-
Catalyst 3750 Switch Software Configuration Guide, 12.2(50)SE
-
Index
-
Preface
-
Overview
-
Using the Command-Line Interface
-
Assigning the Switch IP Address and Default Gateway
-
Configuring Cisco EnergyWise
-
Configuring Cisco IOS Configuration Engine
-
Managing Switch Stacks
-
Clustering Switches
-
Administering the Switch
-
Configuring SDM Templates
-
Configuring Switch-Based Authentication
-
Configuring IEEE 802.1x Port-Based Authentication
-
Configuring Interface Characteristics
-
Configuring Auto Smartports Macros
-
Configuring VLANs
-
Configuring VTP
-
Configuring Voice VLAN
-
Configuring Private VLANs
-
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
-
Configuring STP
-
Configuring MSTP
-
Configuring Optional Spanning-Tree Features
-
Configuring Flex Links and the MAC Address-Table Move Update Feature
-
Configuring DHCP Features and IP Source Guard
-
Configuring Dynamic ARP Inspection
-
Configuring IGMP Snooping and MVR
-
Configuring Port-Based Traffic Control
-
Configuring CDP
-
Configuring LLDP, LLDP-MED, and Wired Location Service
-
Configuring UDLD
-
Configuring SPAN and RSPAN
-
Configuring RMON
-
Configuring System Message Logging
-
Configuring SNMP
-
Configuring Embedded Event Manager
-
Configuring Network Security with ACLs
-
Configuring QoS
-
Configuring EtherChannels and Link-State Tracking
-
Configuring IP Unicast Routing
-
Configuring IPv6 Unicast Routing
-
Configuring IPv6 MLD Snooping
-
Configuring IPv6 ACLs
-
Configuring HSRP
-
Configuring Cisco IOS IP SLAs Operations
-
Configuring Enhanced Object Tracking
-
Configuring Web Cache Services By Using WCCP
-
Configuring MSDP
-
Configuring IP Multicast Routing
-
Configuring Fallback Bridging
-
Troubleshooting
-
Configuring Online Diagnostics
-
Configuring the Catalyst 3750G Integrated Wireless LAN Controller Switch
-
Supported MIBs
-
Working with the Cisco IOS File System, Configuration Files, and Software Images
-
Unsupported Commands in Cisco IOS Release 12.2(50)SE
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
Numerics
10-Gigabit Ethernet interfaces
configuration guidelines 12-17
defined 12-6
3750G integrated wireless LAN controller switch
configuring the switch A-4
controller and switch interaction A-3
internal ports
configuring A-4
reconfiguring A-5
A
AAA down policy, NAC Layer 2 IP validation 1-11
abbreviating commands 2-4
ABRs 38-25
AC (command switch) 7-10
access-class command 35-20
access control entries
access control entry (ACE) 41-3
access-denied response, VMPS 14-28
access groups
applying IPv4 ACLs to interfaces 35-21
Layer 2 35-21
Layer 3 35-21
accessing
clusters, switch 7-13
command switches 7-11
member switches 7-13
switch clusters 7-13
accessing stack members 6-23
access lists
access ports
and Layer 2 protocol tunneling 18-11
defined 12-3
in switch clusters 7-9
access template 9-1
accounting
with 802.1x 11-46
with IEEE 802.1x 11-13
with RADIUS 10-28
ACEs
and QoS 36-7
defined 35-2
Ethernet 35-2
IP 35-2
ACLs
ACEs 35-2
any keyword 35-13
applying
on bridged packets 35-39
on multicast packets 35-41
on routed packets 35-40
on switched packets 35-39
time ranges to 35-17
to IPv6 interfaces 41-7
to QoS 36-7
classifying traffic for QoS 36-43
comments in 35-19
compiling 35-23
extended IP, configuring for QoS classification 36-44
extended IPv4
creating 35-11
matching criteria 35-8
hardware and software handling 35-22
host keyword 35-13
IP
creating 35-8
fragments and QoS guidelines 36-33
implicit deny 35-10, 35-14, 35-16
implicit masks 35-10
matching criteria 35-8
undefined 35-21
IPv4
applying to interfaces 35-20
creating 35-8
matching criteria 35-8
named 35-15
numbers 35-8
terminal lines, setting on 35-19
unsupported features 35-7
IPv6
and stacking 41-3
applying to interfaces 41-7
displaying 41-8
interactions with other features 41-4
limitations 41-3
matching criteria 41-3
named 41-3
precedence of 41-2
supported 41-2
unsupported features 41-3
Layer 4 information in 35-38
logging messages 35-9
ACLs (continued)named, IPv4 35-15
named, IPv6 41-3
names 41-4
number per QoS class map 36-33
precedence of 35-2
resequencing entries 35-15
router ACLs and VLAN map configuration guidelines 35-38
standard IP, configuring for QoS classification 36-43
standard IPv4
creating 35-10
matching criteria 35-8
support for 1-9
support in hardware 35-22
time ranges 35-17
types supported 35-2
unsupported features, IPv4 35-7
unsupported features, IPv6 41-3
using router ACLs with VLAN maps 35-37
VLAN maps
configuration guidelines 35-31
configuring 35-30
active links 22-2
active router 42-1
active traffic monitoring, IP SLAs 43-1
address aliasing 25-2
addresses
displaying the MAC address table 8-27
addresses (continued)dynamic
accelerated aging 19-9
changing the aging time 8-21
default aging 19-9
defined 8-19
learning 8-20
removing 8-22
IPv6 39-2
MAC, discovering 8-28
multicast
group address range 46-3
STP address management 19-9
static
adding and removing 8-24
defined 8-19
Address Resolution Protocol
adjacency tables, with CEF 38-89
administrative distances
defined 38-102
OSPF 38-32
routing protocol defaults 38-91
advertisements
CDP 27-1
RIP 38-20
aggregatable global unicast addresses 39-3
aggregate addresses, BGP 38-60
aggregated ports
aggregate policers 36-59
aggregate policing 1-12
aging, accelerating 19-9
aging time
accelerated
for MSTP 20-23
MAC address table 8-21
maximum
for MSTP 20-24
alarms, RMON 31-3
allowed-VLAN list 14-21
application engines, redirecting traffic to 45-1
area border routers
area routing
IS-IS 38-64
ISO IGRP 38-64
ARP
configuring 38-10
encapsulation 38-11
static cache configuration 38-10
table
address resolution 8-28
managing 8-28
ASBRs 38-25
AS-path filters, BGP 38-54
asymmetrical links, and IEEE 802.1Q tunneling 18-4
attributes, RADIUS
vendor-proprietary 10-31
vendor-specific 10-29
attribute-value pairs 11-12, 11-13, 11-17, 11-18, 11-27
authentication
EIGRP 38-40
HSRP 42-10
local mode with AAA 10-36
NTP associations 8-4
open1x 11-25
authentication (continued)RADIUS
key 10-21
login 10-23
TACACS+
defined 10-11
key 10-13
login 10-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 11-8
authentication failed VLAN
authentication keys, and routing protocols 38-102
authentication manager
CLI commands 11-8
compatibility with older 802.1x CLI commands11-8to 11-9
overview 11-7
authoritative time source, described 8-2
authorization
with RADIUS 10-27
authorized ports with IEEE 802.1x 11-9
autoconfiguration 3-3
auto enablement 11-26
automatic advise (auto-advise) in switch stacks 6-11
automatic copy (auto-copy) in switch stacks 6-10
automatic discovery
considerations
beyond a noncandidate device 7-8
brand new switches 7-9
connectivity 7-5
different VLANs 7-7
management VLANs 7-7
non-CDP-capable devices 7-6
noncluster-capable devices 7-6
routed ports 7-8
automatic discovery (continued)in switch clusters 7-5
automatic extraction (auto-extract) in switch stacks 6-11
automatic QoS
automatic recovery, clusters 7-10
automatic upgrades (auto-upgrade) in switch stacks 6-10
auto-MDIX
configuring 12-21
described 12-21
autonegotiation
duplex mode 1-4
interface configuration guidelines 12-18
mismatches 49-12
autonomous system boundary routers
autonomous systems, in BGP 38-48
Auto-RP, described 46-6
autosensing, port speed 1-4
Auto Smartports macros
configuration guidelines 13-3
default configuration 13-2
defined 13-1
displaying 13-14
enabling 13-3
event triggers 13-6
mapping 13-4
user-defined macros 13-9
autostate exclude 12-6
Auto Smartports macros
auxiliary VLAN
availability, features 1-7
B
BackboneFast
described 21-7
disabling 21-17
enabling 21-16
support for 1-8
backup interfaces
backup links 22-2
backup static routing, configuring 44-12
banners
configuring
login 8-18
message-of-the-day login 8-18
default configuration 8-17
when displayed 8-17
Berkeley r-tools replacement 10-49
BGP
aggregate addresses 38-60
aggregate routes, configuring 38-60
CIDR 38-60
clear commands 38-63
community filtering 38-57
configuring neighbors 38-58
default configuration 38-45
described 38-44
enabling 38-48
monitoring 38-63
multipath support 38-52
neighbors, types of 38-48
path selection 38-52
peers, configuring 38-58
prefix filtering 38-56
resetting sessions 38-50
route dampening 38-62
route maps 38-54
route reflectors 38-61
routing domain confederation 38-61
BGP (continued)routing session with multi-VRF CE 38-84
show commands 38-63
supernets 38-60
support for 1-13
Version 4 38-45
binding cluster group and HSRP group 42-12
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 23-6
DHCP snooping database 23-6
IP source guard 23-16
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 26-7
Boolean expressions in tracked lists 44-4
booting
boot loader, function of 3-2
boot process 3-2
manually 3-18
specific image 3-19
boot loader
accessing 3-19
described 3-2
environment variables 3-19
prompt 3-19
trap-door mechanism 3-2
bootstrap router (BSR), described 46-7
Border Gateway Protocol
BPDU
error-disabled state 21-2
filtering 21-3
RSTP format 20-12
BPDU filtering
described 21-3
disabling 21-15
enabling 21-14
support for 1-8
BPDU guard
described 21-2
disabling 21-14
enabling 21-13
support for 1-8
bridged packets, ACLs on 35-39
bridge groups
bridge protocol data unit
broadcast flooding 38-17
broadcast packets
directed 38-14
flooded 38-14
broadcast storm-control command 26-4
C
cables, monitoring for unidirectional links 29-1
candidate switch
automatic discovery 7-5
defined 7-4
requirements 7-4
See also command switch, cluster standby group, and member switch
Catalyst 3750G wireless LAN controller switch
accessing the controller A-6
displaying controller information A-7
features A-2
interaction with the controller A-3
internal port configuration A-4
internal port EtherChannel A-4
internal ports A-3
Catalyst 3750G wireless LAN controller switch (continued)internal VLAN A-3
reconfiguring the internal ports A-5
switch stacks A-2
Catalyst 6000 switches
authentication compatibility 11-8
CA trustpoint
configuring 10-45
defined 10-43
CDP
and trusted boundary 36-39
automatic discovery in switch clusters 7-5
configuring 27-2
default configuration 27-2
defined with LLDP 28-1
described 27-1
disabling for routing device27-3to 27-4
enabling and disabling
on an interface 27-4
on a switch 27-3
Layer 2 protocol tunneling 18-7
monitoring 27-5
overview 27-1
power negotiation extensions 12-7
support for 1-6
switch stack considerations 27-2
transmission timer and holdtime, setting 27-2
updates 27-2
CEF
defined 38-89
distributed 38-89
enabling 38-90
IPv6 39-18
CGMP
as IGMP snooping learning method 25-9
clearing cached group entries 46-61
enabling server support 46-44
joining multicast group 25-3
CGMP (continued)overview 46-9
server support only 46-9
switch support of 1-4
CIDR 38-60
CipherSuites 10-44
Cisco 7960 IP Phone 16-1
Cisco Discovery Protocol
Cisco Express Forwarding
Cisco Group Management Protocol
Cisco intelligent power management 12-7
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
Cisco IOS IP SLAs 43-1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 11-18
attribute-value pairs for redirect URL 11-17
Cisco Secure ACS configuration guide 11-57
Cisco StackWise technology 1-3
CISP 11-26
CIST regional root
CIST root
civic location 28-3
classless interdomain routing
classless routing 38-8
class maps for QoS
configuring 36-46
described 36-7
displaying 36-79
class of service
clearing interfaces 12-30
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-5
editing features
enabling and disabling 2-7
keystroke editing 2-7
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
managing clusters 7-16
no and default forms of commands 2-4
Client Information Signalling Protocol
client mode, VTP 15-3
client processes, tracking 44-1
CLNS
clock
clusters, switch
accessing 7-13
automatic discovery 7-5
automatic recovery 7-10
benefits 1-2
compatibility 7-4
described 7-1
LRE profile considerations 7-16
clusters, switch (continued)managing
through CLI 7-16
through SNMP 7-17
planning 7-4
planning considerations
automatic discovery 7-5
automatic recovery 7-10
CLI 7-16
host names 7-13
IP addresses 7-13
LRE profiles 7-16
passwords 7-13
RADIUS 7-16
switch stacks 7-14
TACACS+ 7-16
cluster standby group
and HSRP group 42-12
automatic recovery 7-12
considerations 7-11
defined 7-2
requirements 7-3
virtual IP address 7-11
CNS 1-5
Configuration Engine
configID, deviceID, hostname 5-3
configuration service 5-2
described 5-1
event service 5-3
embedded agents
described 5-5
enabling automated configuration 5-6
enabling configuration agent 5-9
enabling event agent 5-7
management functions 1-5
Coarse Wave Division Multiplexer
command-line interface
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 10-8
command switch
accessing 7-11
active (AC) 7-10
configuration conflicts 49-12
defined 7-2
passive (PC) 7-10
password privilege levels 7-17
priority 7-10
recovery
from command-switch failure 7-10, 49-8
from lost member connectivity 49-12
redundant 7-10
replacing
with another switch 49-11
with cluster member 49-9
requirements 7-3
standby (SC) 7-10
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 38-57
community ports 17-2
community strings
for cluster switches 33-4
in clusters 7-14
overview 33-4
SNMP 7-14
compatibility, feature 26-12
compatibility, software
config.text 3-17
configurable leave timer, IGMP 25-6
configuration, initial
defaults 1-15
Express Setup 1-2
configuration changes, logging 32-11
configuration conflicts, recovering from lost member connectivity 49-12
configuration examples, network 1-17
configuration files
archiving C-19
clearing the startup configuration C-19
creating using a text editor C-10
default name 3-17
deleting a stored configuration C-19
described C-8
downloading
automatically 3-17
reasons for C-8
using FTP C-13
using RCP C-17
using TFTP C-11
guidelines for creating and using C-9
guidelines for replacing and rolling back C-21
invalid combinations when copying C-5
limiting TFTP server access 33-17
obtaining with DHCP 3-9
password recovery disable considerations 10-5
replacing a running configuration C-19, C-20
rolling back a running configuration C-19, C-20
specifying the filename 3-17
system contact and location information 33-17
types and location C-10
configuration files (continued)uploading
reasons for C-9
using FTP C-14
using RCP C-18
using TFTP C-12
configuration guidelines, multi-VRF CE 38-77
configuration logger 32-11
configuration logging 2-5
configuration replacement C-19
configuration rollback C-19
configuration settings, saving 3-15
configure terminal command 12-11
configuring port-based authentication violation modes 11-37
configuring small-frame arrival rate 26-5
conflicts, configuration 49-12
connections, secure remote 10-38
connectivity problems 49-14, 49-16, 49-17
consistency checks in VTP Version 2 15-4
console port, connecting to 2-11
content-routing technology
control protocol, IP SLAs 43-4
corrupted software, recovery steps with Xmodem 49-2
CoS
in Layer 2 frames 36-2
override priority 16-6
trust priority 16-6
CoS input queue threshold map for QoS 36-16
CoS output queue threshold map for QoS 36-18
CoS-to-DSCP map for QoS 36-61
counters, clearing interface 12-30
CPU utilization, troubleshooting 49-25
crashinfo file 49-24
critical authentication, IEEE 802.1x 11-50
cross-stack EtherChannel
configuration guidelines 37-13
configuring
on Layer 2 interfaces 37-13
on Layer 3 physical interfaces 37-16
described 37-3
illustration 37-4
support for 1-7
cross-stack UplinkFast, STP
described 21-5
disabling 21-16
enabling 21-16
fast-convergence events 21-7
Fast Uplink Transition Protocol 21-6
normal-convergence events 21-7
support for 1-8
cryptographic software image
Kerberos 10-32
SSH 10-37
SSL 10-42
switch stack considerations 6-2, 6-15, 10-38
customer edge devices 38-75
CWDM SFPs 1-27
D
DACL
daylight saving time 8-13
dCEF, in the switch stack 38-89
debugging
enabling all system diagnostics 49-21
enabling for a specific feature 49-20
redirecting error message output 49-21
using commands 49-20
default commands 2-4
default configuration
802.1x 11-31
auto-QoS 36-20
banners 8-17
BGP 38-45
booting 3-17
CDP 27-2
DHCP 23-8
DHCP option 82 23-8
DHCP snooping 23-8
DHCP snooping binding database 23-9
DNS 8-16
dynamic ARP inspection 24-5
EIGRP 38-36
EtherChannel 37-11
Ethernet interfaces 12-16
fallback bridging 48-3
HSRP 42-5
IEEE 802.1Q tunneling 18-4
IGMP 46-39
IGMP filtering 25-25
IGMP snooping 25-7, 40-5, 40-6
IGMP throttling 25-25
initial switch information 3-3
IP addressing, IP routing 38-6
IP multicast routing 46-10
IP SLAs 43-6
IP source guard 23-17
IPv6 39-10
IS-IS 38-66
Layer 2 interfaces 12-16
Layer 2 protocol tunneling 18-11
LLDP 28-4
MAC address table 8-21
MAC address-table move update 22-8
MSDP 47-4
MSTP 20-15
multi-VRF CE 38-76
default configuration (continued)MVR 25-20
NTP 8-4
optional spanning-tree configuration 21-12
OSPF 38-26
password and privilege level 10-2
PIM 46-10
private VLANs 17-6
RADIUS 10-20
RIP 38-20
RMON 31-3
RSPAN 30-11
SDM template 9-5
SNMP 33-7
SPAN 30-11
SSL 10-45
standard QoS 36-30
STP 19-13
switch stacks 6-18
system message logging 32-4
system name and prompt 8-15
TACACS+ 10-13
UDLD 29-4
VLAN, Layer 2 Ethernet interfaces 14-19
VLANs 14-8
VMPS 14-29
voice VLAN 16-3
VTP 15-7
WCCP 45-5
default networks 38-92
default router preference
default routes 38-92
default routing 38-3
deleting VLANs 14-10
denial-of-service attack 26-1
description command 12-24
designing your network, examples 1-17
destination addresses
in IPv4 ACLs 35-12
in IPv6 ACLs 41-5
destination-IP address-based forwarding, EtherChannel 37-9
destination-MAC address forwarding, EtherChannel 37-9
detecting indirect link failures, STP 21-8
device C-23
device discovery protocol 27-1, 28-1
device manager
benefits 1-2
in-band management 1-6
upgrading a switch C-23
DHCP
Cisco IOS server database
configuring 23-14
default configuration 23-9
described 23-6
DHCP for IPv6
enabling
relay agent 23-11
server 23-10
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-4
DNS 3-7
relay device 3-8
server side 3-6
server-side 23-10
TFTP server 3-7
example 3-10
lease options
for IP address information 3-6
for receiving the configuration file 3-7
DHCP-based autoconfiguration (continued)
overview 3-3
relationship to BOOTP 3-4
support for 1-5
DHCP-based autoconfiguration and image update
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP object tracking, configuring primary interface 44-11
DHCP option 82
circuit ID suboption 23-5
configuration guidelines 23-9
default configuration 23-8
displaying 23-16
forwarding address, specifying 23-11
helper address 23-11
overview 23-3
packet format, suboption
circuit ID 23-5
remote ID 23-5
remote ID suboption 23-5
DHCP server port-based address allocation
configuration guidelines 23-21
default configuration 23-20
described 23-20
displaying 23-23
enabling 23-21
DHCP server port-based address assignment
support for 1-6
DHCP snooping
accepting untrusted packets form edge switch 23-3, 23-13
and private VLANs 23-14
DHCP snooping (continued)binding database
See DHCP snooping binding database
configuration guidelines 23-9
default configuration 23-8
displaying binding tables 23-16
message exchange process 23-4
option 82 data insertion 23-3
trusted interface 23-2
untrusted interface 23-2
untrusted messages 23-2
DHCP snooping binding database
adding bindings 23-15
binding file
format 23-7
location 23-6
bindings 23-6
clearing agent statistics 23-15
configuration guidelines 23-10
configuring 23-15
default configuration 23-8, 23-9
deleting
binding file 23-15
bindings 23-16
database agent 23-15
described 23-6
displaying 23-16
binding entries 23-16
status and statistics 23-16
enabling 23-15
entry 23-6
renewing database 23-15
resetting
delay value 23-15
timeout value 23-15
DHCP snooping binding table
See DHCP snooping binding database
DHCPv6
configuration guidelines 39-15
default configuration 39-15
described 39-6
enabling client function 39-17
enabling DHCPv6 server function 39-15
support for 1-13
Differentiated Services architecture, QoS 36-2
Differentiated Services Code Point 36-2
Diffusing Update Algorithm (DUAL) 38-35
directed unicast requests 1-6
directories
changing C-4
creating and removing C-4
displaying the working C-4
discovery, clusters
Distance Vector Multicast Routing Protocol
distance-vector protocols 38-3
distribute-list command 38-101
DNS
and DHCP-based autoconfiguration 3-7
default configuration 8-16
displaying the configuration 8-17
in IPv6 39-4
overview 8-15
setting up 8-16
support for 1-5
DNS-based SSM mapping 46-18, 46-20
domain names
DNS 8-15
VTP 15-8
Domain Name System
domains, ISO IGRP routing 38-64
dot1q-tunnel switchport mode 14-18
double-tagged packets
IEEE 802.1Q tunneling 18-2
Layer 2 protocol tunneling 18-10
downloadable ACL 11-17, 11-18, 11-57
downloading
configuration files
reasons for C-8
using FTP C-13
using RCP C-17
using TFTP C-11
image files
deleting old image C-27
reasons for C-23
using CMS 1-3
using FTP C-30
using RCP C-35
using TFTP C-26
using the device manager or Network Assistant C-23
drop threshold for Layer 2 protocol packets 18-11
DRP
configuring 39-13
described 39-4
IPv6 39-4
support for 1-13
DSCP input queue threshold map for QoS 36-16
DSCP output queue threshold map for QoS 36-18
DSCP-to-CoS map for QoS 36-65
DSCP-to-DSCP-mutation map for QoS 36-66
DSCP transparency 36-40
dual-action detection 37-6
DUAL finite state machine, EIGRP 38-35
dual IPv4 and IPv6 templates 9-2, 39-5, 39-6
dual protocol stacks
IPv4 and IPv6 39-5
SDM templates supporting 39-6
DVMRP
autosummarization
configuring a summary address 46-58
disabling 46-60
connecting PIM domain to DVMRP router 46-51
enabling unicast routing 46-54
interoperability
with Cisco devices 46-49
with Cisco IOS software 46-9
mrinfo requests, responding to 46-53
neighbors
advertising the default route to 46-52
discovery with Probe messages 46-49
displaying information 46-53
prevent peering with nonpruning 46-56
rejecting nonpruning 46-55
overview 46-8
routes
adding a metric offset 46-60
advertising all 46-60
advertising the default route to neighbors 46-52
caching DVMRP routes learned in report messages 46-54
changing the threshold for syslog messages 46-57
deleting 46-61
displaying 46-62
favoring one over another 46-60
limiting the number injected into MBONE 46-57
limiting unicast route advertisements 46-49
routing table 46-9
source distribution tree, building 46-9
support for 1-13
tunnels
configuring 46-51
displaying neighbor information 46-53
dynamic access ports
characteristics 14-3
configuring 14-31
defined 12-3
dynamic addresses
dynamic ARP inspection
ARP cache poisoning 24-1
ARP requests, described 24-1
ARP spoofing attack 24-1
clearing
log buffer 24-16
statistics 24-15
configuration guidelines 24-6
configuring
ACLs for non-DHCP environments 24-8
in DHCP environments 24-7
log buffer 24-13
rate limit for incoming ARP packets 24-4, 24-11
default configuration 24-5
denial-of-service attacks, preventing 24-11
described 24-1
DHCP snooping binding database 24-2
displaying
ARP ACLs 24-15
configuration and operating state 24-15
log buffer 24-16
statistics 24-15
trust state and rate limit 24-15
error-disabled state for exceeding rate limit 24-4
function of 24-2
interface trust states 24-3
log buffer
clearing 24-16
configuring 24-13
displaying 24-16
logging of dropped packets, described 24-5
man-in-the middle attack, described 24-2
network security issues and interface trust states 24-3
dynamic ARP inspection (continued)
priority of ARP ACLs and DHCP snooping entries 24-4
rate limiting of ARP packets
configuring 24-11
described 24-4
error-disabled state 24-4
statistics
clearing 24-15
displaying 24-15
validation checks, performing 24-12
dynamic auto trunking mode 14-18
dynamic desirable trunking mode 14-18
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 14-29
reconfirming 14-31
troubleshooting 14-33
types of connections 14-31
dynamic routing 38-3
ISO CLNS 38-64
Dynamic Trunking Protocol
E
EBGP 38-43
editing features
enabling and disabling 2-7
keystrokes used 2-7
wrapped lines 2-9
EIGRP
authentication 38-40
components 38-35
configuring 38-39
default configuration 38-36
definition 38-35
interface parameters, configuring 38-40
EIGRP (continued)monitoring 38-42
stub routing 38-41
elections
ELIN location 28-3
embedded event manager
actions 34-4
displaying information 34-7
environmental variables 34-4
event detectors 34-2
policies 34-4
registering and defining an applet 34-5
registering and defining a TCL script 34-6
understanding 34-1
enable password 10-3
enable secret password 10-3
encryption, CipherSuite 10-44
encryption for passwords 10-3
Enhanced IGRP
enhanced object tracking
backup static routing 44-12
commands 44-1
defined 44-1
DHCP primary interface 44-11
HSRP 44-7
IP routing state 44-2
IP SLAs 44-9
line-protocol state 44-2
network monitoring with IP SLAs 44-11
routing policy, configuring 44-12
static route primary interface 44-10
tracked lists 44-3
enhanced object tracking static routing 44-10
environmental variables, embedded event manager 34-4
environment variables, function of 3-20
equal-cost routing 1-13, 38-90
error-disabled state, BPDU 21-2
error messages during command entry 2-5
EtherChannel
automatic creation of 37-5, 37-7
channel groups
binding physical and logical interfaces 37-4
numbering of 37-4
configuration guidelines 37-12
configuring
Layer 2 interfaces 37-13
Layer 3 physical interfaces 37-16
Layer 3 port-channel logical interfaces 37-15
default configuration 37-11
described 37-2
displaying status 37-23
forwarding methods 37-8, 37-18
IEEE 802.3ad, described 37-7
interaction
with STP 37-12
with VLANs 37-12
LACP
described 37-7
displaying status 37-23
hot-standby ports 37-20
interaction with other features 37-8
modes 37-7
port priority 37-22
system priority 37-21
Layer 3 interface 38-5
logical interfaces, described 37-4
PAgP
aggregate-port learners 37-19
compatibility with Catalyst 1900 37-19
described 37-5
displaying status 37-23
interaction with other features 37-7
interaction with virtual switches 37-6
learn method and priority configuration 37-19
EtherChannel (continued)
modes 37-6
support for 1-4
with dual-action detection 37-6
port-channel interfaces
described 37-4
numbering of 37-4
port groups 12-6
stack changes, effects of 37-10
support for 1-4
EtherChannel guard
described 21-10
disabling 21-17
enabling 21-17
Ethernet VLANs
adding 14-9
defaults and ranges 14-8
modifying 14-9
EUI 39-3
event detectors, embedded event manager 34-2
events, RMON 31-3
examples
network configuration 1-17
expedite queue for QoS 36-78
Express Setup 1-2
See also getting started guide
extended crashinfo file 49-24
extended-range VLANs
configuration guidelines 14-13
configuring 14-12
creating 14-14
creating with an internal VLAN ID 14-15
defined 14-1
extended system ID
MSTP 20-17
extended universal identifier
Extensible Authentication Protocol over LAN 11-1
external BGP
external neighbors, BGP 38-48
F
fa0 interface 1-6
failover support 1-7
fallback bridging
and protected ports 48-4
bridge groups
creating 48-4
described 48-2
displaying 48-11
function of 48-2
number supported 48-5
removing 48-5
bridge table
clearing 48-11
displaying 48-11
configuration guidelines 48-4
connecting interfaces with 12-10
default configuration 48-3
described 48-1
frame forwarding
flooding packets 48-2
forwarding packets 48-2
overview 48-1
protocol, unsupported 48-4
stack changes, effects of 48-3
STP
disabling on an interface 48-10
forward-delay interval 48-9
hello BPDU interval 48-8
interface priority 48-7
keepalive messages 19-2
maximum-idle interval 48-9
path cost 48-7
VLAN-bridge spanning-tree priority 48-6
fallback bridging (continued)VLAN-bridge STP 48-2
support for 1-13
SVIs and routed ports 48-1
unsupported protocols 48-4
VLAN-bridge STP 19-11
Fast Convergence 22-3
Fast Uplink Transition Protocol 21-6
features, incompatible 26-12
FIB 38-89
fiber-optic, detecting unidirectional links 29-1
files
basic crashinfo
description 49-24
location 49-24
copying C-5
crashinfo, description 49-24
deleting C-5
displaying the contents of C-8
extended crashinfo
description 49-24
location 49-24
tar
creating C-6
displaying the contents of C-7
extracting C-7
image file format C-24
file system
displaying available file systems C-2
displaying file information C-3
local file system names C-1
network file system names C-5
setting the default C-3
filtering
in a VLAN 35-30
non-IP traffic 35-28
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
flash device, number of C-1
flexible authentication ordering
configuring 11-59
overview 11-25
Flex Link Multicast Fast Convergence 22-3
Flex Links
configuration guidelines 22-8
configuring preferred VLAN 22-11
configuring VLAN load balancing 22-10
default configuration 22-7
description 22-1
link load balancing 22-2
monitoring 22-14
VLANs 22-2
flooded traffic, blocking 26-8
flow-based packet classification 1-11
flowcharts
QoS classification 36-6
QoS egress queueing and scheduling 36-17
QoS ingress queueing and scheduling 36-15
QoS policing and marking 36-10
flowcontrol
configuring 12-20
described 12-20
forward-delay time
MSTP 20-23
STP 19-23
Forwarding Information Base
forwarding nonroutable protocols 48-1
FTP
accessing MIB files B-3
FTP (continued)configuration files
downloading C-13
overview C-12
preparing the server C-13
uploading C-14
image files
deleting old image C-32
downloading C-30
preparing the server C-29
uploading C-32
G
general query 22-5
Generating IGMP Reports 22-3
get-bulk-request operation 33-3
get-next-request operation 33-3, 33-5
get-request operation 33-3, 33-5
get-response operation 33-3
Gigabit modules
global configuration mode 2-2
global leave, IGMP 25-13
guest VLAN and 802.1x 11-18
guide mode 1-2
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces 12-26
hello time
MSTP 20-22
STP 19-22
help, for the command line 2-3
hierarchical policy maps 36-8
configuration guidelines 36-33
configuring 36-52
described 36-11
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 32-10
host names, in clusters 7-13
host ports
configuring 17-11
kinds of 17-2
hosts, limit on dynamic ports 14-33
Hot Standby Router Protocol
HP OpenView 1-5
HSRP
authentication string 42-10
automatic cluster recovery 7-12
binding to cluster group 42-12
cluster standby group considerations 7-11
command-switch redundancy 1-1, 1-7
configuring 42-5
default configuration 42-5
definition 42-1
guidelines 42-6
monitoring 42-13
object tracking 44-7
overview 42-1
priority 42-8
routing redundancy 1-12
support for ICMP redirect messages 42-12
switch stack considerations 42-5
timers 42-11
tracking 42-8
See also clusters, cluster standby group, and standby command switch
HSRP for IPv6
configuring 39-24
guidelines 39-23
HTTP over SSL
HTTPS 10-43
configuring 10-46
self-signed certificate 10-43
HTTP secure server 10-43
I
IBPG 38-43
ICMP
IPv6 39-4
redirect messages 38-12
support for 1-13
time-exceeded messages 49-18
traceroute and 49-18
unreachable messages 35-20
unreachable messages and IPv6 41-4
unreachables and ACLs 35-22
ICMP Echo operation
configuring 43-12
IP SLAs 43-11
ICMP ping
executing 49-15
overview 49-14
ICMP Router Discovery Protocol
ICMPv6 39-4
IDS appliances
and ingress RSPAN 30-22
and ingress SPAN 30-15
IEEE 802.1D
IEEE 802.1p 16-1
IEEE 802.1Q
and trunk ports 12-3
configuration limitations 14-19
encapsulation 14-16
native VLAN for untagged traffic 14-23
tunneling
compatibility with other features 18-6
defaults 18-4
described 18-1
tunnel ports with other features 18-6
IEEE 802.1s
IEEE 802.1w
IEEE 802.1x
IEEE 802.3ad
IEEE 802.3af
IEEE 802.3x flow control 12-20
ifIndex values, SNMP 33-6
IFS 1-6
IGMP
configurable leave timer
described 25-6
enabling 25-11
configuring the switch
as a member of a group 46-39
statically connected member 46-43
controlling access to groups 46-40
default configuration 46-39
deleting cache entries 46-62
displaying groups 46-62
fast switching 46-43
IGMP (continued)flooded multicast traffic
controlling the length of time 25-12
disabling on an interface 25-13
global leave 25-13
query solicitation 25-13
recovering from flood mode 25-13
host-query interval, modifying 46-41
joining multicast group 25-3
join messages 25-3
leave processing, enabling 25-11, 40-9
leaving multicast group 25-5
multicast reachability 46-39
overview 46-3
queries 25-4
report suppression
described 25-6
supported versions 25-3
support for 1-4
Version 1
changing to Version 2 46-41
described 46-3
Version 2
changing to Version 1 46-41
described 46-3
maximum query response time value 46-43
pruning groups 46-43
query timeout value 46-42
IGMP filtering
configuring 25-25
default configuration 25-25
described 25-24
monitoring 25-29
support for 1-4
IGMP groups
configuring filtering 25-28
setting the maximum number 25-27
IGMP Immediate Leave
configuration guidelines 25-11
described 25-5
enabling 25-11
IGMP profile
applying 25-27
configuration mode 25-25
configuring 25-26
IGMP snooping
and address aliasing 25-2
and stack changes 25-6
configuring 25-7
default configuration 25-7, 40-5, 40-6
definition 25-2
enabling and disabling 25-7, 40-6
global configuration 25-7
Immediate Leave 25-5
in the switch stack 25-6
method 25-8
querier
configuration guidelines 25-14
configuring 25-14
supported versions 25-3
support for 1-4
VLAN configuration 25-8
IGMP throttling
configuring 25-28
default configuration 25-25
described 25-25
displaying action 25-29
IGP 38-25
Immediate Leave, IGMP 25-5
enabling 40-9
inaccessible authentication bypass 11-20
initial configuration
defaults 1-15
Express Setup 1-2
integrated wireless LAN controller switch
see 3750G integrated wireless LAN controller switch
interface
number 12-11
range macros 12-14
interface command12-10to 12-12
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 12-21
configuration guidelines
10-Gigabit Ethernet 12-17
duplex and speed 12-18
configuring
procedure 12-11
counters, clearing 12-30
default configuration 12-16
described 12-24
descriptive name, adding 12-24
displaying information about 12-29
flow control 12-20
management 1-5
monitoring 12-29
naming 12-24
physical, identifying 12-10
range of 12-12
restarting 12-31
shutting down 12-31
speed and duplex, configuring 12-18
status 12-29
supported 12-10
types of 12-1
interfaces range macro command 12-14
interface types 12-10
Interior Gateway Protocol
internal BGP
internal neighbors, BGP 38-48
Internet Control Message Protocol
Internet Group Management Protocol
Internet Protocol version 6
Inter-Switch Link
Intrusion Detection System
inventory management TLV 28-2, 28-6
IOS shell
IP ACLs
for QoS classification 36-7
implicit masks 35-10
named 35-15
undefined 35-21
IP addresses
128-bit 39-2
classes of 38-7
cluster access 7-2
command switch 7-3, 7-11, 7-13
default configuration 38-6
discovering 8-28
for IP routing 38-5
IPv6 39-2
MAC address association 38-9
monitoring 38-18
redundant clusters 7-11
standby command switch 7-11, 7-13
IP base image 1-1
IP broadcast address 38-16
ip cef distributed command 38-89
IP directed broadcasts 38-14
ip igmp profile command 25-25
IP information
assigned
manually 3-14
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing
addresses
all-hosts 46-3
all-multicast-routers 46-3
host group address range 46-3
administratively-scoped boundaries, described 46-46
and IGMP snooping 25-2
Auto-RP
adding to an existing sparse-mode cloud 46-26
benefits of 46-26
clearing the cache 46-62
configuration guidelines 46-12
filtering incoming RP announcement messages 46-29
overview 46-6
preventing candidate RP spoofing 46-29
preventing join messages to false RPs 46-28
setting up in a new internetwork 46-26
using with BSR 46-34
bootstrap router
configuration guidelines 46-12
configuring candidate BSRs 46-32
configuring candidate RPs 46-33
defining the IP multicast boundary 46-31
defining the PIM domain border 46-30
overview 46-7
using with Auto-RP 46-34
Cisco implementation 46-2
configuring
basic multicast routing 46-12
IP multicast boundary 46-46
default configuration 46-10
IP multicast routing (continued)enabling
multicast forwarding 46-13
PIM mode 46-13
group-to-RP mappings
Auto-RP 46-6
BSR 46-7
MBONE
deleting sdr cache entries 46-62
described 46-45
displaying sdr cache 46-63
enabling sdr listener support 46-46
limiting DVMRP routes advertised 46-57
limiting sdr cache entry lifetime 46-46
SAP packets for conference session announcement 46-45
Session Directory (sdr) tool, described 46-45
monitoring
packet rate loss 46-63
peering devices 46-63
tracing a path 46-63
multicast forwarding, described 46-7
PIMv1 and PIMv2 interoperability 46-11
protocol interaction 46-2
reverse path check (RPF) 46-7
routing table
deleting 46-62
displaying 46-62
RP
assigning manually 46-24
configuring Auto-RP 46-26
configuring PIMv2 BSR 46-30
monitoring mapping information 46-34
using Auto-RP and BSR 46-34
stacking
stack master functions 46-9
stack member functions 46-9
statistics, displaying system and network 46-62
IP multicast routing (continued)IP phones
and QoS 16-1
automatic classification and queueing 36-20
configuring 16-4
ensuring port security with QoS 36-38
trusted boundary for QoS 36-38
IP precedence 36-2
IP-precedence-to-DSCP map for QoS 36-63
IP protocols
in ACLs 35-12
routing 1-12
IP routes, monitoring 38-103
IP routing
connecting interfaces with 12-10
disabling 38-19
enabling 38-19
IP Service Level Agreements
IP service levels, analyzing 43-1
IP services image 1-1
IP SLAs
benefits 43-2
configuration guidelines 43-6
configuring object tracking 44-9
Control Protocol 43-4
default configuration 43-6
definition 43-1
ICMP echo operation 43-11
measuring network performance 43-3
monitoring 43-13
multioperations scheduling 43-5
object tracking 44-9
operation 43-3
reachability tracking 44-9
IP SLAs (continued)responder
described 43-4
enabling 43-8
response time 43-4
scheduling 43-5
SNMP support 43-2
supported metrics 43-2
threshold monitoring 43-6
track object monitoring agent, configuring 44-11
track state 44-9
UDP jitter operation 43-9
IP source guard
and 802.1x 23-18
and DHCP snooping 23-16
and EtherChannels 23-18
and port security 23-18
and private VLANs 23-18
and routed ports 23-18
and TCAM entries 23-18
and trunk interfaces 23-18
and VRF 23-18
binding configuration
automatic 23-16
manual 23-16
binding table 23-16
configuration guidelines 23-17
default configuration 23-17
described 23-16
disabling 23-19
displaying
bindings 23-20
configuration 23-20
enabling 23-18
filtering
source IP address 23-17
source IP and MAC address 23-17
on provisioned switches 23-18
source IP address filtering 23-17
IP source guard (continued)source IP and MAC address filtering 23-17
static bindings
adding 23-18
deleting 23-19
IP traceroute
executing 49-18
overview 49-17
IP unicast routing
address resolution 38-9
administrative distances 38-91, 38-102
ARP 38-9
assigning IP addresses to Layer 3 interfaces 38-7
authentication keys 38-102
broadcast
address 38-16
flooding 38-17
packets 38-14
storms 38-14
classless routing 38-8
configuring static routes 38-91
default
addressing configuration 38-6
gateways 38-12
networks 38-92
routes 38-92
routing 38-3
directed broadcasts 38-14
disabling 38-19
dynamic routing 38-3
enabling 38-19
EtherChannel Layer 3 interface 38-5
IGP 38-25
inter-VLAN 38-2
IP addressing
classes 38-7
configuring 38-5
IPv6 39-3
IRDP 38-12
IP unicast routing (continued)Layer 3 interfaces 38-5
MAC address and IP address 38-9
passive interfaces 38-100
protocols
distance-vector 38-3
dynamic 38-3
link-state 38-3
proxy ARP 38-9
redistribution 38-93
reverse address resolution 38-9
routed ports 38-5
static routing 38-3
steps to configure 38-5
subnet mask 38-7
subnet zero 38-7
supernet 38-8
UDP 38-15
with SVIs 38-5
IPv4 ACLs
applying to interfaces 35-20
extended, creating 35-11
named 35-15
standard, creating 35-10
IPv4 and IPv6
dual protocol stacks 39-5
IPv6
ACLs
displaying 41-8
limitations 41-3
matching criteria 41-3
port 41-1
precedence 41-2
router 41-1
supported 41-2
IPv6 (continued)addresses 39-2
address formats 39-2
and switch stacks 39-9
applications 39-5
assigning address 39-11
autoconfiguration 39-5
CEFv6 39-18
configuring static routes 39-19
default configuration 39-10
default router preference (DRP) 39-4
defined 39-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 39-7
EIGRP IPv6 Commands 39-7
Router ID 39-7
feature limitations 39-8
features not supported 39-8
forwarding 39-11
ICMP 39-4
monitoring 39-26
neighbor discovery 39-4
OSPF 39-6
path MTU discovery 39-4
stack master functions 39-9
Stateless Autoconfiguration 39-5
supported features 39-2
switch limitations 39-8
understanding static routes 39-6
IPv6 traffic, filtering 41-4
IRDP
configuring 38-13
definition 38-12
support for 1-13
IS-IS
addresses 38-64
area routing 38-64
default configuration 38-66
monitoring 38-73
show commands 38-73
system routing 38-64
ISL
and IPv6 39-3
and trunk ports 12-3
trunking with IEEE 802.1 tunneling 18-4
ISO CLNS
clear commands 38-73
dynamic routing protocols 38-64
monitoring 38-73
NETs 38-64
NSAPs 38-64
OSI standard 38-64
ISO IGRP
area routing 38-64
system routing 38-64
isolated port 17-2
J
join messages, IGMP 25-3
K
KDC
described 10-32
keepalive messages 19-2
Kerberos
authenticating to
boundary switch 10-35
KDC 10-35
network services 10-35
configuration examples 10-32
configuring 10-35
credentials 10-32
cryptographic software image 10-32
described 10-32
KDC 10-32
operation 10-34
realm 10-34
server 10-34
support for 1-11
switch as trusted third party 10-32
terms 10-33
TGT 10-34
tickets 10-32
key distribution center
L
l2protocol-tunnel command 18-13
LACP
Layer 2 protocol tunneling 18-9
Layer 2 frames, classification with CoS 36-2
Layer 2 interfaces, default configuration 12-16
Layer 2 protocol tunneling
configuring 18-10
configuring for EtherChannels 18-14
default configuration 18-11
defined 18-8
guidelines 18-12
Layer 2 traceroute
and ARP 49-17
and CDP 49-16
broadcast traffic 49-16
described 49-16
IP addresses and subnets 49-17
MAC addresses and VLANs 49-16
multicast traffic 49-16
multiple devices on a port 49-17
unicast traffic 49-16
usage guidelines 49-16
Layer 3 features 1-12
Layer 3 interfaces
assigning IP addresses to 38-7
assigning IPv4 and IPv6 addresses to 39-14
assigning IPv6 addresses to 39-11
changing from Layer 2 mode 38-7, 38-81
types of 38-5
Layer 3 packets, classification methods 36-2
LDAP 5-2
Leaking IGMP Reports 22-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
line configuration mode 2-3
Link Aggregation Control Protocol
link failure, detecting unidirectional 20-8
Link Layer Discovery Protocol
link local unicast addresses 39-3
link redundancy
links, unidirectional 29-1
link state advertisements (LSAs) 38-30
link-state protocols 38-3
link-state tracking
configuring 37-25
described 37-23
LLDP
configuring 28-4
characteristics 28-5
default configuration 28-4
enabling 28-5
monitoring and maintaining 28-10
overview 28-1
supported TLVs 28-2
switch stack considerations 28-2
transmission timer and holdtime, setting 28-5
LLDP-MED
configuring
procedures 28-4
TLVs 28-6
monitoring and maintaining 28-10
supported TLVs 28-2
LLDP Media Endpoint Discovery
load balancing 42-4
local SPAN 30-2
logging messages, ACL 35-9
login authentication
with RADIUS 10-23
with TACACS+ 10-14
login banners 8-17
log messages
Long-Reach Ethernet (LRE) technology 1-19, 1-25
loop guard
described 21-11
enabling 21-18
support for 1-8
LRE profiles, considerations in switch clusters 7-16
M
MAB
MAB aging timer 1-9
MAB inactivity timer
default setting 11-32
range 11-34
MAC/PHY configuration status TLV 28-2
MAC addresses
aging time 8-21
and VLAN association 8-20
building the address table 8-20
default configuration 8-21
disabling learning on a VLAN 8-27
discovering 8-28
displaying 8-27
displaying in the IP source binding table 23-20
dynamic
learning 8-20
removing 8-22
in ACLs 35-28
IP address association 38-9
static
adding 8-24
characteristics of 8-24
dropping 8-25
removing 8-24
MAC address learning 1-6
MAC address learning, disabling on a VLAN 8-27
MAC address notification, support for 1-14
MAC address-table move update
configuration guidelines 22-8
configuring 22-12
default configuration 22-8
description 22-6
monitoring 22-14
MAC address-to-VLAN mapping 14-28
MAC authentication bypass 11-34
configuring 11-53
overview 11-14
MAC extended access lists
applying to Layer 2 interfaces 35-29
configuring for QoS 36-45
creating 35-28
defined 35-28
for QoS classification 36-5
macros
magic packet 11-23
manageability features 1-5
management access
in-band
browser session 1-6
CLI session 1-6
device manager 1-6
SNMP 1-6
out-of-band console port connection 1-6
management address TLV 28-2
management options
CLI 2-1
clustering 1-3
CNS 5-1
Network Assistant 1-2
overview 1-5
switch stacks 1-3
management VLAN
considerations in switch clusters 7-7
discovery through different management VLANs 7-7
mapping tables for QoS
configuring
CoS-to-DSCP 36-61
DSCP 36-61
DSCP-to-CoS 36-65
DSCP-to-DSCP-mutation 36-66
mapping tables for QoS (continued)IP-precedence-to-DSCP 36-63
policed-DSCP 36-64
described 36-12
marking
action with aggregate policers 36-59
matching
IPv6 ACLs 41-3
matching, IPv4 ACLs 35-8
maximum aging time
MSTP 20-24
STP 19-23
maximum hop count, MSTP 20-24
maximum number of allowed devices, port-based authentication 11-34
maximum-paths command 38-52, 38-90
MDA
configuration guidelines11-11to 11-12
exceptions with authentication process 11-5
membership mode, VLAN port 14-3
member switch
automatic discovery 7-5
defined 7-2
managing 7-16
passwords 7-13
recovering from lost connectivity 49-12
requirements 7-4
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 8-17
metrics, in BGP 38-52
metric translations, between routing protocols 38-96
metro tags 18-2
MHSRP 42-4
MIBs
accessing files with FTP B-3
location of files B-3
overview 33-1
SNMP interaction with 33-4
supported B-1
mini-point-of-presence
mirroring traffic for analysis 30-1
mismatches, autonegotiation 49-12
module number 12-11
monitoring
access groups 35-41
BGP 38-63
cables for unidirectional links 29-1
CDP 27-5
CEF 38-90
EIGRP 38-42
fallback bridging 48-11
features 1-14
Flex Links 22-14
HSRP 42-13
IEEE 802.1Q tunneling 18-18
IGMP
filters 25-29
interfaces 12-29
IP
address tables 38-18
multicast routing 46-61
routes 38-103
IP SLAs operations 43-13
IPv4 ACL configuration 35-41
IPv6 39-26
IPv6 ACL configuration 41-8
IS-IS 38-73
ISO CLNS 38-73
Layer 2 protocol tunneling 18-18
MAC address-table move update 22-14
monitoring (continued)MSDP peers 47-18
multicast router interfaces 25-17, 40-12
multi-VRF CE 38-88
MVR 25-24
network traffic for analysis with probe 30-2
object tracking 44-12
OSPF 38-34
port
blocking 26-19
protection 26-19
private VLANs 17-14
RP mapping information 46-34
source-active messages 47-18
speed and duplex mode 12-19
SSM mapping 46-22
traffic flowing among switches 31-1
traffic suppression 26-19
tunneling 18-18
VLAN
filters 35-42
maps 35-42
VLANs 14-16
VMPS 14-32
VTP 15-16
mrouter Port 22-3
mrouter port 22-5
MSDP
benefits of 47-3
clearing MSDP connections and statistics 47-18
controlling source information
forwarded by switch 47-11
originated by switch 47-8
received by switch 47-13
default configuration 47-4
dense-mode regions
sending SA messages to 47-16
specifying the originating address 47-17
MSDP (continued)filtering
incoming SA messages 47-14
SA messages to a peer 47-12
SA requests from a peer 47-10
join latency, defined 47-6
meshed groups
configuring 47-15
defined 47-15
originating address, changing 47-17
overview 47-1
peer-RPF flooding 47-2
peers
configuring a default 47-4
monitoring 47-18
peering relationship, overview 47-1
requesting source information from 47-8
shutting down 47-15
source-active messages
caching 47-6
clearing cache entries 47-18
defined 47-2
filtering from a peer 47-10
filtering incoming 47-14
filtering to a peer 47-12
limiting data with TTL 47-13
monitoring 47-18
restricting advertised sources 47-9
support for 1-13
MSTP
boundary ports
configuration guidelines 20-16
described 20-6
BPDU filtering
described 21-3
enabling 21-14
BPDU guard
described 21-2
enabling 21-13
MSTP (continued)CIST, described 20-3
CIST root 20-5
configuration guidelines 20-15, 21-12
configuring
forward-delay time 20-23
hello time 20-22
link type for rapid convergence 20-24
maximum aging time 20-24
maximum hop count 20-24
MST region 20-16
neighbor type 20-25
path cost 20-21
port priority 20-20
root switch 20-17
secondary root switch 20-19
switch priority 20-22
CST
defined 20-3
operations between regions 20-4
default configuration 20-15
default optional feature configuration 21-12
displaying status 20-26
enabling the mode 20-16
EtherChannel guard
described 21-10
enabling 21-17
extended system ID
effects on root switch 20-17
effects on secondary root switch 20-19
unexpected behavior 20-18
IEEE 802.1s
implementation 20-6
port role naming change 20-7
terminology 20-5
instances supported 19-10
interface state, blocking to forwarding 21-2
MSTP (continued)MSTP (continued)interoperability and compatibility among modes 19-11
interoperability with IEEE 802.1D
described 20-9
restarting migration process 20-26
IST
defined 20-3
master 20-3
operations within a region 20-3
loop guard
described 21-11
enabling 21-18
mapping VLANs to MST instance 20-16
MST region
CIST 20-3
configuring 20-16
described 20-2
hop-count mechanism 20-5
IST 20-3
supported spanning-tree instances 20-2
optional features supported 1-8
overview 20-2
Port Fast
described 21-2
enabling 21-12
preventing root switch selection 21-10
root guard
described 21-10
enabling 21-18
root switch
configuring 20-18
effects of extended system ID 20-17
unexpected behavior 20-18
shutdown Port Fast-enabled port 21-2
stack changes, effects of 20-8
status, displaying 20-26
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 25-5
joining 25-3
leaving 25-5
multicast packets
ACLs on 35-41
blocking 26-8
multicast router interfaces, monitoring 25-17, 40-12
multicast router ports, adding 25-9, 40-8
Multicast Source Discovery Protocol
multicast storm 26-1
multicast storm-control command 26-4
multicast television application 25-18
multicast VLAN 25-17
Multicast VLAN Registration
multidomain authentication
multioperations scheduling, IP SLAs 43-5
multiple authentication 11-12
multiple authentication mode
configuring 11-41
Multiple HSRP
multiple VPN routing/forwarding in customer edge devices
multi-VRF CE
configuration example 38-84
configuration guidelines 38-77
configuring 38-76
default configuration 38-76
defined 38-74
displaying 38-88
monitoring 38-88
network components 38-76
multi-VRF CE (continued)packet-forwarding process 38-76
support for 1-13
MVR
and address aliasing 25-21
and IGMPv3 25-21
configuration guidelines 25-20
configuring interfaces 25-22
default configuration 25-20
described 25-17
example application 25-18
in the switch stack 25-20
modes 25-21
monitoring 25-24
multicast television application 25-18
setting global parameters 25-21
support for 1-4
N
NAC
AAA down policy 1-11
critical authentication 11-20, 11-50
IEEE 802.1x authentication using a RADIUS server 11-54
IEEE 802.1x validation using RADIUS server 11-54
inaccessible authentication bypass 1-11, 11-50
Layer 2 IEEE 802.1x validation 1-11, 11-25, 11-54
Layer 2 IP validation 1-11
named IPv4 ACLs 35-15
NameSpace Mapper
native VLAN
and IEEE 802.1Q tunneling 18-4
configuring 14-23
default 14-23
NEAT
configuring 11-55
overview 11-26
neighbor discovery, IPv6 39-4
neighbor discovery/recovery, EIGRP 38-35
neighbors, BGP 38-58
Network Admission Control
Network Admission Control Software Configuration Guide 11-62, 11-63
Network Assistant
benefits 1-2
described 1-5
downloading image files 1-3
guide mode 1-2
management options 1-2
managing switch stacks 6-2, 6-15
upgrading a switch C-23
wizards 1-3
network configuration examples
cost-effective wiring closet 1-19
high-performance wiring closet 1-20
increasing network performance 1-18
large network 1-24
long-distance, high-bandwidth transport 1-27
multidwelling network 1-25
providing network services 1-18
redundant Gigabit backbone 1-20
server aggregation and Linux server cluster 1-21
small to medium-sized network 1-23
network design
performance 1-18
services 1-18
Network Edge Access Topology
network management
CDP 27-1
RMON 31-1
SNMP 33-1
network performance, measuring with IP SLAs 43-3
Network Time Protocol
no commands 2-4
nonhierarchical policy maps
configuration guidelines 36-33
described 36-9
non-IP traffic filtering 35-28
nontrunking mode 14-18
normal-range VLANs 14-4
configuration guidelines 14-6
configuration modes 14-7
configuring 14-4
defined 14-1
no switchport command 12-4
not-so-stubby areas
NSAPs, as ISO IGRP addresses 38-64
NSF Awareness
IS-IS 38-66
NSM 5-3
NSSA, OSPF 38-30
NTP
associations
authenticating 8-4
defined 8-2
enabling broadcast messages 8-6
peer 8-5
server 8-5
default configuration 8-4
displaying the configuration 8-11
overview 8-2
restricting access
creating an access group 8-8
disabling NTP services per interface 8-10
source IP address, configuring 8-10
stratum 8-2
support for 1-6
synchronizing devices 8-5
NTP (continued)time
services 8-2
synchronizing 8-2
O
object tracking
HSRP 44-7
IP SLAs 44-9
IP SLAs, configuring 44-9
monitoring 44-12
offline configuration for switch stacks 6-6
online diagnostics
overview 50-1
running tests 50-3
understanding 50-1
open1x
configuring 11-59
open1x authentication
overview 11-25
Open Shortest Path First
optimizing system resources 9-1
options, management 1-5
OSPF
area parameters, configuring 38-30
configuring 38-28
default configuration
metrics 38-32
route 38-31
settings 38-26
described 38-25
for IPv6 39-6
interface parameters, configuring 38-29
LSA group pacing 38-33
monitoring 38-34
router IDs 38-33
route summarization 38-31
OSPF (continued)support for 1-12
virtual links 38-31
out-of-profile markdown 1-12
P
packet modification, with QoS 36-19
PAgP
Layer 2 protocol tunneling 18-9
parallel paths, in routing tables 38-90
passive interfaces
configuring 38-100
OSPF 38-32
passwords
default configuration 10-2
disabling recovery of 10-5
encrypting 10-3
for security 1-9
in clusters 7-13
overview 10-1
recovery of 49-3
setting
enable 10-3
enable secret 10-3
Telnet 10-6
with usernames 10-6
VTP domain 15-8
path cost
MSTP 20-21
STP 19-20
path MTU discovery 39-4
PBR
defined 38-97
enabling 38-98
fast-switched policy-based routing 38-100
local policy-based routing 38-100
PC (passive command switch) 7-10
peers, BGP 38-58
percentage thresholds in tracked lists 44-6
performance, network design 1-18
performance features 1-4
persistent self-signed certificate 10-43
per-user ACLs and Filter-Ids 11-8
per-VLAN spanning-tree plus
PE to CE routing, configuring 38-84
physical ports 12-2
PIM
default configuration 46-10
dense mode
overview 46-4
rendezvous point (RP), described 46-5
RPF lookups 46-8
displaying neighbors 46-62
enabling a mode 46-13
overview 46-4
router-query message interval, modifying 46-37
shared tree and source tree, overview 46-35
shortest path tree, delaying the use of 46-36
sparse mode
join messages and shared tree 46-5
overview 46-5
prune messages 46-5
RPF lookups 46-8
stub routing
configuration guidelines 46-22
displaying 46-62
enabling 46-23
overview 46-5
support for 1-13
versions
interoperability 46-11
troubleshooting interoperability problems 46-35
v2 improvements 46-4
PIM-DVMRP, as snooping method 25-8
ping
character output description 49-15
executing 49-15
overview 49-14
PoE
auto mode 12-8
CDP with power consumption, described 12-7
CDP with power negotiation, described 12-7
Cisco intelligent power management 12-7
configuring 12-22
devices supported 12-7
high-power devices operating in low-power mode 12-7
IEEE power classification levels 12-8
power budgeting 12-23
power consumption 12-23
powered-device detection and initial power allocation 12-7
power management modes 12-8
power negotiation extensions to CDP 12-7
standards supported 12-7
static mode 12-9
troubleshooting 49-13
policed-DSCP map for QoS 36-64
policers
configuring
for each matched traffic class 36-48
for more than one traffic class 36-59
described 36-4
displaying 36-79
number of 36-34
types of 36-9
policing
described 36-4
hierarchical
token-bucket algorithm 36-9
policy-based routing
policy maps for QoS
characteristics of 36-48
described 36-7
displaying 36-80
hierarchical 36-8
hierarchical on SVIs
configuration guidelines 36-33
configuring 36-52
described 36-11
nonhierarchical on physical ports
configuration guidelines 36-33
described 36-9
POP 1-25
port ACLs
defined 35-2
types of 35-3
Port Aggregation Protocol
port-based authentication
accounting 11-13
authentication server
defined 11-3
RADIUS server 11-3
client, defined 11-3
configuration guidelines 11-32
configuring
802.1x authentication 11-38
guest VLAN 11-47
host mode 11-41
inaccessible authentication bypass 11-50
manual re-authentication of a client 11-43
periodic re-authentication 11-42
quiet period 11-43
RADIUS server 11-40
RADIUS server parameters on the switch 11-39
restricted VLAN 11-48
switch-to-client frame-retransmission number 11-45
switch-to-client retransmission time 11-44
port-based authentication (continued)violation modes 11-37
default configuration 11-31
described 11-1
device roles 11-2
displaying statistics 11-66
downloadable ACLs and redirect URLs
EAPOL-start frame 11-5
EAP-request/identity frame 11-5
EAP-response/identity frame 11-5
encapsulation 11-3
flexible authentication ordering
configuring 11-59
overview 11-25
guest VLAN
configuration guidelines 11-19, 11-20
described 11-18
host mode 11-11
inaccessible authentication bypass
configuring 11-50
described 11-20
guidelines 11-33
initiation and message exchange 11-5
magic packet 11-23
maximum number of allowed devices per port 11-34
method lists 11-38
multiple authentication 11-12
per-user ACLs
AAA authorization 11-38
configuration tasks 11-17
described 11-16
RADIUS server attributes 11-16
ports
authorization state and dot1x port-control command 11-9
authorized and unauthorized 11-9
critical 11-20
port-based authentication (continued)voice VLAN 11-21
port security
and voice VLAN 11-23
described 11-22
interactions 11-22
multiple-hosts mode 11-11
readiness check
configuring 11-35
resetting to default values 11-65
stack changes, effects of 11-10
statistics, displaying 11-66
switch
as proxy 11-3
RADIUS client 11-3
switch supplicant
configuring 11-55
overview 11-26
upgrading from a previous release 36-26
VLAN assignment
AAA authorization 11-38
characteristics 11-15
configuration tasks 11-16
described 11-15
voice aware 802.1x security
configuring 11-36
voice VLAN
described 11-21
PVID 11-21
VVID 11-21
wake-on-LAN, described 11-23
port-based authentication methods, supported 11-7
port-channel
port description TLV 28-2
Port Fast
described 21-2
enabling 21-12
mode, spanning tree 14-29
support for 1-8
port membership modes, VLAN 14-3
port priority
MSTP 20-20
STP 19-18
ports
10-Gigabit Ethernet module 12-6
access 12-3
blocking 26-7
dynamic access 14-3
IEEE 802.1Q tunnel 14-4
protected 26-6
routed 12-4
secure 26-8
switch 12-2
VLAN assignments 14-11
port security
aging 26-17
and private VLANs 26-18
and QoS trusted boundary 36-38
and stacking 26-18
configuring 26-13
default configuration 26-11
described 26-8
displaying 26-19
enabling 26-18
on trunk ports 26-14
sticky learning 26-9
violations 26-10
with other features 26-11
port-shutdown response, VMPS 14-28
port VLAN ID TLV 28-2
power management TLV 28-2, 28-7
Power over Ethernet
preemption, default configuration 22-7
preemption delay, default configuration 22-8
preferential treatment of traffic
prefix lists, BGP 38-56
preventing unauthorized access 10-1
primary interface for object tracking, DHCP, configuring 44-11
primary interface for static routing, configuring 44-10
primary links 22-2
priority
HSRP 42-8
overriding CoS 16-6
trusting CoS 16-6
private VLAN edge ports
private VLANs
across multiple switches 17-4
and SDM template 17-4
and SVIs 17-5
and switch stacks 17-5
benefits of 17-1
community ports 17-2
configuration guidelines 17-7, 17-8
configuration tasks 17-6
configuring 17-9
default configuration 17-6
end station access to 17-3
IP addressing 17-3
isolated port 17-2
mapping 17-13
monitoring 17-14
private VLANs (continued)ports
community 17-2
configuration guidelines 17-8
configuring host ports 17-11
configuring promiscuous ports 17-12
described 14-4
isolated 17-2
promiscuous 17-2
promiscuous ports 17-2
secondary VLANs 17-2
subdomains 17-1
traffic in 17-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 10-9
command switch 7-17
exiting 10-9
logging into 10-9
mapping on member switches 7-17
setting a command with 10-8
promiscuous ports
configuring 17-12
defined 17-2
protocol-dependent modules, EIGRP 38-36
Protocol-Independent Multicast Protocol
provider edge devices 38-75
provisioned switches and IP source guard 23-18
provisioning new members for a switch stack 6-6
proxy ARP
configuring 38-11
definition 38-9
with IP routing disabled 38-12
proxy reports 22-3
pruning, VTP
disabling
in VTP domain 15-14
on a port 14-23
enabling
in VTP domain 15-14
on a port 14-23
examples 15-5
overview 15-4
pruning-eligible list
changing 14-23
for VTP pruning 15-5
VLANs 15-14
PVST+
described 19-10
IEEE 802.1Q trunking interoperability 19-11
instances supported 19-10
Q
QoS
and MQC commands 36-1
auto-QoS
categorizing traffic 36-20
configuration and defaults display 36-29
configuration guidelines 36-25
described 36-20
disabling 36-27
displaying generated commands 36-27
displaying the initial configuration 36-29
effects on running configuration 36-25
egress queue defaults 36-21
enabling for VoIP 36-27
example configuration 36-28
ingress queue defaults 36-21
list of generated commands 36-22
basic model 36-4
QoS (continued)classification
class maps, described 36-7
defined 36-4
DSCP transparency, described 36-40
flowchart 36-6
forwarding treatment 36-3
in frames and packets 36-3
MAC ACLs, described 36-5, 36-7
options for IP traffic 36-5
options for non-IP traffic 36-5
policy maps, described 36-7
trust DSCP, described 36-5
trusted CoS, described 36-5
trust IP precedence, described 36-5
class maps
configuring 36-46
displaying 36-79
configuration guidelines
auto-QoS 36-25
standard QoS 36-33
configuring
aggregate policers 36-59
auto-QoS 36-20
default port CoS value 36-38
DSCP maps 36-61
DSCP transparency 36-40
DSCP trust states bordering another domain 36-40
egress queue characteristics 36-71
ingress queue characteristics 36-67
IP extended ACLs 36-44
IP standard ACLs 36-43
MAC ACLs 36-45
policy maps, hierarchical 36-52
port trust states within the domain 36-36
trusted boundary 36-38
default auto configuration 36-20
QoS (continued)default standard configuration 36-30
displaying statistics 36-79
DSCP transparency 36-40
egress queues
allocating buffer space 36-72
buffer allocation scheme, described 36-17
configuring shaped weights for SRR 36-75
configuring shared weights for SRR 36-77
described 36-4
displaying the threshold map 36-75
flowchart 36-17
mapping DSCP or CoS values 36-74
scheduling, described 36-4
setting WTD thresholds 36-72
WTD, described 36-18
enabling globally 36-35
flowcharts
classification 36-6
egress queueing and scheduling 36-17
ingress queueing and scheduling 36-15
policing and marking 36-10
implicit deny 36-7
ingress queues
allocating bandwidth 36-69
allocating buffer space 36-69
buffer and bandwidth allocation, described 36-16
configuring shared weights for SRR 36-69
configuring the priority queue 36-70
described 36-4
displaying the threshold map 36-68
flowchart 36-15
mapping DSCP or CoS values 36-68
priority queue, described 36-16
scheduling, described 36-4
setting WTD thresholds 36-68
WTD, described 36-16
QoS (continued)IP phones
automatic classification and queueing 36-20
detection and trusted settings 36-20, 36-38
limiting bandwidth on egress interface 36-78
mapping tables
CoS-to-DSCP 36-61
displaying 36-79
DSCP-to-CoS 36-65
DSCP-to-DSCP-mutation 36-66
IP-precedence-to-DSCP 36-63
policed-DSCP 36-64
types of 36-12
marked-down actions 36-50, 36-56
overview 36-2
packet modification 36-19
policers
configuring