A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
X -
Index
A
abbreviating commands 2-4
AC (command switch) 5-9
access-class command 29-16
access control entries
See ACEs
access-denied response, VMPS 12-24
access groups, applying IPv4 ACLs to interfaces 29-17
accessing
clusters, switch 5-12
command switches 5-10
member switches 5-12
switch clusters 5-12
access lists
See ACLs
access ports
in switch clusters 5-8
access ports, defined 10-2
accounting
with 802.1x 9-29
with IEEE 802.1x 9-8
with RADIUS 8-28
with TACACS+ 8-11, 8-17
ACEs
and QoS 30-7
defined 29-2
Ethernet 29-2
IP 29-2
ACLs
ACEs 29-2
any keyword 29-9
applying
time ranges to 29-14
to an interface 29-17
to QoS 30-7
classifying traffic for QoS 30-39
comments in 29-15
compiling 29-18
defined 29-1, 29-5
examples of 29-18, 30-39
extended IP, configuring for QoS classification 30-40
extended IPv4
creating 29-8
matching criteria 29-5
hardware and software handling 29-17
host keyword 29-10
IP
creating 29-5
fragments and QoS guidelines 30-30
implicit deny 29-7, 29-11, 29-13
implicit masks 29-7
matching criteria 29-5
undefined 29-17
IPv4
applying to interfaces 29-17
creating 29-5
matching criteria 29-5
named 29-12
numbers 29-6
terminal lines, setting on 29-16
unsupported features 29-4
MAC extended 29-20, 30-41
matching 29-5, 29-17
monitoring 29-22
named, IPv4 29-12
number per QoS class map 30-30
QoS 30-7, 30-39
resequencing entries 29-12
standard IP, configuring for QoS classification 30-39
standard IPv4
creating 29-7
matching criteria 29-5
support for 1-7
support in hardware 29-17
time ranges 29-14
unsupported features, IPv4 29-4
active links 18-2
address aliasing 20-2
addresses
displaying the MAC address table 6-26
dynamic
accelerated aging 15-8
changing the aging time 6-21
default aging 15-8
defined 6-19
learning 6-20
removing 6-22
MAC, discovering 6-26
multicast, STP address management 15-8
static
adding and removing 6-24
defined 6-19
address resolution 6-26
Address Resolution Protocol
See ARP
advertisements
CDP 22-1
LLDP 23-2
VTP 12-16, 13-3
aggregated ports
See EtherChannel
aggregate policers 30-47
aggregate policing 1-8
aging, accelerating 15-8
aging time
accelerated
for MSTP 16-23
for STP 15-8, 15-21
MAC address table 6-21
maximum
for MSTP 16-23, 16-24
for STP 15-21, 15-22
alarms, RMON 26-3
allowed-VLAN list 12-18
ARP
defined 1-4, 6-26
table
address resolution 6-26
managing 6-26
attributes, RADIUS
vendor-proprietary 8-31
vendor-specific 8-29
audience xxix
authentication
local mode with AAA 8-32
NTP associations 6-4
RADIUS
key 8-21
login 8-23
TACACS+
defined 8-11
key 8-13
login 8-14
See also port-based authentication
authentication failed VLAN
See restricted VLAN
authoritative time source, described 6-2
authorization
with RADIUS 8-27
with TACACS+ 8-11, 8-16
authorized ports with IEEE 802.1x 9-7
autoconfiguration 3-3
automatic discovery
considerations
beyond a noncandidate device 5-7
brand new switches 5-8
connectivity 5-4
different VLANs 5-6
management VLANs 5-7
non-CDP-capable devices 5-6
noncluster-capable devices 5-6
in switch clusters 5-4
See also CDP
automatic QoS
See QoS
automatic recovery, clusters 5-9
See also HSRP
auto-MDIX
configuring 10-16
described 10-15
autonegotiation
duplex mode 1-3
interface configuration guidelines 10-13
mismatches 32-11
autosensing, port speed 1-3
auxiliary VLAN
See voice VLAN
availability, features 1-5
B
BackboneFast
described 17-5
disabling 17-14
enabling 17-13
support for 1-5
backup interfaces
See Flex Links
backup links 18-2
banners
configuring
login 6-19
message-of-the-day login 6-18
default configuration 6-17
when displayed 6-17
binding database
DHCP snooping
See DHCP snooping binding database
bindings
DHCP snooping database 19-5
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 21-7
booting
boot loader, function of 3-2
boot process 3-1
manually 3-13
specific image 3-14
boot loader
accessing 3-14
described 3-2
environment variables 3-14
prompt 3-14
trap-door mechanism 3-2
BPDU
error-disabled state 17-2
filtering 17-3
RSTP format 16-12
BPDU filtering
described 17-3
disabling 17-12
enabling 17-12
support for 1-6
BPDU guard
described 17-2
disabling 17-12
enabling 17-11
support for 1-6
bridge protocol data unit
See BPDU
broadcast storm-control command 21-4
broadcast storms 21-1
C
cables, monitoring for unidirectional links 25-1
candidate switch
automatic discovery 5-4
defined 5-3
requirements 5-3
See also command switch, cluster standby group, and member switch
CA trustpoint
configuring 8-40
defined 8-38
caution, described xxx
CDP
and trusted boundary 30-35
automatic discovery in switch clusters 5-4
configuring 22-2
default configuration 22-2
defined with LLDP 23-1
described 22-1
disabling for routing device22-3to 22-4
enabling and disabling
on an interface 22-4
on a switch 22-3
monitoring 22-5
overview 22-1
support for 1-4
transmission timer and holdtime, setting 22-2
updates 22-2
CGMP
as IGMP snooping learning method 20-8
joining multicast group 20-3
CipherSuites 8-39
Cisco 7960 IP Phone 14-1
Cisco Discovery Protocol
See CDP
Cisco IOS File System
See IFS
Cisco Network Assistant
See Network Assistant
CiscoWorks 2000 1-4, 28-4
CIST regional root
See MSTP
CIST root
See MSTP
class maps for QoS
configuring 30-42
described 30-7
displaying 30-69
class of service
See CoS
clearing interfaces 10-19
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-4
editing features
enabling and disabling 2-7
keystroke editing 2-8
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
managing clusters 5-13
no and default forms of commands 2-4
client mode, VTP 13-3
clock
See system clock
cluster requirements xxxi
clusters, switch
accessing 5-12
automatic discovery 5-4
automatic recovery 5-9
benefits 1-2
compatibility 5-4
described 5-1
LRE profile considerations 5-13
managing
through CLI 5-13
through SNMP 5-14
planning 5-4
planning considerations
automatic discovery 5-4
automatic recovery 5-9
CLI 5-13
host names 5-12
IP addresses 5-12
LRE profiles 5-13
passwords 5-12
RADIUS 5-13
SNMP 5-13, 5-14
TACACS+ 5-13
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
automatic recovery 5-11
considerations 5-10
defined 5-2
requirements 5-3
virtual IP address 5-10
See also HSRP
CNS 1-4
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-8
management functions 1-4
Coarse Wave Division Multiplexer
See CWDM SFPs
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 8-8
command switch
accessing 5-10
active (AC) 5-9
configuration conflicts 32-11
defined 5-2
passive (PC) 5-9
password privilege levels 5-14
priority 5-9
recovery
from command-switch failure 5-9, 32-7
from lost member connectivity 32-11
redundant 5-9
replacing
with another switch 32-9
with cluster member 32-8
requirements 5-3
standby (SC) 5-9
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
configuring 5-13, 28-8
for cluster switches 28-4
in clusters 5-13
overview 28-4
SNMP 5-13
compatibility, feature 21-11
config.text 3-12
configurable leave timer, IGMP 20-5
configuration, initial
defaults 1-9
Express Setup 1-2
See also getting started guide and hardware installation guide
configuration changes, logging 27-10
configuration conflicts, recovering from lost member connectivity 32-11
configuration examples, network 1-12
configuration files
clearing the startup configuration B-19
creating using a text editor B-10
default name 3-12
deleting a stored configuration B-19
described B-8
downloading
automatically 3-12
preparing B-10, B-13, B-16
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-11
guidelines for creating and using B-9
invalid combinations when copying B-5
limiting TFTP server access 28-16
obtaining with DHCP 3-7
password recovery disable considerations 8-5
specifying the filename 3-12
system contact and location information 28-15
types and location B-9
uploading
preparing B-10, B-13, B-16
reasons for B-8
using FTP B-14
using RCP B-18
using TFTP B-11
configuration logger 27-10
configuration logging 2-5
configuration settings, saving 3-11
configure terminal command 10-5
config-vlan mode 2-2, 12-6
conflicts, configuration 32-11
connections, secure remote 8-33
connectivity problems 32-12, 32-13, 32-15
consistency checks in VTP Version 2 13-4
console port, connecting to 2-10
conventions
command xxx
for examples xxx
publication xxx
text xxx
corrupted software, recovery steps with Xmodem 32-2
CoS
in Layer 2 frames 30-2
override priority 14-6
trust priority 14-6
CoS input queue threshold map for QoS 30-14
CoS output queue threshold map for QoS 30-17
CoS-to-DSCP map for QoS 30-50
counters, clearing interface 10-19
crashinfo file 32-21
critical authentication, IEEE 802.1x 9-33
cryptographic software image
SSH 8-33
SSL 8-37
CWDM SFPs 1-16
D
daylight saving time 6-13
debugging
enabling all system diagnostics 32-19
enabling for a specific feature 32-18
redirecting error message output 32-19
using commands 32-18
default commands 2-4
default configuration
802.1x 9-18
auto-QoS 30-19
banners 6-17
booting 3-12
CDP 22-2
DHCP 19-7
DHCP option 82 19-7
DHCP snooping 19-7
DHCP snooping binding database 19-7
DNS 6-16
EtherChannel 31-9
Ethernet interfaces 10-10
Flex Links 18-5
IGMP filtering 20-24
IGMP snooping 20-6
IGMP throttling 20-24
initial switch information 3-3
Layer 2 interfaces 10-10
LLDP 23-3
MAC address table 6-21
MAC address-table move update 18-5
MSTP 16-14
MVR 20-19
NTP 6-4
optional spanning-tree configuration 17-9
password and privilege level 8-2
RADIUS 8-20
RMON 26-3
RSPAN 24-9
SDM template 7-2
SNMP 28-7
SPAN 24-9
SSL 8-39
standard QoS 30-28
STP 15-11
system message logging 27-3
system name and prompt 6-15
TACACS+ 8-13
UDLD 25-4
VLAN, Layer 2 Ethernet interfaces 12-16
VLANs 12-7
VMPS 12-25
voice VLAN 14-3
VTP 13-6
default gateway 3-10
deleting VLANs 12-9
denial-of-service attack 21-1
description command 10-16
designing your network, examples 1-12
destination addresses
in IPv4 ACLs 29-9
destination-IP address-based forwarding, EtherChannel 31-7
destination-MAC address forwarding, EtherChannel 31-6
detecting indirect link failures, STP 17-5
device B-19
device discovery protocol 22-1, 23-1
device manager
benefits 1-2
described 1-2, 1-4
in-band management 1-5
requirements xxx
upgrading a switch B-19
DHCP
Cisco IOS server database, enabling 19-10
enabling the relay agent 19-8
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-6
relay device 3-6
server side 3-5
TFTP server 3-6
example 3-8
lease options
for IP address information 3-5
for receiving the configuration file 3-5
overview 3-3
relationship to BOOTP 3-3
relay support 1-4
support for 1-4
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 19-5
configuration guidelines 19-7
default configuration 19-7
displaying 19-11
overview 19-3
packet format, suboption
circuit ID 19-5
remote ID 19-5
remote ID suboption 19-5
DHCP snooping
accepting untrusted packets form edge switch 19-3, 19-9
binding database
See DHCP snooping binding database
configuration guidelines 19-7
default configuration 19-7
displaying binding tables 19-11
message exchange process 19-4
option 82 data insertion 19-3
trusted interface 19-2
untrusted interface 19-2
untrusted messages 19-2
DHCP snooping binding database
adding bindings 19-10
binding entries, displaying 19-11
binding file
format 19-6
location 19-5
bindings 19-5
clearing agent statistics 19-11
configuration guidelines 19-8
configuring 19-10
default configuration 19-7
deleting
binding file 19-11
bindings 19-11
database agent 19-11
described 19-5
displaying 19-11
displaying status and statistics 19-11
enabling 19-10
entry 19-5
renewing database 19-11
resetting
delay value 19-11
timeout value 19-11
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 30-2
Differentiated Services Code Point 30-2
directed unicast requests 1-4
directories
changing B-3
creating and removing B-4
displaying the working B-3
discovery, clusters
See automatic discovery
DNS
and DHCP-based autoconfiguration 3-6
default configuration 6-16
displaying the configuration 6-17
overview 6-15
setting up 6-16
support for 1-4
documentation, related xxx
document conventions xxx
domain names
DNS 6-15
VTP 13-8
Domain Name System
See DNS
downloading
configuration files
preparing B-10, B-13, B-16
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-11
image files
deleting old image B-23
preparing B-21, B-25, B-29
reasons for B-19
using CMS 1-2
using FTP B-26
using HTTP 1-2, B-19
image files (continued)
using RCP B-30
using TFTP B-22
using the device manager or Network Assistant B-19
DSCP 1-8, 30-2
DSCP input queue threshold map for QoS 30-14
DSCP output queue threshold map for QoS 30-17
DSCP-to-CoS map for QoS 30-53
DSCP-to-DSCP-mutation map for QoS 30-54
DSCP transparency 30-36
DTP 1-6, 12-14
dual-purpose uplinks
defined 10-4
LEDs 10-4
link selection 10-4
setting the type 10-11
dynamic access ports
characteristics 12-3
configuring 12-26
defined 10-3
dynamic addresses
See addresses
dynamic auto trunking mode 12-15
dynamic desirable trunking mode 12-15
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 12-24
reconfirming 12-27
troubleshooting 12-29
types of connections 12-26
Dynamic Trunking Protocol
See DTP
E
editing features
enabling and disabling 2-7
keystrokes used 2-8
wrapped lines 2-9
enable password 8-3
enable secret password 8-3
encryption, CipherSuite 8-39
encryption for passwords 8-3
environment variables, function of 3-15
error-disabled state, BPDU 17-2
error messages during command entry 2-5
EtherChannel
automatic creation of 31-4, 31-5
channel groups
binding physical and logical interfaces 31-3
numbering of 31-3
configuration guidelines 31-9
configuring Layer 2 interfaces 31-10
default configuration 31-9
described 31-2
displaying status 31-16
forwarding methods 31-6, 31-12
IEEE 802.3ad, described 31-5
interaction
with STP 31-9
with VLANs 31-10
LACP
described 31-5
displaying status 31-16
hot-standby ports 31-14
interaction with other features 31-6
modes 31-5
port priority 31-15
system priority 31-15
load balancing 31-6, 31-12
PAgP
aggregate-port learners 31-13
compatibility with Catalyst 1900 31-13
described 31-4
displaying status 31-16
interaction with other features 31-5
learn method and priority configuration 31-13
modes 31-4
support for 1-3
port-channel interfaces
described 31-3
numbering of 31-3
port groups 10-3
support for 1-3
EtherChannel guard
described 17-7
disabling 17-14
enabling 17-14
Ethernet VLANs
adding 12-8
defaults and ranges 12-7
modifying 12-8
events, RMON 26-3
examples
conventions for xxx
network configuration 1-12
expedite queue for QoS 30-67
Express Setup 1-2
See also getting started guide
extended crashinfo file 32-21
extended-range VLANs
configuration guidelines 12-12
configuring 12-11
creating 12-12
defined 12-1
extended system ID
MSTP 16-17
STP 15-4, 15-14
Extensible Authentication Protocol over LAN 9-1
F
fa0 interface 1-5
features, incompatible 21-11
fiber-optic, detecting unidirectional links 25-1
files
basic crashinfo
description 32-21
location 32-21
copying B-4
crashinfo, description 32-21
deleting B-5
displaying the contents of B-8
extended crashinfo
description 32-21
location 32-22
tar
creating B-6
displaying the contents of B-6
extracting B-7
image file format B-20
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-4
setting the default B-3
filtering
non-IP traffic 29-20
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
See ACLs, IP
flash device, number of B-1
Flex Links
configuration guidelines 18-5
configuring 18-5, 18-6
configuring preferred VLAN 18-8
configuring VLAN load balancing 18-7
default configuration 18-5
description 18-1
link load balancing 18-2
monitoring 18-11
VLANs 18-2
flooded traffic, blocking 21-7
flow-based packet classification 1-8
flowcharts
QoS classification 30-6
QoS egress queueing and scheduling 30-15
QoS ingress queueing and scheduling 30-13
QoS policing and marking 30-10
flowcontrol
configuring 10-15
described 10-14
forward-delay time
MSTP 16-23
STP 15-21
FTP
accessing MIB files A-3
configuration files
downloading B-13
overview B-12
preparing the server B-13
uploading B-14
image files
deleting old image B-27
downloading B-26
preparing the server B-25
uploading B-28
G
get-bulk-request operation 28-3
get-next-request operation 28-3, 28-5
get-request operation 28-3, 28-5
get-response operation 28-3
global configuration mode 2-2
global leave, IGMP 20-12
guest VLAN and 802.1x 9-11
guide
audience xxix
purpose of xxix
guide mode 1-2
GUIs
See device manager and Network Assistant
H
hello time
MSTP 16-22
STP 15-20
help, for the command line 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 27-9
host names, in clusters 5-12
hosts, limit on dynamic ports 12-29
HP OpenView 1-4
HSRP
automatic cluster recovery 5-11
cluster standby group considerations 5-10
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
see HTTPS
HTTPS 8-37
configuring 8-41
self-signed certificate 8-38
HTTP secure server 8-37
I
ICMP
time-exceeded messages 32-15
traceroute and 32-15
ICMP ping
executing 32-13
overview 32-12
IDS appliances
and ingress RSPAN 24-20
and ingress SPAN 24-13
IEEE 802.1D
See STP
IEEE 802.1p 14-1
IEEE 802.1Q
and trunk ports 10-3
configuration limitations 12-15
encapsulation 12-14
native VLAN for untagged traffic 12-19
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3x flow control 10-14
ifIndex values, SNMP 28-6
IFS 1-5
IGMP
configurable leave timer
described 20-5
enabling 20-10
flooded multicast traffic
controlling the length of time 20-11
disabling on an interface 20-12
global leave 20-12
query solicitation 20-12
recovering from flood mode 20-12
joining multicast group 20-3
join messages 20-3
leave processing, enabling 20-10
leaving multicast group 20-5
queries 20-4
report suppression
described 20-6
disabling 20-15
supported versions 20-2
support for 1-3
IGMP filtering
configuring 20-24
default configuration 20-24
described 20-23
monitoring 20-28
support for 1-3
IGMP groups
configuring filtering 20-26
setting the maximum number 20-26
IGMP Immediate Leave
configuration guidelines 20-10
described 20-5
enabling 20-10
IGMP profile
applying 20-25
configuration mode 20-24
configuring 20-24
IGMP snooping
and address aliasing 20-2
configuring 20-6
default configuration 20-6
definition 20-1
enabling and disabling 20-7
global configuration 20-7
Immediate Leave 20-5
method 20-8
monitoring 20-15
querier
configuration guidelines 20-13
configuring 20-13
supported versions 20-2
support for 1-3
VLAN configuration 20-7
IGMP throttling
configuring 20-26
default configuration 20-24
described 20-23
displaying action 20-28
Immediate Leave, IGMP 20-5
inaccessible authentication bypass 9-12
initial configuration
defaults 1-9
Express Setup 1-2
See also getting started guide and hardware installation guide
interface
number 10-5
range macros 10-8
interface command 10-5
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 10-15
configuration guidelines, duplex and speed 10-12
configuring
procedure 10-5
counters, clearing 10-19
default configuration 10-10
described 10-16
descriptive name, adding 10-16
displaying information about 10-18
flow control 10-14
management 1-4
monitoring 10-18
naming 10-16
physical, identifying 10-5
range of 10-6
restarting 10-19
shutting down 10-19
speed and duplex, configuring 10-13
status 10-18
supported 10-5
types of 10-1
interfaces range macro command 10-8
interface types 10-5
Intrusion Detection System
See IDS appliances
IP ACLs
for QoS classification 30-7
implicit deny 29-7, 29-11
implicit masks 29-7
named 29-12
undefined 29-17
IP addresses
candidate or member 5-3, 5-12
cluster access 5-2
command switch 5-3, 5-10, 5-12
discovering 6-26
redundant clusters 5-10
standby command switch 5-10, 5-12
See also IP information
ip igmp profile command 20-24
IP information
assigned
manually 3-10
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP phones
and QoS 14-1
automatic classification and queueing 30-18
configuring 14-4
ensuring port security with QoS 30-34
trusted boundary for QoS 30-34
IP precedence 30-2
IP-precedence-to-DSCP map for QoS 30-51
IP protocols in ACLs 29-9
IP traceroute
executing 32-16
overview 32-15
IPv4 ACLs
applying to interfaces 29-17
extended, creating 29-8
named 29-12
standard, creating 29-7
J
join messages, IGMP 20-3
L
LACP
See EtherChannel
Layer 2 frames, classification with CoS 30-2
Layer 2 interfaces, default configuration 10-10
Layer 2 traceroute
and ARP 32-14
and CDP 32-14
broadcast traffic 32-14
described 32-14
IP addresses and subnets 32-14
MAC addresses and VLANs 32-14
multicast traffic 32-14
multiple devices on a port 32-15
unicast traffic 32-14
usage guidelines 32-14
Layer 3 packets, classification methods 30-2
LDAP 4-2
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-3
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 16-8
Link Layer Discovery Protocol
See CDP
link redundancy
See Flex Links
links, unidirectional 25-1
link-state tracking
configuring 31-19
described 31-17
LLDP
configuring 23-3
characteristics 23-3
default configuration 23-3
disabling and enabling
globally 23-4
on an interface 23-5
monitoring and maintaining 23-7
overview 23-1
supported TLVs 23-2
switch stack considerations 23-2
transmission timer and holdtime, setting 23-3
LLDP-MED
configuring
procedures 23-3
TLVs 23-6
monitoring and maintaining 23-7
overview 23-1, 23-2
supported TLVs 23-2
LLDP Media Endpoint Discovery
See LLDP-MED
local SPAN 24-2
login authentication
with RADIUS 8-23
with TACACS+ 8-14
login banners 6-17
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-13
loop guard
described 17-9
enabling 17-15
support for 1-6
LRE profiles, considerations in switch clusters 5-13
M
MAC addresses
aging time 6-21
and VLAN association 6-20
building the address table 6-20
default configuration 6-21
discovering 6-26
displaying 6-26
dynamic
learning 6-20
removing 6-22
in ACLs 29-20
static
adding 6-24
allowing 6-25
characteristics of 6-24
dropping 6-25
removing 6-24
MAC address notification, support for 1-9
MAC address-table move update
configuration guidelines 18-5
configuring 18-9
default configuration 18-5
description 18-3
monitoring 18-11
MAC address-to-VLAN mapping 12-24
MAC extended access lists
applying to Layer 2 interfaces 29-21
configuring for QoS 30-41
creating 29-20
defined 29-20
for QoS classification 30-5
macros
See Smartports macros
magic packet 9-15
manageability features 1-4
management access
in-band
browser session 1-5
CLI session 1-5
device manager 1-5
SNMP 1-5
out-of-band console port connection 1-5
management options
CLI 2-1
clustering 1-2
CNS 4-1
Network Assistant 1-2
overview 1-4
management VLAN
considerations in switch clusters 5-7
discovery through different management VLANs 5-7
mapping tables for QoS
configuring
CoS-to-DSCP 30-50
DSCP 30-50
DSCP-to-CoS 30-53
DSCP-to-DSCP-mutation 30-54
IP-precedence-to-DSCP 30-51
policed-DSCP 30-52
described 30-10
marking
action in policy map 30-44
action with aggregate policers 30-47
described 30-4, 30-8
matching, IPv4 ACLs 29-5
maximum aging time
MSTP 16-23
STP 15-21
maximum hop count, MSTP 16-24
membership mode, VLAN port 12-3
member switch
automatic discovery 5-4
defined 5-2
managing 5-13
passwords 5-12
recovering from lost connectivity 32-11
requirements 5-3
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 6-17
MIBs
accessing files with FTP A-3
location of files A-3
overview 28-1
SNMP interaction with 28-4
supported A-1
mirroring traffic for analysis 24-1
mismatches, autonegotiation 32-11
module number 10-5
monitoring
access groups 29-22
cables for unidirectional links 25-1
CDP 22-5
features 1-9
Flex Links 18-11
IGMP
filters 20-28
snooping 20-15
interfaces 10-18
IPv4 ACL configuration 29-22
MAC address-table move update 18-11
multicast router interfaces 20-16
MVR 20-22
network traffic for analysis with probe 24-2
port
blocking 21-19
protection 21-19
SFP status 10-19, 32-12
speed and duplex mode 10-13
traffic flowing among switches 26-1
traffic suppression 21-19
VLANs 12-13
VMPS 12-28
VTP 13-16
MSTP
boundary ports
configuration guidelines 16-15
described 16-6
BPDU filtering
described 17-3
enabling 17-12
BPDU guard
described 17-2
enabling 17-11
CIST, described 16-3
CIST regional root 16-3
CIST root 16-5
configuration guidelines 16-15, 17-10
configuring
forward-delay time 16-23
hello time 16-22
link type for rapid convergence 16-24
maximum aging time 16-23
maximum hop count 16-24
MST region 16-16
neighbor type 16-25
path cost 16-20
port priority 16-19
root switch 16-17
secondary root switch 16-18
switch priority 16-21
CST
defined 16-3
operations between regions 16-4
default configuration 16-14
default optional feature configuration 17-9
displaying status 16-26
enabling the mode 16-16
EtherChannel guard
described 17-7
enabling 17-14
extended system ID
effects on root switch 16-17
effects on secondary root switch 16-18
unexpected behavior 16-17
IEEE 802.1s
implementation 16-6
port role naming change 16-7
terminology 16-5
instances supported 15-9
interface state, blocking to forwarding 17-2
interoperability and compatibility among modes 15-10
interoperability with IEEE 802.1D
described 16-8
restarting migration process 16-25
IST
defined 16-3
master 16-3
operations within a region 16-3
loop guard
described 17-9
enabling 17-15
mapping VLANs to MST instance 16-16
MST region
CIST 16-3
configuring 16-16
described 16-2
hop-count mechanism 16-5
IST 16-3
supported spanning-tree instances 16-2
optional features supported 1-6
overview 16-2
Port Fast
described 17-2
enabling 17-10
preventing root switch selection 17-8
root guard
described 17-8
enabling 17-15
root switch
configuring 16-17
effects of extended system ID 16-17
unexpected behavior 16-17
shutdown Port Fast-enabled port 17-2
status, displaying 16-26
multicast groups
Immediate Leave 20-5
joining 20-3
leaving 20-5
static joins 20-9
multicast router interfaces, monitoring 20-16
multicast router ports, adding 20-9
multicast storm 21-1
multicast storm-control command 21-4
multicast television application 20-17
multicast VLAN 20-16
Multicast VLAN Registration
See MVR
MVR
and address aliasing 20-20
and IGMPv3 20-20
configuration guidelines 20-19
configuring interfaces 20-21
default configuration 20-19
described 20-16
example application 20-17
modes 20-20
monitoring 20-22
multicast television application 20-17
setting global parameters 20-20
support for 1-3
N
NAC
critical authentication 9-12, 9-33
IEEE 802.1x authentication using a RADIUS server 9-38
IEEE 802.1x validation using RADIUS server 9-38
inaccessible authentication bypass 9-33
Layer 2 IEEE 802.1x validation 1-7, 9-38
Layer 2 IEEE802.1x validation 9-16
named IPv4 ACLs 29-12
NameSpace Mapper
See NSM
native VLAN
configuring 12-19
default 12-19
Network Admission Control
See NAC
Network Assistant
benefits 1-2
described 1-4
downloading image files 1-2
guide mode 1-2
management options 1-2
requirements xxx
upgrading a switch B-19
wizards 1-2
network configuration examples
increasing network performance 1-12
long-distance, high-bandwidth transport 1-16
providing network services 1-13
server aggregation and Linux server cluster 1-14
small to medium-sized network 1-15
network design
performance 1-12
services 1-13
network management
CDP 22-1
RMON 26-1
SNMP 28-1
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
configuring 30-44
described 30-9
non-IP traffic filtering 29-20
nontrunking mode 12-15
normal-range VLANs 12-4
configuration guidelines 12-5
configuration modes 12-6
configuring 12-4
defined 12-1
note, described xxx
NSM 4-3
NTP
associations
authenticating 6-4
defined 6-2
enabling broadcast messages 6-6
peer 6-5
server 6-5
default configuration 6-4
displaying the configuration 6-11
overview 6-2
restricting access
creating an access group 6-8
disabling NTP services per interface 6-10
source IP address, configuring 6-10
stratum 6-2
support for 1-5
synchronizing devices 6-5
time
services 6-2
synchronizing 6-2
O
optimizing system resources 7-1
options, management 1-4
out-of-profile markdown 1-8
P
packet modification, with QoS 30-17
PAgP
See EtherChannel
passwords
default configuration 8-2
disabling recovery of 8-5
encrypting 8-3
for security 1-7
in clusters 5-12
overview 8-1
recovery of 32-3
setting
enable 8-3
enable secret 8-3
Telnet 8-6
with usernames 8-6
VTP domain 13-8
path cost
MSTP 16-20
STP 15-18
PC (passive command switch) 5-9
performance, network design 1-12
performance features 1-3
persistent self-signed certificate 8-38
per-VLAN spanning-tree plus
See PVST+
physical ports 10-2
PIM-DVMRP, as snooping method 20-8
ping
character output description 32-13
executing 32-13
overview 32-12
policed-DSCP map for QoS 30-52
policers
configuring
for each matched traffic class 30-44
for more than one traffic class 30-47
described 30-4
displaying 30-69
number of 30-30
types of 30-9
policing
described 30-4
token-bucket algorithm 30-9
policy maps for QoS
characteristics of 30-44
described 30-7
displaying 30-69
nonhierarchical on physical ports
configuring 30-44
described 30-9
port ACLs, described 29-2
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 9-8
authentication server
defined 9-2
RADIUS server 9-2
client, defined 9-2
configuration guidelines 9-20
configuring
802.1x authentication 9-22
guest VLAN 9-31
host mode 9-25
inaccessible authentication bypass 9-33
manual re-authentication of a client 9-26
periodic re-authentication 9-26
quiet period 9-27
RADIUS server 9-24
RADIUS server parameters on the switch 9-23
restricted VLAN 9-32
switch-to-client frame-retransmission number 9-28, 9-29
switch-to-client retransmission time 9-27
default configuration 9-18
described 9-1
device roles 9-2
displaying statistics 9-42
EAPOL-start frame 9-5
EAP-request/identity frame 9-5
EAP-response/identity frame 9-5
encapsulation 9-3
guest VLAN
configuration guidelines 9-11, 9-12
described 9-11
host mode 9-7
inaccessible authentication bypass
configuring 9-33
described 9-12
guidelines 9-21
initiation and message exchange 9-5
magic packet 9-15
method lists 9-22
multiple-hosts mode, described 9-8
ports
authorization state and dot1x port-control command 9-7
authorized and unauthorized 9-7
critical 9-12
voice VLAN 9-13
port security
and voice VLAN 9-15
described 9-14
interactions 9-14
multiple-hosts mode 9-8
resetting to default values 9-42
statistics, displaying 9-42
switch
as proxy 9-3
RADIUS client 9-3
upgrading from a previous release 9-22
VLAN assignment
AAA authorization 9-22
characteristics 9-10
configuration tasks 9-10
described 9-10
voice VLAN
described 9-13
PVID 9-13
VVID 9-13
wake-on-LAN, described 9-15
port blocking 1-3, 21-7
port-channel
See EtherChannel
Port Fast
described 17-2
enabling 17-10
mode, spanning tree 12-25
support for 1-6
port membership modes, VLAN 12-3
port priority
MSTP 16-19
STP 15-16
ports
access 10-2
blocking 21-7
dual-purpose uplink 10-4
dynamic access 12-3
protected 21-5
secure 21-8
static-access 12-3, 12-10
switch 10-2
trunks 12-3, 12-14
VLAN assignments 12-10
port security
aging 21-16
and private VLANs 21-18
and QoS trusted boundary 30-34
configuring 21-11
default configuration 21-10
described 21-8
displaying 21-19
enabling 21-18
on trunk ports 21-13
sticky learning 21-9
violations 21-9
with other features 21-10
port-shutdown response, VMPS 12-24
preemption, default configuration 18-5
preemption delay, default configuration 18-5
preferential treatment of traffic
See QoS
preventing unauthorized access 8-1
primary links 18-2
priority
overriding CoS 14-6
trusting CoS 14-6
private VLAN edge ports
See protected ports
privileged EXEC mode 2-2
privilege levels
changing the default for lines 8-9
command switch 5-14
exiting 8-9
logging into 8-9
mapping on member switches 5-14
overview 8-2, 8-7
setting a command with 8-8
protected ports 1-7, 21-5
pruning, VTP
disabling
in VTP domain 13-14
on a port 12-19
enabling
in VTP domain 13-14
on a port 12-19
examples 13-5
overview 13-4
pruning-eligible list
changing 12-19
for VTP pruning 13-4
VLANs 13-14
PVST+
described 15-9
IEEE 802.1Q trunking interoperability 15-10
instances supported 15-9
Q
QoS
and MQC commands 30-1
auto-QoS
categorizing traffic 30-19
configuration and defaults display 30-27
configuration guidelines 30-23
described 30-18
disabling 30-24
displaying generated commands 30-24
displaying the initial configuration 30-27
effects on running configuration 30-23
egress queue defaults 30-19
enabling for VoIP 30-24
example configuration 30-25
ingress queue defaults 30-19
list of generated commands 30-20
basic model 30-4
classification
class maps, described 30-7
defined 30-4
DSCP transparency, described 30-36
flowchart 30-6
forwarding treatment 30-3
in frames and packets 30-3
IP ACLs, described 30-5, 30-7
MAC ACLs, described 30-5, 30-7
options for IP traffic 30-5
options for non-IP traffic 30-5
policy maps, described 30-7
trust DSCP, described 30-5
trusted CoS, described 30-5
trust IP precedence, described 30-5
class maps
configuring 30-42
displaying 30-69
configuration guidelines
auto-QoS 30-23
standard QoS 30-30
configuring
aggregate policers 30-47
auto-QoS 30-18
default port CoS value 30-34
DSCP maps 30-50
DSCP transparency 30-36
DSCP trust states bordering another domain 30-36
egress queue characteristics 30-60
ingress queue characteristics 30-56
IP extended ACLs 30-40
IP standard ACLs 30-39
MAC ACLs 30-41
policy maps on physical ports 30-44
port trust states within the domain 30-32
trusted boundary 30-34
default auto configuration 30-19
default standard configuration 30-28
displaying statistics 30-69
DSCP transparency 30-36
egress queues
allocating buffer space 30-61
buffer allocation scheme, described 30-16
configuring shaped weights for SRR 30-65
configuring shared weights for SRR 30-66
described 30-4
displaying the threshold map 30-64
flowchart 30-15
mapping DSCP or CoS values 30-63
scheduling, described 30-4
setting WTD thresholds 30-61
WTD, described 30-17
enabling globally 30-31
flowcharts
classification 30-6
egress queueing and scheduling 30-15
ingress queueing and scheduling 30-13
policing and marking 30-10
implicit deny 30-7
ingress queues
allocating bandwidth 30-58
allocating buffer space 30-58
buffer and bandwidth allocation, described 30-14
configuring shared weights for SRR 30-58
configuring the priority queue 30-59
described 30-4
displaying the threshold map 30-57
flowchart 30-13
mapping DSCP or CoS values 30-57
priority queue, described 30-14
scheduling, described 30-4
setting WTD thresholds 30-57
WTD, described 30-14
IP phones
automatic classification and queueing 30-18
detection and trusted settings 30-18, 30-34
limiting bandwidth on egress interface 30-67
mapping tables
CoS-to-DSCP 30-50
displaying 30-69
DSCP-to-CoS 30-53
DSCP-to-DSCP-mutation 30-54
IP-precedence-to-DSCP 30-51
policed-DSCP 30-52
types of 30-10
marked-down actions 30-46
marking, described 30-4, 30-8
overview 30-1
packet modification 30-17
policers
configuring 30-46, 30-48
described 30-8
displaying 30-69
number of 30-30
types of 30-9
policies, attaching to an interface 30-8
policing
described 30-4, 30-8
token bucket algorithm 30-9
policy maps
characteristics of 30-44
displaying 30-69
nonhierarchical on physical ports 30-44
QoS label, defined 30-4
queues
configuring egress characteristics 30-60
configuring ingress characteristics 30-56
high priority (expedite) 30-17, 30-67
location of 30-11
SRR, described 30-12
WTD, described 30-11
rewrites 30-17
support for 1-8
trust states
bordering another domain 30-36
described 30-5
trusted device 30-34
within the domain 30-32
quality of service
See QoS
queries, IGMP 20-4
query solicitation, IGMP 20-12
R
RADIUS
attributes
vendor-proprietary 8-31
vendor-specific 8-29
configuring
accounting 8-28
authentication 8-23
authorization 8-27
communication, global 8-21, 8-29
communication, per-server 8-20, 8-21
multiple UDP ports 8-21
default configuration 8-20
defining AAA server groups 8-25
displaying the configuration 8-31
identifying the server 8-20
in clusters 5-13
limiting the services to the user 8-27
method list, defined 8-20
operation of 8-19
overview 8-18
suggested network environments 8-18
support for 1-8
tracking services accessed by user 8-28
range
macro 10-8
of interfaces 10-6
rapid convergence 16-10
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 15-9
IEEE 802.1Q trunking interoperability 15-10
instances supported 15-9
Rapid Spanning Tree Protocol
See RSTP
rcommand command 5-13
RCP
configuration files
downloading B-17
overview B-15
preparing the server B-16
uploading B-18
image files
deleting old image B-32
downloading B-30
preparing the server B-29
uploading B-32
reconfirmation interval, VMPS, changing 12-27
reconfirming dynamic VLAN membership 12-27
recovery procedures 32-1
redundancy
EtherChannel 31-3
STP
backbone 15-8
path cost 12-22
port priority 12-20
redundant links and UplinkFast 17-13
reloading software 3-16
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 24-2
report suppression, IGMP
described 20-6
disabling 20-15
requirements
cluster xxxi
device manager xxx
Network Assistant xxx
resequencing ACL entries 29-12
resetting a UDLD-shutdown interface 25-6
restricted VLAN
configuring 9-32
described 9-11
using with IEEE 802.1x 9-11
restricting access
NTP services 6-8
overview 8-1
passwords and privilege levels 8-2
RADIUS 8-18
TACACS+ 8-10
retry count, VMPS, changing 12-28
RFC
1112, IP multicast and IGMP 20-2
1157, SNMPv1 28-2
1305, NTP 6-2
1757, RMON 26-2
1901, SNMPv2C 28-2
1902 to 1907, SNMPv2 28-2
2236, IP multicast and IGMP 20-2
2273-2275, SNMPv3 28-2
RMON
default configuration 26-3
displaying status 26-6
enabling alarms and events 26-3
groups supported 26-2
overview 26-1
statistics
collecting group Ethernet 26-5
collecting group history 26-5
support for 1-9
root guard
described 17-8
enabling 17-15
support for 1-6
root switch
MSTP 16-17
STP 15-14
RSPAN
characteristics 24-7
configuration guidelines 24-16
default configuration 24-9
defined 24-2
destination ports 24-6
displaying status 24-22
interaction with other features 24-8
monitored ports 24-5
monitoring ports 24-6
overview 1-9, 24-1
received traffic 24-4
sessions
creating 24-16
defined 24-3
limiting source traffic to specific VLANs 24-21
specifying monitored ports 24-16
with ingress traffic enabled 24-20
source ports 24-5
transmitted traffic 24-5
VLAN-based 24-6
RSTP
active topology 16-9
BPDU
format 16-12
processing 16-13
designated port, defined 16-9
designated switch, defined 16-9
interoperability with IEEE 802.1D
described 16-8
restarting migration process 16-25
topology changes 16-13
overview 16-8
port roles
described 16-9
synchronized 16-11
proposal-agreement handshake process 16-10
rapid convergence
described 16-10
edge ports and Port Fast 16-10
point-to-point links 16-10, 16-24
root ports 16-10
root port, defined 16-9
See also MSTP
running configuration, saving 3-11
S
SC (standby command switch) 5-9
scheduled reloads 3-16
SDM
described 7-1
templates
configuring 7-2
number of 7-1
SDM template
configuration guidelines 7-2
configuring 7-2
types of 7-1
secure HTTP client
configuring 8-42
displaying 8-43
secure HTTP server
configuring 8-41
displaying 8-43
secure MAC addresses
deleting 21-15
maximum number of 21-9
types of 21-8
secure ports, configuring 21-8
secure remote connections 8-33
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 21-8
security features 1-7
sequence numbers in log messages 27-7
server mode, VTP 13-3
service-provider network, MSTP and RSTP 16-1
set-request operation 28-5
setup program
failed command switch replacement 32-9
replacing failed command switch 32-8
severity levels, defining in system messages 27-8
SFPs
monitoring status of 10-19, 32-12
security and identification 32-11
status, displaying 32-12
shaped round robin
See SRR
show access-lists hw-summary command 29-17
show and more command output, filtering 2-10
show cdp traffic command 22-5
show cluster members command 5-13
show configuration command 10-16
show forward command 32-19
show interfaces command 10-13, 10-16
show lldp traffic command 23-7
show platform forward command 32-19
show running-config command
displaying ACLs 29-16, 29-17
interface description in 10-16
shutdown command on interfaces 10-19
Simple Network Management Protocol
See SNMP
Smartports macros
applying Cisco-default macros 11-6
applying global parameter values 11-5, 11-6
applying macros 11-5
applying parameter values 11-5, 11-7
configuration guidelines 11-3
creating 11-4
default configuration 11-2
defined 11-1
displaying 11-8
tracing 11-3
website 11-2
SNAP 22-1
SNMP
accessing MIB variables with 28-4
agent
described 28-4
disabling 28-8
authentication level 28-11
community strings
configuring 28-8
for cluster switches 28-4
overview 28-4
configuration examples 28-16
default configuration 28-7
engine ID 28-7
groups 28-7, 28-10
host 28-7
ifIndex values 28-6
in-band management 1-5
in clusters 5-13
informs
and trap keyword 28-12
described 28-5
differences from traps 28-5
disabling 28-15
enabling 28-15
limiting access by TFTP servers 28-16
limiting system log messages to NMS 27-9
manager functions 1-4, 28-3
managing clusters with 5-14
MIBs
location of A-3
supported A-1
notifications 28-5
overview 28-1, 28-4
security levels 28-3
status, displaying 28-17
system contact and location 28-15
trap manager, configuring 28-14
traps
described 28-3, 28-5
differences from informs 28-5
disabling 28-15
enabling 28-12
enabling MAC address notification 6-22
overview 28-1, 28-5
types of 28-12
users 28-7, 28-10
versions supported 28-2
SNMPv1 28-2
SNMPv2C 28-2
SNMPv3 28-2
snooping, IGMP 20-1
software images
location in flash B-20
recovery procedures 32-2
scheduling reloads 3-16
tar file format, described B-20
See also downloading and uploading
source addresses
in IPv4 ACLs 29-9
source-and-destination-IP address based forwarding, EtherChannel 31-7
source-and-destination MAC address forwarding, EtherChannel 31-6
source-IP address based forwarding, EtherChannel 31-7
source-MAC address forwarding, EtherChannel 31-6
SPAN
configuration guidelines 24-10
default configuration 24-9
destination ports 24-6
displaying status 24-22
interaction with other features 24-8
monitored ports 24-5
monitoring ports 24-6
overview 1-9, 24-1
ports, restrictions 21-11
received traffic 24-4
sessions
configuring ingress forwarding 24-14, 24-21
creating 24-10
defined 24-3
limiting source traffic to specific VLANs 24-14
removing destination (monitoring) ports 24-12
specifying monitored ports 24-10
with ingress traffic enabled 24-13
source ports 24-5
transmitted traffic 24-5
VLAN-based 24-6
spanning tree and native VLANs 12-15
Spanning Tree Protocol
See STP
SPAN traffic 24-4
SRR
configuring
shaped weights on egress queues 30-65
shared weights on egress queues 30-66
shared weights on ingress queues 30-58
described 30-12
shaped mode 30-12
shared mode 30-12
support for 1-8, 1-9
SSH
configuring 8-34
cryptographic software image 8-33
described 1-5, 8-33
encryption methods 8-34
user authentication methods, supported 8-34
SSL
configuration guidelines 8-40
configuring a secure HTTP client 8-42
configuring a secure HTTP server 8-41
cryptographic software image 8-37
described 8-37
monitoring 8-43
standby command switch
configuring
considerations 5-10
defined 5-2
priority 5-9
requirements 5-3
virtual IP address 5-10
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby links 18-2
startup configuration
booting
manually 3-13
specific image 3-14
clearing B-19
configuration file
automatically downloading 3-12
specifying the filename 3-12
default boot configuration 3-12
static access ports
assigning to VLAN 12-10
defined 10-3, 12-3
static addresses
See addresses
static MAC addressing 1-7
static VLAN membership 12-2
statistics
802.1x 9-42
CDP 22-5
interface 10-18
LLDP 23-7
LLDP-MED 23-7
QoS ingress and egress 30-69
RMON group Ethernet 26-5
RMON group history 26-5
SNMP input and output 28-17
VTP 13-16
sticky learning 21-9
storm control
configuring 21-3
described 21-1
disabling 21-5
displaying 21-19
support for 1-3
thresholds 21-1
STP
accelerating root port selection 17-4
BackboneFast
described 17-5
disabling 17-14
enabling 17-13
BPDU filtering
described 17-3
disabling 17-12
enabling 17-12
BPDU guard
described 17-2
disabling 17-12
enabling 17-11
BPDU message exchange 15-3
configuration guidelines 15-12, 17-10
configuring
forward-delay time 15-21
hello time 15-20
maximum aging time 15-21
path cost 15-18
port priority 15-16
root switch 15-14
secondary root switch 15-16
spanning-tree mode 15-13
switch priority 15-19
transmit hold-count 15-22
counters, clearing 15-22
default configuration 15-11
default optional feature configuration 17-9
designated port, defined 15-3
designated switch, defined 15-3
detecting indirect link failures 17-5
disabling 15-14
displaying status 15-22
EtherChannel guard
described 17-7
disabling 17-14
enabling 17-14
extended system ID
effects on root switch 15-14
effects on the secondary root switch 15-16
overview 15-4
unexpected behavior 15-14
features supported 1-5
IEEE 802.1D and bridge ID 15-4
IEEE 802.1D and multicast addresses 15-8
IEEE 802.1t and VLAN identifier 15-4
inferior BPDU 15-3
instances supported 15-9
interface state, blocking to forwarding 17-2
interface states
blocking 15-6
disabled 15-7
forwarding 15-5, 15-6
learning 15-6
listening 15-6
overview 15-4
interoperability and compatibility among modes 15-10
limitations with IEEE 802.1Q trunks 15-10
load sharing
overview 12-20
using path costs 12-22
using port priorities 12-20
loop guard
described 17-9
enabling 17-15
modes supported 15-9
multicast addresses, effect of 15-8
optional features supported 1-6
overview 15-2
path costs 12-22
Port Fast
described 17-2
enabling 17-10
port priorities 12-21
preventing root switch selection 17-8
protocols supported 15-9
redundant connectivity 15-8
root guard
described 17-8
enabling 17-15
root port, defined 15-3
root switch
configuring 15-14
effects of extended system ID 15-4, 15-14
election 15-3
unexpected behavior 15-14
shutdown Port Fast-enabled port 17-2
status, displaying 15-22
superior BPDU 15-3
timers, described 15-20
UplinkFast
described 17-3
enabling 17-13
stratum, NTP 6-2
success response, VMPS 12-24
summer time 6-13
SunNet Manager 1-4
switch clustering technology 5-1
See also clusters, switch
switch console port 1-5
Switch Database Management
See SDM
Switched Port Analyzer
See SPAN
switched ports 10-2
switchport block multicast command 21-7
switchport block unicast command 21-7
switchport protected command 21-6
switch priority
MSTP 16-21
STP 15-19
switch software features 1-1
syslog
See system message logging
system clock
configuring
daylight saving time 6-13
manually 6-11
summer time 6-13
time zones 6-12
displaying the time and date 6-12
overview 6-1
See also NTP
system message logging
default configuration 27-3
defining error message severity levels 27-8
disabling 27-4
displaying the configuration 27-13
enabling 27-4
facility keywords, described 27-13
level keywords, described 27-9
limiting messages 27-9
message format 27-2
overview 27-1
sequence numbers, enabling and disabling 27-7
setting the display destination device 27-4
synchronizing log messages 27-5
syslog facility 1-9
time stamps, enabling and disabling 27-7
UNIX syslog servers
configuring the daemon 27-11
configuring the logging facility 27-12
facilities supported 27-13
system name
default configuration 6-15
default setting 6-15
manual configuration 6-15
See also DNS
system prompt, default setting 6-14, 6-15
system resources, optimizing 7-1
T
TACACS+
accounting, defined 8-11
authentication, defined 8-11
authorization, defined 8-11
configuring
accounting 8-17
authentication key 8-13
authorization 8-16
login authentication 8-14
default configuration 8-13
displaying the configuration 8-17
identifying the server 8-13
in clusters 5-13
limiting the services to the user 8-16
operation of 8-12
overview 8-10
support for 1-7
tracking services accessed by user 8-17
tar files
creating B-6
displaying the contents of B-6
extracting B-7
image file format B-20
TDR 1-9
Telnet
accessing management interfaces 2-10
number of connections 1-5
setting a password 8-6
templates, SDM 7-1
temporary self-signed certificate 8-38
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 8-6
TFTP
configuration files
downloading B-11
preparing the server B-10
uploading B-11
configuration files in base directory 3-6
configuring for autoconfiguration 3-6
image files
deleting B-23
downloading B-22
preparing the server B-21
uploading B-24
limiting access by servers 28-16
TFTP server 1-4
threshold, traffic level 21-2
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 29-14
time ranges in ACLs 29-14
time stamps in log messages 27-7
time zones 6-12
TLVs
defined 23-2
LLDP 23-2
LLDP-MED 23-2
Token Ring VLANs
support for 12-5
VTP support 13-4
ToS 1-8
traceroute, Layer 2
and ARP 32-14
and CDP 32-14
broadcast traffic 32-14
described 32-14
IP addresses and subnets 32-14
MAC addresses and VLANs 32-14
multicast traffic 32-14
multiple devices on a port 32-15
unicast traffic 32-14
usage guidelines 32-14
traceroute command 32-16
See also IP traceroute
traffic
blocking flooded 21-7
fragmented 29-3
unfragmented 29-3
traffic policing 1-8
traffic suppression 21-1
transmit hold-count
see STP
transparent mode, VTP 13-3, 13-12
trap-door mechanism 3-2
traps
configuring MAC address notification 6-22
configuring managers 28-12
defined 28-3
enabling 6-22, 28-12
notification types 28-12
overview 28-1, 28-5
troubleshooting
connectivity problems 32-12, 32-13, 32-15
detecting unidirectional links 25-1
displaying crash information 32-21
setting packet forwarding 32-19
SFP security and identification 32-11
show forward command 32-19
with CiscoWorks 28-4
with debug commands 32-18
with ping 32-12
with system message logging 27-1
with traceroute 32-15
trunk failover
See link-state tracking
trunking encapsulation 1-6
trunk ports
configuring 12-17
defined 10-3, 12-3
trunks
allowed-VLAN list 12-18
load sharing
setting STP path costs 12-22
using STP port priorities 12-20, 12-21
native VLAN for untagged traffic 12-19
parallel 12-22
pruning-eligible list 12-19
to non-DTP device 12-14
trusted boundary for QoS 30-34
trusted port states
between QoS domains 30-36
classification options 30-5
ensuring port security for IP phones 30-34
support for 1-8
within a QoS domain 30-32
trustpoints, CA 8-37
twisted-pair Ethernet, detecting unidirectional links 25-1
type of service
See ToS
U
UDLD
configuration guidelines 25-4
default configuration 25-4
disabling
globally 25-5
on fiber-optic interfaces 25-5
per interface 25-5
echoing detection mechanism 25-2
enabling
globally 25-5
per interface 25-5
link-detection mechanism 25-1
neighbor database 25-2
overview 25-1
resetting an interface 25-6
status, displaying 25-6
support for 1-5
unauthorized ports with IEEE 802.1x 9-7
unicast MAC address filtering 1-4
and adding static addresses 6-25
and broadcast MAC addresses 6-25
and CPU packets 6-25
and multicast addresses 6-25
and router MAC addresses 6-25
configuration guidelines 6-25
described 6-25
unicast storm 21-1
unicast storm control command 21-4
unicast traffic, blocking 21-7
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 27-11
facilities supported 27-13
message logging configuration 27-12
unrecognized Type-Length-Value (TLV) support 13-4
upgrading a Catalyst 2950 switch
configuration compatibility issues C-1
differences in configuration commands C-1
feature behavior incompatibilities C-5
incompatible command messages C-1
recommendations C-1
upgrading information
See release notes
upgrading software images
See downloading
UplinkFast
described 17-3
disabling 17-13
enabling 17-13
support for 1-5
uploading
configuration files
preparing B-10, B-13, B-16
reasons for B-8
using FTP B-14
using RCP B-18
using TFTP B-11
image files
preparing B-21, B-25, B-29
reasons for B-19
using FTP B-28
using RCP B-32
using TFTP B-24
user EXEC mode 2-2
username-based authentication 8-6
V
version-dependent transparent mode 13-4
virtual IP address
cluster standby group 5-10
command switch 5-10
vlan.dat file 12-4
VLAN 1, disabling on a trunk port 12-18
VLAN 1 minimization 12-18
vlan-assignment response, VMPS 12-24
VLAN configuration
at bootup 12-7
saving 12-7
VLAN configuration mode 2-2, 12-6
VLAN database
and startup configuration file 12-7
and VTP 13-1
VLAN configuration saved in 12-6
VLANs saved in 12-4
vlan database command 12-6
VLAN filtering and SPAN 24-6
vlan global configuration command 12-6
VLAN ID, discovering 6-26
VLAN load balancing on flex links 18-2
configuration guidelines 18-5
VLAN management domain 13-2
VLAN Management Policy Server
See VMPS
VLAN membership
confirming 12-27
modes 12-3
VLAN Query Protocol
See VQP
VLANs
adding 12-8
adding to VLAN database 12-8
aging dynamic addresses 15-9
allowed on trunk 12-18
and spanning-tree instances 12-2, 12-6, 12-12
configuration guidelines, extended-range VLANs 12-12
configuration guidelines, normal-range VLANs 12-5
configuration options 12-6
configuring 12-1
configuring IDs 1006 to 4094 12-12
creating in config-vlan mode 12-8
creating in VLAN configuration mode 12-9
default configuration 12-7
deleting 12-9
described 10-2, 12-1
displaying 12-13
extended-range 12-1, 12-11
features 1-6
illustrated 12-2
limiting source traffic with RSPAN 24-21
limiting source traffic with SPAN 24-14
modifying 12-8
multicast 20-16
native, configuring 12-19
normal-range 12-1, 12-4
number supported 1-6
parameters 12-4
port membership modes 12-3
static-access ports 12-10
STP and IEEE 802.1Q trunks 15-10
supported 12-2
Token Ring 12-5
traffic between 12-2
VTP modes 13-3
VLAN Trunking Protocol
See VTP
VLAN trunks 12-14
VMPS
administering 12-28
configuration example 12-29
configuration guidelines 12-25
default configuration 12-25
description 12-23
dynamic port membership
described 12-24
reconfirming 12-27
troubleshooting 12-29
entering server address 12-26
mapping MAC addresses to VLANs 12-24
monitoring 12-28
reconfirmation interval, changing 12-27
reconfirming membership 12-27
retry count, changing 12-28
voice-over-IP 14-1
voice VLAN
Cisco 7960 phone, port connections 14-1
configuration guidelines 14-3
configuring IP phones for data traffic
override CoS of incoming frame 14-6
trust CoS priority of incoming frame 14-6
configuring ports for voice traffic in
802.1p priority tagged frames 14-5
802.1Q frames 14-5
connecting to an IP phone 14-4
default configuration 14-3
described 14-1
displaying 14-7
IP phone data traffic, described 14-2
IP phone voice traffic, described 14-2
VQP 1-6, 12-23
VTP
adding a client to a domain 13-14
advertisements 12-16, 13-3
and extended-range VLANs 13-1
and normal-range VLANs 13-1
client mode, configuring 13-11
configuration
global configuration mode 13-7
guidelines 13-8
privileged EXEC mode 13-7
requirements 13-9
saving 13-7
VLAN configuration mode 13-7
configuration mode options 13-7
configuration requirements 13-9
configuration revision number
guideline 13-14
resetting 13-15
configuring
client mode 13-11
server mode 13-9
transparent mode 13-12
consistency checks 13-4
default configuration 13-6
described 13-1
disabling 13-12
domain names 13-8
domains 13-2
modes
client 13-3, 13-11
server 13-3, 13-9
transitions 13-3
transparent 13-3, 13-12
monitoring 13-16
passwords 13-8
pruning
disabling 13-14
enabling 13-14
examples 13-5
overview 13-4
support for 1-6
pruning-eligible list, changing 12-19
server mode, configuring 13-9
statistics 13-16
support for 1-6
Token Ring support 13-4
transparent mode, configuring 13-12
using 13-1
version, guidelines 13-8
Version 1 13-4
Version 2
configuration guidelines 13-8
disabling 13-13
enabling 13-13
overview 13-4
W
web authentication
configuring9-39to 9-41
described 1-7, 9-17
fallback for IEEE 802.1x 9-40
weighted tail drop
See WTD
wizards 1-2
WTD
described 30-11
setting thresholds
egress queue-sets 30-61
ingress queues 30-57
support for 1-8, 1-9
X
Xmodem protocol 32-2