Skip to content
Skip to search
Skip to footer

Catalyst 3560 Software Configuration Guide, Release 12.2(58)SE

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Available Languages

Download Options

Book Title

Catalyst 3560 Software Configuration Guide, Release 12.2(58)SE

Chapter Title

Index

PDF - Complete Book (12.86 MB) PDF - This Chapter (1.68 MB)
View with Adobe Reader on a variety of devices

Results

Updated:: August 12, 2010

Chapter: Index

Index

A

AAA down policy, NAC Layer 2 IP validation 1-11

abbreviating commands 2-3

ABRs 37-24

AC (command switch) 5-10

access-class command 33-20

access control entries

access control entry (ACE) 40-3

access-denied response, VMPS 13-25

access groups

applying IPv4 ACLs to interfaces 33-21

Layer 2 33-21

Layer 3 33-21

accessing

clusters, switch 5-13

command switches 5-11

member switches 5-13

switch clusters 5-13

access lists

access ports

and Layer 2 protocol tunneling 16-10

defined 11-3

in switch clusters 5-9

access template 7-1

accounting

with 802.1x 9-48

with IEEE 802.1x 9-15

with RADIUS 8-33

with TACACS+ 8-11, 8-17

ACEs

and QoS 34-8

defined 33-2

Ethernet 33-2

ACLs

ACEs 33-2

any keyword 33-13

applying

on bridged packets 33-41

on multicast packets 33-42

on routed packets 33-42

on switched packets 33-40

time ranges to 33-17

to an interface 33-20, 40-7

to IPv6 interfaces 40-7

to QoS 34-8

classifying traffic for QoS 34-49

comments in 33-19

compiling 33-23

defined 33-1, 33-7

examples of 33-23, 34-49

extended IP, configuring for QoS classification 34-50

extended IPv4

creating 33-10

matching criteria 33-7

hardware and software handling 33-22

host keyword 33-13

IP

creating 33-7

fragments and QoS guidelines 34-39

implicit deny 33-10, 33-14, 33-16

implicit masks 33-10

matching criteria 33-7

undefined 33-21

IPv4

applying to interfaces 33-20

creating 33-7

matching criteria 33-7

named 33-15

numbers 33-8

terminal lines, setting on 33-19

unsupported features 33-6

IPv6

applying to interfaces 40-7

configuring 40-3, 40-4

displaying 40-8

interactions with other features 40-4

limitations 40-2, 40-3

matching criteria 40-3

named 40-2

precedence of 40-2

supported 40-2

unsupported features 40-3

Layer 4 information in 33-40

logging messages 33-8

MAC extended 33-28, 34-51

matching 33-7, 33-21, 40-3

monitoring 33-43, 40-8

named, IPv4 33-15

named, IPv6 40-2

names 40-4

number per QoS class map 34-39

port 33-2, 40-1

precedence of 33-2

QoS 34-8, 34-49

resequencing entries 33-15

router 33-2, 40-1

router ACLs and VLAN map configuration guidelines 33-39

standard IP, configuring for QoS classification 34-49

standard IPv4

creating 33-9

matching criteria 33-7

support for 1-10

support in hardware 33-22

time ranges 33-17

types supported 33-2

unsupported features, IPv4 33-6

unsupported features, IPv6 40-3

using router ACLs with VLAN maps 33-39

VLAN maps

configuration guidelines 33-31

configuring 33-30

active link 19-3, 19-5

active links 19-1

active router 41-2

active traffic monitoring, IP SLAs 42-1

address aliasing 22-2

addresses

displaying the MAC address table 6-23

dynamic

accelerated aging 26-8

changing the aging time 6-14

default aging 26-8

defined 6-12

learning 6-13

removing 6-15

IPv6 38-2

MAC, discovering 6-23

multicast

group address range 45-3

STP address management 26-8

static

adding and removing 6-19

defined 6-12

address resolution 6-23, 37-8

Address Resolution Protocol

adjacency tables, with CEF 37-88

administrative distances

defined 37-100

OSPF 37-31

routing protocol defaults 37-90

advertisements

CDP 24-1

LLDP 25-1, 25-2

VTP 13-16, 14-3, 14-4

aggregatable global unicast addresses 38-3

aggregate addresses, BGP 37-58

aggregated ports

See EtherChannel

aggregate policers 34-66

aggregate policing 1-13

aging, accelerating 26-8

aging time

accelerated

for MSTP 17-23

for STP 26-8, 26-21

MAC address table 6-14

maximum

for MSTP 17-23, 17-24

for STP 26-21, 26-22

alarms, RMON 29-3

allowed-VLAN list 13-18

application engines, redirecting traffic to 44-1

area border routers

area routing

IS-IS 37-63

ISO IGRP 37-63

ARP

configuring 37-8

defined 1-6, 6-23, 37-8

encapsulation 37-9

static cache configuration 37-8

table

address resolution 6-23

managing 6-23

ASBRs 37-24

AS-path filters, BGP 37-52

asymmetrical links, and IEEE 802.1Q tunneling 16-4

attributes, RADIUS

vendor-proprietary 8-36

vendor-specific 8-34

attribute-value pairs 9-12, 9-15, 9-20, 9-21

authentication

EIGRP 37-38

HSRP 41-10

local mode with AAA 8-42

open1x 9-29

RADIUS

key 8-26

login 8-28

TACACS+

defined 8-11

key 8-13

login 8-14

See also port-based authentication

authentication compatibility with Catalyst 6000 switches 9-8

authentication failed VLAN

See restricted VLAN

authentication keys, and routing protocols 37-100

authentication manager

CLI commands 9-9

compatibility with older 802.1x CLI commands 9-9 to ??

overview 9-7

authoritative time source, described 6-2

authorization

with RADIUS 8-32

with TACACS+ 8-11, 8-16

authorized ports with IEEE 802.1x 9-10

autoconfiguration 3-3

auto enablement 9-30

automatic discovery

considerations

beyond a noncandidate device 5-8

brand new switches 5-9

connectivity 5-4

different VLANs 5-7

management VLANs 5-7

non-CDP-capable devices 5-6

noncluster-capable devices 5-6

routed ports 5-8

in switch clusters 5-4

automatic QoS

automatic recovery, clusters 5-10

auto-MDIX

configuring 11-21

described 11-20

autonegotiation

duplex mode 1-4

interface configuration guidelines 11-18

mismatches 48-11

autonomous system boundary routers

autonomous systems, in BGP 37-46

Auto-QoS video devices 1-13

Auto-RP, described 45-6

autosensing, port speed 1-4

autostate exclude 11-5

auxiliary VLAN

availability, features 1-7

B

BackboneFast

described 18-5

disabling 18-14

enabling 18-13

support for 1-8

backup interfaces

backup links 19-1

backup static routing, configuring 43-11

banners

configuring

login 6-12

message-of-the-day login 6-11

default configuration 6-10

when displayed 6-10

Berkeley r-tools replacement 8-54

BGP

aggregate addresses 37-58

aggregate routes, configuring 37-58

CIDR 37-58

clear commands 37-61

community filtering 37-55

configuring neighbors 37-56

default configuration 37-43

described 37-42

enabling 37-46

monitoring 37-61

multipath support 37-50

neighbors, types of 37-46

path selection 37-50

peers, configuring 37-56

prefix filtering 37-54

resetting sessions 37-49

route dampening 37-60

route maps 37-52

route reflectors 37-59

routing domain confederation 37-59

routing session with multi-VRF CE 37-82

show commands 37-61

supernets 37-58

support for 1-14

Version 4 37-42

binding cluster group and HSRP group 41-12

binding database

address, DHCP server

See DHCP, Cisco IOS server database

DHCP snooping

See DHCP snooping binding database

bindings

address, Cisco IOS DHCP server 20-6

DHCP snooping database 20-6

IP source guard 20-15

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets 23-7

Boolean expressions in tracked lists 43-4

booting

boot loader, function of 3-2

boot process 3-1

manually 3-18

specific image 3-19

boot loader

accessing 3-19

described 3-2

environment variables 3-19

prompt 3-19

trap-door mechanism 3-2

bootstrap router (BSR), described 45-7

Border Gateway Protocol

BPDU

error-disabled state 18-2

filtering 18-3

RSTP format 17-12

BPDU filtering

described 18-3

disabling 18-12

enabling 18-12

support for 1-8

BPDU guard

described 18-2

disabling 18-12

enabling 18-11

support for 1-8

bridged packets, ACLs on 33-41

bridge groups

See fallback bridging

bridge protocol data unit

broadcast flooding 37-16

broadcast packets

directed 37-13

flooded 37-13

broadcast storm-control command 23-4

broadcast storms 23-1, 37-13

C

cables, monitoring for unidirectional links 27-1

candidate switch

automatic discovery 5-4

defined 5-3

requirements 5-3

See also command switch, cluster standby group, and member switch

Catalyst 6000 switches

authentication compatibility 9-8

CA trustpoint

configuring 8-51

defined 8-48

CDP

and trusted boundary 34-45

automatic discovery in switch clusters 5-4

configuring 24-2

default configuration 24-2

defined with LLDP 25-1

described 24-1

disabling for routing device 24-3 to 24-4

enabling and disabling

on an interface 24-4

on a switch 24-3

Layer 2 protocol tunneling 16-7

monitoring 24-5

overview 24-1

power negotiation extensions 11-7

support for 1-6

transmission timer and holdtime, setting 24-2

updates 24-2

CEF

defined 37-87

enabling 37-88

IPv6 38-18

CGMP

as IGMP snooping learning method 22-8

clearing cached group entries 45-61

enabling server support 45-43

joining multicast group 22-3

overview 45-9

server support only 45-9

switch support of 1-4

CIDR 37-58

CipherSuites 8-50

Cisco 7960 IP Phone 12-1

Cisco Discovery Protocol

Cisco Express Forwarding

Cisco Group Management Protocol

Cisco intelligent power management 11-7

Cisco IOS DHCP server

See DHCP, Cisco IOS DHCP server

Cisco IOS File System

Cisco IOS IP SLAs 42-2

Cisco Redundant Power System 2300

configuring 11-29

managing 11-29

Cisco Secure ACS

attribute-value pairs for downloadable ACLs 9-21

attribute-value pairs for redirect URL 9-20

Cisco Secure ACS configuration guide 9-59

CiscoWorks 2000 1-5, 31-4

CISP 9-30

CIST regional root

CIST root

civic location 25-3

classless interdomain routing

classless routing 37-6

class maps for QoS

configuring 34-52

described 34-8

displaying 34-86

class of service

clearing interfaces 11-32

CLI

abbreviating commands 2-3

command modes 2-1

configuration logging 2-4

described 1-5

editing features

enabling and disabling 2-6

keystroke editing 2-7

wrapped lines 2-8

error messages 2-4

filtering command output 2-9

getting help 2-3

history

changing the buffer size 2-5

described 2-5

disabling 2-6

recalling commands 2-6

managing clusters 5-15

no and default forms of commands 2-4

Client Information Signalling Protocol

client mode, VTP 14-3

client processes, tracking 43-1

CLNS

clock

See system clock

clusters, switch

accessing 5-13

automatic discovery 5-4

automatic recovery 5-10

benefits 1-2

compatibility 5-4

described 5-1

LRE profile considerations 5-14

managing

through CLI 5-15

through SNMP 5-15

planning 5-4

planning considerations

automatic discovery 5-4

automatic recovery 5-10

CLI 5-15

host names 5-13

IP addresses 5-13

LRE profiles 5-14

passwords 5-13

RADIUS 5-14

SNMP 5-14, 5-15

TACACS+ 5-14

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

and HSRP group 41-12

automatic recovery 5-12

considerations 5-11

defined 5-2

requirements 5-3

virtual IP address 5-11

CNS 1-6

Configuration Engine

configID, deviceID, hostname 4-3

configuration service 4-2

described 4-1

event service 4-3

embedded agents

described 4-5

enabling automated configuration 4-6

enabling configuration agent 4-9

enabling event agent 4-7

management functions 1-5

CoA Request Commands 8-23

Coarse Wave Division Multiplexer

command-line interface

command modes 2-1

commands

abbreviating 2-3

no and default 2-4

commands, setting privilege levels 8-8

command switch

accessing 5-11

active (AC) 5-10

configuration conflicts 48-11

defined 5-2

passive (PC) 5-10

password privilege levels 5-15

priority 5-10

recovery

from command-switch failure 5-10, 48-7

from lost member connectivity 48-11

redundant 5-10

replacing

with another switch 48-9

with cluster member 48-8

requirements 5-3

standby (SC) 5-10

See also candidate switch, cluster standby group, member switch, and standby command switch

community list, BGP 37-55

community ports 15-2

community strings

configuring 5-14, 31-8

for cluster switches 31-4

in clusters 5-14

overview 31-4

SNMP 5-14

community VLANs 15-2, 15-3

compatibility, feature 23-12

config.text 3-17

configurable leave timer, IGMP 22-5

configuration, initial

defaults 1-17

Express Setup 1-2

configuration changes, logging 30-10

configuration conflicts, recovering from lost member connectivity 48-11

configuration examples, network 1-20

configuration files

archiving A-19

clearing the startup configuration A-18

creating using a text editor A-9

default name 3-17

deleting a stored configuration A-18

described A-8

downloading

automatically 3-17

preparing A-10, A-12, A-15

reasons for A-8

using FTP A-13

using RCP A-16

using TFTP A-11

guidelines for creating and using A-8

guidelines for replacing and rolling back A-20

invalid combinations when copying A-5

limiting TFTP server access 31-16

obtaining with DHCP 3-8

password recovery disable considerations 8-5

replacing a running configuration A-18, A-19

rolling back a running configuration A-18, A-20

specifying the filename 3-17

system contact and location information 31-16

types and location A-9

uploading

preparing A-10, A-12, A-15

reasons for A-8

using FTP A-14

using RCP A-17

using TFTP A-11

configuration guidelines, multi-VRF CE 37-75

configuration logger 30-10

configuration logging 2-4

configuration replacement A-18

configuration rollback A-18, A-19

configuration settings, saving 3-15

configure terminal command 11-11

configuring 802.1x user distribution 9-55

configuring port-based authentication violation modes 9-39

configuring small-frame arrival rate 23-5

Configuring VACL Logging 33-37

conflicts, configuration 48-11

connections, secure remote 8-44

connectivity problems 48-13, 48-14, 48-16

consistency checks in VTP Version 2 14-4

console port, connecting to 2-9

content-routing technology

control protocol, IP SLAs 42-4

corrupted software, recovery steps with Xmodem 48-2

CoS

in Layer 2 frames 34-2

override priority 12-6

trust priority 12-6

CoS input queue threshold map for QoS 34-17

CoS output queue threshold map for QoS 34-19

CoS-to-DSCP map for QoS 34-68

counters, clearing interface 11-32

CPU utilization, troubleshooting 48-24

crashinfo file 48-22

critical authentication, IEEE 802.1x 9-52

critical VLAN 9-23

cryptographic software image

Kerberos 8-38

SSH 8-43

SSL 8-48

customer edge devices 37-73

customjzeable web pages, web-based authentication 10-6

CWDM SFPs 1-26

D

DACL

See downloadable ACL

daylight saving time 6-6

debugging

enabling all system diagnostics 48-19

enabling for a specific feature 48-19

redirecting error message output 48-20

using commands 48-18

default commands 2-4

default configuration

802.1x 9-33

auto-QoS 34-22

banners 6-10

CDP 24-2

DHCP 20-8

DHCP option 82 20-8

DHCP snooping 20-8

DHCP snooping binding database 20-8

DNS 6-9

dynamic ARP inspection 21-5

EIGRP 37-35

EtherChannel 35-10

Ethernet interfaces 11-15

fallback bridging 47-3

Flex Links 19-7, 19-8

HSRP 41-5

IEEE 802.1Q tunneling 16-4

IGMP 45-38

IGMP filtering 22-24

IGMP snooping 22-6, 39-5, 39-6

IGMP throttling 22-24

initial switch information 3-3

IP addressing, IP routing 37-4

IP multicast routing 45-10

IP SLAs 42-6

IP source guard 20-17

IPv6 38-10

IS-IS 37-64

Layer 2 interfaces 11-15

Layer 2 protocol tunneling 16-10

LLDP 25-5

MAC address table 6-14

MAC address-table move update 19-8

MSDP 46-4

MSTP 17-14

multi-VRF CE 37-75

optional spanning-tree configuration 18-9

OSPF 37-25

password and privilege level 8-2

private VLANs 15-6

RADIUS 8-25

RMON 29-3

RSPAN 28-9

SDM template 7-3

SNMP 31-6

SPAN 28-9

SSL 8-50

standard QoS 34-37

system message logging 30-3

system name and prompt 6-8

TACACS+ 8-13

UDLD 27-4

VLAN, Layer 2 Ethernet interfaces 13-16

VLANs 13-7

VMPS 13-26

voice VLAN 12-3

VTP 14-7

WCCP 44-5

default gateway 3-14, 37-11

default networks 37-91

default router preference

default routes 37-90

default routing 37-2

default web-based authentication configuration

802.1X 10-9

deleting VLANs 13-9

denial-of-service attack 23-1

description command 11-24

designing your network, examples 1-20

destination addresses

in IPv4 ACLs 33-12

in IPv6 ACLs 40-5

destination-IP address-based forwarding, EtherChannel 35-8

destination-MAC address forwarding, EtherChannel 35-8

detecting indirect link failures, STP 18-5

device A-23

device discovery protocol 24-1, 25-1

device manager

benefits 1-2

described 1-2, 1-5

in-band management 1-6

upgrading a switch A-23

DHCP

Cisco IOS server database

configuring 20-13

default configuration 20-8

described 20-6

DHCP for IPv6

enabling

relay agent 20-10

DHCP-based autoconfiguration

client request message exchange 3-4

configuring

client side 3-3

DNS 3-7

relay device 3-7

server side 3-6

TFTP server 3-7

example 3-9

lease options

for IP address information 3-6

for receiving the configuration file 3-6

overview 3-3

relationship to BOOTP 3-3

relay support 1-6, 1-14

support for 1-6

DHCP-based autoconfiguration and image update

configuring 3-11 to 3-14

understanding 3-5

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP object tracking, configuring primary interface 43-10

DHCP option 82

circuit ID suboption 20-5

configuration guidelines 20-8

default configuration 20-8

displaying 20-15

forwarding address, specifying 20-10

helper address 20-10

overview 20-3

packet format, suboption

circuit ID 20-5

remote ID 20-5

remote ID suboption 20-5

DHCP server port-based address allocation

configuration guidelines 20-25

default configuration 20-25

described 20-25

displaying 20-28

enabling 20-26

reserved addresses 20-26

DHCP server port-based address assignment

support for 1-6

DHCP snooping

accepting untrusted packets form edge switch 20-3, 20-12

and private VLANs 20-13

binding database

See DHCP snooping binding database

configuration guidelines 20-8

default configuration 20-8

displaying binding tables 20-15

message exchange process 20-4

option 82 data insertion 20-3

trusted interface 20-2

untrusted interface 20-2

untrusted messages 20-2

DHCP snooping binding database

adding bindings 20-14

binding file

format 20-7

location 20-6

bindings 20-6

clearing agent statistics 20-14

configuration guidelines 20-9

configuring 20-14

default configuration 20-8

deleting

binding file 20-14

bindings 20-14

database agent 20-14

described 20-6

displaying 20-15

binding entries 20-15

status and statistics 20-15

enabling 20-14

entry 20-6

renewing database 20-14

resetting

delay value 20-14

timeout value 20-14

DHCP snooping binding table

See DHCP snooping binding database

DHCPv6

configuration guidelines 38-15

default configuration 38-15

described 38-6

enabling client function 38-17

enabling DHCPv6 server function 38-15

support for 1-14

Differentiated Services architecture, QoS 34-2

Differentiated Services Code Point 34-2

Diffusing Update Algorithm (DUAL) 37-33

directed unicast requests 1-6

directories

changing A-3

creating and removing A-4

displaying the working A-3

discovery, clusters

See automatic discovery

Distance Vector Multicast Routing Protocol

distance-vector protocols 37-3

distribute-list command 37-99

DNS

and DHCP-based autoconfiguration 3-7

default configuration 6-9

displaying the configuration 6-10

in IPv6 38-4

overview 6-8

setting up 6-9

support for 1-6

DNS-based SSM mapping 45-18, 45-20

domain names

DNS 6-8

VTP 14-8

Domain Name System

domains, ISO IGRP routing 37-63

dot1q-tunnel switchport mode 13-15

double-tagged packets

IEEE 802.1Q tunneling 16-2

Layer 2 protocol tunneling 16-10

downloadable ACL 9-19, 9-21, 9-59

downloading

configuration files

preparing A-10, A-12, A-15

reasons for A-8

using FTP A-13

using RCP A-16

using TFTP A-11

image files

deleting old image A-27

preparing A-25, A-29, A-33

reasons for A-23

using CMS 1-2

using FTP A-30

using HTTP 1-2, A-23

using RCP A-34

using TFTP A-26

using the device manager or Network Assistant A-23

drop threshold for Layer 2 protocol packets 16-11

DRP

configuring 38-13

described 38-4

IPv6 38-4

support for 1-14

DSCP 1-12, 34-2

DSCP input queue threshold map for QoS 34-17

DSCP output queue threshold map for QoS 34-19

DSCP-to-CoS map for QoS 34-71

DSCP-to-DSCP-mutation map for QoS 34-72

DSCP transparency 34-46

dual-action detection 35-5

DUAL finite state machine, EIGRP 37-34

dual IPv4 and IPv6 templates 7-2, 38-5, 38-6

dual protocol stacks

IPv4 and IPv6 38-5

SDM templates supporting 38-6

dual-purpose uplinks

defined 11-6

LEDs 11-6

link selection 11-6, 11-16

setting the type 11-16

DVMRP

autosummarization

configuring a summary address 45-57

disabling 45-59

connecting PIM domain to DVMRP router 45-50

enabling unicast routing 45-53

interoperability

with Cisco devices 45-48

with Cisco IOS software 45-8

mrinfo requests, responding to 45-52

neighbors

advertising the default route to 45-51

discovery with Probe messages 45-48

displaying information 45-52

prevent peering with nonpruning 45-55

rejecting nonpruning 45-53

overview 45-8

routes

adding a metric offset 45-59

advertising all 45-59

advertising the default route to neighbors 45-51

caching DVMRP routes learned in report messages 45-53

changing the threshold for syslog messages 45-56

deleting 45-61

displaying 45-61

favoring one over another 45-59

limiting the number injected into MBONE 45-56

limiting unicast route advertisements 45-48

routing table 45-9

source distribution tree, building 45-9

support for 1-14

tunnels

configuring 45-50

displaying neighbor information 45-52

dynamic access ports

characteristics 13-3

configuring 13-27

defined 11-3

dynamic addresses

dynamic ARP inspection

ARP cache poisoning 21-1

ARP requests, described 21-1

ARP spoofing attack 21-1

clearing

log buffer 21-15

statistics 21-15

configuration guidelines 21-5

configuring

ACLs for non-DHCP environments 21-8

in DHCP environments 21-6

log buffer 21-12

rate limit for incoming ARP packets 21-4, 21-10

default configuration 21-5

denial-of-service attacks, preventing 21-10

described 21-1

DHCP snooping binding database 21-2

displaying

ARP ACLs 21-14

configuration and operating state 21-14

log buffer 21-15

statistics 21-15

trust state and rate limit 21-14

error-disabled state for exceeding rate limit 21-4

function of 21-2

interface trust states 21-2

log buffer

clearing 21-15

configuring 21-12

displaying 21-15

logging of dropped packets, described 21-4

man-in-the middle attack, described 21-2

network security issues and interface trust states 21-2

priority of ARP ACLs and DHCP snooping entries 21-4

rate limiting of ARP packets

configuring 21-10

described 21-4

error-disabled state 21-4

statistics

clearing 21-15

displaying 21-15

validation checks, performing 21-11

dynamic auto trunking mode 13-15

dynamic desirable trunking mode 13-15

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described 13-25

reconfirming 13-28

troubleshooting 13-30

types of connections 13-27

dynamic routing 37-3

ISO CLNS 37-62

Dynamic Trunking Protocol

E

EBGP 37-41

editing features

enabling and disabling 2-6

keystrokes used 2-7

wrapped lines 2-8

EEM 3.2 32-5

EIGRP

authentication 37-38

components 37-34

configuring 37-37

default configuration 37-35

definition 37-33

interface parameters, configuring 37-38

monitoring 37-40

stub routing 37-39

ELIN location 25-3

embedded event manager

3.2 32-5

actions 32-4

configuring 32-1, 32-5

displaying information 32-7

environmental variables 32-4

event detectors 32-2

policies 32-4

registering and defining an applet 32-6

registering and defining a TCL script 32-6

understanding 32-1

enable password 8-3

enable secret password 8-3

encryption, CipherSuite 8-50

encryption for passwords 8-3

Enhanced IGRP

enhanced object tracking

backup static routing 43-11

commands 43-1

defined 43-1

DHCP primary interface 43-10

HSRP 43-7

IP routing state 43-2

IP SLAs 43-9

line-protocol state 43-2

network monitoring with IP SLAs 43-11

routing policy, configuring 43-11

static route primary interface 43-10

tracked lists 43-3

enhanced object tracking static routing 43-10

environmental variables, embedded event manager 32-4

environment variables, function of 3-20

equal-cost routing 1-14, 37-89

error-disabled state, BPDU 18-2

error messages during command entry 2-4

EtherChannel

automatic creation of 35-4, 35-6

channel groups

binding physical and logical interfaces 35-3

numbering of 35-3

configuration guidelines 35-10

configuring

Layer 2 interfaces 35-11

Layer 3 physical interfaces 35-14

Layer 3 port-channel logical interfaces 35-13

default configuration 35-10

described 35-2

displaying status 35-20

forwarding methods 35-7, 35-16

IEEE 802.3ad, described 35-6

interaction

with STP 35-10

with VLANs 35-11

LACP

described 35-6

displaying status 35-20

hot-standby ports 35-18

interaction with other features 35-7

modes 35-6

port priority 35-19

system priority 35-19

Layer 3 interface 37-3

load balancing 35-7, 35-16

logical interfaces, described 35-3

PAgP

aggregate-port learners 35-17

compatibility with Catalyst 1900 35-17

described 35-4

displaying status 35-20

interaction with other features 35-6

interaction with virtual switches 35-5

learn method and priority configuration 35-17

modes 35-5

support for 1-4

with dual-action detection 35-5

port-channel interfaces

described 35-3

numbering of 35-3

port groups 11-6

support for 1-4

EtherChannel guard

described 18-7

disabling 18-14

enabling 18-14

Ethernet VLANs

adding 13-8

defaults and ranges 13-7

modifying 13-8

EUI 38-3

event detectors, embedded event manager 32-2

events, RMON 29-3

examples

network configuration 1-20

expedite queue for QoS 34-85

Express Setup 1-2

See also getting started guide

extended crashinfo file 48-22

extended-range VLANs

configuration guidelines 13-11

configuring 13-10

creating 13-12

creating with an internal VLAN ID 13-13

defined 13-1

extended system ID

MSTP 17-17

STP 26-4, 26-14

extended universal identifier

Extensible Authentication Protocol over LAN 9-1

external BGP

external neighbors, BGP 37-46

F

fa0 interface 1-7

fallback bridging

and protected ports 47-3

bridge groups

creating 47-3

described 47-1

displaying 47-10

function of 47-2

number supported 47-4

removing 47-4

bridge table

clearing 47-10

displaying 47-10

configuration guidelines 47-3

connecting interfaces with 11-10

default configuration 47-3

described 47-1

frame forwarding

flooding packets 47-2

forwarding packets 47-2

overview 47-1

protocol, unsupported 47-3

STP

disabling on an interface 47-9

forward-delay interval 47-8

hello BPDU interval 47-7

interface priority 47-6

maximum-idle interval 47-8

path cost 47-6

VLAN-bridge spanning-tree priority 47-5

VLAN-bridge STP 47-2

support for 1-14

SVIs and routed ports 47-1

unsupported protocols 47-3

VLAN-bridge STP 26-10

Fast Convergence 19-3

features, incompatible 23-12

fiber-optic, detecting unidirectional links 27-1

files

basic crashinfo

description 48-22

location 48-22

copying A-4

crashinfo, description 48-22

deleting A-5

displaying the contents of A-7

extended crashinfo

description 48-23

location 48-23

tar

creating A-6

displaying the contents of A-6

extracting A-7

image file format A-24

file system

displaying available file systems A-2

displaying file information A-3

local file system names A-1

network file system names A-4

setting the default A-3

filtering

in a VLAN 33-30

IPv6 traffic 40-3, 40-7

non-IP traffic 33-28

show and more command output 2-9

filtering show and more command output 2-9

filters, IP

flash device, number of A-1

flexible authentication ordering

configuring 9-62

overview 9-29

Flex Link Multicast Fast Convergence 19-3

Flex Links

configuration guidelines 19-8

configuring 19-8, 19-9

configuring preferred VLAN 19-11

configuring VLAN load balancing 19-10

default configuration 19-7

description 19-1

link load balancing 19-2

monitoring 19-14

VLANs 19-2

flooded traffic, blocking 23-8

flow-based packet classification 1-12

flowcharts

QoS classification 34-7

QoS egress queueing and scheduling 34-18

QoS ingress queueing and scheduling 34-16

QoS policing and marking 34-11

flowcontrol

configuring 11-20

described 11-19

forward-delay time

MSTP 17-23

Forwarding Information Base

forwarding nonroutable protocols 47-1

FTP

configuration files

downloading A-13

overview A-12

preparing the server A-12

uploading A-14

image files

deleting old image A-31

downloading A-30

preparing the server A-29

uploading A-31

G

general query 19-5

Generating IGMP Reports 19-3

get-bulk-request operation 31-3

get-next-request operation 31-3, 31-4

get-request operation 31-3, 31-4

get-response operation 31-3

global configuration mode 2-2

global leave, IGMP 22-12

guest VLAN and 802.1x 9-22

guide mode 1-2

GUIs

See device manager and Network Assistant

H

hardware limitations and Layer 3 interfaces 11-26

hello time

MSTP 17-22

help, for the command line 2-3

HFTM space 48-23

hierarchical policy maps 34-9

configuration guidelines 34-39

configuring 34-58

described 34-12

history

changing the buffer size 2-5

described 2-5

disabling 2-6

recalling commands 2-6

history table, level and number of syslog messages 30-10

host names, in clusters 5-13

host ports

configuring 15-11

kinds of 15-2

hosts, limit on dynamic ports 13-30

Hot Standby Router Protocol

HP OpenView 1-5

HQATM space 48-23

HSRP

authentication string 41-10

automatic cluster recovery 5-12

binding to cluster group 41-12

cluster standby group considerations 5-11

command-switch redundancy 1-1, 1-7

configuring 41-4

default configuration 41-5

definition 41-1

guidelines 41-5

monitoring 41-13

object tracking 43-7

overview 41-1

priority 41-7

routing redundancy 1-13

support for ICMP redirect messages 41-12

timers 41-10

tracking 41-8

See also clusters, cluster standby group, and standby command switch

HSRP for IPv6

configuring 38-24

guidelines 38-23

HTTP over SSL

HTTPS 8-48

configuring 8-52

self-signed certificate 8-49

HTTP secure server 8-48

Hulc Forwarding TCAM Manager

Hulc QoS/ACL TCAM Manager

See HQATM space

I

IBPG 37-41

ICMP

IPv6 38-4

redirect messages 37-11

support for 1-14

time-exceeded messages 48-16

traceroute and 48-16

unreachable messages 33-20

unreachable messages and IPv6 40-4

unreachables and ACLs 33-22

ICMP Echo operation

configuring 42-12

IP SLAs 42-12

ICMP ping

executing 48-13

overview 48-13

ICMP Router Discovery Protocol

ICMPv6 38-4

IDS appliances

and ingress RSPAN 28-20

and ingress SPAN 28-13

IEEE 802.1D

IEEE 802.1p 12-1

IEEE 802.1Q

and trunk ports 11-3

configuration limitations 13-16

native VLAN for untagged traffic 13-20

tunneling

compatibility with other features 16-5

defaults 16-4

described 16-1

tunnel ports with other features 16-6

IEEE 802.1s

IEEE 802.1w

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3af

IEEE 802.3x flow control 11-19

ifIndex values, SNMP 31-5

IFS 1-6

IGMP

configurable leave timer

described 22-5

enabling 22-11

configuring the switch

as a member of a group 45-38

statically connected member 45-42

controlling access to groups 45-39

default configuration 45-38

deleting cache entries 45-61

displaying groups 45-61

fast switching 45-43

flooded multicast traffic

controlling the length of time 22-12

disabling on an interface 22-13

global leave 22-12

query solicitation 22-12

recovering from flood mode 22-12

host-query interval, modifying 45-40

joining multicast group 22-3

join messages 22-3

leave processing, enabling 22-10, 39-9

leaving multicast group 22-5

multicast reachability 45-38

overview 45-2

queries 22-4

report suppression

described 22-6

disabling 22-15, 39-11

supported versions 22-2

support for 1-4

Version 1

changing to Version 2 45-40

described 45-3

Version 2

changing to Version 1 45-40

described 45-3

maximum query response time value 45-42

pruning groups 45-42

query timeout value 45-41

IGMP filtering

configuring 22-24

default configuration 22-24

described 22-23

monitoring 22-28

support for 1-4

IGMP groups

configuring filtering 22-27

setting the maximum number 22-26

IGMP helper 1-4, 45-6

IGMP Immediate Leave

configuration guidelines 22-11

described 22-5

enabling 22-10

IGMP profile

applying 22-25

configuration mode 22-24

configuring 22-25

IGMP snooping

and address aliasing 22-2

configuring 22-6

default configuration 22-6, 39-5, 39-6

definition 22-1

enabling and disabling 22-7, 39-6

global configuration 22-7

Immediate Leave 22-5

method 22-8

monitoring 22-15, 39-11

querier

configuration guidelines 22-14

configuring 22-14

supported versions 22-2

support for 1-4

VLAN configuration 22-7

IGMP throttling

configuring 22-27

default configuration 22-24

described 22-23

displaying action 22-28

Immediate Leave, IGMP 22-5

enabling 39-9

inaccessible authentication bypass 9-23

support for multiauth ports 9-24

initial configuration

defaults 1-17

Express Setup 1-2

interface

number 11-10

range macros 11-13

interface command ?? to 11-11

interface configuration mode 2-2

interfaces

auto-MDIX, configuring 11-20

configuration guidelines

duplex and speed 11-18

configuring

procedure 11-11

counters, clearing 11-32

default configuration 11-15

described 11-24

descriptive name, adding 11-24

displaying information about 11-31

flow control 11-19

management 1-5

monitoring 11-31

naming 11-24

physical, identifying 11-10

range of 11-11

restarting 11-32

shutting down 11-32

speed and duplex, configuring 11-18

status 11-31

supported 11-10

types of 11-1

interfaces range macro command 11-13

interface types 11-10

Interior Gateway Protocol

internal BGP

internal neighbors, BGP 37-46

Internet Control Message Protocol

Internet Group Management Protocol

Internet Protocol version 6

Inter-Switch Link

inter-VLAN routing 1-14, 37-2

Intrusion Detection System

See IDS appliances

inventory management TLV 25-3, 25-7

IP ACLs

for QoS classification 34-8

implicit deny 33-10, 33-14

implicit masks 33-10

named 33-15

undefined 33-21

IP addresses

128-bit 38-2

candidate or member 5-3, 5-13

classes of 37-5

cluster access 5-2

command switch 5-3, 5-11, 5-13

default configuration 37-4

discovering 6-23

for IP routing 37-4

IPv6 38-2

MAC address association 37-8

monitoring 37-17

redundant clusters 5-11

standby command switch 5-11, 5-13

See also IP information

IP base image 1-1

IP broadcast address 37-15

ip cef distributed command 37-88

IP directed broadcasts 37-13

ip igmp profile command 22-24

IP information

assigned

manually 3-14

through DHCP-based autoconfiguration 3-3

default configuration 3-3

IP multicast routing

addresses

all-hosts 45-3

all-multicast-routers 45-3

host group address range 45-3

administratively-scoped boundaries, described 45-46

and IGMP snooping 22-1

Auto-RP

adding to an existing sparse-mode cloud 45-25

benefits of 45-25

clearing the cache 45-61

configuration guidelines 45-11

filtering incoming RP announcement messages 45-28

overview 45-6

preventing candidate RP spoofing 45-28

preventing join messages to false RPs 45-27

setting up in a new internetwork 45-25

using with BSR 45-33

bootstrap router

configuration guidelines 45-11

configuring candidate BSRs 45-31

configuring candidate RPs 45-32

defining the IP multicast boundary 45-30

defining the PIM domain border 45-29

overview 45-7

using with Auto-RP 45-33

Cisco implementation 45-1

configuring

basic multicast routing 45-11

IP multicast boundary 45-46

default configuration 45-10

enabling

multicast forwarding 45-12

PIM mode 45-12

group-to-RP mappings

Auto-RP 45-6

BSR 45-7

MBONE

deleting sdr cache entries 45-61

described 45-44

displaying sdr cache 45-62

enabling sdr listener support 45-45

limiting DVMRP routes advertised 45-56

limiting sdr cache entry lifetime 45-45

SAP packets for conference session announcement 45-45

Session Directory (sdr) tool, described 45-44

monitoring

packet rate loss 45-62

peering devices 45-62

tracing a path 45-62

multicast forwarding, described 45-7

PIMv1 and PIMv2 interoperability 45-10

protocol interaction 45-2

reverse path check (RPF) 45-7

routing table

deleting 45-61

displaying 45-61

RP

assigning manually 45-23

configuring Auto-RP 45-25

configuring PIMv2 BSR 45-29

monitoring mapping information 45-33

using Auto-RP and BSR 45-33

statistics, displaying system and network 45-61

IP phones

and QoS 12-1

automatic classification and queueing 34-21

configuring 12-4

ensuring port security with QoS 34-44

trusted boundary for QoS 34-44

IP Port Security for Static Hosts

on a Layer 2 access port 20-19

on a PVLAN host port 20-22

IP precedence 34-2

IP-precedence-to-DSCP map for QoS 34-69

IP protocols

in ACLs 33-12

routing 1-13

IP routes, monitoring 37-102

IP routing

connecting interfaces with 11-10

disabling 37-18

enabling 37-18

IP Service Level Agreements

IP service levels, analyzing 42-1

IP services image 1-1

IP SLAs

benefits 42-2

configuration guidelines 42-7

configuring object tracking 43-9

Control Protocol 42-4

default configuration 42-6

definition 42-1

ICMP echo operation 42-12

measuring network performance 42-3

monitoring 42-14

multioperations scheduling 42-5

object tracking 43-9

operation 42-3

reachability tracking 43-9

responder

described 42-4

enabling 42-8

response time 42-4

scheduling 42-5

SNMP support 42-2

supported metrics 42-2

threshold monitoring 42-6

track object monitoring agent, configuring 43-11

track state 43-9

UDP jitter operation 42-9

IP source guard

and 802.1x 20-18

and DHCP snooping 20-15

and EtherChannels 20-18

and port security 20-18

and private VLANs 20-18

and routed ports 20-17

and TCAM entries 20-18

and trunk interfaces 20-17

and VRF 20-18

binding configuration

automatic 20-15

manual 20-15

binding table 20-15

configuration guidelines 20-17

default configuration 20-17

described 20-15

disabling 20-19

displaying

active IP or MAC bindings 20-24

bindings 20-24

configuration 20-24

enabling 20-18, 20-19

filtering

source IP address 20-16

source IP and MAC address 20-16

source IP address filtering 20-16

source IP and MAC address filtering 20-16

static bindings

adding 20-18, 20-19

deleting 20-19

static hosts 20-19

IP traceroute

executing 48-17

overview 48-16

IP unicast routing

address resolution 37-8

administrative distances 37-90, 37-100

ARP 37-8

assigning IP addresses to Layer 3 interfaces 37-5

authentication keys 37-100

broadcast

address 37-15

flooding 37-16

packets 37-13

storms 37-13

classless routing 37-6

configuring static routes 37-89

default

addressing configuration 37-4

gateways 37-11

networks 37-91

routes 37-90

routing 37-2

directed broadcasts 37-13

disabling 37-18

dynamic routing 37-3

enabling 37-18

EtherChannel Layer 3 interface 37-3

inter-VLAN 37-2

IP addressing

classes 37-5

configuring 37-4

IPv6 38-3

IRDP 37-11

Layer 3 interfaces 37-3

MAC address and IP address 37-8

passive interfaces 37-98

protocols

distance-vector 37-3

dynamic 37-3

link-state 37-3

proxy ARP 37-8

redistribution 37-91

reverse address resolution 37-8

routed ports 37-3

static routing 37-3

steps to configure 37-4

subnet mask 37-5

subnet zero 37-6

supernet 37-6

with SVIs 37-3

IPv4 ACLs

applying to interfaces 33-20

extended, creating 33-10

named 33-15

standard, creating 33-9

IPv4 and IPv6

dual protocol stacks 38-5

IPv6

ACLs

displaying 40-8

limitations 40-2

matching criteria 40-3

port 40-1

precedence 40-2

router 40-1

supported 40-2

addresses 38-2

address formats 38-2

applications 38-5

assigning address 38-11

autoconfiguration 38-5

CEFv6 38-18

configuring static routes 38-19

default configuration 38-10

default router preference (DRP) 38-4

defined 38-1

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 38-7

EIGRP IPv6 Commands 38-8

Router ID 38-7

feature limitations 38-9

features not supported 38-9

forwarding 38-11

ICMP 38-4

monitoring 38-26

neighbor discovery 38-4

OSPF 38-7

path MTU discovery 38-4

SDM templates 7-2, 39-1, 40-1

Stateless Autoconfiguration 38-5

supported features 38-2

switch limitations 38-9

understanding static routes 38-6

IPv6 traffic, filtering 40-3

IRDP

configuring 37-12

definition 37-11

support for 1-14

IS-IS

addresses 37-63

area routing 37-63

default configuration 37-64

monitoring 37-72

show commands 37-72

system routing 37-63

ISL

and IPv6 38-3

and trunk ports 11-3

encapsulation 1-8

ISO CLNS

clear commands 37-72

dynamic routing protocols 37-62

monitoring 37-72

NETs 37-62

NSAPs 37-62

OSI standard 37-62

ISO IGRP

area routing 37-63

system routing 37-63

isolated port 15-2

isolated VLANs 15-2, 15-3

J

join messages, IGMP 22-3

K

KDC

described 8-39

See also Kerberos

Kerberos

authenticating to

boundary switch 8-41

KDC 8-41

network services 8-41

configuration examples 8-38

configuring 8-42

credentials 8-39

cryptographic software image 8-38

described 8-39

KDC 8-39

operation 8-41

realm 8-40

server 8-40

support for 1-11

switch as trusted third party 8-38

terms 8-39

TGT 8-40

tickets 8-39

key distribution center

L

l2protocol-tunnel command 16-12

LACP

Layer 2 protocol tunneling 16-9

See EtherChannel

Layer 2 frames, classification with CoS 34-2

Layer 2 interfaces, default configuration 11-15

Layer 2 protocol tunneling

configuring 16-9

configuring for EtherChannels 16-13

default configuration 16-10

defined 16-8

guidelines 16-11

Layer 2 traceroute

and ARP 48-15

and CDP 48-15

broadcast traffic 48-15

described 48-15

IP addresses and subnets 48-15

MAC addresses and VLANs 48-15

multicast traffic 48-15

multiple devices on a port 48-16

unicast traffic 48-15

usage guidelines 48-15

Layer 3 features 1-13

Layer 3 interfaces

assigning IP addresses to 37-5

assigning IPv4 and IPv6 addresses to 38-14

assigning IPv6 addresses to 38-11

changing from Layer 2 mode 37-5, 37-80

types of 37-3

Layer 3 packets, classification methods 34-2

LDAP 4-2

Leaking IGMP Reports 19-3

LEDs, switch

See hardware installation guide

lightweight directory access protocol

line configuration mode 2-2

Link Aggregation Control Protocol

See EtherChannel

link failure, detecting unidirectional 17-7

Link Layer Discovery Protocol

link local unicast addresses 38-3

link redundancy

links, unidirectional 27-1

link state advertisements (LSAs) 37-29

link-state protocols 37-3

link-state tracking

configuring 35-23

described 35-21

LLDP

configuring 25-4

characteristics 25-6

default configuration 25-5

enabling 25-5

monitoring and maintaining 25-10

overview 25-1

supported TLVs 25-2

switch stack considerations 25-2

transmission timer and holdtime, setting 25-6

LLDP-MED

configuring

procedures 25-4

TLVs 25-7

monitoring and maintaining 25-10

overview 25-1, 25-2

supported TLVs 25-2

LLDP Media Endpoint Discovery

load balancing 41-4

local SPAN 28-2

location TLV 25-3, 25-7

logging messages, ACL 33-8

login authentication

with RADIUS 8-28

with TACACS+ 8-14

login banners 6-10

log messages

See system message logging

Long-Reach Ethernet (LRE) technology 1-21

loop guard

described 18-9

enabling 18-15

support for 1-8

LRE profiles, considerations in switch clusters 5-14

M

MAB

See MAC authentication bypass

MAB aging timer 1-9

MAB inactivity timer

default setting 9-34

range 9-36

MAC/PHY configuration status TLV 25-2

MAC addresses

aging time 6-14

and VLAN association 6-13

building the address table 6-13

default configuration 6-14

disabling learning on a VLAN 6-22

discovering 6-23

displaying 6-23

displaying in the IP source binding table 20-24

dynamic

learning 6-13

removing 6-15

in ACLs 33-28

IP address association 37-8

static

adding 6-20

allowing 6-21, 6-22

characteristics of 6-19

dropping 6-21

removing 6-20

MAC address learning 1-6

MAC address learning, disabling on a VLAN 6-22

MAC address notification, support for 1-15

MAC address-table move update

configuration guidelines 19-8

configuring 19-12

default configuration 19-8

description 19-6

monitoring 19-14

MAC address-to-VLAN mapping 13-25

MAC authentication bypass 9-36

configuring 9-55

overview 9-16

MAC extended access lists

applying to Layer 2 interfaces 33-29

configuring for QoS 34-51

creating 33-28

defined 33-28

for QoS classification 34-5

magic packet 9-26

manageability features 1-6

management access

in-band

browser session 1-6

CLI session 1-7

device manager 1-6

SNMP 1-7

out-of-band console port connection 1-7

management address TLV 25-2

management options

CLI 2-1

clustering 1-3

CNS 4-1

Network Assistant 1-2

overview 1-5

management VLAN

considerations in switch clusters 5-7

discovery through different management VLANs 5-7

mapping tables for QoS

configuring

CoS-to-DSCP 34-68

DSCP 34-68

DSCP-to-CoS 34-71

DSCP-to-DSCP-mutation 34-72

IP-precedence-to-DSCP 34-69

policed-DSCP 34-70

described 34-13

marking

action with aggregate policers 34-66

described 34-4, 34-9

matching

IPv6 ACLs 40-3

matching, IPv4 ACLs 33-7

maximum aging time

MSTP 17-23

maximum hop count, MSTP 17-24

maximum number of allowed devices, port-based authentication 9-36

maximum-paths command 37-50, 37-89

MDA

configuration guidelines 9-12 to 9-13

described 1-10, 9-12

exceptions with authentication process 9-5

membership mode, VLAN port 13-3

member switch

automatic discovery 5-4

defined 5-2

managing 5-15

passwords 5-13

recovering from lost connectivity 48-11

requirements 5-3

See also candidate switch, cluster standby group, and standby command switch

memory consistency check errors

example 48-24

memory consistency check routines 1-5, 48-23

memory consistency integrity 1-5, 48-23

messages, to users through banners 6-10

metrics, in BGP 37-50

metric translations, between routing protocols 37-94

metro tags 16-2

MHSRP 41-4

MIBs

overview 31-1

SNMP interaction with 31-4

mirroring traffic for analysis 28-1

mismatches, autonegotiation 48-11

module number 11-10

monitoring

access groups 33-43

cables for unidirectional links 27-1

CDP 24-5

EIGRP 37-40

fallback bridging 47-10

features 1-15

Flex Links 19-14

HSRP 41-13

IEEE 802.1Q tunneling 16-17

IGMP

filters 22-28

snooping 22-15, 39-11

interfaces 11-31

IP

address tables 37-17

multicast routing 45-60

routes 37-102

IP SLAs operations 42-14

IPv4 ACL configuration 33-43

IPv6 38-26

IPv6 ACL configuration 40-8

IS-IS 37-72

ISO CLNS 37-72

Layer 2 protocol tunneling 16-17

MAC address-table move update 19-14

MSDP peers 46-18

multicast router interfaces 22-16, 39-11

multi-VRF CE 37-87

network traffic for analysis with probe 28-2

object tracking 43-12

OSPF 37-33

port

blocking 23-21

protection 23-21

private VLANs 15-14

RP mapping information 45-33

SFP status 11-31, 48-13

source-active messages 46-18

speed and duplex mode 11-19

SSM mapping 45-21

traffic flowing among switches 29-1

traffic suppression 23-20

tunneling 16-17

VLAN

filters 33-44

maps 33-44

VLANs 13-14

VMPS 13-29

mrouter Port 19-3

mrouter port 19-5

MSDP

benefits of 46-3

clearing MSDP connections and statistics 46-18

controlling source information

forwarded by switch 46-11

originated by switch 46-8

received by switch 46-13

default configuration 46-4

dense-mode regions

sending SA messages to 46-16

specifying the originating address 46-17

filtering

incoming SA messages 46-14

SA messages to a peer 46-12

SA requests from a peer 46-10

join latency, defined 46-6

meshed groups

configuring 46-15

defined 46-15

originating address, changing 46-17

overview 46-1

peer-RPF flooding 46-2

peers

configuring a default 46-4

monitoring 46-18

peering relationship, overview 46-1

requesting source information from 46-8

shutting down 46-15

source-active messages

caching 46-6

clearing cache entries 46-18

defined 46-2

filtering from a peer 46-10

filtering incoming 46-14

filtering to a peer 46-12

limiting data with TTL 46-13

monitoring 46-18

restricting advertised sources 46-9

support for 1-14

MSTP

boundary ports

configuration guidelines 17-15

described 17-6

BPDU filtering

described 18-3

enabling 18-12

BPDU guard

described 18-2

enabling 18-11

CIST, described 17-3

CIST regional root 17-3

CIST root 17-5

configuration guidelines 17-14, 18-10

configuring

forward-delay time 17-23

hello time 17-22

link type for rapid convergence 17-24

maximum aging time 17-23

maximum hop count 17-24

MST region 17-15

neighbor type 17-25

path cost 17-20

port priority 17-19

root switch 17-17

secondary root switch 17-18

switch priority 17-21

CST

defined 17-3

operations between regions 17-3

default configuration 17-14

default optional feature configuration 18-9

displaying status 17-26

enabling the mode 17-15

EtherChannel guard

described 18-7

enabling 18-14

extended system ID

effects on root switch 17-17

effects on secondary root switch 17-18

unexpected behavior 17-17

IEEE 802.1s

implementation 17-6

port role naming change 17-6

terminology 17-5

instances supported 26-9

interface state, blocking to forwarding 18-2

interoperability and compatibility among modes 26-10

interoperability with IEEE 802.1D

described 17-8

restarting migration process 17-25

IST

defined 17-2

master 17-3

operations within a region 17-3

loop guard

described 18-9

enabling 18-15

mapping VLANs to MST instance 17-16

MST region

CIST 17-3

configuring 17-15

described 17-2

hop-count mechanism 17-5

IST 17-2

supported spanning-tree instances 17-2

optional features supported 1-8

overview 17-2

Port Fast

described 18-2

enabling 18-10

preventing root switch selection 18-8

root guard

described 18-8

enabling 18-15

root switch

configuring 17-17

effects of extended system ID 17-17

unexpected behavior 17-17

shutdown Port Fast-enabled port 18-2

status, displaying 17-26

multiauth

support for inaccessible authentication bypass 9-24

multiauth mode

See multiple-authentication mode

multicast groups

Immediate Leave 22-5

joining 22-3

leaving 22-5

static joins 22-10, 39-7

multicast packets

ACLs on 33-42

blocking 23-8

multicast router interfaces, monitoring 22-16, 39-11

multicast router ports, adding 22-9, 39-8

Multicast Source Discovery Protocol

multicast storm 23-1

multicast storm-control command 23-4

multicast television application 22-17

multicast VLAN 22-17

Multicast VLAN Registration

multidomain authentication

multioperations scheduling, IP SLAs 42-5

multiple authentication 9-13

multiple authentication mode

configuring 9-42

Multiple HSRP

multiple VPN routing/forwarding in customer edge devices

See multi-VRF CE

multi-VRF CE

configuration example 37-83

configuration guidelines 37-75

configuring 37-75

default configuration 37-75

defined 37-73

displaying 37-87

monitoring 37-87

network components 37-75

packet-forwarding process 37-74

support for 1-14

MVR

and address aliasing 22-19

and IGMPv3 22-20

configuration guidelines 22-19

configuring interfaces 22-21

default configuration 22-19

described 22-17

example application 22-17

modes 22-20

monitoring 22-22

multicast television application 22-17

setting global parameters 22-20

support for 1-4

N

NAC

AAA down policy 1-11

critical authentication 9-23, 9-52

IEEE 802.1x authentication using a RADIUS server 9-57

IEEE 802.1x validation using RADIUS server 9-57

inaccessible authentication bypass 1-11, 9-52

Layer 2 IEEE 802.1x validation 1-11, 9-28, 9-57

Layer 2 IP validation 1-11

named IPv4 ACLs 33-15

NameSpace Mapper

native VLAN

and IEEE 802.1Q tunneling 16-4

configuring 13-20

default 13-20

NEAT

configuring 9-58

overview 9-30

neighbor discovery, IPv6 38-4

neighbor discovery/recovery, EIGRP 37-34

neighbors, BGP 37-56

Network Admission Control

Network Assistant

benefits 1-2

described 1-5

downloading image files 1-2

guide mode 1-2

management options 1-2

upgrading a switch A-23

wizards 1-2

network configuration examples

increasing network performance 1-20

large network 1-24

long-distance, high-bandwidth transport 1-26

providing network services 1-20

server aggregation and Linux server cluster 1-22

small to medium-sized network 1-23

network design

performance 1-20

services 1-20

Network Edge Access Topology

network management

CDP 24-1

RMON 29-1

SNMP 31-1

network performance, measuring with IP SLAs 42-3

network policy TLV 25-2, 25-7

Network Time Protocol

no commands 2-4

nonhierarchical policy maps

configuration guidelines 34-39

described 34-10

non-IP traffic filtering 33-28

nontrunking mode 13-15

normal-range VLANs 13-4

configuration guidelines 13-6

configuring 13-4

defined 13-1

no switchport command 11-4

not-so-stubby areas

NSAPs, as ISO IGRP addresses 37-63

NSF Awareness

IS-IS 37-65

NSM 4-3

NSSA, OSPF 37-29

NTP

associations

defined 6-2

overview 6-2

stratum 6-2

support for 1-6

time

services 6-2

synchronizing 6-2

O

object tracking

HSRP 43-7

IP SLAs 43-9

IP SLAs, configuring 43-9

monitoring 43-12

off mode, VTP 14-3

online diagnostics

overview 49-1

running tests 49-3

understanding 49-1

open1x

configuring 9-63

open1x authentication

overview 9-29

Open Shortest Path First

optimizing system resources 7-1

options, management 1-5

OSPF

area parameters, configuring 37-29

configuring 37-27

default configuration

metrics 37-30

route 37-30

settings 37-25

described 37-24

for IPv6 38-7

interface parameters, configuring 37-28

LSA group pacing 37-32

monitoring 37-33

router IDs 37-32

route summarization 37-30

support for 1-13

virtual links 37-30

out-of-profile markdown 1-13

P

packet modification, with QoS 34-20

PAgP

Layer 2 protocol tunneling 16-9

See EtherChannel

parallel paths, in routing tables 37-89

passive interfaces

configuring 37-98

OSPF 37-31

passwords

default configuration 8-2

disabling recovery of 8-5

encrypting 8-3

for security 1-9

in clusters 5-13

overview 8-1

recovery of 48-3

setting

enable 8-3

enable secret 8-3

Telnet 8-6

with usernames 8-6

VTP domain 14-8

path cost

MSTP 17-20

path MTU discovery 38-4

PBR

defined 37-95

enabling 37-96

fast-switched policy-based routing 37-98

local policy-based routing 37-98

PC (passive command switch) 5-10

peers, BGP 37-56

percentage thresholds in tracked lists 43-6

performance, network design 1-20

performance features 1-4

persistent self-signed certificate 8-49

per-user ACLs and Filter-Ids 9-8

per-VLAN spanning-tree plus

PE to CE routing, configuring 37-82

physical ports 11-2

PIM

default configuration 45-10

dense mode

overview 45-4

rendezvous point (RP), described 45-4

RPF lookups 45-8

displaying neighbors 45-62

enabling a mode 45-12

overview 45-3

router-query message interval, modifying 45-36

shared tree and source tree, overview 45-34

shortest path tree, delaying the use of 45-35

sparse mode

join messages and shared tree 45-4

overview 45-4

prune messages 45-5

RPF lookups 45-8

stub routing

configuration guidelines 45-22

displaying 45-61

enabling 45-22

overview 45-5

support for 1-14

versions

interoperability 45-10

troubleshooting interoperability problems 45-34

v2 improvements 45-4

PIM-DVMRP, as snooping method 22-8

ping

character output description 48-14

executing 48-13

overview 48-13

PoE

auto mode 11-8

CDP with power consumption, described 11-7

CDP with power negotiation, described 11-7

Cisco intelligent power management 11-7

configuring 11-21

devices supported 11-6

high-power devices operating in low-power mode 11-7

IEEE power classification levels 11-7

power budgeting 11-23

power consumption 11-23

powered-device detection and initial power allocation 11-7

power management modes 11-8

power negotiation extensions to CDP 11-7

standards supported 11-7

static mode 11-9

troubleshooting 48-11

policed-DSCP map for QoS 34-70

policers

configuring

for each matched traffic class 34-54

for more than one traffic class 34-66

described 34-4

displaying 34-86

number of 34-40

types of 34-10

policing

described 34-4

hierarchical

See hierarchical policy maps

token-bucket algorithm 34-10

policy-based routing

policy maps for QoS

characteristics of 34-54

described 34-8

displaying 34-87

hierarchical 34-9

hierarchical on SVIs

configuration guidelines 34-39

configuring 34-58

described 34-12

nonhierarchical on physical ports

configuration guidelines 34-39

described 34-10

port ACLs

defined 33-2

types of 33-3

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting 9-15

authentication server

defined 9-3, 10-2

RADIUS server 9-3

client, defined 9-3, 10-2

configuration guidelines 9-34, 10-9

configuring

802.1x authentication 9-40

guest VLAN 9-49

host mode 9-42

inaccessible authentication bypass 9-52

manual re-authentication of a client 9-44

periodic re-authentication 9-43

quiet period 9-45

RADIUS server 9-42, 10-13

RADIUS server parameters on the switch 9-41, 10-11

restricted VLAN 9-50

switch-to-client frame-retransmission number 9-46, 9-47

switch-to-client retransmission time 9-45

violation modes 9-39

default configuration 9-33, 10-9

described 9-1

device roles 9-3, 10-2

displaying statistics 9-64, 10-17

downloadable ACLs and redirect URLs

configuring 9-59 to 9-61, ?? to 9-62

overview 9-19 to 9-21

EAPOL-start frame 9-5

EAP-request/identity frame 9-5

EAP-response/identity frame 9-5

enabling

802.1X authentication 10-11

encapsulation 9-3

flexible authentication ordering

configuring 9-62

overview 9-29

guest VLAN

configuration guidelines 9-22, 9-23

described 9-22

host mode 9-11

inaccessible authentication bypass

configuring 9-52

described 9-23

guidelines 9-36

initiation and message exchange 9-5

magic packet 9-26

maximum number of allowed devices per port 9-36

method lists 9-40

multiple authentication 9-13

per-user ACLs

AAA authorization 9-40

configuration tasks 9-19

described 9-18

RADIUS server attributes 9-18

ports

authorization state and dot1x port-control command 9-10

authorized and unauthorized 9-10

voice VLAN 9-25

port security

described 9-26

readiness check

configuring 9-37

described 9-16, 9-37

resetting to default values 9-64

statistics, displaying 9-64

switch

as proxy 9-3, 10-2

RADIUS client 9-3

switch supplicant

configuring 9-58

overview 9-30

upgrading from a previous release 34-34

user distribution

guidelines 9-28

overview 9-28

VLAN assignment

AAA authorization 9-40

characteristics 9-17

configuration tasks 9-18

described 9-17

voice aware 802.1x security

configuring 9-38

described 9-30, 9-38

voice VLAN

described 9-25

PVID 9-25

VVID 9-25

wake-on-LAN, described 9-26

with ACLs and RADIUS Filter-Id attribute 9-31

port-based authentication methods, supported 9-7

port blocking 1-4, 23-7

port-channel

See EtherChannel

port description TLV 25-2

Port Fast

described 18-2

enabling 18-10

mode, spanning tree 13-26

support for 1-8

port membership modes, VLAN 13-3

port priority

MSTP 17-19

ports

access 11-3

blocking 23-7

dual-purpose uplink 11-6

dynamic access 13-3

IEEE 802.1Q tunnel 13-4

protected 23-6

routed 11-4

secure 23-8

static-access 13-3, 13-9

switch 11-2

trunks 13-3, 13-14

VLAN assignments 13-9

port security

aging 23-17

and private VLANs 23-18

and QoS trusted boundary 34-44

configuring 23-13

default configuration 23-11

described 23-8

displaying 23-21

enabling 23-18

on trunk ports 23-14

sticky learning 23-9

violations 23-10

with other features 23-11

port-shutdown response, VMPS 13-25

port VLAN ID TLV 25-2

power management TLV 25-2, 25-7

Power over Ethernet

preemption, default configuration 19-7

preemption delay, default configuration 19-8

preferential treatment of traffic

prefix lists, BGP 37-54

preventing unauthorized access 8-1

primary interface for object tracking, DHCP, configuring 43-10

primary interface for static routing, configuring 43-10

primary links 19-1

primary VLANs 15-1, 15-3

priority

HSRP 41-7

overriding CoS 12-6

trusting CoS 12-6

private VLAN edge ports

See protected ports

private VLANs

across multiple switches 15-4

and SDM template 15-4

and SVIs 15-5

benefits of 15-1

community ports 15-2

community VLANs 15-2, 15-3

configuration guidelines 15-6, 15-8

configuration tasks 15-6

configuring 15-9

default configuration 15-6

end station access to 15-3

IP addressing 15-3

isolated port 15-2

isolated VLANs 15-2, 15-3

mapping 15-13

monitoring 15-14

ports

community 15-2

configuration guidelines 15-8

configuring host ports 15-11

configuring promiscuous ports 15-12

described 13-4

isolated 15-2

promiscuous 15-2

primary VLANs 15-1, 15-3

promiscuous ports 15-2

secondary VLANs 15-2

subdomains 15-1

traffic in 15-5

privileged EXEC mode 2-2

privilege levels

changing the default for lines 8-9

command switch 5-15

exiting 8-9

logging into 8-9

mapping on member switches 5-15

overview 8-2, 8-7

setting a command with 8-8

promiscuous ports

configuring 15-12

defined 15-2

protected ports 1-9, 23-6

protocol-dependent modules, EIGRP 37-34

Protocol-Independent Multicast Protocol

protocol storm protection 23-19

provider edge devices 37-73

proxy ARP

configuring 37-10

definition 37-8

with IP routing disabled 37-11

proxy reports 19-3

pruning, VTP

disabling

in VTP domain 14-14

on a port 13-20

enabling

in VTP domain 14-14

on a port 13-19

examples 14-6

overview 14-5

pruning-eligible list

changing 13-19

for VTP pruning 14-5

VLANs 14-14

PVST+

described 26-9

IEEE 802.1Q trunking interoperability 26-10

instances supported 26-9

Q

QoS

and MQC commands 34-1

auto-QoS

categorizing traffic 34-22

configuration and defaults display 34-36

configuration guidelines 34-33

described 34-21

disabling 34-35

displaying generated commands 34-35

displaying the initial configuration 34-36

effects on running configuration 34-33

list of generated commands 34-24, 34-28

basic model 34-4

classification

class maps, described 34-8

defined 34-4

DSCP transparency, described 34-46

flowchart 34-7

forwarding treatment 34-3

in frames and packets 34-3

IP ACLs, described 34-6, 34-8

MAC ACLs, described 34-5, 34-8

options for IP traffic 34-6

options for non-IP traffic 34-5

policy maps, described 34-8

trust DSCP, described 34-5

trusted CoS, described 34-5

trust IP precedence, described 34-5

class maps

configuring 34-52

displaying 34-86

configuration guidelines

auto-QoS 34-33

standard QoS 34-39

configuring

aggregate policers 34-66

auto-QoS 34-21

default port CoS value 34-44

DSCP maps 34-68

DSCP transparency 34-46

DSCP trust states bordering another domain 34-46

egress queue characteristics 34-78

ingress queue characteristics 34-74

IP extended ACLs 34-50

IP standard ACLs 34-49

MAC ACLs 34-51

policy maps, hierarchical 34-58

port trust states within the domain 34-42

trusted boundary 34-44

default auto configuration 34-22

default standard configuration 34-37

displaying statistics 34-86

DSCP transparency 34-46

egress queues

allocating buffer space 34-79

buffer allocation scheme, described 34-18

configuring shaped weights for SRR 34-83

configuring shared weights for SRR 34-84

described 34-4

displaying the threshold map 34-82

flowchart 34-18

mapping DSCP or CoS values 34-81

scheduling, described 34-4

setting WTD thresholds 34-79

WTD, described 34-19

enabling globally 34-41

flowcharts

classification 34-7

egress queueing and scheduling 34-18

ingress queueing and scheduling 34-16

policing and marking 34-11

implicit deny 34-8

ingress queues

allocating bandwidth 34-76

allocating buffer space 34-76

buffer and bandwidth allocation, described 34-17

configuring shared weights for SRR 34-76

configuring the priority queue 34-77

described 34-4

displaying the threshold map 34-75

flowchart 34-16

mapping DSCP or CoS values 34-74

priority queue, described 34-17

scheduling, described 34-4

setting WTD thresholds 34-74

WTD, described 34-17

IP phones

automatic classification and queueing 34-21

detection and trusted settings 34-21, 34-44

limiting bandwidth on egress interface 34-85

mapping tables

CoS-to-DSCP 34-68

displaying 34-86

DSCP-to-CoS 34-71

DSCP-to-DSCP-mutation 34-72

IP-precedence-to-DSCP 34-69

policed-DSCP 34-70

types of 34-13

marked-down actions 34-56, 34-62

marking, described 34-4, 34-9

overview 34-1

packet modification 34-20

policers

configuring 34-56, 34-62, 34-66

described 34-9

displaying 34-86

number of 34-40

types of 34-10

policies, attaching to an interface 34-9

policing

described 34-4, 34-9

token bucket algorithm 34-10

policy maps

characteristics of 34-54

displaying 34-87

hierarchical 34-9

hierarchical on SVIs 34-58

nonhierarchical on physical ports 34-54

QoS label, defined 34-4

queues

configuring egress characteristics 34-78

configuring ingress characteristics 34-74

high priority (expedite) 34-20, 34-85

location of 34-14

SRR, described 34-15

WTD, described 34-14

rewrites 34-20

support for 1-12

trust states

bordering another domain 34-46

described 34-5

trusted device 34-44

within the domain 34-42

quality of service

queries, IGMP 22-4

query solicitation, IGMP 22-12

R

RADIUS

attributes

vendor-proprietary 8-36

vendor-specific 8-34

configuring

accounting 8-33

authentication 8-28

authorization 8-32

communication, global 8-26, 8-34

communication, per-server 8-26

multiple UDP ports 8-26

default configuration 8-25

defining AAA server groups 8-30

displaying the configuration 8-38

identifying the server 8-26

in clusters 5-14

limiting the services to the user 8-32

method list, defined 8-25

operation of 8-19

overview 8-18

server load balancing 8-38

suggested network environments 8-18

support for 1-11

tracking services accessed by user 8-33

RADIUS Change of Authorization 8-20

range

macro 11-13

of interfaces 11-12

rapid convergence 17-9

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described 26-9

IEEE 802.1Q trunking interoperability 26-10

instances supported 26-9

Rapid Spanning Tree Protocol

RARP 37-8

rcommand command 5-15

RCP

configuration files

downloading A-16

overview A-15

preparing the server A-15

uploading A-17

image files

deleting old image A-36

downloading A-34

preparing the server A-33

uploading A-36

reachability, tracking IP SLAs IP host 43-9

readiness check

port-based authentication

configuring 9-37

described 9-16, 9-37

reconfirmation interval, VMPS, changing 13-28

reconfirming dynamic VLAN membership 13-28

recovery procedures 48-1

redirect URL 9-19, 9-20, 9-59

redundancy

EtherChannel 35-3

HSRP 41-1

STP

backbone 26-8

path cost 13-23

port priority 13-21

redundant links and UplinkFast 18-13

redundant power system

See Cisco Redundant Power System 2300

reliable transport protocol, EIGRP 37-34

reloading software 3-21

Remote Authentication Dial-In User Service

Remote Copy Protocol

Remote Network Monitoring

Remote SPAN

remote SPAN 28-2

report suppression, IGMP

described 22-6

disabling 22-15, 39-11

resequencing ACL entries 33-15

reserved addresses in DHCP pools 20-26

resets, in BGP 37-49

resetting a UDLD-shutdown interface 27-6

responder, IP SLAs

described 42-4

enabling 42-8

response time, measuring with IP SLAs 42-4

restricted VLAN

configuring 9-50

described 9-23

using with IEEE 802.1x 9-23

restricting access

overview 8-1

passwords and privilege levels 8-2

RADIUS 8-17

TACACS+ 8-10

retry count, VMPS, changing 13-29

reverse address resolution 37-8

Reverse Address Resolution Protocol

RFC

1058, RIP 37-18

1112, IP multicast and IGMP 22-2

1157, SNMPv1 31-2

1163, BGP 37-41

1166, IP addresses 37-5

1253, OSPF 37-24

1267, BGP 37-41

1305, NTP 6-2

1587, NSSAs 37-24

1757, RMON 29-2

1771, BGP 37-41

1901, SNMPv2C 31-2

1902 to 1907, SNMPv2 31-2

2236, IP multicast and IGMP 22-2

2273-2275, SNMPv3 31-2

RFC 5176 Compliance 8-21

RIP

advertisements 37-19

authentication 37-21

configuring 37-20

default configuration 37-19

described 37-19

for IPv6 38-7

hop counts 37-19

split horizon 37-22

summary addresses 37-22

support for 1-13

RMON

default configuration 29-3

displaying status 29-6

enabling alarms and events 29-3

groups supported 29-2

overview 29-1

statistics

collecting group Ethernet 29-5

collecting group history 29-5

support for 1-15

root guard

described 18-8

enabling 18-15

support for 1-8

root switch

MSTP 17-17

route calculation timers, OSPF 37-31

route dampening, BGP 37-60

routed packets, ACLs on 33-42

routed ports

configuring 37-3

defined 11-4

in switch clusters 5-8

IP addresses on 11-26, 37-4

route-map command 37-97

route maps

policy-based routing 37-95

router ACLs

defined 33-2

types of 33-4

route reflectors, BGP 37-59

router ID, OSPF 37-32

route selection, BGP 37-50

route summarization, OSPF 37-30

route targets, VPN 37-75

routing

default 37-2

dynamic 37-3

redistribution of information 37-91

static 37-3

routing domain confederation, BGP 37-59

Routing Information Protocol

routing protocol administrative distances 37-90

RPS

See Cisco Redundant Power System 2300

RPS 2300

See Cisco Redundant Power System 2300

RSPAN

characteristics 28-8

configuration guidelines 28-15

default configuration 28-9

defined 28-2

destination ports 28-7

displaying status 28-22

interaction with other features 28-8

monitored ports 28-5

monitoring ports 28-7

overview 1-15, 28-1

received traffic 28-4

sessions

creating 28-16

defined 28-3

limiting source traffic to specific VLANs 28-21

specifying monitored ports 28-16

with ingress traffic enabled 28-20

source ports 28-5

transmitted traffic 28-5

VLAN-based 28-6

RSTP

active topology 17-9

BPDU

format 17-12

processing 17-12

designated port, defined 17-9

designated switch, defined 17-9

interoperability with IEEE 802.1D

described 17-8

restarting migration process 17-25

topology changes 17-13

overview 17-8

port roles

described 17-9

synchronized 17-11

proposal-agreement handshake process 17-10

rapid convergence

described 17-9

edge ports and Port Fast 17-9

point-to-point links 17-10, 17-24

root ports 17-10

root port, defined 17-9

running configuration

replacing A-18, A-19

rolling back A-18, A-20

running configuration, saving 3-15

S

SC (standby command switch) 5-10

scheduled reloads 3-21

scheduling, IP SLAs operations 42-5

SCP

and SSH 8-54

configuring 8-55

SDM

templates

configuring 7-4

number of 7-1

SDM template 40-3

configuration guidelines 7-3

configuring 7-3

dual IPv4 and IPv6 7-2

types of 7-1

secondary VLANs 15-2

Secure Copy Protocol

secure HTTP client

configuring 8-53

displaying 8-54

secure HTTP server

configuring 8-52

displaying 8-54

secure MAC addresses

deleting 23-16

maximum number of 23-10

types of 23-9

secure ports, configuring 23-8

secure remote connections 8-44

Secure Socket Layer

security, port 23-8

security features 1-9

sequence numbers in log messages 30-8

server mode, VTP 14-3

service-provider network, MSTP and RSTP 17-1

service-provider networks

and customer VLANs 16-2

and IEEE 802.1Q tunneling 16-1

Layer 2 protocols across 16-8

Layer 2 protocol tunneling for EtherChannels 16-9

set-request operation 31-4

setup program

failed command switch replacement 48-9

replacing failed command switch 48-8

severity levels, defining in system messages 30-8

SFPs

monitoring status of 11-31, 48-13

security and identification 48-12

status, displaying 48-13

shaped round robin

show access-lists hw-summary command 33-22

show and more command output, filtering 2-9

show cdp traffic command 24-5

show cluster members command 5-15

show configuration command 11-24

show forward command 48-20

show interfaces command 11-19, 11-24

show interfaces switchport 19-4

show l2protocol command 16-13, 16-15

show lldp traffic command 25-11

show platform forward command 48-20

show platform tcam command 48-23

show running-config command

displaying ACLs 33-20, 33-21, 33-32, 33-35

interface description in 11-24

shutdown command on interfaces 11-32

shutdown threshold for Layer 2 protocol packets 16-11

Simple Network Management Protocol

small-frame arrival rate, configuring 23-5

smart logging 30-1, 30-13

SNAP 24-1

SNMP

accessing MIB variables with 31-4

agent

described 31-4

disabling 31-7

and IP SLAs 42-2

authentication level 31-10

community strings

configuring 31-8

for cluster switches 31-4

overview 31-4

configuration examples 31-17

default configuration 31-6

engine ID 31-7

groups 31-7, 31-9

host 31-7

ifIndex values 31-5

in-band management 1-7

in clusters 5-14

informs

and trap keyword 31-12

described 31-5

differences from traps 31-5

disabling 31-15

enabling 31-15

limiting access by TFTP servers 31-16

limiting system log messages to NMS 30-10

manager functions 1-5, 31-3

managing clusters with 5-15

notifications 31-5

overview 31-1, 31-4

security levels 31-2

setting CPU threshold notification 31-15

status, displaying 31-18

system contact and location 31-16

trap manager, configuring 31-13

traps

described 31-3, 31-5

differences from informs 31-5

disabling 31-15

enabling 31-12

enabling MAC address notification 6-15, 6-17, 6-18

overview 31-1, 31-4

types of 31-12

users 31-7, 31-9

versions supported 31-2

SNMP and Syslog Over IPv6 38-8

SNMPv1 31-2

SNMPv2C 31-2

SNMPv3 31-2

snooping, IGMP 22-1

software images

location in flash A-24

recovery procedures 48-2

scheduling reloads 3-21

tar file format, described A-24

See also downloading and uploading

source addresses

in IPv4 ACLs 33-12

in IPv6 ACLs 40-5

source-and-destination-IP address based forwarding, EtherChannel 35-8

source-and-destination MAC address forwarding, EtherChannel 35-8

source-IP address based forwarding, EtherChannel 35-8

source-MAC address forwarding, EtherChannel 35-7

Source-specific multicast

SPAN

configuration guidelines 28-10

default configuration 28-9

destination ports 28-7

displaying status 28-22

interaction with other features 28-8

monitored ports 28-5

monitoring ports 28-7

overview 1-15, 28-1

ports, restrictions 23-12

received traffic 28-4

sessions

configuring ingress forwarding 28-14, 28-21

creating 28-11

defined 28-3

limiting source traffic to specific VLANs 28-14

removing destination (monitoring) ports 28-12

specifying monitored ports 28-11

with ingress traffic enabled 28-13

source ports 28-5

transmitted traffic 28-5

VLAN-based 28-6

spanning tree and native VLANs 13-16

Spanning Tree Protocol

SPAN traffic 28-4

split horizon, RIP 37-22

SRR

configuring

shaped weights on egress queues 34-83

shared weights on egress queues 34-84

shared weights on ingress queues 34-76

described 34-15

shaped mode 34-15

shared mode 34-15

support for 1-13

SSH

configuring 8-45

cryptographic software image 8-43

described 1-7, 8-44

encryption methods 8-44

user authentication methods, supported 8-44

SSL

configuration guidelines 8-50

configuring a secure HTTP client 8-53

configuring a secure HTTP server 8-52

cryptographic software image 8-48

described 8-48

monitoring 8-54

SSM

address management restrictions 45-15

CGMP limitations 45-15

components 45-13

configuration guidelines 45-15

configuring 45-13, 45-16

differs from Internet standard multicast 45-13

IGMP snooping 45-15

IGMPv3 45-13

IGMPv3 Host Signalling 45-14

IP address range 45-14

monitoring 45-16

operations 45-14

state maintenance limitations 45-15

SSM mapping 45-16

configuration guidelines 45-17

configuring 45-16, 45-19

DNS-based 45-18, 45-20

monitoring 45-21

overview 45-17

restrictions 45-17

static 45-18, 45-19

static traffic forwarding 45-21

stacks, switch

MSTP instances supported 26-9

standby command switch

considerations 5-11

defined 5-2

priority 5-10

requirements 5-3

virtual IP address 5-11

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

standby ip command 41-6

standby links 19-1

standby router 41-2

standby timers, HSRP 41-10

startup configuration

booting

manually 3-18

specific image 3-19

clearing A-18

configuration file

automatically downloading 3-17

specifying the filename 3-17

static access ports

assigning to VLAN 13-9

defined 11-3, 13-3

static addresses

static IP routing 1-14

static MAC addressing 1-9

static route primary interface,configuring 43-10

static routes

configuring 37-89

configuring for IPv6 38-19

understanding 38-6

static routing 37-3

static routing support, enhanced object tracking 43-10

static SSM mapping 45-18, 45-19

static traffic forwarding 45-21

static VLAN membership 13-2

statistics

802.1X 10-17

802.1x 9-64

CDP 24-5

interface 11-31

IP multicast routing 45-61

LLDP 25-10

LLDP-MED 25-10

NMSP 25-10

OSPF 37-33

QoS ingress and egress 34-86

RMON group Ethernet 29-5

RMON group history 29-5

SNMP input and output 31-18

sticky learning 23-9

storm control

configuring 23-3

described 23-1

disabling 23-5

displaying 23-21

support for 1-4

thresholds 23-1

STP

accelerating root port selection 18-4

BackboneFast

described 18-5

disabling 18-14

enabling 18-13

BPDU filtering

described 18-3

disabling 18-12

enabling 18-12

BPDU guard

described 18-2

disabling 18-12

enabling 18-11

BPDU message exchange 26-3

configuration guidelines 18-10, 26-12

configuring

forward-delay time 26-21

hello time 26-20

maximum aging time 26-21

path cost 26-18

port priority 26-17

root switch 26-14

secondary root switch 26-16

spanning-tree mode 26-13

switch priority 26-19

transmit hold-count 26-22

counters, clearing 26-22

default configuration 26-11

default optional feature configuration 18-9

designated port, defined 26-3

designated switch, defined 26-3

detecting indirect link failures 18-5

disabling 26-14

displaying status 26-22

EtherChannel guard

described 18-7

disabling 18-14

enabling 18-14

extended system ID

effects on root switch 26-14

effects on the secondary root switch 26-16

overview 26-4

unexpected behavior 26-15

features supported 1-8

IEEE 802.1D and bridge ID 26-4

IEEE 802.1D and multicast addresses 26-8

IEEE 802.1t and VLAN identifier 26-4

inferior BPDU 26-3

instances supported 26-9

interface state, blocking to forwarding 18-2

interface states

blocking 26-5

disabled 26-7

forwarding 26-5, 26-6

learning 26-6

listening 26-6

overview 26-4

interoperability and compatibility among modes 26-10

Layer 2 protocol tunneling 16-7

limitations with IEEE 802.1Q trunks 26-10

load sharing

overview 13-21

using path costs 13-23

using port priorities 13-21

loop guard

described 18-9

enabling 18-15

modes supported 26-9

multicast addresses, effect of 26-8

optional features supported 1-8

overview 26-2

path costs 13-23

Port Fast

described 18-2

enabling 18-10

port priorities 13-22

preventing root switch selection 18-8

protocols supported 26-9

redundant connectivity 26-8

root guard

described 18-8

enabling 18-15

root port, defined 26-3

root switch

configuring 26-15

effects of extended system ID 26-4, 26-14

election 26-3

unexpected behavior 26-15

shutdown Port Fast-enabled port 18-2

status, displaying 26-22

superior BPDU 26-3

timers, described 26-20

UplinkFast

described 18-3

enabling 18-13

VLAN-bridge 26-10

stratum, NTP 6-2

stub areas, OSPF 37-29

stub routing, EIGRP 37-39

subdomains, private VLAN 15-1

subnet mask 37-5

subnet zero 37-6

success response, VMPS 13-25

summer time 6-6

SunNet Manager 1-5

supernet 37-6

supported port-based authentication methods 9-7

SVI autostate exclude

configuring 11-27

defined 11-5

SVI link state 11-5

SVIs

and IP unicast routing 37-3

and router ACLs 33-4

connecting VLANs 11-9

defined 11-4

routing between VLANs 13-2

switch 38-2

switch clustering technology 5-1

See also clusters, switch

switch console port 1-7

Switch Database Management

switched packets, ACLs on 33-40

Switched Port Analyzer

switched ports 11-2

switchport backup interface 19-4, 19-5

switchport block multicast command 23-8

switchport block unicast command 23-8

switchport command 11-15

switchport mode dot1q-tunnel command 16-6

switchport protected command 23-7

switch priority

MSTP 17-21

switch software features 1-1

switch virtual interface

synchronization, BGP 37-46

syslog

See system message logging

system capabilities TLV 25-2

system clock

configuring

daylight saving time 6-6

manually 6-4

summer time 6-6

time zones 6-5

displaying the time and date 6-4

overview 6-1

system description TLV 25-2

system message logging

default configuration 30-3

defining error message severity levels 30-8

disabling 30-4

displaying the configuration 30-16

enabling 30-4

facility keywords, described 30-13

level keywords, described 30-9

limiting messages 30-10

message format 30-2

overview 30-1

sequence numbers, enabling and disabling 30-8

setting the display destination device 30-5

synchronizing log messages 30-6

syslog facility 1-15

time stamps, enabling and disabling 30-7

UNIX syslog servers

configuring the daemon 30-12

configuring the logging facility 30-12

facilities supported 30-13

system MTU

and IS-IS LSPs 37-67

system MTU and IEEE 802.1Q tunneling 16-5

system name

default configuration 6-8

default setting 6-8

manual configuration 6-8

system name TLV 25-2

system prompt, default setting 6-7, 6-8

system resources, optimizing 7-1

system routing

IS-IS 37-63

ISO IGRP 37-63

T

TACACS+

accounting, defined 8-11

authentication, defined 8-11

authorization, defined 8-11

configuring

accounting 8-17

authentication key 8-13

authorization 8-16

login authentication 8-14

default configuration 8-13

displaying the configuration 8-17

identifying the server 8-13

in clusters 5-14

limiting the services to the user 8-16

operation of 8-12

overview 8-10

support for 1-11

tracking services accessed by user 8-17

tagged packets

IEEE 802.1Q 16-3

Layer 2 protocol 16-7

tar files

creating A-6

displaying the contents of A-6

extracting A-7

image file format A-24

memory consistency check errors

example 48-24

memory consistency check routines 1-5, 48-23

memory consistency integrity 1-5, 48-23

space

HFTM 48-23

HQATM 48-23

unassigned 48-23

TCL script, registering and defining with embedded event manager 32-6

TDR 1-16

Telnet

accessing management interfaces 2-9

number of connections 1-7

setting a password 8-6

temporary self-signed certificate 8-49

Terminal Access Controller Access Control System Plus

terminal lines, setting a password 8-6

ternary content addressable memory

TFTP

configuration files

downloading A-11

preparing the server A-10

uploading A-11

configuration files in base directory 3-7

configuring for autoconfiguration 3-7

image files

deleting A-27

downloading A-26

preparing the server A-25

uploading A-27

limiting access by servers 31-16

TFTP server 1-6

threshold, traffic level 23-2

threshold monitoring, IP SLAs 42-6

time

See NTP and system clock

Time Domain Reflector

time-range command 33-17

time ranges in ACLs 33-17

time stamps in log messages 30-7

time zones 6-5

TLVs

defined 25-1

LLDP 25-2

LLDP-MED 25-2

Token Ring VLANs

support for 13-6

VTP support 14-4

ToS 1-12

traceroute, Layer 2

and ARP 48-15

and CDP 48-15

broadcast traffic 48-15

described 48-15

IP addresses and subnets 48-15

MAC addresses and VLANs 48-15

multicast traffic 48-15

multiple devices on a port 48-16

unicast traffic 48-15

usage guidelines 48-15

traceroute command 48-17

See also IP traceroute

tracked lists

configuring 43-3

types 43-3

tracked objects

by Boolean expression 43-4

by threshold percentage 43-6

by threshold weight 43-5

tracking interface line-protocol state 43-2

tracking IP routing state 43-2

tracking objects 43-1

tracking process 43-1

track state, tracking IP SLAs 43-9

traffic

blocking flooded 23-8

fragmented 33-5

fragmented IPv6 40-2

unfragmented 33-5

traffic policing 1-13

traffic suppression 23-1

transmit hold-count

transparent mode, VTP 14-3

trap-door mechanism 3-2

traps

configuring MAC address notification 6-15, 6-17, 6-18

configuring managers 31-12

defined 31-3

enabling 6-15, 6-17, 6-18, 31-12

notification types 31-12

overview 31-1, 31-4

troubleshooting

connectivity problems 48-13, 48-14, 48-16

CPU utilization 48-24

detecting unidirectional links 27-1

displaying crash information 48-22

PIMv1 and PIMv2 interoperability problems 45-34

setting packet forwarding 48-20

SFP security and identification 48-12

show forward command 48-20

with CiscoWorks 31-4

with debug commands 48-18

with ping 48-13

with system message logging 30-1

with traceroute 48-16

trunk failover

See link-state tracking

trunking encapsulation 1-8

trunk ports

configuring 13-17

defined 11-3, 13-3

encapsulation 13-22, 13-23

trunks

allowed-VLAN list 13-18

configuring 13-22, 13-23

load sharing

setting STP path costs 13-23

using STP port priorities 13-21, 13-22

native VLAN for untagged traffic 13-20

parallel 13-23

pruning-eligible list 13-19

to non-DTP device 13-15

trusted boundary for QoS 34-44

trusted port states

between QoS domains 34-46

classification options 34-5

ensuring port security for IP phones 34-44

support for 1-12

within a QoS domain 34-42

trustpoints, CA 8-48

tunneling

defined 16-1

IEEE 802.1Q 16-1

Layer 2 protocol 16-8

tunnel ports

defined 13-4

described 11-3, 16-1

IEEE 802.1Q, configuring 16-6

incompatibilities with other features 16-5

twisted-pair Ethernet, detecting unidirectional links 27-1

type of service

U

UDLD

configuration guidelines 27-4

default configuration 27-4

disabling

globally 27-5

on fiber-optic interfaces 27-5

per interface 27-5

echoing detection mechanism 27-2

enabling

globally 27-5

per interface 27-5

Layer 2 protocol tunneling 16-10

link-detection mechanism 27-1

neighbor database 27-2

overview 27-1

resetting an interface 27-6

status, displaying 27-6

support for 1-7

UDP, configuring 37-14

UDP jitter, configuring 42-10

UDP jitter operation, IP SLAs 42-9

unauthorized ports with IEEE 802.1x 9-10

unicast MAC address filtering 1-6

and adding static addresses 6-21

and broadcast MAC addresses 6-20

and CPU packets 6-20

and multicast addresses 6-20

and router MAC addresses 6-20

configuration guidelines 6-20

described 6-20

unicast storm 23-1

unicast storm control command 23-4

unicast traffic, blocking 23-8

UniDirectional Link Detection protocol

UNIX syslog servers

daemon configuration 30-12

facilities supported 30-13

message logging configuration 30-12

unrecognized Type-Length-Value (TLV) support 14-4

upgrading software images

See downloading

UplinkFast

described 18-3

disabling 18-13

enabling 18-13

support for 1-8

uploading

configuration files

preparing A-10, A-12, A-15

reasons for A-8

using FTP A-14

using RCP A-17

using TFTP A-11

image files

preparing A-25, A-29, A-33

reasons for A-23

using FTP A-31

using RCP A-36

using TFTP A-27

User Datagram Protocol

user EXEC mode 2-2

username-based authentication 8-6

V

VACL logging parameters 33-38

VACLs

logging

configuration example 33-39

version-dependent transparent mode 14-4

virtual IP address

cluster standby group 5-11

command switch 5-11

Virtual Private Network

virtual router 41-1, 41-2

virtual switches and PAgP 35-5

vlan.dat file 13-5

VLAN 1, disabling on a trunk port 13-19

VLAN 1 minimization 13-18

VLAN ACLs

vlan-assignment response, VMPS 13-25

VLAN configuration

at bootup 13-7

saving 13-7

VLAN configuration mode 2-2

VLAN database

and startup configuration file 13-7

and VTP 14-1

VLAN configuration saved in 13-7

VLANs saved in 13-4

vlan dot1q tag native command 16-4

VLAN filtering and SPAN 28-6

vlan global configuration command 13-7

VLAN ID, discovering 6-23

VLAN link state 11-5

VLAN load balancing on flex links 19-2

configuration guidelines 19-8

VLAN management domain 14-2

VLAN Management Policy Server

VLAN map entries, order of 33-31

VLAN maps

applying 33-35

common uses for 33-35

configuration guidelines 33-31

configuring 33-30

creating 33-32

defined 33-2

denying access to a server example 33-36

denying and permitting packets 33-32

displaying 33-44

examples of ACLs and VLAN maps 33-33

removing 33-35

support for 1-10

wiring closet configuration example 33-36

VLAN membership

confirming 13-28

modes 13-3

VLAN Query Protocol

VLANs

adding 13-8

adding to VLAN database 13-8

aging dynamic addresses 26-9

allowed on trunk 13-18

and spanning-tree instances 13-3, 13-6, 13-11

configuration guidelines, extended-range VLANs 13-11

configuration guidelines, normal-range VLANs 13-6

configuring 13-1

configuring IDs 1006 to 4094 13-11

connecting through SVIs 11-9

creating 13-8

customer numbering in service-provider networks 16-3

default configuration 13-7

deleting 13-9

described 11-2, 13-1

displaying 13-14

extended-range 13-1, 13-10

features 1-8

illustrated 13-2

internal 13-11

limiting source traffic with RSPAN 28-21

limiting source traffic with SPAN 28-14

modifying 13-8

multicast 22-17

native, configuring 13-20

normal-range 13-1, 13-4

number supported 1-8

parameters 13-5

port membership modes 13-3

static-access ports 13-9

STP and IEEE 802.1Q trunks 26-10

supported 13-2

Token Ring 13-6

traffic between 13-2

VLAN-bridge STP 26-10, 47-1

VTP modes 14-3

VLAN Trunking Protocol

VLAN trunks 13-14

VMPS

administering 13-29

configuration example 13-30

configuration guidelines 13-26

default configuration 13-26

description 13-24

dynamic port membership

described 13-25

reconfirming 13-28

troubleshooting 13-30

entering server address 13-27

mapping MAC addresses to VLANs 13-25

monitoring 13-29

reconfirmation interval, changing 13-28

reconfirming membership 13-28

retry count, changing 13-29

voice aware 802.1x security

port-based authentication

configuring 9-38

described 9-30, 9-38

voice-over-IP 12-1

voice VLAN

Cisco 7960 phone, port connections 12-1

configuration guidelines 12-3

configuring IP phones for data traffic

override CoS of incoming frame 12-6

trust CoS priority of incoming frame 12-6

configuring ports for voice traffic in

802.1p priority tagged frames 12-5

802.1Q frames 12-4

connecting to an IP phone 12-4

default configuration 12-3

described 12-1

displaying 12-7

IP phone data traffic, described 12-2

IP phone voice traffic, described 12-2

VPN

configuring routing in 37-82

forwarding 37-75

in service provider networks 37-72

routes 37-73

VPN routing and forwarding table

VRF

defining 37-75

tables 37-72

VRF-aware services

configuring 37-78

HSRP 37-80

ping 37-79

RADIUS 37-80

SNMP 37-79

syslog 37-80

tftp 37-81

traceroute 37-81

VTP

adding a client to a domain 14-15

advertisements 13-16, 14-3, 14-4

and extended-range VLANs 13-3, 14-1

and normal-range VLANs 13-2, 14-1

client mode, configuring 14-11

configuration

guidelines 14-8

requirements 14-10

saving 14-8

configuration requirements 14-10

configuration revision number

guideline 14-15

resetting 14-16

consistency checks 14-4

default configuration 14-7

described 14-1

domain names 14-8

domains 14-2

Layer 2 protocol tunneling 16-7

modes

client 14-3

off 14-3

server 14-3

transitions 14-3

transparent 14-3

monitoring 14-16

passwords 14-8

pruning

disabling 14-14

enabling 14-14

examples 14-6

overview 14-5

support for 1-9

pruning-eligible list, changing 13-19

server mode, configuring 14-10, 14-13

statistics 14-16

support for 1-9

Token Ring support 14-4

transparent mode, configuring 14-10

using 14-1

Version

enabling 14-13

version, guidelines 14-9

Version 1 14-4

Version 2

configuration guidelines 14-9

overview 14-4

Version 3

overview 14-5

W

WCCP

authentication 44-3

configuration guidelines 44-5

default configuration 44-5

described 44-1

displaying 44-9

dynamic service groups 44-3

enabling 44-6

features unsupported 44-4

forwarding method 44-3

Layer-2 header rewrite 44-3

MD5 security 44-3

message exchange 44-2

monitoring and maintaining 44-9

negotiation 44-3

packet redirection 44-3

packet-return method 44-3

redirecting traffic received from a client 44-6

setting the password 44-6

unsupported WCCPv2 features 44-4

web authentication 9-16

configuring 10-16 to ??

described 1-9

web-based authentication

customizeable web pages 10-6

description 10-1

web-based authentication, interactions with other features 10-7

Web Cache Communication Protocol

weighted tail drop

weight thresholds in tracked lists 43-5

wired location service

configuring 25-9

displaying 25-10

location TLV 25-3

understanding 25-3

wizards 1-2

WTD

described 34-14

setting thresholds

egress queue-sets 34-79

ingress queues 34-74

support for 1-13

X

Xmodem protocol 48-2

Index

A

AAA down policy, NAC Layer 2 IP validation 1-11

abbreviating commands 2-3

ABRs 37-24

AC (command switch) 5-10

access-class command 33-20

access control entries

See ACEs

access control entry (ACE) 40-3

access-denied response, VMPS 13-25

access groups

applying IPv4 ACLs to interfaces 33-21

Layer 2 33-21

Layer 3 33-21

accessing

clusters, switch 5-13

command switches 5-11

member switches 5-13

switch clusters 5-13

access lists

See ACLs

access ports

and Layer 2 protocol tunneling 16-10

defined 11-3

in switch clusters 5-9

access template 7-1

accounting

with 802.1x 9-48

with IEEE 802.1x 9-15

with RADIUS 8-33

with TACACS+ 8-11, 8-17

ACEs

and QoS 34-8

defined 33-2

Ethernet 33-2

IP 33-2

ACLs

ACEs 33-2

any keyword 33-13

applying

on bridged packets 33-41

on multicast packets 33-42

on routed packets 33-42

on switched packets 33-40

time ranges to 33-17

to an interface 33-20, 40-7

to IPv6 interfaces 40-7

to QoS 34-8

classifying traffic for QoS 34-49

comments in 33-19

compiling 33-23

defined 33-1, 33-7

examples of 33-23, 34-49

extended IP, configuring for QoS classification 34-50

extended IPv4

creating 33-10

matching criteria 33-7

hardware and software handling 33-22

host keyword 33-13

IP

creating 33-7

fragments and QoS guidelines 34-39

implicit deny 33-10, 33-14, 33-16

implicit masks 33-10

matching criteria 33-7

undefined 33-21

IPv4

applying to interfaces 33-20

creating 33-7

matching criteria 33-7

named 33-15

numbers 33-8

terminal lines, setting on 33-19

unsupported features 33-6

IPv6

applying to interfaces 40-7

configuring 40-3, 40-4

displaying 40-8

interactions with other features 40-4

limitations 40-2, 40-3

matching criteria 40-3

named 40-2

precedence of 40-2

supported 40-2

unsupported features 40-3

Layer 4 information in 33-40

logging messages 33-8

MAC extended 33-28, 34-51

matching 33-7, 33-21, 40-3

monitoring 33-43, 40-8

named, IPv4 33-15

named, IPv6 40-2

names 40-4

number per QoS class map 34-39

port 33-2, 40-1

precedence of 33-2

QoS 34-8, 34-49

resequencing entries 33-15

router 33-2, 40-1

router ACLs and VLAN map configuration guidelines 33-39

standard IP, configuring for QoS classification 34-49

standard IPv4

creating 33-9

matching criteria 33-7

support for 1-10

support in hardware 33-22

time ranges 33-17

types supported 33-2

unsupported features, IPv4 33-6

unsupported features, IPv6 40-3

using router ACLs with VLAN maps 33-39

VLAN maps

configuration guidelines 33-31

configuring 33-30

active link 19-3, 19-5

active links 19-1

active router 41-2

active traffic monitoring, IP SLAs 42-1

address aliasing 22-2

addresses

displaying the MAC address table 6-23

dynamic

accelerated aging 26-8

changing the aging time 6-14

default aging 26-8

defined 6-12

learning 6-13

removing 6-15

IPv6 38-2

MAC, discovering 6-23

multicast

group address range 45-3

STP address management 26-8

static

adding and removing 6-19

defined 6-12

address resolution 6-23, 37-8

Address Resolution Protocol

See ARP

adjacency tables, with CEF 37-88

administrative distances

defined 37-100

OSPF 37-31

routing protocol defaults 37-90

advertisements

CDP 24-1

LLDP 25-1, 25-2

RIP 37-19

VTP 13-16, 14-3, 14-4

aggregatable global unicast addresses 38-3

aggregate addresses, BGP 37-58

aggregated ports

See EtherChannel

aggregate policers 34-66

aggregate policing 1-13

aging, accelerating 26-8

aging time

accelerated

for MSTP 17-23

for STP 26-8, 26-21

MAC address table 6-14

maximum

for MSTP 17-23, 17-24

for STP 26-21, 26-22

alarms, RMON 29-3

allowed-VLAN list 13-18

application engines, redirecting traffic to 44-1

area border routers

See ABRs

area routing

IS-IS 37-63

ISO IGRP 37-63

ARP

configuring 37-8

defined 1-6, 6-23, 37-8

encapsulation 37-9

static cache configuration 37-8

table

address resolution 6-23

managing 6-23

ASBRs 37-24

AS-path filters, BGP 37-52

asymmetrical links, and IEEE 802.1Q tunneling 16-4

attributes, RADIUS

vendor-proprietary 8-36

vendor-specific 8-34

attribute-value pairs 9-12, 9-15, 9-20, 9-21

authentication

EIGRP 37-38

HSRP 41-10

local mode with AAA 8-42

open1x 9-29

RADIUS

key 8-26

login 8-28

TACACS+

defined 8-11

key 8-13

login 8-14

See also port-based authentication

authentication compatibility with Catalyst 6000 switches 9-8

authentication failed VLAN

See restricted VLAN

authentication keys, and routing protocols 37-100

authentication manager

CLI commands 9-9

compatibility with older 802.1x CLI commands 9-9 to ??

overview 9-7

authoritative time source, described 6-2

authorization

with RADIUS 8-32

with TACACS+ 8-11, 8-16

authorized ports with IEEE 802.1x 9-10

autoconfiguration 3-3

auto enablement 9-30

automatic discovery

considerations

beyond a noncandidate device 5-8

brand new switches 5-9

connectivity 5-4

different VLANs 5-7

management VLANs 5-7

non-CDP-capable devices 5-6

noncluster-capable devices 5-6

routed ports 5-8

in switch clusters 5-4

See also CDP

automatic QoS

See QoS

automatic recovery, clusters 5-10

See also HSRP

auto-MDIX

configuring 11-21

described 11-20

autonegotiation

duplex mode 1-4

interface configuration guidelines 11-18

mismatches 48-11

autonomous system boundary routers

See ASBRs

autonomous systems, in BGP 37-46

Auto-QoS video devices 1-13

Auto-RP, described 45-6

autosensing, port speed 1-4

autostate exclude 11-5

auxiliary VLAN

See voice VLAN

availability, features 1-7

B

BackboneFast

described 18-5

disabling 18-14

enabling 18-13

support for 1-8

backup interfaces

See Flex Links

backup links 19-1

backup static routing, configuring 43-11

banners

configuring

login 6-12

message-of-the-day login 6-11

default configuration 6-10

when displayed 6-10

Berkeley r-tools replacement 8-54

BGP

aggregate addresses 37-58

aggregate routes, configuring 37-58

CIDR 37-58

clear commands 37-61

community filtering 37-55

configuring neighbors 37-56

default configuration 37-43

described 37-42

enabling 37-46

monitoring 37-61

multipath support 37-50

neighbors, types of 37-46

path selection 37-50

peers, configuring 37-56

prefix filtering 37-54

resetting sessions 37-49

route dampening 37-60

route maps 37-52

route reflectors 37-59

routing domain confederation 37-59

routing session with multi-VRF CE 37-82

show commands 37-61

supernets 37-58

support for 1-14

Version 4 37-42

binding cluster group and HSRP group 41-12

binding database

address, DHCP server

See DHCP, Cisco IOS server database

DHCP snooping

See DHCP snooping binding database

bindings

address, Cisco IOS DHCP server 20-6

DHCP snooping database 20-6

IP source guard 20-15

binding table, DHCP snooping</