Index A
AAA down policy, NAC Layer 2 IP validation 1-9
abbreviating commands 2-4
ABRs 39-24
access-class command 36-18
access control entries
See ACEs
access control entry (ACE) 43-3
access-denied response, VMPS 15-24
access groups
applying IPv4 ACLs to interfaces 36-19
Layer 2 36-19
Layer 3 36-19
accessing
clusters, switch 6-12
command switches 6-10
member switches 6-12
switch clusters 6-12
access lists
See ACLs
access ports
and Layer 2 protocol tunneling 19-10
defined 13-2
in switch clusters 6-8
accounting
with 802.1x 10-48
with IEEE 802.1x 10-14
with RADIUS 9-35
with TACACS+ 9-11, 9-17
ACEs
and QoS 37-7
defined 36-2
Ethernet 36-2
IP 36-2
ACLs
ACEs 36-2
any keyword 36-11
applying
time ranges to 36-15
to an interface 36-18, 43-7
to IPv6 interfaces 43-7
to QoS 37-7
classifying traffic for QoS 37-42
comments in 36-17
compiling 36-21
defined 36-1, 36-5
examples of 36-21, 37-42
extended IP, configuring for QoS classification 37-43
extended IPv4
creating 36-8
matching criteria 36-5
hardware and software handling 36-20
host keyword 36-11
IP
creating 36-5
fragments and QoS guidelines 37-32
implicit deny 36-8, 36-13, 36-15
implicit masks 36-8
matching criteria 36-5
undefined 36-20
IPv4
applying to interfaces 36-18
creating 36-5
matching criteria 36-5
named 36-13
numbers 36-6
terminal lines, setting on 36-18
unsupported features 36-5
IPv6
applying to interfaces 43-7
configuring 43-3, 43-4
displaying 43-8
interactions with other features 43-4
limitations 43-2, 43-3
matching criteria 43-3
named 43-2
precedence of 43-2
supported 43-2
unsupported features 43-3
logging messages 36-7
MAC extended 36-26, 37-44
matching 36-5, 36-19, 43-3
monitoring 36-29, 43-8
named, IPv4 36-13
named, IPv6 43-2
names 43-4
number per QoS class map 37-32
port 43-1
QoS 37-7, 37-42
resequencing entries 36-13
router 43-1
standard IP, configuring for QoS classification 37-42
standard IPv4
creating 36-7
matching criteria 36-5
support for 1-7
support in hardware 36-20
time ranges 36-15
types supported 36-2
unsupported features, IPv4 36-5
unsupported features, IPv6 43-3
active link 24-4, 24-5, 24-6
active links 24-2
active router 44-1
active traffic monitoring, IP SLAs 45-1
addresses
displaying the MAC address table 8-23
dynamic
accelerated aging 20-8
changing the aging time 8-14
default aging 20-8
defined 8-12
learning 8-13
removing 8-15
IPv6 40-2
MAC, discovering 8-23
multicast
STP address management 20-8
static
adding and removing 8-19
defined 8-12
address resolution 8-23, 39-8
Address Resolution Protocol
See ARP
adjacency tables, with CEF 39-87
administrative distances
defined 39-99
OSPF 39-30
routing protocol defaults 39-89
administrative VLAN
REP, configuring 23-8
administrative VLAN, REP 23-8
advertisements
CDP 30-1
LLDP 29-1, 29-2
RIP 39-18
VTP 15-16, 16-3
age timer, REP 23-8
aggregatable global unicast addresses 40-3
aggregate addresses, BGP 39-57
aggregated ports
See EtherChannel
aggregate policers 37-57
aggregate policing 1-11
aging, accelerating 20-8
aging time
accelerated
for MSTP 21-23
for STP 20-8, 20-21
MAC address table 8-14
maximum
for MSTP 21-23, 21-24
for STP 20-21, 20-22
alarm profiles
configuring 3-12
creating or modifying 3-11
alarms
displaying 3-13
power supply 3-2
temperature 3-2
alarms, RMON 32-3
allowed-VLAN list 15-18
application engines, redirecting traffic to 47-1
area border routers
See ABRs
area routing
IS-IS 39-62
ISO IGRP 39-62
ARP
configuring 39-9
defined 1-4, 8-23, 39-8
encapsulation 39-10
static cache configuration 39-9
table
address resolution 8-23
managing 8-23
ASBRs 39-24
AS-path filters, BGP 39-52
associating the temperature alarms to a relay 3-9
asymmetrical links, and IEEE 802.1Q tunneling 19-4
attaching an alarm profile to a port 3-12
attributes, RADIUS
vendor-proprietary 9-38
vendor-specific 9-36
attribute-value pairs 10-12, 10-15, 10-20
authentication
EIGRP 39-38
HSRP 44-10
local mode with AAA 9-44
open1x 10-29
RADIUS
key 9-28
login 9-30
TACACS+
defined 9-11
key 9-13
login 9-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 10-8
authentication failed VLAN
See restricted VLAN
authentication keys, and routing protocols 39-99
authentication manager
CLI commands 10-9
compatibility with older 802.1x CLI commands 10-9 to ??
overview 10-7
authoritative time source, described 8-2
authorization
with RADIUS 9-34
with TACACS+ 9-11, 9-16
authorized ports with IEEE 802.1x 10-10
autoconfiguration 4-3
auto enablement 10-30
automatic discovery
considerations
beyond a noncandidate device 6-7
brand new switches 6-8
connectivity 6-4
different VLANs 6-6
management VLANs 6-7
non-CDP-capable devices 6-6
noncluster-capable devices 6-6
in switch clusters 6-4
See also CDP
automatic QoS
See QoS
auto-MDIX
configuring 13-20
described 13-19
autonegotiation
duplex mode 1-2
interface configuration guidelines 13-17
mismatches 36-4
autonomous system boundary routers
See ASBRs
autonomous systems, in BGP 39-45
autosensing, port speed 1-2
Auto Smartports macros
displaying 14-5
auxiliary VLAN
See voice VLAN
availability, features 1-5
B
BackboneFast
described 22-5
disabling 22-14
enabling 22-13
backup interfaces
See Flex Links
backup links 24-2
backup static routing, configuring 46-11
banners
configuring
login 8-12
message-of-the-day login 8-11
default configuration 8-10
when displayed 8-10
Berkeley r-tools replacement 9-56
BGP
aggregate addresses 39-57
aggregate routes, configuring 39-57
CIDR 39-57
clear commands 39-61
community filtering 39-54
configuring neighbors 39-55
default configuration 39-43
described 39-42
enabling 39-45
monitoring 39-61
multipath support 39-49
neighbors, types of 39-45
path selection 39-49
peers, configuring 39-55
prefix filtering 39-53
resetting sessions 39-48
route dampening 39-60
route maps 39-51
route reflectors 39-59
routing domain confederation 39-58
routing session with multi-VRF CE 39-81
show commands 39-61
supernets 39-57
support for 1-11
Version 4 39-42
binding cluster group and HSRP group 44-12
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 25-7
DHCP snooping database 25-7
IP source guard 25-16
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 27-6
Boolean expressions in tracked lists 46-4
booting
boot loader, function of 4-2
boot process 4-1
manually 4-18
specific image 4-19
boot loader
accessing 4-19
described 4-2
environment variables 4-19
prompt 4-19
trap-door mechanism 4-2
Border Gateway Protocol
See BGP
BPDU
error-disabled state 22-2
filtering 22-3
RSTP format 21-12
BPDU filtering
described 22-3
disabling 22-12
enabling 22-12
support for 1-6
BPDU guard
described 22-2
disabling 22-12
enabling 22-11
support for 1-6
bridge groups
See fallback bridging
bridge protocol data unit
See BPDU
broadcast flooding 39-16
broadcast packets
directed 39-13
flooded 39-13
broadcast storm-control command 27-4
broadcast storms 27-1, 39-13
C
cables, monitoring for unidirectional links 31-1
candidate switch
automatic discovery 6-4
defined 6-3
requirements 6-3
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility 10-8
CA trustpoint
configuring 9-53
defined 9-50
CDP
and trusted boundary 37-38
automatic discovery in switch clusters 6-4
configuring 30-2
default configuration 30-2
defined with LLDP 29-1
described 30-1
disabling for routing device 30-4
enabling and disabling
on an interface 30-4
on a switch 30-4
Layer 2 protocol tunneling 19-7
monitoring 30-5
overview 30-1
power negotiation extensions 13-4
support for 1-4
transmission timer and holdtime, setting 30-3
updates 30-3
CEF
defined 39-86
enabling 39-87
IPv6 40-18
CGMP
switch support of 1-3
CIDR 39-57
CipherSuites 9-52
Cisco 7960 IP Phone 17-1
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco intelligent power management 13-4
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
See IFS
Cisco IOS IP SLAs 45-1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 10-20
attribute-value pairs for redirect URL 10-20
Cisco Secure ACS configuration guide 10-59
Cisco TrustSec
configuring 12-9
connection caching 12-8
Cisco TrustSec caching
clearing 12-9
enabling 12-8
CiscoWorks 2000 1-4, 34-4
CISP 10-30
CIST regional root
See MSTP
CIST root
See MSTP
civic location 29-3
classless interdomain routing
See CIDR
classless routing 39-6
class maps for QoS
configuring 37-45
described 37-7
displaying 37-77
class of service
See CoS
clearing interfaces 13-28
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-3
editing features
enabling and disabling 2-7
keystroke editing 2-8
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
managing clusters 6-13
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client mode, VTP 16-3
client processes, tracking 46-1
CLNS
See ISO CLNS
clock
See system clock
clusters, switch
accessing 6-12
automatic discovery 6-4
benefits 1-2
compatibility 6-4
described 6-1
LRE profile considerations 6-13
managing
through CLI 6-13
through SNMP 6-14
planning 6-4
planning considerations
automatic discovery 6-4
CLI 6-13
host names 6-12
IP addresses 6-12
LRE profiles 6-13
passwords 6-12
RADIUS 6-13
SNMP 6-13, 6-14
TACACS+ 6-13
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
and HSRP group 44-12
automatic recovery 6-11
considerations 6-10
defined 6-2
requirements 6-3
virtual IP address 6-10
CNS 1-4
Configuration Engine
configID, deviceID, hostname 5-3
configuration service 5-2
described 5-1
event service 5-3
embedded agents
described 5-5
enabling automated configuration 5-6
enabling configuration agent 5-9
enabling event agent 5-7
management functions 1-4
CoA Request Commands 9-24
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 9-8
command switch
accessing 6-10
configuration conflicts 36-4
defined 6-1
password privilege levels 6-14
recovery
from lost member connectivity 36-4
requirements 6-3
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 39-54
community ports 18-2
community strings
configuring 6-13, 34-9
in clusters 6-13
overview 34-4
SNMP 6-13
community VLANs 18-2, 18-3
compatibility, feature 27-11
config.text 4-17
configuration, initial
defaults 1-13
configuration changes, logging 33-10
configuration conflicts, recovering from lost member connectivity 36-4
configuration examples, network 1-16
configuration files
archiving A-19
clearing the startup configuration A-19
creating using a text editor A-10
default name 4-17
deleting a stored configuration A-19
described A-9
downloading
automatically 4-17
preparing A-10, A-13, A-16
reasons for A-9
using FTP A-13
using RCP A-17
using TFTP A-11
guidelines for creating and using A-9
guidelines for replacing and rolling back A-20
invalid combinations when copying A-6
limiting TFTP server access 34-17
obtaining with DHCP 4-9
password recovery disable considerations 9-5
replacing a running configuration A-19, A-20
rolling back a running configuration A-19, A-20
specifying the filename 4-17
system contact and location information 34-17
types and location A-10
uploading
preparing A-10, A-13, A-16
reasons for A-9
using FTP A-14
using RCP A-18
using TFTP A-12
configuration guidelines
REP 23-7
configuration guidelines, multi-VRF CE 39-74
configuration logger 33-10
configuration logging 2-5
configuration replacement A-19
configuration rollback A-19
configuration settings, saving 4-15
configure terminal command 13-10
configuring 802.1x user distribution 10-55
configuring port-based authentication violation modes 10-38 to 10-39
config-vlan mode 2-2
conflicts, configuration 36-4
connections, secure remote 9-46
connectivity problems 36-6, 36-8
consistency checks in VTP Version 2 16-4
console port, connecting to 2-10
content-routing technology
See WCCP
control protocol, IP SLAs 45-4
convergence
REP 23-4
corrupted software, recovery steps with Xmodem 36-2
CoS
override priority 17-6
trust priority 17-6
CoS input queue threshold map for QoS 37-15
CoS output queue threshold map for QoS 37-17
CoS-to-DSCP map for QoS 37-60
counters, clearing interface 13-28
CPU utilization, troubleshooting 36-15
crashinfo file 36-14
critical authentication, IEEE 802.1x 10-51
critical VLAN 10-23
cryptographic software image
Kerberos 9-40
SSH 9-45
SSL 9-50
CTS
configuring 12-9
customer edge devices 39-72
customjzeable web pages, web-based authentication 11-5
D
DACL
See downloadable ACL
daylight saving time 8-6
debugging
enabling all system diagnostics 36-12
enabling for a specific feature 36-11
redirecting error message output 36-12
using commands 36-11
default commands 2-4
default configuration
802.1x 10-33
auto-QoS 37-19
banners 8-10
BGP 39-43
booting 4-17
CDP 30-2
DHCP 25-9
DHCP option 82 25-9
DHCP snooping 25-9
DHCP snooping binding database 25-9
DNS 8-9
dynamic ARP inspection 26-5
EIGRP 39-34
EtherChannel 38-9
Ethernet interfaces 13-14
fallback bridging 48-3
Flex Links 24-8
HSRP 44-5
IEEE 802.1Q tunneling 19-4
IGMP snooping 42-5, 42-6
initial switch information 4-3
IP addressing, IP routing 39-4
IP SLAs 45-6
IP source guard 25-17
IPv6 40-10
IS-IS 39-63
Layer 2 interfaces 13-14
Layer 2 protocol tunneling 19-11
LLDP 29-5
MAC address table 8-14
MAC address-table move update 24-8
MSTP 21-14
multi-VRF CE 39-74
optional spanning-tree configuration 22-9
OSPF 39-25
password and privilege level 9-2
private VLANs 18-6
RADIUS 9-27
REP 23-7
RIP 39-19
RMON 32-3
RSPAN 28-9
SDM template 7-3
SNMP 34-7
SPAN 28-9
SSL 9-52
standard QoS 37-29
STP 20-11
system message logging 33-3
system name and prompt 8-8
TACACS+ 9-13
UDLD 31-4
VLAN, Layer 2 Ethernet interfaces 15-16
VLANs 15-6
VMPS 15-25
voice VLAN 17-3
VTP 16-7
WCCP 47-5
default gateway 4-15, 39-11
default networks 39-90
default router preference
See DRP
default routes 39-89
default routing 39-2
default web-based authentication configuration
802.1X 11-9
deleting VLANs 15-8
denial-of-service attack 27-1
description command 13-23
designing your network, examples 1-16
destination addresses
in IPv4 ACLs 36-10
in IPv6 ACLs 43-5
destination-IP address-based forwarding, EtherChannel 38-7
destination-MAC address forwarding, EtherChannel 38-7
detecting indirect link failures, STP 22-5
device A-23
device discovery protocol 29-1, 30-1
device manager
benefits 1-2
described 1-2, 1-3
in-band management 1-5
upgrading a switch A-23
DHCP
Cisco IOS server database
configuring 25-14
default configuration 25-9
described 25-7
DHCP for IPv6
See DHCPv6
enabling
relay agent 25-11
DHCP-based autoconfiguration
client request message exchange 4-4
configuring
client side 4-4
DNS 4-8
relay device 4-8
server side 4-6
TFTP server 4-7
example 4-9
lease options
for IP address information 4-6
for receiving the configuration file 4-7
overview 4-3
relationship to BOOTP 4-4
relay support 1-4, 1-12
support for 1-4
DHCP-based autoconfiguration and image update
configuring 4-11 to 4-14
understanding 4-5 to 4-6
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP object tracking, configuring primary interface 46-10
DHCP option 82
circuit ID suboption 25-5
configuration guidelines 25-9
default configuration 25-9
displaying 25-15
forwarding address, specifying 25-11
helper address 25-11
overview 25-4
packet format, suboption
circuit ID 25-5
remote ID 25-5
remote ID suboption 25-5
DHCP server port-based address allocation
configuration guidelines 25-27
default configuration 25-27
described 25-26
displaying 25-30
enabling 25-27
reserved addresses 25-28
DHCP server port-based address assignment
support for 1-4
DHCP snooping
accepting untrusted packets form edge switch 25-3, 25-13
binding database
See DHCP snooping binding database
configuration guidelines 25-9
default configuration 25-9
displaying binding tables 25-15
message exchange process 25-4
option 82 data insertion 25-4
trusted interface 25-2
untrusted interface 25-2
untrusted messages 25-2
DHCP snooping binding database
adding bindings 25-14
binding file
format 25-8
location 25-7
bindings 25-7
clearing agent statistics 25-15
configuration guidelines 25-10
configuring 25-14
default configuration 25-9
deleting
binding file 25-15
bindings 25-15
database agent 25-15
described 25-7
displaying 25-15
binding entries 25-15
status and statistics 25-15
enabling 25-14
entry 25-7
renewing database 25-15
resetting
delay value 25-15
timeout value 25-15
DHCP snooping binding table
See DHCP snooping binding database
DHCPv6
configuration guidelines 40-15
default configuration 40-15
described 40-6
enabling client function 40-17
enabling DHCPv6 server function 40-15
support for 1-12
Differentiated Services architecture, QoS 37-1
Differentiated Services Code Point 37-2
Diffusing Update Algorithm (DUAL) 39-33
directed unicast requests 1-4
directories
changing A-4
creating and removing A-5
displaying the working A-4
discovery, clusters
See automatic discovery
displaying switch alarms 3-13
Distance Vector Multicast Routing Protocol
See DVMRP
distance-vector protocols 39-3
distribute-list command 39-98
DNS
and DHCP-based autoconfiguration 4-8
default configuration 8-9
displaying the configuration 8-10
in IPv6 40-3
overview 8-8
setting up 8-9
support for 1-4
domain names
DNS 8-8
VTP 16-8
Domain Name System
See DNS
domains, ISO IGRP routing 39-62
dot1q-tunnel switchport mode 15-15
double-tagged packets
IEEE 802.1Q tunneling 19-2
Layer 2 protocol tunneling 19-10
downloadable ACL 10-18, 10-20, 10-59
downloading
configuration files
preparing A-10, A-13, A-16
reasons for A-9
using FTP A-13
using RCP A-17
using TFTP A-11
image files
deleting old image A-26
preparing A-24, A-28, A-32
reasons for A-23
using FTP A-29
using HTTP A-23
using RCP A-33
using TFTP A-25
using the device manager or Network Assistant A-23
drop threshold for Layer 2 protocol packets 19-11
DRP
configuring 40-13
described 40-4
IPv6 40-4
support for 1-12
DSCP 1-10, 37-2
DSCP input queue threshold map for QoS 37-15
DSCP output queue threshold map for QoS 37-17
DSCP-to-CoS map for QoS 37-63
DSCP-to-DSCP-mutation map for QoS 37-64
DSCP transparency 37-39
DTP 1-6, 15-14
dual-action detection 38-5
DUAL finite state machine, EIGRP 39-34
dual IPv4 and IPv6 templates 7-2, 40-5
dual protocol stacks
IPv4 and IPv6 40-5
SDM templates supporting 40-6
dual-purpose uplinks
defined 13-4
LEDs 13-4
link selection 13-4, 13-15
setting the type 13-15
DVMRP
support for 1-12
dynamic access ports
characteristics 15-3
configuring 15-26
defined 13-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 26-1
ARP requests, described 26-1
ARP spoofing attack 26-1
clearing
log buffer 26-15
statistics 26-15
configuration guidelines 26-5
configuring
ACLs for non-DHCP environments 26-8
in DHCP environments 26-7
log buffer 26-12
rate limit for incoming ARP packets 26-4, 26-10
default configuration 26-5
denial-of-service attacks, preventing 26-10
described 26-1
DHCP snooping binding database 26-2
displaying
ARP ACLs 26-14
configuration and operating state 26-14
log buffer 26-15
statistics 26-15
trust state and rate limit 26-14
error-disabled state for exceeding rate limit 26-4
function of 26-2
interface trust states 26-3
log buffer
clearing 26-15
configuring 26-12
displaying 26-15
logging of dropped packets, described 26-4
man-in-the middle attack, described 26-2
network security issues and interface trust states 26-3
priority of ARP ACLs and DHCP snooping entries 26-4
rate limiting of ARP packets
configuring 26-10
described 26-4
error-disabled state 26-4
statistics
clearing 26-15
displaying 26-15
validation checks, performing 26-11
dynamic auto trunking mode 15-15
dynamic desirable trunking mode 15-15
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 15-24
reconfirming 15-27
troubleshooting 15-29
types of connections 15-26
dynamic routing 39-3
ISO CLNS 39-62
Dynamic Trunking Protocol
See DTP
E
EBGP 39-41
editing features
enabling and disabling 2-7
keystrokes used 2-8
wrapped lines 2-9
EIGRP
authentication 39-38
components 39-34
configuring 39-36
default configuration 39-34
definition 39-33
interface parameters, configuring 39-37
monitoring 39-40
stub routing 39-39
ELIN location 29-3
embedded event manager
actions 35-4
configuring 35-1, 35-5
displaying information 35-7
environmental variables 35-4
event detectors 35-2
policies 35-4
registering and defining an applet 35-5
registering and defining a TCL script 35-6
understanding 35-1
enable password 9-3
enable secret password 9-3
enabling SNMP traps 3-13
encryption, CipherSuite 9-52
encryption for passwords 9-3
Enhanced IGRP
See EIGRP
enhanced object tracking
backup static routing 46-11
commands 46-1
defined 46-1
DHCP primary interface 46-10
HSRP 46-7
IP routing state 46-2
IP SLAs 46-9
line-protocol state 46-2
network monitoring with IP SLAs 46-11
routing policy, configuring 46-11
static route primary interface 46-10
tracked lists 46-3
enhanced object tracking static routing 46-10
environmental variables, embedded event manager 35-4
environment variables, function of 4-20
equal-cost routing 1-12, 39-88
error-disabled state, BPDU 22-2
error messages during command entry 2-5
EtherChannel
automatic creation of 38-4, 38-5
channel groups
binding physical and logical interfaces 38-3
numbering of 38-3
configuration guidelines 38-9
configuring
Layer 2 interfaces 38-10
default configuration 38-9
described 38-2
displaying status 38-17
forwarding methods 38-7, 38-13
IEEE 802.3ad, described 38-5
interaction
with STP 38-10
with VLANs 38-10
LACP
described 38-5
displaying status 38-17
hot-standby ports 38-15
interaction with other features 38-6
modes 38-6
port priority 38-16
system priority 38-16
Layer 3 interface 39-3
load balancing 38-7, 38-13
logical interfaces, described 38-3
PAgP
aggregate-port learners 38-14
compatibility with Catalyst 1900 38-14
described 38-4
displaying status 38-17
interaction with other features 38-5
interaction with virtual switches 38-5
learn method and priority configuration 38-14
modes 38-4
support for 1-3
with dual-action detection 38-5
port-channel interfaces
described 38-3
numbering of 38-3
port groups 13-3
support for 1-2
EtherChannel guard
described 22-7
disabling 22-14
enabling 22-14
Ethernet VLANs
adding 15-7
defaults and ranges 15-7
modifying 15-7
EUI 40-3
event detectors, embedded event manager 35-2
events, RMON 32-3
examples
network configuration 1-16
expedite queue for QoS 37-75
See also getting started guide
extended crashinfo file 36-14
extended-range VLANs
configuration guidelines 15-10
configuring 15-10
creating 15-11
creating with an internal VLAN ID 15-12
defined 15-1
extended system ID
MSTP 21-17
STP 20-4, 20-14
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 10-1
external BGP
See EBGP
external neighbors, BGP 39-45
F
fa0 interface 1-5
fallback bridging
and protected ports 48-3
bridge groups
creating 48-3
described 48-1
displaying 48-10
function of 48-2
number supported 48-4
removing 48-4
bridge table
clearing 48-10
displaying 48-10
configuration guidelines 48-3
default configuration 48-3
described 48-1
frame forwarding
flooding packets 48-2
forwarding packets 48-2
overview 48-1
protocol, unsupported 48-3
STP
disabling on an interface 48-9
forward-delay interval 48-8
hello BPDU interval 48-7
interface priority 48-6
maximum-idle interval 48-8
path cost 48-6
VLAN-bridge spanning-tree priority 48-5
VLAN-bridge STP 48-2
support for 1-12
SVIs and routed ports 48-1
unsupported protocols 48-3
VLAN-bridge STP 20-10
Fast Convergence 24-3
FCS bit error rate alarm
configuring 3-10
defined 3-3
FCS error hysteresis threshold 3-2
features, incompatible 27-11
FIB 39-86
fiber-optic, detecting unidirectional links 31-1
files
basic crashinfo
description 36-14
location 36-14
copying A-5
crashinfo, description 36-14
deleting A-6
displaying the contents of A-8
extended crashinfo
description 36-14
location 36-15
tar
creating A-7
displaying the contents of A-7
extracting A-8
image file format A-23
file system
displaying available file systems A-1
displaying file information A-4
local file system names A-1
network file system names A-5
setting the default A-3
filtering
IPv6 traffic 43-3, 43-7
non-IP traffic 36-26
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
See ACLs, IP
flash device, number of A-1
flexible authentication ordering
configuring 10-62
overview 10-28
Flex Link Multicast Fast Convergence 24-3
Flex Links
configuration guidelines 24-8
configuring 24-9
configuring preferred VLAN 24-12
configuring VLAN load balancing 24-11
default configuration 24-8
description 24-1
link load balancing 24-2
monitoring 24-15
VLANs 24-2
flooded traffic, blocking 27-7
flow-based packet classification 1-10
flowcharts
QoS classification 37-6
QoS egress queueing and scheduling 37-16
QoS ingress queueing and scheduling 37-14
QoS policing and marking 37-10
flowcontrol
configuring 13-19
described 13-18
forward-delay time
MSTP 21-23
STP 20-21
Forwarding Information Base
See FIB
forwarding nonroutable protocols 48-1
FTP
configuration files
downloading A-13
overview A-12
preparing the server A-13
uploading A-14
image files
deleting old image A-30
downloading A-29
preparing the server A-28
uploading A-30
G
general query 24-5
Generating IGMP Reports 24-3
get-bulk-request operation 34-3
get-next-request operation 34-3, 34-4
get-request operation 34-3, 34-4
get-response operation 34-3
global configuration mode 2-2
global status monitoring alarms 3-2
guest VLAN and 802.1x 10-21
GUIs
See device manager and Network Assistant
H
hello time
MSTP 21-22
STP 20-20
help, for the command line 2-3
hierarchical policy maps 37-8
configuration guidelines 37-32
configuring 37-51
described 37-11
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 33-10
host names, in clusters 6-12
host ports
configuring 18-11
kinds of 18-2
hosts, limit on dynamic ports 15-29
Hot Standby Router Protocol
See HSRP
HP OpenView 1-4
HSRP
authentication string 44-10
automatic cluster recovery 6-11
binding to cluster group 44-12
cluster standby group considerations 6-10
command-switch redundancy 1-5
configuring 44-4
default configuration 44-5
definition 44-1
guidelines 44-6
monitoring 44-13
object tracking 46-7
overview 44-1
priority 44-8
routing redundancy 1-11
support for ICMP redirect messages 44-12
timers 44-11
tracking 44-8
HSRP for IPv6
configuring 40-24
guidelines 40-23
HTTP over SSL
see HTTPS
HTTPS 9-50
configuring 9-54
self-signed certificate 9-51
HTTP secure server 9-50
I
IBPG 39-41
ICMP
IPv6 40-4
redirect messages 39-11
support for 1-12
time-exceeded messages 36-8
traceroute and 36-8
unreachable messages 36-19
unreachable messages and IPv6 43-4
unreachables and ACLs 36-20
ICMP Echo operation
configuring 45-12
IP SLAs 45-11
ICMP ping
overview 36-6
ICMP Router Discovery Protocol
See IRDP
ICMPv6 40-4
IDS appliances
and ingress RSPAN 28-20
and ingress SPAN 28-13
IEEE 802.1D
See STP
IEEE 802.1p 17-1
IEEE 802.1Q
and trunk ports 13-3
configuration limitations 15-15
native VLAN for untagged traffic 15-19
tunneling
compatibility with other features 19-5
defaults 19-4
described 19-1
tunnel ports with other features 19-6
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3x flow control 13-18
ifIndex values, SNMP 34-5
IFS 1-4
IGMP
leave processing, enabling 42-8
report suppression
disabling 42-10
support for 1-3
IGMP filtering
support for 1-3
IGMP helper 1-3
IGMP snooping
default configuration 42-5, 42-6
enabling and disabling 42-6
monitoring 42-11
support for 1-3
IGP 39-24
Immediate Leave, IGMP
enabling 42-8
inaccessible authentication bypass 10-23
support for multiauth ports 10-23
initial configuration
defaults 1-13
interface
number 13-9
range macros 13-12
interface command 13-9 to 13-10
interface configuration
REP 23-9
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 13-19
configuration guidelines
duplex and speed 13-17
configuring
procedure 13-10
counters, clearing 13-28
default configuration 13-14
described 13-23
descriptive name, adding 13-23
displaying information about 13-26
flow control 13-18
management 1-3
monitoring 13-26
naming 13-23
physical, identifying 13-9
range of 13-10
restarting 13-28
shutting down 13-28
speed and duplex, configuring 13-17
status 13-26
supported 13-9
types of 13-1
interfaces range macro command 13-12
interface types 13-9
Interior Gateway Protocol
See IGP
internal BGP
See IBGP
internal neighbors, BGP 39-45
Internet Control Message Protocol
See ICMP
Internet Protocol version 6
See IPv6
inter-VLAN routing 1-11, 39-2
Intrusion Detection System
See IDS appliances
inventory management TLV 29-3, 29-8
IP ACLs
for QoS classification 37-7
implicit deny 36-8, 36-13
implicit masks 36-8
named 36-13
undefined 36-20
IP addresses
128-bit 40-2
candidate or member 6-3, 6-12
classes of 39-5
cluster access 6-2
command switch 6-3, 6-10, 6-12
default configuration 39-4
discovering 8-23
for IP routing 39-4
IPv6 40-2
MAC address association 39-8
monitoring 39-17
redundant clusters 6-10
standby command switch 6-10, 6-12
See also IP information
IP broadcast address 39-15
ip cef distributed command 39-87
IP directed broadcasts 39-13
IP information
assigned
manually 4-14
through DHCP-based autoconfiguration 4-3
default configuration 4-3
IP phones
and QoS 17-1
automatic classification and queueing 37-18
configuring 17-4
ensuring port security with QoS 37-37
trusted boundary for QoS 37-37
IP Port Security for Static Hosts
on a Layer 2 access port 25-19
on a PVLAN host port 25-24
IP precedence 37-2
IP-precedence-to-DSCP map for QoS 37-61
IP protocols
in ACLs 36-10
routing 1-11
IP routes, monitoring 39-100
IP routing
disabling 39-18
enabling 39-18
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 45-1
IP SLAs
benefits 45-2
configuration guidelines 45-6
configuring object tracking 46-9
Control Protocol 45-4
default configuration 45-6
definition 45-1
ICMP echo operation 45-11
measuring network performance 45-3
monitoring 45-13
multioperations scheduling 45-5
object tracking 46-9
operation 45-3
reachability tracking 46-9
responder
described 45-4
response time 45-4
scheduling 45-5
SNMP support 45-2
supported metrics 45-2
threshold monitoring 45-6
track object monitoring agent, configuring 46-11
track state 46-9
UDP jitter operation 45-9
IP source guard
and 802.1x 25-18
and DHCP snooping 25-15
and EtherChannels 25-18
and port security 25-18
and private VLANs 25-18
and routed ports 25-17
and TCAM entries 25-18
and trunk interfaces 25-18
and VRF 25-18
binding configuration
automatic 25-16
manual 25-16
binding table 25-16
configuration guidelines 25-17
default configuration 25-17
described 25-15
disabling 25-19
displaying
active IP or MAC bindings 25-26
bindings 25-26
configuration 25-26
enabling 25-18, 25-19
filtering
source IP address 25-16
source IP and MAC address 25-16
source IP address filtering 25-16
source IP and MAC address filtering 25-16
static bindings
adding 25-18, 25-19
deleting 25-19
static hosts 25-19
IP traceroute
executing 36-9
overview 36-8
IP unicast routing
address resolution 39-8
administrative distances 39-89, 39-99
ARP 39-8
assigning IP addresses to Layer 3 interfaces 39-5
authentication keys 39-99
broadcast
address 39-15
flooding 39-16
packets 39-13
storms 39-13
classless routing 39-6
configuring static routes 39-88
default
addressing configuration 39-4
gateways 39-11
networks 39-90
routes 39-89
routing 39-2
directed broadcasts 39-13
disabling 39-18
dynamic routing 39-3
enabling 39-18
EtherChannel Layer 3 interface 39-3
IGP 39-24
inter-VLAN 39-2
IP addressing
classes 39-5
configuring 39-4
IRDP 39-11
Layer 3 interfaces 39-3
MAC address and IP address 39-8
passive interfaces 39-97
protocols
distance-vector 39-3
dynamic 39-3
link-state 39-3
proxy ARP 39-8
redistribution 39-90
reverse address resolution 39-8
routed ports 39-3
static routing 39-3
steps to configure 39-4
subnet mask 39-5
subnet zero 39-6
supernet 39-6
UDP 39-14
with SVIs 39-3
See also BGP
See also EIGRP
See also OSPF
See also RIP
IPv4 ACLs
applying to interfaces 36-18
extended, creating 36-8
named 36-13
standard, creating 36-7
IPv4 and IPv6
dual protocol stacks 40-5
IPv6
ACLs
displaying 43-8
limitations 43-2
matching criteria 43-3
port 43-1
precedence 43-2
router 43-1
supported 43-2
addresses 40-2
address formats 40-2
applications 40-5
assigning address 40-10
autoconfiguration 40-4
CEFv6 40-18
configuring static routes 40-19
default configuration 40-10
default router preference (DRP) 40-4
defined 40-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 40-7
EIGRP IPv6 Commands 40-7
Router ID 40-7
feature limitations 40-9
features not supported 40-8
forwarding 40-10
ICMP 40-4
monitoring 40-26
neighbor discovery 40-4
OSPF 40-7
path MTU discovery 40-4
SDM templates 7-2, 42-1, 43-1
Stateless Autoconfiguration 40-4
supported features 40-2
switch limitations 40-9
understanding static routes 40-6
IPv6 traffic, filtering 43-3
IRDP
configuring 39-12
definition 39-11
support for 1-12
IS-IS
addresses 39-62
area routing 39-62
default configuration 39-63
monitoring 39-71
show commands 39-71
system routing 39-62
ISO CLNS
clear commands 39-71
dynamic routing protocols 39-62
monitoring 39-71
NETs 39-62
NSAPs 39-62
OSI standard 39-62
ISO IGRP
area routing 39-62
system routing 39-62
isolated port 18-2
isolated VLANs 18-2, 18-3
K
KDC
described 9-41
See also Kerberos
Kerberos
authenticating to
boundary switch 9-43
KDC 9-43
network services 9-44
configuration examples 9-40
configuring 9-44
credentials 9-41
cryptographic software image 9-40
described 9-41
KDC 9-41
operation 9-43
realm 9-42
server 9-42
support for 1-9
switch as trusted third party 9-40
terms 9-41
TGT 9-42
tickets 9-41
key distribution center
See KDC
L
l2protocol-tunnel command 19-12
LACP
Layer 2 protocol tunneling 19-9
See EtherChannel
Layer 2 frames, classification with CoS 37-2
Layer 2 interfaces, default configuration 13-14
Layer 2 protocol tunneling
configuring 19-10
configuring for EtherChannels 19-14
default configuration 19-11
defined 19-8
guidelines 19-11
Layer 2 traceroute
and ARP 36-7
and CDP 36-7
broadcast traffic 36-7
described 36-7
IP addresses and subnets 36-7
MAC addresses and VLANs 36-7
multicast traffic 36-7
multiple devices on a port 36-8
unicast traffic 36-7
usage guidelines 36-7
Layer 3 features 1-11
Layer 3 interfaces
assigning IP addresses to 39-5
assigning IPv4 and IPv6 addresses to 40-14
assigning IPv6 addresses to 40-11
changing from Layer 2 mode 39-5, 39-79
types of 39-3
Layer 3 packets, classification methods 37-2
LDAP 5-2
Leaking IGMP Reports 24-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-3
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 21-7
link fault alarm 3-3
link integrity, verifying with REP 23-3
Link Layer Discovery Protocol
See CDP
link local unicast addresses 40-3
link redundancy
See Flex Links
links, unidirectional 31-1
link state advertisements (LSAs) 39-29
link-state protocols 39-3
link-state tracking
configuring 38-20
described 38-18
LLDP
configuring 29-5
characteristics 29-7
default configuration 29-5
enabling 29-6
monitoring and maintaining 29-12
overview 29-1
supported TLVs 29-2
switch stack considerations 29-2
transmission timer and holdtime, setting 29-7
LLDP-MED
configuring
procedures 29-5
TLVs 29-8
monitoring and maintaining 29-12
overview 29-1, 29-2
supported TLVs 29-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing 44-4
local SPAN 28-2
location TLV 29-3, 29-8
logging messages, ACL 36-7
login authentication
with RADIUS 9-30
with TACACS+ 9-14
login banners 8-10
log messages
See system message logging
loop guard
described 22-9
enabling 22-15
support for 1-6
LRE profiles, considerations in switch clusters 6-13
M
MAB
See MAC authentication bypass
MAB aging timer 1-7
MAB inactivity timer
default setting 10-33
range 10-36
MAC/PHY configuration status TLV 29-2
MAC addresses
aging time 8-14
and VLAN association 8-13
building the address table 8-13
default configuration 8-14
disabling learning on a VLAN 8-22
discovering 8-23
displaying 8-23
displaying in the IP source binding table 25-26
dynamic
learning 8-13
removing 8-15
in ACLs 36-26
IP address association 39-8
static
adding 8-20
allowing 8-21, 8-22
characteristics of 8-19
dropping 8-21
removing 8-20
MAC address learning 1-4
MAC address learning, disabling on a VLAN 8-22
MAC address notification, support for 1-12
MAC address-table move update
configuration guidelines 24-8
configuring 24-12
default configuration 24-8
description 24-6
monitoring 24-15
MAC address-to-VLAN mapping 15-24
MAC authentication bypass 10-35
configuring 10-55
overview 10-16
See MAB
MAC extended access lists
applying to Layer 2 interfaces 36-28
configuring for QoS 37-44
creating 36-26
defined 36-26
for QoS classification 37-5
magic packet 10-25
manageability features 1-4
management access
in-band
browser session 1-5
CLI session 1-5
device manager 1-5
SNMP 1-5
out-of-band console port connection 1-5
management address TLV 29-2
management options
CLI 2-1
clustering 1-2
CNS 5-1
overview 1-3
management VLAN
considerations in switch clusters 6-7
discovery through different management VLANs 6-7
manual preemption, REP, configuring 23-13
mapping tables for QoS
configuring
CoS-to-DSCP 37-60
DSCP 37-59
DSCP-to-CoS 37-63
DSCP-to-DSCP-mutation 37-64
IP-precedence-to-DSCP 37-61
policed-DSCP 37-62
described 37-12
marking
action with aggregate policers 37-57
described 37-3, 37-8
matching
IPv6 ACLs 43-3
matching, IPv4 ACLs 36-5
maximum aging time
MSTP 21-23
STP 20-21
maximum hop count, MSTP 21-24
maximum number of allowed devices, port-based authentication 10-36
maximum-paths command 39-49, 39-88
MDA
configuration guidelines 10-12 to 10-13
described 1-8, 10-12
exceptions with authentication process 10-5
membership mode, VLAN port 15-3
member switch
automatic discovery 6-4
defined 6-1
managing 6-13
passwords 6-12
recovering from lost connectivity 36-4
requirements 6-3
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 8-10
metrics, in BGP 39-49
metric translations, between routing protocols 39-93
metro tags 19-2
MHSRP 44-4
MIBs
overview 34-1
SNMP interaction with 34-4
mirroring traffic for analysis 28-1
mismatches, autonegotiation 36-4
module number 13-9
monitoring
access groups 36-29
alarms 3-13
BGP 39-61
cables for unidirectional links 31-1
CDP 30-5
CEF 39-87
EIGRP 39-40
fallback bridging 48-10
features 1-12
Flex Links 24-15
HSRP 44-13
IEEE 802.1Q tunneling 19-17
IGMP
snooping 42-11
interfaces 13-26
IP
address tables 39-17
routes 39-100
IP SLAs operations 45-13
IPv4 ACL configuration 36-29
IPv6 40-26
IPv6 ACL configuration 43-8
IS-IS 39-71
ISO CLNS 39-71
Layer 2 protocol tunneling 19-17
MAC address-table move update 24-15
multicast router interfaces 42-11
multi-VRF CE 39-86
network traffic for analysis with probe 28-2
object tracking 46-12
OSPF 39-32
port
blocking 27-20
protection 27-20
private VLANs 18-14
REP 23-13
SFP status 13-26, 36-6
speed and duplex mode 13-18
traffic flowing among switches 32-1
traffic suppression 27-20
tunneling 19-17
VLAN
filters 36-29
maps 36-29
VLANs 15-13
VMPS 15-28
VTP 16-16
mrouter Port 24-3
mrouter port 24-5
MSDP
support for 1-12
MSTP
boundary ports
configuration guidelines 21-15
described 21-6
BPDU filtering
described 22-3
enabling 22-12
BPDU guard
described 22-2
enabling 22-11
CIST, described 21-3
CIST regional root 21-3
CIST root 21-5
configuration guidelines 21-14, 22-10
configuring
forward-delay time 21-23
hello time 21-22
link type for rapid convergence 21-24
maximum aging time 21-23
maximum hop count 21-24
MST region 21-15
neighbor type 21-25
path cost 21-20
port priority 21-19
root switch 21-17
secondary root switch 21-18
switch priority 21-21
CST
defined 21-3
operations between regions 21-3
default configuration 21-14
default optional feature configuration 22-9
displaying status 21-26
enabling the mode 21-15
EtherChannel guard
described 22-7
enabling 22-14
extended system ID
effects on root switch 21-17
effects on secondary root switch 21-18
unexpected behavior 21-17
IEEE 802.1s
implementation 21-6
port role naming change 21-6
terminology 21-5
instances supported 20-9
interface state, blocking to forwarding 22-2
interoperability and compatibility among modes 20-10
interoperability with IEEE 802.1D
described 21-8
restarting migration process 21-25
IST
defined 21-2
master 21-3
operations within a region 21-3
loop guard
described 22-9
enabling 22-15
mapping VLANs to MST instance 21-16
MST region
CIST 21-3
configuring 21-15
described 21-2
hop-count mechanism 21-5
IST 21-2
supported spanning-tree instances 21-2
optional features supported 1-6
overview 21-2
Port Fast
described 22-2
enabling 22-10
preventing root switch selection 22-8
root guard
described 22-8
enabling 22-15
root switch
configuring 21-17
effects of extended system ID 21-17
unexpected behavior 21-17
shutdown Port Fast-enabled port 22-2
status, displaying 21-26
multiauth
support for inaccessible authentication bypass 10-23
multiauth mode
See multiple-authentication mode
multicast groups
static joins 42-7
multicast packets
blocking 27-7
multicast router interfaces, monitoring 42-11
multicast router ports, adding 42-8
Multicast Source Discovery Protocol
See MSDP
multicast storm 27-1
multicast storm-control command 27-4
multidomain authentication
See MDA
multioperations scheduling, IP SLAs 45-5
multiple authentication 10-13
multiple authentication mode
configuring 10-42
Multiple HSRP
See MHSRP
multiple VPN routing/forwarding in customer edge devices
See multi-VRF CE
multi-VRF CE
configuration example 39-82
configuration guidelines 39-74
configuring 39-74
default configuration 39-74
defined 39-72
displaying 39-86
monitoring 39-86
network components 39-74
packet-forwarding process 39-73
support for 1-11
N
NAC
AAA down policy 1-9
critical authentication 10-23, 10-51
IEEE 802.1x authentication using a RADIUS server 10-56
IEEE 802.1x validation using RADIUS server 10-56
inaccessible authentication bypass 1-9, 10-51
Layer 2 IEEE 802.1x validation 1-9, 10-28, 10-56
Layer 2 IP validation 1-9
named IPv4 ACLs 36-13
NameSpace Mapper
See NSM
native VLAN
and IEEE 802.1Q tunneling 19-4
configuring 15-19
default 15-19
NEAT
configuring 10-57
overview 10-29
neighbor discovery, IPv6 40-4
neighbor discovery/recovery, EIGRP 39-34
neighbor offset numbers, REP 23-4
neighbors, BGP 39-55
Network Admission Control
NAC
Network Assistant
benefits 1-2
described 1-3
network configuration examples
increasing network performance 1-16
providing network services 1-16
network design
performance 1-16
services 1-16
Network Edge Access Topology
See NEAT
network management
CDP 30-1
RMON 32-1
SNMP 34-1
network performance, measuring with IP SLAs 45-3
network policy TLV 29-2, 29-8
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
configuration guidelines 37-32
described 37-9
non-IP traffic filtering 36-26
nontrunking mode 15-15
normal-range VLANs 15-4
configuration guidelines 15-5
configuring 15-4
defined 15-1
not-so-stubby areas
See NSSA
NSAPs, as ISO IGRP addresses 39-62
NSF Awareness
IS-IS 39-64
NSM 5-3
NSSA, OSPF 39-29
NTP
associations
defined 8-2
overview 8-2
stratum 8-2
support for 1-4
time
services 8-2
synchronizing 8-2
O
object tracking
HSRP 46-7
IP SLAs 46-9
IP SLAs, configuring 46-9
monitoring 46-12
off mode, VTP 16-3
open1x
configuring 10-62
open1x authentication
overview 10-29
Open Shortest Path First
See OSPF
optimizing system resources 7-1
options, management 1-3
OSPF
area parameters, configuring 39-28
configuring 39-26
default configuration
metrics 39-30
route 39-30
settings 39-25
described 39-23
for IPv6 40-7
interface parameters, configuring 39-27
LSA group pacing 39-31
monitoring 39-32
router IDs 39-32
route summarization 39-30
support for 1-11
virtual links 39-30
out-of-profile markdown 1-11
P
packet modification, with QoS 37-18
PAgP
Layer 2 protocol tunneling 19-9
See EtherChannel
parallel paths, in routing tables 39-88
passive interfaces
configuring 39-97
OSPF 39-30
passwords
default configuration 9-2
disabling recovery of 9-5
encrypting 9-3
for security 1-7
in clusters 6-12
overview 9-1
recovery of 36-3
setting
enable 9-3
enable secret 9-3
Telnet 9-6
with usernames 9-6
VTP domain 16-8
path cost
MSTP 21-20
STP 20-18
path MTU discovery 40-4
PBR
defined 39-94
enabling 39-95
fast-switched policy-based routing 39-97
local policy-based routing 39-97
peers, BGP 39-55
percentage thresholds in tracked lists 46-6
performance, network design 1-16
performance features 1-2
persistent self-signed certificate 9-51
per-user ACLs and Filter-Ids 10-8
per-VLAN spanning-tree plus
See PVST+
PE to CE routing, configuring 39-81
physical ports 13-2
PIM
support for 1-12
ping
overview 36-6
PoE
auto mode 13-6
CDP with power consumption, described 13-4
CDP with power negotiation, described 13-4
Cisco intelligent power management 13-4
configuring 13-20
devices supported 13-4
high-power devices operating in low-power mode 13-5
IEEE power classification levels 13-5
monitoring 13-7
policing power usage 13-7
power budgeting 13-22
power consumption 13-22
powered-device detection and initial power allocation 13-5
power management modes 13-6
power negotiation extensions to CDP 13-4
standards supported 13-4
static mode 13-6
troubleshooting 36-5
policed-DSCP map for QoS 37-62
policers
configuring
for each matched traffic class 37-47
for more than one traffic class 37-57
described 37-3
displaying 37-77
number of 37-33
types of 37-9
policing
described 37-3
hierarchical
See hierarchical policy maps
token-bucket algorithm 37-9
policy-based routing
See PBR
policy maps for QoS
characteristics of 37-47
described 37-7
displaying 37-77
hierarchical 37-8
hierarchical on SVIs
configuration guidelines 37-32
configuring 37-51
described 37-11
nonhierarchical on physical ports
configuration guidelines 37-32
described 37-9
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 10-14
authentication server
defined 10-3, 11-2
RADIUS server 10-3
client, defined 10-3, 11-2
configuration guidelines 10-34, 11-9
configuring
802.1x authentication 10-39
guest VLAN 10-49
host mode 10-42
inaccessible authentication bypass 10-51
manual re-authentication of a client 10-44
periodic re-authentication 10-43
quiet period 10-44
RADIUS server 10-42, 11-13
RADIUS server parameters on the switch 10-41, 11-11
restricted VLAN 10-50
switch-to-client frame-retransmission number 10-45, 10-46
switch-to-client retransmission time 10-45
violation modes 10-38 to 10-39
default configuration 10-33, 11-9
described 10-1
device roles 10-2, 11-2
displaying statistics 10-64, 11-17
downloadable ACLs and redirect URLs
configuring 10-59 to 10-61, ?? to 10-61
overview 10-18 to 10-20
EAPOL-start frame 10-5
EAP-request/identity frame 10-5
EAP-response/identity frame 10-5
enabling
802.1X authentication 11-11
encapsulation 10-3
flexible authentication ordering
configuring 10-62
overview 10-28
guest VLAN
configuration guidelines 10-22, 10-23
described 10-21
host mode 10-11
inaccessible authentication bypass
configuring 10-51
described 10-23
guidelines 10-35
initiation and message exchange 10-5
magic packet 10-25
maximum number of allowed devices per port 10-36
method lists 10-39
multiple authentication 10-13
per-user ACLs
AAA authorization 10-39
configuration tasks 10-18
described 10-17
RADIUS server attributes 10-18
ports
authorization state and dot1x port-control command 10-10
authorized and unauthorized 10-10
voice VLAN 10-24
port security
described 10-25
readiness check
configuring 10-36
described 10-16, 10-36
resetting to default values 10-64
statistics, displaying 10-64
switch
as proxy 10-3, 11-2
RADIUS client 10-3
switch supplicant
configuring 10-57
overview 10-29
user distribution
guidelines 10-27
overview 10-27
VLAN assignment
AAA authorization 10-39
characteristics 10-16
configuration tasks 10-17
described 10-16
voice aware 802.1x security
configuring 10-37
described 10-29, 10-37
voice VLAN
described 10-24
PVID 10-24
VVID 10-24
wake-on-LAN, described 10-25
with ACLs and RADIUS Filter-Id attribute 10-31
port-based authentication methods, supported 10-7
port blocking 1-3, 27-6
port-channel
See EtherChannel
port description TLV 29-2
Port Fast
described 22-2
enabling 22-10
mode, spanning tree 15-25
support for 1-6
port membership modes, VLAN 15-3
port not forwarding alarm 3-3
port not operating alarm 3-3
port priority
MSTP 21-19
STP 20-16
ports
access 13-2
blocking 27-6
dual-purpose uplink 13-4
dynamic access 15-3
protected 27-5
REP 23-6
secure 27-8
static-access 15-3, 15-9
switch 13-2
trunks 15-3, 15-14
VLAN assignments 15-9
port security
aging 27-17
and private VLANs 27-19
and QoS trusted boundary 37-37
configuring 27-12
default configuration 27-10
described 27-7
displaying 27-20
enabling 27-19
on trunk ports 27-14
sticky learning 27-8
violations 27-9
with other features 27-11
port-shutdown response, VMPS 15-24
port status monitoring alarms
FCS bit error rate alarm 3-3
link fault alarm 3-3
port not forwarding alarm 3-3
port not operating alarm 3-3
port VLAN ID TLV 29-2
power management TLV 29-2, 29-8
power over Ethernet
See PoE
preempt delay time, REP 23-5
preemption, default configuration 24-8
preemption delay, default configuration 24-8
preferential treatment of traffic
See QoS
prefix lists, BGP 39-53
preventing unauthorized access 9-1
primary edge port, REP 23-4
primary interface for object tracking, DHCP, configuring 46-10
primary interface for static routing, configuring 46-10
primary links 24-2
primary VLANs 18-1, 18-3
priority
HSRP 44-8
overriding CoS 17-6
trusting CoS 17-6
private VLAN edge ports
See protected ports
private VLANs
across multiple switches 18-4
and SDM template 18-4
and SVIs 18-5
benefits of 18-1
community ports 18-2
community VLANs 18-2, 18-3
configuration guidelines 18-6, 18-7, 18-8
configuration tasks 18-6
configuring 18-9
default configuration 18-6
end station access to 18-3
IP addressing 18-3
isolated port 18-2
isolated VLANs 18-2, 18-3
mapping 18-13
monitoring 18-14
ports
community 18-2
configuration guidelines 18-8
configuring host ports 18-11
configuring promiscuous ports 18-12
isolated 18-2
promiscuous 18-2
primary VLANs 18-1, 18-3
promiscuous ports 18-2
secondary VLANs 18-2
subdomains 18-1
traffic in 18-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 9-9
command switch 6-14
exiting 9-10
logging into 9-10
mapping on member switches 6-14
overview 9-2, 9-8
setting a command with 9-8
promiscuous ports
configuring 18-12
defined 18-2
protected ports 1-7, 27-5
protocol-dependent modules, EIGRP 39-34
provider edge devices 39-72
proxy ARP
configuring 39-10
definition 39-8
with IP routing disabled 39-11
proxy reports 24-3
pruning, VTP
disabling
in VTP domain 16-14
on a port 15-19
enabling
in VTP domain 16-14
on a port 15-19
examples 16-6
overview 16-5
pruning-eligible list
changing 15-19
for VTP pruning 16-5
VLANs 16-14
PVST+
described 20-9
IEEE 802.1Q trunking interoperability 20-10
instances supported 20-9
Q
QoS
auto-QoS
categorizing traffic 37-19
configuration and defaults display 37-28
configuration guidelines 37-24
described 37-18
disabling 37-26
displaying generated commands 37-26
displaying the initial configuration 37-28
effects on running configuration 37-24
egress queue defaults 37-19
enabling for VoIP 37-25
example configuration 37-27
ingress queue defaults 37-19
list of generated commands 37-21
basic model 37-3
classification
class maps, described 37-7
defined 37-3
DSCP transparency, described 37-39
flowchart 37-6
forwarding treatment 37-3
in frames and packets 37-2
IP ACLs, described 37-5, 37-7
MAC ACLs, described 37-5, 37-7
options for IP traffic 37-5
options for non-IP traffic 37-4
policy maps, described 37-7
trust DSCP, described 37-4
trusted CoS, described 37-4
trust IP precedence, described 37-4
class maps
configuring 37-45
displaying 37-77
configuration guidelines
auto-QoS 37-24
standard QoS 37-32
configuring
aggregate policers 37-57
auto-QoS 37-18
default port CoS value 37-37
DSCP maps 37-59
DSCP transparency 37-39
DSCP trust states bordering another domain 37-39
egress queue characteristics 37-69
ingress queue characteristics 37-65
IP extended ACLs 37-43
IP standard ACLs 37-42
MAC ACLs 37-44
policy maps, hierarchical 37-51
port trust states within the domain 37-35
trusted boundary 37-37
default auto configuration 37-19
default standard configuration 37-29
displaying statistics 37-77
DSCP transparency 37-39
egress queues
allocating buffer space 37-70
buffer allocation scheme, described 37-16
configuring shaped weights for SRR 37-73
configuring shared weights for SRR 37-74
described 37-3
displaying the threshold map 37-73
flowchart 37-16
mapping DSCP or CoS values 37-72
scheduling, described 37-4
setting WTD thresholds 37-70
WTD, described 37-17
enabling globally 37-34
flowcharts
classification 37-6
egress queueing and scheduling 37-16
ingress queueing and scheduling 37-14
policing and marking 37-10
implicit deny 37-7
ingress queues
allocating bandwidth 37-67
allocating buffer space 37-67
buffer and bandwidth allocation, described 37-15
configuring shared weights for SRR 37-67
configuring the priority queue 37-68
described 37-3
displaying the threshold map 37-66
flowchart 37-14
mapping DSCP or CoS values 37-66
priority queue, described 37-15
scheduling, described 37-3
setting WTD thresholds 37-66
WTD, described 37-15
IP phones
automatic classification and queueing 37-18
detection and trusted settings 37-18, 37-37
limiting bandwidth on egress interface 37-76
mapping tables
CoS-to-DSCP 37-60
displaying 37-77
DSCP-to-CoS 37-63
DSCP-to-DSCP-mutation 37-64
IP-precedence-to-DSCP 37-61
policed-DSCP 37-62
types of 37-12
marked-down actions 37-49, 37-54
marking, described 37-3, 37-8
overview 37-1
packet modification 37-18
policers
configuring 37-49, 37-54, 37-58
described 37-8
displaying 37-77
number of 37-33
types of 37-9
policies, attaching to an interface 37-8
policing
described 37-3, 37-8
token bucket algorithm 37-9
policy maps
characteristics of 37-47
displaying 37-77
hierarchical 37-8
hierarchical on SVIs 37-51
nonhierarchical on physical ports 37-47
QoS label, defined 37-3
queues
configuring egress characteristics 37-69
configuring ingress characteristics 37-65
high priority (expedite) 37-17, 37-75
location of 37-13
SRR, described 37-14
WTD, described 37-13
rewrites 37-18
support for 1-10
trust states
bordering another domain 37-39
described 37-4
trusted device 37-37
within the domain 37-35
quality of service
See QoS
R
RADIUS
attributes
vendor-proprietary 9-38
vendor-specific 9-36
configuring
accounting 9-35
authentication 9-30
authorization 9-34
communication, global 9-28, 9-36
communication, per-server 9-28
multiple UDP ports 9-28
default configuration 9-27
defining AAA server groups 9-32
displaying the configuration 9-40
identifying the server 9-28
in clusters 6-13
limiting the services to the user 9-34
method list, defined 9-27
operation of 9-20
overview 9-18
server load balancing 9-40
suggested network environments 9-19
support for 1-9
tracking services accessed by user 9-35
RADIUS Change of Authorization 9-20
range
macro 13-12
of interfaces 13-11
rapid convergence 21-9
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 20-9
IEEE 802.1Q trunking interoperability 20-10
instances supported 20-9
Rapid Spanning Tree Protocol
See RSTP
RARP 39-8
rcommand command 6-13
RCP
configuration files
downloading A-17
overview A-15
preparing the server A-16
uploading A-18
image files
deleting old image A-34
downloading A-33
preparing the server A-32
uploading A-34
reachability, tracking IP SLAs IP host 46-9
readiness check
port-based authentication
configuring 10-36
described 10-16, 10-36
reconfirmation interval, VMPS, changing 15-27
reconfirming dynamic VLAN membership 15-27
recovery procedures 36-1
redirect URL 10-18, 10-20, 10-59
redundancy
EtherChannel 38-3
HSRP 44-1
STP
backbone 20-8
path cost 15-22
port priority 15-20
redundant links and UplinkFast 22-13
reliable transport protocol, EIGRP 39-34
reloading software 4-21
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 28-2
REP
administrative VLAN 23-8
administrative VLAN, configuring 23-8
age timer 23-8
and STP 23-6
configuration guidelines 23-7
configuring interfaces 23-9
convergence 23-4
default configuration 23-7
manual preemption, configuring 23-13
monitoring 23-13
neighbor offset numbers 23-4
open segment 23-2
ports 23-6
preempt delay time 23-5
primary edge port 23-4
ring segment 23-2
secondary edge port 23-4
segments 23-1
characteristics 23-2
SNMP traps, configuring 23-13
supported interfaces 23-1
triggering VLAN load balancing 23-5
verifying link integrity 23-3
VLAN blocking 23-12
VLAN load balancing 23-4
report suppression, IGMP
disabling 42-10
resequencing ACL entries 36-13
reserved addresses in DHCP pools 25-28
resets, in BGP 39-48
resetting a UDLD-shutdown interface 31-6
Resilient Ethernet Protocol
See REP
responder, IP SLAs
described 45-4
response time, measuring with IP SLAs 45-4
restricted VLAN
configuring 10-50
described 10-22
using with IEEE 802.1x 10-22
restricting access
overview 9-1
passwords and privilege levels 9-2
RADIUS 9-18
TACACS+ 9-10
retry count, VMPS, changing 15-28
reverse address resolution 39-8
Reverse Address Resolution Protocol
See RARP
RFC
1058, RIP 39-18
1157, SNMPv1 34-2
1163, BGP 39-41
1166, IP addresses 39-5
1253, OSPF 39-24
1267, BGP 39-41
1305, NTP 8-2
1587, NSSAs 39-24
1757, RMON 32-2
1771, BGP 39-41
1901, SNMPv2C 34-2
1902 to 1907, SNMPv2 34-2
2273-2275, SNMPv3 34-2
RFC 5176 Compliance 9-21
RIP
advertisements 39-18
authentication 39-21
configuring 39-20
default configuration 39-19
described 39-18
for IPv6 40-6
hop counts 39-19
split horizon 39-22
summary addresses 39-22
support for 1-11
RMON
default configuration 32-3
displaying status 32-6
enabling alarms and events 32-3
groups supported 32-2
overview 32-1
statistics
collecting group Ethernet 32-5
collecting group history 32-5
support for 1-12
root guard
described 22-8
enabling 22-15
support for 1-6
root switch
MSTP 21-17
STP 20-14
route calculation timers, OSPF 39-30
route dampening, BGP 39-60
routed ports
configuring 39-3
IP addresses on 39-4
route-map command 39-96
route maps
BGP 39-51
policy-based routing 39-94
route reflectors, BGP 39-59
router ID, OSPF 39-32
route selection, BGP 39-49
route summarization, OSPF 39-30
route targets, VPN 39-74
routing
default 39-2
dynamic 39-3
redistribution of information 39-90
static 39-3
routing domain confederation, BGP 39-58
Routing Information Protocol
See RIP
routing protocol administrative distances 39-89
RSPAN
characteristics 28-8
configuration guidelines 28-16
default configuration 28-9
defined 28-2
destination ports 28-7
displaying status 28-22
interaction with other features 28-8
monitored ports 28-5
monitoring ports 28-7
overview 1-12, 28-1
received traffic 28-4
sessions
creating 28-16
defined 28-3
limiting source traffic to specific VLANs 28-21
specifying monitored ports 28-16
with ingress traffic enabled 28-20
source ports 28-5
transmitted traffic 28-5
VLAN-based 28-6
RSTP
active topology 21-9
BPDU
format 21-12
processing 21-12
designated port, defined 21-9
designated switch, defined 21-9
interoperability with IEEE 802.1D
described 21-8
restarting migration process 21-25
topology changes 21-13
overview 21-8
port roles
described 21-9
synchronized 21-11
proposal-agreement handshake process 21-10
rapid convergence
described 21-9
edge ports and Port Fast 21-9
point-to-point links 21-10, 21-24
root ports 21-10
root port, defined 21-9
See also MSTP
running configuration
replacing A-19, A-20
rolling back A-19, A-20
running configuration, saving 4-15
S
scheduled reloads 4-21
scheduling, IP SLAs operations 45-5
SCP
and SSH 9-56
configuring 9-57
SD flash memory card A-2
SDM
templates
configuring 7-4
number of 7-1
SDM template 43-3
configuration guidelines 7-3
configuring 7-3
dual IPv4 and IPv6 7-2
types of 7-1
secondary edge port, REP 23-4
secondary VLANs 18-2
Secure Copy Protocol
Secure Digital flash memory card
See SD flash memory card
secure HTTP client
configuring 9-55
displaying 9-56
secure HTTP server
configuring 9-54
displaying 9-56
secure MAC addresses
deleting 27-16
maximum number of 27-9
types of 27-8
secure ports, configuring 27-8
secure remote connections 9-46
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 27-7
security features 1-7
See SCP
sequence numbers in log messages 33-8
server mode, VTP 16-3
service-provider network, MSTP and RSTP 21-1
service-provider networks
and customer VLANs 19-2
and IEEE 802.1Q tunneling 19-1
Layer 2 protocols across 19-8
Layer 2 protocol tunneling for EtherChannels 19-9
set-request operation 34-4
setting a secondary temperature threshold 3-7, 3-8
setting power supply alarm options 3-6
setting the FCS error hysteresis threshold 3-10
severity levels, defining in system messages 33-8
SFPs
monitoring status of 13-26, 36-6
security and identification 36-5
status, displaying 36-6
shaped round robin
See SRR
show access-lists hw-summary command 36-20
show alarm commands 3-13
show and more command output, filtering 2-10
show cdp traffic command 30-6
show cluster members command 6-13
show configuration command 13-23
show forward command 36-12
show interfaces command 13-18, 13-23
show interfaces switchport 24-4
show l2protocol command 19-13, 19-15
show lldp traffic command 29-12
show platform forward command 36-12
show running-config command
displaying ACLs 36-18, 36-19
interface description in 13-23
shutdown command on interfaces 13-28
shutdown threshold for Layer 2 protocol packets 19-11
Simple Network Management Protocol
See SNMP
Smartports macros
applying Cisco-default macros 14-3
applying global parameter values 14-3
configuration guidelines 14-2
default configuration 14-1
displaying 14-5
tracing 14-2
SNAP 30-1
SNMP
accessing MIB variables with 34-4
agent
described 34-4
disabling 34-8
and IP SLAs 45-2
authentication level 34-11
community strings
configuring 34-9
overview 34-4
configuration examples 34-18
default configuration 34-7
engine ID 34-8
groups 34-8, 34-10
host 34-8
ifIndex values 34-5
in-band management 1-5
in clusters 6-13
informs
and trap keyword 34-12
described 34-5
differences from traps 34-5
disabling 34-16
enabling 34-16
limiting access by TFTP servers 34-17
limiting system log messages to NMS 33-10
manager functions 1-4, 34-3
managing clusters with 6-14
notifications 34-5
overview 34-1, 34-4
security levels 34-2
setting CPU threshold notification 34-16
status, displaying 34-19
system contact and location 34-17
trap manager, configuring 34-14
traps
described 34-3, 34-5
differences from informs 34-5
disabling 34-16
enabling 34-12
enabling MAC address notification 8-15, 8-17, 8-18
overview 34-1, 34-4
types of 34-13
users 34-8, 34-10
versions supported 34-2
SNMP and Syslog Over IPv6 40-8
SNMP traps
REP 23-13
SNMPv1 34-2
SNMPv2C 34-2
SNMPv3 34-2
software images
location in flash A-23
recovery procedures 36-2
scheduling reloads 4-21
tar file format, described A-23
See also downloading and uploading
source addresses
in IPv4 ACLs 36-10
in IPv6 ACLs 43-5
source-and-destination-IP address based forwarding, EtherChannel 38-7
source-and-destination MAC address forwarding, EtherChannel 38-7
source-IP address based forwarding, EtherChannel 38-7
source-MAC address forwarding, EtherChannel 38-7
SPAN
configuration guidelines 28-10
default configuration 28-9
destination ports 28-7
displaying status 28-22
interaction with other features 28-8
monitored ports 28-5
monitoring ports 28-7
overview 1-12, 28-1
ports, restrictions 27-11
received traffic 28-4
sessions
configuring ingress forwarding 28-14, 28-21
creating 28-11
defined 28-3
limiting source traffic to specific VLANs 28-14
removing destination (monitoring) ports 28-12
specifying monitored ports 28-11
with ingress traffic enabled 28-13
source ports 28-5
transmitted traffic 28-5
VLAN-based 28-6
spanning tree and native VLANs 15-15
Spanning Tree Protocol
See STP
SPAN traffic 28-4
split horizon, RIP 39-22
SRR
configuring
shaped weights on egress queues 37-73
shared weights on egress queues 37-74
shared weights on ingress queues 37-67
described 37-14
shaped mode 37-14
shared mode 37-14
support for 1-11
SSH
configuring 9-47
cryptographic software image 9-45
described 1-5, 9-46
encryption methods 9-46
user authentication methods, supported 9-46
SSL
configuration guidelines 9-53
configuring a secure HTTP client 9-55
configuring a secure HTTP server 9-54
cryptographic software image 9-50
described 9-50
monitoring 9-56
standby command switch
configuring
considerations 6-10
defined 6-2
requirements 6-3
virtual IP address 6-10
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby ip command 44-6
standby links 24-2
standby router 44-1
standby timers, HSRP 44-11
startup configuration
booting
manually 4-18
specific image 4-19
clearing A-19
configuration file
automatically downloading 4-17
specifying the filename 4-17
default boot configuration 4-17
static access ports
assigning to VLAN 15-9
defined 13-3, 15-3
static addresses
See addresses
static IP routing 1-12
static MAC addressing 1-7
static route primary interface,configuring 46-10
static routes
configuring 39-88
configuring for IPv6 40-19
understanding 40-6
static routing 39-3
static routing support, enhanced object tracking 46-10
static VLAN membership 15-2
statistics
802.1X 11-17
802.1x 10-64
CDP 30-5
interface 13-26
LLDP 29-12
LLDP-MED 29-12
NMSP 29-12
OSPF 39-32
QoS ingress and egress 37-77
RMON group Ethernet 32-5
RMON group history 32-5
SNMP input and output 34-19
VTP 16-16
sticky learning 27-8
storm control
configuring 27-3
described 27-1
disabling 27-5
displaying 27-20
support for 1-3
thresholds 27-1
STP
accelerating root port selection 22-4
and REP 23-6
BackboneFast
described 22-5
disabling 22-14
enabling 22-13
BPDU filtering
described 22-3
disabling 22-12
enabling 22-12
BPDU guard
described 22-2
disabling 22-12
enabling 22-11
BPDU message exchange 20-3
configuration guidelines 20-12, 22-10
configuring
forward-delay time 20-21
hello time 20-20
maximum aging time 20-21
path cost 20-18
port priority 20-16
root switch 20-14
secondary root switch 20-16
spanning-tree mode 20-13
switch priority 20-19
transmit hold-count 20-22
counters, clearing 20-22
default configuration 20-11
default optional feature configuration 22-9
designated port, defined 20-3
designated switch, defined 20-3
detecting indirect link failures 22-5
disabling 20-14
displaying status 20-22
EtherChannel guard
described 22-7
disabling 22-14
enabling 22-14
extended system ID
effects on root switch 20-14
effects on the secondary root switch 20-16
overview 20-4
unexpected behavior 20-14
features supported 1-6
IEEE 802.1D and bridge ID 20-4
IEEE 802.1D and multicast addresses 20-8
IEEE 802.1t and VLAN identifier 20-4
inferior BPDU 20-3
instances supported 20-9
interface state, blocking to forwarding 22-2
interface states
blocking 20-5
disabled 20-7
forwarding 20-5, 20-6
learning 20-6
listening 20-6
overview 20-4
interoperability and compatibility among modes 20-10
Layer 2 protocol tunneling 19-7
limitations with IEEE 802.1Q trunks 20-10
load sharing
overview 15-20
using path costs 15-22
using port priorities 15-21
loop guard
described 22-9
enabling 22-15
modes supported 20-9
multicast addresses, effect of 20-8
optional features supported 1-6
overview 20-2
path costs 15-22, 15-23
Port Fast
described 22-2
enabling 22-10
port priorities 15-21
preventing root switch selection 22-8
protocols supported 20-9
redundant connectivity 20-8
root guard
described 22-8
enabling 22-15
root port, defined 20-3
root switch
configuring 20-14
effects of extended system ID 20-4, 20-14
election 20-3
unexpected behavior 20-14
shutdown Port Fast-enabled port 22-2
status, displaying 20-22
superior BPDU 20-3
timers, described 20-20
UplinkFast
described 22-3
enabling 22-13
VLAN-bridge 20-10
stratum, NTP 8-2
stub areas, OSPF 39-28
stub routing, EIGRP 39-39
subdomains, private VLAN 18-1
subnet mask 39-5
subnet zero 39-6
success response, VMPS 15-24
summer time 8-6
SunNet Manager 1-4
supernet 39-6
supported port-based authentication methods 10-7
SVIs
and IP unicast routing 39-3
connecting VLANs 13-9
switch 40-2
switch clustering technology 6-1
See also clusters, switch
switch console port 1-5
Switch Database Management
See SDM
Switched Port Analyzer
See SPAN
switched ports 13-2
switchport backup interface 24-4, 24-5
switchport block multicast command 27-7
switchport block unicast command 27-7
switchport command 13-14
switchport mode dot1q-tunnel command 19-6
switchport protected command 27-6
switch priority
MSTP 21-21
STP 20-19
switch software features 1-1
SXP
configuration process 12-2
configuring peer connections 12-2
default passwords 12-4
enabling 12-2
reconcile period 12-5
retry period 12-5
source IP address 12-4
synchronization, BGP 39-45
syslog
See system message logging
system capabilities TLV 29-2
system clock
configuring
daylight saving time 8-6
manually 8-4
summer time 8-6
time zones 8-5
displaying the time and date 8-5
overview 8-1
See also NTP
system description TLV 29-2
system message logging
default configuration 33-3
defining error message severity levels 33-8
disabling 33-4
displaying the configuration 33-13
enabling 33-4
facility keywords, described 33-13
level keywords, described 33-9
limiting messages 33-10
message format 33-2
overview 33-1
sequence numbers, enabling and disabling 33-8
setting the display destination device 33-5
synchronizing log messages 33-6
syslog facility 1-12
time stamps, enabling and disabling 33-7
UNIX syslog servers
configuring the daemon 33-12
configuring the logging facility 33-12
facilities supported 33-13
system MTU
and IS-IS LSPs 39-66
system MTU and IEEE 802.1Q tunneling 19-5
system name
default configuration 8-8
default setting 8-8
manual configuration 8-8
See also DNS
system name TLV 29-2
system prompt, default setting 8-7, 8-8
system resources, optimizing 7-1
system routing
IS-IS 39-62
ISO IGRP 39-62
T
TACACS+
accounting, defined 9-11
authentication, defined 9-11
authorization, defined 9-11
configuring
accounting 9-17
authentication key 9-13
authorization 9-16
login authentication 9-14
default configuration 9-13
displaying the configuration 9-18
identifying the server 9-13
in clusters 6-13
limiting the services to the user 9-16
operation of 9-12
overview 9-10
support for 1-9
tracking services accessed by user 9-17
tagged packets
IEEE 802.1Q 19-3
Layer 2 protocol 19-7
tar files
creating A-7
displaying the contents of A-7
extracting A-8
image file format A-23
TCL script, registering and defining with embedded event manager 35-6
TDR 1-13
Telnet
accessing management interfaces 2-10
number of connections 1-5
setting a password 9-6
temperature alarms, configuring 3-7, 3-8
temporary self-signed certificate 9-51
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 9-6
TFTP
configuration files
downloading A-11
preparing the server A-10
uploading A-12
configuration files in base directory 4-7
configuring for autoconfiguration 4-7
image files
deleting A-26
downloading A-25
preparing the server A-24
uploading A-27
limiting access by servers 34-17
TFTP server 1-4
threshold, traffic level 27-2
threshold monitoring, IP SLAs 45-6
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 36-15
time ranges in ACLs 36-15
time stamps in log messages 33-7
time zones 8-5
TLVs
defined 29-1
LLDP 29-2
LLDP-MED 29-2
Token Ring VLANs
support for 15-5
VTP support 16-4
ToS 1-10
traceroute, Layer 2
and ARP 36-7
and CDP 36-7
broadcast traffic 36-7
described 36-7
IP addresses and subnets 36-7
MAC addresses and VLANs 36-7
multicast traffic 36-7
multiple devices on a port 36-8
unicast traffic 36-7
usage guidelines 36-7
traceroute command 36-9
See also IP traceroute
tracked lists
configuring 46-3
types 46-3
tracked objects
by Boolean expression 46-4
by threshold percentage 46-6
by threshold weight 46-5
tracking interface line-protocol state 46-2
tracking IP routing state 46-2
tracking objects 46-1
tracking process 46-1
track state, tracking IP SLAs 46-9
traffic
blocking flooded 27-7
fragmented 36-3
fragmented IPv6 43-2
unfragmented 36-3
traffic policing 1-10
traffic suppression 27-1
transmit hold-count
see STP
transparent mode, VTP 16-3
trap-door mechanism 4-2
traps
configuring MAC address notification 8-15, 8-17, 8-18
configuring managers 34-12
defined 34-3
enabling 8-15, 8-17, 8-18, 34-12
notification types 34-13
overview 34-1, 34-4
triggering alarm options
configurable relay 3-3
methods 3-3
SNMP traps 3-4
syslog messages 3-4
troubleshooting
connectivity problems 36-6, 36-8
CPU utilization 36-15
detecting unidirectional links 31-1
displaying crash information 36-14
setting packet forwarding 36-12
SFP security and identification 36-5
show forward command 36-12
with CiscoWorks 34-4
with debug commands 36-11
with ping 36-6
with system message logging 33-1
with traceroute 36-8
trunk failover
See link-state tracking
trunking encapsulation 1-6
trunk ports
configuring 15-17
defined 13-3, 15-3
trunks
allowed-VLAN list 15-18
load sharing
setting STP path costs 15-22
using STP port priorities 15-20, 15-21
native VLAN for untagged traffic 15-19
parallel 15-22
pruning-eligible list 15-19
to non-DTP device 15-14
trusted boundary for QoS 37-37
trusted port states
between QoS domains 37-39
classification options 37-4
ensuring port security for IP phones 37-37
support for 1-10
within a QoS domain 37-35
trustpoints, CA 9-50
tunneling
defined 19-1
IEEE 802.1Q 19-1
Layer 2 protocol 19-8
tunnel ports
described 19-1
IEEE 802.1Q, configuring 19-6
incompatibilities with other features 19-5
twisted-pair Ethernet, detecting unidirectional links 31-1
type of service
See ToS
U
UDLD
configuration guidelines 31-4
default configuration 31-4
disabling
globally 31-5
on fiber-optic interfaces 31-5
per interface 31-5
echoing detection mechanism 31-2
enabling
globally 31-5
per interface 31-5
Layer 2 protocol tunneling 19-10
link-detection mechanism 31-1
neighbor database 31-2
overview 31-1
resetting an interface 31-6
status, displaying 31-6
support for 1-5
UDP, configuring 39-14
UDP jitter, configuring 45-9
UDP jitter operation, IP SLAs 45-9
unauthorized ports with IEEE 802.1x 10-10
unicast MAC address filtering 1-4
and adding static addresses 8-21
and broadcast MAC addresses 8-20
and CPU packets 8-20
and multicast addresses 8-20
and router MAC addresses 8-20
configuration guidelines 8-20
described 8-20
unicast storm 27-1
unicast storm control command 27-4
unicast traffic, blocking 27-7
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 33-12
facilities supported 33-13
message logging configuration 33-12
unrecognized Type-Length-Value (TLV) support 16-4
upgrading software images
See downloading
UplinkFast
described 22-3
disabling 22-13
enabling 22-13
uploading
configuration files
preparing A-10, A-13, A-16
reasons for A-9
using FTP A-14
using RCP A-18
using TFTP A-12
image files
preparing A-24, A-28, A-32
reasons for A-23
using FTP A-30
using RCP A-34
using TFTP A-27
User Datagram Protocol
See UDP
user EXEC mode 2-2
username-based authentication 9-6
V
version-dependent transparent mode 16-4
virtual IP address
cluster standby group 6-10
command switch 6-10
Virtual Private Network
See VPN
virtual router 44-1, 44-2
virtual switches and PAgP 38-5
vlan.dat file 15-4
VLAN 1, disabling on a trunk port 15-18
VLAN 1 minimization 15-18
vlan-assignment response, VMPS 15-24
VLAN blocking, REP 23-12
VLAN configuration
at bootup 15-6
saving 15-6
VLAN configuration mode 2-2
VLAN database
and startup configuration file 15-6
and VTP 16-1
VLAN configuration saved in 15-6
VLANs saved in 15-4
vlan dot1q tag native command 19-4
VLAN filtering and SPAN 28-6
vlan global configuration command 15-6
VLAN ID, discovering 8-23
VLAN load balancing
REP 23-4
VLAN load balancing, triggering 23-5
VLAN load balancing on flex links 24-2
configuration guidelines 24-8
VLAN management domain 16-2
VLAN Management Policy Server
See VMPS
VLAN maps
displaying 36-29
support for 1-8
VLAN membership
confirming 15-27
modes 15-3
VLAN Query Protocol
See VQP
VLANs
adding 15-7
adding to VLAN database 15-7
aging dynamic addresses 20-9
allowed on trunk 15-18
and spanning-tree instances 15-2, 15-6, 15-10
configuration guidelines, extended-range VLANs 15-10
configuration guidelines, normal-range VLANs 15-5
configuring 15-1
configuring IDs 1006 to 4094 15-10
connecting through SVIs 13-9
creating 15-7
customer numbering in service-provider networks 19-3
default configuration 15-6
deleting 15-8
described 13-2, 15-1
displaying 15-13
extended-range 15-1, 15-10
features 1-6
illustrated 15-2
internal 15-11
limiting source traffic with RSPAN 28-21
limiting source traffic with SPAN 28-14
modifying 15-7
native, configuring 15-19
normal-range 15-1, 15-4
number supported 1-6
parameters 15-4
port membership modes 15-3
static-access ports 15-9
STP and IEEE 802.1Q trunks 20-10
supported 15-2
Token Ring 15-5
VLAN-bridge STP 20-10, 48-2
VTP modes 16-3
VLAN Trunking Protocol
See VTP
VLAN trunks 15-14
VMPS
administering 15-28
configuration example 15-29
configuration guidelines 15-25
default configuration 15-25
description 15-23
dynamic port membership
described 15-24
reconfirming 15-27
troubleshooting 15-29
entering server address 15-26
mapping MAC addresses to VLANs 15-24
monitoring 15-28
reconfirmation interval, changing 15-27
reconfirming membership 15-27
retry count, changing 15-28
voice aware 802.1x security
port-based authentication
configuring 10-37
described 10-29, 10-37
voice-over-IP 17-1
voice VLAN
Cisco 7960 phone, port connections 17-1
configuration guidelines 17-3
configuring IP phones for data traffic
override CoS of incoming frame 17-6
trust CoS priority of incoming frame 17-6
configuring ports for voice traffic in
802.1p priority tagged frames 17-5
802.1Q frames 17-5
connecting to an IP phone 17-4
default configuration 17-3
described 17-1
displaying 17-7
IP phone data traffic, described 17-2
IP phone voice traffic, described 17-2
VPN
configuring routing in 39-81
forwarding 39-74
in service provider networks 39-71
routes 39-72
VPN routing and forwarding table
See VRF
VQP 1-6, 15-23
VRF
defining 39-74
Specifying for an SXP connection 12-3
tables 39-71
VRF-aware services
ARP 39-78
configuring 39-77
ftp 39-80
HSRP 39-79
ping 39-78
SNMP 39-78
syslog 39-79
tftp 39-80
traceroute 39-80
VTP
adding a client to a domain 16-15
advertisements 15-16, 16-3
and extended-range VLANs 15-2, 16-1
and normal-range VLANs 15-2, 16-1
client mode, configuring 16-11
configuration
guidelines 16-8
requirements 16-10
saving 16-8
configuration requirements 16-10
configuration revision number
guideline 16-15
resetting 16-16
consistency checks 16-4
default configuration 16-7
described 16-1
domain names 16-8
domains 16-2
Layer 2 protocol tunneling 19-7
modes
client 16-3
off 16-3
server 16-3
transitions 16-3
transparent 16-3
monitoring 16-16
passwords 16-8
pruning
disabling 16-14
enabling 16-14
examples 16-6
overview 16-5
support for 1-6
pruning-eligible list, changing 15-19
server mode, configuring 16-10, 16-13
statistics 16-16
support for 1-6
Token Ring support 16-4
transparent mode, configuring 16-10
using 16-1
Version
enabling 16-13
version, guidelines 16-9
Version 1 16-4
Version 2
configuration guidelines 16-9
overview 16-4
Version 3
overview 16-4
W
WCCP
authentication 47-3
configuration guidelines 47-5
default configuration 47-5
described 47-1
displaying 47-9
dynamic service groups 47-3
enabling 47-6
features unsupported 47-4
forwarding method 47-3
Layer-2 header rewrite 47-3
MD5 security 47-3
message exchange 47-2
monitoring and maintaining 47-9
negotiation 47-3
packet redirection 47-3
packet-return method 47-3
redirecting traffic received from a client 47-6
setting the password 47-6
unsupported WCCPv2 features 47-4
web authentication 10-16
configuring 11-16 to ??
described 1-7
web-based authentication
customizeable web pages 11-5
description 11-1
web-based authentication, interactions with other features 11-7
Web Cache Communication Protocol
See WCCP
weighted tail drop
See WTD
weight thresholds in tracked lists 46-5
wired location service
configuring 29-10
displaying 29-12
location TLV 29-3
understanding 29-3
WTD
described 37-13
setting thresholds
egress queue-sets 37-70
ingress queues 37-66
support for 1-11
X
Xmodem protocol 36-2
Index
A
AAA down policy, NAC Layer 2 IP validation 1-9
abbreviating commands 2-4
ABRs 39-24
access-class command 36-18
access control entries
See ACEs
access control entry (ACE) 43-3
access-denied response, VMPS 15-24
access groups
applying IPv4 ACLs to interfaces 36-19
Layer 2 36-19
Layer 3 36-19
accessing
clusters, switch 6-12
command switches 6-10
member switches 6-12
switch clusters 6-12
access lists
See ACLs
access ports
and Layer 2 protocol tunneling 19-10
defined 13-2
in switch clusters 6-8
accounting
with 802.1x 10-48
with IEEE 802.1x 10-14
with RADIUS 9-35
with TACACS+ 9-11, 9-17
ACEs
and QoS 37-7
defined 36-2
Ethernet 36-2
IP 36-2
ACLs
ACEs 36-2
any keyword 36-11
applying
time ranges to 36-15
to an interface 36-18, 43-7
to IPv6 interfaces 43-7
to QoS 37-7
classifying traffic for QoS 37-42
comments in 36-17
compiling 36-21
defined 36-1, 36-5
examples of 36-21, 37-42
extended IP, configuring for QoS classification 37-43
extended IPv4
creating 36-8
matching criteria 36-5
hardware and software handling 36-20
host keyword 36-11
IP
creating 36-5
fragments and QoS guidelines 37-32
implicit deny 36-8, 36-13, 36-15
implicit masks 36-8
matching criteria 36-5
undefined 36-20
IPv4
applying to interfaces 36-18
creating 36-5
matching criteria 36-5
named 36-13
numbers 36-6
terminal lines, setting on 36-18
unsupported features 36-5
IPv6
applying to interfaces 43-7
configuring 43-3, 43-4
displaying 43-8
interactions with other features 43-4
limitations 43-2, 43-3
matching criteria 43-3
named 43-2
precedence of 43-2
supported 43-2
unsupported features 43-3
logging messages 36-7
MAC extended 36-26, 37-44
matching 36-5, 36-19, 43-3
monitoring 36-29, 43-8
named, IPv4 36-13
named, IPv6 43-2
names 43-4
number per QoS class map 37-32
port 43-1
QoS 37-7, 37-42
resequencing entries 36-13
router 43-1
standard IP, configuring for QoS classification 37-42
standard IPv4
creating 36-7
matching criteria 36-5
support for 1-7
support in hardware 36-20
time ranges 36-15
types supported 36-2
unsupported features, IPv4 36-5
unsupported features, IPv6 43-3
active link 24-4, 24-5, 24-6
active links 24-2
active router 44-1
active traffic monitoring, IP SLAs 45-1
addresses
displaying the MAC address table 8-23
dynamic
accelerated aging 20-8
changing the aging time 8-14
default aging 20-8
defined 8-12
learning 8-13
removing 8-15
IPv6 40-2
MAC, discovering 8-23
multicast
STP address management 20-8
static
adding and removing 8-19
defined 8-12
address resolution 8-23, 39-8
Address Resolution Protocol
See ARP
adjacency tables, with CEF 39-87
administrative distances
defined 39-99
OSPF 39-30
routing protocol defaults 39-89
administrative VLAN
REP, configuring 23-8
administrative VLAN, REP 23-8
advertisements
CDP 30-1
LLDP 29-1, 29-2
RIP 39-18
VTP 15-16, 16-3
age timer, REP 23-8
aggregatable global unicast addresses 40-3
aggregate addresses, BGP 39-57
aggregated ports
See EtherChannel
aggregate policers 37-57
aggregate policing 1-11
aging, accelerating 20-8
aging time
accelerated
for MSTP 21-23
for STP 20-8, 20-21
MAC address table 8-14
maximum
for MSTP 21-23, 21-24
for STP 20-21, 20-22
alarm profiles
configuring 3-12
creating or modifying 3-11
alarms
displaying 3-13
power supply 3-2
temperature 3-2
alarms, RMON 32-3
allowed-VLAN list 15-18
application engines, redirecting traffic to 47-1
area border routers
See ABRs
area routing
IS-IS 39-62
ISO IGRP 39-62
ARP
configuring 39-9
defined 1-4, 8-23, 39-8
encapsulation 39-10
static cache configuration 39-9
table
address resolution 8-23
managing 8-23
ASBRs 39-24
AS-path filters, BGP 39-52
associating the temperature alarms to a relay 3-9
asymmetrical links, and IEEE 802.1Q tunneling 19-4
attaching an alarm profile to a port 3-12
attributes, RADIUS
vendor-proprietary 9-38
vendor-specific 9-36
attribute-value pairs 10-12, 10-15, 10-20
authentication
EIGRP 39-38
HSRP 44-10
local mode with AAA 9-44
open1x 10-29
RADIUS
key 9-28
login 9-30
TACACS+
defined 9-11
key 9-13
login 9-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 10-8
authentication failed VLAN
See restricted VLAN
authentication keys, and routing protocols 39-99
authentication manager
CLI commands 10-9
compatibility with older 802.1x CLI commands 10-9 to ??
overview 10-7
authoritative time source, described 8-2
authorization
with RADIUS 9-34
with TACACS+ 9-11, 9-16
authorized ports with IEEE 802.1x 10-10
autoconfiguration 4-3
auto enablement 10-30
automatic discovery
considerations
beyond a noncandidate device 6-7
brand new switches 6-8
connectivity 6-4
different VLANs 6-6
management VLANs 6-7
non-CDP-capable devices 6-6
noncluster-capable devices 6-6
in switch clusters 6-4
See also CDP
automatic QoS
See QoS
auto-MDIX
configuring 13-20
described 13-19
autonegotiation
duplex mode 1-2
interface configuration guidelines 13-17
mismatches 36-4
autonomous system boundary routers
See ASBRs
autonomous systems, in BGP 39-45
autosensing, port speed 1-2
Auto Smartports macros
displaying 14-5
auxiliary VLAN
See voice VLAN
availability, features 1-5
B
BackboneFast
described 22-5
disabling 22-14
enabling 22-13
backup interfaces
See Flex Links
backup links 24-2
backup static routing, configuring 46-11
banners
configuring
login 8-12
message-of-the-day login 8-11
default configuration 8-10
when displayed 8-10
Berkeley r-tools replacement 9-56
BGP
aggregate addresses 39-57
aggregate routes, configuring 39-57
CIDR 39-57
clear commands 39-61
community filtering 39-54
configuring neighbors 39-55
default configuration 39-43
described 39-42
enabling 39-45
monitoring 39-61
multipath support 39-49
neighbors, types of 39-45
path selection 39-49
peers, configuring 39-55
prefix filtering 39-53
resetting sessions 39-48
route dampening 39-60
route maps 39-51
route reflectors 39-59
routing domain confederation 39-58
routing session with multi-VRF CE 39-81
show commands 39-61
supernets 39-57
support for 1-11
Version 4 39-42
binding cluster group and HSRP group 44-12
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 25-7
DHCP snooping database 25-7
IP source guard 25-16
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 27-6
Boolean expressions in tracked lists 46-4
booting
boot loader, function of 4-2
boot process 4-1
manually 4-18
specific image 4-19
boot loader
accessing 4-19
described 4-2
environment variables 4-19
prompt 4-19
trap-door mechanism 4-2
Border Gateway Protocol
See BGP
BPDU
error-disabled state 22-2
filtering 22-3
RSTP format 21-12
BPDU filtering
described 22-3
disabling 22-12
enabling 22-12
support for 1-6
BPDU guard
described 22-2
disabling 22-12
enabling 22-11
support for 1-6
bridge groups
See fallback bridging
bridge protocol data unit
See BPDU
broadcast flooding 39-16
broadcast packets
directed 39-13
flooded 39-13
broadcast storm-control command 27-4
broadcast storms 27-1, 39-13
C
cables, monitoring for unidirectional links 31-1
candidate switch
automatic discovery 6-4
defined 6-3
requirements 6-3
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility 10-8
CA trustpoint
configuring 9-53
defined 9-50
CDP
and trusted boundary 37-38
automatic discovery in switch clusters 6-4
configuring 30-2
default configuration 30-2
defined with LLDP 29-1
described 30-1
disabling for routing device 30-4
enabling and disabling
on an interface 30-4
on a switch 30-4
Layer 2 protocol tunneling 19-7
monitoring 30-5
overview 30-1
power negotiation extensions 13-4
support for 1-4
transmission timer and holdtime, setting 30-3
updates 30-3
CEF
defined 39-86
enabling 39-87
IPv6 40-18
CGMP
switch support of 1-3
CIDR 39-57
CipherSuites 9-52
Cisco 7960 IP Phone 17-1
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco intelligent power management 13-4
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
See IFS
Cisco IOS IP SLAs 45-1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 10-20
attribute-value pairs for redirect URL 10-20
Cisco Secure ACS configuration guide 10-59
Cisco TrustSec
configuring 12-9
connection caching 12-8
Cisco TrustSec caching
clearing 12-9
enabling 12-8
CiscoWorks 2000 1-4, 34-4
CISP 10-30
CIST regional root
See MSTP
CIST root
See MSTP
civic location 29-3
classless interdomain routing
See CIDR
classless routing 39-6
class maps for QoS
configuring 37-45
described 37-7
displaying 37-77
class of service
See CoS
clearing interfaces 13-28
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-3
editing features
enabling and disabling 2-7
keystroke editing 2-8
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
managing clusters 6-13
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client mode, VTP 16-3
client processes, tracking 46-1
CLNS
See ISO CLNS
clock
See system clock
clusters, switch
accessing 6-12
automatic discovery 6-4
benefits 1-2
compatibility 6-4
described 6-1
LRE profile considerations 6-13
managing
through CLI 6-13
through SNMP 6-14
planning 6-4
planning considerations
automatic discovery 6-4
CLI 6-13
host names 6-12
IP addresses 6-12
LRE profiles 6-13
passwords 6-12
RADIUS 6-13
SNMP 6-13, 6-14
TACACS+ 6-13
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
and HSRP group 44-12
automatic recovery 6-11
considerations 6-10
defined 6-2
requirements 6-3
virtual IP address 6-10
CNS 1-4
Configuration Engine
configID, deviceID, hostname 5-3
configuration service 5-2
described 5-1
event service 5-3
embedded agents
described 5-5
enabling automated configuration 5-6
enabling configuration agent 5-9
enabling event agent 5-7
management functions 1-4
CoA Request Commands 9-24
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 9-8
command switch
accessing 6-10
configuration conflicts 36-4
defined 6-1
password privilege levels 6-14
recovery
from lost member connectivity 36-4
requirements 6-3
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 39-54
community ports 18-2
community strings
configuring 6-13, 34-9
in clusters 6-13
overview 34-4
SNMP 6-13
community VLANs 18-2, 18-3
compatibility, feature 27-11
config.text 4-17
configuration, initial
defaults 1-13
configuration changes, logging 33-10
configuration conflicts, recovering from lost member connectivity 36-4
configuration examples, network 1-16
configuration files
archiving A-19
clearing the startup configuration A-19
creating using a text editor A-10
default name 4-17
deleting a stored configuration A-19
described A-9
downloading
automatically 4-17
preparing A-10, A-13, A-16
reasons for A-9
using FTP A-13
using RCP A-17
using TFTP A-11
guidelines for creating and using A-9
guidelines for replacing and rolling back A-20
invalid combinations when copying A-6
limiting TFTP server access 34-17
obtaining with DHCP 4-9
password recovery disable considerations 9-5
replacing a running configuration A-19, A-20
rolling back a running configuration A-19, A-20
specifying the filename 4-17
system contact and location information 34-17
types and location A-10
uploading
preparing A-10, A-13, A-16
reasons for A-9
using FTP A-14
using RCP A-18
using TFTP A-12
configuration guidelines
REP 23-7
configuration guidelines, multi-VRF CE 39-74
configuration logger 33-10
configuration logging 2-5
configuration replacement A-19
configuration rollback A-19
configuration settings, saving 4-15
configure terminal command 13-10
configuring 802.1x user distribution 10-55
configuring port-based authentication violation modes 10-38 to 10-39
config-vlan mode 2-2
conflicts, configuration 36-4
connections, secure remote 9-46
connectivity problems 36-6, 36-8
consistency checks in VTP Version 2 16-4
console port, connecting to 2-10
content-routing technology
See WCCP
control protocol, IP SLAs 45-4
convergence
REP 23-4
corrupted software, recovery steps with Xmodem 36-2
CoS
override priority 17-6
trust priority 17-6
CoS input queue threshold map for QoS 37-15
CoS output queue threshold map for QoS 37-17
CoS-to-DSCP map for QoS 37-60
counters, clearing interface 13-28
CPU utilization, troubleshooting 36-15
crashinfo file 36-14
critical authentication, IEEE 802.1x 10-51
critical VLAN 10-23
cryptographic software image
Kerberos 9-40
SSH 9-45
SSL 9-50
CTS
configuring 12-9
customer edge devices 39-72
customjzeable web pages, web-based authentication 11-5
D
DACL
See downloadable ACL
daylight saving time 8-6
debugging
enabling all system diagnostics 36-12
enabling for a specific feature 36-11
redirecting error message output 36-12
using commands 36-11
default commands 2-4
default configuration
802.1x 10-33
auto-QoS 37-19
banners 8-10
BGP 39-43
booting 4-17
CDP 30-2
DHCP 25-9
DHCP option 82 25-9
DHCP snooping 25-9
DHCP snooping binding database 25-9
DNS 8-9
dynamic ARP inspection 26-5
EIGRP 39-34
EtherChannel 38-9
Ethernet interfaces 13-14
fallback bridging 48-3
Flex Links 24-8
HSRP 44-5
IEEE 802.1Q tunneling 19-4
IGMP snooping 42-5, 42-6
initial switch information 4-3
IP addressing, IP routing 39-4
IP SLAs 45-6
IP source guard 25-17
IPv6 40-10
IS-IS 39-63
Layer 2 interfaces 13-14
Layer 2 protocol tunneling 19-11
LLDP 29-5
MAC address table 8-14
MAC address-table move update 24-8
MSTP 21-14
multi-VRF CE 39-74
optional spanning-tree configuration 22-9
OSPF 39-25
password and privilege level 9-2
private VLANs 18-6
RADIUS 9-27
REP 23-7
RIP 39-19
RMON 32-3
RSPAN 28-9
SDM template 7-3
SNMP 34-7
SPAN 28-9
SSL 9-52
standard QoS 37-29
STP 20-11
system message logging 33-3
system name and prompt 8-8
TACACS+ 9-13
UDLD 31-4
VLAN, Layer 2 Ethernet interfaces 15-16
VLANs 15-6
VMPS 15-25
voice VLAN 17-3
VTP 16-7
WCCP 47-5
default gateway 4-15, 39-11
default networks 39-90
default router preference
See DRP
default routes 39-89
default routing 39-2
default web-based authentication configuration
802.1X 11-9
deleting VLANs 15-8
denial-of-service attack 27-1
description command 13-23
designing your network, examples 1-16
destination addresses
in IPv4 ACLs 36-10
in IPv6 ACLs 43-5
destination-IP address-based forwarding, EtherChannel 38-7
destination-MAC address forwarding, EtherChannel 38-7
detecting indirect link failures, STP 22-5
device A-23
device discovery protocol 29-1, 30-1
device manager
benefits 1-2
described 1-2, 1-3
in-band management 1-5
upgrading a switch A-23
DHCP
Cisco IOS server database
configuring 25-14
default configuration 25-9
described 25-7
DHCP for IPv6
See DHCPv6
enabling
relay agent 25-11
DHCP-based autoconfiguration
client request message exchange 4-4
configuring
client side 4-4
DNS 4-8
relay device 4-8
server side 4-6
TFTP server 4-7
example 4-9
lease options
for IP address information 4-6
for receiving the configuration file 4-7
overview 4-3
relationship to BOOTP 4-4
relay support 1-4, 1-12
support for 1-4
DHCP-based autoconfiguration and image update
configuring 4-11 to 4-14
understanding 4-5 to 4-6
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP object tracking, configuring primary interface 46-10
DHCP option 82
circuit ID suboption 25-5
configuration guidelines 25-9
default configuration 25-9
displaying 25-15
forwarding address, specifying 25-11
helper address 25-11
overview 25-4
packet format, suboption
circuit ID 25-5
remote ID 25-5
remote ID suboption 25-5
DHCP server port-based address allocation
configuration guidelines 25-27
default configuration 25-27
described 25-26
displaying 25-30
enabling 25-27
reserved addresses 25-28
DHCP server port-based address assignment
support for 1-4
DHCP snooping
accepting untrusted packets form edge switch 25-3, 25-13
binding database
See DHCP snooping binding database
configuration guidelines 25-9
default configuration 25-9
displaying binding tables 25-15
message exchange process 25-4
option 82 data insertion 25-4
trusted interface 25-2
untrusted interface 25-2
untrusted messages 25-2
DHCP snooping binding database
adding bindings 25-14
binding file
format 25-8
location 25-7
bindings 25-7
clearing agent statistics 25-15
configuration guidelines 25-10
configuring 25-14
default configuration 25-9
deleting
binding file 25-15
bindings 25-15
database agent 25-15
described 25-7
displaying 25-15
binding entries 25-15
status and statistics 25-15
enabling 25-14
entry 25-7
renewing database 25-15
resetting
delay value 25-15
timeout value 25-15
DHCP snooping binding table
See DHCP snooping binding database
DHCPv6
configuration guidelines 40-15
default configuration 40-15
described 40-6
enabling client function 40-17
enabling DHCPv6 server function 40-15
support for 1-12
Differentiated Services architecture, QoS 37-1
Differentiated Services Code Point 37-2
Diffusing Update Algorithm (DUAL) 39-33
directed unicast requests 1-4
directories
changing A-4
creating and removing A-5
displaying the working A-4
discovery, clusters
See automatic discovery
displaying switch alarms 3-13
Distance Vector Multicast Routing Protocol
See DVMRP
distance-vector protocols 39-3
distribute-list command 39-98
DNS
and DHCP-based autoconfiguration 4-8
default configuration 8-9
displaying the configuration 8-10
in IPv6 40-3
overview 8-8
setting up 8-9
support for 1-4
domain names
DNS 8-8
VTP 16-8
Domain Name System
See DNS
domains, ISO IGRP routing 39-62
dot1q-tunnel switchport mode 15-15
double-tagged packets
IEEE 802.1Q tunneling 19-2
Layer 2 protocol tunneling 19-10
downloadable ACL 10-18, 10-20, 10-59
downloading
configuration files
preparing A-10, A-13, A-16
reasons for A-9
using FTP A-13
using RCP A-17
using TFTP A-11
image files
deleting old image A-26
preparing A-24, A-28, A-32
reasons for A-23
using FTP A-29
using HTTP A-23
using RCP A-33
using TFTP A-25
using the device manager or Network Assistant A-23
drop threshold for Layer 2 protocol packets 19-11
DRP
configuring 40-13
described 40-4
IPv6 40-4
support for 1-12
DSCP 1-10, 37-2
DSCP input queue threshold map for QoS 37-15
DSCP output queue threshold map for QoS 37-17
DSCP-to-CoS map for QoS 37-63
DSCP-to-DSCP-mutation map for QoS 37-64
DSCP transparency 37-39
DTP 1-6, 15-14
dual-action detection 38-5
DUAL finite state machine, EIGRP 39-34
dual IPv4 and IPv6 templates 7-2, 40-5
dual protocol stacks
IPv4 and IPv6 40-5
SDM templates supporting 40-6
dual-purpose uplinks
defined 13-4
LEDs 13-4
link selection 13-4, 13-15
setting the type 13-15
DVMRP
support for 1-12
dynamic access ports
characteristics 15-3
configuring 15-26
defined 13-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 26-1
ARP requests, described 26-1
ARP spoofing attack 26-1
clearing
log buffer 26-15
statistics 26-15
configuration guidelines 26-5
configuring
ACLs for non-DHCP environments 26-8
in DHCP environments 26-7
log buffer 26-12
rate limit for incoming ARP packets 26-4, 26-10
default configuration 26-5
denial-of-service attacks, preventing 26-10
described 26-1
DHCP snooping binding database 26-2
displaying
ARP ACLs 26-14
configuration and operating state 26-14
log buffer 26-15
statistics 26-15
trust state and rate limit 26-14
error-disabled state for exceeding rate limit 26-4
function of 26-2
interface trust states 26-3
log buffer
clearing 26-15
configuring 26-12
displaying 26-15
logging of dropped packets, described 26-4
man-in-the middle attack, described 26-2
network security issues and interface trust states 26-3
priority of ARP ACLs and DHCP snooping entries 26-4
rate limiting of ARP packets
configuring 26-10
described 26-4
error-disabled state 26-4
statistics
clearing 26-15
displaying 26-15
validation checks, performing 26-11
dynamic auto trunking mode 15-15
dynamic desirable trunking mode 15-15
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 15-24
reconfirming 15-27
troubleshooting 15-29
types of connections 15-26
dynamic routing 39-3
ISO CLNS 39-62
Dynamic Trunking Protocol
See DTP
E
EBGP 39-41
editing features
enabling and disabling 2-7
keystrokes used 2-8
wrapped lines 2-9
EIGRP
authentication 39-38
components 39-34
configuring 39-36
default configuration 39-34
definition 39-33
interface parameters, configuring 39-37
monitoring 39-40
stub routing 39-39
ELIN location 29-3
embedded event manager
actions 35-4
configuring 35-1, 35-5
displaying information 35-7
environmental variables 35-4
event detectors 35-2
policies 35-4
registering and defining an applet 35-5
registering and defining a TCL script 35-6
understanding 35-1
enable password 9-3
enable secret password 9-3
enabling SNMP traps 3-13
encryption, CipherSuite 9-52
encryption for passwords 9-3
Enhanced IGRP
See EIGRP
enhanced object tracking
backup static routing 46-11
commands 46-1
defined 46-1
DHCP primary interface 46-10
HSRP 46-7
IP routing state 46-2
IP SLAs 46-9
line-protocol state 46-2
network monitoring with IP SLAs 46-11
routing policy, configuring 46-11
static route primary interface 46-10
tracked lists 46-3
enhanced object tracking static routing 46-10
environmental variables, embedded event manager 35-4
environment variables, function of 4-20
equal-cost routing 1-12, 39-88
error-disabled state, BPDU 22-2
error messages during command entry 2-5
EtherChannel
automatic creation of 38-4, 38-5
channel groups
binding physical and logical interfaces 38-3
numbering of 38-3
configuration guidelines 38-9
configuring
Layer 2 interfaces 38-10
default configuration 38-9
described 38-2
displaying status 38-17
forwarding methods 38-7, 38-13
IEEE 802.3ad, described 38-5
interaction
with STP 38-10
with VLANs 38-10
LACP
described 38-5
displaying status 38-17
hot-standby ports 38-15
interaction with other features 38-6
modes 38-6
port priority 38-16
system priority 38-16
Layer 3 interface 39-3
load balancing 38-7, 38-13
logical interfaces, described 38-3
PAgP
aggregate-port learners 38-14
compatibility with Catalyst 1900 38-14
described 38-4
displaying status 38-17
interaction with other features 38-5
interaction with virtual switches 38-5
learn method and priority configuration 38-14
modes 38-4
support for 1-3
with dual-action detection 38-5
port-channel interfaces
described 38-3
numbering of 38-3
port groups 13-3
support for 1-2
EtherChannel guard
described 22-7
disabling 22-14
enabling 22-14
Ethernet VLANs
adding 15-7
defaults and ranges 15-7
modifying 15-7
EUI 40-3
event detectors, embedded event manager 35-2
events, RMON 32-3
examples
network configuration 1-16
expedite queue for QoS 37-75
See also getting started guide
extended crashinfo file 36-14
extended-range VLANs
configuration guidelines 15-10
configuring 15-10
creating 15-11
creating with an internal VLAN ID 15-12
defined 15-1
extended system ID
MSTP 21-17
STP 20-4, 20-14
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 10-1
external BGP
See EBGP
external neighbors, BGP 39-45
F
fa0 interface 1-5
fallback bridging
and protected ports 48-3
bridge groups
creating 48-3
described 48-1
displaying 48-10
function of 48-2
number supported 48-4
removing 48-4
bridge table
clearing 48-10
displaying 48-10
configuration guidelines 48-3
default configuration 48-3
described 48-1
frame forwarding
flooding packets 48-2
forwarding packets 48-2
overview 48-1
protocol, unsupported 48-3
STP
disabling on an interface 48-9
forward-delay interval 48-8
hello BPDU interval 48-7
interface priority 48-6
maximum-idle interval 48-8
path cost 48-6
VLAN-bridge spanning-tree priority 48-5
VLAN-bridge STP 48-2
support for 1-12
SVIs and routed ports 48-1
unsupported protocols 48-3
VLAN-bridge STP 20-10
Fast Convergence 24-3
FCS bit error rate alarm
configuring 3-10
defined 3-3
FCS error hysteresis threshold 3-2
features, incompatible 27-11
FIB 39-86
fiber-optic, detecting unidirectional links 31-1
files
basic crashinfo
description 36-14
location 36-14
copying A-5
crashinfo, description 36-14
deleting A-6
displaying the contents of A-8
extended crashinfo
description 36-14
location 36-15
tar
creating A-7
displaying the contents of A-7
extracting A-8
image file format A-23
file system
displaying available file systems A-1
displaying file information A-4
local file system names A-1
network file system names A-5
setting the default A-3
filtering
IPv6 traffic 43-3, 43-7
non-IP traffic 36-26
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
See ACLs, IP
flash device, number of A-1
flexible authentication ordering
configuring 10-62
overview 10-28
Flex Link Multicast Fast Convergence 24-3
Flex Links
configuration guidelines 24-8
configuring 24-9
configuring preferred VLAN 24-12
configuring VLAN load balancing 24-11
default configuration 24-8
description 24-1
link load balancing 24-2
monitoring 24-15
VLANs 24-2
flooded traffic, blocking 27-7
flow-based packet classification 1-10
flowcharts
QoS classification 37-6
QoS egress queueing and scheduling 37-16
QoS ingress queueing and scheduling 37-14
QoS policing and marking 37-10
flowcontrol
configuring 13-19
described 13-18
forward-delay time
MSTP 21-23
STP 20-21
Forwarding Information Base
See FIB
forwarding nonroutable protocols 48-1
FTP
configuration files
downloading A-13
overview A-12
preparing the server A-13
uploading A-14
image files
deleting old image A-30
downloading A-29
preparing the server A-28
uploading A-30
G
general query 24-5
Generating IGMP Reports 24-3
get-bulk-request operation 34-3
get-next-request operation 34-3, 34-4
get-request operation 34-3, 34-4
get-response operation 34-3
global configuration mode 2-2
global status monitoring alarms 3-2
guest VLAN and 802.1x 10-21
GUIs
See device manager and Network Assistant
H
hello time
MSTP 21-22
STP 20-20
help, for the command line 2-3
hierarchical policy maps 37-8
configuration guidelines 37-32
configuring 37-51
described 37-11
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 33-10
host names, in clusters 6-12
host ports
configuring 18-11
kinds of 18-2
hosts, limit on dynamic ports 15-29
Hot Standby Router Protocol
See HSRP
HP OpenView 1-4
HSRP
authentication string 44-10
automatic cluster recovery 6-11
binding to cluster group 44-12
cluster standby group considerations 6-10
command-switch redundancy 1-5
configuring 44-4
default configuration 44-5
definition 44-1
guidelines 44-6
monitoring 44-13
object tracking 46-7
overview 44-1
priority 44-8
routing redundancy 1-11
support for ICMP redirect messages 44-12
timers 44-11
tracking 44-8
HSRP for IPv6
configuring 40-24
guidelines 40-23
HTTP over SSL
see HTTPS
HTTPS 9-50
configuring 9-54
self-signed certificate 9-51
HTTP secure server 9-50
I
IBPG 39-41
ICMP
IPv6 40-4
redirect messages 39-11
support for 1-12
time-exceeded messages 36-8
traceroute and 36-8
unreachable messages 36-19
unreachable messages and IPv6 43-4
unreachables and ACLs 36-20
ICMP Echo operation
configuring 45-12
IP SLAs 45-11
ICMP ping
overview 36-6
ICMP Router Discovery Protocol
See IRDP
ICMPv6 40-4
IDS appliances
and ingress RSPAN 28-20
and ingress SPAN 28-13
IEEE 802.1D
See STP
IEEE 802.1p 17-1
IEEE 802.1Q
and trunk ports 13-3
configuration limitations 15-15
native VLAN for untagged traffic 15-19
tunneling
compatibility with other features 19-5
defaults 19-4
described 19-1
tunnel ports with other features 19-6
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3x flow control 13-18
ifIndex values, SNMP 34-5
IFS 1-4
IGMP
leave processing, enabling 42-8
report suppression
disabling 42-10
support for 1-3
IGMP filtering
support for 1-3
IGMP helper 1-3
IGMP snooping
default configuration 42-5, 42-6
enabling and disabling 42-6
monitoring 42-11
support for 1-3
IGP 39-24
Immediate Leave, IGMP
enabling 42-8
inaccessible authentication bypass 10-23
support for multiauth ports 10-23
initial configuration
defaults 1-13
interface
number 13-9
range macros 13-12
interface command 13-9 to 13-10
interface configuration
REP 23-9
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 13-19
configuration guidelines
duplex and speed 13-17
configuring
procedure 13-10
counters, clearing 13-28
default configuration 13-14
described 13-23
descriptive name, adding 13-23
displaying information about 13-26
flow control 13-18
management 1-3
monitoring 13-26
naming 13-23
physical, identifying 13-9
range of 13-10
restarting 13-28
shutting down 13-28
speed and duplex, configuring 13-17
status 13-26
supported 13-9
types of 13-1
interfaces range macro command 13-12
interface types 13-9
Interior Gateway Protocol
See IGP
internal BGP
See IBGP
internal neighbors, BGP 39-45
Internet Control Message Protocol
See ICMP
Internet Protocol version 6
See IPv6
inter-VLAN routing 1-11, 39-2
Intrusion Detection System
See IDS appliances
inventory management TLV 29-3, 29-8
IP ACLs
for QoS classification 37-7
implicit deny 36-8, 36-13
implicit masks 36-8
named 36-13
undefined 36-20
IP addresses
128-bit 40-2
candidate or member 6-3, 6-12
classes of 39-5
cluster access 6-2
command switch 6-3, 6-10, 6-12
default configuration 39-4
discovering 8-23
for IP routing 39-4
IPv6 40-2
MAC address association 39-8
monitoring 39-17
redundant clusters 6-10
standby command switch 6-10, 6-12
See also IP information
IP broadcast address 39-15
ip cef distributed command 39-87
IP directed broadcasts 39-13
IP information
assigned
manually 4-14
through DHCP-based autoconfiguration 4-3
default configuration 4-3
IP phones
and QoS 17-1
automatic classification and queueing 37-18
configuring 17-4
ensuring port security with QoS 37-37
trusted boundary for QoS 37-37
IP Port Security for Static Hosts
on a Layer 2 access port 25-19
on a PVLAN host port 25-24
IP precedence 37-2
IP-precedence-to-DSCP map for QoS 37-61
IP protocols
in ACLs 36-10
routing 1-11
IP routes, monitoring 39-100
IP routing
disabling 39-18
enabling 39-18
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 45-1
IP SLAs
benefits 45-2
configuration guidelines 45-6
configuring object tracking 46-9
Control Protocol 45-4
default configuration 45-6
definition 45-1
ICMP echo operation 45-11
measuring network performance 45-3
monitoring 45-13
multioperations scheduling 45-5
object tracking 46-9
operation 45-3
reachability tracking 46-9
responder
described 45-4
response time 45-4
scheduling 45-5
SNMP support 45-2
supported metrics 45-2
threshold monitoring 45-6
track object monitoring agent, configuring 46-11
track state 46-9
UDP jitter operation 45-9
IP source guard
and 802.1x 25-18
and DHCP snooping 25-15
and EtherChannels 25-18
and port security 25-18
and private VLANs 25-18
and routed ports 25-17
and TCAM entries 25-18
and trunk interfaces 25-18
and VRF 25-18
binding configuration
automatic 25-16
manual 25-16
binding table 25-16
configuration guidelines 25-17
default configuration 25-17
described 25-15
disabling 25-19
displaying
active IP or MAC bindings 25-26
bindings 25-26
configuration 25-26
enabling 25-18, 25-19
filtering
source IP address 25-16
source IP and MAC address 25-16
source IP address filtering 25-16
source IP and MAC address filtering 25-16
static bindings
adding 25-18, 25-19
deleting 25-19
static hosts 25-19
IP traceroute
executing 36-9
overview 36-8
IP unicast routing
address resolution 39-8
administrative distances 39-89, 39-99
ARP 39-8
assigning IP addresses to Layer 3 interfaces 39-5
authentication keys 39-99
broadcast
address 39-15
flooding 39-16
packets 39-13
storms 39-13
classless routing 39-6
configuring static routes 39-88
default
addressing configuration 39-4
gateways 39-11
networks 39-90
routes 39-89
routing 39-2
directed broadcasts 39-13
disabling 39-18
dynamic routing 39-3
enabling 39-18
EtherChannel Layer 3 interface 39-3
IGP 39-24
inter-VLAN 39-2
IP addressing
classes 39-5
configuring 39-4
IRDP 39-11
Layer 3 interfaces 39-3
MAC address and IP address 39-8
passive interfaces 39-97
protocols
distance-vector 39-3
dynamic 39-3
link-state 39-3
proxy ARP 39-8
redistribution 39-90
reverse address resolution 39-8
routed ports 39-3
static routing 39-3
steps to configure 39-4
subnet mask 39-5
subnet zero 39-6
supernet 39-6
UDP 39-14
with SVIs 39-3
See also BGP
See also EIGRP
See also OSPF
See also RIP
IPv4 ACLs
applying to interfaces 36-18
extended, creating 36-8
named 36-13
standard, creating 36-7
IPv4 and IPv6
dual protocol stacks 40-5
IPv6
ACLs
displaying 43-8
limitations 43-2
matching criteria 43-3
port 43-1
precedence 43-2
router 43-1
supported 43-2
addresses 40-2
address formats 40-2
applications 40-5
assigning address 40-10
autoconfiguration 40-4
CEFv6 40-18
configuring static routes 40-19
default configuration 40-10
default router preference (DRP) 40-4
defined 40-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 40-7
EIGRP IPv6 Commands 40-7
Router ID 40-7
feature limitations 40-9
features not supported 40-8
forwarding 40-10
ICMP 40-4
monitoring 40-26
neighbor discovery 40-4
OSPF 40-7
path MTU discovery 40-4
SDM templates 7-2, 42-1, 43-1
Stateless Autoconfiguration 40-4
supported features 40-2
switch limitations 40-9
understanding static routes 40-6
IPv6 traffic, filtering 43-3
IRDP
configuring 39-12
definition 39-11
support for 1-12
IS-IS
addresses 39-62
area routing 39-62
default configuration 39-63
monitoring 39-71
show commands 39-71
system routing 39-62
ISO CLNS
clear commands 39-71
dynamic routing protocols 39-62
monitoring 39-71
NETs 39-62
NSAPs 39-62
OSI standard 39-62
ISO IGRP
area routing 39-62
system routing 39-62
isolated port 18-2
isolated VLANs 18-2, 18-3
K
KDC
described 9-41
See also Kerberos
Kerberos
authenticating to
boundary switch 9-43
KDC 9-43
network services 9-44
configuration examples 9-40
configuring 9-44
credentials 9-41
cryptographic software image 9-40
described 9-41
KDC 9-41
operation 9-43
realm 9-42
server 9-42
support for 1-9
switch as trusted third party 9-40
terms 9-41
TGT 9-42
tickets 9-41
key distribution center
See KDC
L
l2protocol-tunnel command 19-12
LACP
Layer 2 protocol tunneling 19-9
See EtherChannel
Layer 2 frames, classification with CoS 37-2
Layer 2 interfaces, default configuration 13-14
Layer 2 protocol tunneling
configuring 19-10
configuring for EtherChannels 19-14
default configuration 19-11
defined 19-8
guidelines 19-11
Layer 2 traceroute
and ARP 36-7
and CDP 36-7
broadcast traffic 36-7
described 36-7
IP addresses and subnets 36-7
MAC addresses and VLANs 36-7
multicast traffic 36-7
multiple devices on a port 36-8
unicast traffic 36-7
usage guidelines 36-7
Layer 3 features 1-11
Layer 3 interfaces
assigning IP addresses to 39-5
assigning IPv4 and IPv6 addresses to 40-14
assigning IPv6 addresses to 40-11
changing from Layer 2 mode 39-5, 39-79
types of 39-3
Layer 3 packets, classification methods 37-2
LDAP 5-2
Leaking IGMP Reports 24-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-3
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 21-7
link fault alarm 3-3
link integrity, verifying with REP 23-3
Link Layer Discovery Protocol
See CDP
link local unicast addresses 40-3
link redundancy
See Flex Links
links, unidirectional 31-1
link state advertisements (LSAs) 39-29
link-state protocols 39-3
link-state tracking
configuring 38-20
described 38-18
LLDP
configuring 29-5
characteristics 29-7
default configuration 29-5
enabling 29-6
monitoring and maintaining 29-12
overview 29-1
supported TLVs 29-2
switch stack considerations 29-2
transmission timer and holdtime, setting 29-7
LLDP-MED
configuring
procedures 29-5
TLVs 29-8
monitoring and maintaining 29-12
overview 29-1, 29-2
supported TLVs 29-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing 44-4
local SPAN 28-2
location TLV 29-3, 29-8
logging messages, ACL 36-7
login authentication
with RADIUS 9-30
with TACACS+ 9-14
login banners 8-10
log messages
See system message logging
loop guard
described 22-9
enabling 22-15
support for 1-6
LRE profiles, considerations in switch clusters 6-13
M
MAB
See MAC authentication bypass
MAB aging timer 1-7
MAB inactivity timer
default setting 10-33
range 10-36
MAC/PHY configuration status TLV 29-2
MAC addresses
aging time 8-14
and VLAN association 8-13
building the address table 8-13
default configuration 8-14
disabling learning on a VLAN 8-22
discovering 8-23
displaying 8-23
displaying in the IP source binding table 25-26
dynamic
learning 8-13
removing 8-15
in ACLs 36-26
IP address association 39-8
static
adding 8-20
allowing 8-21, 8-22
characteristics of 8-19
dropping 8-21
removing 8-20
MAC address learning 1-4
MAC address learning, disabling on a VLAN 8-22
MAC address notification, support for 1-12
MAC address-table move update
configuration guidelines 24-8
configuring 24-12
default configuration 24-8
description 24-6
monitoring 24-15
MAC address-to-VLAN mapping 15-24
MAC authentication bypass 10-35
configuring 10-55
overview 10-16
See MAB
MAC extended access lists
applying to Layer 2 interfaces 36-28
configuring for QoS 37-44
creating 36-26
defined 36-26
for QoS classification 37-5
magic packet 10-25
manageability features 1-4
management access
in-band
browser session 1-5
CLI session 1-5
device manager 1-5
SNMP 1-5
out-of-band console port connection 1-5
management address TLV 29-2
management options
CLI 2-1
clustering 1-2
CNS 5-1
overview 1-3
management VLAN
considerations in switch clusters 6-7
discovery through different management VLANs 6-7
manual preemption, REP, configuring 23-13
mapping tables for QoS
configuring
CoS-to-DSCP 37-60
DSCP 37-59
DSCP-to-CoS 37-63
DSCP-to-DSCP-mutation 37-64
IP-precedence-to-DSCP 37-61
policed-DSCP 37-62
described 37-12
marking
action with aggregate policers 37-57
described 37-3, 37-8
matching
IPv6 ACLs 43-3
matching, IPv4 ACLs 36-5
maximum aging time
MSTP 21-23
STP 20-21
maximum hop count, MSTP 21-24
maximum number of allowed devices, port-based authentication 10-36
maximum-paths command 39-49, 39-88
MDA
configuration guidelines 10-12 to 10-13
described 1-8, 10-12
exceptions with authentication process 10-5
membership mode, VLAN port 15-3
member switch
automatic discovery 6-4
defined 6-1
managing 6-13
passwords 6-12
recovering from lost connectivity 36-4
requirements 6-3
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 8-10
metrics, in BGP 39-49
metric translations, between routing protocols 39-93
metro tags 19-2
MHSRP 44-4
MIBs
overview 34-1
SNMP interaction with 34-4
mirroring traffic for analysis 28-1
mismatches, autonegotiation 36-4
module number 13-9
monitoring
access groups 36-29
alarms 3-13
BGP 39-61
cables for unidirectional links 31-1
CDP 30-5
CEF 39-87
EIGRP 39-40
fallback bridging 48-10
features 1-12
Flex Links 24-15
HSRP 44-13
IEEE 802.1Q tunneling 19-17
IGMP
snooping 42-11
interfaces 13-26
IP
address tables 39-17
routes 39-100
IP SLAs operations 45-13
IPv4 ACL configuration 36-29
IPv6 40-26
IPv6 ACL configuration 43-8
IS-IS 39-71
ISO CLNS 39-71
Layer 2 protocol tunneling 19-17
MAC address-table move update 24-15
multicast router interfaces 42-11
multi-VRF CE 39-86
network traffic for analysis with probe 28-2
object tracking 46-12
OSPF 39-32
port
blocking 27-20
protection 27-20
private VLANs 18-14
REP 23-13
SFP status 13-26, 36-6
speed and duplex mode 13-18
traffic flowing among switches 32-1
traffic suppression 27-20
tunneling 19-17
VLAN
filters 36-29
maps 36-29
VLANs 15-13
VMPS 15-28
VTP 16-16
mrouter Port 24-3
mrouter port 24-5
MSDP
support for 1-12
MSTP
boundary ports
configuration guidelines 21-15
described 21-6
BPDU filtering
described 22-3
enabling 22-12
BPDU guard
described 22-2
enabling 22-11
CIST, described 21-3
CIST regional root 21-3
CIST root 21-5
configuration guidelines 21-14, 22-10
configuring
forward-delay time 21-23
hello time 21-22
link type for rapid convergence 21-24
maximum aging time 21-23
maximum hop count 21-24
MST region 21-15
neighbor type 21-25
path cost 21-20
port priority 21-19
root switch 21-17
secondary root switch 21-18
switch priority 21-21
CST
defined 21-3
operations between regions 21-3
default configuration 21-14
default optional feature configuration 22-9
displaying status 21-26
enabling the mode 21-15
EtherChannel guard
described 22-7
enabling 22-14
extended system ID
effects on root switch 21-17
effects on secondary root switch 21-18
unexpected behavior 21-17
IEEE 802.1s
implementation 21-6
port role naming change 21-6
terminology 21-5
instances supported 20-9
interface state, blocking to forwarding 22-2
interoperability and compatibility among modes 20-10
interoperability with IEEE 802.1D
described 21-8
restarting migration process 21-25
IST
defined 21-2
master 21-3
operations within a region 21-3
loop guard
described 22-9
enabling 22-15
mapping VLANs to MST instance 21-16
MST region
CIST 21-3
configuring 21-15
described 21-2
hop-count mechanism 21-5
IST 21-2
supported spanning-tree instances 21-2
optional features supported 1-6
overview 21-2
Port Fast
described 22-2
enabling 22-10
preventing root switch selection 22-8
root guard
described 22-8
enabling 22-15
root switch
configuring 21-17
effects of extended system ID 21-17
unexpected behavior 21-17
shutdown Port Fast-enabled port 22-2
status, displaying 21-26
multiauth
support for inaccessible authentication bypass 10-23
multiauth mode
See multiple-authentication mode
multicast groups
static joins 42-7
multicast packets
blocking 27-7
multicast router interfaces, monitoring 42-11
multicast router ports, adding 42-8
Multicast Source Discovery Protocol
See MSDP
multicast storm 27-1
multicast storm-control command 27-4
multidomain authentication
See MDA
multioperations scheduling, IP SLAs 45-5
multiple authentication 10-13
multiple authentication mode
configuring 10-42
Multiple HSRP
See MHSRP
multiple VPN routing/forwarding in customer edge devices
See multi-VRF CE
multi-VRF CE
configuration example 39-82
configuration guidelines 39-74
configuring 39-74
default configuration 39-74
defined 39-72
displaying 39-86
monitoring 39-86
network components 39-74
packet-forwarding process 39-73
support for 1-11
N
NAC
AAA down policy 1-9
critical authentication 10-23, 10-51
IEEE 802.1x authentication using a RADIUS server 10-56
IEEE 802.1x validation using RADIUS server 10-56
inaccessible authentication bypass 1-9, 10-51
Layer 2 IEEE 802.1x validation 1-9, 10-28, 10-56
Layer 2 IP validation 1-9
named IPv4 ACLs 36-13
NameSpace Mapper
See NSM
native VLAN
and IEEE 802.1Q tunneling 19-4
configuring 15-19
default 15-19
NEAT
configuring 10-57
overview 10-29
neighbor discovery, IPv6 40-4
neighbor discovery/recovery, EIGRP 39-34
neighbor offset numbers, REP 23-4
neighbors, BGP 39-55
Network Admission Control
NAC
Network Assistant
benefits 1-2
described 1-3
network configuration examples
increasing network performance 1-16
providing network services 1-16
network design
performance 1-16
services 1-16
Network Edge Access Topology
See NEAT
network management
CDP 30-1
RMON 32-1
SNMP 34-1
network performance, measuring with IP SLAs 45-3
network policy TLV 29-2, 29-8
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
configuration guidelines 37-32
described 37-9
non-IP traffic filtering 36-26
nontrunking mode 15-15
normal-range VLANs 15-4
configuration guidelines 15-5
configuring 15-4
defined 15-1
not-so-stubby areas
See NSSA
NSAPs, as ISO IGRP addresses 39-62
NSF Awareness
IS-IS 39-64
NSM 5-3
NSSA, OSPF 39-29
NTP
associations
defined 8-2
overview 8-2
stratum 8-2
support for 1-4
time
services 8-2
synchronizing 8-2
O
object tracking
HSRP 46-7
IP SLAs 46-9
IP SLAs, configuring 46-9
monitoring 46-12
off mode, VTP 16-3
open1x
configuring 10-62
open1x authentication
overview 10-29
Open Shortest Path First
See OSPF
optimizing system resources 7-1
options, management 1-3
OSPF
area parameters, configuring 39-28
configuring 39-26
default configuration
metrics 39-30
route 39-30
settings 39-25
described 39-23
for IPv6 40-7
interface parameters, configuring 39-27
LSA group pacing 39-31
monitoring 39-32
router IDs 39-32
route summarization 39-30
support for 1-11
virtual links 39-30
out-of-profile markdown 1-11
P
packet modification, with QoS 37-18
PAgP
Layer 2 protocol tunneling 19-9
See EtherChannel
parallel paths, in routing tables 39-88
passive interfaces
configuring 39-97
OSPF 39-30
passwords
default configuration 9-2
disabling recovery of 9-5
encrypting 9-3
for security 1-7
in clusters 6-12
overview 9-1
recovery of 36-3
setting
enable 9-3
enable secret 9-3
Telnet 9-6
with usernames 9-6
VTP domain 16-8
path cost
MSTP 21-20
STP 20-18
path MTU discovery 40-4
PBR
defined 39-94
enabling 39-95
fast-switched policy-based routing 39-97
local policy-based routing 39-97
peers, BGP 39-55
percentage thresholds in tracked lists 46-6
performance, network design 1-16
performance features 1-2
persistent self-signed certificate 9-51
per-user ACLs and Filter-Ids 10-8
per-VLAN spanning-tree plus
See PVST+
PE to CE routing, configuring 39-81
physical ports 13-2
PIM
support for 1-12
ping
overview 36-6
PoE
auto mode 13-6
CDP with power consumption, described 13-4
CDP with power negotiation, described 13-4
Cisco intelligent power management 13-4
configuring 13-20
devices supported 13-4
high-power devices operating in low-power mode 13-5
IEEE power classification levels 13-5
monitoring 13-7
policing power usage 13-7
power budgeting 13-22
power consumption 13-22
powered-device detection and initial power allocation 13-5
power management modes 13-6
power negotiation extensions to CDP 13-4
standards supported 13-4
static mode 13-6
troubleshooting 36-5
policed-DSCP map for QoS 37-62
policers
configuring
for each matched traffic class 37-47
for more than one traffic class 37-57
described 37-3
displaying 37-77
number of 37-33
types of 37-9
policing
described 37-3
hierarchical
See hierarchical policy maps
token-bucket algorithm 37-9
policy-based routing
See PBR
policy maps for QoS
characteristics of 37-47
described 37-7
displaying 37-77
hierarchical 37-8
hierarchical on SVIs
configuration guidelines 37-32
configuring 37-51
described 37-11
nonhierarchical on physical ports
configuration guidelines 37-32
described 37-9
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 10-14
authentication server
defined 10-3, 11-2
RADIUS server 10-3
client, defined 10-3, 11-2
configuration guidelines 10-34, 11-9
configuring
802.1x authentication 10-39
guest VLAN 10-49
host mode 10-42
inaccessible authentication bypass 10-51
manual re-authentication of a client 10-44
periodic re-authentication 10-43
quiet period 10-44
RADIUS server 10-42, 11-13
RADIUS server parameters on the switch 10-41, 11-11
restricted VLAN 10-50
switch-to-client frame-retransmission number 10-45, 10-46
switch-to-client retransmission time 10-45
violation modes 10-38 to 10-39
default configuration 10-33, 11-9
described 10-1
device roles 10-2, 11-2
displaying statistics 10-64, 11-17
downloadable ACLs and redirect URLs
configuring 10-59 to 10-61, ?? to 10-61
overview 10-18 to 10-20
EAPOL-start frame 10-5
EAP-request/identity frame 10-5
EAP-response/identity frame 10-5
enabling
802.1X authentication 11-11
encapsulation 10-3
flexible authentication ordering
configuring 10-62
overview 10-28
guest VLAN
configuration guidelines 10-22, 10-23
described 10-21
host mode 10-11
inaccessible authentication bypass
configuring 10-51
described 10-23
guidelines 10-35
initiation and message exchange 10-5
magic packet 10-25
maximum number of allowed devices per port 10-36
method lists 10-39
multiple authentication 10-13
per-user ACLs
AAA authorization 10-39
configuration tasks 10-18
described 10-17
RADIUS server attributes 10-18
ports
authorization state and dot1x port-control command 10-10
authorized and unauthorized 10-10
voice VLAN 10-24
port security
described 10-25
readiness check
configuring 10-36
described 10-16, 10-36
resetting to default values 10-64
statistics, displaying 10-64
switch
as proxy 10-3, 11-2
RADIUS client 10-3
switch supplicant
configuring 10-57
overview 10-29
user distribution
guidelines 10-27
overview 10-27
VLAN assignment
AAA authorization 10-39
characteristics 10-16
configuration tasks 10-17
described 10-16
voice aware 802.1x security
configuring 10-37
described 10-29, 10-37
voice VLAN
described 10-24
PVID 10-24
VVID 10-24
wake-on-LAN, described 10-25
with ACLs and RADIUS Filter-Id attribute 10-31
port-based authentication methods, supported 10-7
port blocking 1-3, 27-6
port-channel
See EtherChannel
port description TLV 29-2
Port Fast
described 22-2
enabling 22-10
mode, spanning tree 15-25
support for 1-6
port membership modes, VLAN 15-3
port not forwarding alarm 3-3
port not operating alarm 3-3
port priority
MSTP 21-19
STP 20-16
ports
access 13-2
blocking 27-6
dual-purpose uplink 13-4
dynamic access 15-3
protected 27-5
REP 23-6
secure 27-8
static-access 15-3, 15-9
switch 13-2
trunks 15-3, 15-14
VLAN assignments 15-9
port security
aging 27-17
and private VLANs 27-19
and QoS trusted boundary 37-37
configuring 27-12
default configuration 27-10
described 27-7
displaying 27-20
enabling 27-19
on trunk ports 27-14
sticky learning 27-8
violations 27-9
with other features 27-11
port-shutdown response, VMPS 15-24
port status monitoring alarms
FCS bit error rate alarm 3-3
link fault alarm 3-3
port not forwarding alarm 3-3
port not operating alarm 3-3
port VLAN ID TLV 29-2
power management TLV 29-2, 29-8
power over Ethernet
See PoE
preempt delay time, REP 23-5
preemption, default configuration 24-8
preemption delay, default configuration 24-8
preferential treatment of traffic
See QoS
prefix lists, BGP 39-53
preventing unauthorized access 9-1
primary edge port, REP 23-4
primary interface for object tracking, DHCP, configuring 46-10
primary interface for static routing, configuring 46-10
primary links 24-2
primary VLANs 18-1, 18-3
priority
HSRP 44-8
overriding CoS 17-6
trusting CoS 17-6
private VLAN edge ports
See protected ports
private VLANs
across multiple switches 18-4
and SDM template 18-4
and SVIs 18-5
benefits of 18-1
community ports 18-2
community VLANs 18-2, 18-3
configuration guidelines 18-6, 18-7, 18-8
configuration tasks 18-6
configuring 18-9
default configuration 18-6
end station access to 18-3
IP addressing 18-3
isolated port 18-2
isolated VLANs 18-2, 18-3
mapping 18-13
monitoring 18-14
ports
community 18-2
configuration guidelines 18-8
configuring host ports 18-11
configuring promiscuous ports 18-12
isolated 18-2
promiscuous 18-2
primary VLANs 18-1, 18-3
promiscuous ports 18-2
secondary VLANs 18-2
subdomains 18-1
traffic in 18-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 9-9
command switch 6-14
exiting 9-10
logging into 9-10
mapping on member switches 6-14
overview 9-2, 9-8
setting a command with 9-8
promiscuous ports
configuring 18-12
defined 18-2
protected ports 1-7, 27-5
protocol-dependent modules, EIGRP 39-34
provider edge devices 39-72
proxy ARP
configuring 39-10
definition 39-8
with IP routing disabled 39-11
proxy reports 24-3
pruning, VTP
disabling
in VTP domain 16-14
on a port 15-19
enabling
in VTP domain 16-14
on a port 15-19
examples 16-6
overview 16-5
pruning-eligible list
changing 15-19
for VTP pruning 16-5
VLANs 16-14
PVST+
described 20-9
IEEE 802.1Q trunking interoperability 20-10
instances supported 20-9
Q
QoS
auto-QoS
categorizing traffic 37-19
configuration and defaults display 37-28
configuration guidelines 37-24
described 37-18
disabling 37-26
displaying generated commands 37-26
displaying the initial configuration 37-28
effects on running configuration 37-24
egress queue defaults 37-19
enabling for VoIP 37-25
example configuration 37-27
ingress queue defaults 37-19
list of generated commands 37-21
basic model 37-3
classification
class maps, described 37-7
defined 37-3
DSCP transparency, described 37-39
flowchart 37-6
forwarding treatment 37-3
in frames and packets 37-2
IP ACLs, described 37-5, 37-7
MAC ACLs, described 37-5, 37-7
options for IP traffic 37-5
options for non-IP traffic 37-4
policy maps, described 37-7
trust DSCP, described 37-4
trusted CoS, described 37-4
trust IP precedence, described 37-4
class maps
configuring 37-45
displaying 37-77
configuration guidelines
auto-QoS 37-24
standard QoS 37-32
configuring
aggregate policers 37-57
auto-QoS 37-18
default port CoS value 37-37
DSCP maps 37-59
DSCP transparency 37-39
DSCP trust states bordering another domain 37-39
egress queue characteristics 37-69
ingress queue characteristics 37-65
IP extended ACLs 37-43
IP standard ACLs 37-42
MAC ACLs 37-44
policy maps, hierarchical 37-51
port trust states within the domain 37-35
trusted boundary 37-37
default auto configuration 37-19
default standard configuration 37-29
displaying statistics 37-77
DSCP transparency 37-39
egress queues
allocating buffer space 37-70
buffer allocation scheme, described 37-16
configuring shaped weights for SRR 37-73
configuring shared weights for SRR 37-74
described 37-3
displaying the threshold map 37-73
flowchart 37-16
mapping DSCP or CoS values 37-72
scheduling, described 37-4
setting WTD thresholds 37-70
WTD, described 37-17
enabling globally 37-34
flowcharts
classification 37-6
egress queueing and scheduling 37-16
ingress queueing and scheduling 37-14
policing and marking 37-10
implicit deny 37-7
ingress queues
allocating bandwidth 37-67
allocating buffer space 37-67
buffer and bandwidth allocation, described 37-15
configuring shared weights for SRR 37-67
configuring the priority queue 37-68
described 37-3
displaying the threshold map 37-66
flowchart 37-14
mapping DSCP or CoS values 37-66
priority queue, described 37-15
scheduling, described 37-3
setting WTD thresholds 37-66
WTD, described 37-15
IP phones
automatic classification and queueing 37-18
detection and trusted settings 37-18, 37-37
limiting bandwidth on egress interface 37-76
mapping tables
CoS-to-DSCP 37-60
displaying 37-77
DSCP-to-CoS 37-63
DSCP-to-DSCP-mutation 37-64
IP-precedence-to-DSCP 37-61
policed-DSCP 37-62
types of 37-12
marked-down actions 37-49, 37-54
marking, described 37-3, 37-8
overview 37-1
packet modification 37-18
policers
configuring 37-49, 37-54, 37-58
described 37-8
displaying 37-77
number of 37-33
types of 37-9
policies, attaching to an interface 37-8
policing
described 37-3, 37-8
token bucket algorithm 37-9
policy maps
characteristics of 37-47
displaying 37-77
hierarchical 37-8
hierarchical on SVIs 37-51
nonhierarchical on physical ports 37-47
QoS label, defined 37-3
queues
configuring egress characteristics 37-69
configuring ingress characteristics 37-65
high priority (expedite) 37-17, 37-75
location of 37-13
SRR, described 37-14
WTD, described 37-13
rewrites 37-18
support for 1-10
trust states
bordering another domain 37-39
described 37-4
trusted device 37-37
within the domain 37-35
quality of service
See QoS
R
RADIUS
attributes
vendor-proprietary 9-38
vendor-specific 9-36
configuring
accounting 9-35
authentication 9-30
authorization 9-34
communication, global 9-28, 9-36
communication, per-server 9-28
multiple UDP ports 9-28
default configuration 9-27
defining AAA server groups 9-32
displaying the configuration 9-40
identifying the server 9-28
in clusters 6-13
limiting the services to the user 9-34
method list, defined 9-27
operation of 9-20
overview 9-18
server load balancing 9-40
suggested network environments 9-19
support for 1-9
tracking services accessed by user 9-35
RADIUS Change of Authorization 9-20
range
macro 13-12
of interfaces 13-11
rapid convergence 21-9
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 20-9
IEEE 802.1Q trunking interoperability 20-10
instances supported 20-9
Rapid Spanning Tree Protocol
See RSTP
RARP 39-8
rcommand command 6-13
RCP
configuration files
downloading A-17
overview A-15
preparing the server A-16
uploading A-18
image files
deleting old image A-34
downloading A-33
preparing the server A-32
uploading A-34
reachability, tracking IP SLAs IP host 46-9
readiness check
port-based authentication
configuring 10-36
described 10-16, 10-36
reconfirmation interval, VMPS, changing 15-27
reconfirming dynamic VLAN membership 15-27
recovery procedures 36-1
redirect URL 10-18, 10-20, 10-59
redundancy
EtherChannel 38-3
HSRP 44-1
STP
backbone 20-8
path cost 15-22
port priority 15-20
redundant links and UplinkFast 22-13
reliable transport protocol, EIGRP 39-34
reloading software 4-21
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 28-2
REP
administrative VLAN 23-8
administrative VLAN, configuring 23-8
age timer 23-8
and STP 23-6
configuration guidelines 23-7
configuring interfaces 23-9
convergence 23-4
default configuration 23-7
manual preemption, configuring 23-13
monitoring 23-13
neighbor offset numbers 23-4
open segment 23-2
ports 23-6
preempt delay time 23-5
primary edge port 23-4
ring segment 23-2
secondary edge port 23-4
segments 23-1
characteristics 23-2
SNMP traps, configuring 23-13
supported interfaces 23-1
triggering VLAN load balancing 23-5
verifying link integrity 23-3
VLAN blocking 23-12
VLAN load balancing 23-4
report suppression, IGMP
disabling 42-10
resequencing ACL entries 36-13
reserved addresses in DHCP pools 25-28
resets, in BGP 39-48
resetting a UDLD-shutdown interface 31-6
Resilient Ethernet Protocol
See REP
responder, IP SLAs
described 45-4
response time, measuring with IP SLAs 45-4
restricted VLAN
configuring 10-50
described 10-22
using with IEEE 802.1x 10-22
restricting access
overview 9-1
passwords and privilege levels 9-2
RADIUS 9-18
TACACS+ 9-10
retry count, VMPS, changing 15-28
reverse address resolution 39-8
Reverse Address Resolution Protocol
See RARP
RFC
1058, RIP 39-18
1157, SNMPv1 34-2
1163, BGP 39-41
1166, IP addresses 39-5
1253, OSPF 39-24
1267, BGP 39-41
1305, NTP 8-2
1587, NSSAs 39-24
1757, RMON 32-2
1771, BGP 39-41
1901, SNMPv2C 34-2
1902 to 1907, SNMPv2 34-2
2273-2275, SNMPv3 34-2
RFC 5176 Compliance 9-21
RIP
advertisements 39-18
authentication 39-21
configuring 39-20
default configuration 39-19
described 39-18
for IPv6 40-6
hop counts 39-19
split horizon 39-22
summary addresses 39-22
support for 1-11
RMON
default configuration 32-3
displaying status 32-6
enabling alarms and events 32-3
groups supported 32-2
overview 32-1
statistics
collecting group Ethernet 32-5
collecting group history 32-5
support for 1-12
root guard
described 22-8
enabling 22-15
support for 1-6
root switch
MSTP 21-17
STP 20-14
route calculation timers, OSPF 39-30
route dampening, BGP 39-60
routed ports
configuring 39-3
IP addresses on 39-4
route-map command 39-96
route maps
BGP 39-51
policy-based routing 39-94
route reflectors, BGP 39-59
router ID, OSPF 39-32
route selection, BGP 39-49
route summarization, OSPF 39-30
route targets, VPN 39-74
routing
default 39-2
dynamic 39-3
redistribution of information 39-90
static 39-3
routing domain confederation, BGP 39-58
Routing Information Protocol
See RIP
routing protocol administrative distances 39-89
RSPAN
characteristics 28-8
configuration guidelines 28-16
default configuration 28-9
defined 28-2
destination ports 28-7
displaying status 28-22
interaction with other features 28-8
monitored ports 28-5
monitoring ports 28-7
overview 1-12, 28-1
received traffic 28-4
sessions
creating 28-16
defined 28-3
limiting source traffic to specific VLANs 28-21
specifying monitored ports 28-16
with ingress traffic enabled 28-20
source ports 28-5
transmitted traffic 28-5
VLAN-based 28-6
RSTP
active topology 21-9
BPDU
format 21-12
processing 21-12
designated port, defined 21-9
designated switch, defined 21-9
interoperability with IEEE 802.1D
described 21-8
restarting migration process 21-25
topology changes 21-13
overview 21-8
port roles
described 21-9
synchronized 21-11
proposal-agreement handshake process 21-10
rapid convergence
described 21-9
edge ports and Port Fast 21-9
point-to-point links 21-10, 21-24
root ports 21-10
root port, defined 21-9
See also MSTP
running configuration
replacing A-19, A-20
rolling back A-19, A-20
running configuration, saving 4-15
S
scheduled reloads 4-21
scheduling, IP SLAs operations 45-5
SCP
and SSH 9-56
configuring 9-57
SD flash memory card A-2
SDM
templates
configuring 7-4
number of 7-1
SDM template 43-3
configuration guidelines 7-3
configuring 7-3
dual IPv4 and IPv6 7-2
types of 7-1
secondary edge port, REP 23-4
secondary VLANs 18-2
Secure Copy Protocol
Secure Digital flash memory card
See SD flash memory card
secure HTTP client
configuring 9-55
displaying 9-56
secure HTTP server
configuring 9-54
displaying 9-56
secure MAC addresses
deleting 27-16
maximum number of 27-9
types of 27-8
secure ports, configuring 27-8
secure remote connections 9-46
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 27-7
security features 1-7
See SCP
sequence numbers in log messages 33-8
server mode, VTP 16-3
service-provider network, MSTP and RSTP 21-1
service-provider networks
and customer VLANs 19-2
and IEEE 802.1Q tunneling 19-1
Layer 2 protocols across 19-8
Layer 2 protocol tunneling for EtherChannels 19-9
set-request operation 34-4
setting a secondary temperature threshold 3-7, 3-8
setting power supply alarm options 3-6
setting the FCS error hysteresis threshold 3-10
severity levels, defining in system messages 33-8
SFPs
monitoring status of 13-26, 36-6
security and identification 36-5
status, displaying 36-6
shaped round robin
See SRR
show access-lists hw-summary command 36-20
show alarm commands 3-13
show and more command output, filtering 2-10
show cdp traffic command 30-6
show cluster members command 6-13
show configuration command 13-23
show forward command 36-12
show interfaces command 13-18, 13-23
show interfaces switchport 24-4
show l2protocol command 19-13, 19-15
show lldp traffic command 29-12
show platform forward command 36-12
show running-config command
displaying ACLs 36-18, 36-19
interface description in 13-23
shutdown command on interfaces 13-28
shutdown threshold for Layer 2 protocol packets 19-11
Simple Network Management Protocol
See SNMP
Smartports macros
applying Cisco-default macros 14-3
applying global parameter values 14-3
configuration guidelines 14-2
default configuration 14-1
displaying 14-5
tracing 14-2
SNAP 30-1
SNMP
accessing MIB variables with 34-4
agent
described 34-4
disabling 34-8
and IP SLAs 45-2
authentication level 34-11
community strings
configuring 34-9
overview 34-4
configuration examples 34-18
default configuration 34-7
engine ID 34-8
groups 34-8, 34-10
host 34-8
ifIndex values 34-5
in-band management 1-5
in clusters 6-13
informs
and trap keyword 34-12
described 34-5
differences from traps 34-5
disabling 34-16
enabling 34-16
limiting access by TFTP servers 34-17
limiting system log messages to NMS 33-10
manager functions 1-4, 34-3
managing clusters with 6-14
notifications 34-5
overview 34-1, 34-4
security levels 34-2
setting CPU threshold notification 34-16
status, displaying 34-19
system contact and location 34-17
trap manager, configuring 34-14
traps
described 34-3, 34-5
differences from informs 34-5
disabling 34-16
enabling 34-12
enabling MAC address notification 8-15, 8-17, 8-18
overview 34-1, 34-4
types of 34-13
users 34-8, 34-10
versions supported 34-2
SNMP and Syslog Over IPv6 40-8
SNMP traps
REP 23-13
SNMPv1 34-2
SNMPv2C 34-2
SNMPv3 34-2
software images
location in flash A-23
recovery procedures 36-2
scheduling reloads 4-21
tar file format, described A-23
See also downloading and uploading
source addresses
in IPv4 ACLs 36-10
in IPv6 ACLs 43-5
source-and-destination-IP address based forwarding, EtherChannel 38-7
source-and-destination MAC address forwarding, EtherChannel 38-7
source-IP address based forwarding, EtherChannel 38-7
source-MAC address forwarding, EtherChannel 38-7
SPAN
configuration guidelines 28-10
default configuration 28-9
destination ports 28-7
displaying status 28-22
interaction with other features 28-8
monitored ports 28-5
monitoring ports 28-7
overview 1-12, 28-1
ports, restrictions 27-11
received traffic 28-4
sessions
configuring ingress forwarding 28-14, 28-21
creating 28-11
defined 28-3
limiting source traffic to specific VLANs 28-14
removing destination (monitoring) ports 28-12
specifying monitored ports 28-11
with ingress traffic enabled 28-13
source ports 28-5
transmitted traffic 28-5
VLAN-based 28-6
spanning tree and native VLANs 15-15
Spanning Tree Protocol
See STP
SPAN traffic 28-4
split horizon, RIP 39-22
SRR
configuring
shaped weights on egress queues 37-73
shared weights on egress queues 37-74
shared weights on ingress queues 37-67
described 37-14
shaped mode 37-14
shared mode 37-14
support for 1-11
SSH
configuring 9-47
cryptographic software image 9-45
described 1-5, 9-46
encryption methods 9-46
user authentication methods, supported 9-46
SSL
configuration guidelines 9-53
configuring a secure HTTP client 9-55
configuring a secure HTTP server 9-54
cryptographic software image 9-50
described 9-50
monitoring 9-56
standby command switch
configuring
considerations 6-10
defined 6-2
requirements 6-3
virtual IP address 6-10
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby ip command 44-6
standby links 24-2
standby router 44-1
standby timers, HSRP 44-11
startup configuration
booting
manually 4-18
specific image 4-19
clearing A-19
configuration file
automatically downloading 4-17
specifying the filename 4-17
default boot configuration 4-17
static access ports
assigning to VLAN 15-9
defined 13-3, 15-3
static addresses
See addresses
static IP routing 1-12
static MAC addressing 1-7
static route primary interface,configuring 46-10
static routes
configuring 39-88
configuring for IPv6 40-19
understanding 40-6
static routing 39-3
static routing support, enhanced object tracking 46-10
static VLAN membership 15-2
statistics
802.1X 11-17
802.1x 10-64
CDP 30-5
interface 13-26
LLDP 29-12
LLDP-MED 29-12
NMSP 29-12
OSPF 39-32
QoS ingress and egress 37-77
RMON group Ethernet 32-5
RMON group history 32-5
SNMP input and output 34-19
VTP 16-16
sticky learning 27-8
storm control
configuring 27-3
described 27-1
disabling 27-5
displaying 27-20
support for 1-3
thresholds 27-1
STP
accelerating root port selection 22-4
and REP 23-6
BackboneFast
described 22-5
disabling 22-14
enabling 22-13
BPDU filtering
described 22-3
disabling 22-12
enabling 22-12
BPDU guard
described 22-2
disabling 22-12
enabling 22-11
BPDU message exchange 20-3
configuration guidelines 20-12, 22-10
configuring
forward-delay time 20-21
hello time 20-20
maximum aging time 20-21
path cost 20-18
port priority 20-16
root switch 20-14
secondary root switch 20-16
spanning-tree mode 20-13
switch priority 20-19
transmit hold-count 20-22
counters, clearing 20-22
default configuration 20-11
default optional feature configuration 22-9
designated port, defined 20-3
designated switch, defined 20-3
detecting indirect link failures 22-5
disabling 20-14
displaying status 20-22
EtherChannel guard
described 22-7
disabling 22-14
enabling 22-14
extended system ID
effects on root switch 20-14
effects on the secondary root switch 20-16
overview 20-4
unexpected behavior 20-14
features supported 1-6
IEEE 802.1D and bridge ID 20-4
IEEE 802.1D and multicast addresses 20-8
IEEE 802.1t and VLAN identifier 20-4
inferior BPDU 20-3
instances supported 20-9
interface state, blocking to forwarding 22-2
interface states
blocking 20-5
disabled 20-7
forwarding 20-5, 20-6
learning 20-6
listening 20-6
overview 20-4
interoperability and compatibility among modes 20-10
Layer 2 protocol tunneling 19-7
limitations with IEEE 802.1Q trunks 20-10
load sharing
overview 15-20
using path costs 15-22
using port priorities 15-21
loop guard
described 22-9
enabling 22-15
modes supported 20-9
multicast addresses, effect of 20-8
optional features supported 1-6
overview 20-2
path costs 15-22, 15-23
Port Fast
described 22-2
enabling 22-10
port priorities 15-21
preventing root switch selection 22-8
protocols supported 20-9
redundant connectivity 20-8
root guard
described 22-8
enabling 22-15
root port, defined 20-3
root switch
configuring 20-14
effects of extended system ID 20-4, 20-14
election 20-3
unexpected behavior 20-14
shutdown Port Fast-enabled port 22-2
status, displaying 20-22
superior BPDU 20-3
timers, described 20-20
UplinkFast
described 22-3
enabling 22-13
VLAN-bridge 20-10
stratum, NTP 8-2
stub areas, OSPF 39-28
stub routing, EIGRP 39-39
subdomains, private VLAN 18-1
subnet mask 39-5
subnet zero 39-6
success response, VMPS 15-24
summer time 8-6
SunNet Manager 1-4
supernet 39-6
supported port-based authentication methods 10-7
SVIs
and IP unicast routing 39-3
connecting VLANs 13-9
switch 40-2
switch clustering technology 6-1
See also clusters, switch
switch console port 1-5
Switch Database Management
See SDM
Switched Port Analyzer
See SPAN
switched ports 13-2
switchport backup interface 24-4, 24-5
switchport block multicast command 27-7
switchport block unicast command 27-7
switchport command 13-14
switchport mode dot1q-tunnel command 19-6
switchport protected command 27-6
switch priority
MSTP 21-21
STP 20-19
switch software features 1-1
SXP
configuration process 12-2
configuring peer connections 12-2
default passwords 12-4
enabling 12-2
reconcile period 12-5
retry period 12-5
source IP address 12-4
synchronization, BGP 39-45
syslog
See system message logging
system capabilities TLV 29-2
system clock
configuring
daylight saving time 8-6
manually 8-4
summer time 8-6
time zones 8-5
displaying the time and date 8-5
overview 8-1
See also NTP
system description TLV 29-2
system message logging
default configuration 33-3
defining error message severity levels 33-8
disabling 33-4
displaying the configuration 33-13
enabling 33-4
facility keywords, described 33-13
level keywords, described 33-9
limiting messages 33-10
message format 33-2
overview 33-1
sequence numbers, enabling and disabling 33-8
setting the display destination device 33-5
synchronizing log messages 33-6
syslog facility 1-12
time stamps, enabling and disabling 33-7
UNIX syslog servers
configuring the daemon 33-12
configuring the logging facility 33-12
facilities supported 33-13
system MTU
and IS-IS LSPs 39-66
system MTU and IEEE 802.1Q tunneling 19-5
system name
default configuration 8-8
default setting 8-8
manual configuration 8-8
See also DNS
system name TLV 29-2
system prompt, default setting 8-7, 8-8
system resources, optimizing 7-1
system routing
IS-IS 39-62
ISO IGRP 39-62
T
TACACS+
accounting, defined 9-11
authentication, defined 9-11
authorization, defined 9-11
configuring
accounting 9-17
authentication key 9-13
authorization 9-16
login authentication 9-14
default configuration 9-13
displaying the configuration 9-18
identifying the server 9-13
in clusters 6-13
limiting the services to the user 9-16
operation of 9-12
overview 9-10
support for 1-9
tracking services accessed by user 9-17
tagged packets
IEEE 802.1Q 19-3
Layer 2 protocol 19-7
tar files
creating A-7
displaying the contents of A-7
extracting A-8
image file format A-23
TCL script, registering and defining with embedded event manager 35-6
TDR 1-13
Telnet
accessing management interfaces 2-10
number of connections 1-5
setting a password 9-6
temperature alarms, configuring 3-7, 3-8
temporary self-signed certificate 9-51
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 9-6
TFTP
configuration files
downloading A-11
preparing the server A-10
uploading A-12
configuration files in base directory 4-7
configuring for autoconfiguration 4-7
image files
deleting A-26
downloading A-25
preparing the server A-24
uploading A-27
limiting access by servers 34-17
TFTP server 1-4
threshold, traffic level 27-2
threshold monitoring, IP SLAs 45-6
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 36-15
time ranges in ACLs 36-15
time stamps in log messages 33-7
time zones 8-5
TLVs
defined 29-1
LLDP 29-2
LLDP-MED 29-2
Token Ring VLANs
support for 15-5
VTP support 16-4
ToS 1-10
traceroute, Layer 2
and ARP 36-7
and CDP 36-7
broadcast traffic 36-7
described 36-7
IP addresses and subnets 36-7
MAC addresses and VLANs 36-7
multicast traffic 36-7
multiple devices on a port 36-8
unicast traffic 36-7
usage guidelines 36-7
traceroute command 36-9
See also IP traceroute
tracked lists
configuring 46-3
types 46-3
tracked objects
by Boolean expression 46-4
by threshold percentage 46-6
by threshold weight 46-5
tracking interface line-protocol state 46-2
tracking IP routing state 46-2
tracking objects 46-1
tracking process 46-1
track state, tracking IP SLAs 46-9
traffic
blocking flooded 27-7
fragmented 36-3
fragmented IPv6 43-2
unfragmented 36-3
traffic policing 1-10
traffic suppression 27-1
transmit hold-count
see STP
transparent mode, VTP 16-3
trap-door mechanism 4-2
traps
configuring MAC address notification 8-15, 8-17, 8-18
configuring managers 34-12
defined 34-3
enabling 8-15, 8-17, 8-18, 34-12
notification types 34-13
overview 34-1, 34-4
triggering alarm options
configurable relay 3-3
methods 3-3
SNMP traps 3-4
syslog messages 3-4
troubleshooting
connectivity problems 36-6, 36-8
CPU utilization 36-15
detecting unidirectional links 31-1
displaying crash information 36-14
setting packet forwarding 36-12
SFP security and identification 36-5
show forward command 36-12
with CiscoWorks 34-4
with debug commands 36-11
with ping 36-6
with system message logging 33-1
with traceroute 36-8
trunk failover
See link-state tracking
trunking encapsulation 1-6
trunk ports
configuring 15-17
defined 13-3, 15-3
trunks
allowed-VLAN list 15-18
load sharing
setting STP path costs 15-22
using STP port priorities 15-20, 15-21
native VLAN for untagged traffic 15-19
parallel 15-22
pruning-eligible list 15-19
to non-DTP device 15-14
trusted boundary for QoS 37-37
trusted port states
between QoS domains 37-39
classification options 37-4
ensuring port security for IP phones 37-37
support for 1-10
within a QoS domain 37-35
trustpoints, CA 9-50
tunneling
defined 19-1
IEEE 802.1Q 19-1
Layer 2 protocol 19-8
tunnel ports
described 19-1
IEEE 802.1Q, configuring 19-6
incompatibilities with other features 19-5
twisted-pair Ethernet, detecting unidirectional links 31-1
type of service
See ToS
U
UDLD
configuration guidelines 31-4
default configuration 31-4
disabling
globally 31-5
on fiber-optic interfaces 31-5
per interface 31-5
echoing detection mechanism 31-2
enabling
globally 31-5
per interface 31-5
Layer 2 protocol tunneling 19-10
link-detection mechanism 31-1
neighbor database 31-2
overview 31-1
resetting an interface 31-6
status, displaying 31-6
support for 1-5
UDP, configuring 39-14
UDP jitter, configuring 45-9
UDP jitter operation, IP SLAs 45-9
unauthorized ports with IEEE 802.1x 10-10
unicast MAC address filtering 1-4
and adding static addresses 8-21
and broadcast MAC addresses 8-20
and CPU packets 8-20
and multicast addresses 8-20
and router MAC addresses 8-20
configuration guidelines 8-20
described 8-20
unicast storm 27-1
unicast storm control command 27-4
unicast traffic, blocking 27-7
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 33-12
facilities supported 33-13
message logging configuration 33-12
unrecognized Type-Length-Value (TLV) support 16-4
upgrading software images
See downloading
UplinkFast
described 22-3
disabling 22-13
enabling 22-13
uploading
configuration files
preparing A-10, A-13, A-16
reasons for A-9
using FTP A-14
using RCP A-18
using TFTP A-12
image files
preparing A-24, A-28, A-32
reasons for A-23
using FTP A-30
using RCP A-34
using TFTP A-27
User Datagram Protocol
See UDP
user EXEC mode 2-2
username-based authentication 9-6
V
version-dependent transparent mode 16-4
virtual IP address
cluster standby group 6-10
command switch 6-10
Virtual Private Network
See VPN
virtual router 44-1, 44-2
virtual switches and PAgP 38-5
vlan.dat file 15-4
VLAN 1, disabling on a trunk port 15-18
VLAN 1 minimization 15-18
vlan-assignment response, VMPS 15-24
VLAN blocking, REP 23-12
VLAN configuration
at bootup 15-6
saving 15-6
VLAN configuration mode 2-2
VLAN database
and startup configuration file 15-6
and VTP 16-1
VLAN configuration saved in 15-6
VLANs saved in 15-4
vlan dot1q tag native command 19-4
VLAN filtering and SPAN 28-6
vlan global configuration command 15-6
VLAN ID, discovering 8-23
VLAN load balancing
REP 23-4
VLAN load balancing, triggering 23-5
VLAN load balancing on flex links 24-2
configuration guidelines 24-8
VLAN management domain 16-2
VLAN Management Policy Server
See VMPS
VLAN maps
displaying 36-29
support for 1-8
VLAN membership
confirming 15-27
modes 15-3
VLAN Query Protocol
See VQP
VLANs
adding 15-7
adding to VLAN database 15-7
aging dynamic addresses 20-9
allowed on trunk 15-18
and spanning-tree instances 15-2, 15-6, 15-10
configuration guidelines, extended-range VLANs 15-10
configuration guidelines, normal-range VLANs 15-5
configuring 15-1
configuring IDs 1006 to 4094 15-10
connecting through SVIs 13-9
creating 15-7
customer numbering in service-provider networks 19-3
default configuration 15-6
deleting 15-8
described 13-2, 15-1
displaying 15-13
extended-range 15-1, 15-10
features 1-6
illustrated 15-2
internal 15-11
limiting source traffic with RSPAN 28-21
limiting source traffic with SPAN 28-14
modifying 15-7
native, configuring 15-19
normal-range 15-1, 15-4
number supported 1-6
parameters 15-4
port membership modes 15-3
static-access ports 15-9
STP and IEEE 802.1Q trunks 20-10
supported 15-2
Token Ring 15-5
VLAN-bridge STP 20-10, 48-2
VTP modes 16-3
VLAN Trunking Protocol
See VTP
VLAN trunks 15-14
VMPS
administering 15-28
configuration example 15-29
configuration guidelines 15-25
default configuration 15-25
description 15-23
dynamic port membership
described 15-24
reconfirming 15-27
troubleshooting 15-29
entering server address 15-26
mapping MAC addresses to VLANs 15-24
monitoring 15-28
reconfirmation interval, changing 15-27
reconfirming membership 15-27
retry count, changing 15-28
voice aware 802.1x security
port-based authentication
configuring 10-37
described 10-29, 10-37
voice-over-IP 17-1
voice VLAN
Cisco 7960 phone, port connections 17-1
configuration guidelines 17-3
configuring IP phones for data traffic
override CoS of incoming frame 17-6
trust CoS priority of incoming frame 17-6
configuring ports for voice traffic in
802.1p priority tagged frames 17-5
802.1Q frames 17-5
connecting to an IP phone 17-4
default configuration 17-3
described 17-1
displaying 17-7
IP phone data traffic, described 17-2
IP phone voice traffic, described 17-2
VPN
configuring routing in 39-81
forwarding 39-74
in service provider networks 39-71
routes 39-72
VPN routing and forwarding table
See VRF
VQP 1-6, 15-23
VRF
defining 39-74
Specifying for an SXP connection 12-3
tables 39-71
VRF-aware services
ARP 39-78
configuring 39-77
ftp 39-80
HSRP 39-79
ping 39-78
SNMP 39-78
syslog 39-79
tftp 39-80
traceroute 39-80
VTP
adding a client to a domain 16-15
advertisements 15-16, 16-3
and extended-range VLANs 15-2, 16-1
and normal-range VLANs 15-2, 16-1
client mode, configuring 16-11
configuration
guidelines 16-8
requirements 16-10
saving 16-8
configuration requirements 16-10
configuration revision number
guideline 16-15
resetting 16-16
consistency checks 16-4
default configuration 16-7
described 16-1
domain names 16-8
domains 16-2
Layer 2 protocol tunneling 19-7
modes
client 16-3
off 16-3
server 16-3
transitions 16-3
transparent 16-3
monitoring 16-16
passwords 16-8
pruning
disabling 16-14
enabling 16-14
examples 16-6
overview 16-5
support for 1-6
pruning-eligible list, changing 15-19
server mode, configuring 16-10, 16-13
statistics 16-16
support for 1-6
Token Ring support 16-4
transparent mode, configuring 16-10
using 16-1
Version
enabling 16-13
version, guidelines 16-9
Version 1 16-4
Version 2
configuration guidelines 16-9
overview 16-4
Version 3
overview 16-4
W
WCCP
authentication 47-3
configuration guidelines 47-5
default configuration 47-5
described 47-1
displaying 47-9
dynamic service groups 47-3
enabling 47-6
features unsupported 47-4
forwarding method 47-3
Layer-2 header rewrite 47-3
MD5 security 47-3
message exchange 47-2
monitoring and maintaining 47-9
negotiation 47-3
packet redirection 47-3
packet-return method 47-3
redirecting traffic received from a client 47-6
setting the password 47-6
unsupported WCCPv2 features 47-4
web authentication 10-16
configuring 11-16 to ??
described 1-7
web-based authentication
customizeable web pages 11-5
description 11-1
web-based authentication, interactions with other features 11-7
Web Cache Communication Protocol
See WCCP
weighted tail drop
See WTD
weight thresholds in tracked lists 46-5
wired location service
configuring 29-10
displaying 29-12
location TLV 29-3
understanding 29-3
WTD
described 37-13
setting thresholds
egress queue-sets 37-70
ingress queues 37-66
support for 1-11
X
Xmodem protocol 36-2