Index A
AAA down policy, NAC Layer 2 IP validation 1-10
abbreviating commands 2-4
ABRs 41-24
AC (command switch) 6-10
access-class command 38-19
access control entries
See ACEs
access control entry (ACE) 45-3
access-denied response, VMPS 16-25
access groups
applying IPv4 ACLs to interfaces 38-20
Layer 2 38-20
Layer 3 38-20
accessing
clusters, switch 6-13
command switches 6-11
member switches 6-13
switch clusters 6-13
access lists
See ACLs
access ports
and Layer 2 protocol tunneling 20-10
defined 14-3
in switch clusters 6-9
accounting
with 802.1x 12-48
with IEEE 802.1x 12-14
with RADIUS 11-35
with TACACS+ 11-11, 11-17
ACEs
and QoS 39-7
defined 38-2
Ethernet 38-2
IP 38-2
ACLs
ACEs 38-2
any keyword 38-12
applying
on bridged packets 38-38
on multicast packets 38-40
on routed packets 38-39
on switched packets 38-38
time ranges to 38-16
to an interface 38-19, 45-7
to IPv6 interfaces 45-7
to QoS 39-7
classifying traffic for QoS 39-43
comments in 38-18
compiling 38-22
defined 38-1, 38-7
examples of 38-22, 39-43
extended IP, configuring for QoS classification 39-44
extended IPv4
creating 38-10
matching criteria 38-7
hardware and software handling 38-21
host keyword 38-12
IP
creating 38-7
fragments and QoS guidelines 39-33
implicit deny 38-9, 38-14, 38-15
implicit masks 38-9
matching criteria 38-7
undefined 38-21
IPv4
applying to interfaces 38-19
creating 38-7
matching criteria 38-7
named 38-14
numbers 38-8
terminal lines, setting on 38-19
unsupported features 38-7
IPv6
applying to interfaces 45-7
configuring 45-3, 45-4
displaying 45-8
interactions with other features 45-4
limitations 45-2, 45-3
matching criteria 45-3
named 45-2
precedence of 45-2
supported 45-2
unsupported features 45-3
Layer 4 information in 38-37
logging messages 38-8
MAC extended 38-27, 39-45
matching 38-7, 38-20, 45-3
monitoring 38-41, 45-8
named, IPv4 38-14
named, IPv6 45-2
names 45-4
number per QoS class map 39-33
port 38-2, 45-1
precedence of 38-2
QoS 39-7, 39-43
resequencing entries 38-14
router 38-2, 45-1
router ACLs and VLAN map configuration guidelines 38-37
standard IP, configuring for QoS classification 39-43
standard IPv4
creating 38-9
matching criteria 38-7
support for 1-8
support in hardware 38-21
time ranges 38-16
types supported 38-2
unsupported features, IPv4 38-7
unsupported features, IPv6 45-3
using router ACLs with VLAN maps 38-36
VLAN maps
configuration guidelines 38-30
configuring 38-29
active link 25-4, 25-5, 25-6
active links 25-2
active router 46-1
active traffic monitoring, IP SLAs 47-1
address aliasing 28-2
addresses
displaying the MAC address table 7-23
dynamic
accelerated aging 21-8
changing the aging time 7-14
default aging 21-8
defined 7-12
learning 7-13
removing 7-15
IPv6 42-2
MAC, discovering 7-23
multicast
group address range 50-3
STP address management 21-8
static
adding and removing 7-19
defined 7-12
address resolution 7-23, 41-8
Address Resolution Protocol
See ARP
adjacency tables, with CEF 41-87
administrative distances
defined 41-99
OSPF 41-30
routing protocol defaults 41-89
administrative VLAN
REP, configuring 24-8
administrative VLAN, REP 24-8
advertisements
CDP 32-1
LLDP 31-1, 31-2
RIP 41-18
VTP 16-16, 17-3
age timer, REP 24-8
aggregatable global unicast addresses 42-3
aggregate addresses, BGP 41-57
aggregated ports
See EtherChannel
aggregate policers 39-58
aggregate policing 1-11
aging, accelerating 21-8
aging time
accelerated
for MSTP 22-23
for STP 21-8, 21-21
MAC address table 7-14
maximum
for MSTP 22-23, 22-24
for STP 21-21, 21-22
alarm profiles
configuring 3-12
creating or modifying 3-11
alarms
displaying 3-13
power supply 3-2
temperature 3-2
alarms, RMON 34-3
allowed-VLAN list 16-18
application engines, redirecting traffic to 49-1
area border routers
See ABRs
area routing
IS-IS 41-62
ISO IGRP 41-62
ARP
configuring 41-9
defined 1-5, 7-23, 41-8
encapsulation 41-10
static cache configuration 41-9
table
address resolution 7-23
managing 7-23
ASBRs 41-24
AS-path filters, BGP 41-52
associating the temperature alarms to a relay 3-9
asymmetrical links, and IEEE 802.1Q tunneling 20-4
attaching an alarm profile to a port 3-12
attributes, RADIUS
vendor-proprietary 11-38
vendor-specific 11-36
attribute-value pairs 12-12, 12-15, 12-20
authentication
EIGRP 41-38
HSRP 46-10
local mode with AAA 11-44
open1x 12-29
RADIUS
key 11-28
login 11-30
TACACS+
defined 11-11
key 11-13
login 11-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 12-8
authentication failed VLAN
See restricted VLAN
authentication keys, and routing protocols 41-99
authentication manager
CLI commands 12-9
compatibility with older 802.1x CLI commands 12-9 to ??
overview 12-7
authoritative time source, described 7-2
authorization
with RADIUS 11-34
with TACACS+ 11-11, 11-16
authorized ports with IEEE 802.1x 12-10
autoconfiguration 4-3
auto enablement 12-30
automatic discovery
considerations
beyond a noncandidate device 6-7
brand new switches 6-9
connectivity 6-4
different VLANs 6-6
management VLANs 6-7
non-CDP-capable devices 6-6
noncluster-capable devices 6-6
routed ports 6-8
in switch clusters 6-4
See also CDP
automatic QoS
See QoS
automatic recovery, clusters 6-10
See also HSRP
auto-MDIX
configuring 14-23
described 14-23
autonegotiation
duplex mode 1-2
interface configuration guidelines 14-20
mismatches 53-8
autonomous system boundary routers
See ASBRs
autonomous systems, in BGP 41-45
Auto-RP, described 50-6
autosensing, port speed 1-2
Auto Smartports macros
displaying 15-5
autostate exclude 14-5
auxiliary VLAN
See voice VLAN
availability, features 1-6
B
BackboneFast
described 23-5
disabling 23-14
enabling 23-13
backup interfaces
See Flex Links
backup links 25-2
backup static routing, configuring 48-11
banners
configuring
login 7-12
message-of-the-day login 7-11
default configuration 7-10
when displayed 7-10
Berkeley r-tools replacement 11-56
BGP
aggregate addresses 41-57
aggregate routes, configuring 41-57
CIDR 41-57
clear commands 41-61
community filtering 41-54
configuring neighbors 41-55
default configuration 41-43
described 41-42
enabling 41-45
monitoring 41-61
multipath support 41-49
neighbors, types of 41-45
path selection 41-49
peers, configuring 41-55
prefix filtering 41-53
resetting sessions 41-48
route dampening 41-60
route maps 41-51
route reflectors 41-59
routing domain confederation 41-58
routing session with multi-VRF CE 41-81
show commands 41-61
supernets 41-57
support for 1-12
Version 4 41-42
binding cluster group and HSRP group 46-12
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 26-7
DHCP snooping database 26-7
IP source guard 26-16
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 29-7
Boolean expressions in tracked lists 48-4
booting
boot loader, function of 4-2
boot process 4-2
manually 4-18
specific image 4-19
boot loader
accessing 4-19
described 4-2
environment variables 4-19
prompt 4-19
trap-door mechanism 4-2
bootstrap router (BSR), described 50-7
Border Gateway Protocol
See BGP
BPDU
error-disabled state 23-2
filtering 23-3
RSTP format 22-12
BPDU filtering
described 23-3
disabling 23-12
enabling 23-12
support for 1-7
BPDU guard
described 23-2
disabling 23-12
enabling 23-11
support for 1-7
bridged packets, ACLs on 38-38
bridge groups
See fallback bridging
bridge protocol data unit
See BPDU
broadcast flooding 41-16
broadcast packets
directed 41-13
flooded 41-13
broadcast storm-control command 29-4
broadcast storms 29-1, 41-13
C
cables, monitoring for unidirectional links 33-1
candidate switch
automatic discovery 6-4
defined 6-3
requirements 6-3
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility 12-8
CA trustpoint
configuring 11-53
defined 11-50
CDP
and trusted boundary 39-39
automatic discovery in switch clusters 6-4
configuring 32-2
default configuration 32-2
defined with LLDP 31-1
described 32-1
disabling for routing device 32-4
enabling and disabling
on an interface 32-4
on a switch 32-4
Layer 2 protocol tunneling 20-7
monitoring 32-5
overview 32-1
power negotiation extensions 14-7
support for 1-5
transmission timer and holdtime, setting 32-3
updates 32-3
CEF
defined 41-86
enabling 41-87
IPv6 42-18
CGMP
as IGMP snooping learning method 28-8
clearing cached group entries 50-60
enabling server support 50-43
joining multicast group 28-3
overview 50-9
server support only 50-9
switch support of 1-3
CIDR 41-57
CipherSuites 11-52
Cisco 7960 IP Phone 18-1
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco intelligent power management 14-7
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
See IFS
Cisco IOS IP SLAs 47-1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 12-20
attribute-value pairs for redirect URL 12-20
Cisco Secure ACS configuration guide 12-59
CiscoWorks 2000 1-4, 36-4
CISP 12-30
CIST regional root
See MSTP
CIST root
See MSTP
civic location 31-2
classless interdomain routing
See CIDR
classless routing 41-6
class maps for QoS
configuring 39-46
described 39-7
displaying 39-78
class of service
See CoS
clearing interfaces 14-33
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-4
editing features
enabling and disabling 2-7
keystroke editing 2-8
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
managing clusters 6-14
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client mode, VTP 17-3
client processes, tracking 48-1
CLNS
See ISO CLNS
clock
See system clock
clusters, switch
accessing 6-13
automatic discovery 6-4
automatic recovery 6-10
benefits 1-2
compatibility 6-4
described 6-1
LRE profile considerations 6-14
managing
through CLI 6-14
through SNMP 6-15
planning 6-4
planning considerations
automatic discovery 6-4
automatic recovery 6-10
CLI 6-14
host names 6-13
IP addresses 6-13
LRE profiles 6-14
passwords 6-13
RADIUS 6-14
SNMP 6-14, 6-15
TACACS+ 6-14
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
and HSRP group 46-12
automatic recovery 6-12
considerations 6-11
defined 6-2
requirements 6-3
virtual IP address 6-11
See also HSRP
CNS 1-4
Configuration Engine
configID, deviceID, hostname 5-3
configuration service 5-2
described 5-1
event service 5-3
embedded agents
described 5-5
enabling automated configuration 5-6
enabling configuration agent 5-9
enabling event agent 5-7
management functions 1-4
CoA Request Commands 11-24
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 11-8
command switch
accessing 6-11
active (AC) 6-10
configuration conflicts 53-7
defined 6-1
passive (PC) 6-10
password privilege levels 6-15
priority 6-10
recovery
from command-switch failure 6-10, 53-4
from lost member connectivity 53-7
redundant 6-10
replacing
with another switch 53-6
with cluster member 53-4
requirements 6-3
standby (SC) 6-10
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 41-54
community ports 19-2
community strings
configuring 6-14, 36-8
for cluster switches 36-4
in clusters 6-14
overview 36-4
SNMP 6-14
community VLANs 19-2, 19-3
compatibility, feature 29-12
config.text 4-17
configurable leave timer, IGMP 28-6
configuration, initial
defaults 1-14
Express Setup 1-2
configuration changes, logging 35-10
configuration conflicts, recovering from lost member connectivity 53-7
configuration examples, network 1-17
configuration files
archiving A-18
clearing the startup configuration A-18
creating using a text editor A-9
default name 4-17
deleting a stored configuration A-18
described A-8
downloading
automatically 4-17
preparing A-10, A-12, A-15
reasons for A-8
using FTP A-13
using RCP A-16
using TFTP A-10
guidelines for creating and using A-8
guidelines for replacing and rolling back A-19
invalid combinations when copying A-5
limiting TFTP server access 36-16
obtaining with DHCP 4-9
password recovery disable considerations 11-5
replacing a running configuration A-18, A-19
rolling back a running configuration A-18, A-19
specifying the filename 4-17
system contact and location information 36-16
types and location A-9
uploading
preparing A-10, A-12, A-15
reasons for A-8
using FTP A-14
using RCP A-17
using TFTP A-11
configuration guidelines
REP 24-7
configuration guidelines, multi-VRF CE 41-74
configuration logger 35-10
configuration logging 2-5
configuration replacement A-18
configuration rollback A-18
configuration settings, saving 4-15
configure terminal command 14-13
configuring 802.1x user distribution 12-55
configuring port-based authentication violation modes 12-38 to 12-39
configuring small-frame arrival rate 29-5
config-vlan mode 2-2
conflicts, configuration 53-7
connections, secure remote 11-46
connectivity problems 53-9, 53-11, 53-12
consistency checks in VTP Version 2 17-4
console port, connecting to 2-10
content-routing technology
See WCCP
control protocol, IP SLAs 47-4
convergence
REP 24-4
corrupted software, recovery steps with Xmodem 53-2
CoS
override priority 18-6
trust priority 18-6
CoS input queue threshold map for QoS 39-16
CoS output queue threshold map for QoS 39-18
CoS-to-DSCP map for QoS 39-61
counters, clearing interface 14-33
CPU utilization, troubleshooting 53-20
crashinfo file 53-19
critical authentication, IEEE 802.1x 12-51
critical VLAN 12-23
cryptographic software image
Kerberos 11-40
SSH 11-45
SSL 11-50
customer edge devices 41-72
customjzeable web pages, web-based authentication 13-6
D
DACL
See downloadable ACL
daylight saving time 7-6
debugging
enabling all system diagnostics 53-16
enabling for a specific feature 53-16
redirecting error message output 53-16
using commands 53-15
default commands 2-4
default configuration
802.1x 12-33
auto-QoS 39-20
banners 7-10
BGP 41-43
booting 4-17
CDP 32-2
DHCP 26-9
DHCP option 82 26-9
DHCP snooping 26-9
DHCP snooping binding database 26-9
DNS 7-9
dynamic ARP inspection 27-5
EIGRP 41-34
EtherChannel 40-10
Ethernet interfaces 14-17
fallback bridging 52-3
Flex Links 25-7, 25-8
HSRP 46-5
IEEE 802.1Q tunneling 20-4
IGMP 50-38
IGMP filtering 28-24
IGMP snooping 28-7, 44-5, 44-6
IGMP throttling 28-24
initial switch information 4-3
IP addressing, IP routing 41-4
IP multicast routing 50-10
IP SLAs 47-6
IP source guard 26-18
IPv6 42-10
IS-IS 41-63
Layer 2 interfaces 14-17
Layer 2 protocol tunneling 20-11
LLDP 31-4
MAC address table 7-14
MAC address-table move update 25-8
MSDP 51-4
MSTP 22-14
multi-VRF CE 41-74
MVR 28-19
optional spanning-tree configuration 23-9
OSPF 41-25
password and privilege level 11-3
PIM 50-10
private VLANs 19-6
PROFINET 9-4
PTP 8-2
RADIUS 11-27
REP 24-7
RIP 41-19
RMON 34-3
RSPAN 30-9
SDM template 10-3
SNMP 36-6
SPAN 30-9
SSL 11-52
standard QoS 39-30
STP 21-11
system message logging 35-3
system name and prompt 7-8
TACACS+ 11-13
UDLD 33-4
VLAN, Layer 2 Ethernet interfaces 16-16
VLANs 16-7
VMPS 16-26
voice VLAN 18-3
VTP 17-7
WCCP 49-5
default gateway 4-15, 41-11
default networks 41-90
default router preference
See DRP
default routes 41-89
default routing 41-2
default web-based authentication configuration
802.1X 13-9
deleting VLANs 16-9
denial-of-service attack 29-1
description command 14-27
designing your network, examples 1-17
destination addresses
in IPv4 ACLs 38-11
in IPv6 ACLs 45-5
destination-IP address-based forwarding, EtherChannel 40-8
destination-MAC address forwarding, EtherChannel 40-8
detecting indirect link failures, STP 23-5
device A-22
device discovery protocol 31-1, 32-1
device manager
benefits 1-2
described 1-2, 1-4
in-band management 1-5
upgrading a switch A-22
DHCP
Cisco IOS server database
configuring 26-14
default configuration 26-9
described 26-7
DHCP for IPv6
See DHCPv6
enabling
relay agent 26-11
DHCP-based autoconfiguration
client request message exchange 4-4
configuring
client side 4-4
DNS 4-8
relay device 4-8
server side 4-6
TFTP server 4-7
example 4-9
lease options
for IP address information 4-6
for receiving the configuration file 4-7
overview 4-3
relationship to BOOTP 4-4
relay support 1-4, 1-13
support for 1-4
DHCP-based autoconfiguration and image update
configuring 4-11 to 4-14
understanding 4-5 to 4-6
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP object tracking, configuring primary interface 48-10
DHCP option 82
circuit ID suboption 26-5
configuration guidelines 26-9
default configuration 26-9
displaying 26-16
forwarding address, specifying 26-11
helper address 26-11
overview 26-4
packet format, suboption
circuit ID 26-5
remote ID 26-5
remote ID suboption 26-5
DHCP server port-based address allocation
configuration guidelines 26-27
default configuration 26-27
described 26-26
displaying 26-29
enabling 26-27
reserved addresses 26-27
DHCP server port-based address assignment
support for 1-5
DHCP snooping
accepting untrusted packets form edge switch 26-3, 26-13
and private VLANs 26-14
binding database
See DHCP snooping binding database
configuration guidelines 26-9
default configuration 26-9
displaying binding tables 26-16
message exchange process 26-4
option 82 data insertion 26-4
trusted interface 26-2
untrusted interface 26-2
untrusted messages 26-2
DHCP snooping binding database
adding bindings 26-15
binding file
format 26-8
location 26-7
bindings 26-7
clearing agent statistics 26-15
configuration guidelines 26-10
configuring 26-15
default configuration 26-9
deleting
binding file 26-15
bindings 26-15
database agent 26-15
described 26-7
displaying 26-16
binding entries 26-16
status and statistics 26-16
enabling 26-15
entry 26-7
renewing database 26-15
resetting
delay value 26-15
timeout value 26-15
DHCP snooping binding table
See DHCP snooping binding database
DHCPv6
configuration guidelines 42-15
default configuration 42-15
described 42-6
enabling client function 42-17
enabling DHCPv6 server function 42-15
support for 1-13
Differentiated Services architecture, QoS 39-2
Differentiated Services Code Point 39-2
Diffusing Update Algorithm (DUAL) 41-33
directed unicast requests 1-5
directories
changing A-4
creating and removing A-4
displaying the working A-4
discovery, clusters
See automatic discovery
displaying switch alarms 3-13
Distance Vector Multicast Routing Protocol
See DVMRP
distance-vector protocols 41-3
distribute-list command 41-98
DNS
and DHCP-based autoconfiguration 4-8
default configuration 7-9
displaying the configuration 7-10
in IPv6 42-3
overview 7-8
setting up 7-9
support for 1-4
DNS-based SSM mapping 50-18, 50-19
domain names
DNS 7-8
VTP 17-8
Domain Name System
See DNS
domains, ISO IGRP routing 41-62
dot1q-tunnel switchport mode 16-15
double-tagged packets
IEEE 802.1Q tunneling 20-2
Layer 2 protocol tunneling 20-10
downloadable ACL 12-18, 12-20, 12-59
downloading
configuration files
preparing A-10, A-12, A-15
reasons for A-8
using FTP A-13
using RCP A-16
using TFTP A-10
image files
deleting old image A-25
preparing A-24, A-27, A-31
reasons for A-22
using FTP A-28
using HTTP A-22
using RCP A-32
using TFTP A-24
using the device manager or Network Assistant A-22
drop threshold for Layer 2 protocol packets 20-11
DRP
configuring 42-13
described 42-4
IPv6 42-4
support for 1-13
DSCP 1-11, 39-2
DSCP input queue threshold map for QoS 39-16
DSCP output queue threshold map for QoS 39-18
DSCP-to-CoS map for QoS 39-64
DSCP-to-DSCP-mutation map for QoS 39-65
DSCP transparency 39-40
DTP 1-7, 16-15
dual-action detection 40-5
DUAL finite state machine, EIGRP 41-34
dual IPv4 and IPv6 templates 10-2, 42-5
dual protocol stacks
IPv4 and IPv6 42-5
SDM templates supporting 42-6
dual-purpose uplinks
defined 14-6
LEDs 14-6
link selection 14-6, 14-18
setting the type 14-18
DVMRP
autosummarization
configuring a summary address 50-57
disabling 50-59
connecting PIM domain to DVMRP router 50-50
enabling unicast routing 50-53
interoperability
with Cisco devices 50-48
with Cisco IOS software 50-8
mrinfo requests, responding to 50-52
neighbors
advertising the default route to 50-51
discovery with Probe messages 50-48
displaying information 50-52
prevent peering with nonpruning 50-55
rejecting nonpruning 50-54
overview 50-8
routes
adding a metric offset 50-59
advertising all 50-59
advertising the default route to neighbors 50-51
caching DVMRP routes learned in report messages 50-53
changing the threshold for syslog messages 50-56
deleting 50-60
displaying 50-61
favoring one over another 50-59
limiting the number injected into MBONE 50-56
limiting unicast route advertisements 50-48
routing table 50-9
source distribution tree, building 50-9
support for 1-13
tunnels
configuring 50-50
displaying neighbor information 50-52
dynamic access ports
characteristics 16-3
configuring 16-27
defined 14-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 27-1
ARP requests, described 27-1
ARP spoofing attack 27-1
clearing
log buffer 27-15
statistics 27-15
configuration guidelines 27-5
configuring
ACLs for non-DHCP environments 27-8
in DHCP environments 27-7
log buffer 27-12
rate limit for incoming ARP packets 27-4, 27-10
default configuration 27-5
denial-of-service attacks, preventing 27-10
described 27-1
DHCP snooping binding database 27-2
displaying
ARP ACLs 27-14
configuration and operating state 27-14
log buffer 27-15
statistics 27-15
trust state and rate limit 27-14
error-disabled state for exceeding rate limit 27-4
function of 27-2
interface trust states 27-3
log buffer
clearing 27-15
configuring 27-12
displaying 27-15
logging of dropped packets, described 27-4
man-in-the middle attack, described 27-2
network security issues and interface trust states 27-3
priority of ARP ACLs and DHCP snooping entries 27-4
rate limiting of ARP packets
configuring 27-10
described 27-4
error-disabled state 27-4
statistics
clearing 27-15
displaying 27-15
validation checks, performing 27-11
dynamic auto trunking mode 16-15
dynamic desirable trunking mode 16-15
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 16-25
reconfirming 16-28
troubleshooting 16-30
types of connections 16-27
dynamic routing 41-3
ISO CLNS 41-62
Dynamic Trunking Protocol
See DTP
E
EBGP 41-41
editing features
enabling and disabling 2-7
keystrokes used 2-8
wrapped lines 2-9
EIGRP
authentication 41-38
components 41-34
configuring 41-36
default configuration 41-34
definition 41-33
interface parameters, configuring 41-37
monitoring 41-40
stub routing 41-39
ELIN location 31-2
embedded event manager
actions 37-4
configuring 37-1, 37-5
displaying information 37-6
environmental variables 37-4
event detectors 37-2
policies 37-4
registering and defining an applet 37-5
registering and defining a TCL script 37-6
understanding 37-1
enable password 11-4
enable secret password 11-4
enabling SNMP traps 3-13
encryption, CipherSuite 11-52
encryption for passwords 11-4
Enhanced IGRP
See EIGRP
enhanced object tracking
backup static routing 48-11
commands 48-1
defined 48-1
DHCP primary interface 48-10
HSRP 48-7
IP routing state 48-2
IP SLAs 48-9
line-protocol state 48-2
network monitoring with IP SLAs 48-11
routing policy, configuring 48-11
static route primary interface 48-10
tracked lists 48-3
enhanced object tracking static routing 48-10
environmental variables, embedded event manager 37-4
environment variables, function of 4-20
equal-cost routing 1-12, 41-88
error-disabled state, BPDU 23-2
error messages during command entry 2-5
EtherChannel
automatic creation of 40-4, 40-6
channel groups
binding physical and logical interfaces 40-3
numbering of 40-3
configuration guidelines 40-10
configuring
Layer 2 interfaces 40-11
Layer 3 physical interfaces 40-14
Layer 3 port-channel logical interfaces 40-13
default configuration 40-10
described 40-2
displaying status 40-20
forwarding methods 40-7, 40-16
IEEE 802.3ad, described 40-6
interaction
with STP 40-10
with VLANs 40-11
LACP
described 40-6
displaying status 40-20
hot-standby ports 40-18
interaction with other features 40-7
modes 40-6
port priority 40-19
system priority 40-19
Layer 3 interface 41-3
load balancing 40-7, 40-16
logical interfaces, described 40-3
PAgP
aggregate-port learners 40-16
compatibility with Catalyst 1900 40-17
described 40-4
displaying status 40-20
interaction with other features 40-6
interaction with virtual switches 40-5
learn method and priority configuration 40-16
modes 40-5
support for 1-3
with dual-action detection 40-5
port-channel interfaces
described 40-3
port groups 14-6
support for 1-3
EtherChannel guard
described 23-7
disabling 23-14
enabling 23-14
Ethernet VLANs
adding 16-8
defaults and ranges 16-7
modifying 16-8
EUI 42-3
event detectors, embedded event manager 37-2
events, RMON 34-3
examples
network configuration 1-17
expedite queue for QoS 39-76
Express Setup 1-2
See also getting started guide
extended crashinfo file 53-19
extended-range VLANs
configuration guidelines 16-11
configuring 16-10
creating 16-12
creating with an internal VLAN ID 16-13
defined 16-1
extended system ID
MSTP 22-17
STP 21-4, 21-14
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 12-1
external BGP
See EBGP
external neighbors, BGP 41-45
F
fa0 interface 1-5
fallback bridging
and protected ports 52-3
bridge groups
creating 52-3
described 52-1
displaying 52-10
function of 52-2
number supported 52-4
removing 52-4
bridge table
clearing 52-10
displaying 52-10
configuration guidelines 52-3
connecting interfaces with 14-12
default configuration 52-3
described 52-1
frame forwarding
flooding packets 52-2
forwarding packets 52-2
overview 52-1
protocol, unsupported 52-3
STP
disabling on an interface 52-9
forward-delay interval 52-8
hello BPDU interval 52-7
interface priority 52-6
maximum-idle interval 52-8
path cost 52-6
VLAN-bridge spanning-tree priority 52-5
VLAN-bridge STP 52-2
support for 1-12
SVIs and routed ports 52-1
unsupported protocols 52-3
VLAN-bridge STP 21-10
Fast Convergence 25-3
FCS bit error rate alarm
configuring 3-10
defined 3-3
FCS error hysteresis threshold 3-2
features, incompatible 29-12
FIB 41-87
fiber-optic, detecting unidirectional links 33-1
files
basic crashinfo
description 53-19
location 53-19
copying A-5
crashinfo, description 53-19
deleting A-5
displaying the contents of A-8
extended crashinfo
description 53-20
location 53-20
tar
creating A-6
displaying the contents of A-6
extracting A-7
image file format A-22
file system
displaying available file systems A-2
displaying file information A-3
local file system names A-1
network file system names A-5
setting the default A-2
filtering
in a VLAN 38-29
IPv6 traffic 45-3, 45-7
non-IP traffic 38-27
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
See ACLs, IP
flash device, number of A-1
flexible authentication ordering
configuring 12-62
overview 12-28
Flex Link Multicast Fast Convergence 25-3
Flex Links
configuration guidelines 25-8
configuring 25-8, 25-9
configuring preferred VLAN 25-11
configuring VLAN load balancing 25-10
default configuration 25-7
description 25-1
link load balancing 25-2
monitoring 25-14
VLANs 25-2
flooded traffic, blocking 29-8
flow-based packet classification 1-11
flowcharts
QoS classification 39-6
QoS egress queueing and scheduling 39-17
QoS ingress queueing and scheduling 39-15
QoS policing and marking 39-10
flowcontrol
configuring 14-22
described 14-22
forward-delay time
MSTP 22-23
STP 21-21
Forwarding Information Base
See FIB
forwarding nonroutable protocols 52-1
FTP
configuration files
downloading A-13
overview A-12
preparing the server A-12
uploading A-14
image files
deleting old image A-29
downloading A-28
preparing the server A-27
uploading A-29
G
general query 25-5
Generating IGMP Reports 25-3
get-bulk-request operation 36-3
get-next-request operation 36-3, 36-4
get-request operation 36-3, 36-4
get-response operation 36-3
global configuration mode 2-2
global leave, IGMP 28-13
global status monitoring alarms 3-2
guest VLAN and 802.1x 12-21
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces 14-28
hello time
MSTP 22-22
STP 21-20
help, for the command line 2-3
hierarchical policy maps 39-8
configuration guidelines 39-33
configuring 39-52
described 39-11
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 35-10
host names, in clusters 6-13
host ports
configuring 19-11
kinds of 19-2
hosts, limit on dynamic ports 16-30
Hot Standby Router Protocol
See HSRP
HP OpenView 1-4
HSRP
authentication string 46-10
automatic cluster recovery 6-12
binding to cluster group 46-12
cluster standby group considerations 6-11
command-switch redundancy 1-6
configuring 46-4
default configuration 46-5
definition 46-1
guidelines 46-6
monitoring 46-13
object tracking 48-7
overview 46-1
priority 46-8
routing redundancy 1-12
support for ICMP redirect messages 46-12
timers 46-11
tracking 46-8
See also clusters, cluster standby group, and standby command switch
HSRP for IPv6
configuring 42-24
guidelines 42-23
HTTP over SSL
see HTTPS
HTTPS 11-50
configuring 11-54
self-signed certificate 11-51
HTTP secure server 11-50
I
IBPG 41-41
ICMP
IPv6 42-4
redirect messages 41-11
support for 1-12
time-exceeded messages 53-13
traceroute and 53-13
unreachable messages 38-20
unreachable messages and IPv6 45-4
unreachables and ACLs 38-21
ICMP Echo operation
configuring 47-12
IP SLAs 47-11
ICMP ping
executing 53-10
overview 53-10
ICMP Router Discovery Protocol
See IRDP
ICMPv6 42-4
IDS appliances
and ingress RSPAN 30-19
and ingress SPAN 30-13
IEEE 802.1D
See STP
IEEE 802.1p 18-1
IEEE 802.1Q
and trunk ports 14-3
configuration limitations 16-16
encapsulation 16-14
native VLAN for untagged traffic 16-20
tunneling
compatibility with other features 20-5
defaults 20-4
described 20-1
tunnel ports with other features 20-6
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3ad, PoE+ 14-7
IEEE 802.3x flow control 14-22
ifIndex values, SNMP 36-5
IFS 1-5
IGMP
configurable leave timer
described 28-6
enabling 28-11
configuring the switch
as a member of a group 50-38
statically connected member 50-42
controlling access to groups 50-39
default configuration 50-38
deleting cache entries 50-61
displaying groups 50-61
fast switching 50-42
flooded multicast traffic
controlling the length of time 28-12
disabling on an interface 28-13
global leave 28-13
query solicitation 28-13
recovering from flood mode 28-13
host-query interval, modifying 50-40
joining multicast group 28-3
join messages 28-3
leave processing, enabling 28-10, 44-8
leaving multicast group 28-5
multicast reachability 50-38
overview 50-2
queries 28-4
report suppression
described 28-6
disabling 28-15, 44-11
supported versions 28-3
support for 1-3
Version 1
changing to Version 2 50-40
described 50-3
Version 2
changing to Version 1 50-40
described 50-3
maximum query response time value 50-42
pruning groups 50-42
query timeout value 50-41
IGMP filtering
configuring 28-24
default configuration 28-24
described 28-23
monitoring 28-28
support for 1-3
IGMP groups
configuring filtering 28-27
setting the maximum number 28-26
IGMP helper 1-3, 50-6
IGMP Immediate Leave
configuration guidelines 28-11
described 28-5
enabling 28-10
IGMP profile
applying 28-25
configuration mode 28-24
configuring 28-25
IGMP snooping
and address aliasing 28-2
configuring 28-6
default configuration 28-7, 44-5, 44-6
definition 28-2
enabling and disabling 28-7, 44-6
global configuration 28-7
Immediate Leave 28-5
method 28-8
monitoring 28-15, 44-11
querier
configuration guidelines 28-14
configuring 28-14
supported versions 28-3
support for 1-3
VLAN configuration 28-8
IGMP throttling
configuring 28-27
default configuration 28-24
described 28-24
displaying action 28-28
IGP 41-24
Immediate Leave, IGMP 28-5
enabling 44-8
inaccessible authentication bypass 12-23
support for multiauth ports 12-23
initial configuration
defaults 1-14
Express Setup 1-2
interface
range macros 14-15
interface command 14-12 to 14-13
interface configuration
REP 24-9
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 14-23
configuration guidelines
duplex and speed 14-20
configuring
procedure 14-13
counters, clearing 14-33
default configuration 14-17
described 14-27
descriptive name, adding 14-27
displaying information about 14-32
flow control 14-22
management 1-4
monitoring 14-32
naming 14-27
physical, identifying 14-12
range of 14-14
restarting 14-33
shutting down 14-33
speed and duplex, configuring 14-21
status 14-32
supported 14-12
types of 14-1
interfaces range macro command 14-15
interface types 14-12
Interior Gateway Protocol
See IGP
internal BGP
See IBGP
internal neighbors, BGP 41-45
Internet Control Message Protocol
See ICMP
Internet Group Management Protocol
See IGMP
Internet Protocol version 6
See IPv6
inter-VLAN routing 1-12, 41-2
Intrusion Detection System
See IDS appliances
inventory management TLV 31-2, 31-6
IP ACLs
for QoS classification 39-7
implicit deny 38-9, 38-14
implicit masks 38-9
named 38-14
undefined 38-21
IP addresses
128-bit 42-2
candidate or member 6-3, 6-13
classes of 41-5
cluster access 6-2
command switch 6-3, 6-11, 6-13
default configuration 41-4
discovering 7-23
for IP routing 41-4
IPv6 42-2
MAC address association 41-8
monitoring 41-17
redundant clusters 6-11
standby command switch 6-11, 6-13
See also IP information
IP broadcast address 41-15
ip cef distributed command 41-87
IP directed broadcasts 41-13
ip igmp profile command 28-24
IP information
assigned
manually 4-14
through DHCP-based autoconfiguration 4-3
default configuration 4-3
IP multicast routing
addresses
all-hosts 50-3
all-multicast-routers 50-3
host group address range 50-3
administratively-scoped boundaries, described 50-45
and IGMP snooping 28-2
Auto-RP
adding to an existing sparse-mode cloud 50-25
benefits of 50-25
clearing the cache 50-61
configuration guidelines 50-11
filtering incoming RP announcement messages 50-28
overview 50-6
preventing candidate RP spoofing 50-28
preventing join messages to false RPs 50-27
setting up in a new internetwork 50-25
using with BSR 50-33
bootstrap router
configuration guidelines 50-11
configuring candidate BSRs 50-31
configuring candidate RPs 50-32
defining the IP multicast boundary 50-30
defining the PIM domain border 50-29
overview 50-7
using with Auto-RP 50-33
Cisco implementation 50-1
configuring
basic multicast routing 50-11
IP multicast boundary 50-45
default configuration 50-10
enabling
multicast forwarding 50-12
PIM mode 50-12
group-to-RP mappings
Auto-RP 50-6
BSR 50-7
MBONE
deleting sdr cache entries 50-61
described 50-44
displaying sdr cache 50-62
enabling sdr listener support 50-45
limiting DVMRP routes advertised 50-56
limiting sdr cache entry lifetime 50-45
SAP packets for conference session announcement 50-44
Session Directory (sdr) tool, described 50-44
monitoring
packet rate loss 50-62
peering devices 50-62
tracing a path 50-62
multicast forwarding, described 50-7
PIMv1 and PIMv2 interoperability 50-10
protocol interaction 50-2
reverse path check (RPF) 50-7
routing table
deleting 50-61
displaying 50-61
RP
assigning manually 50-23
configuring Auto-RP 50-25
configuring PIMv2 BSR 50-29
monitoring mapping information 50-33
using Auto-RP and BSR 50-33
statistics, displaying system and network 50-61
See also CGMP
See also DVMRP
See also IGMP
See also PIM
IP phones
and QoS 18-1
automatic classification and queueing 39-20
configuring 18-4
ensuring port security with QoS 39-38
trusted boundary for QoS 39-38
IP Port Security for Static Hosts
on a Layer 2 access port 26-20
on a PVLAN host port 26-23
IP precedence 39-2
IP-precedence-to-DSCP map for QoS 39-62
IP protocols
in ACLs 38-11
routing 1-12
IP routes, monitoring 41-100
IP routing
connecting interfaces with 14-11
disabling 41-18
enabling 41-18
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 47-1
IP SLAs
benefits 47-2
configuration guidelines 47-6
configuring object tracking 48-9
Control Protocol 47-4
default configuration 47-6
definition 47-1
ICMP echo operation 47-11
measuring network performance 47-3
monitoring 47-13
multioperations scheduling 47-5
object tracking 48-9
operation 47-3
reachability tracking 48-9
responder
described 47-4
enabling 47-8
response time 47-4
scheduling 47-5
SNMP support 47-2
supported metrics 47-2
threshold monitoring 47-6
track object monitoring agent, configuring 48-11
track state 48-9
UDP jitter operation 47-9
IP source guard
and 802.1x 26-19
and DHCP snooping 26-16
and EtherChannels 26-19
and port security 26-19
and private VLANs 26-19
and routed ports 26-18
and TCAM entries 26-19
and trunk interfaces 26-18
and VRF 26-19
binding configuration
automatic 26-16
manual 26-16
binding table 26-16
configuration guidelines 26-18
default configuration 26-18
described 26-16
disabling 26-20
displaying
active IP or MAC bindings 26-26
bindings 26-26
configuration 26-26
enabling 26-19, 26-20
filtering
source IP address 26-17
source IP and MAC address 26-17
source IP address filtering 26-17
source IP and MAC address filtering 26-17
static bindings
adding 26-19, 26-20
deleting 26-20
static hosts 26-20
IP traceroute
executing 53-13
overview 53-13
IP unicast routing
address resolution 41-8
administrative distances 41-89, 41-99
ARP 41-8
assigning IP addresses to Layer 3 interfaces 41-5
authentication keys 41-99
broadcast
address 41-15
flooding 41-16
packets 41-13
storms 41-13
classless routing 41-6
configuring static routes 41-88
default
addressing configuration 41-4
gateways 41-11
networks 41-90
routes 41-89
routing 41-2
directed broadcasts 41-13
disabling 41-18
dynamic routing 41-3
enabling 41-18
EtherChannel Layer 3 interface 41-3
IGP 41-24
inter-VLAN 41-2
IP addressing
classes 41-5
configuring 41-4
IRDP 41-11
Layer 3 interfaces 41-3
MAC address and IP address 41-8
passive interfaces 41-97
protocols
distance-vector 41-3
dynamic 41-3
link-state 41-3
proxy ARP 41-8
redistribution 41-90
reverse address resolution 41-8
routed ports 41-3
static routing 41-3
steps to configure 41-4
subnet mask 41-5
subnet zero 41-6
supernet 41-6
UDP 41-14
with SVIs 41-3
See also BGP
See also EIGRP
See also OSPF
See also RIP
IPv4 ACLs
applying to interfaces 38-19
extended, creating 38-10
named 38-14
standard, creating 38-9
IPv4 and IPv6
dual protocol stacks 42-5
IPv6
ACLs
displaying 45-8
limitations 45-2
matching criteria 45-3
port 45-1
precedence 45-2
router 45-1
supported 45-2
addresses 42-2
address formats 42-2
applications 42-5
assigning address 42-10
autoconfiguration 42-4
CEFv6 42-18
configuring static routes 42-19
default configuration 42-10
default router preference (DRP) 42-4
defined 42-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 42-7
EIGRP IPv6 Commands 42-7
Router ID 42-7
feature limitations 42-9
features not supported 42-8
forwarding 42-10
ICMP 42-4
monitoring 42-26
neighbor discovery 42-4
OSPF 42-7
path MTU discovery 42-4
SDM templates 10-2, 44-1, 45-1
Stateless Autoconfiguration 42-4
supported features 42-2
switch limitations 42-9
understanding static routes 42-6
IPv6 traffic, filtering 45-3
IRDP
configuring 41-12
definition 41-11
support for 1-12
IS-IS
addresses 41-62
area routing 41-62
default configuration 41-63
monitoring 41-71
show commands 41-71
system routing 41-62
ISO CLNS
clear commands 41-71
dynamic routing protocols 41-62
monitoring 41-71
NETs 41-62
NSAPs 41-62
OSI standard 41-62
ISO IGRP
area routing 41-62
system routing 41-62
isolated port 19-2
isolated VLANs 19-2, 19-3
J
join messages, IGMP 28-3
K
KDC
described 11-41
See also Kerberos
Kerberos
authenticating to
boundary switch 11-43
KDC 11-43
network services 11-44
configuration examples 11-40
configuring 11-44
credentials 11-41
cryptographic software image 11-40
described 11-41
KDC 11-41
operation 11-43
realm 11-42
server 11-42
support for 1-10
switch as trusted third party 11-40
terms 11-41
TGT 11-42
tickets 11-41
key distribution center
See KDC
L
l2protocol-tunnel command 20-12
LACP
Layer 2 protocol tunneling 20-9
See EtherChannel
Layer 2 frames, classification with CoS 39-2
Layer 2 interfaces, default configuration 14-17
Layer 2 protocol tunneling
configuring 20-10
configuring for EtherChannels 20-14
default configuration 20-11
defined 20-8
guidelines 20-11
Layer 2 traceroute
and ARP 53-12
and CDP 53-11
broadcast traffic 53-11
described 53-11
IP addresses and subnets 53-12
MAC addresses and VLANs 53-12
multicast traffic 53-12
multiple devices on a port 53-12
unicast traffic 53-11
usage guidelines 53-11
Layer 3 features 1-12
Layer 3 interfaces
assigning IP addresses to 41-5
assigning IPv4 and IPv6 addresses to 42-14
assigning IPv6 addresses to 42-11
changing from Layer 2 mode 41-5, 41-79
types of 41-3
Layer 3 packets, classification methods 39-2
LDAP 5-2
Leaking IGMP Reports 25-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-3
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 22-7
link fault alarm 3-3
link integrity, verifying with REP 24-3
Link Layer Discovery Protocol
See CDP
link local unicast addresses 42-3
link redundancy
See Flex Links
links, unidirectional 33-1
link state advertisements (LSAs) 41-29
link-state protocols 41-3
link-state tracking
configuring 40-23
described 40-21
LLDP
configuring 31-4
characteristics 31-5
default configuration 31-4
enabling 31-5
monitoring and maintaining 31-10
overview 31-1
supported TLVs 31-1
switch stack considerations 31-2
transmission timer and holdtime, setting 31-5
LLDP-MED
configuring
procedures 31-4
TLVs 31-6
monitoring and maintaining 31-10
overview 31-1, 31-2
supported TLVs 31-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing 46-4
local SPAN 30-2
location TLV 31-2, 31-6
logging messages, ACL 38-8
login authentication
with RADIUS 11-30
with TACACS+ 11-14
login banners 7-10
log messages
See system message logging
loop guard
described 23-9
enabling 23-15
support for 1-7
LRE profiles, considerations in switch clusters 6-14
M
MAB
See MAC authentication bypass
MAB aging timer 1-8
MAB inactivity timer
default setting 12-33
range 12-36
MAC/PHY configuration status TLV 31-2
MAC addresses
aging time 7-14
and VLAN association 7-13
building the address table 7-13
default configuration 7-14
disabling learning on a VLAN 7-22
discovering 7-23
displaying 7-23
displaying in the IP source binding table 26-26
dynamic
learning 7-13
removing 7-15
in ACLs 38-27
IP address association 41-8
static
adding 7-20
allowing 7-21, 7-22
characteristics of 7-19
dropping 7-21
removing 7-20
MAC address learning 1-5
MAC address learning, disabling on a VLAN 7-22
MAC address notification, support for 1-14
MAC address-table move update
configuration guidelines 25-8
configuring 25-12
default configuration 25-8
description 25-6
monitoring 25-14
MAC address-to-VLAN mapping 16-24
MAC authentication bypass 12-35
configuring 12-55
overview 12-16
See MAB
MAC extended access lists
applying to Layer 2 interfaces 38-28
configuring for QoS 39-45
creating 38-27
defined 38-27
for QoS classification 39-5
magic packet 12-25
manageability features 1-4
management access
in-band
browser session 1-5
CLI session 1-5
device manager 1-5
SNMP 1-5
out-of-band console port connection 1-5
management address TLV 31-2
management options
CLI 2-1
clustering 1-2
CNS 5-1
overview 1-4
management VLAN
considerations in switch clusters 6-7
discovery through different management VLANs 6-7
manual preemption, REP, configuring 24-13
mapping tables for QoS
configuring
CoS-to-DSCP 39-61
DSCP 39-60
DSCP-to-CoS 39-64
DSCP-to-DSCP-mutation 39-65
IP-precedence-to-DSCP 39-62
policed-DSCP 39-63
described 39-12
marking
action with aggregate policers 39-58
described 39-4, 39-8
matching
IPv6 ACLs 45-3
matching, IPv4 ACLs 38-7
maximum aging time
MSTP 22-23
STP 21-21
maximum hop count, MSTP 22-24
maximum number of allowed devices, port-based authentication 12-36
maximum-paths command 41-49, 41-88
MDA
configuration guidelines 12-12 to 12-13
described 1-9, 12-12
exceptions with authentication process 12-5
membership mode, VLAN port 16-3
member switch
automatic discovery 6-4
defined 6-1
managing 6-14
passwords 6-13
recovering from lost connectivity 53-7
requirements 6-3
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 7-10
metrics, in BGP 41-49
metric translations, between routing protocols 41-93
metro tags 20-2
MHSRP 46-4
MIBs
overview 36-1
SNMP interaction with 36-4
mirroring traffic for analysis 30-1
mismatches, autonegotiation 53-8
module number 14-12
monitoring
access groups 38-41
alarms 3-13
BGP 41-61
cables for unidirectional links 33-1
CDP 32-5
CEF 41-87
EIGRP 41-40
fallback bridging 52-10
features 1-13
Flex Links 25-14
HSRP 46-13
IEEE 802.1Q tunneling 20-17
IGMP
filters 28-28
snooping 28-15, 44-11
interfaces 14-32
IP
address tables 41-17
multicast routing 50-60
routes 41-100
IP SLAs operations 47-13
IPv4 ACL configuration 38-41
IPv6 42-26
IPv6 ACL configuration 45-8
IS-IS 41-71
ISO CLNS 41-71
Layer 2 protocol tunneling 20-17
MAC address-table move update 25-14
MSDP peers 51-18
multicast router interfaces 28-16, 44-11
multi-VRF CE 41-86
MVR 28-23
network traffic for analysis with probe 30-2
object tracking 48-12
OSPF 41-32
port
blocking 29-21
protection 29-21
private VLANs 19-14
PROFINET 9-5
PTP 8-4
REP 24-13
RP mapping information 50-33
SFP status 14-32, 53-9
source-active messages 51-18
speed and duplex mode 14-21
SSM mapping 50-21
traffic flowing among switches 34-1
traffic suppression 29-20
tunneling 20-17
VLAN
filters 38-41
maps 38-41
VLANs 16-14
VMPS 16-29
VTP 17-16
mrouter Port 25-3
mrouter port 25-5
MSDP
benefits of 51-3
clearing MSDP connections and statistics 51-18
controlling source information
forwarded by switch 51-11
originated by switch 51-8
received by switch 51-13
default configuration 51-4
dense-mode regions
sending SA messages to 51-16
specifying the originating address 51-17
filtering
incoming SA messages 51-14
SA messages to a peer 51-12
SA requests from a peer 51-10
join latency, defined 51-6
meshed groups
configuring 51-15
defined 51-15
originating address, changing 51-17
overview 51-1
peer-RPF flooding 51-2
peers
configuring a default 51-4
monitoring 51-18
peering relationship, overview 51-1
requesting source information from 51-8
shutting down 51-15
source-active messages
caching 51-6
clearing cache entries 51-18
defined 51-2
filtering from a peer 51-10
filtering incoming 51-14
filtering to a peer 51-12
limiting data with TTL 51-13
monitoring 51-18
restricting advertised sources 51-9
support for 1-13
MSTP
boundary ports
configuration guidelines 22-15
described 22-6
BPDU filtering
described 23-3
enabling 23-12
BPDU guard
described 23-2
enabling 23-11
CIST, described 22-3
CIST regional root 22-3
CIST root 22-5
configuration guidelines 22-14, 23-10
configuring
forward-delay time 22-23
hello time 22-22
link type for rapid convergence 22-24
maximum aging time 22-23
maximum hop count 22-24
MST region 22-15
neighbor type 22-25
path cost 22-20
port priority 22-19
root switch 22-17
secondary root switch 22-18
switch priority 22-21
CST
defined 22-3
operations between regions 22-3
default configuration 22-14
default optional feature configuration 23-9
displaying status 22-26
enabling the mode 22-15
EtherChannel guard
described 23-7
enabling 23-14
extended system ID
effects on root switch 22-17
effects on secondary root switch 22-18
unexpected behavior 22-17
IEEE 802.1s
implementation 22-6
port role naming change 22-6
terminology 22-5
instances supported 21-9
interface state, blocking to forwarding 23-2
interoperability and compatibility among modes 21-10
interoperability with IEEE 802.1D
described 22-8
restarting migration process 22-25
IST
defined 22-2
master 22-3
operations within a region 22-3
loop guard
described 23-9
enabling 23-15
mapping VLANs to MST instance 22-16
MST region
CIST 22-3
configuring 22-15
described 22-2
hop-count mechanism 22-5
IST 22-2
supported spanning-tree instances 22-2
optional features supported 1-7
overview 22-2
Port Fast
described 23-2
enabling 23-10
preventing root switch selection 23-8
root guard
described 23-8
enabling 23-15
root switch
configuring 22-17
effects of extended system ID 22-17
unexpected behavior 22-17
shutdown Port Fast-enabled port 23-2
status, displaying 22-26
multiauth
support for inaccessible authentication bypass 12-23
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 28-5
joining 28-3
leaving 28-5
static joins 28-10, 44-7
multicast packets
ACLs on 38-40
blocking 29-8
multicast router interfaces, monitoring 28-16, 44-11
multicast router ports, adding 28-9, 44-8
Multicast Source Discovery Protocol
See MSDP
multicast storm 29-1
multicast storm-control command 29-4
multicast television application 28-17
multicast VLAN 28-17
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multioperations scheduling, IP SLAs 47-5
multiple authentication 12-13
multiple authentication mode
configuring 12-42
Multiple HSRP
See MHSRP
multiple VPN routing/forwarding in customer edge devices
See multi-VRF CE
multi-VRF CE
configuration example 41-82
configuration guidelines 41-74
configuring 41-74
default configuration 41-74
defined 41-72
displaying 41-86
monitoring 41-86
network components 41-74
packet-forwarding process 41-73
support for 1-12
MVR
and address aliasing 28-20
and IGMPv3 28-20
configuration guidelines 28-19
configuring interfaces 28-21
default configuration 28-19
described 28-17
example application 28-17
modes 28-20
monitoring 28-23
multicast television application 28-17
setting global parameters 28-20
support for 1-3
N
NAC
AAA down policy 1-10
critical authentication 12-23, 12-51
IEEE 802.1x authentication using a RADIUS server 12-56
IEEE 802.1x validation using RADIUS server 12-56
inaccessible authentication bypass 1-10, 12-51
Layer 2 IEEE 802.1x validation 1-10, 12-28, 12-56
Layer 2 IP validation 1-10
named IPv4 ACLs 38-14
NameSpace Mapper
See NSM
native VLAN
and IEEE 802.1Q tunneling 20-4
configuring 16-20
default 16-20
NEAT
configuring 12-57
overview 12-29
neighbor discovery, IPv6 42-4
neighbor discovery/recovery, EIGRP 41-34
neighbor offset numbers, REP 24-4
neighbors, BGP 41-55
Network Admission Control
NAC
Network Assistant
benefits 1-2
described 1-4
upgrading a switch A-22
network configuration examples
increasing network performance 1-17
providing network services 1-18
network design
performance 1-17
services 1-18
Network Edge Access Topology
See NEAT
network management
CDP 32-1
RMON 34-1
SNMP 36-1
network performance, measuring with IP SLAs 47-3
network policy TLV 31-2, 31-6
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
configuration guidelines 39-33
described 39-9
non-IP traffic filtering 38-27
nontrunking mode 16-15
normal-range VLANs 16-4
configuration guidelines 16-6
configuring 16-4
defined 16-1
no switchport command 14-4
not-so-stubby areas
See NSSA
NSAPs, as ISO IGRP addresses 41-62
NSF Awareness
IS-IS 41-64
NSM 5-3
NSSA, OSPF 41-29
NTP
associations
defined 7-2
overview 7-2
stratum 7-2
support for 1-5
time
services 7-2
synchronizing 7-2
O
object tracking
HSRP 48-7
IP SLAs 48-9
IP SLAs, configuring 48-9
monitoring 48-12
off mode, VTP 17-3
open1x
configuring 12-62
open1x authentication
overview 12-29
Open Shortest Path First
See OSPF
optimizing system resources 10-1
options, management 1-4
OSPF
area parameters, configuring 41-28
configuring 41-26
default configuration
metrics 41-30
route 41-30
settings 41-25
described 41-23
for IPv6 42-7
interface parameters, configuring 41-27
LSA group pacing 41-31
monitoring 41-32
router IDs 41-32
route summarization 41-30
support for 1-12
virtual links 41-30
out-of-profile markdown 1-11
P
packet modification, with QoS 39-19
PAgP
Layer 2 protocol tunneling 20-9
See EtherChannel
parallel paths, in routing tables 41-88
passive interfaces
configuring 41-97
OSPF 41-30
passwords
default configuration 11-3
disabling recovery of 11-5
encrypting 11-4
for security 1-8
in clusters 6-13
overview 11-1
recovery of 53-3
setting
enable 11-3
enable secret 11-4
Telnet 11-6
with usernames 11-7
VTP domain 17-8
path cost
MSTP 22-20
STP 21-18
path MTU discovery 42-4
PBR
defined 41-94
enabling 41-95
fast-switched policy-based routing 41-97
local policy-based routing 41-97
PC (passive command switch) 6-10
peers, BGP 41-55
percentage thresholds in tracked lists 48-6
performance, network design 1-17
performance features 1-2
persistent self-signed certificate 11-51
per-user ACLs and Filter-Ids 12-8
per-VLAN spanning-tree plus
See PVST+
PE to CE routing, configuring 41-81
physical ports 14-2
PIM
default configuration 50-10
dense mode
overview 50-4
rendezvous point (RP), described 50-5
RPF lookups 50-8
displaying neighbors 50-61
enabling a mode 50-12
overview 50-3
router-query message interval, modifying 50-36
shared tree and source tree, overview 50-34
shortest path tree, delaying the use of 50-35
sparse mode
join messages and shared tree 50-5
overview 50-4
prune messages 50-5
RPF lookups 50-8
stub routing
configuration guidelines 50-21
displaying 50-61
enabling 50-22
overview 50-5
support for 1-13
versions
interoperability 50-10
troubleshooting interoperability problems 50-34
v2 improvements 50-4
PIM-DVMRP, as snooping method 28-8
ping
character output description 53-11
executing 53-10
overview 53-10
PoE
auto mode 14-9
CDP with power consumption, described 14-7
CDP with power negotiation, described 14-7
Cisco intelligent power management 14-7
configuring 14-24
cutoff power
determining 14-10
devices supported 14-7
high-power devices operating in low-power mode 14-7
IEEE power classification levels 14-8
power budgeting 14-25
power consumption 14-10, 14-25
powered-device detection and initial power allocation 14-8
power management modes 14-9
power negotiation extensions to CDP 14-7
standards supported 14-7
static mode 14-9
total available power 14-11
troubleshooting 53-8
PoE+ 14-7, 14-8
policed-DSCP map for QoS 39-63
policers
configuring
for each matched traffic class 39-48
for more than one traffic class 39-58
described 39-4
displaying 39-78
number of 39-34
types of 39-9
policing
described 39-4
hierarchical
See hierarchical policy maps
token-bucket algorithm 39-9
policy-based routing
See PBR
policy maps for QoS
characteristics of 39-48
described 39-7
displaying 39-78
hierarchical 39-8
hierarchical on SVIs
configuration guidelines 39-33
configuring 39-52
described 39-11
nonhierarchical on physical ports
configuration guidelines 39-33
described 39-9
port ACLs
defined 38-2
types of 38-3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 12-14
authentication server
defined 12-3, 13-2
RADIUS server 12-3
client, defined 12-3, 13-2
configuration guidelines 12-34, 13-9
configuring
802.1x authentication 12-39
guest VLAN 12-49
host mode 12-42
inaccessible authentication bypass 12-51
manual re-authentication of a client 12-44
periodic re-authentication 12-43
quiet period 12-44
RADIUS server 12-42, 13-13
RADIUS server parameters on the switch 12-41, 13-11
restricted VLAN 12-50
switch-to-client frame-retransmission number 12-45, 12-46
switch-to-client retransmission time 12-45
violation modes 12-38 to 12-39
default configuration 12-33, 13-9
described 12-1
device roles 12-2, 13-2
displaying statistics 12-64, 13-17
downloadable ACLs and redirect URLs
configuring 12-59 to 12-61, ?? to 12-61
overview 12-18 to 12-20
EAPOL-start frame 12-5
EAP-request/identity frame 12-5
EAP-response/identity frame 12-5
enabling
802.1X authentication 13-11
encapsulation 12-3
flexible authentication ordering
configuring 12-62
overview 12-28
guest VLAN
configuration guidelines 12-22, 12-23
described 12-21
host mode 12-11
inaccessible authentication bypass
configuring 12-51
described 12-23
guidelines 12-35
initiation and message exchange 12-5
magic packet 12-25
maximum number of allowed devices per port 12-36
method lists 12-39
multiple authentication 12-13
per-user ACLs
AAA authorization 12-39
configuration tasks 12-18
described 12-17
RADIUS server attributes 12-18
ports
authorization state and dot1x port-control command 12-10
authorized and unauthorized 12-10
voice VLAN 12-24
port security
described 12-25
readiness check
configuring 12-36
described 12-16, 12-36
resetting to default values 12-64
statistics, displaying 12-64
switch
as proxy 12-3, 13-2
RADIUS client 12-3
switch supplicant
configuring 12-57
overview 12-29
user distribution
guidelines 12-27
overview 12-27
VLAN assignment
AAA authorization 12-39
characteristics 12-16
configuration tasks 12-17
described 12-16
voice aware 802.1x security
configuring 12-37
described 12-29, 12-37
voice VLAN
described 12-24
PVID 12-24
VVID 12-24
wake-on-LAN, described 12-25
with ACLs and RADIUS Filter-Id attribute 12-31
port-based authentication methods, supported 12-7
port blocking 1-3, 29-7
port-channel
See EtherChannel
port description TLV 31-1
Port Fast
described 23-2
enabling 23-10
mode, spanning tree 16-26
support for 1-7
port membership modes, VLAN 16-3
port not forwarding alarm 3-3
port not operating alarm 3-3
port priority
MSTP 22-19
STP 21-17
ports
access 14-3
blocking 29-7
dual-purpose uplink 14-6
dynamic access 16-3
IEEE 802.1Q tunnel 16-4
protected 29-6
REP 24-6
routed 14-4
secure 29-8
static-access 16-3, 16-9
switch 14-2
trunks 16-3, 16-14
VLAN assignments 16-9
port security
aging 29-17
and private VLANs 29-18
and QoS trusted boundary 39-38
configuring 29-13
default configuration 29-11
described 29-8
displaying 29-21
enabling 29-18
on trunk ports 29-14
sticky learning 29-9
violations 29-10
with other features 29-11
port-shutdown response, VMPS 16-25
port status monitoring alarms
FCS bit error rate alarm 3-3
link fault alarm 3-3
port not forwarding alarm 3-3
port not operating alarm 3-3
port VLAN ID TLV 31-2
power management TLV 31-2, 31-6
preempt delay time, REP 24-5
preemption, default configuration 25-7
preemption delay, default configuration 25-8
preferential treatment of traffic
See QoS
prefix lists, BGP 41-53
preventing unauthorized access 11-1
primary edge port, REP 24-4
primary interface for object tracking, DHCP, configuring 48-10
primary interface for static routing, configuring 48-10
primary links 25-2
primary VLANs 19-1, 19-3
priority
HSRP 46-8
overriding CoS 18-6
trusting CoS 18-6
private VLAN edge ports
See protected ports
private VLANs
across multiple switches 19-4
and SDM template 19-4
and SVIs 19-5
benefits of 19-1
community ports 19-2
community VLANs 19-2, 19-3
configuration guidelines 19-6, 19-7, 19-8
configuration tasks 19-6
configuring 19-9
default configuration 19-6
end station access to 19-3
IP addressing 19-3
isolated port 19-2
isolated VLANs 19-2, 19-3
mapping 19-13
monitoring 19-14
ports
community 19-2
configuration guidelines 19-8
configuring host ports 19-11
configuring promiscuous ports 19-12
described 16-4
isolated 19-2
promiscuous 19-2
primary VLANs 19-1, 19-3
promiscuous ports 19-2
secondary VLANs 19-2
subdomains 19-1
traffic in 19-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 11-9
command switch 6-15
exiting 11-10
logging into 11-10
mapping on member switches 6-15
overview 11-2, 11-8
setting a command with 11-8
PROFINET 9-1
configuring 9-4
default configuration 9-4
displaying configuration 9-5
promiscuous ports
configuring 19-12
defined 19-2
protected ports 1-8, 29-6
protocol-dependent modules, EIGRP 41-34
Protocol-Independent Multicast Protocol
See PIM
protocol storm protection 29-19
provider edge devices 41-72
proxy ARP
configuring 41-10
definition 41-8
with IP routing disabled 41-11
proxy reports 25-3
pruning, VTP
disabling
in VTP domain 17-14
on a port 16-20
enabling
in VTP domain 17-14
on a port 16-19
examples 17-6
overview 17-5
pruning-eligible list
changing 16-19
for VTP pruning 17-5
VLANs 17-14
PTP
configuring 8-3
default configuration 8-2
displaying configuration 8-4
PVST+
described 21-9
IEEE 802.1Q trunking interoperability 21-10
instances supported 21-9
Q
QoS
and MQC commands 39-1
auto-QoS
categorizing traffic 39-20
configuration and defaults display 39-29
configuration guidelines 39-25
described 39-20
disabling 39-27
displaying generated commands 39-27
displaying the initial configuration 39-29
effects on running configuration 39-25
egress queue defaults 39-21
enabling for VoIP 39-26
example configuration 39-28
ingress queue defaults 39-21
list of generated commands 39-22
basic model 39-4
classification
class maps, described 39-7
defined 39-4
DSCP transparency, described 39-40
flowchart 39-6
forwarding treatment 39-3
in frames and packets 39-3
IP ACLs, described 39-5, 39-7
MAC ACLs, described 39-5, 39-7
options for IP traffic 39-5
options for non-IP traffic 39-5
policy maps, described 39-7
trust DSCP, described 39-5
trusted CoS, described 39-5
trust IP precedence, described 39-5
class maps
configuring 39-46
displaying 39-78
configuration guidelines
auto-QoS 39-25
standard QoS 39-33
configuring
aggregate policers 39-58
auto-QoS 39-20
default port CoS value 39-38
DSCP maps 39-60
DSCP transparency 39-40
DSCP trust states bordering another domain 39-40
egress queue characteristics 39-70
ingress queue characteristics 39-66
IP extended ACLs 39-44
IP standard ACLs 39-43
MAC ACLs 39-45
policy maps, hierarchical 39-52
port trust states within the domain 39-36
trusted boundary 39-38
default auto configuration 39-20
default standard configuration 39-30
displaying statistics 39-78
DSCP transparency 39-40
egress queues
allocating buffer space 39-71
buffer allocation scheme, described 39-17
configuring shaped weights for SRR 39-74
configuring shared weights for SRR 39-75
described 39-4
displaying the threshold map 39-74
flowchart 39-17
mapping DSCP or CoS values 39-73
scheduling, described 39-4
setting WTD thresholds 39-71
WTD, described 39-18
enabling globally 39-35
flowcharts
classification 39-6
egress queueing and scheduling 39-17
ingress queueing and scheduling 39-15
policing and marking 39-10
implicit deny 39-7
ingress queues
allocating bandwidth 39-68
allocating buffer space 39-68
buffer and bandwidth allocation, described 39-16
configuring shared weights for SRR 39-68
configuring the priority queue 39-69
described 39-4
displaying the threshold map 39-67
flowchart 39-15
mapping DSCP or CoS values 39-67
priority queue, described 39-16
scheduling, described 39-4
setting WTD thresholds 39-67
WTD, described 39-16
IP phones
automatic classification and queueing 39-20
detection and trusted settings 39-20, 39-38
limiting bandwidth on egress interface 39-77
mapping tables
CoS-to-DSCP 39-61
displaying 39-78
DSCP-to-CoS 39-64
DSCP-to-DSCP-mutation 39-65
IP-precedence-to-DSCP 39-62
policed-DSCP 39-63
types of 39-12
marked-down actions 39-50, 39-55
marking, described 39-4, 39-8
overview 39-1
packet modification 39-19
policers
configuring 39-50, 39-55, 39-59
described 39-8
displaying 39-78
number of 39-34
types of 39-9
policies, attaching to an interface 39-8
policing
described 39-4, 39-8
token bucket algorithm 39-9
policy maps
characteristics of 39-48
displaying 39-78
hierarchical 39-8
hierarchical on SVIs 39-52
nonhierarchical on physical ports 39-48
QoS label, defined 39-4
queues
configuring egress characteristics 39-70
configuring ingress characteristics 39-66
high priority (expedite) 39-19, 39-76
location of 39-13
SRR, described 39-14
WTD, described 39-13
rewrites 39-19
support for 1-11
trust states
bordering another domain 39-40
described 39-5
trusted device 39-38
within the domain 39-36
quality of service
See QoS
queries, IGMP 28-4
query solicitation, IGMP 28-13
R
RADIUS
attributes
vendor-proprietary 11-38
vendor-specific 11-36
configuring
accounting 11-35
authentication 11-30
authorization 11-34
communication, global 11-28, 11-36
communication, per-server 11-28
multiple UDP ports 11-28
default configuration 11-27
defining AAA server groups 11-32
displaying the configuration 11-40
identifying the server 11-28
in clusters 6-14
limiting the services to the user 11-34
method list, defined 11-27
operation of 11-20
overview 11-18
server load balancing 11-40
suggested network environments 11-19
support for 1-10
tracking services accessed by user 11-35
RADIUS Change of Authorization 11-20
range
macro 14-15
of interfaces 14-14
rapid convergence 22-9
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 21-9
IEEE 802.1Q trunking interoperability 21-10
instances supported 21-9
Rapid Spanning Tree Protocol
See RSTP
RARP 41-8
rcommand command 6-14
RCP
configuration files
downloading A-16
overview A-14
preparing the server A-15
uploading A-17
image files
deleting old image A-33
downloading A-32
preparing the server A-31
uploading A-33
reachability, tracking IP SLAs IP host 48-9
readiness check
port-based authentication
configuring 12-36
described 12-16, 12-36
reconfirmation interval, VMPS, changing 16-28
reconfirming dynamic VLAN membership 16-28
recovery procedures 53-1
redirect URL 12-18, 12-20, 12-59
redundancy
EtherChannel 40-3
HSRP 46-1
STP
backbone 21-8
path cost 16-23
port priority 16-21
redundant links and UplinkFast 23-13
reliable transport protocol, EIGRP 41-34
reloading software 4-21
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 30-2
REP
administrative VLAN 24-8
administrative VLAN, configuring 24-8
age timer 24-8
and STP 24-6
configuration guidelines 24-7
configuring interfaces 24-9
convergence 24-4
default configuration 24-7
manual preemption, configuring 24-13
monitoring 24-13
neighbor offset numbers 24-4
open segment 24-2
ports 24-6
preempt delay time 24-5
primary edge port 24-4
ring segment 24-2
secondary edge port 24-4
segments 24-1
characteristics 24-2
SNMP traps, configuring 24-13
supported interfaces 24-1
triggering VLAN load balancing 24-5
verifying link integrity 24-3
VLAN blocking 24-12
VLAN load balancing 24-4
report suppression, IGMP
described 28-6
disabling 28-15, 44-11
resequencing ACL entries 38-14
reserved addresses in DHCP pools 26-27
resets, in BGP 41-48
resetting a UDLD-shutdown interface 33-6
Resilient Ethernet Protocol
See REP
responder, IP SLAs
described 47-4
enabling 47-8
response time, measuring with IP SLAs 47-4
restricted VLAN
configuring 12-50
described 12-22
using with IEEE 802.1x 12-22
restricting access
overview 11-1
passwords and privilege levels 11-2
RADIUS 11-18
TACACS+ 11-10
retry count, VMPS, changing 16-29
reverse address resolution 41-8
Reverse Address Resolution Protocol
See RARP
RFC
1058, RIP 41-18
1112, IP multicast and IGMP 28-2
1157, SNMPv1 36-2
1163, BGP 41-41
1166, IP addresses 41-5
1253, OSPF 41-24
1267, BGP 41-41
1305, NTP 7-2
1587, NSSAs 41-24
1757, RMON 34-2
1771, BGP 41-41
1901, SNMPv2C 36-2
1902 to 1907, SNMPv2 36-2
2236, IP multicast and IGMP 28-2
2273-2275, SNMPv3 36-2
RFC 5176 Compliance 11-21
RIP
advertisements 41-18
authentication 41-21
configuring 41-20
default configuration 41-19
described 41-18
for IPv6 42-6
hop counts 41-19
split horizon 41-22
summary addresses 41-22
support for 1-12
RMON
default configuration 34-3
displaying status 34-6
enabling alarms and events 34-3
groups supported 34-2
overview 34-1
statistics
collecting group Ethernet 34-5
collecting group history 34-5
support for 1-14
root guard
described 23-8
enabling 23-15
support for 1-7
root switch
MSTP 22-17
STP 21-14
route calculation timers, OSPF 41-30
route dampening, BGP 41-60
routed packets, ACLs on 38-39
routed ports
configuring 41-3
defined 14-4
in switch clusters 6-8
IP addresses on 14-28, 41-4
route-map command 41-96
route maps
BGP 41-51
policy-based routing 41-94
router ACLs
defined 38-2
types of 38-4
route reflectors, BGP 41-59
router ID, OSPF 41-32
route selection, BGP 41-49
route summarization, OSPF 41-30
route targets, VPN 41-74
routing
default 41-2
dynamic 41-3
redistribution of information 41-90
static 41-3
routing domain confederation, BGP 41-58
Routing Information Protocol
See RIP
routing protocol administrative distances 41-89
RSPAN
characteristics 30-8
configuration guidelines 30-15
default configuration 30-9
defined 30-2
destination ports 30-7
displaying status 30-22
interaction with other features 30-8
monitored ports 30-5
monitoring ports 30-7
overview 1-14, 30-1
received traffic 30-4
sessions
creating 30-16
defined 30-3
limiting source traffic to specific VLANs 30-21
specifying monitored ports 30-16
with ingress traffic enabled 30-19
source ports 30-5
transmitted traffic 30-5
VLAN-based 30-6
RSTP
active topology 22-9
BPDU
format 22-12
processing 22-12
designated port, defined 22-9
designated switch, defined 22-9
interoperability with IEEE 802.1D
described 22-8
restarting migration process 22-25
topology changes 22-13
overview 22-8
port roles
described 22-9
synchronized 22-11
proposal-agreement handshake process 22-10
rapid convergence
described 22-9
edge ports and Port Fast 22-9
point-to-point links 22-10, 22-24
root ports 22-10
root port, defined 22-9
See also MSTP
running configuration
replacing A-18, A-19
rolling back A-18, A-19
running configuration, saving 4-15
S
SC (standby command switch) 6-10
scheduled reloads 4-21
scheduling, IP SLAs operations 47-5
SCP
and SSH 11-56
configuring 11-57
SDM
templates
configuring 10-4
number of 10-1
SDM template 45-3
configuration guidelines 10-3
configuring 10-3
dual IPv4 and IPv6 10-2
types of 10-1
secondary edge port, REP 24-4
secondary VLANs 19-2
Secure Copy Protocol
secure HTTP client
configuring 11-55
displaying 11-56
secure HTTP server
configuring 11-54
displaying 11-56
secure MAC addresses
deleting 29-16
maximum number of 29-10
types of 29-9
secure ports, configuring 29-8
secure remote connections 11-46
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 29-8
security features 1-8
See SCP
sequence numbers in log messages 35-8
server mode, VTP 17-3
service-provider network, MSTP and RSTP 22-1
service-provider networks
and customer VLANs 20-2
and IEEE 802.1Q tunneling 20-1
Layer 2 protocols across 20-8
Layer 2 protocol tunneling for EtherChannels 20-9
set-request operation 36-4
setting a secondary temperature threshold 3-7, 3-8
setting power supply alarm options 3-6
setting the FCS error hysteresis threshold 3-10
setup program
failed command switch replacement 53-6
replacing failed command switch 53-4
severity levels, defining in system messages 35-8
SFPs
monitoring status of 14-32, 53-9
security and identification 53-9
status, displaying 53-9
shaped round robin
See SRR
show access-lists hw-summary command 38-21
show alarm commands 3-13
show and more command output, filtering 2-10
show cdp traffic command 32-6
show cluster members command 6-14
show configuration command 14-27
show forward command 53-17
show interfaces command 14-21, 14-27
show interfaces switchport 25-4
show l2protocol command 20-13, 20-15
show lldp traffic command 31-10
show platform forward command 53-17
show running-config command
displaying ACLs 38-19, 38-20, 38-31, 38-34
interface description in 14-27
shutdown command on interfaces 14-33
shutdown threshold for Layer 2 protocol packets 20-11
Simple Network Management Protocol
See SNMP
small-frame arrival rate, configuring 29-5
Smartports macros
applying Cisco-default macros 15-3
applying global parameter values 15-3
configuration guidelines 15-2
default configuration 15-1
displaying 15-5
tracing 15-2
SNAP 32-1
SNMP
accessing MIB variables with 36-4
agent
described 36-4
disabling 36-7
and IP SLAs 47-2
authentication level 36-10
community strings
configuring 36-8
for cluster switches 36-4
overview 36-4
configuration examples 36-17
default configuration 36-6
engine ID 36-7
groups 36-7, 36-9
host 36-7
ifIndex values 36-5
in-band management 1-5
in clusters 6-14
informs
and trap keyword 36-11
described 36-5
differences from traps 36-5
disabling 36-15
enabling 36-15
limiting access by TFTP servers 36-16
limiting system log messages to NMS 35-10
manager functions 1-4, 36-3
managing clusters with 6-15
notifications 36-5
overview 36-1, 36-4
security levels 36-2
setting CPU threshold notification 36-15
status, displaying 36-18
system contact and location 36-16
trap manager, configuring 36-13
traps
described 36-3, 36-5
differences from informs 36-5
disabling 36-15
enabling 36-11
enabling MAC address notification 7-15, 7-17, 7-18
overview 36-1, 36-4
types of 36-12
users 36-7, 36-9
versions supported 36-2
SNMP and Syslog Over IPv6 42-8
SNMP traps
REP 24-13
SNMPv1 36-2
SNMPv2C 36-2
SNMPv3 36-2
snooping, IGMP 28-2
software images
location in flash A-22
recovery procedures 53-2
scheduling reloads 4-21
tar file format, described A-22
See also downloading and uploading
source addresses
in IPv4 ACLs 38-11
in IPv6 ACLs 45-5
source-and-destination-IP address based forwarding, EtherChannel 40-8
source-and-destination MAC address forwarding, EtherChannel 40-8
source-IP address based forwarding, EtherChannel 40-8
source-MAC address forwarding, EtherChannel 40-7
Source-specific multicast
See SSM
SPAN
configuration guidelines 30-10
default configuration 30-9
destination ports 30-7
displaying status 30-22
interaction with other features 30-8
monitored ports 30-5
monitoring ports 30-7
overview 1-14, 30-1
ports, restrictions 29-12
received traffic 30-4
sessions
configuring ingress forwarding 30-14, 30-20
creating 30-11
defined 30-3
limiting source traffic to specific VLANs 30-14
removing destination (monitoring) ports 30-12
specifying monitored ports 30-11
with ingress traffic enabled 30-13
source ports 30-5
transmitted traffic 30-5
VLAN-based 30-6
spanning tree and native VLANs 16-16
Spanning Tree Protocol
See STP
SPAN traffic 30-4
split horizon, RIP 41-22
SRR
configuring
shaped weights on egress queues 39-74
shared weights on egress queues 39-75
shared weights on ingress queues 39-68
described 39-14
shaped mode 39-14
shared mode 39-14
support for 1-12
SSH
configuring 11-47
cryptographic software image 11-45
described 1-5, 11-46
encryption methods 11-46
user authentication methods, supported 11-46
SSL
configuration guidelines 11-53
configuring a secure HTTP client 11-55
configuring a secure HTTP server 11-54
cryptographic software image 11-50
described 11-50
monitoring 11-56
SSM
address management restrictions 50-15
CGMP limitations 50-15
components 50-13
configuration guidelines 50-15
configuring 50-13, 50-16
differs from Internet standard multicast 50-13
IGMP snooping 50-15
IGMPv3 50-13
IGMPv3 Host Signalling 50-14
IP address range 50-14
monitoring 50-16
operations 50-14
PIM 50-13
state maintenance limitations 50-15
SSM mapping 50-16
configuration guidelines 50-16
configuring 50-16, 50-19
DNS-based 50-18, 50-19
monitoring 50-21
overview 50-17
restrictions 50-17
static 50-17, 50-19
static traffic forwarding 50-20
standby command switch
configuring
considerations 6-11
defined 6-2
priority 6-10
requirements 6-3
virtual IP address 6-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby ip command 46-6
standby links 25-2
standby router 46-1
standby timers, HSRP 46-11
startup configuration
booting
manually 4-18
specific image 4-19
clearing A-18
configuration file
automatically downloading 4-17
specifying the filename 4-17
default boot configuration 4-17
static access ports
assigning to VLAN 16-9
defined 14-3, 16-3
static addresses
See addresses
static IP routing 1-12
static MAC addressing 1-8
static route primary interface,configuring 48-10
static routes
configuring 41-88
configuring for IPv6 42-19
understanding 42-6
static routing 41-3
static routing support, enhanced object tracking 48-10
static SSM mapping 50-17, 50-19
static traffic forwarding 50-20
static VLAN membership 16-2
statistics
802.1X 13-17
802.1x 12-64
CDP 32-5
interface 14-32
IP multicast routing 50-61
LLDP 31-10
LLDP-MED 31-10
NMSP 31-10
OSPF 41-32
QoS ingress and egress 39-78
RMON group Ethernet 34-5
RMON group history 34-5
SNMP input and output 36-18
VTP 17-16
sticky learning 29-9
storm control
configuring 29-3
described 29-1
disabling 29-5
displaying 29-21
support for 1-3
thresholds 29-1
STP
accelerating root port selection 23-4
and REP 24-6
BackboneFast
described 23-5
disabling 23-14
enabling 23-13
BPDU filtering
described 23-3
disabling 23-12
enabling 23-12
BPDU guard
described 23-2
disabling 23-12
enabling 23-11
BPDU message exchange 21-3
configuration guidelines 21-12, 23-10
configuring
forward-delay time 21-21
hello time 21-20
maximum aging time 21-21
path cost 21-18
port priority 21-17
root switch 21-14
secondary root switch 21-16
spanning-tree mode 21-13
switch priority 21-19
transmit hold-count 21-22
counters, clearing 21-22
default configuration 21-11
default optional feature configuration 23-9
designated port, defined 21-3
designated switch, defined 21-3
detecting indirect link failures 23-5
disabling 21-14
displaying status 21-22
EtherChannel guard
described 23-7
disabling 23-14
enabling 23-14
extended system ID
effects on root switch 21-14
effects on the secondary root switch 21-16
overview 21-4
unexpected behavior 21-15
features supported 1-6
IEEE 802.1D and bridge ID 21-4
IEEE 802.1D and multicast addresses 21-8
IEEE 802.1t and VLAN identifier 21-4
inferior BPDU 21-3
instances supported 21-9
interface state, blocking to forwarding 23-2
interface states
blocking 21-5
disabled 21-7
forwarding 21-5, 21-6
learning 21-6
listening 21-6
overview 21-4
interoperability and compatibility among modes 21-10
Layer 2 protocol tunneling 20-7
limitations with IEEE 802.1Q trunks 21-10
load sharing
overview 16-21
using path costs 16-23
using port priorities 16-21
loop guard
described 23-9
enabling 23-15
modes supported 21-9
multicast addresses, effect of 21-8
optional features supported 1-7
overview 21-2
path costs 16-23
Port Fast
described 23-2
enabling 23-10
port priorities 16-22
preventing root switch selection 23-8
protocols supported 21-9
redundant connectivity 21-8
root guard
described 23-8
enabling 23-15
root port, defined 21-3
root switch
configuring 21-15
effects of extended system ID 21-4, 21-14
election 21-3
unexpected behavior 21-15
shutdown Port Fast-enabled port 23-2
status, displaying 21-22
superior BPDU 21-3
timers, described 21-20
UplinkFast
described 23-3
enabling 23-13
VLAN-bridge 21-10
stratum, NTP 7-2
stub areas, OSPF 41-28
stub routing, EIGRP 41-39
subdomains, private VLAN 19-1
subnet mask 41-5
subnet zero 41-6
success response, VMPS 16-25
summer time 7-6
SunNet Manager 1-4
supernet 41-6
supported port-based authentication methods 12-7
SVI autostate exclude
configuring 14-29
defined 14-5
SVI link state 14-5
SVIs
and IP unicast routing 41-3
and router ACLs 38-4
connecting VLANs 14-11
defined 14-4
routing between VLANs 16-2
switch 42-2
switch clustering technology 6-1
See also clusters, switch
switch console port 1-5
Switch Database Management
See SDM
switched packets, ACLs on 38-38
Switched Port Analyzer
See SPAN
switched ports 14-2
switchport backup interface 25-4, 25-5
switchport block multicast command 29-8
switchport block unicast command 29-8
switchport command 14-17
switchport mode dot1q-tunnel command 20-6
switchport protected command 29-7
switch priority
MSTP 22-21
STP 21-19
switch software features 1-1
switch virtual interface
See SVI
synchronization, BGP 41-45
syslog
See system message logging
system capabilities TLV 31-1
system clock
configuring
daylight saving time 7-6
manually 7-4
summer time 7-6
time zones 7-5
displaying the time and date 7-5
overview 7-1
See also NTP
system description TLV 31-1
system message logging
default configuration 35-3
defining error message severity levels 35-8
disabling 35-4
displaying the configuration 35-13
enabling 35-4
facility keywords, described 35-13
level keywords, described 35-9
limiting messages 35-10
message format 35-2
overview 35-1
sequence numbers, enabling and disabling 35-8
setting the display destination device 35-5
synchronizing log messages 35-6
syslog facility 1-14
time stamps, enabling and disabling 35-7
UNIX syslog servers
configuring the daemon 35-12
configuring the logging facility 35-12
facilities supported 35-13
system MTU
and IS-IS LSPs 41-66
system MTU and IEEE 802.1Q tunneling 20-5
system name
default configuration 7-8
default setting 7-8
manual configuration 7-8
See also DNS
system name TLV 31-1
system prompt, default setting 7-7, 7-8
system resources, optimizing 10-1
system routing
IS-IS 41-62
ISO IGRP 41-62
T
TACACS+
accounting, defined 11-11
authentication, defined 11-11
authorization, defined 11-11
configuring
accounting 11-17
authentication key 11-13
authorization 11-16
login authentication 11-14
default configuration 11-13
displaying the configuration 11-18
identifying the server 11-13
in clusters 6-14
limiting the services to the user 11-16
operation of 11-12
overview 11-10
support for 1-10
tracking services accessed by user 11-17
tagged packets
IEEE 802.1Q 20-3
Layer 2 protocol 20-7
tar files
creating A-6
displaying the contents of A-6
extracting A-7
image file format A-22
TCL script, registering and defining with embedded event manager 37-6
TDR 1-14
Telnet
accessing management interfaces 2-10
number of connections 1-5
setting a password 11-6
temperature alarms, configuring 3-7, 3-8
temporary self-signed certificate 11-51
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 11-6
TFTP
configuration files
downloading A-10
preparing the server A-10
uploading A-11
configuration files in base directory 4-7
configuring for autoconfiguration 4-7
image files
deleting A-25
downloading A-24
preparing the server A-24
uploading A-26
limiting access by servers 36-16
TFTP server 1-4
threshold, traffic level 29-2
threshold monitoring, IP SLAs 47-6
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 38-16
time ranges in ACLs 38-16
time stamps in log messages 35-7
time zones 7-5
TLVs
defined 31-1
LLDP 31-1
LLDP-MED 31-2
Token Ring VLANs
support for 16-6
VTP support 17-4
ToS 1-11
traceroute, Layer 2
and ARP 53-12
and CDP 53-11
broadcast traffic 53-11
described 53-11
IP addresses and subnets 53-12
MAC addresses and VLANs 53-12
multicast traffic 53-12
multiple devices on a port 53-12
unicast traffic 53-11
usage guidelines 53-11
traceroute command 53-13
See also IP traceroute
tracked lists
configuring 48-3
types 48-3
tracked objects
by Boolean expression 48-4
by threshold percentage 48-6
by threshold weight 48-5
tracking interface line-protocol state 48-2
tracking IP routing state 48-2
tracking objects 48-1
tracking process 48-1
track state, tracking IP SLAs 48-9
traffic
blocking flooded 29-8
fragmented 38-5
fragmented IPv6 45-2
unfragmented 38-5
traffic policing 1-11
traffic suppression 29-1
transmit hold-count
see STP
transparent mode, VTP 17-3
trap-door mechanism 4-2
traps
configuring MAC address notification 7-15, 7-17, 7-18
configuring managers 36-11
defined 36-3
enabling 7-15, 7-17, 7-18, 36-11
notification types 36-12
overview 36-1, 36-4
triggering alarm options
configurable relay 3-3
methods 3-3
SNMP traps 3-4
syslog messages 3-4
troubleshooting
connectivity problems 53-9, 53-11, 53-12
CPU utilization 53-20
detecting unidirectional links 33-1
displaying crash information 53-19
PIMv1 and PIMv2 interoperability problems 50-34
setting packet forwarding 53-17
SFP security and identification 53-9
show forward command 53-17
with CiscoWorks 36-4
with debug commands 53-15
with ping 53-10
with system message logging 35-1
with traceroute 53-13
trunk failover
See link-state tracking
trunking encapsulation 1-7
trunk ports
configuring 16-17
defined 14-3, 16-3
trunks
allowed-VLAN list 16-18
load sharing
setting STP path costs 16-23
using STP port priorities 16-21, 16-22
native VLAN for untagged traffic 16-20
parallel 16-23
pruning-eligible list 16-19
to non-DTP device 16-15
trusted boundary for QoS 39-38
trusted port states
between QoS domains 39-40
classification options 39-5
ensuring port security for IP phones 39-38
support for 1-11
within a QoS domain 39-36
trustpoints, CA 11-50
tunneling
defined 20-1
IEEE 802.1Q 20-1
Layer 2 protocol 20-8
tunnel ports
defined 16-4
described 14-3, 20-1
IEEE 802.1Q, configuring 20-6
incompatibilities with other features 20-5
twisted-pair Ethernet, detecting unidirectional links 33-1
type of service
See ToS
U
UDLD
configuration guidelines 33-4
default configuration 33-4
disabling
globally 33-5
on fiber-optic interfaces 33-5
per interface 33-5
echoing detection mechanism 33-2
enabling
globally 33-5
per interface 33-5
Layer 2 protocol tunneling 20-10
link-detection mechanism 33-1
neighbor database 33-2
overview 33-1
resetting an interface 33-6
status, displaying 33-6
support for 1-6
UDP, configuring 41-14
UDP jitter, configuring 47-9
UDP jitter operation, IP SLAs 47-9
unauthorized ports with IEEE 802.1x 12-10
unicast MAC address filtering 1-5
and adding static addresses 7-21
and broadcast MAC addresses 7-20
and CPU packets 7-20
and multicast addresses 7-20
and router MAC addresses 7-20
configuration guidelines 7-20
described 7-20
unicast storm 29-1
unicast storm control command 29-4
unicast traffic, blocking 29-8
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 35-12
facilities supported 35-13
message logging configuration 35-12
unrecognized Type-Length-Value (TLV) support 17-4
upgrading software images
See downloading
UplinkFast
described 23-3
disabling 23-13
enabling 23-13
uploading
configuration files
preparing A-10, A-12, A-15
reasons for A-8
using FTP A-14
using RCP A-17
using TFTP A-11
image files
preparing A-24, A-27, A-31
reasons for A-22
using FTP A-29
using RCP A-33
using TFTP A-26
User Datagram Protocol
See UDP
user EXEC mode 2-2
username-based authentication 11-7
V
version-dependent transparent mode 17-4
virtual IP address
cluster standby group 6-11
command switch 6-11
Virtual Private Network
See VPN
virtual router 46-1, 46-2
virtual switches and PAgP 40-5
vlan.dat file 16-5
VLAN 1, disabling on a trunk port 16-19
VLAN 1 minimization 16-18
VLAN ACLs
See VLAN maps
vlan-assignment response, VMPS 16-25
VLAN blocking, REP 24-12
VLAN configuration
at bootup 16-7
saving 16-7
VLAN configuration mode 2-2
VLAN database
and startup configuration file 16-7
and VTP 17-1
VLAN configuration saved in 16-7
VLANs saved in 16-4
vlan dot1q tag native command 20-4
VLAN filtering and SPAN 30-6
vlan global configuration command 16-7
VLAN ID, discovering 7-23
VLAN link state 14-5
VLAN load balancing
REP 24-4
VLAN load balancing, triggering 24-5
VLAN load balancing on flex links 25-2
configuration guidelines 25-8
VLAN management domain 17-2
VLAN Management Policy Server
See VMPS
VLAN map entries, order of 38-30
VLAN maps
applying 38-34
common uses for 38-34
configuration guidelines 38-30
configuring 38-29
creating 38-31
defined 38-2
denying access to a server example 38-35
denying and permitting packets 38-31
displaying 38-41
examples of ACLs and VLAN maps 38-32
removing 38-34
support for 1-8
wiring closet configuration example 38-35
VLAN membership
confirming 16-28
modes 16-3
VLAN Query Protocol
See VQP
VLANs
adding 16-8
adding to VLAN database 16-8
aging dynamic addresses 21-9
allowed on trunk 16-18
and spanning-tree instances 16-3, 16-6, 16-11
configuration guidelines, extended-range VLANs 16-11
configuration guidelines, normal-range VLANs 16-6
configuring 16-1
configuring IDs 1006 to 4094 16-11
connecting through SVIs 14-11
creating 16-8
customer numbering in service-provider networks 20-3
default configuration 16-7
deleting 16-9
described 14-2, 16-1
displaying 16-14
extended-range 16-1, 16-10
features 1-7
illustrated 16-2
internal 16-11
limiting source traffic with RSPAN 30-21
limiting source traffic with SPAN 30-14
modifying 16-8
multicast 28-17
native, configuring 16-20
normal-range 16-1, 16-4
number supported 1-7
parameters 16-5
port membership modes 16-3
static-access ports 16-9
STP and IEEE 802.1Q trunks 21-10
supported 16-2
Token Ring 16-6
traffic between 16-2
VLAN-bridge STP 21-10, 52-2
VTP modes 17-3
VLAN Trunking Protocol
See VTP
VLAN trunks 16-14
VMPS
administering 16-29
configuration example 16-30
configuration guidelines 16-26
default configuration 16-26
description 16-24
dynamic port membership
described 16-25
reconfirming 16-28
troubleshooting 16-30
entering server address 16-27
mapping MAC addresses to VLANs 16-24
monitoring 16-29
reconfirmation interval, changing 16-28
reconfirming membership 16-28
retry count, changing 16-29
voice aware 802.1x security
port-based authentication
configuring 12-37
described 12-29, 12-37
voice-over-IP 18-1
voice VLAN
Cisco 7960 phone, port connections 18-1
configuration guidelines 18-3
configuring IP phones for data traffic
override CoS of incoming frame 18-6
trust CoS priority of incoming frame 18-6
configuring ports for voice traffic in
802.1p priority tagged frames 18-5
802.1Q frames 18-4
connecting to an IP phone 18-4
default configuration 18-3
described 18-1
displaying 18-6
IP phone data traffic, described 18-2
IP phone voice traffic, described 18-2
VPN
configuring routing in 41-81
forwarding 41-74
in service provider networks 41-71
routes 41-72
VPN routing and forwarding table
See VRF
VQP 1-7, 16-24
VRF
defining 41-74
tables 41-71
VRF-aware services
ARP 41-78
configuring 41-77
ftp 41-80
HSRP 41-79
ping 41-78
SNMP 41-78
syslog 41-79
tftp 41-80
traceroute 41-80
VTP
adding a client to a domain 17-15
advertisements 16-16, 17-3
and extended-range VLANs 16-3, 17-1
and normal-range VLANs 16-2, 17-1
client mode, configuring 17-11
configuration
guidelines 17-8
requirements 17-10
saving 17-8
configuration requirements 17-10
configuration revision number
guideline 17-15
resetting 17-16
consistency checks 17-4
default configuration 17-7
described 17-1
domain names 17-8
domains 17-2
Layer 2 protocol tunneling 20-7
modes
client 17-3
off 17-3
server 17-3
transitions 17-3
transparent 17-3
monitoring 17-16
passwords 17-8
pruning
disabling 17-14
enabling 17-14
examples 17-6
overview 17-5
support for 1-7
pruning-eligible list, changing 16-19
server mode, configuring 17-10, 17-13
statistics 17-16
support for 1-7
Token Ring support 17-4
transparent mode, configuring 17-10
using 17-1
Version
enabling 17-13
version, guidelines 17-9
Version 1 17-4
Version 2
configuration guidelines 17-9
overview 17-4
Version 3
overview 17-4
W
WCCP
authentication 49-3
configuration guidelines 49-5
default configuration 49-5
described 49-1
displaying 49-9
dynamic service groups 49-3
enabling 49-6
features unsupported 49-4
forwarding method 49-3
Layer-2 header rewrite 49-3
MD5 security 49-3
message exchange 49-2
monitoring and maintaining 49-9
negotiation 49-3
packet redirection 49-3
packet-return method 49-3
redirecting traffic received from a client 49-6
setting the password 49-6
unsupported WCCPv2 features 49-4
web authentication 12-16
configuring 13-16 to ??
described 1-8
web-based authentication
customizeable web pages 13-6
description 13-1
web-based authentication, interactions with other features 13-7
Web Cache Communication Protocol
See WCCP
weighted tail drop
See WTD
weight thresholds in tracked lists 48-5
wired location service
configuring 31-8
displaying 31-10
location TLV 31-2
understanding 31-3
WTD
described 39-13
setting thresholds
egress queue-sets 39-71
ingress queues 39-67
support for 1-12
X
Xmodem protocol 53-2
Index
A
AAA down policy, NAC Layer 2 IP validation 1-10
abbreviating commands 2-4
ABRs 41-24
AC (command switch) 6-10
access-class command 38-19
access control entries
See ACEs
access control entry (ACE) 45-3
access-denied response, VMPS 16-25
access groups
applying IPv4 ACLs to interfaces 38-20
Layer 2 38-20
Layer 3 38-20
accessing
clusters, switch 6-13
command switches 6-11
member switches 6-13
switch clusters 6-13
access lists
See ACLs
access ports
and Layer 2 protocol tunneling 20-10
defined 14-3
in switch clusters 6-9
accounting
with 802.1x 12-48
with IEEE 802.1x 12-14
with RADIUS 11-35
with TACACS+ 11-11, 11-17
ACEs
and QoS 39-7
defined 38-2
Ethernet 38-2
IP 38-2
ACLs
ACEs 38-2
any keyword 38-12
applying
on bridged packets 38-38
on multicast packets 38-40
on routed packets 38-39
on switched packets 38-38
time ranges to 38-16
to an interface 38-19, 45-7
to IPv6 interfaces 45-7
to QoS 39-7
classifying traffic for QoS 39-43
comments in 38-18
compiling 38-22
defined 38-1, 38-7
examples of 38-22, 39-43
extended IP, configuring for QoS classification 39-44
extended IPv4
creating 38-10
matching criteria 38-7
hardware and software handling 38-21
host keyword 38-12
IP
creating 38-7
fragments and QoS guidelines 39-33
implicit deny 38-9, 38-14, 38-15
implicit masks 38-9
matching criteria 38-7
undefined 38-21
IPv4
applying to interfaces 38-19
creating 38-7
matching criteria 38-7
named 38-14
numbers 38-8
terminal lines, setting on 38-19
unsupported features 38-7
IPv6
applying to interfaces 45-7
configuring 45-3, 45-4
displaying 45-8
interactions with other features 45-4
limitations 45-2, 45-3
matching criteria 45-3
named 45-2
precedence of 45-2
supported 45-2
unsupported features 45-3
Layer 4 information in 38-37
logging messages 38-8
MAC extended 38-27, 39-45
matching 38-7, 38-20, 45-3
monitoring 38-41, 45-8
named, IPv4 38-14
named, IPv6 45-2
names 45-4
number per QoS class map 39-33
port 38-2, 45-1
precedence of 38-2
QoS 39-7, 39-43
resequencing entries 38-14
router 38-2, 45-1
router ACLs and VLAN map configuration guidelines 38-37
standard IP, configuring for QoS classification 39-43
standard IPv4
creating 38-9
matching criteria 38-7
support for 1-8
support in hardware 38-21
time ranges 38-16
types supported 38-2
unsupported features, IPv4 38-7
unsupported features, IPv6 45-3
using router ACLs with VLAN maps 38-36
VLAN maps
configuration guidelines 38-30
configuring 38-29
active link 25-4, 25-5, 25-6
active links 25-2
active router 46-1
active traffic monitoring, IP SLAs 47-1
address aliasing 28-2
addresses
displaying the MAC address table 7-23
dynamic
accelerated aging 21-8
changing the aging time 7-14
default aging 21-8
defined 7-12
learning 7-13
removing 7-15
IPv6 42-2
MAC, discovering 7-23
multicast
group address range 50-3
STP address management 21-8
static
adding and removing 7-19
defined 7-12
address resolution 7-23, 41-8
Address Resolution Protocol
See ARP
adjacency tables, with CEF 41-87
administrative distances
defined 41-99
OSPF 41-30
routing protocol defaults 41-89
administrative VLAN
REP, configuring 24-8
administrative VLAN, REP 24-8
advertisements
CDP 32-1
LLDP 31-1, 31-2
RIP 41-18
VTP 16-16, 17-3
age timer, REP 24-8
aggregatable global unicast addresses 42-3
aggregate addresses, BGP 41-57
aggregated ports
See EtherChannel
aggregate policers 39-58
aggregate policing 1-11
aging, accelerating 21-8
aging time
accelerated
for MSTP 22-23
for STP 21-8, 21-21
MAC address table 7-14
maximum
for MSTP 22-23, 22-24
for STP 21-21, 21-22
alarm profiles
configuring 3-12
creating or modifying 3-11
alarms
displaying 3-13
power supply 3-2
temperature 3-2
alarms, RMON 34-3
allowed-VLAN list 16-18
application engines, redirecting traffic to 49-1
area border routers
See ABRs
area routing
IS-IS 41-62
ISO IGRP 41-62
ARP
configuring 41-9
defined 1-5, 7-23, 41-8
encapsulation 41-10
static cache configuration 41-9
table
address resolution 7-23
managing 7-23
ASBRs 41-24
AS-path filters, BGP 41-52
associating the temperature alarms to a relay 3-9
asymmetrical links, and IEEE 802.1Q tunneling 20-4
attaching an alarm profile to a port 3-12
attributes, RADIUS
vendor-proprietary 11-38
vendor-specific 11-36
attribute-value pairs 12-12, 12-15, 12-20
authentication
EIGRP 41-38
HSRP 46-10
local mode with AAA 11-44
open1x 12-29
RADIUS
key 11-28
login 11-30
TACACS+
defined 11-11
key 11-13
login 11-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 12-8
authentication failed VLAN
See restricted VLAN
authentication keys, and routing protocols 41-99
authentication manager
CLI commands 12-9
compatibility with older 802.1x CLI commands 12-9 to ??
overview 12-7
authoritative time source, described 7-2
authorization
with RADIUS 11-34
with TACACS+ 11-11, 11-16
authorized ports with IEEE 802.1x 12-10
autoconfiguration 4-3
auto enablement 12-30
automatic discovery
considerations
beyond a noncandidate device 6-7
brand new switches 6-9
connectivity 6-4
different VLANs 6-6
management VLANs 6-7
non-CDP-capable devices 6-6
noncluster-capable devices 6-6
routed ports 6-8
in switch clusters 6-4
See also CDP
automatic QoS
See QoS
automatic recovery, clusters 6-10
See also HSRP
auto-MDIX
configuring 14-23
described 14-23
autonegotiation
duplex mode 1-2
interface configuration guidelines 14-20
mismatches 53-8
autonomous system boundary routers
See ASBRs
autonomous systems, in BGP 41-45
Auto-RP, described 50-6
autosensing, port speed 1-2
Auto Smartports macros
displaying 15-5
autostate exclude 14-5
auxiliary VLAN
See voice VLAN
availability, features 1-6
B
BackboneFast
described 23-5
disabling 23-14
enabling 23-13
backup interfaces
See Flex Links
backup links 25-2
backup static routing, configuring 48-11
banners
configuring
login 7-12
message-of-the-day login 7-11
default configuration 7-10
when displayed 7-10
Berkeley r-tools replacement 11-56
BGP
aggregate addresses 41-57
aggregate routes, configuring 41-57
CIDR 41-57
clear commands 41-61
community filtering 41-54
configuring neighbors 41-55
default configuration 41-43
described 41-42
enabling 41-45
monitoring 41-61
multipath support 41-49
neighbors, types of 41-45
path selection 41-49
peers, configuring 41-55
prefix filtering 41-53
resetting sessions 41-48
route dampening 41-60
route maps 41-51
route reflectors 41-59
routing domain confederation 41-58
routing session with multi-VRF CE 41-81
show commands 41-61
supernets 41-57
support for 1-12
Version 4 41-42
binding cluster group and HSRP group 46-12
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 26-7
DHCP snooping database 26-7
IP source guard 26-16
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 29-7
Boolean expressions in tracked lists 48-4
booting
boot loader, function of 4-2
boot process 4-2
manually 4-18
specific image 4-19
boot loader
accessing 4-19
described 4-2
environment variables 4-19
prompt 4-19
trap-door mechanism 4-2
bootstrap router (BSR), described 50-7
Border Gateway Protocol
See BGP
BPDU
error-disabled state 23-2
filtering 23-3
RSTP format 22-12
BPDU filtering
described 23-3
disabling 23-12
enabling 23-12
support for 1-7
BPDU guard
described 23-2
disabling 23-12
enabling 23-11
support for 1-7
bridged packets, ACLs on 38-38
bridge groups
See fallback bridging
bridge protocol data unit
See BPDU
broadcast flooding 41-16
broadcast packets
directed 41-13
flooded 41-13
broadcast storm-control command 29-4
broadcast storms 29-1, 41-13
C
cables, monitoring for unidirectional links 33-1
candidate switch
automatic discovery 6-4
defined 6-3
requirements 6-3
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility 12-8
CA trustpoint
configuring 11-53
defined 11-50
CDP
and trusted boundary 39-39
automatic discovery in switch clusters 6-4
configuring 32-2
default configuration 32-2
defined with LLDP 31-1
described 32-1
disabling for routing device 32-4
enabling and disabling
on an interface 32-4
on a switch 32-4
Layer 2 protocol tunneling 20-7
monitoring 32-5
overview 32-1
power negotiation extensions 14-7
support for 1-5
transmission timer and holdtime, setting 32-3
updates 32-3
CEF
defined 41-86
enabling 41-87
IPv6 42-18
CGMP
as IGMP snooping learning method 28-8
clearing cached group entries 50-60
enabling server support 50-43
joining multicast group 28-3
overview 50-9
server support only 50-9
switch support of 1-3
CIDR 41-57
CipherSuites 11-52
Cisco 7960 IP Phone 18-1
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco intelligent power management 14-7
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
See IFS
Cisco IOS IP SLAs 47-1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 12-20
attribute-value pairs for redirect URL 12-20
Cisco Secure ACS configuration guide 12-59
CiscoWorks 2000 1-4, 36-4
CISP 12-30
CIST regional root
See MSTP
CIST root
See MSTP
civic location 31-2
classless interdomain routing
See CIDR
classless routing 41-6
class maps for QoS
configuring 39-46
described 39-7
displaying 39-78
class of service
See CoS
clearing interfaces 14-33
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-4
editing features
enabling and disabling 2-7
keystroke editing 2-8
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
managing clusters 6-14
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client mode, VTP 17-3
client processes, tracking 48-1
CLNS
See ISO CLNS
clock
See system clock
clusters, switch
accessing 6-13
automatic discovery 6-4
automatic recovery 6-10
benefits 1-2
compatibility 6-4
described 6-1
LRE profile considerations 6-14
managing
through CLI 6-14
through SNMP 6-15
planning 6-4
planning considerations
automatic discovery 6-4
automatic recovery 6-10
CLI 6-14
host names 6-13
IP addresses 6-13
LRE profiles 6-14
passwords 6-13
RADIUS 6-14
SNMP 6-14, 6-15
TACACS+ 6-14
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
and HSRP group 46-12
automatic recovery 6-12
considerations 6-11
defined 6-2
requirements 6-3
virtual IP address 6-11
See also HSRP
CNS 1-4
Configuration Engine
configID, deviceID, hostname 5-3
configuration service 5-2
described 5-1
event service 5-3
embedded agents
described 5-5
enabling automated configuration 5-6
enabling configuration agent 5-9
enabling event agent 5-7
management functions 1-4
CoA Request Commands 11-24
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 11-8
command switch
accessing 6-11
active (AC) 6-10
configuration conflicts 53-7
defined 6-1
passive (PC) 6-10
password privilege levels 6-15
priority 6-10
recovery
from command-switch failure 6-10, 53-4
from lost member connectivity 53-7
redundant 6-10
replacing
with another switch 53-6
with cluster member 53-4
requirements 6-3
standby (SC) 6-10
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 41-54
community ports 19-2
community strings
configuring 6-14, 36-8
for cluster switches 36-4
in clusters 6-14
overview 36-4
SNMP 6-14
community VLANs 19-2, 19-3
compatibility, feature 29-12
config.text 4-17
configurable leave timer, IGMP 28-6
configuration, initial
defaults 1-14
Express Setup 1-2
configuration changes, logging 35-10
configuration conflicts, recovering from lost member connectivity 53-7
configuration examples, network 1-17
configuration files
archiving A-18
clearing the startup configuration A-18
creating using a text editor A-9
default name 4-17
deleting a stored configuration A-18
described A-8
downloading
automatically 4-17
preparing A-10, A-12, A-15
reasons for A-8
using FTP A-13
using RCP A-16
using TFTP A-10
guidelines for creating and using A-8
guidelines for replacing and rolling back A-19
invalid combinations when copying A-5
limiting TFTP server access 36-16
obtaining with DHCP 4-9
password recovery disable considerations 11-5
replacing a running configuration A-18, A-19
rolling back a running configuration A-18, A-19
specifying the filename 4-17
system contact and location information 36-16
types and location A-9
uploading
preparing A-10, A-12, A-15
reasons for A-8
using FTP A-14
using RCP A-17
using TFTP A-11
configuration guidelines
REP 24-7
configuration guidelines, multi-VRF CE 41-74
configuration logger 35-10
configuration logging 2-5
configuration replacement A-18
configuration rollback A-18
configuration settings, saving 4-15
configure terminal command 14-13
configuring 802.1x user distribution 12-55
configuring port-based authentication violation modes 12-38 to 12-39
configuring small-frame arrival rate 29-5
config-vlan mode 2-2
conflicts, configuration 53-7
connections, secure remote 11-46
connectivity problems 53-9, 53-11, 53-12
consistency checks in VTP Version 2 17-4
console port, connecting to 2-10
content-routing technology
See WCCP
control protocol, IP SLAs 47-4
convergence
REP 24-4
corrupted software, recovery steps with Xmodem 53-2
CoS
override priority 18-6
trust priority 18-6
CoS input queue threshold map for QoS 39-16
CoS output queue threshold map for QoS 39-18
CoS-to-DSCP map for QoS 39-61
counters, clearing interface 14-33
CPU utilization, troubleshooting 53-20
crashinfo file 53-19
critical authentication, IEEE 802.1x 12-51
critical VLAN 12-23
cryptographic software image
Kerberos 11-40
SSH 11-45
SSL 11-50
customer edge devices 41-72
customjzeable web pages, web-based authentication 13-6
D
DACL
See downloadable ACL
daylight saving time 7-6
debugging
enabling all system diagnostics 53-16
enabling for a specific feature 53-16
redirecting error message output 53-16
using commands 53-15
default commands 2-4
default configuration
802.1x 12-33
auto-QoS 39-20
banners 7-10
BGP 41-43
booting 4-17
CDP 32-2
DHCP 26-9
DHCP option 82 26-9
DHCP snooping 26-9
DHCP snooping binding database 26-9
DNS 7-9
dynamic ARP inspection 27-5
EIGRP 41-34
EtherChannel 40-10
Ethernet interfaces 14-17
fallback bridging 52-3
Flex Links 25-7, 25-8
HSRP 46-5
IEEE 802.1Q tunneling 20-4
IGMP 50-38
IGMP filtering 28-24
IGMP snooping 28-7, 44-5, 44-6
IGMP throttling 28-24
initial switch information 4-3
IP addressing, IP routing 41-4
IP multicast routing 50-10
IP SLAs 47-6
IP source guard 26-18
IPv6 42-10
IS-IS 41-63
Layer 2 interfaces 14-17
Layer 2 protocol tunneling 20-11
LLDP 31-4
MAC address table 7-14
MAC address-table move update 25-8
MSDP 51-4
MSTP 22-14
multi-VRF CE 41-74
MVR 28-19
optional spanning-tree configuration 23-9
OSPF 41-25
password and privilege level 11-3
PIM 50-10
private VLANs 19-6
PROFINET 9-4
PTP 8-2
RADIUS 11-27
REP 24-7
RIP 41-19
RMON 34-3
RSPAN 30-9
SDM template 10-3
SNMP 36-6
SPAN 30-9
SSL 11-52
standard QoS 39-30
STP 21-11
system message logging 35-3
system name and prompt 7-8
TACACS+ 11-13
UDLD 33-4
VLAN, Layer 2 Ethernet interfaces 16-16
VLANs 16-7
VMPS 16-26
voice VLAN 18-3
VTP 17-7
WCCP 49-5
default gateway 4-15, 41-11
default networks 41-90
default router preference
See DRP
default routes 41-89
default routing 41-2
default web-based authentication configuration
802.1X 13-9
deleting VLANs 16-9
denial-of-service attack 29-1
description command 14-27
designing your network, examples 1-17
destination addresses
in IPv4 ACLs 38-11
in IPv6 ACLs 45-5
destination-IP address-based forwarding, EtherChannel 40-8
destination-MAC address forwarding, EtherChannel 40-8
detecting indirect link failures, STP 23-5
device A-22
device discovery protocol 31-1, 32-1
device manager
benefits 1-2
described 1-2, 1-4
in-band management 1-5
upgrading a switch A-22
DHCP
Cisco IOS server database
configuring 26-14
default configuration 26-9
described 26-7
DHCP for IPv6
See DHCPv6
enabling
relay agent 26-11
DHCP-based autoconfiguration
client request message exchange 4-4
configuring
client side 4-4
DNS 4-8
relay device 4-8
server side 4-6
TFTP server 4-7
example 4-9
lease options
for IP address information 4-6
for receiving the configuration file 4-7
overview 4-3
relationship to BOOTP 4-4
relay support 1-4, 1-13
support for 1-4
DHCP-based autoconfiguration and image update
configuring 4-11 to 4-14
understanding 4-5 to 4-6
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP object tracking, configuring primary interface 48-10
DHCP option 82
circuit ID suboption 26-5
configuration guidelines 26-9
default configuration 26-9
displaying 26-16
forwarding address, specifying 26-11
helper address 26-11
overview 26-4
packet format, suboption
circuit ID 26-5
remote ID 26-5
remote ID suboption 26-5
DHCP server port-based address allocation
configuration guidelines 26-27
default configuration 26-27
described 26-26
displaying 26-29
enabling 26-27
reserved addresses 26-27
DHCP server port-based address assignment
support for 1-5
DHCP snooping
accepting untrusted packets form edge switch 26-3, 26-13
and private VLANs 26-14
binding database
See DHCP snooping binding database
configuration guidelines 26-9
default configuration 26-9
displaying binding tables 26-16
message exchange process 26-4
option 82 data insertion 26-4
trusted interface 26-2
untrusted interface 26-2
untrusted messages 26-2
DHCP snooping binding database
adding bindings 26-15
binding file
format 26-8
location 26-7
bindings 26-7
clearing agent statistics 26-15
configuration guidelines 26-10
configuring 26-15
default configuration 26-9
deleting
binding file 26-15
bindings 26-15
database agent 26-15
described 26-7
displaying 26-16
binding entries 26-16
status and statistics 26-16
enabling 26-15
entry 26-7
renewing database 26-15
resetting
delay value 26-15
timeout value 26-15
DHCP snooping binding table
See DHCP snooping binding database
DHCPv6
configuration guidelines 42-15
default configuration 42-15
described 42-6
enabling client function 42-17
enabling DHCPv6 server function 42-15
support for 1-13
Differentiated Services architecture, QoS 39-2
Differentiated Services Code Point 39-2
Diffusing Update Algorithm (DUAL) 41-33
directed unicast requests 1-5
directories
changing A-4
creating and removing A-4
displaying the working A-4
discovery, clusters
See automatic discovery
displaying switch alarms 3-13
Distance Vector Multicast Routing Protocol
See DVMRP
distance-vector protocols 41-3
distribute-list command 41-98
DNS
and DHCP-based autoconfiguration 4-8
default configuration 7-9
displaying the configuration 7-10
in IPv6 42-3
overview 7-8
setting up 7-9
support for 1-4
DNS-based SSM mapping 50-18, 50-19
domain names
DNS 7-8
VTP 17-8
Domain Name System
See DNS
domains, ISO IGRP routing 41-62
dot1q-tunnel switchport mode 16-15
double-tagged packets
IEEE 802.1Q tunneling 20-2
Layer 2 protocol tunneling 20-10
downloadable ACL 12-18, 12-20, 12-59
downloading
configuration files
preparing A-10, A-12, A-15
reasons for A-8
using FTP A-13
using RCP A-16
using TFTP A-10
image files
deleting old image A-25
preparing A-24, A-27, A-31
reasons for A-22
using FTP A-28
using HTTP A-22
using RCP A-32
using TFTP A-24
using the device manager or Network Assistant A-22
drop threshold for Layer 2 protocol packets 20-11
DRP
configuring 42-13
described 42-4
IPv6 42-4
support for 1-13
DSCP 1-11, 39-2
DSCP input queue threshold map for QoS 39-16
DSCP output queue threshold map for QoS 39-18
DSCP-to-CoS map for QoS 39-64
DSCP-to-DSCP-mutation map for QoS 39-65
DSCP transparency 39-40
DTP 1-7, 16-15
dual-action detection 40-5
DUAL finite state machine, EIGRP 41-34
dual IPv4 and IPv6 templates 10-2, 42-5
dual protocol stacks
IPv4 and IPv6 42-5
SDM templates supporting 42-6
dual-purpose uplinks
defined 14-6
LEDs 14-6
link selection 14-6, 14-18
setting the type 14-18
DVMRP
autosummarization
configuring a summary address 50-57
disabling 50-59
connecting PIM domain to DVMRP router 50-50
enabling unicast routing 50-53
interoperability
with Cisco devices 50-48
with Cisco IOS software 50-8
mrinfo requests, responding to 50-52
neighbors
advertising the default route to 50-51
discovery with Probe messages 50-48
displaying information 50-52
prevent peering with nonpruning 50-55
rejecting nonpruning 50-54
overview 50-8
routes
adding a metric offset 50-59
advertising all 50-59
advertising the default route to neighbors 50-51
caching DVMRP routes learned in report messages 50-53
changing the threshold for syslog messages 50-56
deleting 50-60
displaying 50-61
favoring one over another 50-59
limiting the number injected into MBONE 50-56
limiting unicast route advertisements 50-48
routing table 50-9
source distribution tree, building 50-9
support for 1-13
tunnels
configuring 50-50
displaying neighbor information 50-52
dynamic access ports
characteristics 16-3
configuring 16-27
defined 14-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 27-1
ARP requests, described 27-1
ARP spoofing attack 27-1
clearing
log buffer 27-15
statistics 27-15
configuration guidelines 27-5
configuring
ACLs for non-DHCP environments 27-8
in DHCP environments 27-7
log buffer 27-12
rate limit for incoming ARP packets 27-4, 27-10
default configuration 27-5
denial-of-service attacks, preventing 27-10
described 27-1
DHCP snooping binding database 27-2
displaying
ARP ACLs 27-14
configuration and operating state 27-14
log buffer 27-15
statistics 27-15
trust state and rate limit 27-14
error-disabled state for exceeding rate limit 27-4
function of 27-2
interface trust states 27-3
log buffer
clearing 27-15
configuring 27-12
displaying 27-15
logging of dropped packets, described 27-4
man-in-the middle attack, described 27-2
network security issues and interface trust states 27-3
priority of ARP ACLs and DHCP snooping entries 27-4
rate limiting of ARP packets
configuring 27-10
described 27-4
error-disabled state 27-4
statistics
clearing 27-15
displaying 27-15
validation checks, performing 27-11
dynamic auto trunking mode 16-15
dynamic desirable trunking mode 16-15
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 16-25
reconfirming 16-28
troubleshooting 16-30
types of connections 16-27
dynamic routing 41-3
ISO CLNS 41-62
Dynamic Trunking Protocol
See DTP
E
EBGP 41-41
editing features
enabling and disabling 2-7
keystrokes used 2-8
wrapped lines 2-9
EIGRP
authentication 41-38
components 41-34
configuring 41-36
default configuration 41-34
definition 41-33
interface parameters, configuring 41-37
monitoring 41-40
stub routing 41-39
ELIN location 31-2
embedded event manager
actions 37-4
configuring 37-1, 37-5
displaying information 37-6
environmental variables 37-4
event detectors 37-2
policies 37-4
registering and defining an applet 37-5
registering and defining a TCL script 37-6
understanding 37-1
enable password 11-4
enable secret password 11-4
enabling SNMP traps 3-13
encryption, CipherSuite 11-52
encryption for passwords 11-4
Enhanced IGRP
See EIGRP
enhanced object tracking
backup static routing 48-11
commands 48-1
defined 48-1
DHCP primary interface 48-10
HSRP 48-7
IP routing state 48-2
IP SLAs 48-9
line-protocol state 48-2
network monitoring with IP SLAs 48-11
routing policy, configuring 48-11
static route primary interface 48-10
tracked lists 48-3
enhanced object tracking static routing 48-10
environmental variables, embedded event manager 37-4
environment variables, function of 4-20
equal-cost routing 1-12, 41-88
error-disabled state, BPDU 23-2
error messages during command entry 2-5
EtherChannel
automatic creation of 40-4, 40-6
channel groups
binding physical and logical interfaces 40-3
numbering of 40-3
configuration guidelines 40-10
configuring
Layer 2 interfaces 40-11
Layer 3 physical interfaces 40-14
Layer 3 port-channel logical interfaces 40-13
default configuration 40-10
described 40-2
displaying status 40-20
forwarding methods 40-7, 40-16
IEEE 802.3ad, described 40-6
interaction
with STP 40-10
with VLANs 40-11
LACP
described 40-6
displaying status 40-20
hot-standby ports 40-18
interaction with other features 40-7
modes 40-6
port priority 40-19
system priority 40-19
Layer 3 interface 41-3
load balancing 40-7, 40-16
logical interfaces, described 40-3
PAgP
aggregate-port learners 40-16
compatibility with Catalyst 1900 40-17
described 40-4
displaying status 40-20
interaction with other features 40-6
interaction with virtual switches 40-5
learn method and priority configuration 40-16
modes 40-5
support for 1-3
with dual-action detection 40-5
port-channel interfaces
described 40-3
port groups 14-6
support for 1-3
EtherChannel guard
described 23-7
disabling 23-14
enabling 23-14
Ethernet VLANs
adding 16-8
defaults and ranges 16-7
modifying 16-8
EUI 42-3
event detectors, embedded event manager 37-2
events, RMON 34-3
examples
network configuration 1-17
expedite queue for QoS 39-76
Express Setup 1-2
See also getting started guide
extended crashinfo file 53-19
extended-range VLANs
configuration guidelines 16-11
configuring 16-10
creating 16-12
creating with an internal VLAN ID 16-13
defined 16-1
extended system ID
MSTP 22-17
STP 21-4, 21-14
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 12-1
external BGP
See EBGP
external neighbors, BGP 41-45
F
fa0 interface 1-5
fallback bridging
and protected ports 52-3
bridge groups
creating 52-3
described 52-1
displaying 52-10
function of 52-2
number supported 52-4
removing 52-4
bridge table
clearing 52-10
displaying 52-10
configuration guidelines 52-3
connecting interfaces with 14-12
default configuration 52-3
described 52-1
frame forwarding
flooding packets 52-2
forwarding packets 52-2
overview 52-1
protocol, unsupported 52-3
STP
disabling on an interface 52-9
forward-delay interval 52-8
hello BPDU interval 52-7
interface priority 52-6
maximum-idle interval 52-8
path cost 52-6
VLAN-bridge spanning-tree priority 52-5
VLAN-bridge STP 52-2
support for 1-12
SVIs and routed ports 52-1
unsupported protocols 52-3
VLAN-bridge STP 21-10
Fast Convergence 25-3
FCS bit error rate alarm
configuring 3-10
defined 3-3
FCS error hysteresis threshold 3-2
features, incompatible 29-12
FIB 41-87
fiber-optic, detecting unidirectional links 33-1
files
basic crashinfo
description 53-19
location 53-19
copying A-5
crashinfo, description 53-19
deleting A-5
displaying the contents of A-8
extended crashinfo
description 53-20
location 53-20
tar
creating A-6
displaying the contents of A-6
extracting A-7
image file format A-22
file system
displaying available file systems A-2
displaying file information A-3
local file system names A-1
network file system names A-5
setting the default A-2
filtering
in a VLAN 38-29
IPv6 traffic 45-3, 45-7
non-IP traffic 38-27
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
See ACLs, IP
flash device, number of A-1
flexible authentication ordering
configuring 12-62
overview 12-28
Flex Link Multicast Fast Convergence 25-3
Flex Links
configuration guidelines 25-8
configuring 25-8, 25-9
configuring preferred VLAN 25-11
configuring VLAN load balancing 25-10
default configuration 25-7
description 25-1
link load balancing 25-2
monitoring 25-14
VLANs 25-2
flooded traffic, blocking 29-8
flow-based packet classification 1-11
flowcharts
QoS classification 39-6
QoS egress queueing and scheduling 39-17
QoS ingress queueing and scheduling 39-15
QoS policing and marking 39-10
flowcontrol
configuring 14-22
described 14-22
forward-delay time
MSTP 22-23
STP 21-21
Forwarding Information Base
See FIB
forwarding nonroutable protocols 52-1
FTP
configuration files
downloading A-13
overview A-12
preparing the server A-12
uploading A-14
image files
deleting old image A-29
downloading A-28
preparing the server A-27
uploading A-29
G
general query 25-5
Generating IGMP Reports 25-3
get-bulk-request operation 36-3
get-next-request operation 36-3, 36-4
get-request operation 36-3, 36-4
get-response operation 36-3
global configuration mode 2-2
global leave, IGMP 28-13
global status monitoring alarms 3-2
guest VLAN and 802.1x 12-21
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces 14-28
hello time
MSTP 22-22
STP 21-20
help, for the command line 2-3
hierarchical policy maps 39-8
configuration guidelines 39-33
configuring 39-52
described 39-11
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 35-10
host names, in clusters 6-13
host ports
configuring 19-11
kinds of 19-2
hosts, limit on dynamic ports 16-30
Hot Standby Router Protocol
See HSRP
HP OpenView 1-4
HSRP
authentication string 46-10
automatic cluster recovery 6-12
binding to cluster group 46-12
cluster standby group considerations 6-11
command-switch redundancy 1-6
configuring 46-4
default configuration 46-5
definition 46-1
guidelines 46-6
monitoring 46-13
object tracking 48-7
overview 46-1
priority 46-8
routing redundancy 1-12
support for ICMP redirect messages 46-12
timers 46-11
tracking 46-8
See also clusters, cluster standby group, and standby command switch
HSRP for IPv6
configuring 42-24
guidelines 42-23
HTTP over SSL
see HTTPS
HTTPS 11-50
configuring 11-54
self-signed certificate 11-51
HTTP secure server 11-50
I
IBPG 41-41
ICMP
IPv6 42-4
redirect messages 41-11
support for 1-12
time-exceeded messages 53-13
traceroute and 53-13
unreachable messages 38-20
unreachable messages and IPv6 45-4
unreachables and ACLs 38-21
ICMP Echo operation
configuring 47-12
IP SLAs 47-11
ICMP ping
executing 53-10
overview 53-10
ICMP Router Discovery Protocol
See IRDP
ICMPv6 42-4
IDS appliances
and ingress RSPAN 30-19
and ingress SPAN 30-13
IEEE 802.1D
See STP
IEEE 802.1p 18-1
IEEE 802.1Q
and trunk ports 14-3
configuration limitations 16-16
encapsulation 16-14
native VLAN for untagged traffic 16-20
tunneling
compatibility with other features 20-5
defaults 20-4
described 20-1
tunnel ports with other features 20-6
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3ad, PoE+ 14-7
IEEE 802.3x flow control 14-22
ifIndex values, SNMP 36-5
IFS 1-5
IGMP
configurable leave timer
described 28-6
enabling 28-11
configuring the switch
as a member of a group 50-38
statically connected member 50-42
controlling access to groups 50-39
default configuration 50-38
deleting cache entries 50-61
displaying groups 50-61
fast switching 50-42
flooded multicast traffic
controlling the length of time 28-12
disabling on an interface 28-13
global leave 28-13
query solicitation 28-13
recovering from flood mode 28-13
host-query interval, modifying 50-40
joining multicast group 28-3
join messages 28-3
leave processing, enabling 28-10, 44-8
leaving multicast group 28-5
multicast reachability 50-38
overview 50-2
queries 28-4
report suppression
described 28-6
disabling 28-15, 44-11
supported versions 28-3
support for 1-3
Version 1
changing to Version 2 50-40
described 50-3
Version 2
changing to Version 1 50-40
described 50-3
maximum query response time value 50-42
pruning groups 50-42
query timeout value 50-41
IGMP filtering
configuring 28-24
default configuration 28-24
described 28-23
monitoring 28-28
support for 1-3
IGMP groups
configuring filtering 28-27
setting the maximum number 28-26
IGMP helper 1-3, 50-6
IGMP Immediate Leave
configuration guidelines 28-11
described 28-5
enabling 28-10
IGMP profile
applying 28-25
configuration mode 28-24
configuring 28-25
IGMP snooping
and address aliasing 28-2
configuring 28-6
default configuration 28-7, 44-5, 44-6
definition 28-2
enabling and disabling 28-7, 44-6
global configuration 28-7
Immediate Leave 28-5
method 28-8
monitoring 28-15, 44-11
querier
configuration guidelines 28-14
configuring 28-14
supported versions 28-3
support for 1-3
VLAN configuration 28-8
IGMP throttling
configuring 28-27
default configuration 28-24
described 28-24
displaying action 28-28
IGP 41-24
Immediate Leave, IGMP 28-5
enabling 44-8
inaccessible authentication bypass 12-23
support for multiauth ports 12-23
initial configuration
defaults 1-14
Express Setup 1-2
interface
range macros 14-15
interface command 14-12 to 14-13
interface configuration
REP 24-9
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 14-23
configuration guidelines
duplex and speed 14-20
configuring
procedure 14-13
counters, clearing 14-33
default configuration 14-17
described 14-27
descriptive name, adding 14-27
displaying information about 14-32
flow control 14-22
management 1-4
monitoring 14-32
naming 14-27
physical, identifying 14-12
range of 14-14
restarting 14-33
shutting down 14-33
speed and duplex, configuring 14-21
status 14-32
supported 14-12
types of 14-1
interfaces range macro command 14-15
interface types 14-12
Interior Gateway Protocol
See IGP
internal BGP
See IBGP
internal neighbors, BGP 41-45
Internet Control Message Protocol
See ICMP
Internet Group Management Protocol
See IGMP
Internet Protocol version 6
See IPv6
inter-VLAN routing 1-12, 41-2
Intrusion Detection System
See IDS appliances
inventory management TLV 31-2, 31-6
IP ACLs
for QoS classification 39-7
implicit deny 38-9, 38-14
implicit masks 38-9
named 38-14
undefined 38-21
IP addresses
128-bit 42-2
candidate or member 6-3, 6-13
classes of 41-5
cluster access 6-2
command switch 6-3, 6-11, 6-13
default configuration 41-4
discovering 7-23
for IP routing 41-4
IPv6 42-2
MAC address association 41-8
monitoring 41-17
redundant clusters 6-11
standby command switch 6-11, 6-13
See also IP information
IP broadcast address 41-15
ip cef distributed command 41-87
IP directed broadcasts 41-13
ip igmp profile command 28-24
IP information
assigned
manually 4-14
through DHCP-based autoconfiguration 4-3
default configuration 4-3
IP multicast routing
addresses
all-hosts 50-3
all-multicast-routers 50-3
host group address range 50-3
administratively-scoped boundaries, described 50-45
and IGMP snooping 28-2
Auto-RP
adding to an existing sparse-mode cloud 50-25
benefits of 50-25
clearing the cache 50-61
configuration guidelines 50-11
filtering incoming RP announcement messages 50-28
overview 50-6
preventing candidate RP spoofing 50-28
preventing join messages to false RPs 50-27
setting up in a new internetwork 50-25
using with BSR 50-33
bootstrap router
configuration guidelines 50-11
configuring candidate BSRs 50-31
configuring candidate RPs 50-32
defining the IP multicast boundary 50-30
defining the PIM domain border 50-29
overview 50-7
using with Auto-RP 50-33
Cisco implementation 50-1
configuring
basic multicast routing 50-11
IP multicast boundary 50-45
default configuration 50-10
enabling
multicast forwarding 50-12
PIM mode 50-12
group-to-RP mappings
Auto-RP 50-6
BSR 50-7
MBONE
deleting sdr cache entries 50-61
described 50-44
displaying sdr cache 50-62
enabling sdr listener support 50-45
limiting DVMRP routes advertised 50-56
limiting sdr cache entry lifetime 50-45
SAP packets for conference session announcement 50-44
Session Directory (sdr) tool, described 50-44
monitoring
packet rate loss 50-62
peering devices 50-62
tracing a path 50-62
multicast forwarding, described 50-7
PIMv1 and PIMv2 interoperability 50-10
protocol interaction 50-2
reverse path check (RPF) 50-7
routing table
deleting 50-61
displaying 50-61
RP
assigning manually 50-23
configuring Auto-RP 50-25
configuring PIMv2 BSR 50-29
monitoring mapping information 50-33
using Auto-RP and BSR 50-33
statistics, displaying system and network 50-61
See also CGMP
See also DVMRP
See also IGMP
See also PIM
IP phones
and QoS 18-1
automatic classification and queueing 39-20
configuring 18-4
ensuring port security with QoS 39-38
trusted boundary for QoS 39-38
IP Port Security for Static Hosts
on a Layer 2 access port 26-20
on a PVLAN host port 26-23
IP precedence 39-2
IP-precedence-to-DSCP map for QoS 39-62
IP protocols
in ACLs 38-11
routing 1-12
IP routes, monitoring 41-100
IP routing
connecting interfaces with 14-11
disabling 41-18
enabling 41-18
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 47-1
IP SLAs
benefits 47-2
configuration guidelines 47-6
configuring object tracking 48-9
Control Protocol 47-4
default configuration 47-6
definition 47-1
ICMP echo operation 47-11
measuring network performance 47-3
monitoring 47-13
multioperations scheduling 47-5
object tracking 48-9
operation 47-3
reachability tracking 48-9
responder
described 47-4
enabling 47-8
response time 47-4
scheduling 47-5
SNMP support 47-2
supported metrics 47-2
threshold monitoring 47-6
track object monitoring agent, configuring 48-11
track state 48-9
UDP jitter operation 47-9
IP source guard
and 802.1x 26-19
and DHCP snooping 26-16
and EtherChannels 26-19
and port security 26-19
and private VLANs 26-19
and routed ports 26-18
and TCAM entries 26-19
and trunk interfaces 26-18
and VRF 26-19
binding configuration
automatic 26-16
manual 26-16
binding table 26-16
configuration guidelines 26-18
default configuration 26-18
described 26-16
disabling 26-20
displaying
active IP or MAC bindings 26-26
bindings 26-26
configuration 26-26
enabling 26-19, 26-20
filtering
source IP address 26-17
source IP and MAC address 26-17
source IP address filtering 26-17
source IP and MAC address filtering 26-17
static bindings
adding 26-19, 26-20
deleting 26-20
static hosts 26-20
IP traceroute
executing 53-13
overview 53-13
IP unicast routing
address resolution 41-8
administrative distances 41-89, 41-99
ARP 41-8
assigning IP addresses to Layer 3 interfaces 41-5
authentication keys 41-99
broadcast
address 41-15
flooding 41-16
packets 41-13
storms 41-13
classless routing 41-6
configuring static routes 41-88
default
addressing configuration 41-4
gateways 41-11
networks 41-90
routes 41-89
routing 41-2
directed broadcasts 41-13
disabling 41-18
dynamic routing 41-3
enabling 41-18
EtherChannel Layer 3 interface 41-3
IGP 41-24
inter-VLAN 41-2
IP addressing
classes 41-5
configuring 41-4
IRDP 41-11
Layer 3 interfaces 41-3
MAC address and IP address 41-8
passive interfaces 41-97
protocols
distance-vector 41-3
dynamic 41-3
link-state 41-3
proxy ARP 41-8
redistribution 41-90
reverse address resolution 41-8
routed ports 41-3
static routing 41-3
steps to configure 41-4
subnet mask 41-5
subnet zero 41-6
supernet 41-6
UDP 41-14
with SVIs 41-3
See also BGP
See also EIGRP
See also OSPF
See also RIP
IPv4 ACLs
applying to interfaces 38-19
extended, creating 38-10
named 38-14
standard, creating 38-9
IPv4 and IPv6
dual protocol stacks 42-5
IPv6
ACLs
displaying 45-8
limitations 45-2
matching criteria 45-3
port 45-1
precedence 45-2
router 45-1
supported 45-2
addresses 42-2
address formats 42-2
applications 42-5
assigning address 42-10
autoconfiguration 42-4
CEFv6 42-18
configuring static routes 42-19
default configuration 42-10
default router preference (DRP) 42-4
defined 42-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 42-7
EIGRP IPv6 Commands 42-7
Router ID 42-7
feature limitations 42-9
features not supported 42-8
forwarding 42-10
ICMP 42-4
monitoring 42-26
neighbor discovery 42-4
OSPF 42-7
path MTU discovery 42-4
SDM templates 10-2, 44-1, 45-1
Stateless Autoconfiguration 42-4
supported features 42-2
switch limitations 42-9
understanding static routes 42-6
IPv6 traffic, filtering 45-3
IRDP
configuring 41-12
definition 41-11
support for 1-12
IS-IS
addresses 41-62
area routing 41-62
default configuration 41-63
monitoring 41-71
show commands 41-71
system routing 41-62
ISO CLNS
clear commands 41-71
dynamic routing protocols 41-62
monitoring 41-71
NETs 41-62
NSAPs 41-62
OSI standard 41-62
ISO IGRP
area routing 41-62
system routing 41-62
isolated port 19-2
isolated VLANs 19-2, 19-3
J
join messages, IGMP 28-3
K
KDC
described 11-41
See also Kerberos
Kerberos
authenticating to
boundary switch 11-43
KDC 11-43
network services 11-44
configuration examples 11-40
configuring 11-44
credentials 11-41
cryptographic software image 11-40
described 11-41
KDC 11-41
operation 11-43
realm 11-42
server 11-42
support for 1-10
switch as trusted third party 11-40
terms 11-41
TGT 11-42
tickets 11-41
key distribution center
See KDC
L
l2protocol-tunnel command 20-12
LACP
Layer 2 protocol tunneling 20-9
See EtherChannel
Layer 2 frames, classification with CoS 39-2
Layer 2 interfaces, default configuration 14-17
Layer 2 protocol tunneling
configuring 20-10
configuring for EtherChannels 20-14
default configuration 20-11
defined 20-8
guidelines 20-11
Layer 2 traceroute
and ARP 53-12
and CDP 53-11
broadcast traffic 53-11
described 53-11
IP addresses and subnets 53-12
MAC addresses and VLANs 53-12
multicast traffic 53-12
multiple devices on a port 53-12
unicast traffic 53-11
usage guidelines 53-11
Layer 3 features 1-12
Layer 3 interfaces
assigning IP addresses to 41-5
assigning IPv4 and IPv6 addresses to 42-14
assigning IPv6 addresses to 42-11
changing from Layer 2 mode 41-5, 41-79
types of 41-3
Layer 3 packets, classification methods 39-2
LDAP 5-2
Leaking IGMP Reports 25-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-3
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 22-7
link fault alarm 3-3
link integrity, verifying with REP 24-3
Link Layer Discovery Protocol
See CDP
link local unicast addresses 42-3
link redundancy
See Flex Links
links, unidirectional 33-1
link state advertisements (LSAs) 41-29
link-state protocols 41-3
link-state tracking
configuring 40-23
described 40-21
LLDP
configuring 31-4
characteristics 31-5
default configuration 31-4
enabling 31-5
monitoring and maintaining 31-10
overview 31-1
supported TLVs 31-1
switch stack considerations 31-2
transmission timer and holdtime, setting 31-5
LLDP-MED
configuring
procedures 31-4
TLVs 31-6
monitoring and maintaining 31-10
overview 31-1, 31-2
supported TLVs 31-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing 46-4
local SPAN 30-2
location TLV 31-2, 31-6
logging messages, ACL 38-8
login authentication
with RADIUS 11-30
with TACACS+ 11-14
login banners 7-10
log messages
See system message logging
loop guard
described 23-9
enabling 23-15
support for 1-7
LRE profiles, considerations in switch clusters 6-14
M
MAB
See MAC authentication bypass
MAB aging timer 1-8
MAB inactivity timer
default setting 12-33
range 12-36
MAC/PHY configuration status TLV 31-2
MAC addresses
aging time 7-14
and VLAN association 7-13
building the address table 7-13
default configuration 7-14
disabling learning on a VLAN 7-22
discovering 7-23
displaying 7-23
displaying in the IP source binding table 26-26
dynamic
learning 7-13
removing 7-15
in ACLs 38-27
IP address association 41-8
static
adding 7-20
allowing 7-21, 7-22
characteristics of 7-19
dropping 7-21
removing 7-20
MAC address learning 1-5
MAC address learning, disabling on a VLAN 7-22
MAC address notification, support for 1-14
MAC address-table move update
configuration guidelines 25-8
configuring 25-12
default configuration 25-8
description 25-6
monitoring 25-14
MAC address-to-VLAN mapping 16-24
MAC authentication bypass 12-35
configuring 12-55
overview 12-16
See MAB
MAC extended access lists
applying to Layer 2 interfaces 38-28
configuring for QoS 39-45
creating 38-27
defined 38-27
for QoS classification 39-5
magic packet 12-25
manageability features 1-4
management access
in-band
browser session 1-5
CLI session 1-5
device manager 1-5
SNMP 1-5
out-of-band console port connection 1-5
management address TLV 31-2
management options
CLI 2-1
clustering 1-2
CNS 5-1
overview 1-4
management VLAN
considerations in switch clusters 6-7
discovery through different management VLANs 6-7
manual preemption, REP, configuring 24-13
mapping tables for QoS
configuring
CoS-to-DSCP 39-61
DSCP 39-60
DSCP-to-CoS 39-64
DSCP-to-DSCP-mutation 39-65
IP-precedence-to-DSCP 39-62
policed-DSCP 39-63
described 39-12
marking
action with aggregate policers 39-58
described 39-4, 39-8
matching
IPv6 ACLs 45-3
matching, IPv4 ACLs 38-7
maximum aging time
MSTP 22-23
STP 21-21
maximum hop count, MSTP 22-24
maximum number of allowed devices, port-based authentication 12-36
maximum-paths command 41-49, 41-88
MDA
configuration guidelines 12-12 to 12-13
described 1-9, 12-12
exceptions with authentication process 12-5
membership mode, VLAN port 16-3
member switch
automatic discovery 6-4
defined 6-1
managing 6-14
passwords 6-13
recovering from lost connectivity 53-7
requirements 6-3
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 7-10
metrics, in BGP 41-49
metric translations, between routing protocols 41-93
metro tags 20-2
MHSRP 46-4
MIBs
overview 36-1
SNMP interaction with 36-4
mirroring traffic for analysis 30-1
mismatches, autonegotiation 53-8
module number 14-12
monitoring
access groups 38-41
alarms 3-13
BGP 41-61
cables for unidirectional links 33-1
CDP 32-5
CEF 41-87
EIGRP 41-40
fallback bridging 52-10
features 1-13
Flex Links 25-14
HSRP 46-13
IEEE 802.1Q tunneling 20-17
IGMP
filters 28-28
snooping 28-15, 44-11
interfaces 14-32
IP
address tables 41-17
multicast routing 50-60
routes 41-100
IP SLAs operations 47-13
IPv4 ACL configuration 38-41
IPv6 42-26
IPv6 ACL configuration 45-8
IS-IS 41-71
ISO CLNS 41-71
Layer 2 protocol tunneling 20-17
MAC address-table move update 25-14
MSDP peers 51-18
multicast router interfaces 28-16, 44-11
multi-VRF CE 41-86
MVR 28-23
network traffic for analysis with probe 30-2
object tracking 48-12
OSPF 41-32
port
blocking 29-21
protection 29-21
private VLANs 19-14
PROFINET 9-5
PTP 8-4
REP 24-13
RP mapping information 50-33
SFP status 14-32, 53-9
source-active messages 51-18
speed and duplex mode 14-21
SSM mapping 50-21
traffic flowing among switches 34-1
traffic suppression 29-20
tunneling 20-17
VLAN
filters 38-41
maps 38-41
VLANs 16-14
VMPS 16-29
VTP 17-16
mrouter Port 25-3
mrouter port 25-5
MSDP
benefits of 51-3
clearing MSDP connections and statistics 51-18
controlling source information
forwarded by switch 51-11
originated by switch 51-8
received by switch 51-13
default configuration 51-4
dense-mode regions
sending SA messages to 51-16
specifying the originating address 51-17
filtering
incoming SA messages 51-14
SA messages to a peer 51-12
SA requests from a peer 51-10
join latency, defined 51-6
meshed groups
configuring 51-15
defined 51-15
originating address, changing 51-17
overview 51-1
peer-RPF flooding 51-2
peers
configuring a default 51-4
monitoring 51-18
peering relationship, overview 51-1
requesting source information from 51-8
shutting down 51-15
source-active messages
caching 51-6
clearing cache entries 51-18
defined 51-2
filtering from a peer 51-10
filtering incoming 51-14
filtering to a peer 51-12
limiting data with TTL 51-13
monitoring 51-18
restricting advertised sources 51-9
support for 1-13
MSTP
boundary ports
configuration guidelines 22-15
described 22-6
BPDU filtering
described 23-3
enabling 23-12
BPDU guard
described 23-2
enabling 23-11
CIST, described 22-3
CIST regional root 22-3
CIST root 22-5
configuration guidelines 22-14, 23-10
configuring
forward-delay time 22-23
hello time 22-22
link type for rapid convergence 22-24
maximum aging time 22-23
maximum hop count 22-24
MST region 22-15
neighbor type 22-25
path cost 22-20
port priority 22-19
root switch 22-17
secondary root switch 22-18
switch priority 22-21
CST
defined 22-3
operations between regions 22-3
default configuration 22-14
default optional feature configuration 23-9
displaying status 22-26
enabling the mode 22-15
EtherChannel guard
described 23-7
enabling 23-14
extended system ID
effects on root switch 22-17
effects on secondary root switch 22-18
unexpected behavior 22-17
IEEE 802.1s
implementation 22-6
port role naming change 22-6
terminology 22-5
instances supported 21-9
interface state, blocking to forwarding 23-2
interoperability and compatibility among modes 21-10
interoperability with IEEE 802.1D
described 22-8
restarting migration process 22-25
IST
defined 22-2
master 22-3
operations within a region 22-3
loop guard
described 23-9
enabling 23-15
mapping VLANs to MST instance 22-16
MST region
CIST 22-3
configuring 22-15
described 22-2
hop-count mechanism 22-5
IST 22-2
supported spanning-tree instances 22-2
optional features supported 1-7
overview 22-2
Port Fast
described 23-2
enabling 23-10
preventing root switch selection 23-8
root guard
described 23-8
enabling 23-15
root switch
configuring 22-17
effects of extended system ID 22-17
unexpected behavior 22-17
shutdown Port Fast-enabled port 23-2
status, displaying 22-26
multiauth
support for inaccessible authentication bypass 12-23
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 28-5
joining 28-3
leaving 28-5
static joins 28-10, 44-7
multicast packets
ACLs on 38-40
blocking 29-8
multicast router interfaces, monitoring 28-16, 44-11
multicast router ports, adding 28-9, 44-8
Multicast Source Discovery Protocol
See MSDP
multicast storm 29-1
multicast storm-control command 29-4
multicast television application 28-17
multicast VLAN 28-17
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multioperations scheduling, IP SLAs 47-5
multiple authentication 12-13
multiple authentication mode
configuring 12-42
Multiple HSRP
See MHSRP
multiple VPN routing/forwarding in customer edge devices
See multi-VRF CE
multi-VRF CE
configuration example 41-82
configuration guidelines 41-74
configuring 41-74
default configuration 41-74
defined 41-72
displaying 41-86
monitoring 41-86
network components 41-74
packet-forwarding process 41-73
support for 1-12
MVR
and address aliasing 28-20
and IGMPv3 28-20
configuration guidelines 28-19
configuring interfaces 28-21
default configuration 28-19
described 28-17
example application 28-17
modes 28-20
monitoring 28-23
multicast television application 28-17
setting global parameters 28-20
support for 1-3
N
NAC
AAA down policy 1-10
critical authentication 12-23, 12-51
IEEE 802.1x authentication using a RADIUS server 12-56
IEEE 802.1x validation using RADIUS server 12-56
inaccessible authentication bypass 1-10, 12-51
Layer 2 IEEE 802.1x validation 1-10, 12-28, 12-56
Layer 2 IP validation 1-10
named IPv4 ACLs 38-14
NameSpace Mapper
See NSM
native VLAN
and IEEE 802.1Q tunneling 20-4
configuring 16-20
default 16-20
NEAT
configuring 12-57
overview 12-29
neighbor discovery, IPv6 42-4
neighbor discovery/recovery, EIGRP 41-34
neighbor offset numbers, REP 24-4
neighbors, BGP 41-55
Network Admission Control
NAC
Network Assistant
benefits 1-2
described 1-4
upgrading a switch A-22
network configuration examples
increasing network performance 1-17
providing network services 1-18
network design
performance 1-17
services 1-18
Network Edge Access Topology
See NEAT
network management
CDP 32-1
RMON 34-1
SNMP 36-1
network performance, measuring with IP SLAs 47-3
network policy TLV 31-2, 31-6
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
configuration guidelines 39-33
described 39-9
non-IP traffic filtering 38-27
nontrunking mode 16-15
normal-range VLANs 16-4
configuration guidelines 16-6
configuring 16-4
defined 16-1
no switchport command 14-4
not-so-stubby areas
See NSSA
NSAPs, as ISO IGRP addresses 41-62
NSF Awareness
IS-IS 41-64
NSM 5-3
NSSA, OSPF 41-29
NTP
associations
defined 7-2
overview 7-2
stratum 7-2
support for 1-5
time
services 7-2
synchronizing 7-2
O
object tracking
HSRP 48-7
IP SLAs 48-9
IP SLAs, configuring 48-9
monitoring 48-12
off mode, VTP 17-3
open1x
configuring 12-62
open1x authentication
overview 12-29
Open Shortest Path First
See OSPF
optimizing system resources 10-1
options, management 1-4
OSPF
area parameters, configuring 41-28
configuring 41-26
default configuration
metrics 41-30
route 41-30
settings 41-25
described 41-23
for IPv6 42-7
interface parameters, configuring 41-27
LSA group pacing 41-31
monitoring 41-32
router IDs 41-32
route summarization 41-30
support for 1-12
virtual links 41-30
out-of-profile markdown 1-11
P
packet modification, with QoS 39-19
PAgP
Layer 2 protocol tunneling 20-9
See EtherChannel
parallel paths, in routing tables 41-88
passive interfaces
configuring 41-97
OSPF 41-30
passwords
default configuration 11-3
disabling recovery of 11-5
encrypting 11-4
for security 1-8
in clusters 6-13
overview 11-1
recovery of 53-3
setting
enable 11-3
enable secret 11-4
Telnet 11-6
with usernames 11-7
VTP domain 17-8
path cost
MSTP 22-20
STP 21-18
path MTU discovery 42-4
PBR
defined 41-94
enabling 41-95
fast-switched policy-based routing 41-97
local policy-based routing 41-97
PC (passive command switch) 6-10
peers, BGP 41-55
percentage thresholds in tracked lists 48-6
performance, network design 1-17
performance features 1-2
persistent self-signed certificate 11-51
per-user ACLs and Filter-Ids 12-8
per-VLAN spanning-tree plus
See PVST+
PE to CE routing, configuring 41-81
physical ports 14-2
PIM
default configuration 50-10
dense mode
overview 50-4
rendezvous point (RP), described 50-5
RPF lookups 50-8
displaying neighbors 50-61
enabling a mode 50-12
overview 50-3
router-query message interval, modifying 50-36
shared tree and source tree, overview 50-34
shortest path tree, delaying the use of 50-35
sparse mode
join messages and shared tree 50-5
overview 50-4
prune messages 50-5
RPF lookups 50-8
stub routing
configuration guidelines 50-21
displaying 50-61
enabling 50-22
overview 50-5
support for 1-13
versions
interoperability 50-10
troubleshooting interoperability problems 50-34
v2 improvements 50-4
PIM-DVMRP, as snooping method 28-8
ping
character output description 53-11
executing 53-10
overview 53-10
PoE
auto mode 14-9
CDP with power consumption, described 14-7
CDP with power negotiation, described 14-7
Cisco intelligent power management 14-7
configuring 14-24
cutoff power
determining 14-10
devices supported 14-7
high-power devices operating in low-power mode 14-7
IEEE power classification levels 14-8
power budgeting 14-25
power consumption 14-10, 14-25
powered-device detection and initial power allocation 14-8
power management modes 14-9
power negotiation extensions to CDP 14-7
standards supported 14-7
static mode 14-9
total available power 14-11
troubleshooting 53-8
PoE+ 14-7, 14-8
policed-DSCP map for QoS 39-63
policers
configuring
for each matched traffic class 39-48
for more than one traffic class 39-58
described 39-4
displaying 39-78
number of 39-34
types of 39-9
policing
described 39-4
hierarchical
See hierarchical policy maps
token-bucket algorithm 39-9
policy-based routing
See PBR
policy maps for QoS
characteristics of 39-48
described 39-7
displaying 39-78
hierarchical 39-8
hierarchical on SVIs
configuration guidelines 39-33
configuring 39-52
described 39-11
nonhierarchical on physical ports
configuration guidelines 39-33
described 39-9
port ACLs
defined 38-2
types of 38-3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 12-14
authentication server
defined 12-3, 13-2
RADIUS server 12-3
client, defined 12-3, 13-2
configuration guidelines 12-34, 13-9
configuring
802.1x authentication 12-39
guest VLAN 12-49
host mode 12-42
inaccessible authentication bypass 12-51
manual re-authentication of a client 12-44
periodic re-authentication 12-43
quiet period 12-44
RADIUS server 12-42, 13-13
RADIUS server parameters on the switch 12-41, 13-11
restricted VLAN 12-50
switch-to-client frame-retransmission number 12-45, 12-46
switch-to-client retransmission time 12-45
violation modes 12-38 to 12-39
default configuration 12-33, 13-9
described 12-1
device roles 12-2, 13-2
displaying statistics 12-64, 13-17
downloadable ACLs and redirect URLs
configuring 12-59 to 12-61, ?? to 12-61
overview 12-18 to 12-20
EAPOL-start frame 12-5
EAP-request/identity frame 12-5
EAP-response/identity frame 12-5
enabling
802.1X authentication 13-11
encapsulation 12-3
flexible authentication ordering
configuring 12-62
overview 12-28
guest VLAN
configuration guidelines 12-22, 12-23
described 12-21
host mode 12-11
inaccessible authentication bypass
configuring 12-51
described 12-23
guidelines 12-35
initiation and message exchange 12-5
magic packet 12-25
maximum number of allowed devices per port 12-36
method lists 12-39
multiple authentication 12-13
per-user ACLs
AAA authorization 12-39
configuration tasks 12-18
described 12-17
RADIUS server attributes 12-18
ports
authorization state and dot1x port-control command 12-10
authorized and unauthorized 12-10
voice VLAN 12-24
port security
described 12-25
readiness check
configuring 12-36
described 12-16, 12-36
resetting to default values 12-64
statistics, displaying 12-64
switch
as proxy 12-3, 13-2
RADIUS client 12-3
switch supplicant
configuring 12-57
overview 12-29
user distribution
guidelines 12-27
overview 12-27
VLAN assignment
AAA authorization 12-39
characteristics 12-16
configuration tasks 12-17
described 12-16
voice aware 802.1x security
configuring 12-37
described 12-29, 12-37
voice VLAN
described 12-24
PVID 12-24
VVID 12-24
wake-on-LAN, described 12-25
with ACLs and RADIUS Filter-Id attribute 12-31
port-based authentication methods, supported 12-7
port blocking 1-3, 29-7
port-channel
See EtherChannel
port description TLV 31-1
Port Fast
described 23-2
enabling 23-10
mode, spanning tree 16-26
support for 1-7
port membership modes, VLAN 16-3
port not forwarding alarm 3-3
port not operating alarm 3-3
port priority
MSTP 22-19
STP 21-17
ports
access 14-3
blocking 29-7
dual-purpose uplink 14-6
dynamic access 16-3
IEEE 802.1Q tunnel 16-4
protected 29-6
REP 24-6
routed 14-4
secure 29-8
static-access 16-3, 16-9
switch 14-2
trunks 16-3, 16-14
VLAN assignments 16-9
port security
aging 29-17
and private VLANs 29-18
and QoS trusted boundary 39-38
configuring 29-13
default configuration 29-11
described 29-8
displaying 29-21
enabling 29-18
on trunk ports 29-14
sticky learning 29-9
violations 29-10
with other features 29-11
port-shutdown response, VMPS 16-25
port status monitoring alarms
FCS bit error rate alarm 3-3
link fault alarm 3-3
port not forwarding alarm 3-3
port not operating alarm 3-3
port VLAN ID TLV 31-2
power management TLV 31-2, 31-6
preempt delay time, REP 24-5
preemption, default configuration 25-7
preemption delay, default configuration 25-8
preferential treatment of traffic
See QoS
prefix lists, BGP 41-53
preventing unauthorized access 11-1
primary edge port, REP 24-4
primary interface for object tracking, DHCP, configuring 48-10
primary interface for static routing, configuring 48-10
primary links 25-2
primary VLANs 19-1, 19-3
priority
HSRP 46-8
overriding CoS 18-6
trusting CoS 18-6
private VLAN edge ports
See protected ports
private VLANs
across multiple switches 19-4
and SDM template 19-4
and SVIs 19-5
benefits of 19-1
community ports 19-2
community VLANs 19-2, 19-3
configuration guidelines 19-6, 19-7, 19-8
configuration tasks 19-6
configuring 19-9
default configuration 19-6
end station access to 19-3
IP addressing 19-3
isolated port 19-2
isolated VLANs 19-2, 19-3
mapping 19-13
monitoring 19-14
ports
community 19-2
configuration guidelines 19-8
configuring host ports 19-11
configuring promiscuous ports 19-12
described 16-4
isolated 19-2
promiscuous 19-2
primary VLANs 19-1, 19-3
promiscuous ports 19-2
secondary VLANs 19-2
subdomains 19-1
traffic in 19-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 11-9
command switch 6-15
exiting 11-10
logging into 11-10
mapping on member switches 6-15
overview 11-2, 11-8
setting a command with 11-8
PROFINET 9-1
configuring 9-4
default configuration 9-4
displaying configuration 9-5
promiscuous ports
configuring 19-12
defined 19-2
protected ports 1-8, 29-6
protocol-dependent modules, EIGRP 41-34
Protocol-Independent Multicast Protocol
See PIM
protocol storm protection 29-19
provider edge devices 41-72
proxy ARP
configuring 41-10
definition 41-8
with IP routing disabled 41-11
proxy reports 25-3
pruning, VTP
disabling
in VTP domain 17-14
on a port 16-20
enabling
in VTP domain 17-14
on a port 16-19
examples 17-6
overview 17-5
pruning-eligible list
changing 16-19
for VTP pruning 17-5
VLANs 17-14
PTP
configuring 8-3
default configuration 8-2
displaying configuration 8-4
PVST+
described 21-9
IEEE 802.1Q trunking interoperability 21-10
instances supported 21-9
Q
QoS
and MQC commands 39-1
auto-QoS
categorizing traffic 39-20
configuration and defaults display 39-29
configuration guidelines 39-25
described 39-20
disabling 39-27
displaying generated commands 39-27
displaying the initial configuration 39-29
effects on running configuration 39-25
egress queue defaults 39-21
enabling for VoIP 39-26
example configuration 39-28
ingress queue defaults 39-21
list of generated commands 39-22
basic model 39-4
classification
class maps, described 39-7
defined 39-4
DSCP transparency, described 39-40
flowchart 39-6
forwarding treatment 39-3
in frames and packets 39-3
IP ACLs, described 39-5, 39-7
MAC ACLs, described 39-5, 39-7
options for IP traffic 39-5
options for non-IP traffic 39-5
policy maps, described 39-7
trust DSCP, described 39-5
trusted CoS, described 39-5
trust IP precedence, described 39-5
class maps
configuring 39-46
displaying 39-78
configuration guidelines
auto-QoS 39-25
standard QoS 39-33
configuring
aggregate policers 39-58
auto-QoS 39-20
default port CoS value 39-38
DSCP maps 39-60
DSCP transparency 39-40
DSCP trust states bordering another domain 39-40
egress queue characteristics 39-70
ingress queue characteristics 39-66
IP extended ACLs 39-44
IP standard ACLs 39-43
MAC ACLs 39-45
policy maps, hierarchical 39-52
port trust states within the domain 39-36
trusted boundary 39-38
default auto configuration 39-20
default standard configuration 39-30
displaying statistics 39-78
DSCP transparency 39-40
egress queues
allocating buffer space 39-71
buffer allocation scheme, described 39-17
configuring shaped weights for SRR 39-74
configuring shared weights for SRR 39-75
described 39-4
displaying the threshold map 39-74
flowchart 39-17
mapping DSCP or CoS values 39-73
scheduling, described 39-4
setting WTD thresholds 39-71
WTD, described 39-18
enabling globally 39-35
flowcharts
classification 39-6
egress queueing and scheduling 39-17
ingress queueing and scheduling 39-15
policing and marking 39-10
implicit deny 39-7
ingress queues
allocating bandwidth 39-68
allocating buffer space 39-68
buffer and bandwidth allocation, described 39-16
configuring shared weights for SRR 39-68
configuring the priority queue 39-69
described 39-4
displaying the threshold map 39-67
flowchart 39-15
mapping DSCP or CoS values 39-67
priority queue, described 39-16
scheduling, described 39-4
setting WTD thresholds 39-67
WTD, described 39-16
IP phones
automatic classification and queueing 39-20
detection and trusted settings 39-20, 39-38
limiting bandwidth on egress interface 39-77
mapping tables
CoS-to-DSCP 39-61
displaying 39-78
DSCP-to-CoS 39-64
DSCP-to-DSCP-mutation 39-65
IP-precedence-to-DSCP 39-62
policed-DSCP 39-63
types of 39-12
marked-down actions 39-50, 39-55
marking, described 39-4, 39-8
overview 39-1
packet modification 39-19
policers
configuring 39-50, 39-55, 39-59
described 39-8
displaying 39-78
number of 39-34
types of 39-9
policies, attaching to an interface 39-8
policing
described 39-4, 39-8
token bucket algorithm 39-9
policy maps
characteristics of 39-48
displaying 39-78
hierarchical 39-8
hierarchical on SVIs 39-52
nonhierarchical on physical ports 39-48
QoS label, defined 39-4
queues
configuring egress characteristics 39-70
configuring ingress characteristics 39-66
high priority (expedite) 39-19, 39-76
location of 39-13
SRR, described 39-14
WTD, described 39-13
rewrites 39-19
support for 1-11
trust states
bordering another domain 39-40
described 39-5
trusted device 39-38
within the domain 39-36
quality of service
See QoS
queries, IGMP 28-4
query solicitation, IGMP 28-13
R
RADIUS
attributes
vendor-proprietary 11-38
vendor-specific 11-36
configuring
accounting 11-35
authentication 11-30
authorization 11-34
communication, global 11-28, 11-36
communication, per-server 11-28
multiple UDP ports 11-28
default configuration 11-27
defining AAA server groups 11-32
displaying the configuration 11-40
identifying the server 11-28
in clusters 6-14
limiting the services to the user 11-34
method list, defined 11-27
operation of 11-20
overview 11-18
server load balancing 11-40
suggested network environments 11-19
support for 1-10
tracking services accessed by user 11-35
RADIUS Change of Authorization 11-20
range
macro 14-15
of interfaces 14-14
rapid convergence 22-9
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 21-9
IEEE 802.1Q trunking interoperability 21-10
instances supported 21-9
Rapid Spanning Tree Protocol
See RSTP
RARP 41-8
rcommand command 6-14
RCP
configuration files
downloading A-16
overview A-14
preparing the server A-15
uploading A-17
image files
deleting old image A-33
downloading A-32
preparing the server A-31
uploading A-33
reachability, tracking IP SLAs IP host 48-9
readiness check
port-based authentication
configuring 12-36
described 12-16, 12-36
reconfirmation interval, VMPS, changing 16-28
reconfirming dynamic VLAN membership 16-28
recovery procedures 53-1
redirect URL 12-18, 12-20, 12-59
redundancy
EtherChannel 40-3
HSRP 46-1
STP
backbone 21-8
path cost 16-23
port priority 16-21
redundant links and UplinkFast 23-13
reliable transport protocol, EIGRP 41-34
reloading software 4-21
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 30-2
REP
administrative VLAN 24-8
administrative VLAN, configuring 24-8
age timer 24-8
and STP 24-6
configuration guidelines 24-7
configuring interfaces 24-9
convergence 24-4
default configuration 24-7
manual preemption, configuring 24-13
monitoring 24-13
neighbor offset numbers 24-4
open segment 24-2
ports 24-6
preempt delay time 24-5
primary edge port 24-4
ring segment 24-2
secondary edge port 24-4
segments 24-1
characteristics 24-2
SNMP traps, configuring 24-13
supported interfaces 24-1
triggering VLAN load balancing 24-5
verifying link integrity 24-3
VLAN blocking 24-12
VLAN load balancing 24-4
report suppression, IGMP
described 28-6
disabling 28-15, 44-11
resequencing ACL entries 38-14
reserved addresses in DHCP pools 26-27
resets, in BGP 41-48
resetting a UDLD-shutdown interface 33-6
Resilient Ethernet Protocol
See REP
responder, IP SLAs
described 47-4
enabling 47-8
response time, measuring with IP SLAs 47-4
restricted VLAN
configuring 12-50
described 12-22
using with IEEE 802.1x 12-22
restricting access
overview 11-1
passwords and privilege levels 11-2
RADIUS 11-18
TACACS+ 11-10
retry count, VMPS, changing 16-29
reverse address resolution 41-8
Reverse Address Resolution Protocol
See RARP
RFC
1058, RIP 41-18
1112, IP multicast and IGMP 28-2
1157, SNMPv1 36-2
1163, BGP 41-41
1166, IP addresses 41-5
1253, OSPF 41-24
1267, BGP 41-41
1305, NTP 7-2
1587, NSSAs 41-24
1757, RMON 34-2
1771, BGP 41-41
1901, SNMPv2C 36-2
1902 to 1907, SNMPv2 36-2
2236, IP multicast and IGMP 28-2
2273-2275, SNMPv3 36-2
RFC 5176 Compliance 11-21
RIP
advertisements 41-18
authentication 41-21
configuring 41-20
default configuration 41-19
described 41-18
for IPv6 42-6
hop counts 41-19
split horizon 41-22
summary addresses 41-22
support for 1-12
RMON
default configuration 34-3
displaying status 34-6
enabling alarms and events 34-3
groups supported 34-2
overview 34-1
statistics
collecting group Ethernet 34-5
collecting group history 34-5
support for 1-14
root guard
described 23-8
enabling 23-15
support for 1-7
root switch
MSTP 22-17
STP 21-14
route calculation timers, OSPF 41-30
route dampening, BGP 41-60
routed packets, ACLs on 38-39
routed ports
configuring 41-3
defined 14-4
in switch clusters 6-8
IP addresses on 14-28, 41-4
route-map command 41-96
route maps
BGP 41-51
policy-based routing 41-94
router ACLs
defined 38-2
types of 38-4
route reflectors, BGP 41-59
router ID, OSPF 41-32
route selection, BGP 41-49
route summarization, OSPF 41-30
route targets, VPN 41-74
routing
default 41-2
dynamic 41-3
redistribution of information 41-90
static 41-3
routing domain confederation, BGP 41-58
Routing Information Protocol
See RIP
routing protocol administrative distances 41-89
RSPAN
characteristics 30-8
configuration guidelines 30-15
default configuration 30-9
defined 30-2
destination ports 30-7
displaying status 30-22
interaction with other features 30-8
monitored ports 30-5
monitoring ports 30-7
overview 1-14, 30-1
received traffic 30-4
sessions
creating 30-16
defined 30-3
limiting source traffic to specific VLANs 30-21
specifying monitored ports 30-16
with ingress traffic enabled 30-19
source ports 30-5
transmitted traffic 30-5
VLAN-based 30-6
RSTP
active topology 22-9
BPDU
format 22-12
processing 22-12
designated port, defined 22-9
designated switch, defined 22-9
interoperability with IEEE 802.1D
described 22-8
restarting migration process 22-25
topology changes 22-13
overview 22-8
port roles
described 22-9
synchronized 22-11
proposal-agreement handshake process 22-10
rapid convergence
described 22-9
edge ports and Port Fast 22-9
point-to-point links 22-10, 22-24
root ports 22-10
root port, defined 22-9
See also MSTP
running configuration
replacing A-18, A-19
rolling back A-18, A-19
running configuration, saving 4-15
S
SC (standby command switch) 6-10
scheduled reloads 4-21
scheduling, IP SLAs operations 47-5
SCP
and SSH 11-56
configuring 11-57
SDM
templates
configuring 10-4
number of 10-1
SDM template 45-3
configuration guidelines 10-3
configuring 10-3
dual IPv4 and IPv6 10-2
types of 10-1
secondary edge port, REP 24-4
secondary VLANs 19-2
Secure Copy Protocol
secure HTTP client
configuring 11-55
displaying 11-56
secure HTTP server
configuring 11-54
displaying 11-56
secure MAC addresses
deleting 29-16
maximum number of 29-10
types of 29-9
secure ports, configuring 29-8
secure remote connections 11-46
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 29-8
security features 1-8
See SCP
sequence numbers in log messages 35-8
server mode, VTP 17-3
service-provider network, MSTP and RSTP 22-1
service-provider networks
and customer VLANs 20-2
and IEEE 802.1Q tunneling 20-1
Layer 2 protocols across 20-8
Layer 2 protocol tunneling for EtherChannels 20-9
set-request operation 36-4
setting a secondary temperature threshold 3-7, 3-8
setting power supply alarm options 3-6
setting the FCS error hysteresis threshold 3-10
setup program
failed command switch replacement 53-6
replacing failed command switch 53-4
severity levels, defining in system messages 35-8
SFPs
monitoring status of 14-32, 53-9
security and identification 53-9
status, displaying 53-9
shaped round robin
See SRR
show access-lists hw-summary command 38-21
show alarm commands 3-13
show and more command output, filtering 2-10
show cdp traffic command 32-6
show cluster members command 6-14
show configuration command 14-27
show forward command 53-17
show interfaces command 14-21, 14-27
show interfaces switchport 25-4
show l2protocol command 20-13, 20-15
show lldp traffic command 31-10
show platform forward command 53-17
show running-config command
displaying ACLs 38-19, 38-20, 38-31, 38-34
interface description in 14-27
shutdown command on interfaces 14-33
shutdown threshold for Layer 2 protocol packets 20-11
Simple Network Management Protocol
See SNMP
small-frame arrival rate, configuring 29-5
Smartports macros
applying Cisco-default macros 15-3
applying global parameter values 15-3
configuration guidelines 15-2
default configuration 15-1
displaying 15-5
tracing 15-2
SNAP 32-1
SNMP
accessing MIB variables with 36-4
agent
described 36-4
disabling 36-7
and IP SLAs 47-2
authentication level 36-10
community strings
configuring 36-8
for cluster switches 36-4
overview 36-4
configuration examples 36-17
default configuration 36-6
engine ID 36-7
groups 36-7, 36-9
host 36-7
ifIndex values 36-5
in-band management 1-5
in clusters 6-14
informs
and trap keyword 36-11
described 36-5
differences from traps 36-5
disabling 36-15
enabling 36-15
limiting access by TFTP servers 36-16
limiting system log messages to NMS 35-10
manager functions 1-4, 36-3
managing clusters with 6-15
notifications 36-5
overview 36-1, 36-4
security levels 36-2
setting CPU threshold notification 36-15
status, displaying 36-18
system contact and location 36-16
trap manager, configuring 36-13
traps
described 36-3, 36-5
differences from informs 36-5
disabling 36-15
enabling 36-11
enabling MAC address notification 7-15, 7-17, 7-18
overview 36-1, 36-4
types of 36-12
users 36-7, 36-9
versions supported 36-2
SNMP and Syslog Over IPv6 42-8
SNMP traps
REP 24-13
SNMPv1 36-2
SNMPv2C 36-2
SNMPv3 36-2
snooping, IGMP 28-2
software images
location in flash A-22
recovery procedures 53-2
scheduling reloads 4-21
tar file format, described A-22
See also downloading and uploading
source addresses
in IPv4 ACLs 38-11
in IPv6 ACLs 45-5
source-and-destination-IP address based forwarding, EtherChannel 40-8
source-and-destination MAC address forwarding, EtherChannel 40-8
source-IP address based forwarding, EtherChannel 40-8
source-MAC address forwarding, EtherChannel 40-7
Source-specific multicast
See SSM
SPAN
configuration guidelines 30-10
default configuration 30-9
destination ports 30-7
displaying status 30-22
interaction with other features 30-8
monitored ports 30-5
monitoring ports 30-7
overview 1-14, 30-1
ports, restrictions 29-12
received traffic 30-4
sessions
configuring ingress forwarding 30-14, 30-20
creating 30-11
defined 30-3
limiting source traffic to specific VLANs 30-14
removing destination (monitoring) ports 30-12
specifying monitored ports 30-11
with ingress traffic enabled 30-13
source ports 30-5
transmitted traffic 30-5
VLAN-based 30-6
spanning tree and native VLANs 16-16
Spanning Tree Protocol
See STP
SPAN traffic 30-4
split horizon, RIP 41-22
SRR
configuring
shaped weights on egress queues 39-74
shared weights on egress queues 39-75
shared weights on ingress queues 39-68
described 39-14
shaped mode 39-14
shared mode 39-14
support for 1-12
SSH
configuring 11-47
cryptographic software image 11-45
described 1-5, 11-46
encryption methods 11-46
user authentication methods, supported 11-46
SSL
configuration guidelines 11-53
configuring a secure HTTP client 11-55
configuring a secure HTTP server 11-54
cryptographic software image 11-50
described 11-50
monitoring 11-56
SSM
address management restrictions 50-15
CGMP limitations 50-15
components 50-13
configuration guidelines 50-15
configuring 50-13, 50-16
differs from Internet standard multicast 50-13
IGMP snooping 50-15
IGMPv3 50-13
IGMPv3 Host Signalling 50-14
IP address range 50-14
monitoring 50-16
operations 50-14
PIM 50-13
state maintenance limitations 50-15
SSM mapping 50-16
configuration guidelines 50-16
configuring 50-16, 50-19
DNS-based 50-18, 50-19
monitoring 50-21
overview 50-17
restrictions 50-17
static 50-17, 50-19
static traffic forwarding 50-20
standby command switch
configuring
considerations 6-11
defined 6-2
priority 6-10
requirements 6-3
virtual IP address 6-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby ip command 46-6
standby links 25-2
standby router 46-1
standby timers, HSRP 46-11
startup configuration
booting
manually 4-18
specific image 4-19
clearing A-18
configuration file
automatically downloading 4-17
specifying the filename 4-17
default boot configuration 4-17
static access ports
assigning to VLAN 16-9
defined 14-3, 16-3
static addresses
See addresses
static IP routing 1-12
static MAC addressing 1-8
static route primary interface,configuring 48-10
static routes
configuring 41-88
configuring for IPv6 42-19
understanding 42-6
static routing 41-3
static routing support, enhanced object tracking 48-10
static SSM mapping 50-17, 50-19
static traffic forwarding 50-20
static VLAN membership 16-2
statistics
802.1X 13-17
802.1x 12-64
CDP 32-5
interface 14-32
IP multicast routing 50-61
LLDP 31-10
LLDP-MED 31-10
NMSP 31-10
OSPF 41-32
QoS ingress and egress 39-78
RMON group Ethernet 34-5
RMON group history 34-5
SNMP input and output 36-18
VTP 17-16
sticky learning 29-9
storm control
configuring 29-3
described 29-1
disabling 29-5
displaying 29-21
support for 1-3
thresholds 29-1
STP
accelerating root port selection 23-4
and REP 24-6
BackboneFast
described 23-5
disabling 23-14
enabling 23-13
BPDU filtering
described 23-3
disabling 23-12
enabling 23-12
BPDU guard
described 23-2
disabling 23-12
enabling 23-11
BPDU message exchange 21-3
configuration guidelines 21-12, 23-10
configuring
forward-delay time 21-21
hello time 21-20
maximum aging time 21-21
path cost 21-18
port priority 21-17
root switch 21-14
secondary root switch 21-16
spanning-tree mode 21-13
switch priority 21-19
transmit hold-count 21-22
counters, clearing 21-22
default configuration 21-11
default optional feature configuration 23-9
designated port, defined 21-3
designated switch, defined 21-3
detecting indirect link failures 23-5
disabling 21-14
displaying status 21-22
EtherChannel guard
described 23-7
disabling 23-14
enabling 23-14
extended system ID
effects on root switch 21-14
effects on the secondary root switch 21-16
overview 21-4
unexpected behavior 21-15
features supported 1-6
IEEE 802.1D and bridge ID 21-4
IEEE 802.1D and multicast addresses 21-8
IEEE 802.1t and VLAN identifier 21-4
inferior BPDU 21-3
instances supported 21-9
interface state, blocking to forwarding 23-2
interface states
blocking 21-5
disabled 21-7
forwarding 21-5, 21-6
learning 21-6
listening 21-6
overview 21-4
interoperability and compatibility among modes 21-10
Layer 2 protocol tunneling 20-7
limitations with IEEE 802.1Q trunks 21-10
load sharing
overview 16-21
using path costs 16-23
using port priorities 16-21
loop guard
described 23-9
enabling 23-15
modes supported 21-9
multicast addresses, effect of 21-8
optional features supported 1-7
overview 21-2
path costs 16-23
Port Fast
described 23-2
enabling 23-10
port priorities 16-22
preventing root switch selection 23-8
protocols supported 21-9
redundant connectivity 21-8
root guard
described 23-8
enabling 23-15
root port, defined 21-3
root switch
configuring 21-15
effects of extended system ID 21-4, 21-14
election 21-3
unexpected behavior 21-15
shutdown Port Fast-enabled port 23-2
status, displaying 21-22
superior BPDU 21-3
timers, described 21-20
UplinkFast
described 23-3
enabling 23-13
VLAN-bridge 21-10
stratum, NTP 7-2
stub areas, OSPF 41-28
stub routing, EIGRP 41-39
subdomains, private VLAN 19-1
subnet mask 41-5
subnet zero 41-6
success response, VMPS 16-25
summer time 7-6
SunNet Manager 1-4
supernet 41-6
supported port-based authentication methods 12-7
SVI autostate exclude
configuring 14-29
defined 14-5
SVI link state 14-5
SVIs
and IP unicast routing 41-3
and router ACLs 38-4
connecting VLANs 14-11
defined 14-4
routing between VLANs 16-2
switch 42-2
switch clustering technology 6-1
See also clusters, switch
switch console port 1-5
Switch Database Management
See SDM
switched packets, ACLs on 38-38
Switched Port Analyzer
See SPAN
switched ports 14-2
switchport backup interface 25-4, 25-5
switchport block multicast command 29-8
switchport block unicast command 29-8
switchport command 14-17
switchport mode dot1q-tunnel command 20-6
switchport protected command 29-7
switch priority
MSTP 22-21
STP 21-19
switch software features 1-1
switch virtual interface
See SVI
synchronization, BGP 41-45
syslog
See system message logging
system capabilities TLV 31-1
system clock
configuring
daylight saving time 7-6
manually 7-4
summer time 7-6
time zones 7-5
displaying the time and date 7-5
overview 7-1
See also NTP
system description TLV 31-1
system message logging
default configuration 35-3
defining error message severity levels 35-8
disabling 35-4
displaying the configuration 35-13
enabling 35-4
facility keywords, described 35-13
level keywords, described 35-9
limiting messages 35-10
message format 35-2
overview 35-1
sequence numbers, enabling and disabling 35-8
setting the display destination device 35-5
synchronizing log messages 35-6
syslog facility 1-14
time stamps, enabling and disabling 35-7
UNIX syslog servers
configuring the daemon 35-12
configuring the logging facility 35-12
facilities supported 35-13
system MTU
and IS-IS LSPs 41-66
system MTU and IEEE 802.1Q tunneling 20-5
system name
default configuration 7-8
default setting 7-8
manual configuration 7-8
See also DNS
system name TLV 31-1
system prompt, default setting 7-7, 7-8
system resources, optimizing 10-1
system routing
IS-IS 41-62
ISO IGRP 41-62
T
TACACS+
accounting, defined 11-11
authentication, defined 11-11
authorization, defined 11-11
configuring
accounting 11-17
authentication key 11-13
authorization 11-16
login authentication 11-14
default configuration 11-13
displaying the configuration 11-18
identifying the server 11-13
in clusters 6-14
limiting the services to the user 11-16
operation of 11-12
overview 11-10
support for 1-10
tracking services accessed by user 11-17
tagged packets
IEEE 802.1Q 20-3
Layer 2 protocol 20-7
tar files
creating A-6
displaying the contents of A-6
extracting A-7
image file format A-22
TCL script, registering and defining with embedded event manager 37-6
TDR 1-14
Telnet
accessing management interfaces 2-10
number of connections 1-5
setting a password 11-6
temperature alarms, configuring 3-7, 3-8
temporary self-signed certificate 11-51
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 11-6
TFTP
configuration files
downloading A-10
preparing the server A-10
uploading A-11
configuration files in base directory 4-7
configuring for autoconfiguration 4-7
image files
deleting A-25
downloading A-24
preparing the server A-24
uploading A-26
limiting access by servers 36-16
TFTP server 1-4
threshold, traffic level 29-2
threshold monitoring, IP SLAs 47-6
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 38-16
time ranges in ACLs 38-16
time stamps in log messages 35-7
time zones 7-5
TLVs
defined 31-1
LLDP 31-1
LLDP-MED 31-2
Token Ring VLANs
support for 16-6
VTP support 17-4
ToS 1-11
traceroute, Layer 2
and ARP 53-12
and CDP 53-11
broadcast traffic 53-11
described 53-11
IP addresses and subnets 53-12
MAC addresses and VLANs 53-12
multicast traffic 53-12
multiple devices on a port 53-12
unicast traffic 53-11
usage guidelines 53-11
traceroute command 53-13
See also IP traceroute
tracked lists
configuring 48-3
types 48-3
tracked objects
by Boolean expression 48-4
by threshold percentage 48-6
by threshold weight 48-5
tracking interface line-protocol state 48-2
tracking IP routing state 48-2
tracking objects 48-1
tracking process 48-1
track state, tracking IP SLAs 48-9
traffic
blocking flooded 29-8
fragmented 38-5
fragmented IPv6 45-2
unfragmented 38-5
traffic policing 1-11
traffic suppression 29-1
transmit hold-count
see STP
transparent mode, VTP 17-3
trap-door mechanism 4-2
traps
configuring MAC address notification 7-15, 7-17, 7-18
configuring managers 36-11
defined 36-3
enabling 7-15, 7-17, 7-18, 36-11
notification types 36-12
overview 36-1, 36-4
triggering alarm options
configurable relay 3-3
methods 3-3
SNMP traps 3-4
syslog messages 3-4
troubleshooting
connectivity problems 53-9, 53-11, 53-12
CPU utilization 53-20
detecting unidirectional links 33-1
displaying crash information 53-19
PIMv1 and PIMv2 interoperability problems 50-34
setting packet forwarding 53-17
SFP security and identification 53-9
show forward command 53-17
with CiscoWorks 36-4
with debug commands 53-15
with ping 53-10
with system message logging 35-1
with traceroute 53-13
trunk failover
See link-state tracking
trunking encapsulation 1-7
trunk ports
configuring 16-17
defined 14-3, 16-3
trunks
allowed-VLAN list 16-18
load sharing
setting STP path costs 16-23
using STP port priorities 16-21, 16-22
native VLAN for untagged traffic 16-20
parallel 16-23
pruning-eligible list 16-19
to non-DTP device 16-15
trusted boundary for QoS 39-38
trusted port states
between QoS domains 39-40
classification options 39-5
ensuring port security for IP phones 39-38
support for 1-11
within a QoS domain 39-36
trustpoints, CA 11-50
tunneling
defined 20-1
IEEE 802.1Q 20-1
Layer 2 protocol 20-8
tunnel ports
defined 16-4
described 14-3, 20-1
IEEE 802.1Q, configuring 20-6
incompatibilities with other features 20-5
twisted-pair Ethernet, detecting unidirectional links 33-1
type of service
See ToS
U
UDLD
configuration guidelines 33-4
default configuration 33-4
disabling
globally 33-5
on fiber-optic interfaces 33-5
per interface 33-5
echoing detection mechanism 33-2
enabling
globally 33-5
per interface 33-5
Layer 2 protocol tunneling 20-10
link-detection mechanism 33-1
neighbor database 33-2
overview 33-1
resetting an interface 33-6
status, displaying 33-6
support for 1-6
UDP, configuring 41-14
UDP jitter, configuring 47-9
UDP jitter operation, IP SLAs 47-9
unauthorized ports with IEEE 802.1x 12-10
unicast MAC address filtering 1-5
and adding static addresses 7-21
and broadcast MAC addresses 7-20
and CPU packets 7-20
and multicast addresses 7-20
and router MAC addresses 7-20
configuration guidelines 7-20
described 7-20
unicast storm 29-1
unicast storm control command 29-4
unicast traffic, blocking 29-8
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 35-12
facilities supported 35-13
message logging configuration 35-12
unrecognized Type-Length-Value (TLV) support 17-4
upgrading software images
See downloading
UplinkFast
described 23-3
disabling 23-13
enabling 23-13
uploading
configuration files
preparing A-10, A-12, A-15
reasons for A-8
using FTP A-14
using RCP A-17
using TFTP A-11
image files
preparing A-24, A-27, A-31
reasons for A-22
using FTP A-29
using RCP A-33
using TFTP A-26
User Datagram Protocol
See UDP
user EXEC mode 2-2
username-based authentication 11-7
V
version-dependent transparent mode 17-4
virtual IP address
cluster standby group 6-11
command switch 6-11
Virtual Private Network
See VPN
virtual router 46-1, 46-2
virtual switches and PAgP 40-5
vlan.dat file 16-5
VLAN 1, disabling on a trunk port 16-19
VLAN 1 minimization 16-18
VLAN ACLs
See VLAN maps
vlan-assignment response, VMPS 16-25
VLAN blocking, REP 24-12
VLAN configuration
at bootup 16-7
saving 16-7
VLAN configuration mode 2-2
VLAN database
and startup configuration file 16-7
and VTP 17-1
VLAN configuration saved in 16-7
VLANs saved in 16-4
vlan dot1q tag native command 20-4
VLAN filtering and SPAN 30-6
vlan global configuration command 16-7
VLAN ID, discovering 7-23
VLAN link state 14-5
VLAN load balancing
REP 24-4
VLAN load balancing, triggering 24-5
VLAN load balancing on flex links 25-2
configuration guidelines 25-8
VLAN management domain 17-2
VLAN Management Policy Server
See VMPS
VLAN map entries, order of 38-30
VLAN maps
applying 38-34
common uses for 38-34
configuration guidelines 38-30
configuring 38-29
creating 38-31
defined 38-2
denying access to a server example 38-35
denying and permitting packets 38-31
displaying 38-41
examples of ACLs and VLAN maps 38-32
removing 38-34
support for 1-8
wiring closet configuration example 38-35
VLAN membership
confirming 16-28
modes 16-3
VLAN Query Protocol
See VQP
VLANs
adding 16-8
adding to VLAN database 16-8
aging dynamic addresses 21-9
allowed on trunk 16-18
and spanning-tree instances 16-3, 16-6, 16-11
configuration guidelines, extended-range VLANs 16-11
configuration guidelines, normal-range VLANs 16-6
configuring 16-1
configuring IDs 1006 to 4094 16-11
connecting through SVIs 14-11
creating 16-8
customer numbering in service-provider networks 20-3
default configuration 16-7
deleting 16-9
described 14-2, 16-1
displaying 16-14
extended-range 16-1, 16-10
features 1-7
illustrated 16-2
internal 16-11
limiting source traffic with RSPAN 30-21
limiting source traffic with SPAN 30-14
modifying 16-8
multicast 28-17
native, configuring 16-20
normal-range 16-1, 16-4
number supported 1-7
parameters 16-5
port membership modes 16-3
static-access ports 16-9
STP and IEEE 802.1Q trunks 21-10
supported 16-2
Token Ring 16-6
traffic between 16-2
VLAN-bridge STP 21-10, 52-2
VTP modes 17-3
VLAN Trunking Protocol
See VTP
VLAN trunks 16-14
VMPS
administering 16-29
configuration example 16-30
configuration guidelines 16-26
default configuration 16-26
description 16-24
dynamic port membership
described 16-25
reconfirming 16-28
troubleshooting 16-30
entering server address 16-27
mapping MAC addresses to VLANs 16-24
monitoring 16-29
reconfirmation interval, changing 16-28
reconfirming membership 16-28
retry count, changing 16-29
voice aware 802.1x security
port-based authentication
configuring 12-37
described 12-29, 12-37
voice-over-IP 18-1
voice VLAN
Cisco 7960 phone, port connections 18-1
configuration guidelines 18-3
configuring IP phones for data traffic
override CoS of incoming frame 18-6
trust CoS priority of incoming frame 18-6
configuring ports for voice traffic in
802.1p priority tagged frames 18-5
802.1Q frames 18-4
connecting to an IP phone 18-4
default configuration 18-3
described 18-1
displaying 18-6
IP phone data traffic, described 18-2
IP phone voice traffic, described 18-2
VPN
configuring routing in 41-81
forwarding 41-74
in service provider networks 41-71
routes 41-72
VPN routing and forwarding table
See VRF
VQP 1-7, 16-24
VRF
defining 41-74
tables 41-71
VRF-aware services
ARP 41-78
configuring 41-77
ftp 41-80
HSRP 41-79
ping 41-78
SNMP 41-78
syslog 41-79
tftp 41-80
traceroute 41-80
VTP
adding a client to a domain 17-15
advertisements 16-16, 17-3
and extended-range VLANs 16-3, 17-1
and normal-range VLANs 16-2, 17-1
client mode, configuring 17-11
configuration
guidelines 17-8
requirements 17-10
saving 17-8
configuration requirements 17-10
configuration revision number
guideline 17-15
resetting 17-16
consistency checks 17-4
default configuration 17-7
described 17-1
domain names 17-8
domains 17-2
Layer 2 protocol tunneling 20-7
modes
client 17-3
off 17-3
server 17-3
transitions 17-3
transparent 17-3
monitoring 17-16
passwords 17-8
pruning
disabling 17-14
enabling 17-14
examples 17-6
overview 17-5
support for 1-7
pruning-eligible list, changing 16-19
server mode, configuring 17-10, 17-13
statistics 17-16
support for 1-7
Token Ring support 17-4
transparent mode, configuring 17-10
using 17-1
Version
enabling 17-13
version, guidelines 17-9
Version 1 17-4
Version 2
configuration guidelines 17-9
overview 17-4
Version 3
overview 17-4
W
WCCP
authentication 49-3
configuration guidelines 49-5
default configuration 49-5
described 49-1
displaying 49-9
dynamic service groups 49-3
enabling 49-6
features unsupported 49-4
forwarding method 49-3
Layer-2 header rewrite 49-3
MD5 security 49-3
message exchange 49-2
monitoring and maintaining 49-9
negotiation 49-3
packet redirection 49-3
packet-return method 49-3
redirecting traffic received from a client 49-6
setting the password 49-6
unsupported WCCPv2 features 49-4
web authentication 12-16
configuring 13-16 to ??
described 1-8
web-based authentication
customizeable web pages 13-6
description 13-1
web-based authentication, interactions with other features 13-7
Web Cache Communication Protocol
See WCCP
weighted tail drop
See WTD
weight thresholds in tracked lists 48-5
wired location service
configuring 31-8
displaying 31-10
location TLV 31-2
understanding 31-3
WTD
described 39-13
setting thresholds
egress queue-sets 39-71
ingress queues 39-67
support for 1-12
X
Xmodem protocol 53-2