- Index
- Preface
- Overview
- Using the Command-Line Interface
- Clustering Switches
- Assigning the Switch IP Address and Default Gateway
- Configuring Cisco IOS Configuration Engine
- Managing Switch Stacks
- Administering the Switch
- Configuring SDM Templates
- Configuring Switch-Based Authentication
- Configuring IEEE 802.1x Port-Based Authentication
- Configuring Web-Based Authentication
- Configuring Interface Characteristics
- Configuring Auto Smartports Macros
- Configuring VLANs
- Configuring VTP
- Configuring Voice VLAN
- Configuring Private VLANs
- Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
- Configuring STP
- Configuring MSTP
- Configuring Optional Spanning-Tree Features
- Configuring Flex Links and the MAC Address-Table Move Update Feature
- Configuring DHCP Features and IP Source Guard
- Configuring Dynamic ARP Inspection
- Configuring IGMP Snooping and MVR
- Configuring Port-Based Traffic Control
- Configuring CDP
- Configuring LLDP, LLDP-MED, and Wired Location Service
- Configuring UDLD
- Configuring SPAN and RSPAN
- Configuring RMON
- Configuring System Message Logging
- Configuring SNMP
- Configuring Embedded Event Manager
- Configuring Network Security with ACLs
- Configuring QoS
- Configuring EtherChannels and Link-State Tracking
- Configuring IP Unicast Routing
- Configuring IPv6 Unicast Routing
- Configuring IPv6 MLD Snooping
- Configuring IPv6 ACLs
- Configuring HSRP
- Configuring Cisco IOS IP SLAs Operations
- Configuring Enhanced Object Tracking
- Configuring IP Multicast Routing
- Configuring MSDP
- Configuring Web Cache Services By Using WCCP
- Configuring Fallback Bridging
- Troubleshooting
- Configuring Online Diagnostics
- Configuring the Catalyst 3750G Integrated Wireless LAN Controller Switch
- Supported MIBs
- Working with the Cisco IOS File System, Configuration Files, and Software Images
- Unsupported Commands in Cisco IOS Release 12.2(52)SE
Index
Numerics
10-Gigabit Ethernet interfaces
configuration guidelines 12-17
defined 12-6
3750G integrated wireless LAN controller switch
configuring the switch A-4
controller and switch interaction A-3
internal ports
configuring A-4
reconfiguring A-5
A
AAA down policy, NAC Layer 2 IP validation 1-11
abbreviating commands 2-4
ABRs 38-25
AC (command switch) 6-10
access-class command 35-20
access control entries
access control entry (ACE) 41-3
access-denied response, VMPS 14-26
access groups
applying IPv4 ACLs to interfaces 35-21
Layer 2 35-21
Layer 3 35-21
accessing
clusters, switch 6-13
command switches 6-11
member switches 6-13
switch clusters 6-13
accessing stack members 5-23
access lists
access ports
and Layer 2 protocol tunneling 18-11
defined 12-3
in switch clusters 6-9
access template 8-1
accounting
with 802.1x 10-47
with IEEE 802.1x 10-14
with RADIUS 9-34
ACEs
and QoS 36-7
defined 35-2
Ethernet 35-2
IP 35-2
ACLs
ACEs 35-2
any keyword 35-13
applying
on bridged packets 35-39
on multicast packets 35-41
on routed packets 35-40
on switched packets 35-39
time ranges to 35-17
to IPv6 interfaces 41-7
to QoS 36-7
classifying traffic for QoS 36-43
comments in 35-19
compiling 35-23
extended IP, configuring for QoS classification 36-44
extended IPv4
creating 35-11
matching criteria 35-8
hardware and software handling 35-22
host keyword 35-13
IP
creating 35-8
fragments and QoS guidelines 36-33
implicit deny 35-10, 35-14, 35-16
implicit masks 35-10
matching criteria 35-8
undefined 35-21
IPv4
applying to interfaces 35-20
creating 35-8
matching criteria 35-8
named 35-15
numbers 35-8
terminal lines, setting on 35-19
unsupported features 35-7
IPv6
and stacking 41-3
applying to interfaces 41-7
displaying 41-8
interactions with other features 41-4
limitations 41-3
matching criteria 41-3
named 41-3
precedence of 41-2
supported 41-2
unsupported features 41-3
Layer 4 information in 35-38
logging messages 35-9
named, IPv4 35-15
named, IPv6 41-3
names 41-4
number per QoS class map 36-33
precedence of 35-2
resequencing entries 35-15
router ACLs and VLAN map configuration guidelines 35-38
standard IP, configuring for QoS classification 36-43
standard IPv4
creating 35-10
matching criteria 35-8
support for 1-10
support in hardware 35-22
time ranges 35-17
types supported 35-2
unsupported features, IPv4 35-7
unsupported features, IPv6 41-3
using router ACLs with VLAN maps 35-37
VLAN maps
configuration guidelines 35-31
configuring 35-30
active links 22-2
active router 42-1
active traffic monitoring, IP SLAs 43-1
address aliasing 25-2
addresses
displaying the MAC address table 7-30
dynamic
accelerated aging 19-9
changing the aging time 7-21
default aging 19-9
defined 7-19
learning 7-20
removing 7-22
IPv6 39-2
MAC, discovering 7-30
multicast
group address range 46-3
STP address management 19-9
static
adding and removing 7-26
defined 7-19
Address Resolution Protocol
adjacency tables, with CEF 38-90
administrative distances
defined 38-102
OSPF 38-32
routing protocol defaults 38-92
advertisements
CDP 27-1
RIP 38-20
aggregatable global unicast addresses 39-3
aggregate addresses, BGP 38-60
aggregated ports
aggregate policers 36-58
aggregate policing 1-13
aging, accelerating 19-9
aging time
accelerated
for MSTP 20-23
MAC address table 7-21
maximum
for MSTP 20-24
alarms, RMON 31-3
allowed-VLAN list 14-20
application engines, redirecting traffic to 45-1
area border routers
area routing
IS-IS 38-65
ISO IGRP 38-65
ARP
configuring 38-10
encapsulation 38-11
static cache configuration 38-10
table
address resolution 7-30
managing 7-30
ASBRs 38-25
AS-path filters, BGP 38-54
asymmetrical links, and IEEE 802.1Q tunneling 18-4
attributes, RADIUS
vendor-proprietary 9-37
vendor-specific 9-35
attribute-value pairs 10-12, 10-14, 10-18, 10-19
authentication
EIGRP 38-41
HSRP 42-10
local mode with AAA 9-43
NTP associations 7-4
open1x 10-28
RADIUS
key 9-27
login 9-29
TACACS+
defined 9-11
key 9-13
login 9-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 10-8
authentication failed VLAN
authentication keys, and routing protocols 38-103
authentication manager
CLI commands 10-9
compatibility with older 802.1x CLI commands10-9to ??
overview 10-7
authoritative time source, described 7-2
authorization
with RADIUS 9-33
authorized ports with IEEE 802.1x 10-10
autoconfiguration 3-3
auto enablement 10-29
automatic advise (auto-advise) in switch stacks 5-11
automatic copy (auto-copy) in switch stacks 5-10
automatic discovery
considerations
beyond a noncandidate device 6-8
brand new switches 6-9
connectivity 6-5
different VLANs 6-7
management VLANs 6-7
non-CDP-capable devices 6-6
noncluster-capable devices 6-6
routed ports 6-8
in switch clusters 6-5
automatic extraction (auto-extract) in switch stacks 5-11
automatic QoS
automatic recovery, clusters 6-10
automatic upgrades (auto-upgrade) in switch stacks 5-10
auto-MDIX
configuring 12-21
described 12-21
autonegotiation
duplex mode 1-4
interface configuration guidelines 12-18
mismatches 49-12
autonomous system boundary routers
autonomous systems, in BGP 38-48
Auto-RP, described 46-6
autosensing, port speed 1-4
Auto Smartports macros
Cisco Medianet 13-2
configuration guidelines 13-4
default configuration 13-3
defined 13-1
displaying 13-20
event triggers 13-12
LLDP 13-1
mapping 13-9
user-defined macros 13-15
autostate exclude 12-6
Auto Smartports macros
auxiliary VLAN
availability, features 1-7
B
BackboneFast
described 21-7
disabling 21-17
enabling 21-16
support for 1-8
backup interfaces
backup links 22-2
backup static routing, configuring 44-12
banners
configuring
login 7-18
message-of-the-day login 7-18
default configuration 7-17
when displayed 7-17
Berkeley r-tools replacement 9-56
BGP
aggregate addresses 38-60
aggregate routes, configuring 38-60
CIDR 38-60
clear commands 38-63
community filtering 38-57
configuring neighbors 38-58
default configuration 38-45
described 38-44
enabling 38-48
monitoring 38-63
multipath support 38-52
neighbors, types of 38-48
path selection 38-52
peers, configuring 38-58
prefix filtering 38-56
resetting sessions 38-51
route dampening 38-62
route maps 38-54
route reflectors 38-61
routing domain confederation 38-61
routing session with multi-VRF CE 38-84
show commands 38-63
supernets 38-60
support for 1-14
Version 4 38-45
binding cluster group and HSRP group 42-12
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 23-6
DHCP snooping database 23-7
IP source guard 23-16
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 26-7
Boolean expressions in tracked lists 44-4
booting
boot loader, function of 3-2
boot process 3-2
manually 3-18
specific image 3-19
boot loader
accessing 3-19
described 3-2
environment variables 3-20
prompt 3-19
trap-door mechanism 3-2
bootstrap router (BSR), described 46-7
Border Gateway Protocol
BPDU
error-disabled state 21-2
filtering 21-3
RSTP format 20-12
BPDU filtering
described 21-3
disabling 21-15
enabling 21-14
support for 1-8
BPDU guard
described 21-2
disabling 21-14
enabling 21-13
support for 1-8
bridged packets, ACLs on 35-39
bridge groups
bridge protocol data unit
broadcast flooding 38-17
broadcast packets
directed 38-14
flooded 38-14
broadcast storm-control command 26-4
C
cables, monitoring for unidirectional links 29-1
candidate switch
automatic discovery 6-5
defined 6-4
requirements 6-4
See also command switch, cluster standby group, and member switch
Catalyst 3750G wireless LAN controller switch
accessing the controller A-6
displaying controller information A-7
features A-2
interaction with the controller A-3
internal port configuration A-4
internal port EtherChannel A-4
internal ports A-3
internal VLAN A-3
reconfiguring the internal ports A-5
switch stacks A-2
Catalyst 6000 switches
authentication compatibility 10-8
CA trustpoint
configuring 9-52
defined 9-50
CDP
and trusted boundary 36-39
automatic discovery in switch clusters 6-5
configuring 27-2
default configuration 27-2
defined with LLDP 28-1
described 27-1
disabling for routing device27-3to 27-4
enabling and disabling
on an interface 27-4
on a switch 27-3
Layer 2 protocol tunneling 18-7
monitoring 27-5
overview 27-1
power negotiation extensions 12-7
support for 1-6
switch stack considerations 27-2
transmission timer and holdtime, setting 27-2
updates 27-2
CEF
defined 38-89
distributed 38-90
enabling 38-90
IPv6 39-18
CGMP
as IGMP snooping learning method 25-9
clearing cached group entries 46-61
enabling server support 46-44
joining multicast group 25-3
overview 46-9
server support only 46-9
switch support of 1-4
CIDR 38-60
CipherSuites 9-51
Cisco 7960 IP Phone 16-1
Cisco Discovery Protocol
Cisco Express Forwarding
Cisco Group Management Protocol
Cisco intelligent power management 12-7
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
Cisco IOS IP SLAs 43-1
Cisco Medianet
Cisco Redundant Power System 2300
configuring 12-29
managing 12-29
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 10-19
attribute-value pairs for redirect URL 10-18
Cisco Secure ACS configuration guide 10-58
Cisco StackWise technology 1-3
CISP 10-29
CIST regional root
CIST root
civic location 28-3
classless interdomain routing
classless routing 38-8
class maps for QoS
configuring 36-46
described 36-7
displaying 36-78
class of service
clearing interfaces 12-32
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-5
editing features
enabling and disabling 2-7
keystroke editing 2-7
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
managing clusters 6-16
no and default forms of commands 2-4
Client Information Signalling Protocol
client mode, VTP 15-3
client processes, tracking 44-1
CLNS
clock
clusters, switch
accessing 6-13
automatic discovery 6-5
automatic recovery 6-10
benefits 1-2
compatibility 6-4
described 6-1
LRE profile considerations 6-16
managing
through CLI 6-16
through SNMP 6-17
planning 6-4
planning considerations
automatic discovery 6-5
automatic recovery 6-10
CLI 6-16
host names 6-13
IP addresses 6-13
LRE profiles 6-16
passwords 6-13
RADIUS 6-16
switch stacks 6-14
TACACS+ 6-16
cluster standby group
and HSRP group 42-12
automatic recovery 6-12
considerations 6-11
defined 6-2
requirements 6-3
virtual IP address 6-11
CNS 1-6
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-7
management functions 1-5
CoA Request Commands 9-23
Coarse Wave Division Multiplexer
command-line interface
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 9-8
command switch
accessing 6-11
active (AC) 6-10
configuration conflicts 49-12
defined 6-2
passive (PC) 6-10
password privilege levels 6-17
priority 6-10
recovery
from command-switch failure 6-10, 49-9
from lost member connectivity 49-12
redundant 6-10
replacing
with another switch 49-11
with cluster member 49-9
requirements 6-3
standby (SC) 6-10
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 38-57
community ports 17-2
community strings
for cluster switches 33-4
in clusters 6-14
overview 33-4
SNMP 6-14
compatibility, feature 26-12
compatibility, software
config.text 3-17
configurable leave timer, IGMP 25-6
configuration, initial
defaults 1-16
Express Setup 1-2
configuration changes, logging 32-11
configuration conflicts, recovering from lost member connectivity 49-12
configuration examples, network 1-18
configuration files
archiving C-19
clearing the startup configuration C-19
creating using a text editor C-10
default name 3-17
deleting a stored configuration C-19
described C-8
downloading
automatically 3-17
reasons for C-8
using FTP C-13
using RCP C-17
using TFTP C-11
guidelines for creating and using C-9
guidelines for replacing and rolling back C-21
invalid combinations when copying C-5
limiting TFTP server access 33-16
obtaining with DHCP 3-9
password recovery disable considerations 9-5
replacing a running configuration C-19, C-20
rolling back a running configuration C-19, C-20
specifying the filename 3-17
system contact and location information 33-16
types and location C-10
uploading
reasons for C-9
using FTP C-14
using RCP C-18
using TFTP C-12
configuration guidelines, multi-VRF CE 38-77
configuration logger 32-11
configuration logging 2-5
configuration replacement C-19
configuration rollback C-19
configuration settings, saving 3-15
configure terminal command 12-12
configuring 802.1x user distribution 10-54
configuring port-based authentication violation modes10-37to 10-38
configuring small-frame arrival rate 26-5
config-vlan mode 2-2
conflicts, configuration 49-12
connections, secure remote 9-45
connectivity problems 49-14, 49-16, 49-17
consistency checks in VTP Version 2 15-5
console port, connecting to 2-11
content-routing technology
control protocol, IP SLAs 43-4
corrupted software, recovery steps with Xmodem 49-2
CoS
in Layer 2 frames 36-2
override priority 16-6
trust priority 16-6
CoS input queue threshold map for QoS 36-16
CoS output queue threshold map for QoS 36-18
CoS-to-DSCP map for QoS 36-60
counters, clearing interface 12-32
CPU utilization, troubleshooting 49-25
crashinfo file 49-24
critical authentication, IEEE 802.1x 10-50
critical VLAN 10-22
cross-stack EtherChannel
configuration guidelines 37-13
configuring
on Layer 2 interfaces 37-13
on Layer 3 physical interfaces 37-16
described 37-3
illustration 37-4
support for 1-8
cross-stack UplinkFast, STP
described 21-5
disabling 21-16
enabling 21-16
fast-convergence events 21-7
Fast Uplink Transition Protocol 21-6
normal-convergence events 21-7
support for 1-8
cryptographic software image
Kerberos 9-39
SSH 9-44
SSL 9-49
switch stack considerations 5-2, 5-15, 9-45
customer edge devices 38-75
customjzeable web pages, web-based authentication 11-6
CWDM SFPs 1-28
D
DACL
daylight saving time 7-13
dCEF, in the switch stack 38-89
debugging
enabling all system diagnostics 49-21
enabling for a specific feature 49-20
redirecting error message output 49-21
using commands 49-20
default commands 2-4
default configuration
802.1x 10-32
auto-QoS 36-20
banners 7-17
BGP 38-45
booting 3-17
CDP 27-2
DHCP 23-8
DHCP option 82 23-9
DHCP snooping 23-9
DHCP snooping binding database 23-9
DNS 7-16
dynamic ARP inspection 24-5
EIGRP 38-37
EtherChannel 37-11
Ethernet interfaces 12-16
fallback bridging 48-3
HSRP 42-5
IEEE 802.1Q tunneling 18-4
IGMP 46-39
IGMP filtering 25-25
IGMP snooping 25-7, 40-5, 40-6
IGMP throttling 25-25
initial switch information 3-3
IP addressing, IP routing 38-6
IP multicast routing 46-10
IP SLAs 43-6
IP source guard 23-18
IPv6 39-10
IS-IS 38-66
Layer 2 interfaces 12-16
Layer 2 protocol tunneling 18-11
LLDP 28-4
MAC address table 7-21
MAC address-table move update 22-8
MSDP 47-4
MSTP 20-15
multi-VRF CE 38-77
MVR 25-20
NTP 7-4
optional spanning-tree configuration 21-12
OSPF 38-26
password and privilege level 9-2
PIM 46-10
private VLANs 17-6
RADIUS 9-27
RIP 38-20
RMON 31-3
RSPAN 30-11
SDM template 8-5
SNMP 33-6
SPAN 30-11
SSL 9-52
standard QoS 36-30
STP 19-13
switch stacks 5-18
system message logging 32-4
system name and prompt 7-15
TACACS+ 9-13
UDLD 29-4
VLAN, Layer 2 Ethernet interfaces 14-18
VLANs 14-7
VMPS 14-27
voice VLAN 16-3
VTP 15-8
WCCP 45-5
default networks 38-93
default router preference
default routes 38-93
default routing 38-3
default web-based authentication configuration
802.1X 11-9
deleting VLANs 14-9
denial-of-service attack 26-1
description command 12-24
designing your network, examples 1-18
destination addresses
in IPv4 ACLs 35-12
in IPv6 ACLs 41-5
destination-IP address-based forwarding, EtherChannel 37-9
destination-MAC address forwarding, EtherChannel 37-9
detecting indirect link failures, STP 21-8
device C-23
device discovery protocol 27-1, 28-1
device manager
benefits 1-2
in-band management 1-6
upgrading a switch C-23
DHCP
Cisco IOS server database
configuring 23-14
default configuration 23-9
described 23-6
DHCP for IPv6
enabling
relay agent 23-10
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-4
DNS 3-8
relay device 3-8
server side 3-6
TFTP server 3-7
example 3-10
lease options
for IP address information 3-6
for receiving the configuration file 3-7
overview 3-3
relationship to BOOTP 3-4
support for 1-6
DHCP-based autoconfiguration and image update
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP object tracking, configuring primary interface 44-11
DHCP option 82
circuit ID suboption 23-5
configuration guidelines 23-9
default configuration 23-8
displaying 23-15
forwarding address, specifying 23-11
helper address 23-11
overview 23-3
packet format, suboption
circuit ID 23-5
remote ID 23-5
remote ID suboption 23-5
DHCP server port-based address allocation
configuration guidelines 23-26
default configuration 23-26
described 23-25
displaying 23-29
enabling 23-26
reserved addresses 23-27
DHCP server port-based address assignment
support for 1-6
DHCP snooping
accepting untrusted packets form edge switch 23-3, 23-12
and private VLANs 23-14
binding database
See DHCP snooping binding database
configuration guidelines 23-9
default configuration 23-8
displaying binding tables 23-15
message exchange process 23-4
option 82 data insertion 23-3
trusted interface 23-3
untrusted interface 23-3
untrusted messages 23-2
DHCP snooping binding database
adding bindings 23-14
binding file
format 23-7
location 23-7
bindings 23-7
clearing agent statistics 23-15
configuration guidelines 23-10
configuring 23-14
default configuration 23-8, 23-9
deleting
binding file 23-15
bindings 23-15
database agent 23-15
described 23-7
displaying 23-15
binding entries 23-15
status and statistics 23-15
enabling 23-14
entry 23-7
renewing database 23-15
resetting
delay value 23-15
timeout value 23-15
DHCP snooping binding table
See DHCP snooping binding database
DHCPv6
configuration guidelines 39-15
default configuration 39-15
described 39-6
enabling client function 39-17
enabling DHCPv6 server function 39-15
support for 1-14
Differentiated Services architecture, QoS 36-2
Differentiated Services Code Point 36-2
Diffusing Update Algorithm (DUAL) 38-35
directed unicast requests 1-6
directories
changing C-4
creating and removing C-4
displaying the working C-4
discovery, clusters
Distance Vector Multicast Routing Protocol
distance-vector protocols 38-3
distribute-list command 38-102
DNS
and DHCP-based autoconfiguration 3-8
default configuration 7-16
displaying the configuration 7-17
in IPv6 39-4
overview 7-15
setting up 7-16
support for 1-6
DNS-based SSM mapping 46-18, 46-20
domain names
DNS 7-15
VTP 15-9
Domain Name System
domains, ISO IGRP routing 38-65
dot1q-tunnel switchport mode 14-16
double-tagged packets
IEEE 802.1Q tunneling 18-2
Layer 2 protocol tunneling 18-10
downloadable ACL 10-18, 10-19, 10-58
downloading
configuration files
reasons for C-8
using FTP C-13
using RCP C-17
using TFTP C-11
image files
deleting old image C-27
reasons for C-23
using CMS 1-2
using FTP C-30
using RCP C-35
using TFTP C-26
using the device manager or Network Assistant C-23
drop threshold for Layer 2 protocol packets 18-11
DRP
configuring 39-13
described 39-4
IPv6 39-4
support for 1-14
DSCP input queue threshold map for QoS 36-16
DSCP output queue threshold map for QoS 36-18
DSCP-to-CoS map for QoS 36-63
DSCP-to-DSCP-mutation map for QoS 36-64
DSCP transparency 36-40
dual-action detection 37-6
DUAL finite state machine, EIGRP 38-36
dual IPv4 and IPv6 templates 8-2, 39-5, 39-6
dual protocol stacks
IPv4 and IPv6 39-5
SDM templates supporting 39-6
DVMRP
autosummarization
configuring a summary address 46-58
disabling 46-60
connecting PIM domain to DVMRP router 46-51
enabling unicast routing 46-54
interoperability
with Cisco devices 46-49
with Cisco IOS software 46-9
mrinfo requests, responding to 46-53
neighbors
advertising the default route to 46-52
discovery with Probe messages 46-49
displaying information 46-53
prevent peering with nonpruning 46-56
rejecting nonpruning 46-55
overview 46-9
routes
adding a metric offset 46-60
advertising all 46-60
advertising the default route to neighbors 46-52
caching DVMRP routes learned in report messages 46-54
changing the threshold for syslog messages 46-57
deleting 46-61
displaying 46-62
favoring one over another 46-60
limiting the number injected into MBONE 46-57
limiting unicast route advertisements 46-49
routing table 46-9
source distribution tree, building 46-9
support for 1-14
tunnels
configuring 46-51
displaying neighbor information 46-53
dynamic access ports
characteristics 14-3
configuring 14-29
defined 12-3
dynamic addresses
dynamic ARP inspection
ARP cache poisoning 24-1
ARP requests, described 24-1
ARP spoofing attack 24-1
clearing
log buffer 24-15
statistics 24-14
configuration guidelines 24-6
configuring
ACLs for non-DHCP environments 24-8
in DHCP environments 24-7
log buffer 24-12
rate limit for incoming ARP packets 24-4, 24-10
default configuration 24-5
denial-of-service attacks, preventing 24-10
described 24-1
DHCP snooping binding database 24-2
displaying
ARP ACLs 24-14
configuration and operating state 24-14
log buffer 24-15
statistics 24-14
trust state and rate limit 24-14
error-disabled state for exceeding rate limit 24-4
function of 24-2
interface trust states 24-3
log buffer
clearing 24-15
configuring 24-12
displaying 24-15
logging of dropped packets, described 24-5
man-in-the middle attack, described 24-2
network security issues and interface trust states 24-3
priority of ARP ACLs and DHCP snooping entries 24-4
rate limiting of ARP packets
configuring 24-10
described 24-4
error-disabled state 24-4
statistics
clearing 24-14
displaying 24-14
validation checks, performing 24-11
dynamic auto trunking mode 14-16
dynamic desirable trunking mode 14-16
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 14-27
reconfirming 14-30
troubleshooting 14-31
types of connections 14-29
dynamic routing 38-3
ISO CLNS 38-64
Dynamic Trunking Protocol
E
EBGP 38-44
editing features
enabling and disabling 2-7
keystrokes used 2-7
wrapped lines 2-9
EEM 3.2 34-5
EIGRP
authentication 38-41
components 38-36
configuring 38-39
default configuration 38-37
definition 38-35
interface parameters, configuring 38-40
monitoring 38-43
stub routing 38-42
elections
ELIN location 28-3
embedded event manager
3.2 34-5
actions 34-4
displaying information 34-7
environmental variables 34-5
event detectors 34-2
policies 34-4
registering and defining an applet 34-6
registering and defining a TCL script 34-7
understanding 34-1
enable password 9-3
enable secret password 9-3
encryption, CipherSuite 9-51
encryption for passwords 9-3
Enhanced IGRP
enhanced object tracking
backup static routing 44-12
commands 44-1
defined 44-1
DHCP primary interface 44-11
HSRP 44-7
IP routing state 44-2
IP SLAs 44-9
line-protocol state 44-2
network monitoring with IP SLAs 44-11
routing policy, configuring 44-12
static route primary interface 44-10
tracked lists 44-3
enhanced object tracking static routing 44-10
environmental variables, embedded event manager 34-5
environment variables, function of 3-20
equal-cost routing 1-14, 38-91
error-disabled state, BPDU 21-2
error messages during command entry 2-5
EtherChannel
automatic creation of 37-5, 37-7
channel groups
binding physical and logical interfaces 37-4
numbering of 37-4
configuration guidelines 37-12
configuring
Layer 2 interfaces 37-13
Layer 3 physical interfaces 37-16
Layer 3 port-channel logical interfaces 37-15
default configuration 37-11
described 37-2
displaying status 37-22
forwarding methods 37-8, 37-18
IEEE 802.3ad, described 37-7
interaction
with STP 37-12
with VLANs 37-12
LACP
described 37-7
displaying status 37-22
hot-standby ports 37-20
interaction with other features 37-8
modes 37-7
port priority 37-22
system priority 37-21
Layer 3 interface 38-5
logical interfaces, described 37-4
PAgP
aggregate-port learners 37-19
compatibility with Catalyst 1900 37-19
described 37-5
displaying status 37-22
interaction with other features 37-7
interaction with virtual switches 37-6
learn method and priority configuration 37-19
modes 37-6
support for 1-4
with dual-action detection 37-6
port-channel interfaces
described 37-4
numbering of 37-4
port groups 12-6
stack changes, effects of 37-10
support for 1-4
EtherChannel guard
described 21-10
disabling 21-17
enabling 21-17
Ethernet VLANs
adding 14-8
defaults and ranges 14-8
modifying 14-8
EUI 39-3
event detectors, embedded event manager 34-2
events, RMON 31-3
examples
network configuration 1-18
expedite queue for QoS 36-77
Express Setup 1-2
See also getting started guide
extended crashinfo file 49-24
extended-range VLANs
configuration guidelines 14-11
configuring 14-11
creating 14-12
creating with an internal VLAN ID 14-13
defined 14-1
extended system ID
MSTP 20-17
extended universal identifier
Extensible Authentication Protocol over LAN 10-1
external BGP
external neighbors, BGP 38-48
F
fa0 interface 1-7
failover support 1-7
fallback bridging
and protected ports 48-4
bridge groups
creating 48-4
described 48-2
displaying 48-11
function of 48-2
number supported 48-5
removing 48-5
bridge table
clearing 48-11
displaying 48-11
configuration guidelines 48-4
connecting interfaces with 12-10
default configuration 48-3
described 48-1
frame forwarding
flooding packets 48-2
forwarding packets 48-2
overview 48-1
protocol, unsupported 48-4
stack changes, effects of 48-3
STP
disabling on an interface 48-10
forward-delay interval 48-9
hello BPDU interval 48-8
interface priority 48-7
maximum-idle interval 48-9
path cost 48-7
VLAN-bridge spanning-tree priority 48-6
VLAN-bridge STP 48-2
support for 1-14
SVIs and routed ports 48-1
unsupported protocols 48-4
VLAN-bridge STP 19-11
Fast Convergence 22-3
Fast Uplink Transition Protocol 21-6
features, incompatible 26-12
FIB 38-90
fiber-optic, detecting unidirectional links 29-1
files
basic crashinfo
description 49-24
location 49-24
copying C-5
crashinfo, description 49-24
deleting C-5
displaying the contents of C-8
extended crashinfo
description 49-24
location 49-24
tar
creating C-6
displaying the contents of C-7
extracting C-7
image file format C-24
file system
displaying available file systems C-2
displaying file information C-3
local file system names C-1
network file system names C-5
setting the default C-3
filtering
in a VLAN 35-30
non-IP traffic 35-28
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
flash device, number of C-1
flexible authentication ordering
configuring 10-61
overview 10-28
Flex Link Multicast Fast Convergence 22-3
Flex Links
configuration guidelines 22-8
configuring preferred VLAN 22-11
configuring VLAN load balancing 22-10
default configuration 22-7
description 22-1
link load balancing 22-2
monitoring 22-14
VLANs 22-2
flooded traffic, blocking 26-8
flow-based packet classification 1-12
flowcharts
QoS classification 36-6
QoS egress queueing and scheduling 36-17
QoS ingress queueing and scheduling 36-15
QoS policing and marking 36-10
flowcontrol
configuring 12-20
described 12-20
forward-delay time
MSTP 20-23
STP 19-23
Forwarding Information Base
forwarding nonroutable protocols 48-1
FTP
accessing MIB files B-3
configuration files
downloading C-13
overview C-12
preparing the server C-13
uploading C-14
image files
deleting old image C-32
downloading C-30
preparing the server C-29
uploading C-32
G
general query 22-5
Generating IGMP Reports 22-3
get-bulk-request operation 33-3
get-next-request operation 33-3, 33-4
get-request operation 33-3, 33-4
get-response operation 33-3
Gigabit modules
global configuration mode 2-2
global leave, IGMP 25-13
guest VLAN and 802.1x 10-20
guide mode 1-2
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces 12-26
hello time
MSTP 20-22
STP 19-22
help, for the command line 2-3
hierarchical policy maps 36-8
configuration guidelines 36-33
configuring 36-52
described 36-11
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 32-10
host names, in clusters 6-13
host ports
configuring 17-11
kinds of 17-2
hosts, limit on dynamic ports 14-31
Hot Standby Router Protocol
HP OpenView 1-5
HSRP
authentication string 42-10
automatic cluster recovery 6-12
binding to cluster group 42-12
cluster standby group considerations 6-11
command-switch redundancy 1-1, 1-7
configuring 42-5
default configuration 42-5
definition 42-1
guidelines 42-6
monitoring 42-13
object tracking 44-7
overview 42-1
priority 42-8
routing redundancy 1-13
support for ICMP redirect messages 42-12
switch stack considerations 42-5
timers 42-11
tracking 42-8
See also clusters, cluster standby group, and standby command switch
HSRP for IPv6
configuring 39-24
guidelines 39-23
HTTP over SSL
HTTPS 9-50
configuring 9-53
self-signed certificate 9-50
HTTP secure server 9-50
I
IBPG 38-44
ICMP
IPv6 39-4
redirect messages 38-12
support for 1-14
time-exceeded messages 49-18
traceroute and 49-18
unreachable messages 35-20
unreachable messages and IPv6 41-4
unreachables and ACLs 35-22
ICMP Echo operation
configuring 43-12
IP SLAs 43-11
ICMP ping
executing 49-15
overview 49-14
ICMP Router Discovery Protocol
ICMPv6 39-4
IDS appliances
and ingress RSPAN 30-22
and ingress SPAN 30-15
IEEE 802.1D
IEEE 802.1p 16-1
IEEE 802.1Q
and trunk ports 12-3
configuration limitations 14-17
encapsulation 14-15
native VLAN for untagged traffic 14-22
tunneling
compatibility with other features 18-6
defaults 18-4
described 18-1
tunnel ports with other features 18-6
IEEE 802.1s
IEEE 802.1w
IEEE 802.1x
IEEE 802.3ad
IEEE 802.3af
IEEE 802.3x flow control 12-20
ifIndex values, SNMP 33-5
IFS 1-6
IGMP
configurable leave timer
described 25-6
enabling 25-11
configuring the switch
as a member of a group 46-39
statically connected member 46-43
controlling access to groups 46-40
default configuration 46-39
deleting cache entries 46-62
displaying groups 46-62
fast switching 46-43
flooded multicast traffic
controlling the length of time 25-12
disabling on an interface 25-13
global leave 25-13
query solicitation 25-13
recovering from flood mode 25-13
host-query interval, modifying 46-41
joining multicast group 25-3
join messages 25-3
leave processing, enabling 25-11, 40-9
leaving multicast group 25-5
multicast reachability 46-39
overview 46-3
queries 25-4
report suppression
described 25-6
supported versions 25-3
support for 1-4
Version 1
changing to Version 2 46-41
described 46-3
Version 2
changing to Version 1 46-41
described 46-3
maximum query response time value 46-43
pruning groups 46-43
query timeout value 46-42
IGMP filtering
configuring 25-25
default configuration 25-25
described 25-24
monitoring 25-29
support for 1-4
IGMP groups
configuring filtering 25-28
setting the maximum number 25-27
IGMP Immediate Leave
configuration guidelines 25-11
described 25-5
enabling 25-11
IGMP profile
applying 25-27
configuration mode 25-25
configuring 25-26
IGMP snooping
and address aliasing 25-2
and stack changes 25-6
configuring 25-7
default configuration 25-7, 40-5, 40-6
definition 25-2
enabling and disabling 25-7, 40-6
global configuration 25-7
Immediate Leave 25-5
in the switch stack 25-6
method 25-8
querier
configuration guidelines 25-14
configuring 25-14
supported versions 25-3
support for 1-4
VLAN configuration 25-8
IGMP throttling
configuring 25-28
default configuration 25-25
described 25-25
displaying action 25-29
IGP 38-25
Immediate Leave, IGMP 25-5
enabling 40-9
inaccessible authentication bypass 10-22
support for multiauth ports 10-22
initial configuration
defaults 1-16
Express Setup 1-2
integrated wireless LAN controller switch
see 3750G integrated wireless LAN controller switch
interface
number 12-11
range macros 12-14
interface command12-11to 12-12
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 12-21
configuration guidelines
10-Gigabit Ethernet 12-17
duplex and speed 12-18
configuring
procedure 12-12
counters, clearing 12-32
default configuration 12-16
described 12-24
descriptive name, adding 12-24
displaying information about 12-31
flow control 12-20
management 1-5
monitoring 12-31
naming 12-24
physical, identifying 12-11
range of 12-12
shutting down 12-32
speed and duplex, configuring 12-19
status 12-31
supported 12-11
types of 12-1
interfaces range macro command 12-14
interface types 12-11
Interior Gateway Protocol
internal BGP
internal neighbors, BGP 38-48
Internet Control Message Protocol
Internet Group Management Protocol
Internet Protocol version 6
Inter-Switch Link
Intrusion Detection System
inventory management TLV 28-3, 28-7
IOS shell
IP ACLs
for QoS classification 36-7
implicit masks 35-10
named 35-15
undefined 35-21
IP addresses
128-bit 39-2
classes of 38-7
cluster access 6-2
command switch 6-3, 6-11, 6-13
default configuration 38-6
discovering 7-30
for IP routing 38-6
IPv6 39-2
MAC address association 38-9
monitoring 38-18
redundant clusters 6-11
standby command switch 6-11, 6-13
IP base image 1-1
IP broadcast address 38-16
ip cef distributed command 38-90
IP directed broadcasts 38-15
ip igmp profile command 25-25
IP information
assigned
manually 3-15
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing
addresses
all-hosts 46-3
all-multicast-routers 46-3
host group address range 46-3
administratively-scoped boundaries, described 46-46
and IGMP snooping 25-2
Auto-RP
adding to an existing sparse-mode cloud 46-26
benefits of 46-26
clearing the cache 46-62
configuration guidelines 46-12
filtering incoming RP announcement messages 46-29
overview 46-6
preventing candidate RP spoofing 46-29
preventing join messages to false RPs 46-28
setting up in a new internetwork 46-26
using with BSR 46-34
bootstrap router
configuration guidelines 46-12
configuring candidate BSRs 46-32
configuring candidate RPs 46-33
defining the IP multicast boundary 46-31
defining the PIM domain border 46-30
overview 46-7
using with Auto-RP 46-34
Cisco implementation 46-2
configuring
basic multicast routing 46-12
IP multicast boundary 46-46
default configuration 46-10
enabling
multicast forwarding 46-13
PIM mode 46-13
group-to-RP mappings
Auto-RP 46-6
BSR 46-7
MBONE
deleting sdr cache entries 46-62
described 46-45
displaying sdr cache 46-63
enabling sdr listener support 46-46
limiting DVMRP routes advertised 46-57
limiting sdr cache entry lifetime 46-46
SAP packets for conference session announcement 46-45
Session Directory (sdr) tool, described 46-45
monitoring
packet rate loss 46-63
peering devices 46-63
tracing a path 46-63
multicast forwarding, described 46-7
PIMv1 and PIMv2 interoperability 46-11
protocol interaction 46-2
reverse path check (RPF) 46-7
routing table
deleting 46-62
displaying 46-62
RP
assigning manually 46-24
configuring Auto-RP 46-26
configuring PIMv2 BSR 46-30
monitoring mapping information 46-34
using Auto-RP and BSR 46-34
stacking
stack master functions 46-9
stack member functions 46-10
statistics, displaying system and network 46-62
IP phones
and QoS 16-1
automatic classification and queueing 36-20
configuring 16-4
ensuring port security with QoS 36-38
trusted boundary for QoS 36-38
IP Port Security for Static Hosts
on a Layer 2 access port 23-20
on a PVLAN host port 23-23
IP precedence 36-2
IP-precedence-to-DSCP map for QoS 36-61
IP protocols
in ACLs 35-12
routing 1-13
IP routes, monitoring 38-104
IP routing
connecting interfaces with 12-10
disabling 38-19
enabling 38-19
IP Service Level Agreements
IP service levels, analyzing 43-1
IP services image 1-1
IP SLAs
benefits 43-2
configuration guidelines 43-6
configuring object tracking 44-9
Control Protocol 43-4
default configuration 43-6
definition 43-1
ICMP echo operation 43-11
measuring network performance 43-3
monitoring 43-13
multioperations scheduling 43-5
object tracking 44-9
operation 43-3
reachability tracking 44-9
responder
described 43-4
enabling 43-8
response time 43-4
scheduling 43-5
SNMP support 43-2
supported metrics 43-2
threshold monitoring 43-6
track object monitoring agent, configuring 44-11
track state 44-9
UDP jitter operation 43-9
IP source guard
and 802.1x 23-18
and DHCP snooping 23-16
and EtherChannels 23-18
and port security 23-18
and private VLANs 23-18
and routed ports 23-18
and TCAM entries 23-18
and trunk interfaces 23-18
and VRF 23-18
binding configuration
automatic 23-16
manual 23-16
binding table 23-16
configuration guidelines 23-18
default configuration 23-18
described 23-16
disabling 23-19
displaying
active IP or MAC bindings 23-25
bindings 23-25
configuration 23-25
filtering
source IP address 23-16
source IP and MAC address 23-16
on provisioned switches 23-18
source IP address filtering 23-16
source IP and MAC address filtering 23-16
static bindings
deleting 23-19
static hosts 23-20
IP traceroute
executing 49-18
overview 49-17
IP unicast routing
address resolution 38-9
administrative distances 38-92, 38-102
ARP 38-10
assigning IP addresses to Layer 3 interfaces 38-7
authentication keys 38-103
broadcast
address 38-16
flooding 38-17
packets 38-14
storms 38-14
classless routing 38-8
configuring static routes 38-91
default
addressing configuration 38-6
gateways 38-12
networks 38-93
routes 38-93
routing 38-3
directed broadcasts 38-15
disabling 38-19
dynamic routing 38-3
enabling 38-19
EtherChannel Layer 3 interface 38-5
IGP 38-25
inter-VLAN 38-2
IP addressing
classes 38-7
configuring 38-6
IPv6 39-3
IRDP 38-13
Layer 3 interfaces 38-5
MAC address and IP address 38-9
passive interfaces 38-101
protocols
distance-vector 38-3
dynamic 38-3
link-state 38-3
proxy ARP 38-10
redistribution 38-93
reverse address resolution 38-9
routed ports 38-5
static routing 38-3
steps to configure 38-5
subnet mask 38-7
subnet zero 38-7
supernet 38-8
UDP 38-16
with SVIs 38-5
IPv4 ACLs
applying to interfaces 35-20
extended, creating 35-11
named 35-15
standard, creating 35-10
IPv4 and IPv6
dual protocol stacks 39-5
IPv6
ACLs
displaying 41-8
limitations 41-3
matching criteria 41-3
port 41-1
precedence 41-2
router 41-1
supported 41-2
addresses 39-2
address formats 39-2
and switch stacks 39-9
applications 39-5
assigning address 39-11
autoconfiguration 39-5
CEFv6 39-18
configuring static routes 39-19
default configuration 39-10
default router preference (DRP) 39-4
defined 39-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 39-7
EIGRP IPv6 Commands 39-7
Router ID 39-7
feature limitations 39-8
features not supported 39-8
forwarding 39-11
ICMP 39-4
monitoring 39-26
neighbor discovery 39-4
OSPF 39-6
path MTU discovery 39-4
stack master functions 39-9
Stateless Autoconfiguration 39-5
supported features 39-2
switch limitations 39-8
understanding static routes 39-6
IPv6 traffic, filtering 41-4
IRDP
configuring 38-13
definition 38-13
support for 1-14
IS-IS
addresses 38-65
area routing 38-65
default configuration 38-66
monitoring 38-74
show commands 38-74
system routing 38-65
ISL
and IPv6 39-3
and trunk ports 12-3
trunking with IEEE 802.1 tunneling 18-4
ISO CLNS
clear commands 38-74
dynamic routing protocols 38-64
monitoring 38-74
NETs 38-64
NSAPs 38-64
OSI standard 38-64
ISO IGRP
area routing 38-65
system routing 38-65
isolated port 17-2
J
join messages, IGMP 25-3
K
KDC
described 9-40
Kerberos
authenticating to
boundary switch 9-42
KDC 9-42
network services 9-42
configuration examples 9-39
configuring 9-43
credentials 9-40
cryptographic software image 9-39
described 9-40
KDC 9-40
operation 9-42
realm 9-41
server 9-41
support for 1-11
switch as trusted third party 9-40
terms 9-40
TGT 9-41
tickets 9-40
key distribution center
L
l2protocol-tunnel command 18-13
LACP
Layer 2 protocol tunneling 18-9
Layer 2 frames, classification with CoS 36-2
Layer 2 interfaces, default configuration 12-16
Layer 2 protocol tunneling
configuring 18-10
configuring for EtherChannels 18-14
default configuration 18-11
defined 18-8
guidelines 18-12
Layer 2 traceroute
and ARP 49-17
and CDP 49-16
broadcast traffic 49-16
described 49-16
IP addresses and subnets 49-17
MAC addresses and VLANs 49-16
multicast traffic 49-16
multiple devices on a port 49-17
unicast traffic 49-16
usage guidelines 49-16
Layer 3 features 1-13
Layer 3 interfaces
assigning IP addresses to 38-7
assigning IPv4 and IPv6 addresses to 39-14
assigning IPv6 addresses to 39-11
changing from Layer 2 mode 38-7, 38-82
types of 38-5
Layer 3 packets, classification methods 36-2
LDAP 4-2
Leaking IGMP Reports 22-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
line configuration mode 2-3
Link Aggregation Control Protocol
link failure, detecting unidirectional 20-8
Link Layer Discovery Protocol
link local unicast addresses 39-3
link redundancy
links, unidirectional 29-1
link state advertisements (LSAs) 38-31
link-state protocols 38-3
link-state tracking
configuring 37-25
described 37-23
LLDP
configuring 28-4
characteristics 28-6
default configuration 28-4
enabling 28-5
monitoring and maintaining 28-10
overview 28-1
supported TLVs 28-2
switch stack considerations 28-2
transmission timer and holdtime, setting 28-6
LLDP-MED
configuring
procedures 28-4
TLVs 28-7
monitoring and maintaining 28-10
supported TLVs 28-2
LLDP Media Endpoint Discovery
load balancing 42-4
local SPAN 30-2
logging messages, ACL 35-9
login authentication
with RADIUS 9-29
with TACACS+ 9-14
login banners 7-17
log messages
Long-Reach Ethernet (LRE) technology 1-20, 1-26
loop guard
described 21-11
enabling 21-18
support for 1-8
LRE profiles, considerations in switch clusters 6-16
M
MAB
MAB aging timer 1-9
MAB inactivity timer
default setting 10-32
range 10-35
MAC/PHY configuration status TLV 28-2
MAC addresses
aging time 7-21
and VLAN association 7-20
building the address table 7-20
default configuration 7-21
disabling learning on a VLAN 7-29
discovering 7-30
displaying 7-30
displaying in the IP source binding table 23-25
dynamic
learning 7-20
removing 7-22
in ACLs 35-28
IP address association 38-9
static
adding 7-27
characteristics of 7-26
dropping 7-28
removing 7-27
MAC address learning 1-6
MAC address learning, disabling on a VLAN 7-29
MAC address notification, support for 1-15
MAC address-table move update
configuration guidelines 22-8
configuring 22-12
default configuration 22-8
description 22-6
monitoring 22-14
MAC address-to-VLAN mapping 14-26
MAC authentication bypass 10-35
configuring 10-54
overview 10-15
MAC extended access lists
applying to Layer 2 interfaces 35-29
configuring for QoS 36-45
creating 35-28
defined 35-28
for QoS classification 36-5
macros
magic packet 10-25
manageability features 1-6
management access
in-band
browser session 1-6
CLI session 1-6
device manager 1-6
SNMP 1-7
out-of-band console port connection 1-7
management address TLV 28-2
management options
CLI 2-1
clustering 1-3
CNS 4-1
Network Assistant 1-2
overview 1-5
switch stacks 1-3
management VLAN
considerations in switch clusters 6-7
discovery through different management VLANs 6-7
mapping tables for QoS
configuring
CoS-to-DSCP 36-60
DSCP 36-60
DSCP-to-CoS 36-63
DSCP-to-DSCP-mutation 36-64
IP-precedence-to-DSCP 36-61
policed-DSCP 36-62
described 36-12
marking
action with aggregate policers 36-58
matching
IPv6 ACLs 41-3
matching, IPv4 ACLs 35-8
maximum aging time
MSTP 20-24
STP 19-23
maximum hop count, MSTP 20-24
maximum number of allowed devices, port-based authentication 10-35
maximum-paths command 38-52, 38-91
MDA
configuration guidelines10-12to 10-13
exceptions with authentication process 10-5
Medianet
membership mode, VLAN port 14-3
member switch
automatic discovery 6-5
defined 6-2
managing 6-16
passwords 6-13
recovering from lost connectivity 49-12
requirements 6-4
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 7-17
metrics, in BGP 38-52
metric translations, between routing protocols 38-97
metro tags 18-2
MHSRP 42-4
MIBs
accessing files with FTP B-3
location of files B-3
overview 33-1
SNMP interaction with 33-4
supported B-1
mini-point-of-presence
mirroring traffic for analysis 30-1
mismatches, autonegotiation 49-12
module number 12-11
monitoring
access groups 35-41
BGP 38-63
cables for unidirectional links 29-1
CDP 27-5
CEF 38-90
EIGRP 38-43
fallback bridging 48-11
features 1-15
Flex Links 22-14
HSRP 42-13
IEEE 802.1Q tunneling 18-18
IGMP
filters 25-29
interfaces 12-31
IP
address tables 38-18
multicast routing 46-61
routes 38-104
IP SLAs operations 43-13
IPv4 ACL configuration 35-41
IPv6 39-26
IPv6 ACL configuration 41-8
IS-IS 38-74
ISO CLNS 38-74
Layer 2 protocol tunneling 18-18
MAC address-table move update 22-14
MSDP peers 47-18
multicast router interfaces 25-17, 40-12
multi-VRF CE 38-89
MVR 25-24
network traffic for analysis with probe 30-2
object tracking 44-12
OSPF 38-34
port
blocking 26-19
protection 26-19
private VLANs 17-14
RP mapping information 46-34
source-active messages 47-18
speed and duplex mode 12-19
SSM mapping 46-21
traffic flowing among switches 31-1
traffic suppression 26-19
tunneling 18-18
VLAN
filters 35-42
maps 35-42
VLANs 14-14
VMPS 14-31
VTP 15-17
mrouter Port 22-3
mrouter port 22-5
MSDP
benefits of 47-3
clearing MSDP connections and statistics 47-18
controlling source information
forwarded by switch 47-11
originated by switch 47-8
received by switch 47-13
default configuration 47-4
dense-mode regions
sending SA messages to 47-16
specifying the originating address 47-17
filtering
incoming SA messages 47-14
SA messages to a peer 47-12
SA requests from a peer 47-10
join latency, defined 47-6
meshed groups
configuring 47-15
defined 47-15
originating address, changing 47-17
overview 47-1
peer-RPF flooding 47-2
peers
configuring a default 47-4
monitoring 47-18
peering relationship, overview 47-1
requesting source information from 47-8
shutting down 47-15
source-active messages
caching 47-6
clearing cache entries 47-18
defined 47-2
filtering from a peer 47-10
filtering incoming 47-14
filtering to a peer 47-12
limiting data with TTL 47-13
monitoring 47-18
restricting advertised sources 47-9
support for 1-14
MSTP
boundary ports
configuration guidelines 20-16
described 20-6
BPDU filtering
described 21-3
enabling 21-14
BPDU guard
described 21-2
enabling 21-13
CIST, described 20-3
CIST root 20-5
configuration guidelines 20-15, 21-12
configuring
forward-delay time 20-23
hello time 20-22
link type for rapid convergence 20-24
maximum aging time 20-24
maximum hop count 20-24
MST region 20-16
neighbor type 20-25
path cost 20-21
port priority 20-19
root switch 20-17
secondary root switch 20-19
switch priority 20-22
CST
defined 20-3
operations between regions 20-4
default configuration 20-15
default optional feature configuration 21-12
displaying status 20-26
enabling the mode 20-16
EtherChannel guard
described 21-10
enabling 21-17
extended system ID
effects on root switch 20-17
effects on secondary root switch 20-19
unexpected behavior 20-18
IEEE 802.1s
implementation 20-6
port role naming change 20-7
terminology 20-5
instances supported 19-10
interface state, blocking to forwarding 21-2
interoperability and compatibility among modes 19-11
interoperability with IEEE 802.1D
described 20-9
restarting migration process 20-26
IST
defined 20-3
master 20-3
operations within a region 20-3
loop guard
described 21-11
enabling 21-18
mapping VLANs to MST instance 20-16
MST region
CIST 20-3
configuring 20-16
described 20-2
hop-count mechanism 20-5
IST 20-3
supported spanning-tree instances 20-2
optional features supported 1-8
overview 20-2
Port Fast
described 21-2
enabling 21-12
preventing root switch selection 21-10
root guard
described 21-10
enabling 21-18
root switch
configuring 20-18
effects of extended system ID 20-17
unexpected behavior 20-18
shutdown Port Fast-enabled port 21-2
stack changes, effects of 20-8
status, displaying 20-26
multiauth
support for inaccessible authentication bypass 10-22
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 25-5
joining 25-3
leaving 25-5
multicast packets
ACLs on 35-41
blocking 26-8
multicast router interfaces, monitoring 25-17, 40-12
multicast router ports, adding 25-9, 40-8
Multicast Source Discovery Protocol
multicast storm 26-1
multicast storm-control command 26-4
multicast television application 25-18
multicast VLAN 25-17
Multicast VLAN Registration
multidomain authentication
multioperations scheduling, IP SLAs 43-5
multiple authentication 10-13
multiple authentication mode
configuring 10-41
Multiple HSRP
multiple VPN routing/forwarding in customer edge devices
multi-VRF CE
configuration example 38-85
configuration guidelines 38-77
configuring 38-77
default configuration 38-77
defined 38-75
displaying 38-89
monitoring 38-89
network components 38-77
packet-forwarding process 38-76
support for 1-14
MVR
and address aliasing 25-21
and IGMPv3 25-21
configuration guidelines 25-20
configuring interfaces 25-22
default configuration 25-20
described 25-17
example application 25-18
in the switch stack 25-20
modes 25-21
monitoring 25-24
multicast television application 25-18
setting global parameters 25-21
support for 1-4
N
NAC
AAA down policy 1-11
critical authentication 10-22, 10-50
IEEE 802.1x authentication using a RADIUS server 10-56
IEEE 802.1x validation using RADIUS server 10-56
inaccessible authentication bypass 1-11, 10-50
Layer 2 IEEE 802.1x validation 1-11, 10-27, 10-56
Layer 2 IP validation 1-11
named IPv4 ACLs 35-15
NameSpace Mapper
native VLAN
and IEEE 802.1Q tunneling 18-4
configuring 14-22
default 14-22
NEAT
configuring 10-57
overview 10-29
neighbor discovery, IPv6 39-4
neighbor discovery/recovery, EIGRP 38-36
neighbors, BGP 38-58
Network Admission Control
Network Assistant
benefits 1-2
described 1-5
downloading image files 1-2
guide mode 1-2
management options 1-2
managing switch stacks 5-2, 5-15
upgrading a switch C-23
wizards 1-2
network configuration examples
cost-effective wiring closet 1-20
high-performance wiring closet 1-21
increasing network performance 1-19
large network 1-25
long-distance, high-bandwidth transport 1-28
multidwelling network 1-26
providing network services 1-19
redundant Gigabit backbone 1-21
server aggregation and Linux server cluster 1-22
small to medium-sized network 1-24
network design
performance 1-19
services 1-19
Network Edge Access Topology
network management
CDP 27-1
RMON 31-1
SNMP 33-1
network performance, measuring with IP SLAs 43-3
Network Time Protocol
no commands 2-4
nonhierarchical policy maps
configuration guidelines 36-33
described 36-9
non-IP traffic filtering 35-28
nontrunking mode 14-16
normal-range VLANs 14-4
configuration guidelines 14-6
configuring 14-4
defined 14-1
no switchport command 12-4
not-so-stubby areas
NSAPs, as ISO IGRP addresses 38-65
NSF Awareness
IS-IS 38-67
NSM 4-3
NSSA, OSPF 38-31
NTP
associations
authenticating 7-4
defined 7-2
enabling broadcast messages 7-6
peer 7-5
server 7-5
default configuration 7-4
displaying the configuration 7-11
overview 7-2
restricting access
creating an access group 7-8
disabling NTP services per interface 7-10
source IP address, configuring 7-10
stratum 7-2
support for 1-6
synchronizing devices 7-5
time
services 7-2
synchronizing 7-2
O
object tracking
HSRP 44-7
IP SLAs 44-9
IP SLAs, configuring 44-9
monitoring 44-12
offline configuration for switch stacks 5-6
off mode, VTP 15-3
online diagnostics
overview 50-1
running tests 50-3
understanding 50-1
open1x
configuring 10-62
open1x authentication
overview 10-28
Open Shortest Path First
optimizing system resources 8-1
options, management 1-5
OSPF
area parameters, configuring 38-30
configuring 38-28
default configuration
metrics 38-32
route 38-32
settings 38-26
described 38-25
for IPv6 39-6
interface parameters, configuring 38-29
LSA group pacing 38-33
monitoring 38-34
router IDs 38-34
route summarization 38-32
support for 1-13
virtual links 38-32
out-of-profile markdown 1-13
P
packet modification, with QoS 36-19
PAgP
Layer 2 protocol tunneling 18-9
parallel paths, in routing tables 38-91
passive interfaces
configuring 38-101
OSPF 38-32
passwords
default configuration 9-2
disabling recovery of 9-5
encrypting 9-3
for security 1-10
in clusters 6-13
overview 9-1
recovery of 49-3
setting
enable 9-3
enable secret 9-3
Telnet 9-6
with usernames 9-6
VTP domain 15-9
path cost
MSTP 20-21
STP 19-20
path MTU discovery 39-4
PBR
defined 38-97
enabling 38-99
fast-switched policy-based routing 38-100
local policy-based routing 38-100
PC (passive command switch) 6-10
peers, BGP 38-58
percentage thresholds in tracked lists 44-6
performance, network design 1-19
performance features 1-4
persistent self-signed certificate 9-50
per-user ACLs and Filter-Ids 10-8
per-VLAN spanning-tree plus
PE to CE routing, configuring 38-84
physical ports 12-2
PIM
default configuration 46-10
dense mode
overview 46-4
rendezvous point (RP), described 46-5
RPF lookups 46-8
displaying neighbors 46-62
enabling a mode 46-13
overview 46-4
router-query message interval, modifying 46-37
shared tree and source tree, overview 46-35
shortest path tree, delaying the use of 46-36
sparse mode
join messages and shared tree 46-5
overview 46-5
prune messages 46-5
RPF lookups 46-8
stub routing
configuration guidelines 46-22
displaying 46-62
enabling 46-23
overview 46-5
support for 1-14
versions
interoperability 46-11
troubleshooting interoperability problems 46-35
v2 improvements 46-4
PIM-DVMRP, as snooping method 25-8
ping
character output description 49-15
executing 49-15
overview 49-14
PoE
auto mode 12-9
CDP with power consumption, described 12-7
CDP with power negotiation, described 12-7
Cisco intelligent power management 12-7
configuring 12-22
devices supported 12-7
high-power devices operating in low-power mode 12-7
IEEE power classification levels 12-8
power budgeting 12-23
power consumption 12-23
powered-device detection and initial power allocation 12-8
power management modes 12-9
power negotiation extensions to CDP 12-7
standards supported 12-7
static mode 12-9
troubleshooting 49-13
policed-DSCP map for QoS 36-62
policers
configuring
for each matched traffic class 36-48
for more than one traffic class 36-58
described 36-4
displaying 36-78
number of 36-34
types of 36-9
policing
described 36-4
hierarchical
token-bucket algorithm 36-9
policy-based routing
policy maps for QoS
characteristics of 36-48
described 36-7
displaying 36-79
hierarchical 36-8
hierarchical on SVIs
configuration guidelines 36-33
configuring 36-52
described 36-11
nonhierarchical on physical ports
configuration guidelines 36-33
described 36-9
POP 1-26
port ACLs
defined 35-2
types of 35-3
Port Aggregation Protocol
port-based authentication
accounting 10-14
authentication server
RADIUS server 10-3
configuration guidelines 10-33, 11-9
configuring
802.1x authentication 10-38
guest VLAN 10-48
host mode 10-41
inaccessible authentication bypass 10-50
manual re-authentication of a client 10-43
periodic re-authentication 10-42
quiet period 10-44
RADIUS server parameters on the switch 10-40, 11-11
restricted VLAN 10-49
switch-to-client frame-retransmission number 10-45, 10-46
switch-to-client retransmission time 10-44
default configuration 10-32, 11-9
described 10-1
displaying statistics 10-63, 11-17
downloadable ACLs and redirect URLs
configuring10-58to10-60, ??to 10-61
EAPOL-start frame 10-5
EAP-request/identity frame 10-5
EAP-response/identity frame 10-5
enabling
802.1X authentication 11-11
encapsulation 10-3
flexible authentication ordering
configuring 10-61
overview 10-28
guest VLAN
configuration guidelines 10-20, 10-21
described 10-20
host mode 10-11
inaccessible authentication bypass
configuring 10-50
described 10-22
guidelines 10-34
initiation and message exchange 10-5
magic packet 10-25
maximum number of allowed devices per port 10-35
method lists 10-38
multiple authentication 10-13
per-user ACLs
AAA authorization 10-38
configuration tasks 10-18
described 10-17
RADIUS server attributes 10-17
ports
authorization state and dot1x port-control command 10-10
authorized and unauthorized 10-10
voice VLAN 10-23
port security
and voice VLAN 10-25
described 10-24
interactions 10-24
multiple-hosts mode 10-11
readiness check
configuring 10-35
resetting to default values 10-63
stack changes, effects of 10-11
statistics, displaying 10-63
switch
RADIUS client 10-3
switch supplicant
configuring 10-57
overview 10-29
upgrading from a previous release 36-26
user distribution
guidelines 10-27
overview 10-27
VLAN assignment
AAA authorization 10-38
characteristics 10-16
configuration tasks 10-17
described 10-16
voice aware 802.1x security
configuring 10-36
voice VLAN
described 10-23
PVID 10-23
VVID 10-23
wake-on-LAN, described 10-25
with ACLs and RADIUS Filter-Id attribute 10-30
port-based authentication methods, supported 10-7
port-channel
port description TLV 28-2
Port Fast
described 21-2
enabling 21-12
mode, spanning tree 14-28
support for 1-8
port membership modes, VLAN 14-3
port priority
MSTP 20-19
STP 19-18
ports
10-Gigabit Ethernet module 12-6
access 12-3
blocking 26-7
dynamic access 14-3
IEEE 802.1Q tunnel 14-4
protected 26-6
routed 12-4
secure 26-9
switch 12-2
VLAN assignments 14-10
port security
aging 26-17
and private VLANs 26-18
and QoS trusted boundary 36-38
and stacking 26-18
configuring 26-13
default configuration 26-11
described 26-8
displaying 26-19
enabling 26-18
on trunk ports 26-14
sticky learning 26-9
violations 26-10
with other features 26-11
port-shutdown response, VMPS 14-27
port VLAN ID TLV 28-2
power management TLV 28-2, 28-7
Power over Ethernet
preemption, default configuration 22-7
preemption delay, default configuration 22-8
preferential treatment of traffic
prefix lists, BGP 38-56
preventing unauthorized access 9-1
primary interface for object tracking, DHCP, configuring 44-11
primary interface for static routing, configuring 44-10
primary links 22-2
priority
HSRP 42-8
overriding CoS 16-6
trusting CoS 16-6
private VLAN edge ports
private VLANs
across multiple switches 17-4
and SDM template 17-4
and SVIs 17-5
and switch stacks 17-5
benefits of 17-1
community ports 17-2
configuration guidelines 17-7, 17-8
configuration tasks 17-6
configuring 17-10
default configuration 17-6
end station access to 17-3
IP addressing 17-3
isolated port 17-2
mapping 17-13
monitoring 17-14
ports
community 17-2
configuration guidelines 17-8
configuring host ports 17-11
configuring promiscuous ports 17-12
described 14-4
isolated 17-2
promiscuous 17-2
promiscuous ports 17-2
secondary VLANs 17-2
subdomains 17-1
traffic in 17-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 9-9
command switch 6-17
exiting 9-9
logging into 9-9
mapping on member switches 6-17
setting a command with 9-8
promiscuous ports
configuring 17-12
defined 17-2
protocol-dependent modules, EIGRP 38-36
Protocol-Independent Multicast Protocol
provider edge devices 38-75
provisioned switches and IP source guard 23-18
provisioning new members for a switch stack 5-6
proxy ARP
configuring 38-12
definition 38-10
with IP routing disabled 38-12
proxy reports 22-3
pruning, VTP
disabling
in VTP domain 15-15
on a port 14-22
enabling
in VTP domain 15-15
on a port 14-21
examples 15-6
overview 15-6
pruning-eligible list
changing 14-21
for VTP pruning 15-6
VLANs 15-15
PVST+
described 19-10
IEEE 802.1Q trunking interoperability 19-11
instances supported 19-10
Q
QoS
and MQC commands 36-1
auto-QoS
categorizing traffic 36-20
configuration and defaults display 36-29
configuration guidelines 36-25
described 36-20
disabling 36-27
displaying generated commands 36-27
displaying the initial configuration 36-29
effects on running configuration 36-25
egress queue defaults 36-21
enabling for VoIP 36-27
example configuration 36-28
ingress queue defaults 36-21
list of generated commands 36-22
basic model 36-4
classification
class maps, described 36-7
defined 36-4
DSCP transparency, described 36-40
flowchart 36-6
forwarding treatment 36-3
in frames and packets 36-3
MAC ACLs, described 36-5, 36-7
options for IP traffic 36-5
options for non-IP traffic 36-5
policy maps, described 36-7
trust DSCP, described 36-5
trusted CoS, described 36-5
trust IP precedence, described 36-5
class maps
configuring 36-46
displaying 36-78
configuration guidelines
auto-QoS 36-25
standard QoS 36-33
configuring
aggregate policers 36-58
auto-QoS 36-20
default port CoS value 36-38
DSCP maps 36-60
DSCP transparency 36-40
DSCP trust states bordering another domain 36-40
egress queue characteristics 36-70
ingress queue characteristics 36-66
IP extended ACLs 36-44
IP standard ACLs 36-43
MAC ACLs 36-45
policy maps, hierarchical 36-52
port trust states within the domain 36-36
trusted boundary 36-38
default auto configuration 36-20
default standard configuration 36-30
displaying statistics 36-78
DSCP transparency 36-40
egress queues
allocating buffer space 36-71
buffer allocation scheme, described 36-17
configuring shaped weights for SRR 36-74
configuring shared weights for SRR 36-76
described 36-4
displaying the threshold map 36-74
flowchart 36-17
mapping DSCP or CoS values 36-73
scheduling, described 36-4
setting WTD thresholds 36-71
WTD, described 36-18
enabling globally 36-35
flowcharts
classification 36-6
egress queueing and scheduling 36-17
ingress queueing and scheduling 36-15
policing and marking 36-10
implicit deny 36-7
ingress queues
allocating bandwidth 36-68
allocating buffer space 36-68
buffer and bandwidth allocation, described 36-16
configuring shared weights for SRR 36-68
configuring the priority queue 36-69
described 36-4
displaying the threshold map 36-67
flowchart 36-15
mapping DSCP or CoS values 36-66
priority queue, described 36-16
scheduling, described 36-4
setting WTD thresholds 36-66
WTD, described 36-16
IP phones
automatic classification and queueing 36-20
detection and trusted settings 36-20, 36-38
limiting bandwidth on egress interface 36-77
mapping tables
CoS-to-DSCP 36-60
displaying 36-78
DSCP-to-CoS 36-63
DSCP-to-DSCP-mutation 36-64
IP-precedence-to-DSCP 36-61
policed-DSCP 36-62
types of 36-12
marked-down actions 36-50, 36-55
overview 36-2
packet modification 36-19
policers
configuring 36-50, 36-55, 36-58
described 36-8
displaying 36-78
number of 36-34
types of 36-9
policies, attaching to an interface 36-8
policing
token bucket algorithm 36-9
policy maps
characteristics of 36-48
displaying 36-79
hierarchical 36-8
hierarchical on SVIs 36-52
nonhierarchical on physical ports 36-48
QoS label, defined 36-4
queues
configuring egress characteristics 36-70
configuring ingress characteristics 36-66
high priority (expedite) 36-19, 36-77
location of 36-13
SRR, described 36-14
WTD, described 36-13
rewrites 36-19
support for 1-12
trust states
bordering another domain 36-40
described 36-5
trusted device 36-38
within the domain 36-36
quality of service
queries, IGMP 25-4
query solicitation, IGMP 25-13
R
RADIUS
attributes
vendor-proprietary 9-37
vendor-specific 9-35
configuring
accounting 9-34
authentication 9-29
authorization 9-33
communication, global 9-27, 9-35
communication, per-server 9-27
multiple UDP ports 9-27
default configuration 9-27
defining AAA server groups 9-31
displaying the configuration 9-39
identifying the server 9-27
in clusters 6-16
limiting the services to the user 9-33
method list, defined 9-26
operation of 9-19
overview 9-18
server load balancing 9-39
suggested network environments 9-18
support for 1-11
tracking services accessed by user 9-34
RADIUS Change of Authorization 9-19
range
macro 12-14
of interfaces 12-13
rapid convergence 20-10
rapid per-VLAN spanning-tree plus
rapid PVST+
described 19-10
IEEE 802.1Q trunking interoperability 19-11
instances supported 19-10
Rapid Spanning Tree Protocol
RARP 38-10
rcommand command 6-16
RCP
configuration files
downloading C-17
overview C-15
preparing the server C-16
uploading C-18
image files
deleting old image C-36
downloading C-35
preparing the server C-34
uploading C-36
reachability, tracking IP SLAs IP host 44-9
readiness check
port-based authentication
configuring 10-35
reconfirmation interval, VMPS, changing 14-30
reconfirming dynamic VLAN membership 14-30
recovery procedures 49-1
redundancy
EtherChannel 37-3
HSRP 42-1
STP
backbone 19-8
multidrop backbone 21-5
path cost 14-25
port priority 14-23
redundant links and UplinkFast 21-15
redundant power system
See Cisco Redundant Power System 2300
reliable transport protocol, EIGRP 38-36
reloading software 3-21
Remote Authentication Dial-In User Service
Remote Copy Protocol
Remote Network Monitoring
Remote SPAN
remote SPAN 30-3
report suppression, IGMP
described 25-6
resequencing ACL entries 35-15
reserved addresses in DHCP pools 23-27
resets, in BGP 38-51
resetting a UDLD-shutdown interface 29-6
responder, IP SLAs
described 43-4
enabling 43-8
response time, measuring with IP SLAs 43-4
restricted VLAN
configuring 10-49
described 10-21
using with IEEE 802.1x 10-21
restricting access
NTP services 7-8
overview 9-1
passwords and privilege levels 9-2
RADIUS 9-17
TACACS+ 9-10
retry count, VMPS, changing 14-30
reverse address resolution 38-9
Reverse Address Resolution Protocol
RFC
1058, RIP 38-20
1112, IP multicast and IGMP 25-2
1157, SNMPv1 33-2
1163, BGP 38-43
1166, IP addresses 38-7
1253, OSPF 38-25
1267, BGP 38-43
1305, NTP 7-2
1587, NSSAs 38-25
1757, RMON 31-2
1771, BGP 38-43
1901, SNMPv2C 33-2
1902 to 1907, SNMPv2 33-2
2236, IP multicast and IGMP 25-2
2273-2275, SNMPv3 33-2
RFC 5176 Compliance 9-20
RIP
advertisements 38-20
authentication 38-23
configuring 38-21
default configuration 38-20
described 38-20
for IPv6 39-6
hop counts 38-20
split horizon 38-23
summary addresses 38-23
support for 1-13
RMON
default configuration 31-3
displaying status 31-6
enabling alarms and events 31-3
groups supported 31-2
overview 31-1
statistics
collecting group Ethernet 31-5
collecting group history 31-5
support for 1-15
root guard
described 21-10
enabling 21-18
support for 1-8
root switch
MSTP 20-17
STP 19-16
route calculation timers, OSPF 38-32
route dampening, BGP 38-62
routed packets, ACLs on 35-40
routed ports
configuring 38-5
defined 12-4
in switch clusters 6-8
route-map command 38-100
route maps
BGP 38-54
policy-based routing 38-97
router ACLs
defined 35-2
types of 35-4
route reflectors, BGP 38-61
router ID, OSPF 38-34
route selection, BGP 38-52
route summarization, OSPF 38-32
route targets, VPN 38-77
routing
default 38-3
dynamic 38-3
redistribution of information 38-93
static 38-3
routing domain confederation, BGP 38-61
Routing Information Protocol
routing protocol administrative distances 38-92
RPS
See Cisco Redundant Power System 2300
RPS 2300
See Cisco Redundant Power System 2300
RSPAN
and stack changes 30-10
characteristics 30-9
configuration guidelines 30-17
default configuration 30-11
defined 30-3
destination ports 30-8
displaying status 30-25
in a switch stack 30-2
interaction with other features 30-9
monitored ports 30-6
monitoring ports 30-8
received traffic 30-5
session limits 30-11
sessions
creating 30-18
defined 30-4
limiting source traffic to specific VLANs 30-24
specifying monitored ports 30-18
with ingress traffic enabled 30-22
source ports 30-6
transmitted traffic 30-6
VLAN-based 30-7
RSTP
active topology 20-10
BPDU
format 20-12
processing 20-13
designated port, defined 20-9
designated switch, defined 20-9
interoperability with IEEE 802.1D
described 20-9
restarting migration process 20-26
topology changes 20-13
overview 20-9
port roles
described 20-9
synchronized 20-11
proposal-agreement handshake process 20-10
rapid convergence
cross-stack rapid convergence 20-11
described 20-10
edge ports and Port Fast 20-10
point-to-point links 20-10, 20-24
root ports 20-10
root port, defined 20-9
running configuration
running configuration, saving 3-15
S
SC (standby command switch) 6-10
scheduled reloads 3-21
scheduling, IP SLAs operations 43-5
SCP
and SSH 9-56
configuring 9-56
SDM
switch stack consideration 5-9
templates
configuring 8-6
number of 8-1
SDM template 41-4
aggregator 8-1
configuration guidelines 8-5
configuring 8-4
desktop 8-1
dual IPv4 and IPv6 8-2
types of 8-1
secondary VLANs 17-2
secure HTTP client
configuring 9-55
displaying 9-55
secure HTTP server
configuring 9-53
displaying 9-55
secure MAC addresses
and switch stacks 26-18
deleting 26-16
maximum number of 26-10
types of 26-9
secure ports
and switch stacks 26-18
configuring 26-9
secure remote connections 9-45
Secure Socket Layer
security, port 26-8
security features 1-9
sequence numbers in log messages 32-8
server mode, VTP 15-3
service-provider network, MSTP and RSTP 20-1
service-provider networks
and customer VLANs 18-2
and IEEE 802.1Q tunneling 18-1
Layer 2 protocols across 18-8
Layer 2 protocol tunneling for EtherChannels 18-9
set-request operation 33-4
setup program
failed command switch replacement 49-11
replacing failed command switch 49-9
severity levels, defining in system messages 32-9
SFPs
monitoring status of 12-32, 49-14
numbering of 12-12
security and identification 49-13
status, displaying 49-14
shaped round robin
Shell functions
Shell triggers
show access-lists hw-summary command 35-22
show and more command output, filtering 2-10
show cdp traffic command 27-5
show cluster members command 6-16
show configuration command 12-24
show forward command 49-22
show interfaces command 12-19, 12-24
show interfaces switchport 22-4
show l2protocol command 18-13, 18-15, 18-16
show lldp traffic command 28-11
show platform forward command 49-22
show running-config command
displaying ACLs 35-20, 35-21, 35-32, 35-35
interface description in 12-24
shutdown command on interfaces 12-32
shutdown threshold for Layer 2 protocol packets 18-11
Simple Network Management Protocol
small form-factor pluggable modules
small-frame arrival rate, configuring 26-5
Smartports macros
applying Cisco-default macros 13-18
applying global parameter values 13-18, 13-19
configuration guidelines 13-17
default configuration 13-17
defined 13-1
displaying 13-20
tracing 13-17
SNAP 27-1
SNMP
accessing MIB variables with 33-4
agent
described 33-4
disabling 33-7
and IP SLAs 43-2
authentication level 33-10
community strings
configuring 33-8
for cluster switches 33-4
overview 33-4
configuration examples 33-17
default configuration 33-6
engine ID 33-7
host 33-7
ifIndex values 33-5
in-band management 1-7
in clusters 6-14
informs
and trap keyword 33-11
described 33-5
differences from traps 33-5
disabling 33-15
enabling 33-15
limiting access by TFTP servers 33-16
limiting system log messages to NMS 32-10
managing clusters with 6-17
MIBs
location of B-3
supported B-1
notifications 33-5
security levels 33-3
setting CPU threshold notification 33-15
status, displaying 33-18
system contact and location 33-16
trap manager, configuring 33-13
traps
differences from informs 33-5
disabling 33-15
enabling 33-11
enabling MAC address notification 7-22, 7-24, 7-25
types of 33-12
versions supported 33-2
SNMP and Syslog Over IPv6 39-7
SNMPv1 33-2
SNMPv2C 33-2
SNMPv3 33-2
snooping, IGMP 25-2
software compatibility
software images
location in flash C-24
recovery procedures 49-2
scheduling reloads 3-21
tar file format, described C-24
See also downloading and uploading
source addresses
in IPv4 ACLs 35-12
in IPv6 ACLs 41-5
source-and-destination-IP address based forwarding, EtherChannel 37-9
source-and-destination MAC address forwarding, EtherChannel 37-9
source-IP address based forwarding, EtherChannel 37-9
source-MAC address forwarding, EtherChannel 37-8
Source-specific multicast
SPAN
and stack changes 30-10
configuration guidelines 30-11
default configuration 30-11
destination ports 30-8
displaying status 30-25
interaction with other features 30-9
monitored ports 30-6
monitoring ports 30-8
ports, restrictions 26-12
received traffic 30-5
session limits 30-11
sessions
configuring ingress forwarding 30-16, 30-23
creating 30-12
defined 30-4
limiting source traffic to specific VLANs 30-16
removing destination (monitoring) ports 30-14
specifying monitored ports 30-12
with ingress traffic enabled 30-15
source ports 30-6
transmitted traffic 30-6
VLAN-based 30-7
spanning tree and native VLANs 14-17
Spanning Tree Protocol
SPAN traffic 30-5
split horizon, RIP 38-23
SRR
configuring
shaped weights on egress queues 36-74
shared weights on egress queues 36-76
shared weights on ingress queues 36-68
described 36-14
shaped mode 36-14
shared mode 36-14
support for 1-13
SSH
configuring 9-46
cryptographic software image 9-44
encryption methods 9-45
switch stack considerations 5-15, 9-45
user authentication methods, supported 9-46
SSL
configuration guidelines 9-52
configuring a secure HTTP client 9-55
configuring a secure HTTP server 9-53
cryptographic software image 9-49
described 9-49
monitoring 9-55
SSM
address management restrictions 46-16
CGMP limitations 46-16
components 46-14
configuration guidelines 46-15
differs from Internet standard multicast 46-14
IGMP snooping 46-16
IGMPv3 46-14
IGMPv3 Host Signalling 46-15
IP address range 46-15
monitoring 46-16
operations 46-15
PIM 46-14
state maintenance limitations 46-16
SSM mapping 46-17
configuration guidelines 46-17
monitoring 46-21
overview 46-18
restrictions 46-18
static traffic forwarding 46-21
stack, switch
stack changes
effects on
IPv6 routing 39-9
stack changes, effects on
802.1x port-based authentication 10-11
ACL configuration 35-7
CDP 27-2
cross-stack EtherChannel 37-13
EtherChannel 37-10
fallback bridging 48-3
HSRP 42-5
IGMP snooping 25-6
IP routing 38-4
IPv6 ACLs 41-3
MAC address tables 7-21
MSTP 20-8
multicast routing 46-10
MVR 25-18
port security 26-18
SDM template selection 8-3
SNMP 33-1
SPAN and RSPAN 30-10
STP 19-12
switch clusters 6-14
system message log 32-2
VLANs 14-6
VTP 15-7
stack master
bridge ID (MAC address) 5-5
defined 5-1
election 5-4
IPv6 39-9
stack member
accessing CLI of specific member 5-23
configuring
member number 5-21
priority value 5-21
defined 5-1
displaying information of 5-23
IPv6 39-10
number 5-5
priority value 5-6
provisioning a new member 5-22
replacing 5-14
stack member number 12-11
stack protocol version 5-9
stacks, switch
accessing CLI of specific member 5-23
assigning information
member number 5-21
priority value 5-21
provisioning a new member 5-22
auto-advise 5-11
auto-copy 5-10
auto-extract 5-11
auto-upgrade 5-10
benefits 1-2
bridge ID 5-5
CDP considerations 27-2
compatibility, software 5-9
configuration file 5-14
configuration scenarios 5-16
copying an image file from one member to another C-37
default configuration 5-18
description of 5-1
displaying information of 5-23
enabling persistent MAC address timer 5-18
hardware compatibility and SDM mismatch mode 5-9
HSRP considerations 42-5
in clusters 6-14
incompatible software and image upgrades 5-13, C-37
IPv6 on 39-9
MAC address considerations 7-21
management connectivity 5-15
managing 5-1
membership 5-3
merged 5-3
MSTP instances supported 19-10
multicast routing, stack master and member roles 46-9
offline configuration
described 5-6
effects of adding a provisioned switch 5-7
effects of removing a provisioned switch 5-9
effects of replacing a provisioned switch 5-9
provisioned configuration, defined 5-6
provisioned switch, defined 5-6
provisioning a new member 5-22
provisioned switch
adding 5-7
removing 5-9
replacing 5-9
replacing a failed member 5-14
software compatibility 5-9
software image version 5-9
stack protocol version 5-9
STP
bridge ID 19-3
instances supported 19-10
root port selection 19-3
stack root switch election 19-3
system messages
hostnames in the display 32-1
remotely monitoring 32-2
system prompt consideration 7-14
system-wide configuration considerations 5-14
upgrading C-37
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 5-10
examples 5-11
manual upgrades with auto-advise 5-11
upgrades with auto-extract 5-11
version-mismatch mode
described 5-10
See also stack master and stack member
StackWise technology, Cisco 1-3
standby command switch
considerations 6-11
defined 6-2
priority 6-10
requirements 6-3
virtual IP address 6-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby ip command 42-6
standby links 22-2
standby router 42-1
standby timers, HSRP 42-11
startup configuration
booting
manually 3-18
specific image 3-19
clearing C-19
configuration file
automatically downloading 3-17
specifying the filename 3-17
default boot configuration 3-17
static access ports
assigning to VLAN 14-10
static addresses
static IP routing 1-14
static MAC addressing 1-10
static route primary interface,configuring 44-10
static routes
configuring 38-91
configuring for IPv6 39-19
understanding 39-6
static routing 38-3
static routing support, enhanced object tracking 44-10
static SSM mapping 46-18, 46-20
static traffic forwarding 46-21
static VLAN membership 14-2
statistics
802.1X 11-17
802.1x 10-63
CDP 27-5
interface 12-31
IP multicast routing 46-62
LLDP 28-10
LLDP-MED 28-10
NMSP 28-10
OSPF 38-34
QoS ingress and egress 36-78
RMON group Ethernet 31-5
RMON group history 31-5
SNMP input and output 33-18
VTP 15-17
sticky learning 26-9
storm control
configuring 26-3
described 26-1
disabling 26-5
displaying 26-19
support for 1-4
thresholds 26-1
STP
accelerating root port selection 21-4
BackboneFast
described 21-7
disabling 21-17
enabling 21-16
BPDU filtering
described 21-3
disabling 21-15
enabling 21-14
BPDU guard
described 21-2
disabling 21-14
enabling 21-13
BPDU message exchange 19-3
configuration guidelines 19-13, 21-12
configuring
forward-delay time 19-23
hello time 19-22
maximum aging time 19-23
path cost 19-20
port priority 19-18
root switch 19-16
secondary root switch 19-18
spanning-tree mode 19-15
switch priority 19-21
transmit hold-count 19-24
counters, clearing 19-24
cross-stack UplinkFast
described 21-5
enabling 21-16
default configuration 19-13
default optional feature configuration 21-12
designated port, defined 19-4
designated switch, defined 19-4
detecting indirect link failures 21-8
disabling 19-16
displaying status 19-24
EtherChannel guard
described 21-10
disabling 21-17
enabling 21-17
extended system ID
effects on root switch 19-16
effects on the secondary root switch 19-18
overview 19-4
unexpected behavior 19-16
features supported 1-8
IEEE 802.1D and bridge ID 19-4
IEEE 802.1D and multicast addresses 19-9
IEEE 802.1t and VLAN identifier 19-5
inferior BPDU 19-3
instances supported 19-10
interface state, blocking to forwarding 21-2
interface states
blocking 19-6
disabled 19-7
learning 19-7
listening 19-7
overview 19-5
interoperability and compatibility among modes 19-11
Layer 2 protocol tunneling 18-8
limitations with IEEE 802.1Q trunks 19-11
load sharing
overview 14-22
using path costs 14-25
using port priorities 14-23
loop guard
described 21-11
enabling 21-18
modes supported 19-10
multicast addresses, effect of 19-9
optional features supported 1-8
overview 19-2
path costs 14-25
Port Fast
described 21-2
enabling 21-12
port priorities 14-24
preventing root switch selection 21-10
protocols supported 19-10
redundant connectivity 19-8
root guard
described 21-10
enabling 21-18
root port, defined 19-3
root port selection on a switch stack 19-3
root switch
configuring 19-16
effects of extended system ID 19-4, 19-16
election 19-3
unexpected behavior 19-16
shutdown Port Fast-enabled port 21-2
stack changes, effects of 19-12
status, displaying 19-24
superior BPDU 19-3
timers, described 19-22
UplinkFast
described 21-3
enabling 21-15
VLAN-bridge 19-11
stratum, NTP 7-2
stub areas, OSPF 38-30
stub routing, EIGRP 38-42
subdomains, private VLAN 17-1
subnet mask 38-7
subnet zero 38-7
success response, VMPS 14-27
summer time 7-13
SunNet Manager 1-5
supernet 38-8
supported port-based authentication methods 10-7
Smartports macros
See also Auto Smartports macros
SVI autostate exclude
configuring 12-27
defined 12-6
SVI link state 12-6
SVIs
and IP unicast routing 38-5
and router ACLs 35-4
connecting VLANs 12-10
defined 12-5
routing between VLANs 14-2
switch 39-2
switch clustering technology 6-1
switch console port 1-7
Switch Database Management
switched packets, ACLs on 35-39
Switched Port Analyzer
switched ports 12-2
switchport backup interface 22-4, 22-5
switchport block multicast command 26-8
switchport block unicast command 26-8
switchport command 12-16
switchport mode dot1q-tunnel command 18-6
switchport protected command 26-7
switch priority
MSTP 20-22
STP 19-21
switch software features 1-1
switch stacks
Catalyst 3750G wireless LAN controller switch A-2
switch virtual interface
synchronization, BGP 38-48
syslog
system capabilities TLV 28-2
system clock
configuring
daylight saving time 7-13
manually 7-11
summer time 7-13
time zones 7-12
displaying the time and date 7-12
overview 7-1