Index Numerics
802.1AE Tagging 7-2
A
abbreviating commands 2-3
AC (command switch) 8-9
access-class command 33-19
access control entries
See ACEs
access control entry (ACE) 38-3
access-denied response, VMPS 14-24
access groups
Layer 3 33-20
access groups, applying IPv4 ACLs to interfaces 33-20
accessing
clusters, switch 8-13
command switches 8-11
member switches 8-13
switch clusters 8-13
accessing stack members 9-22
access lists
See ACLs
access ports
in switch clusters 8-8
access ports, defined 13-3
accounting
with 802.1x 12-50
with IEEE 802.1x 12-16
with RADIUS 11-35
with TACACS+ 11-12, 11-17
ACEs
and QoS 34-8
defined 33-2
Ethernet 33-2
IP 33-2
ACLs
ACEs 33-2
any keyword 33-11
applying
time ranges to 33-16
to an interface 33-19, 38-7
to IPv6 interfaces 38-7
to QoS 34-8
classifying traffic for QoS 34-47
comments in 33-18
compiling 33-22
defined 33-2, 33-7
examples of 33-22, 34-47
extended IP, configuring for QoS classification 34-49
extended IPv4
creating 33-10
matching criteria 33-7
hardware and software handling 33-21
host keyword 33-12
IP
creating 33-7
fragments and QoS guidelines 34-38
implicit deny 33-9, 33-14, 33-15
implicit masks 33-9
matching criteria 33-7
undefined 33-21
IPv4
applying to interfaces 33-19
creating 33-7
matching criteria 33-7
named 33-14
numbers 33-8
terminal lines, setting on 33-19
unsupported features 33-6
IPv6
applying to interfaces 38-7
configuring 38-3, 38-4
displaying 38-8
interactions with other features 38-4
limitations 38-2, 38-3
matching criteria 38-3
named 38-2
precedence of 38-2
supported 38-2
unsupported features 38-3
MAC extended 33-24, 34-52
matching 33-7, 33-20, 38-3
monitoring 33-27, 38-8
named, IPv4 33-14
named, IPv6 38-2
names 38-4
number per QoS class map 34-38
port 33-2, 38-1
precedence of 33-3
QoS 34-8, 34-47
resequencing entries 33-14
router 33-2, 38-1
standard IP, configuring for QoS classification 34-48, 34-50
standard IPv4
creating 33-9
matching criteria 33-7
support for 1-11
support in hardware 33-21
time ranges 33-16
types supported 33-2
unsupported features, IPv4 33-6
unsupported features, IPv6 38-3
active link 20-4, 20-5, 20-6
active links 20-2
active traffic monitoring, IP SLAs 31-1
address aliasing 23-2
addresses
displaying the MAC address table 5-24
dynamic
accelerated aging 17-9
changing the aging time 5-16
default aging 17-9
defined 5-14
learning 5-15
removing 5-17
IPv6 36-2
MAC, discovering 5-25
multicast, STP address management 17-9
static
adding and removing 5-21
defined 5-14
address resolution 5-25
Address Resolution Protocol
See ARP
advertisements
CDP 26-1
LLDP 27-2
VTP 14-16, 15-3, 15-4
aggregatable global unicast addresses 36-3
aggregated ports
See EtherChannel
aggregate policers 34-62
aggregate policing 1-15
aging, accelerating 17-9
aging time
accelerated
for MSTP 18-24
for STP 17-9, 17-23
MAC address table 5-16
maximum
for MSTP 18-25
for STP 17-23, 17-24
alarms, RMON 29-4
allowed-VLAN list 14-18
ARP
defined 1-6, 5-25
table
address resolution 5-25
managing 5-25
attributes, RADIUS
vendor-proprietary 11-38
vendor-specific 11-36
attribute-value pairs 12-13, 12-16, 12-21, 12-22
authentication
local mode with AAA 11-40
open1x 12-30
RADIUS
key 11-28
login 11-30
TACACS+
defined 11-11
key 11-13
login 11-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 12-8
authentication failed VLAN
See restricted VLAN
authentication manager
CLI commands 12-9
compatibility with older 802.1x CLI commands 12-9 to ??
overview 12-7
authoritative time source, described 5-3
authorization
with RADIUS 11-34
with TACACS+ 11-12, 11-16
authorized ports with IEEE 802.1x 12-10
autoconfiguration 3-3
auto enablement 12-32
automatic advise (auto-advise) in switch stacks 9-11
automatic copy (auto-copy) in switch stacks 9-11
automatic discovery
considerations
beyond a noncandidate device 8-8
brand new switches 8-8
connectivity 8-5
different VLANs 8-7
management VLANs 8-7
non-CDP-capable devices 8-6
noncluster-capable devices 8-6
in switch clusters 8-5
See also CDP
automatic extraction (auto-extract) in switch stacks 9-11
automatic QoS
See QoS
automatic recovery, clusters 8-9
See also HSRP
automatic upgrades (auto-upgrade) in switch stacks 9-11
auto-MDIX
configuring 13-33
described 13-33
autonegotiation
duplex mode 1-4
interface configuration guidelines 13-30
mismatches 40-12
Auto-QoS video devices 1-15
autosensing, port speed 1-4
auxiliary VLAN
See voice VLAN
availability, features 1-8
B
BackboneFast
described 19-8
disabling 19-17
enabling 19-17
support for 1-8
backup interfaces
See Flex Links
backup links 20-2
banners
configuring
login 5-14
message-of-the-day login 5-13
default configuration 5-12
when displayed 5-12
Berkeley r-tools replacement 11-52
binding database
DHCP snooping
See DHCP snooping binding database
bindings
DHCP snooping database 21-6
IP source guard 21-13
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 24-7
booting
boot loader, function of 3-1
boot process 3-1
manually 3-19
specific image 3-19
boot loader
accessing 3-20
described 3-1
environment variables 3-20
prompt 3-20
trap-door mechanism 3-2
Boot Loader Upgrade and Image Verification for the FIPS Mode of Operation 3-23
BPDU
error-disabled state 19-2
filtering 19-3
RSTP format 18-12
BPDU filtering
described 19-3
disabling 19-15
enabling 19-15
support for 1-9
BPDU guard
described 19-2
disabling 19-14
enabling 19-14
support for 1-9
bridge protocol data unit
See BPDU
broadcast storm-control command 24-4
broadcast storms 24-1
C
cables, monitoring for unidirectional links 25-1
candidate switch
automatic discovery 8-5
defined 8-4
requirements 8-4
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility 12-8
CA trustpoint
configuring 11-49
defined 11-47
CDP
and trusted boundary 34-44
automatic discovery in switch clusters 8-5
configuring 26-2
default configuration 26-2
defined with LLDP 27-1
described 26-1
disabling for routing device 26-4
enabling and disabling
on an interface 26-4
on a switch 26-4
monitoring 26-5
overview 26-1
power negotiation extensions 13-5
support for 1-6
switch stack considerations 26-2
transmission timer and holdtime, setting 26-3
updates 26-3
CGMP
as IGMP snooping learning method 23-9
joining multicast group 23-3
CipherSuites 11-48
Cisco 7960 IP Phone 16-1
Cisco Discovery Protocol
See CDP
Cisco intelligent power management 13-5
Cisco IOS File System
See IFS
Cisco IOS IP SLAs 31-1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 12-22
attribute-value pairs for redirect URL 12-21
Cisco Secure ACS configuration guide 12-61
CiscoWorks 2000 1-6, 32-5
CISP 12-32
CIST regional root
See MSTP
CIST root
See MSTP
civic location 27-3
class maps for QoS
configuring 34-53
described 34-8
displaying 34-83
class of service
See CoS
clearing interfaces 13-45
CLI
abbreviating commands 2-3
command modes 2-1
configuration logging 2-4
described 1-5
editing features
enabling and disabling 2-6
keystroke editing 2-7
wrapped lines 2-8
error messages 2-4
filtering command output 2-9
getting help 2-3
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
managing clusters 8-16
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client mode, VTP 15-3
clock
See system clock
clusters, switch
accessing 8-13
automatic discovery 8-5
automatic recovery 8-9
benefits 1-2
compatibility 8-4
described 8-1
LRE profile considerations 8-16
managing
through CLI 8-16
through SNMP 8-17
planning 8-4
planning considerations
automatic discovery 8-5
automatic recovery 8-9
CLI 8-16
host names 8-13
IP addresses 8-13
LRE profiles 8-16
passwords 8-13
RADIUS 8-16
SNMP 8-14, 8-17
switch stacks 8-14
TACACS+ 8-16
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
automatic recovery 8-12
considerations 8-11
defined 8-2
requirements 8-3
virtual IP address 8-11
See also HSRP
CNS 1-6
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-8
management functions 1-6
CoA Request Commands 11-23
Coarse Wave Division Multiplexer
See CWDM SFPs
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-3
no and default 2-4
commands, setting privilege levels 11-8
command switch
accessing 8-11
active (AC) 8-9
configuration conflicts 40-12
defined 8-2
passive (PC) 8-9
password privilege levels 8-17
priority 8-9
recovery
from command-switch failure 8-9, 40-8
from lost member connectivity 40-12
redundant 8-9
replacing
with another switch 40-11
with cluster member 40-9
requirements 8-3
standby (SC) 8-9
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
configuring 8-14, 32-8
for cluster switches 32-4
in clusters 8-14
overview 32-4
SNMP 8-14
compatibility, feature 24-12
compatibility, software
See stacks, switch
config.text 3-18
configurable leave timer, IGMP 23-6
configuration, initial
defaults 1-17
Express Setup 1-2
configuration changes, logging 30-11
configuration conflicts, recovering from lost member connectivity 40-12
configuration examples, network 1-20
configuration files
archiving 42-20
clearing the startup configuration 42-19
creating using a text editor 42-10
default name 3-18
deleting a stored configuration 42-19
described 42-8
downloading
automatically 3-18
preparing 42-10, 42-13, 42-16
reasons for 42-8
using FTP 42-13
using RCP 42-17
using TFTP 42-11
guidelines for creating and using 42-9
guidelines for replacing and rolling back 42-21
invalid combinations when copying 42-5
limiting TFTP server access 32-17
obtaining with DHCP 3-8
password recovery disable considerations 11-5
replacing a running configuration 42-19, 42-20
rolling back a running configuration 42-19, 42-21
specifying the filename 3-18
system contact and location information 32-17
types and location 42-10
uploading
preparing 42-10, 42-13, 42-16
reasons for 42-9
using FTP 42-15
using RCP 42-18
using TFTP 42-12
configuration logger 30-11
configuration logging 2-4
configuration replacement 42-19
configuration rollback 42-19, 42-20
configuration settings, saving 3-15
configure terminal command 13-20
configuring 802.1x user distribution 12-56
configuring port-based authentication violation modes 12-40
configuring small-frame arrival rate 24-5
conflicts, configuration 40-12
connections, secure remote 11-42
connectivity problems 40-14, 40-15, 40-17
consistency checks in VTP Version 2 15-5
console port, connecting to 2-10
control protocol, IP SLAs 31-4
corrupted software, recovery steps with Xmodem 40-2
CoS
in Layer 2 frames 34-2
override priority 16-6
trust priority 16-6
CoS input queue threshold map for QoS 34-15
CoS output queue threshold map for QoS 34-18
CoS-to-DSCP map for QoS 34-65
counters, clearing interface 13-45
CPU utilization, troubleshooting 40-28
crashinfo file 40-23
critical authentication, IEEE 802.1x 12-53
critical VLAN 12-25
critical voice VLAN
configuring 12-53
cross-stack EtherChannel
configuration guidelines 39-13
described 39-3
illustration 39-4
support for 1-8
cross-stack UplinkFast, STP
described 19-5
disabling 19-17
enabling 19-17
fast-convergence events 19-7
Fast Uplink Transition Protocol 19-6
normal-convergence events 19-7
support for 1-8
cryptographic software image
SSH 11-41
SSL 11-46
switch stack considerations 9-15
customjzeable web pages, web-based authentication 6-6
CWDM SFPs 1-25
D
DACL
See downloadable ACL
data address gleaning 36-6
daylight saving time 5-8
debugging
enabling all system diagnostics 40-21
enabling for a specific feature 40-20
redirecting error message output 40-21
using commands 40-19
default commands 2-4
default configuration
802.1x 12-35
auto-QoS 34-20
banners 5-12
CDP 26-2
DHCP 21-8
DHCP option 82 21-8
DHCP snooping 21-8
DHCP snooping binding database 21-8
DNS 5-11
dynamic ARP inspection 22-5
EtherChannel 39-11
Ethernet interfaces 13-27
Flex Links 20-8
IGMP filtering 23-24
IGMP snooping 23-7, 37-6
IGMP throttling 23-24
initial switch information 3-3
IP SLAs 31-5
IP source guard 21-15
IPv6 36-11
Layer 2 interfaces 13-27
LLDP 27-5
MAC address table 5-16
MAC address-table move update 20-8
MSTP 18-14
MVR 23-19
optional spanning-tree configuration 19-12
password and privilege level 11-2
RADIUS 11-27
RMON 29-3
RSPAN 28-10
SDM template 10-4
SNMP 32-7
SPAN 28-10
SSL 11-48
standard QoS 34-35
STP 17-13
switch stacks 9-17
system message logging 30-4
system name and prompt 5-10
TACACS+ 11-13
UDLD 25-4
VLAN, Layer 2 Ethernet interfaces 14-15
VLANs 14-8
VMPS 14-25
voice VLAN 16-3
VTP 15-9
default gateway 3-14
default web-based authentication configuration
802.1X 6-9
deleting VLANs 14-9
denial-of-service attack 24-1
description command 13-41
designing your network, examples 1-20
destination addresses
in IPv4 ACLs 33-11
in IPv6 ACLs 38-5
destination-IP address-based forwarding, EtherChannel 39-9
destination-MAC address forwarding, EtherChannel 39-9
detecting indirect link failures, STP 19-8
device 42-24
device discovery protocol 26-1, 27-1
device manager
benefits 1-2
described 1-2, 1-5
in-band management 1-7
upgrading a switch 42-24
device tracking 36-7
DHCP
enabling
relay agent 21-9
DHCP address gleaning 36-5
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-7
relay device 3-7
server side 3-6
TFTP server 3-7
example 3-9
lease options
for IP address information 3-6
for receiving the configuration file 3-6
overview 3-3
relationship to BOOTP 3-3
relay support 1-6
support for 1-6
DHCP-based autoconfiguration and image update
configuring 3-11 to 3-14
understanding 3-5
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP Guard 36-7, 36-15
DHCP option 82
circuit ID suboption 21-5
configuration guidelines 21-8
default configuration 21-8
displaying 21-12
overview 21-3
packet format, suboption
circuit ID 21-5
remote ID 21-5
remote ID suboption 21-5
DHCP server port-based address allocation
configuration guidelines 21-22
default configuration 21-22
described 21-22
displaying 21-25
enabling 21-23
reserved addresses 21-23
DHCP server port-based address assignment
support for 1-6
DHCP snooping
accepting untrusted packets form edge switch 21-3, 21-10
binding database
See DHCP snooping binding database
configuration guidelines 21-8
default configuration 21-8
displaying binding tables 21-12
message exchange process 21-4
option 82 data insertion 21-3
trusted interface 21-2
untrusted interface 21-2
untrusted messages 21-2
DHCP snooping binding database
adding bindings 21-11
binding entries, displaying 21-12
binding file
format 21-6
location 21-6
bindings 21-6
clearing agent statistics 21-12
configuration guidelines 21-9
configuring 21-11
default configuration 21-8
deleting
binding file 21-12
bindings 21-12
database agent 21-12
described 21-6
displaying 21-12
displaying status and statistics 21-12
enabling 21-11
entry 21-6
renewing database 21-12
resetting
delay value 21-12
timeout value 21-12
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 34-2
Differentiated Services Code Point 34-2
directed unicast requests 1-6
directories
changing 42-4
creating and removing 42-4
displaying the working 42-4
discovery, clusters
See automatic discovery
DNS
and DHCP-based autoconfiguration 3-7
default configuration 5-11
displaying the configuration 5-12
in IPv6 36-3
overview 5-10
setting up 5-11
support for 1-6
domain names
DNS 5-10
VTP 15-10
Domain Name System
See DNS
downloadable ACL 12-20, 12-22, 12-61
downloading
configuration files
preparing 42-10, 42-13, 42-16
reasons for 42-8
using FTP 42-13
using RCP 42-17
using TFTP 42-11
image files
deleting old image 42-28
preparing 42-26, 42-30, 42-34
reasons for 42-24
using CMS 1-2
using FTP 42-31
using HTTP 1-2, 42-24
using RCP 42-35
using TFTP 42-27
using the device manager or Network Assistant 42-24
DRP
support for 1-15
DSCP 1-14, 34-2
DSCP input queue threshold map for QoS 34-15
DSCP output queue threshold map for QoS 34-18
DSCP-to-CoS map for QoS 34-68
DSCP-to-DSCP-mutation map for QoS 34-69
DSCP transparency 34-45
DTP 1-9, 14-14
dual-action detection 39-6
dual IPv4 and IPv6 templates 36-9
dual protocol stacks
IPv4 and IPv6 36-9
SDM templates supporting 36-9
dual-purpose uplinks
defined 13-4
LEDs 13-5
link selection 13-4, 13-28
setting the type 13-28
dynamic access ports
characteristics 14-4
configuring 14-27
defined 13-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 22-1
ARP requests, described 22-1
ARP spoofing attack 22-1
clearing
log buffer 22-16
statistics 22-16
configuration guidelines 22-6
configuring
ACLs for non-DHCP environments 22-9
in DHCP environments 22-7
log buffer 22-14
rate limit for incoming ARP packets 22-4, 22-11
default configuration 22-5
denial-of-service attacks, preventing 22-11
described 22-1
DHCP snooping binding database 22-2
displaying
ARP ACLs 22-15
configuration and operating state 22-15
log buffer 22-16
statistics 22-16
trust state and rate limit 22-15
error-disabled state for exceeding rate limit 22-4
function of 22-2
interface trust states 22-3
log buffer
clearing 22-16
configuring 22-14
displaying 22-16
logging of dropped packets, described 22-5
man-in-the middle attack, described 22-2
network security issues and interface trust states 22-3
priority of ARP ACLs and DHCP snooping entries 22-4
rate limiting of ARP packets
configuring 22-11
described 22-4
error-disabled state 22-4
statistics
clearing 22-16
displaying 22-16
validation checks, performing 22-13
dynamic auto trunking mode 14-14
dynamic desirable trunking mode 14-14
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 14-25
reconfirming 14-28
troubleshooting 14-29
types of connections 14-27
Dynamic Trunking Protocol
See DTP
E
EAC 7-2
editing features
enabling and disabling 2-6
keystrokes used 2-7
wrapped lines 2-8
elections
See stack master
ELIN location 27-3
enable password 11-3
enable secret password 11-3
Enable the FIPS mode 3-23
encryption, CipherSuite 11-48
encryption for passwords 11-3
Endpoint Admission Control (EAC) 7-2
environment variables, function of 3-21
error-disabled state, BPDU 19-2
error messages during command entry 2-4
EtherChannel
automatic creation of 39-5, 39-7
channel groups
binding physical and logical interfaces 39-4
numbering of 39-4
configuration guidelines 39-11
configuring Layer 2 interfaces 39-13
default configuration 39-11
described 39-2
displaying status 39-21
forwarding methods 39-8, 39-15
IEEE 802.3ad, described 39-7
interaction
with STP 39-12
with VLANs 39-12
LACP
described 39-7
displaying status 39-21
hot-standby ports 39-18
interaction with other features 39-8
modes 39-7
port priority 39-19
system priority 39-18
load balancing 39-8, 39-15
PAgP
aggregate-port learners 39-16
compatibility with Catalyst 1900 39-17
described 39-5
displaying status 39-21
interaction with other features 39-7
interaction with virtual switches 39-6
learn method and priority configuration 39-16
modes 39-6
support for 1-4
with dual-action detection 39-6
port-channel interfaces
described 39-4
numbering of 39-4
port groups 13-4
stack changes, effects of 39-10
support for 1-4
EtherChannel guard
described 19-10
disabling 19-18
enabling 19-17
Ethernet management port
active link 13-25
and routing 13-25
and TFTP 13-26
configuring 13-26
default setting 13-25
described 13-24
for network management 13-24
specifying 13-26
supported features 13-25
unsupported features 13-26
Ethernet management port, internal
and routing 13-25
unsupported features 13-26
Ethernet VLANs
adding 14-8
defaults and ranges 14-8
modifying 14-8
EUI 36-3
events, RMON 29-4
examples
network configuration 1-20
expedite queue for QoS 34-82
Express Setup 1-2
See also getting started guide
extended crashinfo file 40-23
extended-range VLANs
configuration guidelines 14-11
configuring 14-11
creating 14-12
defined 14-1
extended system ID
MSTP 18-18
STP 17-4, 17-16
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 12-1
F
fa0 interface 1-7
Fa0 port
See Ethernet management port
failover support 1-8
Fast Convergence 20-3
fastethernet0 port
See Ethernet management port
Fast Uplink Transition Protocol 19-6
features, incompatible 24-12
fiber-optic, detecting unidirectional links 25-1
files
basic crashinfo
description 40-23
location 40-23
copying 42-5
crashinfo, description 40-23
deleting 42-5
displaying the contents of 42-8
extended crashinfo
description 40-25
location 40-25
tar
creating 42-6
displaying the contents of 42-7
extracting 42-7
image file format 42-25
file system
displaying available file systems 42-2
displaying file information 42-3
local file system names 42-1
network file system names 42-5
setting the default 42-3
filtering
IPv6 traffic 38-3, 38-7
non-IP traffic 33-24
show and more command output 2-9
filtering show and more command output 2-9
filters, IP
See ACLs, IP
First Hop Security 36-16
flash device, number of 42-1
flexible authentication ordering
configuring 12-63
overview 12-30
Flex Link Multicast Fast Convergence 20-3
Flex Links
configuration guidelines 20-8
configuring 20-9
configuring preferred VLAN 20-12
configuring VLAN load balancing 20-11
default configuration 20-8
description 20-2
link load balancing 20-3
monitoring 20-15
VLANs 20-3
flooded traffic, blocking 24-8
flow-based packet classification 1-14
flowcharts
QoS classification 34-7
QoS egress queueing and scheduling 34-16
QoS ingress queueing and scheduling 34-14
QoS policing and marking 34-11
flowcontrol
configuring 13-32
described 13-32
forward-delay time
MSTP 18-24
STP 17-23
FTP
configuration files
downloading 42-13
overview 42-12
preparing the server 42-13
uploading 42-15
image files
deleting old image 42-32
downloading 42-31
preparing the server 42-30
uploading 42-32
G
general query 20-5
Generating IGMP Reports 20-4
get-bulk-request operation 32-4
get-next-request operation 32-3, 32-5
get-request operation 32-3, 32-4, 32-5
get-response operation 32-4
Gigabit modules
See SFPs
global configuration mode 2-2
global leave, IGMP 23-13
guest VLAN and 802.1x 12-23
guide mode 1-2
GUIs
See device manager and Network Assistant
H
hello time
MSTP 18-24
STP 17-22
help, for the command line 2-3
HFTM space 40-27
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 30-10
host names, in clusters 8-13
hosts, limit on dynamic ports 14-29
HP OpenView 1-6
HQATM space 40-27
HSRP
automatic cluster recovery 8-12
cluster standby group considerations 8-11
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
see HTTPS
HTTPS 11-46
configuring 11-50
self-signed certificate 11-47
HTTP secure server 11-46
Hulc Forwarding TCAM Manager
See HFTM space
Hulc QoS/ACL TCAM Manager
See HQATM space
I
ICMP
IPv6 36-3
time-exceeded messages 40-17
traceroute and 40-17
unreachable messages and IPv6 38-4
ICMP ping
executing 40-14
overview 40-14
ICMPv6 36-3
IDS appliances
and ingress RSPAN 28-20
and ingress SPAN 28-14
IEEE 802.1D
See STP
IEEE 802.1p 16-1
IEEE 802.1Q
and trunk ports 13-3
configuration limitations 14-15
encapsulation 14-14
native VLAN for untagged traffic 14-20
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3ad, PoE+ 1-16, 13-6
IEEE 802.3af
See PoE
IEEE 802.3x flow control 13-32
ifIndex values, SNMP 32-6
IFS 1-7
IGMP
configurable leave timer
described 23-6
enabling 23-11
flooded multicast traffic
controlling the length of time 23-12
disabling on an interface 23-13
global leave 23-13
query solicitation 23-13
recovering from flood mode 23-13
joining multicast group 23-3
join messages 23-3
leave processing, enabling 23-10, 37-9
leaving multicast group 23-5
queries 23-4
report suppression
described 23-6
disabling 23-15, 37-11
supported versions 23-3
support for 1-4
IGMP filtering
configuring 23-24
default configuration 23-24
described 23-23
monitoring 23-28
support for 1-5
IGMP groups
configuring filtering 23-27
setting the maximum number 23-26
IGMP Immediate Leave
configuration guidelines 23-11
described 23-5
enabling 23-10
IGMP profile
applying 23-26
configuration mode 23-24
configuring 23-25
IGMP snooping
and address aliasing 23-2
and stack changes 23-6
configuring 23-7
default configuration 23-7, 37-6
definition 23-2
enabling and disabling 23-7, 37-7
global configuration 23-7
Immediate Leave 23-5
in the switch stack 23-6
method 23-8
monitoring 23-16, 37-12
querier
configuration guidelines 23-14
configuring 23-14
supported versions 23-3
support for 1-4
VLAN configuration 23-8
IGMP throttling
configuring 23-27
default configuration 23-24
described 23-24
displaying action 23-28
Immediate Leave, IGMP 23-5
enabling 37-9
inaccessible authentication bypass 12-25
support for multiauth ports 12-25
initial configuration
defaults 1-17
Express Setup 1-2
interface
number 13-19
range macros 13-22
interface command 13-19 to ??, 13-19 to 13-20
interface configuration mode 2-2
interfaces
auto-MDIX, configuring 13-33
configuration guidelines
duplex and speed 13-30
configuring
procedure 13-20
counters, clearing 13-45
default configuration 13-27
described 13-41
descriptive name, adding 13-41
displaying information about 13-44
flow control 13-32
management 1-5
monitoring 13-44
naming 13-41
physical, identifying 13-19
range of 13-21
restarting 13-45
shutting down 13-45
speed and duplex, configuring 13-31
status 13-44
supported 13-19
types of 13-1
interfaces range macro command 13-22
interface types 13-19
Internet Protocol version 6
See IPv6
inter-VLAN routing 35-1
Intrusion Detection System
See IDS appliances
inventory management TLV 27-3, 27-7
IP ACLs
for QoS classification 34-8
implicit deny 33-9, 33-14
implicit masks 33-9
named 33-14
undefined 33-21
IP addresses
128-bit 36-2
candidate or member 8-4, 8-13
classes of 35-4
cluster access 8-2
command switch 8-3, 8-11, 8-13
discovering 5-25
for IP routing 35-4
IPv6 36-2
redundant clusters 8-11
standby command switch 8-11, 8-13
See also IP information
ip igmp profile command 23-24
IP information
assigned
manually 3-14
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP phones
and QoS 16-1
automatic classification and queueing 34-19
configuring 16-4
ensuring port security with QoS 34-43
trusted boundary for QoS 34-43
IP Port Security for Static Hosts
on a Layer 2 access port 21-17
IP precedence 34-2
IP-precedence-to-DSCP map for QoS 34-66
IP protocols in ACLs 33-11
IP routing
disabling 35-4
enabling 35-3
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 31-1
IP SLAs
benefits 31-2
configuration guidelines 31-5
Control Protocol 31-4
default configuration 31-5
definition 31-1
measuring network performance 31-3
monitoring 31-6
operation 31-3
responder
described 31-4
enabling 31-6
response time 31-4
SNMP support 31-2
supported metrics 31-2
IP source guard
and 802.1x 21-16
and DHCP snooping 21-13
and port security 21-16
and private VLANs 21-16
and routed ports 21-16
and TCAM entries 21-16
and trunk interfaces 21-16
and VRF 21-16
binding configuration
automatic 21-13
manual 21-13
binding table 21-13
configuration guidelines 21-16
default configuration 21-15
described 21-13
disabling 21-17
displaying
active IP or MAC bindings 21-21
bindings 21-21
configuration 21-21
enabling 21-16, 21-18
filtering
source IP address 21-13
source IP and MAC address 21-13
on provisioned switches 21-16
source IP address filtering 21-13
source IP and MAC address filtering 21-13
static bindings
adding 21-16, 21-18
deleting 21-17
static hosts 21-18
IP traceroute
executing 40-18
overview 40-17
IP unicast routing
assigning IP addresses to Layer 3 interfaces 35-4
configuring static routes 35-5
disabling 35-4
enabling 35-3
inter-VLAN 35-1
IP addressing
classes 35-4
configuring 35-4
steps to configure 35-3
subnet mask 35-4
with SVIs 35-3
IPv4 ACLs
applying to interfaces 33-19
extended, creating 33-10
named 33-14
standard, creating 33-9
IPv4 and IPv6
dual protocol stacks 36-8
IPv6
ACLs
displaying 38-8
limitations 38-2
matching criteria 38-3
port 38-1
precedence 38-2
router 38-1
supported 38-2
addresses 36-2
address formats 36-2
and switch stacks 36-10
applications 36-8
assigning address 36-11
autoconfiguration 36-8
configuring static routes 36-20
default configuration 36-11
defined 36-1
forwarding 36-11
ICMP 36-3
monitoring 36-21
neighbor discovery 36-3
SDM templates 37-1, 38-1
stack master functions 36-10
Stateless Autoconfiguration 36-8
supported features 36-2
IPv6 Snooping 36-13
IPv6 traffic, filtering 38-3
J
join messages, IGMP 23-3
L
LACP
See EtherChannel
Layer 2 frames, classification with CoS 34-2
Layer 2 interfaces, default configuration 13-27
Layer 2 traceroute
and ARP 40-16
and CDP 40-16
broadcast traffic 40-15
described 40-15
IP addresses and subnets 40-16
MAC addresses and VLANs 40-16
multicast traffic 40-16
multiple devices on a port 40-16
unicast traffic 40-15
usage guidelines 40-16
Layer 3 features 1-15
Layer 3 interfaces
assigning IP addresses to 35-4
assigning IPv6 addresses to 36-11
changing from Layer 2 mode 35-4
Layer 3 packets, classification methods 34-2
LDAP 4-2
Leaking IGMP Reports 20-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-2
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 18-8
Link Layer Discovery Protocol
See CDP
link local unicast addresses 36-3
link redundancy
See Flex Links
links, unidirectional 25-1
link-state tracking
configuring 39-23
described 39-21
LLDP
configuring 27-5
characteristics 27-6
default configuration 27-5
enabling 27-6
monitoring and maintaining 27-11
overview 27-1
supported TLVs 27-2
switch stack considerations 27-2
transmission timer and holdtime, setting 27-6
LLDP-MED
configuring
procedures 27-5
TLVs 27-7
monitoring and maintaining 27-11
overview 27-1, 27-2
supported TLVs 27-2
LLDP Media Endpoint Discovery
See LLDP-MED
local SPAN 28-2
location TLV 27-3, 27-7
login authentication
with RADIUS 11-30
with TACACS+ 11-14
login banners 5-12
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-21
loop guard
described 19-11
enabling 19-19
support for 1-9
LRE profiles, considerations in switch clusters 8-16
M
MAB
See MAC authentication bypass
MAB inactivity timer
default setting 12-35
range 12-37
MAC/PHY configuration status TLV 27-2
MAC addresses
aging time 5-16
and VLAN association 5-15
building the address table 5-15
default configuration 5-16
disabling learning on a VLAN 5-24
discovering 5-25
displaying 5-24
displaying in the IP source binding table 21-21
dynamic
learning 5-15
removing 5-17
in ACLs 33-24
static
adding 5-21
allowing 5-23, 5-24
characteristics of 5-21
dropping 5-23
removing 5-22
MAC address learning 1-6
MAC address learning, disabling on a VLAN 5-24
MAC address notification, support for 1-16
MAC address-table move update
configuration guidelines 20-8
configuring 20-13
default configuration 20-8
description 20-6
monitoring 20-15
MAC address-to-VLAN mapping 14-24
MAC authentication bypass 12-37
configuring 12-56
overview 12-17
MAC extended access lists
applying to Layer 2 interfaces 33-25
configuring for QoS 34-52
creating 33-24
defined 33-24
for QoS classification 34-5
MACSec 7-2
magic packet 12-27
manageability features 1-6
management access
in-band
browser session 1-7
CLI session 1-7
device manager 1-7
SNMP 1-7
out-of-band console port connection 1-7
management address TLV 27-2
management options
CLI 2-1
clustering 1-3
CNS 4-1
Network Assistant 1-2
overview 1-5
management VLAN
considerations in switch clusters 8-7
discovery through different management VLANs 8-7
mapping tables for QoS
configuring
CoS-to-DSCP 34-65
DSCP 34-65
DSCP-to-CoS 34-68
DSCP-to-DSCP-mutation 34-69
IP-precedence-to-DSCP 34-66
policed-DSCP 34-67
described 34-11
marking
action with aggregate policers 34-62
described 34-4, 34-9
matching
IPv6 ACLs 38-3
matching, IPv4 ACLs 33-7
maximum aging time
MSTP 18-25
STP 17-23
maximum hop count, MSTP 18-25
maximum number of allowed devices, port-based authentication 12-37
MDA
configuration guidelines 12-13 to 12-14
described 1-11, 12-13
exceptions with authentication process 12-5
membership mode, VLAN port 14-4
member switch
automatic discovery 8-5
defined 8-2
managing 8-16
passwords 8-13
recovering from lost connectivity 40-12
requirements 8-4
See also candidate switch, cluster standby group, and standby command switch
memory consistency check errors
example 40-27
memory consistency check routines 1-5, 40-27
memory consistency integrity 1-5, 40-27
messages, to users through banners 5-12
MIBs
overview 32-1
SNMP interaction with 32-5
mirroring traffic for analysis 28-1
mismatches, autonegotiation 40-12
module number 13-19
monitoring
access groups 33-27
cables for unidirectional links 25-1
CDP 26-5
features 1-16
Flex Links 20-15
IGMP
filters 23-28
snooping 23-16, 37-12
interfaces 13-44
IP SLAs operations 31-6
IPv4 ACL configuration 33-27
IPv6 36-21
IPv6 ACL configuration 38-8
MAC address-table move update 20-15
multicast router interfaces 23-16, 37-12
MVR 23-23
network traffic for analysis with probe 28-2
port
blocking 24-21
protection 24-21
SFP status 13-44, 40-14
speed and duplex mode 13-31
traffic flowing among switches 29-2
traffic suppression 24-21
VLANs 14-13
VMPS 14-29
VTP 15-18
mrouter Port 20-3
mrouter port 20-5
MSTP
boundary ports
configuration guidelines 18-15
described 18-6
BPDU filtering
described 19-3
enabling 19-15
BPDU guard
described 19-2
enabling 19-14
CIST, described 18-3
CIST regional root 18-3
CIST root 18-5
configuration guidelines 18-15, 19-12
configuring
forward-delay time 18-24
hello time 18-24
link type for rapid convergence 18-26
maximum aging time 18-25
maximum hop count 18-25
MST region 18-16
neighbor type 18-26
path cost 18-22
port priority 18-20
root switch 18-18
secondary root switch 18-19
switch priority 18-23
CST
defined 18-3
operations between regions 18-4
default configuration 18-14
default optional feature configuration 19-12
displaying status 18-27
enabling the mode 18-16
EtherChannel guard
described 19-10
enabling 19-17
extended system ID
effects on root switch 18-18
effects on secondary root switch 18-19
unexpected behavior 18-18
IEEE 802.1s
implementation 18-6
port role naming change 18-7
terminology 18-5
instances supported 17-10
interface state, blocking to forwarding 19-2
interoperability and compatibility among modes 17-11
interoperability with IEEE 802.1D
described 18-9
restarting migration process 18-27
IST
defined 18-3
master 18-3
operations within a region 18-3
loop guard
described 19-11
enabling 19-19
mapping VLANs to MST instance 18-16
MST region
CIST 18-3
configuring 18-16
described 18-2
hop-count mechanism 18-5
IST 18-3
supported spanning-tree instances 18-2
optional features supported 1-9
overview 18-2
Port Fast
described 19-2
enabling 19-13
preventing root switch selection 19-10
root guard
described 19-10
enabling 19-18
root switch
configuring 18-18
effects of extended system ID 18-18
unexpected behavior 18-18
shutdown Port Fast-enabled port 19-2
stack changes, effects of 18-8
status, displaying 18-27
multiauth
support for inaccessible authentication bypass 12-25
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 23-5
joining 23-3
leaving 23-5
static joins 23-10, 37-8
multicast router interfaces, monitoring 23-16, 37-12
multicast router ports, adding 23-9, 37-8
multicast storm 24-1
multicast storm-control command 24-4
multicast television application 23-18
multicast VLAN 23-17
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multiple authentication 12-14
multiple authentication mode
configuring 12-43
MVR
and address aliasing 23-20
and IGMPv3 23-20
configuration guidelines 23-20
configuring interfaces 23-21
default configuration 23-19
described 23-17
example application 23-18
modes 23-21
monitoring 23-23
multicast television application 23-18
setting global parameters 23-20
support for 1-5
N
NAC
critical authentication 12-25, 12-53
IEEE 802.1x authentication using a RADIUS server 12-58
IEEE 802.1x validation using RADIUS server 12-58
inaccessible authentication bypass 12-53
Layer 2 IEEE 802.1x validation 1-12, 12-30, 12-58
named IPv4 ACLs 33-14
NameSpace Mapper
See NSM
native VLAN
configuring 14-20
default 14-20
NDAC 7-2
NDP address gleaning 36-5
NEAT
configuring 12-59
overview 12-31
neighbor discovery, IPv6 36-3
Network Admission Control
See NAC
Network Assistant
benefits 1-2
described 1-5
downloading image files 1-2
guide mode 1-2
management options 1-2
managing switch stacks 9-2, 9-15
upgrading a switch 42-24
wizards 1-2
network configuration examples
cost-effective wiring closet 1-21
increasing network performance 1-20
long-distance, high-bandwidth transport 1-25
providing network services 1-20
server aggregation and Linux server cluster 1-23
small to medium-sized network 1-24
network design
performance 1-20
services 1-20
Network Device Admission Control (NDAC) 7-2
Network Edge Access Topology
See NEAT
network management
CDP 26-1
RMON 29-1
SNMP 32-1
network performance, measuring with IP SLAs 31-3
network policy TLV 27-2, 27-7
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
described 34-10
non-IP traffic filtering 33-24
nontrunking mode 14-14
normal-range VLANs 14-5
configuration guidelines 14-6
configuring 14-5
defined 14-1
NSM 4-3
NTP
associations
defined 5-3
overview 5-3
stratum 5-3
support for 1-7
time
services 5-3
synchronizing 5-3
O
OBFL
configuring 40-26
described 40-25
displaying 40-26
offline configuration for switch stacks 9-7
off mode, VTP 15-4
on-board failure logging
See OBFL
online diagnostics
overview 41-1
running tests 41-3
understanding 41-1
open1x
configuring 12-64
open1x authentication
overview 12-30
optimizing system resources 10-1
options, management 1-5
out-of-profile markdown 1-15
P
packet modification, with QoS 34-18
PACL 36-7
PAgP
See EtherChannel
passwords
default configuration 11-2
disabling recovery of 11-5
encrypting 11-3
for security 1-11
in clusters 8-13
overview 11-1
recovery of 40-3
setting
enable 11-3
enable secret 11-3
Telnet 11-6
with usernames 11-7
VTP domain 15-10
path cost
MSTP 18-22
STP 17-20
PC (passive command switch) 8-9
performance, network design 1-20
performance features 1-4
persistent self-signed certificate 11-47
per-user ACLs and Filter-Ids 12-8
per-VLAN spanning-tree plus
See PVST+
physical ports 13-2
PIM-DVMRP, as snooping method 23-8
ping
character output description 40-15
executing 40-14
overview 40-14
PoE
auto mode 13-7
CDP with power consumption, described 13-5
CDP with power negotiation, described 13-5
Cisco intelligent power management 13-5
configuring 13-34
cutoff power
determining 13-8
cutoff-power
support for 13-8
devices supported 13-5
high-power devices operating in low-power mode 13-5
IEEE power classification levels 13-6
monitoring 13-8
monitoring power 13-37
policing power consumption 13-37
policing power usage 13-8
power budgeting 13-35
power consumption 13-9, 13-35
powered-device detection and initial power allocation 13-6
power management modes 13-7
power monitoring 13-8
power negotiation extensions to CDP 13-5
power sensing 13-8
standards supported 13-5
static mode 13-7
total available power 13-10
troubleshooting 40-13
PoE+ 1-16, 13-5, 13-6, 13-34
policed-DSCP map for QoS 34-67
policers
configuring
for each matched traffic class 34-57
for more than one traffic class 34-62
described 34-4
displaying 34-83
number of 34-39
types of 34-10
policing
described 34-4
token-bucket algorithm 34-10
policy maps for QoS
characteristics of 34-57
described 34-8
displaying 34-84
nonhierarchical on physical ports
described 34-10
port ACLs
defined 33-2
types of 33-3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 12-16
authentication server
defined 6-2, 12-3
RADIUS server 12-3
client, defined 6-2, 12-3
configuration guidelines 6-9, 12-36
configuring
802.1x authentication 12-41
guest VLAN 12-50
host mode 12-43
inaccessible authentication bypass 12-53
manual re-authentication of a client 12-45
periodic re-authentication 12-45
quiet period 12-46
RADIUS server 6-13, 12-43
RADIUS server parameters on the switch 6-11, 12-42
restricted VLAN 12-52
switch-to-client frame-retransmission number 12-47, 12-48
switch-to-client retransmission time 12-46
violation modes 12-40
default configuration 6-9, 12-35
described 12-1
device roles 6-2, 12-3
displaying statistics 6-17, 12-65
downloadable ACLs and redirect URLs
configuring 12-61 to 12-63, ?? to 12-63
overview 12-20 to 12-22
EAPOL-start frame 12-5
EAP-request/identity frame 12-5
EAP-response/identity frame 12-5
enabling
802.1X authentication 6-11
encapsulation 12-3
flexible authentication ordering
configuring 12-63
overview 12-30
guest VLAN
configuration guidelines 12-23, 12-24
described 12-23
host mode 12-11
inaccessible authentication bypass
configuring 12-53
described 12-25
guidelines 12-37
initiation and message exchange 12-5
magic packet 12-27
maximum number of allowed devices per port 12-37
method lists 12-41
multiple authentication 12-14
per-user ACLs
configuration tasks 12-20
described 12-19
RADIUS server attributes 12-19
ports
authorization state and dot1x port-control command 12-10
authorized and unauthorized 12-10
voice VLAN 12-27
port security
described 12-27
readiness check
configuring 12-38
described 12-17, 12-38
resetting to default values 12-65
stack changes, effects of 12-11
statistics, displaying 12-65
switch
as proxy 6-2, 12-3
RADIUS client 12-3
switch supplicant
configuring 12-59
overview 12-31
user distribution
guidelines 12-29
overview 12-29
VLAN assignment
AAA authorization 12-41
characteristics 12-18
configuration tasks 12-18
described 12-17
voice aware 802.1x security
configuring 12-39
described 12-31, 12-39
voice VLAN
described 12-27
PVID 12-27
VVID 12-27
wake-on-LAN, described 12-27
with ACLs and RADIUS Filter-Id attribute 12-33
port-based authentication methods, supported 12-7
port blocking 1-4, 24-7
port-channel
See EtherChannel
port description TLV 27-2
Port Fast
described 19-2
enabling 19-13
mode, spanning tree 14-26
support for 1-9
port membership modes, VLAN 14-4
port priority
MSTP 18-20
STP 17-18
ports
access 13-3
blocking 24-7
dual-purpose uplink 13-4
dynamic access 14-4
protected 24-6
secure 24-9
static-access 14-4, 14-10
switch 13-2
trunks 14-4, 14-14
VLAN assignments 14-10
port security
aging 24-17
and QoS trusted boundary 34-43
and stacking 24-19
configuring 24-12
default configuration 24-11
described 24-8
displaying 24-21
on trunk ports 24-14
sticky learning 24-9
violations 24-10
with other features 24-11
port-shutdown response, VMPS 14-24
port VLAN ID TLV 27-2
power inline consumption command 13-12
power management TLV 27-3, 27-7
Power over Ethernet
See PoE
preemption, default configuration 20-8
preemption delay, default configuration 20-8
preferential treatment of traffic
See QoS
preventing unauthorized access 11-1
primary links 20-2
priority
overriding CoS 16-6
trusting CoS 16-6
private VLAN edge ports
See protected ports
privileged EXEC mode 2-2
privilege levels
changing the default for lines 11-9
command switch 8-17
exiting 11-10
logging into 11-10
mapping on member switches 8-17
overview 11-2, 11-8
setting a command with 11-8
protected ports 1-11, 24-6
protocol storm protection 24-19
provisioned switches and IP source guard 21-16
provisioning new members for a switch stack 9-7
proxy reports 20-4
pruning, VTP
disabling
in VTP domain 15-16
on a port 14-19
enabling
in VTP domain 15-16
on a port 14-19
examples 15-7
overview 15-6
pruning-eligible list
changing 14-19
for VTP pruning 15-6
VLANs 15-16
PVST+
described 17-10
IEEE 802.1Q trunking interoperability 17-11
instances supported 17-10
Q
QoS
and MQC commands 34-1
auto-QoS
categorizing traffic 34-20
configuration and defaults display 34-34
configuration guidelines 34-32
described 34-19
disabling 34-34
displaying generated commands 34-34
displaying the initial configuration 34-34
effects on running configuration 34-31
list of generated commands 34-22, 34-26
basic model 34-4
classification
class maps, described 34-8
defined 34-4
DSCP transparency, described 34-45
flowchart 34-7
forwarding treatment 34-3
in frames and packets 34-3
IP ACLs, described 34-8
MAC ACLs, described 34-5, 34-8
options for IP traffic 34-6
options for non-IP traffic 34-5
policy maps, described 34-8
trust DSCP, described 34-5
trusted CoS, described 34-5
trust IP precedence, described 34-5
class maps
configuring 34-53
displaying 34-83
configuration guidelines
auto-QoS 34-32
standard QoS 34-37
configuring
aggregate policers 34-62
auto-QoS 34-19
default port CoS value 34-43
DSCP maps 34-65
DSCP transparency 34-45
DSCP trust states bordering another domain 34-45
egress queue characteristics 34-75
ingress queue characteristics 34-71
IP extended ACLs 34-49
IP standard ACLs 34-47
MAC ACLs 34-52
port trust states within the domain 34-41
trusted boundary 34-43
default auto configuration 34-20
default standard configuration 34-35
displaying statistics 34-83
DSCP transparency 34-45
egress queues
allocating buffer space 34-76
buffer allocation scheme, described 34-17
configuring shaped weights for SRR 34-80
configuring shared weights for SRR 34-81
described 34-4
displaying the threshold map 34-79
flowchart 34-16
mapping DSCP or CoS values 34-78
scheduling, described 34-4
setting WTD thresholds 34-76
WTD, described 34-18
enabling globally 34-40
flowcharts
classification 34-7
egress queueing and scheduling 34-16
ingress queueing and scheduling 34-14
policing and marking 34-11
implicit deny 34-8
ingress queues
allocating bandwidth 34-73
allocating buffer space 34-73
buffer and bandwidth allocation, described 34-15
configuring shared weights for SRR 34-73
configuring the priority queue 34-74
described 34-4
displaying the threshold map 34-72
flowchart 34-14
mapping DSCP or CoS values 34-71
priority queue, described 34-15
scheduling, described 34-4
setting WTD thresholds 34-71
WTD, described 34-15
IP phones
automatic classification and queueing 34-19
detection and trusted settings 34-19, 34-43
limiting bandwidth on egress interface 34-82
mapping tables
CoS-to-DSCP 34-65
displaying 34-83
DSCP-to-CoS 34-68
DSCP-to-DSCP-mutation 34-69
IP-precedence-to-DSCP 34-66
policed-DSCP 34-67
types of 34-11
marked-down actions 34-60
marking, described 34-4, 34-9
overview 34-2
packet modification 34-18
policers
configuring 34-60, 34-63
described 34-9
displaying 34-83
number of 34-39
types of 34-10
policies, attaching to an interface 34-9
policing
described 34-4, 34-9
token bucket algorithm 34-10
policy maps
characteristics of 34-57
displaying 34-84
nonhierarchical on physical ports 34-57
QoS label, defined 34-4
queues
configuring egress characteristics 34-75
configuring ingress characteristics 34-71
high priority (expedite) 34-18, 34-82
location of 34-12
SRR, described 34-13
WTD, described 34-12
rewrites 34-18
support for 1-14
trust states
bordering another domain 34-45
described 34-5
trusted device 34-43
within the domain 34-41
quality of service
See QoS
queries, IGMP 23-4
query solicitation, IGMP 23-13
R
RADIUS
attributes
vendor-proprietary 11-38
vendor-specific 11-36
configuring
accounting 11-35
authentication 11-30
authorization 11-34
communication, global 11-28, 11-36
communication, per-server 11-28
multiple UDP ports 11-28
default configuration 11-27
defining AAA server groups 11-32
displaying the configuration 11-40
identifying the server 11-28
in clusters 8-16
limiting the services to the user 11-34
method list, defined 11-27
operation of 11-20
overview 11-18
server load balancing 11-40
suggested network environments 11-19
support for 1-13
tracking services accessed by user 11-35
RADIUS Change of Authorization 11-20
RA Guard 36-7
range
macro 13-22
of interfaces 13-21
rapid convergence 18-10
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 17-10
IEEE 802.1Q trunking interoperability 17-11
instances supported 17-10
Rapid Spanning Tree Protocol
See RSTP
rcommand command 8-16
RCP
configuration files
downloading 42-17
overview 42-16
preparing the server 42-16
uploading 42-18
image files
deleting old image 42-37
downloading 42-35
preparing the server 42-34
uploading 42-37
readiness check
port-based authentication
configuring 12-38
described 12-17, 12-38
reconfirmation interval, VMPS, changing 14-28
reconfirming dynamic VLAN membership 14-28
recovery procedures 40-1
redirect URL 12-20, 12-21, 12-61
redundancy
EtherChannel 39-3
STP
backbone 17-9
multidrop backbone 19-5
path cost 14-23
port priority 14-21
redundant links and UplinkFast 19-16
reloading software 3-21
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 28-3
report suppression, IGMP
described 23-6
disabling 23-15, 37-11
resequencing ACL entries 33-14
reserved addresses in DHCP pools 21-23
resetting a UDLD-shutdown interface 25-6
responder, IP SLAs
described 31-4
enabling 31-6
response time, measuring with IP SLAs 31-4
restricted VLAN
configuring 12-52
described 12-24
using with IEEE 802.1x 12-24
restricting access
overview 11-1
passwords and privilege levels 11-2
RADIUS 11-18
TACACS+ 11-10
retry count, VMPS, changing 14-28
RFC
1112, IP multicast and IGMP 23-2
1157, SNMPv1 32-2
1166, IP addresses 35-4
1305, NTP 5-3
1757, RMON 29-2
1901, SNMPv2C 32-2
1902 to 1907, SNMPv2 32-2
2236, IP multicast and IGMP 23-2
2273-2275, SNMPv3 32-2
RFC 5176 Compliance 11-21
RMON
default configuration 29-3
displaying status 29-6
enabling alarms and events 29-3
groups supported 29-2
overview 29-2
statistics
collecting group Ethernet 29-6
collecting group history 29-5
support for 1-17
root guard
described 19-10
enabling 19-18
support for 1-9
root switch
MSTP 18-18
STP 17-16
router ACLs
defined 33-2
types of 33-4
RSPAN
and stack changes 28-10
characteristics 28-8
configuration guidelines 28-16
default configuration 28-10
defined 28-3
destination ports 28-7
displaying status 28-23
in a switch stack 28-2
interaction with other features 28-9
monitored ports 28-6
monitoring ports 28-7
overview 1-16, 28-1
received traffic 28-5
sessions
creating 28-17
defined 28-4
limiting source traffic to specific VLANs 28-22
specifying monitored ports 28-17
with ingress traffic enabled 28-20
source ports 28-6
transmitted traffic 28-6
VLAN-based 28-7
RSTP
active topology 18-10
BPDU
format 18-12
processing 18-13
designated port, defined 18-9
designated switch, defined 18-9
interoperability with IEEE 802.1D
described 18-9
restarting migration process 18-27
topology changes 18-13
overview 18-9
port roles
described 18-9
synchronized 18-11
proposal-agreement handshake process 18-10
rapid convergence
cross-stack rapid convergence 18-11
described 18-10
edge ports and Port Fast 18-10
point-to-point links 18-10, 18-26
root ports 18-10
root port, defined 18-9
See also MSTP
running configuration
replacing 42-19, 42-20
rolling back 42-19, 42-21
running configuration, saving 3-15
S
SC (standby command switch) 8-9
scheduled reloads 3-21
SCP
and SSH 11-52
configuring 11-53
SDM
templates
configuring 10-5
number of 10-1
SDM template 38-3
configuration guidelines 10-4
configuring 10-4
types of 10-1
Secure Copy Protocol
secure HTTP client
configuring 11-51
displaying 11-52
secure HTTP server
configuring 11-50
displaying 11-52
secure MAC addresses
and switch stacks 24-19
deleting 24-15
maximum number of 24-10
types of 24-9
secure ports
and switch stacks 24-19
secure ports, configuring 24-9
secure remote connections 11-42
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 24-8
Security Exchange Protocol (SXP) 7-2
security features 1-10
Security Group Access Control List (SGACL) 7-2
Security Group Tag (SGT) 7-2
See SCP
sequence numbers in log messages 30-8
server mode, VTP 15-3
service-provider network, MSTP and RSTP 18-1
set-request operation 32-5
setup program
failed command switch replacement 40-11
replacing failed command switch 40-9
severity levels, defining in system messages 30-9
SFPs
monitoring status of 13-44, 40-14
security and identification 40-13
status, displaying 40-14
SGACL 7-2
SGT 7-2
shaped round robin
See SRR
show access-lists hw-summary command 33-21
show and more command output, filtering 2-9
show cdp traffic command 26-5
show cluster members command 8-16
show configuration command 13-41
show forward command 40-22
show interfaces command 13-31, 13-41
show interfaces switchport 20-4
show lldp traffic command 27-11
show platform forward command 40-22
show platform tcam command 40-27
show running-config command
displaying ACLs 33-19, 33-20
interface description in 13-41
shutdown command on interfaces 13-45
Simple Network Management Protocol
See SNMP
small form-factor pluggable modules
See SFPs
small-frame arrival rate, configuring 24-5
SNAP 26-1
SNMP
accessing MIB variables with 32-5
agent
described 32-4
disabling 32-8
and IP SLAs 31-2
authentication level 32-11
community strings
configuring 32-8
for cluster switches 32-4
overview 32-4
configuration examples 32-18
default configuration 32-7
engine ID 32-7
groups 32-7, 32-10
host 32-7
ifIndex values 32-6
in-band management 1-7
in clusters 8-14
informs
and trap keyword 32-13
described 32-5
differences from traps 32-5
disabling 32-16
enabling 32-16
limiting access by TFTP servers 32-17
limiting system log messages to NMS 30-10
manager functions 1-6, 32-3
managing clusters with 8-17
notifications 32-5
overview 32-1, 32-5
security levels 32-3
setting CPU threshold notification 32-16
status, displaying 32-19
system contact and location 32-17
trap manager, configuring 32-14
traps
described 32-4, 32-5
differences from informs 32-5
disabling 32-16
enabling 32-13
enabling MAC address notification 5-17, 5-19, 5-20
overview 32-1, 32-5
types of 32-13
users 32-7, 32-10
versions supported 32-2
SNMP and Syslog Over IPv6 36-9
SNMPv1 32-2
SNMPv2C 32-3
SNMPv3 32-3
snooping, IGMP 23-2
software compatibility
See stacks, switch
software images
location in flash 42-25
recovery procedures 40-2
scheduling reloads 3-22
tar file format, described 42-25
See also downloading and uploading
source addresses
in IPv4 ACLs 33-11
in IPv6 ACLs 38-5
source-and-destination-IP address based forwarding, EtherChannel 39-9
source-and-destination MAC address forwarding, EtherChannel 39-9
Source Guard 36-7, 36-16
source-IP address based forwarding, EtherChannel 39-9
source-MAC address forwarding, EtherChannel 39-8
SPAN
and stack changes 28-10
configuration guidelines 28-11
default configuration 28-10
destination ports 28-7
displaying status 28-23
interaction with other features 28-9
monitored ports 28-6
monitoring ports 28-7
overview 1-16, 28-1
ports, restrictions 24-12
received traffic 28-5
sessions
configuring ingress forwarding 28-15, 28-21
creating 28-11
defined 28-4
limiting source traffic to specific VLANs 28-15
removing destination (monitoring) ports 28-13
specifying monitored ports 28-11
with ingress traffic enabled 28-14
source ports 28-6
transmitted traffic 28-6
VLAN-based 28-7
spanning tree and native VLANs 14-15
Spanning Tree Protocol
See STP
SPAN traffic 28-5
SRR
configuring
shaped weights on egress queues 34-80
shared weights on egress queues 34-81
shared weights on ingress queues 34-73
described 34-13
shaped mode 34-13
shared mode 34-13
support for 1-15
SSH
configuring 11-43
cryptographic software image 11-41
described 1-7, 11-42
encryption methods 11-42
switch stack considerations 9-15
user authentication methods, supported 11-42
SSL
configuration guidelines 11-49
configuring a secure HTTP client 11-51
configuring a secure HTTP server 11-50
cryptographic software image 11-46
described 11-46
monitoring 11-52
stack, switch
MAC address of 9-6, 9-18
stack changes, effects on
802.1x port-based authentication 12-11
ACL configuration 33-6
CDP 26-2
cross-stack EtherChannel 39-13
EtherChannel 39-10
IGMP snooping 23-6
IP routing 35-2
MAC address tables 5-16
MSTP 18-8
MVR 23-17
port security 24-19
SDM template selection 10-3
SNMP 32-2
SPAN and RSPAN 28-10
STP 17-12
switch clusters 8-14
system message log 30-2
VLANs 14-7
VTP 15-8
stack master
bridge ID (MAC address) 9-6
defined 9-1
election 9-5
IPv6 36-10
See also stacks, switch
stack member
accessing CLI of specific member 9-22
configuring
member number 9-20
priority value 9-20
defined 9-1
displaying information of 9-22
number 9-6
priority value 9-7
provisioning a new member 9-21
replacing 9-14
See also stacks, switch
stack member number 13-19
stack protocol version 9-10
stacks, switch
accessing CLI of specific member 9-22
assigning information
member number 9-20
priority value 9-20
provisioning a new member 9-21
auto-advise 9-11
auto-copy 9-11
auto-extract 9-11
auto-upgrade 9-11
bridge ID 9-6
CDP considerations 26-2
compatibility, software 9-9
configuration file 9-14
configuration scenarios 9-16
copying an image file from one member to another 42-38
default configuration 9-17
description of 9-1
displaying information of 9-22
enabling persistent MAC address timer 9-18
in clusters 8-14
incompatible software and image upgrades 9-13, 42-38
IPv6 on 36-10
MAC address considerations 5-16
management connectivity 9-15
managing 9-1
membership 9-3
merged 9-3
MSTP instances supported 17-10
offline configuration
described 9-7
effects of adding a provisioned switch 9-8
effects of removing a provisioned switch 9-9
effects of replacing a provisioned switch 9-9
provisioned configuration, defined 9-7
provisioned switch, defined 9-7
provisioning a new member 9-21
partitioned 9-3, 40-8
provisioned switch
adding 9-8
removing 9-9
replacing 9-9
replacing a failed member 9-14
software compatibility 9-9
software image version 9-9
stack protocol version 9-10
STP
bridge ID 17-3
root port selection 17-3
stack root switch election 17-3
system messages
hostnames in the display 30-1
remotely monitoring 30-2
system prompt consideration 5-9
system-wide configuration considerations 9-14
upgrading 42-38
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 9-11
examples 9-12
manual upgrades with auto-advise 9-11
upgrades with auto-extract 9-11
version-mismatch mode
described 9-10
See also stack master and stack member
standby command switch
configuring
considerations 8-11
defined 8-2
priority 8-9
requirements 8-3
virtual IP address 8-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby links 20-2
startup configuration
booting
manually 3-19
specific image 3-19
clearing 42-19
configuration file
automatically downloading 3-18
specifying the filename 3-18
static access ports
assigning to VLAN 14-10
defined 13-3, 14-4
static addresses
See addresses
static MAC addressing 1-11
static routes
configuring 35-5
configuring for IPv6 36-20
static VLAN membership 14-2
statistics
802.1X 6-17
802.1x 12-65
CDP 26-5
interface 13-44
LLDP 27-11
LLDP-MED 27-11
NMSP 27-11
QoS ingress and egress 34-83
RMON group Ethernet 29-6
RMON group history 29-5
SNMP input and output 32-19
VTP 15-18
sticky learning 24-9
storm control
configuring 24-3
described 24-1
disabling 24-5
displaying 24-21
support for 1-4
thresholds 24-2
STP
accelerating root port selection 19-4
BackboneFast
described 19-8
disabling 19-17
enabling 19-17
BPDU filtering
described 19-3
disabling 19-15
enabling 19-15
BPDU guard
described 19-2
disabling 19-14
enabling 19-14
BPDU message exchange 17-3
configuration guidelines 17-14, 19-12
configuring
forward-delay time 17-23
hello time 17-22
maximum aging time 17-23
path cost 17-20
port priority 17-18
root switch 17-16
secondary root switch 17-18
spanning-tree mode 17-15
switch priority 17-21
transmit hold-count 17-24
counters, clearing 17-24
cross-stack UplinkFast
described 19-5
enabling 19-17
default configuration 17-13
default optional feature configuration 19-12
designated port, defined 17-4
designated switch, defined 17-4
detecting indirect link failures 19-8
disabling 17-16
displaying status 17-24
EtherChannel guard
described 19-10
disabling 19-18
enabling 19-17
extended system ID
effects on root switch 17-16
effects on the secondary root switch 17-18
overview 17-4
unexpected behavior 17-16
features supported 1-8
IEEE 802.1D and bridge ID 17-4
IEEE 802.1D and multicast addresses 17-9
IEEE 802.1t and VLAN identifier 17-5
inferior BPDU 17-3
instances supported 17-10
interface state, blocking to forwarding 19-2
interface states
blocking 17-6
disabled 17-8
forwarding 17-6, 17-7
learning 17-7
listening 17-7
overview 17-5
interoperability and compatibility among modes 17-11
limitations with IEEE 802.1Q trunks 17-11
load sharing
overview 14-20
using path costs 14-23
using port priorities 14-21
loop guard
described 19-11
enabling 19-19
modes supported 17-10
multicast addresses, effect of 17-9
optional features supported 1-9
overview 17-2
path costs 14-23
Port Fast
described 19-2
enabling 19-13
port priorities 14-22
preventing root switch selection 19-10
protocols supported 17-10
redundant connectivity 17-9
root guard
described 19-10
enabling 19-18
root port, defined 17-3
root port selection on a switch stack 17-3
root switch
configuring 17-16
effects of extended system ID 17-4, 17-16
election 17-3
unexpected behavior 17-16
shutdown Port Fast-enabled port 19-2
stack changes, effects of 17-12
status, displaying 17-24
superior BPDU 17-3
timers, described 17-22
UplinkFast
described 19-4
enabling 19-16
stratum, NTP 5-3
subnet mask 35-4
success response, VMPS 14-25
summer time 5-8
SunNet Manager 1-6
supported port-based authentication methods 12-7
SVIs
and IP unicast routing 35-3
and router ACLs 33-4
connecting VLANs 13-13
defined 13-3
switch 36-2
switch clustering technology 8-1
See also clusters, switch
switch console port 1-7
Switch Database Management
See SDM
Switched Port Analyzer
See SPAN
switched ports 13-2
switchport backup interface 20-4, 20-5
switchport block multicast command 24-8
switchport block unicast command 24-8
switchport protected command 24-7
switch priority
MSTP 18-23
STP 17-21
switch software features 1-1
switch virtual interface
See SVI
SXP 7-2
syslog
See system message logging
system capabilities TLV 27-2
system clock
configuring
daylight saving time 5-8
manually 5-6
summer time 5-8
time zones 5-7
displaying the time and date 5-6
overview 5-2
See also NTP
system description TLV 27-2
system message logging
default configuration 30-4
defining error message severity levels 30-9
disabling 30-4
displaying the configuration 30-14
enabling 30-5
facility keywords, described 30-14
level keywords, described 30-10
limiting messages 30-10
message format 30-2
overview 30-1
sequence numbers, enabling and disabling 30-8
setting the display destination device 30-5
stack changes, effects of 30-2
synchronizing log messages 30-6
syslog facility 1-17
time stamps, enabling and disabling 30-8
UNIX syslog servers
configuring the daemon 30-13
configuring the logging facility 30-13
facilities supported 30-14
system name
default configuration 5-10
default setting 5-10
manual configuration 5-10
See also DNS
system name TLV 27-2
system prompt, default setting 5-9, 5-10
system resources, optimizing 10-1
T
TACACS+
accounting, defined 11-12
authentication, defined 11-11
authorization, defined 11-12
configuring
accounting 11-17
authentication key 11-13
authorization 11-16
login authentication 11-14
default configuration 11-13
displaying the configuration 11-18
identifying the server 11-13
in clusters 8-16
limiting the services to the user 11-16
operation of 11-12
overview 11-10
support for 1-13
tracking services accessed by user 11-17
tar files
creating 42-6
displaying the contents of 42-7
extracting 42-7
image file format 42-25
TCAM
memory consistency check errors
example 40-27
memory consistency check routines 1-5, 40-27
memory consistency integrity 1-5, 40-27
space
HFTM 40-27
HQATM 40-27
unassigned 40-27
TDR 1-17
Telnet
accessing management interfaces 2-10
number of connections 1-7
setting a password 11-6
temporary self-signed certificate 11-47
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 11-6
ternary content addressable memory
See TCAM
TFTP
configuration files
downloading 42-11
preparing the server 42-10
uploading 42-12
configuration files in base directory 3-7
configuring for autoconfiguration 3-7
image files
deleting 42-28
downloading 42-27
preparing the server 42-26
uploading 42-29
limiting access by servers 32-17
TFTP server 1-6
threshold, traffic level 24-2
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 33-16
time ranges in ACLs 33-16
time stamps in log messages 30-8
time zones 5-7
TLVs
defined 27-2
LLDP 27-2
LLDP-MED 27-2
Token Ring VLANs
support for 14-6
VTP support 15-5
ToS 1-14
traceroute, Layer 2
and ARP 40-16
and CDP 40-16
broadcast traffic 40-15
described 40-15
IP addresses and subnets 40-16
MAC addresses and VLANs 40-16
multicast traffic 40-16
multiple devices on a port 40-16
unicast traffic 40-15
usage guidelines 40-16
traceroute command 40-18
See also IP traceroute
traffic
blocking flooded 24-8
fragmented 33-5
fragmented IPv6 38-2
unfragmented 33-5
traffic policing 1-14
traffic suppression 24-2
transmit hold-count
see STP
transparent mode, VTP 15-4
trap-door mechanism 3-2
traps
configuring MAC address notification 5-17, 5-19, 5-20
configuring managers 32-13
defined 32-4
enabling 5-17, 5-19, 5-20, 32-13
notification types 32-13
overview 32-1, 32-5
troubleshooting
connectivity problems 40-14, 40-15, 40-17
CPU utilization 40-28
detecting unidirectional links 25-1
displaying crash information 40-23
setting packet forwarding 40-22
SFP security and identification 40-13
show forward command 40-22
with CiscoWorks 32-5
with debug commands 40-19
with ping 40-14
with system message logging 30-1
with traceroute 40-17
trunk failover
See link-state tracking
trunking encapsulation 1-9
trunk ports
configuring 14-17
defined 13-3, 14-4
trunks
allowed-VLAN list 14-18
load sharing
setting STP path costs 14-23
using STP port priorities 14-21, 14-22
native VLAN for untagged traffic 14-20
parallel 14-23
pruning-eligible list 14-19
to non-DTP device 14-14
trusted boundary for QoS 34-43
trusted port states
between QoS domains 34-45
classification options 34-5
ensuring port security for IP phones 34-43
support for 1-14
within a QoS domain 34-41
trustpoints, CA 11-46
twisted-pair Ethernet, detecting unidirectional links 25-1
type of service
See ToS
U
UDLD
configuration guidelines 25-4
default configuration 25-4
disabling
globally 25-5
on fiber-optic interfaces 25-5
per interface 25-6
echoing detection mechanism 25-3
enabling
globally 25-5
per interface 25-6
link-detection mechanism 25-1
neighbor database 25-2
overview 25-1
resetting an interface 25-6
status, displaying 25-7
support for 1-8
unauthorized ports with IEEE 802.1x 12-10
unicast MAC address filtering 1-6
and adding static addresses 5-22
and broadcast MAC addresses 5-22
and CPU packets 5-22
and multicast addresses 5-22
and router MAC addresses 5-22
configuration guidelines 5-22
described 5-22
unicast storm 24-1
unicast storm control command 24-4
unicast traffic, blocking 24-8
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 30-13
facilities supported 30-14
message logging configuration 30-13
unrecognized Type-Length-Value (TLV) support 15-5
upgrading a Catalyst 2950 switch
configuration compatibility issues 44-1
differences in configuration commands 44-1
feature behavior incompatibilities 44-5
incompatible command messages 44-1
recommendations 44-1
upgrading software images
See downloading
UplinkFast
described 19-4
disabling 19-16
enabling 19-16
support for 1-8
uploading
configuration files
preparing 42-10, 42-13, 42-16
reasons for 42-9
using FTP 42-15
using RCP 42-18
using TFTP 42-12
image files
preparing 42-26, 42-30, 42-34
reasons for 42-24
using FTP 42-32
using RCP 42-37
using TFTP 42-29
USB mini-Type B console port 13-14
USB Type A port 1-8
user EXEC mode 2-2
username-based authentication 11-7
V
version-dependent transparent mode 15-5
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 9-11
manual upgrades with auto-advise 9-11
upgrades with auto-extract 9-11
version-mismatch mode
described 9-10
virtual IP address
cluster standby group 8-11
command switch 8-11
virtual switches and PAgP 39-6
vlan.dat file 14-5
VLAN 1, disabling on a trunk port 14-18
VLAN 1 minimization 14-18
vlan-assignment response, VMPS 14-24
VLAN configuration
at bootup 14-7
saving 14-7
VLAN configuration mode 2-2
VLAN database
and startup configuration file 14-7
and VTP 15-1
VLAN configuration saved in 14-7
VLANs saved in 14-5
VLAN filtering and SPAN 28-7
vlan global configuration command 14-7
VLAN ID, discovering 5-25
VLAN load balancing on flex links 20-3
configuration guidelines 20-8
VLAN management domain 15-2
VLAN Management Policy Server
See VMPS
VLAN membership
confirming 14-28
modes 14-4
VLAN Query Protocol
See VQP
VLANs
adding 14-8
adding to VLAN database 14-8
aging dynamic addresses 17-10
allowed on trunk 14-18
and spanning-tree instances 14-3, 14-7, 14-12
configuration guidelines, extended-range VLANs 14-11
configuration guidelines, normal-range VLANs 14-6
configuring 14-1
configuring IDs 1006 to 4094 14-11
connecting through SVIs 13-13
creating 14-9
default configuration 14-8
deleting 14-9
described 13-2, 14-1
displaying 14-13
extended-range 14-1, 14-11
features 1-9
illustrated 14-2
in the switch stack 14-7
limiting source traffic with RSPAN 28-22
limiting source traffic with SPAN 28-15
modifying 14-8
multicast 23-17
native, configuring 14-20
normal-range 14-1, 14-5
number supported 1-9
parameters 14-5
port membership modes 14-4
static-access ports 14-10
STP and IEEE 802.1Q trunks 17-11
supported 14-3
Token Ring 14-6
traffic between 14-2
VTP modes 15-3
VLAN Trunking Protocol
See VTP
VLAN trunks 14-14
VMPS
administering 14-29
configuration example 14-29
configuration guidelines 14-26
default configuration 14-25
description 14-24
dynamic port membership
described 14-25
reconfirming 14-28
troubleshooting 14-29
entering server address 14-26
mapping MAC addresses to VLANs 14-24
monitoring 14-29
reconfirmation interval, changing 14-28
reconfirming membership 14-28
retry count, changing 14-28
voice aware 802.1x security
port-based authentication
configuring 12-39
described 12-31, 12-39
voice-over-IP 16-1
voice VLAN
Cisco 7960 phone, port connections 16-1
configuration guidelines 16-3
configuring IP phones for data traffic
override CoS of incoming frame 16-6
trust CoS priority of incoming frame 16-6
configuring ports for voice traffic in
802.1p priority tagged frames 16-5
802.1Q frames 16-5
connecting to an IP phone 16-4
default configuration 16-3
described 16-1
displaying 16-7
IP phone data traffic, described 16-2
IP phone voice traffic, described 16-2
VQP 1-9, 14-24
VTP
adding a client to a domain 15-17
advertisements 14-16, 15-4
and extended-range VLANs 14-3, 15-2
and normal-range VLANs 14-3, 15-2
client mode, configuring 15-13
configuration
guidelines 15-9
requirements 15-11
saving 15-9
configuration requirements 15-11
configuration revision number
guideline 15-17
resetting 15-17
consistency checks 15-5
default configuration 15-9
described 15-1
domain names 15-10
domains 15-2
modes
client 15-3
off 15-4
server 15-3
transitions 15-3
transparent 15-4
monitoring 15-18
passwords 15-10
pruning
disabling 15-16
enabling 15-16
examples 15-7
overview 15-6
support for 1-9
pruning-eligible list, changing 14-19
server mode, configuring 15-11, 15-14
statistics 15-18
support for 1-9
Token Ring support 15-5
transparent mode, configuring 15-12
using 15-1
Version
enabling 15-15
version, guidelines 15-10
Version 1 15-5
Version 2
configuration guidelines 15-10
overview 15-5
Version 3
overview 15-5
W
web authentication 12-17
configuring 6-16 to ??
described 1-10
web-based authentication
customizeable web pages 6-6
description 6-1
web-based authentication, interactions with other features 6-7
weighted tail drop
See WTD
wired location service
configuring 27-9
displaying 27-11
location TLV 27-3
understanding 27-4
wizards 1-2
WTD
described 34-12
setting thresholds
egress queue-sets 34-76
ingress queues 34-71
support for 1-15
X
Xmodem protocol 40-2
Index
Numerics
802.1AE Tagging 7-2
A
abbreviating commands 2-3
AC (command switch) 8-9
access-class command 33-19
access control entries
See ACEs
access control entry (ACE) 38-3
access-denied response, VMPS 14-24
access groups
Layer 3 33-20
access groups, applying IPv4 ACLs to interfaces 33-20
accessing
clusters, switch 8-13
command switches 8-11
member switches 8-13
switch clusters 8-13
accessing stack members 9-22
access lists
See ACLs
access ports
in switch clusters 8-8
access ports, defined 13-3
accounting
with 802.1x 12-50
with IEEE 802.1x 12-16
with RADIUS 11-35
with TACACS+ 11-12, 11-17
ACEs
and QoS 34-8
defined 33-2
Ethernet 33-2
IP 33-2
ACLs
ACEs 33-2
any keyword 33-11
applying
time ranges to 33-16
to an interface 33-19, 38-7
to IPv6 interfaces 38-7
to QoS 34-8
classifying traffic for QoS 34-47
comments in 33-18
compiling 33-22
defined 33-2, 33-7
examples of 33-22, 34-47
extended IP, configuring for QoS classification 34-49
extended IPv4
creating 33-10
matching criteria 33-7
hardware and software handling 33-21
host keyword 33-12
IP
creating 33-7
fragments and QoS guidelines 34-38
implicit deny 33-9, 33-14, 33-15
implicit masks 33-9
matching criteria 33-7
undefined 33-21
IPv4
applying to interfaces 33-19
creating 33-7
matching criteria 33-7
named 33-14
numbers 33-8
terminal lines, setting on 33-19
unsupported features 33-6
IPv6
applying to interfaces 38-7
configuring 38-3, 38-4
displaying 38-8
interactions with other features 38-4
limitations 38-2, 38-3
matching criteria 38-3
named 38-2
precedence of 38-2
supported 38-2
unsupported features 38-3
MAC extended 33-24, 34-52
matching 33-7, 33-20, 38-3
monitoring 33-27, 38-8
named, IPv4 33-14
named, IPv6 38-2
names 38-4
number per QoS class map 34-38
port 33-2, 38-1
precedence of 33-3
QoS 34-8, 34-47
resequencing entries 33-14
router 33-2, 38-1
standard IP, configuring for QoS classification 34-48, 34-50
standard IPv4
creating 33-9
matching criteria 33-7
support for 1-11
support in hardware 33-21
time ranges 33-16
types supported 33-2
unsupported features, IPv4 33-6
unsupported features, IPv6 38-3
active link 20-4, 20-5, 20-6
active links 20-2
active traffic monitoring, IP SLAs 31-1
address aliasing 23-2
addresses
displaying the MAC address table 5-24
dynamic
accelerated aging 17-9
changing the aging time 5-16
default aging 17-9
defined 5-14
learning 5-15
removing 5-17
IPv6 36-2
MAC, discovering 5-25
multicast, STP address management 17-9
static
adding and removing 5-21
defined 5-14
address resolution 5-25
Address Resolution Protocol
See ARP
advertisements
CDP 26-1
LLDP 27-2
VTP 14-16, 15-3, 15-4
aggregatable global unicast addresses 36-3
aggregated ports
See EtherChannel
aggregate policers 34-62
aggregate policing 1-15
aging, accelerating 17-9
aging time
accelerated
for MSTP 18-24
for STP 17-9, 17-23
MAC address table 5-16
maximum
for MSTP 18-25
for STP 17-23, 17-24
alarms, RMON 29-4
allowed-VLAN list 14-18
ARP
defined 1-6, 5-25
table
address resolution 5-25
managing 5-25
attributes, RADIUS
vendor-proprietary 11-38
vendor-specific 11-36
attribute-value pairs 12-13, 12-16, 12-21, 12-22
authentication
local mode with AAA 11-40
open1x 12-30
RADIUS
key 11-28
login 11-30
TACACS+
defined 11-11
key 11-13
login 11-14
See also port-based authentication
authentication compatibility with Catalyst 6000 switches 12-8
authentication failed VLAN
See restricted VLAN
authentication manager
CLI commands 12-9
compatibility with older 802.1x CLI commands 12-9 to ??
overview 12-7
authoritative time source, described 5-3
authorization
with RADIUS 11-34
with TACACS+ 11-12, 11-16
authorized ports with IEEE 802.1x 12-10
autoconfiguration 3-3
auto enablement 12-32
automatic advise (auto-advise) in switch stacks 9-11
automatic copy (auto-copy) in switch stacks 9-11
automatic discovery
considerations
beyond a noncandidate device 8-8
brand new switches 8-8
connectivity 8-5
different VLANs 8-7
management VLANs 8-7
non-CDP-capable devices 8-6
noncluster-capable devices 8-6
in switch clusters 8-5
See also CDP
automatic extraction (auto-extract) in switch stacks 9-11
automatic QoS
See QoS
automatic recovery, clusters 8-9
See also HSRP
automatic upgrades (auto-upgrade) in switch stacks 9-11
auto-MDIX
configuring 13-33
described 13-33
autonegotiation
duplex mode 1-4
interface configuration guidelines 13-30
mismatches 40-12
Auto-QoS video devices 1-15
autosensing, port speed 1-4
auxiliary VLAN
See voice VLAN
availability, features 1-8
B
BackboneFast
described 19-8
disabling 19-17
enabling 19-17
support for 1-8
backup interfaces
See Flex Links
backup links 20-2
banners
configuring
login 5-14
message-of-the-day login 5-13
default configuration 5-12
when displayed 5-12
Berkeley r-tools replacement 11-52
binding database
DHCP snooping
See DHCP snooping binding database
bindings
DHCP snooping database 21-6
IP source guard 21-13
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 24-7
booting
boot loader, function of 3-1
boot process 3-1
manually 3-19
specific image 3-19
boot loader
accessing 3-20
described 3-1
environment variables 3-20
prompt 3-20
trap-door mechanism 3-2
Boot Loader Upgrade and Image Verification for the FIPS Mode of Operation 3-23
BPDU
error-disabled state 19-2
filtering 19-3
RSTP format 18-12
BPDU filtering
described 19-3
disabling 19-15
enabling 19-15
support for 1-9
BPDU guard
described 19-2
disabling 19-14
enabling 19-14
support for 1-9
bridge protocol data unit
See BPDU
broadcast storm-control command 24-4
broadcast storms 24-1
C
cables, monitoring for unidirectional links 25-1
candidate switch
automatic discovery 8-5
defined 8-4
requirements 8-4
See also command switch, cluster standby group, and member switch
Catalyst 6000 switches
authentication compatibility 12-8
CA trustpoint
configuring 11-49
defined 11-47
CDP
and trusted boundary 34-44
automatic discovery in switch clusters 8-5
configuring 26-2
default configuration 26-2
defined with LLDP 27-1
described 26-1
disabling for routing device 26-4
enabling and disabling
on an interface 26-4
on a switch 26-4
monitoring 26-5
overview 26-1
power negotiation extensions 13-5
support for 1-6
switch stack considerations 26-2
transmission timer and holdtime, setting 26-3
updates 26-3
CGMP
as IGMP snooping learning method 23-9
joining multicast group 23-3
CipherSuites 11-48
Cisco 7960 IP Phone 16-1
Cisco Discovery Protocol
See CDP
Cisco intelligent power management 13-5
Cisco IOS File System
See IFS
Cisco IOS IP SLAs 31-1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 12-22
attribute-value pairs for redirect URL 12-21
Cisco Secure ACS configuration guide 12-61
CiscoWorks 2000 1-6, 32-5
CISP 12-32
CIST regional root
See MSTP
CIST root
See MSTP
civic location 27-3
class maps for QoS
configuring 34-53
described 34-8
displaying 34-83
class of service
See CoS
clearing interfaces 13-45
CLI
abbreviating commands 2-3
command modes 2-1
configuration logging 2-4
described 1-5
editing features
enabling and disabling 2-6
keystroke editing 2-7
wrapped lines 2-8
error messages 2-4
filtering command output 2-9
getting help 2-3
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
managing clusters 8-16
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client mode, VTP 15-3
clock
See system clock
clusters, switch
accessing 8-13
automatic discovery 8-5
automatic recovery 8-9
benefits 1-2
compatibility 8-4
described 8-1
LRE profile considerations 8-16
managing
through CLI 8-16
through SNMP 8-17
planning 8-4
planning considerations
automatic discovery 8-5
automatic recovery 8-9
CLI 8-16
host names 8-13
IP addresses 8-13
LRE profiles 8-16
passwords 8-13
RADIUS 8-16
SNMP 8-14, 8-17
switch stacks 8-14
TACACS+ 8-16
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
automatic recovery 8-12
considerations 8-11
defined 8-2
requirements 8-3
virtual IP address 8-11
See also HSRP
CNS 1-6
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-8
management functions 1-6
CoA Request Commands 11-23
Coarse Wave Division Multiplexer
See CWDM SFPs
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-3
no and default 2-4
commands, setting privilege levels 11-8
command switch
accessing 8-11
active (AC) 8-9
configuration conflicts 40-12
defined 8-2
passive (PC) 8-9
password privilege levels 8-17
priority 8-9
recovery
from command-switch failure 8-9, 40-8
from lost member connectivity 40-12
redundant 8-9
replacing
with another switch 40-11
with cluster member 40-9
requirements 8-3
standby (SC) 8-9
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
configuring 8-14, 32-8
for cluster switches 32-4
in clusters 8-14
overview 32-4
SNMP 8-14
compatibility, feature 24-12
compatibility, software
See stacks, switch
config.text 3-18
configurable leave timer, IGMP 23-6
configuration, initial
defaults 1-17
Express Setup 1-2
configuration changes, logging 30-11
configuration conflicts, recovering from lost member connectivity 40-12
configuration examples, network 1-20
configuration files
archiving 42-20
clearing the startup configuration 42-19
creating using a text editor 42-10
default name 3-18
deleting a stored configuration 42-19
described 42-8
downloading
automatically 3-18
preparing 42-10, 42-13, 42-16
reasons for 42-8
using FTP 42-13
using RCP 42-17
using TFTP 42-11
guidelines for creating and using 42-9
guidelines for replacing and rolling back 42-21
invalid combinations when copying 42-5
limiting TFTP server access 32-17
obtaining with DHCP 3-8
password recovery disable considerations 11-5
replacing a running configuration 42-19, 42-20
rolling back a running configuration 42-19, 42-21
specifying the filename 3-18
system contact and location information 32-17
types and location 42-10
uploading
preparing 42-10, 42-13, 42-16
reasons for 42-9
using FTP 42-15
using RCP 42-18
using TFTP 42-12
configuration logger 30-11
configuration logging 2-4
configuration replacement 42-19
configuration rollback 42-19, 42-20
configuration settings, saving 3-15
configure terminal command 13-20
configuring 802.1x user distribution 12-56
configuring port-based authentication violation modes 12-40
configuring small-frame arrival rate 24-5
conflicts, configuration 40-12
connections, secure remote 11-42
connectivity problems 40-14, 40-15, 40-17
consistency checks in VTP Version 2 15-5
console port, connecting to 2-10
control protocol, IP SLAs 31-4
corrupted software, recovery steps with Xmodem 40-2
CoS
in Layer 2 frames 34-2
override priority 16-6
trust priority 16-6
CoS input queue threshold map for QoS 34-15
CoS output queue threshold map for QoS 34-18
CoS-to-DSCP map for QoS 34-65
counters, clearing interface 13-45
CPU utilization, troubleshooting 40-28
crashinfo file 40-23
critical authentication, IEEE 802.1x 12-53
critical VLAN 12-25
critical voice VLAN
configuring 12-53
cross-stack EtherChannel
configuration guidelines 39-13
described 39-3
illustration 39-4
support for 1-8
cross-stack UplinkFast, STP
described 19-5
disabling 19-17
enabling 19-17
fast-convergence events 19-7
Fast Uplink Transition Protocol 19-6
normal-convergence events 19-7
support for 1-8
cryptographic software image
SSH 11-41
SSL 11-46
switch stack considerations 9-15
customjzeable web pages, web-based authentication 6-6
CWDM SFPs 1-25
D
DACL
See downloadable ACL
data address gleaning 36-6
daylight saving time 5-8
debugging
enabling all system diagnostics 40-21
enabling for a specific feature 40-20
redirecting error message output 40-21
using commands 40-19
default commands 2-4
default configuration
802.1x 12-35
auto-QoS 34-20
banners 5-12
CDP 26-2
DHCP 21-8
DHCP option 82 21-8
DHCP snooping 21-8
DHCP snooping binding database 21-8
DNS 5-11
dynamic ARP inspection 22-5
EtherChannel 39-11
Ethernet interfaces 13-27
Flex Links 20-8
IGMP filtering 23-24
IGMP snooping 23-7, 37-6
IGMP throttling 23-24
initial switch information 3-3
IP SLAs 31-5
IP source guard 21-15
IPv6 36-11
Layer 2 interfaces 13-27
LLDP 27-5
MAC address table 5-16
MAC address-table move update 20-8
MSTP 18-14
MVR 23-19
optional spanning-tree configuration 19-12
password and privilege level 11-2
RADIUS 11-27
RMON 29-3
RSPAN 28-10
SDM template 10-4
SNMP 32-7
SPAN 28-10
SSL 11-48
standard QoS 34-35
STP 17-13
switch stacks 9-17
system message logging 30-4
system name and prompt 5-10
TACACS+ 11-13
UDLD 25-4
VLAN, Layer 2 Ethernet interfaces 14-15
VLANs 14-8
VMPS 14-25
voice VLAN 16-3
VTP 15-9
default gateway 3-14
default web-based authentication configuration
802.1X 6-9
deleting VLANs 14-9
denial-of-service attack 24-1
description command 13-41
designing your network, examples 1-20
destination addresses
in IPv4 ACLs 33-11
in IPv6 ACLs 38-5
destination-IP address-based forwarding, EtherChannel 39-9
destination-MAC address forwarding, EtherChannel 39-9
detecting indirect link failures, STP 19-8
device 42-24
device discovery protocol 26-1, 27-1
device manager
benefits 1-2
described 1-2, 1-5
in-band management 1-7
upgrading a switch 42-24
device tracking 36-7
DHCP
enabling
relay agent 21-9
DHCP address gleaning 36-5
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-7
relay device 3-7
server side 3-6
TFTP server 3-7
example 3-9
lease options
for IP address information 3-6
for receiving the configuration file 3-6
overview 3-3
relationship to BOOTP 3-3
relay support 1-6
support for 1-6
DHCP-based autoconfiguration and image update
configuring 3-11 to 3-14
understanding 3-5
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP Guard 36-7, 36-15
DHCP option 82
circuit ID suboption 21-5
configuration guidelines 21-8
default configuration 21-8
displaying 21-12
overview 21-3
packet format, suboption
circuit ID 21-5
remote ID 21-5
remote ID suboption 21-5
DHCP server port-based address allocation
configuration guidelines 21-22
default configuration 21-22
described 21-22
displaying 21-25
enabling 21-23
reserved addresses 21-23
DHCP server port-based address assignment
support for 1-6
DHCP snooping
accepting untrusted packets form edge switch 21-3, 21-10
binding database
See DHCP snooping binding database
configuration guidelines 21-8
default configuration 21-8
displaying binding tables 21-12
message exchange process 21-4
option 82 data insertion 21-3
trusted interface 21-2
untrusted interface 21-2
untrusted messages 21-2
DHCP snooping binding database
adding bindings 21-11
binding entries, displaying 21-12
binding file
format 21-6
location 21-6
bindings 21-6
clearing agent statistics 21-12
configuration guidelines 21-9
configuring 21-11
default configuration 21-8
deleting
binding file 21-12
bindings 21-12
database agent 21-12
described 21-6
displaying 21-12
displaying status and statistics 21-12
enabling 21-11
entry 21-6
renewing database 21-12
resetting
delay value 21-12
timeout value 21-12
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 34-2
Differentiated Services Code Point 34-2
directed unicast requests 1-6
directories
changing 42-4
creating and removing 42-4
displaying the working 42-4
discovery, clusters
See automatic discovery
DNS
and DHCP-based autoconfiguration 3-7
default configuration 5-11
displaying the configuration 5-12
in IPv6 36-3
overview 5-10
setting up 5-11
support for 1-6
domain names
DNS 5-10
VTP 15-10
Domain Name System
See DNS
downloadable ACL 12-20, 12-22, 12-61
downloading
configuration files
preparing 42-10, 42-13, 42-16
reasons for 42-8
using FTP 42-13
using RCP 42-17
using TFTP 42-11
image files
deleting old image 42-28
preparing 42-26, 42-30, 42-34
reasons for 42-24
using CMS 1-2
using FTP 42-31
using HTTP 1-2, 42-24
using RCP 42-35
using TFTP 42-27
using the device manager or Network Assistant 42-24
DRP
support for 1-15
DSCP 1-14, 34-2
DSCP input queue threshold map for QoS 34-15
DSCP output queue threshold map for QoS 34-18
DSCP-to-CoS map for QoS 34-68
DSCP-to-DSCP-mutation map for QoS 34-69
DSCP transparency 34-45
DTP 1-9, 14-14
dual-action detection 39-6
dual IPv4 and IPv6 templates 36-9
dual protocol stacks
IPv4 and IPv6 36-9
SDM templates supporting 36-9
dual-purpose uplinks
defined 13-4
LEDs 13-5
link selection 13-4, 13-28
setting the type 13-28
dynamic access ports
characteristics 14-4
configuring 14-27
defined 13-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 22-1
ARP requests, described 22-1
ARP spoofing attack 22-1
clearing
log buffer 22-16
statistics 22-16
configuration guidelines 22-6
configuring
ACLs for non-DHCP environments 22-9
in DHCP environments 22-7
log buffer 22-14
rate limit for incoming ARP packets 22-4, 22-11
default configuration 22-5
denial-of-service attacks, preventing 22-11
described 22-1
DHCP snooping binding database 22-2
displaying
ARP ACLs 22-15
configuration and operating state 22-15
log buffer 22-16
statistics 22-16
trust state and rate limit 22-15
error-disabled state for exceeding rate limit 22-4
function of 22-2
interface trust states 22-3
log buffer
clearing 22-16
configuring 22-14
displaying 22-16
logging of dropped packets, described 22-5
man-in-the middle attack, described 22-2
network security issues and interface trust states 22-3
priority of ARP ACLs and DHCP snooping entries 22-4
rate limiting of ARP packets
configuring 22-11
described 22-4
error-disabled state 22-4
statistics
clearing 22-16
displaying 22-16
validation checks, performing 22-13
dynamic auto trunking mode 14-14
dynamic desirable trunking mode 14-14
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 14-25
reconfirming 14-28
troubleshooting 14-29
types of connections 14-27
Dynamic Trunking Protocol
See DTP
E
EAC 7-2
editing features
enabling and disabling 2-6
keystrokes used 2-7
wrapped lines 2-8
elections
See stack master
ELIN location 27-3
enable password 11-3
enable secret password 11-3
Enable the FIPS mode 3-23
encryption, CipherSuite 11-48
encryption for passwords 11-3
Endpoint Admission Control (EAC) 7-2
environment variables, function of 3-21
error-disabled state, BPDU 19-2
error messages during command entry 2-4
EtherChannel
automatic creation of 39-5, 39-7
channel groups
binding physical and logical interfaces 39-4
numbering of 39-4
configuration guidelines 39-11
configuring Layer 2 interfaces 39-13
default configuration 39-11
described 39-2
displaying status 39-21
forwarding methods 39-8, 39-15
IEEE 802.3ad, described 39-7
interaction
with STP 39-12
with VLANs 39-12
LACP
described 39-7
displaying status 39-21
hot-standby ports 39-18
interaction with other features 39-8
modes 39-7
port priority 39-19
system priority 39-18
load balancing 39-8, 39-15
PAgP
aggregate-port learners 39-16
compatibility with Catalyst 1900 39-17
described 39-5
displaying status 39-21
interaction with other features 39-7
interaction with virtual switches 39-6
learn method and priority configuration 39-16
modes 39-6
support for 1-4
with dual-action detection 39-6
port-channel interfaces
described 39-4
numbering of 39-4
port groups 13-4
stack changes, effects of 39-10
support for 1-4
EtherChannel guard
described 19-10
disabling 19-18
enabling 19-17
Ethernet management port
active link 13-25
and routing 13-25
and TFTP 13-26
configuring 13-26
default setting 13-25
described 13-24
for network management 13-24
specifying 13-26
supported features 13-25
unsupported features 13-26
Ethernet management port, internal
and routing 13-25
unsupported features 13-26
Ethernet VLANs
adding 14-8
defaults and ranges 14-8
modifying 14-8
EUI 36-3
events, RMON 29-4
examples
network configuration 1-20
expedite queue for QoS 34-82
Express Setup 1-2
See also getting started guide
extended crashinfo file 40-23
extended-range VLANs
configuration guidelines 14-11
configuring 14-11
creating 14-12
defined 14-1
extended system ID
MSTP 18-18
STP 17-4, 17-16
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 12-1
F
fa0 interface 1-7
Fa0 port
See Ethernet management port
failover support 1-8
Fast Convergence 20-3
fastethernet0 port
See Ethernet management port
Fast Uplink Transition Protocol 19-6
features, incompatible 24-12
fiber-optic, detecting unidirectional links 25-1
files
basic crashinfo
description 40-23
location 40-23
copying 42-5
crashinfo, description 40-23
deleting 42-5
displaying the contents of 42-8
extended crashinfo
description 40-25
location 40-25
tar
creating 42-6
displaying the contents of 42-7
extracting 42-7
image file format 42-25
file system
displaying available file systems 42-2
displaying file information 42-3
local file system names 42-1
network file system names 42-5
setting the default 42-3
filtering
IPv6 traffic 38-3, 38-7
non-IP traffic 33-24
show and more command output 2-9
filtering show and more command output 2-9
filters, IP
See ACLs, IP
First Hop Security 36-16
flash device, number of 42-1
flexible authentication ordering
configuring 12-63
overview 12-30
Flex Link Multicast Fast Convergence 20-3
Flex Links
configuration guidelines 20-8
configuring 20-9
configuring preferred VLAN 20-12
configuring VLAN load balancing 20-11
default configuration 20-8
description 20-2
link load balancing 20-3
monitoring 20-15
VLANs 20-3
flooded traffic, blocking 24-8
flow-based packet classification 1-14
flowcharts
QoS classification 34-7
QoS egress queueing and scheduling 34-16
QoS ingress queueing and scheduling 34-14
QoS policing and marking 34-11
flowcontrol
configuring 13-32
described 13-32
forward-delay time
MSTP 18-24
STP 17-23
FTP
configuration files
downloading 42-13
overview 42-12
preparing the server 42-13
uploading 42-15
image files
deleting old image 42-32
downloading 42-31
preparing the server 42-30
uploading 42-32
G
general query 20-5
Generating IGMP Reports 20-4
get-bulk-request operation 32-4
get-next-request operation 32-3, 32-5
get-request operation 32-3, 32-4, 32-5
get-response operation 32-4
Gigabit modules
See SFPs
global configuration mode 2-2
global leave, IGMP 23-13
guest VLAN and 802.1x 12-23
guide mode 1-2
GUIs
See device manager and Network Assistant
H
hello time
MSTP 18-24
STP 17-22
help, for the command line 2-3
HFTM space 40-27
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 30-10
host names, in clusters 8-13
hosts, limit on dynamic ports 14-29
HP OpenView 1-6
HQATM space 40-27
HSRP
automatic cluster recovery 8-12
cluster standby group considerations 8-11
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
see HTTPS
HTTPS 11-46
configuring 11-50
self-signed certificate 11-47
HTTP secure server 11-46
Hulc Forwarding TCAM Manager
See HFTM space
Hulc QoS/ACL TCAM Manager
See HQATM space
I
ICMP
IPv6 36-3
time-exceeded messages 40-17
traceroute and 40-17
unreachable messages and IPv6 38-4
ICMP ping
executing 40-14
overview 40-14
ICMPv6 36-3
IDS appliances
and ingress RSPAN 28-20
and ingress SPAN 28-14
IEEE 802.1D
See STP
IEEE 802.1p 16-1
IEEE 802.1Q
and trunk ports 13-3
configuration limitations 14-15
encapsulation 14-14
native VLAN for untagged traffic 14-20
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3ad, PoE+ 1-16, 13-6
IEEE 802.3af
See PoE
IEEE 802.3x flow control 13-32
ifIndex values, SNMP 32-6
IFS 1-7
IGMP
configurable leave timer
described 23-6
enabling 23-11
flooded multicast traffic
controlling the length of time 23-12
disabling on an interface 23-13
global leave 23-13
query solicitation 23-13
recovering from flood mode 23-13
joining multicast group 23-3
join messages 23-3
leave processing, enabling 23-10, 37-9
leaving multicast group 23-5
queries 23-4
report suppression
described 23-6
disabling 23-15, 37-11
supported versions 23-3
support for 1-4
IGMP filtering
configuring 23-24
default configuration 23-24
described 23-23
monitoring 23-28
support for 1-5
IGMP groups
configuring filtering 23-27
setting the maximum number 23-26
IGMP Immediate Leave
configuration guidelines 23-11
described 23-5
enabling 23-10
IGMP profile
applying 23-26
configuration mode 23-24
configuring 23-25
IGMP snooping
and address aliasing 23-2
and stack changes 23-6
configuring 23-7
default configuration 23-7, 37-6
definition 23-2
enabling and disabling 23-7, 37-7
global configuration 23-7
Immediate Leave 23-5
in the switch stack 23-6
method 23-8
monitoring 23-16, 37-12
querier
configuration guidelines 23-14
configuring 23-14
supported versions 23-3
support for 1-4
VLAN configuration 23-8
IGMP throttling
configuring 23-27
default configuration 23-24
described 23-24
displaying action 23-28
Immediate Leave, IGMP 23-5
enabling 37-9
inaccessible authentication bypass 12-25
support for multiauth ports 12-25
initial configuration
defaults 1-17
Express Setup 1-2
interface
number 13-19
range macros 13-22
interface command 13-19 to ??, 13-19 to 13-20
interface configuration mode 2-2
interfaces
auto-MDIX, configuring 13-33
configuration guidelines
duplex and speed 13-30
configuring
procedure 13-20
counters, clearing 13-45
default configuration 13-27
described 13-41
descriptive name, adding 13-41
displaying information about 13-44
flow control 13-32
management 1-5
monitoring 13-44
naming 13-41
physical, identifying 13-19
range of 13-21
restarting 13-45
shutting down 13-45
speed and duplex, configuring 13-31
status 13-44
supported 13-19
types of 13-1
interfaces range macro command 13-22
interface types 13-19
Internet Protocol version 6
See IPv6
inter-VLAN routing 35-1
Intrusion Detection System
See IDS appliances
inventory management TLV 27-3, 27-7
IP ACLs
for QoS classification 34-8
implicit deny 33-9, 33-14
implicit masks 33-9
named 33-14
undefined 33-21
IP addresses
128-bit 36-2
candidate or member 8-4, 8-13
classes of 35-4
cluster access 8-2
command switch 8-3, 8-11, 8-13
discovering 5-25
for IP routing 35-4
IPv6 36-2
redundant clusters 8-11
standby command switch 8-11, 8-13
See also IP information
ip igmp profile command 23-24
IP information
assigned
manually 3-14
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP phones
and QoS 16-1
automatic classification and queueing 34-19
configuring 16-4
ensuring port security with QoS 34-43
trusted boundary for QoS 34-43
IP Port Security for Static Hosts
on a Layer 2 access port 21-17
IP precedence 34-2
IP-precedence-to-DSCP map for QoS 34-66
IP protocols in ACLs 33-11
IP routing
disabling 35-4
enabling 35-3
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 31-1
IP SLAs
benefits 31-2
configuration guidelines 31-5
Control Protocol 31-4
default configuration 31-5
definition 31-1
measuring network performance 31-3
monitoring 31-6
operation 31-3
responder
described 31-4
enabling 31-6
response time 31-4
SNMP support 31-2
supported metrics 31-2
IP source guard
and 802.1x 21-16
and DHCP snooping 21-13
and port security 21-16
and private VLANs 21-16
and routed ports 21-16
and TCAM entries 21-16
and trunk interfaces 21-16
and VRF 21-16
binding configuration
automatic 21-13
manual 21-13
binding table 21-13
configuration guidelines 21-16
default configuration 21-15
described 21-13
disabling 21-17
displaying
active IP or MAC bindings 21-21
bindings 21-21
configuration 21-21
enabling 21-16, 21-18
filtering
source IP address 21-13
source IP and MAC address 21-13
on provisioned switches 21-16
source IP address filtering 21-13
source IP and MAC address filtering 21-13
static bindings
adding 21-16, 21-18
deleting 21-17
static hosts 21-18
IP traceroute
executing 40-18
overview 40-17
IP unicast routing
assigning IP addresses to Layer 3 interfaces 35-4
configuring static routes 35-5
disabling 35-4
enabling 35-3
inter-VLAN 35-1
IP addressing
classes 35-4
configuring 35-4
steps to configure 35-3
subnet mask 35-4
with SVIs 35-3
IPv4 ACLs
applying to interfaces 33-19
extended, creating 33-10
named 33-14
standard, creating 33-9
IPv4 and IPv6
dual protocol stacks 36-8
IPv6
ACLs
displaying 38-8
limitations 38-2
matching criteria 38-3
port 38-1
precedence 38-2
router 38-1
supported 38-2
addresses 36-2
address formats 36-2
and switch stacks 36-10
applications 36-8
assigning address 36-11
autoconfiguration 36-8
configuring static routes 36-20
default configuration 36-11
defined 36-1
forwarding 36-11
ICMP 36-3
monitoring 36-21
neighbor discovery 36-3
SDM templates 37-1, 38-1
stack master functions 36-10
Stateless Autoconfiguration 36-8
supported features 36-2
IPv6 Snooping 36-13
IPv6 traffic, filtering 38-3
J
join messages, IGMP 23-3
L
LACP
See EtherChannel
Layer 2 frames, classification with CoS 34-2
Layer 2 interfaces, default configuration 13-27
Layer 2 traceroute
and ARP 40-16
and CDP 40-16
broadcast traffic 40-15
described 40-15
IP addresses and subnets 40-16
MAC addresses and VLANs 40-16
multicast traffic 40-16
multiple devices on a port 40-16
unicast traffic 40-15
usage guidelines 40-16
Layer 3 features 1-15
Layer 3 interfaces
assigning IP addresses to 35-4
assigning IPv6 addresses to 36-11
changing from Layer 2 mode 35-4
Layer 3 packets, classification methods 34-2
LDAP 4-2
Leaking IGMP Reports 20-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-2
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 18-8
Link Layer Discovery Protocol
See CDP
link local unicast addresses 36-3
link redundancy
See Flex Links
links, unidirectional 25-1
link-state tracking
configuring 39-23
described 39-21
LLDP
configuring 27-5
characteristics 27-6
default configuration 27-5
enabling 27-6
monitoring and maintaining 27-11
overview 27-1
supported TLVs 27-2
switch stack considerations 27-2
transmission timer and holdtime, setting 27-6
LLDP-MED
configuring
procedures 27-5
TLVs 27-7
monitoring and maintaining 27-11
overview 27-1, 27-2
supported TLVs 27-2
LLDP Media Endpoint Discovery
See LLDP-MED
local SPAN 28-2
location TLV 27-3, 27-7
login authentication
with RADIUS 11-30
with TACACS+ 11-14
login banners 5-12
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-21
loop guard
described 19-11
enabling 19-19
support for 1-9
LRE profiles, considerations in switch clusters 8-16
M
MAB
See MAC authentication bypass
MAB inactivity timer
default setting 12-35
range 12-37
MAC/PHY configuration status TLV 27-2
MAC addresses
aging time 5-16
and VLAN association 5-15
building the address table 5-15
default configuration 5-16
disabling learning on a VLAN 5-24
discovering 5-25
displaying 5-24
displaying in the IP source binding table 21-21
dynamic
learning 5-15
removing 5-17
in ACLs 33-24
static
adding 5-21
allowing 5-23, 5-24
characteristics of 5-21
dropping 5-23
removing 5-22
MAC address learning 1-6
MAC address learning, disabling on a VLAN 5-24
MAC address notification, support for 1-16
MAC address-table move update
configuration guidelines 20-8
configuring 20-13
default configuration 20-8
description 20-6
monitoring 20-15
MAC address-to-VLAN mapping 14-24
MAC authentication bypass 12-37
configuring 12-56
overview 12-17
MAC extended access lists
applying to Layer 2 interfaces 33-25
configuring for QoS 34-52
creating 33-24
defined 33-24
for QoS classification 34-5
MACSec 7-2
magic packet 12-27
manageability features 1-6
management access
in-band
browser session 1-7
CLI session 1-7
device manager 1-7
SNMP 1-7
out-of-band console port connection 1-7
management address TLV 27-2
management options
CLI 2-1
clustering 1-3
CNS 4-1
Network Assistant 1-2
overview 1-5
management VLAN
considerations in switch clusters 8-7
discovery through different management VLANs 8-7
mapping tables for QoS
configuring
CoS-to-DSCP 34-65
DSCP 34-65
DSCP-to-CoS 34-68
DSCP-to-DSCP-mutation 34-69
IP-precedence-to-DSCP 34-66
policed-DSCP 34-67
described 34-11
marking
action with aggregate policers 34-62
described 34-4, 34-9
matching
IPv6 ACLs 38-3
matching, IPv4 ACLs 33-7
maximum aging time
MSTP 18-25
STP 17-23
maximum hop count, MSTP 18-25
maximum number of allowed devices, port-based authentication 12-37
MDA
configuration guidelines 12-13 to 12-14
described 1-11, 12-13
exceptions with authentication process 12-5
membership mode, VLAN port 14-4
member switch
automatic discovery 8-5
defined 8-2
managing 8-16
passwords 8-13
recovering from lost connectivity 40-12
requirements 8-4
See also candidate switch, cluster standby group, and standby command switch
memory consistency check errors
example 40-27
memory consistency check routines 1-5, 40-27
memory consistency integrity 1-5, 40-27
messages, to users through banners 5-12
MIBs
overview 32-1
SNMP interaction with 32-5
mirroring traffic for analysis 28-1
mismatches, autonegotiation 40-12
module number 13-19
monitoring
access groups 33-27
cables for unidirectional links 25-1
CDP 26-5
features 1-16
Flex Links 20-15
IGMP
filters 23-28
snooping 23-16, 37-12
interfaces 13-44
IP SLAs operations 31-6
IPv4 ACL configuration 33-27
IPv6 36-21
IPv6 ACL configuration 38-8
MAC address-table move update 20-15
multicast router interfaces 23-16, 37-12
MVR 23-23
network traffic for analysis with probe 28-2
port
blocking 24-21
protection 24-21
SFP status 13-44, 40-14
speed and duplex mode 13-31
traffic flowing among switches 29-2
traffic suppression 24-21
VLANs 14-13
VMPS 14-29
VTP 15-18
mrouter Port 20-3
mrouter port 20-5
MSTP
boundary ports
configuration guidelines 18-15
described 18-6
BPDU filtering
described 19-3
enabling 19-15
BPDU guard
described 19-2
enabling 19-14
CIST, described 18-3
CIST regional root 18-3
CIST root 18-5
configuration guidelines 18-15, 19-12
configuring
forward-delay time 18-24
hello time 18-24
link type for rapid convergence 18-26
maximum aging time 18-25
maximum hop count 18-25
MST region 18-16
neighbor type 18-26
path cost 18-22
port priority 18-20
root switch 18-18
secondary root switch 18-19
switch priority 18-23
CST
defined 18-3
operations between regions 18-4
default configuration 18-14
default optional feature configuration 19-12
displaying status 18-27
enabling the mode 18-16
EtherChannel guard
described 19-10
enabling 19-17
extended system ID
effects on root switch 18-18
effects on secondary root switch 18-19
unexpected behavior 18-18
IEEE 802.1s
implementation 18-6
port role naming change 18-7
terminology 18-5
instances supported 17-10
interface state, blocking to forwarding 19-2
interoperability and compatibility among modes 17-11
interoperability with IEEE 802.1D
described 18-9
restarting migration process 18-27
IST
defined 18-3
master 18-3
operations within a region 18-3
loop guard
described 19-11
enabling 19-19
mapping VLANs to MST instance 18-16
MST region
CIST 18-3
configuring 18-16
described 18-2
hop-count mechanism 18-5
IST 18-3
supported spanning-tree instances 18-2
optional features supported 1-9
overview 18-2
Port Fast
described 19-2
enabling 19-13
preventing root switch selection 19-10
root guard
described 19-10
enabling 19-18
root switch
configuring 18-18
effects of extended system ID 18-18
unexpected behavior 18-18
shutdown Port Fast-enabled port 19-2
stack changes, effects of 18-8
status, displaying 18-27
multiauth
support for inaccessible authentication bypass 12-25
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 23-5
joining 23-3
leaving 23-5
static joins 23-10, 37-8
multicast router interfaces, monitoring 23-16, 37-12
multicast router ports, adding 23-9, 37-8
multicast storm 24-1
multicast storm-control command 24-4
multicast television application 23-18
multicast VLAN 23-17
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multiple authentication 12-14
multiple authentication mode
configuring 12-43
MVR
and address aliasing 23-20
and IGMPv3 23-20
configuration guidelines 23-20
configuring interfaces 23-21
default configuration 23-19
described 23-17
example application 23-18
modes 23-21
monitoring 23-23
multicast television application 23-18
setting global parameters 23-20
support for 1-5
N
NAC
critical authentication 12-25, 12-53
IEEE 802.1x authentication using a RADIUS server 12-58
IEEE 802.1x validation using RADIUS server 12-58
inaccessible authentication bypass 12-53
Layer 2 IEEE 802.1x validation 1-12, 12-30, 12-58
named IPv4 ACLs 33-14
NameSpace Mapper
See NSM
native VLAN
configuring 14-20
default 14-20
NDAC 7-2
NDP address gleaning 36-5
NEAT
configuring 12-59
overview 12-31
neighbor discovery, IPv6 36-3
Network Admission Control
See NAC
Network Assistant
benefits 1-2
described 1-5
downloading image files 1-2
guide mode 1-2
management options 1-2
managing switch stacks 9-2, 9-15
upgrading a switch 42-24
wizards 1-2
network configuration examples
cost-effective wiring closet 1-21
increasing network performance 1-20
long-distance, high-bandwidth transport 1-25
providing network services 1-20
server aggregation and Linux server cluster 1-23
small to medium-sized network 1-24
network design
performance 1-20
services 1-20
Network Device Admission Control (NDAC) 7-2
Network Edge Access Topology
See NEAT
network management
CDP 26-1
RMON 29-1
SNMP 32-1
network performance, measuring with IP SLAs 31-3
network policy TLV 27-2, 27-7
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
described 34-10
non-IP traffic filtering 33-24
nontrunking mode 14-14
normal-range VLANs 14-5
configuration guidelines 14-6
configuring 14-5
defined 14-1
NSM 4-3
NTP
associations
defined 5-3
overview 5-3
stratum 5-3
support for 1-7
time
services 5-3
synchronizing 5-3
O
OBFL
configuring 40-26
described 40-25
displaying 40-26
offline configuration for switch stacks 9-7
off mode, VTP 15-4
on-board failure logging
See OBFL
online diagnostics
overview 41-1
running tests 41-3
understanding 41-1
open1x
configuring 12-64
open1x authentication
overview 12-30
optimizing system resources 10-1
options, management 1-5
out-of-profile markdown 1-15
P
packet modification, with QoS 34-18
PACL 36-7
PAgP
See EtherChannel
passwords
default configuration 11-2
disabling recovery of 11-5
encrypting 11-3
for security 1-11
in clusters 8-13
overview 11-1
recovery of 40-3
setting
enable 11-3
enable secret 11-3
Telnet 11-6
with usernames 11-7
VTP domain 15-10
path cost
MSTP 18-22
STP 17-20
PC (passive command switch) 8-9
performance, network design 1-20
performance features 1-4
persistent self-signed certificate 11-47
per-user ACLs and Filter-Ids 12-8
per-VLAN spanning-tree plus
See PVST+
physical ports 13-2
PIM-DVMRP, as snooping method 23-8
ping
character output description 40-15
executing 40-14
overview 40-14
PoE
auto mode 13-7
CDP with power consumption, described 13-5
CDP with power negotiation, described 13-5
Cisco intelligent power management 13-5
configuring 13-34
cutoff power
determining 13-8
cutoff-power
support for 13-8
devices supported 13-5
high-power devices operating in low-power mode 13-5
IEEE power classification levels 13-6
monitoring 13-8
monitoring power 13-37
policing power consumption 13-37
policing power usage 13-8
power budgeting 13-35
power consumption 13-9, 13-35
powered-device detection and initial power allocation 13-6
power management modes 13-7
power monitoring 13-8
power negotiation extensions to CDP 13-5
power sensing 13-8
standards supported 13-5
static mode 13-7
total available power 13-10
troubleshooting 40-13
PoE+ 1-16, 13-5, 13-6, 13-34
policed-DSCP map for QoS 34-67
policers
configuring
for each matched traffic class 34-57
for more than one traffic class 34-62
described 34-4
displaying 34-83
number of 34-39
types of 34-10
policing
described 34-4
token-bucket algorithm 34-10
policy maps for QoS
characteristics of 34-57
described 34-8
displaying 34-84
nonhierarchical on physical ports
described 34-10
port ACLs
defined 33-2
types of 33-3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 12-16
authentication server
defined 6-2, 12-3
RADIUS server 12-3
client, defined 6-2, 12-3
configuration guidelines 6-9, 12-36
configuring
802.1x authentication 12-41
guest VLAN 12-50
host mode 12-43
inaccessible authentication bypass 12-53
manual re-authentication of a client 12-45
periodic re-authentication 12-45
quiet period 12-46
RADIUS server 6-13, 12-43
RADIUS server parameters on the switch 6-11, 12-42
restricted VLAN 12-52
switch-to-client frame-retransmission number 12-47, 12-48
switch-to-client retransmission time 12-46
violation modes 12-40
default configuration 6-9, 12-35
described 12-1
device roles 6-2, 12-3
displaying statistics 6-17, 12-65
downloadable ACLs and redirect URLs
configuring 12-61 to 12-63, ?? to 12-63
overview 12-20 to 12-22
EAPOL-start frame 12-5
EAP-request/identity frame 12-5
EAP-response/identity frame 12-5
enabling
802.1X authentication 6-11
encapsulation 12-3
flexible authentication ordering
configuring 12-63
overview 12-30
guest VLAN
configuration guidelines 12-23, 12-24
described 12-23
host mode 12-11
inaccessible authentication bypass
configuring 12-53
described 12-25
guidelines 12-37
initiation and message exchange 12-5
magic packet 12-27
maximum number of allowed devices per port 12-37
method lists 12-41
multiple authentication 12-14
per-user ACLs
configuration tasks 12-20
described 12-19
RADIUS server attributes 12-19
ports
authorization state and dot1x port-control command 12-10
authorized and unauthorized 12-10
voice VLAN 12-27
port security
described 12-27
readiness check
configuring 12-38
described 12-17, 12-38
resetting to default values 12-65
stack changes, effects of 12-11
statistics, displaying 12-65
switch
as proxy 6-2, 12-3
RADIUS client 12-3
switch supplicant
configuring 12-59
overview 12-31
user distribution
guidelines 12-29
overview 12-29
VLAN assignment
AAA authorization 12-41
characteristics 12-18
configuration tasks 12-18
described 12-17
voice aware 802.1x security
configuring 12-39
described 12-31, 12-39
voice VLAN
described 12-27
PVID 12-27
VVID 12-27
wake-on-LAN, described 12-27
with ACLs and RADIUS Filter-Id attribute 12-33
port-based authentication methods, supported 12-7
port blocking 1-4, 24-7
port-channel
See EtherChannel
port description TLV 27-2
Port Fast
described 19-2
enabling 19-13
mode, spanning tree 14-26
support for 1-9
port membership modes, VLAN 14-4
port priority
MSTP 18-20
STP 17-18
ports
access 13-3
blocking 24-7
dual-purpose uplink 13-4
dynamic access 14-4
protected 24-6
secure 24-9
static-access 14-4, 14-10
switch 13-2
trunks 14-4, 14-14
VLAN assignments 14-10
port security
aging 24-17
and QoS trusted boundary 34-43
and stacking 24-19
configuring 24-12
default configuration 24-11
described 24-8
displaying 24-21
on trunk ports 24-14
sticky learning 24-9
violations 24-10
with other features 24-11
port-shutdown response, VMPS 14-24
port VLAN ID TLV 27-2
power inline consumption command 13-12
power management TLV 27-3, 27-7
Power over Ethernet
See PoE
preemption, default configuration 20-8
preemption delay, default configuration 20-8
preferential treatment of traffic
See QoS
preventing unauthorized access 11-1
primary links 20-2
priority
overriding CoS 16-6
trusting CoS 16-6
private VLAN edge ports
See protected ports
privileged EXEC mode 2-2
privilege levels
changing the default for lines 11-9
command switch 8-17
exiting 11-10
logging into 11-10
mapping on member switches 8-17
overview 11-2, 11-8
setting a command with 11-8
protected ports 1-11, 24-6
protocol storm protection 24-19
provisioned switches and IP source guard 21-16
provisioning new members for a switch stack 9-7
proxy reports 20-4
pruning, VTP
disabling
in VTP domain 15-16
on a port 14-19
enabling
in VTP domain 15-16
on a port 14-19
examples 15-7
overview 15-6
pruning-eligible list
changing 14-19
for VTP pruning 15-6
VLANs 15-16
PVST+
described 17-10
IEEE 802.1Q trunking interoperability 17-11
instances supported 17-10
Q
QoS
and MQC commands 34-1
auto-QoS
categorizing traffic 34-20
configuration and defaults display 34-34
configuration guidelines 34-32
described 34-19
disabling 34-34
displaying generated commands 34-34
displaying the initial configuration 34-34
effects on running configuration 34-31
list of generated commands 34-22, 34-26
basic model 34-4
classification
class maps, described 34-8
defined 34-4
DSCP transparency, described 34-45
flowchart 34-7
forwarding treatment 34-3
in frames and packets 34-3
IP ACLs, described 34-8
MAC ACLs, described 34-5, 34-8
options for IP traffic 34-6
options for non-IP traffic 34-5
policy maps, described 34-8
trust DSCP, described 34-5
trusted CoS, described 34-5
trust IP precedence, described 34-5
class maps
configuring 34-53
displaying 34-83
configuration guidelines
auto-QoS 34-32
standard QoS 34-37
configuring
aggregate policers 34-62
auto-QoS 34-19
default port CoS value 34-43
DSCP maps 34-65
DSCP transparency 34-45
DSCP trust states bordering another domain 34-45
egress queue characteristics 34-75
ingress queue characteristics 34-71
IP extended ACLs 34-49
IP standard ACLs 34-47
MAC ACLs 34-52
port trust states within the domain 34-41
trusted boundary 34-43
default auto configuration 34-20
default standard configuration 34-35
displaying statistics 34-83
DSCP transparency 34-45
egress queues
allocating buffer space 34-76
buffer allocation scheme, described 34-17
configuring shaped weights for SRR 34-80
configuring shared weights for SRR 34-81
described 34-4
displaying the threshold map 34-79
flowchart 34-16
mapping DSCP or CoS values 34-78
scheduling, described 34-4
setting WTD thresholds 34-76
WTD, described 34-18
enabling globally 34-40
flowcharts
classification 34-7
egress queueing and scheduling 34-16
ingress queueing and scheduling 34-14
policing and marking 34-11
implicit deny 34-8
ingress queues
allocating bandwidth 34-73
allocating buffer space 34-73
buffer and bandwidth allocation, described 34-15
configuring shared weights for SRR 34-73
configuring the priority queue 34-74
described 34-4
displaying the threshold map 34-72
flowchart 34-14
mapping DSCP or CoS values 34-71
priority queue, described 34-15
scheduling, described 34-4
setting WTD thresholds 34-71
WTD, described 34-15
IP phones
automatic classification and queueing 34-19
detection and trusted settings 34-19, 34-43
limiting bandwidth on egress interface 34-82
mapping tables
CoS-to-DSCP 34-65
displaying 34-83
DSCP-to-CoS 34-68
DSCP-to-DSCP-mutation 34-69
IP-precedence-to-DSCP 34-66
policed-DSCP 34-67
types of 34-11
marked-down actions 34-60
marking, described 34-4, 34-9
overview 34-2
packet modification 34-18
policers
configuring 34-60, 34-63
described 34-9
displaying 34-83
number of 34-39
types of 34-10
policies, attaching to an interface 34-9
policing
described 34-4, 34-9
token bucket algorithm 34-10
policy maps
characteristics of 34-57
displaying 34-84
nonhierarchical on physical ports 34-57
QoS label, defined 34-4
queues
configuring egress characteristics 34-75
configuring ingress characteristics 34-71
high priority (expedite) 34-18, 34-82
location of 34-12
SRR, described 34-13
WTD, described 34-12
rewrites 34-18
support for 1-14
trust states
bordering another domain 34-45
described 34-5
trusted device 34-43
within the domain 34-41
quality of service
See QoS
queries, IGMP 23-4
query solicitation, IGMP 23-13
R
RADIUS
attributes
vendor-proprietary 11-38
vendor-specific 11-36
configuring
accounting 11-35
authentication 11-30
authorization 11-34
communication, global 11-28, 11-36
communication, per-server 11-28
multiple UDP ports 11-28
default configuration 11-27
defining AAA server groups 11-32
displaying the configuration 11-40
identifying the server 11-28
in clusters 8-16
limiting the services to the user 11-34
method list, defined 11-27
operation of 11-20
overview 11-18
server load balancing 11-40
suggested network environments 11-19
support for 1-13
tracking services accessed by user 11-35
RADIUS Change of Authorization 11-20
RA Guard 36-7
range
macro 13-22
of interfaces 13-21
rapid convergence 18-10
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 17-10
IEEE 802.1Q trunking interoperability 17-11
instances supported 17-10
Rapid Spanning Tree Protocol
See RSTP
rcommand command 8-16
RCP
configuration files
downloading 42-17
overview 42-16
preparing the server 42-16
uploading 42-18
image files
deleting old image 42-37
downloading 42-35
preparing the server 42-34
uploading 42-37
readiness check
port-based authentication
configuring 12-38
described 12-17, 12-38
reconfirmation interval, VMPS, changing 14-28
reconfirming dynamic VLAN membership 14-28
recovery procedures 40-1
redirect URL 12-20, 12-21, 12-61
redundancy
EtherChannel 39-3
STP
backbone 17-9
multidrop backbone 19-5
path cost 14-23
port priority 14-21
redundant links and UplinkFast 19-16
reloading software 3-21
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 28-3
report suppression, IGMP
described 23-6
disabling 23-15, 37-11
resequencing ACL entries 33-14
reserved addresses in DHCP pools 21-23
resetting a UDLD-shutdown interface 25-6
responder, IP SLAs
described 31-4
enabling 31-6
response time, measuring with IP SLAs 31-4
restricted VLAN
configuring 12-52
described 12-24
using with IEEE 802.1x 12-24
restricting access
overview 11-1
passwords and privilege levels 11-2
RADIUS 11-18
TACACS+ 11-10
retry count, VMPS, changing 14-28
RFC
1112, IP multicast and IGMP 23-2
1157, SNMPv1 32-2
1166, IP addresses 35-4
1305, NTP 5-3
1757, RMON 29-2
1901, SNMPv2C 32-2
1902 to 1907, SNMPv2 32-2
2236, IP multicast and IGMP 23-2
2273-2275, SNMPv3 32-2
RFC 5176 Compliance 11-21
RMON
default configuration 29-3
displaying status 29-6
enabling alarms and events 29-3
groups supported 29-2
overview 29-2
statistics
collecting group Ethernet 29-6
collecting group history 29-5
support for 1-17
root guard
described 19-10
enabling 19-18
support for 1-9
root switch
MSTP 18-18
STP 17-16
router ACLs
defined 33-2
types of 33-4
RSPAN
and stack changes 28-10
characteristics 28-8
configuration guidelines 28-16
default configuration 28-10
defined 28-3
destination ports 28-7
displaying status 28-23
in a switch stack 28-2
interaction with other features 28-9
monitored ports 28-6
monitoring ports 28-7
overview 1-16, 28-1
received traffic 28-5
sessions
creating 28-17
defined 28-4
limiting source traffic to specific VLANs 28-22
specifying monitored ports 28-17
with ingress traffic enabled 28-20
source ports 28-6
transmitted traffic 28-6
VLAN-based 28-7
RSTP
active topology 18-10
BPDU
format 18-12
processing 18-13
designated port, defined 18-9
designated switch, defined 18-9
interoperability with IEEE 802.1D
described 18-9
restarting migration process 18-27
topology changes 18-13
overview 18-9
port roles
described 18-9
synchronized 18-11
proposal-agreement handshake process 18-10
rapid convergence
cross-stack rapid convergence 18-11
described 18-10
edge ports and Port Fast 18-10
point-to-point links 18-10, 18-26
root ports 18-10
root port, defined 18-9
See also MSTP
running configuration
replacing 42-19, 42-20
rolling back 42-19, 42-21
running configuration, saving 3-15
S
SC (standby command switch) 8-9
scheduled reloads 3-21
SCP
and SSH 11-52
configuring 11-53
SDM
templates
configuring 10-5
number of 10-1
SDM template 38-3
configuration guidelines 10-4
configuring 10-4
types of 10-1
Secure Copy Protocol
secure HTTP client
configuring 11-51
displaying 11-52
secure HTTP server
configuring 11-50
displaying 11-52
secure MAC addresses
and switch stacks 24-19
deleting 24-15
maximum number of 24-10
types of 24-9
secure ports
and switch stacks 24-19
secure ports, configuring 24-9
secure remote connections 11-42
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 24-8
Security Exchange Protocol (SXP) 7-2
security features 1-10
Security Group Access Control List (SGACL) 7-2
Security Group Tag (SGT) 7-2
See SCP
sequence numbers in log messages 30-8
server mode, VTP 15-3
service-provider network, MSTP and RSTP 18-1
set-request operation 32-5
setup program
failed command switch replacement 40-11
replacing failed command switch 40-9
severity levels, defining in system messages 30-9
SFPs
monitoring status of 13-44, 40-14
security and identification 40-13
status, displaying 40-14
SGACL 7-2
SGT 7-2
shaped round robin
See SRR
show access-lists hw-summary command 33-21
show and more command output, filtering 2-9
show cdp traffic command 26-5
show cluster members command 8-16
show configuration command 13-41
show forward command 40-22
show interfaces command 13-31, 13-41
show interfaces switchport 20-4
show lldp traffic command 27-11
show platform forward command 40-22
show platform tcam command 40-27
show running-config command
displaying ACLs 33-19, 33-20
interface description in 13-41
shutdown command on interfaces 13-45
Simple Network Management Protocol
See SNMP
small form-factor pluggable modules
See SFPs
small-frame arrival rate, configuring 24-5
SNAP 26-1
SNMP
accessing MIB variables with 32-5
agent
described 32-4
disabling 32-8
and IP SLAs 31-2
authentication level 32-11
community strings
configuring 32-8
for cluster switches 32-4
overview 32-4
configuration examples 32-18
default configuration 32-7
engine ID 32-7
groups 32-7, 32-10
host 32-7
ifIndex values 32-6
in-band management 1-7
in clusters 8-14
informs
and trap keyword 32-13
described 32-5
differences from traps 32-5
disabling 32-16
enabling 32-16
limiting access by TFTP servers 32-17
limiting system log messages to NMS 30-10
manager functions 1-6, 32-3
managing clusters with 8-17
notifications 32-5
overview 32-1, 32-5
security levels 32-3
setting CPU threshold notification 32-16
status, displaying 32-19
system contact and location 32-17
trap manager, configuring 32-14
traps
described 32-4, 32-5
differences from informs 32-5
disabling 32-16
enabling 32-13
enabling MAC address notification 5-17, 5-19, 5-20
overview 32-1, 32-5
types of 32-13
users 32-7, 32-10
versions supported 32-2
SNMP and Syslog Over IPv6 36-9
SNMPv1 32-2
SNMPv2C 32-3
SNMPv3 32-3
snooping, IGMP 23-2
software compatibility
See stacks, switch
software images
location in flash 42-25
recovery procedures 40-2
scheduling reloads 3-22
tar file format, described 42-25
See also downloading and uploading
source addresses
in IPv4 ACLs 33-11
in IPv6 ACLs 38-5
source-and-destination-IP address based forwarding, EtherChannel 39-9
source-and-destination MAC address forwarding, EtherChannel 39-9
Source Guard 36-7, 36-16
source-IP address based forwarding, EtherChannel 39-9
source-MAC address forwarding, EtherChannel 39-8
SPAN
and stack changes 28-10
configuration guidelines 28-11
default configuration 28-10
destination ports 28-7
displaying status 28-23
interaction with other features 28-9
monitored ports 28-6
monitoring ports 28-7
overview 1-16, 28-1
ports, restrictions 24-12
received traffic 28-5
sessions
configuring ingress forwarding 28-15, 28-21
creating 28-11
defined 28-4
limiting source traffic to specific VLANs 28-15
removing destination (monitoring) ports 28-13
specifying monitored ports 28-11
with ingress traffic enabled 28-14
source ports 28-6
transmitted traffic 28-6
VLAN-based 28-7
spanning tree and native VLANs 14-15
Spanning Tree Protocol
See STP
SPAN traffic 28-5
SRR
configuring
shaped weights on egress queues 34-80
shared weights on egress queues 34-81
shared weights on ingress queues 34-73
described 34-13
shaped mode 34-13
shared mode 34-13
support for 1-15
SSH
configuring 11-43
cryptographic software image 11-41
described 1-7, 11-42
encryption methods 11-42
switch stack considerations 9-15
user authentication methods, supported 11-42
SSL
configuration guidelines 11-49
configuring a secure HTTP client 11-51
configuring a secure HTTP server 11-50
cryptographic software image 11-46
described 11-46
monitoring 11-52
stack, switch
MAC address of 9-6, 9-18
stack changes, effects on
802.1x port-based authentication 12-11
ACL configuration 33-6
CDP 26-2
cross-stack EtherChannel 39-13
EtherChannel 39-10
IGMP snooping 23-6
IP routing 35-2
MAC address tables 5-16
MSTP 18-8
MVR 23-17
port security 24-19
SDM template selection 10-3
SNMP 32-2
SPAN and RSPAN 28-10
STP 17-12
switch clusters 8-14
system message log 30-2
VLANs 14-7
VTP 15-8
stack master
bridge ID (MAC address) 9-6
defined 9-1
election 9-5
IPv6 36-10
See also stacks, switch
stack member
accessing CLI of specific member 9-22
configuring
member number 9-20
priority value 9-20
defined 9-1
displaying information of 9-22
number 9-6
priority value 9-7
provisioning a new member 9-21
replacing 9-14
See also stacks, switch
stack member number 13-19
stack protocol version 9-10
stacks, switch
accessing CLI of specific member 9-22
assigning information
member number 9-20
priority value 9-20
provisioning a new member 9-21
auto-advise 9-11
auto-copy 9-11
auto-extract 9-11
auto-upgrade 9-11
bridge ID 9-6
CDP considerations 26-2
compatibility, software 9-9
configuration file 9-14
configuration scenarios 9-16
copying an image file from one member to another 42-38
default configuration 9-17
description of 9-1
displaying information of 9-22
enabling persistent MAC address timer 9-18
in clusters 8-14
incompatible software and image upgrades 9-13, 42-38
IPv6 on 36-10
MAC address considerations 5-16
management connectivity 9-15
managing 9-1
membership 9-3
merged 9-3
MSTP instances supported 17-10
offline configuration
described 9-7
effects of adding a provisioned switch 9-8
effects of removing a provisioned switch 9-9
effects of replacing a provisioned switch 9-9
provisioned configuration, defined 9-7
provisioned switch, defined 9-7
provisioning a new member 9-21
partitioned 9-3, 40-8
provisioned switch
adding 9-8
removing 9-9
replacing 9-9
replacing a failed member 9-14
software compatibility 9-9
software image version 9-9
stack protocol version 9-10
STP
bridge ID 17-3
root port selection 17-3
stack root switch election 17-3
system messages
hostnames in the display 30-1
remotely monitoring 30-2
system prompt consideration 5-9
system-wide configuration considerations 9-14
upgrading 42-38
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 9-11
examples 9-12
manual upgrades with auto-advise 9-11
upgrades with auto-extract 9-11
version-mismatch mode
described 9-10
See also stack master and stack member
standby command switch
configuring
considerations 8-11
defined 8-2
priority 8-9
requirements 8-3
virtual IP address 8-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby links 20-2
startup configuration
booting
manually 3-19
specific image 3-19
clearing 42-19
configuration file
automatically downloading 3-18
specifying the filename 3-18
static access ports
assigning to VLAN 14-10
defined 13-3, 14-4
static addresses
See addresses
static MAC addressing 1-11
static routes
configuring 35-5
configuring for IPv6 36-20
static VLAN membership 14-2
statistics
802.1X 6-17
802.1x 12-65
CDP 26-5
interface 13-44
LLDP 27-11
LLDP-MED 27-11
NMSP 27-11
QoS ingress and egress 34-83
RMON group Ethernet 29-6
RMON group history 29-5
SNMP input and output 32-19
VTP 15-18
sticky learning 24-9
storm control
configuring 24-3
described 24-1
disabling 24-5
displaying 24-21
support for 1-4
thresholds 24-2
STP
accelerating root port selection 19-4
BackboneFast
described 19-8
disabling 19-17
enabling 19-17
BPDU filtering
described 19-3
disabling 19-15
enabling 19-15
BPDU guard
described 19-2
disabling 19-14
enabling 19-14
BPDU message exchange 17-3
configuration guidelines 17-14, 19-12
configuring
forward-delay time 17-23
hello time 17-22
maximum aging time 17-23
path cost 17-20
port priority 17-18
root switch 17-16
secondary root switch 17-18
spanning-tree mode 17-15
switch priority 17-21
transmit hold-count 17-24
counters, clearing 17-24
cross-stack UplinkFast
described 19-5
enabling 19-17
default configuration 17-13
default optional feature configuration 19-12
designated port, defined 17-4
designated switch, defined 17-4
detecting indirect link failures 19-8
disabling 17-16
displaying status 17-24
EtherChannel guard
described 19-10
disabling 19-18
enabling 19-17
extended system ID
effects on root switch 17-16
effects on the secondary root switch 17-18
overview 17-4
unexpected behavior 17-16
features supported 1-8
IEEE 802.1D and bridge ID 17-4
IEEE 802.1D and multicast addresses 17-9
IEEE 802.1t and VLAN identifier 17-5
inferior BPDU 17-3
instances supported 17-10
interface state, blocking to forwarding 19-2
interface states
blocking 17-6
disabled 17-8
forwarding 17-6, 17-7
learning 17-7
listening 17-7
overview 17-5
interoperability and compatibility among modes 17-11
limitations with IEEE 802.1Q trunks 17-11
load sharing
overview 14-20
using path costs 14-23
using port priorities 14-21
loop guard
described 19-11
enabling 19-19
modes supported 17-10
multicast addresses, effect of 17-9
optional features supported 1-9
overview 17-2
path costs 14-23
Port Fast
described 19-2
enabling 19-13
port priorities 14-22
preventing root switch selection 19-10
protocols supported 17-10
redundant connectivity 17-9
root guard
described 19-10
enabling 19-18
root port, defined 17-3
root port selection on a switch stack 17-3
root switch
configuring 17-16
effects of extended system ID 17-4, 17-16
election 17-3
unexpected behavior 17-16
shutdown Port Fast-enabled port 19-2
stack changes, effects of 17-12
status, displaying 17-24
superior BPDU 17-3
timers, described 17-22
UplinkFast
described 19-4
enabling 19-16
stratum, NTP 5-3
subnet mask 35-4
success response, VMPS 14-25
summer time 5-8
SunNet Manager 1-6
supported port-based authentication methods 12-7
SVIs
and IP unicast routing 35-3
and router ACLs 33-4
connecting VLANs 13-13
defined 13-3
switch 36-2
switch clustering technology 8-1
See also clusters, switch
switch console port 1-7
Switch Database Management
See SDM
Switched Port Analyzer
See SPAN
switched ports 13-2
switchport backup interface 20-4, 20-5
switchport block multicast command 24-8
switchport block unicast command 24-8
switchport protected command 24-7
switch priority
MSTP 18-23
STP 17-21
switch software features 1-1
switch virtual interface
See SVI
SXP 7-2
syslog
See system message logging
system capabilities TLV 27-2
system clock
configuring
daylight saving time 5-8
manually 5-6
summer time 5-8
time zones 5-7
displaying the time and date 5-6
overview 5-2
See also NTP
system description TLV 27-2
system message logging
default configuration 30-4
defining error message severity levels 30-9
disabling 30-4
displaying the configuration 30-14
enabling 30-5
facility keywords, described 30-14
level keywords, described 30-10
limiting messages 30-10
message format 30-2
overview 30-1
sequence numbers, enabling and disabling 30-8
setting the display destination device 30-5
stack changes, effects of 30-2
synchronizing log messages 30-6
syslog facility 1-17
time stamps, enabling and disabling 30-8
UNIX syslog servers
configuring the daemon 30-13
configuring the logging facility 30-13
facilities supported 30-14
system name
default configuration 5-10
default setting 5-10
manual configuration 5-10
See also DNS
system name TLV 27-2
system prompt, default setting 5-9, 5-10
system resources, optimizing 10-1
T
TACACS+
accounting, defined 11-12
authentication, defined 11-11
authorization, defined 11-12
configuring
accounting 11-17
authentication key 11-13
authorization 11-16
login authentication 11-14
default configuration 11-13
displaying the configuration 11-18
identifying the server 11-13
in clusters 8-16
limiting the services to the user 11-16
operation of 11-12
overview 11-10
support for 1-13
tracking services accessed by user 11-17
tar files
creating 42-6
displaying the contents of 42-7
extracting 42-7
image file format 42-25
TCAM
memory consistency check errors
example 40-27
memory consistency check routines 1-5, 40-27
memory consistency integrity 1-5, 40-27
space
HFTM 40-27
HQATM 40-27
unassigned 40-27
TDR 1-17
Telnet
accessing management interfaces 2-10
number of connections 1-7
setting a password 11-6
temporary self-signed certificate 11-47
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 11-6
ternary content addressable memory
See TCAM
TFTP
configuration files
downloading 42-11
preparing the server 42-10
uploading 42-12
configuration files in base directory 3-7
configuring for autoconfiguration 3-7
image files
deleting 42-28
downloading 42-27
preparing the server 42-26
uploading 42-29
limiting access by servers 32-17
TFTP server 1-6
threshold, traffic level 24-2
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 33-16
time ranges in ACLs 33-16
time stamps in log messages 30-8
time zones 5-7
TLVs
defined 27-2
LLDP 27-2
LLDP-MED 27-2
Token Ring VLANs
support for 14-6
VTP support 15-5
ToS 1-14
traceroute, Layer 2
and ARP 40-16
and CDP 40-16
broadcast traffic 40-15
described 40-15
IP addresses and subnets 40-16
MAC addresses and VLANs 40-16
multicast traffic 40-16
multiple devices on a port 40-16
unicast traffic 40-15
usage guidelines 40-16
traceroute command 40-18
See also IP traceroute
traffic
blocking flooded 24-8
fragmented 33-5
fragmented IPv6 38-2
unfragmented 33-5
traffic policing 1-14
traffic suppression 24-2
transmit hold-count
see STP
transparent mode, VTP 15-4
trap-door mechanism 3-2
traps
configuring MAC address notification 5-17, 5-19, 5-20
configuring managers 32-13
defined 32-4
enabling 5-17, 5-19, 5-20, 32-13
notification types 32-13
overview 32-1, 32-5
troubleshooting
connectivity problems 40-14, 40-15, 40-17
CPU utilization 40-28
detecting unidirectional links 25-1
displaying crash information 40-23
setting packet forwarding 40-22
SFP security and identification 40-13
show forward command 40-22
with CiscoWorks 32-5
with debug commands 40-19
with ping 40-14
with system message logging 30-1
with traceroute 40-17
trunk failover
See link-state tracking
trunking encapsulation 1-9
trunk ports
configuring 14-17
defined 13-3, 14-4
trunks
allowed-VLAN list 14-18
load sharing
setting STP path costs 14-23
using STP port priorities 14-21, 14-22
native VLAN for untagged traffic 14-20
parallel 14-23
pruning-eligible list 14-19
to non-DTP device 14-14
trusted boundary for QoS 34-43
trusted port states
between QoS domains 34-45
classification options 34-5
ensuring port security for IP phones 34-43
support for 1-14
within a QoS domain 34-41
trustpoints, CA 11-46
twisted-pair Ethernet, detecting unidirectional links 25-1
type of service
See ToS
U
UDLD
configuration guidelines 25-4
default configuration 25-4
disabling
globally 25-5
on fiber-optic interfaces 25-5
per interface 25-6
echoing detection mechanism 25-3
enabling
globally 25-5
per interface 25-6
link-detection mechanism 25-1
neighbor database 25-2
overview 25-1
resetting an interface 25-6
status, displaying 25-7
support for 1-8
unauthorized ports with IEEE 802.1x 12-10
unicast MAC address filtering 1-6
and adding static addresses 5-22
and broadcast MAC addresses 5-22
and CPU packets 5-22
and multicast addresses 5-22
and router MAC addresses 5-22
configuration guidelines 5-22
described 5-22
unicast storm 24-1
unicast storm control command 24-4
unicast traffic, blocking 24-8
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 30-13
facilities supported 30-14
message logging configuration 30-13
unrecognized Type-Length-Value (TLV) support 15-5
upgrading a Catalyst 2950 switch
configuration compatibility issues 44-1
differences in configuration commands 44-1
feature behavior incompatibilities 44-5
incompatible command messages 44-1
recommendations 44-1
upgrading software images
See downloading
UplinkFast
described 19-4
disabling 19-16
enabling 19-16
support for 1-8
uploading
configuration files
preparing 42-10, 42-13, 42-16
reasons for 42-9
using FTP 42-15
using RCP 42-18
using TFTP 42-12
image files
preparing 42-26, 42-30, 42-34
reasons for 42-24
using FTP 42-32
using RCP 42-37
using TFTP 42-29
USB mini-Type B console port 13-14
USB Type A port 1-8
user EXEC mode 2-2
username-based authentication 11-7
V
version-dependent transparent mode 15-5
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 9-11
manual upgrades with auto-advise 9-11
upgrades with auto-extract 9-11
version-mismatch mode
described 9-10
virtual IP address
cluster standby group 8-11
command switch 8-11
virtual switches and PAgP 39-6
vlan.dat file 14-5
VLAN 1, disabling on a trunk port 14-18
VLAN 1 minimization 14-18
vlan-assignment response, VMPS 14-24
VLAN configuration
at bootup 14-7
saving 14-7
VLAN configuration mode 2-2
VLAN database
and startup configuration file 14-7
and VTP 15-1
VLAN configuration saved in 14-7
VLANs saved in 14-5
VLAN filtering and SPAN 28-7
vlan global configuration command 14-7
VLAN ID, discovering 5-25
VLAN load balancing on flex links 20-3
configuration guidelines 20-8
VLAN management domain 15-2
VLAN Management Policy Server
See VMPS
VLAN membership
confirming 14-28
modes 14-4
VLAN Query Protocol
See VQP
VLANs
adding 14-8
adding to VLAN database 14-8
aging dynamic addresses 17-10
allowed on trunk 14-18
and spanning-tree instances 14-3, 14-7, 14-12
configuration guidelines, extended-range VLANs 14-11
configuration guidelines, normal-range VLANs 14-6
configuring 14-1
configuring IDs 1006 to 4094 14-11
connecting through SVIs 13-13
creating 14-9
default configuration 14-8
deleting 14-9
described 13-2, 14-1
displaying 14-13
extended-range 14-1, 14-11
features 1-9
illustrated 14-2
in the switch stack 14-7
limiting source traffic with RSPAN 28-22
limiting source traffic with SPAN 28-15
modifying 14-8
multicast 23-17
native, configuring 14-20
normal-range 14-1, 14-5
number supported 1-9
parameters 14-5
port membership modes 14-4
static-access ports 14-10
STP and IEEE 802.1Q trunks 17-11
supported 14-3
Token Ring 14-6
traffic between 14-2
VTP modes 15-3
VLAN Trunking Protocol
See VTP
VLAN trunks 14-14
VMPS
administering 14-29
configuration example 14-29
configuration guidelines 14-26
default configuration 14-25
description 14-24
dynamic port membership
described 14-25
reconfirming 14-28
troubleshooting 14-29
entering server address 14-26
mapping MAC addresses to VLANs 14-24
monitoring 14-29
reconfirmation interval, changing 14-28
reconfirming membership 14-28
retry count, changing 14-28
voice aware 802.1x security
port-based authentication
configuring 12-39
described 12-31, 12-39
voice-over-IP 16-1
voice VLAN
Cisco 7960 phone, port connections 16-1
configuration guidelines 16-3
configuring IP phones for data traffic
override CoS of incoming frame 16-6
trust CoS priority of incoming frame 16-6
configuring ports for voice traffic in
802.1p priority tagged frames 16-5
802.1Q frames 16-5
connecting to an IP phone 16-4
default configuration 16-3
described 16-1
displaying 16-7
IP phone data traffic, described 16-2
IP phone voice traffic, described 16-2
VQP 1-9, 14-24
VTP
adding a client to a domain 15-17
advertisements 14-16, 15-4
and extended-range VLANs 14-3, 15-2
and normal-range VLANs 14-3, 15-2
client mode, configuring 15-13
configuration
guidelines 15-9
requirements 15-11
saving 15-9
configuration requirements 15-11
configuration revision number
guideline 15-17
resetting 15-17
consistency checks 15-5
default configuration 15-9
described 15-1
domain names 15-10
domains 15-2
modes
client 15-3
off 15-4
server 15-3
transitions 15-3
transparent 15-4
monitoring 15-18
passwords 15-10
pruning
disabling 15-16
enabling 15-16
examples 15-7
overview 15-6
support for 1-9
pruning-eligible list, changing 14-19
server mode, configuring 15-11, 15-14
statistics 15-18
support for 1-9
Token Ring support 15-5
transparent mode, configuring 15-12
using 15-1
Version
enabling 15-15
version, guidelines 15-10
Version 1 15-5
Version 2
configuration guidelines 15-10
overview 15-5
Version 3
overview 15-5
W
web authentication 12-17
configuring 6-16 to ??
described 1-10
web-based authentication
customizeable web pages 6-6
description 6-1
web-based authentication, interactions with other features 6-7
weighted tail drop
See WTD
wired location service
configuring 27-9
displaying 27-11
location TLV 27-3
understanding 27-4
wizards 1-2
WTD
described 34-12
setting thresholds
egress queue-sets 34-76
ingress queues 34-71
support for 1-15
X
Xmodem protocol 40-2