
usage guidelines 29-13
traffic
fragmented 26-4
unfragmented 26-4
traffic policing 1-7
transparent mode, VTP 12-3, 12-11
trap-door mechanism 4-2
traps
configuring MAC address notification 6-24
configuring managers 25-10
defined 25-3
notification types 25-10
troubleshooting
connectivity problems 29-11
detecting unidirectional links 21-1
displaying crash information 29-16
GBIC security and identification 29-11
with CiscoWorks 25-4
with debug commands 29-14
with ping 29-11
with system message logging 24-1
trunking encapsulation 1-5
trunk ports
configuring 11-14
defined 9-3
trunks
allowed-VLAN list 11-15
load sharing
setting STP path costs 11-19
using STP port priorities 11-17, 11-18
native VLAN for untagged traffic 11-16
parallel 11-19
pruning-eligible list 11-16
to non-DTP device 11-11
VLAN 1 minimization 11-15
trusted boundary 27-7
trusted port states
support for 1-6
twisted-pair Ethernet, detecting unidirectional links 21-1
type of service
U
UDLD
default configuration 21-4
echoing detection mechanism 21-3
enabling
globally 21-5
per interface 21-5
link-detection mechanism 21-1
neighbor database 21-2
overview 21-1
resetting an interface 21-6
status, displaying 21-7
support for 1-4
unauthorized ports with 802.1X 8-4
unicast MAC address filtering 1-4
and adding static addresses 6-27
and broadcast MAC addresses 6-27
and CPU packets 6-27
and multicast addresses 6-27
and router MAC addresses 6-27
configuration guidelines 6-27
described 6-27
UniDirectional Link Detection protocol
UNIX syslog servers
daemon configuration 24-10
facilities supported 24-12
message logging configuration 24-11
unrecognized Type-Length-Value (TLV) support 12-4
upgrading software images
UplinkFast
described 16-3
enabling 16-13
support for 1-5
uploading
configuration files
reasons for B-8
using FTP B-15
using RCP B-18
using TFTP B-11
image files
reasons for B-20
using FTP B-28
using RCP B-33
using TFTP B-24
user EXEC mode 2-2
username-based authentication 7-7
V
version-dependent transparent mode 12-4
virtual IP address
cluster standby group 5-11, 5-19
vlan.dat file 11-4
VLAN ACLs
VLAN configuration
at bootup 11-6
saving 11-6
VLAN configuration mode 2-2, 11-6
VLAN database
and startup configuration file 11-6
and VTP 12-1
VLAN configuration saved in 11-6
VLANs saved in 11-4
vlan database command 11-6
vlan global configuration command 11-5
VLAN ID, discovering 6-29
VLAN management domain 12-2
VLAN Management Policy Server
VLAN map entries, order of 26-23
VLAN maps
applying 26-26
common uses for 26-26
configuration example 26-27
configuration guidelines 26-23
configuring 26-22
creating 26-23
denying access example 26-28
denying and permitting packets 26-24
displaying 26-29
examples 26-28
support for 1-6
with router ACLs 26-29
VLAN membership
confirming 11-24
modes 11-3
VLAN Query Protocol
VLANs
adding 11-7
adding to VLAN database 11-7
aging dynamic addresses 14-8
allowed on trunk 11-15
and spanning-tree instances 11-2
configuration guidelines, normal-range VLANs 11-5
configuration options 11-5
configuring 11-1
creating in config-vlan mode 11-7
creating in VLAN configuration mode 11-8
default configuration 11-6
deleting 11-8
displaying 11-10
features 1-5
illustrated 11-2
modifying 11-7
native, configuring 11-16
number supported 1-5
parameters 11-4
port membership modes 11-3
static-access ports 11-9
STP and 802.1Q trunks 14-10
supported 11-2
Token Ring 11-5
trunks, VLAN 1 minimization 11-15
VTP modes 12-3
VLAN Trunking Protocol
VLAN trunks 11-11
VMPS
administering 11-26
configuration example 11-27
configuration guidelines 11-22
default configuration 11-22
description 11-20
dynamic port membership
described 11-21
reconfirming 11-25
troubleshooting 11-26
entering server address 11-23
mapping MAC addresses to VLANs 11-21
monitoring 11-26
reconfirmation interval, changing 11-25
reconfirming membership 11-24
retry count, changing 11-25
voice VLAN
Cisco 7960 phone, port connections 13-1
configuration guidelines 13-3
configuring IP phones for data traffic
override CoS of incoming frame 13-5
trust CoS priority of incoming frame 13-5
configuring ports for voice traffic in
802.1p priority tagged frames 13-4
802.1Q frames 13-4
connecting to an IP phone 13-3
default configuration 13-2
described 13-1
displaying 13-6
VTP
adding a client to a domain 12-13
and normal-range VLANs 12-1
client mode, configuring 12-10
configuration
global configuration mode 12-7
guidelines 12-8
privileged EXEC mode 12-7
requirements 12-9
saving 12-7
VLAN configuration mode 12-7
configuration mode options 12-7
configuration requirements 12-9
configuration revision number
guideline 12-13
resetting 12-14
configuring
client mode 12-10
server mode 12-9
transparent mode 12-11
consistency checks 12-4
default configuration 12-6
described 12-1
disabling 12-11
domain names 12-8
domains 12-2
modes
transitions 12-3
monitoring 12-14
passwords 12-8
pruning
disabling 12-13
enabling 12-13
examples 12-5
overview 12-4
support for 1-5
pruning-eligible list, changing 11-16
server mode, configuring 12-9
statistics 12-14
support for 1-5
Token Ring support 12-4
transparent mode, configuring 12-11
using 12-1
version, guidelines 12-8
version 1 12-4
version 2
configuration guidelines 12-8
disabling 12-12
enabling 12-12
overview 12-4
W
Weighted Round Robin
weighted tail drop
WRR
configuring 27-9
defining 27-3
description 27-3
WTD
support for 1-7
X
Xmodem protocol 29-2