- Index
- Preface
- Overview
- Using the Command-Line Interface
- Assigning the Switch IP Address and Default Gateway
- Configuring Cisco IOS Configuration Engine
- Administering the Switch
- Configuring Switch-Based Authentication
- Managing Switch Stacks
- Configuring SDM Tempates
- Configuring IEEE 802.1x Port-Based Authentication
- Configuring Web-Based Authentication
- Configuring Interface Characteristics
- Configuring Smartports Macros
- Configuring VLANs
- Configuring VTP
- Configuring Voice VLANs
- Configuring Private VLANs
- Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
- Configuring STP
- Configuring MSTP
- Configuring Optional Spanning-Tree Features
- Configuring Flex Links and the MAC Address-Table Move Update Feature
- Configuring DHCP Features and IP Source Guard
- Configuring Dynamic ARP Inspection
- Configuring IGMP Snooping and MVR
- Configuring IPv6 MLD Snooping
- Configuring Port-Based Traffic Control
- Configuring CDP
- Configuring LLDP, LLDP-MED, and Wired Location Service
- Configuring UDLD
- Configuring SPAN and RSPAN
- Configuring RMON
- Configuring System Message Logging
- Configuring SNMP
- Configuring Embedded Event Manager
- Configuring Network Security with ACLs
- Configuring IPv6 ACLs
- Configuring QoS
- Configuring EtherChannels and Link State Tracking
- Configuring IP Unicast Routing
- Configuring IPv6 Unicast Routing
- Configuring HSRP
- Configuring Cisco IOS IP SLAs Operations
- Configuring Enhanced Object Tracking
- Configuring Cache Services by Using WCCP
- Configuring IP Multicast Routing
- Configuring MSDP
- Configuring Fallback Bridging
- Troubleshooting
- Configuring Online Diagnostics
- Working with the Cisco IOS File System, Configuration Files, and Software Images
- Unsupported Commands in Cisco IOS Release 12.2(58)SE
Index
Numerics
10-Gigabit Ethernet interfaces 11-6
A
AAA down policy, NAC Layer 2 IP validation 1-12
abbreviating commands 2-3
ABRs 39-27
access
templates 8-1
access-class command 35-20
access control entries
access-denied response, VMPS 13-27
access groups
applying IPv4 ACLs to interfaces 35-21
Layer 2 35-21
Layer 3 35-21
access groups, applying IPv4 ACLs to interfaces 35-21
accessing stack members 7-26
access lists
access ports
and Layer 2 protocol tunneling 17-11
defined 11-3
access template 8-1
accounting
with 802.1x 9-50
with IEEE 802.1x 9-15
with RADIUS 6-36
ACEs
and QoS 37-8
defined 35-2
Ethernet 35-2
IP 35-2
ACLs
ACEs 35-2
any keyword 35-13
applying
on bridged packets 35-40
on multicast packets 35-41
on routed packets 35-41
on switched packets 35-39
time ranges to 35-17
to IPv6 interfaces 36-8
to QoS 37-8
classifying traffic for QoS 37-49
comments in 35-19
compiling 35-23
extended IP, configuring for QoS classification 37-50
extended IPv4
creating 35-11
matching criteria 35-8
hardware and software handling 35-22
host keyword 35-13
IP
creating 35-8
fragments and QoS guidelines 37-38
implicit deny 35-10, 35-14, 35-17
implicit masks 35-10
matching criteria 35-8
undefined 35-21
IPv4
applying to interfaces 35-20
creating 35-8
matching criteria 35-8
named 35-15
numbers 35-8
terminal lines, setting on 35-19
unsupported features 35-7
IPv6
and stacking 36-3
applying to interfaces 36-8
displaying 36-9
interactions with other features 36-4
limitations 36-2
matching criteria 36-3
named 36-2
precedence of 36-2
supported 36-2
unsupported features 36-2
Layer 4 information in 35-39
logging messages 35-9
named
IPv4 35-15
IPv6 36-2
names 36-4
number per QoS class map 37-38
precedence of 35-3
resequencing entries 35-15
router ACLs and VLAN map configuration guidelines 35-39
standard IP, configuring for QoS classification 37-49, 37-51
standard IPv4
creating 35-10
matching criteria 35-8
support for 1-10
support in hardware 35-22
time ranges 35-17
types supported 35-2
unsupported features
IPv4 35-7
IPv6 36-2
using router ACLs with VLAN maps 35-38
VLAN maps
configuration guidelines 35-31
configuring 35-30
active links 21-2
active router 41-1
active traffic monitoring, IP SLAs 42-1
address aliasing 24-2
addresses
displaying the MAC address table 5-24
dynamic
accelerated aging 18-9
changing the aging time 5-16
default aging 18-9
defined 5-13
removing 5-16
IPv6 40-2
MAC, discovering 5-24
multicast
group address range 45-3
STP address management 18-9
static
adding and removing 5-20
defined 5-13
Address Resolution Protocol
adjacency tables, with CEF 39-96
administrative distances
defined 39-108
OSPF 39-35
routing protocol defaults 39-98
advertisements
CDP 27-1
RIP 39-20
aggregatable global unicast addresses 40-4
aggregate addresses, BGP 39-65
aggregated ports
aggregate policers 37-72
aggregate policing 1-13
aging, accelerating 18-9
aging time
accelerated
for MSTP 19-24
MAC address table 5-16
maximum
for MSTP 19-25
alarms, RMON 31-4
allowed-VLAN list 13-20
application engines, redirecting traffic to 44-1
area border routers
area routing
IS-IS 39-69
ISO IGRP 39-69
ARP
configuring 39-10
encapsulation 39-11
static cache configuration 39-10
table
address resolution 5-24
managing 5-24
ASBRs 39-27
AS-path filters, BGP 39-59
asymmetrical links, and IEEE 802.1Q tunneling 17-4
attributes, RADIUS
vendor-proprietary 6-39
vendor-specific 6-38
attribute-value pairs 9-20, 9-21
authentication
EIGRP 39-45
HSRP 41-11
local mode with AAA 6-46
open1x 9-29
RADIUS
key 6-29
login 6-31
TACACS+
defined 6-11
key 6-13
login 6-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 9-9
authentication failed VLAN
authentication keys, and routing protocols 39-109
authentication manager
CLI commands 9-9
compatibility with older 802.1x CLI commands 9-10
overview 9-8
single session ID 9-32
authoritative time source, described 5-2
authorization
with RADIUS 6-35
authorized ports with IEEE 802.1x 9-11
autoconfiguration 3-4
auto enablement 9-31
automatic advise (auto-advise) in switch stacks 7-13
automatic copy (auto-copy) in switch stacks 7-13
automatic extraction (auto-extract) in switch stacks 7-13
automatic QoS
automatic upgrades (auto-upgrade) in switch stacks 7-13
auto-MDIX
configuring 11-22
described 11-22
autonegotiation
duplex mode 1-4
interface configuration guidelines 11-19
mismatches 48-10
autonomous system boundary routers
autonomous systems, in BGP 39-52
auto-QoS video devices 1-14
Auto-RP, described 45-7
autosensing, port speed 1-4
autostate exclude 11-6
auxiliary VLAN
availability, features 1-8
B
BackboneFast
described 20-7
disabling 20-17
enabling 20-17
support for 1-8
backup interfaces
backup links 21-2
banners
configuring
login 5-13
message-of-the-day login 5-12
default configuration 5-12
when displayed 5-11
BGP
aggregate addresses 39-65
aggregate routes, configuring 39-65
CIDR 39-65
clear commands 39-68
community filtering 39-61
configuring neighbors 39-63
default configuration 39-49
described 39-48
enabling 39-52
monitoring 39-68
multipath support 39-56
neighbors, types of 39-52
path selection 39-56
peers, configuring 39-63
prefix filtering 39-60
resetting sessions 39-55
route dampening 39-67
route maps 39-58
route reflectors 39-66
routing domain confederation 39-65
routing session with multi-VRF CE 39-90
show commands 39-68
supernets 39-65
support for 1-14
Version 4 39-48
binding database
address, 22-7
bindings
address, Cisco IOS DHCP server 22-7
DHCP snooping database 22-7
IP source guard 22-17
blocking packets 26-8
Boolean expressions in tracked lists 43-4
booting
boot loader, function of 3-2
boot process 3-2
manually 3-20
specific image 3-21
boot loader
accessing 3-22
described 3-2
environment variables 3-22
prompt 3-22
trap-door mechanism 3-2
bootstrap router (BSR), described 45-7
Border Gateway Protocol
BPDU
error-disabled state 20-3
filtering 20-3
RSTP format 19-13
BPDU filtering
described 20-3
disabling 20-15
enabling 20-15
support for 1-8
BPDU guard
described 20-3
disabling 20-14
enabling 20-14
support for 1-8
bridged packets, ACLs on 35-40
bridge groups
bridge protocol data unit
broadcast flooding 39-17
broadcast packets
directed 39-14
flooded 39-14
broadcast storm-control command 26-4
C
cables, monitoring for unidirectional links 29-1
Catalyst 6000 switches
authentication compatibility 9-9
CA trustpoint
configuring 6-54
defined 6-52
CDP
and trusted boundary 37-45
configuring 27-2
default configuration 27-2
defined with LLDP 28-1
described 27-1
disabling for routing device27-3to 27-4
enabling and disabling
on an interface 27-4
on a switch 27-3
Layer 2 protocol tunneling 17-8
monitoring 27-5
overview 27-1
support for 1-6
switch stack considerations 27-2
transmission timer and holdtime, setting 27-3
updates 27-3
CEF
defined 39-95
distributed 39-96
IPv6 40-20
CGMP
as IGMP snooping learning method 24-9
clearing cached group entries 45-66
enabling server support 45-49
joining multicast group 24-3
overview 45-9
server support only 45-9
switch support of 1-4
CIDR 39-65
CipherSuites 6-53
Cisco 7960 IP Phone 15-1
Cisco Discovery Protocol
Cisco Express Forwarding
Cisco Group Management Protocol
Cisco IOS File System
Cisco IOS IP SLAs 42-1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 9-21
attribute-value pairs for redirect URL 9-20
Cisco Secure ACS configuration guide 9-60
Cisco StackWise Plus technology 1-3
CISP 9-31
CIST regional root
CIST root
civic location 28-3
classless interdomain routing
classless routing 39-8
class maps for QoS
configuring 37-54
described 37-8
displaying 37-93
class of service
clearing interfaces 11-29
CLI
abbreviating commands 2-3
command modes 2-1
configuration logging 2-5
described 1-6
editing features
enabling and disabling 2-6
keystroke editing 2-7
wrapped lines 2-8
error messages 2-4
filtering command output 2-9
getting help 2-3
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
no and default forms of commands 2-4
Client Information Signalling Protocol
client mode, VTP 14-3
client processes, tracking 43-1
CLNS
clock
CNS
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-7
enabling configuration agent 4-9
enabling event agent 4-8
management functions 1-6
CoA Request Commands 6-24
command-line interface
command modes 2-1
commands
abbreviating 2-3
no and default 2-4
commands, setting privilege levels 6-8
common session ID
see single session ID 9-32
community list, BGP 39-62
community ports 16-2
community strings
configuring 33-8
overview 33-4
compatibility, feature 26-12
compatibility, software
config.text 3-19
configurable leave timer, IGMP 24-6
configuration, initial
defaults 1-16
Express Setup 1-3
configuration examples, network 1-20
configuration files
archiving A-21
clearing the startup configuration A-20
creating and using, guidelines for A-10
creating using a text editor A-11
default name 3-19
deleting a stored configuration A-21
described A-9
downloading
automatically 3-19
reasons for A-9
using FTP A-15
using RCP A-18
using TFTP A-12
invalid combinations when copying A-5
limiting TFTP server access 33-17
obtaining with DHCP 3-9
password recovery disable considerations 6-5
replacing and rolling back, guidelines for A-22
replacing a running configuration A-21, A-22
rolling back a running configuration A-21, A-22
specifying the filename 3-20
system contact and location information 33-16
types and location A-11
uploading
reasons for A-9
using FTP A-16
using RCP A-19
using TFTP A-13
configuration guidelines, multi-VRF CE 39-82
configuration logging 2-5
configuration replacement A-21
configuration rollback A-21
configuration settings, saving 3-17
configure terminal command 11-9
Configuring DHCP Features 22-9
configuring multicast VRFs 39-88
configuring port-based authentication violation modes 9-38
configuring small-frame arrival rate 26-5
Configuring VACL Logging 35-36
connections, secure remote 6-47
connectivity problems 48-11, 48-13, 48-14
consistency checks in VTP Version 2 14-5
console port, connecting to 2-10
content-routing technology
control protocol, IP SLAs 42-4
corrupted software, recovery steps with Xmodem 48-2
CoS
override priority 15-6
trust priority 15-6
CoS input queue threshold map for QoS 37-17
CoS output queue threshold map for QoS 37-20
CoS-to-DSCP map for QoS 37-75
counters, clearing interface 11-29
CPU utilization, troubleshooting 48-26
crashinfo file 48-22
critical authentication, IEEE 802.1x 9-53
critical VLAN 9-23
cross-stack EtherChannel
configuration guidelines 38-12
configuring
on Layer 2 interfaces 38-12
on Layer 3 physical interfaces 38-16
described 38-2
illustration 38-3
support for 1-8
cross-stack UplinkFast, STP
described 20-5
disabling 20-17
enabling 20-17
fast-convergence events 20-7
Fast Uplink Transition Protocol 20-6
normal-convergence events 20-7
support for 1-8
cryptographic software image
Kerberos 6-42
SSH 6-47
SSL 6-51
switch stack considerations 6-47, 7-2, 7-18
CT_ChapTitle
Configuring DHCP Features and IP Source Guard 22-1
customer edge devices 39-80
customizeable web pages, web-based authentication 10-6
D
DACL
daylight saving time 5-7
dCEF in the switch stack 39-95
debugging
enabling all system diagnostics 48-18
enabling for a specific feature 48-18
redirecting error message output 48-18
using commands 48-17
default commands 2-4
default configuration
802.1x 9-34
auto-QoS 37-22
banners 5-12
BGP 39-49
booting 3-19
CDP 27-2
DHCP 22-9
DHCP option 82 22-9
DHCP snooping 22-9
DHCP snooping binding database 22-10
DNS 5-10
dynamic ARP inspection 23-5
EIGRP 39-40
EtherChannel 38-10
Ethernet interfaces 11-18
fallback bridging 47-4
Flex Links 21-8
HSRP 41-6
IEEE 802.1Q tunneling 17-4
IGMP 45-43
IGMP filtering 24-25
IGMP snooping 24-7, 25-6, 25-7
IGMP throttling 24-25
initial switch information 3-3
IP addressing, IP routing 39-6
IP multicast routing 45-11
IP SLAs 42-6
IP source guard 22-19
IPv6 40-11
IS-IS 39-71
Layer 2 interfaces 11-18
Layer 2 protocol tunneling 17-11
LLDP 28-4
MAC address table 5-15
MAC address-table move update 21-8
MSDP 46-4
MSTP 19-15
multi-VRF CE 39-82
MVR 24-20
optional spanning-tree configuration 20-12
OSPF 39-28
password and privilege level 6-2
PIM 45-11
private VLANs 16-7
RADIUS 6-28
RIP 39-21
RMON 31-3
RSPAN 30-12
SDM template 8-4
SNMP 33-6
SPAN 30-12
SSL 6-54
standard QoS 37-36
STP 18-13
switch stacks 7-21
system message logging 32-4
system name and prompt 5-9
TACACS+ 6-13
UDLD 29-4
VLAN, Layer 2 Ethernet interfaces 13-18
VLANs 13-8
VMPS 13-28
voice VLAN 15-3
VTP 14-8
WCCP 44-6
default networks 39-99
default router preference
default routes 39-98
default routing 39-3
default web-based authentication configuration
802.1X 10-9
deleting VLANs 13-9
denial-of-service attack 26-2
description command 11-23
designing your network, examples 1-20
desktop template 7-11
destination addresses
in IPv4 ACLs 35-12
destination-IP address-based forwarding, EtherChannel 38-8
destination-MAC address forwarding, EtherChannel 38-8
detecting indirect link failures, STP 20-8
device discovery protocol 27-1, 28-1
device manager
benefits 1-3
in-band management 1-7
DHCP
Cisco IOS server database
configuring 22-15
default configuration 22-10
described 22-7
DHCP for IPv6
enabling
relay agent 22-12
server 22-11
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-4
DNS 3-8
relay device 3-8
server side 3-7
server-side 22-11
TFTP server 3-8
example 3-10
lease options
for IP address information 3-7
for receiving the configuration file 3-7
overview 3-4
relationship to BOOTP 3-4
support for 1-6
DHCP-based autoconfiguration and image update
DHCP option 82
configuration guidelines 22-10
default configuration 22-9
displaying 22-17
forwarding address, specifying 22-12
helper address 22-12
packet format, suboption
circuit ID 22-6
remote ID 22-6
DHCP server port-based address allocation
configuration guidelines 22-28
default configuration 22-28
described 22-27
displaying 22-31
enabling 22-28
reserved addresses 22-29
DHCP snooping
accepting untrusted packets form edge switch 22-3, 22-14
and private VLANs 22-15
binding database
See DHCP snooping binding database 22-7
configuration guidelines 22-10
default configuration 22-9
displaying binding tables 22-17
message exchange process 22-4
option 82 data insertion 22-4
trusted interface 22-3
untrusted interface 22-3
untrusted messages 22-3
DHCP snooping binding database
adding bindings 22-16
binding entries, displaying 22-17
binding file
format 22-8
location 22-7
bindings 22-7
clearing agent statistics 22-16
configuration guidelines 22-11
configuring 22-16
default configuration 22-9, 22-10
deleting
binding file 22-16
bindings 22-17
database agent 22-16
described 22-7
displaying 22-17
binding entries 22-17
status and statistics 22-17
displaying status and statistics 22-17
enabling 22-16
entry 22-7
renewing database 22-16
resetting
delay value 22-16
timeout value 22-16
DHCP snooping binding table
See DHCP snooping binding database 22-2
DHCPv6
configuration guidelines 40-16
default configuration 40-16
described 40-6
enabling client function 40-19
enabling DHCPv6 server function 40-17
diagnostic schedule command 49-2
Differentiated Services architecture, QoS 37-2
Differentiated Services Code Point 37-2
Diffusing Update Algorithm (DUAL) 39-38
directed unicast requests 1-6
directories
changing A-4
creating and removing A-4
displaying the working A-4
Distance Vector Multicast Routing Protocol
distance-vector protocols 39-3
distribute-list command 39-107
DNS
and DHCP-based autoconfiguration 3-8
default configuration 5-10
displaying the configuration 5-11
in IPv6 40-4
overview 5-9
setting up 5-10
support for 1-6
domain names
DNS 5-9
VTP 14-9
Domain Name System
domains, ISO IGRP routing 39-69
dot1q-tunnel switchport mode 13-17
double-tagged packets
IEEE 802.1Q tunneling 17-2
Layer 2 protocol tunneling 17-10
downloadable ACL 9-19, 9-21, 9-60
downloading
configuration files
reasons for A-9
using FTP A-15
using RCP A-18
using TFTP A-12
image files
deleting old image A-30
reasons for A-25
using CMS 1-3
using FTP A-32
using RCP A-37
using TFTP A-28
using the device manager or Network Assistant A-25
drop threshold for Layer 2 protocol packets 17-11
DRP
configuring 40-14
described 40-5
IPv6 40-5
DSCP input queue threshold map for QoS 37-17
DSCP output queue threshold map for QoS 37-20
DSCP-to-CoS map for QoS 37-78
DSCP-to-DSCP-mutation map for QoS 37-79
DSCP transparency 37-46
dual-action detection 38-6
DUAL finite state machine, EIGRP 39-40
dual IPv4 and IPv6 templates 8-2, 40-6
dual protocol stacks
IPv4 and IPv6 40-6
SDM templates supporting 40-6
DVMRP
autosummarization
configuring a summary address 45-63
disabling 45-65
connecting PIM domain to DVMRP router 45-55
enabling unicast routing 45-59
interoperability
with Cisco devices 45-53
with Cisco IOS software 45-9
mrinfo requests, responding to 45-58
neighbors
advertising the default route to 45-57
discovery with Probe messages 45-53
displaying information 45-58
prevent peering with nonpruning 45-61
rejecting nonpruning 45-60
overview 45-9
routes
adding a metric offset 45-65
advertising all 45-65
advertising the default route to neighbors 45-57
caching DVMRP routes learned in report messages 45-59
changing the threshold for syslog messages 45-62
deleting 45-66
displaying 45-67
favoring one over another 45-65
limiting the number injected into MBONE 45-62
limiting unicast route advertisements 45-53
routing table 45-9
source distribution tree, building 45-9
support for 1-15
tunnels
configuring 45-55
displaying neighbor information 45-58
dynamic access ports
characteristics 13-3
configuring 13-29
defined 11-3
dynamic addresses
dynamic ARP inspection
ARP cache poisoning 23-1
ARP requests, described 23-1
ARP spoofing attack 23-1
clearing
log buffer 23-15
statistics 23-15
configuration guidelines 23-6
configuring
ACLs for non-DHCP environments 23-8
in DHCP environments 23-7
log buffer 23-13
rate limit for incoming ARP packets 23-4, 23-10
default configuration 23-5
denial-of-service attacks, preventing 23-10
described 23-1
DHCP snooping binding database 23-2
displaying
ARP ACLs 23-14
configuration and operating state 23-14
log buffer 23-15
statistics 23-15
trust state and rate limit 23-14
error-disabled state for exceeding rate limit 23-4
function of 23-2
interface trust states 23-3
log buffer
clearing 23-15
configuring 23-13
displaying 23-15
logging of dropped packets, described 23-5
man-in-the middle attack, described 23-2
network security issues and interface trust states 23-3
priority of ARP ACLs and DHCP snooping entries 23-4
rate limiting of ARP packets
configuring 23-10
described 23-4
error-disabled state 23-4
statistics
clearing 23-15
displaying 23-15
validation checks, performing 23-12
dynamic auto trunking mode 13-17
dynamic desirable trunking mode 13-17
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 13-27
reconfirming 13-30
troubleshooting 13-32
types of connections 13-29
dynamic routing 39-3
ISO CLNS 39-69
Dynamic Trunking Protocol
E
EBGP 39-47
editing features
enabling and disabling 2-6
keystrokes used 2-7
wrapped lines 2-8
EEM 3.2 34-5
EIGRP
authentication 39-45
components 39-40
configuring 39-43
default configuration 39-40
definition 39-38
interface parameters, configuring 39-44
monitoring 39-46
stub routing 39-46
support for 1-14
elections
ELIN location 28-3
embedded event manager
3.2 34-5
actions 34-4
displaying information 34-8
environmental variables 34-5
event detectors 34-3
policies 34-4
registering and defining an applet 34-6
registering and defining a TCL script 34-7
understanding 34-1
enable password 6-3
enable secret password 6-3
encryption, CipherSuite 6-53
encryption for passwords 6-3
Enhanced IGRP
enhanced object tracking
defined 43-1
HSRP 43-7
IP routing state 43-2
IP SLAs 43-9
line-protocol state 43-2
tracked lists 43-3
environmental variables, embedded event manager 34-5
environment variables, function of 3-23
equal-cost routing 1-14, 39-97
error-disabled state, BPDU 20-3
error messages during command entry 2-4
EtherChannel
automatic creation of 38-5, 38-6
channel groups
binding physical and logical interfaces 38-4
numbering of 38-4
configuration guidelines 38-11
configuring
Layer 2 interfaces 38-12
Layer 3 physical interfaces 38-16
Layer 3 port-channel logical interfaces 38-15
default configuration 38-10
described 38-2
displaying status 38-23
forwarding methods 38-8, 38-18
IEEE 802.3ad, described 38-6
interaction
with STP 38-11
with VLANs 38-12
LACP
described 38-6
displaying status 38-23
hot-standby ports 38-20
interaction with other features 38-7
modes 38-7
port priority 38-22
system priority 38-21
Layer 3 interface 39-5
logical interfaces, described 38-4
PAgP
aggregate-port learners 38-19
compatibility with Catalyst 1900 38-19
described 38-5
displaying status 38-23
interaction with other features 38-6
interaction with virtual switches 38-6
learn method and priority configuration 38-19
modes 38-5
support for 1-4
with dual-action detection 38-6
port-channel interfaces
described 38-4
numbering of 38-4
port groups 11-6
stack changes, effects of 38-9
support for 1-4
EtherChannel guard
described 20-10
disabling 20-18
enabling 20-17
Ethernet management port
and switch stacks 11-14
supported features 11-16
Ethernet management port, internal
active link 11-14
and management module 11-13
and routing 11-15
and switch stacks 11-14
and TFTP 11-17
configuring 11-17
default setting 11-15
described 11-13
IP address 11-13
Layer 3 routing guidelines 11-16
unsupported features 11-16
Ethernet VLANs
adding 13-8
defaults and ranges 13-8
modifying 13-8
EUI 40-4
event detectors, embedded event manager 34-3
events, RMON 31-4
examples
network configuration 1-20
expedite queue for QoS 37-92
Express Setup 1-3
See also getting started guide
extended crashinfo file 48-22
extended-range VLANs
configuration guidelines 13-11
configuring 13-11
creating 13-12
creating with an internal VLAN ID 13-14
defined 13-1
extended system ID
MSTP 19-18
extended universal identifier
Extensible Authentication Protocol over LAN 9-2
external BGP
external neighbors, BGP 39-52
F
Fa0 port
See Ethernet management port, internal
failover support 1-8
fallback bridging
and protected ports 47-4
bridge groups
creating 47-4
described 47-2
displaying 47-11
function of 47-2
number supported 47-5
removing 47-5
bridge table
clearing 47-11
displaying 47-11
configuration guidelines 47-4
connecting interfaces with 11-8
default configuration 47-4
described 47-1
frame forwarding
flooding packets 47-2
forwarding packets 47-2
overview 47-1
protocol, unsupported 47-4
stack changes, effects of 47-3
STP
disabling on an interface 47-10
forward-delay interval 47-9
hello BPDU interval 47-9
interface priority 47-7
keepalive messages 18-2
maximum-idle interval 47-10
path cost 47-8
VLAN-bridge spanning-tree priority 47-6
VLAN-bridge STP 47-2
support for 1-14
SVIs and routed ports 47-1
unsupported protocols 47-4
VLAN-bridge STP 18-12
Fast Convergence 21-3
fastethernet0 port
See Ethernet management port, internal
Fast Uplink Transition Protocol 20-6
features, incompatible 26-12
FIB 39-95
fiber-optic, detecting unidirectional links 29-1
files
basic crashinfo
description 48-22
location 48-22
copying A-5
crashinfo, description 48-22
deleting A-5
displaying the contents of A-8
extended crashinfo
description 48-22
location 48-22
tar
creating A-7
displaying the contents of A-7
extracting A-8
image file format A-26
file system
displaying available file systems A-2
displaying file information A-3
local file system names A-1
network file system names A-5
setting the default A-3
filtering
in a VLAN 35-30
non-IP traffic 35-28
show and more command output 2-9
filtering show and more command output 2-9
filters, IP
flash device, number of A-1
flexible authentication ordering
configuring 9-63
overview 9-29
Flex Link Multicast Fast Convergence 21-3
Flex Links
configuration guidelines 21-8
configuring 21-9
configuring preferred VLAN 21-12
configuring VLAN load balancing 21-11
default configuration 21-8
description 21-2
link load balancing 21-3
monitoring 21-14
VLANs 21-3
flooded traffic, blocking 26-8
flow-based packet classification 1-13
flowcharts
QoS classification 37-7
QoS egress queueing and scheduling 37-18
QoS ingress queueing and scheduling 37-16
QoS policing and marking 37-11
flowcontrol
configuring 11-21
described 11-21
forward-delay time
MSTP 19-24
STP 18-23
Forwarding Information Base
forwarding nonroutable protocols 47-1
FTP
configuration files
downloading A-15
overview A-14
preparing the server A-14
uploading A-16
image files
deleting old image A-34
downloading A-32
preparing the server A-31
uploading A-34
G
general query 21-5
Generating IGMP Reports 21-4
get-bulk-request operation 33-3
get-next-request operation 33-3, 33-4
get-request operation 33-3, 33-4
get-response operation 33-3
global configuration mode 2-2
global leave, IGMP 24-13
guest VLAN and IEEE 802.1x 9-21
guide mode 1-3
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces 11-24
hello time
MSTP 19-24
STP 18-22
help, for the command line 2-3
hierarchical policy maps 37-9
configuration guidelines 37-39
configuring 37-64
described 37-12
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 32-10
host ports
configuring 16-12
kinds of 16-2
hosts, limit on dynamic ports 13-32
Hot Standby Router Protocol
HP OpenView 1-6
HSRP
authentication string 41-11
command-switch redundancy 1-2, 1-8
configuring 41-5
default configuration 41-6
definition 41-1
guidelines 41-6
monitoring 41-12
object tracking 43-7
overview 41-1
priority 41-8
routing redundancy 1-14
support for ICMP redirect messages 41-12
switch stack considerations 41-5
timers 41-11
tracking 41-8
HSRP for IPv6
configuring 40-26
guidelines 40-25
HTTP over SSL
HTTPS
configuring 6-56
described 6-52
self-signed certificate 6-52
HTTP secure server 6-52
I
IBPG 39-47
ICMP
IPv6 40-4
redirect messages 39-12
support for 1-15
time-exceeded messages 48-15
traceroute and 48-15
unreachable messages 35-20
unreachable messages and IPv6 36-4
unreachables and ACLs 35-22
ICMP Echo operation
configuring 42-12
IP SLAs 42-11
ICMP ping
executing 48-12
overview 48-12
ICMP Router Discovery Protocol
ICMPv6 40-4
IDS appliances
and ingress RSPAN 30-24
and ingress SPAN 30-16
IEEE 802.1D
IEEE 802.1p 15-1
IEEE 802.1Q
and trunk ports 11-3
configuration limitations 13-17
encapsulation 13-15
native VLAN for untagged traffic 13-22
tunneling
compatibility with other features 17-6
defaults 17-4
described 17-1
tunnel ports with other features 17-6
IEEE 802.1s
IEEE 802.1w
IEEE 802.1x
IEEE 802.3ad
IEEE 802.3x flow control 11-21
ifIndex values, SNMP 33-5
IFS 1-7
IGMP
configurable leave timer
described 24-6
enabling 24-12
configuring the switch
as a member of a group 45-43
statically connected member 45-48
controlling access to groups 45-44
default configuration 45-43
deleting cache entries 45-67
displaying groups 45-67
fast switching 45-48
flooded multicast traffic
controlling the length of time 24-13
disabling on an interface 24-14
global leave 24-13
query solicitation 24-13
recovering from flood mode 24-13
host-query interval, modifying 45-46
joining multicast group 24-3
join messages 24-3
leave processing, enabling 24-11, 25-9
leaving multicast group 24-5
multicast reachability 45-43
overview 45-3
queries 24-4
report suppression
described 24-6
supported versions 24-3
support for 1-4
Version 1
changing to Version 2 45-45
described 45-3
Version 2
changing to Version 1 45-45
described 45-3
maximum query response time value 45-47
pruning groups 45-47
query timeout value 45-47
IGMP filtering
configuring 24-25
default configuration 24-25
described 24-24
monitoring 24-29
support for 1-5
IGMP groups
configuring filtering 24-28
setting the maximum number 24-27
IGMP helper 45-6
IGMP Immediate Leave
configuration guidelines 24-12
described 24-6
enabling 24-11
IGMP profile
applying 24-27
configuration mode 24-25
configuring 24-26
IGMP snooping
and address aliasing 24-2
and stack changes 24-7
configuring 24-7
default configuration 24-7, 25-6, 25-7
definition 24-2
enabling and disabling 24-8, 25-7
global configuration 24-8
Immediate Leave 24-6
in the switch stack 24-7
method 24-9
querier
configuration guidelines 24-15
configuring 24-15
supported versions 24-3
support for 1-5
VLAN configuration 24-8
IGMP throttling
configuring 24-28
default configuration 24-25
described 24-25
displaying action 24-29
IGP 39-26
Immediate Leave, IGMP
described 24-6
enabling 25-9
inaccessible authentication bypass 9-23
support for multiauth ports 9-24
initial configuration
defaults 1-16
Express Setup 1-3
interface
number 11-8
range macros 11-12
interface configuration mode 2-2
interfaces
auto-MDIX, configuring 11-22
configuring
procedure 11-9
counters, clearing 11-29
default configuration 11-18
described 11-23
descriptive name, adding 11-23
displaying information about 11-28
duplex and speed configuration guidelines 11-19
flow control 11-21
management 1-5
monitoring 11-28
naming 11-23
physical, identifying 11-8
range of 11-10
restarting 11-29
shutting down 11-29
speed and duplex, configuring 11-20
status 11-28
supported 11-8
types of 11-1
interfaces range macro command 11-12
interface types 11-8
Interior Gateway Protocol
internal BGP
internal neighbors, BGP 39-52
Internet Control Message Protocol
Internet Group Management Protocol
Internet Protocol version 6
Intrusion Detection System
inventory management TLV 28-3, 28-7
IP ACLs
for QoS classification 37-8
implicit masks 35-10
named 35-15
undefined 35-21
IP addresses
128-bit 40-2
classes of 39-7
default configuration 39-6
discovering 5-24
for IP routing 39-5
IPv6 40-2
MAC address association 39-9
monitoring 39-18
IP base feature set 1-2
IP broadcast address 39-16
ip cef distributed command 39-96
IP directed broadcasts 39-15
ip igmp profile command 24-25
IP information
assigned
manually 3-15
through DHCP-based autoconfiguration 3-4
default configuration 3-3
IP multicast routing
addresses
all-hosts 45-3
all-multicast-routers 45-3
host group address range 45-3
administratively-scoped boundaries, described 45-51
and IGMP snooping 24-2
Auto-RP
adding to an existing sparse-mode cloud 45-30
benefits of 45-30
clearing the cache 45-67
configuration guidelines 45-12
filtering incoming RP announcement messages 45-33
overview 45-7
preventing candidate RP spoofing 45-33
preventing join messages to false RPs 45-32
setting up in a new internetwork 45-30
using with BSR 45-38
bootstrap router
configuration guidelines 45-12
configuring candidate BSRs 45-36
configuring candidate RPs 45-37
defining the IP multicast boundary 45-35
defining the PIM domain border 45-34
overview 45-7
using with Auto-RP 45-38
Cisco implementation 45-2
configuring
basic multicast routing 45-13
IP multicast boundary 45-51
default configuration 45-11
enabling
multicast forwarding 45-13
PIM mode 45-14
group-to-RP mappings
Auto-RP 45-7
BSR 45-7
MBONE
deleting sdr cache entries 45-67
described 45-50
displaying sdr cache 45-68
enabling sdr listener support 45-50
limiting DVMRP routes advertised 45-62
limiting sdr cache entry lifetime 45-50
SAP packets for conference session announcement 45-50
Session Directory (sdr) tool, described 45-50
monitoring
packet rate loss 45-68
peering devices 45-68
tracing a path 45-68
multicast forwarding, described 45-8
PIMv1 and PIMv2 interoperability 45-12
protocol interaction 45-2
reverse path check (RPF) 45-8
routing table
deleting 45-67
displaying 45-67
RP
assigning manually 45-28
configuring Auto-RP 45-30
configuring PIMv2 BSR 45-34
monitoring mapping information 45-39
using Auto-RP and BSR 45-38
stacking
stack master functions 45-10
stack member functions 45-10
statistics, displaying system and network 45-67
IP phones
and QoS 15-1
automatic classification and queueing 37-21
configuring 15-4
ensuring port security with QoS 37-44
trusted boundary for QoS 37-44
IP Port Security for Static Hosts
on a Layer 2 access port 22-22
on a PVLAN host port 22-25
IP precedence 37-2
IP-precedence-to-DSCP map for QoS 37-76
IP protocols
in ACLs 35-12
routing 1-14
IP protocols in ACLs 35-12
IP routes, monitoring 39-111
IP routing
connecting interfaces with 11-8
disabling 39-19
enabling 39-19
IP Service Level Agreements
IP service levels, analyzing 42-1
IP services feature set 1-2
IP SLAs
benefits 42-2
configuration guidelines 42-6
configuring object tracking 43-9
Control Protocol 42-4
default configuration 42-6
definition 42-1
ICMP echo operation 42-11
measuring network performance 42-3
monitoring 42-13
multioperations scheduling 42-5
object tracking 43-9
operation 42-3
reachability tracking 43-9
responder
described 42-4
enabling 42-7
response time 42-4
scheduling 42-5
SNMP support 42-2
supported metrics 42-2
threshold monitoring 42-6
track state 43-9
UDP jitter operation 42-8
IP source guard
and DHCP snooping 22-17
and EtherChannels 22-20
and IEEE 802.1x 22-20
and port security 22-20
and private VLANs 22-20
and routed ports 22-19
and TCAM entries 22-20
and trunk interfaces 22-20
and VRF 22-20
binding configuration
automatic 22-17
manual 22-17
binding table 22-17
configuration guidelines 22-19
default configuration 22-19
described 22-17
disabling 22-21
displaying
bindings 22-27
configuration 22-27
filtering
source IP address 22-18
source IP and MAC address 22-18
source IP address filtering 22-18
source IP and MAC address filtering 22-18
static bindings
deleting 22-21
static hosts 22-22
IP traceroute
executing 48-15
overview 48-15
IP unicast routing
address resolution 39-9
administrative distances 39-98, 39-108
ARP 39-10
assigning IP addresses to Layer 3 interfaces 39-7
authentication keys 39-109
broadcast
address 39-16
flooding 39-17
packets 39-14
storms 39-14
classless routing 39-8
configuring static routes 39-97
default
addressing configuration 39-6
gateways 39-12
networks 39-99
routes 39-98
routing 39-3
directed broadcasts 39-15
disabling 39-19
dynamic routing 39-3
enabling 39-19
EtherChannel Layer 3 interface 39-5
IGP 39-26
inter-VLAN 39-2
IP addressing
classes 39-7
configuring 39-5
IPv6 40-3
IRDP 39-13
Layer 3 interfaces 39-5
MAC address and IP address 39-9
passive interfaces 39-107
protocols
distance-vector 39-3
dynamic 39-3
link-state 39-3
proxy ARP 39-10
redistribution 39-99
reverse address resolution 39-9
routed ports 39-5
static routing 39-3
steps to configure 39-5
subnet mask 39-7
subnet zero 39-7
supernet 39-8
UDP 39-16
unicast reverse path forwarding 1-15
with SVIs 39-5
IPv4 ACLs
applying to interfaces 35-20
extended, creating 35-11
named 35-15
standard, creating 35-10
IPv6
ACLs
displaying 36-9
limitations 36-2
matching criteria 36-3
port 36-1
precedence 36-2
router 36-1
supported 36-2
addresses 40-2
address formats 40-2
and switch stacks 40-10
applications 40-5
assigning address 40-12
autoconfiguration 40-5
CEFv6 40-20
configuring static routes 40-21
default configuration 40-11
default router preference (DRP) 40-5
defined 40-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 40-7
EIGRP IPv6 Commands 40-8
Router ID 40-7
feature limitations 40-9
features not supported 40-9
forwarding 40-12
ICMP 40-4
monitoring 40-28
neighbor discovery 40-4
OSPF 40-7
path MTU discovery 40-4
stack master functions 40-10
supported features 40-3
switch limitations 40-9
understanding static routes 40-7
IPv6 traffic, filtering 36-3
IRDP
configuring 39-13
definition 39-13
support for 1-15
IS-IS
addresses 39-69
area routing 39-69
default configuration 39-71
monitoring 39-79
show commands 39-79
system routing 39-69
ISO CLNS
clear commands 39-79
dynamic routing protocols 39-69
monitoring 39-79
NETs 39-69
NSAPs 39-69
OSI standard 39-69
ISO IGRP
area routing 39-69
system routing 39-69
isolated port 16-2
J
join messages, IGMP 24-3
K
KDC
described 6-42
keepalive messages 18-2
Kerberos
authenticating to
boundary switch 6-44
KDC 6-44
network services 6-45
configuration examples 6-42
configuring 6-45
credentials 6-42
cryptographic software image 6-42
described 6-42
KDC 6-42
operation 6-44
realm 6-43
server 6-43
support for 1-12
switch as trusted third party 6-42
terms 6-43
TGT 6-44
tickets 6-42
key distribution center
L
l2protocol-tunnel command 17-13
LACP
Layer 2 protocol tunneling 17-9
Layer 2 frames, classification with CoS 37-2
Layer 2 interfaces, default configuration 11-18
Layer 2 protocol tunneling
configuring 17-10
configuring for EtherChannels 17-14
default configuration 17-11
defined 17-8
guidelines 17-12
Layer 2 traceroute
and ARP 48-14
and CDP 48-13
broadcast traffic 48-13
described 48-13
IP addresses and subnets 48-14
MAC addresses and VLANs 48-14
multicast traffic 48-14
multiple devices on a port 48-14
unicast traffic 48-13
usage guidelines 48-13
Layer 3 features 1-14
Layer 3 interfaces
assigning IP addresses to 39-7
assigning IPv4 and IPv6 addresses to 40-15
assigning IPv6 addresses to 40-13
changing from Layer 2 mode 39-7, 39-86
types of 39-5
Layer 3 packets, classification methods 37-2
LDAP 4-2
Leaking IGMP Reports 21-4
LEDs, switch
See hardware installation guide
Lightweight Directory Access Protocol
line configuration mode 2-2
Link Aggregation Control Protocol
Link Failure, detecting unidirectional 19-8
Link Layer Discovery Protocol
link local unicast addresses 40-4
link redundancy
links, unidirectional 29-1
link state advertisements (LSAs) 39-33
link-state protocols 39-3
link-state tracking
configuring 38-25
described 38-23
LLDP
configuring 28-4
characteristics 28-6
default configuration 28-4
enabling 28-5
monitoring and maintaining 28-11
overview 28-1
supported TLVs 28-2
switch stack considerations 28-2
transmission timer and holdtime, setting 28-6
LLDP-MED
configuring
procedures 28-4
TLVs 28-7
monitoring and maintaining 28-11
supported TLVs 28-2
LLDP Media Endpoint Discovery
load balancing 41-4
local SPAN 30-2
logging messages, ACL 35-9
login authentication
with RADIUS 6-31
with TACACS+ 6-14
login banners 5-11
log messages
Long-Reach Ethernet (LRE) technology 1-21
loop guard
described 20-11
enabling 20-19
support for 1-8
M
MAC/PHY configuration status TLV 28-2
MAC addresses
aging time 5-16
and VLAN association 5-14
building the address table 5-14
default configuration 5-15
disabling learning on a VLAN 5-23
discovering 5-24
displaying 5-24
displaying in the IP source binding table 22-27
dynamic
learning 5-14
removing 5-16
in ACLs 35-28
IP address association 39-9
manually assigning IP address 3-16
static
adding 5-21
characteristics of 5-20
dropping 5-22
removing 5-21
MAC address learning 1-6
MAC address learning, disabling on a VLAN 5-23
MAC address notification, support for 1-16
MAC address-table move update
configuration guidelines 21-8
configuring 21-12
default configuration 21-8
description 21-6
monitoring 21-14
MAC address-to-VLAN mapping 13-27
MAC authentication bypass 9-16
MAC extended access lists
applying to Layer 2 interfaces 35-29
configuring for QoS 37-53
creating 35-28
defined 35-28
for QoS classification 37-5
macros
magic packet 9-26
manageability features 1-6
management access
in-band
browser session 1-7
CLI session 1-7
device manager 1-7
SNMP 1-7
out-of-band console port connection 1-7
management address TLV 28-2
management options
CLI 2-1
CNS 4-1
Network Assistant 1-3
overview 1-5
switch stacks 1-3
mapping tables for QoS
configuring
CoS-to-DSCP 37-75
DSCP 37-75
DSCP-to-CoS 37-78
DSCP-to-DSCP-mutation 37-79
IP-precedence-to-DSCP 37-76
policed-DSCP 37-77
described 37-13
marking
action in policy map 37-59
action with aggregate policers 37-72
matching IPv4 ACLs 35-8
maximum aging time
MSTP 19-25
STP 18-23
maximum hop count, MSTP 19-25
maximum number of allowed devices, port-based authentication 9-37
maximum-paths command 39-56, 39-97
MDA
configuration guidelines9-29to 9-30
exceptions with authentication process 9-4
membership mode, VLAN port 13-3
messages, to users through banners 5-11
metrics, in BGP 39-56
metric translations, between routing protocols 39-102
metro tags 17-2
MHSRP 41-4
MIBs
overview 33-1
SNMP interaction with 33-4
mirroring traffic for analysis 30-1
mismatches, autonegotiation 48-10
module number 11-8
monitoring
access groups 35-42
BGP 39-68
cables for unidirectional links 29-1
CDP 27-5
CEF 39-96
EIGRP 39-46
fallback bridging 47-11
features 1-15
Flex Links 21-14
HSRP 41-12
IEEE 802.1Q tunneling 17-18
IGMP
filters 24-29
interfaces 11-28
IP
address tables 39-18
multicast routing 45-66
routes 39-111
IP SLAs operations 42-13
IPv4 ACL configuration 35-42
IPv6 40-28
IPv6 ACL configuration 36-9
IS-IS 39-79
ISO CLNS 39-79
Layer 2 protocol tunneling 17-18
MAC address-table move update 21-14
MSDP peers 46-19
multicast router interfaces 24-17, 25-12
multi-VRF CE 39-94
MVR 24-24
network traffic for analysis with probe 30-2
object tracking 43-10
OSPF 39-38
port
blocking 26-23
protection 26-23
private VLANs 16-15
RP mapping information 45-39
source-active messages 46-19
speed and duplex mode 11-20
traffic flowing among switches 31-2
traffic suppression 26-23
tunneling 17-18
VLAN
filters 35-43
maps 35-43
VLANs 13-15
VMPS 13-31
VTP 14-18
mrouter Port 21-3
mrouter port 21-5
MSDP
benefits of 46-3
clearing MSDP connections and statistics 46-19
controlling source information
forwarded by switch 46-12
originated by switch 46-8
received by switch 46-15
default configuration 46-4
dense-mode regions
sending SA messages to 46-17
specifying the originating address 46-18
filtering
incoming SA messages 46-15
SA messages to a peer 46-12
SA requests from a peer 46-10
join latency, defined 46-6
meshed groups
configuring 46-16
defined 46-16
originating address, changing 46-18
overview 46-1
peer-RPF flooding 46-2
peers
configuring a default 46-4
monitoring 46-19
peering relationship, overview 46-1
requesting source information from 46-8
shutting down 46-17
source-active messages
caching 46-6
clearing cache entries 46-19
defined 46-2
filtering from a peer 46-10
filtering incoming 46-15
filtering to a peer 46-12
limiting data with TTL 46-13
monitoring 46-19
restricting advertised sources 46-9
support for 1-15
MSTP
boundary ports
configuration guidelines 19-16
described 19-6
BPDU filtering
described 20-3
enabling 20-15
BPDU guard
described 20-3
enabling 20-14
CIST, described 19-3
CIST root 19-5
configuration guidelines 19-16, 20-12
configuring
forward-delay time 19-24
hello time 19-24
link type for rapid convergence 19-26
maximum aging time 19-25
maximum hop count 19-25
MST region 19-17
neighbor type 19-26
path cost 19-22
port priority 19-20
root switch 19-18
secondary root switch 19-19
switch priority 19-23
CST
defined 19-3
operations between regions 19-4
default configuration 19-15
default optional feature configuration 20-12
displaying status 19-28
enabling the mode 19-17
EtherChannel guard
described 20-10
enabling 20-17
extended system ID
effects on root switch 19-18
effects on secondary root switch 19-19
unexpected behavior 19-18
IEEE 802.1s
implementation 19-6
port role naming change 19-7
terminology 19-5
instances supported 18-10
interface state, blocking to forwarding 20-2
interoperability and compatibility among modes 18-11
interoperability with IEEE 802.1D
described 19-9
restarting migration process 19-27
IST
defined 19-3
master 19-3
operations within a region 19-3
loop guard
described 20-11
enabling 20-19
mapping VLANs to MST instance 19-17
MST region
CIST 19-3
configuring 19-17
described 19-2
hop-count mechanism 19-5
IST 19-3
supported spanning-tree instances 19-2
optional features supported 1-8
overview 19-2
Port Fast
described 20-2
enabling 20-13
preventing root switch selection 20-10
root guard
described 20-10
enabling 20-18
root switch
configuring 19-18
effects of extended system ID 19-18
unexpected behavior 19-18
shutdown Port Fast-enabled port 20-3
stack changes, effects of 19-8
status, displaying 19-28
MTU
system 11-26
system jumbo 11-26
system routing 11-26
multiauth
support for inaccessible authentication bypass 9-24
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 24-6
joining 24-3
leaving 24-5
multicast packets
ACLs on 35-41
blocking 26-8
multicast router interfaces, monitoring 24-17, 25-12
multicast router ports, adding 24-10, 25-9
Multicast Source Discovery Protocol
multicast storm 26-2
multicast storm-control command 26-4
multicast television application 24-19
multicast VLAN 24-18
Multicast VLAN Registration
multidomain authentication
multioperations scheduling, IP SLAs 42-5
multiple authentication 9-13
Multiple HSRP
multiple VPN routing/forwarding in customer edge devices
multi-VRF CE
configuration example 39-90
configuration guidelines 39-82
configuring 39-82
default configuration 39-82
defined 39-80
displaying 39-94
monitoring 39-94
network components 39-82
packet-forwarding process 39-81
support for 1-14
MVR
and address aliasing 24-21
and IGMPv3 24-21
configuration guidelines 24-21
configuring interfaces 24-22
default configuration 24-20
described 24-18
example application 24-19
in the switch stack 24-20
modes 24-22
monitoring 24-24
multicast television application 24-19
setting global parameters 24-21
support for 1-5
N
NAC
AAA down policy 1-12
critical authentication 9-23, 9-53
IEEE 802.1x authentication using a RADIUS server 9-58
IEEE 802.1x validation using RADIUS server 9-58
inaccessible authentication bypass 1-12, 9-53
Layer 2 IEEE 802.1x validation 1-11, 9-58
Layer 2 IP validation 1-11
named IPv4 ACLs 35-15
named IPv6 ACLs 36-2
NameSpace Mapper
native VLAN
and IEEE 802.1Q tunneling 17-4
configuring 13-22
default 13-22
NEAT
configuring 9-59
overview 9-31
neighbor discovery, IPv6 40-4
neighbor discovery/recovery, EIGRP 39-40
neighbors, BGP 39-63
Network Admission Control
Network Assistant
benefits 1-3
described 1-5
downloading image files 1-3
guide mode 1-3
management options 1-3
managing switch stacks 7-2, 7-18
upgrading a switch A-25
wizards 1-3
network configuration examples
data center 1-22
expanded data center 1-22
increasing network performance 1-20
providing network services 1-21
small to medium-sized network 1-23
network design
performance 1-20
services 1-21
Network Edge Access Topology
network management
CDP 27-1
RMON 31-1
SNMP 33-1
network performance, measuring with IP SLAs 42-3
Network Time Protocol
no commands 2-4
nonhierarchical policy maps
configuration guidelines 37-39
configuring 37-59
described 37-10
non-IP traffic filtering 35-28
nontrunking mode 13-17
normal-range VLANs 13-4
configuration guidelines 13-6
configuring 13-4
defined 13-1
no switchport command 11-4
not-so-stubby areas
NSAPs, as ISO IGRP addresses 39-69
NSF Awareness
IS-IS 39-72
NSM 4-3
NSSA, OSPF 39-33
NTP
associations
defined 5-2
overview 5-2
stratum 5-2
support for 1-7
time
services 5-2
synchronizing 5-2
O
OBFL
configuring 48-24
described 48-24
displaying 48-25
object tracking
HSRP 43-7
IP SLAs 43-9
IP SLAs, configuring 43-9
monitoring 43-10
offline configuration for switch stacks 7-9
off mode, VTP 14-3
on-board failure logging
online diagnostics
described 49-1
overview 49-1
running tests 49-5
open1x
configuring 9-64
open1x authentication
overview 9-29
Open Shortest Path First
optimizing system resources 8-1
options, management 1-5
OSPF
area parameters, configuring 39-33
configuring 39-31
default configuration
metrics 39-35
route 39-35
settings 39-28
described 39-25
for IPv6 40-7
interface parameters, configuring 39-32
LSA group pacing 39-36
monitoring 39-38
router IDs 39-37
route summarization 39-35
support for 1-14
virtual links 39-35
out-of-profile markdown 1-13
P
packet modification, with QoS 37-20
PAgP
Layer 2 protocol tunneling 17-9
parallel paths, in routing tables 39-97
passive interfaces
configuring 39-107
OSPF 39-35
passwords
default configuration 6-2
disabling recovery of 6-5
encrypting 6-3
for security 1-10
overview 6-1
recovery of 48-4
setting
enable 6-3
enable secret 6-3
Telnet 6-6
with usernames 6-7
VTP domain 14-10
path cost
MSTP 19-22
STP 18-20
path MTU discovery 40-4
PBR
defined 39-103
enabling 39-105
fast-switched policy-based routing 39-106
local policy-based routing 39-106
peers, BGP 39-63
percentage thresholds in tracked lists 43-6
performance, network design 1-20
performance features 1-4
persistent self-signed certificate 6-52
per-user ACLs and Filter-Ids 9-9
per-VLAN spanning-tree plus
PE to CE routing, configuring 39-90
physical ports 11-2
PIM
default configuration 45-11
dense mode
overview 45-4
rendezvous point (RP), described 45-5
RPF lookups 45-9
displaying neighbors 45-67
enabling a mode 45-14
overview 45-4
router-query message interval, modifying 45-42
shared tree and source tree, overview 45-39
shortest path tree, delaying the use of 45-41
sparse mode
join messages and shared tree 45-5
overview 45-5
prune messages 45-5
RPF lookups 45-9
stub routing
enabling 45-27
overview 45-5
support for 1-15
versions
interoperability 45-12
troubleshooting interoperability problems 45-39
v2 improvements 45-4
PIM-DVMRP, as snooping method 24-9
ping
character output description 48-13
executing 48-12
overview 48-12
policed-DSCP map for QoS 37-77
policers
configuring
for each matched traffic class 37-59
for more than one traffic class 37-72
described 37-4
displaying 37-93
number of 37-40
types of 37-10
policing
described 37-4
hierarchical
token-bucket algorithm 37-10
policy-based routing
policy maps for QoS
characteristics of 37-59
described 37-8
displaying 37-94
hierarchical 37-9
hierarchical on SVIs
configuration guidelines 37-39
configuring 37-64
described 37-12
nonhierarchical on physical ports
configuration guidelines 37-39
configuring 37-59
described 37-10
port ACLs
defined 35-2
types of 35-3
Port Aggregation Protocol
port-based authentication
accounting 9-15
authentication server
RADIUS server 9-3
configuration guidelines 9-35, 10-9
configuring
802.1x authentication 9-39
guest VLAN 9-51
host mode 9-44
inaccessible authentication bypass 9-53
manual re-authentication of a client 9-46
periodic re-authentication 9-45
quiet period 9-46
RADIUS server parameters on the switch 9-42, 10-11
restricted VLAN 9-52
switch-to-client frame-retransmission number 9-47, 9-48
switch-to-client retransmission time 9-47
violation modes 9-38
default configuration 9-34, 10-9
described 9-2
displaying statistics 9-66, 10-17
downloadable ACLs and redirect URLs
configuring 9-60
EAPOL-start frame 9-6
EAP-request/identity frame 9-6
EAP-response/identity frame 9-6
enabling
802.1X authentication 10-11
encapsulation 9-4
flexible authentication ordering
configuring 9-63
overview 9-29
guest VLAN
configuration guidelines 9-22, 9-23
described 9-21
host mode 9-12
inaccessible authentication bypass
configuring 9-53
described 9-23
guidelines 9-37
initiation and message exchange 9-6
magic packet 9-26
maximum number of allowed devices per port 9-37
method lists 9-39
multiple authentication 9-13
multiple-hosts mode, described 9-12
per-user ACLs
AAA authorization 9-39
configuration tasks 9-19
described 9-18
RADIUS server attributes 9-18
ports
authorization state and dot1x port-control command 9-11
authorized and unauthorized 9-11
voice VLAN 9-25
port security
described 9-26
readiness check
configuring 9-40
resetting to default values 9-65
stack changes, effects of 9-12
statistics, displaying 9-66
switch
RADIUS client 9-3
switch supplicant
configuring 9-59
overview 9-31
user distribution
guidelines 9-27
overview 9-26
VLAN assignment
AAA authorization 9-39
characteristics 9-17
configuration tasks 9-17
described 9-16
voice aware 802.1x security
configuring 9-41
voice VLAN
described 9-25
PVID 9-25
VVID 9-25
wake-on-LAN, described 9-26
port-based authentication methods, supported 9-8
port-channel
port description TLV 28-2
Port Fast
described 20-2
enabling 20-13
mode, spanning tree 13-28
support for 1-8
port membership modes, VLAN 13-3
port priority
MSTP 19-20
STP 18-18
ports
10-Gigabit Ethernet 11-6
access 11-3
blocking 26-8
dynamic access 13-3
IEEE 802.1Q tunnel 13-4
protected 26-6
routed 11-4
secure 26-9
switch 11-2
VLAN assignments 13-10
port security
aging 26-18
and private VLANs 26-20
and QoS trusted boundary 37-44
and stacking 26-19
configuring 26-13
default configuration 26-11
described 26-9
displaying 26-23
enabling 26-20
on trunk ports 26-15
sticky learning 26-10
violations 26-10
with other features 26-12
port-shutdown response, VMPS 13-27
port VLAN ID TLV 28-2
power management TLV 28-2, 28-7
preemption, default configuration 21-8
preemption delay, default configuration 21-8
preferential treatment of traffic
prefix lists, BGP 39-60
preventing unauthorized access 6-1
primary links 21-2
priority
HSRP 41-8
overriding CoS 15-6
trusting CoS 15-6
private VLAN edge ports
private VLANs
across multiple switches 16-4
and SDM template 16-4
and SVIs 16-5
and switch stacks 16-6
benefits of 16-1
community ports 16-2
configuration guidelines 16-7, 16-9
configuration tasks 16-6
configuring 16-10
default configuration 16-7
end station access to 16-3
IP addressing 16-3
isolated port 16-2
mapping 16-14
monitoring 16-15
ports
community 16-2
configuration guidelines 16-9
configuring host ports 16-12
configuring promiscuous ports 16-13
described 13-4
isolated 16-2
promiscuous 16-2
promiscuous ports 16-2
secondary VLANs 16-2
subdomains 16-1
traffic in 16-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 6-9
exiting 6-10
logging into 6-10
setting a command with 6-8
promiscuous ports
configuring 16-13
defined 16-2
protocol-dependent modules, EIGRP 39-40
Protocol-Independent Multicast Protocol
protocol storm protection 26-21
provider edge devices 39-80
provisioning new members for a switch stack 7-9
proxy ARP
configuring 39-12
definition 39-10
with IP routing disabled 39-12
proxy reports 21-4
pruning, VTP
disabling
in VTP domain 14-16
on a port 13-22
enabling
in VTP domain 14-16
on a port 13-21
examples 14-7
overview 14-6
pruning-eligible list
changing 13-21
for VTP pruning 14-6
VLANs 14-16
PVST+
described 18-10
IEEE 802.1Q trunking interoperability 18-11
instances supported 18-10
Q
QoS
and MQC commands 37-2
auto-QoS
categorizing traffic 37-22
configuration and defaults display 37-35
configuration guidelines 37-32
described 37-21
disabling 37-34
displaying generated commands 37-34
displaying the initial configuration 37-35
effects on running configuration 37-32
list of generated commands 37-25
basic model 37-4
classification
class maps, described 37-8
defined 37-4
DSCP transparency, described 37-46
flowchart 37-7
forwarding treatment 37-3
in frames and packets 37-3
MAC ACLs, described 37-5, 37-8
options for IP traffic 37-6
options for non-IP traffic 37-5
policy maps, described 37-8
trust DSCP, described 37-5
trusted CoS, described 37-5
trust IP precedence, described 37-5
class maps
configuring 37-54
displaying 37-93
configuration guidelines
auto-QoS 37-32
standard QoS 37-38
configuring
aggregate policers 37-72
auto-QoS 37-21
default port CoS value 37-43
DSCP maps 37-75
DSCP transparency 37-46
DSCP trust states bordering another domain 37-46
egress queue characteristics 37-85
ingress queue characteristics 37-81
IP extended ACLs 37-50
IP standard ACLs 37-49
MAC ACLs 37-53
policy maps, hierarchical 37-64
policy maps on physical ports 37-59
port trust states within the domain 37-42
trusted boundary 37-44
default auto configuration 37-22
default standard configuration 37-36
displaying statistics 37-93
DSCP transparency 37-46
egress queues
allocating buffer space 37-86
buffer allocation scheme, described 37-19
configuring shaped weights for SRR 37-90
configuring shared weights for SRR 37-91
described 37-4
displaying the threshold map 37-89
flowchart 37-18
mapping DSCP or CoS values 37-88
scheduling, described 37-4
setting WTD thresholds 37-86
WTD, described 37-20
enabling globally 37-41
flowcharts
classification 37-7
egress queueing and scheduling 37-18
ingress queueing and scheduling 37-16
policing and marking 37-11
implicit deny 37-8
ingress queues
allocating bandwidth 37-83
allocating buffer space 37-83
buffer and bandwidth allocation, described 37-17
configuring shared weights for SRR 37-83
configuring the priority queue 37-84
described 37-4
displaying the threshold map 37-82
flowchart 37-16
mapping DSCP or CoS values 37-82
priority queue, described 37-17
scheduling, described 37-4
setting WTD thresholds 37-82
WTD, described 37-17
IP phones
automatic classification and queueing 37-21
detection and trusted settings 37-21, 37-44
limiting bandwidth on egress interface 37-92
mapping tables
CoS-to-DSCP 37-75
displaying 37-94
DSCP-to-CoS 37-78
DSCP-to-DSCP-mutation 37-79
IP-precedence-to-DSCP 37-76
policed-DSCP 37-77
types of 37-13
marked-down actions 37-62, 37-68
overview 37-2
packet modification 37-20
policers
configuring 37-62, 37-68, 37-73
described 37-9
displaying 37-93
number of 37-40
types of 37-10
policies, attaching to an interface 37-9
policing
token bucket algorithm 37-10
policy maps
characteristics of 37-59
displaying 37-94
hierarchical 37-9
hierarchical on SVIs 37-64
nonhierarchical on physical ports 37-59
QoS label, defined 37-4
queues
configuring egress characteristics 37-85
configuring ingress characteristics 37-81
high priority (expedite) 37-20, 37-92
location of 37-14
SRR, described 37-15
WTD, described 37-14
rewrites 37-20
support for 1-13
trust states
bordering another domain 37-46
described 37-5
trusted device 37-44
within the domain 37-42
quality of service
queries, IGMP 24-4
query solicitation, IGMP 24-13
R
RADIUS
attributes
vendor-proprietary 6-39
vendor-specific 6-38
configuring
accounting 6-36
authentication 6-31
authorization 6-35
communication, global 6-29, 6-37
communication, per-server 6-29
multiple UDP ports 6-29
default configuration 6-28
defining AAA server groups 6-33
displaying the configuration 6-42
identifying the server 6-29
limiting the services to the user 6-35
method list, defined 6-28
operation of 6-20
overview 6-19
server load balancing 6-41
suggested network environments 6-19
support for 1-12
tracking services accessed by user 6-36
RADIUS Change of Authorization 6-21
range
macro 11-12
of interfaces 11-10
rapid convergence 19-10
rapid per-VLAN spanning-tree plus
rapid PVST+
described 18-10
IEEE 802.1Q trunking interoperability 18-11
instances supported 18-10
Rapid Spanning Tree Protocol
RARP 39-10
RCP
configuration files
downloading A-18
overview A-17
preparing the server A-18
uploading A-19
image files
deleting old image A-39
downloading A-37
preparing the server A-36
uploading A-39
reachability, tracking IP SLAs IP host 43-9
readiness check
port-based authentication
configuring 9-40
reconfirmation interval, VMPS, changing 13-30
reconfirming dynamic VLAN membership 13-30
recovery procedures 48-1
redundancy
EtherChannel 38-2
HSRP 41-1
STP
backbone 18-9
multidrop backbone 20-5
path cost 13-25
port priority 13-23
redundant links and UplinkFast 20-16
reliable transport protocol, EIGRP 39-40
reloading software 3-24
Remote Authentication Dial-In User Service
Remote Copy Protocol
Remote Network Monitoring
Remote SPAN
remote SPAN 30-3
report suppression, IGMP
described 24-6
resequencing ACL entries 35-15
reserved addresses in DHCP pools 22-29
resets, in BGP 39-55
resetting a UDLD-shutdown interface 29-6
responder, IP SLAs
described 42-4
enabling 42-7
response time, measuring with IP SLAs 42-4
restricted VLAN
configuring 9-52
described 9-22
using with IEEE 802.1x 9-22
restricting access
overview 6-1
passwords and privilege levels 6-2
RADIUS 6-19
TACACS+ 6-10
retry count, VMPS, changing 13-31
reverse address resolution 39-9
Reverse Address Resolution Protocol
RFC
1112, IP multicast and IGMP 24-2
1157, SNMPv1 33-2
1166, IP addresses 39-7
1305, NTP 5-2
1587, NSSAs 39-27
1757, RMON 31-2
1901, SNMPv2C 33-2
1902 to 1907, SNMPv2 33-2
2236, IP multicast and IGMP 24-2
2273-2275, SNMPv3 33-2
RFC 5176 Compliance 6-22
RIP
advertisements 39-20
authentication 39-23
configuring 39-22
default configuration 39-21
described 39-20
for IPv6 40-7
hop counts 39-20
split horizon 39-24
summary addresses 39-24
support for 1-14
RMON
default configuration 31-3
displaying status 31-6
enabling alarms and events 31-3
groups supported 31-2
overview 31-2
statistics
collecting group Ethernet 31-6
collecting group history 31-5
support for 1-16
root guard
described 20-10
enabling 20-18
support for 1-8
root switch
MSTP 19-18
STP 18-16
route calculation timers, OSPF 39-35
route dampening, BGP 39-67
routed packets, ACLs on 35-41
routed ports
configuring 39-5
defined 11-4
route-map command 39-105
route maps
BGP 39-58
policy-based routing 39-103
router ACLs
defined 35-2
types of 35-4
route reflectors, BGP 39-66
router ID, OSPF 39-37
route selection, BGP 39-56
route summarization, OSPF 39-35
route targets, VPN 39-82
routing
default 39-3
dynamic 39-3
redistribution of information 39-99
static 39-3
routing domain confederation, BGP 39-65
Routing Information Protocol
routing protocol administrative distances 39-98
RSPAN 30-3
and stack changes 30-11
characteristics 30-9
configuration guidelines 30-19
default configuration 30-12
destination ports 30-8
displaying status 30-30
in a switch stack 30-2
interaction with other features 30-9
monitored ports 30-7
monitoring ports 30-8
received traffic 30-5
session limits 30-12
sessions
creating 30-19
defined 30-4
limiting source traffic to specific VLANs 30-22
specifying monitored ports 30-19
with ingress traffic enabled 30-24
source ports 30-7
transmitted traffic 30-6
VLAN-based 30-7
RSTP
active topology 19-10
BPDU
format 19-13
processing 19-13
designated port, defined 19-9
designated switch, defined 19-9
interoperability with IEEE 802.1D
described 19-9
restarting migration process 19-27
topology changes 19-14
overview 19-9
port roles
described 19-9
synchronized 19-12
proposal-agreement handshake process 19-10
rapid convergence
cross-stack rapid convergence 19-11
described 19-10
edge ports and Port Fast 19-10
point-to-point links 19-10, 19-26
root ports 19-10
root port, defined 19-9
running configuration
saving 3-17
S
scheduled reloads 3-24
scheduling, IP SLAs operations 42-5
SDM
described 8-1
switch stack consideration 7-11
templates
configuring 8-5
number of 8-1
SDM template
configuring 8-4
dual IPv4 and IPv6 8-2
types of 8-1
secondary VLANs 16-2
secure HTTP client
configuring 6-57
displaying 6-58
secure HTTP server
configuring 6-56
displaying 6-58
secure MAC addresses
and switch stacks 26-19
deleting 26-17
maximum number of 26-10
types of 26-10
secure ports
and switch stacks 26-19
configuring 26-9
secure remote connections 6-47
Secure Socket Layer
security, port 26-9
security features 1-10
sequence numbers in log messages 32-8
server mode, VTP 14-3
service-provider network, MSTP and RSTP 19-1
service-provider networks
and customer VLANs 17-2
and IEEE 802.1Q tunneling 17-1
Layer 2 protocols across 17-8
Layer 2 protocol tunneling for EtherChannels 17-9
set-request operation 33-4
severity levels, defining in system messages 32-9
SFPs
monitoring status of 11-28, 48-11
numbering of 11-9
security and identification 48-10
status, displaying 48-11
shaped round robin
show access-lists hw-summary command 35-22
show and more command output, filtering 2-9
show cdp traffic command 27-5
show configuration command 11-23
show forward command 48-20
show interfaces command 11-20, 11-23
show interfaces switchport 21-4
show l2protocol command 17-13, 17-15, 17-16
show lldp traffic command 28-11
show platform forward command 48-20
show running-config command
displaying ACLs 35-20, 35-21, 35-32, 35-35
interface description in 11-23
shutdown command on interfaces 11-29
shutdown threshold for Layer 2 protocol packets 17-11
Simple Network Management Protocol
single session ID 9-32
small-frame arrival rate, configuring 26-5
Smartports macros
applying Cisco-default macros 12-6
applying global parameter values 12-5, 12-6
applying macros 12-5
applying parameter values 12-5, 12-7
configuration guidelines 12-2
creating 12-4
default configuration 12-2
defined 12-1
displaying 12-8
tracing 12-3
SNAP 27-1
SNMP
accessing MIB variables with 33-4
agent
described 33-4
disabling 33-7
and IP SLAs 42-2
authentication level 33-10
community strings
configuring 33-8
overview 33-4
configuration examples 33-18
default configuration 33-6
engine ID 33-7
host 33-6
ifIndex values 33-5
in-band management 1-7
informs
and trap keyword 33-12
described 33-5
differences from traps 33-5
disabling 33-15
enabling 33-15
limiting access by TFTP servers 33-17
limiting system log messages to NMS 32-10
notifications 33-5
security levels 33-3
setting CPU threshold notification 33-16
status, displaying 33-19
system contact and location 33-16
trap manager, configuring 33-14
traps
differences from informs 33-5
disabling 33-15
enabling 33-12
enabling MAC address notification 5-16, 5-18, 5-19
types of 33-12
versions supported 33-2
SNMP and Syslog Over IPv6 40-8
SNMPv1 33-2
SNMPv2C 33-2
SNMPv3 33-2
snooping, IGMP 24-2
software compatibility
software images
location in flash A-26
recovery procedures 48-2
scheduling reloads 3-24
tar file format, described A-26
See also downloading and uploading
source addresses
in IPv4 ACLs 35-12
source-and-destination-IP address based forwarding, EtherChannel 38-8
source-and-destination MAC address forwarding, EtherChannel 38-8
source-IP address based forwarding, EtherChannel 38-8
source-MAC address forwarding, EtherChannel 38-8
Source-specific multicast
SPAN
and stack changes 30-11
configuration guidelines 30-12
default configuration 30-12
destination ports 30-8
displaying status 30-30
interaction with other features 30-9
monitored ports 30-7
monitoring ports 30-8
ports, restrictions 26-12
received traffic 30-5
session limits 30-12
sessions
configuring ingress forwarding 30-17, 30-25
defined 30-4
limiting source traffic to specific VLANs 30-17
removing destination (monitoring) ports 30-15
specifying monitored ports 30-13, 30-26
with ingress traffic enabled 30-16
source ports 30-7
transmitted traffic 30-6
VLAN-based 30-7
spanning tree and native VLANs 13-18
Spanning Tree Protocol
SPAN traffic 30-5
split horizon, RIP 39-24
SRR
configuring
shaped weights on egress queues 37-90
shared weights on egress queues 37-91
shared weights on ingress queues 37-83
described 37-15
shaped mode 37-15
shared mode 37-15
SSH
configuring 6-48
cryptographic software image 6-47
encryption methods 6-48
switch stack considerations 6-47, 7-18
user authentication methods, supported 6-48
SSL
configuration guidelines 6-54
configuring a secure HTTP client 6-57
configuring a secure HTTP server 6-56
cryptographic software image 6-51
described 6-51
monitoring 6-58
SSM
address management restrictions 45-25
CGMP limitations 45-26
configuration guidelines 45-25
configuring 45-26
differs from Internet standard multicast 45-24
IGMP snooping 45-26
IGMPv3 Host Signalling 45-25
IP address range 45-24
monitoring 45-26
operations 45-24
state maintenance limitations 45-26
stack changes
effects on
IPv6 routing 40-10
stack changes, effects on
ACL configuration 35-7
CDP 27-2
cross-stack EtherChannel 38-12
EtherChannel 38-9
fallback bridging 47-3
HSRP 41-5
IEEE 802.1x port-based authentication 9-12
IGMP snooping 24-7
IP routing 39-4
IPv6 ACLs 36-3
MAC address tables 5-15
MSTP 19-8
multicast routing 45-10
MVR 24-18
port security 26-19
SDM template selection 8-3
SNMP 33-1
SPAN and RSPAN 30-11
STP 18-12
system message log 32-2
VLANs 13-7
VTP 14-8
stack master
bridge ID (MAC address) 7-8
defined 7-1
election 7-6
IPv6 40-10
re-election 7-6
stack member
accessing CLI of specific member 7-26
configuring
member number 7-24
priority value 7-24
defined 7-1
displaying information of 7-26
IPv6 40-11
number 7-8
priority value 7-9
provisioning a new member 7-25
replacing 7-17
stack member number 11-8
stack protocol version 7-12
stacks, switch
accessing CLI of specific member 7-26
assigning information
member number 7-24
priority value 7-24
provisioning a new member 7-25
auto-advise 7-13
auto-copy 7-13
auto-extract 7-13
auto-upgrade 7-13
bridge ID 7-8
CDP considerations 27-2
compatibility, software 7-12
configuration file 7-16
configuration scenarios 7-19
copying an image file from one member to another A-40
default configuration 7-21
description of 7-1
displaying information of 7-26
enabling persistent MAC address timer 7-22
hardware compatibility and SDM mismatch mode 7-11
HSRP considerations 41-5
incompatible software and image upgrades 7-16, A-40
IPv6 on 40-10
MAC address considerations 5-15
MAC address of 7-22
management connectivity 7-18
managing 7-1
membership 7-3
merged 7-3
MSTP instances supported 18-10
multicast routing, stack master and member roles 45-10
offline configuration
described 7-9
effects of adding a provisioned switch 7-10
effects of removing a provisioned switch 7-11
effects of replacing a provisioned switch 7-11
provisioned configuration, defined 7-9
provisioned switch, defined 7-9
provisioning a new member 7-25
provisioned switch
adding 7-10
removing 7-11
replacing 7-11
replacing a failed member 7-17
software compatibility 7-12
software image version 7-12
stack protocol version 7-12
STP
bridge ID 18-3
instances supported 18-10
root port selection 18-3
stack root switch election 18-3
system messages
hostnames in the display 32-1
remotely monitoring 32-2
system prompt consideration 5-8
system-wide configuration considerations 7-17
upgrading A-40
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 7-13
described 7-12
examples 7-14
manual upgrades with auto-advise 7-13
upgrades with auto-extract 7-13
See also stack master and stack member
StackWise Plus technology, Cisco 1-3
standby ip command 41-7
standby links 21-2
standby router 41-1
standby timers, HSRP 41-11
startup configuration
booting
manually 3-20
specific image 3-21
clearing A-20
configuration file
automatically downloading 3-19
specifying the filename 3-20
default boot configuration 3-19
static access ports
assigning to VLAN 13-10
static addresses
static IP routing 1-14
static MAC addressing 1-10
static routes
configuring 39-97
configuring for IPv6 40-21
understanding 40-7
static routing 39-3
static VLAN membership 13-2
statistics
802.1X 10-17
CDP 27-5
IEEE 802.1x 9-66
interface 11-28
IP multicast routing 45-67
LLDP 28-11
LLDP-MED 28-11
NMSP 28-11
OSPF 39-38
QoS ingress and egress 37-93
RMON group Ethernet 31-6
RMON group history 31-5
SNMP input and output 33-19
VTP 14-18
sticky learning 26-10
storm control
configuring 26-3
described 26-2
disabling 26-5
displaying 26-23
support for 1-4
thresholds 26-2
STP
accelerating root port selection 20-4
BackboneFast
described 20-7
disabling 20-17
enabling 20-17
BPDU filtering
described 20-3
disabling 20-15
enabling 20-15
BPDU guard
described 20-3
disabling 20-14
enabling 20-14
BPDU message exchange 18-3
configuration guidelines 18-14, 20-12
configuring
forward-delay time 18-23
hello time 18-22
maximum aging time 18-23
path cost 18-20
port priority 18-18
root switch 18-16
secondary root switch 18-18
spanning-tree mode 18-15
switch priority 18-21
transmit hold-count 18-24
counters, clearing 18-24
cross-stack UplinkFast
described 20-5
enabling 20-17
default configuration 18-13
default optional feature configuration 20-12
designated port, defined 18-4
designated switch, defined 18-4
detecting indirect link failures 20-8
disabling 18-16
displaying status 18-24
EtherChannel guard
described 20-10
disabling 20-18
enabling 20-17
extended system ID
effects on root switch 18-16
effects on the secondary root switch 18-18
overview 18-4
unexpected behavior 18-16
features supported 1-8
IEEE 802.1D and bridge ID 18-4
IEEE 802.1D and multicast addresses 18-9
IEEE 802.1t and VLAN identifier 18-5
inferior BPDU 18-3
instances supported 18-10
interface state, blocking to forwarding 20-2
interface states
blocking 18-7
disabled 18-8
learning 18-7
listening 18-7
overview 18-5
interoperability and compatibility among modes 18-11
keepalive messages 18-2
Layer 2 protocol tunneling 17-8
limitations with IEEE 802.1Q trunks 18-11
load sharing
overview 13-23
using path costs 13-25
using port priorities 13-23
loop guard
described 20-11
enabling 20-19
modes supported 18-10
multicast addresses, effect of 18-9
optional features supported 1-8
overview 18-2
path costs 13-25
Port Fast
described 20-2
enabling 20-13
port priorities 13-24
preventing root switch selection 20-10
protocols supported 18-10
redundant connectivity 18-9
root guard
described 20-10
enabling 20-18
root port, defined 18-3
root port selection on a switch stack 18-3
root switch
configuring 18-16
effects of extended system ID 18-4, 18-16
election 18-3
unexpected behavior 18-16
shutdown Port Fast-enabled port 20-3
stack changes, effects of 18-12
status, displaying 18-24
superior BPDU 18-3
timers, described 18-21
UplinkFast
described 20-4
enabling 20-16
VLAN-bridge 18-12
stratum, NTP 5-2
stub areas, OSPF 39-33
stub routing, EIGRP 39-46
subdomains, private VLAN 16-1
subnet mask 39-7
subnet zero 39-7
success response, VMPS 13-27
summer time 5-7
SunNet Manager 1-6
supernet 39-8
supported port-based authentication methods 9-8
SVI autostate exclude
configuring 11-25
defined 11-6
SVI link state 11-6
SVIs
and IP unicast routing 39-5
and router ACLs 35-4
connecting VLANs 11-7
defined 11-5
routing between VLANs 13-2
switch 40-2
switch console port 1-7
Switch Database Management
switched packets, ACLs on 35-39
Switched Port Analyzer
switched ports 11-2
switchport backup interface 21-4, 21-5
switchport block multicast command 26-8
switchport block unicast command 26-8
switchport command 11-18
switchport mode dot1q-tunnel command 17-6
switchport protected command 26-7
switch priority
MSTP 19-23
STP 18-21
switch software features 1-1
switch virtual interface
synchronization, BGP 39-52
syslog
system capabilities TLV 28-2
system clock
configuring
daylight saving time 5-7
manually 5-5
summer time 5-7
time zones 5-6
displaying the time and date 5-5
overview 5-2
system description TLV 28-2
system message logging
default configuration 32-4
defining error message severity levels 32-9
disabling 32-4
displaying the configuration 32-14
enabling 32-5
facility keywords, described 32-14
level keywords, described 32-10
limiting messages 32-10
message format 32-2
overview 32-1
sequence numbers, enabling and disabling 32-8
setting the display destination device 32-5
stack changes, effects of 32-2
synchronizing log messages 32-6
syslog facility 1-16
time stamps, enabling and disabling 32-8
UNIX syslog servers
configuring the daemon 32-13
configuring the logging facility 32-13
facilities supported 32-14
system MTU
and IS-IS LSPs 39-74
system MTU and IEEE 802.1Q tunneling 17-5
system name
default configuration 5-9
default setting 5-9
manual configuration 5-9
system name TLV 28-2
system prompt, default setting 5-8, 5-9
system resources, optimizing 8-1
system routing
IS-IS 39-69
ISO IGRP 39-69
T
TACACS+
accounting, defined 6-12
authentication, defined 6-11
authorization, defined 6-11
configuring
accounting 6-17
authentication key 6-13
authorization 6-16
login authentication 6-14
default configuration 6-13
displaying the configuration 6-18
identifying the server 6-13
limiting the services to the user 6-16
operation of 6-12
overview 6-10
support for 1-12
tracking services accessed by user 6-17
tagged packets
IEEE 802.1Q 17-3
Layer 2 protocol 17-8
tar files
creating A-7
displaying the contents of A-7
extracting A-8
image file format A-26
TCL script, registering and defining with embedded event manager 34-7
TDR 1-16
Telnet
accessing management interfaces 2-10
number of connections 1-7
setting a password 6-6
templates, SDM 8-2
temporary self-signed certificate 6-52
Terminal Access Controller Access Control System Plus
terminal lines, setting a password 6-6
ternary content addressable memory 48-23
TFTP
configuration files
downloading A-12
preparing the server A-12
uploading A-13
configuration files in base directory 3-8
configuring for autoconfiguration 3-8
image files
deleting A-30
downloading A-28
preparing the server A-28
uploading A-30
limiting access by servers 33-17
TFTP server 1-6
threshold, traffic level 26-2
threshold monitoring, IP SLAs 42-6
time
Time Domain Reflector
time-range command 35-17
time ranges in ACLs 35-17
time stamps in log messages 32-8
time zones 5-6
TLVs
defined 28-1
LLDP 28-2
LLDP-MED 28-2
Token Ring VLANs
support for 13-6
VTP support 14-4
ToS 1-13
traceroute, Layer 2
and ARP 48-14
and CDP 48-13
broadcast traffic 48-13
described 48-13
IP addresses and subnets 48-14
MAC addresses and VLANs 48-14
multicast traffic 48-14
multiple devices on a port 48-14
unicast traffic 48-13
usage guidelines 48-13
traceroute command 48-15
tracked lists
configuring 43-3
types 43-3
tracked objects
by Boolean expression 43-4
by threshold percentage 43-6
by threshold weight 43-5
tracking interface line-protocol state 43-2
tracking IP routing state 43-2
tracking objects 43-1
tracking process 43-1
track state, tracking IP SLAs 43-9
traffic
blocking flooded 26-8
fragmented 35-6
fragmented IPv6 36-2
unfragmented 35-6
traffic policing 1-13
traffic suppression 26-2
transmit hold-count
transparent mode, VTP 14-3
trap-door mechanism 3-2
traps
configuring MAC address notification 5-16, 5-18, 5-19
configuring managers 33-12
defined 33-3
enabling 5-16, 5-18, 5-19, 33-12
notification types 33-12
troubleshooting
connectivity problems 48-11, 48-13, 48-14
CPU utilization 48-26
detecting unidirectional links 29-1
displaying crash information 48-22
PIMv1 and PIMv2 interoperability problems 45-39
setting packet forwarding 48-20
SFP security and identification 48-10
show forward command 48-20
with CiscoWorks 33-4
with debug commands 48-17
with ping 48-12
with system message logging 32-1
with traceroute 48-15
trunk failover
trunking encapsulation 1-9
trunk ports
configuring 13-19
encapsulation 13-19, 13-24, 13-25
trunks
allowed-VLAN list 13-20
configuring 13-19, 13-24, 13-25
load sharing
setting STP path costs 13-25
using STP port priorities 13-23, 13-24
native VLAN for untagged traffic 13-22
parallel 13-25
pruning-eligible list 13-21
to non-DTP device 13-16
trusted boundary for QoS 37-44
trusted port states
between QoS domains 37-46
classification options 37-5
ensuring port security for IP phones 37-44
support for 1-13
within a QoS domain 37-42
trustpoints, CA 6-52
tunneling
defined 17-1
IEEE 802.1Q 17-1
Layer 2 protocol 17-8
tunnel ports
defined 13-4
IEEE 802.1Q, configuring 17-6
incompatibilities with other features 17-6
twisted-pair Ethernet, detecting unidirectional links 29-1
type of service
U
UDLD
configuration guidelines 29-4
default configuration 29-4
disabling
globally 29-5
on fiber-optic interfaces 29-5
per interface 29-6
echoing detection mechanism 29-2
enabling
globally 29-5
per interface 29-6
Layer 2 protocol tunneling 17-10
link-detection mechanism 29-1
neighbor database 29-2
overview 29-1
resetting an interface 29-6
status, displaying 29-7
support for 1-8
UDP, configuring 39-16
UDP jitter, configuring 42-9
UDP jitter operation, IP SLAs 42-8
unauthorized ports with IEEE 802.1x 9-11
unicast MAC address filtering 1-6
and adding static addresses 5-22
and broadcast MAC addresses 5-22
and CPU packets 5-22
and multicast addresses 5-22
and router MAC addresses 5-22
configuration guidelines 5-22
described 5-21
unicast storm 26-2
unicast storm control command 26-4
unicast traffic, blocking 26-8
UniDirectional Link Detection protocol
universal software image
cryptographic 1-1
feature set
IP base 1-2
IP services 1-2
noncryptographic 1-1
UNIX syslog servers
daemon configuration 32-13
facilities supported 32-14
message logging configuration 32-13
unrecognized Type-Length-Value (TLV) support 14-4
upgrading software images
UplinkFast
described 20-4
disabling 20-16
enabling 20-16
support for 1-8
uploading
configuration files
reasons for A-9
using FTP A-16
using RCP A-19
using TFTP A-13
image files
reasons for A-25
using FTP A-34
using RCP A-39
using TFTP A-30
User Datagram Protocol
user EXEC mode 2-2
username-based authentication 6-7
Using Memory Consistency Check Routines 48-23
V
VACL logging parameters 35-37
VACLs
logging
configuration example 35-37
version-dependent transparent mode 14-5
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 7-13
described 7-12
displaying 7-13
manual upgrades with auto-advise 7-13
upgrades with auto-extract 7-13
Virtual Private Network
virtual switches and PAgP 38-6
vlan.dat file 13-5
VLAN 1
disabling on a trunk port 13-20
minimization 13-20
VLAN ACLs
vlan-assignment response, VMPS 13-27
VLAN configuration
at bootup 13-7
saving 13-7
VLAN configuration mode 2-2
VLAN database
and startup configuration file 13-7
VLAN configuration saved in 13-7
VLANs saved in 13-4
vlan dot1q tag native command 17-5
VLAN filtering and SPAN 30-8
vlan global configuration command 13-7
VLAN ID, discovering 5-24
VLAN link state 11-5
VLAN load balancing on flex links
configuration guidelines 21-8
described 21-3
VLAN management domain 14-2
VLAN Management Policy Server
VLAN map entries, order of 35-31
VLAN maps
applying 35-35
common uses for 35-35
configuration guidelines 35-31
configuring 35-30
creating 35-32
defined 35-3
denying access to a server example 35-35
denying and permitting packets 35-33
displaying 35-43
examples of ACLs and VLAN maps 35-33
removing 35-35
support for 1-10
VLAN membership
confirming 13-30
modes 13-3
VLAN Query Protocol
VLANs
adding 13-8
adding to VLAN database 13-8
aging dynamic addresses 18-10
allowed on trunk 13-20
and spanning-tree instances 13-3, 13-6, 13-11
configuration guidelines, extended-range VLANs 13-11
configuration guidelines, normal-range VLANs 13-6
configuring 13-1
configuring IDs 1006 to 4094 13-11
connecting through SVIs 11-7
customer numbering in service-provider networks 17-3
default configuration 13-8
deleting 13-9
displaying 13-15
features 1-9
illustrated 13-2
internal 13-12
in the switch stack 13-7
limiting source traffic with RSPAN 30-22
limiting source traffic with SPAN 30-17
modifying 13-8
multicast 24-18
native, configuring 13-22
number supported 1-9
parameters 13-5
port membership modes 13-3
static-access ports 13-10
STP and IEEE 802.1Q trunks 18-11
supported 13-2
Token Ring 13-6
traffic between 13-2
VTP modes 14-3
VLAN Trunking Protocol
VLAN trunks 13-15
VMPS
administering 13-31
configuration example 13-32
configuration guidelines 13-28
default configuration 13-28
description 13-26
dynamic port membership
described 13-27
reconfirming 13-30
troubleshooting 13-32
mapping MAC addresses to VLANs 13-27
monitoring 13-31
reconfirmation interval, changing 13-30
reconfirming membership 13-30
retry count, changing 13-31
voice aware 802.1x security
port-based authentication
configuring 9-41
voice-over-IP 15-1
voice VLAN
Cisco 7960 phone, port connections 15-1
configuration guidelines 15-3
configuring IP phones for data traffic
override CoS of incoming frame 15-6
trust CoS priority of incoming frame 15-6
configuring ports for voice traffic in
IEEE 802.1p priority tagged frames 15-5
IEEE 802.1Q frames 15-5
connecting to an IP phone 15-4
default configuration 15-3
described 15-1
displaying 15-7
IP phone data traffic, described 15-2
IP phone voice traffic, described 15-2
VPN
configuring routing in 39-89
forwarding 39-82
in service provider networks 39-80
routes 39-80
VPN routing and forwarding table
VRF
defining 39-82
tables 39-80
VRF-aware services
ARP 39-85
configuring 39-84
ftp 39-87
HSRP 39-86
ping 39-85
RADIUS 39-88
SNMP 39-85
syslog 39-87
tftp 39-87
traceroute 39-87
VRFs, configuring multicast 39-88
VTP
adding a client to a domain 14-17
and extended-range VLANs 13-3, 14-2
and normal-range VLANs 13-2, 14-2
client mode, configuring 14-13
configuration
guidelines 14-9
requirements 14-11
saving 14-9
configuration requirements 14-11
configuration revision number
guideline 14-17
resetting 14-17
consistency checks 14-5
default configuration 14-8
described 14-1
domain names 14-9
domains 14-2
Layer 2 protocol tunneling 17-8
modes
client 14-3
off 14-3
server 14-3
transitions 14-3
transparent 14-3
monitoring 14-18
passwords 14-10
pruning
disabling 14-16
enabling 14-16
examples 14-7
overview 14-6
support for 1-9
pruning-eligible list, changing 13-21
server mode, configuring 14-14
statistics 14-18
support for 1-9
Token Ring support 14-4
transparent mode, configuring 14-11
using 14-1
Version
enabling 14-15
version, guidelines 14-10
Version 1 14-5
Version 2
configuration guidelines 14-10
overview 14-4
Version 3
overview 14-5
W
WCCP
authentication 44-4
configuration guidelines 44-6
default configuration 44-6
described 44-2
displaying 44-11
dynamic service groups 44-4
enabling 44-7
features unsupported 44-5
forwarding method 44-3
Layer-2 header rewrite 44-3
MD5 security 44-4
message exchange 44-3
monitoring and maintaining 44-11
negotiation 44-3
packet redirection 44-4
packet-return method 44-3
redirecting traffic received from a client 44-7
setting the password 44-7
unsupported WCCPv2 features 44-5
web authentication 9-16
configuring 10-16
described 1-10
web-based authentication
customizeable web pages 10-6
description 10-1
web-based authentication, interactions with other features 10-7
Web Cache Communication Protocol
weighted tail drop
weight thresholds in tracked lists 43-5
wired location service
configuring 28-9
displaying 28-11
location TLV 28-3
understanding 28-3
wizards 1-3
WTD
described 37-14
setting thresholds
egress queue-sets 37-86
ingress queues 37-82
support for 1-13