Catalyst 2970 Switch Software Configuration Guide, 12.1(19)EA1
Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -

Index

Numerics

802.1D

See STP

802.1Q

and trunk ports     9-3

configuration limitations     11-12

encapsulation     11-11

native VLAN for untagged traffic     11-16

802.1S

See MSTP

802.1W

See RSTP

802.1X

See port-based authentication

802.3AD

See EtherChannel

802.3Z flow control     9-12

A

abbreviating commands     2-4

AC (command switch)     5-10, 5-18

access-class command     26-16

access control entries

See ACEs

access-denied response, VMPS     11-21

access groups

applying ACLs to interfaces     26-17

IP     26-17

accessing

clusters, switch     5-13

command switches     5-11

member switches     5-13

switch clusters     5-13

access lists

See ACLs

access ports

defined     9-2

in switch clusters     5-9

accounting

with RADIUS     7-28

with TACACS+     7-11, 7-17

ACEs

defined     26-2

Ethernet     26-2

IP     26-2

ACLs

ACEs     26-2

any keyword     26-9

applying

time ranges to     26-13

to an interface     26-16

comments in     26-15

compiling     26-17

defined     26-1, 26-6

examples of     26-17

extended IP

creating     26-8

matching criteria     26-6

hardware and software handling     26-17

host keyword     26-10

IP

applying to interface     26-16

applying to interfaces     26-16

creating     26-6

implicit deny     26-8, 26-11, 26-13

implicit masks     26-8

matching criteria     26-6

named     26-11

terminal lines, setting on     26-16

undefined     26-17

MAC extended     26-20

matching     26-6, 26-17

monitoring     26-29

named     26-11

numbers     26-6

port     26-2

precedence of     26-2

standard IP

creating     26-7

matching criteria     26-6

supported features     26-17

support for     1-6

time ranges     26-13

unsupported features     26-5

VLAN maps

configuration guidelines     26-23

configuring     26-22

address aliasing     18-2

addresses

displaying the MAC address table     6-28

dynamic

accelerated aging     14-8

changing the aging time     6-23

default aging     14-8

defined     6-22

learning     6-22

removing     6-24

MAC, discovering     6-29

multicast STP address management     14-8

static

adding and removing     6-26

defined     6-22

address resolution     6-29

Address Resolution Protocol

See ARP

See ARP table

advertisements

CDP     20-1

VTP     11-13, 12-3

aggregated ports

See EtherChannel

aggregate policing     1-7

aging, accelerating     14-8

aging time

accelerated

for MSTP     15-20

for STP     14-8, 14-21

MAC address table     6-23

maximum

for MSTP     15-21

for STP     14-21

alarms, RMON     23-3

allowed-VLAN list     11-15

ARP

defined     1-4, 6-29

ARP table

address resolution     6-29

managing     6-29

attributes, RADIUS

vendor-proprietary     7-31

vendor-specific     7-29

audience     xxvii

authentication

local mode with AAA     7-36

NTP associations     6-5

RADIUS

key     7-21

login     7-23

See also port-based authentication

TACACS+

defined     7-11

key     7-13

login     7-14

authoritative time source, described     6-2

authorization

with RADIUS     7-27

with TACACS+     7-11, 7-16

authorized ports with 802.1X     8-4

autoconfiguration     4-3

automatic discovery

adding member switches     5-16

considerations

beyond a non-candidate device     5-8

brand new switches     5-9

connectivity     5-5

different VLANs     5-7

management VLANs     5-8

non-CDP-capable devices     5-6

non-cluster-capable devices     5-6

creating a cluster standby group     5-18

in switch clusters     5-5

See also CDP

automatic recovery, clusters     5-10

See also HSRP

autonegotiation

duplex mode     1-3

interface configuration guidelines     9-10

mismatches     29-10

autosensing, port speed     1-3

auxiliary VLAN

See voice VLAN

availability, features     1-4

B

BackboneFast

described     16-5

enabling     16-14

support for     1-5

banners

configuring

login     6-21

message-of-the-day login     6-20

default configuration     6-19

when displayed     6-19

booting

boot loader, function of     4-2

boot process     4-1

manually     4-13

specific image     4-14

boot loader

accessing     4-15

described     4-2

environment variables     4-15

prompt     4-15

trap-door mechanism     4-2

BPDU

error-disabled state     16-2

filtering     16-3

RSTP format     15-9

BPDU filtering

described     16-3

enabling     16-12

support for     1-5

BPDU guard

described     16-2

enabling     16-11

support for     1-5

bridge protocol data unit

See BPDU

broadcast storm control

configuring     19-2

disabling     19-3

C

cables, monitoring for unidirectional links     21-1

candidate switch

adding     5-16

automatic discovery     5-5

defined     5-4

HC     5-18

passwords     5-17

requirements     5-4

standby group     5-18

See also command switch, cluster standby group, and member switch

caution, described     xxviii

CC (command switch)     5-19

CDP

and trusted boundary     27-7

automatic discovery in switch clusters     5-5

configuring     20-2

default configuration     20-2

described     20-1

disabling for routing device     20-3, 20-4

enabling and disabling

on an interface     20-4

on a switch     20-3

monitoring     20-5

overview     20-1

support for     1-4

transmission timer and holdtime, setting     20-2

updates     20-2

CGMP

as IGMP snooping learning method     18-8

joining multicast group     18-3

Cisco Discovery Protocol

See CDP

Cisco IOS File System

See IFS

CiscoWorks 2000     1-3, 25-4

class of service

See CoS

clearing interfaces     9-17

CLI

abbreviating commands     2-4

command modes     2-1

described     1-3

editing features

enabling and disabling     2-7

keystroke editing     2-7

wrapped lines     2-8

error messages     2-5

filtering command output     2-9

getting help     2-3

history

changing the buffer size     2-5

described     2-5

disabling     2-6

recalling commands     2-6

managing clusters     5-21

no and default forms of commands     2-4

client mode, VTP     12-3

clock

See system clock

Cluster Management Suite

See CMS

clusters, switch

accessing     5-13

adding member switches     5-16

automatic discovery     5-5

automatic recovery     5-10

benefits     1-2

command switch configuration     5-16

compatibility     5-4

creating     5-15

creating a cluster standby group     5-18

described     5-1

LRE profile considerations     5-15

managing

through CLI     5-21

through SNMP     5-21

planning     5-4

planning considerations

automatic discovery     5-5

automatic recovery     5-10

CLI     5-21

host names     5-13

IP addresses     5-13

LRE profiles     5-15

passwords     5-14

RADIUS     5-14

SNMP     5-14, 5-21

switch-specific features     5-15

TACACS+     5-14

redundancy     5-18

troubleshooting     5-20

verifying     5-20

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

automatic recovery     5-12

considerations     5-11

creating     5-18

defined     5-2

requirements     5-3

virtual IP address     5-11

See also HSRP

CMS

benefits     1-2

configuration modes     3-5

described     1-2, 1-3

Front Panel view

described     3-2

operating systems and supported browsers     3-8

requirements     3-7 to  3-9

Topology view     3-14

wizards     3-6

Coarse Wave Division Multiplexer

See CWDM

command-line interface

See CLI

command modes     2-1

commands

abbreviating     2-4

no and default     2-4

setting privilege levels     7-8

command switch

accessing     5-11

active (AC)     5-10, 5-18

command switch with HSRP disabled (CC)     5-19

configuration conflicts     29-10

defined     5-2

enabling     5-16

passive (PC)     5-10, 5-18

password privilege levels     5-21

priority     5-10

recovery

from command-switch failure     5-10

from failure     29-6

from lost member connectivity     29-10

redundant     5-10, 5-18

replacing

with another switch     29-9

with cluster member     29-7

requirements     5-3

standby (SC)     5-10, 5-18

See also candidate switch, cluster standby group, member switch, and standby command switch

community strings

configuring     5-14, 25-7

for cluster switches     25-4

in clusters     5-14

overview     25-3

SNMP     5-14

config.text     4-12

configuration conflicts, recovering from lost member connectivity     29-10

configuration examples, network     1-10

configuration files

clearing the startup configuration     B-19

creating using a text editor     B-10

default name     4-12

deleting a stored configuration     B-19

described     B-8

downloading

automatically     4-13

preparing     B-10, B-13, B-16

reasons for     B-8

using FTP     B-13

using RCP     B-17

using TFTP     B-11

guidelines for creating and using     B-9

invalid combinations when copying     B-5

limiting TFTP server access     25-13

obtaining with DHCP     4-7

password recovery disable considerations     7-5

specifying the filename     4-13

system contact and location information     25-12

types and location     B-9

uploading

preparing     B-10, B-13, B-16

reasons for     B-8

using FTP     B-15

using RCP     B-18

using TFTP     B-11

VMPS database     11-22

configuration modes, CMS     3-5

configuration settings, saving     4-11

configure terminal command     9-5

config-vlan mode     2-2, 11-5

conflicts, configuration     29-10

connections, secure remote     7-38

connectivity problems     29-11

consistency checks in VTP version 2     12-4

console port, connecting to     2-10

conventions

command     xxviii

for examples     xxviii

publication     xxviii

text     xxviii

CoS

configuring     27-2

configuring priority queues     27-9

defining     27-3

override priority     13-5

trust priority     13-5

counters, clearing interface     9-17

crashinfo file     29-16

cryptographic software image

Kerberos     7-32

SSH     7-37

CWDM     1-15

CWDM SFPs     1-15

D

daylight saving time     6-14

debugging

enabling all system diagnostics     29-15

enabling for a specific feature     29-14

redirecting error message output     29-15

using commands     29-14

default commands     2-4

default configuration

802.1X     8-10

banners     6-19

booting     4-12

CDP     20-2

DHCP     17-3

DNS     6-18

EtherChannel     28-9

IGMP filtering     18-21

IGMP snooping     18-7

IGMP throttling     18-21

initial switch information     4-3

Layer 2 interfaces     9-9

MAC address table     6-23

MSTP     15-12

MVR     18-16

NTP     6-4

optional spanning-tree features     16-10

password and privilege level     7-2

QoS     27-4

RADIUS     7-20

RMON     23-3

RSPAN     22-5

SNMP     25-5

SPAN     22-5

STP     14-11

system message logging     24-3

system name and prompt     6-16

TACACS+     7-13

UDLD     21-4

VLAN, Layer 2 Ethernet interfaces     11-13

VLANs     11-6

VMPS     11-22

voice VLAN     13-2

VTP     12-6

default gateway     4-10

deleting VLANs     11-8

description command     9-14

designing your network, examples     1-10

destination addresses, in ACLs     26-9

destination-IP address based forwarding, EtherChannel     28-7

destination-MAC address forwarding, EtherChannel     28-7

detecting indirect link failures, STP     16-5

device discovery protocol     20-1

Device Manager     3-14

See also Switch Manager

DHCP-based autoconfiguration

client request message exchange     4-4

configuring

client side     4-3

DNS     4-6

relay device     4-6

server-side     4-5

TFTP server     4-6

example     4-8

lease options

for IP address information     4-5

for receiving the configuration file     4-5

overview     4-3

relationship to BOOTP     4-4

relay support     1-4

support for     1-4

DHCP option 82

configuration guidelines     17-3

default configuration     17-3

displaying     17-5

overview     17-2

DHCP snooping

configuration guidelines     17-3

default configuration     17-3

displaying binding tables     17-5

displaying configuration     17-5

message exchange process     17-2

option 82 data insertion     17-2

directed unicast requests     1-4

directories

changing     B-3

creating and removing     B-4

displaying the working     B-3

discovery, clusters

See automatic discovery

DNS

and DHCP-based autoconfiguration     4-6

default configuration     6-18

displaying the configuration     6-19

overview     6-17

setting up     6-18

support for     1-4

documentation

related     xxix

document conventions     xxviii

domain names

DNS     6-17

VTP     12-8

Domain Name System

See DNS

downloading

configuration files

preparing     B-10, B-13, B-16

reasons for     B-8

using FTP     B-13

using RCP     B-17

using TFTP     B-11

image files

deleting old image     B-24

preparing     B-22, B-25, B-29

reasons for     B-20

using FTP     B-26

using RCP     B-31

using TFTP     B-23

DSCP     1-6

DTP     1-5, 11-11

dynamic access ports

characteristics     11-3

configuring     11-24

defined     9-3

dynamic addresses

See addresses

dynamic desirable trunking mode     11-12

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described     11-21

reconfirming     11-24, 11-25

troubleshooting     11-26

types of connections     11-24

VMPS database configuration file     11-22

Dynamic Trunking Protocol

See DTP

E

editing features

enabling and disabling     2-7

keystrokes used     2-7

wrapped lines     2-8

enable password     7-4

enable secret password     7-4

encapsulation     27-2

encryption for passwords     7-4

environment variables

function of     4-16

error messages during command entry     2-5

EtherChannel

802.3AD, described     28-5

automatic creation of     28-3, 28-5

channel groups

binding physical and logical interfaces     28-3

numbering of     28-3

configuration guidelines     28-9

configuring Layer 2 interfaces     28-10

default configuration     28-9

described     28-2

displaying status     28-17

forwarding methods     28-6, 28-12

interaction

with STP     28-9

with VLANs     28-10

LACP

described     28-5

displaying status     28-17

hot-standby ports     28-15

interaction with other features     28-6

modes     28-6

port priority     28-16

system priority     28-15

LACP, support for     1-3

load balancing     28-6, 28-12

number of interfaces per     28-2

PAgP

aggregate-port learners     28-13

compatibility with Catalyst 1900     28-13

described     28-3

displaying status     28-17

interaction with other features     28-5

learn method and priority configuration     28-13

modes     28-4

silent mode     28-5

support for     1-3

port-channel interfaces

described     28-3

numbering of     28-3

port groups     9-4

support for     1-3

EtherChannel guard

described     16-7

enabling     16-14

Ethernet VLANs

adding     11-7

defaults and ranges     11-7

modifying     11-7

events, RMON     23-3

examples

conventions for     xxviii

network configuration     1-10

expert mode     3-6

Express Setup     3-11

extended system ID

MSTP     15-14

STP     14-3, 14-14

Extensible Authentication Protocol over LAN     8-1

F

fallback VLAN name     11-22

fiber-optic, detecting unidirectional links     21-1

files

copying     B-4

deleting     B-5

displaying the contents of     B-7

tar

creating     B-6

displaying the contents of     B-6

extracting     B-7

image file format     B-21

files, crashinfo

description     29-16

displaying the contents of     29-16

location     29-16

file system

displaying available file systems     B-2

displaying file information     B-3

local file system names     B-1

network file system names     B-4

setting the default     B-3

filtering

in a VLAN     26-22

non-IP traffic     26-20

show and more command output     2-9

filtering show and more command output     2-9

filters, IP

See ACLs, IP

Flash device, number of     B-1

flow-based packet classification     1-6

flow control     1-3, 9-12

forward-delay time

MSTP     15-20

STP     14-5, 14-21

forwarding

See broadcast storm control

FTP

accessing MIB files     A-3

configuration files

downloading     B-13

overview     B-12

preparing the server     B-13

uploading     B-15

image files

deleting old image     B-28

downloading     B-26

preparing the server     B-25

uploading     B-28

G

GBICs

security and identification     29-11

get-bulk-request operation     25-3

get-next-request operation     25-3, 25-4

get-request operation     25-3, 25-4

get-response operation     25-3

global configuration mode     2-2

guest VLAN and 802.1X     8-8

guide

audience     xxvii

purpose of     xxvii

guide mode     1-2, 3-5

H

HC (candidate switch)     5-18

hello time

MSTP     15-19

STP     14-20

help, for the command line     2-3

history

changing the buffer size     2-5

described     2-5

disabling     2-6

recalling commands     2-6

history table, level and number of syslog messages     24-9

host names

abbreviations appended to     5-18

in clusters     5-13

hosts, limit on dynamic ports     11-26

HP OpenView     1-3

HSRP

automatic cluster recovery     5-12

cluster standby group considerations     5-11

See also clusters, cluster standby group, and standby command switch

I

ICMP ping

executing     29-12

overview     29-11

IDS, using with SPAN     22-2

IEEE 802.1p     13-1

IFS     1-4

IGMP

joining multicast group     18-3

join messages     18-3

leave processing, enabling     18-10

leaving multicast group     18-5

queries     18-4

report suppression

described     18-6

disabling     18-11

support for     1-3

IGMP filtering

configuring     18-21

default configuration     18-21

described     18-20

monitoring     18-25

support for     1-3

IGMP groups

configuring the filtering action     18-24

setting the maximum number     18-23

IGMP profile

applying     18-22

configuration mode     18-21

configuring     18-21

IGMP snooping

and address aliasing     18-2

configuring     18-6

default configuration     18-7

definition     18-2

enabling and disabling     18-7

global configuration     18-7

Immediate Leave     18-6

method     18-8

monitoring     18-12

support for     1-3

VLAN configuration     18-7

IGMP throttling

configuring     18-24

default configuration     18-21

described     18-20

displaying action     18-25

Immediate-Leave, IGMP     18-6

ingress port scheduling     27-3

initial configuration

defaults     1-8

See also hardware installation guide

interface

number     9-5

range macros     9-7

interface command     9-5

interface configuration mode     2-3

interfaces

configuration guidelines     9-10

configuring     9-5

configuring speed     9-10

counters, clearing     9-17

described     9-14

descriptive name, adding     9-14

displaying information about     9-16

flow control     9-12

management     1-3

monitoring     9-16

naming     9-14

physical, identifying     9-5

range of     9-6

restarting     9-17

shutting down     9-17

supported     9-5

types of     9-1

interfaces range macro command     9-7

interface types     9-5

Inter-Switch Link

See ISL

Intrusion Detection System

See IDS

inventory, cluster     5-20

IOS File System

See IFS

ip access group command     26-17

IP ACLs

applying to an interface     26-16

extended, creating     26-8

implicit deny     26-8, 26-11, 26-13

implicit masks     26-8

named     26-11

standard, creating     26-7

undefined     26-17

virtual terminal lines, setting on     26-16

IP addresses

candidate or member     5-4, 5-13

cluster access     5-2

command switch     5-3, 5-11, 5-13

discovering     6-29

redundant clusters     5-11

standby command switch     5-11, 5-13

See also IP information

ip igmp profile command     18-21

IP information

assigned

manually     4-10

through DHCP-based autoconfiguration     4-3

default configuration     4-3

IP phones

and QoS     13-1

configuring     13-3

trusted boundary for QoS     27-7

IP protocols in ACLs     26-9

ISL

and trunk ports     9-3

encapsulation     1-5

J

join messages, IGMP     18-3

K

KDC

described     7-32

See also Kerberos

Kerberos

authenticating to

boundary switch     7-35

KDC     7-35

network services     7-35

configuration examples     7-32

configuring     7-36

credentials     7-32

cryptographic software image     7-32

described     7-32

KDC     7-32

operation     7-34

realm     7-33

server     7-33

support for     1-6

switch as trusted third party     7-32

terms     7-33

TGT     7-34

tickets     7-32

key distribution center

See KDC

L

LACP

See EtherChannel

Layer 2 frames, classification with CoS     27-1

Layer 2 interfaces, default configuration     9-9

Layer 2 traceroute

and ARP     29-13

and CDP     29-13

described     29-13

IP addresses and subnets     29-13

MAC addresses and VLANs     29-13

multicast traffic     29-13

multiple devices on a port     29-14

unicast traffic     29-13

usage guidelines     29-13

leave processing, IGMP     18-10

line configuration mode     2-3

Link Aggregation Control Protocol

See EtherChannel

See LACP

links, unidirectional     21-1

login authentication

with RADIUS     7-23

with TACACS+     7-14

login banners     6-19

log messages

See system message logging

Long-Reach Ethernet (LRE) technology     1-11

loop guard

described     16-9

enabling     16-16

support for     1-5

LRE profiles, considerations in switch clusters     5-15

M

MAC addresses

aging time     6-23

and VLAN association     6-23

building the address table     6-22

default configuration     6-23

discovering     6-29

displaying     6-28

displaying in DHCP snooping binding table     17-5

dynamic

learning     6-22

removing     6-24

in ACLs     26-20

static

adding     6-27

allowing     6-28

characteristics of     6-26

dropping     6-28

removing     6-27

sticky secure, adding     19-5

MAC address notification, support for     1-7

MAC address-to-VLAN mapping     11-21

MAC extended access lists

applying to Layer 2 interfaces     26-21

creating     26-20

defined     26-20

macros

See SmartPort macros

manageability features     1-4

management access

in-band

browser session     1-4

CLI session     1-4

SNMP     1-4

out-of-band console port connection     1-4

management options

benefits

clustering     1-2

CMS     1-2

CLI     2-1

overview     1-3

management VLAN

considerations in switch clusters     5-8

discovery through different management VLANs     5-8

matching, ACLs     26-6

maximum aging time

MSTP     15-21

STP     14-21

maximum hop count, MSTP     15-21

membership mode, VLAN port     11-3

member switch

adding     5-16

automatic discovery     5-5

defined     5-2

managing     5-21

passwords     5-13

recovering from lost connectivity     29-10

requirements     5-4

See also candidate switch, cluster standby group, and standby command switch

menu bar

variations     3-4

messages

to users through banners     6-19

MIBs

accessing files with FTP     A-3

location of files     A-3

overview     25-1

SNMP interaction with     25-4

supported     A-1

mirroring traffic for analysis     22-1

mismatches, autonegotiation     29-10

module number     9-5

monitoring

access groups     26-29

ACL configuration     26-29

cables for unidirectional links     21-1

CDP     20-5

features     1-7

IGMP

filters     18-25

snooping     18-12

interfaces     9-16

multicast router interfaces     18-12

MVR     18-19

network traffic for analysis with probe     22-1

port

protection     19-11

port protection     19-11

speed and duplex mode     9-11

traffic flowing among switches     23-1

traffic suppression     19-11

VLAN

filters     26-29

maps     26-29

VLANs     11-10

VMPS     11-26

VTP     12-14, 12-15

MSTP

boundary ports

configuration guidelines     15-13

described     15-5

BPDU filtering

described     16-3

enabling     16-12

BPDU guard

described     16-2

enabling     16-11

CIST, described     15-3

configuration guidelines     15-12, 16-10

configuring

forward-delay time     15-20

hello time     15-19

link type for rapid convergence     15-22

maximum aging time     15-21

maximum hop count     15-21

MST region     15-13

path cost     15-18

port priority     15-17

root switch     15-14

secondary root switch     15-16

switch priority     15-19

CST

defined     15-3

operations between regions     15-4

default configuration     15-12

default optional feature configuration     16-10

displaying status     15-23

enabling the mode     15-13

EtherChannel guard

described     16-7

enabling     16-14

extended system ID

effects on root switch     15-14

effects on secondary root switch     15-16

unexpected behavior     15-15

instances supported     14-9

interface state, blocking to forwarding     16-2

interoperability and compatibility among modes     14-10

interoperability with 802.1D

described     15-5

restarting migration process     15-22

IST

defined     15-3

master     15-3

operations within a region     15-3

loop guard

described     16-9

enabling     16-16

mapping VLANs to MST instance     15-13

MST region

CIST     15-3

configuring     15-13

described     15-2

hop-count mechanism     15-5

IST     15-3

supported spanning-tree instances     15-2

optional features supported     1-5

overview     15-2

Port Fast

described     16-2

enabling     16-10

preventing root switch selection     16-8

root guard

described     16-8

enabling     16-15

root switch

configuring     15-15

effects of extended system ID     15-14

unexpected behavior     15-15

shutdown Port Fast-enabled port     16-2

status, displaying     15-23

multicast groups

Immediate Leave     18-6

joining     18-3

leaving     18-5

static joins     18-10

multicast router interfaces, monitoring     18-12

multicast router ports, adding     18-9

Multicast VLAN Registration

See MVR

Multiple Spanning Tree Protocol

See MSTP

MVR

and address aliasing     18-16

configuring interfaces     18-18

default configuration     18-16

described     18-13

modes     18-17

monitoring     18-19

setting global parameters     18-16

support for     1-3

N

named IP ACLs     26-11

native VLAN

configuring     11-16

default     11-16

network configuration examples

increasing network performance     1-10

long-distance, high-bandwidth transport     1-15

providing network services     1-11

server aggregation and Linux server cluster     1-13

small to medium-sized network     1-14

network design

performance     1-10

services     1-11

network management

CDP     20-1

RMON     23-1

SNMP     25-1

Network Time Protocol

See NTP

no commands     2-4

non-IP traffic filtering     26-20

nontrunking mode     11-12

normal-range VLANs

configuration modes     11-5

defined     11-1

note, described     xxviii

NTP

associations

authenticating     6-5

defined     6-2

enabling broadcast messages     6-7

peer     6-6

server     6-6

default configuration     6-4

displaying the configuration     6-11

overview     6-2

restricting access

creating an access group     6-9

disabling NTP services per interface     6-10

source IP address, configuring     6-10

stratum     6-2

support for     1-4

synchronizing devices     6-6

time

services     6-2

synchronizing     6-2

O

options, management     1-3

out-of-profile markdown     1-7

P

PAgP

See EtherChannel

pass-through mode     27-8

passwords

default configuration     7-2

disabling recovery of     7-5

encrypting     7-4

for security     1-5

in clusters     5-14, 5-17

overview     7-1

setting

enable     7-3

enable secret     7-4

Telnet     7-6

with usernames     7-7

VTP domain     12-8

path cost

MSTP     15-18

STP     14-18

PC (passive command switch)     5-10, 5-18

performance, network design     1-10

performance features     1-3

per-VLAN spanning-tree plus

See PVST+

physical ports     9-2

PIM-DVMRP, as snooping method     18-8

ping

character output description     29-12

executing     29-12

overview     29-11

port ACLs

defined     26-2

types of     26-2

Port Aggregation Protocol

See EtherChannel

See PAgP

port-based authentication

authentication server

defined     8-2

RADIUS server     8-2

client, defined     8-2

configuration guidelines     8-11

configuring

802.1X authentication     8-12

guest VLAN     8-18

host mode     8-17

manual re-authentication of a client     8-15

periodic re-authentication     8-14

quiet period     8-15

RADIUS server     8-14

RADIUS server parameters on the switch     8-13

switch-to-client frame-retransmission number     8-17

switch-to-client retransmission time     8-16

default configuration     8-10

described     8-1

device roles     8-2

displaying statistics     8-19

EAPOL-start frame     8-3

EAP-request/identity frame     8-3

EAP-response/identity frame     8-3

encapsulation     8-2

guest VLAN

configuration guidelines     8-8

described     8-8

initiation and message exchange     8-3

method lists     8-12

multiple-hosts mode, described     8-17

per-user ACLs

AAA authorization     8-12

configuration tasks     8-9

described     8-9

RADIUS server attributes     8-9

ports

authorization state and dot1x port-control command     8-4

authorized and unauthorized     8-4

voice VLAN     8-6

port security

and voice VLAN     8-6

described     8-6

interactions     8-6

multiple-hosts mode     8-18

resetting to default values     8-19

statistics, displaying     8-19

switch

as proxy     8-2

RADIUS client     8-2

topologies, supported     8-5

upgrading from a previous release     8-12

VLAN assignment

AAA authorization     8-12

characteristics     8-7

configuration tasks     8-8

described     8-7

voice VLAN

described     8-6

PVID     8-6

VVID     8-6

port blocking     1-3

port-channel

See EtherChannel

Port Fast

described     16-2

enabling     16-10

mode, spanning tree     11-22

support for     1-5

port membership modes, VLAN     11-3

port priority

MSTP     15-17

STP     14-17

ports

access     9-2

dynamic access     11-3

priority     27-2

protected     19-3

secure     19-5

static-access     11-3, 11-9

switch     9-2

trunks     11-11

VLAN assignments     11-9

port security

aging     19-10

configuring     19-8

default configuration     19-7

described     19-5

displaying     19-11

sticky learning     19-5

violations     19-6

with other features     19-7

port-shutdown response, VMPS     11-21

preferential treatment of traffic

See QoS

preventing unauthorized access     7-1

priority

overriding CoS     13-5

port, described     27-2

trusting CoS     13-5

private VLAN edge ports

See protected ports

privileged EXEC mode     2-2

privilege levels

changing the default for lines     7-9

command switch     5-21

exiting     7-10

logging into     7-10

mapping on member switches     5-21

overview     7-2, 7-8

setting a command with     7-8

protected ports     1-6, 19-3

pruning, VTP

enabling     12-13

enabling on a port     11-16

examples     12-5

overview     12-4

pruning-eligible list

changing     11-16

for VTP pruning     12-4

VLANs     12-13

PVST+

802.1Q trunking interoperability     14-10

described     14-9

instances supported     14-9

Q

QoS

classification

in frames and packets     27-2

pass-through mode, described     27-8

trusted boundary, described     27-7

configuring

CoS and WRR     27-9

default port CoS value     27-6

egress queues     27-9

port trust states within the domain     27-4

trusted boundary     27-7

default configuration     27-4

ingress port scheduling     27-3

IP phones, detection and trusted settings     27-7

overview     27-1

pass-through mode     27-8

support for     1-6

trusted boundary     27-7

understanding     27-1

quality of service

See QoS

queries, IGMP     18-4

R

RADIUS

attributes

vendor-proprietary     7-31

vendor-specific     7-29

configuring

accounting     7-28

authentication     7-23

authorization     7-27

communication, global     7-21, 7-29

communication, per-server     7-21

multiple UDP ports     7-21

default configuration     7-20

defining AAA server groups     7-25

displaying the configuration     7-31

identifying the server     7-21

in clusters     5-14

limiting the services to the user     7-27

method list, defined     7-20

operation of     7-19

overview     7-18

suggested network environments     7-18

support for     1-6

tracking services accessed by user     7-28

range

macro     9-7

of interfaces     9-6

rapid convergence     15-7

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

802.1Q trunking interoperability     14-10

described     14-9

instances supported     14-9

Rapid Spanning Tree Protocol

See RSTP

rcommand command     5-21

RCP

configuration files

downloading     B-17

overview     B-16

preparing the server     B-16

uploading     B-18

image files

deleting old image     B-32

downloading     B-31

preparing the server     B-29

uploading     B-33

reconfirmation interval, VMPS, changing     11-25

recovery procedures     29-1

redundancy

EtherChannel     28-2

STP

backbone     14-7

path cost     11-19

port priority     11-17

redundant clusters

See cluster standby group

redundant links and UplinkFast     16-13

reloading software     4-17

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

report suppression, IGMP

described     18-6

disabling     18-11

resetting a UDLD-shutdown interface     21-6

restricting access

NTP services     6-8

overview     7-1

passwords and privilege levels     7-2

RADIUS     7-18

TACACS+     7-10

retry count, VMPS, changing     11-25

RFC

1112, IP multicast and IGMP     18-2

1157, SNMPv1     25-2

1305, NTP     6-2

1757, RMON     23-2

1901, SNMPv2C     25-2

1902 to 1907, SNMPv2     25-2

2236, IP multicast and IGMP     18-2

2273-2275, SNMPv3     25-2

RMON

default configuration     23-3

displaying status     23-6

enabling alarms and events     23-3

groups supported     23-2

overview     23-1

statistics

collecting group Ethernet     23-5

collecting group history     23-5

support for     1-7

root guard

described     16-8

enabling     16-15

support for     1-5

root switch

MSTP     15-14

STP     14-14

RSPAN

default configuration     22-5

displaying status     22-10

interaction with other features     22-5

overview     1-7, 22-1

sessions

defined     22-3

RSTP

active topology, determining     15-6

BPDU

format     15-9

processing     15-10

designated port, defined     15-6

designated switch, defined     15-6

interoperability with 802.1D

described     15-5

restarting migration process     15-22

topology changes     15-10

overview     15-6

port roles

described     15-6

synchronized     15-8

proposal-agreement handshake process     15-7

rapid convergence

described     15-7

edge ports and Port Fast     15-7

point-to-point links     15-7, 15-22

root ports     15-7

root port, defined     15-6

See also MSTP

running configuration, saving     4-11

S

SC (standby command switch)     5-10, 5-18

scheduled reloads     4-17

secure ports, configuring     19-5

secure remote connections     7-38

Secure Shell

See SSH

security, port     19-5

security features     1-5

sequence numbers in log messages     24-7

server mode, VTP     12-3

service-provider network

MSTP and RSTP     15-1

set-request operation     25-4

setup program, failed command switch replacement     29-7, 29-9

severity levels, defining in system messages     24-8

shaped round robin

See SRR

show access-lists hw-summary command     26-17

show and more command output, filtering     2-9

show cdp traffic command     20-5

show cluster members command     5-21

show configuration command     9-14

show interfaces command     9-11, 9-14

show running-config command

displaying ACLs     26-16, 26-17, 26-23, 26-26

interface description in     9-14

shutdown command on interfaces     9-17

Simple Network Management Protocol

See SNMP

SmartPort macros

configuration guidelines     10-2

creating and applying     10-3

default configuration     10-2

defined     10-1

displaying     10-4

tracing     10-2

SNAP     20-1

SNMP

accessing MIB variables with     25-4

agent

described     25-3

disabling     25-6

community strings

configuring     25-7

for cluster switches     25-4

overview     25-3

configuration examples     25-13

default configuration     25-5

groups     25-8

in-band management     1-4

in clusters     5-14

informs

and trap keyword     25-10

described     25-4

differences from traps     25-5

enabling     25-12

limiting access by TFTP servers     25-13

limiting system log messages to NMS     24-9

manager functions     1-3, 25-3

managing clusters with     5-21

MIBs

location of     A-3

supported     A-1

notifications     25-4

overview     25-1, 25-4

status, displaying     25-14

system contact and location     25-12

trap manager, configuring     25-11

traps

described     25-3, 25-4

differences from informs     25-5

enabling     25-10

enabling MAC address notification     6-24

overview     25-1, 25-4

types of     25-10

users     25-8

versions supported     25-2

snooping, IGMP     18-2

software images

location in Flash     B-20

recovery procedures     29-2

scheduling reloads     4-17

tar file format, described     B-21

See also downloading and uploading

source addresses, in ACLs     26-9

source-and-destination-IP address based forwarding, EtherChannel     28-7

source-and-destination MAC address forwarding, EtherChannel     28-7

source-IP address based forwarding, EtherChannel     28-7

source-MAC address forwarding, EtherChannel     28-7

SPAN

configuration guidelines     22-6

default configuration     22-5

destination ports     22-4

displaying status     22-10

IDS     22-2

interaction with other features     22-5

monitored ports     22-3

monitoring ports     22-4

overview     1-7, 22-1

received traffic     22-3

session limits     22-5

sessions

creating     22-7

defined     22-3

removing destination (monitoring) ports     22-9

removing source (monitored) ports     22-9

specifying monitored ports     22-7

source ports     22-3

transmitted traffic     22-3

spanning tree and native VLANs     11-12

Spanning Tree Protocol

See STP

speed, configuring on interfaces     9-10

SRR

support for     1-7

SSH

configuring     7-39

cryptographic software image     7-37

described     1-4, 7-38

encryption methods     7-38

user authentication methods, supported     7-38

Standby Command Configuration window     5-19

standby command switch

configuring      5-18

considerations     5-11

defined     5-2

priority     5-10

requirements     5-3

virtual IP address     5-11

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

startup configuration

booting

manually     4-13

specific image     4-14

clearing     B-19

configuration file

automatically downloading     4-13

specifying the filename     4-13

default boot configuration     4-12

static access ports

assigning to VLAN     11-9

defined     9-3, 11-3

static addresses

See addresses

static MAC addressing     1-6

static VLAN membership     11-2

statistics

802.1X     8-19

CDP     20-5

interface     9-16

RMON group Ethernet     23-5

RMON group history     23-5

SNMP input and output     25-14

VTP     12-14

sticky learning

configuration file     19-5

defined     19-5

disabling     19-5

enabling     19-5

saving addresses     19-5

storm control

described     19-1

displaying     19-11

support for     1-3

STP

accelerating root port selection     16-4

BackboneFast

described     16-5

enabling     16-14

BPDU filtering

described     16-3

enabling     16-12

BPDU guard

described     16-2

enabling     16-11

BPDU message exchange     14-2

configuration guidelines     14-12, 16-10

configuring

forward-delay time     14-21

hello time     14-20

maximum aging time     14-21

path cost     14-18

port priority     14-17

root switch     14-14

secondary root switch     14-16

spanning-tree mode     14-13

switch priority     14-19

counters, clearing     14-22

default configuration     14-11

default optional feature configuration     16-10

designated port, defined     14-3

designated switch, defined     14-3

detecting indirect link failures     16-5

disabling     14-13

displaying status     14-22

EtherChannel guard

described     16-7

enabling     16-14

extended system ID

affects on root switch     14-14

affects on the secondary root switch     14-16

overview     14-3

unexpected behavior     14-15

features supported     1-4

inferior BPDU     14-3

instances supported     14-9

interface state, blocking to forwarding     16-2

interface states

blocking     14-5

disabled     14-6

forwarding     14-5, 14-6

learning     14-6

listening     14-6

overview     14-4

interoperability and compatibility among modes     14-10

limitations with 802.1Q trunks     14-10

load sharing

overview     11-17

using path costs     11-19

using port priorities     11-17

loop guard

described     16-9

enabling     16-16

modes supported     14-9

multicast addresses, affect of     14-8

optional features supported     1-5

overview     14-2

path costs     11-19

Port Fast

described     16-2

enabling     16-10

port priorities     11-18

preventing root switch selection     16-8

protocols supported     14-9

redundant connectivity     14-7

root guard

described     16-8

enabling     16-15

root port, defined     14-3

root switch

affects of extended system ID     14-3, 14-14

configuring     14-14

election     14-3

unexpected behavior     14-15

shutdown Port Fast-enabled port     16-2

superior BPDU     14-3

timers, described     14-20

UplinkFast

described     16-3

enabling     16-13

stratum, NTP     6-2

summer time     6-14

SunNet Manager     1-3

switch clustering technology     5-1

See also clusters, switch     1-2

See clusters, switch

switch console port     1-4

switched ports     9-2

Switch Manager     3-14

See also Device Manager

switchport protected command     19-4

switch priority

MSTP     15-19

STP     14-19

switch software features     1-1

syslog

See system message logging

system clock

configuring

daylight saving time     6-14

manually     6-12

summer time     6-14

time zones     6-13

displaying the time and date     6-12

overview     6-2

See also NTP

system message logging

default configuration     24-3

defining error message severity levels     24-8

disabling     24-4

displaying the configuration     24-12

enabling     24-4

facility keywords, described     24-12

level keywords, described     24-8

limiting messages     24-9

message format     24-2

overview     24-1

sequence numbers, enabling and disabling     24-7

setting the display destination device     24-4

synchronizing log messages     24-5

syslog facility     1-7

time stamps, enabling and disabling     24-7

UNIX syslog servers

configuring the daemon     24-10

configuring the logging facility     24-11

facilities supported     24-12

system name

default configuration     6-16

default setting     6-16

manual configuration     6-16

See also DNS

system prompt

default setting     6-16

manual configuration     6-17

T

TACACS+

accounting, defined     7-11

authentication, defined     7-11

authorization, defined     7-11

configuring

accounting     7-17

authentication key     7-13

authorization     7-16

login authentication     7-14

default configuration     7-13

displaying the configuration     7-17

identifying the server     7-13

in clusters     5-14

limiting the services to the user     7-16

operation of     7-12

overview     7-10

support for     1-6

tracking services accessed by user     7-17

tar files

creating     B-6

displaying the contents of     B-6

extracting     B-7

image file format     B-21

TDR     1-7

Telnet

accessing management interfaces     2-10

from a browser     2-10

number of connections     1-4

setting a password     7-6

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password     7-6

TFTP

configuration files

downloading     B-11

preparing the server     B-10

uploading     B-11

configuration files in base directory     4-6

configuring for autoconfiguration     4-6

image files

deleting     B-24

downloading     B-23

preparing the server     B-22

uploading     B-24

limiting access by servers     25-13

TFTP server     1-4

time

See NTP and system clock

Time Domain Reflector

See TDR

time-range command     26-13

time ranges in ACLs     26-13

time stamps in log messages     24-7

time zones     6-13

Token Ring VLANs

support for     11-5

VTP support     12-4

Topology view

described     3-2, 3-14

TOS     1-6

traceroute, Layer 2

and ARP     29-13

and CDP     29-13

described     29-13

IP addresses and subnets     29-13

MAC addresses and VLANs     29-13

multicast traffic     29-13

multiple devices on a port     29-14

unicast traffic     29-13

usage guidelines     29-13

traffic

fragmented     26-4

unfragmented     26-4

traffic policing     1-7

transparent mode, VTP     12-3, 12-11

trap-door mechanism     4-2

traps

configuring MAC address notification     6-24

configuring managers     25-10

defined     25-3

enabling     6-24, 25-10

notification types     25-10

overview     25-1, 25-4

troubleshooting

connectivity problems     29-11

detecting unidirectional links     21-1

displaying crash information     29-16

GBIC security and identification     29-11

with CiscoWorks     25-4

with debug commands     29-14

with ping     29-11

with system message logging     24-1

trunking encapsulation     1-5

trunk ports

configuring     11-14

defined     9-3

trunks

allowed-VLAN list     11-15

load sharing

setting STP path costs     11-19

using STP port priorities     11-17, 11-18

native VLAN for untagged traffic     11-16

parallel     11-19

pruning-eligible list     11-16

to non-DTP device     11-11

VLAN 1 minimization     11-15

trusted boundary     27-7

trusted port states

support for     1-6

twisted-pair Ethernet, detecting unidirectional links     21-1

type of service

See TOS

U

UDLD

default configuration     21-4

echoing detection mechanism     21-3

enabling

globally     21-5

per interface     21-5

link-detection mechanism     21-1

neighbor database     21-2

overview     21-1

resetting an interface     21-6

status, displaying     21-7

support for     1-4

unauthorized ports with 802.1X     8-4

unicast MAC address filtering     1-4

and adding static addresses     6-27

and broadcast MAC addresses     6-27

and CPU packets     6-27

and multicast addresses     6-27

and router MAC addresses     6-27

configuration guidelines     6-27

described     6-27

UniDirectional Link Detection protocol

See UDLD

UNIX syslog servers

daemon configuration     24-10

facilities supported     24-12

message logging configuration     24-11

unrecognized Type-Length-Value (TLV) support     12-4

upgrading software images

See downloading

UplinkFast

described     16-3

enabling     16-13

support for     1-5

uploading

configuration files

preparing     B-10, B-13, B-16

reasons for     B-8

using FTP     B-15

using RCP     B-18

using TFTP     B-11

image files

preparing     B-22, B-25, B-29

reasons for     B-20

using FTP     B-28

using RCP     B-33

using TFTP     B-24

user EXEC mode     2-2

username-based authentication     7-7

V

version-dependent transparent mode     12-4

virtual IP address

cluster standby group     5-11, 5-19

command switch     5-11, 5-19

See also IP addresses

vlan.dat file     11-4

VLAN ACLs

See VLAN maps

VLAN configuration

at bootup     11-6

saving     11-6

VLAN configuration mode     2-2, 11-6

VLAN database

and startup configuration file     11-6

and VTP     12-1

VLAN configuration saved in     11-6

VLANs saved in     11-4

vlan database command     11-6

vlan global configuration command     11-5

VLAN ID, discovering     6-29

VLAN management domain     12-2

VLAN Management Policy Server

See VMPS

VLAN map entries, order of     26-23

VLAN maps

applying     26-26

common uses for     26-26

configuration example     26-27

configuration guidelines     26-23

configuring     26-22

creating     26-23

defined     26-2, 26-3

denying access example     26-28

denying and permitting packets     26-24

displaying     26-29

examples     26-28

support for     1-6

with router ACLs     26-29

VLAN membership

confirming     11-24

modes     11-3

VLAN Query Protocol

See VQP

VLANs

adding     11-7

adding to VLAN database     11-7

aging dynamic addresses     14-8

allowed on trunk     11-15

and spanning-tree instances     11-2

configuration guidelines, normal-range VLANs     11-5

configuration options     11-5

configuring     11-1

creating in config-vlan mode     11-7

creating in VLAN configuration mode     11-8

default configuration     11-6

deleting     11-8

described     9-2, 11-1

displaying     11-10

features     1-5

illustrated     11-2

modifying     11-7

native, configuring     11-16

normal-range     11-1, 11-4

number supported     1-5

parameters     11-4

port membership modes     11-3

static-access ports     11-9

STP and 802.1Q trunks     14-10

supported     11-2

Token Ring     11-5

trunks, VLAN 1 minimization     11-15

VTP modes     12-3

VLAN Trunking Protocol

See VTP

VLAN trunks     11-11

VMPS

administering     11-26

configuration example     11-27

configuration guidelines     11-22

default configuration     11-22

description     11-20

dynamic port membership

described     11-21

reconfirming     11-25

troubleshooting     11-26

entering server address     11-23

mapping MAC addresses to VLANs     11-21

monitoring     11-26

reconfirmation interval, changing     11-25

reconfirming membership     11-24

retry count, changing     11-25

voice VLAN

Cisco 7960 phone, port connections     13-1

configuration guidelines     13-3

configuring IP phones for data traffic

override CoS of incoming frame     13-5

trust CoS priority of incoming frame     13-5

configuring ports for voice traffic in

802.1p priority tagged frames     13-4

802.1Q frames     13-4

connecting to an IP phone     13-3

default configuration     13-2

described     13-1

displaying     13-6

VQP     1-5, 11-20

VTP

adding a client to a domain     12-13

advertisements     11-13, 12-3

and normal-range VLANs     12-1

client mode, configuring     12-10

configuration

global configuration mode     12-7

guidelines     12-8

privileged EXEC mode     12-7

requirements     12-9

saving     12-7

VLAN configuration mode     12-7

configuration mode options     12-7

configuration requirements     12-9

configuration revision number

guideline     12-13

resetting     12-14

configuring

client mode     12-10

server mode     12-9

transparent mode     12-11

consistency checks     12-4

default configuration     12-6

described     12-1

disabling     12-11

domain names     12-8

domains     12-2

modes

client     12-3, 12-10

server     12-3, 12-9

transitions     12-3

transparent     12-3, 12-11

monitoring     12-14

passwords     12-8

pruning

disabling     12-13

enabling     12-13

examples     12-5

overview     12-4

support for     1-5

pruning-eligible list, changing     11-16

server mode, configuring     12-9

statistics     12-14

support for     1-5

Token Ring support     12-4

transparent mode, configuring     12-11

using     12-1

version, guidelines     12-8

version 1     12-4

version 2

configuration guidelines     12-8

disabling     12-12

enabling     12-12

overview     12-4

W

Weighted Round Robin

See WRR

weighted tail drop

See WTD

wizards     1-2, 3-6

WRR

configuring     27-9

defining     27-3

description     27-3

WTD

support for     1-7

X

Xmodem protocol     29-2