Software Configuration Guide, Cisco IOS Release 15.2(2)E (Industrial Ethernet 3010 Switch)

Index

A

AAA down policy, NAC Layer 2 IP validation 1-9

abbreviating commands 2-4

ABRs 39-24

access-class command 36-18

access control entries

See ACEs

access control entry (ACE) 43-3

access-denied response, VMPS 15-24

access groups

applying IPv4 ACLs to interfaces 36-19

Layer 2 36-19

Layer 3 36-19

accessing

clusters, switch 6-12

command switches 6-10

member switches 6-12

switch clusters 6-12

access lists

See ACLs

access ports

and Layer 2 protocol tunneling 19-10

defined 13-2

in switch clusters 6-8

accounting

with 802.1x 10-48

with IEEE 802.1x 10-14

with RADIUS 9-35

with TACACS+ 9-11, 9-17

ACEs

and QoS 37-7

defined 36-2

Ethernet 36-2

IP 36-2

ACLs

ACEs 36-2

any keyword 36-11

applying

time ranges to 36-15

to an interface 36-18, 43-7

to IPv6 interfaces 43-7

to QoS 37-7

classifying traffic for QoS 37-42

comments in 36-17

compiling 36-21

defined 36-1, 36-5

examples of 36-21, 37-42

extended IP, configuring for QoS classification 37-43

extended IPv4

creating 36-8

matching criteria 36-5

hardware and software handling 36-20

host keyword 36-11

IP

creating 36-5

fragments and QoS guidelines 37-32

implicit deny 36-8, 36-13, 36-15

implicit masks 36-8

matching criteria 36-5

undefined 36-20

IPv4

applying to interfaces 36-18

creating 36-5

matching criteria 36-5

named 36-13

numbers 36-6

terminal lines, setting on 36-18

unsupported features 36-5

IPv6

applying to interfaces 43-7

configuring 43-3, 43-4

displaying 43-8

interactions with other features 43-4

limitations 43-2, 43-3

matching criteria 43-3

named 43-2

precedence of 43-2

supported 43-2

unsupported features 43-3

logging messages 36-7

MAC extended 36-26, 37-44

matching 36-5, 36-19, 43-3

monitoring 36-29, 43-8

named, IPv4 36-13

named, IPv6 43-2

names 43-4

number per QoS class map 37-32

port 43-1

QoS 37-7, 37-42

resequencing entries 36-13

router 43-1

standard IP, configuring for QoS classification 37-42

standard IPv4

creating 36-7

matching criteria 36-5

support for 1-7

support in hardware 36-20

time ranges 36-15

types supported 36-2

unsupported features, IPv4 36-5

unsupported features, IPv6 43-3

active link 24-4, 24-5, 24-6

active links 24-2

active router 44-1

active traffic monitoring, IP SLAs 45-1

addresses

displaying the MAC address table 8-23

dynamic

accelerated aging 20-8

changing the aging time 8-14

default aging 20-8

defined 8-12

learning 8-13

removing 8-15

IPv6 40-2

MAC, discovering 8-23

multicast

STP address management 20-8

static

adding and removing 8-19

defined 8-12

address resolution 8-23, 39-8

Address Resolution Protocol

See ARP

adjacency tables, with CEF 39-87

administrative distances

defined 39-99

OSPF 39-30

routing protocol defaults 39-89

administrative VLAN

REP, configuring 23-8

administrative VLAN, REP 23-8

advertisements

CDP 30-1

LLDP 29-1, 29-2

RIP 39-18

VTP 15-16, 16-3

age timer, REP 23-8

aggregatable global unicast addresses 40-3

aggregate addresses, BGP 39-57

aggregated ports

See EtherChannel

aggregate policers 37-57

aggregate policing 1-11

aging, accelerating 20-8

aging time

accelerated

for MSTP 21-23

for STP 20-8, 20-21

MAC address table 8-14

maximum

for MSTP 21-23, 21-24

for STP 20-21, 20-22

alarm profiles

configuring 3-12

creating or modifying 3-11

alarms

displaying 3-13

power supply 3-2

temperature 3-2

alarms, RMON 32-3

allowed-VLAN list 15-18

application engines, redirecting traffic to 47-1

area border routers

See ABRs

area routing

IS-IS 39-62

ISO IGRP 39-62

ARP

configuring 39-9

defined 1-4, 8-23, 39-8

encapsulation 39-10

static cache configuration 39-9

table

address resolution 8-23

managing 8-23

ASBRs 39-24

AS-path filters, BGP 39-52

associating the temperature alarms to a relay 3-9

asymmetrical links, and IEEE 802.1Q tunneling 19-4

attaching an alarm profile to a port 3-12

attributes, RADIUS

vendor-proprietary 9-38

vendor-specific 9-36

attribute-value pairs 10-12, 10-15, 10-20

authentication

EIGRP 39-38

HSRP 44-10

local mode with AAA 9-44

open1x 10-29

RADIUS

key 9-28

login 9-30

TACACS+

defined 9-11

key 9-13

login 9-14

See also port-based authentication

authentication compatibility with Catalyst 6000 switches 10-8

authentication failed VLAN

See restricted VLAN

authentication keys, and routing protocols 39-99

authentication manager

CLI commands 10-9

compatibility with older 802.1x CLI commands 10-9 to ??

overview 10-7

authoritative time source, described 8-2

authorization

with RADIUS 9-34

with TACACS+ 9-11, 9-16

authorized ports with IEEE 802.1x 10-10

autoconfiguration 4-3

auto enablement 10-30

automatic discovery

considerations

beyond a noncandidate device 6-7

brand new switches 6-8

connectivity 6-4

different VLANs 6-6

management VLANs 6-7

non-CDP-capable devices 6-6

noncluster-capable devices 6-6

in switch clusters 6-4

See also CDP

automatic QoS

See QoS

auto-MDIX

configuring 13-20

described 13-19

autonegotiation

duplex mode 1-2

interface configuration guidelines 13-17

mismatches 36-4

autonomous system boundary routers

See ASBRs

autonomous systems, in BGP 39-45

autosensing, port speed 1-2

Auto Smartports macros

displaying 14-5

auxiliary VLAN

See voice VLAN

availability, features 1-5

B

BackboneFast

described 22-5

disabling 22-14

enabling 22-13

backup interfaces

See Flex Links

backup links 24-2

backup static routing, configuring 46-11

banners

configuring

login 8-12

message-of-the-day login 8-11

default configuration 8-10

when displayed 8-10

Berkeley r-tools replacement 9-56

BGP

aggregate addresses 39-57

aggregate routes, configuring 39-57

CIDR 39-57

clear commands 39-61

community filtering 39-54

configuring neighbors 39-55

default configuration 39-43

described 39-42

enabling 39-45

monitoring 39-61

multipath support 39-49

neighbors, types of 39-45

path selection 39-49

peers, configuring 39-55

prefix filtering 39-53

resetting sessions 39-48

route dampening 39-60

route maps 39-51

route reflectors 39-59

routing domain confederation 39-58

routing session with multi-VRF CE 39-81

show commands 39-61

supernets 39-57

support for 1-11

Version 4 39-42

binding cluster group and HSRP group 44-12

binding database

address, DHCP server

See DHCP, Cisco IOS server database

DHCP snooping

See DHCP snooping binding database

bindings

address, Cisco IOS DHCP server 25-7

DHCP snooping database 25-7

IP source guard 25-16

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets 27-6

Boolean expressions in tracked lists 46-4

booting

boot loader, function of 4-2

boot process 4-1

manually 4-18

specific image 4-19

boot loader

accessing 4-19

described 4-2

environment variables 4-19

prompt 4-19

trap-door mechanism 4-2

Border Gateway Protocol

See BGP

BPDU

error-disabled state 22-2

filtering 22-3

RSTP format 21-12

BPDU filtering

described 22-3

disabling 22-12

enabling 22-12

support for 1-6

BPDU guard

described 22-2

disabling 22-12

enabling 22-11

support for 1-6

bridge groups

See fallback bridging

bridge protocol data unit

See BPDU

broadcast flooding 39-16

broadcast packets

directed 39-13

flooded 39-13

broadcast storm-control command 27-4

broadcast storms 27-1, 39-13

C

cables, monitoring for unidirectional links 31-1

candidate switch

automatic discovery 6-4

defined 6-3

requirements 6-3

See also command switch, cluster standby group, and member switch

Catalyst 6000 switches

authentication compatibility 10-8

CA trustpoint

configuring 9-53

defined 9-50

CDP

and trusted boundary 37-38

automatic discovery in switch clusters 6-4

configuring 30-2

default configuration 30-2

defined with LLDP 29-1

described 30-1

disabling for routing device 30-4

enabling and disabling

on an interface 30-4

on a switch 30-4

Layer 2 protocol tunneling 19-7

monitoring 30-5

overview 30-1

power negotiation extensions 13-4

support for 1-4

transmission timer and holdtime, setting 30-3

updates 30-3

CEF

defined 39-86

enabling 39-87

IPv6 40-18

CGMP

switch support of 1-3

CIDR 39-57

CipherSuites 9-52

Cisco 7960 IP Phone 17-1

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco intelligent power management 13-4

Cisco IOS DHCP server

See DHCP, Cisco IOS DHCP server

Cisco IOS File System

See IFS

Cisco IOS IP SLAs 45-1

Cisco Secure ACS

attribute-value pairs for downloadable ACLs 10-20

attribute-value pairs for redirect URL 10-20

Cisco Secure ACS configuration guide 10-59

Cisco TrustSec

configuring 12-9

connection caching 12-8

Cisco TrustSec caching

clearing 12-9

enabling 12-8

CiscoWorks 2000 1-4, 34-4

CISP 10-30

CIST regional root

See MSTP

CIST root

See MSTP

civic location 29-3

classless interdomain routing

See CIDR

classless routing 39-6

class maps for QoS

configuring 37-45

described 37-7

displaying 37-77

class of service

See CoS

clearing interfaces 13-28

CLI

abbreviating commands 2-4

command modes 2-1

configuration logging 2-5

described 1-3

editing features

enabling and disabling 2-7

keystroke editing 2-8

wrapped lines 2-9

error messages 2-5

filtering command output 2-10

getting help 2-3

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

managing clusters 6-13

no and default forms of commands 2-4

Client Information Signalling Protocol

See CISP

client mode, VTP 16-3

client processes, tracking 46-1

CLNS

See ISO CLNS

clock

See system clock

clusters, switch

accessing 6-12

automatic discovery 6-4

benefits 1-2

compatibility 6-4

described 6-1

LRE profile considerations 6-13

managing

through CLI 6-13

through SNMP 6-14

planning 6-4

planning considerations

automatic discovery 6-4

CLI 6-13

host names 6-12

IP addresses 6-12

LRE profiles 6-13

passwords 6-12

RADIUS 6-13

SNMP 6-13, 6-14

TACACS+ 6-13

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

and HSRP group 44-12

automatic recovery 6-11

considerations 6-10

defined 6-2

requirements 6-3

virtual IP address 6-10

CNS 1-4

Configuration Engine

configID, deviceID, hostname 5-3

configuration service 5-2

described 5-1

event service 5-3

embedded agents

described 5-5

enabling automated configuration 5-6

enabling configuration agent 5-9

enabling event agent 5-7

management functions 1-4

CoA Request Commands 9-24

command-line interface

See CLI

command modes 2-1

commands

abbreviating 2-4

no and default 2-4

commands, setting privilege levels 9-8

command switch

accessing 6-10

configuration conflicts 36-4

defined 6-1

password privilege levels 6-14

recovery

from lost member connectivity 36-4

requirements 6-3

See also candidate switch, cluster standby group, member switch, and standby command switch

community list, BGP 39-54

community ports 18-2

community strings

configuring 6-13, 34-9

in clusters 6-13

overview 34-4

SNMP 6-13

community VLANs 18-2, 18-3

compatibility, feature 27-11

config.text 4-17

configuration, initial

defaults 1-13

configuration changes, logging 33-10

configuration conflicts, recovering from lost member connectivity 36-4

configuration examples, network 1-16

configuration files

archiving A-19

clearing the startup configuration A-19

creating using a text editor A-10

default name 4-17

deleting a stored configuration A-19

described A-9

downloading

automatically 4-17

preparing A-10, A-13, A-16

reasons for A-9

using FTP A-13

using RCP A-17

using TFTP A-11

guidelines for creating and using A-9

guidelines for replacing and rolling back A-20

invalid combinations when copying A-6

limiting TFTP server access 34-17

obtaining with DHCP 4-9

password recovery disable considerations 9-5

replacing a running configuration A-19, A-20

rolling back a running configuration A-19, A-20

specifying the filename 4-17

system contact and location information 34-17

types and location A-10

uploading

preparing A-10, A-13, A-16

reasons for A-9

using FTP A-14

using RCP A-18

using TFTP A-12

configuration guidelines

REP 23-7

configuration guidelines, multi-VRF CE 39-74

configuration logger 33-10

configuration logging 2-5

configuration replacement A-19

configuration rollback A-19

configuration settings, saving 4-15

configure terminal command 13-10

configuring 802.1x user distribution 10-55

configuring port-based authentication violation modes 10-38 to 10-39

config-vlan mode 2-2

conflicts, configuration 36-4

connections, secure remote 9-46

connectivity problems 36-6, 36-8

consistency checks in VTP Version 2 16-4

console port, connecting to 2-10

content-routing technology

See WCCP

control protocol, IP SLAs 45-4

convergence

REP 23-4

corrupted software, recovery steps with Xmodem 36-2

CoS

override priority 17-6

trust priority 17-6

CoS input queue threshold map for QoS 37-15

CoS output queue threshold map for QoS 37-17

CoS-to-DSCP map for QoS 37-60

counters, clearing interface 13-28

CPU utilization, troubleshooting 36-15

crashinfo file 36-14

critical authentication, IEEE 802.1x 10-51

critical VLAN 10-23

cryptographic software image

Kerberos 9-40

SSH 9-45

SSL 9-50

CTS

configuring 12-9

customer edge devices 39-72

customjzeable web pages, web-based authentication 11-5

D

DACL

See downloadable ACL

daylight saving time 8-6

debugging

enabling all system diagnostics 36-12

enabling for a specific feature 36-11

redirecting error message output 36-12

using commands 36-11

default commands 2-4

default configuration

802.1x 10-33

auto-QoS 37-19

banners 8-10

BGP 39-43

booting 4-17

CDP 30-2

DHCP 25-9

DHCP option 82 25-9

DHCP snooping 25-9

DHCP snooping binding database 25-9

DNS 8-9

dynamic ARP inspection 26-5

EIGRP 39-34

EtherChannel 38-9

Ethernet interfaces 13-14

fallback bridging 48-3

Flex Links 24-8

HSRP 44-5

IEEE 802.1Q tunneling 19-4

IGMP snooping 42-5, 42-6

initial switch information 4-3

IP addressing, IP routing 39-4

IP SLAs 45-6

IP source guard 25-17

IPv6 40-10

IS-IS 39-63

Layer 2 interfaces 13-14

Layer 2 protocol tunneling 19-11

LLDP 29-5

MAC address table 8-14

MAC address-table move update 24-8

MSTP 21-14

multi-VRF CE 39-74

optional spanning-tree configuration 22-9

OSPF 39-25

password and privilege level 9-2

private VLANs 18-6

RADIUS 9-27

REP 23-7

RIP 39-19

RMON 32-3

RSPAN 28-9

SDM template 7-3

SNMP 34-7

SPAN 28-9

SSL 9-52

standard QoS 37-29

STP 20-11

system message logging 33-3

system name and prompt 8-8

TACACS+ 9-13

UDLD 31-4

VLAN, Layer 2 Ethernet interfaces 15-16

VLANs 15-6

VMPS 15-25

voice VLAN 17-3

VTP 16-7

WCCP 47-5

default gateway 4-15, 39-11

default networks 39-90

default router preference

See DRP

default routes 39-89

default routing 39-2

default web-based authentication configuration

802.1X 11-9

deleting VLANs 15-8

denial-of-service attack 27-1

description command 13-23

designing your network, examples 1-16

destination addresses

in IPv4 ACLs 36-10

in IPv6 ACLs 43-5

destination-IP address-based forwarding, EtherChannel 38-7

destination-MAC address forwarding, EtherChannel 38-7

detecting indirect link failures, STP 22-5

device A-23

device discovery protocol 29-1, 30-1

device manager

benefits 1-2

described 1-2, 1-3

in-band management 1-5

upgrading a switch A-23

DHCP

Cisco IOS server database

configuring 25-14

default configuration 25-9

described 25-7

DHCP for IPv6

See DHCPv6

enabling

relay agent 25-11

DHCP-based autoconfiguration

client request message exchange 4-4

configuring

client side 4-4

DNS 4-8

relay device 4-8

server side 4-6

TFTP server 4-7

example 4-9

lease options

for IP address information 4-6

for receiving the configuration file 4-7

overview 4-3

relationship to BOOTP 4-4

relay support 1-4, 1-12

support for 1-4

DHCP-based autoconfiguration and image update

configuring 4-11 to 4-14

understanding 4-5 to 4-6

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP object tracking, configuring primary interface 46-10

DHCP option 82

circuit ID suboption 25-5

configuration guidelines 25-9

default configuration 25-9

displaying 25-15

forwarding address, specifying 25-11

helper address 25-11

overview 25-4

packet format, suboption

circuit ID 25-5

remote ID 25-5

remote ID suboption 25-5

DHCP server port-based address allocation

configuration guidelines 25-27

default configuration 25-27

described 25-26

displaying 25-30

enabling 25-27

reserved addresses 25-28

DHCP server port-based address assignment

support for 1-4

DHCP snooping

accepting untrusted packets form edge switch 25-3, 25-13

binding database

See DHCP snooping binding database

configuration guidelines 25-9

default configuration 25-9

displaying binding tables 25-15

message exchange process 25-4

option 82 data insertion 25-4

trusted interface 25-2

untrusted interface 25-2

untrusted messages 25-2

DHCP snooping binding database

adding bindings 25-14

binding file

format 25-8

location 25-7

bindings 25-7

clearing agent statistics 25-15

configuration guidelines 25-10

configuring 25-14

default configuration 25-9

deleting

binding file 25-15

bindings 25-15

database agent 25-15

described 25-7

displaying 25-15

binding entries 25-15

status and statistics 25-15

enabling 25-14

entry 25-7

renewing database 25-15

resetting

delay value 25-15

timeout value 25-15

DHCP snooping binding table

See DHCP snooping binding database

DHCPv6

configuration guidelines 40-15

default configuration 40-15

described 40-6

enabling client function 40-17

enabling DHCPv6 server function 40-15

support for 1-12

Differentiated Services architecture, QoS 37-1

Differentiated Services Code Point 37-2

Diffusing Update Algorithm (DUAL) 39-33

directed unicast requests 1-4

directories

changing A-4

creating and removing A-5

displaying the working A-4

discovery, clusters

See automatic discovery

displaying switch alarms 3-13

Distance Vector Multicast Routing Protocol

See DVMRP

distance-vector protocols 39-3

distribute-list command 39-98

DNS

and DHCP-based autoconfiguration 4-8

default configuration 8-9

displaying the configuration 8-10

in IPv6 40-3

overview 8-8

setting up 8-9

support for 1-4

domain names

DNS 8-8

VTP 16-8

Domain Name System

See DNS

domains, ISO IGRP routing 39-62

dot1q-tunnel switchport mode 15-15

double-tagged packets

IEEE 802.1Q tunneling 19-2

Layer 2 protocol tunneling 19-10

downloadable ACL 10-18, 10-20, 10-59

downloading

configuration files

preparing A-10, A-13, A-16

reasons for A-9

using FTP A-13

using RCP A-17

using TFTP A-11

image files

deleting old image A-26

preparing A-24, A-28, A-32

reasons for A-23

using FTP A-29

using HTTP A-23

using RCP A-33

using TFTP A-25

using the device manager or Network Assistant A-23

drop threshold for Layer 2 protocol packets 19-11

DRP

configuring 40-13

described 40-4

IPv6 40-4

support for 1-12

DSCP 1-10, 37-2

DSCP input queue threshold map for QoS 37-15

DSCP output queue threshold map for QoS 37-17

DSCP-to-CoS map for QoS 37-63

DSCP-to-DSCP-mutation map for QoS 37-64

DSCP transparency 37-39

DTP 1-6, 15-14

dual-action detection 38-5

DUAL finite state machine, EIGRP 39-34

dual IPv4 and IPv6 templates 7-2, 40-5

dual protocol stacks

IPv4 and IPv6 40-5

SDM templates supporting 40-6

dual-purpose uplinks

defined 13-4

LEDs 13-4

link selection 13-4, 13-15

setting the type 13-15

DVMRP

support for 1-12

dynamic access ports

characteristics 15-3

configuring 15-26

defined 13-3

dynamic addresses

See addresses

dynamic ARP inspection

ARP cache poisoning 26-1

ARP requests, described 26-1

ARP spoofing attack 26-1

clearing

log buffer 26-15

statistics 26-15

configuration guidelines 26-5

configuring

ACLs for non-DHCP environments 26-8

in DHCP environments 26-7

log buffer 26-12

rate limit for incoming ARP packets 26-4, 26-10

default configuration 26-5

denial-of-service attacks, preventing 26-10

described 26-1

DHCP snooping binding database 26-2

displaying

ARP ACLs 26-14

configuration and operating state 26-14

log buffer 26-15

statistics 26-15

trust state and rate limit 26-14

error-disabled state for exceeding rate limit 26-4

function of 26-2

interface trust states 26-3

log buffer

clearing 26-15

configuring 26-12

displaying 26-15

logging of dropped packets, described 26-4

man-in-the middle attack, described 26-2

network security issues and interface trust states 26-3

priority of ARP ACLs and DHCP snooping entries 26-4

rate limiting of ARP packets

configuring 26-10

described 26-4

error-disabled state 26-4

statistics

clearing 26-15

displaying 26-15

validation checks, performing 26-11

dynamic auto trunking mode 15-15

dynamic desirable trunking mode 15-15

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described 15-24

reconfirming 15-27

troubleshooting 15-29

types of connections 15-26

dynamic routing 39-3

ISO CLNS 39-62

Dynamic Trunking Protocol

See DTP

E

EBGP 39-41

editing features

enabling and disabling 2-7

keystrokes used 2-8

wrapped lines 2-9

EIGRP

authentication 39-38

components 39-34

configuring 39-36

default configuration 39-34

definition 39-33

interface parameters, configuring 39-37

monitoring 39-40

stub routing 39-39

ELIN location 29-3

embedded event manager

actions 35-4

configuring 35-1, 35-5

displaying information 35-7

environmental variables 35-4

event detectors 35-2

policies 35-4

registering and defining an applet 35-5

registering and defining a TCL script 35-6

understanding 35-1

enable password 9-3

enable secret password 9-3

enabling SNMP traps 3-13

encryption, CipherSuite 9-52

encryption for passwords 9-3

Enhanced IGRP

See EIGRP

enhanced object tracking

backup static routing 46-11

commands 46-1

defined 46-1

DHCP primary interface 46-10

HSRP 46-7

IP routing state 46-2

IP SLAs 46-9

line-protocol state 46-2

network monitoring with IP SLAs 46-11

routing policy, configuring 46-11

static route primary interface 46-10

tracked lists 46-3

enhanced object tracking static routing 46-10

environmental variables, embedded event manager 35-4

environment variables, function of 4-20

equal-cost routing 1-12, 39-88

error-disabled state, BPDU 22-2

error messages during command entry 2-5

EtherChannel

automatic creation of 38-4, 38-5

channel groups

binding physical and logical interfaces 38-3

numbering of 38-3

configuration guidelines 38-9

configuring

Layer 2 interfaces 38-10

default configuration 38-9

described 38-2

displaying status 38-17

forwarding methods 38-7, 38-13

IEEE 802.3ad, described 38-5

interaction

with STP 38-10

with VLANs 38-10

LACP

described 38-5

displaying status 38-17

hot-standby ports 38-15

interaction with other features 38-6

modes 38-6

port priority 38-16

system priority 38-16

Layer 3 interface 39-3

load balancing 38-7, 38-13

logical interfaces, described 38-3

PAgP

aggregate-port learners 38-14

compatibility with Catalyst 1900 38-14

described 38-4

displaying status 38-17

interaction with other features 38-5

interaction with virtual switches 38-5

learn method and priority configuration 38-14

modes 38-4

support for 1-3

with dual-action detection 38-5

port-channel interfaces

described 38-3

numbering of 38-3

port groups 13-3

support for 1-2

EtherChannel guard

described 22-7

disabling 22-14

enabling 22-14

Ethernet VLANs

adding 15-7

defaults and ranges 15-7

modifying 15-7

EUI 40-3

event detectors, embedded event manager 35-2

events, RMON 32-3

examples

network configuration 1-16

expedite queue for QoS 37-75

See also getting started guide

extended crashinfo file 36-14

extended-range VLANs

configuration guidelines 15-10

configuring 15-10

creating 15-11

creating with an internal VLAN ID 15-12

defined 15-1

extended system ID

MSTP 21-17

STP 20-4, 20-14

extended universal identifier

See EUI

Extensible Authentication Protocol over LAN 10-1

external BGP

See EBGP

external neighbors, BGP 39-45

F

fa0 interface 1-5

fallback bridging

and protected ports 48-3

bridge groups

creating 48-3

described 48-1

displaying 48-10

function of 48-2

number supported 48-4

removing 48-4

bridge table

clearing 48-10

displaying 48-10

configuration guidelines 48-3

default configuration 48-3

described 48-1

frame forwarding

flooding packets 48-2

forwarding packets 48-2

overview 48-1

protocol, unsupported 48-3

STP

disabling on an interface 48-9

forward-delay interval 48-8

hello BPDU interval 48-7

interface priority 48-6

maximum-idle interval 48-8

path cost 48-6

VLAN-bridge spanning-tree priority 48-5

VLAN-bridge STP 48-2

support for 1-12

SVIs and routed ports 48-1

unsupported protocols 48-3

VLAN-bridge STP 20-10

Fast Convergence 24-3

FCS bit error rate alarm

configuring 3-10

defined 3-3

FCS error hysteresis threshold 3-2

features, incompatible 27-11

FIB 39-86

fiber-optic, detecting unidirectional links 31-1

files

basic crashinfo

description 36-14

location 36-14

copying A-5

crashinfo, description 36-14

deleting A-6

displaying the contents of A-8

extended crashinfo

description 36-14

location 36-15

tar

creating A-7

displaying the contents of A-7

extracting A-8

image file format A-23

file system

displaying available file systems A-1

displaying file information A-4

local file system names A-1

network file system names A-5

setting the default A-3

filtering

IPv6 traffic 43-3, 43-7

non-IP traffic 36-26

show and more command output 2-10

filtering show and more command output 2-10

filters, IP

See ACLs, IP

flash device, number of A-1

flexible authentication ordering

configuring 10-62

overview 10-28

Flex Link Multicast Fast Convergence 24-3

Flex Links

configuration guidelines 24-8

configuring 24-9

configuring preferred VLAN 24-12

configuring VLAN load balancing 24-11

default configuration 24-8

description 24-1

link load balancing 24-2

monitoring 24-15

VLANs 24-2

flooded traffic, blocking 27-7

flow-based packet classification 1-10

flowcharts

QoS classification 37-6

QoS egress queueing and scheduling 37-16

QoS ingress queueing and scheduling 37-14

QoS policing and marking 37-10

flowcontrol

configuring 13-19

described 13-18

forward-delay time

MSTP 21-23

STP 20-21

Forwarding Information Base

See FIB

forwarding nonroutable protocols 48-1

FTP

configuration files

downloading A-13

overview A-12

preparing the server A-13

uploading A-14

image files

deleting old image A-30

downloading A-29

preparing the server A-28

uploading A-30

G

general query 24-5

Generating IGMP Reports 24-3

get-bulk-request operation 34-3

get-next-request operation 34-3, 34-4

get-request operation 34-3, 34-4

get-response operation 34-3

global configuration mode 2-2

global status monitoring alarms 3-2

guest VLAN and 802.1x 10-21

GUIs

See device manager and Network Assistant

H

hello time

MSTP 21-22

STP 20-20

help, for the command line 2-3

hierarchical policy maps 37-8

configuration guidelines 37-32

configuring 37-51

described 37-11

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

history table, level and number of syslog messages 33-10

host names, in clusters 6-12

host ports

configuring 18-11

kinds of 18-2

hosts, limit on dynamic ports 15-29

Hot Standby Router Protocol

See HSRP

HP OpenView 1-4

HSRP

authentication string 44-10

automatic cluster recovery 6-11

binding to cluster group 44-12

cluster standby group considerations 6-10

command-switch redundancy 1-5

configuring 44-4

default configuration 44-5

definition 44-1

guidelines 44-6

monitoring 44-13

object tracking 46-7

overview 44-1

priority 44-8

routing redundancy 1-11

support for ICMP redirect messages 44-12

timers 44-11

tracking 44-8

HSRP for IPv6

configuring 40-24

guidelines 40-23

HTTP over SSL

see HTTPS

HTTPS 9-50

configuring 9-54

self-signed certificate 9-51

HTTP secure server 9-50

I

IBPG 39-41

ICMP

IPv6 40-4

redirect messages 39-11

support for 1-12

time-exceeded messages 36-8

traceroute and 36-8

unreachable messages 36-19

unreachable messages and IPv6 43-4

unreachables and ACLs 36-20

ICMP Echo operation

configuring 45-12

IP SLAs 45-11

ICMP ping

overview 36-6

ICMP Router Discovery Protocol

See IRDP

ICMPv6 40-4

IDS appliances

and ingress RSPAN 28-20

and ingress SPAN 28-13

IEEE 802.1D

See STP

IEEE 802.1p 17-1

IEEE 802.1Q

and trunk ports 13-3

configuration limitations 15-15

native VLAN for untagged traffic 15-19

tunneling

compatibility with other features 19-5

defaults 19-4

described 19-1

tunnel ports with other features 19-6

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3x flow control 13-18

ifIndex values, SNMP 34-5

IFS 1-4

IGMP

leave processing, enabling 42-8

report suppression

disabling 42-10

support for 1-3

IGMP filtering

support for 1-3

IGMP helper 1-3

IGMP snooping

default configuration 42-5, 42-6

enabling and disabling 42-6

monitoring 42-11

support for 1-3

IGP 39-24

Immediate Leave, IGMP

enabling 42-8

inaccessible authentication bypass 10-23

support for multiauth ports 10-23

initial configuration

defaults 1-13

interface

number 13-9

range macros 13-12

interface command 13-9 to 13-10

interface configuration

REP 23-9

interface configuration mode 2-3

interfaces

auto-MDIX, configuring 13-19

configuration guidelines

duplex and speed 13-17

configuring

procedure 13-10

counters, clearing 13-28

default configuration 13-14

described 13-23

descriptive name, adding 13-23

displaying information about 13-26

flow control 13-18

management 1-3

monitoring 13-26

naming 13-23

physical, identifying 13-9

range of 13-10

restarting 13-28

shutting down 13-28

speed and duplex, configuring 13-17

status 13-26

supported 13-9

types of 13-1

interfaces range macro command 13-12

interface types 13-9

Interior Gateway Protocol

See IGP

internal BGP

See IBGP

internal neighbors, BGP 39-45

Internet Control Message Protocol

See ICMP

Internet Protocol version 6

See IPv6

inter-VLAN routing 1-11, 39-2

Intrusion Detection System

See IDS appliances

inventory management TLV 29-3, 29-8

IP ACLs

for QoS classification 37-7

implicit deny 36-8, 36-13

implicit masks 36-8

named 36-13

undefined 36-20

IP addresses

128-bit 40-2

candidate or member 6-3, 6-12

classes of 39-5

cluster access 6-2

command switch 6-3, 6-10, 6-12

default configuration 39-4

discovering 8-23

for IP routing 39-4

IPv6 40-2

MAC address association 39-8

monitoring 39-17

redundant clusters 6-10

standby command switch 6-10, 6-12

See also IP information

IP broadcast address 39-15

ip cef distributed command 39-87

IP directed broadcasts 39-13

IP information

assigned

manually 4-14

through DHCP-based autoconfiguration 4-3

default configuration 4-3

IP phones

and QoS 17-1

automatic classification and queueing 37-18

configuring 17-4

ensuring port security with QoS 37-37

trusted boundary for QoS 37-37

IP Port Security for Static Hosts

on a Layer 2 access port 25-19

on a PVLAN host port 25-24

IP precedence 37-2

IP-precedence-to-DSCP map for QoS 37-61

IP protocols

in ACLs 36-10

routing 1-11

IP routes, monitoring 39-100

IP routing

disabling 39-18

enabling 39-18

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 45-1

IP SLAs

benefits 45-2

configuration guidelines 45-6

configuring object tracking 46-9

Control Protocol 45-4

default configuration 45-6

definition 45-1

ICMP echo operation 45-11

measuring network performance 45-3

monitoring 45-13

multioperations scheduling 45-5

object tracking 46-9

operation 45-3

reachability tracking 46-9

responder

described 45-4

response time 45-4

scheduling 45-5

SNMP support 45-2

supported metrics 45-2

threshold monitoring 45-6

track object monitoring agent, configuring 46-11

track state 46-9

UDP jitter operation 45-9

IP source guard

and 802.1x 25-18

and DHCP snooping 25-15

and EtherChannels 25-18

and port security 25-18

and private VLANs 25-18

and routed ports 25-17

and TCAM entries 25-18

and trunk interfaces 25-18

and VRF 25-18

binding configuration

automatic 25-16

manual 25-16

binding table 25-16

configuration guidelines 25-17

default configuration 25-17

described 25-15

disabling 25-19

displaying

active IP or MAC bindings 25-26

bindings 25-26

configuration 25-26

enabling 25-18, 25-19

filtering

source IP address 25-16

source IP and MAC address 25-16

source IP address filtering 25-16

source IP and MAC address filtering 25-16

static bindings

adding 25-18, 25-19

deleting 25-19

static hosts 25-19

IP traceroute

executing 36-9

overview 36-8

IP unicast routing

address resolution 39-8

administrative distances 39-89, 39-99

ARP 39-8

assigning IP addresses to Layer 3 interfaces 39-5

authentication keys 39-99

broadcast

address 39-15

flooding 39-16

packets 39-13

storms 39-13

classless routing 39-6

configuring static routes 39-88

default

addressing configuration 39-4

gateways 39-11

networks 39-90

routes 39-89

routing 39-2

directed broadcasts 39-13

disabling 39-18

dynamic routing 39-3

enabling 39-18

EtherChannel Layer 3 interface 39-3

IGP 39-24

inter-VLAN 39-2

IP addressing

classes 39-5

configuring 39-4

IRDP 39-11

Layer 3 interfaces 39-3

MAC address and IP address 39-8

passive interfaces 39-97

protocols

distance-vector 39-3

dynamic 39-3

link-state 39-3

proxy ARP 39-8

redistribution 39-90

reverse address resolution 39-8

routed ports 39-3

static routing 39-3

steps to configure 39-4

subnet mask 39-5

subnet zero 39-6

supernet 39-6

UDP 39-14

with SVIs 39-3

See also BGP

See also EIGRP

See also OSPF

See also RIP

IPv4 ACLs

applying to interfaces 36-18

extended, creating 36-8

named 36-13

standard, creating 36-7

IPv4 and IPv6

dual protocol stacks 40-5

IPv6

ACLs

displaying 43-8

limitations 43-2

matching criteria 43-3

port 43-1

precedence 43-2

router 43-1

supported 43-2

addresses 40-2

address formats 40-2

applications 40-5

assigning address 40-10

autoconfiguration 40-4

CEFv6 40-18

configuring static routes 40-19

default configuration 40-10

default router preference (DRP) 40-4

defined 40-1

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 40-7

EIGRP IPv6 Commands 40-7

Router ID 40-7

feature limitations 40-9

features not supported 40-8

forwarding 40-10

ICMP 40-4

monitoring 40-26

neighbor discovery 40-4

OSPF 40-7

path MTU discovery 40-4

SDM templates 7-2, 42-1, 43-1

Stateless Autoconfiguration 40-4

supported features 40-2

switch limitations 40-9

understanding static routes 40-6

IPv6 traffic, filtering 43-3

IRDP

configuring 39-12

definition 39-11

support for 1-12

IS-IS

addresses 39-62

area routing 39-62

default configuration 39-63

monitoring 39-71

show commands 39-71

system routing 39-62

ISO CLNS

clear commands 39-71

dynamic routing protocols 39-62

monitoring 39-71

NETs 39-62

NSAPs 39-62

OSI standard 39-62

ISO IGRP

area routing 39-62

system routing 39-62

isolated port 18-2

isolated VLANs 18-2, 18-3

K

KDC

described 9-41

See also Kerberos

Kerberos

authenticating to

boundary switch 9-43

KDC 9-43

network services 9-44

configuration examples 9-40

configuring 9-44

credentials 9-41

cryptographic software image 9-40

described 9-41

KDC 9-41

operation 9-43

realm 9-42

server 9-42

support for 1-9

switch as trusted third party 9-40

terms 9-41

TGT 9-42

tickets 9-41

key distribution center

See KDC

L

l2protocol-tunnel command 19-12

LACP

Layer 2 protocol tunneling 19-9

See EtherChannel

Layer 2 frames, classification with CoS 37-2

Layer 2 interfaces, default configuration 13-14

Layer 2 protocol tunneling

configuring 19-10

configuring for EtherChannels 19-14

default configuration 19-11

defined 19-8

guidelines 19-11

Layer 2 traceroute

and ARP 36-7

and CDP 36-7

broadcast traffic 36-7

described 36-7

IP addresses and subnets 36-7

MAC addresses and VLANs 36-7

multicast traffic 36-7

multiple devices on a port 36-8

unicast traffic 36-7

usage guidelines 36-7

Layer 3 features 1-11

Layer 3 interfaces

assigning IP addresses to 39-5

assigning IPv4 and IPv6 addresses to 40-14

assigning IPv6 addresses to 40-11

changing from Layer 2 mode 39-5, 39-79

types of 39-3

Layer 3 packets, classification methods 37-2

LDAP 5-2

Leaking IGMP Reports 24-4

LEDs, switch

See hardware installation guide

lightweight directory access protocol

See LDAP

line configuration mode 2-3

Link Aggregation Control Protocol

See EtherChannel

link failure, detecting unidirectional 21-7

link fault alarm 3-3

link integrity, verifying with REP 23-3

Link Layer Discovery Protocol

See CDP

link local unicast addresses 40-3

link redundancy

See Flex Links

links, unidirectional 31-1

link state advertisements (LSAs) 39-29

link-state protocols 39-3

link-state tracking

configuring 38-20

described 38-18

LLDP

configuring 29-5

characteristics 29-7

default configuration 29-5

enabling 29-6

monitoring and maintaining 29-12

overview 29-1

supported TLVs 29-2

switch stack considerations 29-2

transmission timer and holdtime, setting 29-7

LLDP-MED

configuring

procedures 29-5

TLVs 29-8

monitoring and maintaining 29-12

overview 29-1, 29-2

supported TLVs 29-2

LLDP Media Endpoint Discovery

See LLDP-MED

load balancing 44-4

local SPAN 28-2

location TLV 29-3, 29-8

logging messages, ACL 36-7

login authentication

with RADIUS 9-30

with TACACS+ 9-14

login banners 8-10

log messages

See system message logging

loop guard

described 22-9

enabling 22-15

support for 1-6

LRE profiles, considerations in switch clusters 6-13

M

MAB

See MAC authentication bypass

MAB aging timer 1-7

MAB inactivity timer

default setting 10-33

range 10-36

MAC/PHY configuration status TLV 29-2

MAC addresses

aging time 8-14

and VLAN association 8-13

building the address table 8-13

default configuration 8-14

disabling learning on a VLAN 8-22

discovering 8-23

displaying 8-23

displaying in the IP source binding table 25-26

dynamic

learning 8-13

removing 8-15

in ACLs 36-26

IP address association 39-8

static

adding 8-20

allowing 8-21, 8-22

characteristics of 8-19

dropping 8-21

removing 8-20

MAC address learning 1-4

MAC address learning, disabling on a VLAN 8-22

MAC address notification, support for 1-12

MAC address-table move update

configuration guidelines 24-8

configuring 24-12

default configuration 24-8

description 24-6

monitoring 24-15

MAC address-to-VLAN mapping 15-24

MAC authentication bypass 10-35

configuring 10-55

overview 10-16

See MAB

MAC extended access lists

applying to Layer 2 interfaces 36-28

configuring for QoS 37-44

creating 36-26

defined 36-26

for QoS classification 37-5

magic packet 10-25

manageability features 1-4

management access

in-band

browser session 1-5

CLI session 1-5

device manager 1-5

SNMP 1-5

out-of-band console port connection 1-5

management address TLV 29-2

management options

CLI 2-1

clustering 1-2

CNS 5-1

overview 1-3

management VLAN

considerations in switch clusters 6-7

discovery through different management VLANs 6-7

manual preemption, REP, configuring 23-13

mapping tables for QoS

configuring

CoS-to-DSCP 37-60

DSCP 37-59

DSCP-to-CoS 37-63

DSCP-to-DSCP-mutation 37-64

IP-precedence-to-DSCP 37-61

policed-DSCP 37-62

described 37-12

marking

action with aggregate policers 37-57

described 37-3, 37-8

matching

IPv6 ACLs 43-3

matching, IPv4 ACLs 36-5

maximum aging time

MSTP 21-23

STP 20-21

maximum hop count, MSTP 21-24

maximum number of allowed devices, port-based authentication 10-36

maximum-paths command 39-49, 39-88

MDA

configuration guidelines 10-12 to 10-13

described 1-8, 10-12

exceptions with authentication process 10-5

membership mode, VLAN port 15-3

member switch

automatic discovery 6-4

defined 6-1

managing 6-13

passwords 6-12

recovering from lost connectivity 36-4

requirements 6-3

See also candidate switch, cluster standby group, and standby command switch

messages, to users through banners 8-10

metrics, in BGP 39-49

metric translations, between routing protocols 39-93

metro tags 19-2

MHSRP 44-4

MIBs

overview 34-1

SNMP interaction with 34-4

mirroring traffic for analysis 28-1

mismatches, autonegotiation 36-4

module number 13-9

monitoring

access groups 36-29

alarms 3-13

BGP 39-61

cables for unidirectional links 31-1

CDP 30-5

CEF 39-87

EIGRP 39-40

fallback bridging 48-10

features 1-12

Flex Links 24-15

HSRP 44-13

IEEE 802.1Q tunneling 19-17

IGMP

snooping 42-11

interfaces 13-26

IP

address tables 39-17

routes 39-100

IP SLAs operations 45-13

IPv4 ACL configuration 36-29

IPv6 40-26

IPv6 ACL configuration 43-8

IS-IS 39-71

ISO CLNS 39-71

Layer 2 protocol tunneling 19-17

MAC address-table move update 24-15

multicast router interfaces 42-11

multi-VRF CE 39-86

network traffic for analysis with probe 28-2

object tracking 46-12

OSPF 39-32

port

blocking 27-20

protection 27-20

private VLANs 18-14

REP 23-13

SFP status 13-26, 36-6

speed and duplex mode 13-18

traffic flowing among switches 32-1

traffic suppression 27-20

tunneling 19-17

VLAN

filters 36-29

maps 36-29

VLANs 15-13

VMPS 15-28

VTP 16-16

mrouter Port 24-3

mrouter port 24-5

MSDP

support for 1-12

MSTP

boundary ports

configuration guidelines 21-15

described 21-6

BPDU filtering

described 22-3

enabling 22-12

BPDU guard

described 22-2

enabling 22-11

CIST, described 21-3

CIST regional root 21-3

CIST root 21-5

configuration guidelines 21-14, 22-10

configuring

forward-delay time 21-23

hello time 21-22

link type for rapid convergence 21-24

maximum aging time 21-23

maximum hop count 21-24

MST region 21-15

neighbor type 21-25

path cost 21-20

port priority 21-19

root switch 21-17

secondary root switch 21-18

switch priority 21-21

CST

defined 21-3

operations between regions 21-3

default configuration 21-14

default optional feature configuration 22-9

displaying status 21-26

enabling the mode 21-15

EtherChannel guard

described 22-7

enabling 22-14

extended system ID

effects on root switch 21-17

effects on secondary root switch 21-18

unexpected behavior 21-17

IEEE 802.1s

implementation 21-6

port role naming change 21-6

terminology 21-5

instances supported 20-9

interface state, blocking to forwarding 22-2

interoperability and compatibility among modes 20-10

interoperability with IEEE 802.1D

described 21-8

restarting migration process 21-25

IST

defined 21-2

master 21-3

operations within a region 21-3

loop guard

described 22-9

enabling 22-15

mapping VLANs to MST instance 21-16

MST region

CIST 21-3

configuring 21-15

described 21-2

hop-count mechanism 21-5

IST 21-2

supported spanning-tree instances 21-2

optional features supported 1-6

overview 21-2

Port Fast

described 22-2

enabling 22-10

preventing root switch selection 22-8

root guard

described 22-8

enabling 22-15

root switch

configuring 21-17

effects of extended system ID 21-17

unexpected behavior 21-17

shutdown Port Fast-enabled port 22-2

status, displaying 21-26

multiauth

support for inaccessible authentication bypass 10-23

multiauth mode

See multiple-authentication mode

multicast groups

static joins 42-7

multicast packets

blocking 27-7

multicast router interfaces, monitoring 42-11

multicast router ports, adding 42-8

Multicast Source Discovery Protocol

See MSDP

multicast storm 27-1

multicast storm-control command 27-4

multidomain authentication

See MDA

multioperations scheduling, IP SLAs 45-5

multiple authentication 10-13

multiple authentication mode

configuring 10-42

Multiple HSRP

See MHSRP

multiple VPN routing/forwarding in customer edge devices

See multi-VRF CE

multi-VRF CE

configuration example 39-82

configuration guidelines 39-74

configuring 39-74

default configuration 39-74

defined 39-72

displaying 39-86

monitoring 39-86

network components 39-74

packet-forwarding process 39-73

support for 1-11

N

NAC

AAA down policy 1-9

critical authentication 10-23, 10-51

IEEE 802.1x authentication using a RADIUS server 10-56

IEEE 802.1x validation using RADIUS server 10-56

inaccessible authentication bypass 1-9, 10-51

Layer 2 IEEE 802.1x validation 1-9, 10-28, 10-56

Layer 2 IP validation 1-9

named IPv4 ACLs 36-13

NameSpace Mapper

See NSM

native VLAN

and IEEE 802.1Q tunneling 19-4

configuring 15-19

default 15-19

NEAT

configuring 10-57

overview 10-29

neighbor discovery, IPv6 40-4

neighbor discovery/recovery, EIGRP 39-34

neighbor offset numbers, REP 23-4

neighbors, BGP 39-55

Network Admission Control

NAC

Network Assistant

benefits 1-2

described 1-3

network configuration examples

increasing network performance 1-16

providing network services 1-16

network design

performance 1-16

services 1-16

Network Edge Access Topology

See NEAT

network management

CDP 30-1

RMON 32-1

SNMP 34-1

network performance, measuring with IP SLAs 45-3

network policy TLV 29-2, 29-8

Network Time Protocol

See NTP

no commands 2-4

nonhierarchical policy maps

configuration guidelines 37-32

described 37-9

non-IP traffic filtering 36-26

nontrunking mode 15-15

normal-range VLANs 15-4

configuration guidelines 15-5

configuring 15-4

defined 15-1

not-so-stubby areas

See NSSA

NSAPs, as ISO IGRP addresses 39-62

NSF Awareness

IS-IS 39-64

NSM 5-3

NSSA, OSPF 39-29

NTP

associations

defined 8-2

overview 8-2

stratum 8-2

support for 1-4

time

services 8-2

synchronizing 8-2

O

object tracking

HSRP 46-7

IP SLAs 46-9

IP SLAs, configuring 46-9

monitoring 46-12

off mode, VTP 16-3

open1x

configuring 10-62

open1x authentication

overview 10-29

Open Shortest Path First

See OSPF

optimizing system resources 7-1

options, management 1-3

OSPF

area parameters, configuring 39-28

configuring 39-26

default configuration

metrics 39-30

route 39-30

settings 39-25

described 39-23

for IPv6 40-7

interface parameters, configuring 39-27

LSA group pacing 39-31

monitoring 39-32

router IDs 39-32

route summarization 39-30

support for 1-11

virtual links 39-30

out-of-profile markdown 1-11

P

packet modification, with QoS 37-18

PAgP

Layer 2 protocol tunneling 19-9

See EtherChannel

parallel paths, in routing tables 39-88

passive interfaces

configuring 39-97

OSPF 39-30

passwords

default configuration 9-2

disabling recovery of 9-5

encrypting 9-3

for security 1-7

in clusters 6-12

overview 9-1

recovery of 36-3

setting

enable 9-3

enable secret 9-3

Telnet 9-6

with usernames 9-6

VTP domain 16-8

path cost

MSTP 21-20

STP 20-18

path MTU discovery 40-4

PBR

defined 39-94

enabling 39-95

fast-switched policy-based routing 39-97

local policy-based routing 39-97

peers, BGP 39-55

percentage thresholds in tracked lists 46-6

performance, network design 1-16

performance features 1-2

persistent self-signed certificate 9-51

per-user ACLs and Filter-Ids 10-8

per-VLAN spanning-tree plus

See PVST+

PE to CE routing, configuring 39-81

physical ports 13-2

PIM

support for 1-12

ping

overview 36-6

PoE

auto mode 13-6

CDP with power consumption, described 13-4

CDP with power negotiation, described 13-4

Cisco intelligent power management 13-4

configuring 13-20

devices supported 13-4

high-power devices operating in low-power mode 13-5

IEEE power classification levels 13-5

monitoring 13-7

policing power usage 13-7

power budgeting 13-22

power consumption 13-22

powered-device detection and initial power allocation 13-5

power management modes 13-6

power negotiation extensions to CDP 13-4

standards supported 13-4

static mode 13-6

troubleshooting 36-5

policed-DSCP map for QoS 37-62

policers

configuring

for each matched traffic class 37-47

for more than one traffic class 37-57

described 37-3

displaying 37-77

number of 37-33

types of 37-9

policing

described 37-3

hierarchical

See hierarchical policy maps

token-bucket algorithm 37-9

policy-based routing

See PBR

policy maps for QoS

characteristics of 37-47

described 37-7

displaying 37-77

hierarchical 37-8

hierarchical on SVIs

configuration guidelines 37-32

configuring 37-51

described 37-11

nonhierarchical on physical ports

configuration guidelines 37-32

described 37-9

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting 10-14

authentication server

defined 10-3, 11-2

RADIUS server 10-3

client, defined 10-3, 11-2

configuration guidelines 10-34, 11-9

configuring

802.1x authentication 10-39

guest VLAN 10-49

host mode 10-42

inaccessible authentication bypass 10-51

manual re-authentication of a client 10-44

periodic re-authentication 10-43

quiet period 10-44

RADIUS server 10-42, 11-13

RADIUS server parameters on the switch 10-41, 11-11

restricted VLAN 10-50

switch-to-client frame-retransmission number 10-45, 10-46

switch-to-client retransmission time 10-45

violation modes 10-38 to 10-39

default configuration 10-33, 11-9

described 10-1

device roles 10-2, 11-2

displaying statistics 10-64, 11-17

downloadable ACLs and redirect URLs

configuring 10-59 to 10-61, ?? to 10-61

overview 10-18 to 10-20

EAPOL-start frame 10-5

EAP-request/identity frame 10-5

EAP-response/identity frame 10-5

enabling

802.1X authentication 11-11

encapsulation 10-3

flexible authentication ordering

configuring 10-62

overview 10-28

guest VLAN

configuration guidelines 10-22, 10-23

described 10-21

host mode 10-11

inaccessible authentication bypass

configuring 10-51

described 10-23

guidelines 10-35

initiation and message exchange 10-5

magic packet 10-25

maximum number of allowed devices per port 10-36

method lists 10-39

multiple authentication 10-13

per-user ACLs

AAA authorization 10-39

configuration tasks 10-18

described 10-17

RADIUS server attributes 10-18

ports

authorization state and dot1x port-control command 10-10

authorized and unauthorized 10-10

voice VLAN 10-24

port security

described 10-25

readiness check

configuring 10-36

described 10-16, 10-36

resetting to default values 10-64

statistics, displaying 10-64

switch

as proxy 10-3, 11-2

RADIUS client 10-3

switch supplicant

configuring 10-57

overview 10-29

user distribution

guidelines 10-27

overview 10-27

VLAN assignment

AAA authorization 10-39

characteristics 10-16

configuration tasks 10-17

described 10-16

voice aware 802.1x security

configuring 10-37

described 10-29, 10-37

voice VLAN

described 10-24

PVID 10-24

VVID 10-24

wake-on-LAN, described 10-25

with ACLs and RADIUS Filter-Id attribute 10-31

port-based authentication methods, supported 10-7

port blocking 1-3, 27-6

port-channel

See EtherChannel

port description TLV 29-2

Port Fast

described 22-2

enabling 22-10

mode, spanning tree 15-25

support for 1-6

port membership modes, VLAN 15-3

port not forwarding alarm 3-3

port not operating alarm 3-3

port priority

MSTP 21-19

STP 20-16

ports

access 13-2

blocking 27-6

dual-purpose uplink 13-4

dynamic access 15-3

protected 27-5

REP 23-6

secure 27-8

static-access 15-3, 15-9

switch 13-2

trunks 15-3, 15-14

VLAN assignments 15-9

port security

aging 27-17

and private VLANs 27-19

and QoS trusted boundary 37-37

configuring 27-12

default configuration 27-10

described 27-7

displaying 27-20

enabling 27-19

on trunk ports 27-14

sticky learning 27-8

violations 27-9

with other features 27-11

port-shutdown response, VMPS 15-24

port status monitoring alarms

FCS bit error rate alarm 3-3

link fault alarm 3-3

port not forwarding alarm 3-3

port not operating alarm 3-3

port VLAN ID TLV 29-2

power management TLV 29-2, 29-8

power over Ethernet

See PoE

preempt delay time, REP 23-5

preemption, default configuration 24-8

preemption delay, default configuration 24-8

preferential treatment of traffic

See QoS

prefix lists, BGP 39-53

preventing unauthorized access 9-1

primary edge port, REP 23-4

primary interface for object tracking, DHCP, configuring 46-10

primary interface for static routing, configuring 46-10

primary links 24-2

primary VLANs 18-1, 18-3

priority

HSRP 44-8

overriding CoS 17-6

trusting CoS 17-6

private VLAN edge ports

See protected ports

private VLANs

across multiple switches 18-4

and SDM template 18-4

and SVIs 18-5

benefits of 18-1

community ports 18-2

community VLANs 18-2, 18-3

configuration guidelines 18-6, 18-7, 18-8

configuration tasks 18-6

configuring 18-9

default configuration 18-6

end station access to 18-3

IP addressing 18-3

isolated port 18-2

isolated VLANs 18-2, 18-3

mapping 18-13

monitoring 18-14

ports

community 18-2

configuration guidelines 18-8

configuring host ports 18-11

configuring promiscuous ports 18-12

isolated 18-2

promiscuous 18-2

primary VLANs 18-1, 18-3

promiscuous ports 18-2

secondary VLANs 18-2

subdomains 18-1

traffic in 18-5

privileged EXEC mode 2-2

privilege levels

changing the default for lines 9-9

command switch 6-14

exiting 9-10

logging into 9-10

mapping on member switches 6-14

overview 9-2, 9-8

setting a command with 9-8

promiscuous ports

configuring 18-12

defined 18-2

protected ports 1-7, 27-5

protocol-dependent modules, EIGRP 39-34

provider edge devices 39-72

proxy ARP

configuring 39-10

definition 39-8

with IP routing disabled 39-11

proxy reports 24-3

pruning, VTP

disabling

in VTP domain 16-14

on a port 15-19

enabling

in VTP domain 16-14

on a port 15-19

examples 16-6

overview 16-5

pruning-eligible list

changing 15-19

for VTP pruning 16-5

VLANs 16-14

PVST+

described 20-9

IEEE 802.1Q trunking interoperability 20-10

instances supported 20-9

Q

QoS

auto-QoS

categorizing traffic 37-19

configuration and defaults display 37-28

configuration guidelines 37-24

described 37-18

disabling 37-26

displaying generated commands 37-26

displaying the initial configuration 37-28

effects on running configuration 37-24

egress queue defaults 37-19

enabling for VoIP 37-25

example configuration 37-27

ingress queue defaults 37-19

list of generated commands 37-21

basic model 37-3

classification

class maps, described 37-7

defined 37-3

DSCP transparency, described 37-39

flowchart 37-6

forwarding treatment 37-3

in frames and packets 37-2

IP ACLs, described 37-5, 37-7

MAC ACLs, described 37-5, 37-7

options for IP traffic 37-5

options for non-IP traffic 37-4

policy maps, described 37-7

trust DSCP, described 37-4

trusted CoS, described 37-4

trust IP precedence, described 37-4

class maps

configuring 37-45

displaying 37-77

configuration guidelines

auto-QoS 37-24

standard QoS 37-32

configuring

aggregate policers 37-57

auto-QoS 37-18

default port CoS value 37-37

DSCP maps 37-59

DSCP transparency 37-39

DSCP trust states bordering another domain 37-39

egress queue characteristics 37-69

ingress queue characteristics 37-65

IP extended ACLs 37-43

IP standard ACLs 37-42

MAC ACLs 37-44

policy maps, hierarchical 37-51

port trust states within the domain 37-35

trusted boundary 37-37

default auto configuration 37-19

default standard configuration 37-29

displaying statistics 37-77

DSCP transparency 37-39

egress queues

allocating buffer space 37-70

buffer allocation scheme, described 37-16

configuring shaped weights for SRR 37-73

configuring shared weights for SRR 37-74

described 37-3

displaying the threshold map 37-73

flowchart 37-16

mapping DSCP or CoS values 37-72

scheduling, described 37-4

setting WTD thresholds 37-70

WTD, described 37-17

enabling globally 37-34

flowcharts

classification 37-6

egress queueing and scheduling 37-16

ingress queueing and scheduling 37-14

policing and marking 37-10

implicit deny 37-7

ingress queues

allocating bandwidth 37-67

allocating buffer space 37-67

buffer and bandwidth allocation, described 37-15

configuring shared weights for SRR 37-67

configuring the priority queue 37-68

described 37-3

displaying the threshold map 37-66

flowchart 37-14

mapping DSCP or CoS values 37-66

priority queue, described 37-15

scheduling, described 37-3

setting WTD thresholds 37-66

WTD, described 37-15

IP phones

automatic classification and queueing 37-18

detection and trusted settings 37-18, 37-37

limiting bandwidth on egress interface 37-76

mapping tables

CoS-to-DSCP 37-60

displaying 37-77

DSCP-to-CoS 37-63

DSCP-to-DSCP-mutation 37-64

IP-precedence-to-DSCP 37-61

policed-DSCP 37-62

types of 37-12

marked-down actions 37-49, 37-54

marking, described 37-3, 37-8

overview 37-1

packet modification 37-18

policers

configuring 37-49, 37-54, 37-58

described 37-8

displaying 37-77

number of 37-33

types of 37-9

policies, attaching to an interface 37-8

policing

described 37-3, 37-8

token bucket algorithm 37-9

policy maps

characteristics of 37-47

displaying 37-77

hierarchical 37-8

hierarchical on SVIs 37-51

nonhierarchical on physical ports 37-47

QoS label, defined 37-3

queues

configuring egress characteristics 37-69

configuring ingress characteristics 37-65

high priority (expedite) 37-17, 37-75

location of 37-13

SRR, described 37-14

WTD, described 37-13

rewrites 37-18

support for 1-10

trust states

bordering another domain 37-39

described 37-4

trusted device 37-37

within the domain 37-35

quality of service

See QoS

R

RADIUS

attributes

vendor-proprietary 9-38

vendor-specific 9-36

configuring

accounting 9-35

authentication 9-30

authorization 9-34

communication, global 9-28, 9-36

communication, per-server 9-28

multiple UDP ports 9-28

default configuration 9-27

defining AAA server groups 9-32

displaying the configuration 9-40

identifying the server 9-28

in clusters 6-13

limiting the services to the user 9-34

method list, defined 9-27

operation of 9-20

overview 9-18

server load balancing 9-40

suggested network environments 9-19

support for 1-9

tracking services accessed by user 9-35

RADIUS Change of Authorization 9-20

range

macro 13-12

of interfaces 13-11

rapid convergence 21-9

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described 20-9

IEEE 802.1Q trunking interoperability 20-10

instances supported 20-9

Rapid Spanning Tree Protocol

See RSTP

RARP 39-8

rcommand command 6-13

RCP

configuration files

downloading A-17

overview A-15

preparing the server A-16

uploading A-18

image files

deleting old image A-34

downloading A-33

preparing the server A-32

uploading A-34

reachability, tracking IP SLAs IP host 46-9

readiness check

port-based authentication

configuring 10-36

described 10-16, 10-36

reconfirmation interval, VMPS, changing 15-27

reconfirming dynamic VLAN membership 15-27

recovery procedures 36-1

redirect URL 10-18, 10-20, 10-59

redundancy

EtherChannel 38-3

HSRP 44-1

STP

backbone 20-8

path cost 15-22

port priority 15-20

redundant links and UplinkFast 22-13

reliable transport protocol, EIGRP 39-34

reloading software 4-21

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN 28-2

REP

administrative VLAN 23-8

administrative VLAN, configuring 23-8

age timer 23-8

and STP 23-6

configuration guidelines 23-7

configuring interfaces 23-9

convergence 23-4

default configuration 23-7

manual preemption, configuring 23-13

monitoring 23-13

neighbor offset numbers 23-4

open segment 23-2

ports 23-6

preempt delay time 23-5

primary edge port 23-4

ring segment 23-2

secondary edge port 23-4

segments 23-1

characteristics 23-2

SNMP traps, configuring 23-13

supported interfaces 23-1

triggering VLAN load balancing 23-5

verifying link integrity 23-3

VLAN blocking 23-12

VLAN load balancing 23-4

report suppression, IGMP

disabling 42-10

resequencing ACL entries 36-13

reserved addresses in DHCP pools 25-28

resets, in BGP 39-48

resetting a UDLD-shutdown interface 31-6

Resilient Ethernet Protocol

See REP

responder, IP SLAs

described 45-4

response time, measuring with IP SLAs 45-4

restricted VLAN

configuring 10-50

described 10-22

using with IEEE 802.1x 10-22

restricting access

overview 9-1

passwords and privilege levels 9-2

RADIUS 9-18

TACACS+ 9-10

retry count, VMPS, changing 15-28

reverse address resolution 39-8

Reverse Address Resolution Protocol

See RARP

RFC

1058, RIP 39-18

1157, SNMPv1 34-2

1163, BGP 39-41

1166, IP addresses 39-5

1253, OSPF 39-24

1267, BGP 39-41

1305, NTP 8-2

1587, NSSAs 39-24

1757, RMON 32-2

1771, BGP 39-41

1901, SNMPv2C 34-2

1902 to 1907, SNMPv2 34-2

2273-2275, SNMPv3 34-2

RFC 5176 Compliance 9-21

RIP

advertisements 39-18

authentication 39-21

configuring 39-20

default configuration 39-19

described 39-18

for IPv6 40-6

hop counts 39-19

split horizon 39-22

summary addresses 39-22

support for 1-11

RMON

default configuration 32-3

displaying status 32-6

enabling alarms and events 32-3

groups supported 32-2

overview 32-1

statistics

collecting group Ethernet 32-5

collecting group history 32-5

support for 1-12

root guard

described 22-8

enabling 22-15

support for 1-6

root switch

MSTP 21-17

STP 20-14

route calculation timers, OSPF 39-30

route dampening, BGP 39-60

routed ports

configuring 39-3

IP addresses on 39-4

route-map command 39-96

route maps

BGP 39-51

policy-based routing 39-94

route reflectors, BGP 39-59

router ID, OSPF 39-32

route selection, BGP 39-49

route summarization, OSPF 39-30

route targets, VPN 39-74

routing

default 39-2

dynamic 39-3

redistribution of information 39-90

static 39-3

routing domain confederation, BGP 39-58

Routing Information Protocol

See RIP

routing protocol administrative distances 39-89

RSPAN

characteristics 28-8

configuration guidelines 28-16

default configuration 28-9

defined 28-2

destination ports 28-7

displaying status 28-22

interaction with other features 28-8

monitored ports 28-5

monitoring ports 28-7

overview 1-12, 28-1

received traffic 28-4

sessions

creating 28-16

defined 28-3

limiting source traffic to specific VLANs 28-21

specifying monitored ports 28-16

with ingress traffic enabled 28-20

source ports 28-5

transmitted traffic 28-5

VLAN-based 28-6

RSTP

active topology 21-9

BPDU

format 21-12

processing 21-12

designated port, defined 21-9

designated switch, defined 21-9

interoperability with IEEE 802.1D

described 21-8

restarting migration process 21-25

topology changes 21-13

overview 21-8

port roles

described 21-9

synchronized 21-11

proposal-agreement handshake process 21-10

rapid convergence

described 21-9

edge ports and Port Fast 21-9

point-to-point links 21-10, 21-24

root ports 21-10

root port, defined 21-9

See also MSTP

running configuration

replacing A-19, A-20

rolling back A-19, A-20

running configuration, saving 4-15

S

scheduled reloads 4-21

scheduling, IP SLAs operations 45-5

SCP

and SSH 9-56

configuring 9-57

SD flash memory card A-2

SDM

templates

configuring 7-4

number of 7-1

SDM template 43-3

configuration guidelines 7-3

configuring 7-3

dual IPv4 and IPv6 7-2

types of 7-1

secondary edge port, REP 23-4

secondary VLANs 18-2

Secure Copy Protocol

Secure Digital flash memory card

See SD flash memory card

secure HTTP client

configuring 9-55

displaying 9-56

secure HTTP server

configuring 9-54

displaying 9-56

secure MAC addresses

deleting 27-16

maximum number of 27-9

types of 27-8

secure ports, configuring 27-8

secure remote connections 9-46

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port 27-7

security features 1-7

See SCP

sequence numbers in log messages 33-8

server mode, VTP 16-3

service-provider network, MSTP and RSTP 21-1

service-provider networks

and customer VLANs 19-2

and IEEE 802.1Q tunneling 19-1

Layer 2 protocols across 19-8

Layer 2 protocol tunneling for EtherChannels 19-9

set-request operation 34-4

setting a secondary temperature threshold 3-7, 3-8

setting power supply alarm options 3-6

setting the FCS error hysteresis threshold 3-10

severity levels, defining in system messages 33-8

SFPs

monitoring status of 13-26, 36-6

security and identification 36-5

status, displaying 36-6

shaped round robin

See SRR

show access-lists hw-summary command 36-20

show alarm commands 3-13

show and more command output, filtering 2-10

show cdp traffic command 30-6

show cluster members command 6-13

show configuration command 13-23

show forward command 36-12

show interfaces command 13-18, 13-23

show interfaces switchport 24-4

show l2protocol command 19-13, 19-15

show lldp traffic command 29-12

show platform forward command 36-12

show running-config command

displaying ACLs 36-18, 36-19

interface description in 13-23

shutdown command on interfaces 13-28

shutdown threshold for Layer 2 protocol packets 19-11

Simple Network Management Protocol

See SNMP

Smartports macros

applying Cisco-default macros 14-3

applying global parameter values 14-3

configuration guidelines 14-2

default configuration 14-1

displaying 14-5

tracing 14-2

SNAP 30-1

SNMP

accessing MIB variables with 34-4

agent

described 34-4

disabling 34-8

and IP SLAs 45-2

authentication level 34-11

community strings

configuring 34-9

overview 34-4

configuration examples 34-18

default configuration 34-7

engine ID 34-8

groups 34-8, 34-10

host 34-8

ifIndex values 34-5

in-band management 1-5

in clusters 6-13

informs

and trap keyword 34-12

described 34-5

differences from traps 34-5

disabling 34-16

enabling 34-16

limiting access by TFTP servers 34-17

limiting system log messages to NMS 33-10

manager functions 1-4, 34-3

managing clusters with 6-14

notifications 34-5

overview 34-1, 34-4

security levels 34-2

setting CPU threshold notification 34-16

status, displaying 34-19

system contact and location 34-17

trap manager, configuring 34-14

traps

described 34-3, 34-5

differences from informs 34-5

disabling 34-16

enabling 34-12

enabling MAC address notification 8-15, 8-17, 8-18

overview 34-1, 34-4

types of 34-13

users 34-8, 34-10

versions supported 34-2

SNMP and Syslog Over IPv6 40-8

SNMP traps

REP 23-13

SNMPv1 34-2

SNMPv2C 34-2

SNMPv3 34-2

software images

location in flash A-23

recovery procedures 36-2

scheduling reloads 4-21

tar file format, described A-23

See also downloading and uploading

source addresses

in IPv4 ACLs 36-10

in IPv6 ACLs 43-5

source-and-destination-IP address based forwarding, EtherChannel 38-7

source-and-destination MAC address forwarding, EtherChannel 38-7

source-IP address based forwarding, EtherChannel 38-7

source-MAC address forwarding, EtherChannel 38-7

SPAN

configuration guidelines 28-10

default configuration 28-9

destination ports 28-7

displaying status 28-22

interaction with other features 28-8

monitored ports 28-5

monitoring ports 28-7

overview 1-12, 28-1

ports, restrictions 27-11

received traffic 28-4

sessions

configuring ingress forwarding 28-14, 28-21

creating 28-11

defined 28-3

limiting source traffic to specific VLANs 28-14

removing destination (monitoring) ports 28-12

specifying monitored ports 28-11

with ingress traffic enabled 28-13

source ports 28-5

transmitted traffic 28-5

VLAN-based 28-6

spanning tree and native VLANs 15-15

Spanning Tree Protocol

See STP

SPAN traffic 28-4

split horizon, RIP 39-22

SRR

configuring

shaped weights on egress queues 37-73

shared weights on egress queues 37-74

shared weights on ingress queues 37-67

described 37-14

shaped mode 37-14

shared mode 37-14

support for 1-11

SSH

configuring 9-47

cryptographic software image 9-45

described 1-5, 9-46

encryption methods 9-46

user authentication methods, supported 9-46

SSL

configuration guidelines 9-53

configuring a secure HTTP client 9-55

configuring a secure HTTP server 9-54

cryptographic software image 9-50

described 9-50

monitoring 9-56

standby command switch

configuring

considerations 6-10

defined 6-2

requirements 6-3

virtual IP address 6-10

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

standby ip command 44-6

standby links 24-2

standby router 44-1

standby timers, HSRP 44-11

startup configuration

booting

manually 4-18

specific image 4-19

clearing A-19

configuration file

automatically downloading 4-17

specifying the filename 4-17

default boot configuration 4-17

static access ports

assigning to VLAN 15-9

defined 13-3, 15-3

static addresses

See addresses

static IP routing 1-12

static MAC addressing 1-7

static route primary interface,configuring 46-10

static routes

configuring 39-88

configuring for IPv6 40-19

understanding 40-6

static routing 39-3

static routing support, enhanced object tracking 46-10

static VLAN membership 15-2

statistics

802.1X 11-17

802.1x 10-64

CDP 30-5

interface 13-26

LLDP 29-12

LLDP-MED 29-12

NMSP 29-12

OSPF 39-32

QoS ingress and egress 37-77

RMON group Ethernet 32-5

RMON group history 32-5

SNMP input and output 34-19

VTP 16-16

sticky learning 27-8

storm control

configuring 27-3

described 27-1

disabling 27-5

displaying 27-20

support for 1-3

thresholds 27-1

STP

accelerating root port selection 22-4

and REP 23-6

BackboneFast

described 22-5

disabling 22-14

enabling 22-13

BPDU filtering

described 22-3

disabling 22-12

enabling 22-12

BPDU guard

described 22-2

disabling 22-12

enabling 22-11

BPDU message exchange 20-3

configuration guidelines 20-12, 22-10

configuring

forward-delay time 20-21

hello time 20-20

maximum aging time 20-21

path cost 20-18

port priority 20-16

root switch 20-14

secondary root switch 20-16

spanning-tree mode 20-13

switch priority 20-19

transmit hold-count 20-22

counters, clearing 20-22

default configuration 20-11

default optional feature configuration 22-9

designated port, defined 20-3

designated switch, defined 20-3

detecting indirect link failures 22-5

disabling 20-14

displaying status 20-22

EtherChannel guard

described 22-7

disabling 22-14

enabling 22-14

extended system ID

effects on root switch 20-14

effects on the secondary root switch 20-16

overview 20-4

unexpected behavior 20-14

features supported 1-6

IEEE 802.1D and bridge ID 20-4

IEEE 802.1D and multicast addresses 20-8

IEEE 802.1t and VLAN identifier 20-4

inferior BPDU 20-3

instances supported 20-9

interface state, blocking to forwarding 22-2

interface states

blocking 20-5

disabled 20-7

forwarding 20-5, 20-6

learning 20-6

listening 20-6

overview 20-4

interoperability and compatibility among modes 20-10

Layer 2 protocol tunneling 19-7

limitations with IEEE 802.1Q trunks 20-10

load sharing

overview 15-20

using path costs 15-22

using port priorities 15-21

loop guard

described 22-9

enabling 22-15

modes supported 20-9

multicast addresses, effect of 20-8

optional features supported 1-6

overview 20-2

path costs 15-22, 15-23

Port Fast

described 22-2

enabling 22-10

port priorities 15-21

preventing root switch selection 22-8

protocols supported 20-9

redundant connectivity 20-8

root guard

described 22-8

enabling 22-15

root port, defined 20-3

root switch

configuring 20-14

effects of extended system ID 20-4, 20-14

election 20-3

unexpected behavior 20-14

shutdown Port Fast-enabled port 22-2

status, displaying 20-22

superior BPDU 20-3

timers, described 20-20

UplinkFast

described 22-3

enabling 22-13

VLAN-bridge 20-10

stratum, NTP 8-2

stub areas, OSPF 39-28

stub routing, EIGRP 39-39

subdomains, private VLAN 18-1

subnet mask 39-5

subnet zero 39-6

success response, VMPS 15-24

summer time 8-6

SunNet Manager 1-4

supernet 39-6

supported port-based authentication methods 10-7

SVIs

and IP unicast routing 39-3

connecting VLANs 13-9

switch 40-2

switch clustering technology 6-1

See also clusters, switch

switch console port 1-5

Switch Database Management

See SDM

Switched Port Analyzer

See SPAN

switched ports 13-2

switchport backup interface 24-4, 24-5

switchport block multicast command 27-7

switchport block unicast command 27-7

switchport command 13-14

switchport mode dot1q-tunnel command 19-6

switchport protected command 27-6

switch priority

MSTP 21-21

STP 20-19

switch software features 1-1

SXP

configuration process 12-2

configuring peer connections 12-2

default passwords 12-4

enabling 12-2

reconcile period 12-5

retry period 12-5

source IP address 12-4

synchronization, BGP 39-45

syslog

See system message logging

system capabilities TLV 29-2

system clock

configuring

daylight saving time 8-6

manually 8-4

summer time 8-6

time zones 8-5

displaying the time and date 8-5

overview 8-1

See also NTP

system description TLV 29-2

system message logging

default configuration 33-3

defining error message severity levels 33-8

disabling 33-4

displaying the configuration 33-13

enabling 33-4

facility keywords, described 33-13

level keywords, described 33-9

limiting messages 33-10

message format 33-2

overview 33-1

sequence numbers, enabling and disabling 33-8

setting the display destination device 33-5

synchronizing log messages 33-6

syslog facility 1-12

time stamps, enabling and disabling 33-7

UNIX syslog servers

configuring the daemon 33-12

configuring the logging facility 33-12

facilities supported 33-13

system MTU

and IS-IS LSPs 39-66

system MTU and IEEE 802.1Q tunneling 19-5

system name

default configuration 8-8

default setting 8-8

manual configuration 8-8

See also DNS

system name TLV 29-2

system prompt, default setting 8-7, 8-8

system resources, optimizing 7-1

system routing

IS-IS 39-62

ISO IGRP 39-62

T

TACACS+

accounting, defined 9-11

authentication, defined 9-11

authorization, defined 9-11

configuring

accounting 9-17

authentication key 9-13

authorization 9-16

login authentication 9-14

default configuration 9-13

displaying the configuration 9-18

identifying the server 9-13

in clusters 6-13

limiting the services to the user 9-16

operation of 9-12

overview 9-10

support for 1-9

tracking services accessed by user 9-17

tagged packets

IEEE 802.1Q 19-3

Layer 2 protocol 19-7

tar files

creating A-7

displaying the contents of A-7

extracting A-8

image file format A-23

TCL script, registering and defining with embedded event manager 35-6

TDR 1-13

Telnet

accessing management interfaces 2-10

number of connections 1-5

setting a password 9-6

temperature alarms, configuring 3-7, 3-8

temporary self-signed certificate 9-51

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password 9-6

TFTP

configuration files

downloading A-11

preparing the server A-10

uploading A-12

configuration files in base directory 4-7

configuring for autoconfiguration 4-7

image files

deleting A-26

downloading A-25

preparing the server A-24

uploading A-27

limiting access by servers 34-17

TFTP server 1-4

threshold, traffic level 27-2

threshold monitoring, IP SLAs 45-6

time

See NTP and system clock

Time Domain Reflector

See TDR

time-range command 36-15

time ranges in ACLs 36-15

time stamps in log messages 33-7

time zones 8-5

TLVs

defined 29-1

LLDP 29-2

LLDP-MED 29-2

Token Ring VLANs

support for 15-5

VTP support 16-4

ToS 1-10

traceroute, Layer 2

and ARP 36-7

and CDP 36-7

broadcast traffic 36-7

described 36-7

IP addresses and subnets 36-7

MAC addresses and VLANs 36-7

multicast traffic 36-7

multiple devices on a port 36-8

unicast traffic 36-7

usage guidelines 36-7

traceroute command 36-9

See also IP traceroute

tracked lists

configuring 46-3

types 46-3

tracked objects

by Boolean expression 46-4

by threshold percentage 46-6

by threshold weight 46-5

tracking interface line-protocol state 46-2

tracking IP routing state 46-2

tracking objects 46-1

tracking process 46-1

track state, tracking IP SLAs 46-9

traffic

blocking flooded 27-7

fragmented 36-3

fragmented IPv6 43-2

unfragmented 36-3

traffic policing 1-10

traffic suppression 27-1

transmit hold-count

see STP

transparent mode, VTP 16-3

trap-door mechanism 4-2

traps

configuring MAC address notification 8-15, 8-17, 8-18

configuring managers 34-12

defined 34-3

enabling 8-15, 8-17, 8-18, 34-12

notification types 34-13

overview 34-1, 34-4

triggering alarm options

configurable relay 3-3

methods 3-3

SNMP traps 3-4

syslog messages 3-4

troubleshooting

connectivity problems 36-6, 36-8

CPU utilization 36-15

detecting unidirectional links 31-1

displaying crash information 36-14

setting packet forwarding 36-12

SFP security and identification 36-5

show forward command 36-12

with CiscoWorks 34-4

with debug commands 36-11

with ping 36-6

with system message logging 33-1

with traceroute 36-8

trunk failover

See link-state tracking

trunking encapsulation 1-6

trunk ports

configuring 15-17

defined 13-3, 15-3

trunks

allowed-VLAN list 15-18

load sharing

setting STP path costs 15-22

using STP port priorities 15-20, 15-21

native VLAN for untagged traffic 15-19

parallel 15-22

pruning-eligible list 15-19

to non-DTP device 15-14

trusted boundary for QoS 37-37

trusted port states

between QoS domains 37-39

classification options 37-4

ensuring port security for IP phones 37-37

support for 1-10

within a QoS domain 37-35

trustpoints, CA 9-50

tunneling

defined 19-1

IEEE 802.1Q 19-1

Layer 2 protocol 19-8

tunnel ports

described 19-1

IEEE 802.1Q, configuring 19-6

incompatibilities with other features 19-5

twisted-pair Ethernet, detecting unidirectional links 31-1

type of service

See ToS

U

UDLD

configuration guidelines 31-4

default configuration 31-4

disabling

globally 31-5

on fiber-optic interfaces 31-5

per interface 31-5

echoing detection mechanism 31-2

enabling

globally 31-5

per interface 31-5

Layer 2 protocol tunneling 19-10

link-detection mechanism 31-1

neighbor database 31-2

overview 31-1

resetting an interface 31-6

status, displaying 31-6

support for 1-5

UDP, configuring 39-14

UDP jitter, configuring 45-9

UDP jitter operation, IP SLAs 45-9

unauthorized ports with IEEE 802.1x 10-10

unicast MAC address filtering 1-4

and adding static addresses 8-21

and broadcast MAC addresses 8-20

and CPU packets 8-20

and multicast addresses 8-20

and router MAC addresses 8-20

configuration guidelines 8-20

described 8-20

unicast storm 27-1

unicast storm control command 27-4

unicast traffic, blocking 27-7

UniDirectional Link Detection protocol

See UDLD

UNIX syslog servers

daemon configuration 33-12

facilities supported 33-13

message logging configuration 33-12

unrecognized Type-Length-Value (TLV) support 16-4

upgrading software images

See downloading

UplinkFast

described 22-3

disabling 22-13

enabling 22-13

uploading

configuration files

preparing A-10, A-13, A-16

reasons for A-9

using FTP A-14

using RCP A-18

using TFTP A-12

image files

preparing A-24, A-28, A-32

reasons for A-23

using FTP A-30

using RCP A-34

using TFTP A-27

User Datagram Protocol

See UDP

user EXEC mode 2-2

username-based authentication 9-6

V

version-dependent transparent mode 16-4

virtual IP address

cluster standby group 6-10

command switch 6-10

Virtual Private Network

See VPN

virtual router 44-1, 44-2

virtual switches and PAgP 38-5

vlan.dat file 15-4

VLAN 1, disabling on a trunk port 15-18

VLAN 1 minimization 15-18

vlan-assignment response, VMPS 15-24

VLAN blocking, REP 23-12

VLAN configuration

at bootup 15-6

saving 15-6

VLAN configuration mode 2-2

VLAN database

and startup configuration file 15-6

and VTP 16-1

VLAN configuration saved in 15-6

VLANs saved in 15-4

vlan dot1q tag native command 19-4

VLAN filtering and SPAN 28-6

vlan global configuration command 15-6

VLAN ID, discovering 8-23

VLAN load balancing

REP 23-4

VLAN load balancing, triggering 23-5

VLAN load balancing on flex links 24-2

configuration guidelines 24-8

VLAN management domain 16-2

VLAN Management Policy Server

See VMPS

VLAN maps

displaying 36-29

support for 1-8

VLAN membership

confirming 15-27

modes 15-3

VLAN Query Protocol

See VQP

VLANs

adding 15-7

adding to VLAN database 15-7

aging dynamic addresses 20-9

allowed on trunk 15-18

and spanning-tree instances 15-2, 15-6, 15-10

configuration guidelines, extended-range VLANs 15-10

configuration guidelines, normal-range VLANs 15-5

configuring 15-1

configuring IDs 1006 to 4094 15-10

connecting through SVIs 13-9

creating 15-7

customer numbering in service-provider networks 19-3

default configuration 15-6

deleting 15-8

described 13-2, 15-1

displaying 15-13

extended-range 15-1, 15-10

features 1-6

illustrated 15-2

internal 15-11

limiting source traffic with RSPAN 28-21

limiting source traffic with SPAN 28-14

modifying 15-7

native, configuring 15-19

normal-range 15-1, 15-4

number supported 1-6

parameters 15-4

port membership modes 15-3

static-access ports 15-9

STP and IEEE 802.1Q trunks 20-10

supported 15-2

Token Ring 15-5

VLAN-bridge STP 20-10, 48-2

VTP modes 16-3

VLAN Trunking Protocol

See VTP

VLAN trunks 15-14

VMPS

administering 15-28

configuration example 15-29

configuration guidelines 15-25

default configuration 15-25

description 15-23

dynamic port membership

described 15-24

reconfirming 15-27

troubleshooting 15-29

entering server address 15-26

mapping MAC addresses to VLANs 15-24

monitoring 15-28

reconfirmation interval, changing 15-27

reconfirming membership 15-27

retry count, changing 15-28

voice aware 802.1x security

port-based authentication

configuring 10-37

described 10-29, 10-37

voice-over-IP 17-1

voice VLAN

Cisco 7960 phone, port connections 17-1

configuration guidelines 17-3

configuring IP phones for data traffic

override CoS of incoming frame 17-6

trust CoS priority of incoming frame 17-6

configuring ports for voice traffic in

802.1p priority tagged frames 17-5

802.1Q frames 17-5

connecting to an IP phone 17-4

default configuration 17-3

described 17-1

displaying 17-7

IP phone data traffic, described 17-2

IP phone voice traffic, described 17-2

VPN

configuring routing in 39-81

forwarding 39-74

in service provider networks 39-71

routes 39-72

VPN routing and forwarding table

See VRF

VQP 1-6, 15-23

VRF

defining 39-74

Specifying for an SXP connection 12-3

tables 39-71

VRF-aware services

ARP 39-78

configuring 39-77

ftp 39-80

HSRP 39-79

ping 39-78

SNMP 39-78

syslog 39-79

tftp 39-80

traceroute 39-80

VTP

adding a client to a domain 16-15

advertisements 15-16, 16-3

and extended-range VLANs 15-2, 16-1

and normal-range VLANs 15-2, 16-1

client mode, configuring 16-11

configuration

guidelines 16-8

requirements 16-10

saving 16-8

configuration requirements 16-10

configuration revision number

guideline 16-15

resetting 16-16

consistency checks 16-4

default configuration 16-7

described 16-1

domain names 16-8

domains 16-2

Layer 2 protocol tunneling 19-7

modes

client 16-3

off 16-3

server 16-3

transitions 16-3

transparent 16-3

monitoring 16-16

passwords 16-8

pruning

disabling 16-14

enabling 16-14

examples 16-6

overview 16-5

support for 1-6

pruning-eligible list, changing 15-19

server mode, configuring 16-10, 16-13

statistics 16-16

support for 1-6

Token Ring support 16-4

transparent mode, configuring 16-10

using 16-1

Version

enabling 16-13

version, guidelines 16-9

Version 1 16-4

Version 2

configuration guidelines 16-9

overview 16-4

Version 3

overview 16-4

W

WCCP

authentication 47-3

configuration guidelines 47-5

default configuration 47-5

described 47-1

displaying 47-9

dynamic service groups 47-3

enabling 47-6

features unsupported 47-4

forwarding method 47-3

Layer-2 header rewrite 47-3

MD5 security 47-3

message exchange 47-2

monitoring and maintaining 47-9

negotiation 47-3

packet redirection 47-3

packet-return method 47-3

redirecting traffic received from a client 47-6

setting the password 47-6

unsupported WCCPv2 features 47-4

web authentication 10-16

configuring 11-16 to ??

described 1-7

web-based authentication

customizeable web pages 11-5

description 11-1

web-based authentication, interactions with other features 11-7

Web Cache Communication Protocol

See WCCP

weighted tail drop

See WTD

weight thresholds in tracked lists 46-5

wired location service

configuring 29-10

displaying 29-12

location TLV 29-3

understanding 29-3

WTD

described 37-13

setting thresholds

egress queue-sets 37-70

ingress queues 37-66

support for 1-11

X

Xmodem protocol 36-2

Index

A

AAA down policy, NAC Layer 2 IP validation 1-9

abbreviating commands 2-4

ABRs 39-24

access-class command 36-18

access control entries

See ACEs

access control entry (ACE) 43-3

access-denied response, VMPS 15-24

access groups

applying IPv4 ACLs to interfaces 36-19

Layer 2 36-19

Layer 3 36-19

accessing

clusters, switch 6-12

command switches 6-10

member switches 6-12

switch clusters 6-12

access lists

See ACLs

access ports

and Layer 2 protocol tunneling 19-10

defined 13-2

in switch clusters 6-8

accounting

with 802.1x 10-48

with IEEE 802.1x 10-14

with RADIUS 9-35

with TACACS+ 9-11, 9-17

ACEs

and QoS 37-7

defined 36-2

Ethernet 36-2

IP 36-2

ACLs

ACEs 36-2

any keyword 36-11

applying

time ranges to 36-15

to an interface 36-18, 43-7

to IPv6 interfaces 43-7

to QoS 37-7

classifying traffic for QoS 37-42

comments in 36-17

compiling 36-21

defined 36-1, 36-5

examples of 36-21, 37-42

extended IP, configuring for QoS classification 37-43

extended IPv4

creating 36-8

matching criteria 36-5

hardware and software handling 36-20

host keyword 36-11

IP

creating 36-5

fragments and QoS guidelines 37-32

implicit deny 36-8, 36-13, 36-15

implicit masks 36-8

matching criteria 36-5

undefined 36-20

IPv4

applying to interfaces 36-18

creating 36-5

matching criteria 36-5

named 36-13

numbers 36-6

terminal lines, setting on 36-18

unsupported features 36-5

IPv6

applying to interfaces 43-7

configuring 43-3, 43-4

displaying 43-8

interactions with other features 43-4

limitations 43-2, 43-3

matching criteria 43-3

named 43-2

precedence of 43-2

supported 43-2

unsupported features 43-3

logging messages 36-7

MAC extended 36-26, 37-44

matching 36-5, 36-19, 43-3

monitoring 36-29, 43-8

named, IPv4 36-13

named, IPv6 43-2

names 43-4

number per QoS class map 37-32

port 43-1

QoS 37-7, 37-42

resequencing entries 36-13

router 43-1

standard IP, configuring for QoS classification 37-42

standard IPv4

creating 36-7

matching criteria 36-5

support for 1-7

support in hardware 36-20

time ranges 36-15

types supported 36-2

unsupported features, IPv4 36-5

unsupported features, IPv6 43-3

active link 24-4, 24-5, 24-6

active links 24-2

active router 44-1

active traffic monitoring, IP SLAs 45-1

addresses

displaying the MAC address table 8-23

dynamic

accelerated aging 20-8

changing the aging time 8-14

default aging 20-8

defined 8-12

learning 8-13

removing 8-15

IPv6 40-2

MAC, discovering 8-23

multicast

STP address management 20-8

static

adding and removing 8-19

defined 8-12

address resolution 8-23, 39-8

Address Resolution Protocol

See ARP

adjacency tables, with CEF 39-87

administrative distances

defined 39-99

OSPF 39-30

routing protocol defaults 39-89

administrative VLAN

REP, configuring 23-8

administrative VLAN, REP 23-8

advertisements

CDP 30-1

LLDP 29-1, 29-2

RIP 39-18

VTP 15-16, 16-3

age timer, REP 23-8

aggregatable global unicast addresses 40-3

aggregate addresses, BGP 39-57

aggregated ports

See EtherChannel

aggregate policers 37-57

aggregate policing 1-11

aging, accelerating 20-8

aging time

accelerated

for MSTP 21-23

for STP 20-8, 20-21

MAC address table 8-14

maximum

for MSTP 21-23, 21-24

for STP 20-21, 20-22

alarm profiles

configuring 3-12

creating or modifying 3-11

alarms

displaying 3-13

power supply 3-2

temperature 3-2

alarms, RMON 32-3

allowed-VLAN list 15-18

application engines, redirecting traffic to 47-1

area border routers

See ABRs

area routing

IS-IS 39-62

ISO IGRP 39-62

ARP

configuring 39-9

defined 1-4, 8-23, 39-8

encapsulation 39-10

static cache configuration 39-9

table

address resolution 8-23

managing 8-23

ASBRs 39-24

AS-path filters, BGP 39-52

associating the temperature alarms to a relay 3-9

asymmetrical links, and IEEE 802.1Q tunneling 19-4

attaching an alarm profile to a port 3-12

attributes, RADIUS

vendor-proprietary 9-38

vendor-specific 9-36

attribute-value pairs 10-12, 10-15, 10-20

authentication

EIGRP 39-38

HSRP 44-10

local mode with AAA 9-44

open1x 10-29

RADIUS

key 9-28

login 9-30

TACACS+

defined 9-11

key 9-13

login 9-14

See also port-based authentication

authentication compatibility with Catalyst 6000 switches 10-8

authentication failed VLAN

See restricted VLAN

authentication keys, and routing protocols 39-99

authentication manager

CLI commands 10-9

compatibility with older 802.1x CLI commands 10-9 to ??

overview 10-7

authoritative time source, described 8-2

authorization

with RADIUS 9-34

with TACACS+ 9-11, 9-16

authorized ports with IEEE 802.1x 10-10

autoconfiguration 4-3

auto enablement 10-30

automatic discovery

considerations

beyond a noncandidate device 6-7

brand new switches 6-8

connectivity 6-4

different VLANs 6-6

management VLANs 6-7

non-CDP-capable devices 6-6

noncluster-capable devices 6-6

in switch clusters 6-4

See also CDP

automatic QoS

See QoS

auto-MDIX

configuring 13-20

described 13-19

autonegotiation

duplex mode 1-2

interface configuration guidelines 13-17

mismatches 36-4

autonomous system boundary routers

See ASBRs

autonomous systems, in BGP 39-45

autosensing, port speed 1-2

Auto Smartports macros

displaying 14-5

auxiliary VLAN

See voice VLAN

availability, features 1-5

B

BackboneFast

described 22-5

disabling 22-14

enabling 22-13

backup interfaces

See Flex Links

backup links 24-2

backup static routing, configuring 46-11

banners

configuring

login 8-12

message-of-the-day login 8-11

default configuration 8-10

when displayed 8-10

Berkeley r-tools replacement 9-56

BGP

aggregate addresses 39-57

aggregate routes, configuring 39-57

CIDR 39-57

clear commands 39-61

community filtering 39-54

configuring neighbors 39-55

default configuration 39-43

described 39-42

enabling 39-45

monitoring 39-61

multipath support 39-49

neighbors, types of 39-45

path selection 39-49

peers, configuring 39-55

prefix filtering 39-53

resetting sessions 39-48

route dampening 39-60

route maps 39-51

route reflectors 39-59

routing domain confederation 39-58

routing session with multi-VRF CE 39-81

show commands 39-61

supernets 39-57

support for 1-11

Version 4 39-42

binding cluster group and HSRP group 44-12

binding database

address, DHCP server

See DHCP, Cisco IOS server database

DHCP snooping

See DHCP snooping binding database

bindings

address, Cisco IOS DHCP server 25-7

DHCP snooping database 25-7

IP source guard 25-16

binding table, DHCP snooping

See DHCP snooping binding database

blocking packets 27-6

Boolean expressions in tracked lists 46-4

booting

boot loader, function of 4-2

boot process 4-1

manually 4-18

specific image 4-19

boot loader

accessing 4-19

described 4-2

environment variables 4-19

prompt 4-19

trap-door mechanism 4-2

Border Gateway Protocol

See BGP

BPDU

error-disabled state 22-2

filtering 22-3

RSTP format 21-12

BPDU filtering

described 22-3

disabling 22-12

enabling 22-12

support for 1-6

BPDU guard

described 22-2

disabling 22-12

enabling 22-11

support for 1-6

bridge groups

See fallback bridging

bridge protocol data unit

See BPDU

broadcast flooding 39-16

broadcast packets

directed 39-13

flooded 39-13

broadcast storm-control command 27-4

broadcast storms 27-1, 39-13

C

cables, monitoring for unidirectional links 31-1

candidate switch

automatic discovery 6-4

defined 6-3

requirements 6-3

See also command switch, cluster standby group, and member switch

Catalyst 6000 switches

authentication compatibility 10-8

CA trustpoint

configuring 9-53

defined 9-50

CDP

and trusted boundary 37-38

automatic discovery in switch clusters 6-4

configuring 30-2

default configuration 30-2

defined with LLDP 29-1

described 30-1

disabling for routing device 30-4

enabling and disabling

on an interface 30-4

on a switch 30-4

Layer 2 protocol tunneling 19-7

monitoring 30-5

overview 30-1

power negotiation extensions 13-4

support for 1-4

transmission timer and holdtime, setting 30-3

updates 30-3

CEF

defined 39-86

enabling 39-87

IPv6 40-18

CGMP

switch support of 1-3

CIDR 39-57

CipherSuites 9-52

Cisco 7960 IP Phone 17-1

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco intelligent power management 13-4

Cisco IOS DHCP server

See DHCP, Cisco IOS DHCP server

Cisco IOS File System

See IFS

Cisco IOS IP SLAs 45-1

Cisco Secure ACS

attribute-value pairs for downloadable ACLs 10-20

attribute-value pairs for redirect URL 10-20

Cisco Secure ACS configuration guide 10-59

Cisco TrustSec

configuring 12-9

connection caching 12-8

Cisco TrustSec caching

clearing 12-9

enabling 12-8

CiscoWorks 2000 1-4, 34-4

CISP 10-30

CIST regional root

See MSTP

CIST root

See MSTP

civic location 29-3

classless interdomain routing

See CIDR

classless routing 39-6

class maps for QoS

configuring 37-45

described 37-7

displaying 37-77

class of service

See CoS

clearing interfaces 13-28

CLI

abbreviating commands 2-4

command modes 2-1

configuration logging 2-5

described 1-3

editing features

enabling and disabling 2-7

keystroke editing 2-8

wrapped lines 2-9

error messages 2-5

filtering command output 2-10

getting help 2-3

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

managing clusters 6-13

no and default forms of commands 2-4

Client Information Signalling Protocol

See CISP

client mode, VTP 16-3

client processes, tracking 46-1

CLNS

See ISO CLNS

clock

See system clock

clusters, switch

accessing 6-12

automatic discovery 6-4

benefits 1-2

compatibility 6-4

described 6-1

LRE profile considerations 6-13

managing

through CLI 6-13

through SNMP 6-14

planning 6-4

planning considerations

automatic discovery 6-4

CLI 6-13

host names 6-12

IP addresses 6-12

LRE profiles 6-13

passwords 6-12

RADIUS 6-13

SNMP 6-13, 6-14

TACACS+ 6-13

See also candidate switch, command switch, cluster standby group, member switch, and standby command switch

cluster standby group

and HSRP group 44-12

automatic recovery 6-11

considerations 6-10

defined 6-2

requirements 6-3

virtual IP address 6-10

CNS 1-4

Configuration Engine

configID, deviceID, hostname 5-3

configuration service 5-2

described 5-1

event service 5-3

embedded agents

described 5-5

enabling automated configuration 5-6

enabling configuration agent 5-9

enabling event agent 5-7

management functions 1-4

CoA Request Commands 9-24

command-line interface

See CLI

command modes 2-1

commands

abbreviating 2-4

no and default 2-4

commands, setting privilege levels 9-8

command switch

accessing 6-10

configuration conflicts 36-4

defined 6-1

password privilege levels 6-14

recovery

from lost member connectivity 36-4

requirements 6-3

See also candidate switch, cluster standby group, member switch, and standby command switch

community list, BGP 39-54

community ports 18-2

community strings

configuring 6-13, 34-9

in clusters 6-13

overview 34-4

SNMP 6-13

community VLANs 18-2, 18-3

compatibility, feature 27-11

config.text 4-17

configuration, initial

defaults 1-13

configuration changes, logging 33-10

configuration conflicts, recovering from lost member connectivity 36-4

configuration examples, network 1-16

configuration files

archiving A-19

clearing the startup configuration A-19

creating using a text editor A-10

default name 4-17

deleting a stored configuration A-19

described A-9

downloading

automatically 4-17

preparing A-10, A-13, A-16

reasons for A-9

using FTP A-13

using RCP A-17

using TFTP A-11

guidelines for creating and using A-9

guidelines for replacing and rolling back A-20

invalid combinations when copying A-6

limiting TFTP server access 34-17

obtaining with DHCP 4-9

password recovery disable considerations 9-5

replacing a running configuration A-19, A-20

rolling back a running configuration A-19, A-20

specifying the filename 4-17

system contact and location information 34-17

types and location A-10

uploading

preparing A-10, A-13, A-16

reasons for A-9

using FTP A-14

using RCP A-18

using TFTP A-12

configuration guidelines

REP 23-7

configuration guidelines, multi-VRF CE 39-74

configuration logger 33-10

configuration logging 2-5

configuration replacement A-19

configuration rollback A-19

configuration settings, saving 4-15

configure terminal command 13-10

configuring 802.1x user distribution 10-55

configuring port-based authentication violation modes 10-38 to 10-39

config-vlan mode 2-2

conflicts, configuration 36-4

connections, secure remote 9-46

connectivity problems 36-6, 36-8

consistency checks in VTP Version 2 16-4

console port, connecting to 2-10

content-routing technology

See WCCP

control protocol, IP SLAs 45-4

convergence

REP 23-4

corrupted software, recovery steps with Xmodem 36-2

CoS

override priority 17-6

trust priority 17-6

CoS input queue threshold map for QoS 37-15

CoS output queue threshold map for QoS 37-17

CoS-to-DSCP map for QoS 37-60

counters, clearing interface 13-28

CPU utilization, troubleshooting 36-15

crashinfo file 36-14

critical authentication, IEEE 802.1x 10-51

critical VLAN 10-23

cryptographic software image

Kerberos 9-40

SSH 9-45

SSL 9-50

CTS

configuring 12-9

customer edge devices 39-72

customjzeable web pages, web-based authentication 11-5

D

DACL

See downloadable ACL

daylight saving time 8-6

debugging

enabling all system diagnostics 36-12

enabling for a specific feature 36-11

redirecting error message output 36-12

using commands 36-11

default commands 2-4

default configuration

802.1x 10-33

auto-QoS 37-19

banners 8-10

BGP 39-43

booting 4-17

CDP 30-2

DHCP 25-9

DHCP option 82 25-9

DHCP snooping 25-9

DHCP snooping binding database 25-9

DNS 8-9

dynamic ARP inspection 26-5

EIGRP 39-34

EtherChannel 38-9

Ethernet interfaces 13-14

fallback bridging 48-3

Flex Links 24-8

HSRP 44-5

IEEE 802.1Q tunneling 19-4

IGMP snooping 42-5, 42-6

initial switch information 4-3

IP addressing, IP routing 39-4

IP SLAs 45-6

IP source guard 25-17

IPv6 40-10

IS-IS 39-63

Layer 2 interfaces 13-14

Layer 2 protocol tunneling 19-11

LLDP 29-5

MAC address table 8-14

MAC address-table move update 24-8

MSTP 21-14

multi-VRF CE 39-74

optional spanning-tree configuration 22-9

OSPF 39-25

password and privilege level 9-2

private VLANs 18-6

RADIUS 9-27

REP 23-7

RIP 39-19

RMON 32-3

RSPAN 28-9

SDM template 7-3

SNMP 34-7

SPAN 28-9

SSL 9-52

standard QoS 37-29

STP 20-11

system message logging 33-3

system name and prompt 8-8

TACACS+ 9-13

UDLD 31-4

VLAN, Layer 2 Ethernet interfaces 15-16

VLANs 15-6

VMPS 15-25

voice VLAN 17-3

VTP 16-7

WCCP 47-5

default gateway 4-15, 39-11

default networks 39-90

default router preference

See DRP

default routes 39-89

default routing 39-2

default web-based authentication configuration

802.1X 11-9

deleting VLANs 15-8

denial-of-service attack 27-1

description command 13-23

designing your network, examples 1-16

destination addresses

in IPv4 ACLs 36-10

in IPv6 ACLs 43-5

destination-IP address-based forwarding, EtherChannel 38-7

destination-MAC address forwarding, EtherChannel 38-7

detecting indirect link failures, STP 22-5

device A-23

device discovery protocol 29-1, 30-1

device manager

benefits 1-2

described 1-2, 1-3

in-band management 1-5

upgrading a switch A-23

DHCP

Cisco IOS server database

configuring 25-14

default configuration 25-9

described 25-7

DHCP for IPv6

See DHCPv6

enabling

relay agent 25-11

DHCP-based autoconfiguration

client request message exchange 4-4

configuring

client side 4-4

DNS 4-8

relay device 4-8

server side 4-6

TFTP server 4-7

example 4-9

lease options

for IP address information 4-6

for receiving the configuration file 4-7

overview 4-3

relationship to BOOTP 4-4

relay support 1-4, 1-12

support for 1-4

DHCP-based autoconfiguration and image update

configuring 4-11 to 4-14

understanding 4-5 to 4-6

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP object tracking, configuring primary interface 46-10

DHCP option 82

circuit ID suboption 25-5

configuration guidelines 25-9

default configuration 25-9

displaying 25-15

forwarding address, specifying 25-11

helper address 25-11

overview 25-4

packet format, suboption

circuit ID 25-5

remote ID 25-5

remote ID suboption 25-5

DHCP server port-based address allocation

configuration guidelines 25-27

default configuration 25-27

described 25-26

displaying 25-30

enabling 25-27

reserved addresses 25-28

DHCP server port-based address assignment

support for 1-4

DHCP snooping

accepting untrusted packets form edge switch 25-3, 25-13

binding database

See DHCP snooping binding database

configuration guidelines 25-9

default configuration 25-9

displaying binding tables 25-15

message exchange process 25-4

option 82 data insertion 25-4

trusted interface 25-2

untrusted interface 25-2

untrusted messages 25-2

DHCP snooping binding database

adding bindings 25-14

binding file

format 25-8

location 25-7

bindings 25-7

clearing agent statistics 25-15

configuration guidelines 25-10

configuring 25-14

default configuration 25-9

deleting

binding file 25-15

bindings 25-15

database agent 25-15

described 25-7

displaying 25-15

binding entries 25-15

status and statistics 25-15

enabling 25-14

entry 25-7

renewing database 25-15

resetting

delay value 25-15

timeout value 25-15

DHCP snooping binding table

See DHCP snooping binding database

DHCPv6

configuration guidelines 40-15

default configuration 40-15

described 40-6

enabling client function 40-17

enabling DHCPv6 server function 40-15

support for 1-12

Differentiated Services architecture, QoS 37-1

Differentiated Services Code Point 37-2

Diffusing Update Algorithm (DUAL) 39-33

directed unicast requests 1-4

directories

changing A-4

creating and removing A-5

displaying the working A-4

discovery, clusters

See automatic discovery

displaying switch alarms 3-13

Distance Vector Multicast Routing Protocol

See DVMRP

distance-vector protocols 39-3

distribute-list command 39-98

DNS

and DHCP-based autoconfiguration 4-8

default configuration 8-9

displaying the configuration 8-10

in IPv6 40-3

overview 8-8

setting up 8-9

support for 1-4

domain names

DNS 8-8

VTP 16-8

Domain Name System

See DNS

domains, ISO IGRP routing 39-62

dot1q-tunnel switchport mode 15-15

double-tagged packets

IEEE 802.1Q tunneling 19-2

Layer 2 protocol tunneling 19-10

downloadable ACL 10-18, 10-20, 10-59

downloading

configuration files

preparing A-10, A-13, A-16

reasons for A-9

using FTP A-13

using RCP A-17

using TFTP A-11

image files

deleting old image A-26

preparing A-24, A-28, A-32

reasons for A-23

using FTP A-29

using HTTP A-23

using RCP A-33

using TFTP A-25

using the device manager or Network Assistant A-23

drop threshold for Layer 2 protocol packets 19-11

DRP

configuring 40-13

described 40-4

IPv6 40-4

support for 1-12

DSCP 1-10, 37-2

DSCP input queue threshold map for QoS 37-15

DSCP output queue threshold map for QoS 37-17

DSCP-to-CoS map for QoS 37-63

DSCP-to-DSCP-mutation map for QoS 37-64

DSCP transparency 37-39

DTP 1-6, 15-14

dual-action detection 38-5

DUAL finite state machine, EIGRP 39-34

dual IPv4 and IPv6 templates 7-2, 40-5

dual protocol stacks

IPv4 and IPv6 40-5

SDM templates supporting 40-6

dual-purpose uplinks

defined 13-4

LEDs 13-4

link selection 13-4, 13-15

setting the type 13-15

DVMRP

support for 1-12

dynamic access ports

characteristics 15-3

configuring 15-26

defined 13-3

dynamic addresses

See addresses

dynamic ARP inspection

ARP cache poisoning 26-1

ARP requests, described 26-1

ARP spoofing attack 26-1

clearing

log buffer 26-15

statistics 26-15

configuration guidelines 26-5

configuring

ACLs for non-DHCP environments 26-8

in DHCP environments 26-7

log buffer 26-12

rate limit for incoming ARP packets 26-4, 26-10

default configuration 26-5

denial-of-service attacks, preventing 26-10

described 26-1

DHCP snooping binding database 26-2

displaying

ARP ACLs 26-14

configuration and operating state 26-14

log buffer 26-15

statistics 26-15

trust state and rate limit 26-14

error-disabled state for exceeding rate limit 26-4

function of 26-2

interface trust states 26-3

log buffer

clearing 26-15

configuring 26-12

displaying 26-15

logging of dropped packets, described 26-4

man-in-the middle attack, described 26-2

network security issues and interface trust states 26-3

priority of ARP ACLs and DHCP snooping entries 26-4

rate limiting of ARP packets

configuring 26-10

described 26-4

error-disabled state 26-4

statistics

clearing 26-15

displaying 26-15

validation checks, performing 26-11

dynamic auto trunking mode 15-15

dynamic desirable trunking mode 15-15

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described 15-24

reconfirming 15-27

troubleshooting 15-29

types of connections 15-26

dynamic routing 39-3

ISO CLNS 39-62

Dynamic Trunking Protocol

See DTP

E

EBGP 39-41

editing features

enabling and disabling 2-7

keystrokes used 2-8

wrapped lines 2-9

EIGRP

authentication 39-38

components 39-34

configuring 39-36

default configuration 39-34

definition 39-33

interface parameters, configuring 39-37

monitoring 39-40

stub routing 39-39

ELIN location 29-3

embedded event manager

actions 35-4

configuring 35-1, 35-5

displaying information 35-7

environmental variables 35-4

event detectors 35-2

policies 35-4

registering and defining an applet 35-5

registering and defining a TCL script 35-6

understanding 35-1

enable password 9-3

enable secret password 9-3

enabling SNMP traps 3-13

encryption, CipherSuite 9-52

encryption for passwords 9-3

Enhanced IGRP

See EIGRP

enhanced object tracking

backup static routing 46-11

commands 46-1

defined 46-1

DHCP primary interface 46-10

HSRP 46-7

IP routing state 46-2

IP SLAs 46-9

line-protocol state 46-2

network monitoring with IP SLAs 46-11

routing policy, configuring 46-11

static route primary interface 46-10

tracked lists 46-3

enhanced object tracking static routing 46-10

environmental variables, embedded event manager 35-4

environment variables, function of 4-20

equal-cost routing 1-12, 39-88

error-disabled state, BPDU 22-2

error messages during command entry 2-5

EtherChannel

automatic creation of 38-4, 38-5

channel groups

binding physical and logical interfaces 38-3

numbering of 38-3

configuration guidelines 38-9

configuring

Layer 2 interfaces 38-10

default configuration 38-9

described 38-2

displaying status 38-17

forwarding methods 38-7, 38-13

IEEE 802.3ad, described 38-5

interaction

with STP 38-10

with VLANs 38-10

LACP

described 38-5

displaying status 38-17

hot-standby ports 38-15

interaction with other features 38-6

modes 38-6

port priority 38-16

system priority 38-16

Layer 3 interface 39-3

load balancing 38-7, 38-13

logical interfaces, described 38-3

PAgP

aggregate-port learners 38-14

compatibility with Catalyst 1900 38-14

described 38-4

displaying status 38-17

interaction with other features 38-5

interaction with virtual switches 38-5

learn method and priority configuration 38-14

modes 38-4

support for 1-3

with dual-action detection 38-5

port-channel interfaces

described 38-3

numbering of 38-3

port groups 13-3

support for 1-2

EtherChannel guard

described 22-7

disabling 22-14

enabling 22-14

Ethernet VLANs

adding 15-7

defaults and ranges 15-7

modifying 15-7

EUI 40-3

event detectors, embedded event manager 35-2

events, RMON 32-3

examples

network configuration 1-16

expedite queue for QoS 37-75

See also getting started guide

extended crashinfo file 36-14

extended-range VLANs

configuration guidelines 15-10

configuring 15-10

creating 15-11

creating with an internal VLAN ID 15-12

defined 15-1

extended system ID

MSTP 21-17

STP 20-4, 20-14

extended universal identifier

See EUI

Extensible Authentication Protocol over LAN 10-1

external BGP

See EBGP

external neighbors, BGP 39-45

F

fa0 interface 1-5

fallback bridging

and protected ports 48-3

bridge groups

creating 48-3

described 48-1

displaying 48-10

function of 48-2

number supported 48-4

removing 48-4

bridge table

clearing 48-10

displaying 48-10

configuration guidelines 48-3

default configuration 48-3

described 48-1

frame forwarding

flooding packets 48-2

forwarding packets 48-2

overview 48-1

protocol, unsupported 48-3

STP

disabling on an interface 48-9

forward-delay interval 48-8

hello BPDU interval 48-7

interface priority 48-6

maximum-idle interval 48-8

path cost 48-6

VLAN-bridge spanning-tree priority 48-5

VLAN-bridge STP 48-2

support for 1-12

SVIs and routed ports 48-1

unsupported protocols 48-3

VLAN-bridge STP 20-10

Fast Convergence 24-3

FCS bit error rate alarm

configuring 3-10

defined 3-3

FCS error hysteresis threshold 3-2

features, incompatible 27-11

FIB 39-86

fiber-optic, detecting unidirectional links 31-1

files

basic crashinfo

description 36-14

location 36-14

copying A-5

crashinfo, description 36-14

deleting A-6

displaying the contents of A-8

extended crashinfo

description 36-14

location 36-15

tar

creating A-7

displaying the contents of A-7

extracting A-8

image file format A-23

file system

displaying available file systems A-1

displaying file information A-4

local file system names A-1

network file system names A-5

setting the default A-3

filtering

IPv6 traffic 43-3, 43-7

non-IP traffic 36-26

show and more command output 2-10

filtering show and more command output 2-10

filters, IP

See ACLs, IP

flash device, number of A-1

flexible authentication ordering

configuring 10-62

overview 10-28

Flex Link Multicast Fast Convergence 24-3

Flex Links

configuration guidelines 24-8

configuring 24-9

configuring preferred VLAN 24-12

configuring VLAN load balancing 24-11

default configuration 24-8

description 24-1

link load balancing 24-2

monitoring 24-15

VLANs 24-2

flooded traffic, blocking 27-7

flow-based packet classification 1-10

flowcharts

QoS classification 37-6

QoS egress queueing and scheduling 37-16

QoS ingress queueing and scheduling 37-14

QoS policing and marking 37-10

flowcontrol

configuring 13-19

described 13-18

forward-delay time

MSTP 21-23

STP 20-21

Forwarding Information Base

See FIB

forwarding nonroutable protocols 48-1

FTP

configuration files

downloading A-13

overview A-12

preparing the server A-13

uploading A-14

image files

deleting old image A-30

downloading A-29

preparing the server A-28

uploading A-30

G

general query 24-5

Generating IGMP Reports 24-3

get-bulk-request operation 34-3

get-next-request operation 34-3, 34-4

get-request operation 34-3, 34-4

get-response operation 34-3

global configuration mode 2-2

global status monitoring alarms 3-2

guest VLAN and 802.1x 10-21

GUIs

See device manager and Network Assistant

H

hello time

MSTP 21-22

STP 20-20

help, for the command line 2-3

hierarchical policy maps 37-8

configuration guidelines 37-32

configuring 37-51

described 37-11

history

changing the buffer size 2-6

described 2-6

disabling 2-7

recalling commands 2-6

history table, level and number of syslog messages 33-10

host names, in clusters 6-12

host ports

configuring 18-11

kinds of 18-2

hosts, limit on dynamic ports 15-29

Hot Standby Router Protocol

See HSRP

HP OpenView 1-4

HSRP

authentication string 44-10

automatic cluster recovery 6-11

binding to cluster group 44-12

cluster standby group considerations 6-10

command-switch redundancy 1-5

configuring 44-4

default configuration 44-5

definition 44-1

guidelines 44-6

monitoring 44-13

object tracking 46-7

overview 44-1

priority 44-8

routing redundancy 1-11

support for ICMP redirect messages 44-12

timers 44-11

tracking 44-8

HSRP for IPv6

configuring 40-24

guidelines 40-23

HTTP over SSL

see HTTPS

HTTPS 9-50

configuring 9-54

self-signed certificate 9-51

HTTP secure server 9-50

I

IBPG 39-41

ICMP

IPv6 40-4

redirect messages 39-11

support for 1-12

time-exceeded messages 36-8

traceroute and 36-8

unreachable messages 36-19

unreachable messages and IPv6 43-4

unreachables and ACLs 36-20

ICMP Echo operation

configuring 45-12

IP SLAs 45-11

ICMP ping

overview 36-6

ICMP Router Discovery Protocol

See IRDP

ICMPv6 40-4

IDS appliances

and ingress RSPAN 28-20

and ingress SPAN 28-13

IEEE 802.1D

See STP

IEEE 802.1p 17-1

IEEE 802.1Q

and trunk ports 13-3

configuration limitations 15-15

native VLAN for untagged traffic 15-19

tunneling

compatibility with other features 19-5

defaults 19-4

described 19-1

tunnel ports with other features 19-6

IEEE 802.1s

See MSTP

IEEE 802.1w

See RSTP

IEEE 802.1x

See port-based authentication

IEEE 802.3ad

See EtherChannel

IEEE 802.3x flow control 13-18

ifIndex values, SNMP 34-5

IFS 1-4

IGMP

leave processing, enabling 42-8

report suppression

disabling 42-10

support for 1-3

IGMP filtering

support for 1-3

IGMP helper 1-3

IGMP snooping

default configuration 42-5, 42-6

enabling and disabling 42-6

monitoring 42-11

support for 1-3

IGP 39-24

Immediate Leave, IGMP

enabling 42-8

inaccessible authentication bypass 10-23

support for multiauth ports 10-23

initial configuration

defaults 1-13

interface

number 13-9

range macros 13-12

interface command 13-9 to 13-10

interface configuration

REP 23-9

interface configuration mode 2-3

interfaces

auto-MDIX, configuring 13-19

configuration guidelines

duplex and speed 13-17

configuring

procedure 13-10

counters, clearing 13-28

default configuration 13-14

described 13-23

descriptive name, adding 13-23

displaying information about 13-26

flow control 13-18

management 1-3

monitoring 13-26

naming 13-23

physical, identifying 13-9

range of 13-10

restarting 13-28

shutting down 13-28

speed and duplex, configuring 13-17

status 13-26

supported 13-9

types of 13-1

interfaces range macro command 13-12

interface types 13-9

Interior Gateway Protocol

See IGP

internal BGP

See IBGP

internal neighbors, BGP 39-45

Internet Control Message Protocol

See ICMP

Internet Protocol version 6

See IPv6

inter-VLAN routing 1-11, 39-2

Intrusion Detection System

See IDS appliances

inventory management TLV 29-3, 29-8

IP ACLs

for QoS classification 37-7

implicit deny 36-8, 36-13

implicit masks 36-8

named 36-13

undefined 36-20

IP addresses

128-bit 40-2

candidate or member 6-3, 6-12

classes of 39-5

cluster access 6-2

command switch 6-3, 6-10, 6-12

default configuration 39-4

discovering 8-23

for IP routing 39-4

IPv6 40-2

MAC address association 39-8

monitoring 39-17

redundant clusters 6-10

standby command switch 6-10, 6-12

See also IP information

IP broadcast address 39-15

ip cef distributed command 39-87

IP directed broadcasts 39-13

IP information

assigned

manually 4-14

through DHCP-based autoconfiguration 4-3

default configuration 4-3

IP phones

and QoS 17-1

automatic classification and queueing 37-18

configuring 17-4

ensuring port security with QoS 37-37

trusted boundary for QoS 37-37

IP Port Security for Static Hosts

on a Layer 2 access port 25-19

on a PVLAN host port 25-24

IP precedence 37-2

IP-precedence-to-DSCP map for QoS 37-61

IP protocols

in ACLs 36-10

routing 1-11

IP routes, monitoring 39-100

IP routing

disabling 39-18

enabling 39-18

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 45-1

IP SLAs

benefits 45-2

configuration guidelines 45-6

configuring object tracking 46-9

Control Protocol 45-4

default configuration 45-6

definition 45-1

ICMP echo operation 45-11

measuring network performance 45-3

monitoring 45-13

multioperations scheduling 45-5

object tracking 46-9

operation 45-3

reachability tracking 46-9

responder

described 45-4

response time 45-4

scheduling 45-5

SNMP support 45-2

supported metrics 45-2

threshold monitoring 45-6

track object monitoring agent, configuring 46-11

track state 46-9

UDP jitter operation 45-9

IP source guard

and 802.1x 25-18

and DHCP snooping 25-15

and EtherChannels 25-18

and port security 25-18

and private VLANs 25-18

and routed ports 25-17

and TCAM entries 25-18

and trunk interfaces 25-18

and VRF 25-18

binding configuration

automatic 25-16

manual 25-16

binding table 25-16

configuration guidelines 25-17

default configuration 25-17

described 25-15

disabling 25-19

displaying

active IP or MAC bindings 25-26

bindings 25-26

configuration 25-26

enabling 25-18, 25-19

filtering

source IP address 25-16

source IP and MAC address 25-16

source IP address filtering 25-16

source IP and MAC address filtering 25-16

static bindings

adding 25-18, 25-19

deleting 25-19

static hosts 25-19

IP traceroute

executing 36-9

overview 36-8

IP unicast routing

address resolution 39-8

administrative distances 39-89, 39-99

ARP 39-8

assigning IP addresses to Layer 3 interfaces 39-5

authentication keys 39-99

broadcast

address 39-15

flooding 39-16

packets 39-13

storms 39-13

classless routing 39-6

configuring static routes 39-88

default

addressing configuration 39-4

gateways 39-11

networks 39-90

routes 39-89

routing 39-2

directed broadcasts 39-13

disabling 39-18

dynamic routing 39-3

enabling 39-18

EtherChannel Layer 3 interface 39-3

IGP 39-24

inter-VLAN 39-2

IP addressing

classes 39-5

configuring 39-4

IRDP 39-11

Layer 3 interfaces 39-3

MAC address and IP address 39-8

passive interfaces 39-97

protocols

distance-vector 39-3

dynamic 39-3

link-state 39-3

proxy ARP 39-8

redistribution 39-90

reverse address resolution 39-8

routed ports 39-3

static routing 39-3

steps to configure 39-4

subnet mask 39-5

subnet zero 39-6

supernet 39-6

UDP 39-14

with SVIs 39-3

See also BGP

See also EIGRP

See also OSPF

See also RIP

IPv4 ACLs

applying to interfaces 36-18

extended, creating 36-8

named 36-13

standard, creating 36-7

IPv4 and IPv6

dual protocol stacks 40-5

IPv6

ACLs

displaying 43-8

limitations 43-2

matching criteria 43-3

port 43-1

precedence 43-2

router 43-1

supported 43-2

addresses 40-2

address formats 40-2

applications 40-5

assigning address 40-10

autoconfiguration 40-4

CEFv6 40-18

configuring static routes 40-19

default configuration 40-10

default router preference (DRP) 40-4

defined 40-1

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 40-7

EIGRP IPv6 Commands 40-7

Router ID 40-7

feature limitations 40-9

features not supported 40-8

forwarding 40-10

ICMP 40-4

monitoring 40-26

neighbor discovery 40-4

OSPF 40-7

path MTU discovery 40-4

SDM templates 7-2, 42-1, 43-1

Stateless Autoconfiguration 40-4

supported features 40-2

switch limitations 40-9

understanding static routes 40-6

IPv6 traffic, filtering 43-3

IRDP

configuring 39-12

definition 39-11

support for 1-12

IS-IS

addresses 39-62

area routing 39-62

default configuration 39-63

monitoring 39-71

show commands 39-71

system routing 39-62

ISO CLNS

clear commands 39-71

dynamic routing protocols 39-62

monitoring 39-71

NETs 39-62

NSAPs 39-62

OSI standard 39-62

ISO IGRP

area routing 39-62

system routing 39-62

isolated port 18-2

isolated VLANs 18-2, 18-3

K

KDC

described 9-41

See also Kerberos

Kerberos

authenticating to

boundary switch 9-43

KDC 9-43

network services 9-44

configuration examples 9-40

configuring 9-44

credentials 9-41

cryptographic software image 9-40

described 9-41

KDC 9-41

operation 9-43

realm 9-42

server 9-42

support for 1-9

switch as trusted third party 9-40

terms 9-41

TGT 9-42

tickets 9-41

key distribution center

See KDC

L

l2protocol-tunnel command 19-12

LACP

Layer 2 protocol tunneling 19-9

See EtherChannel

Layer 2 frames, classification with CoS 37-2

Layer 2 interfaces, default configuration 13-14

Layer 2 protocol tunneling

configuring 19-10

configuring for EtherChannels 19-14

default configuration 19-11

defined 19-8

guidelines 19-11

Layer 2 traceroute

and ARP 36-7

and CDP 36-7

broadcast traffic 36-7

described 36-7

IP addresses and subnets 36-7

MAC addresses and VLANs 36-7

multicast traffic 36-7

multiple devices on a port 36-8

unicast traffic 36-7

usage guidelines 36-7

Layer 3 features 1-11

Layer 3 interfaces

assigning IP addresses to 39-5

assigning IPv4 and IPv6 addresses to 40-14

assigning IPv6 addresses to 40-11

changing from Layer 2 mode 39-5, 39-79

types of 39-3

Layer 3 packets, classification methods 37-2

LDAP 5-2

Leaking IGMP Reports 24-4

LEDs, switch

See hardware installation guide

lightweight directory access protocol

See LDAP

line configuration mode 2-3

Link Aggregation Control Protocol

See EtherChannel

link failure, detecting unidirectional 21-7

link fault alarm 3-3

link integrity, verifying with REP 23-3

Link Layer Discovery Protocol

See CDP

link local unicast addresses 40-3

link redundancy

See Flex Links

links, unidirectional 31-1

link state advertisements (LSAs) 39-29

link-state protocols 39-3

link-state tracking

configuring 38-20

described 38-18

LLDP

configuring 29-5

characteristics 29-7

default configuration 29-5

enabling 29-6

monitoring and maintaining 29-12

overview 29-1

supported TLVs 29-2

switch stack considerations 29-2

transmission timer and holdtime, setting 29-7

LLDP-MED

configuring

procedures 29-5

TLVs 29-8

monitoring and maintaining 29-12

overview 29-1, 29-2

supported TLVs 29-2

LLDP Media Endpoint Discovery

See LLDP-MED

load balancing 44-4

local SPAN 28-2

location TLV 29-3, 29-8

logging messages, ACL 36-7

login authentication

with RADIUS 9-30

with TACACS+ 9-14

login banners 8-10

log messages

See system message logging

loop guard

described 22-9

enabling 22-15

support for 1-6

LRE profiles, considerations in switch clusters 6-13

M

MAB

See MAC authentication bypass

MAB aging timer 1-7

MAB inactivity timer

default setting 10-33

range 10-36

MAC/PHY configuration status TLV 29-2

MAC addresses

aging time 8-14

and VLAN association 8-13

building the address table 8-13

default configuration 8-14

disabling learning on a VLAN 8-22

discovering 8-23

displaying 8-23

displaying in the IP source binding table 25-26

dynamic

learning 8-13

removing 8-15

in ACLs 36-26

IP address association 39-8

static

adding 8-20

allowing 8-21, 8-22

characteristics of 8-19

dropping 8-21

removing 8-20

MAC address learning 1-4

MAC address learning, disabling on a VLAN 8-22

MAC address notification, support for 1-12

MAC address-table move update

configuration guidelines 24-8

configuring 24-12

default configuration 24-8

description 24-6

monitoring 24-15

MAC address-to-VLAN mapping 15-24

MAC authentication bypass 10-35

configuring 10-55

overview 10-16

See MAB

MAC extended access lists

applying to Layer 2 interfaces 36-28

configuring for QoS 37-44

creating 36-26

defined 36-26

for QoS classification 37-5

magic packet 10-25

manageability features 1-4

management access

in-band

browser session 1-5

CLI session 1-5

device manager 1-5

SNMP 1-5

out-of-band console port connection 1-5

management address TLV 29-2

management options

CLI 2-1

clustering 1-2

CNS 5-1

overview 1-3

management VLAN

considerations in switch clusters 6-7

discovery through different management VLANs 6-7

manual preemption, REP, configuring 23-13

mapping tables for QoS

configuring

CoS-to-DSCP 37-60

DSCP 37-59

DSCP-to-CoS 37-63

DSCP-to-DSCP-mutation 37-64

IP-precedence-to-DSCP 37-61

policed-DSCP 37-62

described 37-12

marking

action with aggregate policers 37-57

described 37-3, 37-8

matching

IPv6 ACLs 43-3

matching, IPv4 ACLs 36-5

maximum aging time

MSTP 21-23

STP 20-21

maximum hop count, MSTP 21-24

maximum number of allowed devices, port-based authentication 10-36

maximum-paths command 39-49, 39-88

MDA

configuration guidelines 10-12 to 10-13

described 1-8, 10-12

exceptions with authentication process 10-5

membership mode, VLAN port 15-3

member switch

automatic discovery 6-4

defined 6-1

managing 6-13

passwords 6-12

recovering from lost connectivity 36-4

requirements 6-3

See also candidate switch, cluster standby group, and standby command switch

messages, to users through banners 8-10

metrics, in BGP 39-49

metric translations, between routing protocols 39-93

metro tags 19-2

MHSRP 44-4

MIBs

overview 34-1

SNMP interaction with 34-4

mirroring traffic for analysis 28-1

mismatches, autonegotiation 36-4

module number 13-9

monitoring

access groups 36-29

alarms 3-13

BGP 39-61

cables for unidirectional links 31-1

CDP 30-5

CEF 39-87

EIGRP 39-40

fallback bridging 48-10

features 1-12

Flex Links 24-15

HSRP 44-13

IEEE 802.1Q tunneling 19-17

IGMP

snooping 42-11

interfaces 13-26

IP

address tables 39-17

routes 39-100

IP SLAs operations 45-13

IPv4 ACL configuration 36-29

IPv6 40-26

IPv6 ACL configuration 43-8

IS-IS 39-71

ISO CLNS 39-71

Layer 2 protocol tunneling 19-17

MAC address-table move update 24-15

multicast router interfaces 42-11

multi-VRF CE 39-86

network traffic for analysis with probe 28-2

object tracking 46-12

OSPF 39-32

port

blocking 27-20

protection 27-20

private VLANs 18-14

REP 23-13

SFP status 13-26, 36-6

speed and duplex mode 13-18

traffic flowing among switches 32-1

traffic suppression 27-20

tunneling 19-17

VLAN

filters 36-29

maps 36-29

VLANs 15-13

VMPS 15-28

VTP 16-16

mrouter Port 24-3

mrouter port 24-5

MSDP

support for 1-12

MSTP

boundary ports

configuration guidelines 21-15

described 21-6

BPDU filtering

described 22-3

enabling 22-12

BPDU guard

described 22-2

enabling 22-11

CIST, described 21-3

CIST regional root 21-3

CIST root 21-5

configuration guidelines 21-14, 22-10

configuring

forward-delay time 21-23

hello time 21-22

link type for rapid convergence 21-24

maximum aging time 21-23

maximum hop count 21-24

MST region 21-15

neighbor type 21-25

path cost 21-20

port priority 21-19

root switch 21-17

secondary root switch 21-18

switch priority 21-21

CST

defined 21-3

operations between regions 21-3

default configuration 21-14

default optional feature configuration 22-9

displaying status 21-26

enabling the mode 21-15

EtherChannel guard

described 22-7

enabling 22-14

extended system ID

effects on root switch 21-17

effects on secondary root switch 21-18

unexpected behavior 21-17

IEEE 802.1s

implementation 21-6

port role naming change 21-6

terminology 21-5

instances supported 20-9

interface state, blocking to forwarding 22-2

interoperability and compatibility among modes 20-10

interoperability with IEEE 802.1D

described 21-8

restarting migration process 21-25

IST

defined 21-2

master 21-3

operations within a region 21-3

loop guard

described 22-9

enabling 22-15

mapping VLANs to MST instance 21-16

MST region

CIST 21-3

configuring 21-15

described 21-2

hop-count mechanism 21-5

IST 21-2

supported spanning-tree instances 21-2

optional features supported 1-6

overview 21-2

Port Fast

described 22-2

enabling 22-10

preventing root switch selection 22-8

root guard

described 22-8

enabling 22-15

root switch

configuring 21-17

effects of extended system ID 21-17

unexpected behavior 21-17

shutdown Port Fast-enabled port 22-2

status, displaying 21-26

multiauth

support for inaccessible authentication bypass 10-23

multiauth mode

See multiple-authentication mode

multicast groups

static joins 42-7

multicast packets

blocking 27-7

multicast router interfaces, monitoring 42-11

multicast router ports, adding 42-8

Multicast Source Discovery Protocol

See MSDP

multicast storm 27-1

multicast storm-control command 27-4

multidomain authentication

See MDA

multioperations scheduling, IP SLAs 45-5

multiple authentication 10-13

multiple authentication mode

configuring 10-42

Multiple HSRP

See MHSRP

multiple VPN routing/forwarding in customer edge devices

See multi-VRF CE

multi-VRF CE

configuration example 39-82

configuration guidelines 39-74

configuring 39-74

default configuration 39-74

defined 39-72

displaying 39-86

monitoring 39-86

network components 39-74

packet-forwarding process 39-73

support for 1-11

N

NAC

AAA down policy 1-9

critical authentication 10-23, 10-51

IEEE 802.1x authentication using a RADIUS server 10-56

IEEE 802.1x validation using RADIUS server 10-56

inaccessible authentication bypass 1-9, 10-51

Layer 2 IEEE 802.1x validation 1-9, 10-28, 10-56

Layer 2 IP validation 1-9

named IPv4 ACLs 36-13

NameSpace Mapper

See NSM

native VLAN

and IEEE 802.1Q tunneling 19-4

configuring 15-19

default 15-19

NEAT

configuring 10-57

overview 10-29

neighbor discovery, IPv6 40-4

neighbor discovery/recovery, EIGRP 39-34

neighbor offset numbers, REP 23-4

neighbors, BGP 39-55

Network Admission Control

NAC

Network Assistant

benefits 1-2

described 1-3

network configuration examples

increasing network performance 1-16

providing network services 1-16

network design

performance 1-16

services 1-16

Network Edge Access Topology

See NEAT

network management

CDP 30-1

RMON 32-1

SNMP 34-1

network performance, measuring with IP SLAs 45-3

network policy TLV 29-2, 29-8

Network Time Protocol

See NTP

no commands 2-4

nonhierarchical policy maps

configuration guidelines 37-32

described 37-9

non-IP traffic filtering 36-26

nontrunking mode 15-15

normal-range VLANs 15-4

configuration guidelines 15-5

configuring 15-4

defined 15-1

not-so-stubby areas

See NSSA

NSAPs, as ISO IGRP addresses 39-62

NSF Awareness

IS-IS 39-64

NSM 5-3

NSSA, OSPF 39-29

NTP

associations

defined 8-2

overview 8-2

stratum 8-2

support for 1-4

time

services 8-2

synchronizing 8-2

O

object tracking

HSRP 46-7

IP SLAs 46-9

IP SLAs, configuring 46-9

monitoring 46-12

off mode, VTP 16-3

open1x

configuring 10-62

open1x authentication

overview 10-29

Open Shortest Path First

See OSPF

optimizing system resources 7-1

options, management 1-3

OSPF

area parameters, configuring 39-28

configuring 39-26

default configuration

metrics 39-30

route 39-30

settings 39-25

described 39-23

for IPv6 40-7

interface parameters, configuring 39-27

LSA group pacing 39-31

monitoring 39-32

router IDs 39-32

route summarization 39-30

support for 1-11

virtual links 39-30

out-of-profile markdown 1-11

P

packet modification, with QoS 37-18

PAgP

Layer 2 protocol tunneling 19-9

See EtherChannel

parallel paths, in routing tables 39-88

passive interfaces

configuring 39-97

OSPF 39-30

passwords

default configuration 9-2

disabling recovery of 9-5

encrypting 9-3

for security 1-7

in clusters 6-12

overview 9-1

recovery of 36-3

setting

enable 9-3

enable secret 9-3

Telnet 9-6

with usernames 9-6

VTP domain 16-8

path cost

MSTP 21-20

STP 20-18

path MTU discovery 40-4

PBR

defined 39-94

enabling 39-95

fast-switched policy-based routing 39-97

local policy-based routing 39-97

peers, BGP 39-55

percentage thresholds in tracked lists 46-6

performance, network design 1-16

performance features 1-2

persistent self-signed certificate 9-51

per-user ACLs and Filter-Ids 10-8

per-VLAN spanning-tree plus

See PVST+

PE to CE routing, configuring 39-81

physical ports 13-2

PIM

support for 1-12

ping

overview 36-6

PoE

auto mode 13-6

CDP with power consumption, described 13-4

CDP with power negotiation, described 13-4

Cisco intelligent power management 13-4

configuring 13-20

devices supported 13-4

high-power devices operating in low-power mode 13-5

IEEE power classification levels 13-5

monitoring 13-7

policing power usage 13-7

power budgeting 13-22

power consumption 13-22

powered-device detection and initial power allocation 13-5

power management modes 13-6

power negotiation extensions to CDP 13-4

standards supported 13-4

static mode 13-6

troubleshooting 36-5

policed-DSCP map for QoS 37-62

policers

configuring

for each matched traffic class 37-47

for more than one traffic class 37-57

described 37-3

displaying 37-77

number of 37-33

types of 37-9

policing

described 37-3

hierarchical

See hierarchical policy maps

token-bucket algorithm 37-9

policy-based routing

See PBR

policy maps for QoS

characteristics of 37-47

described 37-7

displaying 37-77

hierarchical 37-8

hierarchical on SVIs

configuration guidelines 37-32

configuring 37-51

described 37-11

nonhierarchical on physical ports

configuration guidelines 37-32

described 37-9

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting 10-14

authentication server

defined 10-3, 11-2

RADIUS server 10-3

client, defined 10-3, 11-2

configuration guidelines 10-34, 11-9

configuring

802.1x authentication 10-39

guest VLAN 10-49

host mode 10-42

inaccessible authentication bypass 10-51

manual re-authentication of a client 10-44

periodic re-authentication 10-43

quiet period 10-44

RADIUS server 10-42, 11-13

RADIUS server parameters on the switch 10-41, 11-11

restricted VLAN 10-50

switch-to-client frame-retransmission number 10-45, 10-46

switch-to-client retransmission time 10-45

violation modes 10-38 to 10-39

default configuration 10-33, 11-9

described 10-1

device roles 10-2, 11-2

displaying statistics 10-64, 11-17

downloadable ACLs and redirect URLs

configuring 10-59 to 10-61, ?? to 10-61

overview 10-18 to 10-20

EAPOL-start frame 10-5

EAP-request/identity frame 10-5

EAP-response/identity frame 10-5

enabling

802.1X authentication 11-11

encapsulation 10-3

flexible authentication ordering

configuring 10-62

overview 10-28

guest VLAN

configuration guidelines 10-22, 10-23

described 10-21

host mode 10-11

inaccessible authentication bypass

configuring 10-51

described 10-23

guidelines 10-35

initiation and message exchange 10-5

magic packet 10-25

maximum number of allowed devices per port 10-36

method lists 10-39

multiple authentication 10-13

per-user ACLs

AAA authorization 10-39

configuration tasks 10-18

described 10-17

RADIUS server attributes 10-18

ports

authorization state and dot1x port-control command 10-10

authorized and unauthorized 10-10

voice VLAN 10-24

port security

described 10-25

readiness check

configuring 10-36

described 10-16, 10-36

resetting to default values 10-64

statistics, displaying 10-64

switch

as proxy 10-3, 11-2

RADIUS client 10-3

switch supplicant

configuring 10-57

overview 10-29

user distribution

guidelines 10-27

overview 10-27

VLAN assignment

AAA authorization 10-39

characteristics 10-16

configuration tasks 10-17

described 10-16

voice aware 802.1x security

configuring 10-37

described 10-29, 10-37

voice VLAN

described 10-24

PVID 10-24

VVID 10-24

wake-on-LAN, described 10-25

with ACLs and RADIUS Filter-Id attribute 10-31

port-based authentication methods, supported 10-7

port blocking 1-3, 27-6

port-channel

See EtherChannel

port description TLV 29-2

Port Fast

described 22-2

enabling 22-10

mode, spanning tree 15-25

support for 1-6

port membership modes, VLAN 15-3

port not forwarding alarm 3-3

port not operating alarm 3-3

port priority

MSTP 21-19

STP 20-16

ports

access 13-2

blocking 27-6

dual-purpose uplink 13-4

dynamic access 15-3

protected 27-5

REP 23-6

secure 27-8

static-access 15-3, 15-9

switch 13-2

trunks 15-3, 15-14

VLAN assignments 15-9

port security

aging 27-17

and private VLANs 27-19

and QoS trusted boundary 37-37

configuring 27-12

default configuration 27-10

described 27-7

displaying 27-20

enabling 27-19

on trunk ports 27-14

sticky learning 27-8

violations 27-9

with other features 27-11

port-shutdown response, VMPS 15-24

port status monitoring alarms

FCS bit error rate alarm 3-3

link fault alarm 3-3

port not forwarding alarm 3-3

port not operating alarm 3-3

port VLAN ID TLV 29-2

power management TLV 29-2, 29-8

power over Ethernet

See PoE

preempt delay time, REP 23-5

preemption, default configuration 24-8

preemption delay, default configuration 24-8

preferential treatment of traffic

See QoS

prefix lists, BGP 39-53

preventing unauthorized access 9-1

primary edge port, REP 23-4

primary interface for object tracking, DHCP, configuring 46-10

primary interface for static routing, configuring 46-10

primary links 24-2

primary VLANs 18-1, 18-3

priority

HSRP 44-8

overriding CoS 17-6

trusting CoS 17-6

private VLAN edge ports

See protected ports

private VLANs

across multiple switches 18-4

and SDM template 18-4

and SVIs 18-5

benefits of 18-1

community ports 18-2

community VLANs 18-2, 18-3

configuration guidelines 18-6, 18-7, 18-8

configuration tasks 18-6

configuring 18-9

default configuration 18-6

end station access to 18-3

IP addressing 18-3

isolated port 18-2

isolated VLANs 18-2, 18-3

mapping 18-13

monitoring 18-14

ports

community 18-2

configuration guidelines 18-8

configuring host ports 18-11

configuring promiscuous ports 18-12

isolated 18-2

promiscuous 18-2

primary VLANs 18-1, 18-3

promiscuous ports 18-2

secondary VLANs 18-2

subdomains 18-1

traffic in 18-5

privileged EXEC mode 2-2

privilege levels

changing the default for lines 9-9

command switch 6-14

exiting 9-10

logging into 9-10

mapping on member switches 6-14

overview 9-2, 9-8

setting a command with 9-8

promiscuous ports

configuring 18-12

defined 18-2

protected ports 1-7, 27-5

protocol-dependent modules, EIGRP 39-34

provider edge devices 39-72

proxy ARP

configuring 39-10

definition 39-8

with IP routing disabled 39-11

proxy reports 24-3

pruning, VTP

disabling

in VTP domain 16-14

on a port 15-19

enabling

in VTP domain 16-14

on a port 15-19

examples 16-6

overview 16-5

pruning-eligible list

changing 15-19

for VTP pruning 16-5

VLANs 16-14

PVST+

described 20-9

IEEE 802.1Q trunking interoperability 20-10

instances supported 20-9

Q

QoS

auto-QoS

categorizing traffic 37-19

configuration and defaults display 37-28

configuration guidelines 37-24

described 37-18

disabling 37-26

displaying generated commands 37-26

displaying the initial configuration 37-28

effects on running configuration 37-24

egress queue defaults 37-19

enabling for VoIP 37-25

example configuration 37-27

ingress queue defaults 37-19

list of generated commands 37-21

basic model 37-3

classification

class maps, described 37-7

defined 37-3

DSCP transparency, described 37-39

flowchart 37-6

forwarding treatment 37-3

in frames and packets 37-2

IP ACLs, described 37-5, 37-7

MAC ACLs, described 37-5, 37-7

options for IP traffic 37-5

options for non-IP traffic 37-4

policy maps, described 37-7

trust DSCP, described 37-4

trusted CoS, described 37-4

trust IP precedence, described 37-4

class maps

configuring 37-45

displaying 37-77

configuration guidelines

auto-QoS 37-24

standard QoS 37-32

configuring

aggregate policers 37-57

auto-QoS 37-18

default port CoS value 37-37

DSCP maps 37-59

DSCP transparency 37-39

DSCP trust states bordering another domain 37-39

egress queue characteristics 37-69

ingress queue characteristics 37-65

IP extended ACLs 37-43

IP standard ACLs 37-42

MAC ACLs 37-44

policy maps, hierarchical 37-51

port trust states within the domain 37-35

trusted boundary 37-37

default auto configuration 37-19

default standard configuration 37-29

displaying statistics 37-77

DSCP transparency 37-39

egress queues

allocating buffer space 37-70

buffer allocation scheme, described 37-16

configuring shaped weights for SRR 37-73

configuring shared weights for SRR 37-74

described 37-3

displaying the threshold map 37-73

flowchart 37-16

mapping DSCP or CoS values 37-72

scheduling, described 37-4

setting WTD thresholds 37-70

WTD, described 37-17

enabling globally 37-34

flowcharts

classification 37-6

egress queueing and scheduling 37-16

ingress queueing and scheduling 37-14

policing and marking 37-10

implicit deny 37-7

ingress queues

allocating bandwidth 37-67

allocating buffer space 37-67

buffer and bandwidth allocation, described 37-15

configuring shared weights for SRR 37-67

configuring the priority queue 37-68

described 37-3

displaying the threshold map 37-66

flowchart 37-14

mapping DSCP or CoS values 37-66

priority queue, described 37-15

scheduling, described 37-3

setting WTD thresholds 37-66

WTD, described 37-15

IP phones

automatic classification and queueing 37-18

detection and trusted settings 37-18, 37-37

limiting bandwidth on egress interface 37-76

mapping tables

CoS-to-DSCP 37-60

displaying 37-77

DSCP-to-CoS 37-63

DSCP-to-DSCP-mutation 37-64

IP-precedence-to-DSCP 37-61

policed-DSCP 37-62

types of 37-12

marked-down actions 37-49, 37-54

marking, described 37-3, 37-8

overview 37-1

packet modification 37-18

policers

configuring 37-49, 37-54, 37-58

described 37-8

displaying 37-77

number of 37-33

types of 37-9

policies, attaching to an interface 37-8

policing

described 37-3, 37-8

token bucket algorithm 37-9

policy maps

characteristics of 37-47

displaying 37-77

hierarchical 37-8

hierarchical on SVIs 37-51

nonhierarchical on physical ports 37-47

QoS label, defined 37-3

queues

configuring egress characteristics 37-69

configuring ingress characteristics 37-65

high priority (expedite) 37-17, 37-75

location of 37-13

SRR, described 37-14

WTD, described 37-13

rewrites 37-18

support for 1-10

trust states

bordering another domain 37-39

described 37-4

trusted device 37-37

within the domain 37-35

quality of service

See QoS

R

RADIUS

attributes

vendor-proprietary 9-38

vendor-specific 9-36

configuring

accounting 9-35

authentication 9-30

authorization 9-34

communication, global 9-28, 9-36

communication, per-server 9-28

multiple UDP ports 9-28

default configuration 9-27

defining AAA server groups 9-32

displaying the configuration 9-40

identifying the server 9-28

in clusters 6-13

limiting the services to the user 9-34

method list, defined 9-27

operation of 9-20

overview 9-18

server load balancing 9-40

suggested network environments 9-19

support for 1-9

tracking services accessed by user 9-35

RADIUS Change of Authorization 9-20

range

macro 13-12

of interfaces 13-11

rapid convergence 21-9

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described 20-9

IEEE 802.1Q trunking interoperability 20-10

instances supported 20-9

Rapid Spanning Tree Protocol

See RSTP

RARP 39-8

rcommand command 6-13

RCP

configuration files

downloading A-17

overview A-15

preparing the server A-16

uploading A-18

image files

deleting old image A-34

downloading A-33

preparing the server A-32

uploading A-34

reachability, tracking IP SLAs IP host 46-9

readiness check

port-based authentication

configuring 10-36

described 10-16, 10-36

reconfirmation interval, VMPS, changing 15-27

reconfirming dynamic VLAN membership 15-27

recovery procedures 36-1

redirect URL 10-18, 10-20, 10-59

redundancy

EtherChannel 38-3

HSRP 44-1

STP

backbone 20-8

path cost 15-22

port priority 15-20

redundant links and UplinkFast 22-13

reliable transport protocol, EIGRP 39-34

reloading software 4-21

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN 28-2

REP

administrative VLAN 23-8

administrative VLAN, configuring 23-8

age timer 23-8

and STP 23-6

configuration guidelines 23-7

configuring interfaces 23-9

convergence 23-4

default configuration 23-7

manual preemption, configuring 23-13

monitoring 23-13

neighbor offset numbers 23-4

open segment 23-2

ports 23-6

preempt delay time 23-5

primary edge port 23-4

ring segment 23-2

secondary edge port 23-4

segments 23-1

characteristics 23-2

SNMP traps, configuring 23-13

supported interfaces 23-1

triggering VLAN load balancing 23-5

verifying link integrity 23-3

VLAN blocking 23-12

VLAN load balancing 23-4

report suppression, IGMP

disabling 42-10

resequencing ACL entries 36-13

reserved addresses in DHCP pools 25-28

resets, in BGP 39-48

resetting a UDLD-shutdown interface 31-6

Resilient Ethernet Protocol

See REP

responder, IP SLAs

described 45-4

response time, measuring with IP SLAs 45-4

restricted VLAN

configuring 10-50

described 10-22

using with IEEE 802.1x 10-22

restricting access

overview 9-1

passwords and privilege levels 9-2

RADIUS 9-18

TACACS+ 9-10

retry count, VMPS, changing 15-28

reverse address resolution 39-8

Reverse Address Resolution Protocol

See RARP

RFC

1058, RIP 39-18

1157, SNMPv1 34-2

1163, BGP 39-41

1166, IP addresses 39-5

1253, OSPF 39-24

1267, BGP 39-41

1305, NTP 8-2

1587, NSSAs 39-24

1757, RMON 32-2

1771, BGP 39-41

1901, SNMPv2C 34-2

1902 to 1907, SNMPv2 34-2

2273-2275, SNMPv3 34-2

RFC 5176 Compliance 9-21

RIP

advertisements 39-18

authentication 39-21

configuring 39-20

default configuration 39-19

described 39-18

for IPv6 40-6

hop counts 39-19

split horizon 39-22

summary addresses 39-22

support for 1-11

RMON

default configuration 32-3

displaying status 32-6

enabling alarms and events 32-3

groups supported 32-2

overview 32-1

statistics

collecting group Ethernet 32-5

collecting group history 32-5

support for 1-12

root guard

described 22-8

enabling 22-15

support for 1-6

root switch

MSTP 21-17

STP 20-14

route calculation timers, OSPF 39-30

route dampening, BGP 39-60

routed ports

configuring 39-3

IP addresses on 39-4

route-map command 39-96

route maps

BGP 39-51

policy-based routing 39-94

route reflectors, BGP 39-59

router ID, OSPF 39-32

route selection, BGP 39-49

route summarization, OSPF 39-30

route targets, VPN 39-74

routing

default 39-2

dynamic 39-3

redistribution of information 39-90

static 39-3

routing domain confederation, BGP 39-58

Routing Information Protocol

See RIP

routing protocol administrative distances 39-89

RSPAN

characteristics 28-8

configuration guidelines 28-16

default configuration 28-9

defined 28-2

destination ports 28-7

displaying status 28-22

interaction with other features 28-8

monitored ports 28-5

monitoring ports 28-7

overview 1-12, 28-1

received traffic 28-4

sessions

creating 28-16

defined 28-3

limiting source traffic to specific VLANs 28-21

specifying monitored ports 28-16

with ingress traffic enabled 28-20

source ports 28-5

transmitted traffic 28-5

VLAN-based 28-6

RSTP

active topology 21-9

BPDU

format 21-12

processing 21-12

designated port, defined 21-9

designated switch, defined 21-9

interoperability with IEEE 802.1D

described 21-8

restarting migration process 21-25

topology changes 21-13

overview 21-8

port roles

described 21-9

synchronized 21-11

proposal-agreement handshake process 21-10

rapid convergence

described 21-9

edge ports and Port Fast 21-9

point-to-point links 21-10, 21-24

root ports 21-10

root port, defined 21-9

See also MSTP

running configuration

replacing A-19, A-20

rolling back A-19, A-20

running configuration, saving 4-15

S

scheduled reloads 4-21

scheduling, IP SLAs operations 45-5

SCP

and SSH 9-56

configuring 9-57

SD flash memory card A-2

SDM

templates

configuring 7-4

number of 7-1

SDM template 43-3

configuration guidelines 7-3

configuring 7-3

dual IPv4 and IPv6 7-2

types of 7-1

secondary edge port, REP 23-4

secondary VLANs 18-2

Secure Copy Protocol

Secure Digital flash memory card

See SD flash memory card

secure HTTP client

configuring 9-55

displaying 9-56

secure HTTP server

configuring 9-54

displaying 9-56

secure MAC addresses

deleting 27-16

maximum number of 27-9

types of 27-8

secure ports, configuring 27-8

secure remote connections 9-46

Secure Shell

See SSH

Secure Socket Layer

See SSL

security, port 27-7

security features 1-7

See SCP

sequence numbers in log messages 33-8

server mode, VTP 16-3

service-provider network, MSTP and RSTP 21-1

service-provider networks

and customer VLANs 19-2

and IEEE 802.1Q tunneling 19-1

Layer 2 protocols across 19-8

Layer 2 protocol tunneling for EtherChannels 19-9

set-request operation 34-4

setting a secondary temperature threshold 3-7, 3-8

setting power supply alarm options 3-6

setting the FCS error hysteresis threshold 3-10

severity levels, defining in system messages 33-8

SFPs

monitoring status of 13-26, 36-6

security and identification 36-5

status, displaying 36-6

shaped round robin

See SRR

show access-lists hw-summary command 36-20

show alarm commands 3-13

show and more command output, filtering 2-10

show cdp traffic command 30-6

show cluster members command 6-13

show configuration command 13-23

show forward command 36-12

show interfaces command 13-18, 13-23

show interfaces switchport 24-4

show l2protocol command 19-13, 19-15

show lldp traffic command 29-12

show platform forward command 36-12

show running-config command

displaying ACLs 36-18, 36-19

interface description in 13-23

shutdown command on interfaces 13-28

shutdown threshold for Layer 2 protocol packets 19-11

Simple Network Management Protocol

See SNMP

Smartports macros

applying Cisco-default macros 14-3

applying global parameter values 14-3

configuration guidelines 14-2

default configuration 14-1

displaying 14-5

tracing 14-2

SNAP 30-1

SNMP

accessing MIB variables with 34-4

agent

described 34-4

disabling 34-8

and IP SLAs 45-2

authentication level 34-11

community strings

configuring 34-9

overview 34-4

configuration examples 34-18

default configuration 34-7

engine ID 34-8

groups 34-8, 34-10

host 34-8

ifIndex values 34-5

in-band management 1-5

in clusters 6-13

informs

and trap keyword 34-12

described 34-5

differences from traps 34-5

disabling 34-16

enabling 34-16

limiting access by TFTP servers 34-17

limiting system log messages to NMS 33-10

manager functions 1-4, 34-3

managing clusters with 6-14

notifications 34-5

overview 34-1, 34-4

security levels 34-2

setting CPU threshold notification 34-16

status, displaying 34-19

system contact and location 34-17

trap manager, configuring 34-14

traps

described 34-3, 34-5

differences from informs 34-5

disabling 34-16

enabling 34-12

enabling MAC address notification 8-15, 8-17, 8-18

overview 34-1, 34-4

types of 34-13

users 34-8, 34-10

versions supported 34-2

SNMP and Syslog Over IPv6 40-8

SNMP traps

REP 23-13

SNMPv1 34-2

SNMPv2C 34-2

SNMPv3 34-2

software images

location in flash A-23

recovery procedures 36-2

scheduling reloads 4-21

tar file format, described A-23

See also downloading and uploading

source addresses

in IPv4 ACLs 36-10

in IPv6 ACLs 43-5

source-and-destination-IP address based forwarding, EtherChannel 38-7

source-and-destination MAC address forwarding, EtherChannel 38-7

source-IP address based forwarding, EtherChannel 38-7

source-MAC address forwarding, EtherChannel 38-7

SPAN

configuration guidelines 28-10

default configuration 28-9

destination ports 28-7

displaying status 28-22

interaction with other features 28-8

monitored ports 28-5

monitoring ports 28-7

overview 1-12, 28-1

ports, restrictions 27-11

received traffic 28-4

sessions

configuring ingress forwarding 28-14, 28-21

creating 28-11

defined 28-3

limiting source traffic to specific VLANs 28-14

removing destination (monitoring) ports 28-12

specifying monitored ports 28-11

with ingress traffic enabled 28-13

source ports 28-5

transmitted traffic 28-5

VLAN-based 28-6

spanning tree and native VLANs 15-15

Spanning Tree Protocol

See STP

SPAN traffic 28-4

split horizon, RIP 39-22

SRR

configuring

shaped weights on egress queues 37-73

shared weights on egress queues 37-74

shared weights on ingress queues 37-67

described 37-14

shaped mode 37-14

shared mode 37-14

support for 1-11

SSH

configuring 9-47

cryptographic software image 9-45

described 1-5, 9-46

encryption methods 9-46

user authentication methods, supported 9-46

SSL

configuration guidelines 9-53

configuring a secure HTTP client 9-55

configuring a secure HTTP server 9-54

cryptographic software image 9-50

described 9-50

monitoring 9-56

standby command switch

configuring

considerations 6-10

defined 6-2

requirements 6-3

virtual IP address 6-10

See also cluster standby group and HSRP

standby group, cluster

See cluster standby group and HSRP

standby ip command 44-6

standby links 24-2

standby router 44-1

standby timers, HSRP 44-11

startup configuration

booting

manually 4-18

specific image 4-19

clearing A-19

configuration file

automatically downloading 4-17

specifying the filename 4-17

default boot configuration 4-17

static access ports

assigning to VLAN 15-9

defined 13-3, 15-3

static addresses

See addresses

static IP routing 1-12

static MAC addressing 1-7

static route primary interface,configuring 46-10

static routes

configuring 39-88

configuring for IPv6 40-19

understanding 40-6

static routing 39-3

static routing support, enhanced object tracking 46-10

static VLAN membership 15-2

statistics

802.1X 11-17

802.1x 10-64

CDP 30-5

interface 13-26

LLDP 29-12

LLDP-MED 29-12

NMSP 29-12

OSPF 39-32

QoS ingress and egress 37-77

RMON group Ethernet 32-5

RMON group history 32-5

SNMP input and output 34-19

VTP 16-16

sticky learning 27-8

storm control

configuring 27-3

described 27-1

disabling 27-5

displaying 27-20

support for 1-3

thresholds 27-1

STP

accelerating root port selection 22-4

and REP 23-6

BackboneFast

described 22-5

disabling 22-14

enabling 22-13

BPDU filtering

described 22-3

disabling 22-12

enabling 22-12

BPDU guard

described 22-2

disabling 22-12

enabling 22-11

BPDU message exchange 20-3

configuration guidelines 20-12, 22-10

configuring

forward-delay time 20-21

hello time 20-20

maximum aging time 20-21

path cost 20-18

port priority 20-16

root switch 20-14

secondary root switch 20-16

spanning-tree mode 20-13

switch priority 20-19

transmit hold-count 20-22

counters, clearing 20-22

default configuration 20-11

default optional feature configuration 22-9

designated port, defined 20-3

designated switch, defined 20-3

detecting indirect link failures 22-5

disabling 20-14

displaying status 20-22

EtherChannel guard

described 22-7

disabling 22-14

enabling 22-14

extended system ID

effects on root switch 20-14

effects on the secondary root switch 20-16

overview 20-4

unexpected behavior 20-14

features supported 1-6

IEEE 802.1D and bridge ID 20-4

IEEE 802.1D and multicast addresses 20-8

IEEE 802.1t and VLAN identifier 20-4

inferior BPDU 20-3

instances supported 20-9

interface state, blocking to forwarding 22-2

interface states

blocking 20-5

disabled 20-7

forwarding 20-5, 20-6

learning 20-6

listening 20-6

overview 20-4

interoperability and compatibility among modes 20-10

Layer 2 protocol tunneling 19-7

limitations with IEEE 802.1Q trunks 20-10

load sharing

overview 15-20

using path costs 15-22

using port priorities 15-21

loop guard

described 22-9

enabling 22-15

modes supported 20-9

multicast addresses, effect of 20-8

optional features supported 1-6

overview 20-2

path costs 15-22, 15-23

Port Fast

described 22-2

enabling 22-10

port priorities 15-21

preventing root switch selection 22-8

protocols supported 20-9

redundant connectivity 20-8

root guard

described 22-8

enabling 22-15

root port, defined 20-3

root switch

configuring 20-14

effects of extended system ID 20-4, 20-14

election 20-3

unexpected behavior 20-14

shutdown Port Fast-enabled port 22-2

status, displaying 20-22

superior BPDU 20-3

timers, described 20-20

UplinkFast

described 22-3

enabling 22-13

VLAN-bridge 20-10

stratum, NTP 8-2

stub areas, OSPF 39-28

stub routing, EIGRP 39-39

subdomains, private VLAN 18-1

subnet mask 39-5

subnet zero 39-6

success response, VMPS 15-24

summer time 8-6

SunNet Manager 1-4

supernet 39-6

supported port-based authentication methods 10-7

SVIs

and IP unicast routing 39-3

connecting VLANs 13-9

switch 40-2

switch clustering technology 6-1

See also clusters, switch

switch console port 1-5

Switch Database Management

See SDM

Switched Port Analyzer

See SPAN

switched ports 13-2

switchport backup interface 24-4, 24-5

switchport block multicast command 27-7

switchport block unicast command 27-7

switchport command 13-14

switchport mode dot1q-tunnel command 19-6

switchport protected command 27-6

switch priority

MSTP 21-21

STP 20-19

switch software features 1-1

SXP

configuration process 12-2

configuring peer connections 12-2

default passwords 12-4

enabling 12-2

reconcile period 12-5

retry period 12-5

source IP address 12-4

synchronization, BGP 39-45

syslog

See system message logging

system capabilities TLV 29-2

system clock

configuring

daylight saving time 8-6

manually 8-4

summer time 8-6

time zones 8-5

displaying the time and date 8-5

overview 8-1

See also NTP

system description TLV 29-2

system message logging

default configuration 33-3

defining error message severity levels 33-8

disabling 33-4

displaying the configuration 33-13

enabling 33-4

facility keywords, described 33-13

level keywords, described 33-9

limiting messages 33-10

message format 33-2

overview 33-1

sequence numbers, enabling and disabling 33-8

setting the display destination device 33-5

synchronizing log messages 33-6

syslog facility 1-12

time stamps, enabling and disabling 33-7

UNIX syslog servers

configuring the daemon 33-12

configuring the logging facility 33-12

facilities supported 33-13

system MTU

and IS-IS LSPs 39-66

system MTU and IEEE 802.1Q tunneling 19-5

system name

default configuration 8-8

default setting 8-8

manual configuration 8-8

See also DNS

system name TLV 29-2

system prompt, default setting 8-7, 8-8

system resources, optimizing 7-1

system routing

IS-IS 39-62

ISO IGRP 39-62

T

TACACS+

accounting, defined 9-11

authentication, defined 9-11

authorization, defined 9-11

configuring

accounting 9-17

authentication key 9-13

authorization 9-16

login authentication 9-14

default configuration 9-13

displaying the configuration 9-18

identifying the server 9-13

in clusters 6-13

limiting the services to the user 9-16

operation of 9-12

overview 9-10

support for 1-9

tracking services accessed by user 9-17

tagged packets

IEEE 802.1Q 19-3

Layer 2 protocol 19-7

tar files

creating A-7

displaying the contents of A-7

extracting A-8

image file format A-23

TCL script, registering and defining with embedded event manager 35-6

TDR 1-13

Telnet

accessing management interfaces 2-10

number of connections 1-5

setting a password 9-6

temperature alarms, configuring 3-7, 3-8

temporary self-signed certificate 9-51

Terminal Access Controller Access Control System Plus

See TACACS+

terminal lines, setting a password 9-6

TFTP

configuration files

downloading A-11

preparing the server A-10

uploading A-12

configuration files in base directory 4-7

configuring for autoconfiguration 4-7

image files

deleting A-26

downloading A-25

preparing the server A-24

uploading A-27

limiting access by servers 34-17

TFTP server 1-4

threshold, traffic level 27-2

threshold monitoring, IP SLAs 45-6

time

See NTP and system clock

Time Domain Reflector

See TDR

time-range command 36-15

time ranges in ACLs 36-15

time stamps in log messages 33-7

time zones 8-5

TLVs

defined 29-1

LLDP 29-2

LLDP-MED 29-2

Token Ring VLANs

support for 15-5

VTP support 16-4

ToS 1-10

traceroute, Layer 2

and ARP 36-7

and CDP 36-7

broadcast traffic 36-7

described 36-7

IP addresses and subnets 36-7

MAC addresses and VLANs 36-7

multicast traffic 36-7

multiple devices on a port 36-8

unicast traffic 36-7

usage guidelines 36-7

traceroute command 36-9

See also IP traceroute

tracked lists

configuring 46-3

types 46-3

tracked objects

by Boolean expression 46-4

by threshold percentage 46-6

by threshold weight 46-5

tracking interface line-protocol state 46-2

tracking IP routing state 46-2

tracking objects 46-1

tracking process 46-1

track state, tracking IP SLAs 46-9

traffic

blocking flooded 27-7

fragmented 36-3

fragmented IPv6 43-2

unfragmented 36-3

traffic policing 1-10

traffic suppression 27-1

transmit hold-count

see STP

transparent mode, VTP 16-3

trap-door mechanism 4-2

traps

configuring MAC address notification 8-15, 8-17, 8-18

configuring managers 34-12

defined 34-3

enabling 8-15, 8-17, 8-18, 34-12

notification types 34-13

overview 34-1, 34-4

triggering alarm options

configurable relay 3-3

methods 3-3

SNMP traps 3-4

syslog messages 3-4

troubleshooting

connectivity problems 36-6, 36-8

CPU utilization 36-15

detecting unidirectional links 31-1

displaying crash information 36-14

setting packet forwarding 36-12

SFP security and identification 36-5

show forward command 36-12

with CiscoWorks 34-4

with debug commands 36-11

with ping 36-6

with system message logging 33-1

with traceroute 36-8

trunk failover

See link-state tracking

trunking encapsulation 1-6

trunk ports

configuring 15-17

defined 13-3, 15-3

trunks

allowed-VLAN list 15-18

load sharing

setting STP path costs 15-22

using STP port priorities 15-20, 15-21

native VLAN for untagged traffic 15-19

parallel 15-22

pruning-eligible list 15-19

to non-DTP device 15-14

trusted boundary for QoS 37-37

trusted port states

between QoS domains 37-39

classification options 37-4

ensuring port security for IP phones 37-37

support for 1-10

within a QoS domain 37-35

trustpoints, CA 9-50

tunneling

defined 19-1

IEEE 802.1Q 19-1

Layer 2 protocol 19-8

tunnel ports

described 19-1

IEEE 802.1Q, configuring 19-6

incompatibilities with other features 19-5

twisted-pair Ethernet, detecting unidirectional links 31-1

type of service

See ToS

U

UDLD

configuration guidelines 31-4

default configuration 31-4

disabling

globally 31-5

on fiber-optic interfaces 31-5

per interface 31-5

echoing detection mechanism 31-2

enabling

globally 31-5

per interface 31-5

Layer 2 protocol tunneling 19-10

link-detection mechanism 31-1

neighbor database 31-2

overview 31-1

resetting an interface 31-6

status, displaying 31-6

support for 1-5

UDP, configuring 39-14

UDP jitter, configuring 45-9

UDP jitter operation, IP SLAs 45-9

unauthorized ports with IEEE 802.1x 10-10

unicast MAC address filtering 1-4

and adding static addresses 8-21

and broadcast MAC addresses 8-20

and CPU packets 8-20

and multicast addresses 8-20

and router MAC addresses 8-20

configuration guidelines 8-20

described 8-20

unicast storm 27-1

unicast storm control command 27-4

unicast traffic, blocking 27-7

UniDirectional Link Detection protocol

See UDLD

UNIX syslog servers

daemon configuration 33-12

facilities supported 33-13

message logging configuration 33-12

unrecognized Type-Length-Value (TLV) support 16-4

upgrading software images

See downloading

UplinkFast

described 22-3

disabling 22-13

enabling 22-13

uploading

configuration files

preparing A-10, A-13, A-16

reasons for A-9

using FTP A-14

using RCP A-18

using TFTP A-12

image files

preparing A-24, A-28, A-32

reasons for A-23

using FTP A-30

using RCP A-34

using TFTP A-27

User Datagram Protocol

See UDP

user EXEC mode 2-2

username-based authentication 9-6

V

version-dependent transparent mode 16-4

virtual IP address

cluster standby group 6-10

command switch 6-10

Virtual Private Network

See VPN

virtual router 44-1, 44-2

virtual switches and PAgP 38-5

vlan.dat file 15-4

VLAN 1, disabling on a trunk port 15-18

VLAN 1 minimization 15-18

vlan-assignment response, VMPS 15-24

VLAN blocking, REP 23-12

VLAN configuration

at bootup 15-6

saving 15-6

VLAN configuration mode 2-2

VLAN database

and startup configuration file 15-6

and VTP 16-1

VLAN configuration saved in 15-6

VLANs saved in 15-4

vlan dot1q tag native command 19-4

VLAN filtering and SPAN 28-6

vlan global configuration command 15-6

VLAN ID, discovering 8-23

VLAN load balancing

REP 23-4

VLAN load balancing, triggering 23-5

VLAN load balancing on flex links 24-2

configuration guidelines 24-8

VLAN management domain 16-2

VLAN Management Policy Server

See VMPS

VLAN maps

displaying 36-29

support for 1-8

VLAN membership

confirming 15-27

modes 15-3

VLAN Query Protocol

See VQP

VLANs

adding 15-7

adding to VLAN database 15-7

aging dynamic addresses 20-9

allowed on trunk 15-18

and spanning-tree instances 15-2, 15-6, 15-10

configuration guidelines, extended-range VLANs 15-10

configuration guidelines, normal-range VLANs 15-5

configuring 15-1

configuring IDs 1006 to 4094 15-10

connecting through SVIs 13-9

creating 15-7

customer numbering in service-provider networks 19-3

default configuration 15-6

deleting 15-8

described 13-2, 15-1

displaying 15-13

extended-range 15-1, 15-10

features 1-6

illustrated 15-2

internal 15-11

limiting source traffic with RSPAN 28-21

limiting source traffic with SPAN 28-14

modifying 15-7

native, configuring 15-19

normal-range 15-1, 15-4

number supported 1-6

parameters 15-4

port membership modes 15-3

static-access ports 15-9

STP and IEEE 802.1Q trunks 20-10

supported 15-2

Token Ring 15-5

VLAN-bridge STP 20-10, 48-2

VTP modes 16-3

VLAN Trunking Protocol

See VTP

VLAN trunks 15-14

VMPS

administering 15-28

configuration example 15-29

configuration guidelines 15-25

default configuration 15-25

description 15-23

dynamic port membership

described 15-24

reconfirming 15-27

troubleshooting 15-29

entering server address 15-26

mapping MAC addresses to VLANs 15-24

monitoring 15-28

reconfirmation interval, changing 15-27

reconfirming membership 15-27

retry count, changing 15-28

voice aware 802.1x security

port-based authentication

configuring 10-37

described 10-29, 10-37

voice-over-IP 17-1

voice VLAN

Cisco 7960 phone, port connections 17-1

configuration guidelines 17-3

configuring IP phones for data traffic

override CoS of incoming frame 17-6

trust CoS priority of incoming frame 17-6

configuring ports for voice traffic in

802.1p priority tagged frames 17-5

802.1Q frames 17-5

connecting to an IP phone 17-4

default configuration 17-3

described 17-1

displaying 17-7

IP phone data traffic, described 17-2

IP phone voice traffic, described 17-2

VPN

configuring routing in 39-81

forwarding 39-74

in service provider networks 39-71

routes 39-72

VPN routing and forwarding table

See VRF

VQP 1-6, 15-23

VRF

defining 39-74

Specifying for an SXP connection 12-3

tables 39-71

VRF-aware services

ARP 39-78

configuring 39-77

ftp 39-80

HSRP 39-79

ping 39-78

SNMP 39-78

syslog 39-79

tftp 39-80

traceroute 39-80

VTP

adding a client to a domain 16-15

advertisements 15-16, 16-3

and extended-range VLANs 15-2, 16-1

and normal-range VLANs 15-2, 16-1

client mode, configuring 16-11

configuration

guidelines 16-8

requirements 16-10

saving 16-8

configuration requirements 16-10

configuration revision number

guideline 16-15

resetting 16-16

consistency checks 16-4

default configuration 16-7

described 16-1

domain names 16-8

domains 16-2

Layer 2 protocol tunneling 19-7

modes

client 16-3

off 16-3

server 16-3

transitions 16-3

transparent 16-3

monitoring 16-16

passwords 16-8

pruning

disabling 16-14

enabling 16-14

examples 16-6

overview 16-5

support for 1-6

pruning-eligible list, changing 15-19

server mode, configuring 16-10, 16-13

statistics 16-16

support for 1-6

Token Ring support 16-4

transparent mode, configuring 16-10

using 16-1

Version

enabling 16-13

version, guidelines 16-9

Version 1 16-4

Version 2

configuration guidelines 16-9

overview 16-4

Version 3

overview 16-4

W

WCCP

authentication 47-3

configuration guidelines 47-5

default configuration 47-5

described 47-1

displaying 47-9

dynamic service groups 47-3

enabling 47-6

features unsupported 47-4

forwarding method 47-3

Layer-2 header rewrite 47-3

MD5 security 47-3

message exchange 47-2

monitoring and maintaining 47-9

negotiation 47-3

packet redirection 47-3

packet-return method 47-3

redirecting traffic received from a client 47-6

setting the password 47-6

unsupported WCCPv2 features 47-4

web authentication 10-16

configuring 11-16 to ??

described 1-7

web-based authentication

customizeable web pages 11-5

description 11-1

web-based authentication, interactions with other features 11-7

Web Cache Communication Protocol

See WCCP

weighted tail drop

See WTD

weight thresholds in tracked lists 46-5

wired location service

configuring 29-10

displaying 29-12

location TLV 29-3

understanding 29-3

WTD

described 37-13

setting thresholds

egress queue-sets 37-70

ingress queues 37-66

support for 1-11

X

Xmodem protocol 36-2