- Index
- Preface
- Overview
- Using the Command-Line Interface
- Clustering Switches
- Assigning the Switch IP Address and Default Gateway
- Configuring Cisco IOS Configuration Engine
- Managing Switch Stacks
- Administering the Switch
- Configuring SDM Templates
- Configuring Switch-Based Authentication
- Configuring IEEE 802.1x Port-Based Authentication
- Configuring Web-Based Authentication
- Configuring Cisco TrustSec
- Configuring Interface Characteristics
- Configuring VLANs
- Configuring VTP
- Configuring Voice VLAN
- Configuring Private VLANs
- Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
- Configuring STP
- Configuring MSTP
- Configuring Optional Spanning-Tree Features
- Configuring Resilient Ethernet Protocol
- Configuring Flex Links and the MAC Address-Table Move Update Feature
- Configuring DHCP Features and IP Source Guard
- Configuring Dynamic ARP Inspection
- Configuring IGMP Snooping and MVR
- Configuring Port-Based Traffic Control
- Configuring CDP
- Configuring LLDP, LLDP-MED, and Wired Location Service
- Configuring UDLD
- Configuring SPAN and RSPAN
- Configuring RMON
- Configuring System Message Logging and Smart Logging
- Configuring SNMP
- Configuring Embedded Event Manager
- Configuring Network Security with ACLs
- Configuring QoS
- Configuring EtherChannels and Link-State Tracking
- Configuring TelePresence E911 IP Phone Support
- Configuring IP Unicast Routing
- Configuring IPv6 Routing
- Configuring IPv6 MLD Snooping
- Configuring IPv6 ACLs
- Configuring HSRP and VRRP
- Configuring Cisco IOS IP SLAs Operations
- Configuring Enhanced Object Tracking
- Configuring IP Multicast Routing
- Configuring MSDP
- Configuring Cache Services By Using WCCP
- Configuring Fallback Bridging
- Troubleshooting
- Configuring Online Diagnostics
- Working with the Cisco IOS File System, Configuration Files, and Software Images
- Unsupported Commands in Cisco IOS Release 15.0(2)SE
Index
10-Gigabit Ethernet interfaces
configuration guidelines 13-17
defined 13-6
802.1AE Tagging 12-2
AAA down policy, NAC Layer 2 IP validation 1-12
abbreviating commands 2-3
ABRs 39-25
AC (command switch) 6-10
access-class command 35-20
access control entry (ACE) 41-3
access-denied response, VMPS 14-27
applying IPv4 ACLs to interfaces 35-21
Layer 2 35-21
Layer 3 35-21
clusters, switch 6-13
command switches 6-11
member switches 6-13
switch clusters 6-13
accessing stack members 5-23
and Layer 2 protocol tunneling 18-10
defined 13-3
in switch clusters 6-9
access template 8-1
with 802.1x 10-54
with IEEE 802.1x 10-16
with RADIUS 9-35
with TACACS+ 9-12, 9-17
and QoS 36-8
defined 35-2
Ethernet 35-2
IP 35-2
ACEs 35-2
any keyword 35-13
on bridged packets 35-41
on multicast packets 35-42
on routed packets 35-42
on switched packets 35-40
time ranges to 35-17
to an interface 35-20, 41-7
to IPv6 interfaces 41-7
to QoS 36-8
classifying traffic for QoS 36-49
comments in 35-19
compiling 35-24
defined 35-1, 35-8
examples of 35-24, 36-49
extended IP, configuring for QoS classification 36-51
creating 35-11
matching criteria 35-8
hardware and software handling 35-22
host keyword 35-13
creating 35-8
fragments and QoS guidelines 36-40
implicit deny 35-10, 35-15, 35-17
implicit masks 35-10
matching criteria 35-8
undefined 35-22
applying to interfaces 35-20
creating 35-8
matching criteria 35-8
named 35-15
numbers 35-8
terminal lines, setting on 35-20
unsupported features 35-7
and stacking 41-3
applying to interfaces 41-7
configuring 41-4, 41-5
displaying 41-8
interactions with other features 41-4
limitations 41-3
matching criteria 41-3
named 41-3
precedence of 41-2
supported 41-2
unsupported features 41-3
Layer 4 information in 35-40
logging messages 35-9
MAC extended 35-28, 36-52
matching 35-8, 35-21, 41-3
monitoring 35-44, 41-8
named, IPv4 35-15
named, IPv6 41-3
names 41-4
number per QoS class map 36-40
port 35-2, 41-1
precedence of 35-2
QoS 36-8, 36-49
resequencing entries 35-15
router 35-2, 41-1
router ACLs and VLAN map configuration guidelines 35-39
standard IP, configuring for QoS classification 36-50
creating 35-10
matching criteria 35-8
support for 1-11
support in hardware 35-22
time ranges 35-17
types supported 35-2
unsupported features, IPv4 35-7
unsupported features, IPv6 41-3
using router ACLs with VLAN maps 35-39
configuration guidelines 35-31
configuring 35-30
active link 21-4, 21-5, 21-6
active links 21-2
active router 43-2
active traffic monitoring, IP SLAs 44-1
address aliasing 25-2
displaying the MAC address table 7-25
accelerated aging 19-9
changing the aging time 7-15
default aging 19-9
defined 7-13
learning 7-14
removing 7-16
IPv6 40-2
MAC, discovering 7-25
group address range 47-3
STP address management 19-9
adding and removing 7-21
defined 7-13
address resolution 7-25, 39-9
adjacency tables, with CEF 39-90
defined 39-103
OSPF 39-33
routing protocol defaults 39-92
CDP 27-1
LLDP 28-1, 28-2
RIP 39-20
aggregatable global unicast addresses 40-3
aggregate addresses, BGP 39-60
aggregate policers 36-67
aggregate policing 1-14
aggregator template 5-10, 8-1
aging, accelerating 19-9
for MSTP 20-23
for STP 19-9, 19-23
MAC address table 7-15
for MSTP 20-24
for STP 19-23, 19-24
alarms, RMON 31-4
allowed-VLAN list 14-20
application engines, redirecting traffic to 46-1
IS-IS 39-65
ISO IGRP 39-65
configuring 39-10
defined 1-6, 7-25, 39-9
encapsulation 39-11
static cache configuration 39-10
address resolution 7-25
managing 7-25
ASBRs 39-25
AS-path filters, BGP 39-55
asymmetrical links, and IEEE 802.1Q tunneling 18-4
vendor-proprietary 9-38
vendor-specific 9-36
attribute-value pairs 10-13, 10-16, 10-21, 10-22
EIGRP 39-41
HSRP 43-10
local mode with AAA 9-44
open1x 10-31
key 9-28
login 9-30
defined 9-11
key 9-13
login 9-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 10-8
authentication keys, and routing protocols 39-103
CLI commands 10-9
compatibility with older 802.1x CLI commands 10-9 to ??
overview 10-7
authoritative time source, described 7-2
with RADIUS 9-34
with TACACS+ 9-12, 9-16
authorized ports with IEEE 802.1x 10-10
autoconfiguration 3-3
auto enablement 10-33
automatic advise (auto-advise) in switch stacks 5-12
automatic copy (auto-copy) in switch stacks 5-11
beyond a noncandidate device 6-8
brand new switches 6-9
connectivity 6-5
different VLANs 6-7
management VLANs 6-7
non-CDP-capable devices 6-6
noncluster-capable devices 6-6
routed ports 6-8
in switch clusters 6-5
automatic extraction (auto-extract) in switch stacks 5-11
automatic recovery, clusters 6-10
automatic upgrades (auto-upgrade) in switch stacks 5-11
configuring 13-21
described 13-21
duplex mode 1-4
interface configuration guidelines 13-18
mismatches 50-12
autonomous system boundary routers
autonomous systems, in BGP 39-48
Auto-QoS video devices 1-14
Auto-RP, described 47-6
autosensing, port speed 1-4
autostate exclude 13-5
availability, features 1-8
described 22-7
disabling 22-17
enabling 22-17
support for 1-8
backup links 21-2
backup static routing, configuring 45-12
login 7-13
message-of-the-day login 7-12
default configuration 7-11
when displayed 7-11
Berkeley r-tools replacement 9-56
aggregate addresses 39-60
aggregate routes, configuring 39-60
CIDR 39-60
clear commands 39-64
community filtering 39-57
configuring neighbors 39-59
default configuration 39-46
described 39-45
enabling 39-48
monitoring 39-64
multipath support 39-52
neighbors, types of 39-48
path selection 39-52
peers, configuring 39-59
prefix filtering 39-56
resetting sessions 39-51
route dampening 39-63
route maps 39-54
route reflectors 39-62
routing domain confederation 39-61
routing session with multi-VRF CE 39-84
show commands 39-64
supernets 39-60
support for 1-15
Version 4 39-45
binding cluster group and HSRP group 43-12
See DHCP, Cisco IOS server database
See DHCP snooping binding database
address, Cisco IOS DHCP server 23-6
DHCP snooping database 23-6
IP source guard 23-16
See DHCP snooping binding database
blocking packets 26-7
Boolean expressions in tracked lists 45-4
boot loader, function of 3-2
boot process 3-2
manually 3-20
specific image 3-21
accessing 3-22
described 3-2
environment variables 3-22
prompt 3-22
trap-door mechanism 3-2
Boot Loader Upgrade and Image Verification for the FIPS Mode of Operation 3-25
bootstrap router (BSR), described 47-7
error-disabled state 22-2
filtering 22-3
RSTP format 20-12
described 22-3
disabling 22-15
enabling 22-14
support for 1-8
described 22-2
disabling 22-14
enabling 22-13
support for 1-8
bridged packets, ACLs on 35-41
broadcast flooding 39-17
directed 39-14
flooded 39-14
broadcast storm-control command 26-4
broadcast storms 26-1, 39-14
cables, monitoring for unidirectional links 29-1
automatic discovery 6-5
defined 6-4
requirements 6-4
See also command switch, cluster standby group, and member switch
authentication compatibility 10-8
configuring 9-53
defined 9-51
and trusted boundary 36-46
automatic discovery in switch clusters 6-5
configuring 27-2
default configuration 27-2
defined with LLDP 28-1
described 27-1
disabling for routing device 27-4
on an interface 27-4
on a switch 27-4
Layer 2 protocol tunneling 18-7
monitoring 27-5
overview 27-1
power negotiation extensions 13-7
support for 1-6
switch stack considerations 27-2
transmission timer and holdtime, setting 27-3
updates 27-3
defined 39-90
distributed 39-90
enabling 39-90
IPv6 40-21
as IGMP snooping learning method 25-9
clearing cached group entries 47-62
enabling server support 47-44
joining multicast group 25-3
overview 47-9
server support only 47-9
switch support of 1-5
CIDR 39-60
CipherSuites 9-52
Cisco 7960 IP Phone 16-1
Cisco Group Management Protocol
Cisco intelligent power management 13-7
See DHCP, Cisco IOS DHCP server
Cisco IOS IP SLAs 44-2
Cisco Redundant Power System 2300
configuring 13-29
managing 13-29
attribute-value pairs for downloadable ACLs 10-22
attribute-value pairs for redirect URL 10-21
Cisco Secure ACS configuration guide 10-72
CiscoWorks 2000 1-6, 33-4
CISP 10-33
civic location 28-3
classless routing 39-8
configuring 36-53
described 36-8
displaying 36-87
clearing interfaces 13-32
abbreviating commands 2-3
command modes 2-1
configuration logging 2-5
described 1-6
enabling and disabling 2-6
keystroke editing 2-7
wrapped lines 2-8
error messages 2-4
filtering command output 2-9
getting help 2-3
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
managing clusters 6-16
no and default forms of commands 2-4
Client Information Signalling Protocol
client mode, VTP 15-3
client processes, tracking 45-1
accessing 6-13
automatic discovery 6-5
automatic recovery 6-10
benefits 1-2
compatibility 6-4
described 6-1
LRE profile considerations 6-16
through CLI 6-16
through SNMP 6-17
planning 6-4
automatic discovery 6-5
automatic recovery 6-10
CLI 6-16
host names 6-13
IP addresses 6-13
LRE profiles 6-16
passwords 6-13
RADIUS 6-16
SNMP 6-14, 6-17
switch stacks 6-14
TACACS+ 6-16
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
and HSRP group 43-12
automatic recovery 6-12
considerations 6-11
defined 6-2
requirements 6-3
virtual IP address 6-11
CNS 1-6
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-8
management functions 1-6
CoA Request Commands 9-23
Coarse Wave Division Multiplexer
command modes 2-1
abbreviating 2-3
no and default 2-4
commands, setting privilege levels 9-8
accessing 6-11
active (AC) 6-10
configuration conflicts 50-12
defined 6-2
passive (PC) 6-10
password privilege levels 6-17
priority 6-10
from command-switch failure 6-10, 50-8
from lost member connectivity 50-12
redundant 6-10
with another switch 50-11
with cluster member 50-9
requirements 6-3
standby (SC) 6-10
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 39-58
community ports 17-2
configuring 6-14, 33-8
for cluster switches 33-4
in clusters 6-14
overview 33-4
SNMP 6-14
community VLANs 17-2, 17-3
compatibility, feature 26-12
config.text 3-19
configurable leave timer, IGMP 25-6
defaults 1-18
Express Setup 1-2
configuration changes, logging 32-11
configuration conflicts, recovering from lost member connectivity 50-12
configuration examples, network 1-21
archiving 52-20
clearing the startup configuration 52-19
creating using a text editor 52-10
default name 3-19
deleting a stored configuration 52-19
described 52-8
automatically 3-19
preparing 52-10, 52-13, 52-16
reasons for 52-8
using FTP 52-13
using RCP 52-17
using TFTP 52-11
guidelines for creating and using 52-9
guidelines for replacing and rolling back 52-21
invalid combinations when copying 52-5
limiting TFTP server access 33-16
obtaining with DHCP 3-9
password recovery disable considerations 9-5
replacing a running configuration 52-19, 52-20
rolling back a running configuration 52-19, 52-21
specifying the filename 3-19
system contact and location information 33-16
types and location 52-10
preparing 52-10, 52-13, 52-16
reasons for 52-9
using FTP 52-15
using RCP 52-18
using TFTP 52-12
configuration guidelines, multi-VRF CE 39-77
configuration logger 32-11
configuration logging 2-5
configuration replacement 52-19
configuration rollback 52-19, 52-20
configuration settings, saving 3-16
configure terminal command 13-12
configuring 802.1x user distribution 10-67
configuring port-based authentication violation modes 10-43
configuring small-frame arrival rate 26-5
Configuring VACL Logging 35-37
conflicts, configuration 50-12
connections, secure remote 9-46
connectivity problems 50-14, 50-16, 50-17
consistency checks in VTP Version 2 15-5
console port, connecting to 2-10
control protocol, IP SLAs 44-4
corrupted software, recovery steps with Xmodem 50-2
in Layer 2 frames 36-2
override priority 16-6
trust priority 16-6
CoS input queue threshold map for QoS 36-17
CoS output queue threshold map for QoS 36-19
CoS-to-DSCP map for QoS 36-69
counters, clearing interface 13-32
CPU utilization, troubleshooting 50-26
crashinfo file 50-24
critical authentication, IEEE 802.1x 10-64
critical VLAN 10-24
configuring 10-64
configuration guidelines 37-13
on Layer 2 interfaces 37-13
on Layer 3 physical interfaces 37-16
described 37-3
illustration 37-4
support for 1-8
described 22-5
disabling 22-16
enabling 22-16
fast-convergence events 22-7
Fast Uplink Transition Protocol 22-6
normal-convergence events 22-7
support for 1-8
Kerberos 9-40
SSH 9-45
SSL 9-50
switch stack considerations 5-16
customer edge devices 39-75
customjzeable web pages, web-based authentication 11-6
CWDM SFPs 1-31
daylight saving time 7-7
dCEF, in the switch stack 39-90
enabling all system diagnostics 50-21
enabling for a specific feature 50-20
redirecting error message output 50-21
using commands 50-20
default commands 2-4
802.1x 10-37
auto-QoS 36-22
banners 7-11
BGP 39-46
CDP 27-2
DHCP 23-8
DHCP option 82 23-8
DHCP snooping 23-8
DHCP snooping binding database 23-9
DNS 7-10
dynamic ARP inspection 24-5
EIGRP 39-37
EtherChannel 37-11
Ethernet interfaces 13-16
fallback bridging 49-3
Flex Links 21-8
HSRP 43-5
IEEE 802.1Q tunneling 18-4
IGMP 47-39
IGMP filtering 25-25
IGMP snooping 25-7, 42-6
IGMP throttling 25-25
initial switch information 3-3
IP addressing, IP routing 39-6
IP multicast routing 47-11
IP SLAs 44-6
IP source guard 23-17
IPv6 40-12
IS-IS 39-66
Layer 2 interfaces 13-16
Layer 2 protocol tunneling 18-11
LLDP 28-4
MAC address table 7-15
MAC address-table move update 21-8
MSDP 48-4
MSTP 20-14
multi-VRF CE 39-77
MVR 25-20
optional spanning-tree configuration 22-12
OSPF 39-26
password and privilege level 9-2
PIM 47-11
private VLANs 17-7
RADIUS 9-27
RIP 39-20
RMON 31-3
RSPAN 30-10
SDM template 8-4
SNMP 33-6
SPAN 30-10
SSL 9-52
standard QoS 36-37
STP 19-13
switch stacks 5-19
system message logging 32-4
system name and prompt 7-9
TACACS+ 9-13
UDLD 29-4
VLAN, Layer 2 Ethernet interfaces 14-18
VLANs 14-8
VMPS 14-28
voice VLAN 16-3
VTP 15-8
WCCP 46-5
default gateway 3-16, 39-12
default networks 39-93
default routes 39-93
default routing 39-3
default web-based authentication configuration
802.1X 11-9
deleting VLANs 14-9
denial-of-service attack 26-1
description command 13-25
designing your network, examples 1-21
desktop template 5-10, 8-1
in IPv4 ACLs 35-12
in IPv6 ACLs 41-5
destination-IP address-based forwarding, EtherChannel 37-9
destination-MAC address forwarding, EtherChannel 37-9
detecting indirect link failures, STP 22-8
device 52-24
device discovery protocol 27-1, 28-1
benefits 1-2
described 1-2, 1-5
in-band management 1-7
upgrading a switch 52-24
configuring 10-55
restrictions 10-55
configuring 23-14
default configuration 23-9
described 23-6
relay agent 23-10
client request message exchange 3-4
client side 3-4
DNS 3-8
relay device 3-8
server side 3-6
TFTP server 3-7
example 3-10
for IP address information 3-6
for receiving the configuration file 3-7
overview 3-3
relationship to BOOTP 3-4
relay support 1-6, 1-15
support for 1-6
DHCP-based autoconfiguration and image update
configuring 3-11 to 3-15
understanding 3-5 to 3-6
See DHCP snooping binding database
See DHCP snooping binding database
DHCP object tracking, configuring primary interface 45-10
circuit ID suboption 23-5
configuration guidelines 23-9
default configuration 23-8
displaying 23-15
forwarding address, specifying 23-10
helper address 23-10
overview 23-3
circuit ID 23-5
remote ID 23-5
remote ID suboption 23-5
DHCP server port-based address allocation
configuration guidelines 23-26
default configuration 23-26
described 23-25
displaying 23-29
enabling 23-26
reserved addresses 23-27
DHCP server port-based address assignment
support for 1-6
accepting untrusted packets form edge switch 23-3, 23-12
and private VLANs 23-13
See DHCP snooping binding database
configuration guidelines 23-9
default configuration 23-8
displaying binding tables 23-15
message exchange process 23-4
option 82 data insertion 23-3
trusted interface 23-2
untrusted interface 23-2
untrusted messages 23-2
DHCP snooping binding database
adding bindings 23-14
format 23-7
location 23-6
bindings 23-6
clearing agent statistics 23-15
configuration guidelines 23-9
configuring 23-14
default configuration 23-8, 23-9
binding file 23-15
bindings 23-15
database agent 23-15
described 23-6
displaying 23-15
binding entries 23-15
status and statistics 23-15
enabling 23-14
entry 23-6
renewing database 23-15
delay value 23-15
timeout value 23-15
See DHCP snooping binding database
configuration guidelines 40-17
default configuration 40-17
described 40-6
enabling client function 40-19
enabling DHCPv6 server function 40-17
support for 1-15
Differentiated Services architecture, QoS 36-2
Differentiated Services Code Point 36-2
Diffusing Update Algorithm (DUAL) 39-35
directed unicast requests 1-6
changing 52-4
creating and removing 52-4
displaying the working 52-4
Distance Vector Multicast Routing Protocol
distance-vector protocols 39-3
distribute-list command 39-102
and DHCP-based autoconfiguration 3-8
default configuration 7-10
displaying the configuration 7-11
in IPv6 40-4
overview 7-9
setting up 7-10
support for 1-6
DNS-based SSM mapping 47-19, 47-21
DNS 7-9
VTP 15-9
domains, ISO IGRP routing 39-65
dot1q-tunnel switchport mode 14-17
IEEE 802.1Q tunneling 18-2
Layer 2 protocol tunneling 18-10
downloadable ACL 10-20, 10-22, 10-72
preparing 52-10, 52-13, 52-16
reasons for 52-8
using FTP 52-13
using RCP 52-17
using TFTP 52-11
deleting old image 52-28
preparing 52-26, 52-30, 52-35
reasons for 52-24
using CMS 1-2
using FTP 52-31
using HTTP 1-2, 52-24
using RCP 52-36
using TFTP 52-27
using the device manager or Network Assistant 52-24
drop threshold for Layer 2 protocol packets 18-11
configuring 40-15
described 40-5
IPv6 40-5
support for 1-16
DSCP 1-14, 36-2
DSCP input queue threshold map for QoS 36-17
DSCP output queue threshold map for QoS 36-19
DSCP-to-CoS map for QoS 36-72
DSCP-to-DSCP-mutation map for QoS 36-73
DSCP transparency 36-47
DTP 1-9, 14-16
dual-action detection 37-6
DUAL finite state machine, EIGRP 39-36
dual IPv4 and IPv6 templates 8-2, 40-6
IPv4 and IPv6 40-6
SDM templates supporting 40-6
configuring a summary address 47-58
disabling 47-60
connecting PIM domain to DVMRP router 47-51
enabling unicast routing 47-54
with Cisco devices 47-49
with Cisco IOS software 47-9
mrinfo requests, responding to 47-53
advertising the default route to 47-53
discovery with Probe messages 47-49
displaying information 47-53
prevent peering with nonpruning 47-56
rejecting nonpruning 47-55
overview 47-9
adding a metric offset 47-60
advertising all 47-60
advertising the default route to neighbors 47-53
caching DVMRP routes learned in report messages 47-54
changing the threshold for syslog messages 47-57
deleting 47-62
displaying 47-62
favoring one over another 47-60
limiting the number injected into MBONE 47-57
limiting unicast route advertisements 47-49
routing table 47-9
source distribution tree, building 47-9
support for 1-15
configuring 47-51
displaying neighbor information 47-53
characteristics 14-4
configuring 14-29
defined 13-3
ARP cache poisoning 24-1
ARP requests, described 24-1
ARP spoofing attack 24-1
log buffer 24-16
statistics 24-16
configuration guidelines 24-6
ACLs for non-DHCP environments 24-9
in DHCP environments 24-7
log buffer 24-13
rate limit for incoming ARP packets 24-4, 24-11
default configuration 24-5
denial-of-service attacks, preventing 24-11
described 24-1
DHCP snooping binding database 24-2
ARP ACLs 24-15
configuration and operating state 24-15
log buffer 24-16
statistics 24-16
trust state and rate limit 24-15
error-disabled state for exceeding rate limit 24-4
function of 24-2
interface trust states 24-3
clearing 24-16
configuring 24-13
displaying 24-16
logging of dropped packets, described 24-5
man-in-the middle attack, described 24-2
network security issues and interface trust states 24-3
priority of ARP ACLs and DHCP snooping entries 24-4
configuring 24-11
described 24-4
error-disabled state 24-4
clearing 24-16
displaying 24-16
validation checks, performing 24-13
dynamic auto trunking mode 14-17
dynamic desirable trunking mode 14-17
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
described 14-27
reconfirming 14-30
troubleshooting 14-32
types of connections 14-29
dynamic routing 39-3
ISO CLNS 39-65
EAC 12-2
EBGP 39-44
enabling and disabling 2-6
keystrokes used 2-7
wrapped lines 2-8
EEM 3.2 34-5
authentication 39-41
components 39-36
configuring 39-39
default configuration 39-37
definition 39-35
interface parameters, configuring 39-40
monitoring 39-43
stub routing 39-42
ELIN location 28-3
3.2 34-5
actions 34-4
configuring 34-1, 34-6
displaying information 34-8
environmental variables 34-5
event detectors 34-3
policies 34-4
registering and defining an applet 34-6
registering and defining a TCL script 34-7
understanding 34-1
enable password 9-3
enable secret password 9-3
Enable the FIPS mode 3-25
encryption, CipherSuite 9-52
encryption for passwords 9-3
Endpoint Admission Control (EAC) 12-2
backup static routing 45-12
commands 45-1
defined 45-1
DHCP primary interface 45-10
HSRP 45-7
IP routing state 45-2
IP SLAs 45-9
line-protocol state 45-2
network monitoring with IP SLAs 45-11
routing policy, configuring 45-12
static route primary interface 45-10
tracked lists 45-3
enhanced object tracking static routing 45-10
environmental variables, embedded event manager 34-5
environment variables, function of 3-23
equal-cost routing 1-15, 39-91
error-disabled state, BPDU 22-2
error messages during command entry 2-4
automatic creation of 37-5, 37-7
binding physical and logical interfaces 37-4
numbering of 37-4
configuration guidelines 37-12
Layer 2 interfaces 37-13
Layer 3 physical interfaces 37-16
Layer 3 port-channel logical interfaces 37-15
default configuration 37-11
described 37-2
displaying status 37-23
forwarding methods 37-8, 37-18
IEEE 802.3ad, described 37-7
with STP 37-12
with VLANs 37-12
described 37-7
displaying status 37-23
hot-standby ports 37-20
interaction with other features 37-8
modes 37-7
port priority 37-22
system priority 37-21
Layer 3 interface 39-5
load balancing 37-8, 37-18
logical interfaces, described 37-4
aggregate-port learners 37-19
compatibility with Catalyst 1900 37-19
described 37-5
displaying status 37-23
interaction with other features 37-7
interaction with virtual switches 37-6
learn method and priority configuration 37-19
modes 37-6
support for 1-4
with dual-action detection 37-6
described 37-4
numbering of 37-4
port groups 13-6
stack changes, effects of 37-10
support for 1-4
described 22-10
disabling 22-17
enabling 22-17
adding 14-8
defaults and ranges 14-8
modifying 14-8
EUI 40-4
event detectors, embedded event manager 34-3
events, RMON 31-4
network configuration 1-21
expedite queue for QoS 36-86
Express Setup 1-2
See also getting started guide
extended crashinfo file 50-24
configuration guidelines 14-11
configuring 14-11
creating 14-12
creating with an internal VLAN ID 14-14
defined 14-1
MSTP 20-18
STP 19-4, 19-16
Extensible Authentication Protocol over LAN 10-1
external neighbors, BGP 39-48
fa0 interface 1-7
failover support 1-8
and protected ports 49-4
creating 49-4
described 49-2
displaying 49-10
function of 49-2
number supported 49-4
removing 49-5
clearing 49-10
displaying 49-10
configuration guidelines 49-4
connecting interfaces with 13-10
default configuration 49-3
described 49-1
flooding packets 49-2
forwarding packets 49-2
overview 49-1
protocol, unsupported 49-4
stack changes, effects of 49-3
disabling on an interface 49-9
forward-delay interval 49-8
hello BPDU interval 49-8
interface priority 49-6
maximum-idle interval 49-9
path cost 49-7
VLAN-bridge spanning-tree priority 49-6
VLAN-bridge STP 49-2
support for 1-15
SVIs and routed ports 49-1
unsupported protocols 49-4
VLAN-bridge STP 19-12
Fast Convergence 21-3
Fast Uplink Transition Protocol 22-6
features, incompatible 26-12
FIB 39-90
fiber-optic, detecting unidirectional links 29-1
description 50-24
location 50-24
copying 52-5
crashinfo, description 50-24
deleting 52-5
displaying the contents of 52-8
description 50-25
location 50-25
creating 52-6
displaying the contents of 52-7
extracting 52-7
image file format 52-25
displaying available file systems 52-2
displaying file information 52-3
local file system names 52-1
network file system names 52-5
setting the default 52-3
in a VLAN 35-30
IPv6 traffic 41-4, 41-7
non-IP traffic 35-28
show and more command output 2-9
filtering show and more command output 2-9
flash device, number of 52-1
flexible authentication ordering
configuring 10-74
overview 10-31
Flex Link Multicast Fast Convergence 21-3
configuration guidelines 21-8
configuring 21-9
configuring preferred VLAN 21-12
configuring VLAN load balancing 21-11
default configuration 21-8
description 21-1
link load balancing 21-2
monitoring 21-14
VLANs 21-2
flooded traffic, blocking 26-8
flow-based packet classification 1-14
QoS classification 36-7
QoS egress queueing and scheduling 36-18
QoS ingress queueing and scheduling 36-16
QoS policing and marking 36-11
configuring 13-20
described 13-20
MSTP 20-23
STP 19-23
forwarding nonroutable protocols 49-1
downloading 52-13
overview 52-12
preparing the server 52-13
uploading 52-15
deleting old image 52-33
downloading 52-31
preparing the server 52-30
uploading 52-33
general query 21-5
Generating IGMP Reports 21-3
get-bulk-request operation 33-3
get-next-request operation 33-3, 33-4
get-request operation 33-3, 33-4
get-response operation 33-3
global configuration mode 2-2
global leave, IGMP 25-13
guest VLAN and 802.1x 10-22
guide mode 1-2
See device manager and Network Assistant
hardware limitations and Layer 3 interfaces 13-26
MSTP 20-23
STP 19-22
help, for the command line 2-3
HFTM space 50-25
hierarchical policy maps 36-9
configuration guidelines 36-40
configuring 36-59
described 36-12
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 32-10
host names, in clusters 6-13
configuring 17-12
kinds of 17-2
hosts, limit on dynamic ports 14-32
HP OpenView 1-6
HQATM space 50-25
authentication string 43-10
automatic cluster recovery 6-12
binding to cluster group 43-12
cluster standby group considerations 6-11
command-switch redundancy 1-1, 1-8
configuring 43-5
default configuration 43-5
definition 43-1
guidelines 43-6
monitoring 43-13
object tracking 45-7
overview 43-1
priority 43-8
routing redundancy 1-15
support for ICMP redirect messages 43-12
switch stack considerations 43-5
timers 43-10
tracking 43-8
See also clusters, cluster standby group, and standby command switch
configuring 40-28
guidelines 40-27
HTTPS 9-50
configuring 9-54
self-signed certificate 9-51
HTTP secure server 9-50
IBPG 39-44
IPv6 40-4
redirect messages 39-12
support for 1-15
time-exceeded messages 50-18
traceroute and 50-18
unreachable messages 35-21
unreachable messages and IPv6 41-4
unreachables and ACLs 35-22
configuring 44-12
IP SLAs 44-12
executing 50-15
overview 50-14
ICMP Router Discovery Protocol
ICMPv6 40-4
and ingress RSPAN 30-20
and ingress SPAN 30-14
IEEE 802.1p 16-1
and trunk ports 13-3
configuration limitations 14-18
encapsulation 14-15
native VLAN for untagged traffic 14-22
compatibility with other features 18-5
defaults 18-4
described 18-1
tunnel ports with other features 18-6
IEEE 802.3x flow control 13-20
ifIndex values, SNMP 33-5
IFS 1-7
described 25-6
enabling 25-11
as a member of a group 47-39
statically connected member 47-43
controlling access to groups 47-40
default configuration 47-39
deleting cache entries 47-62
displaying groups 47-62
fast switching 47-44
controlling the length of time 25-12
disabling on an interface 25-13
global leave 25-13
query solicitation 25-13
recovering from flood mode 25-13
host-query interval, modifying 47-41
joining multicast group 25-3
join messages 25-3
leave processing, enabling 25-11, 42-9
leaving multicast group 25-5
multicast reachability 47-39
overview 47-3
queries 25-4
described 25-6
disabling 25-16, 42-11
supported versions 25-3
support for 1-5
changing to Version 2 47-41
described 47-3
changing to Version 1 47-41
described 47-3
maximum query response time value 47-43
pruning groups 47-43
query timeout value 47-42
configuring 25-25
default configuration 25-25
described 25-24
monitoring 25-29
support for 1-5
configuring filtering 25-28
setting the maximum number 25-27
IGMP helper 1-5, 47-6
configuration guidelines 25-11
described 25-5
enabling 25-11
applying 25-26
configuration mode 25-25
configuring 25-26
and address aliasing 25-2
and stack changes 25-6
configuring 25-7
default configuration 25-7, 42-6
definition 25-2
enabling and disabling 25-7, 42-7
global configuration 25-7
Immediate Leave 25-5
in the switch stack 25-6
method 25-8
monitoring 25-16, 42-12
configuration guidelines 25-14
configuring 25-14
supported versions 25-3
support for 1-5
VLAN configuration 25-8
configuring 25-28
default configuration 25-25
described 25-24
displaying action 25-29
IGP 39-25
Immediate Leave, IGMP 25-5
enabling 42-9
inaccessible authentication bypass 10-24
support for multiauth ports 10-25
defaults 1-18
Express Setup 1-2
number 13-11
range macros 13-14
interface command 13-11 to 13-12
interface configuration mode 2-2
auto-MDIX, configuring 13-21
10-Gigabit Ethernet 13-17
duplex and speed 13-18
procedure 13-12
counters, clearing 13-32
default configuration 13-16
described 13-25
descriptive name, adding 13-25
displaying information about 13-31
flow control 13-20
management 1-5
monitoring 13-31
naming 13-25
physical, identifying 13-11
range of 13-13
restarting 13-33
shutting down 13-33
speed and duplex, configuring 13-19
status 13-31
supported 13-11
types of 13-1
interfaces range macro command 13-14
interface types 13-11
internal neighbors, BGP 39-48
Internet Control Message Protocol
Internet Group Management Protocol
inter-VLAN routing 1-15, 39-2
inventory management TLV 28-3, 28-7
for QoS classification 36-8
implicit deny 35-10, 35-15
implicit masks 35-10
named 35-15
undefined 35-22
128-bit 40-2
candidate or member 6-4, 6-13
classes of 39-7
cluster access 6-2
command switch 6-3, 6-11, 6-13
default configuration 39-6
discovering 7-25
for IP routing 39-5
IPv6 40-2
MAC address association 39-9
monitoring 39-18
redundant clusters 6-11
standby command switch 6-11, 6-13
IP base image 1-1
IP broadcast address 39-16
ip cef distributed command 39-90
IP directed broadcasts 39-14
ip igmp profile command 25-25
manually 3-15
through DHCP-based autoconfiguration 3-3
default configuration 3-3
all-hosts 47-3
all-multicast-routers 47-3
host group address range 47-3
administratively-scoped boundaries, described 47-47
and IGMP snooping 25-2
adding to an existing sparse-mode cloud 47-27
benefits of 47-26
clearing the cache 47-62
configuration guidelines 47-12
filtering incoming RP announcement messages 47-29
overview 47-6
preventing candidate RP spoofing 47-29
preventing join messages to false RPs 47-28
setting up in a new internetwork 47-26
using with BSR 47-34
configuration guidelines 47-12
configuring candidate BSRs 47-32
configuring candidate RPs 47-33
defining the IP multicast boundary 47-31
defining the PIM domain border 47-30
overview 47-7
using with Auto-RP 47-34
Cisco implementation 47-2
basic multicast routing 47-12
IP multicast boundary 47-47
default configuration 47-11
multicast forwarding 47-13
PIM mode 47-13
Auto-RP 47-6
BSR 47-7
deleting sdr cache entries 47-62
described 47-45
displaying sdr cache 47-63
enabling sdr listener support 47-46
limiting DVMRP routes advertised 47-57
limiting sdr cache entry lifetime 47-46
SAP packets for conference session announcement 47-46
Session Directory (sdr) tool, described 47-45
packet rate loss 47-63
peering devices 47-63
tracing a path 47-63
multicast forwarding, described 47-8
PIMv1 and PIMv2 interoperability 47-11
protocol interaction 47-2
reverse path check (RPF) 47-8
deleting 47-62
displaying 47-62
assigning manually 47-25
configuring Auto-RP 47-26
configuring PIMv2 BSR 47-30
monitoring mapping information 47-34
using Auto-RP and BSR 47-34
stack master functions 47-10
stack member functions 47-10
statistics, displaying system and network 47-62
and QoS 16-1
automatic classification and queueing 36-21
configuring 16-4
ensuring port security with QoS 36-45
trusted boundary for QoS 36-45
IP Port Security for Static Hosts
on a Layer 2 access port 23-20
on a PVLAN host port 23-23
IP precedence 36-2
IP-precedence-to-DSCP map for QoS 36-70
in ACLs 35-12
routing 1-15
IP routes, monitoring 39-105
connecting interfaces with 13-10
disabling 39-19
enabling 39-19
IP service levels, analyzing 44-1
IP services image 1-1
benefits 44-2
configuration guidelines 44-6
configuring object tracking 45-9
Control Protocol 44-4
default configuration 44-6
definition 44-1
ICMP echo operation 44-12
measuring network performance 44-3
monitoring 44-14
multioperations scheduling 44-5
object tracking 45-9
operation 44-3
reachability tracking 45-9
described 44-4
enabling 44-8
response time 44-4
scheduling 44-5
SNMP support 44-2
supported metrics 44-2
threshold monitoring 44-6
track object monitoring agent, configuring 45-11
track state 45-9
UDP jitter operation 44-9
and 802.1x 23-18
and DHCP snooping 23-15
and port security 23-18
and private VLANs 23-18
and routed ports 23-18
and TCAM entries 23-18
and trunk interfaces 23-18
and VRF 23-18
automatic 23-16
manual 23-16
binding table 23-16
configuration guidelines 23-18
default configuration 23-17
described 23-15
disabling 23-19
active IP or MAC bindings 23-25
bindings 23-25
configuration 23-25
enabling 23-19, 23-20
source IP address 23-16
source IP and MAC address 23-16
on provisioned switches 23-18
source IP address filtering 23-16
source IP and MAC address filtering 23-16
adding 23-19, 23-20
deleting 23-19
static hosts 23-20
executing 50-18
overview 50-17
address resolution 39-9
administrative distances 39-92, 39-103
ARP 39-9
assigning IP addresses to Layer 3 interfaces 39-7
authentication keys 39-103
address 39-16
flooding 39-17
packets 39-14
storms 39-14
classless routing 39-8
configuring static routes 39-92
addressing configuration 39-6
gateways 39-12
networks 39-93
routes 39-93
routing 39-3
directed broadcasts 39-14
disabling 39-19
dynamic routing 39-3
enabling 39-19
EtherChannel Layer 3 interface 39-5
IGP 39-25
inter-VLAN 39-2
classes 39-7
configuring 39-5
IPv6 40-3
IRDP 39-13
Layer 3 interfaces 39-5
MAC address and IP address 39-9
passive interfaces 39-101
distance-vector 39-3
dynamic 39-3
link-state 39-3
proxy ARP 39-9
redistribution 39-94
reverse address resolution 39-9
routed ports 39-5
static routing 39-3
steps to configure 39-5
subnet mask 39-7
subnet zero 39-7
supernet 39-8
UDP 39-16
with SVIs 39-5
applying to interfaces 35-20
extended, creating 35-11
named 35-15
standard, creating 35-10
dual protocol stacks 40-5
displaying 41-8
limitations 41-3
matching criteria 41-3
port 41-1
precedence 41-2
router 41-1
supported 41-2
addresses 40-2
address formats 40-2
and switch stacks 40-11
applications 40-5
assigning address 40-12
autoconfiguration 40-5
CEFv6 40-21
configuring static routes 40-22
default configuration 40-12
default router preference (DRP) 40-5
defined 40-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 40-8
EIGRP IPv6 Commands 40-9
Router ID 40-8
feature limitations 40-10
features not supported 40-10
forwarding 40-12
ICMP 40-4
monitoring 40-30
neighbor discovery 40-4
OSPF 40-7
path MTU discovery 40-4
SDM templates 8-2, 41-1, 42-1
stack master functions 40-11
Stateless Autoconfiguration 40-5
supported features 40-3
switch limitations 40-10
understanding static routes 40-7
IPv6 traffic, filtering 41-4
configuring 39-13
definition 39-13
support for 1-15
addresses 39-65
area routing 39-65
default configuration 39-66
monitoring 39-74
show commands 39-74
system routing 39-65
and IPv6 40-3
and trunk ports 13-3
encapsulation 1-9, 14-15
trunking with IEEE 802.1 tunneling 18-4
clear commands 39-74
dynamic routing protocols 39-65
monitoring 39-74
NETs 39-65
NSAPs 39-65
OSI standard 39-65
area routing 39-65
system routing 39-65
isolated port 17-2
isolated VLANs 17-2, 17-3
join messages, IGMP 25-3
described 9-41
boundary switch 9-43
KDC 9-43
network services 9-44
configuration examples 9-40
configuring 9-44
credentials 9-41
cryptographic software image 9-40
described 9-41
KDC 9-41
operation 9-43
realm 9-42
server 9-42
support for 1-12
switch as trusted third party 9-40
terms 9-41
TGT 9-42
tickets 9-41
l2protocol-tunnel command 18-12
Layer 2 protocol tunneling 18-9
Layer 2 frames, classification with CoS 36-2
Layer 2 interfaces, default configuration 13-16
configuring 18-9
configuring for EtherChannels 18-14
default configuration 18-11
defined 18-8
guidelines 18-11
and ARP 50-17
and CDP 50-16
broadcast traffic 50-16
described 50-16
IP addresses and subnets 50-17
MAC addresses and VLANs 50-16
multicast traffic 50-16
multiple devices on a port 50-17
unicast traffic 50-16
usage guidelines 50-16
Layer 3 features 1-15
assigning IP addresses to 39-7
assigning IPv4 and IPv6 addresses to 40-16
assigning IPv6 addresses to 40-13
changing from Layer 2 mode 39-7, 39-82
types of 39-5
Layer 3 packets, classification methods 36-2
LDAP 4-2
Leaking IGMP Reports 21-4
See hardware installation guide
lightweight directory access protocol
line configuration mode 2-2
Link Aggregation Control Protocol
link failure, detecting unidirectional 20-7
link local unicast addresses 40-4
links, unidirectional 29-1
link state advertisements (LSAs) 39-31
link-state protocols 39-3
configuring 37-25
described 37-23
configuring 28-4
characteristics 28-6
default configuration 28-4
enabling 28-5
monitoring and maintaining 28-11
overview 28-1
supported TLVs 28-2
switch stack considerations 28-2
transmission timer and holdtime, setting 28-6
procedures 28-4
TLVs 28-7
monitoring and maintaining 28-11
overview 28-1, 28-2
supported TLVs 28-2
load balancing 43-4
local SPAN 30-2
location TLV 28-3, 28-7
logging messages, ACL 35-9
with RADIUS 9-30
with TACACS+ 9-14
login banners 7-11
Long-Reach Ethernet (LRE) technology 1-23, 1-29
described 22-11
enabling 22-18
support for 1-9
LRE profiles, considerations in switch clusters 6-16
MAB aging timer 1-10
default setting 10-38
range 10-40
MAC/PHY configuration status TLV 28-2
aging time 7-15
and VLAN association 7-14
building the address table 7-14
default configuration 7-15
disabling learning on a VLAN 7-24
discovering 7-25
displaying 7-25
displaying in the IP source binding table 23-25
learning 7-14
removing 7-16
in ACLs 35-28
IP address association 39-9
adding 7-22
allowing 7-23, 7-24
characteristics of 7-21
dropping 7-23
removing 7-22
MAC address learning 1-6
MAC address learning, disabling on a VLAN 7-24
MAC address notification, support for 1-16
configuration guidelines 21-8
configuring 21-12
default configuration 21-8
description 21-6
monitoring 21-14
MAC address-to-VLAN mapping 14-27
MAC authentication bypass 10-40
configuring 10-67
overview 10-17
applying to Layer 2 interfaces 35-29
configuring for QoS 36-52
creating 35-28
defined 35-28
for QoS classification 36-5
MACSec 12-2
magic packet 10-27
manageability features 1-6
browser session 1-7
CLI session 1-7
device manager 1-7
SNMP 1-7
out-of-band console port connection 1-7
management address TLV 28-2
CLI 2-1
clustering 1-3
CNS 4-1
Network Assistant 1-2
overview 1-5
considerations in switch clusters 6-7
discovery through different management VLANs 6-7
CoS-to-DSCP 36-69
DSCP 36-69
DSCP-to-CoS 36-72
DSCP-to-DSCP-mutation 36-73
IP-precedence-to-DSCP 36-70
policed-DSCP 36-71
described 36-13
action with aggregate policers 36-67
described 36-4, 36-9
IPv6 ACLs 41-3
matching, IPv4 ACLs 35-8
MSTP 20-24
STP 19-23
maximum hop count, MSTP 20-24
maximum number of allowed devices, port-based authentication 10-40
maximum-paths command 39-52, 39-91
configuration guidelines 10-13 to 10-14
described 1-11, 10-13
exceptions with authentication process 10-5
membership mode, VLAN port 14-3
automatic discovery 6-5
defined 6-2
managing 6-16
passwords 6-13
recovering from lost connectivity 50-12
requirements 6-4
See also candidate switch, cluster standby group, and standby command switch
memory consistency check errors
example 50-25
memory consistency check routines 1-5, 50-25
memory consistency integrity 1-5, 50-25
messages, to users through banners 7-11
metrics, in BGP 39-52
metric translations, between routing protocols 39-97
metro tags 18-2
MHSRP 43-4
overview 33-1
SNMP interaction with 33-4
mirroring traffic for analysis 30-1
mismatches, autonegotiation 50-12
module number 13-11
access groups 35-44
BGP 39-64
cables for unidirectional links 29-1
CDP 27-5
CEF 39-90
EIGRP 39-43
fallback bridging 49-10
features 1-16
Flex Links 21-14
HSRP 43-13
IEEE 802.1Q tunneling 18-17
filters 25-29
snooping 25-16, 42-12
interfaces 13-31
address tables 39-18
multicast routing 47-61
routes 39-105
IP SLAs operations 44-14
IPv4 ACL configuration 35-44
IPv6 40-30
IPv6 ACL configuration 41-8
IS-IS 39-74
ISO CLNS 39-74
Layer 2 protocol tunneling 18-17
MAC address-table move update 21-14
MSDP peers 48-18
multicast router interfaces 25-17, 42-12
multi-VRF CE 39-89
MVR 25-23
network traffic for analysis with probe 30-2
object tracking 45-13
OSPF 39-35
blocking 26-21
protection 26-21
private VLANs 17-15
RP mapping information 47-34
SFP status 13-32, 50-14
source-active messages 48-18
speed and duplex mode 13-19
SSM mapping 47-22
traffic flowing among switches 31-1
traffic suppression 26-21
tunneling 18-17
filters 35-44
maps 35-44
VLANs 14-15
VMPS 14-31
VTP 15-17
mrouter Port 21-3
mrouter port 21-5
benefits of 48-3
clearing MSDP connections and statistics 48-18
controlling source information
forwarded by switch 48-11
originated by switch 48-8
received by switch 48-13
default configuration 48-4
sending SA messages to 48-16
specifying the originating address 48-17
incoming SA messages 48-14
SA messages to a peer 48-12
SA requests from a peer 48-10
join latency, defined 48-6
configuring 48-15
defined 48-15
originating address, changing 48-17
overview 48-1
peer-RPF flooding 48-2
configuring a default 48-4
monitoring 48-18
peering relationship, overview 48-1
requesting source information from 48-8
shutting down 48-15
caching 48-6
clearing cache entries 48-18
defined 48-2
filtering from a peer 48-10
filtering incoming 48-14
filtering to a peer 48-12
limiting data with TTL 48-13
monitoring 48-18
restricting advertised sources 48-9
support for 1-15
configuration guidelines 20-15
described 20-6
described 22-3
enabling 22-14
described 22-2
enabling 22-13
CIST, described 20-3
CIST root 20-5
configuration guidelines 20-15, 22-12
forward-delay time 20-23
hello time 20-23
link type for rapid convergence 20-25
maximum aging time 20-24
maximum hop count 20-24
MST region 20-16
neighbor type 20-25
path cost 20-21
port priority 20-19
root switch 20-17
secondary root switch 20-19
switch priority 20-22
defined 20-3
operations between regions 20-4
default configuration 20-14
default optional feature configuration 22-12
displaying status 20-26
enabling the mode 20-16
described 22-10
enabling 22-17
effects on root switch 20-18
effects on secondary root switch 20-19
unexpected behavior 20-18
implementation 20-6
port role naming change 20-6
terminology 20-5
instances supported 19-10
interface state, blocking to forwarding 22-2
interoperability and compatibility among modes 19-11
interoperability with IEEE 802.1D
described 20-8
restarting migration process 20-26
defined 20-2
master 20-3
operations within a region 20-3
described 22-11
enabling 22-18
mapping VLANs to MST instance 20-16
CIST 20-3
configuring 20-16
described 20-2
hop-count mechanism 20-5
IST 20-2
supported spanning-tree instances 20-2
optional features supported 1-8
overview 20-2
described 22-2
enabling 22-12
preventing root switch selection 22-10
described 22-10
enabling 22-18
configuring 20-18
effects of extended system ID 20-18
unexpected behavior 20-18
shutdown Port Fast-enabled port 22-2
stack changes, effects of 20-8
status, displaying 20-26
support for inaccessible authentication bypass 10-25
See multiple-authentication mode
Immediate Leave 25-5
joining 25-3
leaving 25-5
static joins 25-10, 42-8
ACLs on 35-42
blocking 26-8
multicast router interfaces, monitoring 25-17, 42-12
multicast router ports, adding 25-9, 42-8
Multicast Source Discovery Protocol
multicast storm 26-1
multicast storm-control command 26-4
multicast television application 25-18
multicast VLAN 25-17
multioperations scheduling, IP SLAs 44-5
multiple authentication 10-14
configuring 10-47
multiple VPN routing/forwarding in customer edge devices
configuration example 39-85
configuration guidelines 39-77
configuring 39-77
default configuration 39-77
defined 39-75
displaying 39-89
monitoring 39-89
network components 39-77
packet-forwarding process 39-76
support for 1-15
and address aliasing 25-20
and IGMPv3 25-21
configuration guidelines 25-20
configuring interfaces 25-22
default configuration 25-20
described 25-17
example application 25-18
in the switch stack 25-20
modes 25-21
monitoring 25-23
multicast television application 25-18
setting global parameters 25-21
support for 1-5
AAA down policy 1-12
critical authentication 10-24, 10-64
IEEE 802.1x authentication using a RADIUS server 10-69
IEEE 802.1x validation using RADIUS server 10-69
inaccessible authentication bypass 1-12, 10-64
Layer 2 IEEE 802.1x validation 1-12, 10-30, 10-69
Layer 2 IP validation 1-12
named IPv4 ACLs 35-15
and IEEE 802.1Q tunneling 18-4
configuring 14-22
default 14-22
NDAC 12-2
configuring 10-70
overview 10-32
neighbor discovery, IPv6 40-4
neighbor discovery/recovery, EIGRP 39-36
neighbors, BGP 39-59
benefits 1-2
described 1-5
downloading image files 1-2
guide mode 1-2
management options 1-2
managing switch stacks 5-2, 5-16
upgrading a switch 52-24
wizards 1-2
network configuration examples
cost-effective wiring closet 1-23
high-performance wiring closet 1-23
increasing network performance 1-22
large network 1-28
long-distance, high-bandwidth transport 1-31
multidwelling network 1-29
providing network services 1-22
redundant Gigabit backbone 1-24
server aggregation and Linux server cluster 1-25
small to medium-sized network 1-26
performance 1-22
services 1-22
Network Device Admission Control (NDAC) 12-2
CDP 27-1
RMON 31-1
SNMP 33-1
network performance, measuring with IP SLAs 44-3
network policy TLV 28-2, 28-7
no commands 2-4
configuration guidelines 36-40
described 36-10
non-IP traffic filtering 35-28
nontrunking mode 14-17
normal-range VLANs 14-5
configuration guidelines 14-6
configuring 14-5
defined 14-1
no switchport command 13-4
NSAPs, as ISO IGRP addresses 39-65
IS-IS 39-67
NSM 4-3
NSSA, OSPF 39-31
defined 7-2
overview 7-2
stratum 7-2
support for 1-7
services 7-2
synchronizing 7-2
HSRP 45-7
IP SLAs 45-9
IP SLAs, configuring 45-9
monitoring 45-13
offline configuration for switch stacks 5-7
off mode, VTP 15-3
overview 51-1
running tests 51-3
understanding 51-1
configuring 10-75
overview 10-31
optimizing system resources 8-1
options, management 1-5
area parameters, configuring 39-31
configuring 39-29
metrics 39-32
route 39-32
settings 39-26
described 39-25
for IPv6 40-7
interface parameters, configuring 39-30
LSA group pacing 39-34
monitoring 39-35
router IDs 39-34
route summarization 39-32
support for 1-15
virtual links 39-32
out-of-profile markdown 1-14
packet modification, with QoS 36-20
Layer 2 protocol tunneling 18-9
parallel paths, in routing tables 39-91
configuring 39-101
OSPF 39-33
default configuration 9-2
disabling recovery of 9-5
encrypting 9-3
for security 1-10
in clusters 6-13
overview 9-1
recovery of 50-3
enable 9-3
enable secret 9-3
Telnet 9-6
with usernames 9-7
VTP domain 15-9
MSTP 20-21
STP 19-20
path MTU discovery 40-4
defined 39-97
enabling 39-99
fast-switched policy-based routing 39-100
local policy-based routing 39-100
PC (passive command switch) 6-10
peers, BGP 39-59
percentage thresholds in tracked lists 45-6
performance, network design 1-22
performance features 1-4
persistent self-signed certificate 9-51
per-user ACLs and Filter-Ids 10-8
PE to CE routing, configuring 39-84
physical ports 13-2
default configuration 47-11
overview 47-4
rendezvous point (RP), described 47-5
RPF lookups 47-8
displaying neighbors 47-63
enabling a mode 47-13
overview 47-4
router-query message interval, modifying 47-37
shared tree and source tree, overview 47-35
shortest path tree, delaying the use of 47-36
join messages and shared tree 47-5
overview 47-5
prune messages 47-5
RPF lookups 47-9
configuration guidelines 47-23
displaying 47-62
enabling 47-23
overview 47-5
support for 1-15
interoperability 47-11
troubleshooting interoperability problems 47-35
v2 improvements 47-4
PIM-DVMRP, as snooping method 25-8
character output description 50-15
executing 50-15
overview 50-14
auto mode 13-9
CDP with power consumption, described 13-7
CDP with power negotiation, described 13-7
Cisco intelligent power management 13-7
configuring 13-22
devices supported 13-7
high-power devices operating in low-power mode 13-7
IEEE power classification levels 13-8
power budgeting 13-23
power consumption 13-23
powered-device detection and initial power allocation 13-8
power management modes 13-9
power negotiation extensions to CDP 13-7
standards supported 13-7
static mode 13-9
troubleshooting 50-13
policed-DSCP map for QoS 36-71
for each matched traffic class 36-55
for more than one traffic class 36-67
described 36-4
displaying 36-87
number of 36-40
types of 36-10
described 36-4
token-bucket algorithm 36-10
characteristics of 36-55
described 36-8
displaying 36-88
hierarchical 36-9
configuration guidelines 36-40
configuring 36-59
described 36-12
nonhierarchical on physical ports
configuration guidelines 36-40
described 36-10
POP 1-29
defined 35-2
types of 35-3
accounting 10-16
defined 10-3, 11-2
RADIUS server 10-3
client, defined 10-3, 11-2
configuration guidelines 10-38, 11-9
802.1x authentication 10-44
guest VLAN 10-61
host mode 10-47
inaccessible authentication bypass 10-64
manual re-authentication of a client 10-50
periodic re-authentication 10-49
quiet period 10-50
RADIUS server 10-47, 11-13
RADIUS server parameters on the switch 10-45, 11-11
restricted VLAN 10-62
switch-to-client frame-retransmission number 10-51, 10-52
switch-to-client retransmission time 10-50
violation modes 10-43
default configuration 10-37, 11-9
described 10-1
device roles 10-3, 11-2
displaying statistics 10-77, 11-17
downloadable ACLs and redirect URLs
configuring 10-72 to 10-74, ?? to 10-74
overview 10-20 to 10-22
EAPOL-start frame 10-5
EAP-request/identity frame 10-5
EAP-response/identity frame 10-5
802.1X authentication 11-11
encapsulation 10-3
flexible authentication ordering
configuring 10-74
overview 10-31
configuration guidelines 10-23, 10-24
described 10-22
host mode 10-12
inaccessible authentication bypass
configuring 10-64
described 10-24
guidelines 10-39
initiation and message exchange 10-5
magic packet 10-27
maximum number of allowed devices per port 10-40
method lists 10-44
multiple authentication 10-14
AAA authorization 10-44
configuration tasks 10-20
described 10-19
RADIUS server attributes 10-19
authorization state and dot1x port-control command 10-11
authorized and unauthorized 10-10
voice VLAN 10-27
described 10-27
configuring 10-40
described 10-17, 10-40
resetting to default values 10-76
stack changes, effects of 10-11
statistics, displaying 10-77
as proxy 10-3, 11-2
RADIUS client 10-3
configuring 10-70
overview 10-32
upgrading from a previous release 36-34
guidelines 10-30
overview 10-29
AAA authorization 10-44
characteristics 10-18
configuration tasks 10-18
described 10-17
configuring 10-41
described 10-31, 10-41
described 10-27
PVID 10-27
VVID 10-27
wake-on-LAN, described 10-27
with ACLs and RADIUS Filter-Id attribute 10-34
port-based authentication methods, supported 10-7
port blocking 1-5, 26-7
port description TLV 28-2
described 22-2
enabling 22-12
mode, spanning tree 14-28
support for 1-8
port membership modes, VLAN 14-3
MSTP 20-19
STP 19-18
10-Gigabit Ethernet module 13-6
access 13-3
blocking 26-7
dynamic access 14-4
IEEE 802.1Q tunnel 14-4
protected 26-6
routed 13-4
secure 26-9
static-access 14-3, 14-10
switch 13-2
trunks 14-3, 14-15
VLAN assignments 14-10
aging 26-17
and private VLANs 26-18
and QoS trusted boundary 36-45
and stacking 26-18
configuring 26-13
default configuration 26-11
described 26-8
displaying 26-21
enabling 26-18
on trunk ports 26-14
sticky learning 26-9
violations 26-10
with other features 26-11
port-shutdown response, VMPS 14-27
port VLAN ID TLV 28-2
power management TLV 28-2, 28-7
preemption, default configuration 21-8
preemption delay, default configuration 21-8
preferential treatment of traffic
prefix lists, BGP 39-56
preventing unauthorized access 9-1
primary interface for object tracking, DHCP, configuring 45-10
primary interface for static routing, configuring 45-10
primary links 21-2
primary VLANs 17-1, 17-3
HSRP 43-8
overriding CoS 16-6
trusting CoS 16-6
across multiple switches 17-4
and SDM template 17-4
and SVIs 17-5
and switch stacks 17-6
benefits of 17-1
community ports 17-2
community VLANs 17-2, 17-3
configuration guidelines 17-7, 17-9
configuration tasks 17-6
configuring 17-10
default configuration 17-7
end station access to 17-3
IP addressing 17-3
isolated port 17-2
isolated VLANs 17-2, 17-3
mapping 17-14
monitoring 17-15
community 17-2
configuration guidelines 17-9
configuring host ports 17-12
configuring promiscuous ports 17-13
described 14-4
isolated 17-2
promiscuous 17-2
primary VLANs 17-1, 17-3
promiscuous ports 17-2
secondary VLANs 17-2
subdomains 17-1
traffic in 17-5
privileged EXEC mode 2-2
changing the default for lines 9-9
command switch 6-17
exiting 9-10
logging into 9-10
mapping on member switches 6-17
overview 9-2, 9-8
setting a command with 9-8
configuring 17-13
defined 17-2
protected ports 1-10, 26-6
protocol-dependent modules, EIGRP 39-36
Protocol-Independent Multicast Protocol
protocol storm protection 26-19
provider edge devices 39-75
provisioned switches and IP source guard 23-18
provisioning new members for a switch stack 5-7
configuring 39-11
definition 39-9
with IP routing disabled 39-12
proxy reports 21-3
in VTP domain 15-15
on a port 14-22
in VTP domain 15-15
on a port 14-21
examples 15-6
overview 15-6
changing 14-21
for VTP pruning 15-6
VLANs 15-15
described 19-10
IEEE 802.1Q trunking interoperability 19-11
instances supported 19-10
and MQC commands 36-1
categorizing traffic 36-22
configuration and defaults display 36-36
configuration guidelines 36-33
described 36-21
disabling 36-36
displaying generated commands 36-36
displaying the initial configuration 36-36
effects on running configuration 36-33
list of generated commands 36-24, 36-28
basic model 36-4
class maps, described 36-8
defined 36-4
DSCP transparency, described 36-47
flowchart 36-7
forwarding treatment 36-3
in frames and packets 36-3
IP ACLs, described 36-8
MAC ACLs, described 36-5, 36-8
options for IP traffic 36-6
options for non-IP traffic 36-5
policy maps, described 36-8
trust DSCP, described 36-5
trusted CoS, described 36-5
trust IP precedence, described 36-5
configuring 36-53
displaying 36-87
auto-QoS 36-33
standard QoS 36-39
aggregate policers 36-67
auto-QoS 36-21
default port CoS value 36-45
DSCP maps 36-69
DSCP transparency 36-47
DSCP trust states bordering another domain 36-47
egress queue characteristics 36-79
ingress queue characteristics 36-75
IP extended ACLs 36-51
IP standard ACLs 36-49
MAC ACLs 36-52
policy maps, hierarchical 36-59
port trust states within the domain 36-43
trusted boundary 36-45
default auto configuration 36-22
default standard configuration 36-37
displaying statistics 36-87
DSCP transparency 36-47
allocating buffer space 36-80
buffer allocation scheme, described 36-18
configuring shaped weights for SRR 36-84
configuring shared weights for SRR 36-85
described 36-4
displaying the threshold map 36-83
flowchart 36-18
mapping DSCP or CoS values 36-82
scheduling, described 36-4
setting WTD thresholds 36-80
WTD, described 36-19
enabling globally 36-42
classification 36-7
egress queueing and scheduling 36-18
ingress queueing and scheduling 36-16
policing and marking 36-11
implicit deny 36-8
allocating bandwidth 36-77
allocating buffer space 36-77
buffer and bandwidth allocation, described 36-17
configuring shared weights for SRR 36-77
configuring the priority queue 36-78
described 36-4
displaying the threshold map 36-76
flowchart 36-16
mapping DSCP or CoS values 36-75
priority queue, described 36-17
scheduling, described 36-4
setting WTD thresholds 36-75
WTD, described 36-17
automatic classification and queueing 36-21
detection and trusted settings 36-21, 36-45
limiting bandwidth on egress interface 36-86
CoS-to-DSCP 36-69
displaying 36-87
DSCP-to-CoS 36-72
DSCP-to-DSCP-mutation 36-73
IP-precedence-to-DSCP 36-70
policed-DSCP 36-71
types of 36-13
marked-down actions 36-57, 36-63
marking, described 36-4, 36-9
overview 36-2
packet modification 36-20
configuring 36-57, 36-63, 36-67
described 36-9
displaying 36-87
number of 36-40
types of 36-10
policies, attaching to an interface 36-9
described 36-4, 36-9
token bucket algorithm 36-10
characteristics of 36-55
displaying 36-88
hierarchical 36-9
hierarchical on SVIs 36-59
nonhierarchical on physical ports 36-55
QoS label, defined 36-4
configuring egress characteristics 36-79
configuring ingress characteristics 36-75
high priority (expedite) 36-20, 36-86
location of 36-14
SRR, described 36-15
WTD, described 36-14
rewrites 36-20
support for 1-13
bordering another domain 36-47
described 36-5
trusted device 36-45
within the domain 36-43
queries, IGMP 25-4
query solicitation, IGMP 25-13
vendor-proprietary 9-38
vendor-specific 9-36
accounting 9-35
authentication 9-30
authorization 9-34
communication, global 9-28, 9-36
communication, per-server 9-28
multiple UDP ports 9-28
default configuration 9-27
defining AAA server groups 9-32
displaying the configuration 9-40
identifying the server 9-28
in clusters 6-16
limiting the services to the user 9-34
method list, defined 9-27
operation of 9-20
overview 9-18
server load balancing 9-40
suggested network environments 9-19
support for 1-12
tracking services accessed by user 9-35
RADIUS Change of Authorization 9-20
macro 13-14
of interfaces 13-13
rapid convergence 20-10
rapid per-VLAN spanning-tree plus
described 19-10
IEEE 802.1Q trunking interoperability 19-11
instances supported 19-10
RARP 39-9
rcommand command 6-16
downloading 52-17
overview 52-16
preparing the server 52-16
uploading 52-18
deleting old image 52-37
downloading 52-36
preparing the server 52-35
uploading 52-37
reachability, tracking IP SLAs IP host 45-9
configuring 10-40
described 10-17, 10-40
reconfirmation interval, VMPS, changing 14-30
reconfirming dynamic VLAN membership 14-30
recovery procedures 50-1
redirect URL 10-20, 10-21, 10-72
EtherChannel 37-3
HSRP 43-1
backbone 19-8
multidrop backbone 22-5
path cost 14-25
port priority 14-23
redundant links and UplinkFast 22-15
See Cisco Redundant Power System 2300
reliable transport protocol, EIGRP 39-36
reloading software 3-24
Remote Authentication Dial-In User Service
remote SPAN 30-3
described 25-6
disabling 25-16, 42-11
resequencing ACL entries 35-15
reserved addresses in DHCP pools 23-27
resets, in BGP 39-51
resetting a UDLD-shutdown interface 29-6
described 44-4
enabling 44-8
response time, measuring with IP SLAs 44-4
configuring 10-62
described 10-23
using with IEEE 802.1x 10-23
overview 9-1
passwords and privilege levels 9-2
RADIUS 9-18
TACACS+ 9-10
retry count, VMPS, changing 14-31
reverse address resolution 39-9
Reverse Address Resolution Protocol
1058, RIP 39-19
1112, IP multicast and IGMP 25-2
1157, SNMPv1 33-2
1163, BGP 39-44
1166, IP addresses 39-7
1253, OSPF 39-25
1267, BGP 39-44
1305, NTP 7-2
1587, NSSAs 39-25
1757, RMON 31-2
1771, BGP 39-44
1901, SNMPv2C 33-2
1902 to 1907, SNMPv2 33-2
2236, IP multicast and IGMP 25-2
2273-2275, SNMPv3 33-2
RFC 5176 Compliance 9-21
advertisements 39-20
authentication 39-22
configuring 39-21
default configuration 39-20
described 39-20
for IPv6 40-7
hop counts 39-20
split horizon 39-23
summary addresses 39-23
support for 1-15
default configuration 31-3
displaying status 31-6
enabling alarms and events 31-3
groups supported 31-2
overview 31-1
collecting group Ethernet 31-6
collecting group history 31-5
support for 1-17
described 22-10
enabling 22-18
support for 1-9
MSTP 20-17
STP 19-16
route calculation timers, OSPF 39-33
route dampening, BGP 39-63
routed packets, ACLs on 35-42
configuring 39-5
defined 13-4
in switch clusters 6-8
IP addresses on 13-26, 39-5
route-map command 39-100
BGP 39-54
policy-based routing 39-98
defined 35-2
types of 35-4
route reflectors, BGP 39-62
router ID, OSPF 39-34
route selection, BGP 39-52
route summarization, OSPF 39-32
route targets, VPN 39-77
default 39-3
dynamic 39-3
redistribution of information 39-94
static 39-3
routing domain confederation, BGP 39-61
routing protocol administrative distances 39-92
See Cisco Redundant Power System 2300
See Cisco Redundant Power System 2300
and stack changes 30-9
characteristics 30-8
configuration guidelines 30-16
default configuration 30-10
defined 30-3
destination ports 30-7
displaying status 30-23
in a switch stack 30-2
interaction with other features 30-8
monitored ports 30-6
monitoring ports 30-7
overview 1-17, 30-1
received traffic 30-5
session limits 30-10
creating 30-17
defined 30-3
limiting source traffic to specific VLANs 30-22
specifying monitored ports 30-17
with ingress traffic enabled 30-20
source ports 30-6
transmitted traffic 30-5
VLAN-based 30-6
active topology 20-9
format 20-12
processing 20-13
designated port, defined 20-9
designated switch, defined 20-9
interoperability with IEEE 802.1D
described 20-8
restarting migration process 20-26
topology changes 20-13
overview 20-9
described 20-9
synchronized 20-11
proposal-agreement handshake process 20-10
cross-stack rapid convergence 20-11
described 20-10
edge ports and Port Fast 20-10
point-to-point links 20-10, 20-25
root ports 20-10
root port, defined 20-9
replacing 52-19, 52-20
rolling back 52-19, 52-21
running configuration, saving 3-16
SC (standby command switch) 6-10
scheduled reloads 3-24
scheduling, IP SLAs operations 44-5
and SSH 9-56
configuring 9-57
switch stack consideration 5-10
configuring 8-6
number of 8-1
SDM mismatch mode 5-10, 8-4
SDM template 41-4
aggregator 8-1
configuration guidelines 8-5
configuring 8-4
desktop 8-1
dual IPv4 and IPv6 8-2
types of 8-1
secondary VLANs 17-2
configuring 9-55
displaying 9-56
configuring 9-54
displaying 9-56
and switch stacks 26-18
deleting 26-16
maximum number of 26-10
types of 26-9
and switch stacks 26-18
configuring 26-9
secure remote connections 9-46
security, port 26-8
Security Exchange Protocol (SXP) 12-2
security features 1-10
Security Group Access Control List (SGACL) 12-2
Security Group Tag (SGT) 12-2
sequence numbers in log messages 32-8
server mode, VTP 15-3
service-provider network, MSTP and RSTP 20-1
and customer VLANs 18-2
and IEEE 802.1Q tunneling 18-1
Layer 2 protocols across 18-8
Layer 2 protocol tunneling for EtherChannels 18-9
set-request operation 33-4
failed command switch replacement 50-11
replacing failed command switch 50-9
severity levels, defining in system messages 32-9
monitoring status of 13-32, 50-14
numbering of 13-12
security and identification 50-13
status, displaying 50-14
SGACL 12-2
SGT 12-2
show access-lists hw-summary command 35-22
show and more command output, filtering 2-9
show cdp traffic command 27-5
show cluster members command 6-16
show configuration command 13-25
show forward command 50-22
show interfaces command 13-19, 13-25
show interfaces switchport 21-4
show l2protocol command 18-13, 18-15
show lldp traffic command 28-11
show platform forward command 50-22
show platform tcam command 50-25
displaying ACLs 35-20, 35-21, 35-32, 35-35
interface description in 13-25
shutdown command on interfaces 13-33
shutdown threshold for Layer 2 protocol packets 18-11
Simple Network Management Protocol
small form-factor pluggable modules
small-frame arrival rate, configuring 26-5
smart logging 32-1, 32-14
SNAP 27-1
accessing MIB variables with 33-4
described 33-4
disabling 33-7
and IP SLAs 44-2
authentication level 33-10
configuring 33-8
for cluster switches 33-4
overview 33-4
configuration examples 33-17
default configuration 33-6
engine ID 33-7
groups 33-7, 33-9
host 33-7
ifIndex values 33-5
in-band management 1-7
in clusters 6-14
and trap keyword 33-12
described 33-5
differences from traps 33-5
disabling 33-15
enabling 33-15
limiting access by TFTP servers 33-16
limiting system log messages to NMS 32-10
manager functions 1-6, 33-3
managing clusters with 6-17
notifications 33-5
overview 33-1, 33-4
security levels 33-3
setting CPU threshold notification 33-15
status, displaying 33-18
system contact and location 33-16
trap manager, configuring 33-13
described 33-3, 33-5
differences from informs 33-5
disabling 33-15
enabling 33-12
enabling MAC address notification 7-16, 7-19, 7-20
overview 33-1, 33-4
types of 33-12
users 33-7, 33-9
versions supported 33-2
SNMP and Syslog Over IPv6 40-9
SNMPv1 33-2
SNMPv2C 33-2
SNMPv3 33-2
snooping, IGMP 25-2
location in flash 52-25
recovery procedures 50-2
scheduling reloads 3-24
tar file format, described 52-25
See also downloading and uploading
in IPv4 ACLs 35-12
in IPv6 ACLs 41-5
source-and-destination-IP address based forwarding, EtherChannel 37-9
source-and-destination MAC address forwarding, EtherChannel 37-9
source-IP address based forwarding, EtherChannel 37-9
source-MAC address forwarding, EtherChannel 37-8
and stack changes 30-9
configuration guidelines 30-10
default configuration 30-10
destination ports 30-7
displaying status 30-23
interaction with other features 30-8
monitored ports 30-6
monitoring ports 30-7
overview 1-17, 30-1
ports, restrictions 26-12
received traffic 30-5
session limits 30-10
configuring ingress forwarding 30-15, 30-21
creating 30-11
defined 30-3
limiting source traffic to specific VLANs 30-15
removing destination (monitoring) ports 30-13
specifying monitored ports 30-11
with ingress traffic enabled 30-14
source ports 30-6
transmitted traffic 30-5
VLAN-based 30-6
spanning tree and native VLANs 14-18
SPAN traffic 30-5
split horizon, RIP 39-23
shaped weights on egress queues 36-84
shared weights on egress queues 36-85
shared weights on ingress queues 36-77
described 36-15
shaped mode 36-15
shared mode 36-15
support for 1-14
configuring 9-47
cryptographic software image 9-45
described 1-7, 9-46
encryption methods 9-46
switch stack considerations 5-16
user authentication methods, supported 9-46
configuration guidelines 9-53
configuring a secure HTTP client 9-55
configuring a secure HTTP server 9-54
cryptographic software image 9-50
described 9-50
monitoring 9-56
address management restrictions 47-16
CGMP limitations 47-16
components 47-14
configuration guidelines 47-16
configuring 47-14, 47-17
differs from Internet standard multicast 47-14
IGMP snooping 47-16
IGMPv3 47-14
IGMPv3 Host Signalling 47-15
IP address range 47-15
monitoring 47-17
operations 47-15
PIM 47-14
state maintenance limitations 47-16
SSM mapping 47-17
configuration guidelines 47-18
configuring 47-17, 47-20
DNS-based 47-19, 47-21
monitoring 47-22
overview 47-18
restrictions 47-18
static 47-19, 47-20
static traffic forwarding 47-22
MAC address of 5-6, 5-19
IPv6 routing 40-11
802.1x port-based authentication 10-11
ACL configuration 35-7
CDP 27-2
cross-stack EtherChannel 37-13
EtherChannel 37-10
fallback bridging 49-3
HSRP 43-5
IGMP snooping 25-6
IP routing 39-4
IPv6 ACLs 41-3
MAC address tables 7-15
MSTP 20-8
multicast routing 47-10
MVR 25-18
port security 26-18
SDM template selection 8-3
SNMP 33-1
SPAN and RSPAN 30-9
STP 19-12
switch clusters 6-14
system message log 32-2
VLANs 14-7
VTP 15-7
bridge ID (MAC address) 5-6
defined 5-1
election 5-4
IPv6 40-11
accessing CLI of specific member 5-23
member number 5-21
priority value 5-22
defined 5-1
displaying information of 5-24
IPv6 40-11
number 5-6
priority value 5-7
provisioning a new member 5-22
replacing 5-14
stack member number 13-11
stack protocol version 5-10
accessing CLI of specific member 5-23
member number 5-21
priority value 5-22
provisioning a new member 5-22
auto-advise 5-12
auto-copy 5-11
auto-extract 5-11
auto-upgrade 5-11
bridge ID 5-6
CDP considerations 27-2
compatibility, software 5-10
configuration file 5-14
configuration scenarios 5-17
copying an image file from one member to another 52-38
default configuration 5-19
description of 5-1
displaying information of 5-24
enabling persistent MAC address timer 5-19
hardware compatibility and SDM mismatch mode 5-10
HSRP considerations 43-5
in clusters 6-14
incompatible software and image upgrades 5-14, 52-38
IPv6 on 40-11
MAC address considerations 7-15
management connectivity 5-16
managing 5-1
membership 5-3
merged 5-3
MSTP instances supported 19-10
multicast routing, stack master and member roles 47-10
described 5-7
effects of adding a provisioned switch 5-8
effects of removing a provisioned switch 5-9
effects of replacing a provisioned switch 5-9
provisioned configuration, defined 5-7
provisioned switch, defined 5-7
provisioning a new member 5-22
partitioned 5-3, 50-8
adding 5-8
removing 5-9
replacing 5-9
replacing a failed member 5-14
software compatibility 5-10
software image version 5-10
stack protocol version 5-10
bridge ID 19-3
instances supported 19-10
root port selection 19-3
stack root switch election 19-3
hostnames in the display 32-1
remotely monitoring 32-2
system prompt consideration 7-8
system-wide configuration considerations 5-15
upgrading 52-38
automatic upgrades with auto-upgrade 5-11
examples 5-12
manual upgrades with auto-advise 5-12
upgrades with auto-extract 5-11
described 5-11
See also stack master and stack member
considerations 6-11
defined 6-2
priority 6-10
requirements 6-3
virtual IP address 6-11
See also cluster standby group and HSRP
See cluster standby group and HSRP
standby ip command 43-6
standby links 21-2
standby router 43-2
standby timers, HSRP 43-10
manually 3-20
specific image 3-21
clearing 52-19
automatically downloading 3-19
specifying the filename 3-19
assigning to VLAN 14-10
defined 13-3, 14-3
static IP routing 1-15
static MAC addressing 1-10
static route primary interface,configuring 45-10
configuring 39-92
configuring for IPv6 40-22
understanding 40-7
static routing 39-3
static routing support, enhanced object tracking 45-10
static SSM mapping 47-19, 47-20
static traffic forwarding 47-22
static VLAN membership 14-2
802.1X 11-17
802.1x 10-77
CDP 27-5
interface 13-31
IP multicast routing 47-62
LLDP 28-11
LLDP-MED 28-11
NMSP 28-11
OSPF 39-35
QoS ingress and egress 36-87
RMON group Ethernet 31-6
RMON group history 31-5
SNMP input and output 33-18
VTP 15-17
sticky learning 26-9
configuring 26-3
described 26-1
disabling 26-5
displaying 26-21
support for 1-4
thresholds 26-1
accelerating root port selection 22-4
described 22-7
disabling 22-17
enabling 22-17
described 22-3
disabling 22-15
enabling 22-14
described 22-2
disabling 22-14
enabling 22-13
BPDU message exchange 19-3
configuration guidelines 19-14, 22-12
forward-delay time 19-23
hello time 19-22
maximum aging time 19-23
path cost 19-20
port priority 19-18
root switch 19-16
secondary root switch 19-18
spanning-tree mode 19-15
switch priority 19-21
transmit hold-count 19-24
counters, clearing 19-24
described 22-5
enabling 22-16
default configuration 19-13
default optional feature configuration 22-12
designated port, defined 19-4
designated switch, defined 19-4
detecting indirect link failures 22-8
disabling 19-16
displaying status 19-24
described 22-10
disabling 22-17
enabling 22-17
effects on root switch 19-16
effects on the secondary root switch 19-18
overview 19-4
unexpected behavior 19-16
features supported 1-8
IEEE 802.1D and bridge ID 19-4
IEEE 802.1D and multicast addresses 19-9
IEEE 802.1t and VLAN identifier 19-5
inferior BPDU 19-3
instances supported 19-10
interface state, blocking to forwarding 22-2
blocking 19-6
disabled 19-7
forwarding 19-6, 19-7
learning 19-7
listening 19-7
overview 19-5
interoperability and compatibility among modes 19-11
Layer 2 protocol tunneling 18-7
limitations with IEEE 802.1Q trunks 19-11
overview 14-23
using path costs 14-25
using port priorities 14-23
described 22-11
enabling 22-18
modes supported 19-10
multicast addresses, effect of 19-9
optional features supported 1-8
overview 19-2
path costs 14-25, 14-26
described 22-2
enabling 22-12
port priorities 14-24
preventing root switch selection 22-10
protocols supported 19-10
redundant connectivity 19-8
described 22-10
enabling 22-18
root port, defined 19-3
root port selection on a switch stack 19-3
configuring 19-16
effects of extended system ID 19-4, 19-16
election 19-3
unexpected behavior 19-16
shutdown Port Fast-enabled port 22-2
stack changes, effects of 19-12
status, displaying 19-24
superior BPDU 19-3
timers, described 19-22
described 22-4
enabling 22-15
VLAN-bridge 19-12
stratum, NTP 7-2
stub areas, OSPF 39-31
stub routing, EIGRP 39-42
subdomains, private VLAN 17-1
subnet mask 39-7
subnet zero 39-7
success response, VMPS 14-27
summer time 7-7
SunNet Manager 1-6
supernet 39-8
supported port-based authentication methods 10-7
configuring 13-27
defined 13-5
SVI link state 13-5
and IP unicast routing 39-5
and router ACLs 35-4
connecting VLANs 13-10
defined 13-5
routing between VLANs 14-2
switch 40-2
switch clustering technology 6-1
switch console port 1-7
switched packets, ACLs on 35-40
switched ports 13-2
switchport backup interface 21-4, 21-5
switchport block multicast command 26-8
switchport block unicast command 26-8
switchport command 13-16
switchport mode dot1q-tunnel command 18-6
switchport protected command 26-7
MSTP 20-22
STP 19-21
switch software features 1-1
SXP 12-2
synchronization, BGP 39-48
system capabilities TLV 28-2
daylight saving time 7-7
manually 7-5
summer time 7-7
time zones 7-6
displaying the time and date 7-5
overview 7-1
system description TLV 28-2
default configuration 32-4
defining error message severity levels 32-9
disabling 32-4
displaying the configuration 32-17
enabling 32-5
facility keywords, described 32-14
level keywords, described 32-10
limiting messages 32-10
message format 32-2
overview 32-1
sequence numbers, enabling and disabling 32-8
setting the display destination device 32-5
stack changes, effects of 32-2
synchronizing log messages 32-6
syslog facility 1-17
time stamps, enabling and disabling 32-8
configuring the daemon 32-13
configuring the logging facility 32-13
facilities supported 32-14
and IS-IS LSPs 39-69
system MTU and IEEE 802.1Q tunneling 18-5
default configuration 7-9
default setting 7-9
manual configuration 7-9
system name TLV 28-2
system prompt, default setting 7-8, 7-9
system resources, optimizing 8-1
IS-IS 39-65
ISO IGRP 39-65
accounting, defined 9-12
authentication, defined 9-11
authorization, defined 9-12
accounting 9-17
authentication key 9-13
authorization 9-16
login authentication 9-14
default configuration 9-13
displaying the configuration 9-18
identifying the server 9-13
in clusters 6-16
limiting the services to the user 9-16
operation of 9-12
overview 9-10
support for 1-12
tracking services accessed by user 9-17
IEEE 802.1Q 18-3
Layer 2 protocol 18-7
creating 52-6
displaying the contents of 52-7
extracting 52-7
image file format 52-25
memory consistency check errors
example 50-25
memory consistency check routines 1-5, 50-25
memory consistency integrity 1-5, 50-25
HFTM 50-25
HQATM 50-25
unassigned 50-25
TCL script, registering and defining with embedded event manager 34-7
TDR 1-17
accessing management interfaces 2-10
number of connections 1-7
setting a password 9-6
templates, SDM 8-2
temporary self-signed certificate 9-51
Terminal Access Controller Access Control System Plus
terminal lines, setting a password 9-6
ternary content addressable memory
downloading 52-11
preparing the server 52-10
uploading 52-12
configuration files in base directory 3-8
configuring for autoconfiguration 3-7
deleting 52-28
downloading 52-27
preparing the server 52-26
uploading 52-29
limiting access by servers 33-16
TFTP server 1-6
threshold, traffic level 26-2
threshold monitoring, IP SLAs 44-6
time-range command 35-17
time ranges in ACLs 35-17
time stamps in log messages 32-8
time zones 7-6
defined 28-1
LLDP 28-2
LLDP-MED 28-2
support for 14-6
VTP support 15-4
ToS 1-14
and ARP 50-17
and CDP 50-16
broadcast traffic 50-16
described 50-16
IP addresses and subnets 50-17
MAC addresses and VLANs 50-16
multicast traffic 50-16
multiple devices on a port 50-17
unicast traffic 50-16
usage guidelines 50-16
traceroute command 50-18
configuring 45-3
types 45-3
by Boolean expression 45-4
by threshold percentage 45-6
by threshold weight 45-5
tracking interface line-protocol state 45-2
tracking IP routing state 45-2
tracking objects 45-1
tracking process 45-1
track state, tracking IP SLAs 45-9
blocking flooded 26-8
fragmented 35-5
fragmented IPv6 41-2
unfragmented 35-5
traffic policing 1-14
traffic suppression 26-1
transparent mode, VTP 15-3
trap-door mechanism 3-2
configuring MAC address notification 7-16, 7-19, 7-20
configuring managers 33-12
defined 33-3
enabling 7-16, 7-19, 7-20, 33-12
notification types 33-12
overview 33-1, 33-4
connectivity problems 50-14, 50-16, 50-17
CPU utilization 50-26
detecting unidirectional links 29-1
displaying crash information 50-24
PIMv1 and PIMv2 interoperability problems 47-35
setting packet forwarding 50-22
SFP security and identification 50-13
show forward command 50-22
with CiscoWorks 33-4
with debug commands 50-20
with ping 50-14
with system message logging 32-1
with traceroute 50-17
trunking encapsulation 1-9
configuring 14-19
defined 13-3, 14-3
encapsulation 14-19, 14-24, 14-26
allowed-VLAN list 14-20
configuring 14-19, 14-24, 14-26
ISL 14-15
setting STP path costs 14-25
using STP port priorities 14-23, 14-24
native VLAN for untagged traffic 14-22
parallel 14-25
pruning-eligible list 14-21
to non-DTP device 14-16
trusted boundary for QoS 36-45
between QoS domains 36-47
classification options 36-5
ensuring port security for IP phones 36-45
support for 1-14
within a QoS domain 36-43
trustpoints, CA 9-50
defined 18-1
IEEE 802.1Q 18-1
Layer 2 protocol 18-8
defined 14-4
described 13-4, 18-1
IEEE 802.1Q, configuring 18-6
incompatibilities with other features 18-5
twisted-pair Ethernet, detecting unidirectional links 29-1
configuration guidelines 29-4
default configuration 29-4
globally 29-5
on fiber-optic interfaces 29-5
per interface 29-6
echoing detection mechanism 29-3
globally 29-5
per interface 29-6
Layer 2 protocol tunneling 18-10
link-detection mechanism 29-1
neighbor database 29-2
overview 29-1
resetting an interface 29-6
status, displaying 29-7
support for 1-8
UDP, configuring 39-16
UDP jitter, configuring 44-10
UDP jitter operation, IP SLAs 44-9
unauthorized ports with IEEE 802.1x 10-10
unicast MAC address filtering 1-6
and adding static addresses 7-23
and broadcast MAC addresses 7-22
and CPU packets 7-22
and multicast addresses 7-22
and router MAC addresses 7-22
configuration guidelines 7-22
described 7-22
unicast storm 26-1
unicast storm control command 26-4
unicast traffic, blocking 26-8
UniDirectional Link Detection protocol
daemon configuration 32-13
facilities supported 32-14
message logging configuration 32-13
unrecognized Type-Length-Value (TLV) support 15-4
described 22-4
disabling 22-16
enabling 22-15
support for 1-8
preparing 52-10, 52-13, 52-16
reasons for 52-9
using FTP 52-15
using RCP 52-18
using TFTP 52-12
preparing 52-26, 52-30, 52-35
reasons for 52-24
using FTP 52-33
using RCP 52-37
using TFTP 52-29
user EXEC mode 2-2
username-based authentication 9-7
VACL logging parameters 35-38
configuration example 35-39
version-dependent transparent mode 15-4
automatic upgrades with auto-upgrade 5-11
manual upgrades with auto-advise 5-12
upgrades with auto-extract 5-11
described 5-11
cluster standby group 6-11
command switch 6-11
virtual router 43-1, 43-2
virtual switches and PAgP 37-6
vlan.dat file 14-5
VLAN 1, disabling on a trunk port 14-21
VLAN 1 minimization 14-20
vlan-assignment response, VMPS 14-27
at bootup 14-7
saving 14-7
VLAN configuration mode 2-2
and startup configuration file 14-7
and VTP 15-1
VLAN configuration saved in 14-7
VLANs saved in 14-5
vlan dot1q tag native command 18-4
VLAN filtering and SPAN 30-7
vlan global configuration command 14-7
VLAN ID, discovering 7-25
VLAN link state 13-5
VLAN load balancing on flex links 21-2
configuration guidelines 21-8
VLAN management domain 15-2
VLAN map entries, order of 35-31
applying 35-35
common uses for 35-35
configuration guidelines 35-31
configuring 35-30
creating 35-32
defined 35-2
denying access to a server example 35-36
denying and permitting packets 35-32
displaying 35-44
examples of ACLs and VLAN maps 35-33
removing 35-35
support for 1-11
wiring closet configuration example 35-36
confirming 14-30
modes 14-3
adding 14-8
adding to VLAN database 14-8
aging dynamic addresses 19-9
allowed on trunk 14-20
and spanning-tree instances 14-3, 14-7, 14-12
configuration guidelines, extended-range VLANs 14-11
configuration guidelines, normal-range VLANs 14-6
configuring 14-1
configuring IDs 1006 to 4094 14-11
connecting through SVIs 13-10
creating 14-9
customer numbering in service-provider networks 18-3
default configuration 14-8
deleting 14-9
described 13-2, 14-1
displaying 14-15
extended-range 14-1, 14-11
features 1-9
illustrated 14-2
internal 14-12
in the switch stack 14-7
limiting source traffic with RSPAN 30-22
limiting source traffic with SPAN 30-15
modifying 14-8
multicast 25-17
native, configuring 14-22
normal-range 14-1, 14-5
number supported 1-9
parameters 14-5
port membership modes 14-3
static-access ports 14-10
STP and IEEE 802.1Q trunks 19-11
supported 14-3
Token Ring 14-6
traffic between 14-2
VLAN-bridge STP 19-12, 49-2
VTP modes 15-3
VLAN trunks 14-15
administering 14-31
configuration example 14-32
configuration guidelines 14-28
default configuration 14-28
description 14-26
described 14-27
reconfirming 14-30
troubleshooting 14-32
entering server address 14-29
mapping MAC addresses to VLANs 14-27
monitoring 14-31
reconfirmation interval, changing 14-30
reconfirming membership 14-30
retry count, changing 14-31
configuring 10-41
described 10-31, 10-41
voice-over-IP 16-1
Cisco 7960 phone, port connections 16-1
configuration guidelines 16-3
configuring IP phones for data traffic
override CoS of incoming frame 16-6
trust CoS priority of incoming frame 16-6
configuring ports for voice traffic in
802.1p priority tagged frames 16-5
802.1Q frames 16-5
connecting to an IP phone 16-4
default configuration 16-3
described 16-1
displaying 16-7
IP phone data traffic, described 16-2
IP phone voice traffic, described 16-2
configuring routing in 39-84
forwarding 39-77
in service provider networks 39-75
routes 39-75
VPN routing and forwarding table
VQP 1-9, 14-26
defining 39-77
tables 39-75
ARP 39-81
configuring 39-80
ftp 39-83
HSRP 39-82
ping 39-81
RADIUS 39-82
SNMP 39-81
syslog 39-82
tftp 39-83
traceroute 39-83
adding a client to a domain 15-16
advertisements 14-18, 15-4
and extended-range VLANs 14-3, 15-2
and normal-range VLANs 14-3, 15-2
client mode, configuring 15-12
guidelines 15-9
requirements 15-11
saving 15-9
configuration requirements 15-11
guideline 15-16
resetting 15-17
consistency checks 15-5
default configuration 15-8
described 15-1
domain names 15-9
domains 15-2
Layer 2 protocol tunneling 18-7
client 15-3
off 15-3
server 15-3
transitions 15-3
transparent 15-3
monitoring 15-17
passwords 15-9
disabling 15-15
enabling 15-15
examples 15-6
overview 15-6
support for 1-9
pruning-eligible list, changing 14-21
server mode, configuring 15-11, 15-14
statistics 15-17
support for 1-9
Token Ring support 15-4
transparent mode, configuring 15-11
using 15-1
enabling 15-14
version, guidelines 15-10
Version 1 15-4
configuration guidelines 15-10
overview 15-4
overview 15-5
authentication 46-3
configuration guidelines 46-6
default configuration 46-5
described 46-1
displaying 46-10
dynamic service groups 46-3
enabling 46-6
features unsupported 46-5
forwarding method 46-3
Layer-2 header rewrite 46-3
MD5 security 46-3
message exchange 46-2
monitoring and maintaining 46-10
negotiation 46-3
packet redirection 46-3
packet-return method 46-3
redirecting traffic received from a client 46-6
setting the password 46-7
unsupported WCCPv2 features 46-5
web authentication 10-17
configuring 11-16 to ??
described 1-10
customizeable web pages 11-6
description 11-1
web-based authentication, interactions with other features 11-7
Web Cache Communication Protocol
weight thresholds in tracked lists 45-5
configuring 28-9
displaying 28-11
location TLV 28-3
understanding 28-3
wizards 1-2
described 36-14
egress queue-sets 36-80
ingress queues 36-75
support for 1-14
Xmodem protocol 50-2
Index
10-Gigabit Ethernet interfaces
configuration guidelines 13-17
defined 13-6
802.1AE Tagging 12-2
AAA down policy, NAC Layer 2 IP validation 1-12
abbreviating commands 2-3
ABRs 39-25
AC (command switch) 6-10
access-class command 35-20
access control entry (ACE) 41-3
access-denied response, VMPS 14-27
applying IPv4 ACLs to interfaces 35-21
Layer 2 35-21
Layer 3 35-21
clusters, switch 6-13
command switches 6-11
member switches 6-13
switch clusters 6-13
accessing stack members 5-23
and Layer 2 protocol tunneling 18-10
defined 13-3
in switch clusters 6-9
access template 8-1
with 802.1x 10-54
with IEEE 802.1x 10-16
with RADIUS 9-35
with TACACS+ 9-12, 9-17
and QoS 36-8
defined 35-2
Ethernet 35-2
IP 35-2
ACEs 35-2
any keyword 35-13
on bridged packets 35-41
on multicast packets 35-42
on routed packets 35-42
on switched packets 35-40
time ranges to 35-17
to an interface 35-20, 41-7
to IPv6 interfaces 41-7
to QoS 36-8
classifying traffic for QoS 36-49
comments in 35-19
compiling 35-24
defined 35-1, 35-8
examples of 35-24, 36-49
extended IP, configuring for QoS classification 36-51
creating 35-11