Index Numerics
10/100 autonegotiation feature, forced 6-18
10-Gigabit Ethernet or Gigabit Ethernet ports
deploy on WS-X4606-10GE-E and Sup 6-E 6-13
10-Gigabit Ethernet port
deploy with Gigabit Ethernet SFP ports 6-12, 6-13
1400 W DC Power supply
special considerations 10-18
1400 W DC SP Triple Input power supply
special considerations 10-19
802.10 SAID (default) 13-5
802.1Q
trunks 18-6
tunneling
compatibility with other features 25-5
defaults 25-3
described 25-2
tunnel ports with other features 25-6
802.1Q VLANs
encapsulation 15-3
trunk restrictions 15-5
802.1s
See MST
802.1w
See MST
802.1X
See port-based authentication
802.1X authentication
Authentication Failed VLAN assignment 40-17
for Critical Authentication 40-14
for guest VLANs 40-11
for MAC Authentication Bypass 40-12
for Unidirectional Controlled Port 40-15
VLAN User Distribution 40-16
web-based authentication 40-14
with port security 40-19
with VLAN assignment 40-10
with voice VLAN ports 40-22
802.1X Host Mode 40-6
multiauthentication mode 40-8
multidomain authentication mode 40-7
single-host 40-7
802.3ad
See LACP
A
AAA 44-1
AAA (authentication, authorization, and accounting). See also port-based authentication. 42-2
abbreviating commands 2-5
access control entries
See ACEs
access control entries and lists 44-1
access-group mode, configuring on Layer 2 interface 47-39
access-group mode, using PACL with 47-39
access list filtering, SPAN enhancement 51-13
access lists
using with WCCP 64-8
access ports
and Layer 2 protocol tunneling 25-15
configure port security 43-7, 43-22
configuring 15-8
access VLANs 15-6
accounting
with RADIUS 40-108
with TACACS+ 3-16, 3-21
ACEs
ACLs 47-2
IP 47-3
Layer 4 operation restrictions 47-16
ACEs and ACLs 44-1
ACL assignments, port-based authentication 40-20
ACL assignments and redirect URLs, configure 40-38
ACL configuration, displaying a Layer 2 interface 47-40
ACLs
ACEs 47-2
and SPAN 51-5
and TCAM programming for Sup 6-E 47-16
and TCAM programming for Sup II-Plus thru V-10GE 47-7
applying IPv6 ACLs to a Layer 3 interface 47-24
applying on routed packets 47-34
applying on switched packets 47-33
chaning the TCAM programming algorithm 47-9
compatibility on the same switch 47-3
configuring with VLAN maps 47-32
CPU impact 47-18
downloadable 42-7
hardware and software support 47-6
IP, matching criteria for port ACLs 47-4
MAC extended 47-20
matching criteria for router ACLs 47-3
port
and voice VLAN 47-5
defined 47-3
processing 47-18
resize the TCAM regions 47-11
selecting mode of capturing control packets 47-13
TCAM programming algorithm 47-8
troubleshooting high CPU 47-12
types supported 47-3
understanding 47-2
VLAN maps 47-5
ACLs, applying to a Layer 2 interface 47-40
ACLs and VLAN maps, examples 47-26
acronyms, list of A-1
action drivers, marking 37-71
active queue management 37-14
active queue management via DBL, QoS on Sup 6-E 37-84
active traffic monitoring, IP SLAs 60-1
adding members to a community 12-9
addresses
displaying the MAC table 4-35
dynamic
changing the aging time 4-21
defined 4-19
learning 4-20
removing 4-22
IPv6 48-2
MAC, discovering 4-35
See MAC addresses
static
adding and removing 4-27
defined 4-19
address resolution 4-35
adjacency tables
description 31-2
displaying statistics 31-9
administrative VLAN
REP, configuring 20-9
administrative VLAN, REP 20-8
advertisements
LLDP 1-5, 27-2
advertisements, VTP
See VTP advertisements
aggregation switch, enabling DHCP snooping 45-9
aging time
MAC address table 4-21
All Auth manager sessions, displaying summary 40-114
All Auth manager sessions on the switch authorized for a specified authentication method 40-115
ANCP client
enabling and configuring 34-2
guidelines and restrictions 34-5
identify a port with DHCP option 82 34-4
identify a port with protocol 34-2
overview 34-1
ANCP protocol
identifying a port with 34-2
applying IPv6 ACLs to a Layer 3 interface 47-24
AQM via DBL, QoS on Sup 6-E 37-84
archiving crashfiles information 2-8
ARP
defined 4-35
table
address resolution 4-35
managing 4-35
asymmetrical links, and 802.1Q tunneling 25-3
attributes, RADIUS
vendor-proprietary 40-111
vendor-specific 40-109
authentication
NTP associations 4-4
RADIUS
key 40-101
login 40-103
See also port-based authentication
TACACS+
defined 3-16
key 3-18
login 3-19
Authentication, Authorization, and Accounting (AAA) 44-1
Authentication Failed, configuring 80.1X 40-68
Authentication methods registered with the Auth manager, determining 40-114
authentication open comand 40-8
authentication proxy web pages 42-4
authentication server
defined 40-3
RADIUS server 40-3
Auth manager session for an interface, verifying 40-115
Auth manager summary, displaying 40-114
authoritative time source, described 4-2
authorization
with RADIUS 40-107
with TACACS+ 3-16, 3-21
authorized and unauthorized ports 40-5
authorized ports with 802.1X 40-5
autoconfiguration 3-2
automatic discovery
considerations 12-7
automatic QoS
See QoS
Auto-MDIX on a port
configuring 6-28
displaying the configuration 6-29
overview 6-27
autonegotiation feature
forced 10/100Mbps 6-18
Auto-QoS
configuring 37-56
Auto SmartPorts built-in macros
configuring parameters 17-6
Auto SmartPorts macros
built-in macros 17-4
configuration guidelines 17-4
default configuration 17-3
defined 17-1
displaying 17-13
enabling 17-3
IOS shell 17-2, 17-9
Auto Smartports macros
defined 1-2
Auto SmartPorts user-defined macros
configuring 17-9
auto-sync command 8-8
Auto SmartPorts macros
See also SmartPorts macros
Auto Smartports macros
See also Smartports macros
B
Baby Giants
interacting with 6-26
BackboneFast
adding a switch (figure) 21-4
and MST 18-23
configuring 21-16
link failure (figure) 21-14, 21-15
not supported MST 18-23
understanding 21-14
See also STP
banners
configuring
login 4-19
message-of-the-day login 4-18
default configuration 4-18
when displayed 4-17
b command 63-3
b flash command 63-3
BGP 1-13
routing session with multi-VRF CE 36-12
blocking packets 49-1
blocking state (STP)
RSTP comparisons (table) 18-24
boot bootldr command 3-31
boot command 3-28
boot commands 63-3
boot fields
See configuration register boot fields
bootstrap program
See ROM monitor
boot system command 3-26, 3-31
boot system flash command 3-28
Border Gateway Protocol
See BGP
boundary ports
description 18-27
BPDU Guard
and MST 18-23
configuring 21-16
overview 21-8
BPDUs
and media speed 18-2
pseudobridges and 18-25
what they contain 18-3
bridge ID
See STP bridge ID
bridge priority (STP) 18-17
bridge protocol data units
See BPDUs
Broadcast Storm Control
disabling 50-6
enabling 50-3
Built-in macros and user-defined triggers, configuring mapping 17-9
burst rate 37-52
burst size 37-27
C
cache engine clusters 64-1
cache engines 64-1
cache farms
See cache engine clusters
Call Home
description 1-19, 59-2
message format options 59-2
messages
format options 59-2
call home 59-1
alert groups 59-6
configuring e-mail options 59-9
contact information 59-4
default settings 59-18
destination profiles 59-5
displaying information 59-14
mail-server priority 59-10
pattern matching 59-9
periodic notification 59-8
rate limit messages 59-9
severity threshold 59-8
smart call home feature 59-2
SMTP server 59-9
testing communications 59-10
call home alert groups
configuring 59-6
description 59-6
subscribing 59-7
call home contacts
assigning information 59-4
call home destination profiles
attributes 59-5
configuring 59-5
description 59-5
displaying 59-16
call home notifications
full-txt format for syslog 59-25
XML format for syslog 59-28
candidates
automatic discovery 12-7
candidate switch, cluster
defined 12-12
Capturing control packets
selecting mode 47-13
cautions
Unicast RPF
BGP optional attributes 32-5
cautions for passwords
encrypting 3-22
CDP
and trusted boundary 37-21
automatic discovery in communities 12-7
configuration 26-2
defined with LLDP 27-1
displaying configuration 26-3
enabling on interfaces 26-3
host presence detection 40-8
Layer 2 protocol tunneling 25-13
maintaining 26-3
monitoring 26-3
overview 1-3, 26-1
cdp enable command 26-3
CEF
adjacency tables 31-2
and NSF with SSO 9-5
configuring load balancing 31-7
displaying statistics 31-8
enabling 31-6, 62-2
hardware switching 31-4
load balancing 31-6
overview 31-1
software switching 31-4
certificate authority (CA) 59-3
CFM
and Ethernet OAM, configuring 57-51
and Ethernet OAM interaction 57-51
clearing 57-31
configuration guidelines 57-7, 58-4
configuring crosscheck for VLANs 57-11
configuring fault alarms 57-16
configuring port MEP 57-14
configuring static remote MEP 57-13, 57-16, 57-18
crosscheck 57-5
defined 57-2
EtherChannel support 57-7, 58-4
fault alarms
configuring 57-16
IP SLAs support for 57-6
IP SLAs with endpoint discovers 57-21
maintenance domain 57-2
manually configuring IP SLAs ping or jitter 57-19
measuring network performance 57-6
monitoring 57-32, 57-33
port MEP, configuring 57-14
remote MEPs 57-5
static RMEP, configuring 57-13, 57-16, 57-18
static RMEP check 57-5
Y.1731
described 57-27
CGMP
overview 23-1
Change of Authorization, RADIUS 40-94
channel-group group command 22-8, 22-10
Cisco 7600 series Internet router
enabling SNMP 65-4, 65-5
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco IOS IP SLAs 60-2
Cisco IOS NSF-aware
support 9-2
Cisco IOS NSF-capable support 9-2
Cisco IP Phones
configuring 38-3
sound quality 38-1
CiscoWorks 2000 54-4
CIST
description 18-22
civic location 27-3
class level, configure in a service policy 37-82
class-map command 37-28
class of service
See CoS
clear cdp counters command 26-4
clear cdp table command 26-3
clear counters command 6-31
clearing
Ethernet CFM 57-31
IP multicast table entries 33-28
clear ip eigrp neighbors command 30-19
clear ip flow stats command 56-9
CLI
accessing 2-2
backing out one level 2-5
getting commands 2-5
history substitution 2-4
managing clusters 12-13
modes 2-5
monitoring environments 51-1
ROM monitor 2-7
software basics 2-4
clients
in 802.1X authentication 40-3
clock
See system clock
clustering switches
command switch characteristics
and VTY 12-12
convert to a community 12-10
managing
through CLI 12-13
overview 12-2
planning considerations
CLI 12-13
passwords 12-8
CoA Request Commands 40-97
command-line processing 2-3
command modes 2-5
commands
b 63-3
b flash 63-3
boot 63-3
confreg 63-3
dev 63-3
dir device 63-3
frame 63-5
i 63-3
listing 2-5
meminfo 63-5
reset 63-3
ROM monitor 63-2 to 63-3
ROM monitor debugging 63-5
SNMP 65-4
sysret 63-5
command switch, cluster
requirements 12-11
common and internal spanning tree
See CIST
common spanning tree
See CST
community of switches
access modes in Network Assistant 12-9
adding devices 12-9
communication protocols 12-8
community name 12-8
configuration information 12-9
converting from a cluster 12-10
host name 12-8
passwords 12-8
community ports 39-3
community strings
configuring 54-7
overview 54-4
community VLANs 39-2, 39-3
configure as a PVLAN 39-15
compiling MIBs 65-4
config-register command 3-29
config terminal command 3-9
configurable leave timer,IGMP 23-4
configuration examples
SNMP 54-15
configuration files
limiting TFTP server access 54-15
obtaining with DHCP 3-6
saving 3-10
system contact and location information 54-14
configuration guidelines
CFM 57-7, 58-4
Ethernet OAM 57-35
REP 20-7
SNMP 54-6
VLAN mapping 25-10
configuration register
boot fields
listing value 3-29
modifying 3-28
changing from ROM monitor 63-3
changing settings 3-28 to 3-29
configuring 3-26
settings at startup 3-27
configure class-level queue-limit in a service policy 37-82
configure terminal command 3-29, 6-2
configuring access-group mode on Layer 2 interface 47-39
configuring flow control 6-20
configuring interface link and trunk status envents 6-32
configuring named IPv6 ACLs 47-23
configuring named MAC extended ACLs 47-20, 47-22
configuring unicast MAC address filtering 47-20
configuring VLAN maps 47-24
confreg command 63-3
Connectivity Fault Management
See CFM
console configuration mode 2-5
console download 63-4 to 63-5
console port
disconnecting user sessions 7-7
monitoring user sessions 7-6
contact information
assigning for call home 59-4
controlling switch access with RADIUS 40-92
Control Plane Policing
and Layer 2 Control packet QoS, configuration example 44-14
configuration guidelines and restrictions 44-8
configuring for control plane traffic 44-4
configuring for data plane and management plan traffic 44-6
defaults 44-4
general guidelines 44-3
monitoring 44-9
understanding 44-2
control protocol, IP SLAs 60-4
convergence
REP 20-4
copy running-config startup-config command 3-10
copy system:running-config nvram:startup-config command 3-32
CoS
definition 37-4
figure 37-3
overriding on Cisco IP Phones 38-5
priority 38-5
CoS Mutation
configuring 37-36
CoS-to-DSCP maps 37-53
CoS value, configuring for an interface 37-49
counters
clearing MFIB 33-28
clearing on interfaces 6-31
CPU, impact of ACL processing 47-18
CPU port sniffing 51-10
crashfiles information, archiving 2-8
Critical Authentication
configure with 802.1X 40-60
crosscheck, CFM 57-5, 57-11
CST
description 18-25
IST and 18-22
MST and 18-22
customer edge devices 36-2
C-VLAN 1-2, 25-7
D
database agent
configuration examples 45-15
enabling the DHCP Snooping 45-13
daylight saving time 4-13
debug commands, ROM monitor 63-5
default configuration
802.1X 40-27
auto-QoS 37-57
banners 4-18
DNS 4-16
Ethernet OAM 57-35
IGMP filtering 23-20
IGMP snooping 24-5, 24-6
IP SLAs 60-7
IPv6 48-7
Layer 2 protocol tunneling 25-16
LLDP 27-4
MAC address table 4-21
multi-VRF CE 36-3
NTP 4-4
private VLANs 39-12
RADIUS 40-100
REP 20-7
resetting the interface 6-34
RMON 61-3
SNMP 54-5
SPAN and RSPAN 51-6
system message logging 52-3
TACACS+ 3-18
VLAN mapping 25-9
Y.1731 57-29
default gateway
configuring 3-11
verifying configuration 3-11
default settings, erase commad 3-32
default web-based authentication configuration
802.1X 42-6
denial-of-service attacks
IP address spoofing, mitigating 32-5
Unicast RPF, deploying 32-5
denying access to a server on another VLAN 47-31
deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports 6-12, 6-13
deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports on WS-X4606-10GE-E and Sup 6-E 6-13
description command 6-20
dev command 63-3
device discovery protocol 27-1
device IDs
call home format 59-21, 59-22
DHCP
configuring
rate limit for incoming packets 45-13
denial-of-service attacks, preventing 45-13
rate limiting of packets
configuring 45-13
DHCP-based autoconfiguration
client request message exchange 3-3
configuring
client side 3-3
DNS 3-5
relay device 3-5
server-side 3-4
TFTP server 3-4
example 3-7
lease options
for IP address information 3-4
for receiving the configuration file 3-4
overview 3-2
relationship to BOOTP 3-3
DHCP option 82
identifying a port with 34-4
overview 45-4
DHCP Snooping
enabling, and Option 82 45-10
DHCP snooping
accepting untrusted packets form edge switch 45-10
configuring 45-6
default configuration 45-7
displaying binding tables 45-19
displaying configuration 45-19
displaying information 45-18
enabling 45-7
enabling on private VLAN 45-12
enabling on the aggregation switch 45-9
enabling the database agent 45-13
message exchange process 45-4
monitoring 45-23
option 82 data insertion 45-4
overview 45-1
Snooping database agent 45-2
DHCP Snooping Database Agent
adding to the database (example) 45-18
enabling (example) 45-15
overview 45-2
reading from a TFTP file (example) 45-17
Diagnostics
online 62-1
Power-On-Self-Test
causes of failure 62-21
how it works 62-10
overview 62-10
Power-On-Self-Test for Supervisor Engine V-10GE 62-15
Differentiated Services Code Point values
See DSCP values
DiffServ architecture, QoS 37-2
Digital optical monitoring transceiver support 6-16
dir device command 63-3
disabled state
RSTP comparisons (table) 18-24
disabling
broadcast storm control 50-6
disabling multicast storm control 50-7
disconnect command 7-7
discovery, clusters
See automatic discovery
discovery, Ethernet OAM 57-34
display dection and removal events 11-7
displaying
Auth Manager sumary for an interface 40-114
MAB details 40-117
summary of all Auth manager sessions 40-114
summary of all Auth manager sessions on the switch authorized for a specified authentication method 40-115
displaying EtherChannel to a Virtual Switch System 22-16
displaying storm control 50-8
display PoE consumed by a module 11-8
display PoE detection and removal events 11-7
DNS
and DHCP-based autoconfiguration 3-5
default configuration 4-16
displaying the configuration 4-17
overview 4-15
setting up 4-16
domain names
DNS 4-15
Domain Name System
See DNS
double-tagged packets
802.1Q tunneling 25-2
Layer 2 protocol tunneling 25-15
downloading MIBs 65-3, 65-4
drop threshold for Layer 2 protocol packets 25-16
DSCP maps 37-53
DSCP-to-CoS maps
configuring 37-55
DSCP values
configuring maps 37-53
definition 37-4
IP precedence 37-3
mapping markdown 37-18
mapping to transmit queues 37-51
DSCP values, configuring port value 37-49
DTP
VLAN trunks and 15-3
duplex command 6-19
duplex mode
configuring interface 6-17
dynamic ARP inspection
ARP cache poisoning 46-2
configuring
ACLs for non-DHCP environments 46-11
in DHCP environments 46-5
log buffer 46-14
rate limit for incoming ARP packets 46-16
denial-of-service attacks, preventing 46-16
interface trust state, security coverage 46-3
log buffer
configuring 46-14
logging of dropped packets 46-4
overview 46-1
port channels, their behavior 46-5
priority of static bindings 46-4
purpose of 46-2
rate limiting of ARP packets 46-4
configuring 46-16
validation checks, performing 46-19
dynamic buffer limiting
globally 37-23
on specific CoS values 37-25
on specific IP DSCP values 37-24
Dynamic Host Configuration Protocol snooping
See DHCP snooping
dynamic port VLAN membership
example 13-29
limit on hosts 13-29
reconfirming 13-26
troubleshooting 13-29
Dynamic Trunking Protocol
See DTP
E
EAP frames
changing retransmission time 40-82
exchanging (figure) 40-4, 40-6, 40-13
request/identity 40-4
response/identity 40-4
setting retransmission number 40-83
EAPOL frames
802.1X authentication and 40-3
OTP authentication, example (figure) 40-4, 40-13
start 40-4
edge ports
description 18-27
EGP
overview 1-13
EIGRP
configuration examples 30-19
monitoring and maintaining 30-19
EIGRP (Enhanced IGRP)
stub routing
benefits 30-17
configuration tasks 30-18
configuring 30-14
overview 30-14
restrictions 30-17
verifying 30-18
EIGRP (enhanced IGRP)
overview 1-14
eigrp stub command 30-18
EIGRP stub routing, configuring 30-13
ELIN location 27-3
e-mail addresses
assigning for call home 59-4
e-mail notifications
Call Home 1-19, 59-2
Embedded CiscoView
displaying information 4-39
installing and configuring 4-36
overview 4-36
emergency alarms on Sup Engine 6-E systems 10-3
enable command 3-9, 3-28
enable mode 2-5
enabling or disabling QOS on an interface 37-46
enabling SNMP 65-4, 65-5
encapsulation types 15-3
Energy Efficient Ethernet 10-22
Enhanced Interior Gateway Routing Protocol
See EIGRP
Enhanced PoE support on E-series 11-15
environmental conditions
Sup Engine 6-E 10-3
Sup Engines II-Plus to V-10GE 10-2
environmental monitoring
using CLI commands 10-1
EPM logging 40-117
EtherChannel
channel-group group command 22-8, 22-10
configuration guidelines 22-5
configuring 22-6 to 22-15
configuring Layer 2 22-10
configuring Layer 3 22-6
displaying to a virtual switch system 22-16
interface port-channel command 22-7
lacp system-priority
command example 22-13
modes 22-3
overview 22-2
PAgP
Understanding 22-3
physical interface configuration 22-7
port-channel interfaces 22-2
port-channel load-balance command 22-14
removing 22-15
removing interfaces 22-15
EtherChannel guard
disabling 21-7
enabling 21-6
overview 21-6
Ethernet management port
and routing 6-6
and routing protocols 6-6
configuring 6-10
default setting 6-6
described 1-21, 6-6
for network management 1-21, 6-6
specifying 6-10
supported features 6-9
unsupported features 6-10
Ethernet management port, internal
and routing protocols 6-6
Ethernet Management Port, using 6-6
Ethernet OAM 57-34
and CFM interaction 57-51
configuration guidelines 57-35
configuring with CFM 57-51
default configuration 57-35
discovery 57-34
enabling 57-36, 57-52
link monitoring 57-34, 57-38
messages 57-34
protocol
defined 57-33
monitoring 57-49
remote failure indications 57-34
remote loopback 57-34, 57-37
templates 57-45
Ethernet OAM protocol CFM notifications 57-51
Ethernet Remote Defect Indication (ETH-RDI) 57-28
event triggers, user-defined
configuring, 802.1X-based 17-7
configuring, MAC address-based 17-8
explicit host tracking
enabling 23-11
extended range VLANs
See VLANs
Extensible Authentication Protocol over LAN 40-2
Exterior Gateway Protocol
See EGP
F
Fa0 port
See Ethernet management port
Fallback Authentication
configure with 802.1X 40-73
FastDrop
overview 33-11
fastethernet0 port
See Ethernet management port
Fast UDLD
configuring probe message interval 28-8
default configuration 28-4
displaying link status 28-9
enabling globally 28-5
enabling on individual interface 28-7
enabling per-interface 28-6
modes of operation 28-3
resetting disabled LAN interfaces 28-8
use case 28-2
Fast UDLD, overview 28-1
FIB
description 31-2
See also MFIB
fiber-optics interfaces
disabling UDLD 28-7
Filter-ID ACL and Per-User ACL, configureport-based authentication
configure Per-User ACL and Filter-ID ACL 40-44
filtering
in a VLAN 47-25
non-IP traffic 47-20, 47-22
flags 33-12
Flash memory
configuring router to boot from 3-31
loading system images from 3-30
security precautions 3-31
Flex Links
configuration guidelines 19-6
configuring 19-6, 19-7
configuring preferred VLAN 19-9
configuring VLAN load balancing 19-8
monitoring 19-12
flooded traffic, blocking 49-2
flowchart, traffic marking procedure 37-72
flow control, configuring 6-20
For 11-13
forward-delay time (STP)
configuring 18-19
forwarding information base
See FIB
frame command 63-5
G
gateway
See default gateway
get-bulk-request operation 54-3
get-next-request operation 54-3, 54-4
get-request operation 54-3, 54-4
get-response operation 54-3
Gigabit Ethernet SFP ports
deploy with 10-Gigabit Ethernet 6-12, 6-13
global configuration mode 2-5
Guest-VLANs
configure with 802.1X 40-55
H
hardware and software ACL support 47-6
hardware switching 31-5
hello time (STP)
configuring 18-17
hierarchical policers, configuring 37-41
high CPU due to ACLs, troubleshooting 47-12
history
CLI 2-4
history table, level and number of syslog messages 52-9
hop counts
configuring MST bridges 18-28
host
limit on dynamic port 13-29
host ports
kinds of 39-4
host presence CDP message 40-8
Hot Standby Routing Protocol
See HSRP
HSRP
description 1-12
http
//www.cisco.com/en/US/docs/ios/12_4/ip_sla/configuration/guide/hsla_c.html 60-1, 60-4, 60-6, 60-7
//www.cisco.com/en/US/docs/ios/fundamentals/command reference/cf_book.html 52-1, 54-1, 61-1
hw-module module num power command 10-21
I
ICMP
enabling 7-12
ping 7-7
running IP traceroute 7-9
time exceeded messages 7-9
ICMP Echo operation
configuring 60-12
IP SLAs 60-11
i command 63-3
IDS
using with SPAN and RSPAN 51-2
IEEE 802.1ag 57-2
IEEE 802.1s
See MST
IEEE 802.1w
See MST
IEEE 802.3ad
See LACP
IEEE 802.3az Energy Efficient Ethernet 10-22
IGMP
configurable-leave timer 23-4
description 33-3
enabling 33-14
explicit host tracking 23-4
immediate-leave processing 23-3
leave processing, enabling 24-8
overview 23-1
report suppression
disabling 24-10
IGMP filtering
configuring 23-21
default configuration 23-20
described 23-20
monitoring 23-24
IGMP groups
setting the maximum number 23-23
IGMP Immediate Leave
configuration guidelines 23-9
IGMP profile
applying 23-22
configuration mode 23-21
configuring 23-21
IGMP Snooping
configure
leave timer 23-9
configuring
Learning Methods 23-7
static connection to a multicast router 23-8
configuring host statically 23-11
enabling
Immediate-Leave processing
explicit host tracking 23-11
suppressing multicast flooding 23-12
IGMP snooping
configuration guidelines 23-5
default configuration 24-5, 24-6
enabling
globally 23-6
on a VLAN 23-6
enabling and disabling 24-6
IP multicast and 33-4
monitoring 23-14, 24-11
overview 23-1
IGMP Snooping, displaying
group 23-16
hot membership 23-15
how to 23-15
MAC address entries 23-18
multicast router interfaces 23-17
on a VLAN interface 23-18
Querier information 23-19
IGMPSnooping Querier, configuring 23-10
Immediate Leave, IGMP
enabling 24-8
immediate-leave processing
enabling 23-8
IGMP
See fast-leave processing
ingress packets, SPAN enhancement 51-12
inline power
configuring on Cisco IP phones 38-5
insufficient inline power handling for Supervisor Engine II-TS 10-19
Intelligent Power Management 11-4
interacting with Baby Giants 6-26
interface command 3-9, 6-2
interface configuration
REP 20-10
interface link and trunk status events
configuring 6-32
interface port-channel command 22-7
interface range command 6-4
interface range macro command 6-10
interfaces
adding descriptive name 6-20
clearing counters 6-31
configuring 6-2
configuring ranges 6-4
displaying information about 6-30
Layer 2 modes 15-4
maintaining 6-30
monitoring 6-30
naming 6-20
numbers 6-2
overview 6-2
restarting 6-31, 6-32
See also Layer 2 interfaces
using the Ethernet Management Port 6-6
Internet Control Message Protocol
See ICMP
Internet Group Management Protocol
See IGMP
Internet Protocol version 6
See IPv6
Inter-Switch Link encapsulation
See ISL encapsulation
Intrusion Detection System
See IDS
inventory management TLV 27-3, 27-8
IOS shell
See Auto SmartPorts macros
IP
configuring default gateway 3-11
configuring static routes 3-11
displaying statistics 31-8
flow switching cache 56-9
IP addresses
128-bit 48-2
cluster candidate or member 12-12
cluster command switch 12-11
discovering 4-35
IPv6 48-2
ip cef command 31-6, 62-2
IP Enhanced IGRP
interfaces, displaying 30-19
ip flow-aggregation cache destination-prefix command 56-11
ip flow-aggregation cache prefix command 56-11
ip flow-aggregation cache source-prefix command 56-12
ip flow-export command 56-9
ip icmp rate-limit unreachable command 7-12
ip igmp profile command 23-21
ip igmp snooping tcn flood command 23-13
ip igmp snooping tcn flood query count command 23-14
ip igmp snooping tcn query solicit command 23-14
IP information
assigned
through DHCP-based autoconfiguration 3-2
ip load-sharing per-destination command 31-7
ip local policy route-map command 35-8
ip mask-reply command 7-13
IP MTU sizes,configuring 30-9
IP multicast
clearing table entries 33-28
configuring 33-13
default configuration 33-13
displaying PIM information 33-23
displaying the routing table information 33-23
enabling dense-mode PIM 33-15
enabling sparse-mode 33-15
features not supported 33-13
hardware forwarding 33-9
IGMP snooping and 23-5, 33-4
overview 33-1
routing protocols 33-2
software forwarding 33-9
See also Auto-RP; IGMP; PIM; RP; RPF
IP multicast routing
enabling 33-14
monitoring and maintaining 33-23
ip multicast-routing command 33-14
IP multicast traffic, load splitting 33-22
IP phones
automatic classification and queueing 37-57
configuring voice ports 38-3
See Cisco IP Phones 38-1
trusted boundary for QoS 37-21
ip pim command 33-15
ip pim dense-mode command 33-15
ip pim sparse-dense-mode command 33-16
ip policy route-map command 35-7
IP Port Security for Static Hosts
on a Layer 2 access port 45-25
on a PVLAN host port 45-28
overview 45-24
ip redirects command 7-13
ip route-cache flow command 56-7
IP routing tables
deleting entries 33-28
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 60-1
IP SLAs
benefits 60-3
CFM endpoint discovery 57-21
Control Protocol 60-4
default configuration 60-7
definition 60-1
ICMP echo operation 60-11
manually configuring CFM ping or jitter 57-19
measuring network performance 60-3
multioperations scheduling 60-6
operation 60-4
responder
described 60-4
enabling 60-8
response time 60-5
scheduling 60-6
SNMP support 60-3
supported metrics 60-3
threshold monitoring 60-6
UDP jitter operation 60-9
IP Source Guard
configuring 45-20
configuring on private VLANs 45-22
displaying 45-22, 45-23
overview 45-23
IP statistics
displaying 31-8
IP traceroute
executing 7-9
overview 7-8
IP unicast
displaying statistics 31-8
IP Unnumbered support
configuring on a range of Ethernet VLANs 14-5
configuring on LAN and VLAN interfaces 14-4
configuring with connected host polling 14-5
DHCP Option 82 14-2
displaying settings 14-6
format of agent remote ID suboptions 14-2
troubleshooting 14-7
with conected host polling 14-3
with DHCP server and Relay agent 14-2
ip unreachables command 7-12
IPv4, IPv6, and MAC ACLs, configuring on a Layer 2 interface 47-38
IPv6
addresses 48-2
default configuration 48-7
defined 1-15, 48-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 48-6
Router ID 48-6
OSPF 48-6
IPv6 control traffic, policing 44-17
IPX
redistribution of route information with EIGRP 1-14
is 25-19
ISL
encapsulation 15-3
trunking with 802.1Q tunneling 25-4
isolated port 39-4
isolated VLANs 39-2, 39-3, 39-4
ISSU
compatibility matrix 5-14
compatiblity verification using Cisco Feature Navigator 5-15
NSF overview 5-3
perform the process
aborting a software upgrade 5-31
configuring the rollback timer as a safeguard 5-32
displaying a compatibility matrix 5-34, 5-37
loading the new software on the new standby 5-24
stopping the rollback timer 5-23
switching to the standby 5-21
verify the ISSU state 5-17
verify the redundancy mode 5-16
verify the software installation 5-16
vload the new software on standby 5-18
prerequisites 5-2
process overview 5-6
restrictions 5-2
SNMP support 5-15
SSO overview 5-3
versioning capability in software to support 5-13
IST
and MST regions 18-22
description 18-22
master 18-27
ITU-T Y.1731
See Y.1731
J
jumbo frames
and ethernet ports 6-24
configuring MTU sizes for 6-25
ports and linecards that support 6-23
understanding MTUs 6-23
understanding support 6-23
VLAN interfaces 6-25
K
keyboard shortcuts 2-3
L
l2protocol-tunnel command 25-17
labels, definition 37-4
LACP
system ID 22-4
Layer 2 access ports 15-8
Layer 2 Control Packet QoS
and CoPP configuration example 44-14
default configuation 44-11
disabling 44-13
enabvling 44-12
guideline and restrictions 44-16
understanding 44-11
Layer 2 frames
classification with CoS 37-2
Layer 2 interface
applying ACLs 47-40
configuring access-mode mode on 47-39
configuring IPv4, IPv6, and MAC ACLs 47-38
displaying an ACL configuration 47-40
Layer 2 interfaces
assigning VLANs 13-7
configuring 15-5
configuring as PVLAN host ports 39-18
configuring as PVLAN promiscuous ports 39-17
configuring as PVLAN trunk ports 39-19
defaults 15-5
disabling configuration 15-9
modes 15-4
show interfaces command 15-7
Layer 2 interface type
resetting 39-24
setting 39-24
Layer 2 protocol tunneling
default configuration 25-16
guidelines 25-16
Layer 2 switching
overview 15-1
Layer 2 Traceroute
and ARP 7-10
and CDP 7-10
host-to-host paths 7-9
IP addresses and subnets 7-10
MAC addresses and VLANs 7-10
multicast traffic 7-10
multiple devices on a port 7-10
unicast traffic 1-30, 7-9
usage guidelines 7-10
Layer 2 trunks
configuring 15-6
overview 15-3
Layer 3 interface, applying IPv6 ACLs 47-24
Layer 3 interface counters,configuring 30-10
Layer 3 interface counters,understanding 30-3
Layer 3 interfaces
changing from Layer 2 mode 36-7
configuration guidelines 30-5
configuring VLANs as interfaces 30-7
overview 30-1
counters 30-3
logical 30-2
physical 30-2
SVI autostate exclude 30-3
Layer 3 packets
classification methods 37-3
Layer 4 port operations
configuration guidelines 47-17
restrictions 47-16
Leave timer, enabling 23-9
limitations on using a TwinGig Convertor 6-14
link and trunk status events
configuring interface 6-32
link integrity, verifying with REP 20-4
Link Layer Discovery Protocol
See CDP
link monitoring, Ethernet OAM 57-34, 57-38
link-state tracking
configuration guidelines 22-21
default configuration 22-21
described 22-18
displaying status 22-22
generic configuration procedure 22-21
link status, displaying UDLD 28-9
listening state (STP)
RSTP comparisons (table) 18-24
LLDP
configuring 27-4
characteristics 27-5
default configuration 27-4
disabling and enabling
globally 27-6
on an interface 27-7
monitoring and maintaining 27-13
overview 27-1
transmission timer and holdtime, setting 27-5
LLDP-MED
configuring
procedures 27-4
TLVs 27-8, 27-10
monitoring and maintaining 27-13
overview 27-1
supported TLVs 27-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing
configuring for CEF 31-7
configuring for EtherChannel 22-14
overview 22-5, 31-6
per-destination 31-7
load splitting IP multicast traffic 33-22
Location Service
overview 27-1
location service
configuring 27-11
understanding 27-3
location TLV 27-3, 27-8
logging, EPM 40-117
Logical Layer 3 interfaces
configuring 30-6
logical layer 3 VLAN interfaces 30-2
login authentication
with RADIUS 40-103
with TACACS+ 3-19
login banners 4-17
login timer
changing 7-6
logoutwarning command 7-6
loop guard
and MST 18-23
configuring 21-5
overview 21-3
M
MAC/PHY configuration status TLV 27-2
MAC addresses
aging time 4-21
allocating 18-6
and VLAN association 4-20
building tables 4-20, 15-2
convert dynamic to sticky secure 43-5
default configuration 4-21
disabling learning on a VLAN 4-30
discovering 4-35
displaying 7-3
displaying in DHCP snooping binding table 45-19
dynamic
learning 4-20
removing 4-22
in ACLs 47-20
static
adding 4-28
allowing 4-29
characteristics of 4-27
dropping 4-29
removing 4-28
sticky 43-4
sticky secure, adding 43-5
MAC address learning, disabling on a VLAN 4-30
confuguring 4-30
deployment scenarios 4-31
feature compatibility 4-33
feature incompatibility 4-34
feature inompatibility 4-34
usage guidelines 4-31
MAC address table
displaying 4-35
MAC address-table move update
configuration guidelines 19-10
configuring 19-10
monitoring 19-12
MAC Authentication Bypass
configure with 802.1X 40-58
MAC details, displaying 40-117
MAC extended access lists 47-20
macros
See Auto SmartPorts macros
See Auto Smartports macros
See Smartports macros
main-cpu command 8-8
management address TLV 27-2
management options
SNMP 54-1
Management Port, Ethernet 6-6
manual preemption, REP, configuring 20-13
mapping
DSCP markdown values 37-18
DSCP values to transmit queues 37-51
mapping tables
configuring DSCP 37-53
described 37-14
marking
hardware capabilities 37-73
marking action drivers 37-71
marking network traffic 37-69
marking support, multi-attribute 37-73
mask destination command 56-11
mask source command 56-11, 56-12
Match CoS for non-IPV4 traffic
configuring 37-31
match ip address command 35-6
maximum aging time (STP)
configuring 18-18
MDA
configuration guidelines 40-23 to ??
described 40-22
members
automatic discovery 12-7
member switch
managing 12-13
member switch, cluster
defined 12-2
meminfo command 63-5
messages, Ethernet OAM 57-34
messages, to users through banners 4-17
Metro features
Ethernet CFM, introduction 1-3
Ethernet OAM Protocol, introduction 1-3
Flex Link and MAC Address-Table Move Update, introduction 1-4
Y.1731 (AIS and RDI), introduction 1-10
metro tags 25-2
MFIB
CEF 33-5
overview 33-12
MFIB, IP
displaying 33-26
MIBs
compiling 65-4
downloading 65-3, 65-4
overview 54-1
related information 65-3
SNMP interaction with 54-4
MLD Done messages and Immediate-leave 24-4
MLD messages 24-2
MLD queries 24-3
MLD reports 24-4
MLD Snooping
MLD Done messages and Immediate-leave 24-4
MLD messages 24-2
MLD queries 24-3
MLD reports 24-4
Multicast client aging robustness 24-3
Multicast router discovery 24-3
overview 24-1
Mode of capturing control packets, selecting 47-13
modules
checking status 7-1
powering down 10-21
monitoring
802.1Q tunneling 25-19
ACL information 47-43
Ethernet CFM 57-32, 57-33
Ethernet OAM 57-49
Ethernet OAM protocol 57-49
Flex Links 19-12
IGMP
snooping 24-11
IGMP filters 23-24
IGMP snooping 23-14
Layer 2 protocol tunneling 25-19
MAC address-table move update 19-12
multicast router interfaces 24-11
multi-VRF CE 36-17
REP 20-14
traffic flowing among switches 61-1
tunneling 25-19
VLAN filters 47-32
VLAN maps 47-32
M-record 18-23
MST
and multiple spanning trees 1-6, 18-22
boundary ports 18-27
BPDUs 18-23
configuration parameters 18-26
configuring 18-29
displaying configurations 18-33
edge ports 18-27
enabling 18-29
hop count 18-28
instances
configuring parameters 18-32
description 18-23
number supported 18-26
interoperability with PVST+ 18-23
link type 18-28
master 18-27
message age 18-28
regions 18-26
restrictions 18-29
to-SST interoperability 18-24
MSTP
EtherChannel guard
enabling 21-6
M-record 18-23
M-tree 18-23
M-tree 18-23
MTUS
understanding 6-23
MTU size
configuring 6-25, 6-26, 6-33
default 13-5
Multi-authentication
described 40-22
multiauthentication mode 40-8
multicast
See IP multicast
Multicast client aging robustness 24-3
multicast Ethernet loopback (ETH-LB) 57-29
multicast Ethernet loopback, using 57-31
multicast groups
static joins 24-7
multicast packets
blocking 49-2
Multicast router discovery 24-3
multicast router interfaces, displaying 23-17
multicast router interfaces, monitoring 24-11
multicast router ports, adding 24-7
multicast routers
flood suppression 23-12
multicast router table
displaying 33-23
Multicast Storm Control
enabling 50-4
disabling 50-7
suppression on Sup 6-E 50-5
suppression on WS-X4014 50-5
suppression on WS-X4016 50-6
WS-X4515, WS-X4014, and WS-X4013+ Sup Engs 50-5
WS-X4516 Sup Eng 50-6
multidomain authentication
See MDA
multidomain authentication mode 40-7
multioperations scheduling, IP SLAs 60-6
Multiple AuthorizationAuthentication
configuring 40-34
Multiple Domain Authentication 40-34
multiple forwarding paths 1-6, 18-22
multiple-hosts mode 40-7
Multiple Spanning Tree
See MST
multiple VPN routing/forwarding
See multi-VRF CE
multi-VRF CE
components 36-3
configuration example 36-13
default configuration 36-3
defined 36-1
displaying 36-17
monitoring 36-17
network components 36-3
packet-forwarding process 36-3
N
named aggregate policers, creating 37-26
named IPv6 ACLs, configuring
ACLs
configuring named IPv6 ACLs 47-23
named MAC extended ACLs
ACLs
configuring named MAC extended 47-20, 47-22
native VLAN
and 802.1Q tunneling 25-4
specifying 15-6
NEAT
configuring 40-85
overview 40-24
neighbor offset numbers, REP 20-5
NetFlow
aggregation
minimum mask,default value 56-11
destination-prefix aggregation
configuration (example) 56-16
minimum mask, configuring 56-11
IP
flow switching cache 56-9
prefix aggregation
configuration (example) 56-14
minimum mask, configuring 56-11
source-prefix aggregation
minimum mask, configuring 56-11
switching
checking for required hardware 56-6
configuration (example) 56-13
configuring switched IP flows 56-8
enabling Collection 56-7
exporting cache entries 56-9
statistics 56-9
NetFlow-lite
clear commands 55-9
display commands 55-8
NetFlow packet sampling
about 55-2
NetFlow statistics
caveats on supervisor 56-6
checking for required hardware 56-6
configuring collection 56-6
enabling Collection 56-7
exporting cache entries 56-9
overview of collection 56-2
switched/bridged IP flows 56-8
Network Assistant
and VTY 12-12
configure
enable communication with switch 12-13, 12-17
default configuration 12-3
overview of CLI commands 12-3
Network Edge Access Topology
See NEAT
network fault tolerance 1-6, 18-22
network management
configuring 26-1
RMON 61-1
SNMP 54-1
network performance, measuring with IP SLAs 60-3
network policy TLV 27-2, 27-8
Network Time Protocol
See NTP
network traffic, marking 37-69
New Software Features in Release 7.7
TDR 7-3
Next Hop Resolution Protocol
See NHRP
NHRP
support 1-14
non-fiber-optics interfaces
disabling UDLD 28-7
non-IP traffic filtering 47-20, 47-22
non-RPF traffic
description 33-10
in redundant configurations (figure) 33-11
Nonstop Forwarding
See NSF
nonvolatile random-access memory
See NVRAM
normal-range VLANs
See VLANs
NSF
defined 9-1
guidelines and restrictions 9-9
operation 9-5
NSF-aware
supervisor engines 9-3
support 9-2
NSF-capable
supervisor engines 9-3
support 9-2
NSF with SSO supervisor engine redundancy
and CEF 9-5
overview 9-4
SSO operation 9-4
NTP
associations
authenticating 4-4
defined 4-2
enabling broadcast messages 4-7
peer 4-6
server 4-6
default configuration 4-4
displaying the configuration 4-11
overview 4-2
restricting access
creating an access group 4-9
disabling NTP services per interface 4-10
source IP address, configuring 4-10
stratum 4-2
synchronizing devices 4-6
time
services 4-2
synchronizing 4-2
NVRAM
saving settings 3-10
O
OAM
client 57-34
features 57-34
sublayer 57-34
OAM manager
configuring 57-52
with CFM and Ethernet OAM 57-51
OAM PDUs 57-35
OAM protocol data units 57-33
OIR
overview 6-30
on-demaind online diagnostics 62-2
online diagnostic
troubleshooting 62-8
Online Diagnostics 62-1
online diagnostics
configuring on-demaind 62-2
data path, displaying test results 62-7
displaying tests and test results 62-4
linecard 62-8
scheduling 62-2
starting and stopping tests 62-3
online insertion and removal
See OIR
Open Shortest Path First
See OSPF
operating system images
See system images
Option 82
enabling DHCP Snooping 45-10
OSPF
area concept 1-15
description 1-14
for IPv6 48-6
P
packets
modifying 37-16
software processed
and QoS 37-16
packet type filtering
overview 51-15
SPAN enhancement 51-15
PACL
using with access-group mode 47-39
PACL configuration guidelines 47-36
PACL with VLAN maps and router ACLs 47-41
PAgP
understanding 22-3
passwords
configuring enable password 3-14
configuring enable secret password 3-14
encrypting 3-22
in clusters 12-8
recovering lost enable password 3-25
setting line password 3-14
PBR (policy-based routing)
configuration (example) 35-8
enabling 35-6
features 35-2
overview 35-1
route-map processing logic 35-3
route-map processing logic example 35-4
route maps 35-2
per-port and VLAN Access Control List 45-19
per-port per-VLAN QoS
enabling 37-43
overview 37-16
Per-User ACL and Filter-ID ACL, configure 40-44
Per-VLAN Rapid Spanning Tree 18-6
enabling 18-20
overview 18-6
PE to CE routing, configuring 36-12
physical layer 3 interfaces 30-2
Physical Layer 3 interfaces, configuring 30-12
PIM
configuring dense mode 33-15
configuring sparse mode 33-15
displaying information 33-23
displaying statistics 33-27
enabling sparse-dense mode 33-15, 33-16
overview 33-3
PIM-DM 33-3
PIM on an interface, enabling 33-14
PIM-SM 33-4
PIM-SSM mapping, enabling 33-17
ping
executing 7-8
overview 7-7
ping command 7-8, 33-23
PoE 11-7, 11-8
configuring power consumption for single device 11-5
Enhanced PoE support on E-series 11-15
policing and monitoring 11-12
power consumption for powered devices
Intelligent Power Management 11-4
powering down a module 10-21
power management modes 11-3
PoE policing
configuring errdisable recovery 11-14
configuring on an interface 11-13
displaying on an interface 11-14
power modes 11-12
point-to-point
in 802.1X authentication (figure) 40-3
police command 37-33
policed-DSCP map 37-54
policers
description 37-6
types of 37-10
policies
See QoS policies
policing
how to implement 37-68
See QoS policing
policing, PoE 11-12
policing IPv6 control traffic 44-17
policy associations, QoS on Sup 6-E 37-85
policy-map command 37-29, 37-31
policy map marking action, configuring 37-73
policy maps
attaching to interfaces 37-35
configuring 37-31
port ACLs
and voice VLAN 47-5
defined 47-3
Port Aggregation Protocol
see PAgP
port-based authentication
802.1X with voice VLAN 40-22
Authentication Failed VLAN assignment 40-17
authentication server
defined 42-2
changing the quiet period 40-81
client, defined 40-3, 42-2
configuration guidelines 40-28, 42-6
configure ACL assignments and redirect URLs 40-38
configure switch-to-RADIUS server communication 40-32
configure with Authentication Failed 40-68
configure with Critical Authentication 40-60
configure with Guest-VLANs 40-55
configure with MAC Authentication Bypass 40-58
configure with VLAN User Distribution 40-65
configure with Voice VLAN 40-70
configuring
Multiple Domain Authentication and Multiple Authorization 40-34
RADIUS server 42-10
RADIUS server parameters on the switch 42-9
configuring Fallback Authentication 40-73
configuring Guest-VLAN 40-32
configuring manual re-authentication of a client 40-91
configuring with Unidirectional Controlled Port 40-63
controlling authorization state 40-5
default configuration 40-27, 42-6
described 40-1
device roles 40-2, 42-2
displaying statistics 40-113, 42-14
enabling 40-28
802.1X authentication 42-9
enabling multiple hosts 40-80
enabling periodic re-authentication 40-78
encapsulation 40-3
host mode 40-6
how 802.1X fails on a port 40-25
initiation and message exchange 40-4
method lists 40-28
modes 40-6
multidomain authentication 40-22
multiple-hosts mode, described 40-7
port security
multiple-hosts mode 40-7
ports not supported 40-5
pre-authentication open access 40-8
resetting to default values 40-92
setting retransmission number 40-83
setting retransmission time 40-82
switch
as proxy 42-2
switch supplicant
configuring 40-85
overview 40-24
topologies, supported 40-25
using with ACL assignments and redirect URLs 40-20
using with port security 40-19
with Critical Authentication 40-14
with Guest VLANs 40-11
with MAC Authentication Bypass 40-12
with Unidirectional Controlled Port 40-15
with VLAN assignment 40-10
with VLAN User Distribution 40-16
port-based QoS features
See QoS
port-channel interfaces
See also EtherChannel
creating 22-7
overview 22-2
port-channel load-balance
command 22-13
command example 22-13
port-channel load-balance command 22-14
port cost (STP)
configuring 18-15
port description TLV 27-2
PortFast
and MST 18-23
BPDU filter, configuring 21-10
configuring or enabling 21-16
overview 21-7
PortFast BPDU filtering
and MST 18-23
enabling 21-10
overview 21-9
port numbering with TwinGig Convertors 6-13
port priority
configuring MST instances 18-32
configuring STP 18-13
ports
blocking 49-1
checking status 7-2
dynamic VLAN membership
example 13-29
reconfirming 13-26
forwarding, resuming 49-3
REP 20-6
See also interfaces
port security
aging 43-5
and QoS trusted boundary 37-21
configuring 43-7
displaying 43-28
guidelines and restrictions 43-33
on access ports 43-7, 43-22
on private VLAN 43-14
host 43-14
over Layer 2 EtherChannel 43-33
promiscuous 43-16
topology 43-15, 43-18, 43-33
on trunk port 43-17
guidelines and restrictions 43-15, 43-18, 43-33
port mode changes 43-22
on voice ports 43-22
sticky learning 43-5
using with 802.1X 40-19
violations 43-6
with 802.1X Authentication 43-32
with DHCP and IP Source Guard 43-31
with other features 43-33
port states
description 18-5
port trust state
See trust states
port VLAN ID TLV 27-2
power
inline 38-5
power dc input command 10-19
power handling for Supervisor Engine II-TS 11-12
power inline command 11-3
power inline consumption command 11-5
power management
Catalyst 4500 series 10-6
Catalyst 4500 Switch power supplies 10-13
Catalyst 4948 series 10-22
configuring combined mode 10-12
configuring redundant mode 10-11
overview 10-1
redundancy 10-6
power management for Catalyst 4500 Switch
combined mode 10-8
redundant mode 10-8
power management limitations in Catalyst 4500 Switch 10-9
power management mode
selecting 10-8
power management TLV 27-2, 27-8
power negotiation
through LLDP 27-10
Power-On-Self-Test diagnostics 62-10, 62-21
Power-On-Self-Test for Supervisor Engine V-10GE 62-15
power redundancy-mode command 10-12
power supplies
available power for Catalyst 4500 Switch 10-13
fixed 10-7
variable 10-7, 10-22
pre-authentication open access 40-8
pre-authentication open access. See port-based authentication.
preempt delay time, REP 20-5
primary edge port, REP 20-4
primary VLANs 39-2, 39-4
associating with secondary VLANs 39-16
configuring as a PVLAN 39-15
priority
overriding CoS of incoming frames 38-5
priority queuing, QoS on Sup 6-E 37-80
private VLAN
configure port security 43-14, 43-15
enabling DHCP Snooping 45-12
private VLANs
across multiple switches 39-5
and SVIs 39-10
benefits of 39-2
community ports 39-3
community VLANs 39-2, 39-3
default configuration 39-12
end station access to 39-3
isolated port 39-4
isolated VLANs 39-2, 39-3, 39-4
ports
community 39-3
isolated 39-4
promiscuous 39-4
primary VLANs 39-2, 39-4
promiscuous ports 39-4
secondary VLANs 39-2
subdomains 39-2
traffic in 39-9
privileged EXEC mode 2-5
privileges
changing default 3-23
configuring levels 3-23
exiting 3-24
logging in 3-24
promiscuous ports
configuring PVLAN 39-17
defined 39-4
setting mode 39-24
protocol timers 18-4
provider edge devices 36-2
pruning, VTP
See VTP pruning
pseudobridges
description 18-25
PVACL 45-19
PVID (port VLAN ID)
and 802.1X with voice VLAN ports 40-22
PVLAN promiscuous trunk port
configuring 39-11, 39-17, 39-21
PVLANs
802.1q support 39-14
across multiple switches 39-5
configuration guidelines 39-12
configure port security 43-14, 43-16, 43-18
configure port security in a wireless setting 43-33
configure port security over Layer 2 EtherChannel 43-33
configuring 39-11
configuring a VLAN 39-15
configuring promiscuous ports 39-17
host ports
configuring a Layer 2 interface 39-18
setting 39-24
overview 39-1
permitting routing, example 39-23
promiscuous mode
setting 39-24
setting
interface mode 39-24
Q
QoS
allocating bandwidth 37-51
and software processed packets 37-16
auto-QoS
configuration and defaults display 37-60
configuration guidelines 37-58
described 37-56
displaying 37-60
effects on NVRAM configuration 37-58
enabling for VoIP 37-59
basic model 37-6
burst size 37-27
classification 37-6 to 37-10
configuration guidelines 37-19
auto-QoS 37-58
configuring
auto-QoS 37-56
DSCP maps 37-53
dynamic buffer limiting 37-22
traffic shaping 37-52
trusted boundary 37-21
configuring UBRL 37-37
configuring VLAN-based on Layer 2 interfaces 37-46
creating named aggregate policers 37-26
creating policing rules 37-28
default auto configuration 37-57
default configuration 37-18
definitions 37-4
disabling on interfaces 37-35
enabling and disabling 37-46
enabling hierarchical policers 37-41
enabling on interfaces 37-35
enabling per-port per-VLAN 37-43
flowcharts 37-8, 37-12
IP phones
automatic classification and queueing 37-57
detection and trusted settings 37-21, 37-57
overview 37-2
overview of per-port per-VLAN 37-16
packet modification 37-16
port-based 37-46
priority 37-15
traffic shaping 37-16
transmit rate 37-52
trust states
trusted device 37-21
VLAN-based 37-46
See also COS; DSCP values; transmit queues
QoS active queue management
tracking queue length 37-14
QoS labels
definition 37-4
QoS mapping tables
CoS-to-DSCP 37-53
DSCP-to-CoS 37-55
policed-DSCP 37-54
types 37-14
QoS marking
description 37-5
QoS on Sup 6-E
Active Queue management via DBL 37-84
active queue management via DBL 37-78, 37-84
classification 37-66
configuring 37-63
configuring CoS mutation 37-88
configuring the policy map marking action 37-73
hardware capabilities for marking 37-73
how to implement policing 37-68
marking action drivers 37-71
marking network traffic 37-69
MQC-based QoS configuration 37-63
multi-attribute marking support 37-73
platform hardware capabilities 37-66
platform restrictions 37-68
platform-supported classification criteria and QoS features 37-63, 37-65
policing 37-67
policy associations 37-85
prerequisites for applying a service policy 37-66
priority queuing 37-80
queue-limiting 37-82
restrictions for applying a service policy 37-66
shaping 37-76
sharing(bandwidth) 37-78
sharing(blandwidth), shapring, and priority queuing 37-75
software QoS 37-87
traffic marking procedure flowchart 37-72
QoS policers
burst size 37-27
types of 37-10
QoS policing
definition 37-5
described 37-6, 37-10
QoS policy
attaching to interfaces 37-11
overview of configuration 37-28
QoS service policy
prerequisites 37-66
restrictions for applying 37-66
QoS transmit queues
allocating bandwidth 37-51
burst 37-16
configuring traffic shaping 37-52
mapping DHCP values to 37-51
maximum rate 37-16
overview 37-14
sharing link bandwidth 37-15
QoS transmit queues, configuring 37-50
Quality of service
See QoS
queueing 37-6, 37-14
queue-limiting, QoS on Sup 6-E 37-82
R
RADIUS
attributes
vendor-proprietary 40-111
vendor-specific 40-109
change of authorization 40-94
configuring
accounting 40-108
authentication 40-103
authorization 40-107
communication, global 40-101, 40-109
communication, per-server 40-100, 40-101
multiple UDP ports 40-101
default configuration 40-100
defining AAA server groups 40-105
displaying the configuration 40-113
identifying the server 40-100
limiting the services to the user 40-107
method list, defined 40-100
operation of 40-94
server load balancing 40-113
suggested network environments 40-93
tracking services accessed by user 40-108
understanding 40-93
RADIUS, controlling switch access with 40-92
RADIUS Change of Authorization 40-94
RADIUS server
configure to-Switch communication 40-32
configuring settings 40-34
parameters on the switch 40-32
RA Guard
configuring 47-45
deployment 47-44
examples 47-45
introduction 47-43
usage guidelines 47-46
range command 6-4
range macros
defining 6-10
ranges of interfaces
configuring 6-4
Rapid Spanning Tree
See RSTP
rcommand command 12-13
re-authentication of a client
configuring manual 40-91
enabling periodic 40-78
redirect URLs, port-based authentication 40-20
reduced MAC address 18-2
redundancy
configuring 8-8
guidelines and restrictions 8-5
changes made through SNMP 8-12
NSF-aware support 9-2
NSF-capable support 9-2
overview 8-2
redundancy command 8-8
understanding synchronization 8-4
redundancy (NSF) 9-1
configuring
BGP 9-12
CEF 9-11
EIGRP 9-17
IS-IS 9-14
OSPF 9-13
routing protocols 9-5
redundancy (RPR)
route processor redundancy 8-3
synchronization 8-5
redundancy (SSO)
redundancy command 9-10
route processor redundancy 8-3
synchronization 8-5
reload command 3-28, 3-29
Remote Authentication Dial-In User Service
See RADIUS
remote failure indications 57-34
remote loopback, Ethernet OAM 57-34, 57-37
Remote Network Monitoring
See RMON
rendezvous point, configuring 33-17
rendezvous point, configuring single static 33-20
REP
administrative VLAN 20-8
administrative VLAN, configuring 20-9
and STP 20-6
configuration guidelines 20-7
configuring interfaces 20-10
convergence 20-4
default configuration 20-7
manual preemption, configuring 20-13
monitoring 20-14
neighbor offset numbers 20-5
open segment 20-2
ports 20-6
preempt delay time 20-5
primary edge port 20-4
ring segment 20-2
secondary edge port 20-4
segments 20-1
characteristics 20-2
SNMP traps, configuring 20-14
supported interfaces 20-1
triggering VLAN load balancing 20-6
verifying link integrity 20-4
VLAN blocking 20-13
VLAN load balancing 20-4
replication
description 33-9
report suppression, IGMP
disabling 24-10
reserved-range VLANs
See VLANs
reset command 63-3
resetting an interface to default configuration 6-34
resetting a switch to defaults 3-32
Resilient Ethernet ProtocolLSee REP
responder, IP SLAs
described 60-4
enabling 60-8
response time, measuring with IP SLAs 60-5
restricting access
NTP services 4-8
RADIUS 40-92
TACACS+ 3-15
retransmission number
setting in 802.1X authentication 40-83
retransmission time
changing in 802.1X authentication 40-82
RFC
1157, SNMPv1 54-2
1305, NTP 4-2
1757, RMON 61-2
1901, SNMPv2C 54-2
1902 to 1907, SNMPv2 54-2
2273-2275, SNMPv3 54-2
RFC 5176 Compliance 40-95
RIP
description 1-15
for IPv6 48-5
RMON
default configuration 61-3
displaying status 61-6
enabling alarms and events 61-3
groups supported 61-2
overview 61-1
ROM monitor
boot process and 3-26
CLI 2-7
commands 63-2 to 63-3
debug commands 63-5
entering 63-1
exiting 63-6
overview 63-1
root bridge
configuring 18-10
selecting in MST 18-22
root guard
and MST 18-23
enabling 21-2
overview 21-2
routed packets
ACLs 47-34
route-map (IP) command 35-6
route maps
defining 35-6
PBR 35-2
router ACLs
description 47-3
using with VLAN maps 47-32
router ACLs, using PACL with VLAN maps 47-41
route targets
VPN 36-3
Routing Information Protocol
See RIP
RPF
<Emphasis>See Unicast RPF
RSPAN
configuration guidelines 51-16
destination ports 51-5
IDS 51-2
monitored ports 51-4
monitoring ports 51-5
received traffic 51-3
sessions
creating 51-17
defined 51-3
limiting source traffic to specific VLANs 51-23
monitoring VLANs 51-22
removing source (monitored) ports 51-21
specifying monitored ports 51-17
source ports 51-4
transmitted traffic 51-4
VLAN-based 51-5
RSTP
compatibility 18-23
description 18-22
port roles 18-24
port states 18-24
S
SAID
See 802.10 SAID
scheduling 37-14
defined 37-5
overview 37-6
scheduling, IP SLAs operations 60-6
secondary edge port, REP 20-4
secondary root switch 18-12
secondary VLANs 39-2
associating with primary 39-16
permitting routing 39-23
security
configuring 44-1
Security Association Identifier
See 802.10 SAID
selecting a power management mode 10-8
selecting X2/TwinGig Convertor Mode 6-14
sequence numbers in log messages 52-7
server IDs
description 59-23
service policy, configure class-level queue-limit 37-82
service-policy command 37-29
service-policy input command 29-2, 37-35
service-provider networks
and customer VLANs 25-2
set default interface command 35-7
set interface command 35-7
set ip default next-hop command 35-7
set ip next-hop command 35-6
set-request operation 54-4
severity levels, defining in system messages 52-8
shaping, QoS on Sup 6-E 37-76
sharing(bandwidth), QoS on Sup 6-E 37-78
Shell functions
See Auto SmartPorts macros
See Auto Smartports macros
Shell triggers
See Auto SmartPorts macros
See Auto Smartports macros
show adjacency command 31-9
show boot command 3-32
show catalyst4000 chassis-mac-address command 18-3
show cdp command 26-2, 26-3
show cdp entry command 26-4
show cdp interface command 26-3
show cdp neighbors command 26-4
show cdp traffic command 26-4
show ciscoview package command 4-39
show ciscoview version command 4-39
show cluster members command 12-13
show configuration command 6-20
show debugging command 26-4
show environment command 10-2
show history command 2-4
show interfaces command 6-25, 6-26, 6-31, 6-33
show interfaces status command 7-2
show ip cache flow aggregation destination-prefix command 56-12
show ip cache flow aggregation prefix command 56-12
show ip cache flow aggregation source-prefix command 56-12
show ip cache flow command 56-9
show ip cef command 31-8
show ip eigrp interfaces command 30-19
show ip eigrp neighbors command 30-19
show ip eigrp topology command 30-19
show ip eigrp traffic command 30-19
show ip interface command 33-23
show ip local policy command 35-8
show ip mroute command 33-23
show ip pim interface command 33-23
show l2protocol command 25-18
show lldp traffic command 27-14
show mac-address-table address command 7-3
show mac-address-table interface command 7-3
show mls entry command 31-8
show module command 7-1, 18-6
show PoE consumed 11-8
show power inline command 11-6
show power supplies command 10-12
show protocols command 6-31
show running-config command
adding description for an interface 6-20
checking your settings 3-9
displaying ACLs 47-26, 47-29, 47-38, 47-39
show startup-config command 3-10
show users command 7-6
show version command 3-29
shutdown, command 6-32
shutdown threshold for Layer 2 protocol packets 25-16
shutting down
interfaces 6-31
Simple Network Management Protocol
See SNMP
single-host mode 40-7
single spanning tree
See SST
single static RP, configuring 33-20
slot numbers, description 6-2
smart call home 59-1
description 59-2
destination profile (note) 59-5
registration requirements 59-3
service contract requirements 59-3
Transport Gateway (TG) aggregation point 59-2
SMARTnet
smart call home registration 59-3
Smartports macros
applying global parameter values 16-9, 16-15, 16-16
applying macros 16-9
applying parameter values 16-9
configuration guidelines 16-6, 16-15
configuring 16-2
creating 16-8
default configuration 16-4, 16-14
defined 1-7, 16-1
displaying 16-14
tracing 16-7, 16-15
SNMP
accessing MIB variables with 54-4
agent
described 54-4
disabling 54-7
and IP SLAs 60-3
authentication level 54-10
community strings
configuring 54-7
overview 54-4
configuration examples 54-15
configuration guidelines 54-6
default configuration 54-5
enabling 65-4, 65-5
engine ID 54-6
groups 54-6, 54-9
host 54-6
informs
and trap keyword 54-11
described 54-5
differences from traps 54-5
enabling 54-14
limiting access by TFTP servers 54-15
limiting system log messages to NMS 52-9
manager functions 54-3
notifications 54-5
overview 54-1, 54-4
status, displaying 54-16
system contact and location 54-14
trap manager, configuring 54-13
traps
described 54-3, 54-5
differences from informs 54-5
enabling 54-11
enabling MAC address notification 4-22
enabling MAC move notification 4-24
enabling MAC threshold notification 4-26
overview 54-1, 54-4
types of 54-11
users 54-6, 54-9
versions supported 54-2
SNMP commands 65-4
SNMP traps
REP 20-14
SNMPv1 54-2
SNMPv2C 54-2
SNMPv3 54-2
software
upgrading 8-13
software configuration register 3-26
software QoS, on Sup 6-E 37-87
software switching
description 31-5
interfaces 31-6
key data structures used 33-8
source IDs
call home event format 59-22
SPAN
and ACLs 51-5
configuration guidelines 51-7
configuring 51-7 to 51-10
destination ports 51-5
IDS 51-2
monitored port, defined 51-4
monitoring port, defined 51-5
received traffic 51-3
sessions
defined 51-3
source ports 51-4
transmitted traffic 51-4
VLAN-based 51-5
SPAN and RSPAN
concepts and terminology 51-3
default configuration 51-6
displaying status 51-25
overview 51-1
session limits 51-6
SPAN enhancements
access list filtering 51-13
configuration example 51-16
CPU port sniffing 51-10
encapsulation configuration 51-12
ingress packets 51-12
packet type filtering 51-15
spanning-tree backbonefast command 21-16
spanning-tree cost command 18-16
spanning-tree guard root command 21-2
spanning-tree portfast bpdu-guard command 21-9
spanning-tree portfast command 21-7
spanning-tree port-priority command 18-13
spanning-tree uplinkfast command 21-13
spanning-tree vlan
command 18-9
command example 18-9
spanning-tree vlan command 18-8
spanning-tree vlan cost command 18-16
spanning-tree vlan forward-time command 18-19
spanning-tree vlan hello-time command 18-18
spanning-tree vlan max-age command 18-18
spanning-tree vlan port-priority command 18-13
spanning-tree vlan priority command 18-17
spanning-tree vlan root primary command 18-10
spanning-tree vlan root secondary command 18-12
speed
configuring interface 6-17
speed command 6-18
SSO
configuring 9-10
SSO operation 9-4
SST
description 18-22
interoperability 18-24
static ACL, removing the requirement 47-36
static addresses
See addresses
static routes
configuring 3-11
verifying 3-12
statistics
802.1X 42-14
displaying 802.1X 40-113
displaying PIM 33-27
LLDP 27-13
LLDP-MED 27-13
NetFlow accounting 56-9
SNMP input and output 54-16
sticky learning
configuration file 43-6
defined 43-5
disabling 43-6
enabling 43-5
saving addresses 43-6
sticky MAC addresses
configuring 43-7
defined 43-4
Storm Control
displaying 50-8
enabling Broadcast 50-3
enabling Multicast 50-4
hardware-based, implementing 50-2
overview 50-1
software-based, implementing 50-3
STP
and REP 20-6
bridge ID 18-2
configuring 18-7 to 18-20
creating topology 18-5
defaults 18-7
disabling 18-20
enabling 18-8
enabling extended system ID 18-9
enabling Per-VLAN Rapid Spanning Tree 18-20
EtherChannel guard
disabling 21-7
forward-delay time 18-19
hello time 18-17
Layer 2 protocol tunneling 25-13
maximum aging time 18-18
overview 18-1, 18-3
per-VLAN rapid spanning tree 18-6
port cost 18-15
port priority 18-13
root bridge 18-10
stratum, NTP 4-2
stub routing (EIGRP)
benefits 30-17
configuration tasks 30-18
configuring 30-14
overview 30-13, 30-14
restrictions 30-17
verifying 30-18
subdomains, private VLAN 39-2
summer time 4-13
supervisor engine
accessing the redundant 8-15
configuring 3-8 to 3-13
copying files to standby 8-15
default configuration 3-1
default gateways 3-11
environmental monitoring 10-1
redundancy 9-1
ROM monitor 3-26
startup configuration 3-25
static routes 3-11
synchronizing configurations 8-11
Supervisor Engine II-TS
insufficient inline power handling 10-19, 11-12
Smartports macros
See also Auto Smartports macros
SVI Autostate Exclude
understanding 30-3
SVI Autostate exclude
configuring 30-7
S-VLAN 1-2, 25-7
switch 48-2
switch access with RADIUS, controlling 40-92
switched packets
and ACLs 47-33
Switched Port Analyzer
See SPAN
switching, NetFlow
checking for required hardware 56-6
configuration (example) 56-13
configuring switched IP flows 56-8
enabling Collection 56-7
exporting cache entries 56-9
switchport
show interfaces 6-25, 6-26, 6-33
switchport access vlan command 15-6, 15-8
switchport block multicast command 49-2
switchport block unicast command 49-2
switchport mode access command 15-8
switchport mode dot1q-tunnel command 25-6
switchport mode dynamic command 15-6
switchport mode trunk command 15-6
switch ports
See access ports
switchport trunk allowed vlan command 15-6
switchport trunk encapsulation command 15-6
switchport trunk encapsulation dot1q command 15-3
switchport trunk encapsulation isl command 15-3
switchport trunk encapsulation negotiate command 15-3
switchport trunk native vlan command 15-6
switchport trunk pruning vlan command 15-7
switch-to-RADIUS server communication
configuring 40-32
sysret command 63-5
system
reviewing configuration 3-10
settings at startup 3-27
system alarms
on Sup 2+ to V-10GE 10-5
on Sup 6-E 10-5
overview 10-4
system and network statistics, displaying 33-23
system capabilities TLV 27-2
system clock
configuring
daylight saving time 4-13
manually 4-11
summer time 4-13
time zones 4-12
displaying the time and date 4-12
overview 4-2
See also NTP
system description TLV 27-2
system images
loading from Flash memory 3-30
modifying boot field 3-27
specifying 3-30
system message logging
default configuration 52-3
defining error message severity levels 52-8
disabling 52-4
displaying the configuration 52-12
enabling 52-4
facility keywords, described 52-12
level keywords, described 52-9
limiting messages 52-9
message format 52-2
overview 52-1
sequence numbers, enabling and disabling 52-7
setting the display destination device 52-5
synchronizing log messages 52-6
timestamps, enabling and disabling 52-7
UNIX syslog servers
configuring the daemon 52-10
configuring the logging facility 52-11
facilities supported 52-12
system MTU
802.1Q tunneling 25-5
maximums 25-5
system name
manual configuration 4-15
See also DNS
system name TLV 27-2
system prompt, default setting 4-14
T
TACACS+ 44-1
accounting, defined 3-16
authentication, defined 3-16
authorization, defined 3-16
configuring
accounting 3-21
authentication key 3-18
authorization 3-21
login authentication 3-19
default configuration 3-18
displaying the configuration 3-22
identifying the server 3-18
limiting the services to the user 3-21
operation of 3-17
overview 3-15
tracking services accessed by user 3-21
tagged packets
802.1Q 25-3
Layer 2 protocol 25-13
TCAM programming algorithm
changing 47-9
TCAM programming algorithm, overview 47-8
TCAM programming and ACLs 47-11, 47-13
for Sup II-Plust thru V-10GE 47-7
TCAM programming and ACLs for Sup 6-E 47-16
TCAM region, changing the algorithm 47-9
TCAM region, resizing 47-11
TDR
checking cable connectivity 7-3
enabling and disabling test 7-3
guidelines 7-3
Telnet
accessing CLI 2-2
disconnecting user sessions 7-7
executing 7-5
monitoring user sessions 7-6
telnet command 7-6
templates, Ethernet OAM 57-45
Terminal Access Controller Access Control System Plus
See TACACS+
TFTP
configuration files in base directory 3-5
configuring for autoconfiguration 3-4
limiting access by servers 54-15
TFTP download
See also console download
threshold monitoring, IP SLAs 60-6
time
See NTP and system clock
Time Domain Reflectometer
See TDR
time exceeded messages 7-9
timer
See login timer
timestamps in log messages 52-7
time zones 4-12
TLV
host presence detection 40-8
TLVs
defined 1-5, 27-2
LLDP-MED 27-2
Token Ring
media not supported (note) 13-5, 13-10
Topology change notification processing
MLD Snooping
Topology change notification processing 24-4
TOS
description 37-4
trace command 7-9
traceroute
See IP traceroute
See Layer 2 Traceroute
traceroute mac command 7-11
traceroute mac ip command 7-11
traffic
blocking flooded 49-2
traffic control
using ACLs (figure) 47-4
using VLAN maps (figure) 47-6
traffic marking procedure flowchart 37-72
traffic shaping 37-16
translational bridge numbers (defaults) 13-5
transmit queues
See QoS transmit queues
transmit rate 37-52
traps
configuring MAC address notification 4-22
configuring MAC move notification 4-24
configuring MAC threshold notification 4-26
configuring managers 54-11
defined 54-3
enabling 4-22, 4-24, 4-26, 54-11
notification types 54-11
overview 54-1, 54-4
troubleshooting
with CiscoWorks 54-4
with system message logging 52-1
with traceroute 7-8
troubleshooting high CPU due to ACLs 47-12
trunk failover
See link-state tracking
trunk ports
configure port security 43-17
configuring PVLAN 39-19 to 39-21
trunks
802.1Q restrictions 15-5
configuring 15-6
configuring access VLANs 15-6
configuring allowed VLANs 15-6
default interface configuration 15-6
different VTP domains 15-3
enabling to non-DTP device 15-4
encapsulation 15-3
specifying native VLAN 15-6
understanding 15-3
trusted boundary for QoS 37-21
trustpoint 59-3
Trust State of interfaces, configuring
trust states
configuring 37-48
tunneling
defined 25-1
tunnel ports
802.1Q, configuring 25-6
described 25-2
incompatibilities with other features 25-5
TwinGig Convertors
limitations on using 6-14
port numbering 6-13
selecting X2/TwinGig Convertor mode 6-14
type length value
See TLV
type of service
See TOS
U
UDLD
configuring probe message interval per-interface 28-8
default configuration 28-4
disabling on fiber-optic interfaces 28-7
disabling on non-fiber-optic interfaces 28-7
displaying link status 28-9
enabling globally 28-5
enabling per-interface 28-6
modes of operation 28-3
resetting disabled LAN interfaces 28-8
use case 28-2
UDLD, overview 28-1
UDP jitter, configuring 60-9
UDP jitter operation, IP SLAs 60-9
unauthorized ports with 802.1X 40-5
unicast
See IP unicast
unicast flood blocking
configuring 49-1
unicast MAC address filtering
and adding static addresses 4-29
and broadcast MAC addresses 4-28
and CPU packets 4-28
and multicast addresses 4-28
and router MAC addresses 4-28
configuration guidelines 4-28
described 4-28
unicast MAC address filtering, configuring
ACLs
configuring unicast MAC address filtering 47-20
Unicast RPF (Unicast Reverse Path Forwarding)
applying 32-5
BGP attributes
caution 32-5
CEF
requirement 32-2
tables 32-7
configuring 32-9
(examples) ?? to 32-12
BOOTP 32-8
DHCP 32-8
enterprise network (figure) 32-6
prerequisites 32-9
routing table requirements 32-7
tasks 32-9
verifying 32-10
deploying 32-5
description 32-2
disabling 32-11
enterprise network (figure) 32-6
FIB 32-2
implementing 32-4
packets, dropping (figure) 32-4
prerequisites 32-9
restrictions
basic 32-8
routing asymmetry 32-7
routing asymmetry (figure) 32-8
routing table requirements 32-7
security policy
applying 32-5
attacks, mitigating 32-5
deploying 32-5
tunneling 32-5
source addresses, validating 32-3
(figure) 32-3, 32-4
failure 32-3
traffic filtering 32-5
tunneling 32-5
validation
failure 32-3, 32-4
packets, dropping 32-3
source addresses 32-3
verifying 32-10
unicast traffic
blocking 49-2
Unidirectional Controlled Port, configuring 802.1X 40-63
unidirectional ethernet
enabling 29-2
example of setting 29-2
overview 29-1
UniDirectional Link Detection Protocol
See UDLD
UNIX syslog servers
daemon configuration 52-10
facilities supported 52-12
message logging configuration 52-11
UplinkFast
and MST 18-23
enabling 21-16
MST and 18-23
overview 21-11
User Based Rate Limiting
configuring 37-38
overview 37-37
user-defined event triggers
configuring, 802.1X-based 17-7
configuring, MAC address-based 17-8
User-defined triggers and built-in macros, configuring mapping 17-9
user EXEC mode 2-5
user sessions
disconnecting 7-7
monitoring 7-6
V
VACLs
Layer 4 port operations 47-16
virtual configuration register 63-3
virtual LANs
See VLANs
Virtual Private Network
See VPN
Virtual Switch System(VSS), displaying EtherChannel to 22-16
VLAN ACLs
See VLAN maps
VLAN-based QoS on Layer 2 interfaces, configuring 37-46
VLAN blocking, REP 20-13
vlan command 13-6
vlan dot1q tag native command 25-4
VLAN ID
service provider 25-9
VLAN ID, discovering 4-35
VLAN ID translation
See VLAN mapping
VLAN load balancing
REP 20-4
VLAN load balancing, triggering 20-6
VLAN load balancing on flex links 19-2
configuration guidelines 19-6
VLAN Management Policy Server
See VMPS
VLAN mapping
1-to-1 25-8
1-to-1, configuring 25-11
configuration guidelines 25-10
configuring 25-11
configuring on a trunk port 25-11
default 25-9
described 1-2, 25-7
selective QinQ 25-8
selective Q-in-Q, configuring 25-12
traditional QinQ 25-8
traditional Q-in-Q, configuring 25-12
types of 25-8
VLAN maps
applying to a VLAN 47-29
configuration example 47-30
configuration guidelines 47-25
configuring 47-24
creating and deleting entries 47-26
defined 47-3
denying access example 47-31
denying packets 47-26
displaying 47-32
order of entries 47-25
permitting packets 47-26
router ACLs and 47-32
using (figure) 47-5
using in your network 47-29
VLAN maps, PACL and Router ACLs 47-41
VLANs
allowed on trunk 15-6
configuration guidelines 13-3
configuring 13-5
configuring as Layer 3 interfaces 30-7
customer numbering in service-provider networks 25-3
default configuration 13-4
description 1-10
extended range 13-3
IDs (default) 13-5
interface assignment 13-7
limiting source traffic with RSPAN 51-23
monitoring with RSPAN 51-22
name (default) 13-5
normal range 13-3
overview 13-1
reserved range 13-3
See also PVLANs
VLAN Trunking Protocol
See VTP
VLAN trunks
overview 15-3
VLAN User Distribution, configuring 802.1X 40-65
VMPS
configuration file example 13-32
configuring dynamic access ports on client 13-25
configuring retry interval 13-27
database configuration file 13-32
dynamic port membership
example 13-29
reconfirming 13-26
reconfirming assignments 13-26
reconfirming membership interval 13-26
server overview 13-21
VMPS client
administering and monitoring 13-28
configure switch
configure reconfirmation interval 13-26
dynamic ports 13-25
entering IP VMPS address 13-24
reconfirmation interval 13-27
reconfirm VLAM membership 13-26
default configuration 13-24
dynamic VLAN membership overview 13-23
troubleshooting dynamic port VLAN membership 13-29
VMPS server
fall-back VLAN 13-23
illegal VMPS client requests 13-23
overview 13-21
security modes
multiple 13-22
open 13-22
secure 13-22
voice interfaces
configuring 38-1
Voice over IP
configuring 38-1
voice ports
configuring VVID 38-3
voice traffic 11-2, 38-5
voice VLAN
IP phone data traffic, described 38-2
IP phone voice traffic, described 38-2
Voice VLAN, configure 802.1X 40-70
voice VLAN ports
using 802.1X 40-22
VPN
configuring routing in 36-12
forwarding 36-3
in service provider networks 36-1
routes 36-2
routing and forwarding table
See VRF
VRF
defining 36-3
tables 36-1
VRF-aware services
ARP 36-6, 36-9
configuring 36-6
ftp 36-8
ping 36-6
SNMP 36-7
syslog 36-8
tftp 36-8
traceroute 36-8
uRPF 36-7
VRF-lite
description 1-18
VTP
client, configuring 13-16
configuration guidelines 13-12
default configuration 13-13
disabling 13-16
Layer 2 protocol tunneling 25-14
monitoring 13-19
overview 13-8
pruning
configuring 13-15
See also VTP version 2
server, configuring 13-16
statistics 13-19
transparent mode, configuring 13-16
version 2
enabling 13-15
VTP advertisements
description 13-9
VTP domains
description 13-8
VTP modes 13-9
VTP pruning
overview 13-11
VTP versions 2 and 3
overview 13-9
See also VTP
VTY and Network Assistant 12-12
VVID (voice VLAN ID)
and 802.1X authentication 40-22
configuring 38-3
W
WCCP
configuration examples 64-10
configuring on a router 64-2, 64-11
features 64-4
restrictions 64-5
service groups 64-6
web-based authentication
authentication proxy web pages 42-4
description 1-30, 40-14, 42-1
web-based authentication, interactions with other features 42-4
Web Cache Communication Protocol
See WCCP 64-1
web caches
See cache engines
web cache services
description 64-4
web caching
See web cache services
See also WCCP
web scaling 64-1
Y
Y.1731
default configuration 57-29
described 57-27
ETH-AIS
Ethernet Alarm Signal function (ETH-AIS)
57-28
ETH-RDI 57-28
multicast Ethernet loopback 57-31
multicast ETH-LB 57-29
terminology 57-27
Index
Numerics
10/100 autonegotiation feature, forced 6-18
10-Gigabit Ethernet or Gigabit Ethernet ports
deploy on WS-X4606-10GE-E and Sup 6-E 6-13
10-Gigabit Ethernet port
deploy with Gigabit Ethernet SFP ports 6-12, 6-13
1400 W DC Power supply
special considerations 10-18
1400 W DC SP Triple Input power supply
special considerations 10-19
802.10 SAID (default) 13-5
802.1Q
trunks 18-6
tunneling
compatibility with other features 25-5
defaults 25-3
described 25-2
tunnel ports with other features 25-6
802.1Q VLANs
encapsulation 15-3
trunk restrictions 15-5
802.1s
See MST
802.1w
See MST
802.1X
See port-based authentication
802.1X authentication
Authentication Failed VLAN assignment 40-17
for Critical Authentication 40-14
for guest VLANs 40-11
for MAC Authentication Bypass 40-12
for Unidirectional Controlled Port 40-15
VLAN User Distribution 40-16
web-based authentication 40-14
with port security 40-19
with VLAN assignment 40-10
with voice VLAN ports 40-22
802.1X Host Mode 40-6
multiauthentication mode 40-8
multidomain authentication mode 40-7
single-host 40-7
802.3ad
See LACP
A
AAA 44-1
AAA (authentication, authorization, and accounting). See also port-based authentication. 42-2
abbreviating commands 2-5
access control entries
See ACEs
access control entries and lists 44-1
access-group mode, configuring on Layer 2 interface 47-39
access-group mode, using PACL with 47-39
access list filtering, SPAN enhancement 51-13
access lists
using with WCCP 64-8
access ports
and Layer 2 protocol tunneling 25-15
configure port security 43-7, 43-22
configuring 15-8
access VLANs 15-6
accounting
with RADIUS 40-108
with TACACS+ 3-16, 3-21
ACEs
ACLs 47-2
IP 47-3
Layer 4 operation restrictions 47-16
ACEs and ACLs 44-1
ACL assignments, port-based authentication 40-20
ACL assignments and redirect URLs, configure 40-38
ACL configuration, displaying a Layer 2 interface 47-40
ACLs
ACEs 47-2
and SPAN 51-5
and TCAM programming for Sup 6-E 47-16
and TCAM programming for Sup II-Plus thru V-10GE 47-7
applying IPv6 ACLs to a Layer 3 interface 47-24
applying on routed packets 47-34
applying on switched packets 47-33
chaning the TCAM programming algorithm 47-9
compatibility on the same switch 47-3
configuring with VLAN maps 47-32
CPU impact 47-18
downloadable 42-7
hardware and software support 47-6
IP, matching criteria for port ACLs 47-4
MAC extended 47-20
matching criteria for router ACLs 47-3
port
and voice VLAN 47-5
defined 47-3
processing 47-18
resize the TCAM regions 47-11
selecting mode of capturing control packets 47-13
TCAM programming algorithm 47-8
troubleshooting high CPU 47-12
types supported 47-3
understanding 47-2
VLAN maps 47-5
ACLs, applying to a Layer 2 interface 47-40
ACLs and VLAN maps, examples 47-26
acronyms, list of A-1
action drivers, marking 37-71
active queue management 37-14
active queue management via DBL, QoS on Sup 6-E 37-84
active traffic monitoring, IP SLAs 60-1
adding members to a community 12-9
addresses
displaying the MAC table 4-35
dynamic
changing the aging time 4-21
defined 4-19
learning 4-20
removing 4-22
IPv6 48-2
MAC, discovering 4-35
See MAC addresses
static
adding and removing 4-27
defined 4-19
address resolution 4-35
adjacency tables
description 31-2
displaying statistics 31-9
administrative VLAN
REP, configuring 20-9
administrative VLAN, REP 20-8
advertisements
LLDP 1-5, 27-2
advertisements, VTP
See VTP advertisements
aggregation switch, enabling DHCP snooping 45-9
aging time
MAC address table 4-21
All Auth manager sessions, displaying summary 40-114
All Auth manager sessions on the switch authorized for a specified authentication method 40-115
ANCP client
enabling and configuring 34-2
guidelines and restrictions 34-5
identify a port with DHCP option 82 34-4
identify a port with protocol 34-2
overview 34-1
ANCP protocol
identifying a port with 34-2
applying IPv6 ACLs to a Layer 3 interface 47-24
AQM via DBL, QoS on Sup 6-E 37-84
archiving crashfiles information 2-8
ARP
defined 4-35
table
address resolution 4-35
managing 4-35
asymmetrical links, and 802.1Q tunneling 25-3
attributes, RADIUS
vendor-proprietary 40-111
vendor-specific 40-109
authentication
NTP associations 4-4
RADIUS
key 40-101
login 40-103
See also port-based authentication
TACACS+
defined 3-16
key 3-18
login 3-19
Authentication, Authorization, and Accounting (AAA) 44-1
Authentication Failed, configuring 80.1X 40-68
Authentication methods registered with the Auth manager, determining 40-114
authentication open comand 40-8
authentication proxy web pages 42-4
authentication server
defined 40-3
RADIUS server 40-3
Auth manager session for an interface, verifying 40-115
Auth manager summary, displaying 40-114
authoritative time source, described 4-2
authorization
with RADIUS 40-107
with TACACS+ 3-16, 3-21
authorized and unauthorized ports 40-5
authorized ports with 802.1X 40-5
autoconfiguration 3-2
automatic discovery
considerations 12-7
automatic QoS
See QoS
Auto-MDIX on a port
configuring 6-28
displaying the configuration 6-29
overview 6-27
autonegotiation feature
forced 10/100Mbps 6-18
Auto-QoS
configuring 37-56
Auto SmartPorts built-in macros
configuring parameters 17-6
Auto SmartPorts macros
built-in macros 17-4
configuration guidelines 17-4
default configuration 17-3
defined 17-1
displaying 17-13
enabling 17-3
IOS shell 17-2, 17-9
Auto Smartports macros
defined 1-2
Auto SmartPorts user-defined macros
configuring 17-9
auto-sync command 8-8
Auto SmartPorts macros
See also SmartPorts macros
Auto Smartports macros
See also Smartports macros
B
Baby Giants
interacting with 6-26
BackboneFast
adding a switch (figure) 21-4
and MST 18-23
configuring 21-16
link failure (figure) 21-14, 21-15
not supported MST 18-23
understanding 21-14
See also STP
banners
configuring
login 4-19
message-of-the-day login 4-18
default configuration 4-18
when displayed 4-17
b command 63-3
b flash command 63-3
BGP 1-13
routing session with multi-VRF CE 36-12
blocking packets 49-1
blocking state (STP)
RSTP comparisons (table) 18-24
boot bootldr command 3-31
boot command 3-28
boot commands 63-3
boot fields
See configuration register boot fields
bootstrap program
See ROM monitor
boot system command 3-26, 3-31
boot system flash command 3-28
Border Gateway Protocol
See BGP
boundary ports
description 18-27
BPDU Guard
and MST 18-23
configuring 21-16
overview 21-8
BPDUs
and media speed 18-2
pseudobridges and 18-25
what they contain 18-3
bridge ID
See STP bridge ID
bridge priority (STP) 18-17
bridge protocol data units
See BPDUs
Broadcast Storm Control
disabling 50-6
enabling 50-3
Built-in macros and user-defined triggers, configuring mapping 17-9
burst rate 37-52
burst size 37-27
C
cache engine clusters 64-1
cache engines 64-1
cache farms
See cache engine clusters
Call Home
description 1-19, 59-2
message format options 59-2
messages
format options 59-2
call home 59-1
alert groups 59-6
configuring e-mail options 59-9
contact information 59-4
default settings 59-18
destination profiles 59-5
displaying information 59-14
mail-server priority 59-10
pattern matching 59-9
periodic notification 59-8
rate limit messages 59-9
severity threshold 59-8
smart call home feature 59-2
SMTP server 59-9
testing communications 59-10
call home alert groups
configuring 59-6
description 59-6
subscribing 59-7
call home contacts
assigning information 59-4
call home destination profiles
attributes 59-5
configuring 59-5
description 59-5
displaying 59-16
call home notifications
full-txt format for syslog 59-25
XML format for syslog 59-28
candidates
automatic discovery 12-7
candidate switch, cluster
defined 12-12
Capturing control packets
selecting mode 47-13
cautions
Unicast RPF
BGP optional attributes 32-5
cautions for passwords
encrypting 3-22
CDP
and trusted boundary 37-21
automatic discovery in communities 12-7
configuration 26-2
defined with LLDP 27-1
displaying configuration 26-3
enabling on interfaces 26-3
host presence detection 40-8
Layer 2 protocol tunneling 25-13
maintaining 26-3
monitoring 26-3
overview 1-3, 26-1
cdp enable command 26-3
CEF
adjacency tables 31-2
and NSF with SSO 9-5
configuring load balancing 31-7
displaying statistics 31-8
enabling 31-6, 62-2
hardware switching 31-4
load balancing 31-6
overview 31-1
software switching 31-4
certificate authority (CA) 59-3
CFM
and Ethernet OAM, configuring 57-51
and Ethernet OAM interaction 57-51
clearing 57-31
configuration guidelines 57-7, 58-4
configuring crosscheck for VLANs 57-11
configuring fault alarms 57-16
configuring port MEP 57-14
configuring static remote MEP 57-13, 57-16, 57-18
crosscheck 57-5
defined 57-2
EtherChannel support 57-7, 58-4
fault alarms
configuring 57-16
IP SLAs support for 57-6
IP SLAs with endpoint discovers 57-21
maintenance domain 57-2
manually configuring IP SLAs ping or jitter 57-19
measuring network performance 57-6
monitoring 57-32, 57-33
port MEP, configuring 57-14
remote MEPs 57-5
static RMEP, configuring 57-13, 57-16, 57-18
static RMEP check 57-5
Y.1731
described 57-27
CGMP
overview 23-1
Change of Authorization, RADIUS 40-94
channel-group group command 22-8, 22-10
Cisco 7600 series Internet router
enabling SNMP 65-4, 65-5
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco IOS IP SLAs 60-2
Cisco IOS NSF-aware
support 9-2
Cisco IOS NSF-capable support 9-2
Cisco IP Phones
configuring 38-3
sound quality 38-1
CiscoWorks 2000 54-4
CIST
description 18-22
civic location 27-3
class level, configure in a service policy 37-82
class-map command 37-28
class of service
See CoS
clear cdp counters command 26-4
clear cdp table command 26-3
clear counters command 6-31
clearing
Ethernet CFM 57-31
IP multicast table entries 33-28
clear ip eigrp neighbors command 30-19
clear ip flow stats command 56-9
CLI
accessing 2-2
backing out one level 2-5
getting commands 2-5
history substitution 2-4
managing clusters 12-13
modes 2-5
monitoring environments 51-1
ROM monitor 2-7
software basics 2-4
clients
in 802.1X authentication 40-3
clock
See system clock
clustering switches
command switch characteristics
and VTY 12-12
convert to a community 12-10
managing
through CLI 12-13
overview 12-2
planning considerations
CLI 12-13
passwords 12-8
CoA Request Commands 40-97
command-line processing 2-3
command modes 2-5
commands
b 63-3
b flash 63-3
boot 63-3
confreg 63-3
dev 63-3
dir device 63-3
frame 63-5
i 63-3
listing 2-5
meminfo 63-5
reset 63-3
ROM monitor 63-2 to 63-3
ROM monitor debugging 63-5
SNMP 65-4
sysret 63-5
command switch, cluster
requirements 12-11
common and internal spanning tree
See CIST
common spanning tree
See CST
community of switches
access modes in Network Assistant 12-9
adding devices 12-9
communication protocols 12-8
community name 12-8
configuration information 12-9
converting from a cluster 12-10
host name 12-8
passwords 12-8
community ports 39-3
community strings
configuring 54-7
overview 54-4
community VLANs 39-2, 39-3
configure as a PVLAN 39-15
compiling MIBs 65-4
config-register command 3-29
config terminal command 3-9
configurable leave timer,IGMP 23-4
configuration examples
SNMP 54-15
configuration files
limiting TFTP server access 54-15
obtaining with DHCP 3-6
saving 3-10
system contact and location information 54-14
configuration guidelines
CFM 57-7, 58-4
Ethernet OAM 57-35
REP 20-7
SNMP 54-6
VLAN mapping 25-10
configuration register
boot fields
listing value 3-29
modifying 3-28
changing from ROM monitor 63-3
changing settings 3-28 to 3-29
configuring 3-26
settings at startup 3-27
configure class-level queue-limit in a service policy 37-82
configure terminal command 3-29, 6-2
configuring access-group mode on Layer 2 interface 47-39
configuring flow control 6-20
configuring interface link and trunk status envents 6-32
configuring named IPv6 ACLs 47-23
configuring named MAC extended ACLs 47-20, 47-22
configuring unicast MAC address filtering 47-20
configuring VLAN maps 47-24
confreg command 63-3
Connectivity Fault Management
See CFM
console configuration mode 2-5
console download 63-4 to 63-5
console port
disconnecting user sessions 7-7
monitoring user sessions 7-6
contact information
assigning for call home 59-4
controlling switch access with RADIUS 40-92
Control Plane Policing
and Layer 2 Control packet QoS, configuration example 44-14
configuration guidelines and restrictions 44-8
configuring for control plane traffic 44-4
configuring for data plane and management plan traffic 44-6
defaults 44-4
general guidelines 44-3
monitoring 44-9
understanding 44-2
control protocol, IP SLAs 60-4
convergence
REP 20-4
copy running-config startup-config command 3-10
copy system:running-config nvram:startup-config command 3-32
CoS
definition 37-4
figure 37-3
overriding on Cisco IP Phones 38-5
priority 38-5
CoS Mutation
configuring 37-36
CoS-to-DSCP maps 37-53
CoS value, configuring for an interface 37-49
counters
clearing MFIB 33-28
clearing on interfaces 6-31
CPU, impact of ACL processing 47-18
CPU port sniffing 51-10
crashfiles information, archiving 2-8
Critical Authentication
configure with 802.1X 40-60
crosscheck, CFM 57-5, 57-11
CST
description 18-25
IST and 18-22
MST and 18-22
customer edge devices 36-2
C-VLAN 1-2, 25-7
D
database agent
configuration examples 45-15
enabling the DHCP Snooping 45-13
daylight saving time 4-13
debug commands, ROM monitor 63-5
default configuration
802.1X 40-27
auto-QoS 37-57
banners 4-18
DNS 4-16
Ethernet OAM 57-35
IGMP filtering 23-20
IGMP snooping 24-5, 24-6
IP SLAs 60-7
IPv6 48-7
Layer 2 protocol tunneling 25-16
LLDP 27-4
MAC address table 4-21
multi-VRF CE 36-3
NTP 4-4
private VLANs 39-12
RADIUS 40-100
REP 20-7
resetting the interface 6-34
RMON 61-3
SNMP 54-5
SPAN and RSPAN 51-6
system message logging 52-3
TACACS+ 3-18
VLAN mapping 25-9
Y.1731 57-29
default gateway
configuring 3-11
verifying configuration 3-11
default settings, erase commad 3-32
default web-based authentication configuration
802.1X 42-6
denial-of-service attacks
IP address spoofing, mitigating 32-5
Unicast RPF, deploying 32-5
denying access to a server on another VLAN 47-31
deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports 6-12, 6-13
deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports on WS-X4606-10GE-E and Sup 6-E 6-13
description command 6-20
dev command 63-3
device discovery protocol 27-1
device IDs
call home format 59-21, 59-22
DHCP
configuring
rate limit for incoming packets 45-13
denial-of-service attacks, preventing 45-13
rate limiting of packets
configuring 45-13
DHCP-based autoconfiguration
client request message exchange 3-3
configuring
client side 3-3
DNS 3-5
relay device 3-5
server-side 3-4
TFTP server 3-4
example 3-7
lease options
for IP address information 3-4
for receiving the configuration file 3-4
overview 3-2
relationship to BOOTP 3-3
DHCP option 82
identifying a port with 34-4
overview 45-4
DHCP Snooping
enabling, and Option 82 45-10
DHCP snooping
accepting untrusted packets form edge switch 45-10
configuring 45-6
default configuration 45-7
displaying binding tables 45-19
displaying configuration 45-19
displaying information 45-18
enabling 45-7
enabling on private VLAN 45-12
enabling on the aggregation switch 45-9
enabling the database agent 45-13
message exchange process 45-4
monitoring 45-23
option 82 data insertion 45-4
overview 45-1
Snooping database agent 45-2
DHCP Snooping Database Agent
adding to the database (example) 45-18
enabling (example) 45-15
overview 45-2
reading from a TFTP file (example) 45-17
Diagnostics
online 62-1
Power-On-Self-Test
causes of failure 62-21
how it works 62-10
overview 62-10
Power-On-Self-Test for Supervisor Engine V-10GE 62-15
Differentiated Services Code Point values
See DSCP values
DiffServ architecture, QoS 37-2
Digital optical monitoring transceiver support 6-16
dir device command 63-3
disabled state
RSTP comparisons (table) 18-24
disabling
broadcast storm control 50-6
disabling multicast storm control 50-7
disconnect command 7-7
discovery, clusters
See automatic discovery
discovery, Ethernet OAM 57-34
display dection and removal events 11-7
displaying
Auth Manager sumary for an interface 40-114
MAB details 40-117
summary of all Auth manager sessions 40-114
summary of all Auth manager sessions on the switch authorized for a specified authentication method 40-115
displaying EtherChannel to a Virtual Switch System 22-16
displaying storm control 50-8
display PoE consumed by a module 11-8
display PoE detection and removal events 11-7
DNS
and DHCP-based autoconfiguration 3-5
default configuration 4-16
displaying the configuration 4-17
overview 4-15
setting up 4-16
domain names
DNS 4-15
Domain Name System
See DNS
double-tagged packets
802.1Q tunneling 25-2
Layer 2 protocol tunneling 25-15
downloading MIBs 65-3, 65-4
drop threshold for Layer 2 protocol packets 25-16
DSCP maps 37-53
DSCP-to-CoS maps
configuring 37-55
DSCP values
configuring maps 37-53
definition 37-4
IP precedence 37-3
mapping markdown 37-18
mapping to transmit queues 37-51
DSCP values, configuring port value 37-49
DTP
VLAN trunks and 15-3
duplex command 6-19
duplex mode
configuring interface 6-17
dynamic ARP inspection
ARP cache poisoning 46-2
configuring
ACLs for non-DHCP environments 46-11
in DHCP environments 46-5
log buffer 46-14
rate limit for incoming ARP packets 46-16
denial-of-service attacks, preventing 46-16
interface trust state, security coverage 46-3
log buffer
configuring 46-14
logging of dropped packets 46-4
overview 46-1
port channels, their behavior 46-5
priority of static bindings 46-4
purpose of 46-2
rate limiting of ARP packets 46-4
configuring 46-16
validation checks, performing 46-19
dynamic buffer limiting
globally 37-23
on specific CoS values 37-25
on specific IP DSCP values 37-24
Dynamic Host Configuration Protocol snooping
See DHCP snooping
dynamic port VLAN membership
example 13-29
limit on hosts 13-29
reconfirming 13-26
troubleshooting 13-29
Dynamic Trunking Protocol
See DTP
E
EAP frames
changing retransmission time 40-82
exchanging (figure) 40-4, 40-6, 40-13
request/identity 40-4
response/identity 40-4
setting retransmission number 40-83
EAPOL frames
802.1X authentication and 40-3
OTP authentication, example (figure) 40-4, 40-13
start 40-4
edge ports
description 18-27
EGP
overview 1-13
EIGRP
configuration examples 30-19
monitoring and maintaining 30-19
EIGRP (Enhanced IGRP)
stub routing
benefits 30-17
configuration tasks 30-18
configuring 30-14
overview 30-14
restrictions 30-17
verifying 30-18
EIGRP (enhanced IGRP)
overview 1-14
eigrp stub command 30-18
EIGRP stub routing, configuring 30-13
ELIN location 27-3
e-mail addresses
assigning for call home 59-4
e-mail notifications
Call Home 1-19, 59-2
Embedded CiscoView
displaying information 4-39
installing and configuring 4-36
overview 4-36
emergency alarms on Sup Engine 6-E systems 10-3
enable command 3-9, 3-28
enable mode 2-5
enabling or disabling QOS on an interface 37-46
enabling SNMP 65-4, 65-5
encapsulation types 15-3
Energy Efficient Ethernet 10-22
Enhanced Interior Gateway Routing Protocol
See EIGRP
Enhanced PoE support on E-series 11-15
environmental conditions
Sup Engine 6-E 10-3
Sup Engines II-Plus to V-10GE 10-2
environmental monitoring
using CLI commands 10-1
EPM logging 40-117
EtherChannel
channel-group group command 22-8, 22-10
configuration guidelines 22-5
configuring 22-6 to 22-15
configuring Layer 2 22-10
configuring Layer 3 22-6
displaying to a virtual switch system 22-16
interface port-channel command 22-7
lacp system-priority
command example 22-13
modes 22-3
overview 22-2
PAgP
Understanding 22-3
physical interface configuration 22-7
port-channel interfaces 22-2
port-channel load-balance command 22-14
removing 22-15
removing interfaces 22-15
EtherChannel guard
disabling 21-7
enabling 21-6
overview 21-6
Ethernet management port
and routing 6-6
and routing protocols 6-6
configuring 6-10
default setting 6-6
described 1-21, 6-6
for network management 1-21, 6-6
specifying 6-10
supported features 6-9
unsupported features 6-10
Ethernet management port, internal
and routing protocols 6-6
Ethernet Management Port, using 6-6
Ethernet OAM 57-34
and CFM interaction 57-51
configuration guidelines 57-35
configuring with CFM 57-51
default configuration 57-35
discovery 57-34
enabling 57-36, 57-52
link monitoring 57-34, 57-38
messages 57-34
protocol
defined 57-33
monitoring 57-49
remote failure indications 57-34
remote loopback 57-34, 57-37
templates 57-45
Ethernet OAM protocol CFM notifications 57-51
Ethernet Remote Defect Indication (ETH-RDI) 57-28
event triggers, user-defined
configuring, 802.1X-based 17-7
configuring, MAC address-based 17-8
explicit host tracking
enabling 23-11
extended range VLANs
See VLANs
Extensible Authentication Protocol over LAN 40-2
Exterior Gateway Protocol
See EGP
F
Fa0 port
See Ethernet management port
Fallback Authentication
configure with 802.1X 40-73
FastDrop
overview 33-11
fastethernet0 port
See Ethernet management port
Fast UDLD
configuring probe message interval 28-8
default configuration 28-4
displaying link status 28-9
enabling globally 28-5
enabling on individual interface 28-7
enabling per-interface 28-6
modes of operation 28-3
resetting disabled LAN interfaces 28-8
use case 28-2
Fast UDLD, overview 28-1
FIB
description 31-2
See also MFIB
fiber-optics interfaces
disabling UDLD 28-7
Filter-ID ACL and Per-User ACL, configureport-based authentication
configure Per-User ACL and Filter-ID ACL 40-44
filtering
in a VLAN 47-25
non-IP traffic 47-20, 47-22
flags 33-12
Flash memory
configuring router to boot from 3-31
loading system images from 3-30
security precautions 3-31
Flex Links
configuration guidelines 19-6
configuring 19-6, 19-7
configuring preferred VLAN 19-9
configuring VLAN load balancing 19-8
monitoring 19-12
flooded traffic, blocking 49-2
flowchart, traffic marking procedure 37-72
flow control, configuring 6-20
For 11-13
forward-delay time (STP)
configuring 18-19
forwarding information base
See FIB
frame command 63-5
G
gateway
See default gateway
get-bulk-request operation 54-3
get-next-request operation 54-3, 54-4
get-request operation 54-3, 54-4
get-response operation 54-3
Gigabit Ethernet SFP ports
deploy with 10-Gigabit Ethernet 6-12, 6-13
global configuration mode 2-5
Guest-VLANs
configure with 802.1X 40-55
H
hardware and software ACL support 47-6
hardware switching 31-5
hello time (STP)
configuring 18-17
hierarchical policers, configuring 37-41
high CPU due to ACLs, troubleshooting 47-12
history
CLI 2-4
history table, level and number of syslog messages 52-9
hop counts
configuring MST bridges 18-28
host
limit on dynamic port 13-29
host ports
kinds of 39-4
host presence CDP message 40-8
Hot Standby Routing Protocol
See HSRP
HSRP
description 1-12
http
//www.cisco.com/en/US/docs/ios/12_4/ip_sla/configuration/guide/hsla_c.html 60-1, 60-4, 60-6, 60-7
//www.cisco.com/en/US/docs/ios/fundamentals/command reference/cf_book.html 52-1, 54-1, 61-1
hw-module module num power command 10-21
I
ICMP
enabling 7-12
ping 7-7
running IP traceroute 7-9
time exceeded messages 7-9
ICMP Echo operation
configuring 60-12
IP SLAs 60-11
i command 63-3
IDS
using with SPAN and RSPAN 51-2
IEEE 802.1ag 57-2
IEEE 802.1s
See MST
IEEE 802.1w
See MST
IEEE 802.3ad
See LACP
IEEE 802.3az Energy Efficient Ethernet 10-22
IGMP
configurable-leave timer 23-4
description 33-3
enabling 33-14
explicit host tracking 23-4
immediate-leave processing 23-3
leave processing, enabling 24-8
overview 23-1
report suppression
disabling 24-10
IGMP filtering
configuring 23-21
default configuration 23-20
described 23-20
monitoring 23-24
IGMP groups
setting the maximum number 23-23
IGMP Immediate Leave
configuration guidelines 23-9
IGMP profile
applying 23-22
configuration mode 23-21
configuring 23-21
IGMP Snooping
configure
leave timer 23-9
configuring
Learning Methods 23-7
static connection to a multicast router 23-8
configuring host statically 23-11
enabling
Immediate-Leave processing
explicit host tracking 23-11
suppressing multicast flooding 23-12
IGMP snooping
configuration guidelines 23-5
default configuration 24-5, 24-6
enabling
globally 23-6
on a VLAN 23-6
enabling and disabling 24-6
IP multicast and 33-4
monitoring 23-14, 24-11
overview 23-1
IGMP Snooping, displaying
group 23-16
hot membership 23-15
how to 23-15
MAC address entries 23-18
multicast router interfaces 23-17
on a VLAN interface 23-18
Querier information 23-19
IGMPSnooping Querier, configuring 23-10
Immediate Leave, IGMP
enabling 24-8
immediate-leave processing
enabling 23-8
IGMP
See fast-leave processing
ingress packets, SPAN enhancement 51-12
inline power
configuring on Cisco IP phones 38-5
insufficient inline power handling for Supervisor Engine II-TS 10-19
Intelligent Power Management 11-4
interacting with Baby Giants 6-26
interface command 3-9, 6-2
interface configuration
REP 20-10
interface link and trunk status events
configuring 6-32
interface port-channel command 22-7
interface range command 6-4
interface range macro command 6-10
interfaces
adding descriptive name 6-20
clearing counters 6-31
configuring 6-2
configuring ranges 6-4
displaying information about 6-30
Layer 2 modes 15-4
maintaining 6-30
monitoring 6-30
naming 6-20
numbers 6-2
overview 6-2
restarting 6-31, 6-32
See also Layer 2 interfaces
using the Ethernet Management Port 6-6
Internet Control Message Protocol
See ICMP
Internet Group Management Protocol
See IGMP
Internet Protocol version 6
See IPv6
Inter-Switch Link encapsulation
See ISL encapsulation
Intrusion Detection System
See IDS
inventory management TLV 27-3, 27-8
IOS shell
See Auto SmartPorts macros
IP
configuring default gateway 3-11
configuring static routes 3-11
displaying statistics 31-8
flow switching cache 56-9
IP addresses
128-bit 48-2
cluster candidate or member 12-12
cluster command switch 12-11
discovering 4-35
IPv6 48-2
ip cef command 31-6, 62-2
IP Enhanced IGRP
interfaces, displaying 30-19
ip flow-aggregation cache destination-prefix command 56-11
ip flow-aggregation cache prefix command 56-11
ip flow-aggregation cache source-prefix command 56-12
ip flow-export command 56-9
ip icmp rate-limit unreachable command 7-12
ip igmp profile command 23-21
ip igmp snooping tcn flood command 23-13
ip igmp snooping tcn flood query count command 23-14
ip igmp snooping tcn query solicit command 23-14
IP information
assigned
through DHCP-based autoconfiguration 3-2
ip load-sharing per-destination command 31-7
ip local policy route-map command 35-8
ip mask-reply command 7-13
IP MTU sizes,configuring 30-9
IP multicast
clearing table entries 33-28
configuring 33-13
default configuration 33-13
displaying PIM information 33-23
displaying the routing table information 33-23
enabling dense-mode PIM 33-15
enabling sparse-mode 33-15
features not supported 33-13
hardware forwarding 33-9
IGMP snooping and 23-5, 33-4
overview 33-1
routing protocols 33-2
software forwarding 33-9
See also Auto-RP; IGMP; PIM; RP; RPF
IP multicast routing
enabling 33-14
monitoring and maintaining 33-23
ip multicast-routing command 33-14
IP multicast traffic, load splitting 33-22
IP phones
automatic classification and queueing 37-57
configuring voice ports 38-3
See Cisco IP Phones 38-1
trusted boundary for QoS 37-21
ip pim command 33-15
ip pim dense-mode command 33-15
ip pim sparse-dense-mode command 33-16
ip policy route-map command 35-7
IP Port Security for Static Hosts
on a Layer 2 access port 45-25
on a PVLAN host port 45-28
overview 45-24
ip redirects command 7-13
ip route-cache flow command 56-7
IP routing tables
deleting entries 33-28
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 60-1
IP SLAs
benefits 60-3
CFM endpoint discovery 57-21
Control Protocol 60-4
default configuration 60-7
definition 60-1
ICMP echo operation 60-11
manually configuring CFM ping or jitter 57-19
measuring network performance 60-3
multioperations scheduling 60-6
operation 60-4
responder
described 60-4
enabling 60-8
response time 60-5
scheduling 60-6
SNMP support 60-3
supported metrics 60-3
threshold monitoring 60-6
UDP jitter operation 60-9
IP Source Guard
configuring 45-20
configuring on private VLANs 45-22
displaying 45-22, 45-23
overview 45-23
IP statistics
displaying 31-8
IP traceroute
executing 7-9
overview 7-8
IP unicast
displaying statistics 31-8
IP Unnumbered support
configuring on a range of Ethernet VLANs 14-5
configuring on LAN and VLAN interfaces 14-4
configuring with connected host polling 14-5
DHCP Option 82 14-2
displaying settings 14-6
format of agent remote ID suboptions 14-2
troubleshooting 14-7
with conected host polling 14-3
with DHCP server and Relay agent 14-2
ip unreachables command 7-12
IPv4, IPv6, and MAC ACLs, configuring on a Layer 2 interface 47-38
IPv6
addresses 48-2
default configuration 48-7
defined 1-15, 48-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 48-6
Router ID 48-6
OSPF 48-6
IPv6 control traffic, policing 44-17
IPX
redistribution of route information with EIGRP 1-14
is 25-19
ISL
encapsulation 15-3
trunking with 802.1Q tunneling 25-4
isolated port 39-4
isolated VLANs 39-2, 39-3, 39-4
ISSU
compatibility matrix 5-14
compatiblity verification using Cisco Feature Navigator 5-15
NSF overview 5-3
perform the process
aborting a software upgrade 5-31
configuring the rollback timer as a safeguard 5-32
displaying a compatibility matrix 5-34, 5-37
loading the new software on the new standby 5-24
stopping the rollback timer 5-23
switching to the standby 5-21
verify the ISSU state 5-17
verify the redundancy mode 5-16
verify the software installation 5-16
vload the new software on standby 5-18
prerequisites 5-2
process overview 5-6
restrictions 5-2
SNMP support 5-15
SSO overview 5-3
versioning capability in software to support 5-13
IST
and MST regions 18-22
description 18-22
master 18-27
ITU-T Y.1731
See Y.1731
J
jumbo frames
and ethernet ports 6-24
configuring MTU sizes for 6-25
ports and linecards that support 6-23
understanding MTUs 6-23
understanding support 6-23
VLAN interfaces 6-25
K
keyboard shortcuts 2-3
L
l2protocol-tunnel command 25-17
labels, definition 37-4
LACP
system ID 22-4
Layer 2 access ports 15-8
Layer 2 Control Packet QoS
and CoPP configuration example 44-14
default configuation 44-11
disabling 44-13
enabvling 44-12
guideline and restrictions 44-16
understanding 44-11
Layer 2 frames
classification with CoS 37-2
Layer 2 interface
applying ACLs 47-40
configuring access-mode mode on 47-39
configuring IPv4, IPv6, and MAC ACLs 47-38
displaying an ACL configuration 47-40
Layer 2 interfaces
assigning VLANs 13-7
configuring 15-5
configuring as PVLAN host ports 39-18
configuring as PVLAN promiscuous ports 39-17
configuring as PVLAN trunk ports 39-19
defaults 15-5
disabling configuration 15-9
modes 15-4
show interfaces command 15-7
Layer 2 interface type
resetting 39-24
setting 39-24
Layer 2 protocol tunneling
default configuration 25-16
guidelines 25-16
Layer 2 switching
overview 15-1
Layer 2 Traceroute
and ARP 7-10
and CDP 7-10
host-to-host paths 7-9
IP addresses and subnets 7-10
MAC addresses and VLANs 7-10
multicast traffic 7-10
multiple devices on a port 7-10
unicast traffic 1-30, 7-9
usage guidelines 7-10
Layer 2 trunks
configuring 15-6
overview 15-3
Layer 3 interface, applying IPv6 ACLs 47-24
Layer 3 interface counters,configuring 30-10
Layer 3 interface counters,understanding 30-3
Layer 3 interfaces
changing from Layer 2 mode 36-7
configuration guidelines 30-5
configuring VLANs as interfaces 30-7
overview 30-1
counters 30-3
logical 30-2
physical 30-2
SVI autostate exclude 30-3
Layer 3 packets
classification methods 37-3
Layer 4 port operations
configuration guidelines 47-17
restrictions 47-16
Leave timer, enabling 23-9
limitations on using a TwinGig Convertor 6-14
link and trunk status events
configuring interface 6-32
link integrity, verifying with REP 20-4
Link Layer Discovery Protocol
See CDP
link monitoring, Ethernet OAM 57-34, 57-38
link-state tracking
configuration guidelines 22-21
default configuration 22-21
described 22-18
displaying status 22-22
generic configuration procedure 22-21
link status, displaying UDLD 28-9
listening state (STP)
RSTP comparisons (table) 18-24
LLDP
configuring 27-4
characteristics 27-5
default configuration 27-4
disabling and enabling
globally 27-6
on an interface 27-7
monitoring and maintaining 27-13
overview 27-1
transmission timer and holdtime, setting 27-5
LLDP-MED
configuring
procedures 27-4
TLVs 27-8, 27-10
monitoring and maintaining 27-13
overview 27-1
supported TLVs 27-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing
configuring for CEF 31-7
configuring for EtherChannel 22-14
overview 22-5, 31-6
per-destination 31-7
load splitting IP multicast traffic 33-22
Location Service
overview 27-1
location service
configuring 27-11
understanding 27-3
location TLV 27-3, 27-8
logging, EPM 40-117
Logical Layer 3 interfaces
configuring 30-6
logical layer 3 VLAN interfaces 30-2
login authentication
with RADIUS 40-103
with TACACS+ 3-19
login banners 4-17
login timer
changing 7-6
logoutwarning command 7-6
loop guard
and MST 18-23
configuring 21-5
overview 21-3
M
MAC/PHY configuration status TLV 27-2
MAC addresses
aging time 4-21
allocating 18-6
and VLAN association 4-20
building tables 4-20, 15-2
convert dynamic to sticky secure 43-5
default configuration 4-21
disabling learning on a VLAN 4-30
discovering 4-35
displaying 7-3
displaying in DHCP snooping binding table 45-19
dynamic
learning 4-20
removing 4-22
in ACLs 47-20
static
adding 4-28
allowing 4-29
characteristics of 4-27
dropping 4-29
removing 4-28
sticky 43-4
sticky secure, adding 43-5
MAC address learning, disabling on a VLAN 4-30
confuguring 4-30
deployment scenarios 4-31
feature compatibility 4-33
feature incompatibility 4-34
feature inompatibility 4-34
usage guidelines 4-31
MAC address table
displaying 4-35
MAC address-table move update
configuration guidelines 19-10
configuring 19-10
monitoring 19-12
MAC Authentication Bypass
configure with 802.1X 40-58
MAC details, displaying 40-117
MAC extended access lists 47-20
macros
See Auto SmartPorts macros
See Auto Smartports macros
See Smartports macros
main-cpu command 8-8
management address TLV 27-2
management options
SNMP 54-1
Management Port, Ethernet 6-6
manual preemption, REP, configuring 20-13
mapping
DSCP markdown values 37-18
DSCP values to transmit queues 37-51
mapping tables
configuring DSCP 37-53
described 37-14
marking
hardware capabilities 37-73
marking action drivers 37-71
marking network traffic 37-69
marking support, multi-attribute 37-73
mask destination command 56-11
mask source command 56-11, 56-12
Match CoS for non-IPV4 traffic
configuring 37-31
match ip address command 35-6
maximum aging time (STP)
configuring 18-18
MDA
configuration guidelines 40-23 to ??
described 40-22
members
automatic discovery 12-7
member switch
managing 12-13
member switch, cluster
defined 12-2
meminfo command 63-5
messages, Ethernet OAM 57-34
messages, to users through banners 4-17
Metro features
Ethernet CFM, introduction 1-3
Ethernet OAM Protocol, introduction 1-3
Flex Link and MAC Address-Table Move Update, introduction 1-4
Y.1731 (AIS and RDI), introduction 1-10
metro tags 25-2
MFIB
CEF 33-5
overview 33-12
MFIB, IP
displaying 33-26
MIBs
compiling 65-4
downloading 65-3, 65-4
overview 54-1
related information 65-3
SNMP interaction with 54-4
MLD Done messages and Immediate-leave 24-4
MLD messages 24-2
MLD queries 24-3
MLD reports 24-4
MLD Snooping
MLD Done messages and Immediate-leave 24-4
MLD messages 24-2
MLD queries 24-3
MLD reports 24-4
Multicast client aging robustness 24-3
Multicast router discovery 24-3
overview 24-1
Mode of capturing control packets, selecting 47-13
modules
checking status 7-1
powering down 10-21
monitoring
802.1Q tunneling 25-19
ACL information 47-43
Ethernet CFM 57-32, 57-33
Ethernet OAM 57-49
Ethernet OAM protocol 57-49
Flex Links 19-12
IGMP
snooping 24-11
IGMP filters 23-24
IGMP snooping 23-14
Layer 2 protocol tunneling 25-19
MAC address-table move update 19-12
multicast router interfaces 24-11
multi-VRF CE 36-17
REP 20-14
traffic flowing among switches 61-1
tunneling 25-19
VLAN filters 47-32
VLAN maps 47-32
M-record 18-23
MST
and multiple spanning trees 1-6, 18-22
boundary ports 18-27
BPDUs 18-23
configuration parameters 18-26
configuring 18-29
displaying configurations 18-33
edge ports 18-27
enabling 18-29
hop count 18-28
instances
configuring parameters 18-32
description 18-23
number supported 18-26
interoperability with PVST+ 18-23
link type 18-28
master 18-27
message age 18-28
regions 18-26
restrictions 18-29
to-SST interoperability 18-24
MSTP
EtherChannel guard
enabling 21-6
M-record 18-23
M-tree 18-23
M-tree 18-23
MTUS
understanding 6-23
MTU size
configuring 6-25, 6-26, 6-33
default 13-5
Multi-authentication
described 40-22
multiauthentication mode 40-8
multicast
See IP multicast
Multicast client aging robustness 24-3
multicast Ethernet loopback (ETH-LB) 57-29
multicast Ethernet loopback, using 57-31
multicast groups
static joins 24-7
multicast packets
blocking 49-2
Multicast router discovery 24-3
multicast router interfaces, displaying 23-17
multicast router interfaces, monitoring 24-11
multicast router ports, adding 24-7
multicast routers
flood suppression 23-12
multicast router table
displaying 33-23
Multicast Storm Control
enabling 50-4
disabling 50-7
suppression on Sup 6-E 50-5
suppression on WS-X4014 50-5
suppression on WS-X4016 50-6
WS-X4515, WS-X4014, and WS-X4013+ Sup Engs 50-5
WS-X4516 Sup Eng 50-6
multidomain authentication
See MDA
multidomain authentication mode 40-7
multioperations scheduling, IP SLAs 60-6
Multiple AuthorizationAuthentication
configuring 40-34
Multiple Domain Authentication 40-34
multiple forwarding paths 1-6, 18-22
multiple-hosts mode 40-7
Multiple Spanning Tree
See MST
multiple VPN routing/forwarding
See multi-VRF CE
multi-VRF CE
components 36-3
configuration example 36-13
default configuration 36-3
defined 36-1
displaying 36-17
monitoring 36-17
network components 36-3
packet-forwarding process 36-3
N
named aggregate policers, creating 37-26
named IPv6 ACLs, configuring
ACLs
configuring named IPv6 ACLs 47-23
named MAC extended ACLs
ACLs
configuring named MAC extended 47-20, 47-22
native VLAN
and 802.1Q tunneling 25-4
specifying 15-6
NEAT
configuring 40-85
overview 40-24
neighbor offset numbers, REP 20-5
NetFlow
aggregation
minimum mask,default value 56-11
destination-prefix aggregation
configuration (example) 56-16
minimum mask, configuring 56-11
IP
flow switching cache 56-9
prefix aggregation
configuration (example) 56-14
minimum mask, configuring 56-11
source-prefix aggregation
minimum mask, configuring 56-11
switching
checking for required hardware 56-6
configuration (example) 56-13
configuring switched IP flows 56-8
enabling Collection 56-7
exporting cache entries 56-9
statistics 56-9
NetFlow-lite
clear commands 55-9
display commands 55-8
NetFlow packet sampling
about 55-2
NetFlow statistics
caveats on supervisor 56-6
checking for required hardware 56-6
configuring collection 56-6
enabling Collection 56-7
exporting cache entries 56-9
overview of collection 56-2
switched/bridged IP flows 56-8
Network Assistant
and VTY 12-12
configure
enable communication with switch 12-13, 12-17
default configuration 12-3
overview of CLI commands 12-3
Network Edge Access Topology
See NEAT
network fault tolerance 1-6, 18-22
network management
configuring 26-1
RMON 61-1
SNMP 54-1
network performance, measuring with IP SLAs 60-3
network policy TLV 27-2, 27-8
Network Time Protocol
See NTP
network traffic, marking 37-69
New Software Features in Release 7.7
TDR 7-3
Next Hop Resolution Protocol
See NHRP
NHRP
support 1-14
non-fiber-optics interfaces
disabling UDLD 28-7
non-IP traffic filtering 47-20, 47-22
non-RPF traffic
description 33-10
in redundant configurations (figure) 33-11
Nonstop Forwarding
See NSF
nonvolatile random-access memory
See NVRAM
normal-range VLANs
See VLANs
NSF
defined 9-1
guidelines and restrictions 9-9
operation 9-5
NSF-aware
supervisor engines 9-3
support 9-2
NSF-capable
supervisor engines 9-3
support 9-2
NSF with SSO supervisor engine redundancy
and CEF 9-5
overview 9-4
SSO operation 9-4
NTP
associations
authenticating 4-4
defined 4-2
enabling broadcast messages 4-7
peer 4-6
server 4-6
default configuration 4-4
displaying the configuration 4-11
overview 4-2
restricting access
creating an access group 4-9
disabling NTP services per interface 4-10
source IP address, configuring 4-10
stratum 4-2
synchronizing devices 4-6
time
services 4-2
synchronizing 4-2
NVRAM
saving settings 3-10
O
OAM
client 57-34
features 57-34
sublayer 57-34
OAM manager
configuring 57-52
with CFM and Ethernet OAM 57-51
OAM PDUs 57-35
OAM protocol data units 57-33
OIR
overview 6-30
on-demaind online diagnostics 62-2
online diagnostic
troubleshooting 62-8
Online Diagnostics 62-1
online diagnostics
configuring on-demaind 62-2
data path, displaying test results 62-7
displaying tests and test results 62-4
linecard 62-8
scheduling 62-2
starting and stopping tests 62-3
online insertion and removal
See OIR
Open Shortest Path First
See OSPF
operating system images
See system images
Option 82
enabling DHCP Snooping 45-10
OSPF
area concept 1-15
description 1-14
for IPv6 48-6
P
packets
modifying 37-16
software processed
and QoS 37-16
packet type filtering
overview 51-15
SPAN enhancement 51-15
PACL
using with access-group mode 47-39
PACL configuration guidelines 47-36
PACL with VLAN maps and router ACLs 47-41
PAgP
understanding 22-3
passwords
configuring enable password 3-14
configuring enable secret password 3-14
encrypting 3-22
in clusters 12-8
recovering lost enable password 3-25
setting line password 3-14
PBR (policy-based routing)
configuration (example) 35-8
enabling 35-6
features 35-2
overview 35-1
route-map processing logic 35-3
route-map processing logic example 35-4
route maps 35-2
per-port and VLAN Access Control List 45-19
per-port per-VLAN QoS
enabling 37-43
overview 37-16
Per-User ACL and Filter-ID ACL, configure 40-44
Per-VLAN Rapid Spanning Tree 18-6
enabling 18-20
overview 18-6
PE to CE routing, configuring 36-12
physical layer 3 interfaces 30-2
Physical Layer 3 interfaces, configuring 30-12
PIM
configuring dense mode 33-15
configuring sparse mode 33-15
displaying information 33-23
displaying statistics 33-27
enabling sparse-dense mode 33-15, 33-16
overview 33-3
PIM-DM 33-3
PIM on an interface, enabling 33-14
PIM-SM 33-4
PIM-SSM mapping, enabling 33-17
ping
executing 7-8
overview 7-7
ping command 7-8, 33-23
PoE 11-7, 11-8
configuring power consumption for single device 11-5
Enhanced PoE support on E-series 11-15
policing and monitoring 11-12
power consumption for powered devices
Intelligent Power Management 11-4
powering down a module 10-21
power management modes 11-3
PoE policing
configuring errdisable recovery 11-14
configuring on an interface 11-13
displaying on an interface 11-14
power modes 11-12
point-to-point
in 802.1X authentication (figure) 40-3
police command 37-33
policed-DSCP map 37-54
policers
description 37-6
types of 37-10
policies
See QoS policies
policing
how to implement 37-68
See QoS policing
policing, PoE 11-12
policing IPv6 control traffic 44-17
policy associations, QoS on Sup 6-E 37-85
policy-map command 37-29, 37-31
policy map marking action, configuring 37-73
policy maps
attaching to interfaces 37-35
configuring 37-31
port ACLs
and voice VLAN 47-5
defined 47-3
Port Aggregation Protocol
see PAgP
port-based authentication
802.1X with voice VLAN 40-22
Authentication Failed VLAN assignment 40-17
authentication server
defined 42-2
changing the quiet period 40-81
client, defined 40-3, 42-2
configuration guidelines 40-28, 42-6
configure ACL assignments and redirect URLs 40-38
configure switch-to-RADIUS server communication 40-32
configure with Authentication Failed 40-68
configure with Critical Authentication 40-60
configure with Guest-VLANs 40-55
configure with MAC Authentication Bypass 40-58
configure with VLAN User Distribution 40-65
configure with Voice VLAN 40-70
configuring
Multiple Domain Authentication and Multiple Authorization 40-34
RADIUS server 42-10
RADIUS server parameters on the switch 42-9
configuring Fallback Authentication 40-73
configuring Guest-VLAN 40-32
configuring manual re-authentication of a client 40-91
configuring with Unidirectional Controlled Port 40-63
controlling authorization state 40-5
default configuration 40-27, 42-6
described 40-1
device roles 40-2, 42-2
displaying statistics 40-113, 42-14
enabling 40-28
802.1X authentication 42-9
enabling multiple hosts 40-80
enabling periodic re-authentication 40-78
encapsulation 40-3
host mode 40-6
how 802.1X fails on a port 40-25
initiation and message exchange 40-4
method lists 40-28
modes 40-6
multidomain authentication 40-22
multiple-hosts mode, described 40-7
port security
multiple-hosts mode 40-7
ports not supported 40-5
pre-authentication open access 40-8
resetting to default values 40-92
setting retransmission number 40-83
setting retransmission time 40-82
switch
as proxy 42-2
switch supplicant
configuring 40-85
overview 40-24
topologies, supported 40-25
using with ACL assignments and redirect URLs 40-20
using with port security 40-19
with Critical Authentication 40-14
with Guest VLANs 40-11
with MAC Authentication Bypass 40-12
with Unidirectional Controlled Port 40-15
with VLAN assignment 40-10
with VLAN User Distribution 40-16
port-based QoS features
See QoS
port-channel interfaces
See also EtherChannel
creating 22-7
overview 22-2
port-channel load-balance
command 22-13
command example 22-13
port-channel load-balance command 22-14
port cost (STP)
configuring 18-15
port description TLV 27-2
PortFast
and MST 18-23
BPDU filter, configuring 21-10
configuring or enabling 21-16
overview 21-7
PortFast BPDU filtering
and MST 18-23
enabling 21-10
overview 21-9
port numbering with TwinGig Convertors 6-13
port priority
configuring MST instances 18-32
configuring STP 18-13
ports
blocking 49-1
checking status 7-2
dynamic VLAN membership
example 13-29
reconfirming 13-26
forwarding, resuming 49-3
REP 20-6
See also interfaces
port security
aging 43-5
and QoS trusted boundary 37-21
configuring 43-7
displaying 43-28
guidelines and restrictions 43-33
on access ports 43-7, 43-22
on private VLAN 43-14
host 43-14
over Layer 2 EtherChannel 43-33
promiscuous 43-16
topology 43-15, 43-18, 43-33
on trunk port 43-17
guidelines and restrictions 43-15, 43-18, 43-33
port mode changes 43-22
on voice ports 43-22
sticky learning 43-5
using with 802.1X 40-19
violations 43-6
with 802.1X Authentication 43-32
with DHCP and IP Source Guard 43-31
with other features 43-33
port states
description 18-5
port trust state
See trust states
port VLAN ID TLV 27-2
power
inline 38-5
power dc input command 10-19
power handling for Supervisor Engine II-TS 11-12
power inline command 11-3
power inline consumption command 11-5
power management
Catalyst 4500 series 10-6
Catalyst 4500 Switch power supplies 10-13
Catalyst 4948 series 10-22
configuring combined mode 10-12
configuring redundant mode 10-11
overview 10-1
redundancy 10-6
power management for Catalyst 4500 Switch
combined mode 10-8
redundant mode 10-8
power management limitations in Catalyst 4500 Switch 10-9
power management mode
selecting 10-8
power management TLV 27-2, 27-8
power negotiation
through LLDP 27-10
Power-On-Self-Test diagnostics 62-10, 62-21
Power-On-Self-Test for Supervisor Engine V-10GE 62-15
power redundancy-mode command 10-12
power supplies
available power for Catalyst 4500 Switch 10-13
fixed 10-7
variable 10-7, 10-22
pre-authentication open access 40-8
pre-authentication open access. See port-based authentication.
preempt delay time, REP 20-5
primary edge port, REP 20-4
primary VLANs 39-2, 39-4
associating with secondary VLANs 39-16
configuring as a PVLAN 39-15
priority
overriding CoS of incoming frames 38-5
priority queuing, QoS on Sup 6-E 37-80
private VLAN
configure port security 43-14, 43-15
enabling DHCP Snooping 45-12
private VLANs
across multiple switches 39-5
and SVIs 39-10
benefits of 39-2
community ports 39-3
community VLANs 39-2, 39-3
default configuration 39-12
end station access to 39-3
isolated port 39-4
isolated VLANs 39-2, 39-3, 39-4
ports
community 39-3
isolated 39-4
promiscuous 39-4
primary VLANs 39-2, 39-4
promiscuous ports 39-4
secondary VLANs 39-2
subdomains 39-2
traffic in 39-9
privileged EXEC mode 2-5
privileges
changing default 3-23
configuring levels 3-23
exiting 3-24
logging in 3-24
promiscuous ports
configuring PVLAN 39-17
defined 39-4
setting mode 39-24
protocol timers 18-4
provider edge devices 36-2
pruning, VTP
See VTP pruning
pseudobridges
description 18-25
PVACL 45-19
PVID (port VLAN ID)
and 802.1X with voice VLAN ports 40-22
PVLAN promiscuous trunk port
configuring 39-11, 39-17, 39-21
PVLANs
802.1q support 39-14
across multiple switches 39-5
configuration guidelines 39-12
configure port security 43-14, 43-16, 43-18
configure port security in a wireless setting 43-33
configure port security over Layer 2 EtherChannel 43-33
configuring 39-11
configuring a VLAN 39-15
configuring promiscuous ports 39-17
host ports
configuring a Layer 2 interface 39-18
setting 39-24
overview 39-1
permitting routing, example 39-23
promiscuous mode
setting 39-24
setting
interface mode 39-24
Q
QoS
allocating bandwidth 37-51
and software processed packets 37-16
auto-QoS
configuration and defaults display 37-60
configuration guidelines 37-58
described 37-56
displaying 37-60
effects on NVRAM configuration 37-58
enabling for VoIP 37-59
basic model 37-6
burst size 37-27
classification 37-6 to 37-10
configuration guidelines 37-19
auto-QoS 37-58
configuring
auto-QoS 37-56
DSCP maps 37-53
dynamic buffer limiting 37-22
traffic shaping 37-52
trusted boundary 37-21
configuring UBRL 37-37
configuring VLAN-based on Layer 2 interfaces 37-46
creating named aggregate policers 37-26
creating policing rules 37-28
default auto configuration 37-57
default configuration 37-18
definitions 37-4
disabling on interfaces 37-35
enabling and disabling 37-46
enabling hierarchical policers 37-41
enabling on interfaces 37-35
enabling per-port per-VLAN 37-43
flowcharts 37-8, 37-12
IP phones
automatic classification and queueing 37-57
detection and trusted settings 37-21, 37-57
overview 37-2
overview of per-port per-VLAN 37-16
packet modification 37-16
port-based 37-46
priority 37-15
traffic shaping 37-16
transmit rate 37-52
trust states
trusted device 37-21
VLAN-based 37-46
See also COS; DSCP values; transmit queues
QoS active queue management
tracking queue length 37-14
QoS labels
definition 37-4
QoS mapping tables
CoS-to-DSCP 37-53
DSCP-to-CoS 37-55
policed-DSCP 37-54
types 37-14
QoS marking
description 37-5
QoS on Sup 6-E
Active Queue management via DBL 37-84
active queue management via DBL 37-78, 37-84
classification 37-66
configuring 37-63
configuring CoS mutation 37-88
configuring the policy map marking action 37-73
hardware capabilities for marking 37-73
how to implement policing 37-68
marking action drivers 37-71
marking network traffic 37-69
MQC-based QoS configuration 37-63
multi-attribute marking support 37-73
platform hardware capabilities 37-66
platform restrictions 37-68
platform-supported classification criteria and QoS features 37-63, 37-65
policing 37-67
policy associations 37-85
prerequisites for applying a service policy 37-66
priority queuing 37-80
queue-limiting 37-82
restrictions for applying a service policy 37-66
shaping 37-76
sharing(bandwidth) 37-78
sharing(blandwidth), shapring, and priority queuing 37-75
software QoS 37-87
traffic marking procedure flowchart 37-72
QoS policers
burst size 37-27
types of 37-10
QoS policing
definition 37-5
described 37-6, 37-10
QoS policy
attaching to interfaces 37-11
overview of configuration 37-28
QoS service policy
prerequisites 37-66
restrictions for applying 37-66
QoS transmit queues
allocating bandwidth 37-51
burst 37-16
configuring traffic shaping 37-52
mapping DHCP values to 37-51
maximum rate 37-16
overview 37-14
sharing link bandwidth 37-15
QoS transmit queues, configuring 37-50
Quality of service
See QoS
queueing 37-6, 37-14
queue-limiting, QoS on Sup 6-E 37-82
R
RADIUS
attributes
vendor-proprietary 40-111
vendor-specific 40-109
change of authorization 40-94
configuring
accounting 40-108
authentication 40-103
authorization 40-107
communication, global 40-101, 40-109
communication, per-server 40-100, 40-101
multiple UDP ports 40-101
default configuration 40-100
defining AAA server groups 40-105
displaying the configuration 40-113
identifying the server 40-100
limiting the services to the user 40-107
method list, defined 40-100
operation of 40-94
server load balancing 40-113
suggested network environments 40-93
tracking services accessed by user 40-108
understanding 40-93
RADIUS, controlling switch access with 40-92
RADIUS Change of Authorization 40-94
RADIUS server
configure to-Switch communication 40-32
configuring settings 40-34
parameters on the switch 40-32
RA Guard
configuring 47-45
deployment 47-44
examples 47-45
introduction 47-43
usage guidelines 47-46
range command 6-4
range macros
defining 6-10
ranges of interfaces
configuring 6-4
Rapid Spanning Tree
See RSTP
rcommand command 12-13
re-authentication of a client
configuring manual 40-91
enabling periodic 40-78
redirect URLs, port-based authentication 40-20
reduced MAC address 18-2
redundancy
configuring 8-8
guidelines and restrictions 8-5
changes made through SNMP 8-12
NSF-aware support 9-2
NSF-capable support 9-2
overview 8-2
redundancy command 8-8
understanding synchronization 8-4
redundancy (NSF) 9-1
configuring
BGP 9-12
CEF 9-11
EIGRP 9-17
IS-IS 9-14
OSPF 9-13
routing protocols 9-5
redundancy (RPR)
route processor redundancy 8-3
synchronization 8-5
redundancy (SSO)
redundancy command 9-10
route processor redundancy 8-3
synchronization 8-5
reload command 3-28, 3-29
Remote Authentication Dial-In User Service
See RADIUS
remote failure indications 57-34
remote loopback, Ethernet OAM 57-34, 57-37
Remote Network Monitoring
See RMON
rendezvous point, configuring 33-17
rendezvous point, configuring single static 33-20
REP
administrative VLAN 20-8
administrative VLAN, configuring 20-9
and STP 20-6
configuration guidelines 20-7
configuring interfaces 20-10
convergence 20-4
default configuration 20-7
manual preemption, configuring 20-13
monitoring 20-14
neighbor offset numbers 20-5
open segment 20-2
ports 20-6
preempt delay time 20-5
primary edge port 20-4
ring segment 20-2
secondary edge port 20-4
segments 20-1
characteristics 20-2
SNMP traps, configuring 20-14
supported interfaces 20-1
triggering VLAN load balancing 20-6
verifying link integrity 20-4
VLAN blocking 20-13
VLAN load balancing 20-4
replication
description 33-9
report suppression, IGMP
disabling 24-10
reserved-range VLANs
See VLANs
reset command 63-3
resetting an interface to default configuration 6-34
resetting a switch to defaults 3-32
Resilient Ethernet ProtocolLSee REP
responder, IP SLAs
described 60-4
enabling 60-8
response time, measuring with IP SLAs 60-5
restricting access
NTP services 4-8
RADIUS 40-92
TACACS+ 3-15
retransmission number
setting in 802.1X authentication 40-83
retransmission time
changing in 802.1X authentication 40-82
RFC
1157, SNMPv1 54-2
1305, NTP 4-2
1757, RMON 61-2
1901, SNMPv2C 54-2
1902 to 1907, SNMPv2 54-2
2273-2275, SNMPv3 54-2
RFC 5176 Compliance 40-95
RIP
description 1-15
for IPv6 48-5
RMON
default configuration 61-3
displaying status 61-6
enabling alarms and events 61-3
groups supported 61-2
overview 61-1
ROM monitor
boot process and 3-26
CLI 2-7
commands 63-2 to 63-3
debug commands 63-5
entering 63-1
exiting 63-6
overview 63-1
root bridge
configuring 18-10
selecting in MST 18-22
root guard
and MST 18-23
enabling 21-2
overview 21-2
routed packets
ACLs 47-34
route-map (IP) command 35-6
route maps
defining 35-6
PBR 35-2
router ACLs
description 47-3
using with VLAN maps 47-32
router ACLs, using PACL with VLAN maps 47-41
route targets
VPN 36-3
Routing Information Protocol
See RIP
RPF
<Emphasis>See Unicast RPF
RSPAN
configuration guidelines 51-16
destination ports 51-5
IDS 51-2
monitored ports 51-4
monitoring ports 51-5
received traffic 51-3
sessions
creating 51-17
defined 51-3
limiting source traffic to specific VLANs 51-23
monitoring VLANs 51-22
removing source (monitored) ports 51-21
specifying monitored ports 51-17
source ports 51-4
transmitted traffic 51-4
VLAN-based 51-5
RSTP
compatibility 18-23
description 18-22
port roles 18-24
port states 18-24
S
SAID
See 802.10 SAID
scheduling 37-14
defined 37-5
overview 37-6
scheduling, IP SLAs operations 60-6
secondary edge port, REP 20-4
secondary root switch 18-12
secondary VLANs 39-2
associating with primary 39-16
permitting routing 39-23
security
configuring 44-1
Security Association Identifier
See 802.10 SAID
selecting a power management mode 10-8
selecting X2/TwinGig Convertor Mode 6-14
sequence numbers in log messages 52-7
server IDs
description 59-23
service policy, configure class-level queue-limit 37-82
service-policy command 37-29
service-policy input command 29-2, 37-35
service-provider networks
and customer VLANs 25-2
set default interface command 35-7
set interface command 35-7
set ip default next-hop command 35-7
set ip next-hop command 35-6
set-request operation 54-4
severity levels, defining in system messages 52-8
shaping, QoS on Sup 6-E 37-76
sharing(bandwidth), QoS on Sup 6-E 37-78
Shell functions
See Auto SmartPorts macros
See Auto Smartports macros
Shell triggers
See Auto SmartPorts macros
See Auto Smartports macros
show adjacency command 31-9
show boot command 3-32
show catalyst4000 chassis-mac-address command 18-3
show cdp command 26-2, 26-3
show cdp entry command 26-4
show cdp interface command 26-3
show cdp neighbors command 26-4
show cdp traffic command 26-4
show ciscoview package command 4-39
show ciscoview version command 4-39
show cluster members command 12-13
show configuration command 6-20
show debugging command 26-4
show environment command 10-2
show history command 2-4
show interfaces command 6-25, 6-26, 6-31, 6-33
show interfaces status command 7-2
show ip cache flow aggregation destination-prefix command 56-12
show ip cache flow aggregation prefix command 56-12
show ip cache flow aggregation source-prefix command 56-12
show ip cache flow command 56-9
show ip cef command 31-8
show ip eigrp interfaces command 30-19
show ip eigrp neighbors command 30-19
show ip eigrp topology command 30-19
show ip eigrp traffic command 30-19
show ip interface command 33-23
show ip local policy command 35-8
show ip mroute command 33-23
show ip pim interface command 33-23
show l2protocol command 25-18
show lldp traffic command 27-14
show mac-address-table address command 7-3
show mac-address-table interface command 7-3
show mls entry command 31-8
show module command 7-1, 18-6
show PoE consumed 11-8
show power inline command 11-6
show power supplies command 10-12
show protocols command 6-31
show running-config command
adding description for an interface 6-20
checking your settings 3-9
displaying ACLs 47-26, 47-29, 47-38, 47-39
show startup-config command 3-10
show users command 7-6
show version command 3-29
shutdown, command 6-32
shutdown threshold for Layer 2 protocol packets 25-16
shutting down
interfaces 6-31
Simple Network Management Protocol
See SNMP
single-host mode 40-7
single spanning tree
See SST
single static RP, configuring 33-20
slot numbers, description 6-2
smart call home 59-1
description 59-2
destination profile (note) 59-5
registration requirements 59-3
service contract requirements 59-3
Transport Gateway (TG) aggregation point 59-2
SMARTnet
smart call home registration 59-3
Smartports macros
applying global parameter values 16-9, 16-15, 16-16
applying macros 16-9
applying parameter values 16-9
configuration guidelines 16-6, 16-15
configuring 16-2
creating 16-8
default configuration 16-4, 16-14
defined 1-7, 16-1
displaying 16-14
tracing 16-7, 16-15
SNMP
accessing MIB variables with 54-4
agent
described 54-4
disabling 54-7
and IP SLAs 60-3
authentication level 54-10
community strings
configuring 54-7
overview 54-4
configuration examples 54-15
configuration guidelines 54-6
default configuration 54-5
enabling 65-4, 65-5
engine ID 54-6
groups 54-6, 54-9
host 54-6
informs
and trap keyword 54-11
described 54-5
differences from traps 54-5
enabling 54-14
limiting access by TFTP servers 54-15
limiting system log messages to NMS 52-9
manager functions 54-3
notifications 54-5
overview 54-1, 54-4
status, displaying 54-16
system contact and location 54-14
trap manager, configuring 54-13
traps
described 54-3, 54-5
differences from informs 54-5
enabling 54-11
enabling MAC address notification 4-22
enabling MAC move notification 4-24
enabling MAC threshold notification 4-26
overview 54-1, 54-4
types of 54-11
users 54-6, 54-9
versions supported 54-2
SNMP commands 65-4
SNMP traps
REP 20-14
SNMPv1 54-2
SNMPv2C 54-2
SNMPv3 54-2
software
upgrading 8-13
software configuration register 3-26
software QoS, on Sup 6-E 37-87
software switching
description 31-5
interfaces 31-6
key data structures used 33-8
source IDs
call home event format 59-22
SPAN
and ACLs 51-5
configuration guidelines 51-7
configuring 51-7 to 51-10
destination ports 51-5
IDS 51-2
monitored port, defined 51-4
monitoring port, defined 51-5
received traffic 51-3
sessions
defined 51-3
source ports 51-4
transmitted traffic 51-4
VLAN-based 51-5
SPAN and RSPAN
concepts and terminology 51-3
default configuration 51-6
displaying status 51-25
overview 51-1
session limits 51-6
SPAN enhancements
access list filtering 51-13
configuration example 51-16
CPU port sniffing 51-10
encapsulation configuration 51-12
ingress packets 51-12
packet type filtering 51-15
spanning-tree backbonefast command 21-16
spanning-tree cost command 18-16
spanning-tree guard root command 21-2
spanning-tree portfast bpdu-guard command 21-9
spanning-tree portfast command 21-7
spanning-tree port-priority command 18-13
spanning-tree uplinkfast command 21-13
spanning-tree vlan
command 18-9
command example 18-9
spanning-tree vlan command 18-8
spanning-tree vlan cost command 18-16
spanning-tree vlan forward-time command 18-19
spanning-tree vlan hello-time command 18-18
spanning-tree vlan max-age command 18-18
spanning-tree vlan port-priority command 18-13
spanning-tree vlan priority command 18-17
spanning-tree vlan root primary command 18-10
spanning-tree vlan root secondary command 18-12
speed
configuring interface 6-17
speed command 6-18
SSO
configuring 9-10
SSO operation 9-4
SST
description 18-22
interoperability 18-24
static ACL, removing the requirement 47-36
static addresses
See addresses
static routes
configuring 3-11
verifying 3-12
statistics
802.1X 42-14
displaying 802.1X 40-113
displaying PIM 33-27
LLDP 27-13
LLDP-MED 27-13
NetFlow accounting 56-9
SNMP input and output 54-16
sticky learning
configuration file 43-6
defined 43-5
disabling 43-6
enabling 43-5
saving addresses 43-6
sticky MAC addresses
configuring 43-7
defined 43-4
Storm Control
displaying 50-8
enabling Broadcast 50-3
enabling Multicast 50-4
hardware-based, implementing 50-2
overview 50-1
software-based, implementing 50-3
STP
and REP 20-6
bridge ID 18-2
configuring 18-7 to 18-20
creating topology 18-5
defaults 18-7
disabling 18-20
enabling 18-8
enabling extended system ID 18-9
enabling Per-VLAN Rapid Spanning Tree 18-20
EtherChannel guard
disabling 21-7
forward-delay time 18-19
hello time 18-17
Layer 2 protocol tunneling 25-13
maximum aging time 18-18
overview 18-1, 18-3
per-VLAN rapid spanning tree 18-6
port cost 18-15
port priority 18-13
root bridge 18-10
stratum, NTP 4-2
stub routing (EIGRP)
benefits 30-17
configuration tasks 30-18
configuring 30-14
overview 30-13, 30-14
restrictions 30-17
verifying 30-18
subdomains, private VLAN 39-2
summer time 4-13
supervisor engine
accessing the redundant 8-15
configuring 3-8 to 3-13
copying files to standby 8-15
default configuration 3-1
default gateways 3-11
environmental monitoring 10-1
redundancy 9-1
ROM monitor 3-26
startup configuration 3-25
static routes 3-11
synchronizing configurations 8-11
Supervisor Engine II-TS
insufficient inline power handling 10-19, 11-12
Smartports macros
See also Auto Smartports macros
SVI Autostate Exclude
understanding 30-3
SVI Autostate exclude
configuring 30-7
S-VLAN 1-2, 25-7
switch 48-2
switch access with RADIUS, controlling 40-92
switched packets
and ACLs 47-33
Switched Port Analyzer
See SPAN
switching, NetFlow
checking for required hardware 56-6
configuration (example) 56-13
configuring switched IP flows 56-8
enabling Collection 56-7
exporting cache entries 56-9
switchport
show interfaces 6-25, 6-26, 6-33
switchport access vlan command 15-6, 15-8
switchport block multicast command 49-2
switchport block unicast command 49-2
switchport mode access command 15-8
switchport mode dot1q-tunnel command 25-6
switchport mode dynamic command 15-6
switchport mode trunk command 15-6
switch ports
See access ports
switchport trunk allowed vlan command 15-6
switchport trunk encapsulation command 15-6
switchport trunk encapsulation dot1q command 15-3
switchport trunk encapsulation isl command 15-3
switchport trunk encapsulation negotiate command 15-3
switchport trunk native vlan command 15-6
switchport trunk pruning vlan command 15-7
switch-to-RADIUS server communication
configuring 40-32
sysret command 63-5
system
reviewing configuration 3-10
settings at startup 3-27
system alarms
on Sup 2+ to V-10GE 10-5
on Sup 6-E 10-5
overview 10-4
system and network statistics, displaying 33-23
system capabilities TLV 27-2
system clock
configuring
daylight saving time 4-13
manually 4-11
summer time 4-13
time zones 4-12
displaying the time and date 4-12
overview 4-2
See also NTP
system description TLV 27-2
system images
loading from Flash memory 3-30
modifying boot field 3-27
specifying 3-30
system message logging
default configuration 52-3
defining error message severity levels 52-8
disabling 52-4
displaying the configuration 52-12
enabling 52-4
facility keywords, described 52-12
level keywords, described 52-9
limiting messages 52-9
message format 52-2
overview 52-1
sequence numbers, enabling and disabling 52-7
setting the display destination device 52-5
synchronizing log messages 52-6
timestamps, enabling and disabling 52-7
UNIX syslog servers
configuring the daemon 52-10
configuring the logging facility 52-11
facilities supported 52-12
system MTU
802.1Q tunneling 25-5
maximums 25-5
system name
manual configuration 4-15
See also DNS
system name TLV 27-2
system prompt, default setting 4-14
T
TACACS+ 44-1
accounting, defined 3-16
authentication, defined 3-16
authorization, defined 3-16
configuring
accounting 3-21
authentication key 3-18
authorization 3-21
login authentication 3-19
default configuration 3-18
displaying the configuration 3-22
identifying the server 3-18
limiting the services to the user 3-21
operation of 3-17
overview 3-15
tracking services accessed by user 3-21
tagged packets
802.1Q 25-3
Layer 2 protocol 25-13
TCAM programming algorithm
changing 47-9
TCAM programming algorithm, overview 47-8
TCAM programming and ACLs 47-11, 47-13
for Sup II-Plust thru V-10GE 47-7
TCAM programming and ACLs for Sup 6-E 47-16
TCAM region, changing the algorithm 47-9
TCAM region, resizing 47-11
TDR
checking cable connectivity 7-3
enabling and disabling test 7-3
guidelines 7-3
Telnet
accessing CLI 2-2
disconnecting user sessions 7-7
executing 7-5
monitoring user sessions 7-6
telnet command 7-6
templates, Ethernet OAM 57-45
Terminal Access Controller Access Control System Plus
See TACACS+
TFTP
configuration files in base directory 3-5
configuring for autoconfiguration 3-4
limiting access by servers 54-15
TFTP download
See also console download
threshold monitoring, IP SLAs 60-6
time
See NTP and system clock
Time Domain Reflectometer
See TDR
time exceeded messages 7-9
timer
See login timer
timestamps in log messages 52-7
time zones 4-12
TLV
host presence detection 40-8
TLVs
defined 1-5, 27-2
LLDP-MED 27-2
Token Ring
media not supported (note) 13-5, 13-10
Topology change notification processing
MLD Snooping
Topology change notification processing 24-4
TOS
description 37-4
trace command 7-9
traceroute
See IP traceroute
See Layer 2 Traceroute
traceroute mac command 7-11
traceroute mac ip command 7-11
traffic
blocking flooded 49-2
traffic control
using ACLs (figure) 47-4
using VLAN maps (figure) 47-6
traffic marking procedure flowchart 37-72
traffic shaping 37-16
translational bridge numbers (defaults) 13-5
transmit queues
See QoS transmit queues
transmit rate 37-52
traps
configuring MAC address notification 4-22
configuring MAC move notification 4-24
configuring MAC threshold notification 4-26
configuring managers 54-11
defined 54-3
enabling 4-22, 4-24, 4-26, 54-11
notification types 54-11
overview 54-1, 54-4
troubleshooting
with CiscoWorks 54-4
with system message logging 52-1
with traceroute 7-8
troubleshooting high CPU due to ACLs 47-12
trunk failover
See link-state tracking
trunk ports
configure port security 43-17
configuring PVLAN 39-19 to 39-21
trunks
802.1Q restrictions 15-5
configuring 15-6
configuring access VLANs 15-6
configuring allowed VLANs 15-6
default interface configuration 15-6
different VTP domains 15-3
enabling to non-DTP device 15-4
encapsulation 15-3
specifying native VLAN 15-6
understanding 15-3
trusted boundary for QoS 37-21
trustpoint 59-3
Trust State of interfaces, configuring
trust states
configuring 37-48
tunneling
defined 25-1
tunnel ports
802.1Q, configuring 25-6
described 25-2
incompatibilities with other features 25-5
TwinGig Convertors
limitations on using 6-14
port numbering 6-13
selecting X2/TwinGig Convertor mode 6-14
type length value
See TLV
type of service
See TOS
U
UDLD
configuring probe message interval per-interface 28-8
default configuration 28-4
disabling on fiber-optic interfaces 28-7
disabling on non-fiber-optic interfaces 28-7
displaying link status 28-9
enabling globally 28-5
enabling per-interface 28-6
modes of operation 28-3
resetting disabled LAN interfaces 28-8
use case 28-2
UDLD, overview 28-1
UDP jitter, configuring 60-9
UDP jitter operation, IP SLAs 60-9
unauthorized ports with 802.1X 40-5
unicast
See IP unicast
unicast flood blocking
configuring 49-1
unicast MAC address filtering
and adding static addresses 4-29
and broadcast MAC addresses 4-28
and CPU packets 4-28
and multicast addresses 4-28
and router MAC addresses 4-28
configuration guidelines 4-28
described 4-28
unicast MAC address filtering, configuring
ACLs
configuring unicast MAC address filtering 47-20
Unicast RPF (Unicast Reverse Path Forwarding)
applying 32-5
BGP attributes
caution 32-5
CEF
requirement 32-2
tables 32-7
configuring 32-9
(examples) ?? to 32-12
BOOTP 32-8
DHCP 32-8
enterprise network (figure) 32-6
prerequisites 32-9
routing table requirements 32-7
tasks 32-9
verifying 32-10
deploying 32-5
description 32-2
disabling 32-11
enterprise network (figure) 32-6
FIB 32-2
implementing 32-4
packets, dropping (figure) 32-4
prerequisites 32-9
restrictions
basic 32-8
routing asymmetry 32-7
routing asymmetry (figure) 32-8
routing table requirements 32-7
security policy
applying 32-5
attacks, mitigating 32-5
deploying 32-5
tunneling 32-5
source addresses, validating 32-3
(figure) 32-3, 32-4
failure 32-3
traffic filtering 32-5
tunneling 32-5
validation
failure 32-3, 32-4
packets, dropping 32-3
source addresses 32-3
verifying 32-10
unicast traffic
blocking 49-2
Unidirectional Controlled Port, configuring 802.1X 40-63
unidirectional ethernet
enabling 29-2
example of setting 29-2
overview 29-1
UniDirectional Link Detection Protocol
See UDLD
UNIX syslog servers
daemon configuration 52-10
facilities supported 52-12
message logging configuration 52-11
UplinkFast
and MST 18-23
enabling 21-16
MST and 18-23
overview 21-11
User Based Rate Limiting
configuring 37-38
overview 37-37
user-defined event triggers
configuring, 802.1X-based 17-7
configuring, MAC address-based 17-8
User-defined triggers and built-in macros, configuring mapping 17-9
user EXEC mode 2-5
user sessions
disconnecting 7-7
monitoring 7-6
V
VACLs
Layer 4 port operations 47-16
virtual configuration register 63-3
virtual LANs
See VLANs
Virtual Private Network
See VPN
Virtual Switch System(VSS), displaying EtherChannel to 22-16
VLAN ACLs
See VLAN maps
VLAN-based QoS on Layer 2 interfaces, configuring 37-46
VLAN blocking, REP 20-13
vlan command 13-6
vlan dot1q tag native command 25-4
VLAN ID
service provider 25-9
VLAN ID, discovering 4-35
VLAN ID translation
See VLAN mapping
VLAN load balancing
REP 20-4
VLAN load balancing, triggering 20-6
VLAN load balancing on flex links 19-2
configuration guidelines 19-6
VLAN Management Policy Server
See VMPS
VLAN mapping
1-to-1 25-8
1-to-1, configuring 25-11
configuration guidelines 25-10
configuring 25-11
configuring on a trunk port 25-11
default 25-9
described 1-2, 25-7
selective QinQ 25-8
selective Q-in-Q, configuring 25-12
traditional QinQ 25-8
traditional Q-in-Q, configuring 25-12
types of 25-8
VLAN maps
applying to a VLAN 47-29
configuration example 47-30
configuration guidelines 47-25
configuring 47-24
creating and deleting entries 47-26
defined 47-3
denying access example 47-31
denying packets 47-26
displaying 47-32
order of entries 47-25
permitting packets 47-26
router ACLs and 47-32
using (figure) 47-5
using in your network 47-29
VLAN maps, PACL and Router ACLs 47-41
VLANs
allowed on trunk 15-6
configuration guidelines 13-3
configuring 13-5
configuring as Layer 3 interfaces 30-7
customer numbering in service-provider networks 25-3
default configuration 13-4
description 1-10
extended range 13-3
IDs (default) 13-5
interface assignment 13-7
limiting source traffic with RSPAN 51-23
monitoring with RSPAN 51-22
name (default) 13-5
normal range 13-3
overview 13-1
reserved range 13-3
See also PVLANs
VLAN Trunking Protocol
See VTP
VLAN trunks
overview 15-3
VLAN User Distribution, configuring 802.1X 40-65
VMPS
configuration file example 13-32
configuring dynamic access ports on client 13-25
configuring retry interval 13-27
database configuration file 13-32
dynamic port membership
example 13-29
reconfirming 13-26
reconfirming assignments 13-26
reconfirming membership interval 13-26
server overview 13-21
VMPS client
administering and monitoring 13-28
configure switch
configure reconfirmation interval 13-26
dynamic ports 13-25
entering IP VMPS address 13-24
reconfirmation interval 13-27
reconfirm VLAM membership 13-26
default configuration 13-24
dynamic VLAN membership overview 13-23
troubleshooting dynamic port VLAN membership 13-29
VMPS server
fall-back VLAN 13-23
illegal VMPS client requests 13-23
overview 13-21
security modes
multiple 13-22
open 13-22
secure 13-22
voice interfaces
configuring 38-1
Voice over IP
configuring 38-1
voice ports
configuring VVID 38-3
voice traffic 11-2, 38-5
voice VLAN
IP phone data traffic, described 38-2
IP phone voice traffic, described 38-2
Voice VLAN, configure 802.1X 40-70
voice VLAN ports
using 802.1X 40-22
VPN
configuring routing in 36-12
forwarding 36-3
in service provider networks 36-1
routes 36-2
routing and forwarding table
See VRF
VRF
defining 36-3
tables 36-1
VRF-aware services
ARP 36-6, 36-9
configuring 36-6
ftp 36-8
ping 36-6
SNMP 36-7
syslog 36-8
tftp 36-8
traceroute 36-8
uRPF 36-7
VRF-lite
description 1-18
VTP
client, configuring 13-16
configuration guidelines 13-12
default configuration 13-13
disabling 13-16
Layer 2 protocol tunneling 25-14
monitoring 13-19
overview 13-8
pruning
configuring 13-15
See also VTP version 2
server, configuring 13-16
statistics 13-19
transparent mode, configuring 13-16
version 2
enabling 13-15
VTP advertisements
description 13-9
VTP domains
description 13-8
VTP modes 13-9
VTP pruning
overview 13-11
VTP versions 2 and 3
overview 13-9
See also VTP
VTY and Network Assistant 12-12
VVID (voice VLAN ID)
and 802.1X authentication 40-22
configuring 38-3
W
WCCP
configuration examples 64-10
configuring on a router 64-2, 64-11
features 64-4
restrictions 64-5
service groups 64-6
web-based authentication
authentication proxy web pages 42-4
description 1-30, 40-14, 42-1
web-based authentication, interactions with other features 42-4
Web Cache Communication Protocol
See WCCP 64-1
web caches
See cache engines
web cache services
description 64-4
web caching
See web cache services
See also WCCP
web scaling 64-1
Y
Y.1731
default configuration 57-29
described 57-27
ETH-AIS
Ethernet Alarm Signal function (ETH-AIS)
57-28
ETH-RDI 57-28
multicast Ethernet loopback 57-31
multicast ETH-LB 57-29
terminology 57-27