-
Catalyst 2970 Switch Software Configuration Guide, 12.2(25)SED
-
Catalyst 2970 Switch Software Configuration Guide (full book in PDF format)
-
Index
-
Preface
-
Overview
-
Using the Command-Line Interface
-
Assigning the Switch IP Address and Default Gateway
-
Configuring IE2100 CNS Agents
-
Clustering Switches
-
Administering the Switch
-
Configuring Switch-Based Authentication
-
Configuring IEEE 802.1x Port-Based Authentication
-
Configuring Interface Characteristics
-
Configuring Smartports Macros
-
Configuring VLANs
-
Configuring VTP
-
Configuring Voice VLAN
-
Configuring STP
-
Configuring MSTP
-
Configuring Optional Spanning-Tree Features
-
Configuring Flex Links
-
Configuring DHCP Features
-
Configuring IGMP Snooping and MVR
-
Configuring Port-Based Traffic Control
-
Configuring CDP
-
Configuring UDLD
-
Configuring SPAN and RSPAN
-
Configuring RMON
-
Configuring System Message Logging
-
Configuring SNMP
-
Configuring Network Security with ACLs
-
Configuring QoS
-
Configuring EtherChannels
-
Troubleshooting
-
Supported MIBs
-
Working with the Cisco IOS File System, Configuration Files, and Software Images
-
Unsupported Commands in Cisco IOS Release 12.2(25)SED
-
Table Of Contents
A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
A
abbreviating commands 2-4
AC (command switch) 5-9
access-class command 27-17
access control entries
access-denied response, VMPS 11-25
access groups, applying IPv4 ACLs to interfaces 27-18
accessing
clusters, switch 5-12
command switches 5-10
member switches 5-12
switch clusters 5-12
access lists
access ports
in switch clusters 5-8
access ports, defined 9-2
accounting
with 802.1x 8-27
with IEEE 802.1x 8-5
with RADIUS 7-28
ACEs
and QoS 28-7
defined 27-2
Ethernet 27-2
IP 27-2
ACLs
ACEs 27-2
any keyword 27-10
ACLs (continued)applying
time ranges to 27-15
to an interface 27-18
to QoS 28-7
classifying traffic for QoS 28-43
comments in 27-17
compiling 27-19
extended IP
configuring for QoS classification 28-44
extended IPv4
creating 27-9
matching criteria 27-6
hardware and software handling 27-19
host keyword 27-11
IP
creating 27-6
fragments and QoS guidelines 28-33
implicit deny 27-8, 27-12, 27-14
implicit masks 27-8
matching criteria 27-6
undefined 27-18
IPv4
applying to interfaces 27-18
creating 27-6
matching criteria 27-6
named 27-13
numbers 27-7
terminal lines, setting on 27-17
unsupported features 27-5
IPv4 (continued)monitoring 27-31
named, IPv4 27-13
number per QoS class map 28-33
port 27-2
precedence of 27-2
resequencing entries 27-13
standard IP, configuring for QoS classification 28-43
standard IPv4
creating 27-8
matching criteria 27-6
support for 1-6
support in hardware 27-19
time ranges 27-15
types supported 27-2
unsupported features, IPv4 27-5
VLAN maps
configuration guidelines 27-25
configuring 27-24
active links 17-1
address aliasing 19-2
addresses
displaying the MAC address table 6-26
dynamic
accelerated aging 14-8
changing the aging time 6-20
default aging 14-8
defined 6-19
learning 6-20
removing 6-21
MAC, discovering 6-26
multicast, STP address management 14-8
static
adding and removing 6-23
defined 6-19
address resolution 6-26
Address Resolution Protocol
advertisements
CDP 21-1
aggregated ports
aggregate policers 28-58
aggregate policing 1-8
aging, accelerating 14-8
aging time
accelerated
for MSTP 15-23
MAC address table 6-20
maximum
alarms, RMON 24-3
allowed-VLAN list 11-19
ARP
table
address resolution 6-26
managing 6-26
attributes, RADIUS
vendor-proprietary 7-30
vendor-specific 7-29
audience xxxi
authentication
local mode with AAA 7-36
NTP associations 6-4
RADIUS
key 7-21
login 7-23
TACACS+
defined 7-11
key 7-13
login 7-14
authentication (continued)See also port-based authentication
authentication failed VLAN
authoritative time source, described 6-2
authorization
with RADIUS 7-27
authorized ports with IEEE 802.1x 8-4
autoconfiguration 3-3
automatic discovery
considerations
beyond a noncandidate device 5-7
brand new switches 5-8
connectivity 5-4
different VLANs 5-6
management VLANs 5-7
non-CDP-capable devices 5-6
noncluster-capable devices 5-6
in switch clusters 5-4
automatic QoS
automatic recovery, clusters 5-9
auto-MDIX
configuring 9-13
described 9-13
autonegotiation
duplex mode 1-3
interface configuration guidelines 9-10
mismatches 30-11
autosensing, port speed 1-3
auxiliary VLAN
availability, features 1-5
B
BackboneFast
described 16-5
disabling 16-14
enabling 16-13
support for 1-5
backup interfaces
backup links 17-1
banners
configuring
login 6-18
message-of-the-day login 6-18
default configuration 6-17
when displayed 6-17
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 20-6
booting
boot loader, function of 3-2
boot process 3-1
manually 3-13
specific image 3-13
boot loader
accessing 3-14
described 3-2
environment variables 3-14
prompt 3-14
trap-door mechanism 3-2
BPDU
error-disabled state 16-3
filtering 16-3
RSTP format 15-12
BPDU filtering
described 16-3
disabling 16-12
enabling 16-12
support for 1-5
BPDU guard
described 16-3
disabling 16-11
enabling 16-11
support for 1-5
bridge protocol data unit
broadcast storm-control command 20-4
broadcast storms 20-1
C
cables, monitoring for unidirectional links 22-1
candidate switch
automatic discovery 5-4
defined 5-3
requirements 5-3
See also command switch, cluster standby group, and member switch
CA trustpoint
configuring 7-45
defined 7-42
caution, described xxxii
CDP
and trusted boundary 28-39
automatic discovery in switch clusters 5-4
configuring 21-2
default configuration 21-2
described 21-1
disabling for routing device 21-3 to 21-4
enabling and disabling
on an interface 21-4
on a switch 21-3
monitoring 21-4
overview 21-1
support for 1-4
transmission timer and holdtime, setting 21-2
updates 21-2
CGMP
as IGMP snooping learning method 19-8
joining multicast group 19-3
CipherSuites 7-43
Cisco 7960 IP Phone 13-1
Cisco Discovery Protocol
Cisco Intelligence Engine 2100 Series Configuration Registrar
Cisco IOS File System
Cisco Network Assistant
Cisco Networking Services
CIST regional root
CIST root
class maps for QoS
configuring 28-46
described 28-7
displaying 28-78
class of service
clearing interfaces 9-17
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-4
editing features
enabling and disabling 2-7
keystroke editing 2-7
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
CLI (continued)getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
managing clusters 5-14
no and default forms of commands 2-4
client mode, VTP 12-3
clock
cluster requirements xxxiii
clusters, switch
accessing 5-12
automatic discovery 5-4
automatic recovery 5-9
benefits 1-1
compatibility 5-4
described 5-1
LRE profile considerations 5-14
managing
through CLI 5-14
through SNMP 5-15
planning 5-4
planning considerations
automatic discovery 5-4
automatic recovery 5-9
CLI 5-14
host names 5-12
IP addresses 5-12
LRE profiles 5-14
passwords 5-13
RADIUS 5-13
TACACS+ 5-13
cluster standby group
automatic recovery 5-11
considerations 5-10
defined 5-2
requirements 5-3
virtual IP address 5-10
Coarse Wave Division Multiplexer
command-line interface
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 7-8
command switch
accessing 5-10
active (AC) 5-9
configuration conflicts 30-11
defined 5-2
passive (PC) 5-9
password privilege levels 5-14
priority 5-9
recovery
from command-switch failure 5-9, 30-7
from lost member connectivity 30-11
redundant 5-9
replacing
with another switch 30-10
with cluster member 30-8
requirements 5-3
standby (SC) 5-9
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
for cluster switches 26-4
in clusters 5-13
community strings (continued)overview 26-4
SNMP 5-13
compatibility, feature 20-11
config.text 3-12
configurable leave timer, IGMP 19-5
configuration, initial
defaults 1-9
Express Setup 1-2
See also getting started guide and hardware installation guide
configuration conflicts, recovering from lost member connectivity 30-11
configuration examples, network 1-12
configuration files
clearing the startup configuration B-18
creating using a text editor B-9
default name 3-12
deleting a stored configuration B-18
described B-8
downloading
automatically 3-12
reasons for B-8
using FTP B-13
using RCP B-16
using TFTP B-10
guidelines for creating and using B-8
invalid combinations when copying B-5
limiting TFTP server access 26-16
obtaining with DHCP 3-7
password recovery disable considerations 7-5
specifying the filename 3-12
system contact and location information 26-15
types and location B-9
uploading
reasons for B-8
using FTP B-14
configuration files (continued)uploading (continued)
using RCP B-17
using TFTP B-11
configuration logging 2-5
configuration settings, saving 3-10
configure terminal command 9-5
conflicts, configuration 30-11
connections, secure remote 7-38
connectivity problems 30-12, 30-14, 30-15
consistency checks in VTP Version 2 12-4
console port, connecting to 2-10
conventions
command xxxii
for examples xxxii
publication xxxii
text xxxii
corrupted software, recovery steps with Xmodem 30-2
CoS
in Layer 2 frames 28-2
override priority 13-6
trust priority 13-6
CoS input queue threshold map for QoS 28-16
CoS output queue threshold map for QoS 28-19
CoS-to-DSCP map for QoS 28-60
counters, clearing interface 9-17
crashinfo file 30-21
cryptographic software image
Kerberos 7-32
SSH 7-37
SSL 7-42
CWDM SFPs 1-17
D
daylight saving time 6-13
debugging
enabling all system diagnostics 30-19
enabling for a specific feature 30-18
redirecting error message output 30-19
using commands 30-18
default commands 2-4
default configuration
802.1x 8-14
auto-QoS 28-21
banners 6-17
booting 3-12
CDP 21-2
DHCP 18-5
DHCP option 82 18-6
DHCP snooping 18-6
DNS 6-16
EtherChannel 29-8
Ethernet interfaces 9-9
Flex Links 17-4
IGMP filtering 19-24
IGMP snooping 19-6
IGMP throttling 19-24
initial switch information 3-3
Layer 2 interfaces 9-9
MAC address table 6-20
MAC address-table move update 17-4
MSTP 15-14
MVR 19-19
NTP 6-4
optional spanning-tree configuration 16-9
password and privilege level 7-2
RADIUS 7-20
RMON 24-3
RSPAN 23-9
SNMP 26-7
SPAN 23-9
default configuration (continued)SSL 7-44
standard QoS 28-31
STP 14-11
system message logging 25-3
system name and prompt 6-15
TACACS+ 7-13
UDLD 22-4
VLAN, Layer 2 Ethernet interfaces 11-17
VLANs 11-7
VMPS 11-26
voice VLAN 13-3
VTP 12-6
default gateway 3-10
deleting VLANs 11-10
denial-of-service attack 20-1
description command 9-14
designing your network, examples 1-12
destination addresses, in IPv4 ACLs 27-10
destination-IP address-based forwarding, EtherChannel 29-7
destination-MAC address forwarding, EtherChannel 29-6
detecting indirect link failures, STP 16-5
device B-18
device discovery protocol 21-1
device manager
benefits 1-1
in-band management 1-5
requirements xxxii
upgrading a switch B-18
DHCP
Cisco IOS server database
configuring 18-9
enabling
relay agent 18-7
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-6
relay device 3-6
server side 3-5
TFTP server 3-5
example 3-8
lease options
for IP address information 3-5
for receiving the configuration file 3-5
overview 3-3
relationship to BOOTP 3-3
relay support 1-4
support for 1-4
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 18-5
configuration guidelines 18-6
default configuration 18-5
displaying 18-9
overview 18-3
packet format, suboption
circuit ID 18-5
remote ID 18-5
remote ID suboption 18-5
DHCP snooping
accepting untrusted packets form edge switch 18-3, 18-8
configuration guidelines 18-6
default configuration 18-5
displaying binding tables 18-9
message exchange process 18-4
option 82 data insertion 18-3
trusted interface 18-2
untrusted interface 18-2
untrusted messages 18-2
DHCP snooping binding database
binding entries, displaying 18-9
default configuration 18-5
displaying 18-9
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 28-2
Differentiated Services Code Point 28-2
directed unicast requests 1-4
directories
changing B-3
creating and removing B-4
displaying the working B-3
discovery, clusters
DNS
and DHCP-based autoconfiguration 3-6
default configuration 6-16
displaying the configuration 6-17
overview 6-15
setting up 6-16
support for 1-4
documentation, related xxxii
document conventions xxxii
domain names
DNS 6-15
VTP 12-8
Domain Name System
downloading
configuration files
reasons for B-8
using FTP B-13
using RCP B-16
using TFTP B-10
image files
deleting old image B-22
downloading (continued)image files (continued)
reasons for B-18
using CMS 1-2
using FTP B-25
using RCP B-29
using TFTP B-21
using the device manager or Network Assistant B-18
DSCP input queue threshold map for QoS 28-16
DSCP output queue threshold map for QoS 28-19
DSCP-to-CoS map for QoS 28-63
DSCP-to-DSCP-mutation map for QoS 28-64
DSCP transparency 28-39
dynamic access ports
characteristics 11-3
configuring 11-28
defined 9-3
dynamic addresses
dynamic auto trunking mode 11-16
dynamic desirable trunking mode 11-16
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 11-26
reconfirming 11-29
troubleshooting 11-30
types of connections 11-28
Dynamic Trunking Protocol
E
editing features
enabling and disabling 2-7
keystrokes used 2-7
wrapped lines 2-9
enable password 7-3
enable secret password 7-3
encryption, CipherSuite 7-44
encryption for passwords 7-3
environment variables, function of 3-15
error messages during command entry 2-5
EtherChannel
automatic creation of 29-3, 29-5
channel groups
binding physical and logical interfaces 29-3
numbering of 29-3
configuration guidelines 29-9
configuring Layer 2 interfaces 29-10
default configuration 29-8
described 29-2
displaying status 29-16
forwarding methods 29-6, 29-12
IEEE 802.3ad, described 29-5
interaction
with STP 29-9
with VLANs 29-9
LACP
described 29-5
displaying status 29-16
hot-standby ports 29-14
interaction with other features 29-5
modes 29-5
port priority 29-15
system priority 29-15
EtherChannel (continued)PAgP
aggregate-port learners 29-13
compatibility with Catalyst 1900 29-13
described 29-3
displaying status 29-16
interaction with other features 29-4
learn method and priority configuration 29-13
modes 29-4
support for 1-3
port-channel interfaces
described 29-3
numbering of 29-3
port groups 9-3
support for 1-3
EtherChannel guard
described 16-7
disabling 16-14
enabling 16-14
Ethernet VLANs
adding 11-8
defaults and ranges 11-7
modifying 11-8
events, RMON 24-3
examples
conventions for xxxii
network configuration 1-12
expedite queue for QoS 28-76
Express Setup 1-2
See also getting started guide
extended crashinfo file 30-21
extended-range VLANs
configuration guidelines 11-12
configuring 11-11
creating 11-12
defined 11-1
extended system ID
MSTP 15-17
Extensible Authentication Protocol over LAN 8-1
F
fallback bridging
STP
keepalive messages 14-2
features, incompatible 20-11
fiber-optic, detecting unidirectional links 22-1
files
basic crashinfo
description 30-21
location 30-21
copying B-4
crashinfo
description 30-21
deleting B-5
displaying the contents of B-7
extended crashinfo
description 30-22
location 30-22
tar
creating B-5
displaying the contents of B-6
extracting B-7
image file format B-19
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-4
setting the default B-3
filtering
in a VLAN 27-24
non-IP traffic 27-21
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
flash device, number of B-1
Flex Links
configuration guidelines 17-4
configuring 17-5
default configuration 17-4
description 17-1
monitoring 17-7
flooded traffic, blocking 20-7
flow-based packet classification 1-8
flowcharts
QoS classification 28-6
QoS egress queueing and scheduling 28-17
QoS ingress queueing and scheduling 28-15
QoS policing and marking 28-10
flowcontrol
configuring 9-12
described 9-12
forward-delay time
MSTP 15-23
STP 14-21
FTP
accessing MIB files A-3
configuration files
downloading B-13
overview B-12
preparing the server B-12
uploading B-14
image files
deleting old image B-27
downloading B-25
preparing the server B-24
uploading B-27
G
get-bulk-request operation 26-3
get-next-request operation 26-3, 26-5
get-request operation 26-3, 26-5
get-response operation 26-3
global configuration mode 2-2
global leave, IGMP 19-12
guest VLAN and 802.1x 8-10
guide
audience xxxi
purpose of xxxi
guide mode 1-2
GUIs
See device manager and Network Assistant
H
hello time
MSTP 15-22
STP 14-20
help, for the command line 2-3
hierarchical policy maps 28-8
configuration guidelines 28-33
configuring 28-52
described 28-11
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 25-9
host names
in clusters 5-12
hosts, limit on dynamic ports 11-30
HP OpenView 1-4
HSRP
automatic cluster recovery 5-11
cluster standby group considerations 5-10
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
HTTPS 7-42
configuring 7-46
self-signed certificate 7-43
HTTP secure server 7-42
I
ICMP
time-exceeded messages 30-16
traceroute and 30-16
ICMP ping
executing 30-13
overview 30-13
IDS appliances
and ingress RSPAN 23-20
and ingress SPAN 23-13
IE2100
CNS embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-8
Configuration Registrar
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
IEEE 802.1D
IEEE 802.1p 13-1
IEEE 802.1Q
and trunk ports 9-3
configuration limitations 11-16
encapsulation 11-14
native VLAN for untagged traffic 11-21
IEEE 802.1s
IEEE 802.1w
IEEE 802.1x
IEEE 802.3ad
IEEE 802.3x flow control 9-12
ifIndex values, SNMP 26-6
IFS 1-4
IGMP
configurable leave timer
described 19-5
enabling 19-11
flooded multicast traffic
controlling the length of time 19-12
disabling on an interface 19-13
global leave 19-12
query solicitation 19-12
recovering from flood mode 19-12
joining multicast group 19-3
join messages 19-3
leave processing, enabling 19-10
leaving multicast group 19-5
queries 19-4
report suppression
described 19-6
disabling 19-15
supported versions 19-2
support for 1-3
IGMP filtering
configuring 19-24
default configuration 19-24
described 19-23
monitoring 19-28
support for 1-3
IGMP groups
configuring filtering 19-27
setting the maximum number 19-26
IGMP Immediate Leave
configuration guidelines 19-11
described 19-5
enabling 19-10
IGMP profile
applying 19-25
configuration mode 19-24
configuring 19-25
IGMP snooping
and address aliasing 19-2
configuring 19-6
default configuration 19-6
definition 19-1
enabling and disabling 19-7
global configuration 19-7
Immediate Leave 19-5
method 19-8
monitoring 19-15
querier
configuration guidelines 19-14
configuring 19-14
supported versions 19-2
support for 1-3
VLAN configuration 19-7
IGMP throttling
configuring 19-27
default configuration 19-24
described 19-24
displaying action 19-28
Immediate Leave, IGMP 19-5
initial configuration
defaults 1-9
Express Setup 1-2
See also getting started guide and hardware installation guide
Intelligence Engine 2100 Series CNS Agents
interface
number 9-5
range macros 9-7
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 9-13
configuration guidelines
duplex and speed 9-10
configuring
procedure 9-5
counters, clearing 9-17
default configuration 9-9
described 9-14
descriptive name, adding 9-14
displaying information about 9-16
flow control 9-12
management 1-3
monitoring 9-16
naming 9-14
physical, identifying 9-4
range of 9-5
restarting 9-17
shutting down 9-17
speed and duplex, configuring 9-11
status 9-16
supported 9-4
types of 9-1
interfaces range macro command 9-7
interface types 9-4
Inter-Switch Link
Intrusion Detection System
IP ACLs
for QoS classification 28-7
implicit masks 27-8
named 27-13
undefined 27-18
IP addresses
cluster access 5-2
command switch 5-3, 5-10, 5-12
discovering 6-26
redundant clusters 5-10
standby command switch 5-10, 5-12
ip igmp profile command 19-24
IP information
assigned
manually 3-9
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP phones
and QoS 13-1
automatic classification and queueing 28-20
configuring 13-4
ensuring port security with QoS 28-38
trusted boundary for QoS 28-38
IP precedence 28-2
IP-precedence-to-DSCP map for QoS 28-61
IP protocols in ACLs 27-10
IP traceroute
executing 30-16
overview 30-15
IPv4 ACLs
applying to interfaces 27-18
extended, creating 27-9
named 27-13
standard, creating 27-8
ISL
and trunk ports 9-3
J
join messages, IGMP 19-3
K
KDC
described 7-32
keepalive messages 14-2
Kerberos
authenticating to
boundary switch 7-34
KDC 7-34
network services 7-35
configuration examples 7-32
configuring 7-35
credentials 7-32
cryptographic software image 7-32
described 7-32
KDC 7-32
operation 7-34
realm 7-33
server 7-33
support for 1-7
switch as trusted third party 7-32
terms 7-33
TGT 7-34
tickets 7-32
key distribution center
L
LACP
Layer 2 frames, classification with CoS 28-2
Layer 2 interfaces, default configuration 9-9
Layer 2 traceroute
and ARP 30-15
and CDP 30-14
broadcast traffic 30-14
described 30-14
IP addresses and subnets 30-15
MAC addresses and VLANs 30-15
multicast traffic 30-15
multiple devices on a port 30-15
unicast traffic 30-14
usage guidelines 30-14
Layer 3 packets, classification methods 28-2
LDAP 4-2
LEDs, switch
See hardware installation guide
lightweight directory access protocol
line configuration mode 2-3
Link Aggregation Control Protocol
Link Failure
detecting unidirectional 15-8
link redundancy
links, unidirectional 22-1
local SPAN 23-2
login authentication
with RADIUS 7-23
with TACACS+ 7-14
login banners 6-17
log messages
Long-Reach Ethernet (LRE) technology 1-13
loop guard
described 16-9
enabling 16-15
support for 1-6
LRE profiles, considerations in switch clusters 5-14
M
MAC addresses
aging time 6-20
and VLAN association 6-20
building the address table 6-20
default configuration 6-20
discovering 6-26
displaying 6-26
dynamic
learning 6-20
removing 6-21
in ACLs 27-21
static
adding 6-24
allowing 6-25
characteristics of 6-23
dropping 6-25
removing 6-24
MAC address notification, support for 1-9
MAC address-table move update
configuration guidelines 17-4
configuring 17-5
default configuration 17-4
description 17-2
monitoring 17-7
MAC address-to-VLAN mapping 11-25
MAC extended access lists
applying to Layer 2 interfaces 27-23
configuring for QoS 28-45
creating 27-21
defined 27-21
for QoS classification 28-5
macros
magic packet 8-11
manageability features 1-4
management access
in-band
browser session 1-5
CLI session 1-5
device manager 1-5
SNMP 1-5
out-of-band console port connection 1-5
management options
CLI 2-1
clustering 1-2
CNS 4-1
Network Assistant 1-2
overview 1-3
management VLAN
considerations in switch clusters 5-7
discovery through different management VLANs 5-7
mapping tables for QoS
configuring
CoS-to-DSCP 28-60
DSCP 28-60
DSCP-to-CoS 28-63
DSCP-to-DSCP-mutation 28-64
IP-precedence-to-DSCP 28-61
policed-DSCP 28-62
described 28-12
marking
action in policy map 28-48
action with aggregate policers 28-58
matching, IPv4 ACLs 27-6
maximum aging time
MSTP 15-23
STP 14-21
maximum hop count, MSTP 15-24
membership mode, VLAN port 11-3
member switch
automatic discovery 5-4
defined 5-2
managing 5-14
passwords 5-12
recovering from lost connectivity 30-11
requirements 5-3
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 6-17
MIBs
accessing files with FTP A-3
location of files A-3
overview 26-1
SNMP interaction with 26-4
supported A-1
mirroring traffic for analysis 23-1
mismatches, autonegotiation 30-11
module number 9-4
monitoring
access groups 27-31
cables for unidirectional links 22-1
CDP 21-4
features 1-8
Flex Links 17-7
IGMP
filters 19-28
snooping 19-15
interfaces 9-16
IPv4 ACL configuration 27-31
MAC address-table move update 17-7
multicast router interfaces 19-16
MVR 19-23
network traffic for analysis with probe 23-2
port
blocking 20-16
protection 20-16
speed and duplex mode 9-11
monitoring (continued)traffic flowing among switches 24-1
traffic suppression 20-16
VLAN
filters 27-31
maps 27-31
VLANs 11-14
VMPS 11-30
VTP 12-16
MSTP
boundary ports
configuration guidelines 15-15
described 15-6
BPDU filtering
described 16-3
enabling 16-12
BPDU guard
described 16-3
enabling 16-11
CIST, described 15-3
CIST root 15-5
configuration guidelines 15-15, 16-10
configuring
forward-delay time 15-23
hello time 15-22
link type for rapid convergence 15-24
maximum aging time 15-23
maximum hop count 15-24
MST region 15-16
neighbor type 15-25
path cost 15-20
port priority 15-19
root switch 15-17
secondary root switch 15-18
switch priority 15-21
CST
defined 15-3
operations between regions 15-4
MSTP (continued)default configuration 15-14
default optional feature configuration 16-9
displaying status 15-26
enabling the mode 15-16
EtherChannel guard
described 16-7
enabling 16-14
extended system ID
effects on root switch 15-17
effects on secondary root switch 15-18
unexpected behavior 15-17
IEEE 802.1s
implementation 15-6
port role naming change 15-7
terminology 15-5
instances supported 14-9
interface state, blocking to forwarding 16-2
interoperability and compatibility among modes 14-10
interoperability with IEEE 802.1D
described 15-8
restarting migration process 15-25
IST
defined 15-3
master 15-3
operations within a region 15-3
loop guard
described 16-9
enabling 16-15
mapping VLANs to MST instance 15-16
MST region
CIST 15-3
configuring 15-16
described 15-2
hop-count mechanism 15-5
IST 15-3
supported spanning-tree instances 15-2
optional features supported 1-5
overview 15-2
MSTP (continued)Port Fast
described 16-2
enabling 16-10
preventing root switch selection 16-8
root guard
described 16-8
enabling 16-15
root switch
configuring 15-17
effects of extended system ID 15-17
unexpected behavior 15-17
shutdown Port Fast-enabled port 16-3
status, displaying 15-26
multicast groups
Immediate Leave 19-5
joining 19-3
leaving 19-5
static joins 19-10
multicast packets, blocking 20-7
multicast router interfaces, monitoring 19-16
multicast router ports, adding 19-9
multicast storm 20-1
multicast storm-control command 20-4
multicast television application 19-18
multicast VLAN 19-17
Multicast VLAN Registration
MVR
and address aliasing 19-20
and IGMPv3 19-20
configuration guidelines 19-20
configuring interfaces 19-21
default configuration 19-19
described 19-17
example application 19-18
modes 19-21
monitoring 19-23
multicast television application 19-18
MVR (continued)setting global parameters 19-20
support for 1-3
N
named IPv4 ACLs 27-13
NameSpace Mapper
native VLAN
configuring 11-21
default 11-21
Network Assistant
benefits 1-1
described 1-3
downloading image files 1-2
guide mode 1-2
management options 1-2
requirements xxxii
upgrading a switch B-18
wizards 1-2
network configuration examples
increasing network performance 1-12
long-distance, high-bandwidth transport 1-17
providing network services 1-13
server aggregation and Linux server cluster 1-14
small to medium-sized network 1-15
network design
performance 1-12
services 1-13
network management
CDP 21-1
RMON 24-1
SNMP 26-1
Network Time Protocol
no commands 2-4
nonhierarchical policy maps
configuration guidelines 28-33
configuring 28-48
described 28-9
non-IP traffic filtering 27-21
nontrunking mode 11-16
normal-range VLANs 11-4
configuration guidelines 11-5
configuration modes 11-6
configuring 11-4
defined 11-1
note, described xxxii
NSM 4-3
NTP
associations
authenticating 6-4
defined 6-2
enabling broadcast messages 6-6
peer 6-5
server 6-5
default configuration 6-4
displaying the configuration 6-11
overview 6-2
restricting access
creating an access group 6-8
disabling NTP services per interface 6-10
source IP address, configuring 6-10
stratum 6-2
support for 1-4
synchronizing devices 6-5
time
services 6-2
synchronizing 6-2
O
options, management 1-3
out-of-profile markdown 1-8
P
packet modification, with QoS 28-19
PAgP
passwords
default configuration 7-2
disabling recovery of 7-5
encrypting 7-3
for security 1-6
in clusters 5-13
overview 7-1
recovery of 30-3
setting
enable 7-3
enable secret 7-3
Telnet 7-6
with usernames 7-6
VTP domain 12-8
path cost
MSTP 15-20
STP 14-18
PC (passive command switch) 5-9
performance, network design 1-12
performance features 1-3
persistent self-signed certificate 7-43
per-VLAN spanning-tree plus
physical ports 9-2
PIM-DVMRP, as snooping method 19-8
ping
character output description 30-13
executing 30-13
overview 30-13
policed-DSCP map for QoS 28-62
policers
configuring
for each matched traffic class 28-48
for more than one traffic class 28-58
policers (continued)described 28-4
displaying 28-78
number of 28-34
types of 28-9
policing
described 28-4
hierarchical
token-bucket algorithm 28-9
policy maps for QoS
characteristics of 28-48
described 28-7
displaying 28-78
hierarchical 28-8
hierarchical on SVIs
configuration guidelines 28-33
configuring 28-52
described 28-11
nonhierarchical on physical ports
configuration guidelines 28-33
configuring 28-48
described 28-9
port ACLs
defined 27-2
types of 27-3
Port Aggregation Protocol
port-based authentication
accounting 8-5
authentication server
defined 8-2
RADIUS server 8-2
client, defined 8-2
configuration guidelines 8-15
configuring
802.1x authentication 8-16
guest VLAN 8-24
host mode 8-23
port-based authentication (continued)configuring (continued)
manual re-authentication of a client 8-20
periodic re-authentication 8-19
quiet period 8-20
RADIUS server 8-18
RADIUS server parameters on the switch 8-17
restricted VLAN 8-25
switch-to-client frame-retransmission number 8-22
switch-to-client retransmission time 8-21
default configuration 8-14
described 8-1
device roles 8-2
displaying statistics 8-28
EAPOL-start frame 8-3
EAP-request/identity frame 8-3
EAP-response/identity frame 8-3
encapsulation 8-3
guest VLAN
configuration guidelines 8-10, 8-11
described 8-10
host mode 8-6
initiation and message exchange 8-3
magic packet 8-11
method lists 8-16
multiple-hosts mode, described 8-6
per-user ACLs
AAA authorization 8-16
configuration tasks 8-13
described 8-12
RADIUS server attributes 8-12
ports
authorization state and dot1x port-control command 8-4
authorized and unauthorized 8-4
voice VLAN 8-8
port security
and voice VLAN 8-8
described 8-7
port-based authentication (continued)port security (continued)
interactions 8-7
multiple-hosts mode 8-7
resetting to default values 8-27
statistics, displaying 8-28
switch
as proxy 8-3
RADIUS client 8-3
upgrading from a previous release 8-16, 28-26
VLAN assignment
AAA authorization 8-16
characteristics 8-9
configuration tasks 8-9
described 8-8
voice VLAN
described 8-8
PVID 8-8
VVID 8-8
wake-on-LAN, described 8-11
port-channel
Port Fast
described 16-2
enabling 16-10
mode, spanning tree 11-27
support for 1-5
port membership modes, VLAN 11-3
port priority
MSTP 15-19
STP 14-16
ports
access 9-2
blocking 20-6
dynamic access 11-3
protected 20-5
secure 20-7
ports (continued)switch 9-2
VLAN assignments 11-10
port security
aging 20-15
and QoS trusted boundary 28-38
configuring 20-11
default configuration 20-10
described 20-7
displaying 20-16
on trunk ports 20-12
sticky learning 20-8
violations 20-9
with other features 20-10
port-shutdown response, VMPS 11-26
preferential treatment of traffic
preventing unauthorized access 7-1
primary links 17-2
priority
overriding CoS 13-6
trusting CoS 13-6
private VLAN edge ports
privileged EXEC mode 2-2
privilege levels
changing the default for lines 7-9
command switch 5-14
exiting 7-9
logging into 7-9
mapping on member switches 5-14
setting a command with 7-8
pruning, VTP
disabling
in VTP domain 12-14
on a port 11-21
pruning, VTP (continued)enabling
in VTP domain 12-14
on a port 11-20
examples 12-5
overview 12-4
pruning-eligible list
changing 11-20
for VTP pruning 12-4
VLANs 12-14
PVST+
described 14-9
IEEE 802.1Q trunking interoperability 14-10
instances supported 14-9
Q
QoS
and MQC commands 28-1
auto-QoS
categorizing traffic 28-21
configuration and defaults display 28-30
configuration guidelines 28-25
described 28-20
disabling 28-27
displaying generated commands 28-27
displaying the initial configuration 28-30
effects on running configuration 28-25
egress queue defaults 28-21
enabling for VoIP 28-26
example configuration 28-28
ingress queue defaults 28-21
list of generated commands 28-22
basic model 28-4
classification
class maps, described 28-7
defined 28-4
DSCP transparency, described 28-39
flowchart 28-6
QoS (continued)classification (continued)
forwarding treatment 28-3
in frames and packets 28-3
MAC ACLs, described 28-5, 28-7
options for IP traffic 28-5
options for non-IP traffic 28-5
policy maps, described 28-7
trust DSCP, described 28-5
trusted CoS, described 28-5
trust IP precedence, described 28-5
class maps
configuring 28-46
displaying 28-78
configuration guidelines
auto-QoS 28-25
standard QoS 28-33
configuring
aggregate policers 28-58
auto-QoS 28-20
default port CoS value 28-37
DSCP maps 28-60
DSCP transparency 28-39
DSCP trust states bordering another domain 28-40
egress queue characteristics 28-70
ingress queue characteristics 28-66
IP extended ACLs 28-44
IP standard ACLs 28-43
MAC ACLs 28-45
policy maps, hierarchical 28-52
policy maps on physical ports 28-48
port trust states within the domain 28-36
trusted boundary 28-38
default auto configuration 28-21
default standard configuration 28-31
displaying statistics 28-78
DSCP transparency 28-39
QoS (continued)egress queues
allocating buffer space 28-71
buffer allocation scheme, described 28-18
configuring shaped weights for SRR 28-75
configuring shared weights for SRR 28-76
described 28-4
displaying the threshold map 28-74
flowchart 28-17
mapping DSCP or CoS values 28-73
scheduling, described 28-4
setting WTD thresholds 28-71
WTD, described 28-19
enabling globally 28-35
flowcharts
classification 28-6
egress queueing and scheduling 28-17
ingress queueing and scheduling 28-15
policing and marking 28-10
implicit deny 28-7
ingress queues
allocating bandwidth 28-68
allocating buffer space 28-68
buffer and bandwidth allocation, described 28-16
configuring shared weights for SRR 28-68
configuring the priority queue 28-69
described 28-4
displaying the threshold map 28-67
flowchart 28-15
mapping DSCP or CoS values 28-67
priority queue, described 28-16
scheduling, described 28-4
setting WTD thresholds 28-67
WTD, described 28-16
IP phones
automatic classification and queueing 28-20
detection and trusted settings 28-20, 28-38
limiting bandwidth on egress interface 28-77
QoS (continued)mapping tables
CoS-to-DSCP 28-60
displaying 28-78
DSCP-to-CoS 28-63
DSCP-to-DSCP-mutation 28-64
IP-precedence-to-DSCP 28-61
policed-DSCP 28-62
types of 28-12
marked-down actions 28-50, 28-55
overview 28-2
packet modification 28-19
policers
configuring 28-50, 28-55, 28-58
described 28-8
displaying 28-78
number of 28-34
types of 28-9
policies, attaching to an interface 28-8
policing
token bucket algorithm 28-9
policy maps
characteristics of 28-48
displaying 28-78
hierarchical 28-8
hierarchical on SVIs 28-52
nonhierarchical on physical ports 28-48
QoS label, defined 28-4
queues
configuring egress characteristics 28-70
configuring ingress characteristics 28-66
high priority (expedite) 28-19, 28-76
location of 28-13
SRR, described 28-14
WTD, described 28-13
rewrites 28-19
support for 1-7
QoS (continued)trust states
bordering another domain 28-40
described 28-5
trusted device 28-38
within the domain 28-36
quality of service
queries, IGMP 19-4
query solicitation, IGMP 19-12
R
RADIUS
attributes
vendor-proprietary 7-30
vendor-specific 7-29
configuring
accounting 7-28
authentication 7-23
authorization 7-27
communication, global 7-21, 7-29
communication, per-server 7-20, 7-21
multiple UDP ports 7-20
default configuration 7-20
defining AAA server groups 7-25
displaying the configuration 7-31
identifying the server 7-20
in clusters 5-13
limiting the services to the user 7-27
method list, defined 7-19
operation of 7-19
overview 7-17
suggested network environments 7-18
support for 1-7
tracking services accessed by user 7-28
range
macro 9-7
of interfaces 9-6
rapid convergence 15-10
rapid per-VLAN spanning-tree plus
rapid PVST+
described 14-9
IEEE 802.1Q trunking interoperability 14-10
instances supported 14-9
Rapid Spanning Tree Protocol
rcommand command 5-14
RCP
configuration files
downloading B-16
overview B-15
preparing the server B-15
uploading B-17
image files
deleting old image B-31
downloading B-29
preparing the server B-28
uploading B-31
reconfirmation interval, VMPS, changing 11-29
reconfirming dynamic VLAN membership 11-29
recovery procedures 30-1
redundancy
EtherChannel 29-2
STP
backbone 14-8
path cost 11-24
port priority 11-22
redundant links and UplinkFast 16-13
reloading software 3-15
Remote Authentication Dial-In User Service
Remote Copy Protocol
Remote Network Monitoring
Remote SPAN
remote SPAN 23-2
report suppression, IGMP
described 19-6
disabling 19-15
requirements
cluster xxxiii
device manager xxxii
Network Assistant xxxii
resequencing ACL entries 27-13
resetting a UDLD-shutdown interface 22-6
restricted VLAN
configuring 8-25
described 8-10
using with IEEE 802.1x 8-10
restricting access
NTP services 6-8
overview 7-1
passwords and privilege levels 7-2
RADIUS 7-17
TACACS+ 7-10
retry count, VMPS, changing 11-29
RFC
1112, IP multicast and IGMP 19-2
1157, SNMPv1 26-2
1305, NTP 6-2
1757, RMON 24-2
1901, SNMPv2C 26-2
1902 to 1907, SNMPv2 26-2
2236, IP multicast and IGMP 19-2
2273-2275, SNMPv3 26-2
RMON
default configuration 24-3
displaying status 24-6
enabling alarms and events 24-3
groups supported 24-2
overview 24-1
RMON (continued)statistics
collecting group Ethernet 24-5
collecting group history 24-5
support for 1-9
root guard
described 16-8
enabling 16-15
support for 1-5
root switch
MSTP 15-17
STP 14-14
RSPAN 23-2
characteristics 23-7
configuration guidelines 23-15
default configuration 23-9
destination ports 23-6
displaying status 23-23
interaction with other features 23-8
monitored ports 23-5
monitoring ports 23-6
received traffic 23-4
sessions
creating 23-16
defined 23-3
limiting source traffic to specific VLANs 23-22
specifying monitored ports 23-16
with ingress traffic enabled 23-20
source ports 23-5
transmitted traffic 23-5
VLAN-based 23-6
RSTP
active topology 15-9
BPDU
format 15-12
processing 15-13
designated port, defined 15-9
designated switch, defined 15-9
RSTP (continued)interoperability with IEEE 802.1D
described 15-8
restarting migration process 15-25
topology changes 15-13
overview 15-8
port roles
described 15-9
synchronized 15-11
proposal-agreement handshake process 15-10
rapid convergence
described 15-10
edge ports and Port Fast 15-10
point-to-point links 15-10, 15-24
root ports 15-10
root port, defined 15-9
running configuration, saving 3-10
S
SC (standby command switch) 5-9
scheduled reloads 3-15
secure HTTP client
configuring 7-47
displaying 7-48
secure HTTP server
configuring 7-46
displaying 7-48
secure MAC addresses
deleting 20-14
maximum number of 20-8
types of 20-8
secure ports, configuring 20-7
secure remote connections 7-38
Secure Socket Layer
security, port 20-7
security features 1-6
sequence numbers in log messages 25-7
server mode, VTP 12-3
service-provider network, MSTP and RSTP 15-1
set-request operation 26-5
setup program
failed command switch replacement 30-10
replacing failed command switch 30-8
severity levels, defining in system messages 25-8
SFPs
monitoring status of 9-16, 30-12
security and identification 30-12
status, displaying 30-12
shaped round robin
show access-lists hw-summary command 27-19
show and more command output, filtering 2-10
show cdp traffic command 21-5
show cluster members command 5-14
show configuration command 9-14
show forward command 30-20
show interfaces command 9-11, 9-14
show platform forward command 30-20
show running-config command
displaying ACLs 27-18, 27-25, 27-28
interface description in 9-14
shutdown command on interfaces 9-17
Simple Network Management Protocol
Smartports macros
applying Cisco-default macros 10-6
applying global parameter values 10-5, 10-6
applying macros 10-5
applying parameter values 10-5, 10-7
configuration guidelines 10-3
creating 10-4
default configuration 10-2
defined 10-1
Smartports macros (continued)displaying 10-8
tracing 10-3
website 10-2
SNAP 21-1
SNMP
accessing MIB variables with 26-4
agent
described 26-4
disabling 26-8
authentication level 26-11
community strings
configuring 26-8
for cluster switches 26-4
overview 26-4
configuration examples 26-16
default configuration 26-7
engine ID 26-7
host 26-7
ifIndex values 26-6
in-band management 1-5
in clusters 5-13
informs
and trap keyword 26-12
described 26-5
differences from traps 26-5
disabling 26-15
enabling 26-15
limiting access by TFTP servers 26-16
limiting system log messages to NMS 25-9
managing clusters with 5-15
MIBs
location of A-3
supported A-1
notifications 26-5
security levels 26-3
SNMP (continued)status, displaying 26-17
system contact and location 26-15
trap manager, configuring 26-14
traps
differences from informs 26-5
disabling 26-15
enabling 26-12
enabling MAC address notification 6-21
types of 26-12
versions supported 26-2
SNMPv1 26-2
SNMPv2C 26-2
SNMPv3 26-2
snooping, IGMP 19-1
software images
location in flash B-19
recovery procedures 30-2
scheduling reloads 3-16
tar file format, described B-19
See also downloading and uploading
source addresses, in IPv4 ACLs 27-10
source-and-destination-IP address based forwarding, EtherChannel 29-7
source-and-destination MAC address forwarding, EtherChannel 29-6
source-IP address based forwarding, EtherChannel 29-6
source-MAC address forwarding, EtherChannel 29-6
SPAN
configuration guidelines 23-10
default configuration 23-9
destination ports 23-6
displaying status 23-23
interaction with other features 23-8
monitored ports 23-5
monitoring ports 23-6
SPAN (continued)ports, restrictions 20-11
received traffic 23-4
sessions
configuring ingress forwarding 23-14, 23-21
creating 23-10
defined 23-3
limiting source traffic to specific VLANs 23-14
removing destination (monitoring) ports 23-12
specifying monitored ports 23-10
with ingress traffic enabled 23-13
source ports 23-5
transmitted traffic 23-5
VLAN-based 23-6
spanning tree and native VLANs 11-17
Spanning Tree Protocol
SPAN traffic 23-4
SRR
configuring
shaped weights on egress queues 28-75
shared weights on egress queues 28-76
shared weights on ingress queues 28-68
described 28-14
shaped mode 28-14
shared mode 28-14
support for 1-8
SSH
configuring 7-39
cryptographic software image 7-37
encryption methods 7-38
user authentication methods, supported 7-38
SSL
configuration guidelines 7-44
configuring a secure HTTP client 7-47
configuring a secure HTTP server 7-46
cryptographic software image 7-42
SSL (continued)described 7-42
monitoring 7-48
standby command switch
considerations 5-10
defined 5-2
priority 5-9
requirements 5-3
virtual IP address 5-10
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby links 17-2
startup configuration
booting
manually 3-13
specific image 3-13
clearing B-18
configuration file
automatically downloading 3-12
specifying the filename 3-12
default boot configuration 3-12
static access ports
assigning to VLAN 11-10
static addresses
static MAC addressing 1-6
static VLAN membership 11-2
statistics
802.1x 8-28
CDP 21-4
interface 9-16
QoS ingress and egress 28-78
RMON group Ethernet 24-5
RMON group history 24-5
SNMP input and output 26-17
VTP 12-16
sticky learning 20-8
storm control
configuring 20-3
described 20-1
disabling 20-5
displaying 20-16
support for 1-3
thresholds 20-1
STP
accelerating root port selection 16-4
BackboneFast
described 16-5
disabling 16-14
enabling 16-13
BPDU filtering
described 16-3
disabling 16-12
enabling 16-12
BPDU guard
described 16-3
disabling 16-11
enabling 16-11
BPDU message exchange 14-3
configuration guidelines 14-11, 16-10
configuring
forward-delay time 14-21
hello time 14-20
maximum aging time 14-21
path cost 14-18
port priority 14-16
root switch 14-14
secondary root switch 14-16
spanning-tree mode 14-13
switch priority 14-19
counters, clearing 14-22
default configuration 14-11
default optional feature configuration 16-9
designated port, defined 14-3
STP (continued)designated switch, defined 14-3
detecting indirect link failures 16-5
disabling 14-14
displaying status 14-22
EtherChannel guard
described 16-7
disabling 16-14
enabling 16-14
extended system ID
effects on root switch 14-14
effects on the secondary root switch 14-16
overview 14-4
unexpected behavior 14-14
features supported 1-5
IEEE 802.1D and bridge ID 14-4
IEEE 802.1D and multicast addresses 14-8
IEEE 802.1t and VLAN identifier 14-4
inferior BPDU 14-3
instances supported 14-9
interface state, blocking to forwarding 16-2
interface states
blocking 14-6
disabled 14-7
learning 14-6
listening 14-6
overview 14-4
interoperability and compatibility among modes 14-10
keepalive messages 14-2
limitations with IEEE 802.1Q trunks 14-10
load sharing
overview 11-22
using path costs 11-24
using port priorities 11-22
loop guard
described 16-9
enabling 16-15
modes supported 14-9
STP (continued)multicast addresses, effect of 14-8
optional features supported 1-5
overview 14-2
path costs 11-24
Port Fast
described 16-2
enabling 16-10
port priorities 11-23
preventing root switch selection 16-8
protocols supported 14-9
redundant connectivity 14-8
root guard
described 16-8
enabling 16-15
root port, defined 14-3
root switch
configuring 14-14
effects of extended system ID 14-4, 14-14
election 14-3
unexpected behavior 14-14
shutdown Port Fast-enabled port 16-3
status, displaying 14-22
superior BPDU 14-3
timers, described 14-20
UplinkFast
described 16-4
enabling 16-13
stratum, NTP 6-2
success response, VMPS 11-26
summer time 6-13
SunNet Manager 1-4
switch clustering technology 5-1
switch console port 1-5
Switched Port Analyzer
switched ports 9-2
switchport block multicast command 20-7
switchport block unicast command 20-7
switchport protected command 20-6
switch priority
MSTP 15-21
STP 14-19
switch software features 1-1
syslog
system clock
configuring
daylight saving time 6-13
manually 6-11
summer time 6-13
time zones 6-12
displaying the time and date 6-12
overview 6-1
system message logging
default configuration 25-3
defining error message severity levels 25-8
disabling 25-3
displaying the configuration 25-12
enabling 25-4
facility keywords, described 25-12
level keywords, described 25-9
limiting messages 25-9
message format 25-2
overview 25-1
sequence numbers, enabling and disabling 25-7
setting the display destination device 25-4
synchronizing log messages 25-5
syslog facility 1-9
time stamps, enabling and disabling 25-7
UNIX syslog servers
configuring the daemon 25-10
configuring the logging facility 25-11
facilities supported 25-12
system name
default configuration 6-15
default setting 6-15
manual configuration 6-15
system prompt, default setting 6-14, 6-15
T
TACACS+
accounting, defined 7-11
authentication, defined 7-11
authorization, defined 7-11
configuring
accounting 7-16
authentication key 7-13
authorization 7-16
login authentication 7-14
default configuration 7-13
displaying the configuration 7-17
identifying the server 7-13
in clusters 5-13
limiting the services to the user 7-16
operation of 7-12
overview 7-10
support for 1-7
tracking services accessed by user 7-16
tar files
creating B-5
displaying the contents of B-6
extracting B-7
image file format B-19
TDR 1-9
Telnet
accessing management interfaces 2-10
number of connections 1-5
setting a password 7-6
temporary self-signed certificate 7-43
Terminal Access Controller Access Control System Plus
terminal lines, setting a password 7-6
TFTP
configuration files
downloading B-10
preparing the server B-10
uploading B-11
configuration files in base directory 3-5
configuring for autoconfiguration 3-5
image files
deleting B-22
downloading B-21
preparing the server B-21
uploading B-23
limiting access by servers 26-16
TFTP server 1-4
threshold, traffic level 20-2
time
Time Domain Reflector
time-range command 27-15
time ranges in ACLs 27-15
time stamps in log messages 25-7
time zones 6-12
Token Ring VLANs
support for 11-5
VTP support 12-4
ToS 1-8
traceroute, Layer 2
and ARP 30-15
and CDP 30-14
broadcast traffic 30-14
described 30-14
IP addresses and subnets 30-15
MAC addresses and VLANs 30-15
multicast traffic 30-15
multiple devices on a port 30-15
traceroute, Layer 2 (continued)unicast traffic 30-14
usage guidelines 30-14
traceroute command 30-16
traffic
blocking flooded 20-7
fragmented 27-4
unfragmented 27-4
traffic policing 1-8
traffic suppression 20-1
transmit hold-count
transparent mode, VTP 12-3, 12-12
trap-door mechanism 3-2
traps
configuring MAC address notification 6-21
configuring managers 26-12
defined 26-3
notification types 26-12
troubleshooting
connectivity problems 30-12, 30-14, 30-15
detecting unidirectional links 22-1
displaying crash information 30-21
setting packet forwarding 30-20
SFP security and identification 30-12
show forward command 30-20
with CiscoWorks 26-4
with debug commands 30-18
with ping 30-13
with system message logging 25-1
with traceroute 30-15
trunking encapsulation 1-6
trunk ports
configuring 11-18
encapsulation 11-18, 11-23, 11-24
trunks
allowed-VLAN list 11-19
configuring 11-18, 11-23, 11-24
ISL 11-14
load sharing
setting STP path costs 11-24
using STP port priorities 11-22, 11-23
native VLAN for untagged traffic 11-21
parallel 11-24
pruning-eligible list 11-20
to non-DTP device 11-15
trusted boundary for QoS 28-38
trusted port states
between QoS domains 28-40
classification options 28-5
ensuring port security for IP phones 28-38
support for 1-8
within a QoS domain 28-36
trustpoints, CA 7-42
twisted-pair Ethernet, detecting unidirectional links 22-1
type of service
U
UDLD
configuration guidelines 22-4
default configuration 22-4
disabling
globally 22-5
on fiber-optic interfaces 22-5
per interface 22-5
echoing detection mechanism 22-2
enabling
globally 22-5
per interface 22-5
link-detection mechanism 22-1
neighbor database 22-2
overview 22-1
UDLD (continued)resetting an interface 22-6
status, displaying 22-6
support for 1-5
unauthorized ports with IEEE 802.1x 8-4
unicast MAC address filtering 1-4
and adding static addresses 6-25
and broadcast MAC addresses 6-24
and CPU packets 6-24
and multicast addresses 6-24
and router MAC addresses 6-24
configuration guidelines 6-24
described 6-24
unicast storm 20-1
unicast storm control command 20-4
unicast traffic, blocking 20-7
UniDirectional Link Detection protocol
UNIX syslog servers
daemon configuration 25-10
facilities supported 25-12
message logging configuration 25-11
unrecognized Type-Length-Value (TLV) support 12-4
upgrading information
upgrading software images
UplinkFast
described 16-4
disabling 16-13
enabling 16-13
support for 1-5
uploading
configuration files
reasons for B-8
using FTP B-14
using RCP B-17
using TFTP B-11
uploading (continued)image files
reasons for B-19
using FTP B-27
using RCP B-31
using TFTP B-23
user EXEC mode 2-2
username-based authentication 7-6
V
version-dependent transparent mode 12-4
virtual IP address
cluster standby group 5-10
command switch 5-10
vlan.dat file 11-4
VLAN 1, disabling on a trunk port 11-19
VLAN 1 minimization 11-19
VLAN ACLs
vlan-assignment response, VMPS 11-25
VLAN configuration
at bootup 11-7
saving 11-7
VLAN configuration mode 2-2, 11-6
VLAN database
and startup configuration file 11-7
and VTP 12-1
VLAN configuration saved in 11-6
VLANs saved in 11-4
vlan database command 11-6
VLAN filtering and SPAN 23-6
vlan global configuration command 11-6
VLAN ID, discovering 6-26
VLAN management domain 12-2
VLAN Management Policy Server
VLAN map entries, order of 27-25
VLAN maps
applying 27-28
common uses for 27-28
configuration guidelines 27-25
configuring 27-24
creating 27-25
denying access to a server example 27-30
denying and permitting packets 27-26
displaying 27-31
examples of ACLs and VLAN maps 27-26
removing 27-28
support for 1-7
wiring closet configuration example 27-29
VLAN membership
confirming 11-29
modes 11-3
VLAN Query Protocol
VLANs
adding 11-8
adding to VLAN database 11-8
aging dynamic addresses 14-9
allowed on trunk 11-19
and spanning-tree instances 11-2, 11-6, 11-12
configuration guidelines, extended-range VLANs 11-12
configuration guidelines, normal-range VLANs 11-5
configuration options 11-6
configuring 11-1
configuring IDs 1006 to 4094 11-12
creating in config-vlan mode 11-8
creating in VLAN configuration mode 11-9
default configuration 11-7
deleting 11-10
displaying 11-14
features 1-6
illustrated 11-2
VLANs (continued)limiting source traffic with RSPAN 23-22
limiting source traffic with SPAN 23-14
modifying 11-8
multicast 19-17
native, configuring 11-21
number supported 1-6
parameters 11-4
port membership modes 11-3
static-access ports 11-10
STP and IEEE 802.1Q trunks 14-10
supported 11-2
Token Ring 11-5
traffic between 11-2
VTP modes 12-3
VLAN Trunking Protocol
VLAN trunks 11-14
VMPS
administering 11-30
configuration example 11-30
configuration guidelines 11-27
default configuration 11-26
description 11-25
dynamic port membership
described 11-26
reconfirming 11-29
troubleshooting 11-30
entering server address 11-27
mapping MAC addresses to VLANs 11-25
monitoring 11-30
reconfirmation interval, changing 11-29
reconfirming membership 11-29
retry count, changing 11-29
voice-over-IP 13-1
voice VLAN
Cisco 7960 phone, port connections 13-1
configuration guidelines 13-3
configuring IP phones for data traffic
override CoS of incoming frame 13-6
trust CoS priority of incoming frame 13-6
configuring ports for voice traffic in
802.1p priority tagged frames 13-5
802.1Q frames 13-5
connecting to an IP phone 13-4
default configuration 13-3
described 13-1
displaying 13-6
IP phone data traffic, described 13-2
IP phone voice traffic, described 13-2
VTP
adding a client to a domain 12-14
and extended-range VLANs 12-1
and normal-range VLANs 12-1
client mode, configuring 12-11
configuration
global configuration mode 12-7
guidelines 12-8
privileged EXEC mode 12-7
requirements 12-9
saving 12-7
VLAN configuration mode 12-7
configuration mode options 12-7
configuration requirements 12-9
configuration revision number
guideline 12-14
resetting 12-15
configuring
client mode 12-11
server mode 12-9
transparent mode 12-12
consistency checks 12-4
VTP (continued)default configuration 12-6
described 12-1
disabling 12-12
domain names 12-8
domains 12-2
modes
transitions 12-3
monitoring 12-16
passwords 12-8
pruning
disabling 12-14
enabling 12-14
examples 12-5
overview 12-4
support for 1-6
pruning-eligible list, changing 11-20
server mode, configuring 12-9
statistics 12-16
support for 1-6
Token Ring support 12-4
transparent mode, configuring 12-12
using 12-1
version, guidelines 12-8
Version 1 12-4
Version 2
configuration guidelines 12-8
disabling 12-13
enabling 12-13
overview 12-4
W
weighted tail drop
wizards 1-2
WTD
described 28-13
setting thresholds
egress queue-sets 28-71
ingress queues 28-67
support for 1-8
X
Xmodem protocol 30-2