Catalyst 3560 Switch Software Configuration Guide, Release 12.2(55)SE

Index

A

AAA down policy, NAC Layer 2 IP validation 1-11

abbreviating commands 2-4

ABRs 37-24

AC (command switch) 5-11

access-class command 33-19

access control entries

See ACEs

access control entry (ACE) 40-3

access-denied response, VMPS 13-28

access groups

applying IPv4 ACLs to interfaces 33-20

Layer 2 33-20

Layer 3 33-20

accessing

clusters, switch 5-14

command switches 5-12

member switches 5-14

switch clusters 5-14

access lists

See ACLs

access ports

and Layer 2 protocol tunneling 16-11

defined 11-3

in switch clusters 5-10

access template 7-1

accounting

with 802.1x 9-52

with IEEE 802.1x 9-16

with RADIUS 8-34

with TACACS+ 8-11, 8-17

A CEs

and QoS 34-8

defined 33-2

Ethernet 33-2

IP 33-2

ACLs

ACEs 33-2

any keyword 33-12

applying

on bridged packets 33-38

on multicast packets 33-40

on routed packets 33-39

on switched packets 33-38

time ranges to 33-16

to an interface 33-19, 40-7

to IPv6 interfaces 40-7

to QoS 34-8

classifying traffic for QoS 34-48

comments in 33-18

compiling 33-22

defined 33-1, 33-7

examples of 33-22, 34-48

extended IP, configuring for QoS classification 34-49

extended IPv4

creating 33-10

matching criteria 33-7

hardware and software handling 33-21

host keyword 33-12

ACLs (continued)

IP

creating 33-7

fragments and QoS guidelines 34-38

implicit deny 33-9, 33-13, 33-15

implicit masks 33-9

matching criteria 33-7

undefined 33-20

IPv4

applying to interfaces 33-19

creating 33-7

matching criteria 33-7

named 33-14

numbers 33-8

terminal lines, setting on 33-19

unsupported features 33-6

IPv6

applying to interfaces 40-7

configuring 40-3, 40-4

displaying 40-8

interactions with other features 40-4

limitations 40-3

matching criteria 40-3

named 40-3

precedence of 40-2

supported 40-2

unsupported features 40-3

Layer 4 information in 33-37

logging messages 33-8

MAC extended 33-27, 34-50

matching 33-7, 33-20, 40-3

monitoring 33-41, 40-8

named, IPv4 33-14

named, IPv6 40-3

names 40-4

number per QoS class map 34-38

port 33-2, 40-1

precedence of 33-3

QoS 34-8, 34-48

ACLs (continued)

resequencing entries 33-14

router 33-2, 40-1

router ACLs and VLAN map configuration guidelines 33-37

standard IP, configuring for QoS classification 34-48

standard IPv4

creating 33-9

matching criteria 33-7

support for 1-9

support in hardware 33-21

time ranges 33-16

types supported 33-2

unsupported features, IPv4 33-6

unsupported features, IPv6 40-3

using router ACLs with VLAN maps 33-36

VLAN maps

configuration guidelines 33-30

configuring 33-29

active link 19-4, 19-5, 19-6

active links 19-2

active router 41-1

active traffic monitoring, IP SLAs 42-1

address aliasing 22-2

addresses

displaying the MAC address table 6-30

dynamic

accelerated aging 26-8

changing the aging time 6-21

default aging 26-8

defined 6-19

learning 6-20

removing 6-22

IPv6 38-2

MAC, discovering 6-30

multicast

group address range 45-3

STP address management 26-8

addresses (continued)

static

adding and removing 6-26

defined 6-19

address resolution 6-30, 37-8

Address Resolution Protocol

See ARP

adjacency tables, with CEF 37-88

administrative distances

defined 37-101

OSPF 37-31

routing protocol defaults 37-90

advertisements

CDP 24-1

LLDP 25-1, 25-2

RIP 37-19

VTP 13-19, 14-3, 14-4

aggregatable global unicast addresses 38-3

aggregate addresses, BGP 37-58

aggregated ports

See EtherChannel

aggregate policers 34-64

aggregate policing 1-12

aging, accelerating 26-8

aging time

accelerated

for MSTP 17-24

for STP 26-8, 26-21

MAC address table 6-21

maximum

for MSTP 17-25

for STP 26-21, 26-22

alarms, RMON 29-4

allowed-VLAN list 13-22

application engines, redirecting traffic to 44-1

area border routers

See ABRs

area routing

IS-IS 37-63

ISO IGRP 37-63

ARP

configuring 37-9

defined 1-6, 6-30, 37-8

encapsulation 37-9

static cache configuration 37-9

table

address resolution 6-30

managing 6-30

ASBRs 37-24

AS-path filters, BGP 37-52

asymmetrical links, and IEEE 802.1Q tunneling 16-4

attributes, RADIUS

vendor-proprietary 8-37

vendor-specific 8-35

attribute-value pairs 9-13, 9-16, 9-21, 9-22

authentication

EIGRP 37-38

HSRP 41-10

local mode with AAA 8-44

NTP associations 6-5

open1x 9-31

RADIUS

key 8-27

login 8-29

TACACS+

defined 8-11

key 8-13

login 8-14

See also port-based authentication

authentication compatibility with Catalyst 6000 switches 9-9

authentication failed VLAN

See restricted VLAN

authentication keys, and routing protocols 37-102

authentication manager

CLI commands 9-10

compatibility with older 802.1x CLI commands 9-10 to ??

overview 9-8

authoritative time source, described 6-2

authorization

with RADIUS 8-33

with TACACS+ 8-11, 8-16

authorized ports with IEEE 802.1x 9-11

autoconfiguration 3-3

auto enablement 9-33

automatic discovery

considerations

beyond a noncandidate device 5-8

brand new switches 5-10

connectivity 5-5

different VLANs 5-7

management VLANs 5-8

non-CDP-capable devices 5-7

noncluster-capable devices 5-7

routed ports 5-9

in switch clusters 5-5

See also CDP

automatic QoS

See QoS

automatic recovery, clusters 5-11

See also HSRP

auto-MDIX

configuring 11-21

described 11-21

autonegotiation

duplex mode 1-3

interface configuration guidelines 11-18

mismatches 48-11

autonomous system boundary routers

See ASBRs

autonomous systems, in BGP 37-46

Auto-QoS video devices 1-13

Auto-RP, described 45-6

autosensing, port speed 1-3

autostate exclude 11-5

auxiliary VLAN

See voice VLAN

availability, features 1-7

B

BackboneFast

described 18-5

disabling 18-15

enabling 18-14

support for 1-7

backup interfaces

See Flex Links

backup links 19-2

backup static routing, configuring 43-12

banners

configuring

login 6-19

message-of-the-day login 6-18

default configuration 6-17

when displayed 6-17

Berkeley r-tools replacement 8-56

BGP

aggregate addresses 37-58

aggregate routes, configuring 37-58

CIDR 37-58

clear commands 37-61

community filtering 37-55

configuring neighbors 37-56

default configuration 37-43

described 37-42

enabling 37-46

monitoring 37-61

multipath support 37-50

neighbors, types of 37-46

path selection 37-50

BGP (continued)

peers, configuring 37-56

prefix filtering 37-54

resetting sessions 37-49

route dampening 37-60

route maps 37-52

route reflectors 37-59

routing domain confederation 37-59

routing session with multi-VRF CE 37-82

show commands 37-61

supernets 37-58

support for 1-13

Version 4 37-43

binding cluster group and HSRP group 41-12

binding database

address, DHCP server

See DHCP, Cisco IOS server database

DHCP snooping

See DHCP snooping binding database

bindings

address, Cisco IOS DHCP server 20-7

DHCP snooping database 20-8

IP source guard 20-17

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets 23-8

Boolean expressions in tracked lists 43-4

booting

boot loader, function of 3-2

boot process 3-2

manually 3-20

specific image 3-21

boot loader

accessing 3-22

described 3-2

environment variables 3-22

prompt 3-22

trap-door mechanism 3-2

bootstrap router (BSR), described 45-7

Border Gateway Protocol

See BGP

BPDU

error-disabled state 18-3

filtering 18-3

RSTP format 17-12

BPDU filtering

described 18-3

disabling 18-13

enabling 18-13

support for 1-8

BPDU guard

described 18-2

disabling 18-12

enabling 18-12

support for 1-8

bridged packets, ACLs on 33-38

bridge groups

See fallback bridging

bridge protocol data unit

See BPDU

broadcast flooding 37-16

broadcast packets

directed 37-13

flooded 37-13

broadcast storm-control command 23-4

broadcast storms 23-2, 37-13

C

cables, monitoring for unidirectional links 27-1

candidate switch

automatic discovery 5-5

defined 5-3

requirements 5-3

See also command switch, cluster standby group, and member switch

Catalyst 6000 switches

authentication compatibility 9-9

CA trustpoint

configuring 8-53

defined 8-50

CDP

and trusted boundary 34-44

automatic discovery in switch clusters 5-5

configuring 24-2

default configuration 24-2

defined with LLDP 25-1

described 24-1

disabling for routing device 24-4

enabling and disabling

on an interface 24-4

on a switch 24-4

Layer 2 protocol tunneling 16-8

monitoring 24-5

overview 24-1

power negotiation extensions 11-7

support for 1-6

transmission timer and holdtime, setting 24-3

updates 24-3

CEF

defined 37-88

enabling 37-88

IPv6 38-18

CGMP

as IGMP snooping learning method 22-9

clearing cached group entries 45-62

enabling server support 45-44

joining multicast group 22-3

overview 45-9

server support only 45-9

switch support of 1-4

CIDR 37-58

CipherSuites 8-51

Cisco 7960 IP Phone 12-1

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco intelligent power management 11-7

Cisco IOS DHCP server

See DHCP, Cisco IOS DHCP server

Cisco IOS File System

See IFS

Cisco IOS IP SLAs 42-1

Cisco Redundant Power System 2300

configuring 11-29

managing 11-29

Cisco Secure ACS

attribute-value pairs for downloadable ACLs 9-22

attribute-value pairs for redirect URL 9-21

Cisco Secure ACS configuration guide 9-63

CiscoWorks 2000 1-5, 31-4

CISP 9-33

CIST regional root

See MSTP

CIST root

See MSTP

civic location 25-3

classless interdomain routing

See CIDR

classless routing 37-6

class maps for QoS

configuring 34-51

described 34-8

displaying 34-84

class of service

See CoS

clearing interfaces 11-32

CLI

abbreviating commands 2-4

command modes 2-1

configuration logging 2-5

described 1-5

CLI (continued)

editing features

enabling and disabling 2-7

keystroke editing 2-8

wrapped lines 2-9

error messages 2-5

filtering command output 2-10

getting help 2-3

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

managing clusters 5-16

no and default forms of commands 2-4

Client Information Signalling Protocol

See CISP

client mode, VTP 14-3

client processes, tracking 43-1

CLNS

See ISO CLNS

clock

See system clock

clusters, switch

accessing 5-14

automatic discovery 5-5

automatic recovery 5-11

benefits 1-2

compatibility 5-5

described 5-1

LRE profile considerations 5-15

managing

through CLI 5-16

through SNMP 5-16

planning 5-5

planning considerations

automatic discovery 5-5

automatic recovery 5-11

CLI 5-16

clusters, switch (continued)

host names 5-14

IP addresses 5-14

LRE profiles 5-15

passwords 5-14

RADIUS 5-15

SNMP 5-15, 5-16

TACACS+ 5-15

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

and HSRP group 41-12

automatic recovery 5-13

considerations 5-12

defined 5-2

requirements 5-3

virtual IP address 5-12

See also HSRP

CNS 1-5

Configuration Engine

configID, deviceID, hostname 4-3

configuration service 4-2

described 4-1

event service 4-3

embedded agents

described 4-5

enabling automated configuration 4-6

enabling configuration agent 4-9

enabling event agent 4-7

management functions 1-5

CoA Request Commands 8-24

Coarse Wave Division Multiplexer

See CWDM SFPs

command-line interface

See CLI

command modes 2-1

commands

abbreviating 2-4

no and default 2-4

commands, setting privilege levels 8-8

command switch

accessing 5-12

active (AC) 5-11

configuration conflicts 48-11

defined 5-2

passive (PC) 5-11

password privilege levels 5-16

priority 5-11

recovery

from command-switch failure 5-11, 48-7

from lost member connectivity 48-11

redundant 5-11

replacing

with another switch 48-9

with cluster member 48-8

requirements 5-3

standby (SC) 5-11

See also candidate switch, cluster standby group, member switch, and standby command switch

community list, BGP 37-55

community ports 15-2

community strings

configuring 5-15, 31-8

for cluster switches 31-4

in clusters 5-15

overview 31-4

SNMP 5-15

community VLANs 15-2, 15-3

compatibility, feature 23-12

config.text 3-19

configurable leave timer, IGMP 22-6

configuration, initial

defaults 1-16

Express Setup 1-2

configuration changes, logging 30-10

configuration conflicts, recovering from lost member connectivity 48-11

configuration examples, network 1-19

configuration files

archiving B-20

clearing the startup configuration B-19

creating using a text editor B-10

default name 3-19

deleting a stored configuration B-19

described B-8

downloading

automatically 3-19

preparing B-10, B-13, B-16

reasons for B-8

using FTP B-13

using RCP B-17

using TFTP B-11

guidelines for creating and using B-9

guidelines for replacing and rolling back B-21

invalid combinations when copying B-5

limiting TFTP server access 31-16

obtaining with DHCP 3-9

password recovery disable considerations 8-5

replacing a running configuration B-19, B-20

rolling back a running configuration B-19, B-21

specifying the filename 3-19

system contact and location information 31-16

types and location B-9

uploading

preparing B-10, B-13, B-16

reasons for B-8

using FTP B-15

using RCP B-18

using TFTP B-12

configuration guidelines, multi-VRF CE 37-75

configuration logger 30-10

configuration logging 2-5

configuration replacement B-19

configuration rollback B-19, B-20

configuration settings, saving 3-16

configure terminal command 11-11

configuring 802.1x user distribution 9-59

configuring port-based authentication violation modes 9-41 to 9-42

configuring small-frame arrival rate 23-5

config-vlan mode 2-2

conflicts, configuration 48-11

connections, secure remote 8-45

connectivity problems 48-13, 48-14, 48-16

consistency checks in VTP Version 2 14-4

console port, connecting to 2-10

content-routing technology

See WCCP

control protocol, IP SLAs 42-4

corrupted software, recovery steps with Xmodem 48-2

CoS

in Layer 2 frames 34-2

override priority 12-7

trust priority 12-7

CoS input queue threshold map for QoS 34-17

CoS output queue threshold map for QoS 34-19

CoS-to-DSCP map for QoS 34-67

counters, clearing interface 11-32

CPU utilization, troubleshooting 48-25

crashinfo file 48-23

critical authentication, IEEE 802.1x 9-56

critical VLAN 9-25

cryptographic software image

Kerberos 8-39

SSH 8-45

SSL 8-49

customer edge devices 37-73

customjzeable web pages, web-based authentication 10-6

CWDM SFPs 1-26

D

DACL

See downloadable ACL

daylight saving time 6-13

debugging

enabling all system diagnostics 48-20

enabling for a specific feature 48-19

redirecting error message output 48-20

using commands 48-19

default commands 2-4

default configuration

802.1x 9-36

auto-QoS 34-21

banners 6-17

BGP 37-43

booting 3-19

CDP 24-2

DHCP 20-10

DHCP option 82 20-10

DHCP snooping 20-10

DHCP snooping binding database 20-10

DNS 6-16

dynamic ARP inspection 21-5

EIGRP 37-35

EtherChannel 35-10

Ethernet interfaces 11-15

fallback bridging 47-3

Flex Links 19-8

HSRP 41-5

IEEE 802.1Q tunneling 16-4

IGMP 45-39

IGMP filtering 22-26

IGMP snooping 22-7, 39-6

IGMP throttling 22-26

initial switch information 3-3

IP addressing, IP routing 37-4

IP multicast routing 45-10

IP SLAs 42-6

default configuration (continued)

IP source guard 20-19

IPv6 38-10

IS-IS 37-64

Layer 2 interfaces 11-15

Layer 2 protocol tunneling 16-11

LLDP 25-5

MAC address table 6-21

MAC address-table move update 19-8

MSDP 46-4

MSTP 17-15

multi-VRF CE 37-75

MVR 22-20

NTP 6-4

optional spanning-tree configuration 18-10

OSPF 37-25

password and privilege level 8-3

PIM 45-10

private VLANs 15-6

RADIUS 8-26

RIP 37-19

RMON 29-3

RSPAN 28-10

SDM template 7-3

SNMP 31-6

SPAN 28-10

SSL 8-52

standard QoS 34-35

STP 26-11

system message logging 30-3

system name and prompt 6-15

TACACS+ 8-13

UDLD 27-4

VLAN, Layer 2 Ethernet interfaces 13-19

VLANs 13-7

VMPS 13-29

voice VLAN 12-3

VTP 14-7

WCCP 44-5

default gateway 3-16, 37-11

default networks 37-91

default router preference

See DRP

default routes 37-91

default routing 37-2

default web-based authentication configuration

802.1X 10-9

deleting VLANs 13-9

denial-of-service attack 23-2

description command 11-25

designing your network, examples 1-19

destination addresses

in IPv4 ACLs 33-11

in IPv6 ACLs 40-5

destination-IP address-based forwarding, EtherChannel 35-8

destination-MAC address forwarding, EtherChannel 35-8

detecting indirect link failures, STP 18-5

device B-24

device discovery protocol 24-1, 25-1

device manager

benefits 1-2

described 1-2, 1-5

in-band management 1-6

upgrading a switch B-24

DHCP

Cisco IOS server database

configuring 20-15

default configuration 20-10

described 20-7

DHCP for IPv6

See DHCPv6

enabling

relay agent 20-11

DHCP-based autoconfiguration

client request message exchange 3-4

configuring

client side 3-4

DNS 3-8

relay device 3-8

server side 3-7

TFTP server 3-8

example 3-10

lease options

for IP address information 3-7

for receiving the configuration file 3-7

overview 3-3

relationship to BOOTP 3-4

relay support 1-5, 1-14

support for 1-5

DHCP-based autoconfiguration and image update

configuring 3-12 to 3-15

understanding 3-5 to 3-6

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP object tracking, configuring primary interface 43-10

DHCP option 82

circuit ID suboption 20-5

configuration guidelines 20-10

default configuration 20-10

displaying 20-16

forwarding address, specifying 20-12

helper address 20-12

overview 20-4

packet format, suboption

circuit ID 20-5

remote ID 20-5

remote ID suboption 20-5

DHCP server port-based address allocation

configuration guidelines 20-27

default configuration 20-27

described 20-27

displaying 20-30

enabling 20-28

reserved addresses 20-28

DHCP server port-based address assignment

support for 1-6

DHCP snooping

accepting untrusted packets form edge switch 20-3, 20-13

and private VLANs 20-15

binding database

See DHCP snooping binding database

configuration guidelines 20-10

default configuration 20-10

displaying binding tables 20-16

message exchange process 20-4

option 82 data insertion 20-4

trusted interface 20-2

untrusted interface 20-2

untrusted messages 20-2

DHCP snooping binding database

adding bindings 20-15

binding file

format 20-8

location 20-8

bindings 20-8

clearing agent statistics 20-16

configuration guidelines 20-11

configuring 20-15

default configuration 20-10

deleting

binding file 20-16

bindings 20-16

database agent 20-16

described 20-8

DHCP snooping binding database (continued)

displaying 20-16

binding entries 20-16

status and statistics 20-16

enabling 20-15

entry 20-8

renewing database 20-16

resetting

delay value 20-16

timeout value 20-16

DHCP snooping binding table

See DHCP snooping binding database

DHCPv6

configuration guidelines 38-15

default configuration 38-15

described 38-6

enabling client function 38-17

enabling DHCPv6 server function 38-15

support for 1-14

Differentiated Services architecture, QoS 34-2

Differentiated Services Code Point 34-2

Diffusing Update Algorithm (DUAL) 37-33

directed unicast requests 1-6

directories

changing B-3

creating and removing B-4

displaying the working B-3

discovery, clusters

See automatic discovery

Distance Vector Multicast Routing Protocol

See DVMRP

distance-vector protocols 37-3

distribute-list command 37-101

DNS

and DHCP-based autoconfiguration 3-8

default configuration 6-16

displaying the configuration 6-17

in IPv6 38-4

overview 6-15

DNS (continued)

setting up 6-16

support for 1-5

DNS-based SSM mapping 45-18, 45-20

domain names

DNS 6-15

VTP 14-8

Domain Name System

See DNS

domains, ISO IGRP routing 37-63

dot1q-tunnel switchport mode 13-17

double-tagged packets

IEEE 802.1Q tunneling 16-2

Layer 2 protocol tunneling 16-10

downloadable ACL 9-20, 9-22, 9-63

downloading

configuration files

preparing B-10, B-13, B-16

reasons for B-8

using FTP B-13

using RCP B-17

using TFTP B-11

image files

deleting old image B-28

preparing B-26, B-30, B-34

reasons for B-24

using CMS 1-2

using FTP B-31

using HTTP 1-2, B-24

using RCP B-35

using TFTP B-27

using the device manager or Network Assistant B-24

drop threshold for Layer 2 protocol packets 16-11

DRP

configuring 38-13

described 38-5

IPv6 38-5

support for 1-14

DSCP 1-12, 34-2

DSCP input queue threshold map for QoS 34-17

DSCP output queue threshold map for QoS 34-19

DSCP-to-CoS map for QoS 34-70

DSCP-to-DSCP-mutation map for QoS 34-71

DSCP transparency 34-45

DTP 1-8, 13-17

dual-action detection 35-5

DUAL finite state machine, EIGRP 37-34

dual IPv4 and IPv6 templates 7-2, 38-6

dual protocol stacks

IPv4 and IPv6 38-6

SDM templates supporting 38-6

dual-purpose uplinks

defined 11-6

LEDs 11-6

link selection 11-6, 11-17

setting the type 11-17

DVMRP

autosummarization

configuring a summary address 45-58

disabling 45-60

connecting PIM domain to DVMRP router 45-51

enabling unicast routing 45-54

interoperability

with Cisco devices 45-49

with Cisco IOS software 45-9

mrinfo requests, responding to 45-53

neighbors

advertising the default route to 45-52

discovery with Probe messages 45-49

displaying information 45-53

prevent peering with nonpruning 45-56

rejecting nonpruning 45-55

overview 45-9

DVRMP (continued)

routes

adding a metric offset 45-60

advertising all 45-60

advertising the default route to neighbors 45-52

caching DVMRP routes learned in report messages 45-54

changing the threshold for syslog messages 45-57

deleting 45-62

displaying 45-62

favoring one over another 45-60

limiting the number injected into MBONE 45-57

limiting unicast route advertisements 45-49

routing table 45-9

source distribution tree, building 45-9

support for 1-14

tunnels

configuring 45-51

displaying neighbor information 45-53

dynamic access ports

characteristics 13-3

configuring 13-31

defined 11-3

dynamic addresses

See addresses

dynamic ARP inspection

ARP cache poisoning 21-1

ARP requests, described 21-1

ARP spoofing attack 21-1

clearing

log buffer 21-16

statistics 21-16

configuration guidelines 21-6

configuring

ACLs for non-DHCP environments 21-9

in DHCP environments 21-7

log buffer 21-13

rate limit for incoming ARP packets 21-4, 21-11

default configuration 21-5

dynamic ARP inspection (continued)

denial-of-service attacks, preventing 21-11

described 21-1

DHCP snooping binding database 21-2

displaying

ARP ACLs 21-15

configuration and operating state 21-15

log buffer 21-16

statistics 21-16

trust state and rate limit 21-15

error-disabled state for exceeding rate limit 21-4

function of 21-2

interface trust states 21-3

log buffer

clearing 21-16

configuring 21-13

displaying 21-16

logging of dropped packets, described 21-4

man-in-the middle attack, described 21-2

network security issues and interface trust states 21-3

priority of ARP ACLs and DHCP snooping entries 21-4

rate limiting of ARP packets

configuring 21-11

described 21-4

error-disabled state 21-4

statistics

clearing 21-16

displaying 21-16

validation checks, performing 21-12

dynamic auto trunking mode 13-17

dynamic desirable trunking mode 13-17

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described 13-29

reconfirming 13-31, 13-32

troubleshooting 13-33

types of connections 13-31

dynamic routing 37-3

ISO CLNS 37-62

Dynamic Trunking Protocol

See DTP

E

EBGP 37-41

editing features

enabling and disabling 2-7

keystrokes used 2-8

wrapped lines 2-9

EEM 3.2 32-5

EIGRP

authentication 37-38

components 37-34

configuring 37-37

default configuration 37-35

definition 37-33

interface parameters, configuring 37-38

monitoring 37-41

stub routing 37-39

ELIN location 25-3

embedded event manager

3.2 32-5

actions 32-4

configuring 32-1, 32-5

displaying information 32-7

environmental variables 32-4

event detectors 32-2

policies 32-4

registering and defining an applet 32-6

registering and defining a TCL script 32-6

understanding 32-1

enable password 8-4

enable secret password 8-4

encryption, CipherSuite 8-51

encryption for passwords 8-4

Enhanced IGRP

See EIGRP

enhanced object tracking

backup static routing 43-12

commands 43-1

defined 43-1

DHCP primary interface 43-10

HSRP 43-7

IP routing state 43-2

IP SLAs 43-9

line-protocol state 43-2

network monitoring with IP SLAs 43-11

routing policy, configuring 43-12

static route primary interface 43-10

tracked lists 43-3

enhanced object tracking static routing 43-10

environmental variables, embedded event manager 32-4

environment variables, function of 3-23

equal-cost routing 1-14, 37-89

error-disabled state, BPDU 18-3

error messages during command entry 2-5

EtherChannel

automatic creation of 35-4, 35-6

channel groups

binding physical and logical interfaces 35-3

numbering of 35-3

configuration guidelines 35-10

configuring

Layer 2 interfaces 35-11

Layer 3 physical interfaces 35-14

Layer 3 port-channel logical interfaces 35-13

default configuration 35-10

described 35-2

displaying status 35-20

forwarding methods 35-7, 35-16

IEEE 802.3ad, described 35-6

interaction

with STP 35-10

with VLANs 35-11

EtherChannel (continued)

LACP

described 35-6

displaying status 35-20

hot-standby ports 35-18

interaction with other features 35-7

modes 35-6

port priority 35-19

system priority 35-19

Layer 3 interface 37-3

load balancing 35-7, 35-16

logical interfaces, described 35-3

PAgP

aggregate-port learners 35-17

compatibility with Catalyst 1900 35-17

described 35-4

displaying status 35-20

interaction with other features 35-6

interaction with virtual switches 35-5

learn method and priority configuration 35-17

modes 35-5

support for 1-4

with dual-action detection 35-5

port-channel interfaces

described 35-3

numbering of 35-3

port groups 11-6

support for 1-4

EtherChannel guard

described 18-7

disabling 18-15

enabling 18-15

Ethernet VLANs

adding 13-8

defaults and ranges 13-7

modifying 13-8

EUI 38-4

event detectors, embedded event manager 32-2

events, RMON 29-4

examples

network configuration 1-19

expedite queue for QoS 34-83

Express Setup 1-2

See also getting started guide

extended crashinfo file 48-23

extended-range VLANs

configuration guidelines 13-11

configuring 13-11

creating 13-12

creating with an internal VLAN ID 13-13

defined 13-1

extended system ID

MSTP 17-18

STP 26-4, 26-14

extended universal identifier

See EUI

Extensible Authentication Protocol over LAN 9-1

external BGP

See EBGP

external neighbors, BGP 37-46

F

fa0 interface 1-6

fallback bridging

and protected ports 47-4

bridge groups

creating 47-4

described 47-1

displaying 47-10

function of 47-2

number supported 47-4

removing 47-4

bridge table

clearing 47-10

displaying 47-10

configuration guidelines 47-3

connecting interfaces with 11-10

fallback bridging (continued)

default configuration 47-3

described 47-1

frame forwarding

flooding packets 47-2

forwarding packets 47-2

overview 47-1

protocol, unsupported 47-3

STP

disabling on an interface 47-9

forward-delay interval 47-8

hello BPDU interval 47-8

interface priority 47-6

maximum-idle interval 47-9

path cost 47-7

VLAN-bridge spanning-tree priority 47-5

VLAN-bridge STP 47-2

support for 1-14

SVIs and routed ports 47-1

unsupported protocols 47-3

VLAN-bridge STP 26-10

Fast Convergence 19-3

features, incompatible 23-12

FIB 37-88

fiber-optic, detecting unidirectional links 27-1

files

basic crashinfo

description 48-23

location 48-23

copying B-4

crashinfo, description 48-23

deleting B-5

displaying the contents of B-7

extended crashinfo

description 48-23

location 48-23

files (continued)

tar

creating B-6

displaying the contents of B-6

extracting B-7

image file format B-25

file system

displaying available file systems B-2

displaying file information B-3

local file system names B-1

network file system names B-4

setting the default B-3

filtering

in a VLAN 33-29

IPv6 traffic 40-3, 40-7

non-IP traffic 33-27

show and more command output 2-10

filtering show and more command output 2-10

filters, IP

See ACLs, IP

flash device, number of B-1

flexible authentication ordering

configuring 9-66

overview 9-31

Flex Link Multicast Fast Convergence 19-3

Flex Links

configuration guidelines 19-8

configuring 19-9, 19-10

configuring preferred VLAN 19-12

configuring VLAN load balancing 19-11

default configuration 19-8

description 19-1

link load balancing 19-3

monitoring 19-14

VLANs 19-3

flooded traffic, blocking 23-8

flow-based packet classification 1-12

flowcharts

QoS classification 34-7

QoS egress queueing and scheduling 34-18

QoS ingress queueing and scheduling 34-16

QoS policing and marking 34-11

flowcontrol

configuring 11-20

described 11-20

forward-delay time

MSTP 17-24

STP 26-21

Forwarding Information Base

See FIB

forwarding nonroutable protocols 47-1

FTP

accessing MIB files A-4

configuration files

downloading B-13

overview B-12

preparing the server B-13

uploading B-15

image files

deleting old image B-32

downloading B-31

preparing the server B-30

uploading B-33

G

general query 19-5

Generating IGMP Reports 19-4

get-bulk-request operation 31-3

get-next-request operation 31-3, 31-4

get-request operation 31-3, 31-4

get-response operation 31-3

global configuration mode 2-2

global leave, IGMP 22-13

guest VLAN and 802.1x 9-23

guide mode 1-2

GUIs

See device manager and Network Assistant

H

hardware limitations and Layer 3 interfaces 11-26

hello time

MSTP 17-24

STP 26-20

help, for the command line 2-3

HFTM space 48-24

hierarchical policy maps 34-9

configuration guidelines 34-38

configuring 34-57

described 34-12

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

history table, level and number of syslog messages 30-10

host names, in clusters 5-14

host ports

configuring 15-11

kinds of 15-2

hosts, limit on dynamic ports 13-33

Hot Standby Router Protocol

See HSRP

HP OpenView 1-5

HQATM space 48-24

HSRP

authentication string 41-10

automatic cluster recovery 5-13

binding to cluster group 41-12

cluster standby group considerations 5-12

command-switch redundancy 1-1, 1-7

configuring 41-4

default configuration 41-5

definition 41-1

HSRP (continued)

guidelines 41-6

monitoring 41-13

object tracking 43-7

overview 41-1

priority 41-8

routing redundancy 1-13

support for ICMP redirect messages 41-12

timers 41-10

tracking 41-8

See also clusters, cluster standby group, and standby command switch

HSRP for IPv6

configuring 38-24

guidelines 38-23

HTTP over SSL

see HTTPS

HTTPS 8-50

configuring 8-54

self-signed certificate 8-50

HTTP secure server 8-50

Hulc Forwarding TCAM Manager

See HFTM space

Hulc QoS/ACL TCAM Manager

See HQATM space

I

IBPG 37-41

ICMP

IPv6 38-4

redirect messages 37-11

support for 1-14

time-exceeded messages 48-16

traceroute and 48-16

unreachable messages 33-20

unreachable messages and IPv6 40-4

unreachables and ACLs 33-21

ICMP Echo operation

configuring 42-12

IP SLAs 42-12

ICMP ping

executing 48-13

overview 48-13

ICMP Router Discovery Protocol

See IRDP

ICMPv6 38-4

IDS appliances

and ingress RSPAN 28-21

and ingress SPAN 28-14

IEEE 802.1D

See STP

IEEE 802.1p 12-1

IEEE 802.1Q

and trunk ports 11-3

configuration limitations 13-18

encapsulation 13-16

native VLAN for untagged traffic 13-24

tunneling

compatibility with other features 16-6

defaults 16-4

described 16-1

tunnel ports with other features 16-6

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3af

See PoE

IEEE 802.3x flow control 11-20

ifIndex values, SNMP 31-5

IFS 1-6

IGMP

configurable leave timer

described 22-6

enabling 22-11

configuring the switch

as a member of a group 45-39

statically connected member 45-43

controlling access to groups 45-40

default configuration 45-39

deleting cache entries 45-62

displaying groups 45-62

fast switching 45-44

flooded multicast traffic

controlling the length of time 22-12

disabling on an interface 22-13

global leave 22-13

query solicitation 22-13

recovering from flood mode 22-13

host-query interval, modifying 45-41

joining multicast group 22-3

join messages 22-3

leave processing, enabling 22-11, 39-9

leaving multicast group 22-5

multicast reachability 45-39

overview 45-3

queries 22-4

report suppression

described 22-6

disabling 22-16, 39-11

supported versions 22-3

support for 1-4

Version 1

changing to Version 2 45-41

described 45-3

IGMP (continued)

Version 2

changing to Version 1 45-41

described 45-3

maximum query response time value 45-43

pruning groups 45-43

query timeout value 45-42

IGMP filtering

configuring 22-26

default configuration 22-26

described 22-25

monitoring 22-30

support for 1-4

IGMP groups

configuring filtering 22-29

setting the maximum number 22-28

IGMP helper 1-4, 45-6

IGMP Immediate Leave

configuration guidelines 22-11

described 22-6

enabling 22-11

IGMP profile

applying 22-27

configuration mode 22-26

configuring 22-27

IGMP snooping

and address aliasing 22-2

configuring 22-7

default configuration 22-7, 39-6

definition 22-2

enabling and disabling 22-7, 39-7

global configuration 22-7

Immediate Leave 22-6

method 22-8

monitoring 22-16, 39-12

querier

configuration guidelines 22-14

configuring 22-14

supported versions 22-3

IGMP snooping (continued)

support for 1-4

VLAN configuration 22-8

IGMP throttling

configuring 22-29

default configuration 22-26

described 22-25

displaying action 22-30

IGP 37-24

Immediate Leave, IGMP 22-6

enabling 39-9

inaccessible authentication bypass 9-25

support for multiauth ports 9-25

initial configuration

defaults 1-16

Express Setup 1-2

interface

number 11-11

range macros 11-13

interface command 11-11

interface configuration mode 2-3

interfaces

auto-MDIX, configuring 11-21

configuration guidelines

duplex and speed 11-18

configuring

procedure 11-11

counters, clearing 11-32

default configuration 11-15

described 11-25

descriptive name, adding 11-25

displaying information about 11-31

flow control 11-20

management 1-5

monitoring 11-31

naming 11-25

physical, identifying 11-11

range of 11-12

restarting 11-33

interfaces (continued)

shutting down 11-33

speed and duplex, configuring 11-19

status 11-31

supported 11-11

types of 11-1

interfaces range macro command 11-13

interface types 11-11

Interior Gateway Protocol

See IGP

internal BGP

See IBGP

internal neighbors, BGP 37-46

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

Internet Protocol version 6

See IPv6

Inter-Switch Link

See ISL

inter-VLAN routing 1-13, 37-2

Intrusion Detection System

See IDS appliances

inventory management TLV 25-3, 25-8

IP ACLs

for QoS classification 34-8

implicit deny 33-9, 33-13

implicit masks 33-9

named 33-14

undefined 33-20

IP addresses

128-bit 38-2

candidate or member 5-3, 5-14

classes of 37-5

cluster access 5-2

command switch 5-3, 5-12, 5-14

default configuration 37-4

discovering 6-30

IP addresses (continued)

for IP routing 37-4

IPv6 38-2

MAC address association 37-8

monitoring 37-17

redundant clusters 5-12

standby command switch 5-12, 5-14

See also IP information

IP base image 1-1

IP broadcast address 37-15

ip cef distributed command 37-88

IP directed broadcasts 37-13

ip igmp profile command 22-26

IP information

assigned

manually 3-15

through DHCP-based autoconfiguration 3-3

default configuration 3-3

IP multicast routing

addresses

all-hosts 45-3

all-multicast-routers 45-3

host group address range 45-3

administratively-scoped boundaries, described 45-47

and IGMP snooping 22-2

Auto-RP

adding to an existing sparse-mode cloud 45-26

benefits of 45-26

clearing the cache 45-62

configuration guidelines 45-11

filtering incoming RP announcement messages 45-29

overview 45-6

preventing candidate RP spoofing 45-29

preventing join messages to false RPs 45-28

setting up in a new internetwork 45-26

using with BSR 45-34

IP multicast routing (continued)

bootstrap router

configuration guidelines 45-11

configuring candidate BSRs 45-32

configuring candidate RPs 45-33

defining the IP multicast boundary 45-31

defining the PIM domain border 45-30

overview 45-7

using with Auto-RP 45-34

Cisco implementation 45-2

configuring

basic multicast routing 45-12

IP multicast boundary 45-47

default configuration 45-10

enabling

multicast forwarding 45-12

PIM mode 45-13

group-to-RP mappings

Auto-RP 45-6

BSR 45-7

MBONE

deleting sdr cache entries 45-62

described 45-45

displaying sdr cache 45-63

enabling sdr listener support 45-46

limiting DVMRP routes advertised 45-57

limiting sdr cache entry lifetime 45-46

SAP packets for conference session announcement 45-46

Session Directory (sdr) tool, described 45-45

monitoring

packet rate loss 45-63

peering devices 45-63

tracing a path 45-63

multicast forwarding, described 45-8

PIMv1 and PIMv2 interoperability 45-11

protocol interaction 45-2

reverse path check (RPF) 45-8

IP multicasting routing (continued)

routing table

deleting 45-62

displaying 45-63

RP

assigning manually 45-24

configuring Auto-RP 45-26

configuring PIMv2 BSR 45-30

monitoring mapping information 45-34

using Auto-RP and BSR 45-34

statistics, displaying system and network 45-62

See also CGMP

See also DVMRP

See also IGMP

See also PIM

IP phones

and QoS 12-1

automatic classification and queueing 34-21

configuring 12-5

ensuring port security with QoS 34-43

trusted boundary for QoS 34-43

IP Port Security for Static Hosts

on a Layer 2 access port 20-21

on a PVLAN host port 20-24

IP precedence 34-2

IP-precedence-to-DSCP map for QoS 34-68

IP protocols

in ACLs 33-11

routing 1-13

IP routes, monitoring 37-104

IP routing

connecting interfaces with 11-10

disabling 37-18

enabling 37-18

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 42-1

IP services image 1-1

IP SLAs

benefits 42-2

configuration guidelines 42-6

configuring object tracking 43-9

Control Protocol 42-4

default configuration 42-6

definition 42-1

ICMP echo operation 42-12

measuring network performance 42-3

monitoring 42-14

multioperations scheduling 42-5

object tracking 43-9

operation 42-3

reachability tracking 43-9

responder

described 42-4

enabling 42-8

response time 42-4

scheduling 42-5

SNMP support 42-2

supported metrics 42-2

threshold monitoring 42-6

track object monitoring agent, configuring 43-11

track state 43-9

UDP jitter operation 42-9

IP source guard

and 802.1x 20-19

and DHCP snooping 20-17

and EtherChannels 20-19

and port security 20-19

and private VLANs 20-19

and routed ports 20-19

and TCAM entries 20-19

and trunk interfaces 20-19

and VRF 20-19

binding configuration

automatic 20-17

manual 20-17

binding table 20-17

IP source guard (continued)

configuration guidelines 20-19

default configuration 20-19

described 20-17

disabling 20-20

displaying

active IP or MAC bindings 20-26

bindings 20-26

configuration 20-26

enabling 20-20, 20-21

filtering

source IP address 20-17

source IP and MAC address 20-17

source IP address filtering 20-17

source IP and MAC address filtering 20-17

static bindings

adding 20-20, 20-21

deleting 20-20

static hosts 20-21

IP traceroute

executing 48-17

overview 48-16

IP unicast routing

address resolution 37-8

administrative distances 37-90, 37-101

ARP 37-8

assigning IP addresses to Layer 3 interfaces 37-5

authentication keys 37-102

broadcast

address 37-15

flooding 37-16

packets 37-13

storms 37-13

classless routing 37-6

configuring static routes 37-89

IP unicast routing (continued)

default

addressing configuration 37-4

gateways 37-11

networks 37-91

routes 37-91

routing 37-2

directed broadcasts 37-13

disabling 37-18

dynamic routing 37-3

enabling 37-18

EtherChannel Layer 3 interface 37-3

IGP 37-24

inter-VLAN 37-2

IP addressing

classes 37-5

configuring 37-4

IPv6 38-3

IRDP 37-11

Layer 3 interfaces 37-3

MAC address and IP address 37-8

passive interfaces 37-100

protocols

distance-vector 37-3

dynamic 37-3

link-state 37-3

proxy ARP 37-8

redistribution 37-91

reverse address resolution 37-8

routed ports 37-3

static routing 37-3

steps to configure 37-4

subnet mask 37-5

subnet zero 37-6

supernet 37-6

UDP 37-14

with SVIs 37-3

See also BGP

See also EIGRP

IP unicast routing (continued)

See also OSPF

See also RIP

IPv4 ACLs

applying to interfaces 33-19

extended, creating 33-10

named 33-14

standard, creating 33-9

IPv4 and IPv6

dual protocol stacks 38-5

IPv6

ACLs

displaying 40-8

limitations 40-3

matching criteria 40-3

port 40-1

precedence 40-2

router 40-1

supported 40-2

addresses 38-2

address formats 38-2

applications 38-5

assigning address 38-11

autoconfiguration 38-5

CEFv6 38-18

configuring static routes 38-19

default configuration 38-10

default router preference (DRP) 38-5

defined 38-2

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 38-7

EIGRP IPv6 Commands 38-7

Router ID 38-7

feature limitations 38-9

features not supported 38-8

forwarding 38-11

ICMP 38-4

monitoring 38-26

neighbor discovery 38-4

IPv6 (continued)

OSPF 38-7

path MTU discovery 38-4

SDM templates 7-2, 39-1, 40-1

Stateless Autoconfiguration 38-5

supported features 38-3

switch limitations 38-9

understanding static routes 38-6

IPv6 traffic, filtering 40-3

IRDP

configuring 37-12

definition 37-11

support for 1-14

IS-IS

addresses 37-63

area routing 37-63

default configuration 37-64

monitoring 37-72

show commands 37-72

system routing 37-63

ISL

and IPv6 38-3

and trunk ports 11-3

encapsulation 1-8, 13-16

trunking with IEEE 802.1 tunneling 16-5

ISO CLNS

clear commands 37-72

dynamic routing protocols 37-62

monitoring 37-72

NETs 37-62

NSAPs 37-62

OSI standard 37-62

ISO IGRP

area routing 37-63

system routing 37-63

isolated port 15-2

isolated VLANs 15-2, 15-3

J

join messages, IGMP 22-3

K

KDC

described 8-40

See also Kerberos

Kerberos

authenticating to

boundary switch 8-42

KDC 8-42

network services 8-43

configuration examples 8-39

configuring 8-43

credentials 8-40

cryptographic software image 8-39

described 8-40

KDC 8-40

operation 8-42

realm 8-41

server 8-41

support for 1-11

switch as trusted third party 8-40

terms 8-40

TGT 8-41

tickets 8-40

key distribution center

See KDC

L

l2protocol-tunnel command 16-13

LACP

Layer 2 protocol tunneling 16-9

See EtherChannel

Layer 2 frames, classification with CoS 34-2

Layer 2 interfaces, default configuration 11-15

Layer 2 protocol tunneling

configuring 16-10

configuring for EtherChannels 16-14

default configuration 16-11

defined 16-8

guidelines 16-11

Layer 2 traceroute

and ARP 48-15

and CDP 48-15

broadcast traffic 48-15

described 48-15

IP addresses and subnets 48-15

MAC addresses and VLANs 48-15

multicast traffic 48-15

multiple devices on a port 48-16

unicast traffic 48-15

usage guidelines 48-15

Layer 3 features 1-13

Layer 3 interfaces

assigning IP addresses to 37-5

assigning IPv4 and IPv6 addresses to 38-14

assigning IPv6 addresses to 38-11

changing from Layer 2 mode 37-5, 37-80

types of 37-3

Layer 3 packets, classification methods 34-2

LDAP 4-2

Leaking IGMP Reports 19-4

LEDs, switch

See hardware installation guide

lightweight directory access protocol

See LDAP

line configuration mode 2-3

Link Aggregation Control Protocol

See EtherChannel

link failure, detecting unidirectional 17-8

Link Layer Discovery Protocol

See CDP

link local unicast addresses 38-4

link redundancy

See Flex Links

links, unidirectional 27-1

link state advertisements (LSAs) 37-29

link-state protocols 37-3

link-state tracking

configuring 35-23

described 35-21

LLDP

configuring 25-5

characteristics 25-7

default configuration 25-5

enabling 25-6

monitoring and maintaining 25-12

overview 25-1

supported TLVs 25-2

switch stack considerations 25-2

transmission timer and holdtime, setting 25-7

LLDP-MED

configuring

procedures 25-5

TLVs 25-8

monitoring and maintaining 25-12

overview 25-1, 25-2

supported TLVs 25-2

LLDP Media Endpoint Discovery

See LLDP-MED

load balancing 41-4

local SPAN 28-2

location TLV 25-3, 25-8

logging messages, ACL 33-8

login authentication

with RADIUS 8-29

with TACACS+ 8-14

login banners 6-17

log messages

See system message logging

Long-Reach Ethernet (LRE) technology 1-20

loop guard

described 18-9

enabling 18-16

support for 1-8

LRE profiles, considerations in switch clusters 5-15

M

MAB

See MAC authentication bypass

MAB aging timer 1-9

MAB inactivity timer

default setting 9-36

range 9-39

MAC/PHY configuration status TLV 25-2

MAC addresses

aging time 6-21

and VLAN association 6-20

building the address table 6-20

default configuration 6-21

disabling learning on a VLAN 6-29

discovering 6-30

displaying 6-30

displaying in the IP source binding table 20-26

dynamic

learning 6-20

removing 6-22

in ACLs 33-27

IP address association 37-8

static

adding 6-27

allowing 6-28, 6-29

characteristics of 6-26

dropping 6-28

removing 6-27

MAC address learning 1-6

MAC address learning, disabling on a VLAN 6-29

MAC address notification, support for 1-15

MAC address-table move update

configuration guidelines 19-8

configuring 19-12

default configuration 19-8

description 19-6

monitoring 19-14

MAC address-to-VLAN mapping 13-28

MAC authentication bypass 9-39

configuring 9-59

overview 9-17

See MAB

MAC extended access lists

applying to Layer 2 interfaces 33-28

configuring for QoS 34-50

creating 33-27

defined 33-27

for QoS classification 34-5

magic packet 9-28

manageability features 1-5

management access

in-band

browser session 1-6

CLI session 1-6

device manager 1-6

SNMP 1-6

out-of-band console port connection 1-6

management address TLV 25-2

management options

CLI 2-1

clustering 1-3

CNS 4-1

Network Assistant 1-2

overview 1-5

management VLAN

considerations in switch clusters 5-8

discovery through different management VLANs 5-8

mapping tables for QoS

configuring

CoS-to-DSCP 34-67

DSCP 34-66

DSCP-to-CoS 34-70

DSCP-to-DSCP-mutation 34-71

IP-precedence-to-DSCP 34-68

policed-DSCP 34-69

described 34-13

marking

action with aggregate policers 34-64

described 34-4, 34-9

matching

IPv6 ACLs 40-3

matching, IPv4 ACLs 33-7

maximum aging time

MSTP 17-25

STP 26-21

maximum hop count, MSTP 17-25

maximum number of allowed devices, port-based authentication 9-39

maximum-paths command 37-50, 37-89

MDA

configuration guidelines 9-13 to 9-14

described 1-10, 9-13

exceptions with authentication process 9-6

membership mode, VLAN port 13-3

member switch

automatic discovery 5-5

defined 5-2

managing 5-16

passwords 5-14

recovering from lost connectivity 48-11

requirements 5-3

See also candidate switch, cluster standby group, and standby command switch

memory consistency check errors

displaying 48-24

example 48-24

memory consistency check routines 1-5, 48-24

memory consistency integrity 1-5, 48-24

messages, to users through banners 6-17

metrics, in BGP 37-50

metric translations, between routing protocols 37-96

metro tags 16-2

MHSRP 41-4

MIBs

accessing files with FTP A-4

location of files A-4

overview 31-1

SNMP interaction with 31-4

supported A-1

mirroring traffic for analysis 28-1

mismatches, autonegotiation 48-11

module number 11-11

monitoring

access groups 33-41

BGP 37-61

cables for unidirectional links 27-1

CDP 24-5

CEF 37-88

EIGRP 37-41

fallback bridging 47-10

features 1-15

Flex Links 19-14

HSRP 41-13

IEEE 802.1Q tunneling 16-18

IGMP

filters 22-30

snooping 22-16, 39-12

interfaces 11-31

IP

address tables 37-17

multicast routing 45-61

routes 37-104

IP SLAs operations 42-14

IPv4 ACL configuration 33-41

IPv6 38-26

monitoring (continued)

IPv6 ACL configuration 40-8

IS-IS 37-72

ISO CLNS 37-72

Layer 2 protocol tunneling 16-18

MAC address-table move update 19-14

MSDP peers 46-18

multicast router interfaces 22-17, 39-12

multi-VRF CE 37-87

MVR 22-24

network traffic for analysis with probe 28-2

object tracking 43-13

OSPF 37-33

port

blocking 23-20

protection 23-20

private VLANs 15-14

RP mapping information 45-34

SFP status 11-31, 48-13

source-active messages 46-18

speed and duplex mode 11-19

SSM mapping 45-22

traffic flowing among switches 29-2

traffic suppression 23-20

tunneling 16-18

VLAN

filters 33-41

maps 33-41

VLANs 13-15

VMPS 13-33

VTP 14-16

mrouter Port 19-3

mrouter port 19-5

MSDP

benefits of 46-3

clearing MSDP connections and statistics 46-18

MSDP (continued)

controlling source information

forwarded by switch 46-11

originated by switch 46-8

received by switch 46-13

default configuration 46-4

dense-mode regions

sending SA messages to 46-16

specifying the originating address 46-17

filtering

incoming SA messages 46-14

SA messages to a peer 46-12

SA requests from a peer 46-10

join latency, defined 46-6

meshed groups

configuring 46-15

defined 46-15

originating address, changing 46-17

overview 46-1

peer-RPF flooding 46-2

peers

configuring a default 46-4

monitoring 46-18

peering relationship, overview 46-1

requesting source information from 46-8

shutting down 46-15

source-active messages

caching 46-6

clearing cache entries 46-18

defined 46-2

filtering from a peer 46-10

filtering incoming 46-14

filtering to a peer 46-12

limiting data with TTL 46-13

monitoring 46-18

restricting advertised sources 46-9

support for 1-14

MSTP

boundary ports

configuration guidelines 17-15

described 17-6

BPDU filtering

described 18-3

enabling 18-13

BPDU guard

described 18-2

enabling 18-12

CIST, described 17-3

CIST regional root 17-3

CIST root 17-5

configuration guidelines 17-15, 18-10

configuring

forward-delay time 17-24

hello time 17-24

link type for rapid convergence 17-26

maximum aging time 17-25

maximum hop count 17-25

MST region 17-16

neighbor type 17-26

path cost 17-21

port priority 17-20

root switch 17-18

secondary root switch 17-19

switch priority 17-23

CST

defined 17-3

operations between regions 17-3

default configuration 17-15

default optional feature configuration 18-10

displaying status 17-27

enabling the mode 17-16

EtherChannel guard

described 18-7

enabling 18-15

MSTP (continued)

extended system ID

effects on root switch 17-18

effects on secondary root switch 17-19

unexpected behavior 17-18

IEEE 802.1s

implementation 17-7

port role naming change 17-7

terminology 17-5

instances supported 26-9

interface state, blocking to forwarding 18-2

interoperability and compatibility among modes 26-10

interoperability with IEEE 802.1D

described 17-8

restarting migration process 17-27

IST

defined 17-2

master 17-3

operations within a region 17-3

loop guard

described 18-9

enabling 18-16

mapping VLANs to MST instance 17-16

MST region

CIST 17-3

configuring 17-16

described 17-2

hop-count mechanism 17-6

IST 17-2

supported spanning-tree instances 17-2

optional features supported 1-8

overview 17-2

Port Fast

described 18-2

enabling 18-10

preventing root switch selection 18-8

MSTP (continued)

root guard

described 18-8

enabling 18-16

root switch

configuring 17-18

effects of extended system ID 17-18

unexpected behavior 17-18

shutdown Port Fast-enabled port 18-2

status, displaying 17-27

multiauth

support for inaccessible authentication bypass 9-25

multiauth mode

See multiple-authentication mode

multicast groups

Immediate Leave 22-6

joining 22-3

leaving 22-5

static joins 22-10, 39-8

multicast packets

ACLs on 33-40

blocking 23-8

multicast router interfaces, monitoring 22-17, 39-12

multicast router ports, adding 22-9, 39-8

Multicast Source Discovery Protocol

See MSDP

multicast storm 23-2

multicast storm-control command 23-4

multicast television application 22-18

multicast VLAN 22-18

Multicast VLAN Registration

See MVR

multidomain authentication

See MDA

multioperations scheduling, IP SLAs 42-5

multiple authentication 9-14

multiple authentication mode

configuring 9-45

Multiple HSRP

See MHSRP

multiple VPN routing/forwarding in customer edge devices

See multi-VRF CE

multi-VRF CE

configuration example 37-83

configuration guidelines 37-75

configuring 37-75

default configuration 37-75

defined 37-73

displaying 37-87

monitoring 37-87

network components 37-75

packet-forwarding process 37-74

support for 1-13

MVR

and address aliasing 22-21

and IGMPv3 22-21

configuration guidelines 22-20

configuring interfaces 22-22

default configuration 22-20

described 22-18

example application 22-18

modes 22-21

monitoring 22-24

multicast television application 22-18

setting global parameters 22-21

support for 1-4

N

NAC

AAA down policy 1-11

critical authentication 9-25, 9-56

IEEE 802.1x authentication using a RADIUS server 9-61

IEEE 802.1x validation using RADIUS server 9-61

inaccessible authentication bypass 1-11, 9-56

NAC (continued)

Layer 2 IEEE 802.1x validation 1-11, 9-31, 9-61

Layer 2 IP validation 1-11

named IPv4 ACLs 33-14

NameSpace Mapper

See NSM

native VLAN

and IEEE 802.1Q tunneling 16-4

configuring 13-24

default 13-24

NEAT

configuring 9-62

overview 9-32

neighbor discovery, IPv6 38-4

neighbor discovery/recovery, EIGRP 37-34

neighbors, BGP 37-56

Network Admission Control

NAC

Network Assistant

benefits 1-2

described 1-5

downloading image files 1-2

guide mode 1-2

management options 1-2

upgrading a switch B-24

wizards 1-2

network configuration examples

increasing network performance 1-19

large network 1-24

long-distance, high-bandwidth transport 1-26

providing network services 1-19

server aggregation and Linux server cluster 1-22

small to medium-sized network 1-23

network design

performance 1-19

services 1-19

Network Edge Access Topology

See NEAT

network management

CDP 24-1

RMON 29-1

SNMP 31-1

network performance, measuring with IP SLAs 42-3

network policy TLV 25-2, 25-8

Network Time Protocol

See NTP

no commands 2-4

nonhierarchical policy maps

configuration guidelines 34-38

described 34-10

non-IP traffic filtering 33-27

nontrunking mode 13-17

normal-range VLANs 13-4

configuration guidelines 13-6

configuring 13-4

defined 13-1

no switchport command 11-4

not-so-stubby areas

See NSSA

NSAPs, as ISO IGRP addresses 37-63

NSF Awareness

IS-IS 37-65

NSM 4-3

NSSA, OSPF 37-29

NTP

associations

authenticating 6-5

defined 6-2

enabling broadcast messages 6-7

peer 6-6

server 6-6

default configuration 6-4

displaying the configuration 6-11

overview 6-2

restricting access

creating an access group 6-9

disabling NTP services per interface 6-10

NTP (continued)

source IP address, configuring 6-10

stratum 6-2

support for 1-6

synchronizing devices 6-6

time

services 6-2

synchronizing 6-2

O

object tracking

HSRP 43-7

IP SLAs 43-9

IP SLAs, configuring 43-9

monitoring 43-13

off mode, VTP 14-3

online diagnostics

overview 49-1

running tests 49-3

understanding 49-1

open1x

configuring 9-67

open1x authentication

overview 9-31

Open Shortest Path First

See OSPF

optimizing system resources 7-1

options, management 1-5

OSPF

area parameters, configuring 37-29

configuring 37-27

default configuration

metrics 37-30

route 37-30

settings 37-25

described 37-24

for IPv6 38-7

interface parameters, configuring 37-28

OSPF (continued)

LSA group pacing 37-32

monitoring 37-33

router IDs 37-32

route summarization 37-30

support for 1-13

virtual links 37-30

out-of-profile markdown 1-13

P

packet modification, with QoS 34-20

PAgP

Layer 2 protocol tunneling 16-9

See EtherChannel

parallel paths, in routing tables 37-89

passive interfaces

configuring 37-100

OSPF 37-31

passwords

default configuration 8-3

disabling recovery of 8-5

encrypting 8-4

for security 1-9

in clusters 5-14

overview 8-1

recovery of 48-3

setting

enable 8-3

enable secret 8-4

Telnet 8-6

with usernames 8-7

VTP domain 14-8

path cost

MSTP 17-21

STP 26-18

path MTU discovery 38-4

PBR

defined 37-96

enabling 37-98

fast-switched policy-based routing 37-99

local policy-based routing 37-99

PC (passive command switch) 5-11

peers, BGP 37-56

percentage thresholds in tracked lists 43-6

performance, network design 1-19

performance features 1-3

persistent self-signed certificate 8-50

per-user ACLs and Filter-Ids 9-9

per-VLAN spanning-tree plus

See PVST+

PE to CE routing, configuring 37-82

physical ports 11-2

PIM

default configuration 45-10

dense mode

overview 45-4

rendezvous point (RP), described 45-5

RPF lookups 45-8

displaying neighbors 45-63

enabling a mode 45-13

overview 45-4

router-query message interval, modifying 45-37

shared tree and source tree, overview 45-35

shortest path tree, delaying the use of 45-36

sparse mode

join messages and shared tree 45-5

overview 45-5

prune messages 45-5

RPF lookups 45-9

stub routing

configuration guidelines 45-22

displaying 45-63

enabling 45-23

overview 45-5

support for 1-14

PIM (continued)

versions

interoperability 45-11

troubleshooting interoperability problems 45-35

v2 improvements 45-4

PIM-DVMRP, as snooping method 22-8

ping

character output description 48-14

executing 48-13

overview 48-13

PoE

auto mode 11-9

CDP with power consumption, described 11-7

CDP with power negotiation, described 11-7

Cisco intelligent power management 11-7

configuring 11-22

devices supported 11-6

high-power devices operating in low-power mode 11-7

IEEE power classification levels 11-8

power budgeting 11-23

power consumption 11-23

powered-device detection and initial power allocation 11-7

power management modes 11-9

power negotiation extensions to CDP 11-7

standards supported 11-7

static mode 11-9

troubleshooting 48-11

policed-DSCP map for QoS 34-69

policers

configuring

for each matched traffic class 34-53

for more than one traffic class 34-64

described 34-4

displaying 34-84

number of 34-39

types of 34-10

policing

described 34-4

hierarchical

See hierarchical policy maps

token-bucket algorithm 34-10

policy-based routing

See PBR

policy maps for QoS

characteristics of 34-53

described 34-8

displaying 34-85

hierarchical 34-9

hierarchical on SVIs

configuration guidelines 34-38

configuring 34-57

described 34-12

nonhierarchical on physical ports

configuration guidelines 34-38

described 34-10

port ACLs

defined 33-2

types of 33-3

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting 9-16

authentication server

defined 9-3, 10-2

RADIUS server 9-3

client, defined 9-3, 10-2

configuration guidelines 9-37, 10-9

configuring

802.1x authentication 9-42

guest VLAN 9-53

host mode 9-45

inaccessible authentication bypass 9-56

manual re-authentication of a client 9-47

periodic re-authentication 9-46

quiet period 9-48

port-based authentication (continued)

RADIUS server 9-45, 10-13

RADIUS server parameters on the switch 9-44, 10-11

restricted VLAN 9-54

switch-to-client frame-retransmission number 9-49, 9-50

switch-to-client retransmission time 9-48

violation modes 9-41 to 9-42

default configuration 9-36, 10-9

described 9-1

device roles 9-3, 10-2

displaying statistics 9-69, 10-17

downloadable ACLs and redirect URLs

configuring 9-63 to 9-65, ?? to 9-66

overview 9-20 to 9-22

EAPOL-start frame 9-6

EAP-request/identity frame 9-6

EAP-response/identity frame 9-6

enabling

802.1X authentication 10-11

encapsulation 9-3

flexible authentication ordering

configuring 9-66

overview 9-31

guest VLAN

configuration guidelines 9-23, 9-24

described 9-23

host mode 9-12

inaccessible authentication bypass

configuring 9-56

described 9-25

guidelines 9-38

initiation and message exchange 9-6

magic packet 9-28

maximum number of allowed devices per port 9-39

method lists 9-42

multiple authentication 9-14

port-based authentication (continued)

per-user ACLs

AAA authorization 9-42

configuration tasks 9-20

described 9-19

RADIUS server attributes 9-19

ports

authorization state and dot1x port-control command 9-11

authorized and unauthorized 9-11

voice VLAN 9-26

port security

and voice VLAN 9-27

described 9-27

interactions 9-27

multiple-hosts mode 9-12

readiness check

configuring 9-39

described 9-17, 9-39

resetting to default values 9-68

statistics, displaying 9-69

switch

as proxy 9-3, 10-2

RADIUS client 9-3

switch supplicant

configuring 9-62

overview 9-32

upgrading from a previous release 34-32

user distribution

guidelines 9-30

overview 9-30

VLAN assignment

AAA authorization 9-42

characteristics 9-18

configuration tasks 9-19

described 9-18

voice aware 802.1x security

configuring 9-40

described 9-32, 9-40

port-based authentication (continued)

voice VLAN

described 9-26

PVID 9-26

VVID 9-26

wake-on-LAN, described 9-28

with ACLs and RADIUS Filter-Id attribute 9-34

port-based authentication methods, supported 9-8

port blocking 1-4, 23-8

port-channel

See EtherChannel

port description TLV 25-2

Port Fast

described 18-2

enabling 18-10

mode, spanning tree 13-29

support for 1-8

port membership modes, VLAN 13-3

port priority

MSTP 17-20

STP 26-17

ports

access 11-3

blocking 23-8

dual-purpose uplink 11-6

dynamic access 13-3

IEEE 802.1Q tunnel 13-4

protected 23-6

routed 11-4

secure 23-9

static-access 13-3, 13-9

switch 11-2

trunks 13-3, 13-16

VLAN assignments 13-9

port security

aging 23-18

and private VLANs 23-19

and QoS trusted boundary 34-43

configuring 23-13

port security (continued)

default configuration 23-11

described 23-9

displaying 23-20

enabling 23-19

on trunk ports 23-15

sticky learning 23-10

violations 23-10

with other features 23-12

port-shutdown response, VMPS 13-28

port VLAN ID TLV 25-2

power management TLV 25-2, 25-8

Power over Ethernet

See PoE

preemption, default configuration 19-8

preemption delay, default configuration 19-8

preferential treatment of traffic

See QoS

prefix lists, BGP 37-54

preventing unauthorized access 8-1

primary interface for object tracking, DHCP, configuring 43-10

primary interface for static routing, configuring 43-10

primary links 19-2

primary VLANs 15-1, 15-3

priority

HSRP 41-8

overriding CoS 12-7

trusting CoS 12-7

private VLAN edge ports

See protected ports

private VLANs

across multiple switches 15-4

and SDM template 15-4

and SVIs 15-5

benefits of 15-1

community ports 15-2

community VLANs 15-2, 15-3

configuration guidelines 15-6, 15-7, 15-8

private VLANs (continued)

configuration tasks 15-6

configuring 15-9

default configuration 15-6

end station access to 15-3

IP addressing 15-3

isolated port 15-2

isolated VLANs 15-2, 15-3

mapping 15-13

monitoring 15-14

ports

community 15-2

configuration guidelines 15-8

configuring host ports 15-11

configuring promiscuous ports 15-12

described 13-4

isolated 15-2

promiscuous 15-2

primary VLANs 15-1, 15-3

promiscuous ports 15-2

secondary VLANs 15-2

subdomains 15-1

traffic in 15-5

privileged EXEC mode 2-2

privilege levels

changing the default for lines 8-9

command switch 5-16

exiting 8-10

logging into 8-10

mapping on member switches 5-16

overview 8-2, 8-8

setting a command with 8-8

promiscuous ports

configuring 15-12

defined 15-2

protected ports 1-9, 23-6

protocol-dependent modules, EIGRP 37-34

Protocol-Independent Multicast Protocol

See PIM

provider edge devices 37-73

proxy ARP

configuring 37-10

definition 37-8

with IP routing disabled 37-11

proxy reports 19-4

pruning, VTP

disabling

in VTP domain 14-14

on a port 13-23

enabling

in VTP domain 14-14

on a port 13-23

examples 14-6

overview 14-5

pruning-eligible list

changing 13-23

for VTP pruning 14-5

VLANs 14-14

PVST+

described 26-9

IEEE 802.1Q trunking interoperability 26-10

instances supported 26-9

Q

QoS

and MQC commands 34-1

auto-QoS

categorizing traffic 34-21

configuration and defaults display 34-34

configuration guidelines 34-31

described 34-21

disabling 34-34

displaying generated commands 34-34

displaying the initial configuration 34-34

effects on running configuration 34-31

list of generated commands 34-24

basic model 34-4

QoS (continued)

classification

class maps, described 34-8

defined 34-4

DSCP transparency, described 34-45

flowchart 34-7

forwarding treatment 34-3

in frames and packets 34-3

IP ACLs, described 34-6, 34-8

MAC ACLs, described 34-5, 34-8

options for IP traffic 34-6

options for non-IP traffic 34-5

policy maps, described 34-8

trust DSCP, described 34-5

trusted CoS, described 34-5

trust IP precedence, described 34-5

class maps

configuring 34-51

displaying 34-84

configuration guidelines

auto-QoS 34-31

standard QoS 34-37

configuring

aggregate policers 34-64

auto-QoS 34-21

default port CoS value 34-43

DSCP maps 34-66

DSCP transparency 34-45

DSCP trust states bordering another domain 34-45

egress queue characteristics 34-77

ingress queue characteristics 34-72

IP extended ACLs 34-49

IP standard ACLs 34-48

MAC ACLs 34-50

policy maps, hierarchical 34-57

port trust states within the domain 34-41

trusted boundary 34-43

default auto configuration 34-21

QoS (continued)

default standard configuration 34-35

displaying statistics 34-84

DSCP transparency 34-45

egress queues

allocating buffer space 34-78

buffer allocation scheme, described 34-18

configuring shaped weights for SRR 34-81

configuring shared weights for SRR 34-82

described 34-4

displaying the threshold map 34-80

flowchart 34-18

mapping DSCP or CoS values 34-80

scheduling, described 34-4

setting WTD thresholds 34-78

WTD, described 34-19

enabling globally 34-40

flowcharts

classification 34-7

egress queueing and scheduling 34-18

ingress queueing and scheduling 34-16

policing and marking 34-11

implicit deny 34-8

ingress queues

allocating bandwidth 34-75

allocating buffer space 34-74

buffer and bandwidth allocation, described 34-17

configuring shared weights for SRR 34-75

configuring the priority queue 34-76

described 34-4

displaying the threshold map 34-74

flowchart 34-16

mapping DSCP or CoS values 34-73

priority queue, described 34-17

scheduling, described 34-4

setting WTD thresholds 34-73

WTD, described 34-17

QoS (continued)

IP phones

automatic classification and queueing 34-21

detection and trusted settings 34-21, 34-43

limiting bandwidth on egress interface 34-83

mapping tables

CoS-to-DSCP 34-67

displaying 34-84

DSCP-to-CoS 34-70

DSCP-to-DSCP-mutation 34-71

IP-precedence-to-DSCP 34-68

policed-DSCP 34-69

types of 34-13

marked-down actions 34-55, 34-61

marking, described 34-4, 34-9

overview 34-2

packet modification 34-20

policers

configuring 34-55, 34-61, 34-65

described 34-9

displaying 34-84

number of 34-39

types of 34-10

policies, attaching to an interface 34-9

policing

described 34-4, 34-9

token bucket algorithm 34-10

policy maps

characteristics of 34-53

displaying 34-85

hierarchical 34-9

hierarchical on SVIs 34-57

nonhierarchical on physical ports 34-53

QoS label, defined 34-4

QoS (continued)

queues

configuring egress characteristics 34-77

configuring ingress characteristics 34-72

high priority (expedite) 34-20, 34-83

location of 34-14

SRR, described 34-15

WTD, described 34-14

rewrites 34-20

support for 1-12

trust states

bordering another domain 34-45

described 34-5

trusted device 34-43

within the domain 34-41

quality of service

See QoS

queries, IGMP 22-4

query solicitation, IGMP 22-13

R

RADIUS

attributes

vendor-proprietary 8-37

vendor-specific 8-35

configuring

accounting 8-34

authentication 8-29

authorization 8-33

communication, global 8-27, 8-35

communication, per-server 8-27

multiple UDP ports 8-27

default configuration 8-26

defining AAA server groups 8-31

displaying the configuration 8-39

identifying the server 8-27

in clusters 5-15

limiting the services to the user 8-33

RADIUS (continued)

method list, defined 8-26

operation of 8-20

overview 8-18

server load balancing 8-39

suggested network environments 8-19

support for 1-11

tracking services accessed by user 8-34

RADIUS Change of Authorization 8-20

range

macro 11-13

of interfaces 11-12

rapid convergence 17-10

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described 26-9

IEEE 802.1Q trunking interoperability 26-10

instances supported 26-9

Rapid Spanning Tree Protocol

See RSTP

RARP 37-8

rcommand command 5-16

RCP

configuration files

downloading B-17

overview B-16

preparing the server B-16

uploading B-18

image files

deleting old image B-37

downloading B-35

preparing the server B-34

uploading B-37

reachability, tracking IP SLAs IP host 43-9

readiness check

port-based authentication

configuring 9-39

described 9-17, 9-39

reconfirmation interval, VMPS, changing 13-32

reconfirming dynamic VLAN membership 13-31

recovery procedures 48-1

redirect URL 9-20, 9-21, 9-63

redundancy

EtherChannel 35-3

HSRP 41-1

STP

backbone 26-8

path cost 13-26

port priority 13-25

redundant links and UplinkFast 18-14

redundant power system

See Cisco Redundant Power System 2300

reliable transport protocol, EIGRP 37-34

reloading software 3-23

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN 28-2

report suppression, IGMP

described 22-6

disabling 22-16, 39-11

resequencing ACL entries 33-14

reserved addresses in DHCP pools 20-28

resets, in BGP 37-49

resetting a UDLD-shutdown interface 27-6

responder, IP SLAs

described 42-4

enabling 42-8

response time, measuring with IP SLAs 42-4

restricted VLAN

configuring 9-54

described 9-24

using with IEEE 802.1x 9-24

restricting access

NTP services 6-8

overview 8-1

passwords and privilege levels 8-2

RADIUS 8-18

TACACS+ 8-10

retry count, VMPS, changing 13-32

reverse address resolution 37-8

Reverse Address Resolution Protocol

See RARP

RFC

1058, RIP 37-18

1112, IP multicast and IGMP 22-2

1157, SNMPv1 31-2

1163, BGP 37-41

1166, IP addresses 37-5

1253, OSPF 37-24

1267, BGP 37-41

1305, NTP 6-2

1587, NSSAs 37-24

1757, RMON 29-2

1771, BGP 37-41

1901, SNMPv2C 31-2

1902 to 1907, SNMPv2 31-2

2236, IP multicast and IGMP 22-2

2273-2275, SNMPv3 31-2

RFC 5176 Compliance 8-21

RIP

advertisements 37-19

authentication 37-21

configuring 37-20

default configuration 37-19

described 37-19

for IPv6 38-7

hop counts 37-19

RIP (continued)

split horizon 37-22

summary addresses 37-22

support for 1-13

RMON

default configuration 29-3

displaying status 29-7

enabling alarms and events 29-3

groups supported 29-2

overview 29-2

statistics

collecting group Ethernet 29-6

collecting group history 29-5

support for 1-15

root guard

described 18-8

enabling 18-16

support for 1-8

root switch

MSTP 17-18

STP 26-14

route calculation timers, OSPF 37-31

route dampening, BGP 37-60

routed packets, ACLs on 33-39

routed ports

configuring 37-3

defined 11-4

in switch clusters 5-9

IP addresses on 11-26, 37-4

route-map command 37-99

route maps

BGP 37-52

policy-based routing 37-96

router ACLs

defined 33-2

types of 33-4

route reflectors, BGP 37-59

router ID, OSPF 37-32

route selection, BGP 37-50

route summarization, OSPF 37-30

route targets, VPN 37-75

routing

default 37-2

dynamic 37-3

redistribution of information 37-91

static 37-3

routing domain confederation, BGP 37-59

Routing Information Protocol

See RIP

routing protocol administrative distances 37-90

RPS

See Cisco Redundant Power System 2300

RPS 2300

See Cisco Redundant Power System 2300

RSPAN

characteristics 28-8

configuration guidelines 28-16

default configuration 28-10

defined 28-2

destination ports 28-7

displaying status 28-23

interaction with other features 28-8

monitored ports 28-5

monitoring ports 28-7

overview 1-15, 28-1

received traffic 28-4

sessions

creating 28-17

defined 28-3

limiting source traffic to specific VLANs 28-22

specifying monitored ports 28-17

with ingress traffic enabled 28-21

source ports 28-5

transmitted traffic 28-5

VLAN-based 28-6

RSTP

active topology 17-9

BPDU

format 17-12

processing 17-13

designated port, defined 17-9

designated switch, defined 17-9

interoperability with IEEE 802.1D

described 17-8

restarting migration process 17-27

topology changes 17-13

overview 17-9

port roles

described 17-9

synchronized 17-11

proposal-agreement handshake process 17-10

rapid convergence

described 17-10

edge ports and Port Fast 17-10

point-to-point links 17-10, 17-26

root ports 17-10

root port, defined 17-9

See also MSTP

running configuration

replacing B-19, B-20

rolling back B-19, B-21

running configuration, saving 3-16

S

SC (standby command switch) 5-11

scheduled reloads 3-23

scheduling, IP SLAs operations 42-5

SCP

and SSH 8-56

configuring 8-57

SDM

templates

configuring 7-4

number of 7-1

SDM template 40-3

configuration guidelines 7-3

configuring 7-3

dual IPv4 and IPv6 7-2

types of 7-1

secondary VLANs 15-2

Secure Copy Protocol

secure HTTP client

configuring 8-55

displaying 8-56

secure HTTP server

configuring 8-54

displaying 8-56

secure MAC addresses

deleting 23-17

maximum number of 23-10

types of 23-10

secure ports, configuring 23-9

secure remote connections 8-45

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port 23-9

security features 1-9

See SCP

sequence numbers in log messages 30-8

server mode, VTP 14-3

service-provider network, MSTP and RSTP 17-1

service-provider networks

and customer VLANs 16-2

and IEEE 802.1Q tunneling 16-1

Layer 2 protocols across 16-8

Layer 2 protocol tunneling for EtherChannels 16-9

set-request operation 31-4

setup program

failed command switch replacement 48-9

replacing failed command switch 48-8

severity levels, defining in system messages 30-8

SFPs

monitoring status of 11-31, 48-13

security and identification 48-12

status, displaying 48-13

shaped round robin

See SRR

show access-lists hw-summary command 33-21

show and more command output, filtering 2-10

show cdp traffic command 24-5

show cluster members command 5-16

show configuration command 11-25

show forward command 48-20

show interfaces command 11-19, 11-25

show interfaces switchport 19-4

show l2protocol command 16-13, 16-15, 16-16

show lldp traffic command 25-12

show platform forward command 48-20

show platform tcam command 48-24

show running-config command

displaying ACLs 33-19, 33-20, 33-31, 33-34

interface description in 11-25

shutdown command on interfaces 11-33

shutdown threshold for Layer 2 protocol packets 16-11

Simple Network Management Protocol

See SNMP

small-frame arrival rate, configuring 23-5

SNAP 24-1

SNMP

accessing MIB variables with 31-4

agent

described 31-4

disabling 31-7

and IP SLAs 42-2

authentication level 31-10

SNMP (continued)

community strings

configuring 31-8

for cluster switches 31-4

overview 31-4

configuration examples 31-17

default configuration 31-6

engine ID 31-7

groups 31-7, 31-9

host 31-7

ifIndex values 31-5

in-band management 1-6

in clusters 5-15

informs

and trap keyword 31-12

described 31-5

differences from traps 31-5

disabling 31-15

enabling 31-15

limiting access by TFTP servers 31-16

limiting system log messages to NMS 30-10

manager functions 1-5, 31-3

managing clusters with 5-16

MIBs

location of A-4

supported A-1

notifications 31-5

overview 31-1, 31-4

security levels 31-2

setting CPU threshold notification 31-15

status, displaying 31-18

system contact and location 31-16

trap manager, configuring 31-13

traps

described 31-3, 31-5

differences from informs 31-5

disabling 31-15

enabling 31-12

SNMP (continued)

enabling MAC address notification 6-22, 6-24, 6-25

overview 31-1, 31-4

types of 31-12

users 31-7, 31-9

versions supported 31-2

SNMP and Syslog Over IPv6 38-7

SNMPv1 31-2

SNMPv2C 31-2

SNMPv3 31-2

snooping, IGMP 22-2

software images

location in flash B-25

recovery procedures 48-2

scheduling reloads 3-24

tar file format, described B-25

See also downloading and uploading

source addresses

in IPv4 ACLs 33-11

in IPv6 ACLs 40-5

source-and-destination-IP address based forwarding, EtherChannel 35-8

source-and-destination MAC address forwarding, EtherChannel 35-8

source-IP address based forwarding, EtherChannel 35-8

source-MAC address forwarding, EtherChannel 35-7

Source-specific multicast

See SSM

SPAN

configuration guidelines 28-10

default configuration 28-10

destination ports 28-7

displaying status 28-23

interaction with other features 28-8

monitored ports 28-5

monitoring ports 28-7

overview 1-15, 28-1

ports, restrictions 23-12

received traffic 28-4

SPAN (continued)

sessions

configuring ingress forwarding 28-15, 28-22

creating 28-11

defined 28-3

limiting source traffic to specific VLANs 28-15

removing destination (monitoring) ports 28-13

specifying monitored ports 28-11

with ingress traffic enabled 28-14

source ports 28-5

transmitted traffic 28-5

VLAN-based 28-6

spanning tree and native VLANs 13-18

Spanning Tree Protocol

See STP

SPAN traffic 28-4

split horizon, RIP 37-22

SRR

configuring

shaped weights on egress queues 34-81

shared weights on egress queues 34-82

shared weights on ingress queues 34-75

described 34-15

shaped mode 34-15

shared mode 34-15

support for 1-13

SSH

configuring 8-46

cryptographic software image 8-45

described 1-6, 8-45

encryption methods 8-46

user authentication methods, supported 8-46

SSL

configuration guidelines 8-52

configuring a secure HTTP client 8-55

configuring a secure HTTP server 8-54

cryptographic software image 8-49

described 8-49

monitoring 8-56

SSM

address management restrictions 45-16

CGMP limitations 45-16

components 45-14

configuration guidelines 45-15

configuring 45-13, 45-16

differs from Internet standard multicast 45-14

IGMP snooping 45-16

IGMPv3 45-14

IGMPv3 Host Signalling 45-15

IP address range 45-14

monitoring 45-16

operations 45-15

PIM 45-14

state maintenance limitations 45-16

SSM mapping 45-17

configuration guidelines 45-17

configuring 45-17, 45-19

DNS-based 45-18, 45-20

monitoring 45-22

overview 45-18

restrictions 45-18

static 45-18, 45-20

static traffic forwarding 45-21

stacks, switch

MSTP instances supported 26-9

standby command switch

configuring

considerations 5-12

defined 5-2

priority 5-11

requirements 5-3

virtual IP address 5-12

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

standby ip command 41-6

standby links 19-2

standby router 41-1

standby timers, HSRP 41-10

startup configuration

booting

manually 3-20

specific image 3-21

clearing B-19

configuration file

automatically downloading 3-19

specifying the filename 3-19

default boot configuration 3-19

static access ports

assigning to VLAN 13-9

defined 11-3, 13-3

static addresses

See addresses

static IP routing 1-14

static MAC addressing 1-9

static route primary interface,configuring 43-10

static routes

configuring 37-89

configuring for IPv6 38-19

understanding 38-6

static routing 37-3

static routing support, enhanced object tracking 43-10

static SSM mapping 45-18, 45-20

static traffic forwarding 45-21

static VLAN membership 13-2

statistics

802.1X 10-17

802.1x 9-69

CDP 24-5

interface 11-31

IP multicast routing 45-62

LLDP 25-12

LLDP-MED 25-12

NMSP 25-12

OSPF 37-33

QoS ingress and egress 34-84

RMON group Ethernet 29-6

statistics (continued)

RMON group history 29-5

SNMP input and output 31-18

VTP 14-16

sticky learning 23-10

storm control

configuring 23-3

described 23-2

disabling 23-5

displaying 23-20

support for 1-4

thresholds 23-2

STP

accelerating root port selection 18-4

BackboneFast

described 18-5

disabling 18-15

enabling 18-14

BPDU filtering

described 18-3

disabling 18-13

enabling 18-13

BPDU guard

described 18-2

disabling 18-12

enabling 18-12

BPDU message exchange 26-3

configuration guidelines 18-10, 26-12

configuring

forward-delay time 26-21

hello time 26-20

maximum aging time 26-21

path cost 26-18

port priority 26-17

root switch 26-14

secondary root switch 26-16

spanning-tree mode 26-13

switch priority 26-19

transmit hold-count 26-22

STP (continued)

counters, clearing 26-22

default configuration 26-11

default optional feature configuration 18-10

designated port, defined 26-3

designated switch, defined 26-3

detecting indirect link failures 18-5

disabling 26-14

displaying status 26-22

EtherChannel guard

described 18-7

disabling 18-15

enabling 18-15

extended system ID

effects on root switch 26-14

effects on the secondary root switch 26-16

overview 26-4

unexpected behavior 26-15

features supported 1-7

IEEE 802.1D and bridge ID 26-4

IEEE 802.1D and multicast addresses 26-8

IEEE 802.1t and VLAN identifier 26-4

inferior BPDU 26-3

instances supported 26-9

interface state, blocking to forwarding 18-2

interface states

blocking 26-6

disabled 26-7

forwarding 26-5, 26-6

learning 26-6

listening 26-6

overview 26-4

interoperability and compatibility among modes 26-10

Layer 2 protocol tunneling 16-8

limitations with IEEE 802.1Q trunks 26-10

STP (continued)

load sharing

overview 13-24

using path costs 13-26

using port priorities 13-25

loop guard

described 18-9

enabling 18-16

modes supported 26-9

multicast addresses, effect of 26-8

optional features supported 1-8

overview 26-2

path costs 13-26, 13-27

Port Fast

described 18-2

enabling 18-10

port priorities 13-25

preventing root switch selection 18-8

protocols supported 26-9

redundant connectivity 26-8

root guard

described 18-8

enabling 18-16

root port, defined 26-3

root switch

configuring 26-15

effects of extended system ID 26-4, 26-14

election 26-3

unexpected behavior 26-15

shutdown Port Fast-enabled port 18-2

status, displaying 26-22

superior BPDU 26-3

timers, described 26-20

UplinkFast

described 18-3

enabling 18-14

VLAN-bridge 26-10

stratum, NTP 6-2

stub areas, OSPF 37-29

stub routing, EIGRP 37-39

subdomains, private VLAN 15-1

subnet mask 37-5

subnet zero 37-6

success response, VMPS 13-28

summer time 6-13

SunNet Manager 1-5

supernet 37-6

supported port-based authentication methods 9-8

SVI autostate exclude

configuring 11-27

defined 11-5

SVI link state 11-5

SVIs

and IP unicast routing 37-3

and router ACLs 33-4

connecting VLANs 11-10

defined 11-4

routing between VLANs 13-2

switch 38-2

switch clustering technology 5-1

See also clusters, switch

switch console port 1-6

Switch Database Management

See SDM

switched packets, ACLs on 33-38

Switched Port Analyzer

See SPAN

switched ports 11-2

switchport backup interface 19-4, 19-5

switchport block multicast command 23-8

switchport block unicast command 23-8

switchport command 11-15

switchport mode dot1q-tunnel command 16-6

switchport protected command 23-7

switch priority

MSTP 17-23

STP 26-19

switch software features 1-1

switch virtual interface

See SVI

synchronization, BGP 37-46

syslog

See system message logging

system capabilities TLV 25-2

system clock

configuring

daylight saving time 6-13

manually 6-11

summer time 6-13

time zones 6-12

displaying the time and date 6-12

overview 6-1

See also NTP

system description TLV 25-2

system message logging

default configuration 30-3

defining error message severity levels 30-8

disabling 30-4

displaying the configuration 30-13

enabling 30-4

facility keywords, described 30-13

level keywords, described 30-9

limiting messages 30-10

message format 30-2

overview 30-1

sequence numbers, enabling and disabling 30-8

setting the display destination device 30-5

synchronizing log messages 30-6

syslog facility 1-15

time stamps, enabling and disabling 30-7

UNIX syslog servers

configuring the daemon 30-12

configuring the logging facility 30-12

facilities supported 30-13

system MTU

and IS-IS LSPs 37-67

system MTU and IEEE 802.1Q tunneling 16-5

system name

default configuration 6-15

default setting 6-15

manual configuration 6-15

See also DNS

system name TLV 25-2

system prompt, default setting 6-14, 6-15

system resources, optimizing 7-1

system routing

IS-IS 37-63

ISO IGRP 37-63

T

TACACS+

accounting, defined 8-11

authentication, defined 8-11

authorization, defined 8-11

configuring

accounting 8-17

authentication key 8-13

authorization 8-16

login authentication 8-14

default configuration 8-13

displaying the configuration 8-18

identifying the server 8-13

in clusters 5-15

limiting the services to the user 8-16

operation of 8-12

overview 8-10

support for 1-11

tracking services accessed by user 8-17

tagged packets

IEEE 802.1Q 16-3

Layer 2 protocol 16-8

tar files

creating B-6

displaying the contents of B-6

extracting B-7

image file format B-25

TCAM

memory consistency check errors

displaying 48-24

example 48-24

memory consistency check routines 1-5, 48-24

memory consistency integrity 1-5, 48-24

portions 48-24

space

HFTM 48-24

HQATM 48-24

unassigned 48-24

TCL script, registering and defining with embedded event manager 32-6

TDR 1-15

Telnet

accessing management interfaces 2-10

number of connections 1-6

setting a password 8-6

temporary self-signed certificate 8-50

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password 8-6

ternary content addressable memory

See TCAM

TFTP

configuration files

downloading B-11

preparing the server B-10

uploading B-12

configuration files in base directory 3-8

configuring for autoconfiguration 3-8

TFTP (continued)

image files

deleting B-28

downloading B-27

preparing the server B-26

uploading B-29

limiting access by servers 31-16

TFTP server 1-5

threshold, traffic level 23-2

threshold monitoring, IP SLAs 42-6

time

See NTP and system clock

Time Domain Reflector

See TDR

time-range command 33-16

time ranges in ACLs 33-16

time stamps in log messages 30-7

time zones 6-12

TLVs

defined 25-1

LLDP 25-2

LLDP-MED 25-2

Token Ring VLANs

support for 13-6

VTP support 14-4

ToS 1-12

traceroute, Layer 2

and ARP 48-15

and CDP 48-15

broadcast traffic 48-15

described 48-15

IP addresses and subnets 48-15

MAC addresses and VLANs 48-15

multicast traffic 48-15

multiple devices on a port 48-16

unicast traffic 48-15

usage guidelines 48-15

traceroute command 48-17

See also IP traceroute

tracked lists

configuring 43-3

types 43-3

tracked objects

by Boolean expression 43-4

by threshold percentage 43-6

by threshold weight 43-5

tracking interface line-protocol state 43-2

tracking IP routing state 43-2

tracking objects 43-1

tracking process 43-1

track state, tracking IP SLAs 43-9

traffic

blocking flooded 23-8

fragmented 33-5

fragmented IPv6 40-2

unfragmented 33-5

traffic policing 1-12

traffic suppression 23-2

transmit hold-count

see STP

transparent mode, VTP 14-3

trap-door mechanism 3-2

traps

configuring MAC address notification 6-22, 6-24, 6-25

configuring managers 31-12

defined 31-3

enabling 6-22, 6-24, 6-25, 31-12

notification types 31-12

overview 31-1, 31-4

troubleshooting

connectivity problems 48-13, 48-14, 48-16

CPU utilization 48-25

detecting unidirectional links 27-1

displaying crash information 48-23

PIMv1 and PIMv2 interoperability problems 45-35

setting packet forwarding 48-20

SFP security and identification 48-12

show forward command 48-20

troubleshooting (continued)

with CiscoWorks 31-4

with debug commands 48-19

with ping 48-13

with system message logging 30-1

with traceroute 48-16

trunk failover

See link-state tracking

trunking encapsulation 1-8

trunk ports

configuring 13-21

defined 11-3, 13-3

encapsulation 13-21, 13-26, 13-27

trunks

allowed-VLAN list 13-22

configuring 13-21, 13-26, 13-27

ISL 13-16

load sharing

setting STP path costs 13-26

using STP port priorities 13-25

native VLAN for untagged traffic 13-24

parallel 13-26

pruning-eligible list 13-23

to non-DTP device 13-17

trusted boundary for QoS 34-43

trusted port states

between QoS domains 34-45

classification options 34-5

ensuring port security for IP phones 34-43

support for 1-12

within a QoS domain 34-41

trustpoints, CA 8-50

tunneling

defined 16-1

IEEE 802.1Q 16-1

Layer 2 protocol 16-8

tunnel ports

defined 13-4

described 11-3, 16-1

IEEE 802.1Q, configuring 16-6

incompatibilities with other features 16-6

twisted-pair Ethernet, detecting unidirectional links 27-1

type of service

See ToS

U

UDLD

configuration guidelines 27-4

default configuration 27-4

disabling

globally 27-5

on fiber-optic interfaces 27-5

per interface 27-5

echoing detection mechanism 27-2

enabling

globally 27-5

per interface 27-5

Layer 2 protocol tunneling 16-10

link-detection mechanism 27-1

neighbor database 27-2

overview 27-1

resetting an interface 27-6

status, displaying 27-6

support for 1-7

UDP, configuring 37-14

UDP jitter, configuring 42-10

UDP jitter operation, IP SLAs 42-9

unauthorized ports with IEEE 802.1x 9-11

unicast MAC address filtering 1-6

and adding static addresses 6-28

and broadcast MAC addresses 6-27

and CPU packets 6-27

and multicast addresses 6-27

and router MAC addresses 6-27

unicast MAC address filtering (continued)

configuration guidelines 6-27

described 6-27

unicast storm 23-2

unicast storm control command 23-4

unicast traffic, blocking 23-8

UniDirectional Link Detection protocol

See UDLD

UNIX syslog servers

daemon configuration 30-12

facilities supported 30-13

message logging configuration 30-12

unrecognized Type-Length-Value (TLV) support 14-4

upgrading software images

See downloading

UplinkFast

described 18-3

disabling 18-14

enabling 18-14

support for 1-7

uploading

configuration files

preparing B-10, B-13, B-16

reasons for B-8

using FTP B-15

using RCP B-18

using TFTP B-12

image files

preparing B-26, B-30, B-34

reasons for B-24

using FTP B-33

using RCP B-37

using TFTP B-29

User Datagram Protocol

See UDP

user EXEC mode 2-2

username-based authentication 8-7

V

version-dependent transparent mode 14-4

virtual IP address

cluster standby group 5-12

command switch 5-12

Virtual Private Network

See VPN

virtual router 41-1, 41-2

virtual switches and PAgP 35-5

vlan.dat file 13-5

VLAN 1, disabling on a trunk port 13-22

VLAN 1 minimization 13-22

VLAN ACLs

See VLAN maps

vlan-assignment response, VMPS 13-28

VLAN configuration

at bootup 13-7

saving 13-7

VLAN configuration mode 2-2

VLAN database

and startup configuration file 13-7

and VTP 14-1

VLAN configuration saved in 13-7

VLANs saved in 13-4

vlan dot1q tag native command 16-5

VLAN filtering and SPAN 28-6

vlan global configuration command 13-7

VLAN ID, discovering 6-30

VLAN link state 11-5

VLAN load balancing on flex links 19-3

configuration guidelines 19-8

VLAN management domain 14-2

VLAN Management Policy Server

See VMPS

VLAN map entries, order of 33-30

VLAN maps

applying 33-34

common uses for 33-34

configuration guidelines 33-30

configuring 33-29

creating 33-31

defined 33-2

denying access to a server example 33-35

denying and permitting packets 33-31

displaying 33-41

examples of ACLs and VLAN maps 33-32

removing 33-34

support for 1-10

wiring closet configuration example 33-35

VLAN membership

confirming 13-31

modes 13-3

VLAN Query Protocol

See VQP

VLANs

adding 13-8

adding to VLAN database 13-8

aging dynamic addresses 26-9

allowed on trunk 13-22

and spanning-tree instances 13-3, 13-6, 13-11

configuration guidelines, extended-range VLANs 13-11

configuration guidelines, normal-range VLANs 13-6

configuring 13-1

configuring IDs 1006 to 4094 13-11

connecting through SVIs 11-10

creating 13-8

customer numbering in service-provider networks 16-3

default configuration 13-7

deleting 13-9

described 11-2, 13-1

displaying 13-15

extended-range 13-1, 13-11

VLANs (continued)

features 1-8

illustrated 13-2

internal 13-12

limiting source traffic with RSPAN 28-22

limiting source traffic with SPAN 28-15

modifying 13-8

multicast 22-18

native, configuring 13-24

normal-range 13-1, 13-4

number supported 1-8

parameters 13-5

port membership modes 13-3

static-access ports 13-9

STP and IEEE 802.1Q trunks 26-10

supported 13-2

Token Ring 13-6

traffic between 13-2

VLAN-bridge STP 26-10, 47-2

VTP modes 14-3

VLAN Trunking Protocol

See VTP

VLAN trunks 13-16

VMPS

administering 13-33

configuration example 13-33

configuration guidelines 13-29

default configuration 13-29

description 13-28

dynamic port membership

described 13-29

reconfirming 13-32

troubleshooting 13-33

entering server address 13-30

mapping MAC addresses to VLANs 13-28

monitoring 13-33

reconfirmation interval, changing 13-32

reconfirming membership 13-31

retry count, changing 13-32

voice aware 802.1x security

port-based authentication

configuring 9-40

described 9-32, 9-40

voice-over-IP 12-1

voice VLAN

Cisco 7960 phone, port connections 12-1

configuration guidelines 12-3

configuring IP phones for data traffic

override CoS of incoming frame 12-7

trust CoS priority of incoming frame 12-7

configuring ports for voice traffic in

802.1p priority tagged frames 12-6

802.1Q frames 12-5

connecting to an IP phone 12-5

default configuration 12-3

described 12-1

displaying 12-8

IP phone data traffic, described 12-3

IP phone voice traffic, described 12-2

VPN

configuring routing in 37-82

forwarding 37-75

in service provider networks 37-72

routes 37-73

VPN routing and forwarding table

See VRF

VQP 1-8, 13-28

VRF

defining 37-75

tables 37-72

VRF-aware services

ARP 37-79

configuring 37-78

ftp 37-81

HSRP 37-80

ping 37-79

RADIUS 37-80

SNMP 37-79

VRF-aware services (continued)

syslog 37-80

tftp 37-81

traceroute 37-81

VTP

adding a client to a domain 14-15

advertisements 13-19, 14-3, 14-4

and extended-range VLANs 13-3, 14-1

and normal-range VLANs 13-2, 14-1

client mode, configuring 14-12

configuration

guidelines 14-8

requirements 14-10

saving 14-8

configuration requirements 14-10

configuration revision number

guideline 14-15

resetting 14-16

consistency checks 14-4

default configuration 14-7

described 14-1

domain names 14-8

domains 14-2

Layer 2 protocol tunneling 16-8

modes

client 14-3

off 14-3

server 14-3

transitions 14-3

transparent 14-3

monitoring 14-16

passwords 14-8

pruning

disabling 14-14

enabling 14-14

examples 14-6

overview 14-5

support for 1-8

pruning-eligible list, changing 13-23

VTP (continued)

server mode, configuring 14-10, 14-13

statistics 14-16

support for 1-8

Token Ring support 14-4

transparent mode, configuring 14-10

using 14-1

Version

enabling 14-13

version, guidelines 14-9

Version 1 14-4

Version 2

configuration guidelines 14-9

overview 14-4

Version 3

overview 14-5

W

WCCP

authentication 44-3

configuration guidelines 44-5

default configuration 44-5

described 44-1

displaying 44-9

dynamic service groups 44-3

enabling 44-6

features unsupported 44-4

forwarding method 44-3

Layer-2 header rewrite 44-3

MD5 security 44-3

message exchange 44-2

monitoring and maintaining 44-9

negotiation 44-3

packet redirection 44-3

packet-return method 44-3

redirecting traffic received from a client 44-6

setting the password 44-6

unsupported WCCPv2 features 44-4

web authentication 9-17

configuring 10-16 to ??

described 1-9

web-based authentication

customizeable web pages 10-6

description 10-1

web-based authentication, interactions with other features 10-7

Web Cache Communication Protocol

See WCCP

weighted tail drop

See WTD

weight thresholds in tracked lists 43-5

wired location service

configuring 25-10

displaying 25-12

location TLV 25-3

understanding 25-3

wizards 1-2

WTD

described 34-14

setting thresholds

egress queue-sets 34-78

ingress queues 34-73

support for 1-13

X

Xmodem protocol 48-2

Index

A

AAA down policy, NAC Layer 2 IP validation 1-11

abbreviating commands 2-4

ABRs 37-24

AC (command switch) 5-11

access-class command 33-19

access control entries

See ACEs

access control entry (ACE) 40-3

access-denied response, VMPS 13-28

access groups

applying IPv4 ACLs to interfaces 33-20

Layer 2 33-20

Layer 3 33-20

accessing

clusters, switch 5-14

command switches 5-12

member switches 5-14

switch clusters 5-14

access lists

See ACLs

access ports

and Layer 2 protocol tunneling 16-11

defined 11-3

in switch clusters 5-10

access template 7-1

accounting

with 802.1x 9-52

with IEEE 802.1x 9-16

with RADIUS 8-34

with TACACS+ 8-11, 8-17

A CEs

and QoS 34-8

defined 33-2

Ethernet 33-2

IP 33-2

ACLs

ACEs 33-2

any keyword 33-12

applying

on bridged packets 33-38

on multicast packets 33-40

on routed packets 33-39

on switched packets 33-38

time ranges to 33-16

to an interface 33-19, 40-7

to IPv6 interfaces 40-7

to QoS 34-8

classifying traffic for QoS 34-48

comments in 33-18

compiling 33-22

defined 33-1, 33-7

examples of 33-22, 34-48

extended IP, configuring for QoS classification 34-49

extended IPv4

creating 33-10

matching criteria 33-7

hardware and software handling 33-21

host keyword 33-12

ACLs (continued)

IP

creating 33-7

fragments and QoS guidelines 34-38

implicit deny 33-9, 33-13, 33-15

implicit masks 33-9

matching criteria 33-7

undefined 33-20

IPv4

applying to interfaces 33-19

creating 33-7

matching criteria 33-7

named 33-14

numbers 33-8

terminal lines, setting on 33-19

unsupported features 33-6

IPv6

applying to interfaces 40-7

configuring 40-3, 40-4

displaying 40-8

interactions with other features 40-4

limitations 40-3

matching criteria 40-3

named 40-3

precedence of 40-2

supported 40-2

unsupported features 40-3

Layer 4 information in 33-37

logging messages 33-8

MAC extended 33-27, 34-50

matching 33-7, 33-20, 40-3

monitoring 33-41, 40-8

named, IPv4 33-14

named, IPv6 40-3

names 40-4

number per QoS class map 34-38

port 33-2, 40-1

precedence of 33-3

QoS 34-8, 34-48

ACLs (continued)

resequencing entries 33-14

router 33-2, 40-1

router ACLs and VLAN map configuration guidelines 33-37

standard IP, configuring for QoS classification 34-48

standard IPv4

creating 33-9

matching criteria 33-7

support for 1-9

support in hardware 33-21

time ranges 33-16

types supported 33-2

unsupported features, IPv4 33-6

unsupported features, IPv6 40-3

using router ACLs with VLAN maps 33-36

VLAN maps

configuration guidelines 33-30

configuring 33-29

active link 19-4, 19-5, 19-6

active links 19-2

active router 41-1

active traffic monitoring, IP SLAs 42-1

address aliasing 22-2

addresses

displaying the MAC address table 6-30

dynamic

accelerated aging 26-8

changing the aging time 6-21

default aging 26-8

defined 6-19

learning 6-20

removing 6-22

IPv6 38-2

MAC, discovering 6-30

multicast

group address range 45-3

STP address management 26-8

addresses (continued)

static

adding and removing 6-26

defined 6-19

address resolution 6-30, 37-8

Address Resolution Protocol

See ARP

adjacency tables, with CEF 37-88

administrative distances

defined 37-101

OSPF 37-31

routing protocol defaults 37-90

advertisements

CDP 24-1

LLDP 25-1, 25-2

RIP 37-19

VTP 13-19, 14-3, 14-4

aggregatable global unicast addresses 38-3

aggregate addresses, BGP 37-58

aggregated ports

See EtherChannel

aggregate policers 34-64

aggregate policing 1-12

aging, accelerating 26-8

aging time

accelerated

for MSTP 17-24

for STP 26-8, 26-21

MAC address table 6-21

maximum

for MSTP 17-25

for STP 26-21, 26-22

alarms, RMON 29-4

allowed-VLAN list 13-22

application engines, redirecting traffic to 44-1

area border routers

See ABRs

area routing

IS-IS 37-63

ISO IGRP 37-63

ARP

configuring 37-9

defined 1-6, 6-30, 37-8

encapsulation 37-9

static cache configuration 37-9

table

address resolution 6-30

managing 6-30

ASBRs 37-24

AS-path filters, BGP 37-52

asymmetrical links, and IEEE 802.1Q tunneling 16-4

attributes, RADIUS

vendor-proprietary 8-37

vendor-specific 8-35

attribute-value pairs 9-13, 9-16, 9-21, 9-22

authentication

EIGRP 37-38

HSRP 41-10

local mode with AAA 8-44

NTP associations 6-5

open1x 9-31

RADIUS

key 8-27

login 8-29

TACACS+

defined 8-11

key 8-13

login 8-14

See also port-based authentication

authentication compatibility with Catalyst 6000 switches 9-9

authentication failed VLAN

See restricted VLAN

authentication keys, and routing protocols 37-102

authentication manager

CLI commands 9-10

compatibility with older 802.1x CLI commands 9-10 to ??

overview 9-8

authoritative time source, described 6-2

authorization

with RADIUS 8-33

with TACACS+ 8-11, 8-16

authorized ports with IEEE 802.1x 9-11

autoconfiguration 3-3

auto enablement 9-33

automatic discovery

considerations

beyond a noncandidate device 5-8

brand new switches 5-10

connectivity 5-5

different VLANs 5-7

management VLANs 5-8

non-CDP-capable devices 5-7

noncluster-capable devices 5-7

routed ports 5-9

in switch clusters 5-5

See also CDP

automatic QoS