Index

A

AAA down policy, NAC Layer 2 IP validation 1-10

abbreviating commands 2-4

ABRs 41-24

AC (command switch) 6-10

access-class command 38-20

access control entries

See ACEs

access control entry (ACE) 44-3

access-denied response, VMPS 17-25

access groups

applying IPv4 ACLs to interfaces 38-21

Layer 2 38-21

Layer 3 38-21

accessing

clusters, switch 6-13

command switches 6-11

member switches 6-13

switch clusters 6-13

access lists

See ACLs

access ports

and Layer 2 protocol tunneling 21-10

defined 15-3

in switch clusters 6-9

accounting

with 802.1x 12-48

with IEEE 802.1x 12-14

with RADIUS 11-35

with TACACS+ 11-11, 11-17

ACEs

and QoS 39-7

defined 38-2

Ethernet 38-2

IP 38-2

ACLs

ACEs 38-2

any keyword 38-13

applying

on bridged packets 38-40

on multicast packets 38-42

on routed packets 38-41

on switched packets 38-40

time ranges to 38-17

to an interface 38-20, 44-7

to IPv6 interfaces 44-7

to QoS 39-7

classifying traffic for QoS 39-43

comments in 38-19

compiling 38-23

defined 38-1, 38-7

examples of 38-23, 39-43

extended IP, configuring for QoS classification 39-44

extended IPv4

creating 38-10

matching criteria 38-7

hardware and software handling 38-22

host keyword 38-13

IP

creating 38-7

fragments and QoS guidelines 39-33

implicit deny 38-10, 38-15, 38-17

implicit masks 38-10

matching criteria 38-7

undefined 38-22

IPv4

applying to interfaces 38-20

creating 38-7

matching criteria 38-7

named 38-15

numbers 38-8

terminal lines, setting on 38-20

unsupported features 38-7

IPv6

applying to interfaces 44-7

configuring 44-3, 44-4

displaying 44-8

interactions with other features 44-4

limitations 44-2, 44-3

matching criteria 44-3

named 44-2

precedence of 44-2

supported 44-2

unsupported features 44-3

Layer 4 information in 38-39

logging messages 38-9

MAC extended 38-28, 39-45

matching 38-7, 38-21, 44-3

monitoring 38-43, 44-8

named, IPv4 38-15

named, IPv6 44-2

names 44-4

number per QoS class map 39-33

port 38-2, 44-1

precedence of 38-2

QoS 39-7, 39-43

resequencing entries 38-15

router 38-2, 44-1

router ACLs and VLAN map configuration guidelines 38-39

standard IP, configuring for QoS classification 39-43

standard IPv4

creating 38-9

matching criteria 38-7

support for 1-8

support in hardware 38-22

time ranges 38-17

types supported 38-2

unsupported features, IPv4 38-7

unsupported features, IPv6 44-3

using router ACLs with VLAN maps 38-38

VLAN maps

configuration guidelines 38-32

configuring 38-31

active link 26-4, 26-5, 26-6

active links 26-2

active router 46-1

active traffic monitoring, IP SLAs 47-1

addresses

displaying the MAC address table 7-23

dynamic

accelerated aging 22-8

changing the aging time 7-14

default aging 22-8

defined 7-12

learning 7-13

removing 7-15

IPv6 42-2

MAC, discovering 7-23

multicast

STP address management 22-8

static

adding and removing 7-19

defined 7-12

address resolution 7-23, 41-8

Address Resolution Protocol

See ARP

adjacency tables, with CEF 41-87

administrative distances

defined 41-99

OSPF 41-30

routing protocol defaults 41-89

administrative VLAN

REP, configuring 25-8

administrative VLAN, REP 25-8

advertisements

CDP 32-1

LLDP 31-1, 31-2

RIP 41-18

VTP 17-16, 18-3

age timer, REP 25-8

aggregatable global unicast addresses 42-3

aggregate addresses, BGP 41-57

aggregated ports

See EtherChannel

aggregate policers 39-58

aggregate policing 1-11

aging, accelerating 22-8

aging time

accelerated

for MSTP 23-23

for STP 22-8, 22-21

MAC address table 7-14

maximum

for MSTP 23-23, 23-24

for STP 22-21, 22-22

alarm profiles

configuring 3-12

creating or modifying 3-11

alarms

displaying 3-13

power supply 3-2

temperature 3-2

alarms, RMON 34-3

allowed-VLAN list 17-18

application engines, redirecting traffic to 49-1

area border routers

See ABRs

area routing

IS-IS 41-62

ISO IGRP 41-62

ARP

configuring 41-9

defined 1-5, 7-23, 41-8

encapsulation 41-10

static cache configuration 41-9

table

address resolution 7-23

managing 7-23

ASBRs 41-24

AS-path filters, BGP 41-52

associating the temperature alarms to a relay 3-9

asymmetrical links, and IEEE 802.1Q tunneling 21-4

attaching an alarm profile to a port 3-12

attributes, RADIUS

vendor-proprietary 11-38

vendor-specific 11-36

attribute-value pairs 12-12, 12-15, 12-20

authentication

EIGRP 41-38

HSRP 46-10

local mode with AAA 11-44

open1x 12-29

RADIUS

key 11-28

login 11-30

TACACS+

defined 11-11

key 11-13

login 11-14

See also port-based authentication

authentication compatibility with Catalyst 6000 switches 12-8

authentication failed VLAN

See restricted VLAN

authentication keys, and routing protocols 41-99

authentication manager

CLI commands 12-9

compatibility with older 802.1x CLI commands 12-9 to ??

overview 12-7

authoritative time source, described 7-2

authorization

with RADIUS 11-34

with TACACS+ 11-11, 11-16

authorized ports with IEEE 802.1x 12-10

autoconfiguration 4-3

auto enablement 12-30

automatic discovery

considerations

beyond a noncandidate device 6-7

brand new switches 6-9

connectivity 6-4

different VLANs 6-6

management VLANs 6-7

non-CDP-capable devices 6-6

noncluster-capable devices 6-6

routed ports 6-8

in switch clusters 6-4

See also CDP

automatic QoS

See QoS

automatic recovery, clusters 6-10

See also HSRP

auto-MDIX

configuring 15-19

described 15-19

autonegotiation

duplex mode 1-2

interface configuration guidelines 15-16

mismatches 36-8

autonomous system boundary routers

See ASBRs

autonomous systems, in BGP 41-45

autosensing, port speed 1-2

Auto Smartports macros

displaying 16-5

autostate exclude 15-6

auxiliary VLAN

See voice VLAN

availability, features 1-6

B

BackboneFast

described 24-5

disabling 24-14

enabling 24-13

backup interfaces

See Flex Links

backup links 26-2

backup static routing, configuring 48-11

banners

configuring

login 7-12

message-of-the-day login 7-11

default configuration 7-10

when displayed 7-10

Berkeley r-tools replacement 11-56

BGP

aggregate addresses 41-57

aggregate routes, configuring 41-57

CIDR 41-57

clear commands 41-61

community filtering 41-54

configuring neighbors 41-55

default configuration 41-43

described 41-42

enabling 41-45

monitoring 41-61

multipath support 41-49

neighbors, types of 41-45

path selection 41-49

peers, configuring 41-55

prefix filtering 41-53

resetting sessions 41-48

route dampening 41-60

route maps 41-51

route reflectors 41-59

routing domain confederation 41-58

routing session with multi-VRF CE 41-81

show commands 41-61

supernets 41-57

support for 1-12

Version 4 41-42

binding cluster group and HSRP group 46-12

binding database

address, DHCP server

See DHCP, Cisco IOS server database

DHCP snooping

See DHCP snooping binding database

bindings

address, Cisco IOS DHCP server 27-7

DHCP snooping database 27-7

IP source guard 27-16

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets 29-7

Boolean expressions in tracked lists 48-4

booting

boot loader, function of 4-2

boot process 4-2

manually 4-18

specific image 4-19

boot loader

accessing 4-19

described 4-2

environment variables 4-19

prompt 4-19

trap-door mechanism 4-2

Border Gateway Protocol

See BGP

BPDU

error-disabled state 24-2

filtering 24-3

RSTP format 23-12

BPDU filtering

described 24-3

disabling 24-12

enabling 24-12

support for 1-7

BPDU guard

described 24-2

disabling 24-12

enabling 24-11

support for 1-7

bridged packets, ACLs on 38-40

bridge groups

See fallback bridging

bridge protocol data unit

See BPDU

broadcast flooding 41-16

broadcast packets

directed 41-13

flooded 41-13

broadcast storm-control command 29-4

broadcast storms 29-1, 41-13

C

cables, monitoring for unidirectional links 33-1

candidate switch

automatic discovery 6-4

defined 6-3

requirements 6-3

See also command switch, cluster standby group, and member switch

Catalyst 6000 switches

authentication compatibility 12-8

CA trustpoint

configuring 11-53

defined 11-50

CDP

and trusted boundary 39-39

automatic discovery in switch clusters 6-4

configuring 32-2

default configuration 32-2

defined with LLDP 31-1

described 32-1

disabling for routing device 32-4

enabling and disabling

on an interface 32-4

on a switch 32-4

Layer 2 protocol tunneling 21-7

monitoring 32-5

overview 32-1

support for 1-5

transmission timer and holdtime, setting 32-3

updates 32-3

CEF

defined 41-86

enabling 41-87

IPv6 42-18

CGMP

switch support of 1-3

CIDR 41-57

CipherSuites 11-52

Cisco 7960 IP Phone 19-1

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco IOS DHCP server

See DHCP, Cisco IOS DHCP server

Cisco IOS File System

See IFS

Cisco IOS IP SLAs 47-1

Cisco Secure ACS

attribute-value pairs for downloadable ACLs 12-20

attribute-value pairs for redirect URL 12-20

Cisco Secure ACS configuration guide 12-59

Cisco TrustSec

configuring 14-9

connection caching 14-8

Cisco TrustSec caching

clearing 14-9

enabling 14-8

CiscoWorks 2000 1-4, 36-4

CISP 12-30

CIST regional root

See MSTP

CIST root

See MSTP

civic location 31-3

classless interdomain routing

See CIDR

classless routing 41-6

class maps for QoS

configuring 39-46

described 39-7

displaying 39-78

class of service

See CoS

clearing interfaces 15-26

CLI

abbreviating commands 2-4

command modes 2-1

configuration logging 2-5

described 1-4

editing features

enabling and disabling 2-7

keystroke editing 2-8

wrapped lines 2-9

error messages 2-5

filtering command output 2-10

getting help 2-3

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

managing clusters 6-14

no and default forms of commands 2-4

Client Information Signalling Protocol

See CISP

client mode, VTP 18-3

client processes, tracking 48-1

CLNS

See ISO CLNS

clock

See system clock

clusters, switch

accessing 6-13

automatic discovery 6-4

automatic recovery 6-10

benefits 1-2

compatibility 6-4

described 6-1

LRE profile considerations 6-14

managing

through CLI 6-14

through SNMP 6-15

planning 6-4

planning considerations

automatic discovery 6-4

automatic recovery 6-10

CLI 6-14

host names 6-13

IP addresses 6-13

LRE profiles 6-14

passwords 6-13

RADIUS 6-14

SNMP 6-14, 6-15

TACACS+ 6-14

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

and HSRP group 46-12

automatic recovery 6-12

considerations 6-11

defined 6-2

requirements 6-3

virtual IP address 6-11

See also HSRP

CNS 1-4

Configuration Engine

configID, deviceID, hostname 5-3

configuration service 5-2

described 5-1

event service 5-3

embedded agents

described 5-5

enabling automated configuration 5-6

enabling configuration agent 5-9

enabling event agent 5-7

management functions 1-4

CoA Request Commands 11-24

command-line interface

See CLI

command modes 2-1

commands

abbreviating 2-4

no and default 2-4

commands, setting privilege levels 11-8

command switch

accessing 6-11

active (AC) 6-10

configuration conflicts 36-7

defined 6-1

passive (PC) 6-10

password privilege levels 6-15

priority 6-10

recovery

from command-switch failure 6-10, 36-4

from lost member connectivity 36-7

redundant 6-10

replacing

with another switch 36-6

with cluster member 36-4

requirements 6-3

standby (SC) 6-10

See also candidate switch, cluster standby group, member switch, and standby command switch

community list, BGP 41-54

community ports 20-2

community strings

configuring 6-14, 36-9

for cluster switches 36-4

in clusters 6-14

overview 36-4

SNMP 6-14

community VLANs 20-2, 20-3

compatibility, feature 29-12

config.text 4-17

configuration, initial

defaults 1-14

Express Setup 1-2

configuration changes, logging 35-10

configuration conflicts, recovering from lost member connectivity 36-7

configuration examples, network 1-17

configuration files

archiving A-18

clearing the startup configuration A-18

creating using a text editor A-9

default name 4-17

deleting a stored configuration A-18

described A-8

downloading

automatically 4-17

preparing A-10, A-12, A-15

reasons for A-8

using FTP A-13

using RCP A-16

using TFTP A-10

guidelines for creating and using A-8

guidelines for replacing and rolling back A-19

invalid combinations when copying A-5

limiting TFTP server access 36-18

obtaining with DHCP 4-9

password recovery disable considerations 11-5

replacing a running configuration A-18, A-19

rolling back a running configuration A-18, A-19

specifying the filename 4-17

system contact and location information 36-18

types and location A-9

uploading

preparing A-10, A-12, A-15

reasons for A-8

using FTP A-14

using RCP A-17

using TFTP A-11

configuration guidelines

REP 25-7

configuration guidelines, multi-VRF CE 41-74

configuration logger 35-10

configuration logging 2-5

configuration replacement A-18

configuration rollback A-18

configuration settings, saving 4-15

configure terminal command 15-9

configuring 802.1x user distribution 12-55

configuring port-based authentication violation modes 12-38 to 12-39

configuring small-frame arrival rate 29-5

config-vlan mode 2-2

conflicts, configuration 36-7

connections, secure remote 11-46

connectivity problems 36-9, 36-11, 36-12

consistency checks in VTP Version 2 18-4

console port, connecting to 2-10

content-routing technology

See WCCP

control protocol, IP SLAs 47-4

convergence

REP 25-4

corrupted software, recovery steps with Xmodem 36-2

CoS

override priority 19-6

trust priority 19-6

CoS input queue threshold map for QoS 39-16

CoS output queue threshold map for QoS 39-18

CoS-to-DSCP map for QoS 39-61

counters, clearing interface 15-26

CPU utilization, troubleshooting 36-20

crashinfo file 36-19

critical authentication, IEEE 802.1x 12-51

critical VLAN 12-23

cryptographic software image

Kerberos 11-40

SSH 11-45

SSL 11-50

CTS

configuring 14-9

customer edge devices 41-72

customjzeable web pages, web-based authentication 13-6

D

DACL

See downloadable ACL

daylight saving time 7-6

debugging

enabling all system diagnostics 36-16

enabling for a specific feature 36-16

redirecting error message output 36-16

using commands 36-15

default commands 2-4

default configuration

802.1x 12-33

auto-QoS 39-20

banners 7-10

BGP 41-43

booting 4-17

CDP 32-2

DHCP 27-9

DHCP option 82 27-9

DHCP snooping 27-9

DHCP snooping binding database 27-9

DNS 7-9

dynamic ARP inspection 28-5

EIGRP 41-34

EtherChannel 40-10

Ethernet interfaces 15-13

fallback bridging 50-3

Flex Links 26-8

HSRP 46-5

IEEE 802.1Q tunneling 21-4

IGMP snooping 45-5, 45-6

initial switch information 4-3

IP addressing, IP routing 41-4

IP SLAs 47-6

IP source guard 27-18

IPv6 42-10

IS-IS 41-63

Layer 2 interfaces 15-13

Layer 2 protocol tunneling 21-11

LLDP 31-4

MAC address table 7-14

MAC address-table move update 26-8

MSTP 23-14

multi-VRF CE 41-74

optional spanning-tree configuration 24-9

OSPF 41-25

password and privilege level 11-2

private VLANs 20-6

PROFINET 9-4

PTP 8-2

RADIUS 11-27

REP 25-7

RIP 41-19

RMON 34-3

RSPAN 30-9

SDM template 10-3

SNMP 36-8

SPAN 30-9

SSL 11-52

standard QoS 39-30

STP 22-11

system message logging 35-3

system name and prompt 7-8

TACACS+ 11-13

UDLD 33-4

VLAN, Layer 2 Ethernet interfaces 17-16

VLANs 17-7

VMPS 17-26

voice VLAN 19-3

VTP 18-7

WCCP 49-5

default gateway 4-15, 41-11

default networks 41-90

default router preference

See DRP

default routes 41-89

default routing 41-2

default web-based authentication configuration

802.1X 13-9

deleting VLANs 17-9

denial-of-service attack 29-1

description command 15-20

designing your network, examples 1-17

destination addresses

in IPv4 ACLs 38-12

in IPv6 ACLs 44-5

destination-IP address-based forwarding, EtherChannel 40-8

destination-MAC address forwarding, EtherChannel 40-8

detecting indirect link failures, STP 24-5

device A-22

device discovery protocol 31-1, 32-1

device manager

benefits 1-2

described 1-2, 1-4

in-band management 1-5

upgrading a switch A-22

DHCP

Cisco IOS server database

configuring 27-14

default configuration 27-9

described 27-7

DHCP for IPv6

See DHCPv6

enabling

relay agent 27-11

DHCP-based autoconfiguration

client request message exchange 4-4

configuring

client side 4-4

DNS 4-8

relay device 4-8

server side 4-6

TFTP server 4-7

example 4-9

lease options

for IP address information 4-6

for receiving the configuration file 4-7

overview 4-3

relationship to BOOTP 4-4

relay support 1-4, 1-13

support for 1-4

DHCP-based autoconfiguration and image update

configuring 4-11 to 4-14

understanding 4-5 to 4-6

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP object tracking, configuring primary interface 48-10

DHCP option 82

circuit ID suboption 27-5

configuration guidelines 27-9

default configuration 27-9

displaying 27-16

forwarding address, specifying 27-11

helper address 27-11

overview 27-4

packet format, suboption

circuit ID 27-5

remote ID 27-5

remote ID suboption 27-5

DHCP server port-based address allocation

configuration guidelines 27-27

default configuration 27-27

described 27-26

displaying 27-30

enabling 27-27

reserved addresses 27-28

DHCP server port-based address assignment

support for 1-5

DHCP snooping

accepting untrusted packets form edge switch 27-3, 27-13

and private VLANs 27-14

binding database

See DHCP snooping binding database

configuration guidelines 27-9

default configuration 27-9

displaying binding tables 27-16

message exchange process 27-4

option 82 data insertion 27-4

trusted interface 27-2

untrusted interface 27-2

untrusted messages 27-2

DHCP snooping binding database

adding bindings 27-15

binding file

format 27-8

location 27-7

bindings 27-7

clearing agent statistics 27-15

configuration guidelines 27-10

configuring 27-15

default configuration 27-9

deleting

binding file 27-15

bindings 27-15

database agent 27-15

described 27-7

displaying 27-16

binding entries 27-16

status and statistics 27-16

enabling 27-15

entry 27-7

renewing database 27-15

resetting

delay value 27-15

timeout value 27-15

DHCP snooping binding table

See DHCP snooping binding database

DHCPv6

configuration guidelines 42-15

default configuration 42-15

described 42-6

enabling client function 42-17

enabling DHCPv6 server function 42-15

support for 1-13

Differentiated Services architecture, QoS 39-2

Differentiated Services Code Point 39-2

Diffusing Update Algorithm (DUAL) 41-33

directed unicast requests 1-5

directories

changing A-4

creating and removing A-4

displaying the working A-4

discovery, clusters

See automatic discovery

displaying switch alarms 3-13

Distance Vector Multicast Routing Protocol

See DVMRP

distance-vector protocols 41-3

distribute-list command 41-98

DNS

and DHCP-based autoconfiguration 4-8

default configuration 7-9

displaying the configuration 7-10

in IPv6 42-3

overview 7-8

setting up 7-9

support for 1-4

domain names

DNS 7-8

VTP 18-8

Domain Name System

See DNS

domains, ISO IGRP routing 41-62

dot1q-tunnel switchport mode 17-15

double-tagged packets

IEEE 802.1Q tunneling 21-2

Layer 2 protocol tunneling 21-10

downloadable ACL 12-18, 12-20, 12-59

downloading

configuration files

preparing A-10, A-12, A-15

reasons for A-8

using FTP A-13

using RCP A-16

using TFTP A-10

image files

deleting old image A-25

preparing A-24, A-27, A-31

reasons for A-22

using FTP A-28

using HTTP A-22

using RCP A-32

using TFTP A-24

using the device manager or Network Assistant A-22

drop threshold for Layer 2 protocol packets 21-11

DRP

configuring 42-13

described 42-4

IPv6 42-4

support for 1-13

DSCP 1-11, 39-2

DSCP input queue threshold map for QoS 39-16

DSCP output queue threshold map for QoS 39-18

DSCP-to-CoS map for QoS 39-64

DSCP-to-DSCP-mutation map for QoS 39-65

DSCP transparency 39-40

DTP 1-7, 17-15

dual-action detection 40-5

DUAL finite state machine, EIGRP 41-34

dual IPv4 and IPv6 templates 10-2, 42-5

dual protocol stacks

IPv4 and IPv6 42-5

SDM templates supporting 42-6

dual-purpose uplinks

defined 15-6

LEDs 15-7

link selection 15-6, 15-14

setting the type 15-14

DVMRP

support for 1-13

dynamic access ports

characteristics 17-3

configuring 17-27

defined 15-3

dynamic addresses

See addresses

dynamic ARP inspection

ARP cache poisoning 28-1

ARP requests, described 28-1

ARP spoofing attack 28-1

clearing

log buffer 28-15

statistics 28-15

configuration guidelines 28-5

configuring

ACLs for non-DHCP environments 28-8

in DHCP environments 28-7

log buffer 28-12

rate limit for incoming ARP packets 28-4, 28-10

default configuration 28-5

denial-of-service attacks, preventing 28-10

described 28-1

DHCP snooping binding database 28-2

displaying

ARP ACLs 28-14

configuration and operating state 28-14

log buffer 28-15

statistics 28-15

trust state and rate limit 28-14

error-disabled state for exceeding rate limit 28-4

function of 28-2

interface trust states 28-3

log buffer

clearing 28-15

configuring 28-12

displaying 28-15

logging of dropped packets, described 28-4

man-in-the middle attack, described 28-2

network security issues and interface trust states 28-3

priority of ARP ACLs and DHCP snooping entries 28-4

rate limiting of ARP packets

configuring 28-10

described 28-4

error-disabled state 28-4

statistics

clearing 28-15

displaying 28-15

validation checks, performing 28-11

dynamic auto trunking mode 17-15

dynamic desirable trunking mode 17-15

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described 17-25

reconfirming 17-28

troubleshooting 17-30

types of connections 17-27

dynamic routing 41-3

ISO CLNS 41-62

Dynamic Trunking Protocol

See DTP

E

EBGP 41-41

editing features

enabling and disabling 2-7

keystrokes used 2-8

wrapped lines 2-9

EIGRP

authentication 41-38

components 41-34

configuring 41-36

default configuration 41-34

definition 41-33

interface parameters, configuring 41-37

monitoring 41-40

stub routing 41-39

ELIN location 31-3

embedded event manager

actions 37-4

configuring 37-1, 37-5

displaying information 37-7

environmental variables 37-4

event detectors 37-2

policies 37-4

registering and defining an applet 37-5

registering and defining a TCL script 37-6

understanding 37-1

enable password 11-3

enable secret password 11-3

enabling SNMP traps 3-13

encryption, CipherSuite 11-52

encryption for passwords 11-3

Enhanced IGRP

See EIGRP

enhanced object tracking

backup static routing 48-11

commands 48-1

defined 48-1

DHCP primary interface 48-10

HSRP 48-7

IP routing state 48-2

IP SLAs 48-9

line-protocol state 48-2

network monitoring with IP SLAs 48-11

routing policy, configuring 48-11

static route primary interface 48-10

tracked lists 48-3

enhanced object tracking static routing 48-10

environmental variables, embedded event manager 37-4

environment variables, function of 4-20

equal-cost routing 1-12, 41-88

error-disabled state, BPDU 24-2

error messages during command entry 2-5

EtherChannel

automatic creation of 40-4, 40-6

channel groups

binding physical and logical interfaces 40-3

numbering of 40-3

configuration guidelines 40-10

configuring

Layer 2 interfaces 40-11

Layer 3 physical interfaces 40-14

Layer 3 port-channel logical interfaces 40-13

default configuration 40-10

described 40-2

displaying status 40-20

forwarding methods 40-7, 40-16

IEEE 802.3ad, described 40-6

interaction

with STP 40-10

with VLANs 40-11

LACP

described 40-6

displaying status 40-20

hot-standby ports 40-18

interaction with other features 40-7

modes 40-6

port priority 40-19

system priority 40-19

Layer 3 interface 41-3

load balancing 40-7, 40-16

logical interfaces, described 40-3

PAgP

aggregate-port learners 40-17

compatibility with Catalyst 1900 40-17

described 40-4

displaying status 40-20

interaction with other features 40-6

interaction with virtual switches 40-5

learn method and priority configuration 40-17

modes 40-5

support for 1-3

with dual-action detection 40-5

port-channel interfaces

described 40-3

port groups 15-6

support for 1-3

EtherChannel guard

described 24-7

disabling 24-14

enabling 24-14

Ethernet VLANs

adding 17-8

defaults and ranges 17-7

modifying 17-8

EUI 42-3

event detectors, embedded event manager 37-2

events, RMON 34-3

examples

network configuration 1-17

expedite queue for QoS 39-76

Express Setup 1-2

See also getting started guide

extended crashinfo file 36-19

extended-range VLANs

configuration guidelines 17-11

configuring 17-10

creating 17-12

creating with an internal VLAN ID 17-13

defined 17-1

extended system ID

MSTP 23-17

STP 22-4, 22-14

extended universal identifier

See EUI

Extensible Authentication Protocol over LAN 12-1

external BGP

See EBGP

external neighbors, BGP 41-45

F

fa0 interface 1-5

fallback bridging

and protected ports 50-3

bridge groups

creating 50-3

described 50-1

displaying 50-10

function of 50-2

number supported 50-4

removing 50-4

bridge table

clearing 50-10

displaying 50-10

configuration guidelines 50-3

connecting interfaces with 15-7

default configuration 50-3

described 50-1

frame forwarding

flooding packets 50-2

forwarding packets 50-2

overview 50-1

protocol, unsupported 50-3

STP

disabling on an interface 50-9

forward-delay interval 50-8

hello BPDU interval 50-7

interface priority 50-6

maximum-idle interval 50-8

path cost 50-6

VLAN-bridge spanning-tree priority 50-5

VLAN-bridge STP 50-2

support for 1-12

SVIs and routed ports 50-1

unsupported protocols 50-3

VLAN-bridge STP 22-10

Fast Convergence 26-3

FCS bit error rate alarm

configuring 3-10

defined 3-3

FCS error hysteresis threshold 3-2

features, incompatible 29-12

FIB 41-87

fiber-optic, detecting unidirectional links 33-1

files

basic crashinfo

description 36-19

location 36-19

copying A-5

crashinfo, description 36-19

deleting A-5

displaying the contents of A-8

extended crashinfo

description 36-20

location 36-20

tar

creating A-6

displaying the contents of A-6

extracting A-7

image file format A-22

file system

displaying available file systems A-2

displaying file information A-3

local file system names A-1

network file system names A-5

setting the default A-2

filtering

in a VLAN 38-31

IPv6 traffic 44-3, 44-7

non-IP traffic 38-28

show and more command output 2-10

filtering show and more command output 2-10

filters, IP

See ACLs, IP

flash device, number of A-1

flexible authentication ordering

configuring 12-62

overview 12-28

Flex Link Multicast Fast Convergence 26-3

Flex Links

configuration guidelines 26-8

configuring 26-9

configuring preferred VLAN 26-12

configuring VLAN load balancing 26-11

default configuration 26-8

description 26-1

link load balancing 26-2

monitoring 26-15

VLANs 26-2

flooded traffic, blocking 29-8

flow-based packet classification 1-11

flowcharts

QoS classification 39-6

QoS egress queueing and scheduling 39-17

QoS ingress queueing and scheduling 39-15

QoS policing and marking 39-10

flowcontrol

configuring 15-18

described 15-18

forward-delay time

MSTP 23-23

STP 22-21

Forwarding Information Base

See FIB

forwarding nonroutable protocols 50-1

FTP

configuration files

downloading A-13

overview A-12

preparing the server A-12

uploading A-14

image files

deleting old image A-29

downloading A-28

preparing the server A-27

uploading A-29

G

general query 26-5

Generating IGMP Reports 26-3

get-bulk-request operation 36-3

get-next-request operation 36-3, 36-4

get-request operation 36-3, 36-4

get-response operation 36-3

global configuration mode 2-2

global status monitoring alarms 3-2

guest VLAN and 802.1x 12-21

GUIs

See device manager and Network Assistant

H

hardware limitations and Layer 3 interfaces 15-21

hello time

MSTP 23-22

STP 22-20

help, for the command line 2-3

hierarchical policy maps 39-8

configuration guidelines 39-33

configuring 39-52

described 39-11

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

history table, level and number of syslog messages 35-10

host names, in clusters 6-13

host ports

configuring 20-11

kinds of 20-2

hosts, limit on dynamic ports 17-30

Hot Standby Router Protocol

See HSRP

HP OpenView 1-4

HSRP

authentication string 46-10

automatic cluster recovery 6-12

binding to cluster group 46-12

cluster standby group considerations 6-11

command-switch redundancy 1-6

configuring 46-4

default configuration 46-5

definition 46-1

guidelines 46-6

monitoring 46-13

object tracking 48-7

overview 46-1

priority 46-8

routing redundancy 1-12

support for ICMP redirect messages 46-12

timers 46-11

tracking 46-8

See also clusters, cluster standby group, and standby command switch

HSRP for IPv6

configuring 42-24

guidelines 42-23

HTTP over SSL

see HTTPS

HTTPS 11-50

configuring 11-54

self-signed certificate 11-51

HTTP secure server 11-50

I

IBPG 41-41

ICMP

IPv6 42-4

redirect messages 41-11

support for 1-12

time-exceeded messages 36-13

traceroute and 36-13

unreachable messages 38-21

unreachable messages and IPv6 44-4

unreachables and ACLs 38-22

ICMP Echo operation

configuring 47-12

IP SLAs 47-11

ICMP ping

executing 36-10

overview 36-10

ICMP Router Discovery Protocol

See IRDP

ICMPv6 42-4

IDS appliances

and ingress RSPAN 30-20

and ingress SPAN 30-13

IEEE 802.1D

See STP

IEEE 802.1p 19-1

IEEE 802.1Q

and trunk ports 15-3

configuration limitations 17-16

encapsulation 17-14

native VLAN for untagged traffic 17-20

tunneling

compatibility with other features 21-5

defaults 21-4

described 21-1

tunnel ports with other features 21-6

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3x flow control 15-18

ifIndex values, SNMP 36-5

IFS 1-5

IGMP

leave processing, enabling 45-8

report suppression

disabling 45-11

support for 1-3

IGMP filtering

support for 1-3

IGMP helper 1-3

IGMP snooping

default configuration 45-5, 45-6

enabling and disabling 45-6

monitoring 45-11

support for 1-3

IGP 41-24

Immediate Leave, IGMP

enabling 45-8

inaccessible authentication bypass 12-23

support for multiauth ports 12-23

initial configuration

defaults 1-14

Express Setup 1-2

interface

range macros 15-11

interface command 15-8 to 15-9

interface configuration

REP 25-9

interface configuration mode 2-3

interfaces

auto-MDIX, configuring 15-19

configuration guidelines

duplex and speed 15-16

configuring

procedure 15-9

counters, clearing 15-26

default configuration 15-13

described 15-20

descriptive name, adding 15-20

displaying information about 15-25

flow control 15-18

management 1-4

monitoring 15-24

naming 15-20

physical, identifying 15-8

range of 15-9

restarting 15-26

shutting down 15-26

speed and duplex, configuring 15-17

status 15-24

supported 15-8

types of 15-1

interfaces range macro command 15-11

interface types 15-8

Interior Gateway Protocol

See IGP

internal BGP

See IBGP

internal neighbors, BGP 41-45

Internet Control Message Protocol

See ICMP

Internet Protocol version 6

See IPv6

inter-VLAN routing 1-12, 41-2

Intrusion Detection System

See IDS appliances

inventory management TLV 31-2, 31-7

IP ACLs

for QoS classification 39-7

implicit deny 38-10, 38-15

implicit masks 38-10

named 38-15

undefined 38-22

IP addresses

128-bit 42-2

candidate or member 6-3, 6-13

classes of 41-5

cluster access 6-2

command switch 6-3, 6-11, 6-13

default configuration 41-4

discovering 7-23

for IP routing 41-4

IPv6 42-2

MAC address association 41-8

monitoring 41-17

redundant clusters 6-11

standby command switch 6-11, 6-13

See also IP information

IP broadcast address 41-15

ip cef distributed command 41-87

IP directed broadcasts 41-13

IP information

assigned

manually 4-14

through DHCP-based autoconfiguration 4-3

default configuration 4-3

IP phones

and QoS 19-1

automatic classification and queueing 39-20

configuring 19-4

ensuring port security with QoS 39-38

trusted boundary for QoS 39-38

IP Port Security for Static Hosts

on a Layer 2 access port 27-20

on a PVLAN host port 27-24

IP precedence 39-2

IP-precedence-to-DSCP map for QoS 39-62

IP protocols

in ACLs 38-12

routing 1-12

IP routes, monitoring 41-100

IP routing

connecting interfaces with 15-7

disabling 41-18

enabling 41-18

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 47-1

IP SLAs

benefits 47-2

configuration guidelines 47-6

configuring object tracking 48-9

Control Protocol 47-4

default configuration 47-6

definition 47-1

ICMP echo operation 47-11

measuring network performance 47-3

monitoring 47-13

multioperations scheduling 47-5

object tracking 48-9

operation 47-3

reachability tracking 48-9

responder

described 47-4

enabling 47-8

response time 47-4

scheduling 47-5

SNMP support 47-2

supported metrics 47-2

threshold monitoring 47-6

track object monitoring agent, configuring 48-11

track state 48-9

UDP jitter operation 47-9

IP source guard

and 802.1x 27-19

and DHCP snooping 27-16

and EtherChannels 27-19

and port security 27-19

and private VLANs 27-19

and routed ports 27-18

and TCAM entries 27-19

and trunk interfaces 27-18

and VRF 27-19

binding configuration

automatic 27-16

manual 27-16

binding table 27-16

configuration guidelines 27-18

default configuration 27-18

described 27-16

disabling 27-20

displaying

active IP or MAC bindings 27-26

bindings 27-26

configuration 27-26

enabling 27-19, 27-20

filtering

source IP address 27-17

source IP and MAC address 27-17

source IP address filtering 27-17

source IP and MAC address filtering 27-17

static bindings

adding 27-19, 27-20

deleting 27-20

static hosts 27-20

IP traceroute

executing 36-13

overview 36-13

IP unicast routing

address resolution 41-8

administrative distances 41-89, 41-99

ARP 41-8

assigning IP addresses to Layer 3 interfaces 41-5

authentication keys 41-99

broadcast

address 41-15

flooding 41-16

packets 41-13

storms 41-13

classless routing 41-6

configuring static routes 41-88

default

addressing configuration 41-4

gateways 41-11

networks 41-90

routes 41-89

routing 41-2

directed broadcasts 41-13

disabling 41-18

dynamic routing 41-3

enabling 41-18

EtherChannel Layer 3 interface 41-3

IGP 41-24

inter-VLAN 41-2

IP addressing

classes 41-5

configuring 41-4

IRDP 41-11

Layer 3 interfaces 41-3

MAC address and IP address 41-8

passive interfaces 41-97

protocols

distance-vector 41-3

dynamic 41-3

link-state 41-3

proxy ARP 41-8

redistribution 41-90

reverse address resolution 41-8

routed ports 41-3

static routing 41-3

steps to configure 41-4

subnet mask 41-5

subnet zero 41-6

supernet 41-6

UDP 41-14

with SVIs 41-3

See also BGP

See also EIGRP

See also OSPF

See also RIP

IPv4 ACLs

applying to interfaces 38-20

extended, creating 38-10

named 38-15

standard, creating 38-9

IPv4 and IPv6

dual protocol stacks 42-5

IPv6

ACLs

displaying 44-8

limitations 44-2

matching criteria 44-3

port 44-1

precedence 44-2

router 44-1

supported 44-2

addresses 42-2

address formats 42-2

applications 42-5

assigning address 42-10

autoconfiguration 42-4

CEFv6 42-18

configuring static routes 42-19

default configuration 42-10

default router preference (DRP) 42-4

defined 42-1

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 42-7

EIGRP IPv6 Commands 42-7

Router ID 42-7

feature limitations 42-9

features not supported 42-8

forwarding 42-10

ICMP 42-4

monitoring 42-26

neighbor discovery 42-4

OSPF 42-7

path MTU discovery 42-4

SDM templates 10-2, 44-1, 45-1

Stateless Autoconfiguration 42-4

supported features 42-2

switch limitations 42-9

understanding static routes 42-6

IPv6 traffic, filtering 44-3

IRDP

configuring 41-12

definition 41-11

support for 1-12

IS-IS

addresses 41-62

area routing 41-62

default configuration 41-63

monitoring 41-71

show commands 41-71

system routing 41-62

ISO CLNS

clear commands 41-71

dynamic routing protocols 41-62

monitoring 41-71

NETs 41-62

NSAPs 41-62

OSI standard 41-62

ISO IGRP

area routing 41-62

system routing 41-62

isolated port 20-2

isolated VLANs 20-2, 20-3

K

KDC

described 11-41

See also Kerberos

Kerberos

authenticating to

boundary switch 11-43

KDC 11-43

network services 11-44

configuration examples 11-40

configuring 11-44

credentials 11-41

cryptographic software image 11-40

described 11-41

KDC 11-41

operation 11-43

realm 11-42

server 11-42

support for 1-10

switch as trusted third party 11-40

terms 11-41

TGT 11-42

tickets 11-41

key distribution center

See KDC

L

l2protocol-tunnel command 21-12

LACP

Layer 2 protocol tunneling 21-9

See EtherChannel

Layer 2 frames, classification with CoS 39-2

Layer 2 interfaces, default configuration 15-13

Layer 2 protocol tunneling

configuring 21-10

configuring for EtherChannels 21-14

default configuration 21-11

defined 21-8

guidelines 21-11

Layer 2 traceroute

and ARP 36-12

and CDP 36-11

broadcast traffic 36-11

described 36-11

IP addresses and subnets 36-12

MAC addresses and VLANs 36-12

multicast traffic 36-12

multiple devices on a port 36-12

unicast traffic 36-11

usage guidelines 36-11

Layer 3 features 1-12

Layer 3 interfaces

assigning IP addresses to 41-5

assigning IPv4 and IPv6 addresses to 42-14

assigning IPv6 addresses to 42-11

changing from Layer 2 mode 41-5, 41-79

types of 41-3

Layer 3 packets, classification methods 39-2

LDAP 5-2

Leaking IGMP Reports 26-4

LEDs, switch

See hardware installation guide

lightweight directory access protocol

See LDAP

line configuration mode 2-3

Link Aggregation Control Protocol

See EtherChannel

link failure, detecting unidirectional 23-7

link fault alarm 3-3

link integrity, verifying with REP 25-3

Link Layer Discovery Protocol

See CDP

link local unicast addresses 42-3

link redundancy

See Flex Links

links, unidirectional 33-1

link state advertisements (LSAs) 41-29

link-state protocols 41-3

link-state tracking

configuring 40-23

described 40-21

LLDP

configuring 31-4

characteristics 31-6

default configuration 31-4

enabling 31-5

monitoring and maintaining 31-11

overview 31-1

supported TLVs 31-2

switch stack considerations 31-2

transmission timer and holdtime, setting 31-6

LLDP-MED

configuring

procedures 31-4

TLVs 31-7

monitoring and maintaining 31-11

overview 31-1, 31-2

supported TLVs 31-2

LLDP Media Endpoint Discovery

See LLDP-MED

load balancing 46-4

local SPAN 30-2

location TLV 31-3, 31-7

logging messages, ACL 38-9

login authentication

with RADIUS 11-30

with TACACS+ 11-14

login banners 7-10

log messages

See system message logging

loop guard

described 24-9

enabling 24-15

support for 1-7

LRE profiles, considerations in switch clusters 6-14

M

MAB

See MAC authentication bypass

MAB aging timer 1-8

MAB inactivity timer

default setting 12-33

range 12-36

MAC/PHY configuration status TLV 31-2

MAC addresses

aging time 7-14

and VLAN association 7-13

building the address table 7-13

default configuration 7-14

disabling learning on a VLAN 7-22

discovering 7-23

displaying 7-23

displaying in the IP source binding table 27-26

dynamic

learning 7-13

removing 7-15

in ACLs 38-28

IP address association 41-8

static

adding 7-20

allowing 7-21, 7-22

characteristics of 7-19

dropping 7-21

removing 7-20

MAC address learning 1-5

MAC address learning, disabling on a VLAN 7-22

MAC address notification, support for 1-13

MAC address-table move update

configuration guidelines 26-8

configuring 26-12

default configuration 26-8

description 26-6

monitoring 26-15

MAC address-to-VLAN mapping 17-24

MAC authentication bypass 12-35

configuring 12-55

overview 12-16

See MAB

MAC extended access lists

applying to Layer 2 interfaces 38-30

configuring for QoS 39-45

creating 38-28

defined 38-28

for QoS classification 39-5

magic packet 12-25

manageability features 1-4

management access

in-band

browser session 1-5

CLI session 1-5

device manager 1-5

SNMP 1-5

out-of-band console port connection 1-5

management address TLV 31-2

management options

CLI 2-1

clustering 1-2

CNS 5-1

overview 1-4

management VLAN

considerations in switch clusters 6-7

discovery through different management VLANs 6-7

manual preemption, REP, configuring 25-13

mapping tables for QoS

configuring

CoS-to-DSCP 39-61

DSCP 39-60

DSCP-to-CoS 39-64

DSCP-to-DSCP-mutation 39-65

IP-precedence-to-DSCP 39-62

policed-DSCP 39-63

described 39-12

marking

action with aggregate policers 39-58

described 39-4, 39-8

matching

IPv6 ACLs 44-3

matching, IPv4 ACLs 38-7

maximum aging time

MSTP 23-23

STP 22-21

maximum hop count, MSTP 23-24

maximum number of allowed devices, port-based authentication 12-36

maximum-paths command 41-49, 41-88

MDA

configuration guidelines 12-12 to 12-13

described 1-9, 12-12

exceptions with authentication process 12-5

membership mode, VLAN port 17-3

member switch

automatic discovery 6-4

defined 6-1

managing 6-14

passwords 6-13

recovering from lost connectivity 36-7

requirements 6-3

See also candidate switch, cluster standby group, and standby command switch

messages, to users through banners 7-10

metrics, in BGP 41-49

metric translations, between routing protocols 41-93

metro tags 21-2

MHSRP 46-4

MIBs

overview 36-1

SNMP interaction with 36-4

mirroring traffic for analysis 30-1

mismatches, autonegotiation 36-8

module number 15-8

monitoring

access groups 38-43

alarms 3-13

BGP 41-61

cables for unidirectional links 33-1

CDP 32-5

CEF 41-87

EIGRP 41-40

fallback bridging 50-10

features 1-13

Flex Links 26-15

HSRP 46-13

IEEE 802.1Q tunneling 21-17

IGMP

snooping 45-11

interfaces 15-24

IP

address tables 41-17

routes 41-100

IP SLAs operations 47-13

IPv4 ACL configuration 38-43

IPv6 42-26

IPv6 ACL configuration 44-8

IS-IS 41-71

ISO CLNS 41-71

Layer 2 protocol tunneling 21-17

MAC address-table move update 26-15

multicast router interfaces 45-11

multi-VRF CE 41-86

network traffic for analysis with probe 30-2

object tracking 48-12

OSPF 41-32

port

blocking 29-23

protection 29-23

private VLANs 20-14

PROFINET 9-5

PTP 8-4

REP 25-13

SFP status 15-25, 36-9

speed and duplex mode 15-17

traffic flowing among switches 34-1

traffic suppression 29-23

tunneling 21-17

VLAN

filters 38-43

maps 38-43

VLANs 17-14

VMPS 17-29

VTP 18-16

mrouter Port 26-3

mrouter port 26-5

MSDP

support for 1-13

MSTP

boundary ports

configuration guidelines 23-15

described 23-6

BPDU filtering

described 24-3

enabling 24-12

BPDU guard

described 24-2

enabling 24-11

CIST, described 23-3

CIST regional root 23-3

CIST root 23-5

configuration guidelines 23-14, 24-10

configuring

forward-delay time 23-23

hello time 23-22

link type for rapid convergence 23-24

maximum aging time 23-23

maximum hop count 23-24

MST region 23-15

neighbor type 23-25

path cost 23-20

port priority 23-19

root switch 23-17

secondary root switch 23-18

switch priority 23-21

CST

defined 23-3

operations between regions 23-3

default configuration 23-14

default optional feature configuration 24-9

displaying status 23-26

enabling the mode 23-15

EtherChannel guard

described 24-7

enabling 24-14

extended system ID

effects on root switch 23-17

effects on secondary root switch 23-18

unexpected behavior 23-17

IEEE 802.1s

implementation 23-6

port role naming change 23-6

terminology 23-5

instances supported 22-9

interface state, blocking to forwarding 24-2

interoperability and compatibility among modes 22-10

interoperability with IEEE 802.1D

described 23-8

restarting migration process 23-25

IST

defined 23-2

master 23-3

operations within a region 23-3

loop guard

described 24-9

enabling 24-15

mapping VLANs to MST instance 23-16

MST region

CIST 23-3

configuring 23-15

described 23-2

hop-count mechanism 23-5

IST 23-2

supported spanning-tree instances 23-2

optional features supported 1-7

overview 23-2

Port Fast

described 24-2

enabling 24-10

preventing root switch selection 24-8

root guard

described 24-8

enabling 24-15

root switch

configuring 23-17

effects of extended system ID 23-17

unexpected behavior 23-17

shutdown Port Fast-enabled port 24-2

status, displaying 23-26

multiauth

support for inaccessible authentication bypass 12-23

multiauth mode

See multiple-authentication mode

multicast groups

static joins 45-7

multicast packets

ACLs on 38-42

blocking 29-8

multicast router interfaces, monitoring 45-11

multicast router ports, adding 45-8

Multicast Source Discovery Protocol

See MSDP

multicast storm 29-1

multicast storm-control command 29-4

multidomain authentication

See MDA

multioperations scheduling, IP SLAs 47-5

multiple authentication 12-13

multiple authentication mode

configuring 12-42

Multiple HSRP

See MHSRP

multiple VPN routing/forwarding in customer edge devices

See multi-VRF CE

multi-VRF CE

configuration example 41-82

configuration guidelines 41-74

configuring 41-74

default configuration 41-74

defined 41-72

displaying 41-86

monitoring 41-86

network components 41-74

packet-forwarding process 41-73

support for 1-12

MVR

support for 1-3

N

NAC

AAA down policy 1-10

critical authentication 12-23, 12-51

IEEE 802.1x authentication using a RADIUS server 12-56

IEEE 802.1x validation using RADIUS server 12-56

inaccessible authentication bypass 1-10, 12-51

Layer 2 IEEE 802.1x validation 1-10, 12-28, 12-56

Layer 2 IP validation 1-10

named IPv4 ACLs 38-15

NameSpace Mapper

See NSM

native VLAN

and IEEE 802.1Q tunneling 21-4

configuring 17-20

default 17-20

NEAT

configuring 12-57

overview 12-29

neighbor discovery, IPv6 42-4

neighbor discovery/recovery, EIGRP 41-34

neighbor offset numbers, REP 25-4

neighbors, BGP 41-55

Network Admission Control

NAC

Network Assistant

benefits 1-2

described 1-4

upgrading a switch A-22

network configuration examples

increasing network performance 1-17

providing network services 1-17

network design

performance 1-17

services 1-17

Network Edge Access Topology

See NEAT

network management

CDP 32-1

RMON 34-1

SNMP 36-1

network performance, measuring with IP SLAs 47-3

network policy TLV 31-2, 31-7

Network Time Protocol

See NTP

no commands 2-4

nonhierarchical policy maps

configuration guidelines 39-33

described 39-9

non-IP traffic filtering 38-28

nontrunking mode 17-15

normal-range VLANs 17-4

configuration guidelines 17-6

configuring 17-4

defined 17-1

no switchport command 15-4

not-so-stubby areas

See NSSA

NSAPs, as ISO IGRP addresses 41-62

NSF Awareness

IS-IS 41-64

NSM 5-3

NSSA, OSPF 41-29

NTP

associations

defined 7-2

overview 7-2

stratum 7-2

support for 1-5

time

services 7-2

synchronizing 7-2

O

object tracking

HSRP 48-7

IP SLAs 48-9

IP SLAs, configuring 48-9

monitoring 48-12

off mode, VTP 18-3

open1x

configuring 12-62

open1x authentication

overview 12-29

Open Shortest Path First

See OSPF

optimizing system resources 10-1

options, management 1-4

OSPF

area parameters, configuring 41-28

configuring 41-26

default configuration

metrics 41-30

route 41-30

settings 41-25

described 41-23

for IPv6 42-7

interface parameters, configuring 41-27

LSA group pacing 41-31

monitoring 41-32

router IDs 41-32

route summarization 41-30

support for 1-12

virtual links 41-30

out-of-profile markdown 1-11

P

packet modification, with QoS 39-19

PAgP

Layer 2 protocol tunneling 21-9

See EtherChannel

parallel paths, in routing tables 41-88

passive interfaces

configuring 41-97

OSPF 41-30

passwords

default configuration 11-2

disabling recovery of 11-5

encrypting 11-3

for security 1-8

in clusters 6-13

overview 11-1

recovery of 36-3

setting

enable 11-3

enable secret 11-3

Telnet 11-6

with usernames 11-6

VTP domain 18-8

path cost

MSTP 23-20

STP 22-18

path MTU discovery 42-4

PBR

defined 41-94

enabling 41-95

fast-switched policy-based routing 41-97

local policy-based routing 41-97

PC (passive command switch) 6-10

peers, BGP 41-55

percentage thresholds in tracked lists 48-6

performance, network design 1-17

performance features 1-2

persistent self-signed certificate 11-51

per-user ACLs and Filter-Ids 12-8

per-VLAN spanning-tree plus

See PVST+

PE to CE routing, configuring 41-81

physical ports 15-2

PIM

support for 1-13

ping

character output description 36-11

executing 36-10

overview 36-10

PoE

troubleshooting 36-8

policed-DSCP map for QoS 39-63

policers

configuring

for each matched traffic class 39-48

for more than one traffic class 39-58

described 39-4

displaying 39-78

number of 39-34

types of 39-9

policing

described 39-4

hierarchical

See hierarchical policy maps

token-bucket algorithm 39-9

policy-based routing

See PBR

policy maps for QoS

characteristics of 39-48

described 39-7

displaying 39-78

hierarchical 39-8

hierarchical on SVIs

configuration guidelines 39-33

configuring 39-52

described 39-11

nonhierarchical on physical ports

configuration guidelines 39-33

described 39-9

port ACLs

defined 38-2

types of 38-3

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting 12-14

authentication server

defined 12-3, 13-2

RADIUS server 12-3

client, defined 12-3, 13-2

configuration guidelines 12-34, 13-9

configuring

802.1x authentication 12-39

guest VLAN 12-49

host mode 12-42

inaccessible authentication bypass 12-51

manual re-authentication of a client 12-44

periodic re-authentication 12-43

quiet period 12-44

RADIUS server 12-42, 13-13

RADIUS server parameters on the switch 12-41, 13-11

restricted VLAN 12-50

switch-to-client frame-retransmission number 12-45, 12-46

switch-to-client retransmission time 12-45

violation modes 12-38 to 12-39

default configuration 12-33, 13-9

described 12-1

device roles 12-2, 13-2

displaying statistics 12-64, 13-17

downloadable ACLs and redirect URLs

configuring 12-59 to 12-61, ?? to 12-61

overview 12-18 to 12-20

EAPOL-start frame 12-5

EAP-request/identity frame 12-5

EAP-response/identity frame 12-5

enabling

802.1X authentication 13-11

encapsulation 12-3

flexible authentication ordering

configuring 12-62

overview 12-28

guest VLAN

configuration guidelines 12-22, 12-23

described 12-21

host mode 12-11

inaccessible authentication bypass

configuring 12-51

described 12-23

guidelines 12-35

initiation and message exchange 12-5

magic packet 12-25

maximum number of allowed devices per port 12-36

method lists 12-39

multiple authentication 12-13

per-user ACLs

AAA authorization 12-39

configuration tasks 12-18

described 12-17

RADIUS server attributes 12-18

ports

authorization state and dot1x port-control command 12-10

authorized and unauthorized 12-10

voice VLAN 12-24

port security

described 12-25

readiness check

configuring 12-36

described 12-16, 12-36

resetting to default values 12-64

statistics, displaying 12-64

switch

as proxy 12-3, 13-2

RADIUS client 12-3

switch supplicant

configuring 12-57

overview 12-29

user distribution

guidelines 12-27

overview 12-27

VLAN assignment

AAA authorization 12-39

characteristics 12-16

configuration tasks 12-17

described 12-16

voice aware 802.1x security

configuring 12-37

described 12-29, 12-37

voice VLAN

described 12-24

PVID 12-24

VVID 12-24

wake-on-LAN, described 12-25

with ACLs and RADIUS Filter-Id attribute 12-31

port-based authentication methods, supported 12-7

port blocking 1-3, 29-7

port-channel

See EtherChannel

port description TLV 31-2

Port Fast

described 24-2

enabling 24-10

mode, spanning tree 17-26

support for 1-7

port membership modes, VLAN 17-3

port not forwarding alarm 3-3

port not operating alarm 3-3

port priority

MSTP 23-19

STP 22-17

ports

access 15-3

blocking 29-7

dual-purpose uplink 15-6

dynamic access 17-3

IEEE 802.1Q tunnel 17-4

protected 29-6

REP 25-6

routed 15-4

secure 29-8

static-access 17-3, 17-9

switch 15-2

trunks 17-3, 17-14

VLAN assignments 17-9

port security

aging 29-18

and private VLANs 29-20

and QoS trusted boundary 39-38

configuring 29-13

default configuration 29-11

described 29-8

displaying 29-23

enabling 29-20

on trunk ports 29-15

sticky learning 29-9

violations 29-10

with other features 29-12

port-shutdown response, VMPS 17-25

port status monitoring alarms

FCS bit error rate alarm 3-3

link fault alarm 3-3

port not forwarding alarm 3-3

port not operating alarm 3-3

port VLAN ID TLV 31-2

power management TLV 31-2, 31-7

preempt delay time, REP 25-5

preemption, default configuration 26-8

preemption delay, default configuration 26-8

preferential treatment of traffic

See QoS

prefix lists, BGP 41-53

preventing unauthorized access 11-1

primary edge port, REP 25-4

primary interface for object tracking, DHCP, configuring 48-10

primary interface for static routing, configuring 48-10

primary links 26-2

primary VLANs 20-1, 20-3

priority

HSRP 46-8

overriding CoS 19-6

trusting CoS 19-6

private VLAN edge ports

See protected ports

private VLANs

across multiple switches 20-4

and SDM template 20-4

and SVIs 20-5

benefits of 20-1

community ports 20-2

community VLANs 20-2, 20-3

configuration guidelines 20-6, 20-7, 20-8

configuration tasks 20-6

configuring 20-9

default configuration 20-6

end station access to 20-3

IP addressing 20-3

isolated port 20-2

isolated VLANs 20-2, 20-3

mapping 20-13

monitoring 20-14

ports

community 20-2

configuration guidelines 20-8

configuring host ports 20-11

configuring promiscuous ports 20-12

described 17-4

isolated 20-2

promiscuous 20-2

primary VLANs 20-1, 20-3

promiscuous ports 20-2

secondary VLANs 20-2

subdomains 20-1

traffic in 20-5

privileged EXEC mode 2-2

privilege levels

changing the default for lines 11-9

command switch 6-15

exiting 11-10

logging into 11-10

mapping on member switches 6-15

overview 11-2, 11-8

setting a command with 11-8

PROFINET 9-1

configuring 9-4

default configuration 9-4

displaying configuration 9-5

promiscuous ports

configuring 20-12

defined 20-2

protected ports 1-8, 29-6

protocol-dependent modules, EIGRP 41-34

protocol storm protection 29-21

provider edge devices 41-72

proxy ARP

configuring 41-10

definition 41-8

with IP routing disabled 41-11

proxy reports 26-3

pruning, VTP

disabling

in VTP domain 18-14

on a port 17-20

enabling

in VTP domain 18-14

on a port 17-19

examples 18-6

overview 18-5

pruning-eligible list

changing 17-19

for VTP pruning 18-5

VLANs 18-14

PTP

configuring 8-3

default configuration 8-2

displaying configuration 8-4

PVST+

described 22-9

IEEE 802.1Q trunking interoperability 22-10

instances supported 22-9

Q

QoS

and MQC commands 39-1

auto-QoS

categorizing traffic 39-20

configuration and defaults display 39-29

configuration guidelines 39-25

described 39-20

disabling 39-27

displaying generated commands 39-27

displaying the initial configuration 39-29

effects on running configuration 39-25

egress queue defaults 39-21

enabling for VoIP 39-26

example configuration 39-28

ingress queue defaults 39-21

list of generated commands 39-22

basic model 39-4

classification

class maps, described 39-7

defined 39-4

DSCP transparency, described 39-40

flowchart 39-6

forwarding treatment 39-3

in frames and packets 39-3

IP ACLs, described 39-5, 39-7

MAC ACLs, described 39-5, 39-7

options for IP traffic 39-5

options for non-IP traffic 39-5

policy maps, described 39-7

trust DSCP, described 39-5

trusted CoS, described 39-5

trust IP precedence, described 39-5

class maps

configuring 39-46

displaying 39-78

configuration guidelines

auto-QoS 39-25

standard QoS 39-33

configuring

aggregate policers 39-58

auto-QoS 39-20

default port CoS value 39-38

DSCP maps 39-60

DSCP transparency 39-40

DSCP trust states bordering another domain 39-40

egress queue characteristics 39-70

ingress queue characteristics 39-66

IP extended ACLs 39-44

IP standard ACLs 39-43

MAC ACLs 39-45

policy maps, hierarchical 39-52

port trust states within the domain 39-36

trusted boundary 39-38

default auto configuration 39-20

default standard configuration 39-30

displaying statistics 39-78

DSCP transparency 39-40

egress queues

allocating buffer space 39-71

buffer allocation scheme, described 39-17

configuring shaped weights for SRR 39-74

configuring shared weights for SRR 39-75

described 39-4

displaying the threshold map 39-74

flowchart 39-17

mapping DSCP or CoS values 39-73

scheduling, described 39-4

setting WTD thresholds 39-71

WTD, described 39-18

enabling globally 39-35

flowcharts

classification 39-6

egress queueing and scheduling 39-17

ingress queueing and scheduling 39-15

policing and marking 39-10

implicit deny 39-7

ingress queues

allocating bandwidth 39-68

allocating buffer space 39-68

buffer and bandwidth allocation, described 39-16

configuring shared weights for SRR 39-68

configuring the priority queue 39-69

described 39-4

displaying the threshold map 39-67

flowchart 39-15

mapping DSCP or CoS values 39-67

priority queue, described 39-16

scheduling, described 39-4

setting WTD thresholds 39-67

WTD, described 39-16

IP phones

automatic classification and queueing 39-20

detection and trusted settings 39-20, 39-38

limiting bandwidth on egress interface 39-77

mapping tables

CoS-to-DSCP 39-61

displaying 39-78

DSCP-to-CoS 39-64

DSCP-to-DSCP-mutation 39-65

IP-precedence-to-DSCP 39-62

policed-DSCP 39-63

types of 39-12

marked-down actions 39-50, 39-55

marking, described 39-4, 39-8

overview 39-1

packet modification 39-19

policers

configuring 39-50, 39-55, 39-59

described 39-8

displaying 39-78

number of 39-34

types of 39-9

policies, attaching to an interface 39-8

policing

described 39-4, 39-8

token bucket algorithm 39-9

policy maps

characteristics of 39-48

displaying 39-78

hierarchical 39-8

hierarchical on SVIs 39-52

nonhierarchical on physical ports 39-48

QoS label, defined 39-4

queues

configuring egress characteristics 39-70

configuring ingress characteristics 39-66

high priority (expedite) 39-19, 39-76

location of 39-13

SRR, described 39-14

WTD, described 39-13

rewrites 39-19

support for 1-11

trust states

bordering another domain 39-40

described 39-5

trusted device 39-38

within the domain 39-36

quality of service

See QoS

R

RADIUS

attributes

vendor-proprietary 11-38

vendor-specific 11-36

configuring

accounting 11-35

authentication 11-30

authorization 11-34

communication, global 11-28, 11-36

communication, per-server 11-28

multiple UDP ports 11-28

default configuration 11-27

defining AAA server groups 11-32

displaying the configuration 11-40

identifying the server 11-28

in clusters 6-14

limiting the services to the user 11-34

method list, defined 11-27

operation of 11-20

overview 11-18

server load balancing 11-40

suggested network environments 11-19

support for 1-10

tracking services accessed by user 11-35

RADIUS Change of Authorization 11-20

range

macro 15-11

of interfaces 15-10

rapid convergence 23-9

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described 22-9

IEEE 802.1Q trunking interoperability 22-10

instances supported 22-9

Rapid Spanning Tree Protocol

See RSTP

RARP 41-8

rcommand command 6-14

RCP

configuration files

downloading A-16

overview A-14

preparing the server A-15

uploading A-17

image files

deleting old image A-33

downloading A-32

preparing the server A-31

uploading A-33

reachability, tracking IP SLAs IP host 48-9

readiness check

port-based authentication

configuring 12-36

described 12-16, 12-36

reconfirmation interval, VMPS, changing 17-28

reconfirming dynamic VLAN membership 17-28

recovery procedures 36-1

redirect URL 12-18, 12-20, 12-59

redundancy

EtherChannel 40-3

HSRP 46-1

STP

backbone 22-8

path cost 17-23

port priority 17-21

redundant links and UplinkFast 24-13

reliable transport protocol, EIGRP 41-34

reloading software 4-21

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN 30-2

REP

administrative VLAN 25-8

administrative VLAN, configuring 25-8

age timer 25-8

and STP 25-6

configuration guidelines 25-7

configuring interfaces 25-9

convergence 25-4

default configuration 25-7

manual preemption, configuring 25-13

monitoring 25-13

neighbor offset numbers 25-4

open segment 25-2

ports 25-6

preempt delay time 25-5

primary edge port 25-4

ring segment 25-2

secondary edge port 25-4

segments 25-1

characteristics 25-2

SNMP traps, configuring 25-13

supported interfaces 25-1

triggering VLAN load balancing 25-5

verifying link integrity 25-3

VLAN blocking 25-12

VLAN load balancing 25-4

report suppression, IGMP

disabling 45-11

resequencing ACL entries 38-15

reserved addresses in DHCP pools 27-28

resets, in BGP 41-48

resetting a UDLD-shutdown interface 33-6

Resilient Ethernet Protocol

See REP

responder, IP SLAs

described 47-4

enabling 47-8

response time, measuring with IP SLAs 47-4

restricted VLAN

configuring 12-50

described 12-22

using with IEEE 802.1x 12-22

restricting access

overview 11-1

passwords and privilege levels 11-2

RADIUS 11-18

TACACS+ 11-10

retry count, VMPS, changing 17-29

reverse address resolution 41-8

Reverse Address Resolution Protocol

See RARP

RFC

1058, RIP 41-18

1157, SNMPv1 36-2

1163, BGP 41-41

1166, IP addresses 41-5

1253, OSPF 41-24

1267, BGP 41-41

1305, NTP 7-2

1587, NSSAs 41-24

1757, RMON 34-2

1771, BGP 41-41

1901, SNMPv2C 36-2

1902 to 1907, SNMPv2 36-2

2273-2275, SNMPv3 36-2

RFC 5176 Compliance 11-21

RIP

advertisements 41-18

authentication 41-21

configuring 41-20

default configuration 41-19

described 41-18

for IPv6 42-6

hop counts 41-19

split horizon 41-22

summary addresses 41-22

support for 1-12

RMON

default configuration 34-3

displaying status 34-6

enabling alarms and events 34-3

groups supported 34-2

overview 34-1

statistics

collecting group Ethernet 34-5

collecting group history 34-5

support for 1-13

root guard

described 24-8

enabling 24-15

support for 1-7

root switch

MSTP 23-17

STP 22-14

route calculation timers, OSPF 41-30

route dampening, BGP 41-60

routed packets, ACLs on 38-41

routed ports

configuring 41-3

defined 15-4

in switch clusters 6-8

IP addresses on 15-21, 41-4

route-map command 41-96

route maps

BGP 41-51

policy-based routing 41-94

router ACLs

defined 38-2

types of 38-4

route reflectors, BGP 41-59

router ID, OSPF 41-32

route selection, BGP 41-49

route summarization, OSPF 41-30

route targets, VPN 41-74

routing

default 41-2

dynamic 41-3

redistribution of information 41-90

static 41-3

routing domain confederation, BGP 41-58

Routing Information Protocol

See RIP

routing protocol administrative distances 41-89

RSPAN

characteristics 30-8

configuration guidelines 30-16

default configuration 30-9

defined 30-2

destination ports 30-7

displaying status 30-22

interaction with other features 30-8

monitored ports 30-5

monitoring ports 30-7

overview 1-13, 30-1

received traffic 30-4

sessions

creating 30-16

defined 30-3

limiting source traffic to specific VLANs 30-21

specifying monitored ports 30-16

with ingress traffic enabled 30-20

source ports 30-5

transmitted traffic 30-5

VLAN-based 30-6

RSTP

active topology 23-9

BPDU

format 23-12

processing 23-12

designated port, defined 23-9

designated switch, defined 23-9

interoperability with IEEE 802.1D

described 23-8

restarting migration process 23-25

topology changes 23-13

overview 23-8

port roles

described 23-9

synchronized 23-11

proposal-agreement handshake process 23-10

rapid convergence

described 23-9

edge ports and Port Fast 23-9

point-to-point links 23-10, 23-24

root ports 23-10

root port, defined 23-9

See also MSTP

running configuration

replacing A-18, A-19

rolling back A-18, A-19

running configuration, saving 4-15

S

SC (standby command switch) 6-10

scheduled reloads 4-21

scheduling, IP SLAs operations 47-5

SCP

and SSH 11-56

configuring 11-57

SDM

templates

configuring 10-4

number of 10-1

SDM template 44-3

configuration guidelines 10-3

configuring 10-3

dual IPv4 and IPv6 10-2

types of 10-1

secondary edge port, REP 25-4

secondary VLANs 20-2

Secure Copy Protocol

secure HTTP client

configuring 11-55

displaying 11-56

secure HTTP server

configuring 11-54

displaying 11-56

secure MAC addresses

deleting 29-17

maximum number of 29-10

types of 29-9

secure ports, configuring 29-8

secure remote connections 11-46

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port 29-8

security features 1-8

See SCP

sequence numbers in log messages 35-8

server mode, VTP 18-3

service-provider network, MSTP and RSTP 23-1

service-provider networks

and customer VLANs 21-2

and IEEE 802.1Q tunneling 21-1

Layer 2 protocols across 21-8

Layer 2 protocol tunneling for EtherChannels 21-9

set-request operation 36-4

setting a secondary temperature threshold 3-7, 3-8

setting power supply alarm options 3-6

setting the FCS error hysteresis threshold 3-10

setup program

failed command switch replacement 36-6

replacing failed command switch 36-4

severity levels, defining in system messages 35-8

SFPs

monitoring status of 15-25, 36-9

security and identification 36-9

status, displaying 36-9

shaped round robin

See SRR

show access-lists hw-summary command 38-22

show alarm commands 3-13

show and more command output, filtering 2-10

show cdp traffic command 32-6

show cluster members command 6-14

show configuration command 15-20

show forward command 36-17

show interfaces command 15-17, 15-20

show interfaces switchport 26-4

show l2protocol command 21-13, 21-15

show lldp traffic command 31-11

show platform forward command 36-17

show running-config command

displaying ACLs 38-20, 38-21, 38-33, 38-36

interface description in 15-20

shutdown command on interfaces 15-26

shutdown threshold for Layer 2 protocol packets 21-11

Simple Network Management Protocol

See SNMP

small-frame arrival rate, configuring 29-5

Smartports macros

applying Cisco-default macros 16-3

applying global parameter values 16-3

configuration guidelines 16-2

default configuration 16-1

displaying 16-5

tracing 16-2

SNAP 32-1

SNMP

accessing MIB variables with 36-4

agent

described 36-4

disabling 36-9

and IP SLAs 47-2

authentication level 36-12

community strings

configuring 36-9

for cluster switches 36-4

overview 36-4

configuration examples 36-19

default configuration 36-8

engine ID 36-8

groups 36-8, 36-11

host 36-8

ifIndex values 36-5

in-band management 1-5

in clusters 6-14

informs

and trap keyword 36-13

described 36-5

differences from traps 36-5

disabling 36-17

enabling 36-17

limiting access by TFTP servers 36-18

limiting system log messages to NMS 35-10

manager functions 1-4, 36-3

managing clusters with 6-15

notifications 36-5

overview 36-1, 36-4

security levels 36-2

setting CPU threshold notification 36-17

status, displaying 36-20

system contact and location 36-18

trap manager, configuring 36-15

traps

described 36-3, 36-5

differences from informs 36-5

disabling 36-17

enabling 36-13

enabling MAC address notification 7-15, 7-17, 7-18

overview 36-1, 36-4

types of 36-14

users 36-8, 36-11

versions supported 36-2

SNMP and Syslog Over IPv6 42-8

SNMP traps

REP 25-13

SNMPv1 36-2

SNMPv2C 36-2

SNMPv3 36-2

software images

location in flash A-22

recovery procedures 36-2

scheduling reloads 4-21

tar file format, described A-22

See also downloading and uploading

source addresses

in IPv4 ACLs 38-12

in IPv6 ACLs 44-5

source-and-destination-IP address based forwarding, EtherChannel 40-8

source-and-destination MAC address forwarding, EtherChannel 40-8

source-IP address based forwarding, EtherChannel 40-8

source-MAC address forwarding, EtherChannel 40-7

SPAN

configuration guidelines 30-10

default configuration 30-9

destination ports 30-7

displaying status 30-22

interaction with other features 30-8

monitored ports 30-5

monitoring ports 30-7

overview 1-13, 30-1

ports, restrictions 29-12

received traffic 30-4

sessions

configuring ingress forwarding 30-14, 30-21

creating 30-11

defined 30-3

limiting source traffic to specific VLANs 30-14

removing destination (monitoring) ports 30-12

specifying monitored ports 30-11

with ingress traffic enabled 30-13

source ports 30-5

transmitted traffic 30-5

VLAN-based 30-6

spanning tree and native VLANs 17-16

Spanning Tree Protocol

See STP

SPAN traffic 30-4

split horizon, RIP 41-22

SRR

configuring

shaped weights on egress queues 39-74

shared weights on egress queues 39-75

shared weights on ingress queues 39-68

described 39-14

shaped mode 39-14

shared mode 39-14

support for 1-12

SSH

configuring 11-47

cryptographic software image 11-45

described 1-5, 11-46

encryption methods 11-46

user authentication methods, supported 11-46

SSL

configuration guidelines 11-53

configuring a secure HTTP client 11-55

configuring a secure HTTP server 11-54

cryptographic software image 11-50

described 11-50

monitoring 11-56

standby command switch

configuring

considerations 6-11

defined 6-2

priority 6-10

requirements 6-3

virtual IP address 6-11

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

standby ip command 46-6

standby links 26-2

standby router 46-1

standby timers, HSRP 46-11

startup configuration

booting

manually 4-18

specific image 4-19

clearing A-18

configuration file

automatically downloading 4-17

specifying the filename 4-17

default boot configuration 4-17

static access ports

assigning to VLAN 17-9

defined 15-3, 17-3

static addresses

See addresses

static IP routing 1-12

static MAC addressing 1-8

static route primary interface,configuring 48-10

static routes

configuring 41-88

configuring for IPv6 42-19

understanding 42-6

static routing 41-3

static routing support, enhanced object tracking 48-10

static VLAN membership 17-2

statistics

802.1X 13-17

802.1x 12-64

CDP 32-5

interface 15-25

LLDP 31-11

LLDP-MED 31-11

NMSP 31-11

OSPF 41-32

QoS ingress and egress 39-78

RMON group Ethernet 34-5

RMON group history 34-5

SNMP input and output 36-20

VTP 18-16

sticky learning 29-9

storm control

configuring 29-3

described 29-1

disabling 29-5

displaying 29-23

support for 1-3

thresholds 29-1

STP

accelerating root port selection 24-4

and REP 25-6

BackboneFast

described 24-5

disabling 24-14

enabling 24-13

BPDU filtering

described 24-3

disabling 24-12

enabling 24-12

BPDU guard

described 24-2

disabling 24-12

enabling 24-11

BPDU message exchange 22-3

configuration guidelines 22-12, 24-10

configuring

forward-delay time 22-21

hello time 22-20

maximum aging time 22-21

path cost 22-18

port priority 22-17

root switch 22-14

secondary root switch 22-16

spanning-tree mode 22-13

switch priority 22-19

transmit hold-count 22-22

counters, clearing 22-22

default configuration 22-11

default optional feature configuration 24-9

designated port, defined 22-3

designated switch, defined 22-3

detecting indirect link failures 24-5

disabling 22-14

displaying status 22-22

EtherChannel guard

described 24-7

disabling 24-14

enabling 24-14

extended system ID

effects on root switch 22-14

effects on the secondary root switch 22-16

overview 22-4

unexpected behavior 22-15

features supported 1-6

IEEE 802.1D and bridge ID 22-4

IEEE 802.1D and multicast addresses 22-8

IEEE 802.1t and VLAN identifier 22-4

inferior BPDU 22-3

instances supported 22-9

interface state, blocking to forwarding 24-2

interface states

blocking 22-5

disabled 22-7

forwarding 22-5, 22-6

learning 22-6

listening 22-6

overview 22-4

interoperability and compatibility among modes 22-10

Layer 2 protocol tunneling 21-7

limitations with IEEE 802.1Q trunks 22-10

load sharing

overview 17-21

using path costs 17-23

using port priorities 17-21

loop guard

described 24-9

enabling 24-15

modes supported 22-9

multicast addresses, effect of 22-8

optional features supported 1-7

overview 22-2

path costs 17-23

Port Fast

described 24-2

enabling 24-10

port priorities 17-22

preventing root switch selection 24-8

protocols supported 22-9

redundant connectivity 22-8

root guard

described 24-8

enabling 24-15

root port, defined 22-3

root switch

configuring 22-15

effects of extended system ID 22-4, 22-14

election 22-3

unexpected behavior 22-15

shutdown Port Fast-enabled port 24-2

status, displaying 22-22

superior BPDU 22-3

timers, described 22-20

UplinkFast

described 24-3

enabling 24-13

VLAN-bridge 22-10

stratum, NTP 7-2

stub areas, OSPF 41-28

stub routing, EIGRP 41-39

subdomains, private VLAN 20-1

subnet mask 41-5

subnet zero 41-6

success response, VMPS 17-25

summer time 7-6

SunNet Manager 1-4

supernet 41-6

supported port-based authentication methods 12-7

SVI autostate exclude

configuring 15-22

defined 15-6

SVI link state 15-6

SVIs

and IP unicast routing 41-3

and router ACLs 38-4

connecting VLANs 15-7

defined 15-5

routing between VLANs 17-2

switch 42-2

switch clustering technology 6-1

See also clusters, switch

switch console port 1-5

Switch Database Management

See SDM

switched packets, ACLs on 38-40

Switched Port Analyzer

See SPAN

switched ports 15-2

switchport backup interface 26-4, 26-5

switchport block multicast command 29-8

switchport block unicast command 29-8

switchport command 15-13

switchport mode dot1q-tunnel command 21-6

switchport protected command 29-7

switch priority

MSTP 23-21

STP 22-19

switch software features 1-1

switch virtual interface

See SVI

SXP

configuration process 14-2

configuring peer connections 14-2

default passwords 14-4

enabling 14-2

reconcile period 14-5

retry period 14-5

source IP address 14-4

synchronization, BGP 41-45

syslog

See system message logging

system capabilities TLV 31-2

system clock

configuring

daylight saving time 7-6

manually 7-4

summer time 7-6

time zones 7-5

displaying the time and date 7-5

overview 7-1

See also NTP

system description TLV 31-2

system message logging

default configuration 35-3

defining error message severity levels 35-8

disabling 35-4

displaying the configuration 35-13

enabling 35-4

facility keywords, described 35-13

level keywords, described 35-9

limiting messages 35-10

message format 35-2

overview 35-1

sequence numbers, enabling and disabling 35-8

setting the display destination device 35-5

synchronizing log messages 35-6

syslog facility 1-13

time stamps, enabling and disabling 35-7

UNIX syslog servers

configuring the daemon 35-12

configuring the logging facility 35-12

facilities supported 35-13

system MTU

and IS-IS LSPs 41-66

system MTU and IEEE 802.1Q tunneling 21-5

system name

default configuration 7-8

default setting 7-8

manual configuration 7-8

See also DNS

system name TLV 31-2

system prompt, default setting 7-7, 7-8

system resources, optimizing 10-1

system routing

IS-IS 41-62

ISO IGRP 41-62

T

TACACS+

accounting, defined 11-11

authentication, defined 11-11

authorization, defined 11-11

configuring

accounting 11-17

authentication key 11-13

authorization 11-16

login authentication 11-14

default configuration 11-13

displaying the configuration 11-18

identifying the server 11-13

in clusters 6-14

limiting the services to the user 11-16

operation of 11-12

overview 11-10

support for 1-10

tracking services accessed by user 11-17

tagged packets

IEEE 802.1Q 21-3

Layer 2 protocol 21-7

tar files

creating A-6

displaying the contents of A-6

extracting A-7

image file format A-22

TCL script, registering and defining with embedded event manager 37-6

TDR 1-14

Telnet

accessing management interfaces 2-10

number of connections 1-5

setting a password 11-6

temperature alarms, configuring 3-7, 3-8

temporary self-signed certificate 11-51

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password 11-6

TFTP

configuration files

downloading A-10

preparing the server A-10

uploading A-11

configuration files in base directory 4-7

configuring for autoconfiguration 4-7

image files

deleting A-25

downloading A-24

preparing the server A-24

uploading A-26

limiting access by servers 36-18

TFTP server 1-4

threshold, traffic level 29-2

threshold monitoring, IP SLAs 47-6

time

See NTP and system clock

Time Domain Reflector

See TDR

time-range command 38-17

time ranges in ACLs 38-17

time stamps in log messages 35-7

time zones 7-5

TLVs

defined 31-1

LLDP 31-2

LLDP-MED 31-2

Token Ring VLANs

support for 17-6

VTP support 18-4

ToS 1-11

traceroute, Layer 2

and ARP 36-12

and CDP 36-11

broadcast traffic 36-11

described 36-11

IP addresses and subnets 36-12

MAC addresses and VLANs 36-12

multicast traffic 36-12

multiple devices on a port 36-12

unicast traffic 36-11

usage guidelines 36-11

traceroute command 36-13

See also IP traceroute

tracked lists

configuring 48-3

types 48-3

tracked objects

by Boolean expression 48-4

by threshold percentage 48-6

by threshold weight 48-5

tracking interface line-protocol state 48-2

tracking IP routing state 48-2

tracking objects 48-1

tracking process 48-1

track state, tracking IP SLAs 48-9

traffic

blocking flooded 29-8

fragmented 38-5

fragmented IPv6 44-2

unfragmented 38-5

traffic policing 1-11

traffic suppression 29-1

transmit hold-count

see STP

transparent mode, VTP 18-3

trap-door mechanism 4-2

traps

configuring MAC address notification 7-15, 7-17, 7-18

configuring managers 36-13

defined 36-3

enabling 7-15, 7-17, 7-18, 36-13

notification types 36-14

overview 36-1, 36-4

triggering alarm options

configurable relay 3-3

methods 3-3

SNMP traps 3-4

syslog messages 3-4

troubleshooting

connectivity problems 36-9, 36-11, 36-12

CPU utilization 36-20

detecting unidirectional links 33-1

displaying crash information 36-19

setting packet forwarding 36-17

SFP security and identification 36-9

show forward command 36-17

with CiscoWorks 36-4

with debug commands 36-15

with ping 36-10

with system message logging 35-1

with traceroute 36-13

trunk failover

See link-state tracking

trunking encapsulation 1-7

trunk ports

configuring 17-17

defined 15-3, 17-3

trunks

allowed-VLAN list 17-18

load sharing

setting STP path costs 17-23

using STP port priorities 17-21, 17-22

native VLAN for untagged traffic 17-20

parallel 17-23

pruning-eligible list 17-19

to non-DTP device 17-15

trusted boundary for QoS 39-38

trusted port states

between QoS domains 39-40

classification options 39-5

ensuring port security for IP phones 39-38

support for 1-11

within a QoS domain 39-36

trustpoints, CA 11-50

tunneling

defined 21-1

IEEE 802.1Q 21-1

Layer 2 protocol 21-8

tunnel ports

defined 17-4

described 15-4, 21-1

IEEE 802.1Q, configuring 21-6

incompatibilities with other features 21-5

twisted-pair Ethernet, detecting unidirectional links 33-1

type of service

See ToS

U

UDLD

configuration guidelines 33-4

default configuration 33-4

disabling

globally 33-5

on fiber-optic interfaces 33-5

per interface 33-5

echoing detection mechanism 33-2

enabling

globally 33-5

per interface 33-5

Layer 2 protocol tunneling 21-10

link-detection mechanism 33-1

neighbor database 33-2

overview 33-1

resetting an interface 33-6

status, displaying 33-6

support for 1-6

UDP, configuring 41-14

UDP jitter, configuring 47-9

UDP jitter operation, IP SLAs 47-9

unauthorized ports with IEEE 802.1x 12-10

unicast MAC address filtering 1-5

and adding static addresses 7-21

and broadcast MAC addresses 7-20

and CPU packets 7-20

and multicast addresses 7-20

and router MAC addresses 7-20

configuration guidelines 7-20

described 7-20

unicast storm 29-1

unicast storm control command 29-4

unicast traffic, blocking 29-8

UniDirectional Link Detection protocol

See UDLD

UNIX syslog servers

daemon configuration 35-12

facilities supported 35-13

message logging configuration 35-12

unrecognized Type-Length-Value (TLV) support 18-4

upgrading software images

See downloading

UplinkFast

described 24-3

disabling 24-13

enabling 24-13

uploading

configuration files

preparing A-10, A-12, A-15

reasons for A-8

using FTP A-14

using RCP A-17

using TFTP A-11

image files

preparing A-24, A-27, A-31

reasons for A-22

using FTP A-29

using RCP A-33

using TFTP A-26

User Datagram Protocol

See UDP

user EXEC mode 2-2

username-based authentication 11-6

V

version-dependent transparent mode 18-4

virtual IP address

cluster standby group 6-11

command switch 6-11

Virtual Private Network

See VPN

virtual router 46-1, 46-2

virtual switches and PAgP 40-5

vlan.dat file 17-5

VLAN 1, disabling on a trunk port 17-19

VLAN 1 minimization 17-18

VLAN ACLs

See VLAN maps

vlan-assignment response, VMPS 17-25

VLAN blocking, REP 25-12

VLAN configuration

at bootup 17-7

saving 17-7

VLAN configuration mode 2-2

VLAN database

and startup configuration file 17-7

and VTP 18-1

VLAN configuration saved in 17-7

VLANs saved in 17-4

vlan dot1q tag native command 21-4

VLAN filtering and SPAN 30-6

vlan global configuration command 17-7

VLAN ID, discovering 7-23

VLAN link state 15-6

VLAN load balancing

REP 25-4

VLAN load balancing, triggering 25-5

VLAN load balancing on flex links 26-2

configuration guidelines 26-8

VLAN management domain 18-2

VLAN Management Policy Server

See VMPS

VLAN map entries, order of 38-32

VLAN maps

applying 38-36

common uses for 38-36

configuration guidelines 38-32

configuring 38-31

creating 38-33

defined 38-2

denying access to a server example 38-37

denying and permitting packets 38-33

displaying 38-43

examples of ACLs and VLAN maps 38-33

removing 38-36

support for 1-8

wiring closet configuration example 38-37

VLAN membership

confirming 17-28

modes 17-3

VLAN Query Protocol

See VQP

VLANs

adding 17-8

adding to VLAN database 17-8

aging dynamic addresses 22-9

allowed on trunk 17-18

and spanning-tree instances 17-3, 17-6, 17-11

configuration guidelines, extended-range VLANs 17-11

configuration guidelines, normal-range VLANs 17-6

configuring 17-1

configuring IDs 1006 to 4094 17-11

connecting through SVIs 15-7

creating 17-8

customer numbering in service-provider networks 21-3

default configuration 17-7

deleting 17-9

described 15-2, 17-1

displaying 17-14

extended-range 17-1, 17-10

features 1-7

illustrated 17-2

internal 17-11

limiting source traffic with RSPAN 30-21

limiting source traffic with SPAN 30-14

modifying 17-8

native, configuring 17-20

normal-range 17-1, 17-4

number supported 1-7

parameters 17-5

port membership modes 17-3

static-access ports 17-9

STP and IEEE 802.1Q trunks 22-10

supported 17-2

Token Ring 17-6

traffic between 17-2

VLAN-bridge STP 22-10, 50-2

VTP modes 18-3

VLAN Trunking Protocol

See VTP

VLAN trunks 17-14

VMPS

administering 17-29

configuration example 17-30

configuration guidelines 17-26

default configuration 17-26

description 17-24

dynamic port membership

described 17-25

reconfirming 17-28

troubleshooting 17-30

entering server address 17-27

mapping MAC addresses to VLANs 17-24

monitoring 17-29

reconfirmation interval, changing 17-28

reconfirming membership 17-28

retry count, changing 17-29

voice aware 802.1x security

port-based authentication

configuring 12-37

described 12-29, 12-37

voice-over-IP 19-1

voice VLAN

Cisco 7960 phone, port connections 19-1

configuration guidelines 19-3

configuring IP phones for data traffic

override CoS of incoming frame 19-6

trust CoS priority of incoming frame 19-6

configuring ports for voice traffic in

802.1p priority tagged frames 19-5

802.1Q frames 19-5

connecting to an IP phone 19-4

default configuration 19-3

described 19-1

displaying 19-7

IP phone data traffic, described 19-2

IP phone voice traffic, described 19-2

VPN

configuring routing in 41-81

forwarding 41-74

in service provider networks 41-71

routes 41-72

VPN routing and forwarding table

See VRF

VQP 1-7, 17-24

VRF

defining 41-74

Specifying for an SXP connection 14-3

tables 41-71

VRF-aware services

ARP 41-78

configuring 41-77

ftp 41-80

HSRP 41-79

ping 41-78

SNMP 41-78

syslog 41-79

tftp 41-80

traceroute 41-80

VTP

adding a client to a domain 18-15

advertisements 17-16, 18-3

and extended-range VLANs 17-3, 18-1

and normal-range VLANs 17-2, 18-1

client mode, configuring 18-11

configuration

guidelines 18-8

requirements 18-10

saving 18-8

configuration requirements 18-10

configuration revision number

guideline 18-15

resetting 18-16

consistency checks 18-4

default configuration 18-7

described 18-1

domain names 18-8

domains 18-2

Layer 2 protocol tunneling 21-7

modes

client 18-3

off 18-3

server 18-3

transitions 18-3

transparent 18-3

monitoring 18-16

passwords 18-8

pruning

disabling 18-14

enabling 18-14

examples 18-6

overview 18-5

support for 1-7

pruning-eligible list, changing 17-19

server mode, configuring 18-10, 18-13

statistics 18-16

support for 1-7

Token Ring support 18-4

transparent mode, configuring 18-10

using 18-1

Version

enabling 18-13

version, guidelines 18-9

Version 1 18-4

Version 2

configuration guidelines 18-9

overview 18-4

Version 3

overview 18-4

W

WCCP

authentication 49-3

configuration guidelines 49-5

default configuration 49-5

described 49-1

displaying 49-9

dynamic service groups 49-3

enabling 49-6

features unsupported 49-4

forwarding method 49-3

Layer-2 header rewrite 49-3

MD5 security 49-3

message exchange 49-2

monitoring and maintaining 49-9

negotiation 49-3

packet redirection 49-3

packet-return method 49-3

redirecting traffic received from a client 49-6

setting the password 49-6

unsupported WCCPv2 features 49-4

web authentication 12-16

configuring 13-16 to ??

described 1-8

web-based authentication

customizeable web pages 13-6

description 13-1

web-based authentication, interactions with other features 13-7

Web Cache Communication Protocol

See WCCP

weighted tail drop

See WTD

weight thresholds in tracked lists 48-5

wired location service

configuring 31-9

displaying 31-11

location TLV 31-3

understanding 31-3

WTD

described 39-13

setting thresholds

egress queue-sets 39-71

ingress queues 39-67

support for 1-12

X

Xmodem protocol 36-2