Index Numerics
10-Gigabit Ethernet interfaces
configuration guidelines 12-17
defined 12-6
A
AAA down policy, NAC Layer 2 IP validation 1-12
abbreviating commands 2-3
ABRs 38-25
AC (command switch) 6-10
access-class command 34-20
access control entries
See ACEs
access control entry (ACE) 40-3
access-denied response, VMPS 13-26
access groups
applying IPv4 ACLs to interfaces 34-21
Layer 2 34-21
Layer 3 34-21
accessing
clusters, switch 6-13
command switches 6-11
member switches 6-13
switch clusters 6-13
accessing stack members 5-23
access lists
See ACLs
access ports
and Layer 2 protocol tunneling 17-10
defined 12-3
in switch clusters 6-9
access template 8-1
accounting
with 802.1x 10-51
with IEEE 802.1x 10-16
with RADIUS 9-34
with TACACS+ 9-11, 9-17
ACEs
and QoS 35-8
defined 34-2
Ethernet 34-2
IP 34-2
ACLs
ACEs 34-2
any keyword 34-13
applying
on bridged packets 34-41
on multicast packets 34-42
on routed packets 34-42
on switched packets 34-40
time ranges to 34-17
to an interface 34-20, 40-7
to IPv6 interfaces 40-7
to QoS 35-8
classifying traffic for QoS 35-50
comments in 34-19
compiling 34-23
defined 34-1, 34-8
examples of 34-23, 35-50
extended IP, configuring for QoS classification 35-51
extended IPv4
creating 34-11
matching criteria 34-8
hardware and software handling 34-22
host keyword 34-13
IP
creating 34-8
fragments and QoS guidelines 35-40
implicit deny 34-10, 34-15, 34-17
implicit masks 34-10
matching criteria 34-8
undefined 34-22
IPv4
applying to interfaces 34-20
creating 34-8
matching criteria 34-8
named 34-15
numbers 34-8
terminal lines, setting on 34-20
unsupported features 34-7
IPv6
and stacking 40-3
applying to interfaces 40-7
configuring 40-4, 40-5
displaying 40-8
interactions with other features 40-4
limitations 40-3
matching criteria 40-3
named 40-3
precedence of 40-2
supported 40-2
unsupported features 40-3
Layer 4 information in 34-40
logging messages 34-9
MAC extended 34-28, 35-52
matching 34-8, 34-21, 40-3
monitoring 34-44, 40-8
named, IPv4 34-15
named, IPv6 40-3
names 40-4
number per QoS class map 35-40
port 34-2, 40-1
precedence of 34-2
QoS 35-8, 35-50
resequencing entries 34-15
router 34-2, 40-1
router ACLs and VLAN map configuration guidelines 34-39
standard IP, configuring for QoS classification 35-50
standard IPv4
creating 34-10
matching criteria 34-8
support for 1-10
support in hardware 34-22
time ranges 34-17
types supported 34-2
unsupported features, IPv4 34-7
unsupported features, IPv6 40-3
using router ACLs with VLAN maps 34-39
VLAN maps
configuration guidelines 34-31
configuring 34-30
active link 21-4, 21-5, 21-6
active links 21-2
active router 42-2
active traffic monitoring, IP SLAs 43-1
address aliasing 24-2
addresses
displaying the MAC address table 7-24
dynamic
accelerated aging 18-9
changing the aging time 7-14
default aging 18-9
defined 7-12
learning 7-13
removing 7-15
IPv6 39-2
MAC, discovering 7-24
multicast
group address range 46-3
STP address management 18-9
static
adding and removing 7-20
defined 7-12
address resolution 7-24, 38-9
Address Resolution Protocol
See ARP
adjacency tables, with CEF 38-90
administrative distances
defined 38-102
OSPF 38-33
routing protocol defaults 38-92
advertisements
CDP 26-1
LLDP 27-1, 27-2
RIP 38-20
VTP 13-18, 14-3, 14-4
aggregatable global unicast addresses 39-3
aggregate addresses, BGP 38-60
aggregated ports
See EtherChannel
aggregate policers 35-67
aggregate policing 1-13
aggregator template 5-9, 8-1
aging, accelerating 18-9
aging time
accelerated
for MSTP 19-23
for STP 18-9, 18-23
MAC address table 7-14
maximum
for MSTP 19-24
for STP 18-23, 18-24
alarms, RMON 30-3
allowed-VLAN list 13-20
application engines, redirecting traffic to 45-1
area border routers
See ABRs
area routing
IS-IS 38-65
ISO IGRP 38-65
ARP
configuring 38-10
defined 1-6, 7-24, 38-9
encapsulation 38-11
static cache configuration 38-10
table
address resolution 7-24
managing 7-24
ASBRs 38-25
AS-path filters, BGP 38-55
asymmetrical links, and IEEE 802.1Q tunneling 17-4
attributes, RADIUS
vendor-proprietary 9-37
vendor-specific 9-35
attribute-value pairs 10-13, 10-16, 10-21, 10-22
authentication
EIGRP 38-41
HSRP 42-10
local mode with AAA 9-43
open1x 10-31
RADIUS
key 9-27
login 9-29
TACACS+
defined 9-11
key 9-13
login 9-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 10-8
authentication failed VLAN
See restricted VLAN
authentication keys, and routing protocols 38-103
authentication manager
CLI commands 10-9
compatibility with older 802.1x CLI commands 10-9 to ??
overview 10-7
authoritative time source, described 7-2
authorization
with RADIUS 9-33
with TACACS+ 9-11, 9-16
authorized ports with IEEE 802.1x 10-10
autoconfiguration 3-3
auto enablement 10-33
automatic advise (auto-advise) in switch stacks 5-12
automatic copy (auto-copy) in switch stacks 5-11
automatic discovery
considerations
beyond a noncandidate device 6-8
brand new switches 6-9
connectivity 6-5
different VLANs 6-7
management VLANs 6-7
non-CDP-capable devices 6-6
noncluster-capable devices 6-6
routed ports 6-8
in switch clusters 6-5
See also CDP
automatic extraction (auto-extract) in switch stacks 5-11
automatic QoS
See QoS
automatic recovery, clusters 6-10
See also HSRP
automatic upgrades (auto-upgrade) in switch stacks 5-11
auto-MDIX
configuring 12-21
described 12-21
autonegotiation
duplex mode 1-4
interface configuration guidelines 12-18
mismatches 49-12
autonomous system boundary routers
See ASBRs
autonomous systems, in BGP 38-48
Auto-QoS video devices 1-14
Auto-RP, described 46-6
autosensing, port speed 1-4
autostate exclude 12-5
auxiliary VLAN
See voice VLAN
availability, features 1-8
B
BackboneFast
described 20-7
disabling 20-17
enabling 20-17
support for 1-8
backup interfaces
See Flex Links
backup links 21-2
backup static routing, configuring 44-12
banners
configuring
login 7-12
message-of-the-day login 7-11
default configuration 7-10
when displayed 7-10
Berkeley r-tools replacement 9-55
BGP
aggregate addresses 38-60
aggregate routes, configuring 38-60
CIDR 38-60
clear commands 38-64
community filtering 38-57
configuring neighbors 38-59
default configuration 38-46
described 38-45
enabling 38-48
monitoring 38-64
multipath support 38-52
neighbors, types of 38-48
path selection 38-52
peers, configuring 38-59
prefix filtering 38-56
resetting sessions 38-51
route dampening 38-63
route maps 38-54
route reflectors 38-62
routing domain confederation 38-61
routing session with multi-VRF CE 38-84
show commands 38-64
supernets 38-60
support for 1-14
Version 4 38-45
binding cluster group and HSRP group 42-12
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 22-6
DHCP snooping database 22-6
IP source guard 22-16
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 25-7
Boolean expressions in tracked lists 44-4
booting
boot loader, function of 3-2
boot process 3-2
manually 3-20
specific image 3-21
boot loader
accessing 3-22
described 3-2
environment variables 3-22
prompt 3-22
trap-door mechanism 3-2
bootstrap router (BSR), described 46-7
Border Gateway Protocol
See BGP
BPDU
error-disabled state 20-2
filtering 20-3
RSTP format 19-12
BPDU filtering
described 20-3
disabling 20-15
enabling 20-14
support for 1-8
BPDU guard
described 20-2
disabling 20-14
enabling 20-13
support for 1-8
bridged packets, ACLs on 34-41
bridge groups
See fallback bridging
bridge protocol data unit
See BPDU
broadcast flooding 38-17
broadcast packets
directed 38-14
flooded 38-14
broadcast storm-control command 25-4
broadcast storms 25-1, 38-14
C
cables, monitoring for unidirectional links 28-1
candidate switch
automatic discovery 6-5
defined 6-4
requirements 6-4
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility 10-8
CA trustpoint
configuring 9-52
defined 9-50
CDP
and trusted boundary 35-46
automatic discovery in switch clusters 6-5
configuring 26-2
default configuration 26-2
defined with LLDP 27-1
described 26-1
disabling for routing device 26-4
enabling and disabling
on an interface 26-4
on a switch 26-4
Layer 2 protocol tunneling 17-7
monitoring 26-5
overview 26-1
power negotiation extensions 12-7
support for 1-6
switch stack considerations 26-2
transmission timer and holdtime, setting 26-3
updates 26-3
CEF
defined 38-89
distributed 38-90
enabling 38-90
IPv6 39-20
CGMP
as IGMP snooping learning method 24-9
clearing cached group entries 46-62
enabling server support 46-44
joining multicast group 24-3
overview 46-9
server support only 46-9
switch support of 1-5
CIDR 38-60
CipherSuites 9-51
Cisco 7960 IP Phone 15-1
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco intelligent power management 12-7
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
See IFS
Cisco IOS IP SLAs 43-2
Cisco Redundant Power System 2300
configuring 12-29
managing 12-29
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 10-22
attribute-value pairs for redirect URL 10-21
Cisco Secure ACS configuration guide 10-61
CiscoWorks 2000 1-6, 32-4
CISP 10-33
CIST regional root
See MSTP
CIST root
See MSTP
civic location 27-3
classless interdomain routing
See CIDR
classless routing 38-8
class maps for QoS
configuring 35-53
described 35-8
displaying 35-87
class of service
See CoS
clearing interfaces 12-32
CLI
abbreviating commands 2-3
command modes 2-1
configuration logging 2-4
described 1-6
editing features
enabling and disabling 2-6
keystroke editing 2-7
wrapped lines 2-8
error messages 2-4
filtering command output 2-9
getting help 2-3
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
managing clusters 6-16
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client mode, VTP 14-3
client processes, tracking 44-1
CLNS
See ISO CLNS
clock
See system clock
clusters, switch
accessing 6-13
automatic discovery 6-5
automatic recovery 6-10
benefits 1-2
compatibility 6-4
described 6-1
LRE profile considerations 6-16
managing
through CLI 6-16
through SNMP 6-17
planning 6-4
planning considerations
automatic discovery 6-5
automatic recovery 6-10
CLI 6-16
host names 6-13
IP addresses 6-13
LRE profiles 6-16
passwords 6-13
RADIUS 6-16
SNMP 6-14, 6-17
switch stacks 6-14
TACACS+ 6-16
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
and HSRP group 42-12
automatic recovery 6-12
considerations 6-11
defined 6-2
requirements 6-3
virtual IP address 6-11
See also HSRP
CNS 1-6
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-7
management functions 1-6
CoA Request Commands 9-23
Coarse Wave Division Multiplexer
See CWDM SFPs
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-3
no and default 2-4
commands, setting privilege levels 9-8
command switch
accessing 6-11
active (AC) 6-10
configuration conflicts 49-12
defined 6-2
passive (PC) 6-10
password privilege levels 6-17
priority 6-10
recovery
from command-switch failure 6-10, 49-8
from lost member connectivity 49-12
redundant 6-10
replacing
with another switch 49-11
with cluster member 49-9
requirements 6-3
standby (SC) 6-10
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 38-58
community ports 16-2
community strings
configuring 6-14, 32-8
for cluster switches 32-4
in clusters 6-14
overview 32-4
SNMP 6-14
community VLANs 16-2, 16-3
compatibility, feature 25-12
compatibility, software
See stacks, switch
config.text 3-19
configurable leave timer, IGMP 24-6
configuration, initial
defaults 1-18
Express Setup 1-2
configuration changes, logging 31-11
configuration conflicts, recovering from lost member connectivity 49-12
configuration examples, network 1-21
configuration files
archiving 51-20
clearing the startup configuration 51-19
creating using a text editor 51-10
default name 3-19
deleting a stored configuration 51-19
described 51-8
downloading
automatically 3-19
preparing 51-10, 51-13, 51-16
reasons for 51-8
using FTP 51-13
using RCP 51-17
using TFTP 51-11
guidelines for creating and using 51-9
guidelines for replacing and rolling back 51-21
invalid combinations when copying 51-5
limiting TFTP server access 32-16
obtaining with DHCP 3-9
password recovery disable considerations 9-5
replacing a running configuration 51-19, 51-20
rolling back a running configuration 51-19, 51-21
specifying the filename 3-19
system contact and location information 32-16
types and location 51-10
uploading
preparing 51-10, 51-13, 51-16
reasons for 51-9
using FTP 51-15
using RCP 51-18
using TFTP 51-12
configuration guidelines, multi-VRF CE 38-77
configuration logger 31-11
configuration logging 2-4
configuration replacement 51-19
configuration rollback 51-19, 51-20
configuration settings, saving 3-16
configure terminal command 12-12
configuring 802.1x user distribution 10-57
configuring port-based authentication violation modes 10-41 to 10-42
configuring small-frame arrival rate 25-5
Configuring VACL Logging 34-37
conflicts, configuration 49-12
connections, secure remote 9-45
connectivity problems 49-14, 49-16, 49-17
consistency checks in VTP Version 2 14-5
console port, connecting to 2-10
content-routing technology
See WCCP
control protocol, IP SLAs 43-4
corrupted software, recovery steps with Xmodem 49-2
CoS
in Layer 2 frames 35-2
override priority 15-6
trust priority 15-6
CoS input queue threshold map for QoS 35-17
CoS output queue threshold map for QoS 35-19
CoS-to-DSCP map for QoS 35-69
counters, clearing interface 12-32
CPU utilization, troubleshooting 49-26
crashinfo file 49-24
critical authentication, IEEE 802.1x 10-54
critical VLAN 10-24
critical voice VLAN
configuring 10-54
cross-stack EtherChannel
configuration guidelines 36-13
configuring
on Layer 2 interfaces 36-13
on Layer 3 physical interfaces 36-16
described 36-3
illustration 36-4
support for 1-8
cross-stack UplinkFast, STP
described 20-5
disabling 20-16
enabling 20-16
fast-convergence events 20-7
Fast Uplink Transition Protocol 20-6
normal-convergence events 20-7
support for 1-8
cryptographic software image
Kerberos 9-39
SSH 9-44
SSL 9-49
switch stack considerations 5-16
customer edge devices 38-75
customjzeable web pages, web-based authentication 11-6
CWDM SFPs 1-30
D
DACL
See downloadable ACL
daylight saving time 7-6
dCEF, in the switch stack 38-90
debugging
enabling all system diagnostics 49-21
enabling for a specific feature 49-20
redirecting error message output 49-21
using commands 49-20
default commands 2-4
default configuration
802.1x 10-36
auto-QoS 35-22
banners 7-10
BGP 38-46
CDP 26-2
DHCP 22-8
DHCP option 82 22-8
DHCP snooping 22-8
DHCP snooping binding database 22-9
DNS 7-9
dynamic ARP inspection 23-5
EIGRP 38-37
EtherChannel 36-11
Ethernet interfaces 12-16
fallback bridging 48-3
Flex Links 21-7, 21-8
HSRP 42-5
IEEE 802.1Q tunneling 17-4
IGMP 46-39
IGMP filtering 24-25
IGMP snooping 24-7, 41-6
IGMP throttling 24-25
initial switch information 3-3
IP addressing, IP routing 38-6
IP multicast routing 46-11
IP SLAs 43-6
IP source guard 22-17
IPv6 39-12
IS-IS 38-66
Layer 2 interfaces 12-16
Layer 2 protocol tunneling 17-11
LLDP 27-4
MAC address table 7-14
MAC address-table move update 21-8
MSDP 47-4
MSTP 19-14
multi-VRF CE 38-77
MVR 24-20
optional spanning-tree configuration 20-12
OSPF 38-26
password and privilege level 9-2
PIM 46-11
private VLANs 16-7
RADIUS 9-27
RIP 38-20
RMON 30-3
RSPAN 29-10
SDM template 8-4
SNMP 32-6
SPAN 29-10
SSL 9-51
standard QoS 35-37
STP 18-13
switch stacks 5-19
system message logging 31-4
system name and prompt 7-8
TACACS+ 9-13
UDLD 28-4
VLAN, Layer 2 Ethernet interfaces 13-18
VLANs 13-7
VMPS 13-27
voice VLAN 15-3
VTP 14-8
WCCP 45-5
default gateway 3-16, 38-12
default networks 38-93
default router preference
See DRP
default routes 38-93
default routing 38-3
default web-based authentication configuration
802.1X 11-9
deleting VLANs 13-9
denial-of-service attack 25-1
description command 12-25
designing your network, examples 1-21
desktop template 5-9, 8-1
destination addresses
in IPv4 ACLs 34-12
in IPv6 ACLs 40-5
destination-IP address-based forwarding, EtherChannel 36-9
destination-MAC address forwarding, EtherChannel 36-9
detecting indirect link failures, STP 20-8
device 51-24
device discovery protocol 26-1, 27-1
device manager
benefits 1-2
described 1-2, 1-5
in-band management 1-7
upgrading a switch 51-24
DHCP
Cisco IOS server database
configuring 22-14
default configuration 22-9
described 22-6
DHCP for IPv6
See DHCPv6
enabling
relay agent 22-10
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-4
DNS 3-8
relay device 3-8
server side 3-6
TFTP server 3-7
example 3-10
lease options
for IP address information 3-6
for receiving the configuration file 3-7
overview 3-3
relationship to BOOTP 3-4
relay support 1-6, 1-15
support for 1-6
DHCP-based autoconfiguration and image update
configuring 3-11 to 3-15
understanding 3-5 to 3-6
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP object tracking, configuring primary interface 44-10
DHCP option 82
circuit ID suboption 22-5
configuration guidelines 22-9
default configuration 22-8
displaying 22-15
forwarding address, specifying 22-10
helper address 22-10
overview 22-3
packet format, suboption
circuit ID 22-5
remote ID 22-5
remote ID suboption 22-5
DHCP server port-based address allocation
configuration guidelines 22-26
default configuration 22-26
described 22-25
displaying 22-29
enabling 22-26
reserved addresses 22-27
DHCP server port-based address assignment
support for 1-6
DHCP snooping
accepting untrusted packets form edge switch 22-3, 22-12
and private VLANs 22-13
binding database
See DHCP snooping binding database
configuration guidelines 22-9
default configuration 22-8
displaying binding tables 22-15
message exchange process 22-4
option 82 data insertion 22-3
trusted interface 22-2
untrusted interface 22-2
untrusted messages 22-2
DHCP snooping binding database
adding bindings 22-14
binding file
format 22-7
location 22-6
bindings 22-6
clearing agent statistics 22-15
configuration guidelines 22-9
configuring 22-14
default configuration 22-8, 22-9
deleting
binding file 22-15
bindings 22-15
database agent 22-15
described 22-6
displaying 22-15
binding entries 22-15
status and statistics 22-15
enabling 22-14
entry 22-6
renewing database 22-15
resetting
delay value 22-15
timeout value 22-15
DHCP snooping binding table
See DHCP snooping binding database
DHCPv6
configuration guidelines 39-17
default configuration 39-17
described 39-6
enabling client function 39-19
enabling DHCPv6 server function 39-17
support for 1-15
Differentiated Services architecture, QoS 35-2
Differentiated Services Code Point 35-2
Diffusing Update Algorithm (DUAL) 38-35
directed unicast requests 1-6
directories
changing 51-4
creating and removing 51-4
displaying the working 51-4
discovery, clusters
See automatic discovery
Distance Vector Multicast Routing Protocol
See DVMRP
distance-vector protocols 38-3
distribute-list command 38-102
DNS
and DHCP-based autoconfiguration 3-8
default configuration 7-9
displaying the configuration 7-10
in IPv6 39-4
overview 7-8
setting up 7-9
support for 1-6
DNS-based SSM mapping 46-19, 46-21
domain names
DNS 7-8
VTP 14-9
Domain Name System
See DNS
domains, ISO IGRP routing 38-65
dot1q-tunnel switchport mode 13-16
double-tagged packets
IEEE 802.1Q tunneling 17-2
Layer 2 protocol tunneling 17-10
downloadable ACL 10-20, 10-22, 10-61
downloading
configuration files
preparing 51-10, 51-13, 51-16
reasons for 51-8
using FTP 51-13
using RCP 51-17
using TFTP 51-11
image files
deleting old image 51-28
preparing 51-26, 51-30, 51-35
reasons for 51-24
using CMS 1-2
using FTP 51-31
using HTTP 1-2, 51-24
using RCP 51-36
using TFTP 51-27
using the device manager or Network Assistant 51-24
drop threshold for Layer 2 protocol packets 17-11
DRP
configuring 39-14
described 39-4
IPv6 39-4
support for 1-15
DSCP 1-13, 35-2
DSCP input queue threshold map for QoS 35-17
DSCP output queue threshold map for QoS 35-19
DSCP-to-CoS map for QoS 35-72
DSCP-to-DSCP-mutation map for QoS 35-73
DSCP transparency 35-47
DTP 1-9, 13-16
dual-action detection 36-6
DUAL finite state machine, EIGRP 38-36
dual IPv4 and IPv6 templates 8-2, 39-6
dual protocol stacks
IPv4 and IPv6 39-6
SDM templates supporting 39-6
DVMRP
autosummarization
configuring a summary address 46-58
disabling 46-60
connecting PIM domain to DVMRP router 46-51
enabling unicast routing 46-54
interoperability
with Cisco devices 46-49
with Cisco IOS software 46-9
mrinfo requests, responding to 46-53
neighbors
advertising the default route to 46-52
discovery with Probe messages 46-49
displaying information 46-53
prevent peering with nonpruning 46-56
rejecting nonpruning 46-54
overview 46-9
routes
adding a metric offset 46-60
advertising all 46-60
advertising the default route to neighbors 46-52
caching DVMRP routes learned in report messages 46-54
changing the threshold for syslog messages 46-57
deleting 46-62
displaying 46-62
favoring one over another 46-60
limiting the number injected into MBONE 46-57
limiting unicast route advertisements 46-49
routing table 46-9
source distribution tree, building 46-9
support for 1-15
tunnels
configuring 46-51
displaying neighbor information 46-53
dynamic access ports
characteristics 13-3
configuring 13-29
defined 12-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 23-1
ARP requests, described 23-1
ARP spoofing attack 23-1
clearing
log buffer 23-16
statistics 23-16
configuration guidelines 23-6
configuring
ACLs for non-DHCP environments 23-9
in DHCP environments 23-7
log buffer 23-13
rate limit for incoming ARP packets 23-4, 23-11
default configuration 23-5
denial-of-service attacks, preventing 23-11
described 23-1
DHCP snooping binding database 23-2
displaying
ARP ACLs 23-15
configuration and operating state 23-15
log buffer 23-16
statistics 23-16
trust state and rate limit 23-15
error-disabled state for exceeding rate limit 23-4
function of 23-2
interface trust states 23-3
log buffer
clearing 23-16
configuring 23-13
displaying 23-16
logging of dropped packets, described 23-5
man-in-the middle attack, described 23-2
network security issues and interface trust states 23-3
priority of ARP ACLs and DHCP snooping entries 23-4
rate limiting of ARP packets
configuring 23-11
described 23-4
error-disabled state 23-4
statistics
clearing 23-16
displaying 23-16
validation checks, performing 23-12
dynamic auto trunking mode 13-16
dynamic desirable trunking mode 13-16
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 13-27
reconfirming 13-30
troubleshooting 13-31
types of connections 13-29
dynamic routing 38-3
ISO CLNS 38-65
Dynamic Trunking Protocol
See DTP
E
EBGP 38-44
editing features
enabling and disabling 2-6
keystrokes used 2-7
wrapped lines 2-8
EEM 3.2 33-5
EIGRP
authentication 38-41
components 38-36
configuring 38-39
default configuration 38-37
definition 38-35
interface parameters, configuring 38-40
monitoring 38-43
stub routing 38-42
elections
See stack master
ELIN location 27-3
embedded event manager
3.2 33-5
actions 33-4
configuring 33-1, 33-6
displaying information 33-7
environmental variables 33-5
event detectors 33-2
policies 33-4
registering and defining an applet 33-6
registering and defining a TCL script 33-7
understanding 33-1
enable password 9-3
enable secret password 9-3
encryption, CipherSuite 9-51
encryption for passwords 9-3
Enhanced IGRP
See EIGRP
enhanced object tracking
backup static routing 44-12
commands 44-1
defined 44-1
DHCP primary interface 44-10
HSRP 44-7
IP routing state 44-2
IP SLAs 44-9
line-protocol state 44-2
network monitoring with IP SLAs 44-11
routing policy, configuring 44-12
static route primary interface 44-10
tracked lists 44-3
enhanced object tracking static routing 44-10
environmental variables, embedded event manager 33-5
environment variables, function of 3-23
equal-cost routing 1-15, 38-91
error-disabled state, BPDU 20-2
error messages during command entry 2-4
EtherChannel
automatic creation of 36-5, 36-7
channel groups
binding physical and logical interfaces 36-4
numbering of 36-4
configuration guidelines 36-12
configuring
Layer 2 interfaces 36-13
Layer 3 physical interfaces 36-16
Layer 3 port-channel logical interfaces 36-15
default configuration 36-11
described 36-2
displaying status 36-23
forwarding methods 36-8, 36-18
IEEE 802.3ad, described 36-7
interaction
with STP 36-12
with VLANs 36-12
LACP
described 36-7
displaying status 36-23
hot-standby ports 36-20
interaction with other features 36-8
modes 36-7
port priority 36-22
system priority 36-21
Layer 3 interface 38-5
load balancing 36-8, 36-18
logical interfaces, described 36-4
PAgP
aggregate-port learners 36-19
compatibility with Catalyst 1900 36-19
described 36-5
displaying status 36-23
interaction with other features 36-7
interaction with virtual switches 36-6
learn method and priority configuration 36-19
modes 36-6
support for 1-4
with dual-action detection 36-6
port-channel interfaces
described 36-4
numbering of 36-4
port groups 12-6
stack changes, effects of 36-10
support for 1-4
EtherChannel guard
described 20-10
disabling 20-17
enabling 20-17
Ethernet VLANs
adding 13-8
defaults and ranges 13-8
modifying 13-8
EUI 39-3
event detectors, embedded event manager 33-2
events, RMON 30-3
examples
network configuration 1-21
expedite queue for QoS 35-86
Express Setup 1-2
See also getting started guide
extended crashinfo file 49-24
extended-range VLANs
configuration guidelines 13-11
configuring 13-11
creating 13-12
creating with an internal VLAN ID 13-13
defined 13-1
extended system ID
MSTP 19-18
STP 18-4, 18-16
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 10-1
external BGP
See EBGP
external neighbors, BGP 38-48
F
fa0 interface 1-7
failover support 1-8
fallback bridging
and protected ports 48-4
bridge groups
creating 48-4
described 48-2
displaying 48-10
function of 48-2
number supported 48-4
removing 48-5
bridge table
clearing 48-10
displaying 48-10
configuration guidelines 48-4
connecting interfaces with 12-10
default configuration 48-3
described 48-1
frame forwarding
flooding packets 48-2
forwarding packets 48-2
overview 48-1
protocol, unsupported 48-4
stack changes, effects of 48-3
STP
disabling on an interface 48-9
forward-delay interval 48-8
hello BPDU interval 48-8
interface priority 48-6
maximum-idle interval 48-9
path cost 48-7
VLAN-bridge spanning-tree priority 48-6
VLAN-bridge STP 48-2
support for 1-15
SVIs and routed ports 48-1
unsupported protocols 48-4
VLAN-bridge STP 18-11
Fast Convergence 21-3
Fast Uplink Transition Protocol 20-6
features, incompatible 25-12
FIB 38-90
fiber-optic, detecting unidirectional links 28-1
files
basic crashinfo
description 49-24
location 49-24
copying 51-5
crashinfo, description 49-24
deleting 51-5
displaying the contents of 51-8
extended crashinfo
description 49-24
location 49-25
tar
creating 51-6
displaying the contents of 51-7
extracting 51-7
image file format 51-25
file system
displaying available file systems 51-2
displaying file information 51-3
local file system names 51-1
network file system names 51-5
setting the default 51-3
filtering
in a VLAN 34-30
IPv6 traffic 40-4, 40-7
non-IP traffic 34-28
show and more command output 2-9
filtering show and more command output 2-9
filters, IP
See ACLs, IP
flash device, number of 51-1
flexible authentication ordering
configuring 10-64
overview 10-31
Flex Link Multicast Fast Convergence 21-3
Flex Links
configuration guidelines 21-8
configuring 21-8, 21-9
configuring preferred VLAN 21-11
configuring VLAN load balancing 21-10
default configuration 21-7
description 21-1
link load balancing 21-2
monitoring 21-14
VLANs 21-2
flooded traffic, blocking 25-8
flow-based packet classification 1-13
flowcharts
QoS classification 35-7
QoS egress queueing and scheduling 35-18
QoS ingress queueing and scheduling 35-16
QoS policing and marking 35-11
flowcontrol
configuring 12-20
described 12-20
forward-delay time
MSTP 19-23
STP 18-23
Forwarding Information Base
See FIB
forwarding nonroutable protocols 48-1
FTP
configuration files
downloading 51-13
overview 51-12
preparing the server 51-13
uploading 51-15
image files
deleting old image 51-33
downloading 51-31
preparing the server 51-30
uploading 51-33
G
general query 21-5
Generating IGMP Reports 21-3
get-bulk-request operation 32-3
get-next-request operation 32-3, 32-4
get-request operation 32-3, 32-4
get-response operation 32-3
Gigabit modules
See SFPs
global configuration mode 2-2
global leave, IGMP 24-13
guest VLAN and 802.1x 10-22
guide mode 1-2
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces 12-26
hello time
MSTP 19-22
STP 18-22
help, for the command line 2-3
HFTM space 49-25
hierarchical policy maps 35-9
configuration guidelines 35-40
configuring 35-59
described 35-12
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 31-10
host names, in clusters 6-13
host ports
configuring 16-12
kinds of 16-2
hosts, limit on dynamic ports 13-31
Hot Standby Router Protocol
See HSRP
HP OpenView 1-6
HQATM space 49-25
HSRP
authentication string 42-10
automatic cluster recovery 6-12
binding to cluster group 42-12
cluster standby group considerations 6-11
command-switch redundancy 1-1, 1-8
configuring 42-5
default configuration 42-5
definition 42-1
guidelines 42-6
monitoring 42-13
object tracking 44-7
overview 42-1
priority 42-8
routing redundancy 1-14
support for ICMP redirect messages 42-12
switch stack considerations 42-5
timers 42-10
tracking 42-8
See also clusters, cluster standby group, and standby command switch
HSRP for IPv6
configuring 39-26
guidelines 39-25
HTTP over SSL
see HTTPS
HTTPS 9-49
configuring 9-53
self-signed certificate 9-50
HTTP secure server 9-49
Hulc Forwarding TCAM Manager
See HFTM space
Hulc QoS/ACL TCAM Manager
See HQATM space
I
IBPG 38-44
ICMP
IPv6 39-4
redirect messages 38-12
support for 1-15
time-exceeded messages 49-18
traceroute and 49-18
unreachable messages 34-21
unreachable messages and IPv6 40-4
unreachables and ACLs 34-22
ICMP Echo operation
configuring 43-12
IP SLAs 43-12
ICMP ping
executing 49-15
overview 49-14
ICMP Router Discovery Protocol
See IRDP
ICMPv6 39-4
IDS appliances
and ingress RSPAN 29-20
and ingress SPAN 29-14
IEEE 802.1D
See STP
IEEE 802.1p 15-1
IEEE 802.1Q
and trunk ports 12-3
configuration limitations 13-17
encapsulation 13-15
native VLAN for untagged traffic 13-22
tunneling
compatibility with other features 17-5
defaults 17-4
described 17-1
tunnel ports with other features 17-6
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3af
See PoE
IEEE 802.3x flow control 12-20
ifIndex values, SNMP 32-5
IFS 1-7
IGMP
configurable leave timer
described 24-6
enabling 24-11
configuring the switch
as a member of a group 46-39
statically connected member 46-43
controlling access to groups 46-40
default configuration 46-39
deleting cache entries 46-62
displaying groups 46-62
fast switching 46-44
flooded multicast traffic
controlling the length of time 24-12
disabling on an interface 24-13
global leave 24-13
query solicitation 24-13
recovering from flood mode 24-13
host-query interval, modifying 46-41
joining multicast group 24-3
join messages 24-3
leave processing, enabling 24-11, 41-9
leaving multicast group 24-5
multicast reachability 46-39
overview 46-3
queries 24-4
report suppression
described 24-6
disabling 24-16, 41-11
supported versions 24-3
support for 1-5
Version 1
changing to Version 2 46-41
described 46-3
Version 2
changing to Version 1 46-41
described 46-3
maximum query response time value 46-43
pruning groups 46-43
query timeout value 46-42
IGMP filtering
configuring 24-25
default configuration 24-25
described 24-24
monitoring 24-29
support for 1-5
IGMP groups
configuring filtering 24-28
setting the maximum number 24-27
IGMP helper 1-5, 46-6
IGMP Immediate Leave
configuration guidelines 24-11
described 24-5
enabling 24-11
IGMP profile
applying 24-26
configuration mode 24-25
configuring 24-26
IGMP snooping
and address aliasing 24-2
and stack changes 24-6
configuring 24-7
default configuration 24-7, 41-6
definition 24-2
enabling and disabling 24-7, 41-7
global configuration 24-7
Immediate Leave 24-5
in the switch stack 24-6
method 24-8
monitoring 24-16, 41-11
querier
configuration guidelines 24-14
configuring 24-14
supported versions 24-3
support for 1-5
VLAN configuration 24-8
IGMP throttling
configuring 24-28
default configuration 24-25
described 24-24
displaying action 24-29
IGP 38-25
Immediate Leave, IGMP 24-5
enabling 41-9
inaccessible authentication bypass 10-24
support for multiauth ports 10-25
initial configuration
defaults 1-18
Express Setup 1-2
interface
number 12-11
range macros 12-14
interface command 12-11 to 12-12
interface configuration mode 2-2
interfaces
auto-MDIX, configuring 12-21
configuration guidelines
10-Gigabit Ethernet 12-17
duplex and speed 12-18
configuring
procedure 12-12
counters, clearing 12-32
default configuration 12-16
described 12-25
descriptive name, adding 12-25
displaying information about 12-31
flow control 12-20
management 1-5
monitoring 12-31
naming 12-25
physical, identifying 12-11
range of 12-12
restarting 12-33
shutting down 12-33
speed and duplex, configuring 12-19
status 12-31
supported 12-10
types of 12-1
interfaces range macro command 12-14
interface types 12-11
Interior Gateway Protocol
See IGP
internal BGP
See IBGP
internal neighbors, BGP 38-48
Internet Control Message Protocol
See ICMP
Internet Group Management Protocol
See IGMP
Internet Protocol version 6
See IPv6
Inter-Switch Link
See ISL
inter-VLAN routing 1-14, 38-2
Intrusion Detection System
See IDS appliances
inventory management TLV 27-3, 27-7
IP ACLs
for QoS classification 35-8
implicit deny 34-10, 34-15
implicit masks 34-10
named 34-15
undefined 34-22
IP addresses
128-bit 39-2
candidate or member 6-4, 6-13
classes of 38-7
cluster access 6-2
command switch 6-3, 6-11, 6-13
default configuration 38-6
discovering 7-24
for IP routing 38-5
IPv6 39-2
MAC address association 38-9
monitoring 38-18
redundant clusters 6-11
standby command switch 6-11, 6-13
See also IP information
IP base image 1-1
IP broadcast address 38-16
ip cef distributed command 38-90
IP directed broadcasts 38-14
ip igmp profile command 24-25
IP information
assigned
manually 3-15
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing
addresses
all-hosts 46-3
all-multicast-routers 46-3
host group address range 46-3
administratively-scoped boundaries, described 46-47
and IGMP snooping 24-2
Auto-RP
adding to an existing sparse-mode cloud 46-26
benefits of 46-26
clearing the cache 46-62
configuration guidelines 46-12
filtering incoming RP announcement messages 46-29
overview 46-6
preventing candidate RP spoofing 46-29
preventing join messages to false RPs 46-28
setting up in a new internetwork 46-26
using with BSR 46-34
bootstrap router
configuration guidelines 46-12
configuring candidate BSRs 46-32
configuring candidate RPs 46-33
defining the IP multicast boundary 46-31
defining the PIM domain border 46-30
overview 46-7
using with Auto-RP 46-34
Cisco implementation 46-2
configuring
basic multicast routing 46-12
IP multicast boundary 46-47
default configuration 46-11
enabling
multicast forwarding 46-13
PIM mode 46-13
group-to-RP mappings
Auto-RP 46-6
BSR 46-7
MBONE
deleting sdr cache entries 46-62
described 46-45
displaying sdr cache 46-63
enabling sdr listener support 46-46
limiting DVMRP routes advertised 46-57
limiting sdr cache entry lifetime 46-46
SAP packets for conference session announcement 46-46
Session Directory (sdr) tool, described 46-45
monitoring
packet rate loss 46-63
peering devices 46-63
tracing a path 46-63
multicast forwarding, described 46-8
PIMv1 and PIMv2 interoperability 46-11
protocol interaction 46-2
reverse path check (RPF) 46-8
routing table
deleting 46-62
displaying 46-62
RP
assigning manually 46-24
configuring Auto-RP 46-26
configuring PIMv2 BSR 46-30
monitoring mapping information 46-34
using Auto-RP and BSR 46-34
stacking
stack master functions 46-10
stack member functions 46-10
statistics, displaying system and network 46-62
See also CGMP
See also DVMRP
See also IGMP
See also PIM
IP phones
and QoS 15-1
automatic classification and queueing 35-21
configuring 15-4
ensuring port security with QoS 35-45
trusted boundary for QoS 35-45
IP Port Security for Static Hosts
on a Layer 2 access port 22-19
on a PVLAN host port 22-23
IP precedence 35-2
IP-precedence-to-DSCP map for QoS 35-70
IP protocols
in ACLs 34-12
routing 1-14
IP routes, monitoring 38-105
IP routing
connecting interfaces with 12-10
disabling 38-19
enabling 38-19
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 43-1
IP services image 1-1
IP SLAs
benefits 43-2
configuration guidelines 43-6
configuring object tracking 44-9
Control Protocol 43-4
default configuration 43-6
definition 43-1
ICMP echo operation 43-12
measuring network performance 43-3
monitoring 43-14
multioperations scheduling 43-5
object tracking 44-9
operation 43-3
reachability tracking 44-9
responder
described 43-4
enabling 43-8
response time 43-4
scheduling 43-5
SNMP support 43-2
supported metrics 43-2
threshold monitoring 43-6
track object monitoring agent, configuring 44-11
track state 44-9
UDP jitter operation 43-9
IP source guard
and 802.1x 22-18
and DHCP snooping 22-15
and EtherChannels 22-18
and port security 22-18
and private VLANs 22-18
and routed ports 22-17
and TCAM entries 22-18
and trunk interfaces 22-18
and VRF 22-18
binding configuration
automatic 22-16
manual 22-16
binding table 22-16
configuration guidelines 22-17
default configuration 22-17
described 22-15
disabling 22-19
displaying
active IP or MAC bindings 22-25
bindings 22-25
configuration 22-25
enabling 22-18, 22-20
filtering
source IP address 22-16
source IP and MAC address 22-16
on provisioned switches 22-18
source IP address filtering 22-16
source IP and MAC address filtering 22-16
static bindings
adding 22-18, 22-20
deleting 22-19
static hosts 22-20
IP traceroute
executing 49-18
overview 49-17
IP unicast routing
address resolution 38-9
administrative distances 38-92, 38-102
ARP 38-9
assigning IP addresses to Layer 3 interfaces 38-7
authentication keys 38-103
broadcast
address 38-16
flooding 38-17
packets 38-14
storms 38-14
classless routing 38-8
configuring static routes 38-91
default
addressing configuration 38-6
gateways 38-12
networks 38-93
routes 38-93
routing 38-3
directed broadcasts 38-14
disabling 38-19
dynamic routing 38-3
enabling 38-19
EtherChannel Layer 3 interface 38-5
IGP 38-25
inter-VLAN 38-2
IP addressing
classes 38-7
configuring 38-5
IPv6 39-3
IRDP 38-12
Layer 3 interfaces 38-5
MAC address and IP address 38-9
passive interfaces 38-101
protocols
distance-vector 38-3
dynamic 38-3
link-state 38-3
proxy ARP 38-9
redistribution 38-93
reverse address resolution 38-9
routed ports 38-5
static routing 38-3
steps to configure 38-5
subnet mask 38-7
subnet zero 38-7
supernet 38-8
UDP 38-15
with SVIs 38-5
See also BGP
See also EIGRP
See also OSPF
See also RIP
IPv4 ACLs
applying to interfaces 34-20
extended, creating 34-11
named 34-15
standard, creating 34-10
IPv4 and IPv6
dual protocol stacks 39-5
IPv6
ACLs
displaying 40-8
limitations 40-3
matching criteria 40-3
port 40-1
precedence 40-2
router 40-1
supported 40-2
addresses 39-2
address formats 39-2
and switch stacks 39-10
applications 39-5
assigning address 39-12
autoconfiguration 39-5
CEFv6 39-20
configuring static routes 39-21
default configuration 39-12
default router preference (DRP) 39-4
defined 39-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 39-8
EIGRP IPv6 Commands 39-8
Router ID 39-8
feature limitations 39-10
features not supported 39-9
forwarding 39-12
ICMP 39-4
monitoring 39-28
neighbor discovery 39-4
OSPF 39-7
path MTU discovery 39-4
SDM templates 8-2, 40-1, 41-1
stack master functions 39-11
Stateless Autoconfiguration 39-5
supported features 39-3
switch limitations 39-9
understanding static routes 39-7
IPv6 traffic, filtering 40-4
IRDP
configuring 38-13
definition 38-12
support for 1-15
IS-IS
addresses 38-65
area routing 38-65
default configuration 38-66
monitoring 38-74
show commands 38-74
system routing 38-65
ISL
and IPv6 39-3
and trunk ports 12-3
encapsulation 1-9, 13-15
trunking with IEEE 802.1 tunneling 17-4
ISO CLNS
clear commands 38-74
dynamic routing protocols 38-65
monitoring 38-74
NETs 38-65
NSAPs 38-65
OSI standard 38-65
ISO IGRP
area routing 38-65
system routing 38-65
isolated port 16-2
isolated VLANs 16-2, 16-3
J
join messages, IGMP 24-3
K
KDC
described 9-40
See also Kerberos
Kerberos
authenticating to
boundary switch 9-42
KDC 9-42
network services 9-43
configuration examples 9-39
configuring 9-43
credentials 9-40
cryptographic software image 9-39
described 9-40
KDC 9-40
operation 9-42
realm 9-41
server 9-41
support for 1-12
switch as trusted third party 9-39
terms 9-40
TGT 9-41
tickets 9-40
key distribution center
See KDC
L
l2protocol-tunnel command 17-12
LACP
Layer 2 protocol tunneling 17-9
See EtherChannel
Layer 2 frames, classification with CoS 35-2
Layer 2 interfaces, default configuration 12-16
Layer 2 protocol tunneling
configuring 17-9
configuring for EtherChannels 17-14
default configuration 17-11
defined 17-8
guidelines 17-11
Layer 2 traceroute
and ARP 49-17
and CDP 49-16
broadcast traffic 49-16
described 49-16
IP addresses and subnets 49-17
MAC addresses and VLANs 49-16
multicast traffic 49-16
multiple devices on a port 49-17
unicast traffic 49-16
usage guidelines 49-16
Layer 3 features 1-14
Layer 3 interfaces
assigning IP addresses to 38-7
assigning IPv4 and IPv6 addresses to 39-15
assigning IPv6 addresses to 39-13
changing from Layer 2 mode 38-7, 38-82
types of 38-5
Layer 3 packets, classification methods 35-2
LDAP 4-2
Leaking IGMP Reports 21-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-2
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 19-7
Link Layer Discovery Protocol
See CDP
link local unicast addresses 39-4
link redundancy
See Flex Links
links, unidirectional 28-1
link state advertisements (LSAs) 38-31
link-state protocols 38-3
link-state tracking
configuring 36-25
described 36-23
LLDP
configuring 27-4
characteristics 27-6
default configuration 27-4
enabling 27-5
monitoring and maintaining 27-10
overview 27-1
supported TLVs 27-2
switch stack considerations 27-2
transmission timer and holdtime, setting 27-6
LLDP-MED
configuring
procedures 27-4
TLVs 27-7
monitoring and maintaining 27-10
overview 27-1, 27-2
supported TLVs 27-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing 42-4
local SPAN 29-2
location TLV 27-3, 27-7
logging messages, ACL 34-9
login authentication
with RADIUS 9-29
with TACACS+ 9-14
login banners 7-10
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-22, 1-28
loop guard
described 20-11
enabling 20-18
support for 1-9
LRE profiles, considerations in switch clusters 6-16
M
MAB
See MAC authentication bypass
MAB aging timer 1-10
MAB inactivity timer
default setting 10-36
range 10-38
MAC/PHY configuration status TLV 27-2
MAC addresses
aging time 7-14
and VLAN association 7-13
building the address table 7-13
default configuration 7-14
disabling learning on a VLAN 7-23
discovering 7-24
displaying 7-24
displaying in the IP source binding table 22-25
dynamic
learning 7-13
removing 7-15
in ACLs 34-28
IP address association 38-9
static
adding 7-21
allowing 7-22, 7-23
characteristics of 7-20
dropping 7-22
removing 7-21
MAC address learning 1-6
MAC address learning, disabling on a VLAN 7-23
MAC address notification, support for 1-16
MAC address-table move update
configuration guidelines 21-8
configuring 21-12
default configuration 21-8
description 21-6
monitoring 21-14
MAC address-to-VLAN mapping 13-26
MAC authentication bypass 10-38
configuring 10-57
overview 10-17
See MAB
MAC extended access lists
applying to Layer 2 interfaces 34-29
configuring for QoS 35-52
creating 34-28
defined 34-28
for QoS classification 35-5
magic packet 10-27
manageability features 1-6
management access
in-band
browser session 1-7
CLI session 1-7
device manager 1-7
SNMP 1-7
out-of-band console port connection 1-7
management address TLV 27-2
management options
CLI 2-1
clustering 1-3
CNS 4-1
Network Assistant 1-2
overview 1-5
management VLAN
considerations in switch clusters 6-7
discovery through different management VLANs 6-7
mapping tables for QoS
configuring
CoS-to-DSCP 35-69
DSCP 35-69
DSCP-to-CoS 35-72
DSCP-to-DSCP-mutation 35-73
IP-precedence-to-DSCP 35-70
policed-DSCP 35-71
described 35-13
marking
action with aggregate policers 35-67
described 35-4, 35-9
matching
IPv6 ACLs 40-3
matching, IPv4 ACLs 34-8
maximum aging time
MSTP 19-24
STP 18-23
maximum hop count, MSTP 19-24
maximum number of allowed devices, port-based authentication 10-39
maximum-paths command 38-52, 38-91
MDA
configuration guidelines 10-13
described 1-11, 10-12
exceptions with authentication process 10-5
membership mode, VLAN port 13-3
member switch
automatic discovery 6-5
defined 6-2
managing 6-16
passwords 6-13
recovering from lost connectivity 49-12
requirements 6-4
See also candidate switch, cluster standby group, and standby command switch
memory consistency check errors
example 49-25
memory consistency check routines 1-5, 49-25
memory consistency integrity 1-5, 49-25
messages, to users through banners 7-10
metrics, in BGP 38-52
metric translations, between routing protocols 38-97
metro tags 17-2
MHSRP 42-4
MIBs
overview 32-1
SNMP interaction with 32-4
mini-point-of-presence
See POP
mirroring traffic for analysis 29-1
mismatches, autonegotiation 49-12
module number 12-11
monitoring
access groups 34-44
BGP 38-64
cables for unidirectional links 28-1
CDP 26-5
CEF 38-90
EIGRP 38-43
fallback bridging 48-10
features 1-16
Flex Links 21-14
HSRP 42-13
IEEE 802.1Q tunneling 17-17
IGMP
filters 24-29
snooping 24-16, 41-11
interfaces 12-31
IP
address tables 38-18
multicast routing 46-61
routes 38-105
IP SLAs operations 43-14
IPv4 ACL configuration 34-44
IPv6 39-28
IPv6 ACL configuration 40-8
IS-IS 38-74
ISO CLNS 38-74
Layer 2 protocol tunneling 17-17
MAC address-table move update 21-14
MSDP peers 47-18
multicast router interfaces 24-17, 41-12
multi-VRF CE 38-89
MVR 24-23
network traffic for analysis with probe 29-2
object tracking 44-13
OSPF 38-35
port
blocking 25-21
protection 25-21
private VLANs 16-15
RP mapping information 46-34
SFP status 12-32, 49-14
source-active messages 47-18
speed and duplex mode 12-19
SSM mapping 46-22
traffic flowing among switches 30-1
traffic suppression 25-21
tunneling 17-17
VLAN
filters 34-44
maps 34-44
VLANs 13-14
VMPS 13-31
VTP 14-17
mrouter Port 21-3
mrouter port 21-5
MSDP
benefits of 47-3
clearing MSDP connections and statistics 47-18
controlling source information
forwarded by switch 47-11
originated by switch 47-8
received by switch 47-13
default configuration 47-4
dense-mode regions
sending SA messages to 47-16
specifying the originating address 47-17
filtering
incoming SA messages 47-14
SA messages to a peer 47-12
SA requests from a peer 47-10
join latency, defined 47-6
meshed groups
configuring 47-15
defined 47-15
originating address, changing 47-17
overview 47-1
peer-RPF flooding 47-2
peers
configuring a default 47-4
monitoring 47-18
peering relationship, overview 47-1
requesting source information from 47-8
shutting down 47-15
source-active messages
caching 47-6
clearing cache entries 47-18
defined 47-2
filtering from a peer 47-10
filtering incoming 47-14
filtering to a peer 47-12
limiting data with TTL 47-13
monitoring 47-18
restricting advertised sources 47-9
support for 1-15
MSTP
boundary ports
configuration guidelines 19-15
described 19-6
BPDU filtering
described 20-3
enabling 20-14
BPDU guard
described 20-2
enabling 20-13
CIST, described 19-3
CIST regional root 19-3
CIST root 19-5
configuration guidelines 19-15, 20-12
configuring
forward-delay time 19-23
hello time 19-22
link type for rapid convergence 19-24
maximum aging time 19-24
maximum hop count 19-24
MST region 19-16
neighbor type 19-25
path cost 19-21
port priority 19-19
root switch 19-17
secondary root switch 19-19
switch priority 19-22
CST
defined 19-3
operations between regions 19-3
default configuration 19-14
default optional feature configuration 20-12
displaying status 19-26
enabling the mode 19-16
EtherChannel guard
described 20-10
enabling 20-17
extended system ID
effects on root switch 19-18
effects on secondary root switch 19-19
unexpected behavior 19-18
IEEE 802.1s
implementation 19-6
port role naming change 19-6
terminology 19-5
instances supported 18-10
interface state, blocking to forwarding 20-2
interoperability and compatibility among modes 18-11
interoperability with IEEE 802.1D
described 19-8
restarting migration process 19-26
IST
defined 19-2
master 19-3
operations within a region 19-3
loop guard
described 20-11
enabling 20-18
mapping VLANs to MST instance 19-16
MST region
CIST 19-3
configuring 19-16
described 19-2
hop-count mechanism 19-5
IST 19-2
supported spanning-tree instances 19-2
optional features supported 1-8
overview 19-2
Port Fast
described 20-2
enabling 20-12
preventing root switch selection 20-10
root guard
described 20-10
enabling 20-18
root switch
configuring 19-18
effects of extended system ID 19-18
unexpected behavior 19-18
shutdown Port Fast-enabled port 20-2
stack changes, effects of 19-8
status, displaying 19-26
multiauth
support for inaccessible authentication bypass 10-25
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 24-5
joining 24-3
leaving 24-5
static joins 24-10, 41-8
multicast packets
ACLs on 34-42
blocking 25-8
multicast router interfaces, monitoring 24-17, 41-12
multicast router ports, adding 24-9, 41-8
Multicast Source Discovery Protocol
See MSDP
multicast storm 25-1
multicast storm-control command 25-4
multicast television application 24-18
multicast VLAN 24-17
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multioperations scheduling, IP SLAs 43-5
multiple authentication 10-14
multiple authentication mode
configuring 10-45
Multiple HSRP
See MHSRP
multiple VPN routing/forwarding in customer edge devices
See multi-VRF CE
multi-VRF CE
configuration example 38-85
configuration guidelines 38-77
configuring 38-77
default configuration 38-77
defined 38-75
displaying 38-89
monitoring 38-89
network components 38-77
packet-forwarding process 38-76
support for 1-15
MVR
and address aliasing 24-20
and IGMPv3 24-21
configuration guidelines 24-20
configuring interfaces 24-22
default configuration 24-20
described 24-17
example application 24-18
in the switch stack 24-20
modes 24-21
monitoring 24-23
multicast television application 24-18
setting global parameters 24-21
support for 1-5
N
NAC
AAA down policy 1-12
critical authentication 10-24, 10-54
IEEE 802.1x authentication using a RADIUS server 10-58
IEEE 802.1x validation using RADIUS server 10-58
inaccessible authentication bypass 1-12, 10-54
Layer 2 IEEE 802.1x validation 1-11, 10-30, 10-58
Layer 2 IP validation 1-12
named IPv4 ACLs 34-15
NameSpace Mapper
See NSM
native VLAN
and IEEE 802.1Q tunneling 17-4
configuring 13-22
default 13-22
NEAT
configuring 10-59
overview 10-32
neighbor discovery, IPv6 39-4
neighbor discovery/recovery, EIGRP 38-36
neighbors, BGP 38-59
Network Admission Control
NAC
Network Assistant
benefits 1-2
described 1-5
downloading image files 1-2
guide mode 1-2
management options 1-2
managing switch stacks 5-2, 5-15
upgrading a switch 51-24
wizards 1-2
network configuration examples
cost-effective wiring closet 1-22
high-performance wiring closet 1-23
increasing network performance 1-21
large network 1-27
long-distance, high-bandwidth transport 1-30
multidwelling network 1-28
providing network services 1-21
redundant Gigabit backbone 1-23
server aggregation and Linux server cluster 1-24
small to medium-sized network 1-25
network design
performance 1-21
services 1-21
Network Edge Access Topology
See NEAT
network management
CDP 26-1
RMON 30-1
SNMP 32-1
network performance, measuring with IP SLAs 43-3
network policy TLV 27-2, 27-7
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
configuration guidelines 35-40
described 35-10
non-IP traffic filtering 34-28
nontrunking mode 13-16
normal-range VLANs 13-4
configuration guidelines 13-6
configuring 13-4
defined 13-1
no switchport command 12-4
not-so-stubby areas
See NSSA
NSAPs, as ISO IGRP addresses 38-65
NSF Awareness
IS-IS 38-67
NSM 4-3
NSSA, OSPF 38-31
NTP
associations
defined 7-2
overview 7-2
stratum 7-2
support for 1-7
time
services 7-2
synchronizing 7-2
O
object tracking
HSRP 44-7
IP SLAs 44-9
IP SLAs, configuring 44-9
monitoring 44-13
offline configuration for switch stacks 5-7
off mode, VTP 14-3
online diagnostics
overview 50-1
running tests 50-3
understanding 50-1
open1x
configuring 10-64
open1x authentication
overview 10-31
Open Shortest Path First
See OSPF
optimizing system resources 8-1
options, management 1-5
OSPF
area parameters, configuring 38-31
configuring 38-29
default configuration
metrics 38-32
route 38-32
settings 38-26
described 38-25
for IPv6 39-7
interface parameters, configuring 38-30
LSA group pacing 38-34
monitoring 38-35
router IDs 38-34
route summarization 38-32
support for 1-14
virtual links 38-32
out-of-profile markdown 1-14
P
packet modification, with QoS 35-20
PAgP
Layer 2 protocol tunneling 17-9
See EtherChannel
parallel paths, in routing tables 38-91
passive interfaces
configuring 38-101
OSPF 38-33
passwords
default configuration 9-2
disabling recovery of 9-5
encrypting 9-3
for security 1-10
in clusters 6-13
overview 9-1
recovery of 49-3
setting
enable 9-3
enable secret 9-3
Telnet 9-6
with usernames 9-6
VTP domain 14-9
path cost
MSTP 19-21
STP 18-20
path MTU discovery 39-4
PBR
defined 38-97
enabling 38-99
fast-switched policy-based routing 38-100
local policy-based routing 38-100
PC (passive command switch) 6-10
peers, BGP 38-59
percentage thresholds in tracked lists 44-6
performance, network design 1-21
performance features 1-4
persistent self-signed certificate 9-50
per-user ACLs and Filter-Ids 10-8
per-VLAN spanning-tree plus
See PVST+
PE to CE routing, configuring 38-84
physical ports 12-2
PIM
default configuration 46-11
dense mode
overview 46-4
rendezvous point (RP), described 46-5
RPF lookups 46-8
displaying neighbors 46-63
enabling a mode 46-13
overview 46-4
router-query message interval, modifying 46-37
shared tree and source tree, overview 46-35
shortest path tree, delaying the use of 46-36
sparse mode
join messages and shared tree 46-5
overview 46-5
prune messages 46-5
RPF lookups 46-9
stub routing
configuration guidelines 46-23
displaying 46-62
enabling 46-23
overview 46-5
support for 1-15
versions
interoperability 46-11
troubleshooting interoperability problems 46-35
v2 improvements 46-4
PIM-DVMRP, as snooping method 24-8
ping
character output description 49-15
executing 49-15
overview 49-14
PoE
auto mode 12-9
CDP with power consumption, described 12-7
CDP with power negotiation, described 12-7
Cisco intelligent power management 12-7
configuring 12-22
devices supported 12-7
high-power devices operating in low-power mode 12-7
IEEE power classification levels 12-8
power budgeting 12-23
power consumption 12-23
powered-device detection and initial power allocation 12-8
power management modes 12-9
power negotiation extensions to CDP 12-7
standards supported 12-7
static mode 12-9
troubleshooting 49-13
policed-DSCP map for QoS 35-71
policers
configuring
for each matched traffic class 35-55
for more than one traffic class 35-67
described 35-4
displaying 35-87
number of 35-40
types of 35-10
policing
described 35-4
hierarchical
See hierarchical policy maps
token-bucket algorithm 35-10
policy-based routing
See PBR
policy maps for QoS
characteristics of 35-55
described 35-8
displaying 35-88
hierarchical 35-9
hierarchical on SVIs
configuration guidelines 35-40
configuring 35-59
described 35-12
nonhierarchical on physical ports
configuration guidelines 35-40
described 35-10
POP 1-28
port ACLs
defined 34-2
types of 34-3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 10-16
authentication server
defined 10-3, 11-2
RADIUS server 10-3
client, defined 10-3, 11-2
configuration guidelines 10-37, 11-9
configuring
802.1x authentication 10-42
guest VLAN 10-52
host mode 10-45
inaccessible authentication bypass 10-54
manual re-authentication of a client 10-47
periodic re-authentication 10-46
quiet period 10-47
RADIUS server 10-44, 11-13
RADIUS server parameters on the switch 10-43, 11-11
restricted VLAN 10-53
switch-to-client frame-retransmission number 10-48, 10-49
switch-to-client retransmission time 10-48
violation modes 10-41 to 10-42
default configuration 10-36, 11-9
described 10-1
device roles 10-3, 11-2
displaying statistics 10-66, 11-17
downloadable ACLs and redirect URLs
configuring 10-61 to 10-63, ?? to 10-64
overview 10-20 to 10-22
EAPOL-start frame 10-5
EAP-request/identity frame 10-5
EAP-response/identity frame 10-5
enabling
802.1X authentication 11-11
encapsulation 10-3
flexible authentication ordering
configuring 10-64
overview 10-31
guest VLAN
configuration guidelines 10-23, 10-24
described 10-22
host mode 10-12
inaccessible authentication bypass
configuring 10-54
described 10-24
guidelines 10-38
initiation and message exchange 10-5
magic packet 10-27
maximum number of allowed devices per port 10-39
method lists 10-42
multiple authentication 10-14
per-user ACLs
AAA authorization 10-42
configuration tasks 10-20
described 10-19
RADIUS server attributes 10-19
ports
authorization state and dot1x port-control command 10-11
authorized and unauthorized 10-10
voice VLAN 10-27
port security
described 10-27
readiness check
configuring 10-39
described 10-17, 10-39
resetting to default values 10-66
stack changes, effects of 10-11
statistics, displaying 10-66
switch
as proxy 10-3, 11-2
RADIUS client 10-3
switch supplicant
configuring 10-59
overview 10-32
upgrading from a previous release 35-34
user distribution
guidelines 10-30
overview 10-29
VLAN assignment
AAA authorization 10-42
characteristics 10-18
configuration tasks 10-18
described 10-17
voice aware 802.1x security
configuring 10-40
described 10-31, 10-40
voice VLAN
described 10-27
PVID 10-27
VVID 10-27
wake-on-LAN, described 10-27
with ACLs and RADIUS Filter-Id attribute 10-34
port-based authentication methods, supported 10-7
port blocking 1-5, 25-7
port-channel
See EtherChannel
port description TLV 27-2
Port Fast
described 20-2
enabling 20-12
mode, spanning tree 13-28
support for 1-8
port membership modes, VLAN 13-3
port priority
MSTP 19-19
STP 18-18
ports
10-Gigabit Ethernet module 12-6
access 12-3
blocking 25-7
dynamic access 13-3
IEEE 802.1Q tunnel 13-4
protected 25-6
routed 12-4
secure 25-8
static-access 13-3, 13-10
switch 12-2
trunks 13-3, 13-15
VLAN assignments 13-10
port security
aging 25-17
and private VLANs 25-18
and QoS trusted boundary 35-45
and stacking 25-18
configuring 25-13
default configuration 25-11
described 25-8
displaying 25-21
enabling 25-18
on trunk ports 25-14
sticky learning 25-9
violations 25-10
with other features 25-11
port-shutdown response, VMPS 13-27
port VLAN ID TLV 27-2
power management TLV 27-2, 27-7
Power over Ethernet
See PoE
preemption, default configuration 21-7
preemption delay, default configuration 21-8
preferential treatment of traffic
See QoS
prefix lists, BGP 38-56
preventing unauthorized access 9-1
primary interface for object tracking, DHCP, configuring 44-10
primary interface for static routing, configuring 44-10
primary links 21-2
primary VLANs 16-1, 16-3
priority
HSRP 42-8
overriding CoS 15-6
trusting CoS 15-6
private VLAN edge ports
See protected ports
private VLANs
across multiple switches 16-4
and SDM template 16-4
and SVIs 16-5
and switch stacks 16-6
benefits of 16-1
community ports 16-2
community VLANs 16-2, 16-3
configuration guidelines 16-7, 16-9
configuration tasks 16-6
configuring 16-10
default configuration 16-7
end station access to 16-3
IP addressing 16-3
isolated port 16-2
isolated VLANs 16-2, 16-3
mapping 16-14
monitoring 16-15
ports
community 16-2
configuration guidelines 16-9
configuring host ports 16-12
configuring promiscuous ports 16-13
described 13-4
isolated 16-2
promiscuous 16-2
primary VLANs 16-1, 16-3
promiscuous ports 16-2
secondary VLANs 16-2
subdomains 16-1
traffic in 16-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 9-9
command switch 6-17
exiting 9-9
logging into 9-9
mapping on member switches 6-17
overview 9-2, 9-7
setting a command with 9-8
promiscuous ports
configuring 16-13
defined 16-2
protected ports 1-10, 25-6
protocol-dependent modules, EIGRP 38-36
Protocol-Independent Multicast Protocol
See PIM
protocol storm protection 25-19
provider edge devices 38-75
provisioned switches and IP source guard 22-18
provisioning new members for a switch stack 5-7
proxy ARP
configuring 38-11
definition 38-9
with IP routing disabled 38-12
proxy reports 21-3
pruning, VTP
disabling
in VTP domain 14-15
on a port 13-22
enabling
in VTP domain 14-15
on a port 13-21
examples 14-6
overview 14-6
pruning-eligible list
changing 13-21
for VTP pruning 14-6
VLANs 14-15
PVST+
described 18-10
IEEE 802.1Q trunking interoperability 18-11
instances supported 18-10
Q
QoS
and MQC commands 35-1
auto-QoS
categorizing traffic 35-22
configuration and defaults display 35-36
configuration guidelines 35-33
described 35-21
disabling 35-36
displaying generated commands 35-36
displaying the initial configuration 35-36
effects on running configuration 35-33
list of generated commands 35-24, 35-28
basic model 35-4
classification
class maps, described 35-8
defined 35-4
DSCP transparency, described 35-47
flowchart 35-7
forwarding treatment 35-3
in frames and packets 35-3
IP ACLs, described 35-6, 35-8
MAC ACLs, described 35-5, 35-8
options for IP traffic 35-6
options for non-IP traffic 35-5
policy maps, described 35-8
trust DSCP, described 35-5
trusted CoS, described 35-5
trust IP precedence, described 35-5
class maps
configuring 35-53
displaying 35-87
configuration guidelines
auto-QoS 35-33
standard QoS 35-39
configuring
aggregate policers 35-67
auto-QoS 35-21
default port CoS value 35-45
DSCP maps 35-69
DSCP transparency 35-47
DSCP trust states bordering another domain 35-47
egress queue characteristics 35-79
ingress queue characteristics 35-75
IP extended ACLs 35-51
IP standard ACLs 35-50
MAC ACLs 35-52
policy maps, hierarchical 35-59
port trust states within the domain 35-43
trusted boundary 35-45
default auto configuration 35-22
default standard configuration 35-37
displaying statistics 35-87
DSCP transparency 35-47
egress queues
allocating buffer space 35-80
buffer allocation scheme, described 35-18
configuring shaped weights for SRR 35-84
configuring shared weights for SRR 35-85
described 35-4
displaying the threshold map 35-83
flowchart 35-18
mapping DSCP or CoS values 35-82
scheduling, described 35-4
setting WTD thresholds 35-80
WTD, described 35-19
enabling globally 35-42
flowcharts
classification 35-7
egress queueing and scheduling 35-18
ingress queueing and scheduling 35-16
policing and marking 35-11
implicit deny 35-8
ingress queues
allocating bandwidth 35-77
allocating buffer space 35-77
buffer and bandwidth allocation, described 35-17
configuring shared weights for SRR 35-77
configuring the priority queue 35-78
described 35-4
displaying the threshold map 35-76
flowchart 35-16
mapping DSCP or CoS values 35-75
priority queue, described 35-17
scheduling, described 35-4
setting WTD thresholds 35-75
WTD, described 35-17
IP phones
automatic classification and queueing 35-21
detection and trusted settings 35-21, 35-45
limiting bandwidth on egress interface 35-86
mapping tables
CoS-to-DSCP 35-69
displaying 35-87
DSCP-to-CoS 35-72
DSCP-to-DSCP-mutation 35-73
IP-precedence-to-DSCP 35-70
policed-DSCP 35-71
types of 35-13
marked-down actions 35-57, 35-63
marking, described 35-4, 35-9
overview 35-2
packet modification 35-20
policers
configuring 35-57, 35-63, 35-67
described 35-9
displaying 35-87
number of 35-40
types of 35-10
policies, attaching to an interface 35-9
policing
described 35-4, 35-9
token bucket algorithm 35-10
policy maps
characteristics of 35-55
displaying 35-88
hierarchical 35-9
hierarchical on SVIs 35-59
nonhierarchical on physical ports 35-55
QoS label, defined 35-4
queues
configuring egress characteristics 35-79
configuring ingress characteristics 35-75
high priority (expedite) 35-20, 35-86
location of 35-14
SRR, described 35-15
WTD, described 35-14
rewrites 35-20
support for 1-13
trust states
bordering another domain 35-47
described 35-5
trusted device 35-45
within the domain 35-43
quality of service
See QoS
queries, IGMP 24-4
query solicitation, IGMP 24-13
R
RADIUS
attributes
vendor-proprietary 9-37
vendor-specific 9-35
configuring
accounting 9-34
authentication 9-29
authorization 9-33
communication, global 9-27, 9-35
communication, per-server 9-27
multiple UDP ports 9-27
default configuration 9-27
defining AAA server groups 9-31
displaying the configuration 9-39
identifying the server 9-27
in clusters 6-16
limiting the services to the user 9-33
method list, defined 9-26
operation of 9-19
overview 9-18
server load balancing 9-39
suggested network environments 9-18
support for 1-12
tracking services accessed by user 9-34
RADIUS Change of Authorization 9-20
range
macro 12-14
of interfaces 12-13
rapid convergence 19-10
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 18-10
IEEE 802.1Q trunking interoperability 18-11
instances supported 18-10
Rapid Spanning Tree Protocol
See RSTP
RARP 38-9
rcommand command 6-16
RCP
configuration files
downloading 51-17
overview 51-16
preparing the server 51-16
uploading 51-18
image files
deleting old image 51-37
downloading 51-36
preparing the server 51-35
uploading 51-37
reachability, tracking IP SLAs IP host 44-9
readiness check
port-based authentication
configuring 10-39
described 10-17, 10-39
reconfirmation interval, VMPS, changing 13-30
reconfirming dynamic VLAN membership 13-30
recovery procedures 49-1
redirect URL 10-20, 10-21, 10-61
redundancy
EtherChannel 36-3
HSRP 42-1
STP
backbone 18-8
multidrop backbone 20-5
path cost 13-25
port priority 13-23
redundant links and UplinkFast 20-15
redundant power system
See Cisco Redundant Power System 2300
reliable transport protocol, EIGRP 38-36
reloading software 3-23
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 29-3
report suppression, IGMP
described 24-6
disabling 24-16, 41-11
resequencing ACL entries 34-15
reserved addresses in DHCP pools 22-27
resets, in BGP 38-51
resetting a UDLD-shutdown interface 28-6
responder, IP SLAs
described 43-4
enabling 43-8
response time, measuring with IP SLAs 43-4
restricted VLAN
configuring 10-53
described 10-23
using with IEEE 802.1x 10-23
restricting access
overview 9-1
passwords and privilege levels 9-2
RADIUS 9-17
TACACS+ 9-10
retry count, VMPS, changing 13-30
reverse address resolution 38-9
Reverse Address Resolution Protocol
See RARP
RFC
1058, RIP 38-19
1112, IP multicast and IGMP 24-2
1157, SNMPv1 32-2
1163, BGP 38-44
1166, IP addresses 38-7
1253, OSPF 38-25
1267, BGP 38-44
1305, NTP 7-2
1587, NSSAs 38-25
1757, RMON 30-2
1771, BGP 38-44
1901, SNMPv2C 32-2
1902 to 1907, SNMPv2 32-2
2236, IP multicast and IGMP 24-2
2273-2275, SNMPv3 32-2
RFC 5176 Compliance 9-21
RIP
advertisements 38-20
authentication 38-22
configuring 38-21
default configuration 38-20
described 38-20
for IPv6 39-7
hop counts 38-20
split horizon 38-23
summary addresses 38-23
support for 1-14
RMON
default configuration 30-3
displaying status 30-6
enabling alarms and events 30-3
groups supported 30-2
overview 30-1
statistics
collecting group Ethernet 30-5
collecting group history 30-5
support for 1-16
root guard
described 20-10
enabling 20-18
support for 1-9
root switch
MSTP 19-17
STP 18-16
route calculation timers, OSPF 38-33
route dampening, BGP 38-63
routed packets, ACLs on 34-42
routed ports
configuring 38-5
defined 12-4
in switch clusters 6-8
IP addresses on 12-26, 38-5
route-map command 38-100
route maps
BGP 38-54
policy-based routing 38-97
router ACLs
defined 34-2
types of 34-4
route reflectors, BGP 38-62
router ID, OSPF 38-34
route selection, BGP 38-52
route summarization, OSPF 38-32
route targets, VPN 38-77
routing
default 38-3
dynamic 38-3
redistribution of information 38-93
static 38-3
routing domain confederation, BGP 38-61
Routing Information Protocol
See RIP
routing protocol administrative distances 38-92
RPS
See Cisco Redundant Power System 2300
RPS 2300
See Cisco Redundant Power System 2300
RSPAN
and stack changes 29-9
characteristics 29-8
configuration guidelines 29-16
default configuration 29-10
defined 29-3
destination ports 29-7
displaying status 29-23
in a switch stack 29-2
interaction with other features 29-8
monitored ports 29-6
monitoring ports 29-7
overview 1-16, 29-1
received traffic 29-5
session limits 29-10
sessions
creating 29-17
defined 29-3
limiting source traffic to specific VLANs 29-22
specifying monitored ports 29-17
with ingress traffic enabled 29-20
source ports 29-6
transmitted traffic 29-5
VLAN-based 29-6
RSTP
active topology 19-9
BPDU
format 19-12
processing 19-13
designated port, defined 19-9
designated switch, defined 19-9
interoperability with IEEE 802.1D
described 19-8
restarting migration process 19-26
topology changes 19-13
overview 19-9
port roles
described 19-9
synchronized 19-11
proposal-agreement handshake process 19-10
rapid convergence
cross-stack rapid convergence 19-11
described 19-10
edge ports and Port Fast 19-10
point-to-point links 19-10, 19-24
root ports 19-10
root port, defined 19-9
See also MSTP
running configuration
replacing 51-19, 51-20
rolling back 51-19, 51-21
running configuration, saving 3-16
S
SC (standby command switch) 6-10
scheduled reloads 3-23
scheduling, IP SLAs operations 43-5
SCP
and SSH 9-55
configuring 9-55
SDM
switch stack consideration 5-9
templates
configuring 8-6
number of 8-1
SDM mismatch mode 5-10, 8-4
SDM template 40-4
aggregator 8-1
configuration guidelines 8-5
configuring 8-4
desktop 8-1
dual IPv4 and IPv6 8-2
types of 8-1
secondary VLANs 16-2
Secure Copy Protocol
secure HTTP client
configuring 9-54
displaying 9-55
secure HTTP server
configuring 9-53
displaying 9-55
secure MAC addresses
and switch stacks 25-18
deleting 25-16
maximum number of 25-10
types of 25-9
secure ports
and switch stacks 25-18
configuring 25-8
secure remote connections 9-45
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 25-8
security features 1-10
See SCP
sequence numbers in log messages 31-8
server mode, VTP 14-3
service-provider network, MSTP and RSTP 19-1
service-provider networks
and customer VLANs 17-2
and IEEE 802.1Q tunneling 17-1
Layer 2 protocols across 17-8
Layer 2 protocol tunneling for EtherChannels 17-9
set-request operation 32-4
setup program
failed command switch replacement 49-11
replacing failed command switch 49-9
severity levels, defining in system messages 31-9
SFPs
monitoring status of 12-32, 49-14
numbering of 12-11
security and identification 49-13
status, displaying 49-14
shaped round robin
See SRR
show access-lists hw-summary command 34-22
show and more command output, filtering 2-9
show cdp traffic command 26-5
show cluster members command 6-16
show configuration command 12-25
show forward command 49-22
show interfaces command 12-19, 12-25
show interfaces switchport 21-4
show l2protocol command 17-13, 17-15
show lldp traffic command 27-11
show platform forward command 49-22
show platform tcam command 49-25
show running-config command
displaying ACLs 34-20, 34-21, 34-32, 34-35
interface description in 12-25
shutdown command on interfaces 12-33
shutdown threshold for Layer 2 protocol packets 17-11
Simple Network Management Protocol
See SNMP
small form-factor pluggable modules
See SFPs
small-frame arrival rate, configuring 25-5
smart logging 31-1, 31-14
SNAP 26-1
SNMP
accessing MIB variables with 32-4
agent
described 32-4
disabling 32-7
and IP SLAs 43-2
authentication level 32-10
community strings
configuring 32-8
for cluster switches 32-4
overview 32-4
configuration examples 32-17
default configuration 32-6
engine ID 32-7
groups 32-7, 32-9
host 32-7
ifIndex values 32-5
in-band management 1-7
in clusters 6-14
informs
and trap keyword 32-12
described 32-5
differences from traps 32-5
disabling 32-15
enabling 32-15
limiting access by TFTP servers 32-16
limiting system log messages to NMS 31-10
manager functions 1-6, 32-3
managing clusters with 6-17
notifications 32-5
overview 32-1, 32-4
security levels 32-3
setting CPU threshold notification 32-15
status, displaying 32-18
system contact and location 32-16
trap manager, configuring 32-13
traps
described 32-3, 32-5
differences from informs 32-5
disabling 32-15
enabling 32-12
enabling MAC address notification 7-15, 7-17, 7-19
overview 32-1, 32-4
types of 32-12
users 32-7, 32-9
versions supported 32-2
SNMP and Syslog Over IPv6 39-8
SNMPv1 32-2
SNMPv2C 32-2
SNMPv3 32-2
snooping, IGMP 24-2
software compatibility
See stacks, switch
software images
location in flash 51-25
recovery procedures 49-2
scheduling reloads 3-24
tar file format, described 51-25
See also downloading and uploading
source addresses
in IPv4 ACLs 34-12
in IPv6 ACLs 40-5
source-and-destination-IP address based forwarding, EtherChannel 36-9
source-and-destination MAC address forwarding, EtherChannel 36-9
source-IP address based forwarding, EtherChannel 36-9
source-MAC address forwarding, EtherChannel 36-8
Source-specific multicast
See SSM
SPAN
and stack changes 29-9
configuration guidelines 29-10
default configuration 29-10
destination ports 29-7
displaying status 29-23
interaction with other features 29-8
monitored ports 29-6
monitoring ports 29-7
overview 1-16, 29-1
ports, restrictions 25-12
received traffic 29-5
session limits 29-10
sessions
configuring ingress forwarding 29-15, 29-21
creating 29-11
defined 29-3
limiting source traffic to specific VLANs 29-15
removing destination (monitoring) ports 29-13
specifying monitored ports 29-11
with ingress traffic enabled 29-14
source ports 29-6
transmitted traffic 29-5
VLAN-based 29-6
spanning tree and native VLANs 13-17
Spanning Tree Protocol
See STP
SPAN traffic 29-5
split horizon, RIP 38-23
SRR
configuring
shaped weights on egress queues 35-84
shared weights on egress queues 35-85
shared weights on ingress queues 35-77
described 35-15
shaped mode 35-15
shared mode 35-15
support for 1-14
SSH
configuring 9-46
cryptographic software image 9-44
described 1-7, 9-45
encryption methods 9-45
switch stack considerations 5-16
user authentication methods, supported 9-45
SSL
configuration guidelines 9-51
configuring a secure HTTP client 9-54
configuring a secure HTTP server 9-53
cryptographic software image 9-49
described 9-49
monitoring 9-55
SSM
address management restrictions 46-16
CGMP limitations 46-16
components 46-14
configuration guidelines 46-16
configuring 46-14, 46-17
differs from Internet standard multicast 46-14
IGMP snooping 46-16
IGMPv3 46-14
IGMPv3 Host Signalling 46-15
IP address range 46-15
monitoring 46-17
operations 46-15
PIM 46-14
state maintenance limitations 46-16
SSM mapping 46-17
configuration guidelines 46-18
configuring 46-17, 46-20
DNS-based 46-19, 46-21
monitoring 46-22
overview 46-18
restrictions 46-18
static 46-19, 46-20
static traffic forwarding 46-22
stack, switch
MAC address of 5-6, 5-19
stack changes
effects on
IPv6 routing 39-10
stack changes, effects on
802.1x port-based authentication 10-11
ACL configuration 34-7
CDP 26-2
cross-stack EtherChannel 36-13
EtherChannel 36-10
fallback bridging 48-3
HSRP 42-5
IGMP snooping 24-6
IP routing 38-4
IPv6 ACLs 40-3
MAC address tables 7-14
MSTP 19-8
multicast routing 46-10
MVR 24-18
port security 25-18
SDM template selection 8-3
SNMP 32-1
SPAN and RSPAN 29-9
STP 18-12
switch clusters 6-14
system message log 31-2
VLANs 13-7
VTP 14-7
stack master
bridge ID (MAC address) 5-6
defined 5-1
election 5-4
IPv6 39-11
See also stacks, switch
stack member
accessing CLI of specific member 5-23
configuring
member number 5-21
priority value 5-22
defined 5-1
displaying information of 5-24
IPv6 39-11
number 5-6
priority value 5-7
provisioning a new member 5-22
replacing 5-14
See also stacks, switch
stack member number 12-11
stack protocol version 5-10
stacks, switch
accessing CLI of specific member 5-23
assigning information
member number 5-21
priority value 5-22
provisioning a new member 5-22
auto-advise 5-12
auto-copy 5-11
auto-extract 5-11
auto-upgrade 5-11
bridge ID 5-6
CDP considerations 26-2
compatibility, software 5-10
configuration file 5-14
configuration scenarios 5-16
copying an image file from one member to another 51-38
default configuration 5-19
description of 5-1
displaying information of 5-24
enabling persistent MAC address timer 5-19
hardware compatibility and SDM mismatch mode 5-9
HSRP considerations 42-5
in clusters 6-14
incompatible software and image upgrades 5-14, 51-38
IPv6 on 39-10
MAC address considerations 7-14
management connectivity 5-15
managing 5-1
membership 5-3
merged 5-3
MSTP instances supported 18-10
multicast routing, stack master and member roles 46-10
offline configuration
described 5-7
effects of adding a provisioned switch 5-8
effects of removing a provisioned switch 5-9
effects of replacing a provisioned switch 5-9
provisioned configuration, defined 5-7
provisioned switch, defined 5-7
provisioning a new member 5-22
partitioned 5-3, 49-8
provisioned switch
adding 5-8
removing 5-9
replacing 5-9
replacing a failed member 5-14
software compatibility 5-10
software image version 5-10
stack protocol version 5-10
STP
bridge ID 18-3
instances supported 18-10
root port selection 18-3
stack root switch election 18-3
system messages
hostnames in the display 31-1
remotely monitoring 31-2
system prompt consideration 7-7
system-wide configuration considerations 5-15
upgrading 51-38
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 5-11
examples 5-12
manual upgrades with auto-advise 5-12
upgrades with auto-extract 5-11
version-mismatch mode
described 5-10
See also stack master and stack member
standby command switch
configuring
considerations 6-11
defined 6-2
priority 6-10
requirements 6-3
virtual IP address 6-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby ip command 42-6
standby links 21-2
standby router 42-2
standby timers, HSRP 42-10
startup configuration
booting
manually 3-20
specific image 3-21
clearing 51-19
configuration file
automatically downloading 3-19
specifying the filename 3-19
static access ports
assigning to VLAN 13-10
defined 12-3, 13-3
static addresses
See addresses
static IP routing 1-15
static MAC addressing 1-10
static route primary interface,configuring 44-10
static routes
configuring 38-91
configuring for IPv6 39-21
understanding 39-7
static routing 38-3
static routing support, enhanced object tracking 44-10
static SSM mapping 46-19, 46-20
static traffic forwarding 46-22
static VLAN membership 13-2
statistics
802.1X 11-17
802.1x 10-66
CDP 26-5
interface 12-31
IP multicast routing 46-62
LLDP 27-10
LLDP-MED 27-10
NMSP 27-10
OSPF 38-35
QoS ingress and egress 35-87
RMON group Ethernet 30-5
RMON group history 30-5
SNMP input and output 32-18
VTP 14-17
sticky learning 25-9
storm control
configuring 25-3
described 25-1
disabling 25-5
displaying 25-21
support for 1-4
thresholds 25-1
STP
accelerating root port selection 20-4
BackboneFast
described 20-7
disabling 20-17
enabling 20-17
BPDU filtering
described 20-3
disabling 20-15
enabling 20-14
BPDU guard
described 20-2
disabling 20-14
enabling 20-13
BPDU message exchange 18-3
configuration guidelines 18-13, 20-12
configuring
forward-delay time 18-23
hello time 18-22
maximum aging time 18-23
path cost 18-20
port priority 18-18
root switch 18-16
secondary root switch 18-18
spanning-tree mode 18-15
switch priority 18-21
transmit hold-count 18-24
counters, clearing 18-24
cross-stack UplinkFast
described 20-5
enabling 20-16
default configuration 18-13
default optional feature configuration 20-12
designated port, defined 18-4
designated switch, defined 18-4
detecting indirect link failures 20-8
disabling 18-16
displaying status 18-24
EtherChannel guard
described 20-10
disabling 20-17
enabling 20-17
extended system ID
effects on root switch 18-16
effects on the secondary root switch 18-18
overview 18-4
unexpected behavior 18-16
features supported 1-8
IEEE 802.1D and bridge ID 18-4
IEEE 802.1D and multicast addresses 18-9
IEEE 802.1t and VLAN identifier 18-5
inferior BPDU 18-3
instances supported 18-10
interface state, blocking to forwarding 20-2
interface states
blocking 18-6
disabled 18-7
forwarding 18-6, 18-7
learning 18-7
listening 18-7
overview 18-5
interoperability and compatibility among modes 18-11
Layer 2 protocol tunneling 17-7
limitations with IEEE 802.1Q trunks 18-11
load sharing
overview 13-22
using path costs 13-25
using port priorities 13-23
loop guard
described 20-11
enabling 20-18
modes supported 18-10
multicast addresses, effect of 18-9
optional features supported 1-8
overview 18-2
path costs 13-25
Port Fast
described 20-2
enabling 20-12
port priorities 13-24
preventing root switch selection 20-10
protocols supported 18-10
redundant connectivity 18-8
root guard
described 20-10
enabling 20-18
root port, defined 18-3
root port selection on a switch stack 18-3
root switch
configuring 18-16
effects of extended system ID 18-4, 18-16
election 18-3
unexpected behavior 18-16
shutdown Port Fast-enabled port 20-2
stack changes, effects of 18-12
status, displaying 18-24
superior BPDU 18-3
timers, described 18-22
UplinkFast
described 20-3
enabling 20-15
VLAN-bridge 18-11
stratum, NTP 7-2
stub areas, OSPF 38-31
stub routing, EIGRP 38-42
subdomains, private VLAN 16-1
subnet mask 38-7
subnet zero 38-7
success response, VMPS 13-27
summer time 7-6
SunNet Manager 1-6
supernet 38-8
supported port-based authentication methods 10-7
SVI autostate exclude
configuring 12-27
defined 12-5
SVI link state 12-5
SVIs
and IP unicast routing 38-5
and router ACLs 34-4
connecting VLANs 12-10
defined 12-5
routing between VLANs 13-2
switch 39-2
switch clustering technology 6-1
See also clusters, switch
switch console port 1-7
Switch Database Management
See SDM
switched packets, ACLs on 34-40
Switched Port Analyzer
See SPAN
switched ports 12-2
switchport backup interface 21-4, 21-5
switchport block multicast command 25-8
switchport block unicast command 25-8
switchport command 12-16
switchport mode dot1q-tunnel command 17-6
switchport protected command 25-7
switch priority
MSTP 19-22
STP 18-21
switch software features 1-1
switch virtual interface
See SVI
synchronization, BGP 38-48
syslog
See system message logging
system capabilities TLV 27-2
system clock
configuring
daylight saving time 7-6
manually 7-4
summer time 7-6
time zones 7-5
displaying the time and date 7-5
overview 7-1
See also NTP
system description TLV 27-2
system message logging
default configuration 31-4
defining error message severity levels 31-9
disabling 31-4
displaying the configuration 31-17
enabling 31-5
facility keywords, described 31-14
level keywords, described 31-10
limiting messages 31-10
message format 31-2
overview 31-1
sequence numbers, enabling and disabling 31-8
setting the display destination device 31-5
stack changes, effects of 31-2
synchronizing log messages 31-6
syslog facility 1-16
time stamps, enabling and disabling 31-8
UNIX syslog servers
configuring the daemon 31-13
configuring the logging facility 31-13
facilities supported 31-14
system MTU
and IS-IS LSPs 38-69
system MTU and IEEE 802.1Q tunneling 17-5
system name
default configuration 7-8
default setting 7-8
manual configuration 7-8
See also DNS
system name TLV 27-2
system prompt, default setting 7-7, 7-8
system resources, optimizing 8-1
system routing
IS-IS 38-65
ISO IGRP 38-65
T
TACACS+
accounting, defined 9-11
authentication, defined 9-11
authorization, defined 9-11
configuring
accounting 9-17
authentication key 9-13
authorization 9-16
login authentication 9-14
default configuration 9-13
displaying the configuration 9-17
identifying the server 9-13
in clusters 6-16
limiting the services to the user 9-16
operation of 9-12
overview 9-10
support for 1-12
tracking services accessed by user 9-17
tagged packets
IEEE 802.1Q 17-3
Layer 2 protocol 17-7
tar files
creating 51-6
displaying the contents of 51-7
extracting 51-7
image file format 51-25
TCAM
memory consistency check errors
example 49-25
memory consistency check routines 1-5, 49-25
memory consistency integrity 1-5, 49-25
space
HFTM 49-25
HQATM 49-25
unassigned 49-25
TCL script, registering and defining with embedded event manager 33-7
TDR 1-16
Telnet
accessing management interfaces 2-10
number of connections 1-7
setting a password 9-6
templates, SDM 8-2
temporary self-signed certificate 9-50
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 9-6
ternary content addressable memory
See TCAM
TFTP
configuration files
downloading 51-11
preparing the server 51-10
uploading 51-12
configuration files in base directory 3-8
configuring for autoconfiguration 3-7
image files
deleting 51-28
downloading 51-27
preparing the server 51-26
uploading 51-29
limiting access by servers 32-16
TFTP server 1-6
threshold, traffic level 25-2
threshold monitoring, IP SLAs 43-6
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 34-17
time ranges in ACLs 34-17
time stamps in log messages 31-8
time zones 7-5
TLVs
defined 27-1
LLDP 27-2
LLDP-MED 27-2
Token Ring VLANs
support for 13-6
VTP support 14-4
ToS 1-13
traceroute, Layer 2
and ARP 49-17
and CDP 49-16
broadcast traffic 49-16
described 49-16
IP addresses and subnets 49-17
MAC addresses and VLANs 49-16
multicast traffic 49-16
multiple devices on a port 49-17
unicast traffic 49-16
usage guidelines 49-16
traceroute command 49-18
See also IP traceroute
tracked lists
configuring 44-3
types 44-3
tracked objects
by Boolean expression 44-4
by threshold percentage 44-6
by threshold weight 44-5
tracking interface line-protocol state 44-2
tracking IP routing state 44-2
tracking objects 44-1
tracking process 44-1
track state, tracking IP SLAs 44-9
traffic
blocking flooded 25-8
fragmented 34-5
fragmented IPv6 40-2
unfragmented 34-5
traffic policing 1-13
traffic suppression 25-1
transmit hold-count
see STP
transparent mode, VTP 14-3
trap-door mechanism 3-2
traps
configuring MAC address notification 7-15, 7-17, 7-19
configuring managers 32-12
defined 32-3
enabling 7-15, 7-17, 7-19, 32-12
notification types 32-12
overview 32-1, 32-4
troubleshooting
connectivity problems 49-14, 49-16, 49-17
CPU utilization 49-26
detecting unidirectional links 28-1
displaying crash information 49-24
PIMv1 and PIMv2 interoperability problems 46-35
setting packet forwarding 49-22
SFP security and identification 49-13
show forward command 49-22
with CiscoWorks 32-4
with debug commands 49-20
with ping 49-14
with system message logging 31-1
with traceroute 49-17
trunk failover
See link-state tracking
trunking encapsulation 1-9
trunk ports
configuring 13-19
defined 12-3, 13-3
encapsulation 13-19, 13-24, 13-25
trunks
allowed-VLAN list 13-20
configuring 13-19, 13-24, 13-25
ISL 13-15
load sharing
setting STP path costs 13-25
using STP port priorities 13-23, 13-24
native VLAN for untagged traffic 13-22
parallel 13-25
pruning-eligible list 13-21
to non-DTP device 13-16
trusted boundary for QoS 35-45
trusted port states
between QoS domains 35-47
classification options 35-5
ensuring port security for IP phones 35-45
support for 1-13
within a QoS domain 35-43
trustpoints, CA 9-49
tunneling
defined 17-1
IEEE 802.1Q 17-1
Layer 2 protocol 17-8
tunnel ports
defined 13-4
described 12-4, 17-1
IEEE 802.1Q, configuring 17-6
incompatibilities with other features 17-5
twisted-pair Ethernet, detecting unidirectional links 28-1
type of service
See ToS
U
UDLD
configuration guidelines 28-4
default configuration 28-4
disabling
globally 28-5
on fiber-optic interfaces 28-5
per interface 28-6
echoing detection mechanism 28-3
enabling
globally 28-5
per interface 28-6
Layer 2 protocol tunneling 17-10
link-detection mechanism 28-1
neighbor database 28-2
overview 28-1
resetting an interface 28-6
status, displaying 28-7
support for 1-8
UDP, configuring 38-15
UDP jitter, configuring 43-10
UDP jitter operation, IP SLAs 43-9
unauthorized ports with IEEE 802.1x 10-10
unicast MAC address filtering 1-6
and adding static addresses 7-22
and broadcast MAC addresses 7-21
and CPU packets 7-21
and multicast addresses 7-21
and router MAC addresses 7-21
configuration guidelines 7-21
described 7-21
unicast storm 25-1
unicast storm control command 25-4
unicast traffic, blocking 25-8
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 31-13
facilities supported 31-14
message logging configuration 31-13
unrecognized Type-Length-Value (TLV) support 14-4
upgrading software images
See downloading
UplinkFast
described 20-3
disabling 20-16
enabling 20-15
support for 1-8
uploading
configuration files
preparing 51-10, 51-13, 51-16
reasons for 51-9
using FTP 51-15
using RCP 51-18
using TFTP 51-12
image files
preparing 51-26, 51-30, 51-35
reasons for 51-24
using FTP 51-33
using RCP 51-37
using TFTP 51-29
User Datagram Protocol
See UDP
user EXEC mode 2-2
username-based authentication 9-6
V
VACL logging parameters 34-38
VACLs
logging
configuration example 34-39
version-dependent transparent mode 14-4
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 5-11
manual upgrades with auto-advise 5-12
upgrades with auto-extract 5-11
version-mismatch mode
described 5-10
virtual IP address
cluster standby group 6-11
command switch 6-11
Virtual Private Network
See VPN
virtual router 42-1, 42-2
virtual switches and PAgP 36-6
vlan.dat file 13-5
VLAN 1, disabling on a trunk port 13-20
VLAN 1 minimization 13-20
VLAN ACLs
See VLAN maps
vlan-assignment response, VMPS 13-26
VLAN configuration
at bootup 13-7
saving 13-7
VLAN configuration mode 2-2
VLAN database
and startup configuration file 13-7
and VTP 14-1
VLAN configuration saved in 13-7
VLANs saved in 13-4
vlan dot1q tag native command 17-4
VLAN filtering and SPAN 29-7
vlan global configuration command 13-7
VLAN ID, discovering 7-24
VLAN link state 12-5
VLAN load balancing on flex links 21-2
configuration guidelines 21-8
VLAN management domain 14-2
VLAN Management Policy Server
See VMPS
VLAN map entries, order of 34-31
VLAN maps
applying 34-35
common uses for 34-35
configuration guidelines 34-31
configuring 34-30
creating 34-32
defined 34-2
denying access to a server example 34-36
denying and permitting packets 34-32
displaying 34-44
examples of ACLs and VLAN maps 34-33
removing 34-35
support for 1-10
wiring closet configuration example 34-36
VLAN membership
confirming 13-30
modes 13-3
VLAN Query Protocol
See VQP
VLANs
adding 13-8
adding to VLAN database 13-8
aging dynamic addresses 18-9
allowed on trunk 13-20
and spanning-tree instances 13-3, 13-6, 13-11
configuration guidelines, extended-range VLANs 13-11
configuration guidelines, normal-range VLANs 13-6
configuring 13-1
configuring IDs 1006 to 4094 13-11
connecting through SVIs 12-10
creating 13-8
customer numbering in service-provider networks 17-3
default configuration 13-7
deleting 13-9
described 12-2, 13-1
displaying 13-14
extended-range 13-1, 13-11
features 1-9
illustrated 13-2
internal 13-12
in the switch stack 13-7
limiting source traffic with RSPAN 29-22
limiting source traffic with SPAN 29-15
modifying 13-8
multicast 24-17
native, configuring 13-22
normal-range 13-1, 13-4
number supported 1-9
parameters 13-5
port membership modes 13-3
static-access ports 13-10
STP and IEEE 802.1Q trunks 18-11
supported 13-2
Token Ring 13-6
traffic between 13-2
VLAN-bridge STP 18-11, 48-2
VTP modes 14-3
VLAN Trunking Protocol
See VTP
VLAN trunks 13-15
VMPS
administering 13-31
configuration example 13-31
configuration guidelines 13-28
default configuration 13-27
description 13-26
dynamic port membership
described 13-27
reconfirming 13-30
troubleshooting 13-31
entering server address 13-28
mapping MAC addresses to VLANs 13-26
monitoring 13-31
reconfirmation interval, changing 13-30
reconfirming membership 13-30
retry count, changing 13-30
voice aware 802.1x security
port-based authentication
configuring 10-40
described 10-31, 10-40
voice-over-IP 15-1
voice VLAN
Cisco 7960 phone, port connections 15-1
configuration guidelines 15-3
configuring IP phones for data traffic
override CoS of incoming frame 15-6
trust CoS priority of incoming frame 15-6
configuring ports for voice traffic in
802.1p priority tagged frames 15-5
802.1Q frames 15-5
connecting to an IP phone 15-4
default configuration 15-3
described 15-1
displaying 15-7
IP phone data traffic, described 15-2
IP phone voice traffic, described 15-2
VPN
configuring routing in 38-84
forwarding 38-77
in service provider networks 38-74
routes 38-75
VPN routing and forwarding table
See VRF
VQP 1-9, 13-26
VRF
defining 38-77
tables 38-74
VRF-aware services
ARP 38-81
configuring 38-80
ftp 38-83
HSRP 38-82
ping 38-81
RADIUS 38-82
SNMP 38-81
syslog 38-82
tftp 38-83
traceroute 38-83
VTP
adding a client to a domain 14-16
advertisements 13-18, 14-4
and extended-range VLANs 13-3, 14-2
and normal-range VLANs 13-2, 14-2
client mode, configuring 14-12
configuration
guidelines 14-8
requirements 14-10
saving 14-9
configuration requirements 14-10
configuration revision number
guideline 14-16
resetting 14-16
consistency checks 14-5
default configuration 14-8
described 14-1
domain names 14-9
domains 14-2
Layer 2 protocol tunneling 17-7
modes
client 14-3
off 14-3
server 14-3
transitions 14-3
transparent 14-3
monitoring 14-17
passwords 14-9
pruning
disabling 14-15
enabling 14-15
examples 14-6
overview 14-6
support for 1-9
pruning-eligible list, changing 13-21
server mode, configuring 14-11, 14-13
statistics 14-17
support for 1-9
Token Ring support 14-4
transparent mode, configuring 14-11
using 14-1
Version
enabling 14-14
version, guidelines 14-10
Version 1 14-4
Version 2
configuration guidelines 14-10
overview 14-4
Version 3
overview 14-5
W
WCCP
authentication 45-3
configuration guidelines 45-6
default configuration 45-5
described 45-1
displaying 45-10
dynamic service groups 45-3
enabling 45-6
features unsupported 45-5
forwarding method 45-3
Layer-2 header rewrite 45-3
MD5 security 45-3
message exchange 45-2
monitoring and maintaining 45-10
negotiation 45-3
packet redirection 45-3
packet-return method 45-3
redirecting traffic received from a client 45-6
setting the password 45-7
unsupported WCCPv2 features 45-5
web authentication 10-17
configuring 11-16 to ??
described 1-10
web-based authentication
customizeable web pages 11-6
description 11-1
web-based authentication, interactions with other features 11-7
Web Cache Communication Protocol
See WCCP
weighted tail drop
See WTD
weight thresholds in tracked lists 44-5
wired location service
configuring 27-9
displaying 27-10
location TLV 27-3
understanding 27-3
wizards 1-2
WTD
described 35-14
setting thresholds
egress queue-sets 35-80
ingress queues 35-75
support for 1-14
X
Xmodem protocol 49-2
Index
Numerics
10-Gigabit Ethernet interfaces
configuration guidelines 12-17
defined 12-6
A
AAA down policy, NAC Layer 2 IP validation 1-12
abbreviating commands 2-3
ABRs 38-25
AC (command switch) 6-10
access-class command 34-20
access control entries
See ACEs
access control entry (ACE) 40-3
access-denied response, VMPS 13-26
access groups
applying IPv4 ACLs to interfaces 34-21
Layer 2 34-21
Layer 3 34-21
accessing
clusters, switch 6-13
command switches 6-11
member switches 6-13
switch clusters 6-13
accessing stack members 5-23
access lists
See ACLs
access ports
and Layer 2 protocol tunneling 17-10
defined 12-3
in switch clusters 6-9
access template 8-1
accounting
with 802.1x 10-51
with IEEE 802.1x 10-16
with RADIUS 9-34
with TACACS+ 9-11, 9-17
ACEs
and QoS 35-8
defined 34-2
Ethernet 34-2
IP 34-2
ACLs
ACEs 34-2
any keyword 34-13
applying
on bridged packets 34-41
on multicast packets 34-42
on routed packets 34-42
on switched packets 34-40
time ranges to 34-17
to an interface 34-20, 40-7
to IPv6 interfaces 40-7
to QoS 35-8
classifying traffic for QoS 35-50
comments in 34-19
compiling 34-23
defined 34-1, 34-8
examples of 34-23, 35-50
extended IP, configuring for QoS classification 35-51
extended IPv4
creating 34-11
matching criteria 34-8
hardware and software handling 34-22
host keyword 34-13
IP
creating 34-8
fragments and QoS guidelines 35-40
implicit deny 34-10, 34-15, 34-17
implicit masks 34-10
matching criteria 34-8
undefined 34-22
IPv4
applying to interfaces 34-20
creating 34-8
matching criteria 34-8
named 34-15
numbers 34-8
terminal lines, setting on 34-20
unsupported features 34-7
IPv6
and stacking 40-3
applying to interfaces 40-7
configuring 40-4, 40-5
displaying 40-8
interactions with other features 40-4
limitations 40-3
matching criteria 40-3
named 40-3
precedence of 40-2
supported 40-2
unsupported features 40-3
Layer 4 information in 34-40
logging messages 34-9
MAC extended 34-28, 35-52
matching 34-8, 34-21, 40-3
monitoring 34-44, 40-8
named, IPv4 34-15
named, IPv6 40-3
names 40-4
number per QoS class map 35-40
port 34-2, 40-1
precedence of 34-2
QoS 35-8, 35-50
resequencing entries 34-15
router 34-2, 40-1
router ACLs and VLAN map configuration guidelines 34-39
standard IP, configuring for QoS classification 35-50
standard IPv4
creating 34-10
matching criteria 34-8
support for 1-10
support in hardware 34-22
time ranges 34-17
types supported 34-2
unsupported features, IPv4 34-7
unsupported features, IPv6 40-3
using router ACLs with VLAN maps 34-39
VLAN maps
configuration guidelines 34-31
configuring 34-30
active link 21-4, 21-5, 21-6
active links 21-2
active router 42-2
active traffic monitoring, IP SLAs 43-1
address aliasing 24-2
addresses
displaying the MAC address table 7-24
dynamic
accelerated aging 18-9
changing the aging time 7-14
default aging 18-9
defined 7-12
learning 7-13
removing 7-15
IPv6 39-2
MAC, discovering 7-24
multicast
group address range 46-3
STP address management 18-9
static
adding and removing 7-20
defined 7-12
address resolution 7-24, 38-9
Address Resolution Protocol
See ARP
adjacency tables, with CEF 38-90
administrative distances
defined 38-102
OSPF 38-33
routing protocol defaults 38-92
advertisements
CDP 26-1
LLDP 27-1, 27-2
RIP 38-20
VTP 13-18, 14-3, 14-4
aggregatable global unicast addresses 39-3
aggregate addresses, BGP 38-60
aggregated ports
See EtherChannel
aggregate policers 35-67
aggregate policing 1-13
aggregator template 5-9, 8-1
aging, accelerating 18-9
aging time
accelerated
for MSTP 19-23
for STP 18-9, 18-23
MAC address table 7-14
maximum
for MSTP 19-24
for STP 18-23, 18-24
alarms, RMON 30-3
allowed-VLAN list 13-20
application engines, redirecting traffic to 45-1
area border routers
See ABRs
area routing
IS-IS 38-65
ISO IGRP 38-65
ARP
configuring 38-10
defined 1-6, 7-24, 38-9
encapsulation 38-11
static cache configuration 38-10
table
address resolution 7-24
managing 7-24
ASBRs 38-25
AS-path filters, BGP 38-55
asymmetrical links, and IEEE 802.1Q tunneling 17-4
attributes, RADIUS
vendor-proprietary 9-37
vendor-specific 9-35
attribute-value pairs 10-13, 10-16, 10-21, 10-22
authentication
EIGRP 38-41
HSRP 42-10
local mode with AAA 9-43
open1x 10-31
RADIUS
key 9-27
login 9-29
TACACS+
defined 9-11
key 9-13
login 9-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 10-8
authentication failed VLAN
See restricted VLAN
authentication keys, and routing protocols 38-103
authentication manager
CLI commands 10-9
compatibility with older 802.1x CLI commands 10-9 to ??
overview 10-7
authoritative time source, described 7-2
authorization
with RADIUS 9-33
with TACACS+ 9-11, 9-16
authorized ports with IEEE 802.1x 10-10
autoconfiguration 3-3
auto enablement 10-33
automatic advise (auto-advise) in switch stacks 5-12
automatic copy (auto-copy) in switch stacks 5-11
automatic discovery
considerations
beyond a noncandidate device 6-8
brand new switches 6-9
connectivity 6-5
different VLANs 6-7
management VLANs 6-7
non-CDP-capable devices 6-6
noncluster-capable devices 6-6
routed ports 6-8
in switch clusters 6-5
See also CDP
automatic extraction (auto-extract) in switch stacks 5-11
automatic QoS
See QoS
automatic recovery, clusters 6-10
See also HSRP
automatic upgrades (auto-upgrade) in switch stacks 5-11
auto-MDIX
configuring 12-21
described 12-21
autonegotiation
duplex mode 1-4
interface configuration guidelines 12-18
mismatches 49-12
autonomous system boundary routers
See ASBRs
autonomous systems, in BGP 38-48
Auto-QoS video devices 1-14
Auto-RP, described 46-6
autosensing, port speed 1-4
autostate exclude 12-5
auxiliary VLAN
See voice VLAN
availability, features 1-8
B
BackboneFast
described 20-7
disabling 20-17
enabling 20-17
support for 1-8
backup interfaces
See Flex Links
backup links 21-2
backup static routing, configuring 44-12
banners
configuring
login 7-12
message-of-the-day login 7-11
default configuration 7-10
when displayed 7-10
Berkeley r-tools replacement 9-55
BGP
aggregate addresses 38-60
aggregate routes, configuring 38-60
CIDR 38-60
clear commands 38-64
community filtering 38-57
configuring neighbors 38-59
default configuration 38-46
described 38-45
enabling 38-48
monitoring 38-64
multipath support 38-52
neighbors, types of 38-48
path selection 38-52
peers, configuring 38-59
prefix filtering 38-56
resetting sessions 38-51
route dampening 38-63
route maps 38-54
route reflectors 38-62
routing domain confederation 38-61
routing session with multi-VRF CE 38-84
show commands 38-64
supernets 38-60
support for 1-14
Version 4 38-45
binding cluster group and HSRP group 42-12
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 22-6
DHCP snooping database 22-6
IP source guard 22-16
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 25-7
Boolean expressions in tracked lists 44-4
booting
boot loader, function of 3-2
boot process 3-2
manually 3-20
specific image 3-21
boot loader
accessing 3-22
described 3-2
environment variables 3-22
prompt 3-22
trap-door mechanism 3-2
bootstrap router (BSR), described 46-7
Border Gateway Protocol
See BGP
BPDU
error-disabled state 20-2
filtering 20-3
RSTP format 19-12
BPDU filtering
described 20-3
disabling 20-15
enabling 20-14
support for 1-8
BPDU guard
described 20-2
disabling 20-14
enabling 20-13
support for 1-8
bridged packets, ACLs on 34-41
bridge groups
See fallback bridging
bridge protocol data unit
See BPDU
broadcast flooding 38-17
broadcast packets
directed 38-14
flooded 38-14
broadcast storm-control command 25-4
broadcast storms 25-1, 38-14
C
cables, monitoring for unidirectional links 28-1
candidate switch
automatic discovery 6-5
defined 6-4
requirements 6-4
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility 10-8
CA trustpoint
configuring 9-52
defined 9-50
CDP
and trusted boundary 35-46
automatic discovery in switch clusters 6-5
configuring 26-2
default configuration 26-2
defined with LLDP 27-1
described 26-1
disabling for routing device 26-4
enabling and disabling
on an interface 26-4
on a switch 26-4
Layer 2 protocol tunneling 17-7
monitoring 26-5
overview 26-1
power negotiation extensions 12-7
support for 1-6
switch stack considerations 26-2
transmission timer and holdtime, setting 26-3
updates 26-3
CEF
defined 38-89
distributed 38-90
enabling 38-90
IPv6 39-20
CGMP
as IGMP snooping learning method 24-9
clearing cached group entries 46-62
enabling server support 46-44
joining multicast group 24-3
overview 46-9
server support only 46-9
switch support of 1-5
CIDR 38-60
CipherSuites 9-51
Cisco 7960 IP Phone 15-1
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco intelligent power management 12-7
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
See IFS
Cisco IOS IP SLAs 43-2
Cisco Redundant Power System 2300
configuring 12-29
managing 12-29
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 10-22
attribute-value pairs for redirect URL 10-21
Cisco Secure ACS configuration guide 10-61
CiscoWorks 2000 1-6, 32-4
CISP 10-33
CIST regional root
See MSTP
CIST root
See MSTP
civic location 27-3
classless interdomain routing
See CIDR
classless routing 38-8
class maps for QoS
configuring 35-53
described 35-8
displaying 35-87
class of service
See CoS
clearing interfaces 12-32
CLI
abbreviating commands 2-3
command modes 2-1
configuration logging 2-4
described 1-6
editing features
enabling and disabling 2-6
keystroke editing 2-7
wrapped lines 2-8
error messages 2-4
filtering command output 2-9
getting help 2-3
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
managing clusters 6-16
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client mode, VTP 14-3
client processes, tracking 44-1
CLNS
See ISO CLNS
clock
See system clock
clusters, switch
accessing 6-13
automatic discovery 6-5
automatic recovery 6-10
benefits 1-2
compatibility 6-4
described 6-1
LRE profile considerations 6-16
managing
through CLI 6-16
through SNMP 6-17
planning 6-4
planning considerations
automatic discovery 6-5
automatic recovery 6-10
CLI 6-16
host names 6-13
IP addresses 6-13
LRE profiles 6-16
passwords 6-13
RADIUS 6-16
SNMP 6-14, 6-17
switch stacks 6-14
TACACS+ 6-16
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
and HSRP group 42-12
automatic recovery 6-12
considerations 6-11
defined 6-2
requirements 6-3
virtual IP address 6-11
See also HSRP
CNS 1-6
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-7
management functions 1-6
CoA Request Commands 9-23
Coarse Wave Division Multiplexer
See CWDM SFPs
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-3
no and default 2-4
commands, setting privilege levels 9-8
command switch
accessing 6-11
active (AC) 6-10
configuration conflicts 49-12
defined 6-2
passive (PC) 6-10
password privilege levels 6-17
priority 6-10
recovery
from command-switch failure 6-10, 49-8
from lost member connectivity 49-12
redundant 6-10
replacing
with another switch 49-11
with cluster member 49-9
requirements 6-3
standby (SC) 6-10
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 38-58
community ports 16-2
community strings
configuring 6-14, 32-8
for cluster switches 32-4
in clusters 6-14
overview 32-4
SNMP 6-14
community VLANs 16-2, 16-3
compatibility, feature 25-12
compatibility, software
See stacks, switch
config.text 3-19
configurable leave timer, IGMP 24-6
configuration, initial
defaults 1-18
Express Setup 1-2
configuration changes, logging 31-11
configuration conflicts, recovering from lost member connectivity 49-12
configuration examples, network 1-21
configuration files
archiving 51-20
clearing the startup configuration 51-19
creating using a text editor 51-10
default name 3-19
deleting a stored configuration 51-19
described 51-8
downloading
automatically 3-19
preparing 51-10, 51-13, 51-16
reasons for 51-8
using FTP 51-13
using RCP 51-17
using TFTP 51-11
guidelines for creating and using 51-9
guidelines for replacing and rolling back 51-21
invalid combinations when copying 51-5
limiting TFTP server access 32-16
obtaining with DHCP 3-9
password recovery disable considerations 9-5
replacing a running configuration 51-19, 51-20
rolling back a running configuration 51-19, 51-21
specifying the filename 3-19
system contact and location information 32-16
types and location 51-10
uploading
preparing 51-10, 51-13, 51-16
reasons for 51-9
using FTP 51-15
using RCP 51-18
using TFTP 51-12
configuration guidelines, multi-VRF CE 38-77
configuration logger 31-11
configuration logging 2-4
configuration replacement 51-19
configuration rollback 51-19, 51-20
configuration settings, saving 3-16
configure terminal command 12-12
configuring 802.1x user distribution 10-57
configuring port-based authentication violation modes 10-41 to 10-42
configuring small-frame arrival rate 25-5
Configuring VACL Logging 34-37
conflicts, configuration 49-12
connections, secure remote 9-45
connectivity problems 49-14, 49-16, 49-17
consistency checks in VTP Version 2 14-5
console port, connecting to 2-10
content-routing technology
See WCCP
control protocol, IP SLAs 43-4
corrupted software, recovery steps with Xmodem 49-2
CoS
in Layer 2 frames 35-2
override priority 15-6
trust priority 15-6
CoS input queue threshold map for QoS 35-17
CoS output queue threshold map for QoS 35-19
CoS-to-DSCP map for QoS 35-69
counters, clearing interface 12-32
CPU utilization, troubleshooting 49-26
crashinfo file 49-24
critical authentication, IEEE 802.1x 10-54
critical VLAN 10-24
critical voice VLAN
configuring 10-54
cross-stack EtherChannel
configuration guidelines 36-13
configuring
on Layer 2 interfaces 36-13
on Layer 3 physical interfaces 36-16
described 36-3
illustration 36-4
support for 1-8
cross-stack UplinkFast, STP
described 20-5
disabling 20-16
enabling 20-16
fast-convergence events 20-7
Fast Uplink Transition Protocol 20-6
normal-convergence events 20-7
support for 1-8
cryptographic software image
Kerberos 9-39
SSH 9-44
SSL 9-49
switch stack considerations 5-16
customer edge devices 38-75
customjzeable web pages, web-based authentication 11-6
CWDM SFPs 1-30
D
DACL
See downloadable ACL
daylight saving time 7-6
dCEF, in the switch stack 38-90
debugging
enabling all system diagnostics 49-21
enabling for a specific feature 49-20
redirecting error message output 49-21
using commands 49-20
default commands 2-4
default configuration
802.1x 10-36
auto-QoS 35-22
banners 7-10
BGP 38-46
CDP 26-2
DHCP 22-8
DHCP option 82 22-8
DHCP snooping 22-8
DHCP snooping binding database 22-9
DNS 7-9
dynamic ARP inspection 23-5
EIGRP 38-37
EtherChannel 36-11
Ethernet interfaces 12-16
fallback bridging 48-3
Flex Links 21-7, 21-8
HSRP 42-5
IEEE 802.1Q tunneling 17-4
IGMP 46-39
IGMP filtering 24-25
IGMP snooping 24-7, 41-6
IGMP throttling 24-25
initial switch information 3-3
IP addressing, IP routing 38-6
IP multicast routing 46-11
IP SLAs 43-6
IP source guard 22-17
IPv6 39-12
IS-IS 38-66
Layer 2 interfaces 12-16
Layer 2 protocol tunneling 17-11
LLDP 27-4
MAC address table 7-14
MAC address-table move update 21-8
MSDP 47-4
MSTP 19-14
multi-VRF CE 38-77
MVR 24-20
optional spanning-tree configuration 20-12
OSPF 38-26
password and privilege level 9-2
PIM 46-11
private VLANs 16-7
RADIUS 9-27
RIP 38-20
RMON 30-3
RSPAN 29-10
SDM template 8-4
SNMP 32-6
SPAN 29-10
SSL 9-51
standard QoS 35-37
STP 18-13
switch stacks 5-19
system message logging 31-4
system name and prompt 7-8
TACACS+ 9-13
UDLD 28-4
VLAN, Layer 2 Ethernet interfaces 13-18
VLANs 13-7
VMPS 13-27
voice VLAN 15-3
VTP 14-8
WCCP 45-5
default gateway 3-16, 38-12
default networks 38-93
default router preference
See DRP
default routes 38-93
default routing 38-3
default web-based authentication configuration
802.1X 11-9
deleting VLANs 13-9
denial-of-service attack 25-1
description command 12-25
designing your network, examples 1-21
desktop template 5-9, 8-1
destination addresses
in IPv4 ACLs 34-12
in IPv6 ACLs 40-5
destination-IP address-based forwarding, EtherChannel 36-9
destination-MAC address forwarding, EtherChannel 36-9
detecting indirect link failures, STP 20-8
device 51-24
device discovery protocol 26-1, 27-1
device manager
benefits 1-2
described 1-2, 1-5
in-band management 1-7
upgrading a switch 51-24
DHCP
Cisco IOS server database
configuring 22-14
default configuration 22-9
described 22-6
DHCP for IPv6
See DHCPv6
enabling
relay agent 22-10
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-4
DNS 3-8
relay device 3-8
server side 3-6
TFTP server 3-7
example 3-10
lease options
for IP address information 3-6
for receiving the configuration file 3-7
overview 3-3
relationship to BOOTP 3-4
relay support 1-6, 1-15
support for 1-6
DHCP-based autoconfiguration and image update
configuring 3-11 to 3-15
understanding 3-5 to 3-6
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP object tracking, configuring primary interface 44-10
DHCP option 82
circuit ID suboption 22-5
configuration guidelines 22-9
default configuration 22-8
displaying 22-15
forwarding address, specifying 22-10
helper address 22-10
overview 22-3
packet format, suboption
circuit ID 22-5
remote ID 22-5
remote ID suboption 22-5
DHCP server port-based address allocation
configuration guidelines 22-26
default configuration 22-26
described 22-25
displaying 22-29
enabling 22-26
reserved addresses 22-27
DHCP server port-based address assignment
support for 1-6
DHCP snooping
accepting untrusted packets form edge switch 22-3, 22-12
and private VLANs 22-13
binding database
See DHCP snooping binding database
configuration guidelines 22-9
default configuration 22-8
displaying binding tables 22-15
message exchange process 22-4
option 82 data insertion 22-3
trusted interface 22-2
untrusted interface 22-2
untrusted messages 22-2
DHCP snooping binding database
adding bindings 22-14
binding file
format 22-7
location 22-6
bindings 22-6
clearing agent statistics 22-15
configuration guidelines 22-9
configuring 22-14
default configuration 22-8, 22-9
deleting
binding file 22-15
bindings 22-15
database agent 22-15
described 22-6
displaying 22-15
binding entries 22-15
status and statistics 22-15
enabling 22-14
entry 22-6
renewing database 22-15
resetting
delay value 22-15
timeout value 22-15
DHCP snooping binding table
See DHCP snooping binding database
DHCPv6
configuration guidelines 39-17
default configuration 39-17
described 39-6
enabling client function 39-19
enabling DHCPv6 server function 39-17
support for 1-15
Differentiated Services architecture, QoS 35-2
Differentiated Services Code Point 35-2
Diffusing Update Algorithm (DUAL) 38-35
directed unicast requests 1-6
directories
changing 51-4
creating and removing 51-4
displaying the working 51-4
discovery, clusters
See automatic discovery
Distance Vector Multicast Routing Protocol
See DVMRP
distance-vector protocols 38-3
distribute-list command 38-102
DNS
and DHCP-based autoconfiguration 3-8
default configuration 7-9
displaying the configuration 7-10
in IPv6 39-4
overview 7-8
setting up 7-9
support for 1-6
DNS-based SSM mapping 46-19, 46-21
domain names
DNS 7-8
VTP 14-9
Domain Name System
See DNS
domains, ISO IGRP routing 38-65
dot1q-tunnel switchport mode 13-16
double-tagged packets
IEEE 802.1Q tunneling 17-2
Layer 2 protocol tunneling 17-10
downloadable ACL 10-20, 10-22, 10-61
downloading
configuration files
preparing 51-10, 51-13, 51-16
reasons for 51-8
using FTP 51-13
using RCP 51-17
using TFTP 51-11
image files
deleting old image 51-28
preparing 51-26, 51-30, 51-35
reasons for 51-24
using CMS 1-2
using FTP 51-31
using HTTP 1-2, 51-24
using RCP 51-36
using TFTP 51-27
using the device manager or Network Assistant 51-24
drop threshold for Layer 2 protocol packets 17-11
DRP
configuring 39-14
described 39-4
IPv6 39-4
support for 1-15
DSCP 1-13, 35-2
DSCP input queue threshold map for QoS 35-17
DSCP output queue threshold map for QoS 35-19
DSCP-to-CoS map for QoS 35-72
DSCP-to-DSCP-mutation map for QoS 35-73
DSCP transparency 35-47
DTP 1-9, 13-16
dual-action detection 36-6
DUAL finite state machine, EIGRP 38-36
dual IPv4 and IPv6 templates 8-2, 39-6
dual protocol stacks
IPv4 and IPv6 39-6
SDM templates supporting 39-6
DVMRP
autosummarization
configuring a summary address 46-58
disabling 46-60
connecting PIM domain to DVMRP router 46-51
enabling unicast routing 46-54
interoperability
with Cisco devices 46-49
with Cisco IOS software 46-9
mrinfo requests, responding to 46-53
neighbors
advertising the default route to 46-52
discovery with Probe messages 46-49
displaying information 46-53
prevent peering with nonpruning 46-56
rejecting nonpruning 46-54
overview 46-9
routes
adding a metric offset 46-60
advertising all 46-60
advertising the default route to neighbors 46-52
caching DVMRP routes learned in report messages 46-54
changing the threshold for syslog messages 46-57
deleting 46-62
displaying 46-62
favoring one over another 46-60
limiting the number injected into MBONE 46-57
limiting unicast route advertisements 46-49
routing table 46-9
source distribution tree, building 46-9
support for 1-15
tunnels
configuring 46-51
displaying neighbor information 46-53
dynamic access ports
characteristics 13-3
configuring 13-29
defined 12-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 23-1
ARP requests, described 23-1
ARP spoofing attack 23-1
clearing
log buffer 23-16
statistics 23-16
configuration guidelines 23-6
configuring
ACLs for non-DHCP environments 23-9
in DHCP environments 23-7
log buffer 23-13
rate limit for incoming ARP packets 23-4, 23-11
default configuration 23-5
denial-of-service attacks, preventing 23-11
described 23-1
DHCP snooping binding database 23-2
displaying
ARP ACLs 23-15
configuration and operating state 23-15
log buffer 23-16
statistics 23-16
trust state and rate limit 23-15
error-disabled state for exceeding rate limit 23-4
function of 23-2
interface trust states 23-3
log buffer
clearing 23-16
configuring 23-13
displaying 23-16
logging of dropped packets, described 23-5
man-in-the middle attack, described 23-2
network security issues and interface trust states 23-3
priority of ARP ACLs and DHCP snooping entries 23-4
rate limiting of ARP packets
configuring 23-11
described 23-4
error-disabled state 23-4
statistics
clearing 23-16
displaying 23-16
validation checks, performing 23-12
dynamic auto trunking mode 13-16
dynamic desirable trunking mode 13-16
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 13-27
reconfirming 13-30
troubleshooting 13-31
types of connections 13-29
dynamic routing 38-3
ISO CLNS 38-65
Dynamic Trunking Protocol
See DTP
E
EBGP 38-44
editing features
enabling and disabling 2-6
keystrokes used 2-7
wrapped lines 2-8
EEM 3.2 33-5
EIGRP
authentication 38-41
components 38-36
configuring 38-39
default configuration 38-37
definition 38-35
interface parameters, configuring 38-40
monitoring 38-43
stub routing 38-42
elections
See stack master
ELIN location 27-3
embedded event manager
3.2 33-5
actions 33-4
configuring 33-1, 33-6
displaying information 33-7
environmental variables 33-5
event detectors 33-2
policies 33-4
registering and defining an applet 33-6
registering and defining a TCL script 33-7
understanding 33-1
enable password 9-3
enable secret password 9-3
encryption, CipherSuite 9-51
encryption for passwords 9-3
Enhanced IGRP
See EIGRP
enhanced object tracking
backup static routing 44-12
commands 44-1
defined 44-1
DHCP primary interface 44-10
HSRP 44-7
IP routing state 44-2
IP SLAs 44-9
line-protocol state 44-2
network monitoring with IP SLAs 44-11
routing policy, configuring 44-12
static route primary interface 44-10
tracked lists 44-3
enhanced object tracking static routing 44-10
environmental variables, embedded event manager 33-5
environment variables, function of 3-23
equal-cost routing 1-15, 38-91
error-disabled state, BPDU 20-2
error messages during command entry 2-4
EtherChannel
automatic creation of 36-5, 36-7
channel groups
binding physical and logical interfaces 36-4
numbering of 36-4
configuration guidelines 36-12
configuring
Layer 2 interfaces 36-13
Layer 3 physical interfaces 36-16
Layer 3 port-channel logical interfaces 36-15
default configuration 36-11
described 36-2
displaying status 36-23
forwarding methods 36-8, 36-18
IEEE 802.3ad, described 36-7
interaction
with STP 36-12
with VLANs 36-12
LACP
described 36-7
displaying status 36-23
hot-standby ports 36-20
interaction with other features 36-8
modes 36-7
port priority 36-22
system priority 36-21
Layer 3 interface 38-5
load balancing 36-8, 36-18
logical interfaces, described 36-4
PAgP
aggregate-port learners 36-19
compatibility with Catalyst 1900 36-19
described 36-5
displaying status 36-23
interaction with other features 36-7
interaction with virtual switches 36-6
learn method and priority configuration 36-19
modes 36-6
support for 1-4
with dual-action detection 36-6
port-channel interfaces
described 36-4
numbering of 36-4
port groups 12-6
stack changes, effects of 36-10
support for 1-4
EtherChannel guard
described 20-10
disabling 20-17
enabling 20-17
Ethernet VLANs
adding 13-8
defaults and ranges 13-8
modifying 13-8
EUI 39-3
event detectors, embedded event manager 33-2
events, RMON 30-3
examples
network configuration 1-21
expedite queue for QoS 35-86
Express Setup 1-2
See also getting started guide
extended crashinfo file 49-24
extended-range VLANs
configuration guidelines 13-11
configuring 13-11
creating 13-12
creating with an internal VLAN ID 13-13
defined 13-1
extended system ID
MSTP 19-18
STP 18-4, 18-16
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 10-1
external BGP
See EBGP
external neighbors, BGP 38-48
F
fa0 interface 1-7
failover support 1-8
fallback bridging
and protected ports 48-4
bridge groups
creating 48-4
described 48-2
displaying 48-10
function of 48-2
number supported 48-4
removing 48-5
bridge table
clearing 48-10
displaying 48-10
configuration guidelines 48-4
connecting interfaces with 12-10
default configuration 48-3
described 48-1
frame forwarding
flooding packets 48-2
forwarding packets 48-2
overview 48-1
protocol, unsupported 48-4
stack changes, effects of 48-3
STP
disabling on an interface 48-9
forward-delay interval 48-8
hello BPDU interval 48-8
interface priority 48-6
maximum-idle interval 48-9
path cost 48-7
VLAN-bridge spanning-tree priority 48-6
VLAN-bridge STP 48-2
support for 1-15
SVIs and routed ports 48-1
unsupported protocols 48-4
VLAN-bridge STP 18-11
Fast Convergence 21-3
Fast Uplink Transition Protocol 20-6
features, incompatible 25-12
FIB 38-90
fiber-optic, detecting unidirectional links 28-1
files
basic crashinfo
description 49-24
location 49-24
copying 51-5
crashinfo, description 49-24
deleting 51-5
displaying the contents of 51-8
extended crashinfo
description 49-24
location 49-25
tar
creating 51-6
displaying the contents of 51-7
extracting 51-7
image file format 51-25
file system
displaying available file systems 51-2
displaying file information 51-3
local file system names 51-1
network file system names 51-5
setting the default 51-3
filtering
in a VLAN 34-30
IPv6 traffic 40-4, 40-7
non-IP traffic 34-28
show and more command output 2-9
filtering show and more command output 2-9
filters, IP
See ACLs, IP
flash device, number of 51-1
flexible authentication ordering
configuring 10-64
overview 10-31
Flex Link Multicast Fast Convergence 21-3
Flex Links
configuration guidelines 21-8
configuring 21-8, 21-9
configuring preferred VLAN 21-11
configuring VLAN load balancing 21-10
default configuration 21-7
description 21-1
link load balancing 21-2
monitoring 21-14
VLANs 21-2
flooded traffic, blocking 25-8
flow-based packet classification 1-13
flowcharts
QoS classification 35-7
QoS egress queueing and scheduling 35-18
QoS ingress queueing and scheduling 35-16
QoS policing and marking 35-11
flowcontrol
configuring 12-20
described 12-20
forward-delay time
MSTP 19-23
STP 18-23
Forwarding Information Base
See FIB
forwarding nonroutable protocols 48-1
FTP
configuration files
downloading 51-13
overview 51-12
preparing the server 51-13
uploading 51-15
image files
deleting old image 51-33
downloading 51-31
preparing the server 51-30
uploading 51-33
G
general query 21-5
Generating IGMP Reports 21-3
get-bulk-request operation 32-3
get-next-request operation 32-3, 32-4
get-request operation 32-3, 32-4
get-response operation 32-3
Gigabit modules
See SFPs
global configuration mode 2-2
global leave, IGMP 24-13
guest VLAN and 802.1x 10-22
guide mode 1-2
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces 12-26
hello time
MSTP 19-22
STP 18-22
help, for the command line 2-3
HFTM space 49-25
hierarchical policy maps 35-9
configuration guidelines 35-40
configuring 35-59
described 35-12
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 31-10
host names, in clusters 6-13
host ports
configuring 16-12
kinds of 16-2
hosts, limit on dynamic ports 13-31
Hot Standby Router Protocol
See HSRP
HP OpenView 1-6
HQATM space 49-25
HSRP
authentication string 42-10
automatic cluster recovery 6-12
binding to cluster group 42-12
cluster standby group considerations 6-11
command-switch redundancy 1-1, 1-8
configuring 42-5
default configuration 42-5
definition 42-1
guidelines 42-6
monitoring 42-13
object tracking 44-7
overview 42-1
priority 42-8
routing redundancy 1-14
support for ICMP redirect messages 42-12
switch stack considerations 42-5
timers 42-10
tracking 42-8
See also clusters, cluster standby group, and standby command switch
HSRP for IPv6
configuring 39-26
guidelines 39-25
HTTP over SSL
see HTTPS
HTTPS 9-49
configuring 9-53
self-signed certificate 9-50
HTTP secure server 9-49
Hulc Forwarding TCAM Manager
See HFTM space
Hulc QoS/ACL TCAM Manager
See HQATM space
I
IBPG 38-44
ICMP
IPv6 39-4
redirect messages 38-12
support for 1-15
time-exceeded messages 49-18
traceroute and 49-18
unreachable messages 34-21
unreachable messages and IPv6 40-4
unreachables and ACLs 34-22
ICMP Echo operation
configuring 43-12
IP SLAs 43-12
ICMP ping
executing 49-15
overview 49-14
ICMP Router Discovery Protocol
See IRDP
ICMPv6 39-4
IDS appliances
and ingress RSPAN 29-20
and ingress SPAN 29-14
IEEE 802.1D
See STP
IEEE 802.1p 15-1
IEEE 802.1Q
and trunk ports 12-3
configuration limitations 13-17
encapsulation 13-15
native VLAN for untagged traffic 13-22
tunneling
compatibility with other features 17-5
defaults 17-4
described 17-1
tunnel ports with other features 17-6
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3af
See PoE
IEEE 802.3x flow control 12-20
ifIndex values, SNMP 32-5
IFS 1-7
IGMP
configurable leave timer
described 24-6
enabling 24-11
configuring the switch
as a member of a group 46-39
statically connected member 46-43
controlling access to groups 46-40
default configuration 46-39
deleting cache entries 46-62
displaying groups 46-62
fast switching 46-44
flooded multicast traffic
controlling the length of time 24-12
disabling on an interface 24-13
global leave 24-13
query solicitation 24-13
recovering from flood mode 24-13
host-query interval, modifying 46-41
joining multicast group 24-3
join messages 24-3
leave processing, enabling 24-11, 41-9
leaving multicast group 24-5
multicast reachability 46-39
overview 46-3
queries 24-4
report suppression
described 24-6
disabling 24-16, 41-11
supported versions 24-3
support for 1-5
Version 1
changing to Version 2 46-41
described 46-3
Version 2
changing to Version 1 46-41
described 46-3
maximum query response time value 46-43
pruning groups 46-43
query timeout value 46-42
IGMP filtering
configuring 24-25
default configuration 24-25
described 24-24
monitoring 24-29
support for 1-5
IGMP groups
configuring filtering 24-28
setting the maximum number 24-27
IGMP helper 1-5, 46-6
IGMP Immediate Leave
configuration guidelines 24-11
described 24-5
enabling 24-11
IGMP profile
applying 24-26
configuration mode 24-25
configuring 24-26
IGMP snooping
and address aliasing 24-2
and stack changes 24-6
configuring 24-7
default configuration 24-7, 41-6
definition 24-2
enabling and disabling 24-7, 41-7
global configuration 24-7
Immediate Leave 24-5
in the switch stack 24-6
method 24-8
monitoring 24-16, 41-11
querier
configuration guidelines 24-14
configuring 24-14
supported versions 24-3
support for 1-5
VLAN configuration 24-8
IGMP throttling
configuring 24-28
default configuration 24-25
described 24-24
displaying action 24-29
IGP 38-25
Immediate Leave, IGMP 24-5
enabling 41-9
inaccessible authentication bypass 10-24
support for multiauth ports 10-25
initial configuration
defaults 1-18
Express Setup 1-2
interface
number 12-11
range macros 12-14
interface command 12-11 to 12-12
interface configuration mode 2-2
interfaces
auto-MDIX, configuring 12-21
configuration guidelines
10-Gigabit Ethernet 12-17
duplex and speed 12-18
configuring
procedure 12-12
counters, clearing 12-32
default configuration 12-16
described 12-25
descriptive name, adding 12-25
displaying information about 12-31
flow control 12-20
management 1-5
monitoring 12-31
naming 12-25
physical, identifying 12-11
range of 12-12
restarting 12-33
shutting down 12-33
speed and duplex, configuring 12-19
status 12-31
supported 12-10
types of 12-1
interfaces range macro command 12-14
interface types 12-11
Interior Gateway Protocol
See IGP
internal BGP
See IBGP
internal neighbors, BGP 38-48
Internet Control Message Protocol
See ICMP
Internet Group Management Protocol
See IGMP
Internet Protocol version 6
See IPv6
Inter-Switch Link
See ISL
inter-VLAN routing 1-14, 38-2
Intrusion Detection System
See IDS appliances
inventory management TLV 27-3, 27-7
IP ACLs
for QoS classification 35-8
implicit deny 34-10, 34-15
implicit masks 34-10
named 34-15
undefined 34-22
IP addresses
128-bit 39-2
candidate or member 6-4, 6-13
classes of 38-7
cluster access 6-2
command switch 6-3, 6-11, 6-13
default configuration 38-6
discovering 7-24
for IP routing 38-5
IPv6 39-2
MAC address association 38-9
monitoring 38-18
redundant clusters 6-11
standby command switch 6-11, 6-13
See also IP information
IP base image 1-1
IP broadcast address 38-16
ip cef distributed command 38-90
IP directed broadcasts 38-14
ip igmp profile command 24-25
IP information
assigned
manually 3-15
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing
addresses
all-hosts 46-3
all-multicast-routers 46-3
host group address range 46-3
administratively-scoped boundaries, described 46-47
and IGMP snooping 24-2
Auto-RP
adding to an existing sparse-mode cloud 46-26
benefits of 46-26
clearing the cache 46-62
configuration guidelines 46-12
filtering incoming RP announcement messages 46-29
overview 46-6
preventing candidate RP spoofing 46-29
preventing join messages to false RPs 46-28
setting up in a new internetwork 46-26
using with BSR 46-34
bootstrap router
configuration guidelines 46-12
configuring candidate BSRs 46-32
configuring candidate RPs 46-33
defining the IP multicast boundary 46-31
defining the PIM domain border 46-30
overview 46-7
using with Auto-RP 46-34
Cisco implementation 46-2
configuring
basic multicast routing 46-12
IP multicast boundary 46-47
default configuration 46-11
enabling
multicast forwarding 46-13
PIM mode 46-13
group-to-RP mappings
Auto-RP 46-6
BSR 46-7
MBONE
deleting sdr cache entries 46-62
described 46-45
displaying sdr cache 46-63
enabling sdr listener support 46-46
limiting DVMRP routes advertised 46-57
limiting sdr cache entry lifetime 46-46
SAP packets for conference session announcement 46-46
Session Directory (sdr) tool, described 46-45
monitoring
packet rate loss 46-63
peering devices 46-63
tracing a path 46-63
multicast forwarding, described 46-8
PIMv1 and PIMv2 interoperability 46-11
protocol interaction 46-2
reverse path check (RPF) 46-8
routing table
deleting 46-62
displaying 46-62
RP
assigning manually 46-24
configuring Auto-RP 46-26
configuring PIMv2 BSR 46-30
monitoring mapping information 46-34
using Auto-RP and BSR 46-34
stacking
stack master functions 46-10
stack member functions 46-10
statistics, displaying system and network 46-62
See also CGMP
See also DVMRP
See also IGMP
See also PIM
IP phones
and QoS 15-1
automatic classification and queueing 35-21
configuring 15-4
ensuring port security with QoS 35-45
trusted boundary for QoS 35-45
IP Port Security for Static Hosts
on a Layer 2 access port 22-19
on a PVLAN host port 22-23
IP precedence 35-2
IP-precedence-to-DSCP map for QoS 35-70
IP protocols
in ACLs 34-12
routing 1-14
IP routes, monitoring 38-105
IP routing
connecting interfaces with 12-10
disabling 38-19
enabling 38-19
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 43-1
IP services image 1-1
IP SLAs
benefits 43-2
configuration guidelines 43-6
configuring object tracking 44-9
Control Protocol 43-4
default configuration 43-6
definition 43-1
ICMP echo operation 43-12
measuring network performance 43-3
monitoring 43-14
multioperations scheduling 43-5
object tracking 44-9
operation 43-3
reachability tracking 44-9
responder
described 43-4
enabling 43-8
response time 43-4
scheduling 43-5
SNMP support 43-2
supported metrics 43-2
threshold monitoring 43-6
track object monitoring agent, configuring 44-11
track state 44-9
UDP jitter operation 43-9
IP source guard
and 802.1x 22-18
and DHCP snooping 22-15
and EtherChannels 22-18
and port security 22-18
and private VLANs 22-18
and routed ports 22-17
and TCAM entries 22-18
and trunk interfaces 22-18
and VRF 22-18
binding configuration
automatic 22-16
manual 22-16
binding table 22-16
configuration guidelines 22-17
default configuration 22-17
described 22-15
disabling 22-19
displaying
active IP or MAC bindings 22-25
bindings 22-25
configuration 22-25
enabling 22-18, 22-20
filtering
source IP address 22-16
source IP and MAC address 22-16
on provisioned switches 22-18
source IP address filtering 22-16
source IP and MAC address filtering 22-16
static bindings
adding 22-18, 22-20
deleting 22-19
static hosts 22-20
IP traceroute
executing 49-18
overview 49-17
IP unicast routing
address resolution 38-9
administrative distances 38-92, 38-102
ARP 38-9
assigning IP addresses to Layer 3 interfaces 38-7
authentication keys 38-103
broadcast
address 38-16
flooding 38-17
packets 38-14
storms 38-14
classless routing 38-8
configuring static routes 38-91
default
addressing configuration 38-6
gateways 38-12
networks 38-93
routes 38-93
routing 38-3
directed broadcasts 38-14
disabling 38-19
dynamic routing 38-3
enabling 38-19
EtherChannel Layer 3 interface 38-5
IGP 38-25
inter-VLAN 38-2
IP addressing
classes 38-7
configuring 38-5
IPv6 39-3
IRDP 38-12
Layer 3 interfaces 38-5
MAC address and IP address 38-9
passive interfaces 38-101
protocols
distance-vector 38-3
dynamic 38-3
link-state 38-3
proxy ARP 38-9
redistribution 38-93
reverse address resolution 38-9
routed ports 38-5
static routing 38-3
steps to configure 38-5
subnet mask 38-7
subnet zero 38-7
supernet 38-8
UDP 38-15
with SVIs 38-5
See also BGP
See also EIGRP
See also OSPF
See also RIP
IPv4 ACLs
applying to interfaces 34-20
extended, creating 34-11
named 34-15
standard, creating 34-10
IPv4 and IPv6
dual protocol stacks 39-5
IPv6
ACLs
displaying 40-8
limitations 40-3
matching criteria 40-3
port 40-1
precedence 40-2
router 40-1
supported 40-2
addresses 39-2
address formats 39-2
and switch stacks 39-10
applications 39-5
assigning address 39-12
autoconfiguration 39-5
CEFv6 39-20
configuring static routes 39-21
default configuration 39-12
default router preference (DRP) 39-4
defined 39-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 39-8
EIGRP IPv6 Commands 39-8
Router ID 39-8
feature limitations 39-10
features not supported 39-9
forwarding 39-12
ICMP 39-4
monitoring 39-28
neighbor discovery 39-4
OSPF 39-7
path MTU discovery 39-4
SDM templates 8-2, 40-1, 41-1
stack master functions 39-11
Stateless Autoconfiguration 39-5
supported features 39-3
switch limitations 39-9
understanding static routes 39-7
IPv6 traffic, filtering 40-4
IRDP
configuring 38-13
definition 38-12
support for 1-15
IS-IS
addresses 38-65
area routing 38-65
default configuration 38-66
monitoring 38-74
show commands 38-74
system routing 38-65
ISL
and IPv6 39-3
and trunk ports 12-3
encapsulation 1-9, 13-15
trunking with IEEE 802.1 tunneling 17-4
ISO CLNS
clear commands 38-74
dynamic routing protocols 38-65
monitoring 38-74
NETs 38-65
NSAPs 38-65
OSI standard 38-65
ISO IGRP
area routing 38-65
system routing 38-65
isolated port 16-2
isolated VLANs 16-2, 16-3
J
join messages, IGMP 24-3
K
KDC
described 9-40
See also Kerberos
Kerberos
authenticating to
boundary switch 9-42
KDC 9-42
network services 9-43
configuration examples 9-39
configuring 9-43
credentials 9-40
cryptographic software image 9-39
described 9-40
KDC 9-40
operation 9-42
realm 9-41
server 9-41
support for 1-12
switch as trusted third party 9-39
terms 9-40
TGT 9-41
tickets 9-40
key distribution center
See KDC
L
l2protocol-tunnel command 17-12
LACP
Layer 2 protocol tunneling 17-9
See EtherChannel
Layer 2 frames, classification with CoS 35-2
Layer 2 interfaces, default configuration 12-16
Layer 2 protocol tunneling
configuring 17-9
configuring for EtherChannels 17-14
default configuration 17-11
defined 17-8
guidelines 17-11
Layer 2 traceroute
and ARP 49-17
and CDP 49-16
broadcast traffic 49-16
described 49-16
IP addresses and subnets 49-17
MAC addresses and VLANs 49-16
multicast traffic 49-16
multiple devices on a port 49-17
unicast traffic 49-16
usage guidelines 49-16
Layer 3 features 1-14
Layer 3 interfaces
assigning IP addresses to 38-7
assigning IPv4 and IPv6 addresses to 39-15
assigning IPv6 addresses to 39-13
changing from Layer 2 mode 38-7, 38-82
types of 38-5
Layer 3 packets, classification methods 35-2
LDAP 4-2
Leaking IGMP Reports 21-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-2
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 19-7
Link Layer Discovery Protocol
See CDP
link local unicast addresses 39-4
link redundancy
See Flex Links
links, unidirectional 28-1
link state advertisements (LSAs) 38-31
link-state protocols 38-3
link-state tracking
configuring 36-25
described 36-23
LLDP
configuring 27-4
characteristics 27-6
default configuration 27-4
enabling 27-5
monitoring and maintaining 27-10
overview 27-1
supported TLVs 27-2
switch stack considerations 27-2
transmission timer and holdtime, setting 27-6
LLDP-MED
configuring
procedures 27-4
TLVs 27-7
monitoring and maintaining 27-10
overview 27-1, 27-2
supported TLVs 27-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing 42-4
local SPAN 29-2
location TLV 27-3, 27-7
logging messages, ACL 34-9
login authentication
with RADIUS 9-29
with TACACS+ 9-14
login banners 7-10
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-22, 1-28
loop guard
described 20-11
enabling 20-18
support for 1-9
LRE profiles, considerations in switch clusters 6-16
M
MAB
See MAC authentication bypass
MAB aging timer 1-10
MAB inactivity timer
default setting 10-36
range 10-38
MAC/PHY configuration status TLV 27-2
MAC addresses
aging time 7-14
and VLAN association 7-13
building the address table 7-13
default configuration 7-14
disabling learning on a VLAN 7-23
discovering 7-24
displaying 7-24
displaying in the IP source binding table 22-25
dynamic
learning 7-13
removing 7-15
in ACLs 34-28
IP address association 38-9
static
adding 7-21
allowing 7-22, 7-23
characteristics of 7-20
dropping 7-22
removing 7-21
MAC address learning 1-6
MAC address learning, disabling on a VLAN 7-23
MAC address notification, support for 1-16
MAC address-table move update
configuration guidelines 21-8
configuring 21-12
default configuration 21-8
description 21-6
monitoring 21-14
MAC address-to-VLAN mapping 13-26
MAC authentication bypass 10-38
configuring 10-57
overview 10-17
See MAB
MAC extended access lists
applying to Layer 2 interfaces 34-29
configuring for QoS 35-52
creating 34-28
defined 34-28
for QoS classification 35-5
magic packet 10-27
manageability features 1-6
management access
in-band
browser session 1-7
CLI session 1-7
device manager 1-7
SNMP 1-7
out-of-band console port connection 1-7
management address TLV 27-2
management options
CLI 2-1
clustering 1-3
CNS 4-1
Network Assistant 1-2
overview 1-5
management VLAN
considerations in switch clusters 6-7
discovery through different management VLANs 6-7
mapping tables for QoS
configuring
CoS-to-DSCP 35-69
DSCP 35-69
DSCP-to-CoS 35-72
DSCP-to-DSCP-mutation 35-73
IP-precedence-to-DSCP 35-70
policed-DSCP 35-71
described 35-13
marking
action with aggregate policers 35-67
described 35-4, 35-9
matching
IPv6 ACLs 40-3
matching, IPv4 ACLs 34-8
maximum aging time
MSTP 19-24
STP 18-23
maximum hop count, MSTP 19-24
maximum number of allowed devices, port-based authentication 10-39
maximum-paths command 38-52, 38-91
MDA
configuration guidelines 10-13
described 1-11, 10-12
exceptions with authentication process 10-5
membership mode, VLAN port 13-3
member switch
automatic discovery 6-5
defined 6-2
managing 6-16
passwords 6-13
recovering from lost connectivity 49-12
requirements 6-4
See also candidate switch, cluster standby group, and standby command switch
memory consistency check errors
example 49-25
memory consistency check routines 1-5, 49-25
memory consistency integrity 1-5, 49-25
messages, to users through banners 7-10
metrics, in BGP 38-52
metric translations, between routing protocols 38-97
metro tags 17-2
MHSRP 42-4
MIBs
overview 32-1
SNMP interaction with 32-4
mini-point-of-presence
See POP
mirroring traffic for analysis 29-1
mismatches, autonegotiation 49-12
module number 12-11
monitoring
access groups 34-44
BGP 38-64
cables for unidirectional links 28-1
CDP 26-5
CEF 38-90
EIGRP 38-43
fallback bridging 48-10
features 1-16
Flex Links 21-14
HSRP 42-13
IEEE 802.1Q tunneling 17-17
IGMP
filters 24-29
snooping 24-16, 41-11
interfaces 12-31
IP
address tables 38-18
multicast routing 46-61
routes 38-105
IP SLAs operations 43-14
IPv4 ACL configuration 34-44
IPv6 39-28
IPv6 ACL configuration 40-8
IS-IS 38-74
ISO CLNS 38-74
Layer 2 protocol tunneling 17-17
MAC address-table move update 21-14
MSDP peers 47-18
multicast router interfaces 24-17, 41-12
multi-VRF CE 38-89
MVR 24-23
network traffic for analysis with probe 29-2
object tracking 44-13
OSPF 38-35
port
blocking 25-21
protection 25-21
private VLANs 16-15
RP mapping information 46-34
SFP status 12-32, 49-14
source-active messages 47-18
speed and duplex mode 12-19
SSM mapping 46-22
traffic flowing among switches 30-1
traffic suppression 25-21
tunneling 17-17
VLAN
filters 34-44
maps 34-44
VLANs 13-14
VMPS 13-31
VTP 14-17
mrouter Port 21-3
mrouter port 21-5
MSDP
benefits of 47-3
clearing MSDP connections and statistics 47-18
controlling source information
forwarded by switch 47-11
originated by switch 47-8
received by switch 47-13
default configuration 47-4
dense-mode regions
sending SA messages to 47-16
specifying the originating address 47-17
filtering
incoming SA messages 47-14
SA messages to a peer 47-12
SA requests from a peer 47-10
join latency, defined 47-6
meshed groups
configuring 47-15
defined 47-15
originating address, changing 47-17
overview 47-1
peer-RPF flooding 47-2
peers
configuring a default 47-4
monitoring 47-18
peering relationship, overview 47-1
requesting source information from 47-8
shutting down 47-15
source-active messages
caching 47-6
clearing cache entries 47-18
defined 47-2
filtering from a peer 47-10
filtering incoming 47-14
filtering to a peer 47-12
limiting data with TTL 47-13
monitoring 47-18
restricting advertised sources 47-9
support for 1-15
MSTP
boundary ports
configuration guidelines 19-15
described 19-6
BPDU filtering
described 20-3
enabling 20-14
BPDU guard
described 20-2
enabling 20-13
CIST, described 19-3
CIST regional root 19-3
CIST root 19-5
configuration guidelines 19-15, 20-12
configuring
forward-delay time 19-23
hello time 19-22
link type for rapid convergence 19-24
maximum aging time 19-24
maximum hop count 19-24
MST region 19-16
neighbor type 19-25
path cost 19-21
port priority 19-19
root switch 19-17
secondary root switch 19-19
switch priority 19-22
CST
defined 19-3
operations between regions 19-3
default configuration 19-14
default optional feature configuration 20-12
displaying status 19-26
enabling the mode 19-16
EtherChannel guard
described 20-10
enabling 20-17
extended system ID
effects on root switch 19-18
effects on secondary root switch 19-19
unexpected behavior 19-18
IEEE 802.1s
implementation 19-6
port role naming change 19-6
terminology 19-5
instances supported 18-10
interface state, blocking to forwarding 20-2
interoperability and compatibility among modes 18-11
interoperability with IEEE 802.1D
described 19-8
restarting migration process 19-26
IST
defined 19-2
master 19-3
operations within a region 19-3
loop guard
described 20-11
enabling 20-18
mapping VLANs to MST instance 19-16
MST region
CIST 19-3
configuring 19-16
described 19-2
hop-count mechanism 19-5
IST 19-2
supported spanning-tree instances 19-2
optional features supported 1-8
overview 19-2
Port Fast
described 20-2
enabling 20-12
preventing root switch selection 20-10
root guard
described 20-10
enabling 20-18
root switch
configuring 19-18
effects of extended system ID 19-18
unexpected behavior 19-18
shutdown Port Fast-enabled port 20-2
stack changes, effects of 19-8
status, displaying 19-26
multiauth
support for inaccessible authentication bypass 10-25
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 24-5
joining 24-3
leaving 24-5
static joins 24-10, 41-8
multicast packets
ACLs on 34-42
blocking 25-8
multicast router interfaces, monitoring 24-17, 41-12
multicast router ports, adding 24-9, 41-8
Multicast Source Discovery Protocol
See MSDP
multicast storm 25-1
multicast storm-control command 25-4
multicast television application 24-18
multicast VLAN 24-17
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multioperations scheduling, IP SLAs 43-5
multiple authentication 10-14
multiple authentication mode
configuring 10-45
Multiple HSRP
See MHSRP
multiple VPN routing/forwarding in customer edge devices
See multi-VRF CE
multi-VRF CE
configuration example 38-85
configuration guidelines 38-77
configuring 38-77
default configuration 38-77
defined 38-75
displaying 38-89
monitoring 38-89
network components 38-77
packet-forwarding process 38-76
support for 1-15
MVR
and address aliasing 24-20
and IGMPv3 24-21
configuration guidelines 24-20
configuring interfaces 24-22
default configuration 24-20
described 24-17
example application 24-18
in the switch stack 24-20
modes 24-21
monitoring 24-23
multicast television application 24-18
setting global parameters 24-21
support for 1-5
N
NAC
AAA down policy 1-12
critical authentication 10-24, 10-54
IEEE 802.1x authentication using a RADIUS server 10-58
IEEE 802.1x validation using RADIUS server 10-58
inaccessible authentication bypass 1-12, 10-54
Layer 2 IEEE 802.1x validation 1-11, 10-30, 10-58
Layer 2 IP validation 1-12
named IPv4 ACLs 34-15
NameSpace Mapper
See NSM
native VLAN
and IEEE 802.1Q tunneling 17-4
configuring 13-22
default 13-22
NEAT
configuring 10-59
overview 10-32
neighbor discovery, IPv6 39-4
neighbor discovery/recovery, EIGRP 38-36
neighbors, BGP 38-59
Network Admission Control
NAC
Network Assistant
benefits 1-2
described 1-5
downloading image files 1-2
guide mode 1-2
management options 1-2
managing switch stacks 5-2, 5-15
upgrading a switch 51-24
wizards 1-2
network configuration examples
cost-effective wiring closet 1-22
high-performance wiring closet 1-23
increasing network performance 1-21
large network 1-27
long-distance, high-bandwidth transport 1-30
multidwelling network 1-28
providing network services 1-21
redundant Gigabit backbone 1-23
server aggregation and Linux server cluster 1-24
small to medium-sized network 1-25
network design
performance 1-21
services 1-21
Network Edge Access Topology
See NEAT
network management
CDP 26-1
RMON 30-1
SNMP 32-1
network performance, measuring with IP SLAs 43-3
network policy TLV 27-2, 27-7
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
configuration guidelines 35-40
described 35-10
non-IP traffic filtering 34-28
nontrunking mode 13-16
normal-range VLANs 13-4
configuration guidelines 13-6
configuring 13-4
defined 13-1
no switchport command 12-4
not-so-stubby areas
See NSSA
NSAPs, as ISO IGRP addresses 38-65
NSF Awareness
IS-IS 38-67
NSM 4-3
NSSA, OSPF 38-31
NTP
associations
defined 7-2
overview 7-2
stratum 7-2
support for 1-7
time
services 7-2
synchronizing 7-2
O
object tracking
HSRP 44-7
IP SLAs 44-9
IP SLAs, configuring 44-9
monitoring 44-13
offline configuration for switch stacks 5-7
off mode, VTP 14-3
online diagnostics
overview 50-1
running tests 50-3
understanding 50-1
open1x
configuring 10-64
open1x authentication
overview 10-31
Open Shortest Path First
See OSPF
optimizing system resources 8-1
options, management 1-5
OSPF
area parameters, configuring 38-31
configuring 38-29
default configuration
metrics 38-32
route 38-32
settings 38-26
described 38-25
for IPv6 39-7
interface parameters, configuring 38-30
LSA group pacing 38-34
monitoring 38-35
router IDs 38-34
route summarization 38-32
support for 1-14
virtual links 38-32
out-of-profile markdown 1-14
P
packet modification, with QoS 35-20
PAgP
Layer 2 protocol tunneling 17-9
See EtherChannel
parallel paths, in routing tables 38-91
passive interfaces
configuring 38-101
OSPF 38-33
passwords
default configuration 9-2
disabling recovery of 9-5
encrypting 9-3
for security 1-10
in clusters 6-13
overview 9-1
recovery of 49-3
setting
enable 9-3
enable secret 9-3
Telnet 9-6
with usernames 9-6
VTP domain 14-9
path cost
MSTP 19-21
STP 18-20
path MTU discovery 39-4
PBR
defined 38-97
enabling 38-99
fast-switched policy-based routing 38-100
local policy-based routing 38-100
PC (passive command switch) 6-10
peers, BGP 38-59
percentage thresholds in tracked lists 44-6
performance, network design 1-21
performance features 1-4
persistent self-signed certificate 9-50
per-user ACLs and Filter-Ids 10-8
per-VLAN spanning-tree plus
See PVST+
PE to CE routing, configuring 38-84
physical ports 12-2
PIM
default configuration 46-11
dense mode
overview 46-4
rendezvous point (RP), described 46-5
RPF lookups 46-8
displaying neighbors 46-63
enabling a mode 46-13
overview 46-4
router-query message interval, modifying 46-37
shared tree and source tree, overview 46-35
shortest path tree, delaying the use of 46-36
sparse mode
join messages and shared tree 46-5
overview 46-5
prune messages 46-5
RPF lookups 46-9
stub routing
configuration guidelines 46-23
displaying 46-62
enabling 46-23
overview 46-5
support for 1-15
versions
interoperability 46-11
troubleshooting interoperability problems 46-35
v2 improvements 46-4
PIM-DVMRP, as snooping method 24-8
ping
character output description 49-15
executing 49-15
overview 49-14
PoE
auto mode 12-9
CDP with power consumption, described 12-7
CDP with power negotiation, described 12-7
Cisco intelligent power management 12-7
configuring 12-22
devices supported 12-7
high-power devices operating in low-power mode 12-7
IEEE power classification levels 12-8
power budgeting 12-23
power consumption 12-23
powered-device detection and initial power allocation 12-8
power management modes 12-9
power negotiation extensions to CDP 12-7
standards supported 12-7
static mode 12-9
troubleshooting 49-13
policed-DSCP map for QoS 35-71
policers
configuring
for each matched traffic class 35-55
for more than one traffic class 35-67
described 35-4
displaying 35-87
number of 35-40
types of 35-10
policing
described 35-4
hierarchical
See hierarchical policy maps
token-bucket algorithm 35-10
policy-based routing
See PBR
policy maps for QoS
characteristics of 35-55
described 35-8
displaying 35-88
hierarchical 35-9
hierarchical on SVIs
configuration guidelines 35-40
configuring 35-59
described 35-12
nonhierarchical on physical ports
configuration guidelines 35-40
described 35-10
POP 1-28
port ACLs
defined 34-2
types of 34-3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 10-16
authentication server
defined 10-3, 11-2
RADIUS server 10-3
client, defined 10-3, 11-2
configuration guidelines 10-37, 11-9
configuring
802.1x authentication 10-42
guest VLAN 10-52
host mode 10-45
inaccessible authentication bypass 10-54
manual re-authentication of a client 10-47
periodic re-authentication 10-46
quiet period 10-47
RADIUS server 10-44, 11-13
RADIUS server parameters on the switch 10-43, 11-11
restricted VLAN 10-53
switch-to-client frame-retransmission number 10-48, 10-49
switch-to-client retransmission time 10-48
violation modes 10-41 to 10-42
default configuration 10-36, 11-9
described 10-1
device roles 10-3, 11-2
displaying statistics 10-66, 11-17
downloadable ACLs and redirect URLs
configuring 10-61 to 10-63, ?? to 10-64
overview 10-20 to 10-22
EAPOL-start frame 10-5
EAP-request/identity frame 10-5
EAP-response/identity frame 10-5
enabling
802.1X authentication 11-11
encapsulation 10-3
flexible authentication ordering
configuring 10-64
overview 10-31
guest VLAN
configuration guidelines 10-23, 10-24
described 10-22
host mode 10-12
inaccessible authentication bypass
configuring 10-54
described 10-24
guidelines 10-38
initiation and message exchange 10-5
magic packet 10-27
maximum number of allowed devices per port 10-39
method lists 10-42
multiple authentication 10-14
per-user ACLs
AAA authorization 10-42
configuration tasks 10-20
described 10-19
RADIUS server attributes 10-19
ports
authorization state and dot1x port-control command 10-11
authorized and unauthorized 10-10
voice VLAN 10-27
port security
described 10-27
readiness check
configuring 10-39
described 10-17, 10-39
resetting to default values 10-66
stack changes, effects of 10-11
statistics, displaying 10-66
switch
as proxy 10-3, 11-2
RADIUS client 10-3
switch supplicant
configuring 10-59
overview 10-32
upgrading from a previous release 35-34
user distribution
guidelines 10-30
overview 10-29
VLAN assignment
AAA authorization 10-42
characteristics 10-18
configuration tasks 10-18
described 10-17
voice aware 802.1x security
configuring 10-40
described 10-31, 10-40
voice VLAN
described 10-27
PVID 10-27
VVID 10-27
wake-on-LAN, described 10-27
with ACLs and RADIUS Filter-Id attribute 10-34
port-based authentication methods, supported 10-7
port blocking 1-5, 25-7
port-channel
See EtherChannel
port description TLV 27-2
Port Fast
described 20-2
enabling 20-12
mode, spanning tree 13-28
support for 1-8
port membership modes, VLAN 13-3
port priority
MSTP 19-19
STP 18-18
ports
10-Gigabit Ethernet module 12-6
access 12-3
blocking 25-7
dynamic access 13-3
IEEE 802.1Q tunnel 13-4
protected 25-6
routed 12-4
secure 25-8
static-access 13-3, 13-10
switch 12-2
trunks 13-3, 13-15
VLAN assignments 13-10
port security
aging 25-17
and private VLANs 25-18
and QoS trusted boundary 35-45
and stacking 25-18
configuring 25-13
default configuration 25-11
described 25-8
displaying 25-21
enabling 25-18
on trunk ports 25-14
sticky learning 25-9
violations 25-10
with other features 25-11
port-shutdown response, VMPS 13-27
port VLAN ID TLV 27-2
power management TLV 27-2, 27-7
Power over Ethernet
See PoE
preemption, default configuration 21-7
preemption delay, default configuration 21-8
preferential treatment of traffic
See QoS
prefix lists, BGP 38-56
preventing unauthorized access 9-1
primary interface for object tracking, DHCP, configuring 44-10
primary interface for static routing, configuring 44-10
primary links 21-2
primary VLANs 16-1, 16-3
priority
HSRP 42-8
overriding CoS 15-6
trusting CoS 15-6
private VLAN edge ports
See protected ports
private VLANs
across multiple switches 16-4
and SDM template 16-4
and SVIs 16-5
and switch stacks 16-6
benefits of 16-1
community ports 16-2
community VLANs 16-2, 16-3
configuration guidelines 16-7, 16-9
configuration tasks 16-6
configuring 16-10
default configuration 16-7
end station access to 16-3
IP addressing 16-3
isolated port 16-2
isolated VLANs 16-2, 16-3
mapping 16-14
monitoring 16-15
ports
community 16-2
configuration guidelines 16-9
configuring host ports 16-12
configuring promiscuous ports 16-13
described 13-4
isolated 16-2
promiscuous 16-2
primary VLANs 16-1, 16-3
promiscuous ports 16-2
secondary VLANs 16-2
subdomains 16-1
traffic in 16-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 9-9
command switch 6-17
exiting 9-9
logging into 9-9
mapping on member switches 6-17
overview 9-2, 9-7
setting a command with 9-8
promiscuous ports
configuring 16-13
defined 16-2
protected ports 1-10, 25-6
protocol-dependent modules, EIGRP 38-36
Protocol-Independent Multicast Protocol
See PIM
protocol storm protection 25-19
provider edge devices 38-75
provisioned switches and IP source guard 22-18
provisioning new members for a switch stack 5-7
proxy ARP
configuring 38-11
definition 38-9
with IP routing disabled 38-12
proxy reports 21-3
pruning, VTP
disabling
in VTP domain 14-15
on a port 13-22
enabling
in VTP domain 14-15
on a port 13-21
examples 14-6
overview 14-6
pruning-eligible list
changing 13-21
for VTP pruning 14-6
VLANs 14-15
PVST+
described 18-10
IEEE 802.1Q trunking interoperability 18-11
instances supported 18-10
Q
QoS
and MQC commands 35-1
auto-QoS
categorizing traffic 35-22
configuration and defaults display 35-36
configuration guidelines 35-33
described 35-21
disabling 35-36
displaying generated commands 35-36
displaying the initial configuration 35-36
effects on running configuration 35-33
list of generated commands 35-24, 35-28
basic model 35-4
classification
class maps, described 35-8
defined 35-4
DSCP transparency, described 35-47
flowchart 35-7
forwarding treatment 35-3
in frames and packets 35-3
IP ACLs, described 35-6, 35-8
MAC ACLs, described 35-5, 35-8
options for IP traffic 35-6
options for non-IP traffic 35-5
policy maps, described 35-8
trust DSCP, described 35-5
trusted CoS, described 35-5
trust IP precedence, described 35-5
class maps
configuring 35-53
displaying 35-87
configuration guidelines
auto-QoS 35-33
standard QoS 35-39
configuring
aggregate policers 35-67
auto-QoS 35-21
default port CoS value 35-45
DSCP maps 35-69
DSCP transparency 35-47
DSCP trust states bordering another domain 35-47
egress queue characteristics 35-79
ingress queue characteristics 35-75
IP extended ACLs 35-51
IP standard ACLs 35-50
MAC ACLs 35-52
policy maps, hierarchical 35-59
port trust states within the domain 35-43
trusted boundary 35-45
default auto configuration 35-22
default standard configuration 35-37
displaying statistics 35-87
DSCP transparency 35-47
egress queues
allocating buffer space 35-80
buffer allocation scheme, described 35-18
configuring shaped weights for SRR 35-84
configuring shared weights for SRR 35-85
described 35-4
displaying the threshold map 35-83
flowchart 35-18
mapping DSCP or CoS values 35-82
scheduling, described 35-4
setting WTD thresholds 35-80
WTD, described 35-19
enabling globally 35-42
flowcharts
classification 35-7
egress queueing and scheduling 35-18
ingress queueing and scheduling 35-16
policing and marking 35-11
implicit deny 35-8
ingress queues
allocating bandwidth 35-77
allocating buffer space 35-77
buffer and bandwidth allocation, described 35-17
configuring shared weights for SRR 35-77
configuring the priority queue 35-78
described 35-4
displaying the threshold map 35-76
flowchart 35-16
mapping DSCP or CoS values 35-75
priority queue, described 35-17
scheduling, described 35-4
setting WTD thresholds 35-75
WTD, described 35-17
IP phones
automatic classification and queueing 35-21
detection and trusted settings 35-21, 35-45
limiting bandwidth on egress interface 35-86
mapping tables
CoS-to-DSCP 35-69
displaying 35-87
DSCP-to-CoS 35-72
DSCP-to-DSCP-mutation 35-73
IP-precedence-to-DSCP 35-70
policed-DSCP 35-71
types of 35-13
marked-down actions 35-57, 35-63
marking, described 35-4, 35-9
overview 35-2
packet modification 35-20
policers
configuring 35-57, 35-63, 35-67
described 35-9
displaying 35-87
number of 35-40
types of 35-10
policies, attaching to an interface 35-9
policing
described 35-4, 35-9
token bucket algorithm 35-10
policy maps
characteristics of 35-55
displaying 35-88
hierarchical 35-9
hierarchical on SVIs 35-59
nonhierarchical on physical ports 35-55
QoS label, defined 35-4
queues
configuring egress characteristics 35-79
configuring ingress characteristics 35-75
high priority (expedite) 35-20, 35-86
location of 35-14
SRR, described 35-15
WTD, described 35-14
rewrites 35-20
support for 1-13
trust states
bordering another domain 35-47
described 35-5
trusted device 35-45
within the domain 35-43
quality of service
See QoS
queries, IGMP 24-4
query solicitation, IGMP 24-13
R
RADIUS
attributes
vendor-proprietary 9-37
vendor-specific 9-35
configuring
accounting 9-34
authentication 9-29
authorization 9-33
communication, global 9-27, 9-35
communication, per-server 9-27
multiple UDP ports 9-27
default configuration 9-27
defining AAA server groups 9-31
displaying the configuration 9-39
identifying the server 9-27
in clusters 6-16
limiting the services to the user 9-33
method list, defined 9-26
operation of 9-19
overview 9-18
server load balancing 9-39
suggested network environments 9-18
support for 1-12
tracking services accessed by user 9-34
RADIUS Change of Authorization 9-20
range
macro 12-14
of interfaces 12-13
rapid convergence 19-10
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 18-10
IEEE 802.1Q trunking interoperability 18-11
instances supported 18-10
Rapid Spanning Tree Protocol
See RSTP
RARP 38-9
rcommand command 6-16
RCP
configuration files
downloading 51-17
overview 51-16
preparing the server 51-16
uploading 51-18
image files
deleting old image 51-37
downloading 51-36
preparing the server 51-35
uploading 51-37
reachability, tracking IP SLAs IP host 44-9
readiness check
port-based authentication
configuring 10-39
described 10-17, 10-39
reconfirmation interval, VMPS, changing 13-30
reconfirming dynamic VLAN membership 13-30
recovery procedures 49-1
redirect URL 10-20, 10-21, 10-61
redundancy
EtherChannel 36-3
HSRP 42-1
STP
backbone 18-8
multidrop backbone 20-5
path cost 13-25
port priority 13-23
redundant links and UplinkFast 20-15
redundant power system
See Cisco Redundant Power System 2300
reliable transport protocol, EIGRP 38-36
reloading software 3-23
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 29-3
report suppression, IGMP
described 24-6
disabling 24-16, 41-11
resequencing ACL entries 34-15
reserved addresses in DHCP pools 22-27
resets, in BGP 38-51
resetting a UDLD-shutdown interface 28-6
responder, IP SLAs
described 43-4
enabling 43-8
response time, measuring with IP SLAs 43-4
restricted VLAN
configuring 10-53
described 10-23
using with IEEE 802.1x 10-23
restricting access
overview 9-1
passwords and privilege levels 9-2
RADIUS 9-17
TACACS+ 9-10
retry count, VMPS, changing 13-30
reverse address resolution 38-9
Reverse Address Resolution Protocol
See RARP
RFC
1058, RIP 38-19
1112, IP multicast and IGMP 24-2
1157, SNMPv1 32-2
1163, BGP 38-44
1166, IP addresses 38-7
1253, OSPF 38-25
1267, BGP 38-44
1305, NTP 7-2
1587, NSSAs 38-25
1757, RMON 30-2
1771, BGP 38-44
1901, SNMPv2C 32-2
1902 to 1907, SNMPv2 32-2
2236, IP multicast and IGMP 24-2
2273-2275, SNMPv3 32-2
RFC 5176 Compliance 9-21
RIP
advertisements 38-20
authentication 38-22
configuring 38-21
default configuration 38-20
described 38-20
for IPv6 39-7
hop counts 38-20
split horizon 38-23
summary addresses 38-23
support for 1-14
RMON
default configuration 30-3
displaying status 30-6
enabling alarms and events 30-3
groups supported 30-2
overview 30-1
statistics
collecting group Ethernet 30-5
collecting group history 30-5
support for 1-16
root guard
described 20-10
enabling 20-18
support for 1-9
root switch
MSTP 19-17
STP 18-16
route calculation timers, OSPF 38-33
route dampening, BGP 38-63
routed packets, ACLs on 34-42
routed ports
configuring 38-5
defined 12-4
in switch clusters 6-8
IP addresses on 12-26, 38-5
route-map command 38-100
route maps
BGP 38-54
policy-based routing 38-97
router ACLs
defined 34-2
types of 34-4
route reflectors, BGP 38-62
router ID, OSPF 38-34
route selection, BGP 38-52
route summarization, OSPF 38-32
route targets, VPN 38-77
routing
default 38-3
dynamic 38-3
redistribution of information 38-93
static 38-3
routing domain confederation, BGP 38-61
Routing Information Protocol
See RIP
routing protocol administrative distances 38-92
RPS
See Cisco Redundant Power System 2300
RPS 2300
See Cisco Redundant Power System 2300
RSPAN
and stack changes 29-9
characteristics 29-8
configuration guidelines 29-16
default configuration 29-10
defined 29-3
destination ports 29-7
displaying status 29-23
in a switch stack 29-2
interaction with other features 29-8
monitored ports 29-6
monitoring ports 29-7
overview 1-16, 29-1
received traffic 29-5
session limits 29-10
sessions
creating 29-17
defined 29-3
limiting source traffic to specific VLANs 29-22
specifying monitored ports 29-17
with ingress traffic enabled 29-20
source ports 29-6
transmitted traffic 29-5
VLAN-based 29-6
RSTP
active topology 19-9
BPDU
format 19-12
processing 19-13
designated port, defined 19-9
designated switch, defined 19-9
interoperability with IEEE 802.1D
described 19-8
restarting migration process 19-26
topology changes 19-13
overview 19-9
port roles
described 19-9
synchronized 19-11
proposal-agreement handshake process 19-10
rapid convergence
cross-stack rapid convergence 19-11
described 19-10
edge ports and Port Fast 19-10
point-to-point links 19-10, 19-24
root ports 19-10
root port, defined 19-9
See also MSTP
running configuration
replacing 51-19, 51-20
rolling back 51-19, 51-21
running configuration, saving 3-16
S
SC (standby command switch) 6-10
scheduled reloads 3-23
scheduling, IP SLAs operations 43-5
SCP
and SSH 9-55
configuring 9-55
SDM
switch stack consideration 5-9
templates
configuring 8-6
number of 8-1
SDM mismatch mode 5-10, 8-4
SDM template 40-4
aggregator 8-1
configuration guidelines 8-5
configuring 8-4
desktop 8-1
dual IPv4 and IPv6 8-2
types of 8-1
secondary VLANs 16-2
Secure Copy Protocol
secure HTTP client
configuring 9-54
displaying 9-55
secure HTTP server
configuring 9-53
displaying 9-55
secure MAC addresses
and switch stacks 25-18
deleting 25-16
maximum number of 25-10
types of 25-9
secure ports
and switch stacks 25-18
configuring 25-8
secure remote connections 9-45
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 25-8
security features 1-10
See SCP
sequence numbers in log messages 31-8
server mode, VTP 14-3
service-provider network, MSTP and RSTP 19-1
service-provider networks
and customer VLANs 17-2
and IEEE 802.1Q tunneling 17-1
Layer 2 protocols across 17-8
Layer 2 protocol tunneling for EtherChannels 17-9
set-request operation 32-4
setup program
failed command switch replacement 49-11
replacing failed command switch 49-9
severity levels, defining in system messages 31-9
SFPs
monitoring status of 12-32, 49-14
numbering of 12-11
security and identification 49-13
status, displaying 49-14
shaped round robin
See SRR
show access-lists hw-summary command 34-22
show and more command output, filtering 2-9
show cdp traffic command 26-5
show cluster members command 6-16
show configuration command 12-25
show forward command 49-22
show interfaces command 12-19, 12-25
show interfaces switchport 21-4
show l2protocol command 17-13, 17-15
show lldp traffic command 27-11
show platform forward command 49-22
show platform tcam command 49-25
show running-config command
displaying ACLs 34-20, 34-21, 34-32, 34-35
interface description in 12-25
shutdown command on interfaces 12-33
shutdown threshold for Layer 2 protocol packets 17-11
Simple Network Management Protocol
See SNMP
small form-factor pluggable modules
See SFPs
small-frame arrival rate, configuring 25-5
smart logging 31-1, 31-14
SNAP 26-1
SNMP
accessing MIB variables with 32-4
agent
described 32-4
disabling 32-7
and IP SLAs 43-2
authentication level 32-10
community strings
configuring 32-8
for cluster switches 32-4
overview 32-4
configuration examples 32-17
default configuration 32-6
engine ID 32-7
groups 32-7, 32-9
host 32-7
ifIndex values 32-5
in-band management 1-7
in clusters 6-14
informs
and trap keyword 32-12
described 32-5
differences from traps 32-5
disabling 32-15
enabling 32-15
limiting access by TFTP servers 32-16
limiting system log messages to NMS 31-10
manager functions 1-6, 32-3
managing clusters with 6-17
notifications 32-5
overview 32-1, 32-4
security levels 32-3
setting CPU threshold notification 32-15
status, displaying 32-18
system contact and location 32-16
trap manager, configuring 32-13
traps
described 32-3, 32-5
differences from informs 32-5
disabling 32-15
enabling 32-12
enabling MAC address notification 7-15, 7-17, 7-19
overview 32-1, 32-4
types of 32-12
users 32-7, 32-9
versions supported 32-2
SNMP and Syslog Over IPv6 39-8
SNMPv1 32-2
SNMPv2C 32-2
SNMPv3 32-2
snooping, IGMP 24-2
software compatibility
See stacks, switch
software images
location in flash 51-25
recovery procedures 49-2
scheduling reloads 3-24
tar file format, described 51-25
See also downloading and uploading
source addresses
in IPv4 ACLs 34-12
in IPv6 ACLs 40-5
source-and-destination-IP address based forwarding, EtherChannel 36-9
source-and-destination MAC address forwarding, EtherChannel 36-9
source-IP address based forwarding, EtherChannel 36-9
source-MAC address forwarding, EtherChannel 36-8
Source-specific multicast
See SSM
SPAN
and stack changes 29-9
configuration guidelines 29-10
default configuration 29-10
destination ports 29-7
displaying status 29-23
interaction with other features 29-8
monitored ports 29-6
monitoring ports 29-7
overview 1-16, 29-1
ports, restrictions 25-12
received traffic 29-5
session limits 29-10
sessions
configuring ingress forwarding 29-15, 29-21
creating 29-11
defined 29-3
limiting source traffic to specific VLANs 29-15
removing destination (monitoring) ports 29-13
specifying monitored ports 29-11
with ingress traffic enabled 29-14
source ports 29-6
transmitted traffic 29-5
VLAN-based 29-6
spanning tree and native VLANs 13-17
Spanning Tree Protocol
See STP
SPAN traffic 29-5
split horizon, RIP 38-23
SRR
configuring
shaped weights on egress queues 35-84
shared weights on egress queues 35-85
shared weights on ingress queues 35-77
described 35-15
shaped mode 35-15
shared mode 35-15
support for 1-14
SSH
configuring 9-46
cryptographic software image 9-44
described 1-7, 9-45
encryption methods 9-45
switch stack considerations 5-16
user authentication methods, supported 9-45
SSL
configuration guidelines 9-51
configuring a secure HTTP client 9-54
configuring a secure HTTP server 9-53
cryptographic software image 9-49
described 9-49
monitoring 9-55
SSM
address management restrictions 46-16
CGMP limitations 46-16
components 46-14
configuration guidelines 46-16
configuring 46-14, 46-17
differs from Internet standard multicast 46-14
IGMP snooping 46-16
IGMPv3 46-14
IGMPv3 Host Signalling 46-15
IP address range 46-15
monitoring 46-17
operations 46-15
PIM 46-14
state maintenance limitations 46-16
SSM mapping 46-17
configuration guidelines 46-18
configuring 46-17, 46-20
DNS-based 46-19, 46-21
monitoring 46-22
overview 46-18
restrictions 46-18
static 46-19, 46-20
static traffic forwarding 46-22
stack, switch
MAC address of 5-6, 5-19
stack changes
effects on
IPv6 routing 39-10
stack changes, effects on
802.1x port-based authentication 10-11
ACL configuration 34-7
CDP 26-2
cross-stack EtherChannel 36-13
EtherChannel 36-10
fallback bridging 48-3
HSRP 42-5
IGMP snooping 24-6
IP routing 38-4
IPv6 ACLs 40-3
MAC address tables 7-14
MSTP 19-8
multicast routing 46-10
MVR 24-18
port security 25-18
SDM template selection 8-3
SNMP 32-1
SPAN and RSPAN 29-9
STP 18-12
switch clusters 6-14
system message log 31-2
VLANs 13-7
VTP 14-7
stack master
bridge ID (MAC address) 5-6
defined 5-1
election 5-4
IPv6 39-11
See also stacks, switch
stack member
accessing CLI of specific member 5-23
configuring
member number 5-21
priority value 5-22
defined 5-1
displaying information of 5-24
IPv6 39-11
number 5-6
priority value 5-7
provisioning a new member 5-22
replacing 5-14
See also stacks, switch
stack member number 12-11
stack protocol version 5-10
stacks, switch
accessing CLI of specific member 5-23
assigning information
member number 5-21
priority value 5-22
provisioning a new member 5-22
auto-advise 5-12
auto-copy 5-11
auto-extract 5-11
auto-upgrade 5-11
bridge ID 5-6
CDP considerations 26-2
compatibility, software 5-10
configuration file 5-14
configuration scenarios 5-16
copying an image file from one member to another 51-38
default configuration 5-19
description of 5-1
displaying information of 5-24
enabling persistent MAC address timer 5-19
hardware compatibility and SDM mismatch mode 5-9
HSRP considerations 42-5
in clusters 6-14
incompatible software and image upgrades 5-14, 51-38
IPv6 on 39-10
MAC address considerations 7-14
management connectivity 5-15
managing 5-1
membership 5-3
merged 5-3
MSTP instances supported 18-10
multicast routing, stack master and member roles 46-10
offline configuration
described 5-7
effects of adding a provisioned switch 5-8
effects of removing a provisioned switch 5-9
effects of replacing a provisioned switch 5-9
provisioned configuration, defined 5-7
provisioned switch, defined 5-7
provisioning a new member 5-22
partitioned 5-3, 49-8
provisioned switch
adding 5-8
removing 5-9
replacing 5-9
replacing a failed member 5-14
software compatibility 5-10
software image version 5-10
stack protocol version 5-10
STP
bridge ID 18-3
instances supported 18-10
root port selection 18-3
stack root switch election 18-3
system messages
hostnames in the display 31-1
remotely monitoring 31-2
system prompt consideration 7-7
system-wide configuration considerations 5-15
upgrading 51-38
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 5-11
examples 5-12
manual upgrades with auto-advise 5-12
upgrades with auto-extract 5-11
version-mismatch mode
described 5-10
See also stack master and stack member
standby command switch
configuring
considerations 6-11
defined 6-2
priority 6-10
requirements 6-3
virtual IP address 6-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby ip command 42-6
standby links 21-2
standby router 42-2
standby timers, HSRP 42-10
startup configuration
booting
manually 3-20
specific image 3-21
clearing 51-19
configuration file
automatically downloading 3-19
specifying the filename 3-19
static access ports
assigning to VLAN 13-10
defined 12-3, 13-3
static addresses
See addresses
static IP routing 1-15
static MAC addressing 1-10
static route primary interface,configuring 44-10
static routes
configuring 38-91
configuring for IPv6 39-21
understanding 39-7
static routing 38-3
static routing support, enhanced object tracking 44-10
static SSM mapping 46-19, 46-20
static traffic forwarding 46-22
static VLAN membership 13-2
statistics
802.1X 11-17
802.1x 10-66
CDP 26-5
interface 12-31
IP multicast routing 46-62
LLDP 27-10
LLDP-MED 27-10
NMSP 27-10
OSPF 38-35
QoS ingress and egress 35-87
RMON group Ethernet 30-5
RMON group history 30-5
SNMP input and output 32-18
VTP 14-17
sticky learning 25-9
storm control
configuring 25-3
described 25-1
disabling 25-5
displaying 25-21
support for 1-4
thresholds 25-1
STP
accelerating root port selection 20-4
BackboneFast
described 20-7
disabling 20-17
enabling 20-17
BPDU filtering
described 20-3
disabling 20-15
enabling 20-14
BPDU guard
described 20-2
disabling 20-14
enabling 20-13
BPDU message exchange 18-3
configuration guidelines 18-13, 20-12
configuring
forward-delay time 18-23
hello time 18-22
maximum aging time 18-23
path cost 18-20
port priority 18-18
root switch 18-16
secondary root switch 18-18
spanning-tree mode 18-15
switch priority 18-21
transmit hold-count 18-24
counters, clearing 18-24
cross-stack UplinkFast
described 20-5
enabling 20-16
default configuration 18-13
default optional feature configuration 20-12
designated port, defined 18-4
designated switch, defined 18-4
detecting indirect link failures 20-8
disabling 18-16
displaying status 18-24
EtherChannel guard
described 20-10
disabling 20-17
enabling 20-17
extended system ID
effects on root switch 18-16
effects on the secondary root switch 18-18
overview 18-4
unexpected behavior 18-16
features supported 1-8
IEEE 802.1D and bridge ID 18-4
IEEE 802.1D and multicast addresses 18-9
IEEE 802.1t and VLAN identifier 18-5
inferior BPDU 18-3
instances supported 18-10
interface state, blocking to forwarding 20-2
interface states
blocking 18-6
disabled 18-7
forwarding 18-6, 18-7
learning 18-7
listening 18-7
overview 18-5
interoperability and compatibility among modes 18-11
Layer 2 protocol tunneling 17-7
limitations with IEEE 802.1Q trunks 18-11
load sharing
overview 13-22
using path costs 13-25
using port priorities 13-23
loop guard
described 20-11
enabling 20-18
modes supported 18-10
multicast addresses, effect of 18-9
optional features supported 1-8
overview 18-2
path costs 13-25
Port Fast
described 20-2
enabling 20-12
port priorities 13-24
preventing root switch selection 20-10
protocols supported 18-10
redundant connectivity 18-8
root guard
described 20-10
enabling 20-18
root port, defined 18-3
root port selection on a switch stack 18-3
root switch
configuring 18-16
effects of extended system ID 18-4, 18-16
election 18-3
unexpected behavior 18-16
shutdown Port Fast-enabled port 20-2
stack changes, effects of 18-12
status, displaying 18-24
superior BPDU 18-3
timers, described 18-22
UplinkFast
described 20-3
enabling 20-15
VLAN-bridge 18-11
stratum, NTP 7-2
stub areas, OSPF 38-31
stub routing, EIGRP 38-42
subdomains, private VLAN 16-1
subnet mask 38-7
subnet zero 38-7
success response, VMPS 13-27
summer time 7-6
SunNet Manager 1-6
supernet 38-8
supported port-based authentication methods 10-7
SVI autostate exclude
configuring 12-27
defined 12-5
SVI link state 12-5
SVIs
and IP unicast routing 38-5
and router ACLs 34-4
connecting VLANs 12-10
defined 12-5
routing between VLANs 13-2
switch 39-2
switch clustering technology 6-1
See also clusters, switch
switch console port 1-7
Switch Database Management
See SDM
switched packets, ACLs on 34-40
Switched Port Analyzer
See SPAN
switched ports 12-2
switchport backup interface 21-4, 21-5
switchport block multicast command 25-8
switchport block unicast command 25-8
switchport command 12-16
switchport mode dot1q-tunnel command 17-6
switchport protected command 25-7
switch priority
MSTP 19-22
STP 18-21
switch software features 1-1
switch virtual interface
See SVI
synchronization, BGP 38-48
syslog
See system message logging
system capabilities TLV 27-2
system clock
configuring
daylight saving time 7-6
manually 7-4
summer time 7-6
time zones 7-5
displaying the time and date 7-5
overview 7-1
See also NTP
system description TLV 27-2
system message logging
default configuration 31-4
defining error message severity levels 31-9
disabling 31-4
displaying the configuration 31-17
enabling 31-5
facility keywords, described 31-14
level keywords, described 31-10
limiting messages 31-10
message format 31-2
overview 31-1
sequence numbers, enabling and disabling 31-8
setting the display destination device 31-5
stack changes, effects of 31-2
synchronizing log messages 31-6
syslog facility 1-16
time stamps, enabling and disabling 31-8
UNIX syslog servers
configuring the daemon 31-13
configuring the logging facility 31-13
facilities supported 31-14
system MTU
and IS-IS LSPs 38-69
system MTU and IEEE 802.1Q tunneling 17-5
system name
default configuration 7-8
default setting 7-8
manual configuration 7-8
See also DNS
system name TLV 27-2
system prompt, default setting 7-7, 7-8
system resources, optimizing 8-1
system routing
IS-IS 38-65
ISO IGRP 38-65
T
TACACS+
accounting, defined 9-11
authentication, defined 9-11
authorization, defined 9-11
configuring
accounting 9-17
authentication key 9-13
authorization 9-16
login authentication 9-14
default configuration 9-13
displaying the configuration 9-17
identifying the server 9-13
in clusters 6-16
limiting the services to the user 9-16
operation of 9-12
overview 9-10
support for 1-12
tracking services accessed by user 9-17
tagged packets
IEEE 802.1Q 17-3
Layer 2 protocol 17-7
tar files
creating 51-6
displaying the contents of 51-7
extracting 51-7
image file format 51-25
TCAM
memory consistency check errors
example 49-25
memory consistency check routines 1-5, 49-25
memory consistency integrity 1-5, 49-25
space
HFTM 49-25
HQATM 49-25
unassigned 49-25
TCL script, registering and defining with embedded event manager 33-7
TDR 1-16
Telnet
accessing management interfaces 2-10
number of connections 1-7
setting a password 9-6
templates, SDM 8-2
temporary self-signed certificate 9-50
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 9-6
ternary content addressable memory
See TCAM
TFTP
configuration files
downloading 51-11
preparing the server 51-10
uploading 51-12
configuration files in base directory 3-8
configuring for autoconfiguration 3-7
image files
deleting 51-28
downloading 51-27
preparing the server 51-26
uploading 51-29
limiting access by servers 32-16
TFTP server 1-6
threshold, traffic level 25-2
threshold monitoring, IP SLAs 43-6
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 34-17
time ranges in ACLs 34-17
time stamps in log messages 31-8
time zones 7-5
TLVs
defined 27-1
LLDP 27-2
LLDP-MED 27-2
Token Ring VLANs
support for 13-6
VTP support 14-4
ToS 1-13
traceroute, Layer 2
and ARP 49-17
and CDP 49-16
broadcast traffic 49-16
described 49-16
IP addresses and subnets 49-17
MAC addresses and VLANs 49-16
multicast traffic 49-16
multiple devices on a port 49-17
unicast traffic 49-16
usage guidelines 49-16
traceroute command 49-18
See also IP traceroute
tracked lists
configuring 44-3
types 44-3
tracked objects
by Boolean expression 44-4
by threshold percentage 44-6
by threshold weight 44-5
tracking interface line-protocol state 44-2
tracking IP routing state 44-2
tracking objects 44-1
tracking process 44-1
track state, tracking IP SLAs 44-9
traffic
blocking flooded 25-8
fragmented 34-5
fragmented IPv6 40-2
unfragmented 34-5
traffic policing 1-13
traffic suppression 25-1
transmit hold-count
see STP
transparent mode, VTP 14-3
trap-door mechanism 3-2
traps
configuring MAC address notification 7-15, 7-17, 7-19
configuring managers 32-12
defined 32-3
enabling 7-15, 7-17, 7-19, 32-12
notification types 32-12
overview 32-1, 32-4
troubleshooting
connectivity problems 49-14, 49-16, 49-17
CPU utilization 49-26
detecting unidirectional links 28-1
displaying crash information 49-24
PIMv1 and PIMv2 interoperability problems 46-35
setting packet forwarding 49-22
SFP security and identification 49-13
show forward command 49-22
with CiscoWorks 32-4
with debug commands 49-20
with ping 49-14
with system message logging 31-1
with traceroute 49-17
trunk failover
See link-state tracking
trunking encapsulation 1-9
trunk ports
configuring 13-19
defined 12-3, 13-3
encapsulation 13-19, 13-24, 13-25
trunks
allowed-VLAN list 13-20
configuring 13-19, 13-24, 13-25
ISL 13-15
load sharing
setting STP path costs 13-25
using STP port priorities 13-23, 13-24
native VLAN for untagged traffic 13-22
parallel 13-25
pruning-eligible list 13-21
to non-DTP device 13-16
trusted boundary for QoS 35-45
trusted port states
between QoS domains 35-47
classification options 35-5
ensuring port security for IP phones 35-45
support for 1-13
within a QoS domain 35-43
trustpoints, CA 9-49
tunneling
defined 17-1
IEEE 802.1Q 17-1
Layer 2 protocol 17-8
tunnel ports
defined 13-4
described 12-4, 17-1
IEEE 802.1Q, configuring 17-6
incompatibilities with other features 17-5
twisted-pair Ethernet, detecting unidirectional links 28-1
type of service
See ToS
U
UDLD
configuration guidelines 28-4
default configuration 28-4
disabling
globally 28-5
on fiber-optic interfaces 28-5
per interface 28-6
echoing detection mechanism 28-3
enabling
globally 28-5
per interface 28-6
Layer 2 protocol tunneling 17-10
link-detection mechanism 28-1
neighbor database 28-2
overview 28-1
resetting an interface 28-6
status, displaying 28-7
support for 1-8
UDP, configuring 38-15
UDP jitter, configuring 43-10
UDP jitter operation, IP SLAs 43-9
unauthorized ports with IEEE 802.1x 10-10
unicast MAC address filtering 1-6
and adding static addresses 7-22
and broadcast MAC addresses 7-21
and CPU packets 7-21
and multicast addresses 7-21
and router MAC addresses 7-21
configuration guidelines 7-21
described 7-21
unicast storm 25-1
unicast storm control command 25-4
unicast traffic, blocking 25-8
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 31-13
facilities supported 31-14
message logging configuration 31-13
unrecognized Type-Length-Value (TLV) support 14-4
upgrading software images
See downloading
UplinkFast
described 20-3
disabling 20-16
enabling 20-15
support for 1-8
uploading
configuration files
preparing 51-10, 51-13, 51-16
reasons for 51-9
using FTP 51-15
using RCP 51-18
using TFTP 51-12
image files
preparing 51-26, 51-30, 51-35
reasons for 51-24
using FTP 51-33
using RCP 51-37
using TFTP 51-29
User Datagram Protocol
See UDP
user EXEC mode 2-2
username-based authentication 9-6
V
VACL logging parameters 34-38
VACLs
logging
configuration example 34-39
version-dependent transparent mode 14-4
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 5-11
manual upgrades with auto-advise 5-12
upgrades with auto-extract 5-11
version-mismatch mode
described 5-10
virtual IP address
cluster standby group 6-11
command switch 6-11
Virtual Private Network
See VPN
virtual router 42-1, 42-2
virtual switches and PAgP 36-6
vlan.dat file 13-5
VLAN 1, disabling on a trunk port 13-20
VLAN 1 minimization 13-20
VLAN ACLs
See VLAN maps
vlan-assignment response, VMPS 13-26
VLAN configuration
at bootup 13-7
saving 13-7
VLAN configuration mode 2-2
VLAN database
and startup configuration file 13-7
and VTP 14-1
VLAN configuration saved in 13-7
VLANs saved in 13-4
vlan dot1q tag native command 17-4
VLAN filtering and SPAN 29-7
vlan global configuration command 13-7
VLAN ID, discovering 7-24
VLAN link state 12-5
VLAN load balancing on flex links 21-2
configuration guidelines 21-8
VLAN management domain 14-2
VLAN Management Policy Server
See VMPS
VLAN map entries, order of 34-31
VLAN maps
applying 34-35
common uses for 34-35
configuration guidelines 34-31
configuring 34-30
creating 34-32
defined 34-2
denying access to a server example 34-36
denying and permitting packets 34-32
displaying 34-44
examples of ACLs and VLAN maps 34-33
removing 34-35
support for 1-10
wiring closet configuration example 34-36
VLAN membership
confirming 13-30
modes 13-3
VLAN Query Protocol
See VQP
VLANs
adding 13-8
adding to VLAN database 13-8
aging dynamic addresses 18-9
allowed on trunk 13-20
and spanning-tree instances 13-3, 13-6, 13-11
configuration guidelines, extended-range VLANs 13-11
configuration guidelines, normal-range VLANs 13-6
configuring 13-1
configuring IDs 1006 to 4094 13-11
connecting through SVIs 12-10
creating 13-8
customer numbering in service-provider networks 17-3
default configuration 13-7
deleting 13-9
described 12-2, 13-1
displaying 13-14
extended-range 13-1, 13-11
features 1-9
illustrated 13-2
internal 13-12
in the switch stack 13-7
limiting source traffic with RSPAN 29-22
limiting source traffic with SPAN 29-15
modifying 13-8
multicast 24-17
native, configuring 13-22
normal-range 13-1, 13-4
number supported 1-9
parameters 13-5
port membership modes 13-3
static-access ports 13-10
STP and IEEE 802.1Q trunks 18-11
supported 13-2
Token Ring 13-6
traffic between 13-2
VLAN-bridge STP 18-11, 48-2
VTP modes 14-3
VLAN Trunking Protocol
See VTP
VLAN trunks 13-15
VMPS
administering 13-31
configuration example 13-31
configuration guidelines 13-28
default configuration 13-27
description 13-26
dynamic port membership
described 13-27
reconfirming 13-30
troubleshooting 13-31
entering server address 13-28
mapping MAC addresses to VLANs 13-26
monitoring 13-31
reconfirmation interval, changing 13-30
reconfirming membership 13-30
retry count, changing 13-30
voice aware 802.1x security
port-based authentication
configuring 10-40
described 10-31, 10-40
voice-over-IP 15-1
voice VLAN
Cisco 7960 phone, port connections 15-1
configuration guidelines 15-3
configuring IP phones for data traffic
override CoS of incoming frame 15-6
trust CoS priority of incoming frame 15-6
configuring ports for voice traffic in
802.1p priority tagged frames 15-5
802.1Q frames 15-5
connecting to an IP phone 15-4
default configuration 15-3
described 15-1
displaying 15-7
IP phone data traffic, described 15-2
IP phone voice traffic, described 15-2
VPN
configuring routing in 38-84
forwarding 38-77
in service provider networks 38-74
routes 38-75
VPN routing and forwarding table
See VRF
VQP 1-9, 13-26
VRF
defining 38-77
tables 38-74
VRF-aware services
ARP 38-81
configuring 38-80
ftp 38-83
HSRP 38-82
ping 38-81
RADIUS 38-82
SNMP 38-81
syslog 38-82
tftp 38-83
traceroute 38-83
VTP
adding a client to a domain 14-16
advertisements 13-18, 14-4
and extended-range VLANs 13-3, 14-2
and normal-range VLANs 13-2, 14-2
client mode, configuring 14-12
configuration
guidelines 14-8
requirements 14-10
saving 14-9
configuration requirements 14-10
configuration revision number
guideline 14-16
resetting 14-16
consistency checks 14-5
default configuration 14-8
described 14-1
domain names 14-9
domains 14-2
Layer 2 protocol tunneling 17-7
modes
client 14-3
off 14-3
server 14-3
transitions 14-3
transparent 14-3
monitoring 14-17
passwords 14-9
pruning
disabling 14-15
enabling 14-15
examples 14-6
overview 14-6
support for 1-9
pruning-eligible list, changing 13-21
server mode, configuring 14-11, 14-13
statistics 14-17
support for 1-9
Token Ring support 14-4
transparent mode, configuring 14-11
using 14-1
Version
enabling 14-14
version, guidelines 14-10
Version 1 14-4
Version 2
configuration guidelines 14-10
overview 14-4
Version 3
overview 14-5
W
WCCP
authentication 45-3
configuration guidelines 45-6
default configuration 45-5
described 45-1
displaying 45-10
dynamic service groups 45-3
enabling 45-6
features unsupported 45-5
forwarding method 45-3
Layer-2 header rewrite 45-3
MD5 security 45-3
message exchange 45-2
monitoring and maintaining 45-10
negotiation 45-3
packet redirection 45-3
packet-return method 45-3
redirecting traffic received from a client 45-6
setting the password 45-7
unsupported WCCPv2 features 45-5
web authentication 10-17
configuring 11-16 to ??
described 1-10
web-based authentication
customizeable web pages 11-6
description 11-1
web-based authentication, interactions with other features 11-7
Web Cache Communication Protocol
See WCCP
weighted tail drop
See WTD
weight thresholds in tracked lists 44-5
wired location service
configuring 27-9
displaying 27-10
location TLV 27-3
understanding 27-3
wizards 1-2
WTD
described 35-14
setting thresholds
egress queue-sets 35-80
ingress queues 35-75
support for 1-14
X
Xmodem protocol 49-2