Numerics -
A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
K -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
X -
Index
Numerics
802.1D
See STP
802.1Q
and trunk ports 9-3
configuration limitations 11-19
encapsulation 11-16
native VLAN for untagged traffic 11-23
tunneling
compatibility with other features 15-6
defaults 15-4
described 15-1
tunnel ports with other features 15-6
802.1s
See MSTP
802.1w
See RSTP
802.1x
See port-based authentication
802.3ad
See EtherChannel
802.3af
See PoE
802.3z flow control 9-18
A
abbreviating commands 2-3
ABRs 33-24
access-class command 30-20
access control entries
See ACEs
access-denied response, VMPS 11-28
access groups
applying ACLs to interfaces 30-21
IP 30-21
Layer 2 30-21
Layer 3 30-21
access lists
See ACLs
access ports
and Layer 2 protocol tunneling 15-11
defined 9-3
accounting
with 802.1x 8-5, 8-21
with RADIUS 7-28
with TACACS+ 7-11, 7-17
ACEs
and QoS 31-7
defined 30-2
Ethernet 30-2
IP 30-2
ACLs
ACEs 30-2
any keyword 30-13
applying
on bridged packets 30-38
on multicast packets 30-40
on routed packets 30-39
on switched packets 30-38
time ranges to 30-17
to an interface 30-20
to QoS 31-7
classifying traffic for QoS 31-42
comments in 30-19
ACLs (continued)
compiling 30-23
configuring with VLAN maps 30-37
defined 30-1, 30-7
examples of 30-23, 31-42
extended IP
configuring for QoS classification 31-44
creating 30-10
matching criteria 30-7
hardware and software handling 30-22
host keyword 30-13
IP
applying to an interface 30-20
applying to interfaces 30-20
creating 30-7
fragments and QoS guidelines 31-33
implicit deny 30-9, 30-14, 30-16
implicit masks 30-9
matching criteria 30-7
named 30-15
terminal lines, setting on 30-20
undefined 30-22
violations, logging 30-16
limiting actions 30-38
logging messages 30-10
log keyword 30-16
MAC extended 30-27, 31-45
matching 30-7, 30-21
monitoring 30-40
named 30-15
number per QoS class map 31-33
numbers 30-8
port 30-2
precedence of 30-3
QoS 31-7, 31-42
resequencing entries 30-15
router 30-2
ACLs (continued)
standard IP
configuring for QoS classification 31-43
creating 30-9
matching criteria 30-7
supported features 30-22
support for 1-6
time ranges 30-17
unsupported features 30-7
using router ACLs with VLAN maps 30-37
VLAN maps
configuration guidelines 30-30
configuring 30-30
active links 19-1
active router 34-1
address aliasing 22-2
addresses
displaying the MAC address table 5-27
dynamic
accelerated aging 16-8
changing the aging time 5-22
default aging 16-8
defined 5-20
learning 5-21
removing 5-22
MAC, discovering 5-27
multicast
group address range 35-3
STP address management 16-8
static
adding and removing 5-25
defined 5-20
address resolution 5-27, 33-8
Address Resolution Protocol
See ARP
adjacency tables, with CEF 33-59
administrative distances
defined 33-70
OSPF 33-29
routing protocol defaults 33-61
advertisements
CDP 24-1
RIP 33-19
VTP 11-19, 12-3
aggregate addresses, BGP 33-54
aggregated ports
See EtherChannel
aggregate policers 31-57
aggregate policing 1-8
aging, accelerating 16-8
aging time
accelerated
for MSTP 17-20
for STP 16-8, 16-21
MAC address table 5-22
maximum
for MSTP 17-21
for STP 16-21
alarms, RMON 27-3
allowed-VLAN list 11-21
area border routers
See ABRs
ARP
configuring 33-9
defined 1-4, 5-27, 33-8
encapsulation 33-10
static cache configuration 33-9
table
address resolution 5-27
managing 5-27
ASBRs 33-24
AS-path filters, BGP 33-48
asymmetrical links, and 802.1Q tunneling 15-4
attributes, RADIUS
vendor-proprietary 7-31
vendor-specific 7-29
audience xxxv
authentication
EIGRP 33-36
HSRP 34-9
local mode with AAA 7-36
NTP associations 5-5
RADIUS
key 7-21
login 7-23
TACACS+
defined 7-11
key 7-13
login 7-14
See also port-based authentication
authentication keys, and routing protocols 33-71
authoritative time source, described 5-2
authorization
with RADIUS 7-27
with TACACS+ 7-11, 7-16
authorized ports with 802.1x 8-4
autoconfiguration 3-3
automatic QoS
See QoS
autonegotiation
duplex mode 1-3
interface configuration guidelines 9-16
mismatches 38-11
autonomous system boundary routers
See ASBRs
autonomous systems, in BGP 33-42
Auto-RP, described 35-5
autosensing, port speed 1-3
auxiliary VLAN
See voice VLAN
availability, features 1-5
B
BackboneFast
described 18-5
disabling 18-14
enabling 18-13
support for 1-5
backup interfaces
See Flex Links
backup links 19-1
banners
configuring
login 5-20
message-of-the-day login 5-19
default configuration 5-18
when displayed 5-18
BGP
aggregate addresses 33-54
aggregate routes, configuring 33-54
CIDR 33-54
clear commands 33-57
community filtering 33-51
configuring neighbors 33-52
default configuration 33-40
described 33-39
enabling 33-42
monitoring 33-57
multipath support 33-45
neighbors, types of 33-42
path selection 33-45
peers, configuring 33-52
prefix filtering 33-50
resetting sessions 33-44
route dampening 33-56
route maps 33-47
route reflectors 33-55
routing domain confederation 33-55
show commands 33-57
supernets 33-54
BGP (continued)
support for 1-8
Version 4 33-39
binding cluster group and HSRP group 34-11
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 20-5
DHCP snooping database 20-5
IP source guard 20-14
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 23-6
booting
boot loader, function of 3-2
boot process 3-1
manually 3-13
specific image 3-13
boot loader
accessing 3-14
described 3-2
environment variables 3-14
prompt 3-14
trap-door mechanism 3-2
bootstrap router (BSR), described 35-5
Border Gateway Protocol
See BGP
BPDU
error-disabled state 18-3
filtering 18-3
RSTP format 17-9
BPDU filtering
described 18-3
disabling 18-12
enabling 18-12
support for 1-5
BPDU guard
described 18-3
disabling 18-11
enabling 18-11
support for 1-5
bridged packets, ACLs on 30-38
bridge groups
See fallback bridging
bridge protocol data unit
See BPDU
broadcast flooding 33-16
broadcast packets
directed 33-13
flooded 33-13
broadcast storm-control command 23-4
broadcast storms 23-1, 33-13
C
cables, monitoring for unidirectional links 25-1
candidate switch
defined 4-3
requirements 4-3
See also command switch, cluster standby group, and member switch
CA trustpoint
configuring 7-44
defined 7-42
caution, described xxxvi
CDP
and trusted boundary 31-39
configuring 24-2
default configuration 24-2
described 24-1
disabling for routing device 24-3 to 24-4
enabling and disabling
on an interface 24-4
on a switch 24-3
CDP (continued)
Layer 2 protocol tunneling 15-8
monitoring 24-5
overview 24-1
power negotiation extensions 9-6
support for 1-4
transmission timer and holdtime, setting 24-2
updates 24-2
CEF 33-58
CGMP
as IGMP snooping learning method 22-7
clearing cached group entries 35-49
enabling server support 35-32
joining multicast group 22-3
overview 35-7
server support only 35-7
switch support of 1-3
CIDR 33-54
CipherSuites 7-43
Cisco 7960 IP Phone 14-1
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco intelligent power management 9-6
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
See IFS
Cisco Network Assistant
See Network Assistant
CiscoWorks 2000 1-4, 29-4
classless interdomain routing
See CIDR
classless routing 33-6
class maps for QoS
configuring 31-46
described 31-7
displaying 31-77
class of service
See CoS
clearing interfaces 9-26
CLI
abbreviating commands 2-3
command modes 2-1
described 1-4
editing features
enabling and disabling 2-6
keystroke editing 2-6
wrapped lines 2-8
error messages 2-4
filtering command output 2-8
getting help 2-3
history
changing the buffer size 2-5
described 2-4
disabling 2-5
recalling commands 2-5
managing clusters 4-3
no and default forms of commands 2-4
client mode, VTP 12-3
clock
See system clock
cluster requirements xxxvii
clusters, switch
benefits 1-2
described 4-1
managing
through CLI 4-3
through SNMP 4-4
planning considerations
CLI 4-3
SNMP 4-4
See also Getting Started with Cisco Network Assistant
cluster standby group
and HSRP group 34-11
requirements 4-2
Coarse Wave Division Multiplexer
See CWDM SFPs
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-3
no and default 2-4
commands, setting privilege levels 7-8
command switch
configuration conflicts 38-11
defined 4-2
password privilege levels 4-4
recovery
from command-switch failure 38-8
from lost member connectivity 38-11
replacing
with another switch 38-10
with cluster member 38-8
requirements 4-2
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 33-51
community ports 13-2
community strings
configuring 29-8
for cluster switches 29-4
overview 29-4
community VLANs 13-2, 13-3
compatibility, feature 23-11
config.text 3-12
configuration, initial
defaults 1-10
Express Setup 1-2
See also getting started guide and hardware installation guide
configuration conflicts, recovering from lost member connectivity 38-11
configuration examples, network 1-12
configuration files
clearing the startup configuration B-18
creating using a text editor B-9
default name 3-12
deleting a stored configuration B-18
described B-8
downloading
automatically 3-12
preparing B-10, B-12, B-16
reasons for B-8
using FTP B-13
using RCP B-16
using TFTP B-11
guidelines for creating and using B-8
invalid combinations when copying B-5
limiting TFTP server access 29-15
obtaining with DHCP 3-7
password recovery disable considerations 7-5
specifying the filename 3-12
system contact and location information 29-14
types and location B-9
uploading
preparing B-10, B-12, B-16
reasons for B-8
using FTP B-14
using RCP B-17
using TFTP B-11
configuration settings, saving 3-10
configure terminal command 9-10
config-vlan mode 2-2, 11-7
conflicts, configuration 38-11
connections, secure remote 7-38
connectivity problems 38-13, 38-15, 38-16
consistency checks in VTP Version 2 12-4
console port, connecting to 2-9
conventions
command xxxvi
for examples xxxvi
publication xxxvi
text xxxvi
corrupted software, recovery steps with Xmodem 38-2
CoS
in Layer 2 frames 31-2
override priority 14-6
trust priority 14-6
CoS input queue threshold map for QoS 31-16
CoS output queue threshold map for QoS 31-19
CoS-to-DSCP map for QoS 31-59
counters, clearing interface 9-26
crashinfo file 38-23
cryptographic software image
Kerberos 7-32
SSH 7-37
SSL 7-41
CWDM SFPs 1-17
D
daylight saving time 5-13
debugging
enabling all system diagnostics 38-20
enabling for a specific feature 38-19
redirecting error message output 38-20
using commands 38-19
default commands 2-4
default configuration
802.1Q tunneling 15-4
802.1x 8-10
auto-QoS 31-20
banners 5-18
BGP 33-40
booting 3-12
CDP 24-2
DHCP 20-7
default configuration (continued)
DHCP option 82 20-7
DHCP snooping 20-7
DHCP snooping binding database 20-7
DNS 5-17
dynamic ARP inspection 21-5
EIGRP 33-34
EtherChannel 32-8
fallback bridging 37-3
Flex Links 19-2
HSRP 34-5
IGMP 35-26
IGMP filtering 22-19
IGMP snooping 22-6
IGMP throttling 22-19
initial switch information 3-3
IP addressing, IP routing 33-4
IP multicast routing 35-8
IP source guard 20-14
Layer 2 interfaces 9-14
Layer 2 protocol tunneling 15-11
MAC address table 5-22
MSDP 36-4
MSTP 17-12
MVR 22-14
NTP 5-4
optional spanning-tree configuration 18-9
OSPF 33-25
password and privilege level 7-2
PIM 35-8
private VLANs 13-6
RADIUS 7-20
RIP 33-19
RMON 27-3
RSPAN 26-9
SNMP 29-6
SPAN 26-9
SSL 7-44
standard QoS 31-31
default configuration (continued)
STP 16-11
system message logging 28-3
system name and prompt 5-15
TACACS+ 7-13
UDLD 25-4
VLAN, Layer 2 Ethernet interfaces 11-19
VLANs 11-8
VMPS 11-29
voice VLAN 14-3
VTP 12-6
default gateway 3-10, 33-11
default networks 33-61
default routes 33-61
default routing 33-2
deleting VLANs 11-10
description command 9-22
designing your network, examples 1-12
destination addresses, in ACLs 30-12
destination-IP address-based forwarding, EtherChannel 32-7
destination-MAC address forwarding, EtherChannel 32-6
detecting indirect link failures, STP 18-5
device B-19
device discovery protocol 24-1
device manager
benefits 1-2
described 1-2, 1-4
in-band management 1-4
requirements xxxvi
upgrading a switch B-19
DHCP
Cisco IOS server database
configuring 20-12
default configuration 20-7
described 20-5
enabling
relay agent 20-9
server 20-8
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-6
relay device 3-6
server side 3-5
server-side 20-8
TFTP server 3-5
example 3-8
lease options
for IP address information 3-5
for receiving the configuration file 3-5
overview 3-3
relationship to BOOTP 3-3
relay support 1-4, 1-9
support for 1-4
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 20-4
configuration guidelines 20-7
default configuration 20-7
displaying 20-13
forwarding address, specifying 20-9
helper address 20-9
overview 20-3
packet format, suboption
circuit ID 20-4
remote ID 20-4
remote ID suboption 20-4
DHCP snooping
and private VLANs 20-11
binding database
See DHCP snooping binding database
configuration guidelines 20-7
default configuration 20-7
DHCP snooping (continued)
displaying binding tables 20-13
message exchange process 20-4
option 82 data insertion 20-3
trusted interface 20-2
untrusted interface 20-2
untrusted messages 20-2
DHCP snooping binding database
adding bindings 20-12
binding file
format 20-6
location 20-5
bindings 20-5
clearing agent statistics 20-12
configuration guidelines 20-8
configuring 20-12
default configuration 20-7
deleting
binding file 20-12
bindings 20-13
database agent 20-12
described 20-5
displaying 20-13
binding entries 20-13
status and statistics 20-13
enabling 20-12
entry 20-5
renewing database 20-12
resetting
delay value 20-12
timeout value 20-12
updating process 20-6
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 31-2
Differentiated Services Code Point 31-2
Diffusing Update Algorithm (DUAL) 33-32
directed unicast requests 1-4
directories
changing B-3
creating and removing B-4
displaying the working B-3
Distance Vector Multicast Routing Protocol
See DVMRP
distance-vector protocols 33-3
distribute-list command 33-69
DNS
and DHCP-based autoconfiguration 3-6
default configuration 5-17
displaying the configuration 5-18
overview 5-16
setting up 5-17
support for 1-4
documentation, related xxxvi
document conventions xxxvi
domain names
DNS 5-16
VTP 12-8
Domain Name System
See DNS
dot1q-tunnel switchport mode 11-18
double-tagged packets
802.1Q tunneling 15-2
Layer 2 protocol tunneling 15-10
downloading
configuration files
preparing B-10, B-12, B-16
reasons for B-8
using FTP B-13
using RCP B-16
using TFTP B-11
image files
deleting old image B-23
preparing B-21, B-24, B-28
reasons for B-19
using CMS 1-2
using FTP B-25
downloading (continued)
image files (continued)
using HTTP 1-2, B-19
using Network Assistant 1-2
using RCP B-30
using TFTP B-22
using the device manager or Network Assistant B-19
drop threshold for Layer 2 protocol packets 15-11
DSCP 1-7, 31-2
DSCP input queue threshold map for QoS 31-16
DSCP output queue threshold map for QoS 31-19
DSCP-to-CoS map for QoS 31-62
DSCP-to-DSCP-mutation map for QoS 31-63
DSCP transparency 31-39
DTP 1-6, 11-17
DUAL finite state machine, EIGRP 33-33
duplex mode, configuring 9-16
DVMRP
autosummarization
configuring a summary address 35-46
disabling 35-48
connecting PIM domain to DVMRP router 35-38
enabling unicast routing 35-42
interoperability
with Cisco devices 35-36
with Cisco IOS software 35-7
mrinfo requests, responding to 35-41
neighbors
advertising the default route to 35-40
discovery with Probe messages 35-36
displaying information 35-41
prevent peering with nonpruning 35-44
rejecting nonpruning 35-42
overview 35-7
routes
adding a metric offset 35-48
advertising all 35-48
advertising the default route to neighbors 35-40
DVMRP (continued)
routes (continued)
caching DVMRP routes learned in report messages 35-42
changing the threshold for syslog messages 35-45
deleting 35-49
displaying 35-50
favoring one over another 35-48
limiting the number injected into MBONE 35-45
limiting unicast route advertisements 35-36
routing table 35-7
source distribution tree, building 35-7
support for 1-9
tunnels
configuring 35-38
displaying neighbor information 35-41
dynamic access ports
characteristics 11-4
configuring 11-30
defined 9-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 21-1
ARP requests, described 21-1
ARP spoofing attack 21-1
clearing
log buffer 21-15
statistics 21-15
configuration guidelines 21-6
configuring
ACLs for non-DHCP environments 21-8
in DHCP environments 21-7
log buffer 21-12
rate limit for incoming ARP packets 21-4, 21-10
default configuration 21-5
denial-of-service attacks, preventing 21-10
described 21-1
DHCP snooping binding database 21-2
dynamic ARP inspection (continued)
displaying
ARP ACLs 21-14
configuration and operating state 21-14
log buffer 21-15
statistics 21-15
trust state and rate limit 21-14
error-disabled state for exceeding rate limit 21-4
function of 21-2
interface trust states 21-3
log buffer
clearing 21-15
configuring 21-12
displaying 21-15
logging of dropped packets, described 21-4
man-in-the middle attack, described 21-2
network security issues and interface trust states 21-3
priority of ARP ACLs and DHCP snooping entries 21-4
rate limiting of ARP packets
configuring 21-10
described 21-4
error-disabled state 21-4
statistics
clearing 21-15
displaying 21-15
validation checks, performing 21-11
dynamic auto trunking mode 11-18
dynamic desirable trunking mode 11-18
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 11-28
reconfirming 11-31
troubleshooting 11-33
types of connections 11-30
dynamic routing 33-3
Dynamic Trunking Protocol
See DTP
E
EBGP 33-38
editing features
enabling and disabling 2-6
keystrokes used 2-6
wrapped lines 2-8
EIGRP
authentication 33-36
components 33-33
configuring 33-35
default configuration 33-34
definition 33-32
interface parameters, configuring 33-36
monitoring 33-37
support for 1-8
enable password 7-4
enable secret password 7-4
encryption, CipherSuite 7-43
encryption for passwords 7-4
Enhanced IGRP
See EIGRP
environment variables, function of 3-15
equal-cost routing 1-8, 33-60
error messages during command entry 2-4
EtherChannel
802.3ad, described 32-5
automatic creation of 32-4, 32-5
channel groups
binding physical and logical interfaces 32-3
numbering of 32-3
configuration guidelines 32-9
configuring
Layer 2 interfaces 32-10
Layer 3 physical interfaces 32-13
Layer 3 port-channel logical interfaces 32-12
default configuration 32-8
described 32-2
displaying status 32-20
EtherChannel (continued)
forwarding methods 32-6, 32-15
interaction
with STP 32-9
with VLANs 32-9
LACP
described 32-5
displaying status 32-20
hot-standby ports 32-17
interaction with other features 32-6
modes 32-5
port priority 32-19
system priority 32-18
Layer 3 interface 33-3
load balancing 32-6, 32-15
logical interfaces, described 32-3
PAgP
aggregate-port learners 32-16
compatibility with Catalyst 1900 32-16
described 32-4
displaying status 32-20
interaction with other features 32-5
learn method and priority configuration 32-16
modes 32-4
support for 1-3
port-channel interfaces
described 32-3
numbering of 32-3
port groups 9-5
support for 1-3
EtherChannel guard
described 18-7
disabling 18-14
enabling 18-14
Ethernet VLANs
adding 11-9
defaults and ranges 11-8
modifying 11-9
events, RMON 27-3
examples
conventions for xxxvi
network configuration 1-12
expedite queue for QoS 31-76
Express Setup 1-2
See also getting started guide
extended-range VLANs
configuration guidelines 11-13
configuring 11-12
creating 11-13
defined 11-1
extended system ID
MSTP 17-14
STP 16-4, 16-14
Extensible Authentication Protocol over LAN 8-1
external BGP
See EBGP
external neighbors, BGP 33-42
F
fallback bridging
and protected ports 37-3
bridge groups
creating 37-3
described 37-1
displaying 37-10
function of 37-2
number supported 37-4
removing 37-4
bridge table
clearing 37-10
displaying 37-10
configuration guidelines 37-3
connecting interfaces with 9-9
default configuration 37-3
described 37-1
fallback bridging (continued)
frame forwarding
flooding packets 37-2
forwarding packets 37-2
overview 37-1
protocol, unsupported 37-3
STP
disabling on an interface 37-10
forward-delay interval 37-9
hello BPDU interval 37-8
interface priority 37-6
keepalive messages 16-2
maximum-idle interval 37-9
path cost 37-7
VLAN-bridge spanning-tree priority 37-6
VLAN-bridge STP 37-2
support for 1-8
SVIs and routed ports 37-1
unsupported protocols 37-3
VLAN-bridge STP 16-11
features, incompatible 23-11
FIB 33-59
fiber-optic, detecting unidirectional links 25-1
files
copying B-4
crashinfo
description 38-23
displaying the contents of 38-23
location 38-23
deleting B-5
displaying the contents of B-7
tar
creating B-6
displaying the contents of B-6
extracting B-7
image file format B-20
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-4
setting the default B-3
filtering
in a VLAN 30-30
non-IP traffic 30-27
show and more command output 2-8
filtering show and more command output 2-8
filters, IP
See ACLs, IP
flash device, number of B-1
Flex Links
configuration guidelines 19-2
configuring 19-3
default configuration 19-2
description 19-1
monitoring 19-3
flooded traffic, blocking 23-7
flow-based packet classification 1-7
flowcharts
QoS classification 31-6
QoS egress queueing and scheduling 31-17
QoS ingress queueing and scheduling 31-15
QoS policing and marking 31-11
flow control 1-3, 9-18
forward-delay time
MSTP 17-20
STP 16-21
Forwarding Information Base
See FIB
forwarding nonroutable protocols 37-1
FTP
accessing MIB files A-3
configuration files
downloading B-13
overview B-12
preparing the server B-12
uploading B-14
image files
deleting old image B-27
downloading B-25
preparing the server B-24
uploading B-27
G
get-bulk-request operation 29-3
get-next-request operation 29-3, 29-4
get-request operation 29-3, 29-4
get-response operation 29-3
global configuration mode 2-2
guest VLAN and 802.1x 8-8
guide
audience xxxv
purpose of xxxv
guide mode 1-2
GUIs
See device manager and Network Assistant 1-4
H
hardware limitations and Layer 3 interfaces 9-23
hello time
MSTP 17-19
STP 16-20
help, for the command line 2-3
hierarchical policy maps 31-8
configuration guidelines 31-33
configuring 31-51
described 31-10
history
changing the buffer size 2-5
described 2-4
disabling 2-5
recalling commands 2-5
history table, level and number of syslog messages 28-9
host ports
configuring 13-11
kinds of 13-2
hosts, limit on dynamic ports 11-33
Hot Standby Router Protocol
See HSRP
HP OpenView 1-4
HSRP
authentication string 34-9
binding to cluster group 34-11
command-switch redundancy 1-1, 1-5
configuring 34-4
default configuration 34-5
definition 34-1
guidelines 34-5
monitoring 34-11
overview 34-1
priority 34-7
routing redundancy 1-8
support for ICMP redirect messages 34-11
timers 34-9
tracking 34-7
HTTP over SSL
see HTTPS
HTTPS 7-42
configuring 7-45
self-signed certificate 7-42
HTTP secure server 7-42
I
IBPG 33-38
ICMP
redirect messages 33-11
support for 1-9
time-exceeded messages 38-17
traceroute and 38-17
unreachable messages 30-21
unreachables and ACLs 30-22
ICMP ping
executing 38-14
overview 38-13
ICMP Router Discovery Protocol
See IRDP
IDS appliances
and ingress RSPAN 26-20
and ingress SPAN 26-13
IEEE 802.1p 14-1
ifIndex values, SNMP 29-5
IFS 1-4
IGMP
configuring the switch
as a member of a group 35-26
statically connected member 35-31
controlling access to groups 35-27
default configuration 35-26
deleting cache entries 35-50
displaying groups 35-50
fast switching 35-31
host-query interval, modifying 35-29
joining multicast group 22-3
join messages 22-3
leave processing, enabling 22-9
leaving multicast group 22-4
multicast reachability 35-26
overview 35-2
queries 22-3
IGMP (continued)
report suppression
described 22-5
disabling 22-10
support for 1-3
Version 1
changing to Version 2 35-28
described 35-3
Version 2
changing to Version 1 35-28
described 35-3
maximum query response time value 35-30
pruning groups 35-30
query timeout value 35-30
IGMP filtering
configuring 22-19
default configuration 22-19
described 22-18
monitoring 22-23
support for 1-3
IGMP groups
configuring filtering 22-22
setting the maximum number 22-21
IGMP profile
applying 22-20
configuration mode 22-19
configuring 22-20
IGMP snooping
and address aliasing 22-2
configuring 22-5
default configuration 22-6
definition 22-1
enabling and disabling 22-6
global configuration 22-6
Immediate Leave 22-5
method 22-7
monitoring 22-10
support for 1-3
VLAN configuration 22-6
IGMP throttling
configuring 22-22
default configuration 22-19
described 22-19
displaying action 22-23
IGP 33-24
Immediate Leave, IGMP
described 22-5
enabling 22-9
initial configuration
defaults 1-10
Express Setup 1-2
See also getting started guide and hardware installation guide
interface
number 9-10
range macros 9-12
interface command 9-10
interface configuration mode 2-2
interfaces
configuration guidelines
duplex and speed 9-16
configuring
duplex mode 9-16
procedure 9-10
speed 9-16
counters, clearing 9-26
described 9-22
descriptive name, adding 9-22
displaying information about 9-25
flow control 9-18
management 1-4
monitoring 9-25
naming 9-22
physical, identifying 9-10
range of 9-11
restarting 9-27
shutting down 9-27
status 9-25
interfaces (continued)
supported 9-10
types of 9-1
interfaces range macro command 9-12
interface types 9-10
Interior Gateway Protocol
See IGP
internal BGP
See IBGP
internal neighbors, BGP 33-42
Internet Control Message Protocol
See ICMP
Internet Group Management Protocol
See IGMP
Inter-Switch Link
See ISL
inter-VLAN routing 1-8, 33-2
Intrusion Detection System
See IDS appliances
ip access group command 30-21
IP ACLs
applying to an interface 30-20
extended, creating 30-10
for QoS classification 31-7
implicit deny 30-9, 30-14, 30-16
implicit masks 30-9
logging 30-16
named 30-15
standard, creating 30-9
undefined 30-22
virtual terminal lines, setting on 30-20
IP addresses
candidate or member 4-3
classes of 33-5
command switch 4-2
default configuration 33-4
discovering 5-27
for IP routing 33-4
MAC address association 33-8
IP addresses (continued)
monitoring 33-17
See also IP information
IP broadcast address 33-15
ip cef distributed command 33-59
IP directed broadcasts 33-13
ip igmp profile command 22-19
IP information
assigned
manually 3-9
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing
addresses
all-hosts 35-3
all-multicast-routers 35-3
host group address range 35-3
administratively-scoped boundaries, described 35-34
and IGMP snooping 22-1
Auto-RP
adding to an existing sparse-mode cloud 35-13
benefits of 35-13
clearing the cache 35-50
configuration guidelines 35-9
filtering incoming RP announcement messages 35-16
overview 35-5
preventing candidate RP spoofing 35-16
preventing join messages to false RPs 35-15
setting up in a new internetwork 35-13
using with BSR 35-21
bootstrap router
configuration guidelines 35-9
configuring candidate BSRs 35-19
configuring candidate RPs 35-20
defining the IP multicast boundary 35-18
defining the PIM domain border 35-17
overview 35-5
using with Auto-RP 35-21
Cisco implementation 35-2
IP multicast routing (continued)
configuring
basic multicast routing 35-10
IP multicast boundary 35-34
default configuration 35-8
enabling
multicast forwarding 35-10
PIM mode 35-11
group-to-RP mappings
Auto-RP 35-5
BSR 35-5
MBONE
deleting sdr cache entries 35-50
described 35-33
displaying sdr cache 35-51
enabling sdr listener support 35-33
limiting DVMRP routes advertised 35-45
limiting sdr cache entry lifetime 35-34
SAP packets for conference session announcement 35-33
Session Directory (sdr) tool, described 35-33
monitoring
packet rate loss 35-51
peering devices 35-51
tracing a path 35-51
multicast forwarding, described 35-6
PIMv1 and PIMv2 interoperability 35-8
protocol interaction 35-2
reverse path check (RPF) 35-6
routing table
deleting 35-50
displaying 35-50
RP
assigning manually 35-11
configuring Auto-RP 35-13
configuring PIMv2 BSR 35-17
monitoring mapping information 35-22
using Auto-RP and BSR 35-21
IP multicast routing (continued)
statistics, displaying system and network 35-50
See also CGMP
See also DVMRP
See also IGMP
See also PIM
IP phones
and QoS 14-1
automatic classification and queueing 31-20
configuring 14-4
ensuring port security with QoS 31-38
trusted boundary for QoS 31-38
IP precedence 31-2
IP-precedence-to-DSCP map for QoS 31-60
IP protocols
in ACLs 30-12
routing 1-8
IP routes, monitoring 33-72
IP routing
connecting interfaces with 9-9
disabling 33-18
enabling 33-18
IP source guard
and 802.1x 20-15
and DHCP snooping 20-13
and EtherChannels 20-15
and port security 20-15
and private VLANs 20-15
and routed ports 20-15
and TCAM entries 20-15
and trunk interfaces 20-15
and VRF 20-15
binding configuration
automatic 20-14
manual 20-14
binding table 20-14
configuration guidelines 20-15
default configuration 20-14
described 20-13
IP source guard (continued)
disabling 20-16
displaying
bindings 20-16
configuration 20-16
enabling 20-15
filtering
source IP address 20-14
source IP and MAC address 20-14
source IP address filtering 20-14
source IP and MAC address filtering 20-14
static bindings
adding 20-15
deleting 20-16
IP traceroute
executing 38-17
overview 38-16
IP unicast routing
address resolution 33-8
administrative distances 33-61, 33-70
ARP 33-8
assigning IP addresses to Layer 3 interfaces 33-5
authentication keys 33-71
broadcast
address 33-15
flooding 33-16
packets 33-13
storms 33-13
classless routing 33-6
configuring static routes 33-60
default
addressing configuration 33-4
gateways 33-11
networks 33-61
routes 33-61
routing 33-2
directed broadcasts 33-13
disabling 33-18
dynamic routing 33-3
IP unicast routing (continued)
enabling 33-18
EtherChannel Layer 3 interface 33-3
IGP 33-24
inter-VLAN 33-2
IP addressing
classes 33-5
configuring 33-4
IRDP 33-12
Layer 3 interfaces 33-3
MAC address and IP address 33-8
passive interfaces 33-68
protocols
distance-vector 33-3
dynamic 33-3
link-state 33-3
proxy ARP 33-8
redistribution 33-62
reverse address resolution 33-8
routed ports 33-3
static routing 33-2
steps to configure 33-4
subnet mask 33-5
subnet zero 33-6
supernet 33-6
UDP 33-15
with SVIs 33-3
See also BGP
See also EIGRP
See also OSPF
See also RIP
IRDP
configuring 33-12
definition 33-12
support for 1-9
ISL
and trunk ports 9-3
encapsulation 1-6, 11-16
trunking with 802.1 tunneling 15-5
isolated port 13-2
isolated VLANs 13-2, 13-3
J
join messages, IGMP 22-3
K
KDC
described 7-32
See also Kerberos
keepalive messages 16-2
Kerberos
authenticating to
boundary switch 7-35
KDC 7-35
network services 7-35
configuration examples 7-32
configuring 7-36
credentials 7-32
cryptographic software image 7-32
described 7-32
KDC 7-32
operation 7-34
realm 7-33
server 7-33
support for 1-7
switch as trusted third party 7-32
terms 7-33
TGT 7-34
tickets 7-32
key distribution center
See KDC
L
l2protocol-tunnel command 15-13
LACP
Layer 2 protocol tunneling 15-9
See EtherChannel
Layer 2 frames, classification with CoS 31-2
Layer 2 interfaces, default configuration 9-14
Layer 2 protocol tunneling
configuring 15-10
configuring for EtherChannels 15-14
default configuration 15-11
defined 15-8
guidelines 15-11
Layer 2 traceroute
and ARP 38-16
and CDP 38-15
broadcast traffic 38-15
described 38-15
IP addresses and subnets 38-16
MAC addresses and VLANs 38-15
multicast traffic 38-15
multiple devices on a port 38-16
unicast traffic 38-15
usage guidelines 38-15
Layer 2 trunks 11-17
Layer 3 features 1-8
Layer 3 interfaces
assigning IP addresses to 33-5
changing from Layer 2 mode 33-5
types of 33-3
Layer 3 packets, classification methods 31-2
LEDs, switch
See hardware installation guide
line configuration mode 2-2
Link Aggregation Control Protocol
See EtherChannel
link redundancy
See Flex Links
links, unidirectional 25-1
link state advertisements (LSAs) 33-28
link-state protocols 33-3
load balancing 34-3
logging messages, ACL 30-10
login authentication
with RADIUS 7-23
with TACACS+ 7-14
login banners 5-18
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-14
loop guard
described 18-9
enabling 18-15
support for 1-5
M
MAC addresses
aging time 5-22
and VLAN association 5-21
building the address table 5-21
default configuration 5-22
discovering 5-27
displaying 5-27
displaying in the IP source binding table 20-16
dynamic
learning 5-21
removing 5-22
in ACLs 30-27
IP address association 33-8
static
adding 5-25
allowing 5-27
characteristics of 5-25
dropping 5-26
removing 5-25
MAC address notification, support for 1-9
MAC address-to-VLAN mapping 11-28
MAC extended access lists
applying to Layer 2 interfaces 30-29
configuring for QoS 31-45
creating 30-27
defined 30-27
for QoS classification 31-5
macros
See Smartports macros
manageability features 1-4
management access
in-band
browser session 1-4
CLI session 1-4
device manager 1-4
SNMP 1-5
out-of-band console port connection 1-5
management options
CLI 2-1
clustering 1-3
Network Assistant 1-2
overview 1-4
mapping tables for QoS
configuring
CoS-to-DSCP 31-59
DSCP 31-59
DSCP-to-CoS 31-62
DSCP-to-DSCP-mutation 31-63
IP-precedence-to-DSCP 31-60
policed-DSCP 31-61
described 31-12
marking
action in policy map 31-48
action with aggregate policers 31-57
described 31-4, 31-8
matching, ACLs 30-7
maximum aging time
MSTP 17-21
STP 16-21
maximum hop count, MSTP 17-21
maximum-paths command 33-45, 33-60
membership mode, VLAN port 11-3
member switch
defined 4-2
managing 4-3
recovering from lost connectivity 38-11
requirements 4-3
See also candidate switch, cluster standby group, and standby command switch
messages
logging ACL violations 30-16
to users through banners 5-18
messages, to users through banners 5-18
metrics, in BGP 33-46
metric translations, between routing protocols 33-65
metro tags 15-2
MHSRP 34-3
MIBs
accessing files with FTP A-3
location of files A-3
overview 29-1
SNMP interaction with 29-4
supported A-1
mirroring traffic for analysis 26-1
mismatches, autonegotiation 38-11
module number 9-10
monitoring
802.1Q tunneling 15-17
access groups 30-40
ACL configuration 30-40
BGP 33-57
cables for unidirectional links 25-1
CDP 24-5
CEF 33-59
EIGRP 33-37
fallback bridging 37-10
monitoring (continued)
features 1-9
Flex Links 19-3
HSRP 34-11
IGMP
filters 22-23
snooping 22-10
interfaces 9-25
IP
address tables 33-17
multicast routing 35-49
routes 33-72
Layer 2 protocol tunneling 15-17
MSDP peers 36-19
multicast router interfaces 22-11
MVR 22-18
network traffic for analysis with probe 26-2
OSPF 33-31
port
blocking 23-16
protection 23-16
private VLANs 13-14
RP mapping information 35-22
SFP status 1-10, 9-26, 38-13
source-active messages 36-19
speed and duplex mode 9-18
traffic flowing among switches 27-1
traffic suppression 23-16
tunneling 15-17
VLAN
filters 30-41
maps 30-41
VLANs 11-15
VMPS 11-32
VTP 12-15, 12-16
MSDP
benefits of 36-3
clearing MSDP connections and statistics 36-19
MSDP (continued)
controlling source information
forwarded by switch 36-12
originated by switch 36-9
received by switch 36-14
default configuration 36-4
dense-mode regions
sending SA messages to 36-17
specifying the originating address 36-18
filtering
incoming SA messages 36-14
SA messages to a peer 36-12
SA requests from a peer 36-11
join latency, defined 36-6
meshed groups
configuring 36-16
defined 36-16
originating address, changing 36-18
overview 36-1
peer-RPF flooding 36-2
peers
configuring a default 36-4
monitoring 36-19
peering relationship, overview 36-1
requesting source information from 36-8
shutting down 36-16
source-active messages
caching 36-6
clearing cache entries 36-19
defined 36-2
filtering from a peer 36-11
filtering incoming 36-14
filtering to a peer 36-12
limiting data with TTL 36-14
monitoring 36-19
restricting advertised sources 36-9
support for 1-9
MSTP
boundary ports
configuration guidelines 17-12
described 17-5
BPDU filtering
described 18-3
enabling 18-12
BPDU guard
described 18-3
enabling 18-11
CIST, described 17-3
configuration guidelines 17-12, 18-10
configuring
forward-delay time 17-20
hello time 17-19
link type for rapid convergence 17-22
maximum aging time 17-21
maximum hop count 17-21
MST region 17-13
path cost 17-18
port priority 17-17
root switch 17-14
secondary root switch 17-16
switch priority 17-19
CST
defined 17-3
operations between regions 17-4
default configuration 17-12
default optional feature configuration 18-9
displaying status 17-23
enabling the mode 17-13
EtherChannel guard
described 18-7
enabling 18-14
extended system ID
effects on root switch 17-14
effects on secondary root switch 17-16
unexpected behavior 17-15
instances supported 16-9
MSTP (continued)
interface state, blocking to forwarding 18-2
interoperability and compatibility among modes 16-10
interoperability with 802.1D
described 17-5
restarting migration process 17-22
IST
defined 17-3
master 17-3
operations within a region 17-3
loop guard
described 18-9
enabling 18-15
mapping VLANs to MST instance 17-13
MST region
CIST 17-3
configuring 17-13
described 17-2
hop-count mechanism 17-5
IST 17-3
supported spanning-tree instances 17-2
optional features supported 1-5
overview 17-2
Port Fast
described 18-2
enabling 18-10
preventing root switch selection 18-8
root guard
described 18-8
enabling 18-14
root switch
configuring 17-15
effects of extended system ID 17-14
unexpected behavior 17-15
shutdown Port Fast-enabled port 18-3
status, displaying 17-23
multicast groups
Immediate Leave 22-5
joining 22-3
multicast groups (continued)
leaving 22-4
static joins 22-9
multicast packets
ACLs on 30-40
blocking 23-7
multicast router interfaces, monitoring 22-11
multicast router ports, adding 22-8
Multicast Source Discovery Protocol
See MSDP
multicast storm 23-1
multicast storm-control command 23-4
Multicast VLAN Registration
See MVR
Multiple HSRP
See MHSRP
MVR
and address aliasing 22-15
configuring interfaces 22-16
default configuration 22-14
described 22-11
modes 22-16
monitoring 22-18
setting global parameters 22-15
support for 1-3
N
named IP ACLs 30-15
native VLAN
and 802.1Q tunneling 15-4
configuring 11-23
default 11-23
neighbor discovery/recovery, EIGRP 33-33
neighbors, BGP 33-52
Network Assistant
benefits 1-2
described 1-4
downloading image files 1-2
Network Assistant (continued)
guide mode 1-2
management options 1-2
requirements xxxvi
upgrading a switch B-19
wizards 1-2
network configuration examples
increasing network performance 1-13
large network 1-16
long-distance, high-bandwidth transport 1-17
providing network services 1-14
small to medium-sized network 1-14
network design
performance 1-13
services 1-14
network management
CDP 24-1
RMON 27-1
SNMP 29-1
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
configuration guidelines 31-33
configuring 31-48
described 31-9
non-IP traffic filtering 30-27
nontrunking mode 11-18
normal-range VLANs
configuration modes 11-7
defined 11-1
no switchport command 9-4
note, described xxxvi
not-so-stubby areas
See NSSA
NSSA, OSPF 33-28
NTP
associations
authenticating 5-5
defined 5-2
enabling broadcast messages 5-7
peer 5-6
server 5-6
default configuration 5-4
displaying the configuration 5-11
overview 5-2
restricting access
creating an access group 5-9
disabling NTP services per interface 5-10
source IP address, configuring 5-10
stratum 5-2
support for 1-4
synchronizing devices 5-6
time
services 5-2
synchronizing 5-2
O
Open Shortest Path First
See OSPF
optimizing system resources 6-1
options, management 1-4
OSPF
area parameters, configuring 33-28
configuring 33-26
default configuration
metrics 33-29
route 33-29
settings 33-25
described 33-24
interface parameters, configuring 33-27
OSPF (continued)
LSA group pacing 33-30
monitoring 33-31
router IDs 33-31
route summarization 33-29
support for 1-8
virtual links 33-29
out-of-profile markdown 1-8
P
packet modification, with QoS 31-19
PAgP
Layer 2 protocol tunneling 15-9
See EtherChannel
parallel paths, in routing tables 33-60
passive interfaces
configuring 33-68
OSPF 33-29
passwords
default configuration 7-2
disabling recovery of 7-5
encrypting 7-4
for security 1-6
overview 7-1
recovery of 38-3
setting
enable 7-3
enable secret 7-4
Telnet 7-6
with usernames 7-7
VTP domain 12-8
path cost
MSTP 17-18
STP 16-18
PBR
defined 33-65
enabling 33-67
fast-switched policy-based routing 33-68
local policy-based routing 33-68
peers, BGP 33-52
performance, network design 1-13
performance features 1-3
persistent self-signed certificate 7-42
per-VLAN spanning-tree plus
See PVST+
physical ports 9-2
PIM
default configuration 35-8
dense mode
overview 35-4
rendezvous point (RP), described 35-4
RPF lookups 35-7
displaying neighbors 35-50
enabling a mode 35-11
overview 35-3
router-query message interval, modifying 35-25
shared tree and source tree, overview 35-22
shortest path tree, delaying the use of 35-24
sparse mode
join messages and shared tree 35-4
overview 35-4
prune messages 35-5
RPF lookups 35-7
support for 1-9
versions
interoperability 35-8
troubleshooting interoperability problems 35-22
v2 improvements 35-4
PIM-DVMRP, as snooping method 22-7
ping
character output description 38-14
executing 38-14
overview 38-13
PoE
auto mode 9-7
CDP with power consumption, described 9-6
CDP with power negotiation, described 9-6
Cisco intelligent power management 9-6
configuring 9-20
devices supported 9-5
high-power devices operating in low-power mode 9-6
IEEE power classification levels 9-7
powered-device detection and initial power allocation 9-6
power management modes 9-7
power negotiation extensions to CDP 9-6
standards supported 9-6
static mode 9-8
supported watts per port 9-6
troubleshooting 38-12
policed-DSCP map for QoS 31-61
policers
configuring
for each matched traffic class 31-48
for more than one traffic class 31-57
described 31-4
displaying 31-77
number of 31-33
types of 31-9
policing
described 31-4
hierarchical
See hierarchical policy maps
token-bucket algorithm 31-9
policy-based routing
See PBR
policy maps
hierarchical 31-8
policy maps for QoS
characteristics of 31-48
described 31-7
displaying 31-78
hierarchical on SVIs
configuration guidelines 31-33
configuring 31-51
described 31-10
nonhierarchical on physical ports
configuration guidelines 31-33
configuring 31-48
described 31-9
port ACLs
defined 30-2
types of 30-3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 8-5
authentication server
defined 8-2
RADIUS server 8-2
client, defined 8-2
configuration guidelines 8-11
configuring
802.1x authentication 8-12
guest VLAN 8-19
host mode 8-18
manual re-authentication of a client 8-15
periodic re-authentication 8-15
quiet period 8-15
RADIUS server 8-14
RADIUS server parameters on the switch 8-13
switch-to-client frame-retransmission number 8-17
switch-to-client retransmission time 8-16
default configuration 8-10
described 8-1
port-based authentication (continued)
device roles 8-2
displaying statistics 8-22
EAPOL-start frame 8-3
EAP-request/identity frame 8-3
EAP-response/identity frame 8-3
encapsulation 8-3
guest VLAN
configuration guidelines 8-9
described 8-8
host mode 8-5
initiation and message exchange 8-3
method lists 8-12
multiple-hosts mode, described 8-5
per-user ACLs
AAA authorization 8-12
configuration tasks 8-9
described 8-9
RADIUS server attributes 8-9
ports
authorization state and dot1x port-control command 8-4
authorized and unauthorized 8-4
voice VLAN 8-7
port security
and voice VLAN 8-6
described 8-6
interactions 8-6
multiple-hosts mode 8-5
resetting to default values 8-20
statistics, displaying 8-22
switch
as proxy 8-2
RADIUS client 8-2
upgrading from a previous release 31-26
port-based authentication (continued)
VLAN assignment
AAA authorization 8-12
characteristics 8-7
configuration tasks 8-8
described 8-7
voice VLAN
described 8-7
PVID 8-7
VVID 8-7
port blocking 1-3, 23-6
port-channel
See EtherChannel
Port Fast
described 18-2
enabling 18-10
mode, spanning tree 11-29
support for 1-5
port membership modes, VLAN 11-3
port priority
MSTP 17-17
STP 16-17
ports
802.1Q tunnel 11-4
access 9-3
blocking 23-6
dynamic access 11-4
protected 23-5
routed 9-4
secure 23-7
static-access 11-3, 11-11
switch 9-2
trunks 11-3, 11-16
VLAN assignments 11-11
port security
aging 23-15
and QoS trusted boundary 31-38
configuring 23-12
default configuration 23-10
described 23-7
displaying 23-16
on trunk ports 23-13
sticky learning 23-8
violations 23-9
with other features 23-10
port-shutdown response, VMPS 11-28
Power over Ethernet
See PoE
preferential treatment of traffic
See QoS
prefix lists, BGP 33-50
preventing unauthorized access 7-1
primary links 19-1
primary VLANs 13-1, 13-3
priority
HSRP 34-7
overriding CoS 14-6
trusting CoS 14-6
private VLAN edge ports
See protected ports
private VLANs
across multiple switches 13-4
and SDM template 13-4
and SVIs 13-5
benefits of 13-1
community ports 13-2
community VLANs 13-2, 13-3
configuration guidelines 13-6, 13-7, 13-8
configuration tasks 13-6
configuring 13-9
default configuration 13-6
end station access to 13-3
IP addressing 13-3
private VLANs (continued)
isolated port 13-2
isolated VLANs 13-2, 13-3
mapping 13-13
monitoring 13-14
ports
community 13-2
configuration guidelines 13-8
configuring host ports 13-11
configuring promiscuous ports 13-12
described 11-4
isolated 13-2
promiscuous 13-2
primary VLANs 13-1, 13-3
promiscuous ports 13-2
secondary VLANs 13-2
subdomains 13-1
traffic in 13-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 7-9
command switch 4-4
exiting 7-10
logging into 7-10
mapping on member switches 4-4
overview 7-2, 7-8
setting a command with 7-8
promiscuous ports
configuring 13-12
defined 13-2
protected ports 1-6, 23-5
protocol-dependent modules, EIGRP 33-33
Protocol-Independent Multicast Protocol
See PIM
proxy ARP
configuring 33-10
definition 33-8
with IP routing disabled 33-11
pruning, VTP
disabling
in VTP domain 12-14
on a port 11-23
enabling
in VTP domain 12-14
on a port 11-22
examples 12-5
overview 12-4
pruning-eligible list
changing 11-22
for VTP pruning 12-4
VLANs 12-14
PVST+
802.1Q trunking interoperability 16-10
described 16-9
instances supported 16-9
Q
QoS
and MQC commands 31-1
auto-QoS
categorizing traffic 31-20
configuration and defaults display 31-30
configuration guidelines 31-25
described 31-20
disabling 31-27
displaying generated commands 31-27
displaying the initial configuration 31-30
effects on running configuration 31-25
egress queue defaults 31-21
enabling for VoIP 31-27
example configuration 31-28
ingress queue defaults 31-21
list of generated commands 31-22
basic model 31-4
QoS (continued)
classification
class maps, described 31-7
defined 31-4
DSCP transparency, described 31-39
flowchart 31-6
forwarding treatment 31-3
in frames and packets 31-3
IP ACLs, described 31-5, 31-7
MAC ACLs, described 31-5, 31-7
options for IP traffic 31-5
options for non-IP traffic 31-5
policy maps, described 31-7
trust DSCP, described 31-5
trusted CoS, described 31-5
trust IP precedence, described 31-5
class maps
configuring 31-46
displaying 31-77
configuration guidelines
auto-QoS 31-25
standard QoS 31-33
configuring
aggregate policers 31-57
auto-QoS 31-20
default port CoS value 31-37
DSCP maps 31-59
DSCP transparency 31-39
DSCP trust states bordering another domain 31-40
egress queue characteristics 31-70
ingress queue characteristics 31-65
IP extended ACLs 31-44
IP standard ACLs 31-42
MAC ACLs 31-45
policy maps, hierarchical 31-51
policy maps on physical ports 31-48
port trust states within the domain 31-35
trusted boundary 31-38
default auto configuration 31-20
QoS (continued)
default standard configuration 31-31
displaying statistics 31-77
DSCP transparency 31-39
egress queues
allocating buffer space 31-70
buffer allocation scheme, described 31-18
configuring shaped weights for SRR 31-74
configuring shared weights for SRR 31-75
described 31-4
displaying the threshold map 31-73
flowchart 31-17
mapping DSCP or CoS values 31-72
scheduling, described 31-4
setting WTD thresholds 31-70
WTD, described 31-19
enabling globally 31-34
flowcharts
classification 31-6
egress queueing and scheduling 31-17
ingress queueing and scheduling 31-15
policing and marking 31-11
implicit deny 31-7
ingress queues
allocating bandwidth 31-68
allocating buffer space 31-67
buffer and bandwidth allocation, described 31-16
configuring shared weights for SRR 31-68
configuring the priority queue 31-69
described 31-4
displaying the threshold map 31-66
flowchart 31-15
mapping DSCP or CoS values 31-66
priority queue, described 31-16
scheduling, described 31-4
setting WTD thresholds 31-66
WTD, described 31-16
QoS (continued)
IP phones
automatic classification and queueing 31-20
detection and trusted settings 31-20, 31-38
limiting bandwidth on egress interface 31-76
mapping tables
CoS-to-DSCP 31-59
displaying 31-77
DSCP-to-CoS 31-62
DSCP-to-DSCP-mutation 31-63
IP-precedence-to-DSCP 31-60
policed-DSCP 31-61
types of 31-12
marked-down actions 31-49, 31-54
marking, described 31-4, 31-8
overview 31-2
packet modification 31-19
policers
configuring 31-49, 31-54, 31-57
described 31-8
displaying 31-77
number of 31-33
types of 31-9
policies, attaching to an interface 31-8
policing
described 31-4, 31-8
token bucket algorithm 31-9
policy maps
characteristics of 31-48
displaying 31-78
hierarchical 31-8
hierarchical on SVIs 31-51
nonhierarchical on physical ports 31-48
QoS label, defined 31-4
queues
configuring egress characteristics 31-70
configuring ingress characteristics 31-65
high priority (expedite) 31-19, 31-76
location of 31-13
QoS (continued)
queues (continued)
SRR, described 31-14
WTD, described 31-13
rewrites 31-19
support for 1-7
trust states
bordering another domain 31-40
described 31-5
trusted device 31-38
within the domain 31-35
quality of service
See QoS
queries, IGMP 22-3
R
RADIUS
attributes
vendor-proprietary 7-31
vendor-specific 7-29
configuring
accounting 7-28
authentication 7-23
authorization 7-27
communication, global 7-21, 7-29
communication, per-server 7-20, 7-21
multiple UDP ports 7-20
default configuration 7-20
defining AAA server groups 7-25
displaying the configuration 7-31
identifying the server 7-20
limiting the services to the user 7-27
method list, defined 7-19
operation of 7-19
overview 7-18
suggested network environments 7-18
support for 1-7
tracking services accessed by user 7-28
range
macro 9-12
of interfaces 9-11
rapid convergence 17-7
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
802.1Q trunking interoperability 16-10
described 16-9
instances supported 16-9
Rapid Spanning Tree Protocol
See RSTP
RARP 33-8
rcommand command 4-3
RCP
configuration files
downloading B-16
overview B-15
preparing the server B-16
uploading B-17
image files
deleting old image B-31
downloading B-30
preparing the server B-28
uploading B-32
reconfirmation interval, VMPS, changing 11-31
recovery procedures 38-1
redundancy
EtherChannel 32-2
HSRP 34-1
STP
backbone 16-8
path cost 11-26
port priority 11-24
redundant links and UplinkFast 18-12
reliable transport protocol, EIGRP 33-33
reloading software 3-15
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
report suppression, IGMP
described 22-5
disabling 22-10
requirements
cluster xxxvii
device manager xxxvi
Network Assistant xxxvi
resequencing ACL entries 30-15
resets, in BGP 33-44
resetting a UDLD-shutdown interface 25-6
restricting access
NTP services 5-8
overview 7-1
passwords and privilege levels 7-2
RADIUS 7-17
TACACS+ 7-10
retry count, VMPS, changing 11-32
reverse address resolution 33-8
Reverse Address Resolution Protocol
See RARP
RFC
1058, RIP 33-19
1112, IP multicast and IGMP 22-2
1157, SNMPv1 29-2
1163, BGP 33-38
1166, IP addresses 33-5
1253, OSPF 33-24
1267, BGP 33-38
1305, NTP 5-2
1587, NSSAs 33-24
1757, RMON 27-2
1771, BGP 33-38
1901, SNMPv2C 29-2
RFC (continued)
1902 to 1907, SNMPv2 29-2
2236, IP multicast and IGMP 22-2
2273-2275, SNMPv3 29-2
RIP
advertisements 33-19
authentication 33-21
configuring 33-20
default configuration 33-19
described 33-19
hop counts 33-19
split horizon 33-22
summary addresses 33-22
support for 1-8
RMON
default configuration 27-3
displaying status 27-6
enabling alarms and events 27-3
groups supported 27-2
overview 27-1
statistics
collecting group Ethernet 27-6
collecting group history 27-5
support for 1-9
root guard
described 18-8
enabling 18-14
support for 1-5
root switch
MSTP 17-14
STP 16-14
route calculation timers, OSPF 33-30
route dampening, BGP 33-56
routed packets, ACLs on 30-39
routed ports
configuring 33-3
defined 9-4
IP addresses on 9-23, 33-3
route-map command 33-67
route maps
BGP 33-47
policy-based routing 33-66
router ACLs
defined 30-2
types of 30-4
route reflectors, BGP 33-55
router ID, OSPF 33-31
route selection, BGP 33-45
route summarization, OSPF 33-29
routing
default 33-2
dynamic 33-3
redistribution of information 33-62
static 33-2
routing domain confederation, BGP 33-55
Routing Information Protocol
See RIP
routing protocol administrative distances 33-61
RSPAN
characteristics 26-8
configuration guidelines 26-16
default configuration 26-9
destination ports 26-6
displaying status 26-23
interaction with other features 26-8
monitored ports 26-5
monitoring ports 26-6
overview 1-9, 26-1
received traffic 26-4
session limits 26-10
sessions
creating 26-17
defined 26-3
limiting source traffic to specific VLANs 26-22
specifying monitored ports 26-17
with ingress traffic enabled 26-20
RSPAN (continued)
source ports 26-5
transmitted traffic 26-5
VLAN-based 26-6
RSTP
active topology 17-6
BPDU
format 17-9
processing 17-10
designated port, defined 17-6
designated switch, defined 17-6
interoperability with 802.1D
described 17-5
restarting migration process 17-22
topology changes 17-10
overview 17-6
port roles
described 17-6
synchronized 17-8
proposal-agreement handshake process 17-7
rapid convergence
described 17-7
edge ports and Port Fast 17-7
point-to-point links 17-7, 17-22
root ports 17-7
root port, defined 17-6
See also MSTP
running configuration, saving 3-10
S
scheduled reloads 3-15
SDM
described 6-1
templates
configuring 6-3
number of 6-1
SDM template
configuring 6-2
types of 6-1
secondary VLANs 13-2
secure HTTP client
configuring 7-47
displaying 7-47
secure HTTP server
configuring 7-45
displaying 7-47
secure MAC addresses
deleting 23-14
maximum number of 23-8
types of 23-8
secure ports, configuring 23-7
secure remote connections 7-38
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 23-7
security features 1-6
sequence numbers in log messages 28-7
server mode, VTP 12-3
service-provider network, MSTP and RSTP 17-1
service-provider networks
and 802.1Q tunneling 15-1
and customer VLANs 15-2
Layer 2 protocols across 15-8
Layer 2 protocol tunneling for EtherChannels 15-9
set-request operation 29-4
setup program
failed command switch replacement 38-10
replacing failed command switch 38-8
severity levels, defining in system messages 28-8
SFPs
monitoring status of 1-10, 9-26, 38-13
security and identification 38-12
status, displaying 1-10
shaped round robin
See SRR
show access-lists hw-summary command 30-22
show and more command output, filtering 2-8
show cdp traffic command 24-5
show cluster members command 4-3
show configuration command 9-22
show forward command 38-20
show interfaces command 9-18, 9-22
show l2protocol command 15-13, 15-15, 15-16
show platform forward command 38-20
show running-config command
displaying ACLs 30-20, 30-21, 30-32, 30-34
interface description in 9-22
shutdown command on interfaces 9-27
shutdown threshold for Layer 2 protocol packets 15-11
Simple Network Management Protocol
See SNMP
Smartports macros
applying Cisco-default macros 10-6
applying global parameter values 10-5, 10-6
applying macros 10-5
applying parameter values 10-5, 10-7
configuration guidelines 10-3
creating 10-4
default configuration 10-2
defined 10-1
displaying 10-8
tracing 10-3
website 10-2
SNAP 24-1
SNMP
accessing MIB variables with 29-4
agent
described 29-4
disabling 29-8
authentication level 29-10
SNMP (continued)
community strings
configuring 29-8
for cluster switches 29-4
overview 29-4
configuration examples 29-15
default configuration 29-6
engine ID 29-7
groups 29-7, 29-9
host 29-7
ifIndex values 29-5
in-band management 1-5
informs
and trap keyword 29-11
described 29-5
differences from traps 29-5
disabling 29-14
enabling 29-14
limiting access by TFTP servers 29-15
limiting system log messages to NMS 28-9
manager functions 1-4, 29-3
managing clusters with 4-4
MIBs
location of A-3
supported A-1
notifications 29-5
overview 29-1, 29-4
security levels 29-3
status, displaying 29-16
system contact and location 29-14
trap manager, configuring 29-13
traps
described 29-3, 29-5
differences from informs 29-5
disabling 29-14
enabling 29-11
enabling MAC address notification 5-23
overview 29-1, 29-4
types of 29-11
SNMP (continued)
users 29-7, 29-9
versions supported 29-2
SNMPv1 29-2
SNMPv2C 29-2
SNMPv3 29-2
snooping, IGMP 22-1
software images
location in flash B-19
recovery procedures 38-2
scheduling reloads 3-16
tar file format, described B-20
See also downloading and uploading
source addresses, in ACLs 30-12
source-and-destination-IP address based forwarding, EtherChannel 32-7
source-and-destination MAC address forwarding, EtherChannel 32-6
source-IP address based forwarding, EtherChannel 32-6
source-MAC address forwarding, EtherChannel 32-6
SPAN
configuration guidelines 26-10
default configuration 26-9
destination ports 26-6
displaying status 26-23
interaction with other features 26-8
monitored ports 26-5
monitoring ports 26-6
overview 1-9, 26-1
ports, restrictions 23-11
received traffic 26-4
session limits 26-10
sessions
configuring ingress forwarding 26-14, 26-21
creating 26-11
defined 26-3
limiting source traffic to specific VLANs 26-15
removing destination (monitoring) ports 26-12
SPAN (continued)
sessions (continued)
specifying monitored ports 26-11
with ingress traffic enabled 26-13
source ports 26-5
transmitted traffic 26-5
VLAN-based 26-6
spanning tree and native VLANs 11-19
Spanning Tree Protocol
See STP
SPAN traffic 26-4
speed, configuring on interfaces 9-16
split horizon, RIP 33-22
SRR
configuring
shaped weights on egress queues 31-74
shared weights on egress queues 31-75
shared weights on ingress queues 31-68
described 31-14
shaped mode 31-14
shared mode 31-14
support for 1-8
SSH
configuring 7-39
cryptographic software image 7-37
described 1-5, 7-38
encryption methods 7-38
user authentication methods, supported 7-38
SSL
configuration guidelines 7-44
configuring a secure HTTP client 7-47
configuring a secure HTTP server 7-45
cryptographic software image 7-41
described 7-41
monitoring 7-47
standby command switch, requirements 4-2
standby ip command 34-5
standby links 19-1
standby router 34-1
standby timers, HSRP 34-9
startup configuration
booting
manually 3-13
specific image 3-13
clearing B-18
configuration file
automatically downloading 3-12
specifying the filename 3-12
default boot configuration 3-12
static access ports
assigning to VLAN 11-11
defined 9-3, 11-3
static addresses
See addresses
static IP routing 1-8
static MAC addressing 1-6
static routes, configuring 33-60
static routing 33-2
static VLAN membership 11-2
statistics
802.1x 8-22
CDP 24-5
interface 9-25
IP multicast routing 35-50
OSPF 33-31
QoS ingress and egress 31-77
RMON group Ethernet 27-6
RMON group history 27-5
SNMP input and output 29-16
VTP 12-15
sticky learning 23-8
storm control
configuring 23-3
described 23-1
disabling 23-5
displaying 23-16
support for 1-3
thresholds 23-1
STP
802.1D and bridge ID 16-4
802.1D and multicast addresses 16-8
802.1t and VLAN identifier 16-4
accelerating root port selection 18-4
BackboneFast
described 18-5
disabling 18-14
enabling 18-13
BPDU filtering
described 18-3
disabling 18-12
enabling 18-12
BPDU guard
described 18-3
disabling 18-11
enabling 18-11
BPDU message exchange 16-3
configuration guidelines 16-12, 18-10
configuring
forward-delay time 16-21
hello time 16-20
maximum aging time 16-21
path cost 16-18
port priority 16-17
root switch 16-14
secondary root switch 16-16
spanning-tree mode 16-13
switch priority 16-19
counters, clearing 16-22
default configuration 16-11
default optional feature configuration 18-9
designated port, defined 16-3
designated switch, defined 16-3
detecting indirect link failures 18-5
disabling 16-14
displaying status 16-22
STP (continued)
EtherChannel guard
described 18-7
disabling 18-14
enabling 18-14
extended system ID
effects on root switch 16-14
effects on the secondary root switch 16-16
overview 16-4
unexpected behavior 16-15
features supported 1-5
inferior BPDU 16-3
instances supported 16-9
interface state, blocking to forwarding 18-2
interface states
blocking 16-6
disabled 16-7
forwarding 16-5, 16-6
learning 16-6
listening 16-6
overview 16-4
interoperability and compatibility among modes 16-10
keepalive messages 16-2
Layer 2 protocol tunneling 15-8
limitations with 802.1Q trunks 16-10
load sharing
overview 11-24
using path costs 11-26
using port priorities 11-24
loop guard
described 18-9
enabling 18-15
modes supported 16-9
multicast addresses, effect of 16-8
optional features supported 1-5
overview 16-2
path costs 11-26
STP (continued)
Port Fast
described 18-2
enabling 18-10
port priorities 11-25
preventing root switch selection 18-8
protocols supported 16-9
redundant connectivity 16-8
root guard
described 18-8
enabling 18-14
root port, defined 16-3
root switch
configuring 16-15
effects of extended system ID 16-4, 16-14
election 16-3
unexpected behavior 16-15
shutdown Port Fast-enabled port 18-3
status, displaying 16-22
superior BPDU 16-3
timers, described 16-20
UplinkFast
described 18-4
enabling 18-12
VLAN-bridge 16-11
stratum, NTP 5-2
stub areas, OSPF 33-28
subdomains, private VLAN 13-1
subnet mask 33-5
subnet zero 33-6
success response, VMPS 11-28
summer time 5-13
SunNet Manager 1-4
supernet 33-6
SVIs
and IP unicast routing 33-3
and router ACLs 30-4
SVIs (continued)
connecting VLANs 9-8
defined 9-4
routing between VLANs 11-2
switch clustering technology 4-1
See also clusters, switch
switch console port 1-5
Switch Database Management
See SDM
switched packets, ACLs on 30-38
Switched Port Analyzer
See SPAN
switched ports 9-2
switchport block multicast command 23-7
switchport block unicast command 23-7
switchport command 9-14
switchport mode dot1q-tunnel command 15-6
switchport protected command 23-6
switch priority
MSTP 17-19
STP 16-19
switch software features 1-1
switch virtual interface
See SVI
synchronization, BGP 33-42
syslog
See system message logging
system clock
configuring
daylight saving time 5-13
manually 5-11
summer time 5-13
time zones 5-12
displaying the time and date 5-12
overview 5-2
See also NTP
system message logging
default configuration 28-3
defining error message severity levels 28-8
disabling 28-3
displaying the configuration 28-12
enabling 28-4
facility keywords, described 28-12
level keywords, described 28-9
limiting messages 28-9
message format 28-2
overview 28-1
sequence numbers, enabling and disabling 28-7
setting the display destination device 28-4
synchronizing log messages 28-5
syslog facility 1-9
time stamps, enabling and disabling 28-7
UNIX syslog servers
configuring the daemon 28-10
configuring the logging facility 28-11
facilities supported 28-12
system MTU and 802.1Q tunneling 15-5
system name
default configuration 5-15
default setting 5-15
manual configuration 5-15
See also DNS
system prompt
default setting 5-14 to 5-15
manual configuration 5-16
system resources, optimizing 6-1
T
TACACS+
accounting, defined 7-11
authentication, defined 7-11
authorization, defined 7-11
TACACS+ (continued)
configuring
accounting 7-17
authentication key 7-13
authorization 7-16
login authentication 7-14
default configuration 7-13
displaying the configuration 7-17
identifying the server 7-13
limiting the services to the user 7-16
operation of 7-12
overview 7-10
support for 1-7
tracking services accessed by user 7-17
tagged packets
802.1Q 15-3
Layer 2 protocol 15-8
tar files
creating B-6
displaying the contents of B-6
extracting B-7
image file format B-20
TDR 1-10
Telnet
accessing management interfaces 2-9
number of connections 1-4
setting a password 7-6
templates, SDM 6-1
temporary self-signed certificate 7-42
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 7-6
TFTP
configuration files
downloading B-11
preparing the server B-10
uploading B-11
configuration files in base directory 3-6
configuring for autoconfiguration 3-5
TFTP (continued)
image files
deleting B-23
downloading B-22
preparing the server B-21
uploading B-23
limiting access by servers 29-15
TFTP server 1-4
threshold, traffic level 23-2
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 30-17
time ranges in ACLs 30-17
time stamps in log messages 28-7
time zones 5-12
Token Ring VLANs
support for 11-6
VTP support 12-4
ToS 1-7
traceroute, Layer 2
and ARP 38-16
and CDP 38-15
broadcast traffic 38-15
described 38-15
IP addresses and subnets 38-16
MAC addresses and VLANs 38-15
multicast traffic 38-15
multiple devices on a port 38-16
unicast traffic 38-15
usage guidelines 38-15
traceroute command 38-17
See also IP traceroute
traffic
blocking flooded 23-7
fragmented 30-6
unfragmented 30-6
traffic policing 1-8
traffic suppression 23-1
transparent mode, VTP 12-3, 12-12
trap-door mechanism 3-2
traps
configuring MAC address notification 5-23
configuring managers 29-11
defined 29-3
enabling 5-23, 29-11
notification types 29-11
overview 29-1, 29-4
troubleshooting
connectivity problems 38-13, 38-15, 38-16
detecting unidirectional links 25-1
displaying crash information 38-23
PIMv1 and PIMv2 interoperability problems 35-22
setting packet forwarding 38-20
SFP security and identification 38-12
show forward command 38-20
with CiscoWorks 29-4
with debug commands 38-19
with ping 38-13
with system message logging 28-1
with traceroute 38-16
trunking encapsulation 1-6
trunk ports
configuring 11-20
defined 9-3, 11-3
encapsulation 11-20, 11-25, 11-26
secure MAC addresses on 23-12
trunks
allowed-VLAN list 11-21
configuring 11-20, 11-25, 11-26
ISL 11-16
load sharing
setting STP path costs 11-26
using STP port priorities 11-24, 11-25
native VLAN for untagged traffic 11-23
parallel 11-26
pruning-eligible list 11-22
trunks (continued)
to non-DTP device 11-17
understanding 11-17
trusted boundary for QoS 31-38
trusted port states
between QoS domains 31-40
classification options 31-5
ensuring port security for IP phones 31-38
support for 1-7
within a QoS domain 31-35
trustpoints, CA 7-42
tunneling
802.1Q 15-1
defined 15-1
Layer 2 protocol 15-8
tunnel ports
802.1Q, configuring 15-6
defined 11-4
described 9-3, 15-1
incompatibilities with other features 15-6
twisted-pair Ethernet, detecting unidirectional links 25-1
type of service
See ToS
U
UDLD
default configuration 25-4
disabling
fiber-optic interfaces 25-5
globally 25-5
per interface 25-5
echoing detection mechanism 25-3
enabling
globally 25-4
per interface 25-5
Layer 2 protocol tunneling 15-10
link-detection mechanism 25-1
neighbor database 25-2
UDLD (continued)
overview 25-1
resetting an interface 25-6
status, displaying 25-6
support for 1-5
UDP, configuring 33-15
unauthorized ports with 802.1x 8-4
unicast MAC address filtering 1-4
and adding static addresses 5-26
and broadcast MAC addresses 5-26
and CPU packets 5-26
and multicast addresses 5-26
and router MAC addresses 5-26
configuration guidelines 5-26
described 5-26
unicast storm 23-1
unicast storm control command 23-4
unicast traffic, blocking 23-7
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 28-10
facilities supported 28-12
message logging configuration 28-11
unrecognized Type-Length-Value (TLV) support 12-4
upgrading information
See release notes
upgrading software images
See downloading
UplinkFast
described 18-4
disabling 18-13
enabling 18-12
support for 1-5
uploading
configuration files
preparing B-10, B-12, B-16
reasons for B-8
using FTP B-14
uploading (continued)
configuration files (continued)
using RCP B-17
using TFTP B-11
image files
preparing B-21, B-24, B-28
reasons for B-19
using FTP B-27
using RCP B-32
using TFTP B-23
User Datagram Protocol
See UDP
user EXEC mode 2-2
username-based authentication 7-7
V
version-dependent transparent mode 12-4
virtual router 34-1, 34-2
vlan.dat file 11-5
VLAN 1, disabling on a trunk port 11-22
VLAN 1 minimization 11-21
VLAN ACLs
See VLAN maps
vlan-assignment response, VMPS 11-28
VLAN configuration
at bootup 11-8
saving 11-8
VLAN configuration mode 2-2, 11-7
VLAN database
and startup configuration file 11-8
and VTP 12-1
VLAN configuration saved in 11-7
VLANs saved in 11-4
vlan database command 11-7
vlan dot1q tag native command 15-5
VLAN filtering and SPAN 26-6
vlan global configuration command 11-7
VLAN ID, discovering 5-27
VLAN management domain 12-2
VLAN Management Policy Server
See VMPS
VLAN map entries, order of 30-30
VLAN maps
applying 30-34
common uses for 30-34
configuration example 30-35
configuration guidelines 30-30
configuring 30-30
creating 30-31
defined 30-2
denying access example 30-36
denying and permitting packets 30-32
displaying 30-41
examples 30-36
removing 30-34
support for 1-6
with router ACLs 30-40
VLAN membership
confirming 11-31
modes 11-3
VLAN Query Protocol
See VQP
VLANs
adding 11-9
adding to VLAN database 11-9
aging dynamic addresses 16-9
allowed on trunk 11-21
and spanning-tree instances 11-3, 11-6, 11-13
configuration guidelines, extended-range VLANs 11-13
configuration guidelines, normal-range VLANs 11-6
configuration options 11-7
configuring 11-1
configuring IDs 1006 to 4094 11-13
connecting through SVIs 9-8
creating in config-vlan mode 11-9
creating in VLAN configuration mode 11-10
customer numbering in service-provider networks 15-3
VLANs (continued)
default configuration 11-8
deleting 11-10
described 9-2, 11-1
displaying 11-15
extended-range 11-1, 11-12
features 1-6
illustrated 11-2
internal 11-13
limiting source traffic with RSPAN 26-22
limiting source traffic with SPAN 26-15
modifying 11-9
native, configuring 11-23
normal-range 11-1, 11-4
number supported 1-6
parameters 11-5
port membership modes 11-3
static-access ports 11-11
STP and 802.1Q trunks 16-10
supported 11-3
Token Ring 11-6
traffic between 11-2
VLAN-bridge STP 16-11, 37-1
VTP modes 12-3
VLAN Trunking Protocol
See VTP
VLAN trunks 11-16, 11-17
VMPS
administering 11-32
configuration example 11-33
configuration guidelines 11-29
default configuration 11-29
description 11-27
dynamic port membership
described 11-28
reconfirming 11-31
troubleshooting 11-33
entering server address 11-30
mapping MAC addresses to VLANs 11-28
VMPS (continued)
monitoring 11-32
reconfirmation interval, changing 11-31
reconfirming membership 11-31
retry count, changing 11-32
voice-over-IP 14-1
voice VLAN
Cisco 7960 phone, port connections 14-1
configuration guidelines 6-2, 14-3
configuring IP phones for data traffic
override CoS of incoming frame 14-6
trust CoS priority of incoming frame 14-6
configuring ports for voice traffic in
802.1p priority tagged frames 14-5
802.1Q frames 14-5
connecting to an IP phone 14-4
default configuration 14-3
described 14-1
displaying 14-6
VQP 1-6, 11-27
VTP
adding a client to a domain 12-14
advertisements 11-19, 12-3
and extended-range VLANs 12-1
and normal-range VLANs 12-2
client mode, configuring 12-11
configuration
global configuration mode 12-7
guidelines 12-8
privileged EXEC mode 12-7
requirements 12-9
saving 12-7
VLAN configuration mode 12-7
configuration mode options 12-7
configuration requirements 12-9
configuration revision number
guideline 12-14
resetting 12-15
VTP (continued)
configuring
client mode 12-11
server mode 12-9
transparent mode 12-12
consistency checks 12-4
default configuration 12-6
described 12-1
disabling 12-12
domain names 12-8
domains 12-2
Layer 2 protocol tunneling 15-8
modes
client 12-3, 12-11
server 12-3, 12-9
transitions 12-3
transparent 12-3, 12-12
monitoring 12-15
passwords 12-8
pruning
disabling 12-14
enabling 12-14
examples 12-5
overview 12-4
support for 1-6
pruning-eligible list, changing 11-22
server mode, configuring 12-9
statistics 12-15
VTP (continued)
support for 1-6
Token Ring support 12-4
transparent mode, configuring 12-12
using 12-1
version, guidelines 12-8
Version 1 12-4
Version 2
configuration guidelines 12-8
disabling 12-13
enabling 12-13
overview 12-4
W
weighted tail drop
See WTD
wizards 1-2
WTD
described 31-13
setting thresholds
egress queue-sets 31-70
ingress queues 31-66
support for 1-8
X
Xmodem protocol 38-2