-
Catalyst 3560 Software Configuration Guide, Release 12.2(58)SE
-
Index
-
Preface
-
Overview
-
Using the Command-Line Interface
-
Assigning the Switch IP Address and Default Gateway
-
Configuring Cisco IOS Configuration Engine
-
Clustering Switches
-
Administering the Switch
-
Configuring SDM Templates
-
Configuring Switch-Based Authentication
-
Configuring IEEE 802.1x Port-Based Authentication
-
Configuring Web-Based Authentication
-
Configuring Interface Characteristics
-
Configuring VLANs
-
Configuring VTP
-
Configuring Voice VLAN
-
Configuring Private VLANs
-
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
-
Configuring STP
-
Configuring MSTP
-
Configuring Optional Spanning-Tree Features
-
Configuring Flex Links and the MAC Address-Table Move Update Feature
-
Configuring DHCP Features and IP Source Guard
-
Configuring Dynamic ARP Inspection
-
Configuring IGMP Snooping and MVR
-
Configuring Port-Based Traffic Control
-
Configuring CDP
-
Configuring LLDP, LLDP-MED, and Wired Location Service
-
Configuring UDLD
-
Configuring SPAN and RSPAN
-
Configuring RMON
-
Configuring System Message Logging
-
Configuring SNMP
-
Configuring Embedded Event Manager
-
Configuring Network Security with ACLs
-
Configuring QoS
-
Configuring EtherChannels and Link-State Tracking
-
Configuring TelePresence E911 IP Phone Support
-
Configuring IP Unicast Routing
-
Configuring IPv6 Routing
-
Configuring IPv6 ACLs
-
Configuring IPv6 MLD Snooping
-
Configuring HSRP and VRRP
-
Configuring Cisco IOS IP SLAs Operations
-
Configuring Enhanced Object Tracking
-
Configuring Cache Services By Using WCCP
-
Configuring IP Multicast Routing
-
Configuring MSDP
-
Configuring Fallback Bridging
-
Troubleshooting
-
Configuring Online Diagnostics
-
Working with the Cisco IOS File System, Configuration Files, and Software Images
-
Unsupported Commands in Cisco IOS Release 12.2(58)SE
-
Feedback
Table Of Contents
A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
A
AAA down policy, NAC Layer 2 IP validation 1-11
abbreviating commands 2-3
ABRs 37-24
AC (command switch) 5-10
access-class command 33-20
access control entries
access control entry (ACE) 40-3
access-denied response, VMPS 13-25
access groups
applying IPv4 ACLs to interfaces 33-21
Layer 2 33-21
Layer 3 33-21
accessing
clusters, switch 5-13
command switches 5-11
member switches 5-13
switch clusters 5-13
access lists
access ports
and Layer 2 protocol tunneling 16-10
defined 11-3
in switch clusters 5-9
access template 7-1
accounting
with 802.1x 9-48
with IEEE 802.1x 9-15
with RADIUS 8-33
ACEs
and QoS 34-8
defined 33-2
Ethernet 33-2
IP 33-2
ACLs
ACEs 33-2
any keyword 33-13
applying
on bridged packets 33-41
on multicast packets 33-42
on routed packets 33-42
on switched packets 33-40
time ranges to 33-17
to IPv6 interfaces 40-7
to QoS 34-8
classifying traffic for QoS 34-49
comments in 33-19
compiling 33-23
extended IP, configuring for QoS classification 34-50
extended IPv4
creating 33-10
matching criteria 33-7
hardware and software handling 33-22
host keyword 33-13
IP
creating 33-7
fragments and QoS guidelines 34-39
implicit deny 33-10, 33-14, 33-16
implicit masks 33-10
matching criteria 33-7
undefined 33-21
IPv4
applying to interfaces 33-20
creating 33-7
matching criteria 33-7
named 33-15
numbers 33-8
terminal lines, setting on 33-19
unsupported features 33-6
IPv6
applying to interfaces 40-7
displaying 40-8
interactions with other features 40-4
matching criteria 40-3
named 40-2
precedence of 40-2
supported 40-2
unsupported features 40-3
Layer 4 information in 33-40
logging messages 33-8
named, IPv4 33-15
named, IPv6 40-2
names 40-4
number per QoS class map 34-39
precedence of 33-2
resequencing entries 33-15
router ACLs and VLAN map configuration guidelines 33-39
standard IP, configuring for QoS classification 34-49
standard IPv4
creating 33-9
matching criteria 33-7
support for 1-10
support in hardware 33-22
time ranges 33-17
types supported 33-2
unsupported features, IPv4 33-6
unsupported features, IPv6 40-3
using router ACLs with VLAN maps 33-39
VLAN maps
configuration guidelines 33-31
configuring 33-30
active links 19-1
active router 41-2
active traffic monitoring, IP SLAs 42-1
address aliasing 22-2
addresses
displaying the MAC address table 6-23
dynamic
accelerated aging 26-8
changing the aging time 6-14
default aging 26-8
defined 6-12
learning 6-13
removing 6-15
IPv6 38-2
MAC, discovering 6-23
multicast
group address range 45-3
STP address management 26-8
static
adding and removing 6-19
defined 6-12
Address Resolution Protocol
adjacency tables, with CEF 37-88
administrative distances
defined 37-100
OSPF 37-31
routing protocol defaults 37-90
advertisements
CDP 24-1
RIP 37-19
aggregatable global unicast addresses 38-3
aggregate addresses, BGP 37-58
aggregated ports
aggregate policers 34-66
aggregate policing 1-13
aging, accelerating 26-8
aging time
accelerated
for MSTP 17-23
MAC address table 6-14
maximum
alarms, RMON 29-3
allowed-VLAN list 13-18
application engines, redirecting traffic to 44-1
area border routers
area routing
IS-IS 37-63
ISO IGRP 37-63
ARP
configuring 37-8
encapsulation 37-9
static cache configuration 37-8
table
address resolution 6-23
managing 6-23
ASBRs 37-24
AS-path filters, BGP 37-52
asymmetrical links, and IEEE 802.1Q tunneling 16-4
attributes, RADIUS
vendor-proprietary 8-36
vendor-specific 8-34
attribute-value pairs 9-12, 9-15, 9-20, 9-21
authentication
EIGRP 37-38
HSRP 41-10
local mode with AAA 8-42
open1x 9-29
RADIUS
key 8-26
login 8-28
TACACS+
defined 8-11
key 8-13
login 8-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 9-8
authentication failed VLAN
authentication keys, and routing protocols 37-100
authentication manager
CLI commands 9-9
compatibility with older 802.1x CLI commands9-9to ??
overview 9-7
authoritative time source, described 6-2
authorization
with RADIUS 8-32
authorized ports with IEEE 802.1x 9-10
autoconfiguration 3-3
auto enablement 9-30
automatic discovery
considerations
beyond a noncandidate device 5-8
brand new switches 5-9
connectivity 5-4
different VLANs 5-7
management VLANs 5-7
non-CDP-capable devices 5-6
noncluster-capable devices 5-6
routed ports 5-8
in switch clusters 5-4
automatic QoS
automatic recovery, clusters 5-10
auto-MDIX
configuring 11-21
described 11-20
autonegotiation
duplex mode 1-4
interface configuration guidelines 11-18
mismatches 48-11
autonomous system boundary routers
autonomous systems, in BGP 37-46
Auto-QoS video devices 1-13
Auto-RP, described 45-6
autosensing, port speed 1-4
autostate exclude 11-5
auxiliary VLAN
availability, features 1-7
B
BackboneFast
described 18-5
disabling 18-14
enabling 18-13
support for 1-8
backup interfaces
backup links 19-1
backup static routing, configuring 43-11
banners
configuring
login 6-12
message-of-the-day login 6-11
default configuration 6-10
when displayed 6-10
Berkeley r-tools replacement 8-54
BGP
aggregate addresses 37-58
aggregate routes, configuring 37-58
CIDR 37-58
clear commands 37-61
community filtering 37-55
configuring neighbors 37-56
default configuration 37-43
described 37-42
enabling 37-46
monitoring 37-61
multipath support 37-50
neighbors, types of 37-46
path selection 37-50
peers, configuring 37-56
prefix filtering 37-54
resetting sessions 37-49
route dampening 37-60
route maps 37-52
route reflectors 37-59
routing domain confederation 37-59
routing session with multi-VRF CE 37-82
show commands 37-61
supernets 37-58
support for 1-14
Version 4 37-42
binding cluster group and HSRP group 41-12
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 20-6
DHCP snooping database 20-6
IP source guard 20-15
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 23-7
Boolean expressions in tracked lists 43-4
booting
boot loader, function of 3-2
boot process 3-1
manually 3-18
specific image 3-19
boot loader
accessing 3-19
described 3-2
environment variables 3-19
prompt 3-19
trap-door mechanism 3-2
bootstrap router (BSR), described 45-7
Border Gateway Protocol
BPDU
error-disabled state 18-2
filtering 18-3
RSTP format 17-12
BPDU filtering
described 18-3
disabling 18-12
enabling 18-12
support for 1-8
BPDU guard
described 18-2
disabling 18-12
enabling 18-11
support for 1-8
bridged packets, ACLs on 33-41
bridge groups
bridge protocol data unit
broadcast flooding 37-16
broadcast packets
directed 37-13
flooded 37-13
broadcast storm-control command 23-4
C
cables, monitoring for unidirectional links 27-1
candidate switch
automatic discovery 5-4
defined 5-3
requirements 5-3
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility 9-8
CA trustpoint
configuring 8-51
defined 8-48
CDP
and trusted boundary 34-45
automatic discovery in switch clusters 5-4
configuring 24-2
default configuration 24-2
defined with LLDP 25-1
described 24-1
disabling for routing device24-3to 24-4
enabling and disabling
on an interface 24-4
on a switch 24-3
Layer 2 protocol tunneling 16-7
monitoring 24-5
overview 24-1
power negotiation extensions 11-7
support for 1-6
transmission timer and holdtime, setting 24-2
updates 24-2
CEF
defined 37-87
enabling 37-88
IPv6 38-18
CGMP
as IGMP snooping learning method 22-8
clearing cached group entries 45-61
enabling server support 45-43
joining multicast group 22-3
overview 45-9
server support only 45-9
switch support of 1-4
CIDR 37-58
CipherSuites 8-50
Cisco 7960 IP Phone 12-1
Cisco Discovery Protocol
Cisco Express Forwarding
Cisco Group Management Protocol
Cisco intelligent power management 11-7
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
Cisco IOS IP SLAs 42-2
Cisco Redundant Power System 2300
configuring 11-29
managing 11-29
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 9-21
attribute-value pairs for redirect URL 9-20
Cisco Secure ACS configuration guide 9-59
CISP 9-30
CIST regional root
CIST root
civic location 25-3
classless interdomain routing
classless routing 37-6
class maps for QoS
configuring 34-52
described 34-8
displaying 34-86
class of service
clearing interfaces 11-32
CLI
abbreviating commands 2-3
command modes 2-1
configuration logging 2-4
described 1-5
editing features
enabling and disabling 2-6
keystroke editing 2-7
wrapped lines 2-8
error messages 2-4
filtering command output 2-9
getting help 2-3
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
managing clusters 5-15
no and default forms of commands 2-4
Client Information Signalling Protocol
client mode, VTP 14-3
client processes, tracking 43-1
CLNS
clock
clusters, switch
accessing 5-13
automatic discovery 5-4
automatic recovery 5-10
benefits 1-2
compatibility 5-4
described 5-1
LRE profile considerations 5-14
managing
through CLI 5-15
through SNMP 5-15
planning 5-4
planning considerations
automatic discovery 5-4
automatic recovery 5-10
CLI 5-15
host names 5-13
IP addresses 5-13
LRE profiles 5-14
passwords 5-13
RADIUS 5-14
TACACS+ 5-14
cluster standby group
and HSRP group 41-12
automatic recovery 5-12
considerations 5-11
defined 5-2
requirements 5-3
virtual IP address 5-11
CNS 1-6
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-7
management functions 1-5
CoA Request Commands 8-23
Coarse Wave Division Multiplexer
command-line interface
command modes 2-1
commands
abbreviating 2-3
no and default 2-4
commands, setting privilege levels 8-8
command switch
accessing 5-11
active (AC) 5-10
configuration conflicts 48-11
defined 5-2
passive (PC) 5-10
password privilege levels 5-15
priority 5-10
recovery
from command-switch failure 5-10, 48-7
from lost member connectivity 48-11
redundant 5-10
replacing
with another switch 48-9
with cluster member 48-8
requirements 5-3
standby (SC) 5-10
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 37-55
community ports 15-2
community strings
for cluster switches 31-4
in clusters 5-14
overview 31-4
SNMP 5-14
compatibility, feature 23-12
config.text 3-17
configurable leave timer, IGMP 22-5
configuration, initial
defaults 1-17
Express Setup 1-2
configuration changes, logging 30-10
configuration conflicts, recovering from lost member connectivity 48-11
configuration examples, network 1-20
configuration files
archiving A-19
clearing the startup configuration A-18
creating using a text editor A-9
default name 3-17
deleting a stored configuration A-18
described A-8
downloading
automatically 3-17
reasons for A-8
using FTP A-13
using RCP A-16
using TFTP A-11
guidelines for creating and using A-8
guidelines for replacing and rolling back A-20
invalid combinations when copying A-5
limiting TFTP server access 31-16
obtaining with DHCP 3-8
password recovery disable considerations 8-5
replacing a running configuration A-18, A-19
rolling back a running configuration A-18, A-20
specifying the filename 3-17
system contact and location information 31-16
types and location A-9
uploading
reasons for A-8
using FTP A-14
using RCP A-17
using TFTP A-11
configuration guidelines, multi-VRF CE 37-75
configuration logger 30-10
configuration logging 2-4
configuration replacement A-18
configuration rollback A-18, A-19
configuration settings, saving 3-15
configure terminal command 11-11
configuring 802.1x user distribution 9-55
configuring port-based authentication violation modes 9-39
configuring small-frame arrival rate 23-5
Configuring VACL Logging 33-37
conflicts, configuration 48-11
connections, secure remote 8-44
connectivity problems 48-13, 48-14, 48-16
consistency checks in VTP Version 2 14-4
console port, connecting to 2-9
content-routing technology
control protocol, IP SLAs 42-4
corrupted software, recovery steps with Xmodem 48-2
CoS
in Layer 2 frames 34-2
override priority 12-6
trust priority 12-6
CoS input queue threshold map for QoS 34-17
CoS output queue threshold map for QoS 34-19
CoS-to-DSCP map for QoS 34-68
counters, clearing interface 11-32
CPU utilization, troubleshooting 48-24
crashinfo file 48-22
critical authentication, IEEE 802.1x 9-52
critical VLAN 9-23
cryptographic software image
Kerberos 8-38
SSH 8-43
SSL 8-48
customer edge devices 37-73
customjzeable web pages, web-based authentication 10-6
CWDM SFPs 1-26
D
DACL
daylight saving time 6-6
debugging
enabling all system diagnostics 48-19
enabling for a specific feature 48-19
redirecting error message output 48-20
using commands 48-18
default commands 2-4
default configuration
802.1x 9-33
auto-QoS 34-22
banners 6-10
BGP 37-43
CDP 24-2
DHCP 20-8
DHCP option 82 20-8
DHCP snooping 20-8
DHCP snooping binding database 20-8
DNS 6-9
dynamic ARP inspection 21-5
EIGRP 37-35
EtherChannel 35-10
Ethernet interfaces 11-15
fallback bridging 47-3
HSRP 41-5
IEEE 802.1Q tunneling 16-4
IGMP 45-38
IGMP filtering 22-24
IGMP snooping 22-6, 39-5, 39-6
IGMP throttling 22-24
initial switch information 3-3
IP addressing, IP routing 37-4
IP multicast routing 45-10
IP SLAs 42-6
IP source guard 20-17
IPv6 38-10
IS-IS 37-64
Layer 2 interfaces 11-15
Layer 2 protocol tunneling 16-10
LLDP 25-5
MAC address table 6-14
MAC address-table move update 19-8
MSDP 46-4
MSTP 17-14
multi-VRF CE 37-75
MVR 22-19
optional spanning-tree configuration 18-9
OSPF 37-25
password and privilege level 8-2
PIM 45-10
private VLANs 15-6
RADIUS 8-25
RIP 37-19
RMON 29-3
RSPAN 28-9
SDM template 7-3
SNMP 31-6
SPAN 28-9
SSL 8-50
standard QoS 34-37
STP 26-11
system message logging 30-3
system name and prompt 6-8
TACACS+ 8-13
UDLD 27-4
VLAN, Layer 2 Ethernet interfaces 13-16
VLANs 13-7
VMPS 13-26
voice VLAN 12-3
VTP 14-7
WCCP 44-5
default networks 37-91
default router preference
default routes 37-90
default routing 37-2
default web-based authentication configuration
802.1X 10-9
deleting VLANs 13-9
denial-of-service attack 23-1
description command 11-24
designing your network, examples 1-20
destination addresses
in IPv4 ACLs 33-12
in IPv6 ACLs 40-5
destination-IP address-based forwarding, EtherChannel 35-8
destination-MAC address forwarding, EtherChannel 35-8
detecting indirect link failures, STP 18-5
device A-23
device discovery protocol 24-1, 25-1
device manager
benefits 1-2
in-band management 1-6
upgrading a switch A-23
DHCP
Cisco IOS server database
configuring 20-13
default configuration 20-8
described 20-6
DHCP for IPv6
enabling
relay agent 20-10
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-7
relay device 3-7
server side 3-6
TFTP server 3-7
example 3-9
lease options
for IP address information 3-6
for receiving the configuration file 3-6
overview 3-3
relationship to BOOTP 3-3
support for 1-6
DHCP-based autoconfiguration and image update
understanding 3-5
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP object tracking, configuring primary interface 43-10
DHCP option 82
circuit ID suboption 20-5
configuration guidelines 20-8
default configuration 20-8
displaying 20-15
forwarding address, specifying 20-10
helper address 20-10
overview 20-3
packet format, suboption
circuit ID 20-5
remote ID 20-5
remote ID suboption 20-5
DHCP server port-based address allocation
configuration guidelines 20-25
default configuration 20-25
described 20-25
displaying 20-28
enabling 20-26
reserved addresses 20-26
DHCP server port-based address assignment
support for 1-6
DHCP snooping
accepting untrusted packets form edge switch 20-3, 20-12
and private VLANs 20-13
binding database
See DHCP snooping binding database
configuration guidelines 20-8
default configuration 20-8
displaying binding tables 20-15
message exchange process 20-4
option 82 data insertion 20-3
trusted interface 20-2
untrusted interface 20-2
untrusted messages 20-2
DHCP snooping binding database
adding bindings 20-14
binding file
format 20-7
location 20-6
bindings 20-6
clearing agent statistics 20-14
configuration guidelines 20-9
configuring 20-14
default configuration 20-8
deleting
binding file 20-14
bindings 20-14
database agent 20-14
described 20-6
displaying 20-15
binding entries 20-15
status and statistics 20-15
enabling 20-14
entry 20-6
renewing database 20-14
resetting
delay value 20-14
timeout value 20-14
DHCP snooping binding table
See DHCP snooping binding database
DHCPv6
configuration guidelines 38-15
default configuration 38-15
described 38-6
enabling client function 38-17
enabling DHCPv6 server function 38-15
support for 1-14
Differentiated Services architecture, QoS 34-2
Differentiated Services Code Point 34-2
Diffusing Update Algorithm (DUAL) 37-33
directed unicast requests 1-6
directories
changing A-3
creating and removing A-4
displaying the working A-3
discovery, clusters
Distance Vector Multicast Routing Protocol
distance-vector protocols 37-3
distribute-list command 37-99
DNS
and DHCP-based autoconfiguration 3-7
default configuration 6-9
displaying the configuration 6-10
in IPv6 38-4
overview 6-8
setting up 6-9
support for 1-6
DNS-based SSM mapping 45-18, 45-20
domain names
DNS 6-8
VTP 14-8
Domain Name System
domains, ISO IGRP routing 37-63
dot1q-tunnel switchport mode 13-15
double-tagged packets
IEEE 802.1Q tunneling 16-2
Layer 2 protocol tunneling 16-10
downloadable ACL 9-19, 9-21, 9-59
downloading
configuration files
reasons for A-8
using FTP A-13
using RCP A-16
using TFTP A-11
image files
deleting old image A-27
reasons for A-23
using CMS 1-2
using FTP A-30
using RCP A-34
using TFTP A-26
using the device manager or Network Assistant A-23
drop threshold for Layer 2 protocol packets 16-11
DRP
configuring 38-13
described 38-4
IPv6 38-4
support for 1-14
DSCP input queue threshold map for QoS 34-17
DSCP output queue threshold map for QoS 34-19
DSCP-to-CoS map for QoS 34-71
DSCP-to-DSCP-mutation map for QoS 34-72
DSCP transparency 34-46
dual-action detection 35-5
DUAL finite state machine, EIGRP 37-34
dual IPv4 and IPv6 templates 7-2, 38-5, 38-6
dual protocol stacks
IPv4 and IPv6 38-5
SDM templates supporting 38-6
dual-purpose uplinks
defined 11-6
LEDs 11-6
setting the type 11-16
DVMRP
autosummarization
configuring a summary address 45-57
disabling 45-59
connecting PIM domain to DVMRP router 45-50
enabling unicast routing 45-53
interoperability
with Cisco devices 45-48
with Cisco IOS software 45-8
mrinfo requests, responding to 45-52
neighbors
advertising the default route to 45-51
discovery with Probe messages 45-48
displaying information 45-52
prevent peering with nonpruning 45-55
rejecting nonpruning 45-53
overview 45-8
routes
adding a metric offset 45-59
advertising all 45-59
advertising the default route to neighbors 45-51
caching DVMRP routes learned in report messages 45-53
changing the threshold for syslog messages 45-56
deleting 45-61
displaying 45-61
favoring one over another 45-59
limiting the number injected into MBONE 45-56
limiting unicast route advertisements 45-48
routing table 45-9
source distribution tree, building 45-9
support for 1-14
tunnels
configuring 45-50
displaying neighbor information 45-52
dynamic access ports
characteristics 13-3
configuring 13-27
defined 11-3
dynamic addresses
dynamic ARP inspection
ARP cache poisoning 21-1
ARP requests, described 21-1
ARP spoofing attack 21-1
clearing
log buffer 21-15
statistics 21-15
configuration guidelines 21-5
configuring
ACLs for non-DHCP environments 21-8
in DHCP environments 21-6
log buffer 21-12
rate limit for incoming ARP packets 21-4, 21-10
default configuration 21-5
denial-of-service attacks, preventing 21-10
described 21-1
DHCP snooping binding database 21-2
displaying
ARP ACLs 21-14
configuration and operating state 21-14
log buffer 21-15
statistics 21-15
trust state and rate limit 21-14
error-disabled state for exceeding rate limit 21-4
function of 21-2
interface trust states 21-2
log buffer
clearing 21-15
configuring 21-12
displaying 21-15
logging of dropped packets, described 21-4
man-in-the middle attack, described 21-2
network security issues and interface trust states 21-2
priority of ARP ACLs and DHCP snooping entries 21-4
rate limiting of ARP packets
configuring 21-10
described 21-4
error-disabled state 21-4
statistics
clearing 21-15
displaying 21-15
validation checks, performing 21-11
dynamic auto trunking mode 13-15
dynamic desirable trunking mode 13-15
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 13-25
reconfirming 13-28
troubleshooting 13-30
types of connections 13-27
dynamic routing 37-3
ISO CLNS 37-62
Dynamic Trunking Protocol
E
EBGP 37-41
editing features
enabling and disabling 2-6
keystrokes used 2-7
wrapped lines 2-8
EEM 3.2 32-5
EIGRP
authentication 37-38
components 37-34
configuring 37-37
default configuration 37-35
definition 37-33
interface parameters, configuring 37-38
monitoring 37-40
stub routing 37-39
ELIN location 25-3
embedded event manager
3.2 32-5
actions 32-4
displaying information 32-7
environmental variables 32-4
event detectors 32-2
policies 32-4
registering and defining an applet 32-6
registering and defining a TCL script 32-6
understanding 32-1
enable password 8-3
enable secret password 8-3
encryption, CipherSuite 8-50
encryption for passwords 8-3
Enhanced IGRP
enhanced object tracking
backup static routing 43-11
commands 43-1
defined 43-1
DHCP primary interface 43-10
HSRP 43-7
IP routing state 43-2
IP SLAs 43-9
line-protocol state 43-2
network monitoring with IP SLAs 43-11
routing policy, configuring 43-11
static route primary interface 43-10
tracked lists 43-3
enhanced object tracking static routing 43-10
environmental variables, embedded event manager 32-4
environment variables, function of 3-20
equal-cost routing 1-14, 37-89
error-disabled state, BPDU 18-2
error messages during command entry 2-4
EtherChannel
automatic creation of 35-4, 35-6
channel groups
binding physical and logical interfaces 35-3
numbering of 35-3
configuration guidelines 35-10
configuring
Layer 2 interfaces 35-11
Layer 3 physical interfaces 35-14
Layer 3 port-channel logical interfaces 35-13
default configuration 35-10
described 35-2
displaying status 35-20
forwarding methods 35-7, 35-16
IEEE 802.3ad, described 35-6
interaction
with STP 35-10
with VLANs 35-11
LACP
described 35-6
displaying status 35-20
hot-standby ports 35-18
interaction with other features 35-7
modes 35-6
port priority 35-19
system priority 35-19
Layer 3 interface 37-3
logical interfaces, described 35-3
PAgP
aggregate-port learners 35-17
compatibility with Catalyst 1900 35-17
described 35-4
displaying status 35-20
interaction with other features 35-6
interaction with virtual switches 35-5
learn method and priority configuration 35-17
modes 35-5
support for 1-4
with dual-action detection 35-5
port-channel interfaces
described 35-3
numbering of 35-3
port groups 11-6
support for 1-4
EtherChannel guard
described 18-7
disabling 18-14
enabling 18-14
Ethernet VLANs
adding 13-8
defaults and ranges 13-7
modifying 13-8
EUI 38-3
event detectors, embedded event manager 32-2
events, RMON 29-3
examples
network configuration 1-20
expedite queue for QoS 34-85
Express Setup 1-2
See also getting started guide
extended crashinfo file 48-22
extended-range VLANs
configuration guidelines 13-11
configuring 13-10
creating 13-12
creating with an internal VLAN ID 13-13
defined 13-1
extended system ID
MSTP 17-17
extended universal identifier
Extensible Authentication Protocol over LAN 9-1
external BGP
external neighbors, BGP 37-46
F
fa0 interface 1-7
fallback bridging
and protected ports 47-3
bridge groups
creating 47-3
described 47-1
displaying 47-10
function of 47-2
number supported 47-4
removing 47-4
bridge table
clearing 47-10
displaying 47-10
configuration guidelines 47-3
connecting interfaces with 11-10
default configuration 47-3
described 47-1
frame forwarding
flooding packets 47-2
forwarding packets 47-2
overview 47-1
protocol, unsupported 47-3
STP
disabling on an interface 47-9
forward-delay interval 47-8
hello BPDU interval 47-7
interface priority 47-6
maximum-idle interval 47-8
path cost 47-6
VLAN-bridge spanning-tree priority 47-5
VLAN-bridge STP 47-2
support for 1-14
SVIs and routed ports 47-1
unsupported protocols 47-3
VLAN-bridge STP 26-10
Fast Convergence 19-3
features, incompatible 23-12
FIB 37-88
fiber-optic, detecting unidirectional links 27-1
files
basic crashinfo
description 48-22
location 48-22
copying A-4
crashinfo, description 48-22
deleting A-5
displaying the contents of A-7
extended crashinfo
description 48-23
location 48-23
tar
creating A-6
displaying the contents of A-6
extracting A-7
image file format A-24
file system
displaying available file systems A-2
displaying file information A-3
local file system names A-1
network file system names A-4
setting the default A-3
filtering
in a VLAN 33-30
non-IP traffic 33-28
show and more command output 2-9
filtering show and more command output 2-9
filters, IP
flash device, number of A-1
flexible authentication ordering
configuring 9-62
overview 9-29
Flex Link Multicast Fast Convergence 19-3
Flex Links
configuration guidelines 19-8
configuring preferred VLAN 19-11
configuring VLAN load balancing 19-10
default configuration 19-7
description 19-1
link load balancing 19-2
monitoring 19-14
VLANs 19-2
flooded traffic, blocking 23-8
flow-based packet classification 1-12
flowcharts
QoS classification 34-7
QoS egress queueing and scheduling 34-18
QoS ingress queueing and scheduling 34-16
QoS policing and marking 34-11
flowcontrol
configuring 11-20
described 11-19
forward-delay time
MSTP 17-23
STP 26-21
Forwarding Information Base
forwarding nonroutable protocols 47-1
FTP
configuration files
downloading A-13
overview A-12
preparing the server A-12
uploading A-14
image files
deleting old image A-31
downloading A-30
preparing the server A-29
uploading A-31
G
general query 19-5
Generating IGMP Reports 19-3
get-bulk-request operation 31-3
get-next-request operation 31-3, 31-4
get-request operation 31-3, 31-4
get-response operation 31-3
global configuration mode 2-2
global leave, IGMP 22-12
guest VLAN and 802.1x 9-22
guide mode 1-2
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces 11-26
hello time
MSTP 17-22
STP 26-20
help, for the command line 2-3
HFTM space 48-23
hierarchical policy maps 34-9
configuration guidelines 34-39
configuring 34-58
described 34-12
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 30-10
host names, in clusters 5-13
host ports
configuring 15-11
kinds of 15-2
hosts, limit on dynamic ports 13-30
Hot Standby Router Protocol
HP OpenView 1-5
HQATM space 48-23
HSRP
authentication string 41-10
automatic cluster recovery 5-12
binding to cluster group 41-12
cluster standby group considerations 5-11
command-switch redundancy 1-1, 1-7
configuring 41-4
default configuration 41-5
definition 41-1
guidelines 41-5
monitoring 41-13
object tracking 43-7
overview 41-1
priority 41-7
routing redundancy 1-13
support for ICMP redirect messages 41-12
timers 41-10
tracking 41-8
See also clusters, cluster standby group, and standby command switch
HSRP for IPv6
configuring 38-24
guidelines 38-23
HTTP over SSL
HTTPS 8-48
configuring 8-52
self-signed certificate 8-49
HTTP secure server 8-48
Hulc Forwarding TCAM Manager
Hulc QoS/ACL TCAM Manager
I
IBPG 37-41
ICMP
IPv6 38-4
redirect messages 37-11
support for 1-14
time-exceeded messages 48-16
traceroute and 48-16
unreachable messages 33-20
unreachable messages and IPv6 40-4
unreachables and ACLs 33-22
ICMP Echo operation
configuring 42-12
IP SLAs 42-12
ICMP ping
executing 48-13
overview 48-13
ICMP Router Discovery Protocol
ICMPv6 38-4
IDS appliances
and ingress RSPAN 28-20
and ingress SPAN 28-13
IEEE 802.1D
IEEE 802.1p 12-1
IEEE 802.1Q
and trunk ports 11-3
configuration limitations 13-16
native VLAN for untagged traffic 13-20
tunneling
compatibility with other features 16-5
defaults 16-4
described 16-1
tunnel ports with other features 16-6
IEEE 802.1s
IEEE 802.1w
IEEE 802.1x
IEEE 802.3ad
IEEE 802.3af
IEEE 802.3x flow control 11-19
ifIndex values, SNMP 31-5
IFS 1-6
IGMP
configurable leave timer
described 22-5
enabling 22-11
configuring the switch
as a member of a group 45-38
statically connected member 45-42
controlling access to groups 45-39
default configuration 45-38
deleting cache entries 45-61
displaying groups 45-61
fast switching 45-43
flooded multicast traffic
controlling the length of time 22-12
disabling on an interface 22-13
global leave 22-12
query solicitation 22-12
recovering from flood mode 22-12
host-query interval, modifying 45-40
joining multicast group 22-3
join messages 22-3
leave processing, enabling 22-10, 39-9
leaving multicast group 22-5
multicast reachability 45-38
overview 45-2
queries 22-4
report suppression
described 22-6
supported versions 22-2
support for 1-4
Version 1
changing to Version 2 45-40
described 45-3
Version 2
changing to Version 1 45-40
described 45-3
maximum query response time value 45-42
pruning groups 45-42
query timeout value 45-41
IGMP filtering
configuring 22-24
default configuration 22-24
described 22-23
monitoring 22-28
support for 1-4
IGMP groups
configuring filtering 22-27
setting the maximum number 22-26
IGMP Immediate Leave
configuration guidelines 22-11
described 22-5
enabling 22-10
IGMP profile
applying 22-25
configuration mode 22-24
configuring 22-25
IGMP snooping
and address aliasing 22-2
configuring 22-6
default configuration 22-6, 39-5, 39-6
definition 22-1
enabling and disabling 22-7, 39-6
global configuration 22-7
Immediate Leave 22-5
method 22-8
querier
configuration guidelines 22-14
configuring 22-14
supported versions 22-2
support for 1-4
VLAN configuration 22-7
IGMP throttling
configuring 22-27
default configuration 22-24
described 22-23
displaying action 22-28
IGP 37-24
Immediate Leave, IGMP 22-5
enabling 39-9
inaccessible authentication bypass 9-23
support for multiauth ports 9-24
initial configuration
defaults 1-17
Express Setup 1-2
interface
number 11-10
range macros 11-13
interface command??to 11-11
interface configuration mode 2-2
interfaces
auto-MDIX, configuring 11-20
configuration guidelines
duplex and speed 11-18
configuring
procedure 11-11
counters, clearing 11-32
default configuration 11-15
described 11-24
descriptive name, adding 11-24
displaying information about 11-31
flow control 11-19
management 1-5
monitoring 11-31
naming 11-24
physical, identifying 11-10
range of 11-11
restarting 11-32
shutting down 11-32
speed and duplex, configuring 11-18
status 11-31
supported 11-10
types of 11-1
interfaces range macro command 11-13
interface types 11-10
Interior Gateway Protocol
internal BGP
internal neighbors, BGP 37-46
Internet Control Message Protocol
Internet Group Management Protocol
Internet Protocol version 6
Inter-Switch Link
Intrusion Detection System
inventory management TLV 25-3, 25-7
IP ACLs
for QoS classification 34-8
implicit masks 33-10
named 33-15
undefined 33-21
IP addresses
128-bit 38-2
classes of 37-5
cluster access 5-2
command switch 5-3, 5-11, 5-13
default configuration 37-4
discovering 6-23
for IP routing 37-4
IPv6 38-2
MAC address association 37-8
monitoring 37-17
redundant clusters 5-11
standby command switch 5-11, 5-13
IP base image 1-1
IP broadcast address 37-15
ip cef distributed command 37-88
IP directed broadcasts 37-13
ip igmp profile command 22-24
IP information
assigned
manually 3-14
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing
addresses
all-hosts 45-3
all-multicast-routers 45-3
host group address range 45-3
administratively-scoped boundaries, described 45-46
and IGMP snooping 22-1
Auto-RP
adding to an existing sparse-mode cloud 45-25
benefits of 45-25
clearing the cache 45-61
configuration guidelines 45-11
filtering incoming RP announcement messages 45-28
overview 45-6
preventing candidate RP spoofing 45-28
preventing join messages to false RPs 45-27
setting up in a new internetwork 45-25
using with BSR 45-33
bootstrap router
configuration guidelines 45-11
configuring candidate BSRs 45-31
configuring candidate RPs 45-32
defining the IP multicast boundary 45-30
defining the PIM domain border 45-29
overview 45-7
using with Auto-RP 45-33
Cisco implementation 45-1
configuring
basic multicast routing 45-11
IP multicast boundary 45-46
default configuration 45-10
enabling
multicast forwarding 45-12
PIM mode 45-12
group-to-RP mappings
Auto-RP 45-6
BSR 45-7
MBONE
deleting sdr cache entries 45-61
described 45-44
displaying sdr cache 45-62
enabling sdr listener support 45-45
limiting DVMRP routes advertised 45-56
limiting sdr cache entry lifetime 45-45
SAP packets for conference session announcement 45-45
Session Directory (sdr) tool, described 45-44
monitoring
packet rate loss 45-62
peering devices 45-62
tracing a path 45-62
multicast forwarding, described 45-7
PIMv1 and PIMv2 interoperability 45-10
protocol interaction 45-2
reverse path check (RPF) 45-7
routing table
deleting 45-61
displaying 45-61
RP
assigning manually 45-23
configuring Auto-RP 45-25
configuring PIMv2 BSR 45-29
monitoring mapping information 45-33
using Auto-RP and BSR 45-33
statistics, displaying system and network 45-61
IP phones
and QoS 12-1
automatic classification and queueing 34-21
configuring 12-4
ensuring port security with QoS 34-44
trusted boundary for QoS 34-44
IP Port Security for Static Hosts
on a Layer 2 access port 20-19
on a PVLAN host port 20-22
IP precedence 34-2
IP-precedence-to-DSCP map for QoS 34-69
IP protocols
in ACLs 33-12
routing 1-13
IP routes, monitoring 37-102
IP routing
connecting interfaces with 11-10
disabling 37-18
enabling 37-18
IP Service Level Agreements
IP service levels, analyzing 42-1
IP services image 1-1
IP SLAs
benefits 42-2
configuration guidelines 42-7
configuring object tracking 43-9
Control Protocol 42-4
default configuration 42-6
definition 42-1
ICMP echo operation 42-12
measuring network performance 42-3
monitoring 42-14
multioperations scheduling 42-5
object tracking 43-9
operation 42-3
reachability tracking 43-9
responder
described 42-4
enabling 42-8
response time 42-4
scheduling 42-5
SNMP support 42-2
supported metrics 42-2
threshold monitoring 42-6
track object monitoring agent, configuring 43-11
track state 43-9
UDP jitter operation 42-9
IP source guard
and 802.1x 20-18
and DHCP snooping 20-15
and EtherChannels 20-18
and port security 20-18
and private VLANs 20-18
and routed ports 20-17
and TCAM entries 20-18
and trunk interfaces 20-17
and VRF 20-18
binding configuration
automatic 20-15
manual 20-15
binding table 20-15
configuration guidelines 20-17
default configuration 20-17
described 20-15
disabling 20-19
displaying
active IP or MAC bindings 20-24
bindings 20-24
configuration 20-24
filtering
source IP address 20-16
source IP and MAC address 20-16
source IP address filtering 20-16
source IP and MAC address filtering 20-16
static bindings
deleting 20-19
static hosts 20-19
IP traceroute
executing 48-17
overview 48-16
IP unicast routing
address resolution 37-8
administrative distances 37-90, 37-100
ARP 37-8
assigning IP addresses to Layer 3 interfaces 37-5
authentication keys 37-100
broadcast
address 37-15
flooding 37-16
packets 37-13
storms 37-13
classless routing 37-6
configuring static routes 37-89
default
addressing configuration 37-4
gateways 37-11
networks 37-91
routes 37-90
routing 37-2
directed broadcasts 37-13
disabling 37-18
dynamic routing 37-3
enabling 37-18
EtherChannel Layer 3 interface 37-3
IGP 37-24
inter-VLAN 37-2
IP addressing
classes 37-5
configuring 37-4
IPv6 38-3
IRDP 37-11
Layer 3 interfaces 37-3
MAC address and IP address 37-8
passive interfaces 37-98
protocols
distance-vector 37-3
dynamic 37-3
link-state 37-3
proxy ARP 37-8
redistribution 37-91
reverse address resolution 37-8
routed ports 37-3
static routing 37-3
steps to configure 37-4
subnet mask 37-5
subnet zero 37-6
supernet 37-6
UDP 37-14
with SVIs 37-3
IPv4 ACLs
applying to interfaces 33-20
extended, creating 33-10
named 33-15
standard, creating 33-9
IPv4 and IPv6
dual protocol stacks 38-5
IPv6
ACLs
displaying 40-8
limitations 40-2
matching criteria 40-3
port 40-1
precedence 40-2
router 40-1
supported 40-2
addresses 38-2
address formats 38-2
applications 38-5
assigning address 38-11
autoconfiguration 38-5
CEFv6 38-18
configuring static routes 38-19
default configuration 38-10
default router preference (DRP) 38-4
defined 38-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 38-7
EIGRP IPv6 Commands 38-8
Router ID 38-7
feature limitations 38-9
features not supported 38-9
forwarding 38-11
ICMP 38-4
monitoring 38-26
neighbor discovery 38-4
OSPF 38-7
path MTU discovery 38-4
Stateless Autoconfiguration 38-5
supported features 38-2
switch limitations 38-9
understanding static routes 38-6
IPv6 traffic, filtering 40-3
IRDP
configuring 37-12
definition 37-11
support for 1-14
IS-IS
addresses 37-63
area routing 37-63
default configuration 37-64
monitoring 37-72
show commands 37-72
system routing 37-63
ISL
and IPv6 38-3
and trunk ports 11-3
encapsulation 1-8
ISO CLNS
clear commands 37-72
dynamic routing protocols 37-62
monitoring 37-72
NETs 37-62
NSAPs 37-62
OSI standard 37-62
ISO IGRP
area routing 37-63
system routing 37-63
isolated port 15-2
J
join messages, IGMP 22-3
K
KDC
described 8-39
Kerberos
authenticating to
boundary switch 8-41
KDC 8-41
network services 8-41
configuration examples 8-38
configuring 8-42
credentials 8-39
cryptographic software image 8-38
described 8-39
KDC 8-39
operation 8-41
realm 8-40
server 8-40
support for 1-11
switch as trusted third party 8-38
terms 8-39
TGT 8-40
tickets 8-39
key distribution center
L
l2protocol-tunnel command 16-12
LACP
Layer 2 protocol tunneling 16-9
Layer 2 frames, classification with CoS 34-2
Layer 2 interfaces, default configuration 11-15
Layer 2 protocol tunneling
configuring 16-9
configuring for EtherChannels 16-13
default configuration 16-10
defined 16-8
guidelines 16-11
Layer 2 traceroute
and ARP 48-15
and CDP 48-15
broadcast traffic 48-15
described 48-15
IP addresses and subnets 48-15
MAC addresses and VLANs 48-15
multicast traffic 48-15
multiple devices on a port 48-16
unicast traffic 48-15
usage guidelines 48-15
Layer 3 features 1-13
Layer 3 interfaces
assigning IP addresses to 37-5
assigning IPv4 and IPv6 addresses to 38-14
assigning IPv6 addresses to 38-11
changing from Layer 2 mode 37-5, 37-80
types of 37-3
Layer 3 packets, classification methods 34-2
LDAP 4-2
Leaking IGMP Reports 19-3
LEDs, switch
See hardware installation guide
lightweight directory access protocol
line configuration mode 2-2
Link Aggregation Control Protocol
link failure, detecting unidirectional 17-7
Link Layer Discovery Protocol
link local unicast addresses 38-3
link redundancy
links, unidirectional 27-1
link state advertisements (LSAs) 37-29
link-state protocols 37-3
link-state tracking
configuring 35-23
described 35-21
LLDP
configuring 25-4
characteristics 25-6
default configuration 25-5
enabling 25-5
monitoring and maintaining 25-10
overview 25-1
supported TLVs 25-2
switch stack considerations 25-2
transmission timer and holdtime, setting 25-6
LLDP-MED
configuring
procedures 25-4
TLVs 25-7
monitoring and maintaining 25-10
supported TLVs 25-2
LLDP Media Endpoint Discovery
load balancing 41-4
local SPAN 28-2
logging messages, ACL 33-8
login authentication
with RADIUS 8-28
with TACACS+ 8-14
login banners 6-10
log messages
Long-Reach Ethernet (LRE) technology 1-21
loop guard
described 18-9
enabling 18-15
support for 1-8
LRE profiles, considerations in switch clusters 5-14
M
MAB
MAB aging timer 1-9
MAB inactivity timer
default setting 9-34
range 9-36
MAC/PHY configuration status TLV 25-2
MAC addresses
aging time 6-14
and VLAN association 6-13
building the address table 6-13
default configuration 6-14
disabling learning on a VLAN 6-22
discovering 6-23
displaying 6-23
displaying in the IP source binding table 20-24
dynamic
learning 6-13
removing 6-15
in ACLs 33-28
IP address association 37-8
static
adding 6-20
characteristics of 6-19
dropping 6-21
removing 6-20
MAC address learning 1-6
MAC address learning, disabling on a VLAN 6-22
MAC address notification, support for 1-15
MAC address-table move update
configuration guidelines 19-8
configuring 19-12
default configuration 19-8
description 19-6
monitoring 19-14
MAC address-to-VLAN mapping 13-25
MAC authentication bypass 9-36
configuring 9-55
overview 9-16
MAC extended access lists
applying to Layer 2 interfaces 33-29
configuring for QoS 34-51
creating 33-28
defined 33-28
for QoS classification 34-5
magic packet 9-26
manageability features 1-6
management access
in-band
browser session 1-6
CLI session 1-7
device manager 1-6
SNMP 1-7
out-of-band console port connection 1-7
management address TLV 25-2
management options
CLI 2-1
clustering 1-3
CNS 4-1
Network Assistant 1-2
overview 1-5
management VLAN
considerations in switch clusters 5-7
discovery through different management VLANs 5-7
mapping tables for QoS
configuring
CoS-to-DSCP 34-68
DSCP 34-68
DSCP-to-CoS 34-71
DSCP-to-DSCP-mutation 34-72
IP-precedence-to-DSCP 34-69
policed-DSCP 34-70
described 34-13
marking
action with aggregate policers 34-66
matching
IPv6 ACLs 40-3
matching, IPv4 ACLs 33-7
maximum aging time
MSTP 17-23
STP 26-21
maximum hop count, MSTP 17-24
maximum number of allowed devices, port-based authentication 9-36
maximum-paths command 37-50, 37-89
MDA
configuration guidelines9-12to 9-13
exceptions with authentication process 9-5
membership mode, VLAN port 13-3
member switch
automatic discovery 5-4
defined 5-2
managing 5-15
passwords 5-13
recovering from lost connectivity 48-11
requirements 5-3
See also candidate switch, cluster standby group, and standby command switch
memory consistency check errors
example 48-24
memory consistency check routines 1-5, 48-23
memory consistency integrity 1-5, 48-23
messages, to users through banners 6-10
metrics, in BGP 37-50
metric translations, between routing protocols 37-94
metro tags 16-2
MHSRP 41-4
MIBs
overview 31-1
SNMP interaction with 31-4
mirroring traffic for analysis 28-1
mismatches, autonegotiation 48-11
module number 11-10
monitoring
access groups 33-43
BGP 37-61
cables for unidirectional links 27-1
CDP 24-5
CEF 37-88
EIGRP 37-40
fallback bridging 47-10
features 1-15
Flex Links 19-14
HSRP 41-13
IEEE 802.1Q tunneling 16-17
IGMP
filters 22-28
interfaces 11-31
IP
address tables 37-17
multicast routing 45-60
routes 37-102
IP SLAs operations 42-14
IPv4 ACL configuration 33-43
IPv6 38-26
IPv6 ACL configuration 40-8
IS-IS 37-72
ISO CLNS 37-72
Layer 2 protocol tunneling 16-17
MAC address-table move update 19-14
MSDP peers 46-18
multicast router interfaces 22-16, 39-11
multi-VRF CE 37-87
MVR 22-22
network traffic for analysis with probe 28-2
object tracking 43-12
OSPF 37-33
port
blocking 23-21
protection 23-21
private VLANs 15-14
RP mapping information 45-33
source-active messages 46-18
speed and duplex mode 11-19
SSM mapping 45-21
traffic flowing among switches 29-1
traffic suppression 23-20
tunneling 16-17
VLAN
filters 33-44
maps 33-44
VLANs 13-14
VMPS 13-29
VTP 14-16
mrouter Port 19-3
mrouter port 19-5
MSDP
benefits of 46-3
clearing MSDP connections and statistics 46-18
controlling source information
forwarded by switch 46-11
originated by switch 46-8
received by switch 46-13
default configuration 46-4
dense-mode regions
sending SA messages to 46-16
specifying the originating address 46-17
filtering
incoming SA messages 46-14
SA messages to a peer 46-12
SA requests from a peer 46-10
join latency, defined 46-6
meshed groups
configuring 46-15
defined 46-15
originating address, changing 46-17
overview 46-1
peer-RPF flooding 46-2
peers
configuring a default 46-4
monitoring 46-18
peering relationship, overview 46-1
requesting source information from 46-8
shutting down 46-15
source-active messages
caching 46-6
clearing cache entries 46-18
defined 46-2
filtering from a peer 46-10
filtering incoming 46-14
filtering to a peer 46-12
limiting data with TTL 46-13
monitoring 46-18
restricting advertised sources 46-9
support for 1-14
MSTP
boundary ports
configuration guidelines 17-15
described 17-6
BPDU filtering
described 18-3
enabling 18-12
BPDU guard
described 18-2
enabling 18-11
CIST, described 17-3
CIST root 17-5
configuration guidelines 17-14, 18-10
configuring
forward-delay time 17-23
hello time 17-22
link type for rapid convergence 17-24
maximum aging time 17-23
maximum hop count 17-24
MST region 17-15
neighbor type 17-25
path cost 17-20
port priority 17-19
root switch 17-17
secondary root switch 17-18
switch priority 17-21
CST
defined 17-3
operations between regions 17-3
default configuration 17-14
default optional feature configuration 18-9
displaying status 17-26
enabling the mode 17-15
EtherChannel guard
described 18-7
enabling 18-14
extended system ID
effects on root switch 17-17
effects on secondary root switch 17-18
unexpected behavior 17-17
IEEE 802.1s
implementation 17-6
port role naming change 17-6
terminology 17-5
instances supported 26-9
interface state, blocking to forwarding 18-2
interoperability and compatibility among modes 26-10
interoperability with IEEE 802.1D
described 17-8
restarting migration process 17-25
IST
defined 17-2
master 17-3
operations within a region 17-3
loop guard
described 18-9
enabling 18-15
mapping VLANs to MST instance 17-16
MST region
CIST 17-3
configuring 17-15
described 17-2
hop-count mechanism 17-5
IST 17-2
supported spanning-tree instances 17-2
optional features supported 1-8
overview 17-2
Port Fast
described 18-2
enabling 18-10
preventing root switch selection 18-8
root guard
described 18-8
enabling 18-15
root switch
configuring 17-17
effects of extended system ID 17-17
unexpected behavior 17-17
shutdown Port Fast-enabled port 18-2
status, displaying 17-26
multiauth
support for inaccessible authentication bypass 9-24
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 22-5
joining 22-3
leaving 22-5
multicast packets
ACLs on 33-42
blocking 23-8
multicast router interfaces, monitoring 22-16, 39-11
multicast router ports, adding 22-9, 39-8
Multicast Source Discovery Protocol
multicast storm 23-1
multicast storm-control command 23-4
multicast television application 22-17
multicast VLAN 22-17
Multicast VLAN Registration
multidomain authentication
multioperations scheduling, IP SLAs 42-5
multiple authentication 9-13
multiple authentication mode
configuring 9-42
Multiple HSRP
multiple VPN routing/forwarding in customer edge devices
multi-VRF CE
configuration example 37-83
configuration guidelines 37-75
configuring 37-75
default configuration 37-75
defined 37-73
displaying 37-87
monitoring 37-87
network components 37-75
packet-forwarding process 37-74
support for 1-14
MVR
and address aliasing 22-19
and IGMPv3 22-20
configuration guidelines 22-19
configuring interfaces 22-21
default configuration 22-19
described 22-17
example application 22-17
modes 22-20
monitoring 22-22
multicast television application 22-17
setting global parameters 22-20
support for 1-4
N
NAC
AAA down policy 1-11
critical authentication 9-23, 9-52
IEEE 802.1x authentication using a RADIUS server 9-57
IEEE 802.1x validation using RADIUS server 9-57
inaccessible authentication bypass 1-11, 9-52
Layer 2 IEEE 802.1x validation 1-11, 9-28, 9-57
Layer 2 IP validation 1-11
named IPv4 ACLs 33-15
NameSpace Mapper
native VLAN
and IEEE 802.1Q tunneling 16-4
configuring 13-20
default 13-20
NEAT
configuring 9-58
overview 9-30
neighbor discovery, IPv6 38-4
neighbor discovery/recovery, EIGRP 37-34
neighbors, BGP 37-56
Network Admission Control
Network Assistant
benefits 1-2
described 1-5
downloading image files 1-2
guide mode 1-2
management options 1-2
upgrading a switch A-23
wizards 1-2
network configuration examples
increasing network performance 1-20
large network 1-24
long-distance, high-bandwidth transport 1-26
providing network services 1-20
server aggregation and Linux server cluster 1-22
small to medium-sized network 1-23
network design
performance 1-20
services 1-20
Network Edge Access Topology
network management
CDP 24-1
RMON 29-1
SNMP 31-1
network performance, measuring with IP SLAs 42-3
Network Time Protocol
no commands 2-4
nonhierarchical policy maps
configuration guidelines 34-39
described 34-10
non-IP traffic filtering 33-28
nontrunking mode 13-15
normal-range VLANs 13-4
configuration guidelines 13-6
configuring 13-4
defined 13-1
no switchport command 11-4
not-so-stubby areas
NSAPs, as ISO IGRP addresses 37-63
NSF Awareness
IS-IS 37-65
NSM 4-3
NSSA, OSPF 37-29
NTP
associations
defined 6-2
overview 6-2
stratum 6-2
support for 1-6
time
services 6-2
synchronizing 6-2
O
object tracking
HSRP 43-7
IP SLAs 43-9
IP SLAs, configuring 43-9
monitoring 43-12
off mode, VTP 14-3
online diagnostics
overview 49-1
running tests 49-3
understanding 49-1
open1x
configuring 9-63
open1x authentication
overview 9-29
Open Shortest Path First
optimizing system resources 7-1
options, management 1-5
OSPF
area parameters, configuring 37-29
configuring 37-27
default configuration
metrics 37-30
route 37-30
settings 37-25
described 37-24
for IPv6 38-7
interface parameters, configuring 37-28
LSA group pacing 37-32
monitoring 37-33
router IDs 37-32
route summarization 37-30
support for 1-13
virtual links 37-30
out-of-profile markdown 1-13
P
packet modification, with QoS 34-20
PAgP
Layer 2 protocol tunneling 16-9
parallel paths, in routing tables 37-89
passive interfaces
configuring 37-98
OSPF 37-31
passwords
default configuration 8-2
disabling recovery of 8-5
encrypting 8-3
for security 1-9
in clusters 5-13
overview 8-1
recovery of 48-3
setting
enable 8-3
enable secret 8-3
Telnet 8-6
with usernames 8-6
VTP domain 14-8
path cost
MSTP 17-20
STP 26-18
path MTU discovery 38-4
PBR
defined 37-95
enabling 37-96
fast-switched policy-based routing 37-98
local policy-based routing 37-98
PC (passive command switch) 5-10
peers, BGP 37-56
percentage thresholds in tracked lists 43-6
performance, network design 1-20
performance features 1-4
persistent self-signed certificate 8-49
per-user ACLs and Filter-Ids 9-8
per-VLAN spanning-tree plus
PE to CE routing, configuring 37-82
physical ports 11-2
PIM
default configuration 45-10
dense mode
overview 45-4
rendezvous point (RP), described 45-4
RPF lookups 45-8
displaying neighbors 45-62
enabling a mode 45-12
overview 45-3
router-query message interval, modifying 45-36
shared tree and source tree, overview 45-34
shortest path tree, delaying the use of 45-35
sparse mode
join messages and shared tree 45-4
overview 45-4
prune messages 45-5
RPF lookups 45-8
stub routing
configuration guidelines 45-22
displaying 45-61
enabling 45-22
overview 45-5
support for 1-14
versions
interoperability 45-10
troubleshooting interoperability problems 45-34
v2 improvements 45-4
PIM-DVMRP, as snooping method 22-8
ping
character output description 48-14
executing 48-13
overview 48-13
PoE
auto mode 11-8
CDP with power consumption, described 11-7
CDP with power negotiation, described 11-7
Cisco intelligent power management 11-7
configuring 11-21
devices supported 11-6
high-power devices operating in low-power mode 11-7
IEEE power classification levels 11-7
power budgeting 11-23
power consumption 11-23
powered-device detection and initial power allocation 11-7
power management modes 11-8
power negotiation extensions to CDP 11-7
standards supported 11-7
static mode 11-9
troubleshooting 48-11
policed-DSCP map for QoS 34-70
policers
configuring
for each matched traffic class 34-54
for more than one traffic class 34-66
described 34-4
displaying 34-86
number of 34-40
types of 34-10
policing
described 34-4
hierarchical
token-bucket algorithm 34-10
policy-based routing
policy maps for QoS
characteristics of 34-54
described 34-8
displaying 34-87
hierarchical 34-9
hierarchical on SVIs
configuration guidelines 34-39
configuring 34-58
described 34-12
nonhierarchical on physical ports
configuration guidelines 34-39
described 34-10
port ACLs
defined 33-2
types of 33-3
Port Aggregation Protocol
port-based authentication
accounting 9-15
authentication server
RADIUS server 9-3
configuration guidelines 9-34, 10-9
configuring
802.1x authentication 9-40
guest VLAN 9-49
host mode 9-42
inaccessible authentication bypass 9-52
manual re-authentication of a client 9-44
periodic re-authentication 9-43
quiet period 9-45
RADIUS server parameters on the switch 9-41, 10-11
restricted VLAN 9-50
switch-to-client frame-retransmission number 9-46, 9-47
switch-to-client retransmission time 9-45
violation modes 9-39
default configuration 9-33, 10-9
described 9-1
displaying statistics 9-64, 10-17
downloadable ACLs and redirect URLs
configuring9-59to9-61, ??to 9-62
EAPOL-start frame 9-5
EAP-request/identity frame 9-5
EAP-response/identity frame 9-5
enabling
802.1X authentication 10-11
encapsulation 9-3
flexible authentication ordering
configuring 9-62
overview 9-29
guest VLAN
configuration guidelines 9-22, 9-23
described 9-22
host mode 9-11
inaccessible authentication bypass
configuring 9-52
described 9-23
guidelines 9-36
initiation and message exchange 9-5
magic packet 9-26
maximum number of allowed devices per port 9-36
method lists 9-40
multiple authentication 9-13
per-user ACLs
AAA authorization 9-40
configuration tasks 9-19
described 9-18
RADIUS server attributes 9-18
ports
authorization state and dot1x port-control command 9-10
authorized and unauthorized 9-10
voice VLAN 9-25
port security
described 9-26
readiness check
configuring 9-37
resetting to default values 9-64
statistics, displaying 9-64
switch
RADIUS client 9-3
switch supplicant
configuring 9-58
overview 9-30
upgrading from a previous release 34-34
user distribution
guidelines 9-28
overview 9-28
VLAN assignment
AAA authorization 9-40
characteristics 9-17
configuration tasks 9-18
described 9-17
voice aware 802.1x security
configuring 9-38
voice VLAN
described 9-25
PVID 9-25
VVID 9-25
wake-on-LAN, described 9-26
with ACLs and RADIUS Filter-Id attribute 9-31
port-based authentication methods, supported 9-7
port-channel
port description TLV 25-2
Port Fast
described 18-2
enabling 18-10
mode, spanning tree 13-26
support for 1-8
port membership modes, VLAN 13-3
port priority
MSTP 17-19
STP 26-17
ports
access 11-3
blocking 23-7
dual-purpose uplink 11-6
dynamic access 13-3
IEEE 802.1Q tunnel 13-4
protected 23-6
routed 11-4
secure 23-8
switch 11-2
VLAN assignments 13-9
port security
aging 23-17
and private VLANs 23-18
and QoS trusted boundary 34-44
configuring 23-13
default configuration 23-11
described 23-8
displaying 23-21
enabling 23-18
on trunk ports 23-14
sticky learning 23-9
violations 23-10
with other features 23-11
port-shutdown response, VMPS 13-25
port VLAN ID TLV 25-2
power management TLV 25-2, 25-7
Power over Ethernet
preemption, default configuration 19-7
preemption delay, default configuration 19-8
preferential treatment of traffic
prefix lists, BGP 37-54
preventing unauthorized access 8-1
primary interface for object tracking, DHCP, configuring 43-10
primary interface for static routing, configuring 43-10
primary links 19-1
priority
HSRP 41-7
overriding CoS 12-6
trusting CoS 12-6
private VLAN edge ports
private VLANs
across multiple switches 15-4
and SDM template 15-4
and SVIs 15-5
benefits of 15-1
community ports 15-2
configuration guidelines 15-6, 15-8
configuration tasks 15-6
configuring 15-9
default configuration 15-6
end station access to 15-3
IP addressing 15-3
isolated port 15-2
mapping 15-13
monitoring 15-14
ports
community 15-2
configuration guidelines 15-8
configuring host ports 15-11
configuring promiscuous ports 15-12
described 13-4
isolated 15-2
promiscuous 15-2
promiscuous ports 15-2
secondary VLANs 15-2
subdomains 15-1
traffic in 15-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 8-9
command switch 5-15
exiting 8-9
logging into 8-9
mapping on member switches 5-15
setting a command with 8-8
promiscuous ports
configuring 15-12
defined 15-2
protocol-dependent modules, EIGRP 37-34
Protocol-Independent Multicast Protocol
protocol storm protection 23-19
provider edge devices 37-73
proxy ARP
configuring 37-10
definition 37-8
with IP routing disabled 37-11
proxy reports 19-3
pruning, VTP
disabling
in VTP domain 14-14
on a port 13-20
enabling
in VTP domain 14-14
on a port 13-19
examples 14-6
overview 14-5
pruning-eligible list
changing 13-19
for VTP pruning 14-5
VLANs 14-14
PVST+
described 26-9
IEEE 802.1Q trunking interoperability 26-10
instances supported 26-9
Q
QoS
and MQC commands 34-1
auto-QoS
categorizing traffic 34-22
configuration and defaults display 34-36
configuration guidelines 34-33
described 34-21
disabling 34-35
displaying generated commands 34-35
displaying the initial configuration 34-36
effects on running configuration 34-33
list of generated commands 34-24, 34-28
basic model 34-4
classification
class maps, described 34-8
defined 34-4
DSCP transparency, described 34-46
flowchart 34-7
forwarding treatment 34-3
in frames and packets 34-3
MAC ACLs, described 34-5, 34-8
options for IP traffic 34-6
options for non-IP traffic 34-5
policy maps, described 34-8
trust DSCP, described 34-5
trusted CoS, described 34-5
trust IP precedence, described 34-5
class maps
configuring 34-52
displaying 34-86
configuration guidelines
auto-QoS 34-33
standard QoS 34-39
configuring
aggregate policers 34-66
auto-QoS 34-21
default port CoS value 34-44
DSCP maps 34-68
DSCP transparency 34-46
DSCP trust states bordering another domain 34-46
egress queue characteristics 34-78
ingress queue characteristics 34-74
IP extended ACLs 34-50
IP standard ACLs 34-49
MAC ACLs 34-51
policy maps, hierarchical 34-58
port trust states within the domain 34-42
trusted boundary 34-44
default auto configuration 34-22
default standard configuration 34-37
displaying statistics 34-86
DSCP transparency 34-46
egress queues
allocating buffer space 34-79
buffer allocation scheme, described 34-18
configuring shaped weights for SRR 34-83
configuring shared weights for SRR 34-84
described 34-4
displaying the threshold map 34-82
flowchart 34-18
mapping DSCP or CoS values 34-81
scheduling, described 34-4
setting WTD thresholds 34-79
WTD, described 34-19
enabling globally 34-41
flowcharts
classification 34-7
egress queueing and scheduling 34-18
ingress queueing and scheduling 34-16
policing and marking 34-11
implicit deny 34-8
ingress queues
allocating bandwidth 34-76
allocating buffer space 34-76
buffer and bandwidth allocation, described 34-17
configuring shared weights for SRR 34-76
configuring the priority queue 34-77
described 34-4
displaying the threshold map 34-75
flowchart 34-16
mapping DSCP or CoS values 34-74
priority queue, described 34-17
scheduling, described 34-4
setting WTD thresholds 34-74
WTD, described 34-17
IP phones
automatic classification and queueing 34-21
detection and trusted settings 34-21, 34-44
limiting bandwidth on egress interface 34-85
mapping tables
CoS-to-DSCP 34-68
displaying 34-86
DSCP-to-CoS 34-71
DSCP-to-DSCP-mutation 34-72
IP-precedence-to-DSCP 34-69
policed-DSCP 34-70
types of 34-13
marked-down actions 34-56, 34-62
overview 34-1
packet modification 34-20
policers
configuring 34-56, 34-62, 34-66
described 34-9
displaying 34-86
number of 34-40
types of 34-10
policies, attaching to an interface 34-9
policing
token bucket algorithm 34-10
policy maps
characteristics of 34-54
displaying 34-87
hierarchical 34-9
hierarchical on SVIs 34-58
nonhierarchical on physical ports 34-54
QoS label, defined 34-4
queues
configuring egress characteristics 34-78
configuring ingress characteristics 34-74
high priority (expedite) 34-20, 34-85
location of 34-14
SRR, described 34-15
WTD, described 34-14
rewrites 34-20
support for 1-12
trust states
bordering another domain 34-46
described 34-5
trusted device 34-44
within the domain 34-42
quality of service
queries, IGMP 22-4
query solicitation, IGMP 22-12
R
RADIUS
attributes
vendor-proprietary 8-36
vendor-specific 8-34
configuring
accounting 8-33
authentication 8-28
authorization 8-32
communication, global 8-26, 8-34
communication, per-server 8-26
multiple UDP ports 8-26
default configuration 8-25
defining AAA server groups 8-30
displaying the configuration 8-38
identifying the server 8-26
in clusters 5-14
limiting the services to the user 8-32
method list, defined 8-25
operation of 8-19
overview 8-18
server load balancing 8-38
suggested network environments 8-18
support for 1-11
tracking services accessed by user 8-33
RADIUS Change of Authorization 8-20
range
macro 11-13
of interfaces 11-12
rapid convergence 17-9
rapid per-VLAN spanning-tree plus
rapid PVST+
described 26-9
IEEE 802.1Q trunking interoperability 26-10
instances supported 26-9
Rapid Spanning Tree Protocol
RARP 37-8
rcommand command 5-15
RCP
configuration files
downloading A-16
overview A-15
preparing the server A-15
uploading A-17
image files
deleting old image A-36
downloading A-34
preparing the server A-33
uploading A-36
reachability, tracking IP SLAs IP host 43-9
readiness check
port-based authentication
configuring 9-37
reconfirmation interval, VMPS, changing 13-28
reconfirming dynamic VLAN membership 13-28
recovery procedures 48-1
redundancy
EtherChannel 35-3
HSRP 41-1
STP
backbone 26-8
path cost 13-23
port priority 13-21
redundant links and UplinkFast 18-13
redundant power system
See Cisco Redundant Power System 2300
reliable transport protocol, EIGRP 37-34
reloading software 3-21
Remote Authentication Dial-In User Service
Remote Copy Protocol
Remote Network Monitoring
Remote SPAN
remote SPAN 28-2
report suppression, IGMP
described 22-6
resequencing ACL entries 33-15
reserved addresses in DHCP pools 20-26
resets, in BGP 37-49
resetting a UDLD-shutdown interface 27-6
responder, IP SLAs
described 42-4
enabling 42-8
response time, measuring with IP SLAs 42-4
restricted VLAN
configuring 9-50
described 9-23
using with IEEE 802.1x 9-23
restricting access
overview 8-1
passwords and privilege levels 8-2
RADIUS 8-17
TACACS+ 8-10
retry count, VMPS, changing 13-29
reverse address resolution 37-8
Reverse Address Resolution Protocol
RFC
1058, RIP 37-18
1112, IP multicast and IGMP 22-2
1157, SNMPv1 31-2
1163, BGP 37-41
1166, IP addresses 37-5
1253, OSPF 37-24
1267, BGP 37-41
1305, NTP 6-2
1587, NSSAs 37-24
1757, RMON 29-2
1771, BGP 37-41
1901, SNMPv2C 31-2
1902 to 1907, SNMPv2 31-2
2236, IP multicast and IGMP 22-2
2273-2275, SNMPv3 31-2
RFC 5176 Compliance 8-21
RIP
advertisements 37-19
authentication 37-21
configuring 37-20
default configuration 37-19
described 37-19
for IPv6 38-7
hop counts 37-19
split horizon 37-22
summary addresses 37-22
support for 1-13
RMON
default configuration 29-3
displaying status 29-6
enabling alarms and events 29-3
groups supported 29-2
overview 29-1
statistics
collecting group Ethernet 29-5
collecting group history 29-5
support for 1-15
root guard
described 18-8
enabling 18-15
support for 1-8
root switch
MSTP 17-17
STP 26-14
route calculation timers, OSPF 37-31
route dampening, BGP 37-60
routed packets, ACLs on 33-42
routed ports
configuring 37-3
defined 11-4
in switch clusters 5-8
route-map command 37-97
route maps
BGP 37-52
policy-based routing 37-95
router ACLs
defined 33-2
types of 33-4
route reflectors, BGP 37-59
router ID, OSPF 37-32
route selection, BGP 37-50
route summarization, OSPF 37-30
route targets, VPN 37-75
routing
default 37-2
dynamic 37-3
redistribution of information 37-91
static 37-3
routing domain confederation, BGP 37-59
Routing Information Protocol
routing protocol administrative distances 37-90
RPS
See Cisco Redundant Power System 2300
RPS 2300
See Cisco Redundant Power System 2300
RSPAN
characteristics 28-8
configuration guidelines 28-15
default configuration 28-9
defined 28-2
destination ports 28-7
displaying status 28-22
interaction with other features 28-8
monitored ports 28-5
monitoring ports 28-7
received traffic 28-4
sessions
creating 28-16
defined 28-3
limiting source traffic to specific VLANs 28-21
specifying monitored ports 28-16
with ingress traffic enabled 28-20
source ports 28-5
transmitted traffic 28-5
VLAN-based 28-6
RSTP
active topology 17-9
BPDU
format 17-12
processing 17-12
designated port, defined 17-9
designated switch, defined 17-9
interoperability with IEEE 802.1D
described 17-8
restarting migration process 17-25
topology changes 17-13
overview 17-8
port roles
described 17-9
synchronized 17-11
proposal-agreement handshake process 17-10
rapid convergence
described 17-9
edge ports and Port Fast 17-9
point-to-point links 17-10, 17-24
root ports 17-10
root port, defined 17-9
running configuration
running configuration, saving 3-15
S
SC (standby command switch) 5-10
scheduled reloads 3-21
scheduling, IP SLAs operations 42-5
SCP
and SSH 8-54
configuring 8-55
SDM
templates
configuring 7-4
number of 7-1
SDM template 40-3
configuration guidelines 7-3
configuring 7-3
dual IPv4 and IPv6 7-2
types of 7-1
secondary VLANs 15-2
secure HTTP client
configuring 8-53
displaying 8-54
secure HTTP server
configuring 8-52
displaying 8-54
secure MAC addresses
deleting 23-16
maximum number of 23-10
types of 23-9
secure ports, configuring 23-8
secure remote connections 8-44
Secure Socket Layer
security, port 23-8
security features 1-9
sequence numbers in log messages 30-8
server mode, VTP 14-3
service-provider network, MSTP and RSTP 17-1
service-provider networks
and customer VLANs 16-2
and IEEE 802.1Q tunneling 16-1
Layer 2 protocols across 16-8
Layer 2 protocol tunneling for EtherChannels 16-9
set-request operation 31-4
setup program
failed command switch replacement 48-9
replacing failed command switch 48-8
severity levels, defining in system messages 30-8
SFPs
monitoring status of 11-31, 48-13
security and identification 48-12
status, displaying 48-13
shaped round robin
show access-lists hw-summary command 33-22
show and more command output, filtering 2-9
show cdp traffic command 24-5
show cluster members command 5-15
show configuration command 11-24
show forward command 48-20
show interfaces command 11-19, 11-24
show interfaces switchport 19-4
show l2protocol command 16-13, 16-15
show lldp traffic command 25-11
show platform forward command 48-20
show platform tcam command 48-23
show running-config command
displaying ACLs 33-20, 33-21, 33-32, 33-35
interface description in 11-24
shutdown command on interfaces 11-32
shutdown threshold for Layer 2 protocol packets 16-11
Simple Network Management Protocol
small-frame arrival rate, configuring 23-5
SNAP 24-1
SNMP
accessing MIB variables with 31-4
agent
described 31-4
disabling 31-7
and IP SLAs 42-2
authentication level 31-10
community strings
configuring 31-8
for cluster switches 31-4
overview 31-4
configuration examples 31-17
default configuration 31-6
engine ID 31-7
host 31-7
ifIndex values 31-5
in-band management 1-7
in clusters 5-14
informs
and trap keyword 31-12
described 31-5
differences from traps 31-5
disabling 31-15
enabling 31-15
limiting access by TFTP servers 31-16
limiting system log messages to NMS 30-10
managing clusters with 5-15
notifications 31-5
security levels 31-2
setting CPU threshold notification 31-15
status, displaying 31-18
system contact and location 31-16
trap manager, configuring 31-13
traps
differences from informs 31-5
disabling 31-15
enabling 31-12
enabling MAC address notification 6-15, 6-17, 6-18
types of 31-12
versions supported 31-2
SNMP and Syslog Over IPv6 38-8
SNMPv1 31-2
SNMPv2C 31-2
SNMPv3 31-2
snooping, IGMP 22-1
software images
location in flash A-24
recovery procedures 48-2
scheduling reloads 3-21
tar file format, described A-24
See also downloading and uploading
source addresses
in IPv4 ACLs 33-12
in IPv6 ACLs 40-5
source-and-destination-IP address based forwarding, EtherChannel 35-8
source-and-destination MAC address forwarding, EtherChannel 35-8
source-IP address based forwarding, EtherChannel 35-8
source-MAC address forwarding, EtherChannel 35-7
Source-specific multicast
SPAN
configuration guidelines 28-10
default configuration 28-9
destination ports 28-7
displaying status 28-22
interaction with other features 28-8
monitored ports 28-5
monitoring ports 28-7
ports, restrictions 23-12
received traffic 28-4
sessions
configuring ingress forwarding 28-14, 28-21
creating 28-11
defined 28-3
limiting source traffic to specific VLANs 28-14
removing destination (monitoring) ports 28-12
specifying monitored ports 28-11
with ingress traffic enabled 28-13
source ports 28-5
transmitted traffic 28-5
VLAN-based 28-6
spanning tree and native VLANs 13-16
Spanning Tree Protocol
SPAN traffic 28-4
split horizon, RIP 37-22
SRR
configuring
shaped weights on egress queues 34-83
shared weights on egress queues 34-84
shared weights on ingress queues 34-76
described 34-15
shaped mode 34-15
shared mode 34-15
support for 1-13
SSH
configuring 8-45
cryptographic software image 8-43
encryption methods 8-44
user authentication methods, supported 8-44
SSL
configuration guidelines 8-50
configuring a secure HTTP client 8-53
configuring a secure HTTP server 8-52
cryptographic software image 8-48
described 8-48
monitoring 8-54
SSM
address management restrictions 45-15
CGMP limitations 45-15
components 45-13
configuration guidelines 45-15
differs from Internet standard multicast 45-13
IGMP snooping 45-15
IGMPv3 45-13
IGMPv3 Host Signalling 45-14
IP address range 45-14
monitoring 45-16
operations 45-14
PIM 45-13
state maintenance limitations 45-15
SSM mapping 45-16
configuration guidelines 45-17
monitoring 45-21
overview 45-17
restrictions 45-17
static traffic forwarding 45-21
stacks, switch
MSTP instances supported 26-9
standby command switch
considerations 5-11
defined 5-2
priority 5-10
requirements 5-3
virtual IP address 5-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby ip command 41-6
standby links 19-1
standby router 41-2
standby timers, HSRP 41-10
startup configuration
booting
manually 3-18
specific image 3-19
clearing A-18
configuration file
automatically downloading 3-17
specifying the filename 3-17
static access ports
assigning to VLAN 13-9
static addresses
static IP routing 1-14
static MAC addressing 1-9
static route primary interface,configuring 43-10
static routes
configuring 37-89
configuring for IPv6 38-19
understanding 38-6
static routing 37-3
static routing support, enhanced object tracking 43-10
static SSM mapping 45-18, 45-19
static traffic forwarding 45-21
static VLAN membership 13-2
statistics
802.1X 10-17
802.1x 9-64
CDP 24-5
interface 11-31
IP multicast routing 45-61
LLDP 25-10
LLDP-MED 25-10
NMSP 25-10
OSPF 37-33
QoS ingress and egress 34-86
RMON group Ethernet 29-5
RMON group history 29-5
SNMP input and output 31-18
VTP 14-16
sticky learning 23-9
storm control
configuring 23-3
described 23-1
disabling 23-5
displaying 23-21
support for 1-4
thresholds 23-1
STP
accelerating root port selection 18-4
BackboneFast
described 18-5
disabling 18-14
enabling 18-13
BPDU filtering
described 18-3
disabling 18-12
enabling 18-12
BPDU guard
described 18-2
disabling 18-12
enabling 18-11
BPDU message exchange 26-3
configuration guidelines 18-10, 26-12
configuring
forward-delay time 26-21
hello time 26-20
maximum aging time 26-21
path cost 26-18
port priority 26-17
root switch 26-14
secondary root switch 26-16
spanning-tree mode 26-13
switch priority 26-19
transmit hold-count 26-22
counters, clearing 26-22
default configuration 26-11
default optional feature configuration 18-9
designated port, defined 26-3
designated switch, defined 26-3
detecting indirect link failures 18-5
disabling 26-14
displaying status 26-22
EtherChannel guard
described 18-7
disabling 18-14
enabling 18-14
extended system ID
effects on root switch 26-14
effects on the secondary root switch 26-16
overview 26-4
unexpected behavior 26-15
features supported 1-8
IEEE 802.1D and bridge ID 26-4
IEEE 802.1D and multicast addresses 26-8
IEEE 802.1t and VLAN identifier 26-4
inferior BPDU 26-3
instances supported 26-9
interface state, blocking to forwarding 18-2
interface states
blocking 26-5
disabled 26-7
learning 26-6
listening 26-6
overview 26-4
interoperability and compatibility among modes 26-10
Layer 2 protocol tunneling 16-7
limitations with IEEE 802.1Q trunks 26-10
load sharing
overview 13-21
using path costs 13-23
using port priorities 13-21
loop guard
described 18-9
enabling 18-15
modes supported 26-9
multicast addresses, effect of 26-8
optional features supported 1-8
overview 26-2
path costs 13-23
Port Fast
described 18-2
enabling 18-10
port priorities 13-22
preventing root switch selection 18-8
protocols supported 26-9
redundant connectivity 26-8
root guard
described 18-8
enabling 18-15
root port, defined 26-3
root switch
configuring 26-15
effects of extended system ID 26-4, 26-14
election 26-3
unexpected behavior 26-15
shutdown Port Fast-enabled port 18-2
status, displaying 26-22
superior BPDU 26-3
timers, described 26-20
UplinkFast
described 18-3
enabling 18-13
VLAN-bridge 26-10
stratum, NTP 6-2
stub areas, OSPF 37-29
stub routing, EIGRP 37-39
subdomains, private VLAN 15-1
subnet mask 37-5
subnet zero 37-6
success response, VMPS 13-25
summer time 6-6
SunNet Manager 1-5
supernet 37-6
supported port-based authentication methods 9-7
SVI autostate exclude
configuring 11-27
defined 11-5
SVI link state 11-5
SVIs
and IP unicast routing 37-3
and router ACLs 33-4
connecting VLANs 11-9
defined 11-4
routing between VLANs 13-2
switch 38-2
switch clustering technology 5-1
switch console port 1-7
Switch Database Management
switched packets, ACLs on 33-40
Switched Port Analyzer
switched ports 11-2
switchport backup interface 19-4, 19-5
switchport block multicast command 23-8
switchport block unicast command 23-8
switchport command 11-15
switchport mode dot1q-tunnel command 16-6
switchport protected command 23-7
switch priority
MSTP 17-21
STP 26-19
switch software features 1-1
switch virtual interface
synchronization, BGP 37-46
syslog
system capabilities TLV 25-2
system clock
configuring
daylight saving time 6-6
manually 6-4
summer time 6-6
time zones 6-5
displaying the time and date 6-4
overview 6-1
system description TLV 25-2
system message logging
default configuration 30-3
defining error message severity levels 30-8
disabling 30-4
displaying the configuration 30-16
enabling 30-4
facility keywords, described 30-13
level keywords, described 30-9
limiting messages 30-10
message format 30-2
overview 30-1
sequence numbers, enabling and disabling 30-8
setting the display destination device 30-5
synchronizing log messages 30-6
syslog facility 1-15
time stamps, enabling and disabling 30-7
UNIX syslog servers
configuring the daemon 30-12
configuring the logging facility 30-12
facilities supported 30-13
system MTU
and IS-IS LSPs 37-67
system MTU and IEEE 802.1Q tunneling 16-5
system name
default configuration 6-8
default setting 6-8
manual configuration 6-8
system name TLV 25-2
system prompt, default setting 6-7, 6-8
system resources, optimizing 7-1
system routing
IS-IS 37-63
ISO IGRP 37-63
T
TACACS+
accounting, defined 8-11
authentication, defined 8-11
authorization, defined 8-11
configuring
accounting 8-17
authentication key 8-13
authorization 8-16
login authentication 8-14
default configuration 8-13
displaying the configuration 8-17
identifying the server 8-13
in clusters 5-14
limiting the services to the user 8-16
operation of 8-12
overview 8-10
support for 1-11
tracking services accessed by user 8-17
tagged packets
IEEE 802.1Q 16-3
Layer 2 protocol 16-7
tar files
creating A-6
displaying the contents of A-6
extracting A-7
image file format A-24
memory consistency check errors
example 48-24
memory consistency check routines 1-5, 48-23
memory consistency integrity 1-5, 48-23
space
HFTM 48-23
HQATM 48-23
unassigned 48-23
TCL script, registering and defining with embedded event manager 32-6
TDR 1-16
Telnet
accessing management interfaces 2-9
number of connections 1-7
setting a password 8-6
temporary self-signed certificate 8-49
Terminal Access Controller Access Control System Plus
terminal lines, setting a password 8-6
ternary content addressable memory
TFTP
configuration files
downloading A-11
preparing the server A-10
uploading A-11
configuration files in base directory 3-7
configuring for autoconfiguration 3-7
image files
deleting A-27
downloading A-26
preparing the server A-25
uploading A-27
limiting access by servers 31-16
TFTP server 1-6
threshold, traffic level 23-2
threshold monitoring, IP SLAs 42-6
time
Time Domain Reflector
time-range command 33-17
time ranges in ACLs 33-17
time stamps in log messages 30-7
time zones 6-5
TLVs
defined 25-1
LLDP 25-2
LLDP-MED 25-2
Token Ring VLANs
support for 13-6
VTP support 14-4
ToS 1-12
traceroute, Layer 2
and ARP 48-15
and CDP 48-15
broadcast traffic 48-15
described 48-15
IP addresses and subnets 48-15
MAC addresses and VLANs 48-15
multicast traffic 48-15
multiple devices on a port 48-16
unicast traffic 48-15
usage guidelines 48-15
traceroute command 48-17
tracked lists
configuring 43-3
types 43-3
tracked objects
by Boolean expression 43-4
by threshold percentage 43-6
by threshold weight 43-5
tracking interface line-protocol state 43-2
tracking IP routing state 43-2
tracking objects 43-1
tracking process 43-1
track state, tracking IP SLAs 43-9
traffic
blocking flooded 23-8
fragmented 33-5
fragmented IPv6 40-2
unfragmented 33-5
traffic policing 1-13
traffic suppression 23-1
transmit hold-count
transparent mode, VTP 14-3
trap-door mechanism 3-2
traps
configuring MAC address notification 6-15, 6-17, 6-18
configuring managers 31-12
defined 31-3
enabling 6-15, 6-17, 6-18, 31-12
notification types 31-12
troubleshooting
connectivity problems 48-13, 48-14, 48-16
CPU utilization 48-24
detecting unidirectional links 27-1
displaying crash information 48-22
PIMv1 and PIMv2 interoperability problems 45-34
setting packet forwarding 48-20
SFP security and identification 48-12
show forward command 48-20
with CiscoWorks 31-4
with debug commands 48-18
with ping 48-13
with system message logging 30-1
with traceroute 48-16
trunk failover
trunking encapsulation 1-8
trunk ports
configuring 13-17
trunks
allowed-VLAN list 13-18
load sharing
setting STP path costs 13-23
using STP port priorities 13-21, 13-22
native VLAN for untagged traffic 13-20
parallel 13-23
pruning-eligible list 13-19
to non-DTP device 13-15
trusted boundary for QoS 34-44
trusted port states
between QoS domains 34-46
classification options 34-5
ensuring port security for IP phones 34-44
support for 1-12
within a QoS domain 34-42
trustpoints, CA 8-48
tunneling
defined 16-1
IEEE 802.1Q 16-1
Layer 2 protocol 16-8
tunnel ports
defined 13-4
IEEE 802.1Q, configuring 16-6
incompatibilities with other features 16-5
twisted-pair Ethernet, detecting unidirectional links 27-1
type of service
U
UDLD
configuration guidelines 27-4
default configuration 27-4
disabling
globally 27-5
on fiber-optic interfaces 27-5
per interface 27-5
echoing detection mechanism 27-2
enabling
globally 27-5
per interface 27-5
Layer 2 protocol tunneling 16-10
link-detection mechanism 27-1
neighbor database 27-2
overview 27-1
resetting an interface 27-6
status, displaying 27-6
support for 1-7
UDP, configuring 37-14
UDP jitter, configuring 42-10
UDP jitter operation, IP SLAs 42-9
unauthorized ports with IEEE 802.1x 9-10
unicast MAC address filtering 1-6
and adding static addresses 6-21
and broadcast MAC addresses 6-20
and CPU packets 6-20
and multicast addresses 6-20
and router MAC addresses 6-20
configuration guidelines 6-20
described 6-20
unicast storm 23-1
unicast storm control command 23-4
unicast traffic, blocking 23-8
UniDirectional Link Detection protocol
UNIX syslog servers
daemon configuration 30-12
facilities supported 30-13
message logging configuration 30-12
unrecognized Type-Length-Value (TLV) support 14-4
upgrading software images
UplinkFast
described 18-3
disabling 18-13
enabling 18-13
support for 1-8
uploading
configuration files
reasons for A-8
using FTP A-14
using RCP A-17
using TFTP A-11
image files
reasons for A-23
using FTP A-31
using RCP A-36
using TFTP A-27
User Datagram Protocol
user EXEC mode 2-2
username-based authentication 8-6
V
VACL logging parameters 33-38
VACLs
logging
configuration example 33-39
version-dependent transparent mode 14-4
virtual IP address
cluster standby group 5-11
command switch 5-11
Virtual Private Network
virtual switches and PAgP 35-5
vlan.dat file 13-5
VLAN 1, disabling on a trunk port 13-19
VLAN 1 minimization 13-18
VLAN ACLs
vlan-assignment response, VMPS 13-25
VLAN configuration
at bootup 13-7
saving 13-7
VLAN configuration mode 2-2
VLAN database
and startup configuration file 13-7
and VTP 14-1
VLAN configuration saved in 13-7
VLANs saved in 13-4
vlan dot1q tag native command 16-4
VLAN filtering and SPAN 28-6
vlan global configuration command 13-7
VLAN ID, discovering 6-23
VLAN link state 11-5
VLAN load balancing on flex links 19-2
configuration guidelines 19-8
VLAN management domain 14-2
VLAN Management Policy Server
VLAN map entries, order of 33-31
VLAN maps
applying 33-35
common uses for 33-35
configuration guidelines 33-31
configuring 33-30
creating 33-32
defined 33-2
denying access to a server example 33-36
denying and permitting packets 33-32
displaying 33-44
examples of ACLs and VLAN maps 33-33
removing 33-35
support for 1-10
wiring closet configuration example 33-36
VLAN membership
confirming 13-28
modes 13-3
VLAN Query Protocol
VLANs
adding 13-8
adding to VLAN database 13-8
aging dynamic addresses 26-9
allowed on trunk 13-18
and spanning-tree instances 13-3, 13-6, 13-11
configuration guidelines, extended-range VLANs 13-11
configuration guidelines, normal-range VLANs 13-6
configuring 13-1
configuring IDs 1006 to 4094 13-11
connecting through SVIs 11-9
creating 13-8
customer numbering in service-provider networks 16-3
default configuration 13-7
deleting 13-9
displaying 13-14
features 1-8
illustrated 13-2
internal 13-11
limiting source traffic with RSPAN 28-21
limiting source traffic with SPAN 28-14
modifying 13-8
multicast 22-17
native, configuring 13-20
number supported 1-8
parameters 13-5
port membership modes 13-3
static-access ports 13-9
STP and IEEE 802.1Q trunks 26-10
supported 13-2
Token Ring 13-6
traffic between 13-2
VTP modes 14-3
VLAN Trunking Protocol
VLAN trunks 13-14
VMPS
administering 13-29
configuration example 13-30
configuration guidelines 13-26
default configuration 13-26
description 13-24
dynamic port membership
described 13-25
reconfirming 13-28
troubleshooting 13-30
entering server address 13-27
mapping MAC addresses to VLANs 13-25
monitoring 13-29
reconfirmation interval, changing 13-28
reconfirming membership 13-28
retry count, changing 13-29
voice aware 802.1x security
port-based authentication
configuring 9-38
voice-over-IP 12-1
voice VLAN
Cisco 7960 phone, port connections 12-1
configuration guidelines 12-3
configuring IP phones for data traffic
override CoS of incoming frame 12-6
trust CoS priority of incoming frame 12-6
configuring ports for voice traffic in
802.1p priority tagged frames 12-5
802.1Q frames 12-4
connecting to an IP phone 12-4
default configuration 12-3
described 12-1
displaying 12-7
IP phone data traffic, described 12-2
IP phone voice traffic, described 12-2
VPN
configuring routing in 37-82
forwarding 37-75
in service provider networks 37-72
routes 37-73
VPN routing and forwarding table
VRF
defining 37-75
tables 37-72
VRF-aware services
ARP 37-79
configuring 37-78
ftp 37-81
HSRP 37-80
ping 37-79
RADIUS 37-80
SNMP 37-79
syslog 37-80
tftp 37-81
traceroute 37-81
VTP
adding a client to a domain 14-15
advertisements 13-16, 14-3, 14-4
and extended-range VLANs 13-3, 14-1
and normal-range VLANs 13-2, 14-1
client mode, configuring 14-11
configuration
guidelines 14-8
requirements 14-10
saving 14-8
configuration requirements 14-10
configuration revision number
guideline 14-15
resetting 14-16
consistency checks 14-4
default configuration 14-7
described 14-1
domain names 14-8
domains 14-2
Layer 2 protocol tunneling 16-7
modes
client 14-3
off 14-3
server 14-3
transitions 14-3
transparent 14-3
monitoring 14-16
passwords 14-8
pruning
disabling 14-14
enabling 14-14
examples 14-6
overview 14-5
support for 1-9
pruning-eligible list, changing 13-19
server mode, configuring 14-10, 14-13
statistics 14-16
support for 1-9
Token Ring support 14-4
transparent mode, configuring 14-10
using 14-1
Version
enabling 14-13
version, guidelines 14-9
Version 1 14-4
Version 2
configuration guidelines 14-9
overview 14-4
Version 3
overview 14-5
W
WCCP
authentication 44-3
configuration guidelines 44-5
default configuration 44-5
described 44-1
displaying 44-9
dynamic service groups 44-3
enabling 44-6
features unsupported 44-4
forwarding method 44-3
Layer-2 header rewrite 44-3
MD5 security 44-3
message exchange 44-2
monitoring and maintaining 44-9
negotiation 44-3
packet redirection 44-3
packet-return method 44-3
redirecting traffic received from a client 44-6
setting the password 44-6
unsupported WCCPv2 features 44-4
web authentication 9-16
configuring10-16to ??
described 1-9
web-based authentication
customizeable web pages 10-6
description 10-1
web-based authentication, interactions with other features 10-7
Web Cache Communication Protocol
weighted tail drop
weight thresholds in tracked lists 43-5
wired location service
configuring 25-9
displaying 25-10
location TLV 25-3
understanding 25-3
wizards 1-2
WTD
described 34-14
setting thresholds
egress queue-sets 34-79
ingress queues 34-74
support for 1-13
X
Xmodem protocol 48-2