Catalyst 4500 Series Switch SW Configuration Guide, Release IOS-XE 3.2.xSG
Index file
Downloads: This chapterpdf (PDF - 1.2MB) The complete bookPDF (PDF - 12.0MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - Y -

Index

ACLs

applying IPv6 ACLs to a Layer 3 interface 43-16, 43-17

Numerics

10/100 autonegotiation feature, forced 7-13

10-Gigabit Ethernet or Gigabit Ethernet ports

deploy on WS-X4606-10GE-E and Sup 6-E 7-7

10-Gigabit Ethernet port

deploy with Gigabit Ethernet SFP ports 7-7

1400 W DC Power supply

special considerations 11-17

1400 W DC SP Triple Input power supply

special considerations 11-18

802.10 SAID (default) 13-5

802.1Q

trunks 17-6

tunneling

compatibility with other features 23-5

defaults 23-3

described 23-2

tunnel ports with other features 23-6

802.1Q VLANs

encapsulation 15-3

trunk restrictions 15-5

802.1s

See MST

802.1w

See MST

802.1X

See port-based authentication

802.1X authentication

for Critical Authentication 37-13

for guest VLANs 37-10

for MAC Authentication Bypass 37-11

for Wake-on-LAN 37-14

web-based authentication 37-13

with port security 37-17

with VLAN assignment 37-9

with voice VLAN ports 37-20

802.1X Host Mode 37-6

multiauthentication mode 37-8

multidomain authentication mode 37-7

single-host 37-7

802.3ad

See LACP

A

AAA 40-1

AAA (authentication, authorization, and accounting). See also port-based authentication. 38-1

abbreviating commands 2-5

access control entries

See ACEs

access control entries and lists 40-1

access-group mode, configuring on Layer 2 interface 43-31

access-group mode, using PACL with 43-30

access list filtering, SPAN enhancement 50-13

access ports

configure port security 39-7, 39-22

configuring 15-8

access VLANs 15-6

accounting

with TACACS+ 3-16, 3-21

ACEs

ACLs 43-2

IP 43-2

Layer 4 operation restrictions 43-9

ACEs and ACLs 40-1

ACL assignments, port-based authentication 37-18

ACL assignments and redirect URLs, configure 37-33

ACLs

ACEs 43-2

and SPAN 50-5

and TCAM programming for Sup II-Plus thru V-10GE 43-6

applying on routed packets 43-27

applying on switched packets 43-26

compatibility on the same switch 43-3

configuring with VLAN maps 43-25

CPU impact 43-11

downloadable 38-7

hardware and software support 43-5

IP, matching criteria for port ACLs 43-4

MAC extended 43-13

matching criteria for router ACLs 43-3

port

and voice VLAN 43-4

defined 43-3

limitations 43-5

processing 43-11

selecting mode of capturing control packets 43-7

troubleshooting high CPU 43-6

types supported 43-3

understanding 43-2

VLAN maps 43-5

ACLs and VLAN maps, examples 43-20

acronyms, list of A-1

action drivers, marking 34-20

active queue management 34-9

active queue management via DBL, QoS on Sup 6-E 34-33

active traffic monitoring, IP SLAs 48-1

adding members to a community 12-8

addresses

displaying the MAC address table 4-32

dynamic

changing the aging time 4-23

defined 4-21

learning 4-21

removing 4-24

IPv6 44-2

MAC, discovering 4-32

See MAC addresses

static

adding and removing 4-29

defined 4-21

address resolution 4-32

adjacency tables

description 28-2

displaying statistics 28-9

advertisements

LLDP 1-4, 24-2

advertisements, VTP

See VTP advertisements

aggregation switch, enabling DHCP snooping 41-9

aging time

MAC address table 4-23

All Auth manager sessions, displaying summary 37-69

All Auth manager sessions on the switch authorized for a specified authentication method 37-69

applying IPv6 ACLs to a Layer 3 interface 43-16, 43-17

AQM via DBL, QoS on Sup 6-E 34-33

ARP

defined 4-32

table

address resolution 4-32

managing 4-32

asymmetrical links, and 802.1Q tunneling 23-3

authentication

NTP associations 4-4

See also port-based authentication

TACACS+

defined 3-16

key 3-18

login 3-19

Authentication, Authorization, and Accounting (AAA) 40-1

Authentication Failed VLAN assignment

configure with 802.1X 37-54

Authentication methods registered with the Auth manager, determining 37-69

authentication open comand 37-8

authentication proxy web pages 38-4

authentication server

defined 37-3

RADIUS server 37-3

Auth manager session for an interface, verifying 37-70

Auth manager summary, displaying 37-69

authoritative time source, described 4-2

authorization

with TACACS+ 3-16, 3-21

authorized and unauthorized ports 37-4

authorized ports with 802.1X 37-4

autoconfiguration 3-2

automatic discovery

considerations 12-7

Auto-MDIX on a port

configuring 7-23

displaying the configuration 7-24

overview 7-22

autonegotiation feature

forced 10/100Mbps 7-13

auto-sync command 5-8

B

Baby Giants

interacting with 7-21

BackboneFast

adding a switch (figure) 18-4

and MST 17-23

configuring 18-16

link failure (figure) 18-14, 18-15

not supported MST 17-23

understanding 18-14

See also STP

banners

configuring

login 4-20

message-of-the-day login 4-18

default configuration 4-18

when displayed 4-17

b command 56-3

BGP 1-11

routing session with multi-VRF CE 32-11

blocking packets 45-1

blocking state (STP)

RSTP comparisons (table) 17-24

boot bootldr command 3-31

boot command 3-28

boot commands 56-3

boot fields

See configuration register boot fields

boot system command 3-26, 3-31

boot system flash command 3-28

Border Gateway Protocol

See BGP

boundary ports

description 17-27

BPDU Guard

and MST 17-23

configuring 18-16

overview 18-8

BPDUs

and media speed 17-2

pseudobridges and 17-25

what they contain 17-3

bridge ID

See STP bridge ID

bridge priority (STP) 17-16

bridge protocol data units

See BPDUs

Broadcast Storm Control

disabling 49-5

enabling 49-3

C

Call Home

description 1-16, 54-1

message format options 54-2

messages

format options 54-2

call home 54-1

alert groups 54-6

configuring e-mail options 54-9

contact information 54-4

default settings 54-19

destination profiles 54-5

displaying information 54-14

mail-server priority 54-10

pattern matching 54-9

periodic notification 54-8

rate limit messages 54-9

severity threshold 54-8

smart call home feature 54-2

SMTP server 54-9

testing communications 54-11

call home alert groups

configuring 54-6

description 54-6

subscribing 54-7

call home contacts

assigning information 54-4

call home destination profiles

attributes 54-5

configuring 54-5

description 54-5

displaying 54-17

call home notifications

full-txt format for syslog 54-26

XML format for syslog 54-35

candidates

automatic discovery 12-7

candidate switch, cluster

defined 12-12

requirements 12-12

Capturing control packets

selecting mode 43-7

cautions

Unicast RPF

BGP optional attributes 29-5

cautions for passwords

encrypting 3-22

CDP

automatic discovery in communities 12-7

configuration 20-2

defined with LLDP 24-1

displaying configuration 20-3

enabling on interfaces 20-3

host presence detection 37-8

maintaining 20-3

monitoring 20-3

overview 1-2, 20-1

cdp enable command 20-3

CEF

adjacency tables 28-2

and NSF with SSO 9-4

configuring load balancing 28-7

displaying statistics 28-8

enabling 28-6, 55-2

hardware switching 28-4

load balancing 28-6

overview 28-2

software switching 28-4

certificate authority (CA) 54-3

CFM

clearing 46-30

configuration guidelines 46-7, 47-4

configuring crosscheck for VLANs 46-10

configuring fault alarms 46-15

configuring port MEP 46-13

configuring static remote MEP 46-12, 46-13, 46-15, 46-17

crosscheck 46-5

defined 46-1

EtherChannel support 46-7, 47-4

fault alarms

configuring 46-15

IP SLAs support for 46-5

IP SLAs with endpoint discovers 46-20

maintenance domain 46-2

manually configuring IP SLAs ping or jitter 46-18

measuring network performance 46-5

monitoring 46-31, 46-32

port MEP, configuring 46-13

remote MEPs 46-5

static RMEP, configuring 46-12, 46-13, 46-15, 46-17

static RMEP check 46-5

Y.1731

described 46-26

CGMP

overview 21-1

channel-group group command 19-8, 19-10

Cisco 7600 series Internet router

enabling SNMP 57-4, 57-5

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco IOS IP SLAs 48-2

Cisco IOS NSF-aware

support 9-2

Cisco IOS NSF-capable support 9-2

Cisco IP Phones

configuring 35-3

sound quality 35-1

CiscoWorks 2000 52-4

CIST

description 17-22

civic location 24-3

class level, configure in a service policy 34-30

class of service

See CoS

clear cdp counters command 20-4

clear cdp table command 20-3

clear counters command 7-26

clearing

Ethernet CFM 46-30

IP multicast table entries 30-26

clear ip eigrp neighbors command 27-18

CLI

accessing 2-2

backing out one level 2-5

getting commands 2-5

history substitution 2-4

managing clusters 12-12

modes 2-5

monitoring environments 50-1

ROM monitor 2-7

software basics 2-4

clients

in 802.1X authentication 37-3

clock

See system clock

clustering switches

command switch characteristics 12-11, 12-12

and VTY 12-11

convert to a community 12-9

managing

through CLI 12-12

overview 12-11

planning considerations

CLI 12-12

passwords 12-8

command-line processing 2-3

command modes 2-5

commands

b 56-3

boot 56-3

dev 56-3

dir device 56-3

i 56-3

listing 2-5

reset 56-3

ROM monitor56-2to ??

SNMP 57-4

command switch, cluster

requirements 12-11

common and internal spanning tree

See CIST

common spanning tree

See CST

community of switches

access modes in Network Assistant 12-8

adding devices 12-8

candidate characterisitcs 12-6

communication protocols 12-8

community name 12-7

configuration information 12-8

converting from a cluster 12-9

host name 12-7

passwords 12-8

community ports 36-3

community strings

configuring 52-7

overview 52-4

community VLANs 36-2, 36-3

and SPAN features 36-13

configure as a PVLAN 36-15

compiling MIBs 57-4

config-register command 3-29

config terminal command 3-9

configurable leave timer,IGMP 21-4

configuration examples

SNMP 52-16

configuration files

limiting TFTP server access 52-15

obtaining with DHCP 3-6

saving 3-10

system contact and location information 52-15

configuration guidelines

CFM 46-7, 47-4

SNMP 52-6

configuration register

boot fields

listing value 3-29

modifying 3-28

changing from ROM monitor 56-3

changing settings3-28to 3-29

configuring 3-26

settings at startup 3-27

configure class-level queue-limit in a service policy 34-30

configure terminal command 3-29, 7-2

configuring access-group mode on Layer 2 interface 43-31

configuring flow control 7-15

configuring interface link and trunk status envents 7-27

configuring named IPv6 ACLs 43-15

configuring named MAC extended ACLs 43-13, 43-14

configuring unicast MAC address filtering 43-13

configuring VLAN maps 43-18

Connectivity Fault Management

See CFM

console configuration mode 2-5

console port

disconnecting user sessions 8-7

monitoring user sessions 8-6

contact information

assigning for call home 54-4

control plane policing

See CoPP

control protocol, IP SLAs 48-4

CoPP

applying QoS service policy to control plane 40-3

configuring

ACLs to match traffic 40-3

enabling MLS QoS 40-3

packet classification criteria 40-3

service-policy map 40-3

control plane configuration mode

entering 40-3

displaying

dynamic information 40-7

number of conforming bytes and packets 40-7

rate information 40-7

entering control plane configuration mode 40-3

monitoring statistics 40-7

overview 40-2

copy running-config startup-config command 3-10

copy system:running-config nvram:startup-config command 3-31

CoS

definition 34-3

figure 34-2

overriding on Cisco IP Phones 35-5

priority 35-5

counters

clearing MFIB 30-26

clearing on interfaces 7-26

CPU, impact of ACL processing 43-11

CPU port sniffing 50-10

crashinfo

kernel file 3-34

process core dump file 3-34

process file 3-33

crashinfo, configuring

commands 3-35

default 3-35

determining the process that crashed 3-39

enabling generation of process core dump 3-38

saving files to a secondary device 3-39

show commands 3-36

Critical Authentication

configure with 802.1X 37-51

crosscheck, CFM 46-5, 46-10

CST

description 17-25

IST and 17-22

MST and 17-22

customer edge devices 32-2

D

database agent

configuration examples 41-15

enabling the DHCP Snooping 41-12

daylight saving time 4-13

default configuration

802.1X 37-24

banners 4-18

DNS 4-16

IGMP filtering 21-20

IGMP snooping 22-5, 22-6

IP SLAs 48-7

IPv6 44-7

LLDP 24-3

MAC address table 4-23

multi-VRF CE 32-3

NTP 4-4

private VLANs 36-12

resetting the interface 7-29

RMON 53-3

SNMP 52-5

SPAN and RSPAN 50-6

system message logging 51-3

TACACS+ 3-18

Y.1731 46-28

default gateway

configuring 3-11

verifying configuration 3-11

default settings, erase commad 3-32

default web-based authentication configuration

802.1X 38-6

denial-of-service attacks

IP address spoofing, mitigating 29-5

Unicast RPF, deploying 29-5

denying access to a server on another VLAN 43-24

deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports 7-7

deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports on WS-X4606-10GE-E and Sup 6-E 7-7

description command 7-15

detecting unidirectional links 25-1

dev command 56-3

device discovery protocol 24-1

device IDs

call home format 54-22, 54-23

DHCP

configuring

rate limit for incoming packets 41-13

denial-of-service attacks, preventing 41-13

rate limiting of packets

configuring 41-13

DHCP-based autoconfiguration

client request message exchange 3-3

configuring

client side 3-3

DNS 3-5

relay device 3-5

server-side 3-4

TFTP server 3-4

example 3-7

lease options

for IP address information 3-4

for receiving the configuration file 3-4

overview 3-2

relationship to BOOTP 3-3

DHCP option 82

overview 41-3

DHCP Snooping

enabling, and Option 82 41-10

DHCP snooping

accepting untrusted packets form edge switch 41-10

configuring 41-6

default configuration 41-7

displaying binding tables 41-18

displaying configuration 41-19

displaying information 41-18

enabling 41-7

enabling on private VLAN 41-11

enabling on the aggregation switch 41-9

enabling the database agent 41-12

message exchange process 41-4

monitoring 41-23

option 82 data insertion 41-3

overview 41-1

Snooping database agent 41-2

DHCP Snooping Database Agent

adding to the database (example) 41-18

enabling (example) 41-15

overview 41-2

reading from a TFTP file (example) 41-16

Diagnostics

online 55-1

troubleshooting 55-7

Power-On-Self-Test

causes of failure 55-18

how it works 55-9

overview 55-9

Power-On-Self-Test for Supervisor Engine V-10GE 55-12

Differentiated Services Code Point values

See DSCP values

DiffServ architecture, QoS 34-2

Digital optical monitoring transceiver support 7-11

Digital Signing 56-6

dir device command 56-3

disabled state

RSTP comparisons (table) 17-24

disabling

broadcast storm control 49-5

disabling multicast storm control 49-6

disconnect command 8-7

discovery, clusters

See automatic discovery

display dection and removal events 10-7

displaying

Auth Manager sumary for an interface 37-69

MAB details 37-71

summary of all Auth manager sessions 37-69

summary of all Auth manager sessions on the switch authorized for a specified authentication method 37-69

displaying EtherChannel to a Virtual Switch System 19-16

displaying storm control 49-6

display PoE consumed by a module 10-8

display PoE detection and removal events 10-7

DNS

and DHCP-based autoconfiguration 3-5

default configuration 4-16

displaying the configuration 4-17

overview 4-15

setting up 4-16

domain names

DNS 4-15

Domain Name System

See DNS

double-tagged packets

802.1Q tunneling 23-2

downloading MIBs 57-2, 57-3, 57-4

DSCP values

definition 34-4

IP precedence 34-2

DTP

VLAN trunks and 15-3

duplex command 7-14

duplex mode

configuring interface 7-12

dynamic ARP inspection

ARP cache poisoning 42-2

configuring

ACLs for non-DHCP environments 42-11

in DHCP environments 42-5

log buffer 42-14

rate limit for incoming ARP packets 42-16

denial-of-service attacks, preventing 42-16

interface trust state, security coverage 42-3

log buffer

configuring 42-14

logging of dropped packets 42-4

overview 42-1

port channels, their behavior 42-5

priority of static bindings 42-4

purpose of 42-2

rate limiting of ARP packets 42-4

configuring 42-16

validation checks, performing 42-19

Dynamic Host Configuration Protocol snooping

See DHCP snooping

dynamic port VLAN membership

example 13-29

limit on hosts 13-29

reconfirming 13-26

troubleshooting 13-29

Dynamic Trunking Protocol

See DTP

E

EAP frames

changing retransmission time 37-65

exchanging (figure) 37-4, 37-6, 37-12

request/identity 37-3

response/identity 37-3

setting retransmission number 37-66

EAPOL frames

802.1X authentication and 37-3

OTP authentication, example (figure) 37-4, 37-12

start 37-4

edge ports

description 17-27

EGP

overview 1-11

EIGRP

configuration examples 27-18

monitoring and maintaining 27-18

EIGRP (Enhanced IGRP)

stub routing

benefits 27-16

configuration tasks 27-17

configuring 27-13

overview 27-13

restrictions 27-17

verifying 27-17

EIGRP (enhanced IGRP)

overview 1-11

eigrp stub command 27-17

EIGRP stub routing, configuring 27-12

ELIN location 24-3

e-mail addresses

assigning for call home 54-4

e-mail notifications

Call Home 1-16, 54-1

Embedded CiscoView

displaying information 4-35

installing and configuring 4-33

overview 4-33

emergency alarms on Sup Engine 6-E systems 11-3

enable command 3-9, 3-28

enable mode 2-5

enabling SNMP 57-4, 57-5

encapsulation types 15-3

Enhanced Interior Gateway Routing Protocol

See EIGRP

Enhanced PoE support on E-series 10-15

Enhanced PoE support on E-series,configuring Universal PoE 10-16

environmental monitoring

using CLI commands 11-1

EPM logging 37-72

errdisable recovery

configuring 10-14

EtherChannel

channel-group group command 19-8, 19-10

configuration guidelines 19-5

configuring19-6to 19-15

configuring Layer 2 19-10

configuring Layer 3 19-6

displaying to a virtual switch system 19-16

interface port-channel command 19-7

lacp system-priority

command example 19-13

modes 19-3

overview 19-1

PAgP

Understanding 19-3

physical interface configuration 19-7

port-channel interfaces 19-2

port-channel load-balance command 19-14

removing 19-15

removing interfaces 19-15

EtherChannel guard

disabling 18-7

enabling 18-6

overview 18-6

Ethernet Remote Defect Indication (ETH-RDI) 46-27

explicit host tracking

enabling 21-11

extended range VLANs

See VLANs

Extensible Authentication Protocol over LAN 37-2

Exterior Gateway Protocol

See EGP

F

Fallback Authentication

configure with 802.1X 37-58

FastDrop

overview 30-10

FIB

description 28-2

See also MFIB

Filter-ID ACL and Per-User ACL, configureport-based authentication

configure Per-User ACL and Filter-ID ACL 37-39

filtering

in a VLAN 43-18

non-IP traffic 43-13, 43-14

flags 30-11

Flash memory

configuring router to boot from 3-31

loading system images from 3-30

security precautions 3-31

Flexible NetFlow

defined 1-2, 33-1

items to consider 33-1

flooded traffic, blocking 45-2

flowchart, traffic marking procedure 34-20

flow control, configuring 7-15

FNF and supported fields, available options 33-4

For 10-13

forward-delay time (STP)

configuring 17-18

forwarding information base

See FIB

G

gateway

See default gateway

get-bulk-request operation 52-3

get-next-request operation 52-3, 52-4

get-request operation 52-3, 52-4

get-response operation 52-3

Gigabit Ethernet SFP ports

deploy with 10-Gigabit Ethernet 7-7

global configuration mode 2-5

Guest-VLANs

configure with 802.1X 37-47, 37-56

H

hardware and software ACL support 43-5

hardware switching 28-5

hello time (STP)

configuring 17-17

high CPU due to ACLs, troubleshooting 43-6

history

CLI 2-4

history table, level and number of syslog messages 51-9

hop counts

configuring MST bridges 17-28

host

limit on dynamic port 13-29

host ports

kinds of 36-4

host presence CDP message 37-8

Hot Standby Routing Protocol

See HSRP

HSRP

description 1-9

http

//www.cisco.com/en/US/docs/ios/12_4/ip_sla/configuration/guide/hsla_c.html 48-1, 48-4

//www.cisco.com/en/US/docs/ios/fundamentals/command reference/cf_book.html 51-1, 52-1, 53-1

hw-module module num power command 11-18

I

ICMP

enabling 8-12

ping 8-8

running IP traceroute 8-9

time exceeded messages 8-9

ICMP Echo operation

configuring 48-12

IP SLAs 48-11

i command 56-3

IDS

using with SPAN and RSPAN 50-3

IEEE 802.1ag 46-1

IEEE 802.1s

See MST

IEEE 802.1w

See MST

IEEE 802.3ad

See LACP

IGMP

configurable-leave timer 21-4

description 30-3

enabling 30-13

explicit host tracking 21-4

immediate-leave processing 21-3

leave processing, enabling 22-8

overview 21-1

report suppression

disabling 22-10

IGMP filtering

configuring 21-21

default configuration 21-20

described 21-20

monitoring 21-24

IGMP groups

setting the maximum number 21-23

IGMP Immediate Leave

configuration guidelines 21-9

IGMP profile

applying 21-22

configuration mode 21-21

configuring 21-21

IGMP Snooping

configure

leave timer 21-9

configuring

Learning Methods 21-7

static connection to a multicast router 21-8

configuring host statically 21-11

enabling

Immediate-Leave processing

explicit host tracking 21-11

suppressing multicast flooding 21-12

IGMP snooping

configuration guidelines 21-5

default configuration 22-5, 22-6

enabling

globally 21-6

on a VLAN 21-6

enabling and disabling 22-6

IP multicast and 30-4

monitoring 21-14, 22-11

overview 21-1

IGMP Snooping, displaying

group 21-16

hot membership 21-15

how to 21-15

MAC address entries 21-18

multicast router interfaces 21-17

on a VLAN interface 21-18

Querier information 21-19

IGMPSnooping Querier, configuring 21-10

Immediate Leave, IGMP

enabling 22-8

immediate-leave processing

enabling 21-8

IGMP

See fast-leave processing

ingress packets, SPAN enhancement 50-12

inline power

configuring on Cisco IP phones 35-5

Intelligent Power Management 10-4

interacting with Baby Giants 7-21

interface

displaying operational status 10-6

interface command 3-9, 7-2

interface link and trunk status events

configuring 7-27

interface port-channel command 19-7

interface range command 7-5

interface range macro command 7-6

interfaces

adding descriptive name 7-15

clearing counters 7-26

configuring 7-2

configuring ranges 7-4

displaying information about 7-25

Layer 2 modes 15-4

maintaining 7-25

monitoring 7-25

naming 7-15

numbers 7-2

overview 7-2

restarting 7-26, 7-27

See also Layer 2 interfaces

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

Internet Protocol version 6

See IPv6

Inter-Switch Link encapsulation

See ISL encapsulation

Intrusion Detection System

See IDS

inventory management TLV 24-2, 24-7

IP

configuring default gateway 3-11

configuring static routes 3-11

displaying statistics 28-8

IP addresses

128-bit 44-2

cluster candidate or member 12-12

cluster command switch 12-11

discovering 4-32

IPv6 44-2

ip cef command 28-6, 55-2

IP Enhanced IGRP

interfaces, displaying 27-18

ip icmp rate-limit unreachable command 8-13

ip igmp profile command 21-21

ip igmp snooping tcn flood command 21-13

ip igmp snooping tcn flood query count command 21-14

ip igmp snooping tcn query solicit command 21-14

IP information

assigned

through DHCP-based autoconfiguration 3-2

ip load-sharing per-destination command 28-7

ip local policy route-map command 31-8

ip mask-reply command 8-14

IP MTU sizes, configuring 27-8

IP MTU sizes,configuring 27-8

IP multicast

clearing table entries 30-26

configuring 30-12

default configuration 30-12

displaying PIM information 30-21

displaying the routing table information 30-22

enabling dense-mode PIM 30-14

enabling sparse-mode 30-14

features not supported 30-12

hardware forwarding 30-8

IGMP snooping and 21-5, 30-4

overview 30-1

routing protocols 30-2

software forwarding 30-8

See also Auto-RP; IGMP; PIM; RP; RPF

IP multicast routing

enabling 30-13

monitoring and maintaining 30-21

ip multicast-routing command 30-13

IP phones

configuring voice ports 35-3

See Cisco IP Phones 35-1

ip pim command 30-14

ip pim dense-mode command 30-14

ip pim sparse-dense-mode command 30-15

ip policy route-map command 31-7

ip redirects command 8-13

IP routing tables

deleting entries 30-26

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 48-1

IP SLAs

benefits 48-3

CFM endpoint discovery 46-20

Control Protocol 48-4

default configuration 48-7

definition 48-1

ICMP echo operation 48-11

manually configuring CFM ping or jitter 46-18

measuring network performance 48-3

monitoring 48-13

multioperations scheduling 48-6

operation 48-4

responder

described 48-4

enabling 48-8

response time 48-5

scheduling 48-6

SNMP support 48-3

supported metrics 48-3

threshold monitoring 48-6

UDP jitter operation 48-9

IP Source Guard

configuring 41-20

configuring on private VLANs 41-21

displaying 41-22, 41-23

overview 41-19

IP statistics

displaying 28-8

IP traceroute

executing 8-9

overview 8-9

IP unicast

displaying statistics 28-8

IP Unnumbered support

configuring on a range of Ethernet VLANs 14-6

configuring on LAN and VLAN interfaces 14-5

configuring with connected host polling 14-7

DHCP Option 82 14-3

displaying settings 14-8

format of agent remote ID suboptions 14-3

troubleshooting 14-9

with conected host polling 14-4

with DHCP server and Relay agent 14-2

ip unreachables command 8-12

IPv6

addresses 44-2

default configuration 44-7

defined 1-13, 44-1

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 44-6

Router ID 44-6

OSPF 44-5

IPX

redistribution of route information with EIGRP 1-11

ISL

encapsulation 15-3

trunking with 802.1Q tunneling 23-4

isolated port 36-4

isolated VLANs 36-2, 36-3, 36-4

ISSU

compatibility matrix 6-13

compatiblity verification using Cisco Feature Navigator 6-14

NSF overview 6-3

perform the process

aborting a software upgrade 6-31

configuring the rollback timer as a safeguard 6-32

displaying a compatibility matrix 6-34

loading the new software on the new standby 6-24

stopping the rollback timer 6-23

switching to the standby 6-21

verify the ISSU state 6-17

verify the redundancy mode 6-16

verify the software installation 6-15

vload the new software on standby 6-18

prerequisites 6-2

process overview 6-6

restrictions 6-2

SNMP support 6-14

SSO overview 6-3

IST

and MST regions 17-22

description 17-22

master 17-27

ITU-T Y.1731

See Y.1731

J

jumbo frames

and ethernet ports 7-19

configuring MTU sizes for 7-20

ports and linecards that support 7-18

understanding MTUs 7-19

understanding support 7-18

VLAN interfaces 7-20

K

keyboard shortcuts 2-3

L

labels, definition 34-3

LACP

system ID 19-4

Layer 2 access ports 15-8

Layer 2 frames

classification with CoS 34-2

Layer 2 interface, configuring access-mode mode on 43-31

Layer 2 interfaces

assigning VLANs 13-7

configuring 15-5

configuring as PVLAN host ports 36-18

configuring as PVLAN promiscuous ports 36-17

configuring as PVLAN trunk ports 36-19

defaults 15-5

disabling configuration 15-9

modes 15-4

show interfaces command 15-7

Layer 2 interface type

resetting 36-23

setting 36-23

Layer 2 switching

overview 15-1

Layer 2 Traceroute

and ARP 8-11

and CDP 8-10

host-to-host paths 8-10

IP addresses and subnets 8-11

MAC addresses and VLANs 8-10

multicast traffic 8-10

multiple devices on a port 8-11

unicast traffic 1-25, 8-10

usage guidelines 8-10

Layer 2 trunks

configuring 15-6

overview 15-3

Layer 3 interface, applying IPv6 ACLs 43-16, 43-17

Layer 3 interface counters,configuring 27-10

Layer 3 interface counters,understanding 27-3

Layer 3 interfaces

changing from Layer 2 mode 32-7

configuration guidelines 27-5

overview 27-1

logical 27-2

physical 27-2

VLANs as interfaces 27-7

Layer 3 packets

classification methods 34-2

Layer 4 port operations

configuration guidelines 43-10

restrictions 43-9

Leave timer, enabling 21-9

link and trunk status events

configuring interface 7-27

Link Layer Discovery Protocol

See CDP

listening state (STP)

RSTP comparisons (table) 17-24

LLDP

configuring 24-3

characteristics 24-4

default configuration 24-3

disabling and enabling

globally 24-5

on an interface 24-6

monitoring and maintaining 24-10

overview 24-1

transmission timer and holdtime, setting 24-4

LLDP-MED

configuring

procedures 24-3

TLVs 24-7, 24-8

monitoring and maintaining 24-10

overview 24-1

supported TLVs 24-2

load balancing

configuring for CEF 28-7

configuring for EtherChannel 19-14

overview 19-5, 28-6

per-destination 28-7

location service

configuring 24-9

location TLV 24-3, 24-7

logging, EPM 37-72

Logical Layer 3 interfaces

configuring 27-6

login authentication

with TACACS+ 3-19

login banners 4-17

login timer

changing 8-6

logoutwarning command 8-6

loop guard

and MST 17-23

configuring 18-5

overview 18-3

M

MAC/PHY configuration status TLV 24-2

MAC addresses

aging time 4-23

allocating 17-5

and VLAN association 4-22

building tables 4-21, 15-2

convert dynamic to sticky secure 39-5

default configuration 4-23

discovering 4-32

displaying 4-32, 8-3

displaying in DHCP snooping binding table 41-19

dynamic

learning 4-21

removing 4-24

in ACLs 43-13

static

adding 4-30

allowing 4-31

characteristics of 4-29

dropping 4-31

removing 4-30

sticky 39-4

sticky secure, adding 39-5

MAC Authentication Bypass

configure with 802.1X 37-49

MAC details, displaying 37-71

MAC extended access lists 43-13

macros

See Smartports macros

main-cpu command 5-8

management address TLV 24-2

management options

SNMP 52-1

marking

hardware capabilities 34-22

marking action drivers 34-20

marking network traffic 34-17

marking support, multi-attribute 34-21

match ip address command 31-6

maximum aging time (STP)

configuring 17-18

MDA

configuration guidelines37-21to 37-22

described 37-21

members

automatic discovery 12-7

member switch

managing 12-12

member switch, cluster

defined 12-11

requirements 12-12

messages, to users through banners 4-17

metro tags 23-2

MFIB

CEF 30-5

overview 30-11

MFIB, IP

displaying 30-24

MIBs

compiling 57-4

downloading 57-2, 57-3, 57-4

overview 52-1

SNMP interaction with 52-4

MLD Done messages and Immediate-leave 22-4

MLD messages 22-2

MLD queries 22-3

MLD reports 22-4

MLD Snooping

MLD Done messages and Immediate-leave 22-4

MLD messages 22-2

MLD queries 22-3

MLD reports 22-4

Multicast client aging robustness 22-3

Multicast router discovery 22-3

overview 22-1

Mode of capturing control packets, selecting 43-7

modules

checking status 8-2

monitoring

802.1Q tunneling 23-7

ACL information 43-35

Ethernet CFM 46-31, 46-32

IGMP

snooping 22-11

IGMP filters 21-24

IGMP snooping 21-14

IP SLAs operations 48-13

Layer 2 protocol tunneling 23-7

multicast router interfaces 22-11

multi-VRF CE 32-16

traffic flowing among switches 53-1

tunneling 23-7

VLAN filters 43-25

VLAN maps 43-25

M-record 17-22

MST

and multiple spanning trees 1-5, 17-22

boundary ports 17-27

BPDUs 17-22

configuration parameters 17-26

configuring 17-29

displaying configurations 17-33

edge ports 17-27

enabling 17-29

hop count 17-28

instances

configuring parameters 17-32

description 17-22

number supported 17-26

interoperability with PVST+ 17-23

link type 17-28

master 17-27

message age 17-28

regions 17-26

restrictions 17-29

to-SST interoperability 17-24

MSTP

EtherChannel guard

enabling 18-6

M-record 17-22

M-tree 17-22

M-tree 17-22

MTUS

understanding 7-19

MTU size

configuring 7-20, 7-21, 7-28

default 13-5

multiauthentication mode 37-8

multicast

See IP multicast

Multicast client aging robustness 22-3

multicast Ethernet loopback (ETH-LB) 46-28

multicast Ethernet loopback, using 46-30

multicast groups

static joins 22-7

multicast packets

blocking 45-2

Multicast router discovery 22-3

multicast router interfaces, displaying 21-17

multicast router interfaces, monitoring 22-11

multicast router ports, adding 22-7

multicast routers

flood suppression 21-12

multicast router table

displaying 30-22

Multicast Storm Control

enabling 49-4

disabling 49-6

multidomain authentication

See MDA

multidomain authentication mode 37-7

multioperations scheduling, IP SLAs 48-6

Multiple Authentication

described 37-21

Multiple AuthorizationAuthentication

configuring 37-30

Multiple Domain Authentication 37-30

multiple forwarding paths 1-5, 17-22

multiple-hosts mode 37-7

Multiple Spanning Tree

See MST

multiple VPN routing/forwarding

See multi-VRF CE

multi-VRF CE

components 32-3

configuration example 32-12

default configuration 32-3

defined 32-1

displaying 32-16

monitoring 32-16

network components 32-3

packet-forwarding process 32-3

N

named IPv6 ACLs, configuring

ACLs

configuring named IPv6 ACLs 43-15

named MAC extended ACLs

ACLs

configuring named MAC extended 43-13, 43-14

native VLAN

and 802.1Q tunneling 23-4

specifying 15-6

Network Assistant

and VTY 12-11

configure

enable communication with switch 12-13, 12-17

default configuration 12-2

overview of CLI commands 12-2

network fault tolerance 1-5, 17-22

network management

configuring 20-1

RMON 53-1

SNMP 52-1

network performance, measuring with IP SLAs 48-3

network policy TLV 24-2, 24-7

Network Time Protocol

See NTP

network traffic, marking 34-17

New Software Features in Release 7.7

TDR 8-3

Next Hop Resolution Protocol

See NHRP

NHRP

support 1-12

non-IP traffic filtering 43-13, 43-14

non-RPF traffic

description 30-9

in redundant configurations (figure) 30-10

Nonstop Forwarding

See NSF

nonvolatile random-access memory

See NVRAM

normal-range VLANs

See VLANs

NSF

defined 9-1

guidelines and restrictions 9-7

operation 9-4

NSF-aware

support 9-2

NSF-capable

supervisor engines 9-2

support 9-2

NSF with SSO supervisor engine redundancy

and CEF 9-4

overview 9-3

SSO operation 9-3

NTP

associations

authenticating 4-4

defined 4-2

enabling broadcast messages 4-7

peer 4-6

server 4-6

default configuration 4-4

displaying the configuration 4-11

overview 4-2

restricting access

creating an access group 4-9

disabling NTP services per interface 4-10

source IP address, configuring 4-10

stratum 4-2

synchronizing devices 4-6

time

services 4-2

synchronizing 4-2

NVRAM

saving settings 3-10

O

OIR

overview 7-25

Online Diagnostics 55-1

online insertion and removal

See OIR

Open Shortest Path First

See OSPF

operating system images

See system images

Option 82

enabling DHCP Snooping 41-10

OSPF

area concept 1-13

description 1-12

for IPv6 44-5

P

Packet Length Map, packet length configured 33-3

packets

modifying 34-10

packet type filtering

overview 50-14

SPAN enhancement 50-14

PACL, using with access-group mode 43-30

PACL with VLAN maps and router ACLs 43-32

PAgP

understanding 19-3

passwords

configuring enable password 3-14

configuring enable secret password 3-14

encrypting 3-22

in clusters 12-8

recovering lost enable password 3-25

setting line password 3-14

PBR (policy-based routing)

configuration (example) 31-8

enabling 31-6

features 31-2

overview 31-1

route-map processing logic 31-3

route-map processing logic example 31-4

route maps 31-2

when to use 31-5

per-port and VLAN Access Control List 41-19

per-port per-VLAN QoS

enabling 34-35

overview 34-10

Per-User ACL and Filter-ID ACL, configure 37-39

Per-VLAN Rapid Spanning Tree 17-6

enabling 17-20

overview 17-6

PE to CE routing, configuring 32-11

Physical Layer 3 interfaces, configuring 27-11

PIM

configuring dense mode 30-14

configuring sparse mode 30-14

displaying information 30-21

displaying statistics 30-25

enabling sparse-dense mode 30-14, 30-15

overview 30-3

PIM-DM 30-3

PIM on an interface, enabling 30-13

PIM-SM 30-4

PIM-SSM mapping, enabling 30-16

ping

executing 8-8

overview 8-8

ping command 8-8, 30-21

PoE 10-7, 10-8

configuring power consumption, powered devices 10-5

configuring power consumption for single device 10-5, 10-16

displaying operational status for an interface 10-6

Enhanced PoE support on E-series 10-15

policing and monitoring 10-12

power consumption for powered devices

Intelligent Power Management 10-4

power management modes 10-3

PoE policing

configuring errdisable recovery 10-14

configuring on an interface 10-12

displaying on an interface 10-14

power modes 10-12

point-to-point

in 802.1X authentication (figure) 37-2

policing

how to implement 34-17

See QoS policing

policing, PoE 10-12

policy associations, QoS on Sup 6-E 34-38

policy-map command 34-15

policy map marking action, configuring 34-22

port ACLs

and voice VLAN 43-4

defined 43-3

limitations 43-5

Port Aggregation Protocol

see PAgP

port-based authentication

802.1X with voice VLAN 37-20

authentication server

defined 38-2

changing the quiet period 37-64

client, defined 37-3, 38-2

configuration guidelines 37-25, 38-6

configure ACL assignments and redirect URLs 37-33

configure switch-to-RADIUS server communication 37-28

configure with Authentication Failed VLAN assignment 37-54

configure with Critical Authentication 37-51

configure with Guest-VLANs 37-47, 37-56

configure with MAC Authentication Bypass 37-49

configure with Wake-on-LAN 37-53

configuring

Multiple Domain Authentication and Multiple Authorization 37-30

RADIUS server 38-10

RADIUS server parameters on the switch 38-9

configuring Fallback Authentication 37-58

configuring Guest-VLAN 37-28

configuring manual re-authentication of a client 37-67

controlling authorization state 37-5

default configuration 37-24, 38-6

described 37-1

device roles 37-2, 38-2

displaying statistics 37-68, 38-13

enabling 37-25

802.1X authentication 38-9

enabling multiple hosts 37-63

enabling periodic re-authentication 37-62

encapsulation 37-3

host mode 37-6

how 802.1X fails on a port 37-22

initiation and message exchange 37-3

method lists 37-25

modes 37-6

multidomain authentication 37-21

multiple-hosts mode, described 37-7

port security

multiple-hosts mode 37-7

ports not supported 37-4

pre-authentication open access 37-8

resetting to default values 37-68

setting retransmission number 37-66

setting retransmission time 37-65

switch

as proxy 38-2

topologies, supported 37-22

using with ACL assignments and redirect URLs 37-18

using with port security 37-17

with Critical Authentication 37-13

with Guest VLANs 37-10

with MAC Authentication Bypass 37-11

with VLAN assignment 37-9

port-channel interfaces

See also EtherChannel

creating 19-7

overview 19-2

port-channel load-balance

command 19-13

command example 19-13

port-channel load-balance command 19-14

port cost (STP)

configuring 17-15

port description TLV 24-2

PortFast

and MST 17-23

BPDU filter, configuring 18-10

configuring or enabling 18-16

overview 18-7

PortFast BPDU filtering

and MST 17-23

enabling 18-10

overview 18-9

port numbering with TwinGig Convertors 7-7

port priority

configuring MST instances 17-32

configuring STP 17-13

ports

blocking 45-1

checking status 8-2

dynamic VLAN membership

example 13-29

reconfirming 13-26

forwarding, resuming 45-3

See also interfaces

port security

aging 39-5

configuring 39-7

displaying 39-28

guidelines and restrictions 39-33

on access ports 39-7, 39-22

on private VLAN 39-14

host 39-14

promiscuous 39-16

topology 39-15, 39-18, 39-32

on trunk port 39-17

guidelines and restrictions 39-15, 39-18, 39-21, 39-32

port mode changes 39-22

on voice ports 39-22

sticky learning 39-5

using with 802.1X 37-17

violations 39-6

with 802.1X Authentication 39-32

with DHCP and IP Source Guard 39-31

with other features 39-33

port states

description 17-5

port VLAN ID TLV 24-2

power

inline 35-5

power dc input command 11-17

powered devices, configuring power consumption 10-5

power handling for Supervisor Engine II-TS 10-11

power inline command 10-3

power inline consumption command 10-5

power management

Catalyst 4500 series 11-5

Catalyst 4500 Switch power supplies 11-12

configuring combined mode 11-11

configuring redundant mode 11-10

overview 11-1

redundancy 11-5

power management for Catalyst 4500 Switch

combined mode 11-7

redundant mode 11-7

power management limitations in Catalyst 4500 Switch 11-8

power management mode

selecting 11-7

power management TLV 24-2, 24-7

power negotiation

through LLDP 24-8

Power-On-Self-Test diagnostics 55-9, 55-18

Power-On-Self-Test for Supervisor Engine V-10GE 55-12

power policing, displaying on an interface 10-14

power redundancy-mode command 11-10

power supplies

available power for Catalyst 4500 Switch 11-12

fixed 11-6

variable 11-6

pre-authentication open access 37-8

pre-authentication open access. See port-based authentication.

primary VLANs 36-2, 36-4

associating with secondary VLANs 36-16

configuring as a PVLAN 36-15

priority

overriding CoS of incoming frames 35-5

priority queuing, QoS on Sup 6-E 34-29

private VLAN

configure port security 39-14, 39-15

enabling DHCP Snooping 41-11

private VLANs

across multiple switches 36-5

and SVIs 36-10

benefits of 36-2

community ports 36-3

community VLANs 36-2, 36-3

default configuration 36-12

end station access to 36-3

isolated port 36-4

isolated VLANs 36-2, 36-3, 36-4

ports

community 36-3

isolated 36-4

promiscuous 36-4

primary VLANs 36-2, 36-4

promiscuous ports 36-4

secondary VLANs 36-2

subdomains 36-2

traffic in 36-9

privileged EXEC mode 2-5

privileges

changing default 3-23

configuring levels 3-23

exiting 3-24

logging in 3-24

promiscuous ports

configuring PVLAN 36-17

defined 36-4

setting mode 36-23

protocol timers 17-4

provider edge devices 32-2

pruning, VTP

See VTP pruning

pseudobridges

description 17-25

PVACL 41-19

PVID (port VLAN ID)

and 802.1X with voice VLAN ports 37-20

PVLAN promiscuous trunk port

configuring 36-11, 36-17, 36-21

PVLANs

802.1q support 36-14

across multiple switches 36-5

configuration guidelines 36-12

configure port security 39-14, 39-16, 39-18

configure port security in a wireless setting 39-32

configuring 36-11

configuring a VLAN 36-15

configuring promiscuous ports 36-17

host ports

configuring a Layer 2 interface 36-18

setting 36-23

overview 36-1

permitting routing, example 36-22

promiscuous mode

setting 36-23

setting

interface mode 36-23

Q

QoS

classification34-6to ??

definitions 34-3

enabling per-port per-VLAN 34-35

overview 34-1

overview of per-port per-VLAN 34-10

packet modification 34-10

traffic shaping 34-9

See also COS; DSCP values; transmit queues

QoS active queue management

tracking queue length 34-9

QoS labels

definition 34-3

QoS marking

description 34-5

QoS on Sup 6-E

Active Queue management via DBL 34-33

active queue management via DBL 34-26, 34-33

classification 34-14

configuring 34-12

configuring the policy map marking action 34-22

hardware capabilities for marking 34-22

how to implement policing 34-17

marking action drivers 34-20

marking network traffic 34-17

MQC-based QoS configuration 34-12

multi-attribute marking support 34-21

platform hardware capabilities 34-14

platform restrictions 34-17

platform-supported classification criteria and QoS features 34-12, 34-13

policing 34-16

policy associations 34-38

prerequisites for applying a service policy 34-14

priority queuing 34-29

queue-limiting 34-30

restrictions for applying a service policy 34-14

shaping 34-24

sharing(bandwidth) 34-26

sharing(blandwidth), shapring, and priority queuing 34-24

software QoS 34-39

traffic marking procedure flowchart 34-20

QoS policing

definition 34-5

described 34-8

QoS policy

attaching to interfaces 34-9

QoS service policy

prerequisites 34-14

restrictions for applying 34-14

QoS transmit queues

burst 34-9

maximum rate 34-9

sharing link bandwidth 34-9

Quality of service

See QoS

queueing 34-9

queue-limiting, QoS on Sup 6-E 34-30

R

RADIUS server

configure to-Switch communication 37-28

configuring settings 37-30

parameters on the switch 37-28

range command 7-5

range macros

defining 7-6

ranges of interfaces

configuring 7-4

Rapid Spanning Tree

See RSTP

rcommand command 12-12

re-authentication of a client

configuring manual 37-67

enabling periodic 37-62

redirect URLs, port-based authentication 37-18

reduced MAC address 17-2

redundancy

configuring 5-7

guidelines and restrictions 5-6

changes made through SNMP 5-11

NSF-aware support 9-2

NSF-capable support 9-2

overview 5-2

redundancy command 5-8

understanding synchronization 5-5

redundancy (NSF) 9-1

configuring

BGP 9-9

CEF 9-9

EIGRP 9-12

OSPF 9-11

routing protocols 9-5

redundancy (RPR)

route processor redundancy 5-3

synchronization 5-5

redundancy (SSO)

redundancy command 9-8

route processor redundancy 5-3

synchronization 5-6

reload command 3-28, 3-29, 3-40

Remote Network Monitoring

See RMON

rendezvous point, configuring 30-16

rendezvous point, configuring single static 30-19

replication

description 30-8

report suppression, IGMP

disabling 22-10

reserved-range VLANs

See VLANs

reset command 56-3

resetting an interface to default configuration 7-29

resetting a switch to defaults 3-32

responder, IP SLAs

described 48-4

enabling 48-8

response time, measuring with IP SLAs 48-5

restricting access

NTP services 4-8

TACACS+ 3-15

retransmission number

setting in 802.1X authentication 37-66

retransmission time

changing in 802.1X authentication 37-65

RFC

1157, SNMPv1 52-2

1305, NTP 4-2

1757, RMON 53-2

1901, SNMPv2C 52-2

1902 to 1907, SNMPv2 52-2

2273-2275, SNMPv3 52-2

RIP

description 1-13

for IPv6 44-5

RMON

default configuration 53-3

displaying status 53-6

enabling alarms and events 53-3

groups supported 53-2

overview 53-1

ROM monitor

boot process and 3-26

CLI 2-7

commands56-2to ??

exiting 56-5

root bridge

configuring 17-9

selecting in MST 17-22

root guard

and MST 17-23

enabling 18-2

overview 18-2

routed packets

ACLs 43-27

route-map (IP) command 31-6

route maps

defining 31-6

PBR 31-2

router ACLs

description 43-3

using with VLAN maps 43-25

router ACLs, using PACL with VLAN maps 43-32

route targets

VPN 32-3

Routing Information Protocol

See RIP

RPF

<Emphasis>See Unicast RPF

RSPAN

configuration guidelines 50-16

destination ports 50-5

IDS 50-3

monitored ports 50-4

monitoring ports 50-5

received traffic 50-3

sessions

creating 50-17

defined 50-3

limiting source traffic to specific VLANs 50-23

monitoring VLANs 50-22

removing source (monitored) ports 50-21

specifying monitored ports 50-17

source ports 50-4

transmitted traffic 50-4

VLAN-based 50-5

RSTP

compatibility 17-23

description 17-22

port roles 17-23

port states 17-24

S

SAID

See 802.10 SAID

scheduling 34-9

scheduling, IP SLAs operations 48-6

secondary root switch 17-12

secondary VLANs 36-2

associating with primary 36-16

permitting routing 36-22

security

configuring 40-1

Security Association Identifier

See 802.10 SAID

selecting a power management mode 11-7

selecting X2/TwinGig Convertor Mode 7-8

sequence numbers in log messages 51-7

server IDs

description 54-24

service policy, configure class-level queue-limit 34-30

service-policy input command 26-2

service-provider networks

and customer VLANs 23-2

set default interface command 31-7

set interface command 31-7

set ip default next-hop command 31-7

set ip next-hop command 31-6

set-request operation 52-4

severity levels, defining in system messages 51-8

shaping, QoS on Sup 6-E 34-24

sharing(bandwidth), QoS on Sup 6-E 34-26

show adjacency command 28-9

show boot command 3-31

show catalyst4000 chassis-mac-address command 17-3

show cdp command 20-2, 20-3

show cdp entry command 20-3

show cdp interface command 20-3

show cdp neighbors command 20-4

show cdp traffic command 20-4

show ciscoview package command 4-35

show ciscoview version command 4-35

show cluster members command 12-12

show configuration command 7-15

show debugging command 20-4

show environment command 11-2

show history command 2-4

show interfaces command 7-20, 7-21, 7-26, 7-28

show interfaces status command 8-2

show ip cef command 28-8

show ip eigrp interfaces command 27-18

show ip eigrp neighbors command 27-18

show ip eigrp topology command 27-18

show ip eigrp traffic command 27-18

show ip interface command 30-21

show ip local policy command 31-8

show ip mroute command 30-21

show ip pim interface command 30-21

show lldp traffic command 24-10

show mac-address-table address command 8-3

show mac-address-table interface command 8-3

show mls entry command 28-8

show module command 8-2, 17-5

show PoE consumed 10-8

show power inline command 10-6

show power supplies command 11-10

show protocols command 7-26

show running-config command

adding description for an interface 7-15

checking your settings 3-9

displaying ACLs 43-19, 43-22, 43-29, 43-30, 43-31

show startup-config command 3-10

show users command 8-7

show version command 3-29

shutdown, command 7-27

shutting down

interfaces 7-26

Simple Network Management Protocol

See SNMP

single-host mode 37-7

single spanning tree

See SST

single static RP, configuring 30-19

slot numbers, description 7-2

smart call home 54-1

description 54-2

destination profile (note) 54-5

registration requirements 54-3

service contract requirements 54-3

Transport Gateway (TG) aggregation point 54-2

SMARTnet

smart call home registration 54-3

Smartports macros

applying global parameter values 16-8

applying macros 16-8

applying parameter values 16-8

configuration guidelines 16-6

configuring 16-2

creating 16-7

default configuration 16-3

defined 16-1

displaying 16-12

tracing 16-6

SNMP

accessing MIB variables with 52-4

agent

described 52-4

disabling 52-7

and IP SLAs 48-3

authentication level 52-10

community strings

configuring 52-7

overview 52-4

configuration examples 52-16

configuration guidelines 52-6

default configuration 52-5

enabling 57-4, 57-5

engine ID 52-6

groups 52-6, 52-9

host 52-6

informs

and trap keyword 52-11

described 52-5

differences from traps 52-5

enabling 52-15

limiting access by TFTP servers 52-15

limiting system log messages to NMS 51-9

manager functions 52-3

notifications 52-5

overview 52-1, 52-4

status, displaying 52-17

system contact and location 52-15

trap manager, configuring 52-13

traps

described 52-3, 52-5

differences from informs 52-5

enabling 52-11

enabling MAC address notification 4-24

enabling MAC move notification 4-26

enabling MAC threshold notification 4-28

overview 52-1, 52-4

types of 52-11

users 52-6, 52-9

versions supported 52-2

SNMP commands 57-4

SNMPv1 52-2

SNMPv2C 52-2

SNMPv3 52-2

software

upgrading 5-13

software configuration register 3-26

software QoS, on Sup 6-E 34-39

software switching

description 28-5

interfaces 28-6

key data structures used 30-7

source IDs

call home event format 54-23

SPAN

and ACLs 50-5

configuration guidelines 50-7

configuring50-7to 50-10

destination ports 50-5

IDS 50-3

monitored port, defined 50-4

monitoring port, defined 50-5

received traffic 50-3

sessions

defined 50-3

source ports 50-4

transmitted traffic 50-4

VLAN-based 50-5

SPAN and RSPAN

concepts and terminology 50-3

default configuration 50-6

displaying status 50-24

overview 50-2

session limits 50-6

SPAN enhancements

access list filtering 50-13

configuration example 50-15

CPU port sniffing 50-10

encapsulation configuration 50-12

ingress packets 50-12

packet type filtering 50-14

spanning-tree backbonefast command 18-16

spanning-tree cost command 17-15

spanning-tree guard root command 18-2

spanning-tree portfast bpdu-guard command 18-9

spanning-tree portfast command 18-7

spanning-tree port-priority command 17-13

spanning-tree uplinkfast command 18-13

spanning-tree vlan

command 17-9

command example 17-9

spanning-tree vlan command 17-8

spanning-tree vlan cost command 17-15

spanning-tree vlan forward-time command 17-19

spanning-tree vlan hello-time command 17-17

spanning-tree vlan max-age command 17-18

spanning-tree vlan port-priority command 17-13

spanning-tree vlan priority command 17-17

spanning-tree vlan root primary command 17-10

spanning-tree vlan root secondary command 17-12

speed

configuring interface 7-12

speed command 7-13

SSO

configuring 9-8

SSO operation 9-3

SST

description 17-22

interoperability 17-24

static addresses

See addresses

static routes

configuring 3-11

verifying 3-12

statistics

802.1X 38-13

displaying 802.1X 37-68

displaying PIM 30-25

LLDP 24-10

LLDP-MED 24-10

SNMP input and output 52-17

sticky learning

configuration file 39-5

defined 39-5

disabling 39-5

enabling 39-5

saving addresses 39-5

sticky MAC addresses

configuring 39-7

defined 39-4

Storm Control

displaying 49-6

enabling Broadcast 49-3

enabling Multicast 49-4

hardware-based, implementing 49-2

overview 49-1

software-based, implementing 49-2

STP

bridge ID 17-2

configuring17-7to 17-20

creating topology 17-4

defaults 17-6

disabling 17-19

enabling 17-7

enabling extended system ID 17-8

enabling Per-VLAN Rapid Spanning Tree 17-20

EtherChannel guard

disabling 18-7

forward-delay time 17-18

hello time 17-17

maximum aging time 17-18

overview 17-1, 17-3

per-VLAN rapid spanning tree 17-6

port cost 17-15

port priority 17-13

root bridge 17-9

stratum, NTP 4-2

stub routing (EIGRP)

benefits 27-16

configuration tasks 27-17

configuring 27-13

overview 27-12, 27-13

restrictions 27-17

verifying 27-17

subdomains, private VLAN 36-2

summer time 4-13

supervisor engine

accessing the redundant 5-14

configuring3-8to 3-13

copying files to standby 5-14

default configuration 3-1

default gateways 3-11

environmental monitoring 11-1

redundancy 9-1

ROM monitor 3-26

startup configuration 3-25

static routes 3-11

synchronizing configurations 5-11

Supervisor Engine II-TS

insufficient inline power handling 10-11

SVI Autostate Exclude

understanding 27-3

SVI Autostate exclude

configuring 27-7

switch 44-2

switched packets

and ACLs 43-26

Switched Port Analyzer

See SPAN

switchport

show interfaces 7-20, 7-21, 7-28

switchport access vlan command 15-6, 15-8

switchport block multicast command 45-2

switchport block unicast command 45-2

switchport mode access command 15-8

switchport mode dot1q-tunnel command 23-6

switchport mode dynamic command 15-6

switchport mode trunk command 15-6

switch ports

See access ports

switchport trunk allowed vlan command 15-6

switchport trunk encapsulation command 15-6

switchport trunk encapsulation dot1q command 15-3

switchport trunk encapsulation isl command 15-3

switchport trunk encapsulation negotiate command 15-3

switchport trunk native vlan command 15-6

switchport trunk pruning vlan command 15-7

switch-to-RADIUS server communication

configuring 37-28

system

reviewing configuration 3-10

settings at startup 3-27

system alarms

on Sup 2+ to V-10GE 11-4

overview 11-4

system and network statistics, displaying 30-21

system capabilities TLV 24-2

system clock

configuring

daylight saving time 4-13

manually 4-11

summer time 4-13

time zones 4-12

displaying the time and date 4-12

overview 4-2

See also NTP

system description TLV 24-2

system images

loading from Flash memory 3-30

modifying boot field 3-27

specifying 3-30

system message logging

default configuration 51-3

defining error message severity levels 51-8

disabling 51-4

displaying the configuration 51-12

enabling 51-4

facility keywords, described 51-12

level keywords, described 51-9

limiting messages 51-9

message format 51-2

overview 51-1

sequence numbers, enabling and disabling 51-7

setting the display destination device 51-5

synchronizing log messages 51-6

timestamps, enabling and disabling 51-7

UNIX syslog servers

configuring the daemon 51-10

configuring the logging facility 51-11

facilities supported 51-12

system MTU

802.1Q tunneling 23-5

maximums 23-5

system name

manual configuration 4-15

See also DNS

system name TLV 24-2

system prompt, default setting 4-14

T

TACACS+ 40-1

accounting, defined 3-16

authentication, defined 3-16

authorization, defined 3-16

configuring

accounting 3-21

authentication key 3-18

authorization 3-21

login authentication 3-19

default configuration 3-18

displaying the configuration 3-22

identifying the server 3-18

limiting the services to the user 3-21

operation of 3-17

overview 3-15

tracking services accessed by user 3-21

tagged packets

802.1Q 23-3

TCAM programming and ACLs 43-7

for Sup II-Plust thru V-10GE 43-6

TDR

checking cable connectivity 8-3

enabling and disabling test 8-3

guidelines 8-3

Telnet

accessing CLI 2-2

disconnecting user sessions 8-7

executing 8-6

monitoring user sessions 8-6

telnet command 8-6

Terminal Access Controller Access Control System Plus

See TACACS+

TFTP

configuration files in base directory 3-5

configuring for autoconfiguration 3-4

limiting access by servers 52-15

threshold monitoring, IP SLAs 48-6

time

See NTP and system clock

Time Domain Reflectometer

See TDR

time exceeded messages 8-9

timer

See login timer

timestamps in log messages 51-7

time zones 4-12

TLV

host presence detection 37-8

TLVs

defined 1-4, 24-2

LLDP-MED 24-2

Token Ring

media not supported (note) 13-5, 13-9

Topology change notification processing

MLD Snooping

Topology change notification processing 22-4

TOS

description 34-4

trace command 8-9

traceroute

See IP traceroute

See Layer 2 Traceroute

traceroute mac command 8-11

traceroute mac ip command 8-11

traffic

blocking flooded 45-2

traffic control

using ACLs (figure) 43-4

using VLAN maps (figure) 43-5

traffic marking procedure flowchart 34-20

traffic shaping 34-9

translational bridge numbers (defaults) 13-5

traps

configuring MAC address notification 4-24

configuring MAC move notification 4-26

configuring MAC threshold notification 4-28

configuring managers 52-11

defined 52-3

enabling 4-24, 4-26, 4-28, 52-11

notification types 52-11

overview 52-1, 52-4

troubleshooting

with CiscoWorks 52-4

with system message logging 51-1

with traceroute 8-9

troubleshooting high CPU due to ACLs 43-6

trunk ports

configure port security 39-17

configuring PVLAN36-19to 36-20

trunks

802.1Q restrictions 15-5

configuring 15-6

configuring access VLANs 15-6

configuring allowed VLANs 15-6

default interface configuration 15-6

different VTP domains 15-3

enabling to non-DTP device 15-4

encapsulation 15-3

specifying native VLAN 15-6

understanding 15-3

trustpoint 54-3

TTL Map, TTL configured 33-3

tunneling

defined 23-1

tunnel ports

802.1Q, configuring 23-6

described 23-2

incompatibilities with other features 23-5

TwinGig Convertors

port numbering 7-7

selecting X2/TwinGig Convertor mode 7-8

type length value

See TLV

type of service

See TOS

U

UDLD

default configuration 25-2

disabling 25-5

enabling 25-4

overview 25-1

UDP jitter, configuring 48-9

UDP jitter operation, IP SLAs 48-9

unauthorized ports with 802.1X 37-4

unicast

See IP unicast

unicast flood blocking

configuring 45-1

unicast MAC address filtering

and adding static addresses 4-31

and broadcast MAC addresses 4-30

and CPU packets 4-31

and multicast addresses 4-30

and router MAC addresses 4-30

configuration guidelines 4-30

described 4-30

unicast MAC address filtering, configuring

ACLs

configuring unicast MAC address filtering 43-13

Unicast RPF (Unicast Reverse Path Forwarding)

applying 29-5

BGP attributes

caution 29-5

CEF

requirement 29-2

tables 29-7

configuring 29-9

(examples)??to 29-12

BOOTP 29-8

DHCP 29-8

enterprise network (figure) 29-6

prerequisites 29-9

routing table requirements 29-7

tasks 29-9

verifying 29-10

deploying 29-5

description 1-15, 29-2

disabling 29-11

enterprise network (figure) 29-6

FIB 29-2

implementing 29-4

maintaining 29-11

monitoring 29-11

packets, dropping (figure) 29-4

prerequisites 29-9

restrictions

basic 29-8

routing asymmetry 29-7

routing asymmetry (figure) 29-8

routing table requirements 29-7

security policy

applying 29-5

attacks, mitigating 29-5

deploying 29-5

tunneling 29-5

source addresses, validating 29-3

(figure) 29-3, 29-4

failure 29-3

traffic filtering 29-5

tunneling 29-5

validation

failure 29-3, 29-4

packets, dropping 29-3

source addresses 29-3

verifying 29-10

unicast traffic

blocking 45-2

unidirectional ethernet

enabling 26-2

example of setting 26-2

overview 26-1

UniDirectional Link Detection Protocol

See UDLD

Universal PoE, configuring 10-16

UNIX syslog servers

daemon configuration 51-10

facilities supported 51-12

message logging configuration 51-11

UplinkFast

and MST 17-23

enabling 18-16

MST and 17-23

overview 18-11

user EXEC mode 2-5

user sessions

disconnecting 8-7

monitoring 8-6

using PACL with access-group mode 43-30

V

VACLs

Layer 4 port operations 43-9

virtual configuration register 56-3

virtual LANs

See VLANs

Virtual Private Network

See VPN

Virtual Switch System(VSS), displaying EtherChannel to 19-16

VLAN ACLs

See VLAN maps

vlan command 13-6

vlan dot1q tag native command 23-4

VLAN ID, discovering 4-32

VLAN Management Policy Server

See VMPS

VLAN maps

applying to a VLAN 43-22

configuration example 43-23

configuration guidelines 43-18

configuring 43-18

creating and deleting entries 43-19

defined 43-3

denying access example 43-24

denying packets 43-20

displaying 43-25

order of entries 43-19

permitting packets 43-20

router ACLs and 43-25

using (figure) 43-5

using in your network 43-22

VLAN maps, PACL and Router ACLs 43-32

VLANs

allowed on trunk 15-6

configuration guidelines 13-3

configuring 13-5

customer numbering in service-provider networks 23-3

default configuration 13-4

description 1-7

extended range 13-3

IDs (default) 13-5

interface assignment 13-7

limiting source traffic with RSPAN 50-23

monitoring with RSPAN 50-22

name (default) 13-5

normal range 13-3

overview 13-1

reserved range 13-3

See also PVLANs

VLAN Trunking Protocol

See VTP

VLAN trunks

overview 15-3

VMPS

configuration file example 13-32

configuring dynamic access ports on client 13-25

configuring retry interval 13-27

database configuration file 13-32

dynamic port membership

example 13-29

reconfirming 13-26

reconfirming assignments 13-26

reconfirming membership interval 13-26

server overview 13-21

VMPS client

administering and monitoring 13-28

configure switch

configure reconfirmation interval 13-26

dynamic ports 13-25

entering IP VMPS address 13-24

reconfirmation interval 13-27

reconfirm VLAM membership 13-26

default configuration 13-24

dynamic VLAN membership overview 13-23

troubleshooting dynamic port VLAN membership 13-29

VMPS server

fall-back VLAN 13-23

illegal VMPS client requests 13-23

overview 13-21

security modes

multiple 13-22

open 13-22

secure 13-22

voice interfaces

configuring 35-1

Voice over IP

configuring 35-1

voice ports

configuring VVID 35-3

voice traffic 10-2, 35-5

voice VLAN

IP phone data traffic, described 35-2

IP phone voice traffic, described 35-2

voice VLAN ports

using 802.1X 37-20

VPN

configuring routing in 32-11

forwarding 32-3

in service provider networks 32-1

routes 32-2

routing and forwarding table

See VRF

VRF

defining 32-3

tables 32-1

VRF-aware services

ARP 32-6, 32-9

configuring 32-6

ftp 32-8

ping 32-7

SNMP 32-7

syslog 32-8

tftp 32-8

traceroute 32-8

uRPF 32-7

VTP

client, configuring 13-16

configuration guidelines 13-12

default configuration 13-13

disabling 13-16

monitoring 13-19

overview 13-8

pruning

configuring 13-15

See also VTP version 2

server, configuring 13-16

statistics 13-19

transparent mode, configuring 13-16

version 2

enabling 13-15

VTP advertisements

description 13-9

VTP domains

description 13-8

VTP modes 13-9

VTP pruning

overview 13-11

VTP versions 2 and 3

overview 13-9

See also VTP

VTY and Network Assistant 12-11

VVID (voice VLAN ID)

and 802.1X authentication 37-20

configuring 35-3

W

Wake-on-LAN

configure with 802.1X 37-53

web-based authentication

authentication proxy web pages 38-4

description 1-26, 37-13, 38-1

web-based authentication, interactions with other features 38-4

Y

Y.1731

default configuration 46-28

described 46-26

ETH-AIS

Ethernet Alarm Signal function (ETH-AIS)

     1

ETH-RDI 46-27

multicast Ethernet loopback 46-30

multicast ETH-LB 46-28

terminology 46-26