-
Catalyst 3750 Switch Software Configuration Guide, 12.2(25)SED
-
Index
-
Preface
-
Overview
-
Using the Command-Line Interface
-
Assigning the Switch IP Address and Default Gateway
-
Configuring IE2100 CNS Agents
-
Managing Switch Stacks
-
Clustering Switches
-
Administering the Switch
-
Configuring SDM Templates
-
Configuring Switch-Based Authentication
-
Configuring IEEE 802.1x Port-Based Authentication
-
Configuring Interface Characteristics
-
Configuring Smartports Macros
-
Configuring VLANs
-
Configuring VTP
-
Configuring Voice VLAN
-
Configuring Private VLANs
-
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
-
Configuring STP
-
Configuring MSTP
-
Configuring Optional Spanning-Tree Features
-
Configuring Flex Links
-
Configuring DHCP Features and IP Source Guard
-
Configuring Dynamic ARP Inspection
-
Configuring IGMP Snooping and MVR
-
Configuring Port-Based Traffic Control
-
Configuring CDP
-
Configuring UDLD
-
Configuring SPAN and RSPAN
-
Configuring RMON
-
Configuring System Message Logging
-
Configuring SNMP
-
Configuring Network Security with ACLs
-
Configuring QoS
-
Configuring EtherChannels
-
Configuring IP Unicast Routing
-
Configuring IPv6 Unicast Routing
-
Configuring IPv6 MLD Snooping
-
Configuring IPv6 ACLs
-
Configuring HSRP
-
Configuring IP Multicast Routing
-
Configuring MSDP
-
Configuring Fallback Bridging
-
Troubleshooting
-
Supported MIBs
-
Working with the Cisco IOS File System, Configuration Files, and Software Images
-
Unsupported Commands in Cisco IOS Release 12.2(25)SED
-
Feedback
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
Numerics
10-Gigabit Ethernet interfaces
configuration guidelines 11-17
defined 11-6
A
abbreviating commands 2-4
ABRs 35-25
AC (command switch) 6-11
access
templates 8-1
access-class command 32-20
access control entries
access-denied response, VMPS 13-28
access groups
applying IPv4 ACLs to interfaces 32-21
Layer 2 32-21
Layer 3 32-21
accessing
clusters, switch 6-14
command switches 6-12
member switches 6-14
switch clusters 6-14
accessing stack members 5-23
access lists
access ports
and Layer 2 protocol tunneling 17-11
defined 11-3
in switch clusters 6-10
access template 8-1
accounting
with 802.1x 10-30
with IEEE 802.1x 10-5
with RADIUS 9-28
ACEs
and QoS 33-7
defined 32-2
Ethernet 32-2
IP 32-2
ACLs
ACEs 32-2
any keyword 32-13
applying
on bridged packets 32-39
on multicast packets 32-40
on routed packets 32-40
on switched packets 32-38
time ranges to 32-17
to IPv6 interfaces 38-8
to QoS 33-7
classifying traffic for QoS 33-43
comments in 32-19
compiling 32-22
extended IP
configuring for QoS classification 33-44
extended IPv4
creating 32-11
matching criteria 32-8
ACLs (continued)hardware and software handling 32-22
host keyword 32-13
IP
creating 32-8
fragments and QoS guidelines 33-33
implicit deny 32-10, 32-14, 32-16
implicit masks 32-10
matching criteria 32-8
undefined 32-21
IPv4
applying to interfaces 32-20
creating 32-8
matching criteria 32-8
named 32-15
numbers 32-8
terminal lines, setting on 32-19
unsupported features 32-7
IPv6
and stacking 38-3
applying to interfaces 38-8
displaying 38-9
interactions with other features 38-4
limitations 38-3
matching criteria 38-3
named 38-3
precedence of 38-2
supported 38-2
unsupported features 38-3
Layer 4 information in 32-38
logging messages 32-9
named
IPv6 38-3
named, IPv4 32-15
names 38-4
ACLs (continued)number per QoS class map 33-33
precedence of 32-2
resequencing entries 32-15
router ACLs and VLAN map configuration guidelines 32-37
standard IP, configuring for QoS classification 33-43
standard IPv4
creating 32-10
matching criteria 32-8
support for 1-8
support in hardware 32-22
time ranges 32-17
types supported 32-2
unsupported features
IPv6 38-3
unsupported features, IPv4 32-7
using router ACLs with VLAN maps 32-37
VLAN maps
configuration guidelines 32-31
configuring 32-30
active links 21-2
active router 39-1
address aliasing 24-2
addresses
displaying the MAC address table 7-27
dynamic
accelerated aging 18-9
changing the aging time 7-21
default aging 18-9
defined 7-19
learning 7-20
removing 7-22
MAC, discovering 7-27
addresses (continued)multicast
group address range 40-3
STP address management 18-9
static
adding and removing 7-24
defined 7-19
Address Resolution Protocol
adjacency tables, with CEF 35-74
administrative distances
defined 35-85
OSPF 35-31
routing protocol defaults 35-76
advanced IP services image 36-1
advertisements
CDP 26-1
RIP 35-20
aggregatable global unicast addresses 36-3
aggregate addresses, BGP 35-58
aggregated ports
aggregate policers 33-58
aggregate policing 1-9
aging, accelerating 18-9
aging time
accelerated
for MSTP 19-23
MAC address table 7-21
maximum
for MSTP 19-24
alarms, RMON 29-3
allowed-VLAN list 13-21
area border routers
ARP
configuring 35-10
encapsulation 35-11
static cache configuration 35-10
table
address resolution 7-27
managing 7-27
ASBRs 35-25
AS-path filters, BGP 35-52
asymmetrical links, and IEEE 802.1Q tunneling 17-4
attributes, RADIUS
vendor-proprietary 9-30
vendor-specific 9-29
audience xliii
authentication
EIGRP 35-40
HSRP 39-9
local mode with AAA 9-36
NTP associations 7-4
RADIUS
key 9-21
login 9-23
TACACS+
defined 9-11
key 9-13
login 9-14
See also port-based authentication
authentication failed VLAN
authentication keys, and routing protocols 35-86
authoritative time source, described 7-2
authorization
with RADIUS 9-27
authorized ports with IEEE 802.1x 10-4
autoconfiguration 3-3
automatic advise (auto-advise) in switch stacks 5-12
automatic copy (auto-copy) in switch stacks 5-11
automatic discovery
considerations
beyond a noncandidate device 6-8
brand new switches 6-10
connectivity 6-5
different VLANs 6-7
management VLANs 6-8
non-CDP-capable devices 6-6
noncluster-capable devices 6-6
routed ports 6-9
in switch clusters 6-5
automatic QoS
automatic recovery, clusters 6-11
automatic upgrades (auto-upgrade) in switch stacks 5-11
auto-MDIX
configuring 11-21
described 11-21
autonegotiation
duplex mode 1-4
interface configuration guidelines 11-18
mismatches 43-12
autonomous system boundary routers
autonomous systems, in BGP 35-46
Auto-RP, described 40-5
autosensing, port speed 1-4
auxiliary VLAN
availability, features 1-6
B
BackboneFast
described 20-7
disabling 20-17
enabling 20-16
support for 1-7
backup interfaces
backup links 21-2
banners
configuring
login 7-19
message-of-the-day login 7-18
default configuration 7-17
when displayed 7-17
BGP
aggregate addresses 35-58
aggregate routes, configuring 35-58
CIDR 35-58
clear commands 35-62
community filtering 35-55
configuring neighbors 35-56
default configuration 35-43
described 35-42
enabling 35-46
monitoring 35-62
multipath support 35-50
neighbors, types of 35-46
path selection 35-50
peers, configuring 35-56
prefix filtering 35-54
resetting sessions 35-49
route dampening 35-61
route maps 35-52
route reflectors 35-59
routing domain confederation 35-59
routing session with multi-VRF CE 35-68
show commands 35-62
BGP (continued)supernets 35-58
support for 1-10
Version 4 35-43
binding cluster group and HSRP group 39-11
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 22-5
DHCP snooping database 22-6
IP source guard 22-14
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 25-6
booting
boot loader, function of 3-2
boot process 3-2
manually 3-14
specific image 3-14
boot loader
accessing 3-15
described 3-2
environment variables 3-15
prompt 3-15
trap-door mechanism 3-2
bootstrap router (BSR), described 40-5
Border Gateway Protocol
BPDU
error-disabled state 20-3
filtering 20-3
RSTP format 19-12
BPDU filtering
described 20-3
disabling 20-15
enabling 20-14
support for 1-7
BPDU guard
described 20-3
disabling 20-14
enabling 20-13
support for 1-7
bridged packets, ACLs on 32-39
bridge groups
bridge protocol data unit
broadcast flooding 35-17
broadcast packets
directed 35-14
flooded 35-14
broadcast storm-control command 25-4
C
cables, monitoring for unidirectional links 27-1
candidate switch
automatic discovery 6-5
defined 6-4
requirements 6-4
See also command switch, cluster standby group, and member switch
CA trustpoint
configuring 9-45
defined 9-42
caution, described xliv
CDP
and trusted boundary 33-39
automatic discovery in switch clusters 6-5
configuring 26-2
CDP (continued)default configuration 26-2
described 26-1
disabling for routing device 26-3 to 26-4
enabling and disabling
on an interface 26-4
on a switch 26-3
Layer 2 protocol tunneling 17-8
monitoring 26-5
overview 26-1
power negotiation extensions 11-7
support for 1-6
switch stack considerations 26-2
transmission timer and holdtime, setting 26-2
updates 26-2
CEF
defined 35-74
distributed 35-74
enabling 35-74
IPv6 36-15
CGMP
as IGMP snooping learning method 24-9
clearing cached group entries 40-49
enabling server support 40-32
joining multicast group 24-3
overview 40-8
server support only 40-8
switch support of 1-4
CIDR 35-58
CipherSuites 9-43
Cisco 7960 IP Phone 15-1
Cisco Discovery Protocol
Cisco Express Forwarding
Cisco Group Management Protocol
Cisco Intelligence Engine 2100 Series Configuration Registrar
Cisco intelligent power management 11-7
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
Cisco Network Assistant
Cisco Networking Services
Cisco StackWise technology 1-3
CIST regional root
CIST root
classless interdomain routing
classless routing 35-8
class maps for QoS
configuring 33-46
described 33-7
displaying 33-78
class of service
clearing interfaces 11-29
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-5
editing features
enabling and disabling 2-7
keystroke editing 2-8
wrapped lines 2-9
error messages 2-5
CLI (continued)filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
managing clusters 6-18
no and default forms of commands 2-4
client mode, VTP 14-3
clock
cluster requirements xlv
clusters, switch
accessing 6-14
automatic discovery 6-5
automatic recovery 6-11
benefits 1-2
compatibility 6-4
described 6-1
LRE profile considerations 6-17
managing
through CLI 6-18
through SNMP 6-19
planning 6-4
planning considerations
automatic discovery 6-5
automatic recovery 6-11
CLI 6-18
host names 6-14
IP addresses 6-14
LRE profiles 6-17
passwords 6-15
RADIUS 6-17
switch stacks 6-16
TACACS+ 6-17
CLI (continued)CLI (continued)cluster standby group
and HSRP group 39-11
automatic recovery 6-13
considerations 6-12
defined 6-2
requirements 6-3
virtual IP address 6-12
Coarse Wave Division Multiplexer
command-line interface
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 9-8
command switch
accessing 6-12
active (AC) 6-11
configuration conflicts 43-12
defined 6-2
passive (PC) 6-11
password privilege levels 6-18
priority 6-11
recovery
from command-switch failure 6-11, 43-8
from lost member connectivity 43-12
redundant 6-11
replacing
with another switch 43-11
with cluster member 43-9
requirements 6-3
standby (SC) 6-11
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 35-55
community ports 16-2
community strings
for cluster switches 31-4
in clusters 6-15
overview 31-4
SNMP 6-15
compatibility, feature 25-11
compatibility, software
config.text 3-13
configurable leave timer, IGMP 24-6
configuration, initial
defaults 1-12
Express Setup 1-2
See also getting started guide and hardware installation guide
configuration conflicts, recovering from lost member connectivity 43-12
configuration examples, network 1-15
configuration files
clearing the startup configuration B-19
creating using a text editor B-10
default name 3-13
deleting a stored configuration B-19
described B-8
downloading
automatically 3-13
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-11
guidelines for creating and using B-9
invalid combinations when copying B-5
limiting TFTP server access 31-16
obtaining with DHCP 3-8
configuration files (continued)password recovery disable considerations 9-5
specifying the filename 3-13
system contact and location information 31-15
types and location B-10
uploading
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
configuration guidelines, multi-VRF CE 35-66
configuration logging 2-5
configuration settings, saving 3-11
configure terminal command 11-12
conflicts, configuration 43-12
connections, secure remote 9-38
connectivity problems 43-14, 43-16, 43-17
consistency checks in VTP Version 2 14-4
console port, connecting to 2-11
conventions
command xliv
for examples xliv
publication xliv
text xliv
corrupted software, recovery steps with Xmodem 43-2
CoS
in Layer 2 frames 33-2
override priority 15-6
trust priority 15-6
CoS input queue threshold map for QoS 33-16
CoS output queue threshold map for QoS 33-19
CoS-to-DSCP map for QoS 33-60
counters, clearing interface 11-29
crashinfo file 43-24
cross-stack EtherChannel
configuration guidelines 34-13
configuring
on Layer 2 interfaces 34-13
on Layer 3 physical interfaces 34-16
described 34-2
illustration 34-4
support for 1-6
cross-stack UplinkFast, STP
described 20-5
disabling 20-16
enabling 20-16
fast-convergence events 20-7
Fast Uplink Transition Protocol 20-6
normal-convergence events 20-7
support for 1-7
cryptographic software image
Kerberos 9-32
SSH 9-37
SSL 9-42
switch stack considerations 5-2, 5-16, 9-38
customer edge devices 35-64
CWDM SFPs 1-25
D
daylight saving time 7-13
dCEF
in the switch stack 35-74
debugging
enabling all system diagnostics 43-21
enabling for a specific feature 43-20
redirecting error message output 43-21
using commands 43-20
default commands 2-4
default configuration
802.1x 10-15
auto-QoS 33-21
banners 7-17
BGP 35-43
booting 3-13
CDP 26-2
DHCP 22-7
DHCP option 82 22-8
DHCP snooping 22-8
DHCP snooping binding database 22-8
DNS 7-16
dynamic ARP inspection 23-5
EIGRP 35-36
EtherChannel 34-11
Ethernet interfaces 11-16
fallback bridging 42-4
Flex Links 21-4
HSRP 39-5
IEEE 802.1Q tunneling 17-4
IGMP 40-27
IGMP filtering 24-25
IGMP snooping 24-7, 37-5, 37-6
IGMP throttling 24-25
initial switch information 3-3
IP addressing, IP routing 35-6
IP multicast routing 40-9
IP source guard 22-15
IPv6 36-11
Layer 2 interfaces 11-16
Layer 2 protocol tunneling 17-11
MAC address table 7-21
MAC address-table move update 21-4
MSDP 41-4
MSTP 19-15
multi-VRF CE 35-65
MVR 24-20
NTP 7-4
optional spanning-tree configuration 20-12
default configuration (continued)OSPF 35-26
password and privilege level 9-2
PIM 40-9
private VLANs 16-7
RADIUS 9-20
RIP 35-21
RMON 29-3
RSPAN 28-11
SDM template 8-5
SNMP 31-7
SPAN 28-11
SSL 9-44
standard QoS 33-31
STP 18-13
switch stacks 5-19
system message logging 30-4
system name and prompt 7-15
TACACS+ 9-13
UDLD 27-4
VLAN, Layer 2 Ethernet interfaces 13-19
VLANs 13-8
VMPS 13-29
voice VLAN 15-3
VTP 14-7
default networks 35-77
default routes 35-77
default routing 35-3
deleting VLANs 13-10
denial-of-service attack 25-1
description command 11-24
designing your network, examples 1-15
destination addresses
in IPv6 ACLs 38-6
destination addresses, in IPv4 ACLs 32-12
destination-IP address-based forwarding, EtherChannel 34-9
destination-MAC address forwarding, EtherChannel 34-9
detecting indirect link failures, STP 20-8
device B-19
device discovery protocol 26-1
device manager
benefits 1-2
in-band management 1-6
requirements xliv
upgrading a switch B-19
DHCP
Cisco IOS server database
configuring 22-13
default configuration 22-8
described 22-5
enabling
relay agent 22-10
server 22-9
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-4
DNS 3-6
relay device 3-7
server side 3-5
server-side 22-9
TFTP server 3-6
example 3-9
lease options
for IP address information 3-5
for receiving the configuration file 3-5
overview 3-3
relationship to BOOTP 3-4
support for 1-5
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 22-5
configuration guidelines 22-8
default configuration 22-7
displaying 22-14
forwarding address, specifying 22-10
helper address 22-10
overview 22-3
packet format, suboption
circuit ID 22-5
remote ID 22-5
remote ID suboption 22-5
DHCP snooping
accepting untrusted packets form edge switch 22-3, 22-11
and private VLANs 22-12
binding database
See DHCP snooping binding database
configuration guidelines 22-8
default configuration 22-7
displaying binding tables 22-14
message exchange process 22-4
option 82 data insertion 22-3
trusted interface 22-2
untrusted interface 22-2
untrusted messages 22-2
DHCP snooping binding database
adding bindings 22-13
binding file
format 22-6
location 22-6
bindings 22-6
clearing agent statistics 22-14
configuration guidelines 22-9
configuring 22-13
default configuration 22-7, 22-8
DHCP snooping binding database (continued)deleting
binding file 22-14
bindings 22-14
database agent 22-14
described 22-6
displaying 22-14
binding entries 22-14
status and statistics 22-14
enabling 22-13
entry 22-6
renewing database 22-14
resetting
delay value 22-14
timeout value 22-14
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 33-2
Differentiated Services Code Point 33-2
Diffusing Update Algorithm (DUAL) 35-34
directed unicast requests 1-5
directories
changing B-4
creating and removing B-4
displaying the working B-4
discovery, clusters
Distance Vector Multicast Routing Protocol
distance-vector protocols 35-3
distribute-list command 35-85
DNS
and DHCP-based autoconfiguration 3-6
default configuration 7-16
displaying the configuration 7-17
in IPv6 36-4
overview 7-15
setting up 7-16
support for 1-5
documentation, related xliv
document conventions xliv
domain names
DNS 7-15
VTP 14-8
Domain Name System
dot1q-tunnel switchport mode 13-18
double-tagged packets
IEEE 802.1Q tunneling 17-2
Layer 2 protocol tunneling 17-10
downloading
configuration files
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-11
image files
deleting old image B-23
reasons for B-19
using CMS 1-3
using FTP B-26
using RCP B-31
using TFTP B-22
using the device manager or Network Assistant B-19
drop threshold for Layer 2 protocol packets 17-11
DSCP input queue threshold map for QoS 33-16
DSCP output queue threshold map for QoS 33-19
DSCP-to-CoS map for QoS 33-63
DSCP-to-DSCP-mutation map for QoS 33-64
DSCP transparency 33-39
DUAL finite state machine, EIGRP 35-35
dual IPv4 and IPv6 templates 8-2, 36-1, 36-9
dual protocol stacks
configuring 36-13
IPv4 and IPv6 36-9
SDM templates supporting 36-9
DVMRP
autosummarization
configuring a summary address 40-46
disabling 40-48
connecting PIM domain to DVMRP router 40-39
enabling unicast routing 40-42
interoperability
with Cisco devices 40-37
with Cisco IOS software 40-7
mrinfo requests, responding to 40-41
neighbors
advertising the default route to 40-40
discovery with Probe messages 40-37
displaying information 40-41
prevent peering with nonpruning 40-44
rejecting nonpruning 40-43
overview 40-7
routes
adding a metric offset 40-48
advertising all 40-48
advertising the default route to neighbors 40-40
caching DVMRP routes learned in report messages 40-42
changing the threshold for syslog messages 40-45
deleting 40-49
displaying 40-50
favoring one over another 40-48
limiting the number injected into MBONE 40-45
limiting unicast route advertisements 40-37
routing table 40-7
source distribution tree, building 40-7
support for 1-11
tunnels
configuring 40-39
displaying neighbor information 40-41
dynamic access ports
characteristics 13-3
configuring 13-31
defined 11-3
dynamic addresses
dynamic ARP inspection
ARP cache poisoning 23-1
ARP requests, described 23-1
ARP spoofing attack 23-1
clearing
log buffer 23-15
statistics 23-15
configuration guidelines 23-6
configuring
ACLs for non-DHCP environments 23-8
in DHCP environments 23-7
log buffer 23-12
rate limit for incoming ARP packets 23-4, 23-10
default configuration 23-5
denial-of-service attacks, preventing 23-10
described 23-1
DHCP snooping binding database 23-2
displaying
ARP ACLs 23-14
configuration and operating state 23-14
log buffer 23-15
statistics 23-15
trust state and rate limit 23-14
error-disabled state for exceeding rate limit 23-4
function of 23-2
interface trust states 23-3
log buffer
clearing 23-15
configuring 23-12
displaying 23-15
logging of dropped packets, described 23-5
man-in-the middle attack, described 23-2
network security issues and interface trust states 23-3
dynamic ARP inspection (continued)priority of ARP ACLs and DHCP snooping entries 23-4
rate limiting of ARP packets
configuring 23-10
described 23-4
error-disabled state 23-4
statistics
clearing 23-15
displaying 23-15
validation checks, performing 23-11
dynamic auto trunking mode 13-18
dynamic desirable trunking mode 13-18
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 13-29
reconfirming 13-31
troubleshooting 13-33
types of connections 13-31
dynamic routing 35-3
Dynamic Trunking Protocol
E
EBGP 35-41
editing features
enabling and disabling 2-7
keystrokes used 2-8
wrapped lines 2-9
EIGRP
authentication 35-40
components 35-35
configuring 35-38
default configuration 35-36
definition 35-34
interface parameters, configuring 35-39
monitoring 35-41
support for 1-10
elections
enable password 9-3
enable secret password 9-3
encryption, CipherSuite 9-44
encryption for passwords 9-3
Enhanced IGRP
environment variables, function of 3-16
equal-cost routing 1-10, 35-75
error messages during command entry 2-5
EtherChannel
automatic creation of 34-6, 34-7
channel groups
binding physical and logical interfaces 34-5
numbering of 34-5
configuration guidelines 34-12
configuring
Layer 2 interfaces 34-13
Layer 3 physical interfaces 34-16
Layer 3 port-channel logical interfaces 34-15
default configuration 34-11
described 34-2
displaying status 34-23
forwarding methods 34-8, 34-18
IEEE 802.3ad, described 34-7
interaction
with STP 34-12
with VLANs 34-12
LACP
described 34-7
displaying status 34-23
hot-standby ports 34-20
interaction with other features 34-8
modes 34-7
port priority 34-22
system priority 34-21
Layer 3 interface 35-5
EtherChannel (continued)logical interfaces, described 34-5
PAgP
aggregate-port learners 34-19
compatibility with Catalyst 1900 34-19
described 34-6
displaying status 34-23
interaction with other features 34-7
learn method and priority configuration 34-19
modes 34-6
support for 1-4
port-channel interfaces
described 34-5
numbering of 34-5
port groups 11-6
stack changes, effects of 34-10
support for 1-4
EtherChannel guard
described 20-10
disabling 20-17
enabling 20-17
Ethernet VLANs
adding 13-9
defaults and ranges 13-8
modifying 13-9
EUI 36-3
events, RMON 29-3
examples
conventions for xliv
network configuration 1-15
expedite queue for QoS 33-77
Express Setup 1-2
See also getting started guide
extended crashinfo file 43-24
extended-range VLANs
configuration guidelines 13-13
configuring 13-12
creating 13-14
creating with an internal VLAN ID 13-15
defined 13-1
extended system ID
MSTP 19-17
extended universal identifier
Extensible Authentication Protocol over LAN 10-1
external BGP
external neighbors, BGP 35-46
F
failover support 1-6
fallback bridging
and protected ports 42-4
bridge groups
creating 42-4
described 42-2
displaying 42-11
function of 42-2
number supported 42-5
removing 42-5
bridge table
clearing 42-11
displaying 42-11
configuration guidelines 42-4
connecting interfaces with 11-10
default configuration 42-4
described 42-1
frame forwarding
flooding packets 42-2
forwarding packets 42-2
overview 42-1
fallback bridging (continued)protocol, unsupported 42-4
stack changes, effects of 42-3
STP
disabling on an interface 42-11
forward-delay interval 42-10
hello BPDU interval 42-9
interface priority 42-7
keepalive messages 18-2
maximum-idle interval 42-10
path cost 42-8
VLAN-bridge spanning-tree priority 42-7
VLAN-bridge STP 42-2
support for 1-10
SVIs and routed ports 42-2
unsupported protocols 42-4
VLAN-bridge STP 18-11
Fast Uplink Transition Protocol 20-6
features, incompatible 25-11
FIB 35-74
fiber-optic, detecting unidirectional links 27-1
files
basic crashinfo
description 43-24
location 43-24
copying B-5
crashinfo
description 43-24
deleting B-5
displaying the contents of B-8
extended crashinfo
description 43-25
location 43-25
tar
creating B-6
displaying the contents of B-7
extracting B-7
image file format B-20
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-5
setting the default B-3
filtering
in a VLAN 32-30
non-IP traffic 32-27
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
flash device, number of B-1
Flex Links
configuration guidelines 21-4
configuring 21-5
default configuration 21-4
description 21-1
monitoring 21-7
flooded traffic, blocking 25-7
flow-based packet classification 1-9
flowcharts
QoS classification 33-6
QoS egress queueing and scheduling 33-17
QoS ingress queueing and scheduling 33-15
QoS policing and marking 33-10
flowcontrol
configuring 11-20
described 11-20
forward-delay time
MSTP 19-23
STP 18-23
Forwarding Information Base
forwarding nonroutable protocols 42-1
FTP
accessing MIB files A-3
configuration files
downloading B-13
overview B-12
preparing the server B-13
uploading B-14
image files
deleting old image B-28
downloading B-26
preparing the server B-25
uploading B-28
G
get-bulk-request operation 31-3
get-next-request operation 31-3, 31-5
get-request operation 31-3, 31-5
get-response operation 31-3
Gigabit modules
global configuration mode 2-2
global leave, IGMP 24-13
guest VLAN and 802.1x 10-10
guide
audience xliii
purpose of xliii
guide mode 1-3
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces 11-25
hello time
MSTP 19-22
STP 18-22
help, for the command line 2-3
hierarchical policy maps 33-8
configuration guidelines 33-33
configuring 33-52
described 33-11
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 30-10
host names
in clusters 6-14
host ports
configuring 16-12
kinds of 16-2
hosts, limit on dynamic ports 13-33
Hot Standby Router Protocol
HP OpenView 1-5
HSRP
authentication string 39-9
automatic cluster recovery 6-13
binding to cluster group 39-11
cluster standby group considerations 6-12
command-switch redundancy 1-1, 1-6
configuring 39-4
default configuration 39-5
definition 39-1
guidelines 39-5
monitoring 39-11
overview 39-1
priority 39-7
routing redundancy 1-10
support for ICMP redirect messages 39-11
switch stack considerations 39-4
timers 39-9
tracking 39-7
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
HTTPS 9-42
configuring 9-46
self-signed certificate 9-43
HTTP secure server 9-42
I
IBPG 35-41
ICMP
IPv6 36-4
redirect messages 35-12
support for 1-11
time-exceeded messages 43-18
traceroute and 43-18
unreachable messages 32-20
unreachable messages and IPv6 38-4
unreachables and ACLs 32-22
ICMP ping
executing 43-15
overview 43-14
ICMP Router Discovery Protocol
ICMPv6 36-4
IDS appliances
and ingress RSPAN 28-22
and ingress SPAN 28-15
IE2100
CNS embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-8
Configuration Registrar
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
IEEE 802.1D
IEEE 802.1p 15-1
IEEE 802.1Q
and trunk ports 11-3
configuration limitations 13-19
encapsulation 13-16
native VLAN for untagged traffic 13-23
tunneling
compatibility with other features 17-6
defaults 17-4
described 17-1
tunnel ports with other features 17-6
IEEE 802.1s
IEEE 802.1w
IEEE 802.1x
IEEE 802.3ad
IEEE 802.3af
IEEE 802.3x flow control 11-20
ifIndex values, SNMP 31-6
IFS 1-6
IGMP
configurable leave timer
described 24-6
enabling 24-12
configuring the switch
as a member of a group 40-27
statically connected member 40-31
controlling access to groups 40-28
default configuration 40-27
deleting cache entries 40-50
displaying groups 40-50
fast switching 40-32
IGMP (continued)flooded multicast traffic
controlling the length of time 24-13
disabling on an interface 24-14
global leave 24-13
query solicitation 24-13
recovering from flood mode 24-13
host-query interval, modifying 40-29
joining multicast group 24-3
join messages 24-3
leave processing, enabling 24-11, 37-9
leaving multicast group 24-5
multicast reachability 40-27
overview 40-2
queries 24-4
report suppression
described 24-6
supported versions 24-3
support for 1-4
Version 1
changing to Version 2 40-29
described 40-3
Version 2
changing to Version 1 40-29
described 40-3
maximum query response time value 40-31
pruning groups 40-31
query timeout value 40-30
IGMP filtering
configuring 24-25
default configuration 24-25
described 24-24
monitoring 24-29
support for 1-4
IGMP groups
configuring filtering 24-28
setting the maximum number 24-27
IGMP Immediate Leave
configuration guidelines 24-12
described 24-6
enabling 24-11
IGMP profile
applying 24-26
configuration mode 24-25
configuring 24-26
IGMP snooping
and address aliasing 24-2
and stack changes 24-7
configuring 24-7
default configuration 24-7, 37-5, 37-6
definition 24-2
enabling and disabling 24-8, 37-6
global configuration 24-8
Immediate Leave 24-6
in the switch stack 24-7
method 24-9
querier
configuration guidelines 24-15
configuring 24-15
supported versions 24-3
support for 1-4
VLAN configuration 24-8
IGMP throttling
configuring 24-28
default configuration 24-25
described 24-25
displaying action 24-29
IGP 35-25
Immediate Leave, IGMP 24-6
enabling 37-9
inaccessible authentication bypass 10-11
initial configuration
defaults 1-12
Express Setup 1-2
See also getting started guide and hardware installation guide
Intelligence Engine 2100 Series CNS Agents
interface
number 11-11
range macros 11-14
interface command 11-11 to 11-12
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 11-21
configuration guidelines
10-Gigabit Ethernet 11-17
duplex and speed 11-18
configuring
procedure 11-12
configuring for IPv4 and IPv6 36-13
counters, clearing 11-29
default configuration 11-16
described 11-24
descriptive name, adding 11-24
displaying information about 11-29
flow control 11-20
management 1-5
monitoring 11-28
naming 11-24
physical, identifying 11-10, 11-11
range of 11-12
restarting 11-30
shutting down 11-30
speed and duplex, configuring 11-18
status 11-28
supported 11-10
types of 11-1
interfaces range macro command 11-14
interface types 11-11
Interior Gateway Protocol
internal BGP
internal neighbors, BGP 35-46
Internet Control Message Protocol
Internet Group Management Protocol
Internet Protocol version 6
Inter-Switch Link
Intrusion Detection System
IP ACLs
for QoS classification 33-7
implicit masks 32-10
named 32-15
undefined 32-21
IP addresses
128-bit 36-2
classes of 35-6
cluster access 6-2
command switch 6-3, 6-12, 6-14
default configuration 35-6
discovering 7-27
for IP routing 35-5
IPv6 36-2
MAC address association 35-9
monitoring 35-18
redundant clusters 6-12
standby command switch 6-12, 6-14
IP base image 1-1
IP broadcast address 35-17
ip cef distributed command 35-74
IP directed broadcasts 35-15
ip igmp profile command 24-25
IP information
assigned
manually 3-10
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing
addresses
all-hosts 40-3
all-multicast-routers 40-3
host group address range 40-3
administratively-scoped boundaries, described 40-35
and IGMP snooping 24-2
Auto-RP
adding to an existing sparse-mode cloud 40-15
benefits of 40-14
clearing the cache 40-50
configuration guidelines 40-10
filtering incoming RP announcement messages 40-17
overview 40-5
preventing candidate RP spoofing 40-17
preventing join messages to false RPs 40-16
setting up in a new internetwork 40-14
using with BSR 40-22
bootstrap router
configuration guidelines 40-10
configuring candidate BSRs 40-20
configuring candidate RPs 40-21
defining the IP multicast boundary 40-19
defining the PIM domain border 40-18
overview 40-5
using with Auto-RP 40-22
Cisco implementation 40-2
configuring
basic multicast routing 40-11
IP multicast boundary 40-35
default configuration 40-9
IP multicast routing (continued)enabling
multicast forwarding 40-11
PIM mode 40-12
group-to-RP mappings
Auto-RP 40-5
BSR 40-5
MBONE
deleting sdr cache entries 40-50
described 40-33
displaying sdr cache 40-51
enabling sdr listener support 40-34
limiting DVMRP routes advertised 40-45
limiting sdr cache entry lifetime 40-34
SAP packets for conference session announcement 40-33
Session Directory (sdr) tool, described 40-33
monitoring
packet rate loss 40-51
peering devices 40-51
tracing a path 40-51
multicast forwarding, described 40-6
PIMv1 and PIMv2 interoperability 40-9
protocol interaction 40-2
reverse path check (RPF) 40-6
routing table
deleting 40-50
displaying 40-50
RP
assigning manually 40-12
configuring Auto-RP 40-14
configuring PIMv2 BSR 40-18
monitoring mapping information 40-23
using Auto-RP and BSR 40-22
stacking
stack master functions 40-8
stack member functions 40-8
statistics, displaying system and network 40-50
IP multicast routing (continued)IP phones
and QoS 15-1
automatic classification and queueing 33-20
configuring 15-4
ensuring port security with QoS 33-38
trusted boundary for QoS 33-38
IP precedence 33-2
IP-precedence-to-DSCP map for QoS 33-61
IP protocols
in ACLs 32-12
routing 1-10
IP routes, monitoring 35-87
IP routing
connecting interfaces with 11-10
disabling 35-19
enabling 35-19
IP services image 1-1
IP source guard
and 802.1x 22-16
and DHCP snooping 22-14
and EtherChannels 22-16
and port security 22-16
and private VLANs 22-16
and routed ports 22-16
and TCAM entries 22-16
and trunk interfaces 22-16
and VRF 22-16
binding configuration
automatic 22-14
manual 22-14
binding table 22-14
configuration guidelines 22-16
default configuration 22-15
described 22-14
IP source guard (continued)disabling 22-17
displaying
bindings 22-18
configuration 22-18
enabling 22-16
filtering
source IP address 22-15
source IP and MAC address 22-15
source IP address filtering 22-15
source IP and MAC address filtering 22-15
static bindings
adding 22-16
deleting 22-17
IP traceroute
executing 43-18
overview 43-17
IP unicast routing
address resolution 35-9
administrative distances 35-76, 35-85
ARP 35-10
assigning IP addresses to Layer 3 interfaces 35-7
authentication keys 35-86
broadcast
address 35-17
flooding 35-17
packets 35-14
storms 35-14
classless routing 35-8
configuring static routes 35-75
default
addressing configuration 35-6
gateways 35-12
networks 35-77
routes 35-77
routing 35-3
directed broadcasts 35-15
disabling 35-19
dynamic routing 35-3
IP unicast routing (continued)enabling 35-19
EtherChannel Layer 3 interface 35-5
IGP 35-25
inter-VLAN 35-2
IP addressing
classes 35-6
configuring 35-5
IPv6 36-3
IRDP 35-13
Layer 3 interfaces 35-5
MAC address and IP address 35-9
passive interfaces 35-84
protocols
distance-vector 35-3
dynamic 35-3
link-state 35-3
proxy ARP 35-10
redistribution 35-78
reverse address resolution 35-9
routed ports 35-5
static routing 35-3
steps to configure 35-5
subnet mask 35-7
subnet zero 35-7
supernet 35-8
UDP 35-16
with SVIs 35-5
IPv4 ACLs
applying to interfaces 32-20
extended, creating 32-11
named 32-15
standard, creating 32-10
IPv4 and IPv6
configuring on an interface 36-13
differences 36-2
dual protocol stacks 36-5
IPv6
ACLs
displaying 38-9
limitations 38-3
matching criteria 38-3
port 38-2
precedence 38-2
router 38-2
supported 38-2
addresses 36-2
address formats 36-2
advantages 36-2
and switch stacks 36-7
applications 36-5
assigning address 36-11
autoconfiguration 36-5
CEFv6 36-15
configuring static routes 36-16
default configuration 36-11
defined 36-1
enabling 36-11
feature limitations 36-7
features not supported 36-6
ICMP 36-4
ICMP rate limiting 36-15
monitoring 36-22
OSPF 36-20
path MTU discovery 36-4
reasons for 36-1
RIP 36-18
SDM templates 8-3, 36-8, 37-1, 38-1
stack master functions 36-8
supported features 36-3
switch limitations 36-7
IPv6 traffic, filtering 38-4
IRDP
configuring 35-13
definition 35-13
support for 1-11
ISL
and IPv6 36-3
and trunk ports 11-3
trunking with IEEE 802.1 tunneling 17-5
isolated port 16-2
J
join messages, IGMP 24-3
K
KDC
described 9-32
keepalive messages 18-2
Kerberos
authenticating to
boundary switch 9-34
KDC 9-34
network services 9-35
configuration examples 9-32
configuring 9-35
credentials 9-32
cryptographic software image 9-32
described 9-32
KDC 9-32
operation 9-34
realm 9-33
server 9-33
support for 1-9
switch as trusted third party 9-32
Kerberos (continued)terms 9-33
TGT 9-34
tickets 9-32
key distribution center
L
l2protocol-tunnel command 17-13
LACP
Layer 2 protocol tunneling 17-9
Layer 2 frames, classification with CoS 33-2
Layer 2 interfaces, default configuration 11-16
Layer 2 protocol tunneling
configuring 17-10
configuring for EtherChannels 17-14
default configuration 17-11
defined 17-8
guidelines 17-12
Layer 2 traceroute
and ARP 43-17
and CDP 43-16
broadcast traffic 43-16
described 43-16
IP addresses and subnets 43-17
MAC addresses and VLANs 43-16
multicast traffic 43-16
multiple devices on a port 43-17
unicast traffic 43-16
usage guidelines 43-16
Layer 3 features 1-10
Layer 3 interfaces
assigning IP addresses to 35-7
assigning IPv4 and IPv6 addresses to 36-13
assigning IPv6 addresses to 36-12
changing from Layer 2 mode 35-7
types of 35-5
Layer 3 packets, classification methods 33-2
LDAP 4-2
LEDs, switch
See hardware installation guide
lightweight directory access protocol
line configuration mode 2-3
Link Aggregation Control Protocol
Link Failure
detecting unidirectional 19-8
link local unicast addresses 36-3
link redundancy
links, unidirectional 27-1
link state advertisements (LSAs) 35-30
link-state protocols 35-3
load balancing 39-3
local SPAN 28-2
logging messages, ACL 32-9
login authentication
with RADIUS 9-23
with TACACS+ 9-14
login banners 7-17
log messages
Long-Reach Ethernet (LRE) technology 1-16, 1-24
loop guard
described 20-11
enabling 20-18
support for 1-7
LRE profiles, considerations in switch clusters 6-17
M
MAC addresses
aging time 7-21
and VLAN association 7-20
building the address table 7-20
default configuration 7-21
discovering 7-27
displaying 7-27
displaying in the IP source binding table 22-18
dynamic
learning 7-20
removing 7-22
in ACLs 32-27
IP address association 35-9
static
adding 7-25
allowing 7-26
characteristics of 7-24
dropping 7-26
removing 7-25
MAC address notification, support for 1-11
MAC address-table move update
configuration guidelines 21-4
configuring 21-5
default configuration 21-4
description 21-2
monitoring 21-7
MAC address-to-VLAN mapping 13-28
MAC extended access lists
applying to Layer 2 interfaces 32-29
configuring for QoS 33-45
creating 32-27
defined 32-27
for QoS classification 33-5
macros
magic packet 10-12
manageability features 1-5
management access
in-band
browser session 1-6
CLI session 1-6
device manager 1-6
SNMP 1-6
out-of-band console port connection 1-6
management options
CLI 2-1
clustering 1-3
CNS 4-1
Network Assistant 1-2
overview 1-5
switch stacks 1-3
management VLAN
considerations in switch clusters 6-8
discovery through different management VLANs 6-8
mapping tables for QoS
configuring
CoS-to-DSCP 33-60
DSCP 33-60
DSCP-to-CoS 33-63
DSCP-to-DSCP-mutation 33-64
IP-precedence-to-DSCP 33-61
policed-DSCP 33-62
described 33-12
marking
action in policy map 33-48
action with aggregate policers 33-58
matching
IPv6 ACLs 38-3
matching, IPv4 ACLs 32-8
maximum aging time
MSTP 19-24
STP 18-23
maximum hop count, MSTP 19-24
maximum-paths command 35-50, 35-75
membership mode, VLAN port 13-3
member switch
automatic discovery 6-5
defined 6-2
managing 6-18
passwords 6-14
recovering from lost connectivity 43-12
requirements 6-4
See also candidate switch, cluster standby group, and standby command switch
messages
to users through banners 7-17
messages, to users through banners 7-17
metrics, in BGP 35-50
metric translations, between routing protocols 35-81
metro tags 17-2
MHSRP 39-3
MIBs
accessing files with FTP A-3
location of files A-3
overview 31-1
SNMP interaction with 31-4
supported A-1
mini-point-of-presence
mirroring traffic for analysis 28-1
mismatches, autonegotiation 43-12
module number 11-11
monitoring
access groups 32-41
BGP 35-62
cables for unidirectional links 27-1
CDP 26-5
CEF 35-74
EIGRP 35-41
fallback bridging 42-11
features 1-11
Flex Links 21-7
HSRP 39-11
IEEE 802.1Q tunneling 17-18
monitoring (continued)IGMP
filters 24-29
interfaces 11-28
IP
address tables 35-18
multicast routing 40-49
routes 35-87
IPv4 ACL configuration 32-41
IPv6 36-22
IPv6 ACL configuration 38-9
Layer 2 protocol tunneling 17-18
MAC address-table move update 21-7
MSDP peers 41-19
multicast router interfaces 24-17, 37-12
multi-VRF CE 35-73
MVR 24-24
network traffic for analysis with probe 28-2
OSPF 35-34
port
blocking 25-17
protection 25-17
private VLANs 16-15
RP mapping information 40-23
source-active messages 41-19
speed and duplex mode 11-19
traffic flowing among switches 29-1
traffic suppression 25-17
tunneling 17-18
VLAN
filters 32-42
maps 32-42
VLANs 13-16
VMPS 13-32
VTP 14-16
MSDP
benefits of 41-3
clearing MSDP connections and statistics 41-19
controlling source information
forwarded by switch 41-12
originated by switch 41-9
received by switch 41-14
default configuration 41-4
dense-mode regions
sending SA messages to 41-17
specifying the originating address 41-18
filtering
incoming SA messages 41-14
SA messages to a peer 41-12
SA requests from a peer 41-11
join latency, defined 41-6
meshed groups
configuring 41-16
defined 41-16
originating address, changing 41-18
overview 41-1
peer-RPF flooding 41-2
peers
configuring a default 41-4
monitoring 41-19
peering relationship, overview 41-1
requesting source information from 41-8
shutting down 41-16
source-active messages
caching 41-6
clearing cache entries 41-19
defined 41-2
filtering from a peer 41-11
filtering incoming 41-14
filtering to a peer 41-12
limiting data with TTL 41-14
monitoring 41-19
restricting advertised sources 41-9
support for 1-11
MSTP
boundary ports
configuration guidelines 19-16
described 19-6
BPDU filtering
described 20-3
enabling 20-14
BPDU guard
described 20-3
enabling 20-13
CIST, described 19-3
CIST root 19-5
configuration guidelines 19-15, 20-12
configuring
forward-delay time 19-23
hello time 19-22
link type for rapid convergence 19-24
maximum aging time 19-24
maximum hop count 19-24
MST region 19-16
neighbor type 19-25
path cost 19-21
port priority 19-19
root switch 19-17
secondary root switch 19-19
switch priority 19-22
CST
defined 19-3
operations between regions 19-4
default configuration 19-15
default optional feature configuration 20-12
displaying status 19-26
enabling the mode 19-16
EtherChannel guard
described 20-10
enabling 20-17
MSTP (continued)extended system ID
effects on root switch 19-17
effects on secondary root switch 19-19
unexpected behavior 19-18
IEEE 802.1s
implementation 19-6
port role naming change 19-7
terminology 19-5
instances supported 18-10
interface state, blocking to forwarding 20-2
interoperability and compatibility among modes 18-11
interoperability with IEEE 802.1D
described 19-9
restarting migration process 19-26
IST
defined 19-3
master 19-3
operations within a region 19-3
loop guard
described 20-11
enabling 20-18
mapping VLANs to MST instance 19-16
MST region
CIST 19-3
configuring 19-16
described 19-2
hop-count mechanism 19-5
IST 19-3
supported spanning-tree instances 19-2
optional features supported 1-7
overview 19-2
Port Fast
described 20-2
enabling 20-12
preventing root switch selection 20-10
root guard
described 20-10
enabling 20-17
MSTP (continued)root switch
configuring 19-18
effects of extended system ID 19-17
unexpected behavior 19-18
shutdown Port Fast-enabled port 20-3
stack changes, effects of 19-8
status, displaying 19-26
multicast groups
Immediate Leave 24-6
joining 24-3
leaving 24-5
multicast packets
ACLs on 32-40
blocking 25-7
multicast router interfaces, monitoring 24-17, 37-12
multicast router ports, adding 24-10, 37-8
Multicast Source Discovery Protocol
multicast storm 25-1
multicast storm-control command 25-4
multicast television application 24-19
multicast VLAN 24-18
Multicast VLAN Registration
Multiple HSRP
multiple VPN routing/forwarding in customer edge devices
multi-VRF CE
configuration example 35-69
configuration guidelines 35-66
configuring 35-65
default configuration 35-65
defined 35-63
displaying 35-73
monitoring 35-73
multi-VRF CE (continued)network components 35-65
packet-forwarding process 35-65
support for 1-10
MVR
and address aliasing 24-21
and IGMPv3 24-21
configuration guidelines 24-21
configuring interfaces 24-22
default configuration 24-20
described 24-18
example application 24-19
in the switch stack 24-20
modes 24-22
monitoring 24-24
multicast television application 24-19
setting global parameters 24-21
support for 1-4
N
named IPv4 ACLs 32-15
NameSpace Mapper
native VLAN
and IEEE 802.1Q tunneling 17-4
configuring 13-23
default 13-23
neighbor discovery/recovery, EIGRP 35-35
neighbors, BGP 35-56
Network Assistant
benefits 1-2
described 1-5
downloading image files 1-3
guide mode 1-3
management options 1-2
managing switch stacks 5-2, 5-16
requirements xliv
Network Assistant (continued)upgrading a switch B-19
wizards 1-3
network configuration examples
cost-effective wiring closet 1-17
high-performance wiring closet 1-17
increasing network performance 1-15
large network 1-22
long-distance, high-bandwidth transport 1-25
multidwelling network 1-24
providing network services 1-16
redundant Gigabit backbone 1-18
server aggregation and Linux server cluster 1-18
small to medium-sized network 1-20
network design
performance 1-15
services 1-16
network management
CDP 26-1
RMON 29-1
SNMP 31-1
Network Time Protocol
no commands 2-4
nonhierarchical policy maps
configuration guidelines 33-33
configuring 33-48
described 33-9
non-IP traffic filtering 32-27
nontrunking mode 13-18
normal-range VLANs 13-4
configuration guidelines 13-6
configuration modes 13-7
configuring 13-4
defined 13-1
no switchport command 11-4
note, described xliv
not-so-stubby areas
NSM 4-3
NSSA, OSPF 35-30
NTP
associations
authenticating 7-4
defined 7-2
enabling broadcast messages 7-6
peer 7-5
server 7-5
default configuration 7-4
displaying the configuration 7-11
overview 7-2
restricting access
creating an access group 7-8
disabling NTP services per interface 7-10
source IP address, configuring 7-10
stratum 7-2
support for 1-6
synchronizing devices 7-5
time
services 7-2
synchronizing 7-2
O
offline configuration for switch stacks 5-7
Open Shortest Path First
optimizing system resources 8-1
options, management 1-5
OSPF
area parameters, configuring 35-30
configuring 35-28
default configuration
metrics 35-31
route 35-31
settings 35-26
described 35-25
for IPv6 36-20
OSPF (continued)interface parameters, configuring 35-28
LSA group pacing 35-33
monitoring 35-34
router IDs 35-33
route summarization 35-31
support for 1-10
virtual links 35-31
out-of-profile markdown 1-10
P
packet modification, with QoS 33-20
PAgP
Layer 2 protocol tunneling 17-9
parallel paths, in routing tables 35-75
passive interfaces
configuring 35-84
OSPF 35-31
passwords
default configuration 9-2
disabling recovery of 9-5
encrypting 9-3
for security 1-8
in clusters 6-15
overview 9-1
recovery of 43-3
setting
enable 9-3
enable secret 9-3
Telnet 9-6
with usernames 9-6
VTP domain 14-8
path cost
MSTP 19-21
STP 18-20
path MTU discovery 36-4
PBR
defined 35-81
enabling 35-82
fast-switched policy-based routing 35-83
local policy-based routing 35-83
PC (passive command switch) 6-11
peers, BGP 35-56
performance, network design 1-15
performance features 1-4
persistent self-signed certificate 9-43
per-VLAN spanning-tree plus
PE to CE routing, configuring 35-68
physical ports 11-2
PIM
default configuration 40-9
dense mode
overview 40-4
rendezvous point (RP), described 40-4
RPF lookups 40-7
displaying neighbors 40-50
enabling a mode 40-12
overview 40-3
router-query message interval, modifying 40-26
shared tree and source tree, overview 40-23
shortest path tree, delaying the use of 40-25
sparse mode
join messages and shared tree 40-4
overview 40-4
prune messages 40-5
RPF lookups 40-7
support for 1-11
versions
interoperability 40-9
troubleshooting interoperability problems 40-23
v2 improvements 40-4
PIM-DVMRP, as snooping method 24-9
ping
character output description 43-15
executing 43-15
overview 43-14
PoE
auto mode 11-8
CDP with power consumption, described 11-7
CDP with power negotiation, described 11-7
Cisco intelligent power management 11-7
configuring 11-22
devices supported 11-6
high-power devices operating in low-power mode 11-7
IEEE power classification levels 11-7
power budgeting 11-23
power consumption 11-23
powered-device detection and initial power allocation 11-7
power management modes 11-8
power negotiation extensions to CDP 11-7
standards supported 11-7
static mode 11-9
supported watts per port 11-6
troubleshooting 43-13
policed-DSCP map for QoS 33-62
policers
configuring
for each matched traffic class 33-48
for more than one traffic class 33-58
described 33-4
displaying 33-78
number of 33-34
types of 33-9
policing
described 33-4
hierarchical
token-bucket algorithm 33-9
policy-based routing
policy maps for QoS
characteristics of 33-48
described 33-7
displaying 33-79
hierarchical 33-8
hierarchical on SVIs
configuration guidelines 33-33
configuring 33-52
described 33-11
nonhierarchical on physical ports
configuration guidelines 33-33
configuring 33-48
described 33-9
POP 1-24
port ACLs
defined 32-2
types of 32-3
Port Aggregation Protocol
port-based authentication
accounting 10-5
authentication server
defined 10-2
RADIUS server 10-2
client, defined 10-2
configuration guidelines 10-16
configuring
802.1x authentication 10-18
guest VLAN 10-26
host mode 10-25
inaccessible authentication bypass 10-29
manual re-authentication of a client 10-22
periodic re-authentication 10-21
quiet period 10-22
RADIUS server 10-20
RADIUS server parameters on the switch 10-19
restricted VLAN 10-27
switch-to-client frame-retransmission number 10-24
switch-to-client retransmission time 10-23
port-based authentication (continued)default configuration 10-15
described 10-1
device roles 10-2
displaying statistics 10-31
EAPOL-start frame 10-3
EAP-request/identity frame 10-3
EAP-response/identity frame 10-3
encapsulation 10-3
guest VLAN
configuration guidelines 10-10, 10-11
described 10-10
host mode 10-6
inaccessible authentication bypass
configuring 10-29
described 10-11
guidelines 10-17
initiation and message exchange 10-3
magic packet 10-12
method lists 10-18
multiple-hosts mode, described 10-6
per-user ACLs
AAA authorization 10-18
configuration tasks 10-14
described 10-13
RADIUS server attributes 10-13
ports
authorization state and dot1x port-control command 10-4
authorized and unauthorized 10-4
critical 10-11
voice VLAN 10-8
port security
and voice VLAN 10-8
described 10-7
interactions 10-7
multiple-hosts mode 10-7
resetting to default values 10-30
stack changes, effects of 10-14
port-based authentication (continued)statistics, displaying 10-31
switch
as proxy 10-3
RADIUS client 10-3
upgrading from a previous release 10-18, 33-26
VLAN assignment
AAA authorization 10-18
characteristics 10-9
configuration tasks 10-9
described 10-8
voice VLAN
described 10-8
PVID 10-8
VVID 10-8
wake-on-LAN, described 10-12
port-channel
Port Fast
described 20-2
enabling 20-12
mode, spanning tree 13-29
support for 1-7
port membership modes, VLAN 13-3
port priority
MSTP 19-19
STP 18-18
ports
10-Gigabit Ethernet module 11-6
access 11-3
blocking 25-6
dynamic access 13-3
IEEE 802.1Q tunnel 13-4
protected 25-5
routed 11-4
secure 25-7
switch 11-2
ports (continued)VLAN assignments 13-11
port security
aging 25-15
and QoS trusted boundary 33-38
and stacking 25-16
configuring 25-12
default configuration 25-10
described 25-7
displaying 25-17
on trunk ports 25-13
sticky learning 25-8
violations 25-9
with other features 25-10
port-shutdown response, VMPS 13-28
Power over Ethernet
preferential treatment of traffic
prefix lists, BGP 35-54
preventing unauthorized access 9-1
primary links 21-2
priority
HSRP 39-7
overriding CoS 15-6
trusting CoS 15-6
private VLAN edge ports
private VLANs
across multiple switches 16-4
and SDM template 16-4
and SVIs 16-5
and switch stacks 16-6
benefits of 16-1
community ports 16-2
configuration guidelines 16-7, 16-8
private VLANs (continued)configuration tasks 16-6
configuring 16-10
default configuration 16-7
end station access to 16-3
IP addressing 16-3
isolated port 16-2
mapping 16-14
monitoring 16-15
ports
community 16-2
configuration guidelines 16-8
configuring host ports 16-12
configuring promiscuous ports 16-13
described 13-4
isolated 16-2
promiscuous 16-2
promiscuous ports 16-2
secondary VLANs 16-2
subdomains 16-1
traffic in 16-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 9-9
command switch 6-18
exiting 9-9
logging into 9-9
mapping on member switches 6-18
setting a command with 9-8
promiscuous ports
configuring 16-13
defined 16-2
protocol-dependent modules, EIGRP 35-35
Protocol-Independent Multicast Protocol
provider edge devices 35-64
provisioning new members for a switch stack 5-7
proxy ARP
configuring 35-12
definition 35-10
with IP routing disabled 35-12
pruning, VTP
disabling
in VTP domain 14-14
on a port 13-23
enabling
in VTP domain 14-14
on a port 13-22
examples 14-5
overview 14-4
pruning-eligible list
changing 13-22
for VTP pruning 14-5
VLANs 14-14
PVST+
described 18-10
IEEE 802.1Q trunking interoperability 18-11
instances supported 18-10
Q
QoS
and MQC commands 33-1
auto-QoS
categorizing traffic 33-21
configuration and defaults display 33-30
configuration guidelines 33-25
described 33-20
disabling 33-27
displaying generated commands 33-27
displaying the initial configuration 33-30
effects on running configuration 33-25
egress queue defaults 33-21
enabling for VoIP 33-26
example configuration 33-28
ingress queue defaults 33-21
list of generated commands 33-22
basic model 33-4
classification
class maps, described 33-7
defined 33-4
DSCP transparency, described 33-39
flowchart 33-6
forwarding treatment 33-3
in frames and packets 33-3
MAC ACLs, described 33-5, 33-7
options for IP traffic 33-5
options for non-IP traffic 33-5
policy maps, described 33-7
trust DSCP, described 33-5
trusted CoS, described 33-5
trust IP precedence, described 33-5
class maps
configuring 33-46
displaying 33-78
QoS (continued)configuration guidelines
auto-QoS 33-25
standard QoS 33-33
configuring
aggregate policers 33-58
auto-QoS 33-20
default port CoS value 33-37
DSCP maps 33-60
DSCP transparency 33-39
DSCP trust states bordering another domain 33-40
egress queue characteristics 33-70
ingress queue characteristics 33-66
IP extended ACLs 33-44
IP standard ACLs 33-43
MAC ACLs 33-45
policy maps, hierarchical 33-52
policy maps on physical ports 33-48
port trust states within the domain 33-36
trusted boundary 33-38
default auto configuration 33-21
default standard configuration 33-31
displaying statistics 33-78
DSCP transparency 33-39
egress queues
allocating buffer space 33-71
buffer allocation scheme, described 33-18
configuring shaped weights for SRR 33-75
configuring shared weights for SRR 33-76
described 33-4
displaying the threshold map 33-74
flowchart 33-17
mapping DSCP or CoS values 33-73
scheduling, described 33-4
setting WTD thresholds 33-71
WTD, described 33-19
enabling globally 33-35
QoS (continued)flowcharts
classification 33-6
egress queueing and scheduling 33-17
ingress queueing and scheduling 33-15
policing and marking 33-10
implicit deny 33-7
ingress queues
allocating bandwidth 33-68
allocating buffer space 33-68
buffer and bandwidth allocation, described 33-16
configuring shared weights for SRR 33-68
configuring the priority queue 33-69
described 33-4
displaying the threshold map 33-67
flowchart 33-15
mapping DSCP or CoS values 33-67
priority queue, described 33-16
scheduling, described 33-4
setting WTD thresholds 33-67
WTD, described 33-16
IP phones
automatic classification and queueing 33-20
detection and trusted settings 33-20, 33-38
limiting bandwidth on egress interface 33-77
mapping tables
CoS-to-DSCP 33-60
displaying 33-78
DSCP-to-CoS 33-63
DSCP-to-DSCP-mutation 33-64
IP-precedence-to-DSCP 33-61
policed-DSCP 33-62
types of 33-12
marked-down actions 33-50, 33-55
overview 33-2
packet modification 33-20
QoS (continued)policers
configuring 33-50, 33-55, 33-58
described 33-8
displaying 33-78
number of 33-34
types of 33-9
policies, attaching to an interface 33-8
policing
token bucket algorithm 33-9
policy maps
characteristics of 33-48
displaying 33-79
hierarchical 33-8
hierarchical on SVIs 33-52
nonhierarchical on physical ports 33-48
QoS label, defined 33-4
queues
configuring egress characteristics 33-70
configuring ingress characteristics 33-66
high priority (expedite) 33-19, 33-77
location of 33-13
SRR, described 33-14
WTD, described 33-13
rewrites 33-20
support for 1-9
trust states
bordering another domain 33-40
described 33-5
trusted device 33-38
within the domain 33-36
quality of service
queries, IGMP 24-4
query solicitation, IGMP 24-13
R
RADIUS
attributes
vendor-proprietary 9-30
vendor-specific 9-29
configuring
accounting 9-28
authentication 9-23
authorization 9-27
communication, global 9-21, 9-29
communication, per-server 9-20, 9-21
multiple UDP ports 9-21
default configuration 9-20
defining AAA server groups 9-25
displaying the configuration 9-31
identifying the server 9-20
in clusters 6-17
limiting the services to the user 9-27
method list, defined 9-20
operation of 9-19
overview 9-17
suggested network environments 9-18
support for 1-9
tracking services accessed by user 9-28
range
macro 11-14
of interfaces 11-13
rapid convergence 19-10
rapid per-VLAN spanning-tree plus
rapid PVST+
described 18-10
IEEE 802.1Q trunking interoperability 18-11
instances supported 18-10
Rapid Spanning Tree Protocol
RARP 35-10
rcommand command 6-18
RCP
configuration files
downloading B-17
overview B-15
preparing the server B-16
uploading B-18
image files
deleting old image B-32
downloading B-31
preparing the server B-29
uploading B-32
reconfirmation interval, VMPS, changing 13-31
reconfirming dynamic VLAN membership 13-31
recovery procedures 43-1
redundancy
EtherChannel 34-3
HSRP 39-1
STP
backbone 18-9
multidrop backbone 20-5
path cost 13-26
port priority 13-24
redundant links and UplinkFast 20-15
reliable transport protocol, EIGRP 35-35
reloading software 3-17
Remote Authentication Dial-In User Service
Remote Copy Protocol
Remote Network Monitoring
Remote SPAN
remote SPAN 28-3
report suppression, IGMP
described 24-6
requirements
cluster xlv
device manager xliv
Network Assistant xliv
resequencing ACL entries 32-15
resets, in BGP 35-49
resetting a UDLD-shutdown interface 27-6
restricted VLAN
configuring 10-27
described 10-10
using with IEEE 802.1x 10-10
restricting access
NTP services 7-8
overview 9-1
passwords and privilege levels 9-2
RADIUS 9-17
TACACS+ 9-10
retry count, VMPS, changing 13-32
reverse address resolution 35-9
Reverse Address Resolution Protocol
RFC
1058, RIP 35-20
1112, IP multicast and IGMP 24-2
1157, SNMPv1 31-2
1163, BGP 35-41
1166, IP addresses 35-6
1253, OSPF 35-25
1267, BGP 35-41
1305, NTP 7-2
1587, NSSAs 35-25
1757, RMON 29-2
1771, BGP 35-41
1901, SNMPv2C 31-2
1902 to 1907, SNMPv2 31-2
2236, IP multicast and IGMP 24-2
2273-2275, SNMPv3 31-2
RIP
advertisements 35-20
authentication 35-23
configuring 35-21
default configuration 35-21
described 35-20
for IPv6 36-18
hop counts 35-20
split horizon 35-23
summary addresses 35-23
support for 1-10
RMON
default configuration 29-3
displaying status 29-6
enabling alarms and events 29-3
groups supported 29-2
overview 29-1
statistics
collecting group Ethernet 29-5
collecting group history 29-5
support for 1-12
root guard
described 20-10
enabling 20-17
support for 1-7
root switch
MSTP 19-17
STP 18-16
route calculation timers, OSPF 35-31
route dampening, BGP 35-61
routed packets, ACLs on 32-40
routed ports
configuring 35-5
defined 11-4
in switch clusters 6-9
route-map command 35-83
route maps
BGP 35-52
policy-based routing 35-81
router ACLs
defined 32-2
types of 32-4
route reflectors, BGP 35-59
router ID, OSPF 35-33
route selection, BGP 35-50
route summarization, OSPF 35-31
route targets, VPN 35-65
routing
default 35-3
dynamic 35-3
redistribution of information 35-78
static 35-3
routing domain confederation, BGP 35-59
Routing Information Protocol
routing protocol administrative distances 35-76
RSPAN 28-3
and stack changes 28-10
characteristics 28-9
configuration guidelines 28-17
default configuration 28-11
destination ports 28-8
displaying status 28-25
in a switch stack 28-2
interaction with other features 28-9
monitored ports 28-6
monitoring ports 28-8
received traffic 28-5
session limits 28-11
RSPAN (continued) 28-3sessions
creating 28-18
defined 28-4
limiting source traffic to specific VLANs 28-24
specifying monitored ports 28-18
with ingress traffic enabled 28-22
source ports 28-6
transmitted traffic 28-6
VLAN-based 28-7
RSTP
active topology 19-10
BPDU
format 19-12
processing 19-13
designated port, defined 19-9
designated switch, defined 19-9
interoperability with IEEE 802.1D
described 19-9
restarting migration process 19-26
topology changes 19-13
overview 19-9
port roles
described 19-9
synchronized 19-11
proposal-agreement handshake process 19-10
rapid convergence
cross-stack rapid convergence 19-11
described 19-10
edge ports and Port Fast 19-10
point-to-point links 19-10, 19-24
root ports 19-10
root port, defined 19-9
running configuration, saving 3-11
S
SC (standby command switch) 6-11
scheduled reloads 3-17
SDM
described 8-1
switch stack consideration 5-10
templates
configuring 8-6
number of 8-1
SDM template
aggregator 8-1
configuration guidelines 8-5
configuring 8-5
desktop 8-1
dual IPv4 and IPv6 8-2
types of 8-1
secondary VLANs 16-2
secure HTTP client
configuring 9-47
displaying 9-48
secure HTTP server
configuring 9-46
displaying 9-48
secure MAC addresses
and switch stacks 25-17
deleting 25-14
maximum number of 25-9
types of 25-8
secure ports
and switch stacks 25-16
configuring 25-7
secure remote connections 9-38
Secure Socket Layer
security, port 25-7
security features 1-8
sequence numbers in log messages 30-8
server mode, VTP 14-3
service-provider network, MSTP and RSTP 19-1
service-provider networks
and customer VLANs 17-2
and IEEE 802.1Q tunneling 17-1
Layer 2 protocols across 17-8
Layer 2 protocol tunneling for EtherChannels 17-9
set-request operation 31-5
setup program
failed command switch replacement 43-11
replacing failed command switch 43-9
severity levels, defining in system messages 30-9
SFPs
monitoring status of 11-29, 43-14
numbering of 11-11
security and identification 43-13
status, displaying 43-14
shaped round robin
show access-lists hw-summary command 32-22
show and more command output, filtering 2-10
show cdp traffic command 26-5
show cluster members command 6-18
show configuration command 11-24
show forward command 43-22
show interfaces command 11-19, 11-24
show l2protocol command 17-13, 17-15, 17-16
show platform forward command 43-22
show running-config command
displaying ACLs 32-20, 32-21, 32-32, 32-34
interface description in 11-24
shutdown command on interfaces 11-30
shutdown threshold for Layer 2 protocol packets 17-11
Simple Network Management Protocol
small form-factor pluggable modules
Smartports macros
applying Cisco-default macros 12-6
applying global parameter values 12-5, 12-6
applying macros 12-5
applying parameter values 12-5, 12-7
configuration guidelines 12-3
creating 12-4
default configuration 12-2
defined 12-1
displaying 12-8
tracing 12-3
website 12-2
SNAP 26-1
SNMP
accessing MIB variables with 31-4
agent
described 31-4
disabling 31-8
authentication level 31-11
community strings
configuring 31-8
for cluster switches 31-4
overview 31-4
configuration examples 31-16
default configuration 31-7
engine ID 31-7
host 31-7
ifIndex values 31-6
in-band management 1-6
in clusters 6-15
informs
and trap keyword 31-12
described 31-5
differences from traps 31-5
disabling 31-15
enabling 31-15
limiting access by TFTP servers 31-16
limiting system log messages to NMS 30-10
SNMP (continued)managing clusters with 6-19
MIBs
location of A-3
supported A-1
notifications 31-5
security levels 31-3
status, displaying 31-17
system contact and location 31-15
trap manager, configuring 31-14
traps
differences from informs 31-5
disabling 31-15
enabling 31-12
enabling MAC address notification 7-22
types of 31-12
versions supported 31-2
SNMPv1 31-2
SNMPv2C 31-2
SNMPv3 31-2
snooping, IGMP 24-2
software compatibility
software images
location in flash B-20
recovery procedures 43-2
scheduling reloads 3-17
tar file format, described B-20
See also downloading and uploading
source addresses
in IPv6 ACLs 38-6
source addresses, in IPv4 ACLs 32-12
source-and-destination-IP address based forwarding, EtherChannel 34-9
source-and-destination MAC address forwarding, EtherChannel 34-9
source-IP address based forwarding, EtherChannel 34-9
source-MAC address forwarding, EtherChannel 34-8
SPAN
and stack changes 28-10
configuration guidelines 28-11
default configuration 28-11
destination ports 28-8
displaying status 28-25
interaction with other features 28-9
monitored ports 28-6
monitoring ports 28-8
ports, restrictions 25-11
received traffic 28-5
session limits 28-11
sessions
configuring ingress forwarding 28-16, 28-23
creating 28-12
defined 28-4
limiting source traffic to specific VLANs 28-16
removing destination (monitoring) ports 28-14
specifying monitored ports 28-12
with ingress traffic enabled 28-15
source ports 28-6
transmitted traffic 28-6
VLAN-based 28-7
spanning tree and native VLANs 13-19
Spanning Tree Protocol
SPAN traffic 28-5
split horizon, RIP 35-23
SRR
configuring
shaped weights on egress queues 33-75
shared weights on egress queues 33-76
shared weights on ingress queues 33-68
described 33-14
shaped mode 33-14
shared mode 33-14
support for 1-10
SSH
configuring 9-39
cryptographic software image 9-37
encryption methods 9-38
switch stack considerations 5-16, 9-38
user authentication methods, supported 9-38
SSL
configuration guidelines 9-44
configuring a secure HTTP client 9-47
configuring a secure HTTP server 9-46
cryptographic software image 9-42
described 9-42
monitoring 9-48
stack, switch
MAC address of 5-20
stack changes
effects on
IPv6 routing 36-8
stack changes, effects on
802.1x port-based authentication 10-14
ACL configuration 32-7
CDP 26-2
cross-stack EtherChannel 34-13
EtherChannel 34-10
fallback bridging 42-3
HSRP 39-4
IGMP snooping 24-7
IP routing 35-4
IPv6 ACLs 38-3
stack changes, effects on (continued)MAC address tables 7-21
MSTP 19-8
multicast routing 40-8
MVR 24-18
port security 25-16
SDM template selection 8-4
SNMP 31-1
SPAN and RSPAN 28-10
STP 18-12
switch clusters 6-16
system message log 30-2
VLANs 13-6
VTP 14-6
stack master
bridge ID (MAC address) 5-6
defined 5-1
election 5-4
IPv6 36-8
re-election 5-4
stack member
accessing CLI of specific member 5-23
configuring
member number 5-21
priority value 5-21
defined 5-1
displaying information of 5-23
IPv6 36-8
number 5-6
priority value 5-7
provisioning a new member 5-22
replacing 5-15
stack member number 11-11
stack protocol version 5-10
stacks, switch
accessing CLI of specific member 5-23
assigning information
member number 5-21
priority value 5-21
provisioning a new member 5-22
auto-advise 5-12
auto-copy 5-11
auto-upgrade 5-11
benefits 1-2
bridge ID 5-6
CDP considerations 26-2
compatibility, software 5-10
configuration file 5-14
configuration scenarios 5-17
copying an image file from one member to another B-33
default configuration 5-19
description of 5-1
displaying information of 5-23
enabling persistent MAC address timer 5-20
hardware compatibility and SDM mismatch mode 5-10
HSRP considerations 39-4
in clusters 6-16
incompatible software and image upgrades 5-14, B-33
IPv6 on 36-7
MAC address considerations 7-21
management connectivity 5-16
managing 5-1
membership 5-3
merged 5-3
MSTP instances supported 18-10
multicast routing, stack master and member roles 40-8
stacks, switch (continued)offline configuration
described 5-7
effects of adding a provisioned switch 5-8
effects of removing a provisioned switch 5-9
effects of replacing a provisioned switch 5-9
provisioned configuration, defined 5-7
provisioned switch, defined 5-7
provisioning a new member 5-22
provisioned switch
adding 5-8
removing 5-9
replacing 5-9
replacing a failed member 5-15
software compatibility 5-10
software image version 5-10
stack protocol version 5-10
STP
bridge ID 18-3
instances supported 18-10
root port selection 18-3
stack root switch election 18-3
system messages
hostnames in the display 30-1
remotely monitoring 30-2
system prompt consideration 7-14
system-wide configuration considerations 5-15
upgrading B-33
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 5-11
described 5-11
examples 5-12
manual upgrades with auto-advise 5-12
See also stack master and stack member
StackWise technology, Cisco 1-3
standby command switch
considerations 6-12
defined 6-2
priority 6-11
requirements 6-3
virtual IP address 6-12
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby ip command 39-5
standby links 21-2
standby router 39-1
standby timers, HSRP 39-9
startup configuration
booting
manually 3-14
specific image 3-14
clearing B-19
configuration file
automatically downloading 3-13
specifying the filename 3-13
default boot configuration 3-13
stateless autoconfiguration 36-5
static access ports
assigning to VLAN 13-11
static addresses
static IP routing 1-10
static MAC addressing 1-8
static routes
configuring 35-75
configuring for IPv6 36-16
static routing 35-3
static VLAN membership 13-2
statistics
802.1x 10-31
CDP 26-5
interface 11-29
IP multicast routing 40-50
OSPF 35-34
QoS ingress and egress 33-78
RMON group Ethernet 29-5
RMON group history 29-5
SNMP input and output 31-17
VTP 14-16
sticky learning 25-8
storm control
configuring 25-3
described 25-1
disabling 25-5
displaying 25-17
support for 1-4
thresholds 25-1
STP
accelerating root port selection 20-4
BackboneFast
described 20-7
disabling 20-17
enabling 20-16
BPDU filtering
described 20-3
disabling 20-15
enabling 20-14
BPDU guard
described 20-3
disabling 20-14
enabling 20-13
BPDU message exchange 18-3
configuration guidelines 18-13, 20-12
STP (continued)configuring
forward-delay time 18-23
hello time 18-22
maximum aging time 18-23
path cost 18-20
port priority 18-18
root switch 18-16
secondary root switch 18-18
spanning-tree mode 18-15
switch priority 18-21
counters, clearing 18-24
cross-stack UplinkFast
described 20-5
enabling 20-16
default configuration 18-13
default optional feature configuration 20-12
designated port, defined 18-4
designated switch, defined 18-4
detecting indirect link failures 20-8
disabling 18-16
displaying status 18-24
EtherChannel guard
described 20-10
disabling 20-17
enabling 20-17
extended system ID
effects on root switch 18-16
effects on the secondary root switch 18-18
overview 18-4
unexpected behavior 18-16
features supported 1-6
IEEE 802.1D and bridge ID 18-4
IEEE 802.1D and multicast addresses 18-9
IEEE 802.1t and VLAN identifier 18-5
inferior BPDU 18-3
instances supported 18-10
interface state, blocking to forwarding 20-2
STP (continued)interface states
blocking 18-7
disabled 18-8
learning 18-7
listening 18-7
overview 18-5
interoperability and compatibility among modes 18-11
keepalive messages 18-2
Layer 2 protocol tunneling 17-8
limitations with IEEE 802.1Q trunks 18-11
load sharing
overview 13-24
using path costs 13-26
using port priorities 13-24
loop guard
described 20-11
enabling 20-18
modes supported 18-10
multicast addresses, effect of 18-9
optional features supported 1-7
overview 18-2
Port Fast
described 20-2
enabling 20-12
port priorities 13-25
preventing root switch selection 20-10
protocols supported 18-10
redundant connectivity 18-9
root guard
described 20-10
enabling 20-17
root port, defined 18-3
root port selection on a switch stack 18-3
STP (continued)root switch
configuring 18-16
effects of extended system ID 18-4, 18-16
election 18-3
unexpected behavior 18-16
shutdown Port Fast-enabled port 20-3
stack changes, effects of 18-12
status, displaying 18-24
superior BPDU 18-3
timers, described 18-22
UplinkFast
described 20-4
enabling 20-15
VLAN-bridge 18-11
stratum, NTP 7-2
stub areas, OSPF 35-30
subdomains, private VLAN 16-1
subnet mask 35-7
subnet zero 35-7
success response, VMPS 13-28
summer time 7-13
SunNet Manager 1-5
supernet 35-8
SVIs
and IP unicast routing 35-5
and router ACLs 32-4
connecting VLANs 11-9
defined 11-5
routing between VLANs 13-2
switch clustering technology 6-1
switch console port 1-6
Switch Database Management
switched packets, ACLs on 32-38
Switched Port Analyzer
switched ports 11-2
switchport block multicast command 25-7
switchport block unicast command 25-7
switchport command 11-16
switchport mode dot1q-tunnel command 17-6
switchport protected command 25-6
switch priority
MSTP 19-22
STP 18-21
switch software features 1-1
switch virtual interface
synchronization, BGP 35-46
syslog
system clock
configuring
daylight saving time 7-13
manually 7-11
summer time 7-13
time zones 7-12
displaying the time and date 7-12
overview 7-1
system message logging
default configuration 30-4
defining error message severity levels 30-9
disabling 30-4
displaying the configuration 30-13
enabling 30-5
facility keywords, described 30-13
level keywords, described 30-10
limiting messages 30-10
message format 30-2
overview 30-1
sequence numbers, enabling and disabling 30-8
setting the display destination device 30-5
stack changes, effects of 30-2
synchronizing log messages 30-6
syslog facility 1-12
system message logging (continued)time stamps, enabling and disabling 30-8
UNIX syslog servers
configuring the daemon 30-12
configuring the logging facility 30-12
facilities supported 30-13
system MTU and IEEE 802.1Q tunneling 17-5
system name
default configuration 7-15
default setting 7-15
manual configuration 7-15
system prompt, default setting 7-14, 7-15
system resources, optimizing 8-1
T
TACACS+
accounting, defined 9-11
authentication, defined 9-11
authorization, defined 9-11
configuring
accounting 9-16
authentication key 9-13
authorization 9-16
login authentication 9-14
default configuration 9-13
displaying the configuration 9-17
identifying the server 9-13
in clusters 6-17
limiting the services to the user 9-16
operation of 9-12
overview 9-10
support for 1-9
tracking services accessed by user 9-16
tagged packets
IEEE 802.1Q 17-3
Layer 2 protocol 17-8
tar files
creating B-6
displaying the contents of B-7
extracting B-7
image file format B-20
TDR 1-12
Telnet
accessing management interfaces 2-11
number of connections 1-6
setting a password 9-6
templates, SDM 8-2
temporary self-signed certificate 9-43
Terminal Access Controller Access Control System Plus
terminal lines, setting a password 9-6
TFTP
configuration files
downloading B-11
preparing the server B-10
uploading B-12
configuration files in base directory 3-6
configuring for autoconfiguration 3-6
image files
deleting B-23
downloading B-22
preparing the server B-22
uploading B-24
limiting access by servers 31-16
TFTP server 1-5
threshold, traffic level 25-2
time
Time Domain Reflector
time-range command 32-17
time ranges in ACLs 32-17
time stamps in log messages 30-8
time zones 7-12
Token Ring VLANs
support for 13-6
VTP support 14-4
ToS 1-9
traceroute, Layer 2
and ARP 43-17
and CDP 43-16
broadcast traffic 43-16
described 43-16
IP addresses and subnets 43-17
MAC addresses and VLANs 43-16
multicast traffic 43-16
multiple devices on a port 43-17
unicast traffic 43-16
usage guidelines 43-16
traceroute command 43-18
traffic
blocking flooded 25-7
fragmented 32-5
fragmented IPv6 38-2
unfragmented 32-5
traffic policing 1-9
traffic suppression 25-1
transmit hold-count
transparent mode, VTP 14-3, 14-12
trap-door mechanism 3-2
traps
configuring MAC address notification 7-22
configuring managers 31-12
defined 31-3
notification types 31-12
troubleshooting
connectivity problems 43-14, 43-16, 43-17
detecting unidirectional links 27-1
displaying crash information 43-24
PIMv1 and PIMv2 interoperability problems 40-23
setting packet forwarding 43-22
SFP security and identification 43-13
show forward command 43-22
with CiscoWorks 31-4
with debug commands 43-20
with ping 43-14
with system message logging 30-1
with traceroute 43-17
trunking encapsulation 1-7
trunk ports
configuring 13-20
encapsulation 13-20, 13-25, 13-27
trunks
allowed-VLAN list 13-21
configuring 13-20, 13-25, 13-27
ISL 13-16
load sharing
setting STP path costs 13-26
using STP port priorities 13-24, 13-25
native VLAN for untagged traffic 13-23
parallel 13-26
pruning-eligible list 13-22
to non-DTP device 13-17
trusted boundary for QoS 33-38
trusted port states
between QoS domains 33-40
classification options 33-5
ensuring port security for IP phones 33-38
support for 1-9
within a QoS domain 33-36
trustpoints, CA 9-42
tunneling
defined 17-1
IEEE 802.1Q 17-1
Layer 2 protocol 17-8
tunnel ports
defined 13-4
IEEE 802.1Q, configuring 17-6
incompatibilities with other features 17-6
twisted-pair Ethernet, detecting unidirectional links 27-1
type of service
U
UDLD
configuration guidelines 27-4
default configuration 27-4
disabling
globally 27-5
on fiber-optic interfaces 27-5
per interface 27-6
echoing detection mechanism 27-3
enabling
globally 27-5
per interface 27-6
Layer 2 protocol tunneling 17-10
link-detection mechanism 27-1
neighbor database 27-2
overview 27-1
resetting an interface 27-6
status, displaying 27-7
support for 1-6
UDP, configuring 35-16
unauthorized ports with IEEE 802.1x 10-4
unicast MAC address filtering 1-5
and adding static addresses 7-26
and broadcast MAC addresses 7-25
and CPU packets 7-25
and multicast addresses 7-25
and router MAC addresses 7-25
configuration guidelines 7-25
described 7-25
unicast storm 25-1
unicast storm control command 25-4
unicast traffic, blocking 25-7
UniDirectional Link Detection protocol
UNIX syslog servers
daemon configuration 30-12
facilities supported 30-13
message logging configuration 30-12
unrecognized Type-Length-Value (TLV) support 14-4
upgrading information
upgrading software images
UplinkFast
described 20-4
disabling 20-16
enabling 20-15
support for 1-7
uploading
configuration files
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
uploading (continued)image files
reasons for B-19
using FTP B-28
using RCP B-32
using TFTP B-24
User Datagram Protocol
user EXEC mode 2-2
username-based authentication 9-6
V
version-dependent transparent mode 14-4
version-mismatch (VM) mode
automatic upgrades with auto-upgrade 5-11
described 5-11
displaying 5-11
manual upgrades with auto-advise 5-12
virtual IP address
cluster standby group 6-12
command switch 6-12
Virtual Private Network
vlan.dat file 13-5
VLAN 1, disabling on a trunk port 13-22
VLAN 1 minimization 13-21
VLAN ACLs
vlan-assignment response, VMPS 13-28
VLAN configuration
at bootup 13-8
saving 13-8
VLAN configuration mode 2-2, 13-7
VLAN database
and startup configuration file 13-8
and VTP 14-1
VLAN configuration saved in 13-7
VLANs saved in 13-4
vlan database command 13-7
vlan dot1q tag native command 17-5
VLAN filtering and SPAN 28-7
vlan global configuration command 13-7
VLAN ID, discovering 7-27
VLAN management domain 14-2
VLAN Management Policy Server
VLAN map entries, order of 32-31
VLAN maps
applying 32-34
common uses for 32-35
configuration guidelines 32-31
configuring 32-30
creating 32-32
defined 32-2
denying access to a server example 32-36
denying and permitting packets 32-32
displaying 32-42
examples of ACLs and VLAN maps 32-32
removing 32-34
support for 1-8
wiring closet configuration example 32-35
VLAN membership
confirming 13-31
modes 13-3
VLAN Query Protocol
VLANs
adding 13-9
adding to VLAN database 13-9
aging dynamic addresses 18-10
allowed on trunk 13-21
and spanning-tree instances 13-3, 13-6, 13-13
configuration guidelines, extended-range VLANs 13-13
configuration guidelines, normal-range VLANs 13-6
configuration options 13-7
configuring 13-1
configuring IDs 1006 to 4094 13-13
connecting through SVIs 11-9
creating in config-vlan mode 13-9
creating in VLAN configuration mode 13-10
customer numbering in service-provider networks 17-3
default configuration 13-8
deleting 13-10
displaying 13-16
features 1-7
illustrated 13-2
internal 13-13
in the switch stack 13-6
limiting source traffic with RSPAN 28-24
limiting source traffic with SPAN 28-16
modifying 13-9
multicast 24-18
native, configuring 13-23
number supported 1-7
parameters 13-5
port membership modes 13-3
static-access ports 13-11
STP and IEEE 802.1Q trunks 18-11
supported 13-2
Token Ring 13-6
traffic between 13-2
VLANs (continued)VTP modes 14-3
VLAN Trunking Protocol
VLAN trunks 13-16
VMPS
administering 13-32
configuration example 13-33
configuration guidelines 13-29
default configuration 13-29
description 13-28
dynamic port membership
described 13-29
reconfirming 13-31
troubleshooting 13-33
entering server address 13-30
mapping MAC addresses to VLANs 13-28
monitoring 13-32
reconfirmation interval, changing 13-31
reconfirming membership 13-31
retry count, changing 13-32
voice-over-IP 15-1
voice VLAN
Cisco 7960 phone, port connections 15-1
configuration guidelines 15-3
configuring IP phones for data traffic
override CoS of incoming frame 15-6
trust CoS priority of incoming frame 15-6
configuring ports for voice traffic in
802.1p priority tagged frames 15-5
802.1Q frames 15-5
connecting to an IP phone 15-4
default configuration 15-3
described 15-1
displaying 15-6
IP phone data traffic, described 15-2
IP phone voice traffic, described 15-2
VPN
configuring routing in 35-68
forwarding 35-65
in service provider networks 35-63
routes 35-64
VPN routing and forwarding table
VRF
defining 35-65
tables 35-63
VTP
adding a client to a domain 14-14
and extended-range VLANs 14-2
and normal-range VLANs 14-2
client mode, configuring 14-11
configuration
global configuration mode 14-7
guidelines 14-8
privileged EXEC mode 14-7
requirements 14-9
saving 14-7
VLAN configuration mode 14-8
configuration mode options 14-7
configuration requirements 14-9
configuration revision number
guideline 14-14
resetting 14-15
configuring
client mode 14-11
server mode 14-9
transparent mode 14-12
consistency checks 14-4
default configuration 14-7
described 14-1
disabling 14-12
domain names 14-8
domains 14-2
VTP (continued)Layer 2 protocol tunneling 17-8
modes
transitions 14-3
monitoring 14-16
passwords 14-8
pruning
disabling 14-14
enabling 14-14
examples 14-5
overview 14-4
support for 1-7
pruning-eligible list, changing 13-22
server mode, configuring 14-9
statistics 14-16
support for 1-7
Token Ring support 14-4
transparent mode, configuring 14-12
using 14-1
version, guidelines 14-9
Version 1 14-4
Version 2
configuration guidelines 14-9
disabling 14-13
enabling 14-13
overview 14-4
W
weighted tail drop
wizards 1-3
WTD
described 33-13
setting thresholds
egress queue-sets 33-71
ingress queues 33-67
support for 1-10
X
Xmodem protocol 43-2