-
Catalyst 3560 Switch Software Configuration Guide, Rel. 12.2(25)SED
-
Index
-
Preface
-
Overview
-
Using the Command-Line Interface
-
Assigning the Switch IP Address and Default Gateway
-
Configuring IE2100 CNS Agents
-
Clustering Switches
-
Administering the Switch
-
Configuring SDM Templates
-
Configuring Switch-Based Authentication
-
Configuring IEEE 802.1x Port-Based Authentication
-
Configuring Interface Characteristics
-
Configuring Smartports Macros
-
Configuring VLANs
-
Configuring VTP
-
Configuring Private VLANs
-
Configuring Voice VLAN
-
Configuring 802.1Q and Layer 2 Protocol Tunneling
-
Configuring STP
-
Configuring MSTP
-
Configuring Optional Spanning-Tree Features
-
Configuring Flex Links
-
Configuring DHCP Features and IP Source Guard
-
Configuring Dynamic ARP Inspection
-
Configuring IGMP Snooping and MVR
-
Configuring Port-Based Traffic Control \r\n
-
Configuring CDP
-
Configuring UDLD
-
Configuring SPAN and RSPAN
-
Configuring RMON
-
Configuring System Message Logging
-
Configuring SNMP
-
Configuring Network Security with ACLs
-
Configuring QoS
-
Configuring EtherChannels
-
Configuring IP Unicast Routing
-
Configuring IPv6 Unicast Routing
-
Configuring IPv6 MLD Snooping
-
Configuring IPv6 ACLs
-
Configuring HSRP
-
Configuring IP Multicast Routing
-
Configuring MSDP
-
Configuring Fallback Bridging
-
Troubleshooting
-
Supported MIBs
-
Working with the Cisco IOS File System, Configuration Files, and Software Images
-
Unsupported Commands in Cisco IOS Release 12.2(25)SED
-
Table Of Contents
A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
A
abbreviating commands 2-4
ABRs 34-24
AC (command switch) 5-10
access
templates 7-1
access-class command 31-19
access control entries
access-denied response, VMPS 12-28
access groups
applying IPv4 ACLs to interfaces 31-20
Layer 2 31-20
Layer 3 31-20
accessing
clusters, switch 5-13
command switches 5-11
member switches 5-13
switch clusters 5-13
access lists
access ports
and Layer 2 protocol tunneling 16-11
defined 10-3
in switch clusters 5-9
access template 7-1
accounting
with 802.1x 9-29
with IEEE 802.1x 9-5
with RADIUS 8-28
ACEs
and QoS 32-7
defined 31-2
Ethernet 31-2
IP 31-2
ACLs
ACEs 31-2
any keyword 31-12
applying
on bridged packets 31-38
on multicast packets 31-39
on routed packets 31-39
on switched packets 31-37
time ranges to 31-16
to IPv6 interfaces 37-7
to QoS 32-7
classifying traffic for QoS 32-43
comments in 31-18
compiling 31-21
extended IP
configuring for QoS classification 32-44
extended IPv4
creating 31-10
matching criteria 31-7
hardware and software handling 31-21
host keyword 31-12
ACLs (continued)IP
creating 31-7
fragments and QoS guidelines 32-33
implicit deny 31-9, 31-13, 31-15
implicit masks 31-9
matching criteria 31-7
undefined 31-20
IPv4
applying to interfaces 31-19
creating 31-7
matching criteria 31-7
named 31-14
numbers 31-8
terminal lines, setting on 31-18
unsupported features 31-7
IPv6
applying to interfaces 37-7
displaying 37-8
interactions with other features 37-4
limitations 37-3
matching criteria 37-3
named 37-3
precedence of 37-2
supported 37-2
unsupported features 37-3
Layer 4 information in 31-37
logging messages 31-8
named
IPv6 37-3
named, IPv4 31-14
names 37-4
number per QoS class map 32-33
precedence of 31-2
ACLs (continued)resequencing entries 31-14
router ACLs and VLAN map configuration guidelines 31-36
standard IP, configuring for QoS classification 32-43
standard IPv4
creating 31-9
matching criteria 31-7
support for 1-7
support in hardware 31-21
time ranges 31-16
types supported 31-2
unsupported features
IPv6 37-3
unsupported features, IPv4 31-7
using router ACLs with VLAN maps 31-36
VLAN maps
configuration guidelines 31-30
configuring 31-29
active links 20-2
active router 38-1
address aliasing 23-2
addresses
displaying the MAC address table 6-26
dynamic
accelerated aging 17-8
changing the aging time 6-21
default aging 17-8
defined 6-19
learning 6-20
removing 6-22
MAC, discovering 6-26
multicast
group address range 39-3
STP address management 17-8
addresses (continued)static
adding and removing 6-24
defined 6-19
Address Resolution Protocol
adjacency tables, with CEF 34-73
administrative distances
defined 34-84
OSPF 34-30
routing protocol defaults 34-75
advanced IP services image 35-1
advertisements
CDP 25-1
RIP 34-19
aggregatable global unicast addresses 35-3
aggregate addresses, BGP 34-57
aggregated ports
aggregate policers 32-58
aggregate policing 1-9
aging, accelerating 17-8
aging time
accelerated
for MSTP 18-23
MAC address table 6-21
maximum
for MSTP 18-24
alarms, RMON 28-3
allowed-VLAN list 12-21
area border routers
ARP
configuring 34-9
encapsulation 34-10
static cache configuration 34-9
table
address resolution 6-26
managing 6-26
ASBRs 34-24
AS-path filters, BGP 34-51
asymmetrical links, and IEEE 802.1Q tunneling 16-4
attributes, RADIUS
vendor-proprietary 8-30
vendor-specific 8-29
audience xxxix
authentication
EIGRP 34-39
HSRP 38-9
local mode with AAA 8-36
NTP associations 6-4
RADIUS
key 8-21
login 8-23
TACACS+
defined 8-11
key 8-13
login 8-14
See also port-based authentication
authentication failed VLAN
authentication keys, and routing protocols 34-85
authoritative time source, described 6-2
authorization
with RADIUS 8-27
authorized ports with IEEE 802.1x 9-4
autoconfiguration 3-3
automatic discovery
considerations
beyond a noncandidate device 5-7
brand new switches 5-9
connectivity 5-4
different VLANs 5-6
management VLANs 5-7
non-CDP-capable devices 5-6
noncluster-capable devices 5-6
routed ports 5-8
in switch clusters 5-4
automatic QoS
automatic recovery, clusters 5-10
auto-MDIX
configuring 10-19
described 10-19
autonegotiation
duplex mode 1-3
interface configuration guidelines 10-16
mismatches 42-11
autonomous system boundary routers
autonomous systems, in BGP 34-45
Auto-RP, described 39-5
autosensing, port speed 1-3
auxiliary VLAN
availability, features 1-6
B
BackboneFast
described 19-5
disabling 19-14
enabling 19-13
support for 1-6
backup interfaces
backup links 20-2
banners
configuring
login 6-19
message-of-the-day login 6-18
default configuration 6-17
when displayed 6-17
BGP
aggregate addresses 34-57
aggregate routes, configuring 34-57
CIDR 34-57
clear commands 34-61
community filtering 34-54
configuring neighbors 34-55
default configuration 34-42
described 34-41
enabling 34-45
monitoring 34-61
multipath support 34-49
neighbors, types of 34-45
path selection 34-49
peers, configuring 34-55
prefix filtering 34-53
resetting sessions 34-48
route dampening 34-60
route maps 34-51
route reflectors 34-58
routing domain confederation 34-58
routing session with multi-VRF CE 34-67
show commands 34-61
supernets 34-57
support for 1-10
Version 4 34-42
binding cluster group and HSRP group 38-11
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 21-5
DHCP snooping database 21-6
IP source guard 21-14
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 24-6
booting
boot loader, function of 3-2
boot process 3-2
manually 3-13
specific image 3-13
boot loader
accessing 3-14
described 3-2
environment variables 3-14
prompt 3-14
trap-door mechanism 3-2
bootstrap router (BSR), described 39-5
Border Gateway Protocol
BPDU
error-disabled state 19-3
filtering 19-3
RSTP format 18-12
BPDU filtering
described 19-3
disabling 19-12
enabling 19-12
support for 1-6
BPDU guard
described 19-3
disabling 19-11
enabling 19-11
support for 1-6
bridged packets, ACLs on 31-38
bridge groups
bridge protocol data unit
broadcast flooding 34-16
broadcast packets
directed 34-13
flooded 34-13
broadcast storm-control command 24-4
C
cables, monitoring for unidirectional links 26-1
candidate switch
automatic discovery 5-4
defined 5-3
requirements 5-3
See also command switch, cluster standby group, and member switch
CA trustpoint
configuring 8-44
defined 8-42
caution, described xl
CDP
and trusted boundary 32-39
automatic discovery in switch clusters 5-4
configuring 25-2
default configuration 25-2
described 25-1
disabling for routing device 25-3 to 25-4
CDP (continued)enabling and disabling
on an interface 25-4
on a switch 25-3
Layer 2 protocol tunneling 16-8
monitoring 25-4
overview 25-1
power negotiation extensions 10-6
support for 1-5
transmission timer and holdtime, setting 25-2
updates 25-2
CEF
defined 34-73
enabling 34-73
IPv6 35-14
CGMP
as IGMP snooping learning method 23-9
clearing cached group entries 39-49
enabling server support 39-32
joining multicast group 23-3
overview 39-8
server support only 39-8
switch support of 1-4
CIDR 34-57
CipherSuites 8-43
Cisco 7960 IP Phone 15-1
Cisco Discovery Protocol
Cisco Express Forwarding
Cisco Group Management Protocol
Cisco Intelligence Engine 2100 Series Configuration Registrar
Cisco intelligent power management 10-6
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
Cisco Network Assistant
Cisco Networking Services
CIST regional root
CIST root
classless interdomain routing
classless routing 34-6
class maps for QoS
configuring 32-46
described 32-7
displaying 32-78
class of service
clearing interfaces 10-28
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-4
editing features
enabling and disabling 2-7
keystroke editing 2-8
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
CLI (continued)managing clusters 5-15
no and default forms of commands 2-4
client mode, VTP 13-3
clock
cluster requirements xli
clusters, switch
accessing 5-13
automatic discovery 5-4
automatic recovery 5-10
benefits 1-2
compatibility 5-4
described 5-1
LRE profile considerations 5-15
managing
through CLI 5-15
through SNMP 5-16
planning 5-4
planning considerations
automatic discovery 5-4
automatic recovery 5-10
CLI 5-15
host names 5-14
IP addresses 5-13
LRE profiles 5-15
passwords 5-14
RADIUS 5-15
TACACS+ 5-15
cluster standby group
and HSRP group 38-11
automatic recovery 5-12
considerations 5-11
defined 5-2
requirements 5-3
virtual IP address 5-11
Coarse Wave Division Multiplexer
command-line interface
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 8-8
command switch
accessing 5-11
active (AC) 5-10
configuration conflicts 42-11
defined 5-2
passive (PC) 5-10
password privilege levels 5-16
priority 5-10
recovery
from command-switch failure 5-10, 42-7
from lost member connectivity 42-11
redundant 5-10
replacing
with another switch 42-10
with cluster member 42-8
requirements 5-3
standby (SC) 5-10
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 34-54
community ports 14-2
community strings
for cluster switches 30-4
in clusters 5-14
overview 30-4
SNMP 5-14
compatibility, feature 24-11
config.text 3-12
configurable leave timer, IGMP 23-6
configuration, initial
defaults 1-11
Express Setup 1-2
See also getting started guide and hardware installation guide
configuration conflicts, recovering from lost member connectivity 42-11
configuration examples, network 1-14
configuration files
clearing the startup configuration B-19
creating using a text editor B-9
default name 3-12
deleting a stored configuration B-19
described B-8
downloading
automatically 3-12
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-10
guidelines for creating and using B-8
invalid combinations when copying B-5
limiting TFTP server access 30-16
obtaining with DHCP 3-7
password recovery disable considerations 8-5
specifying the filename 3-12
system contact and location information 30-15
types and location B-9
configuration files (continued)uploading
reasons for B-8
using FTP B-14
using RCP B-18
using TFTP B-11
configuration guidelines, multi-VRF CE 34-65
configuration logging 2-5
configuration settings, saving 3-10
configure terminal command 10-10
conflicts, configuration 42-11
connections, secure remote 8-38
connectivity problems 42-13, 42-15, 42-16
consistency checks in VTP Version 2 13-4
console port, connecting to 2-10
conventions
command xl
for examples xl
publication xl
text xl
corrupted software, recovery steps with Xmodem 42-2
CoS
in Layer 2 frames 32-2
override priority 15-6
trust priority 15-6
CoS input queue threshold map for QoS 32-16
CoS output queue threshold map for QoS 32-19
CoS-to-DSCP map for QoS 32-60
counters, clearing interface 10-28
crashinfo file 42-23
cryptographic software image
Kerberos 8-32
SSH 8-37
SSL 8-41
customer edge devices 34-63
CWDM SFPs 1-21
D
daylight saving time 6-13
debugging
enabling all system diagnostics 42-20
enabling for a specific feature 42-19
redirecting error message output 42-20
using commands 42-19
default commands 2-4
default configuration
802.1x 9-14
auto-QoS 32-21
banners 6-17
BGP 34-42
booting 3-12
CDP 25-2
DHCP 21-7
DHCP option 82 21-7
DHCP snooping 21-7
DHCP snooping binding database 21-8
DNS 6-16
dynamic ARP inspection 22-5
EIGRP 34-35
EtherChannel 33-9
Ethernet interfaces 10-14
fallback bridging 41-3
Flex Links 20-4
HSRP 38-5
IEEE 802.1Q tunneling 16-4
IGMP 39-26
IGMP filtering 23-25
IGMP snooping 23-7, 36-5, 36-6
IGMP throttling 23-25
initial switch information 3-3
IP addressing, IP routing 34-4
IP multicast routing 39-8
IP source guard 21-15
IPv6 35-9
Layer 2 interfaces 10-14
default configuration (continued)Layer 2 protocol tunneling 16-11
MAC address table 6-21
MAC address-table move update 20-4
MSDP 40-4
MSTP 18-14
multi-VRF CE 34-64
MVR 23-20
NTP 6-4
optional spanning-tree configuration 19-9
OSPF 34-25
password and privilege level 8-2
PIM 39-8
private VLANs 14-6
RADIUS 8-20
RIP 34-20
RMON 28-3
RSPAN 27-10
SDM template 7-4
SNMP 30-7
SPAN 27-10
SSL 8-44
standard QoS 32-31
STP 17-11
system message logging 29-3
system name and prompt 6-15
TACACS+ 8-13
UDLD 26-4
VLAN, Layer 2 Ethernet interfaces 12-19
VLANs 12-8
VMPS 12-29
voice VLAN 15-3
VTP 13-6
default networks 34-76
default routes 34-76
default routing 34-2
deleting VLANs 12-10
denial-of-service attack 24-1
description command 10-23
designing your network, examples 1-14
destination addresses
in IPv6 ACLs 37-5
destination addresses, in IPv4 ACLs 31-11
destination-IP address-based forwarding, EtherChannel 33-7
destination-MAC address forwarding, EtherChannel 33-7
detecting indirect link failures, STP 19-5
device B-19
device discovery protocol 25-1
device manager
benefits 1-2
in-band management 1-5
requirements xl
upgrading a switch B-19
DHCP
Cisco IOS server database
configuring 21-12
default configuration 21-8
described 21-5
enabling
relay agent 21-9
server 21-9
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-6
relay device 3-6
server side 3-5
server-side 21-9
TFTP server 3-5
example 3-8
lease options
for IP address information 3-5
for receiving the configuration file 3-5
overview 3-3
DHCP-based autoconfiguration (continued)relationship to BOOTP 3-4
support for 1-5
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 21-5
configuration guidelines 21-8
default configuration 21-7
displaying 21-14
forwarding address, specifying 21-10
helper address 21-10
overview 21-3
packet format, suboption
circuit ID 21-5
remote ID 21-5
remote ID suboption 21-5
DHCP snooping
accepting untrusted packets form edge switch 21-3, 21-11
and private VLANs 21-12
binding database
See DHCP snooping binding database
configuration guidelines 21-8
default configuration 21-7
displaying binding tables 21-14
message exchange process 21-4
option 82 data insertion 21-3
trusted interface 21-2
untrusted interface 21-2
untrusted messages 21-2
DHCP snooping binding database
adding bindings 21-13
binding file
format 21-6
location 21-6
bindings 21-6
clearing agent statistics 21-13
configuration guidelines 21-9
configuring 21-13
default configuration 21-7, 21-8
deleting
binding file 21-13
bindings 21-13
database agent 21-13
described 21-6
displaying 21-14
binding entries 21-14
status and statistics 21-14
enabling 21-13
entry 21-6
renewing database 21-13
resetting
delay value 21-13
timeout value 21-13
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 32-2
Differentiated Services Code Point 32-2
Diffusing Update Algorithm (DUAL) 34-33
directed unicast requests 1-5
directories
changing B-3
creating and removing B-4
displaying the working B-3
discovery, clusters
Distance Vector Multicast Routing Protocol
distance-vector protocols 34-3
distribute-list command 34-84
DNS
and DHCP-based autoconfiguration 3-6
default configuration 6-16
displaying the configuration 6-17
in IPv6 35-4
overview 6-15
setting up 6-16
support for 1-5
documentation, related xl
document conventions xl
domain names
DNS 6-15
VTP 13-8
Domain Name System
dot1q-tunnel switchport mode 12-18
double-tagged packets
IEEE 802.1Q tunneling 16-2
Layer 2 protocol tunneling 16-10
downloading
configuration files
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-10
image files
deleting old image B-23
reasons for B-19
using CMS 1-3
using FTP B-26
using RCP B-31
using TFTP B-22
using the device manager or Network Assistant B-19
drop threshold for Layer 2 protocol packets 16-11
DSCP input queue threshold map for QoS 32-16
DSCP output queue threshold map for QoS 32-19
DSCP-to-CoS map for QoS 32-63
DSCP-to-DSCP-mutation map for QoS 32-64
DSCP transparency 32-39
DUAL finite state machine, EIGRP 34-34
dual IPv4 and IPv6 templates 7-2, 35-1, 35-8
dual protocol stacks
configuring 35-12
IPv4 and IPv6 35-7
SDM templates supporting 35-8
DVMRP
autosummarization
configuring a summary address 39-46
disabling 39-48
connecting PIM domain to DVMRP router 39-38
enabling unicast routing 39-41
interoperability
with Cisco devices 39-36
with Cisco IOS software 39-7
mrinfo requests, responding to 39-41
neighbors
advertising the default route to 39-40
discovery with Probe messages 39-36
displaying information 39-41
prevent peering with nonpruning 39-44
rejecting nonpruning 39-42
overview 39-7
DVMRP (continued)routes
adding a metric offset 39-48
advertising all 39-48
advertising the default route to neighbors 39-40
caching DVMRP routes learned in report messages 39-42
changing the threshold for syslog messages 39-45
deleting 39-49
displaying 39-50
favoring one over another 39-48
limiting the number injected into MBONE 39-45
limiting unicast route advertisements 39-36
routing table 39-7
source distribution tree, building 39-7
support for 1-10
tunnels
configuring 39-38
displaying neighbor information 39-41
dynamic access ports
characteristics 12-3
configuring 12-30
defined 10-3
dynamic addresses
dynamic ARP inspection
ARP cache poisoning 22-1
ARP requests, described 22-1
ARP spoofing attack 22-1
clearing
log buffer 22-15
statistics 22-15
configuration guidelines 22-6
configuring
ACLs for non-DHCP environments 22-8
in DHCP environments 22-7
log buffer 22-12
rate limit for incoming ARP packets 22-4, 22-10
dynamic ARP inspection (continued)default configuration 22-5
denial-of-service attacks, preventing 22-10
described 22-1
DHCP snooping binding database 22-2
displaying
ARP ACLs 22-14
configuration and operating state 22-14
log buffer 22-15
statistics 22-15
trust state and rate limit 22-14
error-disabled state for exceeding rate limit 22-4
function of 22-2
interface trust states 22-3
log buffer
clearing 22-15
configuring 22-12
displaying 22-15
logging of dropped packets, described 22-4
man-in-the middle attack, described 22-2
network security issues and interface trust states 22-3
priority of ARP ACLs and DHCP snooping entries 22-4
rate limiting of ARP packets
configuring 22-10
described 22-4
error-disabled state 22-4
statistics
clearing 22-15
displaying 22-15
validation checks, performing 22-11
dynamic auto trunking mode 12-18
dynamic desirable trunking mode 12-18
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 12-28
reconfirming 12-31
troubleshooting 12-33
types of connections 12-30
dynamic routing 34-3
Dynamic Trunking Protocol
E
EBGP 34-40
editing features
enabling and disabling 2-7
keystrokes used 2-8
wrapped lines 2-9
EIGRP
authentication 34-39
components 34-34
configuring 34-37
default configuration 34-35
definition 34-33
interface parameters, configuring 34-38
monitoring 34-40
support for 1-10
enable password 8-3
enable secret password 8-3
encryption, CipherSuite 8-43
encryption for passwords 8-3
Enhanced IGRP
environment variables, function of 3-15
equal-cost routing 1-10, 34-74
error messages during command entry 2-5
EtherChannel
automatic creation of 33-4, 33-5
channel groups
binding physical and logical interfaces 33-3
numbering of 33-3
configuration guidelines 33-9
configuring
Layer 2 interfaces 33-10
Layer 3 physical interfaces 33-14
Layer 3 port-channel logical interfaces 33-13
EtherChannel (continued)default configuration 33-9
described 33-2
displaying status 33-20
forwarding methods 33-6, 33-16
IEEE 802.3ad, described 33-5
interaction
with STP 33-9
with VLANs 33-10
LACP
described 33-5
displaying status 33-20
hot-standby ports 33-18
interaction with other features 33-6
modes 33-5
port priority 33-19
system priority 33-19
Layer 3 interface 34-3
logical interfaces, described 33-3
PAgP
aggregate-port learners 33-17
compatibility with Catalyst 1900 33-17
described 33-4
displaying status 33-20
interaction with other features 33-5
learn method and priority configuration 33-17
modes 33-4
support for 1-3
port-channel interfaces
described 33-3
numbering of 33-3
port groups 10-5
support for 1-3
EtherChannel guard
described 19-7
disabling 19-14
enabling 19-14
Ethernet VLANs
adding 12-9
defaults and ranges 12-8
modifying 12-9
EUI 35-3
events, RMON 28-3
examples
conventions for xl
network configuration 1-14
expedite queue for QoS 32-77
Express Setup 1-2
See also getting started guide
extended crashinfo file 42-23
extended-range VLANs
configuration guidelines 12-13
configuring 12-12
creating 12-14
creating with an internal VLAN ID 12-15
defined 12-1
extended system ID
MSTP 18-17
extended universal identifier
Extensible Authentication Protocol over LAN 9-1
external BGP
external neighbors, BGP 34-45
F
fallback bridging
and protected ports 41-4
bridge groups
creating 41-4
described 41-1
displaying 41-10
function of 41-2
number supported 41-4
removing 41-4
bridge table
clearing 41-10
displaying 41-10
configuration guidelines 41-3
connecting interfaces with 10-9
default configuration 41-3
described 41-1
frame forwarding
flooding packets 41-2
forwarding packets 41-2
overview 41-1
protocol, unsupported 41-3
STP
disabling on an interface 41-10
forward-delay interval 41-8
hello BPDU interval 41-8
interface priority 41-6
keepalive messages 17-2
maximum-idle interval 41-9
path cost 41-7
VLAN-bridge spanning-tree priority 41-6
VLAN-bridge STP 41-2
support for 1-10
SVIs and routed ports 41-1
unsupported protocols 41-3
VLAN-bridge STP 17-10
features, incompatible 24-11
FIB 34-73
fiber-optic, detecting unidirectional links 26-1
files
basic crashinfo
description 42-23
location 42-23
copying B-4
crashinfo
description 42-23
deleting B-5
displaying the contents of B-7
extended crashinfo
description 42-24
location 42-24
tar
creating B-5
displaying the contents of B-6
extracting B-7
image file format B-20
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-4
setting the default B-3
filtering
in a VLAN 31-29
non-IP traffic 31-26
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
flash device, number of B-1
Flex Links
configuration guidelines 20-4
configuring 20-5
default configuration 20-4
description 20-1
monitoring 20-7
flooded traffic, blocking 24-7
flow-based packet classification 1-9
flowcharts
QoS classification 32-6
QoS egress queueing and scheduling 32-17
QoS ingress queueing and scheduling 32-15
QoS policing and marking 32-10
flowcontrol
configuring 10-18
described 10-18
forward-delay time
MSTP 18-23
STP 17-21
Forwarding Information Base
forwarding nonroutable protocols 41-1
FTP
accessing MIB files A-3
configuration files
downloading B-13
overview B-12
preparing the server B-13
uploading B-14
image files
deleting old image B-28
downloading B-26
preparing the server B-25
uploading B-28
G
get-bulk-request operation 30-3
get-next-request operation 30-3, 30-5
get-request operation 30-3, 30-5
get-response operation 30-3
global configuration mode 2-2
global leave, IGMP 23-13
guest VLAN and 802.1x 9-10
guide
audience xxxix
purpose of xxxix
guide mode 1-3
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces 10-24
hello time
MSTP 18-22
STP 17-20
help, for the command line 2-3
hierarchical policy maps 32-8
configuration guidelines 32-33
configuring 32-52
described 32-11
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 29-9
host names
in clusters 5-14
host ports
configuring 14-11
kinds of 14-2
hosts, limit on dynamic ports 12-33
Hot Standby Router Protocol
HP OpenView 1-4
HSRP
authentication string 38-9
automatic cluster recovery 5-12
binding to cluster group 38-11
cluster standby group considerations 5-11
command-switch redundancy 1-1, 1-6
configuring 38-4
default configuration 38-5
definition 38-1
guidelines 38-5
monitoring 38-11
overview 38-1
priority 38-7
routing redundancy 1-10
support for ICMP redirect messages 38-11
timers 38-9
tracking 38-7
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
HTTPS 8-42
configuring 8-45
self-signed certificate 8-42
HTTP secure server 8-42
I
IBPG 34-40
ICMP
IPv6 35-4
redirect messages 34-11
support for 1-10
time-exceeded messages 42-17
traceroute and 42-17
unreachable messages 31-19
unreachable messages and IPv6 37-4
unreachables and ACLs 31-21
ICMP ping
executing 42-14
overview 42-13
ICMP Router Discovery Protocol
ICMPv6 35-4
IDS appliances
and ingress RSPAN 27-21
and ingress SPAN 27-14
IE2100
CNS embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-8
Configuration Registrar
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
IEEE 802.1D
IEEE 802.1p 15-1
IEEE 802.1Q
and trunk ports 10-3
configuration limitations 12-19
encapsulation 12-16
native VLAN for untagged traffic 12-23
tunneling
compatibility with other features 16-6
defaults 16-4
described 16-1
tunnel ports with other features 16-6
IEEE 802.1s
IEEE 802.1w
IEEE 802.1x
IEEE 802.3ad
IEEE 802.3af
IEEE 802.3x flow control 10-18
ifIndex values, SNMP 30-6
IFS 1-5
IGMP
configurable leave timer
described 23-6
enabling 23-11
configuring the switch
as a member of a group 39-26
statically connected member 39-31
controlling access to groups 39-27
default configuration 39-26
deleting cache entries 39-50
displaying groups 39-50
fast switching 39-31
flooded multicast traffic
controlling the length of time 23-12
disabling on an interface 23-13
global leave 23-13
query solicitation 23-13
recovering from flood mode 23-13
host-query interval, modifying 39-29
joining multicast group 23-3
join messages 23-3
leave processing, enabling 23-11, 36-9
leaving multicast group 23-5
multicast reachability 39-26
overview 39-2
queries 23-4
report suppression
described 23-6
supported versions 23-3
support for 1-4
IGMP (continued)Version 1
changing to Version 2 39-28
described 39-3
Version 2
changing to Version 1 39-28
described 39-3
maximum query response time value 39-30
pruning groups 39-30
query timeout value 39-29
IGMP filtering
configuring 23-25
default configuration 23-25
described 23-24
monitoring 23-29
support for 1-4
IGMP groups
configuring filtering 23-28
setting the maximum number 23-27
IGMP Immediate Leave
configuration guidelines 23-11
described 23-6
enabling 23-11
IGMP profile
applying 23-26
configuration mode 23-25
configuring 23-26
IGMP snooping
and address aliasing 23-2
configuring 23-7
default configuration 23-7, 36-5, 36-6
definition 23-2
enabling and disabling 23-7, 36-6
global configuration 23-7
Immediate Leave 23-6
method 23-8
IGMP snooping (continued)querier
configuration guidelines 23-14
configuring 23-14
supported versions 23-3
support for 1-4
VLAN configuration 23-8
IGMP throttling
configuring 23-28
default configuration 23-25
described 23-25
displaying action 23-29
IGP 34-24
Immediate Leave, IGMP 23-6
enabling 36-9
inaccessible authentication bypass 9-11
initial configuration
defaults 1-11
Express Setup 1-2
See also getting started guide and hardware installation guide
Intelligence Engine 2100 Series CNS Agents
interface
number 10-10
range macros 10-12
interface command 10-10
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 10-19
configuration guidelines
duplex and speed 10-16
configuring
procedure 10-10
configuring for IPv4 and IPv6 35-12
counters, clearing 10-28
default configuration 10-14
described 10-23
descriptive name, adding 10-23
interfaces (continued)displaying information about 10-27
flow control 10-18
management 1-4
monitoring 10-27
naming 10-23
physical, identifying 10-10
range of 10-11
restarting 10-28
shutting down 10-28
speed and duplex, configuring 10-17
status 10-27
supported 10-10
types of 10-1
interfaces range macro command 10-12
interface types 10-10
Interior Gateway Protocol
internal BGP
internal neighbors, BGP 34-45
Internet Control Message Protocol
Internet Group Management Protocol
Internet Protocol version 6
Inter-Switch Link
Intrusion Detection System
IP ACLs
for QoS classification 32-7
implicit masks 31-9
named 31-14
undefined 31-20
IP addresses
128-bit 35-2
classes of 34-5
cluster access 5-2
command switch 5-3, 5-11, 5-13
default configuration 34-4
discovering 6-26
for IP routing 34-4
IPv6 35-2
MAC address association 34-8
monitoring 34-17
redundant clusters 5-11
standby command switch 5-11, 5-13
IP base image 1-1
IP broadcast address 34-15
ip cef distributed command 34-73
IP directed broadcasts 34-13
ip igmp profile command 23-25
IP information
assigned
manually 3-10
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing
addresses
all-hosts 39-3
all-multicast-routers 39-3
host group address range 39-3
administratively-scoped boundaries, described 39-34
and IGMP snooping 23-2
IP multicast routing (continued)Auto-RP
adding to an existing sparse-mode cloud 39-14
benefits of 39-13
clearing the cache 39-50
configuration guidelines 39-10
filtering incoming RP announcement messages 39-16
overview 39-5
preventing candidate RP spoofing 39-16
preventing join messages to false RPs 39-15
setting up in a new internetwork 39-14
using with BSR 39-21
bootstrap router
configuration guidelines 39-10
configuring candidate BSRs 39-19
configuring candidate RPs 39-20
defining the IP multicast boundary 39-19
defining the PIM domain border 39-18
overview 39-5
using with Auto-RP 39-21
Cisco implementation 39-2
configuring
basic multicast routing 39-10
IP multicast boundary 39-34
default configuration 39-8
enabling
multicast forwarding 39-10
PIM mode 39-11
group-to-RP mappings
Auto-RP 39-5
BSR 39-5
IP multicast routing (continued)MBONE
deleting sdr cache entries 39-50
described 39-33
displaying sdr cache 39-51
enabling sdr listener support 39-33
limiting DVMRP routes advertised 39-45
limiting sdr cache entry lifetime 39-33
SAP packets for conference session announcement 39-33
Session Directory (sdr) tool, described 39-33
monitoring
packet rate loss 39-51
peering devices 39-51
tracing a path 39-51
multicast forwarding, described 39-6
PIMv1 and PIMv2 interoperability 39-9
protocol interaction 39-2
reverse path check (RPF) 39-6
routing table
deleting 39-50
displaying 39-50
RP
assigning manually 39-12
configuring Auto-RP 39-13
configuring PIMv2 BSR 39-17
monitoring mapping information 39-22
using Auto-RP and BSR 39-21
statistics, displaying system and network 39-50
IP phones
and QoS 15-1
automatic classification and queueing 32-20
configuring 15-4
ensuring port security with QoS 32-38
trusted boundary for QoS 32-38
IP precedence 32-2
IP-precedence-to-DSCP map for QoS 32-61
IP protocols
in ACLs 31-11
routing 1-10
IP routes, monitoring 34-86
IP routing
connecting interfaces with 10-9
disabling 34-18
enabling 34-18
IP services image 1-1
IP source guard
and 802.1x 21-16
and DHCP snooping 21-14
and EtherChannels 21-16
and port security 21-16
and private VLANs 21-16
and routed ports 21-15
and TCAM entries 21-16
and trunk interfaces 21-15
and VRF 21-16
binding configuration
automatic 21-14
manual 21-14
binding table 21-14
configuration guidelines 21-15
default configuration 21-15
described 21-14
disabling 21-17
displaying
bindings 21-17
configuration 21-17
enabling 21-16
filtering
source IP address 21-14
source IP and MAC address 21-15
source IP address filtering 21-14
source IP and MAC address filtering 21-15
IP source guard (continued)static bindings
adding 21-16
deleting 21-17
IP traceroute
executing 42-17
overview 42-16
IP unicast routing
address resolution 34-8
administrative distances 34-75, 34-84
ARP 34-8
assigning IP addresses to Layer 3 interfaces 34-5
authentication keys 34-85
broadcast
address 34-15
flooding 34-16
packets 34-13
storms 34-13
classless routing 34-6
configuring static routes 34-74
default
addressing configuration 34-4
gateways 34-11
networks 34-76
routes 34-76
routing 34-2
directed broadcasts 34-13
disabling 34-18
dynamic routing 34-3
enabling 34-18
EtherChannel Layer 3 interface 34-3
IGP 34-24
inter-VLAN 34-2
IP addressing
classes 34-5
configuring 34-4
IPv6 35-3
IRDP 34-12
Layer 3 interfaces 34-3
IP unicast routing (continued)MAC address and IP address 34-8
passive interfaces 34-83
protocols
distance-vector 34-3
dynamic 34-3
link-state 34-3
proxy ARP 34-8
redistribution 34-77
reverse address resolution 34-8
routed ports 34-3
static routing 34-3
steps to configure 34-4
subnet mask 34-5
subnet zero 34-6
supernet 34-6
UDP 34-15
with SVIs 34-3
IPv4 ACLs
applying to interfaces 31-19
extended, creating 31-10
named 31-14
standard, creating 31-9
IPv4 and IPv6
configuring on an interface 35-12
differences 35-2
dual protocol stacks 35-5
IPv6
ACLs
displaying 37-8
limitations 37-3
matching criteria 37-3
port 37-2
precedence 37-2
router 37-2
supported 37-2
addresses 35-2
address formats 35-2
advantages 35-2
applications 35-5
assigning address 35-10
autoconfiguration 35-5
CEFv6 35-14
configuring static routes 35-15
default configuration 35-9
defined 35-1
enabling 35-10
feature limitations 35-7
features not supported 35-6
ICMP 35-4
ICMP rate limiting 35-14
monitoring 35-21
OSPF 35-19
path MTU discovery 35-4
reasons for 35-1
RIP 35-17
SDM templates 7-3, 35-7, 36-1, 37-1
supported features 35-3
switch limitations 35-7
IPv6 traffic, filtering 37-3
IRDP
configuring 34-12
definition 34-12
support for 1-10
ISL
and IPv6 35-3
and trunk ports 10-3
trunking with IEEE 802.1 tunneling 16-5
isolated port 14-2
J
join messages, IGMP 23-3
K
KDC
described 8-32
keepalive messages 17-2
Kerberos
authenticating to
boundary switch 8-34
KDC 8-34
network services 8-35
configuration examples 8-32
configuring 8-35
credentials 8-32
cryptographic software image 8-32
described 8-32
KDC 8-32
operation 8-34
realm 8-33
server 8-33
support for 1-8
switch as trusted third party 8-32
terms 8-33
TGT 8-34
tickets 8-32
key distribution center
L
l2protocol-tunnel command 16-13
LACP
Layer 2 protocol tunneling 16-9
Layer 2 frames, classification with CoS 32-2
Layer 2 interfaces, default configuration 10-14
Layer 2 protocol tunneling
configuring 16-10
configuring for EtherChannels 16-14
default configuration 16-11
defined 16-8
guidelines 16-12
Layer 2 traceroute
and ARP 42-16
and CDP 42-15
broadcast traffic 42-15
described 42-15
IP addresses and subnets 42-16
MAC addresses and VLANs 42-15
multicast traffic 42-15
multiple devices on a port 42-16
unicast traffic 42-15
usage guidelines 42-15
Layer 3 features 1-10
Layer 3 interfaces
assigning IP addresses to 34-5
assigning IPv4 and IPv6 addresses to 35-12
assigning IPv6 addresses to 35-10
changing from Layer 2 mode 34-5
types of 34-3
Layer 3 packets, classification methods 32-2
LDAP 4-2
LEDs, switch
See hardware installation guide
lightweight directory access protocol
line configuration mode 2-3
Link Aggregation Control Protocol
Link Failure
detecting unidirectional 18-8
link local unicast addresses 35-3
link redundancy
links, unidirectional 26-1
link state advertisements (LSAs) 34-29
link-state protocols 34-3
load balancing 38-3
local SPAN 27-2
logging messages, ACL 31-8
login authentication
with RADIUS 8-23
with TACACS+ 8-14
login banners 6-17
log messages
Long-Reach Ethernet (LRE) technology 1-16
loop guard
described 19-9
enabling 19-15
support for 1-6
LRE profiles, considerations in switch clusters 5-15
M
MAC addresses
aging time 6-21
and VLAN association 6-20
building the address table 6-20
default configuration 6-21
discovering 6-26
displaying 6-26
displaying in the IP source binding table 21-17
dynamic
learning 6-20
removing 6-22
in ACLs 31-26
IP address association 34-8
static
adding 6-24
allowing 6-26
characteristics of 6-24
dropping 6-25
removing 6-24
MAC address notification, support for 1-11
MAC address-table move update
configuration guidelines 20-4
configuring 20-5
default configuration 20-4
description 20-2
monitoring 20-7
MAC address-to-VLAN mapping 12-28
MAC extended access lists
applying to Layer 2 interfaces 31-28
configuring for QoS 32-45
creating 31-26
defined 31-26
for QoS classification 32-5
macros
magic packet 9-12
manageability features 1-5
management access
in-band
browser session 1-5
CLI session 1-5
device manager 1-5
SNMP 1-5
out-of-band console port connection 1-5
management options
CLI 2-1
clustering 1-3
CNS 4-1
Network Assistant 1-2
overview 1-4
management VLAN
considerations in switch clusters 5-7
discovery through different management VLANs 5-7
mapping tables for QoS
configuring
CoS-to-DSCP 32-60
DSCP 32-60
DSCP-to-CoS 32-63
DSCP-to-DSCP-mutation 32-64
IP-precedence-to-DSCP 32-61
policed-DSCP 32-62
described 32-12
marking
action in policy map 32-48
action with aggregate policers 32-58
matching
IPv6 ACLs 37-3
matching, IPv4 ACLs 31-7
maximum aging time
MSTP 18-24
STP 17-21
maximum hop count, MSTP 18-24
maximum-paths command 34-49, 34-74
membership mode, VLAN port 12-3
member switch
automatic discovery 5-4
defined 5-2
managing 5-15
passwords 5-13
recovering from lost connectivity 42-11
requirements 5-3
See also candidate switch, cluster standby group, and standby command switch
messages
to users through banners 6-17
messages, to users through banners 6-17
metrics, in BGP 34-49
metric translations, between routing protocols 34-80
metro tags 16-2
MHSRP 38-3
MIBs
accessing files with FTP A-3
location of files A-3
overview 30-1
SNMP interaction with 30-4
supported A-1
mirroring traffic for analysis 27-1
mismatches, autonegotiation 42-11
module number 10-10
monitoring
access groups 31-40
BGP 34-61
cables for unidirectional links 26-1
CDP 25-4
CEF 34-73
EIGRP 34-40
fallback bridging 41-10
features 1-11
Flex Links 20-7
HSRP 38-11
IEEE 802.1Q tunneling 16-18
monitoring (continued)IGMP
filters 23-29
interfaces 10-27
IP
address tables 34-17
multicast routing 39-49
routes 34-86
IPv4 ACL configuration 31-40
IPv6 35-21
IPv6 ACL configuration 37-8
Layer 2 protocol tunneling 16-18
MAC address-table move update 20-7
MSDP peers 40-19
multicast router interfaces 23-17, 36-11
multi-VRF CE 34-72
MVR 23-24
network traffic for analysis with probe 27-2
OSPF 34-33
port
blocking 24-17
protection 24-17
private VLANs 14-14
RP mapping information 39-22
source-active messages 40-19
speed and duplex mode 10-17
traffic flowing among switches 28-1
traffic suppression 24-16
tunneling 16-18
VLAN
filters 31-41
maps 31-41
VLANs 12-16
VMPS 12-32
VTP 13-16
MSDP
benefits of 40-3
clearing MSDP connections and statistics 40-19
controlling source information
forwarded by switch 40-12
originated by switch 40-9
received by switch 40-14
default configuration 40-4
dense-mode regions
sending SA messages to 40-17
specifying the originating address 40-18
filtering
incoming SA messages 40-14
SA messages to a peer 40-12
SA requests from a peer 40-11
join latency, defined 40-6
meshed groups
configuring 40-16
defined 40-16
originating address, changing 40-18
overview 40-1
peer-RPF flooding 40-2
peers
configuring a default 40-4
monitoring 40-19
peering relationship, overview 40-1
requesting source information from 40-8
shutting down 40-16
source-active messages
caching 40-6
clearing cache entries 40-19
defined 40-2
filtering from a peer 40-11
filtering incoming 40-14
filtering to a peer 40-12
limiting data with TTL 40-14
monitoring 40-19
restricting advertised sources 40-9
support for 1-10
MSTP
boundary ports
configuration guidelines 18-15
described 18-6
BPDU filtering
described 19-3
enabling 19-12
BPDU guard
described 19-3
enabling 19-11
CIST, described 18-3
CIST root 18-5
configuration guidelines 18-15, 19-10
configuring
forward-delay time 18-23
hello time 18-22
link type for rapid convergence 18-24
maximum aging time 18-24
maximum hop count 18-24
MST region 18-16
neighbor type 18-25
path cost 18-20
port priority 18-19
root switch 18-17
secondary root switch 18-18
switch priority 18-22
CST
defined 18-3
operations between regions 18-4
default configuration 18-14
default optional feature configuration 19-9
displaying status 18-26
enabling the mode 18-16
EtherChannel guard
described 19-7
enabling 19-14
MSTP (continued)extended system ID
effects on root switch 18-17
effects on secondary root switch 18-18
unexpected behavior 18-17
IEEE 802.1s
implementation 18-6
port role naming change 18-7
terminology 18-5
instances supported 17-9
interface state, blocking to forwarding 19-2
interoperability and compatibility among modes 17-10
interoperability with IEEE 802.1D
described 18-8
restarting migration process 18-26
IST
defined 18-3
master 18-3
operations within a region 18-3
loop guard
described 19-9
enabling 19-15
mapping VLANs to MST instance 18-16
MST region
CIST 18-3
configuring 18-16
described 18-2
hop-count mechanism 18-5
IST 18-3
supported spanning-tree instances 18-2
optional features supported 1-6
overview 18-2
Port Fast
described 19-2
enabling 19-10
preventing root switch selection 19-8
root guard
described 19-8
enabling 19-15
MSTP (continued)root switch
configuring 18-17
effects of extended system ID 18-17
unexpected behavior 18-17
shutdown Port Fast-enabled port 19-3
status, displaying 18-26
multicast groups
Immediate Leave 23-6
joining 23-3
leaving 23-5
multicast packets
ACLs on 31-39
blocking 24-7
multicast router interfaces, monitoring 23-17, 36-11
multicast router ports, adding 23-9, 36-8
Multicast Source Discovery Protocol
multicast storm 24-1
multicast storm-control command 24-4
multicast television application 23-18
multicast VLAN 23-17
Multicast VLAN Registration
Multiple HSRP
multiple VPN routing/forwarding in customer edge devices
multi-VRF CE
configuration example 34-68
configuration guidelines 34-65
configuring 34-64
default configuration 34-64
defined 34-62
displaying 34-72
monitoring 34-72
network components 34-64
packet-forwarding process 34-64
support for 1-10
MVR
and address aliasing 23-21
and IGMPv3 23-21
configuration guidelines 23-20
configuring interfaces 23-22
default configuration 23-20
described 23-17
example application 23-18
modes 23-21
monitoring 23-24
multicast television application 23-18
setting global parameters 23-21
support for 1-4
N
named IPv4 ACLs 31-14
NameSpace Mapper
native VLAN
and IEEE 802.1Q tunneling 16-4
configuring 12-23
default 12-23
neighbor discovery/recovery, EIGRP 34-34
neighbors, BGP 34-55
Network Assistant
benefits 1-2
described 1-4
downloading image files 1-3
guide mode 1-3
management options 1-2
requirements xl
upgrading a switch B-19
wizards 1-3
network configuration examples
increasing network performance 1-15
large network 1-20
long-distance, high-bandwidth transport 1-21
providing network services 1-15
server aggregation and Linux server cluster 1-17
small to medium-sized network 1-18
network design
performance 1-15
services 1-15
network management
CDP 25-1
RMON 28-1
SNMP 30-1
Network Time Protocol
no commands 2-4
nonhierarchical policy maps
configuration guidelines 32-33
configuring 32-48
described 32-9
non-IP traffic filtering 31-26
nontrunking mode 12-18
normal-range VLANs 12-4
configuration guidelines 12-6
configuration modes 12-7
configuring 12-4
defined 12-1
no switchport command 10-4
note, described xl
not-so-stubby areas
NSM 4-3
NSSA, OSPF 34-29
NTP
associations
authenticating 6-4
defined 6-2
enabling broadcast messages 6-6
peer 6-5
server 6-5
default configuration 6-4
displaying the configuration 6-11
overview 6-2
restricting access
creating an access group 6-8
disabling NTP services per interface 6-10
source IP address, configuring 6-10
stratum 6-2
support for 1-5
synchronizing devices 6-5
time
services 6-2
synchronizing 6-2
O
Open Shortest Path First
optimizing system resources 7-1
options, management 1-4
OSPF
area parameters, configuring 34-29
configuring 34-27
default configuration
metrics 34-30
route 34-30
settings 34-25
described 34-24
for IPv6 35-19
interface parameters, configuring 34-27
LSA group pacing 34-32
monitoring 34-33
router IDs 34-32
route summarization 34-30
support for 1-10
virtual links 34-30
out-of-profile markdown 1-9
P
packet modification, with QoS 32-19
PAgP
Layer 2 protocol tunneling 16-9
parallel paths, in routing tables 34-74
passive interfaces
configuring 34-83
OSPF 34-30
passwords
default configuration 8-2
disabling recovery of 8-5
encrypting 8-3
for security 1-7
in clusters 5-14
overview 8-1
recovery of 42-3
passwords (continued)setting
enable 8-3
enable secret 8-3
Telnet 8-6
with usernames 8-6
VTP domain 13-8
path cost
MSTP 18-20
STP 17-18
path MTU discovery 35-4
PBR
defined 34-80
enabling 34-81
fast-switched policy-based routing 34-82
local policy-based routing 34-82
PC (passive command switch) 5-10
peers, BGP 34-55
performance, network design 1-15
performance features 1-3
persistent self-signed certificate 8-42
per-VLAN spanning-tree plus
PE to CE routing, configuring 34-67
physical ports 10-2
PIM
default configuration 39-8
dense mode
overview 39-4
rendezvous point (RP), described 39-4
RPF lookups 39-7
displaying neighbors 39-50
enabling a mode 39-11
overview 39-3
router-query message interval, modifying 39-25
shared tree and source tree, overview 39-23
shortest path tree, delaying the use of 39-24
PIM (continued)sparse mode
join messages and shared tree 39-4
overview 39-4
prune messages 39-5
RPF lookups 39-7
support for 1-10
versions
interoperability 39-9
troubleshooting interoperability problems 39-22
v2 improvements 39-4
PIM-DVMRP, as snooping method 23-8
ping
character output description 42-14
executing 42-14
overview 42-13
PoE
auto mode 10-8
CDP with power consumption, described 10-6
CDP with power negotiation, described 10-6
Cisco intelligent power management 10-6
configuring 10-20
devices supported 10-6
high-power devices operating in low-power mode 10-6
IEEE power classification levels 10-7
power budgeting 10-21
power consumption 10-21
powered-device detection and initial power allocation 10-7
power management modes 10-8
power negotiation extensions to CDP 10-6
standards supported 10-6
static mode 10-8
supported watts per port 10-6
troubleshooting 42-12
policed-DSCP map for QoS 32-62
policers
configuring
for each matched traffic class 32-48
for more than one traffic class 32-58
described 32-4
displaying 32-78
number of 32-34
types of 32-9
policing
described 32-4
hierarchical
token-bucket algorithm 32-9
policy-based routing
policy maps for QoS
characteristics of 32-48
described 32-7
displaying 32-79
hierarchical 32-8
hierarchical on SVIs
configuration guidelines 32-33
configuring 32-52
described 32-11
nonhierarchical on physical ports
configuration guidelines 32-33
configuring 32-48
described 32-9
port ACLs
defined 31-2
types of 31-3
Port Aggregation Protocol
port-based authentication
accounting 9-5
authentication server
defined 9-2
RADIUS server 9-2
client, defined 9-2
configuration guidelines 9-15
configuring
802.1x authentication 9-17
guest VLAN 9-25
host mode 9-24
inaccessible authentication bypass 9-28
manual re-authentication of a client 9-21
periodic re-authentication 9-20
quiet period 9-21
RADIUS server 9-19
RADIUS server parameters on the switch 9-18
restricted VLAN 9-26
switch-to-client frame-retransmission number 9-23
switch-to-client retransmission time 9-22
default configuration 9-14
described 9-1
device roles 9-2
displaying statistics 9-30
EAPOL-start frame 9-3
EAP-request/identity frame 9-3
EAP-response/identity frame 9-3
encapsulation 9-3
guest VLAN
configuration guidelines 9-10, 9-11
described 9-10
host mode 9-6
inaccessible authentication bypass
configuring 9-28
described 9-11
guidelines 9-16
initiation and message exchange 9-3
magic packet 9-12
method lists 9-17
port-based authentication (continued)multiple-hosts mode, described 9-6
per-user ACLs
AAA authorization 9-17
configuration tasks 9-13
described 9-13
RADIUS server attributes 9-13
ports
authorization state and dot1x port-control command 9-4
authorized and unauthorized 9-4
critical 9-11
voice VLAN 9-8
port security
and voice VLAN 9-8
described 9-7
interactions 9-7
multiple-hosts mode 9-7
resetting to default values 9-29
statistics, displaying 9-30
switch
as proxy 9-3
RADIUS client 9-3
upgrading from a previous release 32-26
VLAN assignment
AAA authorization 9-17
characteristics 9-9
configuration tasks 9-9
described 9-8
voice VLAN
described 9-8
PVID 9-8
VVID 9-8
wake-on-LAN, described 9-12
port-channel
Port Fast
described 19-2
enabling 19-10
mode, spanning tree 12-29
support for 1-6
port membership modes, VLAN 12-3
port priority
MSTP 18-19
STP 17-16
ports
access 10-3
blocking 24-6
dynamic access 12-3
IEEE 802.1Q tunnel 12-4
protected 24-5
routed 10-4
secure 24-7
switch 10-2
VLAN assignments 12-11
port security
aging 24-15
and QoS trusted boundary 32-38
configuring 24-12
default configuration 24-10
described 24-7
displaying 24-17
on trunk ports 24-13
sticky learning 24-8
violations 24-9
with other features 24-10
port-shutdown response, VMPS 12-28
Power over Ethernet
preferential treatment of traffic
prefix lists, BGP 34-53
preventing unauthorized access 8-1
primary links 20-2
priority
HSRP 38-7
overriding CoS 15-6
trusting CoS 15-6
private VLAN edge ports
private VLANs
across multiple switches 14-4
and SDM template 14-4
and SVIs 14-5
benefits of 14-1
community ports 14-2
configuration guidelines 14-6, 14-8
configuration tasks 14-6
configuring 14-9
default configuration 14-6
end station access to 14-3
IP addressing 14-3
isolated port 14-2
mapping 14-13
monitoring 14-14
ports
community 14-2
configuration guidelines 14-8
configuring host ports 14-11
configuring promiscuous ports 14-12
described 12-4
isolated 14-2
promiscuous 14-2
promiscuous ports 14-2
secondary VLANs 14-2
subdomains 14-1
traffic in 14-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 8-9
command switch 5-16
exiting 8-9
logging into 8-9
mapping on member switches 5-16
setting a command with 8-8
promiscuous ports
configuring 14-12
defined 14-2
protocol-dependent modules, EIGRP 34-34
Protocol-Independent Multicast Protocol
provider edge devices 34-63
proxy ARP
configuring 34-10
definition 34-8
with IP routing disabled 34-11
pruning, VTP
disabling
in VTP domain 13-14
on a port 12-23
enabling
in VTP domain 13-14
on a port 12-22
examples 13-5
overview 13-4
pruning-eligible list
changing 12-22
for VTP pruning 13-4
VLANs 13-14
PVST+
described 17-9
IEEE 802.1Q trunking interoperability 17-10
instances supported 17-9
Q
QoS
and MQC commands 32-1
auto-QoS
categorizing traffic 32-21
configuration and defaults display 32-30
configuration guidelines 32-25
described 32-20
disabling 32-27
displaying generated commands 32-27
displaying the initial configuration 32-30
effects on running configuration 32-25
egress queue defaults 32-21
enabling for VoIP 32-26
example configuration 32-28
ingress queue defaults 32-21
list of generated commands 32-22
basic model 32-4
classification
class maps, described 32-7
defined 32-4
DSCP transparency, described 32-39
flowchart 32-6
forwarding treatment 32-3
in frames and packets 32-3
MAC ACLs, described 32-5, 32-7
options for IP traffic 32-5
options for non-IP traffic 32-5
policy maps, described 32-7
trust DSCP, described 32-5
trusted CoS, described 32-5
trust IP precedence, described 32-5
class maps
configuring 32-46
displaying 32-78
QoS (continued)configuration guidelines
auto-QoS 32-25
standard QoS 32-33
configuring
aggregate policers 32-58
auto-QoS 32-20
default port CoS value 32-37
DSCP maps 32-60
DSCP transparency 32-39
DSCP trust states bordering another domain 32-40
egress queue characteristics 32-70
ingress queue characteristics 32-66
IP extended ACLs 32-44
IP standard ACLs 32-43
MAC ACLs 32-45
policy maps, hierarchical 32-52
policy maps on physical ports 32-48
port trust states within the domain 32-36
trusted boundary 32-38
default auto configuration 32-21
default standard configuration 32-31
displaying statistics 32-78
DSCP transparency 32-39
egress queues
allocating buffer space 32-71
buffer allocation scheme, described 32-18
configuring shaped weights for SRR 32-75
configuring shared weights for SRR 32-76
described 32-4
displaying the threshold map 32-74
flowchart 32-17
mapping DSCP or CoS values 32-73
scheduling, described 32-4
setting WTD thresholds 32-71
WTD, described 32-19
enabling globally 32-35
QoS (continued)flowcharts
classification 32-6
egress queueing and scheduling 32-17
ingress queueing and scheduling 32-15
policing and marking 32-10
implicit deny 32-7
ingress queues
allocating bandwidth 32-68
allocating buffer space 32-68
buffer and bandwidth allocation, described 32-16
configuring shared weights for SRR 32-68
configuring the priority queue 32-69
described 32-4
displaying the threshold map 32-67
flowchart 32-15
mapping DSCP or CoS values 32-67
priority queue, described 32-16
scheduling, described 32-4
setting WTD thresholds 32-67
WTD, described 32-16
IP phones
automatic classification and queueing 32-20
detection and trusted settings 32-20, 32-38
limiting bandwidth on egress interface 32-77
mapping tables
CoS-to-DSCP 32-60
displaying 32-78
DSCP-to-CoS 32-63
DSCP-to-DSCP-mutation 32-64
IP-precedence-to-DSCP 32-61
policed-DSCP 32-62
types of 32-12
marked-down actions 32-50, 32-55
overview 32-2
packet modification 32-19
QoS (continued)policers
configuring 32-50, 32-55, 32-58
described 32-8
displaying 32-78
number of 32-34
types of 32-9
policies, attaching to an interface 32-8
policing
token bucket algorithm 32-9
policy maps
characteristics of 32-48
displaying 32-79
hierarchical 32-8
hierarchical on SVIs 32-52
nonhierarchical on physical ports 32-48
QoS label, defined 32-4
queues
configuring egress characteristics 32-70
configuring ingress characteristics 32-66
high priority (expedite) 32-19, 32-77
location of 32-13
SRR, described 32-14
WTD, described 32-13
rewrites 32-19
support for 1-8
trust states
bordering another domain 32-40
described 32-5
trusted device 32-38
within the domain 32-36
quality of service
queries, IGMP 23-4
query solicitation, IGMP 23-13
R
RADIUS
attributes
vendor-proprietary 8-30
vendor-specific 8-29
configuring
accounting 8-28
authentication 8-23
authorization 8-27
communication, global 8-21, 8-29
communication, per-server 8-20, 8-21
multiple UDP ports 8-21
default configuration 8-20
defining AAA server groups 8-25
displaying the configuration 8-31
identifying the server 8-20
in clusters 5-15
limiting the services to the user 8-27
method list, defined 8-20
operation of 8-19
overview 8-17
suggested network environments 8-18
support for 1-8
tracking services accessed by user 8-28
range
macro 10-12
of interfaces 10-11
rapid convergence 18-10
rapid per-VLAN spanning-tree plus
rapid PVST+
described 17-9
IEEE 802.1Q trunking interoperability 17-10
instances supported 17-9
Rapid Spanning Tree Protocol
RARP 34-8
rcommand command 5-15
RCP
configuration files
downloading B-17
overview B-15
preparing the server B-16
uploading B-18
image files
deleting old image B-32
downloading B-31
preparing the server B-29
uploading B-32
reconfirmation interval, VMPS, changing 12-31
reconfirming dynamic VLAN membership 12-31
recovery procedures 42-1
redundancy
EtherChannel 33-3
HSRP 38-1
STP
backbone 17-8
path cost 12-26
port priority 12-24
redundant links and UplinkFast 19-13
reliable transport protocol, EIGRP 34-34
reloading software 3-15
Remote Authentication Dial-In User Service
Remote Copy Protocol
Remote Network Monitoring
Remote SPAN
remote SPAN 27-2
report suppression, IGMP
described 23-6
requirements
cluster xli
device manager xl
Network Assistant xl
resequencing ACL entries 31-14
resets, in BGP 34-48
resetting a UDLD-shutdown interface 26-6
restricted VLAN
configuring 9-26
described 9-10
using with IEEE 802.1x 9-10
restricting access
NTP services 6-8
overview 8-1
passwords and privilege levels 8-2
RADIUS 8-17
TACACS+ 8-10
retry count, VMPS, changing 12-32
reverse address resolution 34-8
Reverse Address Resolution Protocol
RFC
1058, RIP 34-18
1112, IP multicast and IGMP 23-2
1157, SNMPv1 30-2
1163, BGP 34-40
1166, IP addresses 34-5
1253, OSPF 34-24
1267, BGP 34-40
1305, NTP 6-2
1587, NSSAs 34-24
1757, RMON 28-2
1771, BGP 34-40
1901, SNMPv2C 30-2
1902 to 1907, SNMPv2 30-2
2236, IP multicast and IGMP 23-2
2273-2275, SNMPv3 30-2
RIP
advertisements 34-19
authentication 34-22
configuring 34-20
default configuration 34-20
described 34-19
for IPv6 35-17
hop counts 34-19
split horizon 34-22
summary addresses 34-22
support for 1-10
RMON
default configuration 28-3
displaying status 28-6
enabling alarms and events 28-3
groups supported 28-2
overview 28-1
statistics
collecting group Ethernet 28-5
collecting group history 28-5
support for 1-11
root guard
described 19-8
enabling 19-15
support for 1-6
root switch
MSTP 18-17
STP 17-14
route calculation timers, OSPF 34-30
route dampening, BGP 34-60
routed packets, ACLs on 31-39
routed ports
configuring 34-3
defined 10-4
in switch clusters 5-8
route-map command 34-82
route maps
BGP 34-51
policy-based routing 34-80
router ACLs
defined 31-2
types of 31-4
route reflectors, BGP 34-58
router ID, OSPF 34-32
route selection, BGP 34-49
route summarization, OSPF 34-30
route targets, VPN 34-64
routing
default 34-2
dynamic 34-3
redistribution of information 34-77
static 34-3
routing domain confederation, BGP 34-58
Routing Information Protocol
routing protocol administrative distances 34-75
RSPAN 27-2
characteristics 27-8
configuration guidelines 27-16
default configuration 27-10
destination ports 27-7
displaying status 27-24
interaction with other features 27-8
monitored ports 27-5
monitoring ports 27-7
received traffic 27-4
sessions
creating 27-17
defined 27-3
limiting source traffic to specific VLANs 27-23
specifying monitored ports 27-17
with ingress traffic enabled 27-21
source ports 27-5
RSPAN (continued)transmitted traffic 27-5
VLAN-based 27-6
RSTP
active topology 18-9
BPDU
format 18-12
processing 18-13
designated port, defined 18-9
designated switch, defined 18-9
interoperability with IEEE 802.1D
described 18-8
restarting migration process 18-26
topology changes 18-13
overview 18-8
port roles
described 18-9
synchronized 18-11
proposal-agreement handshake process 18-10
rapid convergence
described 18-10
edge ports and Port Fast 18-10
point-to-point links 18-10, 18-24
root ports 18-10
root port, defined 18-9
running configuration, saving 3-10
S
SC (standby command switch) 5-10
scheduled reloads 3-15
SDM
described 7-1
templates
configuring 7-5
number of 7-1
SDM template
configuration guidelines 7-4
configuring 7-3
dual IPv4 and IPv6 7-2
types of 7-1
secondary VLANs 14-2
secure HTTP client
configuring 8-47
displaying 8-47
secure HTTP server
configuring 8-45
displaying 8-47
secure MAC addresses
deleting 24-14
maximum number of 24-9
types of 24-8
secure ports, configuring 24-7
secure remote connections 8-38
Secure Socket Layer
security, port 24-7
security features 1-7
sequence numbers in log messages 29-7
server mode, VTP 13-3
service-provider network, MSTP and RSTP 18-1
service-provider networks
and customer VLANs 16-2
and IEEE 802.1Q tunneling 16-1
Layer 2 protocols across 16-8
Layer 2 protocol tunneling for EtherChannels 16-9
set-request operation 30-5
setup program
failed command switch replacement 42-10
replacing failed command switch 42-8
severity levels, defining in system messages 29-8
SFPs
monitoring status of 10-27, 42-13
security and identification 42-12
status, displaying 42-13
shaped round robin
show access-lists hw-summary command 31-21
show and more command output, filtering 2-10
show cdp traffic command 25-5
show cluster members command 5-15
show configuration command 10-23
show forward command 42-20
show interfaces command 10-17, 10-23
show l2protocol command 16-13, 16-15, 16-16
show platform forward command 42-20
show running-config command
displaying ACLs 31-19, 31-20, 31-31, 31-33
interface description in 10-23
shutdown command on interfaces 10-28
shutdown threshold for Layer 2 protocol packets 16-11
Simple Network Management Protocol
Smartports macros
applying Cisco-default macros 11-6
applying global parameter values 11-5, 11-6
applying macros 11-5
applying parameter values 11-5, 11-7
configuration guidelines 11-3
creating 11-4
default configuration 11-2
defined 11-1
displaying 11-8
tracing 11-3
website 11-2
SNAP 25-1
SNMP
accessing MIB variables with 30-4
agent
described 30-4
disabling 30-8
authentication level 30-11
community strings
configuring 30-8
for cluster switches 30-4
overview 30-4
configuration examples 30-16
default configuration 30-7
engine ID 30-7
host 30-7
ifIndex values 30-6
in-band management 1-5
in clusters 5-14
informs
and trap keyword 30-12
described 30-5
differences from traps 30-5
disabling 30-15
enabling 30-15
limiting access by TFTP servers 30-16
limiting system log messages to NMS 29-9
managing clusters with 5-16
MIBs
location of A-3
supported A-1
notifications 30-5
security levels 30-3
status, displaying 30-17
system contact and location 30-15
trap manager, configuring 30-14
SNMP (continued)traps
differences from informs 30-5
disabling 30-15
enabling 30-12
enabling MAC address notification 6-22
types of 30-12
versions supported 30-2
SNMPv1 30-2
SNMPv2C 30-2
SNMPv3 30-2
snooping, IGMP 23-2
software images
location in flash B-20
recovery procedures 42-2
scheduling reloads 3-16
tar file format, described B-20
See also downloading and uploading
source addresses
in IPv6 ACLs 37-5
source addresses, in IPv4 ACLs 31-11
source-and-destination-IP address based forwarding, EtherChannel 33-7
source-and-destination MAC address forwarding, EtherChannel 33-7
source-IP address based forwarding, EtherChannel 33-7
source-MAC address forwarding, EtherChannel 33-6
SPAN
configuration guidelines 27-10
default configuration 27-10
destination ports 27-7
displaying status 27-24
interaction with other features 27-8
monitored ports 27-5
monitoring ports 27-7
ports, restrictions 24-11
received traffic 27-4
sessions
configuring ingress forwarding 27-15, 27-22
creating 27-11
defined 27-3
limiting source traffic to specific VLANs 27-15
removing destination (monitoring) ports 27-13
specifying monitored ports 27-11
with ingress traffic enabled 27-14
source ports 27-5
transmitted traffic 27-5
VLAN-based 27-6
spanning tree and native VLANs 12-19
Spanning Tree Protocol
SPAN traffic 27-4
split horizon, RIP 34-22
SRR
configuring
shaped weights on egress queues 32-75
shared weights on egress queues 32-76
shared weights on ingress queues 32-68
described 32-14
shaped mode 32-14
shared mode 32-14
support for 1-9
SSH
configuring 8-39
cryptographic software image 8-37
encryption methods 8-38
user authentication methods, supported 8-38
SSL
configuration guidelines 8-44
configuring a secure HTTP client 8-47
configuring a secure HTTP server 8-45
cryptographic software image 8-41
described 8-41
monitoring 8-47
standby command switch
considerations 5-11
defined 5-2
priority 5-10
requirements 5-3
virtual IP address 5-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby ip command 38-5
standby links 20-2
standby router 38-1
standby timers, HSRP 38-9
startup configuration
booting
manually 3-13
specific image 3-13
clearing B-19
configuration file
automatically downloading 3-12
specifying the filename 3-12
default boot configuration 3-12
stateless autoconfiguration 35-5
static access ports
assigning to VLAN 12-11
static addresses
static IP routing 1-10
static MAC addressing 1-7
static routes
configuring 34-74
configuring for IPv6 35-15
static routing 34-3
static VLAN membership 12-2
statistics
802.1x 9-30
CDP 25-4
interface 10-27
IP multicast routing 39-50
OSPF 34-33
QoS ingress and egress 32-78
RMON group Ethernet 28-5
RMON group history 28-5
SNMP input and output 30-17
VTP 13-16
sticky learning 24-8
storm control
configuring 24-3
described 24-1
disabling 24-5
displaying 24-17
support for 1-3
thresholds 24-1
STP
accelerating root port selection 19-4
BackboneFast
described 19-5
disabling 19-14
enabling 19-13
STP (continued)BPDU filtering
described 19-3
disabling 19-12
enabling 19-12
BPDU guard
described 19-3
disabling 19-11
enabling 19-11
BPDU message exchange 17-3
configuration guidelines 17-12, 19-10
configuring
forward-delay time 17-21
hello time 17-20
maximum aging time 17-21
path cost 17-18
port priority 17-16
root switch 17-14
secondary root switch 17-16
spanning-tree mode 17-13
switch priority 17-19
counters, clearing 17-22
default configuration 17-11
default optional feature configuration 19-9
designated port, defined 17-3
designated switch, defined 17-3
detecting indirect link failures 19-5
disabling 17-14
displaying status 17-22
EtherChannel guard
described 19-7
disabling 19-14
enabling 19-14
extended system ID
effects on root switch 17-14
effects on the secondary root switch 17-16
overview 17-4
unexpected behavior 17-15
STP (continued)features supported 1-6
IEEE 802.1D and bridge ID 17-4
IEEE 802.1D and multicast addresses 17-8
IEEE 802.1t and VLAN identifier 17-4
inferior BPDU 17-3
instances supported 17-9
interface state, blocking to forwarding 19-2
interface states
blocking 17-6
disabled 17-7
learning 17-6
listening 17-6
overview 17-4
interoperability and compatibility among modes 17-10
keepalive messages 17-2
Layer 2 protocol tunneling 16-8
limitations with IEEE 802.1Q trunks 17-10
load sharing
overview 12-24
using path costs 12-26
using port priorities 12-24
loop guard
described 19-9
enabling 19-15
modes supported 17-9
multicast addresses, effect of 17-8
optional features supported 1-6
overview 17-2
path costs 12-26
Port Fast
described 19-2
enabling 19-10
port priorities 12-25
preventing root switch selection 19-8
protocols supported 17-9
redundant connectivity 17-8
STP (continued)root guard
described 19-8
enabling 19-15
root port, defined 17-3
root switch
configuring 17-14
effects of extended system ID 17-4, 17-14
election 17-3
unexpected behavior 17-15
shutdown Port Fast-enabled port 19-3
status, displaying 17-22
superior BPDU 17-3
timers, described 17-20
UplinkFast
described 19-4
enabling 19-13
VLAN-bridge 17-10
stratum, NTP 6-2
stub areas, OSPF 34-29
subdomains, private VLAN 14-1
subnet mask 34-5
subnet zero 34-6
success response, VMPS 12-28
summer time 6-13
SunNet Manager 1-4
supernet 34-6
SVIs
and IP unicast routing 34-3
and router ACLs 31-4
connecting VLANs 10-9
defined 10-5
routing between VLANs 12-2
switch clustering technology 5-1
switch console port 1-5
Switch Database Management
switched packets, ACLs on 31-37
Switched Port Analyzer
switched ports 10-2
switchport block multicast command 24-7
switchport block unicast command 24-7
switchport command 10-15
switchport mode dot1q-tunnel command 16-6
switchport protected command 24-6
switch priority
MSTP 18-22
STP 17-19
switch software features 1-1
switch virtual interface
synchronization, BGP 34-45
syslog
system clock
configuring
daylight saving time 6-13
manually 6-11
summer time 6-13
time zones 6-12
displaying the time and date 6-12
overview 6-1
system message logging
default configuration 29-3
defining error message severity levels 29-8
disabling 29-3
displaying the configuration 29-12
enabling 29-4
facility keywords, described 29-12
level keywords, described 29-9
limiting messages 29-9
message format 29-2
overview 29-1
sequence numbers, enabling and disabling 29-7
system message logging (continued)setting the display destination device 29-4
synchronizing log messages 29-5
syslog facility 1-11
time stamps, enabling and disabling 29-7
UNIX syslog servers
configuring the daemon 29-11
configuring the logging facility 29-11
facilities supported 29-12
system MTU and IEEE 802.1Q tunneling 16-5
system name
default configuration 6-15
default setting 6-15
manual configuration 6-15
system prompt, default setting 6-14, 6-15
system resources, optimizing 7-1
T
TACACS+
accounting, defined 8-11
authentication, defined 8-11
authorization, defined 8-11
configuring
accounting 8-16
authentication key 8-13
authorization 8-16
login authentication 8-14
default configuration 8-13
displaying the configuration 8-17
identifying the server 8-13
in clusters 5-15
limiting the services to the user 8-16
operation of 8-12
overview 8-10
support for 1-8
tracking services accessed by user 8-16
tagged packets
IEEE 802.1Q 16-3
Layer 2 protocol 16-8
tar files
creating B-5
displaying the contents of B-6
extracting B-7
image file format B-20
TDR 1-11
Telnet
accessing management interfaces 2-10
number of connections 1-5
setting a password 8-6
templates, SDM 7-1
temporary self-signed certificate 8-42
Terminal Access Controller Access Control System Plus
terminal lines, setting a password 8-6
TFTP
configuration files
downloading B-10
preparing the server B-10
uploading B-11
configuration files in base directory 3-6
configuring for autoconfiguration 3-5
image files
deleting B-23
downloading B-22
preparing the server B-22
uploading B-24
limiting access by servers 30-16
TFTP server 1-5
threshold, traffic level 24-2
time
Time Domain Reflector
time-range command 31-16
time ranges in ACLs 31-16
time stamps in log messages 29-7
time zones 6-12
Token Ring VLANs
support for 12-6
VTP support 13-4
ToS 1-9
traceroute, Layer 2
and ARP 42-16
and CDP 42-15
broadcast traffic 42-15
described 42-15
IP addresses and subnets 42-16
MAC addresses and VLANs 42-15
multicast traffic 42-15
multiple devices on a port 42-16
unicast traffic 42-15
usage guidelines 42-15
traceroute command 42-17
traffic
blocking flooded 24-7
fragmented 31-5
fragmented IPv6 37-2
unfragmented 31-5
traffic policing 1-9
traffic suppression 24-1
transmit hold-count
transparent mode, VTP 13-3, 13-12
trap-door mechanism 3-2
traps
configuring MAC address notification 6-22
configuring managers 30-12
defined 30-3
notification types 30-12
troubleshooting
connectivity problems 42-13, 42-15, 42-16
detecting unidirectional links 26-1
displaying crash information 42-23
PIMv1 and PIMv2 interoperability problems 39-22
setting packet forwarding 42-20
SFP security and identification 42-12
show forward command 42-20
with CiscoWorks 30-4
with debug commands 42-19
with ping 42-13
with system message logging 29-1
with traceroute 42-16
trunking encapsulation 1-7
trunk ports
configuring 12-20
encapsulation 12-20, 12-25, 12-27
trunks
allowed-VLAN list 12-21
configuring 12-20, 12-25, 12-27
ISL 12-16
load sharing
setting STP path costs 12-26
using STP port priorities 12-24, 12-25
native VLAN for untagged traffic 12-23
parallel 12-26
pruning-eligible list 12-22
to non-DTP device 12-17
trusted boundary for QoS 32-38
trusted port states
between QoS domains 32-40
classification options 32-5
ensuring port security for IP phones 32-38
support for 1-9
within a QoS domain 32-36
trustpoints, CA 8-42
tunneling
defined 16-1
IEEE 802.1Q 16-1
Layer 2 protocol 16-8
tunnel ports
defined 12-4
IEEE 802.1Q, configuring 16-6
incompatibilities with other features 16-6
twisted-pair Ethernet, detecting unidirectional links 26-1
type of service
U
UDLD
configuration guidelines 26-4
default configuration 26-4
disabling
globally 26-5
on fiber-optic interfaces 26-5
per interface 26-5
echoing detection mechanism 26-2
enabling
globally 26-5
per interface 26-5
Layer 2 protocol tunneling 16-10
link-detection mechanism 26-1
neighbor database 26-2
overview 26-1
resetting an interface 26-6
status, displaying 26-6
support for 1-6
UDP, configuring 34-15
unauthorized ports with IEEE 802.1x 9-4
unicast MAC address filtering 1-5
and adding static addresses 6-25
and broadcast MAC addresses 6-25
and CPU packets 6-25
and multicast addresses 6-25
and router MAC addresses 6-25
configuration guidelines 6-25
described 6-25
unicast storm 24-1
unicast storm control command 24-4
unicast traffic, blocking 24-7
UniDirectional Link Detection protocol
UNIX syslog servers
daemon configuration 29-11
facilities supported 29-12
message logging configuration 29-11
unrecognized Type-Length-Value (TLV) support 13-4
upgrading information
upgrading software images
UplinkFast
described 19-4
disabling 19-13
enabling 19-13
support for 1-6
uploading
configuration files
reasons for B-8
using FTP B-14
using RCP B-18
using TFTP B-11
uploading (continued)image files
reasons for B-19
using FTP B-28
using RCP B-32
using TFTP B-24
User Datagram Protocol
user EXEC mode 2-2
username-based authentication 8-6
V
version-dependent transparent mode 13-4
virtual IP address
cluster standby group 5-11
command switch 5-11
Virtual Private Network
vlan.dat file 12-5
VLAN 1, disabling on a trunk port 12-22
VLAN 1 minimization 12-21
VLAN ACLs
vlan-assignment response, VMPS 12-28
VLAN configuration
at bootup 12-8
saving 12-8
VLAN configuration mode 2-2, 12-7
VLAN database
and startup configuration file 12-8
and VTP 13-1
VLAN configuration saved in 12-7
VLANs saved in 12-4
vlan database command 12-7
vlan dot1q tag native command 16-5
VLAN filtering and SPAN 27-6
vlan global configuration command 12-7