-
Catalyst 3550 Multilayer Switch Software Configuration Guide, Rel. 12.2(25)SEE
-
Index
-
Preface
-
Overview
-
Using the Command-Line Interface
-
Assigning the Switch IP Address and Default Gateway
-
Configuring Cisco IOS CNS Agents
-
Clustering Switches
-
Administering the Switch
-
Configuring Switch-Based Authentication
-
Configuring IEEE 802.1x Port-Based Authentication
-
Configuring Interface Characteristics
-
Configuring Smartports Macros
-
Configuring VLANs
-
Configuring VTP
-
Configuring Voice VLAN
-
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
-
Configuring STP
-
Configuring MSTP
-
Configuring Optional Spanning-Tree Features
-
Configuring DHCP Features and IP Source Guard
-
Configuring Dynamic ARP Inspection
-
Configuring IGMP Snooping and MVR
-
Configuring Port-Based Traffic Control
-
Configuring CDP
-
Configuring UDLD
-
Configuring SPAN and RSPAN
-
Configuring RMON
-
Configuring System Message Logging
-
Configuring SNMP
-
Configuring Network Security with ACLs
-
Configuring QoS
-
Configuring EtherChannels
-
Configuring IP Unicast Routing
-
Configuring HSRP
-
Configuring Web Cache Services By Using WCCP
-
Configuring IP Multicast Routing
-
Configuring MSDP
-
Configuring Fallback Bridging
-
Troubleshooting
-
Supported MIBs
-
Working with the Cisco IOS File System, Configuration Files, and Software Images
-
Unsupported Commands in Cisco IOS Release 12.2(25)SEE
-
Feedback
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
Numerics
144-bit Layer 3 TCAM 6-27, 31-65
A
AAA down policy, NAC Layer 2 IP validation 1-6
abbreviating commands 2-4
ABRs 31-24
AC (command switch) 5-10
access-class command 28-21
access control entries
access-denied response, VMPS 11-27
access groups
IP 28-22
Layer 3 28-22
accessing
clusters, switch 5-13
command switches 5-11
member switches 5-13
switch clusters 5-13
access lists
access ports
and Layer 2 protocol tunneling 14-10
defined 9-3
in switch clusters 5-8
accounting
with RADIUS 7-28
ACEs
and QoS 29-7
defined 28-2
Ethernet 28-2
IP 28-2
ACLs
ACEs 28-2
and logging 28-7
any keyword 28-14
applying
on bridged packets 28-39
on multicast packets 28-40
on routed packets 28-39
on switched packets 28-38
time ranges to 28-18
to Layer 2 and Layer 3 interfaces 28-21
to QoS 29-7
classifying traffic for QoS 29-37
comments in 28-19
compatibility on the same switch 28-3
compiling 28-22
configuration conflict examples 28-44
configuring with VLAN maps 28-37
defined 28-2
examples, not fitting in hardware 28-45
extended IP
configuring for QoS classification 29-38
creating 28-11
matching criteria 28-9
feature manager 28-43
hardware and software handling 28-7
hardware support for 28-7
ACLs (continued)host keyword 28-14
input router ACL configuration guidelines 28-8
IP
applying to interface 28-20
creating 28-8
defined 28-8
fragments and QoS guidelines 29-28
implicit deny 28-11, 28-15, 28-17
implicit masks 28-11
matching criteria 28-9
matching criteria for port ACLs 28-4
matching criteria for router ACLs 28-3
named 28-16
options and QoS guidelines 29-28
undefined 28-22
violations, logging 28-17
virtual terminal lines, setting on 28-20
limiting actions 28-38
logging messages 28-11
log keyword 28-17
merge failure examples 28-46
monitoring 28-41
named 28-16
not fitting in hardware 28-45
number per QoS class map 29-28
numbers 28-9
policy maps and QoS classification 29-28
port
and voice VLAN 28-4
defined 28-2
limitations 28-4
preventing excessive TCAM usage 28-8
resequencing entries 28-16
router 28-2
ACLs (continued)standard IP
configuring for QoS classification 29-37
creating 28-10
matching criteria 28-9
support for 1-5
time ranges 28-18
undefined 28-29
unsupported features 28-8
using router ACLs with VLAN maps 28-37
VLAN maps
configuration guidelines 28-31
configuring 28-30
defined 28-5
active links 18-2
active router 32-1
addresses
displaying the MAC address table 6-26
dynamic
accelerated aging 15-8
changing the aging time 6-21
default aging 15-8
defined 6-19
learning 6-20
preventing frame forwarding 36-5
removing 6-21
filtering frames by MAC address 36-6
MAC, discovering 6-29
multicast
group address range 34-1, 34-3
STP address management 15-8
static
adding and removing 6-24
defined 6-19
Address Resolution Protocol
adjacency tables, with CEF 31-73
administrative distances
defined 31-83
OSPF 31-30
routing protocol defaults 31-75
advertisements
CDP 22-1
RIP 31-19
aggregate addresses, BGP 31-57
aggregated ports
aggregate policers 29-50
aggregate policing 1-7
aging, accelerating 15-8
aging time
accelerated
for MSTP 16-23
bridge table for fallback bridging 36-6
MAC address table 6-21
maximum
for MSTP 16-24
alarms, RMON 25-3
allowed-VLAN list 11-21
area border routers
ARP
configuring 31-9
defined 31-8
encapsulation 31-10
static cache configuration 31-9
support for 1-3
ARP table
address resolution 6-29
managing 6-29
ASBRs 31-24
AS-path filters, BGP 31-52
asymmetrical links, and IEEE 802.1Q tunneling 14-4
attributes, RADIUS
vendor-proprietary 7-31
vendor-specific 7-29
audience iii
authentication
EIGRP 31-39
HSRP 32-8
local mode with AAA 7-36
NTP associations 6-4
RADIUS
defined 7-18
key 7-21
login 7-23
TACACS+
defined 7-11
key 7-13
login 7-14
See also port-based authentication
authentication failed VLAN
authentication keys, and routing protocols 31-84
authoritative time source, described 6-2
authorization
with RADIUS 7-27
authorized ports with IEEE 802.1x 8-7
autoconfiguration 3-3
automatic discovery
considerations
beyond a noncandidate device 5-7
brand new switches 5-8
connectivity 5-4
different VLANs 5-6
management VLANs 5-7
non-CDP-capable devices 5-5
noncluster-capable devices 5-5
routed ports 5-7
in switch clusters 5-4
automatic QoS
automatic recovery, clusters 5-10
autonegotiation
duplex mode 1-2
interface configuration guidelines 9-15
mismatches 37-10
autonomous system boundary routers
autonomous systems, in BGP 31-45
Auto-RP, described 34-5
autosensing, port speed 1-2
auxiliary VLAN
B
BackboneFast
described 17-9
enabling 17-19
support for 1-4
backup interfaces
backup links 18-2
bandwidth for QoS
allocating 29-65
described 29-13
banners
configuring
login 6-19
message-of-the-day login 6-17
default configuration 6-17
when displayed 6-17
BGP
aggregate addresses 31-57
aggregate routes, configuring 31-57
CIDR 31-57
clear commands 31-61
BGP (continued)community filtering 31-54
configuring neighbors 31-55
default configuration 31-43
described 31-42
enabling 31-45
monitoring 31-61
multipath support 31-49
neighbors, types of 31-45
path selection 31-49
peers, configuring 31-55
prefix filtering 31-53
resetting sessions 31-48
route dampening 31-60
route maps 31-51
route reflectors 31-59
routing domain confederation 31-58
routing session with multi-VRF CE 31-67
show commands 31-61
supernets 31-57
support for 1-7
Version 4 31-42
binding cluster group and HSRP group 32-10
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
binding database, DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 18-7
DHCP snooping database 18-7
IP source guard 18-19
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 21-6
booting
boot loader, function of 3-2
boot process 3-1
manually 3-12
specific image 3-13
boot loader
accessing 3-14
described 3-2
environment variables 3-14
prompt 3-14
trap-door mechanism 3-2
bootstrap router (BSR), described 34-5
Border Gateway Protocol
BPDU
error-disabled state 17-2
filtering 17-3
RSTP format 16-12
BPDU filtering
described 17-3
enabling 17-16
support for 1-4
BPDU guard
described 17-2
enabling 17-15
support for 1-4
bridged packets, ACLs on 28-39
bridge groups
bridge protocol data unit
broadcast flooding 31-16
broadcast packets
directed 31-13
flooded 31-13
broadcast storm control
broadcast storm-control command 21-4
broadcast storms 31-13
C
cables, monitoring for unidirectional links 23-1
cache engines, redirecting traffic to 33-1
CAMs, ACLs not loading in 28-45
candidate switch
automatic discovery 5-4
defined 5-3
requirements 5-3
See also command switch, cluster standby group, and member switch
CA trustpoint
configuring 7-45
defined 7-42
caution, described iv
CDP
and trusted boundary 29-33
automatic discovery in switch clusters 5-4
configuring 22-2
default configuration 22-2
described 22-1
disabling for routing device 22-3, 22-4
enabling and disabling
on an interface 22-4
on a switch 22-3
Layer 2 protocol tunneling 14-7
monitoring 22-4
overview 22-1
power negotiation extensions 9-6
support for 1-3
transmission timer and holdtime, setting 22-2
updates 22-2
CEF 31-72
CGMP
as IGMP snooping learning method 20-8
clearing cached group entries 34-52
enabling server support 34-32
joining multicast group 20-3
overview 34-8
CGMP (continued)server support only 34-8
switch support of 1-2
CIDR 31-57
CipherSuites 7-43
Cisco Discovery Protocol
Cisco Express Forwarding
Cisco Group Management Protocol
Cisco Intelligence Engine 2100 Series Configuration Registrar
Cisco intelligent power management 9-6
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
Cisco Network Assistant
classless interdomain routing
classless routing 31-7
class maps for QoS
configuring per physical port 29-40
configuring per-port per-VLAN 29-42
described 29-7
displaying 29-71
class of service
clearing interfaces 9-21
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-9
editing features
CLI (continued)enabling and disabling 2-7
keystroke editing 2-7
wrapped lines 2-8
error messages 2-5
filtering command output 2-9
getting help 2-3
history
changing the buffer size 2-6
described 2-5
disabling 2-6
recalling commands 2-6
no and default forms of commands 2-4
client mode, VTP 12-3
clock
clusters, switch
accessing 5-13
automatic discovery 5-4
automatic recovery 5-10
benefits 1-10
compatibility 5-4
described 5-1
managing
through SNMP 5-15
planning 5-4
planning considerations
automatic discovery 5-4
automatic recovery 5-10
host names 5-13
IP addresses 5-13
passwords 5-13
RADIUS 5-14
TACACS+ 5-14
cluster standby group
and HSRP group 32-10
automatic recovery 5-12
considerations 5-11
defined 5-2
requirements 5-3
virtual IP address 5-11
CNS
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-8
for upgrading 4-12
Coarse Wave Division Multiplexer GBIC modules
command-line interface
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
setting privilege levels 7-8
command switch
accessing 5-11
active (AC) 5-10
configuration conflicts 37-10
defined 5-2
passive (PC) 5-10
password privilege levels 5-14
priority 5-10
recovery
from command-switch failure 5-10
command switch (continued)
from failure 37-6
from lost member connectivity 37-10
redundant 5-10
replacing
with another switch 37-8
with cluster member 37-7
requirements 5-2
standby (SC) 5-10
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 31-54
community strings
for cluster switches 27-4
in clusters 5-14
overview 27-4
SNMP 5-14
config.text 3-11
configurable leave timer, IGMP 20-5
configuration conflicts
ACL, displaying 28-44
recovering from lost member connectivity 37-10
configuration examples, network 1-10
configuration files
clearing the startup configuration B-18
creating using a text editor B-9
default name 3-11
deleting a stored configuration B-18
described B-7
downloading
automatically 3-11
reasons for B-8
using FTP B-13
using RCP B-16
using TFTP B-10
guidelines for creating and using B-8
invalid combinations when copying B-5
configuration files (continued)
limiting TFTP server access 27-15
obtaining with DHCP 3-7
password recovery disable considerations 7-5
specifying the filename 3-12
system contact and location information 27-15
types and location B-9
uploading
reasons for B-8
using FTP B-14
using RCP B-17
using TFTP B-11
VMPS database 11-28
configuration guidelines, multi-VRF CE 31-65
configuration logging 2-5
configuration settings, saving 3-10
configure terminal command 9-9
Configuring a Restricted VLAN 8-32
configuring PoE 9-16
conflicts, configuration 37-10
congestion-avoidance techniques 29-12
congestion-management techniques 29-12, 29-15
connections, secure remote 7-38
connectivity problems 37-11
consistency checks in VTP version 2 12-4
console port, connecting to 2-10
content-routing technology
conventions
command iv
for examples iv
publication iv
text iv
CoS
in Layer 2 frames 29-2
override priority 13-5
trust priority 13-6
CoS-to-DSCP map for QoS 29-54
CoS-to-egress-queue map 29-60
counters, clearing interface 9-21
CPU q, in show forward command output 37-20
crashinfo file 37-21
critical authentication, IEEE 802.1x 8-33
cross-stack UplinkFast, STP
connecting stack ports 17-8
described 17-5
enabling 17-18
fast-convergence events 17-7
Fast Uplink Transition Protocol 17-6
limitations 17-8
normal-convergence events 17-7
Stack Membership Discovery Protocol 17-6
support for 1-4
cryptographic software image
Kerberos 7-32
SSL 7-41
customer edge devices 31-62
CWDM GBIC modules, network example 1-19
CWDM OADM modules 1-19
D
daylight saving time 6-13
debugging
enabling all system diagnostics 37-18
enabling for a specific feature 37-17
redirecting error message output 37-18
using commands 37-17
default commands 2-4
default configuration
auto-QoS 29-18
banners 6-17
BGP 31-43
booting 3-11
CDP 22-2
DHCP 18-9
default configuration (continued)
DHCP option 82 18-9
DHCP snooping 18-9
DHCP snooping binding database 18-9
DNS 6-16
dynamic ARP inspection 19-5
EIGRP 31-35
EtherChannel 30-8
fallback bridging 36-3
Flex Links 18-4
HSRP 32-4
IEEE 802.1Q tunneling 14-4
IEEE 802.1x 8-19
IGMP 34-27
IGMP filtering 20-22
IGMP snooping 20-7
IGMP throttling 20-23
initial switch information 3-3
IP addressing, IP routing 31-4
IP multicast routing 34-9
IP source guard 18-20
Layer 2 interfaces 9-14
Layer 2 protocol tunneling 14-10
MAC address table 6-21
MAC address-table move update 18-4
MSDP 35-4
MSTP 16-15
multi-VRF CE 31-64
MVR 20-18
NTP 6-4
optional spanning-tree features 17-14
OSPF 31-25
password and privilege level 7-2
port security 21-9
RADIUS 7-20
RIP 31-19
RMON 25-3
RSPAN 24-8
SNMP 27-6
default configuration (continued)
SPAN 24-8
SSL 7-44
standard QoS 29-26
storm control 21-3
STP 15-11
system message logging 26-3
system name and prompt 6-15
TACACS+ 7-13
UDLD 23-4
VLAN, Layer 2 Ethernet interfaces 11-19
VLANs 11-7
VMPS 11-29
voice VLAN 13-2
VTP 12-6
WCCP 33-4
default networks 31-75
default routes 31-75
default routing 31-2
deleting VLANs 11-10
denial-of-service attack 21-1
description command 9-18
designing your network, examples 1-10
destination addresses, in ACLs 28-13
detecting indirect link failures, STP 17-10
device B-18
device discovery protocol 22-1
device manager
upgrading a switch B-18
DHCP
Cisco IOS server database
configuring 18-17
default configuration 18-9
described 18-7
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
DHCP-based autoconfiguration (continued)
client side 3-3
DNS 3-6
relay device 3-6
TFTP server 3-6
example 3-8
lease options
for IP address information 3-5
for receiving the configuration file 3-5
overview 3-3
relationship to BOOTP 3-4
relay support 1-8
support for 1-3
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 18-5
configuration guidelines 18-9
default configuration 18-9
displaying 18-18
enabling
relay agent 18-11
relay agent information option 18-11
forwarding address, specifying 18-13
helper address 18-13
overview 18-3
packet format
circuit ID suboption 18-5
remote ID suboption 18-5
policy for reforwarding 18-12
reforwarding policy 18-12
remote ID suboption 18-5
support for 1-3
validating 18-12
DHCP relay agent 18-11
DHCP server 18-11
DHCP snooping
accepting untrusted packets form edge switch 18-3, 18-15
and private VLANs 18-16
binding database
See DHCP snooping binding database
configuration guidelines 18-9
default configuration 18-9
displaying binding tables 18-18
displaying configuration 18-18
message exchange process 18-4
option 82 data insertion 18-3
trusted interface 18-2
untrusted interface 18-2
untrusted messages 18-2
DHCP snooping binding database
adding bindings 18-17
binding file
format 18-7
bindings 18-7
clearing agent statistics 18-18
configuring 18-17
default configuration 18-9
deleting
binding file 18-18
bindings 18-18
database agent 18-18
displaying 18-18
status and statistics 18-18
enabling 18-17
entries 18-2
entry 18-7
renewing database 18-18
resetting
delay value 18-18
timeout value 18-18
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 29-2
Differentiated Services Code Point 29-2
Diffusing Update Algorithm (DUAL) 31-34
directed unicast requests 1-3
directories
changing B-3
creating and removing B-4
displaying the working B-3
discovery, clusters
Distance Vector Multicast Routing Protocol
distance-vector protocols 31-2
distribute-list command 31-83
DNS
and DHCP-based autoconfiguration 3-6
default configuration 6-16
displaying the configuration 6-17
overview 6-15
setting up 6-16
support for 1-3
documentation, related v
document conventions iv
domain names
DNS 6-15
VTP 12-8
Domain Name System
dot1q-tunnel switchport mode 11-17
double-tagged packets
IEEE 802.1Q tunneling 14-2
Layer 2 protocol tunneling 14-10
downloading
configuration files
reasons for B-8
using FTP B-13
using RCP B-16
using TFTP B-10
downloading (continued)image files
deleting old image B-22
reasons for B-18
using CMS 1-2
using FTP B-25
using Network Assistant 1-2
using RCP B-29
using TFTP B-21
using the device manager or Network Assistant B-18
drop threshold for Layer 2 protocol packets 14-10
DSCP-to-CoS map for QoS 29-56
DSCP-to-DSCP-mutation map for QoS 29-58
DSCP-to-threshold map for QoS 29-62
DUAL finite state machine, EIGRP 31-35
duplex mode, configuring 9-15
DVMRP
autosummarization
configuring a summary address 34-48
disabling 34-50
connecting PIM domain to DVMRP router 34-40
enabling unicast routing 34-44
interoperability
with Cisco devices 34-38
with IOS software 34-7
mrinfo requests, responding to 34-43
neighbors
advertising the default route to 34-42
discovery with Probe messages 34-38
displaying information 34-43
prevent peering with nonpruning 34-46
rejecting nonpruning 34-45
overview 34-7
DVMRP (continued)routes
adding a metric offset 34-50
advertising all 34-50
advertising the default route to neighbors 34-42
caching DVMRP routes learned in report messages 34-44
changing the threshold for syslog messages 34-47
deleting 34-52
displaying 34-52
favoring one over another 34-50
limiting the number injected into MBONE 34-47
limiting unicast route advertisements 34-38
routing table 34-8
source distribution tree, building 34-8
support for 1-8
tunnels
configuring 34-40
displaying neighbor information 34-43
dynamic access ports
characteristics 11-3
configuring 11-30
defined 9-3
dynamic addresses
dynamic ARP inspection
ARP cache poisoning 19-1
ARP requests, described 19-1
ARP spoofing attack 19-1
clearing
log buffer 19-15
statistics 19-15
configuration guidelines 19-6
configuring
ACLs for non-DHCP environments 19-8
in DHCP environments 19-7
log buffer 19-12
rate limit for incoming ARP packets 19-4, 19-10
default configuration 19-5
dynamic ARP inspection (continued)
denial-of-service attacks, preventing 19-10
described 19-1
DHCP snooping binding database 19-2
displaying
ARP ACLs 19-14
configuration and operating state 19-14
log buffer 19-15
statistics 19-15
trust state and rate limit 19-14
error-disabled state for exceeding rate limit 19-4
function of 19-2
interface trust states 19-3
log buffer
clearing 19-15
configuring 19-12
displaying 19-15
logging of dropped packets, described 19-4
man-in-the middle attack, described 19-2
network security issues and interface trust states 19-3
priority of ARP ACLs and DHCP snooping entries 19-4
rate limiting of ARP packets
configuring 19-10
described 19-4
error-disabled state 19-4
statistics
clearing 19-15
displaying 19-15
validation checks, performing 19-11
dynamic desirable trunking mode 11-17
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 11-28
reconfirming 11-31
troubleshooting 11-33
types of connections 11-30
VMPS database configuration file 11-28
dynamic routing 31-2
Dynamic Trunking Protocol
E
EBGP 31-41
editing features
enabling and disabling 2-7
keystrokes used 2-7
wrapped lines 2-8
egress q, in show forward command output 37-20
EIGRP
authentication 31-39
components 31-34
configuring 31-37
default configuration 31-35
definition 31-34
interface parameters, configuring 31-38
monitoring 31-40
stub routing 31-39
support for 1-7
enable password 7-4
enable secret password 7-4
encryption, CipherSuite 7-43
encryption for passwords 7-4
Enhanced IGRP
environment variables
function of 3-15
location in Flash 3-14
error messages
during command entry 2-5
setting the display destination device 26-4
severity levels 26-8
system message format 26-2
EtherChannel
automatic creation of 30-3
channel groups
binding physical and logical interfaces 30-3
numbering of 30-3
configuration guidelines 30-8
configuring
Layer 2 interfaces 30-9
Layer 3 physical interfaces 30-13
Layer 3 port-channel logical interfaces 30-12
default configuration 30-8
destination MAC address forwarding 30-6
displaying status 30-19
forwarding methods 30-15
interaction
with STP 30-8
with VLANs 30-9
LACP, support for 1-2
Layer 3 interface 31-3
logical interfaces, described 30-3
number of interfaces per 30-2
overview 30-1
PAgP
aggregate-port learners 30-5
compatibility with Catalyst 1900 30-15
displaying status 30-19
interaction with other features 30-6
learn method and priority configuration 30-15
modes 30-4
overview 30-3
silent mode 30-5
support for 1-2
port-channel interfaces
described 30-3
numbering of 30-3
port groups 9-5
source MAC address forwarding 30-6
support for 1-2
EtherChannel guard
described 17-12
enabling 17-20
Ethernet VLANs
adding 11-8
defaults and ranges 11-8
modifying 11-8
events, RMON 25-3
examples
conventions for iv
network configuration 1-10
expedite queue for QoS
10/100 Ethernet ports
allocating bandwidth 29-69
configuring 29-69
described 29-15
Gigabit-capable Ethernet ports
allocating bandwidth 29-65
configuring 29-65
described 29-12
Express Setup
overview 1-1
See also getting started guide
extended-range VLANs
configuration guidelines 11-12
configuring 11-11
defined 11-1
extended system ID
MSTP 16-17
Extensible Authentication Protocol over LAN 8-1
external BGP
external neighbors, BGP 31-45
F
fallback bridging
and protected ports 36-4
bridge groups
creating 36-4
described 36-2
displaying 36-12
function of 36-2
number supported 36-4
removing 36-4
bridge table
changing the aging time 36-6
clearing 36-12
displaying 36-12
configuration guidelines 36-3
connecting interfaces with 9-9
default configuration 36-3
described 36-1
frame forwarding
filtering by MAC address 36-6
flooding packets 36-2
for static addresses 36-5
forwarding packets 36-2
preventing for dynamically learned stations 36-5
to static addresses 36-5
overview 36-1
protocol, unsupported 36-3
STP
disabling on an interface 36-12
forward-delay interval 36-10
hello BPDU interval 36-10
interface priority 36-8
maximum-idle interval 36-11
path cost 36-9
switch priority 36-8
support for 1-8
SVIs and routed ports 36-1
fallback bridging (continued)unsupported protocols 36-3
VLAN-bridge STP 15-11
fallback VLAN name 11-28
Fast Uplink Transition Protocol 17-6
feature manager, ACL 28-43
FIB 31-73
fiber-optic, detecting unidirectional links 23-1
files
copying B-4
crashinfo
description 37-21
displaying the contents of 37-21
location 37-21
deleting B-5
displaying the contents of B-7
tar
creating B-5
displaying the contents of B-6
extracting B-7
image file format B-19
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-4
setting the default B-3
filtering
in a VLAN 28-30
non-IP traffic 28-27
show and more command output 2-9
with fallback bridging 36-6
filters, IP
flash device, number of B-1
Flex Links
configuration guidelines 18-4
configuring 18-5
default configuration 18-4
Flex Links (continued)
description 18-1
monitoring 18-8
flooded traffic, blocking 21-6
flow-based packet classification 1-7
flowcharts
QoS classification 29-6
QoS policing and marking 29-10
QoS queueing and scheduling
10/100 ports 29-15
Gigabit-capable ports 29-12
forward-delay time
MSTP 16-23
Forwarding Information Base
forwarding non-routable protocols 36-1
FTP
accessing MIB files A-3
configuration files
downloading B-13
overview B-11
preparing the server B-12
uploading B-14
image files
deleting old image B-26
downloading B-25
preparing the server B-24
uploading B-26
G
GBIC modules
GBICs
1000BASE-LX/LH module 1-14
1000BASE-SX module 1-14
1000BASE-T module 1-14
GBICs (continued)1000BASE-ZX module 1-14
CWDM module 1-19
GigaStack module 1-12
security and identification 37-10
get-bulk-request operation 27-3
get-next-request operation 27-3, 27-4
get-request operation 27-3, 27-4
get-response operation 27-3
Gigabit Interface Converters
GigaStack GBIC
fast transition of redundant link 17-5
global configuration mode 2-2
global leave, IGMP 20-12
guide
audience iii
purpose of iii
guide mode 1-10
GUIs
See device manager and Network Assistant 1-9
H
hardware, determining ACL configuration fit 28-45
hello time
MSTP 16-22
STP 15-21
help, for the command line 2-3
history
changing the buffer size 2-6
described 2-5
disabling 2-6
recalling commands 2-6
history table, level and number of syslog messages 26-10
host names
in clusters 5-13
hosts, limit on dynamic ports 11-33
Hot Standby Router Protocol
HP OpenView 1-9
HSRP
authentication string 32-8
automatic cluster recovery 5-12
binding to cluster group 32-10
cluster standby group considerations 5-11
command-switch redundancy 1-3
default configuration 32-4
definition 32-1
monitoring 32-10
overview 32-1
priority 32-6
routing redundancy 1-7
timers 32-8
tracking 32-7
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
HTTPS 7-42
configuring 7-46
self-signed certificate 7-42
HTTP secure server 7-42
I
IBPG 31-41
ICMP
redirect messages 31-11
support for 1-8
time exceeded messages 37-13
traceroute and 37-13
unreachable messages 28-6
unreachables and ACLs 28-7
ICMP ping
executing 37-11
overview 37-11
ICMP Router Discovery Protocol
IDS, using with SPAN and RSPAN 24-2
IE2100
described 1-9
support for 1-3
IEEE 802.1D
IEEE 802.1p 13-1
IEEE 802.1Q
and trunk ports 9-3
configuration limitations 11-18
encapsulation 11-16
native VLAN for untagged traffic 11-23
tunneling
compatibility with other features 14-5
defaults 14-4
described 14-1
tunnel ports and ACLs 28-3
tunnel ports with other features 14-6
IEEE 802.1s
IEEE 802.1w
IEEE 802.1x
IEEE 802.3af
IEEE 802.3x flow control 9-17
ifIndex values, SNMP 27-5
IFS 1-3
IGMP
configurable leave timer, procedures 20-11
configuring the switch
as a member of a group 34-27
statically connected member 34-31
controlling access to groups 34-28
default configuration 34-27
deleting cache entries 34-52
IGMP (continued)displaying groups 34-52
fast switching 34-31
flooded multicast traffic
controlling the length of time 20-12
disabling on an interface 20-13
global leave 20-12
query solicitation 20-12
recovering from flood mode 20-12
host-query interval, modifying 34-29
joining multicast group 20-3
join messages 20-3
leave processing, enabling 20-10
leaving multicast group 20-5
multicast reachability 34-27
overview 34-3
queries 20-3
report suppression
described 20-6
disabling 20-14
support for 1-2
throttling action 20-22
Version 1
changing to Version 2 34-29
described 34-3
Version 2
changing to Version 1 34-29
described 34-3
maximum query response time value 34-31
pruning groups 34-31
query timeout value 34-30
IGMP configurable leave timer, described 20-5
IGMP filtering
configuring 20-23
default configuration 20-22
described 20-22
monitoring 20-28
IGMP groups
configuring the throttling action 20-26
setting the maximum number 20-26
IGMP profile
applying 20-24
configuration mode 20-23
configuring 20-23
IGMP snooping
configuring 20-6
default configuration 20-7
definition 20-2
enabling and disabling 20-7
global configuration 20-7
Immediate Leave 20-5
method 20-8
monitoring 20-14
support for 1-2
VLAN configuration 20-8
IGMP throttling
configuring 20-26
default configuration 20-23
described 20-22
displaying action 20-28
IGP 31-24
Immediate-Leave, IGMP 20-5
inaccessible authentication bypass 8-13
interface
number 9-9
range macros 9-12
interface configuration mode 2-3
interfaces
configuration guidelines 9-15
configuring 9-9
configuring duplex mode 9-15
configuring speed 9-15
counters, clearing 9-21
described 9-18
descriptive name, adding 9-18
interfaces (continued)displaying information about 9-21
flow control 9-17
management 1-9
monitoring 9-20
naming 9-18
physical, identifying 9-9
range of 9-10
restarting 9-22
shutting down 9-22
supported 9-9
types of 9-1
interfaces range macro command 9-12
Interior Gateway Protocol
internal BGP
internal neighbors, BGP 31-45
Internet Control Message Protocol
Internet Group Management Protocol
Inter-Switch Link
Intrusion Detection System
IOS File System
ip access-group command 28-22
IP ACLs
applying to an interface 28-20
extended, creating 28-11
for QoS classification 29-7
implicit deny 28-11, 28-15, 28-17
implicit masks 28-11
logging 28-17
named 28-16
standard, creating 28-10
IP ACLs (continued)
undefined 28-22
virtual terminal lines, setting on 28-20
IP addresses
classes of 31-5
cluster access 5-2
command switch 5-3, 5-11, 5-13
default configuration 31-4
discovering 6-29
for IP routing 31-4
MAC address association 31-8
monitoring 31-17
redundant clusters 5-11
standby command switch 5-11, 5-13
IP broadcast address 31-15
ip cef command 31-73
IP directed broadcasts 31-13
ip igmp profile command 20-23
IP information
assigned
manually 3-10
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing
addresses
all-multicast-routers 34-1, 34-3
host group address range 34-1, 34-3
administratively-scoped boundaries, described 34-36
Auto-RP
adding to an existing sparse-mode cloud 34-14
benefits of 34-14
clearing the cache 34-52
configuration guidelines 34-10
filtering incoming RP announcement messages 34-16
overview 34-5
IP multicast routing (continued)
preventing candidate RP spoofing 34-16
preventing join messages to false RPs 34-16
setting up in a new internetwork 34-14
using with BSR 34-22
bootstrap router
configuration guidelines 34-10
configuring candidate BSRs 34-20
configuring candidate RPs 34-21
defining the IP multicast boundary 34-19
defining the PIM domain border 34-18
overview 34-5
using with Auto-RP 34-22
Cisco implementation 34-2
configuring
basic multicast routing 34-10
IP multicast boundary 34-36
TTL threshold 34-34
default configuration 34-9
enabling
multicast forwarding 34-11
PIM mode 34-11
group-to-RP mappings
Auto-RP 34-5
BSR 34-5
MBONE
deleting sdr cache entries 34-52
described 34-33
displaying sdr cache 34-53
enabling sdr listener support 34-34
limiting DVMRP routes advertised 34-47
limiting sdr cache entry lifetime 34-34
SAP packets for conference session announcement 34-33
Session Directory (sdr) tool, described 34-33
IP multicast routing (continued)
monitoring
packet rate loss 34-53
peering devices 34-53
tracing a path 34-53
multicast forwarding, described 34-6
PIMv1 and PIMv2 interoperability 34-9
protocol interaction 34-2
reverse path check (RPF) 34-6
routing table
deleting 34-52
displaying 34-52
RP
assigning manually 34-12
configuring Auto-RP 34-14
configuring PIMv2 BSR 34-18
monitoring mapping information 34-23
using Auto-RP and BSR 34-22
statistics, displaying system and network 34-52
TTL thresholds, described 34-34
IP phones
and IEEE 802.1x authentication 8-15
and QoS 13-1
automatic classification and queueing 29-17
configuring 13-3
trusted boundary for QoS 29-33
IP precedence 29-2
IP-precedence-to-DSCP map for QoS 29-55
IP protocols
in ACLs 28-13
routing 1-7
IP routes, monitoring 31-85
IP routing
connecting interfaces with 9-9
enabling 31-18
IP source guard
and 802.1x 18-20
and DHCP snooping 18-19
and EtherChannels 18-20
and port security 18-20
and private VLANs 18-20
and routed ports 18-20
and TCAM entries 18-20
and trunk interfaces 18-20
and VRF 18-20
binding configuration
automatic 18-19
manual 18-19
binding table 18-19
configuration guidelines 18-20
default configuration 18-20
described 18-19
disabling 18-21
displaying
bindings 18-22
configuration 18-22
enabling 18-21
filtering
source IP address 18-19
source IP and MAC address 18-19
source IP address filtering 18-19
source IP and MAC address filtering 18-19
static bindings
adding 18-21
deleting 18-21
IP traceroute
executing 37-13
overview 37-13
IP unicast routing
address resolution 31-8
administrative distances 31-75, 31-83
ARP 31-8
assigning IP addresses to Layer 3 interfaces 31-6
authentication keys 31-84
IP unicast routing (continued)
broadcast
address 31-15
flooding 31-16
packets 31-13
storms 31-13
classless routing 31-7
configuring static routes 31-74
default
addressing configuration 31-4
gateways 31-11
networks 31-75
routes 31-75
routing 31-2
directed broadcasts 31-13
dynamic routing 31-2
enabling 31-18
EtherChannel Layer 3 interface 31-3
IGP 31-24
inter-VLAN 31-2
IP addressing
classes 31-5
configuring 31-4
IRDP 31-12
Layer 3 interfaces 31-3
MAC address and IP address 31-8
passive interfaces 31-82
protocols
distance-vector 31-2
dynamic 31-2
link-state 31-2
proxy ARP 31-8
redistribution 31-76
reverse address resolution 31-8
routed ports 31-3
static routing 31-2
steps to configure 31-3
subnet mask 31-5
subnet zero 31-6
IP unicast routing (continued)
supernet 31-7
UDP 31-15
with SVIs 31-3
ip unreachables command 28-6
IRDP
configuring 31-12
definition 31-12
support for 1-8
ISL
and trunk ports 9-3
trunking with IEEE 802.1 tunneling 14-4
J
join messages, IGMP 20-3
K
KDC
described 7-32
Kerberos
authenticating to
boundary switch 7-34
KDC 7-34
network services 7-35
configuration examples 7-32
configuring 7-35
credentials 7-32
cryptographic software image 7-32
described 7-32
KDC 7-32
Kerberos (continued)operation 7-34
realm 7-33
server 7-33
switch as trusted third party 7-32
terms 7-33
TGT 7-34
tickets 7-32
key distribution center
L
l2protocol-tunnel command 14-12
LACP
Layer 2 protocol tunneling 14-9
Layer 2 frames, classification with CoS 29-2
Layer 2 interfaces, default configuration 9-14
Layer 2 protocol tunneling
configuring 14-9
configuring for EtherChannels 14-13
default configuration 14-10
defined 14-8
guidelines 14-11
Layer 2 traceroute
and ARP 37-15
and CDP 37-15
described 37-14
IP addresses and subnets 37-15
MAC addresses and VLANs 37-15
multicast traffic 37-15
multiple devices on a port 37-15
unicast traffic 37-14
usage guidelines 37-15
Layer 3 features 1-7
Layer 3 interfaces
assigning IP addresses to 31-6
changing from Layer 2 mode 31-6
types of 31-3
Layer 3 packets, classification methods 29-2
LDAP 4-2
leave processing, IGMP 20-10
lightweight directory access protocol
line configuration mode 2-3
Link Aggregation Control Protocol
Link Failure
detecting unidirectional 16-8
link redundancy
links, unidirectional 23-1
link state advertisements (LSAs) 31-28
link-state protocols 31-2
logging messages, ACL 28-11
login authentication
with RADIUS 7-23
with TACACS+ 7-14
login banners 6-17
log messages
long-distance, high-bandwidth transport configuration example 1-19
Long-Reach Ethernet (LRE) technology 1-12
loop guard
described 17-13
enabling 17-21
support for 1-4
M
mac access-group command 28-29
MAC ACLs and Layer 2 interfaces 28-29
MAC addresses
aging time 6-21
and VLAN association 6-20
building the address table 6-20
default configuration 6-21
discovering 6-29
displaying 6-26
displaying in DHCP snooping binding table 18-18
displaying in the IP source binding table 18-22
dynamic
learning 6-20
removing 6-21
in ACLs 28-27
IP address association 31-8
static
adding 6-24
allowing 6-26
characteristics of 6-24
dropping 6-25
removing 6-24
sticky secure, adding 21-8
MAC address multicast entries, monitoring 20-15
MAC address-table move update
configuration guidelines 18-4
configuring 18-6
default configuration 18-4
description 18-3
monitoring 18-8
MAC address-to-VLAN mapping 11-27
MAC extended access lists 28-27, 29-5, 29-39
macros
magic packet 8-16
manageability features 1-3
management options
benefits
clustering 1-10
Network Assistant 1-10
CLI 2-1
management options (continued)
CNS 4-1
overview 1-9
management VLAN
considerations in switch clusters 5-7
discovery through different management VLANs 5-7
MANs
CWDM configuration example 1-19
long-distance, high-bandwidth transport configuration example 1-19
mapping tables for QoS
configuring
CoS-to-DSCP 29-54
CoS-to-egress-queue 29-60
DSCP 29-53
DSCP-to-CoS 29-56
DSCP-to-DSCP-mutation 29-58
DSCP-to-threshold 29-62
IP-precedence-to-DSCP 29-55
policed-DSCP 29-56
described 29-10
marking
action in policy map 29-44
action with aggregate policers 29-50
matching, ACLs 28-8
maximum aging time
MSTP 16-24
maximum hop count, MSTP 16-24
maximum-paths command 31-49, 31-74
membership mode, VLAN port 11-3
member switch
automatic discovery 5-4
defined 5-2
passwords 5-13
recovering from lost connectivity 37-10
member switch (continued)
requirements 5-3
See also candidate switch, cluster standby group, and standby command switch
memory, optimizing 6-26
messages
logging ACL violations 28-17
to users through banners 6-17
metrics, in BGP 31-49
metric translations, between routing protocols 31-79
metropolitan-area networks
metro tags 14-2
MIBs
accessing files with FTP A-3
location of files A-3
overview 27-1
SNMP interaction with 27-4
supported A-1
minimum-reserve levels
assigning to a queue 29-15, 29-68
configuring the buffer size 29-16, 29-68
default size 29-15
mini-point-of-presence
mirroring traffic for analysis 24-1
mismatches, autonegotiation 37-10
modules, GBIC
1000BASE-LX/LH 1-14
1000BASE-SX 1-14
1000BASE-T 1-14
1000BASE-ZX 1-14
CWDM 1-19
GigaStack 1-12
monitoring
access groups 28-41
ACL
configuration 28-41
configuration conflicts 28-44
fit in hardware 28-45
information 28-41
BGP 31-61
cables for unidirectional links 23-1
CDP 22-4
CEF 31-73
EIGRP 31-40
fallback bridging 36-12
features 1-8
Flex Links 18-8
HSRP 32-10
IEEE 802.1Q tunneling 14-17
IGMP
filters 20-28
snooping 20-14
interfaces 9-20
IP
address tables 31-17
multicast routing 34-51
routes 31-85
Layer 2 protocol tunneling 14-17
MAC address-table move update 18-8
MSDP peers 35-19
multicast router ports 20-15
multi-VRF CE 31-72
MVR 20-21
network traffic for analysis with probe 24-1
OSPF 31-33
port blocking 21-17
port protection 21-17
RP mapping information 34-23
source-active messages 35-19
speed and duplex mode 9-16
traffic flowing among switches 25-1
monitoring (continued)traffic suppression 21-17
tunneling 14-17
VLAN
filters 28-42
maps 28-42
VLANs 11-15
VMPS 11-32
VTP 12-15
MSDP
and dense-mode regions
sending SA messages to 35-17
specifying the originating address 35-18
benefits of 35-3
clearing MSDP connections and statistics 35-19
controlling source information
forwarded by switch 35-12
originated by switch 35-8
received by switch 35-14
default configuration 35-4
filtering
incoming SA messages 35-14
SA messages to a peer 35-12
SA requests from a peer 35-11
join latency, defined 35-6
meshed groups
configuring 35-16
defined 35-16
originating address, changing 35-18
overview 35-1
peer-RPF flooding 35-2
peers
configuring a default 35-4
monitoring 35-19
peering relationship, overview 35-1
requesting source information from 35-8
shutting down 35-16
MSDP (continued)source-active messages
caching 35-6
clearing cache entries 35-19
defined 35-2
filtering from a peer 35-11
filtering incoming 35-14
filtering to a peer 35-12
limiting data with TTL 35-14
monitoring 35-19
restricting advertised sources 35-9
MSTP
boundary ports
configuration guidelines 16-16
BPDU filtering
described 17-3
enabling 17-16
BPDU guard
described 17-2
enabling 17-15
CIST, described 16-3
configuration guidelines 16-15, 17-14
configuring
forward-delay time 16-23
hello time 16-22
link type for rapid convergence 16-25
maximum aging time 16-24
maximum hop count 16-24
MST region 16-16
neighbor type 16-25
path cost 16-21
port priority 16-20
root switch 16-17
secondary root switch 16-19
switch priority 16-22
CST
defined 16-3
operations between regions 16-4
default configuration 16-15
MSTP (continued)default optional feature configuration 17-14
described 16-2
displaying status 16-26
enabling the mode 16-16
EtherChannel guard
described 17-12
enabling 17-20
extended system ID
effects on root switch 16-17
effects on secondary root switch 16-19
unexpected behavior 16-18
IEEE 802.1s
implementation 16-6
instances supported 15-9
interface state, blocking to forwarding 17-2
interoperability and compatibility among modes 15-10
interoperability with IEEE 802.1D
described 16-8
restarting migration process 16-26
IST
defined 16-3
master 16-3
operations within a region 16-3
loop guard
described 17-13
enabling 17-21
mapping VLANs to MST instance 16-16
MST region
described 16-2
hop-count mechanism 16-5
supported spanning-tree instances 16-2
optional features supported 1-4
Port Fast
described 17-2
enabling 17-14
preventing root switch selection 17-12
MSTP (continued)root guard
described 17-12
enabling 17-20
root switch
configuring 16-18
effects of extended system ID 16-17
unexpected behavior 16-18
shutdown Port Fast-enabled port 17-2
multicast groups
and IGMP snooping 20-6
Immediate Leave 20-5
joining 20-3
leaving 20-5
static joins 20-10
multicast packets
ACLs on 28-40
multicast packets, blocking 21-6
multicast router ports
adding 20-9
monitoring 20-15
Multicast Source Discovery Protocol
multicast storm control
multicast storm-control command 21-4
Multicast VLAN Registration
Multiple Spanning Tree Protocol
multiple VPN routing/forwarding in customer edge devices
multi-VRF CE
configuration example 31-68
configuration guidelines 31-65
configuring 31-64
default configuration 31-64
defined 31-62
multi-VRF CE (continued)
displaying 31-72
monitoring 31-72
network components 31-64
packet-forwarding process 31-64
support for 1-7
MVR
configuring interfaces 20-20
default configuration 20-18
described 20-15
modes 20-19
monitoring 20-21
setting global parameters 20-19
support for 1-2
N
NAC
AAA down policy 1-6
critical authentication 8-13, 8-33
IEEE 802.1x authentication using a RADIUS server 8-37
IEEE 802.1x validation using RADIUS server 8-37
inaccessible authentication bypass 1-6, 8-33
Layer 2 IEEE 802.1x validation 1-6, 8-37
Layer 2 IP validation 1-6
named IP ACLs 28-16
NameSpace Mapper
native VLAN
and IEEE 802.1Q tunneling 14-4
configuring 11-23
default 11-23
neighbor discovery/recovery, EIGRP 31-34
neighbors, BGP 31-55
Network Admission Control
Network Assistant
downloading image files 1-2
upgrading a switch B-18
network configuration examples
increasing network performance 1-11
large network 1-16
long-distance, high-bandwidth transport 1-19
providing network services 1-11
small to medium-sized network 1-14
network design
performance 1-11
services 1-11
network management
CDP 22-1
RMON 25-1
SNMP 27-1
Network Time Protocol
no commands 2-4
non-IP traffic filtering 28-27
nontrunking mode 11-17
normal-range VLANs
configuration modes 11-6
defined 11-1
no switchport command 9-5
note, described iv
not-so-stubby areas
NSM 4-3
NSSA, OSPF 31-28
NTP
associations
authenticating 6-4
defined 6-2
enabling broadcast messages 6-6
peer 6-5
server 6-5
default configuration 6-4
NTP (continued)displaying the configuration 6-11
overview 6-2
restricting access
creating an access group 6-8
disabling NTP services per interface 6-10
source IP address, configuring 6-10
stratum 6-2
support for 1-3
synchronizing devices 6-5
time
services 6-2
synchronizing 6-2
O
OADM modules
Open Shortest Path First
optical add/drop multiplexer modules
optimizing system resources 6-26
options, management 1-9
OSPF
area parameters, configuring 31-28
configuring 31-26
default configuration
metrics 31-30
route 31-30
settings 31-25
described 31-24
interface parameters, configuring 31-27
LSA group pacing 31-32
monitoring 31-33
router IDs 31-32
route summarization 31-30
support for 1-7
virtual links 31-30
out-of-profile markdown 1-7
output interface, getting information about 37-20
P
packet modification, with QoS 29-17
PAgP
Layer 2 protocol tunneling 14-9
parallel paths, in routing tables 31-74
passive interfaces
configuring 31-82
OSPF 31-30
pass-through mode 29-34
passwords
default configuration 7-2
disabling recovery of 7-5
encrypting 7-4
for security 1-5
in clusters 5-13
overview 7-1
setting
enable 7-3
enable secret 7-4
Telnet 7-6
with usernames 7-7
VTP domain 12-8
path cost
MSTP 16-21
STP 15-18
PBR
defined 31-79
enabling 31-81
fast-switched policy-based routing 31-81
local policy-based routing 31-81
support for 1-8
PC (passive command switch) 5-10
peers, BGP 31-55
performance, network design 1-11
performance features 1-2
persistent self-signed certificate 7-42
per-VLAN spanning-tree plus
PE to CE routing, configuring 31-67
physical ports 9-2
PIM
default configuration 34-9
dense mode
overview 34-4
rendezvous point (RP), described 34-5
RPF lookups 34-7
displaying neighbors 34-53
enabling a mode 34-11
overview 34-4
router-query message interval, modifying 34-26
shared tree and source tree, overview 34-23
shortest path tree, delaying the use of 34-25
sparse mode
join messages and shared tree 34-5
overview 34-5
prune messages 34-5
RPF lookups 34-7
support for 1-8
versions
interoperability 34-9
troubleshooting interoperability problems 34-23
v2 improvements 34-4
PIM-DVMRP, as snooping method 20-8
ping
character output description 37-12
executing 37-11
overview 37-11
PoE
auto mode 9-7
CDP with power consumption, described 9-6
CDP with power negotiation, described 9-6
Cisco intelligent power management 9-6
configuring 9-16
PoE (continued)devices supported 9-5
high-power devices operating in low-power mode 9-6
powered-device detection and initial power allocation 9-6
power management modes 9-7
power negotiation extensions to CDP 9-6
standards supported 9-6
troubleshooting 37-16
policed-DSCP map for QoS 29-56
policers
configuring
for each matched traffic class 29-44
for more than one traffic class 29-50
described 29-4
displaying 29-71
types of 29-8
policing
described 29-4
token bucket algorithm 29-8
policy-based routing
policy maps for QoS
characteristics of 29-44
configuring 29-44
described 29-7
displaying 29-71
POP 1-17
port ACLs
and voice VLAN 28-4
defined 28-2
limitations 28-4
Port Aggregation Protocol
port-based authentication
accounting 8-8
accounting services 1-5
authentication server
port-based authentication (continued)
defined 8-2
RADIUS server 8-2
client, defined 8-2
configuration guidelines 8-20
configuring
guest VLAN 8-31
host mode 8-26
IEEE 802.1x accounting 8-30
IEEE 802.1x authentication 8-22
inaccessible authentication bypass 8-33
manual re-authentication of a client 8-27
periodic re-authentication 8-26
quiet period 8-27
RADIUS server 8-25
RADIUS server parameters on the switch 8-24
restricted VLAN 8-32
switch-to-client frame-retransmission number 8-29
switch-to-client retransmission time 8-28
default configuration 8-19
described 8-1
device roles 8-2
displaying statistics 8-38
EAPOL-start frame 8-5
EAP-request/identity frame 8-5
EAP-response/identity frame 8-5
enabling
IEEE 802.1x with guest VLAN 8-11
IEEE 802.1x with per-user ACLs 8-10
IEEE 802.1x with port security 8-15
IEEE 802.1x with restricted VLAN 8-12
IEEE 802.1x with VLAN assignment 8-9
IEEE 802.1x with voice VLAN 8-14
encapsulation 8-3
guest VLAN
configuration guidelines 8-12, 8-13
host mode 8-7
port-based authentication (continued)
inaccessible authentication bypass
configuring 8-33
described 8-13
guidelines 8-21
initiation and message exchange 8-5
magic packet 8-16
method lists 8-22
multiple-hosts mode, described 8-8
per-user ACLs, AAA authorization 8-22
ports
authorization state and dot1x port-control command 8-7
authorized and unauthorized 8-7
critical 8-13
port security, multiple-hosts mode 8-8
resetting to default values 8-38
software upgrade changes 8-22
support for 1-5
switch
as proxy 8-3
RADIUS client 8-3
upgrading from a previous release 29-22
VLAN assignment, AAA authorization 8-22
wake-on-LAN, described 8-16
port-channel
Port Fast
described 17-2
enabling 17-14
mode, spanning tree 11-29
support for 1-4
port membership modes, VLAN 11-3
port priority
MSTP 16-20
STP 15-17
ports
access 9-3
blocking 21-6
dynamic access 11-3
forwarding, resuming 21-7
IEEE 802.1Q tunnel 11-3
protected 21-5
routed 9-4
secure 21-7
switch 9-2
VLAN assignments 11-10
port security
aging 21-15
and QoS trusted boundary 29-33
configuration guidelines 21-10
configuring 21-11
default configuration 21-9
described 21-7
displaying 21-17
on trunk ports 21-12
sticky learning 21-8
violations 21-8
with other features 21-10
port-shutdown response, VMPS 11-27
Power over Ethernet
preemption
default configuration 18-4
preemption delay
default configuration 18-4
preferential treatment of traffic
prefix lists, BGP 31-53
preventing unauthorized access 7-1
primary links 18-2
priority
HSRP 32-6
overriding CoS 13-5
trusting CoS 13-6
private VLAN edge ports
privileged EXEC mode 2-2
privilege levels
changing the default for lines 7-9
command switch 5-14
exiting 7-10
logging into 7-10
mapping on member switches 5-14
setting a command with 7-8
protocol-dependent modules, EIGRP 31-35
Protocol-Independent Multicast Protocol
provider edge devices 31-62
proxy ARP
configuring 31-10
definition 31-8
with IP routing disabled 31-11
pruning, VTP
enabling 12-13
enabling on a port 11-22
examples 12-5
overview 12-4
pruning-eligible list
changing 11-22
for VTP pruning 12-5
VLANs 12-14
publications, related v
PVST+
described 15-9
IEEE 802.1Q trunking interoperability 15-10
instances supported 15-9
Q
QoS
and MQC commands 29-1
auto-QoS
categorizing traffic 29-18
configuration and defaults display 29-23
configuration guidelines 29-21
described 29-17
displaying 29-23
effects on NVRAM configuration 29-21
egress queue defaults 29-18
enabling for VoIP 29-22
generated commands 29-19
basic model 29-4
classification
class maps, described 29-7
defined 29-4
flowchart 29-6
forwarding treatment 29-3
in frames and packets 29-3
MAC ACLs, described 29-5, 29-7
pass-through mode, described 29-34
per physical port 29-40
per-port per-VLAN 29-42
policy maps, described 29-7
port default, described 29-5
trust DSCP, described 29-5
trusted CoS, described 29-5
trust IP precedence, described 29-5
types for IP traffic 29-5
types for non-IP traffic 29-5
class maps
configuring per physical port 29-40
configuring per-port per-VLAN 29-42
displaying 29-71
QoS (continued)configuration examples
distribution layer 29-74
existing wiring closet 29-72
intelligent wiring closet 29-73
configuration guidelines
auto-QoS 29-21
standard QoS 29-27
configuring
aggregate policers 29-50
auto-QoS 29-17
default port CoS value 29-32
DSCP maps 29-53
DSCP trust states bordering another domain 29-35
egress queues on 10/100 Ethernet ports 29-66
egress queues on Gigabit-capable Ethernet ports 29-59
IP extended ACLs 29-38
IP standard ACLs 29-37
MAC ACLs 29-39
pass-through mode 29-34
policy maps 29-44
port trust states within the domain 29-30
trusted boundary 29-33
default auto configuration 29-18
default standard configuration 29-26
displaying statistics 29-71
enabling globally 29-29
flowcharts
classification 29-6
policing and marking 29-10
queueing and scheduling 29-12, 29-15
implicit deny 29-7
IP phones
automatic classification and queueing 29-17
detection and trusted settings 29-17, 29-33
QoS (continued)mapping tables
CoS-to-DSCP 29-54
CoS-to-egress-queue 29-60
displaying 29-71
DSCP-to-CoS 29-56
DSCP-to-DSCP-mutation 29-58
DSCP-to-threshold 29-62
IP-precedence-to-DSCP 29-55
policed-DSCP 29-56
types of 29-10
marked-down actions 29-47
overview 29-2
packet modification 29-17
pass-through mode 29-34
policers
described 29-8
displaying 29-71
number of 29-9
types of 29-8
policies, attaching to an interface 29-9
policing
token bucket algorithm 29-8
policy maps
characteristics of 29-44
configuring 29-44
displaying 29-71
queueing, defined 29-4
queues
CoS-to-egress-queue map 29-60
for 10/100 Ethernet ports 29-15
high priority (expedite) 29-13, 29-65
minimum-reserve levels 29-68
size ratios 29-61
QoS (continued)queues (continued)
tail-drop threshold percentages 29-13, 29-61
WRED drop-percentage thresholds 29-13, 29-63
WRR scheduling 29-65
scheduling
allocating bandwidth on 10/100 Ethernet ports 29-69
allocating bandwidth on Gigabit-capable ports 29-65
defined 29-4
support for 1-6
tail drop
configuring drop threshold percentages 29-61
described 29-13
trust states
bordering another domain 29-35
described 29-5
trusted device 29-33
within the domain 29-30
WRED
configuring drop-percentage thresholds 29-63
described 29-14
WRR scheduling 29-65
quality of service
queries, IGMP 20-3
query solicitation, IGMP 20-12
R
RADIUS
attributes
vendor-proprietary 7-31
vendor-specific 7-29
RADIUS (continued)configuring
accounting 7-28
authentication 7-23
authorization 7-27
communication, global 7-21, 7-29
communication, per-server 7-20, 7-21
multiple UDP ports 7-21
default configuration 7-20
defining AAA server groups 7-25
described 7-18
displaying the configuration 7-31
identifying the server 7-20
in clusters 5-14
limiting the services to the user 7-27
method list, defined 7-20
operation of 7-19
suggested network environments 7-18
tracking services accessed by user 7-28
Random Early Detection, described 29-14
range
macro 9-12
of interfaces 9-10
rapid convergence 16-10
rapid per-VLAN spanning-tree plus
rapid PVST+
described 15-9
IEEE 802.1Q trunking interoperability 15-10
instances supported 15-9
rapid-PVST+ 11-2
Rapid Spanning Tree Protocol
RARP 31-8
RCP
configuration files
downloading B-16
overview B-14
preparing the server B-15
uploading B-17
image files
deleting old image B-31
downloading B-29
preparing the server B-28
uploading B-31
reconfirmation interval, VMPS, changing 11-31
recovery procedures 37-1
redundancy
EtherChannel 30-2
features 1-3
HSRP 32-1
STP
backbone 15-7
multidrop backbone 17-5
path cost 11-25
port priority 11-24
redundant links and UplinkFast 17-17
reliable transport protocol, EIGRP 31-34
reloading software 3-16
Remote Authentication Dial-In User Service
Remote Copy Protocol
Remote Network Monitoring
report suppression, IGMP
described 20-6
disabling 20-14
resequencing ACL entries 28-16
resets, in BGP 31-48
resetting a UDLD-shutdown interface 23-6
restricted VLAN
configuring 8-32
using with port-based authentication 8-12
restricting access
NTP services 6-8
overview 7-1
passwords and privilege levels 7-2
RADIUS 7-17
TACACS+ 7-10
retry count, VMPS, changing 11-32
reverse address resolution 31-8
Reverse Address Resolution Protocol
RFC
1058, RIP 31-19
1112, IP multicast and IGMP 20-2
1157, SNMPv1 27-2
1163, BGP 31-41
1166, IP addresses 31-5
1253, OSPF 31-24
1267, BGP 31-41
1305, NTP 6-2
1587, NSSAs 31-24
1757, RMON 25-2
1771, BGP 31-41
1901, SNMPv2C 27-2
1902 to 1907, SNMPv2 27-2
2236, IP multicast and IGMP 20-2
2273-2275, SNMPv3 27-2
RIP
advertisements 31-19
authentication 31-22
configuring 31-20
default configuration 31-19
described 31-19
hop counts 31-19
split horizon 31-22
summary addresses 31-22
support for 1-7
RMON
default configuration 25-3
displaying status 25-6
enabling alarms and events 25-3
groups supported 25-2
overview 25-1
statistics
collecting group Ethernet 25-5
collecting group history 25-5
support for 1-8
root guard
described 17-12
enabling 17-20
support for 1-4
root switch
MSTP 16-17
STP 15-14
route calculation timers, OSPF 31-30
route dampening, BGP 31-60
routed packets, ACLs on 28-39
routed ports
configuring 31-3
defined 9-4
in switch clusters 5-7
route-map command for policy-based routing 31-81
route maps
BGP 31-51
policy-based routing, defined 31-79
router ACLs 28-2
route reflectors, BGP 31-59
router ID, OSPF 31-32
route selection, BGP 31-49
route summarization, OSPF 31-30
route targets, VPN 31-64
routing
default 31-2
dynamic 31-2
redistribution of information 31-76
static 31-2
routing domain confederation, BGP 31-58
Routing Information Protocol
routing protocol administrative distances 31-75
RSPAN
configuration guidelines 24-16
default configuration 24-8
destination ports 24-5
displaying status 24-24
IDS 24-2
interaction with other features 24-7
monitored ports 24-4
monitoring ports 24-5
received traffic 24-3
reflector port 24-5
session limits 24-8
sessions
creating 24-17
defined 24-3
limiting source traffic to specific VLANs 24-23
monitoring VLANs 24-22
removing source (monitored) ports 24-21
specifying monitored ports 24-17
source ports 24-4
transmitted traffic 24-4
VLAN-based 24-6
RSTP
active topology, determining 16-9
BPDU
format 16-12
processing 16-13
designated port, defined 16-9
designated switch, defined 16-9
RSTP (continued)interoperability with IEEE 802.1D
described 16-8
restarting migration process 16-26
topology changes 16-13
overview 16-8
port roles
described 16-9
synchronized 16-11
proposal-agreement handshake process 16-10
rapid convergence
described 16-10
edge ports and Port Fast 16-10
point-to-point links 16-10, 16-25
root ports 16-10
root port, defined 16-9
running configuration, saving 3-10
S
SC (standby command switch) 5-10
scheduled reloads 3-16
SDM
configuring 6-29
described 6-26
templates
number of 6-26
resources used for Fast Ethernet switches 6-28
resources used for Gigabit Ethernet switches 6-27
sdm prefer extended-match command 31-65
secure HTTP client
configuring 7-47
displaying 7-48
secure HTTP server
configuring 7-46
displaying 7-48
secure ports, configuring 21-7
secure remote connections 7-38
Secure Shell
Secure Socket Layer
security, port 21-7
security features 1-5
sequence numbers in log messages 26-8
server mode, VTP 12-3
service-provider networks
and customer VLANs 14-2
and IEEE 802.1Q tunneling 14-1
Layer 2 protocols across 14-8
Layer 2 protocol tunneling for EtherChannels 14-9
MSTP and RSTP 16-1
set-request operation 27-4
setup program, failed command switch replacement 37-7, 37-8
severity levels, defining in system messages 26-8
show access-lists hw-summary command 28-7
show cdp traffic command 22-5
show configuration command 9-18
show fm command 28-43
show forward command 37-19
show interfaces command 9-16, 9-18
show l2protocol command 14-12, 14-14, 14-15
show mac access-group command 28-29
show running-config command
displaying ACLs 28-21, 28-32, 28-34
interface description in 9-18
show tcam command 28-43
shutdown command on interfaces 9-22
shutdown threshold for Layer 2 protocol packets 14-10
Simple Network Management Protocol
Smartports macros
applying Cisco-default macros 10-6
applying global parameter values 10-5, 10-6
applying macros 10-5
applying parameter values 10-5, 10-7
Smartports macros (continued)
configuration guidelines 10-3
creating 10-4
default configuration 10-2
defined 10-1
displaying 10-8
tracing 10-3
website 10-2
SNAP 22-1
SNMP
accessing MIB variables with 27-4
agent
described 27-4
disabling 27-7
community strings
configuring 27-8
for cluster switches 27-4
overview 27-4
configuration examples 27-16
default configuration 27-6
groups 27-9
ifIndex values 27-5
in-band management 1-3
in clusters 5-14
informs
and trap keyword 27-11
described 27-5
differences from traps 27-5
enabling 27-14
limiting access by TFTP servers 27-15
limiting system log messages to NMS 26-10
managing clusters with 5-15
MIBs
location of A-3
supported A-1
notifications 27-5
status, displaying 27-17
SNMP (continued)system contact and location 27-15
trap manager, configuring 27-13, 27-14
traps
differences from informs 27-5
enabling MAC address notification 6-22
types of 27-11
users 27-9
versions supported 27-2
snooping, IGMP 20-2
software images
location in flash B-19
recovery procedures 37-2
scheduling reloads 3-16
tar file format, described B-19
See also downloading and uploading
source addresses, in ACLs 28-13
SPAN
configuration guidelines 24-9
default configuration 24-8
destination ports 24-5
displaying status 24-24
IDS 24-2
interaction with other features 24-7
monitored ports 24-4
monitoring ports 24-5
ports, restrictions 21-11
received traffic 24-3
session limits 24-8
sessions
creating 24-9
defined 24-3
limiting source traffic to specific VLANs 24-15
monitoring VLANs 24-14
removing destination (monitoring) ports 24-13
SPAN (continued)sessions (continued)
removing source (monitored) ports 24-13
specifying monitored ports 24-9
source ports 24-4
transmitted traffic 24-4
VLAN-based 24-6
spanning tree and native VLANs 11-18
Spanning Tree Protocol
speed, configuring on interfaces 9-15
split horizon, RIP 31-22
SSH
configuring 7-38
cryptographic software image 7-37
described 7-38
encryption methods 7-38
user authentication methods, supported 7-38
SSL
configuration guidelines 7-44
configuring a secure HTTP client 7-47
configuring a secure HTTP server 7-46
cryptographic software image 7-41
described 7-41
monitoring 7-48
Stack Membership Discovery Protocol 17-6
standby command switch
considerations 5-11
defined 5-2
priority 5-10
requirements 5-3
virtual IP address 5-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby ip command 32-5
standby links 18-2
standby router 32-1
standby timers, HSRP 32-8
startup configuration
booting
manually 3-12
specific image 3-13
clearing B-18
configuration file
automatically downloading 3-11
specifying the filename 3-12
default boot configuration 3-11
static access ports
assigning to VLAN 11-10
static addresses
static IP routing 1-8
static MAC addressing 1-5
static routes, configuring 31-74
static routing 31-2
static VLAN membership 11-2
statistics
CDP 22-4
IEEE 802.1x 8-38
interface 9-21
IP multicast routing 34-52
OSPF 31-33
QoS ingress and egress 29-71
RMON group Ethernet 25-5
RMON group history 25-5
SNMP input and output 27-17
VTP 12-15
sticky learning
configuration file 21-8
defined 21-8
disabling 21-8
enabling 21-8
saving addresses 21-8
storm control
configuring 21-3
default configuration 21-3
described 21-1
disabling 21-4
displaying 21-17
thresholds 21-1
STP
accelerating root port selection 17-4
BackboneFast
described 17-9
enabling 17-19
BPDU filtering
described 17-3
enabling 17-16
BPDU guard
described 17-2
enabling 17-15
BPDU message exchange 15-2
configuration guidelines 15-12, 17-14
configuring
forward-delay time 15-22
hello time 15-21
in cascaded stack 15-23
maximum aging time 15-22, 15-23
path cost 15-18
port priority 15-17
root switch 15-14
secondary root switch 15-16
spanning-tree mode 15-13
switch priority 15-20
counters, clearing 15-24
cross-stack UplinkFast
described 17-5
enabling 17-18
default configuration 15-11
default optional feature configuration 17-14
designated port, defined 15-3
designated switch, defined 15-3
STP (continued)detecting indirect link failures 17-10
disabling 15-14
displaying status 15-24
EtherChannel guard
described 17-12
enabling 17-20
extended system ID
affects on root switch 15-15
affects on the secondary root switch 15-16
overview 15-3
unexpected behavior 15-15
features supported 1-4
inferior BPDU 15-3
instances supported 15-9
interface state, blocking to forwarding 17-2
interface states
blocking 15-5
disabled 15-6
learning 15-6
listening 15-6
overview 15-4
interoperability and compatibility among modes 15-10
Layer 2 protocol tunneling 14-7
limitations with IEEE 802.1Q trunks 15-10
load sharing
overview 11-23
using path costs 11-25
using port priorities 11-24
loop guard
described 17-13
enabling 17-21
modes supported 15-9
multicast addresses, affect of 15-8
optional features supported 1-4
overview 15-2
STP (continued)Port Fast
described 17-2
enabling 17-14
port priorities 11-24
preventing root switch selection 17-12
protocols supported 15-9
redundant connectivity 15-7
root guard
described 17-12
enabling 17-20
root port, defined 15-3
root switch
affects of extended system ID 15-3, 15-15
configuring 15-15
election 15-3
unexpected behavior 15-15
settings in a cascaded stack 15-23
shutdown Port Fast-enabled port 17-2
superior BPDU 15-3
timers, described 15-20
UplinkFast
described 17-3
enabling 17-17
VLAN-bridge 15-11
stratum, NTP 6-2
stub areas, OSPF 31-28
stub routing, EIGRP 31-39
subnet mask 31-5
subnet zero 31-6
summer time 6-13
SunNet Manager 1-9
supernet 31-7
SVIs
and IP unicast routing 31-3
and router ACLs 28-3
connecting VLANs 9-8
defined 9-4
routing between VLANs 11-2
switch clustering technology 5-1
switch console port 1-3
switched packets, ACLs on 28-38
switched ports 9-2
switchport block multicast command 21-6
switchport block unicast command 21-7
switchport command 9-14
switchport mode dot1q-tunnel command 14-6
switchport protected command 21-6
switch priority
MSTP 16-22
STP 15-20
switch software features 1-1
switch virtual interfaces
synchronization, BGP 31-45
syslog
system clock
configuring
daylight saving time 6-13
manually 6-11
summer time 6-13
time zones 6-12
displaying the time and date 6-12
overview 6-1
System Database Management
system message logging
default configuration 26-3
defining error message severity levels 26-8
disabling 26-4
displaying the configuration 26-12
enabling 26-4
facility keywords, described 26-12
level keywords, described 26-9
limiting messages 26-10
message format 26-2
system message logging (continued)
overview 26-1
sequence numbers, enabling and disabling 26-8
setting the display destination device 26-4
synchronizing log messages 26-6
syslog facility 1-8
timestamps, enabling and disabling 26-7
UNIX syslog servers
configuring the daemon 26-11
configuring the logging facility 26-11
facilities supported 26-12
system MTU
IEEE 802.1Q tunneling 14-5
maximums 14-5
system name
default configuration 6-15
default setting 6-15
manual configuration 6-15
system prompt
system resource templates 6-26
T
TACACS+
accounting, defined 7-11
authentication, defined 7-11
authorization, defined 7-11
configuring
accounting 7-17
authentication key 7-13
authorization 7-16
login authentication 7-14
default configuration 7-13
displaying the configuration 7-17
identifying the server 7-13
in clusters 5-14
limiting the services to the user 7-16
TACACS+ (continued)
operation of 7-12
overview 7-10
tracking services accessed by user 7-17
tagged packets
IEEE 802.1Q 14-3
Layer 2 protocol 14-7
tail drop
described 29-13
support for 1-7
tar files
creating B-5
displaying the contents of B-6
extracting B-7
image file format B-19
TCAMs
ACL regions 28-47
ACLs not loading in 28-45
allocations, monitoring 28-48
monitoring usage 28-47
Telnet
accessing management interfaces 2-10
number of connections 1-3
setting a password 7-6
templates, system resources 6-26
temporary self-signed certificate 7-42
Terminal Access Controller Access Control System Plus
terminal lines, setting a password 7-6
ternary content addressable memory
TFTP
configuration files
downloading B-10
preparing the server B-10
uploading B-11
configuration files in base directory 3-6
configuring for autoconfiguration 3-6
TFTP (continued)image files
deleting B-22
downloading B-21
preparing the server B-21
uploading B-23
limiting access by servers 27-15
TFTP server 1-3
threshold, traffic level 21-2
time
time-range command 28-18
time ranges in ACLs 28-18
timestamps in log messages 26-7
time zones 6-12
Token Ring VLANs
support for 11-5
VTP support 12-4
TOS 1-6
traceroute, Layer 2
and ARP 37-15
and CDP 37-15
described 37-14
IP addresses and subnets 37-15
MAC addresses and VLANs 37-15
multicast traffic 37-15
multiple devices on a port 37-15
unicast traffic 37-14
usage guidelines 37-15
traceroute command 37-13
traffic
blocking flooded 21-6
fragmented 28-5
unfragmented 28-5
traffic policing 1-7
traffic suppression 21-1
transparent mode, VTP 12-3, 12-11
trap-door mechanism 3-2
traps
configuring MAC address notification 6-22
configuring managers 27-11, 27-14
defined 27-3
notification types 27-11
troubleshooting
connectivity problems 37-11
detecting unidirectional links 23-1
determining packet disposition 37-19
displaying crash information 37-21
GBIC security and identification 37-10
PIMv1 and PIMv2 interoperability problems 34-23
PoE ports 37-16
show forward command 37-19
with CiscoWorks 27-4
with debug commands 37-17
with ping 37-11
with system message logging 26-1
with traceroute 37-13
trunking encapsulation 1-4
trunk ports
configuring 11-20
encapsulation 11-20, 11-25, 11-26
trunks
allowed-VLAN list 11-21
configuring 11-20, 11-25, 11-26
ISL 11-16
load sharing
setting STP path costs 11-25
using STP port priorities 11-24
native VLAN for untagged traffic 11-23
parallel 11-25
pruning-eligible list 11-22
to non-DTP device 11-16
VLAN 1 minimization 11-21
trusted boundary for QoS 29-33
trustpoints, CA 7-42
tunneling
defined 14-1
IEEE 802.1Q 14-1
Layer 2 protocol 14-8
tunnel ports
defined 11-3
IEEE 802.1Q, configuring 14-6
IEEE 802.1Q and ACLs 28-3
incompatibilities with other features 14-5
twisted-pair Ethernet, detecting unidirectional links 23-1
type of service
U
UDLD
default configuration 23-4
echoing detection mechanism 23-3
enabling
globally 23-5
per interface 23-5
Layer 2 protocol tunneling 14-10
link-detection mechanism 23-1
neighbor database 23-2
overview 23-1
resetting an interface 23-6
status, displaying 23-7
support for 1-3
UDP, configuring 31-15
unauthorized ports with IEEE 802.1x 8-7
unicast MAC address filtering
and adding static addresses 6-25
and broadcast MAC addresses 6-25
and CPU packets 6-25
and multicast addresses 6-25
and router MAC addresses 6-25
unicast MAC address filtering (continued)
configuration guidelines 6-25
described 6-25
unicast storm control
unicast storm control command 21-4
unicast traffic, blocking 21-6
UniDirectional Link Detection protocol
UNIX syslog servers
daemon configuration 26-11
facilities supported 26-12
message logging configuration 26-11
unrecognized Type-Length-Value (TLV) support 12-4
upgrading software images
upgrading with CNS 4-12
UplinkFast
described 17-3
enabling 17-17
support for 1-4
uploading
configuration files
reasons for B-8
using FTP B-14
using RCP B-17
using TFTP B-11
image files
reasons for B-18
using FTP B-26
using RCP B-31
using TFTP B-23
User Datagram Protocol
user EXEC mode 2-2
username-based authentication 7-7
V
version-dependent transparent mode 12-4
virtual IP address
cluster standby group 5-11
command switch 5-11
Virtual Private Network
vlan.dat file 11-4
VLAN 1 minimization, support for 1-4
VLAN ACLs
VLAN configuration
at bootup 11-7
saving 11-7
VLAN configuration mode 2-2, 11-6
VLAN database
and startup configuration file 11-7
and VTP 12-1
VLAN configuration saved in 11-7
VLANs saved in 11-4
vlan database command 11-6
vlan dot1q tag native command 14-4
vlan global configuration command 11-6
VLAN ID, discovering 6-29
VLAN management domain 12-2
VLAN Management Policy Server
VLAN map entries, order of 28-31
VLAN maps
applying 28-34
common uses for 28-34
configuration example 28-35
configuration guidelines 28-31
configuring 28-30
creating 28-31
defined 28-2
denying access example 28-36
VLAN maps (continued)
denying and permitting packets 28-32
displaying 28-42
examples 28-36
support for 1-5
usage 28-5
VLAN membership
confirming 11-31
modes 11-3
VLAN Query Protocol
VLANs
adding 11-8
adding to VLAN database 11-8
aging dynamic addresses 15-8
allowed on trunk 11-21
and spanning-tree instances 11-2, 11-6, 11-12
configuration guidelines, normal-range VLANs 11-5
configuration options 11-6
configuring 11-1
configuring IDs 1006 to 4094 11-12
connecting through SVIs 9-8
creating in config-vlan mode 11-8
creating in VLAN configuration mode 11-9
customer numbering in service-provider networks 14-3
default configuration 11-7
deleting 11-10
displaying 11-15
features 1-4
illustrated 11-2
internal 11-13
limiting source traffic with RSPAN 24-23
limiting source traffic with SPAN 24-15
modifying 11-8
monitoring with RSPAN 24-22
monitoring with SPAN 24-14
native, configuring 11-23
VLANs (continued)number supported 1-4
parameters 11-4
port membership modes 11-3
static-access ports 11-10
STP and IEEE 802.1Q trunks 15-10
supported 11-2
Token Ring 11-5
traffic between 11-2
trunks, VLAN 1 minimization 11-21
VTP modes 12-3
VLAN Trunking Protocol
VLAN trunks 11-16
VMPS
administering 11-32
configuration example 11-33
configuration guidelines 11-29
default configuration 11-29
description 11-27
dynamic port membership
described 11-28
reconfirming 11-31
troubleshooting 11-33
entering server address 11-30
mapping MAC addresses to VLANs 11-27
monitoring 11-32
reconfirmation interval, changing 11-31
reconfirming membership 11-31
retry count, changing 11-32
voice VLAN
Cisco 7960 phone, port connections 13-1
configuration guidelines 13-3
configuring IP phones for data traffic
override CoS of incoming frame 13-5
trust CoS priority of incoming frame 13-6
voice VLAN (continued)
configuring ports for voice traffic in
802.1p priority tagged frames 13-4
802.1Q frames 13-4
connecting to an IP phone 13-3
default configuration 13-2
described 13-1
displaying 13-6
VPN
configuring routing in 31-67
forwarding 31-64
in service provider networks 31-62
routes 31-62
VPN routing and forwarding table
VRF
defining 31-64
tables 31-62
VTP
adding a client to a domain 12-14
and extended-range VLANs 12-1
and normal-range VLANs 12-1
client mode, configuring 12-10
configuration
global configuration mode 12-7
guidelines 12-8
privileged EXEC mode 12-7
requirements 12-9
saving 12-7
VLAN configuration mode 12-7
configuration mode options 12-7
configuration requirements 12-9
configuration revision number
guideline 12-14
resetting 12-14
VTP (continued)configuring
client mode 12-10
server mode 12-9
transparent mode 12-11
consistency checks 12-4
default configuration 12-6
described 12-1
disabling 12-11
domain names 12-8
domains 12-2
Layer 2 protocol tunneling 14-7
modes
transitions 12-3
monitoring 12-15
passwords 12-8
pruning
disabling 12-13
enabling 12-13
examples 12-5
overview 12-4
support for 1-4
pruning-eligible list, changing 11-22
server mode, configuring 12-9
statistics 12-15
support for 1-4
Token Ring support 12-4
transparent mode, configuring 12-11
using 12-1
version, guidelines 12-8
version 1 12-4
version 2
configuration guidelines 12-8
disabling 12-13
enabling 12-12
overview 12-4
W
WCCP
authentication 33-3
configuration guidelines 33-5
default configuration 33-4
described 33-1
displaying 33-8
enabling 33-5
features unsupported 33-4
forwarding method 33-3
Layer-2 header rewrite 33-3
MD5 security 33-3
message exchange 33-2
monitoring and maintaining 33-8
negotiation 33-3
packet redirection 33-3
packet-return method 33-3
redirecting traffic received from a client 33-5
setting the password 33-5
unsupported WCCPv2 features 33-4
Web Cache Communication Protocol
Weighted Random Early Detection
Weighted Round Robin
weighted round robin, described 29-4
wizards 1-10
X
Xmodem protocol 37-2