A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
X -
Index
A
abbreviating commands 4
AC (command switch) 9
access-class command 34
access control entries
See ACEs
access-denied response, VMPS 24
access groups, applying IPv4 ACLs to interfaces 35
accessing
clusters, switch 12
command switches 10
member switches 12
switch clusters 12
access lists
See ACLs
access ports
in switch clusters 8
access ports, defined 2
accounting
with 802.1x 46
with IEEE 802.1x 13
with RADIUS 28
with TACACS+ 11, 17
ACEs
and QoS 7
defined 20
Ethernet 20
IP 20
ACLs
ACEs 20
any keyword 27
applying
time ranges to 32
to an interface 34
to QoS 7
classifying traffic for QoS 41
comments in 33
compiling 36
defined 19, 23
examples of 36, 41
extended IP, configuring for QoS classification 42
extended IPv4
creating 26
matching criteria 23
hardware and software handling 35
host keyword 28
IP
creating 23
fragments and QoS guidelines 32
implicit deny 25, 29, 31
implicit masks 25
matching criteria 23
undefined 35
IPv4
applying to interfaces 34
creating 23
matching criteria 23
named 30
numbers 24
terminal lines, setting on 34
unsupported features 22
MAC extended 38, 43
matching 23, 35
monitoring 41
named, IPv4 30
number per QoS class map 32
QoS 7, 41
resequencing entries 30
standard IP, configuring for QoS classification 41
standard IPv4
creating 25
matching criteria 23
support for 9
support in hardware 35
time ranges 32
unsupported features, IPv4 22
active link 4, 5, 6
active links 2
active traffic monitoring, IP SLAs 1
address aliasing 2
addresses
displaying the MAC address table 27
dynamic
accelerated aging 8
changing the aging time 21
default aging 8
defined 19
learning 20
removing 21
IPv6 2
MAC, discovering 27
multicast, STP address management 8
static
adding and removing 24
defined 19
address resolution 27
Address Resolution Protocol
See ARP
advertisements
CDP 1
LLDP 1, 2
VTP 16, 3
aggregatable global unicast addresses 3
aggregated ports
See EtherChannel
aggregate policers 49
aggregate policing 11
aging, accelerating 8
aging time
accelerated
for MSTP 23
for STP 8, 21
MAC address table 21
maximum
for MSTP 23, 24
for STP 21, 22
alarms, RMON 3
allowed-VLAN list 18
ARP
defined 5, 27
table
address resolution 27
managing 27
attributes, RADIUS
vendor-proprietary 31
vendor-specific 29
attribute-value pairs 12, 14, 17, 18, 27
authentication
local mode with AAA 32
NTP associations 4
open1x 25
RADIUS
key 21
login 23
authentication (continued)
TACACS+
defined 11
key 13
login 14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 9
authentication failed VLAN
See restricted VLAN
authentication manager
CLI commands 9
compatibility with older 802.1x CLI commands9to 10
overview 8
authoritative time source, described 2
authorization
with RADIUS 27
with TACACS+ 11, 16
authorized ports with IEEE 802.1x 10
autoconfiguration 3
auto enablement 26
automatic discovery
considerations
beyond a noncandidate device 7
brand new switches 8
connectivity 4
different VLANs 6
management VLANs 7
non-CDP-capable devices 6
noncluster-capable devices 6
in switch clusters 4
See also CDP
automatic QoS
See QoS
automatic recovery, clusters 9
See also HSRP
auto-MDIX
configuring 20
described 20
autonegotiation
duplex mode 3
interface configuration guidelines 17
mismatches 11
autosensing, port speed 3
Auto Smartports macros
built-in macros 2, 4
configuration guidelines 3
default configuration 2
defined 1
displaying 14
enabling 3
event triggers 6
IOS shell 1, 9
mapping 4
user-defined macros 9
See also Smartports macros
auxiliary VLAN
See voice VLAN
availability, features 6
B
BackboneFast
described 5
disabling 14
enabling 13
support for 7
backup interfaces
See Flex Links
backup links 2
banners
configuring
login 18
message-of-the-day login 18
default configuration 17
when displayed 17
Berkeley r-tools replacement 44
binding database
DHCP snooping
See DHCP snooping binding database
bindings
DHCP snooping database 5
IP source guard 12
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 7
booting
boot loader, function of 2
boot process 1
manually 17
specific image 18
boot loader
accessing 18
described 2
environment variables 18
prompt 18
trap-door mechanism 2
BPDU
error-disabled state 2
filtering 3
RSTP format 12
BPDU filtering
described 3
disabling 12
enabling 12
support for 7
BPDU guard
described 2
disabling 12
enabling 11
support for 7
bridge protocol data unit
See BPDU
broadcast storm-control command 4
broadcast storms 1
C
cables, monitoring for unidirectional links 1
candidate switch
automatic discovery 4
defined 3
requirements 3
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility 9
CA trustpoint
configuring 40
defined 38
CDP
and trusted boundary 36
automatic discovery in switch clusters 4
configuring 2
default configuration 2
defined with LLDP 1
described 1
disabling for routing device3to 4
enabling and disabling
on an interface 4
on a switch 3
monitoring 4
overview 1
power negotiation extensions 4
support for 5
transmission timer and holdtime, setting 2
updates 2
CGMP
as IGMP snooping learning method 8
joining multicast group 3
CipherSuites 39
Cisco 7960 IP Phone 1
Cisco Discovery Protocol
See CDP
Cisco intelligent power management 4
Cisco IOS File System
See IFS
Cisco IOS IP Service Level Agreements (SLAs) responder 4
Cisco IOS IP SLAs 1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 18
attribute-value pairs for redirect URL 17
Cisco Secure ACS configuration guide 58
CiscoWorks 2000 4
CISP 26
CIST regional root
See MSTP
CIST root
See MSTP
civic location 3
class maps for QoS
configuring 44
described 7
displaying 69
class of service
See CoS
clearing interfaces 27
CLI
abbreviating commands 4
command modes 1
configuration logging 5
described 4
editing features
enabling and disabling 7
keystroke editing 7
wrapped lines 9
error messages 5
filtering command output 10
getting help 3
history
changing the buffer size 6
described 6
disabling 7
recalling commands 6
managing clusters 14
no and default forms of commands 4
Client Information Signalling Protocol
See CISP
client mode, VTP 3
clock
See system clock
clusters, switch
accessing 12
automatic discovery 4
automatic recovery 9
benefits 2
compatibility 4
described 1
LRE profile considerations 13
managing
through CLI 14
through SNMP 14
planning 4
planning considerations
automatic discovery 4
automatic recovery 9
CLI 14
host names 12
IP addresses 12
LRE profiles 13
passwords 12
RADIUS 13
SNMP 13, 14
TACACS+ 13
clusters, switch (continued)
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
automatic recovery 11
considerations 10
defined 2
requirements 3
virtual IP address 10
See also HSRP
CNS 5
management functions 5
Coarse Wave Division Multiplexer
See CWDM SFPs
command-line interface
See CLI
command modes 1
commands
abbreviating 4
no and default 4
commands, setting privilege levels 8
command switch
accessing 10
active (AC) 9
configuration conflicts 11
defined 2
passive (PC) 9
password privilege levels 14
priority 9
recovery
from command-switch failure 9, 7
from lost member connectivity 11
redundant 9
replacing
with another switch 9
with cluster member 8
requirements 3
standby (SC) 9
command switch (continued)
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
configuring 13, 8
for cluster switches 4
in clusters 13
overview 4
SNMP 13
compatibility, feature 12
config.text 16
configurable leave timer, IGMP 5
configuration, initial
defaults 13
Express Setup 2
configuration changes, logging 10
configuration conflicts, recovering from lost member connectivity 11
configuration examples, network 16
configuration files
archiving 19
clearing the startup configuration 19
creating using a text editor 10
default name 16
deleting a stored configuration 19
described 8
downloading
automatically 16
preparing 10, 13, 16
reasons for 8
using FTP 13
using RCP 17
using TFTP 11
guidelines for creating and using 9
guidelines for replacing and rolling back 21
invalid combinations when copying 5
limiting TFTP server access 16
obtaining with DHCP 8
password recovery disable considerations 5
configuration files (continued)
replacing a running configuration 19, 20
rolling back a running configuration 19, 20
specifying the filename 16
system contact and location information 16
types and location 10
uploading
preparing 10, 13, 16
reasons for 9
using FTP 14
using RCP 18
using TFTP 12
configuration logger 10
configuration logging 5
configuration replacement 19
configuration rollback 19
configuration settings, saving 14
configure terminal command 10
configuring port-based authentication violation modes37to 38
configuring small-frame arrival rate 5
config-vlan mode 2, 6
conflicts, configuration 11
connections, secure remote 33
connectivity problems 13, 14, 16
consistency checks in VTP Version 2 4
console port, connecting to 10
control protocol, IP SLAs 4
corrupted software, recovery steps with Xmodem 2
CoS
in Layer 2 frames 2
override priority 6
trust priority 6
CoS input queue threshold map for QoS 14
CoS output queue threshold map for QoS 17
CoS-to-DSCP map for QoS 52
counters, clearing interface 27
CPU utilization, troubleshooting 23
crashinfo file 22
critical authentication, IEEE 802.1x 50
cryptographic software image
SSH 33
SSL 37
CWDM SFPs 20
D
DACL
See downloadable ACL
daylight saving time 13
debugging
enabling all system diagnostics 19
enabling for a specific feature 19
redirecting error message output 20
using commands 18
default commands 4
default configuration
802.1x 32
auto-QoS 19
banners 17
booting 16
CDP 2
DHCP 7
DHCP option 82 7
DHCP snooping 7
DHCP snooping binding database 7
DNS 16
dynamic ARP inspection 5
EtherChannel 9
Ethernet interfaces 14
Flex Links 8
IGMP filtering 24
IGMP snooping 6, 5, 6
IGMP throttling 24
initial switch information 3
IP SLAs 5
IP source guard 13
IPv6 7
default configuration (continued)
Layer 2 interfaces 14
LLDP 4
MAC address table 20
MAC address-table move update 8
MSTP 14
MVR 19
NTP 4
optional spanning-tree configuration 9
password and privilege level 2
RADIUS 20
RMON 3
RSPAN 9
SDM template 2
SNMP 6
SPAN 9
SSL 40
standard QoS 29
STP 11
system message logging 3
system name and prompt 15
TACACS+ 13
UDLD 4
VLAN, Layer 2 Ethernet interfaces 16
VLANs 7
VMPS 25
voice VLAN 3
VTP 6
default gateway 14
default router preference
See DRP
deleting VLANs 10
denial-of-service attack 1
description command 24
designing your network, examples 16
destination addresses
in IPv4 ACLs 27
destination-IP address-based forwarding, EtherChannel 7
destination-MAC address forwarding, EtherChannel 7
detecting indirect link failures, STP 5
device 23
device discovery protocol 1
device manager
benefits 2
described 2, 4
in-band management 6
upgrading a switch 23
DHCP
Cisco IOS server database
configuring 10
enabling
relay agent 9
DHCP-based autoconfiguration
client request message exchange 4
configuring
client side 3
DNS 7
relay device 7
server side 6
TFTP server 7
example 9
lease options
for IP address information 6
for receiving the configuration file 6
overview 3
relationship to BOOTP 3
relay support 5
support for 5
DHCP-based autoconfiguration and image update
configuring11to 13
understanding4to 5
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 5
configuration guidelines 7
default configuration 7
displaying 12
overview 3
packet format, suboption
circuit ID 5
remote ID 5
remote ID suboption 5
DHCP server port-based address allocation
configuration guidelines 17
default configuration 16
described 16
displaying 19
enabling 17
DHCP server port-based address assignment
support for 5
DHCP snooping
accepting untrusted packets form edge switch 3, 9
binding database
See DHCP snooping binding database
configuration guidelines 7
default configuration 7
displaying binding tables 12
message exchange process 4
option 82 data insertion 3
trusted interface 2
untrusted interface 2
untrusted messages 2
DHCP snooping binding database
adding bindings 11
binding entries, displaying 12
binding file
format 6
location 5
bindings 5
clearing agent statistics 11
configuration guidelines 8
DHCP snooping binding database (continued)
configuring 11
default configuration 7
deleting
binding file 11
bindings 11
database agent 11
described 5
displaying 12
displaying status and statistics 12
enabling 11
entry 5
renewing database 11
resetting
delay value 11
timeout value 11
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 2
Differentiated Services Code Point 2
directed unicast requests 5
directories
changing 4
creating and removing 4
displaying the working 4
discovery, clusters
See automatic discovery
DNS
and DHCP-based autoconfiguration 7
default configuration 16
displaying the configuration 17
in IPv6 3
overview 15
setting up 16
support for 5
domain names
DNS 15
VTP 8
Domain Name System
See DNS
downloadable ACL 17, 18, 58
downloading
configuration files
preparing 10, 13, 16
reasons for 8
using FTP 13
using RCP 17
using TFTP 11
image files
deleting old image 27
preparing 25, 29, 33
reasons for 23
using CMS 2
using FTP 30
using HTTP 2, 23
using RCP 34
using TFTP 26
using the device manager or Network Assistant 23
DRP
configuring 9
described 4
IPv6 4
support for 12
DSCP 11, 2
DSCP input queue threshold map for QoS 14
DSCP output queue threshold map for QoS 17
DSCP-to-CoS map for QoS 55
DSCP-to-DSCP-mutation map for QoS 56
DSCP transparency 37
DTP 8, 14
dual-action detection 5
dual IPv4 and IPv6 templates 5
dual protocol stacks
IPv4 and IPv6 5
SDM templates supporting 5
dual-purpose uplinks
defined 4
LEDs 4
link selection 4, 15
setting the type 15
dynamic access ports
characteristics 3
configuring 26
defined 3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 1
ARP requests, described 1
ARP spoofing attack 1
clearing
log buffer 14
statistics 14
configuration guidelines 6
configuring
ACLs for non-DHCP environments 8
in DHCP environments 7
log buffer 12
rate limit for incoming ARP packets 4, 10
default configuration 5
denial-of-service attacks, preventing 10
described 1
DHCP snooping binding database 2
displaying
ARP ACLs 14
configuration and operating state 14
log buffer 14
statistics 14
trust state and rate limit 14
error-disabled state for exceeding rate limit 4
function of 2
interface trust states 3
dynamic ARP inspection (continued)
log buffer
clearing 14
configuring 12
displaying 14
logging of dropped packets, described 4
man-in-the middle attack, described 2
network security issues and interface trust states 3
priority of ARP ACLs and DHCP snooping entries 4
rate limiting of ARP packets
configuring 10
described 4
error-disabled state 4
statistics
clearing 14
displaying 14
validation checks, performing 11
dynamic auto trunking mode 15
dynamic desirable trunking mode 15
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 24
reconfirming 27
troubleshooting 29
types of connections 26
Dynamic Trunking Protocol
See DTP
E
editing features
enabling and disabling 7
keystrokes used 7
wrapped lines 9
ELIN location 3
enable password 3
enable secret password 3
encryption, CipherSuite 39
encryption for passwords 3
environment variables, function of 19
error-disabled state, BPDU 2
error messages during command entry 5
EtherChannel
automatic creation of 4, 5
channel groups
binding physical and logical interfaces 3
numbering of 3
configuration guidelines 9
configuring Layer 2 interfaces 10
default configuration 9
described 2
displaying status 17
forwarding methods 7, 13
IEEE 802.3ad, described 5
interaction
with STP 10
with VLANs 10
LACP
described 5
displaying status 17
hot-standby ports 15
interaction with other features 6
modes 6
port priority 16
system priority 16
load balancing 7, 13
PAgP
aggregate-port learners 14
compatibility with Catalyst 1900 14
described 4
displaying status 17
interaction with other features 5
interaction with virtual switches 5
learn method and priority configuration 14
modes 4
support for 3
with dual-action detection 5
port-channel interfaces
described 3
numbering of 3
port groups 3
support for 3
EtherChannel guard
described 7
disabling 14
enabling 14
Ethernet VLANs
adding 8
defaults and ranges 7
modifying 8
EUI 3
events, RMON 3
examples
network configuration 16
expedite queue for QoS 68
Express Setup 2
See also getting started guide
extended crashinfo file 22
extended-range VLANs
configuration guidelines 12
configuring 11
creating 13
defined 1
extended system ID
MSTP 17
STP 4, 14
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 1
F
fa0 interface 6
Fast Convergence 3
features, incompatible 12
fiber-optic, detecting unidirectional links 1
files
basic crashinfo
description 22
location 22
copying 5
crashinfo, description 22
deleting 5
displaying the contents of 8
extended crashinfo
description 22
location 22
tar
creating 6
displaying the contents of 7
extracting 7
image file format 24
file system
displaying available file systems 2
displaying file information 3
local file system names 1
network file system names 5
setting the default 3
filtering
non-IP traffic 38
show and more command output 10
filtering show and more command output 10
filters, IP
See ACLs, IP
flash device, number of 1
flexible authentication ordering
configuring 60
overview 25
Flex Link Multicast Fast Convergence 3
Flex Links
configuration guidelines 8
configuring 9
configuring preferred VLAN 12
configuring VLAN load balancing 11
default configuration 8
description 2
link load balancing 2
monitoring 14
VLANs 2
flooded traffic, blocking 8
flow-based packet classification 11
flowcharts
QoS classification 6
QoS egress queueing and scheduling 16
QoS ingress queueing and scheduling 13
QoS policing and marking 10
flowcontrol
configuring 19
described 19
forward-delay time
MSTP 23
STP 21
FTP
accessing MIB files 3
configuration files
downloading 13
overview 12
preparing the server 13
uploading 14
image files
deleting old image 31
downloading 30
preparing the server 29
uploading 31
G
general query 5
Generating IGMP Reports 4
get-bulk-request operation 3
get-next-request operation 3, 4
get-request operation 3, 4
get-response operation 3
global configuration mode 2
global leave, IGMP 12
guest VLAN and 802.1x 18
guide mode 2
GUIs
See device manager and Network Assistant
H
hello time
MSTP 22
STP 20
help, for the command line 3
history
changing the buffer size 6
described 6
disabling 7
recalling commands 6
history table, level and number of syslog messages 10
host names, in clusters 12
hosts, limit on dynamic ports 29
HP OpenView 4
HSRP
automatic cluster recovery 11
cluster standby group considerations 10
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
see HTTPS
HTTPS 38
configuring 41
self-signed certificate 38
HTTP secure server 38
I
ICMP
IPv6 3
time-exceeded messages 16
traceroute and 16
ICMP ping
executing 13
overview 13
ICMPv6 3
IDS appliances
and ingress RSPAN 20
and ingress SPAN 13
IEEE 802.1D
See STP
IEEE 802.1p 1
IEEE 802.1Q
and trunk ports 3
configuration limitations 15
encapsulation 14
native VLAN for untagged traffic 19
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3af
See PoE
IEEE 802.3x flow control 19
ifIndex values, SNMP 5
IFS 5
IGMP
configurable leave timer
described 5
enabling 10
flooded multicast traffic
controlling the length of time 11
disabling on an interface 12
global leave 12
query solicitation 12
recovering from flood mode 12
joining multicast group 3
join messages 3
leave processing, enabling 10, 9
leaving multicast group 5
queries 4
report suppression
described 6
disabling 15, 11
supported versions 2
support for 3
IGMP filtering
configuring 24
default configuration 24
described 23
monitoring 28
support for 4
IGMP groups
configuring filtering 27
setting the maximum number 26
IGMP Immediate Leave
configuration guidelines 10
described 5
enabling 10
IGMP profile
applying 25
configuration mode 24
configuring 25
IGMP snooping
and address aliasing 2
configuring 6
default configuration 6, 5, 6
definition 1
IGMP snooping (continued)
enabling and disabling 7, 6
global configuration 7
Immediate Leave 5
method 8
monitoring 15, 11
querier
configuration guidelines 13
configuring 13
supported versions 2
support for 3
VLAN configuration 7
IGMP throttling
configuring 27
default configuration 24
described 24
displaying action 28
Immediate Leave, IGMP 5
enabling 9
inaccessible authentication bypass 20
initial configuration
defaults 13
Express Setup 2
interface
number 9
range macros 12
interface command9to 10
interface configuration mode 3
interfaces
auto-MDIX, configuring 20
configuration guidelines
duplex and speed 17
configuring
procedure 10
counters, clearing 27
default configuration 14
described 24
descriptive name, adding 24
displaying information about 26
flow control 19
management 4
monitoring 26
naming 24
physical, identifying 9
range of 10
restarting 28
shutting down 28
speed and duplex, configuring 18
status 26
supported 9
types of 1
interfaces range macro command 12
interface types 9
Internet Protocol version 6
See IPv6
Intrusion Detection System
See IDS appliances
inventory management TLV 3, 7
IOS shell
See Auto Smartports macros
IP ACLs
for QoS classification 7
implicit deny 25, 29
implicit masks 25
named 30
undefined 35
IP addresses
128-bit 2
candidate or member 3, 12
cluster access 2
command switch 3, 10, 12
discovering 27
IPv6 2
redundant clusters 10
standby command switch 10, 12
See also IP information
ip igmp profile command 24
IP information
assigned
manually 14
through DHCP-based autoconfiguration 3
default configuration 3
IP phones
and QoS 1
automatic classification and queueing 19
configuring 4
ensuring port security with QoS 36
trusted boundary for QoS 36
IP precedence 2
IP-precedence-to-DSCP map for QoS 53
IP protocols in ACLs 27
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 1
IP SLAs
benefits 2
configuration guidelines 5
Control Protocol 4
default configuration 5
definition 1
measuring network performance 3
monitoring 6
operation 3
responder
described 4
enabling 6
response time 4
SNMP support 2
supported metrics 2
IP source guard
and 802.1x 14
and DHCP snooping 12
and EtherChannels 14
and port security 14
and private VLANs 14
and routed ports 14
IP source guard (continued)
and TCAM entries 14
and trunk interfaces 14
and VRF 14
binding configuration
automatic 12
manual 12
binding table 12
configuration guidelines 14
default configuration 13
described 12
disabling 15
displaying
bindings 16
configuration 16
enabling 14
filtering
source IP address 13
source IP and MAC address 13
source IP address filtering 13
source IP and MAC address filtering 13
static bindings
adding 14
deleting 15
IP traceroute
executing 17
overview 16
IPv4 ACLs
applying to interfaces 34
extended, creating 26
named 30
standard, creating 25
IPv4 and IPv6
dual protocol stacks 5
IPv6
addresses 2
address formats 2
applications 4
assigning address 7
autoconfiguration 4
configuring static routes 11
default configuration 7
default router preference (DRP) 4
defined 1
forwarding 7
ICMP 3
monitoring 12
neighbor discovery 3
SDM templates 1
Stateless Autoconfiguration 4
supported features 2
understanding static routes 5
J
join messages, IGMP 3
L
LACP
See EtherChannel
Layer 2 frames, classification with CoS 2
Layer 2 interfaces, default configuration 14
Layer 2 traceroute
and ARP 15
and CDP 15
broadcast traffic 14
described 14
IP addresses and subnets 15
MAC addresses and VLANs 15
multicast traffic 15
multiple devices on a port 15
unicast traffic 14
usage guidelines 15
Layer 3 features 12
Layer 3 interfaces
assigning IPv6 addresses to 7
Layer 3 packets, classification methods 2
Leaking IGMP Reports 4
LEDs, switch
See hardware installation guide
line configuration mode 3
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 7
Link Layer Discovery Protocol
See CDP
link local unicast addresses 3
link redundancy
See Flex Links
links, unidirectional 1
link-state tracking
configuring 20
described 18
LLDP
configuring 4
characteristics 6
default configuration 4
enabling 5
monitoring and maintaining 10
overview 1
supported TLVs 2
switch stack considerations 2
transmission timer and holdtime, setting 6
LLDP-MED
configuring
procedures 4
TLVs 6
monitoring and maintaining 10
overview 1, 2
supported TLVs 2
LLDP Media Endpoint Discovery
See LLDP-MED
local SPAN 2
location TLV 3, 7
login authentication
with RADIUS 23
with TACACS+ 14
login banners 17
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 17
loop guard
described 9
enabling 15
support for 7
LRE profiles, considerations in switch clusters 13
M
MAB
See MAC authentication bypass
MAB inactivity timer
default setting 32
range 35
MAC/PHY configuration status TLV 2
MAC addresses
aging time 21
and VLAN association 20
building the address table 20
default configuration 20
disabling learning on a VLAN 26
discovering 27
displaying 27
displaying in the IP source binding table 16
dynamic
learning 20
removing 21
in ACLs 38
MAC addresses (continued)
static
adding 24
allowing 25, 27
characteristics of 24
dropping 25
removing 24
MAC address learning 5
MAC address learning, disabling on a VLAN 26
MAC address notification, support for 13
MAC address-table move update
configuration guidelines 8
configuring 12
default configuration 8
description 6
monitoring 14
MAC address-to-VLAN mapping 24
MAC authentication bypass 35
configuring 54
overview 15
MAC extended access lists
applying to Layer 2 interfaces 40
configuring for QoS 43
creating 38
defined 38
for QoS classification 5
macros
See Auto Smartports macros
See Smartports macros
magic packet 23
manageability features 5
management access
in-band
browser session 6
CLI session 6
device manager 6
SNMP 6
out-of-band console port connection 6
management address TLV 2
management options
CLI 1
clustering 3
Network Assistant 2
overview 4
management VLAN
considerations in switch clusters 7
discovery through different management VLANs 7
mapping tables for QoS
configuring
CoS-to-DSCP 52
DSCP 51
DSCP-to-CoS 55
DSCP-to-DSCP-mutation 56
IP-precedence-to-DSCP 53
policed-DSCP 54
described 10
marking
action with aggregate policers 49
described 4, 8
matching, IPv4 ACLs 23
maximum aging time
MSTP 23
STP 21
maximum hop count, MSTP 24
maximum number of allowed devices, port-based authentication 35
MDA
configuration guidelines12to 13
described 9, 12
exceptions with authentication process 6
membership mode, VLAN port 3
member switch
automatic discovery 4
defined 2
managing 14
passwords 12
recovering from lost connectivity 11
requirements 3
member switch (continued)
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 17
MIBs
accessing files with FTP 3
location of files 3
overview 1
SNMP interaction with 4
supported 1
mirroring traffic for analysis 1
mismatches, autonegotiation 11
module number 9
monitoring
access groups 41
cables for unidirectional links 1
CDP 4
features 13
Flex Links 14
IGMP
filters 28
snooping 15, 11
interfaces 26
IP SLAs operations 6
IPv4 ACL configuration 41
IPv6 12
MAC address-table move update 14
multicast router interfaces 16, 11
MVR 23
network traffic for analysis with probe 2
port
blocking 18
protection 18
SFP status 27, 13
speed and duplex mode 18
traffic flowing among switches 1
traffic suppression 18
VLANs 14
VMPS 28
VTP 16
mrouter Port 3
mrouter port 5
MSTP
boundary ports
configuration guidelines 15
described 6
BPDU filtering
described 3
enabling 12
BPDU guard
described 2
enabling 11
CIST, described 3
CIST regional root 3
CIST root 5
configuration guidelines 14, 10
configuring
forward-delay time 23
hello time 22
link type for rapid convergence 24
maximum aging time 23
maximum hop count 24
MST region 15
neighbor type 25
path cost 20
port priority 19
root switch 17
secondary root switch 18
switch priority 21
CST
defined 3
operations between regions 3
default configuration 14
default optional feature configuration 9
displaying status 26
enabling the mode 15
EtherChannel guard
described 7
enabling 14
extended system ID
effects on root switch 17
effects on secondary root switch 18
unexpected behavior 17
IEEE 802.1s
implementation 6
port role naming change 6
terminology 5
instances supported 9
interface state, blocking to forwarding 2
interoperability and compatibility among modes 10
interoperability with IEEE 802.1D
described 8
restarting migration process 25
IST
defined 2
master 3
operations within a region 3
loop guard
described 9
enabling 15
mapping VLANs to MST instance 16
MST region
CIST 3
configuring 15
described 2
hop-count mechanism 5
IST 2
supported spanning-tree instances 2
optional features supported 7
overview 2
Port Fast
described 2
enabling 10
preventing root switch selection 8
root guard
described 8
enabling 15
root switch
configuring 17
effects of extended system ID 17
unexpected behavior 17
shutdown Port Fast-enabled port 2
status, displaying 26
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 5
joining 3
leaving 5
static joins 9, 7
multicast router interfaces, monitoring 16, 11
multicast router ports, adding 9, 8
multicast storm 1
multicast storm-control command 4
multicast television application 17
multicast VLAN 16
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multiple authentication 13
multiple authentication mode
configuring 41
MVR
and address aliasing 20
and IGMPv3 20
configuration guidelines 19
configuring interfaces 21
default configuration 19
described 16
example application 17
modes 20
monitoring 23
multicast television application 17
setting global parameters 20
support for 4
N
NAC
critical authentication 20, 50
IEEE 802.1x authentication using a RADIUS server 55
IEEE 802.1x validation using RADIUS server 55
inaccessible authentication bypass 50
Layer 2 IEEE 802.1x validation 10, 25, 55
named IPv4 ACLs 30
native VLAN
configuring 19
default 19
NEAT
configuring 56
overview 26
neighbor discovery, IPv6 3
Network Admission Control
See NAC
Network Admission Control Software Configuration Guide 63, 64
Network Assistant
benefits 2
described 4
downloading image files 2
guide mode 2
management options 2
upgrading a switch 23
wizards 2
network configuration examples
increasing network performance 16
long-distance, high-bandwidth transport 20
providing network services 16
network configuration examples (continued)
server aggregation and Linux server cluster 18
small to medium-sized network 19
network design
performance 16
services 16
Network Edge Access Toplogy
See NEAT
network management
CDP 1
RMON 1
SNMP 1
network performance, measuring with IP SLAs 3
network policy TLV 2, 7
Network Time Protocol
See NTP
no commands 4
nonhierarchical policy maps
described 9
non-IP traffic filtering 38
nontrunking mode 15
normal-range VLANs 4
configuration guidelines 5
configuration modes 6
configuring 4
defined 1
NTP
associations
authenticating 4
defined 2
enabling broadcast messages 6
peer 5
server 5
default configuration 4
displaying the configuration 11
overview 2
restricting access
creating an access group 8
disabling NTP services per interface 10
source IP address, configuring 10
stratum 2
support for 5
synchronizing devices 5
time
services 2
synchronizing 2
O
open1x
configuring 61
open1x authentication
overview 25
optimizing system resources 1
options, management 4
out-of-profile markdown 11
P
packet modification, with QoS 18
PAgP
See EtherChannel
passwords
default configuration 2
disabling recovery of 5
encrypting 3
for security 8
in clusters 12
overview 1
recovery of 3
setting
enable 3
enable secret 3
Telnet 6
with usernames 6
VTP domain 8
path cost
MSTP 20
STP 18
PC (passive command switch) 9
performance, network design 16
performance features 3
persistent self-signed certificate 38
per-user ACLs and Filter-Ids 9
per-VLAN spanning-tree plus
See PVST+
physical ports 2
PIM-DVMRP, as snooping method 8
ping
character output description 14
executing 13
overview 13
PoE
auto mode 6
CDP with power consumption, described 4
CDP with power negotiation, described 4
Cisco intelligent power management 4
configuring 21
cutoff power
determining 7
cutoff-power
support for 7
devices supported 4
high-power devices operating in low-power mode 5
IEEE power classification levels 5
monitoring 7
monitoring power 23
policing power consumption 23
policing power usage 7
power budgeting 22
power consumption 8, 22
powered-device detection and initial power allocation 5
power management modes 6
power monitoring 7
power negotiation extensions to CDP 4
power sensing 7
standards supported 4
static mode 6
total available power 8
troubleshooting 11
policed-DSCP map for QoS 54
policers
configuring
for each matched traffic class 46
for more than one traffic class 49
described 4
displaying 69
number of 32
types of 9
policing
described 4
token-bucket algorithm 9
policy maps for QoS
characteristics of 46
described 7
displaying 70
nonhierarchical on physical ports
described 9
port ACLs, described 20
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 13
authentication server
defined 3
RADIUS server 3
client, defined 3
configuration guidelines 33
port-based authentication (continued)
configuring
802.1x authentication 38
guest VLAN 47
host mode 41
inaccessible authentication bypass 50
manual re-authentication of a client 43
periodic re-authentication 42
quiet period 44
RADIUS server 41
RADIUS server parameters on the switch 40
restricted VLAN 48
switch-to-client frame-retransmission number 45, 46
switch-to-client retransmission time 44
violation modes37to 38
default configuration 32
described 1
device roles 3
displaying statistics 66
downloadable ACLs and redirect URLs
configuring58to 60
overview17to 18
EAPOL-start frame 6
EAP-request/identity frame 6
EAP-response/identity frame 6
encapsulation 3
flexible authentication ordering
configuring 60
overview 25
guest VLAN
configuration guidelines 19, 20
described 18
host mode 11
inaccessible authentication bypass
configuring 50
described 20
guidelines 34
initiation and message exchange 6
port-based authentication (continued)
magic packet 23
maximum number of allowed devices per port 35
method lists 38
multiple authentication 13
ports
authorization state and dot1x port-control command 10
authorized and unauthorized 10
critical 20
voice VLAN 21
port security
and voice VLAN 23
described 22
interactions 22
multiple-hosts mode 11
readiness check
configuring 35
described 15, 35
resetting to default values 66
statistics, displaying 66
switch
as proxy 3
RADIUS client 3
switch supplicant
configuring 56
overview 26
VLAN assignment
AAA authorization 38
characteristics 16
configuration tasks 16
described 15
voice aware 802.1x security
configuring 36
described 26, 36
voice VLAN
described 21
PVID 21
VVID 21
port-based authentication (continued)
wake-on-LAN, described 23
with ACLs and RADIUS Filter-Id attribute 30
port-based authentication methods, supported 8
port blocking 3, 7
port-channel
See EtherChannel
port description TLV 2
Port Fast
described 2
enabling 10
mode, spanning tree 25
support for 7
port membership modes, VLAN 3
port priority
MSTP 19
STP 16
ports
access 2
blocking 7
dual-purpose uplink 4
dynamic access 3
protected 6
secure 8
static-access 3, 10
switch 2
trunks 3, 14
VLAN assignments 10
port security
aging 17
and QoS trusted boundary 36
configuring 12
default configuration 11
described 8
displaying 18
on trunk ports 14
sticky learning 9
violations 10
with other features 11
port-shutdown response, VMPS 24
port VLAN ID TLV 2
power management TLV 2, 7
Power over Ethernet
See PoE
preemption, default configuration 8
preemption delay, default configuration 8
preferential treatment of traffic
See QoS
preventing unauthorized access 1
primary links 2
priority
overriding CoS 6
trusting CoS 6
private VLAN edge ports
See protected ports
privileged EXEC mode 2
privilege levels
changing the default for lines 9
command switch 14
exiting 9
logging into 9
mapping on member switches 14
overview 2, 7
setting a command with 8
protected ports 9, 6
proxy reports 4
pruning, VTP
disabling
in VTP domain 14
on a port 19
enabling
in VTP domain 14
on a port 19
examples 5
overview 4
pruning-eligible list
changing 19
for VTP pruning 4
VLANs 14
PVST+
described 9
IEEE 802.1Q trunking interoperability 10
instances supported 9
Q
QoS
and MQC commands 1
auto-QoS
categorizing traffic 19
configuration and defaults display 28
configuration guidelines 24
described 19
disabling 26
displaying generated commands 26
displaying the initial configuration 28
effects on running configuration 24
egress queue defaults 20
enabling for VoIP 25
example configuration 27
ingress queue defaults 20
list of generated commands 21
basic model 4
classification
class maps, described 7
defined 4
DSCP transparency, described 37
flowchart 6
forwarding treatment 3
in frames and packets 3
IP ACLs, described 5, 7
MAC ACLs, described 5, 7
options for IP traffic 5
options for non-IP traffic 5
policy maps, described 7
trust DSCP, described 5
trusted CoS, described 5
trust IP precedence, described 5
class maps
configuring 44
displaying 69
configuration guidelines
auto-QoS 24
standard QoS 32
configuring
aggregate policers 49
auto-QoS 19
default port CoS value 35
DSCP maps 51
DSCP transparency 37
DSCP trust states bordering another domain 38
egress queue characteristics 62
ingress queue characteristics 57
IP extended ACLs 42
IP standard ACLs 41
MAC ACLs 43
port trust states within the domain 34
trusted boundary 36
default auto configuration 19
default standard configuration 29
displaying statistics 69
DSCP transparency 37
egress queues
allocating buffer space 62
buffer allocation scheme, described 16
configuring shaped weights for SRR 66
configuring shared weights for SRR 67
described 4
displaying the threshold map 65
flowchart 16
mapping DSCP or CoS values 65
scheduling, described 4
setting WTD thresholds 62
WTD, described 17
enabling globally 33
flowcharts
classification 6
egress queueing and scheduling 16
ingress queueing and scheduling 13
policing and marking 10
implicit deny 7
ingress queues
allocating bandwidth 60
allocating buffer space 59
buffer and bandwidth allocation, described 14
configuring shared weights for SRR 60
configuring the priority queue 61
described 4
displaying the threshold map 59
flowchart 13
mapping DSCP or CoS values 58
priority queue, described 14
scheduling, described 4
setting WTD thresholds 58
WTD, described 14
IP phones
automatic classification and queueing 19
detection and trusted settings 19, 36
limiting bandwidth on egress interface 68
mapping tables
CoS-to-DSCP 52
displaying 69
DSCP-to-CoS 55
DSCP-to-DSCP-mutation 56
IP-precedence-to-DSCP 53
policed-DSCP 54
types of 10
marked-down actions 48
marking, described 4, 8
overview 2
packet modification 18
policers
configuring 48, 50
described 8
displaying 69
number of 32
types of 9
policies, attaching to an interface 8
policing
described 4, 8
token bucket algorithm 9
policy maps
characteristics of 46
displaying 70
nonhierarchical on physical ports 46
QoS label, defined 4
queues
configuring egress characteristics 62
configuring ingress characteristics 57
high priority (expedite) 18, 68
location of 11
SRR, described 12
WTD, described 12
rewrites 18
support for 11
trust states
bordering another domain 38
described 5
trusted device 36
within the domain 34
quality of service
See QoS
queries, IGMP 4
query solicitation, IGMP 12
R
RADIUS
attributes
vendor-proprietary 31
vendor-specific 29
configuring
accounting 28
authentication 23
authorization 27
communication, global 21, 29
communication, per-server 20, 21
multiple UDP ports 20
default configuration 20
defining AAA server groups 25
displaying the configuration 32
identifying the server 20
in clusters 13
limiting the services to the user 27
method list, defined 19
operation of 19
overview 18
server load balancing 31
suggested network environments 18
support for 10
tracking services accessed by user 28
range
macro 12
of interfaces 11
rapid convergence 9
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 9
IEEE 802.1Q trunking interoperability 10
instances supported 9
Rapid Spanning Tree Protocol
See RSTP
rcommand command 14
RCP
configuration files
downloading 17
overview 15
preparing the server 16
uploading 18
image files
deleting old image 36
downloading 34
preparing the server 33
uploading 36
readiness check
port-based authentication
configuring 35
described 15, 35
reconfirmation interval, VMPS, changing 27
reconfirming dynamic VLAN membership 27
recovery procedures 1
redirect URL 17, 58
redundancy
EtherChannel 3
STP
backbone 8
path cost 22
port priority 20
redundant links and UplinkFast 13
reloading software 20
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 2
report suppression, IGMP
described 6
disabling 15, 11
resequencing ACL entries 30
resetting a UDLD-shutdown interface 6
responder, IP SLAs
described 4
enabling 6
response time, measuring with IP SLAs 4
restricted VLAN
configuring 48
described 19
using with IEEE 802.1x 19
restricting access
NTP services 8
overview 1
passwords and privilege levels 2
RADIUS 17
TACACS+ 10
retry count, VMPS, changing 28
RFC
1112, IP multicast and IGMP 2
1157, SNMPv1 2
1305, NTP 2
1757, RMON 2
1901, SNMPv2C 2
1902 to 1907, SNMPv2 2
2236, IP multicast and IGMP 2
2273-2275, SNMPv3 2
RMON
default configuration 3
displaying status 6
enabling alarms and events 3
groups supported 2
overview 1
statistics
collecting group Ethernet 5
collecting group history 5
support for 13
root guard
described 8
enabling 15
support for 7
root switch
MSTP 17
STP 14
RSPAN
characteristics 7
configuration guidelines 16
default configuration 9
defined 2
destination ports 6
displaying status 23
interaction with other features 8
monitored ports 5
monitoring ports 6
overview 13, 1
received traffic 4
sessions
creating 17
defined 3
limiting source traffic to specific VLANs 22
specifying monitored ports 17
with ingress traffic enabled 20
source ports 5
transmitted traffic 5
VLAN-based 6
RSTP
active topology 9
BPDU
format 12
processing 12
designated port, defined 9
designated switch, defined 9
interoperability with IEEE 802.1D
described 8
restarting migration process 25
topology changes 13
overview 8
port roles
described 9
synchronized 11
proposal-agreement handshake process 10
rapid convergence
described 9
edge ports and Port Fast 9
point-to-point links 10, 24
root ports 10
root port, defined 9
See also MSTP
running configuration
replacing 19, 20
rolling back 19, 20
running configuration, saving 14
S
SC (standby command switch) 9
scheduled reloads 20
SCP
and SSH 44
configuring 44
SDM
described 1
templates
configuring 3
number of 1
SDM template
configuration guidelines 2
configuring 2
types of 1
Secure Copy Protocol
secure HTTP client
configuring 43
displaying 44
secure HTTP server
configuring 42
displaying 44
secure MAC addresses
deleting 16
maximum number of 9
types of 9
secure ports, configuring 8
secure remote connections 33
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 8
security features 8
See SCP
sequence numbers in log messages 8
server mode, VTP 3
service-provider network, MSTP and RSTP 1
set-request operation 4
setup program
failed command switch replacement 9
replacing failed command switch 8
severity levels, defining in system messages 8
SFPs
monitoring status of 27, 13
security and identification 12
status, displaying 13
shaped round robin
See SRR
Shell functions
See Auto Smartports macros
Shell triggers
See Auto Smartports macros
show access-lists hw-summary command 35
show and more command output, filtering 10
show cdp traffic command 5
show cluster members command 14
show configuration command 24
show forward command 20
show interfaces command 18, 24
show interfaces switchport 4
show lldp traffic command 11
show platform forward command 20
show running-config command
displaying ACLs 34, 35
interface description in 24
shutdown command on interfaces 28
Simple Network Management Protocol
See SNMP
small-frame arrival rate, configuring 5
Smartports macros
applying Cisco-default macros 12
applying global parameter values 13
configuration guidelines 12
default configuration 11
defined 1
displaying 14
tracing 12
SNAP 1
SNMP
accessing MIB variables with 4
agent
described 3
disabling 7
and IP SLAs 2
authentication level 10
community strings
configuring 8
for cluster switches 4
overview 4
configuration examples 17
default configuration 6
engine ID 7
groups 6, 9
host 6
ifIndex values 5
in-band management 6
in clusters 13
informs
and trap keyword 11
described 5
differences from traps 5
disabling 15
enabling 15
limiting access by TFTP servers 16
limiting system log messages to NMS 10
manager functions 4, 3
managing clusters with 14
MIBs
location of 3
supported 1
notifications 5
overview 1, 4
security levels 3
setting CPU threshold notification 15
status, displaying 18
system contact and location 16
trap manager, configuring 13
traps
described 3, 5
differences from informs 5
disabling 15
enabling 11
enabling MAC address notification 21
overview 1, 4
types of 11
users 6, 9
versions supported 2
SNMP and Syslog Over IPv6 5
SNMPv1 2
SNMPv2C 2
SNMPv3 2
snooping, IGMP 1
software images
location in flash 24
recovery procedures 2
scheduling reloads 20
tar file format, described 24
See also downloading and uploading
source addresses
in IPv4 ACLs 27
source-and-destination-IP address based forwarding, EtherChannel 7
source-and-destination MAC address forwarding, EtherChannel 7
source-IP address based forwarding, EtherChannel 7
source-MAC address forwarding, EtherChannel 7
SPAN
configuration guidelines 10
default configuration 9
destination ports 6
displaying status 23
interaction with other features 8
monitored ports 5
monitoring ports 6
overview 13, 1
ports, restrictions 12
received traffic 4
sessions
configuring ingress forwarding 14, 21
creating 10
defined 3
limiting source traffic to specific VLANs 15
removing destination (monitoring) ports 12
specifying monitored ports 10
with ingress traffic enabled 13
source ports 5
transmitted traffic 5
VLAN-based 6
spanning tree and native VLANs 15
Spanning Tree Protocol
See STP
SPAN traffic 4
SRR
configuring
shaped weights on egress queues 66
shared weights on egress queues 67
shared weights on ingress queues 60
described 12
shaped mode 13
shared mode 13
support for 12
SSH
configuring 34
cryptographic software image 33
described 6, 33
encryption methods 34
user authentication methods, supported 34
SSL
configuration guidelines 40
configuring a secure HTTP client 43
configuring a secure HTTP server 41
cryptographic software image 37
described 37
monitoring 44
standby command switch
configuring
considerations 10
defined 2
priority 9
requirements 3
virtual IP address 10
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby links 2
startup configuration
booting
manually 17
specific image 18
clearing 19
startup configuration (continued)
configuration file
automatically downloading 16
specifying the filename 16
default boot configuration 16
static access ports
assigning to VLAN 10
defined 3
static addresses
See addresses
static MAC addressing 9
static routes
configuring for IPv6 11
understanding 5
static VLAN membership 2
statistics
802.1x 66
CDP 4
interface 27
LLDP 10
LLDP-MED 10
NMSP 10
QoS ingress and egress 69
RMON group Ethernet 5
RMON group history 5
SNMP input and output 18
VTP 16
sticky learning 9
storm control
configuring 3
described 1
disabling 5
displaying 18
support for 3
thresholds 1
STP
accelerating root port selection 4
BackboneFast
described 5
disabling 14
enabling 13
BPDU filtering
described 3
disabling 12
enabling 12
BPDU guard
described 2
disabling 12
enabling 11
BPDU message exchange 3
configuration guidelines 12, 10
configuring
forward-delay time 21
hello time 20
maximum aging time 21
path cost 18
port priority 16
root switch 14
secondary root switch 16
spanning-tree mode 13
switch priority 19
transmit hold-count 22
counters, clearing 22
default configuration 11
default optional feature configuration 9
designated port, defined 3
designated switch, defined 3
detecting indirect link failures 5
disabling 14
displaying status 22
EtherChannel guard
described 7
disabling 14
enabling 14
extended system ID
effects on root switch 14
effects on the secondary root switch 16
overview 4
unexpected behavior 14
features supported 6
IEEE 802.1D and bridge ID 4
IEEE 802.1D and multicast addresses 8
IEEE 802.1t and VLAN identifier 4
inferior BPDU 3
instances supported 9
interface state, blocking to forwarding 2
interface states
blocking 5
disabled 7
forwarding 5, 6
learning 6
listening 6
overview 4
interoperability and compatibility among modes 10
limitations with IEEE 802.1Q trunks 10
load sharing
overview 20
using path costs 22
using port priorities 20
loop guard
described 9
enabling 15
modes supported 9
multicast addresses, effect of 8
optional features supported 7
overview 2
path costs 22
Port Fast
described 2
enabling 10
port priorities 21
preventing root switch selection 8
protocols supported 9
redundant connectivity 8
root guard
described 8
enabling 15
root port, defined 3
root switch
configuring 14
effects of extended system ID 4, 14
election 3
unexpected behavior 14
shutdown Port Fast-enabled port 2
status, displaying 22
superior BPDU 3
timers, described 20
UplinkFast
described 3
enabling 13
stratum, NTP 2
success response, VMPS 24
summer time 13
SunNet Manager 4
supported port-based authentication methods 8
Smartports macros
See also Auto Smartports macros
switch 2
switch clustering technology 1
See also clusters, switch
switch console port 6
Switch Database Management
See SDM
Switched Port Analyzer
See SPAN
switched ports 2
switchport backup interface 4, 5
switchport block multicast command 8
switchport block unicast command 8
switchport protected command 7
switch priority
MSTP 21
STP 19
switch software features 1
syslog
See system message logging
system capabilities TLV 2
system clock
configuring
daylight saving time 13
manually 11
summer time 13
time zones 12
displaying the time and date 12
overview 1
See also NTP
system description TLV 2
system message logging
default configuration 3
defining error message severity levels 8
disabling 4
displaying the configuration 13
enabling 4
facility keywords, described 13
level keywords, described 9
limiting messages 10
message format 2
overview 1
sequence numbers, enabling and disabling 8
setting the display destination device 5
synchronizing log messages 6
syslog facility 13
time stamps, enabling and disabling 7
UNIX syslog servers
configuring the daemon 12
configuring the logging facility 12
facilities supported 13
system name
default configuration 15
default setting 15
manual configuration 15
See also DNS
system name TLV 2
system prompt, default setting 14, 15
system resources, optimizing 1
T
TACACS+
accounting, defined 11
authentication, defined 11
authorization, defined 11
configuring
accounting 17
authentication key 13
authorization 16
login authentication 14
default configuration 13
displaying the configuration 17
identifying the server 13
in clusters 13
limiting the services to the user 16
operation of 12
overview 10
support for 10
tracking services accessed by user 17
tar files
creating 6
displaying the contents of 7
extracting 7
image file format 24
TDR 13
Telnet
accessing management interfaces 10
number of connections 6
setting a password 6
templates, SDM 1
temporary self-signed certificate 38
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 6
TFTP
configuration files
downloading 11
preparing the server 10
uploading 12
configuration files in base directory 7
configuring for autoconfiguration 7
image files
deleting 27
downloading 26
preparing the server 25
uploading 28
limiting access by servers 16
TFTP server 5
threshold, traffic level 2
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 32
time ranges in ACLs 32
time stamps in log messages 7
time zones 12
TLVs
defined 1
LLDP 2
LLDP-MED 2
Token Ring VLANs
support for 5
VTP support 4
ToS 11
traceroute, Layer 2
and ARP 15
and CDP 15
broadcast traffic 14
described 14
IP addresses and subnets 15
MAC addresses and VLANs 15
multicast traffic 15
multiple devices on a port 15
unicast traffic 14
usage guidelines 15
traceroute command 17
See also IP traceroute
traffic
blocking flooded 8
fragmented 21
unfragmented 21
traffic policing 11
traffic suppression 1
transmit hold-count
see STP
transparent mode, VTP 3, 12
trap-door mechanism 2
traps
configuring MAC address notification 21
configuring managers 11
defined 3
enabling 21, 11
notification types 11
overview 1, 4
troubleshooting
connectivity problems 13, 14, 16
CPU utilization 23
detecting unidirectional links 1
displaying crash information 22
setting packet forwarding 20
SFP security and identification 12
show forward command 20
with CiscoWorks 4
troubleshooting (continued)
with debug commands 18
with ping 13
with system message logging 1
with traceroute 16
trunk failover
See link-state tracking
trunking encapsulation 8
trunk ports
configuring 17
defined 3
trunks
allowed-VLAN list 18
load sharing
setting STP path costs 22
using STP port priorities 20, 21
native VLAN for untagged traffic 19
parallel 22
pruning-eligible list 19
to non-DTP device 14
trusted boundary for QoS 36
trusted port states
between QoS domains 38
classification options 5
ensuring port security for IP phones 36
support for 11
within a QoS domain 34
trustpoints, CA 38
twisted-pair Ethernet, detecting unidirectional links 1
type of service
See ToS
U
UDLD
configuration guidelines 4
default configuration 4
disabling
globally 5
on fiber-optic interfaces 5
per interface 5
echoing detection mechanism 2
enabling
globally 5
per interface 5
link-detection mechanism 1
neighbor database 2
overview 1
resetting an interface 6
status, displaying 6
support for 6
unauthorized ports with IEEE 802.1x 10
unicast MAC address filtering 5
and adding static addresses 25
and broadcast MAC addresses 25
and CPU packets 25
and multicast addresses 25
and router MAC addresses 25
configuration guidelines 25
described 25
unicast storm 1
unicast storm control command 4
unicast traffic, blocking 8
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 12
facilities supported 13
message logging configuration 12
unrecognized Type-Length-Value (TLV) support 4
upgrading a Catalyst 2950 switch
configuration compatibility issues 1
differences in configuration commands 1
feature behavior incompatibilities 5
incompatible command messages 1
recommendations 1
upgrading software images
See downloading
UplinkFast
described 3
disabling 13
enabling 13
support for 7
uploading
configuration files
preparing 10, 13, 16
reasons for 9
using FTP 14
using RCP 18
using TFTP 12
image files
preparing 25, 29, 33
reasons for 23
using FTP 31
using RCP 36
using TFTP 28
user EXEC mode 2
username-based authentication 6
V
version-dependent transparent mode 4
virtual IP address
cluster standby group 10
command switch 10
virtual switches and PAgP 5
vlan.dat file 4
VLAN 1, disabling on a trunk port 18
VLAN 1 minimization 18
vlan-assignment response, VMPS 24
VLAN configuration
at bootup 7
saving 7
VLAN configuration mode 2, 6
VLAN database
and startup configuration file 7
and VTP 1
VLAN configuration saved in 7
VLANs saved in 4
vlan database command 6
VLAN filtering and SPAN 6
vlan global configuration command 6
VLAN ID, discovering 27
VLAN load balancing on flex links 2
configuration guidelines 8
VLAN management domain 2
VLAN Management Policy Server
See VMPS
VLAN membership
confirming 27
modes 3
VLAN Query Protocol
See VQP
VLANs
adding 8
adding to VLAN database 8
aging dynamic addresses 9
allowed on trunk 18
and spanning-tree instances 2, 6, 12
configuration guidelines, extended-range VLANs 12
configuration guidelines, normal-range VLANs 5
configuration options 6
configuring 1
configuring IDs 1006 to 4094 12
creating in config-vlan mode 8
creating in VLAN configuration mode 9
default configuration 7
deleting 10
described 2, 1
displaying 14
extended-range 1, 11
features 7
illustrated 2
limiting source traffic with RSPAN 22
limiting source traffic with SPAN 15
modifying 8
multicast 16
native, configuring 19
normal-range 1, 4
number supported 7
parameters 4
port membership modes 3
static-access ports 10
STP and IEEE 802.1Q trunks 10
supported 2
Token Ring 5
traffic between 2
VTP modes 3
VLAN Trunking Protocol
See VTP
VLAN trunks 14
VMPS
administering 28
configuration example 29
configuration guidelines 25
default configuration 25
description 23
dynamic port membership
described 24
reconfirming 27
troubleshooting 29
entering server address 26
mapping MAC addresses to VLANs 24
monitoring 28
reconfirmation interval, changing 27
reconfirming membership 27
retry count, changing 28
voice aware 802.1x security
port-based authentication
configuring 36
described 26, 36
voice-over-IP 1
voice VLAN
Cisco 7960 phone, port connections 1
configuration guidelines 3
configuring IP phones for data traffic
override CoS of incoming frame 6
trust CoS priority of incoming frame 6
configuring ports for voice traffic in
802.1p priority tagged frames 5
802.1Q frames 5
connecting to an IP phone 4
default configuration 3
described 1
displaying 7
IP phone data traffic, described 2
IP phone voice traffic, described 2
VQP 8, 23
VTP
adding a client to a domain 14
advertisements 16, 3
and extended-range VLANs 2
and normal-range VLANs 2
client mode, configuring 11
configuration
global configuration mode 7
guidelines 8
privileged EXEC mode 7
requirements 9
saving 7
VLAN configuration mode 7
configuration mode options 7
configuration requirements 9
configuration revision number
guideline 14
resetting 15
configuring
client mode 11
server mode 9
transparent mode 12
consistency checks 4
default configuration 6
described 1
disabling 12
domain names 8
domains 2
modes
client 3, 11
server 3, 9
transitions 3
transparent 3, 12
monitoring 16
passwords 8
pruning
disabling 14
enabling 14
examples 5
overview 4
support for 8
pruning-eligible list, changing 19
server mode, configuring 9
statistics 16
support for 8
Token Ring support 4
transparent mode, configuring 12
using 1
version, guidelines 8
Version 1 4
Version 2
configuration guidelines 8
disabling 13
enabling 13
overview 4
W
web authentication 15
configuring62to64, 65to ??
described 8, 27
fallback for IEEE 802.1x 63
weighted tail drop
See WTD
wired location service
configuring 9
displaying 10
location TLV 3
understanding 3
wizards 2
WTD
described 12
setting thresholds
egress queue-sets 62
ingress queues 58
support for 11, 12
X
Xmodem protocol 2