-
null
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The following topics describe the pages available for viewing and configuring policies for Cisco Catalyst switches and Cisco 7600 Series routers:
These pages are primarily organized under the Interfaces/VLANs folder and Platform folder in Device view and under the Catalyst Platform folder for shared policies in Policy view.
Use the Catalyst Summary Info page to view high-level system information, including any service modules, ports, and VLANs that Security Manager has discovered.
Note If Security Manager has not completed discovery for a particular Cisco Catalyst switch or Cisco 7600 Series router, the Catalyst Summary Info page for that device displays this message: "No information is available. This information is acquired during device discovery."
Navigation Path
(Device view) Right-click a Catalyst 6500 Series switch or Cisco 7600 Series router, then select Catalyst Summary Info, or select Tools > Catalyst Summary Info.
Related Topics
•"Catalyst Platform User Interface Reference"
Field Reference
|
|
---|---|
Hostname |
Displays the configured hostname of the device. |
Device Type |
Displays a brief description of the device. |
Serial Number |
Displays the serial number of the device. |
OS Version |
Displays the Cisco IOS image version the device is running. |
Image |
Displays the name of the image running on the device. |
Last Update |
Displays a time stamp for the most recent discovery. |
Total Ports |
Displays the total number of configured ports, combining access ports, routed ports, and trunk ports. |
Access Ports |
Displays the number of configured access ports on the chassis. |
Trunk Ports |
Displays the number of configured trunk ports on the chassis. |
Routed Ports |
Displays the number of configured routed ports on the chassis. |
Total VLANs |
Displays the total number of configured VLANs on the chassis and all its services modules. |
Layer 2 VLANs |
Displays the number of VLANs that run on Layer 2. |
Layer 3 VLANs |
Displays the number of VLANs that run on Layer 3. |
Filter |
Enables you to filter the information displayed in the table, after you click the arrow to display the filtering bar. For more information, see Filtering Tables, page 2-16. |
Slot |
Identifies the slot to which a service module is attached. |
Device Type |
Displays a brief description of the service module. |
Serial Number |
Displays the serial number of the service module. |
Model |
Displays the model type of the service module. |
OS Version |
Identifies the OS version that is installed and running on the service module. |
Assigned VLANs |
Displays the total number of VLANs to which an FWSM is assigned. |
Contexts |
Displays the total number of configured security contexts for an FWSM that runs in multicontext mode. |
Use the Interfaces/VLANs page to define and organize the interfaces and VLANs of Cisco Catalyst switches and Cisco 7600 Series routers. The Interfaces/VLANs page consists of the following tabs:
•Interfaces/VLANs Page—VLANs Tab
•Interfaces/VLANs Page—VLAN Groups Tab
•Interfaces/VLANs Page—Interfaces Tab
•Interfaces/VLANs Page—Summary Tab
Note The VLAN Groups and Summary tabs are only available for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers.
Navigation Path
(Device view) Select Interfaces/VLANs from the Device selector.
Related Topics
•"Catalyst Platform User Interface Reference"
Use the VLANs tab to view and configure VLANs on supported Cisco Catalyst switches and Cisco 7600 Series routers.
Navigation Path
•(Device view) Select Interfaces/VLANs from the Device selector, then click the VLANs tab.
Related Topics
•Interfaces/VLANs Page—VLAN Groups Tab
•Interfaces/VLANs Page—Interfaces Tab
•Interfaces/VLANs Page—Summary Tab
•Understanding FlexConfig Policies and Policy Objects, page 18-1
•Create and Edit VLAN Dialog Boxes
Field Reference
Use the Create VLAN dialog box (or the Edit VLAN dialog box) to configure or reconfigure VLAN settings and attributes.
Navigation Path
Go to the Interfaces/VLANs Page—VLANs Tab, then click the Add or Edit button beneath the table.
Related Topics
•Understanding FlexConfig Policies and Policy Objects, page 18-1
•Create and Edit VLAN Group Dialog Boxes
•Interface Selector Dialog Box—VLAN ACL Content
Field Reference
|
|
---|---|
VLAN ID |
Displays the VLAN ID if one is configured. Otherwise, enter the ID manually. The VLAN ID specifies where 802.1Q tagged packets are sent and received on an interface or subinterface; without a VLAN ID, the interface or subinterface cannot send or receive traffic. Each VLAN must have an ID. Valid values range from 1 to 4094. Note All VLAN IDs must be unique among all subinterfaces configured on the same physical interface. |
Name |
Enter a name for the VLAN, or view the VLAN name if you entered one previously. Each VLAN must have an ID, and can optionally have a name. The maximum length is 32 characters. |
Group |
The VLAN group to which the VLAN belongs. A VLAN can be associated with one group only. You can associate the VLAN with an existing group, or select Add Group to open the Create VLAN Group dialog box. |
Status |
The current status of the VLAN: •Active—The VLAN carries traffic. •Suspended—The VLAN does not pass packets. |
Type |
Indicates whether the specified VLAN is configured for Layer 2 or Layer 3, and enables you to choose the kind of VLAN that you prefer. A Layer 3 VLAN requires an IP address and creates a VLAN interface. |
Switch Virtual Interface |
Applies only when defining a Layer 3 VLAN. •Enable Interface—When selected, enables the switched virtual interface (SVI), which is a virtual interface that you can attach to any VLAN. The SVI enables routing between VLANs and provides IP host connectivity to the switch. When deselected, disables the SVI. •IP Address—The IP address for the SVI. An IP address is required for management access. •Subnet Mask—The subnet mask for the SVI. Select any option from the list of valid subnet mask entries. •Description—Enables you to enter a description of up to 240 characters on a single line, without carriage returns. For multiple context mode, the system description is independent of the context description. |
Access Ports (Select button) |
Lists which access ports are associated with the specified VLAN, if any are associated, and enables you to add or remove access port associations for the specified VLAN. You can associate any number of access ports with a VLAN. Click Select to open the Access Port Selector Dialog Box. From here, you can associate access ports with the specified VLAN, or remove access port associations from the VLAN. |
Trunk Ports (Select button) |
Lists which trunk ports are associated with the specified VLAN, if any are associated, and enables you to add or remove trunk port associations for the specified VLAN. A VLAN can belong to the allowed list of one or more trunk ports. You can include a VLAN in a trunk port group. Click Select to open the Trunk Port Selector Dialog Box. From here, you can associate trunk ports with the specified VLAN, or remove trunk port associations from the VLAN. |
Use the Access Port Selector dialog box to define which access ports are associated with a selected VLAN.
Navigation Path
Open the Create and Edit VLAN Dialog Boxes, then click Select in the Access Ports field.
Related Topics
•Create and Edit Interface Dialog Boxes—Access Port Mode
•Trunk Port Selector Dialog Box
Field Reference
Use the Trunk Port Selector dialog box to define which trunk ports are associated with a selected VLAN.
Navigation Path
Open the Create and Edit VLAN Dialog Boxes, then click Select in the Trunk Ports field.
Related Topics
•Create and Edit Interface Dialog Boxes—Trunk Port Mode
•Access Port Selector Dialog Box
Field Reference
Use the VLAN Groups tab to view and configure VLAN groups on supported 6500 Series switches and 7600 Series routers.
Navigation Path
•(Device view) Select Interfaces/VLANs from the Device selector, then click the VLAN Groups tab.
Related Topics
•Interfaces/VLANs Page—VLANs Tab
•Interfaces/VLANs Page—Interfaces Tab
•Interfaces/VLANs Page—Summary Tab
•Create and Edit VLAN Group Dialog Boxes
Field Reference
Use the Create and Edit VLAN Group dialog box to configure or reconfigure the attributes of VLAN groups, which are logical groups of VLANs that you want to associate with one another when you define VLAN port policies.
Navigation Path
Do one of the following:
•Go to the Interfaces/VLANs Page—VLAN Groups Tab, then click the Add or Edit button beneath the table.
•Go to the Interfaces/VLANs Page—VLANs Tab, click the Add or Edit button beneath the table, then select Add Group from the Group list.
Related Topics
•Service Module Slot Selector Dialog Box
Field Reference
|
|
---|---|
VLAN Group ID |
The 802.1q VLAN group name. Valid values range from 1 to 65535. |
Service Module Slots (Select button) |
The chassis slot number (in which the relevant services module is installed) that is associated with the interface through which a particular VLAN participates in the VLAN group. Enter the slot number or click Select to open the Service Module Slot Selector Dialog Box. Note After you associate the VLAN group with a service module, such as an FWSM, you can assign the VLAN group to the security contexts of the FWSM. See Add/Edit Security Context Dialog Box (FWSM), page K-199. |
VLAN IDs (Select button) |
The comma-separated IDs of all VLANs that are part of the group. Each VLAN can be a member of only one group. Click Select to open the Service Module Slot Selector Dialog Box. From here, you can select VLANs to include in the VLAN group. |
Use the Service Module Slot Selector dialog box to associate a service module with a VLAN.
Navigation Path
Go to the Create and Edit VLAN Group Dialog Boxes, then click Select in the Service Module Slots field.
Related Topics
Field Reference
Use the VLAN Selector dialog box to associate VLANs with interfaces, VLAN groups, security contexts, and VACLs.
Navigation Path
You can access this dialog box when you define interfaces, VLAN groups, IDSM settings, or VACLs by clicking the Select button in any field used for defining VLANs.
Related Topics
•Service Module Slot Selector Dialog Box
Field Reference
Use the Interfaces tab to view and configure interfaces and subinterfaces on supported Cisco Catalyst switches and Cisco 7600 Series routers and their associated services modules (blades).
Navigation Path
(Device view) Select Interfaces/VLANs from the Device selector, then click the Interfaces tab.
Related Topics
•Interfaces/VLANs Page—VLANs Tab
•Interfaces/VLANs Page—VLAN Groups Tab
•Interfaces/VLANs Page—Summary Tab
Field Reference
|
|
---|---|
Name |
Interface type, chassis slot, and the number of the interface card. For example, FastEthernet 2/7 means Fast Ethernet, slot 2, interface 7. |
Mode |
Configuration mode for physical ports: •Access •Routed •Trunk •Dynamic Auto •Dynamic Desirable •Unsupported |
VLAN ID |
The VLAN ID associated with the described subinterface, displayed only for Ethernet interfaces and VLAN interfaces. |
IP Address |
The IP address of the interface. |
Enabled |
Indicates whether the interface is enabled or disabled (shutdown state). |
Interface Roles |
The interface roles whose naming patterns match this interface. See Understanding Interface Role Objects, page 8-33. |
Description |
An optional description of the interface. |
Add Row button |
Opens the Create Interface dialog box, where you can define a new interface. For more information, see the instructions for the relevant mode: •Access Port Mode—Create and Edit Interface Dialog Boxes—Access Port Mode. •Routed Port Mode—Create and Edit Interface Dialog Boxes—Routed Port Mode •Trunk Port Mode—Create and Edit Interface Dialog Boxes—Trunk Port Mode •Dynamic Mode—Create and Edit Interface Dialog Boxes—Dynamic Mode |
Edit Row button |
Opens the Edit Interface dialog box, where you can edit the selected interface. For more information, see the instructions for the relevant mode: •Access Port Mode—Create and Edit Interface Dialog Boxes—Access Port Mode. •Routed Port Mode—Create and Edit Interface Dialog Boxes—Routed Port Mode •Trunk Port Mode—Create and Edit Interface Dialog Boxes—Trunk Port Mode •Dynamic Mode—Create and Edit Interface Dialog Boxes—Dynamic Mode •Unsupported—Create and Edit Interface Dialog Boxes—Unsupported Mode |
Delete Row button |
Deletes the selected interface. |
Use the Create Interface dialog box (or the Edit Interface dialog box) to configure the attributes of physical and virtual interfaces that run in access port mode.
Navigation Path
Go to the Interfaces/VLANs Page—Interfaces Tab, click Add or Edit to open the Create/Edit Interface dialog box, then select Access Port from the Mode list.
Related Topics
•Create and Edit Interface Dialog Boxes—Routed Port Mode
•Create and Edit Interface Dialog Boxes—Trunk Port Mode
•Create and Edit Interface Dialog Boxes—Dynamic Mode
•Interface Auto Name Generator Dialog Box, page J-17
•Understanding FlexConfig Policies and Policy Objects, page 18-1
•Understanding Interface Role Objects, page 8-33
Field Reference
|
|
---|---|
Enable Interface |
When selected, enables the interface. When deselected, disables the interface using the shutdown command. |
Type |
Specifies whether the definitions apply to an interface or a subinterface. For details about defining a subinterface, see Create and Edit Interface Dialog Boxes—Subinterfaces. |
Name (Select button) |
Displays the generated interface name, if the name has been set. Click Select to open the Interface Auto Name Generator Dialog Box, page J-17. From here, you can enter or edit the details that Security Manager uses to generate an interface name. |
Mode |
The port configuration type for this interface. Select Access Port to display the configuration options that are relevant for access ports. |
|
|
VLAN ID (Select button) |
Displays the interface-specific identity of the VLAN to use in access port mode, if you have selected a VLAN. Otherwise, click Select to open the VLAN Selector Dialog Box. The VLAN ID specifies where 802.1Q tagged packets are sent and received on the subinterface; without a VLAN ID, the subinterface cannot send or receive traffic. Valid values range from 1 to 4094. Some VLAN IDs might be reserved on connected devices, so see the device documentation for more information. For multiple context mode, you can only set the VLAN in the system configuration. Note All VLAN IDs must be unique among all subinterfaces configured on the same physical interface. |
Enable Port Security |
When selected, enables you to restrict input to an interface by limiting the MAC addresses that are allowed to access the port. When deselected, disables port security. |
Max. MAC Addresses |
Applies only when Enable Port Security is selected. The maximum number of secure MAC addresses for the interface. Valid values range from 1 to 4097. Note Secure MAC addresses are configured dynamically using the MAC addresses of connected devices. |
Violation Policy |
The action to take if a security violation occurs: •Port Security Protect—Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses and the count drops below the maximum value. •Port Security Restrict—Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses and the count drops below the maximum value. In addition, it causes the SecurityViolation counter to increment. •Port Security Shutdown—Immediately puts the interface into the error-disabled state and sends an SNMP trap notification. A security violation occurs if a workstation whose MAC address is not in the address table attempts to access the interface after the maximum number of secure MAC addresses is configured. |
Enable VACL Capture |
When selected, enables VACL capture. If the capture bit is set, ports with the capture function enabled can receive forwarded packets. When deselected, disables VACL capture. |
Capture VLANs (Select button) |
Enables you to identify the VLANs where VACLs should receive forwarded VLAN packets. This option is available if you selected the Enable VACL Capture check box. Enter a comma-separated list of VLAN IDs or click Select to open the VLAN Selector Dialog Box. VACLs can capture VLAN packets only when they are initially routed or bridged into the VLAN. Only forwarded packets can be captured. |
|
|
Speed |
The speed of the physical interface: •10—Transmits at 10 Mbps. •100—Transmits at 100 Mbps. •1000—Transmits at 1,000 Mbps. •10000—Transmits at 10,000 Mbps. •Auto—If Speed is set to Auto, both Speed and Duplex are autonegotiated. •Non-Negotiate—Disables link negotiation. |
Duplex |
The duplex setting of the interface: •Auto—Autonegotiates the duplex. •Half—Sends and receives data, but not at the same time •Full—Sends and receives data at the same time. If the speed is set to Auto, the duplex setting must also be set to Auto. |
MTU |
The maximum transmission unit, which refers to the largest packet size (in bytes) that can be handled by the interface. The range of valid values depends on the interface type. |
Description |
A text description of the interface. Enter up to 240 characters on a single line, without using carriage returns. Note For multiple context mode, the system description is independent of the context description. |
Flow Control Receive |
The flow control setting for incoming frames: •Off—The port does not use flow control, regardless of whether the neighboring port requests flow control. •On—The port uses flow control, as dictated by the neighboring port. •Desired—The port allows, but does not require, flow control frames. Flow control frames (also called pause frames) are special packets that signal a source to stop sending frames for a defined interval when buffers are full. |
Flow Control Send |
The flow control setting for outgoing frames: •Off—The port does not send flow control frames to the neighboring port. •On—The port sends flow control frames to the neighboring port. •Desired—The port allows, but does not require, flow control frames. |
Roles |
Lists the interface roles associated with the interface. Interface roles are objects that are replaced with the actual interface IP addresses when the configuration is generated for each device. They allow you to define generic rules—ones that can apply to multiple interfaces. See Understanding Interface Role Objects, page 8-33. |
Use the Create Interface dialog box (or the Edit Interface dialog box) to configure the attributes of physical interfaces that run in routed port mode on Layer 3.
Navigation Path
Go to the Interfaces/VLANs Page—Interfaces Tab, click Add or Edit to open the Create/Edit Interface dialog box, then select Routed Port from the Mode list.
Related Topics
•Create and Edit Interface Dialog Boxes—Access Port Mode
•Create and Edit Interface Dialog Boxes—Trunk Port Mode
•Create and Edit Interface Dialog Boxes—Dynamic Mode
•Understanding Interface Role Objects, page 8-33
•Selecting Objects for Policies, page 8-2
•Understanding Network/Host Objects, page 8-65
Field Reference
|
|
---|---|
Enable Interface |
When selected, enables the interface. When deselected, disables the interface using the shutdown command. |
Type |
Specifies whether the definitions apply to an interface or a subinterface. For details about defining a subinterface, see Create and Edit Interface Dialog Boxes—Subinterfaces. |
Name (Select button) |
Displays the generated interface name, if the name has been set. Click Select to open the Interface Auto Name Generator Dialog Box, page J-17. From here, you can enter or edit the details that Security Manager uses to generate an interface name. |
Mode |
The port configuration type for this interface. Select Routed Port to display the configuration options that are relevant for routed ports. |
|
|
IP Type |
The type of IP address used by the port: •Static IP—Specifies that the interface uses a permanent IP address and activates related GUI elements. |
IP Address (Select button) |
Enables you to enter an IP address, or you can click Select to open the Networks/Hosts Selector, where you can select an IP address. |
Helper IP Addresses (Select button) |
Enables you to assign a helper IP address to the interface. A helper IP address converts broadcast DHCP requests to unicast requests that are directed exclusively to the DHCP server. |
Mask |
Enables you to specify the subnet mask. You can enter a netmask value or you can select a netmask from the list. If you enter a netmask, you can express its value in dotted decimal format (for example, 255.255.255.0) or you can enter the number of bits (for example, 24). Note Do not use 255.255.255.254 or 255.255.255.255 for any interface that is connected to your network; these netmasks cause all traffic on an interface to stop. |
|
|
Speed |
The speed of the physical interface: •10—Transmits at 10 Mbps. •100—Transmits at 100 Mbps. •1000—Transmits at 1,000 Mbps. •10000—Transmits at 10,000 Mbps. •Auto—If Speed is set to Auto, both Speed and Duplex are autonegotiated. •Non-Negotiate—Disables link negotiation. |
Duplex |
The duplex setting of the interface: •Auto—Autonegotiates the duplex. •Half—Sends and receives data, but not at the same time •Full—Sends and receives data at the same time. If the speed is set to Auto, the duplex setting must also be set to Auto. |
MTU |
The maximum transmission unit, which refers to the largest packet size (in bytes) that can be handled by the interface. The range of valid values depends on the interface type. |
Description |
A text description of the interface. Enter up to 240 characters on a single line, without using carriage returns. Note For multiple context mode, the system description is independent of the context description. |
Flow Control Receive |
The flow control setting for incoming frames: •Off—The port does not use flow control, regardless of whether the neighboring port requests flow control. •On—The port uses flow control, as dictated by the neighboring port. •Desired—The port allows, but does not require, flow control frames. Flow control frames (also called pause frames) are special packets that signal a source to stop sending frames for a defined interval when buffers are full. |
Flow Control Send |
The flow control setting for outgoing frames: •Off—The port does not send flow control frames to the neighboring port. •On—The port sends flow control frames to the neighboring port. •Desired—The port allows, but does not require, flow control frames. |
Roles |
Lists the interface roles associated with the interface. Interface roles are objects that are replaced with the actual interface IP addresses when the configuration is generated for each device. They allow you to define generic rules—ones that can apply to multiple interfaces. See Understanding Interface Role Objects, page 8-33. |
Use the Create Interface dialog box (or the Edit Interface dialog box) to configure the attributes of physical and virtual interfaces that run in trunk port mode.
Navigation Path
Go to the Interfaces/VLANs Page—Interfaces Tab, click Add or Edit to open the Create/Edit Interface dialog box, then select Trunk Port from the Mode list.
Related Topics
•Create and Edit Interface Dialog Boxes—Access Port Mode
•Create and Edit Interface Dialog Boxes—Routed Port Mode
•Create and Edit Interface Dialog Boxes—Dynamic Mode
•Understanding FlexConfig Policies and Policy Objects, page 18-1
•Understanding Interface Role Objects, page 8-33
Field Reference
|
|
---|---|
Enable Interface |
When selected, enables the interface. When deselected, disables the interface using the shutdown command. |
Type |
Specifies whether the definitions apply to an interface or a subinterface. For details about defining a subinterface, see Create and Edit Interface Dialog Boxes—Subinterfaces. |
Name (Select button) |
Displays the generated interface name, if the name has been set. Click Select to open the Interface Auto Name Generator Dialog Box, page J-17. From here, you can enter or edit the details that Security Manager uses to generate an interface name. |
Mode |
The port configuration type for this interface. Select Trunk Port to display the configuration options that are relevant for trunk ports. |
|
|
Encapsulation |
Select one of the following: •DOT1Q—Specifies VLAN encapsulation on the trunk link, as defined by the IEEE 802.1Q standard. Applies only to Ethernet subinterfaces. •ISL—Specifies ISL encapsulation on the trunk link. 10-Gigabit Ethernet ports do not support ISL encapsulation. |
Native VLAN (Select button) |
Enables you to select the Native VLAN to associate with this interface, using the ID specified in the VLAN ID field. (If no VLAN ID is specified for the Native VLAN, the default is 1.) This option applies to you only if you are configuring a physical interface that is meant to serve as an 802.1Q trunk interface. You must first specify DOT1Q as the encapsulation type. The Native VLAN of a trunk interface is the VLAN to which all untagged VLAN packets are logically assigned. This includes the management traffic associated with the VLAN. When deselected, the Native VLAN is not associated with this interface. Note The Native VLAN cannot be configured on a subinterface of the trunk interface. Be sure to configure the same Native VLAN value at both ends of the link; otherwise, traffic may be lost or sent to the wrong VLAN. Click Select to open the VLAN Selector Dialog Box. From here, you can associate a native VLAN with the described interface. |
Enable DTP negotiation |
When selected, enables Dynamic Trunking Protocol (DTP) negotiation. DTP manages trunk auto-negotiation (ISL and 802.1Q) between devices. When deselected, disables DTP negotiation. |
Allowed VLANs (Select button) |
Enables you to specify which VLANs are allowed on the trunk. Enter the VLAN IDs. Use commas to separate multiple VLANs or use a hyphen to indicate a range of VLANs (for example, 12,17,22 or 2-200). Valid IDs range from 1 to 4094. Or, click Select to open the VLAN Selector Dialog Box. From here, you can select the VLANs to include on the trunk. |
Prune VLANs (Select button) |
Enables you to specify which VLANs are eligible for pruning. Enter the VLAN IDs. Use commas to separate multiple VLANs or use a hyphen to indicate a range of VLANs (for example, 12,17,22 or 2-200.) Or, click Select to open the VLAN Selector Dialog Box. From here, you can select the VLANs that are eligible for pruning. |
Enable VACL Capture |
When selected, enables VACL capture. If the capture bit is set, ports with the capture function enabled can receive forwarded packets. When deselected, disables VACL capture. |
Capture VLANs (Select button) |
Enables you to identify the VLANs where VACLs should receive forwarded VLAN packets. This option is available if you selected the Enable VACL Capture check box. Enter a comma-separated list of VLAN IDs, or click Select to open the VLAN Selector Dialog Box. VACLs can capture VLAN packets only when they are initially routed or bridged into the VLAN. Only forwarded packets can be captured. |
Enable Port Security |
Applies only to devices running IOS Software Version 12.2(18)SXE2 or later. When selected, enables you to restrict input to an interface by limiting the MAC addresses that are allowed to access the port. When deselected, disables port security. Note If you select this option, the Enable DTP Negotiation option is automatically deselected. |
Max. MAC Addresses |
Applies only when Enable Port Security is selected. The maximum number of secure MAC addresses for the interface. Valid values range from 1 to 4097. Note Secure MAC addresses are configured dynamically using the MAC addresses of connected devices. |
Violation Policy |
The action to take if a security violation occurs: •Port Security Protect—Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses and the count drops below the maximum value. •Port Security Restrict—Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses and the count drops below the maximum value. In addition, it causes the SecurityViolation counter to increment. •Port Security Shutdown—Immediately puts the interface into the error-disabled state and sends an SNMP trap notification. A security violation occurs if a workstation whose MAC address is not in the address table attempts to access the interface after the maximum number of secure MAC addresses is configured. |
|
|
Speed |
The speed of the physical interface: •10—Transmits at 10 Mbps. •100—Transmits at 100 Mbps. •1000—Transmits at 1,000 Mbps. •10000—Transmits at 10,000 Mbps. •Auto—If Speed is set to Auto, both Speed and Duplex are autonegotiated. •Non-Negotiate—Disables link negotiation. |
Duplex |
The duplex setting of the interface: •Auto—Autonegotiates the duplex. •Half—Sends and receives data, but not at the same time •Full—Sends and receives data at the same time. If the speed is set to Auto, the duplex setting must also be set to Auto. |
MTU |
The maximum transmission unit, which refers to the largest packet size (in bytes) that can be handled by the interface. The range of valid values depends on the interface type. |
Description |
A text description of the interface. Enter up to 240 characters on a single line, without using carriage returns. Note For multiple context mode, the system description is independent of the context description. |
Flow Control Receive |
The flow control setting for incoming frames: •Off—The port does not use flow control, regardless of whether the neighboring port requests flow control. •On—The port uses flow control, as dictated by the neighboring port. •Desired—The port allows, but does not require, flow control frames. Flow control frames (also called pause frames) are special packets that signal a source to stop sending frames for a defined interval when buffers are full. |
Flow Control Send |
The flow control setting for outgoing frames: •Off—The port does not send flow control frames to the neighboring port. •On—The port sends flow control frames to the neighboring port. •Desired—The port allows, but does not require, flow control frames. |
Roles |
Lists the interface roles associated with the interface. Interface roles are objects that are replaced with the actual interface IP addresses when the configuration is generated for each device. They allow you to define generic rules—ones that can apply to multiple interfaces. See Understanding Interface Role Objects, page 8-33. |
Use the Create Interface dialog box (or the Edit Interface dialog box) to configure the attributes of physical and virtual interfaces that run in dynamic mode. Dynamic ports can convert the link into a trunk link based on the settings of the neighboring port.
Navigation Path
Go to the Interfaces/VLANs Page—Interfaces Tab, click Add or Edit to open the Create/Edit Interface dialog box, then select Dynamic from the Mode list.
Related Topics
•Create and Edit Interface Dialog Boxes—Access Port Mode
•Create and Edit Interface Dialog Boxes—Routed Port Mode
•Create and Edit Interface Dialog Boxes—Trunk Port Mode
•Interface Auto Name Generator Dialog Box, page J-17
•Understanding FlexConfig Policies and Policy Objects, page 18-1
•Understanding Interface Role Objects, page 8-33
Field Reference
|
|
---|---|
Enable Interface |
When selected, enables the interface. When deselected, disables the interface using the shutdown command. |
Type |
Specifies whether the definitions apply to an interface or a subinterface. For details about defining a subinterface, see Create and Edit Interface Dialog Boxes—Subinterfaces. |
Name (Select button) |
Displays the generated interface name, if the name has been set. Click Select to open the Interface Auto Name Generator Dialog Box, page J-17. From here, you can enter or edit the details that Security Manager uses to generate an interface name. |
Mode |
The port configuration type for this interface. Select Dynamic to display the configuration options that are relevant for dynamic ports. |
|
|
Dynamic Mode |
The dynamic trunk mode: •Auto—Allows the port to convert the link to a trunk link. The port becomes a trunk port if the neighboring port is set to Trunk or Desirable mode. •Desirable—Makes the port actively attempt to convert the link to a trunk link. |
Access VLAN ID |
The access VLAN ID to use when the port does not function as a trunking link. This can occur when the neighboring interface is not set to trunk, auto, or desirable mode. Valid values range from 1 to 4094. |
Encapsulation |
Select one of the following: •DOT1Q—Specifies VLAN encapsulation on the trunk link, as defined by the IEEE 802.1Q standard. Applies only to Ethernet subinterfaces. •ISL—Specifies ISL encapsulation on the trunk link. 10-Gigabit Ethernet ports do not support ISL encapsulation. •Negotiate—Specifies that the interface negotiates with the neighboring interface to become either an ISL or 802.1Q trunk, based on the configuration and capabilities of the neighboring interface. |
Native VLAN (Select button) |
Enables you to select the Native VLAN to associate with this interface, using the ID specified in the VLAN ID field. (If no VLAN ID is specified for the Native VLAN, the default is 1.) This option applies to you only if you are configuring a physical interface that is meant to serve as an 802.1Q trunk interface. You must first specify DOT1Q as the encapsulation type. The Native VLAN of a trunk interface is the VLAN to which all untagged VLAN packets are logically assigned. This includes the management traffic associated with the VLAN. When deselected, the Native VLAN is not associated with this interface. Note The Native VLAN cannot be configured on a subinterface of the trunk interface. Be sure to configure the same Native VLAN value at both ends of the link; otherwise, traffic may be lost or sent to the wrong VLAN. Click Select to open the VLAN Selector Dialog Box. From here, you can associate a native VLAN with the described interface. |
Allowed VLANs (Select button) |
Enables you to specify which VLANs are allowed on the trunk. Enter the VLAN IDs. Use commas to separate multiple VLANs or use a hyphen to indicate a range of VLANs (for example, 12,17,22 or 2-200). Valid IDs range from 1 to 4094. Alternatively, click Select to open the VLAN Selector Dialog Box. From here, you can select the VLANs to include on the trunk. |
Prune VLANs (Select button) |
Enables you to specify which VLANs are eligible for pruning. Enter the VLAN IDs. Use commas to separate multiple VLANs or use a hyphen to indicate a range of VLANs (for example, 12,17,22 or 2-200.) Alternatively, click Select to open the VLAN Selector Dialog Box. From here, you can select the VLANs that are eligible for pruning. |
Enable VACL Capture |
When selected, enables VACL capture. If the capture bit is set, ports with the capture function enabled can receive forwarded packets. When deselected, disables VACL capture. |
Capture VLANs (Select button) |
Enables you to identify the VLANs where VACLs should receive forwarded VLAN packets. This option is available if you selected the Enable VACL Capture check box. Enter a comma-separated list of VLAN IDs or click Select to open the VLAN Selector Dialog Box. VACLs can capture VLAN packets only when they are initially routed or bridged into the VLAN. Only forwarded packets can be captured. |
|
|
Speed |
The speed of the physical interface: •10—Transmits at 10 Mbps. •100—Transmits at 100 Mbps. •1000—Transmits at 1,000 Mbps. •10000—Transmits at 10,000 Mbps. •Auto—If Speed is set to Auto, both Speed and Duplex are autonegotiated. •Non-Negotiate—Disables link negotiation. |
Duplex |
The duplex setting of the interface: •Auto—Autonegotiates the duplex. •Half—Sends and receives data, but not at the same time •Full—Sends and receives data at the same time. If the speed is set to Auto, the duplex setting must also be set to Auto. |
MTU |
The maximum transmission unit, which refers to the largest packet size (in bytes) that can be handled by the interface. The range of valid values depends on the interface type. |
Description |
A text description of the interface. Enter up to 240 characters on a single line, without using carriage returns. Note For multiple context mode, the system description is independent of the context description. |
Flow Control Receive |
The flow control setting for incoming frames: •Off—The port does not use flow control, regardless of whether the neighboring port requests flow control. •On—The port uses flow control, as dictated by the neighboring port. •Desired—The port allows, but does not require, flow control frames. Flow control frames (also called pause frames) are special packets that signal a source to stop sending frames for a defined interval when buffers are full. |
Flow Control Send |
The flow control setting for outgoing frames: •Off—The port does not send flow control frames to the neighboring port. •On—The port sends flow control frames to the neighboring port. •Desired—The port allows, but does not require, flow control frames. |
Roles |
Lists the interface roles associated with the interface. Interface roles are objects that are replaced with the actual interface IP addresses when the configuration is generated for each device. They allow you to define generic rules—ones that can apply to multiple interfaces. See Understanding Interface Role Objects, page 8-33. |
Use the Create Interface dialog box (or the Edit Interface dialog box) to configure the attributes of subinterfaces defined on Catalyst 6500/7600 devices.
Navigation Path
Go to the Interfaces/VLANs Page—Interfaces Tab, click Add or Edit to open the Create/Edit Interface dialog box, then select Subinterface from the Type list.
Related Topics
•Create and Edit Interface Dialog Boxes—Access Port Mode
•Create and Edit Interface Dialog Boxes—Routed Port Mode
•Create and Edit Interface Dialog Boxes—Trunk Port Mode
•Create and Edit Interface Dialog Boxes—Dynamic Mode
•Understanding Interface Role Objects, page 8-33
•Selecting Objects for Policies, page 8-2
•Understanding Network/Host Objects, page 8-65
Field Reference
|
|
---|---|
Enable Interface |
When selected, enables the subinterface. When deselected, disables the subinterface using the shutdown command. |
Type |
Specifies whether the definitions apply to an interface or a subinterface. Select Subinterface. |
Parent |
Identifies the parent interface of the subinterface. |
Subint. ID |
Specifies the ID for the subinterface. The numeric ID string cannot exceed 10 characters. |
IP Type |
The type of IP address used by the subinterface: •Static IP—Specifies that the subinterface uses a permanent IP address and activates related GUI elements. |
IP Address (Select button) |
Enables you to enter an IP address, or you can click Select to open an Object Selectors, page F-205. From here, you can select an IP address. |
Helper IP Addresses |
Enables you to assign a helper IP address to the subinterface. A helper IP address converts broadcast DHCP requests to unicast requests that are directed exclusively to the DHCP server. |
Mask |
Enables you to specify the subnet mask. You can enter a netmask value or you can select a netmask from the list. If you enter a netmask, you can express its value in dotted decimal format (for example, 255.255.255.0) or you can enter the number of bits (for example, 24). Note Do not use 255.255.255.254 or 255.255.255.255 for any interface that is connected to your network; these netmasks cause all traffic on an interface to stop. |
Encapsulation |
The encapsulation type defined for the subinterface: •[blank]—No encapsulation is defined. •DOT1Q—Specifies VLAN encapsulation on the trunk link, as defined by the IEEE 802.1Q standard. Applies only to Ethernet subinterfaces. •ISL—Specifies ISL encapsulation on the trunk link. 10-Gigabit Ethernet ports do not support ISL encapsulation. |
VLAN ID |
Applies only when encapsulation is defined for the subinterface. The VLAN ID associated with the subinterface. |
Description |
A text description of the interface. Enter up to 240 characters on a single line, without using carriage returns. Note For multiple context mode, the system description is independent of the context description. |
If you discover an interface configured with a mode that is not supported by Security Manager (such as dot1q-tunnel or private-vlan), the interface is displayed in Unsupported mode. You can view the attributes of this interface, but you cannot make any changes to the configuration unless you first change the mode. All definition fields, other than Mode, are read-only.
Navigation Path
Go to the Interfaces/VLANs Page—Interfaces Tab, select an interface whose mode is defined as Unsupported, then click Add or Edit to open the Create/Edit Interface dialog box.
Related Topics
•Create and Edit Interface Dialog Boxes—Access Port Mode
•Create and Edit Interface Dialog Boxes—Routed Port Mode
•Create and Edit Interface Dialog Boxes—Trunk Port Mode
•Create and Edit Interface Dialog Boxes—Dynamic Mode
Field Reference
|
|
---|---|
Enable Interface |
When selected, indicates that the interface is enabled. When deselected, indicates that the interface has been disabled using the shutdown command. |
Type |
Specifies whether the definitions apply to an interface or a subinterface. |
Name (Select button) |
Displays the name of the interface. |
Mode |
Displays Unsupported, which designates an interface whose mode is not supported by Security Manager. Select a different option to change the interface mode. Note If you change the interface mode, you can then modify the other settings in this dialog box. |
Speed |
Displays the speed of the physical interface: •10—Transmits at 10 Mbps. •100—Transmits at 100 Mbps. •1000—Transmits at 1,000 Mbps. •10000—Transmits at 10,000 Mbps. •Auto—If Speed is set to Auto, both Speed and Duplex are autonegotiated. •Non-Negotiate—Disables link negotiation. |
Duplex |
Displays the duplex setting of the interface: •Auto—Autonegotiates the duplex. •Half—Sends and receives data, but not at the same time •Full—Sends and receives data at the same time. If the speed is set to Auto, the duplex setting must also be set to Auto. |
MTU |
Displays the maximum transmission unit, which refers to the largest packet size (in bytes) that can be handled by the interface. The range of valid values depends on the interface type. |
Description |
Displays a text description of the interface. For multiple context mode, the system description is independent of the context description. |
Flow Control Receive |
Displays the flow control setting for incoming frames: •Off—The port does not use flow control, regardless of whether the neighboring port requests flow control. •On—The port uses flow control, as dictated by the neighboring port. •Desired—The port allows, but does not require, flow control frames. Flow control frames (also called pause frames) are special packets that signal a source to stop sending frames for a defined interval when buffers are full. |
Flow Control Send |
Displays the flow control setting for outgoing frames: •Off—The port does not send flow control frames to the neighboring port. •On—The port sends flow control frames to the neighboring port. •Desired—The port allows, but does not require, flow control frames. |
Roles |
Lists the interface roles associated with the interface. Interface roles are objects that are replaced with the actual interface IP addresses when the configuration is generated for each device. They allow you to define generic rules—ones that can apply to multiple interfaces. See Understanding Interface Role Objects, page 8-33. |
Use the Summary tab to view attributes of all VLANs, VLAN groups, interfaces, and subinterfaces configured on supported 6500 Series and 7600 Series chassis and their associated services modules.
Navigation Path
•(Device view) Select Interfaces/VLANs from the Device selector, then click the Summary tab.
Related Topics
•Interfaces/VLANs Page—VLANs Tab
•Interfaces/VLANs Page—VLAN Groups Tab
•Interfaces/VLANs Page—Interfaces Tab
Field Reference
Use the IDSM Settings page to view and configure the VLAN settings for data ports and channel groups on Intrusion Detection System Service Modules (IDSM).
Navigation Path
You can access this page from:
•(Device view) Select Platform > IDSM Settings from the Device Policy selector.
•(Policy view) Select Catalyst Platform > IDSM Settings from the Policy Types selector.
Related Topics
•Create and Edit IDSM EtherChannel VLANs Dialog Boxes
•Create and Edit IDSM Data Port VLANs Dialog Boxes
•Chapter 16, "Managing IPS Devices"
Field Reference
Use the Create IDSM EtherChannel VLANs dialog box (or the Edit IDSM EtherChannel VLANs dialog box) to configure or reconfigure the attributes of an IDSM EtherChannel VLAN.
Navigation Path
Go to the IDSM Settings Page, then click the Add or Edit button beneath the EtherChannel VLANs table.
Related Topics
•Create and Edit IDSM Data Port VLANs Dialog Boxes
•IDSM Slot-Port Selector Dialog Box
•Service Module Slot Selector Dialog Box
Field Reference
|
|
---|---|
Channel Group |
The EtherChannel group to which the Ethernet interface is assigned. |
Slot-Ports (Select button) |
Associates the chassis slot number (in which the relevant services module is installed) with the data port in the format x -y, where x is the slot number and y is the port number. For example, 2-1 refers to data port 1 in slot 2. Click Select to open the IDSM Slot-Port Selector Dialog Box. From here, you can select the IDSM slot-port combinations to include in the EtherChannel group. |
Mode |
The running mode of the EtherChannel group: •Capture (IDS)—The IDSM2 passively monitors network traffic that was copied to its data ports by the Catalyst switch using either VACL capture or SPAN. •Trunk (IPS)—The IDSM2 operates as an 802.1Q trunk by performing VLAN bridging between pairs of VLANs within the same data port. |
Capture Enabled |
Applies only when the running mode is Capture (IDS). When selected, configures the specified channel group as a capture destination. When deselected, the channel group does not act as a capture destination. |
VLAN IDs (Select button) |
Identifies which VLANs the specified channel group should allow. Click Select to open the VLAN Selector Dialog Box. From here, you can select VLANs to include or exclude. |
Use the Create IDSM Data Port VLANs dialog box (or the Edit IDSM Data Port VLANs dialog box) to define which traffic is directed to an IDSM data port and which sensing mode is used on that traffic.
Navigation Path
Go to the IDSM Settings Page, then click the Add or Edit button beneath the Data Port VLANs table.
Related Topics
•Create and Edit IDSM EtherChannel VLANs Dialog Boxes
•IDSM Slot-Port Selector Dialog Box
•Service Module Slot Selector Dialog Box
Field Reference
|
|
---|---|
Slot-Port |
Associates the chassis slot number (in which the relevant services module is installed) with the data port in the format x -y, where x is the slot number and y is the port number. For example, 2-1 refers to data port 1 in slot 2. Click Select to open the IDSM Slot-Port Selector Dialog Box. From here, you can select the IDSM slot-port combinations to include in the data port VLAN definition. |
Mode |
The running mode of the data port: •Capture (IDS)—The IDSM2 passively monitors network traffic that was copied to its data ports by the Catalyst switch using either VACL capture or SPAN. •Trunk (IPS)—The IDSM2 operates as an 802.1Q trunk by performing VLAN bridging between pairs of VLANs within the same data port. |
Capture Enabled |
Applies only when the running mode is Capture (IDS). When selected, configures the specified channel group as a capture destination. When deselected, the channel group does not act as a capture destination. |
VLAN IDs (Select button) |
Identifies which VLANs the specified data port should allow. Click Select to open the VLAN Selector Dialog Box. From here, you can select VLANs to include or exclude. |
Use the IDSM Slot-Port Selector dialog box to associate slot-port objects with EtherChannel groups.
Navigation Path
Go to the Create and Edit IDSM EtherChannel VLANs Dialog Boxes or the Create and Edit IDSM Data Port VLANs Dialog Boxes, then click Select in the Slot-Port field.
Related Topics
Field Reference
Use the VLAN Access Lists page to view and configure VLAN access lists for Cisco Catalyst switches and Cisco 7600 Series routers.
Navigation Path
You can access this page from:
•(Device view) Select Platform > VLAN Access Lists from the Device Policy selector.
•(Device view) Select Catalyst Platform >VLAN Access Lists from the Policy Types selector.
Related Topics
•Creating Access Control List Objects, page 8-23
•Create and Edit VLAN ACL Dialog Boxes
•Create and Edit VLAN ACL Content Dialog Boxes
Field Reference
|
|
---|---|
|
|
VLAN ACL |
Displays the VLAN ACL name. |
Sequence |
Specifies the map sequence number. VACL sequences are applied in order of sequence, from lowest number to highest. |
Matching |
Displays the Match ACLs, if any are defined. VACL matching occurs only when an ACL permit is encountered. ACL denies are ignored. |
Action |
Specify whether the action is to drop, drop and log, forward, forward and capture, or redirect packets. Note The redirect action helps you to specify as many as five interfaces, which can be physical interfaces or EtherChannels. You cannot redirect packets to an EtherChannel member or a VLAN interface. |
VLAN IDs |
Interface-specific identity of the VLAN that a table row describes. The VLAN ID specifies where 802.1Q tagged packets are sent and received on the subinterface; without a VLAN ID, the subinterface cannot send or receive traffic. |
Add Row button |
Opens the Create VLAN ACL dialog box, where you can define a new VACL. |
Edit Row button |
Opens the Edit VLAN ACL dialog box, where you can edit the selected VACL. |
Delete Row button |
Deletes the selected access list. |
|
|
Log Table Size |
Displays the log table size. Valid sizes range from 0 to 2048 and the default is 500. Logged packets from new flows are dropped when the table is full. |
Max. Packet Rate |
Displays the maximum redirect VACL logging packet rate per second. Valid rates range from 10 to 5000 packets per second and the default rate is 2000. Packets that exceed the limit are dropped. |
Logging Threshold |
Displays the logging threshold if one is set. By default, no threshold is set. When you configure VACL logging, IP packets that are denied generate log messages on a per-flow basis if the threshold for a flow is reached in any interval of less than 5 minutes. Only dropped IP packets can be logged. |
Capture Interfaces |
Identifies the interface that captures forwarded packets in which the capture bit is set. You can configure any interface as the capture interface. The capture action sets the capture bit for the forwarded packets so that ports with the capture function enabled can receive the packets. Only forwarded packets can be captured. Note The information shown here is read-only. To define capture interfaces, use the Create/Edit Interface dialog box. See Interfaces/VLANs Page—Interfaces Tab. |
Use the Create VLAN ACL dialog box (or the Edit VLAN ACL dialog box) to configure or reconfigure VACL attributes.
Navigation Path
Go to the VLAN Access Lists Page, then click the Add or Edit button beneath the table.
Related Topics
•Service Module Slot Selector Dialog Box
•Create and Edit VLAN ACL Content Dialog Boxes
•Create and Edit VLAN Dialog Boxes
•Create and Edit VLAN Group Dialog Boxes
Field Reference
|
|
---|---|
VLAN ACL Name |
The user-defined name for the VACL. |
VLANs (Select button) |
Enables you to designate the VLANs to which the VACL should be applied. Do one of the following: •Enter VLAN IDs. You can use commas to separate multiple VLANs or use a hyphen to indicate a range of VLANs. For example: 12,17,22 or 2-200. Valid IDs range from 1 to 4094. •Click Select to open the Service Module Slot Selector Dialog Box. |
|
|
Sequence Map |
Identifies the VLAN access map in which the described entry has an assigned sequence number. A VLAN access map can consist of one or more map sequences, where each sequence pairs a match clause, which specifies ACLs for traffic filtering, to an action clause, which specifies the action to take if a match occurs. |
Filter |
Enables you to filter the information displayed in the table, after you click the arrow to display the filtering bar. For more information, see Filtering Tables, page 2-16. |
Sequence |
Specifies the map sequence number. |
Matching |
Displays the match ACLs, if any are defined. |
Action |
Specifies the action to take on packets that meet the criteria defined in the match ACLs. |
Up button |
Moves a VACL sequence up one row in the table. Select a sequence in the table to activate the button. |
Down button |
Moves a VACL sequence down one row in the table. Select a sequence in the table to activate the button. |
Add Row button |
Opens the Create VLAN ACL Content dialog box, where you can define a new VACL sequence. |
Edit Row button |
Opens the Edit VLAN ACL Content dialog box, where you can reconfigure the attributes of the selected VACL sequence. |
Delete Row button |
Deletes the selected VACL sequence. |
Use the Create VLAN ACL Content dialog box (or the Edit VLAN ACL Content dialog box) to configure or reconfigure VACL sequences.
Navigation Path
Go to the Create and Edit VLAN ACL Dialog Boxes, then click the Add or Edit button beneath the Sequence Map table.
Related Topics
•Create and Edit VLAN Dialog Boxes
•Create and Edit VLAN Group Dialog Boxes
Field Reference
|
|
---|---|
Sequence |
Specify the map sequence number for the VLAN access map. Valid values range from 1 to 65535. |
Match ACLs (Select button) |
Specify which ACLs the sequence should include in its match clause. Enter the names of the standard and extended ACL objects to include in the sequence, or click Select to display an Object Selectors, page F-205. |
Action |
The option to perform on packets that meet the criteria defined in the match ACLs: •Drop—Drops the packets. •Drop/Log—Logs the dropped packets. •Forward—Forwards the packets to their destination (using hardware switching). •Forward/Capture—Sets the capture bit for the forwarded packets so that ports with the capture function enabled also receive the packets. •Redirect—Redirects packets to the Ethernet interfaces defined in the Interfaces field. |
Interfaces (Select button) |
Applies only when the specified action is Redirect. The destination interfaces for redirect packets. Enter the names of up to five physical interfaces, or click Select to open the Interface Selector Dialog Box—VLAN ACL Content. The redirect interfaces must be in the VLAN for which the VACL access map is configured. Note You cannot redirect packets to an EtherChannel member or a VLAN interface. You also cannot redirect packets to a subinterface. |
Use the Interface Selector dialog box to define redirect interfaces when you create entries for a VACL sequence map.
Navigation Path
Open the Create and Edit VLAN ACL Content Dialog Boxes, select Redirect as the action, then click Select in the Interfaces field.
Related Topics
•Create and Edit VLAN ACL Dialog Boxes
Field Reference