A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
X -
Index
A
abbreviating commands 2-4
AC (command switch) 5-9
access-class command 29-34
access control entries
See ACEs
access-denied response, VMPS 12-24
access groups, applying IPv4 ACLs to interfaces 29-35
accessing
clusters, switch 5-12
command switches 5-10
member switches 5-12
switch clusters 5-12
access lists
See ACLs
access ports
in switch clusters 5-8
access ports, defined 10-2
accounting
with 802.1x 9-32
with IEEE 802.1x 9-9
with RADIUS 8-28
with TACACS+ 8-11, 8-17
ACEs
and QoS 31-6
defined 29-20
Ethernet 29-20
IP 29-20
ACLs
ACEs 29-20
any keyword 29-27
applying
time ranges to 29-32
to an interface 29-34
to QoS 31-6
classifying traffic for QoS 31-40
comments in 29-33
compiling 29-35
defined 29-19, 29-23
examples of 29-35, 31-40
extended IP, configuring for QoS classification 31-41
extended IPv4
creating 29-26
matching criteria 29-23
hardware and software handling 29-35
host keyword 29-28
IP
creating 29-23
fragments and QoS guidelines 31-31
implicit deny 29-25, 29-29, 29-31
implicit masks 29-25
matching criteria 29-23
undefined 29-35
IPv4
applying to interfaces 29-34
creating 29-23
matching criteria 29-23
named 29-30
numbers 29-24
terminal lines, setting on 29-34
unsupported features 29-22
MAC extended 29-37, 31-42
matching 29-23, 29-35
monitoring 29-40
named, IPv4 29-30
number per QoS class map 31-31
QoS 31-6, 31-40
resequencing entries 29-30
standard IP, configuring for QoS classification 31-40
standard IPv4
creating 29-25
matching criteria 29-23
support for 1-8
support in hardware 29-35
time ranges 29-32
unsupported features, IPv4 29-22
active link 18-4, 18-5, 18-6
active links 18-2
active traffic monitoring, IP SLAs 30-1
address aliasing 20-2
addresses
displaying the MAC address table 6-26
dynamic
accelerated aging 15-8
changing the aging time 6-21
default aging 15-8
defined 6-19
learning 6-20
removing 6-22
MAC, discovering 6-26
multicast, STP address management 15-8
static
adding and removing 6-24
defined 6-19
address resolution 6-26
Address Resolution Protocol
See ARP
advertisements
CDP 22-1
LLDP 23-2
VTP 12-16, 13-3
aggregatable global unicast addresses 32-3
aggregated ports
See EtherChannel
aggregate policers 31-48
aggregate policing 1-10
aging, accelerating 15-8
aging time
accelerated
for MSTP 16-23
for STP 15-8, 15-21
MAC address table 6-21
maximum
for MSTP 16-23, 16-24
for STP 15-21, 15-22
alarms, RMON 26-3
allowed-VLAN list 12-18
ARP
defined 1-5, 6-26
table
address resolution 6-26
managing 6-26
attributes, RADIUS
vendor-proprietary 8-31
vendor-specific 8-29
audience xxxi
authentication
local mode with AAA 8-32
NTP associations 6-4
RADIUS
key 8-21
login 8-23
TACACS+
defined 8-11
key 8-13
login 8-14
See also port-based authentication
authentication failed VLAN
See restricted VLAN
authoritative time source, described 6-2
authorization
with RADIUS 8-27
with TACACS+ 8-11, 8-16
authorized ports with IEEE 802.1x 9-8
autoconfiguration 3-3
automatic discovery
considerations
beyond a noncandidate device 5-7
brand new switches 5-8
connectivity 5-4
different VLANs 5-6
management VLANs 5-7
non-CDP-capable devices 5-6
noncluster-capable devices 5-6
in switch clusters 5-4
See also CDP
automatic QoS
See QoS
automatic recovery, clusters 5-9
See also HSRP
auto-MDIX
configuring 10-15
described 10-15
autonegotiation
duplex mode 1-3
interface configuration guidelines 10-12
mismatches 35-11
autosensing, port speed 1-3
auxiliary VLAN
See voice VLAN
availability, features 1-6
B
BackboneFast
described 17-5
disabling 17-14
enabling 17-13
support for 1-6
backup interfaces
See Flex Links
backup links 18-2
banners
configuring
login 6-19
message-of-the-day login 6-18
default configuration 6-17
when displayed 6-17
Berkeley r-tools replacement 8-44
binding database
DHCP snooping
See DHCP snooping binding database
bindings
DHCP snooping database 19-5
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 21-7
booting
boot loader, function of 3-2
boot process 3-1
manually 3-17
specific image 3-18
boot loader
accessing 3-18
described 3-2
environment variables 3-18
prompt 3-18
trap-door mechanism 3-2
BPDU
error-disabled state 17-2
filtering 17-3
RSTP format 16-12
BPDU filtering
described 17-3
disabling 17-12
enabling 17-12
support for 1-7
BPDU guard
described 17-2
disabling 17-12
enabling 17-11
support for 1-7
bridge protocol data unit
See BPDU
broadcast storm-control command 21-4
broadcast storms 21-1
C
cables, monitoring for unidirectional links 24-1
candidate switch
automatic discovery 5-4
defined 5-3
requirements 5-3
See also command switch, cluster standby group, and member switch
CA trustpoint
configuring 8-40
defined 8-38
caution, described xxxii
CDP
and trusted boundary 31-36
automatic discovery in switch clusters 5-4
configuring 22-2
default configuration 22-2
defined with LLDP 23-1
described 22-1
disabling for routing device22-3to 22-4
enabling and disabling
on an interface 22-4
on a switch 22-3
monitoring 22-4
overview 22-1
support for 1-5
transmission timer and holdtime, setting 22-2
updates 22-2
CGMP
as IGMP snooping learning method 20-8
joining multicast group 20-3
CipherSuites 8-39
Cisco 7960 IP Phone 14-1
Cisco Discovery Protocol
See CDP
Cisco IOS File System
See IFS
Cisco IOS IP Service Level Agreements (SLAs) responder 1-4
Cisco IOS IP SLAs 30-1
Cisco Network Assistant
See Network Assistant
CiscoWorks 2000 1-4, 28-4
CIST regional root
See MSTP
CIST root
See MSTP
civic location 23-3
class maps for QoS
configuring 31-43
described 31-7
displaying 31-68
class of service
See CoS
clearing interfaces 10-19
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-4
editing features
enabling and disabling 2-7
keystroke editing 2-7
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
managing clusters 5-13
no and default forms of commands 2-4
client mode, VTP 13-3
clock
See system clock
cluster requirements xxxiii
clusters, switch
accessing 5-12
automatic discovery 5-4
automatic recovery 5-9
benefits 1-2
compatibility 5-4
described 5-1
LRE profile considerations 5-13
managing
through CLI 5-13
through SNMP 5-14
planning 5-4
planning considerations
automatic discovery 5-4
automatic recovery 5-9
CLI 5-13
host names 5-12
IP addresses 5-12
LRE profiles 5-13
passwords 5-12
RADIUS 5-13
SNMP 5-13, 5-14
TACACS+ 5-13
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
automatic recovery 5-11
considerations 5-10
defined 5-2
requirements 5-3
virtual IP address 5-10
See also HSRP
CNS 1-5
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-8
management functions 1-4
Coarse Wave Division Multiplexer
See CWDM SFPs
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 8-8
command switch
accessing 5-10
active (AC) 5-9
configuration conflicts 35-11
defined 5-2
passive (PC) 5-9
password privilege levels 5-14
priority 5-9
recovery
from command-switch failure 5-9, 35-7
from lost member connectivity 35-11
redundant 5-9
replacing
with another switch 35-9
with cluster member 35-8
requirements 5-3
standby (SC) 5-9
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
configuring 5-13, 28-8
for cluster switches 28-4
in clusters 5-13
overview 28-4
SNMP 5-13
compatibility, feature 21-12
config.text 3-16
configurable leave timer, IGMP 20-5
configuration, initial
defaults 1-12
Express Setup 1-2
See also getting started guide and hardware installation guide
configuration changes, logging 27-10
configuration conflicts, recovering from lost member connectivity 35-11
configuration examples, network 1-14
configuration files
archiving B-19
clearing the startup configuration B-18
creating using a text editor B-9
default name 3-16
deleting a stored configuration B-18
described B-8
downloading
automatically 3-16
preparing B-10, B-12, B-15
reasons for B-8
using FTP B-13
using RCP B-16
using TFTP B-11
guidelines for creating and using B-9
guidelines for replacing and rolling back B-20
invalid combinations when copying B-5
limiting TFTP server access 28-15
obtaining with DHCP 3-8
password recovery disable considerations 8-5
replacing a running configuration B-18, B-19
rolling back a running configuration B-18, B-20
specifying the filename 3-16
system contact and location information 28-14
types and location B-9
uploading
preparing B-10, B-12, B-15
reasons for B-8
using FTP B-14
using RCP B-17
using TFTP B-11
configuration logger 27-10
configuration logging 2-5
configuration replacement B-18
configuration rollback B-18, B-19
configuration settings, saving 3-15
configure terminal command 10-5
configuring small-frame arrival rate 21-5
config-vlan mode 2-2, 12-6
conflicts, configuration 35-11
connections, secure remote 8-33
connectivity problems 35-12, 35-13, 35-15
consistency checks in VTP Version 2 13-4
console port, connecting to 2-10
control protocol, IP SLAs 30-4
conventions
command xxxii
for examples xxxii
publication xxxii
text xxxii
corrupted software, recovery steps with Xmodem 35-2
CoS
in Layer 2 frames 31-2
override priority 14-6
trust priority 14-6
CoS input queue threshold map for QoS 31-14
CoS output queue threshold map for QoS 31-17
CoS-to-DSCP map for QoS 31-51
counters, clearing interface 10-19
crashinfo file 35-21
critical authentication, IEEE 802.1x 9-36
cryptographic software image
SSH 8-33
SSL 8-37
CWDM SFPs 1-19
D
daylight saving time 6-13
debugging
enabling all system diagnostics 35-19
enabling for a specific feature 35-18
redirecting error message output 35-19
using commands 35-18
default commands 2-4
default configuration
802.1x 9-21
auto-QoS 31-19
banners 6-17
booting 3-16
CDP 22-2
DHCP 19-7
DHCP option 82 19-7
DHCP snooping 19-7
DHCP snooping binding database 19-7
DNS 6-16
EtherChannel 34-9
Ethernet interfaces 10-9
Flex Links 18-8
IGMP filtering 20-24
IGMP snooping 20-6, 33-5, 33-6
IGMP throttling 20-24
initial switch information 3-3
IP SLAs 30-5
IPv6 32-13
Layer 2 interfaces 10-9
LLDP 23-3
MAC address table 6-21
MAC address-table move update 18-8
MSTP 16-14
MVR 20-19
NTP 6-4
optional spanning-tree configuration 17-9
password and privilege level 8-2
RADIUS 8-20
RMON 26-3
RSPAN 25-9
SDM template 7-2
SNMP 28-6
SPAN 25-9
SSL 8-40
standard QoS 31-29
STP 15-11
system message logging 27-3
system name and prompt 6-15
TACACS+ 8-13
UDLD 24-4
VLAN, Layer 2 Ethernet interfaces 12-16
VLANs 12-7
VMPS 12-25
voice VLAN 14-3
VTP 13-6
default gateway 3-14
deleting VLANs 12-10
denial-of-service attack 21-1
description command 10-16
designing your network, examples 1-14
destination addresses
in IPv4 ACLs 29-27
destination-IP address-based forwarding, EtherChannel 34-7
destination-MAC address forwarding, EtherChannel 34-7
detecting indirect link failures, STP 17-5
device B-22
device discovery protocol 22-1, 23-1
device manager
benefits 1-2
described 1-2, 1-4
in-band management 1-5
requirements xxxii
upgrading a switch B-22
DHCP
Cisco IOS server database
configuring 19-10
enabling
relay agent 19-8
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-7
relay device 3-7
server side 3-6
TFTP server 3-7
example 3-9
lease options
for IP address information 3-6
for receiving the configuration file 3-6
overview 3-3
relationship to BOOTP 3-3
relay support 1-5
support for 1-5
DHCP-based autoconfiguration and image update
configuring3-11to 3-14
understanding3-4to 3-5
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 19-5
configuration guidelines 19-7
default configuration 19-7
displaying 19-12
overview 19-3
packet format, suboption
circuit ID 19-5
remote ID 19-5
remote ID suboption 19-5
DHCP snooping
accepting untrusted packets form edge switch 19-3, 19-9
binding database
See DHCP snooping binding database
configuration guidelines 19-7
default configuration 19-7
displaying binding tables 19-12
message exchange process 19-4
option 82 data insertion 19-3
trusted interface 19-2
untrusted interface 19-2
untrusted messages 19-2
DHCP snooping binding database
adding bindings 19-11
binding entries, displaying 19-12
binding file
format 19-6
location 19-5
bindings 19-5
clearing agent statistics 19-11
configuration guidelines 19-8
configuring 19-11
default configuration 19-7
deleting
binding file 19-11
bindings 19-11
database agent 19-11
described 19-5
displaying 19-12
displaying status and statistics 19-12
enabling 19-11
entry 19-5
renewing database 19-11
resetting
delay value 19-11
timeout value 19-11
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 31-2
Differentiated Services Code Point 31-2
directed unicast requests 1-5
directories
changing B-3
creating and removing B-4
displaying the working B-3
discovery, clusters
See automatic discovery
DNS
and DHCP-based autoconfiguration 3-7
default configuration 6-16
displaying the configuration 6-17
in IPv6 32-4
overview 6-15
setting up 6-16
support for 1-5
documentation, related xxxii
document conventions xxxii
domain names
DNS 6-15
VTP 13-8
Domain Name System
See DNS
downloading
configuration files
preparing B-10, B-12, B-15
reasons for B-8
using FTP B-13
using RCP B-16
using TFTP B-11
image files
deleting old image B-26
preparing B-25, B-28, B-32
reasons for B-22
using CMS 1-2
using FTP B-29
using HTTP 1-2, B-22
using RCP B-33
using TFTP B-25
using the device manager or Network Assistant B-22
DSCP 1-10, 31-2
DSCP input queue threshold map for QoS 31-14
DSCP output queue threshold map for QoS 31-17
DSCP-to-CoS map for QoS 31-54
DSCP-to-DSCP-mutation map for QoS 31-55
DSCP transparency 31-37
DTP 1-7, 12-15
Dual IPv4-and-IPv6 SDM Templates 32-12
dual IPv4 and IPv6 templates 32-1, 32-12
dual protocol stacks
IPv4 and IPv6 32-12
SDM templates supporting 32-12
dual-purpose uplinks
defined 10-4
LEDs 10-4
link selection 10-4
setting the type 10-10
dynamic access ports
characteristics 12-3
configuring 12-27
defined 10-3
dynamic addresses
See addresses
dynamic auto trunking mode 12-15
dynamic desirable trunking mode 12-15
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 12-25
reconfirming 12-27
troubleshooting 12-29
types of connections 12-27
Dynamic Trunking Protocol
See DTP
E
editing features
enabling and disabling 2-7
keystrokes used 2-7
wrapped lines 2-9
ELIN location 23-3
enable password 8-3
enable secret password 8-3
encryption, CipherSuite 8-39
encryption for passwords 8-3
environment variables, function of 3-19
error-disabled state, BPDU 17-2
error messages during command entry 2-5
EtherChannel
automatic creation of 34-4, 34-5
channel groups
binding physical and logical interfaces 34-3
numbering of 34-3
configuration guidelines 34-9
configuring Layer 2 interfaces 34-10
default configuration 34-9
described 34-2
displaying status 34-16
forwarding methods 34-6, 34-12
IEEE 802.3ad, described 34-5
interaction
with STP 34-9
with VLANs 34-10
LACP
described 34-5
displaying status 34-16
hot-standby ports 34-14
interaction with other features 34-6
modes 34-5
port priority 34-15
system priority 34-15
load balancing 34-6, 34-12
PAgP
aggregate-port learners 34-13
compatibility with Catalyst 1900 34-13
described 34-4
displaying status 34-16
interaction with other features 34-5
learn method and priority configuration 34-13
modes 34-4
support for 1-3
port-channel interfaces
described 34-3
numbering of 34-3
port groups 10-3
support for 1-3
EtherChannel guard
described 17-7
disabling 17-14
enabling 17-14
Ethernet VLANs
adding 12-8
defaults and ranges 12-7
modifying 12-8
EUI 32-3
events, RMON 26-3
examples
conventions for xxxii
network configuration 1-14
expedite queue for QoS 31-67
Express Setup 1-2
See also getting started guide
extended crashinfo file 35-21
extended-range VLANs
configuration guidelines 12-12
configuring 12-11
creating 12-12
defined 12-1
extended system ID
MSTP 16-17
STP 15-4, 15-14
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 9-1
F
fa0 interface 1-6
Fast Convergence 18-3
features, incompatible 21-12
fiber-optic, detecting unidirectional links 24-1
files
basic crashinfo
description 35-21
location 35-21
copying B-4
crashinfo, description 35-21
deleting B-5
displaying the contents of B-7
extended crashinfo
description 35-21
location 35-22
tar
creating B-6
displaying the contents of B-6
extracting B-7
image file format B-23
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-4
setting the default B-2
filtering
non-IP traffic 29-37
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
See ACLs, IP
flash device, number of B-1
Flex Link Multicast Fast Convergence 18-3
Flex Links
configuration guidelines 18-8
configuring 18-9
configuring preferred VLAN 18-12
configuring VLAN load balancing 18-11
default configuration 18-8
description 18-2
link load balancing 18-2
monitoring 18-14
VLANs 18-2
flooded traffic, blocking 21-8
flow-based packet classification 1-10
flowcharts
QoS classification 31-6
QoS egress queueing and scheduling 31-15
QoS ingress queueing and scheduling 31-13
QoS policing and marking 31-9
flowcontrol
configuring 10-14
described 10-14
forward-delay time
MSTP 16-23
STP 15-21
FTP
accessing MIB files A-3
configuration files
downloading B-13
overview B-12
preparing the server B-12
uploading B-14
image files
deleting old image B-30
downloading B-29
preparing the server B-28
uploading B-30
G
general query 18-5
Generating IGMP Reports 18-4
get-bulk-request operation 28-3
get-next-request operation 28-3, 28-4
get-request operation 28-3, 28-4
get-response operation 28-3
global configuration mode 2-2
global leave, IGMP 20-12
guest VLAN and 802.1x 9-12
guide
audience xxxi
purpose of xxxi
guide mode 1-2
GUIs
See device manager and Network Assistant
H
hello time
MSTP 16-22
STP 15-20
help, for the command line 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 27-10
host names, in clusters 5-12
hosts, limit on dynamic ports 12-29
HP OpenView 1-4
HSRP
automatic cluster recovery 5-11
cluster standby group considerations 5-10
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
see HTTPS
HTTPS 8-38
configuring 8-41
self-signed certificate 8-38
HTTP secure server 8-38
I
ICMP
IPv6 32-4
time-exceeded messages 35-15
traceroute and 35-15
ICMP ping
executing 35-13
overview 35-12
ICMPv6 32-4
IDS appliances
and ingress RSPAN 25-20
and ingress SPAN 25-13
IEEE 802.1D
See STP
IEEE 802.1p 14-1
IEEE 802.1Q
and trunk ports 10-3
configuration limitations 12-15
encapsulation 12-14
native VLAN for untagged traffic 12-20
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3x flow control 10-14
ifIndex values, SNMP 28-5
IFS 1-5
IGMP
configurable leave timer
described 20-5
enabling 20-10
flooded multicast traffic
controlling the length of time 20-11
disabling on an interface 20-12
global leave 20-12
query solicitation 20-12
recovering from flood mode 20-12
joining multicast group 20-3
join messages 20-3
leave processing, enabling 20-10, 33-9
leaving multicast group 20-5
queries 20-4
report suppression
described 20-6
disabling 20-15, 33-11
supported versions 20-2
support for 1-3
IGMP filtering
configuring 20-24
default configuration 20-24
described 20-23
monitoring 20-28
support for 1-4
IGMP groups
configuring filtering 20-26
setting the maximum number 20-26
IGMP Immediate Leave
configuration guidelines 20-10
described 20-5
enabling 20-10
IGMP profile
applying 20-25
configuration mode 20-24
configuring 20-24
IGMP snooping
and address aliasing 20-2
configuring 20-6
default configuration 20-6, 33-5, 33-6
definition 20-1
enabling and disabling 20-7, 33-6
global configuration 20-7
Immediate Leave 20-5
method 20-8
monitoring 20-15, 33-11
querier
configuration guidelines 20-13
configuring 20-13
supported versions 20-2
support for 1-3
VLAN configuration 20-7
IGMP throttling
configuring 20-26
default configuration 20-24
described 20-23
displaying action 20-28
Immediate Leave, IGMP 20-5
enabling 33-9
inaccessible authentication bypass 9-14
initial configuration
defaults 1-12
Express Setup 1-2
See also getting started guide and hardware installation guide
interface
number 10-5
range macros 10-7
interface command 10-5
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 10-15
configuration guidelines
duplex and speed 10-12
configuring
procedure 10-5
counters, clearing 10-19
default configuration 10-9
described 10-16
descriptive name, adding 10-16
displaying information about 10-18
flow control 10-14
management 1-4
monitoring 10-18
naming 10-16
physical, identifying 10-5
range of 10-6
restarting 10-19
shutting down 10-19
speed and duplex, configuring 10-13
status 10-18
supported 10-5
types of 10-1
interfaces range macro command 10-7
interface types 10-5
Internet Protocol version 6
See IPv6
Intrusion Detection System
See IDS appliances
inventory management TLV 23-3, 23-6
IP ACLs
for QoS classification 31-6
implicit deny 29-25, 29-29
implicit masks 29-25
named 29-30
undefined 29-35
IP addresses
128-bit 32-2
candidate or member 5-3, 5-12
cluster access 5-2
command switch 5-3, 5-10, 5-12
discovering 6-26
IPv6 32-2
redundant clusters 5-10
standby command switch 5-10, 5-12
See also IP information
ip igmp profile command 20-24
IP information
assigned
manually 3-14
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP phones
and QoS 14-1
automatic classification and queueing 31-18
configuring 14-4
ensuring port security with QoS 31-35
trusted boundary for QoS 31-35
IP precedence 31-2
IP-precedence-to-DSCP map for QoS 31-52
IP protocols in ACLs 29-27
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 30-1
IP SLAs
benefits 30-2
configuration guidelines 30-5
Control Protocol 30-4
default configuration 30-5
definition 30-1
measuring network performance 30-3
monitoring 30-7
operation 30-3
responder
described 30-4
enabling 30-6
response time 30-4
SNMP support 30-2
supported metrics 30-2
IP traceroute
executing 35-16
overview 35-15
IPv4 ACLs
applying to interfaces 29-34
extended, creating 29-26
named 29-30
standard, creating 29-25
IPv4 and IPv6
differences 32-2
dual protocol stacks 32-10
IPv6
addresses 32-2
address formats 32-2
advantages 32-2
applications 32-9
autoconfiguration 32-4
autogenerated address 32-6
configuring static routes 32-15
default configuration 32-13
defined 32-1
duplicate-address detection 32-5
global prefixes 32-5
ICMP 32-4
ICMP rate limiting 32-14
link-local address 32-5
monitoring 32-17
neighbor discovery 32-4
reasons for 32-1
router advertisement messages 32-5
router advertisements 32-5
SDM templates 32-12, 33-1
Stateless Autoconfiguration 32-4
supported features 32-3
J
join messages, IGMP 20-3
L
LACP
See EtherChannel
Layer 2 frames, classification with CoS 31-2
Layer 2 interfaces, default configuration 10-9
Layer 2 traceroute
and ARP 35-14
and CDP 35-14
broadcast traffic 35-14
described 35-14
IP addresses and subnets 35-14
MAC addresses and VLANs 35-14
multicast traffic 35-14
multiple devices on a port 35-15
unicast traffic 35-14
usage guidelines 35-14
Layer 3 packets, classification methods 31-2
LDAP 4-2
Leaking IGMP Reports 18-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-3
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 16-8
Link Layer Discovery Protocol
See CDP
link local unicast addresses 32-3
link redundancy
See Flex Links
links, unidirectional 24-1
link-state tracking
configuring 34-19
described 34-17
LLDP
configuring 23-3
characteristics 23-4
default configuration 23-3
disabling and enabling
globally 23-5
on an interface 23-5
monitoring and maintaining 23-7
overview 23-1
supported TLVs 23-2
switch stack considerations 23-2
transmission timer and holdtime, setting 23-4
LLDP-MED
configuring
procedures 23-3
TLVs 23-6
monitoring and maintaining 23-7
overview 23-1, 23-2
supported TLVs 23-2
LLDP Media Endpoint Discovery
See LLDP-MED
local SPAN 25-2
location TLV 23-3, 23-6
login authentication
with RADIUS 8-23
with TACACS+ 8-14
login banners 6-17
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-15
loop guard
described 17-9
enabling 17-15
support for 1-7
LRE profiles, considerations in switch clusters 5-13
M
MAC/PHY configuration status TLV 23-2
MAC addresses
aging time 6-21
and VLAN association 6-20
building the address table 6-20
default configuration 6-21
discovering 6-26
displaying 6-26
dynamic
learning 6-20
removing 6-22
in ACLs 29-37
static
adding 6-24
allowing 6-25
characteristics of 6-24
dropping 6-25
removing 6-24
MAC address notification, support for 1-11
MAC address-table move update
configuration guidelines 18-8
configuring 18-12
default configuration 18-8
description 18-6
monitoring 18-14
MAC address-to-VLAN mapping 12-24
MAC authentication bypass 9-10
MAC extended access lists
applying to Layer 2 interfaces 29-39
configuring for QoS 31-42
creating 29-37
defined 29-37
for QoS classification 31-5
macros
See Smartports macros
magic packet 9-17
manageability features 1-5
management access
in-band
browser session 1-5
CLI session 1-6
device manager 1-5
SNMP 1-6
out-of-band console port connection 1-6
management address TLV 23-2
management options
CLI 2-1
clustering 1-3
CNS 4-1
Network Assistant 1-2
overview 1-4
management VLAN
considerations in switch clusters 5-7
discovery through different management VLANs 5-7
mapping tables for QoS
configuring
CoS-to-DSCP 31-51
DSCP 31-50
DSCP-to-CoS 31-54
DSCP-to-DSCP-mutation 31-55
IP-precedence-to-DSCP 31-52
policed-DSCP 31-53
described 31-10
marking
action with aggregate policers 31-48
described 31-4, 31-8
matching, IPv4 ACLs 29-23
maximum aging time
MSTP 16-23
STP 15-21
maximum hop count, MSTP 16-24
membership mode, VLAN port 12-3
member switch
automatic discovery 5-4
defined 5-2
managing 5-13
passwords 5-12
recovering from lost connectivity 35-11
requirements 5-3
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 6-17
MIBs
accessing files with FTP A-3
location of files A-3
overview 28-1
SNMP interaction with 28-4
supported A-1
mirroring traffic for analysis 25-1
mismatches, autonegotiation 35-11
module number 10-5
monitoring
access groups 29-40
cables for unidirectional links 24-1
CDP 22-4
features 1-11
Flex Links 18-14
IGMP
filters 20-28
snooping 20-15, 33-11
interfaces 10-18
IP SLAs operations 30-7
IPv4 ACL configuration 29-40
IPv6 32-17
MAC address-table move update 18-14
multicast router interfaces 20-16, 33-12
MVR 20-22
network traffic for analysis with probe 25-2
port
blocking 21-19
protection 21-19
SFP status 10-18, 35-12
speed and duplex mode 10-13
traffic flowing among switches 26-1
traffic suppression 21-18
VLANs 12-14
VMPS 12-28
VTP 13-16
mrouter Port 18-3
mrouter port 18-5
MSTP
boundary ports
configuration guidelines 16-15
described 16-6
BPDU filtering
described 17-3
enabling 17-12
BPDU guard
described 17-2
enabling 17-11
CIST, described 16-3
CIST regional root 16-3
CIST root 16-5
configuration guidelines 16-15, 17-10
configuring
forward-delay time 16-23
hello time 16-22
link type for rapid convergence 16-24
maximum aging time 16-23
maximum hop count 16-24
MST region 16-16
neighbor type 16-25
path cost 16-20
port priority 16-19
root switch 16-17
secondary root switch 16-18
switch priority 16-21
CST
defined 16-3
operations between regions 16-4
default configuration 16-14
default optional feature configuration 17-9
displaying status 16-26
enabling the mode 16-16
EtherChannel guard
described 17-7
enabling 17-14
extended system ID
effects on root switch 16-17
effects on secondary root switch 16-18
unexpected behavior 16-17
IEEE 802.1s
implementation 16-6
port role naming change 16-7
terminology 16-5
instances supported 15-9
interface state, blocking to forwarding 17-2
interoperability and compatibility among modes 15-10
interoperability with IEEE 802.1D
described 16-8
restarting migration process 16-25
IST
defined 16-3
master 16-3
operations within a region 16-3
loop guard
described 17-9
enabling 17-15
mapping VLANs to MST instance 16-16
MST region
CIST 16-3
configuring 16-16
described 16-2
hop-count mechanism 16-5
IST 16-3
supported spanning-tree instances 16-2
optional features supported 1-7
overview 16-2
Port Fast
described 17-2
enabling 17-10
preventing root switch selection 17-8
root guard
described 17-8
enabling 17-15
root switch
configuring 16-17
effects of extended system ID 16-17
unexpected behavior 16-17
shutdown Port Fast-enabled port 17-2
status, displaying 16-26
multicast groups
Immediate Leave 20-5
joining 20-3
leaving 20-5
static joins 20-9, 33-8
multicast router interfaces, monitoring 20-16, 33-12
multicast router ports, adding 20-9, 33-8
multicast storm 21-1
multicast storm-control command 21-4
multicast television application 20-17
multicast VLAN 20-16
Multicast VLAN Registration
See MVR
MVR
and address aliasing 20-20
and IGMPv3 20-20
configuration guidelines 20-19
configuring interfaces 20-21
default configuration 20-19
described 20-16
example application 20-17
modes 20-20
monitoring 20-22
multicast television application 20-17
setting global parameters 20-20
support for 1-3
N
NAC
critical authentication 9-14, 9-36
IEEE 802.1x authentication using a RADIUS server 9-40
IEEE 802.1x validation using RADIUS server 9-40
inaccessible authentication bypass 9-36
Layer 2 IEEE 802.1x validation 1-9, 9-19, 9-40
named IPv4 ACLs 29-30
NameSpace Mapper
See NSM
native VLAN
configuring 12-20
default 12-20
neighbor discovery, IPv6 32-4
Network Admission Control
See NAC
Network Admission Control Software Configuration Guide 9-42, 9-43
Network Assistant
benefits 1-2
described 1-4
downloading image files 1-2
guide mode 1-2
management options 1-2
requirements xxxii
upgrading a switch B-22
wizards 1-2
network configuration examples
increasing network performance 1-14
long-distance, high-bandwidth transport 1-19
providing network services 1-15
server aggregation and Linux server cluster 1-17
small to medium-sized network 1-18
network design
performance 1-15
services 1-15
network management
CDP 22-1
RMON 26-1
SNMP 28-1
network performance, measuring with IP SLAs 30-3
network policy TLV 23-2, 23-6
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
described 31-8
non-IP traffic filtering 29-37
nontrunking mode 12-15
normal-range VLANs 12-4
configuration guidelines 12-5
configuration modes 12-6
configuring 12-4
defined 12-1
note, described xxxii
NSM 4-3
NTP
associations
authenticating 6-4
defined 6-2
enabling broadcast messages 6-6
peer 6-5
server 6-5
default configuration 6-4
displaying the configuration 6-11
overview 6-2
restricting access
creating an access group 6-8
disabling NTP services per interface 6-10
source IP address, configuring 6-10
stratum 6-2
support for 1-5
synchronizing devices 6-5
time
services 6-2
synchronizing 6-2
O
optimizing system resources 7-1
options, management 1-4
out-of-profile markdown 1-11
P
packet modification, with QoS 31-17
PAgP
See EtherChannel
passwords
default configuration 8-2
disabling recovery of 8-5
encrypting 8-3
for security 1-8
in clusters 5-12
overview 8-1
recovery of 35-3
setting
enable 8-3
enable secret 8-3
Telnet 8-6
with usernames 8-6
VTP domain 13-8
path cost
MSTP 16-20
STP 15-18
PC (passive command switch) 5-9
performance, network design 1-14
performance features 1-3
persistent self-signed certificate 8-38
per-VLAN spanning-tree plus
See PVST+
physical ports 10-2
PIM-DVMRP, as snooping method 20-8
ping
character output description 35-13
executing 35-13
overview 35-12
policed-DSCP map for QoS 31-53
policers
configuring
for each matched traffic class 31-45
for more than one traffic class 31-48
described 31-4
displaying 31-68
number of 31-31
types of 31-8
policing
described 31-4
token-bucket algorithm 31-8
policy maps for QoS
characteristics of 31-45
described 31-7
displaying 31-68
nonhierarchical on physical ports
described 31-8
port ACLs, described 29-20
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 9-9
authentication server
defined 9-3
RADIUS server 9-3
client, defined 9-3
configuration guidelines 9-22
configuring
802.1x authentication 9-25
guest VLAN 9-33
host mode 9-28
inaccessible authentication bypass 9-36
manual re-authentication of a client 9-29
periodic re-authentication 9-28
quiet period 9-29
RADIUS server 9-27
RADIUS server parameters on the switch 9-26
restricted VLAN 9-34
switch-to-client frame-retransmission number 9-31
switch-to-client retransmission time 9-30
default configuration 9-21
described 9-1
device roles 9-3
displaying statistics 9-44
EAPOL-start frame 9-6
EAP-request/identity frame 9-6
EAP-response/identity frame 9-6
encapsulation 9-3
guest VLAN
configuration guidelines 9-13, 9-14
described 9-12
host mode 9-8
inaccessible authentication bypass
configuring 9-36
described 9-14
guidelines 9-23
initiation and message exchange 9-6
magic packet 9-17
method lists 9-25
multiple-hosts mode, described 9-9
ports
authorization state and dot1x port-control command 9-8
authorized and unauthorized 9-8
critical 9-14
voice VLAN 9-15
port security
and voice VLAN 9-17
described 9-16
interactions 9-16
multiple-hosts mode 9-9
readiness check
configuring 9-24
described 9-10, 9-24
resetting to default values 9-44
statistics, displaying 9-44
switch
as proxy 9-3
RADIUS client 9-3
upgrading from a previous release 9-24
VLAN assignment
AAA authorization 9-25
characteristics 9-11
configuration tasks 9-12
described 9-11
voice VLAN
described 9-15
PVID 9-15
VVID 9-15
wake-on-LAN, described 9-17
port blocking 1-3, 21-7
port-channel
See EtherChannel
port description TLV 23-2
Port Fast
described 17-2
enabling 17-10
mode, spanning tree 12-25
support for 1-7
port membership modes, VLAN 12-3
port priority
MSTP 16-19
STP 15-16
ports
access 10-2
blocking 21-7
dual-purpose uplink 10-4
dynamic access 12-3
protected 21-6
secure 21-8
static-access 12-3, 12-10
switch 10-2
trunks 12-3, 12-14
VLAN assignments 12-10
port security
aging 21-17
and QoS trusted boundary 31-35
configuring 21-12
default configuration 21-11
described 21-8
displaying 21-19
on trunk ports 21-14
sticky learning 21-9
violations 21-10
with other features 21-11
port-shutdown response, VMPS 12-24
port VLAN ID TLV 23-2
power management TLV 23-2, 23-6
preemption, default configuration 18-8
preemption delay, default configuration 18-8
preferential treatment of traffic
See QoS
preventing unauthorized access 8-1
primary links 18-2
priority
overriding CoS 14-6
trusting CoS 14-6
private VLAN edge ports
See protected ports
privileged EXEC mode 2-2
privilege levels
changing the default for lines 8-9
command switch 5-14
exiting 8-9
logging into 8-9
mapping on member switches 5-14
overview 8-2, 8-7
setting a command with 8-8
protected ports 1-8, 21-6
proxy reports 18-4
pruning, VTP
disabling
in VTP domain 13-14
on a port 12-20
enabling
in VTP domain 13-14
on a port 12-19
examples 13-5
overview 13-4
pruning-eligible list
changing 12-19
for VTP pruning 13-4
VLANs 13-14
PVST+
described 15-9
IEEE 802.1Q trunking interoperability 15-10
instances supported 15-9
Q
QoS
and MQC commands 31-1
auto-QoS
categorizing traffic 31-19
configuration and defaults display 31-28
configuration guidelines 31-23
described 31-18
disabling 31-25
displaying generated commands 31-25
displaying the initial configuration 31-28
effects on running configuration 31-23
egress queue defaults 31-19
enabling for VoIP 31-24
example configuration 31-26
ingress queue defaults 31-19
list of generated commands 31-20
basic model 31-4
classification
class maps, described 31-7
defined 31-4
DSCP transparency, described 31-37
flowchart 31-6
forwarding treatment 31-3
in frames and packets 31-3
IP ACLs, described 31-5, 31-6
MAC ACLs, described 31-5, 31-6
options for IP traffic 31-5
options for non-IP traffic 31-5
policy maps, described 31-7
trust DSCP, described 31-5
trusted CoS, described 31-5
trust IP precedence, described 31-5
class maps
configuring 31-43
displaying 31-68
configuration guidelines
auto-QoS 31-23
standard QoS 31-31
configuring
aggregate policers 31-48
auto-QoS 31-18
default port CoS value 31-35
DSCP maps 31-50
DSCP transparency 31-37
DSCP trust states bordering another domain 31-37
egress queue characteristics 31-61
ingress queue characteristics 31-56
IP extended ACLs 31-41
IP standard ACLs 31-40
MAC ACLs 31-42
port trust states within the domain 31-33
trusted boundary 31-35
default auto configuration 31-19
default standard configuration 31-29
displaying statistics 31-68
DSCP transparency 31-37
egress queues
allocating buffer space 31-61
buffer allocation scheme, described 31-16
configuring shaped weights for SRR 31-65
configuring shared weights for SRR 31-66
described 31-4
displaying the threshold map 31-64
flowchart 31-15
mapping DSCP or CoS values 31-64
scheduling, described 31-4
setting WTD thresholds 31-61
WTD, described 31-17
enabling globally 31-32
flowcharts
classification 31-6
egress queueing and scheduling 31-15
ingress queueing and scheduling 31-13
policing and marking 31-9
implicit deny 31-7
ingress queues
allocating bandwidth 31-59
allocating buffer space 31-58
buffer and bandwidth allocation, described 31-14
configuring shared weights for SRR 31-59
configuring the priority queue 31-60
described 31-4
displaying the threshold map 31-58
flowchart 31-13
mapping DSCP or CoS values 31-57
priority queue, described 31-14
scheduling, described 31-4
setting WTD thresholds 31-57
WTD, described 31-14
IP phones
automatic classification and queueing 31-18
detection and trusted settings 31-18, 31-35
limiting bandwidth on egress interface 31-67
mapping tables
CoS-to-DSCP 31-51
displaying 31-68
DSCP-to-CoS 31-54
DSCP-to-DSCP-mutation 31-55
IP-precedence-to-DSCP 31-52
policed-DSCP 31-53
types of 31-10
marked-down actions 31-47
marking, described 31-4, 31-8
overview 31-2
packet modification 31-17
policers
configuring 31-47, 31-49
described 31-8
displaying 31-68
number of 31-31
types of 31-8
policies, attaching to an interface 31-8
policing
described 31-4, 31-8
token bucket algorithm 31-8
policy maps
characteristics of 31-45
displaying 31-68
nonhierarchical on physical ports 31-45
QoS label, defined 31-4
queues
configuring egress characteristics 31-61
configuring ingress characteristics 31-56
high priority (expedite) 31-17, 31-67
location of 31-11
SRR, described 31-12
WTD, described 31-11
rewrites 31-17
support for 1-10
trust states
bordering another domain 31-37
described 31-5
trusted device 31-35
within the domain 31-33
quality of service
See QoS
queries, IGMP 20-4
query solicitation, IGMP 20-12
R
RADIUS
attributes
vendor-proprietary 8-31
vendor-specific 8-29
configuring
accounting 8-28
authentication 8-23
authorization 8-27
communication, global 8-21, 8-29
communication, per-server 8-20, 8-21
multiple UDP ports 8-20
default configuration 8-20
defining AAA server groups 8-25
displaying the configuration 8-31
identifying the server 8-20
in clusters 5-13
limiting the services to the user 8-27
method list, defined 8-19
operation of 8-19
overview 8-18
suggested network environments 8-18
support for 1-9
tracking services accessed by user 8-28
range
macro 10-7
of interfaces 10-6
rapid convergence 16-10
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 15-9
IEEE 802.1Q trunking interoperability 15-10
instances supported 15-9
Rapid Spanning Tree Protocol
See RSTP
rcommand command 5-13
RCP
configuration files
downloading B-16
overview B-15
preparing the server B-15
uploading B-17
image files
deleting old image B-35
downloading B-33
preparing the server B-32
uploading B-35
readiness check
port-based authentication
configuring 9-24
described 9-10, 9-24
reconfirmation interval, VMPS, changing 12-27
reconfirming dynamic VLAN membership 12-27
recovery procedures 35-1
redundancy
EtherChannel 34-3
STP
backbone 15-8
path cost 12-22
port priority 12-21
redundant links and UplinkFast 17-13
reloading software 3-20
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 25-2
report suppression, IGMP
described 20-6
disabling 20-15, 33-11
requirements
cluster xxxiii
device manager xxxii
Network Assistant xxxii
resequencing ACL entries 29-30
resetting a UDLD-shutdown interface 24-6
responder, IP SLAs
described 30-4
enabling 30-6
response time, measuring with IP SLAs 30-4
restricted VLAN
configuring 9-34
described 9-13
using with IEEE 802.1x 9-13
restricting access
NTP services 6-8
overview 8-1
passwords and privilege levels 8-2
RADIUS 8-17
TACACS+ 8-10
retry count, VMPS, changing 12-28
RFC
1112, IP multicast and IGMP 20-2
1157, SNMPv1 28-2
1305, NTP 6-2
1757, RMON 26-2
1901, SNMPv2C 28-2
1902 to 1907, SNMPv2 28-2
2236, IP multicast and IGMP 20-2
2273-2275, SNMPv3 28-2
RMON
default configuration 26-3
displaying status 26-6
enabling alarms and events 26-3
groups supported 26-2
overview 26-1
statistics
collecting group Ethernet 26-5
collecting group history 26-5
support for 1-11
root guard
described 17-8
enabling 17-15
support for 1-7
root switch
MSTP 16-17
STP 15-14
RSPAN
characteristics 25-7
configuration guidelines 25-16
default configuration 25-9
defined 25-2
destination ports 25-6
displaying status 25-22
interaction with other features 25-8
monitored ports 25-5
monitoring ports 25-6
overview 1-11, 25-1
received traffic 25-4
sessions
creating 25-16
defined 25-3
limiting source traffic to specific VLANs 25-21
specifying monitored ports 25-16
with ingress traffic enabled 25-20
source ports 25-5
transmitted traffic 25-5
VLAN-based 25-6
RSTP
active topology 16-9
BPDU
format 16-12
processing 16-13
designated port, defined 16-9
designated switch, defined 16-9
interoperability with IEEE 802.1D
described 16-8
restarting migration process 16-25
topology changes 16-13
overview 16-8
port roles
described 16-9
synchronized 16-11
proposal-agreement handshake process 16-10
rapid convergence
described 16-10
edge ports and Port Fast 16-10
point-to-point links 16-10, 16-24
root ports 16-10
root port, defined 16-9
See also MSTP
running configuration
replacing B-18, B-19
rolling back B-18, B-20
running configuration, saving 3-15
S
SC (standby command switch) 5-9
scheduled reloads 3-20
SCP
and SSH 8-44
configuring 8-44
SDM
described 7-1
templates
configuring 7-3
number of 7-1
SDM template
configuration guidelines 7-2
configuring 7-2
types of 7-1
Secure Copy Protocol
secure HTTP client
configuring 8-43
displaying 8-44
secure HTTP server
configuring 8-42
displaying 8-44
secure MAC addresses
deleting 21-16
maximum number of 21-9
types of 21-9
secure ports, configuring 21-8
secure remote connections 8-33
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 21-8
security features 1-8
See SCP
sequence numbers in log messages 27-8
server mode, VTP 13-3
service-provider network, MSTP and RSTP 16-1
set-request operation 28-4
setup program
failed command switch replacement 35-9
replacing failed command switch 35-8
severity levels, defining in system messages 27-8
SFPs
monitoring status of 10-18, 35-12
security and identification 35-11
status, displaying 35-12
shaped round robin
See SRR
show access-lists hw-summary command 29-35
show and more command output, filtering 2-10
show cdp traffic command 22-5
show cluster members command 5-13
show configuration command 10-16
show forward command 35-19
show interfaces command 10-13, 10-16
show interfaces switchport 18-4
show lldp traffic command 23-8
show platform forward command 35-19
show running-config command
displaying ACLs 29-34, 29-35
interface description in 10-16
shutdown command on interfaces 10-19
Simple Network Management Protocol
See SNMP
small-frame arrival rate, configuring 21-5
Smartports macros
applying Cisco-default macros 11-6
applying global parameter values 11-5, 11-6
applying macros 11-5
applying parameter values 11-5, 11-7
configuration guidelines 11-2
creating 11-4
default configuration 11-2
defined 11-1
displaying 11-8
tracing 11-3
website 11-2
SNAP 22-1
SNMP
accessing MIB variables with 28-4
agent
described 28-4
disabling 28-7
and IP SLAs 30-2
authentication level 28-10
community strings
configuring 28-8
for cluster switches 28-4
overview 28-4
configuration examples 28-16
default configuration 28-6
engine ID 28-7
groups 28-7, 28-9
host 28-7
ifIndex values 28-5
in-band management 1-6
in clusters 5-13
informs
and trap keyword 28-11
described 28-5
differences from traps 28-5
disabling 28-14
enabling 28-14
limiting access by TFTP servers 28-15
limiting system log messages to NMS 27-10
manager functions 1-4, 28-3
managing clusters with 5-14
MIBs
location of A-3
supported A-1
notifications 28-5
overview 28-1, 28-4
security levels 28-3
status, displaying 28-17
system contact and location 28-14
trap manager, configuring 28-13
traps
described 28-3, 28-5
differences from informs 28-5
disabling 28-14
enabling 28-11
enabling MAC address notification 6-22
overview 28-1, 28-4
types of 28-11
users 28-7, 28-9
versions supported 28-2
SNMP and Syslog Over IPv6 32-10
SNMPv1 28-2
SNMPv2C 28-2
SNMPv3 28-2
snooping, IGMP 20-1
software images
location in flash B-23
recovery procedures 35-2
scheduling reloads 3-20
tar file format, described B-23
See also downloading and uploading
source addresses
in IPv4 ACLs 29-27
source-and-destination-IP address based forwarding, EtherChannel 34-7
source-and-destination MAC address forwarding, EtherChannel 34-7
source-IP address based forwarding, EtherChannel 34-7
source-MAC address forwarding, EtherChannel 34-6
SPAN
configuration guidelines 25-10
default configuration 25-9
destination ports 25-6
displaying status 25-22
interaction with other features 25-8
monitored ports 25-5
monitoring ports 25-6
overview 1-11, 25-1
ports, restrictions 21-12
received traffic 25-4
sessions
configuring ingress forwarding 25-14, 25-21
creating 25-10
defined 25-3
limiting source traffic to specific VLANs 25-14
removing destination (monitoring) ports 25-12
specifying monitored ports 25-10
with ingress traffic enabled 25-13
source ports 25-5
transmitted traffic 25-5
VLAN-based 25-6
spanning tree and native VLANs 12-16
Spanning Tree Protocol
See STP
SPAN traffic 25-4
SRR
configuring
shaped weights on egress queues 31-65
shared weights on egress queues 31-66
shared weights on ingress queues 31-59
described 31-12
shaped mode 31-12
shared mode 31-12
support for 1-11
SSH
configuring 8-34
cryptographic software image 8-33
described 1-6, 8-33
encryption methods 8-34
user authentication methods, supported 8-34
SSL
configuration guidelines 8-40
configuring a secure HTTP client 8-43
configuring a secure HTTP server 8-41
cryptographic software image 8-37
described 8-37
monitoring 8-44
standby command switch
configuring
considerations 5-10
defined 5-2
priority 5-9
requirements 5-3
virtual IP address 5-10
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby links 18-2
startup configuration
booting
manually 3-17
specific image 3-18
clearing B-18
configuration file
automatically downloading 3-16
specifying the filename 3-16
default boot configuration 3-16
static access ports
assigning to VLAN 12-10
defined 10-3, 12-3
static addresses
See addresses
static MAC addressing 1-8
static routes
configuring for IPv6 32-15
static VLAN membership 12-2
statistics
802.1x 9-44
CDP 22-4
interface 10-18
LLDP 23-7
LLDP-MED 23-7
QoS ingress and egress 31-68
RMON group Ethernet 26-5
RMON group history 26-5
SNMP input and output 28-17
VTP 13-16
sticky learning 21-9
storm control
configuring 21-3
described 21-1
disabling 21-5
displaying 21-19
support for 1-3
thresholds 21-1
STP
accelerating root port selection 17-4
BackboneFast
described 17-5
disabling 17-14
enabling 17-13
BPDU filtering
described 17-3
disabling 17-12
enabling 17-12
BPDU guard
described 17-2
disabling 17-12
enabling 17-11
BPDU message exchange 15-3
configuration guidelines 15-12, 17-10
configuring
forward-delay time 15-21
hello time 15-20
maximum aging time 15-21
path cost 15-18
port priority 15-16
root switch 15-14
secondary root switch 15-16
spanning-tree mode 15-13
switch priority 15-19
transmit hold-count 15-22
counters, clearing 15-22
default configuration 15-11
default optional feature configuration 17-9
designated port, defined 15-3
designated switch, defined 15-3
detecting indirect link failures 17-5
disabling 15-14
displaying status 15-22
EtherChannel guard
described 17-7
disabling 17-14
enabling 17-14
extended system ID
effects on root switch 15-14
effects on the secondary root switch 15-16
overview 15-4
unexpected behavior 15-14
features supported 1-6
IEEE 802.1D and bridge ID 15-4
IEEE 802.1D and multicast addresses 15-8
IEEE 802.1t and VLAN identifier 15-4
inferior BPDU 15-3
instances supported 15-9
interface state, blocking to forwarding 17-2
interface states
blocking 15-6
disabled 15-7
forwarding 15-5, 15-6
learning 15-6
listening 15-6
overview 15-4
interoperability and compatibility among modes 15-10
limitations with IEEE 802.1Q trunks 15-10
load sharing
overview 12-20
using path costs 12-22
using port priorities 12-21
loop guard
described 17-9
enabling 17-15
modes supported 15-9
multicast addresses, effect of 15-8
optional features supported 1-7
overview 15-2
path costs 12-22, 12-23
Port Fast
described 17-2
enabling 17-10
port priorities 12-21
preventing root switch selection 17-8
protocols supported 15-9
redundant connectivity 15-8
root guard
described 17-8
enabling 17-15
root port, defined 15-3
root switch
configuring 15-14
effects of extended system ID 15-4, 15-14
election 15-3
unexpected behavior 15-14
shutdown Port Fast-enabled port 17-2
status, displaying 15-22
superior BPDU 15-3
timers, described 15-20
UplinkFast
described 17-3
enabling 17-13
stratum, NTP 6-2
success response, VMPS 12-24
summer time 6-13
SunNet Manager 1-4
switch clustering technology 5-1
See also clusters, switch
switch console port 1-6
Switch Database Management
See SDM
Switched Port Analyzer
See SPAN
switched ports 10-2
switchport backup interface 18-4, 18-5
switchport block multicast command 21-8
switchport block unicast command 21-8
switchport protected command 21-7
switch priority
MSTP 16-21
STP 15-19
switch software features 1-1
syslog
See system message logging
Syslog Over IPv6 32-11
system capabilities TLV 23-2
system clock
configuring
daylight saving time 6-13
manually 6-11
summer time 6-13
time zones 6-12
displaying the time and date 6-12
overview 6-1
See also NTP
system description TLV 23-2
system message logging
default configuration 27-3
defining error message severity levels 27-8
disabling 27-4
displaying the configuration 27-13
enabling 27-4
facility keywords, described 27-13
level keywords, described 27-9
limiting messages 27-10
message format 27-2
overview 27-1
sequence numbers, enabling and disabling 27-8
setting the display destination device 27-5
synchronizing log messages 27-6
syslog facility 1-11
time stamps, enabling and disabling 27-7
UNIX syslog servers
configuring the daemon 27-12
configuring the logging facility 27-12
facilities supported 27-13
system name
default configuration 6-15
default setting 6-15
manual configuration 6-15
See also DNS
system name TLV 23-2
system prompt, default setting 6-14, 6-15
system resources, optimizing 7-1
T
TACACS+
accounting, defined 8-11
authentication, defined 8-11
authorization, defined 8-11
configuring
accounting 8-17
authentication key 8-13
authorization 8-16
login authentication 8-14
default configuration 8-13
displaying the configuration 8-17
identifying the server 8-13
in clusters 5-13
limiting the services to the user 8-16
operation of 8-12
overview 8-10
support for 1-9
tracking services accessed by user 8-17
tar files
creating B-6
displaying the contents of B-6
extracting B-7
image file format B-23
TDR 1-12
Telnet
accessing management interfaces 2-10
number of connections 1-6
setting a password 8-6
templates, SDM 7-2
temporary self-signed certificate 8-38
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 8-6
TFTP
configuration files
downloading B-11
preparing the server B-10
uploading B-11
configuration files in base directory 3-7
configuring for autoconfiguration 3-7
image files
deleting B-26
downloading B-25
preparing the server B-25
uploading B-27
limiting access by servers 28-15
TFTP server 1-5
threshold, traffic level 21-2
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 29-32
time ranges in ACLs 29-32
time stamps in log messages 27-7
time zones 6-12
TLVs
defined 23-2
LLDP 23-2
LLDP-MED 23-2
Token Ring VLANs
support for 12-5
VTP support 13-4
ToS 1-10
traceroute, Layer 2
and ARP 35-14
and CDP 35-14
broadcast traffic 35-14
described 35-14
IP addresses and subnets 35-14
MAC addresses and VLANs 35-14
multicast traffic 35-14
multiple devices on a port 35-15
unicast traffic 35-14
usage guidelines 35-14
traceroute command 35-16
See also IP traceroute
traffic
blocking flooded 21-8
fragmented 29-21
unfragmented 29-21
traffic policing 1-10
traffic suppression 21-1
transmit hold-count
see STP
transparent mode, VTP 13-3, 13-12
trap-door mechanism 3-2
traps
configuring MAC address notification 6-22
configuring managers 28-11
defined 28-3
enabling 6-22, 28-11
notification types 28-11
overview 28-1, 28-4
troubleshooting
connectivity problems 35-12, 35-13, 35-15
detecting unidirectional links 24-1
displaying crash information 35-21
setting packet forwarding 35-19
SFP security and identification 35-11
show forward command 35-19
with CiscoWorks 28-4
with debug commands 35-18
with ping 35-12
with system message logging 27-1
with traceroute 35-15
trunk failover
See link-state tracking
trunking encapsulation 1-7
trunk ports
configuring 12-17
defined 10-3, 12-3
trunks
allowed-VLAN list 12-18
load sharing
setting STP path costs 12-22
using STP port priorities 12-21
native VLAN for untagged traffic 12-20
parallel 12-22
pruning-eligible list 12-19
to non-DTP device 12-15
trusted boundary for QoS 31-35
trusted port states
between QoS domains 31-37
classification options 31-5
ensuring port security for IP phones 31-35
support for 1-10
within a QoS domain 31-33
trustpoints, CA 8-38
twisted-pair Ethernet, detecting unidirectional links 24-1
type of service
See ToS
U
UDLD
configuration guidelines 24-4
default configuration 24-4
disabling
globally 24-5
on fiber-optic interfaces 24-5
per interface 24-5
echoing detection mechanism 24-2
enabling
globally 24-5
per interface 24-5
link-detection mechanism 24-1
neighbor database 24-2
overview 24-1
resetting an interface 24-6
status, displaying 24-6
support for 1-6
unauthorized ports with IEEE 802.1x 9-8
unicast MAC address filtering 1-5
and adding static addresses 6-25
and broadcast MAC addresses 6-25
and CPU packets 6-25
and multicast addresses 6-25
and router MAC addresses 6-25
configuration guidelines 6-25
described 6-25
unicast storm 21-1
unicast storm control command 21-4
unicast traffic, blocking 21-8
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 27-12
facilities supported 27-13
message logging configuration 27-12
unrecognized Type-Length-Value (TLV) support 13-4
upgrading a Catalyst 2950 switch
configuration compatibility issues C-1
differences in configuration commands C-1
feature behavior incompatibilities C-5
incompatible command messages C-1
recommendations C-1
upgrading information
See release notes
upgrading software images
See downloading
UplinkFast
described 17-3
disabling 17-13
enabling 17-13
support for 1-6
uploading
configuration files
preparing B-10, B-12, B-15
reasons for B-8
using FTP B-14
using RCP B-17
using TFTP B-11
image files
preparing B-25, B-28, B-32
reasons for B-23
using FTP B-30
using RCP B-35
using TFTP B-27
user EXEC mode 2-2
username-based authentication 8-6
V
version-dependent transparent mode 13-4
virtual IP address
cluster standby group 5-10
command switch 5-10
vlan.dat file 12-4
VLAN 1, disabling on a trunk port 12-18
VLAN 1 minimization 12-18
vlan-assignment response, VMPS 12-24
VLAN configuration
at bootup 12-7
saving 12-7
VLAN configuration mode 2-2, 12-6
VLAN database
and startup configuration file 12-7
and VTP 13-1
VLAN configuration saved in 12-7
VLANs saved in 12-4
vlan database command 12-6
VLAN filtering and SPAN 25-6
vlan global configuration command 12-6
VLAN ID, discovering 6-26
VLAN load balancing on flex links 18-2
configuration guidelines 18-8
VLAN management domain 13-2
VLAN Management Policy Server
See VMPS
VLAN membership
confirming 12-27
modes 12-3
VLAN Query Protocol
See VQP
VLANs
adding 12-8
adding to VLAN database 12-8
aging dynamic addresses 15-9
allowed on trunk 12-18
and spanning-tree instances 12-2, 12-6, 12-12
configuration guidelines, extended-range VLANs 12-12
configuration guidelines, normal-range VLANs 12-5
configuration options 12-6
configuring 12-1
configuring IDs 1006 to 4094 12-12
creating in config-vlan mode 12-8
creating in VLAN configuration mode 12-9
default configuration 12-7
deleting 12-10
described 10-2, 12-1
displaying 12-14
extended-range 12-1, 12-11
features 1-7
illustrated 12-2
limiting source traffic with RSPAN 25-21
limiting source traffic with SPAN 25-14
modifying 12-8
multicast 20-16
native, configuring 12-20
normal-range 12-1, 12-4
number supported 1-7
parameters 12-4
port membership modes 12-3
static-access ports 12-10
STP and IEEE 802.1Q trunks 15-10
supported 12-2
Token Ring 12-5
traffic between 12-2
VTP modes 13-3
VLAN Trunking Protocol
See VTP
VLAN trunks 12-14
VMPS
administering 12-28
configuration example 12-29
configuration guidelines 12-25
default configuration 12-25
description 12-24
dynamic port membership
described 12-25
reconfirming 12-27
troubleshooting 12-29
entering server address 12-26
mapping MAC addresses to VLANs 12-24
monitoring 12-28
reconfirmation interval, changing 12-27
reconfirming membership 12-27
retry count, changing 12-28
voice-over-IP 14-1
voice VLAN
Cisco 7960 phone, port connections 14-1
configuration guidelines 14-3
configuring IP phones for data traffic
override CoS of incoming frame 14-6
trust CoS priority of incoming frame 14-6
configuring ports for voice traffic in
802.1p priority tagged frames 14-5
802.1Q frames 14-4
connecting to an IP phone 14-4
default configuration 14-3
described 14-1
displaying 14-6
IP phone data traffic, described 14-2
IP phone voice traffic, described 14-2
VQP 1-7, 12-24
VTP
adding a client to a domain 13-14
advertisements 12-16, 13-3
and extended-range VLANs 13-2
and normal-range VLANs 13-2
client mode, configuring 13-11
configuration
global configuration mode 13-7
guidelines 13-8
privileged EXEC mode 13-7
requirements 13-9
saving 13-7
VLAN configuration mode 13-7
configuration mode options 13-7
configuration requirements 13-9
configuration revision number
guideline 13-14
resetting 13-15
configuring
client mode 13-11
server mode 13-9
transparent mode 13-12
consistency checks 13-4
default configuration 13-6
described 13-1
disabling 13-12
domain names 13-8
domains 13-2
modes
client 13-3, 13-11
server 13-3, 13-9
transitions 13-3
transparent 13-3, 13-12
monitoring 13-16
passwords 13-8
pruning
disabling 13-14
enabling 13-14
examples 13-5
overview 13-4
support for 1-7
pruning-eligible list, changing 12-19
server mode, configuring 13-9
statistics 13-16
support for 1-7
Token Ring support 13-4
transparent mode, configuring 13-12
using 13-1
version, guidelines 13-8
Version 1 13-4
Version 2
configuration guidelines 13-8
disabling 13-13
enabling 13-13
overview 13-4
W
web authentication 9-10
configuring9-41to 9-43
described 1-8, 9-19
fallback for IEEE 802.1x 9-42
weighted tail drop
See WTD
wizards 1-2
WTD
described 31-11
setting thresholds
egress queue-sets 31-61
ingress queues 31-57
support for 1-11
X
Xmodem protocol 35-2