Index

Numerics

10-Gigabit Ethernet interfaces 13-7

802.1AE 11-31

802.1x-REV 11-31

A

AAA down policy, NAC Layer 2 IP validation 1-11

abbreviating commands 2-3

ABRs 42-26

AC (command switch) 6-10

access-class command 37-20

access control entries

See ACEs

access-denied response, VMPS 15-26

access groups

applying IPv4 ACLs to interfaces 37-21

Layer 2 37-21

Layer 3 37-21

access groups, applying IPv4 ACLs to interfaces 37-21

accessing

clusters, switch 6-13

command switches 6-11

member switches 6-13

switch clusters 6-13

accessing stack members 5-25

access lists

See ACLs

access ports

and Layer 2 protocol tunneling 19-11

defined 13-3

in switch clusters 6-9

access template 8-1

accounting

with 802.1x 11-50

with IEEE 802.1x 11-13

with RADIUS 10-34

with TACACS+ 10-11, 10-17

ACEs

and QoS 39-8

defined 37-2

Ethernet 37-2

IP 37-2

ACLs

ACEs 37-2

any keyword 37-13

applying

on bridged packets 37-39

on multicast packets 37-41

on routed packets 37-40

on switched packets 37-39

time ranges to 37-17

to an interface 37-20, 38-7

to IPv6 interfaces 38-7

to QoS 39-7

classifying traffic for QoS 39-46

comments in 37-19

compiling 37-23

defined 37-2, 37-8

examples of 37-23, 39-46

extended IP, configuring for QoS classification 39-47

extended IPv4

creating 37-11

matching criteria 37-8

hardware and software handling 37-22

ACLs

host keyword 37-13

IP

creating 37-8

fragments and QoS guidelines 39-36

implicit deny 37-10, 37-14, 37-17

implicit masks 37-10

matching criteria 37-8

undefined 37-21

IPv4

applying to interfaces 37-20

creating 37-8

matching criteria 37-8

named 37-15

numbers 37-8

terminal lines, setting on 37-19

unsupported features 37-7

IPv6

and stacking 38-3

applying to interfaces 38-7

configuring 38-4, 38-5

displaying 38-8

interactions with other features 38-4

limitations 38-3

matching criteria 38-3

named 38-3

precedence of 38-2

supported 38-2

unsupported features 38-3

Layer 4 information in 37-38

logging messages 37-9

MAC extended 37-28, 39-50

matching 37-8, 37-21

monitoring 37-41, 38-8

named

IPv4 37-15

IPv6 38-3

names 38-4

number per QoS class map 39-36

ACLs

port 37-2, 38-2

precedence of 37-3

QoS 39-7, 39-46

resequencing entries 37-15

router 37-2, 38-2

router ACLs and VLAN map configuration guidelines 37-38

standard IP, configuring for QoS classification 39-46, 39-48

standard IPv4

creating 37-10

matching criteria 37-8

support for 1-10

support in hardware 37-22

time ranges 37-17

types supported 37-2

unsupported features

IPv4 37-7

IPv6 38-3

using router ACLs with VLAN maps 37-37

VLAN maps

configuration guidelines 37-31

configuring 37-31

active link 23-4, 23-5, 23-6

active links 23-2

active router 44-1

active traffic monitoring, IP SLAs 45-1

address aliasing 26-2

addresses

displaying the MAC address table 7-30

dynamic

accelerated aging 20-9

changing the aging time 7-21

default aging 20-9

defined 7-19

learning 7-20

removing 7-22

IPv6 43-2

addresses

MAC, discovering 7-31

multicast

group address range 48-3

STP address management 20-8

static

adding and removing 7-27

defined 7-19

address resolution 7-31, 42-9

Address Resolution Protocol

See ARP

adjacency tables, with CEF 42-90

administrative distances

defined 42-102

OSPF 42-33

routing protocol defaults 42-92

advertisements

CDP 29-1

LLDP 30-2

RIP 42-20

VTP 15-17, 16-3, 16-4

aggregatable global unicast addresses 43-3

aggregate addresses, BGP 42-60

aggregated ports

See EtherChannel

aggregate policers 39-68

aggregate policing 1-13

aging, accelerating 20-9

aging time

accelerated

for MSTP 21-24

for STP 20-9, 20-23

MAC address table 7-21

maximum

for MSTP 21-24, 21-25

for STP 20-23, 20-24

alarms, RMON 33-3

allowed-VLAN list 15-19

application engines, redirecting traffic to 47-1

area border routers

See ABRs

area routing

IS-IS 42-65

ISO IGRP 42-65

ARP

configuring 42-10

defined 1-6, 7-31, 42-10

encapsulation 42-11

static cache configuration 42-10

table

address resolution 7-31

managing 7-31

ASBRs 42-26

AS-path filters, BGP 42-54

asymmetrical links, and IEEE 802.1Q tunneling 19-4

attributes, RADIUS

vendor-proprietary 10-36

vendor-specific 10-35

attribute-value pairs 11-17, 11-18

audience xlix

authentication

EIGRP 42-41

HSRP 44-10

local mode with AAA 10-43

NTP associations 7-4

open1x 11-27

RADIUS

key 10-27

login 10-29

TACACS+

defined 10-11

key 10-13

login 10-14

See also port-based authentication

authentication failed VLAN

See restricted VLAN

authentication keys, and routing protocols 42-103

authentication manager

CLI commands 11-9

compatibility with older 802.1x CLI commands 11-9 to 11-10

overview 11-8

single session ID 11-30

authoritative time source, described 7-2

authorization

with RADIUS 10-33

with TACACS+ 10-11, 10-16

authorized ports with IEEE 802.1x 11-10

autoconfiguration 3-3

auto enablement 11-29

automatic advise (auto-advise) in switch stacks 5-13

automatic copy (auto-copy) in switch stacks 5-12

automatic discovery

considerations

beyond a noncandidate device 6-8

brand new switches 6-9

connectivity 6-5

different VLANs 6-7

management VLANs 6-7

non-CDP-capable devices 6-6

noncluster-capable devices 6-6

routed ports 6-8

in switch clusters 6-5

See also CDP

automatic extraction (auto-extract) in switch stacks 5-12

automatic QoS

See QoS

automatic recovery, clusters 6-10

See also HSRP

automatic upgrades (auto-upgrade) in switch stacks 5-12

auto-MDIX

configuring 13-31

described 13-31

autonegotiation

duplex mode 1-4

interface configuration guidelines 13-28

mismatches 51-13

autonomous system boundary routers

See ASBRs

autonomous systems, in BGP 42-48

Auto-RP, described 48-7

autosensing, port speed 1-4

Auto Smartports macros

built-in macros 14-3, 14-9

Cisco Medianet 14-2

configuration guidelines 14-4

default configuration 14-3

defined 14-1

displaying 14-20

enabling 14-5, 14-6, 14-8

event triggers 14-12

IOS shell 14-1, 14-15

LLDP 14-2

mapping 14-9

user-defined macros 14-15

autostate exclude 13-6

Auto Smartports macros

See also Smartports macros

auxiliary VLAN

See voice VLAN

availability, features 1-8

B

BackboneFast

described 22-7

disabling 22-17

enabling 22-16

support for 1-8

backup interfaces

See Flex Links

backup links 23-2

backup static routing, configuring 46-12

banners

configuring

login 7-19

message-of-the-day login 7-18

default configuration 7-17

when displayed 7-17

Berkeley r-tools replacement 10-55

BGP

aggregate addresses 42-60

aggregate routes, configuring 42-60

CIDR 42-60

clear commands 42-63

community filtering 42-57

configuring neighbors 42-58

default configuration 42-45

described 42-45

enabling 42-48

monitoring 42-63

multipath support 42-52

neighbors, types of 42-48

path selection 42-52

peers, configuring 42-58

prefix filtering 42-56

resetting sessions 42-50

route dampening 42-62

route maps 42-54

route reflectors 42-61

routing domain confederation 42-61

routing session with multi-VRF CE 42-84

show commands 42-63

supernets 42-60

support for 1-14

Version 4 42-45

binding cluster group and HSRP group 44-12

binding database

address, DHCP server

See DHCP, Cisco IOS server database

DHCP snooping

See DHCP snooping binding database

bindings

address, Cisco IOS DHCP server 24-6

DHCP snooping database 24-6

IP source guard 24-16

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets 28-7

Boolean expressions in tracked lists 46-4

booting

boot loader, function of 3-2

boot process 3-2

manually 3-18

specific image 3-19

boot loader

accessing 3-20

described 3-2

environment variables 3-20

prompt 3-20

trap-door mechanism 3-2

bootstrap router (BSR), described 48-7

Border Gateway Protocol

See BGP

BPDU

error-disabled state 22-2

filtering 22-3

RSTP format 21-12

BPDU filtering

described 22-3

disabling 22-15

enabling 22-14

support for 1-8

BPDU guard

described 22-2

disabling 22-14

enabling 22-13

support for 1-8

bridged packets, ACLs on 37-39

bridge groups

See fallback bridging

bridge protocol data unit

See BPDU

broadcast flooding 42-17

broadcast packets

directed 42-14

flooded 42-14

broadcast storm-control command 28-4

broadcast storms 28-1, 42-14

C

cables, monitoring for unidirectional links 31-1

candidate switch

automatic discovery 6-5

defined 6-4

requirements 6-4

See also command switch, cluster standby group, and member switch

CA trustpoint

configuring 10-52

defined 10-49

caution, described l

CDP

and trusted boundary 39-42

automatic discovery in switch clusters 6-5

configuring 29-2

default configuration 29-2

defined with LLDP 30-1

described 29-1

disabling for routing device 29-3 to 29-4

CDP

enabling and disabling

on an interface 29-4

on a switch 29-3

Layer 2 protocol tunneling 19-8

monitoring 29-5

overview 29-1

power negotiation extensions 13-7

support for 1-6

switch stack considerations 29-2

transmission timer and holdtime, setting 29-2

updates 29-2

CEF

defined 42-89

distributed 42-90

IPv6 43-19

CGMP

as IGMP snooping learning method 26-8

clearing cached group entries 48-62

enabling server support 48-45

joining multicast group 26-3

overview 48-9

server support only 48-9

switch support of 1-4

CIDR 42-60

CipherSuites 10-51

Cisco 7960 IP Phone 17-1

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco intelligent power management 13-7

Cisco IOS DHCP server

See DHCP, Cisco IOS DHCP server

Cisco IOS File System

See IFS

Cisco IOS IP SLAs 45-1

Cisco Medianet

See Auto Smartports macros

Cisco Network Assistant

See Network Assistant

Cisco Redundant Power System 2300

configuring 13-42

managing 13-42

Cisco Secure ACS

attribute-value pairs for downloadable ACLs 11-18

attribute-value pairs for redirect URL 11-17

Cisco Secure ACS configuration guide 11-61

Cisco StackWise Plus technology 1-3

See also stacks, switch

CiscoWorks 2000 1-6, 35-4

CISP 11-29

CIST regional root

See MSTP

CIST root

See MSTP

civic location 30-3

classless interdomain routing

See CIDR

classless routing 42-8

class maps for QoS

configuring 39-51

described 39-8

displaying 39-88

class of service

See CoS

clearing interfaces 13-46

CLI

abbreviating commands 2-3

command modes 2-1

configuration logging 2-4

described 1-5

editing features

enabling and disabling 2-6

keystroke editing 2-7

wrapped lines 2-8

CLI

error messages 2-4

filtering command output 2-9

getting help 2-3

history

changing the buffer size 2-5

described 2-5

disabling 2-6

recalling commands 2-6

managing clusters 6-16

no and default forms of commands 2-4

Client Information Signalling Protocol

See CISP

client mode, VTP 16-3

client processes, tracking 46-1

CLNS

See ISO CLNS

clock

See system clock

cluster requirements l

clusters, switch

accessing 6-13

automatic discovery 6-5

automatic recovery 6-10

benefits 1-2

compatibility 6-4

described 6-1

LRE profile considerations 6-16

managing

through CLI 6-16

through SNMP 6-17

planning 6-4

planning considerations

automatic discovery 6-5

automatic recovery 6-10

CLI 6-16

host names 6-13

IP addresses 6-13

LRE profiles 6-16

clusters, switch

passwords 6-14

RADIUS 6-16

SNMP 6-14, 6-17

switch stacks 6-14

TACACS+ 6-16

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

and HSRP group 44-12

automatic recovery 6-12

considerations 6-11

defined 6-2

requirements 6-3

virtual IP address 6-11

See also HSRP

CNS

Configuration Engine

configID, deviceID, hostname 4-3

configuration service 4-2

described 4-1

event service 4-3

embedded agents

described 4-5

enabling automated configuration 4-6

enabling configuration agent 4-9

enabling event agent 4-8

management functions 1-6

CoA Request Commands 10-22

Coarse Wave Division Multiplexer

See CWDM SFPs

command-line interface

See CLI

command modes 2-1

commands

abbreviating 2-3

no and default 2-4

commands, setting privilege levels 10-8

command switch

accessing 6-11

active (AC) 6-10

configuration conflicts 51-12

defined 6-2

passive (PC) 6-10

password privilege levels 6-17

priority 6-10

recovery

from command-switch failure 6-10, 51-9

from lost member connectivity 51-12

redundant 6-10

replacing

with another switch 51-11

with cluster member 51-9

requirements 6-3

standby (SC) 6-10

See also candidate switch, cluster standby group, member switch, and standby command switch

common session ID

see single session ID 11-30

community list, BGP 42-57

community ports 18-2

community strings

configuring 6-14, 35-8

for cluster switches 35-4

in clusters 6-14

overview 35-4

SNMP 6-14

community VLANs 18-2, 18-3

compatibility, feature 28-12

compatibility, software

See stacks, switch

config.text 3-17

configurable leave timer, IGMP 26-5

configuration, initial

defaults 1-16

Express Setup 1-2

See also getting started guide and hardware installation guide

configuration conflicts, recovering from lost member connectivity 51-12

configuration examples, network 1-19

configuration files

archiving B-21

clearing the startup configuration B-20

creating and using, guidelines for B-10

creating using a text editor B-11

default name 3-17

deleting a stored configuration B-20

described B-9

downloading

automatically 3-17

preparing B-11, B-14, B-17

reasons for B-9

using FTP B-14

using RCP B-18

using TFTP B-12

invalid combinations when copying B-6

limiting TFTP server access 35-17

obtaining with DHCP 3-9

password recovery disable considerations 10-5

replacing and rolling back, guidelines for B-22

replacing a running configuration B-20, B-21

rolling back a running configuration B-20, B-22

specifying the filename 3-17

system contact and location information 35-16

types and location B-10

uploading

preparing B-11, B-14, B-17

reasons for B-9

using FTP B-16

using RCP B-19

using TFTP B-13

configuration guidelines, multi-VRF CE 42-77

configuration logging 2-4

configuration replacement B-20

configuration rollback B-20, B-21

configuration settings, saving 3-15

configure terminal command 13-18

configuring multicast VRFs 42-83

configuring port-based authentication violation modes 11-41

configuring small-frame arrival rate 28-5

conflicts, configuration 51-12

connections, secure remote 10-45

connectivity problems 51-15, 51-16, 51-18

consistency checks in VTP Version 2 16-5

console media type 13-14

console port

RJ-45 13-13

USB 13-13

console port, connecting to 2-10

content-routing technology

See WCCP

control protocol, IP SLAs 45-4

conventions

command xlix

for examples l

publication xlix

text xlix

corrupted software, recovery steps with Xmodem 51-2

CoS

in Layer 2 frames 39-2

override priority 17-6

trust priority 17-6

CoS input queue threshold map for QoS 39-18

CoS output queue threshold map for QoS 39-21

CoS-to-DSCP map for QoS 39-71

counters, clearing interface 13-46

CPU utilization, troubleshooting 51-28

crashinfo file 51-24

critical authentication, IEEE 802.1x 11-53

critical VLAN 11-21

cross-stack EtherChannel

configuration guidelines 40-13

configuring

on Layer 2 interfaces 40-13

on Layer 3 physical interfaces 40-16

described 40-3

illustration 40-4

support for 1-8

cross-stack UplinkFast, STP

described 22-5

disabling 22-16

enabling 22-16

fast-convergence events 22-7

Fast Uplink Transition Protocol 22-6

normal-convergence events 22-7

support for 1-8

cryptographic software image

switch stack considerations 5-3, 5-17

customer edge devices 42-75

customizeable web pages, web-based authentication 12-6

CWDM SFPs 1-32

D

DACL

See downloadable ACL

daylight saving time 7-13

dCEF in the switch stack 42-90

debugging

enabling all system diagnostics 51-21

enabling for a specific feature 51-21

redirecting error message output 51-22

using commands 51-20

default commands 2-4

default configuration

802.1x 11-35

auto-QoS 39-24

banners 7-17

BGP 42-45

booting 3-17

CDP 29-2

DHCP 24-8

DHCP option 82 24-8

DHCP snooping 24-8

DHCP snooping binding database 24-9

DNS 7-16

dynamic ARP inspection 25-5

EIGRP 42-37

EtherChannel 40-11

Ethernet interfaces 13-27

fallback bridging 50-3

Flex Links 23-8

HSRP 44-5

IEEE 802.1Q tunneling 19-4

IGMP 48-39

IGMP filtering 26-23

IGMP snooping 26-6, 27-6

IGMP throttling 26-24

initial switch information 3-3

IP addressing, IP routing 42-6

IP multicast routing 48-11

IP SLAs 45-6

IP source guard 24-18

IPv6 43-11

IS-IS 42-66

Layer 2 interfaces 13-27

Layer 2 protocol tunneling 19-11

LLDP 30-5

MAC address table 7-21

MAC address-table move update 23-8

MSDP 49-4

MSTP 21-14

multi-VRF CE 42-77

default configuration

MVR 26-19

NTP 7-4

optional spanning-tree configuration 22-12

OSPF 42-27

password and privilege level 10-2

PIM 48-11

private VLANs 18-6

RADIUS 10-27

RIP 42-21

RMON 33-3

RSPAN 32-12

SDM template 8-4

SNMP 35-6

SPAN 32-12

SSL 10-51

standard QoS 39-34

STP 20-12

switch stacks 5-20

system message logging 34-4

system name and prompt 7-15

TACACS+ 10-13

UDLD 31-4

VLAN, Layer 2 Ethernet interfaces 15-17

VLANs 15-7

VMPS 15-27

voice VLAN 17-3

VTP 16-8

WCCP 47-5

default gateway 3-15, 42-12

default networks 42-93

default router preference

See DRP

default routes 42-93

default routing 42-3

default web-based authentication configuration

802.1X 12-9

deleting VLANs 15-8

denial-of-service attack 28-1

description command 13-36

designing your network, examples 1-19

desktop template 5-10

destination addresses

in IPv4 ACLs 37-12

in IPv6 ACLs 38-5

destination-IP address-based forwarding, EtherChannel 40-9

destination-MAC address forwarding, EtherChannel 40-9

detecting indirect link failures, STP 22-8

device discovery protocol 29-1, 30-1

device manager

benefits 1-2

described 1-2, 1-5

in-band management 1-7

requirements l

DHCP

Cisco IOS server database

configuring 24-14

default configuration 24-9

described 24-6

DHCP for IPv6

See DHCPv6

enabling

relay agent 24-11

server 24-10

DHCP-based autoconfiguration

client request message exchange 3-4

configuring

client side 3-4

DNS 3-8

relay device 3-8

server side 3-7

server-side 24-10

TFTP server 3-7

example 3-10

lease options

for IP address information 3-7

for receiving the configuration file 3-7

DHCP-based autoconfiguration

overview 3-3

relationship to BOOTP 3-4

relay support 1-6, 1-14

support for 1-6

DHCP-based autoconfiguration and image update

configuring 3-11 to 3-14

understanding 3-5 to 3-6

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP object tracking, configuring primary interface 46-11

DHCP option 82

circuit ID suboption 24-5

configuration guidelines 24-9

default configuration 24-8

displaying 24-16

forwarding address, specifying 24-11

helper address 24-11

overview 24-3

packet format, suboption

circuit ID 24-5

remote ID 24-5

remote ID suboption 24-5

DHCP server port-based address allocation

configuration guidelines 24-26

default configuration 24-26

described 24-26

displaying 24-29, 25-12

enabling 24-27

reserved addresses 24-27

DHCP snooping

accepting untrusted packets form edge switch 24-3, 24-13

and private VLANs 24-14

binding database

See DHCP snooping binding database

DHCP snooping

configuration guidelines 24-9

default configuration 24-8

displaying binding tables 24-16

message exchange process 24-4

option 82 data insertion 24-3

trusted interface 24-2

untrusted interface 24-2

untrusted messages 24-2

DHCP snooping binding database

adding bindings 24-15

binding entries, displaying 24-16

binding file

format 24-7

location 24-6

bindings 24-6

clearing agent statistics 24-15

configuration guidelines 24-10

configuring 24-15

default configuration 24-8, 24-9

deleting

binding file 24-15

bindings 24-15

database agent 24-15

described 24-6

displaying 24-16

binding entries 24-16

status and statistics 24-16

displaying status and statistics 24-16

enabling 24-15

entry 24-6

renewing database 24-15

resetting

delay value 24-15

timeout value 24-15

DHCP snooping binding table

See DHCP snooping binding database

DHCPv6

configuration guidelines 43-15

default configuration 43-15

described 43-6

enabling client function 43-18

enabling DHCPv6 server function 43-16

diagnostic schedule command 52-2

Differentiated Services architecture, QoS 39-2

Differentiated Services Code Point 39-2

Diffusing Update Algorithm (DUAL) 42-35

Digital Optical Monitoring (DOM) 13-46

directed unicast requests 1-6

directories

changing B-4

creating and removing B-5

displaying the working B-4

discovery, clusters

See automatic discovery

Distance Vector Multicast Routing Protocol

See DVMRP

distance-vector protocols 42-3

distribute-list command 42-101

DNS

and DHCP-based autoconfiguration 3-8

default configuration 7-16

displaying the configuration 7-17

in IPv6 43-4

overview 7-15

setting up 7-16

support for 1-6

DNS-based SSM mapping 48-19, 48-20

documentation, related l

document conventions xlix

DOM (Digital Optical Monitoring) 13-46

domain names

DNS 7-15

VTP 16-9

Domain Name System

See DNS

domains, ISO IGRP routing 42-65

dot1q-tunnel switchport mode 15-16

double-tagged packets

IEEE 802.1Q tunneling 19-2

Layer 2 protocol tunneling 19-10

downloadable ACL 11-17, 11-18, 11-61

downloading

configuration files

preparing B-11, B-14, B-17

reasons for B-9

using FTP B-14

using RCP B-18

using TFTP B-12

image files

deleting old image B-30

preparing B-28, B-31, B-36

reasons for B-25

using CMS 1-3

using FTP B-32

using HTTP 1-3, B-25

using RCP B-37

using TFTP B-28

using the device manager or Network Assistant B-25

drop threshold for Layer 2 protocol packets 19-11

DRP

configuring 43-13

described 43-4

IPv6 43-4

DSCP 1-13, 39-2

DSCP input queue threshold map for QoS 39-18

DSCP output queue threshold map for QoS 39-21

DSCP-to-CoS map for QoS 39-74

DSCP-to-DSCP-mutation map for QoS 39-75

DSCP transparency 39-43

DTP 1-9, 15-15

dual-action detection 40-6

DUAL finite state machine, EIGRP 42-36

dual IPv4 and IPv6 templates 8-2, 43-6

dual protocol stacks

IPv4 and IPv6 43-6

SDM templates supporting 43-6

DVMRP

autosummarization

configuring a summary address 48-59

disabling 48-61

connecting PIM domain to DVMRP router 48-51

enabling unicast routing 48-54

interoperability

with Cisco devices 48-49

with Cisco IOS software 48-9

mrinfo requests, responding to 48-54

neighbors

advertising the default route to 48-53

discovery with Probe messages 48-49

displaying information 48-54

prevent peering with nonpruning 48-57

rejecting nonpruning 48-55

overview 48-9

routes

adding a metric offset 48-61

advertising all 48-61

advertising the default route to neighbors 48-53

caching DVMRP routes learned in report messages 48-55

changing the threshold for syslog messages 48-58

deleting 48-62

displaying 48-63

favoring one over another 48-61

limiting the number injected into MBONE 48-58

limiting unicast route advertisements 48-49

routing table 48-9

source distribution tree, building 48-9

support for 1-14

tunnels

configuring 48-51

displaying neighbor information 48-54

dynamic access ports

characteristics 15-3

configuring 15-28

defined 13-3

dynamic addresses

See addresses

dynamic ARP inspection

ARP cache poisoning 25-1

ARP requests, described 25-1

ARP spoofing attack 25-1

clearing

log buffer 25-15

statistics 25-15

configuration guidelines 25-6

configuring

ACLs for non-DHCP environments 25-8

in DHCP environments 25-7

log buffer 25-13

rate limit for incoming ARP packets 25-4, 25-10

default configuration 25-5

denial-of-service attacks, preventing 25-10

described 25-1

DHCP snooping binding database 25-2

displaying

ARP ACLs 25-14

configuration and operating state 25-14

statistics 25-15

trust state and rate limit 25-14

error-disabled state for exceeding rate limit 25-4

function of 25-2

interface trust states 25-3

log buffer

clearing 25-15

configuring 25-13

logging of dropped packets, described 25-5

man-in-the middle attack, described 25-2

network security issues and interface trust states 25-3

priority of ARP ACLs and DHCP snooping entries 25-4

dynamic ARP inspection

rate limiting of ARP packets

configuring 25-10

described 25-4

error-disabled state 25-4

statistics

clearing 25-15

displaying 25-15

validation checks, performing 25-12

dynamic auto trunking mode 15-16

dynamic desirable trunking mode 15-16

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described 15-26

reconfirming 15-29

troubleshooting 15-31

types of connections 15-29

dynamic routing 42-3

ISO CLNS 42-64

Dynamic Trunking Protocol

See DTP

E

EBGP 42-44

editing features

enabling and disabling 2-6

keystrokes used 2-7

wrapped lines 2-8

EEM 3.2 36-5

EIGRP

authentication 42-41

components 42-36

configuring 42-39

default configuration 42-37

definition 42-35

interface parameters, configuring 42-40

monitoring 42-43

EIGRP

stub routing 42-42

support for 1-14

EIGRP IPv6 43-7

elections

See stack master

ELIN location 30-3

embedded event manager

3.2 36-5

actions 36-4

configuring 36-1, 36-6

displaying information 36-8

environmental variables 36-5

event detectors 36-3

policies 36-4

registering and defining an applet 36-6

registering and defining a TCL script 36-7

understanding 36-1

enable password 10-3

enable secret password 10-3

encryption, CipherSuite 10-51

encryption for passwords 10-3

encryption keying 11-31

encryption keys, MKA 11-31

Enhanced IGRP

See EIGRP

enhanced object tracking

backup static routing 46-12

commands 46-1

defined 46-1

DHCP primary interface 46-11

HSRP 46-7

IP routing state 46-2

IP SLAs 46-9

line-protocol state 46-2

network monitoring with IP SLAs 46-11

routing policy, configuring 46-12

static route primary interface 46-10

tracked lists 46-3

enhanced object tracking static routing 46-10

environmental variables, embedded event manager 36-5

environment variables, function of 3-20

equal-cost routing 1-14, 42-91

error-disabled state, BPDU 22-2

error messages during command entry 2-4

EtherChannel

automatic creation of 40-5, 40-7

channel groups

binding physical and logical interfaces 40-4

numbering of 40-4

configuration guidelines 40-12

configuring

Layer 2 interfaces 40-13

Layer 3 physical interfaces 40-16

Layer 3 port-channel logical interfaces 40-15

default configuration 40-11

described 40-2

displaying status 40-22

forwarding methods 40-8, 40-18

IEEE 802.3ad, described 40-7

interaction

with STP 40-12

with VLANs 40-12

LACP

described 40-7

displaying status 40-22

hot-standby ports 40-20

interaction with other features 40-8

modes 40-7

port priority 40-22

system priority 40-21

Layer 3 interface 42-5

load balancing 40-8, 40-18

logical interfaces, described 40-4

EtherChannel

PAgP

aggregate-port learners 40-19

compatibility with Catalyst 1900 40-19

described 40-5

displaying status 40-22

interaction with other features 40-7

interaction with virtual switches 40-6

learn method and priority configuration 40-19

modes 40-6

support for 1-4

with dual-action detection 40-6

port-channel interfaces

described 40-4

numbering of 40-4

port groups 13-6

stack changes, effects of 40-10

support for 1-4

EtherChannel guard

described 22-10

disabling 22-17

enabling 22-17

Ethernet management port

active link 13-23

and routing 13-24

and routing protocols 13-24

and TFTP 13-26

configuring 13-25

connecting to 2-10

default setting 13-24

described 13-23

for network management 13-23

specifying 13-25

supported features 13-25

unsupported features 13-25

Ethernet management port, internal

and routing 13-24

and routing protocols 13-24

unsupported features 13-25

Ethernet VLANs

adding 15-7

defaults and ranges 15-7

modifying 15-7

EUI 43-3

event detectors, embedded event manager 36-3

events, RMON 33-3

examples

conventions for l

network configuration 1-19

expedite queue for QoS 39-86

Express Setup 1-2

See also getting started guide

extended crashinfo file 51-24

extended-range VLANs

configuration guidelines 15-10

configuring 15-10

creating 15-11

creating with an internal VLAN ID 15-13

defined 15-1

extended system ID

MSTP 21-18

STP 20-4, 20-16

extended universal identifier

See EUI

Extensible Authentication Protocol over LAN 11-1

external BGP

See EBGP

external neighbors, BGP 42-48

F

Fa0 port

See Ethernet management port

failover support 1-8

fallback bridging

and protected ports 50-4

bridge groups

creating 50-4

described 50-2

displaying 50-10

function of 50-2

number supported 50-4

removing 50-5

bridge table

clearing 50-10

displaying 50-10

configuration guidelines 50-4

connecting interfaces with 13-13

default configuration 50-3

described 50-1

frame forwarding

flooding packets 50-2

forwarding packets 50-2

overview 50-1

protocol, unsupported 50-4

stack changes, effects of 50-3

STP

disabling on an interface 50-9

forward-delay interval 50-8

hello BPDU interval 50-8

interface priority 50-6

keepalive messages 20-2

maximum-idle interval 50-9

path cost 50-7

VLAN-bridge spanning-tree priority 50-6

VLAN-bridge STP 50-2

support for 1-14

SVIs and routed ports 50-1

unsupported protocols 50-4

VLAN-bridge STP 20-11

Fast Convergence 23-3

fastethernet0 port

See Ethernet management port

Fast Uplink Transition Protocol 22-6

features, incompatible 28-12

FIB 42-90

fiber-optic, detecting unidirectional links 31-1

files

basic crashinfo

description 51-25

location 51-25

copying B-5

crashinfo, description 51-24

deleting B-6

displaying the contents of B-8

extended crashinfo

description 51-25

location 51-25

tar

creating B-7

displaying the contents of B-7

extracting B-8

image file format B-26

file system

displaying available file systems B-2

displaying file information B-3

local file system names B-1

network file system names B-5

setting the default B-3

filtering

in a VLAN 37-31

IPv6 traffic 38-4, 38-7

non-IP traffic 37-28

show and more command output 2-9

filtering show and more command output 2-9

filters, IP

See ACLs, IP

flash device, number of B-1

flexible authentication ordering

configuring 11-64

overview 11-27

Flex Link Multicast Fast Convergence 23-3

Flex Links

configuring 23-8, 23-9

configuring preferred VLAN 23-11

configuring VLAN load balancing 23-10

default configuration 23-8

description 23-1

link load balancing 23-2

monitoring 23-14

VLANs 23-2

flooded traffic, blocking 28-8

flow-based packet classification 1-13

flowcharts

QoS classification 39-7

QoS egress queueing and scheduling 39-19

QoS ingress queueing and scheduling 39-16

QoS policing and marking 39-11

flowcontrol

configuring 13-30

described 13-30

forward-delay time

MSTP 21-24

STP 20-23

Forwarding Information Base

See FIB

forwarding nonroutable protocols 50-1

FTP

accessing MIB files A-4

configuration files

downloading B-14

overview B-13

preparing the server B-14

uploading B-16

image files

deleting old image B-34

downloading B-32

preparing the server B-31

uploading B-34

G

general query 23-5

Generating IGMP Reports 23-3

get-bulk-request operation 35-3

get-next-request operation 35-3, 35-4

get-request operation 35-3, 35-4

get-response operation 35-3

Gigabit modules

See SFPs

global configuration mode 2-2

global leave, IGMP 26-12

guest VLAN and IEEE 802.1x 11-19

guide

audience xlix

purpose of xlix

guide mode 1-3

GUIs

See device manager and Network Assistant

H

hardware limitations and Layer 3 interfaces 13-37

hello time

MSTP 21-23

STP 20-22

help, for the command line 2-3

hierarchical policy maps 39-9

configuration guidelines 39-37

configuring 39-61

described 39-12

history

changing the buffer size 2-5

described 2-5

disabling 2-6

recalling commands 2-6

history table, level and number of syslog messages 34-10

host modes, MACsec 11-33

host names in clusters 6-13

host ports

configuring 18-11

kinds of 18-2

hosts, limit on dynamic ports 15-31

Hot Standby Router Protocol

See HSRP

HP OpenView 1-6

HSRP

authentication string 44-10

automatic cluster recovery 6-12

binding to cluster group 44-12

cluster standby group considerations 6-11

command-switch redundancy 1-1, 1-8

configuring 44-5

default configuration 44-5

definition 44-1

guidelines 44-6

monitoring 44-13

object tracking 46-7

overview 44-1

priority 44-8

routing redundancy 1-14

support for ICMP redirect messages 44-12

switch stack considerations 44-5

timers 44-11

tracking 44-8

See also clusters, cluster standby group, and standby command switch

HSRP for IPv6

configuring 43-25

guidelines 43-24

HTTP(S) Over IPv6 43-8

HTTP over SSL

see HTTPS

HTTPS

configuring 10-53

described 10-49

self-signed certificate 10-50

HTTP secure server 10-49

I

IBPG 42-44

ICMP

IPv6 43-4

redirect messages 42-12

support for 1-14

time-exceeded messages 51-18

traceroute and 51-18

unreachable messages 37-20

unreachable messages and IPv6 38-4

unreachables and ACLs 37-22

ICMP Echo operation

configuring 45-11

IP SLAs 45-11

ICMP ping

executing 51-15

overview 51-15

ICMP Router Discovery Protocol

See IRDP

ICMPv6 43-4

IDS appliances

and ingress RSPAN 32-22

and ingress SPAN 32-15

IEEE 802.1D

See STP

IEEE 802.1p 17-1

IEEE 802.1Q

and trunk ports 13-3

configuration limitations 15-17

encapsulation 15-14

native VLAN for untagged traffic 15-21

tunneling

compatibility with other features 19-6

defaults 19-4

described 19-1

tunnel ports with other features 19-6

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3af

See PoE

IEEE 802.3x flow control 13-30

ifIndex values, SNMP 35-5

IFS 1-6

IGMP

configurable leave timer

described 26-5

enabling 26-10

configuring the switch

as a member of a group 48-39

statically connected member 48-44

controlling access to groups 48-40

default configuration 48-39

deleting cache entries 48-62

displaying groups 48-63

fast switching 48-44

flooded multicast traffic

controlling the length of time 26-11

disabling on an interface 26-12

global leave 26-12

query solicitation 26-12

recovering from flood mode 26-12

host-query interval, modifying 48-42

joining multicast group 26-3

join messages 26-3

leave processing, enabling 26-10, 27-9

leaving multicast group 26-4

multicast reachability 48-39

overview 48-3

queries 26-3

IGMP

report suppression

described 26-5

disabling 26-15, 27-11

supported versions 26-3

support for 1-4

Version 1

changing to Version 2 48-41

described 48-3

Version 2

changing to Version 1 48-41

described 48-3

maximum query response time value 48-43

pruning groups 48-43

query timeout value 48-42

IGMP filtering

configuring 26-24

default configuration 26-23

described 26-23

support for 1-5

IGMP groups

configuring filtering 26-26

setting the maximum number 26-26

IGMP helper 48-6

IGMP Immediate Leave

configuration guidelines 26-10

described 26-5

enabling 26-10

IGMP profile

applying 26-25

configuration mode 26-24

configuring 26-24

IGMP snooping

and address aliasing 26-2

and stack changes 26-6

configuring 26-6

default configuration 26-6, 27-6

definition 26-2

enabling and disabling 26-7, 27-7

IGMP snooping

global configuration 26-7

Immediate Leave 26-5

in the switch stack 26-6

method 26-7

monitoring 26-15, 27-12

querier

configuration guidelines 26-13

configuring 26-13

supported versions 26-3

support for 1-4

VLAN configuration 26-7

IGMP throttling

configuring 26-26

default configuration 26-24

described 26-23

displaying action 26-28

IGP 42-25

Immediate Leave, IGMP

described 26-5

enabling 27-9

inaccessible authentication bypass 11-20

support for multiauth ports 11-21

initial configuration

defaults 1-16

Express Setup 1-2

See also getting started guide and hardware installation guide

interface

number 13-18

range macros 13-21

interface command 13-17 to 13-18

interface configuration mode 2-2

interfaces

auto-MDIX, configuring 13-31

configuring

procedure 13-18

counters, clearing 13-46

default configuration 13-27

interfaces

described 13-36

descriptive name, adding 13-36

displaying information about 13-45

duplex and speed configuration guidelines 13-28

flow control 13-30

management 1-5

monitoring 13-45

naming 13-36

physical, identifying 13-17

range of 13-19

restarting 13-47

shutting down 13-47

speed and duplex, configuring 13-29

status 13-45

supported 13-17

types of 13-1

interfaces range macro command 13-21

interface types 13-17

Interior Gateway Protocol

See IGP

internal BGP

See IBGP

internal neighbors, BGP 42-48

internal power supplies

See power supplies

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

Internet Protocol version 6

See IPv6

Inter-Switch Link

See ISL

inter-VLAN routing 1-14, 42-2

Intrusion Detection System

See IDS appliances

inventory management TLV 30-3, 30-7

IOS shell

See Auto Smartports macros

IP ACLs

for QoS classification 39-7

implicit deny 37-10, 37-14

implicit masks 37-10

named 37-15

undefined 37-21

IP addresses

128-bit 43-2

candidate or member 6-4, 6-13

classes of 42-7

cluster access 6-2

command switch 6-3, 6-11, 6-13

default configuration 42-6

discovering 7-31

for IP routing 42-6

IPv6 43-2

MAC address association 42-9

monitoring 42-18

redundant clusters 6-11

standby command switch 6-11, 6-13

See also IP information

IP base feature set 1-1

IP base software image 1-1

IP broadcast address 42-17

ip cef distributed command 42-90

IP directed broadcasts 42-15

ip igmp profile command 26-24

IP information

assigned

manually 3-15

through DHCP-based autoconfiguration 3-3

default configuration 3-3

IP multicast routing

addresses

all-hosts 48-3

all-multicast-routers 48-3

host group address range 48-3

administratively-scoped boundaries, described 48-47

and IGMP snooping 26-2

Auto-RP

adding to an existing sparse-mode cloud 48-26

benefits of 48-26

clearing the cache 48-63

configuration guidelines 48-12

filtering incoming RP announcement messages 48-28

overview 48-7

preventing candidate RP spoofing 48-28

preventing join messages to false RPs 48-28

setting up in a new internetwork 48-26

using with BSR 48-34

bootstrap router

configuration guidelines 48-12

configuring candidate BSRs 48-32

configuring candidate RPs 48-33

defining the IP multicast boundary 48-31

defining the PIM domain border 48-30

overview 48-7

using with Auto-RP 48-34

Cisco implementation 48-2

configuring

basic multicast routing 48-12

IP multicast boundary 48-47

default configuration 48-11

enabling

multicast forwarding 48-13

PIM mode 48-13

group-to-RP mappings

Auto-RP 48-7

BSR 48-7

IP multicast routing

MBONE

deleting sdr cache entries 48-63

described 48-46

displaying sdr cache 48-63

enabling sdr listener support 48-46

limiting DVMRP routes advertised 48-58

limiting sdr cache entry lifetime 48-46

SAP packets for conference session announcement 48-46

Session Directory (sdr) tool, described 48-46

monitoring

packet rate loss 48-64

peering devices 48-64

tracing a path 48-64

multicast forwarding, described 48-8

PIMv1 and PIMv2 interoperability 48-11

protocol interaction 48-2

reverse path check (RPF) 48-8

routing table

deleting 48-62

displaying 48-63

RP

assigning manually 48-24

configuring Auto-RP 48-26

configuring PIMv2 BSR 48-30

monitoring mapping information 48-35

using Auto-RP and BSR 48-34

stacking

stack master functions 48-10

stack member functions 48-10

statistics, displaying system and network 48-63

See also CGMP

See also DVMRP

See also IGMP

See also PIM

IP phones

and QoS 17-1

automatic classification and queueing 39-23

configuring 17-4

ensuring port security with QoS 39-42

trusted boundary for QoS 39-42

IP Port Security for Static Hosts

on a Layer 2 access port 24-20

on a PVLAN host port 24-24

IP precedence 39-2

IP-precedence-to-DSCP map for QoS 39-72

IP protocols

in ACLs 37-12

routing 1-14

IP protocols in ACLs 37-12

IP routes, monitoring 42-104

IP routing

connecting interfaces with 13-13

disabling 42-19

enabling 42-19

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 45-1

IP services feature set 1-2

IP SLAs

benefits 45-2

configuration guidelines 45-6

configuring object tracking 46-9

Control Protocol 45-4

default configuration 45-6

definition 45-1

ICMP echo operation 45-11

measuring network performance 45-3

monitoring 45-13

multioperations scheduling 45-5

object tracking 46-9

operation 45-3

reachability tracking 46-9

IP SLAs

responder

described 45-4

enabling 45-7

response time 45-4

scheduling 45-5

SNMP support 45-2

supported metrics 45-2

threshold monitoring 45-6

track object monitoring agent, configuring 46-11

track state 46-9

UDP jitter operation 45-8

IP source guard

and 802.1x 24-19

and DHCP snooping 24-16

and EtherChannels 24-19

and port security 24-19

and private VLANs 24-19

and routed ports 24-18

and TCAM entries 24-19

and trunk interfaces 24-18

and VRF 24-19

binding configuration

automatic 24-16

manual 24-16

binding table 24-16

configuration guidelines 24-18

default configuration 24-18

described 24-16

disabling 24-20

displaying

bindings 24-25

configuration 24-25

enabling 24-19, 24-21

filtering

source IP address 24-17

source IP and MAC address 24-17

source IP address filtering 24-17

source IP and MAC address filtering 24-17

IP source guard

static bindings

adding 24-19, 24-21

deleting 24-20

static hosts 24-21

IP traceroute

executing 51-18

overview 51-18

IP unicast routing

address resolution 42-9

administrative distances 42-92, 42-102

ARP 42-10

assigning IP addresses to Layer 3 interfaces 42-7

authentication keys 42-103

broadcast

address 42-17

flooding 42-17

packets 42-14

storms 42-14

classless routing 42-8

configuring static routes 42-92

default

addressing configuration 42-6

gateways 42-12

networks 42-93

routes 42-93

routing 42-3

directed broadcasts 42-15

disabling 42-19

dynamic routing 42-3

enabling 42-19

EtherChannel Layer 3 interface 42-5

IGP 42-25

inter-VLAN 42-2

IP addressing

classes 42-7

configuring 42-6

IPv6 43-3

IRDP 42-13

IP unicast routing

Layer 3 interfaces 42-5

MAC address and IP address 42-9

passive interfaces 42-101

protocols

distance-vector 42-3

dynamic 42-3

link-state 42-3

proxy ARP 42-10

redistribution 42-94

reverse address resolution 42-9

routed ports 42-5

static routing 42-3

steps to configure 42-5

subnet mask 42-7

subnet zero 42-7

supernet 42-8

UDP 42-16

unicast reverse path forwarding 1-15, 42-89

with SVIs 42-5

See also BGP

See also EIGRP

See also OSPF

See also RIP

IPv4 ACLs

applying to interfaces 37-20

extended, creating 37-11

named 37-15

standard, creating 37-10

IPv6

ACLs

displaying 38-8

limitations 38-3

matching criteria 38-3

port 38-2

precedence 38-2

router 38-2

supported 38-2

addresses 43-2

IPv6

address formats 43-2

and switch stacks 43-9

applications 43-5

assigning address 43-11

autoconfiguration 43-5

CEFv6 43-19

default configuration 43-11

default router preference (DRP) 43-4

defined 43-1

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 43-7

EIGRP IPv6 Commands 43-7

Router ID 43-7

feature limitations 43-9

features not supported 43-8

forwarding 43-11

ICMP 43-4

monitoring 43-27

neighbor discovery 43-4

OSPF 43-7

path MTU discovery 43-4

SDM templates 8-2, 27-1, 38-1

stack master functions 43-10

Stateless Autoconfiguration 43-5

supported features 43-3

switch limitations 43-9

understanding static routes 43-6

IPv6 traffic, filtering 38-4

IRDP

configuring 42-13

definition 42-13

support for 1-14

IS-IS

addresses 42-65

area routing 42-65

default configuration 42-66

monitoring 42-74

show commands 42-74

system routing 42-65

ISL

and IPv6 43-3

and trunk ports 13-3

encapsulation 1-9, 15-14

trunking with IEEE 802.1 tunneling 19-5

ISO CLNS

clear commands 42-74

dynamic routing protocols 42-64

monitoring 42-74

NETs 42-64

NSAPs 42-64

OSI standard 42-64

ISO IGRP

area routing 42-65

system routing 42-65

isolated port 18-2

isolated VLANs 18-2, 18-3

J

join messages, IGMP 26-3

K

KDC

described 10-39

See also Kerberos

keepalive messages 20-2

Kerberos

authenticating to

boundary switch 10-42

KDC 10-42

network services 10-42

configuration examples 10-39

configuring 10-42

credentials 10-40

described 10-39

KDC 10-39

operation 10-41

realm 10-41

server 10-41

support for 1-11

switch as trusted third party 10-39

terms 10-40

TGT 10-41

tickets 10-40

key distribution center

See KDC

L

l2protocol-tunnel command 19-13

LACP

Layer 2 protocol tunneling 19-9

See EtherChannel

Layer 2 frames, classification with CoS 39-2

Layer 2 interfaces, default configuration 13-27

Layer 2 protocol tunneling

configuring 19-10

configuring for EtherChannels 19-14

default configuration 19-11

defined 19-8

guidelines 19-12

Layer 2 traceroute

and ARP 51-17

and CDP 51-17

broadcast traffic 51-16

described 51-16

IP addresses and subnets 51-17

MAC addresses and VLANs 51-17

multicast traffic 51-17

multiple devices on a port 51-17

unicast traffic 51-16

usage guidelines 51-17

Layer 3 features 1-14

Layer 3 interfaces

assigning IP addresses to 42-7

assigning IPv4 and IPv6 addresses to 43-14

assigning IPv6 addresses to 43-12

changing from Layer 2 mode 42-7, 42-80, 42-81

types of 42-5

Layer 3 packets, classification methods 39-2

LDAP 4-2

Leaking IGMP Reports 23-4

LEDs, switch

See hardware installation guide

Lightweight Directory Access Protocol

See LDAP

line configuration mode 2-2

Link Aggregation Control Protocol

See EtherChannel

Link Failure, detecting unidirectional 21-7

Link Layer Discovery Protocol

See CDP

link local unicast addresses 43-3

link redundancy

See Flex Links

links, unidirectional 31-1

link state advertisements (LSAs) 42-31

link-state protocols 42-3

link-state tracking

configuring 40-25

described 40-23

LLDP

configuring 30-5

characteristics 30-6

default configuration 30-5

enabling 30-6

monitoring and maintaining 30-11

overview 30-1

supported TLVs 30-2

switch stack considerations 30-2

transmission timer and holdtime, setting 30-6

LLDP-MED

configuring

procedures 30-5

TLVs 30-7

monitoring and maintaining 30-11

overview 30-1, 30-2

supported TLVs 30-2

LLDP Media Endpoint Discovery

See LLDP-MED

load balancing 44-4

local SPAN 32-2

location TLV 30-3, 30-7

logging messages, ACL 37-9

login authentication

with RADIUS 10-29

with TACACS+ 10-14

login banners 7-17

log messages

See system message logging

Long-Reach Ethernet (LRE) technology 1-21, 1-31

loop guard

described 22-11

enabling 22-18

support for 1-8

LRE profiles, considerations in switch clusters 6-16

M

MAC/PHY configuration status TLV 30-2

MAC addresses

aging time 7-21

and VLAN association 7-20

building the address table 7-20

default configuration 7-21

disabling learning on a VLAN 7-30

discovering 7-31

displaying 7-30

displaying in the IP source binding table 24-25

dynamic

learning 7-20

removing 7-22

in ACLs 37-28

IP address association 42-9

static

adding 7-27

allowing 7-29, 7-30

characteristics of 7-27

dropping 7-28

removing 7-27

MAC address learning 1-6

MAC address learning, disabling on a VLAN 7-30

MAC address notification, support for 1-15

MAC address-table move update

configuration guidelines 23-8

configuring 23-12

default configuration 23-8

description 23-6

monitoring 23-14

MAC address-to-VLAN mapping 15-26

MAC authentication bypass 11-14

MAC extended access lists

applying to Layer 2 interfaces 37-30

configuring for QoS 39-50

creating 37-28

defined 37-28

for QoS classification 39-5

macros

See Auto Smartports macros

See Smartports macros

MACsec 11-31

and stacking 11-32

configuring on an interface 11-67

defined 11-31

MACsec Key Agreement Protocol

See MKA

magic packet 11-24

manageability features 1-6

management access

in-band

browser session 1-7

CLI session 1-7

device manager 1-7

SNMP 1-7

out-of-band console port connection 1-7

management address TLV 30-2

management options

CLI 2-1

clustering 1-3

CNS 4-1

Network Assistant 1-2

overview 1-5

switch stacks 1-3

management VLAN

considerations in switch clusters 6-7

discovery through different management VLANs 6-7

mapping tables for QoS

configuring

CoS-to-DSCP 39-71

DSCP 39-70

DSCP-to-CoS 39-74

DSCP-to-DSCP-mutation 39-75

IP-precedence-to-DSCP 39-72

policed-DSCP 39-73

described 39-13

marking

action in policy map 39-57

action with aggregate policers 39-68

described 39-4, 39-9

matching IPv4 ACLs 37-8

maximum aging time

MSTP 21-24

STP 20-23

maximum hop count, MSTP 21-25

maximum number of allowed devices, port-based authentication 11-38

maximum-paths command 42-52, 42-91

MDA

configuration guidelines 11-27 to 11-28

described 1-10, 11-27

exceptions with authentication process 11-4

Media Access Control Security

See MACsec

Medianet

See Auto Smartports macros

membership mode, VLAN port 15-3

member switch

automatic discovery 6-5

defined 6-2

managing 6-16

passwords 6-13

recovering from lost connectivity 51-12

requirements 6-4

See also candidate switch, cluster standby group, and standby command switch

messages, to users through banners 7-17

metrics, in BGP 42-52

metric translations, between routing protocols 42-97

metro tags 19-2

MHSRP 44-4

MIBs

accessing files with FTP A-4

location of files A-4

overview 35-1

SNMP interaction with 35-4

supported A-1

mini-point-of-presence

See POP

mini-type USB console port 13-13

mirroring traffic for analysis 32-1

mismatches, autonegotiation 51-13

MKA

configuring policies 11-67

defined 11-31

policies 11-32

replay protection 11-32

statistics 11-34

virtual ports 11-32

module number 13-18

monitoring

access groups 37-41

BGP 42-63

cables for unidirectional links 31-1

CDP 29-5

CEF 42-90

EIGRP 42-43

fallback bridging 50-10

features 1-15

Flex Links 23-14

HSRP 44-13

IEEE 802.1Q tunneling 19-18

IGMP

snooping 26-15, 27-12

interfaces 13-45

monitoring

IP

address tables 42-18

multicast routing 48-62

routes 42-104

IP SLAs operations 45-13

IPv4 ACL configuration 37-41

IPv6 43-27

IPv6 ACL configuration 38-8

IS-IS 42-74

ISO CLNS 42-74

Layer 2 protocol tunneling 19-18

MAC address-table move update 23-14

MSDP peers 49-19

multicast router interfaces 26-16, 27-12

multi-VRF CE 42-88

network traffic for analysis with probe 32-2

object tracking 46-12

OSPF 42-35

port

blocking 28-19

protection 28-19

private VLANs 18-14

RP mapping information 48-35

SFP status 13-46, 51-14

source-active messages 49-19

speed and duplex mode 13-29

SSM mapping 48-22

traffic flowing among switches 33-1

traffic suppression 28-19

tunneling 19-18

VLAN

filters 37-42

maps 37-42

VLANs 15-14

VMPS 15-30

VTP 16-17

mrouter Port 23-3

mrouter port 23-5

MSDP

benefits of 49-3

clearing MSDP connections and statistics 49-19

controlling source information

forwarded by switch 49-12

originated by switch 49-8

received by switch 49-14

default configuration 49-4

dense-mode regions

sending SA messages to 49-17

specifying the originating address 49-18

filtering

incoming SA messages 49-14

SA messages to a peer 49-12

SA requests from a peer 49-11

join latency, defined 49-6

meshed groups

configuring 49-16

defined 49-16

originating address, changing 49-18

overview 49-1

peer-RPF flooding 49-2

peers

configuring a default 49-4

monitoring 49-19

peering relationship, overview 49-1

requesting source information from 49-8

shutting down 49-16

source-active messages

caching 49-6

clearing cache entries 49-19

defined 49-2

filtering from a peer 49-11

filtering incoming 49-14

filtering to a peer 49-12

limiting data with TTL 49-14

monitoring 49-19

restricting advertised sources 49-9

support for 1-14

MSTP

boundary ports

configuration guidelines 21-16

described 21-6

BPDU filtering

described 22-3

enabling 22-14

BPDU guard

described 22-2

enabling 22-13

CIST, described 21-3

CIST regional root 21-3

CIST root 21-5

configuration guidelines 21-15, 22-12

configuring

forward-delay time 21-24

hello time 21-23

link type for rapid convergence 21-25

maximum aging time 21-24

maximum hop count 21-25

MST region 21-16

neighbor type 21-26

path cost 21-21

port priority 21-20

root switch 21-18

secondary root switch 21-19

switch priority 21-22

CST

defined 21-3

operations between regions 21-3

default configuration 21-14

default optional feature configuration 22-12

displaying status 21-27

enabling the mode 21-16

EtherChannel guard

described 22-10

enabling 22-17

MSTP

extended system ID

effects on root switch 21-18

effects on secondary root switch 21-19

unexpected behavior 21-18

IEEE 802.1s

implementation 21-6

port role naming change 21-6

terminology 21-5

instances supported 20-10

interface state, blocking to forwarding 22-2

interoperability and compatibility among modes 20-10

interoperability with IEEE 802.1D

described 21-8

restarting migration process 21-26

IST

defined 21-2

master 21-3

operations within a region 21-3

loop guard

described 22-11

enabling 22-18

mapping VLANs to MST instance 21-17

MST region

CIST 21-3

configuring 21-16

described 21-2

hop-count mechanism 21-5

IST 21-2

supported spanning-tree instances 21-2

optional features supported 1-8

overview 21-2

Port Fast

described 22-2

enabling 22-12

preventing root switch selection 22-10

MSTP

root guard

described 22-10

enabling 22-18

root switch

configuring 21-18

effects of extended system ID 21-18

unexpected behavior 21-18

shutdown Port Fast-enabled port 22-2

stack changes, effects of 21-8

status, displaying 21-27

MTU

system 13-40

system jumbo 13-39

system routing 13-39

multiauth

support for inaccessible authentication bypass 11-21

multiauth mode

See multiple-authentication mode

multicast groups

Immediate Leave 26-5

joining 26-3

leaving 26-4

static joins 26-9, 27-8

multicast packets

ACLs on 37-41

blocking 28-8

multicast router interfaces, monitoring 26-16, 27-12

multicast router ports, adding 26-8, 27-8

Multicast Source Discovery Protocol

See MSDP

multicast storm 28-1

multicast storm-control command 28-4

multicast television application 26-17

multicast VLAN 26-16

Multicast VLAN Registration

See MVR

multidomain authentication

See MDA

multioperations scheduling, IP SLAs 45-5

multiple authentication 11-12

Multiple HSRP

See MHSRP

multiple VPN routing/forwarding in customer edge devices

See multi-VRF CE

multi-VRF CE

configuration example 42-85

configuration guidelines 42-77

configuring 42-77

default configuration 42-77

defined 42-74

displaying 42-88

monitoring 42-88

network components 42-77

packet-forwarding process 42-76

support for 1-14

MVR

and address aliasing 26-19

and IGMPv3 26-20

configuring interfaces 26-21

default configuration 26-19

described 26-16

example application 26-17

in the switch stack 26-19

modes 26-20

multicast television application 26-17

setting global parameters 26-20

support for 1-5

N

NAC

AAA down policy 1-11

critical authentication 11-20, 11-53

IEEE 802.1x authentication using a RADIUS server 11-58

IEEE 802.1x validation using RADIUS server 11-58

NAC

inaccessible authentication bypass 1-11, 11-53

Layer 2 IEEE 802.1x validation 1-11, 11-58

Layer 2 IP validation 1-11

named IPv4 ACLs 37-15

named IPv6 ACLs 38-3

NameSpace Mapper

See NSM

native VLAN

and IEEE 802.1Q tunneling 19-4

configuring 15-21

default 15-21

NEAT

configuring 11-59

overview 11-29

neighbor discovery, IPv6 43-4

neighbor discovery/recovery, EIGRP 42-36

neighbors, BGP 42-58

Network Admission Control

See NAC

Network Assistant

benefits 1-2

described 1-5

downloading image files 1-3

guide mode 1-3

management options 1-2

managing switch stacks 5-3, 5-17

requirements l

upgrading a switch B-25

wizards 1-3

network configuration examples

cost-effective wiring closet 1-21

high-performance wiring closet 1-22

increasing network performance 1-19

large network 1-28

long-distance, high-bandwidth transport 1-32

multidwelling network 1-31

providing network services 1-20

redundant Gigabit backbone 1-24

network configuration examples

server aggregation and Linux server cluster 1-24

small to medium-sized network 1-26

network design

performance 1-20

services 1-20

Network Edge Access Topology

See NEAT

network management

CDP 29-1

RMON 33-1

SNMP 35-1

network performance, measuring with IP SLAs 45-3

network policy TLV 30-2, 30-7

Network Time Protocol

See NTP

no commands 2-4

nonhierarchical policy maps

configuration guidelines 39-37

configuring 39-57

described 39-10

non-IP traffic filtering 37-28

nontrunking mode 15-16

normal-range VLANs 15-4

configuration guidelines 15-5

configuring 15-4

defined 15-1

no switchport command 13-4

note, described l

not-so-stubby areas

See NSSA

NSAPs, as ISO IGRP addresses 42-65

NSF Awareness

IS-IS 42-67

NSM 4-3

NSSA, OSPF 42-31

NTP

associations

authenticating 7-4

defined 7-2

enabling broadcast messages 7-6

peer 7-5

server 7-5

default configuration 7-4

displaying the configuration 7-11

overview 7-2

restricting access

creating an access group 7-8

disabling NTP services per interface 7-10

source IP address, configuring 7-10

stratum 7-2

support for 1-6

synchronizing devices 7-5

time

services 7-2

synchronizing 7-2

O

OBFL

configuring 51-26

described 51-26

displaying 51-27

object tracking

HSRP 46-7

IP SLAs 46-9

IP SLAs, configuring 46-9

monitoring 46-12

offline configuration for switch stacks 5-8

off mode, VTP 16-3

on-board failure logging

See OBFL

online diagnostics

described 52-1

overview 52-1

running tests 52-4

open1x

configuring 11-64

open1x authentication

overview 11-27

Open Shortest Path First

See OSPF

optimizing system resources 8-1

options, management 1-5

OSPF

area parameters, configuring 42-31

configuring 42-29

default configuration

metrics 42-32

route 42-32

settings 42-27

described 42-25

for IPv6 43-7

interface parameters, configuring 42-30

LSA group pacing 42-34

monitoring 42-35

router IDs 42-34

route summarization 42-32

support for 1-14

virtual links 42-32

out-of-profile markdown 1-13

P

packet modification, with QoS 39-22

PAgP

Layer 2 protocol tunneling 19-9

See EtherChannel

parallel paths, in routing tables 42-91

passive interfaces

configuring 42-101

OSPF 42-33

passwords

default configuration 10-2

disabling recovery of 10-5

encrypting 10-3

for security 1-10

in clusters 6-14

overview 10-1

recovery of 51-3

setting

enable 10-3

enable secret 10-3

Telnet 10-6

with usernames 10-6

VTP domain 16-9

path cost

MSTP 21-21

STP 20-20

path MTU discovery 43-4

payload encryption 1-1

PBR

defined 42-97

enabling 42-99

fast-switched policy-based routing 42-100

local policy-based routing 42-100

PC (passive command switch) 6-10

peers, BGP 42-58

percentage thresholds in tracked lists 46-6

performance, network design 1-19

performance features 1-4

persistent self-signed certificate 10-50

per-user ACLs and Filter-Ids 11-9

per-VLAN spanning-tree plus

See PVST+

PE to CE routing, configuring 42-84

physical ports 13-2

PIM

default configuration 48-11

dense mode

overview 48-4

rendezvous point (RP), described 48-5

RPF lookups 48-9

displaying neighbors 48-63

enabling a mode 48-13

overview 48-4

router-query message interval, modifying 48-38

shared tree and source tree, overview 48-35

shortest path tree, delaying the use of 48-37

sparse mode

join messages and shared tree 48-5

overview 48-5

prune messages 48-5

RPF lookups 48-9

stub routing

configuration guidelines 48-22

enabling 48-23

overview 48-5

support for 1-14

versions

interoperability 48-11

troubleshooting interoperability problems 48-35

v2 improvements 48-4

PIM-DVMRP, as snooping method 26-8

ping

character output description 51-16

executing 51-15

overview 51-15

PoE

auto mode 13-9

CDP with power consumption, described 13-7

CDP with power negotiation, described 13-7

Cisco intelligent power management 13-7

configuring 13-32

devices supported 13-7

PoE

high-power devices operating in low-power mode 13-7

IEEE power classification levels 13-8

monitoring 13-10

monitoring power 13-35

policing power consumption 13-35

policing power usage 13-10

power budgeting 13-33

power consumption 13-33

powered-device detection and initial power allocation 13-8

power management modes 13-9

power negotiation extensions to CDP 13-7

standards supported 13-7

static mode 13-10

troubleshooting 51-13

policed-DSCP map for QoS 39-73

policers

configuring

for each matched traffic class 39-57

for more than one traffic class 39-68

described 39-4

displaying 39-88

number of 39-38

types of 39-10

policing

described 39-4

hierarchical

See hierarchical policy maps

token-bucket algorithm 39-10

policy-based routing

See PBR

policy maps for QoS

characteristics of 39-57

described 39-8

displaying 39-88

hierarchical 39-9

hierarchical on SVIs

configuration guidelines 39-37

configuring 39-61

described 39-12

nonhierarchical on physical ports

configuration guidelines 39-37

configuring 39-57

described 39-10

POP 1-31

port ACLs

defined 37-2

types of 37-3

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting 11-13

authentication server

defined 11-3, 12-2

RADIUS server 11-3

client, defined 11-3, 12-2

configuration guidelines 11-36, 12-9

configuring

802.1x authentication 11-41

guest VLAN 11-51

host mode 11-44

inaccessible authentication bypass 11-53

manual re-authentication of a client 11-46

periodic re-authentication 11-45

quiet period 11-47

RADIUS server 11-44, 12-12

RADIUS server parameters on the switch 11-43, 12-11

restricted VLAN 11-52

port-based authentication

switch-to-client frame-retransmission number 11-48, 11-49

switch-to-client retransmission time 11-47

violation mode 11-24

violation modes 11-41

default configuration 11-35, 12-9

described 11-1

device roles 11-3, 12-2

displaying statistics 11-69, 12-17

downloadable ACLs and redirect URLs

configuring 11-61 to 11-63, ?? to 11-64

overview 11-17 to 11-18

EAPOL-start frame 11-6

EAP-request/identity frame 11-6

EAP-response/identity frame 11-6

enabling

802.1X authentication 12-11

encapsulation 11-3

flexible authentication ordering

configuring 11-64

overview 11-27

guest VLAN

configuration guidelines 11-19, 11-20

described 11-19

host mode 11-12

inaccessible authentication bypass

configuring 11-53

described 11-20

guidelines 11-37

initiation and message exchange 11-6

magic packet 11-24

maximum number of allowed devices per port 11-38

method lists 11-41

multiple authentication 11-12

multiple-hosts mode, described 11-12

port-based authentication

per-user ACLs

AAA authorization 11-41

configuration tasks 11-17

described 11-16

RADIUS server attributes 11-16

ports

authorization state and dot1x port-control command 11-10

authorized and unauthorized 11-10

voice VLAN 11-23

port security

and voice VLAN 11-24

described 11-24

interactions 11-24

multiple-hosts mode 11-12

readiness check

configuring 11-38

described 11-14, 11-38

resetting to default values 11-66

stack changes, effects of 11-11

statistics, displaying 11-69

switch

as proxy 11-3, 12-2

RADIUS client 11-3

switch supplicant

configuring 11-59

overview 11-29

user distribution

guidelines 11-23

overview 11-22

VLAN assignment

AAA authorization 11-41

characteristics 11-15

configuration tasks 11-16

described 11-15

voice aware 802.1x security

configuring 11-39

described 11-30, 11-39

port-based authentication

voice VLAN

described 11-23

PVID 11-23

VVID 11-23

wake-on-LAN, described 11-24

port-based authentication methods, supported 11-8

port blocking 1-4, 28-7

port-channel

See EtherChannel

port description TLV 30-2

Port Fast

described 22-2

enabling 22-12

mode, spanning tree 15-27

support for 1-8

port membership modes, VLAN 15-3

port priority

MSTP 21-20

STP 20-18

ports

10-Gigabit Ethernet 13-7

access 13-3

blocking 28-7

dynamic access 15-3

protected 28-6

routed 13-4

secure 28-9

static-access 15-3, 15-9

switch 13-2

trunks 15-3, 15-14

VLAN assignments 15-9

port security

aging 28-17

and other features 28-11

and private VLANs 28-18

and QoS trusted boundary 39-42

and stacking 28-18

configuration guidelines 28-11

port security

configuring 28-13

default configuration 28-11

described 28-8

displaying 28-19

enabling 28-18

on trunk ports 28-14

sticky learning 28-9

violations 28-10

port-shutdown response, VMPS 15-26

port VLAN ID TLV 30-2

power management TLV 30-2, 30-7

Power over Ethernet

See PoE

power supply

configuring 13-44

managing 13-44

preemption, default configuration 23-8

preemption delay, default configuration 23-8

preferential treatment of traffic

See QoS

prefix lists, BGP 42-56

preventing unauthorized access 10-1

primary interface for object tracking, DHCP, configuring 46-11

primary interface for static routing, configuring 46-10

primary links 23-2

primary VLANs 18-1, 18-3

priority

HSRP 44-8

overriding CoS 17-6

trusting CoS 17-6

private VLAN edge ports

See protected ports

private VLANs

across multiple switches 18-4

and SDM template 18-4

and SVIs 18-5

and switch stacks 18-5

benefits of 18-1

community ports 18-2

community VLANs 18-2, 18-3

configuration guidelines 18-6, 18-8

configuration tasks 18-6

configuring 18-9

default configuration 18-6

end station access to 18-3

IP addressing 18-3

isolated port 18-2

isolated VLANs 18-2, 18-3

mapping 18-13

monitoring 18-14

ports

community 18-2

configuration guidelines 18-8

configuring host ports 18-11

configuring promiscuous ports 18-12

isolated 18-2

promiscuous 18-2

primary VLANs 18-1, 18-3

promiscuous ports 18-2

secondary VLANs 18-2

subdomains 18-1

traffic in 18-4

privileged EXEC mode 2-2

privilege levels

changing the default for lines 10-9

command switch 6-17

exiting 10-9

logging into 10-9

mapping on member switches 6-17

overview 10-2, 10-7

setting a command with 10-8

promiscuous ports

configuring 18-12

defined 18-2

protected ports 1-10, 28-6

protocol-dependent modules, EIGRP 42-36

Protocol-Independent Multicast Protocol

See PIM

provider edge devices 42-75

provisioning new members for a switch stack 5-8

proxy ARP

configuring 42-12

definition 42-10

with IP routing disabled 42-12

proxy reports 23-3

pruning, VTP

disabling

in VTP domain 16-15

on a port 15-21

enabling

in VTP domain 16-15

on a port 15-20

examples 16-7

overview 16-6

pruning-eligible list

changing 15-20

for VTP pruning 16-6

VLANs 16-15

PVST+

described 20-9

IEEE 802.1Q trunking interoperability 20-11

instances supported 20-10

Q

QoS

and MQC commands 39-1

auto-QoS

categorizing traffic 39-24

configuration and defaults display 39-33

configuration guidelines 39-28

described 39-23

disabling 39-30

displaying generated commands 39-30

displaying the initial configuration 39-33

effects on running configuration 39-28

egress queue defaults 39-24

enabling for VoIP 39-29

example configuration 39-30

ingress queue defaults 39-24

list of generated commands 39-25

basic model 39-4

classification

class maps, described 39-8

defined 39-4

DSCP transparency, described 39-43

flowchart 39-7

forwarding treatment 39-3

in frames and packets 39-3

IP ACLs, described 39-7, 39-8

MAC ACLs, described 39-5, 39-8

options for IP traffic 39-6

options for non-IP traffic 39-5

policy maps, described 39-8

trust DSCP, described 39-5

trusted CoS, described 39-5

trust IP precedence, described 39-5

class maps

configuring 39-51

displaying 39-88

QoS

configuration guidelines

auto-QoS 39-28

standard QoS 39-36

configuring

aggregate policers 39-68

auto-QoS 39-23

default port CoS value 39-41

DSCP maps 39-70

DSCP transparency 39-43

DSCP trust states bordering another domain 39-44

egress queue characteristics 39-80

ingress queue characteristics 39-76

IP extended ACLs 39-47

IP standard ACLs 39-46

MAC ACLs 39-50

policy maps, hierarchical 39-61

policy maps on physical ports 39-57

port trust states within the domain 39-40

trusted boundary 39-42

default auto configuration 39-24

default standard configuration 39-34

displaying statistics 39-88

DSCP transparency 39-43

egress queues

allocating buffer space 39-81

buffer allocation scheme, described 39-20

configuring shaped weights for SRR 39-85

configuring shared weights for SRR 39-86

described 39-4

displaying the threshold map 39-84

flowchart 39-19

mapping DSCP or CoS values 39-83

scheduling, described 39-4

setting WTD thresholds 39-81

WTD, described 39-22

enabling globally 39-38

QoS

flowcharts

classification 39-7

egress queueing and scheduling 39-19

ingress queueing and scheduling 39-16

policing and marking 39-11

implicit deny 39-8

ingress queues

allocating bandwidth 39-78

allocating buffer space 39-78

buffer and bandwidth allocation, described 39-18

configuring shared weights for SRR 39-78

configuring the priority queue 39-79

described 39-4

displaying the threshold map 39-77

flowchart 39-16

mapping DSCP or CoS values 39-77

priority queue, described 39-18

scheduling, described 39-4

setting WTD thresholds 39-77

WTD, described 39-18

IP phones

automatic classification and queueing 39-23

detection and trusted settings 39-23, 39-42

limiting bandwidth on egress interface 39-87

mapping tables

CoS-to-DSCP 39-71

displaying 39-88

DSCP-to-CoS 39-74

DSCP-to-DSCP-mutation 39-75

IP-precedence-to-DSCP 39-72

policed-DSCP 39-73

types of 39-13

marked-down actions 39-59, 39-65

marking, described 39-4, 39-9

overview 39-2

packet modification 39-22

QoS

policers

configuring 39-59, 39-65, 39-69

described 39-9

displaying 39-88

number of 39-38

types of 39-10

policies, attaching to an interface 39-9

policing

described 39-4, 39-9

token bucket algorithm 39-10

policy maps

characteristics of 39-57

displaying 39-88

hierarchical 39-9

hierarchical on SVIs 39-61

nonhierarchical on physical ports 39-57

QoS label, defined 39-4

queues

configuring egress characteristics 39-80

configuring ingress characteristics 39-76

high priority (expedite) 39-22, 39-86

location of 39-14

SRR, described 39-15

WTD, described 39-15

rewrites 39-22

support for 1-12

trust states

bordering another domain 39-44

described 39-5

trusted device 39-42

within the domain 39-40

quality of service

See QoS

queries, IGMP 26-3

query solicitation, IGMP 26-12

R

RADIUS

attributes

vendor-proprietary 10-36

vendor-specific 10-35

configuring

accounting 10-34

authentication 10-29

authorization 10-33

communication, global 10-27, 10-35

communication, per-server 10-27

multiple UDP ports 10-27

default configuration 10-27

defining AAA server groups 10-31

displaying the configuration 10-39

identifying the server 10-27

in clusters 6-16

limiting the services to the user 10-33

method list, defined 10-26

operation of 10-19

overview 10-18

server load balancing 10-39

suggested network environments 10-18

support for 1-11

tracking services accessed by user 10-34

RADIUS Change of Authorization 10-19

range

macro 13-21

of interfaces 13-19

rapid convergence 21-10

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described 20-9

IEEE 802.1Q trunking interoperability 20-11

instances supported 20-10

Rapid Spanning Tree Protocol

See RSTP

RARP 42-10

rcommand command 6-16

RCP

configuration files

downloading B-18

overview B-17

preparing the server B-17

uploading B-19

image files

deleting old image B-38

downloading B-37

preparing the server B-36

uploading B-38

reachability, tracking IP SLAs IP host 46-9

readiness check

port-based authentication

configuring 11-38

described 11-14, 11-38

reconfirmation interval, VMPS, changing 15-29

reconfirming dynamic VLAN membership 15-29

redirect URL 11-17, 11-61

redundancy

EtherChannel 40-3

HSRP 44-1

STP

backbone 20-8

multidrop backbone 22-5

path cost 15-24

port priority 15-22

redundant links and UplinkFast 22-15

redundant power system

See Cisco Redundant Power System 2300

reliable transport protocol, EIGRP 42-36

reloading software 3-22

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN 32-3

report suppression, IGMP

described 26-5

disabling 26-15, 27-11

requirements

cluster l

device manager l

Network Assistant l

resequencing ACL entries 37-15

reserved addresses in DHCP pools 24-27

resets, in BGP 42-50

resetting a UDLD-shutdown interface 31-6

responder, IP SLAs

described 45-4

enabling 45-7

response time, measuring with IP SLAs 45-4

restricted VLAN

configuring 11-52

described 11-20

using with IEEE 802.1x 11-20

restricting access

NTP services 7-8

overview 10-1

passwords and privilege levels 10-2

RADIUS 10-17

TACACS+ 10-10

retry count, VMPS, changing 15-30

reverse address resolution 42-9

Reverse Address Resolution Protocol

See RARP

RFC

1058, RIP 42-20

1112, IP multicast and IGMP 26-2

1157, SNMPv1 35-2

1163, BGP 42-43

RFC

1166, IP addresses 42-7

1253, OSPF 42-25

1267, BGP 42-43

1305, NTP 7-2

1587, NSSAs 42-26

1757, RMON 33-2

1771, BGP 42-43

1901, SNMPv2C 35-2

1902 to 1907, SNMPv2 35-2

2236, IP multicast and IGMP 26-2

2273-2275, SNMPv3 35-2

RFC 5176 Compliance 10-20

RIP

advertisements 42-20

authentication 42-23

configuring 42-21

default configuration 42-21

described 42-20

for IPv6 43-7

hop counts 42-20

split horizon 42-23

summary addresses 42-24

support for 1-14

RMON

default configuration 33-3

displaying status 33-6

enabling alarms and events 33-3

groups supported 33-2

overview 33-1

statistics

collecting group Ethernet 33-5

collecting group history 33-5

support for 1-16

root guard

described 22-10

enabling 22-18

support for 1-8

root switch

MSTP 21-18

STP 20-15

route calculation timers, OSPF 42-33

route dampening, BGP 42-62

routed packets, ACLs on 37-40

routed ports

configuring 42-5

defined 13-4

in switch clusters 6-8

IP addresses on 13-37, 42-5

route-map command 42-99

route maps

BGP 42-54

policy-based routing 42-97

router ACLs

defined 37-2

types of 37-4

route reflectors, BGP 42-61

router ID, OSPF 42-34

route selection, BGP 42-52

route summarization, OSPF 42-32

route targets, VPN 42-77

routing

default 42-3

dynamic 42-3

redistribution of information 42-94

static 42-3

routing domain confederation, BGP 42-61

Routing Information Protocol

See RIP

routing protocol administrative distances 42-92

RPS

See Cisco Redundant Power System 2300

RPS 2300

See Cisco Redundant Power System 2300

RSPAN 32-3

and stack changes 32-10

characteristics 32-9

configuration guidelines 32-17

default configuration 32-12

destination ports 32-8

displaying status 32-28

in a switch stack 32-3

interaction with other features 32-9

monitored ports 32-7

monitoring ports 32-8

overview 1-15, 32-1

received traffic 32-6

session limits 32-12

sessions

creating 32-18

defined 32-4

limiting source traffic to specific VLANs 32-20

specifying monitored ports 32-18

with ingress traffic enabled 32-22

source ports 32-7

transmitted traffic 32-6

VLAN-based 32-7

RSTP

active topology 21-9

BPDU

format 21-12

processing 21-13

designated port, defined 21-9

designated switch, defined 21-9

interoperability with IEEE 802.1D

described 21-8

restarting migration process 21-26

topology changes 21-13

overview 21-9

port roles

described 21-9

synchronized 21-11

proposal-agreement handshake process 21-10

RSTP

rapid convergence

cross-stack rapid convergence 21-11

described 21-10

edge ports and Port Fast 21-10

point-to-point links 21-10, 21-25

root ports 21-10

root port, defined 21-9

See also MSTP

running configuration

replacing B-20, B-21

rolling back B-20, B-22

saving 3-15

S

SC (standby command switch) 6-10

scheduled reloads 3-22

scheduling, IP SLAs operations 45-5

SCP

and SSH 10-55

configuring 10-56

SDM

described 8-1

switch stack consideration 5-10

templates

configuring 8-5

number of 8-1

SDM template

configuring 8-4

dual IPv4 and IPv6 8-2

types of 8-1

secondary VLANs 18-2

Secure Copy Protocol

secure HTTP client

configuring 10-54

displaying 10-55

secure HTTP server

configuring 10-53

displaying 10-55

secure MAC addresses

and switch stacks 28-18

deleting 28-16

maximum number of 28-10

types of 28-9

secure ports

and switch stacks 28-18

configuring 28-9

secure remote connections 10-45

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port 28-8

security features 1-9

See SCP

sequence numbers in log messages 34-8

server mode, VTP 16-3

service-provider network, MSTP and RSTP 21-1

service-provider networks

and customer VLANs 19-2

and IEEE 802.1Q tunneling 19-1

Layer 2 protocols across 19-8

Layer 2 protocol tunneling for EtherChannels 19-9

session keys, MKA 11-31

set-request operation 35-4

setup program

failed command switch replacement 51-11

replacing failed command switch 51-9

severity levels, defining in system messages 34-9

SFPs

monitoring status of 13-46, 51-14

numbering of 13-18

security and identification 51-14

status, displaying 51-14

shaped round robin

See SRR

Shell functions

See Auto Smartports macros

Shell triggers

See Auto Smartports macros

show access-lists hw-summary command 37-22

show and more command output, filtering 2-9

show cdp traffic command 29-5

show cluster members command 6-16

show configuration command 13-36

show forward command 51-22

show interfaces command 13-29, 13-36

show interfaces switchport 23-4

show l2protocol command 19-13, 19-15, 19-16

show lldp traffic command 30-11

show platform forward command 51-22

show running-config command

displaying ACLs 37-20, 37-21, 37-33, 37-35

interface description in 13-36

shutdown command on interfaces 13-47

shutdown threshold for Layer 2 protocol packets 19-11

Simple Network Management Protocol

See SNMP

single session ID 11-30

small form-factor pluggable modules

See SFPs

small-frame arrival rate, configuring 28-5

Smartports macros

applying Cisco-default macros 14-18

applying global parameter values 14-18, 14-19

configuration guidelines 14-17

default configuration 14-17

defined 14-1

displaying 14-20

tracing 14-17

SNAP 29-1

SNMP

accessing MIB variables with 35-4

agent

described 35-4

disabling 35-7

and IP SLAs 45-2

authentication level 35-10

community strings

configuring 35-8

for cluster switches 35-4

overview 35-4

configuration examples 35-18

default configuration 35-6

engine ID 35-7

groups 35-7, 35-9

host 35-7

ifIndex values 35-5

in-band management 1-7

in clusters 6-14

informs

and trap keyword 35-12

described 35-5

differences from traps 35-5

disabling 35-15

enabling 35-15

limiting access by TFTP servers 35-17

limiting system log messages to NMS 34-10

manager functions 1-6, 35-3

managing clusters with 6-17

MIBs

location of A-4

supported A-1

notifications 35-5

overview 35-1, 35-4

security levels 35-3

setting CPU threshold notification 35-16

status, displaying 35-19

system contact and location 35-16

trap manager, configuring 35-14

SNMP

traps

described 35-3, 35-5

differences from informs 35-5

disabling 35-15

enabling 35-12

enabling MAC address notification 7-22, 7-24, 7-25

overview 35-1, 35-4

types of 35-12

users 35-7, 35-9

versions supported 35-2

SNMP and Syslog Over IPv6 43-7

SNMPv1 35-2

SNMPv2C 35-2

SNMPv3 35-2

snooping, IGMP 26-2

software compatibility

See stacks, switch

software images

location in flash B-26

recovery procedures 51-2

scheduling reloads 3-22

tar file format, described B-26

See also downloading and uploading

software images in mixed stacks

See the Cisco Software Activation and Compatibility Document

source addresses

in IPv4 ACLs 37-12

in IPv6 ACLs 38-5

source-and-destination-IP address based forwarding, EtherChannel 40-9

source-and-destination MAC address forwarding, EtherChannel 40-9

source-IP address based forwarding, EtherChannel 40-9

source-MAC address forwarding, EtherChannel 40-8

Source-specific multicast

See SSM

SPAN

and stack changes 32-10

configuration guidelines 32-12

default configuration 32-12

destination ports 32-8

displaying status 32-28

interaction with other features 32-9

monitored ports 32-7

monitoring ports 32-8

overview 1-15, 32-1

ports, restrictions 28-12

received traffic 32-6

session limits 32-12

sessions

configuring ingress forwarding 32-16, 32-23

creating 32-13, 32-25

defined 32-4

limiting source traffic to specific VLANs 32-16

removing destination (monitoring) ports 32-14

specifying monitored ports 32-13, 32-25

with ingress traffic enabled 32-15

source ports 32-7

transmitted traffic 32-6

VLAN-based 32-7

spanning tree and native VLANs 15-17

Spanning Tree Protocol

See STP

SPAN traffic 32-6

split horizon, RIP 42-23

SRR

configuring

shaped weights on egress queues 39-85

shared weights on egress queues 39-86

shared weights on ingress queues 39-78

described 39-15

shaped mode 39-15

shared mode 39-16

support for 1-13

SSH

configuring 10-46

described 1-7, 10-45

encryption methods 10-45

switch stack considerations 5-17

user authentication methods, supported 10-45

SSL

configuration guidelines 10-52

configuring a secure HTTP client 10-54

configuring a secure HTTP server 10-53

described 10-49

monitoring 10-55

SSM

address management restrictions 48-16

CGMP limitations 48-16

components 48-14

configuration guidelines 48-16

configuring 48-14, 48-17

differs from Internet standard multicast 48-14

IGMP snooping 48-16

IGMPv3 48-14

IGMPv3 Host Signalling 48-15

IP address range 48-15

monitoring 48-17

operations 48-15

PIM 48-14

state maintenance limitations 48-16

SSM mapping 48-17

configuration guidelines 48-17

configuring 48-17, 48-20

DNS-based 48-19, 48-20

monitoring 48-22

overview 48-18

restrictions 48-18

static 48-18, 48-20

static traffic forwarding 48-21

stack changes

effects on

IPv6 routing 43-10

stack changes, effects on

ACL configuration 37-7

CDP 29-2

cross-stack EtherChannel 40-13

EtherChannel 40-10

fallback bridging 50-3

HSRP 44-5

IEEE 802.1x port-based authentication 11-11

IGMP snooping 26-6

IP routing 42-4

IPv6 ACLs 38-3

MAC address tables 7-21

MSTP 21-8

multicast routing 48-10

MVR 26-17

port security 28-18

SDM template selection 8-3

SNMP 35-1

SPAN and RSPAN 32-10

STP 20-11

switch clusters 6-14

system message log 34-2

VLANs 15-6

VTP 16-7

stacking

and MACsec 11-32

stack master

bridge ID (MAC address) 5-7

defined 5-2

election 5-5

IPv6 43-10

re-election 5-5

See also stacks, switch

stack member

accessing CLI of specific member 5-25

configuring

member number 5-22

priority value 5-23

defined 5-2

stack member

displaying information of 5-25

IPv6 43-10

number 5-7

priority value 5-8

provisioning a new member 5-23

replacing 5-16

See also stacks, switch

stack member number 13-17

stack protocol version 5-11

stacks, switch

accessing CLI of specific member 5-25

assigning information

member number 5-22

priority value 5-23

provisioning a new member 5-23

auto-advise 5-13

auto-copy 5-12

auto-extract 5-12

auto-upgrade 5-12

bridge ID 5-7

Catalyst 3750-X-only 5-2

CDP considerations 29-2

compatibility, software 5-11

configuration file 5-15

configuration scenarios 5-18

copying an image file from one member to another B-39

default configuration 5-20

description of 5-2

displaying information of 5-25

enabling persistent MAC address timer 5-20

hardware compatibility and SDM mismatch mode 5-10

HSRP considerations 44-5

in clusters 6-14

incompatible software and image upgrades 5-15, B-39

IPv6 on 43-9

MAC address considerations 7-21

stacks, switch

MAC address of 5-20

management connectivity 5-17

managing 5-1

managing mixed

See Catalyst 3750-E and 3750 Switch Stacking Compatibility Guide

membership 5-4

merged 5-4

mixed

hardware 5-2

hardware and software 5-2

software 5-2

with Catalyst 3750-E and 3750 switches 5-2

mixed software images

See Cisco Software Activation and Compatibility Document

MSTP instances supported 20-10

multicast routing, stack master and member roles 48-10

offline configuration

described 5-8

effects of adding a provisioned switch 5-9

effects of removing a provisioned switch 5-10

effects of replacing a provisioned switch 5-10

provisioned configuration, defined 5-8

provisioned switch, defined 5-8

provisioning a new member 5-23

partitioned 5-4, 51-8

provisioned switch

adding 5-9

removing 5-10

replacing 5-10

replacing a failed member 5-16

software compatibility 5-11

software image version 5-11

stack protocol version 5-11

stacks, switch

STP

bridge ID 20-3

instances supported 20-10

root port selection 20-3

stack root switch election 20-3

system messages

hostnames in the display 34-1

remotely monitoring 34-2

system prompt consideration 7-14

system-wide configuration considerations 5-16

upgrading B-39

version-mismatch (VM) mode

automatic upgrades with auto-upgrade 5-12

described 5-12

examples 5-13

manual upgrades with auto-advise 5-13

upgrades with auto-extract 5-12

See also stack master and stack member

StackWise Plus technology, Cisco 1-3

See also stacks, switch

standby command switch

configuring

considerations 6-11

defined 6-2

priority 6-10

requirements 6-3

virtual IP address 6-11

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

standby ip command 44-6

standby links 23-2

standby router 44-1

standby timers, HSRP 44-11

startup configuration

booting

manually 3-18

specific image 3-19

clearing B-20

configuration file

automatically downloading 3-17

specifying the filename 3-17

default boot configuration 3-17

static access ports

assigning to VLAN 15-9

defined 13-3, 15-3

static addresses

See addresses

static IP routing 1-14

static MAC addressing 1-10

static route primary interface, configuring 46-10

static routes

configuring 42-92

understanding 43-6

static routing 42-3

static routing support, enhanced object tracking 46-10

static SSM mapping 48-18, 48-20

static traffic forwarding 48-21

static VLAN membership 15-2

statistics

802.1X 12-17

CDP 29-5

IEEE 802.1x 11-69

interface 13-45

IP multicast routing 48-63

MKA 11-34

OSPF 42-35

QoS ingress and egress 39-88

RMON group Ethernet 33-5

RMON group history 33-5

SNMP input and output 35-19

VTP 16-17

sticky learning 28-9

storm control

configuring 28-3

described 28-1

disabling 28-5

displaying 28-19

support for 1-4

thresholds 28-1

STP

accelerating root port selection 22-4

BackboneFast

described 22-7

disabling 22-17

enabling 22-16

BPDU filtering

described 22-3

disabling 22-15

enabling 22-14

BPDU guard

described 22-2

disabling 22-14

enabling 22-13

BPDU message exchange 20-3

configuration guidelines 20-13, 22-12

configuring

forward-delay time 20-23

hello time 20-22

maximum aging time 20-23

path cost 20-20

port priority 20-18

root switch 20-15

secondary root switch 20-17

spanning-tree mode 20-14

switch priority 20-21

transmit hold-count 20-24

counters, clearing 20-24

cross-stack UplinkFast

described 22-5

enabling 22-16

default configuration 20-12

STP

default optional feature configuration 22-12

designated port, defined 20-4

designated switch, defined 20-4

detecting indirect link failures 22-8

disabling 20-15

displaying status 20-24

EtherChannel guard

described 22-10

disabling 22-17

enabling 22-17

extended system ID

effects on root switch 20-16

effects on the secondary root switch 20-17

overview 20-4

unexpected behavior 20-16

features supported 1-8

IEEE 802.1D and bridge ID 20-4

IEEE 802.1D and multicast addresses 20-8

IEEE 802.1t and VLAN identifier 20-5

inferior BPDU 20-3

instances supported 20-10

interface state, blocking to forwarding 22-2

interface states

blocking 20-6

disabled 20-7

forwarding 20-6, 20-7

learning 20-7

listening 20-7

overview 20-5

interoperability and compatibility among modes 20-10

keepalive messages 20-2

Layer 2 protocol tunneling 19-8

limitations with IEEE 802.1Q trunks 20-10

load sharing

overview 15-22

using path costs 15-24

using port priorities 15-22

STP

loop guard

described 22-11

enabling 22-18

modes supported 20-9

multicast addresses, effect of 20-8

optional features supported 1-8

overview 20-2

path costs 15-24, 15-25

Port Fast

described 22-2

enabling 22-12

port priorities 15-23

preventing root switch selection 22-10

protocols supported 20-9

redundant connectivity 20-8

root guard

described 22-10

enabling 22-18

root port, defined 20-3

root port selection on a switch stack 20-3

root switch

configuring 20-16

effects of extended system ID 20-4, 20-16

election 20-3

unexpected behavior 20-16

shutdown Port Fast-enabled port 22-2

stack changes, effects of 20-11

status, displaying 20-24

superior BPDU 20-3

timers, described 20-22

UplinkFast

described 22-3

enabling 22-15

VLAN-bridge 20-11

stratum, NTP 7-2

stub areas, OSPF 42-31

stub routing, EIGRP 42-42

subdomains, private VLAN 18-1

subnet mask 42-7

subnet zero 42-7

success response, VMPS 15-26

summer time 7-13

SunNet Manager 1-6

supernet 42-8

supported port-based authentication methods 11-8

Smartports macros

See also Auto Smartports macros

SVI autostate exclude

configuring 13-39

defined 13-6

SVI link state 13-6

SVIs

and IP unicast routing 42-5

and router ACLs 37-4

connecting VLANs 13-12

defined 13-5

routing between VLANs 15-2

switch 43-2

switch clustering technology 6-1

See also clusters, switch

switch console port 1-7

Switch Database Management

See SDM

switched packets, ACLs on 37-39

Switched Port Analyzer

See SPAN

switched ports 13-2

switchport backup interface 23-4, 23-5

switchport block multicast command 28-8

switchport block unicast command 28-8

switchport command 13-27

switchport mode dot1q-tunnel command 19-7

switchport protected command 28-7

switch priority

MSTP 21-22

STP 20-21

switch software features 1-1

switch virtual interface

See SVI

synchronization, BGP 42-48

syslog

See system message logging

system capabilities TLV 30-2

system clock

configuring

daylight saving time 7-13

manually 7-11

summer time 7-13

time zones 7-12

displaying the time and date 7-12

overview 7-2

See also NTP

system description TLV 30-2

system message logging

default configuration 34-4

defining error message severity levels 34-9

disabling 34-4

displaying the configuration 34-14

enabling 34-5

facility keywords, described 34-14

level keywords, described 34-10

limiting messages 34-10

message format 34-2

overview 34-1

sequence numbers, enabling and disabling 34-8

setting the display destination device 34-5

stack changes, effects of 34-2

synchronizing log messages 34-6

syslog facility 1-16

time stamps, enabling and disabling 34-8

UNIX syslog servers

configuring the daemon 34-12

configuring the logging facility 34-13

facilities supported 34-14

system MTU

and IS-IS LSPs 42-69

system MTU and IEEE 802.1Q tunneling 19-5

system name

default configuration 7-15

default setting 7-15

manual configuration 7-15

See also DNS

system name TLV 30-2

system prompt, default setting 7-14, 7-15

system resources, optimizing 8-1

system routing

IS-IS 42-65

ISO IGRP 42-65

T

TACACS+

accounting, defined 10-11

authentication, defined 10-11

authorization, defined 10-11

configuring

accounting 10-17

authentication key 10-13

authorization 10-16

login authentication 10-14

default configuration 10-13

displaying the configuration 10-17

identifying the server 10-13

in clusters 6-16

limiting the services to the user 10-16

operation of 10-12

overview 10-10

support for 1-11

tracking services accessed by user 10-17

tagged packets

IEEE 802.1Q 19-3

Layer 2 protocol 19-8

tar files

creating B-7

displaying the contents of B-7

extracting B-8

image file format B-26

TCL script, registering and defining with embedded event manager 36-7

TDR 1-16

Telnet

accessing management interfaces 2-10

number of connections 1-7

setting a password 10-6

templates, SDM 8-2

temporary self-signed certificate 10-50

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password 10-6

TFTP

configuration files

downloading B-12

preparing the server B-11

uploading B-13

configuration files in base directory 3-8

configuring for autoconfiguration 3-7

image files

deleting B-30

downloading B-28

preparing the server B-28

uploading B-30

limiting access by servers 35-17

TFTP server 1-6

threshold, traffic level 28-2

threshold monitoring, IP SLAs 45-6

time

See NTP and system clock

Time Domain Reflector

See TDR

time-range command 37-17

time ranges in ACLs 37-17

time stamps in log messages 34-8

time zones 7-12

TLVs

defined 30-2

LLDP 30-2

LLDP-MED 30-2

Token Ring VLANs

support for 15-5

VTP support 16-4

ToS 1-13

traceroute, Layer 2

and ARP 51-17

and CDP 51-17

broadcast traffic 51-16

described 51-16

IP addresses and subnets 51-17

MAC addresses and VLANs 51-17

multicast traffic 51-17

multiple devices on a port 51-17

unicast traffic 51-16

usage guidelines 51-17

traceroute command 51-18

See also IP traceroute

tracked lists

configuring 46-3

types 46-3

tracked objects

by Boolean expression 46-4

by threshold percentage 46-6

by threshold weight 46-5

tracking interface line-protocol state 46-2

tracking IP routing state 46-2

tracking objects 46-2

tracking process 46-1

track state, tracking IP SLAs 46-9

traffic

blocking flooded 28-8

fragmented 37-5

fragmented IPv6 38-2

unfragmented 37-5

traffic policing 1-13

traffic suppression 28-1

transmit hold-count

see STP

transparent mode, VTP 16-3

trap-door mechanism 3-2

traps

configuring MAC address notification 7-22, 7-24, 7-25

configuring managers 35-12

defined 35-3

enabling 7-22, 7-24, 7-25, 35-12

notification types 35-12

overview 35-1, 35-4

troubleshooting

connectivity problems 51-15, 51-16, 51-18

CPU utilization 51-28

detecting unidirectional links 31-1

displaying crash information 51-24

PIMv1 and PIMv2 interoperability problems 48-35

setting packet forwarding 51-22

SFP security and identification 51-14

show forward command 51-22

with CiscoWorks 35-4

with debug commands 51-20

with ping 51-15

with system message logging 34-1

with traceroute 51-18

trunk failover

See link-state tracking

trunking encapsulation 1-9

trunk ports

configuring 15-18

defined 13-3, 15-3

encapsulation 15-18, 15-23, 15-25

trunks

allowed-VLAN list 15-19

configuring 15-18, 15-23, 15-25

ISL 15-14

load sharing

setting STP path costs 15-24

using STP port priorities 15-22, 15-23

native VLAN for untagged traffic 15-21

parallel 15-24

pruning-eligible list 15-20

to non-DTP device 15-15

trusted boundary for QoS 39-42

trusted port states

between QoS domains 39-44

classification options 39-5

ensuring port security for IP phones 39-42

support for 1-13

within a QoS domain 39-40

trustpoints, CA 10-49

tunneling

defined 19-1

IEEE 802.1Q 19-1

Layer 2 protocol 19-8

tunnel ports

described 13-4, 19-2

IEEE 802.1Q, configuring 19-7

incompatibilities with other features 19-6

twisted-pair Ethernet, detecting unidirectional links 31-1

type of service

See ToS

U

UDLD

configuration guidelines 31-4

default configuration 31-4

UDLD

disabling

globally 31-5

on fiber-optic interfaces 31-5

per interface 31-6

echoing detection mechanism 31-3

enabling

globally 31-5

per interface 31-6

Layer 2 protocol tunneling 19-10

link-detection mechanism 31-1

neighbor database 31-2

overview 31-1

resetting an interface 31-6

status, displaying 31-7

support for 1-8

UDP, configuring 42-16

UDP jitter, configuring 45-9

UDP jitter operation, IP SLAs 45-8

unauthorized ports with IEEE 802.1x 11-10

unicast MAC address filtering 1-6

and adding static addresses 7-28

and broadcast MAC addresses 7-28

and CPU packets 7-28

and multicast addresses 7-28

and router MAC addresses 7-28

configuration guidelines 7-28

described 7-28

unicast storm 28-1

unicast storm control command 28-4

unicast traffic, blocking 28-8

UniDirectional Link Detection protocol

See UDLD

universal software image 1-1

feature set

IP base 1-1

IP services 1-2

UNIX syslog servers

daemon configuration 34-12

facilities supported 34-14

message logging configuration 34-13

unrecognized Type-Length-Value (TLV) support 16-4

upgrading information

See release notes

upgrading software images

See downloading

UplinkFast

described 22-3

disabling 22-16

enabling 22-15

support for 1-8

uploading

configuration files

preparing B-11, B-14, B-17

reasons for B-9

using FTP B-16

using RCP B-19

using TFTP B-13

image files

preparing B-28, B-31, B-36

reasons for B-25

using FTP B-34

using RCP B-38

using TFTP B-30

USB flash devices 13-16

USB inactivity timer 13-15

USB port

mini-type B 13-13

USB ports 13-13

USB Type A port 1-8

USB type A port 13-16

User Datagram Protocol

See UDP

user EXEC mode 2-2

username-based authentication 10-6

V

version-dependent transparent mode 16-4

version-mismatch (VM) mode

automatic upgrades with auto-upgrade 5-12

described 5-12

displaying 5-12

manual upgrades with auto-advise 5-13

upgrades with auto-extract 5-12

virtual IP address

cluster standby group 6-11

command switch 6-11

virtual ports, MKA 11-32

Virtual Private Network

See VPN

virtual router 44-1, 44-2

virtual switches and PAgP