A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
X -
Index
A
abbreviating commands 2-4
AC (command switch) 6-9
access-class command 31-16
access control entries
See ACEs
access-denied response, VMPS 14-24
access groups, applying IPv4 ACLs to interfaces 31-17
accessing
clusters, switch 6-12
command switches 6-10
member switches 6-12
switch clusters 6-12
access lists
See ACLs
access ports
in switch clusters 6-8
access ports, defined 12-2
accounting
with 802.1x 11-34
with IEEE 802.1x 11-8
with RADIUS 10-28
with TACACS+ 10-11, 10-17
ACEs
and QoS 33-7
defined 31-2
Ethernet 31-2
IP 31-2
ACLs
ACEs 31-2
any keyword 31-9
applying
time ranges to 31-14
to an interface 31-16
to QoS 33-7
classifying traffic for QoS 33-39
comments in 31-15
compiling 31-17
defined 31-1, 31-5
examples of 31-17, 33-39
extended IP, configuring for QoS classification 33-40
extended IPv4
creating 31-8
matching criteria 31-5
hardware and software handling 31-17
host keyword 31-10
IP
creating 31-5
fragments and QoS guidelines 33-30
implicit deny 31-7, 31-11, 31-13
implicit masks 31-7
matching criteria 31-5
undefined 31-17
IPv4
applying to interfaces 31-16
creating 31-5
matching criteria 31-5
named 31-12
numbers 31-6
terminal lines, setting on 31-16
unsupported features 31-4
MAC extended 31-19, 33-41
matching 31-5, 31-17
monitoring 31-22
named, IPv4 31-12
number per QoS class map 33-30
QoS 33-7, 33-39
resequencing entries 31-12
standard IP, configuring for QoS classification 33-39
standard IPv4
creating 31-7
matching criteria 31-5
support for 1-8
support in hardware 31-17
time ranges 31-14
unsupported features, IPv4 31-4
active link 20-4, 20-5, 20-6
active links 20-2
active traffic monitoring, IP SLAs 32-1
address aliasing 22-2
addresses
displaying the MAC address table 7-27
dynamic
accelerated aging 17-8
changing the aging time 7-21
default aging 17-8
defined 7-19
learning 7-20
removing 7-22
IPv6 34-2
MAC, discovering 7-27
multicast, STP address management 17-8
static
adding and removing 7-24
defined 7-19
address resolution 7-27
Address Resolution Protocol
See ARP
advertisements
CDP 25-1
LLDP 24-2
VTP 14-16, 15-3
aggregatable global unicast addresses 34-3
aggregated ports
See EtherChannel
aggregate policers 33-47
aggregate policing 1-9
aging, accelerating 17-8
aging time
accelerated
for MSTP 18-23
for STP 17-8, 17-21
MAC address table 7-21
maximum
for MSTP 18-23, 18-24
for STP 17-21, 17-22
alarm profiles
configuring 3-11
creating or modifying 3-10
alarms
default configuration 3-4
displaying 3-12
power supply 3-2
temperature 3-2
alarms, RMON 28-3
allowed-VLAN list 14-18
ARP
defined 1-5, 7-27
table
address resolution 7-27
managing 7-27
associating the temperature alarms to a relay 3-7
attaching an alarm profile to a port 3-11
attributes, RADIUS
vendor-proprietary 10-31
vendor-specific 10-29
authentication
local mode with AAA 10-32
NTP associations 7-4
RADIUS
key 10-21
login 10-23
TACACS+
defined 10-11
key 10-13
login 10-14
See also port-based authentication
authentication failed VLAN
See restricted VLAN
authoritative time source, described 7-2
authorization
with RADIUS 10-27
with TACACS+ 10-11, 10-16
authorized ports with IEEE 802.1x 11-7
autoconfiguration 4-3
automatic discovery
considerations
beyond a noncandidate device 6-7
brand new switches 6-8
connectivity 6-4
different VLANs 6-6
management VLANs 6-7
non-CDP-capable devices 6-6
noncluster-capable devices 6-6
in switch clusters 6-4
See also CDP
automatic QoS
See QoS
automatic recovery, clusters 6-9
See also HSRP
auto-MDIX
configuring 12-16
described 12-16
autonegotiation
duplex mode 1-3
interface configuration guidelines 12-13
mismatches 36-7
autosensing, port speed 1-3
auxiliary VLAN
See voice VLAN
availability, features 1-6
B
BackboneFast
described 19-5
disabling 19-14
enabling 19-13
support for 1-6
backup interfaces
See Flex Links
backup links 20-2
banners
configuring
login 7-19
message-of-the-day login 7-18
default configuration 7-17
when displayed 7-17
Berkeley r-tools replacement 10-44
binding database
DHCP snooping
See DHCP snooping binding database
bindings
DHCP snooping database 21-5
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 23-7
booting
boot loader, function of 4-2
boot process 4-1
manually 4-17
specific image 4-17
boot loader
accessing 4-18
described 4-2
environment variables 4-18
prompt 4-18
trap-door mechanism 4-2
BPDU
error-disabled state 19-2
filtering 19-3
RSTP format 18-12
BPDU filtering
described 19-3
disabling 19-12
enabling 19-12
support for 1-7
BPDU guard
described 19-2
disabling 19-12
enabling 19-11
support for 1-7
bridge protocol data unit
See BPDU
broadcast storm-control command 23-4
broadcast storms 23-1
C
cables, monitoring for unidirectional links 26-1
candidate switch
automatic discovery 6-4
defined 6-3
requirements 6-3
See also command switch, cluster standby group, and member switch
CA trustpoint
configuring 10-40
defined 10-38
CDP
and trusted boundary 33-34
automatic discovery in switch clusters 6-4
configuring 25-2
default configuration 25-2
defined with LLDP 24-1
described 25-1
disabling for routing device25-3to 25-4
enabling and disabling
on an interface 25-4
on a switch 25-3
monitoring 25-4
overview 25-1
support for 1-5
transmission timer and holdtime, setting 25-2
updates 25-2
CGMP
as IGMP snooping learning method 22-8
joining multicast group 22-3
CipherSuites 10-39
Cisco 7960 IP Phone 16-1
Cisco Discovery Protocol
See CDP
Cisco IOS File System
See IFS
Cisco IOS IP Service Level Agreements (SLAs) responder 1-4
Cisco IOS IP SLAs 32-1
CiscoWorks 2000 1-4, 30-4
CIST regional root
See MSTP
CIST root
See MSTP
civic location 24-3
class maps for QoS
configuring 33-42
described 33-7
displaying 33-67
class of service
See CoS
clearing interfaces 12-19
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-4
editing features
enabling and disabling 2-7
keystroke editing 2-7
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
managing clusters 6-13
no and default forms of commands 2-4
client mode, VTP 15-3
clock
See system clock
clusters, switch
accessing 6-12
automatic discovery 6-4
automatic recovery 6-9
benefits 1-2
compatibility 6-4
described 6-1
LRE profile considerations 6-13
managing
through CLI 6-13
through SNMP 6-14
planning 6-4
planning considerations
automatic discovery 6-4
automatic recovery 6-9
CLI 6-13
host names 6-12
IP addresses 6-12
LRE profiles 6-13
passwords 6-12
RADIUS 6-13
SNMP 6-13, 6-14
TACACS+ 6-13
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
automatic recovery 6-11
considerations 6-10
defined 6-2
requirements 6-3
virtual IP address 6-10
See also HSRP
CNS 1-5
Configuration Engine
configID, deviceID, hostname 5-3
configuration service 5-2
described 5-1
event service 5-3
embedded agents
described 5-5
enabling automated configuration 5-6
enabling configuration agent 5-9
enabling event agent 5-7
management functions 1-4
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 10-8
command switch
accessing 6-10
active (AC) 6-9
configuration conflicts 36-7
defined 6-2
passive (PC) 6-9
password privilege levels 6-14
priority 6-9
recovery
from command-switch failure 6-9, 36-4
from lost member connectivity 36-7
redundant 6-9
replacing
with another switch 36-6
with cluster member 36-4
requirements 6-3
standby (SC) 6-9
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
configuring 6-13, 30-8
for cluster switches 30-4
in clusters 6-13
overview 30-4
SNMP 6-13
compatibility, feature 23-12
config.text 4-16
configurable leave timer, IGMP 22-5
configuration, initial
defaults 1-11
Express Setup 1-2
configuration changes, logging 29-10
configuration conflicts, recovering from lost member connectivity 36-7
configuration examples, network 1-13
configuration files
archiving B-19
clearing the startup configuration B-19
creating using a text editor B-10
default name 4-16
deleting a stored configuration B-19
described B-8
downloading
automatically 4-16
preparing B-11, B-13, B-16
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-11
guidelines for creating and using B-9
guidelines for replacing and rolling back B-21
invalid combinations when copying B-5
limiting TFTP server access 30-15
obtaining with DHCP 4-8
password recovery disable considerations 10-5
replacing a running configuration B-19, B-20
rolling back a running configuration B-19, B-20
specifying the filename 4-16
system contact and location information 30-15
types and location B-10
uploading
preparing B-11, B-13, B-16
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
configuration logger 29-10
configuration logging 2-5
configuration replacement B-19
configuration rollback B-19
configuration settings, saving 4-14
configure terminal command 12-6
configuring port-based authentication violation modes11-26to 11-27
configuring small-frame arrival rate 23-5
config-vlan mode 2-2, 14-6
conflicts, configuration 36-7
connections, secure remote 10-33
connectivity problems 36-8, 36-10, 36-11
consistency checks in VTP Version 2 15-4
console port, connecting to 2-10
control protocol, IP SLAs 32-3
corrupted software, recovery steps with Xmodem 36-2
CoS
in Layer 2 frames 33-2
override priority 16-6
trust priority 16-6
CoS input queue threshold map for QoS 33-14
CoS output queue threshold map for QoS 33-16
CoS-to-DSCP map for QoS 33-50
counters, clearing interface 12-19
crashinfo file 36-17
critical authentication, IEEE 802.1x 11-38
cryptographic software image
SSH 10-33
SSL 10-37
D
daylight saving time 7-13
debugging
enabling all system diagnostics 36-15
enabling for a specific feature 36-14
redirecting error message output 36-15
using commands 36-14
default alarm configuration 3-4
default commands 2-4
default configuration
802.1x 11-21
auto-QoS 33-18
banners 7-17
booting 4-16
CDP 25-2
DHCP 21-7
DHCP option 82 21-7
DHCP snooping 21-7
DHCP snooping binding database 21-7
DNS 7-16
EtherChannel 35-9
Ethernet interfaces 12-10
Flex Links 20-8
IGMP filtering 22-24
IGMP snooping 22-6
IGMP throttling 22-24
initial switch information 4-3
IP SLAs 32-5
IPv6 34-6
Layer 2 interfaces 12-10
LLDP 24-3
MAC address table 7-21
MAC address-table move update 20-8
MSTP 18-14
MVR 22-19
NTP 7-4
optional spanning-tree configuration 19-9
password and privilege level 10-2
PTP 8-1
RADIUS 10-20
RMON 28-3
RSPAN 27-9
SDM template 9-2
SNMP 30-6
SPAN 27-9
SSL 10-40
standard QoS 33-27
STP 17-11
system message logging 29-3
system name and prompt 7-15
TACACS+ 10-13
UDLD 26-4
VLAN, Layer 2 Ethernet interfaces 14-16
VLANs 14-7
VMPS 14-25
voice VLAN 16-3
VTP 15-6
default gateway 4-14
deleting VLANs 14-9
denial-of-service attack 23-1
description command 12-17
designing your network, examples 1-13
destination addresses
in IPv4 ACLs 31-9
destination-IP address-based forwarding, EtherChannel 35-7
destination-MAC address forwarding, EtherChannel 35-7
detecting indirect link failures, STP 19-5
device B-23
device discovery protocol 24-1, 25-1
device manager
benefits 1-2
described 1-2, 1-4
in-band management 1-6
upgrading a switch B-23
DHCP
Cisco IOS server database
configuring 21-10
enabling
relay agent 21-8
DHCP-based autoconfiguration
client request message exchange 4-4
configuring
client side 4-3
DNS 4-7
relay device 4-8
server side 4-6
TFTP server 4-7
example 4-9
lease options
for IP address information 4-6
for receiving the configuration file 4-6
overview 4-3
relationship to BOOTP 4-4
relay support 1-5
support for 1-5
DHCP-based autoconfiguration and image update
configuring4-11to 4-13
understanding 4-5
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 21-5
configuration guidelines 21-7
default configuration 21-7
displaying 21-12
overview 21-3
packet format, suboption
circuit ID 21-5
remote ID 21-5
remote ID suboption 21-5
DHCP server port-based address allocation
configuration guidelines 21-13
default configuration 21-13
described 21-12
displaying 21-15
enabling 21-13
DHCP server port-based address assignment
support for 1-5
DHCP snooping
accepting untrusted packets form edge switch 21-3, 21-9
binding database
See DHCP snooping binding database
configuration guidelines 21-7
default configuration 21-7
displaying binding tables 21-12
message exchange process 21-4
option 82 data insertion 21-3
trusted interface 21-2
untrusted interface 21-2
untrusted messages 21-2
DHCP snooping binding database
adding bindings 21-11
binding entries, displaying 21-12
binding file
format 21-6
location 21-5
bindings 21-5
clearing agent statistics 21-11
configuration guidelines 21-8
configuring 21-11
default configuration 21-7
deleting
binding file 21-11
bindings 21-11
database agent 21-11
described 21-5
displaying 21-12
displaying status and statistics 21-12
enabling 21-11
entry 21-5
renewing database 21-11
resetting
delay value 21-11
timeout value 21-11
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 33-2
Differentiated Services Code Point 33-2
directed unicast requests 1-5
directories
changing B-4
creating and removing B-4
displaying the working B-4
discovery, clusters
See automatic discovery
displaying switch alarms 3-12
DNS
and DHCP-based autoconfiguration 4-7
default configuration 7-16
displaying the configuration 7-17
in IPv6 34-3
overview 7-15
setting up 7-16
support for 1-5
domain names
DNS 7-15
VTP 15-8
Domain Name System
See DNS
downloading
configuration files
preparing B-11, B-13, B-16
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-11
image files
deleting old image B-27
preparing B-25, B-29, B-33
reasons for B-23
using CMS 1-2
using FTP B-30
using HTTP 1-2, B-23
using RCP B-34
using TFTP B-26
using the device manager or Network Assistant B-23
DSCP 1-9, 33-2
DSCP input queue threshold map for QoS 33-14
DSCP output queue threshold map for QoS 33-16
DSCP-to-CoS map for QoS 33-53
DSCP-to-DSCP-mutation map for QoS 33-54
DSCP transparency 33-35
DTP 1-7, 14-14
dual-action detection 35-5
dual IPv4 and IPv6 templates 34-4, 34-5
dual protocol stacks
IPv4 and IPv6 34-5
SDM templates supporting 34-5
dual-purpose uplinks
defined 12-4
LEDs 12-4
link selection 12-4, 12-11
setting the type 12-11
dynamic access ports
characteristics 14-3
configuring 14-26
defined 12-3
dynamic addresses
See addresses
dynamic auto trunking mode 14-15
dynamic desirable trunking mode 14-15
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 14-24
reconfirming 14-27
troubleshooting 14-29
types of connections 14-26
Dynamic Trunking Protocol
See DTP
E
editing features
enabling and disabling 2-7
keystrokes used 2-7
wrapped lines 2-9
ELIN location 24-3
enable password 10-3
enable secret password 10-3
enabling SNMP traps 3-11
encryption, CipherSuite 10-39
encryption for passwords 10-3
environment variables, function of 4-19
error-disabled state, BPDU 19-2
error messages during command entry 2-5
EtherChannel
automatic creation of 35-4, 35-5
channel groups
binding physical and logical interfaces 35-3
numbering of 35-3
configuration guidelines 35-9
configuring Layer 2 interfaces 35-10
default configuration 35-9
described 35-2
displaying status 35-17
forwarding methods 35-7, 35-13
IEEE 802.3ad, described 35-5
interaction
with STP 35-10
with VLANs 35-10
LACP
described 35-5
displaying status 35-17
hot-standby ports 35-15
interaction with other features 35-6
modes 35-6
port priority 35-16
system priority 35-16
load balancing 35-7, 35-13
PAgP
aggregate-port learners 35-14
compatibility with Catalyst 1900 35-14
described 35-4
displaying status 35-17
interaction with other features 35-5
interaction with virtual switches 35-5
learn method and priority configuration 35-14
modes 35-4
support for 1-3
with dual-action detection 35-5
port-channel interfaces
described 35-3
numbering of 35-3
port groups 12-3
support for 1-3
EtherChannel guard
described 19-7
disabling 19-14
enabling 19-14
Ethernet VLANs
adding 14-8
defaults and ranges 14-7
modifying 14-8
EUI 34-3
events, RMON 28-3
examples
network configuration 1-13
expedite queue for QoS 33-66
Express Setup 1-2
See also getting started guide
extended crashinfo file 36-17
extended-range VLANs
configuration guidelines 14-12
configuring 14-11
creating 14-12
defined 14-1
extended system ID
MSTP 18-17
STP 17-4, 17-14
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 11-1
F
fa0 interface 1-6
Fast Convergence 20-3
FCS bit error rate alarm
configuring 3-8, 3-9
defined 3-3
FCS error hysteresis threshold 3-2
features, incompatible 23-12
fiber-optic, detecting unidirectional links 26-1
files
basic crashinfo
description 36-17
location 36-17
copying B-5
crashinfo, description 36-17
deleting B-5
displaying the contents of B-8
extended crashinfo
description 36-18
location 36-18
tar
creating B-6
displaying the contents of B-7
extracting B-7
image file format B-24
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-5
setting the default B-3
filtering
non-IP traffic 31-19
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
See ACLs, IP
flash device, number of B-1
Flex Link Multicast Fast Convergence 20-3
Flex Links
configuration guidelines 20-8
configuring 20-9
configuring preferred VLAN 20-12
configuring VLAN load balancing 20-11
default configuration 20-8
description 20-1
link load balancing 20-2
monitoring 20-14
VLANs 20-2
flooded traffic, blocking 23-8
flow-based packet classification 1-9
flowcharts
QoS classification 33-6
QoS egress queueing and scheduling 33-15
QoS ingress queueing and scheduling 33-13
QoS policing and marking 33-9
flowcontrol
configuring 12-15
described 12-15
forward-delay time
MSTP 18-23
STP 17-21
FTP
accessing MIB files A-3
configuration files
downloading B-13
overview B-12
preparing the server B-13
uploading B-14
image files
deleting old image B-31
downloading B-30
preparing the server B-29
uploading B-31
G
general query 20-5
Generating IGMP Reports 20-3
get-bulk-request operation 30-3
get-next-request operation 30-3, 30-4
get-request operation 30-3, 30-4
get-response operation 30-3
global configuration mode 2-2
global leave, IGMP 22-12
global status monitoring alarms 3-2
guest VLAN and 802.1x 11-11
guide mode 1-2
GUIs
See device manager and Network Assistant
H
hello time
MSTP 18-22
STP 17-20
help, for the command line 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 29-10
host names, in clusters 6-12
hosts, limit on dynamic ports 14-29
HP OpenView 1-4
HSRP
automatic cluster recovery 6-11
cluster standby group considerations 6-10
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
see HTTPS
HTTPS 10-38
configuring 10-41
self-signed certificate 10-38
HTTP secure server 10-38
I
ICMP
IPv6 34-3
time-exceeded messages 36-12
traceroute and 36-12
ICMP ping
executing 36-9
overview 36-9
ICMPv6 34-3
IDS appliances
and ingress RSPAN 27-20
and ingress SPAN 27-13
IEEE 1588 standard 8-1
IEEE 802.1D
See STP
IEEE 802.1p 16-1
IEEE 802.1Q
and trunk ports 12-3
configuration limitations 14-15
encapsulation 14-14
native VLAN for untagged traffic 14-19
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3x flow control 12-15
ifIndex values, SNMP 30-5
IFS 1-5
IGMP
configurable leave timer
described 22-5
enabling 22-10
flooded multicast traffic
controlling the length of time 22-11
disabling on an interface 22-12
global leave 22-12
query solicitation 22-12
recovering from flood mode 22-12
joining multicast group 22-3
join messages 22-3
leave processing, enabling 22-10
leaving multicast group 22-5
queries 22-4
report suppression
described 22-6
disabling 22-15
supported versions 22-2
support for 1-3
IGMP filtering
configuring 22-24
default configuration 22-24
described 22-23
monitoring 22-28
support for 1-3
IGMP groups
configuring filtering 22-27
setting the maximum number 22-26
IGMP Immediate Leave
configuration guidelines 22-10
described 22-5
enabling 22-10
IGMP profile
applying 22-25
configuration mode 22-24
configuring 22-25
IGMP snooping
and address aliasing 22-2
configuring 22-6
default configuration 22-6
definition 22-1
enabling and disabling 22-7
global configuration 22-7
Immediate Leave 22-5
method 22-8
monitoring 22-15
querier
configuration guidelines 22-13
configuring 22-13
supported versions 22-2
support for 1-3
VLAN configuration 22-7
IGMP throttling
configuring 22-27
default configuration 22-24
described 22-24
displaying action 22-28
Immediate Leave, IGMP 22-5
inaccessible authentication bypass 11-13
initial configuration
defaults 1-11
Express Setup 1-2
interface
range macros 12-8
interface command12-5to 12-6
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 12-16
configuration guidelines
duplex and speed 12-13
configuring
procedure 12-6
counters, clearing 12-19
default configuration 12-10
described 12-17
descriptive name, adding 12-17
displaying information about 12-19
flow control 12-15
management 1-4
monitoring 12-18
naming 12-17
physical, identifying 12-5
range of 12-6
restarting 12-20
shutting down 12-20
speed and duplex, configuring 12-14
status 12-18
supported 12-4
types of 12-1
interfaces range macro command 12-8
interface types 12-5
Internet Protocol version 6
See IPv6
Intrusion Detection System
See IDS appliances
inventory management TLV 24-2, 24-6
IP ACLs
for QoS classification 33-7
implicit deny 31-7, 31-11
implicit masks 31-7
named 31-12
undefined 31-17
IP addresses
128-bit 34-2
candidate or member 6-3, 6-12
cluster access 6-2
command switch 6-3, 6-10, 6-12
discovering 7-27
IPv6 34-2
redundant clusters 6-10
standby command switch 6-10, 6-12
See also IP information
ip igmp profile command 22-24
IP information
assigned
manually 4-14
through DHCP-based autoconfiguration 4-3
default configuration 4-3
IP phones
and QoS 16-1
automatic classification and queueing 33-18
configuring 16-4
ensuring port security with QoS 33-34
trusted boundary for QoS 33-34
IP precedence 33-2
IP-precedence-to-DSCP map for QoS 33-51
IP protocols in ACLs 31-9
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 32-1
IP SLAs
benefits 32-2
configuration guidelines 32-5
Control Protocol 32-3
default configuration 32-5
definition 32-1
measuring network performance 32-2
monitoring 32-6
operation 32-3
responder
described 32-3
enabling 32-5
response time 32-4
SNMP support 32-2
supported metrics 32-2
IP traceroute
executing 36-12
overview 36-11
IPv4 ACLs
applying to interfaces 31-16
extended, creating 31-8
named 31-12
standard, creating 31-7
IPv4 and IPv6
dual protocol stacks 34-4
IPv6
addresses 34-2
address formats 34-2
applications 34-4
assigning address 34-7
autoconfiguration 34-4
configuring static routes 34-10
default configuration 34-6
defined 34-1
forwarding 34-7
ICMP 34-3
monitoring 34-11
neighbor discovery 34-3
Stateless Autoconfiguration 34-4
supported features 34-2
understanding static routes 34-5
J
join messages, IGMP 22-3
L
LACP
See EtherChannel
Layer 2 frames, classification with CoS 33-2
Layer 2 interfaces, default configuration 12-10
Layer 2 traceroute
and ARP 36-11
and CDP 36-10
broadcast traffic 36-10
described 36-10
IP addresses and subnets 36-11
MAC addresses and VLANs 36-11
multicast traffic 36-11
multiple devices on a port 36-11
unicast traffic 36-10
usage guidelines 36-10
Layer 3 interfaces
assigning IPv6 addresses to 34-7
Layer 3 packets, classification methods 33-2
LDAP 5-2
Leaking IGMP Reports 20-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-3
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 18-7
link fault alarm 3-3
Link Layer Discovery Protocol
See CDP
link local unicast addresses 34-3
link redundancy
See Flex Links
links, unidirectional 26-1
link-state tracking
configuring 35-20
described 35-18
LLDP
configuring 24-3
characteristics 24-4
default configuration 24-3
disabling and enabling
globally 24-4
on an interface 24-5
monitoring and maintaining 24-7
overview 24-1
supported TLVs 24-2
switch stack considerations 24-2
transmission timer and holdtime, setting 24-4
LLDP-MED
configuring
procedures 24-3
TLVs 24-6
monitoring and maintaining 24-7
overview 24-1, 24-2
supported TLVs 24-2
LLDP Media Endpoint Discovery
See LLDP-MED
local SPAN 27-2
location TLV 24-3, 24-6
login authentication
with RADIUS 10-23
with TACACS+ 10-14
login banners 7-17
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-14
loop guard
described 19-9
enabling 19-15
support for 1-7
LRE profiles, considerations in switch clusters 6-13
M
MAB inactivity timer
default setting 11-22
range 11-25
MAC/PHY configuration status TLV 24-2
MAC addresses
aging time 7-21
and VLAN association 7-20
building the address table 7-20
default configuration 7-21
disabling learning on a VLAN 7-26
discovering 7-27
displaying 7-27
dynamic
learning 7-20
removing 7-22
in ACLs 31-19
static
adding 7-24
allowing 7-25, 7-26
characteristics of 7-24
dropping 7-25
removing 7-24
MAC address learning 1-5
MAC address learning, disabling on a VLAN 7-26
MAC address notification, support for 1-10
MAC address-table move update
configuration guidelines 20-8
configuring 20-12
default configuration 20-8
description 20-6
monitoring 20-14
MAC address-to-VLAN mapping 14-24
MAC authentication bypass 11-10
MAC extended access lists
applying to Layer 2 interfaces 31-21
configuring for QoS 33-41
creating 31-19
defined 31-19
for QoS classification 33-5
macros
See Smartports macros
magic packet 11-16
manageability features 1-5
management access
in-band
browser session 1-6
CLI session 1-6
device manager 1-6
SNMP 1-6
out-of-band console port connection 1-6
management address TLV 24-2
management options
CLI 2-1
clustering 1-3
CNS 5-1
Network Assistant 1-2
overview 1-4
management VLAN
considerations in switch clusters 6-7
discovery through different management VLANs 6-7
mapping tables for QoS
configuring
CoS-to-DSCP 33-50
DSCP 33-49
DSCP-to-CoS 33-53
DSCP-to-DSCP-mutation 33-54
IP-precedence-to-DSCP 33-51
policed-DSCP 33-52
described 33-10
marking
action with aggregate policers 33-47
described 33-4, 33-8
matching, IPv4 ACLs 31-5
maximum aging time
MSTP 18-23
STP 17-21
maximum hop count, MSTP 18-24
maximum number of allowed devices, port-based authentication 11-25
MDA
configuration guidelines11-18to 11-19
described 1-8, 11-18
exceptions with authentication process 11-4
membership mode, VLAN port 14-3
member switch
automatic discovery 6-4
defined 6-2
managing 6-13
passwords 6-12
recovering from lost connectivity 36-7
requirements 6-3
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 7-17
MIBs
accessing files with FTP A-3
location of files A-3
overview 30-1
SNMP interaction with 30-4
supported A-1
mirroring traffic for analysis 27-1
mismatches, autonegotiation 36-7
module number 12-5
monitoring
access groups 31-22
alarms 3-12
cables for unidirectional links 26-1
CDP 25-4
features 1-10
Flex Links 20-14
IGMP
filters 22-28
snooping 22-15
interfaces 12-18
IP SLAs operations 32-6
IPv4 ACL configuration 31-22
IPv6 34-11
MAC address-table move update 20-14
multicast router interfaces 22-16
MVR 22-23
network traffic for analysis with probe 27-2
port
blocking 23-18
protection 23-18
PTP 8-3
SFP status 12-19, 36-8
speed and duplex mode 12-14
traffic flowing among switches 28-1
traffic suppression 23-18
VLANs 14-13
VMPS 14-28
VTP 15-16
mrouter Port 20-3
mrouter port 20-5
MSTP
boundary ports
configuration guidelines 18-15
described 18-6
BPDU filtering
described 19-3
enabling 19-12
BPDU guard
described 19-2
enabling 19-11
CIST, described 18-3
CIST regional root 18-3
CIST root 18-5
configuration guidelines 18-14, 19-10
configuring
forward-delay time 18-23
hello time 18-22
link type for rapid convergence 18-24
maximum aging time 18-23
maximum hop count 18-24
MST region 18-15
neighbor type 18-25
path cost 18-20
port priority 18-19
root switch 18-17
secondary root switch 18-18
switch priority 18-21
CST
defined 18-3
operations between regions 18-3
default configuration 18-14
default optional feature configuration 19-9
displaying status 18-26
enabling the mode 18-15
EtherChannel guard
described 19-7
enabling 19-14
extended system ID
effects on root switch 18-17
effects on secondary root switch 18-18
unexpected behavior 18-17
IEEE 802.1s
implementation 18-6
port role naming change 18-6
terminology 18-5
instances supported 17-9
interface state, blocking to forwarding 19-2
interoperability and compatibility among modes 17-10
interoperability with IEEE 802.1D
described 18-8
restarting migration process 18-25
IST
defined 18-2
master 18-3
operations within a region 18-3
loop guard
described 19-9
enabling 19-15
mapping VLANs to MST instance 18-16
MST region
CIST 18-3
configuring 18-15
described 18-2
hop-count mechanism 18-5
IST 18-2
supported spanning-tree instances 18-2
optional features supported 1-7
overview 18-2
Port Fast
described 19-2
enabling 19-10
preventing root switch selection 19-8
root guard
described 19-8
enabling 19-15
root switch
configuring 18-17
effects of extended system ID 18-17
unexpected behavior 18-17
shutdown Port Fast-enabled port 19-2
status, displaying 18-26
multicast groups
Immediate Leave 22-5
joining 22-3
leaving 22-5
static joins 22-9
multicast router interfaces, monitoring 22-16
multicast router ports, adding 22-9
multicast storm 23-1
multicast storm-control command 23-4
multicast television application 22-17
multicast VLAN 22-16
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
MVR
and address aliasing 22-20
and IGMPv3 22-20
configuration guidelines 22-19
configuring interfaces 22-21
default configuration 22-19
described 22-16
example application 22-17
modes 22-20
monitoring 22-23
multicast television application 22-17
setting global parameters 22-20
support for 1-3
N
NAC
critical authentication 11-13, 11-38
IEEE 802.1x authentication using a RADIUS server 11-42
IEEE 802.1x validation using RADIUS server 11-42
inaccessible authentication bypass 11-38
Layer 2 IEEE 802.1x validation 1-9, 11-17, 11-42
named IPv4 ACLs 31-12
NameSpace Mapper
See NSM
native VLAN
configuring 14-19
default 14-19
neighbor discovery, IPv6 34-3
Network Admission Control
See NAC
Network Admission Control Software Configuration Guide 11-44, 11-45
Network Assistant
benefits 1-2
described 1-4
downloading image files 1-2
guide mode 1-2
management options 1-2
upgrading a switch B-23
wizards 1-2
network configuration examples
increasing network performance 1-13
providing network services 1-13
network design
performance 1-13
services 1-13
network management
CDP 25-1
RMON 28-1
SNMP 30-1
network performance, measuring with IP SLAs 32-2
network policy TLV 24-2, 24-6
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
described 33-8
non-IP traffic filtering 31-19
nontrunking mode 14-15
normal-range VLANs 14-4
configuration guidelines 14-5
configuration modes 14-6
configuring 14-4
defined 14-1
NSM 5-3
NTP
associations
authenticating 7-4
defined 7-2
enabling broadcast messages 7-6
peer 7-5
server 7-5
default configuration 7-4
displaying the configuration 7-11
overview 7-2
restricting access
creating an access group 7-8
disabling NTP services per interface 7-10
source IP address, configuring 7-10
stratum 7-2
support for 1-5
synchronizing devices 7-5
time
services 7-2
synchronizing 7-2
O
optimizing system resources 9-1
options, management 1-4
out-of-profile markdown 1-9
P
packet modification, with QoS 33-17
PAgP
See EtherChannel
passwords
default configuration 10-2
disabling recovery of 10-5
encrypting 10-3
for security 1-8
in clusters 6-12
overview 10-1
recovery of 36-3
setting
enable 10-3
enable secret 10-3
Telnet 10-6
with usernames 10-6
VTP domain 15-8
path cost
MSTP 18-20
STP 17-18
PC (passive command switch) 6-9
performance, network design 1-13
performance features 1-3
persistent self-signed certificate 10-38
per-VLAN spanning-tree plus
See PVST+
physical ports 12-2
PIM-DVMRP, as snooping method 22-8
ping
character output description 36-9
executing 36-9
overview 36-9
policed-DSCP map for QoS 33-52
policers
configuring
for each matched traffic class 33-44
for more than one traffic class 33-47
described 33-4
displaying 33-67
number of 33-30
types of 33-8
policing
described 33-4
token-bucket algorithm 33-9
policy maps for QoS
characteristics of 33-44
described 33-7
displaying 33-68
nonhierarchical on physical ports
described 33-8
port ACLs, described 31-2
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 11-8
authentication server
defined 11-2
RADIUS server 11-3
client, defined 11-2
configuration guidelines 11-23
configuring
802.1x authentication 11-27
guest VLAN 11-35
host mode 11-30
inaccessible authentication bypass 11-38
manual re-authentication of a client 11-31
periodic re-authentication 11-31
quiet period 11-32
RADIUS server 11-29
RADIUS server parameters on the switch 11-28
restricted VLAN 11-36
switch-to-client frame-retransmission number 11-33, 11-34
switch-to-client retransmission time 11-32
violation mode 11-16
violation modes11-26to 11-27
default configuration 11-21
described 11-1
device roles 11-2
displaying statistics 11-46
EAPOL-start frame 11-5
EAP-request/identity frame 11-5
EAP-response/identity frame 11-5
encapsulation 11-3
guest VLAN
configuration guidelines 11-12, 11-13
described 11-11
host mode 11-7
inaccessible authentication bypass
configuring 11-38
described 11-13
guidelines 11-24
initiation and message exchange 11-5
magic packet 11-16
maximum number of allowed devices per port 11-25
method lists 11-27
multiple-hosts mode, described 11-8
ports
authorization state and dot1x port-control command 11-7
authorized and unauthorized 11-7
critical 11-13
voice VLAN 11-14
port security
and voice VLAN 11-16
described 11-15
interactions 11-15
multiple-hosts mode 11-8
readiness check
configuring 11-25
described 11-10, 11-25
resetting to default values 11-46
statistics, displaying 11-46
switch
as proxy 11-3
RADIUS client 11-3
VLAN assignment
AAA authorization 11-27
characteristics 11-10
configuration tasks 11-11
described 11-10
voice VLAN
described 11-14
PVID 11-14
VVID 11-14
wake-on-LAN, described 11-16
with ACLs and RADIUS Filter-Id attribute 11-20
port blocking 1-3, 23-7
port-channel
See EtherChannel
port description TLV 24-2
Port Fast
described 19-2
enabling 19-10
mode, spanning tree 14-25
support for 1-7
port membership modes, VLAN 14-3
port not forwarding alarm 3-3
port not operating alarm 3-3
port priority
MSTP 18-19
STP 17-16
ports
access 12-2
blocking 23-7
dual-purpose uplink 12-4
dynamic access 14-3
protected 23-6
secure 23-8
static-access 14-3, 14-10
switch 12-2
trunks 14-3, 14-14
VLAN assignments 14-10
port security
aging 23-17
and QoS trusted boundary 33-34
configuring 23-12
default configuration 23-11
described 23-8
displaying 23-18
on trunk ports 23-14
sticky learning 23-9
violations 23-10
with other features 23-11
port-shutdown response, VMPS 14-24
port status monitoring alarms
FCS bit error rate alarm 3-3
link fault alarm 3-3
port not forwarding alarm 3-3
port not operating alarm 3-3
port VLAN ID TLV 24-2
power management TLV 24-2, 24-6
power supply alarm, configuring 3-5
Precision Time Protocol
See PTP
preemption, default configuration 20-8
preemption delay, default configuration 20-8
preferential treatment of traffic
See QoS
preventing unauthorized access 10-1
primary links 20-2
priority
overriding CoS 16-6
trusting CoS 16-6
private VLAN edge ports
See protected ports
privileged EXEC mode 2-2
privilege levels
changing the default for lines 10-9
command switch 6-14
exiting 10-9
logging into 10-9
mapping on member switches 6-14
overview 10-2, 10-7
setting a command with 10-8
protected ports 1-8, 23-6
proxy reports 20-3
pruning, VTP
disabling
in VTP domain 15-14
on a port 14-19
enabling
in VTP domain 15-14
on a port 14-19
examples 15-5
overview 15-4
pruning-eligible list
changing 14-19
for VTP pruning 15-4
VLANs 15-14
PTP 8-1
configuring 8-2
default configuration 8-1
displaying configuration 8-3
PVST+
described 17-9
IEEE 802.1Q trunking interoperability 17-10
instances supported 17-9
Q
QoS
and MQC commands 33-1
auto-QoS
categorizing traffic 33-18
configuration and defaults display 33-26
configuration guidelines 33-23
described 33-18
disabling 33-24
displaying generated commands 33-24
displaying the initial configuration 33-26
effects on running configuration 33-23
egress queue defaults 33-19
enabling for VoIP 33-24
example configuration 33-25
ingress queue defaults 33-19
list of generated commands 33-20
basic model 33-4
classification
class maps, described 33-7
defined 33-4
DSCP transparency, described 33-35
flowchart 33-6
forwarding treatment 33-3
in frames and packets 33-3
IP ACLs, described 33-5, 33-7
MAC ACLs, described 33-5, 33-7
options for IP traffic 33-5
options for non-IP traffic 33-5
policy maps, described 33-7
trust DSCP, described 33-5
trusted CoS, described 33-5
trust IP precedence, described 33-5
class maps
configuring 33-42
displaying 33-67
configuration guidelines
auto-QoS 33-23
standard QoS 33-30
configuring
aggregate policers 33-47
auto-QoS 33-18
default port CoS value 33-33
DSCP maps 33-49
DSCP transparency 33-35
DSCP trust states bordering another domain 33-36
egress queue characteristics 33-60
ingress queue characteristics 33-55
IP extended ACLs 33-40
IP standard ACLs 33-39
MAC ACLs 33-41
port trust states within the domain 33-32
trusted boundary 33-34
default auto configuration 33-18
default standard configuration 33-27
displaying statistics 33-67
DSCP transparency 33-35
egress queues
allocating buffer space 33-60
buffer allocation scheme, described 33-15
configuring shaped weights for SRR 33-64
configuring shared weights for SRR 33-65
described 33-4
displaying the threshold map 33-63
flowchart 33-15
mapping DSCP or CoS values 33-63
scheduling, described 33-4
setting WTD thresholds 33-60
WTD, described 33-16
enabling globally 33-31
flowcharts
classification 33-6
egress queueing and scheduling 33-15
ingress queueing and scheduling 33-13
policing and marking 33-9
implicit deny 33-7
ingress queues
allocating bandwidth 33-58
allocating buffer space 33-57
buffer and bandwidth allocation, described 33-14
configuring shared weights for SRR 33-58
configuring the priority queue 33-59
described 33-4
displaying the threshold map 33-57
flowchart 33-13
mapping DSCP or CoS values 33-56
priority queue, described 33-14
scheduling, described 33-4
setting WTD thresholds 33-56
WTD, described 33-14
IP phones
automatic classification and queueing 33-18
detection and trusted settings 33-18, 33-34
limiting bandwidth on egress interface 33-66
mapping tables
CoS-to-DSCP 33-50
displaying 33-67
DSCP-to-CoS 33-53
DSCP-to-DSCP-mutation 33-54
IP-precedence-to-DSCP 33-51
policed-DSCP 33-52
types of 33-10
marked-down actions 33-46
marking, described 33-4, 33-8
overview 33-1
packet modification 33-17
policers
configuring 33-46, 33-48
described 33-8
displaying 33-67
number of 33-30
types of 33-8
policies, attaching to an interface 33-8
policing
described 33-4, 33-8
token bucket algorithm 33-9
policy maps
characteristics of 33-44
displaying 33-68
nonhierarchical on physical ports 33-44
QoS label, defined 33-4
queues
configuring egress characteristics 33-60
configuring ingress characteristics 33-55
high priority (expedite) 33-17, 33-66
location of 33-11
SRR, described 33-12
WTD, described 33-11
rewrites 33-17
support for 1-9
trust states
bordering another domain 33-36
described 33-5
trusted device 33-34
within the domain 33-32
quality of service
See QoS
queries, IGMP 22-4
query solicitation, IGMP 22-12
R
RADIUS
attributes
vendor-proprietary 10-31
vendor-specific 10-29
configuring
accounting 10-28
authentication 10-23
authorization 10-27
communication, global 10-21, 10-29
communication, per-server 10-20, 10-21
multiple UDP ports 10-21
default configuration 10-20
defining AAA server groups 10-25
displaying the configuration 10-31
identifying the server 10-20
in clusters 6-13
limiting the services to the user 10-27
method list, defined 10-20
operation of 10-19
overview 10-18
suggested network environments 10-18
support for 1-9
tracking services accessed by user 10-28
range
macro 12-8
of interfaces 12-7
rapid convergence 18-9
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 17-9
IEEE 802.1Q trunking interoperability 17-10
instances supported 17-9
Rapid Spanning Tree Protocol
See RSTP
rcommand command 6-13
RCP
configuration files
downloading B-17
overview B-15
preparing the server B-16
uploading B-18
image files
deleting old image B-36
downloading B-34
preparing the server B-33
uploading B-36
readiness check
port-based authentication
configuring 11-25
described 11-10, 11-25
real-time clock synchronization 8-1
reconfirmation interval, VMPS, changing 14-27
reconfirming dynamic VLAN membership 14-27
recovery procedures 36-1
redundancy
EtherChannel 35-2
STP
backbone 17-8
path cost 14-22
port priority 14-20
redundant links and UplinkFast 19-13
reloading software 4-19
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 27-2
report suppression, IGMP
described 22-6
disabling 22-15
resequencing ACL entries 31-12
resetting a UDLD-shutdown interface 26-6
responder, IP SLAs
described 32-3
enabling 32-5
response time, measuring with IP SLAs 32-4
restricted VLAN
configuring 11-36
described 11-12
using with IEEE 802.1x 11-12
restricting access
NTP services 7-8
overview 10-1
passwords and privilege levels 10-2
RADIUS 10-17
TACACS+ 10-10
retry count, VMPS, changing 14-28
RFC
1112, IP multicast and IGMP 22-2
1157, SNMPv1 30-2
1305, NTP 7-2
1757, RMON 28-2
1901, SNMPv2C 30-2
1902 to 1907, SNMPv2 30-2
2236, IP multicast and IGMP 22-2
2273-2275, SNMPv3 30-2
RMON
default configuration 28-3
displaying status 28-6
enabling alarms and events 28-3
groups supported 28-2
overview 28-1
statistics
collecting group Ethernet 28-5
collecting group history 28-5
support for 1-10
root guard
described 19-8
enabling 19-15
support for 1-7
root switch
MSTP 18-17
STP 17-14
RSPAN
characteristics 27-7
configuration guidelines 27-16
default configuration 27-9
defined 27-2
destination ports 27-6
displaying status 27-23
interaction with other features 27-8
monitored ports 27-5
monitoring ports 27-6
overview 1-10, 27-1
received traffic 27-4
sessions
creating 27-17
defined 27-3
limiting source traffic to specific VLANs 27-22
specifying monitored ports 27-17
with ingress traffic enabled 27-20
source ports 27-5
transmitted traffic 27-5
VLAN-based 27-6
RSTP
active topology 18-9
BPDU
format 18-12
processing 18-12
designated port, defined 18-9
designated switch, defined 18-9
interoperability with IEEE 802.1D
described 18-8
restarting migration process 18-25
topology changes 18-13
overview 18-8
port roles
described 18-9
synchronized 18-11
proposal-agreement handshake process 18-10
rapid convergence
described 18-9
edge ports and Port Fast 18-9
point-to-point links 18-10, 18-24
root ports 18-10
root port, defined 18-9
See also MSTP
running configuration
replacing B-19, B-20
rolling back B-19, B-20
running configuration, saving 4-14
S
SC (standby command switch) 6-9
scheduled reloads 4-19
SCP
and SSH 10-44
configuring 10-44
SDM
described 9-1
templates
configuring 9-3
number of 9-1
SDM template
configuration guidelines 9-2
configuring 9-2
types of 9-1
Secure Copy Protocol
secure HTTP client
configuring 10-43
displaying 10-43
secure HTTP server
configuring 10-41
displaying 10-43
secure MAC addresses
deleting 23-16
maximum number of 23-9
types of 23-9
secure ports, configuring 23-8
secure remote connections 10-33
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 23-8
security features 1-8
See SCP
sequence numbers in log messages 29-8
server mode, VTP 15-3
service-provider network, MSTP and RSTP 18-1
set-request operation 30-4
setting a secondary temperature threshold 3-6, 3-7
setting power supply alarm options 3-5
setting the FCS error hysteresis threshold 3-9
setting the FCS error threshold 3-8
setup program
failed command switch replacement 36-6
replacing failed command switch 36-4
severity levels, defining in system messages 29-8
SFPs
monitoring status of 12-19, 36-8
security and identification 36-8
status, displaying 36-8
shaped round robin
See SRR
show access-lists hw-summary command 31-17
show alarm commands 3-12
show and more command output, filtering 2-10
show cdp traffic command 25-5
show cluster members command 6-13
show configuration command 12-17
show forward command 36-16
show interfaces command 12-14, 12-17
show interfaces switchport 20-4
show lldp traffic command 24-7
show platform forward command 36-16
show running-config command
displaying ACLs 31-16, 31-17
interface description in 12-17
shutdown command on interfaces 12-20
Simple Network Management Protocol
See SNMP
small-frame arrival rate, configuring 23-5
Smartports macros
applying Cisco-default macros 13-6
applying global parameter values 13-5, 13-6
applying macros 13-5
applying parameter values 13-5, 13-7
configuration guidelines 13-2
creating 13-4
default configuration 13-2
defined 13-1
displaying 13-8
tracing 13-3
SNAP 25-1
SNMP
accessing MIB variables with 30-4
agent
described 30-3
disabling 30-7
and IP SLAs 32-2
authentication level 30-10
community strings
configuring 30-8
for cluster switches 30-4
overview 30-4
configuration examples 30-16
default configuration 30-6
engine ID 30-7
groups 30-6, 30-9
host 30-6
ifIndex values 30-5
in-band management 1-6
in clusters 6-13
informs
and trap keyword 30-11
described 30-5
differences from traps 30-5
disabling 30-15
enabling 30-15
limiting access by TFTP servers 30-15
limiting system log messages to NMS 29-10
manager functions 1-4, 30-3
managing clusters with 6-14
MIBs
location of A-3
supported A-1
notifications 30-5
overview 30-1, 30-4
security levels 30-3
status, displaying 30-17
system contact and location 30-15
trap manager, configuring 30-13
traps
described 30-3, 30-5
differences from informs 30-5
disabling 30-15
enabling 30-11
enabling MAC address notification 7-22
overview 30-1, 30-4
types of 30-11
users 30-6, 30-9
versions supported 30-2
SNMP and Syslog Over IPv6 34-5
SNMPv1 30-2
SNMPv2C 30-2
SNMPv3 30-2
snooping, IGMP 22-1
software images
location in flash B-24
recovery procedures 36-2
scheduling reloads 4-20
tar file format, described B-24
See also downloading and uploading
source addresses
in IPv4 ACLs 31-9
source-and-destination-IP address based forwarding, EtherChannel 35-7
source-and-destination MAC address forwarding, EtherChannel 35-7
source-IP address based forwarding, EtherChannel 35-7
source-MAC address forwarding, EtherChannel 35-7
SPAN
configuration guidelines 27-10
default configuration 27-9
destination ports 27-6
displaying status 27-23
interaction with other features 27-8
monitored ports 27-5
monitoring ports 27-6
overview 1-10, 27-1
ports, restrictions 23-12
received traffic 27-4
sessions
configuring ingress forwarding 27-14, 27-21
creating 27-10
defined 27-3
limiting source traffic to specific VLANs 27-15
removing destination (monitoring) ports 27-12
specifying monitored ports 27-10
with ingress traffic enabled 27-13
source ports 27-5
transmitted traffic 27-5
VLAN-based 27-6
spanning tree and native VLANs 14-15
Spanning Tree Protocol
See STP
SPAN traffic 27-4
SRR
configuring
shaped weights on egress queues 33-64
shared weights on egress queues 33-65
shared weights on ingress queues 33-58
described 33-12
shaped mode 33-12
shared mode 33-12
support for 1-10
SSH
configuring 10-34
cryptographic software image 10-33
described 1-6, 10-33
encryption methods 10-34
user authentication methods, supported 10-34
SSL
configuration guidelines 10-40
configuring a secure HTTP client 10-43
configuring a secure HTTP server 10-41
cryptographic software image 10-37
described 10-37
monitoring 10-43
standby command switch
configuring
considerations 6-10
defined 6-2
priority 6-9
requirements 6-3
virtual IP address 6-10
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby links 20-2
startup configuration
booting
manually 4-17
specific image 4-17
clearing B-19
configuration file
automatically downloading 4-16
specifying the filename 4-16
default boot configuration 4-16
static access ports
assigning to VLAN 14-10
defined 12-3, 14-3
static addresses
See addresses
static MAC addressing 1-8
static routes
configuring for IPv6 34-10
understanding 34-5
static VLAN membership 14-2
statistics
802.1x 11-46
CDP 25-4
interface 12-19
LLDP 24-7
LLDP-MED 24-7
QoS ingress and egress 33-67
RMON group Ethernet 28-5
RMON group history 28-5
SNMP input and output 30-17
VTP 15-16
sticky learning 23-9
storm control
configuring 23-3
described 23-1
disabling 23-5
displaying 23-18
support for 1-3
thresholds 23-1
STP
accelerating root port selection 19-4
BackboneFast
described 19-5
disabling 19-14
enabling 19-13
BPDU filtering
described 19-3
disabling 19-12
enabling 19-12
BPDU guard
described 19-2
disabling 19-12
enabling 19-11
BPDU message exchange 17-3
configuration guidelines 17-12, 19-10
configuring
forward-delay time 17-21
hello time 17-20
maximum aging time 17-21
path cost 17-18
port priority 17-16
root switch 17-14
secondary root switch 17-16
spanning-tree mode 17-13
switch priority 17-19
transmit hold-count 17-22
counters, clearing 17-22
default configuration 17-11
default optional feature configuration 19-9
designated port, defined 17-3
designated switch, defined 17-3
detecting indirect link failures 19-5
disabling 17-14
displaying status 17-22
EtherChannel guard
described 19-7
disabling 19-14
enabling 19-14
extended system ID
effects on root switch 17-14
effects on the secondary root switch 17-16
overview 17-4
unexpected behavior 17-14
features supported 1-6
IEEE 802.1D and bridge ID 17-4
IEEE 802.1D and multicast addresses 17-8
IEEE 802.1t and VLAN identifier 17-4
inferior BPDU 17-3
instances supported 17-9
interface state, blocking to forwarding 19-2
interface states
blocking 17-5
disabled 17-7
forwarding 17-5, 17-6
learning 17-6
listening 17-6
overview 17-4
interoperability and compatibility among modes 17-10
limitations with IEEE 802.1Q trunks 17-10
load sharing
overview 14-20
using path costs 14-22
using port priorities 14-20
loop guard
described 19-9
enabling 19-15
modes supported 17-9
multicast addresses, effect of 17-8
optional features supported 1-7
overview 17-2
path costs 14-22
Port Fast
described 19-2
enabling 19-10
port priorities 14-21
preventing root switch selection 19-8
protocols supported 17-9
redundant connectivity 17-8
root guard
described 19-8
enabling 19-15
root port, defined 17-3
root switch
configuring 17-14
effects of extended system ID 17-4, 17-14
election 17-3
unexpected behavior 17-14
shutdown Port Fast-enabled port 19-2
status, displaying 17-22
superior BPDU 17-3
timers, described 17-20
UplinkFast
described 19-3
enabling 19-13
stratum, NTP 7-2
success response, VMPS 14-24
summer time 7-13
SunNet Manager 1-4
switch 34-2
switch clustering technology 6-1
See also clusters, switch
switch console port 1-6
Switch Database Management
See SDM
Switched Port Analyzer
See SPAN
switched ports 12-2
switchport backup interface 20-4, 20-5
switchport block multicast command 23-8
switchport block unicast command 23-8
switchport protected command 23-7
switch priority
MSTP 18-21
STP 17-19
switch software features 1-1
synchronization, real-time clocks 8-1
syslog
See system message logging
system capabilities TLV 24-2
system clock
configuring
daylight saving time 7-13
manually 7-11
summer time 7-13
time zones 7-12
displaying the time and date 7-12
overview 7-1
See also NTP
system description TLV 24-2
system message logging
default configuration 29-3
defining error message severity levels 29-8
disabling 29-4
displaying the configuration 29-13
enabling 29-4
facility keywords, described 29-13
level keywords, described 29-9
limiting messages 29-10
message format 29-2
overview 29-1
sequence numbers, enabling and disabling 29-8
setting the display destination device 29-5
synchronizing log messages 29-6
syslog facility 1-10
time stamps, enabling and disabling 29-7
UNIX syslog servers
configuring the daemon 29-12
configuring the logging facility 29-12
facilities supported 29-13
system name
default configuration 7-15
default setting 7-15
manual configuration 7-15
See also DNS
system name TLV 24-2
system prompt, default setting 7-14, 7-15
system resources, optimizing 9-1
T
TACACS+
accounting, defined 10-11
authentication, defined 10-11
authorization, defined 10-11
configuring
accounting 10-17
authentication key 10-13
authorization 10-16
login authentication 10-14
default configuration 10-13
displaying the configuration 10-17
identifying the server 10-13
in clusters 6-13
limiting the services to the user 10-16
operation of 10-12
overview 10-10
support for 1-9
tracking services accessed by user 10-17
tar files
creating B-6
displaying the contents of B-7
extracting B-7
image file format B-24
TDR 1-10
Telnet
accessing management interfaces 2-10
number of connections 1-6
setting a password 10-6
temperature alarms, configuring 3-6, 3-7
templates, SDM 9-1
temporary self-signed certificate 10-38
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 10-6
TFTP
configuration files
downloading B-11
preparing the server B-11
uploading B-12
configuration files in base directory 4-7
configuring for autoconfiguration 4-7
image files
deleting B-27
downloading B-26
preparing the server B-25
uploading B-28
limiting access by servers 30-15
TFTP server 1-5
threshold, traffic level 23-2
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 31-14
time ranges in ACLs 31-14
time stamps in log messages 29-7
time zones 7-12
TLVs
defined 24-2
LLDP 24-2
LLDP-MED 24-2
Token Ring VLANs
support for 14-5
VTP support 15-4
ToS 1-9
traceroute, Layer 2
and ARP 36-11
and CDP 36-10
broadcast traffic 36-10
described 36-10
IP addresses and subnets 36-11
MAC addresses and VLANs 36-11
multicast traffic 36-11
multiple devices on a port 36-11
unicast traffic 36-10
usage guidelines 36-10
traceroute command 36-12
See also IP traceroute
traffic
blocking flooded 23-8
fragmented 31-3
unfragmented 31-3
traffic policing 1-9
traffic suppression 23-1
transmit hold-count
see STP
transparent mode, VTP 15-3, 15-12
trap-door mechanism 4-2
traps
configuring MAC address notification 7-22
configuring managers 30-11
defined 30-3
enabling 7-22, 30-11
notification types 30-11
overview 30-1, 30-4
triggering alarm options
configurable relays 3-3
methods 3-3
SNMP traps 3-4
syslog messages 3-4
troubleshooting
connectivity problems 36-8, 36-10, 36-11
detecting unidirectional links 26-1
displaying crash information 36-17
setting packet forwarding 36-16
SFP security and identification 36-8
show forward command 36-16
with CiscoWorks 30-4
with debug commands 36-14
with ping 36-9
with system message logging 29-1
with traceroute 36-11
trunk failover
See link-state tracking
trunking encapsulation 1-7
trunk ports
configuring 14-17
defined 12-3, 14-3
trunks
allowed-VLAN list 14-18
load sharing
setting STP path costs 14-22
using STP port priorities 14-20, 14-21
native VLAN for untagged traffic 14-19
parallel 14-22
pruning-eligible list 14-19
to non-DTP device 14-14
trusted boundary for QoS 33-34
trusted port states
between QoS domains 33-36
classification options 33-5
ensuring port security for IP phones 33-34
support for 1-9
within a QoS domain 33-32
trustpoints, CA 10-38
twisted-pair Ethernet, detecting unidirectional links 26-1
type of service
See ToS
U
UDLD
configuration guidelines 26-4
default configuration 26-4
disabling
globally 26-5
on fiber-optic interfaces 26-5
per interface 26-6
echoing detection mechanism 26-2
enabling
globally 26-5
per interface 26-6
link-detection mechanism 26-1
neighbor database 26-2
overview 26-1
resetting an interface 26-6
status, displaying 26-7
support for 1-6
unauthorized ports with IEEE 802.1x 11-7
unicast MAC address filtering 1-5
and adding static addresses 7-25
and broadcast MAC addresses 7-25
and CPU packets 7-25
and multicast addresses 7-25
and router MAC addresses 7-25
configuration guidelines 7-25
described 7-25
unicast storm 23-1
unicast storm control command 23-4
unicast traffic, blocking 23-8
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 29-12
facilities supported 29-13
message logging configuration 29-12
unrecognized Type-Length-Value (TLV) support 15-4
upgrading software images
See downloading
UplinkFast
described 19-3
disabling 19-13
enabling 19-13
support for 1-6
uploading
configuration files
preparing B-11, B-13, B-16
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
image files
preparing B-25, B-29, B-33
reasons for B-23
using FTP B-31
using RCP B-36
using TFTP B-28
user EXEC mode 2-2
username-based authentication 10-6
V
version-dependent transparent mode 15-4
virtual IP address
cluster standby group 6-10
command switch 6-10
virtual switches and PAgP 35-5
vlan.dat file 14-4
VLAN 1, disabling on a trunk port 14-18
VLAN 1 minimization 14-18
vlan-assignment response, VMPS 14-24
VLAN configuration
at bootup 14-7
saving 14-7
VLAN configuration mode 2-2, 14-6
VLAN database
and startup configuration file 14-7
and VTP 15-1
VLAN configuration saved in 14-6
VLANs saved in 14-4
vlan database command 14-6
VLAN filtering and SPAN 27-6
vlan global configuration command 14-6
VLAN ID, discovering 7-27
VLAN load balancing on flex links 20-2
configuration guidelines 20-8
VLAN management domain 15-2
VLAN Management Policy Server
See VMPS
VLAN membership
confirming 14-27
modes 14-3
VLAN Query Protocol
See VQP
VLANs
adding 14-8
adding to VLAN database 14-8
aging dynamic addresses 17-9
allowed on trunk 14-18
and spanning-tree instances 14-2, 14-6, 14-12
configuration guidelines, extended-range VLANs 14-12
configuration guidelines, normal-range VLANs 14-5
configuration options 14-6
configuring 14-1
configuring IDs 1006 to 4094 14-12
creating in config-vlan mode 14-8
creating in VLAN configuration mode 14-9
default configuration 14-7
deleting 14-9
described 12-2, 14-1
displaying 14-13
extended-range 14-1, 14-11
features 1-7
illustrated 14-2
limiting source traffic with RSPAN 27-22
limiting source traffic with SPAN 27-15
modifying 14-8
multicast 22-16
native, configuring 14-19
normal-range 14-1, 14-4
number supported 1-7
parameters 14-4
port membership modes 14-3
static-access ports 14-10
STP and IEEE 802.1Q trunks 17-10
supported 14-2
Token Ring 14-5
traffic between 14-2
VTP modes 15-3
VLAN Trunking Protocol
See VTP
VLAN trunks 14-14
VMPS
administering 14-28
configuration example 14-29
configuration guidelines 14-25
default configuration 14-25
description 14-23
dynamic port membership
described 14-24
reconfirming 14-27
troubleshooting 14-29
entering server address 14-26
mapping MAC addresses to VLANs 14-24
monitoring 14-28
reconfirmation interval, changing 14-27
reconfirming membership 14-27
retry count, changing 14-28
voice-over-IP 16-1
voice VLAN
Cisco 7960 phone, port connections 16-1
configuration guidelines 16-3
configuring IP phones for data traffic
override CoS of incoming frame 16-6
trust CoS priority of incoming frame 16-6
configuring ports for voice traffic in
802.1p priority tagged frames 16-5
802.1Q frames 16-4
connecting to an IP phone 16-4
default configuration 16-3
described 16-1
displaying 16-6
IP phone data traffic, described 16-2
IP phone voice traffic, described 16-2
VQP 1-7, 14-23
VTP
adding a client to a domain 15-14
advertisements 14-16, 15-3
and extended-range VLANs 15-1
and normal-range VLANs 15-1
client mode, configuring 15-11
configuration
global configuration mode 15-7
guidelines 15-8
privileged EXEC mode 15-7
requirements 15-9
saving 15-7
VLAN configuration mode 15-7
configuration mode options 15-7
configuration requirements 15-9
configuration revision number
guideline 15-14
resetting 15-15
configuring
client mode 15-11
server mode 15-9
transparent mode 15-12
consistency checks 15-4
default configuration 15-6
described 15-1
disabling 15-12
domain names 15-8
domains 15-2
modes
client 15-3, 15-11
server 15-3, 15-9
transitions 15-3
transparent 15-3, 15-12
monitoring 15-16
passwords 15-8
pruning
disabling 15-14
enabling 15-14
examples 15-5
overview 15-4
support for 1-7
pruning-eligible list, changing 14-19
server mode, configuring 15-9
statistics 15-16
support for 1-7
Token Ring support 15-4
transparent mode, configuring 15-12
using 15-1
version, guidelines 15-8
Version 1 15-4
Version 2
configuration guidelines 15-8
disabling 15-13
enabling 15-13
overview 15-4
W
web authentication 11-10
configuring11-42to 11-45
described 1-8, 11-19
fallback for IEEE 802.1x 11-44
weighted tail drop
See WTD
wizards 1-2
WTD
described 33-11
setting thresholds
egress queue-sets 33-60
ingress queues 33-56
support for 1-10
X
Xmodem protocol 36-2