Index
A
AAA down policy, NAC Layer 2 IP validation
1-10
abbreviating commands
2-4
ABRs
41-24
AC (command switch)
6-10
access-class command
38-20
access control entries
See ACEs
access control entry (ACE)
44-3
access-denied response, VMPS
17-25
access groups
applying IPv4 ACLs to interfaces
38-21
Layer 2
38-21
Layer 3
38-21
accessing
clusters, switch
6-13
command switches
6-11
member switches
6-13
switch clusters
6-13
access lists
See ACLs
access ports
and Layer 2 protocol tunneling
21-10
defined
15-3
in switch clusters
6-9
accounting
with 802.1x
12-48
with IEEE 802.1x
12-14
with RADIUS
11-35
with TACACS+
11-11, 11-17
ACEs
and QoS
39-7
defined
38-2
Ethernet
38-2
IP
38-2
ACLs
ACEs
38-2
any keyword
38-13
applying
on bridged packets
38-40
on multicast packets
38-42
on routed packets
38-41
on switched packets
38-40
time ranges to
38-17
to an interface
38-20, 44-7
to IPv6 interfaces
44-7
to QoS
39-7
classifying traffic for QoS
39-43
comments in
38-19
compiling
38-23
defined
38-1, 38-7
examples of
38-23, 39-43
extended IP, configuring for QoS classification
39-44
extended IPv4
creating
38-10
matching criteria
38-7
hardware and software handling
38-22
host keyword
38-13
IP
creating
38-7
fragments and QoS guidelines
39-33
implicit deny
38-10, 38-15, 38-17
implicit masks
38-10
matching criteria
38-7
undefined
38-22
IPv4
applying to interfaces
38-20
creating
38-7
matching criteria
38-7
named
38-15
numbers
38-8
terminal lines, setting on
38-20
unsupported features
38-7
IPv6
applying to interfaces
44-7
configuring
44-3, 44-4
displaying
44-8
interactions with other features
44-4
limitations
44-2, 44-3
matching criteria
44-3
named
44-2
precedence of
44-2
supported
44-2
unsupported features
44-3
Layer 4 information in
38-39
logging messages
38-9
MAC extended
38-28, 39-45
matching
38-7, 38-21, 44-3
monitoring
38-43, 44-8
named, IPv4
38-15
named, IPv6
44-2
names
44-4
number per QoS class map
39-33
port
38-2, 44-1
precedence of
38-2
QoS
39-7, 39-43
resequencing entries
38-15
router
38-2, 44-1
router ACLs and VLAN map configuration guidelines
38-39
standard IP, configuring for QoS classification
39-43
standard IPv4
creating
38-9
matching criteria
38-7
support for
1-8
support in hardware
38-22
time ranges
38-17
types supported
38-2
unsupported features, IPv4
38-7
unsupported features, IPv6
44-3
using router ACLs with VLAN maps
38-38
VLAN maps
configuration guidelines
38-32
configuring
38-31
active link
26-4, 26-5, 26-6
active links
26-2
active router
46-1
active traffic monitoring, IP SLAs
47-1
addresses
displaying the MAC address table
7-23
dynamic
accelerated aging
22-8
changing the aging time
7-14
default aging
22-8
defined
7-12
learning
7-13
removing
7-15
IPv6
42-2
MAC, discovering
7-23
multicast
STP address management
22-8
static
adding and removing
7-19
defined
7-12
address resolution
7-23, 41-8
Address Resolution Protocol
See ARP
adjacency tables, with CEF
41-87
administrative distances
defined
41-99
OSPF
41-30
routing protocol defaults
41-89
administrative VLAN
REP, configuring
25-8
administrative VLAN, REP
25-8
advertisements
CDP
32-1
LLDP
31-1, 31-2
RIP
41-18
VTP
17-16, 18-3
age timer, REP
25-8
aggregatable global unicast addresses
42-3
aggregate addresses, BGP
41-57
aggregated ports
See EtherChannel
aggregate policers
39-58
aggregate policing
1-11
aging, accelerating
22-8
aging time
accelerated
for MSTP
23-23
for STP
22-8, 22-21
MAC address table
7-14
maximum
for MSTP
23-23, 23-24
for STP
22-21, 22-22
alarm profiles
configuring
3-12
creating or modifying
3-11
alarms
displaying
3-13
power supply
3-2
temperature
3-2
alarms, RMON
34-3
allowed-VLAN list
17-18
application engines, redirecting traffic to
49-1
area border routers
See ABRs
area routing
IS-IS
41-62
ISO IGRP
41-62
ARP
configuring
41-9
defined
1-5, 7-23, 41-8
encapsulation
41-10
static cache configuration
41-9
table
address resolution
7-23
managing
7-23
ASBRs
41-24
AS-path filters, BGP
41-52
associating the temperature alarms to a relay
3-9
asymmetrical links, and IEEE 802.1Q tunneling
21-4
attaching an alarm profile to a port
3-12
attributes, RADIUS
vendor-proprietary
11-38
vendor-specific
11-36
attribute-value pairs
12-12, 12-15, 12-20
authentication
EIGRP
41-38
HSRP
46-10
local mode with AAA
11-44
open1x
12-29
RADIUS
key
11-28
login
11-30
TACACS+
defined
11-11
key
11-13
login
11-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches
12-8
authentication failed VLAN
See restricted VLAN
authentication keys, and routing protocols
41-99
authentication manager
CLI commands
12-9
compatibility with older 802.1x CLI commands
12-9 to ??
overview
12-7
authoritative time source, described
7-2
authorization
with RADIUS
11-34
with TACACS+
11-11, 11-16
authorized ports with IEEE 802.1x
12-10
autoconfiguration
4-3
auto enablement
12-30
automatic discovery
considerations
beyond a noncandidate device
6-7
brand new switches
6-9
connectivity
6-4
different VLANs
6-6
management VLANs
6-7
non-CDP-capable devices
6-6
noncluster-capable devices
6-6
routed ports
6-8
in switch clusters
6-4
See also CDP
automatic QoS
See QoS
automatic recovery, clusters
6-10
See also HSRP
auto-MDIX
configuring
15-19
described
15-19
autonegotiation
duplex mode
1-2
interface configuration guidelines
15-16
mismatches
36-8
autonomous system boundary routers
See ASBRs
autonomous systems, in BGP
41-45
autosensing, port speed
1-2
Auto Smartports macros
displaying
16-5
autostate exclude
15-6
auxiliary VLAN
See voice VLAN
availability, features
1-6
B
BackboneFast
described
24-5
disabling
24-14
enabling
24-13
backup interfaces
See Flex Links
backup links
26-2
backup static routing, configuring
48-11
banners
configuring
login
7-12
message-of-the-day login
7-11
default configuration
7-10
when displayed
7-10
Berkeley r-tools replacement
11-56
BGP
aggregate addresses
41-57
aggregate routes, configuring
41-57
CIDR
41-57
clear commands
41-61
community filtering
41-54
configuring neighbors
41-55
default configuration
41-43
described
41-42
enabling
41-45
monitoring
41-61
multipath support
41-49
neighbors, types of
41-45
path selection
41-49
peers, configuring
41-55
prefix filtering
41-53
resetting sessions
41-48
route dampening
41-60
route maps
41-51
route reflectors
41-59
routing domain confederation
41-58
routing session with multi-VRF CE
41-81
show commands
41-61
supernets
41-57
support for
1-12
Version 4
41-42
binding cluster group and HSRP group
46-12
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server
27-7
DHCP snooping database
27-7
IP source guard
27-16
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets
29-7
Boolean expressions in tracked lists
48-4
booting
boot loader, function of
4-2
boot process
4-2
manually
4-18
specific image
4-19
boot loader
accessing
4-19
described
4-2
environment variables
4-19
prompt
4-19
trap-door mechanism
4-2
Border Gateway Protocol
See BGP
BPDU
error-disabled state
24-2
filtering
24-3
RSTP format
23-12
BPDU filtering
described
24-3
disabling
24-12
enabling
24-12
support for
1-7
BPDU guard
described
24-2
disabling
24-12
enabling
24-11
support for
1-7
bridged packets, ACLs on
38-40
bridge groups
See fallback bridging
bridge protocol data unit
See BPDU
broadcast flooding
41-16
broadcast packets
directed
41-13
flooded
41-13
broadcast storm-control command
29-4
broadcast storms
29-1, 41-13
C
cables, monitoring for unidirectional links
33-1
candidate switch
automatic discovery
6-4
defined
6-3
requirements
6-3
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility
12-8
CA trustpoint
configuring
11-53
defined
11-50
CDP
and trusted boundary
39-39
automatic discovery in switch clusters
6-4
configuring
32-2
default configuration
32-2
defined with LLDP
31-1
described
32-1
disabling for routing device
32-4
enabling and disabling
on an interface
32-4
on a switch
32-4
Layer 2 protocol tunneling
21-7
monitoring
32-5
overview
32-1
support for
1-5
transmission timer and holdtime, setting
32-3
updates
32-3
CEF
defined
41-86
enabling
41-87
IPv6
42-18
CGMP
switch support of
1-3
CIDR
41-57
CipherSuites
11-52
Cisco 7960 IP Phone
19-1
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
See IFS
Cisco IOS IP SLAs
47-1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs
12-20
attribute-value pairs for redirect URL
12-20
Cisco Secure ACS configuration guide
12-59
Cisco TrustSec
configuring
14-9
connection caching
14-8
Cisco TrustSec caching
clearing
14-9
enabling
14-8
CiscoWorks 2000
1-4, 36-4
CISP
12-30
CIST regional root
See MSTP
CIST root
See MSTP
civic location
31-3
classless interdomain routing
See CIDR
classless routing
41-6
class maps for QoS
configuring
39-46
described
39-7
displaying
39-78
class of service
See CoS
clearing interfaces
15-26
CLI
abbreviating commands
2-4
command modes
2-1
configuration logging
2-5
described
1-4
editing features
enabling and disabling
2-7
keystroke editing
2-8
wrapped lines
2-9
error messages
2-5
filtering command output
2-10
getting help
2-3
history
changing the buffer size
2-6
described
2-6
disabling
2-7
recalling commands
2-6
managing clusters
6-14
no and default forms of commands
2-4
Client Information Signalling Protocol
See CISP
client mode, VTP
18-3
client processes, tracking
48-1
CLNS
See ISO CLNS
clock
See system clock
clusters, switch
accessing
6-13
automatic discovery
6-4
automatic recovery
6-10
benefits
1-2
compatibility
6-4
described
6-1
LRE profile considerations
6-14
managing
through CLI
6-14
through SNMP
6-15
planning
6-4
planning considerations
automatic discovery
6-4
automatic recovery
6-10
CLI
6-14
host names
6-13
IP addresses
6-13
LRE profiles
6-14
passwords
6-13
RADIUS
6-14
SNMP
6-14, 6-15
TACACS+
6-14
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
and HSRP group
46-12
automatic recovery
6-12
considerations
6-11
defined
6-2
requirements
6-3
virtual IP address
6-11
See also HSRP
CNS
1-4
Configuration Engine
configID, deviceID, hostname
5-3
configuration service
5-2
described
5-1
event service
5-3
embedded agents
described
5-5
enabling automated configuration
5-6
enabling configuration agent
5-9
enabling event agent
5-7
management functions
1-4
CoA Request Commands
11-24
command-line interface
See CLI
command modes
2-1
commands
abbreviating
2-4
no and default
2-4
commands, setting privilege levels
11-8
command switch
accessing
6-11
active (AC)
6-10
configuration conflicts
36-7
defined
6-1
passive (PC)
6-10
password privilege levels
6-15
priority
6-10
recovery
from command-switch failure
6-10, 36-4
from lost member connectivity
36-7
redundant
6-10
replacing
with another switch
36-6
with cluster member
36-4
requirements
6-3
standby (SC)
6-10
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP
41-54
community ports
20-2
community strings
configuring
6-14, 36-9
for cluster switches
36-4
in clusters
6-14
overview
36-4
SNMP
6-14
community VLANs
20-2, 20-3
compatibility, feature
29-12
config.text
4-17
configuration, initial
defaults
1-14
Express Setup
1-2
configuration changes, logging
35-10
configuration conflicts, recovering from lost member connectivity
36-7
configuration examples, network
1-17
configuration files
archiving
A-18
clearing the startup configuration
A-18
creating using a text editor
A-9
default name
4-17
deleting a stored configuration
A-18
described
A-8
downloading
automatically
4-17
preparing
A-10, A-12, A-15
reasons for
A-8
using FTP
A-13
using RCP
A-16
using TFTP
A-10
guidelines for creating and using
A-8
guidelines for replacing and rolling back
A-19
invalid combinations when copying
A-5
limiting TFTP server access
36-18
obtaining with DHCP
4-9
password recovery disable considerations
11-5
replacing a running configuration
A-18, A-19
rolling back a running configuration
A-18, A-19
specifying the filename
4-17
system contact and location information
36-18
types and location
A-9
uploading
preparing
A-10, A-12, A-15
reasons for
A-8
using FTP
A-14
using RCP
A-17
using TFTP
A-11
configuration guidelines
REP
25-7
configuration guidelines, multi-VRF CE
41-74
configuration logger
35-10
configuration logging
2-5
configuration replacement
A-18
configuration rollback
A-18
configuration settings, saving
4-15
configure terminal command
15-9
configuring 802.1x user distribution
12-55
configuring port-based authentication violation modes
12-38 to 12-39
configuring small-frame arrival rate
29-5
config-vlan mode
2-2
conflicts, configuration
36-7
connections, secure remote
11-46
connectivity problems
36-9, 36-11, 36-12
consistency checks in VTP Version 2
18-4
console port, connecting to
2-10
content-routing technology
See WCCP
control protocol, IP SLAs
47-4
convergence
REP
25-4
corrupted software, recovery steps with Xmodem
36-2
CoS
override priority
19-6
trust priority
19-6
CoS input queue threshold map for QoS
39-16
CoS output queue threshold map for QoS
39-18
CoS-to-DSCP map for QoS
39-61
counters, clearing interface
15-26
CPU utilization, troubleshooting
36-20
crashinfo file
36-19
critical authentication, IEEE 802.1x
12-51
critical VLAN
12-23
cryptographic software image
Kerberos
11-40
SSH
11-45
SSL
11-50
CTS
configuring
14-9
customer edge devices
41-72
customjzeable web pages, web-based authentication
13-6
D
DACL
See downloadable ACL
daylight saving time
7-6
debugging
enabling all system diagnostics
36-16
enabling for a specific feature
36-16
redirecting error message output
36-16
using commands
36-15
default commands
2-4
default configuration
802.1x
12-33
auto-QoS
39-20
banners
7-10
BGP
41-43
booting
4-17
CDP
32-2
DHCP
27-9
DHCP option 82
27-9
DHCP snooping
27-9
DHCP snooping binding database
27-9
DNS
7-9
dynamic ARP inspection
28-5
EIGRP
41-34
EtherChannel
40-10
Ethernet interfaces
15-13
fallback bridging
50-3
Flex Links
26-8
HSRP
46-5
IEEE 802.1Q tunneling
21-4
IGMP snooping
45-5, 45-6
initial switch information
4-3
IP addressing, IP routing
41-4
IP SLAs
47-6
IP source guard
27-18
IPv6
42-10
IS-IS
41-63
Layer 2 interfaces
15-13
Layer 2 protocol tunneling
21-11
LLDP
31-4
MAC address table
7-14
MAC address-table move update
26-8
MSTP
23-14
multi-VRF CE
41-74
optional spanning-tree configuration
24-9
OSPF
41-25
password and privilege level
11-2
private VLANs
20-6
PROFINET
9-4
PTP
8-2
RADIUS
11-27
REP
25-7
RIP
41-19
RMON
34-3
RSPAN
30-9
SDM template
10-3
SNMP
36-8
SPAN
30-9
SSL
11-52
standard QoS
39-30
STP
22-11
system message logging
35-3
system name and prompt
7-8
TACACS+
11-13
UDLD
33-4
VLAN, Layer 2 Ethernet interfaces
17-16
VLANs
17-7
VMPS
17-26
voice VLAN
19-3
VTP
18-7
WCCP
49-5
default gateway
4-15, 41-11
default networks
41-90
default router preference
See DRP
default routes
41-89
default routing
41-2
default web-based authentication configuration
802.1X
13-9
deleting VLANs
17-9
denial-of-service attack
29-1
description command
15-20
designing your network, examples
1-17
destination addresses
in IPv4 ACLs
38-12
in IPv6 ACLs
44-5
destination-IP address-based forwarding, EtherChannel
40-8
destination-MAC address forwarding, EtherChannel
40-8
detecting indirect link failures, STP
24-5
device
A-22
device discovery protocol
31-1, 32-1
device manager
benefits
1-2
described
1-2, 1-4
in-band management
1-5
upgrading a switch
A-22
DHCP
Cisco IOS server database
configuring
27-14
default configuration
27-9
described
27-7
DHCP for IPv6
See DHCPv6
enabling
relay agent
27-11
DHCP-based autoconfiguration
client request message exchange
4-4
configuring
client side
4-4
DNS
4-8
relay device
4-8
server side
4-6
TFTP server
4-7
example
4-9
lease options
for IP address information
4-6
for receiving the configuration file
4-7
overview
4-3
relationship to BOOTP
4-4
relay support
1-4, 1-13
support for
1-4
DHCP-based autoconfiguration and image update
configuring
4-11 to 4-14
understanding
4-5 to 4-6
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP object tracking, configuring primary interface
48-10
DHCP option 82
circuit ID suboption
27-5
configuration guidelines
27-9
default configuration
27-9
displaying
27-16
forwarding address, specifying
27-11
helper address
27-11
overview
27-4
packet format, suboption
circuit ID
27-5
remote ID
27-5
remote ID suboption
27-5
DHCP server port-based address allocation
configuration guidelines
27-27
default configuration
27-27
described
27-26
displaying
27-30
enabling
27-27
reserved addresses
27-28
DHCP server port-based address assignment
support for
1-5
DHCP snooping
accepting untrusted packets form edge switch
27-3, 27-13
and private VLANs
27-14
binding database
See DHCP snooping binding database
configuration guidelines
27-9
default configuration
27-9
displaying binding tables
27-16
message exchange process
27-4
option 82 data insertion
27-4
trusted interface
27-2
untrusted interface
27-2
untrusted messages
27-2
DHCP snooping binding database
adding bindings
27-15
binding file
format
27-8
location
27-7
bindings
27-7
clearing agent statistics
27-15
configuration guidelines
27-10
configuring
27-15
default configuration
27-9
deleting
binding file
27-15
bindings
27-15
database agent
27-15
described
27-7
displaying
27-16
binding entries
27-16
status and statistics
27-16
enabling
27-15
entry
27-7
renewing database
27-15
resetting
delay value
27-15
timeout value
27-15
DHCP snooping binding table
See DHCP snooping binding database
DHCPv6
configuration guidelines
42-15
default configuration
42-15
described
42-6
enabling client function
42-17
enabling DHCPv6 server function
42-15
support for
1-13
Differentiated Services architecture, QoS
39-2
Differentiated Services Code Point
39-2
Diffusing Update Algorithm (DUAL)
41-33
directed unicast requests
1-5
directories
changing
A-4
creating and removing
A-4
displaying the working
A-4
discovery, clusters
See automatic discovery
displaying switch alarms
3-13
Distance Vector Multicast Routing Protocol
See DVMRP
distance-vector protocols
41-3
distribute-list command
41-98
DNS
and DHCP-based autoconfiguration
4-8
default configuration
7-9
displaying the configuration
7-10
in IPv6
42-3
overview
7-8
setting up
7-9
support for
1-4
domain names
DNS
7-8
VTP
18-8
Domain Name System
See DNS
domains, ISO IGRP routing
41-62
dot1q-tunnel switchport mode
17-15
double-tagged packets
IEEE 802.1Q tunneling
21-2
Layer 2 protocol tunneling
21-10
downloadable ACL
12-18, 12-20, 12-59
downloading
configuration files
preparing
A-10, A-12, A-15
reasons for
A-8
using FTP
A-13
using RCP
A-16
using TFTP
A-10
image files
deleting old image
A-25
preparing
A-24, A-27, A-31
reasons for
A-22
using FTP
A-28
using HTTP
A-22
using RCP
A-32
using TFTP
A-24
using the device manager or Network Assistant
A-22
drop threshold for Layer 2 protocol packets
21-11
DRP
configuring
42-13
described
42-4
IPv6
42-4
support for
1-13
DSCP
1-11, 39-2
DSCP input queue threshold map for QoS
39-16
DSCP output queue threshold map for QoS
39-18
DSCP-to-CoS map for QoS
39-64
DSCP-to-DSCP-mutation map for QoS
39-65
DSCP transparency
39-40
DTP
1-7, 17-15
dual-action detection
40-5
DUAL finite state machine, EIGRP
41-34
dual IPv4 and IPv6 templates
10-2, 42-5
dual protocol stacks
IPv4 and IPv6
42-5
SDM templates supporting
42-6
dual-purpose uplinks
defined
15-6
LEDs
15-7
link selection
15-6, 15-14
setting the type
15-14
DVMRP
support for
1-13
dynamic access ports
characteristics
17-3
configuring
17-27
defined
15-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning
28-1
ARP requests, described
28-1
ARP spoofing attack
28-1
clearing
log buffer
28-15
statistics
28-15
configuration guidelines
28-5
configuring
ACLs for non-DHCP environments
28-8
in DHCP environments
28-7
log buffer
28-12
rate limit for incoming ARP packets
28-4, 28-10
default configuration
28-5
denial-of-service attacks, preventing
28-10
described
28-1
DHCP snooping binding database
28-2
displaying
ARP ACLs
28-14
configuration and operating state
28-14
log buffer
28-15
statistics
28-15
trust state and rate limit
28-14
error-disabled state for exceeding rate limit
28-4
function of
28-2
interface trust states
28-3
log buffer
clearing
28-15
configuring
28-12
displaying
28-15
logging of dropped packets, described
28-4
man-in-the middle attack, described
28-2
network security issues and interface trust states
28-3
priority of ARP ACLs and DHCP snooping entries
28-4
rate limiting of ARP packets
configuring
28-10
described
28-4
error-disabled state
28-4
statistics
clearing
28-15
displaying
28-15
validation checks, performing
28-11
dynamic auto trunking mode
17-15
dynamic desirable trunking mode
17-15
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described
17-25
reconfirming
17-28
troubleshooting
17-30
types of connections
17-27
dynamic routing
41-3
ISO CLNS
41-62
Dynamic Trunking Protocol
See DTP
E
EBGP
41-41
editing features
enabling and disabling
2-7
keystrokes used
2-8
wrapped lines
2-9
EIGRP
authentication
41-38
components
41-34
configuring
41-36
default configuration
41-34
definition
41-33
interface parameters, configuring
41-37
monitoring
41-40
stub routing
41-39
ELIN location
31-3
embedded event manager
actions
37-4
configuring
37-1, 37-5
displaying information
37-7
environmental variables
37-4
event detectors
37-2
policies
37-4
registering and defining an applet
37-5
registering and defining a TCL script
37-6
understanding
37-1
enable password
11-3
enable secret password
11-3
enabling SNMP traps
3-13
encryption, CipherSuite
11-52
encryption for passwords
11-3
Enhanced IGRP
See EIGRP
enhanced object tracking
backup static routing
48-11
commands
48-1
defined
48-1
DHCP primary interface
48-10
HSRP
48-7
IP routing state
48-2
IP SLAs
48-9
line-protocol state
48-2
network monitoring with IP SLAs
48-11
routing policy, configuring
48-11
static route primary interface
48-10
tracked lists
48-3
enhanced object tracking static routing
48-10
environmental variables, embedded event manager
37-4
environment variables, function of
4-20
equal-cost routing
1-12, 41-88
error-disabled state, BPDU
24-2
error messages during command entry
2-5
EtherChannel
automatic creation of
40-4, 40-6
channel groups
binding physical and logical interfaces
40-3
numbering of
40-3
configuration guidelines
40-10
configuring
Layer 2 interfaces
40-11
Layer 3 physical interfaces
40-14
Layer 3 port-channel logical interfaces
40-13
default configuration
40-10
described
40-2
displaying status
40-20
forwarding methods
40-7, 40-16
IEEE 802.3ad, described
40-6
interaction
with STP
40-10
with VLANs
40-11
LACP
described
40-6
displaying status
40-20
hot-standby ports
40-18
interaction with other features
40-7
modes
40-6
port priority
40-19
system priority
40-19
Layer 3 interface
41-3
load balancing
40-7, 40-16
logical interfaces, described
40-3
PAgP
aggregate-port learners
40-17
compatibility with Catalyst 1900
40-17
described
40-4
displaying status
40-20
interaction with other features
40-6
interaction with virtual switches
40-5
learn method and priority configuration
40-17
modes
40-5
support for
1-3
with dual-action detection
40-5
port-channel interfaces
described
40-3
port groups
15-6
support for
1-3
EtherChannel guard
described
24-7
disabling
24-14
enabling
24-14
Ethernet VLANs
adding
17-8
defaults and ranges
17-7
modifying
17-8
EUI
42-3
event detectors, embedded event manager
37-2
events, RMON
34-3
examples
network configuration
1-17
expedite queue for QoS
39-76
Express Setup
1-2
See also getting started guide
extended crashinfo file
36-19
extended-range VLANs
configuration guidelines
17-11
configuring
17-10
creating
17-12
creating with an internal VLAN ID
17-13
defined
17-1
extended system ID
MSTP
23-17
STP
22-4, 22-14
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN
12-1
external BGP
See EBGP
external neighbors, BGP
41-45
F
fa0 interface
1-5
fallback bridging
and protected ports
50-3
bridge groups
creating
50-3
described
50-1
displaying
50-10
function of
50-2
number supported
50-4
removing
50-4
bridge table
clearing
50-10
displaying
50-10
configuration guidelines
50-3
connecting interfaces with
15-7
default configuration
50-3
described
50-1
frame forwarding
flooding packets
50-2
forwarding packets
50-2
overview
50-1
protocol, unsupported
50-3
STP
disabling on an interface
50-9
forward-delay interval
50-8
hello BPDU interval
50-7
interface priority
50-6
maximum-idle interval
50-8
path cost
50-6
VLAN-bridge spanning-tree priority
50-5
VLAN-bridge STP
50-2
support for
1-12
SVIs and routed ports
50-1
unsupported protocols
50-3
VLAN-bridge STP
22-10
Fast Convergence
26-3
FCS bit error rate alarm
configuring
3-10
defined
3-3
FCS error hysteresis threshold
3-2
features, incompatible
29-12
FIB
41-87
fiber-optic, detecting unidirectional links
33-1
files
basic crashinfo
description
36-19
location
36-19
copying
A-5
crashinfo, description
36-19
deleting
A-5
displaying the contents of
A-8
extended crashinfo
description
36-20
location
36-20
tar
creating
A-6
displaying the contents of
A-6
extracting
A-7
image file format
A-22
file system
displaying available file systems
A-2
displaying file information
A-3
local file system names
A-1
network file system names
A-5
setting the default
A-2
filtering
in a VLAN
38-31
IPv6 traffic
44-3, 44-7
non-IP traffic
38-28
show and more command output
2-10
filtering show and more command output
2-10
filters, IP
See ACLs, IP
flash device, number of
A-1
flexible authentication ordering
configuring
12-62
overview
12-28
Flex Link Multicast Fast Convergence
26-3
Flex Links
configuration guidelines
26-8
configuring
26-9
configuring preferred VLAN
26-12
configuring VLAN load balancing
26-11
default configuration
26-8
description
26-1
link load balancing
26-2
monitoring
26-15
VLANs
26-2
flooded traffic, blocking
29-8
flow-based packet classification
1-11
flowcharts
QoS classification
39-6
QoS egress queueing and scheduling
39-17
QoS ingress queueing and scheduling
39-15
QoS policing and marking
39-10
flowcontrol
configuring
15-18
described
15-18
forward-delay time
MSTP
23-23
STP
22-21
Forwarding Information Base
See FIB
forwarding nonroutable protocols
50-1
FTP
configuration files
downloading
A-13
overview
A-12
preparing the server
A-12
uploading
A-14
image files
deleting old image
A-29
downloading
A-28
preparing the server
A-27
uploading
A-29
G
general query
26-5
Generating IGMP Reports
26-3
get-bulk-request operation
36-3
get-next-request operation
36-3, 36-4
get-request operation
36-3, 36-4
get-response operation
36-3
global configuration mode
2-2
global status monitoring alarms
3-2
guest VLAN and 802.1x
12-21
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces
15-21
hello time
MSTP
23-22
STP
22-20
help, for the command line
2-3
hierarchical policy maps
39-8
configuration guidelines
39-33
configuring
39-52
described
39-11
history
changing the buffer size
2-6
described
2-6
disabling
2-7
recalling commands
2-6
history table, level and number of syslog messages
35-10
host names, in clusters
6-13
host ports
configuring
20-11
kinds of
20-2
hosts, limit on dynamic ports
17-30
Hot Standby Router Protocol
See HSRP
HP OpenView
1-4
HSRP
authentication string
46-10
automatic cluster recovery
6-12
binding to cluster group
46-12
cluster standby group considerations
6-11
command-switch redundancy
1-6
configuring
46-4
default configuration
46-5
definition
46-1
guidelines
46-6
monitoring
46-13
object tracking
48-7
overview
46-1
priority
46-8
routing redundancy
1-12
support for ICMP redirect messages
46-12
timers
46-11
tracking
46-8
See also clusters, cluster standby group, and standby command switch
HSRP for IPv6
configuring
42-24
guidelines
42-23
HTTP over SSL
see HTTPS
HTTPS
11-50
configuring
11-54
self-signed certificate
11-51
HTTP secure server
11-50
I
IBPG
41-41
ICMP
IPv6
42-4
redirect messages
41-11
support for
1-12
time-exceeded messages
36-13
traceroute and
36-13
unreachable messages
38-21
unreachable messages and IPv6
44-4
unreachables and ACLs
38-22
ICMP Echo operation
configuring
47-12
IP SLAs
47-11
ICMP ping
executing
36-10
overview
36-10
ICMP Router Discovery Protocol
See IRDP
ICMPv6
42-4
IDS appliances
and ingress RSPAN
30-20
and ingress SPAN
30-13
IEEE 802.1D
See STP
IEEE 802.1p
19-1
IEEE 802.1Q
and trunk ports
15-3
configuration limitations
17-16
encapsulation
17-14
native VLAN for untagged traffic
17-20
tunneling
compatibility with other features
21-5
defaults
21-4
described
21-1
tunnel ports with other features
21-6
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3x flow control
15-18
ifIndex values, SNMP
36-5
IFS
1-5
IGMP
leave processing, enabling
45-8
report suppression
disabling
45-11
support for
1-3
IGMP filtering
support for
1-3
IGMP helper
1-3
IGMP snooping
default configuration
45-5, 45-6
enabling and disabling
45-6
monitoring
45-11
support for
1-3
IGP
41-24
Immediate Leave, IGMP
enabling
45-8
inaccessible authentication bypass
12-23
support for multiauth ports
12-23
initial configuration
defaults
1-14
Express Setup
1-2
interface
range macros
15-11
interface command
15-8 to 15-9
interface configuration
REP
25-9
interface configuration mode
2-3
interfaces
auto-MDIX, configuring
15-19
configuration guidelines
duplex and speed
15-16
configuring
procedure
15-9
counters, clearing
15-26
default configuration
15-13
described
15-20
descriptive name, adding
15-20
displaying information about
15-25
flow control
15-18
management
1-4
monitoring
15-24
naming
15-20
physical, identifying
15-8
range of
15-9
restarting
15-26
shutting down
15-26
speed and duplex, configuring
15-17
status
15-24
supported
15-8
types of
15-1
interfaces range macro command
15-11
interface types
15-8
Interior Gateway Protocol
See IGP
internal BGP
See IBGP
internal neighbors, BGP
41-45
Internet Control Message Protocol
See ICMP
Internet Protocol version 6
See IPv6
inter-VLAN routing
1-12, 41-2
Intrusion Detection System
See IDS appliances
inventory management TLV
31-2, 31-7
IP ACLs
for QoS classification
39-7
implicit deny
38-10, 38-15
implicit masks
38-10
named
38-15
undefined
38-22
IP addresses
128-bit
42-2
candidate or member
6-3, 6-13
classes of
41-5
cluster access
6-2
command switch
6-3, 6-11, 6-13
default configuration
41-4
discovering
7-23
for IP routing
41-4
IPv6
42-2
MAC address association
41-8
monitoring
41-17
redundant clusters
6-11
standby command switch
6-11, 6-13
See also IP information
IP broadcast address
41-15
ip cef distributed command
41-87
IP directed broadcasts
41-13
IP information
assigned
manually
4-14
through DHCP-based autoconfiguration
4-3
default configuration
4-3
IP phones
and QoS
19-1
automatic classification and queueing
39-20
configuring
19-4
ensuring port security with QoS
39-38
trusted boundary for QoS
39-38
IP Port Security for Static Hosts
on a Layer 2 access port
27-20
on a PVLAN host port
27-24
IP precedence
39-2
IP-precedence-to-DSCP map for QoS
39-62
IP protocols
in ACLs
38-12
routing
1-12
IP routes, monitoring
41-100
IP routing
connecting interfaces with
15-7
disabling
41-18
enabling
41-18
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing
47-1
IP SLAs
benefits
47-2
configuration guidelines
47-6
configuring object tracking
48-9
Control Protocol
47-4
default configuration
47-6
definition
47-1
ICMP echo operation
47-11
measuring network performance
47-3
monitoring
47-13
multioperations scheduling
47-5
object tracking
48-9
operation
47-3
reachability tracking
48-9
responder
described
47-4
enabling
47-8
response time
47-4
scheduling
47-5
SNMP support
47-2
supported metrics
47-2
threshold monitoring
47-6
track object monitoring agent, configuring
48-11
track state
48-9
UDP jitter operation
47-9
IP source guard
and 802.1x
27-19
and DHCP snooping
27-16
and EtherChannels
27-19
and port security
27-19
and private VLANs
27-19
and routed ports
27-18
and TCAM entries
27-19
and trunk interfaces
27-18
and VRF
27-19
binding configuration
automatic
27-16
manual
27-16
binding table
27-16
configuration guidelines
27-18
default configuration
27-18
described
27-16
disabling
27-20
displaying
active IP or MAC bindings
27-26
bindings
27-26
configuration
27-26
enabling
27-19, 27-20
filtering
source IP address
27-17
source IP and MAC address
27-17
source IP address filtering
27-17
source IP and MAC address filtering
27-17
static bindings
adding
27-19, 27-20
deleting
27-20
static hosts
27-20
IP traceroute
executing
36-13
overview
36-13
IP unicast routing
address resolution
41-8
administrative distances
41-89, 41-99
ARP
41-8
assigning IP addresses to Layer 3 interfaces
41-5
authentication keys
41-99
broadcast
address
41-15
flooding
41-16
packets
41-13
storms
41-13
classless routing
41-6
configuring static routes
41-88
default
addressing configuration
41-4
gateways
41-11
networks
41-90
routes
41-89
routing
41-2
directed broadcasts
41-13
disabling
41-18
dynamic routing
41-3
enabling
41-18
EtherChannel Layer 3 interface
41-3
IGP
41-24
inter-VLAN
41-2
IP addressing
classes
41-5
configuring
41-4
IRDP
41-11
Layer 3 interfaces
41-3
MAC address and IP address
41-8
passive interfaces
41-97
protocols
distance-vector
41-3
dynamic
41-3
link-state
41-3
proxy ARP
41-8
redistribution
41-90
reverse address resolution
41-8
routed ports
41-3
static routing
41-3
steps to configure
41-4
subnet mask
41-5
subnet zero
41-6
supernet
41-6
UDP
41-14
with SVIs
41-3
See also BGP
See also EIGRP
See also OSPF
See also RIP
IPv4 ACLs
applying to interfaces
38-20
extended, creating
38-10
named
38-15
standard, creating
38-9
IPv4 and IPv6
dual protocol stacks
42-5
IPv6
ACLs
displaying
44-8
limitations
44-2
matching criteria
44-3
port
44-1
precedence
44-2
router
44-1
supported
44-2
addresses
42-2
address formats
42-2
applications
42-5
assigning address
42-10
autoconfiguration
42-4
CEFv6
42-18
configuring static routes
42-19
default configuration
42-10
default router preference (DRP)
42-4
defined
42-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6
42-7
EIGRP IPv6 Commands
42-7
Router ID
42-7
feature limitations
42-9
features not supported
42-8
forwarding
42-10
ICMP
42-4
monitoring
42-26
neighbor discovery
42-4
OSPF
42-7
path MTU discovery
42-4
SDM templates
10-2, 44-1, 45-1
Stateless Autoconfiguration
42-4
supported features
42-2
switch limitations
42-9
understanding static routes
42-6
IPv6 traffic, filtering
44-3
IRDP
configuring
41-12
definition
41-11
support for
1-12
IS-IS
addresses
41-62
area routing
41-62
default configuration
41-63
monitoring
41-71
show commands
41-71
system routing
41-62
ISO CLNS
clear commands
41-71
dynamic routing protocols
41-62
monitoring
41-71
NETs
41-62
NSAPs
41-62
OSI standard
41-62
ISO IGRP
area routing
41-62
system routing
41-62
isolated port
20-2
isolated VLANs
20-2, 20-3
K
KDC
described
11-41
See also Kerberos
Kerberos
authenticating to
boundary switch
11-43
KDC
11-43
network services
11-44
configuration examples
11-40
configuring
11-44
credentials
11-41
cryptographic software image
11-40
described
11-41
KDC
11-41
operation
11-43
realm
11-42
server
11-42
support for
1-10
switch as trusted third party
11-40
terms
11-41
TGT
11-42
tickets
11-41
key distribution center
See KDC
L
l2protocol-tunnel command
21-12
LACP
Layer 2 protocol tunneling
21-9
See EtherChannel
Layer 2 frames, classification with CoS
39-2
Layer 2 interfaces, default configuration
15-13
Layer 2 protocol tunneling
configuring
21-10
configuring for EtherChannels
21-14
default configuration
21-11
defined
21-8
guidelines
21-11
Layer 2 traceroute
and ARP
36-12
and CDP
36-11
broadcast traffic
36-11
described
36-11
IP addresses and subnets
36-12
MAC addresses and VLANs
36-12
multicast traffic
36-12
multiple devices on a port
36-12
unicast traffic
36-11
usage guidelines
36-11
Layer 3 features
1-12
Layer 3 interfaces
assigning IP addresses to
41-5
assigning IPv4 and IPv6 addresses to
42-14
assigning IPv6 addresses to
42-11
changing from Layer 2 mode
41-5, 41-79
types of
41-3
Layer 3 packets, classification methods
39-2
LDAP
5-2
Leaking IGMP Reports
26-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode
2-3
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional
23-7
link fault alarm
3-3
link integrity, verifying with REP
25-3
Link Layer Discovery Protocol
See CDP
link local unicast addresses
42-3
link redundancy
See Flex Links
links, unidirectional
33-1
link state advertisements (LSAs)
41-29
link-state protocols
41-3
link-state tracking
configuring
40-23
described
40-21
LLDP
configuring
31-4
characteristics
31-6
default configuration
31-4
enabling
31-5
monitoring and maintaining
31-11
overview
31-1
supported TLVs
31-2
switch stack considerations
31-2
transmission timer and holdtime, setting
31-6
LLDP-MED
configuring
procedures
31-4
TLVs
31-7
monitoring and maintaining
31-11
overview
31-1, 31-2
supported TLVs
31-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing
46-4
local SPAN
30-2
location TLV
31-3, 31-7
logging messages, ACL
38-9
login authentication
with RADIUS
11-30
with TACACS+
11-14
login banners
7-10
log messages
See system message logging
loop guard
described
24-9
enabling
24-15
support for
1-7
LRE profiles, considerations in switch clusters
6-14
M
MAB
See MAC authentication bypass
MAB aging timer
1-8
MAB inactivity timer
default setting
12-33
range
12-36
MAC/PHY configuration status TLV
31-2
MAC addresses
aging time
7-14
and VLAN association
7-13
building the address table
7-13
default configuration
7-14
disabling learning on a VLAN
7-22
discovering
7-23
displaying
7-23
displaying in the IP source binding table
27-26
dynamic
learning
7-13
removing
7-15
in ACLs
38-28
IP address association
41-8
static
adding
7-20
allowing
7-21, 7-22
characteristics of
7-19
dropping
7-21
removing
7-20
MAC address learning
1-5
MAC address learning, disabling on a VLAN
7-22
MAC address notification, support for
1-13
MAC address-table move update
configuration guidelines
26-8
configuring
26-12
default configuration
26-8
description
26-6
monitoring
26-15
MAC address-to-VLAN mapping
17-24
MAC authentication bypass
12-35
configuring
12-55
overview
12-16
See MAB
MAC extended access lists
applying to Layer 2 interfaces
38-30
configuring for QoS
39-45
creating
38-28
defined
38-28
for QoS classification
39-5
magic packet
12-25
manageability features
1-4
management access
in-band
browser session
1-5
CLI session
1-5
device manager
1-5
SNMP
1-5
out-of-band console port connection
1-5
management address TLV
31-2
management options
CLI
2-1
clustering
1-2
CNS
5-1
overview
1-4
management VLAN
considerations in switch clusters
6-7
discovery through different management VLANs
6-7
manual preemption, REP, configuring
25-13
mapping tables for QoS
configuring
CoS-to-DSCP
39-61
DSCP
39-60
DSCP-to-CoS
39-64
DSCP-to-DSCP-mutation
39-65
IP-precedence-to-DSCP
39-62
policed-DSCP
39-63
described
39-12
marking
action with aggregate policers
39-58
described
39-4, 39-8
matching
IPv6 ACLs
44-3
matching, IPv4 ACLs
38-7
maximum aging time
MSTP
23-23
STP
22-21
maximum hop count, MSTP
23-24
maximum number of allowed devices, port-based authentication
12-36
maximum-paths command
41-49, 41-88
MDA
configuration guidelines
12-12 to 12-13
described
1-9, 12-12
exceptions with authentication process
12-5
membership mode, VLAN port
17-3
member switch
automatic discovery
6-4
defined
6-1
managing
6-14
passwords
6-13
recovering from lost connectivity
36-7
requirements
6-3
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners
7-10
metrics, in BGP
41-49
metric translations, between routing protocols
41-93
metro tags
21-2
MHSRP
46-4
MIBs
overview
36-1
SNMP interaction with
36-4
mirroring traffic for analysis
30-1
mismatches, autonegotiation
36-8
module number
15-8
monitoring
access groups
38-43
alarms
3-13
BGP
41-61
cables for unidirectional links
33-1
CDP
32-5
CEF
41-87
EIGRP
41-40
fallback bridging
50-10
features
1-13
Flex Links
26-15
HSRP
46-13
IEEE 802.1Q tunneling
21-17
IGMP
snooping
45-11
interfaces
15-24
IP
address tables
41-17
routes
41-100
IP SLAs operations
47-13
IPv4 ACL configuration
38-43
IPv6
42-26
IPv6 ACL configuration
44-8
IS-IS
41-71
ISO CLNS
41-71
Layer 2 protocol tunneling
21-17
MAC address-table move update
26-15
multicast router interfaces
45-11
multi-VRF CE
41-86
network traffic for analysis with probe
30-2
object tracking
48-12
OSPF
41-32
port
blocking
29-23
protection
29-23
private VLANs
20-14
PROFINET
9-5
PTP
8-4
REP
25-13
SFP status
15-25, 36-9
speed and duplex mode
15-17
traffic flowing among switches
34-1
traffic suppression
29-23
tunneling
21-17
VLAN
filters
38-43
maps
38-43
VLANs
17-14
VMPS
17-29
VTP
18-16
mrouter Port
26-3
mrouter port
26-5
MSDP
support for
1-13
MSTP
boundary ports
configuration guidelines
23-15
described
23-6
BPDU filtering
described
24-3
enabling
24-12
BPDU guard
described
24-2
enabling
24-11
CIST, described
23-3
CIST regional root
23-3
CIST root
23-5
configuration guidelines
23-14, 24-10
configuring
forward-delay time
23-23
hello time
23-22
link type for rapid convergence
23-24
maximum aging time
23-23
maximum hop count
23-24
MST region
23-15
neighbor type
23-25
path cost
23-20
port priority
23-19
root switch
23-17
secondary root switch
23-18
switch priority
23-21
CST
defined
23-3
operations between regions
23-3
default configuration
23-14
default optional feature configuration
24-9
displaying status
23-26
enabling the mode
23-15
EtherChannel guard
described
24-7
enabling
24-14
extended system ID
effects on root switch
23-17
effects on secondary root switch
23-18
unexpected behavior
23-17
IEEE 802.1s
implementation
23-6
port role naming change
23-6
terminology
23-5
instances supported
22-9
interface state, blocking to forwarding
24-2
interoperability and compatibility among modes
22-10
interoperability with IEEE 802.1D
described
23-8
restarting migration process
23-25
IST
defined
23-2
master
23-3
operations within a region
23-3
loop guard
described
24-9
enabling
24-15
mapping VLANs to MST instance
23-16
MST region
CIST
23-3
configuring
23-15
described
23-2
hop-count mechanism
23-5
IST
23-2
supported spanning-tree instances
23-2
optional features supported
1-7
overview
23-2
Port Fast
described
24-2
enabling
24-10
preventing root switch selection
24-8
root guard
described
24-8
enabling
24-15
root switch
configuring
23-17
effects of extended system ID
23-17
unexpected behavior
23-17
shutdown Port Fast-enabled port
24-2
status, displaying
23-26
multiauth
support for inaccessible authentication bypass
12-23
multiauth mode
See multiple-authentication mode
multicast groups
static joins
45-7
multicast packets
ACLs on
38-42
blocking
29-8
multicast router interfaces, monitoring
45-11
multicast router ports, adding
45-8
Multicast Source Discovery Protocol
See MSDP
multicast storm
29-1
multicast storm-control command
29-4
multidomain authentication
See MDA
multioperations scheduling, IP SLAs
47-5
multiple authentication
12-13
multiple authentication mode
configuring
12-42
Multiple HSRP
See MHSRP
multiple VPN routing/forwarding in customer edge devices
See multi-VRF CE
multi-VRF CE
configuration example
41-82
configuration guidelines
41-74
configuring
41-74
default configuration
41-74
defined
41-72
displaying
41-86
monitoring
41-86
network components
41-74
packet-forwarding process
41-73
support for
1-12
MVR
support for
1-3
N
NAC
AAA down policy
1-10
critical authentication
12-23, 12-51
IEEE 802.1x authentication using a RADIUS server
12-56
IEEE 802.1x validation using RADIUS server
12-56
inaccessible authentication bypass
1-10, 12-51
Layer 2 IEEE 802.1x validation
1-10, 12-28, 12-56
Layer 2 IP validation
1-10
named IPv4 ACLs
38-15
NameSpace Mapper
See NSM
native VLAN
and IEEE 802.1Q tunneling
21-4
configuring
17-20
default
17-20
NEAT
configuring
12-57
overview
12-29
neighbor discovery, IPv6
42-4
neighbor discovery/recovery, EIGRP
41-34
neighbor offset numbers, REP
25-4
neighbors, BGP
41-55
Network Admission Control
NAC
Network Assistant
benefits
1-2
described
1-4
upgrading a switch
A-22
network configuration examples
increasing network performance
1-17
providing network services
1-17
network design
performance
1-17
services
1-17
Network Edge Access Topology
See NEAT
network management
CDP
32-1
RMON
34-1
SNMP
36-1
network performance, measuring with IP SLAs
47-3
network policy TLV
31-2, 31-7
Network Time Protocol
See NTP
no commands
2-4
nonhierarchical policy maps
configuration guidelines
39-33
described
39-9
non-IP traffic filtering
38-28
nontrunking mode
17-15
normal-range VLANs
17-4
configuration guidelines
17-6
configuring
17-4
defined
17-1
no switchport command
15-4
not-so-stubby areas
See NSSA
NSAPs, as ISO IGRP addresses
41-62
NSF Awareness
IS-IS
41-64
NSM
5-3
NSSA, OSPF
41-29
NTP
associations
defined
7-2
overview
7-2
stratum
7-2
support for
1-5
time
services
7-2
synchronizing
7-2
O
object tracking
HSRP
48-7
IP SLAs
48-9
IP SLAs, configuring
48-9
monitoring
48-12
off mode, VTP
18-3
open1x
configuring
12-62
open1x authentication
overview
12-29
Open Shortest Path First
See OSPF
optimizing system resources
10-1
options, management
1-4
OSPF
area parameters, configuring
41-28
configuring
41-26
default configuration
metrics
41-30
route
41-30
settings
41-25
described
41-23
for IPv6
42-7
interface parameters, configuring
41-27
LSA group pacing
41-31
monitoring
41-32
router IDs
41-32
route summarization
41-30
support for
1-12
virtual links
41-30
out-of-profile markdown
1-11
P
packet modification, with QoS
39-19
PAgP
Layer 2 protocol tunneling
21-9
See EtherChannel
parallel paths, in routing tables
41-88
passive interfaces
configuring
41-97
OSPF
41-30
passwords
default configuration
11-2
disabling recovery of
11-5
encrypting
11-3
for security
1-8
in clusters
6-13
overview
11-1
recovery of
36-3
setting
enable
11-3
enable secret
11-3
Telnet
11-6
with usernames
11-6
VTP domain
18-8
path cost
MSTP
23-20
STP
22-18
path MTU discovery
42-4
PBR
defined
41-94
enabling
41-95
fast-switched policy-based routing
41-97
local policy-based routing
41-97
PC (passive command switch)
6-10
peers, BGP
41-55
percentage thresholds in tracked lists
48-6
performance, network design
1-17
performance features
1-2
persistent self-signed certificate
11-51
per-user ACLs and Filter-Ids
12-8
per-VLAN spanning-tree plus
See PVST+
PE to CE routing, configuring
41-81
physical ports
15-2
PIM
support for
1-13
ping
character output description
36-11
executing
36-10
overview
36-10
PoE
troubleshooting
36-8
policed-DSCP map for QoS
39-63
policers
configuring
for each matched traffic class
39-48
for more than one traffic class
39-58
described
39-4
displaying
39-78
number of
39-34
types of
39-9
policing
described
39-4
hierarchical
See hierarchical policy maps
token-bucket algorithm
39-9
policy-based routing
See PBR
policy maps for QoS
characteristics of
39-48
described
39-7
displaying
39-78
hierarchical
39-8
hierarchical on SVIs
configuration guidelines
39-33
configuring
39-52
described
39-11
nonhierarchical on physical ports
configuration guidelines
39-33
described
39-9
port ACLs
defined
38-2
types of
38-3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting
12-14
authentication server
defined
12-3, 13-2
RADIUS server
12-3
client, defined
12-3, 13-2
configuration guidelines
12-34, 13-9
configuring
802.1x authentication
12-39
guest VLAN
12-49
host mode
12-42
inaccessible authentication bypass
12-51
manual re-authentication of a client
12-44
periodic re-authentication
12-43
quiet period
12-44
RADIUS server
12-42, 13-13
RADIUS server parameters on the switch
12-41, 13-11
restricted VLAN
12-50
switch-to-client frame-retransmission number
12-45, 12-46
switch-to-client retransmission time
12-45
violation modes
12-38 to 12-39
default configuration
12-33, 13-9
described
12-1
device roles
12-2, 13-2
displaying statistics
12-64, 13-17
downloadable ACLs and redirect URLs
configuring
12-59 to 12-61, ?? to 12-61
overview
12-18 to 12-20
EAPOL-start frame
12-5
EAP-request/identity frame
12-5
EAP-response/identity frame
12-5
enabling
802.1X authentication
13-11
encapsulation
12-3
flexible authentication ordering
configuring
12-62
overview
12-28
guest VLAN
configuration guidelines
12-22, 12-23
described
12-21
host mode
12-11
inaccessible authentication bypass
configuring
12-51
described
12-23
guidelines
12-35
initiation and message exchange
12-5
magic packet
12-25
maximum number of allowed devices per port
12-36
method lists
12-39
multiple authentication
12-13
per-user ACLs
AAA authorization
12-39
configuration tasks
12-18
described
12-17
RADIUS server attributes
12-18
ports
authorization state and dot1x port-control command
12-10
authorized and unauthorized
12-10
voice VLAN
12-24
port security
described
12-25
readiness check
configuring
12-36
described
12-16, 12-36
resetting to default values
12-64
statistics, displaying
12-64
switch
as proxy
12-3, 13-2
RADIUS client
12-3
switch supplicant
configuring
12-57
overview
12-29
user distribution
guidelines
12-27
overview
12-27
VLAN assignment
AAA authorization
12-39
characteristics
12-16
configuration tasks
12-17
described
12-16
voice aware 802.1x security
configuring
12-37
described
12-29, 12-37
voice VLAN
described
12-24
PVID
12-24
VVID
12-24
wake-on-LAN, described
12-25
with ACLs and RADIUS Filter-Id attribute
12-31
port-based authentication methods, supported
12-7
port blocking
1-3, 29-7
port-channel
See EtherChannel
port description TLV
31-2
Port Fast
described
24-2
enabling
24-10
mode, spanning tree
17-26
support for
1-7
port membership modes, VLAN
17-3
port not forwarding alarm
3-3
port not operating alarm
3-3
port priority
MSTP
23-19
STP
22-17
ports
access
15-3
blocking
29-7
dual-purpose uplink
15-6
dynamic access
17-3
IEEE 802.1Q tunnel
17-4
protected
29-6
REP
25-6
routed
15-4
secure
29-8
static-access
17-3, 17-9
switch
15-2
trunks
17-3, 17-14
VLAN assignments
17-9
port security
aging
29-18
and private VLANs
29-20
and QoS trusted boundary
39-38
configuring
29-13
default configuration
29-11
described
29-8
displaying
29-23
enabling
29-20
on trunk ports
29-15
sticky learning
29-9
violations
29-10
with other features
29-12
port-shutdown response, VMPS
17-25
port status monitoring alarms
FCS bit error rate alarm
3-3
link fault alarm
3-3
port not forwarding alarm
3-3
port not operating alarm
3-3
port VLAN ID TLV
31-2
power management TLV
31-2, 31-7
preempt delay time, REP
25-5
preemption, default configuration
26-8
preemption delay, default configuration
26-8
preferential treatment of traffic
See QoS
prefix lists, BGP
41-53
preventing unauthorized access
11-1
primary edge port, REP
25-4
primary interface for object tracking, DHCP, configuring
48-10
primary interface for static routing, configuring
48-10
primary links
26-2
primary VLANs
20-1, 20-3
priority
HSRP
46-8
overriding CoS
19-6
trusting CoS
19-6
private VLAN edge ports
See protected ports
private VLANs
across multiple switches
20-4
and SDM template
20-4
and SVIs
20-5
benefits of
20-1
community ports
20-2
community VLANs
20-2, 20-3
configuration guidelines
20-6, 20-7, 20-8
configuration tasks
20-6
configuring
20-9
default configuration
20-6
end station access to
20-3
IP addressing
20-3
isolated port
20-2
isolated VLANs
20-2, 20-3
mapping
20-13
monitoring
20-14
ports
community
20-2
configuration guidelines
20-8
configuring host ports
20-11
configuring promiscuous ports
20-12
described
17-4
isolated
20-2
promiscuous
20-2
primary VLANs
20-1, 20-3
promiscuous ports
20-2
secondary VLANs
20-2
subdomains
20-1
traffic in
20-5
privileged EXEC mode
2-2
privilege levels
changing the default for lines
11-9
command switch
6-15
exiting
11-10
logging into
11-10
mapping on member switches
6-15
overview
11-2, 11-8
setting a command with
11-8
PROFINET
9-1
configuring
9-4
default configuration
9-4
displaying configuration
9-5
promiscuous ports
configuring
20-12
defined
20-2
protected ports
1-8, 29-6
protocol-dependent modules, EIGRP
41-34
protocol storm protection
29-21
provider edge devices
41-72
proxy ARP
configuring
41-10
definition
41-8
with IP routing disabled
41-11
proxy reports
26-3
pruning, VTP
disabling
in VTP domain
18-14
on a port
17-20
enabling
in VTP domain
18-14
on a port
17-19
examples
18-6
overview
18-5
pruning-eligible list
changing
17-19
for VTP pruning
18-5
VLANs
18-14
PTP
configuring
8-3
default configuration
8-2
displaying configuration
8-4
PVST+
described
22-9
IEEE 802.1Q trunking interoperability
22-10
instances supported
22-9
Q
QoS
and MQC commands
39-1
auto-QoS
categorizing traffic
39-20
configuration and defaults display
39-29
configuration guidelines
39-25
described
39-20
disabling
39-27
displaying generated commands
39-27
displaying the initial configuration
39-29
effects on running configuration
39-25
egress queue defaults
39-21
enabling for VoIP
39-26
example configuration
39-28
ingress queue defaults
39-21
list of generated commands
39-22
basic model
39-4
classification
class maps, described
39-7
defined
39-4
DSCP transparency, described
39-40
flowchart
39-6
forwarding treatment
39-3
in frames and packets
39-3
IP ACLs, described
39-5, 39-7
MAC ACLs, described
39-5, 39-7
options for IP traffic
39-5
options for non-IP traffic
39-5
policy maps, described
39-7
trust DSCP, described
39-5
trusted CoS, described
39-5
trust IP precedence, described
39-5
class maps
configuring
39-46
displaying
39-78
configuration guidelines
auto-QoS
39-25
standard QoS
39-33
configuring
aggregate policers
39-58
auto-QoS
39-20
default port CoS value
39-38
DSCP maps
39-60
DSCP transparency
39-40
DSCP trust states bordering another domain
39-40
egress queue characteristics
39-70
ingress queue characteristics
39-66
IP extended ACLs
39-44
IP standard ACLs
39-43
MAC ACLs
39-45
policy maps, hierarchical
39-52
port trust states within the domain
39-36
trusted boundary
39-38
default auto configuration
39-20
default standard configuration
39-30
displaying statistics
39-78
DSCP transparency
39-40
egress queues
allocating buffer space
39-71
buffer allocation scheme, described
39-17
configuring shaped weights for SRR
39-74
configuring shared weights for SRR
39-75
described
39-4
displaying the threshold map
39-74
flowchart
39-17
mapping DSCP or CoS values
39-73
scheduling, described
39-4
setting WTD thresholds
39-71
WTD, described
39-18
enabling globally
39-35
flowcharts
classification
39-6
egress queueing and scheduling
39-17
ingress queueing and scheduling
39-15
policing and marking
39-10
implicit deny
39-7
ingress queues
allocating bandwidth
39-68
allocating buffer space
39-68
buffer and bandwidth allocation, described
39-16
configuring shared weights for SRR
39-68
configuring the priority queue
39-69
described
39-4
displaying the threshold map
39-67
flowchart
39-15
mapping DSCP or CoS values
39-67
priority queue, described
39-16
scheduling, described
39-4
setting WTD thresholds
39-67
WTD, described
39-16
IP phones
automatic classification and queueing
39-20
detection and trusted settings
39-20, 39-38
limiting bandwidth on egress interface
39-77
mapping tables
CoS-to-DSCP
39-61
displaying
39-78
DSCP-to-CoS
39-64
DSCP-to-DSCP-mutation
39-65
IP-precedence-to-DSCP
39-62
policed-DSCP
39-63
types of
39-12
marked-down actions
39-50, 39-55
marking, described
39-4, 39-8
overview
39-1
packet modification
39-19
policers
configuring
39-50, 39-55, 39-59
described
39-8
displaying
39-78
number of
39-34
types of
39-9
policies, attaching to an interface
39-8
policing
described
39-4, 39-8
token bucket algorithm
39-9
policy maps
characteristics of
39-48
displaying
39-78
hierarchical
39-8
hierarchical on SVIs
39-52
nonhierarchical on physical ports
39-48
QoS label, defined
39-4
queues
configuring egress characteristics
39-70
configuring ingress characteristics
39-66
high priority (expedite)
39-19, 39-76
location of
39-13
SRR, described
39-14
WTD, described
39-13
rewrites
39-19
support for
1-11
trust states
bordering another domain
39-40
described
39-5
trusted device
39-38
within the domain
39-36
quality of service
See QoS
R
RADIUS
attributes
vendor-proprietary
11-38
vendor-specific
11-36
configuring
accounting
11-35
authentication
11-30
authorization
11-34
communication, global
11-28, 11-36
communication, per-server
11-28
multiple UDP ports
11-28
default configuration
11-27
defining AAA server groups
11-32
displaying the configuration
11-40
identifying the server
11-28
in clusters
6-14
limiting the services to the user
11-34
method list, defined
11-27
operation of
11-20
overview
11-18
server load balancing
11-40
suggested network environments
11-19
support for
1-10
tracking services accessed by user
11-35
RADIUS Change of Authorization
11-20
range
macro
15-11
of interfaces
15-10
rapid convergence
23-9
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described
22-9
IEEE 802.1Q trunking interoperability
22-10
instances supported
22-9
Rapid Spanning Tree Protocol
See RSTP
RARP
41-8
rcommand command
6-14
RCP
configuration files
downloading
A-16
overview
A-14
preparing the server
A-15
uploading
A-17
image files
deleting old image
A-33
downloading
A-32
preparing the server
A-31
uploading
A-33
reachability, tracking IP SLAs IP host
48-9
readiness check
port-based authentication
configuring
12-36
described
12-16, 12-36
reconfirmation interval, VMPS, changing
17-28
reconfirming dynamic VLAN membership
17-28
recovery procedures
36-1
redirect URL
12-18, 12-20, 12-59
redundancy
EtherChannel
40-3
HSRP
46-1
STP
backbone
22-8
path cost
17-23
port priority
17-21
redundant links and UplinkFast
24-13
reliable transport protocol, EIGRP
41-34
reloading software
4-21
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN
30-2
REP
administrative VLAN
25-8
administrative VLAN, configuring
25-8
age timer
25-8
and STP
25-6
configuration guidelines
25-7
configuring interfaces
25-9
convergence
25-4
default configuration
25-7
manual preemption, configuring
25-13
monitoring
25-13
neighbor offset numbers
25-4
open segment
25-2
ports
25-6
preempt delay time
25-5
primary edge port
25-4
ring segment
25-2
secondary edge port
25-4
segments
25-1
characteristics
25-2
SNMP traps, configuring
25-13
supported interfaces
25-1
triggering VLAN load balancing
25-5
verifying link integrity
25-3
VLAN blocking
25-12
VLAN load balancing
25-4
report suppression, IGMP
disabling
45-11
resequencing ACL entries
38-15
reserved addresses in DHCP pools
27-28
resets, in BGP
41-48
resetting a UDLD-shutdown interface
33-6
Resilient Ethernet Protocol
See REP
responder, IP SLAs
described
47-4
enabling
47-8
response time, measuring with IP SLAs
47-4
restricted VLAN
configuring
12-50
described
12-22
using with IEEE 802.1x
12-22
restricting access
overview
11-1
passwords and privilege levels
11-2
RADIUS
11-18
TACACS+
11-10
retry count, VMPS, changing
17-29
reverse address resolution
41-8
Reverse Address Resolution Protocol
See RARP
RFC
1058, RIP
41-18
1157, SNMPv1
36-2
1163, BGP
41-41
1166, IP addresses
41-5
1253, OSPF
41-24
1267, BGP
41-41
1305, NTP
7-2
1587, NSSAs
41-24
1757, RMON
34-2
1771, BGP
41-41
1901, SNMPv2C
36-2
1902 to 1907, SNMPv2
36-2
2273-2275, SNMPv3
36-2
RFC 5176 Compliance
11-21
RIP
advertisements
41-18
authentication
41-21
configuring
41-20
default configuration
41-19
described
41-18
for IPv6
42-6
hop counts
41-19
split horizon
41-22
summary addresses
41-22
support for
1-12
RMON
default configuration
34-3
displaying status
34-6
enabling alarms and events
34-3
groups supported
34-2
overview
34-1
statistics
collecting group Ethernet
34-5
collecting group history
34-5
support for
1-13
root guard
described
24-8
enabling
24-15
support for
1-7
root switch
MSTP
23-17
STP
22-14
route calculation timers, OSPF
41-30
route dampening, BGP
41-60
routed packets, ACLs on
38-41
routed ports
configuring
41-3
defined
15-4
in switch clusters
6-8
IP addresses on
15-21, 41-4
route-map command
41-96
route maps
BGP
41-51
policy-based routing
41-94
router ACLs
defined
38-2
types of
38-4
route reflectors, BGP
41-59
router ID, OSPF
41-32
route selection, BGP
41-49
route summarization, OSPF
41-30
route targets, VPN
41-74
routing
default
41-2
dynamic
41-3
redistribution of information
41-90
static
41-3
routing domain confederation, BGP
41-58
Routing Information Protocol
See RIP
routing protocol administrative distances
41-89
RSPAN
characteristics
30-8
configuration guidelines
30-16
default configuration
30-9
defined
30-2
destination ports
30-7
displaying status
30-22
interaction with other features
30-8
monitored ports
30-5
monitoring ports
30-7
overview
1-13, 30-1
received traffic
30-4
sessions
creating
30-16
defined
30-3
limiting source traffic to specific VLANs
30-21
specifying monitored ports
30-16
with ingress traffic enabled
30-20
source ports
30-5
transmitted traffic
30-5
VLAN-based
30-6
RSTP
active topology
23-9
BPDU
format
23-12
processing
23-12
designated port, defined
23-9
designated switch, defined
23-9
interoperability with IEEE 802.1D
described
23-8
restarting migration process
23-25
topology changes
23-13
overview
23-8
port roles
described
23-9
synchronized
23-11
proposal-agreement handshake process
23-10
rapid convergence
described
23-9
edge ports and Port Fast
23-9
point-to-point links
23-10, 23-24
root ports
23-10
root port, defined
23-9
See also MSTP
running configuration
replacing
A-18, A-19
rolling back
A-18, A-19
running configuration, saving
4-15
S
SC (standby command switch)
6-10
scheduled reloads
4-21
scheduling, IP SLAs operations
47-5
SCP
and SSH
11-56
configuring
11-57
SDM
templates
configuring
10-4
number of
10-1
SDM template
44-3
configuration guidelines
10-3
configuring
10-3
dual IPv4 and IPv6
10-2
types of
10-1
secondary edge port, REP
25-4
secondary VLANs
20-2
Secure Copy Protocol
secure HTTP client
configuring
11-55
displaying
11-56
secure HTTP server
configuring
11-54
displaying
11-56
secure MAC addresses
deleting
29-17
maximum number of
29-10
types of
29-9
secure ports, configuring
29-8
secure remote connections
11-46
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port
29-8
security features
1-8
See SCP
sequence numbers in log messages
35-8
server mode, VTP
18-3
service-provider network, MSTP and RSTP
23-1
service-provider networks
and customer VLANs
21-2
and IEEE 802.1Q tunneling
21-1
Layer 2 protocols across
21-8
Layer 2 protocol tunneling for EtherChannels
21-9
set-request operation
36-4
setting a secondary temperature threshold
3-7, 3-8
setting power supply alarm options
3-6
setting the FCS error hysteresis threshold
3-10
setup program
failed command switch replacement
36-6
replacing failed command switch
36-4
severity levels, defining in system messages
35-8
SFPs
monitoring status of
15-25, 36-9
security and identification
36-9
status, displaying
36-9
shaped round robin
See SRR
show access-lists hw-summary command
38-22
show alarm commands
3-13
show and more command output, filtering
2-10
show cdp traffic command
32-6
show cluster members command
6-14
show configuration command
15-20
show forward command
36-17
show interfaces command
15-17, 15-20
show interfaces switchport
26-4
show l2protocol command
21-13, 21-15
show lldp traffic command
31-11
show platform forward command
36-17
show running-config command
displaying ACLs
38-20, 38-21, 38-33, 38-36
interface description in
15-20
shutdown command on interfaces
15-26
shutdown threshold for Layer 2 protocol packets
21-11
Simple Network Management Protocol
See SNMP
small-frame arrival rate, configuring
29-5
Smartports macros
applying Cisco-default macros
16-3
applying global parameter values
16-3
configuration guidelines
16-2
default configuration
16-1
displaying
16-5
tracing
16-2
SNAP
32-1
SNMP
accessing MIB variables with
36-4
agent
described
36-4
disabling
36-9
and IP SLAs
47-2
authentication level
36-12
community strings
configuring
36-9
for cluster switches
36-4
overview
36-4
configuration examples
36-19
default configuration
36-8
engine ID
36-8
groups
36-8, 36-11
host
36-8
ifIndex values
36-5
in-band management
1-5
in clusters
6-14
informs
and trap keyword
36-13
described
36-5
differences from traps
36-5
disabling
36-17
enabling
36-17
limiting access by TFTP servers
36-18
limiting system log messages to NMS
35-10
manager functions
1-4, 36-3
managing clusters with
6-15
notifications
36-5
overview
36-1, 36-4
security levels
36-2
setting CPU threshold notification
36-17
status, displaying
36-20
system contact and location
36-18
trap manager, configuring
36-15
traps
described
36-3, 36-5
differences from informs
36-5
disabling
36-17
enabling
36-13
enabling MAC address notification
7-15, 7-17, 7-18
overview
36-1, 36-4
types of
36-14
users
36-8, 36-11
versions supported
36-2
SNMP and Syslog Over IPv6
42-8
SNMP traps
REP
25-13
SNMPv1
36-2
SNMPv2C
36-2
SNMPv3
36-2
software images
location in flash
A-22
recovery procedures
36-2
scheduling reloads
4-21
tar file format, described
A-22
See also downloading and uploading
source addresses
in IPv4 ACLs
38-12
in IPv6 ACLs
44-5
source-and-destination-IP address based forwarding, EtherChannel
40-8
source-and-destination MAC address forwarding, EtherChannel
40-8
source-IP address based forwarding, EtherChannel
40-8
source-MAC address forwarding, EtherChannel
40-7
SPAN
configuration guidelines
30-10
default configuration
30-9
destination ports
30-7
displaying status
30-22
interaction with other features
30-8
monitored ports
30-5
monitoring ports
30-7
overview
1-13, 30-1
ports, restrictions
29-12
received traffic
30-4
sessions
configuring ingress forwarding
30-14, 30-21
creating
30-11
defined
30-3
limiting source traffic to specific VLANs
30-14
removing destination (monitoring) ports
30-12
specifying monitored ports
30-11
with ingress traffic enabled
30-13
source ports
30-5
transmitted traffic
30-5
VLAN-based
30-6
spanning tree and native VLANs
17-16
Spanning Tree Protocol
See STP
SPAN traffic
30-4
split horizon, RIP
41-22
SRR
configuring
shaped weights on egress queues
39-74
shared weights on egress queues
39-75
shared weights on ingress queues
39-68
described
39-14
shaped mode
39-14
shared mode
39-14
support for
1-12
SSH
configuring
11-47
cryptographic software image
11-45
described
1-5, 11-46
encryption methods
11-46
user authentication methods, supported
11-46
SSL
configuration guidelines
11-53
configuring a secure HTTP client
11-55
configuring a secure HTTP server
11-54
cryptographic software image
11-50
described
11-50
monitoring
11-56
standby command switch
configuring
considerations
6-11
defined
6-2
priority
6-10
requirements
6-3
virtual IP address
6-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby ip command
46-6
standby links
26-2
standby router
46-1
standby timers, HSRP
46-11
startup configuration
booting
manually
4-18
specific image
4-19
clearing
A-18
configuration file
automatically downloading
4-17
specifying the filename
4-17
default boot configuration
4-17
static access ports
assigning to VLAN
17-9
defined
15-3, 17-3
static addresses
See addresses
static IP routing
1-12
static MAC addressing
1-8
static route primary interface,configuring
48-10
static routes
configuring
41-88
configuring for IPv6
42-19
understanding
42-6
static routing
41-3
static routing support, enhanced object tracking
48-10
static VLAN membership
17-2
statistics
802.1X
13-17
802.1x
12-64
CDP
32-5
interface
15-25
LLDP
31-11
LLDP-MED
31-11
NMSP
31-11
OSPF
41-32
QoS ingress and egress
39-78
RMON group Ethernet
34-5
RMON group history
34-5
SNMP input and output
36-20
VTP
18-16
sticky learning
29-9
storm control
configuring
29-3
described
29-1
disabling
29-5
displaying
29-23
support for
1-3
thresholds
29-1
STP
accelerating root port selection
24-4
and REP
25-6
BackboneFast
described
24-5
disabling
24-14
enabling
24-13
BPDU filtering
described
24-3
disabling
24-12
enabling
24-12
BPDU guard
described
24-2
disabling
24-12
enabling
24-11
BPDU message exchange
22-3
configuration guidelines
22-12, 24-10
configuring
forward-delay time
22-21
hello time
22-20
maximum aging time
22-21
path cost
22-18
port priority
22-17
root switch
22-14
secondary root switch
22-16
spanning-tree mode
22-13
switch priority
22-19
transmit hold-count
22-22
counters, clearing
22-22
default configuration
22-11
default optional feature configuration
24-9
designated port, defined
22-3
designated switch, defined
22-3
detecting indirect link failures
24-5
disabling
22-14
displaying status
22-22
EtherChannel guard
described
24-7
disabling
24-14
enabling
24-14
extended system ID
effects on root switch
22-14
effects on the secondary root switch
22-16
overview
22-4
unexpected behavior
22-15
features supported
1-6
IEEE 802.1D and bridge ID
22-4
IEEE 802.1D and multicast addresses
22-8
IEEE 802.1t and VLAN identifier
22-4
inferior BPDU
22-3
instances supported
22-9
interface state, blocking to forwarding
24-2
interface states
blocking
22-5
disabled
22-7
forwarding
22-5, 22-6
learning
22-6
listening
22-6
overview
22-4
interoperability and compatibility among modes
22-10
Layer 2 protocol tunneling
21-7
limitations with IEEE 802.1Q trunks
22-10
load sharing
overview
17-21
using path costs
17-23
using port priorities
17-21
loop guard
described
24-9
enabling
24-15
modes supported
22-9
multicast addresses, effect of
22-8
optional features supported
1-7
overview
22-2
path costs
17-23
Port Fast
described
24-2
enabling
24-10
port priorities
17-22
preventing root switch selection
24-8
protocols supported
22-9
redundant connectivity
22-8
root guard
described
24-8
enabling
24-15
root port, defined
22-3
root switch
configuring
22-15
effects of extended system ID
22-4, 22-14
election
22-3
unexpected behavior
22-15
shutdown Port Fast-enabled port
24-2
status, displaying
22-22
superior BPDU
22-3
timers, described
22-20
UplinkFast
described
24-3
enabling
24-13
VLAN-bridge
22-10
stratum, NTP
7-2
stub areas, OSPF
41-28
stub routing, EIGRP
41-39
subdomains, private VLAN
20-1
subnet mask
41-5
subnet zero
41-6
success response, VMPS
17-25
summer time
7-6
SunNet Manager
1-4
supernet
41-6
supported port-based authentication methods
12-7
SVI autostate exclude
configuring
15-22
defined
15-6
SVI link state
15-6
SVIs
and IP unicast routing
41-3
and router ACLs
38-4
connecting VLANs
15-7
defined
15-5
routing between VLANs
17-2
switch
42-2
switch clustering technology
6-1
See also clusters, switch
switch console port
1-5
Switch Database Management
See SDM
switched packets, ACLs on
38-40
Switched Port Analyzer
See SPAN
switched ports
15-2
switchport backup interface
26-4, 26-5
switchport block multicast command
29-8
switchport block unicast command
29-8
switchport command
15-13
switchport mode dot1q-tunnel command
21-6
switchport protected command
29-7
switch priority
MSTP
23-21
STP
22-19
switch software features
1-1
switch virtual interface
See SVI
SXP
configuration process
14-2
configuring peer connections
14-2
default passwords
14-4
enabling
14-2
reconcile period
14-5
retry period
14-5
source IP address
14-4
synchronization, BGP
41-45
syslog
See system message logging
system capabilities TLV
31-2
system clock
configuring
daylight saving time
7-6
manually
7-4
summer time
7-6
time zones
7-5
displaying the time and date
7-5
overview
7-1
See also NTP
system description TLV
31-2
system message logging
default configuration
35-3
defining error message severity levels
35-8
disabling
35-4
displaying the configuration
35-13
enabling
35-4
facility keywords, described
35-13
level keywords, described
35-9
limiting messages
35-10
message format
35-2
overview
35-1
sequence numbers, enabling and disabling
35-8
setting the display destination device
35-5
synchronizing log messages
35-6
syslog facility
1-13
time stamps, enabling and disabling
35-7
UNIX syslog servers
configuring the daemon
35-12
configuring the logging facility
35-12
facilities supported
35-13
system MTU
and IS-IS LSPs
41-66
system MTU and IEEE 802.1Q tunneling
21-5
system name
default configuration
7-8
default setting
7-8
manual configuration
7-8
See also DNS
system name TLV
31-2
system prompt, default setting
7-7, 7-8
system resources, optimizing
10-1
system routing
IS-IS
41-62
ISO IGRP
41-62
T
TACACS+
accounting, defined
11-11
authentication, defined
11-11
authorization, defined
11-11
configuring
accounting
11-17
authentication key
11-13
authorization
11-16
login authentication
11-14
default configuration
11-13
displaying the configuration
11-18
identifying the server
11-13
in clusters
6-14
limiting the services to the user
11-16
operation of
11-12
overview
11-10
support for
1-10
tracking services accessed by user
11-17
tagged packets
IEEE 802.1Q
21-3
Layer 2 protocol
21-7
tar files
creating
A-6
displaying the contents of
A-6
extracting
A-7
image file format
A-22
TCL script, registering and defining with embedded event manager
37-6
TDR
1-14
Telnet
accessing management interfaces
2-10
number of connections
1-5
setting a password
11-6
temperature alarms, configuring
3-7, 3-8
temporary self-signed certificate
11-51
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password
11-6
TFTP
configuration files
downloading
A-10
preparing the server
A-10
uploading
A-11
configuration files in base directory
4-7
configuring for autoconfiguration
4-7
image files
deleting
A-25
downloading
A-24
preparing the server
A-24
uploading
A-26
limiting access by servers
36-18
TFTP server
1-4
threshold, traffic level
29-2
threshold monitoring, IP SLAs
47-6
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command
38-17
time ranges in ACLs
38-17
time stamps in log messages
35-7
time zones
7-5
TLVs
defined
31-1
LLDP
31-2
LLDP-MED
31-2
Token Ring VLANs
support for
17-6
VTP support
18-4
ToS
1-11
traceroute, Layer 2
and ARP
36-12
and CDP
36-11
broadcast traffic
36-11
described
36-11
IP addresses and subnets
36-12
MAC addresses and VLANs
36-12
multicast traffic
36-12
multiple devices on a port
36-12
unicast traffic
36-11
usage guidelines
36-11
traceroute command
36-13
See also IP traceroute
tracked lists
configuring
48-3
types
48-3
tracked objects
by Boolean expression
48-4
by threshold percentage
48-6
by threshold weight
48-5
tracking interface line-protocol state
48-2
tracking IP routing state
48-2
tracking objects
48-1
tracking process
48-1
track state, tracking IP SLAs
48-9
traffic
blocking flooded
29-8
fragmented
38-5
fragmented IPv6
44-2
unfragmented
38-5
traffic policing
1-11
traffic suppression
29-1
transmit hold-count
see STP
transparent mode, VTP
18-3
trap-door mechanism
4-2
traps
configuring MAC address notification
7-15, 7-17, 7-18
configuring managers
36-13
defined
36-3
enabling
7-15, 7-17, 7-18, 36-13
notification types
36-14
overview
36-1, 36-4
triggering alarm options
configurable relay
3-3
methods
3-3
SNMP traps
3-4
syslog messages
3-4
troubleshooting
connectivity problems
36-9, 36-11, 36-12
CPU utilization
36-20
detecting unidirectional links
33-1
displaying crash information
36-19
setting packet forwarding
36-17
SFP security and identification
36-9
show forward command
36-17
with CiscoWorks
36-4
with debug commands
36-15
with ping
36-10
with system message logging
35-1
with traceroute
36-13
trunk failover
See link-state tracking
trunking encapsulation
1-7
trunk ports
configuring
17-17
defined
15-3, 17-3
trunks
allowed-VLAN list
17-18
load sharing
setting STP path costs
17-23
using STP port priorities
17-21, 17-22
native VLAN for untagged traffic
17-20
parallel
17-23
pruning-eligible list
17-19
to non-DTP device
17-15
trusted boundary for QoS
39-38
trusted port states
between QoS domains
39-40
classification options
39-5
ensuring port security for IP phones
39-38
support for
1-11
within a QoS domain
39-36
trustpoints, CA
11-50
tunneling
defined
21-1
IEEE 802.1Q
21-1
Layer 2 protocol
21-8
tunnel ports
defined
17-4
described
15-4, 21-1
IEEE 802.1Q, configuring
21-6
incompatibilities with other features
21-5
twisted-pair Ethernet, detecting unidirectional links
33-1
type of service
See ToS
U
UDLD
configuration guidelines
33-4
default configuration
33-4
disabling
globally
33-5
on fiber-optic interfaces
33-5
per interface
33-5
echoing detection mechanism
33-2
enabling
globally
33-5
per interface
33-5
Layer 2 protocol tunneling
21-10
link-detection mechanism
33-1
neighbor database
33-2
overview
33-1
resetting an interface
33-6
status, displaying
33-6
support for
1-6
UDP, configuring
41-14
UDP jitter, configuring
47-9
UDP jitter operation, IP SLAs
47-9
unauthorized ports with IEEE 802.1x
12-10
unicast MAC address filtering
1-5
and adding static addresses
7-21
and broadcast MAC addresses
7-20
and CPU packets
7-20
and multicast addresses
7-20
and router MAC addresses
7-20
configuration guidelines
7-20
described
7-20
unicast storm
29-1
unicast storm control command
29-4
unicast traffic, blocking
29-8
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration
35-12
facilities supported
35-13
message logging configuration
35-12
unrecognized Type-Length-Value (TLV) support
18-4
upgrading software images
See downloading
UplinkFast
described
24-3
disabling
24-13
enabling
24-13
uploading
configuration files
preparing
A-10, A-12, A-15
reasons for
A-8
using FTP
A-14
using RCP
A-17
using TFTP
A-11
image files
preparing
A-24, A-27, A-31
reasons for
A-22
using FTP
A-29
using RCP
A-33
using TFTP
A-26
User Datagram Protocol
See UDP
user EXEC mode
2-2
username-based authentication
11-6
V
version-dependent transparent mode
18-4
virtual IP address
cluster standby group
6-11
command switch
6-11
Virtual Private Network
See VPN
virtual router
46-1, 46-2
virtual switches and PAgP
40-5
vlan.dat file
17-5
VLAN 1, disabling on a trunk port
17-19
VLAN 1 minimization
17-18
VLAN ACLs
See VLAN maps
vlan-assignment response, VMPS
17-25
VLAN blocking, REP
25-12
VLAN configuration
at bootup
17-7
saving
17-7
VLAN configuration mode
2-2
VLAN database
and startup configuration file
17-7
and VTP
18-1
VLAN configuration saved in
17-7
VLANs saved in
17-4
vlan dot1q tag native command
21-4
VLAN filtering and SPAN
30-6
vlan global configuration command
17-7
VLAN ID, discovering
7-23
VLAN link state
15-6
VLAN load balancing
REP
25-4
VLAN load balancing, triggering
25-5
VLAN load balancing on flex links
26-2
configuration guidelines
26-8
VLAN management domain
18-2
VLAN Management Policy Server
See VMPS
VLAN map entries, order of
38-32
VLAN maps
applying
38-36
common uses for
38-36
configuration guidelines
38-32
configuring
38-31
creating
38-33
defined
38-2
denying access to a server example
38-37
denying and permitting packets
38-33
displaying
38-43
examples of ACLs and VLAN maps
38-33
removing
38-36
support for
1-8
wiring closet configuration example
38-37
VLAN membership
confirming
17-28
modes
17-3
VLAN Query Protocol
See VQP
VLANs
adding
17-8
adding to VLAN database
17-8
aging dynamic addresses
22-9
allowed on trunk
17-18
and spanning-tree instances
17-3, 17-6, 17-11
configuration guidelines, extended-range VLANs
17-11
configuration guidelines, normal-range VLANs
17-6
configuring
17-1
configuring IDs 1006 to 4094
17-11
connecting through SVIs
15-7
creating
17-8
customer numbering in service-provider networks
21-3
default configuration
17-7
deleting
17-9
described
15-2, 17-1
displaying
17-14
extended-range
17-1, 17-10
features
1-7
illustrated
17-2
internal
17-11
limiting source traffic with RSPAN
30-21
limiting source traffic with SPAN
30-14
modifying
17-8
native, configuring
17-20
normal-range
17-1, 17-4
number supported
1-7
parameters
17-5
port membership modes
17-3
static-access ports
17-9
STP and IEEE 802.1Q trunks
22-10
supported
17-2
Token Ring
17-6
traffic between
17-2
VLAN-bridge STP
22-10, 50-2
VTP modes
18-3
VLAN Trunking Protocol
See VTP
VLAN trunks
17-14
VMPS
administering
17-29
configuration example
17-30
configuration guidelines
17-26
default configuration
17-26
description
17-24
dynamic port membership
described
17-25
reconfirming
17-28
troubleshooting
17-30
entering server address
17-27
mapping MAC addresses to VLANs
17-24
monitoring
17-29
reconfirmation interval, changing
17-28
reconfirming membership
17-28
retry count, changing
17-29
voice aware 802.1x security
port-based authentication
configuring
12-37
described
12-29, 12-37
voice-over-IP
19-1
voice VLAN
Cisco 7960 phone, port connections
19-1
configuration guidelines
19-3
configuring IP phones for data traffic
override CoS of incoming frame
19-6
trust CoS priority of incoming frame
19-6
configuring ports for voice traffic in
802.1p priority tagged frames
19-5
802.1Q frames
19-5
connecting to an IP phone
19-4
default configuration
19-3
described
19-1
displaying
19-7
IP phone data traffic, described
19-2
IP phone voice traffic, described
19-2
VPN
configuring routing in
41-81
forwarding
41-74
in service provider networks
41-71
routes
41-72
VPN routing and forwarding table
See VRF
VQP
1-7, 17-24
VRF
defining
41-74
Specifying for an SXP connection
14-3
tables
41-71
VRF-aware services
ARP
41-78
configuring
41-77
ftp
41-80
HSRP
41-79
ping
41-78
SNMP
41-78
syslog
41-79
tftp
41-80
traceroute
41-80
VTP
adding a client to a domain
18-15
advertisements
17-16, 18-3
and extended-range VLANs
17-3, 18-1
and normal-range VLANs
17-2, 18-1
client mode, configuring
18-11
configuration
guidelines
18-8
requirements
18-10
saving
18-8
configuration requirements
18-10
configuration revision number
guideline
18-15
resetting
18-16
consistency checks
18-4
default configuration
18-7
described
18-1
domain names
18-8
domains
18-2
Layer 2 protocol tunneling
21-7
modes
client
18-3
off
18-3
server
18-3
transitions
18-3
transparent
18-3
monitoring
18-16
passwords
18-8
pruning
disabling
18-14
enabling
18-14
examples
18-6
overview
18-5
support for
1-7
pruning-eligible list, changing
17-19
server mode, configuring
18-10, 18-13
statistics
18-16
support for
1-7
Token Ring support
18-4
transparent mode, configuring
18-10
using
18-1
Version
enabling
18-13
version, guidelines
18-9
Version 1
18-4
Version 2
configuration guidelines
18-9
overview
18-4
Version 3
overview
18-4
W
WCCP
authentication
49-3
configuration guidelines
49-5
default configuration
49-5
described
49-1
displaying
49-9
dynamic service groups
49-3
enabling
49-6
features unsupported
49-4
forwarding method
49-3
Layer-2 header rewrite
49-3
MD5 security
49-3
message exchange
49-2
monitoring and maintaining
49-9
negotiation
49-3
packet redirection
49-3
packet-return method
49-3
redirecting traffic received from a client
49-6
setting the password
49-6
unsupported WCCPv2 features
49-4
web authentication
12-16
configuring
13-16 to ??
described
1-8
web-based authentication
customizeable web pages
13-6
description
13-1
web-based authentication, interactions with other features
13-7
Web Cache Communication Protocol
See WCCP
weighted tail drop
See WTD
weight thresholds in tracked lists
48-5
wired location service
configuring
31-9
displaying
31-11
location TLV
31-3
understanding
31-3
WTD
described
39-13
setting thresholds
egress queue-sets
39-71
ingress queues
39-67
support for
1-12
X
Xmodem protocol
36-2