- Index
- Preface
- Product Overview
- Command-Line Interfaces
- Configuring the Switch for the First Time
- Configuring Interfaces
- Checking Port Status and Connectivity
- Configuring Supervisor Engine Redundancy Using RPR and SSO
- Environmental Monitoring and Power Management
- Configuring Power over Ethernet
- Configuring Switches with Web-based Tools
- Understanding and Configuring VLANs
- Configuring Layer 2 Ethernet Interfaces
- Configuring SmartPort Macros
- Understanding and Configuring STP
- Configuring STP Features
- Understanding and Configuring Multiple Spanning Trees
- Understanding and Configuring EtherChannel
- Configuring IGMP Snooping and Filtering
- Configuring 802.1Q and Layer 2 Protocol Tunneling
- Understanding and Configuring CDP
- Configuring UDLD
- Configuring Unidirectional Ethernet
- Configuring Layer 3 Interfaces
- Configuring Cisco Express Forwarding
- Understanding and Configuring IP Multicast
- Configuring Policy-Based Routing
- Configuring VRF-lite
- Configuring QoS
- Configuring Voice Interfaces
- Understanding and Configuring 802.1X Port-Based Authentication
- Configuring Port Security
- Configuring DHCP Snooping and IP Source Guard
- Understanding and Configuring Dynamic ARP Inspection
- Configuring Network Security with ACLs
- Configuring Private VLANs
- Port Unicast and Multicast Flood Blocking
- Configuring Port-Based Traffic Control
- Configuring SPAN and RSPAN
- Configuring NetFlow Statistics Collection
- Acronyms
Index
Numerics
10/100 autonegotiation feature, forced4-7
802.10 SAID (default)10-4
802.1Q
trunks13-6
tunneling
compatibility with other features18-5
defaults18-4
described18-2
tunnel ports with other features18-6
802.1Q VLANs
encapsulation11-3
trunk restrictions11-5
802.1s
802.1w
802.1X
802.1X authentication
for guest VLANs29-6
RADIUS accounting29-8
with port security29-7
with VLAN assignment29-5
with voice VLAN ports29-11
802.3ad
A
abbreviating commands2-5
access control entries
access list filtering, SPAN enhancement37-13
access ports
and Layer 2 protocol tunneling18-9
configuring11-8
access VLANs11-6
accounting
configuring for 802.1X29-18
ACEs
ACLs33-2
Ethernet33-2
IP33-2
Layer 4 operation restrictions33-8
ACLs
ACEs33-2
and SPAN37-5
and TCAM programming33-6
applying on routed packets33-21
applying on switched packets33-20
compatibility on the same switch33-3
configuring with VLAN maps33-20
CPU impact33-9
hardware and software support33-5
IP, matching criteria for port ACLs33-4
MAC extended33-11
matching criteria for router ACLs33-3
port
and voice VLAN33-4
defined33-2
limitations33-4
processing33-9
types supported33-2
acronyms, list ofA-1
active queue management27-14
adding members to a community9-10
addresses
adjacency tables
description23-2
displaying statistics23-9
advertisements, VTP
alarms
major7-2
minor7-2
asymmetrical links, and 802.1Q tunneling18-4
audiencexxi
authentication
See also port-based authentication
authentication server
defined29-3
RADIUS server29-3
authorized and unauthorized ports29-4
authorized ports with 802.1X29-4
autoconfiguration3-2
automatic discovery
considerations9-9
automatic QoS
autonegotiation feature
forced 10/100Mbps4-7
Auto-QoS
configuring27-17
auto-sync command6-8
B
BackboneFast
adding a switch (figure)14-2
and MST15-2
configuring14-15
link failure (figure)14-7, 14-8
not supported MST15-2
understanding14-6
BGP1-8
routing session with multi-VRF CE26--6
blocking packets35-1
blocking state (STP)
RSTP comparisons (table)15-4
boot bootldr command3-24
boot command3-21
boot fields
See configuration register boot fields
boot system flash command3-21
Border Gateway Protocol
boundary ports
description15-6
BPDU Guard
and MST15-2
configuring14-12
overview14-4
BPDUs
and media speed13-2
pseudobridges and15-5
what they contain13-3
bridge ID
bridge priority (STP)13-16
bridge protocol data units
broadcast storm control
disabling36-4
BSR
configuration example24-21
burst rate27-48
burst size27-28
C
candidates
automatic discovery9-9
candidate switch, cluster
defined9-13
requirements9-13
cautions for passwords
encrypting3-16
TACACS+3-15
CDP
and trusted boundary27-26
configuration19-2
displaying configuration19-3
enabling on interfaces19-3
Layer 2 protocol tunneling18-7
maintaining19-3
monitoring19-3
CDP, automatic discovery in communities9-9
cdp enable command19-3
CEF
adjacency tables23-2
configuring load balancing23-7
displaying statistics23-8
enabling23-6
hardware switching23-4
load balancing23-6
overview23-1
software switching23-4
CGMP
overview17-1
channel-group group command16-7, 16-10
Cisco Discovery Protocol
Cisco Express Forwarding
Cisco Group Management Protocol
Cisco IOS NSF-awareness support6-2
Cisco IP Phones
configuring28-2
Cisco IP phones
sound quality28-1
CIST
description15-2
class-map command27-29
class of service
clear cdp counters command19-4
clear cdp table command19-3
clear counters command4-14
clearing
IP multicast table entries24-20
clear ip flow stats command38-9
CLI
accessing2-1
backing out one level2-5
getting commands2-5
history substitution2-3
managing clusters9-14
modes2-5
monitoring environments37-1
ROM monitor2-6
software basics2-4
clients
in 802.1X authentication29-2
clustering switches
command switch characteristics9-13
and VTY9-13
convert to a community9-11
managing
through CLI9-14
overview9-12
planning considerations
CLI9-14
passwords9-10
command-line processing2-3
command modes2-5
commands
listing2-5
command switch, cluster
requirements9-13
common and internal spanning tree
common spanning tree
community of switches
access modes in Network Assistant9-10
adding devices9-10
candidate characterisitcs9-8
communication protocols9-10
community name9-9
configuration information9-10
converting from a cluster9-11
host name9-9
passwords9-10
community ports
description34-1
community VLANs
and SPAN features34-4
configure as a PVLAN34-5
description34-1
config-register command3-22
config terminal command3-9
configuration files
obtaining with DHCP3-6
saving3-10
configuration register
boot fields
listing value3-22
modifying3-21
configuring3-19
settings at startup3-20
configure terminal command3-22, 4-2
console configuration mode2-5
console port
disconnecting user sessions5-5
monitoring user sessions5-4
copy running-config startup-config command3-10
copy system:running-config nvram:startup-config command3-24
CoS
configuring port value27-45
definition27-3
figure27-2
overriding on Cisco IP Phones28-3
priority28-3
CoS-to-DSCP maps27-49
counters
clearing MFIB24-20
clearing on interfaces4-14
CPU port sniffing37-10
CST
description15-5
IST and15-2
MST and15-2
customer edge devices26--2
D
default configuration
802.1X29-13
auto-QoS27-17
IGMP filtering17-17
Layer 2 protocol tunneling18-9
multi-VRF CE26--3
SPAN and RSPAN37-6
default gateway
configuring3-11
verifying configuration3-11
default ports
and support for 802.1X authentication29-14
description command4-9
detecting unidirectional links20-1
DHCP-based autoconfiguration
client request message exchange3-3
configuring
client side3-2
DNS3-5
relay device3-5
server-side3-3
TFTP server3-4
example3-7
lease options
for IP address information3-4
for receiving the configuration file3-4
overview3-2
relationship to BOOTP3-2
DHCP snooping
configuring31-3
default configuration31-3
displaying binding tables31-10
displaying configuration31-11
enabling31-4
enabling on private VLAN31-6
enabling the database agent31-6
overview31-1
Snooping database agent31-2
DHCP Snooping Database Agent
adding to the database (example)31-9
enabling (example)31-7
overview31-2
reading from a TFTP file (example)31-8
Differentiated Services Code Point values
DiffServ architecture, QoS27-2
disabled state
RSTP comparisons (table)15-4
disabling
broadcast storm control36-4
disconnect command5-5
discovery, clusters
DNS
and DHCP-based autoconfiguration3-5
documentation
organizationxxi
relatedxxiii
double-tagged packets
802.1Q tunneling18-2
Layer 2 protocol tunneling18-9
drop threshold for Layer 2 protocol packets18-9
DSCP maps27-49
DSCP-to-CoS maps
configuring27-51
DSCP values
configuring maps27-49
configuring port value27-45
definition27-4
IP precedence27-2
mapping markdown27-24
mapping to transmit queues27-47
DTP
VLAN trunks and11-3
duplex command4-8
duplex mode
configuring interface4-7
dynamic ARP inspection
ARP cache poisoning32-2
configuring
ACLs for non-DHCP environments32-10
in DHCP environments32-5
log buffer32-14
rate limit for incoming ARP packets32-16
denial-of-service attacks, preventing32-16
interface trust state, security coverage32-3
log buffer
configuring32-14
logging of dropped packets32-4
logging of dropped packets, described32-4
overview32-1
port channels, their behavior32-4
priority of static bindings32-4
purpose of32-2
rate limiting of ARP packets32-4
configuring32-16
validation checks, performing32-18
Dynamic Host Configuration Protocol snooping
dynamic port VLAN membership
example10-26
limit on hosts10-25
reconfirming10-23
troubleshooting10-25
Dynamic Trunking Protocol
E
EAP frame
request/identity29-3
response/identity29-3
EAP frames
changing retransmission time29-23
exchanging (figure)29-4
setting retransmission number29-24
EAPOL frames
802.1X authentication and29-2
OTP authentication, example (figure)29-4
start29-3
edge ports
description15-7
EGP
overview1-8
EIGRP
overview1-7
Embedded CiscoView
displaying information9-23
installing and configuring9-21
overview9-20
enable mode2-5
encapsulation types11-3
Enhanced Interior Gateway Routing Protocol
environmental monitoring
LED indications7-2
SNMP traps7-2
supervisor engine7-2
switching modules7-2
using CLI commands7-1
EtherChannel
channel-group group command16-7, 16-10
configuration guidelines16-5
configuring Layer 216-9
configuring Layer 316-6
interface port-channel command16-7
lacp system-priority
command example16-12
modes16-3
overview16-1
PAgP
Understanding16-3
physical interface configuration16-7
port-channel interfaces16-2
port-channel load-balance command16-12
ports, 802.1X authentication not supported in29-14
removing16-14
removing interfaces16-13
explicit host tracking
enabling17-8
extended range VLANs
Extensible Authentication Protocol over LAN29-2
Exterior Gateway Protocol
F
FastDrop
clearing entries24-20
displaying entries24-19
overview24-10
FIB
description23-2
filtering
in a VLAN33-12
non-IP traffic33-11
flags24-11
Flash memory
configuring router to boot from3-24
loading system images from3-23
security precautions3-23
flooded traffic, blocking35-2
forward-delay time (STP)
configuring13-18
forwarding information base
G
gateway
global configuration mode2-5
Guest-VLANs
configure with 802.1X29-18, 29-21
H
hardware and software ACL support33-5
hardware switching23-5
hello time (STP)
configuring13-17
history
CLI2-3
hop counts
configuring MST bridges15-7
host
configuring host statically17-8
limit on dynamic port10-25
Hot Standby Routing Protocol
HSRP
description1-6
hw-module module num power command7-16
I
ICMP
enabling5-10
ping5-5
running IP traceroute5-7
time exceeded messages5-7
IDS
using with SPAN and RSPAN37-2
IEEE 802.1s
IEEE 802.1w
IEEE 802.3ad
IGMP
description24-3
enabling24-13
explicit host tracking17-3, 17-8
immediate-leave processing17-3
overview17-1
IGMP filtering
configuring17-17
default configuration17-17
described17-16
monitoring17-20
IGMP groups
setting the maximum number17-19
IGMP profile
applying17-18
configuration mode17-17
configuring17-17
IGMP snooping
configuration guidelines17-4
enabling17-5
IP multicast and24-4
monitoring17-11
overview17-1
IGRP
description1-7
immediate-leave processing
enabling17-7
IGMP
ingress packets, SPAN enhancement37-12
inline power
configuring on Cisco IP phones28-4
Intelligent Power Management8-5
interface port-channel command16-7
interface range command4-4
interface range macro command4-5
interfaces
adding descriptive name4-9
clearing counters4-14
configuring4-2
configuring ranges4-4
displaying information about4-13
Layer 2 modes11-4
maintaining4-13
monitoring4-13
naming4-9
numbers4-2
overview4-1
restarting4-14
Interior Gateway Routing Protocol
Internet Control Message Protocol
Internet Group Management Protocol
Inter-Switch Link encapsulation
Intrusion Detection System
IP
configuring default gateway3-11
configuring static routes3-11
displaying statistics23-8
flow switching cache38-9
IP addresses
cluster candidate or member9-13
cluster command switch9-13
ip cef command23-6
ip flow-aggregation cache destination-prefix command38-11
ip flow-aggregation cache prefix command38-11
ip flow-aggregation cache source-prefix command38-11
ip flow-export command38-9
ip icmp rate-limit unreachable command5-11
ip igmp profile command17-17
ip igmp snooping tcn flood command17-10
ip igmp snooping tcn flood query count command17-10
ip igmp snooping tcn query solicit command17-11
IP information
assigned
through DHCP-based autoconfiguration3-2
ip load-sharing per-destination command23-7
ip local policy route-map command25-5
ip mask-reply command5-12
IP multicast
clearing table entries24-20
configuring24-12
default configuration24-13
displaying PIM information24-15
displaying the routing table information24-16
enabling24-13
enabling dense-mode PIM24-14
enabling sparse-mode24-14
features not supported24-12
hardware forwarding24-8
monitoring24-15
overview24-1
routing protocols24-2
software forwarding24-8
See also Auto-RP; IGMP; PIM; RP; RPF
ip multicast-routing command24-13
IP phones
automatic classification and queueing27-17
configuring voice ports28-2
See Cisco IP Phones28-1
trusted boundary for QoS27-25
ip pim command24-14
ip pim dense-mode command24-14
ip pim sparse-dense-mode command24-15
ip policy route-map command25-4
ip redirects command5-11
ip route-cache flow command38-7
IP routing tables
deleting entries24-20
IP Source Guard
configuring31-12
configuring on private VLANs31-13
overview31-11
IP statistics
displaying23-8
IP traceroute
executing5-7
overview5-7
IP unicast
displaying statistics23-8
ip unreachables command5-10
IPX
redistribution of route information with EIGRP1-7
ISL
encapsulation11-3
trunking with 802.1Q tunneling18-4
isolated ports
description34-1
isolated VLANs
description34-1
IST
description15-2
master15-7
MST regions and15-2
J
jumbo frames
and ethernet ports4-11
configuring MTU sizes for4-12
ports and linecards that support4-10
VLAN interfaces4-11
K
keyboard shortcuts2-3
L
l2protocol-tunnel command18-11
labels
definition27-3
LACP
system ID16-4
Layer 2 access ports11-8
Layer 2 frames
classification with CoS27-2
Layer 2 interfaces
assigning VLANs10-8
configuring11-5
configuring as PVLAN host ports34-8
configuring as PVLAN promiscuous ports34-7
configuring as PVLAN trunk ports34-9
defaults11-5
disabling configuration11-9
modes11-4
show interfaces command11-7
Layer 2 interface type
resetting34-12
setting34-12
Layer 2 protocol tunneling
configuring18-9
default configuration18-9
defined18-7
guidelines18-10
Layer 2 switching
overview11-1
Layer 2 Traceroute
and ARP5-9
and CDP5-8
described5-8
host-to-host paths5-8
IP addresses and subnets5-9
MAC addresses and VLANs5-9
multicast traffic5-9
multiple devices on a port5-9
usage guidelines5-8
Layer 2 trunks
configuring11-6
overview11-3
Layer 3 packets
classification methods27-2
Layer 4 port operations
configuration guidelines33-8
restrictions33-8
LEDs
description (table)7-2
listening state (STP)
RSTP comparisons (table)15-4
load balancing
configuring for CEF23-7
configuring for EtherChannel16-12
per-destination23-7
login timer
changing5-4
logoutwarning command5-4
loop guard
and MST15-2
configuring14-9
overview14-2
M
MAC addresses
allocating13-5
building tables11-2
convert dynamic to sticky secure30-2
displaying5-3
displaying in DHCP snooping binding table31-11
in ACLs33-11
sticky30-2
sticky secure, adding30-2
MAC extended access lists33-11
macros
main-cpu command6-8
mapping
DSCP markdown values27-24
DSCP values to transmit queues27-47
mapping tables
configuring DSCP27-49
described27-14
mask destination command38-11
mask source command38-11
match ip address command25-3
maximum aging time (STP)
configuring13-18
members
automatic discovery9-9
member switch
managing9-14
member switch, cluster
defined9-13
requirements9-13
metro tags18-2
MFIB
CEF24-5
displaying24-18
overview24-11
modules
checking status5-1
powering down7-16
monitoring
802.1Q tunneling18-12
ACL information33-28
IGMP filters17-20
IGMP snooping17-11
Layer 2 protocol tunneling18-12
multi-VRF CE26--11
tunneling18-12
VLAN filters33-19
VLAN maps33-19
M-record15-2
MST
and multiple spanning trees1-3, 15-2
boundary ports15-6
BPDUs15-2
configuration parameters15-5
configuring15-9
displaying configurations15-13
edge ports15-7
enabling15-9
hop count15-7
instances
configuring parameters15-12
description15-2
number supported15-5
interoperability with PVST+15-2
link type15-7
master15-7
message age15-7
restrictions15-8
to-SST interoperability15-4
MSTP
M-record15-2
M-tree15-2
M-tree15-2
MTU size
configuring4-12
default10-4
multicast
multicast packets
blocking35-2
multicast routers
displaying routing tables24-16
flood suppression17-9
Multicast Storm Control
overview36-6
suppression on WS-X401436-7
suppression on WS-X401636-6
multiple forwarding paths1-3, 15-2
Multiple Spanning Tree
multiple VPN routing/forwarding
multi-VRF CE
components26--3
configuration example26--7
default configuration26--3
defined26--1
displaying26--11
monitoring26--11
network components26--3
packet-forwarding process26--3
N
native VLAN
and 802.1Q tunneling18-4
specifying11-6
NetFlow
aggregation
minimum mask,default value38-11
destination-prefix aggregation
configuration (example)38-16
minimum mask, configuring38-11
IP
flow switching cache38-9
prefix aggregation
configuration (example)38-14
minimum mask, configuring38-11
source-prefix aggregation
minimum mask, configuring38-11
switching
checking for required hardware38-6
configuration (example)38-12
configuring switched IP flows38-8
enabling Collection38-7
exporting cache entries38-9
statistics38-9
NetFlow statistics
caveats on supervisor38-6
checking for required hardware38-6
configuring collection38-6
enabling Collection38-7
exporting cache entries38-9
overview of collection38-1
switched/bridged IP flows38-8
Network Assistant
and VTY9-13
configure
enable communication with switch9-15, 9-17
connect to a device9-7
default configuration9-4
installation requirements9-2
installing9-5
launch9-6
overview of CLI commands9-4
software and hardware requirements9-2
network fault tolerance1-3, 15-2
network management
configuring19-1
Next Hop Resolution Protocol
NFFC/NFFC II
IGMP snooping and17-4
NHRP
support1-8
non-IP traffic filtering33-11
non-RPF traffic
description24-9
in redundant configurations (figure)24-10
nonvolatile random-access memory
normal-range VLANs
NSF-awareness support6-2
NVRAM
saving settings3-10
O
OIR
overview4-13
online insertion and removal
Open Shortest Path First
operating system images
OSPF
area concept1-7
description1-6
P
packets
modifying27-16
software processed
and QoS27-16
packet type filtering
overview37-14
SPAN enhancement37-14
PAgP
understanding16-3
passwords
configuring enable password3-14
configuring enable secret password3-14
encrypting3-15
recovering lost enable password3-18
setting line password3-14
setting TACACS+3-15
passwords in clusters9-10
PBR (policy-based routing)
configuration (example)25-5
enabling25-3
features25-2
overview25-1
route maps25-2
when to use25-2
per-port and VLAN Access Control List31-11
per-port per-VLAN QoS
enabling27-40
overview27-16
Per-VLAN Rapid Spanning Tree13-6
enabling13-20
overview13-6
PE to CE routing, configuring26--6
PIM
configuring dense mode24-14
configuring sparse mode24-14
displaying information24-15
displaying statistics24-20
enabling sparse-dense mode24-14, 24-15
overview24-3
PIM-DM24-3
PIM-SM24-3
ping
executing5-6
overview5-5
PoE8-7
configuring power consumption for single device8-4
configuring power consumption for switch8-4
power consumption for powered devices
Intelligent Power Management8-5
overview8-3
supported cabling topology8-5
powering down a module7-16
power management modes8-2
show interface status8-6
point-to-point
in 802.1X authentication (figure)29-2, 29-9
police command27-33
policed-DSCP map27-50
policers
description27-5
types of27-10
policies
policing
policy-map command27-30, 27-32
policy maps
attaching to interfaces27-35
configuring27-31
port ACLs
and voice VLAN33-4
defined33-2
limitations33-4
Port Aggregation Protocol
port-based authentication
802.1X with voice VLAN29-11
changing the quiet period29-22
client, defined29-2
configuration guidelines29-14
configure 802.1X accounting29-18
configure switch-to-RADIUS server communication29-16
configure with Guest-VLANs29-18, 29-21
configuring Guest-VLAN29-16
configuring manual re-authentication of a client29-22
controlling authorization state29-4
default configuration29-13
described29-2
device roles29-2
disabling29-15
displaying statistics29-25
enabling29-14
enabling multiple hosts29-24
enabling periodic re-authentication29-21
encapsulation29-2
initiation and message exchange29-3
method lists29-14
ports not supported29-4
resetting to default values29-25
setting retransmission number29-24
setting retransmission time29-23
topologies, supported29-11
using with port security29-7
with VLAN assignment29-5
port-based QoS features
port-channel interfaces
creating16-6
overview16-2
port-channel load-balance
command16-12
command example16-12
port-channel load-balance command16-12
port cost (STP)
configuring13-15
PortFast
and MST15-2
BPDU filter, configuring14-12
configuring or enabling14-11
overview14-3
PortFast BPDU filtering
and MST15-2
enabling14-12
overview14-4
port priority
configuring MST instances15-12
configuring STP13-13
ports
blocking35-1
checking status5-2
community34-1
dynamic VLAN membership
example10-26
reconfirming10-23
forwarding, resuming35-3
isolated34-1
PVLAN types34-1
secure30-1
port security
aging30-9
and QoS trusted boundary27-25
configuring30-4
configuring trunk port security30-7
default configuration30-3
described30-1
displaying30-11
RADIUS accounting29-8
sticky learning30-2
using with 802.1X29-7
violations30-2
with other features30-3
port states
description13-5
port trust state
power
inline28-4
power dc input command7-11
power inline command8-2
power inline consumption command8-4
power management
1+1 redundancy mode7-13
2+1 redundancy mode7-13
Catalyst 4006 switch7-12
Catalyst 4500 series7-4
Catalyst 4500 Series power supplies7-10
Catalyst 4948 series7-3
combined mode7-5
configuring combined mode7-9
configuring redundant mode7-8
overview7-1
redundancy7-12
redundant mode7-5
power redundancy
setting on Catalyst 40067-15
power redundancy-mode command7-8
power supplies
fixed7-4
power supplies required command7-15
primary VLANs
associating with secondary VLANs34-6
configuring as a PVLAN34-5
description34-1
priority
overriding CoS of incoming frames28-3
privileged EXEC mode2-5
privileges
changing default3-17
configuring levels3-16
exiting3-17
logging in3-17
promiscuous ports
configuring PVLAN34-7
description34-1
setting mode34-12
protocol timers13-4
provider edge devices26--2
pruning, VTP
pseudobridges
description15-5
PVACL31-11
PVID (port VLAN ID)
and 802.1X with voice VLAN ports29-11
PVLANs
802.1q support34-5
configuration guidelines34-3
configuring34-3
configuring a VLAN34-5
configuring promiscuous ports34-7
host ports
configuring a Layer 2 interface34-8
setting34-12
isolated VLANs34-1
overview34-1
permitting routing, example34-11
promiscuous mode
setting34-12
setting
interface mode34-12
Q
QoS
allocating bandwidth27-47
and software processed packets27-16
auto-QoS
configuration and defaults display27-20
configuration guidelines27-18
described27-17
displaying27-20
effects on NVRAM configuration27-18
enabling for VoIP27-19
basic model27-5
burst size27-28
configuration guidelines27-25
auto-QoS27-18
configuring
auto-QoS27-17
DSCP maps27-49
traffic shaping27-48
trusted boundary27-25
VLAN-based27-43
configuring UBRL27-36
creating policing rules27-29
default auto configuration27-17
default configuration27-23
definitions27-3
disabling on interfaces27-35
enabling and disabling27-42
enabling on interfaces27-35
enabling per-port per-VLAN27-40
IP phones
automatic classification and queueing27-17
detection and trusted settings27-17, 27-25
overview27-1
overview of per-port per-VLAN27-16
packet modification27-16
port-based27-43
priority27-15
traffic shaping27-15
transmit rate27-48
trust states
trusted device27-25
VLAN-based27-43
See also COS; DSCP values; transmit queues
QoS active queue management
tracking queue length27-14
QoS labels
definition27-3
QoS mapping tables
CoS-to-DSCP27-49
DSCP-to-CoS27-51
policed-DSCP27-50
types27-14
QoS marking
description27-5
QoS policers
burst size27-28
types of27-10
QoS policing
definition27-5
QoS policy
attaching to interfaces27-11
overview of configuration27-29
QoS transmit queues
allocating bandwidth27-47
burst27-15
configuring27-46
configuring traffic shaping27-48
mapping DHCP values to27-47
maximum rate27-15
overview27-14
sharing link bandwidth27-15
Quality of service
R
RADIUS server
configure to-Switch communication29-16
configuring settings29-17
parameters on the switch29-16
range command4-4
range macros
defining4-5
ranges of interfaces
configuring4-4
Rapid Spanning Tree
rcommand command9-14
re-authentication of a client
configuring manual29-22
enabling periodic29-21
reduced MAC address13-2
redundancy
configuring6-8
guidelines and restrictions6-7
changes made through SNMP6-8, 6-11
NSF-awareness support6-2
overview6-3
redundancy command6-8
understanding synchronization6-6
redundancy(RPR)
route processor redundancy6-4
synchronization6-6
redundancy(SSO)
route processor redundancy6-4
synchronization6-7
related documentationxxiii
replication
description24-8
reserved-range VLANs
retransmission number
setting in 802.1X authentication29-24
retransmission time
changing in 802.1X authentication29-23
RIP
description1-6
ROM monitor
boot process and3-19
CLI2-6
root bridge
configuring13-9
selecting in MST15-2
root guard
and MST15-2
enabling14-8
overview14-2
routed packets
ACLs33-21
route-map (IP) command25-3
route maps
defining25-3
PBR25-2
router ACLs
description33-2
using with VLAN maps33-20
route targets
VPN26--3
Routing Information Protocol
RSPAN
configuration guidelines37-16
destination ports37-5
IDS37-2
monitored ports37-4
monitoring ports37-5
received traffic37-3
sessions
creating37-17
defined37-3
limiting source traffic to specific VLANs37-23
monitoring VLANs37-22
removing source (monitored) ports37-21
specifying monitored ports37-17
source ports37-4
transmitted traffic37-4
VLAN-based37-5
RSTP
compatibility15-3
description15-2
port roles15-3
port states15-4
S
SAID
scheduling27-14
defined27-5
overview27-6
secondary root switch13-12
secondary VLANs
associating with primary34-6
description34-2
permitting routing34-11
secure ports, configuring30-1
Security Association Identifier
servers, VTP
service-policy command27-30
service-policy input command21-2, 27-35
service-provider networks
and customer VLANs18-2
Layer 2 protocols across18-7
set default interface command25-4
set interface command25-4
set ip default next-hop command25-4
set ip next-hop command25-4
show adjacency command23-9
show boot command3-24
show catalyst4000 chassis-mac-address command13-3
show cdp entry command19-4
show cdp interface command19-3
show cdp neighbors command19-4
show cdp traffic command19-4
show ciscoview package command9-23
show ciscoview version command9-23
show cluster members command9-14
show configuration command4-9
show debugging command19-4
show environment command7-2
show history command2-4
show interfaces command4-12, 4-13
show interfaces status command5-2
show ip cache flow aggregation destination-prefix command38-12
show ip cache flow aggregation prefix command38-12
show ip cache flow aggregation source-prefix command38-12
show ip cache flow command38-9
show ip cef command23-8
show ip interface command24-15
show ip local policy command25-5
show ip mroute command24-15
show ip pim interface command24-15
show l2protocol command18-11
show mac-address-table address command5-3
show mac-address-table interface command5-3
show mls entry command23-8
show PoE consumed8-7
show power command7-15
show power inline command8-6
show power inline consumption command8-4
show power supplies command7-8
show protocols command4-13
show running-config command
adding description for an interface4-9
checking your settings3-9
displaying ACLs33-14, 33-16, 33-23, 33-24
show startup-config command3-10
show users command5-4
show version command3-22
shutdown, command4-14
shutdown threshold for Layer 2 protocol packets18-9
shutting down
interfaces4-14
single spanning tree
slot numbers, description4-2
SmartPort macros
configuration guidelines12-4
configuring12-2
creating and applying12-4
default configuration12-2
defined12-1
displaying12-8
tracing12-4
SNMP
documentation1-11
support1-11
software
upgrading6-12
software configuration register3-19
software switching
description23-5
interfaces23-6
key data structures used24-7
SPAN
and ACLs37-5
configuration guidelines37-7
destination ports37-5
IDS37-2
monitored port, defined37-4
monitoring port, defined37-5
received traffic37-3
sessions
defined37-3
source ports37-4
transmitted traffic37-4
VLAN-based37-5
SPAN and RSPAN
concepts and terminology37-3
default configuration37-6
displaying status37-24
overview37-1
session limits37-6
SPAN destination ports
802.1X authentication not supported29-14
SPAN enhancements
access list filtering37-13
configuration example37-15
CPU port sniffing37-10
encapsulation configuration37-12
ingress packets37-12
packet type filtering37-14
spanning-tree backbonefast command14-15
spanning-tree cost command13-15
spanning-tree guard root command14-8
spanning-tree portfast bpdu-guard command14-12
spanning-tree portfast command14-11
spanning-tree port-priority command13-13
spanning-tree uplinkfast command14-14
spanning-tree vlan
command13-9
command example13-9
spanning-tree vlan command13-8
spanning-tree vlan cost command13-15
spanning-tree vlan forward-time command13-19
spanning-tree vlan hello-time command13-17
spanning-tree vlan max-age command13-18
spanning-tree vlan port-priority command13-13
spanning-tree vlan priority command13-17
spanning-tree vlan root primary command13-10
spanning-tree vlan root secondary command13-12
speed
configuring interface4-7
speed command4-7
SST
description15-2
interoperability15-4
static routes
configuring3-11
verifying3-12
statistics
displaying 802.1X29-25
displaying PIM24-20
NetFlow accounting38-9
sticky learning
configuration file30-2
defined30-2
disabling30-2
enabling30-2
saving addresses30-2
sticky MAC addresses
configuring30-4
defined30-2
Storm Control
disabling36-4
displaying36-4
enabling36-3
hardware-based, implementing36-2
overview36-1
STP
bridge ID13-2
creating topology13-4
defaults13-6
disabling13-19
enabling13-7
enabling extended system ID13-8
enabling Per-VLAN Rapid Spanning Tree13-20
forward-delay time13-18
hello time13-17
Layer 2 protocol tunneling18-7
maximum aging time13-18
per-VLAN rapid spanning tree13-6
port cost13-15
port priority13-13
root bridge13-9
supervisor engine
accessing the redundant6-14
copying files to standby6-14
default configuration3-1
default gateways3-11
environmental monitoring7-1
ROM monitor3-19
startup configuration3-18
static routes3-11
synchronizing configurations6-10
SVIs
and router ACLs33-3
switched packets
and ACLs33-20
Switched Port Analyzer
switching, NetFlow
checking for required hardware38-6
configuration (example)38-12
configuring switched IP flows38-8
enabling Collection38-7
exporting cache entries38-9
switchport
show interfaces4-12
switchport access vlan command11-6, 11-8
switchport block multicast command35-2
switchport block unicast command35-2
switchport mode access command11-8
switchport mode dot1q-tunnel command18-6
switchport mode dynamic command11-6
switchport mode trunk command11-6
switch ports
switchport trunk allowed vlan command11-6
switchport trunk encapsulation command11-6
switchport trunk encapsulation dot1q command11-3
switchport trunk encapsulation isl command11-3
switchport trunk encapsulation negotiate command11-3
switchport trunk native vlan command11-6
switchport trunk pruning vlan command11-6
switch-to-RADIUS server communication
configuring29-16
syslog messages7-2
system
reviewing configuration3-10
settings at startup3-20
system images
loading from Flash memory3-23
modifying boot field3-20
specifying3-23
system MTU
802.1Q tunneling18-5
maximums18-5
T
TACACS+
setting passwords3-15
tagged packets
802.1Q18-3
Layer 2 protocol18-7
TCAM programming and ACLs33-6
Telnet
accessing CLI2-2
disconnecting user sessions5-5
executing5-3
monitoring user sessions5-4
telnet command5-4
TFTP
configuration files in base directory3-5
configuring for autoconfiguration3-4
time exceeded messages5-7
timer
Token Ring
media not supported (note)10-4, 10-10
TOS
description27-4
trace command5-7
traceroute
traceroute mac command5-9
traceroute mac ip command5-9
traffic
blocking flooded35-2
traffic control
using ACLs (figure)33-4
using VLAN maps (figure)33-5
traffic shaping27-15
translational bridge numbers (defaults)10-4
transmit queues
transmit rate27-48
troubleshooting
with traceroute5-7
trunk ports
802.1X authentication not supported on29-14
trunk port security
configuring30-7
trunks
802.1Q restrictions11-5
configuring11-6
configuring access VLANs11-6
configuring allowed VLANs11-6
default interface configuration11-6
different VTP domains11-3
enabling to non-DTP device11-4
encapsulation11-3
specifying native VLAN11-6
understanding11-3
trusted boundary for QoS27-25
trust states
configuring27-44
tunneling
defined18-1
Layer 2 protocol18-7
tunnel ports
802.1Q, configuring18-6
described18-2
incompatibilities with other features18-5
type of service
U
UDLD
default configuration20-2
disabling20-3
enabling20-3
overview20-1
unauthorized ports with 802.1X29-4
unicast
unicast flood blocking
configuring35-1
unicast traffic
blocking35-2
unidirectional ethernet
enabling21-2
example of setting21-2
overview21-1
UniDirectional Link Detection Protocol
UplinkFast
and MST15-2
enabling14-14
MST and15-3
overview14-5
User Based Rate Limiting
configuring27-36
overview27-36
user EXEC mode2-5
user sessions
disconnecting5-5
monitoring5-4
V
VACLs
Layer 4 port operations33-7
virtual LANs
Virtual Private Network
VLAN ACLs
vlan database command10-7
vlan dot1q tag native command18-4
VLAN Management Policy Server
VLAN maps
common uses for33-16
configuration example33-17
configuration guidelines33-13
configuring33-12
creating entries33-13
defined33-3
denying access example33-18
denying packets33-14
displaying33-19
examples33-18
order of entries33-13
permitting packets33-14
router ACLs and33-20
using (figure)33-5
VLANs
allowed on trunk11-6
configuration guidelines10-3
configuring10-4
customer numbering in service-provider networks18-3
default configuration10-4
description1-5
extended range10-3
IDs (default)10-4
interface assignment10-8
limiting source traffic with RSPAN37-23
monitoring with RSPAN37-22
name (default)10-4
normal range10-3
overview10-1
reserved range10-3
VLAN Trunking Protocol
VLAN trunks
overview11-3
VMPS
configuration file example10-29
configuring dynamic access ports on client10-22
configuring retry interval10-24
database configuration file10-29
dynamic port membership
example10-26
reconfirming10-23
reconfirming assignments10-23
reconfirming membership interval10-23
server overview10-17
VMPS client
administering and monitoring10-24
configure switch
configure reconfirmation interval10-23
dynamic ports10-22
entering IP VMPS address10-21
reconfirmation interval10-24
reconfirm VLAM membership10-23
default configuration10-21
dynamic VLAN membership overview10-20
troubleshooting dynamic port VLAN membership10-25
VMPS server
fall-back VLAN10-19
illegal VMPS client requests10-20
overview10-17
security modes
multiple10-19
open10-18
secure10-19
voice interfaces
configuring28-1
Voice over IP
configuring28-1
voice ports
configuring VVID28-2
voice VLAN ports
using 802.1X29-11
VPN
configuring routing in26--5
forwarding26--3
in service provider networks26--1
routes26--2
routing and forwarding table
VRF
defining26--3
tables26--1
VTP
configuration guidelines10-12
configuring transparent mode10-16
default configuration10-12
disabling10-16
Layer 2 protocol tunneling18-7
monitoring10-16
overview10-8
VTP advertisements
description10-9
VTP clients
configuring10-15
VTP domains
description10-9
VTP modes10-9
VTP pruning
enabling10-13
overview10-10
VTP servers
configuring10-14
VTP statistics
displaying10-16
VTP version 2
enabling10-14
overview10-10
VTY and Network Assistant9-13
VVID (voice VLAN ID)
and 802.1X authentication29-11
configuring28-2