- Index
- Preface
- Overview
- Using the Command-Line Interface
- Assigning the Switch IP Address and Default Gateway
- Configuring Cisco IOS Configuration Engine
- Managing Switch Stacks
- Clustering Switches
- Administering the Switch
- Configuring SDM Templates
- Configuring Switch-Based Authentication
- Configuring IEEE 802.1x Port-Based Authentication
- Configuring MACsec Encryption
- Configuring Web-Based Authentication
- Configuring Cisco TrustSec
- Configuring Interface Characteristics
- Configuring VLANs
- Configuring VTP
- Configuring Voice VLAN
- Configuring Private VLANs
- Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
- Configuring STP
- Configuring MSTP
- Configuring Optional Spanning-Tree Features
- Configuring Resilient Ethernet Protocol
- Configuring Flex Links and the MAC Address-Table Move Update Feature
- Configuring DHCP Features and IP Source Guard
- Configuring Dynamic ARP Inspection
- Configuring IGMP Snooping and MVR
- Configuring Port-Based Traffic Control
- Configuring CDP
- Configuring LLDP, LLDP-MED, and Wired Location Service
- Configuring UDLD
- Configuring SPAN and RSPAN
- Configuring RMON
- Configuring System Message Logging and Smart Logging
- Configuring SNMP
- Configuring Embedded Event Manager
- Configuring Network Security with ACLs
- Configuring QoS
- Configuring EtherChannels and Link-State Tracking
- Configuring TelePresence E911 IP Phone Support
- Configuring IP Unicast Routing
- Configuring IPv6 Routing
- Configuring IPv6 ACLs
- Configuring IPv6 MLD Snooping
- Configuring HSRP and VRRP
- Configuring Cisco IOS IP SLAs Operations
- Configuring Enhanced Object Tracking
- Configuring Cache Services By Using WCCP
- Configuring IP Multicast Routing
- Configuring MSDP
- Configuring Fallback Bridging
- Troubleshooting
- Configuring Online Diagnostics
- Working with the Cisco IOS File System, Configuration Files, and Software Images
- Unsupported Commands in Cisco IOS Release 15.0(2)SE
Index
10-Gigabit Ethernet interfaces
configuration guidelines 14-33
defined 14-7
802.1AE 11-2
802.1AE Tagging 11-9, 13-2
802.1x-REV 11-2
AAA down policy, NAC Layer 2 IP validation 1-15
abbreviating commands 2-3
ABRs 41-26
AC (command switch) 6-11
access-class command 37-21
access control entry (ACE) 43-3
access-denied response, VMPS 15-28
applying IPv4 ACLs to interfaces 37-22
Layer 2 37-22
Layer 3 37-23
access groups, applying IPv4 ACLs to interfaces 37-22
clusters, switch 6-14
command switches 6-12
member switches 6-14
switch clusters 6-14
accessing stack members 5-27
and Layer 2 protocol tunneling 19-11
defined 14-3
in switch clusters 6-10
access ports, defined 14-3
access template 8-2
with 802.1x 10-55
with IEEE 802.1x 10-17
with RADIUS 9-35
with TACACS+ 9-12, 9-17
and QoS 38-8
defined 37-2
Ethernet 37-2
IP 37-2
ACEs 37-2
any keyword 37-14
on bridged packets 37-44
on multicast packets 37-45
on routed packets 37-45
on switched packets 37-43
time ranges to 37-18
to an interface 37-21, 43-7
to IPv6 interfaces 43-7
to QoS 38-8
classifying traffic for QoS 38-51
comments in 37-20
compiling 37-26
defined 37-2, 37-8
examples of 37-26, 38-51
extended IP, configuring for QoS classification 38-53
creating 37-12
matching criteria 37-8
hardware and software handling 37-23
host keyword 37-14
creating 37-8
fragments and QoS guidelines 38-42
implicit deny 37-11, 37-16, 37-18
implicit masks 37-11
matching criteria 37-8
undefined 37-23
applying to interfaces 37-21
creating 37-8
matching criteria 37-8
named 37-16
numbers 37-9
terminal lines, setting on 37-21
unsupported features 37-8
and stacking 43-3
applying to interfaces 43-7
configuring 43-4, 43-5
displaying 43-8
interactions with other features 43-4
limitations 43-3
matching criteria 43-3
named 43-3
precedence of 43-2
supported 43-2
unsupported features 43-3
Layer 4 information in 37-43
logging messages 37-10
MAC extended 37-31, 38-54
matching 37-8, 37-23, 43-3
monitoring 37-47, 43-8
named, IPv4 37-16
named, IPv6 43-3
names 43-4
number per QoS class map 38-42
port 37-2, 43-1
precedence of 37-3
QoS 38-8, 38-51
resequencing entries 37-16
router 37-2, 43-1
router ACLs and VLAN map configuration guidelines 37-42
standard IP, configuring for QoS classification 38-52
creating 37-11
matching criteria 37-8
support for 1-13
support in hardware 37-23
time ranges 37-18
types supported 37-2
unsupported features, IPv4 37-8
unsupported features, IPv6 43-3
using router ACLs with VLAN maps 37-42
configuration guidelines 37-34
configuring 37-33
active link 24-4, 24-5, 24-6
active links 24-2
active router 45-2
active traffic monitoring, IP SLAs 46-1
address aliasing 27-2
displaying the MAC address table 7-26
accelerated aging 20-10
changing the aging time 7-16
default aging 20-10
defined 7-14
learning 7-15
removing 7-17
IPv6 42-2
MAC, discovering 7-26
group address range 49-3
STP address management 20-10
multicast, STP address management 20-10
adding and removing 7-22
defined 7-14
address resolution 7-26, 41-9
adjacency tables, with CEF 41-92
defined 41-105
OSPF 41-34
routing protocol defaults 41-94
REP, configuring 23-8
administrative VLAN, REP 23-8
CDP 29-1
LLDP 30-2
RIP 41-21
age timer, REP 23-8
aggregatable global unicast addresses 42-3
aggregate addresses, BGP 41-62
aggregate policers 38-69
aggregate policing 1-17
aggregator template 5-12, 8-3
aging, accelerating 20-10
for MSTP 21-25
for STP 20-10, 20-25
MAC address table 7-16
for MSTP 21-26
for STP 20-25, 20-26
alarms, RMON 33-4
allowed-VLAN list 15-21
application engines, redirecting traffic to 48-1
IS-IS 41-67
ISO IGRP 41-67
configuring 41-11
defined 1-7, 7-26, 41-9
encapsulation 41-12
static cache configuration 41-11
address resolution 7-26
managing 7-26
ASBRs 41-26
AS-path filters, BGP 41-56
asymmetrical links, and IEEE 802.1Q tunneling 19-4
vendor-proprietary 9-38
vendor-specific 9-36
attribute-value pairs 10-14, 10-17, 10-22, 10-23
EIGRP 41-43
HSRP 45-12
local mode with AAA 9-44
open1x 10-32
key 9-28
login 9-30
defined 9-11
key 9-13
login 9-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 10-9
authentication keys, and routing protocols 41-105
CLI commands 10-10
compatibility with older 802.1x CLI commands 10-10 to ??
overview 10-8
authoritative time source, described 7-3
with RADIUS 9-34
with TACACS+ 9-12, 9-16
authorized ports with IEEE 802.1x 10-11
autoconfiguration 3-3
auto enablement 10-34
automatic advise (auto-advise) in switch stacks 5-14
automatic copy (auto-copy) in switch stacks 5-13
beyond a noncandidate device 6-9
brand new switches 6-10
connectivity 6-6
different VLANs 6-8
management VLANs 6-8
non-CDP-capable devices 6-7
noncluster-capable devices 6-7
routed ports 6-9
in switch clusters 6-6
automatic extraction (auto-extract) in switch stacks 5-13
automatic recovery, clusters 6-11
automatic upgrades (auto-upgrade) in switch stacks 5-13
configuring 14-39
described 14-39
duplex mode 1-4
interface configuration guidelines 14-36
mismatches 52-13
autonomous system boundary routers
autonomous systems, in BGP 41-50
Auto-QoS video devices 1-18
Auto-RP, described 49-6
autosensing, port speed 1-4
autostate exclude 14-6
availability, features 1-9
described 22-8
disabling 22-18
enabling 22-17
support for 1-10
backup links 24-2
backup static routing, configuring 47-12
login 7-14
message-of-the-day login 7-13
default configuration 7-12
when displayed 7-12
Berkeley r-tools replacement 9-56
aggregate addresses 41-62
aggregate routes, configuring 41-62
CIDR 41-62
clear commands 41-65
community filtering 41-59
configuring neighbors 41-60
default configuration 41-47
described 41-46
enabling 41-50
monitoring 41-65
multipath support 41-54
neighbors, types of 41-50
path selection 41-54
peers, configuring 41-60
prefix filtering 41-58
resetting sessions 41-53
route dampening 41-64
route maps 41-56
route reflectors 41-63
routing domain confederation 41-63
routing session with multi-VRF CE 41-86
show commands 41-65
supernets 41-62
support for 1-19
Version 4 41-47
binding cluster group and HSRP group 45-13
See DHCP, Cisco IOS server database
See DHCP snooping binding database
address, Cisco IOS DHCP server 25-6
DHCP snooping database 25-6
IP source guard 25-16
See DHCP snooping binding database
blocking packets 28-7
Boolean expressions in tracked lists 47-4
boot loader, function of 3-2
boot process 3-2
manually 3-20
specific image 3-21
accessing 3-22
described 3-2
environment variables 3-22
prompt 3-22
trap-door mechanism 3-2
Boot Loader Upgrade and Image Verification for the FIPS Mode of Operation 3-25
bootstrap router (BSR), described 49-7
error-disabled state 22-2
filtering 22-3
RSTP format 21-13
described 22-3
disabling 22-16
enabling 22-15
support for 1-10
described 22-2
disabling 22-15
enabling 22-14
support for 1-10
bridged packets, ACLs on 37-44
broadcast flooding 41-18
directed 41-15
flooded 41-15
broadcast storm-control command 28-4
broadcast storms 28-1, 41-15
cables, monitoring for unidirectional links 31-1
automatic discovery 6-6
defined 6-5
requirements 6-5
See also command switch, cluster standby group, and member switch
authentication compatibility 10-9
configuring 9-53
defined 9-51
and trusted boundary 38-48
automatic discovery in switch clusters 6-6
configuring 29-2
default configuration 29-2
defined with LLDP 30-1
described 29-1
disabling for routing device 29-4
on an interface 29-4
on a switch 29-4
Layer 2 protocol tunneling 19-7
monitoring 29-5
overview 29-1
power negotiation extensions 14-8
support for 1-7
switch stack considerations 29-2
transmission timer and holdtime, setting 29-3
updates 29-3
defined 41-92
distributed 41-92
enabling 41-92
IPv6 42-31
as IGMP snooping learning method 27-9
clearing cached group entries 49-64
enabling server support 49-45
joining multicast group 27-3
overview 49-9
server support only 49-9
switch support of 1-5
CIDR 41-62
CipherSuites 9-52
Cisco 7960 IP Phone 17-1
Cisco Group Management Protocol
Cisco intelligent power management 14-8
See DHCP, Cisco IOS DHCP server
Cisco IOS IP SLAs 46-2
Cisco Redundant Power System 2300
configuring 14-53
managing 14-53
attribute-value pairs for downloadable ACLs 10-23
attribute-value pairs for redirect URL 10-22
Cisco Secure ACS configuration guide 10-73
CiscoWorks 2000 1-7, 35-5
CISP 10-34
civic location 30-3
classless routing 41-8
configuring 38-55
described 38-8
displaying 38-89
clearing interfaces 14-56
abbreviating commands 2-3
command modes 2-1
configuration logging 2-5
described 1-6
enabling and disabling 2-6
keystroke editing 2-7
wrapped lines 2-8
error messages 2-4
filtering command output 2-9
getting help 2-3
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
managing clusters 6-17
no and default forms of commands 2-4
Client Information Signalling Protocol
client mode, VTP 16-3
client processes, tracking 47-1
accessing 6-14
automatic discovery 6-6
automatic recovery 6-11
benefits 1-2
compatibility 6-5
described 6-1
LRE profile considerations 6-17
through CLI 6-17
through SNMP 6-18
planning 6-5
automatic discovery 6-6
automatic recovery 6-11
CLI 6-17
host names 6-14
IP addresses 6-14
LRE profiles 6-17
passwords 6-15
RADIUS 6-17
SNMP 6-15, 6-18
switch stacks 6-15
TACACS+ 6-17
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
and HSRP group 45-13
automatic recovery 6-13
considerations 6-12
defined 6-2
requirements 6-3
virtual IP address 6-12
CNS 1-7
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-8
management functions 1-7
CoA Request Commands 9-23
Coarse Wave Division Multiplexer
command modes 2-1
abbreviating 2-3
no and default 2-4
commands, setting privilege levels 9-8
accessing 6-12
active (AC) 6-11
configuration conflicts 52-12
defined 6-2
passive (PC) 6-11
password privilege levels 6-18
priority 6-11
from command-switch failure 6-11, 52-9
from lost member connectivity 52-12
redundant 6-11
with another switch 52-11
with cluster member 52-9
requirements 6-3
standby (SC) 6-11
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 41-59
community ports 18-2
configuring 6-15, 35-8
for cluster switches 35-4
in clusters 6-15
overview 35-4
SNMP 6-15
community VLANs 18-2, 18-3
compatibility, feature 28-12
config.text 3-19
configurable leave timer, IGMP 27-6
defaults 1-23
Express Setup 1-2
configuration changes, logging 34-11
configuration conflicts, recovering from lost member connectivity 52-12
configuration examples, network 1-26
archiving 54-21
clearing the startup configuration 54-20
creating using a text editor 54-11
default name 3-19
deleting a stored configuration 54-20
described 54-8
automatically 3-19
preparing 54-11, 54-14, 54-17
reasons for 54-8
using FTP 54-14
using RCP 54-18
using TFTP 54-12
guidelines for creating and using 54-10
guidelines for replacing and rolling back 54-22
invalid combinations when copying 54-5
limiting TFTP server access 35-18
obtaining with DHCP 3-9
password recovery disable considerations 9-5
replacing a running configuration 54-21
rolling back a running configuration 54-21, 54-22
specifying the filename 3-19
system contact and location information 35-17
types and location 54-10
preparing 54-11, 54-14, 54-17
reasons for 54-9
using FTP 54-16
using RCP 54-19
using TFTP 54-13
REP 23-7
configuration guidelines, multi-VRF CE 41-79
configuration logger 34-11
configuration logging 2-5
configuration replacement 54-21
configuration rollback 54-21
configuration settings, saving 3-16
configure terminal command 14-24
configuring 802.1x user distribution 10-68
Configuring First Hop Security in IPv6 41-45, 42-19
Configuring IPv6 Source Guard 42-22
configuring port-based authentication violation modes 10-45
configuring small-frame arrival rate 28-5
Configuring VACL Logging 37-41
conflicts, configuration 52-12
connections, secure remote 9-46
connectivity problems 52-15, 52-16, 52-18
consistency checks in VTP Version 2 16-6
console port, connecting to 2-10
control protocol, IP SLAs 46-4
REP 23-4
corrupted software, recovery steps with Xmodem 52-2
in Layer 2 frames 38-2
override priority 17-6
trust priority 17-6
CoS input queue threshold map for QoS 38-17
CoS output queue threshold map for QoS 38-21
CoS-to-DSCP map for QoS 38-71
counters, clearing interface 14-56
CPU utilization, troubleshooting 52-29
crashinfo file 52-25
critical authentication, IEEE 802.1x 10-65
critical VLAN 10-26
configuring 10-65
configuration guidelines 39-14
on Layer 2 interfaces 39-14
on Layer 3 physical interfaces 39-18
described 39-3
illustration 39-4
support for 1-9
described 22-5
disabling 22-17
enabling 22-17
fast-convergence events 22-8
Fast Uplink Transition Protocol 22-7
normal-convergence events 22-8
support for 1-10
Kerberos 9-40
SSH 9-45
SSL 9-50
switch stack considerations 5-18
customer edge devices 41-77
customjzeable web pages, web-based authentication 12-6
CWDM SFPs 1-39
daylight saving time 7-8
dCEF, in the switch stack 41-92
enabling all system diagnostics 52-21
enabling for a specific feature 52-21
redirecting error message output 52-22
using commands 52-20
default commands 2-4
802.1x 10-39
auto-QoS 38-24
banners 7-12
BGP 41-47
CDP 29-2
DHCP 25-8
DHCP option 82 25-8
DHCP snooping 25-8
DHCP snooping binding database 25-9
DNS 7-11
dynamic ARP inspection 26-6
EIGRP 41-38
EtherChannel 39-12
Ethernet interfaces 14-32
fallback bridging 51-3
Flex Links 24-9
HSRP 45-6
IEEE 802.1Q tunneling 19-4
IGMP 49-40
IGMP filtering 27-25
IGMP snooping 27-7, 44-6
IGMP throttling 27-25
initial switch information 3-3
IP addressing, IP routing 41-6
IP multicast routing 49-11
IP SLAs 46-6
IP source guard 25-17
IPv6 42-17
IS-IS 41-68
Layer 2 interfaces 14-32
Layer 2 protocol tunneling 19-12
LLDP 30-5
MAC address table 7-16
MAC address-table move update 24-9
MSDP 50-4
MSTP 21-15
multi-VRF CE 41-79
MVR 27-20
optional spanning-tree configuration 22-12
OSPF 41-27
password and privilege level 9-3
PIM 49-11
private VLANs 18-7
RADIUS 9-27
REP 23-7
RIP 41-21
RMON 33-3
RSPAN 32-11
SDM template 8-8
SNMP 35-7
SPAN 32-11
SSL 9-52
standard QoS 38-39
STP 20-14
switch stacks 5-22
system message logging 34-4
system name and prompt 7-10
TACACS+ 9-13
UDLD 31-4
VLAN, Layer 2 Ethernet interfaces 15-19
VLANs 15-9
VMPS 15-29
voice VLAN 17-3
VTP 16-10
WCCP 48-5
default gateway 3-16, 41-13
default networks 41-95
default routes 41-95
default routing 41-3
default web-based authentication configuration
802.1X 12-9
deleting VLANs 15-10
denial-of-service attack 28-1
description command 14-47
designing your network, examples 1-26
desktop template 5-12, 8-3
in IPv4 ACLs 37-13
in IPv6 ACLs 43-5
destination-IP address-based forwarding, EtherChannel 39-10
destination-MAC address forwarding, EtherChannel 39-10
detecting indirect link failures, STP 22-8
device 54-25
device discovery protocol 29-1, 30-1
benefits 1-2
described 1-2, 1-6
in-band management 1-8
upgrading a switch 54-25
configuring 10-56
restrictions 10-56
configuring 25-14
default configuration 25-9
described 25-6
relay agent 25-10
client request message exchange 3-4
client side 3-4
DNS 3-8
relay device 3-8
server side 3-6
TFTP server 3-7
example 3-10
for IP address information 3-6
for receiving the configuration file 3-7
overview 3-3
relationship to BOOTP 3-4
relay support 1-7, 1-19
support for 1-7
DHCP-based autoconfiguration and image update
configuring 3-11 to 3-15
understanding 3-5 to 3-6
See DHCP snooping binding database
See DHCP snooping binding database
DHCP object tracking, configuring primary interface 47-10
circuit ID suboption 25-5
configuration guidelines 25-9
default configuration 25-8
displaying 25-15
forwarding address, specifying 25-10
helper address 25-10
overview 25-3
circuit ID 25-5
remote ID 25-5
remote ID suboption 25-5
DHCP server port-based address allocation
configuration guidelines 25-27
default configuration 25-27
described 25-26
displaying 25-30
enabling 25-27
reserved addresses 25-28
DHCP server port-based address assignment
support for 1-7
accepting untrusted packets form edge switch 25-3, 25-12
and private VLANs 25-13
See DHCP snooping binding database
configuration guidelines 25-9
default configuration 25-8
displaying binding tables 25-15
message exchange process 25-4
option 82 data insertion 25-3
trusted interface 25-2
untrusted interface 25-2
untrusted messages 25-2
DHCP snooping binding database
adding bindings 25-14
binding entries, displaying 25-15
format 25-7
location 25-6
bindings 25-6
clearing agent statistics 25-15
configuration guidelines 25-9
configuring 25-14
default configuration 25-8, 25-9
binding file 25-15
bindings 25-15
database agent 25-15
described 25-6
displaying 25-15
binding entries 25-15
status and statistics 25-15
displaying status and statistics 25-15
enabling 25-14
entry 25-6
renewing database 25-15
delay value 25-15
timeout value 25-15
See DHCP snooping binding database
configuration guidelines 42-27
default configuration 42-27
described 42-10
enabling client function 42-30
enabling DHCPv6 server function 42-28
support for 1-19
Differentiated Services architecture, QoS 38-2
Differentiated Services Code Point 38-2
Diffusing Update Algorithm (DUAL) 41-36
directed unicast requests 1-7
changing 54-4
creating and removing 54-4
displaying the working 54-4
Distance Vector Multicast Routing Protocol
distance-vector protocols 41-3
distribute-list command 41-104
and DHCP-based autoconfiguration 3-8
default configuration 7-11
displaying the configuration 7-12
in IPv6 42-4
overview 7-10
setting up 7-11
support for 1-7
DNS-based SSM mapping 49-19, 49-21
DNS 7-10
VTP 16-11
domains, ISO IGRP routing 41-67
dot1q-tunnel switchport mode 15-18
IEEE 802.1Q tunneling 19-2
Layer 2 protocol tunneling 19-11
downloadable ACL 10-21, 10-23, 10-73
preparing 54-11, 54-14, 54-17
reasons for 54-8
using FTP 54-14
using RCP 54-18
using TFTP 54-12
deleting old image 54-29
preparing 54-27, 54-31, 54-35
reasons for 54-25
using CMS 1-3
using FTP 54-32
using HTTP 1-3, 54-25
using RCP 54-36
using TFTP 54-28
using the device manager or Network Assistant 54-25
drop threshold for Layer 2 protocol packets 19-12
configuring 42-24
described 42-9
IPv6 42-9
support for 1-19
DSCP 1-17, 38-2
DSCP input queue threshold map for QoS 38-17
DSCP output queue threshold map for QoS 38-21
DSCP-to-CoS map for QoS 38-74
DSCP-to-DSCP-mutation map for QoS 38-75
DSCP transparency 38-49
DTP 1-11, 15-17
dual-action detection 39-7
DUAL finite state machine, EIGRP 41-37
dual IPv4 and IPv6 templates 8-5, 42-10
IPv4 and IPv6 42-10
SDM templates supporting 42-10
defined 14-7
LEDs 14-7
link selection 14-7, 14-34
setting the type 14-34
configuring a summary address 49-59
disabling 49-61
connecting PIM domain to DVMRP router 49-52
enabling unicast routing 49-55
with Cisco devices 49-50
with Cisco IOS software 49-9
mrinfo requests, responding to 49-54
advertising the default route to 49-54
discovery with Probe messages 49-50
displaying information 49-54
prevent peering with nonpruning 49-57
rejecting nonpruning 49-56
overview 49-9
adding a metric offset 49-62
advertising all 49-61
advertising the default route to neighbors 49-54
caching DVMRP routes learned in report messages 49-55
changing the threshold for syslog messages 49-58
deleting 49-64
displaying 49-64
favoring one over another 49-62
limiting the number injected into MBONE 49-58
limiting unicast route advertisements 49-50
routing table 49-9
source distribution tree, building 49-9
support for 1-19
configuring 49-52
displaying neighbor information 49-54
characteristics 15-4
configuring 15-30
defined 14-3
ARP cache poisoning 26-1
ARP requests, described 26-1
ARP spoofing attack 26-1
log buffer 26-17
statistics 26-17
configuration guidelines 26-7
ACLs for non-DHCP environments 26-10
in DHCP environments 26-8
log buffer 26-15
rate limit for incoming ARP packets 26-4, 26-12
default configuration 26-6
denial-of-service attacks, preventing 26-12
described 26-1
DHCP snooping binding database 26-2
ARP ACLs 26-16
configuration and operating state 26-16
log buffer 26-17
statistics 26-17
trust state and rate limit 26-16
error-disabled state for exceeding rate limit 26-4
function of 26-2
interface trust states 26-3
clearing 26-17
configuring 26-15
displaying 26-17
logging of dropped packets, described 26-5
man-in-the middle attack, described 26-2
network security issues and interface trust states 26-3
priority of ARP ACLs and DHCP snooping entries 26-4
configuring 26-12
described 26-4
error-disabled state 26-4
clearing 26-17
displaying 26-17
validation checks, performing 26-14
dynamic auto trunking mode 15-18
dynamic desirable trunking mode 15-18
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
described 15-28
reconfirming 15-31
troubleshooting 15-33
types of connections 15-30
dynamic routing 41-3
ISO CLNS 41-66
EAC 13-2
EBGP 41-45
enabling and disabling 2-6
keystrokes used 2-7
wrapped lines 2-8
EEM 3.2 36-5
authentication 41-43
components 41-37
configuring 41-40
default configuration 41-38
definition 41-36
interface parameters, configuring 41-41
monitoring 41-45
stub routing 41-44
ELIN location 30-3
3.2 36-5
actions 36-4
configuring 36-1, 36-6
displaying information 36-8
environmental variables 36-5
event detectors 36-3
policies 36-4
registering and defining an applet 36-6
registering and defining a TCL script 36-7
understanding 36-1
enable password 9-4
enable secret password 9-4
Enable the FIPS mode 3-25
encryption, CipherSuite 9-52
encryption for passwords 9-4
encryption keying 11-2
encryption keys, MKA 11-2
Endpoint Admission Control (EAC) 13-2
backup static routing 47-12
commands 47-1
defined 47-1
DHCP primary interface 47-10
HSRP 47-7
IP routing state 47-2
IP SLAs 47-9
line-protocol state 47-2
network monitoring with IP SLAs 47-11
routing policy, configuring 47-12
static route primary interface 47-10
tracked lists 47-3
enhanced object tracking static routing 47-10
environmental variables, embedded event manager 36-5
environment variables, function of 3-23
equal-cost routing 1-19, 41-93
error-disabled state, BPDU 22-2
error messages during command entry 2-4
automatic creation of 39-6, 39-8
binding physical and logical interfaces 39-5, 39-6
numbering of 39-6
configuration guidelines 39-13
Layer 2 interfaces 39-14
Layer 3 physical interfaces 39-18
Layer 3 port-channel logical interfaces 39-17
configuring Layer 2 interfaces 39-14
default configuration 39-12
described 39-2
displaying status 39-25
forwarding methods 39-10, 39-20
IEEE 802.3ad, described 39-8
with STP 39-13
with VLANs 39-14
described 39-8
displaying status 39-25
hot-standby ports 39-22
interaction with other features 39-9
modes 39-9
port priority 39-24
system priority 39-23
Layer 3 interface 41-5
load balancing 39-10, 39-20
logical interfaces, described 39-5
aggregate-port learners 39-21
compatibility with Catalyst 1900 39-21
described 39-6
displaying status 39-25
interaction with other features 39-8
interaction with virtual switches 39-7
learn method and priority configuration 39-21
modes 39-7
support for 1-5
with dual-action detection 39-7
described 39-5
numbering of 39-6
port groups 14-6
stack changes, effects of 39-11
support for 1-5
described 22-10
disabling 22-18
enabling 22-18
active link 14-29
and routing 14-29
and TFTP 14-31
configuring 14-31
default setting 14-29
described 14-29
for network management 14-29
specifying 14-31
supported features 14-30
unsupported features 14-30
Ethernet management port, internal
and routing 14-29
unsupported features 14-30
adding 15-9
defaults and ranges 15-9
modifying 15-9
EUI 42-4
event detectors, embedded event manager 36-3
events, RMON 33-4
network configuration 1-26
expedite queue for QoS 38-88
Express Setup 1-2
See also getting started guide
extended crashinfo file 52-25
configuration guidelines 15-12
configuring 15-12
creating 15-13
creating with an internal VLAN ID 15-15
defined 15-1
MSTP 21-19
STP 20-5, 20-18
Extensible Authentication Protocol over LAN 10-2
external neighbors, BGP 41-50
fa0 interface 1-8
failover support 1-9
and protected ports 51-4
creating 51-4
described 51-2
displaying 51-10
function of 51-2
number supported 51-4
removing 51-5
clearing 51-10
displaying 51-10
configuration guidelines 51-4
connecting interfaces with 14-17
default configuration 51-3
described 51-1
flooding packets 51-2
forwarding packets 51-2
overview 51-1
protocol, unsupported 51-4
stack changes, effects of 51-3
disabling on an interface 51-9
forward-delay interval 51-8
hello BPDU interval 51-8
interface priority 51-6
maximum-idle interval 51-9
path cost 51-7
VLAN-bridge spanning-tree priority 51-6
VLAN-bridge STP 51-2
support for 1-19
SVIs and routed ports 51-1
unsupported protocols 51-4
VLAN-bridge STP 20-13
Fast Convergence 24-3
Fast Uplink Transition Protocol 22-7
features, incompatible 28-12
FIB 41-92
fiber-optic, detecting unidirectional links 31-1
description 52-25
location 52-25
copying 54-5
crashinfo, description 52-25
deleting 54-5
displaying the contents of 54-8
description 52-25
location 52-25
creating 54-6
displaying the contents of 54-7
extracting 54-7
image file format 54-26
displaying available file systems 54-2
displaying file information 54-3
local file system names 54-1
network file system names 54-5
setting the default 54-3
in a VLAN 37-33
IPv6 traffic 43-4, 43-7
non-IP traffic 37-31
show and more command output 2-9
filtering show and more command output 2-9
fips authorization-key authorization-key 3-25
flash device, number of 54-1
flexible authentication ordering
configuring 10-76
overview 10-32
Flex Link Multicast Fast Convergence 24-3
configuration guidelines 24-9
configuring 24-10
configuring preferred VLAN 24-13
configuring VLAN load balancing 24-12
default configuration 24-9
description 24-2
link load balancing 24-2
monitoring 24-16
VLANs 24-2
flooded traffic, blocking 28-8
flow-based packet classification 1-17
QoS classification 38-7
QoS egress queueing and scheduling 38-19
QoS ingress queueing and scheduling 38-16
QoS policing and marking 38-11
configuring 14-38
described 14-38
MSTP 21-25
STP 20-25
forwarding nonroutable protocols 51-1
downloading 54-14
overview 54-13
preparing the server 54-14
uploading 54-16
deleting old image 54-33
downloading 54-32
preparing the server 54-31
uploading 54-33
general query 24-5
Generating IGMP Reports 24-4
get-bulk-request operation 35-4
get-next-request operation 35-3, 35-5
get-request operation 35-3, 35-4, 35-5
get-response operation 35-4
global configuration mode 2-2
global leave, IGMP 27-13
guest VLAN and 802.1x 10-24
guide mode 1-2
See device manager and Network Assistant
hardware limitations and Layer 3 interfaces 14-49
MSTP 21-25
STP 20-24
help, for the command line 2-3
HFTM space 52-28
hierarchical policy maps 38-9
configuration guidelines 38-42
configuring 38-62
described 38-12
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 34-10
host modes, MACsec 11-3
host names, in clusters 6-14
configuring 18-12
kinds of 18-2
hosts, limit on dynamic ports 15-33
HP OpenView 1-7
HQATM space 52-28
authentication string 45-12
automatic cluster recovery 6-13
binding to cluster group 45-13
cluster standby group considerations 6-12
command-switch redundancy 1-1, 1-9
configuring 45-6
default configuration 45-6
definition 45-1
guidelines 45-7
monitoring 45-14
object tracking 47-7
overview 45-1
priority 45-9
routing redundancy 1-18
support for ICMP redirect messages 45-13
switch stack considerations 45-5
timers 45-12
tracking 45-9
See also clusters, cluster standby group, and standby command switch
configuring 42-38
guidelines 42-37
HTTPS 9-50
configuring 9-54
self-signed certificate 9-51
HTTP secure server 9-50
IBPG 41-45
IPv6 42-4
redirect messages 41-13
support for 1-19
time-exceeded messages 52-18
traceroute and 52-18
unreachable messages 37-22
unreachable messages and IPv6 43-4
unreachables and ACLs 37-23
configuring 46-12
IP SLAs 46-12
executing 52-15
overview 52-15
ICMP Router Discovery Protocol
ICMPv6 42-4
and ingress RSPAN 32-22
and ingress SPAN 32-15
IEEE 802.1p 17-1
and trunk ports 14-4
configuration limitations 15-19
encapsulation 15-16
native VLAN for untagged traffic 15-23
compatibility with other features 19-5
defaults 19-4
described 19-1
tunnel ports with other features 19-6
IEEE 802.3ad, PoE+ 1-20, 14-9
IEEE 802.3x flow control 14-38
ifIndex values, SNMP 35-6
IFS 1-7
described 27-6
enabling 27-11
as a member of a group 49-40
statically connected member 49-44
controlling access to groups 49-41
default configuration 49-40
deleting cache entries 49-64
displaying groups 49-64
fast switching 49-45
controlling the length of time 27-12
disabling on an interface 27-13
global leave 27-13
query solicitation 27-13
recovering from flood mode 27-13
host-query interval, modifying 49-42
joining multicast group 27-3
join messages 27-3
leave processing, enabling 27-11, 44-9
leaving multicast group 27-5
multicast reachability 49-40
overview 49-3
queries 27-4
described 27-6
disabling 27-16, 44-11
supported versions 27-3
support for 1-5
changing to Version 2 49-42
described 49-3
changing to Version 1 49-42
described 49-3
maximum query response time value 49-44
pruning groups 49-44
query timeout value 49-43
configuring 27-26
default configuration 27-25
described 27-24
monitoring 27-29
support for 1-6
configuring filtering 27-28
setting the maximum number 27-27
IGMP helper 1-5, 49-6
configuration guidelines 27-11
described 27-5
enabling 27-11
applying 27-27
configuration mode 27-26
configuring 27-26
and address aliasing 27-2
and stack changes 27-6
configuring 27-7
default configuration 27-7, 44-6
definition 27-2
enabling and disabling 27-7, 44-7
global configuration 27-7
Immediate Leave 27-5
in the switch stack 27-6
method 27-8
monitoring 27-17, 44-12
configuration guidelines 27-14
configuring 27-14
supported versions 27-3
support for 1-5
VLAN configuration 27-8
configuring 27-28
default configuration 27-25
described 27-25
displaying action 27-29
IGP 41-26
Immediate Leave, IGMP 27-5
enabling 44-9
inaccessible authentication bypass 10-26
support for multiauth ports 10-26
defaults 1-23
Express Setup 1-2
number 14-23
range macros 14-27
interface command 14-23 to ??, 14-23 to ??, 14-23 to 14-24
REP 23-9
interface configuration mode 2-2
auto-MDIX, configuring 14-39
10-Gigabit Ethernet 14-33
duplex and speed 14-35
procedure 14-24
counters, clearing 14-56
default configuration 14-32
described 14-47
descriptive name, adding 14-47
displaying information about 14-55
flow control 14-38
management 1-6
monitoring 14-55
naming 14-47
physical, identifying 14-23
range of 14-25
restarting 14-56, 14-57
shutting down 14-56
speed and duplex, configuring 14-36
status 14-55
supported 14-23
types of 14-1
interfaces range macro command 14-27
interface types 14-23
internal neighbors, BGP 41-50
Internet Control Message Protocol
Internet Group Management Protocol
inter-VLAN routing 1-19, 41-2
inventory management TLV 30-3, 30-7
for QoS classification 38-8
implicit deny 37-11, 37-16
implicit masks 37-11
named 37-16
undefined 37-23
128-bit 42-2
candidate or member 6-5, 6-14
classes of 41-7
cluster access 6-2
command switch 6-3, 6-12, 6-14
default configuration 41-6
discovering 7-26
for IP routing 41-5
IPv6 42-2
MAC address association 41-9
monitoring 41-19
redundant clusters 6-12
standby command switch 6-12, 6-14
IP base image 1-1
IP broadcast address 41-17
ip cef distributed command 41-92
IP directed broadcasts 41-15
ip igmp profile command 27-26
manually 3-15
through DHCP-based autoconfiguration 3-3
default configuration 3-3
all-hosts 49-3
all-multicast-routers 49-3
host group address range 49-3
administratively-scoped boundaries, described 49-48
and IGMP snooping 27-2
adding to an existing sparse-mode cloud 49-27
benefits of 49-27
clearing the cache 49-64
configuration guidelines 49-12
filtering incoming RP announcement messages 49-30
overview 49-6
preventing candidate RP spoofing 49-30
preventing join messages to false RPs 49-29
setting up in a new internetwork 49-27
using with BSR 49-35
configuration guidelines 49-12
configuring candidate BSRs 49-33
configuring candidate RPs 49-34
defining the IP multicast boundary 49-32
defining the PIM domain border 49-31
overview 49-7
using with Auto-RP 49-35
Cisco implementation 49-2
basic multicast routing 49-13
IP multicast boundary 49-48
default configuration 49-11
multicast forwarding 49-13
PIM mode 49-14
Auto-RP 49-6
BSR 49-7
deleting sdr cache entries 49-64
described 49-46
displaying sdr cache 49-65
enabling sdr listener support 49-47
limiting DVMRP routes advertised 49-58
limiting sdr cache entry lifetime 49-47
SAP packets for conference session announcement 49-47
Session Directory (sdr) tool, described 49-46
packet rate loss 49-65
peering devices 49-65
tracing a path 49-65
multicast forwarding, described 49-8
PIMv1 and PIMv2 interoperability 49-12
protocol interaction 49-2
reverse path check (RPF) 49-8
deleting 49-64
displaying 49-64
assigning manually 49-25
configuring Auto-RP 49-27
configuring PIMv2 BSR 49-31
monitoring mapping information 49-35
using Auto-RP and BSR 49-35
stack master functions 49-10
stack member functions 49-10
statistics, displaying system and network 49-64
and QoS 17-1
automatic classification and queueing 38-23
configuring 17-4
ensuring port security with QoS 38-47
trusted boundary for QoS 38-47
IP Port Security for Static Hosts
on a Layer 2 access port 25-20
on a PVLAN host port 25-24
IP precedence 38-2
IP-precedence-to-DSCP map for QoS 38-72
in ACLs 37-13
routing 1-18
IP protocols in ACLs 37-13
IP routes, monitoring 41-107
connecting interfaces with 14-17
disabling 41-20
enabling 41-20
IP service levels, analyzing 46-1
IP services image 1-1
benefits 46-2
configuration guidelines 46-7
configuring object tracking 47-9
Control Protocol 46-4
default configuration 46-6
definition 46-1
ICMP echo operation 46-12
measuring network performance 46-3
monitoring 46-14
multioperations scheduling 46-5
object tracking 47-9
operation 46-3
reachability tracking 47-9
described 46-4
enabling 46-8
response time 46-4
scheduling 46-5
SNMP support 46-2
supported metrics 46-2
threshold monitoring 46-6
track object monitoring agent, configuring 47-11
track state 47-9
UDP jitter operation 46-9
and 802.1x 25-18
and DHCP snooping 25-15
and port security 25-18
and private VLANs 25-18
and routed ports 25-18
and TCAM entries 25-18
and trunk interfaces 25-18
and VRF 25-18
automatic 25-16
manual 25-16
binding table 25-16
configuration guidelines 25-18
default configuration 25-17
described 25-15
disabling 25-19
active IP or MAC bindings 25-26
bindings 25-26
configuration 25-26
enabling 25-19, 25-20
source IP address 25-16
source IP and MAC address 25-16
on provisioned switches 25-18
source IP address filtering 25-16
source IP and MAC address filtering 25-16
adding 25-19, 25-20
deleting 25-19
static hosts 25-20
executing 52-19
overview 52-18
address resolution 41-9
administrative distances 41-94, 41-105
ARP 41-9
assigning IP addresses to Layer 3 interfaces 41-7
authentication keys 41-105
address 41-17
flooding 41-18
packets 41-15
storms 41-15
classless routing 41-8
configuring static routes 41-94
addressing configuration 41-6
gateways 41-13
networks 41-95
routes 41-95
routing 41-3
directed broadcasts 41-15
disabling 41-20
dynamic routing 41-3
enabling 41-20
EtherChannel Layer 3 interface 41-5
IGP 41-26
inter-VLAN 41-2
classes 41-7
configuring 41-5
IPv6 42-3
IRDP 41-14
Layer 3 interfaces 41-5
MAC address and IP address 41-9
passive interfaces 41-103
distance-vector 41-3
dynamic 41-3
link-state 41-3
proxy ARP 41-9
redistribution 41-96
reverse address resolution 41-9
routed ports 41-5
static routing 41-3
steps to configure 41-5
subnet mask 41-7
subnet zero 41-7
supernet 41-8
UDP 41-17
with SVIs 41-5
applying to interfaces 37-21
extended, creating 37-12
named 37-16
standard, creating 37-11
dual protocol stacks 42-10
displaying 43-8
limitations 43-3
matching criteria 43-3
port 43-1
precedence 43-2
router 43-1
supported 43-2
addresses 42-2
address formats 42-2
and switch stacks 42-15, 42-16
applications 42-9
assigning address 42-17
autoconfiguration 42-9
CEFv6 42-31
configuring static routes 42-32
default configuration 42-17
default router preference (DRP) 42-9
defined 42-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 42-12
EIGRP IPv6 Commands 42-13
Router ID 42-12
feature limitations 42-14
features not supported 42-14
forwarding 42-17
ICMP 42-4
monitoring 42-40
neighbor discovery 42-4
OSPF 42-11
path MTU discovery 42-4
SDM templates 8-5, 43-1, 44-1
stack master functions 42-15, 42-16
Stateless Autoconfiguration 42-9
supported features 42-3
switch limitations 42-14
understanding static routes 42-11
IPv6 traffic, filtering 43-4
configuring 41-14
definition 41-14
support for 1-19
addresses 41-67
area routing 41-67
default configuration 41-68
monitoring 41-76
show commands 41-76
system routing 41-67
and IPv6 42-3
and trunk ports 14-4
encapsulation 1-11, 15-16
trunking with IEEE 802.1 tunneling 19-4
clear commands 41-76
dynamic routing protocols 41-66
monitoring 41-76
NETs 41-66
NSAPs 41-66
OSI standard 41-66
area routing 41-67
system routing 41-67
isolated port 18-2
isolated VLANs 18-2, 18-3
join messages, IGMP 27-3
described 9-41
boundary switch 9-43
KDC 9-43
network services 9-43
configuration examples 9-40
configuring 9-44
credentials 9-41
cryptographic software image 9-40
described 9-41
KDC 9-41
operation 9-43
realm 9-42
server 9-42
support for 1-15
switch as trusted third party 9-41
terms 9-41
TGT 9-42
tickets 9-41
l2protocol-tunnel command 19-13
Layer 2 protocol tunneling 19-10
Layer 2 frames, classification with CoS 38-2
Layer 2 interfaces, default configuration 14-32
configuring 19-11
configuring for EtherChannels 19-15
default configuration 19-12
defined 19-8
guidelines 19-12
and ARP 52-17
and CDP 52-17
broadcast traffic 52-16
described 52-16
IP addresses and subnets 52-17
MAC addresses and VLANs 52-17
multicast traffic 52-17
multiple devices on a port 52-17
unicast traffic 52-16
usage guidelines 52-17
Layer 3 features 1-18
assigning IP addresses to 41-7
assigning IPv4 and IPv6 addresses to 42-26
assigning IPv6 addresses to 42-18
changing from Layer 2 mode 41-7, 41-84
types of 41-5
Layer 3 packets, classification methods 38-2
LDAP 4-2
Leaking IGMP Reports 24-4
See hardware installation guide
lightweight directory access protocol
line configuration mode 2-2
Link Aggregation Control Protocol
link failure, detecting unidirectional 21-8
link integrity, verifying with REP 23-3
link local unicast addresses 42-4
links, unidirectional 31-1
link state advertisements (LSAs) 41-32
link-state protocols 41-3
configuring 39-27
described 39-25
configuring 30-5
characteristics 30-6
default configuration 30-5
enabling 30-6
monitoring and maintaining 30-11
overview 30-1
supported TLVs 30-2
switch stack considerations 30-2
transmission timer and holdtime, setting 30-6
procedures 30-5
TLVs 30-7
monitoring and maintaining 30-11
overview 30-1, 30-2
supported TLVs 30-2
load balancing 45-4
local SPAN 32-2
location TLV 30-3, 30-7
logging messages, ACL 37-10
with RADIUS 9-30
with TACACS+ 9-14
login banners 7-12
Long-Reach Ethernet (LRE) technology 1-27, 1-37
described 22-12
enabling 22-19
support for 1-10
LRE profiles, considerations in switch clusters 6-17
MAB aging timer 1-12
default setting 10-39
range 10-42
MAC/PHY configuration status TLV 30-2
aging time 7-16
and VLAN association 7-15
building the address table 7-15
default configuration 7-16
disabling learning on a VLAN 7-25
discovering 7-26
displaying 7-26
displaying in the IP source binding table 25-26
learning 7-15
removing 7-17
in ACLs 37-31
IP address association 41-9
adding 7-23
allowing 7-24, 7-26
characteristics of 7-22
dropping 7-24
removing 7-23
MAC address learning 1-7
MAC address learning, disabling on a VLAN 7-25
MAC address notification, support for 1-21
configuration guidelines 24-9
configuring 24-13
default configuration 24-9
description 24-7
monitoring 24-16
MAC address-to-VLAN mapping 15-28
MAC authentication bypass 10-41
configuring 10-68
overview 10-18
applying to Layer 2 interfaces 37-32
configuring for QoS 38-54
creating 37-31
defined 37-31
for QoS classification 38-5
MACSec 11-9, 13-2
MACsec 11-2
configuring on an interface 11-7
defined 11-1, 11-2
magic packet 10-29
manageability features 1-7
browser session 1-8
CLI session 1-8
device manager 1-8
SNMP 1-8
out-of-band console port connection 1-8
management address TLV 30-2
CLI 2-1
clustering 1-3
CNS 4-1
Network Assistant 1-2
overview 1-6
considerations in switch clusters 6-8
discovery through different management VLANs 6-8
manual preemption, REP, configuring 23-13
CoS-to-DSCP 38-71
DSCP 38-71
DSCP-to-CoS 38-74
DSCP-to-DSCP-mutation 38-75
IP-precedence-to-DSCP 38-72
policed-DSCP 38-73
described 38-13
action with aggregate policers 38-69
described 38-4, 38-9
IPv6 ACLs 43-3
matching, IPv4 ACLs 37-8
MSTP 21-26
STP 20-25
maximum hop count, MSTP 21-26
maximum number of allowed devices, port-based authentication 10-42
maximum-paths command 41-54, 41-93
configuration guidelines 10-14
described 1-13, 10-13
exceptions with authentication process 10-6
membership mode, VLAN port 15-4
automatic discovery 6-6
defined 6-2
managing 6-17
passwords 6-14
recovering from lost connectivity 52-12
requirements 6-5
See also candidate switch, cluster standby group, and standby command switch
memory consistency check errors
example 52-28
memory consistency check routines 1-6, 52-28
memory consistency integrity 1-6, 52-28
messages, to users through banners 7-12
metrics, in BGP 41-54
metric translations, between routing protocols 41-99
metro tags 19-2
MHSRP 45-4
overview 35-1
SNMP interaction with 35-5
mirroring traffic for analysis 32-1
mismatches, autonegotiation 52-13
configuring policies 11-6
defined 11-2
policies 11-3
replay protection 11-3
statistics 11-4
virtual ports 11-3
module number 14-23
access groups 37-47
BGP 41-65
cables for unidirectional links 31-1
CDP 29-5
CEF 41-92
EIGRP 41-45
fallback bridging 51-10
features 1-21
Flex Links 24-16
HSRP 45-14
IEEE 802.1Q tunneling 19-18
filters 27-29
snooping 27-17, 44-12
interfaces 14-55
address tables 41-19
multicast routing 49-63
routes 41-107
IP SLAs operations 46-14
IPv4 ACL configuration 37-47
IPv6 42-40
IPv6 ACL configuration 43-8
IS-IS 41-76
ISO CLNS 41-76
Layer 2 protocol tunneling 19-18
MAC address-table move update 24-16
MSDP peers 50-18
multicast router interfaces 27-17, 44-12
multi-VRF CE 41-91
MVR 27-24
network traffic for analysis with probe 32-2
object tracking 47-13
OSPF 41-36
blocking 28-21
protection 28-21
private VLANs 18-15
REP 23-14
RP mapping information 49-35
SFP status 14-56, 52-14
source-active messages 50-18
speed and duplex mode 14-37
SSM mapping 49-23
traffic flowing among switches 33-1
traffic suppression 28-21
tunneling 19-18
filters 37-47
maps 37-47
VLANs 15-16
VMPS 15-32
VTP 16-19
mrouter Port 24-3
mrouter port 24-5
benefits of 50-3
clearing MSDP connections and statistics 50-18
controlling source information
forwarded by switch 50-11
originated by switch 50-9
received by switch 50-13
default configuration 50-4
sending SA messages to 50-16
specifying the originating address 50-17
incoming SA messages 50-14
SA messages to a peer 50-12
SA requests from a peer 50-10
join latency, defined 50-6
configuring 50-15
defined 50-15
originating address, changing 50-17
overview 50-1
peer-RPF flooding 50-2
configuring a default 50-4
monitoring 50-18
peering relationship, overview 50-1
requesting source information from 50-8
shutting down 50-16
caching 50-6
clearing cache entries 50-18
defined 50-2
filtering from a peer 50-10
filtering incoming 50-14
filtering to a peer 50-12
limiting data with TTL 50-13
monitoring 50-18
restricting advertised sources 50-9
support for 1-19
configuration guidelines 21-16
described 21-7
described 22-3
enabling 22-15
described 22-2
enabling 22-14
CIST, described 21-3
CIST root 21-6
configuration guidelines 21-16, 22-13
forward-delay time 21-25
hello time 21-25
link type for rapid convergence 21-27
maximum aging time 21-26
maximum hop count 21-26
MST region 21-17
neighbor type 21-27
path cost 21-23
port priority 21-21
root switch 21-19
secondary root switch 21-20
switch priority 21-24
defined 21-3
operations between regions 21-5
default configuration 21-15
default optional feature configuration 22-12
displaying status 21-28
enabling the mode 21-17
described 22-10
enabling 22-18
effects on root switch 21-19
effects on secondary root switch 21-20
unexpected behavior 21-19
implementation 21-7
port role naming change 21-7
terminology 21-6
instances supported 20-11
interface state, blocking to forwarding 22-2
interoperability and compatibility among modes 20-12
interoperability with IEEE 802.1D
described 21-9
restarting migration process 21-28
defined 21-3
master 21-3
operations within a region 21-3
described 22-12
enabling 22-19
mapping VLANs to MST instance 21-17
CIST 21-3
configuring 21-17
described 21-2
hop-count mechanism 21-6
IST 21-3
supported spanning-tree instances 21-2
optional features supported 1-10
overview 21-2
described 22-2
enabling 22-13
preventing root switch selection 22-11
described 22-11
enabling 22-18
configuring 21-19
effects of extended system ID 21-19
unexpected behavior 21-19
shutdown Port Fast-enabled port 22-2
stack changes, effects of 21-9
status, displaying 21-28
support for inaccessible authentication bypass 10-26
See multiple-authentication mode
Immediate Leave 27-5
joining 27-3
leaving 27-5
static joins 27-10, 44-8
ACLs on 37-45
blocking 28-8
multicast router interfaces, monitoring 27-17, 44-12
multicast router ports, adding 27-9, 44-8
Multicast Source Discovery Protocol
multicast storm 28-1
multicast storm-control command 28-4
multicast television application 27-19
multicast VLAN 27-18
multioperations scheduling, IP SLAs 46-5
multiple authentication 10-15
configuring 10-48
multiple VPN routing/forwarding in customer edge devices
configuration example 41-87
configuration guidelines 41-79
configuring 41-79
default configuration 41-79
defined 41-77
displaying 41-91
monitoring 41-91
network components 41-79
packet-forwarding process 41-79
support for 1-19
and address aliasing 27-21
and IGMPv3 27-21
configuration guidelines 27-21
configuring interfaces 27-22
default configuration 27-20
described 27-18
example application 27-19
in the switch stack 27-20
modes 27-22
monitoring 27-24
multicast television application 27-19
setting global parameters 27-21
support for 1-6
AAA down policy 1-15
critical authentication 10-26, 10-65
IEEE 802.1x authentication using a RADIUS server 10-70
IEEE 802.1x validation using RADIUS server 10-70
inaccessible authentication bypass 1-15, 10-65
Layer 2 IEEE 802.1x validation 1-14, 1-15, 10-32, 10-70
Layer 2 IP validation 1-15
named IPv4 ACLs 37-16
and IEEE 802.1Q tunneling 19-4
configuring 15-23
default 15-23
NDAC 11-9, 13-2
configuring 10-71
overview 10-33
neighbor discovery, IPv6 42-4
neighbor discovery/recovery, EIGRP 41-37
neighbor offset numbers, REP 23-4
neighbors, BGP 41-60
benefits 1-2
described 1-6
downloading image files 1-3
guide mode 1-2
management options 1-2
managing switch stacks 5-2, 5-18
upgrading a switch 54-25
wizards 1-3
network configuration examples
cost-effective wiring closet 1-28
high-performance wiring closet 1-29
increasing network performance 1-26
large network 1-35
long-distance, high-bandwidth transport 1-39
multidwelling network 1-37
providing network services 1-26
redundant Gigabit backbone 1-30
server aggregation and Linux server cluster 1-31
small to medium-sized network 1-33
performance 1-26
services 1-26
Network Device Admission Control (NDAC) 11-9, 13-2
CDP 29-1
RMON 33-1
SNMP 35-1
network performance, measuring with IP SLAs 46-3
network policy TLV 30-2, 30-7
no commands 2-4
configuration guidelines 38-42
described 38-10
non-IP traffic filtering 37-31
nontrunking mode 15-18
normal-range VLANs 15-5
configuration guidelines 15-7
configuring 15-5
defined 15-1
no switchport command 14-5
NSAPs, as ISO IGRP addresses 41-67
IS-IS 41-69
NSM 4-3
NSSA, OSPF 41-32
defined 7-3
overview 7-3
stratum 7-3
support for 1-7
services 7-3
synchronizing 7-3
configuring 52-27
described 52-26
displaying 52-27
HSRP 47-7
IP SLAs 47-9
IP SLAs, configuring 47-9
monitoring 47-13
offline configuration for switch stacks 5-8
off mode, VTP 16-4
overview 53-1
running tests 53-3
understanding 53-1
configuring 10-76
overview 10-32
optimizing system resources 8-1
options, management 1-6
area parameters, configuring 41-32
configuring 41-30
metrics 41-33
route 41-33
settings 41-27
described 41-26
for IPv6 42-11
interface parameters, configuring 41-31
LSA group pacing 41-35
monitoring 41-36
router IDs 41-35
route summarization 41-33
support for 1-18
virtual links 41-33
out-of-profile markdown 1-17
packet modification, with QoS 38-22
Layer 2 protocol tunneling 19-10
parallel paths, in routing tables 41-93
configuring 41-103
OSPF 41-34
default configuration 9-3
disabling recovery of 9-5
encrypting 9-4
for security 1-12
in clusters 6-15
overview 9-1
recovery of 52-4
enable 9-3
enable secret 9-4
Telnet 9-6
with usernames 9-7
VTP domain 16-11
MSTP 21-23
STP 20-22
path MTU discovery 42-4
defined 41-99
enabling 41-101
fast-switched policy-based routing 41-102
local policy-based routing 41-102
PC (passive command switch) 6-11
peers, BGP 41-60
percentage thresholds in tracked lists 47-6
performance, network design 1-26
performance features 1-4
persistent self-signed certificate 9-51
per-user ACLs and Filter-Ids 10-9
PE to CE routing, configuring 41-86
physical ports 14-2
default configuration 49-11
overview 49-4
rendezvous point (RP), described 49-5
RPF lookups 49-8
displaying neighbors 49-65
enabling a mode 49-14
overview 49-4
router-query message interval, modifying 49-39
shared tree and source tree, overview 49-36
shortest path tree, delaying the use of 49-37
join messages and shared tree 49-5
overview 49-5
prune messages 49-5
RPF lookups 49-9
configuration guidelines 49-23
displaying 49-64
enabling 49-24
overview 49-5
support for 1-19
interoperability 49-12
troubleshooting interoperability problems 49-36
v2 improvements 49-4
PIM-DVMRP, as snooping method 27-8
character output description 52-16
executing 52-15
overview 52-15
auto mode 14-10
CDP with power consumption, described 14-8
CDP with power negotiation, described 14-8
Cisco intelligent power management 14-8
configuring 14-40
determining 14-12
support for 14-11
devices supported 14-8
high-power devices operating in low-power mode 14-8
IEEE power classification levels 14-9
monitoring 14-11
monitoring power 14-43
policing power consumption 14-43
policing power usage 14-11
power budgeting 14-41
power consumption 14-12, 14-41
powered-device detection and initial power allocation 14-9
power management modes 14-10
power monitoring 14-11
power negotiation extensions to CDP 14-8
power sensing 14-11
standards supported 14-8
static mode 14-10
total available power 14-13
troubleshooting 52-13
policed-DSCP map for QoS 38-73
for each matched traffic class 38-57
for more than one traffic class 38-69
described 38-4
displaying 38-89
number of 38-43
types of 38-10
described 38-4
token-bucket algorithm 38-10
characteristics of 38-57
described 38-8
displaying 38-90
hierarchical 38-9
configuration guidelines 38-42
configuring 38-62
described 38-12
nonhierarchical on physical ports
configuration guidelines 38-42
described 38-10
POP 1-37
defined 37-2
types of 37-4
accounting 10-17
defined 10-3, 12-2
RADIUS server 10-3
client, defined 10-3, 12-2
configuration guidelines 10-40, 12-9
802.1x authentication 10-46
guest VLAN 10-62
host mode 10-48
inaccessible authentication bypass 10-65
manual re-authentication of a client 10-51
periodic re-authentication 10-50
quiet period 10-51
RADIUS server 10-48, 12-13
RADIUS server parameters on the switch 10-47, 12-11
restricted VLAN 10-63
switch-to-client frame-retransmission number 10-52, 10-53
switch-to-client retransmission time 10-51
violation modes 10-45
default configuration 10-39, 12-9
described 10-1
device roles 10-3, 12-2
displaying statistics 10-78, 12-17
downloadable ACLs and redirect URLs
configuring 10-73 to 10-75, ?? to 10-75
overview 10-21 to 10-23
EAPOL-start frame 10-6
EAP-request/identity frame 10-6
EAP-response/identity frame 10-6
802.1X authentication 12-11
encapsulation 10-4
flexible authentication ordering
configuring 10-76
overview 10-32
configuration guidelines 10-25, 10-26
described 10-24
host mode 10-13
inaccessible authentication bypass
configuring 10-65
described 10-26
guidelines 10-41
initiation and message exchange 10-6
magic packet 10-29
maximum number of allowed devices per port 10-42
method lists 10-46
multiple authentication 10-15
AAA authorization 10-46
configuration tasks 10-21
described 10-20
RADIUS server attributes 10-20
authorization state and dot1x port-control command 10-11
authorized and unauthorized 10-11
voice VLAN 10-28
described 10-29
configuring 10-42
described 10-18, 10-42
resetting to default values 10-78
stack changes, effects of 10-12
statistics, displaying 10-78
as proxy 10-3, 12-2
RADIUS client 10-4
configuring 10-71
overview 10-33
upgrading from a previous release 38-36
guidelines 10-31
overview 10-31
AAA authorization 10-46
characteristics 10-19
configuration tasks 10-19
described 10-18
configuring 10-43
described 10-33, 10-43
described 10-28
PVID 10-28
VVID 10-28
wake-on-LAN, described 10-29
with ACLs and RADIUS Filter-Id attribute 10-35
port-based authentication methods, supported 10-8
port blocking 1-5, 28-7
port description TLV 30-2
described 22-2
enabling 22-13
mode, spanning tree 15-29
support for 1-10
port membership modes, VLAN 15-4
MSTP 21-21
STP 20-20
10-Gigabit Ethernet module 14-7
access 14-3
blocking 28-7
dual-purpose uplink 14-7
dynamic access 15-4
IEEE 802.1Q tunnel 15-5
protected 28-6
REP 23-6
routed 14-4
secure 28-9
static-access 15-4, 15-11
switch 14-2
trunks 15-4, 15-16
VLAN assignments 15-11
aging 28-17
and private VLANs 28-18
and QoS trusted boundary 38-47
and stacking 28-18
configuring 28-13
default configuration 28-11
described 28-8
displaying 28-21
enabling 28-18
on trunk ports 28-14
sticky learning 28-9
violations 28-10
with other features 28-11
port-shutdown response, VMPS 15-28
port VLAN ID TLV 30-2
power inline consumption command 14-15
power management TLV 30-3, 30-7
preempt delay time, REP 23-5
preemption, default configuration 24-9
preemption delay, default configuration 24-9
preferential treatment of traffic
prefix lists, BGP 41-58
preventing unauthorized access 9-1
primary edge port, REP 23-4
primary interface for object tracking, DHCP, configuring 47-10
primary interface for static routing, configuring 47-10
primary links 24-2
primary VLANs 18-1, 18-3
HSRP 45-9
overriding CoS 17-6
trusting CoS 17-6
across multiple switches 18-4
and SDM template 18-4
and SVIs 18-5
and switch stacks 18-6
benefits of 18-1
community ports 18-2
community VLANs 18-2, 18-3
configuration guidelines 18-7, 18-8, 18-9
configuration tasks 18-7
configuring 18-10
default configuration 18-7
end station access to 18-3
IP addressing 18-3
isolated port 18-2
isolated VLANs 18-2, 18-3
mapping 18-14
monitoring 18-15
community 18-2
configuration guidelines 18-9
configuring host ports 18-12
configuring promiscuous ports 18-13
described 15-5
isolated 18-2
promiscuous 18-2
primary VLANs 18-1, 18-3
promiscuous ports 18-2
secondary VLANs 18-2
subdomains 18-1
traffic in 18-5
privileged EXEC mode 2-2
changing the default for lines 9-9
command switch 6-18
exiting 9-10
logging into 9-10
mapping on member switches 6-18
overview 9-2, 9-8
setting a command with 9-8
configuring 18-13
defined 18-2
protected ports 1-12, 28-6
protocol-dependent modules, EIGRP 41-37
Protocol-Independent Multicast Protocol
protocol storm protection 28-19
provider edge devices 41-77
provisioned switches and IP source guard 25-18
provisioning new members for a switch stack 5-8
configuring 41-12
definition 41-9
with IP routing disabled 41-13
proxy reports 24-4
in VTP domain 16-17
on a port 15-23
in VTP domain 16-17
on a port 15-22
examples 16-7
overview 16-7
changing 15-22
for VTP pruning 16-7
VLANs 16-18
described 20-11
IEEE 802.1Q trunking interoperability 20-12
instances supported 20-11
and MQC commands 38-1
categorizing traffic 38-24
configuration and defaults display 38-38
configuration guidelines 38-35
described 38-23
disabling 38-38
displaying generated commands 38-38
displaying the initial configuration 38-38
effects on running configuration 38-35
list of generated commands 38-26, 38-30
basic model 38-4
class maps, described 38-8
defined 38-4
DSCP transparency, described 38-49
flowchart 38-7
forwarding treatment 38-3
in frames and packets 38-3
IP ACLs, described 38-8
MAC ACLs, described 38-5, 38-8
options for IP traffic 38-6
options for non-IP traffic 38-5
policy maps, described 38-8
trust DSCP, described 38-5
trusted CoS, described 38-5
trust IP precedence, described 38-5
configuring 38-55
displaying 38-89
auto-QoS 38-35
standard QoS 38-42
aggregate policers 38-69
auto-QoS 38-23
default port CoS value 38-47
DSCP maps 38-71
DSCP transparency 38-49
DSCP trust states bordering another domain 38-49
egress queue characteristics 38-81
ingress queue characteristics 38-77
IP extended ACLs 38-53
IP standard ACLs 38-51
MAC ACLs 38-54
policy maps, hierarchical 38-62
port trust states within the domain 38-45
trusted boundary 38-47
default auto configuration 38-24
default standard configuration 38-39
displaying statistics 38-89
DSCP transparency 38-49
allocating buffer space 38-82
buffer allocation scheme, described 38-20
configuring shaped weights for SRR 38-86
configuring shared weights for SRR 38-87
described 38-4
displaying the threshold map 38-85
flowchart 38-19
mapping DSCP or CoS values 38-84
scheduling, described 38-4
setting WTD thresholds 38-82
WTD, described 38-21
enabling globally 38-44
classification 38-7
egress queueing and scheduling 38-19
ingress queueing and scheduling 38-16
policing and marking 38-11
implicit deny 38-8
allocating bandwidth 38-79
allocating buffer space 38-79
buffer and bandwidth allocation, described 38-18
configuring shared weights for SRR 38-79
configuring the priority queue 38-80
described 38-4
displaying the threshold map 38-78
flowchart 38-16
mapping DSCP or CoS values 38-77
priority queue, described 38-18
scheduling, described 38-4
setting WTD thresholds 38-77
WTD, described 38-18
automatic classification and queueing 38-23
detection and trusted settings 38-23, 38-47
limiting bandwidth on egress interface 38-88
CoS-to-DSCP 38-71
displaying 38-90
DSCP-to-CoS 38-74
DSCP-to-DSCP-mutation 38-75
IP-precedence-to-DSCP 38-72
policed-DSCP 38-73
types of 38-13
marked-down actions 38-60, 38-65
marking, described 38-4, 38-9
overview 38-2
packet modification 38-22
configuring 38-60, 38-65, 38-69
described 38-9
displaying 38-89
number of 38-43
types of 38-10
policies, attaching to an interface 38-10
described 38-4, 38-9
token bucket algorithm 38-10
characteristics of 38-57
displaying 38-90
hierarchical 38-9
hierarchical on SVIs 38-62
nonhierarchical on physical ports 38-57
QoS label, defined 38-4
configuring egress characteristics 38-81
configuring ingress characteristics 38-77
high priority (expedite) 38-22, 38-88
location of 38-14
SRR, described 38-15
WTD, described 38-14
rewrites 38-22
support for 1-16
bordering another domain 38-49
described 38-5
trusted device 38-47
within the domain 38-45
queries, IGMP 27-4
query solicitation, IGMP 27-13
vendor-proprietary 9-38
vendor-specific 9-36
accounting 9-35
authentication 9-30
authorization 9-34
communication, global 9-28, 9-36
communication, per-server 9-27, 9-28
multiple UDP ports 9-28
default configuration 9-27
defining AAA server groups 9-32
displaying the configuration 9-40
identifying the server 9-27
in clusters 6-17
limiting the services to the user 9-34
method list, defined 9-27
operation of 9-20
overview 9-18
server load balancing 9-40
suggested network environments 9-19
support for 1-15
tracking services accessed by user 9-35
RADIUS Change of Authorization 9-20
macro 14-27
of interfaces 14-25
rapid convergence 21-11
rapid per-VLAN spanning-tree plus
described 20-11
IEEE 802.1Q trunking interoperability 20-12
instances supported 20-11
RARP 41-9
rcommand command 6-17
downloading 54-18
overview 54-17
preparing the server 54-17
uploading 54-19
deleting old image 54-38
downloading 54-36
preparing the server 54-35
uploading 54-38
reachability, tracking IP SLAs IP host 47-9
configuring 10-42
described 10-18, 10-42
reconfirmation interval, VMPS, changing 15-31
reconfirming dynamic VLAN membership 15-31
recovery procedures 52-1
redirect URL 10-21, 10-22, 10-73
EtherChannel 39-3
HSRP 45-1
backbone 20-9
multidrop backbone 22-5
path cost 15-26
port priority 15-24
redundant links and UplinkFast 22-16
See Cisco Redundant Power System 2300
reliable transport protocol, EIGRP 41-37
reloading software 3-24
Remote Authentication Dial-In User Service
remote SPAN 32-3
administrative VLAN 23-8
administrative VLAN, configuring 23-8
age timer 23-8
and STP 23-6
configuration guidelines 23-7
configuring interfaces 23-9
convergence 23-4
default configuration 23-7
manual preemption, configuring 23-13
monitoring 23-14
neighbor offset numbers 23-4
open segment 23-2
ports 23-6
preempt delay time 23-5
primary edge port 23-4
ring segment 23-2
secondary edge port 23-4
segments 23-1
characteristics 23-2
SNMP traps, configuring 23-13
supported interfaces 23-1
triggering VLAN load balancing 23-5
verifying link integrity 23-3
VLAN blocking 23-12
VLAN load balancing 23-4
described 27-6
disabling 27-16, 44-11
resequencing ACL entries 37-16
reserved addresses in DHCP pools 25-28
resets, in BGP 41-53
resetting a UDLD-shutdown interface 31-6
described 46-4
enabling 46-8
response time, measuring with IP SLAs 46-4
configuring 10-63
described 10-25
using with IEEE 802.1x 10-25
overview 9-1
passwords and privilege levels 9-2
RADIUS 9-18
TACACS+ 9-10
retry count, VMPS, changing 15-32
reverse address resolution 41-9
Reverse Address Resolution Protocol
1058, RIP 41-20
1112, IP multicast and IGMP 27-2
1157, SNMPv1 35-2
1163, BGP 41-45
1166, IP addresses 41-7
1253, OSPF 41-26
1267, BGP 41-45
1305, NTP 7-3
1587, NSSAs 41-26
1757, RMON 33-2
1771, BGP 41-45
1901, SNMPv2C 35-2
1902 to 1907, SNMPv2 35-2
2236, IP multicast and IGMP 27-2
2273-2275, SNMPv3 35-2
RFC 5176 Compliance 9-21
advertisements 41-21
authentication 41-23
configuring 41-22
default configuration 41-21
described 41-21
for IPv6 42-11
hop counts 41-21
split horizon 41-24
summary addresses 41-24
support for 1-18
default configuration 33-3
displaying status 33-6
enabling alarms and events 33-3
groups supported 33-2
overview 33-1
collecting group Ethernet 33-6
collecting group history 33-5
support for 1-21
described 22-11
enabling 22-18
support for 1-10
MSTP 21-19
STP 20-18
route calculation timers, OSPF 41-34
route dampening, BGP 41-64
routed packets, ACLs on 37-45
configuring 41-5
defined 14-4
in switch clusters 6-9
IP addresses on 14-49, 41-5
route-map command 41-102
BGP 41-56
policy-based routing 41-100
defined 37-2
types of 37-5
route reflectors, BGP 41-63
router ID, OSPF 41-35
route selection, BGP 41-54
route summarization, OSPF 41-33
route targets, VPN 41-79
default 41-3
dynamic 41-3
redistribution of information 41-96
static 41-3
routing domain confederation, BGP 41-63
routing protocol administrative distances 41-94
See Cisco Redundant Power System 2300
See Cisco Redundant Power System 2300
and stack changes 32-10
characteristics 32-9
configuration guidelines 32-18
default configuration 32-11
defined 32-3
destination ports 32-8
displaying status 32-24
in a switch stack 32-2
interaction with other features 32-9
monitored ports 32-7
monitoring ports 32-8
overview 1-21, 32-1
received traffic 32-6
session limits 32-11
creating 32-18
defined 32-4
limiting source traffic to specific VLANs 32-23
specifying monitored ports 32-18
with ingress traffic enabled 32-22
source ports 32-7
transmitted traffic 32-6
VLAN-based 32-7
active topology 21-10
format 21-13
processing 21-14
designated port, defined 21-10
designated switch, defined 21-10
interoperability with IEEE 802.1D
described 21-9
restarting migration process 21-28
topology changes 21-14
overview 21-10
described 21-10
synchronized 21-12
proposal-agreement handshake process 21-11
cross-stack rapid convergence 21-12
described 21-11
edge ports and Port Fast 21-11
point-to-point links 21-11, 21-27
root ports 21-11
root port, defined 21-10
replacing 54-21
rolling back 54-21, 54-22
running configuration, saving 3-16
SC (standby command switch) 6-11
scheduled reloads 3-24
scheduling, IP SLAs operations 46-5
and SSH 9-56
configuring 9-57
switch stack consideration 5-12
configuring 8-9
number of 8-1
SDM mismatch mode 5-12, 8-7
SDM template 43-4
aggregator 8-3
configuration guidelines 8-8
configuring 8-8
desktop 8-3
dual IPv4 and IPv6 8-5
types of 8-1
secondary edge port, REP 23-4
secondary VLANs 18-2
configuring 9-55
displaying 9-56
configuring 9-54
displaying 9-56
and switch stacks 28-18
deleting 28-16
maximum number of 28-10
types of 28-9
and switch stacks 28-18
configuring 28-9
secure ports, configuring 28-9
secure remote connections 9-46
security, port 28-8
Security Exchange Protocol (SXP) 11-9, 13-2
security features 1-11
Security Group Access Control List (SGACL) 13-2
Security Group Tag (SGT) 13-2
sequence numbers in log messages 34-8
server mode, VTP 16-3
service-provider network, MSTP and RSTP 21-1
and customer VLANs 19-2
and IEEE 802.1Q tunneling 19-1
Layer 2 protocols across 19-8
Layer 2 protocol tunneling for EtherChannels 19-10
session keys, MKA 11-2
set-request operation 35-5
failed command switch replacement 52-11
replacing failed command switch 52-9
severity levels, defining in system messages 34-9
monitoring status of 14-56, 52-14
numbering of 14-24
security and identification 52-14
status, displaying 52-14
SGACL 13-2
SGT 13-2
show access-lists hw-summary command 37-24
show and more command output, filtering 2-9
show cdp traffic command 29-5
show cluster members command 6-17
show configuration command 14-47
show forward command 52-22
show interfaces command 14-37, 14-47
show interfaces switchport 24-4
show l2protocol command 19-14, 19-16
show lldp traffic command 30-11
show platform forward command 52-22
show platform tcam command 52-28
displaying ACLs 37-21, 37-22, 37-35, 37-38
interface description in 14-47
shutdown command on interfaces 14-56
shutdown threshold for Layer 2 protocol packets 19-12
Simple Network Management Protocol
small form-factor pluggable modules
small-frame arrival rate, configuring 28-5
smart logging 34-1, 34-14
SNAP 29-1
accessing MIB variables with 35-5
described 35-4
disabling 35-8
and IP SLAs 46-2
authentication level 35-11
configuring 35-8
for cluster switches 35-4
overview 35-4
configuration examples 35-18
default configuration 35-7
engine ID 35-7
groups 35-7, 35-10
host 35-7
ifIndex values 35-6
in-band management 1-8
in clusters 6-15
and trap keyword 35-13
described 35-5
differences from traps 35-5
disabling 35-16
enabling 35-16
limiting access by TFTP servers 35-18
limiting system log messages to NMS 34-10
manager functions 1-7, 35-3
managing clusters with 6-18
notifications 35-5
overview 35-1, 35-5
security levels 35-3
setting CPU threshold notification 35-17
status, displaying 35-20
system contact and location 35-17
trap manager, configuring 35-14
described 35-4, 35-5
differences from informs 35-5
disabling 35-16
enabling 35-13
enabling MAC address notification 7-17, 7-20, 7-21
overview 35-1, 35-5
types of 35-13
users 35-7, 35-10
versions supported 35-2
SNMP and Syslog Over IPv6 42-13
REP 23-13
SNMPv1 35-2
SNMPv2C 35-3
SNMPv3 35-3
snooping, IGMP 27-2
location in flash 54-26
recovery procedures 52-2
scheduling reloads 3-24
tar file format, described 54-26
See also downloading and uploading
in IPv4 ACLs 37-13
in IPv6 ACLs 43-5
source-and-destination-IP address based forwarding, EtherChannel 39-10
source-and-destination MAC address forwarding, EtherChannel 39-10
source-IP address based forwarding, EtherChannel 39-10
source-MAC address forwarding, EtherChannel 39-10
and stack changes 32-10
configuration guidelines 32-11
default configuration 32-11
destination ports 32-8
displaying status 32-24
interaction with other features 32-9
monitored ports 32-7
monitoring ports 32-8
overview 1-21, 32-1
ports, restrictions 28-12
received traffic 32-6
session limits 32-11
configuring ingress forwarding 32-16, 32-23
creating 32-12
defined 32-4
limiting source traffic to specific VLANs 32-16
removing destination (monitoring) ports 32-14
specifying monitored ports 32-12
with ingress traffic enabled 32-15
source ports 32-7
transmitted traffic 32-6
VLAN-based 32-7
spanning tree and native VLANs 15-19
SPAN traffic 32-6
split horizon, RIP 41-24
shaped weights on egress queues 38-86
shared weights on egress queues 38-87
shared weights on ingress queues 38-79
described 38-15
shaped mode 38-15
shared mode 38-16
support for 1-17, 1-18
configuring 9-47
cryptographic software image 9-45
described 1-8, 9-46
encryption methods 9-46
switch stack considerations 5-18
user authentication methods, supported 9-46
configuration guidelines 9-53
configuring a secure HTTP client 9-55
configuring a secure HTTP server 9-54
cryptographic software image 9-50
described 9-50
monitoring 9-56
address management restrictions 49-17
CGMP limitations 49-17
components 49-15
configuration guidelines 49-16
configuring 49-15, 49-17
differs from Internet standard multicast 49-15
IGMP snooping 49-17
IGMPv3 49-15
IGMPv3 Host Signalling 49-16
IP address range 49-16
monitoring 49-17
operations 49-16
PIM 49-15
state maintenance limitations 49-17
SSM mapping 49-18
configuration guidelines 49-18
configuring 49-18, 49-20
DNS-based 49-19, 49-21
monitoring 49-23
overview 49-19
restrictions 49-19
static 49-19, 49-21
static traffic forwarding 49-22
MAC address of 5-7, 5-22
IPv6 routing 42-15
802.1x port-based authentication 10-12
ACL configuration 37-7
CDP 29-2
cross-stack EtherChannel 39-14
EtherChannel 39-11
fallback bridging 51-3
HSRP 45-5
IGMP snooping 27-6
IP routing 41-4
IPv6 ACLs 43-3
MAC address tables 7-16
MSTP 21-9
multicast routing 49-10
MVR 27-18
port security 28-18
SDM template selection 8-7
SNMP 35-2
SPAN and RSPAN 32-10
STP 20-13
switch clusters 6-15
system message log 34-2
VLANs 15-7
VTP 16-8
bridge ID (MAC address) 5-7
defined 5-1
election 5-6
IPv6 42-15, 42-16
accessing CLI of specific member 5-27
member number 5-24
priority value 5-25
defined 5-1
displaying information of 5-27
IPv6 42-15
number 5-7
priority value 5-8
provisioning a new member 5-25
replacing 5-17
stack member number 14-23
stack protocol version 5-12
accessing CLI of specific member 5-27
member number 5-24
priority value 5-25
provisioning a new member 5-25
auto-advise 5-14
auto-copy 5-13
auto-extract 5-13
auto-upgrade 5-13
bridge ID 5-7
CDP considerations 29-2
compatibility, software 5-12
configuration file 5-16
configuration scenarios 5-19
copying an image file from one member to another 54-39
default configuration 5-22
description of 5-1
displaying information of 5-27
enabling persistent MAC address timer 5-22
hardware compatibility and SDM mismatch mode 5-12
HSRP considerations 45-5
in clusters 6-15
incompatible software and image upgrades 5-16, 54-39
IPv6 on 42-15, 42-16
MAC address considerations 7-16
management connectivity 5-18
managing 5-1
membership 5-3
merged 5-4
MSTP instances supported 20-11
multicast routing, stack master and member roles 49-10
described 5-8
effects of adding a provisioned switch 5-10
effects of removing a provisioned switch 5-11
effects of replacing a provisioned switch 5-11
provisioned configuration, defined 5-8
provisioned switch, defined 5-8
provisioning a new member 5-25
partitioned 5-4, 52-9
adding 5-10
removing 5-11
replacing 5-11
replacing a failed member 5-17
software compatibility 5-12
software image version 5-12
stack protocol version 5-12
bridge ID 20-3
instances supported 20-11
root port selection 20-3
stack root switch election 20-3
hostnames in the display 34-1
remotely monitoring 34-2
system prompt consideration 7-9
system-wide configuration considerations 5-17
upgrading 54-39
automatic upgrades with auto-upgrade 5-13
examples 5-14
manual upgrades with auto-advise 5-14
upgrades with auto-extract 5-13
described 5-13
See also stack master and stack member
considerations 6-12
defined 6-2
priority 6-11
requirements 6-3
virtual IP address 6-12
See also cluster standby group and HSRP
See cluster standby group and HSRP
standby ip command 45-8
standby links 24-2
standby router 45-2
standby timers, HSRP 45-12
manually 3-20
specific image 3-21
clearing 54-20
automatically downloading 3-19
specifying the filename 3-19
assigning to VLAN 15-11
defined 14-3, 15-4
static IP routing 1-19
static MAC addressing 1-12
static route primary interface,configuring 47-10
configuring 41-94
configuring for IPv6 42-32
understanding 42-11
static routing 41-3
static routing support, enhanced object tracking 47-10
static SSM mapping 49-19, 49-21
static traffic forwarding 49-22
static VLAN membership 15-2
802.1X 12-17
802.1x 10-78
CDP 29-5
interface 14-55
IP multicast routing 49-64
LLDP 30-11
LLDP-MED 30-11
MKA 11-4
NMSP 30-11
OSPF 41-36
QoS ingress and egress 38-89
RMON group Ethernet 33-6
RMON group history 33-5
SNMP input and output 35-20
VTP 16-19
sticky learning 28-9
configuring 28-3
described 28-1
disabling 28-5
displaying 28-21
support for 1-5
thresholds 28-2
accelerating root port selection 22-4
and REP 23-6
described 22-8
disabling 22-18
enabling 22-17
described 22-3
disabling 22-16
enabling 22-15
described 22-2
disabling 22-15
enabling 22-14
BPDU message exchange 20-3
configuration guidelines 20-14, 22-13
forward-delay time 20-25
hello time 20-24
maximum aging time 20-25
path cost 20-22
port priority 20-20
root switch 20-18
secondary root switch 20-19
spanning-tree mode 20-16
switch priority 20-23
transmit hold-count 20-26
counters, clearing 20-26
described 22-5
enabling 22-17
default configuration 20-14
default optional feature configuration 22-12
designated port, defined 20-4
designated switch, defined 20-4
detecting indirect link failures 22-8
disabling 20-17
displaying status 20-26
described 22-10
disabling 22-18
enabling 22-18
effects on root switch 20-18
effects on the secondary root switch 20-19
overview 20-5
unexpected behavior 20-18
features supported 1-9
IEEE 802.1D and bridge ID 20-5
IEEE 802.1D and multicast addresses 20-10
IEEE 802.1t and VLAN identifier 20-5
inferior BPDU 20-3
instances supported 20-11
interface state, blocking to forwarding 22-2
blocking 20-7
disabled 20-8
forwarding 20-7, 20-8
learning 20-8
listening 20-8
overview 20-6
interoperability and compatibility among modes 20-12
Layer 2 protocol tunneling 19-7
limitations with IEEE 802.1Q trunks 20-12
overview 15-24
using path costs 15-26
using port priorities 15-24
described 22-12
enabling 22-19
modes supported 20-11
multicast addresses, effect of 20-10
optional features supported 1-10
overview 20-2
path costs 15-26, 15-27
described 22-2
enabling 22-13
port priorities 15-25
preventing root switch selection 22-11
protocols supported 20-11
redundant connectivity 20-9
described 22-11
enabling 22-18
root port, defined 20-3
root port selection on a switch stack 20-3
configuring 20-18
effects of extended system ID 20-5, 20-18
election 20-3
unexpected behavior 20-18
shutdown Port Fast-enabled port 22-2
stack changes, effects of 20-13
status, displaying 20-26
superior BPDU 20-3
timers, described 20-24
described 22-4
enabling 22-16
VLAN-bridge 20-13
stratum, NTP 7-3
stub areas, OSPF 41-32
stub routing, EIGRP 41-44
subdomains, private VLAN 18-1
subnet mask 41-7
subnet zero 41-7
success response, VMPS 15-28
summer time 7-8
SunNet Manager 1-7
supernet 41-8
supported port-based authentication methods 10-8
configuring 14-50
defined 14-6
SVI link state 14-6
and IP unicast routing 41-5
and router ACLs 37-5
connecting VLANs 14-16
defined 14-5
routing between VLANs 15-2
switch 42-2
switch clustering technology 6-1
switch console port 1-8
switched packets, ACLs on 37-43
switched ports 14-2
switchport backup interface 24-4, 24-5
switchport block multicast command 28-8
switchport block unicast command 28-8
switchport command 14-32
switchport mode dot1q-tunnel command 19-6
switchport protected command 28-7
MSTP 21-24
STP 20-23
switch software features 1-1
SXP 11-9, 13-2
synchronization, BGP 41-50
system capabilities TLV 30-2
daylight saving time 7-8
manually 7-6
summer time 7-8
time zones 7-7
displaying the time and date 7-6
overview 7-2
system description TLV 30-2
default configuration 34-4
defining error message severity levels 34-9
disabling 34-4
displaying the configuration 34-17
enabling 34-5
facility keywords, described 34-14
level keywords, described 34-10
limiting messages 34-10
message format 34-2
overview 34-1
sequence numbers, enabling and disabling 34-8
setting the display destination device 34-5
stack changes, effects of 34-2
synchronizing log messages 34-6
syslog facility 1-21
time stamps, enabling and disabling 34-8
configuring the daemon 34-13
configuring the logging facility 34-13
facilities supported 34-14
and IS-IS LSPs 41-71
system MTU and IEEE 802.1Q tunneling 19-5
default configuration 7-10
default setting 7-10
manual configuration 7-10
system name TLV 30-2
system prompt, default setting 7-9, 7-10
system resources, optimizing 8-1
IS-IS 41-67
ISO IGRP 41-67
accounting, defined 9-12
authentication, defined 9-11
authorization, defined 9-12
accounting 9-17
authentication key 9-13
authorization 9-16
login authentication 9-14
default configuration 9-13
displaying the configuration 9-18
identifying the server 9-13
in clusters 6-17
limiting the services to the user 9-16
operation of 9-12
overview 9-10
support for 1-15
tracking services accessed by user 9-17
IEEE 802.1Q 19-3
Layer 2 protocol 19-7
creating 54-6
displaying the contents of 54-7
extracting 54-7
image file format 54-26
memory consistency check errors
example 52-28
memory consistency check routines 1-6, 52-28
memory consistency integrity 1-6, 52-28
HFTM 52-28
HQATM 52-28
unassigned 52-28
TCL script, registering and defining with embedded event manager 36-7
TDR 1-21
accessing management interfaces 2-10
number of connections 1-8
setting a password 9-6
templates, SDM 8-4
temporary self-signed certificate 9-51
Terminal Access Controller Access Control System Plus
terminal lines, setting a password 9-6
ternary content addressable memory
downloading 54-12
preparing the server 54-11
uploading 54-13
configuration files in base directory 3-8
configuring for autoconfiguration 3-7
deleting 54-29
downloading 54-28
preparing the server 54-27
uploading 54-30
limiting access by servers 35-18
TFTP server 1-7
threshold, traffic level 28-2
threshold monitoring, IP SLAs 46-6
time-range command 37-18
time ranges in ACLs 37-18
time stamps in log messages 34-8
time zones 7-7
defined 30-2
LLDP 30-2
LLDP-MED 30-2
support for 15-6
VTP support 16-5
ToS 1-17
and ARP 52-17
and CDP 52-17
broadcast traffic 52-16
described 52-16
IP addresses and subnets 52-17
MAC addresses and VLANs 52-17
multicast traffic 52-17
multiple devices on a port 52-17
unicast traffic 52-16
usage guidelines 52-17
traceroute command 52-19
configuring 47-3
types 47-3
by Boolean expression 47-4
by threshold percentage 47-6
by threshold weight 47-5
tracking interface line-protocol state 47-2
tracking IP routing state 47-2
tracking objects 47-1
tracking process 47-1
track state, tracking IP SLAs 47-9
blocking flooded 28-8
fragmented 37-6
fragmented IPv6 43-2
unfragmented 37-6
traffic policing 1-17
traffic suppression 28-2
transparent mode, VTP 16-4
trap-door mechanism 3-2
configuring MAC address notification 7-17, 7-20, 7-21
configuring managers 35-13
defined 35-4
enabling 7-17, 7-20, 7-21, 35-13
notification types 35-13
overview 35-1, 35-5
connectivity problems 52-15, 52-16, 52-18
CPU utilization 52-29
detecting unidirectional links 31-1
displaying crash information 52-25
PIMv1 and PIMv2 interoperability problems 49-36
setting packet forwarding 52-22
SFP security and identification 52-14
show forward command 52-22
with CiscoWorks 35-5
with debug commands 52-20
with ping 52-15
with system message logging 34-1
with traceroute 52-18
trunking encapsulation 1-11
configuring 15-20
defined 14-4, 15-4
encapsulation 15-20, 15-25, 15-27
allowed-VLAN list 15-21
configuring 15-20, 15-25, 15-27
ISL 15-16
setting STP path costs 15-26
using STP port priorities 15-24, 15-25
native VLAN for untagged traffic 15-23
parallel 15-26
pruning-eligible list 15-22
to non-DTP device 15-17
trusted boundary for QoS 38-47
between QoS domains 38-49
classification options 38-5
ensuring port security for IP phones 38-47
support for 1-17
within a QoS domain 38-45
trustpoints, CA 9-50
defined 19-1
IEEE 802.1Q 19-1
Layer 2 protocol 19-8
defined 15-5
described 14-4, 19-1
IEEE 802.1Q, configuring 19-6
incompatibilities with other features 19-5
twisted-pair Ethernet, detecting unidirectional links 31-1
configuration guidelines 31-4
default configuration 31-4
globally 31-5
on fiber-optic interfaces 31-5
per interface 31-6
echoing detection mechanism 31-3
globally 31-5
per interface 31-6
Layer 2 protocol tunneling 19-11
link-detection mechanism 31-1
neighbor database 31-2
overview 31-1
resetting an interface 31-6
status, displaying 31-7
support for 1-9
UDP, configuring 41-17
UDP jitter, configuring 46-10
UDP jitter operation, IP SLAs 46-9
unauthorized ports with IEEE 802.1x 10-11
unicast MAC address filtering 1-7
and adding static addresses 7-24
and broadcast MAC addresses 7-23
and CPU packets 7-23
and multicast addresses 7-23
and router MAC addresses 7-23
configuration guidelines 7-23
described 7-23
unicast storm 28-1
unicast storm control command 28-4
unicast traffic, blocking 28-8
UniDirectional Link Detection protocol
daemon configuration 34-13
facilities supported 34-14
message logging configuration 34-13
unrecognized Type-Length-Value (TLV) support 16-5
described 22-4
disabling 22-17
enabling 22-16
support for 1-10
preparing 54-11, 54-14, 54-17
reasons for 54-9
using FTP 54-16
using RCP 54-19
using TFTP 54-13
preparing 54-27, 54-31, 54-35
reasons for 54-25
using FTP 54-33
using RCP 54-38
using TFTP 54-30
USB mini-Type B console port 14-18
USB Type A port 1-9
user EXEC mode 2-2
username-based authentication 9-7
VACL logging parameters 37-41
configuration example 37-42
version-dependent transparent mode 16-5
automatic upgrades with auto-upgrade 5-13
manual upgrades with auto-advise 5-14
upgrades with auto-extract 5-13
described 5-13
cluster standby group 6-12
command switch 6-12
virtual ports, MKA 11-3
virtual router 45-1, 45-2
virtual switches and PAgP 39-7
vlan.dat file 15-5
VLAN 1, disabling on a trunk port 15-22
VLAN 1 minimization 15-21
vlan-assignment response, VMPS 15-28
VLAN blocking, REP 23-12
at bootup 15-8
saving 15-8
VLAN configuration mode 2-2
and startup configuration file 15-8
and VTP 16-1
VLAN configuration saved in 15-8
VLANs saved in 15-5
vlan dot1q tag native command 19-4
VLAN filtering and SPAN 32-8
vlan global configuration command 15-7
VLAN ID, discovering 7-26
VLAN link state 14-6
REP 23-4
VLAN load balancing, triggering 23-5
VLAN load balancing on flex links 24-2
configuration guidelines 24-9
VLAN management domain 16-2
VLAN map entries, order of 37-34
applying 37-38
common uses for 37-38
configuration guidelines 37-34
configuring 37-33
creating 37-35
defined 37-3
denying access to a server example 37-40
denying and permitting packets 37-35
displaying 37-47
examples of ACLs and VLAN maps 37-36
removing 37-38
support for 1-13
wiring closet configuration example 37-39
confirming 15-31
modes 15-4
adding 15-9
adding to VLAN database 15-9
aging dynamic addresses 20-10
allowed on trunk 15-21
and spanning-tree instances 15-3, 15-7, 15-13
configuration guidelines, extended-range VLANs 15-12
configuration guidelines, normal-range VLANs 15-7
configuring 15-1
configuring IDs 1006 to 4094 15-12
connecting through SVIs 14-16
creating 15-10
customer numbering in service-provider networks 19-3
default configuration 15-9
deleting 15-10
described 14-2, 15-1
displaying 15-16
extended-range 15-1, 15-12
features 1-11
illustrated 15-2
internal 15-13
in the switch stack 15-7
limiting source traffic with RSPAN 32-23
limiting source traffic with SPAN 32-16
modifying 15-9
multicast 27-18
native, configuring 15-23
normal-range 15-1, 15-5
number supported 1-11
parameters 15-6
port membership modes 15-4
static-access ports 15-11
STP and IEEE 802.1Q trunks 20-12
supported 15-3
Token Ring 15-6
traffic between 15-2
VLAN-bridge STP 20-13, 51-2
VTP modes 16-3
VLAN trunks 15-16
administering 15-32
configuration example 15-33
configuration guidelines 15-29
default configuration 15-29
description 15-27
described 15-28
reconfirming 15-31
troubleshooting 15-33
entering server address 15-30
mapping MAC addresses to VLANs 15-28
monitoring 15-32
reconfirmation interval, changing 15-31
reconfirming membership 15-31
retry count, changing 15-32
configuring 10-43
described 10-33, 10-43
voice-over-IP 17-1
Cisco 7960 phone, port connections 17-1
configuration guidelines 17-3
configuring IP phones for data traffic
override CoS of incoming frame 17-6
trust CoS priority of incoming frame 17-6
configuring ports for voice traffic in
802.1p priority tagged frames 17-5
802.1Q frames 17-5
connecting to an IP phone 17-4
default configuration 17-3
described 17-1
displaying 17-7
IP phone data traffic, described 17-2
IP phone voice traffic, described 17-2
configuring routing in 41-86
forwarding 41-79
in service provider networks 41-77
routes 41-77
VPN routing and forwarding table
VQP 1-11, 15-27
defining 41-79
tables 41-77
ARP 41-83
configuring 41-82
ftp 41-85
HSRP 41-84
ping 41-83
RADIUS 41-84
SNMP 41-83
syslog 41-84
tftp 41-85
traceroute 41-85
adding a client to a domain 16-18
advertisements 15-19, 16-5
and extended-range VLANs 15-3, 16-2
and normal-range VLANs 15-3, 16-2
client mode, configuring 16-14
guidelines 16-10
requirements 16-13
saving 16-11
configuration requirements 16-13
guideline 16-18
resetting 16-19
consistency checks 16-6
default configuration 16-10
described 16-1
domain names 16-11
domains 16-2
Layer 2 protocol tunneling 19-7
client 16-3
off 16-4
server 16-3