Index Numerics
10-Gigabit Ethernet interfaces 15-7
802.1AE
standard 12-2
802.1AE Tagging 14-2
802.1x-REV 12-2
A
AAA down policy, NAC Layer 2 IP validation 1-13
abbreviating commands 2-3
ABRs 44-27
AC (command switch) 6-10
access control entries
See ACEs
access-denied response, VMPS 16-26
access groups
applying IPv4 ACLs to interfaces 39-22
Layer 3 39-22
access groups, applying IPv4 ACLs to interfaces 39-22
accessing
clusters, switch 6-13
command switches 6-11
member switches 6-13
switch clusters 6-13
accessing stack members 5-30
access lists
See ACLs
access ports
and Layer 2 protocol tunneling 20-12
defined 15-3
in switch clusters 6-9
access template 8-2
accounting
with 802.1x 11-53
with IEEE 802.1x 11-14
with RADIUS 10-34
with TACACS+ 10-11, 10-17
ACEs
and QoS 40-8
defined 39-2
Ethernet 39-2
IP 39-2
ACLs
ACEs 39-2
applying
on bridged packets 39-42
on multicast packets 39-43
on routed packets 39-43
on switched packets 39-41
time ranges to 39-18
to an interface 39-21, 41-7
to QoS 40-7
classifying traffic for QoS 40-49
comments in 39-20
compiling 39-24
defined 39-2, 39-8
examples of 39-24, 40-49
extended IP, configuring for QoS classification 40-50
extended IPv4
creating 39-11
matching criteria 39-8
hardware and software handling 39-23
IP
creating 39-8
fragments and QoS guidelines 40-39
implicit deny 39-11, 39-15, 39-18
implicit masks 39-11
matching criteria 39-8
undefined 39-23
IPv4
applying to interfaces 39-21
creating 39-8
matching criteria 39-8
named 39-16
numbers 39-9
terminal lines, setting on 39-20
unsupported features 39-7
IPv6
and stacking 41-3
applying to interfaces 41-7
configuring 41-4, 41-5
displaying 41-8
interactions with other features 41-4
limitations 41-3
matching criteria 41-3
named 41-3
precedence of 41-2
supported 41-2
unsupported features 41-3
Layer 4 information in 39-41
logging messages 39-9
MAC extended 39-29, 40-53
matching 39-8, 39-22
monitoring 39-44, 41-8
named
IPv4 39-16
IPv6 41-3
names 41-4
number per QoS class map 40-39
port 39-3, 41-2
precedence of 39-3
QoS 40-7, 40-49
resequencing entries 39-16
router 39-3, 41-2
router ACLs and VLAN map configuration guidelines 39-40
standard IP, configuring for QoS classification 40-49, 40-51
standard IPv4
creating 39-10
matching criteria 39-8
support for 1-11
support in hardware 39-23
time ranges 39-18
types supported 39-2
unsupported features
IPv4 39-7
IPv6 41-3
using router ACLs with VLAN maps 39-40
VLAN maps
configuration guidelines 39-33
configuring 39-32
active link 25-4, 25-5, 25-6
active links 25-2
active router 46-2
active traffic monitoring, IP SLAs 47-1
address aliasing 28-2
addresses
displaying the MAC address table 7-23
dynamic
accelerated aging 21-9
changing the aging time 7-14
default aging 21-9
defined 7-12
learning 7-13
removing 7-15
IPv6 45-2
MAC, discovering 7-24
multicast
group address range 51-3
STP address management 21-9
static
adding and removing 7-20
defined 7-12
address resolution 7-24, 44-10
Address Resolution Protocol
See ARP
adjacency tables, with CEF 44-92
administrative distances
defined 44-104
OSPF 44-35
routing protocol defaults 44-94
administrative VLAN
REP, configuring 24-8
administrative VLAN, REP 24-8
advertisements
CDP 30-1
LLDP 32-2
RIP 44-21
VTP 16-17, 17-3, 17-4
age timer, REP 24-8
aggregatable global unicast addresses 45-3
aggregate addresses, BGP 44-62
aggregated ports
See EtherChannel
aggregate policers 40-71
aggregate policing 1-15
aging, accelerating 21-9
aging time
accelerated
for MSTP 22-24
for STP 21-9, 21-24
MAC address table 7-14
maximum
for MSTP 22-24, 22-25
for STP 21-24, 21-25
alarms, RMON 35-3
allowed-VLAN list 16-19
application engines, redirecting traffic to 50-1
area border routers
See ABRs
area routing
IS-IS 44-67
ISO IGRP 44-67
ARP
configuring 44-11
defined 1-7, 7-24, 44-10
encapsulation 44-11
static cache configuration 44-11
table
address resolution 7-24
managing 7-24
ASBRs 44-27
AS-path filters, BGP 44-56
asymmetrical links, and IEEE 802.1Q tunneling 20-4
attributes, RADIUS
vendor-proprietary 10-36
vendor-specific 10-35
attribute-value pairs 11-20
authentication
EIGRP 44-43
HSRP 46-10
local mode with AAA 10-43
open1x 11-31
RADIUS
key 10-27
login 10-29
TACACS+
defined 10-11
key 10-13
login 10-14
See also port-based authentication
authentication failed VLAN
See restricted VLAN
authentication keys, and routing protocols 44-105
authentication manager
CLI commands 11-9
compatibility with older 802.1x CLI commands 11-9 to 11-10
overview 11-7
single session ID 11-35
authoritative time source, described 7-2
authorization
with RADIUS 10-33
with TACACS+ 10-11, 10-16
authorized ports with IEEE 802.1x 11-10
autoconfiguration 4-3
auto enablement 11-33
automatic advise (auto-advise) in switch stacks 5-13
automatic copy (auto-copy) in switch stacks 5-13
automatic discovery
considerations
beyond a noncandidate device 6-8
brand new switches 6-9
connectivity 6-5
different VLANs 6-7
management VLANs 6-7
non-CDP-capable devices 6-6
noncluster-capable devices 6-6
routed ports 6-8
in switch clusters 6-5
See also CDP
automatic extraction (auto-extract) in switch stacks 5-13
automatic QoS
See QoS
automatic recovery, clusters 6-10
See also HSRP
automatic upgrades (auto-upgrade) in switch stacks 5-12
auto-MDIX
configuring 15-35
described 15-34
autonegotiation
duplex mode 1-4
interface configuration guidelines 15-32
mismatches 55-13
autonomous system boundary routers
See ASBRs
autonomous systems, in BGP 44-50
Auto-RP, described 51-7
autosensing, port speed 1-4
autostate exclude 15-6
auxiliary VLAN
See voice VLAN
availability, features 1-9
B
BackboneFast
described 23-7
disabling 23-17
enabling 23-16
support for 1-9
backup interfaces
See Flex Links
backup links 25-2
backup static routing, configuring 49-12
banners
configuring
login 7-12
message-of-the-day login 7-11
default configuration 7-10
when displayed 7-10
Berkeley r-tools replacement 10-54
BGP
aggregate addresses 44-62
aggregate routes, configuring 44-62
CIDR 44-62
clear commands 44-65
community filtering 44-59
configuring neighbors 44-60
default configuration 44-47
described 44-47
enabling 44-50
monitoring 44-65
multipath support 44-54
neighbors, types of 44-50
path selection 44-54
peers, configuring 44-60
prefix filtering 44-58
resetting sessions 44-52
route dampening 44-64
route maps 44-56
route reflectors 44-63
routing domain confederation 44-63
routing session with multi-VRF CE 44-86
show commands 44-65
supernets 44-62
support for 1-16
Version 4 44-47
binding cluster group and HSRP group 46-12
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 26-6
DHCP snooping database 26-6
IP source guard 26-16
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 31-7
Boolean expressions in tracked lists 49-4
booting
boot loader, function of 4-2
boot process 4-2
manually 4-19
specific image 4-20
boot loader
accessing 4-21
described 4-2
environment variables 4-21
prompt 4-21
trap-door mechanism 4-2
Boot Loader Upgrade and Image Verification for the FIPS Mode of Operation 4-25
bootstrap router (BSR), described 51-7
Border Gateway Protocol
See BGP
BPDU
error-disabled state 23-2
filtering 23-3
RSTP format 22-12
BPDU filtering
described 23-3
disabling 23-15
enabling 23-14
support for 1-9
BPDU guard
described 23-2
disabling 23-14
enabling 23-13
support for 1-9
bridged packets, ACLs on 39-42
bridge groups
See fallback bridging
bridge protocol data unit
See BPDU
broadcast flooding 44-18
broadcast packets
directed 44-15
flooded 44-15
broadcast storm-control command 31-4
broadcast storms 31-1, 44-15
C
cables, monitoring for unidirectional links 33-1
candidate switch
automatic discovery 6-5
defined 6-4
requirements 6-4
See also command switch, cluster standby group, and member switch
CA trustpoint
configuring 10-51
defined 10-49
CDP
and trusted boundary 40-45
automatic discovery in switch clusters 6-5
configuring 30-2
default configuration 30-2
defined with LLDP 32-1
described 30-1
disabling for routing device 30-4
enabling and disabling
on an interface 30-4
on a switch 30-4
Layer 2 protocol tunneling 20-8
monitoring 30-5
overview 30-1
power negotiation extensions 15-8
support for 1-7
switch stack considerations 30-2
transmission timer and holdtime, setting 30-2
updates 30-2
CEF
defined 44-91
distributed 44-92
IPv6 45-30
CGMP
as IGMP snooping learning method 28-9
enabling server support 51-45
joining multicast group 28-3
overview 51-9
server support only 51-9
switch support of 1-5
CIDR 44-62
CipherSuites 10-50
Cisco 7960 IP Phone 18-1
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco intelligent power management 15-8
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
See IFS
Cisco IOS IP SLAs 47-2
Cisco Redundant Power System 2300
configuring 15-48
managing 15-48
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 11-20
attribute-value pairs for redirect URL 11-20
Cisco StackWise Plus technology 1-3
See also stacks, switch
Cisco TrustSec
credentials 12-10
switch-to-switch security
802.1x mode 12-11
configuration example 12-14
manual mode 12-12
Cisco TrustSec Network Device Admission Control
See NDAC
CiscoWorks 2000 1-6, 37-4
CISP 11-33
CIST regional root
See MSTP
CIST root
See MSTP
civic location 32-3
classless interdomain routing
See CIDR
classless routing 44-8
class maps for QoS
configuring 40-54
described 40-8
class of service
See CoS
clearing interfaces 15-55
CLI
abbreviating commands 2-3
command modes 2-1
configuration logging 2-4
described 1-6
editing features
enabling and disabling 2-6
keystroke editing 2-7
wrapped lines 2-8
error messages 2-4
filtering command output 2-9
getting help 2-3
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
managing clusters 6-16
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client mode, VTP 17-3
client processes, tracking 49-1
CLNS
See ISO CLNS
clock
See system clock
clusters, switch
accessing 6-13
automatic discovery 6-5
automatic recovery 6-10
benefits 1-2
compatibility 6-4
described 6-1
LRE profile considerations 6-16
managing
through CLI 6-16
through SNMP 6-17
planning 6-4
planning considerations
automatic discovery 6-5
automatic recovery 6-10
CLI 6-16
host names 6-13
IP addresses 6-13
LRE profiles 6-16
passwords 6-14
RADIUS 6-16
SNMP 6-14, 6-17
switch stacks 6-14
TACACS+ 6-16
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
and HSRP group 46-12
automatic recovery 6-12
considerations 6-11
defined 6-2
requirements 6-3
virtual IP address 6-11
See also HSRP
CNS
Configuration Engine
configID, deviceID, hostname 3-3
configuration service 3-2
described 3-1
event service 3-3
embedded agents
described 3-5
enabling automated configuration 3-6
enabling configuration agent 3-9
enabling event agent 3-8
management functions 1-6
CoA Request Commands 10-23
Coarse Wave Division Multiplexer
See CWDM SFPs
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-3
no and default 2-4
commands, setting privilege levels 10-8
command switch
accessing 6-11
active (AC) 6-10
configuration conflicts 55-12
defined 6-2
passive (PC) 6-10
password privilege levels 6-17
priority 6-10
recovery
from command-switch failure 6-10, 55-9
from lost member connectivity 55-12
redundant 6-10
replacing
with another switch 55-11
with cluster member 55-9
requirements 6-3
standby (SC) 6-10
See also candidate switch, cluster standby group, member switch, and standby command switch
Common Criteria 1-11
common session ID
see single session ID 11-35
community list, BGP 44-59
community ports 19-2
community strings
configuring 6-14, 37-8
for cluster switches 37-4
in clusters 6-14
overview 37-4
SNMP 6-14
community VLANs 19-2, 19-3
compatibility, feature 31-12
compatibility, software
See stacks, switch
configurable leave timer, IGMP 28-6
configuration, initial
defaults 1-20
Express Setup 1-2
configuration conflicts, recovering from lost member connectivity 55-12
configuration examples, network 1-23
configuration files
archiving A-21
clearing the startup configuration A-20
creating and using, guidelines for A-10
creating using a text editor A-11
deleting a stored configuration A-20
described A-9
downloading
automatically 4-18
preparing A-11, A-14, A-17
reasons for A-9
using FTP A-14
using RCP A-18
using TFTP A-12
invalid combinations when copying A-6
limiting TFTP server access 37-17
obtaining with DHCP 4-9
password recovery disable considerations 10-5
replacing and rolling back, guidelines for A-22
replacing a running configuration A-20, A-21
rolling back a running configuration A-20, A-22
specifying the filename 4-19
system contact and location information 37-16
types and location A-10
uploading
preparing A-11, A-14, A-17
reasons for A-9
using FTP A-16
using RCP A-19
using TFTP A-13
configuration guidelines
REP 24-7
configuration guidelines, multi-VRF CE 44-79
configuration logging 2-4
configuration replacement A-20
configuration rollback A-20, A-21
configuration settings, saving 4-16
configure terminal command 15-21
Configuring First Hop Security in IPv6 45-19
Configuring IPv6 Source Guard 45-22
configuring multicast VRFs 44-85
configuring port-based authentication violation modes 11-43 to 11-44
configuring small-frame arrival rate 31-5
Configuring VACL Logging 39-39
conflicts, configuration 55-12
connections, secure remote 10-44
connectivity problems 55-15, 55-16, 55-18
consistency checks in VTP Version 2 17-5
console port
RJ-45 15-16
USB 15-16
console port, connecting to 2-10
content-routing technology
See WCCP
control protocol, IP SLAs 47-4
convergence
REP 24-4
corrupted software, recovery steps with Xmodem 55-2
CoS
in Layer 2 frames 40-2
override priority 18-6
trust priority 18-6
CoS input queue threshold map for QoS 40-18
CoS output queue threshold map for QoS 40-21
CoS-to-DSCP map for QoS 40-73
counters, clearing interface 15-55
CPU utilization, troubleshooting 55-29
crashinfo file 55-24
critical authentication, IEEE 802.1x 11-63
critical VLAN 11-23
cross-stack EtherChannel
configuration guidelines 42-13
configuring
on Layer 2 interfaces 42-13
on Layer 3 physical interfaces 42-16
described 42-3
illustration 42-4
support for 1-9
cross-stack UplinkFast, STP
described 23-5
disabling 23-16
enabling 23-16
fast-convergence events 23-7
Fast Uplink Transition Protocol 23-6
normal-convergence events 23-7
support for 1-9
cryptographic software image
switch stack considerations 5-3, 5-18
customer edge devices 44-77
customizeable web pages, web-based authentication 13-6
CWDM SFPs 1-36
D
DACL
See downloadable ACL
daylight saving time 7-6
dCEF in the switch stack 44-91
debugging
enabling all system diagnostics 55-21
enabling for a specific feature 55-21
redirecting error message output 55-22
using commands 55-20
default commands 2-4
default configuration
802.1x 11-38
auto-QoS 40-24
banners 7-10
BGP 44-47
booting 4-18
CDP 30-2
DHCP 26-8
DHCP option 82 26-8
DHCP snooping 26-8
DHCP snooping binding database 26-9
DNS 7-9
dynamic ARP inspection 27-5
EIGRP 44-39
EtherChannel 42-11
Ethernet interfaces 15-30
fallback bridging 54-3
Flex Links 25-8
HSRP 46-5
IEEE 802.1Q tunneling 20-4
IGMP 51-39
IGMP filtering 28-24
IGMP snooping 28-7, 29-6
IGMP throttling 28-25
initial switch information 4-3
IP addressing, IP routing 44-6
IP multicast routing 51-11
IP SLAs 47-6
IP source guard 26-18
IPv6 45-16
IS-IS 44-68
Layer 2 interfaces 15-30
Layer 2 protocol tunneling 20-12
LLDP 32-5
MAC address table 7-14
MAC address-table move update 25-8
MSDP 53-4
MSTP 22-14
multi-VRF CE 44-79
MVR 28-20
optional spanning-tree configuration 23-12
OSPF 44-28
password and privilege level 10-2
PIM 51-11
private VLANs 19-6
RADIUS 10-27
REP 24-7
RIP 44-21
RMON 35-3
RSPAN 34-12
SDM template 8-5
SNMP 37-6
SPAN 34-12
SSL 10-51
standard QoS 40-37
STP 21-13
switch stacks 5-24
system message logging 36-4
system name and prompt 7-8
TACACS+ 10-13
UDLD 33-4
VLAN, Layer 2 Ethernet interfaces 16-17
VLANs 16-7
VMPS 16-27
voice VLAN 18-3
VTP 17-9
WCCP 50-5
default gateway 4-15, 44-13
default networks 44-95
default router preference
See DRP
default routes 44-95
default routing 44-3
default web-based authentication configuration
802.1X 13-9
deleting VLANs 16-9
denial-of-service attack 31-1
description command 15-39
designing your network, examples 1-23
desktop template 5-11
destination-IP address-based forwarding, EtherChannel 42-9
destination-MAC address forwarding, EtherChannel 42-9
detecting indirect link failures, STP 23-8
device discovery protocol 30-1, 32-1
device manager
benefits 1-2
described 1-3, 1-6
in-band management 1-8
device sensor
configuring 11-54
DHCP
Cisco IOS server database
configuring 26-14
default configuration 26-9
described 26-6
DHCP for IPv6
See DHCPv6
enabling
relay agent 26-11
server 26-10
DHCP-based autoconfiguration
client request message exchange 4-4
configuring
client side 4-4
DNS 4-8
relay device 4-8
server side 4-7
server-side 26-10
TFTP server 4-7
example 4-10
lease options
for IP address information 4-7
for receiving the configuration file 4-7
overview 4-3
relationship to BOOTP 4-4
relay support 1-7, 1-17
support for 1-7
DHCP-based autoconfiguration and image update
configuring 4-11 to 4-14
understanding 4-5 to 4-6
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP object tracking, configuring primary interface 49-11
DHCP option 82
circuit ID suboption 26-5
configuration guidelines 26-9
default configuration 26-8
displaying 26-16
forwarding address, specifying 26-11
helper address 26-11
overview 26-3
packet format, suboption
circuit ID 26-5
remote ID 26-5
remote ID suboption 26-5
DHCP server port-based address allocation
configuration guidelines 26-27
default configuration 26-27
described 26-26
displaying 26-29, 27-12
enabling 26-27
reserved addresses 26-28
DHCP snooping
accepting untrusted packets form edge switch 26-3, 26-13
and private VLANs 26-14
binding database
See DHCP snooping binding database
configuration guidelines 26-9
default configuration 26-8
message exchange process 26-4
option 82 data insertion 26-3
trusted interface 26-2
untrusted interface 26-2
untrusted messages 26-2
DHCP snooping binding database
adding bindings 26-15
binding file
format 26-7
location 26-6
bindings 26-6
clearing agent statistics 26-15
configuration guidelines 26-9
configuring 26-15
default configuration 26-8, 26-9
deleting
binding file 26-15
bindings 26-15
database agent 26-15
described 26-6
enabling 26-15
entry 26-6
renewing database 26-15
resetting
delay value 26-15
timeout value 26-15
DHCP snooping binding table
See DHCP snooping binding database
DHCPv6
configuration guidelines 45-27
default configuration 45-27
described 45-10
enabling client function 45-29
enabling DHCPv6 server function 45-27
diagnostic schedule command 56-2
Differentiated Services architecture, QoS 40-2
Differentiated Services Code Point 40-2
Diffusing Update Algorithm (DUAL) 44-37
directed unicast requests 1-7
directories
changing A-4
creating and removing A-5
displaying the working A-4
discovery, clusters
See automatic discovery
Distance Vector Multicast Routing Protocol
See DVMRP
distance-vector protocols 44-3
distribute-list command 44-104
DNS
and DHCP-based autoconfiguration 4-8
default configuration 7-9
displaying the configuration 7-10
in IPv6 45-4
overview 7-8
setting up 7-9
support for 1-7
DNS-based SSM mapping 51-18, 51-20
domain names
DNS 7-8
VTP 17-9
Domain Name System
See DNS
domains, ISO IGRP routing 44-67
dot1q-tunnel switchport mode 16-16
double-tagged packets
IEEE 802.1Q tunneling 20-2
Layer 2 protocol tunneling 20-11
downloadable ACL 11-18, 11-20, 11-71
downloading
configuration files
preparing A-11, A-14, A-17
reasons for A-9
using FTP A-14
using RCP A-18
using TFTP A-12
image files
deleting old image A-30
preparing A-28, A-31, A-36
reasons for A-25
using CMS 1-3
using FTP A-32
using HTTP 1-3, A-25
using RCP A-37
using TFTP A-28
using the device manager or Network Assistant A-25
drop threshold for Layer 2 protocol packets 20-12
DRP
configuring 45-24
described 45-9
IPv6 45-9
DSCP 1-15, 40-2
DSCP input queue threshold map for QoS 40-18
DSCP output queue threshold map for QoS 40-21
DSCP-to-CoS map for QoS 40-76
DSCP-to-DSCP-mutation map for QoS 40-77
DSCP transparency 40-46
DTP 1-10, 16-15
dual-action detection 42-6
DUAL finite state machine, EIGRP 44-38
dual IPv4 and IPv6 templates 8-3, 45-10
dual protocol stacks
IPv4 and IPv6 45-10
SDM templates supporting 45-10
DVMRP
autosummarization
configuring a summary address 51-59
disabling 51-61
connecting PIM domain to DVMRP router 51-51
enabling unicast routing 51-54
interoperability
with Cisco devices 51-49
with Cisco IOS software 51-9
mrinfo requests, responding to 51-54
neighbors
advertising the default route to 51-53
discovery with Probe messages 51-49
displaying information 51-54
prevent peering with nonpruning 51-57
rejecting nonpruning 51-55
overview 51-9
routes
adding a metric offset 51-62
advertising all 51-61
advertising the default route to neighbors 51-53
caching DVMRP routes learned in report messages 51-55
changing the threshold for syslog messages 51-58
favoring one over another 51-62
limiting the number injected into MBONE 51-58
limiting unicast route advertisements 51-49
routing table 51-9
source distribution tree, building 51-9
support for 1-17
tunnels
configuring 51-51
displaying neighbor information 51-54
dynamic access ports
characteristics 16-3
configuring 16-28
defined 15-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 27-1
ARP requests, described 27-1
ARP spoofing attack 27-1
clearing
log buffer 27-15
statistics 27-15
configuration guidelines 27-6
configuring
ACLs for non-DHCP environments 27-9
in DHCP environments 27-7
log buffer 27-13
rate limit for incoming ARP packets 27-4, 27-10
default configuration 27-5
denial-of-service attacks, preventing 27-10
described 27-1
DHCP snooping binding database 27-2
displaying
statistics 27-15
error-disabled state for exceeding rate limit 27-4
function of 27-2
interface trust states 27-3
log buffer
clearing 27-15
configuring 27-13
logging of dropped packets, described 27-5
man-in-the middle attack, described 27-2
network security issues and interface trust states 27-3
priority of ARP ACLs and DHCP snooping entries 27-4
rate limiting of ARP packets
configuring 27-10
described 27-4
error-disabled state 27-4
statistics
clearing 27-15
displaying 27-15
validation checks, performing 27-12
dynamic auto trunking mode 16-16
dynamic desirable trunking mode 16-16
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 16-26
reconfirming 16-29
troubleshooting 16-31
types of connections 16-29
dynamic routing 44-3
ISO CLNS 44-66
Dynamic Trunking Protocol
See DTP
E
EAC 14-2
EBGP 44-46
editing features
enabling and disabling 2-6
keystrokes used 2-7
wrapped lines 2-8
EEM 3.2 38-5
EIGRP
authentication 44-43
components 44-38
configuring 44-41
default configuration 44-39
definition 44-37
interface parameters, configuring 44-42
monitoring 44-45
stub routing 44-44
support for 1-16
EIGRP IPv6 45-12
elections
See stack master
ELIN location 32-3
embedded event manager
3.2 38-5
actions 38-4
configuring 38-1, 38-6
displaying information 38-8
environmental variables 38-5
event detectors 38-3
policies 38-4
registering and defining an applet 38-6
registering and defining a TCL script 38-7
understanding 38-1
enable password 10-3
enable secret password 10-3
Enable the FIPS mode 4-25
encryption, CipherSuite 10-50
encryption for passwords 10-3
encryption keying 12-2
encryption keys, MKA 12-2
Endpoint Admission Control (EAC) 14-2
Enhanced IGRP
See EIGRP
enhanced object tracking
backup static routing 49-12
defined 49-1
DHCP primary interface 49-11
HSRP 49-7
IP routing state 49-2
IP SLAs 49-9
line-protocol state 49-2
network monitoring with IP SLAs 49-11
routing policy, configuring 49-12
static route primary interface 49-10
tracked lists 49-3
enhanced object tracking static routing 49-10
environmental variables, embedded event manager 38-5
environment variables, function of 4-22
equal-cost routing 1-16, 44-93
error-disabled state, BPDU 23-2
error messages during command entry 2-4
EtherChannel
automatic creation of 42-5, 42-7
channel groups
binding physical and logical interfaces 42-4
numbering of 42-4
configuration guidelines 42-12
configuring
Layer 2 interfaces 42-13
Layer 3 physical interfaces 42-16
Layer 3 port-channel logical interfaces 42-15
default configuration 42-11
described 42-2
displaying status 42-22
forwarding methods 42-8, 42-18
IEEE 802.3ad, described 42-7
interaction
with STP 42-12
with VLANs 42-12
LACP
described 42-7
displaying status 42-22
hot-standby ports 42-20
interaction with other features 42-8
modes 42-7
port priority 42-22
system priority 42-21
Layer 3 interface 44-5
load balancing 42-8, 42-18
logical interfaces, described 42-4
PAgP
aggregate-port learners 42-19
described 42-5
displaying status 42-22
interaction with other features 42-7
interaction with virtual switches 42-6
learn method and priority configuration 42-19
modes 42-6
support for 1-5
with dual-action detection 42-6
port-channel interfaces
described 42-4
numbering of 42-4
port groups 15-6
stack changes, effects of 42-10
support for 1-5
EtherChannel guard
described 23-10
disabling 23-17
enabling 23-17
Ethernet management port
active link 15-27
and routing 15-27
and routing protocols 15-27
and TFTP 15-29
configuring 15-29
connecting to 2-10
default setting 15-27
described 15-26
for network management 15-26
specifying 15-29
supported features 15-28
unsupported features 15-29
Ethernet management port, internal
and routing 15-27
and routing protocols 15-27
unsupported features 15-29
Ethernet VLANs
adding 16-8
defaults and ranges 16-7
modifying 16-8
EUI 45-4
event detectors, embedded event manager 38-3
events, RMON 35-3
examples
network configuration 1-23
expedite queue for QoS 40-89
Express Setup 1-2
See also getting started guide
extended crashinfo file 55-24
extended-range VLANs
configuration guidelines 16-11
configuring 16-10
creating 16-12
creating with an internal VLAN ID 16-13
defined 16-1
extended system ID
MSTP 22-18
STP 21-5, 21-17
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 11-2
external BGP
See EBGP
external neighbors, BGP 44-50
F
Fa0 port
See Ethernet management port
failover support 1-9
fallback bridging
and protected ports 54-4
bridge groups
creating 54-4
described 54-2
function of 54-2
number supported 54-4
removing 54-5
configuration guidelines 54-4
connecting interfaces with 15-15
default configuration 54-3
described 54-1
frame forwarding
flooding packets 54-2
forwarding packets 54-2
overview 54-1
protocol, unsupported 54-4
stack changes, effects of 54-3
STP
disabling on an interface 54-9
forward-delay interval 54-8
hello BPDU interval 54-8
interface priority 54-6
keepalive messages 21-2
maximum-idle interval 54-9
path cost 54-7
VLAN-bridge spanning-tree priority 54-6
VLAN-bridge STP 54-2
support for 1-16
SVIs and routed ports 54-1
unsupported protocols 54-4
VLAN-bridge STP 21-12
Fast Convergence 25-3
fastethernet0 port
See Ethernet management port
Fast Uplink Transition Protocol 23-6
features, incompatible 31-12
FIB 44-92
fiber-optic, detecting unidirectional links 33-1
files
basic crashinfo
description 55-25
location 55-25
copying A-5
crashinfo, description 55-24
deleting A-6
displaying the contents of A-8
extended crashinfo
description 55-25
location 55-25
tar
creating A-7
displaying the contents of A-7
extracting A-8
image file format A-26
file system
displaying available file systems A-2
displaying file information A-3
local file system names A-1
network file system names A-5
setting the default A-3
filtering
in a VLAN 39-32
IPv6 traffic 41-4, 41-7
non-IP traffic 39-29
show and more command output 2-9
filtering show and more command output 2-9
filters, IP
See ACLs, IP
FIPS 140-2 1-11
flash device, number of A-1
flexible authentication ordering
configuring 11-74
overview 11-31
Flexible NetFlow
components 48-1
configuring a flow monitor 48-6
configuring flow records 48-3
configuring the exported 48-3
configuring the exporter 48-5
interface configuration 48-7
purpose 48-1
sampling 48-9
unsupported features 48-2
Flex Link Multicast Fast Convergence 25-3
Flex Links
configuring 25-8, 25-9
configuring preferred VLAN 25-11
configuring VLAN load balancing 25-10
default configuration 25-8
description 25-1
link load balancing 25-2
monitoring 25-14
VLANs 25-2
flooded traffic, blocking 31-8
flow-based packet classification 1-15
flowcharts
QoS classification 40-7
QoS egress queueing and scheduling 40-19
QoS ingress queueing and scheduling 40-16
QoS policing and marking 40-11
flowcontrol
configuring 15-34
described 15-33
forward-delay time
MSTP 22-24
STP 21-24
Forwarding Information Base
See FIB
forwarding nonroutable protocols 54-1
FTP
configuration files
downloading A-14
overview A-13
preparing the server A-14
uploading A-16
image files
deleting old image A-34
downloading A-32
preparing the server A-31
uploading A-34
G
general query 25-5
Generating IGMP Reports 25-3
get-next-request operation 37-4
get-request operation 37-4
Gigabit modules
See SFPs
global leave, IGMP 28-13
guest VLAN and IEEE 802.1x 11-21
guide mode 1-3
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces 15-42
hello time
MSTP 22-23
STP 21-23
help, for the command line 2-3
hierarchical policy maps 40-9
configuration guidelines 40-40
configuring 40-63
described 40-12
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 36-10
host modes, MACsec 12-4
host names in clusters 6-13
host ports
configuring 19-11
kinds of 19-2
hosts, limit on dynamic ports 16-31
Hot Standby Router Protocol
See HSRP
HP OpenView 1-6
HSRP
authentication string 46-10
automatic cluster recovery 6-12
binding to cluster group 46-12
cluster standby group considerations 6-11
command-switch redundancy 1-1, 1-2, 1-9
configuring 46-5
default configuration 46-5
definition 46-1
guidelines 46-6
monitoring 46-13
object tracking 49-7
overview 46-1
priority 46-8
routing redundancy 1-16
support for ICMP redirect messages 46-12
switch stack considerations 46-5
timers 46-10
tracking 46-8
See also clusters, cluster standby group, and standby command switch
HSRP for IPv6
configuring 45-37
guidelines 45-36
HTTP(S) Over IPv6 45-13
HTTP over SSL
see HTTPS
HTTPS
configuring 10-52
described 10-48
self-signed certificate 10-49
HTTP secure server 10-48
I
IBPG 44-46
ICMP
IPv6 45-4
redirect messages 44-13
support for 1-17
time-exceeded messages 55-18
traceroute and 55-18
unreachable messages 39-22
unreachable messages and IPv6 41-4
unreachables and ACLs 39-23
ICMP Echo operation
configuring 47-11
IP SLAs 47-11
ICMP ping
executing 55-15
overview 55-15
ICMP Router Discovery Protocol
See IRDP
ICMPv6 45-4
IDS appliances
and ingress RSPAN 34-22
and ingress SPAN 34-15
IEEE 802.1D
See STP
IEEE 802.1p 18-1
IEEE 802.1Q
and trunk ports 15-4
configuration limitations 16-17
encapsulation 16-15
native VLAN for untagged traffic 16-21
tunneling
compatibility with other features 20-6
defaults 20-4
described 20-1
tunnel ports with other features 20-6
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3af
See PoE
IEEE 802.3x flow control 15-33
ifIndex values, SNMP 37-5
IFS 1-7
IGMP
configurable leave timer
described 28-6
enabling 28-11
configuring the switch
as a member of a group 51-39
statically connected member 51-44
controlling access to groups 51-40
default configuration 51-39
fast switching 51-44
flooded multicast traffic
controlling the length of time 28-12
disabling on an interface 28-13
global leave 28-13
query solicitation 28-13
recovering from flood mode 28-13
host-query interval, modifying 51-42
joining multicast group 28-3
join messages 28-3
leave processing, enabling 28-11, 29-9
leaving multicast group 28-5
multicast reachability 51-39
overview 51-3
queries 28-4
report suppression
described 28-6
disabling 28-16, 29-11
supported versions 28-3
support for 1-5
Version 1
changing to Version 2 51-41
described 51-3
Version 2
changing to Version 1 51-41
described 51-3
maximum query response time value 51-43
pruning groups 51-43
query timeout value 51-42
IGMP filtering
configuring 28-25
default configuration 28-24
described 28-24
support for 1-5
IGMP groups
configuring filtering 28-27
setting the maximum number 28-27
IGMP helper 51-6
IGMP Immediate Leave
configuration guidelines 28-11
described 28-6
enabling 28-11
IGMP profile
applying 28-26
configuration mode 28-25
configuring 28-25
IGMP snooping
and address aliasing 28-2
and stack changes 28-7
configuring 28-7
default configuration 28-7, 29-6
definition 28-2
enabling and disabling 28-8, 29-7
global configuration 28-8
Immediate Leave 28-6
in the switch stack 28-7
method 28-8
monitoring 28-16, 29-12
querier
configuration guidelines 28-14
configuring 28-14
supported versions 28-3
support for 1-5
VLAN configuration 28-8
IGMP throttling
configuring 28-27
default configuration 28-25
described 28-24
displaying action 28-29
IGP 44-27
Immediate Leave, IGMP
described 28-6
enabling 29-9
inaccessible authentication bypass
802.1x 11-23
support for multiauth ports 11-23
initial configuration
defaults 1-20
Express Setup 1-2
interface
number 15-20
range macros 15-24
interface command 15-20 to 15-21
interface configuration
REP 24-9
interfaces
auto-MDIX, configuring 15-34
configuring
procedure 15-21
counters, clearing 15-55
default configuration 15-30
described 15-39
descriptive name, adding 15-39
displaying information about 15-54
duplex and speed configuration guidelines 15-31
flow control 15-33
management 1-6
monitoring 15-53
naming 15-39
physical, identifying 15-20
range of 15-22
restarting 15-55, 15-56
shutting down 15-55
speed and duplex, configuring 15-32
status 15-53
supported 15-20
types of 15-1
interfaces range macro command 15-24
interface types 15-20
Interior Gateway Protocol
See IGP
internal BGP
See IBGP
internal neighbors, BGP 44-50
internal power supplies
See power supplies
Internet Control Message Protocol
See ICMP
Internet Group Management Protocol
See IGMP
Internet Protocol version 6
See IPv6
Inter-Switch Link
See ISL
inter-VLAN routing 1-16, 44-2
Intrusion Detection System
See IDS appliances
inventory management TLV 32-3
IP ACLs
for QoS classification 40-7
implicit deny 39-11, 39-15
implicit masks 39-11
named 39-16
undefined 39-23
IP addresses
128-bit 45-2
candidate or member 6-4, 6-13
classes of 44-7
cluster access 6-2
command switch 6-3, 6-11, 6-13
default configuration 44-6
discovering 7-24
for IP routing 44-6
IPv6 45-2
MAC address association 44-10
monitoring 44-19
redundant clusters 6-11
standby command switch 6-11, 6-13
See also IP information
IP base feature set 1-1, 1-2
IP base software image 1-1
IP broadcast address 44-17
ip cef distributed command 44-92
IP directed broadcasts 44-15
ip igmp profile command 28-25
IP information
assigned
manually 4-15
through DHCP-based autoconfiguration 4-3
default configuration 4-3
IP multicast routing
addresses
all-hosts 51-3
all-multicast-routers 51-3
host group address range 51-3
administratively-scoped boundaries, described 51-47
and IGMP snooping 28-2
Auto-RP
adding to an existing sparse-mode cloud 51-26
benefits of 51-26
configuration guidelines 51-12
filtering incoming RP announcement messages 51-28
overview 51-7
preventing candidate RP spoofing 51-28
preventing join messages to false RPs 51-28
setting up in a new internetwork 51-26
using with BSR 51-34
bootstrap router
configuration guidelines 51-12
configuring candidate BSRs 51-32
configuring candidate RPs 51-33
defining the IP multicast boundary 51-31
defining the PIM domain border 51-30
overview 51-7
using with Auto-RP 51-34
Cisco implementation 51-2
configuring
basic multicast routing 51-12
IP multicast boundary 51-47
default configuration 51-11
enabling
PIM mode 51-13
group-to-RP mappings
Auto-RP 51-7
BSR 51-7
MBONE
described 51-46
enabling sdr listener support 51-46
limiting DVMRP routes advertised 51-58
limiting sdr cache entry lifetime 51-46
SAP packets for conference session announcement 51-46
Session Directory (sdr) tool, described 51-46
multicast forwarding, described 51-8
PIMv1 and PIMv2 interoperability 51-11
protocol interaction 51-2
reverse path check (RPF) 51-8
RP
assigning manually 51-24
configuring Auto-RP 51-26
configuring PIMv2 BSR 51-30
monitoring mapping information 51-35
using Auto-RP and BSR 51-34
stacking
stack master functions 51-10
stack member functions 51-10
statistics, displaying system and network 51-63
See also CGMP
See also DVMRP
See also IGMP
See also PIM
IP phones
and QoS 18-1
automatic classification and queueing 40-23
configuring 18-4
ensuring port security with QoS 40-45
trusted boundary for QoS 40-45
IP Port Security for Static Hosts
on a Layer 2 access port 26-20
on a PVLAN host port 26-24
IP precedence 40-2
IP-precedence-to-DSCP map for QoS 40-74
IP protocols
routing 1-16
IP routes, monitoring 44-106
IP routing
connecting interfaces with 15-15
disabling 44-20
enabling 44-20
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 47-1
IP services feature set 1-2
IP SLAs
benefits 47-2
configuration guidelines 47-6
configuring object tracking 49-9
Control Protocol 47-4
default configuration 47-6
definition 47-1
ICMP echo operation 47-11
measuring network performance 47-3
monitoring 47-13
multioperations scheduling 47-5
object tracking 49-9
operation 47-3
reachability tracking 49-9
responder
described 47-4
enabling 47-7
response time 47-4
scheduling 47-5
SNMP support 47-2
supported metrics 47-2
threshold monitoring 47-6
track object monitoring agent, configuring 49-11
track state 49-9
UDP jitter operation 47-8
IP source guard
and 802.1x 26-19
and DHCP snooping 26-16
and port security 26-19
and private VLANs 26-19
and routed ports 26-18
and TCAM entries 26-19
and trunk interfaces 26-18
and VRF 26-19
binding configuration
automatic 26-16
manual 26-16
binding table 26-16
configuration guidelines 26-18
default configuration 26-18
described 26-16
disabling 26-20
displaying
bindings 26-26
configuration 26-26
enabling 26-19, 26-21
filtering
source IP address 26-17
source IP and MAC address 26-17
source IP address filtering 26-17
source IP and MAC address filtering 26-17
static bindings
adding 26-19, 26-21
deleting 26-20
static hosts 26-21
IP traceroute
executing 55-18
overview 55-18
IP unicast routing
address resolution 44-10
administrative distances 44-94, 44-104
ARP 44-10
assigning IP addresses to Layer 3 interfaces 44-7
authentication keys 44-105
broadcast
address 44-17
flooding 44-18
packets 44-15
storms 44-15
classless routing 44-8
configuring static routes 44-94
default
addressing configuration 44-6
gateways 44-13
networks 44-95
routes 44-95
routing 44-3
directed broadcasts 44-15
disabling 44-20
dynamic routing 44-3
enabling 44-20
EtherChannel Layer 3 interface 44-5
IGP 44-27
inter-VLAN 44-2
IP addressing
classes 44-7
configuring 44-6
IPv6 45-3
IRDP 44-13
Layer 3 interfaces 44-5
MAC address and IP address 44-10
passive interfaces 44-103
protocols
distance-vector 44-3
dynamic 44-3
link-state 44-3
proxy ARP 44-10
redistribution 44-96
reverse address resolution 44-10
routed ports 44-5
static routing 44-3
steps to configure 44-5
subnet mask 44-7
subnet zero 44-8
supernet 44-8
UDP 44-16
unicast reverse path forwarding 1-17, 44-91
with SVIs 44-5
See also BGP
See also EIGRP
See also OSPF
See also RIP
IPv4 ACLs
applying to interfaces 39-21
extended, creating 39-11
named 39-16
standard, creating 39-10
IPv6
ACLs
displaying 41-8
limitations 41-3
matching criteria 41-3
port 41-2
precedence 41-2
router 41-2
supported 41-2
addresses 45-2
address formats 45-2
and switch stacks 45-15
applications 45-9
assigning address 45-17
autoconfiguration 45-9
CEFv6 45-30
default configuration 45-16
default router preference (DRP) 45-9
defined 45-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 45-12
EIGRP IPv6 Commands 45-13
Router ID 45-12
feature limitations 45-14
features not supported 45-14
forwarding 45-17
ICMP 45-4
monitoring 45-39
neighbor discovery 45-4
OSPF 45-11
path MTU discovery 45-4
SDM templates 8-3, 29-1, 41-1
stack master functions 45-15
Stateless Autoconfiguration 45-9
supported features 45-3
switch limitations 45-14
understanding static routes 45-11
IPv6 traffic, filtering 41-4
IRDP
configuring 44-14
definition 44-13
support for 1-17
IS-IS
addresses 44-67
area routing 44-67
default configuration 44-68
monitoring 44-76
show commands 44-76
system routing 44-67
ISL
and IPv6 45-3
and trunk ports 15-4
encapsulation 1-10, 16-15
trunking with IEEE 802.1 tunneling 20-5
ISO CLNS
clear commands 44-76
dynamic routing protocols 44-66
monitoring 44-76
NETs 44-66
NSAPs 44-66
OSI standard 44-66
ISO IGRP
area routing 44-67
system routing 44-67
isolated port 19-2
isolated VLANs 19-2, 19-3
J
join messages, IGMP 28-3
K
KDC
described 10-39
See also Kerberos
keepalive messages 21-2
Kerberos
authenticating to
boundary switch 10-41
KDC 10-41
network services 10-42
configuration examples 10-39
configuring 10-42
credentials 10-39
described 10-39
KDC 10-39
operation 10-41
realm 10-40
server 10-41
support for 1-13
switch as trusted third party 10-39
terms 10-40
TGT 10-41
tickets 10-39
key distribution center
See KDC
L
l2protocol-tunnel command 20-14
LACP
Layer 2 protocol tunneling 20-10
See EtherChannel
Layer 2 frames, classification with CoS 40-2
Layer 2 interfaces, default configuration 15-30
Layer 2 protocol tunneling
configuring 20-11
configuring for EtherChannels 20-15
default configuration 20-12
defined 20-8
guidelines 20-13
Layer 2 traceroute
and ARP 55-17
and CDP 55-17
broadcast traffic 55-16
described 55-16
IP addresses and subnets 55-17
MAC addresses and VLANs 55-17
multicast traffic 55-17
multiple devices on a port 55-17
unicast traffic 55-16
usage guidelines 55-17
Layer 3 features 1-16
Layer 3 interfaces
assigning IP addresses to 44-7
assigning IPv4 and IPv6 addresses to 45-25
assigning IPv6 addresses to 45-17
changing from Layer 2 mode 44-82
types of 44-5
Layer 3 packets, classification methods 40-2
LDAP 3-2
Leaking IGMP Reports 25-4
LEDs, switch
See hardware installation guide
Lightweight Directory Access Protocol
See LDAP
Link Aggregation Control Protocol
See EtherChannel
Link Failure, detecting unidirectional 22-7
link integrity, verifying with REP 24-3
Link Layer Discovery Protocol
See CDP
link local unicast addresses 45-4
link redundancy
See Flex Links
links, unidirectional 33-1
link state advertisements (LSAs) 44-33
link-state protocols 44-3
link-state tracking
configuring 42-25
described 42-23
LLDP
configuring 32-5
characteristics 32-6
default configuration 32-5
enabling 32-6
monitoring and maintaining 32-11
overview 32-1
supported TLVs 32-2
switch stack considerations 32-2
transmission timer and holdtime, setting 32-6
LLDP-MED
configuring
procedures 32-5
TLVs 32-7
monitoring and maintaining 32-11
overview 32-1, 32-2
supported TLVs 32-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing 46-4
local SPAN 34-2
location TLV 32-3
logging messages, ACL 39-9
login authentication
with RADIUS 10-29
with TACACS+ 10-14
login banners 7-10
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-35
loop guard
described 23-11
enabling 23-18
support for 1-9
LRE profiles, considerations in switch clusters 6-16
M
MAC/PHY configuration status TLV 32-2
MAC addresses
aging time 7-14
and VLAN association 7-13
building the address table 7-13
default configuration 7-14
disabling learning on a VLAN 7-23
discovering 7-24
displaying 7-23
displaying in the IP source binding table 26-26
dynamic
learning 7-13
removing 7-15
in ACLs 39-29
IP address association 44-10
static
adding 7-20
allowing 7-22, 7-23
characteristics of 7-20
dropping 7-21
removing 7-20
MAC address learning 1-7
MAC address learning, disabling on a VLAN 7-23
MAC address notification, support for 1-18
MAC address-table move update
configuration guidelines 25-8
configuring 25-12
default configuration 25-8
description 25-6
monitoring 25-14
MAC address-to-VLAN mapping 16-26
MAC authentication bypass 11-15
MAC extended access lists
applying to Layer 2 interfaces 39-31
configuring for QoS 40-53
creating 39-29
defined 39-29
for QoS classification 40-5
MACSec 14-2
802.1AE Tagging 12-9
MACsec 12-2
and stacking 12-3
configuring on an interface 12-7
defined 12-1, 12-2
switch-to-switch security 12-1
MACsec Key Agreement Protocol
See MKA
magic packet 11-28
manageability features 1-7
management access
in-band
browser session 1-8
CLI session 1-8
device manager 1-8
SNMP 1-8
out-of-band console port connection 1-8
management address TLV 32-2
management options
CLI 2-1
clustering 1-4
CNS 3-1
Network Assistant 1-3
overview 1-6
switch stacks 1-3
management VLAN
considerations in switch clusters 6-7
discovery through different management VLANs 6-7
manual preemption, REP, configuring 24-13
mapping tables for QoS
configuring
CoS-to-DSCP 40-73
DSCP 40-73
DSCP-to-CoS 40-76
DSCP-to-DSCP-mutation 40-77
IP-precedence-to-DSCP 40-74
policed-DSCP 40-75
described 40-13
marking
action in policy map 40-58
action with aggregate policers 40-71
described 40-4, 40-9
matching IPv4 ACLs 39-8
maximum aging time
MSTP 22-24
STP 21-24
maximum hop count, MSTP 22-25
maximum number of allowed devices, port-based authentication 11-41
maximum-paths command 44-54, 44-93
MDA
configuration guidelines 11-31 to 11-32
described 1-12, 11-31
exceptions with authentication process 11-4
Media Access Control Security
See MACsec
membership mode, VLAN port 16-3
member switch
automatic discovery 6-5
defined 6-2
managing 6-16
passwords 6-13
recovering from lost connectivity 55-12
requirements 6-4
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 7-10
metrics, in BGP 44-54
metric translations, between routing protocols 44-99
metro tags 20-2
MHSRP 46-4
MIBs
overview 37-1
SNMP interaction with 37-4
mini-point-of-presence
See POP
mini-type USB console port 15-16
mirroring traffic for analysis 34-1
mismatches, autonegotiation 55-13
MKA
configuring policies 12-6
defined 12-2
policies 12-2
replay protection 12-3
statistics 12-5
virtual ports 12-3
module number 15-20
monitoring
access groups 39-44
BGP 44-65
cables for unidirectional links 33-1
CDP 30-5
CEF 44-92
EIGRP 44-45
fallback bridging 54-10
features 1-18
Flex Links 25-14
HSRP 46-13
IEEE 802.1Q tunneling 20-19
IGMP
snooping 28-16, 29-12
interfaces 15-53
IP
address tables 44-19
multicast routing 51-63
routes 44-106
IP SLAs operations 47-13
IPv4 ACL configuration 39-44
IPv6 45-39
IPv6 ACL configuration 41-8
IS-IS 44-76
ISO CLNS 44-76
Layer 2 protocol tunneling 20-19
MAC address-table move update 25-14
MSDP peers 53-19
multicast router interfaces 28-17
multi-VRF CE 44-90
network traffic for analysis with probe 34-2
object tracking 49-12
OSPF 44-37
private VLANs 19-15
REP 24-14
RP mapping information 51-35
SFP status 55-14
source-active messages 53-19
speed and duplex mode 15-33
SSM mapping 51-22
traffic flowing among switches 35-1
traffic suppression 31-21
tunneling 20-19
VLAN
filters 39-45
maps 39-45
VLANs 16-14
VMPS 16-30
VTP 17-18
mrouter Port 25-3
mrouter port 25-5
MSDP
benefits of 53-3
clearing MSDP connections and statistics 53-19
controlling source information
forwarded by switch 53-12
originated by switch 53-8
received by switch 53-14
default configuration 53-4
dense-mode regions
sending SA messages to 53-17
specifying the originating address 53-18
filtering
incoming SA messages 53-14
SA messages to a peer 53-12
SA requests from a peer 53-11
join latency, defined 53-6
meshed groups
configuring 53-16
defined 53-16
originating address, changing 53-18
overview 53-1
peer-RPF flooding 53-2
peers
configuring a default 53-4
monitoring 53-19
peering relationship, overview 53-1
requesting source information from 53-8
shutting down 53-16
source-active messages
caching 53-6
defined 53-2
filtering from a peer 53-11
filtering incoming 53-14
filtering to a peer 53-12
limiting data with TTL 53-14
restricting advertised sources 53-9
support for 1-17
MSTP
boundary ports
configuration guidelines 22-16
described 22-6
BPDU filtering
described 23-3
enabling 23-14
BPDU guard
described 23-2
enabling 23-13
CIST, described 22-3
CIST regional root 22-3
CIST root 22-5
configuration guidelines 22-15, 23-12
configuring
forward-delay time 22-24
hello time 22-23
link type for rapid convergence 22-25
maximum aging time 22-24
maximum hop count 22-25
MST region 22-16
neighbor type 22-26
path cost 22-21
port priority 22-20
root switch 22-18
secondary root switch 22-19
switch priority 22-22
CST
defined 22-3
operations between regions 22-3
default configuration 22-14
default optional feature configuration 23-12
displaying status 22-27
enabling the mode 22-16
EtherChannel guard
described 23-10
enabling 23-17
extended system ID
effects on root switch 22-18
effects on secondary root switch 22-19
unexpected behavior 22-18
IEEE 802.1s
implementation 22-6
port role naming change 22-6
terminology 22-5
instances supported 21-10
interface state, blocking to forwarding 23-2
interoperability and compatibility among modes 21-11
interoperability with IEEE 802.1D
described 22-8
restarting migration process 22-26
IST
defined 22-2
master 22-3
operations within a region 22-3
loop guard
described 23-11
enabling 23-18
mapping VLANs to MST instance 22-17
MST region
CIST 22-3
configuring 22-16
described 22-2
hop-count mechanism 22-5
IST 22-2
supported spanning-tree instances 22-2
optional features supported 1-9
overview 22-2
Port Fast
described 23-2
enabling 23-12
preventing root switch selection 23-10
root guard
described 23-10
enabling 23-18
root switch
configuring 22-18
effects of extended system ID 22-18
unexpected behavior 22-18
shutdown Port Fast-enabled port 23-2
stack changes, effects of 22-8
status, displaying 22-27
MTU
system 15-45
system jumbo 15-44
system routing 15-44
multiauth
support for inaccessible authentication bypass 11-23
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 28-6
joining 28-3
leaving 28-5
static joins 28-10, 29-8
multicast packets
ACLs on 39-43
blocking 31-8
multicast router interfaces, monitoring 28-17
multicast router ports, adding 28-9, 29-8
Multicast Source Discovery Protocol
See MSDP
multicast storm 31-1
multicast storm-control command 31-4
multicast television application 28-18
multicast VLAN 28-17
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multioperations scheduling, IP SLAs 47-5
multiple authentication 11-12
Multiple HSRP
See MHSRP
multiple VPN routing/forwarding in customer edge devices
See multi-VRF CE
multi-VRF CE
configuration example 44-87
configuration guidelines 44-79
configuring 44-79
default configuration 44-79
defined 44-76
displaying 44-90
monitoring 44-90
network components 44-79
packet-forwarding process 44-78
support for 1-16
MVR
and address aliasing 28-20
and IGMPv3 28-21
configuring interfaces 28-22
default configuration 28-20
described 28-17
example application 28-18
in the switch stack 28-20
modes 28-21
multicast television application 28-18
setting global parameters 28-21
support for 1-5
N
NAC
AAA down policy 1-13
critical authentication 11-23, 11-63
IEEE 802.1x authentication using a RADIUS server 11-68
IEEE 802.1x validation using RADIUS server 11-68
inaccessible authentication bypass 1-13, 11-63
Layer 2 IEEE 802.1x validation 1-13, 11-68
Layer 2 IP validation 1-13
named IPv4 ACLs 39-16
named IPv6 ACLs 41-3
NameSpace Mapper
See NSM
native VLAN
and IEEE 802.1Q tunneling 20-4
configuring 16-21
default 16-21
NDAC 12-9, 14-2
defined 12-9
MACsec 12-1
NEAT
configuring 11-69
overview 11-33
neighbor discovery, IPv6 45-4
neighbor discovery/recovery, EIGRP 44-38
neighbor offset numbers, REP 24-4
neighbors, BGP 44-60
Network Admission Control
See NAC
Network Assistant
benefits 1-2
described 1-6
downloading image files 1-3
guide mode 1-3
management options 1-3
managing switch stacks 5-3, 5-17
upgrading a switch A-25
wizards 1-3
network configuration examples
cost-effective wiring closet 1-25
high-performance wiring closet 1-26
increasing network performance 1-23
large network 1-32
long-distance, high-bandwidth transport 1-36
multidwelling network 1-35
providing network services 1-24
redundant Gigabit backbone 1-28
server aggregation and Linux server cluster 1-28
small to medium-sized network 1-30
network design
performance 1-24
services 1-24
Network Device Admission Control (NDAC) 12-9, 14-2
Network Edge Access Topology
See NEAT
network management
CDP 30-1
RMON 35-1
SNMP 37-1
network performance, measuring with IP SLAs 47-3
network policy TLV 32-2
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
configuration guidelines 40-40
configuring 40-58
described 40-10
non-IP traffic filtering 39-29
nontrunking mode 16-16
normal-range VLANs 16-4
configuration guidelines 16-5
configuring 16-4
defined 16-1
no switchport command 15-5
not-so-stubby areas
See NSSA
NSAPs, as ISO IGRP addresses 44-67
NSF Awareness
IS-IS 44-69
NSM 3-3
NSSA, OSPF 44-33
NTP
associations
defined 7-2
overview 7-2
stratum 7-2
support for 1-7
time
services 7-2
synchronizing 7-2
O
OBFL
configuring 55-27
described 55-27
displaying 55-28
object tracking
HSRP 49-7
IP SLAs 49-9
IP SLAs, configuring 49-9
monitoring 49-12
offline configuration for switch stacks 5-8
off mode, VTP 17-4
on-board failure logging
See OBFL
online diagnostics
described 56-1
overview 56-1
running tests 56-4
open1x
configuring 11-74
open1x authentication
overview 11-31
Open Shortest Path First
See OSPF
optimizing system resources 8-1
options, management 1-6
OSPF
area parameters, configuring 44-33
configuring 44-31
default configuration
metrics 44-34
route 44-34
settings 44-28
described 44-27
for IPv6 45-11
interface parameters, configuring 44-32
LSA group pacing 44-36
monitoring 44-37
router IDs 44-36
route summarization 44-34
support for 1-16
virtual links 44-34
out-of-profile markdown 1-15
P
packet modification, with QoS 40-22
PAgP
Layer 2 protocol tunneling 20-10
See EtherChannel
parallel paths, in routing tables 44-93
passive interfaces
configuring 44-103
OSPF 44-35
passwords
default configuration 10-2
disabling recovery of 10-5
encrypting 10-3
for security 1-11
in clusters 6-14
overview 10-1
recovery of 55-3
setting
enable 10-3
enable secret 10-3
Telnet 10-6
with usernames 10-6
VTP domain 17-10
path cost
MSTP 22-21
STP 21-21
path MTU discovery 45-4
payload encryption 1-1
PBR
defined 44-99
enabling 44-101
fast-switched policy-based routing 44-102
local policy-based routing 44-102
PC (passive command switch) 6-10
peers, BGP 44-60
percentage thresholds in tracked lists 49-6
performance, network design 1-23
performance features 1-4
persistent self-signed certificate 10-49
per-user ACLs and Filter-Ids 11-8
per-VLAN spanning-tree plus
See PVST+
PE to CE routing, configuring 44-86
physical ports 15-3
PIM
default configuration 51-11
dense mode
overview 51-4
rendezvous point (RP), described 51-5
RPF lookups 51-9
enabling a mode 51-13
overview 51-4
router-query message interval, modifying 51-38
shared tree and source tree, overview 51-35
shortest path tree, delaying the use of 51-37
sparse mode
join messages and shared tree 51-5
overview 51-5
prune messages 51-5
RPF lookups 51-9
stub routing
configuration guidelines 51-22
enabling 51-23
overview 51-5
support for 1-17
versions
interoperability 51-11
troubleshooting interoperability problems 51-35
v2 improvements 51-4
PIM-DVMRP, as snooping method 28-9
ping
character output description 55-16
executing 55-15
overview 55-15
PoE
auto mode 15-10
CDP with power consumption, described 15-8
CDP with power negotiation, described 15-8
Cisco intelligent power management 15-8
configuring 15-35
devices supported 15-7
high-power devices operating in low-power mode 15-8
IEEE power classification levels 15-9
monitoring 15-11
monitoring power 15-38
policing power consumption 15-38
policing power usage 15-11
power budgeting 15-37
power consumption 15-37
powered-device detection and initial power allocation 15-8
power management modes 15-10
power negotiation extensions to CDP 15-8
standards supported 15-8
static mode 15-10
troubleshooting 55-13
policed-DSCP map for QoS 40-75
policers
configuring
for each matched traffic class 40-58
for more than one traffic class 40-71
described 40-4
number of 40-41
types of 40-10
policing
described 40-4
hierarchical
See hierarchical policy maps
token-bucket algorithm 40-10
policy-based routing
See PBR
policy maps for QoS
characteristics of 40-59
described 40-8
hierarchical 40-9
hierarchical on SVIs
configuration guidelines 40-40
configuring 40-63
described 40-12
nonhierarchical on physical ports
configuration guidelines 40-40
configuring 40-58
described 40-10
POP 1-35
port ACLs
defined 39-3
types of 39-4
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 11-14
authentication server
defined 11-3, 13-2
RADIUS server 11-3
client, defined 11-3, 13-2
configuration guidelines 11-39, 13-9
configuring
802.1x authentication 11-44
guest VLAN 11-60
host mode 11-47
inaccessible authentication bypass 11-63
manual re-authentication of a client 11-49
periodic re-authentication 11-48
quiet period 11-49
RADIUS server 11-47, 13-13
RADIUS server parameters on the switch 11-46, 13-11
restricted VLAN 11-62
switch-to-client frame-retransmission number 11-50, 11-51
switch-to-client retransmission time 11-50
violation modes 11-43 to 11-44
default configuration 11-38, 13-9
described 11-1
device roles 11-3, 13-2
displaying statistics 11-76, 13-17
downloadable ACLs and redirect URLs
configuring 11-71 to 11-73, ?? to 11-73
overview 11-18 to 11-20
EAPOL-start frame 11-6
EAP-request/identity frame 11-6
EAP-response/identity frame 11-6
enabling
802.1X authentication 13-11
encapsulation 11-3
flexible authentication ordering
configuring 11-74
overview 11-31
guest VLAN
configuration guidelines 11-21, 11-22
described 11-21
host mode 11-12
inaccessible authentication bypass
configuring 11-63
described 11-23
guidelines 11-40
initiation and message exchange 11-6
magic packet 11-28
maximum number of allowed devices per port 11-41
method lists 11-44
multiple authentication 11-12
multiple-hosts mode, described 11-12
per-user ACLs
AAA authorization 11-44
configuration tasks 11-18
described 11-17
RADIUS server attributes 11-17
ports
authorization state and dot1x port-control command 11-11
authorized and unauthorized 11-10
voice VLAN 11-28
port security
described 11-28
readiness check
configuring 11-41
described 11-15, 11-41
resetting to default values 11-76
stack changes, effects of 11-11
statistics, displaying 11-76
switch
as proxy 11-3, 13-2
RADIUS client 11-3
switch supplicant
configuring 11-69
overview 11-33
user distribution
guidelines 11-27
overview 11-27
VLAN assignment
AAA authorization 11-44
characteristics 11-16
configuration tasks 11-17
described 11-16
voice aware 802.1x security
configuring 11-42
described 11-34, 11-42
voice VLAN
described 11-28
PVID 11-28
VVID 11-28
wake-on-LAN, described 11-28
port-based authentication methods, supported 11-8
port blocking 1-5, 31-7
port-channel
See EtherChannel
port description TLV 32-2
Port Fast
described 23-2
enabling 23-12
mode, spanning tree 16-27
support for 1-9
port membership modes, VLAN 16-3
port priority
MSTP 22-20
STP 21-19
ports
10-Gigabit Ethernet 15-7
access 15-3
blocking 31-7
dynamic access 16-3
protected 31-6
REP 24-6
routed 15-4
secure 31-9
static-access 16-3, 16-9
switch 15-3
trunks 16-3, 16-14
VLAN assignments 16-9
port security
aging 31-17
and other features 31-11
and private VLANs 31-18
and QoS trusted boundary 40-45
and stacking 31-18
configuration guidelines 31-11
configuring 31-13
default configuration 31-11
described 31-8
on trunk ports 31-14
sticky learning 31-9
violations 31-10
port-shutdown response, VMPS 16-26
port VLAN ID TLV 32-2
power inline consumption command 15-14
power management TLV 32-3
Power over Ethernet
See PoE
power supply
configuring 15-48
managing 15-48
preempt delay time, REP 24-5
preemption, default configuration 25-8
preemption delay, default configuration 25-8
preferential treatment of traffic
See QoS
prefix lists, BGP 44-58
preventing unauthorized access 10-1
primary edge port, REP 24-4
primary interface for object tracking, DHCP, configuring 49-11
primary interface for static routing, configuring 49-10
primary links 25-2
primary VLANs 19-1, 19-3
priority
HSRP 46-8
overriding CoS 18-6
trusting CoS 18-6
private VLAN edge ports
See protected ports
private VLANs
across multiple switches 19-4
and SDM template 19-4
and SVIs 19-5
and switch stacks 19-5
benefits of 19-1
community ports 19-2
community VLANs 19-2, 19-3
configuration guidelines 19-7, 19-8
configuration tasks 19-6
configuring 19-10
default configuration 19-6
end station access to 19-3
IP addressing 19-3
isolated port 19-2
isolated VLANs 19-2, 19-3
mapping 19-13
monitoring 19-15
ports
community 19-2
configuration guidelines 19-8
configuring host ports 19-11
configuring promiscuous ports 19-13
isolated 19-2
promiscuous 19-2
primary VLANs 19-1, 19-3
promiscuous ports 19-2
secondary VLANs 19-2
subdomains 19-1
traffic in 19-5
privilege levels
changing the default for lines 10-9
command switch 6-17
exiting 10-9
logging into 10-9
mapping on member switches 6-17
overview 10-2, 10-7
setting a command with 10-8
promiscuous ports
configuring 19-13
defined 19-2
protected ports 1-11, 31-6
protocol-dependent modules, EIGRP 44-38
Protocol-Independent Multicast Protocol
See PIM
protocol storm protection 31-19
provider edge devices 44-77
provisioning new members for a switch stack 5-8
proxy ARP
configuring 44-12
definition 44-10
with IP routing disabled 44-13
proxy reports 25-3
pruning, VTP
disabling
in VTP domain 17-16
on a port 16-21
enabling
in VTP domain 17-16
on a port 16-20
examples 17-7
overview 17-6
pruning-eligible list
changing 16-20
for VTP pruning 17-6
VLANs 17-16
PVST+
described 21-9
IEEE 802.1Q trunking interoperability 21-12
instances supported 21-10
Q
QoS
and MQC commands 40-1
auto-QoS
categorizing traffic 40-24
configuration and defaults display 40-36
configuration guidelines 40-33
described 40-23
disabling 40-35
displaying generated commands 40-35
displaying the initial configuration 40-36
effects on running configuration 40-33
egress queue defaults 40-25
list of generated commands 40-26
basic model 40-4
classification
class maps, described 40-8
defined 40-4
DSCP transparency, described 40-46
flowchart 40-7
forwarding treatment 40-3
in frames and packets 40-3
IP ACLs, described 40-7, 40-8
MAC ACLs, described 40-5, 40-8
options for IP traffic 40-6
options for non-IP traffic 40-5
policy maps, described 40-8
trust DSCP, described 40-5
trusted CoS, described 40-5
trust IP precedence, described 40-5
class maps
configuring 40-54
configuration guidelines
auto-QoS 40-33
standard QoS 40-39
configuring
aggregate policers 40-71
auto-QoS 40-23
default port CoS value 40-44
DSCP maps 40-73
DSCP transparency 40-46
DSCP trust states bordering another domain 40-47
egress queue characteristics 40-83
ingress queue characteristics 40-79
IP extended ACLs 40-50
IP standard ACLs 40-49
MAC ACLs 40-53
policy maps, hierarchical 40-63
policy maps on physical ports 40-58
port trust states within the domain 40-43
trusted boundary 40-45
default auto configuration 40-24
default standard configuration 40-37
DSCP transparency 40-46
egress queues
allocating buffer space 40-84
buffer allocation scheme, described 40-20
configuring shaped weights for SRR 40-88
configuring shared weights for SRR 40-89
described 40-4
displaying the threshold map 40-87
flowchart 40-19
mapping DSCP or CoS values 40-86
scheduling, described 40-4
setting WTD thresholds 40-84
WTD, described 40-22
enabling globally 40-42
flowcharts
classification 40-7
egress queueing and scheduling 40-19
ingress queueing and scheduling 40-16
policing and marking 40-11
implicit deny 40-8
ingress queues
allocating bandwidth 40-81
allocating buffer space 40-81
buffer and bandwidth allocation, described 40-18
configuring shared weights for SRR 40-81
configuring the priority queue 40-82
described 40-4
displaying the threshold map 40-80
flowchart 40-16
mapping DSCP or CoS values 40-80
priority queue, described 40-18
scheduling, described 40-4
setting WTD thresholds 40-80
WTD, described 40-18
IP phones
automatic classification and queueing 40-23
detection and trusted settings 40-23, 40-45
limiting bandwidth on egress interface 40-90
mapping tables
CoS-to-DSCP 40-73
DSCP-to-CoS 40-76
DSCP-to-DSCP-mutation 40-77
IP-precedence-to-DSCP 40-74
policed-DSCP 40-75
types of 40-13
marked-down actions 40-61
marking, described 40-4, 40-9
overview 40-2
packet modification 40-22
policers
configuring 40-61, 40-71
described 40-9
number of 40-41
types of 40-10
policies, attaching to an interface 40-9
policing
described 40-4, 40-9
token bucket algorithm 40-10
policy maps
characteristics of 40-59
hierarchical 40-9
hierarchical on SVIs 40-63
nonhierarchical on physical ports 40-58
QoS label, defined 40-4
queues
configuring egress characteristics 40-83
configuring ingress characteristics 40-79
high priority (expedite) 40-22, 40-89
location of 40-14
SRR, described 40-15
WTD, described 40-15
rewrites 40-22
support for 1-15
trust states
bordering another domain 40-47
described 40-5
trusted device 40-45
within the domain 40-43
quality of service
See QoS
queries, IGMP 28-4
query solicitation, IGMP 28-13
R
RADIUS
attributes
vendor-proprietary 10-36
vendor-specific 10-35
configuring
accounting 10-34
authentication 10-29
authorization 10-33
communication, global 10-27, 10-35
communication, per-server 10-27
multiple UDP ports 10-27
default configuration 10-27
defining AAA server groups 10-31
displaying the configuration 10-39
identifying the server 10-27
in clusters 6-16
limiting the services to the user 10-33
method list, defined 10-26
operation of 10-19
overview 10-18
server load balancing 10-39
suggested network environments 10-18
support for 1-13
tracking services accessed by user 10-34
RADIUS Change of Authorization 10-20
range
macro 15-24
of interfaces 15-22
rapid convergence 22-10
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 21-10
IEEE 802.1Q trunking interoperability 21-12
instances supported 21-10
Rapid Spanning Tree Protocol
See RSTP
RARP 44-10
rcommand command 6-16
RCP
configuration files
downloading A-18
overview A-17
preparing the server A-17
uploading A-19
image files
deleting old image A-38
downloading A-37
preparing the server A-36
uploading A-38
reachability, tracking IP SLAs IP host 49-9
readiness check
port-based authentication
configuring 11-41
described 11-15, 11-41
reconfirmation interval, VMPS, changing 16-29
reconfirming dynamic VLAN membership 16-29
redirect URL 11-18, 11-20, 11-71
redundancy
EtherChannel 42-3
HSRP 46-1
STP
backbone 21-9
multidrop backbone 23-5
path cost 16-24
port priority 16-22
redundant links and UplinkFast 23-15
redundant power system
See Cisco Redundant Power System 2300
reliable transport protocol, EIGRP 44-38
reloading software 4-23
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 34-3
REP
administrative VLAN 24-8
administrative VLAN, configuring 24-8
age timer 24-8
and STP 24-6
configuration guidelines 24-7
configuring interfaces 24-9
convergence 24-4
default configuration 24-7
manual preemption, configuring 24-13
monitoring 24-14
neighbor offset numbers 24-4
open segment 24-2
ports 24-6
preempt delay time 24-5
primary edge port 24-4
ring segment 24-2
secondary edge port 24-4
segments 24-1
characteristics 24-2
SNMP traps, configuring 24-13
supported interfaces 24-1
triggering VLAN load balancing 24-5
verifying link integrity 24-3
VLAN blocking 24-12
VLAN load balancing 24-4
report suppression, IGMP
described 28-6
disabling 28-16, 29-11
resequencing ACL entries 39-16
reserved addresses in DHCP pools 26-28
resets, in BGP 44-52
resetting a UDLD-shutdown interface 33-6
Resilient Ethernet Protocol
See REP
responder, IP SLAs
described 47-4
enabling 47-7
response time, measuring with IP SLAs 47-4
restricted VLAN
configuring 11-62
described 11-22
using with IEEE 802.1x 11-22
restricting access
overview 10-1
passwords and privilege levels 10-2
RADIUS 10-17
TACACS+ 10-10
retry count, VMPS, changing 16-30
reverse address resolution 44-10
Reverse Address Resolution Protocol
See RARP
RFC
1058, RIP 44-20
1112, IP multicast and IGMP 28-2
1157, SNMPv1 37-2
1163, BGP 44-45
1166, IP addresses 44-7
1253, OSPF 44-27
1267, BGP 44-45
1305, NTP 7-2
1587, NSSAs 44-27
1757, RMON 35-2
1771, BGP 44-45
1901, SNMPv2C 37-2
1902 to 1907, SNMPv2 37-2
2236, IP multicast and IGMP 28-2
2273-2275, SNMPv3 37-2
RFC 5176 Compliance 10-21
RIP
advertisements 44-21
authentication 44-24
configuring 44-22
default configuration 44-21
described 44-21
for IPv6 45-11
hop counts 44-21
split horizon 44-24
summary addresses 44-24
support for 1-16
RMON
default configuration 35-3
displaying status 35-6
enabling alarms and events 35-3
groups supported 35-2
overview 35-1
statistics
collecting group Ethernet 35-5
collecting group history 35-5
support for 1-18
root guard
described 23-10
enabling 23-18
support for 1-9
root switch
MSTP 22-18
STP 21-17
route calculation timers, OSPF 44-35
route dampening, BGP 44-64
routed packets, ACLs on 39-43
routed ports
configuring 44-5
defined 15-4
in switch clusters 6-8
IP addresses on 15-42, 44-5
route-map command 44-102
route maps
BGP 44-56
policy-based routing 44-100
router ACLs
defined 39-3
types of 39-5
route reflectors, BGP 44-63
router ID, OSPF 44-36
route selection, BGP 44-54
route summarization, OSPF 44-34
route targets, VPN 44-79
routing
default 44-3
dynamic 44-3
redistribution of information 44-96
static 44-3
routing domain confederation, BGP 44-63
Routing Information Protocol
See RIP
routing protocol administrative distances 44-94
RPS
See Cisco Redundant Power System 2300
RPS 2300
See Cisco Redundant Power System 2300
RSPAN 34-3
and stack changes 34-10
characteristics 34-9
configuration guidelines 34-17
default configuration 34-12
destination ports 34-8
displaying status 34-28
in a switch stack 34-3
interaction with other features 34-9
monitored ports 34-7
monitoring ports 34-8
overview 1-18, 34-1
received traffic 34-6
session limits 34-12
sessions
creating 34-18
defined 34-4
limiting source traffic to specific VLANs 34-20
specifying monitored ports 34-18
with ingress traffic enabled 34-22
source ports 34-7
transmitted traffic 34-6
VLAN-based 34-7
RSTP
active topology 22-9
BPDU
format 22-12
processing 22-13
designated port, defined 22-9
designated switch, defined 22-9
interoperability with IEEE 802.1D
described 22-8
restarting migration process 22-26
topology changes 22-13
overview 22-9
port roles
described 22-9
synchronized 22-11
proposal-agreement handshake process 22-10
rapid convergence
cross-stack rapid convergence 22-11
described 22-10
edge ports and Port Fast 22-10
point-to-point links 22-10, 22-25
root ports 22-10
root port, defined 22-9
See also MSTP
running configuration
replacing A-20, A-21
rolling back A-20, A-22
saving 4-16
S
SAP
defined 12-9
negotiation 12-9
support 12-1
SC (standby command switch) 6-10
scheduled reloads 4-23
scheduling, IP SLAs operations 47-5
SCP
and SSH 10-55
configuring 10-55
SDM
described 8-1
switch stack consideration 5-11
templates
configuring 8-6
number of 8-1
SDM template
configuring 8-5
dual IPv4 and IPv6 8-3
types of 8-1
secondary edge port, REP 24-4
secondary VLANs 19-2
Secure Copy Protocol
secure HTTP client
configuring 10-54
displaying 10-54
secure HTTP server
configuring 10-52
displaying 10-54
secure MAC addresses
and switch stacks 31-18
deleting 31-16
maximum number of 31-10
types of 31-9
secure ports
and switch stacks 31-18
configuring 31-9
secure remote connections 10-44
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 31-8
Security Exchange Protocol
See SXP
Security Exchange Protocol
See SAP
Security Exchange Protocol (SXP) 14-2
security features 1-10
Security Group Access Control List (SGACL) 14-2
Security Group Tag (SGT) 14-2
See SCP
sequence numbers in log messages 36-8
server mode, VTP 17-3
service-provider network, MSTP and RSTP 22-1
service-provider networks
and customer VLANs 20-2
and IEEE 802.1Q tunneling 20-1
Layer 2 protocols across 20-8
Layer 2 protocol tunneling for EtherChannels 20-10
session keys, MKA 12-2
set-request operation 37-4
setup program
failed command switch replacement 55-11
replacing failed command switch 55-9
severity levels, defining in system messages 36-9
SFPs
monitoring status of 55-14
numbering of 15-21
security and identification 55-14
status, displaying 55-14
SGACL 14-2
SGT 14-2
shaped round robin
See SRR
show access-lists hw-summary command 39-23
show and more command output, filtering 2-9
show cluster members command 6-16
show configuration command 15-39
show forward command 55-22
show interfaces command 15-33, 15-39
show interfaces switchport 25-4
show l2protocol command 20-14, 20-16, 20-17
show platform forward command 55-22
show running-config command
displaying ACLs 39-34, 39-36
interface description in 15-39
shutdown command on interfaces 15-55
shutdown threshold for Layer 2 protocol packets 20-12
Simple Network Management Protocol
See SNMP
single session ID 11-35
small form-factor pluggable modules
See SFPs
small-frame arrival rate, configuring 31-5
smart logging 36-1, 36-14
SNAP 30-1
SNMP
accessing MIB variables with 37-4
agent
described 37-4
disabling 37-7
and IP SLAs 47-2
authentication level 37-10
community strings
configuring 37-8
for cluster switches 37-4
overview 37-4
configuration examples 37-17
default configuration 37-6
engine ID 37-7
groups 37-7, 37-9
host 37-7
ifIndex values 37-5
in-band management 1-8
in clusters 6-14
informs
and trap keyword 37-12
described 37-5
differences from traps 37-5
disabling 37-15
enabling 37-15
limiting access by TFTP servers 37-17
limiting system log messages to NMS 36-10
manager functions 1-6, 37-3
managing clusters with 6-17
notifications 37-5
overview 37-1, 37-4
security levels 37-3
setting CPU threshold notification 37-16
status, displaying 37-19
system contact and location 37-16
trap manager, configuring 37-14
traps
described 37-5
differences from informs 37-5
disabling 37-15
enabling 37-12
enabling MAC address notification 7-15, 7-17, 7-18
overview 37-1, 37-4
types of 37-12
users 37-7, 37-9
versions supported 37-2
SNMP and Syslog Over IPv6 45-13
SNMP traps
REP 24-13
SNMPv1 37-2
SNMPv2C 37-2
SNMPv3 37-2
snooping, IGMP 28-2
software compatibility
See stacks, switch
software images
location in flash A-26
recovery procedures 55-2
scheduling reloads 4-24
tar file format, described A-26
See also downloading and uploading
software images in mixed stacks
See the Cisco Software Activation and Compatibility Document
source-and-destination-IP address based forwarding, EtherChannel 42-9
source-and-destination MAC address forwarding, EtherChannel 42-9
source-IP address based forwarding, EtherChannel 42-9
source-MAC address forwarding, EtherChannel 42-8
Source-specific multicast
See SSM
SPAN
and stack changes 34-10
configuration guidelines 34-12
default configuration 34-12
destination ports 34-8
displaying status 34-28
interaction with other features 34-9
monitored ports 34-7
monitoring ports 34-8
overview 1-18, 34-1
ports, restrictions 31-12
received traffic 34-6
session limits 34-12
sessions
configuring ingress forwarding 34-16, 34-23
creating 34-13, 34-25
defined 34-4
limiting source traffic to specific VLANs 34-16
removing destination (monitoring) ports 34-14
specifying monitored ports 34-13, 34-25
with ingress traffic enabled 34-15
source ports 34-7
transmitted traffic 34-6
VLAN-based 34-7
spanning tree and native VLANs 16-17
Spanning Tree Protocol
See STP
SPAN traffic 34-6
split horizon, RIP 44-24
SRR
configuring
shaped weights on egress queues 40-88
shared weights on egress queues 40-89
shared weights on ingress queues 40-81
described 40-15
shaped mode 40-15
shared mode 40-16
support for 1-15, 1-16
SSH
configuring 10-45
described 1-8, 10-44
encryption methods 10-45
switch stack considerations 5-18
user authentication methods, supported 10-45
SSL
configuration guidelines 10-51
configuring a secure HTTP client 10-54
configuring a secure HTTP server 10-52
described 10-48
monitoring 10-54
SSM
address management restrictions 51-16
CGMP limitations 51-16
components 51-14
configuration guidelines 51-16
configuring 51-14, 51-17
differs from Internet standard multicast 51-14
IGMP snooping 51-16
IGMPv3 51-14
IGMPv3 Host Signalling 51-15
IP address range 51-15
monitoring 51-17
operations 51-15
PIM 51-14
state maintenance limitations 51-16
SSM mapping 51-17
configuration guidelines 51-17
configuring 51-17, 51-19
DNS-based 51-18, 51-20
monitoring 51-22
overview 51-18
restrictions 51-18
static 51-18, 51-20
static traffic forwarding 51-21
stack changes
effects on
IPv6 routing 45-15
stack changes, effects on
ACL configuration 39-7
CDP 30-2
cross-stack EtherChannel 42-13
EtherChannel 42-10
fallback bridging 54-3
HSRP 46-5
IEEE 802.1x port-based authentication 11-11
IGMP snooping 28-7
IP routing 44-4
IPv6 ACLs 41-3
MAC address tables 7-14
MSTP 22-8
multicast routing 51-10
MVR 28-18
port security 31-18
SDM template selection 8-4
SNMP 37-1
SPAN and RSPAN 34-10
STP 21-12
switch clusters 6-14
system message log 36-2
VLANs 16-6
VTP 17-8
stacking
and MACsec 12-3
stack master
bridge ID (MAC address) 5-7
defined 5-2
election 5-6
IPv6 45-15
re-election 5-6
See also stacks, switch
stack member
accessing CLI of specific member 5-30
configuring
member number 5-26
priority value 5-26
defined 5-2
displaying information of 5-30
IPv6 45-15
number 5-7
priority value 5-8
provisioning a new member 5-27
replacing 5-16
See also stacks, switch
stack member number 15-20
stack protocol version 5-12
stacks, switch
accessing CLI of specific member 5-30
assigning information
member number 5-26
priority value 5-26
provisioning a new member 5-27
auto-advise 5-13
auto-copy 5-13
auto-extract 5-13
auto-upgrade 5-12
bridge ID 5-7
Catalyst 3750-X-only 5-2
CDP considerations 30-2
compatibility, software 5-11
configuration file 5-16
configuration scenarios 5-19
copying an image file from one member to another A-39
default configuration 5-24
description of 5-2
displaying information of 5-30
enabling persistent MAC address timer 5-24
hardware compatibility and SDM mismatch mode 5-11
HSRP considerations 46-5
in clusters 6-14
incompatible software and image upgrades 5-16, A-39
IPv6 on 45-15
MAC address considerations 7-14
MAC address of 5-24
management connectivity 5-17
managing 5-1
managing mixed
See Catalyst 3750-E and 3750 Switch Stacking Compatibility Guide
membership 5-4
merged 5-5
mixed
hardware 5-2
hardware and software 5-2
software 5-2
with Catalyst 3750-E and 3750 switches 5-2
mixed software images
See Cisco Software Activation and Compatibility Document
MSTP instances supported 21-10
multicast routing, stack master and member roles 51-10
offline configuration
described 5-8
effects of adding a provisioned switch 5-9
effects of removing a provisioned switch 5-11
effects of replacing a provisioned switch 5-11
provisioned configuration, defined 5-8
provisioned switch, defined 5-8
provisioning a new member 5-27
partitioned 5-5, 55-8
provisioned switch
adding 5-9
removing 5-11
replacing 5-11
replacing a failed member 5-16
software compatibility 5-11
software image version 5-11
stack protocol version 5-12
STP
bridge ID 21-3
instances supported 21-10
root port selection 21-3
stack root switch election 21-3
system messages
hostnames in the display 36-1
remotely monitoring 36-2
system prompt consideration 7-7
system-wide configuration considerations 5-17
upgrading A-39
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 5-12
described 5-12
examples 5-13
manual upgrades with auto-advise 5-13
upgrades with auto-extract 5-13
See also stack master and stack member
StackWise Plus technology, Cisco 1-3
See also stacks, switch
standby command switch
configuring
considerations 6-11
defined 6-2
priority 6-10
requirements 6-3
virtual IP address 6-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby ip command 46-6
standby links 25-2
standby router 46-2
standby timers, HSRP 46-10
startup configuration
booting
manually 4-19
specific image 4-20
clearing A-20
configuration file
automatically downloading 4-18
specifying the filename 4-19
default boot configuration 4-18
static access ports
assigning to VLAN 16-9
defined 15-3, 16-3
static addresses
See addresses
static IP routing 1-16
static MAC addressing 1-11
static route primary interface, configuring 49-10
static routes
configuring 44-94
understanding 45-11
static routing 44-3
static routing support, enhanced object tracking 49-10
static SSM mapping 51-18, 51-20
static traffic forwarding 51-21
static VLAN membership 16-2
statistics
802.1X 13-17
CDP 30-5
IEEE 802.1x 11-76
interface 15-54
IP multicast routing 51-63
MKA 12-5
OSPF 44-37
RMON group Ethernet 35-5
RMON group history 35-5
SNMP input and output 37-19
VTP 17-18
sticky learning 31-9
storm control
configuring 31-3
described 31-1
disabling 31-5
support for 1-5
thresholds 31-1
STP
accelerating root port selection 23-4
and REP 24-6
BackboneFast
described 23-7
disabling 23-17
enabling 23-16
BPDU filtering
described 23-3
disabling 23-15
enabling 23-14
BPDU guard
described 23-2
disabling 23-14
enabling 23-13
BPDU message exchange 21-3
configuration guidelines 21-14, 23-12
configuring
forward-delay time 21-24
hello time 21-23
maximum aging time 21-24
path cost 21-21
port priority 21-19
root switch 21-17
secondary root switch 21-18
spanning-tree mode 21-15
switch priority 21-22
transmit hold-count 21-25
counters, clearing 21-25
cross-stack UplinkFast
described 23-5
enabling 23-16
default configuration 21-13
default optional feature configuration 23-12
designated port, defined 21-4
designated switch, defined 21-4
detecting indirect link failures 23-8
disabling 21-16
displaying status 21-25
EtherChannel guard
described 23-10
disabling 23-17
enabling 23-17
extended system ID
effects on root switch 21-17
effects on the secondary root switch 21-18
overview 21-5
unexpected behavior 21-17
features supported 1-9
IEEE 802.1D and bridge ID 21-5
IEEE 802.1D and multicast addresses 21-9
IEEE 802.1t and VLAN identifier 21-5
inferior BPDU 21-3
instances supported 21-10
interface state, blocking to forwarding 23-2
interface states
blocking 21-6
disabled 21-8
forwarding 21-6, 21-7
learning 21-7
listening 21-7
overview 21-5
interoperability and compatibility among modes 21-11
keepalive messages 21-2
Layer 2 protocol tunneling 20-8
limitations with IEEE 802.1Q trunks 21-12
load sharing
overview 16-22
using path costs 16-24
using port priorities 16-22
loop guard
described 23-11
enabling 23-18
modes supported 21-9
multicast addresses, effect of 21-9
optional features supported 1-9
overview 21-2
path costs 16-24, 16-25
Port Fast
described 23-2
enabling 23-12
port priorities 16-23
preventing root switch selection 23-10
protocols supported 21-9
redundant connectivity 21-9
root guard
described 23-10
enabling 23-18
root port, defined 21-3
root port selection on a switch stack 21-3
root switch
configuring 21-17
effects of extended system ID 21-5, 21-17
election 21-3
unexpected behavior 21-17
shutdown Port Fast-enabled port 23-2
stack changes, effects of 21-12
status, displaying 21-25
superior BPDU 21-3
timers, described 21-23
UplinkFast
described 23-3
enabling 23-15
VLAN-bridge 21-12
stratum, NTP 7-2
stub areas, OSPF 44-33
stub routing, EIGRP 44-44
subdomains, private VLAN 19-1
subnet mask 44-7
subnet zero 44-8
success response, VMPS 16-26
summer time 7-6
SunNet Manager 1-6
supernet 44-8
supported port-based authentication methods 11-8
SVI autostate exclude
configuring 15-44
defined 15-6
SVI link state 15-6
SVIs
and IP unicast routing 44-5
and router ACLs 39-5
connecting VLANs 15-15
defined 15-5
routing between VLANs 16-2
switch 45-2
switch clustering technology 6-1
See also clusters, switch
switch console port 1-8
Switch Database Management
See SDM
switched packets, ACLs on 39-41
Switched Port Analyzer
See SPAN
switched ports 15-3
switchport backup interface 25-4, 25-5
switchport block multicast command 31-8
switchport block unicast command 31-8
switchport command 15-30
switchport mode dot1q-tunnel command 20-7
switchport protected command 31-7
switch priority
MSTP 22-22
STP 21-22
switch software features 1-1
switch virtual interface
See SVI
SXP 14-2
synchronization, BGP 44-50
syslog
See system message logging
system capabilities TLV 32-2
system clock
configuring
daylight saving time 7-6
manually 7-4
summer time 7-6
time zones 7-5
displaying the time and date 7-5
overview 7-2
See also NTP
system description TLV 32-2
system message logging
default configuration 36-4
defining error message severity levels 36-9
disabling 36-4
displaying the configuration 36-17
enabling 36-5
facility keywords, described 36-14
level keywords, described 36-10
limiting messages 36-10
message format 36-2
overview 36-1
sequence numbers, enabling and disabling 36-8
setting the display destination device 36-5
stack changes, effects of 36-2
synchronizing log messages 36-6
syslog facility 1-18
time stamps, enabling and disabling 36-8
UNIX syslog servers
configuring the daemon 36-12
configuring the logging facility 36-13
facilities supported 36-14
system MTU
and IS-IS LSPs 44-71
system MTU and IEEE 802.1Q tunneling 20-5
system name
default configuration 7-8
default setting 7-8
manual configuration 7-8
See also DNS
system name TLV 32-2
system prompt, default setting 7-7, 7-8
system resources, optimizing 8-1
system routing
IS-IS 44-67
ISO IGRP 44-67
T
TACACS+
accounting, defined 10-11
authentication, defined 10-11
authorization, defined 10-11
configuring
accounting 10-17
authentication key 10-13
authorization 10-16
login authentication 10-14
default configuration 10-13
displaying the configuration 10-17
identifying the server 10-13
in clusters 6-16
limiting the services to the user 10-16
operation of 10-12
overview 10-10
support for 1-13
tracking services accessed by user 10-17
tagged packets
IEEE 802.1Q 20-3
Layer 2 protocol 20-8
tar files
creating A-7
displaying the contents of A-7
extracting A-8
image file format A-26
TCL script, registering and defining with embedded event manager 38-7
TDR 1-19
Telnet
accessing management interfaces 2-10
number of connections 1-8
setting a password 10-6
templates, SDM 8-2
temporary self-signed certificate 10-49
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 10-6
ternary content addressable memory 55-26
TFTP
configuration files
downloading A-12
preparing the server A-11
uploading A-13
configuration files in base directory 4-8
configuring for autoconfiguration 4-7
image files
deleting A-30
downloading A-28
preparing the server A-28
uploading A-30
limiting access by servers 37-17
TFTP server 1-7
threshold, traffic level 31-2
threshold monitoring, IP SLAs 47-6
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 39-18
time ranges in ACLs 39-18
time stamps in log messages 36-8
time zones 7-5
TLVs
defined 32-2
LLDP 32-2
LLDP-MED 32-2
Token Ring VLANs
support for 16-5
VTP support 17-5
ToS 1-15
traceroute, Layer 2
and ARP 55-17
and CDP 55-17
broadcast traffic 55-16
described 55-16
IP addresses and subnets 55-17
MAC addresses and VLANs 55-17
multicast traffic 55-17
multiple devices on a port 55-17
unicast traffic 55-16
usage guidelines 55-17
traceroute command
See also IP traceroute
tracked lists
configuring 49-3
types 49-3
tracked objects
by Boolean expression 49-4
by threshold percentage 49-6
by threshold weight 49-5
tracking interface line-protocol state 49-2
tracking IP routing state 49-2
tracking objects 49-1
tracking process 49-1
track state, tracking IP SLAs 49-9
traffic
blocking flooded 31-8
fragmented 39-6
fragmented IPv6 41-2
unfragmented 39-6
traffic policing 1-15
traffic suppression 31-1
transmit hold-count
see STP
transparent mode, VTP 17-4
trap-door mechanism 4-2
traps
configuring MAC address notification 7-15, 7-17, 7-18
configuring managers 37-12
enabling 7-15, 7-17, 7-18, 37-12
notification types 37-12
overview 37-1, 37-4
troubleshooting
connectivity problems 55-15, 55-16, 55-18
CPU utilization 55-29
detecting unidirectional links 33-1
displaying crash information 55-24
PIMv1 and PIMv2 interoperability problems 51-35
setting packet forwarding 55-22
SFP security and identification 55-14
show forward command 55-22
with CiscoWorks 37-4
with debug commands 55-20
with ping 55-15
with system message logging 36-1
with traceroute 55-18
trunk failover
See link-state tracking
trunking encapsulation 1-10
trunk ports
configuring 16-18
defined 15-4, 16-3
encapsulation 16-18, 16-23
trunks
allowed-VLAN list 16-19
configuring 16-18, 16-23
ISL 16-15
load sharing
setting STP path costs 16-24
using STP port priorities 16-22, 16-23
native VLAN for untagged traffic 16-21
parallel 16-24
pruning-eligible list 16-20
to non-DTP device 16-15
trusted boundary for QoS 40-45
trusted port states
between QoS domains 40-47
classification options 40-5
ensuring port security for IP phones 40-45
support for 1-15
within a QoS domain 40-43
trustpoints, CA 10-49
tunneling
defined 20-1
IEEE 802.1Q 20-1
Layer 2 protocol 20-8
tunnel ports
described 15-4, 20-2
IEEE 802.1Q, configuring 20-7
incompatibilities with other features 20-6
twisted-pair Ethernet, detecting unidirectional links 33-1
type of service
See ToS
U
UDLD
configuration guidelines 33-4
default configuration 33-4
disabling
globally 33-5
on fiber-optic interfaces 33-5
per interface 33-6
echoing detection mechanism 33-3
enabling
globally 33-5
per interface 33-6
Layer 2 protocol tunneling 20-11
link-detection mechanism 33-1
neighbor database 33-2
overview 33-1
resetting an interface 33-6
status, displaying 33-7
support for 1-9
UDP, configuring 44-16
UDP jitter, configuring 47-9
UDP jitter operation, IP SLAs 47-8
unauthorized ports with IEEE 802.1x 11-10
unicast MAC address filtering 1-7
and adding static addresses 7-21
and broadcast MAC addresses 7-21
and CPU packets 7-21
and multicast addresses 7-21
and router MAC addresses 7-21
configuration guidelines 7-21
described 7-21
unicast storm 31-1
unicast storm control command 31-4
unicast traffic, blocking 31-8
UniDirectional Link Detection protocol
See UDLD
universal software image 1-1
feature set
IP base 1-1, 1-2
IP services 1-2
UNIX syslog servers
daemon configuration 36-12
facilities supported 36-14
message logging configuration 36-13
unrecognized Type-Length-Value (TLV) support 17-5
upgrading software images
See downloading
UplinkFast
described 23-3
disabling 23-16
enabling 23-15
support for 1-9
uploading
configuration files
preparing A-11, A-14, A-17
reasons for A-9
using FTP A-16
using RCP A-19
using TFTP A-13
image files
preparing A-28, A-31, A-36
reasons for A-25
using FTP A-34
using RCP A-38
using TFTP A-30
USB flash devices 15-18
USB inactivity timer 15-18
USB port
mini-type B 15-16
USB ports 15-16
USB Type A port 1-8
USB type A port 15-18
User Datagram Protocol
See UDP
username-based authentication 10-6
Using Memory Consistency Check Routines 55-26
V
VACLs
logging
configuration example 39-40
version-dependent transparent mode 17-5
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 5-12
described 5-12
displaying 5-12
manual upgrades with auto-advise 5-13
upgrades with auto-extract 5-13
virtual IP address
cluster standby group 6-11
command switch 6-11
virtual ports, MKA 12-3
Virtual Private Network
See VPN
virtual router 46-1, 46-2
virtual switches and PAgP 42-6
vlan.dat file 16-4
VLAN 1
disabling on a trunk port 16-20
minimization 16-19
VLAN ACLs
See VLAN maps
vlan-assignment response, VMPS 16-26
VLAN blocking, REP 24-12
VLAN configuration
at bootup 16-7
saving 16-7
VLAN database
and startup configuration file 16-7
and VTP 17-1
VLAN configuration saved in 16-6
VLANs saved in 16-4
vlan dot1q tag native command 20-5
VLAN filtering and SPAN 34-8
vlan global configuration command 16-6
VLAN ID, discovering 7-24
VLAN link state 15-6
VLAN load balancing
REP 24-4
VLAN load balancing, triggering 24-5
VLAN load balancing on flex links
configuration guidelines 25-8
described 25-2
VLAN management domain 17-2
VLAN Management Policy Server
See VMPS
VLAN map entries, order of 39-33
VLAN maps
applying 39-36
common uses for 39-36
configuration guidelines 39-33
configuring 39-32
creating 39-34
defined 39-3
denying access to a server example 39-38
denying and permitting packets 39-34
displaying 39-45
examples of ACLs and VLAN maps 39-34
removing 39-36
support for 1-11
wiring closet configuration example 39-37
VLAN membership
confirming 16-29
modes 16-3
VLAN Query Protocol
See VQP
VLANs
adding 16-8
adding to VLAN database 16-8
aging dynamic addresses 21-9
allowed on trunk 16-19
and spanning-tree instances 16-3, 16-6, 16-11
configuration guidelines, extended-range VLANs 16-11
configuration guidelines, normal-range VLANs 16-5
configuring 16-1
configuring IDs 1006 to 4094 16-11
connecting through SVIs 15-15
customer numbering in service-provider networks 20-3
default configuration 16-7
deleting 16-9
described 15-2, 16-1
displaying 16-14
extended-range 16-1, 16-10
features 1-10
illustrated 16-2
internal 16-11
in the switch stack 16-6
limiting source traffic with RSPAN 34-20
limiting source traffic with SPAN 34-16
modifying 16-8
multicast 28-17
native, configuring 16-21
normal-range 16-1, 16-4
number supported 1-10
parameters 16-4
port membership modes 16-3
static-access ports 16-9
STP and IEEE 802.1Q trunks 21-12
supported 16-2
Token Ring 16-5
traffic between 16-2
VLAN-bridge STP 21-12, 54-2
VTP modes 17-3
VLAN Trunking Protocol
See VTP
VLAN trunks 16-14
VMPS
administering 16-30
configuration example 16-31
configuration guidelines 16-27
default configuration 16-27
description 16-25
dynamic port membership
described 16-26
reconfirming 16-29
troubleshooting 16-31
entering server address 16-28
mapping MAC addresses to VLANs 16-26
monitoring 16-30
reconfirmation interval, changing 16-29
reconfirming membership 16-29
retry count, changing 16-30
voice aware 802.1x security
port-based authentication
configuring 11-42
described 11-34, 11-42
voice-over-IP 18-1
voice VLAN
Cisco 7960 phone, port connections 18-1
configuration guidelines 18-3
configuring IP phones for data traffic
override CoS of incoming frame 18-6
trust CoS priority of incoming frame 18-6
configuring ports for voice traffic in
802.1p priority tagged frames 18-5
IEEE 802.1Q frames 18-5
connecting to an IP phone 18-4
default configuration 18-3
described 18-1
displaying 18-7
IP phone data traffic, described 18-2
IP phone voice traffic, described 18-2
VPN
configuring routing in 44-85
forwarding 44-79
in service provider networks 44-76
routes 44-77
VPN routing and forwarding table
See VRF
VQP 1-10, 16-25
VRF
defining 44-79
tables 44-76
VRF-aware services
ARP 44-81
configuring 44-81
ftp 44-84
HSRP 44-82
ping 44-82
RADIUS 44-83
SNMP 44-82
syslog 44-83
tftp 44-84
traceroute 44-84
uRPF 44-83
VRFs, configuring multicast 44-85
VTP
adding a client to a domain 17-17
advertisements 16-17, 17-4
and extended-range VLANs 16-2, 17-2
and normal-range VLANs 16-2, 17-2
client mode, configuring 17-13
configuration
requirements 17-11
saving 17-9
configuration requirements 17-11
configuration revision number
guideline 17-17
resetting 17-17
consistency checks 17-5
default configuration 17-9
described 17-1
domain names 17-9
domains 17-2
Layer 2 protocol tunneling 20-8
modes
client 17-3
off 17-4
server 17-3
transitions 17-3
transparent 17-4
monitoring 17-18
passwords 17-10
pruning
disabling 17-16
enabling 17-16
examples 17-7
overview 17-6
support for 1-10
pruning-eligible list, changing 16-20
server mode, configuring 17-11, 17-14
statistics 17-18
support for 1-10
Token Ring support 17-5
transparent mode, configuring 17-12
using 17-1
Version
enabling 17-15
version, guidelines 17-10
Version 1 17-5
Version 2
configuration guidelines 17-10
overview 17-5
Version 3
overview 17-5
W
WCCP
authentication 50-3
configuration guidelines 50-5
default configuration 50-5
described 50-2
displaying 50-10
dynamic service groups 50-3
enabling 50-6
features unsupported 50-5
forwarding method 50-3
Layer-2 header rewrite 50-3
MD5 security 50-3
message exchange 50-2
monitoring and maintaining 50-10
negotiation 50-3
packet redirection 50-3
packet-return method 50-3
redirecting traffic received from a client 50-6
setting the password 50-7
unsupported WCCPv2 features 50-5
web authentication 11-15
configuring 13-16 to ??
described 1-11
web-based authentication
customizeable web pages 13-6
description 13-1
web-based authentication, interactions with other features 13-7
Web Cache Communication Protocol
See WCCP
weighted tail drop
See WTD
weight thresholds in tracked lists 49-5
wired location service
configuring 32-10
displaying 32-11
location TLV 32-3
understanding 32-3
wizards 1-3
WTD
described 40-15
setting thresholds
egress queue-sets 40-84
ingress queues 40-80
support for 1-15
Index
Numerics
10-Gigabit Ethernet interfaces 15-7
802.1AE
standard 12-2
802.1AE Tagging 14-2
802.1x-REV 12-2
A
AAA down policy, NAC Layer 2 IP validation 1-13
abbreviating commands 2-3
ABRs 44-27
AC (command switch) 6-10
access control entries
See ACEs
access-denied response, VMPS 16-26
access groups
applying IPv4 ACLs to interfaces 39-22
Layer 3 39-22
access groups, applying IPv4 ACLs to interfaces 39-22
accessing
clusters, switch 6-13
command switches 6-11
member switches 6-13
switch clusters 6-13
accessing stack members 5-30
access lists
See ACLs
access ports
and Layer 2 protocol tunneling 20-12
defined 15-3
in switch clusters 6-9
access template 8-2
accounting
with 802.1x 11-53
with IEEE 802.1x 11-14
with RADIUS 10-34
with TACACS+ 10-11, 10-17
ACEs
and QoS 40-8
defined 39-2
Ethernet 39-2
IP 39-2
ACLs
ACEs 39-2
applying
on bridged packets 39-42
on multicast packets 39-43
on routed packets 39-43
on switched packets 39-41
time ranges to 39-18
to an interface 39-21, 41-7
to QoS 40-7
classifying traffic for QoS 40-49
comments in 39-20
compiling 39-24
defined 39-2, 39-8
examples of 39-24, 40-49
extended IP, configuring for QoS classification 40-50
extended IPv4
creating 39-11
matching criteria 39-8
hardware and software handling 39-23
IP
creating 39-8
fragments and QoS guidelines 40-39
implicit deny 39-11, 39-15, 39-18
implicit masks 39-11
matching criteria 39-8
undefined 39-23
IPv4
applying to interfaces 39-21
creating 39-8
matching criteria 39-8
named 39-16
numbers 39-9
terminal lines, setting on 39-20
unsupported features 39-7
IPv6
and stacking 41-3
applying to interfaces 41-7
configuring 41-4, 41-5
displaying 41-8
interactions with other features 41-4
limitations 41-3
matching criteria 41-3
named 41-3
precedence of 41-2
supported 41-2
unsupported features 41-3
Layer 4 information in 39-41
logging messages 39-9
MAC extended 39-29, 40-53
matching 39-8, 39-22
monitoring 39-44, 41-8
named
IPv4 39-16
IPv6 41-3
names 41-4
number per QoS class map 40-39
port 39-3, 41-2
precedence of 39-3
QoS 40-7, 40-49
resequencing entries 39-16
router 39-3, 41-2
router ACLs and VLAN map configuration guidelines 39-40
standard IP, configuring for QoS classification 40-49, 40-51
standard IPv4
creating 39-10
matching criteria 39-8
support for 1-11
support in hardware 39-23
time ranges 39-18
types supported 39-2
unsupported features
IPv4 39-7
IPv6 41-3
using router ACLs with VLAN maps 39-40
VLAN maps
configuration guidelines 39-33
configuring 39-32
active link 25-4, 25-5, 25-6
active links 25-2
active router 46-2
active traffic monitoring, IP SLAs 47-1
address aliasing 28-2
addresses
displaying the MAC address table 7-23
dynamic
accelerated aging 21-9
changing the aging time 7-14
default aging 21-9
defined 7-12
learning 7-13
removing 7-15
IPv6 45-2
MAC, discovering 7-24
multicast
group address range 51-3
STP address management 21-9
static
adding and removing 7-20
defined 7-12
address resolution 7-24, 44-10
Address Resolution Protocol
See ARP
adjacency tables, with CEF 44-92
administrative distances
defined 44-104
OSPF 44-35
routing protocol defaults 44-94
administrative VLAN
REP, configuring 24-8
administrative VLAN, REP 24-8
advertisements
CDP 30-1
LLDP 32-2
RIP 44-21
VTP 16-17, 17-3, 17-4
age timer, REP 24-8
aggregatable global unicast addresses 45-3
aggregate addresses, BGP 44-62
aggregated ports
See EtherChannel
aggregate policers 40-71
aggregate policing 1-15
aging, accelerating 21-9
aging time
accelerated
for MSTP 22-24
for STP 21-9, 21-24
MAC address table 7-14
maximum
for MSTP 22-24, 22-25
for STP 21-24, 21-25
alarms, RMON 35-3
allowed-VLAN list 16-19
application engines, redirecting traffic to 50-1
area border routers
See ABRs
area routing
IS-IS 44-67
ISO IGRP 44-67
ARP
configuring 44-11
defined 1-7, 7-24, 44-10
encapsulation 44-11
static cache configuration 44-11
table
address resolution 7-24
managing 7-24
ASBRs 44-27
AS-path filters, BGP 44-56
asymmetrical links, and IEEE 802.1Q tunneling 20-4
attributes, RADIUS
vendor-proprietary 10-36
vendor-specific 10-35
attribute-value pairs 11-20
authentication
EIGRP 44-43
HSRP 46-10
local mode with AAA 10-43
open1x 11-31
RADIUS
key 10-27
login 10-29
TACACS+
defined 10-11
key 10-13
login 10-14
See also port-based authentication
authentication failed VLAN
See restricted VLAN
authentication keys, and routing protocols 44-105
authentication manager
CLI commands 11-9
compatibility with older 802.1x CLI commands 11-9 to 11-10
overview 11-7
single session ID 11-35
authoritative time source, described 7-2
authorization
with RADIUS 10-33
with TACACS+ 10-11, 10-16
authorized ports with IEEE 802.1x 11-10
autoconfiguration 4-3
auto enablement 11-33
automatic advise (auto-advise) in switch stacks 5-13
automatic copy (auto-copy) in switch stacks 5-13
automatic discovery
considerations
beyond a noncandidate device 6-8
brand new switches 6-9
connectivity 6-5
different VLANs 6-7
management VLANs 6-7
non-CDP-capable devices 6-6
noncluster-capable devices 6-6
routed ports 6-8
in switch clusters 6-5
See also CDP
automatic extraction (auto-extract) in switch stacks 5-13
automatic QoS
See QoS
automatic recovery, clusters 6-10
See also HSRP
automatic upgrades (auto-upgrade) in switch stacks 5-12
auto-MDIX
configuring 15-35
described 15-34
autonegotiation
duplex mode 1-4
interface configuration guidelines 15-32
mismatches 55-13
autonomous system boundary routers
See ASBRs
autonomous systems, in BGP 44-50
Auto-RP, described 51-7
autosensing, port speed 1-4
autostate exclude 15-6
auxiliary VLAN
See voice VLAN
availability, features 1-9
B
BackboneFast
described 23-7
disabling 23-17
enabling 23-16
support for 1-9
backup interfaces
See Flex Links
backup links 25-2
backup static routing, configuring 49-12
banners
configuring
login 7-12
message-of-the-day login 7-11
default configuration 7-10
when displayed 7-10
Berkeley r-tools replacement 10-54
BGP
aggregate addresses 44-62
aggregate routes, configuring 44-62
CIDR 44-62
clear commands 44-65
community filtering 44-59
configuring neighbors 44-60
default configuration 44-47
described 44-47
enabling 44-50
monitoring 44-65
multipath support 44-54
neighbors, types of 44-50
path selection 44-54
peers, configuring 44-60
prefix filtering 44-58
resetting sessions 44-52
route dampening 44-64
route maps 44-56
route reflectors 44-63
routing domain confederation 44-63
routing session with multi-VRF CE 44-86
show commands 44-65
supernets 44-62
support for 1-16
Version 4 44-47
binding cluster group and HSRP group 46-12
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 26-6
DHCP snooping database 26-6
IP source guard 26-16
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 31-7
Boolean expressions in tracked lists 49-4
booting
boot loader, function of 4-2
boot process 4-2
manually 4-19
specific image 4-20
boot loader
accessing 4-21
described 4-2
environment variables 4-21
prompt 4-21
trap-door mechanism 4-2
Boot Loader Upgrade and Image Verification for the FIPS Mode of Operation 4-25
bootstrap router (BSR), described 51-7
Border Gateway Protocol
See BGP
BPDU
error-disabled state 23-2
filtering 23-3
RSTP format 22-12
BPDU filtering
described 23-3
disabling 23-15
enabling 23-14
support for 1-9
BPDU guard
described 23-2
disabling 23-14
enabling 23-13
support for 1-9
bridged packets, ACLs on 39-42
bridge groups
See fallback bridging
bridge protocol data unit
See BPDU
broadcast flooding 44-18
broadcast packets
directed 44-15
flooded 44-15
broadcast storm-control command 31-4
broadcast storms 31-1, 44-15
C
cables, monitoring for unidirectional links 33-1
candidate switch
automatic discovery 6-5
defined 6-4
requirements 6-4
See also command switch, cluster standby group, and member switch
CA trustpoint
configuring 10-51
defined 10-49
CDP
and trusted boundary 40-45
automatic discovery in switch clusters 6-5
configuring 30-2
default configuration 30-2
defined with LLDP 32-1
described 30-1
disabling for routing device 30-4
enabling and disabling
on an interface 30-4
on a switch 30-4
Layer 2 protocol tunneling 20-8
monitoring 30-5
overview 30-1
power negotiation extensions 15-8
support for 1-7
switch stack considerations 30-2
transmission timer and holdtime, setting 30-2
updates 30-2
CEF
defined 44-91
distributed 44-92
IPv6 45-30
CGMP
as IGMP snooping learning method 28-9
enabling server support 51-45
joining multicast group 28-3
overview 51-9
server support only 51-9
switch support of 1-5
CIDR 44-62
CipherSuites 10-50
Cisco 7960 IP Phone 18-1
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco intelligent power management 15-8
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
See IFS
Cisco IOS IP SLAs 47-2
Cisco Redundant Power System 2300
configuring 15-48
managing 15-48
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 11-20
attribute-value pairs for redirect URL 11-20
Cisco StackWise Plus technology 1-3
See also stacks, switch
Cisco TrustSec
credentials 12-10
switch-to-switch security
802.1x mode 12-11
configuration example 12-14
manual mode 12-12
Cisco TrustSec Network Device Admission Control
See NDAC
CiscoWorks 2000 1-6, 37-4
CISP 11-33
CIST regional root
See MSTP
CIST root
See MSTP
civic location 32-3
classless interdomain routing
See CIDR
classless routing 44-8
class maps for QoS
configuring 40-54
described 40-8
class of service
See CoS
clearing interfaces 15-55
CLI
abbreviating commands 2-3
command modes 2-1
configuration logging 2-4
described 1-6
editing features
enabling and disabling 2-6
keystroke editing 2-7
wrapped lines 2-8
error messages 2-4
filtering command output 2-9
getting help 2-3
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
managing clusters 6-16
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client mode, VTP 17-3
client processes, tracking 49-1
CLNS
See ISO CLNS
clock
See system clock
clusters, switch
accessing 6-13
automatic discovery 6-5
automatic recovery 6-10
benefits 1-2
compatibility 6-4
described 6-1
LRE profile considerations 6-16
managing
through CLI 6-16
through SNMP 6-17
planning 6-4
planning considerations
automatic discovery 6-5
automatic recovery 6-10
CLI 6-16
host names 6-13
IP addresses 6-13
LRE profiles 6-16
passwords 6-14
RADIUS 6-16
SNMP 6-14, 6-17
switch stacks 6-14
TACACS+ 6-16
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
and HSRP group 46-12
automatic recovery 6-12
considerations 6-11
defined 6-2
requirements 6-3
virtual IP address 6-11
See also HSRP
CNS
Configuration Engine
configID, deviceID, hostname 3-3
configuration service 3-2
described 3-1
event service 3-3
embedded agents
described 3-5
enabling automated configuration 3-6
enabling configuration agent 3-9
enabling event agent 3-8
management functions 1-6
CoA Request Commands 10-23
Coarse Wave Division Multiplexer
See CWDM SFPs
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-3
no and default 2-4
commands, setting privilege levels 10-8
command switch
accessing 6-11
active (AC) 6-10
configuration conflicts 55-12
defined 6-2
passive (PC) 6-10
password privilege levels 6-17
priority 6-10
recovery
from command-switch failure 6-10, 55-9
from lost member connectivity 55-12
redundant 6-10
replacing
with another switch 55-11
with cluster member 55-9
requirements 6-3
standby (SC) 6-10
See also candidate switch, cluster standby group, member switch, and standby command switch
Common Criteria 1-11
common session ID
see single session ID 11-35
community list, BGP 44-59
community ports 19-2
community strings
configuring 6-14, 37-8
for cluster switches 37-4
in clusters 6-14
overview 37-4
SNMP 6-14
community VLANs 19-2, 19-3
compatibility, feature 31-12
compatibility, software
See stacks, switch
configurable leave timer, IGMP 28-6
configuration, initial
defaults 1-20
Express Setup 1-2
configuration conflicts, recovering from lost member connectivity 55-12
configuration examples, network 1-23
configuration files
archiving A-21
clearing the startup configuration A-20
creating and using, guidelines for A-10
creating using a text editor A-11
deleting a stored configuration A-20
described A-9
downloading
automatically 4-18
preparing A-11, A-14, A-17
reasons for A-9
using FTP A-14
using RCP A-18
using TFTP A-12
invalid combinations when copying A-6
limiting TFTP server access 37-17
obtaining with DHCP 4-9
password recovery disable considerations 10-5
replacing and rolling back, guidelines for A-22
replacing a running configuration A-20, A-21
rolling back a running configuration A-20, A-22
specifying the filename 4-19
system contact and location information 37-16
types and location A-10
uploading
preparing A-11, A-14, A-17
reasons for A-9
using FTP A-16
using RCP A-19
using TFTP A-13
configuration guidelines
REP 24-7
configuration guidelines, multi-VRF CE 44-79
configuration logging 2-4
configuration replacement A-20
configuration rollback A-20, A-21
configuration settings, saving 4-16
configure terminal command 15-21
Configuring First Hop Security in IPv6 45-19
Configuring IPv6 Source Guard 45-22
configuring multicast VRFs 44-85
configuring port-based authentication violation modes 11-43 to 11-44
configuring small-frame arrival rate 31-5
Configuring VACL Logging 39-39
conflicts, configuration 55-12
connections, secure remote 10-44
connectivity problems 55-15, 55-16, 55-18
consistency checks in VTP Version 2 17-5
console port
RJ-45 15-16
USB 15-16
console port, connecting to 2-10
content-routing technology
See WCCP
control protocol, IP SLAs 47-4
convergence
REP 24-4
corrupted software, recovery steps with Xmodem 55-2
CoS
in Layer 2 frames 40-2
override priority 18-6
trust priority 18-6
CoS input queue threshold map for QoS 40-18
CoS output queue threshold map for QoS 40-21
CoS-to-DSCP map for QoS 40-73
counters, clearing interface 15-55
CPU utilization, troubleshooting 55-29
crashinfo file 55-24
critical authentication, IEEE 802.1x 11-63
critical VLAN 11-23
cross-stack EtherChannel
configuration guidelines 42-13
configuring
on Layer 2 interfaces 42-13
on Layer 3 physical interfaces 42-16
described 42-3
illustration 42-4
support for 1-9
cross-stack UplinkFast, STP
described 23-5
disabling 23-16
enabling 23-16
fast-convergence events 23-7
Fast Uplink Transition Protocol 23-6
normal-convergence events 23-7
support for 1-9
cryptographic software image
switch stack considerations 5-3, 5-18
customer edge devices 44-77
customizeable web pages, web-based authentication 13-6
CWDM SFPs 1-36
D
DACL
See downloadable ACL
daylight saving time 7-6
dCEF in the switch stack 44-91
debugging
enabling all system diagnostics 55-21
enabling for a specific feature 55-21
redirecting error message output 55-22
using commands 55-20
default commands 2-4
default configuration
802.1x 11-38
auto-QoS 40-24
banners 7-10
BGP 44-47
booting 4-18
CDP 30-2
DHCP 26-8
DHCP option 82 26-8
DHCP snooping 26-8
DHCP snooping binding database 26-9
DNS 7-9
dynamic ARP inspection 27-5
EIGRP 44-39
EtherChannel 42-11
Ethernet interfaces 15-30
fallback bridging 54-3
Flex Links 25-8
HSRP 46-5
IEEE 802.1Q tunneling 20-4
IGMP 51-39
IGMP filtering 28-24
IGMP snooping 28-7, 29-6
IGMP throttling 28-25
initial switch information 4-3
IP addressing, IP routing 44-6
IP multicast routing 51-11
IP SLAs 47-6
IP source guard 26-18
IPv6 45-16
IS-IS 44-68
Layer 2 interfaces 15-30
Layer 2 protocol tunneling 20-12
LLDP 32-5
MAC address table 7-14
MAC address-table move update 25-8
MSDP 53-4
MSTP 22-14
multi-VRF CE 44-79
MVR 28-20
optional spanning-tree configuration 23-12
OSPF 44-28
password and privilege level 10-2
PIM 51-11
private VLANs 19-6
RADIUS 10-27
REP 24-7
RIP 44-21
RMON 35-3
RSPAN 34-12
SDM template 8-5
SNMP 37-6
SPAN 34-12
SSL 10-51
standard QoS 40-37
STP 21-13
switch stacks 5-24
system message logging 36-4
system name and prompt 7-8
TACACS+ 10-13
UDLD 33-4
VLAN, Layer 2 Ethernet interfaces 16-17
VLANs 16-7
VMPS 16-27
voice VLAN 18-3
VTP 17-9
WCCP 50-5
default gateway 4-15, 44-13
default networks 44-95
default router preference
See DRP
default routes 44-95
default routing 44-3
default web-based authentication configuration
802.1X 13-9
deleting VLANs 16-9
denial-of-service attack 31-1
description command 15-39
designing your network, examples 1-23
desktop template 5-11
destination-IP address-based forwarding, EtherChannel 42-9
destination-MAC address forwarding, EtherChannel 42-9
detecting indirect link failures, STP 23-8
device discovery protocol 30-1, 32-1
device manager
benefits 1-2
described 1-3, 1-6
in-band management 1-8
device sensor
configuring 11-54
DHCP
Cisco IOS server database
configuring 26-14
default configuration 26-9
described 26-6
DHCP for IPv6
See DHCPv6
enabling
relay agent 26-11
server 26-10
DHCP-based autoconfiguration
client request message exchange 4-4
configuring
client side 4-4
DNS 4-8
relay device 4-8
server side 4-7
server-side 26-10
TFTP server 4-7
example 4-10
lease options
for IP address information 4-7
for receiving the configuration file 4-7
overview 4-3
relationship to BOOTP 4-4
relay support 1-7, 1-17
support for 1-7
DHCP-based autoconfiguration and image update
configuring 4-11 to 4-14
understanding 4-5 to 4-6
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP object tracking, configuring primary interface 49-11
DHCP option 82
circuit ID suboption 26-5
configuration guidelines 26-9
default configuration 26-8
displaying 26-16
forwarding address, specifying 26-11
helper address 26-11
overview 26-3
packet format, suboption
circuit ID 26-5
remote ID 26-5
remote ID suboption 26-5
DHCP server port-based address allocation
configuration guidelines 26-27
default configuration 26-27
described 26-26
displaying 26-29, 27-12
enabling 26-27
reserved addresses 26-28
DHCP snooping
accepting untrusted packets form edge switch 26-3, 26-13
and private VLANs 26-14
binding database
See DHCP snooping binding database
configuration guidelines 26-9
default configuration 26-8
message exchange process 26-4
option 82 data insertion 26-3
trusted interface 26-2
untrusted interface 26-2
untrusted messages 26-2
DHCP snooping binding database
adding bindings 26-15
binding file
format 26-7
location 26-6
bindings 26-6
clearing agent statistics 26-15
configuration guidelines 26-9
configuring 26-15
default configuration 26-8, 26-9
deleting
binding file 26-15
bindings 26-15
database agent 26-15
described 26-6
enabling 26-15
entry 26-6
renewing database 26-15
resetting
delay value 26-15
timeout value 26-15
DHCP snooping binding table
See DHCP snooping binding database
DHCPv6
configuration guidelines 45-27
default configuration 45-27
described 45-10
enabling client function 45-29
enabling DHCPv6 server function 45-27
diagnostic schedule command 56-2
Differentiated Services architecture, QoS 40-2
Differentiated Services Code Point 40-2
Diffusing Update Algorithm (DUAL) 44-37
directed unicast requests 1-7
directories
changing A-4
creating and removing A-5
displaying the working A-4
discovery, clusters
See automatic discovery
Distance Vector Multicast Routing Protocol
See DVMRP
distance-vector protocols 44-3
distribute-list command 44-104
DNS
and DHCP-based autoconfiguration 4-8
default configuration 7-9
displaying the configuration 7-10
in IPv6 45-4
overview 7-8
setting up 7-9
support for 1-7
DNS-based SSM mapping 51-18, 51-20
domain names
DNS 7-8
VTP 17-9
Domain Name System
See DNS
domains, ISO IGRP routing 44-67
dot1q-tunnel switchport mode 16-16
double-tagged packets
IEEE 802.1Q tunneling 20-2
Layer 2 protocol tunneling 20-11
downloadable ACL 11-18, 11-20, 11-71
downloading
configuration files
preparing A-11, A-14, A-17
reasons for A-9
using FTP A-14
using RCP A-18
using TFTP A-12
image files
deleting old image A-30
preparing A-28, A-31, A-36
reasons for A-25
using CMS 1-3
using FTP A-32
using HTTP 1-3, A-25
using RCP A-37
using TFTP A-28
using the device manager or Network Assistant A-25
drop threshold for Layer 2 protocol packets 20-12
DRP
configuring 45-24
described 45-9
IPv6 45-9
DSCP 1-15, 40-2
DSCP input queue threshold map for QoS 40-18
DSCP output queue threshold map for QoS 40-21
DSCP-to-CoS map for QoS 40-76
DSCP-to-DSCP-mutation map for QoS 40-77
DSCP transparency 40-46
DTP 1-10, 16-15
dual-action detection 42-6
DUAL finite state machine, EIGRP 44-38
dual IPv4 and IPv6 templates 8-3, 45-10
dual protocol stacks
IPv4 and IPv6 45-10
SDM templates supporting 45-10
DVMRP
autosummarization
configuring a summary address 51-59
disabling 51-61
connecting PIM domain to DVMRP router 51-51
enabling unicast routing 51-54
interoperability
with Cisco devices 51-49
with Cisco IOS software 51-9
mrinfo requests, responding to 51-54
neighbors
advertising the default route to 51-53
discovery with Probe messages 51-49
displaying information 51-54
prevent peering with nonpruning 51-57
rejecting nonpruning 51-55
overview 51-9
routes
adding a metric offset 51-62
advertising all 51-61
advertising the default route to neighbors 51-53
caching DVMRP routes learned in report messages 51-55
changing the threshold for syslog messages 51-58
favoring one over another 51-62
limiting the number injected into MBONE 51-58
limiting unicast route advertisements 51-49
routing table 51-9
source distribution tree, building 51-9
support for 1-17
tunnels
configuring 51-51
displaying neighbor information 51-54
dynamic access ports
characteristics 16-3
configuring 16-28
defined 15-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 27-1
ARP requests, described 27-1
ARP spoofing attack 27-1
clearing
log buffer 27-15
statistics 27-15
configuration guidelines 27-6
configuring
ACLs for non-DHCP environments 27-9
in DHCP environments 27-7
log buffer 27-13
rate limit for incoming ARP packets 27-4, 27-10
default configuration 27-5
denial-of-service attacks, preventing 27-10
described 27-1
DHCP snooping binding database 27-2
displaying
statistics 27-15
error-disabled state for exceeding rate limit 27-4
function of 27-2
interface trust states 27-3
log buffer
clearing 27-15
configuring 27-13
logging of dropped packets, described 27-5
man-in-the middle attack, described 27-2
network security issues and interface trust states 27-3
priority of ARP ACLs and DHCP snooping entries 27-4
rate limiting of ARP packets
configuring 27-10
described 27-4
error-disabled state 27-4
statistics
clearing 27-15
displaying 27-15
validation checks, performing 27-12
dynamic auto trunking mode 16-16
dynamic desirable trunking mode 16-16
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 16-26
reconfirming 16-29
troubleshooting 16-31
types of connections 16-29
dynamic routing 44-3
ISO CLNS 44-66
Dynamic Trunking Protocol
See DTP
E
EAC 14-2
EBGP 44-46
editing features
enabling and disabling 2-6
keystrokes used 2-7
wrapped lines 2-8
EEM 3.2 38-5
EIGRP
authentication 44-43
components 44-38
configuring 44-41
default configuration 44-39
definition 44-37
interface parameters, configuring 44-42
monitoring 44-45
stub routing 44-44
support for 1-16
EIGRP IPv6 45-12
elections
See stack master
ELIN location 32-3
embedded event manager
3.2 38-5
actions 38-4
configuring 38-1, 38-6
displaying information 38-8
environmental variables 38-5
event detectors 38-3
policies 38-4
registering and defining an applet 38-6
registering and defining a TCL script 38-7
understanding 38-1
enable password 10-3
enable secret password 10-3
Enable the FIPS mode 4-25
encryption, CipherSuite 10-50
encryption for passwords 10-3
encryption keying 12-2
encryption keys, MKA 12-2
Endpoint Admission Control (EAC) 14-2
Enhanced IGRP
See EIGRP
enhanced object tracking
backup static routing 49-12
defined 49-1
DHCP primary interface 49-11
HSRP 49-7
IP routing state 49-2
IP SLAs 49-9
line-protocol state 49-2
network monitoring with IP SLAs 49-11
routing policy, configuring 49-12
static route primary interface 49-10
tracked lists 49-3
enhanced object tracking static routing 49-10
environmental variables, embedded event manager 38-5
environment variables, function of 4-22
equal-cost routing 1-16, 44-93
error-disabled state, BPDU 23-2
error messages during command entry 2-4
EtherChannel
automatic creation of 42-5, 42-7
channel groups
binding physical and logical interfaces 42-4
numbering of 42-4
configuration guidelines 42-12
configuring
Layer 2 interfaces 42-13
Layer 3 physical interfaces 42-16
Layer 3 port-channel logical interfaces 42-15
default configuration 42-11
described 42-2
displaying status 42-22
forwarding methods 42-8, 42-18
IEEE 802.3ad, described 42-7
interaction
with STP 42-12
with VLANs 42-12
LACP
described 42-7
displaying status 42-22
hot-standby ports 42-20
interaction with other features 42-8
modes 42-7
port priority 42-22
system priority 42-21
Layer 3 interface 44-5
load balancing 42-8, 42-18
logical interfaces, described 42-4
PAgP
aggregate-port learners 42-19
described 42-5
displaying status 42-22
interaction with other features 42-7
interaction with virtual switches 42-6
learn method and priority configuration 42-19
modes 42-6
support for 1-5
with dual-action detection 42-6
port-channel interfaces
described 42-4
numbering of 42-4
port groups 15-6
stack changes, effects of 42-10
support for 1-5
EtherChannel guard
described 23-10
disabling 23-17
enabling 23-17
Ethernet management port
active link 15-27
and routing 15-27
and routing protocols 15-27
and TFTP 15-29
configuring 15-29
connecting to 2-10
default setting 15-27
described 15-26
for network management 15-26
specifying 15-29
supported features 15-28
unsupported features 15-29
Ethernet management port, internal
and routing 15-27
and routing protocols 15-27
unsupported features 15-29
Ethernet VLANs
adding 16-8
defaults and ranges 16-7
modifying 16-8
EUI 45-4
event detectors, embedded event manager 38-3
events, RMON 35-3
examples
network configuration 1-23
expedite queue for QoS 40-89
Express Setup 1-2
See also getting started guide
extended crashinfo file 55-24
extended-range VLANs
configuration guidelines 16-11
configuring 16-10
creating 16-12
creating with an internal VLAN ID 16-13
defined 16-1
extended system ID
MSTP 22-18
STP 21-5, 21-17
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 11-2
external BGP
See EBGP
external neighbors, BGP 44-50
F
Fa0 port
See Ethernet management port
failover support 1-9
fallback bridging
and protected ports 54-4
bridge groups
creating 54-4
described 54-2
function of 54-2
number supported 54-4
removing 54-5
configuration guidelines 54-4
connecting interfaces with 15-15
default configuration 54-3
described 54-1
frame forwarding
flooding packets 54-2
forwarding packets 54-2
overview 54-1
protocol, unsupported 54-4
stack changes, effects of 54-3
STP
disabling on an interface 54-9
forward-delay interval 54-8
hello BPDU interval 54-8
interface priority 54-6
keepalive messages 21-2
maximum-idle interval 54-9
path cost 54-7
VLAN-bridge spanning-tree priority 54-6
VLAN-bridge STP 54-2
support for 1-16
SVIs and routed ports 54-1
unsupported protocols 54-4
VLAN-bridge STP 21-12
Fast Convergence 25-3
fastethernet0 port
See Ethernet management port
Fast Uplink Transition Protocol 23-6
features, incompatible 31-12
FIB 44-92
fiber-optic, detecting unidirectional links 33-1
files
basic crashinfo
description 55-25
location 55-25
copying A-5
crashinfo, description 55-24
deleting A-6
displaying the contents of A-8
extended crashinfo
description 55-25
location 55-25
tar
creating A-7
displaying the contents of A-7
extracting A-8
image file format A-26
file system
displaying available file systems A-2
displaying file information A-3
local file system names A-1
network file system names A-5
setting the default A-3
filtering
in a VLAN 39-32
IPv6 traffic 41-4, 41-7
non-IP traffic 39-29
show and more command output 2-9
filtering show and more command output 2-9
filters, IP
See ACLs, IP
FIPS 140-2 1-11
flash device, number of A-1
flexible authentication ordering
configuring 11-74
overview 11-31
Flexible NetFlow
components 48-1
configuring a flow monitor 48-6
configuring flow records 48-3
configuring the exported 48-3
configuring the exporter 48-5
interface configuration 48-7
purpose 48-1
sampling 48-9
unsupported features 48-2
Flex Link Multicast Fast Convergence 25-3
Flex Links
configuring 25-8, 25-9
configuring preferred VLAN 25-11
configuring VLAN load balancing 25-10
default configuration 25-8
description 25-1
link load balancing 25-2
monitoring 25-14
VLANs 25-2
flooded traffic, blocking 31-8
flow-based packet classification 1-15
flowcharts
QoS classification 40-7
QoS egress queueing and scheduling 40-19
QoS ingress queueing and scheduling 40-16
QoS policing and marking 40-11
flowcontrol
configuring 15-34
described 15-33
forward-delay time
MSTP 22-24
STP 21-24
Forwarding Information Base
See FIB
forwarding nonroutable protocols 54-1
FTP
configuration files
downloading A-14
overview A-13
preparing the server A-14
uploading A-16
image files
deleting old image A-34
downloading A-32
preparing the server A-31
uploading A-34
G
general query 25-5
Generating IGMP Reports 25-3
get-next-request operation 37-4
get-request operation 37-4
Gigabit modules
See SFPs
global leave, IGMP 28-13
guest VLAN and IEEE 802.1x 11-21
guide mode 1-3
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces 15-42
hello time
MSTP 22-23
STP 21-23
help, for the command line 2-3
hierarchical policy maps 40-9
configuration guidelines 40-40
configuring 40-63
described 40-12
history
changing the buffer size 2-5
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 36-10
host modes, MACsec 12-4
host names in clusters 6-13
host ports
configuring 19-11
kinds of 19-2
hosts, limit on dynamic ports 16-31
Hot Standby Router Protocol
See HSRP
HP OpenView 1-6
HSRP
authentication string 46-10
automatic cluster recovery 6-12
binding to cluster group 46-12
cluster standby group considerations 6-11
command-switch redundancy 1-1, 1-2, 1-9
configuring 46-5
default configuration 46-5
definition 46-1
guidelines 46-6
monitoring 46-13
object tracking 49-7
overview 46-1
priority 46-8
routing redundancy 1-16
support for ICMP redirect messages 46-12
switch stack considerations 46-5
timers 46-10
tracking 46-8
See also clusters, cluster standby group, and standby command switch
HSRP for IPv6
configuring 45-37
guidelines 45-36
HTTP(S) Over IPv6 45-13
HTTP over SSL
see HTTPS
HTTPS
configuring 10-52
described 10-48
self-signed certificate 10-49
HTTP secure server 10-48
I
IBPG 44-46
ICMP
IPv6 45-4
redirect messages 44-13
support for 1-17
time-exceeded messages 55-18
traceroute and 55-18
unreachable messages 39-22
unreachable messages and IPv6 41-4
unreachables and ACLs 39-23
ICMP Echo operation
configuring 47-11
IP SLAs 47-11
ICMP ping
executing 55-15
overview 55-15
ICMP Router Discovery Protocol
See IRDP
ICMPv6 45-4
IDS appliances
and ingress RSPAN 34-22
and ingress SPAN 34-15
IEEE 802.1D
See STP
IEEE 802.1p 18-1
IEEE 802.1Q
and trunk ports 15-4
configuration limitations 16-17
encapsulation 16-15
native VLAN for untagged traffic 16-21
tunneling
compatibility with other features 20-6
defaults 20-4
described 20-1
tunnel ports with other features 20-6
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3af
See PoE
IEEE 802.3x flow control 15-33
ifIndex values, SNMP 37-5
IFS 1-7
IGMP
configurable leave timer
described 28-6
enabling 28-11
configuring the switch
as a member of a group 51-39
statically connected member 51-44
controlling access to groups 51-40
default configuration 51-39
fast switching 51-44
flooded multicast traffic
controlling the length of time 28-12
disabling on an interface 28-13
global leave 28-13
query solicitation 28-13
recovering from flood mode 28-13
host-query interval, modifying 51-42
joining multicast group 28-3
join messages 28-3
leave processing, enabling 28-11, 29-9
leaving multicast group 28-5
multicast reachability 51-39
overview 51-3
queries 28-4
report suppression
described 28-6
disabling 28-16, 29-11
supported versions 28-3
support for 1-5
Version 1
changing to Version 2 51-41
described 51-3
Version 2
changing to Version 1 51-41
described 51-3
maximum query response time value 51-43
pruning groups 51-43
query timeout value 51-42
IGMP filtering
configuring 28-25
default configuration 28-24
described 28-24
support for 1-5
IGMP groups
configuring filtering 28-27
setting the maximum number 28-27
IGMP helper 51-6
IGMP Immediate Leave
configuration guidelines 28-11
described 28-6
enabling 28-11
IGMP profile
applying 28-26
configuration mode 28-25
configuring 28-25
IGMP snooping
and address aliasing 28-2
and stack changes 28-7
configuring 28-7
default configuration 28-7, 29-6
definition 28-2
enabling and disabling 28-8, 29-7
global configuration 28-8
Immediate Leave 28-6
in the switch stack 28-7
method 28-8
monitoring 28-16, 29-12
querier
configuration guidelines 28-14
configuring 28-14
supported versions 28-3
support for 1-5
VLAN configuration 28-8
IGMP throttling
configuring 28-27
default configuration 28-25
described 28-24
displaying action 28-29
IGP 44-27
Immediate Leave, IGMP
described 28-6
enabling 29-9
inaccessible authentication bypass
802.1x 11-23
support for multiauth ports 11-23
initial configuration
defaults 1-20
Express Setup 1-2
interface
number 15-20
range macros 15-24
interface command 15-20 to 15-21
interface configuration
REP 24-9
interfaces
auto-MDIX, configuring 15-34
configuring
procedure 15-21
counters, clearing 15-55
default configuration 15-30
described 15-39
descriptive name, adding 15-39
displaying information about 15-54
duplex and speed configuration guidelines 15-31
flow control 15-33
management 1-6
monitoring 15-53
naming 15-39
physical, identifying 15-20
range of 15-22
restarting 15-55, 15-56
shutting down 15-55
speed and duplex, configuring 15-32
status 15-53
supported 15-20
types of 15-1
interfaces range macro command 15-24
interface types 15-20
Interior Gateway Protocol
See IGP
internal BGP
See IBGP
internal neighbors, BGP 44-50
internal power supplies
See power supplies
Internet Control Message Protocol
See ICMP
Internet Group Management Protocol
See IGMP
Internet Protocol version 6
See IPv6
Inter-Switch Link
See ISL
inter-VLAN routing 1-16, 44-2
Intrusion Detection System
See IDS appliances
inventory management TLV 32-3
IP ACLs
for QoS classification 40-7
implicit deny 39-11, 39-15
implicit masks 39-11
named 39-16
undefined 39-23
IP addresses
128-bit 45-2
candidate or member 6-4, 6-13
classes of 44-7
cluster access 6-2
command switch 6-3, 6-11, 6-13
default configuration 44-6
discovering 7-24
for IP routing 44-6
IPv6 45-2
MAC address association 44-10
monitoring 44-19
redundant clusters 6-11
standby command switch 6-11, 6-13
See also IP information
IP base feature set 1-1, 1-2
IP base software image 1-1
IP broadcast address 44-17
ip cef distributed command 44-92
IP directed broadcasts 44-15
ip igmp profile command 28-25
IP information
assigned
manually 4-15
through DHCP-based autoconfiguration 4-3
default configuration 4-3
IP multicast routing
addresses
all-hosts 51-3
all-multicast-routers 51-3
host group address range 51-3
administratively-scoped boundaries, described 51-47
and IGMP snooping 28-2
Auto-RP
adding to an existing sparse-mode cloud 51-26
benefits of 51-26
configuration guidelines 51-12
filtering incoming RP announcement messages 51-28
overview 51-7
preventing candidate RP spoofing 51-28
preventing join messages to false RPs 51-28
setting up in a new internetwork 51-26
using with BSR 51-34
bootstrap router
configuration guidelines 51-12
configuring candidate BSRs 51-32
configuring candidate RPs 51-33
defining the IP multicast boundary 51-31
defining the PIM domain border 51-30
overview 51-7
using with Auto-RP 51-34
Cisco implementation 51-2
configuring
basic multicast routing 51-12
IP multicast boundary 51-47
default configuration 51-11
enabling
PIM mode 51-13
group-to-RP mappings
Auto-RP 51-7
BSR 51-7
MBONE
described 51-46
enabling sdr listener support 51-46
limiting DVMRP routes advertised 51-58
limiting sdr cache entry lifetime 51-46
SAP packets for conference session announcement 51-46
Session Directory (sdr) tool, described 51-46
multicast forwarding, described 51-8
PIMv1 and PIMv2 interoperability 51-11
protocol interaction 51-2
reverse path check (RPF) 51-8
RP
assigning manually 51-24
configuring Auto-RP 51-26
configuring PIMv2 BSR 51-30
monitoring mapping information 51-35
using Auto-RP and BSR 51-34
stacking
stack master functions 51-10
stack member functions 51-10
statistics, displaying system and network 51-63
See also CGMP
See also DVMRP
See also IGMP
See also PIM
IP phones
and QoS 18-1
automatic classification and queueing 40-23
configuring 18-4
ensuring port security with QoS 40-45
trusted boundary for QoS 40-45
IP Port Security for Static Hosts
on a Layer 2 access port 26-20
on a PVLAN host port 26-24
IP precedence 40-2
IP-precedence-to-DSCP map for QoS 40-74
IP protocols
routing 1-16
IP routes, monitoring 44-106
IP routing
connecting interfaces with 15-15
disabling 44-20
enabling 44-20
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 47-1
IP services feature set 1-2
IP SLAs
benefits 47-2
configuration guidelines 47-6
configuring object tracking 49-9
Control Protocol 47-4
default configuration 47-6
definition 47-1
ICMP echo operation 47-11
measuring network performance 47-3
monitoring 47-13
multioperations scheduling 47-5
object tracking 49-9
operation 47-3
reachability tracking 49-9
responder
described 47-4
enabling 47-7
response time 47-4
scheduling 47-5
SNMP support 47-2
supported metrics 47-2
threshold monitoring 47-6
track object monitoring agent, configuring 49-11
track state 49-9
UDP jitter operation 47-8
IP source guard
and 802.1x 26-19
and DHCP snooping 26-16
and port security 26-19
and private VLANs 26-19
and routed ports 26-18
and TCAM entries 26-19
and trunk interfaces 26-18
and VRF 26-19
binding configuration
automatic 26-16
manual 26-16
binding table 26-16
configuration guidelines 26-18
default configuration 26-18
described 26-16
disabling 26-20
displaying
bindings 26-26
configuration 26-26
enabling 26-19, 26-21
filtering
source IP address 26-17
source IP and MAC address 26-17
source IP address filtering 26-17
source IP and MAC address filtering 26-17
static bindings
adding 26-19, 26-21
deleting 26-20
static hosts 26-21
IP traceroute
executing 55-18
overview 55-18
IP unicast routing
address resolution 44-10
administrative distances 44-94, 44-104
ARP 44-10
assigning IP addresses to Layer 3 interfaces 44-7
authentication keys 44-105
broadcast
address 44-17
flooding 44-18
packets 44-15
storms 44-15
classless routing 44-8
configuring static routes 44-94
default
addressing configuration 44-6
gateways 44-13
networks 44-95
routes 44-95
routing 44-3
directed broadcasts 44-15
disabling 44-20
dynamic routing 44-3
enabling 44-20
EtherChannel Layer 3 interface 44-5
IGP 44-27
inter-VLAN 44-2
IP addressing
classes 44-7
configuring 44-6
IPv6 45-3
IRDP 44-13
Layer 3 interfaces 44-5
MAC address and IP address 44-10
passive interfaces 44-103
protocols
distance-vector 44-3
dynamic 44-3
link-state 44-3
proxy ARP 44-10
redistribution 44-96
reverse address resolution 44-10
routed ports 44-5
static routing 44-3
steps to configure 44-5
subnet mask 44-7
subnet zero 44-8
supernet 44-8
UDP 44-16
unicast reverse path forwarding 1-17, 44-91
with SVIs 44-5
See also BGP
See also EIGRP
See also OSPF
See also RIP
IPv4 ACLs
applying to interfaces 39-21
extended, creating 39-11
named 39-16
standard, creating 39-10
IPv6
ACLs
displaying 41-8
limitations 41-3
matching criteria 41-3
port 41-2
precedence 41-2
router 41-2
supported 41-2
addresses 45-2
address formats 45-2
and switch stacks 45-15
applications 45-9
assigning address 45-17
autoconfiguration 45-9
CEFv6 45-30
default configuration 45-16
default router preference (DRP) 45-9
defined 45-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 45-12
EIGRP IPv6 Commands 45-13
Router ID 45-12
feature limitations 45-14
features not supported 45-14
forwarding 45-17
ICMP 45-4
monitoring 45-39
neighbor discovery 45-4
OSPF 45-11
path MTU discovery 45-4
SDM templates 8-3, 29-1, 41-1
stack master functions 45-15
Stateless Autoconfiguration 45-9
supported features 45-3
switch limitations 45-14
understanding static routes 45-11
IPv6 traffic, filtering 41-4
IRDP
configuring 44-14
definition 44-13
support for 1-17
IS-IS
addresses 44-67
area routing 44-67
default configuration 44-68
monitoring 44-76
show commands 44-76
system routing 44-67
ISL
and IPv6 45-3
and trunk ports 15-4
encapsulation 1-10, 16-15
trunking with IEEE 802.1 tunneling 20-5
ISO CLNS
clear commands 44-76
dynamic routing protocols 44-66
monitoring 44-76
NETs 44-66
NSAPs 44-66
OSI standard 44-66
ISO IGRP
area routing 44-67
system routing 44-67
isolated port 19-2
isolated VLANs 19-2, 19-3
J
join messages, IGMP 28-3
K
KDC
described 10-39
See also Kerberos
keepalive messages 21-2
Kerberos
authenticating to
boundary switch 10-41
KDC 10-41
network services 10-42
configuration examples 10-39
configuring 10-42
credentials 10-39
described 10-39
KDC 10-39
operation 10-41
realm 10-40
server 10-41
support for 1-13
switch as trusted third party 10-39
terms 10-40
TGT 10-41
tickets 10-39
key distribution center
See KDC
L
l2protocol-tunnel command 20-14
LACP
Layer 2 protocol tunneling 20-10
See EtherChannel
Layer 2 frames, classification with CoS 40-2
Layer 2 interfaces, default configuration 15-30
Layer 2 protocol tunneling
configuring 20-11
configuring for EtherChannels 20-15
default configuration 20-12
defined 20-8
guidelines 20-13
Layer 2 traceroute
and ARP 55-17
and CDP 55-17
broadcast traffic 55-16
described 55-16
IP addresses and subnets 55-17
MAC addresses and VLANs 55-17
multicast traffic 55-17
multiple devices on a port 55-17
unicast traffic 55-16
usage guidelines 55-17
Layer 3 features 1-16
Layer 3 interfaces
assigning IP addresses to 44-7
assigning IPv4 and IPv6 addresses to 45-25
assigning IPv6 addresses to 45-17
changing from Layer 2 mode 44-82
types of 44-5
Layer 3 packets, classification methods 40-2
LDAP 3-2
Leaking IGMP Reports 25-4
LEDs, switch
See hardware installation guide
Lightweight Directory Access Protocol
See LDAP
Link Aggregation Control Protocol
See EtherChannel
Link Failure, detecting unidirectional 22-7
link integrity, verifying with REP 24-3
Link Layer Discovery Protocol
See CDP
link local unicast addresses 45-4
link redundancy
See Flex Links
links, unidirectional 33-1
link state advertisements (LSAs) 44-33
link-state protocols 44-3
link-state tracking
configuring 42-25
described 42-23
LLDP
configuring 32-5
characteristics 32-6
default configuration 32-5
enabling 32-6
monitoring and maintaining 32-11
overview 32-1
supported TLVs 32-2
switch stack considerations 32-2
transmission timer and holdtime, setting 32-6
LLDP-MED
configuring
procedures 32-5
TLVs 32-7
monitoring and maintaining 32-11
overview 32-1, 32-2
supported TLVs 32-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing 46-4
local SPAN 34-2
location TLV 32-3
logging messages, ACL 39-9
login authentication
with RADIUS 10-29
with TACACS+ 10-14
login banners 7-10
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-35
loop guard
described 23-11
enabling 23-18
support for 1-9
LRE profiles, considerations in switch clusters 6-16
M
MAC/PHY configuration status TLV 32-2
MAC addresses
aging time 7-14
and VLAN association 7-13
building the address table 7-13
default configuration 7-14
disabling learning on a VLAN 7-23
discovering 7-24
displaying 7-23
displaying in the IP source binding table 26-26
dynamic
learning 7-13
removing 7-15
in ACLs 39-29
IP address association 44-10
static
adding 7-20
allowing 7-22, 7-23
characteristics of 7-20
dropping 7-21
removing 7-20
MAC address learning 1-7
MAC address learning, disabling on a VLAN 7-23
MAC address notification, support for 1-18
MAC address-table move update
configuration guidelines 25-8
configuring 25-12
default configuration 25-8
description 25-6
monitoring 25-14
MAC address-to-VLAN mapping 16-26
MAC authentication bypass 11-15
MAC extended access lists
applying to Layer 2 interfaces 39-31
configuring for QoS 40-53
creating 39-29
defined 39-29
for QoS classification 40-5
MACSec 14-2
802.1AE Tagging 12-9
MACsec 12-2
and stacking 12-3
configuring on an interface 12-7
defined 12-1, 12-2
switch-to-switch security 12-1
MACsec Key Agreement Protocol
See MKA
magic packet 11-28
manageability features 1-7
management access
in-band
browser session 1-8
CLI session 1-8
device manager 1-8
SNMP 1-8
out-of-band console port connection 1-8
management address TLV 32-2
management options
CLI 2-1
clustering 1-4
CNS 3-1
Network Assistant 1-3
overview 1-6
switch stacks 1-3
management VLAN
considerations in switch clusters 6-7
discovery through different management VLANs 6-7
manual preemption, REP, configuring 24-13
mapping tables for QoS
configuring
CoS-to-DSCP 40-73
DSCP 40-73
DSCP-to-CoS 40-76
DSCP-to-DSCP-mutation 40-77
IP-precedence-to-DSCP 40-74
policed-DSCP 40-75
described 40-13
marking
action in policy map 40-58
action with aggregate policers 40-71
described 40-4, 40-9
matching IPv4 ACLs 39-8
maximum aging time
MSTP 22-24
STP 21-24
maximum hop count, MSTP 22-25
maximum number of allowed devices, port-based authentication 11-41
maximum-paths command 44-54, 44-93
MDA
configuration guidelines 11-31 to 11-32
described 1-12, 11-31
exceptions with authentication process 11-4
Media Access Control Security
See MACsec
membership mode, VLAN port 16-3
member switch
automatic discovery 6-5
defined 6-2
managing 6-16
passwords 6-13
recovering from lost connectivity 55-12
requirements 6-4
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 7-10
metrics, in BGP 44-54
metric translations, between routing protocols 44-99
metro tags 20-2
MHSRP 46-4
MIBs
overview 37-1
SNMP interaction with 37-4
mini-point-of-presence
See POP
mini-type USB console port 15-16
mirroring traffic for analysis 34-1
mismatches, autonegotiation 55-13
MKA
configuring policies 12-6
defined 12-2
policies 12-2
replay protection 12-3
statistics 12-5
virtual ports 12-3
module number 15-20
monitoring
access groups 39-44
BGP 44-65
cables for unidirectional links 33-1
CDP 30-5
CEF 44-92
EIGRP 44-45
fallback bridging 54-10
features 1-18
Flex Links 25-14
HSRP 46-13
IEEE 802.1Q tunneling 20-19
IGMP
snooping 28-16, 29-12
interfaces 15-53
IP
address tables 44-19
multicast routing 51-63
routes 44-106
IP SLAs operations 47-13
IPv4 ACL configuration 39-44
IPv6 45-39
IPv6 ACL configuration 41-8
IS-IS 44-76
ISO CLNS 44-76
Layer 2 protocol tunneling 20-19
MAC address-table move update 25-14
MSDP peers 53-19
multicast router interfaces 28-17
multi-VRF CE 44-90
network traffic for analysis with probe 34-2
object tracking 49-12
OSPF 44-37
private VLANs 19-15
REP 24-14
RP mapping information 51-35
SFP status 55-14
source-active messages 53-19
speed and duplex mode 15-33
SSM mapping 51-22
traffic flowing among switches 35-1
traffic suppression 31-21
tunneling 20-19
VLAN
filters 39-45
maps 39-45
VLANs 16-14
VMPS 16-30
VTP 17-18
mrouter Port 25-3
mrouter port 25-5
MSDP
benefits of 53-3
clearing MSDP connections and statistics 53-19
controlling source information
forwarded by switch 53-12
originated by switch 53-8
received by switch 53-14
default configuration 53-4
dense-mode regions
sending SA messages to 53-17
specifying the originating address 53-18
filtering
incoming SA messages 53-14
SA messages to a peer 53-12
SA requests from a peer 53-11
join latency, defined 53-6
meshed groups
configuring 53-16
defined 53-16
originating address, changing 53-18
overview 53-1
peer-RPF flooding 53-2
peers
configuring a default 53-4
monitoring 53-19
peering relationship, overview 53-1
requesting source information from 53-8
shutting down 53-16
source-active messages
caching 53-6
defined 53-2
filtering from a peer 53-11
filtering incoming 53-14
filtering to a peer 53-12
limiting data with TTL 53-14
restricting advertised sources 53-9
support for 1-17
MSTP
boundary ports
configuration guidelines 22-16
described 22-6
BPDU filtering
described 23-3
enabling 23-14
BPDU guard
described 23-2
enabling 23-13
CIST, described 22-3
CIST regional root 22-3
CIST root 22-5
configuration guidelines 22-15, 23-12
configuring
forward-delay time 22-24
hello time 22-23
link type for rapid convergence 22-25
maximum aging time 22-24
maximum hop count 22-25
MST region 22-16
neighbor type 22-26
path cost 22-21
port priority 22-20
root switch 22-18
secondary root switch 22-19
switch priority 22-22
CST
defined 22-3
operations between regions 22-3
default configuration 22-14
default optional feature configuration 23-12
displaying status 22-27
enabling the mode 22-16
EtherChannel guard
described 23-10
enabling 23-17
extended system ID
effects on root switch 22-18
effects on secondary root switch 22-19
unexpected behavior 22-18
IEEE 802.1s
implementation 22-6
port role naming change 22-6
terminology 22-5
instances supported 21-10
interface state, blocking to forwarding 23-2
interoperability and compatibility among modes 21-11
interoperability with IEEE 802.1D
described 22-8
restarting migration process 22-26
IST
defined 22-2
master 22-3
operations within a region 22-3
loop guard
described 23-11
enabling 23-18
mapping VLANs to MST instance 22-17
MST region
CIST 22-3
configuring 22-16
described 22-2
hop-count mechanism 22-5
IST 22-2
supported spanning-tree instances 22-2
optional features supported 1-9
overview 22-2
Port Fast
described 23-2
enabling 23-12
preventing root switch selection 23-10
root guard
described 23-10
enabling 23-18
root switch
configuring 22-18
effects of extended system ID 22-18
unexpected behavior 22-18
shutdown Port Fast-enabled port 23-2
stack changes, effects of 22-8
status, displaying 22-27
MTU
system 15-45
system jumbo 15-44
system routing 15-44
multiauth
support for inaccessible authentication bypass 11-23
multiauth mode
See multiple-authentication mode
multicast groups
Immediate Leave 28-6
joining 28-3
leaving 28-5
static joins 28-10, 29-8
multicast packets
ACLs on 39-43
blocking 31-8
multicast router interfaces, monitoring 28-17
multicast router ports, adding 28-9, 29-8
Multicast Source Discovery Protocol
See MSDP
multicast storm 31-1
multicast storm-control command 31-4
multicast television application 28-18
multicast VLAN 28-17
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
multioperations scheduling, IP SLAs 47-5
multiple authentication 11-12
Multiple HSRP
See MHSRP
multiple VPN routing/forwarding in customer edge devices
See multi-VRF CE
multi-VRF CE
configuration example 44-87
configuration guidelines 44-79
configuring 44-79
default configuration 44-79
defined 44-76
displaying 44-90
monitoring 44-90
network components 44-79
packet-forwarding process 44-78
support for 1-16
MVR
and address aliasing 28-20
and IGMPv3 28-21
configuring interfaces 28-22
default configuration 28-20
described 28-17
example application 28-18
in the switch stack 28-20
modes 28-21
multicast television application 28-18
setting global parameters 28-21
support for 1-5
N
NAC
AAA down policy 1-13
critical authentication 11-23, 11-63
IEEE 802.1x authentication using a RADIUS server 11-68
IEEE 802.1x validation using RADIUS server 11-68
inaccessible authentication bypass 1-13, 11-63
Layer 2 IEEE 802.1x validation 1-13, 11-68
Layer 2 IP validation 1-13
named IPv4 ACLs 39-16
named IPv6 ACLs 41-3
NameSpace Mapper
See NSM
native VLAN
and IEEE 802.1Q tunneling 20-4
configuring 16-21
default 16-21
NDAC 12-9, 14-2
defined 12-9
MACsec 12-1
NEAT
configuring 11-69
overview 11-33
neighbor discovery, IPv6 45-4
neighbor discovery/recovery, EIGRP 44-38
neighbor offset numbers, REP 24-4
neighbors, BGP 44-60
Network Admission Control
See NAC
Network Assistant
benefits 1-2
described 1-6
downloading image files 1-3
guide mode 1-3
management options 1-3
managing switch stacks 5-3, 5-17
upgrading a switch A-25
wizards 1-3
network configuration examples
cost-effective wiring closet 1-25
high-performance wiring closet 1-26
increasing network performance 1-23
large network 1-32
long-distance, high-bandwidth transport 1-36
multidwelling network 1-35
providing network services 1-24
redundant Gigabit backbone 1-28
server aggregation and Linux server cluster 1-28
small to medium-sized network 1-30
network design
performance 1-24
services 1-24
Network Device Admission Control (NDAC) 12-9, 14-2
Network Edge Access Topology
See NEAT
network management
CDP 30-1
RMON 35-1
SNMP 37-1
network performance, measuring with IP SLAs 47-3
network policy TLV 32-2
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
configuration guidelines 40-40
configuring 40-58
described 40-10
non-IP traffic filtering 39-29
nontrunking mode 16-16
normal-range VLANs 16-4
configuration guidelines 16-5
configuring 16-4
defined 16-1
no switchport command 15-5
not-so-stubby areas
See NSSA
NSAPs, as ISO IGRP addresses 44-67
NSF Awareness
IS-IS 44-69
NSM 3-3
NSSA, OSPF 44-33
NTP
associations
defined 7-2
overview 7-2
stratum 7-2
support for 1-7
time
services 7-2
synchronizing 7-2
O
OBFL
configuring 55-27
described 55-27
displaying 55-28
object tracking
HSRP 49-7
IP SLAs 49-9
IP SLAs, configuring 49-9
monitoring 49-12
offline configuration for switch stacks 5-8
off mode, VTP 17-4
on-board failure logging
See OBFL
online diagnostics
described 56-1
overview 56-1
running tests 56-4
open1x
configuring 11-74
open1x authentication
overview 11-31
Open Shortest Path First
See OSPF
optimizing system resources 8-1
options, management 1-6
OSPF
area parameters, configuring 44-33
configuring 44-31
default configuration
metrics 44-34
route 44-34
settings 44-28
described 44-27
for IPv6 45-11
interface parameters, configuring 44-32
LSA group pacing 44-36
monitoring 44-37
router IDs 44-36
route summarization 44-34
support for 1-16
virtual links 44-34
out-of-profile markdown 1-15
P
packet modification, with QoS 40-22
PAgP
Layer 2 protocol tunneling 20-10
See EtherChannel
parallel paths, in routing tables 44-93
passive interfaces
configuring 44-103
OSPF 44-35
passwords
default configuration 10-2
disabling recovery of 10-5
encrypting 10-3
for security 1-11
in clusters 6-14
overview 10-1
recovery of 55-3
setting
enable 10-3
enable secret 10-3
Telnet 10-6
with usernames 10-6
VTP domain 17-10
path cost
MSTP 22-21
STP 21-21
path MTU discovery 45-4
payload encryption 1-1
PBR
defined 44-99
enabling 44-101
fast-switched policy-based routing 44-102
local policy-based routing 44-102
PC (passive command switch) 6-10
peers, BGP 44-60
percentage thresholds in tracked lists 49-6
performance, network design 1-23
performance features 1-4
persistent self-signed certificate 10-49
per-user ACLs and Filter-Ids 11-8
per-VLAN spanning-tree plus
See PVST+
PE to CE routing, configuring 44-86
physical ports 15-3
PIM
default configuration 51-11
dense mode
overview 51-4
rendezvous point (RP), described 51-5
RPF lookups 51-9
enabling a mode 51-13
overview 51-4
router-query message interval, modifying 51-38
shared tree and source tree, overview 51-35
shortest path tree, delaying the use of 51-37
sparse mode
join messages and shared tree 51-5
overview 51-5
prune messages 51-5
RPF lookups 51-9
stub routing
configuration guidelines 51-22
enabling 51-23
overview 51-5
support for 1-17
versions
interoperability 51-11
troubleshooting interoperability problems 51-35
v2 improvements 51-4
PIM-DVMRP, as snooping method 28-9
ping
character output description 55-16
executing 55-15
overview 55-15
PoE
auto mode 15-10
CDP with power consumption, described 15-8
CDP with power negotiation, described 15-8
Cisco intelligent power management 15-8
configuring 15-35
devices supported 15-7
high-power devices operating in low-power mode 15-8
IEEE power classification levels 15-9
monitoring 15-11
monitoring power 15-38
policing power consumption 15-38
policing power usage 15-11
power budgeting 15-37
power consumption 15-37
powered-device detection and initial power allocation 15-8
power management modes 15-10
power negotiation extensions to CDP 15-8
standards supported 15-8
static mode 15-10
troubleshooting 55-13
policed-DSCP map for QoS 40-75
policers
configuring
for each matched traffic class 40-58
for more than one traffic class 40-71
described 40-4
number of 40-41
types of 40-10
policing
described 40-4
hierarchical
See hierarchical policy maps
token-bucket algorithm 40-10
policy-based routing
See PBR
policy maps for QoS
characteristics of 40-59
described 40-8
hierarchical 40-9
hierarchical on SVIs
configuration guidelines 40-40
configuring 40-63
described 40-12
nonhierarchical on physical ports
configuration guidelines 40-40
configuring 40-58
described 40-10
POP 1-35
port ACLs
defined 39-3
types of 39-4
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 11-14
authentication server
defined 11-3, 13-2
RADIUS server 11-3
client, defined 11-3, 13-2
configuration guidelines 11-39, 13-9
configuring
802.1x authentication 11-44
guest VLAN 11-60
host mode 11-47
inaccessible authentication bypass 11-63
manual re-authentication of a client 11-49
periodic re-authentication 11-48
quiet period 11-49
RADIUS server 11-47, 13-13
RADIUS server parameters on the switch 11-46, 13-11
restricted VLAN 11-62
switch-to-client frame-retransmission number 11-50, 11-51
switch-to-client retransmission time 11-50
violation modes 11-43 to 11-44
default configuration 11-38, 13-9
described 11-1
device roles 11-3, 13-2
displaying statistics 11-76, 13-17
downloadable ACLs and redirect URLs
configuring 11-71 to 11-73, ?? to 11-73
overview 11-18 to 11-20
EAPOL-start frame 11-6
EAP-request/identity frame 11-6
EAP-response/identity frame 11-6
enabling
802.1X authentication 13-11
encapsulation 11-3
flexible authentication ordering
configuring 11-74
overview 11-31
guest VLAN
configuration guidelines 11-21, 11-22
described 11-21
host mode 11-12
inaccessible authentication bypass
configuring 11-63
described 11-23
guidelines 11-40
initiation and message exchange 11-6
magic packet 11-28
maximum number of allowed devices per port 11-41
method lists 11-44
multiple authentication 11-12
multiple-hosts mode, described 11-12
per-user ACLs
AAA authorization 11-44
configuration tasks 11-18
described 11-17
RADIUS server attributes 11-17
ports
authorization state and dot1x port-control command 11-11
authorized and unauthorized 11-10
voice VLAN 11-28
port security
described 11-28
readiness check
configuring 11-41
described 11-15, 11-41
resetting to default values 11-76
stack changes, effects of 11-11
statistics, displaying 11-76
switch
as proxy 11-3, 13-2
RADIUS client 11-3
switch supplicant
configuring 11-69
overview 11-33
user distribution
guidelines 11-27
overview 11-27
VLAN assignment
AAA authorization 11-44
characteristics 11-16
configuration tasks 11-17
described 11-16
voice aware 802.1x security
configuring 11-42
described 11-34, 11-42
voice VLAN
described 11-28
PVID 11-28
VVID 11-28
wake-on-LAN, described 11-28
port-based authentication methods, supported 11-8
port blocking 1-5, 31-7
port-channel
See EtherChannel
port description TLV 32-2
Port Fast
described 23-2
enabling 23-12
mode, spanning tree 16-27
support for 1-9
port membership modes, VLAN 16-3
port priority
MSTP 22-20
STP 21-19
ports
10-Gigabit Ethernet 15-7
access 15-3
blocking 31-7
dynamic access 16-3
protected 31-6
REP 24-6
routed 15-4
secure 31-9
static-access 16-3, 16-9
switch 15-3
trunks 16-3, 16-14
VLAN assignments 16-9
port security
aging 31-17
and other features 31-11
and private VLANs 31-18
and QoS trusted boundary 40-45
and stacking 31-18
configuration guidelines 31-11
configuring 31-13
default configuration 31-11
described 31-8
on trunk ports 31-14
sticky learning 31-9
violations 31-10
port-shutdown response, VMPS 16-26
port VLAN ID TLV 32-2
power inline consumption command 15-14
power management TLV 32-3
Power over Ethernet
See PoE
power supply
configuring 15-48
managing 15-48
preempt delay time, REP 24-5
preemption, default configuration 25-8
preemption delay, default configuration 25-8
preferential treatment of traffic
See QoS
prefix lists, BGP 44-58
preventing unauthorized access 10-1
primary edge port, REP 24-4
primary interface for object tracking, DHCP, configuring 49-11
primary interface for static routing, configuring 49-10
primary links 25-2
primary VLANs 19-1, 19-3
priority
HSRP 46-8
overriding CoS 18-6
trusting CoS 18-6
private VLAN edge ports
See protected ports
private VLANs
across multiple switches 19-4
and SDM template 19-4
and SVIs 19-5
and switch stacks 19-5
benefits of 19-1
community ports 19-2
community VLANs 19-2, 19-3
configuration guidelines 19-7, 19-8
configuration tasks 19-6
configuring 19-10
default configuration 19-6
end station access to 19-3
IP addressing 19-3
isolated port 19-2
isolated VLANs 19-2, 19-3
mapping 19-13
monitoring 19-15
ports
community 19-2
configuration guidelines 19-8
configuring host ports 19-11
configuring promiscuous ports 19-13
isolated 19-2
promiscuous 19-2
primary VLANs 19-1, 19-3
promiscuous ports 19-2
secondary VLANs 19-2
subdomains 19-1
traffic in 19-5
privilege levels
changing the default for lines 10-9
command switch 6-17
exiting 10-9
logging into 10-9
mapping on member switches 6-17
overview 10-2, 10-7
setting a command with 10-8
promiscuous ports
configuring 19-13
defined 19-2
protected ports 1-11, 31-6
protocol-dependent modules, EIGRP 44-38
Protocol-Independent Multicast Protocol
See PIM
protocol storm protection 31-19
provider edge devices 44-77
provisioning new members for a switch stack 5-8
proxy ARP
configuring 44-12
definition 44-10
with IP routing disabled 44-13
proxy reports 25-3
pruning, VTP
disabling
in VTP domain 17-16
on a port 16-21
enabling
in VTP domain 17-16
on a port 16-20
examples 17-7
overview 17-6
pruning-eligible list
changing 16-20
for VTP pruning 17-6
VLANs 17-16
PVST+
described 21-9
IEEE 802.1Q trunking interoperability 21-12
instances supported 21-10
Q
QoS
and MQC commands 40-1
auto-QoS
categorizing traffic 40-24
configuration and defaults display 40-36
configuration guidelines 40-33
described 40-23
disabling 40-35
displaying generated commands 40-35
displaying the initial configuration 40-36
effects on running configuration 40-33
egress queue defaults 40-25
list of generated commands 40-26
basic model 40-4
classification
class maps, described 40-8
defined 40-4
DSCP transparency, described 40-46
flowchart 40-7
forwarding treatment 40-3
in frames and packets 40-3
IP ACLs, described 40-7, 40-8
MAC ACLs, described 40-5, 40-8
options for IP traffic 40-6
options for non-IP traffic 40-5
policy maps, described 40-8
trust DSCP, described 40-5
trusted CoS, described 40-5
trust IP precedence, described 40-5
class maps
configuring 40-54
configuration guidelines
auto-QoS 40-33
standard QoS 40-39
configuring
aggregate policers 40-71
auto-QoS 40-23
default port CoS value 40-44
DSCP maps 40-73
DSCP transparency 40-46
DSCP trust states bordering another domain 40-47
egress queue characteristics 40-83
ingress queue characteristics 40-79
IP extended ACLs 40-50
IP standard ACLs 40-49
MAC ACLs 40-53
policy maps, hierarchical 40-63
policy maps on physical ports 40-58
port trust states within the domain 40-43
trusted boundary 40-45
default auto configuration 40-24
default standard configuration 40-37
DSCP transparency 40-46
egress queues
allocating buffer space 40-84
buffer allocation scheme, described 40-20
configuring shaped weights for SRR 40-88
configuring shared weights for SRR 40-89
described 40-4
displaying the threshold map 40-87
flowchart 40-19
mapping DSCP or CoS values 40-86
scheduling, described 40-4
setting WTD thresholds 40-84
WTD, described 40-22
enabling globally 40-42
flowcharts
classification 40-7
egress queueing and scheduling 40-19
ingress queueing and scheduling 40-16
policing and marking 40-11
implicit deny 40-8
ingress queues
allocating bandwidth 40-81
allocating buffer space 40-81
buffer and bandwidth allocation, described 40-18
configuring shared weights for SRR 40-81
configuring the priority queue 40-82
described 40-4
displaying the threshold map 40-80
flowchart 40-16
mapping DSCP or CoS values 40-80
priority queue, described 40-18
scheduling, described 40-4
setting WTD thresholds 40-80
WTD, described 40-18
IP phones
automatic classification and queueing 40-23
detection and trusted settings 40-23, 40-45
limiting bandwidth on egress interface 40-90
mapping tables
CoS-to-DSCP 40-73
DSCP-to-CoS 40-76
DSCP-to-DSCP-mutation 40-77
IP-precedence-to-DSCP 40-74
policed-DSCP 40-75
types of 40-13
marked-down actions 40-61
marking, described 40-4, 40-9
overview 40-2
packet modification 40-22
policers
configuring 40-61, 40-71
described 40-9
number of 40-41
types of 40-10
policies, attaching to an interface 40-9
policing
described 40-4, 40-9
token bucket algorithm 40-10
policy maps
characteristics of 40-59
hierarchical 40-9
hierarchical on SVIs 40-63
nonhierarchical on physical ports 40-58
QoS label, defined 40-4
queues
configuring egress characteristics 40-83
configuring ingress characteristics 40-79
high priority (expedite) 40-22, 40-89
location of 40-14
SRR, described 40-15
WTD, described 40-15
rewrites 40-22
support for 1-15
trust states
bordering another domain 40-47
described 40-5
trusted device 40-45
within the domain 40-43
quality of service
See QoS
queries, IGMP 28-4
query solicitation, IGMP 28-13
R
RADIUS
attributes
vendor-proprietary 10-36
vendor-specific 10-35
configuring
accounting 10-34
authentication 10-29
authorization 10-33
communication, global 10-27, 10-35
communication, per-server 10-27
multiple UDP ports 10-27
default configuration 10-27
defining AAA server groups 10-31
displaying the configuration 10-39
identifying the server 10-27
in clusters 6-16
limiting the services to the user 10-33
method list, defined 10-26
operation of 10-19
overview 10-18
server load balancing 10-39
suggested network environments 10-18
support for 1-13
tracking services accessed by user 10-34
RADIUS Change of Authorization 10-20
range
macro 15-24
of interfaces 15-22
rapid convergence 22-10
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 21-10
IEEE 802.1Q trunking interoperability 21-12
instances supported 21-10
Rapid Spanning Tree Protocol
See RSTP
RARP 44-10
rcommand command 6-16
RCP
configuration files
downloading A-18
overview A-17
preparing the server A-17
uploading A-19
image files
deleting old image A-38
downloading A-37
preparing the server A-36
uploading A-38
reachability, tracking IP SLAs IP host 49-9
readiness check
port-based authentication
configuring 11-41
described 11-15, 11-41
reconfirmation interval, VMPS, changing 16-29
reconfirming dynamic VLAN membership 16-29
redirect URL 11-18, 11-20, 11-71
redundancy
EtherChannel 42-3
HSRP 46-1
STP
backbone 21-9
multidrop backbone 23-5
path cost 16-24
port priority 16-22
redundant links and UplinkFast 23-15
redundant power system
See Cisco Redundant Power System 2300
reliable transport protocol, EIGRP 44-38
reloading software 4-23
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 34-3
REP
administrative VLAN 24-8
administrative VLAN, configuring 24-8
age timer 24-8
and STP 24-6
configuration guidelines 24-7
configuring interfaces 24-9
convergence 24-4
default configuration 24-7
manual preemption, configuring 24-13
monitoring 24-14
neighbor offset numbers 24-4
open segment 24-2
ports 24-6
preempt delay time 24-5
primary edge port 24-4
ring segment 24-2
secondary edge port 24-4
segments 24-1
characteristics 24-2
SNMP traps, configuring 24-13
supported interfaces 24-1
triggering VLAN load balancing 24-5
verifying link integrity 24-3
VLAN blocking 24-12
VLAN load balancing 24-4
report suppression, IGMP
described 28-6
disabling 28-16, 29-11
resequencing ACL entries 39-16
reserved addresses in DHCP pools 26-28
resets, in BGP 44-52
resetting a UDLD-shutdown interface 33-6
Resilient Ethernet Protocol
See REP
responder, IP SLAs
described 47-4
enabling 47-7
response time, measuring with IP SLAs 47-4
restricted VLAN
configuring 11-62
described 11-22
using with IEEE 802.1x 11-22
restricting access
overview 10-1
passwords and privilege levels 10-2
RADIUS 10-17
TACACS+ 10-10
retry count, VMPS, changing 16-30
reverse address resolution 44-10
Reverse Address Resolution Protocol
See RARP
RFC
1058, RIP 44-20
1112, IP multicast and IGMP 28-2
1157, SNMPv1 37-2
1163, BGP 44-45
1166, IP addresses 44-7
1253, OSPF 44-27
1267, BGP 44-45
1305, NTP 7-2
1587, NSSAs 44-27
1757, RMON 35-2
1771, BGP 44-45
1901, SNMPv2C 37-2
1902 to 1907, SNMPv2 37-2
2236, IP multicast and IGMP 28-2
2273-2275, SNMPv3 37-2
RFC 5176 Compliance 10-21
RIP
advertisements 44-21
authentication 44-24
configuring 44-22
default configuration 44-21
described 44-21
for IPv6 45-11
hop counts 44-21
split horizon 44-24
summary addresses 44-24
support for 1-16
RMON
default configuration 35-3
displaying status 35-6
enabling alarms and events 35-3
groups supported 35-2
overview 35-1
statistics
collecting group Ethernet 35-5
collecting group history 35-5
support for 1-18
root guard
described 23-10
enabling 23-18
support for 1-9
root switch
MSTP 22-18
STP 21-17
route calculation timers, OSPF 44-35
route dampening, BGP 44-64
routed packets, ACLs on 39-43
routed ports
configuring 44-5
defined 15-4
in switch clusters 6-8
IP addresses on 15-42, 44-5
route-map command 44-102
route maps
BGP 44-56
policy-based routing 44-100
router ACLs
defined 39-3
types of 39-5
route reflectors, BGP 44-63
router ID, OSPF 44-36
route selection, BGP 44-54
route summarization, OSPF 44-34
route targets, VPN 44-79
routing
default 44-3
dynamic 44-3
redistribution of information 44-96
static 44-3
routing domain confederation, BGP 44-63
Routing Information Protocol
See RIP
routing protocol administrative distances 44-94
RPS
See Cisco Redundant Power System 2300
RPS 2300
See Cisco Redundant Power System 2300
RSPAN 34-3
and stack changes 34-10
characteristics 34-9
configuration guidelines 34-17
default configuration 34-12
destination ports 34-8
displaying status 34-28
in a switch stack 34-3
interaction with other features 34-9
monitored ports 34-7
monitoring ports 34-8
overview 1-18, 34-1
received traffic 34-6
session limits 34-12
sessions
creating 34-18
defined 34-4
limiting source traffic to specific VLANs 34-20
specifying monitored ports 34-18
with ingress traffic enabled 34-22
source ports 34-7
transmitted traffic 34-6
VLAN-based 34-7
RSTP
active topology 22-9
BPDU
format 22-12
processing 22-13
designated port, defined 22-9
designated switch, defined 22-9
interoperability with IEEE 802.1D
described 22-8
restarting migration process 22-26
topology changes 22-13
overview 22-9
port roles
described 22-9
synchronized 22-11
proposal-agreement handshake process 22-10
rapid convergence
cross-stack rapid convergence 22-11
described 22-10
edge ports and Port Fast 22-10
point-to-point links 22-10, 22-25
root ports 22-10
root port, defined 22-9
See also MSTP
running configuration
replacing A-20, A-21
rolling back A-20, A-22
saving 4-16
S
SAP
defined 12-9
negotiation 12-9
support 12-1
SC (standby command switch) 6-10
scheduled reloads 4-23
scheduling, IP SLAs operations 47-5
SCP
and SSH 10-55
configuring 10-55
SDM
described 8-1
switch stack consideration 5-11
templates
configuring 8-6
number of 8-1
SDM template
configuring 8-5
dual IPv4 and IPv6 8-3
types of 8-1
secondary edge port, REP 24-4
secondary VLANs 19-2
Secure Copy Protocol
secure HTTP client
configuring 10-54
displaying 10-54
secure HTTP server
configuring 10-52
displaying 10-54
secure MAC addresses
and switch stacks 31-18
deleting 31-16
maximum number of 31-10
types of 31-9
secure ports
and switch stacks 31-18
configuring 31-9
secure remote connections 10-44
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 31-8
Security Exchange Protocol
See SXP
Security Exchange Protocol
See SAP
Security Exchange Protocol (SXP) 14-2
security features 1-10
Security Group Access Control List (SGACL) 14-2
Security Group Tag (SGT) 14-2
See SCP
sequence numbers in log messages 36-8
server mode, VTP 17-3
service-provider network, MSTP and RSTP 22-1
service-provider networks
and customer VLANs 20-2
and IEEE 802.1Q tunneling 20-1
Layer 2 protocols across 20-8
Layer 2 protocol tunneling for EtherChannels 20-10
session keys, MKA 12-2
set-request operation 37-4
setup program
failed command switch replacement 55-11
replacing failed command switch 55-9
severity levels, defining in system messages 36-9
SFPs
monitoring status of 55-14
numbering of 15-21
security and identification 55-14
status, displaying 55-14
SGACL 14-2
SGT 14-2
shaped round robin
See SRR
show access-lists hw-summary command 39-23
show and more command output, filtering 2-9
show cluster members command 6-16
show configuration command 15-39
show forward command 55-22
show interfaces command 15-33, 15-39
show interfaces switchport 25-4
show l2protocol command 20-14, 20-16, 20-17
show platform forward command 55-22
show running-config command
displaying ACLs 39-34, 39-36
interface description in 15-39
shutdown command on interfaces 15-55
shutdown threshold for Layer 2 protocol packets 20-12
Simple Network Management Protocol
See SNMP
single session ID 11-35
small form-factor pluggable modules
See SFPs
small-frame arrival rate, configuring 31-5
smart logging 36-1, 36-14
SNAP 30-1
SNMP
accessing MIB variables with 37-4
agent
described 37-4
disabling 37-7
and IP SLAs 47-2
authentication level 37-10
community strings
configuring 37-8
for cluster switches 37-4
overview 37-4
configuration examples 37-17
default configuration 37-6
engine ID 37-7
groups 37-7, 37-9
host 37-7
ifIndex values 37-5
in-band management 1-8
in clusters 6-14
informs
and trap keyword 37-12
described 37-5
differences from traps 37-5
disabling 37-15
enabling 37-15
limiting access by TFTP servers 37-17
limiting system log messages to NMS 36-10
manager functions 1-6, 37-3
managing clusters with 6-17
notifications 37-5
overview 37-1, 37-4
security levels 37-3
setting CPU threshold notification 37-16
status, displaying 37-19
system contact and location 37-16
trap manager, configuring 37-14
traps
described 37-5
differences from informs 37-5
disabling 37-15
enabling 37-12
enabling MAC address notification 7-15, 7-17, 7-18
overview 37-1, 37-4
types of 37-12
users 37-7, 37-9
versions supported 37-2
SNMP and Syslog Over IPv6 45-13
SNMP traps
REP 24-13
SNMPv1 37-2
SNMPv2C 37-2
SNMPv3 37-2
snooping, IGMP 28-2
software compatibility
See stacks, switch
software images
location in flash A-26
recovery procedures 55-2
scheduling reloads 4-24
tar file format, described A-26
See also downloading and uploading
software images in mixed stacks
See the Cisco Software Activation and Compatibility Document
source-and-destination-IP address based forwarding, EtherChannel 42-9
source-and-destination MAC address forwarding, EtherChannel 42-9
source-IP address based forwarding, EtherChannel 42-9
source-MAC address forwarding, EtherChannel 42-8
Source-specific multicast
See SSM
SPAN
and stack changes 34-10
configuration guidelines 34-12
default configuration 34-12
destination ports 34-8
displaying status 34-28
interaction with other features 34-9
monitored ports 34-7
monitoring ports 34-8
overview 1-18, 34-1
ports, restrictions 31-12
received traffic 34-6
session limits 34-12
sessions
configuring ingress forwarding 34-16, 34-23
creating 34-13, 34-25
defined 34-4
limiting source traffic to specific VLANs 34-16
removing destination (monitoring) ports 34-14
specifying monitored ports 34-13, 34-25
with ingress traffic enabled 34-15
source ports 34-7
transmitted traffic 34-6
VLAN-based 34-7
spanning tree and native VLANs 16-17
Spanning Tree Protocol
See STP
SPAN traffic 34-6
split horizon, RIP 44-24
SRR
configuring
shaped weights on egress queues 40-88
shared weights on egress queues 40-89
shared weights on ingress queues 40-81
described 40-15
shaped mode 40-15
shared mode 40-16
support for 1-15, 1-16
SSH
configuring 10-45
described 1-8, 10-44
encryption methods 10-45
switch stack considerations 5-18
user authentication methods, supported 10-45
SSL
configuration guidelines 10-51
configuring a secure HTTP client 10-54
configuring a secure HTTP server 10-52
described 10-48
monitoring 10-54
SSM
address management restrictions 51-16
CGMP limitations 51-16
components 51-14
configuration guidelines 51-16
configuring 51-14, 51-17
differs from Internet standard multicast 51-14
IGMP snooping 51-16
IGMPv3 51-14
IGMPv3 Host Signalling 51-15
IP address range 51-15
monitoring 51-17
operations 51-15
PIM 51-14
state maintenance limitations 51-16
SSM mapping 51-17
configuration guidelines 51-17
configuring 51-17, 51-19
DNS-based 51-18, 51-20
monitoring 51-22
overview 51-18
restrictions 51-18
static 51-18, 51-20
static traffic forwarding 51-21
stack changes
effects on
IPv6 routing 45-15
stack changes, effects on
ACL configuration 39-7
CDP 30-2
cross-stack EtherChannel 42-13
EtherChannel 42-10
fallback bridging 54-3
HSRP 46-5
IEEE 802.1x port-based authentication 11-11
IGMP snooping 28-7
IP routing 44-4
IPv6 ACLs 41-3
MAC address tables 7-14
MSTP 22-8
multicast routing 51-10
MVR 28-18
port security 31-18
SDM template selection 8-4
SNMP 37-1
SPAN and RSPAN 34-10
STP 21-12
switch clusters 6-14
system message log 36-2
VLANs 16-6
VTP 17-8
stacking
and MACsec 12-3
stack master
bridge ID (MAC address) 5-7
defined 5-2
election 5-6
IPv6 45-15
re-election 5-6
See also stacks, switch
stack member
accessing CLI of specific member 5-30
configuring
member number 5-26
priority value 5-26
defined 5-2
displaying information of 5-30
IPv6 45-15
number 5-7
priority value 5-8
provisioning a new member 5-27
replacing 5-16
See also stacks, switch
stack member number 15-20
stack protocol version 5-12
stacks, switch
accessing CLI of specific member 5-30
assigning information
member number 5-26
priority value 5-26
provisioning a new member 5-27
auto-advise 5-13
auto-copy 5-13
auto-extract 5-13
auto-upgrade 5-12
bridge ID 5-7
Catalyst 3750-X-only 5-2
CDP considerations 30-2
compatibility, software 5-11
configuration file 5-16
configuration scenarios 5-19
copying an image file from one member to another A-39
default configuration 5-24
description of 5-2
displaying information of 5-30
enabling persistent MAC address timer 5-24
hardware compatibility and SDM mismatch mode 5-11
HSRP considerations 46-5
in clusters 6-14
incompatible software and image upgrades 5-16, A-39
IPv6 on 45-15
MAC address considerations 7-14
MAC address of 5-24
management connectivity 5-17
managing 5-1
managing mixed
See Catalyst 3750-E and 3750 Switch Stacking Compatibility Guide
membership 5-4
merged 5-5
mixed
hardware 5-2
hardware and software 5-2
software 5-2
with Catalyst 3750-E and 3750 switches 5-2
mixed software images
See Cisco Software Activation and Compatibility Document
MSTP instances supported 21-10
multicast routing, stack master and member roles 51-10
offline configuration
described 5-8
effects of adding a provisioned switch 5-9
effects of removing a provisioned switch 5-11
effects of replacing a provisioned switch 5-11
provisioned configuration, defined 5-8
provisioned switch, defined 5-8
provisioning a new member 5-27
partitioned 5-5, 55-8
provisioned switch
adding 5-9
removing 5-11
replacing 5-11
replacing a failed member 5-16
software compatibility 5-11
software image version 5-11
stack protocol version 5-12
STP
bridge ID 21-3
instances supported 21-10
root port selection 21-3
stack root switch election 21-3
system messages
hostnames in the display 36-1
remotely monitoring 36-2
system prompt consideration 7-7
system-wide configuration considerations 5-17
upgrading A-39
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 5-12
described 5-12
examples 5-13
manual upgrades with auto-advise 5-13
upgrades with auto-extract 5-13
See also stack master and stack member
StackWise Plus technology, Cisco 1-3
See also stacks, switch
standby command switch
configuring
considerations 6-11
defined 6-2
priority 6-10
requirements 6-3
virtual IP address 6-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby ip command 46-6
standby links 25-2
standby router 46-2
standby timers, HSRP 46-10
startup configuration
booting
manually 4-19
specific image 4-20
clearing A-20
configuration file
automatically downloading 4-18
specifying the filename 4-19
default boot configuration 4-18
static access ports
assigning to VLAN 16-9
defined 15-3, 16-3
static addresses
See addresses
static IP routing 1-16
static MAC addressing 1-11
static route primary interface, configuring 49-10
static routes
configuring 44-94
understanding 45-11
static routing 44-3
static routing support, enhanced object tracking 49-10
static SSM mapping 51-18, 51-20
static traffic forwarding 51-21
static VLAN membership 16-2
statistics
802.1X 13-17
CDP 30-5
IEEE 802.1x 11-76
interface 15-54
IP multicast routing 51-63
MKA 12-5
OSPF 44-37
RMON group Ethernet 35-5
RMON group history 35-5
SNMP input and output 37-19
VTP 17-18
sticky learning 31-9
storm control
configuring 31-3
described 31-1
disabling 31-5
support for 1-5
thresholds 31-1
STP
accelerating root port selection 23-4
and REP 24-6
BackboneFast
described 23-7
disabling 23-17
enabling 23-16
BPDU filtering
described 23-3
disabling 23-15
enabling 23-14
BPDU guard
described 23-2
disabling 23-14
enabling 23-13
BPDU message exchange 21-3
configuration guidelines 21-14, 23-12
configuring
forward-delay time 21-24
hello time 21-23
maximum aging time 21-24
path cost 21-21
port priority 21-19
root switch 21-17
secondary root switch 21-18
spanning-tree mode 21-15
switch priority 21-22
transmit hold-count 21-25
counters, clearing 21-25
cross-stack UplinkFast
described 23-5
enabling 23-16
default configuration 21-13
default optional feature configuration 23-12
designated port, defined 21-4
designated switch, defined 21-4
detecting indirect link failures 23-8
disabling 21-16
displaying status 21-25
EtherChannel guard
described 23-10
disabling 23-17
enabling 23-17
extended system ID
effects on root switch 21-17
effects on the secondary root switch 21-18
overview 21-5
unexpected behavior 21-17
features supported 1-9
IEEE 802.1D and bridge ID 21-5
IEEE 802.1D and multicast addresses 21-9
IEEE 802.1t and VLAN identifier 21-5
inferior BPDU 21-3
instances supported 21-10
interface state, blocking to forwarding 23-2
interface states
blocking 21-6
disabled 21-8
forwarding 21-6, 21-7
learning 21-7
listening 21-7
overview 21-5
interoperability and compatibility among modes 21-11
keepalive messages 21-2
Layer 2 protocol tunneling 20-8
limitations with IEEE 802.1Q trunks 21-12
load sharing
overview 16-22
using path costs 16-24
using port priorities 16-22
loop guard
described 23-11
enabling 23-18
modes supported 21-9
multicast addresses, effect of 21-9
optional features supported 1-9
overview 21-2
path costs 16-24, 16-25
Port Fast
described 23-2
enabling 23-12
port priorities 16-23
preventing root switch selection 23-10
protocols supported 21-9
redundant connectivity 21-9
root guard
described 23-10
enabling 23-18
root port, defined 21-3
root port selection on a switch stack 21-3
root switch
configuring 21-17
effects of extended system ID 21-5, 21-17
election 21-3
unexpected behavior 21-17
shutdown Port Fast-enabled port 23-2
stack changes, effects of 21-12
status, displaying 21-25
superior BPDU 21-3
timers, described 21-23
UplinkFast
described 23-3
enabling 23-15
VLAN-bridge 21-12
stratum, NTP 7-2
stub areas, OSPF 44-33
stub routing, EIGRP 44-44
subdomains, private VLAN 19-1
subnet mask 44-7
subnet zero 44-8
success response, VMPS 16-26
summer time 7-6
SunNet Manager 1-6
supernet 44-8
supported port-based authentication methods 11-8
SVI autostate exclude
configuring 15-44
defined 15-6
SVI link state 15-6
SVIs
and IP unicast routing 44-5
and router ACLs 39-5
connecting VLANs 15-15
defined 15-5
routing between VLANs 16-2
switch 45-2
switch clustering technology 6-1
See also clusters, switch
switch console port 1-8
Switch Database Management
See SDM
switched packets, ACLs on 39-41
Switched Port Analyzer
See SPAN
switched ports 15-3
switchport backup interface 25-4, 25-5
switchport block multicast command 31-8
switchport block unicast command 31-8
switchport command 15-30
switchport mode dot1q-tunnel command 20-7
switchport protected command 31-7
switch priority
MSTP 22-22
STP 21-22
switch software features 1-1
switch virtual interface
See SVI
SXP 14-2
synchronization, BGP 44-50
syslog
See system message logging
system capabilities TLV 32-2
system clock
configuring
daylight saving time 7-6
manually 7-4
summer time 7-6
time zones 7-5
displaying the time and date 7-5
overview 7-2
See also NTP
system description TLV 32-2
system message logging
default configuration 36-4
defining error message severity levels 36-9
disabling 36-4
displaying the configuration 36-17
enabling 36-5
facility keywords, described 36-14
level keywords, described 36-10
limiting messages 36-10
message format 36-2
overview 36-1
sequence numbers, enabling and disabling 36-8
setting the display destination device 36-5
stack changes, effects of 36-2
synchronizing log messages 36-6
syslog facility 1-18
time stamps, enabling and disabling 36-8
UNIX syslog servers
configuring the daemon 36-12
configuring the logging facility 36-13
facilities supported 36-14
system MTU
and IS-IS LSPs 44-71
system MTU and IEEE 802.1Q tunneling 20-5
system name
default configuration 7-8
default setting 7-8
manual configuration 7-8
See also DNS
system name TLV 32-2
system prompt, default setting 7-7, 7-8
system resources, optimizing 8-1
system routing
IS-IS 44-67
ISO IGRP 44-67
T
TACACS+
accounting, defined 10-11
authentication, defined 10-11
authorization, defined 10-11
configuring
accounting 10-17
authentication key 10-13
authorization 10-16
login authentication 10-14
default configuration 10-13
displaying the configuration 10-17
identifying the server 10-13
in clusters 6-16
limiting the services to the user 10-16
operation of 10-12
overview 10-10
support for 1-13
tracking services accessed by user 10-17
tagged packets
IEEE 802.1Q 20-3
Layer 2 protocol 20-8
tar files
creating A-7
displaying the contents of A-7
extracting A-8
image file format A-26
TCL script, registering and defining with embedded event manager 38-7
TDR 1-19
Telnet
accessing management interfaces 2-10
number of connections 1-8
setting a password 10-6
templates, SDM 8-2
temporary self-signed certificate 10-49
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 10-6
ternary content addressable memory 55-26
TFTP
configuration files
downloading A-12
preparing the server A-11
uploading A-13
configuration files in base directory 4-8
configuring for autoconfiguration 4-7
image files
deleting A-30
downloading A-28
preparing the server A-28
uploading A-30
limiting access by servers 37-17
TFTP server 1-7
threshold, traffic level 31-2
threshold monitoring, IP SLAs 47-6
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 39-18
time ranges in ACLs 39-18
time stamps in log messages 36-8
time zones 7-5
TLVs
defined 32-2
LLDP 32-2
LLDP-MED 32-2
Token Ring VLANs
support for 16-5
VTP support 17-5
ToS 1-15
traceroute, Layer 2
and ARP 55-17
and CDP 55-17
broadcast traffic 55-16
described 55-16
IP addresses and subnets 55-17
MAC addresses and VLANs 55-17
multicast traffic 55-17
multiple devices on a port 55-17
unicast traffic 55-16
usage guidelines 55-17
traceroute command
See also IP traceroute
tracked lists
configuring 49-3
types 49-3
tracked objects
by Boolean expression 49-4
by threshold percentage 49-6
by threshold weight 49-5
tracking interface line-protocol state 49-2
tracking IP routing state 49-2
tracking objects 49-1
tracking process 49-1
track state, tracking IP SLAs 49-9
traffic
blocking flooded 31-8
fragmented 39-6
fragmented IPv6 41-2
unfragmented 39-6
traffic policing 1-15
traffic suppression 31-1
transmit hold-count
see STP
transparent mode, VTP 17-4
trap-door mechanism 4-2
traps
configuring MAC address notification 7-15, 7-17, 7-18
configuring managers 37-12
enabling 7-15, 7-17, 7-18, 37-12
notification types 37-12
overview 37-1, 37-4
troubleshooting
connectivity problems 55-15, 55-16, 55-18
CPU utilization 55-29
detecting unidirectional links 33-1
displaying crash information 55-24
PIMv1 and PIMv2 interoperability problems 51-35
setting packet forwarding 55-22
SFP security and identification 55-14
show forward command 55-22
with CiscoWorks 37-4
with debug commands 55-20
with ping 55-15
with system message logging 36-1
with traceroute 55-18
trunk failover
See link-state tracking
trunking encapsulation 1-10
trunk ports
configuring 16-18
defined 15-4, 16-3
encapsulation 16-18, 16-23
trunks
allowed-VLAN list 16-19
configuring 16-18, 16-23
ISL 16-15
load sharing
setting STP path costs 16-24
using STP port priorities 16-22, 16-23
native VLAN for untagged traffic 16-21
parallel 16-24
pruning-eligible list 16-20
to non-DTP device 16-15
trusted boundary for QoS 40-45
trusted port states
between QoS domains 40-47
classification options 40-5
ensuring port security for IP phones 40-45
support for 1-15
within a QoS domain 40-43
trustpoints, CA 10-49
tunneling
defined 20-1
IEEE 802.1Q 20-1
Layer 2 protocol 20-8
tunnel ports
described 15-4, 20-2
IEEE 802.1Q, configuring 20-7
incompatibilities with other features 20-6
twisted-pair Ethernet, detecting unidirectional links 33-1
type of service
See ToS
U
UDLD
configuration guidelines 33-4
default configuration 33-4
disabling
globally 33-5
on fiber-optic interfaces 33-5
per interface 33-6
echoing detection mechanism 33-3
enabling
globally 33-5
per interface 33-6
Layer 2 protocol tunneling 20-11
link-detection mechanism 33-1
neighbor database 33-2
overview 33-1
resetting an interface 33-6
status, displaying 33-7
support for 1-9
UDP, configuring 44-16
UDP jitter, configuring 47-9
UDP jitter operation, IP SLAs 47-8
unauthorized ports with IEEE 802.1x 11-10
unicast MAC address filtering 1-7
and adding static addresses 7-21
and broadcast MAC addresses 7-21
and CPU packets 7-21
and multicast addresses 7-21
and router MAC addresses 7-21
configuration guidelines 7-21
described 7-21
unicast storm 31-1
unicast storm control command 31-4
unicast traffic, blocking 31-8
UniDirectional Link Detection protocol
See UDLD
universal software image 1-1
feature set
IP base 1-1, 1-2
IP services 1-2
UNIX syslog servers
daemon configuration 36-12
facilities supported 36-14
message logging configuration 36-13
unrecognized Type-Length-Value (TLV) support 17-5
upgrading software images
See downloading
UplinkFast
described 23-3
disabling 23-16
enabling 23-15
support for 1-9
uploading
configuration files
preparing A-11, A-14, A-17
reasons for A-9
using FTP A-16
using RCP A-19
using TFTP A-13
image files
preparing A-28, A-31, A-36
reasons for A-25
using FTP A-34
using RCP A-38
using TFTP A-30
USB flash devices 15-18
USB inactivity timer 15-18
USB port
mini-type B 15-16
USB ports 15-16
USB Type A port 1-8
USB type A port 15-18
User Datagram Protocol
See UDP
username-based authentication 10-6
Using Memory Consistency Check Routines 55-26
V
VACLs
logging
configuration example 39-40
version-dependent transparent mode 17-5
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 5-12
described 5-12
displaying 5-12
manual upgrades with auto-advise 5-13
upgrades with auto-extract 5-13
virtual IP address
cluster standby group 6-11
command switch 6-11
virtual ports, MKA 12-3
Virtual Private Network
See VPN
virtual router 46-1, 46-2
virtual switches and PAgP 42-6
vlan.dat file 16-4
VLAN 1
disabling on a trunk port 16-20
minimization 16-19
VLAN ACLs
See VLAN maps
vlan-assignment response, VMPS 16-26
VLAN blocking, REP 24-12
VLAN configuration
at bootup 16-7
saving 16-7
VLAN database
and startup configuration file 16-7
and VTP 17-1
VLAN configuration saved in 16-6
VLANs saved in 16-4
vlan dot1q tag native command 20-5
VLAN filtering and SPAN 34-8
vlan global configuration command 16-6
VLAN ID, discovering 7-24
VLAN link state 15-6
VLAN load balancing
REP 24-4
VLAN load balancing, triggering 24-5
VLAN load balancing on flex links
configuration guidelines 25-8
described 25-2
VLAN management domain 17-2
VLAN Management Policy Server
See VMPS
VLAN map entries, order of 39-33
VLAN maps
applying 39-36
common uses for 39-36
configuration guidelines 39-33
configuring 39-32
creating 39-34
defined 39-3
denying access to a server example 39-38
denying and permitting packets 39-34
displaying 39-45
examples of ACLs and VLAN maps 39-34
removing 39-36
support for 1-11
wiring closet configuration example 39-37
VLAN membership
confirming 16-29
modes 16-3
VLAN Query Protocol
See VQP
VLANs
adding 16-8
adding to VLAN database 16-8
aging dynamic addresses 21-9
allowed on trunk 16-19
and spanning-tree instances 16-3, 16-6, 16-11
configuration guidelines, extended-range VLANs 16-11
configuration guidelines, normal-range VLANs 16-5
configuring 16-1
configuring IDs 1006 to 4094 16-11
connecting through SVIs 15-15
customer numbering in service-provider networks 20-3
default configuration 16-7
deleting 16-9
described 15-2, 16-1
displaying 16-14
extended-range 16-1, 16-10
features 1-10
illustrated 16-2
internal 16-11
in the switch stack 16-6
limiting source traffic with RSPAN 34-20
limiting source traffic with SPAN 34-16
modifying 16-8
multicast 28-17
native, configuring 16-21
normal-range 16-1, 16-4
number supported 1-10
parameters 16-4
port membership modes 16-3
static-access ports 16-9
STP and IEEE 802.1Q trunks 21-12
supported 16-2
Token Ring 16-5
traffic between 16-2
VLAN-bridge STP 21-12, 54-2
VTP modes 17-3
VLAN Trunking Protocol
See VTP
VLAN trunks 16-14
VMPS
administering 16-30
configuration example 16-31
configuration guidelines 16-27
default configuration 16-27
description 16-25
dynamic port membership
described 16-26
reconfirming 16-29
troubleshooting 16-31
entering server address 16-28
mapping MAC addresses to VLANs 16-26
monitoring 16-30
reconfirmation interval, changing 16-29
reconfirming membership 16-29
retry count, changing 16-30
voice aware 802.1x security
port-based authentication
configuring 11-42
described 11-34, 11-42
voice-over-IP 18-1
voice VLAN
Cisco 7960 phone, port connections 18-1
configuration guidelines 18-3
configuring IP phones for data traffic
override CoS of incoming frame 18-6
trust CoS priority of incoming frame 18-6
configuring ports for voice traffic in
802.1p priority tagged frames 18-5
IEEE 802.1Q frames 18-5
connecting to an IP phone 18-4
default configuration 18-3
described 18-1
displaying 18-7
IP phone data traffic, described 18-2
IP phone voice traffic, described 18-2
VPN
configuring routing in 44-85
forwarding 44-79
in service provider networks 44-76
routes 44-77
VPN routing and forwarding table
See VRF
VQP 1-10, 16-25
VRF
defining 44-79
tables 44-76
VRF-aware services
ARP 44-81
configuring 44-81
ftp 44-84
HSRP 44-82
ping 44-82
RADIUS 44-83
SNMP 44-82
syslog 44-83
tftp 44-84
traceroute 44-84
uRPF 44-83
VRFs, configuring multicast 44-85
VTP
adding a client to a domain 17-17
advertisements 16-17, 17-4
and extended-range VLANs 16-2, 17-2
and normal-range VLANs 16-2, 17-2
client mode, configuring 17-13
configuration
requirements 17-11
saving 17-9
configuration requirements 17-11
configuration revision number
guideline 17-17
resetting 17-17
consistency checks 17-5
default configuration 17-9
described 17-1
domain names 17-9
domains 17-2
Layer 2 protocol tunneling 20-8
modes
client 17-3
off 17-4
server 17-3
transitions 17-3
transparent 17-4
monitoring 17-18
passwords 17-10
pruning
disabling 17-16
enabling 17-16
examples 17-7
overview 17-6
support for 1-10
pruning-eligible list, changing 16-20
server mode, configuring 17-11, 17-14
statistics 17-18
support for 1-10
Token Ring support 17-5
transparent mode, configuring 17-12
using 17-1
Version
enabling 17-15
version, guidelines 17-10
Version 1 17-5
Version 2
configuration guidelines 17-10
overview 17-5
Version 3
overview 17-5
W
WCCP
authentication 50-3
configuration guidelines 50-5
default configuration 50-5
described 50-2
displaying 50-10
dynamic service groups 50-3
enabling 50-6
features unsupported 50-5
forwarding method 50-3
Layer-2 header rewrite 50-3
MD5 security 50-3
message exchange 50-2
monitoring and maintaining 50-10
negotiation 50-3
packet redirection 50-3
packet-return method 50-3
redirecting traffic received from a client 50-6
setting the password 50-7
unsupported WCCPv2 features 50-5
web authentication 11-15
configuring 13-16 to ??
described 1-11
web-based authentication
customizeable web pages 13-6
description 13-1
web-based authentication, interactions with other features 13-7
Web Cache Communication Protocol
See WCCP
weighted tail drop
See WTD
weight thresholds in tracked lists 49-5
wired location service
configuring 32-10
displaying 32-11
location TLV 32-3
understanding 32-3
wizards 1-3
WTD
described 40-15
setting thresholds
egress queue-sets 40-84
ingress queues 40-80
support for 1-15