Index A
abbreviating commands 4
AC (command switch) 10
access-class command 18
access control entries
See ACEs
access-denied response, VMPS 24
access groups, applying IPv4 ACLs to interfaces 19
accessing
clusters, switch 13
command switches 11
member switches 13
switch clusters 13
accessing stack members 22
access lists
See ACLs
access ports
in switch clusters 9
access ports, defined 3
accounting
with 802.1x 48
with IEEE 802.1x 15
with RADIUS 35
with TACACS+ 11, 17
ACEs
and QoS 8
defined 2
Ethernet 2
IP 2
ACLs
ACEs 2
any keyword 11
applying
time ranges to 15
to an interface 18
to QoS 8
classifying traffic for QoS 43
comments in 17
compiling 21
defined 2, 7
examples of 21, 43
extended IP, configuring for QoS classification 44
extended IPv4
creating 9
matching criteria 7
hardware and software handling 19
host keyword 11
IP
creating 7
fragments and QoS guidelines 34
implicit deny 9, 13, 15
implicit masks 9
matching criteria 7
undefined 19
IPv4
applying to interfaces 18
creating 7
matching criteria 7
named 13
numbers 7
terminal lines, setting on 18
unsupported features 6
MAC extended 23, 45
matching 7, 19
monitoring 25
named, IPv4 13
number per QoS class map 34
QoS 8, 43
resequencing entries 13
standard IP, configuring for QoS classification 43
standard IPv4
creating 8
matching criteria 7
support for 10
support in hardware 19
time ranges 15
unsupported features, IPv4 6
active link 4, 5, 6
active links 2
active traffic monitoring, IP SLAs 1
address aliasing 2
addresses
displaying the MAC address table 30
dynamic
accelerated aging 9
changing the aging time 22
default aging 9
defined 20
learning 21
removing 23
IPv6 2
MAC, discovering 31
multicast, STP address management 9
static
adding and removing 27
defined 20
address resolution 31
Address Resolution Protocol
See ARP
advertisements
CDP 1
LLDP 2
VTP 16, 3, 4
aggregatable global unicast addresses 3
aggregated ports
See EtherChannel
aggregate policers 52
aggregate policing 13
aging, accelerating 9
aging time
accelerated
for MSTP 25
for STP 9, 23
MAC address table 22
maximum
for MSTP 26
for STP 23, 24
alarms, RMON 4
allowed-VLAN list 18
ARP
defined 6, 31
table
address resolution 31
managing 31
attributes, RADIUS
vendor-proprietary 38
vendor-specific 36
attribute-value pairs 13, 16, 20
authentication
local mode with AAA 40
NTP associations 6
open1x 30
RADIUS
key 28
login 30
TACACS+
defined 11
key 13
login 14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 9
authentication failed VLAN
See restricted VLAN
authentication manager
CLI commands 10
compatibility with older 802.1x CLI commands 10 to ??
overview 8
authoritative time source, described 3
authorization
with RADIUS 34
with TACACS+ 11, 16
authorized ports with IEEE 802.1x 11
autoconfiguration 4
auto enablement 31
automatic advise (auto-advise) in switch stacks 11
automatic copy (auto-copy) in switch stacks 11
automatic discovery
considerations
beyond a noncandidate device 8
brand new switches 9
connectivity 5
different VLANs 7
management VLANs 8
non-CDP-capable devices 7
noncluster-capable devices 7
in switch clusters 5
See also CDP
automatic extraction (auto-extract) in switch stacks 11
automatic QoS
See QoS
automatic recovery, clusters 10
See also HSRP
automatic upgrades (auto-upgrade) in switch stacks 11
auto-MDIX
configuring 29
described 29
autonegotiation
duplex mode 4
interface configuration guidelines 26
mismatches 13
autosensing, port speed 4
Auto Smartports macros
built-in macros 3, 9
Cisco Medianet 2
configuration guidelines 4
default configuration 3
defined 1
displaying 20
enabling 5, 8
event triggers 12
IOS shell 1, 15
LLDP 2
mapping 9
user-defined macros 15
See also Smartports macros
auxiliary VLAN
See voice VLAN
availability, features 8
B
BackboneFast
described 7
disabling 17
enabling 17
support for 8
backup interfaces
See Flex Links
backup links 2
banners
configuring
login 20
message-of-the-day login 19
default configuration 18
when displayed 18
Berkeley r-tools replacement 53
binding database
DHCP snooping
See DHCP snooping binding database
bindings
DHCP snooping database 7
IP source guard 15
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 8
booting
boot loader, function of 2
boot process 2
manually 19
specific image 20
boot loader
accessing 21
described 2
environment variables 21
prompt 21
trap-door mechanism 2
BPDU
error-disabled state 3
filtering 3
RSTP format 13
BPDU filtering
described 3
disabling 15
enabling 15
support for 8
BPDU guard
described 2
disabling 14
enabling 14
support for 8
bridge protocol data unit
See BPDU
broadcast storm-control command 4
broadcast storms 2
C
cables, monitoring for unidirectional links 1
candidate switch
automatic discovery 5
defined 4
requirements 4
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility 9
CA trustpoint
configuring 50
defined 47
CDP
and trusted boundary 38
automatic discovery in switch clusters 5
configuring 2
default configuration 2
defined with LLDP 1
described 1
disabling for routing device 4
enabling and disabling
on an interface 4
on a switch 4
monitoring 5
overview 1
power negotiation extensions 5
support for 6
switch stack considerations 2
transmission timer and holdtime, setting 3
updates 3
CGMP
as IGMP snooping learning method 9
joining multicast group 3
CipherSuites 48
Cisco 7960 IP Phone 1
Cisco Discovery Protocol
See CDP
Cisco intelligent power management 5
Cisco IOS File System
See IFS
Cisco IOS IP Service Level Agreements (SLAs) responder 5
Cisco IOS IP SLAs 2
Cisco Medianet
See Auto Smartports macros
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 20
attribute-value pairs for redirect URL 20
Cisco Secure ACS configuration guide 60
CiscoWorks 2000 5
CISP 31
CIST regional root
See MSTP
CIST root
See MSTP
civic location 3
class maps for QoS
configuring 46
described 8
displaying 73
class of service
See CoS
clearing interfaces 38
CLI
abbreviating commands 4
command modes 1
configuration logging 5
described 5
editing features
enabling and disabling 7
keystroke editing 8
wrapped lines 9
error messages 5
filtering command output 10
getting help 3
history
changing the buffer size 6
described 6
disabling 7
recalling commands 6
managing clusters 17
no and default forms of commands 4
Client Information Signalling Protocol
See CISP
client mode, VTP 3
clock
See system clock
clusters, switch
accessing 13
automatic discovery 5
automatic recovery 10
benefits 2
compatibility 5
described 1
LRE profile considerations 16
managing
through CLI 17
through SNMP 18
planning 5
planning considerations
automatic discovery 5
automatic recovery 10
CLI 17
host names 14
IP addresses 13
LRE profiles 16
passwords 14
RADIUS 16
SNMP 14, 18
switch stacks 15
TACACS+ 16
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
automatic recovery 13
considerations 11
defined 2
requirements 3
virtual IP address 11
See also HSRP
CNS 6
Configuration Engine
configID, deviceID, hostname 3
configuration service 2
described 1
event service 3
embedded agents
described 5
enabling automated configuration 6
enabling configuration agent 9
enabling event agent 7
management functions 5
CoA Request Commands 23
Coarse Wave Division Multiplexer
See CWDM SFPs
command-line interface
See CLI
command modes 1
commands
abbreviating 4
no and default 4
commands, setting privilege levels 8
command switch
accessing 11
active (AC) 10
configuration conflicts 12
defined 2
passive (PC) 10
password privilege levels 17
priority 10
recovery
from command-switch failure 10, 9
from lost member connectivity 12
redundant 10
replacing
with another switch 11
with cluster member 9
requirements 3
standby (SC) 10
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
configuring 14, 8
for cluster switches 4
in clusters 14
overview 4
SNMP 14
compatibility, feature 13
compatibility, software
See stacks, switch
config.text 17
configurable leave timer, IGMP 6
configuration, initial
defaults 16
Express Setup 2
configuration changes, logging 11
configuration conflicts, recovering from lost member connectivity 12
configuration examples, network 18
configuration files
archiving 21
clearing the startup configuration 20
creating using a text editor 11
default name 17
deleting a stored configuration 20
described 9
downloading
automatically 18
preparing 11, 14, 17
reasons for 9
using FTP 14
using RCP 18
using TFTP 12
guidelines for creating and using 10
guidelines for replacing and rolling back 22
invalid combinations when copying 5
limiting TFTP server access 17
obtaining with DHCP 9
password recovery disable considerations 5
replacing a running configuration 20, 21
rolling back a running configuration 20, 22
specifying the filename 18
system contact and location information 17
types and location 10
uploading
preparing 11, 14, 17
reasons for 9
using FTP 16
using RCP 19
using TFTP 13
configuration logger 11
configuration logging 5
configuration replacement 20
configuration rollback 20, 21
configuration settings, saving 16
configure terminal command 16
configuring 802.1x user distribution 56
configuring port-based authentication violation modes 39
configuring small-frame arrival rate 5
config-vlan mode 2
conflicts, configuration 12
connections, secure remote 42
connectivity problems 15, 16, 18
consistency checks in VTP Version 2 5
console port, connecting to 11
control protocol, IP SLAs 4
corrupted software, recovery steps with Xmodem 2
CoS
in Layer 2 frames 2
override priority 6
trust priority 6
CoS input queue threshold map for QoS 16
CoS output queue threshold map for QoS 19
CoS-to-DSCP map for QoS 55
counters, clearing interface 38
CPU utilization, troubleshooting 27
crashinfo file 24
critical authentication, IEEE 802.1x 52
critical VLAN 23
cross-stack EtherChannel
configuration guidelines 13
described 3
illustration 4
support for 8
cross-stack UplinkFast, STP
described 5
disabling 17
enabling 17
fast-convergence events 7
Fast Uplink Transition Protocol 6
normal-convergence events 7
support for 8
cryptographic software image
SSH 41
SSL 46
switch stack considerations 15
customjzeable web pages, web-based authentication 6
CWDM SFPs 23
D
DACL
See downloadable ACL
daylight saving time 14
debugging
enabling all system diagnostics 22
enabling for a specific feature 21
redirecting error message output 22
using commands 21
default commands 4
default configuration
802.1x 33
auto-QoS 21
banners 18
booting 17
CDP 2
DHCP 9
DHCP option 82 9
DHCP snooping 9
DHCP snooping binding database 9
DNS 17
dynamic ARP inspection 5
EtherChannel 11
Ethernet interfaces 23
Flex Links 8
IGMP filtering 26
IGMP snooping 7, 6
IGMP throttling 26
initial switch information 3
IP SLAs 5
IP source guard 17
IPv6 7
Layer 2 interfaces 23
LLDP 5
MAC address table 22
MAC address-table move update 8
MSTP 16
MVR 21
NTP 5
optional spanning-tree configuration 12
password and privilege level 3
RADIUS 27
RMON 3
RSPAN 11
SDM template 2
SNMP 7
SPAN 11
SSL 49
standard QoS 31
STP 13
switch stacks 17
system message logging 4
system name and prompt 16
TACACS+ 13
UDLD 4
VLAN, Layer 2 Ethernet interfaces 15
VLANs 7
VMPS 25
voice VLAN 3
VTP 9
default gateway 15
default web-based authentication configuration
802.1X 9
deleting VLANs 9
denial-of-service attack 2
description command 35
designing your network, examples 18
destination addresses
in IPv4 ACLs 10
destination-IP address-based forwarding, EtherChannel 9
destination-MAC address forwarding, EtherChannel 9
detecting indirect link failures, STP 8
device 25
device discovery protocol 1
device manager
benefits 2
described 2, 5
in-band management 6
upgrading a switch 25
DHCP
enabling
relay agent 11
DHCP-based autoconfiguration
client request message exchange 4
configuring
client side 4
DNS 8
relay device 9
server side 7
TFTP server 8
example 10
lease options
for IP address information 7
for receiving the configuration file 7
overview 4
relationship to BOOTP 4
relay support 6
support for 6
DHCP-based autoconfiguration and image update
configuring 12 to 15
understanding 5 to 6
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 5
configuration guidelines 9
default configuration 9
displaying 14
overview 4
packet format, suboption
circuit ID 5
remote ID 5
remote ID suboption 5
DHCP server port-based address allocation
configuration guidelines 24
default configuration 24
described 23
displaying 26
enabling 24
reserved addresses 24
DHCP server port-based address assignment
support for 6
DHCP snooping
accepting untrusted packets form edge switch 3, 12
binding database
See DHCP snooping binding database
configuration guidelines 9
default configuration 9
displaying binding tables 14
message exchange process 4
option 82 data insertion 4
trusted interface 3
untrusted interface 3
untrusted messages 3
DHCP snooping binding database
adding bindings 13
binding entries, displaying 14
binding file
format 7
location 7
bindings 7
clearing agent statistics 14
configuration guidelines 10
configuring 13
default configuration 9
deleting
binding file 14
bindings 14
database agent 14
described 7
displaying 14
displaying status and statistics 14
enabling 13
entry 7
renewing database 14
resetting
delay value 14
timeout value 14
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 2
Differentiated Services Code Point 2
directed unicast requests 6
directories
changing 4
creating and removing 4
displaying the working 4
discovery, clusters
See automatic discovery
DNS
and DHCP-based autoconfiguration 8
default configuration 17
displaying the configuration 18
in IPv6 3
overview 16
setting up 17
support for 6
domain names
DNS 16
VTP 10
Domain Name System
See DNS
downloadable ACL 19, 20, 60
downloading
configuration files
preparing 11, 14, 17
reasons for 9
using FTP 14
using RCP 18
using TFTP 12
image files
deleting old image 29
preparing 27, 31, 35
reasons for 25
using CMS 2
using FTP 32
using HTTP 2, 25
using RCP 36
using TFTP 28
using the device manager or Network Assistant 25
DRP
support for 14
DSCP 13, 2
DSCP input queue threshold map for QoS 16
DSCP output queue threshold map for QoS 19
DSCP-to-CoS map for QoS 58
DSCP-to-DSCP-mutation map for QoS 59
DSCP transparency 39
DTP 9, 14
dual-action detection 6
dual IPv4 and IPv6 templates 5
dual protocol stacks
IPv4 and IPv6 5
SDM templates supporting 5
dual-purpose uplinks
defined 4
LEDs 4
link selection 4, 24
setting the type 24
dynamic access ports
characteristics 4
configuring 27
defined 3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 1
ARP requests, described 1
ARP spoofing attack 1
clearing
log buffer 16
statistics 16
configuration guidelines 6
configuring
ACLs for non-DHCP environments 9
in DHCP environments 7
log buffer 13
rate limit for incoming ARP packets 4, 11
default configuration 5
denial-of-service attacks, preventing 11
described 1
DHCP snooping binding database 2
displaying
ARP ACLs 15
configuration and operating state 15
log buffer 16
statistics 16
trust state and rate limit 15
error-disabled state for exceeding rate limit 4
function of 2
interface trust states 3
log buffer
clearing 16
configuring 13
displaying 16
logging of dropped packets, described 5
man-in-the middle attack, described 2
network security issues and interface trust states 3
priority of ARP ACLs and DHCP snooping entries 4
rate limiting of ARP packets
configuring 11
described 4
error-disabled state 4
statistics
clearing 16
displaying 16
validation checks, performing 12
dynamic auto trunking mode 14
dynamic desirable trunking mode 14
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 25
reconfirming 27
troubleshooting 29
types of connections 27
Dynamic Trunking Protocol
See DTP
E
editing features
enabling and disabling 7
keystrokes used 8
wrapped lines 9
elections
See stack master
ELIN location 3
enable password 4
enable secret password 4
encryption, CipherSuite 48
encryption for passwords 4
environment variables, function of 22
error-disabled state, BPDU 3
error messages during command entry 5
EtherChannel
automatic creation of 5, 7
channel groups
binding physical and logical interfaces 4
numbering of 4
configuration guidelines 12
configuring Layer 2 interfaces 13
default configuration 11
described 2
displaying status 20
forwarding methods 8, 15
IEEE 802.3ad, described 7
interaction
with STP 12
with VLANs 13
LACP
described 7
displaying status 20
hot-standby ports 18
interaction with other features 8
modes 7
port priority 19
system priority 18
load balancing 8, 15
PAgP
aggregate-port learners 16
compatibility with Catalyst 1900 17
described 5
displaying status 20
interaction with other features 7
interaction with virtual switches 6
learn method and priority configuration 16
modes 6
support for 4
with dual-action detection 6
port-channel interfaces
described 4
numbering of 4
port groups 4
stack changes, effects of 10
support for 4
EtherChannel guard
described 10
disabling 18
enabling 18
Ethernet management port
active link 20
and routing 21
and TFTP 22
configuring 22
default setting 21
described 20
for network management 20
specifying 22
supported features 21
unsupported features 21
Ethernet management port, internal
and routing 21
unsupported features 21
Ethernet VLANs
adding 8
defaults and ranges 7
modifying 8
EUI 3
events, RMON 4
examples
network configuration 18
expedite queue for QoS 72
Express Setup 2
See also getting started guide
extended crashinfo file 24
extended-range VLANs
configuration guidelines 11
configuring 11
creating 12
defined 1
extended system ID
MSTP 19
STP 5, 16
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 1
F
fa0 interface 6
Fa0 port
See Ethernet management port
failover support 8
Fast Convergence 3
fastethernet0 port
See Ethernet management port
Fast Uplink Transition Protocol 6
features, incompatible 13
fiber-optic, detecting unidirectional links 1
files
basic crashinfo
description 24
location 24
copying 5
crashinfo, description 24
deleting 6
displaying the contents of 8
extended crashinfo
description 25
location 25
tar
creating 6
displaying the contents of 7
extracting 8
image file format 26
file system
displaying available file systems 2
displaying file information 3
local file system names 1
network file system names 5
setting the default 3
filtering
non-IP traffic 23
show and more command output 10
filtering show and more command output 10
filters, IP
See ACLs, IP
flash device, number of 1
flexible authentication ordering
configuring 63
overview 29
Flex Link Multicast Fast Convergence 3
Flex Links
configuration guidelines 8
configuring 9, 10
configuring preferred VLAN 12
configuring VLAN load balancing 11
default configuration 8
description 2
link load balancing 3
monitoring 15
VLANs 3
flooded traffic, blocking 8
flow-based packet classification 13
flowcharts
QoS classification 7
QoS egress queueing and scheduling 18
QoS ingress queueing and scheduling 15
QoS policing and marking 11
flowcontrol
configuring 28
described 28
forward-delay time
MSTP 25
STP 23
FTP
accessing MIB files 4
configuration files
downloading 14
overview 13
preparing the server 14
uploading 16
image files
deleting old image 33
downloading 32
preparing the server 31
uploading 34
G
general query 5
Generating IGMP Reports 4
get-bulk-request operation 4
get-next-request operation 4, 5
get-request operation 4, 5
get-response operation 4
Gigabit modules
See SFPs
global configuration mode 2
global leave, IGMP 13
guest VLAN and 802.1x 21
guide mode 2
GUIs
See device manager and Network Assistant
H
hello time
MSTP 25
STP 22
help, for the command line 3
history
changing the buffer size 6
described 6
disabling 7
recalling commands 6
history table, level and number of syslog messages 10
host names, in clusters 14
hosts, limit on dynamic ports 29
HP OpenView 5
HSRP
automatic cluster recovery 13
cluster standby group considerations 11
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
see HTTPS
HTTPS 47
configuring 51
self-signed certificate 47
HTTP secure server 47
I
ICMP
IPv6 4
time-exceeded messages 18
traceroute and 18
ICMP ping
executing 15
overview 15
ICMPv6 4
IDS appliances
and ingress RSPAN 21
and ingress SPAN 14
IEEE 802.1D
See STP
IEEE 802.1p 1
IEEE 802.1Q
and trunk ports 3
configuration limitations 15
encapsulation 14
native VLAN for untagged traffic 20
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3ad, PoE+ 14, 5
IEEE 802.3af
See PoE
IEEE 802.3x flow control 28
ifIndex values, SNMP 6
IFS 6
IGMP
configurable leave timer
described 6
enabling 12
flooded multicast traffic
controlling the length of time 13
disabling on an interface 14
global leave 13
query solicitation 13
recovering from flood mode 13
joining multicast group 3
join messages 3
leave processing, enabling 11, 9
leaving multicast group 5
queries 4
report suppression
described 6
disabling 16, 11
supported versions 3
support for 4
IGMP filtering
configuring 26
default configuration 26
described 25
monitoring 30
support for 4
IGMP groups
configuring filtering 29
setting the maximum number 28
IGMP Immediate Leave
configuration guidelines 12
described 6
enabling 11
IGMP profile
applying 27
configuration mode 26
configuring 27
IGMP snooping
and address aliasing 2
and stack changes 7
configuring 7
default configuration 7, 6
definition 2
enabling and disabling 8, 7
global configuration 8
Immediate Leave 6
in the switch stack 7
method 9
monitoring 17, 12
querier
configuration guidelines 15
configuring 15
supported versions 3
support for 4
VLAN configuration 8
IGMP throttling
configuring 29
default configuration 26
described 25
displaying action 30
Immediate Leave, IGMP 6
enabling 9
inaccessible authentication bypass 23
support for multiauth ports 23
initial configuration
defaults 16
Express Setup 2
interface
number 15
range macros 18
interface command 15 to ??, 15 to 16
interface configuration mode 3
interfaces
auto-MDIX, configuring 29
configuration guidelines
duplex and speed 26
configuring
procedure 16
counters, clearing 38
default configuration 23
described 35
descriptive name, adding 35
displaying information about 37
flow control 28
management 5
monitoring 37
naming 35
physical, identifying 14, 15
range of 16
restarting 38
shutting down 38
speed and duplex, configuring 27
status 37
supported 14
types of 1
interfaces range macro command 18
interface types 15
Internet Protocol version 6
See IPv6
Intrusion Detection System
See IDS appliances
inventory management TLV 3, 8
IOS shell
See Auto Smartports macros
IP ACLs
for QoS classification 8
implicit deny 9, 13
implicit masks 9
named 13
undefined 19
IP addresses
128-bit 2
candidate or member 4, 13
cluster access 2
command switch 3, 11, 13
discovering 31
IPv6 2
redundant clusters 11
standby command switch 11, 13
See also IP information
ip igmp profile command 26
IP information
assigned
manually 15
through DHCP-based autoconfiguration 4
default configuration 3
IP phones
and QoS 1
automatic classification and queueing 21
configuring 5
ensuring port security with QoS 38
trusted boundary for QoS 38
IP Port Security for Static Hosts
on a Layer 2 access port 19
IP precedence 2
IP-precedence-to-DSCP map for QoS 56
IP protocols in ACLs 10
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 1
IP SLAs
benefits 2
configuration guidelines 5
Control Protocol 4
default configuration 5
definition 1
measuring network performance 3
monitoring 6
operation 3
responder
described 4
enabling 6
response time 4
SNMP support 2
supported metrics 2
IP source guard
and 802.1x 17
and DHCP snooping 15
and EtherChannels 17
and port security 17
and private VLANs 17
and routed ports 17
and TCAM entries 18
and trunk interfaces 17
and VRF 17
binding configuration
automatic 15
manual 15
binding table 15
configuration guidelines 17
default configuration 17
described 15
disabling 19
displaying
active IP or MAC bindings 23
bindings 23
configuration 23
enabling 18, 19
filtering
source IP address 15
source IP and MAC address 15
on provisioned switches 18
source IP address filtering 15
source IP and MAC address filtering 15
static bindings
adding 18, 19
deleting 19
static hosts 19
IP traceroute
executing 19
overview 18
IPv4 ACLs
applying to interfaces 18
extended, creating 9
named 13
standard, creating 8
IPv4 and IPv6
dual protocol stacks 4
IPv6
addresses 2
address formats 2
and switch stacks 6
applications 4
assigning address 7
autoconfiguration 4
configuring static routes 10
default configuration 7
defined 2
forwarding 7
ICMP 4
monitoring 11
neighbor discovery 4
SDM templates 1
stack master functions 6
Stateless Autoconfiguration 4
supported features 3
J
join messages, IGMP 3
L
LACP
See EtherChannel
Layer 2 frames, classification with CoS 2
Layer 2 interfaces, default configuration 23
Layer 2 traceroute
and ARP 17
and CDP 17
broadcast traffic 16
described 16
IP addresses and subnets 17
MAC addresses and VLANs 17
multicast traffic 17
multiple devices on a port 17
unicast traffic 16
usage guidelines 17
Layer 3 features 14
Layer 3 interfaces
assigning IPv6 addresses to 8
Layer 3 packets, classification methods 2
LDAP 2
Leaking IGMP Reports 4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 3
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 8
Link Layer Discovery Protocol
See CDP
link local unicast addresses 3
link redundancy
See Flex Links
links, unidirectional 1
link-state tracking
configuring 23
described 20
LLDP
configuring 5
characteristics 7
default configuration 5
enabling 6
monitoring and maintaining 12
overview 1
supported TLVs 2
switch stack considerations 2
transmission timer and holdtime, setting 7
LLDP-MED
configuring
procedures 5
TLVs 8
monitoring and maintaining 12
overview 1, 2
supported TLVs 2
LLDP Media Endpoint Discovery
See LLDP-MED
local SPAN 2
location TLV 3, 8
login authentication
with RADIUS 30
with TACACS+ 14
login banners 18
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 20
loop guard
described 11
enabling 19
support for 8
LRE profiles, considerations in switch clusters 16
M
MAB
See MAC authentication bypass
MAB inactivity timer
default setting 34
range 36
MAC/PHY configuration status TLV 2
MAC addresses
aging time 22
and VLAN association 21
building the address table 21
default configuration 22
disabling learning on a VLAN 30
discovering 31
displaying 30
displaying in the IP source binding table 23
dynamic
learning 21
removing 23
in ACLs 23
static
adding 27
allowing 29, 30
characteristics of 27
dropping 29
removing 28
MAC address learning 6
MAC address learning, disabling on a VLAN 30
MAC address notification, support for 15
MAC address-table move update
configuration guidelines 8
configuring 13
default configuration 8
description 6
monitoring 15
MAC address-to-VLAN mapping 24
MAC authentication bypass 36
configuring 56
overview 17
MAC extended access lists
applying to Layer 2 interfaces 24
configuring for QoS 45
creating 23
defined 23
for QoS classification 6
macros
See Auto Smartports macros
See Smartports macros
magic packet 26
manageability features 6
management access
in-band
browser session 6
CLI session 6
device manager 6
SNMP 6
out-of-band console port connection 6
management address TLV 2
management options
CLI 1
clustering 3
CNS 1
Network Assistant 2
overview 5
management VLAN
considerations in switch clusters 8
discovery through different management VLANs 8
mapping tables for QoS
configuring
CoS-to-DSCP 55
DSCP 54
DSCP-to-CoS 58
DSCP-to-DSCP-mutation 59
IP-precedence-to-DSCP 56
policed-DSCP 57
described 11
marking
action with aggregate policers 52
described 4, 9
matching, IPv4 ACLs 7
maximum aging time
MSTP 26
STP 23
maximum hop count, MSTP 26
maximum number of allowed devices, port-based authentication 36
MDA
configuration guidelines 13 to 14
described 11, 13
exceptions with authentication process 6
Medianet
See Auto Smartports macros
membership mode, VLAN port 3
member switch
automatic discovery 5
defined 2
managing 17
passwords 13
recovering from lost connectivity 12
requirements 4
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 18
MIBs
accessing files with FTP 4
location of files 4
overview 1
SNMP interaction with 5
supported 1
mirroring traffic for analysis 1
mismatches, autonegotiation 13
module number 15
monitoring
access groups 25
cables for unidirectional links 1
CDP 5
features 15
Flex Links 15
IGMP
filters 30
snooping 17, 12
interfaces 37
IP SLAs operations 6
IPv4 ACL configuration 25
IPv6 11
MAC address-table move update 15
multicast router interfaces 17, 12
MVR 24
network traffic for analysis with probe 2
port
blocking 19
protection 19
SFP status 37, 14
speed and duplex mode 27
traffic flowing among switches 2
traffic suppression 19
VLANs 13
VMPS 28
VTP 18
mrouter Port 3
mrouter port 5
MSTP
boundary ports
configuration guidelines 17
described 6
BPDU filtering
described 3
enabling 15
BPDU guard
described 2
enabling 14
CIST, described 3
CIST regional root 3
CIST root 5
configuration guidelines 16, 12
configuring
forward-delay time 25
hello time 25
link type for rapid convergence 27
maximum aging time 26
maximum hop count 26
MST region 17
neighbor type 27
path cost 23
port priority 21
root switch 19
secondary root switch 20
switch priority 24
CST
defined 3
operations between regions 4
default configuration 16
default optional feature configuration 12
displaying status 28
enabling the mode 17
EtherChannel guard
described 10
enabling 18
extended system ID
effects on root switch 19
effects on secondary root switch 20
unexpected behavior 19
IEEE 802.1s
implementation 7
port role naming change 7
terminology 5
instances supported 10
interface state, blocking to forwarding 2
interoperability and compatibility among modes 11
interoperability with IEEE 802.1D
described 9
restarting migration process 28
IST
defined 3
master 3
operations within a region 3
loop guard
described 11
enabling 19
mapping VLANs to MST instance 17
MST region
CIST 3
configuring 17
described 2
hop-count mechanism 6
IST 3
supported spanning-tree instances 2
optional features supported 8
overview 2
Port Fast
described 2
enabling 13
preventing root switch selection 10
root guard
described 10
enabling 18
root switch
configuring 19
effects of extended system ID 19
unexpected behavior 19
shutdown Port Fast-enabled port 2
stack changes, effects of 9
status, displaying 28
multiauth
support for inaccessible authentication bypass 23
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 6
joining 3
leaving 5
static joins 10, 8
multicast router interfaces, monitoring 17, 12
multicast router ports, adding 10, 8
multicast storm 2
multicast storm-control command 4
multicast television application 19
multicast VLAN 18
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multiple authentication 14
multiple authentication mode
configuring 42
MVR
and address aliasing 21
and IGMPv3 21
configuration guidelines 21
configuring interfaces 23
default configuration 21
described 18
example application 19
modes 22
monitoring 24
multicast television application 19
setting global parameters 21
support for 4
N
NAC
critical authentication 23, 52
IEEE 802.1x authentication using a RADIUS server 58
IEEE 802.1x validation using RADIUS server 58
inaccessible authentication bypass 52
Layer 2 IEEE 802.1x validation 12, 29, 58
named IPv4 ACLs 13
NameSpace Mapper
See NSM
native VLAN
configuring 20
default 20
NEAT
configuring 59
overview 30
neighbor discovery, IPv6 4
Network Admission Control
See NAC
Network Assistant
benefits 2
described 5
downloading image files 2
guide mode 2
management options 2
managing switch stacks 2, 15
upgrading a switch 25
wizards 2
network configuration examples
increasing network performance 19
long-distance, high-bandwidth transport 23
providing network services 19
server aggregation and Linux server cluster 21
small to medium-sized network 22
network design
performance 19
services 19
Network Edge Access Topology
See NEAT
network management
CDP 1
RMON 1
SNMP 1
network performance, measuring with IP SLAs 3
network policy TLV 2, 8
Network Time Protocol
See NTP
no commands 4
nonhierarchical policy maps
described 10
non-IP traffic filtering 23
nontrunking mode 14
normal-range VLANs 4
configuration guidelines 6
configuring 4
defined 1
NSM 3
NTP
associations
authenticating 6
defined 3
enabling broadcast messages 8
peer 7
server 7
default configuration 5
displaying the configuration 12
overview 3
restricting access
creating an access group 10
disabling NTP services per interface 11
source IP address, configuring 11
stratum 3
support for 6
synchronizing devices 7
time
services 3
synchronizing 3
O
OBFL
configuring 26
described 25
displaying 27
offline configuration for switch stacks 7
off mode, VTP 4
on-board failure logging
See OBFL
online diagnostics
overview 1
running tests 3
understanding 1
open1x
configuring 64
open1x authentication
overview 30
optimizing system resources 1
options, management 5
out-of-profile markdown 14
P
packet modification, with QoS 20
PAgP
See EtherChannel
passwords
default configuration 3
disabling recovery of 5
encrypting 4
for security 10
in clusters 14
overview 1
recovery of 4
setting
enable 3
enable secret 4
Telnet 6
with usernames 7
VTP domain 10
path cost
MSTP 23
STP 20
PC (passive command switch) 10
performance, network design 19
performance features 4
persistent self-signed certificate 47
per-user ACLs and Filter-Ids 9
per-VLAN spanning-tree plus
See PVST+
physical ports 2
PIM-DVMRP, as snooping method 9
ping
character output description 16
executing 15
overview 15
PoE
auto mode 7
CDP with power consumption, described 5
CDP with power negotiation, described 5
Cisco intelligent power management 5
configuring 30
cutoff power
determining 8
cutoff-power
support for 8
devices supported 5
high-power devices operating in low-power mode 5
IEEE power classification levels 6
monitoring 8
monitoring power 33
policing power consumption 33
policing power usage 8
power budgeting 31
power consumption 9, 31
powered-device detection and initial power allocation 6
power management modes 7
power monitoring 8
power negotiation extensions to CDP 5
power sensing 8
standards supported 5
static mode 7
total available power 9
troubleshooting 13
PoE+ 14, 5, 6, 30
policed-DSCP map for QoS 57
policers
configuring
for each matched traffic class 48
for more than one traffic class 52
described 4
displaying 73
number of 34
types of 10
policing
described 4
token-bucket algorithm 10
policy maps for QoS
characteristics of 48
described 8
displaying 74
nonhierarchical on physical ports
described 10
port ACLs, described 3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 15
authentication server
defined 3, 2
RADIUS server 3
client, defined 3, 2
configuration guidelines 34, 9
configuring
802.1x authentication 40
guest VLAN 49
host mode 42
inaccessible authentication bypass 52
manual re-authentication of a client 45
periodic re-authentication 44
quiet period 45
RADIUS server 42, 13
RADIUS server parameters on the switch 41, 11
restricted VLAN 50
switch-to-client frame-retransmission number 46, 47
switch-to-client retransmission time 46
violation modes 39
default configuration 33, 9
described 1
device roles 3, 2
displaying statistics 66, 17
downloadable ACLs and redirect URLs
configuring 60 to 62, ?? to 63
overview 19 to 20
EAPOL-start frame 6
EAP-request/identity frame 6
EAP-response/identity frame 6
enabling
802.1X authentication 11
encapsulation 3
flexible authentication ordering
configuring 63
overview 29
guest VLAN
configuration guidelines 22, 23
described 21
host mode 12
inaccessible authentication bypass
configuring 52
described 23
guidelines 35
initiation and message exchange 6
magic packet 26
maximum number of allowed devices per port 36
method lists 40
multiple authentication 14
per-user ACLs
configuration tasks 19
described 18
RADIUS server attributes 19
ports
authorization state and dot1x port-control command 11
authorized and unauthorized 11
voice VLAN 25
port security
and voice VLAN 26
described 25
interactions 25
multiple-hosts mode 12
readiness check
configuring 36
described 17, 36
resetting to default values 65
stack changes, effects of 12
statistics, displaying 66
switch
as proxy 3, 2
RADIUS client 3
switch supplicant
configuring 59
overview 30
user distribution
guidelines 28
overview 28
VLAN assignment
AAA authorization 40
characteristics 17
configuration tasks 18
described 17
voice aware 802.1x security
configuring 38
described 30, 38
voice VLAN
described 25
PVID 25
VVID 25
wake-on-LAN, described 26
with ACLs and RADIUS Filter-Id attribute 32
port-based authentication methods, supported 8
port blocking 4, 8
port-channel
See EtherChannel
port description TLV 2
Port Fast
described 2
enabling 13
mode, spanning tree 25
support for 8
port membership modes, VLAN 3
port priority
MSTP 21
STP 18
ports
access 3
blocking 8
dual-purpose uplink 4
dynamic access 4
protected 6
secure 9
static-access 3, 10
switch 2
trunks 3, 14
VLAN assignments 10
port security
aging 18
and QoS trusted boundary 38
and stacking 19
configuring 13
default configuration 12
described 9
displaying 19
on trunk ports 15
sticky learning 10
violations 11
with other features 12
port-shutdown response, VMPS 24
port VLAN ID TLV 2
power management TLV 3, 8
Power over Ethernet
See PoE
preemption, default configuration 8
preemption delay, default configuration 8
preferential treatment of traffic
See QoS
preventing unauthorized access 1
primary links 2
priority
overriding CoS 6
trusting CoS 6
private VLAN edge ports
See protected ports
privileged EXEC mode 2
privilege levels
changing the default for lines 9
command switch 17
exiting 10
logging into 10
mapping on member switches 17
overview 2, 8
setting a command with 8
protected ports 10, 6
provisioned switches and IP source guard 18
provisioning new members for a switch stack 7
proxy reports 4
pruning, VTP
disabling
in VTP domain 16
on a port 19
enabling
in VTP domain 16
on a port 19
examples 7
overview 6
pruning-eligible list
changing 19
for VTP pruning 6
VLANs 16
PVST+
described 10
IEEE 802.1Q trunking interoperability 11
instances supported 10
Q
QoS
and MQC commands 1
auto-QoS
categorizing traffic 21
configuration and defaults display 30
configuration guidelines 27
described 21
disabling 28
displaying generated commands 28
displaying the initial configuration 30
effects on running configuration 26
egress queue defaults 22
enabling for VoIP 28
example configuration 29
ingress queue defaults 22
list of generated commands 23
basic model 4
classification
class maps, described 8
defined 4
DSCP transparency, described 39
flowchart 7
forwarding treatment 3
in frames and packets 3
IP ACLs, described 6, 8
MAC ACLs, described 6, 8
options for IP traffic 6
options for non-IP traffic 6
policy maps, described 8
trust DSCP, described 6
trusted CoS, described 6
trust IP precedence, described 6
class maps
configuring 46
displaying 73
configuration guidelines
auto-QoS 27
standard QoS 34
configuring
aggregate policers 52
auto-QoS 21
default port CoS value 37
DSCP maps 54
DSCP transparency 39
DSCP trust states bordering another domain 40
egress queue characteristics 66
ingress queue characteristics 61
IP extended ACLs 44
IP standard ACLs 43
MAC ACLs 45
port trust states within the domain 36
trusted boundary 38
default auto configuration 21
default standard configuration 31
displaying statistics 73
DSCP transparency 39
egress queues
allocating buffer space 66
buffer allocation scheme, described 18
configuring shaped weights for SRR 70
configuring shared weights for SRR 71
described 5
displaying the threshold map 69
flowchart 18
mapping DSCP or CoS values 68
scheduling, described 5
setting WTD thresholds 66
WTD, described 19
enabling globally 35
flowcharts
classification 7
egress queueing and scheduling 18
ingress queueing and scheduling 15
policing and marking 11
implicit deny 8
ingress queues
allocating bandwidth 64
allocating buffer space 63
buffer and bandwidth allocation, described 16
configuring shared weights for SRR 64
configuring the priority queue 65
described 4
displaying the threshold map 62
flowchart 15
mapping DSCP or CoS values 61
priority queue, described 17
scheduling, described 4
setting WTD thresholds 61
WTD, described 16
IP phones
automatic classification and queueing 21
detection and trusted settings 21, 38
limiting bandwidth on egress interface 72
mapping tables
CoS-to-DSCP 55
displaying 74
DSCP-to-CoS 58
DSCP-to-DSCP-mutation 59
IP-precedence-to-DSCP 56
policed-DSCP 57
types of 11
marked-down actions 51
marking, described 4, 9
overview 2
packet modification 20
policers
configuring 51, 53
described 9
displaying 73
number of 34
types of 10
policies, attaching to an interface 9
policing
described 4, 9
token bucket algorithm 10
policy maps
characteristics of 48
displaying 74
nonhierarchical on physical ports 48
QoS label, defined 4
queues
configuring egress characteristics 66
configuring ingress characteristics 61
high priority (expedite) 20, 72
location of 12
SRR, described 14
WTD, described 13
rewrites 20
support for 13
trust states
bordering another domain 40
described 6
trusted device 38
within the domain 36
quality of service
See QoS
queries, IGMP 4
query solicitation, IGMP 13
R
RADIUS
attributes
vendor-proprietary 38
vendor-specific 36
configuring
accounting 35
authentication 30
authorization 34
communication, global 28, 36
communication, per-server 28
multiple UDP ports 28
default configuration 27
defining AAA server groups 32
displaying the configuration 40
identifying the server 28
in clusters 16
limiting the services to the user 34
method list, defined 27
operation of 19
overview 18
server load balancing 40
suggested network environments 18
support for 12
tracking services accessed by user 35
RADIUS Change of Authorization 20
range
macro 18
of interfaces 17
rapid convergence 11
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 10
IEEE 802.1Q trunking interoperability 11
instances supported 10
Rapid Spanning Tree Protocol
See RSTP
rcommand command 17
RCP
configuration files
downloading 18
overview 17
preparing the server 17
uploading 19
image files
deleting old image 38
downloading 36
preparing the server 35
uploading 38
readiness check
port-based authentication
configuring 36
described 17, 36
reconfirmation interval, VMPS, changing 27
reconfirming dynamic VLAN membership 27
recovery procedures 1
redirect URL 19, 20, 60
redundancy
EtherChannel 3
STP
backbone 9
multidrop backbone 5
path cost 22
port priority 21
redundant links and UplinkFast 16
reloading software 23
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 3
report suppression, IGMP
described 6
disabling 16, 11
resequencing ACL entries 13
reserved addresses in DHCP pools 24
resetting a UDLD-shutdown interface 6
responder, IP SLAs
described 4
enabling 6
response time, measuring with IP SLAs 4
restricted VLAN
configuring 50
described 22
using with IEEE 802.1x 22
restricting access
NTP services 9
overview 1
passwords and privilege levels 2
RADIUS 18
TACACS+ 10
retry count, VMPS, changing 28
RFC
1112, IP multicast and IGMP 2
1157, SNMPv1 2
1305, NTP 3
1757, RMON 2
1901, SNMPv2C 2
1902 to 1907, SNMPv2 2
2236, IP multicast and IGMP 2
2273-2275, SNMPv3 2
RFC 5176 Compliance 21
RMON
default configuration 3
displaying status 7
enabling alarms and events 3
groups supported 2
overview 2
statistics
collecting group Ethernet 6
collecting group history 5
support for 15
root guard
described 10
enabling 18
support for 8
root switch
MSTP 19
STP 16
RSPAN
and stack changes 10
characteristics 9
configuration guidelines 17
default configuration 11
defined 3
destination ports 8
displaying status 24
in a switch stack 3
interaction with other features 9
monitored ports 6
monitoring ports 8
overview 15, 1
received traffic 5
sessions
creating 18
defined 4
limiting source traffic to specific VLANs 23
specifying monitored ports 18
with ingress traffic enabled 21
source ports 6
transmitted traffic 6
VLAN-based 7
RSTP
active topology 10
BPDU
format 13
processing 14
designated port, defined 10
designated switch, defined 10
interoperability with IEEE 802.1D
described 9
restarting migration process 28
topology changes 14
overview 10
port roles
described 10
synchronized 12
proposal-agreement handshake process 11
rapid convergence
cross-stack rapid convergence 11
described 11
edge ports and Port Fast 11
point-to-point links 11, 27
root ports 11
root port, defined 10
See also MSTP
running configuration
replacing 20, 21
rolling back 20, 22
running configuration, saving 16
S
SC (standby command switch) 10
scheduled reloads 23
SCP
and SSH 53
configuring 54
SDM
templates
configuring 3
number of 1
SDM template
configuration guidelines 3
configuring 2
types of 1
Secure Copy Protocol
secure HTTP client
configuring 52
displaying 53
secure HTTP server
configuring 51
displaying 53
secure MAC addresses
and switch stacks 19
deleting 17
maximum number of 10
types of 10
secure ports
and switch stacks 19
secure ports, configuring 9
secure remote connections 42
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 9
security features 10
See SCP
sequence numbers in log messages 8
server mode, VTP 3
service-provider network, MSTP and RSTP 1
set-request operation 5
setup program
failed command switch replacement 11
replacing failed command switch 9
severity levels, defining in system messages 9
SFPs
monitoring status of 37, 14
security and identification 14
status, displaying 14
shaped round robin
See SRR
Shell functions
See Auto Smartports macros
Shell triggers
See Auto Smartports macros
show access-lists hw-summary command 19
show and more command output, filtering 10
show cdp traffic command 5
show cluster members command 17
show configuration command 35
show forward command 23
show interfaces command 27, 35
show interfaces switchport 4
show lldp traffic command 12
show platform forward command 23
show running-config command
displaying ACLs 18, 19
interface description in 35
shutdown command on interfaces 38
Simple Network Management Protocol
See SNMP
small form-factor pluggable modules
See SFPs
small-frame arrival rate, configuring 5
Smartports macros
applying Cisco-default macros 18
applying global parameter values 18
configuration guidelines 17
default configuration 17
defined 1
displaying 20
tracing 17
SNAP 1
SNMP
accessing MIB variables with 5
agent
described 4
disabling 8
and IP SLAs 2
authentication level 11
community strings
configuring 8
for cluster switches 4
overview 4
configuration examples 18
default configuration 7
engine ID 7
groups 7, 10
host 7
ifIndex values 6
in-band management 6
in clusters 14
informs
and trap keyword 13
described 5
differences from traps 5
disabling 16
enabling 16
limiting access by TFTP servers 17
limiting system log messages to NMS 10
manager functions 5, 4
managing clusters with 18
MIBs
location of 4
supported 1
notifications 5
overview 1, 5
security levels 3
setting CPU threshold notification 16
status, displaying 19
system contact and location 17
trap manager, configuring 14
traps
described 4, 5
differences from informs 5
disabling 16
enabling 13
enabling MAC address notification 23, 25, 26
overview 1, 5
types of 13
users 7, 10
versions supported 2
SNMP and Syslog Over IPv6 5
SNMPv1 2
SNMPv2C 3
SNMPv3 3
snooping, IGMP 2
software compatibility
See stacks, switch
software images
location in flash 26
recovery procedures 2
scheduling reloads 23
tar file format, described 26
See also downloading and uploading
source addresses
in IPv4 ACLs 10
source-and-destination-IP address based forwarding, EtherChannel 9
source-and-destination MAC address forwarding, EtherChannel 9
source-IP address based forwarding, EtherChannel 9
source-MAC address forwarding, EtherChannel 8
SPAN
and stack changes 10
configuration guidelines 11
default configuration 11
destination ports 8
displaying status 24
interaction with other features 9
monitored ports 6
monitoring ports 8
overview 15, 1
ports, restrictions 13
received traffic 5
sessions
configuring ingress forwarding 15, 22
creating 12
defined 4
limiting source traffic to specific VLANs 16
removing destination (monitoring) ports 13
specifying monitored ports 12
with ingress traffic enabled 14
source ports 6
transmitted traffic 6
VLAN-based 7
spanning tree and native VLANs 15
Spanning Tree Protocol
See STP
SPAN traffic 5
SRR
configuring
shaped weights on egress queues 70
shared weights on egress queues 71
shared weights on ingress queues 64
described 14
shaped mode 14
shared mode 14
support for 14
SSH
configuring 43
cryptographic software image 41
described 6, 42
encryption methods 42
switch stack considerations 15
user authentication methods, supported 42
SSL
configuration guidelines 49
configuring a secure HTTP client 52
configuring a secure HTTP server 51
cryptographic software image 46
described 46
monitoring 53
stack, switch
MAC address of 6, 18
stack changes, effects on
802.1x port-based authentication 12
ACL configuration 5
CDP 2
cross-stack EtherChannel 13
EtherChannel 10
IGMP snooping 7
MAC address tables 22
MSTP 9
MVR 18
port security 19
SNMP 2
SPAN and RSPAN 10
STP 12
switch clusters 15
system message log 2
VLANs 6
VTP 8
stack master
bridge ID (MAC address) 6
defined 1
election 5
IPv6 6
See also stacks, switch
stack member
accessing CLI of specific member 22
configuring
member number 20
priority value 21
defined 1
displaying information of 23
number 6
priority value 7
provisioning a new member 21
replacing 14
See also stacks, switch
stack member number 15
stack protocol version 10
stacks, switch
accessing CLI of specific member 22
assigning information
member number 20
priority value 21
provisioning a new member 21
auto-advise 11
auto-copy 11
auto-extract 11
auto-upgrade 11
bridge ID 6
CDP considerations 2
compatibility, software 9
configuration file 14
configuration scenarios 16
copying an image file from one member to another 39
default configuration 17
description of 1
displaying information of 23
enabling persistent MAC address timer 18
in clusters 15
incompatible software and image upgrades 13, 39
IPv6 on 6
MAC address considerations 22
management connectivity 15
managing 1
membership 3
merged 3
MSTP instances supported 10
offline configuration
described 7
effects of adding a provisioned switch 8
effects of removing a provisioned switch 9
effects of replacing a provisioned switch 9
provisioned configuration, defined 7
provisioned switch, defined 7
provisioning a new member 21
partitioned 3, 9
provisioned switch
adding 8
removing 9
replacing 9
replacing a failed member 14
software compatibility 9
software image version 9
stack protocol version 10
STP
bridge ID 3
instances supported 10
root port selection 3
stack root switch election 3
system messages
hostnames in the display 1
remotely monitoring 2
system prompt consideration 15
system-wide configuration considerations 14
upgrading 39
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 11
examples 12
manual upgrades with auto-advise 11
upgrades with auto-extract 11
version-mismatch mode
described 10
See also stack master and stack member
standby command switch
configuring
considerations 11
defined 2
priority 10
requirements 3
virtual IP address 11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby links 2
startup configuration
booting
manually 19
specific image 20
clearing 20
configuration file
automatically downloading 18
specifying the filename 18
default boot configuration 17
static access ports
assigning to VLAN 10
defined 3
static addresses
See addresses
static MAC addressing 10
static routes
configuring for IPv6 10
static VLAN membership 2
statistics
802.1X 17
802.1x 66
CDP 5
interface 37
LLDP 12
LLDP-MED 12
NMSP 12
QoS ingress and egress 73
RMON group Ethernet 6
RMON group history 5
SNMP input and output 19
VTP 18
sticky learning 10
storm control
configuring 3
described 2
disabling 5
displaying 19
support for 4
thresholds 2
STP
accelerating root port selection 4
BackboneFast
described 7
disabling 17
enabling 17
BPDU filtering
described 3
disabling 15
enabling 15
BPDU guard
described 2
disabling 14
enabling 14
BPDU message exchange 3
configuration guidelines 13, 12
configuring
forward-delay time 23
hello time 22
maximum aging time 23
path cost 20
port priority 18
root switch 16
secondary root switch 18
spanning-tree mode 15
switch priority 21
transmit hold-count 24
counters, clearing 24
cross-stack UplinkFast
described 5
enabling 17
default configuration 13
default optional feature configuration 12
designated port, defined 4
designated switch, defined 4
detecting indirect link failures 8
disabling 16
displaying status 24
EtherChannel guard
described 10
disabling 18
enabling 18
extended system ID
effects on root switch 16
effects on the secondary root switch 18
overview 5
unexpected behavior 16
features supported 8
IEEE 802.1D and bridge ID 5
IEEE 802.1D and multicast addresses 9
IEEE 802.1t and VLAN identifier 5
inferior BPDU 3
instances supported 10
interface state, blocking to forwarding 2
interface states
blocking 7
disabled 8
forwarding 6, 7
learning 7
listening 7
overview 5
interoperability and compatibility among modes 11
limitations with IEEE 802.1Q trunks 11
load sharing
overview 20
using path costs 22
using port priorities 21
loop guard
described 11
enabling 19
modes supported 10
multicast addresses, effect of 9
optional features supported 8
overview 2
path costs 22, 23
Port Fast
described 2
enabling 13
port priorities 21
preventing root switch selection 10
protocols supported 10
redundant connectivity 9
root guard
described 10
enabling 18
root port, defined 3
root port selection on a switch stack 3
root switch
configuring 16
effects of extended system ID 5, 16
election 3
unexpected behavior 16
shutdown Port Fast-enabled port 2
stack changes, effects of 12
status, displaying 24
superior BPDU 3
timers, described 22
UplinkFast
described 3
enabling 16
stratum, NTP 3
success response, VMPS 24
summer time 14
SunNet Manager 5
supported port-based authentication methods 8
Smartports macros
See also Auto Smartports macros
switch 2
switch clustering technology 1
See also clusters, switch
switch console port 6
Switch Database Management
See SDM
Switched Port Analyzer
See SPAN
switched ports 2
switchport backup interface 4, 5
switchport block multicast command 8
switchport block unicast command 8
switchport protected command 7
switch priority
MSTP 24
STP 21
switch software features 1
syslog
See system message logging
system capabilities TLV 2
system clock
configuring
daylight saving time 14
manually 12
summer time 14
time zones 13
displaying the time and date 13
overview 2
See also NTP
system description TLV 2
system message logging
default configuration 4
defining error message severity levels 9
disabling 4
displaying the configuration 14
enabling 5
facility keywords, described 14
level keywords, described 10
limiting messages 10
message format 2
overview 1
sequence numbers, enabling and disabling 8
setting the display destination device 5
stack changes, effects of 2
synchronizing log messages 7
syslog facility 15
time stamps, enabling and disabling 8
UNIX syslog servers
configuring the daemon 13
configuring the logging facility 13
facilities supported 14
system name
default configuration 16
default setting 16
manual configuration 16
See also DNS
system name TLV 2
system prompt, default setting 15, 16
system resources, optimizing 1
T
TACACS+
accounting, defined 11
authentication, defined 11
authorization, defined 11
configuring
accounting 17
authentication key 13
authorization 16
login authentication 14
default configuration 13
displaying the configuration 18
identifying the server 13
in clusters 16
limiting the services to the user 16
operation of 12
overview 10
support for 12
tracking services accessed by user 17
tar files
creating 6
displaying the contents of 7
extracting 8
image file format 26
TDR 15
Telnet
accessing management interfaces 11
number of connections 6
setting a password 6
temporary self-signed certificate 47
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 6
TFTP
configuration files
downloading 12
preparing the server 11
uploading 13
configuration files in base directory 8
configuring for autoconfiguration 8
image files
deleting 29
downloading 28
preparing the server 27
uploading 30
limiting access by servers 17
TFTP server 6
threshold, traffic level 3
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 15
time ranges in ACLs 15
time stamps in log messages 8
time zones 13
TLVs
defined 2
LLDP 2
LLDP-MED 2
Token Ring VLANs
support for 5
VTP support 5
ToS 13
traceroute, Layer 2
and ARP 17
and CDP 17
broadcast traffic 16
described 16
IP addresses and subnets 17
MAC addresses and VLANs 17
multicast traffic 17
multiple devices on a port 17
unicast traffic 16
usage guidelines 17
traceroute command 19
See also IP traceroute
traffic
blocking flooded 8
fragmented 4
unfragmented 4
traffic policing 13
traffic suppression 2
transmit hold-count
see STP
transparent mode, VTP 4
trap-door mechanism 2
traps
configuring MAC address notification 23, 25, 26
configuring managers 13
defined 4
enabling 23, 25, 26, 13
notification types 13
overview 1, 5
troubleshooting
connectivity problems 15, 16, 18
CPU utilization 27
detecting unidirectional links 1
displaying crash information 24
setting packet forwarding 23
SFP security and identification 14
show forward command 23
with CiscoWorks 5
with debug commands 21
with ping 15
with system message logging 1
with traceroute 18
trunk failover
See link-state tracking
trunking encapsulation 9
trunk ports
configuring 17
defined 3
trunks
allowed-VLAN list 18
load sharing
setting STP path costs 22
using STP port priorities 21
native VLAN for untagged traffic 20
parallel 22
pruning-eligible list 19
to non-DTP device 14
trusted boundary for QoS 38
trusted port states
between QoS domains 40
classification options 6
ensuring port security for IP phones 38
support for 13
within a QoS domain 36
trustpoints, CA 47
twisted-pair Ethernet, detecting unidirectional links 1
type of service
See ToS
U
UDLD
configuration guidelines 4
default configuration 4
disabling
globally 5
on fiber-optic interfaces 5
per interface 6
echoing detection mechanism 3
enabling
globally 5
per interface 6
link-detection mechanism 1
neighbor database 2
overview 1
resetting an interface 6
status, displaying 7
support for 8
unauthorized ports with IEEE 802.1x 11
unicast MAC address filtering 6
and adding static addresses 28
and broadcast MAC addresses 28
and CPU packets 28
and multicast addresses 28
and router MAC addresses 28
configuration guidelines 28
described 28
unicast storm 2
unicast storm control command 4
unicast traffic, blocking 8
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 13
facilities supported 14
message logging configuration 13
unrecognized Type-Length-Value (TLV) support 5
upgrading a Catalyst 2950 switch
configuration compatibility issues 1
differences in configuration commands 1
feature behavior incompatibilities 5
incompatible command messages 1
recommendations 1
upgrading software images
See downloading
UplinkFast
described 3
disabling 16
enabling 16
support for 8
uploading
configuration files
preparing 11, 14, 17
reasons for 9
using FTP 16
using RCP 19
using TFTP 13
image files
preparing 27, 31, 35
reasons for 25
using FTP 34
using RCP 38
using TFTP 30
USB mini-Type B console port 10
USB Type A port 7
user EXEC mode 2
username-based authentication 7
V
version-dependent transparent mode 5
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 11
manual upgrades with auto-advise 11
upgrades with auto-extract 11
version-mismatch mode
described 10
virtual IP address
cluster standby group 11
command switch 11
virtual switches and PAgP 6
vlan.dat file 4
VLAN 1, disabling on a trunk port 18
VLAN 1 minimization 18
vlan-assignment response, VMPS 24
VLAN configuration
at bootup 7
saving 7
VLAN configuration mode 2
VLAN database
and startup configuration file 7
and VTP 1
VLAN configuration saved in 7
VLANs saved in 4
VLAN filtering and SPAN 7
vlan global configuration command 7
VLAN ID, discovering 31
VLAN load balancing on flex links 3
configuration guidelines 8
VLAN management domain 2
VLAN Management Policy Server
See VMPS
VLAN membership
confirming 27
modes 3
VLAN Query Protocol
See VQP
VLANs
adding 8
adding to VLAN database 8
aging dynamic addresses 10
allowed on trunk 18
and spanning-tree instances 3, 6, 12
configuration guidelines, extended-range VLANs 11
configuration guidelines, normal-range VLANs 6
configuring 1
configuring IDs 1006 to 4094 11
creating 8
default configuration 7
deleting 9
described 2, 1
displaying 13
extended-range 1, 11
features 9
illustrated 2
in the switch stack 6
limiting source traffic with RSPAN 23
limiting source traffic with SPAN 16
modifying 8
multicast 18
native, configuring 20
normal-range 1, 4
number supported 9
parameters 5
port membership modes 3
static-access ports 10
STP and IEEE 802.1Q trunks 11
supported 2
Token Ring 5
traffic between 2
VTP modes 3
VLAN Trunking Protocol
See VTP
VLAN trunks 14
VMPS
administering 28
configuration example 29
configuration guidelines 25
default configuration 25
description 24
dynamic port membership
described 25
reconfirming 27
troubleshooting 29
entering server address 26
mapping MAC addresses to VLANs 24
monitoring 28
reconfirmation interval, changing 27
reconfirming membership 27
retry count, changing 28
voice aware 802.1x security
port-based authentication
configuring 38
described 30, 38
voice-over-IP 1
voice VLAN
Cisco 7960 phone, port connections 1
configuration guidelines 3
configuring IP phones for data traffic
override CoS of incoming frame 6
trust CoS priority of incoming frame 6
configuring ports for voice traffic in
802.1p priority tagged frames 5
802.1Q frames 5
connecting to an IP phone 5
default configuration 3
described 1
displaying 7
IP phone data traffic, described 3
IP phone voice traffic, described 2
VQP 9, 24
VTP
adding a client to a domain 17
advertisements 16, 4
and extended-range VLANs 2
and normal-range VLANs 2
client mode, configuring 13
configuration
guidelines 9
requirements 11
saving 9
configuration requirements 11
configuration revision number
guideline 17
resetting 18
consistency checks 5
default configuration 9
described 1
domain names 10
domains 2
modes
client 3
off 4
server 3
transitions 3
transparent 4
monitoring 18
passwords 10
pruning
disabling 16
enabling 16
examples 7
overview 6
support for 9
pruning-eligible list, changing 19
server mode, configuring 11, 14
statistics 18
support for 9
Token Ring support 5
transparent mode, configuring 12
using 1
Version
enabling 15
version, guidelines 10
Version 1 5
Version 2
configuration guidelines 10
overview 5
Version 3
overview 5
W
web authentication 17
configuring 16 to ??
described 10
web-based authentication
customizeable web pages 6
description 1
web-based authentication, interactions with other features 7
weighted tail drop
See WTD
wired location service
configuring 10
displaying 12
location TLV 3
understanding 3
wizards 2
WTD
described 13
setting thresholds
egress queue-sets 66
ingress queues 61
support for 14
X
Xmodem protocol 2
Index
A
abbreviating commands 4
AC (command switch) 10
access-class command 18
access control entries
See ACEs
access-denied response, VMPS 24
access groups, applying IPv4 ACLs to interfaces 19
accessing
clusters, switch 13
command switches 11
member switches 13
switch clusters 13
accessing stack members 22
access lists
See ACLs
access ports
in switch clusters 9
access ports, defined 3
accounting
with 802.1x 48
with IEEE 802.1x 15
with RADIUS 35
with TACACS+ 11, 17
ACEs
and QoS 8
defined 2
Ethernet 2
IP 2
ACLs
ACEs 2
any keyword 11
applying
time ranges to 15
to an interface 18
to QoS 8
classifying traffic for QoS 43
comments in 17
compiling 21
defined 2, 7
examples of 21, 43
extended IP, configuring for QoS classification 44
extended IPv4
creating 9
matching criteria 7
hardware and software handling 19
host keyword 11
IP
creating 7
fragments and QoS guidelines 34
implicit deny 9, 13, 15
implicit masks 9
matching criteria 7
undefined 19
IPv4
applying to interfaces 18
creating 7
matching criteria 7
named 13
numbers 7
terminal lines, setting on 18
unsupported features 6
MAC extended 23, 45
matching 7, 19
monitoring 25
named, IPv4 13
number per QoS class map 34
QoS 8, 43
resequencing entries 13
standard IP, configuring for QoS classification 43
standard IPv4
creating 8
matching criteria 7
support for 10
support in hardware 19
time ranges 15
unsupported features, IPv4 6
active link 4, 5, 6
active links 2
active traffic monitoring, IP SLAs 1
address aliasing 2
addresses
displaying the MAC address table 30
dynamic
accelerated aging 9
changing the aging time 22
default aging 9
defined 20
learning 21
removing 23
IPv6 2
MAC, discovering 31
multicast, STP address management 9
static
adding and removing 27
defined 20
address resolution 31
Address Resolution Protocol
See ARP
advertisements
CDP 1
LLDP 2
VTP 16, 3, 4
aggregatable global unicast addresses 3
aggregated ports
See EtherChannel
aggregate policers 52
aggregate policing 13
aging, accelerating 9
aging time
accelerated
for MSTP 25
for STP 9, 23
MAC address table 22
maximum
for MSTP 26
for STP 23, 24
alarms, RMON 4
allowed-VLAN list 18
ARP
defined 6, 31
table
address resolution 31
managing 31
attributes, RADIUS
vendor-proprietary 38
vendor-specific 36
attribute-value pairs 13, 16, 20
authentication
local mode with AAA 40
NTP associations 6
open1x 30
RADIUS
key 28
login 30
TACACS+
defined 11
key 13
login 14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 9
authentication failed VLAN
See restricted VLAN
authentication manager
CLI commands 10
compatibility with older 802.1x CLI commands 10 to ??
overview 8
authoritative time source, described 3
authorization
with RADIUS 34
with TACACS+ 11, 16
authorized ports with IEEE 802.1x 11
autoconfiguration 4
auto enablement 31
automatic advise (auto-advise) in switch stacks 11
automatic copy (auto-copy) in switch stacks 11
automatic discovery
considerations
beyond a noncandidate device 8
brand new switches 9
connectivity 5
different VLANs 7
management VLANs 8
non-CDP-capable devices 7
noncluster-capable devices 7
in switch clusters 5
See also CDP
automatic extraction (auto-extract) in switch stacks 11
automatic QoS
See QoS
automatic recovery, clusters 10
See also HSRP
automatic upgrades (auto-upgrade) in switch stacks 11
auto-MDIX
configuring 29
described 29
autonegotiation
duplex mode 4
interface configuration guidelines 26
mismatches 13
autosensing, port speed 4
Auto Smartports macros
built-in macros 3, 9
Cisco Medianet 2
configuration guidelines 4
default configuration 3
defined 1
displaying 20
enabling 5, 8
event triggers 12
IOS shell 1, 15
LLDP 2
mapping 9
user-defined macros 15
See also Smartports macros
auxiliary VLAN
See voice VLAN
availability, features 8
B
BackboneFast
described 7
disabling 17
enabling 17
support for 8
backup interfaces
See Flex Links
backup links 2
banners
configuring
login 20
message-of-the-day login 19
default configuration 18
when displayed 18
Berkeley r-tools replacement 53
binding database
DHCP snooping
See DHCP snooping binding database
bindings
DHCP snooping database 7
IP source guard 15
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 8
booting
boot loader, function of 2
boot process 2
manually 19
specific image 20
boot loader
accessing 21
described 2
environment variables 21
prompt 21
trap-door mechanism 2
BPDU
error-disabled state 3
filtering 3
RSTP format 13
BPDU filtering
described 3
disabling 15
enabling 15
support for 8
BPDU guard
described 2
disabling 14
enabling 14
support for 8
bridge protocol data unit
See BPDU
broadcast storm-control command 4
broadcast storms 2
C
cables, monitoring for unidirectional links 1
candidate switch
automatic discovery 5
defined 4
requirements 4
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility 9
CA trustpoint
configuring 50
defined 47
CDP
and trusted boundary 38
automatic discovery in switch clusters 5
configuring 2
default configuration 2
defined with LLDP 1
described 1
disabling for routing device 4
enabling and disabling
on an interface 4
on a switch 4
monitoring 5
overview 1
power negotiation extensions 5
support for 6
switch stack considerations 2
transmission timer and holdtime, setting 3
updates 3
CGMP
as IGMP snooping learning method 9
joining multicast group 3
CipherSuites 48
Cisco 7960 IP Phone 1
Cisco Discovery Protocol
See CDP
Cisco intelligent power management 5
Cisco IOS File System
See IFS
Cisco IOS IP Service Level Agreements (SLAs) responder 5
Cisco IOS IP SLAs 2
Cisco Medianet
See Auto Smartports macros
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 20
attribute-value pairs for redirect URL 20
Cisco Secure ACS configuration guide 60
CiscoWorks 2000 5
CISP 31
CIST regional root
See MSTP
CIST root
See MSTP
civic location 3
class maps for QoS
configuring 46
described 8
displaying 73
class of service
See CoS
clearing interfaces 38
CLI
abbreviating commands 4
command modes 1
configuration logging 5
described 5
editing features
enabling and disabling 7
keystroke editing 8
wrapped lines 9
error messages 5
filtering command output 10
getting help 3
history
changing the buffer size 6
described 6
disabling 7
recalling commands 6
managing clusters 17
no and default forms of commands 4
Client Information Signalling Protocol
See CISP
client mode, VTP 3
clock
See system clock
clusters, switch
accessing 13
automatic discovery 5
automatic recovery 10
benefits 2
compatibility 5
described 1
LRE profile considerations 16
managing
through CLI 17
through SNMP 18
planning 5
planning considerations
automatic discovery 5
automatic recovery 10
CLI 17
host names 14
IP addresses 13
LRE profiles 16
passwords 14
RADIUS 16
SNMP 14, 18
switch stacks 15
TACACS+ 16
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
automatic recovery 13
considerations 11
defined 2
requirements 3
virtual IP address 11
See also HSRP
CNS 6
Configuration Engine
configID, deviceID, hostname 3
configuration service 2
described 1
event service 3
embedded agents
described 5
enabling automated configuration 6
enabling configuration agent 9
enabling event agent 7
management functions 5
CoA Request Commands 23
Coarse Wave Division Multiplexer
See CWDM SFPs
command-line interface
See CLI
command modes 1
commands
abbreviating 4
no and default 4
commands, setting privilege levels 8
command switch
accessing 11
active (AC) 10
configuration conflicts 12
defined 2
passive (PC) 10
password privilege levels 17
priority 10
recovery
from command-switch failure 10, 9
from lost member connectivity 12
redundant 10
replacing
with another switch 11
with cluster member 9
requirements 3
standby (SC) 10
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
configuring 14, 8
for cluster switches 4
in clusters 14
overview 4
SNMP 14
compatibility, feature 13
compatibility, software
See stacks, switch
config.text 17
configurable leave timer, IGMP 6
configuration, initial
defaults 16
Express Setup 2
configuration changes, logging 11
configuration conflicts, recovering from lost member connectivity 12
configuration examples, network 18
configuration files
archiving 21
clearing the startup configuration 20
creating using a text editor 11
default name 17
deleting a stored configuration 20
described 9
downloading
automatically 18
preparing 11, 14, 17
reasons for 9
using FTP 14
using RCP 18
using TFTP 12
guidelines for creating and using 10
guidelines for replacing and rolling back 22
invalid combinations when copying 5
limiting TFTP server access 17
obtaining with DHCP 9
password recovery disable considerations 5
replacing a running configuration 20, 21
rolling back a running configuration 20, 22
specifying the filename 18
system contact and location information 17
types and location 10
uploading
preparing 11, 14, 17
reasons for 9
using FTP 16
using RCP 19
using TFTP 13
configuration logger 11
configuration logging 5
configuration replacement 20
configuration rollback 20, 21
configuration settings, saving 16
configure terminal command 16
configuring 802.1x user distribution 56
configuring port-based authentication violation modes 39
configuring small-frame arrival rate 5
config-vlan mode 2
conflicts, configuration 12
connections, secure remote 42
connectivity problems 15, 16, 18
consistency checks in VTP Version 2 5
console port, connecting to 11
control protocol, IP SLAs 4
corrupted software, recovery steps with Xmodem 2
CoS
in Layer 2 frames 2
override priority 6
trust priority 6
CoS input queue threshold map for QoS 16
CoS output queue threshold map for QoS 19
CoS-to-DSCP map for QoS 55
counters, clearing interface 38
CPU utilization, troubleshooting 27
crashinfo file 24
critical authentication, IEEE 802.1x 52
critical VLAN 23
cross-stack EtherChannel
configuration guidelines 13
described 3
illustration 4
support for 8
cross-stack UplinkFast, STP
described 5
disabling 17
enabling 17
fast-convergence events 7
Fast Uplink Transition Protocol 6
normal-convergence events 7
support for 8
cryptographic software image
SSH 41
SSL 46
switch stack considerations 15
customjzeable web pages, web-based authentication 6
CWDM SFPs 23
D
DACL
See downloadable ACL
daylight saving time 14
debugging
enabling all system diagnostics 22
enabling for a specific feature 21
redirecting error message output 22
using commands 21
default commands 4
default configuration
802.1x 33
auto-QoS 21
banners 18
booting 17
CDP 2
DHCP 9
DHCP option 82 9
DHCP snooping 9
DHCP snooping binding database 9
DNS 17
dynamic ARP inspection 5
EtherChannel 11
Ethernet interfaces 23
Flex Links 8
IGMP filtering 26
IGMP snooping 7, 6
IGMP throttling 26
initial switch information 3
IP SLAs 5
IP source guard 17
IPv6 7
Layer 2 interfaces 23
LLDP 5
MAC address table 22
MAC address-table move update 8
MSTP 16
MVR 21
NTP 5
optional spanning-tree configuration 12
password and privilege level 3
RADIUS 27
RMON 3
RSPAN 11
SDM template 2
SNMP 7
SPAN 11
SSL 49
standard QoS 31
STP 13
switch stacks 17
system message logging 4
system name and prompt 16
TACACS+ 13
UDLD 4
VLAN, Layer 2 Ethernet interfaces 15
VLANs 7
VMPS 25
voice VLAN 3
VTP 9
default gateway 15
default web-based authentication configuration
802.1X 9
deleting VLANs 9
denial-of-service attack 2
description command 35
designing your network, examples 18
destination addresses
in IPv4 ACLs 10
destination-IP address-based forwarding, EtherChannel 9
destination-MAC address forwarding, EtherChannel 9
detecting indirect link failures, STP 8
device 25
device discovery protocol 1
device manager
benefits 2
described 2, 5
in-band management 6
upgrading a switch 25
DHCP
enabling
relay agent 11
DHCP-based autoconfiguration
client request message exchange 4
configuring
client side 4
DNS 8
relay device 9
server side 7
TFTP server 8
example 10
lease options
for IP address information 7
for receiving the configuration file 7
overview 4
relationship to BOOTP 4
relay support 6
support for 6
DHCP-based autoconfiguration and image update
configuring 12 to 15
understanding 5 to 6
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 5
configuration guidelines 9
default configuration 9
displaying 14
overview 4
packet format, suboption
circuit ID 5
remote ID 5
remote ID suboption 5
DHCP server port-based address allocation
configuration guidelines 24
default configuration 24
described 23
displaying 26
enabling 24
reserved addresses 24
DHCP server port-based address assignment
support for 6
DHCP snooping
accepting untrusted packets form edge switch 3, 12
binding database
See DHCP snooping binding database
configuration guidelines 9
default configuration 9
displaying binding tables 14
message exchange process 4
option 82 data insertion 4
trusted interface 3
untrusted interface 3
untrusted messages 3
DHCP snooping binding database
adding bindings 13
binding entries, displaying 14
binding file
format 7
location 7
bindings 7
clearing agent statistics 14
configuration guidelines 10
configuring 13
default configuration 9
deleting
binding file 14
bindings 14
database agent 14
described 7
displaying 14
displaying status and statistics 14
enabling 13
entry 7
renewing database 14
resetting
delay value 14
timeout value 14
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 2
Differentiated Services Code Point 2
directed unicast requests 6
directories
changing 4
creating and removing 4
displaying the working 4
discovery, clusters
See automatic discovery
DNS
and DHCP-based autoconfiguration 8
default configuration 17
displaying the configuration 18
in IPv6 3
overview 16
setting up 17
support for 6
domain names
DNS 16
VTP 10
Domain Name System
See DNS
downloadable ACL 19, 20, 60
downloading
configuration files
preparing 11, 14, 17
reasons for 9
using FTP 14
using RCP 18
using TFTP 12
image files
deleting old image 29
preparing 27, 31, 35
reasons for 25
using CMS 2
using FTP 32
using HTTP 2, 25
using RCP 36
using TFTP 28
using the device manager or Network Assistant 25
DRP
support for 14
DSCP 13, 2
DSCP input queue threshold map for QoS 16
DSCP output queue threshold map for QoS 19
DSCP-to-CoS map for QoS 58
DSCP-to-DSCP-mutation map for QoS 59
DSCP transparency 39
DTP 9, 14
dual-action detection 6
dual IPv4 and IPv6 templates 5
dual protocol stacks
IPv4 and IPv6 5
SDM templates supporting 5
dual-purpose uplinks
defined 4
LEDs 4
link selection 4, 24
setting the type 24
dynamic access ports
characteristics 4
configuring 27
defined 3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 1
ARP requests, described 1
ARP spoofing attack 1
clearing
log buffer 16
statistics 16
configuration guidelines 6
configuring
ACLs for non-DHCP environments 9
in DHCP environments 7
log buffer 13
rate limit for incoming ARP packets 4, 11
default configuration 5
denial-of-service attacks, preventing 11
described 1
DHCP snooping binding database 2
displaying
ARP ACLs 15
configuration and operating state 15
log buffer 16
statistics 16
trust state and rate limit 15
error-disabled state for exceeding rate limit 4
function of 2
interface trust states 3
log buffer
clearing 16
configuring 13
displaying 16
logging of dropped packets, described 5
man-in-the middle attack, described 2
network security issues and interface trust states 3
priority of ARP ACLs and DHCP snooping entries 4
rate limiting of ARP packets
configuring 11
described 4
error-disabled state 4
statistics
clearing 16
displaying 16
validation checks, performing 12
dynamic auto trunking mode 14
dynamic desirable trunking mode 14
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 25
reconfirming 27
troubleshooting 29
types of connections 27
Dynamic Trunking Protocol
See DTP
E
editing features
enabling and disabling 7
keystrokes used 8
wrapped lines 9
elections
See stack master
ELIN location 3
enable password 4
enable secret password 4
encryption, CipherSuite 48
encryption for passwords 4
environment variables, function of 22
error-disabled state, BPDU 3
error messages during command entry 5
EtherChannel
automatic creation of 5, 7
channel groups
binding physical and logical interfaces 4
numbering of 4
configuration guidelines 12
configuring Layer 2 interfaces 13
default configuration 11
described 2
displaying status 20
forwarding methods 8, 15
IEEE 802.3ad, described 7
interaction
with STP 12
with VLANs 13
LACP
described 7
displaying status 20
hot-standby ports 18
interaction with other features 8
modes 7
port priority 19
system priority 18
load balancing 8, 15
PAgP
aggregate-port learners 16
compatibility with Catalyst 1900 17
described 5
displaying status 20
interaction with other features 7
interaction with virtual switches 6
learn method and priority configuration 16
modes 6
support for 4
with dual-action detection 6
port-channel interfaces
described 4
numbering of 4
port groups 4
stack changes, effects of 10
support for 4
EtherChannel guard
described 10
disabling 18
enabling 18
Ethernet management port
active link 20
and routing 21
and TFTP 22
configuring 22
default setting 21
described 20
for network management 20
specifying 22
supported features 21
unsupported features 21
Ethernet management port, internal
and routing 21
unsupported features 21
Ethernet VLANs
adding 8
defaults and ranges 7
modifying 8
EUI 3
events, RMON 4
examples
network configuration 18
expedite queue for QoS 72
Express Setup 2
See also getting started guide
extended crashinfo file 24
extended-range VLANs
configuration guidelines 11
configuring 11
creating 12
defined 1
extended system ID
MSTP 19
STP 5, 16
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 1
F
fa0 interface 6
Fa0 port
See Ethernet management port
failover support 8
Fast Convergence 3
fastethernet0 port
See Ethernet management port
Fast Uplink Transition Protocol 6
features, incompatible 13
fiber-optic, detecting unidirectional links 1
files
basic crashinfo
description 24
location 24
copying 5
crashinfo, description 24
deleting 6
displaying the contents of 8
extended crashinfo
description 25
location 25
tar
creating 6
displaying the contents of 7
extracting 8
image file format 26
file system
displaying available file systems 2
displaying file information 3
local file system names 1
network file system names 5
setting the default 3
filtering
non-IP traffic 23
show and more command output 10
filtering show and more command output 10
filters, IP
See ACLs, IP
flash device, number of 1
flexible authentication ordering
configuring 63
overview 29
Flex Link Multicast Fast Convergence 3
Flex Links
configuration guidelines 8
configuring 9, 10
configuring preferred VLAN 12
configuring VLAN load balancing 11
default configuration 8
description 2
link load balancing 3
monitoring 15
VLANs 3
flooded traffic, blocking 8
flow-based packet classification 13
flowcharts
QoS classification 7
QoS egress queueing and scheduling 18
QoS ingress queueing and scheduling 15
QoS policing and marking 11
flowcontrol
configuring 28
described 28
forward-delay time
MSTP 25
STP 23
FTP
accessing MIB files 4
configuration files
downloading 14
overview 13
preparing the server 14
uploading 16
image files
deleting old image 33
downloading 32
preparing the server 31
uploading 34
G
general query 5
Generating IGMP Reports 4
get-bulk-request operation 4
get-next-request operation 4, 5
get-request operation 4, 5
get-response operation 4
Gigabit modules
See SFPs
global configuration mode 2
global leave, IGMP 13
guest VLAN and 802.1x 21
guide mode 2
GUIs
See device manager and Network Assistant
H
hello time
MSTP 25
STP 22
help, for the command line 3
history
changing the buffer size 6
described 6
disabling 7
recalling commands 6
history table, level and number of syslog messages 10
host names, in clusters 14
hosts, limit on dynamic ports 29
HP OpenView 5
HSRP
automatic cluster recovery 13
cluster standby group considerations 11
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
see HTTPS
HTTPS 47
configuring 51
self-signed certificate 47
HTTP secure server 47
I
ICMP
IPv6 4
time-exceeded messages 18
traceroute and 18
ICMP ping
executing 15
overview 15
ICMPv6 4
IDS appliances
and ingress RSPAN 21
and ingress SPAN 14
IEEE 802.1D
See STP
IEEE 802.1p 1
IEEE 802.1Q
and trunk ports 3
configuration limitations 15
encapsulation 14
native VLAN for untagged traffic 20
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3ad, PoE+ 14, 5
IEEE 802.3af
See PoE
IEEE 802.3x flow control 28
ifIndex values, SNMP 6
IFS 6
IGMP
configurable leave timer
described 6
enabling 12
flooded multicast traffic
controlling the length of time 13
disabling on an interface 14
global leave 13
query solicitation 13
recovering from flood mode 13
joining multicast group 3
join messages 3
leave processing, enabling 11, 9
leaving multicast group 5
queries 4
report suppression
described 6
disabling 16, 11
supported versions 3
support for 4
IGMP filtering
configuring 26
default configuration 26
described 25
monitoring 30
support for 4
IGMP groups
configuring filtering 29
setting the maximum number 28
IGMP Immediate Leave
configuration guidelines 12
described 6
enabling 11
IGMP profile
applying 27
configuration mode 26
configuring 27
IGMP snooping
and address aliasing 2
and stack changes 7
configuring 7
default configuration 7, 6
definition 2
enabling and disabling 8, 7
global configuration 8
Immediate Leave 6
in the switch stack 7
method 9
monitoring 17, 12
querier
configuration guidelines 15
configuring 15
supported versions 3
support for 4
VLAN configuration 8
IGMP throttling
configuring 29
default configuration 26
described 25
displaying action 30
Immediate Leave, IGMP 6
enabling 9
inaccessible authentication bypass 23
support for multiauth ports 23
initial configuration
defaults 16
Express Setup 2
interface
number 15
range macros 18
interface command 15 to ??, 15 to 16
interface configuration mode 3
interfaces
auto-MDIX, configuring 29
configuration guidelines
duplex and speed 26
configuring
procedure 16
counters, clearing 38
default configuration 23
described 35
descriptive name, adding 35
displaying information about 37
flow control 28
management 5
monitoring 37
naming 35
physical, identifying 14, 15
range of 16
restarting 38
shutting down 38
speed and duplex, configuring 27
status 37
supported 14
types of 1
interfaces range macro command 18
interface types 15
Internet Protocol version 6
See IPv6
Intrusion Detection System
See IDS appliances
inventory management TLV 3, 8
IOS shell
See Auto Smartports macros
IP ACLs
for QoS classification 8
implicit deny 9, 13
implicit masks 9
named 13
undefined 19
IP addresses
128-bit 2
candidate or member 4, 13
cluster access 2
command switch 3, 11, 13
discovering 31
IPv6 2
redundant clusters 11
standby command switch 11, 13
See also IP information
ip igmp profile command 26
IP information
assigned
manually 15
through DHCP-based autoconfiguration 4
default configuration 3
IP phones
and QoS 1
automatic classification and queueing 21
configuring 5
ensuring port security with QoS 38
trusted boundary for QoS 38
IP Port Security for Static Hosts
on a Layer 2 access port 19
IP precedence 2
IP-precedence-to-DSCP map for QoS 56
IP protocols in ACLs 10
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 1
IP SLAs
benefits 2
configuration guidelines 5
Control Protocol 4
default configuration 5
definition 1
measuring network performance 3
monitoring 6
operation 3
responder
described 4
enabling 6
response time 4
SNMP support 2
supported metrics 2
IP source guard
and 802.1x 17
and DHCP snooping 15
and EtherChannels 17
and port security 17
and private VLANs 17
and routed ports 17
and TCAM entries 18
and trunk interfaces 17
and VRF 17
binding configuration
automatic 15
manual 15
binding table 15
configuration guidelines 17
default configuration 17
described 15
disabling 19
displaying
active IP or MAC bindings 23
bindings 23
configuration 23
enabling 18, 19
filtering
source IP address 15
source IP and MAC address 15
on provisioned switches 18
source IP address filtering 15
source IP and MAC address filtering 15
static bindings
adding 18, 19
deleting 19
static hosts 19
IP traceroute
executing 19
overview 18
IPv4 ACLs
applying to interfaces