Numerics -
A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
K -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
X -
Index
Numerics
10-Gigabit Ethernet interfaces 10-6
A
AAA down policy, NAC Layer 2 IP validation 1-10
abbreviating commands 2-4
ABRs 38-26
access
templates 8-1
access-class command 34-20
access control entries
See ACEs
access-denied response, VMPS 12-29
access groups
applying IPv4 ACLs to interfaces 34-21
Layer 2 34-21
Layer 3 34-21
access groups, applying IPv4 ACLs to interfaces 34-21
accessing stack members 5-25
access lists
See ACLs
access ports
and Layer 2 protocol tunneling 16-11
defined 10-3
access template 8-1
accounting
with 802.1x 9-33
with IEEE 802.1x 9-9
with RADIUS 7-28
with TACACS+ 7-11, 7-17
ACEs
and QoS 36-7
defined 34-2
Ethernet 34-2
IP 34-2
ACLs
ACEs 34-2
any keyword 34-13
applying
on bridged packets 34-37
on multicast packets 34-39
on routed packets 34-38
on switched packets 34-37
time ranges to 34-17
to an interface 34-20, 35-8
to IPv6 interfaces 35-8
to QoS 36-7
classifying traffic for QoS 36-43
comments in 34-19
compiling 34-22
defined 34-1, 34-8
examples of 34-22, 36-43
extended IP, configuring for QoS classification 36-44
extended IPv4
creating 34-11
matching criteria 34-8
hardware and software handling 34-22
host keyword 34-13
IP
creating 34-8
fragments and QoS guidelines 36-32
implicit deny 34-10, 34-14, 34-17
implicit masks 34-10
matching criteria 34-8
undefined 34-21
IPv4
applying to interfaces 34-20
creating 34-8
matching criteria 34-8
named 34-15
numbers 34-8
terminal lines, setting on 34-19
unsupported features 34-7
IPv6
and stacking 35-3
applying to interfaces 35-8
configuring 35-4, 35-5
displaying 35-9
interactions with other features 35-4
limitations 35-3
matching criteria 35-3
named 35-3
precedence of 35-2
supported 35-3
unsupported features 35-3
Layer 4 information in 34-36
logging messages 34-9
MAC extended 34-27, 36-45
matching 34-8, 34-21
monitoring 34-39, 35-9
named
IPv4 34-15
IPv6 35-3
names 35-4
number per QoS class map 36-32
port 34-2, 35-2
precedence of 34-2
QoS 36-7, 36-43
resequencing entries 34-15
router 34-2, 35-2
router ACLs and VLAN map configuration guidelines 34-36
standard IP, configuring for QoS classification 36-43
standard IPv4
creating 34-10
matching criteria 34-8
support for 1-8
support in hardware 34-22
time ranges 34-17
types supported 34-2
unsupported features
IPv4 34-7
IPv6 35-3
using router ACLs with VLAN maps 34-35
VLAN maps
configuration guidelines 34-30
configuring 34-29
active links 20-2
active router 40-1
active traffic monitoring, IP SLAs 41-1
address aliasing 23-2
addresses
displaying the MAC address table 6-27
dynamic
accelerated aging 17-9
changing the aging time 6-21
default aging 17-9
defined 6-19
learning 3-10, 6-20
removing 6-22
MAC, discovering 6-27
multicast
group address range 44-3
STP address management 17-9
static
adding and removing 6-24
defined 6-19
address resolution 6-27, 38-9
Address Resolution Protocol
See ARP
adjacency tables, with CEF 38-81
administrative distances
defined 38-93
OSPF 38-33
routing protocol defaults 38-84
advanced IP services feature set 1-2
advertisements
CDP 26-1
LLDP 27-2
RIP 38-20
VTP 12-20, 13-3
aggregatable global unicast addresses 39-3
aggregate addresses, BGP 38-61
aggregated ports
See EtherChannel
aggregate policers 36-58
aggregate policing 1-10
aging, accelerating 17-9
aging time
accelerated
for MSTP 18-23
for STP 17-9, 17-23
MAC address table 6-21
maximum
for MSTP 18-23, 18-24
for STP 17-23, 17-24
alarms, RMON 30-3
allowed-VLAN list 12-22
application engines, redirecting traffic to 43-1
area border routers
See ABRs
ARP
configuring 38-10
defined 1-6, 6-27, 38-10
encapsulation 38-11
static cache configuration 38-10
table
address resolution 6-27
managing 6-27
ASBRs 38-26
AS-path filters, BGP 38-55
asymmetrical links, and IEEE 802.1Q tunneling 16-4
attributes, RADIUS
vendor-proprietary 7-30
vendor-specific 7-29
audience xliii
authentication
EIGRP 38-42
HSRP 40-9
local mode with AAA 7-36
NTP associations 6-4
RADIUS
key 7-21
login 7-23
TACACS+
defined 7-11
key 7-13
login 7-14
See also port-based authentication
authentication failed VLAN
See restricted VLAN
authentication keys, and routing protocols 38-94
authoritative time source, described 6-2
authorization
with RADIUS 7-27
with TACACS+ 7-11, 7-16
authorized ports with IEEE 802.1x 9-7
autoconfiguration 3-3
automatic advise (auto-advise) in switch stacks 5-13
automatic copy (auto-copy) in switch stacks 5-13
automatic extraction (auto-extract) in switch stacks 5-13
automatic QoS
See QoS
automatic upgrades (auto-upgrade) in switch stacks 5-13
auto-MDIX
configuring 10-20
described 10-20
autonegotiation
duplex mode 1-3
interface configuration guidelines 10-17
mismatches 47-9
autonomous system boundary routers
See ASBRs
autonomous systems, in BGP 38-49
Auto-RP, described 44-6
autosensing, port speed 1-3
auxiliary VLAN
See voice VLAN
availability, features 1-6
B
BackboneFast
described 19-7
disabling 19-17
enabling 19-16
support for 1-7
backup interfaces
See Flex Links
backup links 20-2
banners
configuring
login 6-19
message-of-the-day login 6-18
default configuration 6-17
when displayed 6-17
BGP
aggregate addresses 38-61
aggregate routes, configuring 38-61
CIDR 38-61
clear commands 38-64
community filtering 38-58
configuring neighbors 38-59
default configuration 38-46
described 38-46
enabling 38-49
monitoring 38-64
multipath support 38-53
neighbors, types of 38-49
path selection 38-53
peers, configuring 38-59
prefix filtering 38-57
resetting sessions 38-51
route dampening 38-63
route maps 38-55
route reflectors 38-62
routing domain confederation 38-62
routing session with multi-VRF CE 38-75
show commands 38-64
supernets 38-61
support for 1-11
Version 4 38-46
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 21-6
DHCP snooping database 21-7
IP source guard 21-16
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 25-6
Boolean expressions in tracked lists 42-4
booting
boot loader, function of 3-2
boot process 3-2
manually 3-13
specific image 3-14
boot loader
accessing 3-15
described 3-2
environment variables 3-15
prompt 3-15
trap-door mechanism 3-2
bootstrap router (BSR), described 44-7
Border Gateway Protocol
See BGP
BPDU
error-disabled state 19-2
filtering 19-3
RSTP format 18-12
BPDU filtering
described 19-3
disabling 19-15
enabling 19-14
support for 1-7
BPDU guard
described 19-2
disabling 19-14
enabling 19-13
support for 1-7
bridged packets, ACLs on 34-37
bridge groups
See fallback bridging
bridge protocol data unit
See BPDU
broadcast flooding 38-17
broadcast packets
directed 38-14
flooded 38-14
broadcast storm-control command 25-4
broadcast storms 25-1, 38-14
C
cables, monitoring for unidirectional links 28-1
CA trustpoint
configuring 7-45
defined 7-43
caution, described xliv
CDP
and trusted boundary 36-38
configuring 26-2
default configuration 26-2
defined with LLDP 27-1
described 26-1
disabling for routing device26-3to 26-4
enabling and disabling
on an interface 26-4
on a switch 26-3
Layer 2 protocol tunneling 16-8
monitoring 26-5
overview 26-1
support for 1-6
switch stack considerations 26-2
transmission timer and holdtime, setting 26-2
updates 26-2
CEF
defined 38-81
distributed 38-81
IPv6 39-17
CGMP
as IGMP snooping learning method 23-9
clearing cached group entries 44-53
enabling server support 44-36
joining multicast group 23-3
overview 44-9
server support only 44-9
switch support of 1-4
CIDR 38-61
CipherSuites 7-44
Cisco 7960 IP Phone 14-1
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
See IFS
Cisco IOS IP SLAs 41-1
Cisco Network Assistant
See Network Assistant
Cisco StackWise Plus technology 1-3
See also stacks, switch
CiscoWorks 2000 1-5, 32-4
CIST regional root
See MSTP
CIST root
See MSTP
civic location 27-3
classless interdomain routing
See CIDR
classless routing 38-8
class maps for QoS
configuring 36-46
described 36-7
displaying 36-78
class of service
See CoS
clearing interfaces 10-26
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-5
editing features
enabling and disabling 2-7
keystroke editing 2-8
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
no and default forms of commands 2-4
client mode, VTP 13-3
client processes, tracking 42-1
clock
See system clock
CNS
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-8
management functions 1-5
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 7-8
community list, BGP 38-58
community ports 15-2
community strings
configuring 32-8
overview 32-4
community VLANs 15-2, 15-3
compatibility, feature 25-11
compatibility, software
See stacks, switch
config.text 3-12
configurable leave timer, IGMP 23-6
configuration, initial
defaults 1-13
Express Setup 1-2
See also getting started guide and hardware installation guide
configuration examples, network 1-16
configuration files
archiving B-20
clearing the startup configuration B-20
creating and using, guidelines for B-10
creating using a text editor B-11
default name 3-12
deleting a stored configuration B-20
described B-9
downloading
automatically 3-12
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
invalid combinations when copying B-5
limiting TFTP server access 32-15
obtaining with DHCP 3-7
password recovery disable considerations 7-5
replacing and rolling back, guidelines for B-21
replacing a running configuration B-20, B-21
rolling back a running configuration B-20, B-21
specifying the filename 3-13
system contact and location information 32-15
configuration files (continued)
types and location B-10
uploading
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-15
using RCP B-19
using TFTP B-12
configuration guidelines, multi-VRF CE 38-68
configuration logging 2-5
configuration replacement B-20
configuration rollback B-20
configuration settings, saving 3-11
configure terminal command 10-8
configuring multicast VRFs 38-74
config-vlan mode 2-2, 12-7
connections, secure remote 7-38
connectivity problems 47-10, 47-12, 47-13
consistency checks in VTP Version 2 13-4
console port, connecting to 2-11
content-routing technology
See WCCP
control protocol, IP SLAs 41-4
conventions
command xliii
for examples xliv
publication xliii
text xliii
corrupted software, recovery steps with Xmodem 47-2
CoS
in Layer 2 frames 36-2
override priority 14-6
trust priority 14-6
CoS input queue threshold map for QoS 36-16
CoS output queue threshold map for QoS 36-19
CoS-to-DSCP map for QoS 36-60
counters, clearing interface 10-26
crashinfo file 47-21
critical authentication, IEEE 802.1x 9-37
cross-stack EtherChannel
configuration guidelines 37-12
configuring
on Layer 2 interfaces 37-12
on Layer 3 physical interfaces 37-15
described 37-2
illustration 37-3
support for 1-7
cross-stack UplinkFast, STP
described 19-5
disabling 19-16
enabling 19-16
fast-convergence events 19-7
Fast Uplink Transition Protocol 19-6
normal-convergence events 19-7
support for 1-7
cryptographic software image
Kerberos 7-32
SSH 7-37
SSL 7-42
switch stack considerations 5-2, 5-18, 7-38
customer edge devices 38-66
D
daylight saving time 6-13
dCEF in the switch stack 38-81
debugging
enabling all system diagnostics 47-17
enabling for a specific feature 47-17
redirecting error message output 47-18
using commands 47-16
default commands 2-4
default configuration
802.1x 9-23
auto-QoS 36-21
banners 6-17
BGP 38-46
booting 3-12
default configuration (continued)
CDP 26-2
DHCP 21-8
DHCP option 82 21-8
DHCP snooping 21-8
DHCP snooping binding database 21-9
DNS 6-16
dynamic ARP inspection 22-5
EIGRP 38-38
EtherChannel 37-10
Ethernet interfaces 10-16
fallback bridging 46-3
Flex Links 20-5
HSRP 40-5
IEEE 802.1Q tunneling 16-4
IGMP 44-31
IGMP filtering 23-25
IGMP snooping 23-7, 24-6
IGMP throttling 23-25
initial switch information 3-3
IP addressing, IP routing 38-6
IP multicast routing 44-10
IP SLAs 41-6
IP source guard 21-17
IPv6 39-13
Layer 2 interfaces 10-16
Layer 2 protocol tunneling 16-11
LLDP 27-3
MAC address table 6-21
MAC address-table move update 20-5
MSDP 45-4
MSTP 18-15
multi-VRF CE 38-68
MVR 23-20
NTP 6-4
optional spanning-tree configuration 19-12
OSPF 38-27
password and privilege level 7-2
PIM 44-10
default configuration (continued)
private VLANs 15-6
RADIUS 7-20
RIP 38-21
RMON 30-3
RSPAN 29-11
SDM template 8-4
SNMP 32-6
SPAN 29-11
SSL 7-45
standard QoS 36-30
STP 17-13
switch stacks 5-21
system message logging 31-4
system name and prompt 6-15
TACACS+ 7-13
UDLD 28-4
VLAN, Layer 2 Ethernet interfaces 12-20
VLANs 12-8
VMPS 12-30
voice VLAN 14-3
VTP 13-7
WCCP 43-5
default gateway 3-10, 38-12
default networks 38-84
default routes 38-84
default routing 38-3
deleting VLANs 12-10
denial-of-service attack 25-1
description command 10-21
designing your network, examples 1-16
desktop template 5-11, 8-1
destination addresses
in IPv4 ACLs 34-12
in IPv6 ACLs 35-6
destination-IP address-based forwarding, EtherChannel 37-8
destination-MAC address forwarding, EtherChannel 37-8
detecting indirect link failures, STP 19-8
device discovery protocol 26-1, 27-1
device manager
benefits 1-2
described 1-2, 1-5
in-band management 1-6
requirements xliv
DHCP
Cisco IOS server database
configuring 21-14
default configuration 21-9
described 21-6
enabling
relay agent 21-11
server 21-10
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-4
DNS 3-6
relay device 3-7
server side 3-5
server-side 21-10
TFTP server 3-6
example 3-8
lease options
for IP address information 3-5
for receiving the configuration file 3-5
overview 3-3
relationship to BOOTP 3-4
relay support 1-5, 1-12
support for 1-5
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 21-5
configuration guidelines 21-9
default configuration 21-8
displaying 21-15
forwarding address, specifying 21-11
helper address 21-11
overview 21-3
packet format, suboption
circuit ID 21-5
remote ID 21-5
remote ID suboption 21-5
DHCP snooping
accepting untrusted packets form edge switch 21-3, 21-13
and private VLANs 21-14
binding database
See DHCP snooping binding database
configuration guidelines 21-9
default configuration 21-8
displaying binding tables 21-15
message exchange process 21-4
option 82 data insertion 21-3
trusted interface 21-2
untrusted interface 21-2
untrusted messages 21-2
DHCP snooping binding database
adding bindings 21-14
binding entries, displaying 21-15
binding file
format 21-7
location 21-7
bindings 21-7
clearing agent statistics 21-15
configuration guidelines 21-10
configuring 21-14
default configuration 21-8, 21-9
DHCP snooping binding database (continued)
deleting
binding file 21-15
bindings 21-15
database agent 21-15
described 21-6
displaying 21-15
binding entries 21-15
status and statistics 21-15
displaying status and statistics 21-15
enabling 21-14
entry 21-7
renewing database 21-15
resetting
delay value 21-15
timeout value 21-15
DHCP snooping binding table
See DHCP snooping binding database
diagnostic schedule command 48-2
Differentiated Services architecture, QoS 36-2
Differentiated Services Code Point 36-2
Diffusing Update Algorithm (DUAL) 38-36
directed unicast requests 1-5
directories
changing B-4
creating and removing B-4
displaying the working B-4
Distance Vector Multicast Routing Protocol
See DVMRP
distance-vector protocols 38-3
distribute-list command 38-93
DNS
and DHCP-based autoconfiguration 3-6
default configuration 6-16
displaying the configuration 6-17
in IPv6 39-4
overview 6-15
setting up 6-16
support for 1-5
documentation, related xliv
document conventions xliii
domain names
DNS 6-15
VTP 13-8
Domain Name System
See DNS
dot1q-tunnel switchport mode 12-18
double-tagged packets
IEEE 802.1Q tunneling 16-2
Layer 2 protocol tunneling 16-10
downloading
configuration files
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
image files
deleting old image B-29
preparing B-26, B-30, B-35
reasons for B-24
using CMS 1-3
using FTP B-31
using HTTP 1-3, B-24
using RCP B-36
using TFTP B-27
using the device manager or Network Assistant B-24
drop threshold for Layer 2 protocol packets 16-11
DSCP 1-10, 36-2
DSCP input queue threshold map for QoS 36-16
DSCP output queue threshold map for QoS 36-19
DSCP-to-CoS map for QoS 36-63
DSCP-to-DSCP-mutation map for QoS 36-64
DSCP transparency 36-39
DTP 1-8, 12-18
DUAL finite state machine, EIGRP 38-37
dual IPv4 and IPv6 templates 8-2, 39-1, 39-11
dual protocol stacks
configuring 39-15
IPv4 and IPv6 39-11
SDM templates supporting 39-11
DVMRP
autosummarization
configuring a summary address 44-50
disabling 44-52
connecting PIM domain to DVMRP router 44-43
enabling unicast routing 44-46
interoperability
with Cisco devices 44-41
with Cisco IOS software 44-9
mrinfo requests, responding to 44-45
neighbors
advertising the default route to 44-44
discovery with Probe messages 44-41
displaying information 44-45
prevent peering with nonpruning 44-48
rejecting nonpruning 44-47
overview 44-9
routes
adding a metric offset 44-52
advertising all 44-52
advertising the default route to neighbors 44-44
caching DVMRP routes learned in report messages 44-46
changing the threshold for syslog messages 44-49
deleting 44-53
displaying 44-54
favoring one over another 44-52
limiting the number injected into MBONE 44-49
limiting unicast route advertisements 44-41
routing table 44-9
source distribution tree, building 44-9
support for 1-12
tunnels
configuring 44-43
displaying neighbor information 44-45
dynamic access ports
characteristics 12-4
configuring 12-31
defined 10-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 22-1
ARP requests, described 22-1
ARP spoofing attack 22-1
clearing
log buffer 22-16
statistics 22-16
configuration guidelines 22-6
configuring
ACLs for non-DHCP environments 22-8
in DHCP environments 22-7
log buffer 22-13
rate limit for incoming ARP packets 22-4, 22-11
default configuration 22-5
denial-of-service attacks, preventing 22-11
described 22-1
DHCP snooping binding database 22-2
displaying
ARP ACLs 22-15
configuration and operating state 22-15
log buffer 22-16
statistics 22-16
trust state and rate limit 22-15
error-disabled state for exceeding rate limit 22-4
function of 22-2
interface trust states 22-3
log buffer
clearing 22-16
configuring 22-13
displaying 22-16
logging of dropped packets, described 22-5
man-in-the middle attack, described 22-2
network security issues and interface trust states 22-3
dynamic ARP inspection (continued)
priority of ARP ACLs and DHCP snooping entries 22-4
rate limiting of ARP packets
configuring 22-11
described 22-4
error-disabled state 22-4
statistics
clearing 22-16
displaying 22-16
validation checks, performing 22-12
dynamic auto trunking mode 12-18
dynamic desirable trunking mode 12-18
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 12-29
reconfirming 12-32
troubleshooting 12-34
types of connections 12-31
dynamic routing 38-3
Dynamic Trunking Protocol
See DTP
E
EBGP 38-45
editing features
enabling and disabling 2-7
keystrokes used 2-8
wrapped lines 2-9
EIGRP
authentication 38-42
components 38-37
configuring 38-40
default configuration 38-38
definition 38-36
interface parameters, configuring 38-41
monitoring 38-44
stub routing 38-43
support for 1-11
EIGRP IPv6 39-6
elections
See stack master
ELIN location 27-3
embedded event manager
actions 33-4
configuring 33-1, 33-5
displaying information 33-7
environmental variables 33-4
event detectors 33-2
policies 33-4
registering and defining an applet 33-5
registering and defining a TCL script 33-6
understanding 33-1
enable password 7-3
enable secret password 7-3
encryption, CipherSuite 7-44
encryption for passwords 7-3
Enhanced IGRP
See EIGRP
enhanced object tracking
commands 42-1
defined 42-1
HSRP 42-7
IP routing state 42-2
IP SLAs 42-9
line-protocol state 42-2
tracked lists 42-3
environmental variables, embedded event manager 33-4
environment variables, function of 3-16
equal-cost routing 1-12, 38-82
error-disabled state, BPDU 19-2
error messages during command entry 2-5
EtherChannel
automatic creation of 37-5, 37-6
channel groups
binding physical and logical interfaces 37-4
numbering of 37-4
configuration guidelines 37-11
configuring
Layer 2 interfaces 37-12
Layer 3 physical interfaces 37-15
Layer 3 port-channel logical interfaces 37-14
default configuration 37-10
described 37-2
displaying status 37-22
forwarding methods 37-7, 37-17
IEEE 802.3ad, described 37-6
interaction
with STP 37-11
with VLANs 37-11
LACP
described 37-6
displaying status 37-22
hot-standby ports 37-19
interaction with other features 37-7
modes 37-6
port priority 37-21
system priority 37-20
Layer 3 interface 38-5
load balancing 37-7, 37-17
logical interfaces, described 37-4
PAgP
aggregate-port learners 37-18
compatibility with Catalyst 1900 37-18
described 37-5
displaying status 37-22
interaction with other features 37-6
learn method and priority configuration 37-18
modes 37-5
support for 1-4
port-channel interfaces
described 37-4
numbering of 37-4
port groups 10-5
stack changes, effects of 37-9
support for 1-4
EtherChannel guard
described 19-10
disabling 19-17
enabling 19-17
Ethernet management port
and switch stacks 10-12
supported features 10-14
Ethernet management port, internal
active link 10-13
and management module 10-12
and routing 10-13
and switch stacks 10-12
and TFTP 10-15
configuring 10-15
default setting 10-13
described 10-12
for network management 10-12
Layer 3 routing guidelines 10-14
unsupported features 10-14
Ethernet VLANs
adding 12-9
defaults and ranges 12-8
modifying 12-9
EUI 39-3
event detectors, embedded event manager 33-2
events, RMON 30-3
examples
conventions for xliv
network configuration 1-16
expedite queue for QoS 36-76
Express Setup 1-2
See also getting started guide
extended crashinfo file 47-21
extended-range VLANs
configuration guidelines 12-13
configuring 12-12
creating 12-14
creating with an internal VLAN ID 12-15
defined 12-1
extended system ID
MSTP 18-17
STP 17-4, 17-16
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 9-1
external BGP
See EBGP
external neighbors, BGP 38-49
F
Fa0 port
See Ethernet management port, internal
failover support 1-6
fallback bridging
and protected ports 46-4
bridge groups
creating 46-4
described 46-2
displaying 46-11
function of 46-2
number supported 46-5
removing 46-5
bridge table
clearing 46-11
displaying 46-11
configuration guidelines 46-4
connecting interfaces with 10-7
default configuration 46-3
described 46-1
fallback bridging (continued)
frame forwarding
flooding packets 46-2
forwarding packets 46-2
overview 46-1
protocol, unsupported 46-4
stack changes, effects of 46-3
STP
disabling on an interface 46-10
forward-delay interval 46-9
hello BPDU interval 46-8
interface priority 46-7
keepalive messages 17-2
maximum-idle interval 46-9
path cost 46-7
VLAN-bridge spanning-tree priority 46-6
VLAN-bridge STP 46-2
support for 1-12
SVIs and routed ports 46-2
unsupported protocols 46-4
VLAN-bridge STP 17-11
fastethernet0 port
See Ethernet management port, internal
Fast Uplink Transition Protocol 19-6
features, incompatible 25-11
FIB 38-81
fiber-optic, detecting unidirectional links 28-1
files
basic crashinfo
description 47-21
location 47-21
copying B-5
crashinfo, description 47-21
deleting B-5
displaying the contents of B-8
extended crashinfo
description 47-21
location 47-21
tar
creating B-7
displaying the contents of B-7
extracting B-8
image file format B-25
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-5
setting the default B-3
filtering
in a VLAN 34-29
IPv6 traffic 35-4, 35-8
non-IP traffic 34-27
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
See ACLs, IP
flash device, number of B-1
Flex Links
configuration guidelines 20-5
configuring 20-6, 20-7
configuring preferred VLAN 20-9
configuring VLAN load balancing 20-8
default configuration 20-5
description 20-1
link load balancing 20-2
monitoring 20-11
VLANs 20-2
flooded traffic, blocking 25-7
flow-based packet classification 1-10
flowcharts
QoS classification 36-6
QoS egress queueing and scheduling 36-17
QoS ingress queueing and scheduling 36-15
QoS policing and marking 36-10
flowcontrol
configuring 10-19
described 10-19
forward-delay time
MSTP 18-23
STP 17-23
Forwarding Information Base
See FIB
forwarding nonroutable protocols 46-1
FTP
accessing MIB files A-4
configuration files
downloading B-14
overview B-13
preparing the server B-14
uploading B-15
image files
deleting old image B-33
downloading B-31
preparing the server B-30
uploading B-33
G
get-bulk-request operation 32-3
get-next-request operation 32-3, 32-4
get-request operation 32-3, 32-4
get-response operation 32-3
global configuration mode 2-2
global leave, IGMP 23-13
guest VLAN and IEEE 802.1x 9-13
guide
audience xliii
purpose of xliii
guide mode 1-3
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces 10-22
hello time
MSTP 18-22
STP 17-22
help, for the command line 2-3
hierarchical policy maps 36-8
configuration guidelines 36-32
configuring 36-52
described 36-11
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 31-10
host ports
configuring 15-11
kinds of 15-2
hosts, limit on dynamic ports 12-34
Hot Standby Router Protocol
See HSRP
HP OpenView 1-5
HSRP
authentication string 40-9
command-switch redundancy 1-1, 1-6
configuring 40-4
default configuration 40-5
definition 40-1
guidelines 40-5
monitoring 40-11
object tracking 42-7
overview 40-1
priority 40-7
routing redundancy 1-11
support for ICMP redirect messages 40-11
switch stack considerations 40-4
timers 40-10
tracking 40-7
HTTP over SSL
see HTTPS
HTTPS
configuring 7-46
described 7-43
self-signed certificate 7-43
HTTP secure server 7-43
I
IBPG 38-45
ICMP
IPv6 39-4
redirect messages 38-12
support for 1-12
time-exceeded messages 47-14
traceroute and 47-14
unreachable messages 34-20
unreachable messages and IPv6 35-4
unreachables and ACLs 34-22
ICMP Echo operation
configuring 41-12
IP SLAs 41-11
ICMP ping
executing 47-11
overview 47-11
ICMP Router Discovery Protocol
See IRDP
ICMPv6 39-4
IDS appliances
and ingress RSPAN 29-22
and ingress SPAN 29-15
IEEE 802.1D
See STP
IEEE 802.1p 14-1
IEEE 802.1Q
and trunk ports 10-3
configuration limitations 12-19
encapsulation 12-16
native VLAN for untagged traffic 12-24
tunneling
compatibility with other features 16-6
defaults 16-4
described 16-1
tunnel ports with other features 16-6
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3x flow control 10-19
ifIndex values, SNMP 32-5
IFS 1-6
IGMP
configurable leave timer
described 23-6
enabling 23-12
configuring the switch
as a member of a group 44-31
statically connected member 44-35
controlling access to groups 44-32
default configuration 44-31
deleting cache entries 44-54
displaying groups 44-54
fast switching 44-36
flooded multicast traffic
controlling the length of time 23-13
disabling on an interface 23-14
global leave 23-13
query solicitation 23-13
recovering from flood mode 23-13
host-query interval, modifying 44-33
joining multicast group 23-3
join messages 23-3
leave processing, enabling 23-11, 24-9
leaving multicast group 23-5
multicast reachability 44-31
overview 44-3
queries 23-4
report suppression
described 23-6
disabling 23-16, 24-11
supported versions 23-3
support for 1-4
Version 1
changing to Version 2 44-33
described 44-3
Version 2
changing to Version 1 44-33
described 44-3
maximum query response time value 44-35
pruning groups 44-35
query timeout value 44-34
IGMP filtering
configuring 23-25
default configuration 23-25
described 23-24
monitoring 23-29
support for 1-4
IGMP groups
configuring filtering 23-27
setting the maximum number 23-27
IGMP helper 44-6
IGMP Immediate Leave
configuration guidelines 23-12
described 23-6
enabling 23-11
IGMP profile
applying 23-26
configuration mode 23-25
configuring 23-25
IGMP snooping
and address aliasing 23-2
and stack changes 23-7
configuring 23-7
default configuration 23-7, 24-6
definition 23-2
enabling and disabling 23-8, 24-7
global configuration 23-8
Immediate Leave 23-6
in the switch stack 23-7
method 23-9
monitoring 23-16, 24-11
querier
configuration guidelines 23-14
configuring 23-14
supported versions 23-3
support for 1-4
VLAN configuration 23-8
IGMP throttling
configuring 23-27
default configuration 23-25
described 23-24
displaying action 23-29
IGP 38-25
Immediate Leave, IGMP
described 23-6
enabling 24-9
inaccessible authentication bypass 9-15
initial configuration
defaults 1-13
Express Setup 1-2
See also getting started guide and hardware installation guide
interface
number 10-7
range macros 10-10
interface command10-7to 10-8
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 10-20
configuring
IPv4 and IPv6 39-15
procedure 10-8
counters, clearing 10-26
default configuration 10-16
described 10-21
descriptive name, adding 10-21
displaying information about 10-25
duplex and speed configuration guidelines 10-17
flow control 10-19
management 1-5
monitoring 10-25
naming 10-21
physical, identifying 10-7
range of 10-9
restarting 10-26
shutting down 10-26
speed and duplex, configuring 10-18
status 10-25
supported 10-7
types of 10-1
interfaces range macro command 10-10
interface types 10-7
Interior Gateway Protocol
See IGP
internal BGP
See IBGP
internal neighbors, BGP 38-49
Internet Control Message Protocol
See ICMP
Internet Group Management Protocol
See IGMP
Internet Protocol version 6
See IPv6
Inter-Switch Link
See ISL
inter-VLAN routing 1-11, 38-2
Intrusion Detection System
See IDS appliances
inventory management TLV 27-6
IP ACLs
for QoS classification 36-7
implicit deny 34-10, 34-14
implicit masks 34-10
named 34-15
undefined 34-21
IP addresses
128-bit 39-2
classes of 38-7
default configuration 38-6
discovering 6-27
for IP routing 38-5
IPv6 39-2
MAC address association 38-9
monitoring 38-18
IP base feature set 1-1
IP broadcast address 38-17
ip cef distributed command 38-81
IP directed broadcasts 38-15
ip igmp profile command 23-25
IP information
assigned
manually 3-10
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing
addresses
all-hosts 44-3
all-multicast-routers 44-3
host group address range 44-3
administratively-scoped boundaries, described 44-39
IP multicast routing (continued)
and IGMP snooping 23-2
Auto-RP
adding to an existing sparse-mode cloud 44-18
benefits of 44-18
clearing the cache 44-54
configuration guidelines 44-12
filtering incoming RP announcement messages 44-20
overview 44-6
preventing candidate RP spoofing 44-20
preventing join messages to false RPs 44-20
setting up in a new internetwork 44-18
using with BSR 44-26
bootstrap router
configuration guidelines 44-12
configuring candidate BSRs 44-24
configuring candidate RPs 44-25
defining the IP multicast boundary 44-23
defining the PIM domain border 44-22
overview 44-7
using with Auto-RP 44-26
Cisco implementation 44-2
configuring
basic multicast routing 44-12
IP multicast boundary 44-39
default configuration 44-10
enabling
multicast forwarding 44-13
PIM mode 44-14
group-to-RP mappings
Auto-RP 44-6
BSR 44-7
IP multicast routing (continued)
MBONE
deleting sdr cache entries 44-54
described 44-37
displaying sdr cache 44-55
enabling sdr listener support 44-38
limiting DVMRP routes advertised 44-49
limiting sdr cache entry lifetime 44-38
SAP packets for conference session announcement 44-37
Session Directory (sdr) tool, described 44-37
monitoring
packet rate loss 44-55
peering devices 44-55
tracing a path 44-55
multicast forwarding, described 44-8
PIMv1 and PIMv2 interoperability 44-11
protocol interaction 44-2
reverse path check (RPF) 44-8
routing table
deleting 44-54
displaying 44-54
RP
assigning manually 44-16
configuring Auto-RP 44-18
configuring PIMv2 BSR 44-22
monitoring mapping information 44-27
using Auto-RP and BSR 44-26
stacking
stack master functions 44-10
stack member functions 44-10
statistics, displaying system and network 44-54
See also CGMP
See also DVMRP
See also IGMP
See also PIM
IP phones
and QoS 14-1
automatic classification and queueing 36-20
configuring 14-4
ensuring port security with QoS 36-38
trusted boundary for QoS 36-38
IP precedence 36-2
IP-precedence-to-DSCP map for QoS 36-61
IP protocols
in ACLs 34-12
routing 1-11
IP protocols in ACLs 34-12
IP routes, monitoring 38-95
IP routing
connecting interfaces with 10-7
disabling 38-19
enabling 38-19
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 41-1
IP services feature set 1-1
IP SLAs
benefits 41-2
configuration guidelines 41-6
configuring object tracking 42-9
Control Protocol 41-4
default configuration 41-6
definition 41-1
ICMP echo operation 41-11
measuring network performance 41-3
monitoring 41-14
multioperations scheduling 41-5
object tracking 42-9
operation 41-3
reachability tracking 42-9
responder
described 41-4
enabling 41-8
response time 41-4
scheduling 41-5
SNMP support 41-2
supported metrics 41-2
threshold monitoring 41-6
track state 42-9
UDP jitter operation 41-8
IP source guard
and DHCP snooping 21-16
and EtherChannels 21-18
and hardware entries 21-18
and IEEE 802.1x 21-18
and port security 21-17
and private VLANs 21-18
and routed ports 21-17
and trunk interfaces 21-17
and VRF 21-18
binding configuration
automatic 21-16
manual 21-16
binding table 21-16
configuration guidelines 21-17
default configuration 21-17
described 21-16
disabling 21-19
displaying
bindings 21-19
configuration 21-19
enabling 21-18
filtering
source IP address 21-16
source IP and MAC address 21-17
source IP address filtering 21-16
source IP and MAC address filtering 21-17
static bindings
adding 21-18
deleting 21-19
IP traceroute
executing 47-14
overview 47-14
IP unicast routing
address resolution 38-9
administrative distances 38-84, 38-93
ARP 38-10
assigning IP addresses to Layer 3 interfaces 38-7
authentication keys 38-94
broadcast
address 38-17
flooding 38-17
packets 38-14
storms 38-14
classless routing 38-8
configuring static routes 38-83
default
addressing configuration 38-6
gateways 38-12
networks 38-84
routes 38-84
routing 38-3
directed broadcasts 38-15
disabling 38-19
dynamic routing 38-3
enabling 38-19
EtherChannel Layer 3 interface 38-5
IGP 38-25
inter-VLAN 38-2
IP addressing
classes 38-7
configuring 38-5
IPv6 39-3
IRDP 38-13
Layer 3 interfaces 38-5
MAC address and IP address 38-9
passive interfaces 38-92
IP unicast routing (continued)
protocols
distance-vector 38-3
dynamic 38-3
link-state 38-3
proxy ARP 38-10
redistribution 38-85
reverse address resolution 38-9
routed ports 38-5
static routing 38-3
steps to configure 38-5
subnet mask 38-7
subnet zero 38-7
supernet 38-8
UDP 38-16
unicast reverse path forwarding 1-12, 38-80
with SVIs 38-5
See also BGP
See also EIGRP
See also OSPF
See also RIP
IPv4 ACLs
applying to interfaces 34-20
extended, creating 34-11
named 34-15
standard, creating 34-10
IPv4 and IPv6
configuring on an interface 39-15
differences 39-2
dual protocol stacks 39-5
IPv6
ACLs
displaying 35-9
limitations 35-3
matching criteria 35-3
port 35-2
precedence 35-2
router 35-2
supported 35-3
addresses 39-2
address formats 39-3
advantages 39-2
and switch stacks 39-10
applications 39-5
assigning address 39-13
CEFv6 39-17
configuring static routes 39-18
default configuration 39-13
defined 39-1
enabling 39-13
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6
described 39-6
EIGRP IPv6 commands 39-7
passive interfaces 39-7
prefix lists 39-6
router ID 39-6
feature limitations 39-9
features not supported 39-9
ICMP 39-4
ICMP rate limiting 39-17
monitoring 39-24
neighbor discovery 39-4
OSPF 39-22
path MTU discovery 39-4
reasons for 39-1
RIP 39-20
SDM templates 8-2, 24-1, 35-1, 39-11
stack master functions 39-10
supported features 39-3
switch limitations 39-9
IPv6 traffic, filtering 35-4
IRDP
configuring 38-13
definition 38-13
support for 1-12
ISL
and IPv6 39-3
and trunk ports 10-3
encapsulation 1-8, 12-16
trunking with IEEE 802.1 tunneling 16-5
isolated port 15-2
isolated VLANs 15-2, 15-3
J
join messages, IGMP 23-3
K
KDC
described 7-32
See also Kerberos
keepalive messages 17-2
Kerberos
authenticating to
boundary switch 7-34
KDC 7-34
network services 7-35
configuration examples 7-32
configuring 7-35
credentials 7-32
cryptographic software image 7-32
described 7-32
KDC 7-32
operation 7-34
realm 7-33
server 7-33
support for 1-10
switch as trusted third party 7-32
terms 7-33
TGT 7-34
tickets 7-32
key distribution center
See KDC
L
l2protocol-tunnel command 16-13
LACP
Layer 2 protocol tunneling 16-9
See EtherChannel
Layer 2 frames, classification with CoS 36-2
Layer 2 interfaces, default configuration 10-16
Layer 2 protocol tunneling
configuring 16-10
configuring for EtherChannels 16-14
default configuration 16-11
defined 16-8
guidelines 16-12
Layer 2 traceroute
and ARP 47-13
and CDP 47-12
broadcast traffic 47-12
described 47-12
IP addresses and subnets 47-13
MAC addresses and VLANs 47-13
multicast traffic 47-13
multiple devices on a port 47-13
unicast traffic 47-12
usage guidelines 47-12
Layer 3 features 1-11
Layer 3 interfaces
assigning IP addresses to 38-7
assigning IPv4 and IPv6 addresses to 39-15
assigning IPv6 addresses to 39-14
changing from Layer 2 mode 38-7, 38-71, 38-72
types of 38-5
Layer 3 packets, classification methods 36-2
LDAP 4-2
LEDs, switch
See hardware installation guide
Lightweight Directory Access Protocol
See LDAP
line configuration mode 2-3
Link Aggregation Control Protocol
See EtherChannel
Link Failure, detecting unidirectional 18-8
Link Layer Discovery Protocol
See CDP
link local unicast addresses 39-4
link redundancy
See Flex Links
links, unidirectional 28-1
link state advertisements (LSAs) 38-31
link-state protocols 38-3
link-state tracking
configuring 37-24
described 37-22
LLDP
configuring
characteristics 27-4
default configuration 27-3
globally 27-5
on an interface 27-5
disabling and enabling
globally 27-5
on an interface 27-5
monitoring and maintaining 27-7
overview 27-1
supported TLVs 27-2
switch stack considerations 27-2
transmission timer and holdtime, setting 27-4
LLDP-MED
configuring 27-3
configuring TLVs 27-6
monitoring and maintaining 27-7
overview 27-1, 27-2
supported TLVs 27-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing 40-3
local SPAN 29-2
location TLV 27-3, 27-6
logging messages, ACL 34-9
login authentication
with RADIUS 7-23
with TACACS+ 7-14
login banners 6-17
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-17
loop guard
described 19-11
enabling 19-18
support for 1-7
M
MAC addresses
aging time 6-21
and VLAN association 6-20
building the address table 6-20
default configuration 6-21
discovering 6-27
displaying 6-27
displaying in the IP source binding table 21-19
dynamic
learning 6-20
removing 6-22
in ACLs 34-27
IP address association 38-9
manually assigning IP address 3-10
static
adding 6-25
allowing 6-26
characteristics of 6-24
dropping 6-26
removing 6-25
MAC address notification, support for 1-12
MAC address-table move update
configuration guidelines 20-5
configuring 20-9
default configuration 20-5
description 20-3
monitoring 20-11
MAC address-to-VLAN mapping 12-28
MAC extended access lists
applying to Layer 2 interfaces 34-28
configuring for QoS 36-45
creating 34-27
defined 34-27
for QoS classification 36-5
macros
See Smartports macros
magic packet 9-18
manageability features 1-5
management access
in-band
browser session 1-6
CLI session 1-6
device manager 1-6
SNMP 1-6
out-of-band console port connection 1-6
management options
CLI 2-1
CNS 4-1
Network Assistant 1-2
overview 1-5
switch stacks 1-3
mapping tables for QoS
configuring
CoS-to-DSCP 36-60
DSCP 36-60
DSCP-to-CoS 36-63
DSCP-to-DSCP-mutation 36-64
IP-precedence-to-DSCP 36-61
policed-DSCP 36-62
described 36-12
marking
action in policy map 36-48
action with aggregate policers 36-58
described 36-4, 36-8
matching IPv4 ACLs 34-8
maximum aging time
MSTP 18-23
STP 17-23
maximum hop count, MSTP 18-24
maximum-paths command 38-53, 38-83
MDA
configuration guidelines9-20to 9-21
described 1-9, 9-20
exceptions with authentication process 9-4
membership mode, VLAN port 12-3
messages, to users through banners 6-17
metrics, in BGP 38-53
metric translations, between routing protocols 38-88
metro tags 16-2
MHSRP 40-3
MIBs
accessing files with FTP A-4
location of files A-4
overview 32-1
SNMP interaction with 32-4
supported A-1
mirroring traffic for analysis 29-1
mismatches, autonegotiation 47-9
module number 10-7
monitoring
access groups 34-39
BGP 38-64
cables for unidirectional links 28-1
CDP 26-5
CEF 38-82
EIGRP 38-44
fallback bridging 46-11
features 1-12
Flex Links 20-11
HSRP 40-11
IEEE 802.1Q tunneling 16-18
IGMP
filters 23-29
snooping 23-16, 24-11
interfaces 10-25
IP
address tables 38-18
multicast routing 44-53
routes 38-95
IP SLAs operations 41-14
IPv4 ACL configuration 34-39
IPv6 39-24
IPv6 ACL configuration 35-9
Layer 2 protocol tunneling 16-18
MAC address-table move update 20-11
MSDP peers 45-19
multicast router interfaces 23-17, 24-12
multi-VRF CE 38-80
MVR 23-23
network traffic for analysis with probe 29-2
object tracking 42-10
OSPF 38-36
port
blocking 25-18
protection 25-18
private VLANs 15-15
RP mapping information 44-27
SFP status 10-25, 47-10
source-active messages 45-19
speed and duplex mode 10-18
traffic flowing among switches 30-1
traffic suppression 25-18
tunneling 16-18
VLAN
filters 34-40
maps 34-40
VLANs 12-16
VMPS 12-33
VTP 13-16
MSDP
benefits of 45-3
clearing MSDP connections and statistics 45-19
controlling source information
forwarded by switch 45-12
originated by switch 45-9
received by switch 45-14
default configuration 45-4
dense-mode regions
sending SA messages to 45-17
specifying the originating address 45-18
filtering
incoming SA messages 45-14
SA messages to a peer 45-12
SA requests from a peer 45-11
join latency, defined 45-6
meshed groups
configuring 45-16
defined 45-16
originating address, changing 45-18
overview 45-1
peer-RPF flooding 45-2
peers
configuring a default 45-4
monitoring 45-19
peering relationship, overview 45-1
requesting source information from 45-8
shutting down 45-16
source-active messages
caching 45-6
clearing cache entries 45-19
defined 45-2
filtering from a peer 45-11
filtering incoming 45-14
source-active messages (continued)
filtering to a peer 45-12
limiting data with TTL 45-14
monitoring 45-19
restricting advertised sources 45-9
support for 1-12
MSTP
boundary ports
configuration guidelines 18-16
described 18-6
BPDU filtering
described 19-3
enabling 19-14
BPDU guard
described 19-2
enabling 19-13
CIST, described 18-3
CIST regional root 18-3
CIST root 18-5
configuration guidelines 18-15, 19-12
configuring
forward-delay time 18-23
hello time 18-22
link type for rapid convergence 18-24
maximum aging time 18-23
maximum hop count 18-24
MST region 18-16
neighbor type 18-25
path cost 18-21
port priority 18-19
root switch 18-17
secondary root switch 18-19
switch priority 18-21
CST
defined 18-3
operations between regions 18-4
default configuration 18-15
default optional feature configuration 19-12
displaying status 18-26
enabling the mode 18-16
EtherChannel guard
described 19-10
enabling 19-17
extended system ID
effects on root switch 18-17
effects on secondary root switch 18-19
unexpected behavior 18-18
IEEE 802.1s
implementation 18-6
port role naming change 18-7
terminology 18-5
instances supported 17-10
interface state, blocking to forwarding 19-2
interoperability and compatibility among modes 17-11
interoperability with IEEE 802.1D
described 18-9
restarting migration process 18-25
IST
defined 18-3
master 18-3
operations within a region 18-3
loop guard
described 19-11
enabling 19-18
mapping VLANs to MST instance 18-16
MST region
CIST 18-3
configuring 18-16
described 18-2
hop-count mechanism 18-5
IST 18-3
supported spanning-tree instances 18-2
optional features supported 1-7
overview 18-2
Port Fast
described 19-2
enabling 19-12
preventing root switch selection 19-10
root guard
described 19-10
enabling 19-18
root switch
configuring 18-18
effects of extended system ID 18-17
unexpected behavior 18-18
shutdown Port Fast-enabled port 19-2
stack changes, effects of 18-8
status, displaying 18-26
MTU
system 10-23
system jumbo 10-23
system routing 10-23
multicast groups
Immediate Leave 23-6
joining 23-3
leaving 23-5
static joins 23-10, 24-8
multicast packets
ACLs on 34-39
blocking 25-7
multicast router interfaces, monitoring 23-17, 24-12
multicast router ports, adding 23-10, 24-8
Multicast Source Discovery Protocol
See MSDP
multicast storm 25-1
multicast storm-control command 25-4
multicast VLAN 23-18
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multioperations scheduling, IP SLAs 41-5
Multiple HSRP
See MHSRP
multiple VPN routing/forwarding in customer edge devices
See multi-VRF CE
multi-VRF CE
configuration example 38-76
configuration guidelines 38-68
configuring 38-68
default configuration 38-68
defined 38-65
displaying 38-80
monitoring 38-80
network components 38-68
packet-forwarding process 38-67
support for 1-11
MVR
and address aliasing 23-20
and IGMPv3 23-21
configuration guidelines 23-20
configuring interfaces 23-22
default configuration 23-20
described 23-18
in the switch stack 23-20
modes 23-21
monitoring 23-23
setting global parameters 23-21
support for 1-4
N
NAC
AAA down policy 1-10
critical authentication 9-15, 9-37
IEEE 802.1x authentication using a RADIUS server 9-41
IEEE 802.1x validation using RADIUS server 9-41
inaccessible authentication bypass 1-10, 9-37
Layer 2 IEEE 802.1x validation 1-9, 9-41
Layer 2 IP validation 1-9
named IPv4 ACLs 34-15
named IPv6 ACLs 35-3
NameSpace Mapper
See NSM
native VLAN
and IEEE 802.1Q tunneling 16-4
configuring 12-24
default 12-24
neighbor discovery, IPv6 39-4
neighbor discovery/recovery, EIGRP 38-37
neighbors, BGP 38-59
Network Admission Control
See NAC
Network Assistant
benefits 1-2
described 1-5
downloading image files 1-3
guide mode 1-3
management options 1-2
managing switch stacks 5-2, 5-17
requirements xliv
upgrading a switch B-24
wizards 1-3
network configuration examples
data center 1-17
expanded data center 1-18
increasing network performance 1-16
providing network services 1-17
small to medium-sized network 1-19
network design
performance 1-16
services 1-17
network management
CDP 26-1
RMON 30-1
SNMP 32-1
network performance, measuring with IP SLAs 41-3
network policy TLV 27-6
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
configuration guidelines 36-32
configuring 36-48
described 36-9
non-IP traffic filtering 34-27
nontrunking mode 12-18
normal-range VLANs 12-4
configuration guidelines 12-6
configuration modes 12-7
configuring 12-4
defined 12-1
no switchport command 10-4
note, described xliv
not-so-stubby areas
See NSSA
NSM 4-3
NSSA, OSPF 38-31
NTP
associations
authenticating 6-4
defined 6-2
enabling broadcast messages 6-6
peer 6-5
server 6-5
default configuration 6-4
displaying the configuration 6-11
overview 6-2
restricting access
creating an access group 6-8
disabling NTP services per interface 6-10
source IP address, configuring 6-10
stratum 6-2
support for 1-6
synchronizing devices 6-5
time
services 6-2
synchronizing 6-2
O
OBFL
configuring 47-22
described 47-22
displaying 47-23
object tracking
HSRP 42-7
IP SLAs 42-9
IP SLAs, configuring 42-9
mointoring 42-10
offline configuration for switch stacks 5-9
on-board failure logging
See OBFL
online diagnostics
described 48-1
overview 48-1
running tests 48-5
Open Shortest Path First
See OSPF
optimizing system resources 8-1
options, management 1-5
OSPF
area parameters, configuring 38-31
configuring 38-29
default configuration
metrics 38-33
route 38-32
settings 38-27
described 38-25
for IPv6 39-22
interface parameters, configuring 38-30
LSA group pacing 38-35
monitoring 38-36
router IDs 38-35
route summarization 38-32
support for 1-11
virtual links 38-32
out-of-profile markdown 1-11
P
packet modification, with QoS 36-19
PAgP
Layer 2 protocol tunneling 16-9
See EtherChannel
parallel paths, in routing tables 38-82
passive interfaces
configuring 38-92
OSPF 38-33
passwords
default configuration 7-2
disabling recovery of 7-5
encrypting 7-3
for security 1-8
overview 7-1
recovery of 47-3
setting
enable 7-3
enable secret 7-3
Telnet 7-6
with usernames 7-6
VTP domain 13-8
path cost
MSTP 18-21
STP 17-20
path MTU discovery 39-4
PBR
defined 38-88
enabling 38-90
fast-switched policy-based routing 38-91
local policy-based routing 38-91
peers, BGP 38-59
percentage thresholds in tracked lists 42-6
performance, network design 1-16
performance features 1-3
persistent self-signed certificate 7-43
per-VLAN spanning-tree plus
See PVST+
PE to CE routing, configuring 38-75
physical ports 10-2
PIM
default configuration 44-10
dense mode
overview 44-4
rendezvous point (RP), described 44-5
RPF lookups 44-8
displaying neighbors 44-54
enabling a mode 44-14
overview 44-4
router-query message interval, modifying 44-30
shared tree and source tree, overview 44-27
shortest path tree, delaying the use of 44-29
sparse mode
join messages and shared tree 44-5
overview 44-5
prune messages 44-5
RPF lookups 44-9
stub routing
configuration guidelines 44-14
enabling 44-15
overview 44-5
support for 1-12
versions
interoperability 44-11
troubleshooting interoperability problems 44-27
v2 improvements 44-4
PIM-DVMRP, as snooping method 23-9
ping
character output description 47-12
executing 47-11
overview 47-11
policed-DSCP map for QoS 36-62
policers
configuring
for each matched traffic class 36-48
for more than one traffic class 36-58
described 36-4
displaying 36-78
number of 36-33
types of 36-9
policing
described 36-4
hierarchical
See hierarchical policy maps
token-bucket algorithm 36-9
policy-based routing
See PBR
policy maps for QoS
characteristics of 36-48
described 36-7
displaying 36-79
hierarchical 36-8
hierarchical on SVIs
configuration guidelines 36-32
configuring 36-52
described 36-11
nonhierarchical on physical ports
configuration guidelines 36-32
configuring 36-48
described 36-9
port ACLs
defined 34-2
types of 34-3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 9-9
authentication server
defined 9-2
RADIUS server 9-3
client, defined 9-2
configuration guidelines 9-24
configuring
802.1x authentication 9-26
guest VLAN 9-34
host mode 9-29
inaccessible authentication bypass 9-37
manual re-authentication of a client 9-30
periodic re-authentication 9-30
quiet period 9-31
RADIUS server 9-29
RADIUS server parameters on the switch 9-28
restricted VLAN 9-35
switch-to-client frame-retransmission number 9-32, 9-33
switch-to-client retransmission time 9-31
default configuration 9-23
described 9-1
device roles 9-2
displaying statistics 9-45
EAPOL-start frame 9-5
EAP-request/identity frame 9-5
EAP-response/identity frame 9-5
encapsulation 9-3
guest VLAN
configuration guidelines 9-14, 9-15
described 9-13
host mode 9-8
port-based authenication (continued)
inaccessible authentication bypass
configuring 9-37
described 9-15
guidelines 9-26
initiation and message exchange 9-5
magic packet 9-18
method lists 9-26
multiple-hosts mode, described 9-8
per-user ACLs
AAA authorization 9-26
configuration tasks 9-13
described 9-12
RADIUS server attributes 9-12
ports
authorization state and dot1x port-control command 9-7
authorized and unauthorized 9-7
critical 9-15
voice VLAN 9-16
port security
and voice VLAN 9-18
described 9-17
interactions 9-17
multiple-hosts mode 9-8
resetting to default values 9-45
stack changes, effects of 9-7
statistics, displaying 9-45
switch
as proxy 9-3
RADIUS client 9-3
VLAN assignment
AAA authorization 9-26
characteristics 9-11
configuration tasks 9-11
described 9-10
port-based authentication (continued)
voice VLAN
described 9-16
PVID 9-16
VVID 9-16
wake-on-LAN, described 9-18
port blocking 1-4, 25-6
port-channel
See EtherChannel
Port Fast
described 19-2
enabling 19-12
mode, spanning tree 12-30
support for 1-7
port membership modes, VLAN 12-3
port priority
MSTP 18-19
STP 17-18
ports
10-Gigabit Ethernet 10-6
access 10-3
blocking 25-6
dynamic access 12-4
protected 25-5
routed 10-4
secure 25-7
static-access 12-3, 12-11
switch 10-2
trunks 12-3, 12-16
VLAN assignments 12-11
port security
aging 25-16
and private VLANs 25-17
and QoS trusted boundary 36-38
and stacking 25-17
configuring 25-12
default configuration 25-10
described 25-7
displaying 25-18
port security (continued)
enabling 25-17
on trunk ports 25-13
sticky learning 25-8
violations 25-9
with other features 25-10
port-shutdown response, VMPS 12-29
power management TLV 27-6
preemption, default configuration 20-5
preemption delay, default configuration 20-5
preferential treatment of traffic
See QoS
prefix lists, BGP 38-57
preventing unauthorized access 7-1
primary links 20-2
primary VLANs 15-1, 15-3
priority
HSRP 40-7
overriding CoS 14-6
trusting CoS 14-6
private VLAN edge ports
See protected ports
private VLANs
across multiple switches 15-4
and SDM template 15-4
and SVIs 15-5
and switch stacks 15-5
benefits of 15-1
community ports 15-2
community VLANs 15-2, 15-3
configuration guidelines 15-7, 15-8
configuration tasks 15-6
configuring 15-10
default configuration 15-6
end station access to 15-3
IP addressing 15-3
isolated port 15-2
isolated VLANs 15-2, 15-3
mapping 15-14
private VLANs (continued)
monitoring 15-15
ports
community 15-2
configuration guidelines 15-8
configuring host ports 15-11
configuring promiscuous ports 15-13
isolated 15-2
promiscuous 15-2
primary VLANs 15-1, 15-3
promiscuous ports 15-2
secondary VLANs 15-2
subdomains 15-1
traffic in 15-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 7-9
exiting 7-9
logging into 7-9
overview 7-2, 7-7
setting a command with 7-8
promiscuous ports
configuring 15-13
defined 15-2
protected ports 1-8, 25-5
protocol-dependent modules, EIGRP 38-37
Protocol-Independent Multicast Protocol
See PIM
provider edge devices 38-66
provisioning new members for a switch stack 5-9
proxy ARP
configuring 38-12
definition 38-10
with IP routing disabled 38-12
pruning, VTP
disabling
in VTP domain 13-14
on a port 12-24
enabling
in VTP domain 13-14
on a port 12-23
examples 13-5
overview 13-4
pruning-eligible list
changing 12-23
for VTP pruning 13-5
VLANs 13-14
PVST+
described 17-10
IEEE 802.1Q trunking interoperability 17-11
instances supported 17-10
Q
QoS
and MQC commands 36-1
auto-QoS
categorizing traffic 36-21
configuration and defaults display 36-29
configuration guidelines 36-25
described 36-20
disabling 36-26
displaying generated commands 36-26
displaying the initial configuration 36-29
effects on running configuration 36-25
egress queue defaults 36-21
enabling for VoIP 36-26
example configuration 36-27
ingress queue defaults 36-21
list of generated commands 36-22
basic model 36-4
classification
class maps, described 36-7
defined 36-4
DSCP transparency, described 36-39
flowchart 36-6
forwarding treatment 36-3
in frames and packets 36-3
IP ACLs, described 36-5, 36-7
MAC ACLs, described 36-5, 36-7
options for IP traffic 36-5
options for non-IP traffic 36-5
policy maps, described 36-7
trust DSCP, described 36-5
trusted CoS, described 36-5
trust IP precedence, described 36-5
class maps
configuring 36-46
displaying 36-78
configuration guidelines
auto-QoS 36-25
standard QoS 36-32
configuring
aggregate policers 36-58
auto-QoS 36-20
default port CoS value 36-37
DSCP maps 36-60
DSCP transparency 36-39
DSCP trust states bordering another domain 36-40
egress queue characteristics 36-70
ingress queue characteristics 36-66
IP extended ACLs 36-44
IP standard ACLs 36-43
MAC ACLs 36-45
configuring (continued)
policy maps, hierarchical 36-52
policy maps on physical ports 36-48
port trust states within the domain 36-35
trusted boundary 36-38
default auto configuration 36-21
default standard configuration 36-30
displaying statistics 36-78
DSCP transparency 36-39
egress queues
allocating buffer space 36-71
buffer allocation scheme, described 36-18
configuring shaped weights for SRR 36-75
configuring shared weights for SRR 36-76
described 36-4
displaying the threshold map 36-74
flowchart 36-17
mapping DSCP or CoS values 36-73
scheduling, described 36-4
setting WTD thresholds 36-71
WTD, described 36-19
enabling globally 36-34
flowcharts
classification 36-6
egress queueing and scheduling 36-17
ingress queueing and scheduling 36-15
policing and marking 36-10
implicit deny 36-7
ingress queues
allocating bandwidth 36-68
allocating buffer space 36-68
buffer and bandwidth allocation, described 36-16
configuring shared weights for SRR 36-68
configuring the priority queue 36-69
described 36-4
displaying the threshold map 36-67
flowchart 36-15
mapping DSCP or CoS values 36-67
ingress queues (continued)
priority queue, described 36-16
scheduling, described 36-4
setting WTD thresholds 36-67
WTD, described 36-16
IP phones
automatic classification and queueing 36-20
detection and trusted settings 36-20, 36-38
limiting bandwidth on egress interface 36-77
mapping tables
CoS-to-DSCP 36-60
displaying 36-78
DSCP-to-CoS 36-63
DSCP-to-DSCP-mutation 36-64
IP-precedence-to-DSCP 36-61
policed-DSCP 36-62
types of 36-12
marked-down actions 36-50, 36-55
marking, described 36-4, 36-8
overview 36-2
packet modification 36-19
policers
configuring 36-50, 36-55, 36-58
described 36-8
displaying 36-78
number of 36-33
types of 36-9
policies, attaching to an interface 36-8
policing
described 36-4, 36-8
token bucket algorithm 36-9
policy maps
characteristics of 36-48
displaying 36-79
hierarchical 36-8
hierarchical on SVIs 36-52
nonhierarchical on physical ports 36-48
QoS label, defined 36-4
queues
configuring egress characteristics 36-70
configuring ingress characteristics 36-66
high priority (expedite) 36-19, 36-76
location of 36-13
SRR, described 36-14
WTD, described 36-13
rewrites 36-19
support for 1-10
trust states
bordering another domain 36-40
described 36-5
trusted device 36-38
within the domain 36-35
quality of service
See QoS
queries, IGMP 23-4
query solicitation, IGMP 23-13
R
RADIUS
attributes
vendor-proprietary 7-30
vendor-specific 7-29
configuring
accounting 7-28
authentication 7-23
authorization 7-27
communication, global 7-21, 7-29
communication, per-server 7-20, 7-21
multiple UDP ports 7-21
default configuration 7-20
defining AAA server groups 7-25
displaying the configuration 7-31
identifying the server 7-20
limiting the services to the user 7-27
method list, defined 7-20
operation of 7-19
overview 7-18
suggested network environments 7-18
support for 1-10
tracking services accessed by user 7-28
range
macro 10-10
of interfaces 10-9
rapid convergence 18-10
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 17-10
IEEE 802.1Q trunking interoperability 17-11
instances supported 17-10
Rapid Spanning Tree Protocol
See RSTP
RARP 38-10
RCP
configuration files
downloading B-18
overview B-16
preparing the server B-17
uploading B-19
image files
deleting old image B-38
downloading B-36
preparing the server B-35
uploading B-38
reachability, tracking IP SLAs IP host 42-9
reconfirmation interval, VMPS, changing 12-32
reconfirming dynamic VLAN membership 12-32
recovery procedures 47-1
redundancy
EtherChannel 37-2
HSRP 40-1
STP
backbone 17-8
multidrop backbone 19-5
path cost 12-27
port priority 12-25
redundant links and UplinkFast 19-15
reliable transport protocol, EIGRP 38-37
reloading software 3-17
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 29-3
report suppression, IGMP
described 23-6
disabling 23-16, 24-11
requirements
device manager xliv
Network Assistant xliv
resequencing ACL entries 34-15
resets, in BGP 38-51
resetting a UDLD-shutdown interface 28-6
responder, IP SLAs
described 41-4
enabling 41-8
response time, measuring with IP SLAs 41-4
restricted VLAN
configuring 9-35
described 9-14
using with IEEE 802.1x 9-14
restricting access
NTP services 6-8
overview 7-1
passwords and privilege levels 7-2
RADIUS 7-17
TACACS+ 7-10
retry count, VMPS, changing 12-33
reverse address resolution 38-9
Reverse Address Resolution Protocol
See RARP
RFC
1058, RIP 38-20
1112, IP multicast and IGMP 23-2
1157, SNMPv1 32-2
1163, BGP 38-44
1166, IP addresses 38-7
1253, OSPF 38-25
1267, BGP 38-44
1305, NTP 6-2
1587, NSSAs 38-26
1757, RMON 30-2
1771, BGP 38-44
1901, SNMPv2C 32-2
1902 to 1907, SNMPv2 32-2
2236, IP multicast and IGMP 23-2
2273-2275, SNMPv3 32-2
RIP
advertisements 38-20
authentication 38-23
configuring 38-21
default configuration 38-21
described 38-20
for IPv6 39-20
hop counts 38-20
split horizon 38-23
summary addresses 38-24
support for 1-11
RMON
default configuration 30-3
displaying status 30-6
enabling alarms and events 30-3
groups supported 30-2
overview 30-1
statistics
collecting group Ethernet 30-5
collecting group history 30-5
support for 1-12
root guard
described 19-10
enabling 19-18
support for 1-7
root switch
MSTP 18-17
STP 17-16
route calculation timers, OSPF 38-33
route dampening, BGP 38-63
routed packets, ACLs on 34-38
routed ports
configuring 38-5
defined 10-4
IP addresses on 10-22, 38-5
route-map command 38-91
route maps
BGP 38-55
policy-based routing 38-89
router ACLs
defined 34-2
types of 34-4
route reflectors, BGP 38-62
router ID, OSPF 38-35
route selection, BGP 38-53
route summarization, OSPF 38-32
route targets, VPN 38-68
routing
default 38-3
dynamic 38-3
redistribution of information 38-85
static 38-3
routing domain confederation, BGP 38-62
Routing Information Protocol
See RIP
routing protocol administrative distances 38-84
RSPAN 29-3
and stack changes 29-11
characteristics 29-9
configuration guidelines 29-17
default configuration 29-11
destination ports 29-8
displaying status 29-24
in a switch stack 29-2
interaction with other features 29-9
monitored ports 29-7
monitoring ports 29-8
overview 1-12, 29-1
received traffic 29-6
session limits 29-12
sessions
creating 29-18
defined 29-4
limiting source traffic to specific VLANs 29-20
specifying monitored ports 29-18
with ingress traffic enabled 29-22
source ports 29-7
transmitted traffic 29-6
VLAN-based 29-7
RSTP
active topology 18-10
BPDU
format 18-12
processing 18-13
designated port, defined 18-9
designated switch, defined 18-9
interoperability with IEEE 802.1D
described 18-9
restarting migration process 18-25
topology changes 18-13
overview 18-9
port roles
described 18-9
synchronized 18-11
proposal-agreement handshake process 18-10
rapid convergence
cross-stack rapid convergence 18-11
described 18-10
edge ports and Port Fast 18-10
point-to-point links 18-10, 18-24
root ports 18-10
root port, defined 18-9
See also MSTP
running configuration
replacing B-20, B-21
rolling back B-20, B-21
saving 3-11
S
scheduled reloads 3-17
scheduling, IP SLAs operations 41-5
SDM
described 8-1
switch stack consideration 5-11
templates
configuring 8-5
number of 8-1
SDM template
configuring 8-4
dual IPv4 and IPv6 8-2
types of 8-1
secondary VLANs 15-2
secure HTTP client
configuring 7-48
displaying 7-49
secure HTTP server
configuring 7-46
displaying 7-49
secure MAC addresses
and switch stacks 25-17
deleting 25-15
maximum number of 25-9
types of 25-8
secure ports
and switch stacks 25-17
configuring 25-7
secure remote connections 7-38
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 25-7
security features 1-8
sequence numbers in log messages 31-8
server mode, VTP 13-3
service-provider network, MSTP and RSTP 18-1
service-provider networks
and customer VLANs 16-2
and IEEE 802.1Q tunneling 16-1
Layer 2 protocols across 16-8
Layer 2 protocol tunneling for EtherChannels 16-9
set-request operation 32-4
severity levels, defining in system messages 31-9
SFPs
monitoring status of 10-25, 47-10
numbering of 10-8
security and identification 47-9
status, displaying 47-10
shaped round robin
See SRR
show access-lists hw-summary command 34-22
show and more command output, filtering 2-10
show cdp traffic command 26-5
show configuration command 10-21
show forward command 47-18
show interfaces command 10-18, 10-21
show l2protocol command 16-13, 16-15, 16-16
show lldp traffic command 27-7
show platform forward command 47-18
show running-config command
displaying ACLs 34-20, 34-21, 34-31, 34-34
interface description in 10-21
shutdown command on interfaces 10-26
shutdown threshold for Layer 2 protocol packets 16-11
Simple Network Management Protocol
See SNMP
Smartports macros
applying Cisco-default macros 11-6
applying global parameter values 11-5, 11-6
applying macros 11-5
applying parameter values 11-5, 11-7
configuration guidelines 11-3
creating 11-4
default configuration 11-2
defined 11-1
displaying 11-8
tracing 11-3
website 11-2
SNAP 26-1
SNMP
accessing MIB variables with 32-4
agent
described 32-4
disabling 32-7
and IP SLAs 41-2
authentication level 32-10
community strings
configuring 32-8
overview 32-4
configuration examples 32-16
default configuration 32-6
engine ID 32-7
groups 32-6, 32-9
host 32-6
ifIndex values 32-5
in-band management 1-6
informs
and trap keyword 32-11
described 32-5
differences from traps 32-5
disabling 32-15
enabling 32-14
limiting access by TFTP servers 32-15
limiting system log messages to NMS 31-10
manager functions 1-5, 32-3
MIBs
location of A-4
supported A-1
notifications 32-5
overview 32-1, 32-4
security levels 32-3
status, displaying 32-17
system contact and location 32-15
trap manager, configuring 32-13
traps
described 32-3, 32-5
differences from informs 32-5
disabling 32-15
enabling 32-11
enabling MAC address notification 6-22
overview 32-1, 32-4
types of 32-11
users 32-6, 32-9
versions supported 32-2
SNMPv1 32-2
SNMPv2C 32-2
SNMPv3 32-2
snooping, IGMP 23-2
software compatibility
See stacks, switch
software images
location in flash B-25
recovery procedures 47-2
scheduling reloads 3-17
tar file format, described B-25
See also downloading and uploading
source addresses
in IPv4 ACLs 34-12
in IPv6 ACLs 35-6
source-and-destination-IP address based forwarding, EtherChannel 37-8
source-and-destination MAC address forwarding, EtherChannel 37-8
source-IP address based forwarding, EtherChannel 37-8
source-MAC address forwarding, EtherChannel 37-7
SPAN
and stack changes 29-11
configuration guidelines 29-12
default configuration 29-11
destination ports 29-8
displaying status 29-24
interaction with other features 29-9
monitored ports 29-7
monitoring ports 29-8
overview 1-12, 29-1
ports, restrictions 25-11
received traffic 29-6
session limits 29-12
sessions
configuring ingress forwarding 29-16, 29-23
creating 29-13
defined 29-4
limiting source traffic to specific VLANs 29-16
removing destination (monitoring) ports 29-14
specifying monitored ports 29-13
with ingress traffic enabled 29-15
source ports 29-7
transmitted traffic 29-6
VLAN-based 29-7
spanning tree and native VLANs 12-19
Spanning Tree Protocol
See STP
SPAN traffic 29-6
split horizon, RIP 38-23
SRR
configuring
shaped weights on egress queues 36-75
shared weights on egress queues 36-76
shared weights on ingress queues 36-68
described 36-14
shaped mode 36-14
shared mode 36-14
support for 1-11
SSH
configuring 7-39
cryptographic software image 7-37
described 1-6, 7-38
encryption methods 7-38
switch stack considerations 5-18, 7-38
user authentication methods, supported 7-39
SSL
configuration guidelines 7-45
configuring a secure HTTP client 7-48
configuring a secure HTTP server 7-46
cryptographic software image 7-42
described 7-42
monitoring 7-49
stack changes, effects on
ACL configuration 34-7
CDP 26-2
cross-stack EtherChannel 37-12
EtherChannel 37-9
fallback bridging 46-3
HSRP 40-4
IEEE 802.1x port-based authentication 9-7
stack changes, effects on (continued)
IGMP snooping 23-7
IP routing 38-4
IPv6 ACLs 35-4
IPv6 routing 39-10
MAC address tables 6-21
MSTP 18-8
multicast routing 44-10
MVR 23-18
port security 25-17
SDM template selection 8-3
SNMP 32-1
SPAN and RSPAN 29-11
STP 17-12
system message log 31-2
VLANs 12-6
VTP 13-6
stack master
bridge ID (MAC address) 5-8
defined 5-1
election 5-6
IPv6 39-10
re-election 5-6
See also stacks, switch
stack member
accessing CLI of specific member 5-25
configuring
member number 5-23
priority value 5-23
defined 5-1
displaying information of 5-25
IPv6 39-10
number 5-8
priority value 5-9
provisioning a new member 5-24
replacing 5-16
See also stacks, switch
stack member number 10-7
stack protocol version 5-12
stacks, switch
accessing CLI of specific member 5-25
assigning information
member number 5-23
priority value 5-23
provisioning a new member 5-24
auto-advise 5-13
auto-copy 5-13
auto-extract 5-13
auto-upgrade 5-13
bridge ID 5-8
CDP considerations 26-2
compatibility, software 5-11
configuration file 5-16
configuration scenarios 5-19
copying an image file from one member to another B-39
default configuration 5-21
description of 5-1
displaying information of 5-25
enabling persistent MAC address timer 5-21
hardware compatibility and SDM mismatch mode 5-11
HSRP considerations 40-4
incompatible software and image upgrades 5-16, B-39
IPv6 on 39-10
MAC address considerations 6-21
MAC address of 5-21
management connectivity 5-17
managing 5-1
membership 5-3
merged 5-3
MSTP instances supported 17-10
multicast routing, stack master and member roles 44-9
stacks, switch (continued)
offline configuration
described 5-9
effects of adding a provisioned switch 5-9
effects of removing a provisioned switch 5-11
effects of replacing a provisioned switch 5-11
provisioned configuration, defined 5-9
provisioned switch, defined 5-9
provisioning a new member 5-24
partitioned 5-3, 47-9
provisioned switch
adding 5-9
removing 5-11
replacing 5-11
replacing a failed member 5-16
software compatibility 5-11
software image version 5-11
stack protocol version 5-12
STP
bridge ID 17-3
instances supported 17-10
root port selection 17-3
stack root switch election 17-3
system messages
hostnames in the display 31-1
remotely monitoring 31-2
system prompt consideration 6-14
system-wide configuration considerations 5-17
upgrading B-39
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 5-13
described 5-12
examples 5-14
manual upgrades with auto-advise 5-13
upgrades with auto-extract 5-13
See also stack master and stack member
StackWise Plus technology, Cisco 1-3
See also stacks, switch
standby ip command 40-5
standby links 20-2
standby router 40-1
standby timers, HSRP 40-10
startup configuration
booting
manually 3-13
specific image 3-14
clearing B-20
configuration file
automatically downloading 3-12
specifying the filename 3-13
default boot configuration 3-12
static access ports
assigning to VLAN 12-11
defined 10-3, 12-3
static addresses
See addresses
static IP routing 1-12
static MAC addressing 1-8
static routes
configuring 38-83
configuring for IPv6 39-18
static routing 38-3
static VLAN membership 12-2
statistics
CDP 26-5
IEEE 802.1x 9-45
interface 10-25
IP multicast routing 44-54
LLDP 27-7
LLDP-MED 27-7
OSPF 38-36
QoS ingress and egress 36-78
RMON group Ethernet 30-5
RMON group history 30-5
SNMP input and output 32-17
VTP 13-16
sticky learning 25-8
storm control
configuring 25-3
described 25-1
disabling 25-5
displaying 25-18
support for 1-4
thresholds 25-1
STP
accelerating root port selection 19-4
BackboneFast
described 19-7
disabling 19-17
enabling 19-16
BPDU filtering
described 19-3
disabling 19-15
enabling 19-14
BPDU guard
described 19-2
disabling 19-14
enabling 19-13
BPDU message exchange 17-3
configuration guidelines 17-13, 19-12
configuring
forward-delay time 17-23
hello time 17-22
maximum aging time 17-23
path cost 17-20
port priority 17-18
root switch 17-16
secondary root switch 17-18
spanning-tree mode 17-15
switch priority 17-21
transmit hold-count 17-24
counters, clearing 17-24
cross-stack UplinkFast
described 19-5
enabling 19-16
default configuration 17-13
default optional feature configuration 19-12
designated port, defined 17-4
designated switch, defined 17-4
detecting indirect link failures 19-8
disabling 17-16
displaying status 17-24
EtherChannel guard
described 19-10
disabling 19-17
enabling 19-17
extended system ID
effects on root switch 17-16
effects on the secondary root switch 17-18
overview 17-4
unexpected behavior 17-16
features supported 1-7
IEEE 802.1D and bridge ID 17-4
IEEE 802.1D and multicast addresses 17-9
IEEE 802.1t and VLAN identifier 17-5
inferior BPDU 17-3
instances supported 17-10
interface state, blocking to forwarding 19-2
interface states
blocking 17-6
disabled 17-7
forwarding 17-6, 17-7
learning 17-7
listening 17-7
overview 17-5
interoperability and compatibility among modes 17-11
keepalive messages 17-2
Layer 2 protocol tunneling 16-8
limitations with IEEE 802.1Q trunks 17-11
load sharing
overview 12-24
using path costs 12-27
using port priorities 12-25
loop guard
described 19-11
enabling 19-18
modes supported 17-10
multicast addresses, effect of 17-9
optional features supported 1-7
overview 17-2
path costs 12-27
Port Fast
described 19-2
enabling 19-12
port priorities 12-26
preventing root switch selection 19-10
protocols supported 17-10
redundant connectivity 17-8
root guard
described 19-10
enabling 19-18
root port, defined 17-3
root port selection on a switch stack 17-3
root switch
configuring 17-16
effects of extended system ID 17-4, 17-16
election 17-3
unexpected behavior 17-16
shutdown Port Fast-enabled port 19-2
stack changes, effects of 17-12
status, displaying 17-24
superior BPDU 17-3
timers, described 17-22
UplinkFast
described 19-3
enabling 19-15
VLAN-bridge 17-11
stratum, NTP 6-2
stub areas, OSPF 38-31
stub routing, EIGRP 38-43
subdomains, private VLAN 15-1
subnet mask 38-7
subnet zero 38-7
success response, VMPS 12-29
summer time 6-13
SunNet Manager 1-5
supernet 38-8
SVIs
and IP unicast routing 38-5
and router ACLs 34-4
connecting VLANs 10-6
defined 10-5
routing between VLANs 12-2
switch console port 1-6
Switch Database Management
See SDM
switched packets, ACLs on 34-37
Switched Port Analyzer
See SPAN
switched ports 10-2
switchport block multicast command 25-7
switchport block unicast command 25-7
switchport command 10-16
switchport mode dot1q-tunnel command 16-6
switchport protected command 25-6
switch priority
MSTP 18-21
STP 17-21
switch software features 1-1
switch virtual interface
See SVI
synchronization, BGP 38-49
syslog
See system message logging
system clock
configuring
daylight saving time 6-13
manually 6-11
summer time 6-13
time zones 6-12
displaying the time and date 6-12
overview 6-1
See also NTP
system message logging
default configuration 31-4
defining error message severity levels 31-9
disabling 31-4
displaying the configuration 31-14
enabling 31-5
facility keywords, described 31-14
level keywords, described 31-10
limiting messages 31-10
message format 31-2
overview 31-1
sequence numbers, enabling and disabling 31-8
setting the display destination device 31-5
stack changes, effects of 31-2
synchronizing log messages 31-6
syslog facility 1-12
time stamps, enabling and disabling 31-8
UNIX syslog servers
configuring the daemon 31-12
configuring the logging facility 31-13
facilities supported 31-14
system MTU and IEEE 802.1Q tunneling 16-5
system name
default configuration 6-15
default setting 6-15
manual configuration 6-15
See also DNS
system prompt, default setting 6-14, 6-15
system resources, optimizing 8-1
T
TACACS+
accounting, defined 7-11
authentication, defined 7-11
authorization, defined 7-11
configuring
accounting 7-17
authentication key 7-13
authorization 7-16
login authentication 7-14
default configuration 7-13
displaying the configuration 7-17
identifying the server 7-13
limiting the services to the user 7-16
operation of 7-12
overview 7-10
support for 1-10
tracking services accessed by user 7-17
tagged packets
IEEE 802.1Q 16-3
Layer 2 protocol 16-7
tar files
creating B-7
displaying the contents of B-7
extracting B-8
image file format B-25
TCL script, registering and defining with embedded event manager 33-6
TDR 1-13
Telnet
accessing management interfaces 2-11
number of connections 1-6
setting a password 7-6
templates, SDM 8-1
temporary self-signed certificate 7-43
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 7-6
TFTP
configuration files
downloading B-12
preparing the server B-11
uploading B-12
configuration files in base directory 3-6
configuring for autoconfiguration 3-6
image files
deleting B-29
downloading B-27
preparing the server B-26
uploading B-29
limiting access by servers 32-15
TFTP server 1-5
threshold, traffic level 25-2
threshold monitoring, IP SLAs 41-6
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 34-17
time ranges in ACLs 34-17
time stamps in log messages 31-8
time zones 6-12
TLVs
defined 27-2
LLDP 27-2
LLDP-MED 27-2
Token Ring VLANs
support for 12-6
VTP support 13-4
ToS 1-10
traceroute, Layer 2
and ARP 47-13
and CDP 47-12
broadcast traffic 47-12
described 47-12
IP addresses and subnets 47-13
MAC addresses and VLANs 47-13
traceroute, Layer 2 (continued)
multicast traffic 47-13
multiple devices on a port 47-13
unicast traffic 47-12
usage guidelines 47-12
traceroute command 47-14
See also IP traceroute
tracked lists
configuring 42-3
types 42-3
tracked objects
by Boolean expression 42-4
by threshold percentage 42-6
by threshold weight 42-5
tracking interface line-protocol state 42-2
tracking IP routing state 42-2
tracking objects 42-1
tracking process 42-1
track state, tracking IP SLAs 42-9
traffic
blocking flooded 25-7
fragmented 34-5
fragmented IPv6 35-3
unfragmented 34-5
traffic policing 1-10
traffic suppression 25-1
transmit hold-count
see STP
transparent mode, VTP 13-3, 13-12
trap-door mechanism 3-2
traps
configuring MAC address notification 6-22
configuring managers 32-11
defined 32-3
enabling 6-22, 32-11
notification types 32-11
overview 32-1, 32-4
troubleshooting
connectivity problems 47-10, 47-12, 47-13
detecting unidirectional links 28-1
displaying crash information 47-21
PIMv1 and PIMv2 interoperability problems 44-27
setting packet forwarding 47-18
SFP security and identification 47-9
show forward command 47-18
with CiscoWorks 32-4
with debug commands 47-16
with ping 47-11
with system message logging 31-1
with traceroute 47-14
trunk failover
See link-state tracking
trunking encapsulation 1-8
trunk ports
configuring 12-21
defined 10-3, 12-3
encapsulation 12-21, 12-26, 12-27
trunks
allowed-VLAN list 12-22
configuring 12-21, 12-26, 12-27
ISL 12-16
load sharing
setting STP path costs 12-27
using STP port priorities 12-25, 12-26
native VLAN for untagged traffic 12-24
parallel 12-27
pruning-eligible list 12-23
to non-DTP device 12-18
trusted boundary for QoS 36-38
trusted port states
between QoS domains 36-40
classification options 36-5
ensuring port security for IP phones 36-38
support for 1-10
within a QoS domain 36-35
trustpoints, CA 7-43
tunneling
defined 16-1
IEEE 802.1Q 16-1
Layer 2 protocol 16-8
tunnel ports
described 10-4, 16-1
IEEE 802.1Q, configuring 16-6
incompatibilities with other features 16-6
twisted-pair Ethernet, detecting unidirectional links 28-1
type of service
See ToS
U
UDLD
configuration guidelines 28-4
default configuration 28-4
disabling
globally 28-5
on fiber-optic interfaces 28-5
per interface 28-6
echoing detection mechanism 28-2
enabling
globally 28-5
per interface 28-6
Layer 2 protocol tunneling 16-10
link-detection mechanism 28-1
neighbor database 28-2
overview 28-1
resetting an interface 28-6
status, displaying 28-7
support for 1-7
UDP, configuring 38-16
UDP jitter, configuring 41-9
UDP jitter operation, IP SLAs 41-8
unauthorized ports with IEEE 802.1x 9-7
unicast MAC address filtering 1-6
and adding static addresses 6-26
and broadcast MAC addresses 6-25
and CPU packets 6-25
and multicast addresses 6-25
and router MAC addresses 6-25
configuration guidelines 6-25
described 6-25
unicast storm 25-1
unicast storm control command 25-4
unicast traffic, blocking 25-7
UniDirectional Link Detection protocol
See UDLD
universal software image
cryptographic 1-1
feature set
advanced IP services 1-2
IP base 1-1
IP services 1-1
noncryptographic 1-1
UNIX syslog servers
daemon configuration 31-12
facilities supported 31-14
message logging configuration 31-13
unrecognized Type-Length-Value (TLV) support 13-4
upgrading information
See release notes
upgrading software images
See downloading
UplinkFast
described 19-3
disabling 19-16
enabling 19-15
support for 1-7
uploading
configuration files
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-15
using RCP B-19
using TFTP B-12
image files
preparing B-26, B-30, B-35
reasons for B-24
using FTP B-33
using RCP B-38
using TFTP B-29
User Datagram Protocol
See UDP
user EXEC mode 2-2
username-based authentication 7-6
V
version-dependent transparent mode 13-4
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 5-13
described 5-12
displaying 5-12
manual upgrades with auto-advise 5-13
upgrades with auto-extract 5-13
Virtual Private Network
See VPN
virtual router 40-1, 40-2
vlan.dat file 12-5
VLAN 1
disabling on a trunk port 12-22
minimization 12-22
VLAN ACLs
See VLAN maps
vlan-assignment response, VMPS 12-29
VLAN configuration
at bootup 12-8
saving 12-8
VLAN configuration mode 2-2, 12-7
VLAN database
and startup configuration file 12-8
and VTP 13-1, 33-1
VLAN configuration saved in 12-7
VLANs saved in 12-4
vlan database command 12-7
vlan dot1q tag native command 16-5
VLAN filtering and SPAN 29-8
vlan global configuration command 12-7
VLAN ID, discovering 6-27
VLAN load balancing on flex links
configuration guidelines 20-5
described 20-2
VLAN management domain 13-2
VLAN Management Policy Server
See VMPS
VLAN map entries, order of 34-30
VLAN maps
applying 34-34
common uses for 34-34
configuration guidelines 34-30
configuring 34-29
creating 34-31
defined 34-2
denying access to a server example 34-34
denying and permitting packets 34-31
displaying 34-40
examples of ACLs and VLAN maps 34-32
removing 34-34
support for 1-9
VLAN membership
confirming 12-32
modes 12-3
VLAN Query Protocol
See VQP
VLANs
adding 12-9
adding to VLAN database 12-9
aging dynamic addresses 17-9
allowed on trunk 12-22
and spanning-tree instances 12-3, 12-6, 12-13
configuration guidelines, extended-range VLANs 12-13
configuration guidelines, normal-range VLANs 12-6
configuration options 12-7
configuring 12-1
configuring IDs 1006 to 4094 12-13
connecting through SVIs 10-6
creating in config-vlan mode 12-9
creating in VLAN configuration mode 12-10
customer numbering in service-provider networks 16-3
default configuration 12-8
deleting 12-10
described 10-2, 12-1
displaying 12-16
extended-range 12-1, 12-12
features 1-7
illustrated 12-2
internal 12-13
in the switch stack 12-6
limiting source traffic with RSPAN 29-20
limiting source traffic with SPAN 29-16
modifying 12-9
multicast 23-18
native, configuring 12-24
normal-range 12-1, 12-4
number supported 1-7
parameters 12-5
port membership modes 12-3
static-access ports 12-11
STP and IEEE 802.1Q trunks 17-11
supported 12-2
Token Ring 12-6
traffic between 12-2
VLAN-bridge STP 17-11, 46-2
VTP modes 13-3
VLAN Trunking Protocol
See VTP
VLAN trunks 12-16
VMPS
administering 12-33
configuration example 12-34
configuration guidelines 12-30
default configuration 12-30
description 12-28
dynamic port membership
described 12-29
reconfirming 12-32
troubleshooting 12-34
entering server address 12-31
mapping MAC addresses to VLANs 12-28
monitoring 12-33
reconfirmation interval, changing 12-32
reconfirming membership 12-32
retry count, changing 12-33
voice-over-IP 14-1
voice VLAN
Cisco 7960 phone, port connections 14-1
configuration guidelines 14-3
configuring IP phones for data traffic
override CoS of incoming frame 14-6
trust CoS priority of incoming frame 14-6
configuring ports for voice traffic in
IEEE 802.1p priority tagged frames 14-5
IEEE 802.1Q frames 14-5
connecting to an IP phone 14-4
default configuration 14-3
described 14-1
displaying 14-7
IP phone data traffic, described 14-2
IP phone voice traffic, described 14-2
VPN
configuring routing in 38-74
forwarding 38-68
in service provider networks 38-65
routes 38-66
VPN routing and forwarding table
See VRF
VQP 1-7, 12-28
VRF
defining 38-68
tables 38-65
VRF-aware services
ARP 38-70
configuring 38-70
ftp 38-73
HSRP 38-71
ping 38-71
SNMP 38-71
syslog 38-72
tftp 38-73
traceroute 38-73
uRPF 38-72
VRFs, configuring multicast 38-74
VTP
adding a client to a domain 13-14
advertisements 12-20, 13-3
and extended-range VLANs 13-2
and normal-range VLANs 13-2
client mode, configuring 13-11
configuration
global configuration mode 13-7
guidelines 13-8
privileged EXEC mode 13-7
requirements 13-9
saving 13-7
VLAN configuration mode 13-8
configuration mode options 13-7
configuration requirements 13-9
configuration revision number
guideline 13-14
resetting 13-15
configuring
client mode 13-11
server mode 13-9
transparent mode 13-12
consistency checks 13-4
default configuration 13-7
described 13-1
disabling 13-12
domain names 13-8
domains 13-2
Layer 2 protocol tunneling 16-8
modes
client 13-3, 13-11
server 13-3, 13-9
transitions 13-3
transparent 13-3, 13-12
monitoring 13-16
passwords 13-8
pruning
disabling 13-14
enabling 13-14
examples 13-5
overview 13-4
support for 1-8
pruning-eligible list, changing 12-23
server mode, configuring 13-9
statistics 13-16
support for 1-8
Token Ring support 13-4
transparent mode, configuring 13-12
using 13-1
version, guidelines 13-9
Version 1 13-4
Version 2
configuration guidelines 13-9
disabling 13-13
enabling 13-13
overview 13-4
W
WCCP
authentication 43-3
configuration guidelines 43-5
default configuration 43-5
described 43-1
displaying 43-10
dynamic service groups 43-3
enabling 43-6
features unsupported 43-5
forwarding method 43-3
Layer-2 header rewrite 43-3
MD5 security 43-3
message exchange 43-2
monitoring and maintaining 43-10
negotiation 43-3
packet redirection 43-3
packet-return method 43-3
redirecting traffic received from a client 43-6
setting the password 43-7
unsupported WCCPv2 features 43-5
web authentication
configuring9-42to 9-44
described 1-8, 9-21
fallback for IEEE 802.1x 9-43
Web Cache Communication Protocol
See WCCP
weighted tail drop
See WTD
weight thresholds in tracked lists 42-5
wizards 1-3
WTD
described 36-13
setting thresholds
egress queue-sets 36-71
ingress queues 36-67
support for 1-11
X
Xmodem protocol 47-2