A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
X -
Index
A
abbreviating commands 2-4
AC (command switch) 5-9
access-class command 28-16
access control entries
See ACEs
access-denied response, VMPS 12-24
access groups, applying IPv4 ACLs to interfaces 28-17
accessing
clusters, switch 5-13
command switches 5-11
member switches 5-13
switch clusters 5-13
access lists
See ACLs
access ports
in switch clusters 5-8
access ports, defined 10-2
accounting
with 802.1x 9-28
with IEEE 802.1x 9-9
with RADIUS 8-28
with TACACS+ 8-11, 8-17
ACEs
and QoS 29-7
defined 28-2
Ethernet 28-2
IP 28-2
ACLs
ACEs 28-2
any keyword 28-9
applying
time ranges to 28-14
to an interface 28-16
to QoS 29-7
classifying traffic for QoS 29-40
comments in 28-15
compiling 28-17
defined 28-1, 28-5
examples of 28-17, 29-40
extended IP
configuring for QoS classification 29-41
extended IPv4
creating 28-8
matching criteria 28-5
hardware and software handling 28-17
host keyword 28-10
IP
creating 28-5
fragments and QoS guidelines 29-31
implicit deny 28-7, 28-11, 28-13
implicit masks 28-7
matching criteria 28-5
undefined 28-17
IPv4
applying to interfaces 28-16
creating 28-5
matching criteria 28-5
named 28-12
numbers 28-6
terminal lines, setting on 28-16
unsupported features 28-4
MAC extended 28-19, 29-42
matching 28-5, 28-17
monitoring 28-22
named, IPv4 28-12
number per QoS class map 29-31
QoS 29-7, 29-40
resequencing entries 28-12
standard IP, configuring for QoS classification 29-40
standard IPv4
creating 28-7
matching criteria 28-5
support for 1-8
support in hardware 28-17
time ranges 28-14
unsupported features, IPv4 28-4
active links 18-1
address aliasing 20-2
addresses
displaying the MAC address table 6-26
dynamic
accelerated aging 15-8
changing the aging time 6-21
default aging 15-8
defined 6-19
learning 6-20
removing 6-21
MAC, discovering 6-26
multicast, STP address management 15-8
static
adding and removing 6-24
defined 6-19
address resolution 6-26
Address Resolution Protocol
See ARP
advertisements
CDP 22-1
VTP 12-16, 13-3
aggregated ports
See EtherChannel
aggregate policers 29-48
aggregate policing 1-9
aging, accelerating 15-8
aging time
accelerated
for MSTP 16-23
for STP 15-8, 15-21
MAC address table 6-21
maximum
for MSTP 16-23, 16-24
for STP 15-21, 15-22
alarms, RMON 25-3
allowed-VLAN list 12-18
ARP
defined 1-4, 6-26
table
address resolution 6-26
managing 6-26
attributes, RADIUS
vendor-proprietary 8-30
vendor-specific 8-29
audience xliii
authentication
local mode with AAA 8-32
NTP associations 6-4
RADIUS
key 8-21
login 8-23
TACACS+
defined 8-11
key 8-13
login 8-14
See also port-based authentication
authentication failed VLAN
See restricted VLAN
authoritative time source, described 6-2
authorization
with RADIUS 8-27
with TACACS+ 8-11, 8-16
authorized ports with IEEE 802.1x 9-7
autoconfiguration 3-3
automatic discovery
considerations
beyond a noncandidate device 5-7
brand new switches 5-8
connectivity 5-4
different VLANs 5-6
management VLANs 5-7
non-CDP-capable devices 5-6
noncluster-capable devices 5-6
in switch clusters 5-4
See also CDP
automatic QoS
See QoS
automatic recovery, clusters 5-9
See also HSRP
auto-MDIX
configuring 10-16
described 10-15
autonegotiation
duplex mode 1-2
interface configuration guidelines 10-12
mismatches 31-11
autosensing, port speed 1-2
auxiliary VLAN
See voice VLAN
availability, features 1-5
B
BackboneFast
described 17-5
disabling 17-14
enabling 17-13
support for 1-5
backup interfaces
See Flex Links
backup links 18-1
banners
configuring
login 6-19
message-of-the-day login 6-18
default configuration 6-17
when displayed 6-17
binding database
DHCP snooping
See DHCP snooping binding database
bindings
DHCP snooping database 19-5
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 21-6
booting
boot loader, function of 3-2
boot process 3-1
manually 3-13
specific image 3-13
boot loader
accessing 3-14
described 3-2
environment variables 3-14
prompt 3-14
trap-door mechanism 3-2
BPDU
error-disabled state 17-2
filtering 17-3
RSTP format 16-12
BPDU filtering
described 17-3
disabling 17-12
enabling 17-12
support for 1-6
BPDU guard
described 17-2
disabling 17-11
enabling 17-11
support for 1-6
bridge protocol data unit
See BPDU
broadcast storm-control command 21-4
broadcast storms 21-1
C
cables, monitoring for unidirectional links 24-1
candidate switch
automatic discovery 5-4
defined 5-3
requirements 5-3
See also command switch, cluster standby group, and member switch
CA trustpoint
configuring 8-40
defined 8-38
caution, described xliv
CDP
and trusted boundary 29-36
automatic discovery in switch clusters 5-4
configuring 22-2
default configuration 22-2
described 22-1
disabling for routing device22-3to 22-4
enabling and disabling
on an interface 22-4
on a switch 22-3
monitoring 22-4
overview 22-1
support for 1-4
transmission timer and holdtime, setting 22-2
updates 22-2
CGMP
as IGMP snooping learning method 20-8
joining multicast group 20-3
CipherSuites 8-39
Cisco 7960 IP Phone 14-1
Cisco Discovery Protocol
See CDP
Cisco Intelligence Engine 2100 Series Configuration Registrar
See IE2100
Cisco IOS File System
See IFS
Cisco Network Assistant
See Network Assistant
CiscoWorks 2000 1-4, 27-4
CIST regional root
See MSTP
CIST root
See MSTP
class maps for QoS
configuring 29-43
described 29-7
displaying 29-68
class of service
See CoS
clearing interfaces 10-20
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-4
editing features
enabling and disabling 2-7
keystroke editing 2-7
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
managing clusters 5-15
no and default forms of commands 2-4
client mode, VTP 13-3
clock
See system clock
cluster requirements xlv
clusters, switch
accessing 5-13
automatic discovery 5-4
automatic recovery 5-9
benefits 1-1
compatibility 5-4
described 5-1
LRE profile considerations 5-15
managing
through CLI 5-15
through SNMP 5-16
planning 5-4
planning considerations
automatic discovery 5-4
automatic recovery 5-9
CLI 5-15
host names 5-13
IP addresses 5-13
LRE profiles 5-15
passwords 5-14
clusters, switch (continued)
planning considerations (continued)
RADIUS 5-15
SNMP 5-14, 5-16
TACACS+ 5-15
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
automatic recovery 5-12
considerations 5-11
defined 5-2
requirements 5-3
virtual IP address 5-11
See also HSRP
CNS
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-8
Coarse Wave Division Multiplexer
See CWDM SFPs
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 8-8
command switch
accessing 5-11
active (AC) 5-9
configuration conflicts 31-11
command switch (continued)
defined 5-2
passive (PC) 5-9
password privilege levels 5-15
priority 5-9
recovery
from command-switch failure 5-9, 31-7
from lost member connectivity 31-11
redundant 5-9
replacing
with another switch 31-10
with cluster member 31-8
requirements 5-3
standby (SC) 5-9
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
configuring 5-14, 27-8
for cluster switches 27-4
in clusters 5-14
overview 27-4
SNMP 5-14
compatibility, feature 21-11
config.text 3-12
configurable leave timer, IGMP 20-5
configuration, initial
defaults 1-10
Express Setup 1-2
See also getting started guide and hardware installation guide
configuration conflicts, recovering from lost member connectivity 31-11
configuration examples, network 1-12
configuration files
clearing the startup configuration B-18
creating using a text editor B-9
default name 3-12
deleting a stored configuration B-18
described B-8
configuration files (continued)
downloading
automatically 3-12
preparing B-10, B-12, B-15
reasons for B-8
using FTP B-13
using RCP B-16
using TFTP B-10
guidelines for creating and using B-8
invalid combinations when copying B-5
limiting TFTP server access 27-16
obtaining with DHCP 3-7
password recovery disable considerations 8-5
specifying the filename 3-12
system contact and location information 27-15
types and location B-9
uploading
preparing B-10, B-12, B-15
reasons for B-8
using FTP B-14
using RCP B-17
using TFTP B-11
configuration logging 2-5
configuration settings, saving 3-10
configure terminal command 10-6
config-vlan mode 2-2, 12-6
conflicts, configuration 31-11
connections, secure remote 8-33
connectivity problems 31-12, 31-14, 31-15
consistency checks in VTP Version 2 13-4
console port, connecting to 2-10
conventions
command xliv
for examples xliv
publication xliv
text xliv
corrupted software, recovery steps with Xmodem 31-2
CoS
in Layer 2 frames 29-2
override priority 14-6
trust priority 14-6
CoS input queue threshold map for QoS 29-15
CoS output queue threshold map for QoS 29-18
CoS-to-DSCP map for QoS 29-51
counters, clearing interface 10-20
crashinfo file 31-21
critical authentication, IEEE 802.1x 9-31
cryptographic software image
SSH 8-33
SSL 8-37
CWDM SFPs 1-17
D
daylight saving time 6-13
debugging
enabling all system diagnostics 31-19
enabling for a specific feature 31-18
redirecting error message output 31-19
using commands 31-18
default commands 2-4
default configuration
802.1x 9-18
auto-QoS 29-20
banners 6-17
booting 3-12
CDP 22-2
DHCP 19-7
DHCP option 82 19-7
DHCP snooping 19-7
DHCP snooping binding database 19-7
DNS 6-16
EtherChannel 30-8
Ethernet interfaces 10-10
Flex Links 18-4
IGMP filtering 20-24
default configuration (continued)
IGMP snooping 20-6
IGMP throttling 20-24
initial switch information 3-3
Layer 2 interfaces 10-10
MAC address table 6-21
MAC address-table move update 18-4
MSTP 16-14
MVR 20-19
NTP 6-4
optional spanning-tree configuration 17-9
password and privilege level 8-2
RADIUS 8-20
RMON 25-3
RSPAN 23-9
SDM template 7-2
SNMP 27-7
SPAN 23-9
SSL 8-39
standard QoS 29-29
STP 15-11
system message logging 26-3
system name and prompt 6-15
TACACS+ 8-13
UDLD 24-4
VLAN, Layer 2 Ethernet interfaces 12-16
VLANs 12-7
VMPS 12-25
voice VLAN 14-3
VTP 13-6
default gateway 3-10
deleting VLANs 12-9
denial-of-service attack 21-1
description command 10-16
designing your network, examples 1-12
destination addresses, in IPv4 ACLs 28-9
destination-IP address-based forwarding, EtherChannel 30-7
destination-MAC address forwarding, EtherChannel 30-6
detecting indirect link failures, STP 17-5
device B-18
device discovery protocol 22-1
device manager
benefits 1-1
described 1-2, 1-4
in-band management 1-5
requirements xliv
upgrading a switch B-18
DHCP
Cisco IOS server database
configuring 19-11
enabling
relay agent 19-9
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-6
relay device 3-6
server side 3-5
TFTP server 3-5
example 3-8
lease options
for IP address information 3-5
for receiving the configuration file 3-5
overview 3-3
relationship to BOOTP 3-3
relay support 1-4
support for 1-4
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 19-5
configuration guidelines 19-7
default configuration 19-7
displaying 19-12
DHCP option 82 (continued)
overview 19-3
packet format, suboption
circuit ID 19-5
remote ID 19-5
remote ID suboption 19-5
DHCP snooping
accepting untrusted packets form edge switch 19-3, 19-10
binding database
See DHCP snooping binding database
configuration guidelines 19-7
default configuration 19-7
displaying binding tables 19-12
message exchange process 19-4
option 82 data insertion 19-3
trusted interface 19-2
untrusted interface 19-2
untrusted messages 19-2
DHCP snooping binding database
adding bindings 19-11
binding entries, displaying 19-12
binding file
format 19-6
location 19-5
bindings 19-5
clearing agent statistics 19-12
configuration guidelines 19-9
configuring 19-11
default configuration 19-7
deleting
binding file 19-12
bindings 19-12
database agent 19-12
described 19-5
displaying 19-12
displaying status and statistics 19-12
enabling 19-11
entry 19-5
DHCP snooping binding database (continued)
renewing database 19-12
resetting
delay value 19-12
timeout value 19-12
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 29-2
Differentiated Services Code Point 29-2
directed unicast requests 1-4
directories
changing B-3
creating and removing B-4
displaying the working B-3
discovery, clusters
See automatic discovery
DNS
and DHCP-based autoconfiguration 3-6
default configuration 6-16
displaying the configuration 6-17
overview 6-15
setting up 6-16
support for 1-4
documentation, related xliv
document conventions xliv
domain names
DNS 6-15
VTP 13-8
Domain Name System
See DNS
downloading
configuration files
preparing B-10, B-12, B-15
reasons for B-8
using FTP B-13
using RCP B-16
using TFTP B-10
downloading (continued)
image files
deleting old image B-23
preparing B-21, B-25, B-29
reasons for B-19
using CMS 1-2
using FTP B-26
using HTTP 1-2, B-18
using RCP B-30
using TFTP B-22
using the device manager or Network Assistant B-18
DSCP 1-8, 29-2
DSCP input queue threshold map for QoS 29-15
DSCP output queue threshold map for QoS 29-18
DSCP-to-CoS map for QoS 29-54
DSCP-to-DSCP-mutation map for QoS 29-55
DSCP transparency 29-36
DTP 1-7, 12-14
dual-purpose uplinks
defined 10-4
setting the type 10-12
dynamic access ports
characteristics 12-3
configuring 12-26
defined 10-3
dynamic addresses
See addresses
dynamic auto trunking mode 12-15
dynamic desirable trunking mode 12-15
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 12-24
reconfirming 12-27
troubleshooting 12-29
types of connections 12-26
Dynamic Trunking Protocol
See DTP
E
editing features
enabling and disabling 2-7
keystrokes used 2-7
wrapped lines 2-9
enable password 8-3
enable secret password 8-3
encryption, CipherSuite 8-39
encryption for passwords 8-3
environment variables, function of 3-15
error messages during command entry 2-5
EtherChannel
automatic creation of 30-3, 30-5
channel groups
binding physical and logical interfaces 30-3
numbering of 30-3
configuration guidelines 30-9
configuring Layer 2 interfaces 30-10
default configuration 30-8
described 30-2
displaying status 30-16
forwarding methods 30-6, 30-12
IEEE 802.3ad, described 30-5
interaction
with STP 30-9
with VLANs 30-9
LACP
described 30-5
displaying status 30-16
hot-standby ports 30-14
interaction with other features 30-5
modes 30-5
port priority 30-15
system priority 30-15
load balancing 30-6, 30-12
PAgP
aggregate-port learners 30-13
compatibility with Catalyst 1900 30-13
described 30-3
displaying status 30-16
interaction with other features 30-4
learn method and priority configuration 30-13
modes 30-4
support for 1-3
port-channel interfaces
described 30-3
numbering of 30-3
port groups 10-4
support for 1-3
EtherChannel guard
described 17-7
disabling 17-14
enabling 17-14
Ethernet VLANs
adding 12-8
defaults and ranges 12-7
modifying 12-8
events, RMON 25-3
examples
conventions for xliv
network configuration 1-12
expedite queue for QoS 29-66
Express Setup 1-2
See also getting started guide
extended crashinfo file 31-21
extended-range VLANs
configuration guidelines 12-12
configuring 12-11
creating 12-12
defined 12-1
extended system ID
MSTP 16-17
STP 15-4, 15-14
Extensible Authentication Protocol over LAN 9-1
F
features, incompatible 21-11
fiber-optic, detecting unidirectional links 24-1
files
basic crashinfo
description 31-21
location 31-21
copying B-4
crashinfo
description 31-21
deleting B-5
displaying the contents of B-7
extended crashinfo
description 31-22
location 31-22
tar
creating B-5
displaying the contents of B-6
extracting B-7
image file format B-20
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-4
setting the default B-3
filtering
non-IP traffic 28-19
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
See ACLs, IP
flash device, number of B-1
Flex Links
configuration guidelines 18-4
configuring 18-5
default configuration 18-4
description 18-1
monitoring 18-8
flooded traffic, blocking 21-7
flow-based packet classification 1-8
flowcharts
QoS classification 29-6
QoS egress queueing and scheduling 29-16
QoS ingress queueing and scheduling 29-14
QoS policing and marking 29-10
flowcontrol
configuring 10-15
described 10-14
forward-delay time
MSTP 16-23
STP 15-21
FTP
accessing MIB files A-4
configuration files
downloading B-13
overview B-12
preparing the server B-12
uploading B-14
image files
deleting old image B-28
downloading B-26
preparing the server B-25
uploading B-28
G
get-bulk-request operation 27-3
get-next-request operation 27-3, 27-5
get-request operation 27-3, 27-5
get-response operation 27-3
global configuration mode 2-2
global leave, IGMP 20-12
guest VLAN and 802.1x 9-11
guide
audience xliii
purpose of xliii
guide mode 1-2
GUIs
See device manager and Network Assistant
H
hello time
MSTP 16-22
STP 15-20
help, for the command line 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 26-9
host names
in clusters 5-13
hosts, limit on dynamic ports 12-29
HP OpenView 1-4
HSRP
automatic cluster recovery 5-12
cluster standby group considerations 5-11
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
see HTTPS
HTTPS 8-37
configuring 8-41
self-signed certificate 8-38
HTTP secure server 8-37
I
ICMP
time-exceeded messages 31-16
traceroute and 31-16
ICMP ping
executing 31-13
overview 31-13
IDS appliances
and ingress RSPAN 23-20
and ingress SPAN 23-13
IEEE 802.1D
See STP
IEEE 802.1p 14-1
IEEE 802.1Q
and trunk ports 10-3
configuration limitations 12-15
encapsulation 12-14
native VLAN for untagged traffic 12-19
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3x flow control 10-14
ifIndex values, SNMP 27-6
IFS 1-5
IGMP
configurable leave timer
described 20-5
enabling 20-11
flooded multicast traffic
controlling the length of time 20-12
disabling on an interface 20-13
global leave 20-12
query solicitation 20-12
recovering from flood mode 20-12
joining multicast group 20-3
join messages 20-3
leave processing, enabling 20-10
leaving multicast group 20-5
queries 20-4
report suppression
described 20-6
disabling 20-15
supported versions 20-2
support for 1-3
IGMP filtering
configuring 20-24
default configuration 20-24
described 20-23
monitoring 20-28
support for 1-3
IGMP groups
configuring filtering 20-27
setting the maximum number 20-26
IGMP Immediate Leave
configuration guidelines 20-11
described 20-5
enabling 20-10
IGMP profile
applying 20-25
configuration mode 20-24
configuring 20-25
IGMP snooping
and address aliasing 20-2
configuring 20-6
default configuration 20-6
definition 20-1
IGMP snooping (continued)
enabling and disabling 20-7
global configuration 20-7
Immediate Leave 20-5
method 20-8
monitoring 20-15
querier
configuration guidelines 20-14
configuring 20-14
supported versions 20-2
support for 1-3
VLAN configuration 20-7
IGMP throttling
configuring 20-27
default configuration 20-24
described 20-24
displaying action 20-28
Immediate Leave, IGMP 20-5
inaccessible authentication bypass 9-13
initial configuration
defaults 1-10
Express Setup 1-2
See also getting started guide and hardware installation guide
interface
number 10-5
range macros 10-8
interface command10-5to 10-6
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 10-15
configuration guidelines
duplex and speed 10-11
configuring
procedure 10-6
counters, clearing 10-20
default configuration 10-10
described 10-16
descriptive name, adding 10-16
interfaces (continued)
displaying information about 10-19
flow control 10-14
management 1-4
monitoring 10-19
naming 10-16
physical, identifying 10-5
range of 10-6
restarting 10-20
shutting down 10-20
speed and duplex, configuring 10-13
status 10-19
supported 10-5
types of 10-1
interfaces range macro command 10-8
interface types 10-5
Intrusion Detection System
See IDS appliances
IP ACLs
for QoS classification 29-7
implicit deny 28-7, 28-11
implicit masks 28-7
named 28-12
undefined 28-17
IP addresses
candidate or member 5-3, 5-13
cluster access 5-2
command switch 5-3, 5-11, 5-13
discovering 6-26
redundant clusters 5-11
standby command switch 5-11, 5-13
See also IP information
ip igmp profile command 20-24
IP information
assigned
manually 3-9
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP phones
and QoS 14-1
automatic classification and queueing 29-19
configuring 14-4
ensuring port security with QoS 29-35
trusted boundary for QoS 29-35
IP precedence 29-2
IP-precedence-to-DSCP map for QoS 29-52
IP protocols in ACLs 28-9
IP traceroute
executing 31-16
overview 31-15
IPv4 ACLs
applying to interfaces 28-16
extended, creating 28-8
named 28-12
standard, creating 28-7
J
join messages, IGMP 20-3
L
LACP
See EtherChannel
Layer 2 frames, classification with CoS 29-2
Layer 2 interfaces, default configuration 10-10
Layer 2 traceroute
and ARP 31-15
and CDP 31-14
broadcast traffic 31-14
described 31-14
IP addresses and subnets 31-15
MAC addresses and VLANs 31-15
multicast traffic 31-15
multiple devices on a port 31-15
Layer 2 traceroute (continued)
unicast traffic 31-14
usage guidelines 31-14
Layer 3 packets, classification methods 29-2
LDAP 4-2
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-3
Link Aggregation Control Protocol
See EtherChannel
Link Failure
detecting unidirectional 16-8
link redundancy
See Flex Links
links, unidirectional 24-1
link-state tracking
configuring 30-19
described 30-17
local SPAN 23-2
login authentication
with RADIUS 8-23
with TACACS+ 8-14
login banners 6-17
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-13
loop guard
described 17-9
enabling 17-15
support for 1-7
LRE profiles, considerations in switch clusters 5-15
M
MAC addresses
aging time 6-21
and VLAN association 6-20
building the address table 6-20
default configuration 6-21
discovering 6-26
displaying 6-26
dynamic
learning 6-20
removing 6-21
in ACLs 28-19
static
adding 6-24
allowing 6-25
characteristics of 6-24
dropping 6-25
removing 6-24
MAC address notification, support for 1-9
MAC address-table move update
configuration guidelines 18-4
configuring 18-6
default configuration 18-4
description 18-2
monitoring 18-8
MAC address-to-VLAN mapping 12-24
MAC extended access lists
applying to Layer 2 interfaces 28-21
configuring for QoS 29-42
creating 28-19
defined 28-19
for QoS classification 29-5
macros
See Smartports macros
magic packet 9-15
manageability features 1-4
management access
in-band
browser session 1-5
CLI session 1-5
device manager 1-5
SNMP 1-5
out-of-band console port connection 1-5
management options
CLI 2-1
clustering 1-2
CNS 4-1
Network Assistant 1-2
overview 1-4
management VLAN
considerations in switch clusters 5-7
discovery through different management VLANs 5-7
mapping tables for QoS
configuring
CoS-to-DSCP 29-51
DSCP 29-50
DSCP-to-CoS 29-54
DSCP-to-DSCP-mutation 29-55
IP-precedence-to-DSCP 29-52
policed-DSCP 29-53
described 29-11
marking
action in policy map 29-45
action with aggregate policers 29-48
described 29-4, 29-8
matching, IPv4 ACLs 28-5
maximum aging time
MSTP 16-23
STP 15-21
maximum hop count, MSTP 16-24
membership mode, VLAN port 12-3
member switch
automatic discovery 5-4
defined 5-2
managing 5-15
member switch (continued)
passwords 5-13
recovering from lost connectivity 31-11
requirements 5-3
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 6-17
MIBs
accessing files with FTP A-4
location of files A-4
overview 27-1
SNMP interaction with 27-4
supported A-1
mirroring traffic for analysis 23-1
mismatches, autonegotiation 31-11
module number 10-5
monitoring
access groups 28-22
cables for unidirectional links 24-1
CDP 22-4
features 1-9
Flex Links 18-8
IGMP
filters 20-28
snooping 20-15
interfaces 10-19
IPv4 ACL configuration 28-22
MAC address-table move update 18-8
multicast router interfaces 20-16
MVR 20-23
network traffic for analysis with probe 23-2
port
blocking 21-16
protection 21-16
SFP status 10-19, 31-12
speed and duplex mode 10-14
traffic flowing among switches 25-1
traffic suppression 21-16
VLANs 12-13
VMPS 12-28
VTP 13-16
MSTP
boundary ports
configuration guidelines 16-15
described 16-6
BPDU filtering
described 17-3
enabling 17-12
BPDU guard
described 17-2
enabling 17-11
CIST, described 16-3
CIST regional root 16-3
CIST root 16-5
configuration guidelines 16-15, 17-10
configuring
forward-delay time 16-23
hello time 16-22
link type for rapid convergence 16-24
maximum aging time 16-23
maximum hop count 16-24
MST region 16-16
neighbor type 16-25
path cost 16-20
port priority 16-19
root switch 16-17
secondary root switch 16-18
switch priority 16-21
CST
defined 16-3
operations between regions 16-4
default configuration 16-14
default optional feature configuration 17-9
displaying status 16-26
enabling the mode 16-16
EtherChannel guard
described 17-7
enabling 17-14
extended system ID
effects on root switch 16-17
effects on secondary root switch 16-18
unexpected behavior 16-17
IEEE 802.1s
implementation 16-6
port role naming change 16-7
terminology 16-5
instances supported 15-9
interface state, blocking to forwarding 17-2
interoperability and compatibility among modes 15-10
interoperability with IEEE 802.1D
described 16-8
restarting migration process 16-25
IST
defined 16-3
master 16-3
operations within a region 16-3
loop guard
described 17-9
enabling 17-15
mapping VLANs to MST instance 16-16
MST region
CIST 16-3
configuring 16-16
described 16-2
hop-count mechanism 16-5
IST 16-3
supported spanning-tree instances 16-2
optional features supported 1-5
overview 16-2
Port Fast
described 17-2
enabling 17-10
preventing root switch selection 17-8
root guard
described 17-8
enabling 17-15
root switch
configuring 16-17
effects of extended system ID 16-17
unexpected behavior 16-17
shutdown Port Fast-enabled port 17-2
status, displaying 16-26
multicast groups
Immediate Leave 20-5
joining 20-3
leaving 20-5
static joins 20-10
multicast router interfaces, monitoring 20-16
multicast router ports, adding 20-9
multicast storm 21-1
multicast storm-control command 21-4
multicast television application 20-18
multicast VLAN 20-17
Multicast VLAN Registration
See MVR
MVR
and address aliasing 20-20
and IGMPv3 20-20
configuration guidelines 20-20
configuring interfaces 20-21
default configuration 20-19
described 20-17
example application 20-18
modes 20-21
monitoring 20-23
multicast television application 20-18
setting global parameters 20-20
support for 1-3
N
NAC
critical authentication 9-13, 9-31
IEEE 802.1x authentication using a RADIUS server 9-35
IEEE 802.1x validation using RADIUS server 9-35
inaccessible authentication bypass 9-31
Layer 2 IEEE 802.1x validation 1-8, 9-35
Layer 2 IEEE802.1x validation 9-17
named IPv4 ACLs 28-12
NameSpace Mapper
See NSM
native VLAN
configuring 12-19
default 12-19
Network Admission Control
See NAC
Network Assistant
benefits 1-1
described 1-4
downloading image files 1-2
guide mode 1-2
management options 1-2
requirements xliv
upgrading a switch B-18
wizards 1-2
network configuration examples
increasing network performance 1-12
long-distance, high-bandwidth transport 1-17
providing network services 1-13
server aggregation and Linux server cluster 1-15
small to medium-sized network 1-16
network design
performance 1-13
services 1-13
network management
CDP 22-1
RMON 25-1
SNMP 27-1
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
configuring 29-45
described 29-8
non-IP traffic filtering 28-19
nontrunking mode 12-15
normal-range VLANs 12-4
configuration guidelines 12-5
configuration modes 12-6
configuring 12-4
defined 12-1
note, described xliv
NSM 4-3
NTP
associations
authenticating 6-4
defined 6-2
enabling broadcast messages 6-6
peer 6-5
server 6-5
default configuration 6-4
displaying the configuration 6-11
overview 6-2
restricting access
creating an access group 6-8
disabling NTP services per interface 6-10
source IP address, configuring 6-10
stratum 6-2
support for 1-5
synchronizing devices 6-5
time
services 6-2
synchronizing 6-2
O
optimizing system resources 7-1
options, management 1-4
out-of-profile markdown 1-9
P
packet modification, with QoS 29-18
PAgP
See EtherChannel
passwords
default configuration 8-2
disabling recovery of 8-5
encrypting 8-3
for security 1-7
in clusters 5-14
overview 8-1
recovery of 31-3
setting
enable 8-3
enable secret 8-3
Telnet 8-6
with usernames 8-6
VTP domain 13-8
path cost
MSTP 16-20
STP 15-18
PC (passive command switch) 5-9
performance, network design 1-12
performance features 1-2
persistent self-signed certificate 8-38
per-VLAN spanning-tree plus
See PVST+
physical ports 10-2
PIM-DVMRP, as snooping method 20-8
ping
character output description 31-13
executing 31-13
overview 31-13
policed-DSCP map for QoS 29-53
policers
configuring
for each matched traffic class 29-45
for more than one traffic class 29-48
described 29-4
displaying 29-68
number of 29-31
types of 29-8
policing
described 29-4
token-bucket algorithm 29-9
policy maps for QoS
characteristics of 29-45
described 29-7
displaying 29-68
nonhierarchical on physical ports
configuring 29-45
described 29-8
port ACLs, described 28-2
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 9-9
authentication server
defined 9-2
RADIUS server 9-2
client, defined 9-2
configuration guidelines 9-19
configuring
802.1x authentication 9-21
guest VLAN 9-29
host mode 9-24
inaccessible authentication bypass 9-31
manual re-authentication of a client 9-25
port-based authentication (continued)
configuring (continued)
periodic re-authentication 9-24
quiet period 9-25
RADIUS server 9-24
RADIUS server parameters on the switch 9-23
restricted VLAN 9-30
switch-to-client frame-retransmission number 9-27
switch-to-client retransmission time 9-26
default configuration 9-18
described 9-1
device roles 9-2
displaying statistics 9-36
EAPOL-start frame 9-5
EAP-request/identity frame 9-5
EAP-response/identity frame 9-5
encapsulation 9-3
guest VLAN
configuration guidelines 9-11, 9-12
described 9-11
host mode 9-8
inaccessible authentication bypass
configuring 9-31
described 9-13
guidelines 9-20
initiation and message exchange 9-5
magic packet 9-15
method lists 9-21
multiple-hosts mode, described 9-8
ports
authorization state and dot1x port-control command 9-7
authorized and unauthorized 9-7
critical 9-13
voice VLAN 9-14
port-based authentication (continued)
port security
and voice VLAN 9-15
described 9-14
interactions 9-15
multiple-hosts mode 9-8
resetting to default values 9-36
statistics, displaying 9-36
switch
as proxy 9-3
RADIUS client 9-3
upgrading from a previous release 9-21
VLAN assignment
AAA authorization 9-21
characteristics 9-10
configuration tasks 9-11
described 9-10
voice VLAN
described 9-14
PVID 9-14
VVID 9-14
wake-on-LAN, described 9-15
port blocking 1-3, 21-6
port-channel
See EtherChannel
Port Fast
described 17-2
enabling 17-10
mode, spanning tree 12-25
support for 1-6
port membership modes, VLAN 12-3
port priority
MSTP 16-19
STP 15-16
ports
access 10-2
blocking 21-6
dual-purpose uplink 10-4
dynamic access 12-3
protected 21-5
secure 21-7
static-access 12-3, 12-10
switch 10-2
trunks 12-3, 12-14
VLAN assignments 12-10
port security
aging 21-15
and QoS trusted boundary 29-35
configuring 21-11
default configuration 21-10
described 21-7
displaying 21-16
on trunk ports 21-12
sticky learning 21-8
violations 21-9
with other features 21-10
port-shutdown response, VMPS 12-24
preemption
default configuration 18-4
preemption delay
default configuration 18-4
preferential treatment of traffic
See QoS
preventing unauthorized access 8-1
primary links 18-2
priority
overriding CoS 14-6
trusting CoS 14-6
private VLAN edge ports
See protected ports
privileged EXEC mode 2-2
privilege levels
changing the default for lines 8-9
command switch 5-15
exiting 8-9
logging into 8-9
mapping on member switches 5-15
privilege levels (continued)
overview 8-2, 8-7
setting a command with 8-8
protected ports 1-7, 21-5
pruning, VTP
disabling
in VTP domain 13-14
on a port 12-19
enabling
in VTP domain 13-14
on a port 12-19
examples 13-5
overview 13-4
pruning-eligible list
changing 12-19
for VTP pruning 13-4
VLANs 13-14
PVST+
described 15-9
IEEE 802.1Q trunking interoperability 15-10
instances supported 15-9
Q
QoS
and MQC commands 29-1
auto-QoS
categorizing traffic 29-20
configuration and defaults display 29-28
configuration guidelines 29-24
described 29-19
disabling 29-25
displaying generated commands 29-25
displaying the initial configuration 29-28
effects on running configuration 29-24
egress queue defaults 29-20
enabling for VoIP 29-25
example configuration 29-26
auto-QoS (continued)
ingress queue defaults 29-20
list of generated commands 29-21
basic model 29-4
classification
class maps, described 29-7
defined 29-4
DSCP transparency, described 29-36
flowchart 29-6
forwarding treatment 29-3
in frames and packets 29-3
IP ACLs, described 29-5, 29-7
MAC ACLs, described 29-5, 29-7
options for IP traffic 29-5
options for non-IP traffic 29-5
policy maps, described 29-7
trust DSCP, described 29-5
trusted CoS, described 29-5
trust IP precedence, described 29-5
class maps
configuring 29-43
displaying 29-68
configuration guidelines
auto-QoS 29-24
standard QoS 29-31
configuring
aggregate policers 29-48
auto-QoS 29-19
default port CoS value 29-34
DSCP maps 29-50
DSCP transparency 29-36
DSCP trust states bordering another domain 29-37
egress queue characteristics 29-60
ingress queue characteristics 29-56
IP extended ACLs 29-41
IP standard ACLs 29-40
MAC ACLs 29-42
policy maps on physical ports 29-45
configuring (continued)
sport trust states within the domain 29-33
trusted boundary 29-35
default auto configuration 29-20
default standard configuration 29-29
displaying statistics 29-68
DSCP transparency 29-36
egress queues
allocating buffer space 29-61
buffer allocation scheme, described 29-17
configuring shaped weights for SRR 29-65
configuring shared weights for SRR 29-66
described 29-4
displaying the threshold map 29-64
flowchart 29-16
mapping DSCP or CoS values 29-63
scheduling, described 29-4
setting WTD thresholds 29-61
WTD, described 29-18
enabling globally 29-32
flowcharts
classification 29-6
egress queueing and scheduling 29-16
ingress queueing and scheduling 29-14
policing and marking 29-10
implicit deny 29-7
ingress queues
allocating bandwidth 29-58
allocating buffer space 29-58
buffer and bandwidth allocation, described 29-15
configuring shared weights for SRR 29-58
configuring the priority queue 29-59
described 29-4
displaying the threshold map 29-57
flowchart 29-14
mapping DSCP or CoS values 29-57
priority queue, described 29-15
scheduling, described 29-4
ingress queues (continued)
setting WTD thresholds 29-57
WTD, described 29-15
IP phones
automatic classification and queueing 29-19
detection and trusted settings 29-19, 29-35
limiting bandwidth on egress interface 29-67
mapping tables
CoS-to-DSCP 29-51
displaying 29-68
DSCP-to-CoS 29-54
DSCP-to-DSCP-mutation 29-55
IP-precedence-to-DSCP 29-52
policed-DSCP 29-53
types of 29-11
marked-down actions 29-47
marking, described 29-4, 29-8
overview 29-1
packet modification 29-18
policers
configuring 29-47, 29-49
described 29-8
displaying 29-68
number of 29-31
types of 29-8
policies, attaching to an interface 29-8
policing
described 29-4, 29-8
token bucket algorithm 29-9
policy maps
characteristics of 29-45
displaying 29-68
nonhierarchical on physical ports 29-45
QoS label, defined 29-4
queues
configuring egress characteristics 29-60
configuring ingress characteristics 29-56
high priority (expedite) 29-18, 29-66
queues (continued)
location of 29-12
SRR, described 29-13
WTD, described 29-12
rewrites 29-18
support for 1-8
trust states
bordering another domain 29-37
described 29-5
trusted device 29-35
within the domain 29-33
quality of service
See QoS
queries, IGMP 20-4
query solicitation, IGMP 20-12
R
RADIUS
attributes
vendor-proprietary 8-30
vendor-specific 8-29
configuring
accounting 8-28
authentication 8-23
authorization 8-27
communication, global 8-21, 8-29
communication, per-server 8-20, 8-21
multiple UDP ports 8-21
default configuration 8-20
defining AAA server groups 8-25
displaying the configuration 8-31
identifying the server 8-20
in clusters 5-15
limiting the services to the user 8-27
method list, defined 8-20
operation of 8-19
overview 8-18
suggested network environments 8-18
support for 1-8
tracking services accessed by user 8-28
range
macro 10-8
of interfaces 10-7
rapid convergence 16-10
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 15-9
IEEE 802.1Q trunking interoperability 15-10
instances supported 15-9
Rapid Spanning Tree Protocol
See RSTP
rcommand command 5-15
RCP
configuration files
downloading B-16
overview B-15
preparing the server B-15
uploading B-17
image files
deleting old image B-32
downloading B-30
preparing the server B-29
uploading B-32
reconfirmation interval, VMPS, changing 12-27
reconfirming dynamic VLAN membership 12-27
recovery procedures 31-1
redundancy
EtherChannel 30-2
STP
backbone 15-8
path cost 12-22
port priority 12-20
redundant links and UplinkFast 17-13
reloading software 3-15
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 23-2
report suppression, IGMP
described 20-6
disabling 20-15
requirements
cluster xlv
device manager xliv
Network Assistant xliv
resequencing ACL entries 28-12
resetting a UDLD-shutdown interface 24-6
restricted VLAN
configuring 9-30
described 9-12
using with IEEE 802.1x 9-12
restricting access
NTP services 6-8
overview 8-1
passwords and privilege levels 8-2
RADIUS 8-17
TACACS+ 8-10
retry count, VMPS, changing 12-28
RFC
1112, IP multicast and IGMP 20-2
1157, SNMPv1 27-2
1305, NTP 6-2
1757, RMON 25-2
1901, SNMPv2C 27-2
1902 to 1907, SNMPv2 27-2
2236, IP multicast and IGMP 20-2
2273-2275, SNMPv3 27-2
RMON
default configuration 25-3
displaying status 25-6
enabling alarms and events 25-3
groups supported 25-2
overview 25-1
statistics
collecting group Ethernet 25-5
collecting group history 25-5
support for 1-9
root guard
described 17-8
enabling 17-15
support for 1-7
root switch
MSTP 16-17
STP 15-14
RSPAN 23-2
characteristics 23-7
configuration guidelines 23-16
default configuration 23-9
destination ports 23-6
displaying status 23-22
interaction with other features 23-8
monitored ports 23-5
monitoring ports 23-6
overview 1-9, 23-1
received traffic 23-4
sessions
creating 23-16
defined 23-3
limiting source traffic to specific VLANs 23-21
specifying monitored ports 23-16
with ingress traffic enabled 23-20
source ports 23-5
transmitted traffic 23-5
VLAN-based 23-6
RSTP
active topology 16-9
BPDU
format 16-12
processing 16-13
designated port, defined 16-9
designated switch, defined 16-9
interoperability with IEEE 802.1D
described 16-8
restarting migration process 16-25
topology changes 16-13
overview 16-8
port roles
described 16-9
synchronized 16-11
proposal-agreement handshake process 16-10
rapid convergence
described 16-10
edge ports and Port Fast 16-10
point-to-point links 16-10, 16-24
root ports 16-10
root port, defined 16-9
See also MSTP
running configuration, saving 3-10
S
SC (standby command switch) 5-9
scheduled reloads 3-15
SDM
described 7-1
templates
configuring 7-2
number of 7-1
SDM template
configuration guidelines 7-2
configuring 7-2
types of 7-1
secure HTTP client
configuring 8-42
displaying 8-43
secure HTTP server
configuring 8-41
displaying 8-43
secure MAC addresses
deleting 21-14
maximum number of 21-8
types of 21-8
secure ports, configuring 21-7
secure remote connections 8-33
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 21-7
security features 1-7
sequence numbers in log messages 26-7
server mode, VTP 13-3
service-provider network, MSTP and RSTP 16-1
set-request operation 27-5
setup program
failed command switch replacement 31-10
replacing failed command switch 31-8
severity levels, defining in system messages 26-8
SFPs
monitoring status of 10-19, 31-12
security and identification 31-12
status, displaying 31-12
shaped round robin
See SRR
show access-lists hw-summary command 28-17
show and more command output, filtering 2-10
show cdp traffic command 22-5
show cluster members command 5-15
show configuration command 10-16
show forward command 31-19
show interfaces command 10-14, 10-16
show platform forward command 31-19
show running-config command
displaying ACLs 28-16, 28-17
interface description in 10-16
shutdown command on interfaces 10-20
Simple Network Management Protocol
See SNMP
Smartports macros
applying Cisco-default macros 11-6
applying global parameter values 11-5, 11-6
applying macros 11-5
applying parameter values 11-5, 11-7
configuration guidelines 11-3
creating 11-4
default configuration 11-2
defined 11-1
displaying 11-8
tracing 11-3
website 11-2
SNAP 22-1
SNMP
accessing MIB variables with 27-4
agent
described 27-4
disabling 27-8
authentication level 27-11
community strings
configuring 27-8
for cluster switches 27-4
overview 27-4
configuration examples 27-16
default configuration 27-7
engine ID 27-7
groups 27-7, 27-10
host 27-7
ifIndex values 27-6
in-band management 1-5
in clusters 5-14
informs
and trap keyword 27-12
described 27-5
differences from traps 27-5
disabling 27-15
enabling 27-15
limiting access by TFTP servers 27-16
limiting system log messages to NMS 26-9
manager functions 1-4, 27-3
managing clusters with 5-16
MIBs
location of A-4
supported A-1
notifications 27-5
overview 27-1, 27-4
security levels 27-3
status, displaying 27-17
system contact and location 27-15
trap manager, configuring 27-14
traps
described 27-3, 27-5
differences from informs 27-5
disabling 27-15
enabling 27-12
enabling MAC address notification 6-22
overview 27-1, 27-5
types of 27-12
users 27-7, 27-10
versions supported 27-2
SNMPv1 27-2
SNMPv2C 27-2
SNMPv3 27-2
snooping, IGMP 20-1
software images
location in flash B-20
recovery procedures 31-2
scheduling reloads 3-16
tar file format, described B-20
See also downloading and uploading
source addresses, in IPv4 ACLs 28-9
source-and-destination-IP address based forwarding, EtherChannel 30-7
source-and-destination MAC address forwarding, EtherChannel 30-6
source-IP address based forwarding, EtherChannel 30-6
source-MAC address forwarding, EtherChannel 30-6
SPAN
configuration guidelines 23-10
default configuration 23-9
destination ports 23-6
displaying status 23-22
interaction with other features 23-8
monitored ports 23-5
monitoring ports 23-6
overview 1-9, 23-1
ports, restrictions 21-11
received traffic 23-4
sessions
configuring ingress forwarding 23-14, 23-21
creating 23-10
defined 23-3
limiting source traffic to specific VLANs 23-14
removing destination (monitoring) ports 23-12
specifying monitored ports 23-10
with ingress traffic enabled 23-13
source ports 23-5
transmitted traffic 23-5
VLAN-based 23-6
spanning tree and native VLANs 12-15
Spanning Tree Protocol
See STP
SPAN traffic 23-4
SRR
configuring
shaped weights on egress queues 29-65
shared weights on egress queues 29-66
shared weights on ingress queues 29-58
described 29-13
shaped mode 29-13
shared mode 29-13
support for 1-9
SSH
configuring 8-34
cryptographic software image 8-33
described 1-5, 8-33
encryption methods 8-34
user authentication methods, supported 8-34
SSL
configuration guidelines 8-40
configuring a secure HTTP client 8-42
configuring a secure HTTP server 8-41
cryptographic software image 8-37
described 8-37
monitoring 8-43
standby command switch
configuring
considerations 5-11
defined 5-2
priority 5-9
requirements 5-3
virtual IP address 5-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby links 18-2
startup configuration
booting
manually 3-13
specific image 3-13
clearing B-18
startup configuration (continued)
configuration file
automatically downloading 3-12
specifying the filename 3-12
default boot configuration 3-12
static access ports
assigning to VLAN 12-10
defined 10-3, 12-3
static addresses
See addresses
static MAC addressing 1-7
static VLAN membership 12-2
statistics
802.1x 9-36
CDP 22-4
interface 10-19
QoS ingress and egress 29-68
RMON group Ethernet 25-5
RMON group history 25-5
SNMP input and output 27-17
VTP 13-16
sticky learning 21-8
storm control
configuring 21-3
described 21-1
disabling 21-5
displaying 21-16
support for 1-3
thresholds 21-1
STP
accelerating root port selection 17-4
BackboneFast
described 17-5
disabling 17-14
enabling 17-13
BPDU filtering
described 17-3
disabling 17-12
enabling 17-12
BPDU guard
described 17-2
disabling 17-11
enabling 17-11
BPDU message exchange 15-3
configuration guidelines 15-11, 17-10
configuring
forward-delay time 15-21
hello time 15-20
maximum aging time 15-21
path cost 15-18
port priority 15-16
root switch 15-14
secondary root switch 15-16
spanning-tree mode 15-13
switch priority 15-19
transmit hold-count 15-22
counters, clearing 15-22
default configuration 15-11
default optional feature configuration 17-9
designated port, defined 15-3
designated switch, defined 15-3
detecting indirect link failures 17-5
disabling 15-14
displaying status 15-22
EtherChannel guard
described 17-7
disabling 17-14
enabling 17-14
extended system ID
effects on root switch 15-14
effects on the secondary root switch 15-16
overview 15-4
unexpected behavior 15-14
features supported 1-5
IEEE 802.1D and bridge ID 15-4
IEEE 802.1D and multicast addresses 15-8
IEEE 802.1t and VLAN identifier 15-4
inferior BPDU 15-3
instances supported 15-9
interface state, blocking to forwarding 17-2
interface states
blocking 15-6
disabled 15-7
forwarding 15-5, 15-6
learning 15-6
listening 15-6
overview 15-4
interoperability and compatibility among modes 15-10
limitations with IEEE 802.1Q trunks 15-10
load sharing
overview 12-20
using path costs 12-22
using port priorities 12-20
loop guard
described 17-9
enabling 17-15
modes supported 15-9
multicast addresses, effect of 15-8
optional features supported 1-5
overview 15-2
path costs 12-22
Port Fast
described 17-2
enabling 17-10
port priorities 12-21
preventing root switch selection 17-8
protocols supported 15-9
redundant connectivity 15-8
root guard
described 17-8
enabling 17-15
root port, defined 15-3
root switch
configuring 15-14
effects of extended system ID 15-4, 15-14
election 15-3
unexpected behavior 15-14
shutdown Port Fast-enabled port 17-2
status, displaying 15-22
superior BPDU 15-3
timers, described 15-20
UplinkFast
described 17-3
enabling 17-13
stratum, NTP 6-2
success response, VMPS 12-24
summer time 6-13
SunNet Manager 1-4
switch clustering technology 5-1
See also clusters, switch
switch console port 1-5
Switch Database Management
See SDM
Switched Port Analyzer
See SPAN
switched ports 10-2
switchport block multicast command 21-7
switchport block unicast command 21-7
switchport protected command 21-6
switch priority
MSTP 16-21
STP 15-19
switch software features 1-1
syslog
See system message logging
system clock
configuring
daylight saving time 6-13
manually 6-11
summer time 6-13
time zones 6-12
displaying the time and date 6-12
overview 6-1
See also NTP
system message logging
default configuration 26-3
defining error message severity levels 26-8
disabling 26-3
displaying the configuration 26-12
enabling 26-4
facility keywords, described 26-11
level keywords, described 26-9
limiting messages 26-9
message format 26-2
overview 26-1
sequence numbers, enabling and disabling 26-7
setting the display destination device 26-4
synchronizing log messages 26-5
syslog facility 1-10
time stamps, enabling and disabling 26-7
UNIX syslog servers
configuring the daemon 26-10
configuring the logging facility 26-11
facilities supported 26-11
system name
default configuration 6-15
default setting 6-15
manual configuration 6-15
See also DNS
system prompt, default setting 6-14, 6-15
system resources, optimizing 7-1
T
TACACS+
accounting, defined 8-11
authentication, defined 8-11
authorization, defined 8-11
configuring
accounting 8-17
authentication key 8-13
authorization 8-16
login authentication 8-14
default configuration 8-13
displaying the configuration 8-17
identifying the server 8-13
in clusters 5-15
limiting the services to the user 8-16
operation of 8-12
overview 8-10
support for 1-8
tracking services accessed by user 8-17
tar files
creating B-5
displaying the contents of B-6
extracting B-7
image file format B-20
TDR 1-10
Telnet
accessing management interfaces 2-10
number of connections 1-5
setting a password 8-6
templates, SDM 7-1
temporary self-signed certificate 8-38
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 8-6
TFTP
configuration files
downloading B-10
preparing the server B-10
uploading B-11
configuration files in base directory 3-6
configuring for autoconfiguration 3-5
image files
deleting B-23
downloading B-22
preparing the server B-21
uploading B-24
limiting access by servers 27-16
TFTP server 1-4
threshold, traffic level 21-2
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 28-14
time ranges in ACLs 28-14
time stamps in log messages 26-7
time zones 6-12
Token Ring VLANs
support for 12-5
VTP support 13-4
ToS 1-8
traceroute, Layer 2
and ARP 31-15
and CDP 31-14
broadcast traffic 31-14
described 31-14
IP addresses and subnets 31-15
MAC addresses and VLANs 31-15
multicast traffic 31-15
multiple devices on a port 31-15
unicast traffic 31-14
usage guidelines 31-14
traceroute command 31-16
See also IP traceroute
traffic
blocking flooded 21-7
fragmented 28-3
unfragmented 28-3
traffic policing 1-9
traffic suppression 21-1
transmit hold-count
see STP
transparent mode, VTP 13-3, 13-12
trap-door mechanism 3-2
traps
configuring MAC address notification 6-22
configuring managers 27-12
defined 27-3
enabling 6-22, 27-12
notification types 27-12
overview 27-1, 27-5
troubleshooting
connectivity problems 31-12, 31-14, 31-15
detecting unidirectional links 24-1
displaying crash information 31-21
setting packet forwarding 31-19
SFP security and identification 31-12
show forward command 31-19
with CiscoWorks 27-4
with debug commands 31-18
with ping 31-13
with system message logging 26-1
with traceroute 31-15
trunk failover
See link-state tracking
trunking encapsulation 1-7
trunk ports
configuring 12-17
defined 10-3, 12-3
trunks
allowed-VLAN list 12-18
load sharing
setting STP path costs 12-22
using STP port priorities 12-20, 12-21
native VLAN for untagged traffic 12-19
parallel 12-22
pruning-eligible list 12-19
to non-DTP device 12-14
trusted boundary for QoS 29-35
trusted port states
between QoS domains 29-37
classification options 29-5
ensuring port security for IP phones 29-35
support for 1-9
within a QoS domain 29-33
trustpoints, CA 8-37
twisted-pair Ethernet, detecting unidirectional links 24-1
type of service
See ToS
U
UDLD
configuration guidelines 24-4
default configuration 24-4
disabling
globally 24-5
on fiber-optic interfaces 24-5
per interface 24-5
echoing detection mechanism 24-2
enabling
globally 24-5
per interface 24-5
link-detection mechanism 24-1
neighbor database 24-2
overview 24-1
resetting an interface 24-6
status, displaying 24-6
support for 1-5
unauthorized ports with IEEE 802.1x 9-7
unicast MAC address filtering 1-4
and adding static addresses 6-25
and broadcast MAC addresses 6-25
and CPU packets 6-25
and multicast addresses 6-25
and router MAC addresses 6-25
configuration guidelines 6-25
described 6-25
unicast storm 21-1
unicast storm control command 21-4
unicast traffic, blocking 21-7
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 26-10
facilities supported 26-11
message logging configuration 26-11
unrecognized Type-Length-Value (TLV) support 13-4
upgrading a Catalyst 2950 switch
configuration compatibility issues C-1
differences in configuration commands C-1
feature behavior incompatibilities C-5
incompatible command messages C-1
recommendations C-1
upgrading information
See release notes
upgrading software images
See downloading
UplinkFast
described 17-3
disabling 17-13
enabling 17-13
support for 1-5
uploading
configuration files
preparing B-10, B-12, B-15
reasons for B-8
using FTP B-14
using RCP B-17
using TFTP B-11
image files
preparing B-21, B-25, B-29
reasons for B-19
using FTP B-28
using RCP B-32
using TFTP B-24
user EXEC mode 2-2
username-based authentication 8-6
V
version-dependent transparent mode 13-4
virtual IP address
cluster standby group 5-11
command switch 5-11
vlan.dat file 12-4
VLAN 1, disabling on a trunk port 12-18
VLAN 1 minimization 12-18
vlan-assignment response, VMPS 12-24
VLAN configuration
at bootup 12-7
saving 12-7
VLAN configuration mode 2-2, 12-6
VLAN database
and startup configuration file 12-7
and VTP 13-1
VLAN configuration saved in 12-6
VLANs saved in 12-4
vlan database command 12-6
VLAN filtering and SPAN 23-6
vlan global configuration command 12-6
VLAN ID, discovering 6-26
VLAN management domain 13-2
VLAN Management Policy Server
See VMPS
VLAN membership
confirming 12-27
modes 12-3
VLAN Query Protocol
See VQP
VLANs
adding 12-8
adding to VLAN database 12-8
aging dynamic addresses 15-9
allowed on trunk 12-18
and spanning-tree instances 12-2, 12-6, 12-12
configuration guidelines, extended-range VLANs 12-12
configuration guidelines, normal-range VLANs 12-5
configuration options 12-6
configuring 12-1
configuring IDs 1006 to 4094 12-12
creating in config-vlan mode 12-8
creating in VLAN configuration mode 12-9
default configuration 12-7
deleting 12-9
described 10-2, 12-1
displaying 12-13
extended-range 12-1, 12-11
features 1-7
illustrated 12-2
limiting source traffic with RSPAN 23-21
limiting source traffic with SPAN 23-14
modifying 12-8
multicast 20-17
native, configuring 12-19
normal-range 12-1, 12-4
number supported 1-7
parameters 12-4
port membership modes 12-3
static-access ports 12-10
STP and IEEE 802.1Q trunks 15-10
supported 12-2
Token Ring 12-5
traffic between 12-2
VTP modes 13-3
VLAN Trunking Protocol
See VTP
VLAN trunks 12-14
VMPS
administering 12-28
configuration example 12-29
configuration guidelines 12-25
default configuration 12-25
description 12-23
dynamic port membership
described 12-24
reconfirming 12-27
troubleshooting 12-29
entering server address 12-26
mapping MAC addresses to VLANs 12-24
monitoring 12-28
reconfirmation interval, changing 12-27
reconfirming membership 12-27
retry count, changing 12-28
voice-over-IP 14-1
voice VLAN
Cisco 7960 phone, port connections 14-1
configuration guidelines 14-3
configuring IP phones for data traffic
override CoS of incoming frame 14-6
trust CoS priority of incoming frame 14-6
configuring ports for voice traffic in
802.1p priority tagged frames 14-5
802.1Q frames 14-5
connecting to an IP phone 14-4
default configuration 14-3
described 14-1
displaying 14-6
voice VLAN (continued)
IP phone data traffic, described 14-2
IP phone voice traffic, described 14-2
VQP 1-7, 12-23
VTP
adding a client to a domain 13-14
advertisements 12-16, 13-3
and extended-range VLANs 13-1
and normal-range VLANs 13-1
client mode, configuring 13-11
configuration
global configuration mode 13-7
guidelines 13-8
privileged EXEC mode 13-7
requirements 13-9
saving 13-7
VLAN configuration mode 13-7
configuration mode options 13-7
configuration requirements 13-9
configuration revision number
guideline 13-14
resetting 13-15
configuring
client mode 13-11
server mode 13-9
transparent mode 13-12
consistency checks 13-4
default configuration 13-6
described 13-1
disabling 13-12
domain names 13-8
domains 13-2
modes
client 13-3, 13-11
server 13-3, 13-9
transitions 13-3
transparent 13-3, 13-12
monitoring 13-16
passwords 13-8
VTP (continued)
pruning
disabling 13-14
enabling 13-14
examples 13-5
overview 13-4
support for 1-7
pruning-eligible list, changing 12-19
server mode, configuring 13-9
statistics 13-16
support for 1-7
Token Ring support 13-4
transparent mode, configuring 13-12
using 13-1
version, guidelines 13-8
Version 1 13-4
Version 2
configuration guidelines 13-8
disabling 13-13
enabling 13-13
overview 13-4
W
weighted tail drop
See WTD
wizards 1-2
WTD
described 29-12
setting thresholds
egress queue-sets 29-61
ingress queues 29-57
support for 1-9
X
Xmodem protocol 31-2