-
Catalyst 3550 Multilayer Switch Software Configuration Guide, Rel. 12.2(25)SE
-
Index
-
Preface
-
Using the Command-Line Interface
-
Assigning the Switch IP Address and Default Gateway
-
Configuring IE2100 CNS Agents
-
Clustering Switches
-
Administering the Switch
-
Configuring Switch-Based Authentication
-
Configuring 802.1x Port-Based Authentication
-
Configuring Interface Characteristics
-
Configuring Smartports Macros
-
Configuring VLANs
-
Configuring VTP
-
Configuring Voice VLAN
-
Configuring 802.1Q and Layer 2 Protocol Tunneling
-
Configuring STP
-
Configuring MSTP
-
Configuring Optional Spanning-Tree Features
-
Configuring DHCP Features
-
Configuring IGMP Snooping and MVR
-
Configuring Port-Based Traffic Control
-
Configuring CDP
-
Configuring UDLD
-
Configuring SPAN and RSPAN
-
Configuring RMON
-
Configuring System Message Logging
-
Configuring SNMP
-
Configuring Network Security with ACLs
-
Configuring QoS
-
Configuring EtherChannels
-
Configuring IP Unicast Routing
-
Configuring HSRP
-
Configuring Web Cache Services By Using WCCP
-
Configuring IP Multicast Routing
-
Configuring MSDP
-
Configuring Fallback Bridging
-
Troubleshooting
-
Supported MIBs
-
Working with the Cisco IOS File System, Configuration Files, and Software Images
-
Unsupported Commands in Cisco IOS Release 12.2SE
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
Numerics
144-bit Layer 3 TCAM 6-28, 30-63
802.1D
802.1Q
and trunk ports 9-3
configuration limitations 11-18
encapsulation 11-16
native VLAN for untagged traffic 11-23
tunneling
compatibility with other features 14-5
defaults 14-4
described 14-1
tunnel ports and ACLs 27-3
tunnel ports with other features 14-6
802.1s
802.1w
802.1x
802.3af
802.3z flow control 9-18
A
abbreviating commands 2-3
ABRs 30-24
access-class command 27-20
access control entries
access-denied response, VMPS 11-27
access groups
IP 27-21
Layer 3 27-21
access lists
access ports
and Layer 2 protocol tunneling 14-10
defined 9-3
accounting
with RADIUS 7-28
ACEs
and QoS 28-7
defined 27-2
Ethernet 27-2
IP 27-2
ACLs
ACEs 27-2
and logging 27-7
any keyword 27-13
applying
on bridged packets 27-38
on multicast packets 27-39
on routed packets 27-38
on switched packets 27-37
time ranges to 27-17
to Layer 2 and Layer 3 interfaces 27-20
to QoS 28-7
classifying traffic for QoS 28-37
comments in 27-19
compatibility on the same switch 27-2
ACLs (continued)compiling 27-21
configuration conflict examples 27-43
configuring with VLAN maps 27-36
defined 27-1
examples, not fitting in hardware 27-44
extended IP
configuring for QoS classification 28-38
creating 27-11
matching criteria 27-8
feature manager 27-42
hardware and software handling 27-6
hardware support for 27-6
host keyword 27-13
IP
applying to interface 27-19
creating 27-8
defined 27-8
fragments and QoS guidelines 28-28
implicit deny 27-10, 27-14, 27-16
implicit masks 27-10
matching criteria 27-8
matching criteria for port ACLs 27-4
matching criteria for router ACLs 27-3
named 27-15
options and QoS guidelines 28-28
undefined 27-21
violations, logging 27-16
virtual terminal lines, setting on 27-19
limiting actions 27-37
logging messages 27-10
log keyword 27-16
merge failure examples 27-45
monitoring 27-40
named 27-15
not fitting in hardware 27-44
ACLs (continued)number per QoS class map 28-28
numbers 27-8
policy maps and QoS classification 28-28
port
and voice VLAN 27-4
defined 27-2
limitations 27-4
resequencing entries 27-15
router 27-2
standard IP
configuring for QoS classification 28-37
creating 27-9
matching criteria 27-8
support for 1-5
time ranges 27-17
undefined 27-28
unsupported features 27-7
using router ACLs with VLAN maps 27-36
VLAN maps
configuration guidelines 27-30
configuring 27-29
defined 27-4
active router 31-1
addresses
displaying the MAC address table 6-27
dynamic
accelerated aging 15-8
changing the aging time 6-22
default aging 15-8
defined 6-20
learning 6-21
preventing frame forwarding 35-5
removing 6-23
filtering frames by MAC address 35-6
MAC, discovering 6-30
addresses (continued)multicast
group address range 33-1, 33-3
STP address management 15-8
static
adding and removing 6-25
defined 6-20
Address Resolution Protocol
adjacency tables, with CEF 30-70
administrative distances
defined 30-80
OSPF 30-29
routing protocol defaults 30-72
advertisements
CDP 21-1
RIP 30-19
aggregate addresses, BGP 30-55
aggregated ports
aggregate policers 28-50
aggregate policing 1-6
aging, accelerating 15-8
aging time
accelerated
for MSTP 16-20
bridge table for fallback bridging 35-6
MAC address table 6-22
maximum
for MSTP 16-21
for STP 15-22
alarms, RMON 24-3
allowed-VLAN list 11-21
area border routers
ARP
configuring 30-9
defined 30-8
encapsulation 30-10
static cache configuration 30-9
support for 1-3
ARP table
address resolution 6-30
managing 6-30
ASBRs 30-24
AS-path filters, BGP 30-49
asymmetrical links, and 802.1Q tunneling 14-4
attributes, RADIUS
vendor-proprietary 7-31
vendor-specific 7-29
audience xxxv
authentication
EIGRP 30-37
HSRP 31-8
local mode with AAA 7-36
NTP associations 6-5
RADIUS
defined 7-18
key 7-21
login 7-23
TACACS+
defined 7-11
key 7-13
login 7-14
See also port-based authentication
authentication keys, and routing protocols 30-81
authoritative time source, described 6-2
authorization
with RADIUS 7-27
authorized ports with 802.1x 8-4
autoconfiguration 3-3
automatic QoS
autonegotiation
duplex mode 1-2
interface configuration guidelines 9-16
mismatches 36-10
autonomous system boundary routers
autonomous systems, in BGP 30-43
Auto-RP, described 33-5
autosensing, port speed 1-2
auxiliary VLAN
B
BackboneFast
described 17-9
enabling 17-18
support for 1-4
bandwidth for QoS
allocating 28-64
described 28-13
banners
configuring
login 6-20
message-of-the-day login 6-19
default configuration 6-18
when displayed 6-18
BGP
aggregate addresses 30-55
aggregate routes, configuring 30-55
CIDR 30-55
clear commands 30-58
community filtering 30-51
configuring neighbors 30-53
default configuration 30-41
described 30-40
enabling 30-43
monitoring 30-58
multipath support 30-46
BGP (continued)neighbors, types of 30-43
path selection 30-46
peers, configuring 30-53
prefix filtering 30-50
resetting sessions 30-45
route dampening 30-57
route maps 30-48
route reflectors 30-56
routing domain confederation 30-55
routing session with multi-VRF CE 30-65
show commands 30-58
supernets 30-55
support for 1-7
Version 4 30-40
binding cluster group and HSRP group 31-10
binding database, DHCP snooping
See DHCP snooping binding database
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 20-6
booting
boot loader, function of 3-2
boot process 3-1
manually 3-12
specific image 3-13
boot loader
accessing 3-14
described 3-2
environment variables 3-14
prompt 3-14
trap-door mechanism 3-2
bootstrap router (BSR), described 33-5
Border Gateway Protocol
BPDU
error-disabled state 17-2
filtering 17-3
RSTP format 16-9
BPDU filtering
described 17-3
enabling 17-15
support for 1-4
BPDU guard
described 17-2
enabling 17-15
support for 1-4
bridged packets, ACLs on 27-38
bridge groups
bridge protocol data unit
broadcast flooding 30-16
broadcast packets
directed 30-13
flooded 30-13
broadcast storm control
broadcast storm-control command 20-4
broadcast storms 30-13
C
cables, monitoring for unidirectional links 22-1
cache engines, redirecting traffic to 32-1
CAMs, ACLs not loading in 27-44
candidate switch
defined 5-3
requirements 5-3
See also command switch, cluster standby group, and member switch
CA trustpoint
configuring 7-44
defined 7-42
caution, described xxxvi
CDP
and trusted boundary 28-33
configuring 21-2
default configuration 21-2
described 21-1
disabling for routing device 21-3, 21-4
enabling and disabling
on an interface 21-4
on a switch 21-3
Layer 2 protocol tunneling 14-7
monitoring 21-5
overview 21-1
power negotiation extensions 9-6
support for 1-3
transmission timer and holdtime, setting 21-2
updates 21-2
CEF 30-70
CGMP
as IGMP snooping learning method 19-8
clearing cached group entries 33-52
enabling server support 33-32
joining multicast group 19-3
overview 33-8
server support only 33-8
switch support of 1-2
CIDR 30-55
CipherSuites 7-43
Cisco Discovery Protocol
Cisco Express Forwarding
Cisco Group Management Protocol
Cisco Intelligence Engine 2100 Series Configuration Registrar
Cisco intelligent power management 9-6
Cisco IOS File System
Cisco Network Assistant
Cisco Networking Services
classless interdomain routing
classless routing 30-7
class maps for QoS
configuring per physical port 28-40
configuring per-port per-VLAN 28-42
described 28-7
displaying 28-70
class of service
clearing interfaces 9-22
CLI
abbreviating commands 2-3
command modes 2-1
described 1-8
editing features
enabling and disabling 2-6
keystroke editing 2-6
wrapped lines 2-7
error messages 2-4
filtering command output 2-8
getting help 2-3
history
changing the buffer size 2-4
described 2-4
disabling 2-5
recalling commands 2-5
managing clusters 5-3
no and default forms of commands 2-3
client mode, VTP 12-3
clock
clusters, switch
benefits 1-9
described 5-1
managing
through CLI 5-3
through SNMP 5-4
planning considerations
CLI 5-3
SNMP 5-4
cluster standby group
and HSRP group 31-10
requirements 5-2
Coarse Wave Division Multiplexer GBIC modules
command-line interface
command modes 2-1
commands
abbreviating 2-3
no and default 2-3
setting privilege levels 7-8
command switch
configuration conflicts 36-10
defined 5-1
password privilege levels 5-4
recovery
from failure 36-6
from lost member connectivity 36-10
replacing
with another switch 36-9
with cluster member 36-7
requirements 5-2
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 30-52
community strings
configuring 26-7
for cluster switches 26-4
overview 26-4
config.text 3-11
configuration conflicts
ACL, displaying 27-43
recovering from lost member connectivity 36-10
configuration examples, network 1-10
configuration files
clearing the startup configuration B-18
creating using a text editor B-9
default name 3-11
deleting a stored configuration B-18
described B-7
downloading
automatically 3-12
reasons for B-7
using FTP B-12
using RCP B-16
using TFTP B-10
guidelines for creating and using B-8
invalid combinations when copying B-5
limiting TFTP server access 26-15
obtaining with DHCP 3-7
password recovery disable considerations 7-5
specifying the filename 3-12
system contact and location information 26-15
types and location B-9
uploading
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-11
VMPS database 11-28
configuration guidelines, multi-VRF CE 30-62
configuration settings, saving 3-11
configure terminal command 9-10
configuring PoE 9-17
conflicts, configuration 36-10
congestion-avoidance techniques 28-12
congestion-management techniques 28-12, 28-15
connections, secure remote 7-38
connectivity problems 36-11
consistency checks in VTP version 2 12-4
console port, connecting to 2-9
content-routing technology
conventions
command xxxvi
for examples xxxvi
publication xxxvi
text xxxvi
CoS
in Layer 2 frames 28-2
override priority 13-5
trust priority 13-6
CoS-to-DSCP map for QoS 28-53
CoS-to-egress-queue map 28-59
counters, clearing interface 9-22
CPU q, in show forward command output 36-20
crashinfo file 36-21
cross-stack UplinkFast, STP
connecting stack ports 17-7
described 17-5
enabling 17-17
fast-convergence events 17-7
Fast Uplink Transition Protocol 17-6
limitations 17-7
normal-convergence events 17-7
Stack Membership Discovery Protocol 17-6
support for 1-4
cryptographic software image
Kerberos 7-32
SSL 7-41
customer edge devices 30-60
CWDM GBIC modules, network example 1-18
CWDM OADM modules 1-18
D
daylight saving time 6-13
debugging
enabling all system diagnostics 36-18
enabling for a specific feature 36-17
redirecting error message output 36-18
using commands 36-17
default commands 2-3
default configuration
802.1Q tunneling 14-4
802.1x 8-10
auto-QoS 28-18
banners 6-18
BGP 30-41
booting 3-11
CDP 21-2
DHCP 18-6
DHCP option 82 18-6
DHCP snooping 18-6
DNS 6-17
EIGRP 30-34
EtherChannel 29-8
fallback bridging 35-3
HSRP 31-4
IGMP 33-26
IGMP filtering 19-20
IGMP snooping 19-7
IGMP throttling 19-20
initial switch information 3-3
IP addressing, IP routing 30-4
IP multicast routing 33-8
Layer 2 interfaces 9-14
Layer 2 protocol tunneling 14-10
MAC address table 6-22
MSDP 34-4
MSTP 16-12
multi-VRF CE 30-62
MVR 19-15
default configuration (continued)NTP 6-4
optional spanning-tree features 17-13
OSPF 30-25
password and privilege level 7-2
port security 20-9
RADIUS 7-20
RIP 30-19
RMON 24-3
RSPAN 23-8
SNMP 26-6
SPAN 23-8
SSL 7-44
standard QoS 28-26
storm control 20-3
STP 15-11
system message logging 25-3
system name and prompt 6-15
TACACS+ 7-13
UDLD 22-4
VLAN, Layer 2 Ethernet interfaces 11-19
VLANs 11-7
VMPS 11-29
voice VLAN 13-2
VTP 12-6
WCCP 32-5
default networks 30-73
default routes 30-73
default routing 30-2
deleting VLANs 11-10
description command 9-19
designing your network, examples 1-10
destination addresses, in ACLs 27-12
detecting indirect link failures, STP 17-9
device B-18
device discovery protocol 21-1
device manager
upgrading a switch B-18
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-6
relay device 3-6
TFTP server 3-6
example 3-8
lease options
for IP address information 3-5
for receiving the configuration file 3-5
overview 3-3
relationship to BOOTP 3-3
relay support 1-7
support for 1-3
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 18-4
configuration guidelines 18-6
default configuration 18-6
displaying 18-13
enabling
relay agent 18-8
relay agent information option 18-8
forwarding address, specifying 18-10
helper address 18-10
overview 18-3
packet format
circuit ID suboption 18-4
remote ID suboption 18-4
policy for reforwarding 18-9
reforwarding policy 18-9
DHCP option 82 (continued)remote ID suboption 18-4
support for 1-3
validating 18-9
DHCP relay agent 18-8
DHCP server 18-8
DHCP snooping
binding database
See DHCP snooping binding database
configuration guidelines 18-6
default configuration 18-6
displaying binding tables 18-13
displaying configuration 18-13
message exchange process 18-4
option 82 data insertion 18-3
trusted interface 18-2
untrusted interface 18-2
untrusted messages 18-2
DHCP snooping binding database
described 18-2
displaying 18-13
entries 18-2
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 28-2
Differentiated Services Code Point 28-2
Diffusing Update Algorithm (DUAL) 30-33
directed unicast requests 1-3
directories
changing B-3
creating and removing B-4
displaying the working B-3
Distance Vector Multicast Routing Protocol
distance-vector protocols 30-2
distribute-list command 30-80
DNS
and DHCP-based autoconfiguration 3-6
default configuration 6-17
displaying the configuration 6-18
overview 6-16
setting up 6-17
support for 1-3
documentation, related xxxvii
document conventions xxxvi
domain names
DNS 6-16
VTP 12-8
Domain Name System
dot1q-tunnel switchport mode 11-17
double-tagged packets
802.1Q tunneling 14-2
Layer 2 protocol tunneling 14-9
downloading
configuration files
reasons for B-7
using FTP B-12
using RCP B-16
using TFTP B-10
image files
deleting old image B-22
reasons for B-18
using CMS 1-2
using FTP B-24
using Network Assistant 1-2
using RCP B-28
using TFTP B-21
using the device manager or Network Assistant B-18
drop threshold for Layer 2 protocol packets 14-10
DSCP-to-CoS map for QoS 28-55
DSCP-to-DSCP-mutation map for QoS 28-57
DSCP-to-threshold map for QoS 28-61
DUAL finite state machine, EIGRP 30-33
duplex mode, configuring 9-15
DVMRP
autosummarization
configuring a summary address 33-48
disabling 33-50
connecting PIM domain to DVMRP router 33-40
enabling unicast routing 33-44
interoperability
with Cisco devices 33-38
with IOS software 33-7
mrinfo requests, responding to 33-43
neighbors
advertising the default route to 33-42
discovery with Probe messages 33-38
displaying information 33-43
prevent peering with nonpruning 33-46
rejecting nonpruning 33-45
overview 33-7
routes
adding a metric offset 33-50
advertising all 33-50
advertising the default route to neighbors 33-42
caching DVMRP routes learned in report messages 33-44
changing the threshold for syslog messages 33-47
deleting 33-52
displaying 33-52
favoring one over another 33-50
limiting the number injected into MBONE 33-47
limiting unicast route advertisements 33-38
routing table 33-8
source distribution tree, building 33-8
support for 1-7
DVMRP (continued)tunnels
configuring 33-40
displaying neighbor information 33-43
dynamic access ports
characteristics 11-3
configuring 11-30
defined 9-3
dynamic addresses
dynamic desirable trunking mode 11-17
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 11-28
reconfirming 11-31
troubleshooting 11-33
types of connections 11-30
VMPS database configuration file 11-28
dynamic routing 30-2
Dynamic Trunking Protocol
E
EBGP 30-39
editing features
enabling and disabling 2-6
keystrokes used 2-6
wrapped lines 2-7
egress q, in show forward command output 36-20
EIGRP
authentication 30-37
components 30-33
configuring 30-35
default configuration 30-34
definition 30-33
interface parameters, configuring 30-36
EIGRP (continued)monitoring 30-38
support for 1-7
enable password 7-4
enable secret password 7-4
encryption, CipherSuite 7-43
encryption for passwords 7-4
Enhanced IGRP
environment variables
function of 3-15
location in Flash 3-14
error messages
during command entry 2-4
setting the display destination device 25-4
severity levels 25-8
system message format 25-2
EtherChannel
automatic creation of 29-3
channel groups
binding physical and logical interfaces 29-2
numbering of 29-3
configuration guidelines 29-8
configuring
Layer 2 interfaces 29-9
Layer 3 physical interfaces 29-12
Layer 3 port-channel logical interfaces 29-11
default configuration 29-8
destination MAC address forwarding 29-6
displaying status 29-18
forwarding methods 29-14
interaction
with STP 29-8
with VLANs 29-9
LACP, support for 1-2
Layer 3 interface 30-3
logical interfaces, described 29-2
EtherChannel (continued)number of interfaces per 29-2
overview 29-1
PAgP
aggregate-port learners 29-5
compatibility with Catalyst 1900 29-15
displaying status 29-18
interaction with other features 29-6
learn method and priority configuration 29-15
modes 29-4
overview 29-3
silent mode 29-4
support for 1-2
port-channel interfaces
described 29-2
numbering of 29-3
port groups 9-5
source MAC address forwarding 29-6
support for 1-2
EtherChannel guard
described 17-11
enabling 17-19
Ethernet VLANs
adding 11-8
defaults and ranges 11-8
modifying 11-8
events, RMON 24-3
examples
conventions for xxxvi
network configuration 1-10
expedite queue for QoS
10/100 Ethernet ports
allocating bandwidth 28-68
configuring 28-68
described 28-15
Gigabit-capable Ethernet ports
allocating bandwidth 28-64
configuring 28-64
described 28-12
Express Setup
overview 1-1
See also getting started guide
extended-range VLANs
configuration guidelines 11-12
configuring 11-11
defined 11-1
extended system ID
MSTP 16-14
Extensible Authentication Protocol over LAN 8-1
external BGP
external neighbors, BGP 30-43
F
fallback bridging
and protected ports 35-4
bridge groups
creating 35-4
described 35-2
displaying 35-12
function of 35-2
number supported 35-4
removing 35-4
bridge table
changing the aging time 35-6
clearing 35-12
displaying 35-12
configuration guidelines 35-3
connecting interfaces with 9-9
default configuration 35-3
described 35-1
fallback bridging (continued)frame forwarding
filtering by MAC address 35-6
flooding packets 35-2
for static addresses 35-5
forwarding packets 35-2
preventing for dynamically learned stations 35-5
to static addresses 35-5
overview 35-1
protocol, unsupported 35-3
STP
disabling on an interface 35-12
forward-delay interval 35-10
hello BPDU interval 35-10
interface priority 35-8
maximum-idle interval 35-11
path cost 35-9
switch priority 35-8
support for 1-7
SVIs and routed ports 35-1
unsupported protocols 35-3
VLAN-bridge STP 15-10
fallback VLAN name 11-28
Fast Uplink Transition Protocol 17-6
feature manager, ACL 27-42
FIB 30-70
fiber-optic, detecting unidirectional links 22-1
files
copying B-4
crashinfo
description 36-21
displaying the contents of 36-21
location 36-21
deleting B-5
displaying the contents of B-7
files (continued)tar
creating B-5
displaying the contents of B-6
extracting B-7
image file format B-19
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-4
setting the default B-3
filtering
in a VLAN 27-29
non-IP traffic 27-26
show and more command output 2-8
with fallback bridging 35-6
filters, IP
flash device, number of B-1
flooded traffic, blocking 20-6
flow-based packet classification 1-6
flowcharts
QoS classification 28-6
QoS policing and marking 28-10
QoS queueing and scheduling
10/100 ports 28-15
Gigabit-capable ports 28-12
forward-delay time
MSTP 16-20
Forwarding Information Base
forwarding non-routable protocols 35-1
FTP
accessing MIB files A-2
configuration files
downloading B-12
overview B-11
preparing the server B-12
uploading B-13
image files
deleting old image B-26
downloading B-24
preparing the server B-23
uploading B-26
G
GBIC modules
GBICs
1000BASE-LX/LH module 1-13
1000BASE-SX module 1-13
1000BASE-T module 1-13
1000BASE-ZX module 1-13
CWDM module 1-18
GigaStack module 1-11
security and identification 36-11
get-bulk-request operation 26-3
get-next-request operation 26-3, 26-4
get-request operation 26-3, 26-4
get-response operation 26-3
Gigabit Interface Converters
GigaStack GBIC
fast transition of redundant link 17-5
global configuration mode 2-2
guide
audience xxxv
purpose of xxxv
guide mode 1-9
GUIs
See device manager and Network Assistant 1-8
H
hardware, determining ACL configuration fit 27-44
hello time
MSTP 16-19
STP 15-21
help, for the command line 2-3
history
changing the buffer size 2-4
described 2-4
disabling 2-5
recalling commands 2-5
history table, level and number of syslog messages 25-10
hosts, limit on dynamic ports 11-33
Hot Standby Router Protocol
HP OpenView 1-9
HSRP
authentication string 31-8
binding to cluster group 31-10
command-switch redundancy 1-3
default configuration 31-4
definition 31-1
monitoring 31-10
overview 31-1
priority 31-6
routing redundancy 1-7
timers 31-8
tracking 31-7
HTTP over SSL
HTTPS 7-42
configuring 7-45
self-signed certificate 7-42
HTTP secure server 7-42
I
IBPG 30-39
ICMP
redirect messages 30-11
support for 1-7
time exceeded messages 36-13
traceroute and 36-13
unreachable messages 27-6
unreachables and ACLs 27-7
ICMP ping
executing 36-12
overview 36-11
ICMP Router Discovery Protocol
IDS, using with SPAN and RSPAN 23-2
IE2100
CNS embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-8
Configuration Registrar
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
described 1-8
support for 1-3
IEEE 802.1p 13-1
IFS 1-3
IGMP
configuring the switch
as a member of a group 33-26
statically connected member 33-31
controlling access to groups 33-27
default configuration 33-26
deleting cache entries 33-52
displaying groups 33-52
IGMP (continued)fast switching 33-31
host-query interval, modifying 33-29
joining multicast group 19-3
join messages 19-3
leave processing, enabling 19-10
leaving multicast group 19-5
multicast reachability 33-26
overview 33-3
queries 19-3
report suppression
described 19-5
disabling 19-11
support for 1-2
throttling action 19-20
Version 1
changing to Version 2 33-28
described 33-3
Version 2
changing to Version 1 33-28
described 33-3
maximum query response time value 33-30
pruning groups 33-30
query timeout value 33-29
IGMP filtering
configuring 19-20
default configuration 19-20
described 19-19
monitoring 19-25
IGMP groups
configuring the throttling action 19-23
setting the maximum number 19-23
IGMP profile
applying 19-22
configuration mode 19-20
configuring 19-21
IGMP snooping
configuring 19-6
default configuration 19-7
definition 19-2
enabling and disabling 19-7
global configuration 19-7
Immediate Leave 19-5
method 19-8
monitoring 19-12
support for 1-2
VLAN configuration 19-7
IGMP throttling
configuring 19-23
default configuration 19-20
described 19-20
displaying action 19-25
IGP 30-24
Immediate-Leave, IGMP 19-5
Intelligence Engine 2100 Series CNS Agents
interface
number 9-9
range macros 9-12
interface configuration mode 2-2
interfaces
configuration guidelines 9-16
configuring 9-10
configuring duplex mode 9-15
configuring speed 9-15
counters, clearing 9-22
described 9-19
descriptive name, adding 9-19
displaying information about 9-21
flow control 9-18
management 1-8
monitoring 9-21
naming 9-19
physical, identifying 9-9
interfaces (continued)range of 9-10
restarting 9-23
shutting down 9-23
supported 9-9
types of 9-1
interfaces range macro command 9-12
Interior Gateway Protocol
internal BGP
internal neighbors, BGP 30-43
Internet Control Message Protocol
Internet Group Management Protocol
Inter-Switch Link
Intrusion Detection System
IOS File System
ip access-group command 27-21
IP ACLs
applying to an interface 27-19
extended, creating 27-11
for QoS classification 28-7
implicit deny 27-10, 27-14, 27-16
implicit masks 27-10
logging 27-16
named 27-15
standard, creating 27-9
undefined 27-21
virtual terminal lines, setting on 27-19
IP addresses
candidate or member 5-3
classes of 30-5
command switch 5-2
default configuration 30-4
discovering 6-30
for IP routing 30-4
MAC address association 30-8
monitoring 30-17
IP broadcast address 30-15
ip cef command 30-70
IP directed broadcasts 30-13
ip igmp profile command 19-20
IP information
assigned
manually 3-10
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing
addresses
all-multicast-routers 33-1, 33-3
host group address range 33-1, 33-3
administratively-scoped boundaries, described 33-36
Auto-RP
adding to an existing sparse-mode cloud 33-14
benefits of 33-13
clearing the cache 33-52
configuration guidelines 33-10
filtering incoming RP announcement messages 33-16
overview 33-5
preventing candidate RP spoofing 33-16
preventing join messages to false RPs 33-15
setting up in a new internetwork 33-14
using with BSR 33-21
IP multicast routing (continued)bootstrap router
configuration guidelines 33-10
configuring candidate BSRs 33-19
configuring candidate RPs 33-20
defining the IP multicast boundary 33-18
defining the PIM domain border 33-17
overview 33-5
using with Auto-RP 33-21
Cisco implementation 33-2
configuring
basic multicast routing 33-10
IP multicast boundary 33-36
TTL threshold 33-34
default configuration 33-8
enabling
multicast forwarding 33-11
PIM mode 33-11
group-to-RP mappings
Auto-RP 33-5
BSR 33-5
MBONE
deleting sdr cache entries 33-52
described 33-33
displaying sdr cache 33-53
enabling sdr listener support 33-33
limiting DVMRP routes advertised 33-47
limiting sdr cache entry lifetime 33-33
SAP packets for conference session announcement 33-33
Session Directory (sdr) tool, described 33-33
monitoring
packet rate loss 33-53
peering devices 33-53
tracing a path 33-53
multicast forwarding, described 33-6
PIMv1 and PIMv2 interoperability 33-9
protocol interaction 33-2
reverse path check (RPF) 33-6
IP multicast routing (continued)routing table
deleting 33-52
displaying 33-52
RP
assigning manually 33-12
configuring Auto-RP 33-13
configuring PIMv2 BSR 33-17
monitoring mapping information 33-22
using Auto-RP and BSR 33-21
statistics, displaying system and network 33-52
TTL thresholds, described 33-34
IP phones
and 802.1x authentication 8-7
and QoS 13-1
automatic classification and queueing 28-17
configuring 13-3
trusted boundary for QoS 28-33
IP precedence 28-2
IP-precedence-to-DSCP map for QoS 28-54
IP protocols
in ACLs 27-12
routing 1-7
IP routes, monitoring 30-82
IP routing
connecting interfaces with 9-9
enabling 30-18
IP traceroute
executing 36-13
overview 36-13
IP unicast routing
address resolution 30-8
administrative distances 30-72, 30-80
ARP 30-8
assigning IP addresses to Layer 3 interfaces 30-6
authentication keys 30-81
broadcast
address 30-15
flooding 30-16
packets 30-13
storms 30-13
classless routing 30-7
configuring static routes 30-72
default
addressing configuration 30-4
gateways 30-11
networks 30-73
routes 30-73
routing 30-2
directed broadcasts 30-13
dynamic routing 30-2
enabling 30-18
EtherChannel Layer 3 interface 30-3
IGP 30-24
inter-VLAN 30-2
IP addressing
classes 30-5
configuring 30-4
IRDP 30-12
Layer 3 interfaces 30-3
MAC address and IP address 30-8
passive interfaces 30-79
protocols
distance-vector 30-2
dynamic 30-2
link-state 30-2
proxy ARP 30-8
redistribution 30-74
reverse address resolution 30-8
IP unicast routing (continued)routed ports 30-3
static routing 30-2
steps to configure 30-3
subnet mask 30-5
subnet zero 30-6
supernet 30-7
UDP 30-15
with SVIs 30-3
ip unreachables command 27-6
IRDP
configuring 30-12
definition 30-12
support for 1-7
ISL
and trunk ports 9-3
trunking with 802.1 tunneling 14-4
J
join messages, IGMP 19-3
K
KDC
described 7-32
Kerberos
authenticating to
boundary switch 7-34
KDC 7-34
network services 7-35
configuration examples 7-32
Kerberos (continued)configuring 7-35
credentials 7-32
cryptographic software image 7-32
described 7-32
KDC 7-32
operation 7-34
realm 7-33
server 7-33
switch as trusted third party 7-32
terms 7-33
TGT 7-34
tickets 7-32
key distribution center
L
l2protocol-tunnel command 14-11
LACP
Layer 2 protocol tunneling 14-9
Layer 2 frames, classification with CoS 28-2
Layer 2 interfaces, default configuration 9-14
Layer 2 protocol tunneling
configuring 14-9
configuring for EtherChannels 14-13
default configuration 14-10
defined 14-7
guidelines 14-10
Layer 2 traceroute
and ARP 36-15
and CDP 36-15
described 36-14
IP addresses and subnets 36-15
MAC addresses and VLANs 36-15
multicast traffic 36-15
multiple devices on a port 36-15
Layer 2 traceroute (continued)unicast traffic 36-14
usage guidelines 36-15
Layer 3 features 1-7
Layer 3 interfaces
assigning IP addresses to 30-6
changing from Layer 2 mode 30-6
types of 30-3
Layer 3 packets, classification methods 28-2
LDAP 4-2
leave processing, IGMP 19-10
lightweight directory access protocol
line configuration mode 2-2
Link Aggregation Control Protocol
links, unidirectional 22-1
link state advertisements (LSAs) 30-28
link-state protocols 30-2
logging messages, ACL 27-10
login authentication
with RADIUS 7-23
with TACACS+ 7-14
login banners 6-18
log messages
long-distance, high-bandwidth transport configuration example 1-18
Long-Reach Ethernet (LRE) technology 1-11
loop guard
described 17-12
enabling 17-20
support for 1-4
M
mac access-group command 27-28
MAC ACLs and Layer 2 interfaces 27-28
MAC addresses
aging time 6-22
and VLAN association 6-21
building the address table 6-21
default configuration 6-22
discovering 6-30
displaying 6-27
displaying in DHCP snooping binding table 18-13
dynamic
learning 6-21
removing 6-23
in ACLs 27-26
IP address association 30-8
static
adding 6-25
allowing 6-27
characteristics of 6-25
dropping 6-26
removing 6-25
sticky secure, adding 20-8
MAC address multicast entries, monitoring 19-12
MAC address-to-VLAN mapping 11-27
MAC extended access lists 27-26, 28-5, 28-39
macros
manageability features 1-3
management options
benefits
clustering 1-9
Network Assistant 1-9
CLI 2-1
CNS 4-1
overview 1-8
MANs
CWDM configuration example 1-18
long-distance, high-bandwidth transport configuration example 1-18
mapping tables for QoS
configuring
CoS-to-DSCP 28-53
CoS-to-egress-queue 28-59
DSCP 28-52
DSCP-to-CoS 28-55
DSCP-to-DSCP-mutation 28-57
DSCP-to-threshold 28-61
IP-precedence-to-DSCP 28-54
policed-DSCP 28-55
described 28-10
marking
action in policy map 28-44
action with aggregate policers 28-50
matching, ACLs 27-8
maximum aging time
MSTP 16-21
STP 15-22
maximum hop count, MSTP 16-21
maximum-paths command 30-46, 30-71
membership mode, VLAN port 11-3
member switch
defined 5-1
managing 5-3
recovering from lost connectivity 36-10
requirements 5-3
See also candidate switch, cluster standby group, and standby command switch
memory, optimizing 6-27
messages
logging ACL violations 27-16
to users through banners 6-18
metrics, in BGP 30-47
metric translations, between routing protocols 30-76
metropolitan-area networks
metro tags 14-2
MIBs
accessing files with FTP A-2
location of files A-2
overview 26-1
SNMP interaction with 26-4
supported A-1
minimum-reserve levels
assigning to a queue 28-15, 28-67
configuring the buffer size 28-16, 28-67
default size 28-15
mini-point-of-presence
mirroring traffic for analysis 23-1
mismatches, autonegotiation 36-10
modules, GBIC
1000BASE-LX/LH 1-13
1000BASE-SX 1-13
1000BASE-T 1-13
1000BASE-ZX 1-13
CWDM 1-18
GigaStack 1-11
monitoring
802.1Q tunneling 14-17
access groups 27-40
ACL
configuration 27-40
configuration conflicts 27-43
fit in hardware 27-44
information 27-40
BGP 30-58
cables for unidirectional links 22-1
CDP 21-5
CEF 30-71
EIGRP 30-38
fallback bridging 35-12
features 1-7
HSRP 31-10
monitoring (continued)IGMP
filters 19-25
snooping 19-12
interfaces 9-21
IP
address tables 30-17
multicast routing 33-51
routes 30-82
Layer 2 protocol tunneling 14-17
MSDP peers 34-19
multicast router ports 19-12
multi-VRF CE 30-69
MVR 19-19
network traffic for analysis with probe 23-1
OSPF 30-32
port blocking 20-15
port protection 20-15
RP mapping information 33-22
source-active messages 34-19
speed and duplex mode 9-17
traffic flowing among switches 24-1
traffic suppression 20-15
tunneling 14-17
VLAN
filters 27-41
maps 27-41
VLANs 11-15
VMPS 11-32
VTP 12-16
MSDP
and dense-mode regions
sending SA messages to 34-17
specifying the originating address 34-18
benefits of 34-3
clearing MSDP connections and statistics 34-19
MSDP (continued)controlling source information
forwarded by switch 34-12
originated by switch 34-8
received by switch 34-14
default configuration 34-4
filtering
incoming SA messages 34-14
SA messages to a peer 34-12
SA requests from a peer 34-11
join latency, defined 34-6
meshed groups
configuring 34-16
defined 34-16
originating address, changing 34-18
overview 34-1
peer-RPF flooding 34-2
peers
configuring a default 34-4
monitoring 34-19
peering relationship, overview 34-1
requesting source information from 34-8
shutting down 34-16
source-active messages
caching 34-6
clearing cache entries 34-19
defined 34-2
filtering from a peer 34-11
filtering incoming 34-14
filtering to a peer 34-12
limiting data with TTL 34-14
monitoring 34-19
restricting advertised sources 34-9
MSTP
boundary ports
configuration guidelines 16-13
described 16-5
BPDU filtering
described 17-3
enabling 17-15
BPDU guard
described 17-2
enabling 17-15
CIST, described 16-3
configuration guidelines 16-12, 17-13
configuring
forward-delay time 16-20
hello time 16-19
link type for rapid convergence 16-22
maximum aging time 16-21
maximum hop count 16-21
MST region 16-13
path cost 16-18
port priority 16-17
root switch 16-14
secondary root switch 16-16
switch priority 16-19
CST
defined 16-3
operations between regions 16-3
default configuration 16-12
default optional feature configuration 17-13
described 16-2
displaying status 16-23
enabling the mode 16-13
EtherChannel guard
described 17-11
enabling 17-19
extended system ID
effects on root switch 16-14
effects on secondary root switch 16-16
unexpected behavior 16-15
MSTP (continued)instances supported 15-9
interface state, blocking to forwarding 17-2
interoperability and compatibility among modes 15-10
interoperability with 802.1D
described 16-5
restarting migration process 16-22
IST
defined 16-2
master 16-3
operations within a region 16-3
loop guard
described 17-12
enabling 17-20
mapping VLANs to MST instance 16-13
MST region
described 16-2
hop-count mechanism 16-4
supported spanning-tree instances 16-2
optional features supported 1-4
Port Fast
described 17-2
enabling 17-14
preventing root switch selection 17-11
root guard
described 17-11
enabling 17-19
root switch
configuring 16-15
effects of extended system ID 16-14
unexpected behavior 16-15
shutdown Port Fast-enabled port 17-2
multicast groups
and IGMP snooping 19-6
Immediate Leave 19-5
joining 19-3
leaving 19-5
static joins 19-10
multicast packets
ACLs on 27-39
blocking 20-6
multicast router ports
monitoring 19-12
adding 19-9
Multicast Source Discovery Protocol
multicast storm control
multicast storm-control command 20-4
Multicast VLAN Registration
Multiple Spanning Tree Protocol
multiple VPN routing/forwarding in customer edge devices
multi-VRF CE
configuration example 30-65
configuration guidelines 30-62
configuring 30-62
default configuration 30-62
defined 30-59
displaying 30-69
monitoring 30-69
network components 30-62
packet-forwarding process 30-61
support for 1-7
MVR
configuring interfaces 19-17
default configuration 19-15
described 19-13
modes 19-17
monitoring 19-19
setting global parameters 19-16
support for 1-2
N
named IP ACLs 27-15
NameSpace Mapper
native VLAN
and 802.1Q tunneling 14-4
configuring 11-23
default 11-23
neighbor discovery/recovery, EIGRP 30-33
neighbors, BGP 30-53
Network Assistant
downloading image files 1-2
upgrading a switch B-18
network configuration examples
increasing network performance 1-10
large network 1-15
long-distance, high-bandwidth transport 1-18
providing network services 1-11
small to medium-sized network 1-13
network design
performance 1-10
services 1-11
network management
CDP 21-1
RMON 24-1
SNMP 26-1
Network Time Protocol
no commands 2-3
non-IP traffic filtering 27-26
nontrunking mode 11-17
normal-range VLANs
configuration modes 11-6
defined 11-1
no switchport command 9-5
note, described xxxvi
not-so-stubby areas
NSM 4-3
NSSA, OSPF 30-28
NTP
associations
authenticating 6-5
defined 6-2
enabling broadcast messages 6-7
peer 6-6
server 6-6
default configuration 6-4
displaying the configuration 6-11
overview 6-2
restricting access
creating an access group 6-9
disabling NTP services per interface 6-10
source IP address, configuring 6-10
stratum 6-2
support for 1-3
synchronizing devices 6-6
time
services 6-2
synchronizing 6-2
O
OADM modules
Open Shortest Path First
optical add/drop multiplexer modules
optimizing system resources 6-27
options, management 1-8
OSPF
area parameters, configuring 30-28
configuring 30-26
default configuration
metrics 30-29
route 30-29
settings 30-25
described 30-24
interface parameters, configuring 30-27
LSA group pacing 30-31
monitoring 30-32
router IDs 30-31
route summarization 30-29
support for 1-7
virtual links 30-29
out-of-profile markdown 1-6
output interface, getting information about 36-20
P
packet modification, with QoS 28-17
PAgP
Layer 2 protocol tunneling 14-9
parallel paths, in routing tables 30-71
passive interfaces
configuring 30-79
OSPF 30-29
pass-through mode 28-34
passwords
default configuration 7-2
disabling recovery of 7-5
encrypting 7-4
for security 1-5
overview 7-1
passwords (continued)setting
enable 7-3
enable secret 7-4
Telnet 7-6
with usernames 7-7
VTP domain 12-8
path cost
MSTP 16-18
STP 15-18
PBR
defined 30-77
enabling 30-78
fast-switched policy-based routing 30-78
local policy-based routing 30-78
support for 1-7
peers, BGP 30-53
performance, network design 1-10
performance features 1-2
persistent self-signed certificate 7-42
per-VLAN spanning-tree plus
PE to CE routing, configuring 30-65
physical ports 9-2
PIM
default configuration 33-8
dense mode
overview 33-4
rendezvous point (RP), described 33-5
RPF lookups 33-7
displaying neighbors 33-53
enabling a mode 33-11
overview 33-4
router-query message interval, modifying 33-25
shared tree and source tree, overview 33-23
shortest path tree, delaying the use of 33-24
PIM (continued)sparse mode
join messages and shared tree 33-5
overview 33-5
prune messages 33-5
RPF lookups 33-7
support for 1-7
versions
interoperability 33-9
troubleshooting interoperability problems 33-22
v2 improvements 33-4
PIM-DVMRP, as snooping method 19-8
ping
character output description 36-12
executing 36-12
overview 36-11
PoE
auto mode 9-7
CDP with power consumption, described 9-6
CDP with power negotiation, described 9-6
Cisco intelligent power management 9-6
configuring 9-17
devices supported 9-5
high-power devices operating in low-power mode 9-6
powered-device detection and initial power allocation 9-6
power management modes 9-7
power negotiation extensions to CDP 9-6
standards supported 9-6
troubleshooting 36-16
policed-DSCP map for QoS 28-55
policers
configuring
for each matched traffic class 28-44
for more than one traffic class 28-50
described 28-4
displaying 28-70
types of 28-8
policing
described 28-4
token bucket algorithm 28-8
policy-based routing
policy maps for QoS
characteristics of 28-44
configuring 28-44
described 28-7
displaying 28-70
POP 1-16
port ACLs
and voice VLAN 27-4
defined 27-2
limitations 27-4
Port Aggregation Protocol
port-based authentication
accounting 8-5
accounting services 1-5
authentication server
defined 8-2
RADIUS server 8-2
client, defined 8-2
configuration guidelines 8-11
configuring
802.1x accounting 8-23
802.1x authentication 8-13, 8-21
guest VLAN 8-19
host mode 8-19
manual re-authentication of a client 8-16
periodic re-authentication 8-15
quiet period 8-16
RADIUS server 8-15
RADIUS server parameters on the switch 8-14
switch-to-client frame-retransmission number 8-17, 8-18
switch-to-client retransmission time 8-17
default configuration 8-10
port-based authentication (continued)described 8-1
device roles 8-2
displaying statistics 8-24
EAPOL-start frame 8-3
EAP-request/identity frame 8-3
EAP-response/identity frame 8-3
enabling
802.1x with guest VLAN 8-8
802.1x with per-user ACLs 8-9, 8-13
802.1x with port security 8-6
802.1x with VLAN assignment 8-7, 8-13
802.1x with voice VLAN 8-7
encapsulation 8-3
guest VLAN, configuration guidelines 8-8
host mode 8-5
initiation and message exchange 8-3
multiple-hosts mode, described 8-5
per-user ACLs, AAA authorization 8-21
ports
authorization state and dot1x port-control command 8-4
authorized and unauthorized 8-4
port security, multiple-hosts mode 8-5
resetting to default values 8-21
software upgrade changes 8-12
support for 1-5
switch
as proxy 8-2
RADIUS client 8-2
upgrading from a previous release 28-22
VLAN assignment, AAA authorization 8-21
port-channel
Port Fast
described 17-2
enabling 17-14
mode, spanning tree 11-29
support for 1-4
port membership modes, VLAN 11-3
port priority
MSTP 16-17
STP 15-17
ports
802.1Q tunnel 11-3
access 9-3
blocking 20-6
dynamic access 11-3
forwarding, resuming 20-7
protected 20-5
routed 9-4
secure 20-7
switch 9-2
VLAN assignments 11-11
port security
aging 20-13
and QoS trusted boundary 28-33
and trunk ports 20-10
configuration guidelines 20-9
configuring 20-10
default configuration 20-9
described 20-7
displaying 20-15
sticky learning 20-8
violations 20-8
with other features 20-9
port-shutdown response, VMPS 11-27
Power over Ethernet
preferential treatment of traffic
prefix lists, BGP 30-50
preventing unauthorized access 7-1
priority
HSRP 31-6
overriding CoS 13-5
trusting CoS 13-6
private VLAN edge ports
privileged EXEC mode 2-2
privilege levels
changing the default for lines 7-9
command switch 5-4
exiting 7-10
logging into 7-10
mapping on member switches 5-4
setting a command with 7-8
protocol-dependent modules, EIGRP 30-34
Protocol-Independent Multicast Protocol
provider edge devices 30-60
proxy ARP
configuring 30-10
definition 30-8
with IP routing disabled 30-11
pruning, VTP
enabling 12-14
enabling on a port 11-22
examples 12-5
overview 12-4
pruning-eligible list
changing 11-22
for VTP pruning 12-4
VLANs 12-14
publications, related xxxvii
PVST+
802.1Q trunking interoperability 15-10
described 15-9
instances supported 15-9
Q
QoS
and MQC commands 28-1
auto-QoS
categorizing traffic 28-18
configuration and defaults display 28-23
configuration guidelines 28-21
described 28-17
displaying 28-23
effects on NVRAM configuration 28-21
egress queue defaults 28-18
enabling for VoIP 28-22
generated commands 28-19
basic model 28-4
classification
class maps, described 28-7
defined 28-4
flowchart 28-6
forwarding treatment 28-3
in frames and packets 28-3
MAC ACLs, described 28-5, 28-7
pass-through mode, described 28-34
per physical port 28-40
per-port per-VLAN 28-42
policy maps, described 28-7
port default, described 28-5
trust DSCP, described 28-5
trusted CoS, described 28-5
trust IP precedence, described 28-5
types for IP traffic 28-5
types for non-IP traffic 28-5
QoS (continued)class maps
configuring per physical port 28-40
configuring per-port per-VLAN 28-42
displaying 28-70
configuration examples
distribution layer 28-73
existing wiring closet 28-71
intelligent wiring closet 28-72
configuration guidelines
auto-QoS 28-21
standard QoS 28-27
configuring
aggregate policers 28-50
auto-QoS 28-17
default port CoS value 28-32
DSCP maps 28-52
DSCP trust states bordering another domain 28-35
egress queues on 10/100 Ethernet ports 28-65
egress queues on Gigabit-capable Ethernet ports 28-58
IP extended ACLs 28-38
IP standard ACLs 28-37
MAC ACLs 28-39
pass-through mode 28-34
policy maps 28-44
port trust states within the domain 28-30
trusted boundary 28-33
default auto configuration 28-18
default standard configuration 28-26
displaying statistics 28-70
enabling globally 28-29
flowcharts
classification 28-6
policing and marking 28-10
queueing and scheduling 28-12, 28-15
implicit deny 28-7
QoS (continued)IP phones
automatic classification and queueing 28-17
detection and trusted settings 28-17, 28-33
mapping tables
CoS-to-DSCP 28-53
CoS-to-egress-queue 28-59
displaying 28-70
DSCP-to-CoS 28-55
DSCP-to-DSCP-mutation 28-57
DSCP-to-threshold 28-61
IP-precedence-to-DSCP 28-54
policed-DSCP 28-55
types of 28-10
marked-down actions 28-47
overview 28-2
packet modification 28-17
pass-through mode 28-34
policers
described 28-8
displaying 28-70
number of 28-9
types of 28-8
policies, attaching to an interface 28-9
policing
token bucket algorithm 28-8
policy maps
characteristics of 28-44
configuring 28-44
displaying 28-70
queueing, defined 28-4
QoS (continued)queues
CoS-to-egress-queue map 28-59
for 10/100 Ethernet ports 28-15
high priority (expedite) 28-13, 28-64
minimum-reserve levels 28-67
size ratios 28-60
tail-drop threshold percentages 28-13, 28-60
WRED drop-percentage thresholds 28-13, 28-62
WRR scheduling 28-64
scheduling
allocating bandwidth on 10/100 Ethernet ports 28-68
allocating bandwidth on Gigabit-capable ports 28-64
defined 28-4
support for 1-6
tail drop
configuring drop threshold percentages 28-60
described 28-13
trust states
bordering another domain 28-35
described 28-5
trusted device 28-33
within the domain 28-30
WRED
configuring drop-percentage thresholds 28-62
described 28-14
WRR scheduling 28-64
quality of service
queries, IGMP 19-3
R
RADIUS
attributes
vendor-proprietary 7-31
vendor-specific 7-29
configuring
accounting 7-28
authentication 7-23
authorization 7-27
communication, global 7-21, 7-29
communication, per-server 7-20, 7-21
multiple UDP ports 7-21
default configuration 7-20
defining AAA server groups 7-25
described 7-18
displaying the configuration 7-31
identifying the server 7-20
limiting the services to the user 7-27
method list, defined 7-20
operation of 7-19
suggested network environments 7-18
tracking services accessed by user 7-28
Random Early Detection, described 28-14
range
macro 9-12
of interfaces 9-11
rapid convergence 16-7
rapid per-VLAN spanning-tree plus
rapid PVST+
802.1Q trunking interoperability 15-10
described 15-9
instances supported 15-9
support for 11-2
Rapid Spanning Tree Protocol
RARP 30-8
rcommand command 5-3
RCP
configuration files
downloading B-16
overview B-14
preparing the server B-15
uploading B-17
image files
deleting old image B-30
downloading B-28
preparing the server B-27
uploading B-30
reconfirmation interval, VMPS, changing 11-31
recovery procedures 36-1
redundancy
EtherChannel 29-2
features 1-3
HSRP 31-1
STP
backbone 15-7
multidrop backbone 17-5
path cost 11-25
port priority 11-24
redundant links and UplinkFast 17-16
reliable transport protocol, EIGRP 30-33
reloading software 3-16
Remote Authentication Dial-In User Service
Remote Copy Protocol
Remote Network Monitoring
report suppression, IGMP
described 19-5
disabling 19-11
resequencing ACL entries 27-15
resets, in BGP 30-45
resetting a UDLD-shutdown interface 22-6
restricting access
NTP services 6-8
overview 7-1
passwords and privilege levels 7-2
RADIUS 7-17
TACACS+ 7-10
retry count, VMPS, changing 11-32
reverse address resolution 30-8
Reverse Address Resolution Protocol
RFC
1058, RIP 30-19
1112, IP multicast and IGMP 19-2
1157, SNMPv1 26-2
1163, BGP 30-39
1166, IP addresses 30-5
1253, OSPF 30-24
1267, BGP 30-39
1305, NTP 6-2
1587, NSSAs 30-24
1757, RMON 24-2
1771, BGP 30-39
1901, SNMPv2C 26-2
1902 to 1907, SNMPv2 26-2
2236, IP multicast and IGMP 19-2
2273-2275, SNMPv3 26-2
RIP
advertisements 30-19
authentication 30-22
configuring 30-20
default configuration 30-19
described 30-19
hop counts 30-19
split horizon 30-22
summary addresses 30-22
support for 1-7
RMON
default configuration 24-3
displaying status 24-6
enabling alarms and events 24-3
groups supported 24-2
overview 24-1
statistics
collecting group Ethernet 24-5
collecting group history 24-5
support for 1-7
root guard
described 17-11
enabling 17-19
support for 1-4
root switch
MSTP 16-14
STP 15-14
route calculation timers, OSPF 30-30
route dampening, BGP 30-57
routed packets, ACLs on 27-38
routed ports
configuring 30-3
defined 9-4
route-map command for policy-based routing 30-78
route maps
policy-based routing, defined 30-77
BGP 30-48
router ACLs 27-2
route reflectors, BGP 30-56
router ID, OSPF 30-31
route selection, BGP 30-46
route summarization, OSPF 30-29
route targets, VPN 30-62
routing
default 30-2
dynamic 30-2
redistribution of information 30-74
static 30-2
routing domain confederation, BGP 30-55
Routing Information Protocol
routing protocol administrative distances 30-72
RSPAN
configuration guidelines 23-16
default configuration 23-8
destination ports 23-5
displaying status 23-24
IDS 23-2
interaction with other features 23-6
monitored ports 23-4
monitoring ports 23-5
received traffic 23-3
reflector port 23-5
session limits 23-8
sessions
creating 23-17
defined 23-3
limiting source traffic to specific VLANs 23-23
monitoring VLANs 23-22
removing source (monitored) ports 23-21
specifying monitored ports 23-17
source ports 23-4
transmitted traffic 23-4
VLAN-based 23-6
RSTP
active topology, determining 16-6
BPDU
format 16-9
processing 16-10
designated port, defined 16-6
designated switch, defined 16-6
RSTP (continued)interoperability with 802.1D
described 16-5
restarting migration process 16-22
topology changes 16-10
overview 16-6
port roles
described 16-6
synchronized 16-8
proposal-agreement handshake process 16-7
rapid convergence
described 16-7
edge ports and Port Fast 16-7
point-to-point links 16-7, 16-22
root ports 16-7
root port, defined 16-6
running configuration, saving 3-11
S
scheduled reloads 3-16
SDM
configuring 6-30
described 6-27
templates
number of 6-27
resources used for Fast Ethernet switches 6-29
resources used for Gigabit Ethernet switches 6-28
sdm prefer extended-match command 30-63
secure HTTP client
configuring 7-47
displaying 7-47
secure HTTP server
configuring 7-45
displaying 7-47
secure ports, configuring 20-7
secure remote connections 7-38
Secure Shell
Secure Socket Layer
security, port 20-7
security features 1-5
sequence numbers in log messages 25-8
server mode, VTP 12-3
service-provider networks
and 802.1Q tunneling 14-1
and customer VLANs 14-2
Layer 2 protocols across 14-7
Layer 2 protocol tunneling for EtherChannels 14-9
MSTP and RSTP 16-1
set-request operation 26-4
setup program, failed command switch replacement 36-7, 36-9
severity levels, defining in system messages 25-8
show access-lists hw-summary command 27-7
show cdp traffic command 21-5
show cluster members command 5-3
show configuration command 9-19
show fm command 27-42
show forward command 36-19
show interfaces command 9-17, 9-19
show l2protocol command 14-12, 14-14, 14-15
show mac access-group command 27-28
show running-config command
displaying ACLs 27-20, 27-21, 27-30, 27-33
interface description in 9-19
show tcam command 27-42
shutdown command on interfaces 9-23
shutdown threshold for Layer 2 protocol packets 14-10
Simple Network Management Protocol
Smartports macros
applying Cisco-default macros 10-6
applying global parameter values 10-5, 10-6
applying macros 10-5
applying parameter values 10-5, 10-7
configuration guidelines 10-3
creating 10-4
default configuration 10-2
defined 10-1
displaying 10-8
tracing 10-3
website 10-2
SNAP 21-1
SNMP
accessing MIB variables with 26-4
agent
described 26-4
disabling 26-7
community strings
configuring 26-7
for cluster switches 26-4
overview 26-4
configuration examples 26-16
default configuration 26-6
groups 26-9
in-band management 1-3
informs
and trap keyword 26-11
described 26-5
differences from traps 26-5
enabling 26-14
limiting access by TFTP servers 26-15
limiting system log messages to NMS 25-10
managing clusters with 5-4
MIBs
location of A-2
supported A-1
notifications 26-5
SNMP (continued)status, displaying 26-17
system contact and location 26-15
trap manager, configuring 26-13, 26-14
traps
differences from informs 26-5
enabling MAC address notification 6-23
types of 26-11
users 26-9
versions supported 26-2
snooping, IGMP 19-2
software images
location in flash B-19
recovery procedures 36-2
scheduling reloads 3-16
tar file format, described B-19
See also downloading and uploading
source addresses, in ACLs 27-12
SPAN
configuration guidelines 23-8
default configuration 23-8
destination ports 23-5
displaying status 23-24
IDS 23-2
interaction with other features 23-6
monitored ports 23-4
monitoring ports 23-5
ports, restrictions 20-10
received traffic 23-3
session limits 23-8
SPAN (continued)sessions
creating 23-9
defined 23-3
limiting source traffic to specific VLANs 23-15
monitoring VLANs 23-14
removing destination (monitoring) ports 23-13
removing source (monitored) ports 23-13
specifying monitored ports 23-9
source ports 23-4
transmitted traffic 23-4
VLAN-based 23-6
spanning tree and native VLANs 11-18
Spanning Tree Protocol
speed, configuring on interfaces 9-15
split horizon, RIP 30-22
SSH
configuring 7-39
cryptographic software image 7-37
described 7-38
encryption methods 7-38
user authentication methods, supported 7-38
SSL
configuration guidelines 7-44
configuring a secure HTTP client 7-47
configuring a secure HTTP server 7-45
cryptographic software image 7-41
described 7-41
monitoring 7-47
Stack Membership Discovery Protocol 17-6
standby command switch, requirements 5-2
standby ip command 31-5
standby router 31-1
standby timers, HSRP 31-8
startup configuration
booting
manually 3-12
specific image 3-13
clearing B-18
configuration file
automatically downloading 3-12
specifying the filename 3-12
default boot configuration 3-11
static access ports
assigning to VLAN 11-11
static addresses
static IP routing 1-7
static MAC addressing 1-5
static routes, configuring 30-72
static routing 30-2
static VLAN membership 11-2
statistics
802.1x 8-24
CDP 21-5
interface 9-21
IP multicast routing 33-52
OSPF 30-32
QoS ingress and egress 28-70
RMON group Ethernet 24-5
RMON group history 24-5
SNMP input and output 26-17
VTP 12-16
sticky learning
configuration file 20-8
defined 20-8
disabling 20-8
enabling 20-8
saving addresses 20-8
storm control
configuring 20-3
default configuration 20-3
described 20-1
disabling 20-4
displaying 20-15
thresholds 20-1
STP
accelerating root port selection 17-4
BackboneFast
described 17-9
enabling 17-18
BPDU filtering
described 17-3
enabling 17-15
BPDU guard
described 17-2
enabling 17-15
BPDU message exchange 15-2
configuration guidelines 15-12, 17-13
configuring
forward-delay time 15-22
hello time 15-21
in cascaded stack 15-23
maximum aging time 15-22
path cost 15-18
port priority 15-17
root switch 15-14
secondary root switch 15-16
spanning-tree mode 15-13
switch priority 15-20
counters, clearing 15-24
cross-stack UplinkFast
described 17-5
enabling 17-17
default configuration 15-11
default optional feature configuration 17-13
designated port, defined 15-3
designated switch, defined 15-3
STP (continued)detecting indirect link failures 17-9
disabling 15-14
displaying status 15-24
EtherChannel guard
described 17-11
enabling 17-19
extended system ID
affects on root switch 15-14
affects on the secondary root switch 15-16
overview 15-3
unexpected behavior 15-15
features supported 1-4
inferior BPDU 15-3
instances supported 15-9
interface state, blocking to forwarding 17-2
interface states
blocking 15-5
disabled 15-6
learning 15-6
listening 15-6
overview 15-4
interoperability and compatibility among modes 15-10
Layer 2 protocol tunneling 14-7
limitations with 802.1Q trunks 15-10
load sharing
overview 11-23
using path costs 11-25
using port priorities 11-24
loop guard
described 17-12
enabling 17-20
modes supported 15-9
multicast addresses, affect of 15-8
optional features supported 1-4
overview 15-2
STP (continued)Port Fast
described 17-2
enabling 17-14
port priorities 11-24
preventing root switch selection 17-11
protocols supported 15-9
redundant connectivity 15-7
root guard
described 17-11
enabling 17-19
root port, defined 15-3
root switch
affects of extended system ID 15-3, 15-14
configuring 15-14
election 15-3
unexpected behavior 15-15
settings in a cascaded stack 15-23
shutdown Port Fast-enabled port 17-2
superior BPDU 15-3
timers, described 15-20
UplinkFast
described 17-3
enabling 17-16
VLAN-bridge 15-10
stratum, NTP 6-2
stub areas, OSPF 30-28
subnet mask 30-5
subnet zero 30-6
summer time 6-13
SunNet Manager 1-9
supernet 30-7
SVIs
and IP unicast routing 30-3
and router ACLs 27-3
connecting VLANs 9-8
defined 9-4
routing between VLANs 11-2
switch console port 1-3
switched packets, ACLs on 27-37
switched ports 9-2
switchport block multicast command 20-6
switchport block unicast command 20-6
switchport command 9-14
switchport mode dot1q-tunnel command 14-6
switchport protected command 20-5
switch priority
MSTP 16-19
STP 15-20
switch software features 1-1
switch virtual interfaces
synchronization, BGP 30-43
syslog
system clock
configuring
daylight saving time 6-13
manually 6-11
summer time 6-13
time zones 6-12
displaying the time and date 6-12
overview 6-1
System Database Management
system message logging
default configuration 25-3
defining error message severity levels 25-8
disabling 25-4
displaying the configuration 25-12
enabling 25-4
facility keywords, described 25-12
level keywords, described 25-9
limiting messages 25-10
system message logging (continued)message format 25-2
overview 25-1
sequence numbers, enabling and disabling 25-8
setting the display destination device 25-4
synchronizing log messages 25-6
syslog facility 1-7
timestamps, enabling and disabling 25-7
UNIX syslog servers
configuring the daemon 25-11
configuring the logging facility 25-11
facilities supported 25-12
system MTU
802.1Q tunneling 14-5
maximums 14-5
system name
default configuration 6-15
default setting 6-15
manual configuration 6-15
system prompt
default setting 6-15
manual configuration 6-16
system resource templates 6-27
T
TACACS+
accounting, defined 7-11
authentication, defined 7-11
authorization, defined 7-11
configuring
accounting 7-17
authentication key 7-13
authorization 7-16
login authentication 7-14
default configuration 7-13
displaying the configuration 7-17
identifying the server 7-13
TACACS+ (continued)limiting the services to the user 7-16
operation of 7-12
overview 7-10
tracking services accessed by user 7-17
tagged packets
802.1Q 14-3
Layer 2 protocol 14-7
tail drop
described 28-13
support for 1-6
tar files
creating B-5
displaying the contents of B-6
extracting B-7
image file format B-19
TCAMs
ACL regions 27-46
ACLs not loading in 27-44
allocations, monitoring 27-47
monitoring usage 27-46
Telnet
accessing management interfaces 2-9
number of connections 1-3
setting a password 7-6
templates, system resources 6-27
temporary self-signed certificate 7-42
Terminal Access Controller Access Control System Plus
terminal lines, setting a password 7-6
ternary content addressable memory
TFTP
configuration files
downloading B-10
preparing the server B-10
uploading B-11
configuration files in base directory 3-6
configuring for autoconfiguration 3-6
TFTP (continued)image files
deleting B-22
downloading B-21
preparing the server B-20
uploading B-22
limiting access by servers 26-15
TFTP server 1-3
threshold, traffic level 20-2
time
time-range command 27-17
time ranges in ACLs 27-17
timestamps in log messages 25-7
time zones 6-12
Token Ring VLANs
support for 11-5
VTP support 12-4
TOS 1-6
traceroute, Layer 2
and ARP 36-15
and CDP 36-15
described 36-14
IP addresses and subnets 36-15
MAC addresses and VLANs 36-15
multicast traffic 36-15
multiple devices on a port 36-15
unicast traffic 36-14
usage guidelines 36-15
traceroute command 36-13
traffic
blocking flooded 20-6
fragmented 27-5
unfragmented 27-5
traffic policing 1-6
traffic suppression 20-1
transparent mode, VTP 12-3, 12-12
trap-door mechanism 3-2
traps
configuring MAC address notification 6-23
configuring managers 26-11, 26-14
defined 26-3
notification types 26-11
troubleshooting
connectivity problems 36-11
detecting unidirectional links 22-1
determining packet disposition 36-19
displaying crash information 36-21
GBIC security and identification 36-11
PIMv1 and PIMv2 interoperability problems 33-22
PoE ports 36-16
show forward command 36-19
with CiscoWorks 26-4
with debug commands 36-17
with ping 36-11
with system message logging 25-1
with traceroute 36-13
trunking encapsulation 1-4
trunk ports
configuring 11-20
encapsulation 11-20, 11-25, 11-26
trunks
allowed-VLAN list 11-21
configuring 11-20, 11-25, 11-26
ISL 11-16
load sharing
setting STP path costs 11-25
using STP port priorities 11-24
native VLAN for untagged traffic 11-23
parallel 11-25
pruning-eligible list 11-22
to non-DTP device 11-16
VLAN 1 minimization 11-21
trusted boundary for QoS 28-33
trustpoints, CA 7-42
tunneling
802.1Q 14-1
defined 14-1
Layer 2 protocol 14-7
tunnel ports
802.1Q, configuring 14-6
802.1Q and ACLs 27-3
defined 11-3
incompatibilities with other features 14-5
twisted-pair Ethernet, detecting unidirectional links 22-1
type of service
U
UDLD
default configuration 22-4
echoing detection mechanism 22-3
enabling
globally 22-5
per interface 22-5
Layer 2 protocol tunneling 14-9
link-detection mechanism 22-1
neighbor database 22-2
overview 22-1
resetting an interface 22-6
status, displaying 22-7
support for 1-3
UDP, configuring 30-15
unauthorized ports with 802.1x 8-4
unicast MAC address filtering
and adding static addresses 6-26
and broadcast MAC addresses 6-26
and CPU packets 6-26
and multicast addresses 6-26
and router MAC addresses 6-26
unicast MAC address filtering (continued)configuration guidelines 6-26
described 6-26
unicast storm control
unicast storm control command 20-4
unicast traffic, blocking 20-6
UniDirectional Link Detection protocol
UNIX syslog servers
daemon configuration 25-11
facilities supported 25-12
message logging configuration 25-11
unrecognized Type-Length-Value (TLV) support 12-4
upgrading software images
UplinkFast
described 17-3
enabling 17-16
support for 1-4
uploading
configuration files
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-11
image files
reasons for B-18
using FTP B-26
using RCP B-30
using TFTP B-22
User Datagram Protocol
user EXEC mode 2-2
username-based authentication 7-7
V
version-dependent transparent mode 12-4
Virtual Private Network
vlan.dat file 11-4
VLAN 1 minimization, support for 1-4
VLAN ACLs
VLAN configuration
at bootup 11-7
saving 11-7
VLAN configuration mode 2-2, 11-6
VLAN database
and startup configuration file 11-7
and VTP 12-1
VLAN configuration saved in 11-7
VLANs saved in 11-4
vlan database command 11-6
vlan dot1q tag native command 14-4
vlan global configuration command 11-6
VLAN ID, discovering 6-30
VLAN management domain 12-2
VLAN Management Policy Server
VLAN map entries, order of 27-30
VLAN maps
applying 27-33
common uses for 27-33
configuration example 27-34
configuration guidelines 27-30
configuring 27-29
creating 27-30
defined 27-2
denying access example 27-35
denying and permitting packets 27-31
displaying 27-41
examples 27-35
VLAN maps (continued)support for 1-5
usage 27-4
VLAN membership
confirming 11-31
modes 11-3
VLAN Query Protocol
VLANs
adding 11-8
adding to VLAN database 11-8
aging dynamic addresses 15-8
allowed on trunk 11-21
and spanning-tree instances 11-2, 11-6, 11-12
configuration guidelines, normal-range VLANs 11-5
configuration options 11-6
configuring 11-1
configuring IDs 1006 to 4094 11-12
connecting through SVIs 9-8
creating in config-vlan mode 11-8
creating in VLAN configuration mode 11-9
customer numbering in service-provider networks 14-3
default configuration 11-7
deleting 11-10
displaying 11-15
features 1-4
illustrated 11-2
internal 11-13
limiting source traffic with RSPAN 23-23
limiting source traffic with SPAN 23-15
modifying 11-8
monitoring with RSPAN 23-22
monitoring with SPAN 23-14
native, configuring 11-23
number supported 1-4
parameters 11-4
VLANs (continued)port membership modes 11-3
static-access ports 11-11
STP and 802.1Q trunks 15-10
supported 11-2
Token Ring 11-5
traffic between 11-2
trunks, VLAN 1 minimization 11-21
VTP modes 12-3
VLAN Trunking Protocol
VLAN trunks 11-16
VMPS
administering 11-32
configuration example 11-33
configuration guidelines 11-29
default configuration 11-29
description 11-27
dynamic port membership
described 11-28
reconfirming 11-31
troubleshooting 11-33
entering server address 11-30
mapping MAC addresses to VLANs 11-27
monitoring 11-32
reconfirmation interval, changing 11-31
reconfirming membership 11-31
retry count, changing 11-32
voice VLAN
Cisco 7960 phone, port connections 13-1
configuration guidelines 13-3
configuring IP phones for data traffic
override CoS of incoming frame 13-5
trust CoS priority of incoming frame 13-6
configuring ports for voice traffic in
802.1p priority tagged frames 13-4
802.1Q frames 13-4
connecting to an IP phone 13-3
voice VLAN (continued)default configuration 13-2
described 13-1
displaying 13-6
VPN
configuring routing in 30-64
forwarding 30-62
in service provider networks 30-59
routes 30-60
VPN routing and forwarding table
VRF
defining 30-62
tables 30-59
VTP
adding a client to a domain 12-14
and extended-range VLANs 12-1
and normal-range VLANs 12-1
client mode, configuring 12-11
configuration
global configuration mode 12-7
guidelines 12-8
privileged EXEC mode 12-7
requirements 12-9
saving 12-7
VLAN configuration mode 12-7
configuration mode options 12-7
configuration requirements 12-9
configuration revision number
guideline 12-14
resetting 12-15
configuring
client mode 12-11
server mode 12-9
transparent mode 12-12
consistency checks 12-4
default configuration 12-6
VTP (continued)described 12-1
disabling 12-12
domain names 12-8
domains 12-2
Layer 2 protocol tunneling 14-7
modes
transitions 12-3
monitoring 12-16
passwords 12-8
pruning
disabling 12-14
enabling 12-14
examples 12-5
overview 12-4
support for 1-4
pruning-eligible list, changing 11-22
server mode, configuring 12-9
statistics 12-16
support for 1-4
Token Ring support 12-4
transparent mode, configuring 12-12
using 12-1
version, guidelines 12-8
version 1 12-4
version 2
configuration guidelines 12-8
disabling 12-13
enabling 12-13
overview 12-4
W
WCCP
authentication 32-4
configuration guidelines 32-5
default configuration 32-5
described 32-2
displaying 32-9
enabling 32-6
features unsupported 32-4
forwarding method 32-3
Layer-2 header rewrite 32-3
MD5 security 32-4
message exchange 32-3
monitoring and maintaining 32-9
negotiation 32-3
packet redirection 32-4
packet-return method 32-3
redirecting traffic received from a client 32-6
setting the password 32-6
unsupported WCCPv2 features 32-4
Web Cache Communication Protocol
Weighted Random Early Detection
Weighted Round Robin
weighted round robin, described 28-4
wizards 1-9
X
Xmodem protocol 36-2