A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
X -
Index
A
abbreviating commands 2-4
AC (command switch) 6-9
access-class command 30-16
access control entries
See ACEs
access-denied response, VMPS 13-24
access groups, applying IPv4 ACLs to interfaces 30-17
accessing
clusters, switch 6-12
command switches 6-10
member switches 6-12
switch clusters 6-12
access lists
See ACLs
access ports
in switch clusters 6-8
access ports, defined 11-2
accounting
with 802.1x 10-30
with IEEE 802.1x 10-8
with RADIUS 9-28
with TACACS+ 9-11, 9-17
ACEs
and QoS 32-6
defined 30-2
Ethernet 30-2
IP 30-2
ACLs
ACEs 30-2
any keyword 30-9
applying
time ranges to 30-14
to an interface 30-16
to QoS 32-6
classifying traffic for QoS 32-39
comments in 30-15
compiling 30-17
defined 30-1, 30-5
examples of 30-17, 32-39
extended IP, configuring for QoS classification 32-40
extended IPv4
creating 30-8
matching criteria 30-5
hardware and software handling 30-17
host keyword 30-10
IP
creating 30-5
fragments and QoS guidelines 32-30
implicit deny 30-7, 30-11, 30-13
implicit masks 30-7
matching criteria 30-5
undefined 30-17
IPv4
applying to interfaces 30-16
creating 30-5
matching criteria 30-5
named 30-12
numbers 30-6
terminal lines, setting on 30-16
unsupported features 30-4
MAC extended 30-19, 32-41
matching 30-5, 30-17
monitoring 30-22
named, IPv4 30-12
number per QoS class map 32-30
QoS 32-6, 32-39
resequencing entries 30-12
standard IP, configuring for QoS classification 32-39
standard IPv4
creating 30-7
matching criteria 30-5
support for 1-7
support in hardware 30-17
time ranges 30-14
unsupported features, IPv4 30-4
active link 19-4, 19-5, 19-6
active links 19-2
active traffic monitoring, IP SLAs 31-1
address aliasing 21-2
addresses
displaying the MAC address table 7-26
dynamic
accelerated aging 16-8
changing the aging time 7-21
default aging 16-8
defined 7-19
learning 7-20
removing 7-21
MAC, discovering 7-26
multicast, STP address management 16-8
static
adding and removing 7-23
defined 7-19
address resolution 7-26
Address Resolution Protocol
See ARP
advertisements
CDP 24-1
LLDP 23-1, 23-2
VTP 13-16, 14-3
aggregated ports
See EtherChannel
aggregate policers 32-47
aggregate policing 1-9
aging, accelerating 16-8
aging time
accelerated
for MSTP 17-23
for STP 16-8, 16-21
MAC address table 7-21
maximum
for MSTP 17-23, 17-24
for STP 16-21, 16-22
alarms, RMON 27-3
allowed-VLAN list 13-18
ARP
defined 1-5, 7-26
table
address resolution 7-26
managing 7-26
attributes, RADIUS
vendor-proprietary 9-31
vendor-specific 9-29
authentication
local mode with AAA 9-32
NTP associations 7-4
RADIUS
key 9-21
login 9-23
TACACS+
defined 9-11
key 9-13
login 9-14
See also port-based authentication
authentication failed VLAN
See restricted VLAN
authoritative time source, described 7-2
authorization
with RADIUS 9-27
with TACACS+ 9-11, 9-16
authorized ports with IEEE 802.1x 10-7
autoconfiguration 4-3
automatic discovery
considerations
beyond a noncandidate device 6-7
brand new switches 6-8
connectivity 6-4
different VLANs 6-6
management VLANs 6-7
non-CDP-capable devices 6-6
noncluster-capable devices 6-6
in switch clusters 6-4
See also CDP
automatic QoS
See QoS
automatic recovery, clusters 6-9
See also HSRP
auto-MDIX
configuring 11-16
described 11-16
autonegotiation
duplex mode 1-3
interface configuration guidelines 11-13
mismatches 34-7
autosensing, port speed 1-3
auxiliary VLAN
See voice VLAN
availability, features 1-6
B
BackboneFast
described 18-5
disabling 18-14
enabling 18-13
support for 1-6
backup interfaces
See Flex Links
backup links 19-2
banners
configuring
login 7-18
message-of-the-day login 7-18
default configuration 7-17
when displayed 7-17
Berkeley r-tools replacement 9-44
binding database
DHCP snooping
See DHCP snooping binding database
bindings
DHCP snooping database 20-5
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 22-7
booting
boot loader, function of 4-2
boot process 4-1
manually 4-17
specific image 4-18
boot loader
accessing 4-18
described 4-2
environment variables 4-18
prompt 4-18
trap-door mechanism 4-2
BPDU
error-disabled state 18-2
filtering 18-3
RSTP format 17-12
BPDU filtering
described 18-3
disabling 18-12
enabling 18-12
support for 1-6
BPDU guard
described 18-2
disabling 18-12
enabling 18-11
support for 1-6
bridge protocol data unit
See BPDU
broadcast storm-control command 22-4
broadcast storms 22-1
C
cables, monitoring for unidirectional links 25-1
candidate switch
automatic discovery 6-4
defined 6-3
requirements 6-3
See also command switch, cluster standby group, and member switch
Cisco IE 3000
configuring alarm profiles
attaching an alarm profile to a port 3-11
creating or modifying alarm profiles 3-10
configuring switch alarms3-1to 3-12
configuring the FCS bit error rate alarm
setting the FCS error hysteresis threshold 3-9
setting the FCS error threshold 3-8
configuring the power supply alarm
setting the power mode 3-4, 3-5
setting the power supply alarm options 3-5
configuring the temperature alarms
associating the temperature alarms to a relay 3-7
setting a secondary temperature threshold 3-6, 3-7
default alarm configuration 3-4
displaying Catalyst 2955 switch alarms 3-12
enabling SNMP traps 3-11
FCS error hysteresis threshold 3-2
global status monitoring alarms
power supply alarm 3-2
temperature alarm 3-2
port status monitoring alarms
FCS bit error rate alarm 3-3
link fault alarm 3-3
port is not operating alarm 3-3
port not forwarding alarm 3-3
triggering alarm options
configurable relays 3-3
FCS Bit Error Rate alarm 3-3
methods to trigger 3-3
SNMP traps 3-4
syslog messages 3-4
CA trustpoint
configuring 9-40
defined 9-38
CDP
and trusted boundary 32-34
automatic discovery in switch clusters 6-4
configuring 24-2
default configuration 24-2
defined with LLDP 23-1
described 24-1
disabling for routing device24-3to 24-4
enabling and disabling
on an interface 24-4
on a switch 24-3
monitoring 24-4
overview 24-1
support for 1-5
transmission timer and holdtime, setting 24-2
updates 24-2
CGMP
as IGMP snooping learning method 21-8
joining multicast group 21-3
CipherSuites 9-39
Cisco 7960 IP Phone 15-1
Cisco Discovery Protocol
See CDP
Cisco IOS File System
See IFS
Cisco IOS IP Service Level Agreements (SLAs) responder 1-4
Cisco IOS IP SLAs 31-1
CiscoWorks 2000 1-4, 29-4
CIST regional root
See MSTP
CIST root
See MSTP
civic location 23-3
class maps for QoS
configuring 32-42
described 32-7
displaying 32-67
class of service
See CoS
clearing interfaces 11-20
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-4
editing features
enabling and disabling 2-7
keystroke editing 2-7
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
managing clusters 6-14
no and default forms of commands 2-4
client mode, VTP 14-3
clock
See system clock
clusters, switch
accessing 6-12
automatic discovery 6-4
automatic recovery 6-9
benefits 1-2
compatibility 6-4
described 6-1
LRE profile considerations 6-14
managing
through CLI 6-14
through SNMP 6-15
planning 6-4
planning considerations
automatic discovery 6-4
automatic recovery 6-9
CLI 6-14
host names 6-12
IP addresses 6-12
LRE profiles 6-14
passwords 6-13
RADIUS 6-13
SNMP 6-13, 6-15
TACACS+ 6-13
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
automatic recovery 6-11
considerations 6-10
defined 6-2
requirements 6-3
virtual IP address 6-10
See also HSRP
CNS 1-4
Configuration Engine
configID, deviceID, hostname 5-3
configuration service 5-2
described 5-1
event service 5-3
embedded agents
described 5-5
enabling automated configuration 5-6
enabling configuration agent 5-9
enabling event agent 5-7
management functions 1-4
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 9-8
command switch
accessing 6-10
active (AC) 6-9
configuration conflicts 34-7
defined 6-2
passive (PC) 6-9
password privilege levels 6-14
priority 6-9
recovery
from command-switch failure 6-9, 34-4
from lost member connectivity 34-7
redundant 6-9
replacing
with another switch 34-6
with cluster member 34-4
requirements 6-3
standby (SC) 6-9
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
configuring 6-13, 29-8
for cluster switches 29-4
in clusters 6-13
overview 29-4
SNMP 6-13
compact flash 1-2, 4-2
compatibility, feature 22-12
config.text 4-16
configurable leave timer, IGMP 21-5
configuration, initial
defaults 1-10
Express Setup 1-2
configuration changes, logging 28-10
configuration conflicts, recovering from lost member connectivity 34-7
configuration examples, network 1-12
configuration files
archiving B-19
clearing the startup configuration B-19
creating using a text editor B-10
default name 4-16
deleting a stored configuration B-19
described B-8
downloading
automatically 4-16
preparing B-10, B-13, B-16
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-11
guidelines for creating and using B-9
guidelines for replacing and rolling back B-20
invalid combinations when copying B-5
limiting TFTP server access 29-15
obtaining with DHCP 4-8
password recovery disable considerations 9-5
replacing a running configuration B-19, B-20
rolling back a running configuration B-19, B-20
specifying the filename 4-16
system contact and location information 29-15
types and location B-10
uploading
preparing B-10, B-13, B-16
reasons for B-8
using FTP B-14
using RCP B-18
using TFTP B-12
configuration logger 28-10
configuration logging 2-5
configuration replacement B-19
configuration rollback B-19
configuration settings, saving 4-15
configure terminal command 11-6
configuring small-frame arrival rate 22-5
config-vlan mode 2-2, 13-6
conflicts, configuration 34-7
connections, secure remote 9-33
connectivity problems 34-8, 34-10, 34-11
consistency checks in VTP Version 2 14-4
console port, connecting to 2-10
control protocol, IP SLAs 31-4
corrupted software, recovery steps with Xmodem 34-2
CoS
in Layer 2 frames 32-2
override priority 15-6
trust priority 15-6
CoS input queue threshold map for QoS 32-14
CoS output queue threshold map for QoS 32-16
CoS-to-DSCP map for QoS 32-50
counters, clearing interface 11-20
crashinfo file 34-17
critical authentication, IEEE 802.1x 10-34
cryptographic software image
SSH 9-33
SSL 9-37
D
daylight saving time 7-13
debugging
enabling all system diagnostics 34-15
enabling for a specific feature 34-14
redirecting error message output 34-15
using commands 34-14
default commands 2-4
default configuration
802.1x 10-19
auto-QoS 32-18
banners 7-17
booting 4-16
CDP 24-2
DHCP 20-7
DHCP option 82 20-7
DHCP snooping 20-7
DHCP snooping binding database 20-7
DNS 7-16
EtherChannel 33-9
Ethernet interfaces 11-10
Flex Links 19-8
IGMP filtering 21-24
IGMP snooping 21-6
IGMP throttling 21-24
initial switch information 4-3
IP SLAs 31-5
Layer 2 interfaces 11-10
LLDP 23-3
MAC address table 7-20
MAC address-table move update 19-8
MSTP 17-14
MVR 21-19
NTP 7-4
optional spanning-tree configuration 18-9
password and privilege level 9-2
RADIUS 9-20
RMON 27-3
RSPAN 26-9
SDM template 8-2
SNMP 29-6
SPAN 26-9
SSL 9-40
standard QoS 32-27
STP 16-11
system message logging 28-3
system name and prompt 7-15
TACACS+ 9-13
UDLD 25-4
VLAN, Layer 2 Ethernet interfaces 13-16
VLANs 13-7
VMPS 13-25
voice VLAN 15-3
VTP 14-6
default gateway 4-14
deleting VLANs 13-9
denial-of-service attack 22-1
description command 11-17
designing your network, examples 1-12
destination addresses
in IPv4 ACLs 30-9
destination-IP address-based forwarding, EtherChannel 33-7
destination-MAC address forwarding, EtherChannel 33-6
detecting indirect link failures, STP 18-5
device B-23
device discovery protocol 23-1, 24-1
device manager
benefits 1-2
described 1-2, 1-4
in-band management 1-5
upgrading a switch B-23
DHCP
Cisco IOS server database
configuring 20-10
enabling
relay agent 20-8
DHCP-based autoconfiguration
client request message exchange 4-4
configuring
client side 4-3
DNS 4-7
relay device 4-8
server side 4-6
TFTP server 4-7
example 4-9
lease options
for IP address information 4-6
for receiving the configuration file 4-6
overview 4-3
relationship to BOOTP 4-4
relay support 1-5
support for 1-4
DHCP-based autoconfiguration and image update
configuring4-11to 4-14
understanding 4-5
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 20-5
configuration guidelines 20-7
default configuration 20-7
displaying 20-12
overview 20-3
packet format, suboption
circuit ID 20-5
remote ID 20-5
remote ID suboption 20-5
DHCP snooping
accepting untrusted packets form edge switch 20-3, 20-9
binding database
See DHCP snooping binding database
configuration guidelines 20-7
default configuration 20-7
displaying binding tables 20-12
message exchange process 20-4
option 82 data insertion 20-3
trusted interface 20-2
untrusted interface 20-2
untrusted messages 20-2
DHCP snooping binding database
adding bindings 20-11
binding entries, displaying 20-12
binding file
format 20-6
location 20-5
bindings 20-5
clearing agent statistics 20-11
configuration guidelines 20-8
configuring 20-11
default configuration 20-7
deleting
binding file 20-11
bindings 20-11
database agent 20-11
described 20-5
displaying 20-12
displaying status and statistics 20-12
enabling 20-11
entry 20-5
renewing database 20-11
resetting
delay value 20-11
timeout value 20-11
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 32-2
Differentiated Services Code Point 32-2
directed unicast requests 1-5
directories
changing B-4
creating and removing B-4
displaying the working B-4
discovery, clusters
See automatic discovery
DNS
and DHCP-based autoconfiguration 4-7
default configuration 7-16
displaying the configuration 7-17
overview 7-15
setting up 7-16
support for 1-4
domain names
DNS 7-15
VTP 14-8
Domain Name System
See DNS
downloading
configuration files
preparing B-10, B-13, B-16
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-11
image files
deleting old image B-27
preparing B-25, B-28, B-32
reasons for B-23
using CMS 1-2
using FTP B-29
using HTTP 1-2, B-23
using RCP B-33
using TFTP B-25
using the device manager or Network Assistant B-23
DSCP 1-8, 1-9, 32-2
DSCP input queue threshold map for QoS 32-14
DSCP output queue threshold map for QoS 32-16
DSCP-to-CoS map for QoS 32-53
DSCP-to-DSCP-mutation map for QoS 32-54
DSCP transparency 32-35
DTP 1-7, 13-14
dual-purpose uplinks
defined 11-4
LEDs 11-4
link selection 11-4, 11-11
setting the type 11-11
dynamic access ports
characteristics 13-3
configuring 13-26
defined 11-3
dynamic addresses
See addresses
dynamic auto trunking mode 13-15
dynamic desirable trunking mode 13-15
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 13-24
reconfirming 13-27
troubleshooting 13-29
types of connections 13-26
Dynamic Trunking Protocol
See DTP
E
editing features
enabling and disabling 2-7
keystrokes used 2-7
wrapped lines 2-9
ELIN location 23-3
enable password 9-3
enable secret password 9-3
encryption, CipherSuite 9-39
encryption for passwords 9-3
environment variables, function of 4-19
error-disabled state, BPDU 18-2
error messages during command entry 2-5
EtherChannel
automatic creation of 33-4, 33-5
channel groups
binding physical and logical interfaces 33-3
numbering of 33-3
configuration guidelines 33-9
configuring Layer 2 interfaces 33-10
default configuration 33-9
described 33-2
displaying status 33-16
forwarding methods 33-6, 33-12
IEEE 802.3ad, described 33-5
interaction
with STP 33-9
with VLANs 33-10
LACP
described 33-5
displaying status 33-16
hot-standby ports 33-14
interaction with other features 33-6
modes 33-5
port priority 33-15
system priority 33-15
load balancing 33-6, 33-12
PAgP
aggregate-port learners 33-13
compatibility with Catalyst 1900 33-13
described 33-4
displaying status 33-16
interaction with other features 33-5
learn method and priority configuration 33-13
modes 33-4
support for 1-3
port-channel interfaces
described 33-3
numbering of 33-3
port groups 11-3
support for 1-3
EtherChannel guard
described 18-7
disabling 18-14
enabling 18-14
Ethernet VLANs
adding 13-8
defaults and ranges 13-7
modifying 13-8
events, RMON 27-3
examples
network configuration 1-12
expedite queue for QoS 32-66
Express Setup 1-2
See also getting started guide
extended crashinfo file 34-17
extended-range VLANs
configuration guidelines 13-12
configuring 13-11
creating 13-12
defined 13-1
extended system ID
MSTP 17-17
STP 16-4, 16-14
Extensible Authentication Protocol over LAN 10-1
F
fa0 interface 1-5
Fast Convergence 19-3
features, incompatible 22-12
fiber-optic, detecting unidirectional links 25-1
files
basic crashinfo
location 34-17
copying B-5
crashinfo, description 34-17
deleting B-5
displaying the contents of B-8
extended crashinfo
description 34-18
location 34-18
tar
creating B-6
displaying the contents of B-7
extracting B-7
image file format B-24
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-5
setting the default B-3
filtering
non-IP traffic 30-19
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
See ACLs, IP
flash device, number of B-1
Flex Link Multicast Fast Convergence 19-3
Flex Links
configuration guidelines 19-8
configuring 19-9
configuring preferred VLAN 19-12
configuring VLAN load balancing 19-11
default configuration 19-8
description 19-1
link load balancing 19-2
monitoring 19-14
VLANs 19-2
flooded traffic, blocking 22-8
flow-based packet classification 1-9
flowcharts
QoS classification 32-6
QoS egress queueing and scheduling 32-15
QoS ingress queueing and scheduling 32-13
QoS policing and marking 32-9
flowcontrol
configuring 11-15
described 11-15
forward-delay time
MSTP 17-23
STP 16-21
FTP
accessing MIB files A-3
configuration files
downloading B-13
overview B-12
preparing the server B-13
uploading B-14
image files
deleting old image B-31
downloading B-29
preparing the server B-28
uploading B-31
G
general query 19-5
Generating IGMP Reports 19-3
get-bulk-request operation 29-3
get-next-request operation 29-3, 29-4
get-request operation 29-3, 29-4
get-response operation 29-3
global configuration mode 2-2
global leave, IGMP 21-12
guest VLAN and 802.1x 10-11
guide mode 1-2
GUIs
See device manager and Network Assistant
H
hello time
MSTP 17-22
STP 16-20
help, for the command line 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 28-10
host names, in clusters 6-12
hosts, limit on dynamic ports 13-29
HP OpenView 1-4
HSRP
automatic cluster recovery 6-11
cluster standby group considerations 6-10
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
see HTTPS
HTTPS 9-38
configuring 9-41
self-signed certificate 9-38
HTTP secure server 9-38
I
ICMP
time-exceeded messages 34-12
traceroute and 34-12
ICMP ping
executing 34-9
overview 34-9
IDS appliances
and ingress RSPAN 26-20
and ingress SPAN 26-13
IEEE 802.1D
See STP
IEEE 802.1p 15-1
IEEE 802.1Q
and trunk ports 11-3
configuration limitations 13-15
encapsulation 13-14
native VLAN for untagged traffic 13-19
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3x flow control 11-15
ifIndex values, SNMP 29-5
IFS 1-5
IGMP
configurable leave timer
described 21-5
enabling 21-10
flooded multicast traffic
controlling the length of time 21-11
disabling on an interface 21-12
global leave 21-12
query solicitation 21-12
recovering from flood mode 21-12
joining multicast group 21-3
join messages 21-3
leave processing, enabling 21-10
leaving multicast group 21-5
queries 21-4
report suppression
described 21-6
disabling 21-15
supported versions 21-2
support for 1-3
IGMP filtering
configuring 21-24
default configuration 21-24
described 21-23
monitoring 21-28
support for 1-3
IGMP groups
configuring filtering 21-26
setting the maximum number 21-26
IGMP Immediate Leave
configuration guidelines 21-10
described 21-5
enabling 21-10
IGMP profile
applying 21-25
configuration mode 21-24
configuring 21-24
IGMP snooping
and address aliasing 21-2
configuring 21-6
default configuration 21-6
definition 21-1
enabling and disabling 21-7
global configuration 21-7
Immediate Leave 21-5
method 21-8
monitoring 21-15
querier
configuration guidelines 21-13
configuring 21-13
supported versions 21-2
support for 1-3
VLAN configuration 21-7
IGMP throttling
configuring 21-26
default configuration 21-24
described 21-23
displaying action 21-28
Immediate Leave, IGMP 21-5
inaccessible authentication bypass 10-13
initial configuration
defaults 1-10
Express Setup 1-2
interface
range macros 11-8
interface command11-5to 11-6
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 11-16
configuration guidelines
duplex and speed 11-13
configuring
procedure 11-6
counters, clearing 11-20
default configuration 11-10
described 11-17
descriptive name, adding 11-17
displaying information about 11-19
flow control 11-15
management 1-4
monitoring 11-19
naming 11-17
physical, identifying 11-5
range of 11-6
restarting 11-20
shutting down 11-20
speed and duplex, configuring 11-14
status 11-19
supported 11-4
types of 11-1
interfaces range macro command 11-8
interface types 11-5
Intrusion Detection System
See IDS appliances
inventory management TLV 23-2, 23-6
IP ACLs
for QoS classification 32-6
implicit deny 30-7, 30-11
implicit masks 30-7
named 30-12
undefined 30-17
IP addresses
candidate or member 6-3, 6-12
cluster access 6-2
command switch 6-3, 6-10, 6-12
discovering 7-26
redundant clusters 6-10
standby command switch 6-10, 6-12
See also IP information
ip igmp profile command 21-24
IP information
assigned
manually 4-14
through DHCP-based autoconfiguration 4-3
default configuration 4-3
IP phones
and QoS 15-1
automatic classification and queueing 32-18
configuring 15-4
ensuring port security with QoS 32-34
trusted boundary for QoS 32-34
IP precedence 32-2
IP-precedence-to-DSCP map for QoS 32-51
IP protocols in ACLs 30-9
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 31-1
IP SLAs
benefits 31-2
configuration guidelines 31-5
Control Protocol 31-4
default configuration 31-5
definition 31-1
measuring network performance 31-2
monitoring 31-6
operation 31-3
responder
described 31-4
enabling 31-6
response time 31-4
SNMP support 31-2
supported metrics 31-2
IP traceroute
executing 34-12
overview 34-11
IPv4 ACLs
applying to interfaces 30-16
extended, creating 30-8
named 30-12
standard, creating 30-7
J
join messages, IGMP 21-3
L
LACP
See EtherChannel
Layer 2 frames, classification with CoS 32-2
Layer 2 interfaces, default configuration 11-10
Layer 2 traceroute
and ARP 34-11
and CDP 34-10
broadcast traffic 34-10
described 34-10
IP addresses and subnets 34-11
MAC addresses and VLANs 34-11
multicast traffic 34-11
multiple devices on a port 34-11
unicast traffic 34-10
usage guidelines 34-10
Layer 3 packets, classification methods 32-2
LDAP 5-2
Leaking IGMP Reports 19-4
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-3
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 17-7
Link Layer Discovery Protocol
See CDP
link redundancy
See Flex Links
links, unidirectional 25-1
link-state tracking
configuring 33-19
described 33-17
LLDP
configuring 23-3
characteristics 23-4
default configuration 23-3
disabling and enabling
globally 23-4
on an interface 23-5
monitoring and maintaining 23-7
overview 23-1
supported TLVs 23-2
switch stack considerations 23-2
transmission timer and holdtime, setting 23-4
LLDP-MED
configuring
procedures 23-3
TLVs 23-6
monitoring and maintaining 23-7
overview 23-1, 23-2
supported TLVs 23-2
LLDP Media Endpoint Discovery
See LLDP-MED
local SPAN 26-2
location TLV 23-3, 23-6
login authentication
with RADIUS 9-23
with TACACS+ 9-14
login banners 7-17
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-13
loop guard
described 18-9
enabling 18-15
support for 1-6
LRE profiles, considerations in switch clusters 6-14
M
MAC/PHY configuration status TLV 23-2
MAC addresses
aging time 7-21
and VLAN association 7-20
building the address table 7-20
default configuration 7-20
discovering 7-26
displaying 7-26
dynamic
learning 7-20
removing 7-21
in ACLs 30-19
static
adding 7-24
allowing 7-25
characteristics of 7-23
dropping 7-25
removing 7-24
MAC address notification, support for 1-9
MAC address-table move update
configuration guidelines 19-8
configuring 19-12
default configuration 19-8
description 19-6
monitoring 19-14
MAC address-to-VLAN mapping 13-24
MAC authentication bypass 10-9
MAC extended access lists
applying to Layer 2 interfaces 30-21
configuring for QoS 32-41
creating 30-19
defined 30-19
for QoS classification 32-5
macros
See Smartports macros
magic packet 10-15
manageability features 1-4
management access
in-band
browser session 1-5
CLI session 1-5
device manager 1-5
SNMP 1-5
out-of-band console port connection 1-5
management address TLV 23-2
management options
CLI 2-1
clustering 1-3
CNS 5-1
Network Assistant 1-2
overview 1-4
management VLAN
considerations in switch clusters 6-7
discovery through different management VLANs 6-7
mapping tables for QoS
configuring
CoS-to-DSCP 32-50
DSCP 32-49
DSCP-to-CoS 32-53
DSCP-to-DSCP-mutation 32-54
IP-precedence-to-DSCP 32-51
policed-DSCP 32-52
described 32-10
marking
action with aggregate policers 32-47
described 32-3, 32-8
matching, IPv4 ACLs 30-5
maximum aging time
MSTP 17-23
STP 16-21
maximum hop count, MSTP 17-24
membership mode, VLAN port 13-3
member switch
automatic discovery 6-4
defined 6-2
managing 6-14
passwords 6-12
recovering from lost connectivity 34-7
requirements 6-3
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 7-17
MIBs
accessing files with FTP A-3
location of files A-3
overview 29-1
SNMP interaction with 29-4
supported A-1
mirroring traffic for analysis 26-1
mismatches, autonegotiation 34-7
module number 11-5
monitoring
access groups 30-22
cables for unidirectional links 25-1
CDP 24-4
features 1-9
Flex Links 19-14
IGMP
filters 21-28
snooping 21-15
interfaces 11-19
IP SLAs operations 31-6
IPv4 ACL configuration 30-22
MAC address-table move update 19-14
multicast router interfaces 21-16
MVR 21-22
network traffic for analysis with probe 26-2
port
blocking 22-18
protection 22-18
SFP status 11-19, 34-8
speed and duplex mode 11-14
traffic flowing among switches 27-1
traffic suppression 22-18
VLANs 13-13
VMPS 13-28
VTP 14-16
mrouter Port 19-3
mrouter port 19-5
MSTP
boundary ports
configuration guidelines 17-15
described 17-6
BPDU filtering
described 18-3
enabling 18-12
BPDU guard
described 18-2
enabling 18-11
CIST, described 17-3
CIST regional root 17-3
CIST root 17-5
configuration guidelines 17-14, 18-10
configuring
forward-delay time 17-23
hello time 17-22
link type for rapid convergence 17-24
maximum aging time 17-23
maximum hop count 17-24
MST region 17-15
neighbor type 17-25
path cost 17-20
port priority 17-19
root switch 17-17
configuring (continued)
secondary root switch 17-18
switch priority 17-21
CST
defined 17-3
operations between regions 17-3
default configuration 17-14
default optional feature configuration 18-9
displaying status 17-26
enabling the mode 17-15
EtherChannel guard
described 18-7
enabling 18-14
extended system ID
effects on root switch 17-17
effects on secondary root switch 17-18
unexpected behavior 17-17
IEEE 802.1s
implementation 17-6
port role naming change 17-6
terminology 17-5
instances supported 16-9
interface state, blocking to forwarding 18-2
interoperability and compatibility among modes 16-10
interoperability with IEEE 802.1D
described 17-8
restarting migration process 17-25
IST
defined 17-2
master 17-3
operations within a region 17-3
loop guard
described 18-9
enabling 18-15
mapping VLANs to MST instance 17-16
MST region
CIST 17-3
configuring 17-15
described 17-2
hop-count mechanism 17-5
IST 17-2
supported spanning-tree instances 17-2
optional features supported 1-6
overview 17-2
Port Fast
described 18-2
enabling 18-10
preventing root switch selection 18-8
root guard
described 18-8
enabling 18-15
root switch
configuring 17-17
effects of extended system ID 17-17
unexpected behavior 17-17
shutdown Port Fast-enabled port 18-2
status, displaying 17-26
multicast groups
Immediate Leave 21-5
joining 21-3
leaving 21-5
static joins 21-9
multicast router interfaces, monitoring 21-16
multicast router ports, adding 21-9
multicast storm 22-1
multicast storm-control command 22-4
multicast television application 21-17
multicast VLAN 21-16
Multicast VLAN Registration
See MVR
MVR
and address aliasing 21-20
and IGMPv3 21-20
configuration guidelines 21-19
configuring interfaces 21-21
default configuration 21-19
described 21-16
example application 21-17
modes 21-20
monitoring 21-22
multicast television application 21-17
setting global parameters 21-20
support for 1-3
N
NAC
critical authentication 10-13, 10-34
IEEE 802.1x authentication using a RADIUS server 10-38
IEEE 802.1x validation using RADIUS server 10-38
inaccessible authentication bypass 10-34
Layer 2 IEEE 802.1x validation 1-8, 10-17, 10-38
named IPv4 ACLs 30-12
NameSpace Mapper
See NSM
native VLAN
configuring 13-19
default 13-19
Network Admission Control
See NAC
Network Admission Control Software Configuration Guide 10-40, 10-41
Network Assistant
benefits 1-2
described 1-4
downloading image files 1-2
guide mode 1-2
management options 1-2
upgrading a switch B-23
wizards 1-2
network configuration examples
increasing network performance 1-12
providing network services 1-13
network design
performance 1-13
services 1-13
network management
CDP 24-1
RMON 27-1
SNMP 29-1
network performance, measuring with IP SLAs 31-2
network policy TLV 23-2, 23-6
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
described 32-8
non-IP traffic filtering 30-19
nontrunking mode 13-15
normal-range VLANs 13-4
configuration guidelines 13-5
configuration modes 13-6
configuring 13-4
defined 13-1
NSM 5-3
NTP
associations
authenticating 7-4
defined 7-2
enabling broadcast messages 7-6
peer 7-5
server 7-5
default configuration 7-4
displaying the configuration 7-11
overview 7-2
restricting access
creating an access group 7-8
disabling NTP services per interface 7-10
source IP address, configuring 7-10
stratum 7-2
support for 1-5
synchronizing devices 7-5
time
services 7-2
synchronizing 7-2
O
optimizing system resources 8-1
options, management 1-4
out-of-profile markdown 1-9
P
packet modification, with QoS 32-17
PAgP
See EtherChannel
passwords
default configuration 9-2
disabling recovery of 9-5
encrypting 9-3
for security 1-7
in clusters 6-13
overview 9-1
recovery of 34-3
setting
enable 9-3
enable secret 9-3
Telnet 9-6
with usernames 9-6
VTP domain 14-8
path cost
MSTP 17-20
STP 16-18
PC (passive command switch) 6-9
performance, network design 1-12
performance features 1-3
persistent self-signed certificate 9-38
per-VLAN spanning-tree plus
See PVST+
physical ports 11-2
PIM-DVMRP, as snooping method 21-8
ping
character output description 34-9
executing 34-9
overview 34-9
policed-DSCP map for QoS 32-52
policers
configuring
for each matched traffic class 32-44
for more than one traffic class 32-47
described 32-3
displaying 32-67
number of 32-30
types of 32-8
policing
described 32-3
token-bucket algorithm 32-8
policy maps for QoS
characteristics of 32-44
described 32-7
displaying 32-67
nonhierarchical on physical ports
described 32-8
port ACLs, described 30-2
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 10-8
authentication server
defined 10-2
RADIUS server 10-2
client, defined 10-2
configuration guidelines 10-20
configuring
802.1x authentication 10-23
guest VLAN 10-31
host mode 10-26
inaccessible authentication bypass 10-34
manual re-authentication of a client 10-27
periodic re-authentication 10-26
quiet period 10-28
RADIUS server 10-25
RADIUS server parameters on the switch 10-24
restricted VLAN 10-32
switch-to-client frame-retransmission number 10-29
switch-to-client retransmission time 10-28
default configuration 10-19
described 10-1
device roles 10-2
displaying statistics 10-42
EAPOL-start frame 10-5
EAP-request/identity frame 10-5
EAP-response/identity frame 10-5
encapsulation 10-3
guest VLAN
configuration guidelines 10-12, 10-13
described 10-11
host mode 10-7
inaccessible authentication bypass
configuring 10-34
described 10-13
guidelines 10-22
initiation and message exchange 10-5
magic packet 10-15
method lists 10-23
multiple-hosts mode, described 10-8
ports
authorization state and dot1x port-control command 10-7
authorized and unauthorized 10-7
critical 10-13
voice VLAN 10-14
port security
and voice VLAN 10-15
described 10-15
interactions 10-15
multiple-hosts mode 10-8
readiness check
configuring 10-22
described 10-9, 10-22
resetting to default values 10-42
statistics, displaying 10-42
switch
as proxy 10-3
RADIUS client 10-3
VLAN assignment
AAA authorization 10-23
characteristics 10-10
configuration tasks 10-11
described 10-10
voice VLAN
described 10-14
PVID 10-14
VVID 10-14
wake-on-LAN, described 10-15
port blocking 1-3, 22-7
port-channel
See EtherChannel
port description TLV 23-2
Port Fast
described 18-2
enabling 18-10
mode, spanning tree 13-25
support for 1-6
port membership modes, VLAN 13-3
port priority
MSTP 17-19
STP 16-16
ports
access 11-2
blocking 22-7
dual-purpose uplink 11-4
dynamic access 13-3
protected 22-6
secure 22-8
static-access 13-3, 13-10
switch 11-2
trunks 13-3, 13-14
VLAN assignments 13-10
port security
aging 22-17
and QoS trusted boundary 32-34
configuring 22-12
default configuration 22-11
described 22-8
displaying 22-18
on trunk ports 22-14
sticky learning 22-9
violations 22-10
with other features 22-11
port-shutdown response, VMPS 13-24
port VLAN ID TLV 23-2
power management TLV 23-2, 23-6
preemption, default configuration 19-8
preemption delay, default configuration 19-8
preferential treatment of traffic
See QoS
preventing unauthorized access 9-1
primary links 19-2
priority
overriding CoS 15-6
trusting CoS 15-6
private VLAN edge ports
See protected ports
privileged EXEC mode 2-2
privilege levels
changing the default for lines 9-9
command switch 6-14
exiting 9-9
logging into 9-9
mapping on member switches 6-14
overview 9-2, 9-7
setting a command with 9-8
protected ports 1-7, 22-6
proxy reports 19-3
pruning, VTP
disabling
in VTP domain 14-14
on a port 13-19
enabling
in VTP domain 14-14
on a port 13-19
examples 14-5
overview 14-4
pruning-eligible list
changing 13-19
for VTP pruning 14-4
VLANs 14-14
PVST+
described 16-9
IEEE 802.1Q trunking interoperability 16-10
instances supported 16-9
Q
QoS
and MQC commands 32-1
auto-QoS
categorizing traffic 32-18
configuration and defaults display 32-26
configuration guidelines 32-23
described 32-18
disabling 32-24
displaying generated commands 32-24
displaying the initial configuration 32-26
effects on running configuration 32-23
egress queue defaults 32-19
enabling for VoIP 32-24
example configuration 32-25
ingress queue defaults 32-19
list of generated commands 32-20
basic model 32-3
classification
class maps, described 32-7
defined 32-3
DSCP transparency, described 32-35
flowchart 32-6
forwarding treatment 32-3
in frames and packets 32-2
IP ACLs, described 32-5, 32-6
MAC ACLs, described 32-5, 32-6
options for IP traffic 32-5
options for non-IP traffic 32-4
policy maps, described 32-7
trust DSCP, described 32-4
trusted CoS, described 32-4
trust IP precedence, described 32-4
class maps
configuring 32-42
displaying 32-67
configuration guidelines
auto-QoS 32-23
standard QoS 32-30
configuring
aggregate policers 32-47
auto-QoS 32-18
default port CoS value 32-33
DSCP maps 32-49
DSCP transparency 32-35
DSCP trust states bordering another domain 32-36
egress queue characteristics 32-60
ingress queue characteristics 32-55
IP extended ACLs 32-40
IP standard ACLs 32-39
MAC ACLs 32-41
port trust states within the domain 32-32
trusted boundary 32-34
default auto configuration 32-18
default standard configuration 32-27
displaying statistics 32-67
DSCP transparency 32-35
egress queues
allocating buffer space 32-61
buffer allocation scheme, described 32-15
configuring shaped weights for SRR 32-64
configuring shared weights for SRR 32-65
described 32-3
displaying the threshold map 32-63
flowchart 32-15
mapping DSCP or CoS values 32-63
scheduling, described 32-4
setting WTD thresholds 32-61
WTD, described 32-16
enabling globally 32-31
flowcharts
classification 32-6
egress queueing and scheduling 32-15
ingress queueing and scheduling 32-13
policing and marking 32-9
implicit deny 32-6
ingress queues
allocating bandwidth 32-58
allocating buffer space 32-57
buffer and bandwidth allocation, described 32-14
configuring shared weights for SRR 32-58
configuring the priority queue 32-59
described 32-3
displaying the threshold map 32-57
flowchart 32-13
mapping DSCP or CoS values 32-56
priority queue, described 32-14
scheduling, described 32-3
setting WTD thresholds 32-56
WTD, described 32-14
IP phones
automatic classification and queueing 32-18
detection and trusted settings 32-18, 32-34
limiting bandwidth on egress interface 32-66
mapping tables
CoS-to-DSCP 32-50
displaying 32-67
DSCP-to-CoS 32-53
DSCP-to-DSCP-mutation 32-54
IP-precedence-to-DSCP 32-51
policed-DSCP 32-52
types of 32-10
marked-down actions 32-46
marking, described 32-3, 32-8
overview 32-1
packet modification 32-17
policers
configuring 32-46, 32-48
described 32-8
displaying 32-67
number of 32-30
types of 32-8
policies, attaching to an interface 32-8
policing
described 32-3, 32-8
token bucket algorithm 32-8
policy maps
characteristics of 32-44
displaying 32-67
nonhierarchical on physical ports 32-44
QoS label, defined 32-3
queues
configuring egress characteristics 32-60
configuring ingress characteristics 32-55
high priority (expedite) 32-17, 32-66
location of 32-11
SRR, described 32-12
WTD, described 32-11
rewrites 32-17
support for 1-8
trust states
bordering another domain 32-36
described 32-4
trusted device 32-34
within the domain 32-32
quality of service
See QoS
queries, IGMP 21-4
query solicitation, IGMP 21-12
R
RADIUS
attributes
vendor-proprietary 9-31
vendor-specific 9-29
configuring
accounting 9-28
authentication 9-23
authorization 9-27
communication, global 9-21, 9-29
communication, per-server 9-20, 9-21
multiple UDP ports 9-20
default configuration 9-20
defining AAA server groups 9-25
displaying the configuration 9-31
identifying the server 9-20
in clusters 6-13
limiting the services to the user 9-27
method list, defined 9-19
operation of 9-19
overview 9-18
suggested network environments 9-18
support for 1-8
tracking services accessed by user 9-28
range
macro 11-8
of interfaces 11-7
rapid convergence 17-9
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 16-9
IEEE 802.1Q trunking interoperability 16-10
instances supported 16-9
Rapid Spanning Tree Protocol
See RSTP
rcommand command 6-14
RCP
configuration files
downloading B-17
overview B-15
preparing the server B-16
uploading B-18
image files
deleting old image B-35
downloading B-33
preparing the server B-32
uploading B-35
readiness check
port-based authentication
configuring 10-22
described 10-9, 10-22
reconfirmation interval, VMPS, changing 13-27
reconfirming dynamic VLAN membership 13-27
recovery procedures 34-1
redundancy
EtherChannel 33-2
STP
backbone 16-8
path cost 13-22
port priority 13-20
redundant links and UplinkFast 18-13
reloading software 4-20
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 26-2
report suppression, IGMP
described 21-6
disabling 21-15
resequencing ACL entries 30-12
resetting a UDLD-shutdown interface 25-6
responder, IP SLAs
described 31-4
enabling 31-6
response time, measuring with IP SLAs 31-4
restricted VLAN
configuring 10-32
described 10-12
using with IEEE 802.1x 10-12
restricting access
NTP services 7-8
overview 9-1
passwords and privilege levels 9-2
RADIUS 9-17
TACACS+ 9-10
retry count, VMPS, changing 13-28
RFC
1112, IP multicast and IGMP 21-2
1157, SNMPv1 29-2
1305, NTP 7-2
1757, RMON 27-2
1901, SNMPv2C 29-2
1902 to 1907, SNMPv2 29-2
2236, IP multicast and IGMP 21-2
2273-2275, SNMPv3 29-2
RMON
default configuration 27-3
displaying status 27-6
enabling alarms and events 27-3
groups supported 27-2
overview 27-1
statistics
collecting group Ethernet 27-5
collecting group history 27-5
support for 1-10
root guard
described 18-8
enabling 18-15
support for 1-6
root switch
MSTP 17-17
STP 16-14
RSPAN
characteristics 26-7
configuration guidelines 26-16
default configuration 26-9
defined 26-2
destination ports 26-6
displaying status 26-22
interaction with other features 26-8
monitored ports 26-5
monitoring ports 26-6
overview 1-9, 26-1
received traffic 26-4
sessions
creating 26-16
defined 26-3
limiting source traffic to specific VLANs 26-21
specifying monitored ports 26-16
with ingress traffic enabled 26-20
source ports 26-5
transmitted traffic 26-5
VLAN-based 26-6
RSTP
active topology 17-9
BPDU
format 17-12
processing 17-12
designated port, defined 17-9
designated switch, defined 17-9
interoperability with IEEE 802.1D
described 17-8
restarting migration process 17-25
topology changes 17-13
overview 17-8
port roles
described 17-9
synchronized 17-11
proposal-agreement handshake process 17-10
rapid convergence
described 17-9
edge ports and Port Fast 17-9
point-to-point links 17-10, 17-24
root ports 17-10
root port, defined 17-9
See also MSTP
running configuration
replacing B-19, B-20
rolling back B-19, B-20
running configuration, saving 4-15
S
SC (standby command switch) 6-9
scheduled reloads 4-20
SCP
and SSH 9-44
configuring 9-44
SDM
described 8-1
templates
configuring 8-2
number of 8-1
SDM template
configuration guidelines 8-2
configuring 8-2
types of 8-1
Secure Copy Protocol
secure HTTP client
configuring 9-43
displaying 9-43
secure HTTP server
configuring 9-41
displaying 9-43
secure MAC addresses
deleting 22-16
maximum number of 22-9
types of 22-9
secure ports, configuring 22-8
secure remote connections 9-33
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 22-8
security features 1-7
See SCP
sequence numbers in log messages 28-8
server mode, VTP 14-3
service-provider network, MSTP and RSTP 17-1
set-request operation 29-4
setup program
failed command switch replacement 34-6
replacing failed command switch 34-4
severity levels, defining in system messages 28-8
SFPs
monitoring status of 11-19, 34-8
security and identification 34-8
status, displaying 34-8
shaped round robin
See SRR
show access-lists hw-summary command 30-17
show alarm commands 3-6, 3-7, 3-10, 3-11, 3-12
show and more command output, filtering 2-10
show cdp traffic command 24-5
show cluster members command 6-14
show configuration command 11-17
show controllers lre profile mapping 3-7
show forward command 34-15
show interfaces command 11-14, 11-17
show interfaces switchport 19-4
show lldp traffic command 23-7
show platform forward command 34-15
show running-config command
displaying ACLs 30-16, 30-17
interface description in 11-17
shutdown command on interfaces 11-20
Simple Network Management Protocol
See SNMP
small-frame arrival rate, configuring 22-5
Smartports macros
applying Cisco-default macros 12-6
applying global parameter values 12-5, 12-6
applying macros 12-5
applying parameter values 12-5, 12-7
configuration guidelines 12-3
creating 12-4
default configuration 12-2
defined 12-1
displaying 12-8
tracing 12-3
SNAP 24-1
SNMP
accessing MIB variables with 29-4
agent
described 29-3
disabling 29-7
and IP SLAs 31-2
authentication level 29-10
community strings
configuring 29-8
for cluster switches 29-4
overview 29-4
configuration examples 29-16
default configuration 29-6
engine ID 29-7
groups 29-6, 29-9
host 29-6
ifIndex values 29-5
in-band management 1-5
in clusters 6-13
informs
and trap keyword 29-11
described 29-5
differences from traps 29-5
disabling 29-15
enabling 29-15
limiting access by TFTP servers 29-15
limiting system log messages to NMS 28-10
manager functions 1-4, 29-3
managing clusters with 6-15
MIBs
location of A-3
supported A-1
notifications 29-5
overview 29-1, 29-4
security levels 29-3
status, displaying 29-17
system contact and location 29-15
trap manager, configuring 29-13
traps
described 29-3, 29-5
differences from informs 29-5
disabling 29-15
enabling 29-11
enabling MAC address notification 7-21
overview 29-1, 29-4
types of 29-11
users 29-6, 29-9
versions supported 29-2
SNMPv1 29-2
SNMPv2C 29-2
SNMPv3 29-2
snooping, IGMP 21-1
software images
location in flash B-23
recovery procedures 34-2
scheduling reloads 4-20
tar file format, described B-24
See also downloading and uploading
source addresses
in IPv4 ACLs 30-9
source-and-destination-IP address based forwarding, EtherChannel 33-7
source-and-destination MAC address forwarding, EtherChannel 33-6
source-IP address based forwarding, EtherChannel 33-7
source-MAC address forwarding, EtherChannel 33-6
SPAN
configuration guidelines 26-10
default configuration 26-9
destination ports 26-6
displaying status 26-22
interaction with other features 26-8
monitored ports 26-5
monitoring ports 26-6
overview 1-9, 26-1
ports, restrictions 22-12
received traffic 26-4
sessions
configuring ingress forwarding 26-14, 26-21
creating 26-10
defined 26-3
limiting source traffic to specific VLANs 26-14
removing destination (monitoring) ports 26-12
specifying monitored ports 26-10
with ingress traffic enabled 26-13
source ports 26-5
transmitted traffic 26-5
VLAN-based 26-6
spanning tree and native VLANs 13-15
Spanning Tree Protocol
See STP
SPAN traffic 26-4
SRR
configuring
shaped weights on egress queues 32-64
shared weights on egress queues 32-65
shared weights on ingress queues 32-58
described 32-12
shaped mode 32-12
shared mode 32-12
support for 1-9
SSH
configuring 9-34
cryptographic software image 9-33
described 1-5, 9-33
encryption methods 9-34
user authentication methods, supported 9-34
SSL
configuration guidelines 9-40
configuring a secure HTTP client 9-43
configuring a secure HTTP server 9-41
cryptographic software image 9-37
described 9-37
monitoring 9-43
standby command switch
configuring
considerations 6-10
defined 6-2
priority 6-9
requirements 6-3
virtual IP address 6-10
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby links 19-2
startup configuration
booting
manually 4-17
specific image 4-18
clearing B-19
configuration file
automatically downloading 4-16
specifying the filename 4-16
default boot configuration 4-16
static access ports
assigning to VLAN 13-10
defined 11-3, 13-3
static addresses
See addresses
static MAC addressing 1-7
static VLAN membership 13-2
statistics
802.1x 10-42
CDP 24-4
interface 11-19
LLDP 23-7
LLDP-MED 23-7
QoS ingress and egress 32-67
RMON group Ethernet 27-5
RMON group history 27-5
SNMP input and output 29-17
VTP 14-16
sticky learning 22-9
storm control
configuring 22-3
described 22-1
disabling 22-5
displaying 22-18
support for 1-3
thresholds 22-1
STP
accelerating root port selection 18-4
BackboneFast
described 18-5
disabling 18-14
enabling 18-13
BPDU filtering
described 18-3
disabling 18-12
enabling 18-12
BPDU guard
described 18-2
disabling 18-12
enabling 18-11
BPDU message exchange 16-3
configuration guidelines 16-12, 18-10
configuring
forward-delay time 16-21
hello time 16-20
maximum aging time 16-21
path cost 16-18
port priority 16-16
root switch 16-14
secondary root switch 16-16
spanning-tree mode 16-13
switch priority 16-19
transmit hold-count 16-22
counters, clearing 16-22
default configuration 16-11
default optional feature configuration 18-9
designated port, defined 16-3
designated switch, defined 16-3
detecting indirect link failures 18-5
disabling 16-14
displaying status 16-22
EtherChannel guard
described 18-7
disabling 18-14
enabling 18-14
extended system ID
effects on root switch 16-14
effects on the secondary root switch 16-16
overview 16-4
unexpected behavior 16-14
features supported 1-6
IEEE 802.1D and bridge ID 16-4
IEEE 802.1D and multicast addresses 16-8
IEEE 802.1t and VLAN identifier 16-4
inferior BPDU 16-3
instances supported 16-9
interface state, blocking to forwarding 18-2
interface states
blocking 16-6
disabled 16-7
forwarding 16-5, 16-6
learning 16-6
listening 16-6
overview 16-4
interoperability and compatibility among modes 16-10
limitations with IEEE 802.1Q trunks 16-10
load sharing
overview 13-20
using path costs 13-22
using port priorities 13-20
loop guard
described 18-9
enabling 18-15
modes supported 16-9
multicast addresses, effect of 16-8
optional features supported 1-6
overview 16-2
path costs 13-22
Port Fast
described 18-2
enabling 18-10
port priorities 13-21
preventing root switch selection 18-8
protocols supported 16-9
redundant connectivity 16-8
root guard
described 18-8
enabling 18-15
root port, defined 16-3
root switch
configuring 16-14
effects of extended system ID 16-4, 16-14
election 16-3
unexpected behavior 16-14
shutdown Port Fast-enabled port 18-2
status, displaying 16-22
superior BPDU 16-3
timers, described 16-20
UplinkFast
described 18-3
enabling 18-13
stratum, NTP 7-2
success response, VMPS 13-24
summer time 7-13
SunNet Manager 1-4
switch clustering technology 6-1
See also clusters, switch
switch console port 1-5
Switch Database Management
See SDM
Switched Port Analyzer
See SPAN
switched ports 11-2
switchport backup interface 19-4, 19-5
switchport block multicast command 22-8
switchport block unicast command 22-8
switchport protected command 22-7
switch priority
MSTP 17-21
STP 16-19
switch software features 1-1
syslog
See system message logging
system capabilities TLV 23-2
system clock
configuring
daylight saving time 7-13
manually 7-11
summer time 7-13
time zones 7-12
displaying the time and date 7-12
overview 7-1
See also NTP
system description TLV 23-2
system message logging
default configuration 28-3
defining error message severity levels 28-8
disabling 28-4
displaying the configuration 28-13
enabling 28-4
facility keywords, described 28-13
level keywords, described 28-9
limiting messages 28-10
message format 28-2
overview 28-1
sequence numbers, enabling and disabling 28-8
setting the display destination device 28-5
synchronizing log messages 28-6
syslog facility 1-10
time stamps, enabling and disabling 28-7
UNIX syslog servers
configuring the daemon 28-12
configuring the logging facility 28-12
facilities supported 28-13
system name
default configuration 7-15
default setting 7-15
manual configuration 7-15
See also DNS
system name TLV 23-2
system prompt, default setting 7-14, 7-15
system resources, optimizing 8-1
T
TACACS+
accounting, defined 9-11
authentication, defined 9-11
authorization, defined 9-11
configuring
accounting 9-17
authentication key 9-13
authorization 9-16
login authentication 9-14
default configuration 9-13
displaying the configuration 9-17
identifying the server 9-13
in clusters 6-13
limiting the services to the user 9-16
operation of 9-12
overview 9-10
support for 1-8
tracking services accessed by user 9-17
tar files
creating B-6
displaying the contents of B-7
extracting B-7
image file format B-24
TDR 1-10
Telnet
accessing management interfaces 2-10
number of connections 1-5
setting a password 9-6
temporary self-signed certificate 9-38
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 9-6
TFTP
configuration files
downloading B-11
preparing the server B-10
uploading B-12
configuration files in base directory 4-7
configuring for autoconfiguration 4-7
image files
deleting B-27
downloading B-25
preparing the server B-25
uploading B-27
limiting access by servers 29-15
TFTP server 1-4
threshold, traffic level 22-2
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 30-14
time ranges in ACLs 30-14
time stamps in log messages 28-7
time zones 7-12
TLVs
defined 23-1
LLDP 23-2
LLDP-MED 23-2
Token Ring VLANs
support for 13-5
VTP support 14-4
ToS 1-8
traceroute, Layer 2
and ARP 34-11
and CDP 34-10
broadcast traffic 34-10
described 34-10
IP addresses and subnets 34-11
MAC addresses and VLANs 34-11
multicast traffic 34-11
multiple devices on a port 34-11
unicast traffic 34-10
usage guidelines 34-10
traceroute command 34-12
See also IP traceroute
traffic
blocking flooded 22-8
fragmented 30-3
unfragmented 30-3
traffic policing 1-9
traffic suppression 22-1
transmit hold-count
see STP
transparent mode, VTP 14-3, 14-12
trap-door mechanism 4-2
traps
configuring MAC address notification 7-21
configuring managers 29-11
defined 29-3
enabling 7-21, 29-11
notification types 29-11
overview 29-1, 29-4
troubleshooting
connectivity problems 34-8, 34-10, 34-11
detecting unidirectional links 25-1
displaying crash information 34-17
setting packet forwarding 34-15
SFP security and identification 34-8
show forward command 34-15
with CiscoWorks 29-4
with debug commands 34-14
with ping 34-9
with system message logging 28-1
with traceroute 34-11
trunk failover
See link-state tracking
trunking encapsulation 1-7
trunk ports
configuring 13-17
defined 11-3, 13-3
trunks
allowed-VLAN list 13-18
load sharing
setting STP path costs 13-22
using STP port priorities 13-20, 13-21
native VLAN for untagged traffic 13-19
parallel 13-22
pruning-eligible list 13-19
to non-DTP device 13-14
trusted boundary for QoS 32-34
trusted port states
between QoS domains 32-36
classification options 32-4
ensuring port security for IP phones 32-34
support for 1-9
within a QoS domain 32-32
trustpoints, CA 9-38
twisted-pair Ethernet, detecting unidirectional links 25-1
type of service
See ToS
U
UDLD
configuration guidelines 25-4
default configuration 25-4
disabling
globally 25-5
on fiber-optic interfaces 25-5
per interface 25-5
echoing detection mechanism 25-3
enabling
globally 25-5
per interface 25-5
link-detection mechanism 25-1
neighbor database 25-2
overview 25-1
resetting an interface 25-6
status, displaying 25-6
support for 1-6
unauthorized ports with IEEE 802.1x 10-7
unicast MAC address filtering 1-5
and adding static addresses 7-25
and broadcast MAC addresses 7-24
and CPU packets 7-24
and multicast addresses 7-24
and router MAC addresses 7-24
configuration guidelines 7-24
described 7-24
unicast storm 22-1
unicast storm control command 22-4
unicast traffic, blocking 22-8
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 28-12
facilities supported 28-13
message logging configuration 28-12
unrecognized Type-Length-Value (TLV) support 14-4
upgrading software images
See downloading
UplinkFast
described 18-3
disabling 18-13
enabling 18-13
support for 1-6
uploading
configuration files
preparing B-10, B-13, B-16
reasons for B-8
using FTP B-14
using RCP B-18
using TFTP B-12
image files
preparing B-25, B-28, B-32
reasons for B-23
using FTP B-31
using RCP B-35
using TFTP B-27
user EXEC mode 2-2
username-based authentication 9-6
V
version-dependent transparent mode 14-4
virtual IP address
cluster standby group 6-10
command switch 6-10
vlan.dat file 13-4
VLAN 1, disabling on a trunk port 13-18
VLAN 1 minimization 13-18
vlan-assignment response, VMPS 13-24
VLAN configuration
at bootup 13-7
saving 13-7
VLAN configuration mode 2-2, 13-6
VLAN database
and startup configuration file 13-7
and VTP 14-1
VLAN configuration saved in 13-6
VLANs saved in 13-4
vlan database command 13-6
VLAN filtering and SPAN 26-6
vlan global configuration command 13-6
VLAN ID, discovering 7-26
VLAN load balancing on flex links 19-2
configuration guidelines 19-8
VLAN management domain 14-2
VLAN Management Policy Server
See VMPS
VLAN membership
confirming 13-27
modes 13-3
VLAN Query Protocol
See VQP
VLANs
adding 13-8
adding to VLAN database 13-8
aging dynamic addresses 16-9
allowed on trunk 13-18
and spanning-tree instances 13-2, 13-6, 13-12
configuration guidelines, extended-range VLANs 13-12
configuration guidelines, normal-range VLANs 13-5
configuration options 13-6
configuring 13-1
configuring IDs 1006 to 4094 13-12
creating in config-vlan mode 13-8
creating in VLAN configuration mode 13-9
default configuration 13-7
deleting 13-9
described 11-2, 13-1
displaying 13-13
extended-range 13-1, 13-11
features 1-7
illustrated 13-2
limiting source traffic with RSPAN 26-21
limiting source traffic with SPAN 26-14
modifying 13-8
multicast 21-16
native, configuring 13-19
normal-range 13-1, 13-4
number supported 1-7
parameters 13-4
port membership modes 13-3
static-access ports 13-10
STP and IEEE 802.1Q trunks 16-10
supported 13-2
Token Ring 13-5
traffic between 13-2
VTP modes 14-3
VLAN Trunking Protocol
See VTP
VLAN trunks 13-14
VMPS
administering 13-28
configuration example 13-29
configuration guidelines 13-25
default configuration 13-25
description 13-23
dynamic port membership
described 13-24
reconfirming 13-27
troubleshooting 13-29
entering server address 13-26
mapping MAC addresses to VLANs 13-24
monitoring 13-28
reconfirmation interval, changing 13-27
reconfirming membership 13-27
retry count, changing 13-28
voice-over-IP 15-1
voice VLAN
Cisco 7960 phone, port connections 15-1
configuration guidelines 15-3
configuring IP phones for data traffic
override CoS of incoming frame 15-6
trust CoS priority of incoming frame 15-6
configuring ports for voice traffic in
802.1p priority tagged frames 15-5
802.1Q frames 15-5
connecting to an IP phone 15-4
default configuration 15-3
described 15-1
displaying 15-6
IP phone data traffic, described 15-2
IP phone voice traffic, described 15-2
VQP 1-7, 13-23
VTP
adding a client to a domain 14-14
advertisements 13-16, 14-3
and extended-range VLANs 14-1
and normal-range VLANs 14-1
client mode, configuring 14-11
configuration
global configuration mode 14-7
guidelines 14-8
privileged EXEC mode 14-7
requirements 14-9
saving 14-7
VLAN configuration mode 14-7
configuration mode options 14-7
configuration requirements 14-9
configuration revision number
guideline 14-14
resetting 14-15
configuring
client mode 14-11
server mode 14-9
transparent mode 14-12
consistency checks 14-4
default configuration 14-6
described 14-1
disabling 14-12
domain names 14-8
domains 14-2
modes
client 14-3, 14-11
server 14-3, 14-9
transitions 14-3
transparent 14-3, 14-12
monitoring 14-16
passwords 14-8
pruning
disabling 14-14
enabling 14-14
examples 14-5
overview 14-4
support for 1-7
pruning-eligible list, changing 13-19
server mode, configuring 14-9
statistics 14-16
support for 1-7
Token Ring support 14-4
transparent mode, configuring 14-12
using 14-1
version, guidelines 14-8
Version 1 14-4
Version 2
configuration guidelines 14-8
disabling 14-13
enabling 14-13
overview 14-4
W
web authentication 10-9
configuring10-38to 10-41
described 1-7, 10-17
fallback for IEEE 802.1x 10-40
weighted tail drop
See WTD
wizards 1-2
WTD
described 32-11
setting thresholds
egress queue-sets 32-61
ingress queues 32-56
support for 1-9
X
Xmodem protocol 34-2