-
Catalyst 3550 Multilayer Switch Software Configuration Guide, Rel. 12.2(44)SE
-
Index
-
Preface
-
Overview
-
Using the Command-Line Interface
-
Assigning the Switch IP Address and Default Gateway
-
Configuring Cisco IOS CNS Agents
-
Clustering Switches
-
Administering the Switch
-
Configuring Switch-Based Authentication
-
Configuring IEEE 802.1x Port-Based Authentication
-
Configuring Interface Characteristics
-
Configuring Smartports Macros
-
Configuring VLANs
-
Configuring VTP
-
Configuring Voice VLAN
-
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
-
Configuring STP
-
Configuring MSTP
-
Configuring Optional Spanning-Tree Features
-
Configuring DHCP Features and IP Source Guard
-
Configuring Dynamic ARP Inspection
-
Configuring IGMP Snooping and MVR
-
Configuring Port-Based Traffic Control
-
Configuring CDP
-
Configuring UDLD
-
Configuring SPAN and RSPAN
-
Configuring RMON
-
Configuring System Message Logging
-
Configuring SNMP
-
Configuring Network Security with ACLs
-
Configuring QoS
-
Configuring EtherChannels
-
Configuring IP Unicast Routing
-
Configuring HSRP
-
Configuring Cisco IOS IP SLAs Operations
-
Configuring Web Cache Services By Using WCCP
-
Configuring IP Multicast Routing
-
Configuring MSDP
-
Configuring Fallback Bridging
-
Supported MIBs
-
Troubleshooting
-
Working with the Cisco IOS File System, Configuration Files, and Software Images
-
Unsupported Commands in Cisco IOS Release 12.2(44)SE
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
Numerics
144-bit Layer 3 TCAM 6-26, 31-65
A
AAA down policy, NAC Layer 2 IP validation 1-6
abbreviating commands 2-4
ABRs 31-24
AC (command switch) 5-10
access-class command 29-22
access control entries
access-denied response, VMPS 11-27
access groups
IP 29-22
Layer 3 29-22
accessing
clusters, switch 5-13
command switches 5-11
member switches 5-13
switch clusters 5-13
access lists
access ports
and Layer 2 protocol tunneling 14-10
defined 9-2
in switch clusters 5-9
accounting
with RADIUS 7-28
ACEs
and QoS 28-7
defined 29-2
Ethernet 29-2
IP 29-2
ACLs
ACEs 29-2
and logging 29-7
any keyword 29-14
applying
on bridged packets 29-38
on multicast packets 29-40
on routed packets 29-39
on switched packets 29-38
time ranges to 29-18
to Layer 2 and Layer 3 interfaces 29-22
to QoS 28-7
classifying traffic for QoS 28-36
comments in 29-20
compatibility on the same switch 29-2
compiling 29-23
configuration conflict examples 29-44
configuring with VLAN maps 29-37
defined 29-1
examples, not fitting in hardware 29-45
extended IP
configuring for QoS classification 28-37
creating 29-11
matching criteria 29-8
feature manager 29-42
hardware and software handling 29-6
hardware support for 29-6
host keyword 29-14
input router ACL configuration guidelines 29-7
IP
applying to interface 29-21
creating 29-8
defined 29-8
fragments and QoS guidelines 28-28
implicit deny 29-10, 29-16, 29-18
implicit masks 29-10
matching criteria 29-8
matching criteria for port ACLs 29-4
matching criteria for router ACLs 29-3
named 29-16
options and QoS guidelines 28-28
undefined 29-23
violations, logging 29-18
virtual terminal lines, setting on 29-21
limiting actions 29-37
logging messages 29-11
log keyword 29-18
merge failure examples 29-46
monitoring 29-41
named 29-16
not fitting in hardware 29-44
number per QoS class map 28-28
numbers 29-9
policy maps and QoS classification 28-28
port
and voice VLAN 29-4
defined 29-2
limitations 29-4
preventing excessive TCAM usage 29-7
resequencing entries 29-16
router 29-2
standard IP
configuring for QoS classification 28-36
creating 29-10
matching criteria 29-8
support for 1-5
time ranges 29-18
undefined 29-30
unsupported features 29-8
using router ACLs with VLAN maps 29-36
VLAN maps
configuration guidelines 29-31
configuring 29-30
defined 29-4
active links 18-2
active router 32-1
active traffic monitoring, IP SLAs 1-1
addresses
displaying the MAC address table 6-26
dynamic
accelerated aging 15-8
changing the aging time 6-21
default aging 15-8
defined 6-19
learning 6-20
preventing frame forwarding 5-5
removing 6-21
filtering frames by MAC address 5-6
MAC, discovering 6-29
multicast
STP address management 15-8
static
adding and removing 6-23
defined 6-19
Address Resolution Protocol
adjacency tables, with CEF 31-72
administrative distances
defined 31-82
OSPF 31-30
routing protocol defaults 31-74
advertisements
CDP 22-1
RIP 31-19
aggregate addresses, BGP 31-57
aggregated ports
aggregate policers 28-50
aggregate policing 1-7
aging, accelerating 15-8
aging time
accelerated
for MSTP 16-23
bridge table for fallback bridging 5-5
MAC address table 6-21
maximum
alarms, RMON 25-3
allowed-VLAN list 11-21
area border routers
ARP
configuring 31-9
defined 31-8
encapsulation 31-10
static cache configuration 31-9
support for 1-3
ARP table
address resolution 6-29
managing 6-29
ASBRs 31-24
AS-path filters, BGP 31-51
asymmetrical links, and IEEE 802.1Q tunneling 14-4
attributes, RADIUS
vendor-proprietary 7-31
vendor-specific 7-29
authentication
EIGRP 31-39
HSRP 32-8
local mode with AAA 7-36
NTP associations 6-4
RADIUS
defined 7-18
key 7-21
login 7-23
TACACS+
defined 7-11
key 7-13
login 7-14
See also port-based authentication
authentication failed VLAN
authentication keys, and routing protocols 31-83
authoritative time source, described 6-2
authorization
with RADIUS 7-27
authorized ports with IEEE 802.1x 8-7
autoconfiguration 3-3
automatic discovery
considerations
beyond a noncandidate device 5-7
brand new switches 5-9
connectivity 5-4
different VLANs 5-6
management VLANs 5-7
non-CDP-capable devices 5-6
noncluster-capable devices 5-6
routed ports 5-8
in switch clusters 5-4
automatic QoS
automatic recovery, clusters 5-10
autonegotiation
duplex mode 1-2
interface configuration guidelines 9-15
mismatches 6-10
autonomous system boundary routers
autonomous systems, in BGP 31-45
Auto-RP, described 3-5
autosensing, port speed 1-2
auxiliary VLAN
B
BackboneFast
described 17-9
enabling 17-19
support for 1-4
backup interfaces
backup links 18-2
bandwidth for QoS
allocating 28-64
described 28-13
banners
configuring
login 6-18
message-of-the-day login 6-18
default configuration 6-17
when displayed 6-17
BGP
aggregate addresses 31-57
aggregate routes, configuring 31-57
CIDR 31-57
clear commands 31-60
community filtering 31-54
configuring neighbors 31-55
default configuration 31-42
described 31-42
enabling 31-45
monitoring 31-60
multipath support 31-49
neighbors, types of 31-45
path selection 31-49
peers, configuring 31-55
prefix filtering 31-53
resetting sessions 31-48
route dampening 31-59
route maps 31-51
route reflectors 31-58
routing domain confederation 31-58
routing session with multi-VRF CE 31-67
show commands 31-60
supernets 31-57
support for 1-7
Version 4 31-42
binding cluster group and HSRP group 32-10
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
binding database, DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 18-7
DHCP snooping database 18-7
IP source guard 18-18
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 21-6
booting
boot loader, function of 3-2
boot process 3-1
manually 3-12
specific image 3-13
boot loader
accessing 3-13
described 3-2
environment variables 3-13
prompt 3-13
trap-door mechanism 3-2
bootstrap router (BSR), described 3-5
Border Gateway Protocol
BPDU
error-disabled state 17-2
filtering 17-3
RSTP format 16-12
BPDU filtering
described 17-3
enabling 17-16
support for 1-4
BPDU guard
described 17-2
enabling 17-15
support for 1-4
bridged packets, ACLs on 29-38
bridge groups
bridge protocol data unit
broadcast flooding 31-16
broadcast packets
directed 31-13
flooded 31-13
broadcast storm control
broadcast storm-control command 21-4
broadcast storms 31-13
C
cables, monitoring for unidirectional links 23-1
cache engines, redirecting traffic to 2-1
CAMs, ACLs not loading in 29-45
candidate switch
automatic discovery 5-4
defined 5-3
requirements 5-3
See also command switch, cluster standby group, and member switch
CA trustpoint
configuring 7-44
defined 7-42
CDP
and trusted boundary 28-33
automatic discovery in switch clusters 5-4
configuring 22-2
default configuration 22-2
described 22-1
disabling for routing device 22-3, 22-4
enabling and disabling
on an interface 22-4
on a switch 22-3
Layer 2 protocol tunneling 14-7
monitoring 22-4
overview 22-1
power negotiation extensions 9-6
support for 1-3
transmission timer and holdtime, setting 22-2
updates 22-2
CEF 31-72
CGMP
as IGMP snooping learning method 20-8
clearing cached group entries 3-51
enabling se
rver support 3-32
joining multicast group 20-3
overview 3-8
server support only 3-8
switch support of 1-2
CIDR 31-57
CipherSuites 7-43
Cisco Discovery Protocol
Cisco Express Forwarding
Cisco Group Management Protocol
Cisco Intelligence Engine 2100 Series Configuration Registrar
Cisco intelligent power management 9-6
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
Cisco IOS IP SLAs 1-1
Cisco Network Assistant
classless interdomain routing
classless routing 31-7
class maps for QoS
configuring per physical port 28-40
configuring per-port per-VLAN 28-41
described 28-7
displaying 28-69
class of service
clearing interfaces 9-22
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-9
editing features
enabling and disabling 2-7
keystroke editing 2-7
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
no and default forms of commands 2-4
client mode, VTP 12-3
clock
clusters, switch
accessing 5-13
automatic discovery 5-4
automatic recovery 5-10
benefits 1-10
compatibility 5-4
described 5-1
managing
through SNMP 5-15
planning 5-4
planning considerations
automatic discovery 5-4
automatic recovery 5-10
host names 5-13
IP addresses 5-13
passwords 5-13
RADIUS 5-14
TACACS+ 5-14
cluster standby group
and HSRP group 32-10
automatic recovery 5-12
considerations 5-11
defined 5-2
requirements 5-3
virtual IP address 5-11
CNS
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-7
for upgrading 4-14
Coarse Wave Division Multiplexer GBIC modules
command-line interface
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
setting privilege levels 7-8
command switch
accessing 5-11
active (AC) 5-10
configuration conflicts 6-10
defined 5-2
passive (PC) 5-10
password privilege levels 5-14
priority 5-10
recovery
from command-switch failure 5-10
from failure 6-6
from lost member connectivity 6-10
redundant 5-10
replacing
with another switch 6-8
with cluster member 6-7
requirements 5-3
standby (SC) 5-10
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 31-54
community strings
for cluster switches 27-4
in clusters 5-14
overview 27-4
SNMP 5-14
config.text 3-11
configurable leave timer, IGMP 20-5
configuration conflicts
ACL, displaying 29-43
recovering from lost member connectivity 6-10
configuration examples, network 1-10
configuration files
clearing the startup configuration B-18
creating using a text editor B-9
default name 3-11
deleting a stored configuration B-18
described B-7
downloading
automatically 3-11
reasons for B-8
using FTP B-13
using RCP B-16
using TFTP B-10
guidelines for creating and using B-8
invalid combinations when copying B-5
limiting TFTP server access 27-16
obtaining with DHCP 3-7
password recovery disable considerations 7-5
specifying the filename 3-11
system contact and location information 27-15
types and location B-9
uploading
reasons for B-8
using FTP B-14
using RCP B-17
using TFTP B-11
VMPS database 11-28
configuration guidelines, multi-VRF CE 31-64
configuration logging 2-5
configuration settings, saving 3-10
configure terminal command 9-9
Configuring a Restricted VLAN 8-33
configuring PoE 9-16
conflicts, configuration 6-10
congestion-avoidance techniques 28-12
congestion-management techniques 28-12, 28-15
connections, secure remote 7-38
connectivity problems 6-11
consistency checks in VTP version 2 12-4
console port, connecting to 2-10
content-routing technology
control protocol, IP SLAs 1-3
CoS
in Layer 2 frames 28-2
override priority 13-5
trust priority 13-5
CoS-to-DSCP map for QoS 28-52
CoS-to-egress-queue map 28-59
counters, clearing interface 9-22
CPU q, in show forward command output 6-20
crashinfo file 6-20
critical authentication, IEEE 802.1x 8-34
cross-stack UplinkFast, STP
connecting stack ports 17-8
described 17-5
enabling 17-18
fast-convergence events 17-7
Fast Uplink Transition Protocol 17-6
limitations 17-8
normal-convergence events 17-7
Stack Membership Discovery Protocol 17-6
support for 1-4
cryptographic software image
Kerberos 7-32
SSL 7-41
customer edge devices 31-62
CWDM GBIC modules, network example 1-18
CWDM OADM modules 1-18
D
daylight saving time 6-13
debugging
enabling all system diagnostics 6-17
enabling for a specific feature 6-17
redirecting error message output 6-18
using commands 6-16
default commands 2-4
default configuration
auto-QoS 28-17
banners 6-17
BGP 31-42
booting 3-11
CDP 22-2
DHCP 18-9
DHCP option 82 18-9
DHCP snooping 18-9
DHCP snooping binding database 18-9
DNS 6-16
dynamic ARP inspection 19-5
EIGRP 31-35
EtherChannel 30-8
fallback bridging 5-3
Flex Links 18-5
HSRP 32-4
IEEE 802.1Q tunneling 14-4
IEEE 802.1x 8-20
IGMP 3-27
IGMP filtering 20-22
IGMP snooping 20-7
IGMP throttling 20-23
initial switch information 3-3
IP addressing, IP routing 31-4
IP multicast routing 3-9
IP SLAs 1-6
IP source guard 18-19
Layer 2 interfaces 9-14
Layer 2 protocol tunneling 14-10
MAC address table 6-20
MAC address-table move update 18-5
MSDP 4-4
MSTP 16-14
multi-VRF CE 31-64
MVR 20-18
NTP 6-4
optional spanning-tree features 17-14
OSPF 31-25
password and privilege level 7-2
port security 21-9
RADIUS 7-20
RIP 31-19
RMON 25-3
RSPAN 24-8
SNMP 27-6
SPAN 24-8
SSL 7-44
standard QoS 28-26
storm control 21-3
STP 15-11
system message logging 26-3
system name and prompt 6-15
TACACS+ 7-13
UDLD 23-4
VLAN, Layer 2 Ethernet interfaces 11-18
VLANs 11-7
VMPS 11-28
voice VLAN 13-2
VTP 12-6
WCCP 2-4
default networks 31-75
default routes 31-75
default routing 31-2
deleting VLANs 11-10
denial-of-service attack 21-1
description command 9-19
designing your network, examples 1-10
destination addresses, in ACLs 29-13
detecting indirect link failures, STP 17-10
device B-18
device discovery protocol 22-1
device manager
upgrading a switch B-18
DHCP
Cisco IOS server database
configuring 18-17
default configuration 18-9
described 18-7
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-6
relay device 3-6
TFTP server 3-6
example 3-8
lease options
for IP address information 3-5
for receiving the configuration file 3-5
overview 3-3
relationship to BOOTP 3-4
relay support 1-8
support for 1-3
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 18-5
configuration guidelines 18-10
default configuration 18-9
displaying 18-18
enabling
relay agent 18-11
relay agent information option 18-11
forwarding address, specifying 18-13
helper address 18-13
overview 18-3
packet format
circuit ID suboption 18-5
remote ID suboption 18-5
policy for reforwarding 18-12
reforwarding policy 18-12
remote ID suboption 18-5
support for 1-3
validating 18-12
DHCP relay agent 18-11
DHCP server 18-11
DHCP snooping
accepting untrusted packets form edge switch 18-3, 18-15
and private VLANs 18-16
binding database
See DHCP snooping binding database
configuration guidelines 18-10
default configuration 18-9
displaying binding tables 18-18
displaying configuration 18-18
message exchange process 18-4
option 82 data insertion 18-3
trusted interface 18-2
untrusted interface 18-2
untrusted messages 18-2
DHCP snooping binding database
adding bindings 18-17
binding file
format 18-8
bindings 18-7
clearing agent statistics 18-18
configuring 18-17
default configuration 18-9
deleting
binding file 18-18
bindings 18-18
database agent 18-18
displaying 18-18
status and statistics 18-18
enabling 18-17
entries 18-2
entry 18-7
renewing database 18-18
resetting
delay value 18-18
timeout value 18-18
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 28-2
Differentiated Services Code Point 28-2
Diffusing Update Algorithm (DUAL) 31-34
directed unicast requests 1-3
directories
changing B-3
creating and removing B-4
displaying the working B-3
discovery, clusters
Distance Vector Multicast Routing Protocol
distance-vector protocols 31-2
distribute-list command 31-82
DNS
and DHCP-based autoconfiguration 3-6
default configuration 6-16
displaying the configuration 6-17
overview 6-15
setting up 6-16
support for 1-3
domain names
DNS 6-15
VTP 12-8
Domain Name System
dot1q-tunnel switchport mode 11-17
double-tagged packets
IEEE 802.1Q tunneling 14-2
Layer 2 protocol tunneling 14-10
downloading
configuration files
reasons for B-8
using FTP B-13
using RCP B-16
using TFTP B-10
image files
deleting old image B-22
reasons for B-18
using CMS 1-2
using FTP B-25
using Network Assistant 1-2
using RCP B-29
using TFTP B-21
using the device manager or Network Assistant B-18
drop threshold for Layer 2 protocol packets 14-10
DSCP-to-CoS map for QoS 28-55
DSCP-to-DSCP-mutation map for QoS 28-57
DSCP-to-threshold map for QoS 28-61
DUAL finite state machine, EIGRP 31-35
duplex mode, configuring 9-15
DVMRP
autosummarization
configuring a summary address 3-48
disabling 3-50
connecting PIM domain to DVMRP router 3-40
enabling unicast routing 3-43
interoperability
with Cisco devices 3-38
with IOS software 3-7
mrinfo requests, responding to 3-43
neighbors
advertising the default route to 3-42
discovery with Probe messages 3-38
displaying information 3-43
prevent peering with nonpruning 3-46
rejecting nonpruning 3-44
overview 3-7
routes
adding a metric offset 3-50
advertising all 3-50
advertising the default route to neighbors 3-42
caching DVMRP routes learned in report messages 3-44
changing the threshold for syslog messages 3-47
deleting 3-51
displaying 3-52
favoring one over another 3-50
limiting the number injected into MBONE 3-47
limiting unicast route advertisements 3-38
routing table 3-8
source distribution tree, building 3-8
support for 1-8
tunnels
configuring 3-40
displaying neighbor information 3-43
dynamic access ports
characteristics 11-3
configuring 11-30
defined 9-3
dynamic addresses
dynamic ARP inspection
ARP cache poisoning 19-1
ARP requests, described 19-1
ARP spoofing attack 19-1
clearing
log buffer 19-15
statistics 19-14
configuration guidelines 19-6
configuring
ACLs for non-DHCP environments 19-8
in DHCP environments 19-7
log buffer 19-12
rate limit for incoming ARP packets 19-4, 19-10
default configuration 19-5
denial-of-service attacks, preventing 19-10
described 19-1
DHCP snooping binding database 19-2
displaying
ARP ACLs 19-14
configuration and operating state 19-14
log buffer 19-15
statistics 19-14
trust state and rate limit 19-14
error-disabled state for exceeding rate limit 19-4
function of 19-2
interface trust states 19-3
log buffer
clearing 19-15
configuring 19-12
displaying 19-15
logging of dropped packets, described 19-4
man-in-the middle attack, described 19-2
network security issues and interface trust states 19-3
priority of ARP ACLs and DHCP snooping entries 19-4
rate limiting of ARP packets
configuring 19-10
described 19-4
error-disabled state 19-4
statistics
clearing 19-14
displaying 19-14
validation checks, performing 19-11
dynamic desirable trunking mode 11-17
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 11-27
reconfirming 11-31
troubleshooting 11-32
types of connections 11-30
VMPS database configuration file 11-28
dynamic routing 31-2
Dynamic Trunking Protocol
E
EBGP 31-41
editing features
enabling and disabling 2-7
keystrokes used 2-7
wrapped lines 2-9
egress q, in show forward command output 6-20
EIGRP
authentication 31-39
components 31-34
configuring 31-37
default configuration 31-35
definition 31-34
interface parameters, configuring 31-38
monitoring 31-40
support for 1-7
enable password 7-3
enable secret password 7-3
encryption, CipherSuite 7-43
encryption for passwords 7-3
Enhanced IGRP
environment variables
function of 3-15
location in Flash 3-13
error messages
during command entry 2-5
setting the display destination device 26-5
severity levels 26-8
system message format 26-2
EtherChannel
automatic creation of 30-3
channel groups
binding physical and logical interfaces 30-3
numbering of 30-3
configuration guidelines 30-8
configuring
Layer 2 interfaces 30-9
Layer 3 physical interfaces 30-13
Layer 3 port-channel logical interfaces 30-12
default configuration 30-8
destination MAC address forwarding 30-6
displaying status 30-18
forwarding methods 30-15
interaction
with STP 30-8
with VLANs 30-9
LACP, support for 1-2
Layer 3 interface 31-3
logical interfaces, described 30-3
number of interfaces per 30-2
overview 30-1
PAgP
aggregate-port learners 30-5
compatibility with Catalyst 1900 30-15
displaying status 30-18
interaction with other features 30-5
learn method and priority configuration 30-15
modes 30-4
overview 30-3
silent mode 30-5
support for 1-2
port-channel interfaces
described 30-3
numbering of 30-3
port groups 9-5
source MAC address forwarding 30-6
support for 1-2
EtherChannel guard
described 17-11
enabling 17-20
Ethernet VLANs
adding 11-8
defaults and ranges 11-8
modifying 11-8
events, RMON 25-3
examples
network configuration 1-10
expedite queue for QoS
10/100 Ethernet ports
allocating bandwidth 28-68
configuring 28-67
described 28-15
Gigabit-capable Ethernet ports
allocating bandwidth 28-64
configuring 28-63
described 28-12
Express Setup
overview 1-1
See also getting started guide
extended-range VLANs
configuration guidelines 11-12
configuring 11-11
defined 11-1
extended system ID
MSTP 16-17
Extensible Authentication Protocol over LAN 8-1
external BGP
external neighbors, BGP 31-45
F
fallback bridging
and protected ports 5-4
bridge groups
creating 5-3
described 5-1
displaying 5-12
function of 5-2
number supported 5-3
removing 5-4
bridge table
changing the aging time 5-5
clearing 5-12
displaying 5-12
configuration guidelines 5-3
connecting interfaces with 9-9
default configuration 5-3
described 5-1
frame forwarding
filtering by MAC address 5-6
flooding packets 5-2
for static addresses 5-5
forwarding packets 5-2
preventing for dynamically learned stations 5-5
to static addresses 5-5
overview 5-1
protocol, unsupported 5-3
STP
disabling on an interface 5-12
forward-delay interval 5-10
hello BPDU interval 5-10
interface priority 5-8
maximum-idle interval 5-11
path cost 5-9
switch priority 5-8
support for 1-8
SVIs and routed ports 5-1
unsupported protocols 5-3
VLAN-bridge STP 15-10
fallback VLAN name 11-28
Fast Uplink Transition Protocol 17-6
feature manager, ACL 29-42
FIB 31-72
fiber-optic, detecting unidirectional links 23-1
files
basic crashinfo
description 6-20
location 6-20
copying B-4
crashinfo
description 6-20
deleting B-5
displaying the contents of B-7
extended crashinfo
description 6-21
location 6-21
tar
creating B-5
displaying the contents of B-6
extracting B-7
image file format B-19
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-4
setting the default B-3
filtering
in a VLAN 29-30
non-IP traffic 29-27
show and more command output 2-10
with fallback bridging 5-6
filters, IP
flash device, number of B-1
Flex Links
configuration guidelines 18-4
default configuration 18-5
description 18-1
monitoring 18-9
flooded traffic, blocking 21-6
flow-based packet classification 1-7
flowcharts
QoS classification 28-6
QoS policing and marking 28-10
QoS queueing and scheduling
10/100 ports 28-15
Gigabit-capable ports 28-12
forward-delay time
MSTP 16-23
Forwarding Information Base
forwarding non-routable protocols 5-1
FTP
accessing MIB files A-3
configuration files
downloading B-13
overview B-12
preparing the server B-12
uploading B-14
image files
deleting old image B-26
downloading B-25
preparing the server B-24
uploading B-26
G
GBIC modules
GBICs
1000BASE-LX/LH module 1-14
1000BASE-SX module 1-14
1000BASE-T module 1-14
1000BASE-ZX module 1-14
CWDM module 1-18
GigaStack module 1-12
security and identification 6-10
get-bulk-request operation 27-3
get-next-request operation 27-3, 27-4
get-request operation 27-3, 27-4
get-response operation 27-3
Gigabit Interface Converters
GigaStack GBIC
fast transition of redundant link 17-5
global configuration mode 2-2
global leave, IGMP 20-12
guide mode 1-10
GUIs
See device manager and Network Assistant 1-9
H
hardware, determining ACL configuration fit 29-44
hello time
MSTP 16-22
STP 15-21
help, for the command line 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 26-10
host names
in clusters 5-13
hosts, limit on dynamic ports 11-32
Hot Standby Router Protocol
HP OpenView 1-9
HSRP
authentication string 32-8
automatic cluster recovery 5-12
binding to cluster group 32-10
cluster standby group considerations 5-11
command-switch redundancy 1-3
default configuration 32-4
definition 32-1
monitoring 32-10
overview 32-1
priority 32-6
routing redundancy 1-7
timers 32-8
tracking 32-7
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
HTTPS 7-42
configuring 7-45
self-signed certificate 7-42
HTTP secure server 7-42
I
IBPG 31-41
ICMP
redirect messages 31-11
support for 1-8
time exceeded messages 6-13
traceroute and 6-13
unreachable messages 29-6
unreachables and ACLs 29-7
ICMP Echo operation
configuring 1-11
IP SLAs 1-10
ICMP ping
executing 6-11
overview 6-11
ICMP Router Discovery Protocol
IDS, using with SPAN and RSPAN 24-2
IE2100
described 1-9
support for 1-2
IEEE 802.1D
IEEE 802.1p 13-1
IEEE 802.1Q
and trunk ports 9-3
configuration limitations 11-18
encapsulation 11-15
native VLAN for untagged traffic 11-22
tunneling
compatibility with other features 14-5
defaults 14-4
described 14-1
tunnel ports and ACLs 29-3
tunnel ports with other features 14-6
IEEE 802.1s
IEEE 802.1w
IEEE 802.1x
IEEE 802.3af
IEEE 802.3x flow control 9-17
ifIndex values, SNMP 27-5
IFS 1-3
IGMP
configurable leave timer, procedures 20-11
configuring the switch
as a member of a group 3-27
statically connected member 3-31
controlling access to groups 3-28
default configuration 3-27
deleting cache entries 3-52
displaying groups 3-52
fast switching 3-31
flooded multicast traffic
controlling the length of time 20-12
disabling on an interface 20-13
global leave 20-12
query solicitation 20-12
recovering from flood mode 20-12
host-query interval, modifying 3-29
joining multicast group 20-3
join messages 20-3
leave processing, enabling 20-10
leaving multicast group 20-4
multicast reachability 3-27
overview 3-2
queries 20-3
report suppression
described 20-5
disabling 20-13
support for 1-2
throttling action 20-22
Version 1
changing to Version 2 3-29
described 3-3
Version 2
changing to Version 1 3-29
described 3-3
maximum query response time value 3-31
pruning groups 3-31
query timeout value 3-30
IGMP configurable leave timer, described 20-5
IGMP filtering
configuring 20-23
default configuration 20-22
described 20-22
monitoring 20-27
IGMP groups
configuring the throttling action 20-25
setting the maximum number 20-25
IGMP profile
applying 20-24
configuration mode 20-23
configuring 20-23
IGMP snooping
configuring 20-6
default configuration 20-7
definition 20-1
enabling and disabling 20-7
global configuration 20-7
Immediate Leave 20-5
method 20-8
monitoring 20-14
support for 1-2
VLAN configuration 20-7
IGMP throttling
configuring 20-25
default configuration 20-23
described 20-22
displaying action 20-27
IGP 31-24
Immediate-Leave, IGMP 20-5
inaccessible authentication bypass 8-13
interface
number 9-9
range macros 9-12
interface command 9-9
interface configuration mode 2-3
interfaces
configuration guidelines 9-15
configuring 9-9
configuring duplex mode 9-15
configuring speed 9-15
counters, clearing 9-22
described 9-19
descriptive name, adding 9-19
displaying information about 9-21
flow control 9-17
management 1-9
monitoring 9-21
naming 9-19
physical, identifying 9-9
range of 9-10
restarting 9-22
shutting down 9-22
supported 9-9
types of 9-1
interfaces range macro command 9-12
Interior Gateway Protocol
internal BGP
internal neighbors, BGP 31-45
Internet Control Message Protocol
Internet Group Management Protocol
Inter-Switch Link
Intrusion Detection System
IOS File System
ip access-group command 29-22
IP ACLs
applying to an interface 29-21
extended, creating 29-11
for QoS classification 28-7
implicit deny 29-10, 29-16, 29-18
implicit masks 29-10
logging 29-18
named 29-16
standard, creating 29-10
undefined 29-23
virtual terminal lines, setting on 29-21
IP addresses
classes of 31-5
cluster access 5-2
command switch 5-3, 5-11, 5-13
default configuration 31-4
discovering 6-29
for IP routing 31-4
MAC address association 31-8
monitoring 31-17
redundant clusters 5-11
standby command switch 5-11, 5-13
IP broadcast address 31-15
ip cef command 31-72
IP directed broadcasts 31-13
ip igmp profile command 20-23
IP information
assigned
manually 3-10
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing
addresses
all-multicast-routers 3-1, 3-3
host group address range 3-1, 3-3
administratively-scoped boundaries, described 3-36
Auto-RP
adding to an existing sparse-mode cloud 3-14
benefits of 3-14
clearing the cache 3-52
configuration guidelines 3-10
filtering incoming RP announcement messages 3-16
overview 3-5
preventing candidate RP spoofing 3-16
preventing join messages to false RPs 3-16
setting up in a new internetwork 3-14
using with BSR 3-22
bootstrap router
configuration guidelines 3-10
configuring candidate BSRs 3-20
configuring candidate RPs 3-21
defining the IP multicast boundary 3-19
defining the PIM domain border 3-18
overview 3-5
using with Auto-RP 3-22
Cisco implementation 3-2
configuring
basic multicast routing 3-10
IP multicast boundary 3-36
TTL threshold 3-34
default configuration 3-9
enabling
multicast forwarding 3-11
PIM mode 3-11
group-to-RP mappings
Auto-RP 3-5
BSR 3-5
MBONE
deleting sdr cache entries 3-52
described 3-33
displaying sdr cache 3-53
enabling sdr listener support 3-34
MBONE
limiting DVMRP routes advertised 3-47
limiting sdr cache entry lifetime 3-34
SAP packets for conference session announcement 3-33
Session Directory (sdr) tool, described 3-33
monitoring
packet rate loss 3-53
peering devices 3-53
tracing a path 3-53
multicast forwarding, described 3-6
PIMv1 and PIMv2 interoperability 3-9
protocol interaction 3-2
reverse path check (RPF) 3-6
routing table
deleting 3-52
displaying 3-52
RP
assigning manually 3-12
configuring Auto-RP 3-14
configuring PIMv2 BSR 3-18
monitoring mapping information 3-23
using Auto-RP and BSR 3-22
statistics, displaying system and network 3-52
TTL thresholds, described 3-34
IP phones
and IEEE 802.1x authentication 8-15
and QoS 13-1
automatic classification and queueing 28-17
configuring 13-3
trusted boundary for QoS 28-32
IP precedence 28-2
IP-precedence-to-DSCP map for QoS 28-53
IP protocols
in ACLs 29-13
routing 1-7
IP routes, monitoring 31-84
IP routing
connecting interfaces with 9-8
enabling 31-18
IP Service Level Agreements
IP service levels, analyzing 1-1
IP SLAs
benefits 1-2
configuration guidelines 1-6
Control Protocol 1-3
default configuration 1-6
definition 1-1
ICMP echo operation 1-10
measuring network performance 1-2
monitoring 1-13
multioperations scheduling 1-5
operation 1-2
responder
described 1-3
enabling 1-7
response time 1-4
scheduling 1-5
SNMP support 1-2
supported metrics 1-2
threshold monitoring 1-5
UDP jitter operation 1-8
IP source guard
and 802.1x 18-20
and DHCP snooping 18-18
and EtherChannels 18-20
and port security 18-20
and private VLANs 18-20
and routed ports 18-20
and TCAM entries 18-20
and trunk interfaces 18-20
and VRF 18-20
binding configuration
automatic 18-18
manual 18-18
binding table 18-18
configuration guidelines 18-20
default configuration 18-19
described 18-18
disabling 18-21
displaying
bindings 18-22
configuration 18-22
enabling 18-20
filtering
source IP address 18-19
source IP and MAC address 18-19
source IP address filtering 18-19
source IP and MAC address filtering 18-19
static bindings
adding 18-20
deleting 18-21
IP traceroute
executing 6-13
overview 6-13
IP unicast routing
address resolution 31-8
administrative distances 31-74, 31-82
ARP 31-8
assigning IP addresses to Layer 3 interfaces 31-6
authentication keys 31-83
broadcast
address 31-15
flooding 31-16
packets 31-13
storms 31-13
classless routing 31-7
configuring static routes 31-74
default
addressing configuration 31-4
gateways 31-11
networks 31-75
routes 31-75
routing 31-2
directed broadcasts 31-13
dynamic routing 31-2
enabling 31-18
EtherChannel Layer 3 interface 31-3
IGP 31-24
inter-VLAN 31-2
IP addressing
classes 31-5
configuring 31-4
IRDP 31-12
Layer 3 interfaces 31-3
MAC address and IP address 31-8
passive interfaces 31-81
protocols
distance-vector 31-2
dynamic 31-2
link-state 31-2
proxy ARP 31-8
redistribution 31-76
reverse address resolution 31-8
routed ports 31-3
static routing 31-2
steps to configure 31-3
subnet mask 31-5
subnet zero 31-6
supernet 31-7
UDP 31-15
with SVIs 31-3
ip unreachables command 29-6
IRDP
configuring 31-12
definition 31-12
support for 1-8
ISL
and trunk ports 9-3
trunking with IEEE 802.1 tunneling 14-4
J
join messages, IGMP 20-3
K
KDC
described 7-32
Kerberos
authenticating to
boundary switch 7-34
KDC 7-34
network services 7-35
configuration examples 7-32
configuring 7-35
credentials 7-32
cryptographic software image 7-32
described 7-32
KDC 7-32
operation 7-34
realm 7-33
server 7-33
switch as trusted third party 7-32
terms 7-33
TGT 7-34
tickets 7-32
key distribution center
L
l2protocol-tunnel command 14-12
LACP
Layer 2 protocol tunneling 14-9
Layer 2 frames, classification with CoS 28-2
Layer 2 interfaces, default configuration 9-14
Layer 2 protocol tunneling
configuring 14-9
configuring for EtherChannels 14-13
default configuration 14-10
defined 14-8
guidelines 14-11
Layer 2 traceroute
and ARP 6-15
and CDP 6-15
described 6-14
IP addresses and subnets 6-15
MAC addresses and VLANs 6-15
multicast traffic 6-15
multiple devices on a port 6-15
unicast traffic 6-14
usage guidelines 6-15
Layer 3 features 1-7
Layer 3 interfaces
assigning IP addresses to 31-6
changing from Layer 2 mode 31-6
types of 31-3
Layer 3 packets, classification methods 28-2
LDAP 4-2
leave processing, IGMP 20-10
Lightweight Directory Access Protocol
line configuration mode 2-3
Link Aggregation Control Protocol
Link Failure
detecting unidirectional 16-7
link redundancy
links, unidirectional 23-1
link state advertisements (LSAs) 31-28
link-state protocols 31-2
logging messages, ACL 29-11
login authentication
with RADIUS 7-23
with TACACS+ 7-14
login banners 6-17
log messages
long-distance, high-bandwidth transport configuration example 1-18
Long-Reach Ethernet (LRE) technology 1-12
loop guard
described 17-13
enabling 17-21
support for 1-4
M
mac access-group command 29-29
MAC ACLs and Layer 2 interfaces 29-29
MAC addresses
aging time 6-21
and VLAN association 6-20
building the address table 6-20
default configuration 6-20
discovering 6-29
displaying 6-26
displaying in DHCP snooping binding table 18-18
displaying in the IP source binding table 18-22
dynamic
learning 6-20
removing 6-21
in ACLs 29-27
IP address association 31-8
static
adding 6-24
allowing 6-25
characteristics of 6-23
dropping 6-25
removing 6-24
sticky secure, adding 21-8
MAC address multicast entries, monitoring 20-15
MAC address-table move update
configuration guidelines 18-5
configuring 18-7
default configuration 18-5
description 18-3
monitoring 18-9
MAC address-to-VLAN mapping 11-27
MAC extended access lists 28-5, 28-39, 29-27
macros
magic packet 8-16
manageability features 1-2
management options
benefits
clustering 1-10
Network Assistant 1-10
CLI 2-1
CNS 4-1
overview 1-9
management VLAN
considerations in switch clusters 5-7
discovery through different management VLANs 5-7
MANs
CWDM configuration example 1-18
long-distance, high-bandwidth transport configuration example 1-18
mapping tables for QoS
configuring
CoS-to-DSCP 28-52
CoS-to-egress-queue 28-59
DSCP 28-52
DSCP-to-CoS 28-55
DSCP-to-DSCP-mutation 28-57
DSCP-to-threshold 28-61
IP-precedence-to-DSCP 28-53
policed-DSCP 28-54
described 28-10
marking
action in policy map 28-44
action with aggregate policers 28-50
matching, ACLs 29-8
maximum aging time
MSTP 16-23
maximum hop count, MSTP 16-24
maximum-paths command 31-49, 31-73
membership mode, VLAN port 11-3
member switch
automatic discovery 5-4
defined 5-2
passwords 5-13
recovering from lost connectivity 6-10
requirements 5-3
See also candidate switch, cluster standby group, and standby command switch
memory, optimizing 6-26
messages
logging ACL violations 29-18
to users through banners 6-17
metrics, in BGP 31-49
metric translations, between routing protocols 31-78
metropolitan-area networks
metro tags 14-2
MIBs
accessing files with FTP A-3
location of files A-3
overview 27-1
SNMP interaction with 27-4
supported A-1
minimum-reserve levels
assigning to a queue 28-15, 28-67
configuring the buffer size 28-15, 28-66
default size 28-15
mini-point-of-presence
mirroring traffic for analysis 24-1
mismatches, autonegotiation 6-10
modules, GBIC
1000BASE-LX/LH 1-14
1000BASE-SX 1-14
1000BASE-T 1-14
1000BASE-ZX 1-14
CWDM 1-18
GigaStack 1-12
monitoring
access groups 29-41
ACL
configuration 29-41
configuration conflicts 29-43
fit in hardware 29-44
information 29-40
BGP 31-60
cables for unidirectional links 23-1
CDP 22-4
CEF 31-73
EIGRP 31-40
fallback bridging 5-12
features 1-8
Flex Links 18-9
HSRP 32-10
IEEE 802.1Q tunneling 14-17
IGMP
filters 20-27
snooping 20-14
interfaces 9-21
IP
address tables 31-17
multicast routing 3-51
routes 31-84
IP SLAs operations 1-13
Layer 2 protocol tunneling 14-17
MAC address-table move update 18-9
MSDP peers 4-17
multicast router ports 20-15
multi-VRF CE 31-71
MVR 20-21
network traffic for analysis with probe 24-1
OSPF 31-33
port blocking 21-17
port protection 21-17
RP mapping information 3-23
source-active messages 4-17
speed and duplex mode 9-16
traffic flowing among switches 25-1
traffic suppression 21-17
tunneling 14-17
VLAN
filters 29-42
maps 29-42
VLANs 11-14
VMPS 11-32
VTP 12-15
MSDP
and dense-mode regions
sending SA messages to 4-16
specifying the originating address 4-17
benefits of 4-3
clearing MSDP connections and statistics 4-18
controlling source information
forwarded by switch 4-11
originated by switch 4-8
received by switch 4-13
default configuration 4-4
filtering
incoming SA messages 4-13
SA messages to a peer 4-12
SA requests from a peer 4-10
join latency, defined 4-6
meshed groups
configuring 4-15
defined 4-15
originating address, changing 4-17
overview 4-1
peer-RPF flooding 4-2
peers
configuring a default 4-4
monitoring 4-17
peering relationship, overview 4-1
requesting source information from 4-8
shutting down 4-15
source-active messages
caching 4-6
clearing cache entries 4-18
defined 4-2
filtering from a peer 4-10
filtering incoming 4-13
filtering to a peer 4-12
limiting data with TTL 4-13
monitoring 4-17
restricting advertised sources 4-9
MSTP
boundary ports
configuration guidelines 16-15
BPDU filtering
described 17-3
enabling 17-16
BPDU guard
described 17-2
enabling 17-15
CIST, described 16-3
configuration guidelines 16-15, 17-14
configuring
forward-delay time 16-23
hello time 16-22
link type for rapid convergence 16-24
maximum aging time 16-23
maximum hop count 16-24
MST region 16-16
neighbor type 16-25
path cost 16-21
port priority 16-20
root switch 16-17
secondary root switch 16-19
switch priority 16-21
CST
defined 16-3
operations between regions 16-3
default configuration 16-14
default optional feature configuration 17-14
described 16-2
displaying status 16-26
enabling the mode 16-16
EtherChannel guard
described 17-11
enabling 17-20
extended system ID
effects on root switch 16-17
effects on secondary root switch 16-19
unexpected behavior 16-18
IEEE 802.1s
implementation 16-6
instances supported 15-9
interface state, blocking to forwarding 17-2
interoperability and compatibility among modes 15-10
interoperability with IEEE 802.1D
described 16-8
restarting migration process 16-26
IST
defined 16-2
master 16-3
operations within a region 16-3
loop guard
described 17-13
enabling 17-21
mapping VLANs to MST instance 16-16
MST region
described 16-2
hop-count mechanism 16-5
supported spanning-tree instances 16-2
optional features supported 1-4
Port Fast
described 17-2
enabling 17-14
preventing root switch selection 17-12
root guard
described 17-12
enabling 17-20
root switch
configuring 16-18
effects of extended system ID 16-17
unexpected behavior 16-18
shutdown Port Fast-enabled port 17-2
multicast groups
and IGMP snooping 20-6
Immediate Leave 20-5
joining 20-3
leaving 20-4
static joins 20-9
multicast packets
ACLs on 29-40
multicast packets, blocking 21-6
multicast router ports
adding 20-9
monitoring 20-15
Multicast Source Discovery Protocol
multicast storm control
multicast storm-control command 21-4
Multicast VLAN Registration
multioperations scheduling, IP SLAs 1-5
Multiple Spanning Tree Protocol
multiple VPN routing/forwarding in customer edge devices
multi-VRF CE
configuration example 31-67
configuration guidelines 31-64
configuring 31-64
default configuration 31-64
defined 31-61
displaying 31-71
monitoring 31-71
network components 31-64
packet-forwarding process 31-63
support for 1-7
MVR
configuring interfaces 20-20
default configuration 20-18
described 20-15
modes 20-19
monitoring 20-21
setting global parameters 20-19
support for 1-2
N
NAC
AAA down policy 1-6
critical authentication 8-13, 8-34
IEEE 802.1x authentication using a RADIUS server 8-38
IEEE 802.1x validation using RADIUS server 8-38
inaccessible authentication bypass 1-6, 8-34
Layer 2 IEEE 802.1x validation 1-6, 8-38
Layer 2 IP validation 1-6
named IP ACLs 29-16
NameSpace Mapper
native VLAN
and IEEE 802.1Q tunneling 14-4
configuring 11-22
default 11-22
neighbor discovery/recovery, EIGRP 31-34
neighbors, BGP 31-55
Network Admission Control
Network Admission Control Software Configuration Guide 8-40, 8-41
Network Assistant
downloading image files 1-2
upgrading a switch B-18
network configuration examples
increasing network performance 1-11
large network 1-15
long-distance, high-bandwidth transport 1-18
providing network services 1-11
small to medium-sized network 1-14
network design
performance 1-11
services 1-11
network management
CDP 22-1
RMON 25-1
SNMP 27-1
network performance, measuring with IP SLAs 1-2
Network Time Protocol
no commands 2-4
non-IP traffic filtering 29-27
nontrunking mode 11-17
normal-range VLANs
configuration modes 11-6
defined 11-1
no switchport command 9-5
not-so-stubby areas
NSM 4-3
NSSA, OSPF 31-28
NTP
associations
authenticating 6-4
defined 6-2
enabling broadcast messages 6-6
peer 6-5
server 6-5
default configuration 6-4
displaying the configuration 6-11
overview 6-2
restricting access
creating an access group 6-8
disabling NTP services per interface 6-10
source IP address, configuring 6-10
stratum 6-2
support for 1-3
synchronizing devices 6-5
time
services 6-2
synchronizing 6-2
O
OADM modules
Open Shortest Path First
optical add/drop multiplexer modules
optimizing system resources 6-26
options, management 1-9
OSPF
area parameters, configuring 31-28
configuring 31-26
default configuration
metrics 31-30
route 31-30
settings 31-25
described 31-24
interface parameters, configuring 31-27
LSA group pacing 31-32
monitoring 31-33
router IDs 31-32
route summarization 31-30
support for 1-7
virtual links 31-30
out-of-profile markdown 1-7
output interface, getting information about 6-20
P
packet modification, with QoS 28-16
PAgP
Layer 2 protocol tunneling 14-9
parallel paths, in routing tables 31-73
passive interfaces
configuring 31-81
OSPF 31-30
pass-through mode 28-34
passwords
default configuration 7-2
disabling recovery of 7-5
encrypting 7-3
for security 1-5
in clusters 5-13
overview 7-1
setting
enable 7-3
enable secret 7-3
Telnet 7-6
with usernames 7-6
VTP domain 12-8
path cost
MSTP 16-21
STP 15-18
PBR
defined 31-79
enabling 31-80
fast-switched policy-based routing 31-80
local policy-based routing 31-80
support for 1-8
PC (passive command switch) 5-10
peers, BGP 31-55
performance, network design 1-11
performance features 1-2
persistent self-signed certificate 7-42
per-VLAN spanning-tree plus
PE to CE routing, configuring 31-67
physical ports 9-2
PIM
default configuration 3-9
dense mode
overview 3-4
rendezvous point (RP), described 3-5
RPF lookups 3-7
displaying neighbors 3-52
enabling a mode 3-11
overview 3-4
router-query message interval, modifying 3-26
shared tree and source tree, overview 3-23
shortest path tree, delaying the use of 3-25
sparse mode
join messages and shared tree 3-5
overview 3-5
prune messages 3-5
RPF lookups 3-7
support for 1-8
versions
interoperability 3-9
troubleshooting interoperability problems 3-23
v2 improvements 3-4
PIM-DVMRP, as snooping method 20-8
ping
character output description 6-12
executing 6-11
overview 6-11
PoE
auto mode 9-7
CDP with power consumption, described 9-6
CDP with power negotiation, described 9-6
Cisco intelligent power management 9-6
configuring 9-16
devices supported 9-5
high-power devices operating in low-power mode 9-6
powered-device detection and initial power allocation 9-6
power management modes 9-7
power negotiation extensions to CDP 9-6
standards supported 9-6
troubleshooting 6-16
policed-DSCP map for QoS 28-54
policers
configuring
for each matched traffic class 28-44
for more than one traffic class 28-50
described 28-4
displaying 28-69
types of 28-8
policing
described 28-4
token bucket algorithm 28-8
policy-based routing
policy maps for QoS
characteristics of 28-44
configuring 28-44
described 28-7
displaying 28-70
POP 1-17
port ACLs
and voice VLAN 29-4
defined 29-2
limitations 29-4
Port Aggregation Protocol
port-based authentication
accounting 8-8
accounting services 1-5
authentication server
defined 8-2
RADIUS server 8-2
client, defined 8-2
configuration guidelines 8-21
configuring
guest VLAN 8-32
host mode 8-27
IEEE 802.1x accounting 8-31
IEEE 802.1x authentication 8-24
inaccessible authentication bypass 8-34
manual re-authentication of a client 8-28
periodic re-authentication 8-27
quiet period 8-28
RADIUS server 8-26
RADIUS server parameters on the switch 8-25
restricted VLAN 8-33
switch-to-client frame-retransmission number 8-30
switch-to-client retransmission time 8-29
default configuration 8-20
described 8-1
device roles 8-2
displaying statistics 8-42
EAPOL-start frame 8-5
EAP-request/identity frame 8-5
EAP-response/identity frame 8-5
enabling
IEEE 802.1x with guest VLAN 8-11
IEEE 802.1x with per-user ACLs 8-10
IEEE 802.1x with port security 8-15
IEEE 802.1x with restricted VLAN 8-13
IEEE 802.1x with VLAN assignment 8-9
IEEE 802.1x with voice VLAN 8-15
encapsulation 8-3
guest VLAN
configuration guidelines 8-12, 8-13
host mode 8-7
inaccessible authentication bypass
configuring 8-34
described 8-13
guidelines 8-23
initiation and message exchange 8-5
magic packet 8-16
method lists 8-24
multiple-hosts mode, described 8-8
per-user ACLs, AAA authorization 8-24
ports
authorization state and dot1x port-control command 8-7
authorized and unauthorized 8-7
critical 8-13
port security, multiple-hosts mode 8-8
resetting to default values 8-42
software upgrade changes 8-23
support for 1-5
switch
as proxy 8-3
RADIUS client 8-3
upgrading from a previous release 28-21
VLAN assignment, AAA authorization 8-24
wake-on-LAN, described 8-16
port-channel
Port Fast
described 17-2
enabling 17-14
mode, spanning tree 11-29
support for 1-4
port membership modes, VLAN 11-3
port priority
MSTP 16-20
STP 15-17
ports
access 9-2
blocking 21-6
dynamic access 11-3
forwarding, resuming 21-7
IEEE 802.1Q tunnel 11-3
protected 21-5
routed 9-4
secure 21-7
switch 9-2
VLAN assignments 11-10
port security
aging 21-15
and QoS trusted boundary 28-32
configuration guidelines 21-10
configuring 21-11
default configuration 21-9
described 21-7
displaying 21-17
on trunk ports 21-12
sticky learning 21-8
violations 21-8
with other features 21-10
port-shutdown response, VMPS 11-27
Power over Ethernet
preemption
default configuration 18-5
preemption delay
default configuration 18-5
preferential treatment of traffic
prefix lists, BGP 31-53
preventing unauthorized access 7-1
primary links 18-2
priority
HSRP 32-6
overriding CoS 13-5
trusting CoS 13-5
private VLAN edge ports
privileged EXEC mode 2-2
privilege levels
changing the default for lines 7-9
command switch 5-14
exiting 7-9
logging into 7-9
mapping on member switches 5-14
setting a command with 7-8
protocol-dependent modules, EIGRP 31-35
Protocol-Independent Multicast Protocol
provider edge devices 31-62
proxy ARP
configuring 31-10
definition 31-8
with IP routing disabled 31-11
pruning, VTP
enabling 12-13
enabling on a port 11-22
examples 12-5
overview 12-4
pruning-eligible list
changing 11-22
for VTP pruning 12-4
VLANs 12-14
PVST+
described 15-9
IEEE 802.1Q trunking interoperability 15-10
instances supported 15-9
Q
QoS
and MQC commands 28-1
auto-QoS
categorizing traffic 28-17
configuration and defaults display 28-23
configuration guidelines 28-21
described 28-17
displaying 28-23
effects on NVRAM configuration 28-20
egress queue defaults 28-18
enabling for VoIP 28-22
generated commands 28-19
basic model 28-4
classification
class maps, described 28-7
defined 28-4
flowchart 28-6
forwarding treatment 28-3
in frames and packets 28-3
MAC ACLs, described 28-5, 28-7
pass-through mode, described 28-34
per physical port 28-40
per-port per-VLAN 28-41
policy maps, described 28-7
port default, described 28-5
trust DSCP, described 28-5
trusted CoS, described 28-5
trust IP precedence, described 28-5
types for IP traffic 28-5
types for non-IP traffic 28-5
class maps
configuring per physical port 28-40
configuring per-port per-VLAN 28-41
displaying 28-69
configuration examples
distribution layer 28-73
existing wiring closet 28-71
intelligent wiring closet 28-72
configuration guidelines
auto-QoS 28-21
standard QoS 28-27
configuring
aggregate policers 28-50
auto-QoS 28-17
default port CoS value 28-32
DSCP maps 28-52
DSCP trust states bordering another domain 28-34
egress queues on 10/100 Ethernet ports 28-65
egress queues on Gigabit-capable Ethernet ports 28-58
IP extended ACLs 28-37
IP standard ACLs 28-36
MAC ACLs 28-39
pass-through mode 28-34
policy maps 28-44
port trust states within the domain 28-30
trusted boundary 28-32
default auto configuration 28-17
default standard configuration 28-26
displaying statistics 28-69
enabling globally 28-29
flowcharts
classification 28-6
policing and marking 28-10
queueing and scheduling 28-12, 28-15
implicit deny 28-7
IP phones
automatic classification and queueing 28-17
detection and trusted settings 28-17, 28-32
mapping tables
CoS-to-DSCP 28-52
CoS-to-egress-queue 28-59
displaying 28-70
DSCP-to-CoS 28-55
DSCP-to-DSCP-mutation 28-57
DSCP-to-threshold 28-61
IP-precedence-to-DSCP 28-53
policed-DSCP 28-54
types of 28-10
marked-down actions 28-47
overview 28-2
packet modification 28-16
pass-through mode 28-34
policers
described 28-8
displaying 28-69
number of 28-9
types of 28-8
policies, attaching to an interface 28-9
policing
token bucket algorithm 28-8
policy maps
characteristics of 28-44
configuring 28-44
displaying 28-70
queueing, defined 28-4
queues
CoS-to-egress-queue map 28-59
for 10/100 Ethernet ports 28-14
high priority (expedite) 28-13, 28-63
minimum-reserve levels 28-66
size ratios 28-59
queues
tail-drop threshold percentages 28-12, 28-60
WRED drop-percentage thresholds 28-12, 28-62
WRR scheduling 28-64
scheduling
allocating bandwidth on 10/100 Ethernet ports 28-68
allocating bandwidth on Gigabit-capable ports 28-64
defined 28-4
support for 1-6
tail drop
configuring drop threshold percentages 28-60
described 28-13
trust states
bordering another domain 28-34
described 28-5
trusted device 28-32
within the domain 28-30
WRED
configuring drop-percentage thresholds 28-62
described 28-13
WRR scheduling 28-64
quality of service
queries, IGMP 20-3
query solicitation, IGMP 20-12
R
RADIUS
attributes
vendor-proprietary 7-31
vendor-specific 7-29
configuring
accounting 7-28
authentication 7-23
authorization 7-27
configuring
communication, global 7-21, 7-29
communication, per-server 7-20, 7-21
multiple UDP ports 7-20
default configuration 7-20
defining AAA server groups 7-25
described 7-18
displaying the configuration 7-31
identifying the server 7-20
in clusters 5-14
limiting the services to the user 7-27
method list, defined 7-19
operation of 7-19
suggested network environments 7-18
tracking services accessed by user 7-28
Random Early Detection, described 28-13
range
macro 9-12
of interfaces 9-10
rapid convergence 16-10
rapid per-VLAN spanning-tree plus
rapid PVST+
described 15-9
IEEE 802.1Q trunking interoperability 15-10
instances supported 15-9
rapid-PVST+ 11-2
Rapid Spanning Tree Protocol
RARP 31-8
RCP
configuration files
downloading B-16
overview B-15
preparing the server B-15
uploading B-17
image files
deleting old image B-31
downloading B-29
preparing the server B-28
uploading B-31
reconfirmation interval, VMPS, changing 11-31
recovery procedures 6-1
redundancy
EtherChannel 30-2
features 1-3
HSRP 32-1
STP
backbone 15-8
multidrop backbone 17-5
path cost 11-25
port priority 11-23
redundant links and UplinkFast 17-17
reliable transport protocol, EIGRP 31-34
reloading software 3-16
Remote Authentication Dial-In User Service
Remote Copy Protocol
Remote Network Monitoring
report suppression, IGMP
described 20-5
disabling 20-13
resequencing ACL entries 29-16
resets, in BGP 31-48
resetting a UDLD-shutdown interface 23-6
responder, IP SLAs
described 1-3
enabling 1-7
response time, measuring with IP SLAs 1-4
restricted VLAN
configuring 8-33
using with port-based authentication 8-13
restricting access
NTP services 6-8
overview 7-1
passwords and privilege levels 7-2
RADIUS 7-17
TACACS+ 7-9
retry count, VMPS, changing 11-31
reverse address resolution 31-8
Reverse Address Resolution Protocol
RFC
1058, RIP 31-19
1112, IP multicast and IGMP 20-2
1157, SNMPv1 27-2
1163, BGP 31-40
1166, IP addresses 31-5
1253, OSPF 31-24
1267, BGP 31-40
1305, NTP 6-2
1587, NSSAs 31-24
1757, RMON 25-2
1771, BGP 31-40
1901, SNMPv2C 27-2
1902 to 1907, SNMPv2 27-2
2236, IP multicast and IGMP 20-2
2273-2275, SNMPv3 27-2
RIP
advertisements 31-19
authentication 31-22
configuring 31-20
default configuration 31-19
described 31-19
hop counts 31-19
split horizon 31-22
summary addresses 31-22
support for 1-7
RMON
default configuration 25-3
displaying status 25-6
enabling alarms and events 25-3
groups supported 25-2
overview 25-1
statistics
collecting group Ethernet 25-5
collecting group history 25-5
support for 1-8
root guard
described 17-12
enabling 17-20
support for 1-4
root switch
MSTP 16-17
STP 15-15
route calculation timers, OSPF 31-30
route dampening, BGP 31-59
routed packets, ACLs on 29-39
routed ports
configuring 31-3
defined 9-4
in switch clusters 5-8
route-map command for policy-based routing 31-80
route maps
BGP 31-51
policy-based routing, defined 31-79
router ACLs 29-2
route reflectors, BGP 31-58
router ID, OSPF 31-32
route selection, BGP 31-49
route summarization, OSPF 31-30
route targets, VPN 31-64
routing
default 31-2
dynamic 31-2
redistribution of information 31-76
static 31-2
routing domain confederation, BGP 31-58
Routing Information Protocol
routing protocol administrative distances 31-74
RSPAN
configuration guidelines 24-16
default configuration 24-8
destination ports 24-5
displaying status 24-24
IDS 24-2
interaction with other features 24-7
monitored ports 24-4
monitoring ports 24-5
received traffic 24-3
reflector port 24-5
session limits 24-8
sessions
creating 24-17
defined 24-3
limiting source traffic to specific VLANs 24-23
monitoring VLANs 24-21
removing source (monitored) ports 24-21
specifying monitored ports 24-17
source ports 24-4
transmitted traffic 24-4
VLAN-based 24-6
RSTP
active topology, determining 16-9
BPDU
format 16-12
processing 16-13
designated port, defined 16-9
designated switch, defined 16-9
interoperability with IEEE 802.1D
described 16-8
restarting migration process 16-26
topology changes 16-13
overview 16-8
port roles
described 16-9
synchronized 16-11
proposal-agreement handshake process 16-10
rapid convergence
described 16-10
edge ports and Port Fast 16-10
point-to-point links 16-10, 16-24
root ports 16-10
root port, defined 16-9
running configuration, saving 3-10
S
SC (standby command switch) 5-10
scheduled reloads 3-16
scheduling, IP SLAs operations 1-5
SDM
configuring 6-29
described 6-26
templates
number of 6-26
resources used for Fast Ethernet switches 6-27
resources used for Gigabit Ethernet switches 6-27
sdm prefer extended-match command 31-65
secure HTTP client
configuring 7-47
displaying 7-48
secure HTTP server
configuring 7-46
displaying 7-48
secure ports, configuring 21-7
secure remote connections 7-38
Secure Shell
Secure Socket Layer
security, port 21-7
security features 1-5
sequence numbers in log messages 26-8
server mode, VTP 12-3
service-provider networks
and customer VLANs 14-2
and IEEE 802.1Q tunneling 14-1
Layer 2 protocols across 14-8
Layer 2 protocol tunneling for EtherChannels 14-9
MSTP and RSTP 16-1
set-request operation 27-4
setup program, failed command switch replacement 6-7, 6-8
severity levels, defining in system messages 26-8
show access-lists hw-summary command 29-7
show cdp traffic command 22-5
show configuration command 9-19
show fm command 29-42
show forward command 6-19
show interfaces command 9-16, 9-19
show l2protocol command 14-12, 14-14, 14-15
show mac access-group command 29-29
show running-config command
displaying ACLs 29-22, 29-32, 29-34
interface description in 9-19
show tcam command 29-43
shutdown command on interfaces 9-22
shutdown threshold for Layer 2 protocol packets 14-10
Simple Network Management Protocol
Smartports macros
applying Cisco-default macros 10-6
applying global parameter values 10-5, 10-6
applying macros 10-4
applying parameter values 10-5, 10-7
configuration guidelines 10-3
creating 10-4
default configuration 10-2
defined 10-1
displaying 10-8
tracing 10-3
website 10-2
SNAP 22-1
SNMP
accessing MIB variables with 27-4
agent
described 27-4
disabling 27-7
and IP SLAs 1-2
community strings
configuring 27-8
for cluster switches 27-4
overview 27-4
configuration examples 27-16
default configuration 27-6
groups 27-9
ifIndex values 27-5
in-band management 1-3
in clusters 5-14
informs
and trap keyword 27-11
described 27-5
differences from traps 27-5
enabling 27-14
limiting access by TFTP servers 27-16
limiting system log messages to NMS 26-10
managing clusters with 5-15
MIBs
location of A-3
supported A-1
notifications 27-5
status, displaying 27-17
system contact and location 27-15
trap manager, configuring 27-13, 27-15
traps
differences from informs 27-5
enabling MAC address notification 6-21
types of 27-11
users 27-9
versions supported 27-2
snooping, IGMP 20-1
software images
location in flash B-19
recovery procedures 6-2
scheduling reloads 3-16
tar file format, described B-19
See also downloading and uploading
source addresses, in ACLs 29-13
SPAN
configuration guidelines 24-9
default configuration 24-8
destination ports 24-5
displaying status 24-24
IDS 24-2
interaction with other features 24-7
monitored ports 24-4
monitoring ports 24-5
ports, restrictions 21-11
received traffic 24-3
session limits 24-8
sessions
creating 24-10
defined 24-3
limiting source traffic to specific VLANs 24-15
monitoring VLANs 24-14
removing destination (monitoring) ports 24-13
removing source (monitored) ports 24-13
specifying monitored ports 24-10
source ports 24-4
transmitted traffic 24-4
VLAN-based 24-6
spanning tree and native VLANs 11-18
Spanning Tree Protocol
speed, configuring on interfaces 9-15
split horizon, RIP 31-22
SSH
configuring 7-39
cryptographic software image 7-37
described 7-38
encryption methods 7-38
user authentication methods, supported 7-38
SSL
configuration guidelines 7-44
configuring a secure HTTP client 7-47
configuring a secure HTTP server 7-45
cryptographic software image 7-41
described 7-41
monitoring 7-48
Stack Membership Discovery Protocol 17-6
standby command switch
considerations 5-11
defined 5-2
priority 5-10
requirements 5-3
virtual IP address 5-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby ip command 32-5
standby links 18-2
standby router 32-1
standby timers, HSRP 32-8
startup configuration
booting
manually 3-12
specific image 3-13
clearing B-18
configuration file
automatically downloading 3-11
specifying the filename 3-11
default boot configuration 3-11
static access ports
assigning to VLAN 11-10
static addresses
static IP routing 1-8
static MAC addressing 1-5
static routes, configuring 31-74
static routing 31-2
static VLAN membership 11-2
statistics
CDP 22-4
IEEE 802.1x 8-42
interface 9-21
IP multicast routing 3-52
OSPF 31-33
QoS ingress and egress 28-69
RMON group Ethernet 25-5
RMON group history 25-5
SNMP input and output 27-17
VTP 12-15
sticky learning
configuration file 21-8
defined 21-8
disabling 21-8
enabling 21-8
saving addresses 21-8
storm control
configuring 21-3
default configuration 21-3
described 21-1
disabling 21-4
displaying 21-17
thresholds 21-1
STP
accelerating root port selection 17-4
BackboneFast
described 17-9
enabling 17-19
BPDU filtering
described 17-3
enabling 17-16
BPDU guard
described 17-2
enabling 17-15
BPDU message exchange 15-3
configuration guidelines 15-12, 17-14
configuring
forward-delay time 15-21
hello time 15-21
in cascaded stack 15-22
maximum aging time 15-22, 15-23
path cost 15-18
port priority 15-17
root switch 15-15
secondary root switch 15-16
spanning-tree mode 15-13
switch priority 15-19
counters, clearing 15-24
cross-stack UplinkFast
described 17-5
enabling 17-18
default configuration 15-11
default optional feature configuration 17-14
designated port, defined 15-3
designated switch, defined 15-3
detecting indirect link failures 17-10
disabling 15-14
displaying status 15-24
EtherChannel guard
described 17-11
enabling 17-20
extended system ID
affects on root switch 15-15
affects on the secondary root switch 15-16
overview 15-4
unexpected behavior 15-15
features supported 1-3
inferior BPDU 15-3
instances supported 15-9
interface state, blocking to forwarding 17-2
interface states
blocking 15-5
disabled 15-7
learning 15-6
listening 15-6
overview 15-4
interoperability and compatibility among modes 15-10
Layer 2 protocol tunneling 14-7
limitations with IEEE 802.1Q trunks 15-10
load sharing
overview 11-23
using path costs 11-25
using port priorities 11-23
loop guard
described 17-13
enabling 17-21
modes supported 15-9
multicast addresses, affect of 15-8
optional features supported 1-4
overview 15-2
Port Fast
described 17-2
enabling 17-14
port priorities 11-24
preventing root switch selection 17-12
protocols supported 15-9
redundant connectivity 15-8
root guard
described 17-12
enabling 17-20
root port, defined 15-3
root switch
affects of extended system ID 15-4, 15-15
configuring 15-15
election 15-3
unexpected behavior 15-15
settings in a cascaded stack 15-22
shutdown Port Fast-enabled port 17-2
superior BPDU 15-3
timers, described 15-20
UplinkFast
described 17-3
enabling 17-17
VLAN-bridge 15-10
stratum, NTP 6-2
stub areas, OSPF 31-28
subnet mask 31-5
subnet zero 31-6
summer time 6-13
SunNet Manager 1-9
supernet 31-7
SVIs
and IP unicast routing 31-3
and router ACLs 29-3
connecting VLANs 9-8
defined 9-4
routing between VLANs 11-2
switch clustering technology 5-1
switch console port 1-3
switched packets, ACLs on 29-38
switched ports 9-2
switchport block multicast command 21-6
switchport block unicast command 21-7
switchport command 9-14
switchport mode dot1q-tunnel command 14-6
switchport protected command 21-6
switch priority
MSTP 16-21
STP 15-19
switch software features 1-1
switch virtual interfaces
synchronization, BGP 31-45
syslog
system clock
configuring
daylight saving time 6-13
manually 6-11
summer time 6-13
time zones 6-12
displaying the time and date 6-12
overview 6-1
System Database Management
system message logging
default configuration 26-3
defining error message severity levels 26-8
disabling 26-4
displaying the configuration 26-12
enabling 26-4
facility keywords, described 26-12
level keywords, described 26-9
limiting messages 26-10
message format 26-2
overview 26-1
sequence numbers, enabling and disabling 26-8
setting the display destination device 26-5
synchronizing log messages 26-6
syslog facility 1-8
timestamps, enabling and disabling 26-7
UNIX syslog servers
configuring the daemon 26-11
configuring the logging facility 26-11
facilities supported 26-12
system MTU
IEEE 802.1Q tunneling 14-5
maximums 14-5
system name
default configuration 6-15
default setting 6-15
manual configuration 6-15
system prompt
system resource templates 6-26
T
TACACS+
accounting, defined 7-11
authentication, defined 7-11
authorization, defined 7-11
configuring
accounting 7-17
authentication key 7-13
authorization 7-16
login authentication 7-14
default configuration 7-13
displaying the configuration 7-17
identifying the server 7-13
in clusters 5-14
limiting the services to the user 7-16
operation of 7-12
overview 7-10
tracking services accessed by user 7-17
tagged packets
IEEE 802.1Q 14-3
Layer 2 protocol 14-7
tail drop
described 28-13
support for 1-7
tar files
creating B-5
displaying the contents of B-6
extracting B-7
image file format B-19
TCAMs
ACL regions 29-47
ACLs not loading in 29-45
allocations, monitoring 29-47
monitoring usage 29-47
Telnet
accessing management interfaces 2-10
number of connections 1-3
setting a password 7-6
templates, system resources 6-26
temporary self-signed certificate 7-42
Terminal Access Controller Access Control System Plus
terminal lines, setting a password 7-6
ternary content addressable memory
TFTP
configuration files
downloading B-10
preparing the server B-10
uploading B-11
configuration files in base directory 3-6
configuring for autoconfiguration 3-6
image files
deleting B-22
downloading B-21
preparing the server B-21
uploading B-23
limiting access by servers 27-16
TFTP server 1-3
threshold, traffic level 21-2
threshold monitoring, IP SLAs 1-5
time
time-range command 29-18
time ranges in ACLs 29-18
timestamps in log messages 26-7
time zones 6-12
Token Ring VLANs
support for 11-5
VTP support 12-4
TOS 1-6
traceroute, Layer 2
and ARP 6-15
and CDP 6-15
described 6-14
IP addresses and subnets 6-15
MAC addresses and VLANs 6-15
multicast traffic 6-15
multiple devices on a port 6-15
unicast traffic 6-14
usage guidelines 6-15
traceroute command 6-13
traffic
blocking flooded 21-6
fragmented 29-5
unfragmented 29-5
traffic policing 1-7
traffic suppression 21-1
transparent mode, VTP 12-3, 12-12
trap-door mechanism 3-2
traps
configuring MAC address notification 6-21
configuring managers 27-11, 27-14
defined 27-3
notification types 27-11
troubleshooting
connectivity problems 6-11
detecting unidirectional links 23-1
determining packet disposition 6-19
displaying crash information 6-20
GBIC security and identification 6-10
PIMv1 and PIMv2 interoperability problems 3-23
PoE ports 6-16
show forward command 6-19
with CiscoWorks 27-4
with debug commands 6-16
with ping 6-11
with system message logging 26-1
with traceroute 6-13
trunking encapsulation 1-4
trunk ports
configuring 11-20
encapsulation 11-20, 11-24, 11-26
trunks
allowed-VLAN list 11-21
configuring 11-20, 11-24, 11-26
ISL 11-15
load sharing
setting STP path costs 11-25
using STP port priorities 11-23, 11-24
native VLAN for untagged traffic 11-22
parallel 11-25
pruning-eligible list 11-22
to non-DTP device 11-16
VLAN 1 minimization 11-21
trusted boundary for QoS 28-32
trustpoints, CA 7-42
tunneling
defined 14-1
IEEE 802.1Q 14-1
Layer 2 protocol 14-8
tunnel ports
defined 11-3
IEEE 802.1Q, configuring 14-6
IEEE 802.1Q and ACLs 29-3
incompatibilities with other features 14-5
twisted-pair Ethernet, detecting unidirectional links 23-1
type of service
U
UDLD
default configuration 23-4
echoing detection mechanism 23-3
enabling
globally 23-4
per interface 23-5
Layer 2 protocol tunneling 14-10
link-detection mechanism 23-1
neighbor database 23-2
overview 23-1
resetting an interface 23-6
status, displaying 23-7
support for 1-3
UDP, configuring 31-15
UDP jitter, configuring 1-8
UDP jitter operation, IP SLAs 1-8
unauthorized ports with IEEE 802.1x 8-7
unicast MAC address filtering
and adding static addresses 6-25
and broadcast MAC addresses 6-24
and CPU packets 6-24
and multicast addresses 6-24
and router MAC addresses 6-24
configuration guidelines 6-24
described 6-24
unicast storm control
unicast storm control command 21-4
unicast traffic, blocking 21-6
UniDirectional Link Detection protocol
UNIX syslog servers
daemon configuration 26-11
facilities supported 26-12
message logging configuration 26-11
unrecognized Type-Length-Value (TLV) support 12-4
upgrading software images
upgrading with CNS 4-14
UplinkFast
described 17-3
enabling 17-17
support for 1-4
uploading
configuration files
reasons for B-8
using FTP B-14
using RCP B-17
using TFTP B-11
image files
reasons for B-18
using FTP B-26
using RCP B-31
using TFTP B-23
User Datagram Protocol
user EXEC mode 2-2
username-based authentication 7-6
V
version-dependent transparent mode 12-4
virtual IP address
cluster standby group 5-11
command switch 5-11
Virtual Private Network
vlan.dat file 11-4
VLAN 1 minimization, support for 1-4
VLAN ACLs
VLAN configuration
at bootup 11-7
saving 11-7
VLAN configuration mode 2-2, 11-6
VLAN database
and startup configuration file 11-7
and VTP 12-1
VLAN configuration saved in 11-7
VLANs saved in 11-4
vlan database command 11-6
vlan dot1q tag native command 14-4
vlan global configuration command 11-6
VLAN ID, discovering 6-29
VLAN management domain 12-2
VLAN Management Policy Server
VLAN map entries, order of 29-31
VLAN maps
applying 29-34
common uses for 29-34
configuration example 29-35
configuration guidelines 29-31
configuring 29-30
creating 29-31
defined 29-2
denying access example 29-36
denying and permitting packets 29-32
displaying 29-42
examples 29-35
support for 1-5
usage 29-4
VLAN membership
confirming 11-31
modes 11-3
VLAN Query Protocol
VLANs
adding 11-8
adding to VLAN database 11-8
aging dynamic addresses 15-9
allowed on trunk 11-21
and spanning-tree instances 11-2, 11-6, 11-12
configuration guidelines, normal-range VLANs 11-5
configuration options 11-6
configuring 11-1
configuring IDs 1006 to 4094 11-12
connecting through SVIs 9-8
creating in config-vlan mode 11-8
creating in VLAN configuration mode 11-9
customer numbering in service-provider networks 14-3
default configuration 11-7
deleting 11-10
displaying 11-14
features 1-4
illustrated 11-2
internal 11-12
limiting source traffic with RSPAN 24-23
limiting source traffic with SPAN 24-15
modifying 11-8
monitoring with RSPAN 24-21
monitoring with SPAN 24-14
native, configuring 11-22
number supported 1-4
parameters 11-4
port membership modes 11-3
static-access ports 11-10
STP and IEEE 802.1Q trunks 15-10
supported 11-2
Token Ring 11-5
traffic between 11-2
trunks, VLAN 1 minimization 11-21
VTP modes 12-2
VLAN Trunking Protocol
VLAN trunks 11-15
VMPS
administering 11-32
configuration example 11-33
configuration guidelines 11-28
default configuration 11-28
description 11-26
dynamic port membership
described 11-27
reconfirming 11-31
troubleshooting 11-32
entering server address 11-29
mapping MAC addresses to VLANs 11-27
monitoring 11-32
reconfirmation interval, changing 11-31
reconfirming membership 11-31
retry count, changing 11-31
voice VLAN
Cisco 7960 phone, port connections 13-1
configuration guidelines 13-3
configuring IP phones for data traffic
override CoS of incoming frame 13-5
trust CoS priority of incoming frame 13-5
configuring ports for voice traffic in
802.1p priority tagged frames 13-4
802.1Q frames 13-4
connecting to an IP phone 13-3
default configuration 13-2
described 13-1
displaying 13-6
VPN
configuring routing in 31-66
forwarding 31-64
in service provider networks 31-61
routes 31-62
VPN routing and forwarding table
VRF
defining 31-64
tables 31-61
VTP
adding a client to a domain 12-14
and extended-range VLANs 12-1
and normal-range VLANs 12-1
client mode, configuring 12-10
configuration
global configuration mode 12-7
guidelines 12-8
privileged EXEC mode 12-7
requirements 12-9
saving 12-7
VLAN configuration mode 12-7
configuration mode options 12-7
configuration requirements 12-9
configuration revision number
guideline 12-14
resetting 12-15
configuring
client mode 12-10
server mode 12-9
transparent mode 12-12
consistency checks 12-4
default configuration 12-6
described 12-1
disabling 12-12
domain names 12-8
domains 12-2
Layer 2 protocol tunneling 14-7
modes
transitions 12-2
monitoring 12-15
passwords 12-8
pruning
disabling 12-14
enabling 12-13
examples 12-5
overview 12-4
support for 1-4
pruning-eligible list, changing 11-22
server mode, configuring 12-9
statistics 12-15
support for 1-4
Token Ring support 12-4
transparent mode, configuring 12-12
using 12-1
version, guidelines 12-8
version 1 12-4
version 2
configuration guidelines 12-8
disabling 12-13
enabling 12-12
overview 12-4
W
WCCP
authentication 2-3
configuration guidelines 2-4
default configuration 2-4
described 2-1
displaying 2-8
enabling 2-5
features unsupported 2-4
forwarding method 2-3
Layer-2 header rewrite 2-3
MD5 security 2-3
message exchange 2-2
monitoring and maintaining 2-8
negotiation 2-3
packet redirection 2-3
packet-return method 2-3
redirecting traffic received from a client 2-5
setting the password 2-5
unsupported WCCPv2 features 2-4
web authentication
described 1-5
fallback for IEEE 802.1x 8-40
Web Cache Communication Protocol
Weighted Random Early Detection
Weighted Round Robin
weighted round robin, described 28-4
wizards 1-10
X
Xmodem protocol 6-2