- Preface
- Using the Command-Line Interface
-
- Security Features Overview
- Preventing Unauthorized Access
- Controlling Switch Access with Passwords and Privilege Levels
- Configuring TACACS+
- Configuring RADIUS
- RADIUS Server Load Balancing
- RADIUS Change of Authorization Support
- Configuring Kerberos
- Configuring Accounting
- Configuring Local Authentication and Authorization
- MAC Authentication Bypass
- Password Strength and Management for Common Criteria
- AAA-SERVER-MIB Set Operation
- Configuring Secure Shell
- Secure Shell Version 2 Support
- X.509v3 Certificates for SSH Authentication
- Configuring Secure Socket Layer HTTP
- Certification Authority Interoperability
- Access Control List Overview
- Configuring IPv4 Access Control Lists
- IPv6 Access Control Lists
- ACL Support for Filtering IP Options
- VLAN Access Control Lists
- Configuring DHCP
- Configuring IP Source Guard
- Configuring Dynamic ARP Inspection
- Configuring IEEE 802.1x Port-Based Authentication
- Configuring Web-Based Authentication
- Auto Identity
- Configuring Port-Based Traffic Control
- Configuring FIPS
- Configuring Control Plane Policing
-
- Embedded Event Manager Overview
- Information About Writing EEM Policies Using the Cisco IOS CLI
- Writing Embedded Event Manager Policies Using Tcl
- Signed Tcl Scripts
- EEM CLI Library Command Extensions
- EEM Context Library Command Extensions
- EEM Event Registration Tcl Command Extensions
- EEM Event Tcl Command Extensions
- EEM Library Debug Command Extensions
- EEM Multiple Event Support Tcl Command Extensions
- EEM SMTP Library Command Extensions
- EEM System Information Tcl Command Extensions
- EEM Utility Tcl Command Extensions
- Important Notice
- Index
Contents
* - 1 - 8 - < - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - Z
Index
*
NTPtime1
128-bit 18
802.1x 1<
<$nopage>HTTP over SSLsee HTTPS 1<$nopage>IEEE 802.3adSee EtherChannel 1<$nopage>PAgPSee EtherChannel 1<$nopage>Port Aggregation ProtocolSee EtherChannel 1<$nopage>Secure Copy Protocol 1A
AAA (authentication, authorization, and accounting)accountingAV pairs 1command type 1compatibility with authentication proxy 1connection type 1enabling 1EXEC type 1interim records 1method lists (example) 1monitoring 1network type 1resource type 1system type 1verifying 1authorizationnetwork configuration (figure) 1server groups 1method listsaccounting 1authorization 1resource accounting 1configuring 1resource failure stop accounting 1configuring 1server groupsauthorization 1configuration 1example 1SNMP 1aaa accounting resource start-stop group command 1aaa accounting resource stop-failure group command 1access control entriesSee ACEs 1access groupsLayer 3 1access groups, applying IPv4 ACLs to interfaces 1access listsapplying to interfaces 1See ACLs 1with RADIUS 1accounting, defined 1ACEsEthernet 1IP 1ACLACLIPv4 1IP extended 1IP standard 1IPv4 1IPv6 1Layer 2 MAC 1applyingon bridged packets 1on multicast packets 1on routed packets 1on switched packets 1time ranges to 1to an interface 1to QoS 1classifying traffic for QoS 1defined 1examples of 1extended IPv4creating 1matching criteria 1guidelines 1interface 1IPfragments and QoS guidelines 1implicit deny 1implicit masks 1matching criteria 1undefined 1IPv4applying to interfaces 1creating 1interfaces 1matching criteria 1numbers 1terminal lines, setting on 1unsupported features 1Layer 4 information in 1logging messages 1matching 1monitoring 1number per QoS class map 1port 1precedence of 1router 1router ACLs and VLAN map configuration guidelines 1standard IPv4creating 1matching criteria 1support in hardware 1time ranges to 1types supported 1unsupported featuresIPv4 1using router ACLs with VLAN maps 1VLAN mapsconfiguration guidelines 1configuring 1active links 1additional references 1address aliasing 1address formats 1address resolution 1addresses 1dynamicaccelerated aging 1default aging 1defined 1learning 1IPv6 1MAC, discovering 1multicastSTP address management 1staticadding and removing 1aggregatable global unicast addresses 1aggregate-port learners 1aging timeacceleratedfor MSTP 1for STP 1MAC address table 1alternateport 1and ARP 1and CDP 1and IPv6 1and routing 1and routing protocols 1and SSH 1applications 1ARPdefined 1tableaddress resolution 1assigning address 1assigning informationmember number 1priority value 1provisioning a new member 1assigning IPv6 addresses to 1attributesvendor-proprietary 1vendor-specific 1attributes, RADIUSvendor-specific 1authenticating toboundary switch 1KDC 1authentication 1local mode with AAA 1RADIUSlogin 1TACACS+defined 1key 1login 1authentication key 1authentication proxyaccounting 1applyingauthentication proxypasswords, one-time 1usingauthentication proxywhen to use 1when to use 1authentication, defined 1authoritative time source, described 1with RADIUS 1authorization, defined 1auto mode 1auto-MDIXconfiguring 1described 1auto-MDIX, configuring 1auto-QoS 1Auto-Qosmonitoring 1Auto-QoSconfiguration migration 1enhanced 1Generated Configuration For Enhanced Video, Trust, and Classify Devices 1Generated configuration for VoIP devices 1Global Configuration 1autoconfiguration 1automatic 1automatic QoSSee QoS 1autonegotiationmismatches 1AVC with DNS-AS 1configuringconfiguring DNS server as the authoritative server 1configuring QoS for AVC with DNS-AS 1enabling AVC with DNs-AS 1generating metadata streams for 1maintaining the list of trusted domains 1feature history 1information about 1key concepts 1monitoring 1overview 1prerequisites 1DNS snooping process 1DNS-AS client process 1restrictions 1troubleshooting 1B
BackboneFastdescribed 1enabling 1backupport 1backup interfacesSee Flex Links 1bannersconfiguringlogin 1message-of-the-day login 1default configuration 1Berkeley r-tools replacement 1binding configurationautomatic 1manual 1binding databaseaddress, DHCP serverSee DHCP, Cisco IOS server database 1binding physical and logical interfaces 1binding table 1bindingsaddress, Cisco IOS DHCP server 1IP source guard 1blockingstate 1boundary switch 1BPDU 1contents 1filtering 1RSTP format 1bridge identifier (bridge ID) 1bridge protocol data units 1bridged packets, ACLs on 1broadcast traffic 1Budgeting Power: Example command 1bulk synchronization 1C
CA trustpointconfiguring 1defined 1CDPand trusted boundary 1defined with LLDP 1power negotiation extensions 1CDP with power consumption, described 1CDP with power negotiation, described 1changing the default for lines 1channel groupsbinding physical and logical interfaces 1numbering of 1CipherSuites 1Cisco 7960 IP Phone 1Cisco Discovery Protocol (CDP) 1Cisco intelligent power management 1Cisco IOS DHCP serverSee DHCP, Cisco IOS DHCP server 1Cisco IOS IP SLAs 1Cisco IP Phone Data Traffic 1Cisco IP Phone Voice Traffic 1Cisco Networking Services 1CIST regional rootCIST rootSee MSTP 1civic location 1class maps for QoSclassification overview 1clockSee system clock 1CNS 1commands, setting privilege levels 1communication, global 1compatible mode 1configurable leave timer, IGMP 1Configuration Enginerestrictions 1configuration examples 1Configuration Examples command 1Configuration Examples for Configuring EtherChannels command 1Configuration Examples for Configuring MLD Snooping Queries command 1Configuration Examples for Configuring PoE command 1Configuration Examples for Configuring SDM Templates command 1Configuration Examples for Setting Passwords and Privilege Levels command 1configuration files 1invalid combinations when copying 1password recovery disable considerations 1authentication 1authentication key 1communication, global 1Layer 2 interfaces 1login authentication 1member number 1on Layer 2 interfaces 1priority value 1Configuring a Multicast Router Port: Example command 1configuring a secure HTTP client 1configuring a secure HTTP server 1Configuring a Static Multicast Group: Example command 1Configuring IPv6 Addressing and Enabling IPv6 Routing: Example command 1Configuring IPv6 ICMP Rate Limiting: Example command 1Configuring Layer 2 EtherChannels: Examples command 1Configuring Link-State Tracking: Example 1Configuring MLD Snooping Queries: Example command 1Configuring Per VRF on a TACACS+ Server 1configuring ports for voice traffic in802.1p priority tagged frames 1Configuring SDM templates: Examples: command 1Configuring Static Routing for IPv6: Example command 1Configuring the Switch for Vendor-Proprietary RADIUS Server Communication: Example command 1Configuring the Switch to Use Vendor-Specific RADIUS Attributes: Examples command 1confirming 1CoSin Layer 2 frames 1override priority 1CoS input queue threshold map for QoS 1CoS output queue threshold map for QoS 1credentials 1configuringon Layer 2 interfaces 1described 1illustration 1cross-stack UplinkFast, STPFast Uplink Transition Protocol 1normal-convergence events 1cross-stack UplinkFast,STPdescribed 1fast-convergence events 1customizeable web pages, web-based authentication 1D
daylight saving time 1debuggingenabling all system diagnostics 1redirecting error message output 1using commands 1auto-QoS 1banners 1DNS 1EtherChannel 1Flex Links 1IGMP filtering 1IGMP throttling 1IPv6 1LLDP 1MAC address table 1MAC address-table move update 1MSTP 1MVR 1password and privilege level 1RADIUS 1RSPAN 1SPAN 1SSL 1STP 1TACACS+ 1UDLD 1default configuration for 1default Ethernet VLAN configuration 1default setting 1default settings 1default VLAN configuration 1default web-based authentication configuration802.1X 1Event Service 1NameSpace Mapper 1defining AAA server groups 1definitionVLAN 1deletionVLAN 1designatedport 1switch 1desktop template 1destination-IP address-based forwarding 1destination-IP address-based forwarding, EtherChannel 1destination-MAC address forwarding 1destination-MAC address forwarding, EtherChannel 1detecting indirect link failures,STP 1deviceroot 1device priorityMSTP 1STP 1device stack 1DHCPenablingrelay agent 1server 1DHCP option 82displaying 1forwarding address, specifying 1helper address 1overview 1DHCP server port-based address allocationdefault configuration 1enabling 1DHCP snooping 1accepting untrusted packets form edge switch 1option 82 data insertion 1trusted interface 1untrusted messages 1DHCP snooping binding databaseadding bindings 1binding fileformat 1location 1configuration guidelines 1configuring 1described 1enabling 1Differentiated Services (Diff-Serv) architecture 1Differentiated Services Code Point 1directorieschanging 1creating 1displaying the working 1removing 1disabledstate 1disabling 1disabling recovery of 1disclaimer 1Displaying IPv6: Example command 1DNIS (Dialed Number Identification Service)DNIS number 1server groups, selecting 1DNSdefault configuration 1in IPv6 1overview 1setting up 1Domain Name SystemSee DNS 1domain names 1DNS 1DSCP 1DSCP maps 1DSCP-to-CoS map for QoS 1DSCP-to-DSCP-mutation map for QoS 1dual IPv4 and IPv6 templates 1dual protocol stacksIPv4 and IPv6 1SDM templates supporting 1dual-action detection 1dynamic access portsconfiguring 1dynamic addressesSee addresses 1dynamic mode 1dynamic port membershipdescribed 1reconfirming 1troubleshooting 1dynamic port VLAN membershipdescribed 1troubleshooting 1types of connections 1dynamic VLAN assignments 1E
egress expedite queue 1ELIN location 1enable password 1enable secret 1enable secret password 1enabling all system diagnostics 1enabling and disabling 1Enabling MLD Immediate Leave: Example command 1encrypting 1encryption for passwords 1encryption methods 1encryption, CipherSuite 1entering server address 1channel groupsbinding physical and logical interfaces 1numbering of 1configuration guidelines 1configuringLayer 2 interfaces 1default configuration 1IEEE 802.3ad, described 1interactionwith STP 1LACPhot-standby ports 1interaction with other features 1min links 1modes 1port priority 1system priority 1logical interfaces, described 1PAgPabout aggregate-port learners 1about learn method and priority 1aggregate-port learners 1described 1interaction with other features 1interaction with virtual switches 1learn method and priority configuration 1modes 1with dual-action detection 1port-channel interfacesnumbering of 1stack changes, effects of 1EtherChannel failover 1EtherChannel guarddescribed 1enabling 1EtherChannel | interactionwith VLANs 1active link 1and routing 1and routing protocols 1default setting 1described 1for network management 1supported features 1unsupported features 1Ethernet management port configuration 1Ethernet management port, internaland routing 1and routing protocols 1unsupported features 1Ethernet VLAN 1EUI 1event manager environment command 1Event Service 1exampleACLs 1class maps 1classifying, policing, marking traffic on physical ports 1configuring egress queue 1configuring ingress queue 1configuring port to DSCP-trusted state 1modifying DSCP-DSCP mutation map 1Example for Configuring Auto-MDIX command 1Example for Performing a Traceroute to an IP Host command 1Example for Pinging an IP Host command 1Example of Configuring NVRAM Buffer Size command 1Examples for Configuring the System MTU command 1exiting 1expedite queueegress queuesSRR weights 1guidelines 1expedite queue for QoS 1extended system IDMSTP 1extended universal identifierSee EUI 1extended-range VLAN 1extended-range VLAN configuration guidelines 1F
Fa0 portSee Ethernet management port<$nopage> 1fallback bridgingSTPkeepalive messages 1VLAN-bridge STP 1Fast Uplink Transition Protocol 1fastethernet0 portSee Ethernet management port<$nopage> 1feature historyauto-QoS 1feature informationIGMP snooping 1VLANs 1fiber-optic, detecting unidirectional links 1file systemdisplaying available file systems 1displaying file information 1local file system names 1network file system names 1setting the default 1filescopying 1deleting 1tarcreating 1displaying the contents of 1extracting 1filteringnon-IP traffic 1filters, IPSee ACLs, IP [filtersIPflash device,number of 1flash memory 1flash: file system 1Flex Linksconfiguring VLAN load balancing 1default configuration 1description 1link load balancing 1monitoring 1preemption scheme 1preferred VLAN example 1switchport backup exampleforced preemption mode example 1VLAN load balancing examples 1Flex Links failover 1flow exporter 1flow record 1for network management 1forward-delay timeMSTP 1STP 1forwarding 1state 1G
general query 1Generating IGMP Reports 1global leave, IGMP 1H
hello timeMSTP 1STP 1high-power devices operating in low-power mode 1hosts, limit on dynamic ports 1hot-standby ports 1HTTP secure server 1HTTP(S) Over IPv6 1HTTPSconfiguring 1described 1self-signed certificate 1hub 1I
ICMP 1Host Unreachable message 1IPv6 1time-exceeded messages 1traceroute and 1unreachables and ACLs 1ICMP pingexecuting 1overview 1ICMPv6 1Identifying the RADIUS Server Host: Examples command 1identifying the server 1IEEE 802.1Q tagging 1IEEE 802.1sSee MSTP 1IEEE 802.3ad, described 1IEEE power classification levels 1IGMP 1configurable leave timerdescribed 1enabling 1flooded multicast trafficcontrolling the length of time 1disabling on an interface 1global leave 1recovering from flood mode 1join messages 1leave processing, enabling 1leaving multicast group 1queries 1report suppressiondescribed 1snooping 1supported versions 1IGMP filteringdefault configuration 1described 1IGMP groupsconfiguring filtering 1setting the maximum number 1IGMP Immediate Leave 1enabling 1IGMP profileapplying 1configuration mode 1IGMP report suppression 1and address aliasing 1and stack changes 1definition 1global configuration 1Immediate Leave 1in the switch stack 1monitoring 1querierconfiguration guidelines 1configuring 1supported versions 1VLAN configuration 1IGMP throttlingconfiguring 1default configuration 1described 1displaying action 1IGMP Throttling Actionconfiguration guidelines 1Immediate Leave, IGMPdescribed 1enabling 1in IPv6 1ingress queuedefault configuration 1ingress queue typesexpedite 1normal 1ingress queues 1Inter-Switch LinkSee ISL 1inter-VLAN routing 1interaction with virtual switches 1interface 1interface configuration 1interfacesauto-MDIX, configuring 1Internet Protocol version 6See IPv6 1Intrusion Detection SystemSee IDS appliances 1inventory management TLV 1IPadvertising, definition 1IP ACLsfor QoS classification 1named 1IP addresses128-bit 1classes of 1discovering 1IPv6 1IP addresses and subnets 1IP phonesautomatic classification and queueing 1ensuring port security with QoS 1trusted boundary for QoS 1IP precedence 1ip rip authentication mode command 1IP routingenabling 1IP SLAresponderdescribed 1enabling 1IP SLAsbenefits 1configuration 1measuring network performance 1response time 1SNMP support 1supported metrics 1802.1x 1binding configurationautomatic 1manual 1binding table 1configuration guidelines 1described 1DHCP snooping 1EtherChannels 1port security 1routed ports 1static bindingsstatic hosts 1TCAM entries 1trunk interfaces 1VRF 1IP tracerouteexecuting 1overview 1IP unicast routingenabling 1inter-VLAN 1IP addressingclasses 1IPv6 1subnet mask 1IPv4 ACLsapplying to interfaces 1extended, creating 1interfaces 1named 1standard, creating 1IPv4 and IPv6 1address formats 1addresses 1applications 1assigning address 1autoconfiguration 1default configuration 1defined 1forwarding 1ICMP 1monitoring 1neighbor discovery 1SDM templates 1Stateless Autoconfiguration 1supported features 1ISLand IPv6 1J
join messages, IGMP 1K
described 1See also Kerberos<$nopage>[KDCzzz] 1keepalive messages 1Kerberosauthenticating toboundary switch 1KDC 1authentication 1configuration examples 1configuring 1(examples) 1credential forwarding 1instance mapping 1KDC (key distribution center) 1mandatory authentication 1SRVTABs files, copying 1credentials 1described 1Encrypted Kerberized Telnet 1KDC 1realm 1server 1switch as trusted third party 1Telnet to router 1terms 1TGT 1tickets 1key 1key concepts"A" record 1Authoritative DNS server 1binding table 1Client or DNS-AS client 1forward lookup 1host 1metadata 1Time-to-Live (TTL) 1TXT DNS-AS resource record or TXT record 1key distribution centerSee KDC<$nopage> 1L
hot-standby ports 1interaction with other features 1min links 1modes 1port priority 1system priority 1Layer 2 EtherChannel configuration guidelines 1Layer 2 interface modes 1Layer 2 interfaces 1Layer 2 NetFlow 1Layer 2 tracerouteand ARP 1and CDP 1broadcast traffic 1described 1IP addresses and subnets 1MAC addresses and VLANs 1multicast traffic 1multiple devices on a port 1unicast traffic 1usage guidelines 1Layer 3 interfacesassigning IPv6 addresses to 1Layer 3 packets, classification methods 1Leaking IGMP Reports 1learn method and priority configuration 1leave processing, enabling 1Link Failure, detecting unidirectional 1link local unicast addresses 1link redundancySee Flex Links 1link-state trackingdescription 1listeningstate 1LLDPconfiguringdefault configuration 1enabling 1overview 1switch stack considerations 1transmission timer and holdtime, setting 1LLDP-MEDconfiguringTLVs 1overview 1supported TLVs 1load balancing advantages 1trunk ports 1local mode with AAA 1local SPAN 1location TLV 1logging into 1logging messages, ACL 1logical interfaces, described 1login authentication 1with RADIUS 1with TACACS+ 1login banners 1M
MAC address of 1MAC address-table move updateconfiguration guidelines 1configuring 1default configuration 1description 1obtain and process messages 1MAC addressesaging time 1and VLAN association 1building the address table 1default configuration 1discovering 1dynamiclearning 1staticcharacteristics of 1MAC addresses and VLANs 1MAC extended access listsMAC/PHY configuration status TLV 1management address TLV 1managing switch stacks 1manual 1mapping tabledefault configuration 1mapping tables for QoSconfiguringDSCP 1DSCP-to-CoS 1DSCP-to-DSCP-mutation 1policed-DSCP 1described 1markingaction in policy map 1matchdatalink 1flow 1interface 1ipv4 1ipv6 1transport 1maximum aging timeMSTP 1STP 1maximum hop count, MSTP 1MD5 (Message Digest 5) authenticationRIP 1member number 1memory allocation 1merged 1messages, to users through banners 1method listsAAAaccounting 1authorization 1metricsRIP 1MIB support 1min links 1mirroring traffic for analysis 1mismatches 1mismatches, autonegotiation 1MLD Messages 1MLD Queries 1MLD Reports 1MLD Snooping 1MLDv1 Done message 1access groups 1Flex Links 1IGMPsnooping 1IPv4 ACL configuration 1IPv6 1multicast router interfaces 1network traffic for analysis with probe 1SFP status 1show avc dns-as client binding-table 1show avc dns-as client binding-table detail 1show avc dns-as client name-server brief 1show avc dns-as client statistics 1show avc dns-as client status 1show avc dns-as client trusted-domains 1show ip name-server 1show platform tcam utilization 1voice VLAN 1VTP 1monitoring power 1monitoring status of 1mrouter Port 1MST mode 1MSTPboundary portsconfiguration guidelines 1described 1BPDU filteringdescribed 1enabling 1BPDU guarddescribed 1enabling 1CIST root 1CIST, described 1configuration guidelines 1configuringdevice priority 1forward-delay time 1hello time 1link type for rapid convergence 1maximum aging time 1maximum hop count 1MST region 1neighbor type 1path cost 1port priority 1root device 1secondary root device 1CSToperations between regions 1default configuration 1displaying status 1enabling the mode 1EtherChannel guarddescribed 1enabling 1extended system IDeffects on root device 1effects on secondary root device 1unexpected behavior 1IEEE 802.1simplementation 1port role naming change 1terminology 1instances supported 1interface state, blocking to forwarding 1interoperability with IEEE 802.1Ddescribed 1restarting migration process 1ISToperations within a region 1loop guarddescribed 1enabling 1mapping VLANs to MST instance 1MST regionCIST 1configuring 1described 1hop-count mechanism 1IST 1supported spanning-tree instances 1PortFastdescribed 1enabling 1preventing root switch selection 1root deviceconfiguring 1effects of extended system ID 1unexpected behavior 1root guarddescribed 1enabling 1shutdown Port Fast-enabled port 1stack changes, effects of 1status, displaying 1MTUsystem 1Multicast Client Aging Robustness 1multicast groupsjoining 1leaving 1multicast packetsACLs on 1Multicast Router Discovery 1multicast router interfaces, monitoring 1multicast router ports, adding 1multicast television application 1multicast traffic 1multiple devices on a port 1MVRdefault configuration 1described 1MVR interfaces 1MVR parameters 1N
NameSpace Mapper 1native VLAN 1neighbor discovery 1neighbor discovery, IPv6 1Network Assistantmanaging switch stacks 1Network Load SharingSTP path cost 1STP priorities 1network performance, measuring with IP SLAs 1network policy TLV 1non-IP traffic filtering 1nonhierarchical policy mapsconfiguring 1normal-rangeVLAN configuration guidelines 1NTPassociationsdefined 1overview 1numbering of 1O
OBFLconfiguring 1described 1displaying 1offline configurationprovisioned configuration, defined 1provisioned switch, defined 1provisioning a new member 1offset-list command 1on Layer 2 interfaces 1on-board failure logging 1online diagnosticsdescribed 1overview 1operation 1P
packet modification, with QoS 1PaGP 1PAgP 1aggregate-port learners 1described 1interaction with other features 1interaction with virtual switches 1learn method and priority configuration 1modes 1with dual-action detection 1password 1password and privilege level 1password recovery disable considerations 1passwordsdefault configuration 1disabling recovery of 1encrypting 1overview 1recovery of 1settingenable 1enable secret 1Telnet 1with usernames 1path cost 1MSTP 1STP 1persistent self-signed certificate 1pingcharacter output description 1executing 1overview 1PoEauto mode 1CDP with power consumption, described 1CDP with power negotiation, described 1Cisco intelligent power management 1high-power devices operating in low-power mode 1IEEE power classification levels 1monitoring 1monitoring power 1policing power consumption 1policing power usage 1power management modes 1power negotiation extensions to CDP 1powered-device detection and initial power allocation 1standards supported 1static mode 1PoE ports 1policed-DSCP map for QoS 1policersconfiguringfor more than one traffic class 1types of 1policingtoken-bucket algorithm 1policing power consumption 1policing power usage 1policy maps for QoSnonhierarchical on physical portsconfiguring 1portpriority 1root 1port ACLsdefined 1types of 1port description TLV 1port priority 1MSTP 1STP 1port security 1and QoS trusted boundary 1port VLAN ID TLV 1port-based authenticationconfiguration guidelines 1configuringRADIUS server 1RADIUS server parameters on the switch 1default configuration 1device roles 1displaying statistics 1enabling802.1X authentication 1switchas proxy 1port-channel interfacesnumbering of 1power management modes 1power management TLV 1power negotiation extensions 1power negotiation extensions to CDP 1powered-device detection and initial power allocation 1preemption delay, default configuration 1preemption, default configuration 1prerequisitesattaching the policy map to the interface 1auto-QoS 1Cisco ONE for Access 1IGMP snooping 1metadata reachability 1MLS QoS 1QoS 1snooping forward look-up requests 1VLAN trunks 1VMPS 1preventing unauthorized access 1prioritization 1priorityoverriding CoS 1priority value 1privilege levelschanging the default for lines 1exiting 1logging into 1overview 1setting a command with 1Protecting Enable and Enable Secret Passwords with Encryption: Example command 1provisioned configuration, defined 1provisioned switch, defined 1provisioning a new member 1provisioning new members for a switch stack 1proxy reports 1pruning-eligible list 1PVST mode 1PVST+described 1IEEE 802.1Q trunking interoperability 1instances supported 1Q
QoSauto-QoScategorizing traffic 1configuration guidelines 1described 1disabling 1effects on running configuration 1basic model 1class mapsclassificationDSCP transparency, described 1forwarding treatment 1IP ACLs, described 1options for IP traffic 1trusted CoS, described 1configuration guidelinesauto-QoS 1configuringauto-QoS 1default port CoS value 1DSCP maps 1DSCP transparency 1DSCP trust states bordering another domain 1egress queue characteristics 1ingress queue characteristics 1IP standard ACLs 1policy maps on physical ports 1port trust states within the domain 1trusted boundary 1default auto configuration 1default configuration 1egress queuesconfiguring shaped weights for SRR 1configuring shared weights for SRR 1displaying the threshold map 1mapping DSCP or CoS values 1WTD, described 1enabling globally 1enabling VLAN-based on physical ports 1implicit deny 1ingress queuesallocating bandwidth 1allocating buffer 1buffer and bandwidth allocation, described 1displaying the threshold map 1priority queue, described 1setting WTD thresholds 1WTD, described 1IP phonesautomatic classification and queueing 1limiting bandwidth on egress interface 1mapping tablesDSCP-CoS 1DSCP-to-CoS 1DSCP-to-DSCP-mutation 1policed-DSCP 1types of 1marked-down actions 1marking, described 1packet modification 1policersconfiguring 1types of 1policingtoken bucket algorithm 1policing, described 1QoSclassificationingress queuesqueuesconfiguring egress characteristics 1configuring ingress characteristics 1location of 1SRR, described 1WTD, described 1rewrites 1SRRconfiguringtrust statesbordering another domain 1trusted device 1within the domain 1QoS policy 1queries, IGMP 1R
attributesvendor-specific 1configuringaccounting 1authentication 1authorization 1communication, global 1default configuration 1defining AAA server groups 1limiting the services to the user 1login 1operation of 1overview 1suggested network environments 1tracking services accessed by user 1RADIUS Change of Authorization 1rapid convergence 1Rapid Spanning Tree ProtocolSee RSTP 1realm 1reconfirmation interval, changing 1reconfirmation interval, VMPS, changing 1reconfirming dynamic VLAN membership 1reconfirming membership 1recovery of 1redirecting error message output 1redundancyEtherChannel 1STPbackbone 1multidrop backbone 1reference 1referencesRemote Authentication Dial-In User ServiceSee RADIUS 1remote SPAN 1removing a provisioned member 1replacing 1replacing a failed member 1report suppressiondisabling 1report suppression, IGMPdescribed 1responder, IP SLAdescribed 1enabling 1response time, measuring with IP SLAs 1restricting accessoverview 1RADIUS 1TACACS+ 1auto-QoS 1Configuration Engine 1IGMP snooping 1IPv6 is not supported 1MSTP 1only forward look-up 1only on physical interfaces 1Optional Spanning-Tree Features 1STP 1two DNs servers 1voice VLANs 1VRF is not supported 1VTP 1retry count, changing 1retry count, VMPS, changing 1RFC1112, IP multicast and IGMP 11305, NTP 1RFC 5176 Compliance 1RIP (Routing Information Protocol)IPauthentication 1hop count 1version, specifying 1roleport 1rootport 1root deviceMSTP 1STP 1route authenticationRIP 1routed packets, ACLs on 1routed ports 1router ACLsdefined 1types of 1RSPAN 1and stack changes 1characteristics 1configuration guidelines 1default configuration 1destination ports 1in a device stack 1interaction with other features 1monitored ports 1monitoring ports 1overview 1received traffic 1session limits 1sessionscreating 1defined 1limiting source traffic to specific VLANs 1specifying monitored ports 1with ingress traffic enabled 1source ports 1transmitted traffic 1VLAN-based 1RSTPactive topology 1BPDUformat 1processing 1designated port, defined 1designated switch, defined 1interoperability with IEEE 802.1Ddescribed 1restarting migration process 1topology changes 1overview 1port rolesdescribed 1synchronized 1rapid convergencecross-stack rapid convergence 1described 1edge ports and Port Fast 1root ports 1root port, defined 1RTCbenefits 1defined 1S
sampler 1SCPand SSH 1configuring 1SDMswitch stack consideration 1templatesconfiguring 1SDM templates 1SDM templates supporting 1secure HTTP clientconfiguring 1displaying 1secure HTTP serverconfiguring 1displaying 1Secure Shell 1Secure Shell Version 2 1monitoring and maintaining 1verifying using the show ip ssh command 1security and identification 1See also IP traceroute 1See also Kerberos<$nopage>[KDCzzz] 1See Ethernet management port<$nopage> 1See EUI 1see HTTPS 1See IPv6 1See KDC<$nopage> 1See RADIUS 1See SCP 1See TACACS+<$nopage> 1self-signed certificate 1server 1server groupsAAA, authorization 1server groups, AAAservice-provider network, MSTP and RSTP 1servicesnetworking 1settingenable 1enable secret 1Telnet 1with usernames 1setting a command with 1setting a password 1Setting a Telnet Password for a Terminal Line: Example command 1Setting or Changing a Static Enable Password: Example command 1setting packet forwarding 1Setting the Privilege Level for a Command: Example command 1SFP security and identification 1SFP status 1SFPsmonitoring status of 1security and identification 1status, displaying 1shaped mode 1shared mode 1show access-lists hw-summary command 1show forward command 1show interfaces switchport 1show platform forward command 1Simple Network Management Protocol (SNMP) 1single-switch EtherChannel 1SNMPand IP SLAs 1trapsSNMP and Syslog Over IPv6 1snooping 1source-and-destination MAC address forwarding, EtherChannel 1source-and-destination-IP address based forwarding, EtherChannel 1source-IP address based forwarding, EtherChannel 1source-IP address-based forwarding 1source-MAC address forwarding 1source-MAC address forwarding, EtherChannel 1SPANand stack changes 1configuration guidelines 1default configuration 1destination ports 1interaction with other features 1monitored ports 1monitoring ports 1overview 1received traffic 1session limits 1sessionscreating 1defined 1limiting source traffic to specific VLANs 1removing destination (monitoring) ports 1specifying monitored ports 1with ingress traffic enabled 1source ports 1transmitted traffic 1VLAN-based 1SPAN traffic 1Spanning Treestates 1spanning-treeport priority 1SRRdescribed 1shaped mode 1shared mode 1SSH 1encryption methods 1user authentication methods, supported 1SSH server 1SSL 1configuring a secure HTTP client 1configuring a secure HTTP server 1monitoring 1stack changes, effects of 1stack changes, effects oncross-stack EtherChannel 1EtherChannel 1IGMP snooping 1IP routing 1SPAN and RSPAN 1STP 1stack changes,effects onMSTP 1stack memberconfiguringmember number 1priority value 1provisioning a new member 1removing a provisioned member 1replacing 1stacking 1stacks 1stacks switchreplacing a failed member 1stacks,MSTP instances supported 1STPbridge ID 1switch 1stacks, switchassigning informationpriority value 1provisioning a new member 1MAC address of 1offline configurationprovisioned configuration, defined 1provisioned switch, defined 1provisioning a new member 1partitioned 1system prompt consideration 1version-mismatch (VM) modedescribed 1stacks,switchassigning informationmember number 1merged 1offline configurationremoving a provisioned member 1partitioned 1standards supported 1Stateless Autoconfiguration 1static addressesSee addresses 1static bindingsstatic hosts 1static joins 1static mode 1static-access ports 1statistics802.1X 1interface 1status, displaying 1STPaccelerating root port selection 1BackboneFastdescribed 1enabling 1BPDU message exchange 1configuringdevice priority 1forward-delay time 1hello time 1maximum aging time 1path cost 1port priority 1root device 1secondary root device 1spanning-tree mode 1transmit hold-count 1cross-stack UplinkFastdescribed 1default configuration 1designated ,definedswitch 1designated port,defined 1detecting indirect link failures 1disabling 1displaying status 1EtherChannel guarddescribed 1enabling 1extended system IDeffects on root device 1effects on the secondary root device 1overview 1unexpected behavior 1IEEE 802.1D and bridge ID 1IEEE 802.1D and multicast addresses 1IEEE 802.1t and VLAN identifier 1instances supported 1interface states 1blocking 1disabled 1learning 1listening 1keepalive messages 1limitations with IEEE 802.1Q trunks 1modes supported 1overview 1protocols supported 1redundant connectivity 1rootelection 1unexpected behavior 1root deviceconfiguring 1root port, defined 1stack changes, effects of 1status, displaying 1UplinkFastdescribed 1disabling 1enabling 1VLAN-bridge 1STP path cost 1STP port priorities 1stratum, NTP 1subnet mask 1Subnetwork Access Protocol (SNAP) 1suggested network environments 1summer time 1SVIsand router ACLs 1Switch Accessdisplaying 1switch as trusted third party 1switch stack 1switch stack consideration 1switched packets, ACLs on 1switchport backup interface 1system 1system capabilities TLV 1system clock 1configuringdaylight saving time 1manually 1summer time 1time zones 1overview 1system description TLV 1system name 1default configuration 1manual configuration 1system name TLV 1system priority 1system prompt, default setting 1T
accounting, defined 1authentication, defined 1authorization 1authorization, defined 1AV pairs 1accounting 1configuringaccounting 1authentication 1authentication key 1authorization 1DNIS, server group selection 1login authentication 1server groupsdefault configuration 1defined 1displaying 1identifying the server 1key 1limiting the services to the user 1login 1operation of 1overview 1server groupsDNIS selection 1tracking services accessed by user 1tar filescreating 1displaying the contents of 1extracting 1TCAM entries 1technical assistance 1Telnet 1setting a password 1templatesconfiguring 1temporary self-signed certificate 1Terminal Access Controller Access Control System PlusSee TACACS+<$nopage> 1terminal lines, setting a password 1terms 1TGT 1tickets 1timeSee NTP and system clock 1time zones 1time-exceeded messages 1time-range command 1timers basic (RIP) command 1TLVsdefined 1Token Rings 1Topology Change Notification Processing 1traceroute and 1traceroute commandSee also IP traceroute 1traceroute, Layer 2and ARP 1and CDP 1broadcast traffic 1described 1IP addresses and subnets 1MAC addresses and VLANs 1multicast traffic 1multiple devices on a port 1unicast traffic 1usage guidelines 1traffictrapstroubleshooting 1auto-QoS 1DNS server returns incorrect values 1no entries in the binding table 1QoS policy removed from the port 1setting packet forwarding 1SFP security and identification 1show forward command 1TCAM utilization 1Unsuccessful DNS snooping or packet logging 1with debug commands 1with ping 1with traceroute 1Troubleshooting Examples command 1trunk 1configuration 1trunk failover 1trunk interfaces 1trunk port 1trunking 1trunking modes 1trunksallowed VLANs 1trust states 1trusted boundary for QoS 1trusted port statesbetween QoS domains 1classification options 1ensuring port security for IP phones 1within a QoS domain 1trustpoints, CA 1twisted-pair, detecting unidirectional links 1types of connections 1U
UDLDaggressive modemessage time 1default configuration 1disablingper interface 1enablingglobally 1per interface 1fiber-optic links 1neighbor database 1neighbor database maintenance 1normal 1normal mode 1overview 1restrictions 1twisted-pair links 1UDP (User Datagram Protocol)using with RIP 1unicast MAC address filteringconfiguration 1unicast traffic 1unsupported features 1UplinkFastdescribed 1disabling 1enabling 1usage guidelines 1user authentication methods, supported 1username-based authentication 1using commands 1V
vendor-proprietary 1vendor-specific 1version-mismatch (VM) modedescribed 1displaying 1virtual switches and PAgP 1VLANdefinition 1VLAN ACLsSee VLAN maps 1VLAN filtering and SPAN 1VLAN ID, discovering 1VLAN load balancing on Flex Linksconfiguration guidelines 1described 1VLAN map entries, order of 1VLAN mapsapplying 1common uses for 1configuration guidelines 1configuring 1creating 1defined 1denying access to a server example 1VLAN membershipconfirming 1VLAN monitoring commands 1VLAN port membership modes 1VLANsaging dynamic addresses 1limiting source traffic with RSPAN 1limiting source traffic with SPAN 1STP and IEEE 802.1Q trunks 1VLAN-bridge STP 1VMPS 1dynamic port membershipdescribed 1reconfirming 1troubleshooting 1entering server address 1reconfirmation interval, changing 1reconfirming membership 1retry count, changing 1VMPS client configurationdefault 1VMPS Configuration Example command 1voice VLANconfiguration guidelines 1configuring IP phones for data trafficoverride CoS of incoming frame 1VoIP device specifics 1VRF 1VTP 1configuration requirements 1version 1VTP advertisements 1VTP mode 1VTP modes 1VTP password 1VTP primary 1VTP settings 1VTP version 1VTP version 2 1VTP version 3 1W
web authenticationconfiguring 1web-based authenticationcustomizeable web pages 1description 1web-based authentication, interactions with other features 1wired location serviceconfiguring 1location TLV 1understanding 1with debug commands 1with dual-action detection 1with ping 1with STP 1with traceroute 1with usernames 1WTDsetting thresholdsegress queue-sets 1ingress queues 1Z
zzz] 1