- Index
- Preface
- Overview
- Using the Command-Line Interface
- Configuring Switch Alarms
- Assigning the Switch IP Address and Default Gateway
- Configuring Cisco IOS Configuration Engine
- Clustering Switches
- Administering the Switch
- Configuring PTP
- Configuring PROFINET
- Configuring SDM Templates
- Configuring Switch-Based Authentication
- Configuring IEEE 802.1x Port-Based Authentication
- Configuring Web-Based Authentication
- Configuring Interface Characteristics
- Configuring Auto Smartports Macros
- Configuring VLANs
- Configuring VTP
- Configuring Voice VLAN
- Configuring Private VLANs
- Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
- Configuring STP
- Configuring MSTP
- Configuring Optional Spanning-Tree Features
- Configuring Resilient Ethernet Protocol
- Configuring Flex Links and the MAC Address-Table Move Update Feature
- Configuring DHCP Features and IP Source Guard
- Configuring Dynamic ARP Inspection
- Configuring IGMP Snooping and MVR
- Configuring Port-Based Traffic Control
- Configuring LLDP, LLDP-MED, and Wired Location Service
- Configuring CDP
- Configuring UDLD
- Configuring SPAN and RSPAN
- Configuring RMON
- Configuring System Message Logging
- Configuring SNMP
- Configuring Embedded Event Manager
- Configuring Network Security with ACLs
- Configuring QoS
- Configuring EtherChannels and Link-State Tracking
- Configuring IP Unicast Routing
- Configuring IPv6 Unicast Routing
- Configuring IPv6 MLD Snooping
- Configuring IPv6 ACLs
- Configuring HSRP
- Configuring Cisco IOS IP SLAs Operations
- Configuring Enhanced Object Tracking
- Configuring Web Cache Services By Using WCCP
- Configuring IP Multicast Routing
- Configuring MSDP
- Configuring Fallback Bridging
- Troubleshooting
- Supported MIBs
- Working with the Cisco IOS File System, Configuration Files, and Software Images
- Unsupported Commands in Cisco IOS Release 12.2(52)SE
A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
K -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
X -
ACLs
ACLs
addresses
ACLs
clusters, switch
CNS
configuration files
default configuration
default configuration
downloading
dynamic ARP inspection
EtherChannel PAgP
fallback bridging
IGMP
IP multicast routing
IP multicast routing
IP unicast routing
IPv6
Kerberos
monitoring
MSDP
MSTP
MSTP
multi-VRF CE
passwords
PIM
port-based authentication
port-based authentication
port security
private VLANs
QoS
QoS
QoS
RSPAN
SNMP
STP
STP
trunks
UDLD
VTP
Index
A
AAA down policy, NAC Layer 2 IP validation 1-10
abbreviating commands 2-4
ABRs 37-24
AC (command switch) 6-10
access-class command 34-19
access control entries
access control entry (ACE) 40-3
access-denied response, VMPS 16-25
access groups
applying IPv4 ACLs to interfaces 34-20
Layer 2 34-20
Layer 3 34-20
accessing
clusters, switch 6-13
command switches 6-11
member switches 6-13
switch clusters 6-13
access lists
access ports
and Layer 2 protocol tunneling 16-10
defined 14-3
in switch clusters 6-9
accounting
with 802.1x 12-46
with IEEE 802.1x 12-14
with RADIUS 11-33
ACEs
and QoS 35-7
defined 34-2
Ethernet 34-2
IP 34-2
ACLs
ACEs 34-2
any keyword 34-12
applying
on bridged packets 34-38
on multicast packets 34-40
on routed packets 34-39
on switched packets 34-38
time ranges to 34-16
to IPv6 interfaces 40-7
to QoS 35-7
classifying traffic for QoS 35-43
comments in 34-18
compiling 34-22
extended IP, configuring for QoS classification 35-44
extended IPv4
creating 34-10
matching criteria 34-7
hardware and software handling 34-21
host keyword 34-12
IP
creating 34-7
fragments and QoS guidelines 35-33
implicit deny 34-9, 34-13, 34-15
implicit masks 34-9
matching criteria 34-7
undefined 34-20
IPv4
applying to interfaces 34-19
creating 34-7
matching criteria 34-7
named 34-14
numbers 34-8
terminal lines, setting on 34-18
unsupported features 34-7
IPv6
applying to interfaces 40-7
displaying 40-8
interactions with other features 40-4
matching criteria 40-3
named 40-2
precedence of 40-2
supported 40-2
unsupported features 40-3
Layer 4 information in 34-37
logging messages 34-8
named, IPv4 34-14
named, IPv6 40-2
names 40-4
number per QoS class map 35-33
precedence of 34-2
resequencing entries 34-14
router ACLs and VLAN map configuration guidelines 34-37
standard IP, configuring for QoS classification 35-43
standard IPv4
creating 34-9
matching criteria 34-7
support for 1-9
support in hardware 34-21
time ranges 34-16
types supported 34-2
unsupported features, IPv4 34-7
unsupported features, IPv6 40-3
using router ACLs with VLAN maps 34-36
VLAN maps
configuration guidelines 34-30
configuring 34-29
active links 21-2
active router 41-1
active traffic monitoring, IP SLAs 42-1
address aliasing 24-2
addresses
displaying the MAC address table 7-30
dynamic
accelerated aging 17-8
changing the aging time 7-21
default aging 17-8
defined 7-19
learning 7-20
removing 7-22
IPv6 38-2
MAC, discovering 7-30
multicast
group address range 45-3
STP address management 17-8
static
adding and removing 7-26
defined 7-19
Address Resolution Protocol
adjacency tables, with CEF 37-86
administrative distances
defined 37-98
OSPF 37-30
routing protocol defaults 37-88
administrative VLAN
REP, configuring 20-8
administrative VLAN, REP 20-8
advertisements
CDP 27-1
RIP 37-18
age timer, REP 20-8
aggregatable global unicast addresses 38-3
aggregate addresses, BGP 37-57
aggregated ports
aggregate policers 35-58
aggregate policing 1-12
aging, accelerating 17-8
aging time
accelerated
for MSTP 18-23
MAC address table 7-21
maximum
alarm profiles
configuring 3-11
creating or modifying 3-10
alarms
default configuration 3-4
displaying 3-12
power supply 3-2
temperature 3-2
alarms, RMON 30-3
allowed-VLAN list 16-18
application engines, redirecting traffic to 44-1
area border routers
area routing
IS-IS 37-61
ISO IGRP 37-61
ARP
configuring 37-9
encapsulation 37-10
static cache configuration 37-9
table
address resolution 7-30
managing 7-30
ASBRs 37-24
AS-path filters, BGP 37-51
associating the temperature alarms to a relay 3-7
asymmetrical links, and IEEE 802.1Q tunneling 16-4
attaching an alarm profile to a port 3-11
attributes, RADIUS
vendor-proprietary 11-36
vendor-specific 11-34
attribute-value pairs 12-12, 12-14, 12-18
authentication
EIGRP 37-38
HSRP 41-10
local mode with AAA 11-43
NTP associations 7-4
open1x 12-27
RADIUS
key 11-26
login 11-28
TACACS+
defined 11-11
key 11-13
login 11-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 12-8
authentication failed VLAN
authentication keys, and routing protocols 37-98
authentication manager
CLI commands 12-9
compatibility with older 802.1x CLI commands12-9to ??
overview 12-7
authoritative time source, described 7-2
authorization
with RADIUS 11-32
authorized ports with IEEE 802.1x 12-10
autoconfiguration 4-3
auto enablement 12-28
automatic discovery
considerations
beyond a noncandidate device 6-7
brand new switches 6-9
connectivity 6-4
different VLANs 6-6
management VLANs 6-7
non-CDP-capable devices 6-6
noncluster-capable devices 6-6
routed ports 6-8
in switch clusters 6-4
automatic QoS
automatic recovery, clusters 6-10
auto-MDIX
configuring 14-19
described 14-19
autonegotiation
duplex mode 1-3
interface configuration guidelines 14-16
mismatches 48-7
autonomous system boundary routers
autonomous systems, in BGP 37-45
Auto-RP, described 45-6
autosensing, port speed 1-3
Auto Smartports macros
displaying 15-5
autostate exclude 14-5
auxiliary VLAN
availability, features 1-7
B
BackboneFast
described 19-5
disabling 19-14
enabling 19-13
support for 1-7
backup interfaces
backup links 21-2
backup static routing, configuring 43-12
banners
configuring
login 7-19
message-of-the-day login 7-18
default configuration 7-17
when displayed 7-17
Berkeley r-tools replacement 11-55
BGP
aggregate addresses 37-57
aggregate routes, configuring 37-57
CIDR 37-57
clear commands 37-60
community filtering 37-54
configuring neighbors 37-55
default configuration 37-42
described 37-41
enabling 37-45
monitoring 37-60
multipath support 37-49
neighbors, types of 37-45
path selection 37-49
peers, configuring 37-55
prefix filtering 37-53
resetting sessions 37-48
route dampening 37-59
route maps 37-51
route reflectors 37-58
routing domain confederation 37-58
routing session with multi-VRF CE 37-80
show commands 37-60
supernets 37-57
support for 1-12
Version 4 37-42
binding cluster group and HSRP group 41-12
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 22-6
DHCP snooping database 22-6
IP source guard 22-15
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 25-7
Boolean expressions in tracked lists 43-4
booting
boot loader, function of 4-2
boot process 4-2
manually 4-18
specific image 4-19
boot loader
accessing 4-19
described 4-2
environment variables 4-19
prompt 4-19
trap-door mechanism 4-2
bootstrap router (BSR), described 45-7
Border Gateway Protocol
BPDU
error-disabled state 19-2
filtering 19-3
RSTP format 18-12
BPDU filtering
described 19-3
disabling 19-12
enabling 19-12
support for 1-7
BPDU guard
described 19-2
disabling 19-12
enabling 19-11
support for 1-7
bridged packets, ACLs on 34-38
bridge groups
bridge protocol data unit
broadcast flooding 37-16
broadcast packets
directed 37-13
flooded 37-13
broadcast storm-control command 25-4
C
cables, monitoring for unidirectional links 28-1
candidate switch
automatic discovery 6-4
defined 6-3
requirements 6-3
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility 12-8
CA trustpoint
configuring 11-51
defined 11-49
CDP
and trusted boundary 35-39
automatic discovery in switch clusters 6-4
configuring 27-2
default configuration 27-2
defined with LLDP 26-1
described 27-1
disabling for routing device27-3to 27-4
enabling and disabling
on an interface 27-4
on a switch 27-3
Layer 2 protocol tunneling 16-7
monitoring 27-4
overview 27-1
support for 1-5
transmission timer and holdtime, setting 27-2
updates 27-2
CEF
defined 37-85
enabling 37-86
IPv6 38-18
CGMP
as IGMP snooping learning method 24-8
clearing cached group entries 45-60
enabling server support 45-43
joining multicast group 24-3
overview 45-9
server support only 45-9
switch support of 1-3
CIDR 37-57
CipherSuites 11-50
Cisco 7960 IP Phone 18-1
Cisco Discovery Protocol
Cisco Express Forwarding
Cisco Group Management Protocol
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
Cisco IOS IP SLAs 42-1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 12-18
attribute-value pairs for redirect URL 12-18
Cisco Secure ACS configuration guide 12-57
CISP 12-28
CIST regional root
CIST root
civic location 26-2
classless interdomain routing
classless routing 37-6
class maps for QoS
configuring 35-46
described 35-7
displaying 35-78
class of service
clearing interfaces 14-25
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-4
editing features
enabling and disabling 2-7
keystroke editing 2-7
wrapped lines 2-9
error messages 2-5
filtering command output 2-9
getting help 2-3
history
changing the buffer size 2-6
described 2-5
disabling 2-6
recalling commands 2-6
managing clusters 6-14
no and default forms of commands 2-4
Client Information Signalling Protocol
client mode, VTP 17-3
client processes, tracking 43-1
CLNS
clock
clusters, switch
accessing 6-13
automatic discovery 6-4
automatic recovery 6-10
benefits 1-2
compatibility 6-4
described 6-1
LRE profile considerations 6-14
managing
through CLI 6-14
through SNMP 6-15
planning 6-4
planning considerations
automatic discovery 6-4
automatic recovery 6-10
CLI 6-14
host names 6-13
IP addresses 6-13
LRE profiles 6-14
passwords 6-13
RADIUS 6-14
TACACS+ 6-14
cluster standby group
and HSRP group 41-12
automatic recovery 6-12
considerations 6-11
defined 6-2
requirements 6-3
virtual IP address 6-11
Configuration Engine
configID, deviceID, hostname 5-3
configuration service 5-2
described 5-1
event service 5-3
embedded agents
described 5-5
enabling automated configuration 5-6
enabling configuration agent 5-9
enabling event agent 5-7
management functions 1-5
CoA Request Commands 11-23
command-line interface
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 11-8
command switch
accessing 6-11
active (AC) 6-10
configuration conflicts 48-7
defined 6-2
passive (PC) 6-10
password privilege levels 6-15
priority 6-10
recovery
from command-switch failure 6-10, 48-4
from lost member connectivity 48-7
redundant 6-10
replacing
with another switch 48-6
with cluster member 48-4
requirements 6-3
standby (SC) 6-10
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 37-54
community ports 14-2
community strings
for cluster switches 32-4
in clusters 6-14
overview 32-4
SNMP 6-14
compatibility, feature 25-12
config.text 4-17
configurable leave timer, IGMP 24-6
configuration, initial
defaults 1-14
Express Setup 1-2
configuration changes, logging 31-10
configuration conflicts, recovering from lost member connectivity 48-7
configuration examples, network 1-17
configuration files
archiving B-19
clearing the startup configuration B-19
creating using a text editor B-10
default name 4-17
deleting a stored configuration B-19
described B-8
downloading
automatically 4-17
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-11
guidelines for creating and using B-9
guidelines for replacing and rolling back B-20
invalid combinations when copying B-5
limiting TFTP server access 32-16
obtaining with DHCP 4-9
password recovery disable considerations 11-5
replacing a running configuration B-19, B-20
rolling back a running configuration B-19, B-20
specifying the filename 4-17
system contact and location information 32-16
types and location B-9
uploading
reasons for B-8
using FTP B-14
using RCP B-18
using TFTP B-11
configuration guidelines
REP 20-7
configuration guidelines, multi-VRF CE 37-74
configuration logger 31-10
configuration logging 2-5
configuration replacement B-19
configuration rollback B-19
configuration settings, saving 4-15
configure terminal command 14-9
configuring 802.1x user distribution 12-53
configuring port-based authentication violation modes12-36to 12-37
configuring small-frame arrival rate 25-5
config-vlan mode 2-2
conflicts, configuration 48-7
connections, secure remote 11-44
connectivity problems 48-8, 48-10, 48-11
consistency checks in VTP Version 2 17-4
console port, connecting to 2-10
content-routing technology
control protocol, IP SLAs 42-4
convergence
REP 20-4
corrupted software, recovery steps with Xmodem 48-2
CoS
in Layer 2 frames 35-2
override priority 18-6
trust priority 18-6
CoS input queue threshold map for QoS 35-16
CoS output queue threshold map for QoS 35-18
CoS-to-DSCP map for QoS 35-60
counters, clearing interface 14-25
CPU utilization, troubleshooting 48-19
crashinfo file 48-18
critical authentication, IEEE 802.1x 12-50
critical VLAN 12-21
cryptographic software image
Kerberos 11-38
SSH 11-44
SSL 11-48
customer edge devices 37-72
customjzeable web pages, web-based authentication 13-6
D
DACL
daylight saving time 7-13
debugging
enabling all system diagnostics 48-15
enabling for a specific feature 48-15
redirecting error message output 48-15
using commands 48-14
default alarm configuration 3-4
default commands 2-4
default configuration
802.1x 12-31
auto-QoS 35-20
banners 7-17
BGP 37-42
booting 4-17
CDP 27-2
DHCP 22-8
DHCP option 82 22-8
DHCP snooping 22-8
DHCP snooping binding database 22-8
DNS 7-16
dynamic ARP inspection 23-5
EIGRP 37-34
EtherChannel 36-10
Ethernet interfaces 14-13
fallback bridging 47-3
Flex Links 21-8
HSRP 41-5
IEEE 802.1Q tunneling 16-4
IGMP 45-38
IGMP filtering 24-24
IGMP snooping 24-7, 39-5, 39-6
IGMP throttling 24-24
initial switch information 4-3
IP addressing, IP routing 37-4
IP multicast routing 45-10
IP SLAs 42-6
IP source guard 22-17
IPv6 38-10
IS-IS 37-63
Layer 2 interfaces 14-13
Layer 2 protocol tunneling 16-11
LLDP 26-4
MAC address table 7-21
MAC address-table move update 21-8
MSDP 46-4
MSTP 18-14
multi-VRF CE 37-73
MVR 24-19
NTP 7-4
optional spanning-tree configuration 19-9
OSPF 37-25
password and privilege level 11-2
PIM 45-10
private VLANs 14-6
PROFINET 9-4
PTP 8-2
RADIUS 11-26
REP 20-7
RIP 37-19
RMON 30-3
RSPAN 29-9
SDM template 10-3
SNMP 32-6
SPAN 29-9
SSL 11-51
standard QoS 35-30
STP 17-11
system message logging 31-3
system name and prompt 7-15
TACACS+ 11-13
UDLD 28-3
VLAN, Layer 2 Ethernet interfaces 16-16
VLANs 16-7
VMPS 16-26
voice VLAN 18-3
VTP 17-7
WCCP 44-5
default networks 37-88
default router preference
default routes 37-88
default routing 37-2
default web-based authentication configuration
802.1X 13-9
deleting VLANs 16-9
denial-of-service attack 25-1
description command 14-20
designing your network, examples 1-17
destination addresses
in IPv4 ACLs 34-11
in IPv6 ACLs 40-5
destination-IP address-based forwarding, EtherChannel 36-8
destination-MAC address forwarding, EtherChannel 36-8
detecting indirect link failures, STP 19-5
device B-23
device discovery protocol 26-1, 27-1
device manager
benefits 1-2
in-band management 1-6
upgrading a switch B-23
DHCP
Cisco IOS server database
configuring 22-13
default configuration 22-8
described 22-6
DHCP for IPv6
enabling
relay agent 22-10
DHCP-based autoconfiguration
client request message exchange 4-4
configuring
client side 4-4
DNS 4-8
relay device 4-8
server side 4-6
TFTP server 4-7
example 4-9
lease options
for IP address information 4-6
for receiving the configuration file 4-7
overview 4-3
relationship to BOOTP 4-4
support for 1-5
DHCP-based autoconfiguration and image update
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP object tracking, configuring primary interface 43-11
DHCP option 82
circuit ID suboption 22-5
configuration guidelines 22-8
default configuration 22-8
displaying 22-15
forwarding address, specifying 22-10
helper address 22-10
overview 22-3
packet format, suboption
circuit ID 22-5
remote ID 22-5
remote ID suboption 22-5
DHCP server port-based address allocation
configuration guidelines 22-26
default configuration 22-25
described 22-25
displaying 22-28
enabling 22-26
reserved addresses 22-26
DHCP server port-based address assignment
support for 1-5
DHCP snooping
accepting untrusted packets form edge switch 22-3, 22-12
and private VLANs 22-13
binding database
See DHCP snooping binding database
configuration guidelines 22-8
default configuration 22-8
displaying binding tables 22-15
message exchange process 22-4
option 82 data insertion 22-3
trusted interface 22-2
untrusted interface 22-2
untrusted messages 22-2
DHCP snooping binding database
adding bindings 22-14
binding file
format 22-7
location 22-6
bindings 22-6
clearing agent statistics 22-14
configuration guidelines 22-9
configuring 22-14
default configuration 22-8
deleting
binding file 22-14
bindings 22-14
database agent 22-14
described 22-6
displaying 22-15
binding entries 22-15
status and statistics 22-15
enabling 22-14
entry 22-6
renewing database 22-14
resetting
delay value 22-14
timeout value 22-14
DHCP snooping binding table
See DHCP snooping binding database
DHCPv6
configuration guidelines 38-14
default configuration 38-14
described 38-6
enabling client function 38-17
enabling DHCPv6 server function 38-15
support for 1-13
Differentiated Services architecture, QoS 35-2
Differentiated Services Code Point 35-2
Diffusing Update Algorithm (DUAL) 37-33
directed unicast requests 1-5
directories
changing B-4
creating and removing B-4
displaying the working B-4
discovery, clusters
displaying switch alarms 3-12
Distance Vector Multicast Routing Protocol
distance-vector protocols 37-3
distribute-list command 37-97
DNS
and DHCP-based autoconfiguration 4-8
default configuration 7-16
displaying the configuration 7-17
in IPv6 38-4
overview 7-15
setting up 7-16
support for 1-5
DNS-based SSM mapping 45-18, 45-20
domain names
DNS 7-15
VTP 17-8
Domain Name System
domains, ISO IGRP routing 37-61
dot1q-tunnel switchport mode 16-15
double-tagged packets
IEEE 802.1Q tunneling 16-2
Layer 2 protocol tunneling 16-10
downloading
configuration files
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-11
image files
deleting old image B-27
reasons for B-23
using CMS 1-2
using FTP B-29
using RCP B-33
using TFTP B-25
using the device manager or Network Assistant B-23
drop threshold for Layer 2 protocol packets 16-11
DRP
configuring 38-12
described 38-4
IPv6 38-4
support for 1-13
DSCP input queue threshold map for QoS 35-16
DSCP output queue threshold map for QoS 35-18
DSCP-to-CoS map for QoS 35-63
DSCP-to-DSCP-mutation map for QoS 35-64
DSCP transparency 35-40
dual-action detection 36-5
DUAL finite state machine, EIGRP 37-34
dual IPv4 and IPv6 templates 10-2, 38-5, 38-6
dual protocol stacks
IPv4 and IPv6 38-5
SDM templates supporting 38-6
dual-purpose uplinks
defined 14-6
LEDs 14-6
setting the type 14-14
DVMRP
autosummarization
configuring a summary address 45-57
disabling 45-59
connecting PIM domain to DVMRP router 45-50
enabling unicast routing 45-53
interoperability
with Cisco devices 45-48
with Cisco IOS software 45-8
mrinfo requests, responding to 45-52
neighbors
advertising the default route to 45-51
discovery with Probe messages 45-48
displaying information 45-52
prevent peering with nonpruning 45-55
rejecting nonpruning 45-54
overview 45-8
routes
adding a metric offset 45-59
advertising all 45-59
advertising the default route to neighbors 45-51
caching DVMRP routes learned in report messages 45-53
changing the threshold for syslog messages 45-56
deleting 45-60
displaying 45-61
favoring one over another 45-59
limiting the number injected into MBONE 45-56
limiting unicast route advertisements 45-48
routing table 45-9
source distribution tree, building 45-9
support for 1-13
tunnels
configuring 45-50
displaying neighbor information 45-52
dynamic access ports
characteristics 16-3
configuring 16-27
defined 14-3
dynamic addresses
dynamic ARP inspection
ARP cache poisoning 23-1
ARP requests, described 23-1
ARP spoofing attack 23-1
clearing
log buffer 23-15
statistics 23-14
configuration guidelines 23-6
configuring
ACLs for non-DHCP environments 23-8
in DHCP environments 23-7
log buffer 23-13
rate limit for incoming ARP packets 23-4, 23-10
default configuration 23-5
denial-of-service attacks, preventing 23-10
described 23-1
DHCP snooping binding database 23-2
displaying
ARP ACLs 23-14
configuration and operating state 23-14
log buffer 23-15
statistics 23-14
trust state and rate limit 23-14
error-disabled state for exceeding rate limit 23-4
function of 23-2
interface trust states 23-3
log buffer
clearing 23-15
configuring 23-13
displaying 23-15
logging of dropped packets, described 23-4
man-in-the middle attack, described 23-2
network security issues and interface trust states 23-3
priority of ARP ACLs and DHCP snooping entries 23-4
rate limiting of ARP packets
configuring 23-10
described 23-4
error-disabled state 23-4
statistics
clearing 23-14
displaying 23-14
validation checks, performing 23-12
dynamic auto trunking mode 16-15
dynamic desirable trunking mode 16-15
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 16-25
reconfirming 16-28
troubleshooting 16-30
types of connections 16-27
dynamic routing 37-3
ISO CLNS 37-61
Dynamic Trunking Protocol
E
EBGP 37-40
editing features
enabling and disabling 2-7
keystrokes used 2-7
wrapped lines 2-9
EIGRP
authentication 37-38
components 37-33
configuring 37-36
default configuration 37-34
definition 37-33
interface parameters, configuring 37-37
monitoring 37-40
stub routing 37-39
ELIN location 26-3
embedded event manager
actions 33-4
displaying information 33-6
environmental variables 33-4
event detectors 33-2
policies 33-4
registering and defining an applet 33-5
registering and defining a TCL script 33-6
understanding 33-1
enable password 11-3
enable secret password 11-3
enabling SNMP traps 3-11
encryption, CipherSuite 11-50
encryption for passwords 11-3
Enhanced IGRP
enhanced object tracking
backup static routing 43-12
commands 43-1
defined 43-1
DHCP primary interface 43-11
HSRP 43-7
IP routing state 43-2
IP SLAs 43-9
line-protocol state 43-2
network monitoring with IP SLAs 43-11
routing policy, configuring 43-12
static route primary interface 43-10
tracked lists 43-3
enhanced object tracking static routing 43-10
environmental variables, embedded event manager 33-4
environment variables, function of 4-20
equal-cost routing 1-13, 37-87
error-disabled state, BPDU 19-2
error messages during command entry 2-5
EtherChannel
automatic creation of 36-4, 36-6
channel groups
binding physical and logical interfaces 36-3
numbering of 36-3
configuration guidelines 36-10
configuring
Layer 2 interfaces 36-11
Layer 3 physical interfaces 36-14
Layer 3 port-channel logical interfaces 36-13
default configuration 36-10
described 36-2
displaying status 36-20
forwarding methods 36-7, 36-16
IEEE 802.3ad, described 36-6
interaction
with STP 36-10
with VLANs 36-11
LACP
described 36-6
displaying status 36-20
hot-standby ports 36-18
interaction with other features 36-7
modes 36-6
port priority 36-19
system priority 36-19
Layer 3 interface 37-3
logical interfaces, described 36-3
PAgP
aggregate-port learners 36-16
compatibility with Catalyst 1900 36-17
described 36-4
displaying status 36-20
interaction with other features 36-6
interaction with virtual switches 36-5
learn method and priority configuration 36-16
modes 36-5
support for 1-3
with dual-action detection 36-5
port-channel interfaces
described 36-3
numbering of 36-3
port groups 14-6
support for 1-3
EtherChannel guard
described 19-7
disabling 19-14
enabling 19-14
Ethernet VLANs
adding 16-8
defaults and ranges 16-7
modifying 16-8
EUI 38-3
event detectors, embedded event manager 33-2
events, RMON 30-3
examples
network configuration 1-17
expedite queue for QoS 35-77
Express Setup 1-2
See also getting started guide
extended crashinfo file 48-18
extended-range VLANs
configuration guidelines 16-11
configuring 16-10
creating 16-12
creating with an internal VLAN ID 16-13
defined 16-1
extended system ID
MSTP 18-17
extended universal identifier
Extensible Authentication Protocol over LAN 12-1
external BGP
external neighbors, BGP 37-45
F
fa0 interface 1-6
fallback bridging
and protected ports 47-3
bridge groups
creating 47-3
described 47-1
displaying 47-10
function of 47-2
number supported 47-4
removing 47-4
bridge table
clearing 47-10
displaying 47-10
configuration guidelines 47-3
connecting interfaces with 14-7
default configuration 47-3
described 47-1
frame forwarding
flooding packets 47-2
forwarding packets 47-2
overview 47-1
protocol, unsupported 47-3
STP
disabling on an interface 47-9
forward-delay interval 47-8
hello BPDU interval 47-7
interface priority 47-6
maximum-idle interval 47-8
path cost 47-6
VLAN-bridge spanning-tree priority 47-5
VLAN-bridge STP 47-2
support for 1-13
SVIs and routed ports 47-1
unsupported protocols 47-3
VLAN-bridge STP 17-10
Fast Convergence 21-3
FCS bit error rate alarm
defined 3-3
FCS error hysteresis threshold 3-2
features, incompatible 25-12
FIB 37-86
fiber-optic, detecting unidirectional links 28-1
files
basic crashinfo
description 48-18
location 48-18
copying B-5
crashinfo, description 48-18
deleting B-5
displaying the contents of B-8
extended crashinfo
description 48-19
location 48-19
tar
creating B-6
displaying the contents of B-6
extracting B-7
image file format B-24
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-5
setting the default B-3
filtering
in a VLAN 34-29
non-IP traffic 34-27
show and more command output 2-9
filtering show and more command output 2-9
filters, IP
flash device, number of B-1
flexible authentication ordering
configuring 12-60
overview 12-27
Flex Link Multicast Fast Convergence 21-3
Flex Links
configuration guidelines 21-8
configuring 21-9
configuring preferred VLAN 21-12
configuring VLAN load balancing 21-11
default configuration 21-8
description 21-1
link load balancing 21-2
monitoring 21-14
VLANs 21-2
flooded traffic, blocking 25-8
flow-based packet classification 1-11
flowcharts
QoS classification 35-6
QoS egress queueing and scheduling 35-17
QoS ingress queueing and scheduling 35-15
QoS policing and marking 35-10
flowcontrol
configuring 14-18
described 14-18
forward-delay time
MSTP 18-23
STP 17-21
Forwarding Information Base
forwarding nonroutable protocols 47-1
FTP
accessing MIB files A-3
configuration files
downloading B-13
overview B-12
preparing the server B-13
uploading B-14
image files
deleting old image B-31
downloading B-29
preparing the server B-28
uploading B-31
G
general query 21-5
Generating IGMP Reports 21-3
get-bulk-request operation 32-3
get-next-request operation 32-3, 32-4
get-request operation 32-3, 32-4
get-response operation 32-3
global configuration mode 2-2
global leave, IGMP 24-13
global status monitoring alarms 3-2
guest VLAN and 802.1x 12-19
guide mode 1-2
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces 14-21
hello time
MSTP 18-22
STP 17-20
help, for the command line 2-3
hierarchical policy maps 35-8
configuration guidelines 35-33
configuring 35-52
described 35-11
history
changing the buffer size 2-6
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 31-10
host names, in clusters 6-13
host ports
configuring 14-11
kinds of 14-2
hosts, limit on dynamic ports 16-30
Hot Standby Router Protocol
HP OpenView 1-4
HSRP
authentication string 41-10
automatic cluster recovery 6-12
binding to cluster group 41-12
cluster standby group considerations 6-11
command-switch redundancy 1-7
configuring 41-4
default configuration 41-5
definition 41-1
guidelines 41-5
monitoring 41-13
object tracking 43-7
overview 41-1
priority 41-7
routing redundancy 1-12
support for ICMP redirect messages 41-12
timers 41-10
tracking 41-8
See also clusters, cluster standby group, and standby command switch
HSRP for IPv6
configuring 38-24
guidelines 38-23
HTTP over SSL
HTTPS 11-49
configuring 11-52
self-signed certificate 11-49
HTTP secure server 11-49
I
IBPG 37-40
ICMP
IPv6 38-4
redirect messages 37-11
support for 1-13
time-exceeded messages 48-12
traceroute and 48-12
unreachable messages 34-19
unreachable messages and IPv6 40-4
unreachables and ACLs 34-21
ICMP Echo operation
configuring 42-12
IP SLAs 42-11
ICMP ping
executing 48-9
overview 48-9
ICMP Router Discovery Protocol
ICMPv6 38-4
IDS appliances
and ingress RSPAN 29-19
and ingress SPAN 29-13
IEEE 1588 standard 8-1
IEEE 802.1D
IEEE 802.1p 18-1
IEEE 802.1Q
and trunk ports 14-3
configuration limitations 16-16
encapsulation 16-14
native VLAN for untagged traffic 16-20
tunneling
compatibility with other features 16-5
defaults 16-4
described 16-1
tunnel ports with other features 16-6
IEEE 802.1s
IEEE 802.1w
IEEE 802.1x
IEEE 802.3ad
IEEE 802.3x flow control 14-18
ifIndex values, SNMP 32-5
IFS 1-5
IGMP
configurable leave timer
described 24-6
enabling 24-11
configuring the switch
as a member of a group 45-38
statically connected member 45-42
controlling access to groups 45-39
default configuration 45-38
deleting cache entries 45-61
displaying groups 45-61
fast switching 45-42
flooded multicast traffic
controlling the length of time 24-12
disabling on an interface 24-13
global leave 24-13
query solicitation 24-13
recovering from flood mode 24-13
host-query interval, modifying 45-40
joining multicast group 24-3
join messages 24-3
leave processing, enabling 24-10, 39-8
leaving multicast group 24-5
multicast reachability 45-38
overview 45-3
queries 24-4
report suppression
described 24-6
supported versions 24-3
support for 1-3
Version 1
changing to Version 2 45-40
described 45-3
Version 2
changing to Version 1 45-40
described 45-3
maximum query response time value 45-42
pruning groups 45-42
query timeout value 45-41
IGMP filtering
configuring 24-24
default configuration 24-24
described 24-23
monitoring 24-28
support for 1-4
IGMP groups
configuring filtering 24-27
setting the maximum number 24-26
IGMP Immediate Leave
configuration guidelines 24-11
described 24-5
enabling 24-10
IGMP profile
applying 24-26
configuration mode 24-24
configuring 24-25
IGMP snooping
and address aliasing 24-2
configuring 24-6
default configuration 24-7, 39-5, 39-6
definition 24-2
enabling and disabling 24-7, 39-6
global configuration 24-7
Immediate Leave 24-5
method 24-8
querier
configuration guidelines 24-14
configuring 24-14
supported versions 24-3
support for 1-3
VLAN configuration 24-8
IGMP throttling
configuring 24-27
default configuration 24-24
described 24-24
displaying action 24-28
IGP 37-24
Immediate Leave, IGMP 24-5
enabling 39-8
inaccessible authentication bypass 12-21
support for multiauth ports 12-21
initial configuration
defaults 1-14
Express Setup 1-2
interface
range macros 14-11
interface configuration
REP 20-9
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 14-19
configuration guidelines
duplex and speed 14-16
configuring
procedure 14-9
counters, clearing 14-25
default configuration 14-13
described 14-20
descriptive name, adding 14-20
displaying information about 14-24
flow control 14-18
management 1-4
monitoring 14-24
naming 14-20
physical, identifying 14-7, 14-8
range of 14-9
restarting 14-26
shutting down 14-26
speed and duplex, configuring 14-17
status 14-24
supported 14-7
types of 14-1
interfaces range macro command 14-11
interface types 14-8
Interior Gateway Protocol
internal BGP
internal neighbors, BGP 37-45
Internet Control Message Protocol
Internet Group Management Protocol
Internet Protocol version 6
Intrusion Detection System
inventory management TLV 26-2, 26-6
IP ACLs
for QoS classification 35-7
implicit masks 34-9
named 34-14
undefined 34-20
IP addresses
128-bit 38-2
classes of 37-5
cluster access 6-2
command switch 6-3, 6-11, 6-13
default configuration 37-4
discovering 7-30
for IP routing 37-4
IPv6 38-2
MAC address association 37-8
monitoring 37-17
redundant clusters 6-11
standby command switch 6-11, 6-13
IP broadcast address 37-15
ip cef distributed command 37-86
IP directed broadcasts 37-13
ip igmp profile command 24-24
IP information
assigned
manually 4-14
through DHCP-based autoconfiguration 4-3
default configuration 4-3
IP multicast routing
addresses
all-hosts 45-3
all-multicast-routers 45-3
host group address range 45-3
administratively-scoped boundaries, described 45-46
and IGMP snooping 24-2
Auto-RP
adding to an existing sparse-mode cloud 45-25
benefits of 45-25
clearing the cache 45-61
configuration guidelines 45-11
filtering incoming RP announcement messages 45-28
overview 45-6
preventing candidate RP spoofing 45-28
preventing join messages to false RPs 45-27
setting up in a new internetwork 45-25
using with BSR 45-33
bootstrap router
configuration guidelines 45-11
configuring candidate BSRs 45-31
configuring candidate RPs 45-32
defining the IP multicast boundary 45-30
defining the PIM domain border 45-29
overview 45-7
using with Auto-RP 45-33
Cisco implementation 45-2
configuring
basic multicast routing 45-11
IP multicast boundary 45-46
default configuration 45-10
enabling
multicast forwarding 45-12
PIM mode 45-12
group-to-RP mappings
Auto-RP 45-6
BSR 45-7
MBONE
deleting sdr cache entries 45-61
described 45-44
displaying sdr cache 45-62
enabling sdr listener support 45-45
limiting DVMRP routes advertised 45-56
limiting sdr cache entry lifetime 45-45
SAP packets for conference session announcement 45-44
Session Directory (sdr) tool, described 45-44
monitoring
packet rate loss 45-62
peering devices 45-62
tracing a path 45-62
multicast forwarding, described 45-7
PIMv1 and PIMv2 interoperability 45-10
protocol interaction 45-2
reverse path check (RPF) 45-7
routing table
deleting 45-61
displaying 45-61
RP
assigning manually 45-23
configuring Auto-RP 45-25
configuring PIMv2 BSR 45-29
monitoring mapping information 45-33
using Auto-RP and BSR 45-33
statistics, displaying system and network 45-61
IP phones
and QoS 18-1
automatic classification and queueing 35-20
configuring 18-4
ensuring port security with QoS 35-38
trusted boundary for QoS 35-38
IP Port Security for Static Hosts
on a Layer 2 access port 22-19
on a PVLAN host port 22-23
IP precedence 35-2
IP-precedence-to-DSCP map for QoS 35-61
IP protocols
in ACLs 34-11
routing 1-12
IP routes, monitoring 37-99
IP routing
connecting interfaces with 14-7
disabling 37-18
enabling 37-18
IP Service Level Agreements
IP service levels, analyzing 42-1
IP SLAs
benefits 42-2
configuration guidelines 42-6
configuring object tracking 43-9
Control Protocol 42-4
default configuration 42-6
definition 42-1
ICMP echo operation 42-11
measuring network performance 42-3
monitoring 42-14
multioperations scheduling 42-5
object tracking 43-9
operation 42-3
reachability tracking 43-9
responder
described 42-4
enabling 42-8
response time 42-4
scheduling 42-5
SNMP support 42-2
supported metrics 42-2
threshold monitoring 42-6
track object monitoring agent, configuring 43-11
track state 43-9
UDP jitter operation 42-9
IP source guard
and 802.1x 22-18
and DHCP snooping 22-15
and EtherChannels 22-18
and port security 22-18
and private VLANs 22-18
and routed ports 22-17
and TCAM entries 22-18
and trunk interfaces 22-17
and VRF 22-18
binding configuration
automatic 22-15
manual 22-15
binding table 22-15
configuration guidelines 22-17
default configuration 22-17
described 22-15
disabling 22-19
displaying
active IP or MAC bindings 22-25
bindings 22-25
configuration 22-25
filtering
source IP address 22-16
source IP and MAC address 22-16
source IP address filtering 22-16
source IP and MAC address filtering 22-16
static bindings
deleting 22-19
static hosts 22-19
IP traceroute
executing 48-12
overview 48-12
IP unicast routing
address resolution 37-8
administrative distances 37-88, 37-98
ARP 37-8
assigning IP addresses to Layer 3 interfaces 37-5
authentication keys 37-98
broadcast
address 37-15
flooding 37-16
packets 37-13
storms 37-13
classless routing 37-6
configuring static routes 37-87
default
addressing configuration 37-4
gateways 37-11
networks 37-88
routes 37-88
routing 37-2
directed broadcasts 37-13
disabling 37-18
dynamic routing 37-3
enabling 37-18
EtherChannel Layer 3 interface 37-3
IGP 37-24
inter-VLAN 37-2
IP addressing
classes 37-5
configuring 37-4
IPv6 38-3
IRDP 37-11
Layer 3 interfaces 37-3
MAC address and IP address 37-8
passive interfaces 37-96
protocols
distance-vector 37-3
dynamic 37-3
link-state 37-3
proxy ARP 37-8
redistribution 37-89
reverse address resolution 37-8
routed ports 37-3
static routing 37-3
steps to configure 37-4
subnet mask 37-5
subnet zero 37-6
supernet 37-6
UDP 37-14
with SVIs 37-3
IPv4 ACLs
applying to interfaces 34-19
extended, creating 34-10
named 34-14
standard, creating 34-9
IPv4 and IPv6
dual protocol stacks 38-5
IPv6
ACLs
displaying 40-8
limitations 40-2
matching criteria 40-3
port 40-1
precedence 40-2
router 40-1
supported 40-2
addresses 38-2
address formats 38-2
applications 38-5
assigning address 38-10
autoconfiguration 38-5
CEFv6 38-18
configuring static routes 38-19
default configuration 38-10
default router preference (DRP) 38-4
defined 38-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 38-7
EIGRP IPv6 Commands 38-7
Router ID 38-7
feature limitations 38-8
features not supported 38-8
forwarding 38-10
ICMP 38-4
monitoring 38-26
neighbor discovery 38-4
OSPF 38-6
path MTU discovery 38-4
SDM templates 10-2, 39-1, 40-1
Stateless Autoconfiguration 38-5
supported features 38-2
switch limitations 38-8
understanding static routes 38-6
IPv6 traffic, filtering 40-3
IRDP
configuring 37-12
definition 37-11
support for 1-13
IS-IS
addresses 37-61
area routing 37-61
default configuration 37-63
monitoring 37-70
show commands 37-70
system routing 37-61
ISL
and IPv6 38-3
ISO CLNS
clear commands 37-70
dynamic routing protocols 37-61
monitoring 37-70
NETs 37-61
NSAPs 37-61
OSI standard 37-61
ISO IGRP
area routing 37-61
system routing 37-61
isolated port 14-2
J
join messages, IGMP 24-3
K
KDC
described 11-39
Kerberos
authenticating to
boundary switch 11-41
KDC 11-41
network services 11-42
configuration examples 11-38
configuring 11-42
credentials 11-39
cryptographic software image 11-38
described 11-39
KDC 11-39
operation 11-41
realm 11-40
server 11-40
support for 1-10
switch as trusted third party 11-39
terms 11-39
TGT 11-40
tickets 11-39
key distribution center
L
l2protocol-tunnel command 16-12
LACP
Layer 2 protocol tunneling 16-9
Layer 2 frames, classification with CoS 35-2
Layer 2 interfaces, default configuration 14-13
Layer 2 protocol tunneling
configuring 16-10
configuring for EtherChannels 16-14
default configuration 16-11
defined 16-8
guidelines 16-11
Layer 2 traceroute
and ARP 48-11
and CDP 48-10
broadcast traffic 48-10
described 48-10
IP addresses and subnets 48-11
MAC addresses and VLANs 48-11
multicast traffic 48-11
multiple devices on a port 48-11
unicast traffic 48-10
usage guidelines 48-10
Layer 3 features 1-12
Layer 3 interfaces
assigning IP addresses to 37-5
assigning IPv4 and IPv6 addresses to 38-13
assigning IPv6 addresses to 38-11
changing from Layer 2 mode 37-5, 37-78
types of 37-3
Layer 3 packets, classification methods 35-2
LDAP 5-2
Leaking IGMP Reports 21-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
line configuration mode 2-3
Link Aggregation Control Protocol
link failure, detecting unidirectional 18-7
link fault alarm 3-3
link integrity, verifying with REP 20-3
Link Layer Discovery Protocol
link local unicast addresses 38-3
link redundancy
links, unidirectional 28-1
link state advertisements (LSAs) 37-28
link-state protocols 37-3
link-state tracking
configuring 36-23
described 36-21
LLDP
configuring 26-4
characteristics 26-5
default configuration 26-4
enabling 26-5
monitoring and maintaining 26-10
overview 26-1
supported TLVs 26-1
switch stack considerations 26-2
transmission timer and holdtime, setting 26-5
LLDP-MED
configuring
procedures 26-4
TLVs 26-6
monitoring and maintaining 26-10
supported TLVs 26-2
LLDP Media Endpoint Discovery
load balancing 41-4
local SPAN 29-2
logging messages, ACL 34-8
login authentication
with RADIUS 11-28
with TACACS+ 11-14
login banners 7-17
log messages
Long-Reach Ethernet (LRE) technology 1-18
loop guard
described 19-9
enabling 19-15
support for 1-7
LRE profiles, considerations in switch clusters 6-14
M
MAB
MAB aging timer 1-8
MAB inactivity timer
default setting 12-31
range 12-34
MAC/PHY configuration status TLV 26-2
MAC addresses
aging time 7-21
and VLAN association 7-20
building the address table 7-20
default configuration 7-21
disabling learning on a VLAN 7-29
discovering 7-30
displaying 7-30
displaying in the IP source binding table 22-24
dynamic
learning 7-20
removing 7-22
in ACLs 34-27
IP address association 37-8
static
adding 7-27
characteristics of 7-26
dropping 7-28
removing 7-27
MAC address learning 1-5
MAC address learning, disabling on a VLAN 7-29
MAC address notification, support for 1-13
MAC address-table move update
configuration guidelines 21-8
configuring 21-12
default configuration 21-8
description 21-6
monitoring 21-14
MAC address-to-VLAN mapping 16-24
MAC authentication bypass 12-34
configuring 12-53
overview 12-15
MAC extended access lists
applying to Layer 2 interfaces 34-28
configuring for QoS 35-45
creating 34-27
defined 34-27
for QoS classification 35-5
magic packet 12-24
manageability features 1-5
management access
in-band
browser session 1-6
CLI session 1-6
device manager 1-6
SNMP 1-6
out-of-band console port connection 1-6
management address TLV 26-2
management options
CLI 2-1
clustering 1-3
CNS 5-1
Network Assistant 1-2
overview 1-4
management VLAN
considerations in switch clusters 6-7
discovery through different management VLANs 6-7
manual preemption, REP, configuring 20-13
mapping tables for QoS
configuring
CoS-to-DSCP 35-60
DSCP 35-60
DSCP-to-CoS 35-63
DSCP-to-DSCP-mutation 35-64
IP-precedence-to-DSCP 35-61
policed-DSCP 35-62
described 35-12
marking
action with aggregate policers 35-58
matching
IPv6 ACLs 40-3
IPv4 ACLs 34-7
maximum aging time
MSTP 18-23
STP 17-21
maximum hop count, MSTP 18-24
maximum number of allowed devices, port-based authentication 12-34
maximum-paths command 37-49, 37-87
MDA
configuration guidelines 12-12
exceptions with authentication process 12-5
membership mode, VLAN port 16-3
member switch
automatic discovery 6-4
defined 6-2
managing 6-14
passwords 6-13
recovering from lost connectivity 48-7
requirements 6-3
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 7-17
metrics, in BGP 37-49
metric translations, between routing protocols 37-92
metro tags 16-2
MHSRP 41-4
MIBs
accessing files with FTP A-3
location of files A-3
overview 32-1
SNMP interaction with 32-4
supported A-1
mirroring traffic for analysis 29-1
mismatches, autonegotiation 48-7
module number 14-8
monitoring
access groups 34-40
alarms 3-12
BGP 37-60
cables for unidirectional links 28-1
CDP 27-4
CEF 37-86
EIGRP 37-40
fallback bridging 47-10
features 1-13
Flex Links 21-14
HSRP 41-13
IEEE 802.1Q tunneling 16-17
IGMP
filters 24-28
interfaces 14-24
IP
address tables 37-17
multicast routing 45-60
routes 37-99
IP SLAs operations 42-14
IPv4 ACL configuration 34-40
IPv6 38-26
IPv6 ACL configuration 40-8
IS-IS 37-70
ISO CLNS 37-70
Layer 2 protocol tunneling 16-17
MAC address-table move update 21-14
MSDP peers 46-18
multicast router interfaces 24-16, 39-11
multi-VRF CE 37-85
MVR 24-23
network traffic for analysis with probe 29-2
object tracking 43-12
OSPF 37-32
port
blocking 25-19
protection 25-19
private VLANs 14-14
PROFINET 9-5
PTP 8-4
REP 20-13
RP mapping information 45-33
source-active messages 46-18
speed and duplex mode 14-17
SSM mapping 45-21
traffic flowing among switches 30-1
traffic suppression 25-19
tunneling 16-17
VLAN
filters 34-41
maps 34-41
VLANs 16-14
VMPS 16-29
VTP 17-16
mrouter Port 21-3
mrouter port 21-5
MSDP
benefits of 46-3
clearing MSDP connections and statistics 46-18
controlling source information
forwarded by switch 46-11
originated by switch 46-8
received by switch 46-13
default configuration 46-4
dense-mode regions
sending SA messages to 46-16
specifying the originating address 46-17
filtering
incoming SA messages 46-14
SA messages to a peer 46-12
SA requests from a peer 46-10
join latency, defined 46-6
meshed groups
configuring 46-15
defined 46-15
originating address, changing 46-17
overview 46-1
peer-RPF flooding 46-2
peers
configuring a default 46-4
monitoring 46-18
peering relationship, overview 46-1
requesting source information from 46-8
shutting down 46-15
source-active messages
caching 46-6
clearing cache entries 46-18
defined 46-2
filtering from a peer 46-10
filtering incoming 46-14
filtering to a peer 46-12
limiting data with TTL 46-13
monitoring 46-18
restricting advertised sources 46-9
support for 1-13
MSTP
boundary ports
configuration guidelines 18-15
described 18-6
BPDU filtering
described 19-3
enabling 19-12
BPDU guard
described 19-2
enabling 19-11
CIST, described 18-3
CIST root 18-5
configuration guidelines 18-14, 19-10
configuring
forward-delay time 18-23
hello time 18-22
link type for rapid convergence 18-24
maximum aging time 18-23
maximum hop count 18-24
MST region 18-15
neighbor type 18-25
path cost 18-20
port priority 18-19
root switch 18-17
secondary root switch 18-18
switch priority 18-21
CST
defined 18-3
operations between regions 18-4
default configuration 18-14
default optional feature configuration 19-9
displaying status 18-26
enabling the mode 18-15
EtherChannel guard
described 19-7
enabling 19-14
extended system ID
effects on root switch 18-17
effects on secondary root switch 18-18
unexpected behavior 18-17
IEEE 802.1s
implementation 18-6
port role naming change 18-6
terminology 18-5
instances supported 17-9
interface state, blocking to forwarding 19-2
interoperability and compatibility among modes 17-10
interoperability with IEEE 802.1D
described 18-8
restarting migration process 18-25
IST
defined 18-2
master 18-3
operations within a region 18-3
loop guard
described 19-9
enabling 19-15
mapping VLANs to MST instance 18-16
MST region
CIST 18-3
configuring 18-15
described 18-2
hop-count mechanism 18-5
IST 18-2
supported spanning-tree instances 18-2
optional features supported 1-7
overview 18-2
Port Fast
described 19-2
enabling 19-10
preventing root switch selection 19-8
root guard
described 19-8
enabling 19-15
root switch
configuring 18-17
effects of extended system ID 18-17
unexpected behavior 18-17
shutdown Port Fast-enabled port 19-2
status, displaying 18-26
multiauth
support for inaccessible authentication bypass 12-21
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 24-5
joining 24-3
leaving 24-5
multicast packets
ACLs on 34-40
blocking 25-8
multicast router interfaces, monitoring 24-16, 39-11
multicast router ports, adding 24-9, 39-8
Multicast Source Discovery Protocol
multicast storm 25-1
multicast storm-control command 25-4
multicast television application 24-17
multicast VLAN 24-17
Multicast VLAN Registration
multidomain authentication
multioperations scheduling, IP SLAs 42-5
multiple authentication 12-12
multiple authentication mode
configuring 12-40
Multiple HSRP
multiple VPN routing/forwarding in customer edge devices
multi-VRF CE
configuration example 37-81
configuration guidelines 37-74
configuring 37-73
default configuration 37-73
defined 37-71
displaying 37-85
monitoring 37-85
network components 37-73
packet-forwarding process 37-73
support for 1-13
MVR
and address aliasing 24-20
and IGMPv3 24-20
configuration guidelines 24-19
configuring interfaces 24-21
default configuration 24-19
described 24-17
example application 24-17
modes 24-20
monitoring 24-23
multicast television application 24-17
setting global parameters 24-20
support for 1-4
N
NAC
AAA down policy 1-10
critical authentication 12-21, 12-50
IEEE 802.1x authentication using a RADIUS server 12-55
IEEE 802.1x validation using RADIUS server 12-55
inaccessible authentication bypass 1-10, 12-50
Layer 2 IEEE 802.1x validation 1-10, 12-26, 12-55
Layer 2 IP validation 1-10
named IPv4 ACLs 34-14
NameSpace Mapper
native VLAN
and IEEE 802.1Q tunneling 16-4
configuring 16-20
default 16-20
NEAT
configuring 12-56
overview 12-28
neighbor discovery, IPv6 38-4
neighbor discovery/recovery, EIGRP 37-33
neighbor offset numbers, REP 20-4
neighbors, BGP 37-55
Network Admission Control
Network Assistant
benefits 1-2
described 1-4
downloading image files 1-2
guide mode 1-2
management options 1-2
upgrading a switch B-23
wizards 1-2
network configuration examples
increasing network performance 1-17
providing network services 1-17
network design
performance 1-17
services 1-17
Network Edge Access Topology
network management
CDP 27-1
RMON 30-1
SNMP 32-1
network performance, measuring with IP SLAs 42-3
Network Time Protocol
no commands 2-4
nonhierarchical policy maps
configuration guidelines 35-33
described 35-9
non-IP traffic filtering 34-27
nontrunking mode 16-15
normal-range VLANs 16-4
configuration guidelines 16-6
configuring 16-4
defined 16-1
no switchport command 14-4
not-so-stubby areas
NSAPs, as ISO IGRP addresses 37-61
NSF Awareness
IS-IS 37-63
NSM 5-3
NSSA, OSPF 37-28
NTP
associations
authenticating 7-4
defined 7-2
enabling broadcast messages 7-6
peer 7-5
server 7-5
default configuration 7-4
displaying the configuration 7-11
overview 7-2
restricting access
creating an access group 7-8
disabling NTP services per interface 7-10
source IP address, configuring 7-10
stratum 7-2
support for 1-5
synchronizing devices 7-5
time
services 7-2
synchronizing 7-2
O
object tracking
HSRP 43-7
IP SLAs 43-9
IP SLAs, configuring 43-9
monitoring 43-12
off mode, VTP 17-3
open1x
configuring 12-61
open1x authentication
overview 12-27
Open Shortest Path First
optimizing system resources 10-1
options, management 1-4
OSPF
area parameters, configuring 37-28
configuring 37-26
default configuration
metrics 37-30
route 37-30
settings 37-25
described 37-23
for IPv6 38-6
interface parameters, configuring 37-27
LSA group pacing 37-31
monitoring 37-32
router IDs 37-32
route summarization 37-29
support for 1-12
virtual links 37-30
out-of-profile markdown 1-12
P
packet modification, with QoS 35-19
PAgP
Layer 2 protocol tunneling 16-9
parallel paths, in routing tables 37-87
passive interfaces
configuring 37-96
OSPF 37-30
passwords
default configuration 11-2
disabling recovery of 11-5
encrypting 11-3
for security 1-9
in clusters 6-13
overview 11-1
recovery of 48-3
setting
enable 11-3
enable secret 11-3
Telnet 11-6
with usernames 11-6
VTP domain 17-8
path cost
MSTP 18-20
STP 17-18
path MTU discovery 38-4
PBR
defined 37-93
enabling 37-94
fast-switched policy-based routing 37-95
local policy-based routing 37-96
PC (passive command switch) 6-10
peers, BGP 37-55
percentage thresholds in tracked lists 43-6
performance, network design 1-17
performance features 1-3
persistent self-signed certificate 11-49
per-user ACLs and Filter-Ids 12-8
per-VLAN spanning-tree plus
PE to CE routing, configuring 37-80
physical ports 14-2
PIM
default configuration 45-10
dense mode
overview 45-4
rendezvous point (RP), described 45-5
RPF lookups 45-8
displaying neighbors 45-61
enabling a mode 45-12
overview 45-4
router-query message interval, modifying 45-36
shared tree and source tree, overview 45-34
shortest path tree, delaying the use of 45-35
sparse mode
join messages and shared tree 45-5
overview 45-5
prune messages 45-5
RPF lookups 45-8
stub routing
configuration guidelines 45-21
displaying 45-61
enabling 45-22
overview 45-5
support for 1-13
versions
interoperability 45-10
troubleshooting interoperability problems 45-34
v2 improvements 45-4
PIM-DVMRP, as snooping method 24-8
ping
character output description 48-10
executing 48-9
overview 48-9
policed-DSCP map for QoS 35-62
policers
configuring
for each matched traffic class 35-48
for more than one traffic class 35-58
described 35-4
displaying 35-78
number of 35-34
types of 35-9
policing
described 35-4
hierarchical
token-bucket algorithm 35-9
policy-based routing
policy maps for QoS
characteristics of 35-48
described 35-7
displaying 35-79
hierarchical 35-8
hierarchical on SVIs
configuration guidelines 35-33
configuring 35-52
described 35-11
nonhierarchical on physical ports
configuration guidelines 35-33
described 35-9
port ACLs
defined 34-2
types of 34-3
Port Aggregation Protocol
port-based authentication
accounting 12-14
authentication server
RADIUS server 12-3
configuration guidelines 12-32, 13-9
configuring
802.1x authentication 12-37
guest VLAN 12-47
host mode 12-40
inaccessible authentication bypass 12-50
manual re-authentication of a client 12-42
periodic re-authentication 12-41
quiet period 12-43
RADIUS server parameters on the switch 12-39, 13-11
restricted VLAN 12-48
switch-to-client frame-retransmission number 12-44, 12-45
switch-to-client retransmission time 12-43
default configuration 12-31, 13-9
described 12-1
displaying statistics 12-62, 13-17
downloadable ACLs and redirect URLs
configuring12-57to12-59, ??to 12-60
EAPOL-start frame 12-5
EAP-request/identity frame 12-5
EAP-response/identity frame 12-5
enabling
802.1X authentication 13-11
encapsulation 12-3
flexible authentication ordering
configuring 12-60
overview 12-27
guest VLAN
configuration guidelines 12-20, 12-21
described 12-19
host mode 12-11
inaccessible authentication bypass
configuring 12-50
described 12-21
guidelines 12-33
initiation and message exchange 12-5
magic packet 12-24
maximum number of allowed devices per port 12-34
method lists 12-37
multiple authentication 12-12
per-user ACLs
AAA authorization 12-37
configuration tasks 12-17
described 12-17
RADIUS server attributes 12-17
ports
authorization state and dot1x port-control command 12-10
authorized and unauthorized 12-10
voice VLAN 12-23
port security
and voice VLAN 12-24
described 12-23
interactions 12-23
multiple-hosts mode 12-11
readiness check
configuring 12-34
resetting to default values 12-62
statistics, displaying 12-62
switch
RADIUS client 12-3
switch supplicant
configuring 12-56
overview 12-28
user distribution
guidelines 12-26
overview 12-26
VLAN assignment
AAA authorization 12-37
characteristics 12-15
configuration tasks 12-16
described 12-15
voice aware 802.1x security
configuring 12-35
voice VLAN
described 12-23
PVID 12-23
VVID 12-23
wake-on-LAN, described 12-24
with ACLs and RADIUS Filter-Id attribute 12-29
port-based authentication methods, supported 12-7
port-channel
port description TLV 26-1
Port Fast
described 19-2
enabling 19-10
mode, spanning tree 16-26
support for 1-7
port membership modes, VLAN 16-3
port not forwarding alarm 3-3
port not operating alarm 3-3
port priority
MSTP 18-19
STP 17-17
ports
access 14-3
blocking 25-7
dual-purpose uplink 14-6
dynamic access 16-3
IEEE 802.1Q tunnel 16-4
protected 25-6
REP 20-6
routed 14-4
secure 25-8
switch 14-2
VLAN assignments 16-9
port security
aging 25-17
and private VLANs 25-18
and QoS trusted boundary 35-38
configuring 25-13
default configuration 25-11
described 25-8
displaying 25-19
enabling 25-18
on trunk ports 25-14
sticky learning 25-9
violations 25-10
with other features 25-11
port-shutdown response, VMPS 16-25
port status monitoring alarms
FCS bit error rate alarm 3-3
link fault alarm 3-3
port not forwarding alarm 3-3
port not operating alarm 3-3
port VLAN ID TLV 26-2
power management TLV 26-2, 26-7
power supply alarm, configuring 3-5
Precision Time Protocol
preempt delay time, REP 20-5
preemption, default configuration 21-8
preemption delay, default configuration 21-8
preferential treatment of traffic
prefix lists, BGP 37-53
preventing unauthorized access 11-1
primary edge port, REP 20-4
primary interface for object tracking, DHCP, configuring 43-11
primary interface for static routing, configuring 43-10
primary links 21-2
priority
HSRP 41-7
overriding CoS 18-6
trusting CoS 18-6
private VLAN edge ports
private VLANs
across multiple switches 14-4
and SDM template 14-4
and SVIs 14-5
benefits of 14-1
community ports 14-2
configuration guidelines 14-6, 14-7, 14-8
configuration tasks 14-6
configuring 14-9
default configuration 14-6
end station access to 14-3
IP addressing 14-3
isolated port 14-2
mapping 14-13
monitoring 14-14
ports
community 14-2
configuration guidelines 14-8
configuring host ports 14-11
configuring promiscuous ports 14-12
described 16-4
isolated 14-2
promiscuous 14-2
promiscuous ports 14-2
secondary VLANs 14-2
subdomains 14-1
traffic in 14-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 11-9
command switch 6-15
exiting 11-9
logging into 11-9
mapping on member switches 6-15
setting a command with 11-8
PROFINET 9-1
configuring 9-4
default configuration 9-4
displaying configuration 9-5
promiscuous ports
configuring 14-12
defined 14-2
protocol-dependent modules, EIGRP 37-34
Protocol-Independent Multicast Protocol
provider edge devices 37-72
proxy ARP
configuring 37-10
definition 37-8
with IP routing disabled 37-11
proxy reports 21-3
pruning, VTP
disabling
in VTP domain 17-14
on a port 16-20
enabling
in VTP domain 17-14
on a port 16-19
examples 17-6
overview 17-5
pruning-eligible list
changing 16-19
for VTP pruning 17-5
VLANs 17-14
PTP 8-1
configuring 8-3
default configuration 8-2
displaying configuration 8-4
PVST+
described 17-9
IEEE 802.1Q trunking interoperability 17-10
instances supported 17-9
Q
QoS
and MQC commands 35-1
auto-QoS
categorizing traffic 35-20
configuration and defaults display 35-29
configuration guidelines 35-25
described 35-20
disabling 35-27
displaying generated commands 35-27
displaying the initial configuration 35-29
effects on running configuration 35-25
egress queue defaults 35-21
enabling for VoIP 35-26
example configuration 35-28
ingress queue defaults 35-21
list of generated commands 35-22
basic model 35-4
classification
class maps, described 35-7
defined 35-4
DSCP transparency, described 35-40
flowchart 35-6
forwarding treatment 35-3
in frames and packets 35-3
MAC ACLs, described 35-5, 35-7
options for IP traffic 35-5
options for non-IP traffic 35-5
policy maps, described 35-7
trust DSCP, described 35-5
trusted CoS, described 35-5
trust IP precedence, described 35-5
class maps
configuring 35-46
displaying 35-78
configuration guidelines
auto-QoS 35-25
standard QoS 35-33
configuring
aggregate policers 35-58
auto-QoS 35-20
default port CoS value 35-38
DSCP maps 35-60
DSCP transparency 35-40
DSCP trust states bordering another domain 35-40
egress queue characteristics 35-70
ingress queue characteristics 35-66
IP extended ACLs 35-44
IP standard ACLs 35-43
MAC ACLs 35-45
policy maps, hierarchical 35-52
port trust states within the domain 35-36
trusted boundary 35-38
default auto configuration 35-20
default standard configuration 35-30
displaying statistics 35-78
DSCP transparency 35-40
egress queues
allocating buffer space 35-71
buffer allocation scheme, described 35-17
configuring shaped weights for SRR 35-75
configuring shared weights for SRR 35-76
described 35-4
displaying the threshold map 35-74
flowchart 35-17
mapping DSCP or CoS values 35-73
scheduling, described 35-4
setting WTD thresholds 35-71
WTD, described 35-18
enabling globally 35-35
flowcharts
classification 35-6
egress queueing and scheduling 35-17
ingress queueing and scheduling 35-15
policing and marking 35-10
implicit deny 35-7
ingress queues
allocating bandwidth 35-68
allocating buffer space 35-68
buffer and bandwidth allocation, described 35-16
configuring shared weights for SRR 35-68
configuring the priority queue 35-69
described 35-4
displaying the threshold map 35-67
flowchart 35-15
mapping DSCP or CoS values 35-66
priority queue, described 35-16
scheduling, described 35-4
setting WTD thresholds 35-66
WTD, described 35-16
IP phones
automatic classification and queueing 35-20
detection and trusted settings 35-20, 35-38
limiting bandwidth on egress interface 35-77
mapping tables
CoS-to-DSCP 35-60
displaying 35-78
DSCP-to-CoS 35-63
DSCP-to-DSCP-mutation 35-64
IP-precedence-to-DSCP 35-61
policed-DSCP 35-62
types of 35-12
marked-down actions 35-50, 35-55
overview 35-2
packet modification 35-19
policers
configuring 35-50, 35-55, 35-58
described 35-8
displaying 35-78
number of 35-34
types of 35-9
policies, attaching to an interface 35-8
policing
token bucket algorithm 35-9
policy maps
characteristics of 35-48
displaying 35-79
hierarchical 35-8
hierarchical on SVIs 35-52
nonhierarchical on physical ports 35-48
QoS label, defined 35-4
queues
configuring egress characteristics 35-70
configuring ingress characteristics 35-66
high priority (expedite) 35-19, 35-77
location of 35-13
SRR, described 35-14
WTD, described 35-13
rewrites 35-19
support for 1-11
trust states
bordering another domain 35-40
described 35-5
trusted device 35-38
within the domain 35-36
quality of service
queries, IGMP 24-4
query solicitation, IGMP 24-13
R
RADIUS
attributes
vendor-proprietary 11-36
vendor-specific 11-34
configuring
accounting 11-33
authentication 11-28
authorization 11-32
communication, global 11-26, 11-34
communication, per-server 11-26
multiple UDP ports 11-26
default configuration 11-26
defining AAA server groups 11-30
displaying the configuration 11-38
identifying the server 11-26
in clusters 6-14
limiting the services to the user 11-32
method list, defined 11-25
operation of 11-19
overview 11-18
server load balancing 11-38
suggested network environments 11-18
support for 1-10
tracking services accessed by user 11-33
RADIUS Change of Authorization 11-19
range
macro 14-11
of interfaces 14-10
rapid convergence 18-9
rapid per-VLAN spanning-tree plus
rapid PVST+
described 17-9
IEEE 802.1Q trunking interoperability 17-10
instances supported 17-9
Rapid Spanning Tree Protocol
RARP 37-8
rcommand command 6-14
RCP
configuration files
downloading B-17
overview B-15
preparing the server B-16
uploading B-18
image files
deleting old image B-35
downloading B-33
preparing the server B-32
uploading B-35
reachability, tracking IP SLAs IP host 43-9
readiness check
port-based authentication
configuring 12-34
real-time clock synchronization 8-1
reconfirmation interval, VMPS, changing 16-28
reconfirming dynamic VLAN membership 16-28
recovery procedures 48-1
redundancy
EtherChannel 36-3
HSRP 41-1
STP
backbone 17-8
path cost 16-23
port priority 16-21
redundant links and UplinkFast 19-13
reliable transport protocol, EIGRP 37-33
reloading software 4-21
Remote Authentication Dial-In User Service
Remote Copy Protocol
Remote Network Monitoring
Remote SPAN
remote SPAN 29-2
REP
administrative VLAN 20-8
administrative VLAN, configuring 20-8
age timer 20-8
and STP 20-6
configuration guidelines 20-7
configuring interfaces 20-9
convergence 20-4
default configuration 20-7
manual preemption, configuring 20-13
monitoring 20-13
neighbor offset numbers 20-4
open segment 20-2
ports 20-6
preempt delay time 20-5
primary edge port 20-4
ring segment 20-2
secondary edge port 20-4
segments 20-1
characteristics 20-2
SNMP traps, configuring 20-13
supported interfaces 20-1
triggering VLAN load balancing 20-5
verifying link integrity 20-3
VLAN blocking 20-12
VLAN load balancing 20-4
report suppression, IGMP
described 24-6
resequencing ACL entries 34-14
reserved addresses in DHCP pools 22-26
resets, in BGP 37-48
resetting a UDLD-shutdown interface 28-5
Resilient Ethernet Protocol
responder, IP SLAs
described 42-4
enabling 42-8
response time, measuring with IP SLAs 42-4
restricted VLAN
configuring 12-48
described 12-20
using with IEEE 802.1x 12-20
restricting access
NTP services 7-8
overview 11-1
passwords and privilege levels 11-2
RADIUS 11-17
TACACS+ 11-10
retry count, VMPS, changing 16-29
reverse address resolution 37-8
Reverse Address Resolution Protocol
RFC
1058, RIP 37-18
1112, IP multicast and IGMP 24-2
1157, SNMPv1 32-2
1163, BGP 37-40
1166, IP addresses 37-5
1253, OSPF 37-24
1267, BGP 37-40
1305, NTP 7-2
1587, NSSAs 37-24
1757, RMON 30-2
1771, BGP 37-40
1901, SNMPv2C 32-2
1902 to 1907, SNMPv2 32-2
2236, IP multicast and IGMP 24-2
2273-2275, SNMPv3 32-2
RFC 5176 Compliance 11-20
RIP
advertisements 37-18
authentication 37-21
configuring 37-20
default configuration 37-19
described 37-18
for IPv6 38-6
hop counts 37-19
split horizon 37-22
summary addresses 37-22
support for 1-12
RMON
default configuration 30-3
displaying status 30-6
enabling alarms and events 30-3
groups supported 30-2
overview 30-1
statistics
collecting group Ethernet 30-5
collecting group history 30-5
support for 1-14
root guard
described 19-8
enabling 19-15
support for 1-7
root switch
MSTP 18-17
STP 17-14
route calculation timers, OSPF 37-30
route dampening, BGP 37-59
routed packets, ACLs on 34-39
routed ports
configuring 37-3
defined 14-4
in switch clusters 6-8
route-map command 37-95
route maps
BGP 37-51
policy-based routing 37-93
router ACLs
defined 34-2
types of 34-4
route reflectors, BGP 37-58
router ID, OSPF 37-32
route selection, BGP 37-49
route summarization, OSPF 37-29
route targets, VPN 37-73
routing
default 37-2
dynamic 37-3
redistribution of information 37-89
static 37-3
routing domain confederation, BGP 37-58
Routing Information Protocol
routing protocol administrative distances 37-88
RSPAN
characteristics 29-8
configuration guidelines 29-15
default configuration 29-9
defined 29-2
destination ports 29-7
displaying status 29-22
interaction with other features 29-8
monitored ports 29-5
monitoring ports 29-7
received traffic 29-4
sessions
creating 29-16
defined 29-3
limiting source traffic to specific VLANs 29-21
specifying monitored ports 29-16
with ingress traffic enabled 29-19
source ports 29-5
transmitted traffic 29-5
VLAN-based 29-6
RSTP
active topology 18-9
BPDU
format 18-12
processing 18-12
designated port, defined 18-9
designated switch, defined 18-9
interoperability with IEEE 802.1D
described 18-8
restarting migration process 18-25
topology changes 18-13
overview 18-8
port roles
described 18-9
synchronized 18-11
proposal-agreement handshake process 18-10
rapid convergence
described 18-9
edge ports and Port Fast 18-9
point-to-point links 18-10, 18-24
root ports 18-10
root port, defined 18-9
running configuration
running configuration, saving 4-15
S
SC (standby command switch) 6-10
scheduled reloads 4-21
scheduling, IP SLAs operations 42-5
SCP
and SSH 11-55
configuring 11-55
SDM
templates
configuring 10-4
number of 10-1
SDM template 40-3
configuration guidelines 10-3
configuring 10-3
dual IPv4 and IPv6 10-2
types of 10-1
secondary edge port, REP 20-4
secondary VLANs 14-2
secure HTTP client
configuring 11-54
displaying 11-54
secure HTTP server
configuring 11-52
displaying 11-54
secure MAC addresses
deleting 25-16
maximum number of 25-10
types of 25-9
secure ports, configuring 25-8
secure remote connections 11-44
Secure Socket Layer
security, port 25-8
security features 1-8
sequence numbers in log messages 31-8
server mode, VTP 17-3
service-provider network, MSTP and RSTP 18-1
service-provider networks
and customer VLANs 16-2
and IEEE 802.1Q tunneling 16-1
Layer 2 protocols across 16-8
Layer 2 protocol tunneling for EtherChannels 16-9
set-request operation 32-4
setting a secondary temperature threshold 3-6, 3-7
setting power supply alarm options 3-5
setting the FCS error hysteresis threshold 3-9
setting the FCS error threshold 3-8
setup program
failed command switch replacement 48-6
replacing failed command switch 48-4
severity levels, defining in system messages 31-8
SFPs
monitoring status of 14-25, 48-8
security and identification 48-8
status, displaying 48-8
shaped round robin
show access-lists hw-summary command 34-21
show alarm commands 3-12
show and more command output, filtering 2-9
show cdp traffic command 27-5
show cluster members command 6-14
show configuration command 14-20
show forward command 48-16
show interfaces command 14-17, 14-20
show interfaces switchport 21-4
show l2protocol command 16-13, 16-15
show lldp traffic command 26-11
show platform forward command 48-16
show running-config command
displaying ACLs 34-19, 34-20, 34-31, 34-34
interface description in 14-20
shutdown command on interfaces 14-26
shutdown threshold for Layer 2 protocol packets 16-11
Simple Network Management Protocol
small-frame arrival rate, configuring 25-5
Smartports macros
applying Cisco-default macros 15-3
applying global parameter values 15-3
configuration guidelines 15-2
default configuration 15-1
displaying 15-5
tracing 15-2
SNAP 27-1
SNMP
accessing MIB variables with 32-4
agent
described 32-4
disabling 32-7
and IP SLAs 42-2
authentication level 32-10
community strings
configuring 32-8
for cluster switches 32-4
overview 32-4
configuration examples 32-17
default configuration 32-6
engine ID 32-7
host 32-7
ifIndex values 32-5
in-band management 1-6
in clusters 6-14
informs
and trap keyword 32-11
described 32-5
differences from traps 32-5
disabling 32-15
enabling 32-15
limiting access by TFTP servers 32-16
limiting system log messages to NMS 31-10
managing clusters with 6-15
MIBs
location of A-3
supported A-1
notifications 32-5
security levels 32-3
setting CPU threshold notification 32-15
status, displaying 32-18
system contact and location 32-16
trap manager, configuring 32-13
traps
differences from informs 32-5
disabling 32-15
enabling 32-11
enabling MAC address notification 7-22, 7-24, 7-25
types of 32-12
versions supported 32-2
SNMP and Syslog Over IPv6 38-7
SNMP traps
REP 20-13
SNMPv1 32-2
SNMPv2C 32-2
SNMPv3 32-2
snooping, IGMP 24-2
software images
location in flash B-23
recovery procedures 48-2
scheduling reloads 4-21
tar file format, described B-24
See also downloading and uploading
source addresses
in IPv4 ACLs 34-11
in IPv6 ACLs 40-5
source-and-destination-IP address based forwarding, EtherChannel 36-8
source-and-destination MAC address forwarding, EtherChannel 36-8
source-IP address based forwarding, EtherChannel 36-8
source-MAC address forwarding, EtherChannel 36-7
Source-specific multicast
SPAN
configuration guidelines 29-10
default configuration 29-9
destination ports 29-7
displaying status 29-22
interaction with other features 29-8
monitored ports 29-5
monitoring ports 29-7
ports, restrictions 25-12
received traffic 29-4
sessions
configuring ingress forwarding 29-14, 29-20
creating 29-11
defined 29-3
limiting source traffic to specific VLANs 29-14
removing destination (monitoring) ports 29-12
specifying monitored ports 29-11
with ingress traffic enabled 29-13
source ports 29-5
transmitted traffic 29-5
VLAN-based 29-6
spanning tree and native VLANs 16-16
Spanning Tree Protocol
SPAN traffic 29-4
split horizon, RIP 37-22
SRR
configuring
shaped weights on egress queues 35-75
shared weights on egress queues 35-76
shared weights on ingress queues 35-68
described 35-14
shaped mode 35-14
shared mode 35-14
support for 1-12
SSH
configuring 11-45
cryptographic software image 11-44
encryption methods 11-44
user authentication methods, supported 11-45
SSL
configuration guidelines 11-51
configuring a secure HTTP client 11-54
configuring a secure HTTP server 11-52
cryptographic software image 11-48
described 11-48
monitoring 11-54
SSM
address management restrictions 45-15
CGMP limitations 45-15
components 45-13
configuration guidelines 45-15
differs from Internet standard multicast 45-13
IGMP snooping 45-15
IGMPv3 45-13
IGMPv3 Host Signalling 45-14
IP address range 45-14
monitoring 45-16
operations 45-14
PIM 45-13
state maintenance limitations 45-15
SSM mapping 45-16
configuration guidelines 45-16
monitoring 45-21
overview 45-17
restrictions 45-17
static traffic forwarding 45-20
standby command switch
considerations 6-11
defined 6-2
priority 6-10
requirements 6-3
virtual IP address 6-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby ip command 41-6
standby links 21-2
standby router 41-1
standby timers, HSRP 41-10
startup configuration
booting
manually 4-18
specific image 4-19
clearing B-19
configuration file
automatically downloading 4-17
specifying the filename 4-17
default boot configuration 4-17
static access ports
assigning to VLAN 16-9
static addresses
static IP routing 1-13
static MAC addressing 1-9
static route primary interface,configuring 43-10
static routes
configuring 37-87
configuring for IPv6 38-19
understanding 38-6
static routing 37-3
static routing support, enhanced object tracking 43-10
static SSM mapping 45-17, 45-19
static traffic forwarding 45-20
static VLAN membership 16-2
statistics
802.1X 13-17
802.1x 12-62
CDP 27-4
interface 14-25
IP multicast routing 45-61
LLDP 26-10
LLDP-MED 26-10
NMSP 26-10
OSPF 37-32
QoS ingress and egress 35-78
RMON group Ethernet 30-5
RMON group history 30-5
SNMP input and output 32-18
VTP 17-16
sticky learning 25-9
storm control
configuring 25-3
described 25-1
disabling 25-5
displaying 25-19
support for 1-3
thresholds 25-1
STP
accelerating root port selection 19-4
and REP 20-6
BackboneFast
described 19-5
disabling 19-14
enabling 19-13
BPDU filtering
described 19-3
disabling 19-12
enabling 19-12
BPDU guard
described 19-2
disabling 19-12
enabling 19-11
BPDU message exchange 17-3
configuration guidelines 17-12, 19-10
configuring
forward-delay time 17-21
hello time 17-20
maximum aging time 17-21
path cost 17-18
port priority 17-17
root switch 17-14
secondary root switch 17-16
spanning-tree mode 17-13
switch priority 17-19
transmit hold-count 17-22
counters, clearing 17-22
default configuration 17-11
default optional feature configuration 19-9
designated port, defined 17-3
designated switch, defined 17-3
detecting indirect link failures 19-5
disabling 17-14
displaying status 17-22
EtherChannel guard
described 19-7
disabling 19-14
enabling 19-14
extended system ID
effects on root switch 17-14
effects on the secondary root switch 17-16
overview 17-4
unexpected behavior 17-15
features supported 1-7
IEEE 802.1D and bridge ID 17-4
IEEE 802.1D and multicast addresses 17-8
IEEE 802.1t and VLAN identifier 17-4
inferior BPDU 17-3
instances supported 17-9
interface state, blocking to forwarding 19-2
interface states
blocking 17-5
disabled 17-7
learning 17-6
listening 17-6
overview 17-4
interoperability and compatibility among modes 17-10
Layer 2 protocol tunneling 16-7
limitations with IEEE 802.1Q trunks 17-10
load sharing
overview 16-21
using path costs 16-23
using port priorities 16-21
loop guard
described 19-9
enabling 19-15
modes supported 17-9
multicast addresses, effect of 17-8
optional features supported 1-7
overview 17-2
path costs 16-23
Port Fast
described 19-2
enabling 19-10
port priorities 16-22
preventing root switch selection 19-8
protocols supported 17-9
redundant connectivity 17-8
root guard
described 19-8
enabling 19-15
root port, defined 17-3
root switch
configuring 17-15
effects of extended system ID 17-4, 17-14
election 17-3
unexpected behavior 17-15
shutdown Port Fast-enabled port 19-2
status, displaying 17-22
superior BPDU 17-3
timers, described 17-20
UplinkFast
described 19-3
enabling 19-13
VLAN-bridge 17-10
stratum, NTP 7-2
stub areas, OSPF 37-28
stub routing, EIGRP 37-39
subdomains, private VLAN 14-1
subnet mask 37-5
subnet zero 37-6
success response, VMPS 16-25
summer time 7-13
SunNet Manager 1-4
supernet 37-6
supported port-based authentication methods 12-7
SVI autostate exclude
configuring 14-22
defined 14-5
SVI link state 14-5
SVIs
and IP unicast routing 37-3
and router ACLs 34-4
connecting VLANs 14-6
defined 14-4
routing between VLANs 16-2
switch 38-2
switch clustering technology 6-1
switch console port 1-6
Switch Database Management
switched packets, ACLs on 34-38
Switched Port Analyzer
switched ports 14-2
switchport backup interface 21-4, 21-5
switchport block multicast command 25-8
switchport block unicast command 25-8
switchport command 14-13
switchport mode dot1q-tunnel command 16-6
switchport protected command 25-7
switch priority
MSTP 18-21
STP 17-19
switch software features 1-1
switch virtual interface
synchronization, BGP 37-45
synchronization, real-time clocks 8-1
syslog
system capabilities TLV 26-2
system clock
configuring
daylight saving time 7-13
manually 7-11
summer time 7-13
time zones 7-12
displaying the time and date 7-12
overview 7-1
system description TLV 26-2
system message logging
default configuration 31-3
defining error message severity levels 31-8
disabling 31-4
displaying the configuration 31-13
enabling 31-4
facility keywords, described 31-13
level keywords, described 31-9
limiting messages 31-10
message format 31-2
overview 31-1
sequence numbers, enabling and disabling 31-8
setting the display destination device 31-5
synchronizing log messages 31-6
syslog facility 1-14
time stamps, enabling and disabling 31-7
UNIX syslog servers
configuring the daemon 31-12
configuring the logging facility 31-12
facilities supported 31-13
system MTU
and IS-IS LSPs 37-66
system MTU and IEEE 802.1Q tunneling 16-5
system name
default configuration 7-15
default setting 7-15
manual configuration 7-15
system name TLV 26-2
system prompt, default setting 7-14, 7-15
system resources, optimizing 10-1
system routing
IS-IS 37-61
ISO IGRP 37-61
T
TACACS+
accounting, defined 11-11
authentication, defined 11-11
authorization, defined 11-11
configuring
accounting 11-17
authentication key 11-13
authorization 11-16
login authentication 11-14
default configuration 11-13
displaying the configuration 11-17
identifying the server 11-13
in clusters 6-14
limiting the services to the user 11-16
operation of 11-12
overview 11-10
support for 1-10
tracking services accessed by user 11-17
tagged packets
IEEE 802.1Q 16-3
Layer 2 protocol 16-7
tar files
creating B-6
displaying the contents of B-6
extracting B-7
image file format B-24
TCL script, registering and defining with embedded event manager 33-6
TDR 1-14
Telnet
accessing management interfaces 2-10
number of connections 1-6
setting a password 11-6
temperature alarms, configuring 3-6, 3-7
temporary self-signed certificate 11-49
Terminal Access Controller Access Control System Plus
terminal lines, setting a password 11-6
TFTP
configuration files
downloading B-11
preparing the server B-10
uploading B-11
configuration files in base directory 4-7
configuring for autoconfiguration 4-7
image files
deleting B-27
downloading B-25
preparing the server B-25
uploading B-27
limiting access by servers 32-16
TFTP server 1-5
threshold, traffic level 25-2
threshold monitoring, IP SLAs 42-6
time
Time Domain Reflector
time-range command 34-16
time ranges in ACLs 34-16
time stamps in log messages 31-7
time zones 7-12
TLVs
defined 26-1
LLDP 26-1
LLDP-MED 26-2
Token Ring VLANs
support for 16-6
VTP support 17-4
ToS 1-11
traceroute, Layer 2
and ARP 48-11
and CDP 48-10
broadcast traffic 48-10
described 48-10
IP addresses and subnets 48-11
MAC addresses and VLANs 48-11
multicast traffic 48-11
multiple devices on a port 48-11
unicast traffic 48-10
usage guidelines 48-10
traceroute command 48-12
tracked lists
configuring 43-3
types 43-3
tracked objects
by Boolean expression 43-4
by threshold percentage 43-6
by threshold weight 43-5
tracking interface line-protocol state 43-2
tracking IP routing state 43-2
tracking objects 43-1
tracking process 43-1
track state, tracking IP SLAs 43-9
traffic
blocking flooded 25-8
fragmented 34-5
fragmented IPv6 40-2
unfragmented 34-5
traffic policing 1-12
traffic suppression 25-1
transmit hold-count
transparent mode, VTP 17-3
trap-door mechanism 4-2
traps
configuring MAC address notification 7-22, 7-24, 7-25
configuring managers 32-11
defined 32-3
enabling 7-22, 7-24, 7-25, 32-11
notification types 32-12
triggering alarm options
configurable relays 3-3
methods 3-3
SNMP traps 3-4
syslog messages 3-4
troubleshooting
connectivity problems 48-8, 48-10, 48-11
CPU utilization 48-19
detecting unidirectional links 28-1
displaying crash information 48-18
PIMv1 and PIMv2 interoperability problems 45-34
setting packet forwarding 48-16
SFP security and identification 48-8
show forward command 48-16
with CiscoWorks 32-4
with debug commands 48-14
with ping 48-9
with system message logging 31-1
with traceroute 48-12
trunk failover
trunking encapsulation 1-8
trunk ports
configuring 16-17
trunks
allowed-VLAN list 16-18
load sharing
setting STP path costs 16-23
using STP port priorities 16-21, 16-22
native VLAN for untagged traffic 16-20
parallel 16-23
pruning-eligible list 16-19
to non-DTP device 16-15
trusted boundary for QoS 35-38
trusted port states
between QoS domains 35-40
classification options 35-5
ensuring port security for IP phones 35-38
support for 1-12
within a QoS domain 35-36
trustpoints, CA 11-49
tunneling
defined 16-1
IEEE 802.1Q 16-1
Layer 2 protocol 16-8
tunnel ports
defined 16-4
IEEE 802.1Q, configuring 16-6
incompatibilities with other features 16-5
twisted-pair Ethernet, detecting unidirectional links 28-1
type of service
U
UDLD
configuration guidelines 28-4
default configuration 28-3
disabling
globally 28-5
on fiber-optic interfaces 28-5
per interface 28-5
echoing detection mechanism 28-2
enabling
globally 28-4
per interface 28-5
Layer 2 protocol tunneling 16-10
link-detection mechanism 28-1
neighbor database 28-2
overview 28-1
resetting an interface 28-5
status, displaying 28-6
support for 1-7
UDP, configuring 37-14
UDP jitter, configuring 42-9
UDP jitter operation, IP SLAs 42-9
unauthorized ports with IEEE 802.1x 12-10
unicast MAC address filtering 1-5
and adding static addresses 7-28
and broadcast MAC addresses 7-27
and CPU packets 7-27
and multicast addresses 7-27
and router MAC addresses 7-27
configuration guidelines 7-27
described 7-27
unicast storm 25-1
unicast storm control command 25-4
unicast traffic, blocking 25-8
UniDirectional Link Detection protocol
UNIX syslog servers
daemon configuration 31-12
facilities supported 31-13
message logging configuration 31-12
unrecognized Type-Length-Value (TLV) support 17-4
upgrading software images
UplinkFast
described 19-3
disabling 19-13
enabling 19-13
support for 1-7
uploading
configuration files
reasons for B-8
using FTP B-14
using RCP B-18
using TFTP B-11
image files
reasons for B-23
using FTP B-31
using RCP B-35
using TFTP B-27
User Datagram Protocol
user EXEC mode 2-2
username-based authentication 11-6
V
version-dependent transparent mode 17-4
virtual IP address
cluster standby group 6-11
command switch 6-11
Virtual Private Network
virtual switches and PAgP 36-5
vlan.dat file 16-5
VLAN 1, disabling on a trunk port 16-19
VLAN 1 minimization 16-18
VLAN ACLs
vlan-assignment response, VMPS 16-25
VLAN blocking, REP 20-12
VLAN configuration
at bootup 16-7
saving 16-7
VLAN configuration mode 2-2
VLAN database
and startup configuration file 16-7
and VTP 17-1
VLAN configuration saved in 16-7
VLANs saved in 16-4
vlan dot1q tag native command 16-4
VLAN filtering and SPAN 29-6
vlan global configuration command 16-7
VLAN ID, discovering 7-30
VLAN link state 14-5
VLAN load balancing
REP 20-4
VLAN load balancing, triggering 20-5
VLAN load balancing on flex links 21-2
configuration guidelines 21-8
VLAN management domain 17-2
VLAN Management Policy Server
VLAN map entries, order of 34-30
VLAN maps
applying 34-34
common uses for 34-34
configuration guidelines 34-30
configuring 34-29
creating 34-31
defined 34-2
denying access to a server example 34-35
denying and permitting packets 34-31
displaying 34-41
examples of ACLs and VLAN maps 34-32
removing 34-34
support for 1-9
wiring closet configuration example 34-35
VLAN membership
confirming 16-28
modes 16-3
VLAN Query Protocol
VLANs
adding 16-8
adding to VLAN database 16-8
aging dynamic addresses 17-9
allowed on trunk 16-18
and spanning-tree instances 16-3, 16-6, 16-11
configuration guidelines, extended-range VLANs 16-11
configuration guidelines, normal-range VLANs 16-6
configuring 16-1
configuring IDs 1006 to 4094 16-11
connecting through SVIs 14-6
creating 16-8
customer numbering in service-provider networks 16-3
default configuration 16-7
deleting 16-9
displaying 16-14
features 1-8
illustrated 16-2
internal 16-11
limiting source traffic with RSPAN 29-21
limiting source traffic with SPAN 29-14
modifying 16-8
multicast 24-17
native, configuring 16-20
number supported 1-8
parameters 16-5
port membership modes 16-3
static-access ports 16-9
STP and IEEE 802.1Q trunks 17-10
supported 16-2
Token Ring 16-6
traffic between 16-2
VTP modes 17-3
VLAN Trunking Protocol
VLAN trunks 16-14
VMPS
administering 16-29
configuration example 16-30
configuration guidelines 16-26
default configuration 16-26
description 16-24
dynamic port membership
described 16-25
reconfirming 16-28
troubleshooting 16-30
entering server address 16-27
mapping MAC addresses to VLANs 16-24
monitoring 16-29
reconfirmation interval, changing 16-28
reconfirming membership 16-28
retry count, changing 16-29
voice aware 802.1x security
port-based authentication
configuring 12-35
voice-over-IP 18-1
voice VLAN
Cisco 7960 phone, port connections 18-1
configuration guidelines 18-3
configuring IP phones for data traffic
override CoS of incoming frame 18-6
trust CoS priority of incoming frame 18-6
configuring ports for voice traffic in
802.1p priority tagged frames 18-5
802.1Q frames 18-5
connecting to an IP phone 18-4
default configuration 18-3
described 18-1
displaying 18-7
IP phone data traffic, described 18-2
IP phone voice traffic, described 18-2
VPN
configuring routing in 37-80
forwarding 37-73
in service provider networks 37-71
routes 37-72
VPN routing and forwarding table
VRF
defining 37-73
tables 37-71
VRF-aware services
ARP 37-77
configuring 37-76
ftp 37-79
HSRP 37-78
ping 37-77
SNMP 37-77
syslog 37-78
tftp 37-79
traceroute 37-79
VTP
adding a client to a domain 17-15
advertisements 16-16, 17-3, 17-4
and extended-range VLANs 16-3, 17-1
and normal-range VLANs 16-2, 17-1
client mode, configuring 17-12
configuration
guidelines 17-8
requirements 17-10
saving 17-8
configuration requirements 17-10
configuration revision number
guideline 17-15
resetting 17-16
consistency checks 17-4
default configuration 17-7
described 17-1
domain names 17-8
domains 17-2
Layer 2 protocol tunneling 16-7
modes
client 17-3
off 17-3
server 17-3
transitions 17-3
transparent 17-3
monitoring 17-16
passwords 17-8
pruning
disabling 17-14
enabling 17-14
examples 17-6
overview 17-5
support for 1-8
pruning-eligible list, changing 16-19
server mode, configuring 17-10, 17-13
statistics 17-16
support for 1-8
Token Ring support 17-4
transparent mode, configuring 17-10
using 17-1
Version
enabling 17-13
version, guidelines 17-9
Version 1 17-4
Version 2
configuration guidelines 17-9
overview 17-4
Version 3
overview 17-5
W
WCCP
authentication 44-3
configuration guidelines 44-5
default configuration 44-5
described 44-1
displaying 44-9
dynamic service groups 44-3
enabling 44-6
features unsupported 44-4
forwarding method 44-3
Layer-2 header rewrite 44-3
MD5 security 44-3
message exchange 44-2
monitoring and maintaining 44-9
negotiation 44-3
packet redirection 44-3
packet-return method 44-3
redirecting traffic received from a client 44-6
setting the password 44-6
unsupported WCCPv2 features 44-4
web authentication 12-15
configuring13-16to ??
described 1-8
web-based authentication
customizeable web pages 13-6
description 13-1
web-based authentication, interactions with other features 13-7
Web Cache Communication Protocol
weighted tail drop
weight thresholds in tracked lists 43-5
wired location service
configuring 26-9
displaying 26-10
location TLV 26-2
understanding 26-3
wizards 1-2
WTD
described 35-13
setting thresholds
egress queue-sets 35-71
ingress queues 35-66
support for 1-12
X
Xmodem protocol 48-2
Feedback