Numerics -
A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
K -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
Index
Numerics
10-Gigabit Ethernet interfaces 11-6
A
AAA down policy, NAC Layer 2 IP validation 1-12
abbreviating commands 2-3
ABRs 39-32
access
templates 8-1
access-class command 35-20
access control entries
See ACEs
access-denied response, VMPS 13-26
access groups
applying IPv4 ACLs to interfaces 35-21
Layer 2 35-21
Layer 3 35-21
access groups, applying IPv4 ACLs to interfaces 35-21
accessing stack members 7-26
access lists
See ACLs
access ports
and Layer 2 protocol tunneling 17-11
defined 11-3
access template 8-1
accounting
with 802.1x 9-51
with IEEE 802.1x 9-15
with RADIUS 6-35
with TACACS+ 6-11, 6-17
ACEs
and QoS 37-8
defined 35-2
Ethernet 35-2
IP 35-2
ACLs
ACEs 35-2
any keyword 35-13
applying
on bridged packets 35-38
on multicast packets 35-39
on routed packets 35-39
on switched packets 35-37
time ranges to 35-17
to an interface 35-20, 36-8
to IPv6 interfaces 36-8
to QoS 37-8
classifying traffic for QoS 37-49
comments in 35-19
compiling 35-23
defined 35-2, 35-8
examples of 35-23, 37-49
extended IP, configuring for QoS classification 37-50
extended IPv4
creating 35-11
matching criteria 35-8
hardware and software handling 35-22
host keyword 35-13
IP
creating 35-8
fragments and QoS guidelines 37-38
implicit deny 35-10, 35-14, 35-17
implicit masks 35-10
matching criteria 35-8
undefined 35-21
IPv4
applying to interfaces 35-20
creating 35-8
matching criteria 35-8
named 35-15
numbers 35-8
terminal lines, setting on 35-19
unsupported features 35-7
IPv6
and stacking 36-4
applying to interfaces 36-8
configuring 36-4, 36-5
displaying 36-9
interactions with other features 36-5
limitations 36-3
matching criteria 36-3
named 36-3
precedence of 36-3
unsupported features 36-3
Layer 4 information in 35-37
logging messages 35-9
MAC extended 35-28, 37-53
matching 35-8, 35-21
monitoring 35-40, 36-9
named
IPv4 35-15
IPv6 36-3
names 36-5
number per QoS class map 37-38
port 35-2, 36-2
precedence of 35-3
QoS 37-8, 37-49
resequencing entries 35-15
router 35-2, 36-2
router ACLs and VLAN map configuration guidelines 35-37
standard IP, configuring for QoS classification 37-49, 37-51
standard IPv4
creating 35-10
matching criteria 35-8
support for 1-10
support in hardware 35-22
time ranges 35-17
types supported 35-2
unsupported features
IPv4 35-7
IPv6 36-3
using router ACLs with VLAN maps 35-36
VLAN maps
configuration guidelines 35-31
configuring 35-30
active link 21-4, 21-5, 21-6
active links 21-2
active router 41-1
active traffic monitoring, IP SLAs 42-1
address aliasing 24-2
addresses
displaying the MAC address table 5-31
dynamic
accelerated aging 18-9
changing the aging time 5-21
default aging 18-9
defined 5-19
learning 3-16, 5-20
removing 5-22
IPv6 40-3
MAC, discovering 5-31
multicast
group address range 45-3
STP address management 18-9
static
adding and removing 5-27
defined 5-19
address resolution 5-31, 39-10
Address Resolution Protocol
See ARP
adjacency tables, with CEF 39-98
administrative distances
defined 39-111
OSPF 39-39
routing protocol defaults 39-100
advertisements
CDP 27-1
LLDP 28-1, 28-2
RIP 39-21
VTP 13-18, 14-3, 14-4
aggregatable global unicast addresses 40-5
aggregate addresses, BGP 39-67
aggregated ports
See EtherChannel
aggregate policers 37-72
aggregate policing 1-13
aging, accelerating 18-9
aging time
accelerated
for MSTP 19-24
for STP 18-9, 18-23
MAC address table 5-21
maximum
for MSTP 19-25
for STP 18-23, 18-24
alarms, RMON 31-4
allowed-VLAN list 13-20
application engines, redirecting traffic to 44-1
area border routers
See ABRs
area routing
IS-IS 39-71
ISO IGRP 39-71
ARP
configuring 39-11
defined 1-6, 5-31, 39-11
encapsulation 39-12
static cache configuration 39-11
table
address resolution 5-31
managing 5-31
ASBRs 39-32
AS-path filters, BGP 39-61
asymmetrical links, and IEEE 802.1Q tunneling 17-4
attributes, RADIUS
vendor-proprietary 6-38
vendor-specific 6-36
attribute-value pairs 9-20, 9-21
authentication
EIGRP 39-48
HSRP 41-11
local mode with AAA 6-44
NTP associations 5-4
open1x 9-30
RADIUS
key 6-28
login 6-30
TACACS+
defined 6-11
key 6-13
login 6-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 9-9
authentication failed VLAN
See restricted VLAN
authentication keys, and routing protocols 39-111
authentication manager
CLI commands 9-9
compatibility with older 802.1x CLI commands 9-10
overview 9-8
single session ID 9-33
authoritative time source, described 5-2
authorization
with RADIUS 6-34
with TACACS+ 6-11, 6-16
authorized ports with IEEE 802.1x 9-11
autoconfiguration 3-4
auto enablement 9-32
automatic advise (auto-advise) in switch stacks 7-14
automatic copy (auto-copy) in switch stacks 7-13
automatic extraction (auto-extract) in switch stacks 7-13
automatic QoS
See QoS
automatic upgrades (auto-upgrade) in switch stacks 7-13
auto-MDIX
configuring 11-22
described 11-22
autonegotiation
duplex mode 1-4
interface configuration guidelines 11-18
mismatches 48-9
autonomous system boundary routers
See ASBRs
autonomous systems, in BGP 39-54
auto-QoS video devices 1-14
Auto-RP, described 45-6
autosensing, port speed 1-4
autostate exclude 11-6
auxiliary VLAN
See voice VLAN
availability, features 1-8
B
BackboneFast
described 20-7
disabling 20-17
enabling 20-16
support for 1-8
backup interfaces
See Flex Links
backup links 21-2
banners
configuring
login 5-19
message-of-the-day login 5-18
default configuration 5-17
when displayed 5-17
BGP
aggregate addresses 39-67
aggregate routes, configuring 39-67
CIDR 39-67
clear commands 39-70
community filtering 39-63
configuring neighbors 39-65
default configuration 39-51
described 39-50
enabling 39-54
monitoring 39-70
multipath support 39-58
neighbors, types of 39-54
path selection 39-58
peers, configuring 39-65
prefix filtering 39-62
resetting sessions 39-57
route dampening 39-69
route maps 39-60
route reflectors 39-68
routing domain confederation 39-67
routing session with multi-VRF CE 39-92
show commands 39-70
supernets 39-67
support for 1-14
Version 4 39-51
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 22-6
DHCP snooping database 22-6
IP source guard 22-16
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 26-7
Boolean expressions in tracked lists 43-3
booting
boot loader, function of 3-2
boot process 3-2
manually 3-22
specific image 3-23
boot loader
accessing 3-24
described 3-2
environment variables 3-24
prompt 3-24
trap-door mechanism 3-2
bootstrap router (BSR), described 45-7
Border Gateway Protocol
See BGP
BPDU
error-disabled state 20-2
filtering 20-3
RSTP format 19-13
BPDU filtering
described 20-3
disabling 20-15
enabling 20-14
support for 1-8
BPDU guard
described 20-2
disabling 20-14
enabling 20-13
support for 1-8
bridged packets, ACLs on 35-38
bridge groups
See fallback bridging
bridge protocol data unit
See BPDU
broadcast flooding 39-18
broadcast packets
directed 39-15
flooded 39-15
broadcast storm-control command 26-4
broadcast storms 26-1, 39-15
C
cables, monitoring for unidirectional links 29-1
Catalyst 6000 switches
authentication compatibility 9-9
CA trustpoint
configuring 6-53
defined 6-50
CDP
and trusted boundary 37-45
configuring 27-2
default configuration 27-2
defined with LLDP 28-1
described 27-1
disabling for routing device27-3to 27-4
enabling and disabling
on an interface 27-4
on a switch 27-3
Layer 2 protocol tunneling 17-8
monitoring 27-5
overview 27-1
support for 1-6
switch stack considerations 27-2
transmission timer and holdtime, setting 27-2
updates 27-2
CEF
defined 39-97
distributed 39-98
IPv6 40-21
CGMP
as IGMP snooping learning method 24-9
clearing cached group entries 45-66
enabling server support 45-49
joining multicast group 24-3
overview 45-9
server support only 45-9
switch support of 1-4
CIDR 39-67
CipherSuites 6-51
Cisco 7960 IP Phone 15-1
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
See IFS
Cisco IOS IP SLAs 42-1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 9-21
attribute-value pairs for redirect URL 9-20
Cisco Secure ACS configuration guide 9-63
Cisco StackWise Plus technology 1-3
See also stacks, switch
CiscoWorks 2000 1-6, 33-4
CISP 9-32
CIST regional root
See MSTP
CIST root
See MSTP
civic location 28-3
classless interdomain routing
See CIDR
classless routing 39-9
class maps for QoS
configuring 37-54
described 37-8
displaying 37-92
class of service
See CoS
clearing interfaces 11-29
CLI
abbreviating commands 2-3
command modes 2-1
configuration logging 2-5
described 1-5
editing features
enabling and disabling 2-6
keystroke editing 2-7
wrapped lines 2-8
error messages 2-4
filtering command output 2-9
getting help 2-3
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client mode, VTP 14-3
client processes, tracking 43-1
CLNS
See ISO CLNS
clock
See system clock
CNS
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-7
enabling configuration agent 4-9
enabling event agent 4-8
management functions 1-6
CoA Request Commands 6-23
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-3
no and default 2-4
commands, setting privilege levels 6-8
common session ID
see single session ID 9-33
community list, BGP 39-64
community ports 16-2
community strings
configuring 33-8
overview 33-4
community VLANs 16-2, 16-3
compatibility, feature 26-12
compatibility, software
See stacks, switch
config.text 3-21
configurable leave timer, IGMP 24-6
configuration, initial
defaults 1-17
Express Setup 1-3
configuration examples, network 1-19
configuration files
archiving B-20
clearing the startup configuration B-20
creating and using, guidelines for B-10
creating using a text editor B-11
default name 3-21
deleting a stored configuration B-20
described B-9
downloading
automatically 3-21
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
invalid combinations when copying B-6
limiting TFTP server access 33-17
obtaining with DHCP 3-9
password recovery disable considerations 6-5
replacing and rolling back, guidelines for B-22
replacing a running configuration B-20, B-21
rolling back a running configuration B-20, B-21
specifying the filename 3-22
system contact and location information 33-16
types and location B-10
uploading
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-15
using RCP B-19
using TFTP B-13
configuration guidelines, multi-VRF CE 39-84
configuration logging 2-5
configuration replacement B-20
configuration rollback B-20
configuration settings, saving 3-19
configure terminal command 11-9
configuring multicast VRFs 39-90
configuring port-based authentication violation modes9-38to 9-39
configuring small-frame arrival rate 26-5
connections, secure remote 6-46
connectivity problems 48-10, 48-11, 48-13
consistency checks in VTP Version 2 14-5
console port, connecting to 2-10
content-routing technology
See WCCP
control protocol, IP SLAs 42-4
corrupted software, recovery steps with Xmodem 48-2
CoS
override priority 15-6
trust priority 15-6
CoS input queue threshold map for QoS 37-17
CoS output queue threshold map for QoS 37-20
CoS-to-DSCP map for QoS 37-74
counters, clearing interface 11-29
CPU utilization, troubleshooting 48-23
crashinfo file 48-20
critical authentication, IEEE 802.1x 9-55
critical VLAN 9-23
cross-stack EtherChannel
configuration guidelines 38-12
configuring
on Layer 2 interfaces 38-12
on Layer 3 physical interfaces 38-16
described 38-2
illustration 38-3
support for 1-8
cross-stack UplinkFast, STP
described 20-5
disabling 20-16
enabling 20-16
fast-convergence events 20-7
Fast Uplink Transition Protocol 20-6
normal-convergence events 20-7
support for 1-8
cryptographic software image
Kerberos 6-40
SSL 6-50
switch stack considerations 6-46, 7-2, 7-18
customer edge devices 39-82
customizeable web pages, web-based authentication 10-6
D
DACL
See downloadable ACL
daylight saving time 5-13
dCEF in the switch stack 39-97
debugging
enabling all system diagnostics 48-17
enabling for a specific feature 48-16
redirecting error message output 48-17
using commands 48-16
default commands 2-4
default configuration
802.1x 9-35
auto-QoS 37-22
banners 5-17
BGP 39-51
booting 3-21
CDP 27-2
DHCP 22-8
DHCP option 82 22-8
DHCP snooping 22-8
DHCP snooping binding database 22-9
DNS 5-16
dynamic ARP inspection 23-5
EIGRP 39-44
EtherChannel 38-10
Ethernet interfaces 11-17
fallback bridging 47-4
Flex Links 21-8
HSRP 41-6
IEEE 802.1Q tunneling 17-4
IGMP 45-43
IGMP filtering 24-25
IGMP snooping 24-7, 25-6
IGMP throttling 24-25
initial switch information 3-3
IP addressing, IP routing 39-7
IP multicast routing 45-10
IP SLAs 42-6
IP source guard 22-18
IPv6 40-13
IS-IS 39-73
Layer 2 interfaces 11-17
Layer 2 protocol tunneling 17-11
LLDP 28-4
MAC address table 5-21
MAC address-table move update 21-8
MSDP 46-4
MSTP 19-15
multi-VRF CE 39-84
MVR 24-20
NTP 5-4
optional spanning-tree configuration 20-12
OSPF 39-32
password and privilege level 6-2
PIM 45-10
private VLANs 16-7
RADIUS 6-27
RIP 39-22
RMON 31-3
RSPAN 30-11
SDM template 8-4
SNMP 33-6
SPAN 30-11
SSL 6-52
standard QoS 37-36
STP 18-13
switch stacks 7-21
system message logging 32-4
system name and prompt 5-15
TACACS+ 6-13
UDLD 29-4
VLAN, Layer 2 Ethernet interfaces 13-17
VLANs 13-8
VMPS 13-27
voice VLAN 15-3
VTP 14-8
WCCP 44-6
default gateway 3-16, 39-13
default networks 39-101
default router preference
See DRP
default routes 39-101
default routing 39-4
default web-based authentication configuration
802.1X 10-9
deleting VLANs 13-9
denial-of-service attack 26-1
description command 11-23
designing your network, examples 1-19
desktop template 7-12
destination addresses
in IPv4 ACLs 35-12
in IPv6 ACLs 36-6
destination-IP address-based forwarding, EtherChannel 38-8
destination-MAC address forwarding, EtherChannel 38-8
detecting indirect link failures, STP 20-8
device discovery protocol 27-1, 28-1
device manager
benefits 1-3
described 1-3, 1-5
in-band management 1-7
DHCP
Cisco IOS server database
configuring 22-14
default configuration 22-9
described 22-6
DHCP for IPv6
See DHCPv6
enabling
relay agent 22-11
server 22-10
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-4
DNS 3-8
relay device 3-8
server side 3-7
server-side 22-10
TFTP server 3-7
example 3-10
lease options
for IP address information 3-7
for receiving the configuration file 3-7
overview 3-4
relationship to BOOTP 3-4
relay support 1-6, 1-15
support for 1-6
DHCP-based autoconfiguration and image update
configuring3-13to 3-15
understanding3-5to3-6, 3-11to 3-12
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 22-5
configuration guidelines 22-9
default configuration 22-8
displaying 22-16
forwarding address, specifying 22-11
helper address 22-11
overview 22-3
packet format, suboption
circuit ID 22-5
remote ID 22-5
remote ID suboption 22-5
DHCP server port-based address allocation
configuration guidelines 22-27
default configuration 22-27
described 22-26
displaying 22-30
enabling 22-27
reserved addresses 22-28
DHCP snooping
accepting untrusted packets form edge switch 22-3, 22-13
and private VLANs 22-14
binding database
See DHCP snooping binding database
configuration guidelines 22-9
default configuration 22-8
displaying binding tables 22-16
message exchange process 22-4
option 82 data insertion 22-3
trusted interface 22-2
untrusted interface 22-2
untrusted messages 22-2
DHCP snooping binding database
adding bindings 22-15
binding entries, displaying 22-16
binding file
format 22-7
location 22-6
bindings 22-6
clearing agent statistics 22-15
configuration guidelines 22-10
configuring 22-15
default configuration 22-8, 22-9
deleting
binding file 22-15
bindings 22-16
database agent 22-15
described 22-6
displaying 22-16
binding entries 22-16
status and statistics 22-16
displaying status and statistics 22-16
enabling 22-15
entry 22-6
renewing database 22-15
resetting
delay value 22-15
timeout value 22-15
DHCP snooping binding table
See DHCP snooping binding database
DHCPv6
configuration guidelines 40-18
default configuration 40-18
described 40-7
enabling client function 40-20
enabling DHCPv6 server function 40-18
diagnostic schedule command 49-2
Differentiated Services architecture, QoS 37-2
Differentiated Services Code Point 37-2
Diffusing Update Algorithm (DUAL) 39-42
directed unicast requests 1-6
directories
changing B-4
creating and removing B-5
displaying the working B-4
Distance Vector Multicast Routing Protocol
See DVMRP
distance-vector protocols 39-4
distribute-list command 39-110
DNS
and DHCP-based autoconfiguration 3-8
default configuration 5-16
displaying the configuration 5-17
in IPv6 40-5
overview 5-15
setting up 5-16
support for 1-6
domain names
DNS 5-15
VTP 14-9
Domain Name System
See DNS
domains, ISO IGRP routing 39-71
dot1q-tunnel switchport mode 13-16
double-tagged packets
IEEE 802.1Q tunneling 17-2
Layer 2 protocol tunneling 17-10
downloadable ACL 9-19, 9-21, 9-63
downloading
configuration files
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
image files
deleting old image B-29
preparing B-27, B-30, B-35
reasons for B-24
using CMS 1-3
using FTP B-31
using HTTP 1-3, B-24
using RCP B-36
using TFTP B-27
using the device manager or Network Assistant B-24
drop threshold for Layer 2 protocol packets 17-11
DRP
configuring 40-15
described 40-6
IPv6 40-6
DSCP 1-13, 37-2
DSCP input queue threshold map for QoS 37-17
DSCP output queue threshold map for QoS 37-20
DSCP-to-CoS map for QoS 37-77
DSCP-to-DSCP-mutation map for QoS 37-78
DSCP transparency 37-45
DTP 1-9, 13-16
dual-action detection 38-6
DUAL finite state machine, EIGRP 39-43
dual IPv4 and IPv6 templates 8-2, 40-7
dual protocol stacks
IPv4 and IPv6 40-7
SDM templates supporting 40-7
DVMRP
autosummarization
configuring a summary address 45-63
disabling 45-65
connecting PIM domain to DVMRP router 45-55
enabling unicast routing 45-59
interoperability
with Cisco devices 45-53
with Cisco IOS software 45-9
mrinfo requests, responding to 45-58
neighbors
advertising the default route to 45-57
discovery with Probe messages 45-53
displaying information 45-58
prevent peering with nonpruning 45-61
rejecting nonpruning 45-60
overview 45-8
routes
adding a metric offset 45-65
advertising all 45-65
advertising the default route to neighbors 45-57
caching DVMRP routes learned in report messages 45-59
changing the threshold for syslog messages 45-62
deleting 45-66
displaying 45-67
favoring one over another 45-65
limiting the number injected into MBONE 45-62
limiting unicast route advertisements 45-53
routing table 45-9
source distribution tree, building 45-9
support for 1-15
tunnels
configuring 45-55
displaying neighbor information 45-58
dynamic access ports
characteristics 13-3
configuring 13-29
defined 11-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 23-1
ARP requests, described 23-1
ARP spoofing attack 23-1
clearing
log buffer 23-15
statistics 23-15
configuration guidelines 23-6
configuring
ACLs for non-DHCP environments 23-8
in DHCP environments 23-7
log buffer 23-13
rate limit for incoming ARP packets 23-4, 23-10
default configuration 23-5
denial-of-service attacks, preventing 23-10
described 23-1
DHCP snooping binding database 23-2
displaying
ARP ACLs 23-14
configuration and operating state 23-14
log buffer 23-15
statistics 23-15
trust state and rate limit 23-14
error-disabled state for exceeding rate limit 23-4
function of 23-2
interface trust states 23-3
log buffer
clearing 23-15
configuring 23-13
displaying 23-15
logging of dropped packets, described 23-5
man-in-the middle attack, described 23-2
network security issues and interface trust states 23-3
priority of ARP ACLs and DHCP snooping entries 23-4
rate limiting of ARP packets
configuring 23-10
described 23-4
error-disabled state 23-4
statistics
clearing 23-15
displaying 23-15
validation checks, performing 23-12
dynamic auto trunking mode 13-16
dynamic desirable trunking mode 13-16
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 13-27
reconfirming 13-29, 13-30
troubleshooting 13-31
types of connections 13-29
dynamic routing 39-4
ISO CLNS 39-71
Dynamic Trunking Protocol
See DTP
E
EBGP 39-49
editing features
enabling and disabling 2-6
keystrokes used 2-7
wrapped lines 2-8
EEM 3.2 34-5
EIGRP
authentication 39-48
components 39-43
configuring 39-46
default configuration 39-44
definition 39-42
interface parameters, configuring 39-47
monitoring 39-49
support for 1-14
EIGRP stub routing 39-29
elections
See stack master
ELIN location 28-3
embedded event manager
3.2 34-5
actions 34-4
configuring 34-1, 34-6
displaying information 34-8
environmental variables 34-5
event detectors 34-3
policies 34-4
registering and defining an applet 34-6
registering and defining a TCL script 34-7
understanding 34-1
enable password 6-3
enable secret password 6-3
encryption, CipherSuite 6-52
encryption for passwords 6-3
Enhanced IGRP
See EIGRP
enhanced object tracking
defined 43-1
HSRP 43-6
IP routing state 43-2
IP SLAs 43-8
line-protocol state 43-2
tracked lists 43-3
environmental variables, embedded event manager 34-5
environment variables, function of 3-25
equal-cost routing 1-15, 39-99
error-disabled state, BPDU 20-2
error messages during command entry 2-4
EtherChannel
automatic creation of 38-5, 38-6
channel groups
binding physical and logical interfaces 38-4
numbering of 38-4
configuration guidelines 38-11
configuring
Layer 2 interfaces 38-12
Layer 3 physical interfaces 38-16
Layer 3 port-channel logical interfaces 38-15
default configuration 38-10
described 38-2
displaying status 38-23
forwarding methods 38-8, 38-18
IEEE 802.3ad, described 38-6
interaction
with STP 38-11
with VLANs 38-12
LACP
described 38-6
displaying status 38-23
hot-standby ports 38-20
interaction with other features 38-7
modes 38-7
port priority 38-22
system priority 38-21
Layer 3 interface 39-6
load balancing 38-8, 38-18
logical interfaces, described 38-4
PAgP
aggregate-port learners 38-19
compatibility with Catalyst 1900 38-19
described 38-5
displaying status 38-23
interaction with other features 38-6
interaction with virtual switches 38-6
learn method and priority configuration 38-19
modes 38-5
support for 1-4
with dual-action detection 38-6
port-channel interfaces
described 38-4
numbering of 38-4
port groups 11-6
stack changes, effects of 38-9
support for 1-4
EtherChannel guard
described 20-10
disabling 20-17
enabling 20-17
Ethernet management port, internal
and routing 11-15
configuring 11-16
default setting 11-15
described 11-13
Layer 3 routing guidelines 11-16
supported features 11-16
unsupported features 11-16
Ethernet VLANs
adding 13-8
defaults and ranges 13-8
modifying 13-8
EUI 40-5
event detectors, embedded event manager 34-3
events, RMON 31-4
examples
network configuration 1-19
expedite queue for QoS 37-91
Express Setup 1-3
See also getting started guide
extended crashinfo file 48-20
extended-range VLANs
configuration guidelines 13-11
configuring 13-11
creating 13-12
creating with an internal VLAN ID 13-13
defined 13-1
extended system ID
MSTP 19-18
STP 18-4, 18-16
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 9-2
external BGP
See EBGP
external neighbors, BGP 39-54
F
Fa0 port
See Ethernet management port, internal
failover support 1-8
fallback bridging
and protected ports 47-4
bridge groups
creating 47-4
described 47-2
displaying 47-11
function of 47-2
number supported 47-5
removing 47-5
bridge table
clearing 47-11
displaying 47-11
configuration guidelines 47-4
connecting interfaces with 11-8
default configuration 47-4
described 47-1
frame forwarding
flooding packets 47-2
forwarding packets 47-2
overview 47-1
protocol, unsupported 47-4
stack changes, effects of 47-3
STP
disabling on an interface 47-10
forward-delay interval 47-9
hello BPDU interval 47-9
interface priority 47-7
keepalive messages 18-2
maximum-idle interval 47-10
path cost 47-8
VLAN-bridge spanning-tree priority 47-6
VLAN-bridge STP 47-2
support for 1-14
SVIs and routed ports 47-1
unsupported protocols 47-4
VLAN-bridge STP 18-12
Fast Convergence 21-3
fastethernet0 port
See Ethernet management port, internal
Fast Uplink Transition Protocol 20-6
features, incompatible 26-12
FIB 39-97
fiber-optic, detecting unidirectional links 29-1
files
basic crashinfo
description 48-20
location 48-20
copying B-5
crashinfo, description 48-20
deleting B-6
displaying the contents of B-8
extended crashinfo
description 48-20
location 48-20
tar
creating B-7
displaying the contents of B-7
extracting B-8
image file format B-25
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-5
setting the default B-3
filtering
in a VLAN 35-30
IPv6 traffic 36-4, 36-8
non-IP traffic 35-28
show and more command output 2-9
filtering show and more command output 2-9
filters, IP
See ACLs, IP
flash device, number of B-1
flexible authentication ordering
configuring 9-66
overview 9-30
Flex Link Multicast Fast Convergence 21-3
Flex Links
configuration guidelines 21-8
configuring 21-9
configuring preferred VLAN 21-12
configuring VLAN load balancing 21-11
default configuration 21-8
description 21-2
link load balancing 21-3
monitoring 21-14
VLANs 21-3
flooded traffic, blocking 26-8
flow-based packet classification 1-13
flowcharts
QoS classification 37-7
QoS egress queueing and scheduling 37-18
QoS ingress queueing and scheduling 37-16
QoS policing and marking 37-11
flowcontrol
configuring 11-20
described 11-20
forward-delay time
MSTP 19-24
STP 18-23
Forwarding Information Base
See FIB
forwarding nonroutable protocols 47-1
FTP
accessing MIB files A-4
configuration files
downloading B-14
overview B-13
preparing the server B-14
uploading B-15
image files
deleting old image B-33
downloading B-31
preparing the server B-30
uploading B-33
G
general query 21-5
Generating IGMP Reports 21-4
get-bulk-request operation 33-3
get-next-request operation 33-3, 33-4
get-request operation 33-3, 33-4
get-response operation 33-3
global configuration mode 2-2
global leave, IGMP 24-13
guest VLAN and IEEE 802.1x 9-21
guide mode 1-3
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces 11-24
hello time
MSTP 19-23
STP 18-22
help, for the command line 2-3
hierarchical policy maps 37-9
configuration guidelines 37-39
configuring 37-64
described 37-12
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 32-10
host ports
configuring 16-12
kinds of 16-2
hosts, limit on dynamic ports 13-31
Hot Standby Router Protocol
See HSRP
HP OpenView 1-6
HSRP
authentication string 41-11
command-switch redundancy 1-2, 1-8
configuring 41-5
default configuration 41-6
definition 41-1
guidelines 41-6
monitoring 41-12
object tracking 43-6
overview 41-1
priority 41-8
routing redundancy 1-14
support for ICMP redirect messages 41-12
switch stack considerations 41-5
timers 41-11
tracking 41-8
HSRP for IPv6
configuring 40-27
guidelines 40-26
HTTP over SSL
see HTTPS
HTTPS
configuring 6-53
described 6-50
self-signed certificate 6-51
HTTP secure server 6-50
I
IBPG 39-49
ICMP
IPv6 40-5
redirect messages 39-13
support for 1-15
time-exceeded messages 48-13
traceroute and 48-13
unreachable messages 35-20
unreachable messages and IPv6 36-5
unreachables and ACLs 35-22
ICMP Echo operation
configuring 42-11
IP SLAs 42-11
ICMP ping
executing 48-10
overview 48-10
ICMP Router Discovery Protocol
See IRDP
ICMPv6 40-5
IDS appliances
and ingress RSPAN 30-23
and ingress SPAN 30-15
IEEE 802.1D
See STP
IEEE 802.1p 15-1
IEEE 802.1Q
and trunk ports 11-3
configuration limitations 13-17
encapsulation 13-15
native VLAN for untagged traffic 13-22
tunneling
compatibility with other features 17-6
defaults 17-4
described 17-1
tunnel ports with other features 17-6
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3x flow control 11-20
ifIndex values, SNMP 33-5
IFS 1-7
IGMP
configurable leave timer
described 24-6
enabling 24-12
configuring the switch
as a member of a group 45-43
statically connected member 45-48
controlling access to groups 45-44
default configuration 45-43
deleting cache entries 45-67
displaying groups 45-67
fast switching 45-48
flooded multicast traffic
controlling the length of time 24-13
disabling on an interface 24-14
global leave 24-13
query solicitation 24-13
recovering from flood mode 24-13
host-query interval, modifying 45-46
joining multicast group 24-3
join messages 24-3
leave processing, enabling 24-11, 25-9
leaving multicast group 24-5
multicast reachability 45-43
overview 45-2
queries 24-4
report suppression
described 24-6
disabling 24-16, 25-11
supported versions 24-3
support for 1-4
Version 1
changing to Version 2 45-45
described 45-3
Version 2
changing to Version 1 45-45
described 45-3
maximum query response time value 45-47
pruning groups 45-47
query timeout value 45-47
IGMP filtering
configuring 24-25
default configuration 24-25
described 24-24
monitoring 24-29
support for 1-5
IGMP groups
configuring filtering 24-28
setting the maximum number 24-27
IGMP helper 45-6
IGMP Immediate Leave
configuration guidelines 24-12
described 24-6
enabling 24-11
IGMP profile
applying 24-27
configuration mode 24-25
configuring 24-26
IGMP snooping
and address aliasing 24-2
and stack changes 24-7
configuring 24-7
default configuration 24-7, 25-6
definition 24-2
enabling and disabling 24-8, 25-7
global configuration 24-8
Immediate Leave 24-6
in the switch stack 24-7
method 24-9
monitoring 24-16, 25-12
querier
configuration guidelines 24-14
configuring 24-14
supported versions 24-3
support for 1-4
VLAN configuration 24-8
IGMP throttling
configuring 24-28
default configuration 24-25
described 24-25
displaying action 24-29
IGP 39-31
Immediate Leave, IGMP
described 24-6
enabling 25-9
inaccessible authentication bypass 9-23
support for multiauth ports 9-24
initial configuration
defaults 1-17
Express Setup 1-3
interface
number 11-8
range macros 11-12
interface command11-8to 11-9
interface configuration mode 2-2
interfaces
auto-MDIX, configuring 11-22
configuring
procedure 11-9
counters, clearing 11-29
default configuration 11-17
described 11-23
descriptive name, adding 11-23
displaying information about 11-28
duplex and speed configuration guidelines 11-18
flow control 11-20
management 1-5
monitoring 11-28
naming 11-23
physical, identifying 11-8
range of 11-10
restarting 11-29
shutting down 11-29
speed and duplex, configuring 11-19
status 11-28
supported 11-8
types of 11-1
interfaces range macro command 11-12
interface types 11-8
Interior Gateway Protocol
See IGP
internal BGP
See IBGP
internal neighbors, BGP 39-54
Internet Control Message Protocol
See ICMP
Internet Group Management Protocol
See IGMP
Internet Protocol version 6
See IPv6
inter-VLAN routing 1-14, 39-3
Intrusion Detection System
See IDS appliances
inventory management TLV 28-3, 28-7
IP ACLs
for QoS classification 37-8
implicit deny 35-10, 35-14
implicit masks 35-10
named 35-15
undefined 35-21
IP addresses
128-bit 40-3
classes of 39-8
default configuration 39-7
discovering 5-31
for IP routing 39-6
IPv6 40-3
MAC address association 39-10
monitoring 39-19
IP base feature set 1-2
IP broadcast address 39-17
ip cef distributed command 39-98
IP directed broadcasts 39-16
ip igmp profile command 24-25
IP information
assigned
manually 3-16
through DHCP-based autoconfiguration 3-4
default configuration 3-3
IP multicast routing
addresses
all-hosts 45-3
all-multicast-routers 45-3
host group address range 45-3
administratively-scoped boundaries, described 45-51
and IGMP snooping 24-2
Auto-RP
adding to an existing sparse-mode cloud 45-30
benefits of 45-29
clearing the cache 45-67
configuration guidelines 45-12
filtering incoming RP announcement messages 45-32
overview 45-6
preventing candidate RP spoofing 45-32
preventing join messages to false RPs 45-31
setting up in a new internetwork 45-30
using with BSR 45-37
bootstrap router
configuration guidelines 45-12
configuring candidate BSRs 45-35
configuring candidate RPs 45-36
defining the IP multicast boundary 45-35
defining the PIM domain border 45-34
overview 45-7
using with Auto-RP 45-37
Cisco implementation 45-1
configuring
basic multicast routing 45-12
IP multicast boundary 45-51
default configuration 45-10
enabling
multicast forwarding 45-13
PIM mode 45-13
group-to-RP mappings
Auto-RP 45-6
BSR 45-7
MBONE
deleting sdr cache entries 45-67
described 45-50
displaying sdr cache 45-68
enabling sdr listener support 45-50
limiting DVMRP routes advertised 45-62
limiting sdr cache entry lifetime 45-50
SAP packets for conference session announcement 45-50
Session Directory (sdr) tool, described 45-50
monitoring
packet rate loss 45-68
peering devices 45-68
tracing a path 45-68
multicast forwarding, described 45-7
PIMv1 and PIMv2 interoperability 45-11
protocol interaction 45-2
reverse path check (RPF) 45-7
routing table
deleting 45-67
displaying 45-67
RP
assigning manually 45-28
configuring Auto-RP 45-29
configuring PIMv2 BSR 45-33
monitoring mapping information 45-39
using Auto-RP and BSR 45-37
stacking
stack master functions 45-9
stack member functions 45-9
statistics, displaying system and network 45-67
See also CGMP
See also DVMRP
See also IGMP
See also PIM
IP phones
and QoS 15-1
automatic classification and queueing 37-21
configuring 15-4
ensuring port security with QoS 37-44
trusted boundary for QoS 37-44
IP Port Security for Static Hosts
on a Layer 2 access port 22-21
on a PVLAN host port 22-24
IP precedence 37-2
IP-precedence-to-DSCP map for QoS 37-75
IP protocols
in ACLs 35-12
routing 1-14
IP protocols in ACLs 35-12
IP routes, monitoring 39-113
IP routing
connecting interfaces with 11-8
disabling 39-20
enabling 39-20
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 42-1
IP services feature set 1-2
IP SLAs
benefits 42-2
configuration guidelines 42-6
configuring object tracking 43-8
Control Protocol 42-4
default configuration 42-6
definition 42-1
ICMP echo operation 42-11
measuring network performance 42-3
monitoring 42-13
multioperations scheduling 42-5
object tracking 43-8
operation 42-3
reachability tracking 43-8
responder
described 42-4
enabling 42-7
response time 42-4
scheduling 42-5
SNMP support 42-2
supported metrics 42-2
threshold monitoring 42-6
track state 43-8
UDP jitter operation 42-8
IP source guard
and DHCP snooping 22-16
and EtherChannels 22-19
and IEEE 802.1x 22-19
and port security 22-19
and private VLANs 22-19
and routed ports 22-18
and TCAM entries 22-19
and trunk interfaces 22-19
and VRF 22-19
binding configuration
automatic 22-16
manual 22-16
binding table 22-16
configuration guidelines 22-18
default configuration 22-18
described 22-16
disabling 22-20
displaying
bindings 22-26
configuration 22-26
enabling 22-19, 22-21
filtering
source IP address 22-17
source IP and MAC address 22-17
source IP address filtering 22-17
source IP and MAC address filtering 22-17
static bindings
adding 22-19, 22-21
deleting 22-20
static hosts 22-21
IP traceroute
executing 48-14
overview 48-13
IP unicast routing
address resolution 39-10
administrative distances 39-100, 39-111
ARP 39-11
assigning IP addresses to Layer 3 interfaces 39-8
authentication keys 39-111
broadcast
address 39-17
flooding 39-18
packets 39-15
storms 39-15
classless routing 39-9
configuring static routes 39-99
default
addressing configuration 39-7
gateways 39-13
networks 39-101
routes 39-101
routing 39-4
directed broadcasts 39-16
disabling 39-20
dynamic routing 39-4
enabling 39-20
EtherChannel Layer 3 interface 39-6
IGP 39-31
inter-VLAN 39-3
IP addressing
classes 39-8
configuring 39-6
IPv6 40-4
IRDP 39-14
Layer 3 interfaces 39-6
MAC address and IP address 39-10
passive interfaces 39-109
protocols
distance-vector 39-4
dynamic 39-4
link-state 39-4
proxy ARP 39-11
redistribution 39-101
reverse address resolution 39-10
routed ports 39-6
static routing 39-4
steps to configure 39-6
subnet mask 39-8
subnet zero 39-8
supernet 39-9
UDP 39-17
unicast reverse path forwarding 1-15
with SVIs 39-6
See also BGP
See also EIGRP
See also OSPF
See also RIP
IPv4 ACLs
applying to interfaces 35-20
extended, creating 35-11
named 35-15
standard, creating 35-10
IPv6
ACLs
displaying 36-9
limitations 36-3
matching criteria 36-3
port 36-2
precedence 36-3
router 36-2
addresses 40-3
address formats 40-3
and switch stacks 40-11
applications 40-6
assigning address 40-13
autoconfiguration 40-6
CEFv6 40-21
configuring static routes 40-22
default configuration 40-13
default router preference (DRP) 40-6
defined 40-1, 40-3
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 40-8
EIGRP IPv6 Commands 40-8
Router ID 40-8
feature limitations 40-10
features not supported 40-10
forwarding 40-13
ICMP 40-5
monitoring 40-29
neighbor discovery 40-5
OSPF 40-8
path MTU discovery 40-5
SDM templates 8-2, 25-1, 36-1
stack master functions 40-11
supported features 40-4
switch limitations 40-10
understanding static routes 40-8
IPv6 traffic, filtering 36-4
IRDP
configuring 39-14
definition 39-14
support for 1-15
IS-IS
addresses 39-71
area routing 39-71
default configuration 39-73
monitoring 39-81
show commands 39-81
system routing 39-71
ISO CLNS
clear commands 39-81
dynamic routing protocols 39-71
monitoring 39-81
NETs 39-71
NSAPs 39-71
OSI standard 39-71
ISO IGRP
area routing 39-71
system routing 39-71
isolated port 16-2
isolated VLANs 16-2, 16-3
J
join messages, IGMP 24-3
K
KDC
described 6-41
See also Kerberos
keepalive messages 18-2
Kerberos
authenticating to
boundary switch 6-43
KDC 6-43
network services 6-44
configuration examples 6-40
configuring 6-44
credentials 6-41
cryptographic software image 6-40
described 6-41
KDC 6-41
operation 6-43
realm 6-42
server 6-42
support for 1-12
switch as trusted third party 6-40
terms 6-41
TGT 6-42
tickets 6-41
key distribution center
See KDC
L
l2protocol-tunnel command 17-13
LACP
Layer 2 protocol tunneling 17-9
See EtherChannel
Layer 2 frames, classification with CoS 37-2
Layer 2 interfaces, default configuration 11-17
Layer 2 protocol tunneling
configuring 17-10
configuring for EtherChannels 17-14
default configuration 17-11
defined 17-8
guidelines 17-12
Layer 2 traceroute
and ARP 48-12
and CDP 48-12
broadcast traffic 48-11
described 48-11
IP addresses and subnets 48-12
MAC addresses and VLANs 48-12
multicast traffic 48-12
multiple devices on a port 48-12
unicast traffic 48-11
usage guidelines 48-12
Layer 3 features 1-14
Layer 3 interfaces
assigning IP addresses to 39-8
assigning IPv4 and IPv6 addresses to 40-16
assigning IPv6 addresses to 40-14
changing from Layer 2 mode 39-8, 39-88
types of 39-6
Layer 3 packets, classification methods 37-2
LDAP 4-2
Leaking IGMP Reports 21-4
LEDs, switch
See hardware installation guide
Lightweight Directory Access Protocol
See LDAP
line configuration mode 2-2
Link Aggregation Control Protocol
See EtherChannel
Link Failure, detecting unidirectional 19-8
Link Layer Discovery Protocol
See CDP
link local unicast addresses 40-5
link redundancy
See Flex Links
links, unidirectional 29-1
link state advertisements (LSAs) 39-37
link-state protocols 39-4
link-state tracking
configuring 38-25
described 38-23
LLDP
configuring 28-4
characteristics 28-6
default configuration 28-4
enabling 28-5
monitoring and maintaining 28-10
overview 28-1
supported TLVs 28-2
switch stack considerations 28-2
transmission timer and holdtime, setting 28-6
LLDP-MED
configuring
procedures 28-4
TLVs 28-6
monitoring and maintaining 28-10
overview 28-1, 28-2
supported TLVs 28-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing 41-4
local SPAN 30-2
location TLV 28-3, 28-7
logging messages, ACL 35-9
login authentication
with RADIUS 6-30
with TACACS+ 6-14
login banners 5-17
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-21
loop guard
described 20-11
enabling 20-18
support for 1-8
M
MAC/PHY configuration status TLV 28-2
MAC addresses
aging time 5-21
and VLAN association 5-20
building the address table 5-20
default configuration 5-21
disabling learning on a VLAN 5-30
discovering 5-31
displaying 5-31
displaying in the IP source binding table 22-26
dynamic
learning 5-20
removing 5-22
in ACLs 35-28
IP address association 39-10
manually assigning IP address 3-16
static
adding 5-28
allowing 5-29, 5-30
characteristics of 5-27
dropping 5-29
removing 5-28
MAC address learning 1-6
MAC address learning, disabling on a VLAN 5-30
MAC address notification, support for 1-16
MAC address-table move update
configuration guidelines 21-8
configuring 21-12
default configuration 21-8
description 21-6
monitoring 21-14
MAC address-to-VLAN mapping 13-26
MAC authentication bypass 9-16
MAC extended access lists
applying to Layer 2 interfaces 35-29
configuring for QoS 37-53
creating 35-28
defined 35-28
for QoS classification 37-5
macros
See Smartports macros
magic packet 9-27
manageability features 1-6
management access
in-band
browser session 1-7
CLI session 1-7
device manager 1-7
SNMP 1-7
out-of-band console port connection 1-7
management address TLV 28-2
management options
CLI 2-1
CNS 4-1
Network Assistant 1-3
overview 1-5
switch stacks 1-3
mapping tables for QoS
configuring
CoS-to-DSCP 37-74
DSCP 37-74
DSCP-to-CoS 37-77
DSCP-to-DSCP-mutation 37-78
IP-precedence-to-DSCP 37-75
policed-DSCP 37-76
described 37-13
marking
action in policy map 37-59
action with aggregate policers 37-72
described 37-4, 37-9
matching IPv4 ACLs 35-8
maximum aging time
MSTP 19-25
STP 18-23
maximum hop count, MSTP 19-25
maximum number of allowed devices, port-based authentication 9-38
maximum-paths command 39-58, 39-99
MDA
configuration guidelines9-30to 9-31
described 1-11, 9-30
exceptions with authentication process 9-4
membership mode, VLAN port 13-3
messages, to users through banners 5-17
metrics, in BGP 39-58
metric translations, between routing protocols 39-105
metro tags 17-2
MHSRP 41-4
MIBs
accessing files with FTP A-4
location of files A-4
overview 33-1
SNMP interaction with 33-4
supported A-1
mirroring traffic for analysis 30-1
mismatches, autonegotiation 48-9
module number 11-8
monitoring
access groups 35-40
BGP 39-70
cables for unidirectional links 29-1
CDP 27-5
CEF 39-98
EIGRP 39-49
fallback bridging 47-11
features 1-16
Flex Links 21-14
HSRP 41-12
IEEE 802.1Q tunneling 17-18
IGMP
filters 24-29
snooping 24-16, 25-12
interfaces 11-28
IP
address tables 39-19
multicast routing 45-66
routes 39-113
IP SLAs operations 42-13
IPv4 ACL configuration 35-40
IPv6 40-29
IPv6 ACL configuration 36-9
IS-IS 39-81
ISO CLNS 39-81
Layer 2 protocol tunneling 17-18
MAC address-table move update 21-14
MSDP peers 46-18
multicast router interfaces 24-17, 25-12
multi-VRF CE 39-96
MVR 24-24
network traffic for analysis with probe 30-2
object tracking 43-9
OSPF 39-41
port
blocking 26-19
protection 26-19
private VLANs 16-15
RP mapping information 45-39
source-active messages 46-18
speed and duplex mode 11-19
traffic flowing among switches 31-1
traffic suppression 26-19
tunneling 17-18
VLAN
filters 35-41
maps 35-41
VLANs 13-14
VMPS 13-30
VTP 14-18
mrouter Port 21-3
mrouter port 21-5
MSDP
benefits of 46-3
clearing MSDP connections and statistics 46-18
controlling source information
forwarded by switch 46-11
originated by switch 46-8
received by switch 46-14
default configuration 46-4
dense-mode regions
sending SA messages to 46-16
specifying the originating address 46-17
filtering
incoming SA messages 46-14
SA messages to a peer 46-12
SA requests from a peer 46-10
join latency, defined 46-6
meshed groups
configuring 46-15
defined 46-15
originating address, changing 46-17
overview 46-1
peer-RPF flooding 46-2
peers
configuring a default 46-4
monitoring 46-18
peering relationship, overview 46-1
requesting source information from 46-8
shutting down 46-16
source-active messages
caching 46-6
clearing cache entries 46-18
defined 46-2
filtering from a peer 46-10
filtering incoming 46-14
filtering to a peer 46-12
limiting data with TTL 46-13
monitoring 46-18
restricting advertised sources 46-9
support for 1-15
MSTP
boundary ports
configuration guidelines 19-16
described 19-6
BPDU filtering
described 20-3
enabling 20-14
BPDU guard
described 20-2
enabling 20-13
CIST, described 19-3
CIST regional root 19-3
CIST root 19-5
configuration guidelines 19-15, 20-12
configuring
forward-delay time 19-24
hello time 19-23
link type for rapid convergence 19-26
maximum aging time 19-25
maximum hop count 19-25
MST region 19-17
neighbor type 19-26
path cost 19-22
port priority 19-20
root switch 19-18
secondary root switch 19-19
switch priority 19-23
CST
defined 19-3
operations between regions 19-4
default configuration 19-15
default optional feature configuration 20-12
displaying status 19-27
enabling the mode 19-17
EtherChannel guard
described 20-10
enabling 20-17
extended system ID
effects on root switch 19-18
effects on secondary root switch 19-19
unexpected behavior 19-18
IEEE 802.1s
implementation 19-6
port role naming change 19-7
terminology 19-5
instances supported 18-10
interface state, blocking to forwarding 20-2
interoperability and compatibility among modes 18-11
interoperability with IEEE 802.1D
described 19-9
restarting migration process 19-27
IST
defined 19-3
master 19-3
operations within a region 19-3
loop guard
described 20-11
enabling 20-18
mapping VLANs to MST instance 19-17
MST region
CIST 19-3
configuring 19-17
described 19-2
hop-count mechanism 19-5
IST 19-3
supported spanning-tree instances 19-2
optional features supported 1-8
overview 19-2
Port Fast
described 20-2
enabling 20-12
preventing root switch selection 20-10
root guard
described 20-10
enabling 20-18
root switch
configuring 19-18
effects of extended system ID 19-18
unexpected behavior 19-18
shutdown Port Fast-enabled port 20-2
stack changes, effects of 19-8
status, displaying 19-27
MTU
system 11-26
system jumbo 11-26
system routing 11-26
multiauth
support for inaccessible authentication bypass 9-24
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 24-6
joining 24-3
leaving 24-5
static joins 24-10, 25-8
multicast packets
ACLs on 35-39
blocking 26-8
multicast router interfaces, monitoring 24-17, 25-12
multicast router ports, adding 24-10, 25-9
Multicast Source Discovery Protocol
See MSDP
multicast storm 26-1
multicast storm-control command 26-4
multicast television application 24-19
multicast VLAN 24-18
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multioperations scheduling, IP SLAs 42-5
multiple authentication 9-13
Multiple HSRP
See MHSRP
multiple VPN routing/forwarding in customer edge devices
See multi-VRF CE
multi-VRF CE
configuration example 39-92
configuration guidelines 39-84
configuring 39-84
default configuration 39-84
defined 39-82
displaying 39-96
monitoring 39-96
network components 39-84
packet-forwarding process 39-84
support for 1-14
MVR
and address aliasing 24-21
and IGMPv3 24-21
configuration guidelines 24-21
configuring interfaces 24-22
default configuration 24-20
described 24-18
example application 24-19
in the switch stack 24-20
modes 24-22
monitoring 24-24
multicast television application 24-19
setting global parameters 24-21
support for 1-5
N
NAC
AAA down policy 1-12
critical authentication 9-23, 9-55
IEEE 802.1x authentication using a RADIUS server 9-60
IEEE 802.1x validation using RADIUS server 9-60
inaccessible authentication bypass 1-12, 9-55
Layer 2 IEEE 802.1x validation 1-11, 9-60
Layer 2 IP validation 1-11
named IPv4 ACLs 35-15
named IPv6 ACLs 36-3
NameSpace Mapper
See NSM
native VLAN
and IEEE 802.1Q tunneling 17-4
configuring 13-22
default 13-22
NEAT
configuring 9-61
overview 9-32
neighbor discovery, IPv6 40-5
neighbor discovery/recovery, EIGRP 39-43
neighbors, BGP 39-65
Network Admission Control
See NAC
Network Assistant
benefits 1-3
described 1-5
downloading image files 1-3
guide mode 1-3
management options 1-3
managing switch stacks 7-2, 7-18
upgrading a switch B-24
wizards 1-3
network configuration examples
data center 1-21
expanded data center 1-21
increasing network performance 1-20
providing network services 1-20
small to medium-sized network 1-22
network design
performance 1-20
services 1-20
Network Edge Access Topology
See NEAT
network management
CDP 27-1
RMON 31-1
SNMP 33-1
network performance, measuring with IP SLAs 42-3
network policy TLV 28-2, 28-7
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
configuration guidelines 37-39
configuring 37-59
described 37-10
non-IP traffic filtering 35-28
nontrunking mode 13-16
normal-range VLANs 13-4
configuration guidelines 13-6
configuring 13-4
defined 13-1
no switchport command 11-4
not-so-stubby areas
See NSSA
NSAPs, as ISO IGRP addresses 39-71
NSF Awareness
IS-IS 39-74
NSM 4-3
NSSA, OSPF 39-37
NTP
associations
authenticating 5-4
defined 5-2
enabling broadcast messages 5-6
peer 5-5
server 5-5
default configuration 5-4
displaying the configuration 5-11
overview 5-2
restricting access
creating an access group 5-8
disabling NTP services per interface 5-10
source IP address, configuring 5-10
stratum 5-2
support for 1-6
synchronizing devices 5-5
time
services 5-2
synchronizing 5-2
O
OBFL
configuring 48-22
described 48-21
displaying 48-22
object tracking
HSRP 43-6
IP SLAs 43-8
IP SLAs, configuring 43-8
monitoring 43-9
offline configuration for switch stacks 7-9
off mode, VTP 14-3
on-board failure logging
See OBFL
online diagnostics
described 49-1
overview 49-1
running tests 49-5
open1x
configuring 9-66
open1x authentication
overview 9-30
Open Shortest Path First
See OSPF
optimizing system resources 8-1
options, management 1-5
OSPF
area parameters, configuring 39-37
configuring 39-35
default configuration
metrics 39-39
route 39-39
settings 39-32
described 39-31
for IPv6 40-8
interface parameters, configuring 39-36
LSA group pacing 39-40
monitoring 39-41
router IDs 39-41
route summarization 39-38
support for 1-14
virtual links 39-39
out-of-profile markdown 1-13
P
packet modification, with QoS 37-20
PAgP
Layer 2 protocol tunneling 17-9
See EtherChannel
parallel paths, in routing tables 39-99
passive interfaces
configuring 39-109
OSPF 39-39
passwords
default configuration 6-2
disabling recovery of 6-5
encrypting 6-3
for security 1-10
overview 6-1
recovery of 48-3
setting
enable 6-3
enable secret 6-3
Telnet 6-6
with usernames 6-6
VTP domain 14-10
path cost
MSTP 19-22
STP 18-20
path MTU discovery 40-5
PBR
defined 39-105
enabling 39-107
fast-switched policy-based routing 39-108
local policy-based routing 39-108
peers, BGP 39-65
percentage thresholds in tracked lists 43-5
performance, network design 1-20
performance features 1-4
persistent self-signed certificate 6-51
per-user ACLs and Filter-Ids 9-9
per-VLAN spanning-tree plus
See PVST+
PE to CE routing, configuring 39-92
physical ports 11-2
PIM
default configuration 45-10
dense mode
overview 45-4
rendezvous point (RP), described 45-5
RPF lookups 45-8
displaying neighbors 45-67
enabling a mode 45-13
overview 45-3
router-query message interval, modifying 45-42
shared tree and source tree, overview 45-39
shortest path tree, delaying the use of 45-41
sparse mode
join messages and shared tree 45-5
overview 45-5
prune messages 45-5
RPF lookups 45-8
stub routing
configuration guidelines 39-28
enabling 39-28, 45-26
overview 45-5
understanding 39-27
support for 1-15
versions
interoperability 45-11
troubleshooting interoperability problems 45-39
v2 improvements 45-4
PIM-DVMRP, as snooping method 24-9
ping
character output description 48-11
executing 48-10
overview 48-10
policed-DSCP map for QoS 37-76
policers
configuring
for each matched traffic class 37-59
for more than one traffic class 37-72
described 37-4
displaying 37-92
number of 37-40
types of 37-10
policing
described 37-4
hierarchical
See hierarchical policy maps
token-bucket algorithm 37-10
policy-based routing
See PBR
policy maps for QoS
characteristics of 37-59
described 37-8
displaying 37-93
hierarchical 37-9
hierarchical on SVIs
configuration guidelines 37-39
configuring 37-64
described 37-12
nonhierarchical on physical ports
configuration guidelines 37-39
configuring 37-59
described 37-10
port ACLs
defined 35-2
types of 35-3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 9-15
authentication server
defined 9-3, 10-2
RADIUS server 9-3
client, defined 9-3, 10-2
configuration guidelines 9-36, 10-9
configuring
802.1x authentication 9-39
guest VLAN 9-52
host mode 9-44
inaccessible authentication bypass 9-55
manual re-authentication of a client 9-47
periodic re-authentication 9-45
quiet period 9-47
RADIUS server 9-44, 10-12
RADIUS server parameters on the switch 9-43, 10-11
restricted VLAN 9-53
switch-to-client frame-retransmission number 9-48, 9-49
switch-to-client retransmission time 9-48
violation mode 9-26
violation modes9-38to 9-39
default configuration 9-35, 10-9
described 9-2
device roles 9-3, 10-2
displaying statistics 9-68, 10-17
downloadable ACLs and redirect URLs
configuring 9-63
overview9-19to 9-21
EAPOL-start frame 9-6
EAP-request/identity frame 9-6
EAP-response/identity frame 9-6
enabling
802.1X authentication 10-11
encapsulation 9-4
flexible authentication ordering
configuring 9-66
overview 9-30
guest VLAN
configuration guidelines 9-22, 9-23
described 9-21
host mode 9-12
inaccessible authentication bypass
configuring 9-55
described 9-23
guidelines 9-37
initiation and message exchange 9-6
magic packet 9-27
maximum number of allowed devices per port 9-38
method lists 9-39
multiple authentication 9-13
multiple-hosts mode, described 9-12
per-user ACLs
AAA authorization 9-39
configuration tasks 9-19
described 9-18
RADIUS server attributes 9-18
ports
authorization state and dot1x port-control command 9-11
authorized and unauthorized 9-11
voice VLAN 9-25
port security
and voice VLAN 9-26
described 9-26
interactions 9-26
multiple-hosts mode 9-12
readiness check
configuring 9-41
described 9-16, 9-41
resetting to default values 9-67
stack changes, effects of 9-12
statistics, displaying 9-68
switch
as proxy 9-3, 10-2
RADIUS client 9-3
switch supplicant
configuring 9-61
overview 9-32
user distribution
guidelines 9-28
overview 9-27
VLAN assignment
AAA authorization 9-39
characteristics 9-17
configuration tasks 9-17
described 9-16
voice aware 802.1x security
configuring 9-42
described 9-31, 9-42
voice VLAN
described 9-25
PVID 9-25
VVID 9-25
wake-on-LAN, described 9-27
port-based authentication methods, supported 9-8
port blocking 1-4, 26-7
port-channel
See EtherChannel
port description TLV 28-2
Port Fast
described 20-2
enabling 20-12
mode, spanning tree 13-28
support for 1-8
port membership modes, VLAN 13-3
port priority
MSTP 19-20
STP 18-18
ports
10-Gigabit Ethernet 11-6
access 11-3
blocking 26-7
dynamic access 13-3
IEEE 802.1Q tunnel 13-4
protected 26-6
routed 11-4
secure 26-9
static-access 13-3, 13-10
switch 11-2
trunks 13-3, 13-15
VLAN assignments 13-10
port security
aging 26-17
and private VLANs 26-18
and QoS trusted boundary 37-44
and stacking 26-18
configuring 26-13
default configuration 26-11
described 26-8
displaying 26-19
enabling 26-18
on trunk ports 26-14
sticky learning 26-9
violations 26-10
with other features 26-11
port-shutdown response, VMPS 13-26
port VLAN ID TLV 28-2
power management TLV 28-2, 28-7
preemption, default configuration 21-8
preemption delay, default configuration 21-8
preferential treatment of traffic
See QoS
prefix lists, BGP 39-62
preventing unauthorized access 6-1
primary links 21-2
primary VLANs 16-1, 16-3
priority
HSRP 41-8
overriding CoS 15-6
trusting CoS 15-6
private VLAN edge ports
See protected ports
private VLANs
across multiple switches 16-4
and SDM template 16-4
and SVIs 16-5
and switch stacks 16-6
benefits of 16-1
community ports 16-2
community VLANs 16-2, 16-3
configuration guidelines 16-7, 16-9
configuration tasks 16-6
configuring 16-10
default configuration 16-7
end station access to 16-3
IP addressing 16-3
isolated port 16-2
isolated VLANs 16-2, 16-3
mapping 16-14
monitoring 16-15
ports
community 16-2
configuration guidelines 16-9
configuring host ports 16-12
configuring promiscuous ports 16-13
described 13-4
isolated 16-2
promiscuous 16-2
primary VLANs 16-1, 16-3
promiscuous ports 16-2
secondary VLANs 16-2
subdomains 16-1
traffic in 16-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 6-9
exiting 6-9
logging into 6-9
overview 6-2, 6-7
setting a command with 6-8
promiscuous ports
configuring 16-13
defined 16-2
protected mode
described 3-17
disabling 3-18
enabling 3-18
guidelines and restrictions 3-18
protected ports 1-10, 26-6
protocol-dependent modules, EIGRP 39-43
Protocol-Independent Multicast Protocol
See PIM
provider edge devices 39-82
provisioning new members for a switch stack 7-9
proxy ARP
configuring 39-13
definition 39-11
with IP routing disabled 39-13
proxy reports 21-4
pruning, VTP
disabling
in VTP domain 14-16
on a port 13-21
enabling
in VTP domain 14-16
on a port 13-21
examples 14-7
overview 14-6
pruning-eligible list
changing 13-21
for VTP pruning 14-6
VLANs 14-16
PVST+
described 18-10
IEEE 802.1Q trunking interoperability 18-11
instances supported 18-10
Q
QoS
and MQC commands 37-2
auto-QoS
categorizing traffic 37-22
configuration and defaults display 37-35
configuration guidelines 37-32
described 37-21
disabling 37-34
displaying generated commands 37-34
displaying the initial configuration 37-35
effects on running configuration 37-32
list of generated commands 37-25
basic model 37-4
classification
class maps, described 37-8
defined 37-4
DSCP transparency, described 37-45
flowchart 37-7
forwarding treatment 37-3
in frames and packets 37-3
IP ACLs, described 37-6, 37-8
MAC ACLs, described 37-5, 37-8
options for IP traffic 37-6
options for non-IP traffic 37-5
policy maps, described 37-8
trust DSCP, described 37-5
trusted CoS, described 37-5
trust IP precedence, described 37-5
class maps
configuring 37-54
displaying 37-92
configuration guidelines
auto-QoS 37-32
standard QoS 37-38
configuring
aggregate policers 37-72
auto-QoS 37-21
default port CoS value 37-43
DSCP maps 37-74
DSCP transparency 37-45
DSCP trust states bordering another domain 37-46
egress queue characteristics 37-84
ingress queue characteristics 37-80
IP extended ACLs 37-50
IP standard ACLs 37-49
MAC ACLs 37-53
policy maps, hierarchical 37-64
policy maps on physical ports 37-59
port trust states within the domain 37-42
trusted boundary 37-44
default auto configuration 37-22
default standard configuration 37-36
displaying statistics 37-92
DSCP transparency 37-45
egress queues
allocating buffer space 37-85
buffer allocation scheme, described 37-19
configuring shaped weights for SRR 37-89
configuring shared weights for SRR 37-90
described 37-4
displaying the threshold map 37-88
flowchart 37-18
mapping DSCP or CoS values 37-87
scheduling, described 37-4
setting WTD thresholds 37-85
WTD, described 37-20
enabling globally 37-41
flowcharts
classification 37-7
egress queueing and scheduling 37-18
ingress queueing and scheduling 37-16
policing and marking 37-11
implicit deny 37-8
ingress queues
allocating bandwidth 37-82
allocating buffer space 37-82
buffer and bandwidth allocation, described 37-17
configuring shared weights for SRR 37-82
configuring the priority queue 37-83
described 37-4
displaying the threshold map 37-81
flowchart 37-16
mapping DSCP or CoS values 37-81
priority queue, described 37-17
scheduling, described 37-4
setting WTD thresholds 37-81
WTD, described 37-17
IP phones
automatic classification and queueing 37-21
detection and trusted settings 37-21, 37-44
limiting bandwidth on egress interface 37-91
mapping tables
CoS-to-DSCP 37-74
displaying 37-93
DSCP-to-CoS 37-77
DSCP-to-DSCP-mutation 37-78
IP-precedence-to-DSCP 37-75
policed-DSCP 37-76
types of 37-13
marked-down actions 37-62, 37-68
marking, described 37-4, 37-9
overview 37-2
packet modification 37-20
policers
configuring 37-62, 37-68, 37-72
described 37-9
displaying 37-92
number of 37-40
types of 37-10
policies, attaching to an interface 37-9
policing
described 37-4, 37-9
token bucket algorithm 37-10
policy maps
characteristics of 37-59
displaying 37-93
hierarchical 37-9
hierarchical on SVIs 37-64
nonhierarchical on physical ports 37-59
QoS label, defined 37-4
queues
configuring egress characteristics 37-84
configuring ingress characteristics 37-80
high priority (expedite) 37-20, 37-91
location of 37-14
SRR, described 37-15
WTD, described 37-14
rewrites 37-20
support for 1-13
trust states
bordering another domain 37-46
described 37-5
trusted device 37-44
within the domain 37-42
quality of service
See QoS
queries, IGMP 24-4
query solicitation, IGMP 24-13
R
RADIUS
attributes
vendor-proprietary 6-38
vendor-specific 6-36
configuring
accounting 6-35
authentication 6-30
authorization 6-34
communication, global 6-28, 6-36
communication, per-server 6-27, 6-28
multiple UDP ports 6-28
default configuration 6-27
defining AAA server groups 6-32
displaying the configuration 6-40
identifying the server 6-27
limiting the services to the user 6-34
method list, defined 6-27
operation of 6-19
overview 6-18
server load balancing 6-40
suggested network environments 6-18
support for 1-12
tracking services accessed by user 6-35
RADIUS Change of Authorization 6-20
range
macro 11-12
of interfaces 11-10
rapid convergence 19-10
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 18-10
IEEE 802.1Q trunking interoperability 18-11
instances supported 18-10
Rapid Spanning Tree Protocol
See RSTP
RARP 39-11
RCP
configuration files
downloading B-18
overview B-16
preparing the server B-17
uploading B-19
image files
deleting old image B-38
downloading B-36
preparing the server B-35
uploading B-38
reachability, tracking IP SLAs IP host 43-8
readiness check
port-based authentication
configuring 9-41
described 9-16, 9-41
reconfirmation interval, VMPS, changing 13-30
reconfirming dynamic VLAN membership 13-29
recovery procedures 48-1
redirect URL 9-19, 9-20, 9-63
redundancy
EtherChannel 38-2
HSRP 41-1
STP
backbone 18-8
multidrop backbone 20-5
path cost 13-24
port priority 13-23
redundant links and UplinkFast 20-15
reliable transport protocol, EIGRP 39-43
reloading software 3-26
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 30-3
report suppression, IGMP
described 24-6
disabling 24-16, 25-11
resequencing ACL entries 35-15
reserved addresses in DHCP pools 22-28
resets, in BGP 39-57
resetting a UDLD-shutdown interface 29-6
responder, IP SLAs
described 42-4
enabling 42-7
response time, measuring with IP SLAs 42-4
restricted VLAN
configuring 9-53
described 9-22
using with IEEE 802.1x 9-22
restricting access
NTP services 5-8
overview 6-1
passwords and privilege levels 6-2
RADIUS 6-18
TACACS+ 6-10
retry count, VMPS, changing 13-30
reverse address resolution 39-10
Reverse Address Resolution Protocol
See RARP
RFC
1112, IP multicast and IGMP 24-2
1157, SNMPv1 33-2
1166, IP addresses 39-8
1305, NTP 5-2
1587, NSSAs 39-31
1757, RMON 31-2
1901, SNMPv2C 33-2
1902 to 1907, SNMPv2 33-2
2236, IP multicast and IGMP 24-2
2273-2275, SNMPv3 33-2
RFC 5176 Compliance 6-21
RIP
advertisements 39-21
authentication 39-24
configuring 39-22
default configuration 39-22
described 39-21
for IPv6 40-8
hop counts 39-21
split horizon 39-25
summary addresses 39-25
support for 1-14
RMON
default configuration 31-3
displaying status 31-6
enabling alarms and events 31-3
groups supported 31-2
overview 31-1
statistics
collecting group Ethernet 31-6
collecting group history 31-5
support for 1-16
root guard
described 20-10
enabling 20-18
support for 1-8
root switch
MSTP 19-18
STP 18-16
route calculation timers, OSPF 39-39
route dampening, BGP 39-69
routed packets, ACLs on 35-39
routed ports
configuring 39-6
defined 11-4
IP addresses on 11-24, 39-6
route-map command 39-108
route maps
BGP 39-60
policy-based routing 39-106
router ACLs
defined 35-2
types of 35-4
route reflectors, BGP 39-68
router ID, OSPF 39-41
route selection, BGP 39-58
route summarization, OSPF 39-38
route targets, VPN 39-84
routing
default 39-4
dynamic 39-4
redistribution of information 39-101
static 39-4
routing domain confederation, BGP 39-67
Routing Information Protocol
See RIP
routing protocol administrative distances 39-100
RSPAN 30-3
and stack changes 30-10
characteristics 30-9
configuration guidelines 30-18
default configuration 30-11
destination ports 30-8
displaying status 30-29
in a switch stack 30-2
interaction with other features 30-9
monitored ports 30-6
monitoring ports 30-8
overview 1-16, 30-1
received traffic 30-5
session limits 30-12
sessions
creating 30-18
defined 30-4
limiting source traffic to specific VLANs 30-21
specifying monitored ports 30-18
with ingress traffic enabled 30-23
source ports 30-6
transmitted traffic 30-6
VLAN-based 30-7
RSTP
active topology 19-10
BPDU
format 19-13
processing 19-13
designated port, defined 19-9
designated switch, defined 19-9
interoperability with IEEE 802.1D
described 19-9
restarting migration process 19-27
topology changes 19-14
overview 19-9
port roles
described 19-9
synchronized 19-12
proposal-agreement handshake process 19-10
rapid convergence
cross-stack rapid convergence 19-11
described 19-10
edge ports and Port Fast 19-10
point-to-point links 19-10, 19-26
root ports 19-10
root port, defined 19-9
See also MSTP
running configuration
replacing B-20, B-21
rolling back B-20, B-21
saving 3-19
S
scheduled reloads 3-26
scheduling, IP SLAs operations 42-5
SDM
described 8-1
switch stack consideration 7-12
templates
configuring 8-5
number of 8-1
SDM template
configuring 8-4
dual IPv4 and IPv6 8-2
types of 8-1
secondary VLANs 16-2
secure HTTP client
configuring 6-55
displaying 6-56
secure HTTP server
configuring 6-54
displaying 6-56
secure MAC addresses
and switch stacks 26-18
deleting 26-16
maximum number of 26-10
types of 26-9
secure ports
and switch stacks 26-18
configuring 26-9
secure remote connections 6-46
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 26-8
security features 1-10
sequence numbers in log messages 32-8
server mode, VTP 14-3
service-provider network, MSTP and RSTP 19-1
service-provider networks
and customer VLANs 17-2
and IEEE 802.1Q tunneling 17-1
Layer 2 protocols across 17-8
Layer 2 protocol tunneling for EtherChannels 17-9
set-request operation 33-4
severity levels, defining in system messages 32-9
shaped round robin
See SRR
show access-lists hw-summary command 35-22
show and more command output, filtering 2-9
show cdp traffic command 27-5
show configuration command 11-23
show forward command 48-18
show interfaces command 11-19, 11-23
show interfaces switchport 21-4
show l2protocol command 17-13, 17-15, 17-16
show lldp traffic command 28-11
show platform forward command 48-18
show running-config command
displaying ACLs 35-20, 35-21, 35-32, 35-35
interface description in 11-23
shutdown command on interfaces 11-29
shutdown threshold for Layer 2 protocol packets 17-11
Simple Network Management Protocol
See SNMP
single session ID 9-33
small-frame arrival rate, configuring 26-5
Smartports macros
applying Cisco-default macros 12-6
applying global parameter values 12-5, 12-6
applying macros 12-5
applying parameter values 12-5, 12-7
configuration guidelines 12-2
creating 12-4
default configuration 12-2
defined 12-1
displaying 12-8
tracing 12-3
SNAP 27-1
SNMP
accessing MIB variables with 33-4
agent
described 33-4
disabling 33-7
and IP SLAs 42-2
authentication level 33-10
community strings
configuring 33-8
overview 33-4
configuration examples 33-18
default configuration 33-6
engine ID 33-7
groups 33-6, 33-9
host 33-6
ifIndex values 33-5
in-band management 1-7
informs
and trap keyword 33-12
described 33-5
differences from traps 33-5
disabling 33-15
enabling 33-15
limiting access by TFTP servers 33-17
limiting system log messages to NMS 32-10
manager functions 1-6, 33-3
MIBs
location of A-4
supported A-1
notifications 33-5
overview 33-1, 33-4
security levels 33-3
setting CPU threshold notification 33-16
status, displaying 33-19
system contact and location 33-16
trap manager, configuring 33-14
traps
described 33-3, 33-5
differences from informs 33-5
disabling 33-15
enabling 33-12
enabling MAC address notification 5-22, 5-24, 5-26
overview 33-1, 33-4
types of 33-12
users 33-6, 33-9
versions supported 33-2
SNMP and Syslog Over IPv6 40-9
SNMPv1 33-2
SNMPv2C 33-2
SNMPv3 33-2
snooping, IGMP 24-2
software compatibility
See stacks, switch
software images
location in flash B-25
recovery procedures 48-2
scheduling reloads 3-26
tar file format, described B-25
See also downloading and uploading
source addresses
in IPv4 ACLs 35-12
in IPv6 ACLs 36-6
source-and-destination-IP address based forwarding, EtherChannel 38-8
source-and-destination MAC address forwarding, EtherChannel 38-8
source-IP address based forwarding, EtherChannel 38-8
source-MAC address forwarding, EtherChannel 38-8
Source-specific multicast
See SSM
SPAN
and stack changes 30-10
configuration guidelines 30-12
default configuration 30-11
destination ports 30-8
displaying status 30-29
interaction with other features 30-9
monitored ports 30-6
monitoring ports 30-8
overview 1-16, 30-1
ports, restrictions 26-12
received traffic 30-5
session limits 30-12
sessions
configuring ingress forwarding 30-16, 30-24
creating 30-13, 30-25
defined 30-4
limiting source traffic to specific VLANs 30-16
removing destination (monitoring) ports 30-14
specifying monitored ports 30-13, 30-25
with ingress traffic enabled 30-15
source ports 30-6
transmitted traffic 30-6
VLAN-based 30-7
spanning tree and native VLANs 13-17
Spanning Tree Protocol
See STP
SPAN traffic 30-5
split horizon, RIP 39-25
SRR
configuring
shaped weights on egress queues 37-89
shared weights on egress queues 37-90
shared weights on ingress queues 37-82
described 37-15
shaped mode 37-15
shared mode 37-15
support for 1-13
SSH
configuring 6-47
described 1-7, 6-46
encryption methods 6-46
switch stack considerations 6-46, 7-18
user authentication methods, supported 6-46
SSL
configuration guidelines 6-52
configuring a secure HTTP client 6-55
configuring a secure HTTP server 6-53
cryptographic software image 6-50
described 6-50
monitoring 6-56
SSM
address management restrictions 45-25
CGMP limitations 45-25
configuration guidelines 45-25
configuring 45-26
differs from Internet standard multicast 45-23
IGMP snooping 45-25
IGMPv3 45-14, 45-23
IGMPv3 Host Signalling 45-25
IP address range 45-24
monitoring 45-26
operations 45-24
PIM 45-14, 45-23
state maintenance limitations 45-25
stack changes
effects on
IPv6 routing 40-11
stack changes, effects on
ACL configuration 35-7
CDP 27-2
cross-stack EtherChannel 38-12
EtherChannel 38-9
fallback bridging 47-3
HSRP 41-5
IEEE 802.1x port-based authentication 9-12
IGMP snooping 24-7
IP routing 39-5
IPv6 ACLs 36-4
MAC address tables 5-21
MSTP 19-8
multicast routing 45-10
MVR 24-18
port security 26-18
SDM template selection 8-3
SNMP 33-1
SPAN and RSPAN 30-10
STP 18-12
system message log 32-2
VLANs 13-7
VTP 14-8
stack master
bridge ID (MAC address) 7-8
defined 7-1
election 7-6
IPv6 40-11
re-election 7-6
See also stacks, switch
stack member
accessing CLI of specific member 7-26
configuring
member number 7-24
priority value 7-25
defined 7-1
displaying information of 7-27
IPv6 40-12
number 7-8
priority value 7-9
provisioning a new member 7-25
replacing 7-17
See also stacks, switch
stack member number 11-8
stack protocol version 7-12
stacks, switch
accessing CLI of specific member 7-26
assigning information
member number 7-24
priority value 7-25
provisioning a new member 7-25
auto-advise 7-14
auto-copy 7-13
auto-extract 7-13
auto-upgrade 7-13
bridge ID 7-8
CDP considerations 27-2
compatibility, software 7-12
configuration file 7-16
configuration guidelines 7-22
configuration scenarios 7-19
copying an image file from one member to another B-39
default configuration 7-21
description of 7-1
displaying information of 7-27
enabling persistent MAC address timer 7-22
hardware compatibility and SDM mismatch mode 7-12
HSRP considerations 41-5
incompatible software and image upgrades 7-16, B-39
IPv6 on 40-11
MAC address considerations 5-21
MAC address of 7-22
management connectivity 7-18
managing 7-1
membership 7-3
merged 7-3
MSTP instances supported 18-10
multicast routing, stack master and member roles 45-9
offline configuration
described 7-9
effects of adding a provisioned switch 7-10
effects of removing a provisioned switch 7-11
effects of replacing a provisioned switch 7-11
provisioned configuration, defined 7-9
provisioned switch, defined 7-9
provisioning a new member 7-25
partitioned 7-3, 48-9
provisioned switch
adding 7-10
removing 7-11
replacing 7-11
replacing a failed member 7-17
software compatibility 7-12
software image version 7-12
stack protocol version 7-12
STP
bridge ID 18-3
instances supported 18-10
root port selection 18-3
stack root switch election 18-3
system messages
hostnames in the display 32-1
remotely monitoring 32-2
system prompt consideration 5-14
system-wide configuration considerations 7-17
upgrading B-39
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 7-13
described 7-13
examples 7-14
manual upgrades with auto-advise 7-14
upgrades with auto-extract 7-13
See also stack master and stack member
StackWise Plus technology, Cisco 1-3
See also stacks, switch
standby ip command 41-7
standby links 21-2
standby router 41-1
standby timers, HSRP 41-11
startup configuration
booting
manually 3-22
specific image 3-23
clearing B-20
configuration file
automatically downloading 3-21
specifying the filename 3-22
default boot configuration 3-21
static access ports
assigning to VLAN 13-10
defined 11-3, 13-3
static addresses
See addresses
static IP routing 1-14
static MAC addressing 1-10
static routes
configuring 39-99
configuring for IPv6 40-22
understanding 40-8
static routing 39-4
static VLAN membership 13-2
statistics
802.1X 10-17
CDP 27-5
IEEE 802.1x 9-68
interface 11-28
IP multicast routing 45-67
LLDP 28-10
LLDP-MED 28-10
NMSP 28-10
OSPF 39-41
QoS ingress and egress 37-92
RMON group Ethernet 31-6
RMON group history 31-5
SNMP input and output 33-19
VTP 14-18
sticky learning 26-9
storm control
configuring 26-3
described 26-1
disabling 26-5
displaying 26-19
support for 1-4
thresholds 26-1
STP
accelerating root port selection 20-4
BackboneFast
described 20-7
disabling 20-17
enabling 20-16
BPDU filtering
described 20-3
disabling 20-15
enabling 20-14
BPDU guard
described 20-2
disabling 20-14
enabling 20-13
BPDU message exchange 18-3
configuration guidelines 18-14, 20-12
configuring
forward-delay time 18-23
hello time 18-22
maximum aging time 18-23
path cost 18-20
port priority 18-18
root switch 18-16
secondary root switch 18-18
spanning-tree mode 18-15
switch priority 18-21
transmit hold-count 18-24
counters, clearing 18-24
cross-stack UplinkFast
described 20-5
enabling 20-16
default configuration 18-13
default optional feature configuration 20-12
designated port, defined 18-4
designated switch, defined 18-4
detecting indirect link failures 20-8
disabling 18-16
displaying status 18-24
EtherChannel guard
described 20-10
disabling 20-17
enabling 20-17
extended system ID
effects on root switch 18-16
effects on the secondary root switch 18-18
overview 18-4
unexpected behavior 18-16
features supported 1-8
IEEE 802.1D and bridge ID 18-4
IEEE 802.1D and multicast addresses 18-9
IEEE 802.1t and VLAN identifier 18-4
inferior BPDU 18-3
instances supported 18-10
interface state, blocking to forwarding 20-2
interface states
blocking 18-6
disabled 18-7
forwarding 18-6, 18-7
learning 18-7
listening 18-7
overview 18-5
interoperability and compatibility among modes 18-11
keepalive messages 18-2
Layer 2 protocol tunneling 17-8
limitations with IEEE 802.1Q trunks 18-11
load sharing
overview 13-22
using path costs 13-24
using port priorities 13-23
loop guard
described 20-11
enabling 20-18
modes supported 18-10
multicast addresses, effect of 18-9
optional features supported 1-8
overview 18-2
path costs 13-24, 13-25
Port Fast
described 20-2
enabling 20-12
port priorities 13-23
preventing root switch selection 20-10
protocols supported 18-10
redundant connectivity 18-8
root guard
described 20-10
enabling 20-18
root port, defined 18-3
root port selection on a switch stack 18-3
root switch
configuring 18-16
effects of extended system ID 18-4, 18-16
election 18-3
unexpected behavior 18-16
shutdown Port Fast-enabled port 20-2
stack changes, effects of 18-12
status, displaying 18-24
superior BPDU 18-3
timers, described 18-22
UplinkFast
described 20-3
enabling 20-15
VLAN-bridge 18-12
stratum, NTP 5-2
stub areas, OSPF 39-37
stub routing
EIGRP 39-29
PIM 39-27
subdomains, private VLAN 16-1
subnet mask 39-8
subnet zero 39-8
success response, VMPS 13-27
summer time 5-13
SunNet Manager 1-6
supernet 39-9
supported port-based authentication methods 9-8
SVI autostate exclude
configuring 11-25
defined 11-6
SVI link state 11-6
SVIs
and IP unicast routing 39-6
and router ACLs 35-4
connecting VLANs 11-7
defined 11-5
routing between VLANs 13-2
switch 40-3
switch console port 1-7
Switch Database Management
See SDM
switched packets, ACLs on 35-37
Switched Port Analyzer
See SPAN
switched ports 11-2
switchport backup interface 21-4, 21-5
switchport block multicast command 26-8
switchport block unicast command 26-8
switchport command 11-17
switchport mode dot1q-tunnel command 17-6
switchport protected command 26-7
switch priority
MSTP 19-23
STP 18-21
switch software features 1-1
switch virtual interface
See SVI
synchronization, BGP 39-54
syslog
See system message logging
system capabilities TLV 28-2
system clock
configuring
daylight saving time 5-13
manually 5-11
summer time 5-13
time zones 5-12
displaying the time and date 5-12
overview 5-2
See also NTP
system description TLV 28-2
system message logging
default configuration 32-4
defining error message severity levels 32-9
disabling 32-4
displaying the configuration 32-14
enabling 32-5
facility keywords, described 32-14
level keywords, described 32-10
limiting messages 32-10
message format 32-2
overview 32-1
sequence numbers, enabling and disabling 32-8
setting the display destination device 32-5
stack changes, effects of 32-2
synchronizing log messages 32-6
syslog facility 1-16
time stamps, enabling and disabling 32-8
UNIX syslog servers
configuring the daemon 32-13
configuring the logging facility 32-13
facilities supported 32-14
system MTU
and IS-IS LSPs 39-76
system MTU and IEEE 802.1Q tunneling 17-5
system name
default configuration 5-15
default setting 5-15
manual configuration 5-15
See also DNS
system name TLV 28-2
system prompt, default setting 5-14, 5-15
system resources, optimizing 8-1
system routing
IS-IS 39-71
ISO IGRP 39-71
T
TACACS+
accounting, defined 6-11
authentication, defined 6-11
authorization, defined 6-11
configuring
accounting 6-17
authentication key 6-13
authorization 6-16
login authentication 6-14
default configuration 6-13
displaying the configuration 6-17
identifying the server 6-13
limiting the services to the user 6-16
operation of 6-12
overview 6-10
support for 1-12
tracking services accessed by user 6-17
tagged packets
IEEE 802.1Q 17-3
Layer 2 protocol 17-8
tar files
creating B-7
displaying the contents of B-7
extracting B-8
image file format B-25
TCL script, registering and defining with embedded event manager 34-7
TDR 1-16
Telnet
accessing management interfaces 2-10
number of connections 1-7
setting a password 6-6
templates, SDM 8-2
temporary self-signed certificate 6-51
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 6-6
TFTP
configuration files
downloading B-12
preparing the server B-11
uploading B-13
configuration files in base directory 3-8
configuring for autoconfiguration 3-7
image files
deleting B-29
downloading B-27
preparing the server B-27
uploading B-29
limiting access by servers 33-17
TFTP server 1-6
threshold, traffic level 26-2
threshold monitoring, IP SLAs 42-6
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 35-17
time ranges in ACLs 35-17
time stamps in log messages 32-8
time zones 5-12
TLVs
defined 28-1
LLDP 28-2
LLDP-MED 28-2
Token Ring VLANs
support for 13-6
VTP support 14-4
ToS 1-13
traceroute, Layer 2
and ARP 48-12
and CDP 48-12
broadcast traffic 48-11
described 48-11
IP addresses and subnets 48-12
MAC addresses and VLANs 48-12
multicast traffic 48-12
multiple devices on a port 48-12
unicast traffic 48-11
usage guidelines 48-12
traceroute command 48-14
See also IP traceroute
tracked lists
configuring 43-3
types 43-3
tracked objects
by Boolean expression 43-3
by threshold percentage 43-5
by threshold weight 43-4
tracking interface line-protocol state 43-2
tracking IP routing state 43-2
tracking objects 43-1
tracking process 43-1
track state, tracking IP SLAs 43-8
traffic
blocking flooded 26-8
fragmented 35-5
fragmented IPv6 36-2
unfragmented 35-5
traffic policing 1-13
traffic suppression 26-1
transmit hold-count
see STP
transparent mode, VTP 14-3
trap-door mechanism 3-2
traps
configuring MAC address notification 5-22, 5-24, 5-26
configuring managers 33-12
defined 33-3
enabling 5-22, 5-24, 5-26, 33-12
notification types 33-12
overview 33-1, 33-4
troubleshooting
connectivity problems 48-10, 48-11, 48-13
CPU utilization 48-23
detecting unidirectional links 29-1
displaying crash information 48-20
PIMv1 and PIMv2 interoperability problems 45-39
setting packet forwarding 48-18
show forward command 48-18
with CiscoWorks 33-4
with debug commands 48-16
with ping 48-10
with system message logging 32-1
with traceroute 48-13
trunk failover
See link-state tracking
trunking encapsulation 1-9
trunk ports
configuring 13-19
defined 11-3, 13-3
encapsulation 13-19, 13-24, 13-25
trunks
allowed-VLAN list 13-20
configuring 13-19, 13-24, 13-25
load sharing
setting STP path costs 13-24
using STP port priorities 13-23
native VLAN for untagged traffic 13-22
parallel 13-24
pruning-eligible list 13-21
to non-DTP device 13-16
trusted boundary for QoS 37-44
trusted port states
between QoS domains 37-46
classification options 37-5
ensuring port security for IP phones 37-44
support for 1-13
within a QoS domain 37-42
trustpoints, CA 6-50
tunneling
defined 17-1
IEEE 802.1Q 17-1
Layer 2 protocol 17-8
tunnel ports
defined 13-4
described 11-4, 17-1
IEEE 802.1Q, configuring 17-6
incompatibilities with other features 17-6
twisted-pair Ethernet, detecting unidirectional links 29-1
type of service
See ToS
U
UDLD
configuration guidelines 29-4
default configuration 29-4
disabling
globally 29-5
on fiber-optic interfaces 29-5
per interface 29-6
echoing detection mechanism 29-2
enabling
globally 29-5
per interface 29-6
Layer 2 protocol tunneling 17-10
link-detection mechanism 29-1
neighbor database 29-2
overview 29-1
resetting an interface 29-6
status, displaying 29-7
support for 1-8
UDP, configuring 39-17
UDP jitter, configuring 42-9
UDP jitter operation, IP SLAs 42-8
unauthorized ports with IEEE 802.1x 9-11
unicast MAC address filtering 1-6
and adding static addresses 5-29
and broadcast MAC addresses 5-28
and CPU packets 5-28
and multicast addresses 5-28
and router MAC addresses 5-28
configuration guidelines 5-28
described 5-28
unicast storm 26-1
unicast storm control command 26-4
unicast traffic, blocking 26-8
UniDirectional Link Detection protocol
See UDLD
universal software image
cryptographic 1-1
feature set
IP base 1-2
IP services 1-2
noncryptographic 1-1
UNIX syslog servers
daemon configuration 32-13
facilities supported 32-14
message logging configuration 32-13
unrecognized Type-Length-Value (TLV) support 14-4
upgrading software images
See downloading
UplinkFast
described 20-3
disabling 20-16
enabling 20-15
support for 1-8
uploading
configuration files
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-15
using RCP B-19
using TFTP B-13
image files
preparing B-27, B-30, B-35
reasons for B-24
using FTP B-33
using RCP B-38
using TFTP B-29
User Datagram Protocol
See UDP
user EXEC mode 2-2
username-based authentication 6-6
V
version-dependent transparent mode 14-5
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 7-13
described 7-13
displaying 7-13
manual upgrades with auto-advise 7-14
upgrades with auto-extract 7-13
Virtual Private Network
See VPN
virtual router 41-1, 41-2
virtual switches and PAgP 38-6
vlan.dat file 13-5
VLAN 1
disabling on a trunk port 13-20
minimization 13-20
VLAN ACLs
See VLAN maps
vlan-assignment response, VMPS 13-26
VLAN configuration
at bootup 13-7
saving 13-7
VLAN configuration mode 2-2
VLAN database
and startup configuration file 13-7
and VTP 14-1, 34-1
VLAN configuration saved in 13-7
VLANs saved in 13-4
vlan dot1q tag native command 17-5
VLAN filtering and SPAN 30-7
vlan global configuration command 13-7
VLAN ID, discovering 5-31
VLAN link state 11-6
VLAN load balancing on flex links
configuration guidelines 21-8
described 21-3
VLAN management domain 14-2
VLAN Management Policy Server
See VMPS
VLAN map entries, order of 35-31
VLAN maps
applying 35-35
common uses for 35-35
configuration guidelines 35-31
configuring 35-30
creating 35-32
defined 35-2
denying access to a server example 35-35
denying and permitting packets 35-33
displaying 35-41
examples of ACLs and VLAN maps 35-33
removing 35-35
support for 1-10
VLAN membership
confirming 13-29
modes 13-3
VLAN Query Protocol
See VQP
VLANs
adding 13-8
adding to VLAN database 13-8
aging dynamic addresses 18-9
allowed on trunk 13-20
and spanning-tree instances 13-3, 13-6, 13-11
configuration guidelines, extended-range VLANs 13-11
configuration guidelines, normal-range VLANs 13-6
configuring 13-1
configuring IDs 1006 to 4094 13-11
connecting through SVIs 11-7
customer numbering in service-provider networks 17-3
default configuration 13-8
deleting 13-9
described 11-2, 13-1
displaying 13-14
extended-range 13-1, 13-11
features 1-9
illustrated 13-2
internal 13-12
in the switch stack 13-7
limiting source traffic with RSPAN 30-21
limiting source traffic with SPAN 30-16
modifying 13-8
multicast 24-18
native, configuring 13-22
normal-range 13-1, 13-4
number supported 1-9
parameters 13-5
port membership modes 13-3
static-access ports 13-10
STP and IEEE 802.1Q trunks 18-11
supported 13-2
Token Ring 13-6
traffic between 13-2
VLAN-bridge STP 18-12, 47-2
VTP modes 14-3
VLAN Trunking Protocol
See VTP
VLAN trunks 13-15
VMPS
administering 13-30
configuration example 13-31
configuration guidelines 13-28
default configuration 13-27
description 13-26
dynamic port membership
described 13-27
reconfirming 13-30
troubleshooting 13-31
mapping MAC addresses to VLANs 13-26
monitoring 13-30
reconfirmation interval, changing 13-30
reconfirming membership 13-29
retry count, changing 13-30
voice aware 802.1x security
port-based authentication
configuring 9-42
described 9-31, 9-42
voice-over-IP 15-1
voice VLAN
Cisco 7960 phone, port connections 15-1
configuration guidelines 15-3
configuring IP phones for data traffic
override CoS of incoming frame 15-6
trust CoS priority of incoming frame 15-6
configuring ports for voice traffic in
IEEE 802.1p priority tagged frames 15-5
IEEE 802.1Q frames 15-5
connecting to an IP phone 15-4
default configuration 15-3
described 15-1
displaying 15-7
IP phone data traffic, described 15-2
IP phone voice traffic, described 15-2
VPN
configuring routing in 39-91
forwarding 39-84
in service provider networks 39-82
routes 39-83
VPN routing and forwarding table
See VRF
VQP 1-9, 13-26
VRF
defining