-
Catalyst 3560 Switch Software Configuration Guide, Rel. 12.2(25)SEA
-
Index
-
Preface
-
Overview
-
Using the Command-Line Interface
-
Assigning the Switch IP Address and Default Gateway
-
Configuring IE2100 CNS Agents
-
Clustering Switches
-
Administering the Switch
-
Configuring SDM Templates
-
Configuring Switch-Based Authentication
-
Configuring 802.1x Port-Based Authentication
-
Configuring Interface Characteristics
-
Configuring Smartports Macros
-
Configuring VLANs
-
Configuring VTP
-
Configuring Private VLANs
-
Configuring Voice VLAN
-
Configuring 802.1Q and Layer 2 Protocol Tunneling
-
Configuring STP
-
Configuring MSTP
-
Configuring Optional Spanning-Tree Features
-
Configuring Flex Links
-
Configuring DHCP Features and IP Source Guard
-
Configuring Dynamic ARP Inspection
-
Configuring IGMP Snooping and MVR
-
Configuring Port-Based Traffic Control
-
Configuring CDP
-
Configuring UDLD
-
Configuring SPAN and RSPAN
-
Configuring RMON
-
Configuring System Message Logging
-
Configuring SNMP
-
Configuring Network Security with ACLs
-
Configuring QoS
-
Configuring EtherChannels
-
Configuring IP Unicast Routing
-
Configuring IPv6 Unicast Routing
-
Configuring HSRP
-
Configuring IP Multicast Routing
-
Configuring MSDP
-
Configuring Fallback Bridging
-
Troubleshooting
-
Supported MIBs
-
Working with the Cisco IOS File System, Configuration Files, and Software Images
-
Unsupported Commands in Cisco IOS Release 12.2(25)SEA
-
Feedback
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
Numerics
802.1D
802.1Q
and trunk ports 10-3
configuration limitations 12-19
encapsulation 12-16
native VLAN for untagged traffic 12-23
tunneling
compatibility with other features 16-6
defaults 16-4
described 16-1
tunnel ports with other features 16-6
802.1s
802.1w
802.1x
802.3ad
802.3af
802.3z flow control 10-18
A
abbreviating commands 2-3
ABRs 34-24
access-class command 31-20
access control entries
access-denied response, VMPS 12-28
access groups
applying ACLs to interfaces 31-21
IP 31-21
Layer 2 31-21
Layer 3 31-21
access lists
access ports
and Layer 2 protocol tunneling 16-11
defined 10-3
accounting
with RADIUS 8-28
ACEs
and QoS 32-7
defined 31-2
Ethernet 31-2
IP 31-2
ACLs
ACEs 31-2
any keyword 31-13
applying
on bridged packets 31-39
on multicast packets 31-40
on routed packets 31-39
on switched packets 31-38
time ranges to 31-17
to an interface 31-20
to QoS 32-7
classifying traffic for QoS 32-43
comments in 31-19
ACLs (continued)compiling 31-22
configuring with VLAN maps 31-37
extended IP
configuring for QoS classification 32-45
creating 31-10
matching criteria 31-7
hardware and software handling 31-22
host keyword 31-13
IP
applying to interfaces 31-20
creating 31-7
fragments and QoS guidelines 32-34
implicit deny 31-9, 31-14, 31-16
implicit masks 31-9
matching criteria 31-7
named 31-15
terminal lines, setting on 31-20
undefined 31-21
violations, logging 31-16
limiting actions 31-38
logging messages 31-10
log keyword 31-16
monitoring 31-41
named 31-15
number per QoS class map 32-34
numbers 31-7
port 31-2
precedence of 31-2
resequencing entries 31-15
router 31-2
ACLs (continued)standard IP
configuring for QoS classification 32-44
creating 31-9
matching criteria 31-7
supported features 31-22
support for 1-6
time ranges 31-17
unsupported features 31-6
using router ACLs with VLAN maps 31-37
VLAN maps
configuration guidelines 31-31
configuring 31-30
active links 20-1
active router 36-1
address aliasing 23-2
addresses
displaying the MAC address table 6-27
dynamic
accelerated aging 17-8
changing the aging time 6-21
default aging 17-8
defined 6-20
learning 6-20
removing 6-22
MAC, discovering 6-27
multicast
group address range 37-3
STP address management 17-8
static
adding and removing 6-24
defined 6-20
Address Resolution Protocol
adjacency tables, with CEF 34-60
administrative distances
defined 34-71
OSPF 34-30
routing protocol defaults 34-62
advanced IP services image 1-1, 35-1
advertisements
CDP 25-1
RIP 34-19
aggregatable global unicast addresses 35-3
aggregate addresses, BGP 34-54
aggregated ports
aggregate policers 32-58
aggregate policing 1-8
aging, accelerating 17-8
aging time
accelerated
for MSTP 18-20
MAC address table 6-21
maximum
for MSTP 18-21
for STP 17-21
alarms, RMON 28-3
allowed-VLAN list 12-21
area border routers
ARP
configuring 34-8
encapsulation 34-10
static cache configuration 34-8
table
address resolution 6-27
managing 6-27
ASBRs 34-24
AS-path filters, BGP 34-49
asymmetrical links, and 802.1Q tunneling 16-4
attributes, RADIUS
vendor-proprietary 8-31
vendor-specific 8-29
audience xxxvii
authentication
EIGRP 34-37
HSRP 36-9
local mode with AAA 8-36
NTP associations 6-5
RADIUS
key 8-21
login 8-23
TACACS+
defined 8-11
key 8-13
login 8-14
See also port-based authentication
authentication keys, and routing protocols 34-72
authoritative time source, described 6-2
authorization
with RADIUS 8-27
authorized ports with 802.1x 9-4
autoconfiguration 3-3
automatic QoS
autonegotiation
duplex mode 1-3
interface configuration guidelines 10-16
mismatches 40-11
autonomous system boundary routers
autonomous systems, in BGP 34-43
Auto-RP, described 37-5
autosensing, port speed 1-3
auxiliary VLAN
availability, features 1-5
B
BackboneFast
described 19-5
disabling 19-14
enabling 19-13
support for 1-5
backup interfaces
backup links 20-1
banners
configuring
login 6-19
message-of-the-day login 6-18
default configuration 6-18
when displayed 6-18
BGP
aggregate addresses 34-54
aggregate routes, configuring 34-54
CIDR 34-54
clear commands 34-58
community filtering 34-51
configuring neighbors 34-53
default configuration 34-41
described 34-40
enabling 34-43
monitoring 34-58
multipath support 34-46
neighbors, types of 34-43
path selection 34-46
peers, configuring 34-53
prefix filtering 34-50
resetting sessions 34-45
route dampening 34-57
route maps 34-48
route reflectors 34-56
routing domain confederation 34-55
show commands 34-58
supernets 34-54
BGP (continued)support for 1-8
Version 4 34-40
binding cluster group and HSRP group 36-11
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 21-5
DHCP snooping database 21-6
IP source guard 21-14
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 24-6
booting
boot loader, function of 3-2
boot process 3-2
manually 3-13
specific image 3-13
boot loader
accessing 3-14
described 3-2
environment variables 3-14
prompt 3-14
trap-door mechanism 3-2
bootstrap router (BSR), described 37-5
Border Gateway Protocol
BPDU
error-disabled state 19-2
filtering 19-3
RSTP format 18-9
BPDU filtering
described 19-3
disabling 19-12
enabling 19-12
support for 1-5
BPDU guard
described 19-2
disabling 19-11
enabling 19-11
support for 1-5
bridged packets, ACLs on 31-39
bridge groups
bridge protocol data unit
broadcast flooding 34-16
broadcast packets
directed 34-13
flooded 34-13
broadcast storm-control command 24-4
C
cables, monitoring for unidirectional links 26-1
candidate switch
defined 5-3
requirements 5-3
See also command switch, cluster standby group, and member switch
CA trustpoint
configuring 8-44
defined 8-42
caution, described xxxviii
CDP
and trusted boundary 32-40
configuring 25-2
default configuration 25-2
described 25-1
disabling for routing device 25-3 to 25-4
enabling and disabling
on an interface 25-4
on a switch 25-3
Layer 2 protocol tunneling 16-8
CDP (continued)monitoring 25-5
overview 25-1
power negotiation extensions 10-6
support for 1-4
transmission timer and holdtime, setting 25-2
updates 25-2
CEF
defined 34-59
enabling 34-60
IPv6 35-14
CGMP
as IGMP snooping learning method 23-8
clearing cached group entries 37-49
enabling server support 37-32
joining multicast group 23-3
overview 37-7
server support only 37-7
switch support of 1-3
CIDR 34-54
CipherSuites 8-43
Cisco 7960 IP Phone 15-1
Cisco Discovery Protocol
Cisco Express Forwarding
Cisco Group Management Protocol
Cisco intelligent power management 10-6
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
Cisco Network Assistant
Cisco Networking Services
classless interdomain routing
classless routing 34-6
class maps for QoS
configuring 32-47
described 32-7
displaying 32-78
class of service
clearing interfaces 10-25
CLI
abbreviating commands 2-3
command modes 2-1
described 1-4
editing features
enabling and disabling 2-6
keystroke editing 2-6
wrapped lines 2-8
error messages 2-4
filtering command output 2-8
getting help 2-3
history
changing the buffer size 2-5
described 2-4
disabling 2-5
recalling commands 2-5
managing clusters 5-3
no and default forms of commands 2-4
client mode, VTP 13-3
clock
cluster requirements xxxix
clusters, switch
benefits 1-2
described 5-1
managing
through CLI 5-3
through SNMP 5-4
clusters, switch (continued)planning considerations
CLI 5-3
SNMP 5-4
See also Getting Started with Cisco Network Assistant
cluster standby group
and HSRP group 36-11
requirements 5-2
Coarse Wave Division Multiplexer
command-line interface
command modes 2-1
commands
abbreviating 2-3
no and default 2-4
commands, setting privilege levels 8-8
command switch
configuration conflicts 40-11
defined 5-2
password privilege levels 5-4
recovery
from command-switch failure 40-7
from lost member connectivity 40-11
replacing
with another switch 40-10
with cluster member 40-8
requirements 5-2
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 34-52
community ports 14-2
community strings
configuring 30-8
for cluster switches 30-4
overview 30-4
compatibility, feature 24-11
config.text 3-12
configuration, initial
defaults 1-10
Express Setup 1-2
See also getting started guide and hardware installation guide
configuration conflicts, recovering from lost member connectivity 40-11
configuration examples, network 1-12
configuration files
clearing the startup configuration B-18
creating using a text editor B-9
default name 3-12
deleting a stored configuration B-18
described B-8
downloading
automatically 3-12
reasons for B-8
using FTP B-13
using RCP B-16
using TFTP B-10
guidelines for creating and using B-8
invalid combinations when copying B-5
limiting TFTP server access 30-15
obtaining with DHCP 3-7
password recovery disable considerations 8-5
specifying the filename 3-12
system contact and location information 30-14
types and location B-9
uploading
reasons for B-8
using FTP B-14
using RCP B-17
using TFTP B-11
configuration settings, saving 3-10
configure terminal command 10-10
conflicts, configuration 40-11
connections, secure remote 8-38
connectivity problems 40-13, 40-15, 40-16
consistency checks in VTP Version 2 13-4
console port, connecting to 2-9
conventions
command xxxviii
for examples xxxviii
publication xxxviii
text xxxviii
corrupted software, recovery steps with Xmodem 40-2
CoS
in Layer 2 frames 32-2
override priority 15-6
trust priority 15-6
CoS input queue threshold map for QoS 32-17
CoS output queue threshold map for QoS 32-20
CoS-to-DSCP map for QoS 32-60
counters, clearing interface 10-25
crashinfo file 40-23
cryptographic software image
Kerberos 8-32
SSH 8-37
SSL 8-41
CWDM SFPs 1-17
D
daylight saving time 6-13
debugging
enabling all system diagnostics 40-20
enabling for a specific feature 40-19
redirecting error message output 40-20
using commands 40-19
default commands 2-4
default configuration
802.1Q tunneling 16-4
802.1x 9-10
auto-QoS 32-21
banners 6-18
default configuration (continued)BGP 34-41
booting 3-12
CDP 25-2
DHCP 21-7
DHCP option 82 21-7
DHCP snooping 21-7
DHCP snooping binding database 21-8
DNS 6-16
dynamic ARP inspection 22-5
EIGRP 34-34
EtherChannel 33-8
fallback bridging 39-3
Flex Links 20-2
HSRP 36-5
IGMP 37-26
IGMP filtering 23-21
IGMP snooping 23-6
IGMP throttling 23-21
initial switch information 3-3
IP addressing, IP routing 34-4
IP multicast routing 37-8
IP source guard 21-15
IPv6 35-9
Layer 2 interfaces 10-14
Layer 2 protocol tunneling 16-11
MAC address table 6-21
MSDP 38-4
MSTP 18-12
MVR 23-16
NTP 6-4
optional spanning-tree configuration 19-9
OSPF 34-25
password and privilege level 8-2
PIM 37-8
private VLANs 14-6
RADIUS 8-20
RIP 34-20
RMON 28-3
default configuration (continued)
RSPAN 27-9
SDM template 7-3
SNMP 30-6
SPAN 27-9
SSL 8-44
standard QoS 32-32
STP 17-11
system message logging 29-3
system name and prompt 6-15
TACACS+ 8-13
UDLD 26-4
VLAN, Layer 2 Ethernet interfaces 12-19
VLANs 12-8
VMPS 12-29
voice VLAN 15-3
VTP 13-6
default networks 34-62
default routes 34-62
default routing 34-2
deleting VLANs 12-10
description command 10-21
designing your network, examples 1-12
destination addresses, in ACLs 31-12
destination-IP address-based forwarding, EtherChannel 33-7
destination-MAC address forwarding, EtherChannel 33-6
detecting indirect link failures, STP 19-5
device B-18
device discovery protocol 25-1
device manager
benefits 1-2
in-band management 1-5
requirements xxxviii
upgrading a switch B-18
DHCP
Cisco IOS server database
configuring 21-12
default configuration 21-7
described 21-5
enabling
relay agent 21-9
server 21-9
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-6
relay device 3-6
server side 3-5
server-side 21-9
TFTP server 3-5
example 3-8
lease options
for IP address information 3-5
for receiving the configuration file 3-5
overview 3-3
relationship to BOOTP 3-4
support for 1-4
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 21-5
configuration guidelines 21-8
default configuration 21-7
displaying 21-14
forwarding address, specifying 21-10
helper address 21-10
overview 21-3
DHCP option 82 (continued)packet format, suboption
circuit ID 21-5
remote ID 21-5
remote ID suboption 21-5
DHCP snooping
accepting untrusted packets form edge switch 21-3, 21-11
and private VLANs 21-12
binding database
See DHCP snooping binding database
configuration guidelines 21-8
default configuration 21-7
displaying binding tables 21-14
message exchange process 21-4
option 82 data insertion 21-3
trusted interface 21-2
untrusted interface 21-2
untrusted messages 21-2
DHCP snooping binding database
adding bindings 21-13
binding file
format 21-6
location 21-6
bindings 21-6
clearing agent statistics 21-13
configuration guidelines 21-9
configuring 21-13
default configuration 21-7, 21-8
deleting
binding file 21-13
bindings 21-13
database agent 21-13
described 21-5
displaying 21-14
binding entries 21-14
status and statistics 21-14
enabling 21-13
entry 21-6
DHCP snooping binding database (continued)renewing database 21-13
resetting
delay value 21-13
timeout value 21-13
updating process 21-6
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 32-2
Differentiated Services Code Point 32-2
Diffusing Update Algorithm (DUAL) 34-33
directed unicast requests 1-4
directories
changing B-3
creating and removing B-4
displaying the working B-3
Distance Vector Multicast Routing Protocol
distance-vector protocols 34-3
distribute-list command 34-70
DNS
and DHCP-based autoconfiguration 3-6
default configuration 6-16
displaying the configuration 6-17
in IPv6 35-4
overview 6-16
setting up 6-17
support for 1-4
documentation, related xxxviii
document conventions xxxviii
domain names
DNS 6-16
VTP 13-8
Domain Name System
dot1q-tunnel switchport mode 12-18
double-tagged packets
802.1Q tunneling 16-2
Layer 2 protocol tunneling 16-10
downloading
configuration files
reasons for B-8
using FTP B-13
using RCP B-16
using TFTP B-10
image files
deleting old image B-22
reasons for B-19
using CMS 1-2
using FTP B-25
using Network Assistant 1-2
using RCP B-30
using TFTP B-21
using the device manager or Network Assistant B-18
drop threshold for Layer 2 protocol packets 16-11
DSCP input queue threshold map for QoS 32-17
DSCP output queue threshold map for QoS 32-20
DSCP-to-CoS map for QoS 32-63
DSCP-to-DSCP-mutation map for QoS 32-64
DSCP transparency 32-40
DUAL finite state machine, EIGRP 34-33
dual IPv4 and IPv6 templates 7-2, 35-7
dual protocol stacks
configuring 35-12
IPv4 and IPv6 35-7
SDM templates supporting 35-8
duplex mode, configuring 10-15
DVMRP
autosummarization
configuring a summary address 37-46
disabling 37-48
connecting PIM domain to DVMRP router 37-38
enabling unicast routing 37-42
DVMRP (continued)interoperability
with Cisco devices 37-36
with Cisco IOS software 37-7
mrinfo requests, responding to 37-41
neighbors
advertising the default route to 37-40
discovery with Probe messages 37-36
displaying information 37-41
prevent peering with nonpruning 37-44
rejecting nonpruning 37-42
overview 37-7
routes
adding a metric offset 37-48
advertising all 37-48
advertising the default route to neighbors 37-40
caching DVMRP routes learned in report messages 37-42
changing the threshold for syslog messages 37-45
deleting 37-49
displaying 37-50
favoring one over another 37-48
limiting the number injected into MBONE 37-45
limiting unicast route advertisements 37-36
routing table 37-7
source distribution tree, building 37-7
support for 1-9
tunnels
configuring 37-38
displaying neighbor information 37-41
dynamic access ports
characteristics 12-3
configuring 12-30
defined 10-3
dynamic addresses
dynamic ARP inspection
ARP cache poisoning 22-1
ARP requests, described 22-1
dynamic ARP inspection (continued)ARP spoofing attack 22-1
clearing
log buffer 22-15
statistics 22-15
configuration guidelines 22-6
configuring
ACLs for non-DHCP environments 22-8
in DHCP environments 22-7
log buffer 22-12
rate limit for incoming ARP packets 22-4, 22-10
default configuration 22-5
denial-of-service attacks, preventing 22-10
described 22-1
DHCP snooping binding database 22-2
displaying
ARP ACLs 22-14
configuration and operating state 22-14
log buffer 22-15
statistics 22-15
trust state and rate limit 22-14
error-disabled state for exceeding rate limit 22-4
function of 22-2
interface trust states 22-3
log buffer
clearing 22-15
configuring 22-12
displaying 22-15
logging of dropped packets, described 22-4
man-in-the middle attack, described 22-2
network security issues and interface trust states 22-3
priority of ARP ACLs and DHCP snooping entries 22-4
rate limiting of ARP packets
configuring 22-10
described 22-4
error-disabled state 22-4
dynamic ARP inspection (continued)statistics
clearing 22-15
displaying 22-15
validation checks, performing 22-11
dynamic auto trunking mode 12-18
dynamic desirable trunking mode 12-18
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 12-28
reconfirming 12-31
troubleshooting 12-33
types of connections 12-30
dynamic routing 34-3
Dynamic Trunking Protocol
E
EBGP 34-39
editing features
enabling and disabling 2-6
keystrokes used 2-6
wrapped lines 2-8
EIGRP
authentication 34-37
components 34-33
configuring 34-35
default configuration 34-34
definition 34-33
interface parameters, configuring 34-36
monitoring 34-38
support for 1-8
EMI 1-1
enable password 8-4
enable secret password 8-4
encryption, CipherSuite 8-43
encryption for passwords 8-4
Enhanced IGRP
enhanced multilayer image
environment variables, function of 3-15
error messages during command entry 2-4
EtherChannel
802.3ad, described 33-5
automatic creation of 33-4, 33-5
channel groups
binding physical and logical interfaces 33-3
numbering of 33-3
configuration guidelines 33-9
configuring
Layer 2 interfaces 33-10
Layer 3 physical interfaces 33-13
Layer 3 port-channel logical interfaces 33-12
default configuration 33-8
described 33-2
displaying status 33-20
forwarding methods 33-6, 33-15
interaction
with STP 33-9
with VLANs 33-9
LACP
described 33-5
displaying status 33-20
hot-standby ports 33-17
interaction with other features 33-6
modes 33-5
port priority 33-19
system priority 33-18
Layer 3 interface 34-3
logical interfaces, described 33-3
EtherChannel (continued)PAgP
aggregate-port learners 33-16
compatibility with Catalyst 1900 33-16
described 33-4
displaying status 33-20
interaction with other features 33-5
learn method and priority configuration 33-16
modes 33-4
support for 1-3
port-channel interfaces
described 33-3
numbering of 33-3
port groups 10-5
support for 1-3
EtherChannel guard
described 19-7
disabling 19-14
enabling 19-14
Ethernet VLANs
adding 12-9
defaults and ranges 12-8
modifying 12-9
EUI 35-3
events, RMON 28-3
examples
conventions for xxxviii
network configuration 1-12
expedite queue for QoS 32-77
Express Setup 1-2
See also getting started guide
extended-range VLANs
configuration guidelines 12-13
configuring 12-12
creating 12-13
defined 12-1
extended system ID
MSTP 18-14
extended universal identifier
Extensible Authentication Protocol over LAN 9-1
external BGP
external neighbors, BGP 34-43
F
fallback bridging
and protected ports 39-3
bridge groups
creating 39-3
described 39-1
displaying 39-10
function of 39-2
number supported 39-4
removing 39-4
bridge table
clearing 39-10
displaying 39-10
configuration guidelines 39-3
connecting interfaces with 10-9
default configuration 39-3
described 39-1
frame forwarding
flooding packets 39-2
forwarding packets 39-2
overview 39-1
protocol, unsupported 39-3
STP
disabling on an interface 39-10
forward-delay interval 39-9
hello BPDU interval 39-8
interface priority 39-6
keepalive messages 17-2
maximum-idle interval 39-9
path cost 39-7
fallback bridging (continued)
STP
VLAN-bridge spanning-tree priority 39-6
VLAN-bridge STP 39-2
support for 1-8
SVIs and routed ports 39-1
unsupported protocols 39-3
VLAN-bridge STP 17-10
features, incompatible 24-11
FIB 34-59
fiber-optic, detecting unidirectional links 26-1
files
copying B-4
crashinfo
description 40-23
displaying the contents of 40-23
location 40-23
deleting B-5
displaying the contents of B-7
tar
creating B-5
displaying the contents of B-6
extracting B-7
image file format B-19
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-4
setting the default B-3
filtering
in a VLAN 31-30
non-IP traffic 31-27
show and more command output 2-8
filtering show and more command output 2-8
filters, IP
flash device, number of B-1
Flex Links
configuration guidelines 20-2
configuring 20-3
default configuration 20-2
description 20-1
monitoring 20-3
flooded traffic, blocking 24-7
flow-based packet classification 1-7
flowcharts
QoS classification 32-6
QoS egress queueing and scheduling 32-18
QoS ingress queueing and scheduling 32-16
QoS policing and marking 32-10
forward-delay time
MSTP 18-20
STP 17-21
Forwarding Information Base
forwarding nonroutable protocols 39-1
FTP
accessing MIB files A-3
configuration files
downloading B-13
overview B-12
preparing the server B-12
uploading B-14
image files
deleting old image B-27
downloading B-25
preparing the server B-24
uploading B-27
G
get-bulk-request operation 30-3
get-next-request operation 30-3, 30-4
get-request operation 30-3, 30-4
get-response operation 30-3
global configuration mode 2-2
guest VLAN and 802.1x 9-8
guide
audience xxxvii
purpose of xxxvii
guide mode 1-2
GUIs
See device manager and Network Assistant 1-4
H
hardware limitations and Layer 3 interfaces 10-22
hello time
MSTP 18-19
STP 17-20
help, for the command line 2-3
hierarchical policy maps 32-8
configuration guidelines 32-34
configuring 32-52
described 32-11
history
changing the buffer size 2-5
described 2-4
disabling 2-5
recalling commands 2-5
history table, level and number of syslog messages 29-9
host ports
configuring 14-11
kinds of 14-2
hosts, limit on dynamic ports 12-33
Hot Standby Router Protocol
HP OpenView 1-4
HSRP
authentication string 36-9
binding to cluster group 36-11
command-switch redundancy 1-1, 1-5
configuring 36-4
default configuration 36-5
HSRP (continued)definition 36-1
guidelines 36-5
monitoring 36-11
overview 36-1
priority 36-7
routing redundancy 1-8
support for ICMP redirect messages 36-11
timers 36-9
tracking 36-7
HTTP over SSL
HTTPS 8-42
configuring 8-45
self-signed certificate 8-42
HTTP secure server 8-42
I
IBPG 34-39
ICMP
IPv6 35-4
redirect messages 34-11
support for 1-9
time-exceeded messages 40-17
traceroute and 40-17
unreachable messages 31-21
unreachables and ACLs 31-22
ICMP ping
executing 40-14
overview 40-13
ICMP Router Discovery Protocol
ICMPv6 35-4
IDS appliances
and ingress RSPAN 27-20
and ingress SPAN 27-13
IE2100
CNS embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-8
Configuration Registrar
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
IEEE 802.1p 15-1
ifIndex values, SNMP 30-5
IFS 1-4
IGMP
configuring the switch
as a member of a group 37-26
statically connected member 37-31
controlling access to groups 37-27
default configuration 37-26
deleting cache entries 37-50
displaying groups 37-50
fast switching 37-31
host-query interval, modifying 37-29
joining multicast group 23-3
join messages 23-3
leave processing, enabling 23-10
leaving multicast group 23-4
multicast reachability 37-26
overview 37-2
queries 23-3
report suppression
described 23-5
disabling 23-12
support for 1-3
Version 1
changing to Version 2 37-28
described 37-3
IGMP (continued)Version 2
changing to Version 1 37-28
described 37-3
maximum query response time value 37-30
pruning groups 37-30
query timeout value 37-30
IGMP filtering
configuring 23-21
default configuration 23-21
described 23-20
monitoring 23-25
support for 1-3
IGMP groups
configuring filtering 23-24
setting the maximum number 23-23
IGMP profile
applying 23-22
configuration mode 23-21
configuring 23-22
IGMP snooping
and address aliasing 23-2
configuring 23-6
default configuration 23-6
definition 23-1
enabling and disabling 23-7
global configuration 23-7
Immediate Leave 23-5
method 23-7
monitoring 23-12
querier
configuring 23-10
guidelines and restrictions 23-5
support for 1-3
VLAN configuration 23-7
IGMP throttling
configuring 23-24
default configuration 23-21
IGMP throttling (continued)
described 23-21
displaying action 23-25
IGP 34-24
Immediate Leave, IGMP
described 23-5
enabling 23-10
initial configuration
defaults 1-10
Express Setup 1-2
See also getting started guide and hardware installation guide
Intelligence Engine 2100 Series CNS Agents
interface
number 10-10
range macros 10-12
interface command 10-9 to 10-10
interface configuration mode 2-2
interfaces
configuration guidelines
duplex and speed 10-16
configuring
duplex mode 10-15
procedure 10-10
speed 10-15
configuring for IPv4 and IPv6 35-12
counters, clearing 10-25
described 10-21
descriptive name, adding 10-21
displaying information about 10-25
flow control 10-18
management 1-4
monitoring 10-24
naming 10-21
physical, identifying 10-9
range of 10-11
restarting 10-26
shutting down 10-26
interfaces (continued)status 10-24
supported 10-9
types of 10-1
interfaces range macro command 10-12
interface types 10-9
Interior Gateway Protocol
internal BGP
internal neighbors, BGP 34-43
Internet Control Message Protocol
Internet Group Management Protocol
Internet Protocol version 6
Inter-Switch Link
Intrusion Detection System
ip access group command 31-21
IP ACLs
extended, creating 31-10
for QoS classification 32-7
implicit deny 31-9, 31-14, 31-16
implicit masks 31-9
logging 31-16
named 31-15
standard, creating 31-9
undefined 31-21
virtual terminal lines, setting on 31-20
IP addresses
128-bit 35-2
candidate or member 5-3
classes of 34-5
command switch 5-2
default configuration 34-4
IP addresses (continued)
discovering 6-27
for IP routing 34-4
IPv6 35-2
MAC address association 34-8
monitoring 34-17
IP broadcast address 34-16
ip cef distributed command 34-60
IP directed broadcasts 34-13
ip igmp profile command 23-21
IP information
assigned
manually 3-9
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing
addresses
all-hosts 37-3
all-multicast-routers 37-3
host group address range 37-3
administratively-scoped boundaries, described 37-34
and IGMP snooping 23-1
Auto-RP
adding to an existing sparse-mode cloud 37-13
benefits of 37-13
clearing the cache 37-50
configuration guidelines 37-9
filtering incoming RP announcement messages 37-16
overview 37-5
preventing candidate RP spoofing 37-16
preventing join messages to false RPs 37-15
setting up in a new internetwork 37-13
using with BSR 37-21
bootstrap router
configuration guidelines 37-9
configuring candidate BSRs 37-19
configuring candidate RPs 37-20
defining the IP multicast boundary 37-18
IP multicast routing (continued)
bootstrap router
defining the PIM domain border 37-17
overview 37-5
using with Auto-RP 37-21
Cisco implementation 37-2
configuring
basic multicast routing 37-10
IP multicast boundary 37-34
default configuration 37-8
enabling
multicast forwarding 37-10
PIM mode 37-11
group-to-RP mappings
Auto-RP 37-5
BSR 37-5
MBONE
deleting sdr cache entries 37-50
described 37-33
displaying sdr cache 37-51
enabling sdr listener support 37-33
limiting DVMRP routes advertised 37-45
limiting sdr cache entry lifetime 37-34
SAP packets for conference session announcement 37-33
Session Directory (sdr) tool, described 37-33
monitoring
packet rate loss 37-51
peering devices 37-51
tracing a path 37-51
multicast forwarding, described 37-6
PIMv1 and PIMv2 interoperability 37-8
protocol interaction 37-2
reverse path check (RPF) 37-6
routing table
deleting 37-50
displaying 37-50
IP multicast routing (continued)
RP
assigning manually 37-11
configuring Auto-RP 37-13
configuring PIMv2 BSR 37-17
monitoring mapping information 37-22
using Auto-RP and BSR 37-21
statistics, displaying system and network 37-50
IP phones
and QoS 15-1
automatic classification and queueing 32-21
configuring 15-4
ensuring port security with QoS 32-39
trusted boundary for QoS 32-39
IP precedence 32-2
IP-precedence-to-DSCP map for QoS 32-61
IP protocols
in ACLs 31-12
routing 1-8
IP routes, monitoring 34-73
IP routing
connecting interfaces with 10-9
disabling 34-18
enabling 34-18
IP source guard
and 802.1x 21-16
and DHCP snooping 21-14
and EtherChannels 21-16
and port security 21-16
and private VLANs 21-16
and routed ports 21-16
and TCAM entries 21-16
and trunk interfaces 21-16
and VRF 21-16
IP source guard (continued)
binding configuration
automatic 21-14
manual 21-14
binding table 21-14
configuration guidelines 21-16
default configuration 21-15
described 21-14
disabling 21-17
displaying
bindings 21-17
configuration 21-17
enabling 21-16
filtering
source IP address 21-15
source IP and MAC address 21-15
source IP address filtering 21-15
source IP and MAC address filtering 21-15
static bindings
adding 21-16
deleting 21-17
IP traceroute
executing 40-17
overview 40-16
IP unicast routing
address resolution 34-8
administrative distances 34-62, 34-71
ARP 34-8
assigning IP addresses to Layer 3 interfaces 34-5
authentication keys 34-72
broadcast
address 34-16
flooding 34-16
packets 34-13
storms 34-13
classless routing 34-6
configuring static routes 34-61
IP unicast routing (continued)
default
addressing configuration 34-4
gateways 34-11
networks 34-62
routes 34-62
routing 34-2
directed broadcasts 34-13
disabling 34-18
dynamic routing 34-3
enabling 34-18
EtherChannel Layer 3 interface 34-3
IGP 34-24
inter-VLAN 34-2
IP addressing
classes 34-5
configuring 34-4
IPv6 35-3
IRDP 34-11
Layer 3 interfaces 34-3
MAC address and IP address 34-8
passive interfaces 34-69
protocols
distance-vector 34-3
dynamic 34-3
link-state 34-3
proxy ARP 34-8
redistribution 34-63
reverse address resolution 34-8
routed ports 34-3
static routing 34-3
steps to configure 34-4
subnet mask 34-5
subnet zero 34-6
supernet 34-6
UDP 34-14
with SVIs 34-3
IP unicast routing (continued)
IPv4 and IPv6
configuring on an interface 35-12
differences 35-1
dual protocol stacks 35-5
IPv6
addresses 35-2
address formats 35-2
advantages 35-1
applications 35-5
assigning address 35-9
autoconfiguration 35-4
CEFv6 35-14
configuring static routes 35-14
default configuration 35-9
defined 35-1
enabling 35-9
feature limitations 35-7
features not supported 35-6
ICMP 35-4
ICMP rate limiting 35-13
monitoring 35-20
OSPF 35-18
path MTU discovery 35-4
reasons for 35-1
RIP 35-16
supported features 35-3
switch limitations 35-6
IRDP
configuring 34-12
definition 34-11
support for 1-9
ISL
and IPv6 35-3
and trunk ports 10-3
ISL (continued)trunking with 802.1 tunneling 16-5
isolated port 14-2
J
join messages, IGMP 23-3
K
KDC
described 8-32
keepalive messages 17-2
Kerberos
authenticating to
boundary switch 8-35
KDC 8-35
network services 8-35
configuration examples 8-32
configuring 8-36
credentials 8-32
cryptographic software image 8-32
described 8-32
KDC 8-32
operation 8-34
realm 8-33
server 8-33
support for 1-7
switch as trusted third party 8-32
terms 8-33
TGT 8-34
tickets 8-32
key distribution center
L
l2protocol-tunnel command 16-13
LACP
Layer 2 protocol tunneling 16-9
Layer 2 frames, classification with CoS 32-2
Layer 2 interfaces, default configuration 10-14
Layer 2 protocol tunneling
configuring 16-10
configuring for EtherChannels 16-14
default configuration 16-11
defined 16-8
guidelines 16-11
Layer 2 traceroute
and ARP 40-16
and CDP 40-15
broadcast traffic 40-15
described 40-15
IP addresses and subnets 40-16
MAC addresses and VLANs 40-15
multicast traffic 40-15
multiple devices on a port 40-16
unicast traffic 40-15
usage guidelines 40-15
Layer 2 trunks 12-17
Layer 3 features 1-8
Layer 3 interfaces
assigning IP addresses to 34-5
assigning IPv4 and IPv6 addresses to 35-12
assigning IPv6 addresses to 35-10
changing from Layer 2 mode 34-5
types of 34-3
Layer 3 packets, classification methods 32-2
LDAP 4-2
LEDs, switch
See hardware installation guide
lightweight directory access protocol
line configuration mode 2-2
Link Aggregation Control Protocol
link local unicast addresses 35-3
link redundancy
links, unidirectional 26-1
link state advertisements (LSAs) 34-28
link-state protocols 34-3
load balancing 36-3
logging messages, ACL 31-10
login authentication
with RADIUS 8-23
with TACACS+ 8-14
login banners 6-18
log messages
Long-Reach Ethernet (LRE) technology 1-14
loop guard
described 19-9
enabling 19-15
support for 1-5
M
MAC addresses
aging time 6-21
and VLAN association 6-21
building the address table 6-20
default configuration 6-21
discovering 6-27
displaying 6-27
displaying in the IP source binding table 21-17
dynamic
learning 6-20
removing 6-22
in ACLs 31-27
IP address association 34-8
MAC addresses (continued)
static
adding 6-25
allowing 6-26
characteristics of 6-24
dropping 6-26
removing 6-25
MAC address notification, support for 1-9
MAC address-to-VLAN mapping 12-28
MAC extended access lists
applying to Layer 2 interfaces 31-29
configuring for QoS 32-46
creating 31-27
defined 31-27
for QoS classification 32-5
macros
manageability features 1-4
management access
in-band
browser session 1-5
CLI session 1-5
device manager 1-5
SNMP 1-5
out-of-band console port connection 1-5
management options
CLI 2-1
clustering 1-3
CNS 4-1
Network Assistant 1-2
overview 1-4
mapping tables for QoS
configuring
CoS-to-DSCP 32-60
DSCP 32-60
DSCP-to-CoS 32-63
DSCP-to-DSCP-mutation 32-64
mapping tables for QoS (continued)
IP-precedence-to-DSCP 32-61
policed-DSCP 32-62
described 32-13
marking
action in policy map 32-49
action with aggregate policers 32-58
matching, ACLs 31-7
maximum aging time
MSTP 18-21
STP 17-21
maximum hop count, MSTP 18-21
maximum-paths command 34-46, 34-61
membership mode, VLAN port 12-3
member switch
defined 5-2
managing 5-3
recovering from lost connectivity 40-11
requirements 5-3
See also candidate switch, cluster standby group, and standby command switch
messages
logging ACL violations 31-16
to users through banners 6-18
messages, to users through banners 6-18
metrics, in BGP 34-47
metric translations, between routing protocols 34-66
metro tags 16-2
MHSRP 36-3
MIBs
accessing files with FTP A-3
location of files A-3
overview 30-1
SNMP interaction with 30-4
supported A-1
mirroring traffic for analysis 27-1
mismatches, autonegotiation 40-11
module number 10-10
monitoring
802.1Q tunneling 16-18
access groups 31-41
ACL configuration 31-41
BGP 34-58
cables for unidirectional links 26-1
CDP 25-5
CEF 34-60
EIGRP 34-38
fallback bridging 39-10
features 1-9
Flex Links 20-3
HSRP 36-11
IGMP
filters 23-25
snooping 23-12
interfaces 10-24
IP
address tables 34-17
multicast routing 37-49
routes 34-73
IPv6 35-20
Layer 2 protocol tunneling 16-18
MSDP peers 38-19
multicast router interfaces 23-13
MVR 23-20
network traffic for analysis with probe 27-2
OSPF 34-32
port
blocking 24-16
protection 24-16
private VLANs 14-14
RP mapping information 37-22
source-active messages 38-19
speed and duplex mode 10-17
traffic flowing among switches 28-1
traffic suppression 24-16
tunneling 16-18
monitoring (continued)VLAN
filters 31-41
maps 31-41
VLANs 12-15
VMPS 12-32
VTP 13-16
benefits of 38-3
clearing MSDP connections and statistics 38-19
controlling source information
forwarded by switch 38-12
originated by switch 38-9
received by switch 38-14
default configuration 38-4
dense-mode regions
sending SA messages to 38-17
specifying the originating address 38-18
filtering
incoming SA messages 38-14
SA messages to a peer 38-12
SA requests from a peer 38-11
join latency, defined 38-6
meshed groups
configuring 38-16
defined 38-16
originating address, changing 38-18
overview 38-1
peer-RPF flooding 38-2
peers
configuring a default 38-4
monitoring 38-19
peering relationship, overview 38-1
requesting source information from 38-8
shutting down 38-16
source-active messages
caching 38-6
clearing cache entries 38-19
defined 38-2
filtering from a peer 38-11
MSDP (continued)
source-active messages
filtering incoming 38-14
filtering to a peer 38-12
limiting data with TTL 38-14
monitoring 38-19
restricting advertised sources 38-9
support for 1-9
MSTP
boundary ports
configuration guidelines 18-13
described 18-5
BPDU filtering
described 19-3
enabling 19-12
BPDU guard
described 19-2
enabling 19-11
CIST, described 18-3
configuration guidelines 18-12, 19-10
configuring
forward-delay time 18-20
hello time 18-19
link type for rapid convergence 18-22
maximum aging time 18-21
maximum hop count 18-21
MST region 18-13
path cost 18-18
port priority 18-17
root switch 18-14
secondary root switch 18-16
switch priority 18-19
CST
defined 18-3
operations between regions 18-3
default configuration 18-12
default optional feature configuration 19-9
displaying status 18-23
enabling the mode 18-13
MSTP (continued)
EtherChannel guard
described 19-7
enabling 19-14
extended system ID
effects on root switch 18-14
effects on secondary root switch 18-16
unexpected behavior 18-15
instances supported 17-9
interface state, blocking to forwarding 19-2
interoperability and compatibility among modes 17-10
interoperability with 802.1D
described 18-5
restarting migration process 18-22
IST
defined 18-2
master 18-3
operations within a region 18-3
loop guard
described 19-9
enabling 19-15
mapping VLANs to MST instance 18-13
MST region
CIST 18-3
configuring 18-13
described 18-2
hop-count mechanism 18-4
IST 18-2
supported spanning-tree instances 18-2
optional features supported 1-5
overview 18-2
Port Fast
described 19-2
enabling 19-10
preventing root switch selection 19-8
root guard
described 19-8
enabling 19-14
MSTP (continued)
root switch
configuring 18-15
effects of extended system ID 18-14
unexpected behavior 18-15
shutdown Port Fast-enabled port 19-2
status, displaying 18-23
multicast groups
Immediate Leave 23-5
joining 23-3
leaving 23-4
static joins 23-9
multicast packets
ACLs on 31-40
blocking 24-7
multicast router interfaces, monitoring 23-13
multicast router ports, adding 23-8
Multicast Source Discovery Protocol
multicast storm 24-1
multicast storm-control command 24-4
Multicast VLAN Registration
Multiple HSRP
MVR
and address aliasing 23-17
configuring interfaces 23-18
default configuration 23-16
described 23-13
modes 23-17
monitoring 23-20
setting global parameters 23-17
support for 1-3
N
named IP ACLs 31-15
NameSpace Mapper
native VLAN
and 802.1Q tunneling 16-4
configuring 12-23
default 12-23
neighbor discovery/recovery, EIGRP 34-33
neighbors, BGP 34-53
Network Assistant
benefits 1-2
described 1-4
downloading image files 1-2
guide mode 1-2
management options 1-2
requirements xxxviii
upgrading a switch B-18
wizards 1-2
network configuration examples
increasing network performance 1-13
large network 1-16
long-distance, high-bandwidth transport 1-17
providing network services 1-14
small to medium-sized network 1-14
network design
performance 1-13
services 1-14
network management
CDP 25-1
RMON 28-1
SNMP 30-1
Network Time Protocol
no commands 2-4
nonhierarchical policy maps
configuration guidelines 32-34
configuring 32-49
described 32-9
non-IP traffic filtering 31-27
nontrunking mode 12-18
normal-range VLANs
configuration modes 12-7
defined 12-1
no switchport command 10-4
note, described xxxviii
not-so-stubby areas
NSM 4-3
NSSA, OSPF 34-28
NTP
associations
authenticating 6-5
defined 6-2
enabling broadcast messages 6-7
peer 6-6
server 6-6
default configuration 6-4
displaying the configuration 6-11
overview 6-2
restricting access
creating an access group 6-9
disabling NTP services per interface 6-10
source IP address, configuring 6-10
stratum 6-2
support for 1-4
synchronizing devices 6-6
time
services 6-2
synchronizing 6-2
O
Open Shortest Path First
optimizing system resources 7-1
options, management 1-4
OSPF
area parameters, configuring 34-28
configuring 34-26
default configuration
metrics 34-30
route 34-30
settings 34-25
described 34-24
for IPv6 35-18
interface parameters, configuring 34-27
LSA group pacing 34-31
monitoring 34-32
router IDs 34-31
route summarization 34-29
support for 1-8
virtual links 34-29
out-of-profile markdown 1-8
P
packet modification, with QoS 32-20
PAgP
Layer 2 protocol tunneling 16-9
parallel paths, in routing tables 34-61
passive interfaces
configuring 34-69
OSPF 34-30
passwords
default configuration 8-2
disabling recovery of 8-5
encrypting 8-4
for security 1-6
passwords (continued)overview 8-1
recovery of 40-3
setting
enable 8-3
enable secret 8-4
Telnet 8-6
with usernames 8-7
VTP domain 13-8
path cost
MSTP 18-18
STP 17-18
path MTU discovery 35-4
PBR
defined 34-66
enabling 34-68
fast-switched policy-based routing 34-69
local policy-based routing 34-69
peers, BGP 34-53
performance, network design 1-13
performance features 1-3
persistent self-signed certificate 8-42
per-VLAN spanning-tree plus
physical ports 10-2
PIM
default configuration 37-8
dense mode
overview 37-4
rendezvous point (RP), described 37-4
RPF lookups 37-7
displaying neighbors 37-50
enabling a mode 37-11
overview 37-3
router-query message interval, modifying 37-25
shared tree and source tree, overview 37-22
shortest path tree, delaying the use of 37-24
PIM (continued)sparse mode
join messages and shared tree 37-4
overview 37-4
prune messages 37-5
RPF lookups 37-7
support for 1-9
versions
interoperability 37-8
troubleshooting interoperability problems 37-22
v2 improvements 37-4
PIM-DVMRP, as snooping method 23-8
ping
character output description 40-14
executing 40-14
overview 40-13
PoE
auto mode 10-7
CDP with power consumption, described 10-6
CDP with power negotiation, described 10-6
Cisco intelligent power management 10-6
configuring 10-20
devices supported 10-5
high-power devices operating in low-power mode 10-6
IEEE power classification levels 10-7
powered-device detection and initial power allocation 10-6
power management modes 10-7
power negotiation extensions to CDP 10-6
standards supported 10-6
static mode 10-8
supported watts per port 10-6
troubleshooting 40-12
policed-DSCP map for QoS 32-62
policers
configuring
for each matched traffic class 32-49
for more than one traffic class 32-58
policers (continued)described 32-4
displaying 32-78
number of 32-34
types of 32-9
policing
described 32-4
hierarchical
token-bucket algorithm 32-9
policy-based routing
policy maps
hierarchical 32-8
policy maps for QoS
characteristics of 32-49
described 32-7
displaying 32-79
hierarchical on SVIs
configuration guidelines 32-34
configuring 32-52
described 32-11
nonhierarchical on physical ports
configuration guidelines 32-34
configuring 32-49
described 32-9
port ACLs
defined 31-2
types of 31-3
Port Aggregation Protocol
port-based authentication
accounting 9-5
authentication server
defined 9-2
RADIUS server 9-2
client, defined 9-2
configuration guidelines 9-11
port-based authentication (continued)
configuring
802.1x authentication 9-12
guest VLAN 9-19
host mode 9-18
manual re-authentication of a client 9-15
periodic re-authentication 9-15
quiet period 9-15
RADIUS server 9-14
RADIUS server parameters on the switch 9-13
switch-to-client frame-retransmission number 9-17
switch-to-client retransmission time 9-16
default configuration 9-10
described 9-1
device roles 9-2
displaying statistics 9-21
EAPOL-start frame 9-3
EAP-request/identity frame 9-3
EAP-response/identity frame 9-3
encapsulation 9-3
guest VLAN
configuration guidelines 9-9
described 9-8
host mode 9-5
initiation and message exchange 9-3
method lists 9-12
multiple-hosts mode, described 9-5
per-user ACLs
AAA authorization 9-12
configuration tasks 9-9
described 9-9
RADIUS server attributes 9-9
ports
authorization state and dot1x port-control command 9-4
authorized and unauthorized 9-4
voice VLAN 9-7
port-based authentication (continued)
port security
and voice VLAN 9-6
described 9-6
interactions 9-6
multiple-hosts mode 9-5
resetting to default values 9-20
statistics, displaying 9-21
switch
as proxy 9-2
RADIUS client 9-2
upgrading from a previous release 32-27
VLAN assignment
AAA authorization 9-12
characteristics 9-7
configuration tasks 9-8
described 9-7
voice VLAN
described 9-7
PVID 9-7
VVID 9-7
port-channel
Port Fast
described 19-2
enabling 19-10
mode, spanning tree 12-29
support for 1-5
port membership modes, VLAN 12-3
port priority
MSTP 18-17
STP 17-16
ports
802.1Q tunnel 12-4
access 10-3
blocking 24-6
dynamic access 12-3
protected 24-5
ports (continued)routed 10-4
secure 24-7
switch 10-2
VLAN assignments 12-11
port security
aging 24-15
and QoS trusted boundary 32-39
configuring 24-12
default configuration 24-10
described 24-7
displaying 24-16
on trunk ports 24-13
sticky learning 24-8
violations 24-9
with other features 24-10
port-shutdown response, VMPS 12-28
Power over Ethernet
preferential treatment of traffic
prefix lists, BGP 34-50
preventing unauthorized access 8-1
primary links 20-1
priority
HSRP 36-7
overriding CoS 15-6
trusting CoS 15-6
private VLAN edge ports
private VLANs
across multiple switches 14-4
and SDM template 14-4
and SVIs 14-5
benefits of 14-1
community ports 14-2
private VLANs (continued)
configuration guidelines 14-6, 14-7, 14-8
configuration tasks 14-6
configuring 14-9
default configuration 14-6
end station access to 14-3
IP addressing 14-3
isolated port 14-2
mapping 14-13
monitoring 14-14
ports
community 14-2
configuration guidelines 14-8
configuring host ports 14-11
configuring promiscuous ports 14-12
described 12-4
isolated 14-2
promiscuous 14-2
promiscuous ports 14-2
secondary VLANs 14-2
subdomains 14-1
traffic in 14-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 8-9
command switch 5-4
exiting 8-10
logging into 8-10
mapping on member switches 5-4
setting a command with 8-8
promiscuous ports
configuring 14-12
defined 14-2
protocol-dependent modules, EIGRP 34-34
Protocol-Independent Multicast Protocol
proxy ARP
configuring 34-10
definition 34-8
with IP routing disabled 34-11
pruning, VTP
disabling
in VTP domain 13-14
on a port 12-23
enabling
in VTP domain 13-14
on a port 12-22
examples 13-5
overview 13-4
pruning-eligible list
changing 12-22
for VTP pruning 13-4
VLANs 13-14
PVST+
802.1Q trunking interoperability 17-10
described 17-9
instances supported 17-9
Q
QoS
and MQC commands 32-1
auto-QoS
categorizing traffic 32-21
configuration and defaults display 32-31
configuration guidelines 32-26
described 32-21
disabling 32-28
displaying generated commands 32-28
displaying the initial configuration 32-31
effects on running configuration 32-26
egress queue defaults 32-22
enabling for VoIP 32-28
QoS (continued)auto-QoS
example configuration 32-29
ingress queue defaults 32-22
list of generated commands 32-23
basic model 32-4
classification
class maps, described 32-7
defined 32-4
DSCP transparency, described 32-40
flowchart 32-6
forwarding treatment 32-3
in frames and packets 32-3
MAC ACLs, described 32-5, 32-7
options for IP traffic 32-5
options for non-IP traffic 32-5
policy maps, described 32-7
trust DSCP, described 32-5
trusted CoS, described 32-5
trust IP precedence, described 32-5
class maps
configuring 32-47
displaying 32-78
configuration guidelines
auto-QoS 32-26
standard QoS 32-34
configuring
aggregate policers 32-58
auto-QoS 32-21
default port CoS value 32-38
DSCP maps 32-60
DSCP transparency 32-40
DSCP trust states bordering another domain 32-41
egress queue characteristics 32-71
ingress queue characteristics 32-66
IP extended ACLs 32-45
IP standard ACLs 32-43
MAC ACLs 32-46
QoS (continued)configuring
policy maps, hierarchical 32-52
policy maps on physical ports 32-49
port trust states within the domain 32-36
trusted boundary 32-39
default auto configuration 32-21
default standard configuration 32-32
displaying statistics 32-78
DSCP transparency 32-40
egress queues
allocating buffer space 32-71
buffer allocation scheme, described 32-19
configuring shaped weights for SRR 32-75
configuring shared weights for SRR 32-76
described 32-4
displaying the threshold map 32-74
flowchart 32-18
mapping DSCP or CoS values 32-73
scheduling, described 32-4
setting WTD thresholds 32-71
WTD, described 32-20
enabling globally 32-35
flowcharts
classification 32-6
egress queueing and scheduling 32-18
ingress queueing and scheduling 32-16
policing and marking 32-10
implicit deny 32-7
ingress queues
allocating bandwidth 32-68
allocating buffer space 32-68
buffer and bandwidth allocation, described 32-17
configuring shared weights for SRR 32-68
configuring the priority queue 32-70
described 32-4
displaying the threshold map 32-67
flowchart 32-16
mapping DSCP or CoS values 32-66
QoS (continued)ingress queues
priority queue, described 32-17
scheduling, described 32-4
setting WTD thresholds 32-66
WTD, described 32-17
IP phones
automatic classification and queueing 32-21
detection and trusted settings 32-21, 32-39
limiting bandwidth on egress interface 32-77
mapping tables
CoS-to-DSCP 32-60
displaying 32-78
DSCP-to-CoS 32-63
DSCP-to-DSCP-mutation 32-64
IP-precedence-to-DSCP 32-61
policed-DSCP 32-62
types of 32-13
marked-down actions 32-51, 32-55
overview 32-2
packet modification 32-20
policers
configuring 32-51, 32-55, 32-58
described 32-8
displaying 32-78
number of 32-34
types of 32-9
policies, attaching to an interface 32-9
policing
token bucket algorithm 32-9
policy maps
characteristics of 32-49
displaying 32-79
hierarchical 32-8
hierarchical on SVIs 32-52
nonhierarchical on physical ports 32-49
QoS label, defined 32-4
QoS (continued)queues
configuring egress characteristics 32-71
configuring ingress characteristics 32-66
high priority (expedite) 32-20, 32-77
location of 32-14
SRR, described 32-15
WTD, described 32-14
rewrites 32-20
support for 1-7
trust states
bordering another domain 32-41
described 32-5
trusted device 32-39
within the domain 32-36
quality of service
queries, IGMP 23-3
R
RADIUS
attributes
vendor-proprietary 8-31
vendor-specific 8-29
configuring
accounting 8-28
authentication 8-23
authorization 8-27
communication, global 8-21, 8-29
communication, per-server 8-20, 8-21
multiple UDP ports 8-20
default configuration 8-20
defining AAA server groups 8-25
displaying the configuration 8-31
identifying the server 8-20
limiting the services to the user 8-27
method list, defined 8-20
operation of 8-19
RADIUS (continued)overview 8-18
suggested network environments 8-18
support for 1-7
tracking services accessed by user 8-28
range
macro 10-12
of interfaces 10-11
rapid convergence 18-7
rapid per-VLAN spanning-tree plus
rapid PVST+
802.1Q trunking interoperability 17-10
described 17-9
instances supported 17-9
Rapid Spanning Tree Protocol
RARP 34-8
rcommand command 5-3
RCP
configuration files
downloading B-16
overview B-15
preparing the server B-15
uploading B-17
image files
deleting old image B-31
downloading B-30
preparing the server B-28
uploading B-32
reconfirmation interval, VMPS, changing 12-31
recovery procedures 40-1
redundancy
EtherChannel 33-2
HSRP 36-1
STP
backbone 17-8
path cost 12-26
port priority 12-24
redundant links and UplinkFast 19-12
reliable transport protocol, EIGRP 34-33
reloading software 3-15
Remote Authentication Dial-In User Service
Remote Copy Protocol
Remote Network Monitoring
Remote SPAN
report suppression, IGMP
described 23-5
disabling 23-12
requirements
cluster xxxix
device manager xxxviii
Network Assistant xxxviii
resequencing ACL entries 31-15
resets, in BGP 34-45
resetting a UDLD-shutdown interface 26-6
restricting access
NTP services 6-8
overview 8-1
passwords and privilege levels 8-2
RADIUS 8-17
TACACS+ 8-10
retry count, VMPS, changing 12-32
reverse address resolution 34-8
Reverse Address Resolution Protocol
RFC
1058, RIP 34-19
1112, IP multicast and IGMP 23-2
1157, SNMPv1 30-2
1163, BGP 34-39
1166, IP addresses 34-5
1253, OSPF 34-24
1267, BGP 34-39
RFC (continued)1305, NTP 6-2
1587, NSSAs 34-24
1757, RMON 28-2
1771, BGP 34-39
1901, SNMPv2C 30-2
1902 to 1907, SNMPv2 30-2
2236, IP multicast and IGMP 23-2
2273-2275, SNMPv3 30-2
RIP
advertisements 34-19
authentication 34-22
configuring 34-20
default configuration 34-20
described 34-19
for IPv6 35-16
hop counts 34-19
split horizon 34-22
summary addresses 34-22
support for 1-8
RMON
default configuration 28-3
displaying status 28-6
enabling alarms and events 28-3
groups supported 28-2
overview 28-1
statistics
collecting group Ethernet 28-6
collecting group history 28-5
support for 1-9
root guard
described 19-8
enabling 19-14
support for 1-5
root switch
MSTP 18-14
STP 17-14
route calculation timers, OSPF 34-30
route dampening, BGP 34-57
routed packets, ACLs on 31-39
routed ports
configuring 34-3
defined 10-4
route-map command 34-68
route maps
BGP 34-48
policy-based routing 34-67
router ACLs
defined 31-2
types of 31-4
route reflectors, BGP 34-56
router ID, OSPF 34-31
route selection, BGP 34-46
route summarization, OSPF 34-29
routing
default 34-2
dynamic 34-3
redistribution of information 34-63
static 34-3
routing domain confederation, BGP 34-55
Routing Information Protocol
routing protocol administrative distances 34-62
RSPAN
characteristics 27-7
configuration guidelines 27-16
default configuration 27-9
destination ports 27-6
displaying status 27-23
interaction with other features 27-8
monitored ports 27-5
monitoring ports 27-6
received traffic 27-4
session limits 27-10
RSPAN (continued)sessions
creating 27-17
defined 27-3
limiting source traffic to specific VLANs 27-22
specifying monitored ports 27-17
with ingress traffic enabled 27-20
source ports 27-5
transmitted traffic 27-5
VLAN-based 27-6
RSTP
active topology 18-6
BPDU
format 18-9
processing 18-10
designated port, defined 18-6
designated switch, defined 18-6
interoperability with 802.1D
described 18-5
restarting migration process 18-22
topology changes 18-10
overview 18-6
port roles
described 18-6
synchronized 18-8
proposal-agreement handshake process 18-7
rapid convergence
described 18-7
edge ports and Port Fast 18-7
point-to-point links 18-7, 18-22
root ports 18-7
root port, defined 18-6
running configuration, saving 3-10
S
scheduled reloads 3-15
SDM
described 7-1
templates
configuring 7-4
number of 7-1
SDM template
configuration guidelines 7-4
configuring 7-3
dual IPv4 and IPv6 7-2
types of 7-1
secondary VLANs 14-2
secure HTTP client
configuring 8-47
displaying 8-47
secure HTTP server
configuring 8-45
displaying 8-47
secure MAC addresses
deleting 24-14
maximum number of 24-8
types of 24-8
secure ports, configuring 24-7
secure remote connections 8-38
Secure Socket Layer
security, port 24-7
security features 1-6
sequence numbers in log messages 29-7
server mode, VTP 13-3
service-provider network, MSTP and RSTP 18-1
service-provider networks
and 802.1Q tunneling 16-1
and customer VLANs 16-2
service-provider networks (continued)
Layer 2 protocols across 16-8
Layer 2 protocol tunneling for EtherChannels 16-9
set-request operation 30-4
setup program
failed command switch replacement 40-10
replacing failed command switch 40-8
severity levels, defining in system messages 29-8
SFPs
monitoring status of 1-10, 10-25, 40-13
security and identification 40-12
status, displaying 1-10
shaped round robin
show access-lists hw-summary command 31-22
show and more command output, filtering 2-8
show cdp traffic command 25-5
show cluster members command 5-3
show configuration command 10-21
show forward command 40-21
show interfaces command 10-17, 10-21
show l2protocol command 16-14, 16-16
show platform forward command 40-21
show running-config command
displaying ACLs 31-20, 31-21, 31-32, 31-34
interface description in 10-21
shutdown command on interfaces 10-26
shutdown threshold for Layer 2 protocol packets 16-11
Simple Network Management Protocol
Smartports macros
applying Cisco-default macros 11-6
applying global parameter values 11-5, 11-6
applying macros 11-5
applying parameter values 11-5, 11-7
configuration guidelines 11-3
creating 11-4
default configuration 11-2
defined 11-1
Smartports macros (continued)
displaying 11-8
tracing 11-3
website 11-2
SMI 1-1
SNAP 25-1
SNMP
accessing MIB variables with 30-4
agent
described 30-4
disabling 30-8
authentication level 30-10
community strings
configuring 30-8
for cluster switches 30-4
overview 30-4
configuration examples 30-15
default configuration 30-6
engine ID 30-7
host 30-7
ifIndex values 30-5
in-band management 1-5
informs
and trap keyword 30-11
described 30-5
differences from traps 30-5
disabling 30-14
enabling 30-14
limiting access by TFTP servers 30-15
limiting system log messages to NMS 29-9
managing clusters with 5-4
MIBs
location of A-3
supported A-1
notifications 30-5
security levels 30-3
SNMP (continued)status, displaying 30-16
system contact and location 30-14
trap manager, configuring 30-13
traps
differences from informs 30-5
disabling 30-14
enabling 30-11
enabling MAC address notification 6-22
types of 30-11
versions supported 30-2
SNMPv1 30-2
SNMPv2C 30-2
SNMPv3 30-2
snooping, IGMP 23-1
software images
location in flash B-19
recovery procedures 40-2
scheduling reloads 3-16
tar file format, described B-19
See also downloading and uploading
source addresses, in ACLs 31-12
source-and-destination-IP address based forwarding, EtherChannel 33-7
source-and-destination MAC address forwarding, EtherChannel 33-6
source-IP address based forwarding, EtherChannel 33-6
source-MAC address forwarding, EtherChannel 33-6
SPAN
configuration guidelines 27-10
default configuration 27-9
destination ports 27-6
displaying status 27-23
interaction with other features 27-8
monitored ports 27-5
monitoring ports 27-6
SPAN (continued)ports, restrictions 24-11
received traffic 27-4
session limits 27-10
sessions
configuring ingress forwarding 27-14, 27-21
creating 27-11
defined 27-3
limiting source traffic to specific VLANs 27-15
removing destination (monitoring) ports 27-12
specifying monitored ports 27-11
with ingress traffic enabled 27-13
source ports 27-5
transmitted traffic 27-5
VLAN-based 27-6
spanning tree and native VLANs 12-19
Spanning Tree Protocol
SPAN traffic 27-4
speed, configuring on interfaces 10-15
split horizon, RIP 34-22
SRR
configuring
shaped weights on egress queues 32-75
shared weights on egress queues 32-76
shared weights on ingress queues 32-68
described 32-15
shaped mode 32-15
shared mode 32-15
support for 1-8
SSH
configuring 8-39
cryptographic software image 8-37
encryption methods 8-38
user authentication methods, supported 8-38
SSL
configuration guidelines 8-44
configuring a secure HTTP client 8-47
configuring a secure HTTP server 8-45
cryptographic software image 8-41
described 8-41
monitoring 8-47
standard multilayer image
standby command switch, requirements 5-2
standby ip command 36-5
standby links 20-1
standby router 36-1
standby timers, HSRP 36-9
startup configuration
booting
manually 3-13
specific image 3-13
clearing B-18
configuration file
automatically downloading 3-12
specifying the filename 3-12
default boot configuration 3-12
stateless autoconfiguration 35-4
static access ports
assigning to VLAN 12-11
static addresses
static IP routing 1-9
static MAC addressing 1-6
static routes
configuring 34-61
configuring for IPv6 35-14
static routing 34-3
static VLAN membership 12-2
statistics
802.1x 9-21
CDP 25-5
interface 10-25
IP multicast routing 37-50
OSPF 34-32
QoS ingress and egress 32-78
RMON group Ethernet 28-6
RMON group history 28-5
SNMP input and output 30-16
VTP 13-16
sticky learning 24-8
storm control
configuring 24-3
described 24-1
disabling 24-5
displaying 24-16
support for 1-3
thresholds 24-1
STP
802.1D and bridge ID 17-4
802.1D and multicast addresses 17-8
802.1t and VLAN identifier 17-4
accelerating root port selection 19-4
BackboneFast
described 19-5
disabling 19-14
enabling 19-13
BPDU filtering
described 19-3
disabling 19-12
enabling 19-12
BPDU guard
described 19-2
disabling 19-11
enabling 19-11
BPDU message exchange 17-3
configuration guidelines 17-12, 19-10
STP (continued)configuring
forward-delay time 17-21
hello time 17-20
maximum aging time 17-21
path cost 17-18
port priority 17-16
root switch 17-14
secondary root switch 17-16
spanning-tree mode 17-13
switch priority 17-19
counters, clearing 17-22
default configuration 17-11
default optional feature configuration 19-9
designated port, defined 17-3
designated switch, defined 17-3
detecting indirect link failures 19-5
disabling 17-14
displaying status 17-22
EtherChannel guard
described 19-7
disabling 19-14
enabling 19-14
extended system ID
effects on root switch 17-14
effects on the secondary root switch 17-16
overview 17-4
unexpected behavior 17-15
features supported 1-5
inferior BPDU 17-3
instances supported 17-9
interface state, blocking to forwarding 19-2
interface states
blocking 17-6
disabled 17-7
learning 17-6
listening 17-6
overview 17-4
STP (continued)interoperability and compatibility among modes 17-10
keepalive messages 17-2
Layer 2 protocol tunneling 16-8
limitations with 802.1Q trunks 17-10
load sharing
overview 12-24
using path costs 12-26
using port priorities 12-24
loop guard
described 19-9
enabling 19-15
modes supported 17-9
multicast addresses, effect of 17-8
optional features supported 1-5
overview 17-2
path costs 12-26
Port Fast
described 19-2
enabling 19-10
port priorities 12-25
preventing root switch selection 19-8
protocols supported 17-9
redundant connectivity 17-8
root guard
described 19-8
enabling 19-14
root port, defined 17-3
root switch
configuring 17-14
effects of extended system ID 17-4, 17-14
election 17-3
unexpected behavior 17-15
shutdown Port Fast-enabled port 19-2
status, displaying 17-22
superior BPDU 17-3
timers, described 17-20
STP (continued)UplinkFast
described 19-3
enabling 19-12
VLAN-bridge 17-10
stratum, NTP 6-2
stub areas, OSPF 34-28
subdomains, private VLAN 14-1
subnet mask 34-5
subnet zero 34-6
success response, VMPS 12-28
summer time 6-13
SunNet Manager 1-4
supernet 34-6
SVIs
and IP unicast routing 34-3
and router ACLs 31-4
connecting VLANs 10-8
defined 10-4
routing between VLANs 12-2
switch clustering technology 5-1
switch console port 1-5
Switch Database Management
switched packets, ACLs on 31-38
Switched Port Analyzer
switched ports 10-2
switchport block multicast command 24-7
switchport block unicast command 24-7
switchport command 10-14
switchport mode dot1q-tunnel command 16-6
switchport protected command 24-6
switch priority
MSTP 18-19
STP 17-19
switch software features 1-1
switch virtual interface
synchronization, BGP 34-43
syslog
system clock
configuring
daylight saving time 6-13
manually 6-11
summer time 6-13
time zones 6-12
displaying the time and date 6-12
overview 6-2
system message logging
default configuration 29-3
defining error message severity levels 29-8
disabling 29-3
displaying the configuration 29-12
enabling 29-4
facility keywords, described 29-12
level keywords, described 29-9
limiting messages 29-9
message format 29-2
overview 29-1
sequence numbers, enabling and disabling 29-7
setting the display destination device 29-4
synchronizing log messages 29-5
syslog facility 1-9
time stamps, enabling and disabling 29-7
UNIX syslog servers
configuring the daemon 29-10
configuring the logging facility 29-11
facilities supported 29-12
system MTU and 802.1Q tunneling 16-5
system name
default configuration 6-15
default setting 6-15
system name (continued)
manual configuration 6-15
system prompt
manual configuration 6-15
system resources, optimizing 7-1
T
TACACS+
accounting, defined 8-11
authentication, defined 8-11
authorization, defined 8-11
configuring
accounting 8-17
authentication key 8-13
authorization 8-16
login authentication 8-14
default configuration 8-13
displaying the configuration 8-17
identifying the server 8-13
limiting the services to the user 8-16
operation of 8-12
overview 8-10
support for 1-7
tracking services accessed by user 8-17
tagged packets
802.1Q 16-3
Layer 2 protocol 16-8
tar files
creating B-5
displaying the contents of B-6
extracting B-7
image file format B-19
TDR 1-10
Telnet
accessing management interfaces 2-9
number of connections 1-5
setting a password 8-6
templates, SDM 7-1
temporary self-signed certificate 8-42
Terminal Access Controller Access Control System Plus
terminal lines, setting a password 8-6
TFTP
configuration files
downloading B-10
preparing the server B-10
uploading B-11
configuration files in base directory 3-6
configuring for autoconfiguration 3-5
image files
deleting B-22
downloading B-21
preparing the server B-21
uploading B-23
limiting access by servers 30-15
TFTP server 1-4
threshold, traffic level 24-2
time
Time Domain Reflector
time-range command 31-17
time ranges in ACLs 31-17
time stamps in log messages 29-7
time zones 6-12
Token Ring VLANs
support for 12-6
VTP support 13-4
ToS 1-7
traceroute, Layer 2
and ARP 40-16
and CDP 40-15
broadcast traffic 40-15
described 40-15
IP addresses and subnets 40-16
MAC addresses and VLANs 40-15
multicast traffic 40-15
multiple devices on a port 40-16
unicast traffic 40-15
usage guidelines 40-15
traceroute command 40-17
traffic
blocking flooded 24-6
fragmented 31-5
unfragmented 31-5
traffic policing 1-8
traffic suppression 24-1
transparent mode, VTP 13-3, 13-12
trap-door mechanism 3-2
traps
configuring MAC address notification 6-22
configuring managers 30-11
defined 30-3
notification types 30-11
troubleshooting
connectivity problems 40-13, 40-15, 40-16
detecting unidirectional links 26-1
displaying crash information 40-23
PIMv1 and PIMv2 interoperability problems 37-22
setting packet forwarding 40-21
SFP security and identification 40-12
show forward command 40-21
with CiscoWorks 30-4
with debug commands 40-19
with ping 40-13
troubleshooting (continued)
with system message logging 29-1
with traceroute 40-16
trunking encapsulation 1-6
trunk ports
configuring 12-20
encapsulation 12-20, 12-25, 12-26
secure MAC addresses on 24-12
trunks
allowed-VLAN list 12-21
configuring 12-20, 12-25, 12-26
ISL 12-16
load sharing
setting STP path costs 12-26
using STP port priorities 12-24, 12-25
native VLAN for untagged traffic 12-23
parallel 12-26
pruning-eligible list 12-22
to non-DTP device 12-17
understanding 12-17
trusted boundary for QoS 32-39
trusted port states
between QoS domains 32-41
classification options 32-5
ensuring port security for IP phones 32-39
support for 1-8
within a QoS domain 32-36
trustpoints, CA 8-42
tunneling
802.1Q 16-1
defined 16-1
Layer 2 protocol 16-8
tunnel ports
802.1Q, configuring 16-6
defined 12-4
incompatibilities with other features 16-6
twisted-pair Ethernet, detecting unidirectional links 26-1
type of service
U
UDLD
default configuration 26-4
disabling
fiber-optic interfaces 26-5
globally 26-5
per interface 26-5
echoing detection mechanism 26-3
enabling
globally 26-5
per interface 26-5
Layer 2 protocol tunneling 16-10
link-detection mechanism 26-1
neighbor database 26-2
overview 26-1
resetting an interface 26-6
status, displaying 26-6
support for 1-5
UDP, configuring 34-14
unauthorized ports with 802.1x 9-4
unicast MAC address filtering 1-4
and adding static addresses 6-26
and broadcast MAC addresses 6-25
and CPU packets 6-25
and multicast addresses 6-25
and router MAC addresses 6-25
configuration guidelines 6-25
described 6-25
unicast storm 24-1
unicast storm control command 24-4
unicast traffic, blocking 24-7
UniDirectional Link Detection protocol
UNIX syslog servers
daemon configuration 29-10
facilities supported 29-12
message logging configuration 29-11
unrecognized Type-Length-Value (TLV) support 13-4
upgrading information
upgrading software images
UplinkFast
described 19-3
disabling 19-13
enabling 19-12
support for 1-5
uploading
configuration files
reasons for B-8
using FTP B-14
using RCP B-17
using TFTP B-11
image files
reasons for B-19
using FTP B-27
using RCP B-32
using TFTP B-23
User Datagram Protocol
user EXEC mode 2-2
username-based authentication 8-7
V
version-dependent transparent mode 13-4
vlan.dat file 12-5
VLAN 1, disabling on a trunk port 12-22
VLAN 1 minimization 12-21
VLAN ACLs
vlan-assignment response, VMPS 12-28
VLAN configuration
at bootup 12-8
saving 12-8
VLAN configuration mode 2-2, 12-7
VLAN database
and startup configuration file 12-8
and VTP 13-1
VLAN configuration saved in 12-7
VLANs saved in 12-4
vlan database command 12-7
vlan dot1q tag native command 16-5
VLAN filtering and SPAN 27-6
vlan global configuration command 12-7
VLAN ID, discovering 6-27
VLAN management domain 13-2
VLAN Management Policy Server
VLAN map entries, order of 31-31
VLAN maps
applying 31-34
common uses for 31-35
configuration example 31-35
configuration guidelines 31-31
configuring 31-30
creating 31-32
defined 31-2
denying access example 31-36
denying and permitting packets 31-32
displaying 31-41
examples 31-36
removing 31-34
support for 1-7
with router ACLs 31-41
VLAN membership
confirming 12-31
modes 12-3
VLAN Query Protocol
VLANs
adding 12-9
adding to VLAN database 12-9
aging dynamic addresses 17-9
allowed on trunk 12-21
and spanning-tree instances 12-3, 12-6, 12-13
configuration guidelines, extended-range VLANs 12-13
configuration guidelines, normal-range VLANs 12-6
configuration options 12-7
configuring 12-1
configuring IDs 1006 to 4094 12-13
connecting through SVIs 10-8
creating in config-vlan mode 12-9
creating in VLAN configuration mode 12-10
customer numbering in service-provider networks 16-3
default configuration 12-8
deleting 12-10
displaying 12-15
features 1-6
illustrated 12-2
internal 12-13
limiting source traffic with RSPAN 27-22
limiting source traffic with SPAN 27-15
modifying 12-9
native, configuring 12-23
number supported 1-6
parameters 12-5
port membership modes 12-3
static-access ports 12-11
STP and 802.1Q trunks 17-10
supported 12-2
Token Ring 12-6
traffic between 12-2
VLANs (continued)VTP modes 13-3
VLAN Trunking Protocol
VMPS
administering 12-32
configuration example 12-33
configuration guidelines 12-29
default configuration 12-29
description 12-27
dynamic port membership
described 12-28
reconfirming 12-31
troubleshooting 12-33
entering server address 12-30
mapping MAC addresses to VLANs 12-28
monitoring 12-32
reconfirmation interval, changing 12-31
reconfirming membership 12-31
retry count, changing 12-32
voice-over-IP 15-1
voice VLAN
Cisco 7960 phone, port connections 15-1
configuration guidelines 15-3
configuring IP phones for data traffic
override CoS of incoming frame 15-6
trust CoS priority of incoming frame 15-6
configuring ports for voice traffic in
802.1p priority tagged frames 15-5
802.1Q frames 15-5
connecting to an IP phone 15-4
default configuration 15-3
described 15-1
displaying 15-6
VTP
adding a client to a domain 13-14
and extended-range VLANs 13-1
and normal-range VLANs 13-2
client mode, configuring 13-11
configuration
global configuration mode 13-7
guidelines 13-8
privileged EXEC mode 13-7
requirements 13-9
saving 13-7
VLAN configuration mode 13-7
configuration mode options 13-7
configuration requirements 13-9
configuration revision number
guideline 13-14
resetting 13-15
configuring
client mode 13-11
server mode 13-9
transparent mode 13-12
consistency checks 13-4
default configuration 13-6
described 13-1
disabling 13-12
domain names 13-8
domains 13-2
Layer 2 protocol tunneling 16-8
modes
transitions 13-3
monitoring 13-16
passwords 13-8
VTP (continued)pruning
disabling 13-14
enabling 13-14
examples 13-5
overview 13-4
support for 1-6
pruning-eligible list, changing 12-22
server mode, configuring 13-9
statistics 13-16
support for 1-6
Token Ring support 13-4
transparent mode, configuring 13-12
using 13-1
version, guidelines 13-8
Version 1 13-4
Version 2
configuration guidelines 13-8
disabling 13-13
enabling 13-13
overview 13-4
W
weighted tail drop
wizards 1-2
WTD
described 32-14
setting thresholds
egress queue-sets 32-71
ingress queues 32-66
support for 1-8
X
Xmodem protocol 40-2