Numerics -
A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
K -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
X -
Index
Numerics
10-Gigabit Ethernet interfaces
defined 10-6
A
AAA down policy, NAC Layer 2 IP validation 1-9
abbreviating commands 2-3
access-class command 32-19
access control entries
See ACEs
access control entry (ACE) 38-2
access-denied response, VMPS 12-27
access groups
applying IPv4 ACLs to interfaces 32-20
Layer 2 32-20
Layer 3 32-20
access lists
See ACLs
access ports
and Layer 2 protocol tunneling 16-11
defined 10-3
access template 6-1
accounting
with 802.1x 8-43
with IEEE 802.1x 8-12
with RADIUS 7-33
with TACACS+ 7-11, 7-17
ACEs
and QoS 33-7
defined 32-2
Ethernet 32-2
IP 32-2
ACLs
ACEs 32-2
any keyword 32-12
applying
on routed packets 32-39
on switched packets 32-38
time ranges to 32-16
to an interface 32-19, 38-6
to IPv6 interfaces 38-6
to QoS 33-7
classifying traffic for QoS 33-43
comments in 32-18
compiling 32-22
defined 32-1, 32-7
examples of 32-22, 33-43
extended IP, configuring for QoS classification 33-44
extended IPv4
creating 32-10
matching criteria 32-7
hardware and software handling 32-21
host keyword 32-12
IP
creating 32-7
fragments and QoS guidelines 33-33
implicit deny 32-9, 32-13, 32-15
implicit masks 32-9
matching criteria 32-7
undefined 32-20
ACLs (continued)
IPv4
applying to interfaces 32-19
creating 32-7
matching criteria 32-7
named 32-14
numbers 32-8
terminal lines, setting on 32-18
unsupported features 32-6
IPv6
applying to interfaces 38-6
configuring 38-3, 38-4
displaying 38-7
interactions with other features 38-3
limitations 38-2
matching criteria 38-2
named 38-2
supported 38-2
unsupported features 38-2
Layer 4 information in 32-38
logging messages 32-8
MAC extended 32-27, 33-45
matching 32-7, 32-20, 38-2
monitoring 32-39, 38-7
named, IPv4 32-14
named, IPv6 38-2
names 38-3
number per QoS class map 33-33
port 32-2, 38-1
precedence of 32-2
QoS 33-7, 33-43
resequencing entries 32-14
router 32-2, 38-1
router ACLs and VLAN map configuration guidelines 32-37
standard IP, configuring for QoS classification 33-43
ACLs (continued)
standard IPv4
creating 32-9
matching criteria 32-7
support for 1-8
support in hardware 32-21
time ranges 32-16
types supported 32-2
unsupported features, IPv4 32-6
unsupported features, IPv6 38-2
using router ACLs with VLAN maps 32-37
VLAN maps
configuration guidelines 32-30
configuring 32-29
active links 20-2
active router 39-1
active traffic monitoring, IP SLAs 40-1
address aliasing 23-2
addresses
displaying the MAC address table 5-30
dynamic
accelerated aging 17-8
changing the aging time 5-21
default aging 17-8
defined 5-19
learning 5-20
removing 5-22
IPv6 36-2
MAC, discovering 5-30
static
adding and removing 5-26
defined 5-19
address resolution 5-30, 35-7
Address Resolution Protocol
See ARP
adjacency tables, with CEF 35-28
administrative distances
defined 35-35
routing protocol defaults 35-30
advertisements
CDP 25-1
LLDP 26-1, 26-2
RIP 35-17
VTP 12-18, 13-3, 13-4
aggregatable global unicast addresses 36-3
aggregated ports
See EtherChannel
aggregate policers 33-58
aggregate policing 1-10
aging, accelerating 17-8
aging time
accelerated
for MSTP 18-23
for STP 17-8, 17-21
MAC address table 5-21
maximum
for MSTP 18-23, 18-24
for STP 17-21, 17-22
alarms, RMON 29-3
allowed-VLAN list 12-20
ARP
configuring 35-8
defined 1-4, 5-30, 35-7
encapsulation 35-9
static cache configuration 35-8
table
address resolution 5-30
managing 5-30
asymmetrical links, and IEEE 802.1Q tunneling 16-4
attributes, RADIUS
vendor-proprietary 7-36
vendor-specific 7-34
attribute-value pairs 8-16
audience xxxvii
authentication
HSRP 39-10
local mode with AAA 7-42
authentication (continued)
NTP associations 5-4
open1x 8-25
RADIUS
key 7-26
login 7-28
TACACS+
defined 7-11
key 7-13
login 7-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 8-8
authentication failed VLAN
See restricted VLAN
authentication keys, and routing protocols 35-36
authentication manager
CLI commands 8-8
overview 8-7
authoritative time source, described 5-2
authorization
with RADIUS 7-32
with TACACS+ 7-11, 7-16
authorized ports with IEEE 802.1x 8-9
autoconfiguration 3-3
auto enablement 8-27
automatic QoS
See QoS
auto-MDIX
configuring 10-19
described 10-19
autonegotiation
duplex mode 1-2
interface configuration guidelines 10-16
mismatches 41-8
autosensing, port speed 1-2
autostate exclude 10-5
auxiliary VLAN
See voice VLAN
availability, features 1-5
B
BackboneFast
described 19-5
disabling 19-14
enabling 19-14
support for 1-6
backup interfaces
See Flex Links
backup links 20-2
banners
configuring
login 5-19
message-of-the-day login 5-18
default configuration 5-17
when displayed 5-17
Berkeley r-tools replacement 7-54
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 21-6
DHCP snooping database 21-6
IP source guard 21-15
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 24-8
Boolean expressions in tracked lists 39-15
booting
boot loader, function of 3-2
boot process 3-1
manually 3-19
specific image 3-19
boot loader
accessing 3-20
described 3-2
environment variables 3-20
prompt 3-20
trap-door mechanism 3-2
BPDU
error-disabled state 19-2
filtering 19-3
RSTP format 18-12
BPDU filtering
described 19-3
disabling 19-12
enabling 19-12
support for 1-6
BPDU guard
described 19-2
disabling 19-12
enabling 19-11
support for 1-6
bridge protocol data unit
See BPDU
broadcast flooding 35-15
broadcast packets
directed 35-12
flooded 35-12
broadcast storm-control command 24-4
broadcast storms 24-1, 35-12
C
cables, monitoring for unidirectional links 27-1
Catalyst 6000 switches
authentication compatibility 8-8
CA trustpoint
configuring 7-51
defined 7-49
caution, described xxxviii
CDP
and trusted boundary 33-39
configuring 25-2
default configuration 25-2
defined with LLDP 26-1
described 25-1
disabling for routing device25-3to 25-4
enabling and disabling
on an interface 25-4
on a switch 25-3
Layer 2 protocol tunneling 16-8
monitoring 25-5
overview 25-1
support for 1-4
transmission timer and holdtime, setting 25-2
updates 25-2
CEF
defined 35-28
enabling 35-29
CGMP
as IGMP snooping learning method 23-9
joining multicast group 23-3
switch support of 1-2
CipherSuites 7-50
Cisco 7960 IP Phone 14-1
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco IOS Configuration Engine
management functions 1-4
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
See IFS
Cisco IOS IP SLAs 40-1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 8-16
attribute-value pairs for redirect URL 8-16
Cisco Secure ACS configuration guide 8-56
CiscoWorks 2000 1-3, 31-4
CISP 8-27
CIST regional root
See MSTP
CIST root
See MSTP
civic location 26-3
classless routing 35-6
class maps for QoS
configuring 33-46
described 33-7
displaying 33-78
class of service
See CoS
clearing interfaces 10-26
CLI
abbreviating commands 2-3
command modes 2-1
configuration logging 2-5
described 1-3
editing features
enabling and disabling 2-6
keystroke editing 2-7
wrapped lines 2-9
error messages 2-4
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client mode, VTP 13-3
client processes, tracking 39-12
clock
See system clock
clusters, switch
benefits 1-2
CNS
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-8
CoA Request Commands 7-23
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-3
no and default 2-4
commands, setting privilege levels 7-8
community ports 15-2
community strings
configuring 31-8
overview 31-4
community VLANs 15-2, 15-3
compatibility, feature 24-12
config.text 3-18
configurable leave timer, IGMP 23-6
configuration, initial
defaults 1-12
Express Setup 1-2
See also getting started guide and hardware installation guide
configuration changes, logging 30-10
configuration files
archiving B-20
clearing the startup configuration B-20
creating using a text editor B-11
default name 3-18
deleting a stored configuration B-20
described B-9
downloading
automatically 3-18
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
guidelines for creating and using B-10
guidelines for replacing and rolling back B-22
invalid combinations when copying B-5
limiting TFTP server access 31-16
obtaining with DHCP 3-8
password recovery disable considerations 7-5
replacing a running configuration B-20, B-21
rolling back a running configuration B-20, B-21
specifying the filename 3-18
system contact and location information 31-16
types and location B-10
uploading
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-15
using RCP B-19
using TFTP B-13
configuration logger 30-10
configuration logging 2-5
configuration replacement B-20
configuration rollback B-20
configuration settings, saving 3-15
configure terminal command 10-9
configuring port-based authentication violation modes 8-35
configuring small-frame arrival rate 24-5
connections, secure remote 7-44
connectivity problems 41-10, 41-11, 41-13
consistency checks in VTP Version 2 13-5
console port, connecting to 2-10
control protocol, IP SLAs 40-3
conventions
command xxxvii
for examples xxxviii
publication xxxvii
text xxxvii
corrupted software, recovery steps with Xmodem 41-2
CoS
in Layer 2 frames 33-2
override priority 14-6
trust priority 14-6
CoS input queue threshold map for QoS 33-16
CoS output queue threshold map for QoS 33-19
CoS-to-DSCP map for QoS 33-60
counters, clearing interface 10-26
CPU utilization, troubleshooting 41-20
crashinfo file 41-19
critical authentication, IEEE 802.1x 8-47
critical VLAN 8-19
cross-stack EtherChannel
configuring
on Layer 2 interfaces 34-10
on Layer 3 physical interfaces 34-14
cryptographic software image
Kerberos 7-38
SSH 7-43
SSL 7-48
customizeable web pages, web-based authentication 9-6
D
DACL
See downloadable ACL
daylight saving time 5-13
debugging
enabling all system diagnostics 41-16
enabling for a specific feature 41-16
redirecting error message output 41-17
using commands 41-15
default commands 2-4
default configuration
802.1x 8-29
auto-QoS 33-21
banners 5-17
booting 3-18
CDP 25-2
DHCP 21-8
DHCP option 82 21-8
DHCP snooping 21-8
DHCP snooping binding database 21-8
DNS 5-16
dynamic ARP inspection 22-5
EtherChannel 34-9
Ethernet interfaces 10-13
Flex Links 20-5
HSRP 39-5
IEEE 802.1Q tunneling 16-4
IGMP filtering 23-25
IGMP snooping 23-7, 37-5, 37-6
IGMP throttling 23-25
initial switch information 3-3
IP addressing, IP routing 35-4
IP SLAs 40-5
IP source guard 21-17
IPv6 36-7
Layer 2 interfaces 10-13
Layer 2 protocol tunneling 16-11
LLDP 26-4
MAC address table 5-21
MAC address-table move update 20-5
MSTP 18-14
MVR 23-20
NTP 5-4
default configuration (continued)
optional spanning-tree configuration 19-9
password and privilege level 7-3
private VLANs 15-6
RADIUS 7-25
RIP 35-18
RMON 29-3
RSPAN 28-10
SDM template 6-4
SNMP 31-6
SPAN 28-10
SSL 7-51
standard QoS 33-31
STP 17-11
system message logging 30-3
system name and prompt 5-15
TACACS+ 7-13
UDLD 27-4
VLAN, Layer 2 Ethernet interfaces 12-18
VLANs 12-7
VMPS 12-28
voice VLAN 14-3
VTP 13-8
default gateway 3-14, 35-10
default networks 35-31
default router preference
See DRP
default routes 35-31
default routing 35-2
default web-based authentication configuration
802.1X 9-9
deleting VLANs 12-9
denial-of-service attack 24-1
description command 10-20
destination addresses
in IPv6 ACLs 38-4
destination addresses, in IPv4 ACLs 32-11
destination-IP address-based forwarding, EtherChannel 34-7
destination-MAC address forwarding, EtherChannel 34-7
detecting indirect link failures, STP 19-5
device B-24
device discovery protocol 25-1, 26-1
device manager
benefits 1-2
described 1-2, 1-3
in-band management 1-5
requirements xxxviii
upgrading a switch B-24
DHCP
Cisco IOS server database
configuring 21-13
default configuration 21-8
described 21-6
enabling
relay agent 21-10
server 21-10
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-7
relay device 3-8
server side 3-6
server-side 21-10
TFTP server 3-7
example 3-9
lease options
for IP address information 3-6
for receiving the configuration file 3-6
overview 3-3
relationship to BOOTP 3-3
relay support 1-4, 1-11
support for 1-4
DHCP-based autoconfiguration and image update
configuring3-11to 3-13
understanding 3-5
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 21-5
configuration guidelines 21-8
default configuration 21-8
displaying 21-15
forwarding address, specifying 21-10
helper address 21-10
overview 21-3
packet format, suboption
circuit ID 21-5
remote ID 21-5
remote ID suboption 21-5
DHCP server 3-3
DHCP server port-based address allocation
configuration guidelines 21-26
default configuration 21-25
described 21-25
displaying 21-28
enabling 21-26
reserved addresses 21-26
DHCP snooping
accepting untrusted packets form edge switch 21-3, 21-12
and private VLANs 21-13
binding database
See DHCP snooping binding database
configuration guidelines 21-8
default configuration 21-8
displaying binding tables 21-15
message exchange process 21-4
option 82 data insertion 21-3
trusted interface 21-2
untrusted interface 21-2
untrusted messages 21-2
DHCP snooping binding database
adding bindings 21-14
binding entries, displaying 21-15
binding file
format 21-7
location 21-6
bindings 21-6
clearing agent statistics 21-14
configuration guidelines 21-9
configuring 21-14
default configuration 21-8
deleting
binding file 21-14
bindings 21-14
database agent 21-14
described 21-6
displaying 21-15
binding entries 21-15
status and statistics 21-15
enabling 21-14
entry 21-6
renewing database 21-14
resetting
delay value 21-14
timeout value 21-14
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 33-2
Differentiated Services Code Point 33-2
directed unicast requests 1-4
directories
changing B-3
creating and removing B-4
displaying the working B-3
distance-vector protocols 35-2
distribute-list command 35-35
DNS
and DHCP-based autoconfiguration 3-7
default configuration 5-16
displaying the configuration 5-17
in IPv6 36-3
overview 5-15
setting up 5-16
support for 1-4
documentation, related xxxviii
document conventions xxxvii
domain names
DNS 5-15
VTP 13-9
Domain Name System
See DNS
dot1q-tunnel switchport mode 12-16
double-tagged packets
IEEE 802.1Q tunneling 16-2
Layer 2 protocol tunneling 16-10
downloadable ACL 8-16, 8-17, 8-56
downloading
configuration files
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
image files
deleting old image B-28
preparing B-26, B-30, B-34
reasons for B-24
using FTP B-31
using HTTP B-24
using RCP B-35
using TFTP B-27
using the device manager or Network Assistant B-24
drop threshold for Layer 2 protocol packets 16-11
DRP
configuring 36-9
described 36-4
IPv6 36-4
DSCP 1-10, 33-2
DSCP input queue threshold map for QoS 33-16
DSCP output queue threshold map for QoS 33-19
DSCP-to-CoS map for QoS 33-63
DSCP-to-DSCP-mutation map for QoS 33-64
DSCP transparency 33-40
DTP 1-6, 12-16
dual-action detection 34-5
dual IPv4 and IPv6 templates 6-2, 36-5
dual protocol stacks
IPv4 and IPv6 36-5
SDM templates supporting 36-5
dual-purpose uplinks
defined 10-6
setting the type 10-14
dynamic access ports
characteristics 12-3
configuring 12-29
defined 10-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 22-1
ARP requests, described 22-1
ARP spoofing attack 22-1
clearing
log buffer 22-15
statistics 22-15
configuration guidelines 22-6
configuring
ACLs for non-DHCP environments 22-8
in DHCP environments 22-7
log buffer 22-13
rate limit for incoming ARP packets 22-4, 22-10
dynamic ARP inspection (continued)
default configuration 22-5
denial-of-service attacks, preventing 22-10
described 22-1
DHCP snooping binding database 22-2
displaying
ARP ACLs 22-14
configuration and operating state 22-14
log buffer 22-15
statistics 22-15
trust state and rate limit 22-14
error-disabled state for exceeding rate limit 22-4
function of 22-2
interface trust states 22-3
log buffer
clearing 22-15
configuring 22-13
displaying 22-15
logging of dropped packets, described 22-4
man-in-the middle attack, described 22-2
network security issues and interface trust states 22-3
priority of ARP ACLs and DHCP snooping entries 22-4
rate limiting of ARP packets
configuring 22-10
described 22-4
error-disabled state 22-4
statistics
clearing 22-15
displaying 22-15
validation checks, performing 22-12
dynamic auto trunking mode 12-16
dynamic desirable trunking mode 12-16
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 12-27
reconfirming 12-30
dynamic port VLAN membership (continued)
troubleshooting 12-31
types of connections 12-29
dynamic routing 35-2
Dynamic Trunking Protocol
See DTP
E
editing features
enabling and disabling 2-6
keystrokes used 2-7
wrapped lines 2-9
EIGRP stub routing 35-26
EKEY error-disabled state 10-3
ELIN location 26-3
enable password 7-4
enable secret password 7-4
encryption, CipherSuite 7-50
encryption for passwords 7-4
Enhanced IGRP
See EIGRP
enhanced object tracking
commands 39-12
defined 39-12
HSRP 39-18
IP routing state 39-13
line-protocol state 39-13
tracked lists 39-14
environment variables, function of 3-21
equal-cost routing 1-11, 35-29
error-disabled state
BPDU 19-2
EKEY 10-3
error messages during command entry 2-4
EtherChannel
automatic creation of 34-4, 34-5
channel groups
binding physical and logical interfaces 34-3
numbering of 34-3
configuration guidelines 34-9
configuring
Layer 2 interfaces 34-10
Layer 3 physical interfaces 34-14
Layer 3 port-channel logical interfaces 34-13
default configuration 34-9
described 34-2
displaying status 34-21
forwarding methods 34-7, 34-16
IEEE 802.3ad, described 34-5
interaction
with STP 34-10
with VLANs 34-10
LACP
described 34-5
displaying status 34-21
hot-standby ports 34-18
interaction with other features 34-6
modes 34-6
port priority 34-20
system priority 34-19
Layer 3 interface 35-3
load balancing 34-7, 34-16
logical interfaces, described 34-3
PAgP
aggregate-port learners 34-17
compatibility with Catalyst 1900 34-17
described 34-4
displaying status 34-21
interaction with other features 34-5
interaction with virtual switches 34-5
learn method and priority configuration 34-17
EtherChannel (continued)
PAgP (continued)
modes 34-4
support for 1-2
with dual-action detection 34-5
port-channel interfaces
described 34-3
numbering of 34-3
port groups 10-6
support for 1-2
EtherChannel guard
described 19-7
disabling 19-14
enabling 19-14
Ethernet VLANs
adding 12-8
defaults and ranges 12-8
modifying 12-8
EUI 36-3
events, RMON 29-3
examples
conventions for xxxviii
expedite queue for QoS 33-77
Express Setup 1-2
See also getting started guide
extended crashinfo file 41-19
extended-range VLANs
configuration guidelines 12-11
configuring 12-11
creating 12-12
creating with an internal VLAN ID 12-13
defined 12-1
extended system ID
MSTP 18-17
STP 17-4, 17-14
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 8-1
F
fa0 interface 1-4, 1-5
Fast Ethernet 0
See fa0 interface
features, incompatible 24-12
FIB 35-28
fiber-optic, detecting unidirectional links 27-1
files
basic crashinfo
description 41-19
location 41-19
copying B-4
crashinfo
description 41-19
deleting B-5
displaying the contents of B-8
extended crashinfo
description 41-20
location 41-20
tar
creating B-6
displaying the contents of B-6
extracting B-8
image file format B-25
file system
displaying file information B-3
local file system names B-1
network file system names B-4
setting the default B-3
filtering
in a VLAN 32-29
IPv6 traffic 38-3, 38-6
non-IP traffic 32-27
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
See ACLs, IP
flash device, number of B-1
flexible authentication ordering
configuring 8-59
overview 8-25
Flex Links
configuration guidelines 20-5
configuring 20-6
configuring preferred VLAN 20-8
configuring VLAN load balancing 20-7
default configuration 20-5
description 20-1
link load balancing 20-2
monitoring 20-11
VLANs 20-2
flooded traffic, blocking 24-8
flow-based packet classification 1-10
flowcharts
QoS classification 33-6
QoS egress queueing and scheduling 33-17
QoS ingress queueing and scheduling 33-15
QoS policing and marking 33-10
flowcontrol
configuring 10-18
described 10-18
forward-delay time
MSTP 18-23
STP 17-21
Forwarding Information Base
See FIB
FTP
accessing MIB files A-3
configuration files
downloading B-14
overview B-13
preparing the server B-14
uploading B-15
FTP (continued)
image files
deleting old image B-33
downloading B-31
preparing the server B-30
uploading B-33
G
get-bulk-request operation 31-3
get-next-request operation 31-3, 31-4
get-request operation 31-3, 31-4
get-response operation 31-3
global configuration mode 2-2
global leave, IGMP 23-13
guest VLAN and 802.1x 8-17
guide
audience xxxvii
purpose of xxxvii
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces 10-21
hello time
MSTP 18-22
STP 17-20
help, for the command line 2-3
hierarchical policy maps 33-8
configuration guidelines 33-33
configuring 33-52
described 33-11
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 30-10
host ports
configuring 15-12
kinds of 15-2
hosts, limit on dynamic ports 12-31
Hot Standby Router Protocol
See HSRP
HP Onboard Administrator
DHCP server 3-3
error-disabled state 10-3
internal connection to 1-4
HP OpenView 1-3
HSRP
authentication string 39-10
command-switch redundancy 1-1, 1-5
configuring 39-5
default configuration 39-5
definition 39-1
guidelines 39-5
monitoring 39-12
object tracking 39-18
overview 39-1
priority 39-7
routing redundancy 1-11
support for ICMP redirect messages 39-11
timers 39-10
tracking 39-8
HTTP(S) Over IPv6 36-6
HTTP over SSL
see HTTPS
HTTPS 7-48
configuring 7-52
self-signed certificate 7-49
HTTP secure server 7-48
I
ICMP
IPv6 36-3
redirect messages 35-10
support for 1-11
time-exceeded messages 41-13
traceroute and 41-13
unreachable messages 32-19
unreachable messages and IPv6 38-3
unreachables and ACLs 32-21
ICMP ping
executing 41-10
overview 41-10
ICMP Router Discovery Protocol
See IRDP
ICMPv6 36-3
IDS appliances
and ingress RSPAN 28-20
and ingress SPAN 28-13
IEEE 802.1D
See STP
IEEE 802.1p 14-1
IEEE 802.1Q
and trunk ports 10-3
configuration limitations 12-17
encapsulation 12-15
native VLAN for untagged traffic 12-22
tunneling
compatibility with other features 16-6
defaults 16-4
described 16-1
tunnel ports with other features 16-6
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3x flow control 10-18
ifIndex values, SNMP 31-5
IFS 1-5
IGMP
configurable leave timer
described 23-6
enabling 23-11
flooded multicast traffic
controlling the length of time 23-12
disabling on an interface 23-14
global leave 23-13
query solicitation 23-13
recovering from flood mode 23-13
joining multicast group 23-3
join messages 23-3
leave processing, enabling 23-11, 37-9
leaving multicast group 23-5
queries 23-4
report suppression
described 23-6
disabling 23-16, 37-11
supported versions 23-3
support for 1-2
IGMP filtering
configuring 23-25
default configuration 23-25
described 23-24
monitoring 23-29
support for 1-3
IGMP groups
configuring filtering 23-28
setting the maximum number 23-27
IGMP helper 1-3
IGMP Immediate Leave
configuration guidelines 23-11
described 23-6
enabling 23-11
IGMP profile
applying 23-27
configuration mode 23-25
configuring 23-26
IGMP snooping
and address aliasing 23-2
configuring 23-7
default configuration 23-7, 37-5, 37-6
definition 23-2
enabling and disabling 23-8, 37-6
global configuration 23-8
Immediate Leave 23-6
method 23-8
monitoring 23-16, 37-12
querier
configuration guidelines 23-14
configuring 23-14
supported versions 23-3
support for 1-2
VLAN configuration 23-8
IGMP throttling
configuring 23-28
default configuration 23-25
described 23-25
displaying action 23-29
Immediate Leave, IGMP 23-6
enabling 37-9
inaccessible authentication bypass 8-19
support for multiauth ports 8-19
initial configuration
defaults 1-12
Express Setup 1-2
See also getting started guide and hardware installation guide
interface
number 10-8
interface command10-8to 10-9
interface configuration mode 2-2
interface range macros 10-11
interfaces
auto-MDIX, configuring 10-19
configuration guidelines
duplex and speed 10-16
configuring
procedure 10-9
counters, clearing 10-26
default configuration 10-13
described 10-20
descriptive name, adding 10-20
displaying information about 10-25
flow control 10-18
management 1-3
monitoring 10-25
naming 10-20
physical, identifying 10-8
range of 10-10
restarting 10-26
shutting down 10-26
speed and duplex, configuring 10-17
status 10-25
supported 10-8
types of 10-1
interfaces range macro command 10-11
interface types 10-8
Internet Control Message Protocol
See ICMP
Internet Protocol version 6
See IPv6
Inter-Switch Link
See ISL
inter-VLAN routing 1-11, 35-2
Intrusion Detection System
See IDS appliances
inventory management TLV 26-3, 26-7
IP ACLs
for QoS classification 33-7
implicit deny 32-9, 32-13
implicit masks 32-9
named 32-14
undefined 32-20
IP addresses
128-bit 36-2
classes of 35-5
default configuration 35-4
discovering 5-30
for IP routing 35-3
IPv6 36-2
MAC address association 35-7
monitoring 35-16
IP base image 1-1
IP broadcast address 35-14
ip cef distributed command 35-28
IP directed broadcasts 35-12
ip igmp profile command 23-25
IP information
assigned
manually 3-14
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing and IGMP snooping 23-2
IP phones
and QoS 14-1
automatic classification and queueing 33-20
configuring 14-4
ensuring port security with QoS 33-38
trusted boundary for QoS 33-38
IP Port Security for Static Hosts
on a Layer 2 access port 21-19
on a PVLAN host port 21-23
IP precedence 33-2
IP-precedence-to-DSCP map for QoS 33-61
IP protocols
in ACLs 32-11
routing 1-11
IP routes, monitoring 35-37
IP routing
connecting interfaces with 10-7
disabling 35-17
enabling 35-17
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 40-1
IP SLAs
benefits 40-2
configuration guidelines 40-5
Control Protocol 40-3
default configuration 40-5
definition 40-1
measuring network performance 40-2
monitoring 40-7
operation 40-3
responder
described 40-3
enabling 40-6
response time 40-4
SNMP support 40-2
supported metrics 40-2
IP source guard
and 802.1x 21-18
and DHCP snooping 21-15
and EtherChannels 21-18
and port security 21-18
and private VLANs 21-18
and routed ports 21-17
and TCAM entries 21-18
and trunk interfaces 21-18
and VRF 21-18
binding configuration
automatic 21-15
manual 21-15
IP source guard (continued)
binding table 21-15
configuration guidelines 21-17
default configuration 21-17
described 21-15
disabling 21-19
displaying
bindings 21-25
configuration 21-25
enabling 21-18, 21-19
filtering
source IP address 21-16
source IP and MAC address 21-16
source IP address filtering 21-16
source IP and MAC address filtering 21-16
static bindings
adding 21-18, 21-19
deleting 21-19
static hosts 21-19
IP traceroute
executing 41-14
overview 41-13
IP unicast routing
address resolution 35-7
administrative distances 35-30, 35-35
ARP 35-7
assigning IP addresses to Layer 3 interfaces 35-5
authentication keys 35-36
broadcast
address 35-14
flooding 35-15
packets 35-12
storms 35-12
classless routing 35-6
configuring static routes 35-30
IP unicast routing (continued)
default
addressing configuration 35-4
gateways 35-10
networks 35-31
routes 35-31
routing 35-2
directed broadcasts 35-12
disabling 35-17
dynamic routing 35-2
enabling 35-17
EtherChannel Layer 3 interface 35-3
inter-VLAN 35-2
IP addressing
classes 35-5
configuring 35-3
IRDP 35-11
Layer 3 interfaces 35-3
MAC address and IP address 35-7
passive interfaces 35-34
protocols, distance-vector 35-2
proxy ARP 35-7
redistribution 35-32
reverse address resolution 35-7
routed ports 35-3
static routing 35-2
steps to configure 35-3
subnet mask 35-5
subnet zero 35-5
supernet 35-6
UDP 35-14
with SVIs 35-3
See also EIGRP
See also RIP
IPv4 ACLs
applying to interfaces 32-19
extended, creating 32-10
named 32-14
standard, creating 32-9
IPv6
ACLs
displaying 38-7
limitations 38-2
matching criteria 38-2
port 38-1
router 38-1
supported 38-2
addresses 36-2
address formats 36-2
applications 36-4
assigning address 36-7
autoconfiguration 36-4
default configuration 36-7
default router preference (DRP) 36-4
defined 36-1
forwarding 36-7
ICMP 36-3
monitoring 36-12
neighbor discovery 36-3
SDM templates 6-2, 37-1, 37-6, 38-1
Stateless Autoconfiguration 36-4
supported features 36-2
understanding static routes 36-5
IPv6 traffic, filtering 38-3
IRDP
configuring 35-11
definition 35-11
support for 1-11
ISL
and trunk ports 10-3
encapsulation 1-6, 12-15
trunking with IEEE 802.1 tunneling 16-5
isolated port 15-2
isolated VLANs 15-2, 15-3
J
join messages, IGMP 23-3
K
KDC
described 7-39
See also Kerberos
Kerberos
authenticating to
boundary switch 7-41
KDC 7-41
network services 7-41
configuration examples 7-38
configuring 7-42
credentials 7-39
cryptographic software image 7-38
described 7-39
KDC 7-39
operation 7-41
realm 7-40
server 7-40
support for 1-9
switch as trusted third party 7-39
terms 7-39
TGT 7-40
tickets 7-39
key distribution center
See KDC
L
l2protocol-tunnel command 16-13
LACP
Layer 2 protocol tunneling 16-9
See EtherChannel
Layer 2 frames, classification with CoS 33-2
Layer 2 interfaces, default configuration 10-13
Layer 2 protocol tunneling
configuring 16-10
configuring for EtherChannels 16-14
default configuration 16-11
defined 16-8
guidelines 16-12
Layer 2 traceroute
and ARP 41-12
and CDP 41-12
broadcast traffic 41-11
described 41-11
IP addresses and subnets 41-12
MAC addresses and VLANs 41-12
multicast traffic 41-12
multiple devices on a port 41-12
unicast traffic 41-11
usage guidelines 41-12
Layer 2 trunk failover
described 34-21
Layer 3 features 1-11
Layer 3 interfaces
assigning IP addresses to 35-5
assigning IPv6 addresses to 36-8
changing from Layer 2 mode 35-5
types of 35-3
Layer 3 packets, classification methods 33-2
LDAP 4-2
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-2
Link Aggregation Control Protocol
See EtherChannel
Link Failure
detecting unidirectional 18-8
Link Layer Discovery Protocol
See CDP
link local unicast addresses 36-3
link redundancy
See Flex Links
links, unidirectional 27-1
LLDP
configuring 26-4
characteristics 26-6
default configuration 26-4
enabling 26-5
monitoring and maintaining 26-10
overview 26-1
supported TLVs 26-2
switch stack considerations 26-2
transmission timer and holdtime, setting 26-6
LLDP-MED
configuring
procedures 26-4
TLVs 26-6
monitoring and maintaining 26-10
overview 26-1, 26-2
supported TLVs 26-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing 39-4
local SPAN 28-2
location TLV 26-3, 26-7
logging messages, ACL 32-8
login authentication
with RADIUS 7-28
with TACACS+ 7-14
login banners 5-17
log messages
See system message logging
loop guard
described 19-9
enabling 19-15
support for 1-6
M
MAB aging timer 1-7
MAB inactivity timer
default setting 8-29
range 8-32
MAC/PHY configuration status TLV 26-2
MAC addresses
aging time 5-21
and VLAN association 5-20
building the address table 5-20
default configuration 5-21
disabling learning on a VLAN 5-29
discovering 5-30
displaying 5-30
displaying in the IP source binding table 21-25
dynamic
learning 5-20
removing 5-22
in ACLs 32-27
IP address association 35-7
static
adding 5-27
allowing 5-28, 5-29
characteristics of 5-26
dropping 5-28
removing 5-27
MAC address learning 1-4
MAC address learning, disabling on a VLAN 5-29
MAC address notification, support for 1-11
MAC address-table move update
configuration guidelines 20-5
configuring 20-9
default configuration 20-5
description 20-3
monitoring 20-11
MAC address-to-VLAN mapping 12-26
MAC authentication bypass 8-13
See MAB
MAC extended access lists
applying to Layer 2 interfaces 32-28
configuring for QoS 33-45
creating 32-27
defined 32-27
for QoS classification 33-5
macros
See Smartports macros
magic packet 8-23
manageability features 1-4
management access
in-band
browser session 1-5
CLI session 1-5
device manager 1-5
SNMP 1-5
out-of-band console port connection 1-5
management address TLV 26-2
management options
CLI 2-1
CNS 4-1
overview 1-3
mapping tables for QoS
configuring
CoS-to-DSCP 33-60
DSCP 33-60
DSCP-to-CoS 33-63
DSCP-to-DSCP-mutation 33-64
IP-precedence-to-DSCP 33-61
policed-DSCP 33-62
described 33-12
marking
action in policy map 33-48
action with aggregate policers 33-58
described 33-4, 33-8
matching
IPv6 ACLs 38-2
matching, IPv4 ACLs 32-7
maximum aging time
MSTP 18-23
STP 17-21
maximum hop count, MSTP 18-24
maximum number of allowed devices, port-based authentication 8-32
maximum-paths command 35-29
membership mode, VLAN port 12-3
messages
to users through banners 5-17
messages, to users through banners 5-17
metric translations, between routing protocols 35-34
metro tags 16-2
MHSRP 39-4
MIBs
accessing files with FTP A-3
location of files A-3
overview 31-1
SNMP interaction with 31-4
supported A-1
mirroring traffic for analysis 28-1
mismatches, autonegotiation 41-8
module number 10-8
monitoring
access groups 32-39
cables for unidirectional links 27-1
CDP 25-5
CEF 35-29
features 1-11
Flex Links 20-11
HSRP 39-12
IEEE 802.1Q tunneling 16-18
IGMP
filters 23-29
snooping 23-16, 37-12
interfaces 10-25
monitoring (continued)
IP
address tables 35-16
routes 35-37
IP SLAs operations 40-7
IPv4 ACL configuration 32-39
IPv6 36-12
IPv6 ACL configuration 38-7
Layer 2 protocol tunneling 16-18
MAC address-table move update 20-11
multicast router interfaces 23-17, 37-12
MVR 23-24
network traffic for analysis with probe 28-2
object tracking 39-19
port
blocking 24-21
protection 24-21
private VLANs 15-15
SFP status 10-25, 41-9
speed and duplex mode 10-17
traffic flowing among switches 29-1
traffic suppression 24-21
tunneling 16-18
VLAN
filters 32-40
maps 32-40
VLANs 12-14
VMPS 12-31
VTP 13-17
MSTP
boundary ports
configuration guidelines 18-15
described 18-6
BPDU filtering
described 19-3
enabling 19-12
BPDU guard
described 19-2
enabling 19-11
MSTP (continued)
CIST, described 18-3
CIST regional root 18-3
CIST root 18-5
configuration guidelines 18-15, 19-10
configuring
forward-delay time 18-23
hello time 18-22
link type for rapid convergence 18-24
maximum aging time 18-23
maximum hop count 18-24
MST region 18-16
neighbor type 18-25
path cost 18-20
port priority 18-19
root switch 18-17
secondary root switch 18-18
switch priority 18-21
CST
defined 18-3
operations between regions 18-4
default configuration 18-14
default optional feature configuration 19-9
displaying status 18-26
enabling the mode 18-16
EtherChannel guard
described 19-7
enabling 19-14
extended system ID
effects on root switch 18-17
effects on secondary root switch 18-18
unexpected behavior 18-17
IEEE 802.1s
implementation 18-6
port role naming change 18-7
terminology 18-5
instances supported 17-9
interface state, blocking to forwarding 19-2
MSTP (continued)
interoperability and compatibility among modes 17-10
interoperability with IEEE 802.1D
described 18-8
restarting migration process 18-25
IST
defined 18-3
master 18-3
operations within a region 18-3
loop guard
described 19-9
enabling 19-15
mapping VLANs to MST instance 18-16
MST region
CIST 18-3
configuring 18-16
described 18-2
hop-count mechanism 18-5
IST 18-3
supported spanning-tree instances 18-2
optional features supported 1-6
overview 18-2
Port Fast
described 19-2
enabling 19-10
preventing root switch selection 19-8
root guard
described 19-8
enabling 19-15
root switch
configuring 18-17
effects of extended system ID 18-17
unexpected behavior 18-17
shutdown Port Fast-enabled port 19-2
status, displaying 18-26
multiauth
support for inaccessible authentication bypass 8-19
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 23-6
joining 23-3
leaving 23-5
static joins 23-10, 37-8
multicast packets
blocking 24-8
multicast packets, blocking 24-8
multicast router interfaces, monitoring 23-17, 37-12
multicast router ports, adding 23-9, 37-8
multicast storm 24-1
multicast storm-control command 24-4
multicast television application 23-18
multicast VLAN 23-17
Multicast VLAN Registration
See MVR
multiple authentication 8-11
Multiple HSRP
See MHSRP
MVR
and address aliasing 23-21
and IGMPv3 23-21
configuration guidelines 23-20
configuring interfaces 23-22
default configuration 23-20
described 23-17
example application 23-18
modes 23-21
monitoring 23-24
multicast television application 23-18
setting global parameters 23-21
support for 1-3
N
NAC
AAA down policy 1-9
critical authentication 8-19, 8-47
IEEE 802.1x authentication using a RADIUS server 8-53
IEEE 802.1x validation using RADIUS server 8-53
inaccessible authentication bypass 1-9, 8-47
Layer 2 IEEE 802.1x validation 1-9, 8-53
Layer 2 IEEE802.1x validation 8-28
Layer 2 IP validation 1-9
named IPv4 ACLs 32-14
NameSpace Mapper
See NSM
native VLAN
and IEEE 802.1Q tunneling 16-4
configuring 12-22
default 12-22
NEAT
configuring 8-54
overview 8-26
neighbor discovery, IPv6 36-3
Network Admission Control
NAC
Network Assistant
benefits 1-2
described 1-3
network configuration examples
increasing network performance 1-14
providing network services 1-15
server aggregation and Linux server cluster 1-16
network design
performance 1-15
services 1-15
Network Edge Access Topology
See NEAT
network management
CDP 25-1
RMON 29-1
SNMP 31-1
network performance, measuring with IP SLAs 40-2
network policy TLV 26-2, 26-7
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
configuration guidelines 33-33
configuring 33-48
described 33-9
non-IP traffic filtering 32-27
nontrunking mode 12-16
normal-range VLANs 12-4
configuration guidelines 12-6
configuration modes 12-7
configuring 12-4
defined 12-1
no switchport command 10-4
note, described xxxviii
NSM 4-3
NTP
associations
authenticating 5-4
defined 5-2
enabling broadcast messages 5-6
peer 5-5
server 5-5
default configuration 5-4
displaying the configuration 5-11
overview 5-2
restricting access
creating an access group 5-8
disabling NTP services per interface 5-10
source IP address, configuring 5-10
stratum 5-2
support for 1-5
NTP (continued)
synchronizing devices 5-5
time
services 5-2
synchronizing 5-2
O
object tracking
HSRP 39-18
monitoring 39-19
off mode, VTP 13-3
online diagnostics
overview 42-1
running tests 42-3
understanding 42-1
open1x
configuring 8-59
open1x authentication
overview 8-25
optimizing system resources 6-1
options, management 1-3
out-of-profile markdown 1-10
P
packet modification, with QoS 33-20
PAgP
Layer 2 protocol tunneling 16-9
See EtherChannel
parallel paths, in routing tables 35-29
passive interfaces, configuring 35-34
passwords
default configuration 7-3
disabling recovery of 7-5
encrypting 7-4
for security 1-7
passwords (continued)
overview 7-1
recovery of 41-3
setting
enable 7-3
enable secret 7-4
Telnet 7-6
with usernames 7-7
VTP domain 13-9
path cost
MSTP 18-20
STP 17-18
percentage thresholds in tracked lists 39-17
performance, network design 1-14
performance features 1-2
persistent self-signed certificate 7-49
per-user ACLs and Filter-Ids 8-8
per-VLAN spanning-tree plus
See PVST+
physical ports 10-2
PIM
stub routing
configuration guidelines 35-24
enabling 35-24
overview 35-23
PIM-DVMRP, as snooping method 23-9
ping
character output description 41-11
executing 41-10
overview 41-10
policed-DSCP map for QoS 33-62
policers
configuring
for each matched traffic class 33-48
for more than one traffic class 33-58
described 33-4
displaying 33-78
number of 33-34
types of 33-9
policing
described 33-4
hierarchical
See hierarchical policy maps
token-bucket algorithm 33-9
policy maps for QoS
characteristics of 33-48
described 33-7
displaying 33-79
hierarchical 33-8
hierarchical on SVIs
configuration guidelines 33-33
configuring 33-52
described 33-11
nonhierarchical on physical ports
configuration guidelines 33-33
configuring 33-48
described 33-9
port ACLs
defined 32-2
types of 32-3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 8-12
authentication server
defined 8-3, 9-2
RADIUS server 8-3
client, defined 8-3, 9-2
configuration guidelines 8-30, 9-9
port-based authentication (continued)
configuring
802.1x authentication 8-35
guest VLAN 8-44
host mode 8-38
inaccessible authentication bypass 8-47
manual re-authentication of a client 8-40
periodic re-authentication 8-39
quiet period 8-41
RADIUS server 8-38, 9-13
RADIUS server parameters on the switch 8-37, 9-12
restricted VLAN 8-45
switch-to-client frame-retransmission number 8-42, 8-43
switch-to-client retransmission time 8-41
violation mode 8-23
violation modes 8-35
default configuration 8-29, 9-9
described 8-1
device roles 8-2, 9-2
displaying statistics 8-61, 9-18
downloadable ACLs and redirect URLs
configuring8-56to 8-58
overview8-16to 8-17
EAPOL-start frame 8-5
EAP-request/identity frame 8-5
EAP-response/identity frame 8-5
enabling
802.1X authentication 9-12
encapsulation 8-3
flexible authentication ordering
configuring 8-59
overview 8-25
guest VLAN
configuration guidelines 8-18, 8-19
described 8-17
port-based authentication (continued)
host mode 8-10
inaccessible authentication bypass
configuring 8-47
described 8-19
guidelines 8-31
initiation and message exchange 8-5
magic packet 8-23
maximum number of allowed devices per port 8-32
method lists 8-35
multiple authentication 8-11
multiple-hosts mode, described 8-10
per-user ACLs
AAA authorization 8-35
configuration tasks 8-15
described 8-15
RADIUS server attributes 8-15
ports
authorization state and dot1x port-control command 8-10
authorized and unauthorized 8-9
voice VLAN 8-22
port security
and voice VLAN 8-23
described 8-22
interactions 8-22
multiple-hosts mode 8-10
readiness check
configuring 8-32
described 8-13, 8-32
resetting to default values 8-61
statistics, displaying 8-61
switch
as proxy 8-3, 9-2
RADIUS client 8-3
port-based authentication (continued)
switch supplicant
configuring 8-54
overview 8-26
user distribution
guidelines 8-21
overview 8-21
VLAN assignment
AAA authorization 8-35
characteristics 8-14
configuration tasks 8-14
described 8-14
voice aware 802.1x security
configuring 8-34
described 8-26, 8-33
voice VLAN
described 8-22
PVID 8-22
VVID 8-22
wake-on-LAN, described 8-23
port-based authentication methods, supported 8-7
port blocking 1-2, 24-8
port-channel
See EtherChannel
port description TLV 26-2
Port Fast
described 19-2
enabling 19-10
mode, spanning tree 12-28
support for 1-6
port membership modes, VLAN 12-3
port priority
MSTP 18-19
STP 17-16
ports
access 10-3
blocking 24-8
dual-purpose uplink 10-6
dynamic access 12-3
IEEE 802.1Q tunnel 12-4
protected 24-6
routed 10-4
secure 24-9
static-access 12-3, 12-10
switch 10-2
trunks 12-3, 12-15
VLAN assignments 12-10
port security
aging 24-18
and private VLANs 24-20
and QoS trusted boundary 33-38
configuring 24-13
default configuration 24-11
described 24-9
displaying 24-21
enabling 24-20
on trunk ports 24-15
sticky learning 24-10
violations 24-10
with other features 24-12
port-shutdown response, VMPS 12-27
port VLAN ID TLV 26-2
power management TLV 26-2, 26-7
preemption, default configuration 20-5
preemption delay, default configuration 20-5
preferential treatment of traffic
See QoS
preventing unauthorized access 7-1
primary links 20-2
primary VLANs 15-1, 15-3
priority
HSRP 39-7
overriding CoS 14-6
trusting CoS 14-6
private VLAN edge ports
See protected ports
private VLANs
across multiple switches 15-4
and SDM template 15-4
and SVIs 15-5
benefits of 15-1
community ports 15-2
community VLANs 15-2, 15-3
configuration guidelines 15-6, 15-7, 15-8
configuration tasks 15-6
configuring 15-10
default configuration 15-6
end station access to 15-3
IP addressing 15-3
isolated port 15-2
isolated VLANs 15-2, 15-3
mapping 15-14
monitoring 15-15
ports
community 15-2
configuration guidelines 15-8
configuring host ports 15-12
configuring promiscuous ports 15-13
described 12-4
isolated 15-2
promiscuous 15-2
primary VLANs 15-1, 15-3
promiscuous ports 15-2
secondary VLANs 15-2
subdomains 15-1
traffic in 15-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 7-9
exiting 7-9
logging into 7-9
overview 7-2, 7-7
setting a command with 7-8
promiscuous ports
configuring 15-13
defined 15-2
protected ports 1-7, 24-6
Protocol-Independent Multicast Protocol
See PIM
proxy ARP
configuring 35-9
definition 35-7
with IP routing disabled 35-10
pruning, VTP
disabling
in VTP domain 13-15
on a port 12-22
enabling
in VTP domain 13-15
on a port 12-21
examples 13-7
overview 13-6
pruning-eligible list
changing 12-21
for VTP pruning 13-6
VLANs 13-15
PVST+
described 17-9
IEEE 802.1Q trunking interoperability 17-10
instances supported 17-9
Q
QoS
and MQC commands 33-1
auto-QoS
categorizing traffic 33-21
configuration and defaults display 33-30
configuration guidelines 33-25
described 33-20
disabling 33-27
displaying generated commands 33-27
displaying the initial configuration 33-30
effects on running configuration 33-25
egress queue defaults 33-21
enabling for VoIP 33-26
example configuration 33-28
ingress queue defaults 33-21
list of generated commands 33-22
basic model 33-4
classification
class maps, described 33-7
defined 33-4
DSCP transparency, described 33-40
flowchart 33-6
forwarding treatment 33-3
in frames and packets 33-3
IP ACLs, described 33-5, 33-7
MAC ACLs, described 33-5, 33-7
options for IP traffic 33-5
options for non-IP traffic 33-5
policy maps, described 33-7
trust DSCP, described 33-5
trusted CoS, described 33-5
trust IP precedence, described 33-5
class maps
configuring 33-46
displaying 33-78
QoS (continued)
configuration guidelines
auto-QoS 33-25
standard QoS 33-33
configuring
aggregate policers 33-58
auto-QoS 33-20
default port CoS value 33-38
DSCP maps 33-60
DSCP transparency 33-40
DSCP trust states bordering another domain 33-40
egress queue characteristics 33-70
ingress queue characteristics 33-66
IP extended ACLs 33-44
IP standard ACLs 33-43
MAC ACLs 33-45
policy maps, hierarchical 33-52
policy maps on physical ports 33-48
port trust states within the domain 33-36
trusted boundary 33-38
default auto configuration 33-21
default standard configuration 33-31
displaying statistics 33-78
DSCP transparency 33-40
egress queues
allocating buffer space 33-71
buffer allocation scheme, described 33-18
configuring shaped weights for SRR 33-75
configuring shared weights for SRR 33-76
described 33-4
displaying the threshold map 33-74
flowchart 33-17
mapping DSCP or CoS values 33-73
scheduling, described 33-4
setting WTD thresholds 33-71
WTD, described 33-19
QoS (continued)
enabling globally 33-35
flowcharts
classification 33-6
egress queueing and scheduling 33-17
ingress queueing and scheduling 33-15
policing and marking 33-10
implicit deny 33-7
ingress queues
allocating bandwidth 33-68
allocating buffer space 33-68
buffer and bandwidth allocation, described 33-16
configuring shared weights for SRR 33-68
configuring the priority queue 33-69
described 33-4
displaying the threshold map 33-67
flowchart 33-15
mapping DSCP or CoS values 33-67
priority queue, described 33-16
scheduling, described 33-4
setting WTD thresholds 33-67
WTD, described 33-16
IP phones
automatic classification and queueing 33-20
detection and trusted settings 33-20, 33-38
limiting bandwidth on egress interface 33-77
mapping tables
CoS-to-DSCP 33-60
displaying 33-78
DSCP-to-CoS 33-63
DSCP-to-DSCP-mutation 33-64
IP-precedence-to-DSCP 33-61
policed-DSCP 33-62
types of 33-12
marked-down actions 33-50, 33-55
marking, described 33-4, 33-8
overview 33-2
QoS (continued)
packet modification 33-20
policers
configuring 33-50, 33-55, 33-58
described 33-8
displaying 33-78
number of 33-34
types of 33-9
policies, attaching to an interface 33-8
policing
described 33-4, 33-8
token bucket algorithm 33-9
policy maps
characteristics of 33-48
displaying 33-79
hierarchical 33-8
hierarchical on SVIs 33-52
nonhierarchical on physical ports 33-48
QoS label, defined 33-4
queues
configuring egress characteristics 33-70
configuring ingress characteristics 33-66
high priority (expedite) 33-19, 33-77
location of 33-13
SRR, described 33-14
WTD, described 33-13
rewrites 33-20
support for 1-10
trust states
bordering another domain 33-40
described 33-5
trusted device 33-38
within the domain 33-36
quality of service
See QoS
queries, IGMP 23-4
query solicitation, IGMP 23-13
R
RADIUS
attributes
vendor-proprietary 7-36
vendor-specific 7-34
configuring
accounting 7-33
authentication 7-28
authorization 7-32
communication, global 7-26, 7-34
communication, per-server 7-26
multiple UDP ports 7-26
default configuration 7-25
defining AAA server groups 7-30
displaying the configuration 7-38
identifying the server 7-26
limiting the services to the user 7-32
method list, defined 7-25
operation of 7-19
overview 7-18
server load balancing 7-38
suggested network environments 7-18
support for 1-9
tracking services accessed by user 7-33
RADIUS Change of Authorization 7-19
range
macro 10-11
of interfaces 10-10
rapid convergence 18-10
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 17-9
IEEE 802.1Q trunking interoperability 17-10
instances supported 17-9
Rapid Spanning Tree Protocol
See RSTP
RARP 35-7
RCP
configuration files
downloading B-18
overview B-16
preparing the server B-17
uploading B-19
image files
deleting old image B-37
downloading B-35
preparing the server B-34
uploading B-37
readiness check
port-based authentication
configuring 8-32
described 8-13, 8-32
reconfirmation interval, VMPS, changing 12-30
reconfirming dynamic VLAN membership 12-30
recovery procedures 41-1
redirect URL 8-16, 8-56
redundancy
EtherChannel 34-2
HSRP 39-1
STP
backbone 17-8
path cost 12-25
port priority 12-23
redundant links and UplinkFast 19-13
reloading software 3-21
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 28-2
report suppression, IGMP
described 23-6
disabling 23-16, 37-11
requirements
device manager xxxviii
resequencing ACL entries 32-14
reserved addresses in DHCP pools 21-26
resetting a UDLD-shutdown interface 27-6
responder, IP SLAs
described 40-3
enabling 40-6
response time, measuring with IP SLAs 40-4
restricted VLAN
configuring 8-45
described 8-18
using with IEEE 802.1x 8-18
restricting access
NTP services 5-8
overview 7-1
passwords and privilege levels 7-2
RADIUS 7-17
TACACS+ 7-10
retry count, VMPS, changing 12-30
reverse address resolution 35-7
Reverse Address Resolution Protocol
See RARP
RFC
1058, RIP 35-17
1112, IP multicast and IGMP 23-2
1157, SNMPv1 31-2
1166, IP addresses 35-5
1305, NTP 5-2
1757, RMON 29-2
1901, SNMPv2C 31-2
1902 to 1907, SNMPv2 31-2
2236, IP multicast and IGMP 23-2
2273-2275, SNMPv3 31-2
RFC 5176 Compliance 7-20
RIP
advertisements 35-17
authentication 35-20
configuring 35-19
default configuration 35-18
described 35-17
hop counts 35-17
split horizon 35-21
summary addresses 35-21
support for 1-11
RMON
default configuration 29-3
displaying status 29-6
enabling alarms and events 29-3
groups supported 29-2
overview 29-1
statistics
collecting group Ethernet 29-5
collecting group history 29-5
support for 1-11
root guard
described 19-8
enabling 19-15
support for 1-6
root switch
MSTP 18-17
STP 17-14
routed packets, ACLs on 32-39
routed ports
configuring 35-3
defined 10-4
IP addresses on 10-21, 35-3
router ACLs
defined 32-2
types of 32-4
routing
default 35-2
dynamic 35-2
redistribution of information 35-32
static 35-2
Routing Information Protocol
See RIP
routing protocol administrative distances 35-30
RSPAN
characteristics 28-8
configuration guidelines 28-15
default configuration 28-10
defined 28-2
destination ports 28-7
displaying status 28-23
interaction with other features 28-8
monitored ports 28-6
monitoring ports 28-7
overview 1-11, 28-1
received traffic 28-5
sessions
creating 28-16
defined 28-3
limiting source traffic to specific VLANs 28-22
specifying monitored ports 28-16
with ingress traffic enabled 28-20
source ports 28-6
transmitted traffic 28-5
VLAN-based 28-6
RSTP
active topology 18-9
BPDU
format 18-12
processing 18-13
designated port, defined 18-9
designated switch, defined 18-9
RSTP (continued)
interoperability with IEEE 802.1D
described 18-8
restarting migration process 18-25
topology changes 18-13
overview 18-9
port roles
described 18-9
synchronized 18-11
proposal-agreement handshake process 18-10
rapid convergence
described 18-10
edge ports and Port Fast 18-10
point-to-point links 18-10, 18-24
root ports 18-10
root port, defined 18-9
See also MSTP
running configuration
replacing B-20, B-21
rolling back B-20, B-21
running configuration, saving 3-15
S
scheduled reloads 3-21
SCP
and SSH 7-54
configuring 7-55
SDM
described 6-1
templates
configuring 6-5
number of 6-1
SDM template 38-3
configuration guidelines 6-4
configuring 6-4
dual IPv4 and IPv6 6-2
types of 6-1
secondary VLANs 15-2
Secure Copy Protocol
See SCP
secure HTTP client
configuring 7-53
displaying 7-54
secure HTTP server
configuring 7-52
displaying 7-54
secure MAC addresses
deleting 24-17
maximum number of 24-10
types of 24-10
secure ports, configuring 24-9
secure remote connections 7-44
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 24-9
security features 1-7
sequence numbers in log messages 30-8
server mode, VTP 13-3
service-provider network, MSTP and RSTP 18-1
service-provider networks
and customer VLANs 16-2
and IEEE 802.1Q tunneling 16-1
Layer 2 protocols across 16-8
Layer 2 protocol tunneling for EtherChannels 16-9
set-request operation 31-4
severity levels, defining in system messages 30-8
SFPs
monitoring status of 10-25, 41-9
security and identification 41-9
status, displaying 41-9
shaped round robin
See SRR
show access-lists hw-summary command 32-21
show and more command output, filtering 2-10
show cdp traffic command 25-5
show configuration command 10-20
show forward command 41-17
show interfaces command 10-17, 10-20
show l2protocol command 16-13, 16-15, 16-16
show lldp traffic command 26-11
show platform forward command 41-17
show running-config command
displaying ACLs 32-19, 32-20, 32-31, 32-34
interface description in 10-20
shutdown command on interfaces 10-26
shutdown threshold for Layer 2 protocol packets 16-11
Simple Network Management Protocol
See SNMP
small-frame arrival rate, configuring 24-5
Smartports macros
applying Cisco-default macros 11-6
applying global parameter values 11-5, 11-6
applying macros 11-5
applying parameter values 11-5, 11-7
configuration guidelines 11-2
creating 11-4
default configuration 11-2
defined 11-1
displaying 11-8
tracing 11-3
SNAP 25-1
SNMP
accessing MIB variables with 31-4
agent
described 31-4
disabling 31-7
and IP SLAs 40-2
authentication level 31-10
community strings
configuring 31-8
overview 31-4
configuration examples 31-17
default configuration 31-6
SNMP (continued)
engine ID 31-7
groups 31-6, 31-9
host 31-6
ifIndex values 31-5
in-band management 1-5
informs
and trap keyword 31-11
described 31-5
differences from traps 31-5
disabling 31-15
enabling 31-15
limiting access by TFTP servers 31-16
limiting system log messages to NMS 30-10
manager functions 1-3, 31-3
MIBs
location of A-3
supported A-1
notifications 31-5
overview 31-1, 31-4
security levels 31-3
setting CPU threshold notification 31-15
status, displaying 31-18
system contact and location 31-16
trap manager, configuring 31-13
traps
described 31-3, 31-5
differences from informs 31-5
disabling 31-15
enabling 31-11
enabling MAC address notification 5-22, 5-24, 5-25
overview 31-1, 31-4
types of 31-12
users 31-6, 31-9
versions supported 31-2
SNMP and Syslog Over IPv6 36-6
SNMPv1 31-2
SNMPv2C 31-2
SNMPv3 31-2
snooping, IGMP 23-2
software images
location in flash B-25
recovery procedures 41-2
scheduling reloads 3-22
tar file format, described B-25
See also downloading and uploading
source addresses
in IPv6 ACLs 38-4
source addresses, in IPv4 ACLs 32-11
source-and-destination-IP address based forwarding, EtherChannel 34-7
source-and-destination MAC address forwarding, EtherChannel 34-7
source-IP address based forwarding, EtherChannel 34-7
source-MAC address forwarding, EtherChannel 34-7
SPAN
configuration guidelines 28-10
default configuration 28-10
destination ports 28-7
displaying status 28-23
interaction with other features 28-8
monitored ports 28-6
monitoring ports 28-7
overview 1-11, 28-1
ports, restrictions 24-12
received traffic 28-5
sessions
configuring ingress forwarding 28-14, 28-21
creating 28-11
defined 28-3
limiting source traffic to specific VLANs 28-14
removing destination (monitoring) ports 28-12
specifying monitored ports 28-11
with ingress traffic enabled 28-13
source ports 28-6
transmitted traffic 28-5
VLAN-based 28-6
spanning tree and native VLANs 12-17
Spanning Tree Protocol
See STP
SPAN traffic 28-5
split horizon, RIP 35-21
SRR
configuring
shaped weights on egress queues 33-75
shared weights on egress queues 33-76
shared weights on ingress queues 33-68
described 33-14
shaped mode 33-14
shared mode 33-14
support for 1-10, 1-11
SSH
configuring 7-45
cryptographic software image 7-43
described 1-5, 7-44
encryption methods 7-44
user authentication methods, supported 7-44
SSL
configuration guidelines 7-51
configuring a secure HTTP client 7-53
configuring a secure HTTP server 7-52
cryptographic software image 7-48
described 7-48
monitoring 7-54
standby ip command 39-6
standby links 20-2
standby router 39-1
standby timers, HSRP 39-10
startup configuration
booting
manually 3-19
specific image 3-19
clearing B-20
startup configuration (continued)
configuration file
automatically downloading 3-18
specifying the filename 3-18
default boot configuration 3-18
static access ports
assigning to VLAN 12-10
defined 10-3, 12-3
static addresses
See addresses
static IP routing 1-11
static MAC addressing 1-7
static routes
understanding 36-5
static routes, configuring 35-30
static routing 35-2
static VLAN membership 12-2
statistics
802.1X 9-18
802.1x 8-61
CDP 25-5
interface 10-25
LLDP 26-10
LLDP-MED 26-10
NMSP 26-10
QoS ingress and egress 33-78
RMON group Ethernet 29-5
RMON group history 29-5
SNMP input and output 31-18
VTP 13-17
sticky learning 24-10
storm control
configuring 24-3
described 24-1
disabling 24-5
displaying 24-21
support for 1-2
thresholds 24-1
STP
accelerating root port selection 19-4
BackboneFast
described 19-5
disabling 19-14
enabling 19-14
BPDU filtering
described 19-3
disabling 19-12
enabling 19-12
BPDU guard
described 19-2
disabling 19-12
enabling 19-11
BPDU message exchange 17-3
configuration guidelines 17-12, 19-10
configuring
forward-delay time 17-21
hello time 17-20
maximum aging time 17-21
path cost 17-18
port priority 17-16
root switch 17-14
secondary root switch 17-16
spanning-tree mode 17-13
switch priority 17-19
transmit hold-count 17-22
counters, clearing 17-22
default configuration 17-11
default optional feature configuration 19-9
designated port, defined 17-3
designated switch, defined 17-3
detecting indirect link failures 19-5
disabling 17-14
displaying status 17-22
STP (continued)
EtherChannel guard
described 19-7
disabling 19-14
enabling 19-14
extended system ID
effects on root switch 17-14
effects on the secondary root switch 17-16
overview 17-4
unexpected behavior 17-14
features supported 1-6
IEEE 802.1D and bridge ID 17-4
IEEE 802.1D and multicast addresses 17-8
IEEE 802.1t and VLAN identifier 17-4
inferior BPDU 17-3
instances supported 17-9
interface state, blocking to forwarding 19-2
interface states
blocking 17-6
disabled 17-7
forwarding 17-5, 17-6
learning 17-6
listening 17-6
overview 17-4
interoperability and compatibility among modes 17-10
Layer 2 protocol tunneling 16-8
limitations with IEEE 802.1Q trunks 17-10
load sharing
overview 12-23
using path costs 12-25
using port priorities 12-23
loop guard
described 19-9
enabling 19-15
STP (continued)
modes supported 17-9
multicast addresses, effect of 17-8
optional features supported 1-6
overview 17-2
path costs 12-25
Port Fast
described 19-2
enabling 19-10
port priorities 12-24
preventing root switch selection 19-8
protocols supported 17-9
redundant connectivity 17-8
root guard
described 19-8
enabling 19-15
root port, defined 17-3
root switch
configuring 17-14
effects of extended system ID 17-4, 17-14
election 17-3
unexpected behavior 17-14
shutdown Port Fast-enabled port 19-2
status, displaying 17-22
superior BPDU 17-3
timers, described 17-20
UplinkFast
described 19-3
enabling 19-13
stratum, NTP 5-2
stub routing
PIM 35-24
stub routing, EIGRP 35-26
subdomains, private VLAN 15-1
subnet mask 35-5
subnet zero 35-5
success response, VMPS 12-27
summer time 5-13
SunNet Manager 1-3
supernet 35-6
supported port-based authentication methods 8-7
SVI autostate exclude
configuring 10-22
defined 10-5
SVI link state 10-5
SVIs
and IP unicast routing 35-3
and router ACLs 32-4
connecting VLANs 10-7
defined 10-5
routing between VLANs 12-2
switch 36-2
switch console port 1-5
Switch Database Management
See SDM
switched packets, ACLs on 32-38
Switched Port Analyzer
See SPAN
switched ports 10-2
switchport block multicast command 24-8
switchport block unicast command 24-8
switchport command 10-13
switchport mode dot1q-tunnel command 16-6
switchport protected command 24-7
switch priority
MSTP 18-21
STP 17-19
switch software features 1-1
switch virtual interface
See SVI
syslog
See system message logging
system capabilities TLV 26-2
system clock
configuring
daylight saving time 5-13
manually 5-11
summer time 5-13
time zones 5-12
displaying the time and date 5-12
overview 5-1
See also NTP
system description TLV 26-2
system message logging
default configuration 30-3
defining error message severity levels 30-8
disabling 30-4
displaying the configuration 30-13
enabling 30-4
facility keywords, described 30-13
level keywords, described 30-9
limiting messages 30-10
message format 30-2
overview 30-1
sequence numbers, enabling and disabling 30-8
setting the display destination device 30-5
synchronizing log messages 30-6
syslog facility 1-12
time stamps, enabling and disabling 30-7
UNIX syslog servers
configuring the daemon 30-12
configuring the logging facility 30-12
facilities supported 30-13
system MTU and IEEE 802.1Q tunneling 16-5
system name
default configuration 5-15
default setting 5-15
manual configuration 5-15
See also DNS
system name TLV 26-2
system prompt, default setting 5-14, 5-15
system resources, optimizing 6-1
T
TACACS+
accounting, defined 7-11
authentication, defined 7-11
authorization, defined 7-11
configuring
accounting 7-17
authentication key 7-13
authorization 7-16
login authentication 7-14
default configuration 7-13
displaying the configuration 7-17
identifying the server 7-13
limiting the services to the user 7-16
operation of 7-12
overview 7-10
support for 1-9
tracking services accessed by user 7-17
tagged packets
IEEE 802.1Q 16-3
Layer 2 protocol 16-8
tar files
creating B-6
displaying the contents of B-6
extracting B-8
image file format B-25
TDR 1-12
Telnet
accessing management interfaces 2-10
number of connections 1-5
setting a password 7-6
templates, SDM 6-1
temporary self-signed certificate 7-49
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 7-6
TFTP
configuration files
downloading B-12
preparing the server B-11
uploading B-13
configuration files in base directory 3-7
configuring for autoconfiguration 3-7
image files
deleting B-28
downloading B-27
preparing the server B-26
uploading B-29
limiting access by servers 31-16
TFTP server 1-4
threshold, traffic level 24-2
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 32-16
time ranges in ACLs 32-16
time stamps in log messages 30-7
time zones 5-12
TLVs
defined 26-1
LLDP 26-2
LLDP-MED 26-2
Token Ring VLANs
support for 12-6
VTP support 13-4
ToS 1-10
traceroute, Layer 2
and ARP 41-12
and CDP 41-12
broadcast traffic 41-11
described 41-11
IP addresses and subnets 41-12
traceroute, Layer 2 (continued)
MAC addresses and VLANs 41-12
multicast traffic 41-12
multiple devices on a port 41-12
unicast traffic 41-11
usage guidelines 41-12
traceroute command 41-14
See also IP traceroute
tracked lists
configuring 39-14
types 39-14
tracked objects
by Boolean expression 39-15
by threshold percentage 39-17
by threshold weight 39-16
tracking interface line-protocol state 39-13
tracking IP routing state 39-13
tracking objects 39-13
tracking process 39-13
traffic
blocking flooded 24-8
fragmented 32-5
fragmented IPv6 38-2
unfragmented 32-5
traffic policing 1-10
traffic suppression 24-1
transmit hold-count
see STP
transparent mode, VTP 13-3
trap-door mechanism 3-2
traps
configuring MAC address notification 5-22, 5-24, 5-25
configuring managers 31-11
defined 31-3
enabling 5-22, 5-24, 5-25, 31-11
notification types 31-12
overview 31-1, 31-4
troubleshooting
connectivity problems 41-10, 41-11, 41-13
CPU utilization 41-20
detecting unidirectional links 27-1
displaying crash information 41-19
setting packet forwarding 41-17
SFP security and identification 41-9
show forward command 41-17
with CiscoWorks 31-4
with debug commands 41-15
with ping 41-10
with system message logging 30-1
with traceroute 41-13
trunking encapsulation 1-6
trunk ports
configuring 12-19
defined 10-3, 12-3
encapsulation 12-19, 12-24, 12-25
trunks
allowed-VLAN list 12-20
configuring 12-19, 12-24, 12-25
ISL 12-15
load sharing
setting STP path costs 12-25
using STP port priorities 12-23, 12-24
native VLAN for untagged traffic 12-22
parallel 12-25
pruning-eligible list 12-21
to non-DTP device 12-16
trusted boundary for QoS 33-38
trusted port states
between QoS domains 33-40
classification options 33-5
ensuring port security for IP phones 33-38
support for 1-10
within a QoS domain 33-36
trustpoints, CA 7-48
tunneling
defined 16-1
IEEE 802.1Q 16-1
Layer 2 protocol 16-8
tunnel ports
defined 12-4
described 10-4, 16-1
IEEE 802.1Q, configuring 16-6
incompatibilities with other features 16-6
twisted-pair Ethernet, detecting unidirectional links 27-1
type of service
See ToS
U
UDLD
configuration guidelines 27-5
default configuration 27-4
disabling
globally 27-5
on fiber-optic interfaces 27-5
per interface 27-6
echoing detection mechanism 27-3
enabling
globally 27-5
per interface 27-6
Layer 2 protocol tunneling 16-10
link-detection mechanism 27-1
neighbor database 27-3
overview 27-1
resetting an interface 27-6
status, displaying 27-7
support for 1-5
UDP, configuring 35-14
unauthorized ports with IEEE 802.1x 8-9
unicast MAC address filtering 1-4
and adding static addresses 5-28
and broadcast MAC addresses 5-27
and CPU packets 5-27
and multicast addresses 5-27
and router MAC addresses 5-27
configuration guidelines 5-27
described 5-27
unicast storm 24-1
unicast storm control command 24-4
unicast traffic, blocking 24-8
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 30-12
facilities supported 30-13
message logging configuration 30-12
unrecognized Type-Length-Value (TLV) support 13-4
upgrading information
See release notes
upgrading software images
See downloading
UplinkFast
described 19-3
disabling 19-13
enabling 19-13
support for 1-6
uploading
configuration files
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-15
using RCP B-19
using TFTP B-13
uploading (continued)
image files
preparing B-26, B-30, B-34
reasons for B-24
using FTP B-33
using RCP B-37
using TFTP B-29
User Datagram Protocol
See UDP
user EXEC mode 2-2
username-based authentication 7-7
V
version-dependent transparent mode 13-5
virtual router 39-1, 39-2
virtual switches and PAgP 34-5
vlan.dat file 12-5
VLAN 1, disabling on a trunk port 12-20
VLAN 1 minimization 12-20
VLAN ACLs
See VLAN maps
vlan-assignment response, VMPS 12-27
VLAN configuration
at bootup 12-7
saving 12-7
VLAN configuration mode 2-2
VLAN database
and startup configuration file 12-7
and VTP 13-1
VLAN configuration saved in 12-7
VLANs saved in 12-4
vlan dot1q tag native command 16-5
VLAN filtering and SPAN 28-7
vlan global configuration command 12-7
VLAN ID, discovering 5-30
VLAN link state 10-5
VLAN load balancing on flex links 20-2
configuration guidelines 20-5
VLAN management domain 13-2
VLAN Management Policy Server
See VMPS
VLAN map entries, order of 32-30
VLAN maps
applying 32-34
common uses for 32-34
configuration guidelines 32-30
configuring 32-29
creating 32-31
defined 32-2
denying access to a server example 32-36
denying and permitting packets 32-32
displaying 32-40
examples of ACLs and VLAN maps 32-32
removing 32-34
support for 1-8
wiring closet configuration example 32-35
VLAN membership
confirming 12-30
modes 12-3
VLAN Query Protocol
See VQP
VLANs
adding 12-8
adding to VLAN database 12-8
aging dynamic addresses 17-9
allowed on trunk 12-20
and spanning-tree instances 12-3, 12-6, 12-11
configuration guidelines, extended-range VLANs 12-11
configuration guidelines, normal-range VLANs 12-6
configuration options 12-7
VLANs (continued)
configuring 12-1
configuring IDs 1006 to 4094 12-11
connecting through SVIs 10-7
customer numbering in service-provider networks 16-3
default configuration 12-7
deleting 12-9
described 10-2, 12-1
displaying 12-14
extended-range 12-1, 12-11
features 1-6
illustrated 12-2
internal 12-12
limiting source traffic with RSPAN 28-22
limiting source traffic with SPAN 28-14
modifying 12-8
multicast 23-17
native, configuring 12-22
normal-range 12-1, 12-4
number supported 1-6
parameters 12-5
port membership modes 12-3
static-access ports 12-10
STP and IEEE 802.1Q trunks 17-10
supported 12-2
Token Ring 12-6
traffic between 12-2
VTP modes 13-3
VLAN Trunking Protocol
See VTP
VLAN trunks 12-15
VMPS
administering 12-31
configuration example 12-32
configuration guidelines 12-28
VMPS (continued)
default configuration 12-28
description 12-26
dynamic port membership
described 12-27
reconfirming 12-30
troubleshooting 12-31
mapping MAC addresses to VLANs 12-26
monitoring 12-31
reconfirmation interval, changing 12-30
reconfirming membership 12-30
retry count, changing 12-30
voice aware 802.1x security
port-based authentication
configuring 8-34
described 8-26, 8-33
voice-over-IP 14-1
voice VLAN
Cisco 7960 phone, port connections 14-1
configuration guidelines 14-3
configuring IP phones for data traffic
override CoS of incoming frame 14-6
trust CoS priority of incoming frame 14-6
configuring ports for voice traffic in
802.1p priority tagged frames 14-5
802.1Q frames 14-5
connecting to an IP phone 14-4
default configuration 14-3
described 14-1
displaying 14-7
IP phone data traffic, described 14-2
IP phone voice traffic, described 14-2
VQP 1-6, 12-26
VTP
adding a client to a domain 13-16
advertisements 12-18, 13-4
and extended-range VLANs 12-3, 13-2
VTP (continued)
and normal-range VLANs 12-2, 13-2
configuration
requirements 13-10
saving 13-8
configuration requirements 13-10
configuration revision number
guideline 13-16
resetting 13-17
configuring
mode 13-11
consistency checks 13-5
default configuration 13-8
described 13-1
domain names 13-9
domains 13-2
Layer 2 protocol tunneling 16-8
modes
client 13-3
configuring 13-11
off 13-3
server 13-3
transitions 13-3
transparent 13-3
monitoring 13-17
passwords 13-9
pruning
disabling 13-15
enabling 13-15
examples 13-7
overview 13-6
support for 1-7
pruning-eligible list, changing 12-21
server mode, configuring 13-11, 13-14
statistics 13-17
support for 1-7
VTP (continued)
Token Ring support 13-4
transparent mode, configuring 13-11
using 13-1
Version
enabling 13-14
version, guidelines 13-9
Version 1 13-5
Version 2
configuration guidelines 13-9
overview 13-4
Version 3
overview 13-5
W
web authentication 8-13
configuring 9-17
described 1-7
web-based authentication
customizeable web pages 9-6
description 9-1
web-based authentication, interactions with other features 9-7
weighted tail drop
See WTD
weight thresholds in tracked lists 39-16
wired location service
configuring 26-9
displaying 26-10
location TLV 26-3
understanding 26-3
WTD
described 33-13
setting thresholds
egress queue-sets 33-71
ingress queues 33-67
support for 1-10, 1-11
X
Xmodem protocol 41-2