A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
K -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
X -
Index
A
AAA down policy, NAC Layer 2 IP validation 1-8
abbreviating commands 2-4
access-class command 32-17
access control entries
See ACEs
access-denied response, VMPS 14-24
access groups
applying IPv4 ACLs to interfaces 32-18
Layer 2 32-18
Layer 3 32-18
accessing
clusters, switch 5-11
command switches 5-9
member switches 5-11
switch clusters 5-11
access lists
See ACLs
access ports
defined 12-2
in switch clusters 5-8
accounting
with 802.1x 10-50
with IEEE 802.1x 10-14
with RADIUS 9-35
with TACACS+ 9-11, 9-17
ACEs
and QoS 33-7
defined 32-2
Ethernet 32-2
IP 32-2
ACLs
ACEs 32-2
any keyword 32-10
applying
time ranges to 32-14
to an interface 32-17
to QoS 33-7
classifying traffic for QoS 33-42
comments in 32-16
compiling 32-20
defined 32-1, 32-5
examples of 32-20, 33-42
extended IP, configuring for QoS classification 33-43
extended IPv4
creating 32-8
matching criteria 32-5
hardware and software handling 32-19
host keyword 32-10
IP
creating 32-5
fragments and QoS guidelines 33-32
implicit deny 32-7, 32-12, 32-13
implicit masks 32-7
matching criteria 32-5
undefined 32-18
IPv4
applying to interfaces 32-17
creating 32-5
matching criteria 32-5
named 32-12
numbers 32-6
terminal lines, setting on 32-17
unsupported features 32-4
logging messages 32-6
MAC extended 32-25, 33-44
matching 32-5, 32-18
monitoring 32-28
named, IPv4 32-12
number per QoS class map 33-32
QoS 33-7, 33-42
resequencing entries 32-12
standard IP, configuring for QoS classification 33-42
standard IPv4
creating 32-7
matching criteria 32-5
support for 1-7
support in hardware 32-19
time ranges 32-14
types supported 32-2
unsupported features, IPv4 32-4
active link 20-4, 20-5, 20-6
active links 20-2
active traffic monitoring, IP SLAs 35-1
address aliasing 23-2
addresses
displaying the MAC address table 6-30
dynamic
accelerated aging 17-8
changing the aging time 6-21
default aging 17-8
defined 6-19
learning 6-20
removing 6-22
MAC, discovering 6-30
multicast
STP address management 17-8
static
adding and removing 6-26
defined 6-19
address resolution 6-30
Address Resolution Protocol
See ARP
advertisements
CDP 25-1
LLDP 26-1, 26-2
VTP 14-16, 15-3
aggregated ports
See EtherChannel
aggregate policers 33-57
aggregate policing 1-10
aging, accelerating 17-8
aging time
accelerated
for MSTP 18-23
for STP 17-8, 17-21
MAC address table 6-21
maximum
for MSTP 18-23, 18-24
for STP 17-21, 17-22
alarm profiles
configuring 7-12
creating or modifying 7-11
alarms
displaying 7-13
power supply 7-2
temperature 7-2
alarms, RMON 29-3
allowed-VLAN list 14-18
ARP
defined 1-4, 6-30
table
address resolution 6-30
managing 6-30
associating the temperature alarms to a relay 7-9
attaching an alarm profile to a port 7-12
attributes, RADIUS
vendor-proprietary 9-38
vendor-specific 9-36
attribute-value pairs 10-12, 10-15, 10-20
authentication
local mode with AAA 9-44
NTP associations 6-5
open1x 10-29
RADIUS
key 9-28
login 9-30
TACACS+
defined 9-11
key 9-13
login 9-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 10-8
authentication failed VLAN
See restricted VLAN
authentication manager
CLI commands 10-9
compatibility with older 802.1x CLI commands10-9to ??
overview 10-7
authoritative time source, described 6-2
authorization
with RADIUS 9-34
with TACACS+ 9-11, 9-16
authorized ports with IEEE 802.1x 10-10
autoconfiguration 3-3
auto enablement 10-31
automatic discovery
considerations
beyond a noncandidate device 5-7
brand new switches 5-8
connectivity 5-4
different VLANs 5-6
management VLANs 5-7
non-CDP-capable devices 5-6
noncluster-capable devices 5-6
in switch clusters 5-4
See also CDP
automatic QoS
See QoS
auto-MDIX
configuring 12-20
described 12-19
autonegotiation
duplex mode 1-2
interface configuration guidelines 12-17
mismatches 36-4
autosensing, port speed 1-2
Auto Smartports macros
displaying 13-5
auxiliary VLAN
See voice VLAN
availability, features 1-5
B
BackboneFast
described 19-5
disabling 19-14
enabling 19-13
backup interfaces
See Flex Links
backup links 20-2
banners
configuring
login 6-19
message-of-the-day login 6-18
default configuration 6-17
when displayed 6-17
Berkeley r-tools replacement 9-57
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 21-7
DHCP snooping database 21-7
IP source guard 21-16
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 24-6
booting
boot loader, function of 3-2
boot process 3-1
manually 3-18
specific image 3-19
boot loader
accessing 3-19
described 3-2
environment variables 3-19
prompt 3-19
trap-door mechanism 3-2
BPDU
error-disabled state 19-2
filtering 19-3
RSTP format 18-12
BPDU filtering
described 19-3
disabling 19-12
enabling 19-12
support for 1-5
BPDU guard
described 19-2
disabling 19-12
enabling 19-11
support for 1-5
bridge protocol data unit
See BPDU
broadcast storm-control command 24-4
broadcast storms 24-1
C
cables, monitoring for unidirectional links 27-1
candidate switch
automatic discovery 5-4
defined 5-3
requirements 5-3
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility 10-8
CA trustpoint
configuring 9-54
defined 9-51
CDP
and trusted boundary 33-38
automatic discovery in switch clusters 5-4
configuring 25-2
default configuration 25-2
defined with LLDP 26-1
described 25-1
disabling for routing device 25-4
enabling and disabling
on an interface 25-4
on a switch 25-4
monitoring 25-5
overview 25-1
power negotiation extensions 12-4
support for 1-4
transmission timer and holdtime, setting 25-3
updates 25-3
CGMP
as IGMP snooping learning method 23-8
joining multicast group 23-3
switch support of 1-2
CipherSuites 9-52
Cisco 7960 IP Phone 16-1
Cisco Discovery Protocol
See CDP
Cisco Group Management Protocol
See CGMP
Cisco intelligent power management 12-4
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
See IFS
Cisco IOS IP SLAs 35-1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 10-20
attribute-value pairs for redirect URL 10-20
Cisco Secure ACS configuration guide 10-61
CiscoWorks 2000 1-3, 31-4
CISP 10-31
CIST regional root
See MSTP
CIST root
See MSTP
civic location 26-3
class maps for QoS
configuring 33-45
described 33-7
displaying 33-77
class of service
See CoS
clearing interfaces 12-27
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-3
editing features
enabling and disabling 2-7
keystroke editing 2-8
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
managing clusters 5-13
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client mode, VTP 15-3
clock
See system clock
clusters, switch
accessing 5-11
automatic discovery 5-4
benefits 1-2
compatibility 5-4
described 5-1
LRE profile considerations 5-13
managing
through CLI 5-13
through SNMP 5-14
planning 5-4
planning considerations
automatic discovery 5-4
CLI 5-13
host names 5-11
IP addresses 5-11
LRE profiles 5-13
passwords 5-12
RADIUS 5-12
SNMP 5-12, 5-14
TACACS+ 5-12
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
automatic recovery 5-10
considerations 5-9
defined 5-2
requirements 5-3
virtual IP address 5-9
CNS 1-4
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-7
management functions 1-4
CoA Request Commands 9-24
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 9-8
command switch
accessing 5-9
configuration conflicts 36-4
defined 5-1
password privilege levels 5-13
recovery
from lost member connectivity 36-4
requirements 5-3
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
configuring 5-12, 31-8
in clusters 5-12
overview 31-4
SNMP 5-12
compatibility, feature 24-11
config.text 3-17
configurable leave timer, IGMP 23-5
configuration, initial
defaults 1-11
Express Setup 1-2
configuration changes, logging 30-10
configuration conflicts, recovering from lost member connectivity 36-4
configuration examples, network 1-13
configuration files
archiving B-19
clearing the startup configuration B-19
creating using a text editor B-10
default name 3-17
deleting a stored configuration B-19
described B-9
downloading
automatically 3-17
preparing B-10, B-13, B-16
reasons for B-9
using FTP B-13
using RCP B-17
using TFTP B-11
guidelines for creating and using B-9
guidelines for replacing and rolling back B-20
invalid combinations when copying B-6
limiting TFTP server access 31-16
obtaining with DHCP 3-9
password recovery disable considerations 9-5
replacing a running configuration B-19, B-20
rolling back a running configuration B-19, B-20
specifying the filename 3-17
system contact and location information 31-16
types and location B-10
uploading
preparing B-10, B-13, B-16
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
configuration logger 30-10
configuration logging 2-5
configuration replacement B-19
configuration rollback B-19
configuration settings, saving 3-15
configure terminal command 12-10
configuring 802.1x user distribution 10-57
configuring port-based authentication violation modes10-39to 10-40
config-vlan mode 2-2
conflicts, configuration 36-4
connections, secure remote 9-46
connectivity problems 36-6, 36-8
consistency checks in VTP Version 2 15-4
console port, connecting to 2-10
control protocol, IP SLAs 35-4
corrupted software, recovery steps with Xmodem 36-2
CoS
override priority 16-6
trust priority 16-6
CoS input queue threshold map for QoS 33-15
CoS output queue threshold map for QoS 33-17
CoS-to-DSCP map for QoS 33-59
counters, clearing interface 12-27
CPU utilization, troubleshooting 36-15
crashinfo file 36-14
critical authentication, IEEE 802.1x 10-54
critical VLAN 10-23
cryptographic software image
Kerberos 9-40
SSH 9-45
SSL 9-50
customjzeable web pages, web-based authentication 11-5
D
DACL
See downloadable ACL
daylight saving time 6-13
debugging
enabling all system diagnostics 36-12
enabling for a specific feature 36-11
redirecting error message output 36-12
using commands 36-11
default commands 2-4
default configuration
802.1x 10-34
auto-QoS 33-19
banners 6-17
booting 3-17
CDP 25-2
DHCP 21-9
DHCP option 82 21-9
DHCP snooping 21-9
DHCP snooping binding database 21-9
DNS 6-16
dynamic ARP inspection 22-5
EtherChannel 34-9
Ethernet interfaces 12-14
Flex Links 20-7, 20-8
IGMP filtering 23-24
IGMP snooping 23-6
IGMP throttling 23-24
initial switch information 3-3
IP SLAs 35-6
IP source guard 21-17
Layer 2 interfaces 12-14
LLDP 26-4
MAC address table 6-21
MAC address-table move update 20-8
MSTP 18-14
MVR 23-19
NTP 6-4
optional spanning-tree configuration 19-9
password and privilege level 9-3
RADIUS 9-27
RMON 29-3
RSPAN 28-9
SNMP 31-6
SPAN 28-9
SSL 9-53
standard QoS 33-29
STP 17-11
system message logging 30-3
system name and prompt 6-15
TACACS+ 9-13
UDLD 27-4
VLAN, Layer 2 Ethernet interfaces 14-16
VLANs 14-6
VMPS 14-25
voice VLAN 16-3
VTP 15-7
default gateway 3-15
default web-based authentication configuration
802.1X 11-9
deleting VLANs 14-8
denial-of-service attack 24-1
description command 12-23
designing your network, examples 1-13
destination addresses
in IPv4 ACLs 32-9
destination-IP address-based forwarding, EtherChannel 34-7
destination-MAC address forwarding, EtherChannel 34-7
detecting indirect link failures, STP 19-5
device B-23
device discovery protocol 25-1, 26-1
device manager
benefits 1-2
described 1-2, 1-3
in-band management 1-4
upgrading a switch B-23
DHCP
Cisco IOS server database
configuring 21-14
default configuration 21-9
described 21-7
enabling
relay agent 21-11
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-4
DNS 3-8
relay device 3-8
server side 3-6
TFTP server 3-7
example 3-9
lease options
for IP address information 3-6
for receiving the configuration file 3-7
overview 3-3
relationship to BOOTP 3-4
relay support 1-4
support for 1-4
DHCP-based autoconfiguration and image update
configuring3-11to 3-14
understanding3-5to 3-6
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 21-5
configuration guidelines 21-9
default configuration 21-9
displaying 21-15
forwarding address, specifying 21-11
helper address 21-11
overview 21-4
packet format, suboption
circuit ID 21-5
remote ID 21-5
remote ID suboption 21-5
DHCP server port-based address allocation
configuration guidelines 21-27
default configuration 21-27
described 21-26
displaying 21-29
enabling 21-27
reserved addresses 21-27
DHCP server port-based address assignment
support for 1-4
DHCP snooping
accepting untrusted packets form edge switch 21-3, 21-13
binding database
See DHCP snooping binding database
configuration guidelines 21-9
default configuration 21-9
displaying binding tables 21-15
message exchange process 21-4
option 82 data insertion 21-4
trusted interface 21-2
untrusted interface 21-2
untrusted messages 21-2
DHCP snooping binding database
adding bindings 21-14
binding file
format 21-8
location 21-7
bindings 21-7
clearing agent statistics 21-15
configuration guidelines 21-10
configuring 21-14
default configuration 21-9
deleting
binding file 21-15
bindings 21-15
database agent 21-15
described 21-7
displaying 21-15
binding entries 21-15
status and statistics 21-15
enabling 21-14
entry 21-7
renewing database 21-15
resetting
delay value 21-15
timeout value 21-15
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 33-1
Differentiated Services Code Point 33-2
directed unicast requests 1-4
directories
changing B-4
creating and removing B-5
displaying the working B-4
discovery, clusters
See automatic discovery
displaying switch alarms 7-13
DNS
and DHCP-based autoconfiguration 3-8
default configuration 6-16
displaying the configuration 6-17
overview 6-15
setting up 6-16
support for 1-4
domain names
DNS 6-15
VTP 15-8
Domain Name System
See DNS
dot1q-tunnel switchport mode 14-15
downloadable ACL 10-18, 10-20, 10-61
downloading
configuration files
preparing B-10, B-13, B-16
reasons for B-9
using FTP B-13
using RCP B-17
using TFTP B-11
image files
deleting old image B-26
preparing B-24, B-28, B-32
reasons for B-23
using FTP B-29
using HTTP B-23
using RCP B-33
using TFTP B-25
using the device manager or Network Assistant B-23
DSCP 1-9, 33-2
DSCP input queue threshold map for QoS 33-15
DSCP output queue threshold map for QoS 33-17
DSCP-to-CoS map for QoS 33-62
DSCP-to-DSCP-mutation map for QoS 33-63
DSCP transparency 33-39
DTP 1-6, 14-14
dual-action detection 34-5
dual-purpose uplinks
defined 12-4
LEDs 12-4
link selection 12-4, 12-15
setting the type 12-15
dynamic access ports
characteristics 14-3
configuring 14-26
defined 12-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 22-1
ARP requests, described 22-1
ARP spoofing attack 22-1
clearing
log buffer 22-15
statistics 22-15
configuration guidelines 22-5
configuring
ACLs for non-DHCP environments 22-8
in DHCP environments 22-7
log buffer 22-12
rate limit for incoming ARP packets 22-4, 22-10
default configuration 22-5
denial-of-service attacks, preventing 22-10
described 22-1
DHCP snooping binding database 22-2
displaying
ARP ACLs 22-14
configuration and operating state 22-14
log buffer 22-15
statistics 22-15
trust state and rate limit 22-14
error-disabled state for exceeding rate limit 22-4
function of 22-2
interface trust states 22-3
log buffer
clearing 22-15
configuring 22-12
displaying 22-15
logging of dropped packets, described 22-4
man-in-the middle attack, described 22-2
network security issues and interface trust states 22-3
priority of ARP ACLs and DHCP snooping entries 22-4
rate limiting of ARP packets
configuring 22-10
described 22-4
error-disabled state 22-4
statistics
clearing 22-15
displaying 22-15
validation checks, performing 22-11
dynamic auto trunking mode 14-15
dynamic desirable trunking mode 14-15
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 14-24
reconfirming 14-27
troubleshooting 14-29
types of connections 14-26
Dynamic Trunking Protocol
See DTP
E
editing features
enabling and disabling 2-7
keystrokes used 2-8
wrapped lines 2-9
ELIN location 26-3
enable password 9-4
enable secret password 9-4
enabling SNMP traps 7-13
encryption, CipherSuite 9-52
encryption for passwords 9-4
environment variables, function of 3-20
error-disabled state, BPDU 19-2
error messages during command entry 2-5
EtherChannel
automatic creation of 34-4, 34-5
channel groups
binding physical and logical interfaces 34-3
numbering of 34-3
configuration guidelines 34-9
configuring
Layer 2 interfaces 34-10
default configuration 34-9
described 34-2
displaying status 34-17
forwarding methods 34-7, 34-13
IEEE 802.3ad, described 34-5
interaction
with STP 34-10
with VLANs 34-10
LACP
described 34-5
displaying status 34-17
hot-standby ports 34-15
interaction with other features 34-6
modes 34-6
port priority 34-16
system priority 34-16
load balancing 34-7, 34-13
logical interfaces, described 34-3
PAgP
aggregate-port learners 34-14
compatibility with Catalyst 1900 34-14
described 34-4
displaying status 34-17
interaction with other features 34-5
interaction with virtual switches 34-5
learn method and priority configuration 34-14
modes 34-4
support for 1-2
with dual-action detection 34-5
port-channel interfaces
described 34-3
numbering of 34-3
port groups 12-3
support for 1-2
EtherChannel guard
described 19-7
disabling 19-14
enabling 19-14
Ethernet VLANs
adding 14-7
defaults and ranges 14-7
modifying 14-7
events, RMON 29-3
examples
network configuration 1-13
expedite queue for QoS 33-75
Express Setup 1-2
See also getting started guide
extended crashinfo file 36-14
extended-range VLANs
configuration guidelines 14-10
configuring 14-10
creating 14-11
creating with an internal VLAN ID 14-12
defined 14-1
extended system ID
MSTP 18-17
STP 17-4, 17-14
Extensible Authentication Protocol over LAN 10-1
F
fa0 interface 1-5
fallback bridging
VLAN-bridge STP 17-10
Fast Convergence 20-3
FCS bit error rate alarm
configuring 7-10
defined 7-3
FCS error hysteresis threshold 7-2
features, incompatible 24-11
fiber-optic, detecting unidirectional links 27-1
files
basic crashinfo
description 36-14
location 36-14
copying B-5
crashinfo, description 36-14
deleting B-6
displaying the contents of B-8
extended crashinfo
description 36-14
location 36-15
tar
creating B-7
displaying the contents of B-7
extracting B-8
image file format B-23
file system
displaying available file systems B-1
displaying file information B-4
local file system names B-1
network file system names B-5
setting the default B-3
filtering
non-IP traffic 32-25
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
See ACLs, IP
flash device, number of B-1
flexible authentication ordering
configuring 10-64
overview 10-29
Flex Link Multicast Fast Convergence 20-3
Flex Links
configuration guidelines 20-8
configuring 20-8, 20-9
configuring preferred VLAN 20-11
configuring VLAN load balancing 20-10
default configuration 20-7
description 20-1
link load balancing 20-2
monitoring 20-14
VLANs 20-2
flooded traffic, blocking 24-7
flow-based packet classification 1-9
flowcharts
QoS classification 33-6
QoS egress queueing and scheduling 33-16
QoS ingress queueing and scheduling 33-14
QoS policing and marking 33-10
flowcontrol
configuring 12-19
described 12-18
forward-delay time
MSTP 18-23
STP 17-21
FTP
accessing MIB files A-3
configuration files
downloading B-13
overview B-12
preparing the server B-13
uploading B-14
image files
deleting old image B-30
downloading B-29
preparing the server B-28
uploading B-30
G
general query 20-5
Generating IGMP Reports 20-3
get-bulk-request operation 31-3
get-next-request operation 31-3, 31-4
get-request operation 31-3, 31-4
get-response operation 31-3
global configuration mode 2-2
global leave, IGMP 23-12
global status monitoring alarms 7-2
guest VLAN and 802.1x 10-21
GUIs
See device manager and Network Assistant
H
hello time
MSTP 18-22
STP 17-20
help, for the command line 2-3
hierarchical policy maps 33-8
configuration guidelines 33-32
configuring 33-51
described 33-11
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 30-10
host names, in clusters 5-11
hosts, limit on dynamic ports 14-29
HP OpenView 1-3
HSRP
automatic cluster recovery 5-10
cluster standby group considerations 5-9
HTTP over SSL
see HTTPS
HTTPS 9-51
configuring 9-55
self-signed certificate 9-51
HTTP secure server 9-51
I
ICMP
time-exceeded messages 36-8
traceroute and 36-8
unreachable messages 32-18
unreachables and ACLs 32-19
ICMP Echo operation
configuring 35-11
IP SLAs 35-11
ICMP ping
overview 36-6
IDS appliances
and ingress RSPAN 28-19
and ingress SPAN 28-13
IEEE 802.1D
See STP
IEEE 802.1p 16-1
IEEE 802.1Q
and trunk ports 12-3
configuration limitations 14-15
native VLAN for untagged traffic 14-19
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3x flow control 12-18
ifIndex values, SNMP 31-5
IFS 1-4
IGMP
configurable leave timer
described 23-5
enabling 23-11
flooded multicast traffic
controlling the length of time 23-12
disabling on an interface 23-13
global leave 23-12
query solicitation 23-12
recovering from flood mode 23-12
joining multicast group 23-3
join messages 23-3
leave processing, enabling 23-10
leaving multicast group 23-5
queries 23-4
report suppression
described 23-6
disabling 23-15
supported versions 23-2
support for 1-2
IGMP filtering
configuring 23-24
default configuration 23-24
described 23-23
monitoring 23-28
support for 1-3
IGMP groups
configuring filtering 23-27
setting the maximum number 23-26
IGMP helper 1-3
IGMP Immediate Leave
configuration guidelines 23-11
described 23-5
enabling 23-10
IGMP profile
applying 23-26
configuration mode 23-24
configuring 23-25
IGMP snooping
and address aliasing 23-2
configuring 23-6
default configuration 23-6
definition 23-1
enabling and disabling 23-7
global configuration 23-7
Immediate Leave 23-5
method 23-8
monitoring 23-15
querier
configuration guidelines 23-14
configuring 23-14
supported versions 23-2
support for 1-3
VLAN configuration 23-7
IGMP throttling
configuring 23-27
default configuration 23-24
described 23-24
displaying action 23-28
Immediate Leave, IGMP 23-5
inaccessible authentication bypass 10-23
support for multiauth ports 10-23
initial configuration
defaults 1-11
Express Setup 1-2
interface
number 12-9
range macros 12-12
interface command12-9to 12-10
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 12-19
configuration guidelines
duplex and speed 12-17
configuring
procedure 12-10
counters, clearing 12-27
default configuration 12-14
described 12-23
descriptive name, adding 12-23
displaying information about 12-26
flow control 12-18
management 1-3
monitoring 12-26
naming 12-23
physical, identifying 12-9
range of 12-10
restarting 12-27
shutting down 12-27
speed and duplex, configuring 12-17
status 12-26
supported 12-9
types of 12-1
interfaces range macro command 12-12
interface types 12-9
Intrusion Detection System
See IDS appliances
inventory management TLV 26-3, 26-7
IP ACLs
for QoS classification 33-7
implicit deny 32-7, 32-12
implicit masks 32-7
named 32-12
undefined 32-18
IP addresses
candidate or member 5-3, 5-11
cluster access 5-2
command switch 5-3, 5-9, 5-11
discovering 6-30
redundant clusters 5-9
standby command switch 5-9, 5-11
See also IP information
ip igmp profile command 23-24
IP information
assigned
manually 3-14
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing
and IGMP snooping 23-1
IP phones
and QoS 16-1
automatic classification and queueing 33-19
configuring 16-4
ensuring port security with QoS 33-37
trusted boundary for QoS 33-37
IP Port Security for Static Hosts
on a Layer 2 access port 21-19
on a PVLAN host port 21-24
IP precedence 33-2
IP-precedence-to-DSCP map for QoS 33-60
IP protocols
in ACLs 32-9
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 35-1
IP SLAs
benefits 35-2
configuration guidelines 35-6
Control Protocol 35-4
default configuration 35-6
definition 35-1
ICMP echo operation 35-11
measuring network performance 35-3
monitoring 35-13
multioperations scheduling 35-5
operation 35-3
responder
described 35-4
response time 35-4
scheduling 35-5
SNMP support 35-2
supported metrics 35-2
threshold monitoring 35-6
UDP jitter operation 35-8
IP source guard
and 802.1x 21-18
and DHCP snooping 21-15
and EtherChannels 21-18
and port security 21-18
and private VLANs 21-18
and routed ports 21-17
and TCAM entries 21-18
and trunk interfaces 21-18
and VRF 21-18
binding configuration
automatic 21-16
manual 21-16
binding table 21-16
configuration guidelines 21-17
default configuration 21-17
described 21-15
disabling 21-19
displaying
active IP or MAC bindings 21-26
bindings 21-26
configuration 21-26
enabling 21-18, 21-19
filtering
source IP address 21-16
source IP and MAC address 21-16
source IP address filtering 21-16
source IP and MAC address filtering 21-16
static bindings
adding 21-18, 21-19
deleting 21-19
static hosts 21-19
IP traceroute
executing 36-9
overview 36-8
IPv4 ACLs
applying to interfaces 32-17
extended, creating 32-8
named 32-12
standard, creating 32-7
J
join messages, IGMP 23-3
K
KDC
described 9-41
See also Kerberos
Kerberos
authenticating to
boundary switch 9-43
KDC 9-43
network services 9-44
configuration examples 9-40
configuring 9-44
credentials 9-41
cryptographic software image 9-40
described 9-41
KDC 9-41
operation 9-43
realm 9-42
server 9-42
support for 1-8
switch as trusted third party 9-40
terms 9-41
TGT 9-42
tickets 9-41
key distribution center
See KDC
L
LACP
See EtherChannel
Layer 2 frames, classification with CoS 33-2
Layer 2 interfaces, default configuration 12-14
Layer 2 traceroute
and ARP 36-7
and CDP 36-7
broadcast traffic 36-7
described 36-7
IP addresses and subnets 36-7
MAC addresses and VLANs 36-7
multicast traffic 36-7
multiple devices on a port 36-8
unicast traffic 36-7
usage guidelines 36-7
Layer 3 packets, classification methods 33-2
LDAP 4-2
Leaking IGMP Reports 20-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-3
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 18-7
link fault alarm 7-3
Link Layer Discovery Protocol
See CDP
link redundancy
See Flex Links
links, unidirectional 27-1
link-state tracking
configuring 34-20
described 34-18
LLDP
configuring 26-4
characteristics 26-6
default configuration 26-4
enabling 26-5
monitoring and maintaining 26-10
overview 26-1
supported TLVs 26-1
switch stack considerations 26-2
transmission timer and holdtime, setting 26-6
LLDP-MED
configuring
procedures 26-4
TLVs 26-7
monitoring and maintaining 26-10
overview 26-1, 26-2
supported TLVs 26-2
LLDP Media Endpoint Discovery
See LLDP-MED
local SPAN 28-2
location TLV 26-3, 26-7
logging messages, ACL 32-6
login authentication
with RADIUS 9-30
with TACACS+ 9-14
login banners 6-17
log messages
See system message logging
loop guard
described 19-9
enabling 19-15
support for 1-6
LRE profiles, considerations in switch clusters 5-13
M
MAB
See MAC authentication bypass
MAB aging timer 1-7
MAB inactivity timer
default setting 10-34
range 10-37
MAC/PHY configuration status TLV 26-2
MAC addresses
aging time 6-21
and VLAN association 6-20
building the address table 6-20
default configuration 6-21
disabling learning on a VLAN 6-29
discovering 6-30
displaying 6-30
displaying in the IP source binding table 21-26
dynamic
learning 6-20
removing 6-22
in ACLs 32-25
static
adding 6-27
allowing 6-28, 6-29
characteristics of 6-26
dropping 6-28
removing 6-27
MAC address learning 1-4
MAC address learning, disabling on a VLAN 6-29
MAC address notification, support for 1-10
MAC address-table move update
configuration guidelines 20-8
configuring 20-12
default configuration 20-8
description 20-6
monitoring 20-14
MAC address-to-VLAN mapping 14-24
MAC authentication bypass 10-37
configuring 10-57
overview 10-16
See MAB
MAC extended access lists
applying to Layer 2 interfaces 32-26
configuring for QoS 33-44
creating 32-25
defined 32-25
for QoS classification 33-5
magic packet 10-26
manageability features 1-4
management access
in-band
browser session 1-4
CLI session 1-4
device manager 1-4
SNMP 1-5
out-of-band console port connection 1-5
management address TLV 26-2
management options
CLI 2-1
clustering 1-2
CNS 4-1
overview 1-3
management VLAN
considerations in switch clusters 5-7
discovery through different management VLANs 5-7
mapping tables for QoS
configuring
CoS-to-DSCP 33-59
DSCP 33-59
DSCP-to-CoS 33-62
DSCP-to-DSCP-mutation 33-63
IP-precedence-to-DSCP 33-60
policed-DSCP 33-61
described 33-12
marking
action with aggregate policers 33-57
described 33-3, 33-8
matching, IPv4 ACLs 32-5
maximum aging time
MSTP 18-23
STP 17-21
maximum hop count, MSTP 18-24
maximum number of allowed devices, port-based authentication 10-37
MDA
configuration guidelines10-12to 10-13
described 1-7, 10-12
exceptions with authentication process 10-5
membership mode, VLAN port 14-3
member switch
automatic discovery 5-4
defined 5-1
managing 5-13
passwords 5-11
recovering from lost connectivity 36-4
requirements 5-3
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 6-17
MIBs
accessing files with FTP A-3
location of files A-3
overview 31-1
SNMP interaction with 31-4
supported A-1
mirroring traffic for analysis 28-1
mismatches, autonegotiation 36-4
module number 12-9
monitoring
access groups 32-28
alarms 7-13
cables for unidirectional links 27-1
CDP 25-5
features 1-10
Flex Links 20-14
IGMP
filters 23-28
snooping 23-15
interfaces 12-26
IP SLAs operations 35-13
IPv4 ACL configuration 32-28
MAC address-table move update 20-14
multicast router interfaces 23-16
MVR 23-23
network traffic for analysis with probe 28-2
port
blocking 24-18
protection 24-18
SFP status 12-26, 36-6
speed and duplex mode 12-18
traffic flowing among switches 29-1
traffic suppression 24-18
VLAN
filters 32-28
maps 32-28
VLANs 14-13
VMPS 14-28
VTP 15-16
mrouter Port 20-3
mrouter port 20-5
MSTP
boundary ports
configuration guidelines 18-15
described 18-6
BPDU filtering
described 19-3
enabling 19-12
BPDU guard
described 19-2
enabling 19-11
CIST, described 18-3
CIST regional root 18-3
CIST root 18-5
configuration guidelines 18-14, 19-10
configuring
forward-delay time 18-23
hello time 18-22
link type for rapid convergence 18-24
maximum aging time 18-23
maximum hop count 18-24
MST region 18-15
neighbor type 18-25
path cost 18-20
port priority 18-19
root switch 18-17
secondary root switch 18-18
switch priority 18-21
CST
defined 18-3
operations between regions 18-3
default configuration 18-14
default optional feature configuration 19-9
displaying status 18-26
enabling the mode 18-15
EtherChannel guard
described 19-7
enabling 19-14
extended system ID
effects on root switch 18-17
effects on secondary root switch 18-18
unexpected behavior 18-17
IEEE 802.1s
implementation 18-6
port role naming change 18-6
terminology 18-5
instances supported 17-9
interface state, blocking to forwarding 19-2
interoperability and compatibility among modes 17-10
interoperability with IEEE 802.1D
described 18-8
restarting migration process 18-25
IST
defined 18-2
master 18-3
operations within a region 18-3
loop guard
described 19-9
enabling 19-15
mapping VLANs to MST instance 18-16
MST region
CIST 18-3
configuring 18-15
described 18-2
hop-count mechanism 18-5
IST 18-2
supported spanning-tree instances 18-2
optional features supported 1-5
overview 18-2
Port Fast
described 19-2
enabling 19-10
preventing root switch selection 19-8
root guard
described 19-8
enabling 19-15
root switch
configuring 18-17
effects of extended system ID 18-17
unexpected behavior 18-17
shutdown Port Fast-enabled port 19-2
status, displaying 18-26
multiauth
support for inaccessible authentication bypass 10-23
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 23-5
joining 23-3
leaving 23-5
static joins 23-10
multicast packets
blocking 24-7
multicast router interfaces, monitoring 23-16
multicast router ports, adding 23-9
multicast storm 24-1
multicast storm-control command 24-4
multicast television application 23-17
multicast VLAN 23-17
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multioperations scheduling, IP SLAs 35-5
multiple authentication 10-13
multiple authentication mode
configuring 10-43
MVR
and address aliasing 23-20
and IGMPv3 23-20
configuration guidelines 23-19
configuring interfaces 23-21
default configuration 23-19
described 23-17
example application 23-17
modes 23-20
monitoring 23-23
multicast television application 23-17
setting global parameters 23-20
N
NAC
AAA down policy 1-8
critical authentication 10-23, 10-54
IEEE 802.1x authentication using a RADIUS server 10-59
IEEE 802.1x validation using RADIUS server 10-59
inaccessible authentication bypass 1-8, 10-54
Layer 2 IEEE 802.1x validation 1-8, 10-29, 10-59
Layer 2 IP validation 1-8
named IPv4 ACLs 32-12
NameSpace Mapper
See NSM
native VLAN
configuring 14-19
default 14-19
NEAT
configuring 10-60
overview 10-30
Network Admission Control
NAC
Network Assistant
benefits 1-2
described 1-3
network configuration examples
increasing network performance 1-13
providing network services 1-14
network design
performance 1-13
services 1-14
Network Edge Access Topology
See NEAT
network management
CDP 25-1
RMON 29-1
SNMP 31-1
network performance, measuring with IP SLAs 35-3
network policy TLV 26-2, 26-7
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
configuration guidelines 33-32
described 33-9
non-IP traffic filtering 32-25
nontrunking mode 14-15
normal-range VLANs 14-4
configuration guidelines 14-5
configuring 14-4
defined 14-1
NSM 4-3
NTP
associations
authenticating 6-5
defined 6-2
enabling broadcast messages 6-7
peer 6-6
server 6-6
default configuration 6-4
displaying the configuration 6-11
overview 6-2
restricting access
creating an access group 6-9
disabling NTP services per interface 6-10
source IP address, configuring 6-10
stratum 6-2
support for 1-4
synchronizing devices 6-6
time
services 6-2
synchronizing 6-2
O
off mode, VTP 15-3
open1x
configuring 10-65
open1x authentication
overview 10-29
optimizing system resources 8-1
options, management 1-3
out-of-profile markdown 1-10
P
packet modification, with QoS 33-18
PAgP
See EtherChannel
passwords
default configuration 9-3
disabling recovery of 9-5
encrypting 9-4
for security 1-7
in clusters 5-12
overview 9-1
recovery of 36-3
setting
enable 9-3
enable secret 9-4
Telnet 9-6
with usernames 9-7
VTP domain 15-8
path cost
MSTP 18-20
STP 17-18
performance, network design 1-13
performance features 1-2
persistent self-signed certificate 9-51
per-user ACLs and Filter-Ids 10-8
per-VLAN spanning-tree plus
See PVST+
physical ports 12-2
PIM-DVMRP, as snooping method 23-8
ping
overview 36-6
PoE
auto mode 12-6
CDP with power consumption, described 12-4
CDP with power negotiation, described 12-4
Cisco intelligent power management 12-4
configuring 12-20
devices supported 12-4
high-power devices operating in low-power mode 12-5
IEEE power classification levels 12-5
monitoring 12-7
policing power usage 12-7
power budgeting 12-22
power consumption 12-22
powered-device detection and initial power allocation 12-5
power management modes 12-6
power negotiation extensions to CDP 12-4
standards supported 12-4
static mode 12-6
troubleshooting 36-5
policed-DSCP map for QoS 33-61
policers
configuring
for each matched traffic class 33-47
for more than one traffic class 33-57
described 33-3
displaying 33-77
number of 33-33
types of 33-9
policing
described 33-3
hierarchical
See hierarchical policy maps
token-bucket algorithm 33-9
policy maps for QoS
characteristics of 33-47
described 33-7
displaying 33-77
hierarchical 33-8
hierarchical on SVIs
configuration guidelines 33-32
configuring 33-51
described 33-11
nonhierarchical on physical ports
configuration guidelines 33-32
described 33-9
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 10-14
authentication server
defined 10-3, 11-2
RADIUS server 10-3
client, defined 10-3, 11-2
configuration guidelines 10-35, 11-9
configuring
802.1x authentication 10-40
guest VLAN 10-51
host mode 10-43
inaccessible authentication bypass 10-54
manual re-authentication of a client 10-45
periodic re-authentication 10-44
quiet period 10-46
RADIUS server 10-43, 11-12
RADIUS server parameters on the switch 10-42, 11-11
restricted VLAN 10-52
switch-to-client frame-retransmission number 10-47, 10-48
switch-to-client retransmission time 10-46
violation modes10-39to 10-40
default configuration 10-34, 11-9
described 10-1
device roles 10-2, 11-2
displaying statistics 10-67, 11-17
downloadable ACLs and redirect URLs
configuring10-61to10-63, ??to 10-64
overview10-18to 10-20
EAPOL-start frame 10-5
EAP-request/identity frame 10-5
EAP-response/identity frame 10-5
enabling
802.1X authentication 11-11
encapsulation 10-3
flexible authentication ordering
configuring 10-64
overview 10-29
guest VLAN
configuration guidelines 10-22, 10-23
described 10-21
host mode 10-11
inaccessible authentication bypass
configuring 10-54
described 10-23
guidelines 10-36
initiation and message exchange 10-5
magic packet 10-26
maximum number of allowed devices per port 10-37
method lists 10-40
multiple authentication 10-13
per-user ACLs
AAA authorization 10-40
configuration tasks 10-18
described 10-17
RADIUS server attributes 10-18
ports
authorization state and dot1x port-control command 10-10
authorized and unauthorized 10-10
voice VLAN 10-24
port security
and voice VLAN 10-26
described 10-25
interactions 10-25
multiple-hosts mode 10-11
readiness check
configuring 10-37
described 10-16, 10-37
resetting to default values 10-66
statistics, displaying 10-67
switch
as proxy 10-3, 11-2
RADIUS client 10-3
switch supplicant
configuring 10-60
overview 10-30
user distribution
guidelines 10-28
overview 10-28
VLAN assignment
AAA authorization 10-40
characteristics 10-16
configuration tasks 10-17
described 10-16
voice aware 802.1x security
configuring 10-38
described 10-30, 10-38
voice VLAN
described 10-24
PVID 10-24
VVID 10-24
wake-on-LAN, described 10-26
with ACLs and RADIUS Filter-Id attribute 10-31
port-based authentication methods, supported 10-7
port blocking 1-2, 24-6
port-channel
See EtherChannel
port description TLV 26-1
Port Fast
described 19-2
enabling 19-10
mode, spanning tree 14-25
support for 1-5
port membership modes, VLAN 14-3
port not forwarding alarm 7-3
port not operating alarm 7-3
port priority
MSTP 18-19
STP 17-16
ports
access 12-2
blocking 24-6
dual-purpose uplink 12-4
dynamic access 14-3
protected 24-5
secure 24-8
static-access 14-3, 14-9
switch 12-2
trunks 14-3, 14-14
VLAN assignments 14-9
port security
aging 24-16
and private VLANs 24-17
and QoS trusted boundary 33-37
configuring 24-12
default configuration 24-10
described 24-7
displaying 24-18
enabling 24-17
on trunk ports 24-13
sticky learning 24-8
violations 24-9
with other features 24-10
port-shutdown response, VMPS 14-24
port status monitoring alarms
FCS bit error rate alarm 7-3
link fault alarm 7-3
port not forwarding alarm 7-3
port not operating alarm 7-3
port VLAN ID TLV 26-2
power management TLV 26-2, 26-7
power over Ethernet
See PoE
preemption, default configuration 20-7
preemption delay, default configuration 20-8
preferential treatment of traffic
See QoS
preventing unauthorized access 9-1
primary links 20-2
priority
overriding CoS 16-6
trusting CoS 16-6
private VLAN edge ports
See protected ports
privileged EXEC mode 2-2
privilege levels
changing the default for lines 9-9
command switch 5-13
exiting 9-10
logging into 9-10
mapping on member switches 5-13
overview 9-2, 9-8
setting a command with 9-8
protected ports 1-7, 24-5
proxy reports 20-3
pruning, VTP
disabling
in VTP domain 15-14
on a port 14-19
enabling
in VTP domain 15-14
on a port 14-19
examples 15-6
overview 15-5
pruning-eligible list
changing 14-19
for VTP pruning 15-5
VLANs 15-14
PVST+
described 17-9
IEEE 802.1Q trunking interoperability 17-10
instances supported 17-9
Q
QoS
auto-QoS
categorizing traffic 33-19
configuration and defaults display 33-28
configuration guidelines 33-24
described 33-18
disabling 33-26
displaying generated commands 33-26
displaying the initial configuration 33-28
effects on running configuration 33-24
egress queue defaults 33-20
enabling for VoIP 33-25
example configuration 33-27
ingress queue defaults 33-19
list of generated commands 33-21
basic model 33-3
classification
class maps, described 33-7
defined 33-3
DSCP transparency, described 33-39
flowchart 33-6
forwarding treatment 33-3
in frames and packets 33-2
IP ACLs, described 33-5, 33-7
MAC ACLs, described 33-5, 33-7
options for IP traffic 33-5
options for non-IP traffic 33-4
policy maps, described 33-7
trust DSCP, described 33-4
trusted CoS, described 33-4
trust IP precedence, described 33-4
class maps
configuring 33-45
displaying 33-77
configuration guidelines
auto-QoS 33-24
standard QoS 33-32
configuring
aggregate policers 33-57
auto-QoS 33-18
default port CoS value 33-37
DSCP maps 33-59
DSCP transparency 33-39
DSCP trust states bordering another domain 33-39
egress queue characteristics 33-69
ingress queue characteristics 33-65
IP extended ACLs 33-43
IP standard ACLs 33-42
MAC ACLs 33-44
policy maps, hierarchical 33-51
port trust states within the domain 33-35
trusted boundary 33-37
default auto configuration 33-19
default standard configuration 33-29
displaying statistics 33-77
DSCP transparency 33-39
egress queues
allocating buffer space 33-70
buffer allocation scheme, described 33-16
configuring shaped weights for SRR 33-73
configuring shared weights for SRR 33-74
described 33-3
displaying the threshold map 33-73
flowchart 33-16
mapping DSCP or CoS values 33-72
scheduling, described 33-4
setting WTD thresholds 33-70
WTD, described 33-17
enabling globally 33-34
flowcharts
classification 33-6
egress queueing and scheduling 33-16
ingress queueing and scheduling 33-14
policing and marking 33-10
implicit deny 33-7
ingress queues
allocating bandwidth 33-67
allocating buffer space 33-67
buffer and bandwidth allocation, described 33-15
configuring shared weights for SRR 33-67
configuring the priority queue 33-68
described 33-3
displaying the threshold map 33-66
flowchart 33-14
mapping DSCP or CoS values 33-65
priority queue, described 33-15
scheduling, described 33-3
setting WTD thresholds 33-65
WTD, described 33-15
IP phones
automatic classification and queueing 33-19
detection and trusted settings 33-19, 33-37
limiting bandwidth on egress interface 33-76
mapping tables
CoS-to-DSCP 33-59
displaying 33-77
DSCP-to-CoS 33-62
DSCP-to-DSCP-mutation 33-63
IP-precedence-to-DSCP 33-60
policed-DSCP 33-61
types of 33-12
marked-down actions 33-49, 33-54
marking, described 33-3, 33-8
overview 33-1
packet modification 33-18
policers
configuring 33-49, 33-54, 33-57
described 33-8
displaying 33-77
number of 33-33
types of 33-9
policies, attaching to an interface 33-8
policing
described 33-3, 33-8
token bucket algorithm 33-9
policy maps
characteristics of 33-47
displaying 33-77
hierarchical 33-8
hierarchical on SVIs 33-51
nonhierarchical on physical ports 33-47
QoS label, defined 33-3
queues
configuring egress characteristics 33-69
configuring ingress characteristics 33-65
high priority (expedite) 33-17, 33-75
location of 33-13
SRR, described 33-14
WTD, described 33-13
rewrites 33-18
support for 1-9
trust states
bordering another domain 33-39
described 33-4
trusted device 33-37
within the domain 33-35
quality of service
See QoS
queries, IGMP 23-4
query solicitation, IGMP 23-12
R
RADIUS
attributes
vendor-proprietary 9-38
vendor-specific 9-36
configuring
accounting 9-35
authentication 9-30
authorization 9-34
communication, global 9-28, 9-36
communication, per-server 9-28
multiple UDP ports 9-28
default configuration 9-27
defining AAA server groups 9-32
displaying the configuration 9-40
identifying the server 9-28
in clusters 5-12
limiting the services to the user 9-34
method list, defined 9-27
operation of 9-20
overview 9-18
server load balancing 9-40
suggested network environments 9-19
support for 1-8
tracking services accessed by user 9-35
RADIUS Change of Authorization 9-20
range
macro 12-12
of interfaces 12-11
rapid convergence 18-9
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 17-9
IEEE 802.1Q trunking interoperability 17-10
instances supported 17-9
Rapid Spanning Tree Protocol
See RSTP
rcommand command 5-13
RCP
configuration files
downloading B-17
overview B-15
preparing the server B-16
uploading B-18
image files
deleting old image B-34
downloading B-33
preparing the server B-32
uploading B-34
readiness check
port-based authentication
configuring 10-37
described 10-16, 10-37
reconfirmation interval, VMPS, changing 14-27
reconfirming dynamic VLAN membership 14-27
recovery procedures 36-1
redirect URL 10-18, 10-20, 10-61
redundancy
EtherChannel 34-3
STP
backbone 17-8
path cost 14-22
port priority 14-20
redundant links and UplinkFast 19-13
reloading software 3-21
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 28-2
report suppression, IGMP
described 23-6
disabling 23-15
resequencing ACL entries 32-12
reserved addresses in DHCP pools 21-27
resetting a UDLD-shutdown interface 27-6
responder, IP SLAs
described 35-4
response time, measuring with IP SLAs 35-4
restricted VLAN
configuring 10-52
described 10-22
using with IEEE 802.1x 10-22
restricting access
NTP services 6-8
overview 9-1
passwords and privilege levels 9-2
RADIUS 9-18
TACACS+ 9-10
retry count, VMPS, changing 14-28
RFC
1112, IP multicast and IGMP 23-2
1157, SNMPv1 31-2
1305, NTP 6-2
1757, RMON 29-2
1901, SNMPv2C 31-2
1902 to 1907, SNMPv2 31-2
2236, IP multicast and IGMP 23-2
2273-2275, SNMPv3 31-2
RFC 5176 Compliance 9-21
RMON
default configuration 29-3
displaying status 29-6
enabling alarms and events 29-3
groups supported 29-2
overview 29-1
statistics
collecting group Ethernet 29-5
collecting group history 29-5
support for 1-10
root guard
described 19-8
enabling 19-15
support for 1-6
root switch
MSTP 18-17
STP 17-14
RSPAN
characteristics 28-8
configuration guidelines 28-15
default configuration 28-9
defined 28-2
destination ports 28-7
displaying status 28-22
interaction with other features 28-8
monitored ports 28-5
monitoring ports 28-7
overview 1-10, 28-1
received traffic 28-4
sessions
creating 28-16
defined 28-3
limiting source traffic to specific VLANs 28-21
specifying monitored ports 28-16
with ingress traffic enabled 28-19
source ports 28-5
transmitted traffic 28-5
VLAN-based 28-6
RSTP
active topology 18-9
BPDU
format 18-12
processing 18-12
designated port, defined 18-9
designated switch, defined 18-9
interoperability with IEEE 802.1D
described 18-8
restarting migration process 18-25
topology changes 18-13
overview 18-8
port roles
described 18-9
synchronized 18-11
proposal-agreement handshake process 18-10
rapid convergence
described 18-9
edge ports and Port Fast 18-9
point-to-point links 18-10, 18-24
root ports 18-10
root port, defined 18-9
See also MSTP
running configuration
replacing B-19, B-20
rolling back B-19, B-20
running configuration, saving 3-15
S
scheduled reloads 3-21
scheduling, IP SLAs operations 35-5
SCP
and SSH 9-57
configuring 9-58
SD flash memory card B-2
SDM
templates
configuring 8-3
SDM template
configuration guidelines 8-2
configuring 8-2
Secure Copy Protocol
Secure Digital flash memory card
See SD flash memory card
secure HTTP client
configuring 9-56
displaying 9-57
secure HTTP server
configuring 9-55
displaying 9-57
secure MAC addresses
deleting 24-15
maximum number of 24-9
types of 24-8
secure ports, configuring 24-8
secure remote connections 9-46
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 24-7
security features 1-6
See SCP
sequence numbers in log messages 30-8
server mode, VTP 15-3
service-provider network, MSTP and RSTP 18-1
set-request operation 31-4
setting a secondary temperature threshold 7-7, 7-8
setting power supply alarm options 7-6
setting the FCS error hysteresis threshold 7-10
severity levels, defining in system messages 30-8
SFPs
monitoring status of 12-26, 36-6
security and identification 36-5
status, displaying 36-6
shaped round robin
See SRR
show access-lists hw-summary command 32-19
show alarm commands 7-13
show and more command output, filtering 2-10
show cdp traffic command 25-5
show cluster members command 5-13
show configuration command 12-23
show forward command 36-12
show interfaces command 12-18, 12-23
show interfaces switchport 20-4
show lldp traffic command 26-11
show platform forward command 36-12
show running-config command
displaying ACLs 32-17, 32-18
interface description in 12-23
shutdown command on interfaces 12-27
Simple Network Management Protocol
See SNMP
Smartports macros
applying Cisco-default macros 13-3
applying global parameter values 13-3
configuration guidelines 13-2
default configuration 13-1
displaying 13-5
tracing 13-2
SNAP 25-1
SNMP
accessing MIB variables with 31-4
agent
described 31-4
disabling 31-7
and IP SLAs 35-2
authentication level 31-10
community strings
configuring 31-8
overview 31-4
configuration examples 31-17
default configuration 31-6
engine ID 31-7
groups 31-6, 31-9
host 31-6
ifIndex values 31-5
in-band management 1-5
in clusters 5-12
informs
and trap keyword 31-11
described 31-5
differences from traps 31-5
disabling 31-15
enabling 31-15
limiting access by TFTP servers 31-16
limiting system log messages to NMS 30-10
manager functions 1-3, 31-3
managing clusters with 5-14
MIBs
location of A-3
supported A-1
notifications 31-5
overview 31-1, 31-4
security levels 31-3
setting CPU threshold notification 31-15
status, displaying 31-18
system contact and location 31-16
trap manager, configuring 31-13
traps
described 31-3, 31-5
differences from informs 31-5
disabling 31-15
enabling 31-11
enabling MAC address notification 6-22, 6-24, 6-25
overview 31-1, 31-4
types of 31-12
users 31-6, 31-9
versions supported 31-2
SNMPv1 31-2
SNMPv2C 31-2
SNMPv3 31-2
snooping, IGMP 23-1
software images
location in flash B-23
recovery procedures 36-2
scheduling reloads 3-21
tar file format, described B-23
See also downloading and uploading
source addresses
in IPv4 ACLs 32-9
source-and-destination-IP address based forwarding, EtherChannel 34-7
source-and-destination MAC address forwarding, EtherChannel 34-7
source-IP address based forwarding, EtherChannel 34-7
source-MAC address forwarding, EtherChannel 34-7
SPAN
configuration guidelines 28-10
default configuration 28-9
destination ports 28-7
displaying status 28-22
interaction with other features 28-8
monitored ports 28-5
monitoring ports 28-7
overview 1-10, 28-1
ports, restrictions 24-11
received traffic 28-4
sessions
configuring ingress forwarding 28-14, 28-20
creating 28-11
defined 28-3
limiting source traffic to specific VLANs 28-14
removing destination (monitoring) ports 28-12
specifying monitored ports 28-11
with ingress traffic enabled 28-13
source ports 28-5
transmitted traffic 28-5
VLAN-based 28-6
spanning tree and native VLANs 14-15
Spanning Tree Protocol
See STP
SPAN traffic 28-4
SRR
configuring
shaped weights on egress queues 33-73
shared weights on egress queues 33-74
shared weights on ingress queues 33-67
described 33-14
shaped mode 33-14
shared mode 33-14
support for 1-10
SSH
configuring 9-47
cryptographic software image 9-45
described 1-5, 9-46
encryption methods 9-46
user authentication methods, supported 9-46
SSL
configuration guidelines 9-53
configuring a secure HTTP client 9-56
configuring a secure HTTP server 9-55
cryptographic software image 9-50
described 9-50
monitoring 9-57
standby command switch
configuring
considerations 5-9
defined 5-2
requirements 5-3
virtual IP address 5-9
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby links 20-2
startup configuration
booting
manually 3-18
specific image 3-19
clearing B-19
configuration file
automatically downloading 3-17
specifying the filename 3-17
default boot configuration 3-17
static access ports
assigning to VLAN 14-9
defined 12-3, 14-3
static addresses
See addresses
static MAC addressing 1-7
static VLAN membership 14-2
statistics
802.1X 11-17
802.1x 10-67
CDP 25-5
interface 12-26
LLDP 26-10
LLDP-MED 26-10
NMSP 26-10
QoS ingress and egress 33-77
RMON group Ethernet 29-5
RMON group history 29-5
SNMP input and output 31-18
VTP 15-16
sticky learning 24-8
storm control
configuring 24-3
described 24-1
disabling 24-5
displaying 24-18
support for 1-2
thresholds 24-1
STP
accelerating root port selection 19-4
BackboneFast
described 19-5
disabling 19-14
enabling 19-13
BPDU filtering
described 19-3
disabling 19-12
enabling 19-12
BPDU guard
described 19-2
disabling 19-12
enabling 19-11
BPDU message exchange 17-3
configuration guidelines 17-12, 19-10
configuring
forward-delay time 17-21
hello time 17-20
maximum aging time 17-21
path cost 17-18
port priority 17-16
root switch 17-14
secondary root switch 17-16
spanning-tree mode 17-13
switch priority 17-19
transmit hold-count 17-22
counters, clearing 17-22
default configuration 17-11
default optional feature configuration 19-9
designated port, defined 17-3
designated switch, defined 17-3
detecting indirect link failures 19-5
disabling 17-14
displaying status 17-22
EtherChannel guard
described 19-7
disabling 19-14
enabling 19-14
extended system ID
effects on root switch 17-14
effects on the secondary root switch 17-16
overview 17-4
unexpected behavior 17-14
features supported 1-5
IEEE 802.1D and bridge ID 17-4
IEEE 802.1D and multicast addresses 17-8
IEEE 802.1t and VLAN identifier 17-4
inferior BPDU 17-3
instances supported 17-9
interface state, blocking to forwarding 19-2
interface states
blocking 17-5
disabled 17-7
forwarding 17-5, 17-6
learning 17-6
listening 17-6
overview 17-4
interoperability and compatibility among modes 17-10
limitations with IEEE 802.1Q trunks 17-10
load sharing
overview 14-20
using path costs 14-22
using port priorities 14-21
loop guard
described 19-9
enabling 19-15
modes supported 17-9
multicast addresses, effect of 17-8
optional features supported 1-5
overview 17-2
path costs 14-22, 14-23
Port Fast
described 19-2
enabling 19-10
port priorities 14-21
preventing root switch selection 19-8
protocols supported 17-9
redundant connectivity 17-8
root guard
described 19-8
enabling 19-15
root port, defined 17-3
root switch
configuring 17-14
effects of extended system ID 17-4, 17-14
election 17-3
unexpected behavior 17-14
shutdown Port Fast-enabled port 19-2
status, displaying 17-22
superior BPDU 17-3
timers, described 17-20
UplinkFast
described 19-3
enabling 19-13
VLAN-bridge 17-10
stratum, NTP 6-2
success response, VMPS 14-24
summer time 6-13
SunNet Manager 1-3
supported port-based authentication methods 10-7
SVIs
connecting VLANs 12-9
switch clustering technology 5-1
See also clusters, switch
switch console port 1-5
Switch Database Management
See SDM
Switched Port Analyzer
See SPAN
switched ports 12-2
switchport backup interface 20-4, 20-5
switchport block multicast command 24-7
switchport block unicast command 24-7
switchport command 12-14
switchport protected command 24-6
switch priority
MSTP 18-21
STP 17-19
switch software features 1-1
syslog
See system message logging
system capabilities TLV 26-1
system clock
configuring
daylight saving time 6-13
manually 6-11
summer time 6-13
time zones 6-12
displaying the time and date 6-12
overview 6-1
See also NTP
system description TLV 26-1
system message logging
default configuration 30-3
defining error message severity levels 30-8
disabling 30-4
displaying the configuration 30-13
enabling 30-4
facility keywords, described 30-13
level keywords, described 30-9
limiting messages 30-10
message format 30-2
overview 30-1
sequence numbers, enabling and disabling 30-8
setting the display destination device 30-5
synchronizing log messages 30-6
syslog facility 1-10
time stamps, enabling and disabling 30-7
UNIX syslog servers
configuring the daemon 30-12
configuring the logging facility 30-12
facilities supported 30-13
system name
default configuration 6-15
default setting 6-15
manual configuration 6-15
See also DNS
system name TLV 26-1
system prompt, default setting 6-14, 6-15
system resources, optimizing 8-1
T
TACACS+
accounting, defined 9-11
authentication, defined 9-11
authorization, defined 9-11
configuring
accounting 9-17
authentication key 9-13
authorization 9-16
login authentication 9-14
default configuration 9-13
displaying the configuration 9-18
identifying the server 9-13
in clusters 5-12
limiting the services to the user 9-16
operation of 9-12
overview 9-10
support for 1-8
tracking services accessed by user 9-17
tar files
creating B-7
displaying the contents of B-7
extracting B-8
image file format B-23
TDR 1-10
Telnet
accessing management interfaces 2-10
number of connections 1-4
setting a password 9-6
temperature alarms, configuring 7-7, 7-8
temporary self-signed certificate 9-51
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 9-6
TFTP
configuration files
downloading B-11
preparing the server B-10
uploading B-12
configuration files in base directory 3-7
configuring for autoconfiguration 3-7
image files
deleting B-26
downloading B-25
preparing the server B-24
uploading B-27
limiting access by servers 31-16
TFTP server 1-4
threshold, traffic level 24-2
threshold monitoring, IP SLAs 35-6
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 32-14
time ranges in ACLs 32-14
time stamps in log messages 30-7
time zones 6-12
TLVs
defined 26-1
LLDP 26-1
LLDP-MED 26-2
Token Ring VLANs
support for 14-5
VTP support 15-4
ToS 1-9
traceroute, Layer 2
and ARP 36-7
and CDP 36-7
broadcast traffic 36-7
described 36-7
IP addresses and subnets 36-7
MAC addresses and VLANs 36-7
multicast traffic 36-7
multiple devices on a port 36-8
unicast traffic 36-7
usage guidelines 36-7
traceroute command 36-9
See also IP traceroute
traffic
blocking flooded 24-7
fragmented 32-3
unfragmented 32-3
traffic policing 1-10
traffic suppression 24-1
transmit hold-count
see STP
transparent mode, VTP 15-3
trap-door mechanism 3-2
traps
configuring MAC address notification 6-22, 6-24, 6-25
configuring managers 31-11
defined 31-3
enabling 6-22, 6-24, 6-25, 31-11
notification types 31-12
overview 31-1, 31-4
triggering alarm options
configurable relay 7-3
methods 7-3
SNMP traps 7-4
syslog messages 7-4
troubleshooting
connectivity problems 36-6, 36-8
CPU utilization 36-15
detecting unidirectional links 27-1
displaying crash information 36-14
setting packet forwarding 36-12
SFP security and identification 36-5
show forward command 36-12
with CiscoWorks 31-4
with debug commands 36-11
with ping 36-6
with system message logging 30-1
with traceroute 36-8
trunk failover
See link-state tracking
trunking encapsulation 1-6
trunk ports
configuring 14-17
defined 12-3, 14-3
trunks
allowed-VLAN list 14-18
load sharing
setting STP path costs 14-22
using STP port priorities 14-20, 14-21
native VLAN for untagged traffic 14-19
parallel 14-22
pruning-eligible list 14-19
to non-DTP device 14-14
trusted boundary for QoS 33-37
trusted port states
between QoS domains 33-39
classification options 33-4
ensuring port security for IP phones 33-37
support for 1-9
within a QoS domain 33-35
trustpoints, CA 9-51
twisted-pair Ethernet, detecting unidirectional links 27-1
type of service
See ToS
U
UDLD
configuration guidelines 27-4
default configuration 27-4
disabling
globally 27-5
on fiber-optic interfaces 27-5
per interface 27-5
echoing detection mechanism 27-2
enabling
globally 27-5
per interface 27-5
link-detection mechanism 27-1
neighbor database 27-2
overview 27-1
resetting an interface 27-6
status, displaying 27-6
support for 1-5
UDP jitter, configuring 35-9
UDP jitter operation, IP SLAs 35-8
unauthorized ports with IEEE 802.1x 10-10
unicast MAC address filtering 1-4
and adding static addresses 6-28
and broadcast MAC addresses 6-27
and CPU packets 6-27
and multicast addresses 6-27
and router MAC addresses 6-27
configuration guidelines 6-27
described 6-27
unicast storm 24-1
unicast storm control command 24-4
unicast traffic, blocking 24-7
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 30-12
facilities supported 30-13
message logging configuration 30-12
unrecognized Type-Length-Value (TLV) support 15-4
upgrading software images
See downloading
UplinkFast
described 19-3
disabling 19-13
enabling 19-13
uploading
configuration files
preparing B-10, B-13, B-16
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
image files
preparing B-24, B-28, B-32
reasons for B-23
using FTP B-30
using RCP B-34
using TFTP B-27
user EXEC mode 2-2
username-based authentication 9-7
V
version-dependent transparent mode 15-4
virtual IP address
cluster standby group 5-9
command switch 5-9
virtual switches and PAgP 34-5
vlan.dat file 14-4
VLAN 1, disabling on a trunk port 14-18
VLAN 1 minimization 14-18
vlan-assignment response, VMPS 14-24
VLAN configuration
at bootup 14-6
saving 14-6
VLAN configuration mode 2-2
VLAN database
and startup configuration file 14-6
and VTP 15-1
VLAN configuration saved in 14-6
VLANs saved in 14-4
VLAN filtering and SPAN 28-6
vlan global configuration command 14-6
VLAN ID, discovering 6-30
VLAN load balancing on flex links 20-2
configuration guidelines 20-8
VLAN management domain 15-2
VLAN Management Policy Server
See VMPS
VLAN maps
displaying 32-28
VLAN membership
confirming 14-27
modes 14-3
VLAN Query Protocol
See VQP
VLANs
adding 14-7
adding to VLAN database 14-7
aging dynamic addresses 17-9
allowed on trunk 14-18
and spanning-tree instances 14-2, 14-6, 14-10
configuration guidelines, extended-range VLANs 14-10
configuration guidelines, normal-range VLANs 14-5
configuring 14-1
configuring IDs 1006 to 4094 14-10
connecting through SVIs 12-9
creating 14-7
default configuration 14-6
deleting 14-8
described 12-2, 14-1
displaying 14-13
extended-range 14-1, 14-10
features 1-6
illustrated 14-2
internal 14-11
limiting source traffic with RSPAN 28-21
limiting source traffic with SPAN 28-14
modifying 14-7
multicast 23-17
native, configuring 14-19
normal-range 14-1, 14-4
number supported 1-6
parameters 14-4
port membership modes 14-3
static-access ports 14-9
STP and IEEE 802.1Q trunks 17-10
supported 14-2
Token Ring 14-5
VLAN-bridge STP 17-10
VTP modes 15-3
VLAN Trunking Protocol
See VTP
VLAN trunks 14-14
VMPS
administering 14-28
configuration example 14-29
configuration guidelines 14-25
default configuration 14-25
description 14-23
dynamic port membership
described 14-24
reconfirming 14-27
troubleshooting 14-29
entering server address 14-26
mapping MAC addresses to VLANs 14-24
monitoring 14-28
reconfirmation interval, changing 14-27
reconfirming membership 14-27
retry count, changing 14-28
voice aware 802.1x security
port-based authentication
configuring 10-38
described 10-30, 10-38
voice-over-IP 16-1
voice VLAN
Cisco 7960 phone, port connections 16-1
configuration guidelines 16-3
configuring IP phones for data traffic
override CoS of incoming frame 16-6
trust CoS priority of incoming frame 16-6
configuring ports for voice traffic in
802.1p priority tagged frames 16-5
802.1Q frames 16-5
connecting to an IP phone 16-4
default configuration 16-3
described 16-1
displaying 16-6
IP phone data traffic, described 16-2
IP phone voice traffic, described 16-2
VQP 1-6, 14-23
VTP
adding a client to a domain 15-15
advertisements 14-16, 15-3
and extended-range VLANs 14-2, 15-1
and normal-range VLANs 14-2, 15-1
client mode, configuring 15-11
configuration
guidelines 15-8
requirements 15-10
saving 15-8
configuration requirements 15-10
configuration revision number
guideline 15-15
resetting 15-16
consistency checks 15-4
default configuration 15-7
described 15-1
domain names 15-8
domains 15-2
modes
client 15-3
off 15-3
server 15-3
transitions 15-3
transparent 15-3
monitoring 15-16
passwords 15-8
pruning
disabling 15-14
enabling 15-14
examples 15-6
overview 15-5
support for 1-6
pruning-eligible list, changing 14-19
server mode, configuring 15-10, 15-13
statistics 15-16
support for 1-6
Token Ring support 15-4
transparent mode, configuring 15-10
using 15-1
Version
enabling 15-13
version, guidelines 15-9
Version 1 15-4
Version 2
configuration guidelines 15-9
overview 15-4
Version 3
overview 15-4
W
web authentication 10-16
configuring11-16to ??
described 1-6
web-based authentication
customizeable web pages 11-5
description 11-1
web-based authentication, interactions with other features 11-7
weighted tail drop
See WTD
wired location service
configuring 26-9
displaying 26-10
location TLV 26-3
understanding 26-3
WTD
described 33-13
setting thresholds
egress queue-sets 33-70
ingress queues 33-65
support for 1-10
X
Xmodem protocol 36-2