Catalyst 4500 Series Switch Software Configuration Guide, 12.2(40)SG
Index
Downloads: This chapterpdf (PDF - 1.41MB) The complete bookPDF (PDF - 24.4MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W -

Index

ACLs

applying IPv6 ACLs to a Layer 3 interface 39-22

Numerics

10/100 autonegotiation feature, forced 6-11

10-Gigabit Ethernet or Gigabit Ethernet ports

deploy on WS-X4606-10GE-E and Sup 6-E 6-7

10-Gigabit Ethernet port

deploy with Gigabit Ethernet SFP ports 6-6

1400 W DC Power supply

special considerations 10-16

1400 W DC SP Triple Input power supply

special considerations 10-17

802.10 SAID (default) 13-4

802.1Q

trunks 17-6

tunneling

compatibility with other features 22-5

defaults 22-4

described 22-2

tunnel ports with other features 22-6

802.1Q VLANs

encapsulation 15-3

trunk restrictions 15-5

802.1s

See MST

802.1w

See MST

802.1X

See port-based authentication

802.1X authentication

for Critical Authentication 34-12

for guest VLANs 34-8

for MAC Authentication Bypass 34-9

for Wake-on-LAN 34-12

RADIUS accounting 34-16

with port security 34-15

with VLAN assignment 34-7

with voice VLAN ports 34-18

802.3ad

See LACP

A

AAA 36-1

abbreviating commands 2-5

access control entries

See ACEs

access control entries and lists 36-1

access-group mode, configuring on Layer 2 interface 39-35

access-group mode, using PACL with 39-35

access list filtering, SPAN enhancement 43-13

access lists

using with WCCP 49-7

access ports

and Layer 2 protocol tunneling 22-9

configure port security 35-6, 35-21

configuring 15-8

access VLANs 15-6

accounting

configuring for 802.1X 34-32

with TACACS+ 3-16, 3-21

ACEs

ACLs 39-2

IP 39-2

Layer 4 operation restrictions 39-15

ACEs and ACLs 36-1

ACLs

ACEs 39-2

and SPAN 43-5

and TCAM programming for Sup 6-E 39-15

and TCAM programming for Sup II-Plus thru V-10GE 39-6

applying on routed packets 39-32

applying on switched packets 39-31

chaning the TCAM programming algorithm 39-9

compatibility on the same switch 39-3

configuring with VLAN maps 39-31

CPU impact 39-17

hardware and software support 39-5

IP, matching criteria for port ACLs 39-4

MAC extended 39-19

matching criteria for router ACLs 39-3

port

and voice VLAN 39-4

defined 39-3

limitations 39-5

processing 39-17

resize the TCAM regions 39-10

selecting mode of capturing control packets 39-12

TCAM programming algorithm 39-7

troubleshooting high CPU 39-12

types supported 39-3

understanding 39-2

VLAN maps 39-5

ACLs and VLAN maps, examples 39-25

acronyms, list of A-1

action drivers, marking 32-75

active queue management 32-14

active queue management via DBL, QoS on Sup 6-E 32-85

adding members to a community 12-8

addresses

displaying the MAC address table 4-30

dynamic

changing the aging time 4-21

defined 4-19

learning 4-20

removing 4-22

MAC, discovering 4-30

See MAC addresses

static

adding and removing 4-27

defined 4-19

address resolution 4-30

adjacency tables

description 27-2

displaying statistics 27-9

advertisements, VTP

See VTP advertisements

aggregation switch, enabling DHCP snooping 37-9

aging time

MAC address table 4-21

applying IPv6 ACLs to a Layer 3 interface 39-22

AQM via DBL, QoS on Sup 6-E 32-85

ARP

defined 4-30

table

address resolution 4-30

managing 4-30

asymmetrical links, and 802.1Q tunneling 22-4

audience xxxvii

authentication

NTP associations 4-4

See also port-based authentication

TACACS+

defined 3-16

key 3-18

login 3-19

Authentication, Authorization, and Accounting (AAA) 36-1

Authentication Failed VLAN assignment

configure with 802.1X 34-40

authentication server

defined 34-3

RADIUS server 34-3

authoritative time source, described 4-2

authorization

with TACACS+ 3-16, 3-21

authorized and unauthorized ports 34-4

authorized ports with 802.1X 34-4

autoconfiguration 3-2

automatic discovery

considerations 12-7

automatic QoS

See QoS

Auto-MDIX on a port

configuring 6-20

displaying the configuration 6-21

overview 6-19

autonegotiation feature

forced 10/100Mbps 6-11

Auto-QoS

configuring 32-17

auto-sync command 8-8

B

Baby Giants

interacting with 6-19

BackboneFast

adding a switch (figure) 18-3

and MST 17-23

configuring 18-16

link failure (figure) 18-14, 18-15

not supported MST 17-23

understanding 18-13

See also STP

banners

configuring

login 4-19

message-of-the-day login 4-18

default configuration 4-18

when displayed 4-17

b command 51-3

b flash command 51-3

BGP 1-7

routing session with multi-VRF CE 31-7

blocking packets 41-1

blocking state (STP)

RSTP comparisons (table) 17-24

boot bootldr command 3-31

boot command 3-28

boot commands 51-3

boot fields

See configuration register boot fields

bootstrap program

See ROM monitor

boot system command 3-26, 3-31

boot system flash command 3-28

Border Gateway Protocol

See BGP

boundary ports

description 17-27

BPDU Guard

and MST 17-23

configuring 18-16

overview 18-8

BPDUs

and media speed 17-2

pseudobridges and 17-25

what they contain 17-3

bridge ID

See STP bridge ID

bridge priority (STP) 17-16

bridge protocol data units

See BPDUs

Broadcast Storm Control

disabling 42-6

enabling 42-3

BSR

configuration example 29-21

burst rate 32-56

burst size 32-31

C

cache engine clusters xxxix, 49-1

cache engines xxxix, 49-1

cache farms

See cache engine clusters

candidates

automatic discovery 12-7

candidate switch, cluster

defined 12-12

requirements 12-12

Capturing control packets

selecting mode 39-12

cautions

Unicast RPF

BGP optional attributes 28-4

cautions for passwords

encrypting 3-22

CDP

and trusted boundary 32-26

automatic discovery in communities 12-7

configuration 23-2

displaying configuration 23-3

enabling on interfaces 23-3

Layer 2 protocol tunneling 22-7

maintaining 23-3

monitoring 23-3

overview 1-2, 23-1

cdp enable command 23-3

CEF

adjacency tables 27-2

and NSF with SSO 9-5

configuring load balancing 27-7

displaying statistics 27-8

enabling 27-6

hardware switching 27-4

load balancing 27-6

overview 27-1

software switching 27-4

CGMP

overview 20-1

channel-group group command 19-7, 19-10

Cisco 7600 series Internet router

enabling SNMP 50-16

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco IOS NSF-aware

support 9-2

Cisco IOS NSF-capable support 9-2

Cisco IP Phones

configuring 33-2

sound quality 33-1

CiscoWorks 2000 45-4

CIST

description 17-22

class-map command 32-33

class of service

See CoS

clear cdp counters command 23-4

clear cdp table command 23-3

clear counters command 6-23

clearing

IP multicast table entries 29-20

clear ip eigrp neighbors command 26-18

clear ip flow stats command 46-9

CLI

accessing 2-1

backing out one level 2-5

getting commands 2-5

history substitution 2-3

managing clusters 12-12

modes 2-5

monitoring environments 43-1

ROM monitor 2-7

software basics 2-4

clients

in 802.1X authentication 34-2

clock

See system clock

clustering switches

command switch characteristics 12-11, 12-12

and VTY 12-11

convert to a community 12-9

managing

through CLI 12-12

overview 12-10

planning considerations

CLI 12-12

passwords 12-8

command-line processing 2-3

command modes 2-5

commands

b 51-3

b flash 51-3

boot 51-3

confreg 51-3

dev 51-3

dir device 51-3

frame 51-5

i 51-3

listing 2-5

meminfo 51-5

reset 51-3

ROM monitor51-2to 51-3

ROM monitor debugging 51-5

SNMP 50-16

sysret 51-5

command switch, cluster

requirements 12-11

common and internal spanning tree

See CIST

common spanning tree

See CST

community of switches

access modes in Network Assistant 12-8

adding devices 12-8

candidate characterisitcs 12-6

communication protocols 12-8

community name 12-7

configuration information 12-8

converting from a cluster 12-9

host name 12-7

passwords 12-8

community ports 40-4

community strings

configuring 45-7

overview 45-4

community VLANs 40-3, 40-4

and SPAN features 40-12

configure as a PVLAN 40-13

compiling MIBs 50-16

config-register command 3-29

config terminal command 3-9

configurable leave timer,IGMP 20-3

configuration examples

SNMP 45-16

configuration files

limiting TFTP server access 45-15

obtaining with DHCP 3-6

saving 3-10

system contact and location information 45-15

configuration guidelines

SNMP 45-6

configuration register

boot fields

listing value 3-29

modifying 3-28

changing from ROM monitor 51-3

changing settings3-28to 3-29

configuring 3-26

settings at startup 3-27

configure terminal command 3-28, 6-2

configuring access-group mode on Layer 2 interface 39-35

configuring flow control 6-14

configuring interface link and trunk status envents 6-24

configuring named IPv6 ACLs 39-20

configuring named MAC extended ACLs 39-19

configuring unicast MAC address filtering 39-19

configuring VLAN maps 39-23

confreg command 51-3

console configuration mode 2-5

console download51-4to 51-5

console port

disconnecting user sessions 7-6

monitoring user sessions 7-6

control plane policing

See CoPP

CoPP

applying QoS service policy to control plane 36-3

configuring

ACLs to match traffic 36-3

enabling MLS QoS 36-3

packet classification criteria 36-3

service-policy map 36-3

control plane configuration mode

entering 36-3

displaying

dynamic information 36-7

number of conforming bytes and packets 36-7

rate information 36-7

entering control plane configuration mode 36-3

monitoring statistics 36-7

overview 36-1

copy running-config startup-config command 3-10

copy system:running-config nvram:startup-config command 3-31

CoS

definition 32-3

figure 32-2

overriding on Cisco IP Phones 33-4

priority 33-4

CoS Mutation

configuring 32-40

CoS-to-DSCP maps 32-57

CoS value, configuring for an interface 32-53

counters

clearing MFIB 29-21

clearing on interfaces 6-23

CPU, impact of ACL processing 39-17

CPU port sniffing 43-10

Critical Authentication

configure with 802.1X 34-36, 34-37

CST

description 17-25

IST and 17-22

MST and 17-22

customer edge devices 31-2

D

database agent

configuration examples 37-12

enabling the DHCP Snooping 37-12

daylight saving time 4-13

debug commands, ROM monitor 51-5

default configuration

802.1X 34-22

auto-QoS 32-17

banners 4-18

DNS 4-16

IGMP filtering 20-18

IGMP snooping 21-5, 21-6

Layer 2 protocol tunneling 22-9

MAC address table 4-21

multi-VRF CE 31-4

NTP 4-4

private VLANs 40-11

resetting the interface 6-26

RMON 47-3

SNMP 45-6

SPAN and RSPAN 43-6

system message logging 44-3

system name and prompt 4-15

TACACS+ 3-18

default gateway

configuring 3-11

verifying configuration 3-11

default settings, erase commad 3-31

denial-of-service attacks

IP address spoofing, mitigating 28-5

Unicast RPF, deploying 28-5

denying access to a server on another VLAN 39-29

deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports 6-6

deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports on WS-X4606-10GE-E and Sup 6-E 6-7

description command 6-13

detecting unidirectional links 24-1

dev command 51-3

DHCP-based autoconfiguration

client request message exchange 3-3

configuring

client side 3-2

DNS 3-5

relay device 3-5

server-side 3-3

TFTP server 3-4

example 3-7

lease options

for IP address information 3-3

for receiving the configuration file 3-4

overview 3-2

relationship to BOOTP 3-2

DHCP option 82

overview 37-3

DHCP Snooping

enabling, and Option 82 37-9

DHCP snooping

accepting untrusted packets form edge switch 37-10

configuring 37-6

default configuration 37-7

displaying binding tables 37-16

displaying configuration 37-16

displaying information 37-15

enabling 37-7

enabling on private VLAN 37-11

enabling on the aggregation switch 37-9

enabling the database agent 37-12

message exchange process 37-4

monitoring 37-20

option 82 data insertion 37-3

overview 37-1

Snooping database agent 37-2

DHCP Snooping Database Agent

adding to the database (example) 37-15

enabling (example) 37-12

overview 37-2

reading from a TFTP file (example) 37-14

Diagnostics

online 48-1

troubleshooting 48-2

Power-On-Self-Test

causes of failure 48-14

how it works 48-3

overview 48-3

Power-On-Self-Test for Supervisor Engine V-10GE 48-8

Differentiated Services Code Point values

See DSCP values

DiffServ architecture, QoS 32-2

Digital optical monitoring transceiver support 6-10

dir device command 51-3

disabled state

RSTP comparisons (table) 17-24

disabling

broadcast storm control 42-6

disabling multicast storm control 42-7

disconnect command 7-6

discovery, clusters

See automatic discovery

displaying storm control 42-7

DNS

and DHCP-based autoconfiguration 3-5

default configuration 4-16

displaying the configuration 4-17

overview 4-15

setting up 4-16

documentation

organization xxxvii

related xl

domain names

DNS 4-15

Domain Name System

See DNS

double-tagged packets

802.1Q tunneling 22-2

Layer 2 protocol tunneling 22-9

downloading MIBs 50-14, 50-15

drop threshold for Layer 2 protocol packets 22-10

DSCP maps 32-57

DSCP-to-CoS maps

configuring 32-59

DSCP values

configuring maps 32-57

definition 32-4

IP precedence 32-2

mapping markdown 32-24

mapping to transmit queues 32-55

DSCP values, configuring port value 32-54

DTP

VLAN trunks and 15-3

duplex command 6-12

duplex mode

configuring interface 6-11

dynamic ARP inspection

ARP cache poisoning 38-2

configuring

ACLs for non-DHCP environments 38-11

in DHCP environments 38-5

log buffer 38-14

rate limit for incoming ARP packets 38-16

denial-of-service attacks, preventing 38-16

interface trust state, security coverage 38-3

log buffer

configuring 38-14

logging of dropped packets 38-4

overview 38-1

port channels, their behavior 38-5

priority of static bindings 38-4

purpose of 38-2

rate limiting of ARP packets 38-4

configuring 38-16

validation checks, performing 38-19

dynamic buffer limiting

globally 32-27

on specific CoS values 32-29

on specific IP DSCP values 32-28

Dynamic Host Configuration Protocol snooping

See DHCP snooping

dynamic port VLAN membership

example 13-25

limit on hosts 13-24

reconfirming 13-22

troubleshooting 13-24

Dynamic Trunking Protocol

See DTP

E

EAP frames

changing retransmission time 34-45

exchanging (figure) 34-4, 34-6, 34-11

request/identity 34-3

response/identity 34-3

setting retransmission number 34-46

EAPOL frames

802.1X authentication and 34-3

OTP authentication, example (figure) 34-4, 34-11

start 34-3

edge ports

description 17-27

EGP

overview 1-7

EIGRP

configuration examples 26-19

monitoring and maintaining 26-18

EIGRP (Enhanced IGRP)

stub routing

benefits 26-17

configuration tasks 26-17

configuring 26-13

overview 26-13

restrictions 26-17

verifying 26-18

EIGRP (enhanced IGRP)

overview 1-8

eigrp stub command 26-18

EIGRP stub routing, configuring 26-12

Embedded CiscoView

displaying information 4-33

installing and configuring 4-31

overview 4-31

emergency alarms on Sup Engine 6-E systems 10-3

enable command 3-9, 3-28

enable mode 2-5

enabling or disabling QOS on an interface 32-50

enabling SNMP 50-16

encapsulation types 15-3

Enhanced Interior Gateway Routing Protocol

See EIGRP

environmental conditions

Sup Engine 6-E 10-2

Sup Engines II-Plus to V-10GE 10-2

environmental monitoring

using CLI commands 10-1

EtherChannel

channel-group group command 19-7, 19-10

configuration guidelines 19-5

configuring19-6to 19-14

configuring Layer 2 19-9

configuring Layer 3 19-6

interface port-channel command 19-7

lacp system-priority

command example 19-12

modes 19-3

overview 19-1

PAgP

Understanding 19-3

physical interface configuration 19-7

port-channel interfaces 19-2

port-channel load-balance command 19-13

removing 19-14

removing interfaces 19-14

EtherChannel guard

disabling 18-6

enabling 18-6

overview 18-6

explicit host tracking

enabling 20-10

extended range VLANs

See VLANs

Extensible Authentication Protocol over LAN 34-1

Exterior Gateway Protocol

See EGP

F

FastDrop

clearing entries 29-20

displaying entries 29-19

overview 29-10

FIB

description 27-2

See also MFIB

filtering

in a VLAN 39-23

non-IP traffic 39-19

flags 29-11

Flash memory

configuring router to boot from 3-30

loading system images from 3-30

security precautions 3-30

flooded traffic, blocking 41-2

flowchart, traffic marking procedure 32-75

flow control, configuring 6-14

forward-delay time (STP)

configuring 17-18

forwarding information base

See FIB

frame command 51-5

G

gateway

See default gateway

get-bulk-request operation 45-3

get-next-request operation 45-3, 45-4

get-request operation 45-3, 45-4

get-response operation 45-3

Gigabit Ethernet SFP ports

deploy with 10-Gigabit Ethernet 6-6

global configuration mode 2-5

Guest-VLANs

configure with 802.1X 34-32, 34-41

H

hardware and software ACL support 39-5

hardware switching 27-5

hello time (STP)

configuring 17-17

hierarchical policers, configuring 32-46

hierarchical policies, QoS on Sup 6-E 32-87

high CPU due to ACLs, troubleshooting 39-12

history

CLI 2-3

history table, level and number of syslog messages 44-9

hop counts

configuring MST bridges 17-28

host

configuring host statically 20-10

limit on dynamic port 13-24

host ports

kinds of 40-4

Hot Standby Routing Protocol

See HSRP

HSRP

description 1-7

http

//www.cisco.com/en/US/docs/ios/fundamentals/command reference/cf_book.html 44-1, 47-1

hw-module module num power command 10-20

I

ICMP

enabling 7-11

ping 7-7

running IP traceroute 7-8

time exceeded messages 7-8

i command 51-3

IDS

using with SPAN and RSPAN 43-2

IEEE 802.1s

See MST

IEEE 802.1w

See MST

IEEE 802.3ad

See LACP

IGMP

configurable leave timer

enabling 20-8

configurable-leave timer 20-3

description 29-3

enabling 29-13

explicit host tracking 20-4, 20-10

immediate-leave processing 20-3

leave processing, enabling 21-8

overview 20-1

report suppression

disabling 21-11

IGMP filtering

configuring 20-18

default configuration 20-18

described 20-18

monitoring 20-21

IGMP groups

setting the maximum number 20-20

IGMP Immediate Leave

configuration guidelines 20-8

IGMP profile

applying 20-19

configuration mode 20-18

configuring 20-19

IGMP snooping

configuration guidelines 20-4

default configuration 21-5, 21-6

enabling 20-5, 20-6

enabling and disabling 21-6

IP multicast and 29-4

monitoring 20-13, 21-11

overview 20-1

IGRP

description 1-8

Immediate Leave, IGMP

enabling 21-8

immediate-leave processing

enabling 20-8

IGMP

See fast-leave processing

ingress packets, SPAN enhancement 43-12

inline power

configuring on Cisco IP phones 33-5

insufficient inline power handling for Supervisor Engine II-TS 10-18

Intelligent Power Management 11-4

interacting with Baby Giants 6-19

interface command 3-9, 6-1

interface link and trunk status events

configuring 6-24

interface port-channel command 19-7

interface range command 6-4

interface range macro command 6-5

interfaces

adding descriptive name 6-13

clearing counters 6-23

configuring 6-2

configuring ranges 6-4

displaying information about 6-23

Layer 2 modes 15-4

maintaining 6-22

monitoring 6-22

naming 6-13

numbers 6-2

overview 6-1

restarting 6-24

See also Layer 2 interfaces

Interior Gateway Routing Protocol

See IGRP

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

Inter-Switch Link encapsulation

See ISL encapsulation

Intrusion Detection System

See IDS

IP

configuring default gateway 3-11

configuring static routes 3-11

displaying statistics 27-8

flow switching cache 46-9

IP addresses

cluster candidate or member 12-12

cluster command switch 12-11

discovering 4-30

ip cef command 27-6

IP Enhanced IGRP

interfaces, displaying 26-18

ip flow-aggregation cache destination-prefix command 46-11

ip flow-aggregation cache prefix command 46-11

ip flow-aggregation cache source-prefix command 46-12

ip flow-export command 46-9

ip icmp rate-limit unreachable command 7-12

ip igmp profile command 20-18

ip igmp snooping tcn flood command 20-12

ip igmp snooping tcn flood query count command 20-12

ip igmp snooping tcn query solicit command 20-13

IP information

assigned

through DHCP-based autoconfiguration 3-2

ip load-sharing per-destination command 27-7

ip local policy route-map command 30-5

ip mask-reply command 7-13

IP MTU sizes, configuring 26-8

IP MTU sizes,configuring 26-8

IP multicast

clearing table entries 29-20

configuring 29-12

default configuration 29-13

displaying PIM information 29-16

displaying the routing table information 29-16

enabling 29-13

enabling dense-mode PIM 29-14

enabling sparse-mode 29-14

features not supported 29-12

hardware forwarding 29-8

IGMP snooping and 20-4, 29-4

monitoring 29-15

overview 29-1

routing protocols 29-2

software forwarding 29-8

See also Auto-RP; IGMP; PIM; RP; RPF

ip multicast-routing command 29-13

IP phones

automatic classification and queueing 32-17

configuring voice ports 33-3

See Cisco IP Phones 33-1

trusted boundary for QoS 32-26

ip pim command 29-14

ip pim dense-mode command 29-14

ip pim sparse-dense-mode command 29-15

ip policy route-map command 30-4

IP Port Security for Static Hosts

on a Layer 2 access port 37-21

on a PVLAN host port 37-24

overview 37-21

ip redirects command 7-12

ip route-cache flow command 46-7

IP routing tables

deleting entries 29-20

IP Source Guard

configuring 37-17

configuring on private VLANs 37-19

displaying 37-19, 37-20

overview 37-16

IP statistics

displaying 27-8

IP traceroute

executing 7-8

overview 7-8

IP unicast

displaying statistics 27-8

IP Unnumbered support

configuring on a range of Ethernet VLANs 14-5

configuring on LAN and VLAN interfaces 14-4

configuring with connected host polling 14-6

DHCP Option 82 14-2

displaying settings 14-7

format of agent remote ID suboptions 14-3

troubleshooting 14-8

with conected host polling 14-3

with DHCP server and Relay agent 14-2

ip unreachables command 7-11

IPX

redistribution of route information with EIGRP 1-8

ISL

encapsulation 15-3

trunking with 802.1Q tunneling 22-4

isolated port 40-4

isolated VLANs 40-3, 40-4

ISSU

compatibility matrix 5-13

compatiblity verification using Cisco Feature Navigator 5-14

NSF overview 5-4

perform the process

aborting a software upgrade 5-26

configuring the rollback timer as a safeguard 5-27

displaying a compatibility matrix 5-29

loading the new software on the new standby 5-24

stopping the rollback timer 5-23

switching to the standby 5-20

verify the ISSU state 5-16

verify the redundancy mode 5-15

verify the software installation 5-14

vload the new software on standby 5-17

prerequisites 5-2

process overview 5-7

restrictions 5-2

SNMP support 5-13

SSO overview 5-4

versioning capability in software to support 5-12

IST

and MST regions 17-22

description 17-22

master 17-27

J

jumbo frames

and ethernet ports 6-18

configuring MTU sizes for 6-18

ports and linecards that support 6-16

understanding MTUs 6-17

understanding support 6-17

VLAN interfaces 6-18

K

keyboard shortcuts 2-3

L

l2protocol-tunnel command 22-11

labels, definition 32-3

LACP

system ID 19-4

Layer 2 access ports 15-8

Layer 2 Control Packet QoS

feature interaction 32-64

overview 32-60

usage guidelines 32-64

Layer 2 frames

classification with CoS 32-2

Layer 2 interface, configuring access-mode mode on 39-35

Layer 2 interfaces

assigning VLANs 13-7

configuring 15-5

configuring as PVLAN host ports 40-16

configuring as PVLAN promiscuous ports 40-15

configuring as PVLAN trunk ports 40-17

defaults 15-5

disabling configuration 15-9

modes 15-4

show interfaces command 15-7

Layer 2 interface type

resetting 40-22

setting 40-22

Layer 2 protocol tunneling

default configuration 22-9

guidelines 22-10

Layer 2 switching

overview 15-1

Layer 2 Traceroute

and ARP 7-10

and CDP 7-9

host-to-host paths 7-9

IP addresses and subnets 7-10

MAC addresses and VLANs 7-10

multicast traffic 7-10

multiple devices on a port 7-10

unicast traffic 1-20, 7-9

usage guidelines 7-9

Layer 2 trunks

configuring 15-6

overview 15-3

Layer 3 interface, applying IPv6 ACLs 39-22

Layer 3 interface counters,configuring 26-10

Layer 3 interface counters,understanding 26-4

Layer 3 interfaces

configuration guidelines 26-5

overview 26-1

logical 26-2

physical 26-2

VLANs as interfaces 26-7

Layer 3 packets

classification methods 32-2

Layer 4 port operations

configuration guidelines 39-16

restrictions 39-15

limitations on using a TwinGig Convertor 6-8

link and trunk status events

configuring interface 6-24

listening state (STP)

RSTP comparisons (table) 17-24

load balancing

configuring for CEF 27-7

configuring for EtherChannel 19-13

overview 19-4, 27-6

per-destination 27-7

Logical Layer 3 interfaces

configuring 26-5

login authentication

with TACACS+ 3-19

login banners 4-17

login timer

changing 7-5

logoutwarning command 7-6

loop guard

and MST 17-23

configuring 18-4

overview 18-3

M

MAC addresses

aging time 4-21

allocating 17-5

and VLAN association 4-20

building tables 4-20, 15-2

convert dynamic to sticky secure 35-5

default configuration 4-21

discovering 4-30

displaying 4-30, 7-3

displaying in DHCP snooping binding table 37-16

dynamic

learning 4-20

removing 4-22

in ACLs 39-19

static

adding 4-28

allowing 4-29

characteristics of 4-27

dropping 4-29

removing 4-28

sticky 35-4

sticky secure, adding 35-5

MAC Authentication Bypass

configure with 802.1X 34-35

MAC extended access lists 39-19

macros

See Smartports macros

main-cpu command 8-8

management options

SNMP 45-1

mapping

DSCP markdown values 32-24

DSCP values to transmit queues 32-55

mapping tables

configuring DSCP 32-57

described 32-14

marking

hardware capabilities 32-77

marking action drivers 32-75

marking network traffic 32-72

marking support, multi-attribute 32-76

mask destination command 46-11

mask source command 46-11, 46-12

Match CoS for non-IPV4 traffic

configuring 32-35

match ip address command 30-3

maximum aging time (STP)

configuring 17-18

MDA

configuration guidelines34-19to 34-20

described 34-19

members

automatic discovery 12-7

member switch

managing 12-12

member switch, cluster

defined 12-11

requirements 12-12

meminfo command 51-5

messages, to users through banners 4-17

metro tags 22-2

MFIB

CEF 29-5

displaying 29-18

overview 29-11

MIBs

compiling 50-16

downloading 50-14, 50-15

overview 45-1

related information 50-15

SNMP interaction with 45-4

MLD Done messages and Immediate-leave 21-4

MLD messages 21-2

MLD queries 21-3

MLD reports 21-4

MLD Snooping

MLD Done messages and Immediate-leave 21-4

MLD messages 21-2

MLD queries 21-3

MLD reports 21-4

Multicast client aging robustness 21-3

Multicast router discovery 21-3

overview 21-1

Mode of capturing control packets, selecting 39-12

modules

checking status 7-1

powering down 10-20

monitoring

802.1Q tunneling 22-12

ACL information 39-39

IGMP

snooping 21-11

IGMP filters 20-21

IGMP snooping 20-13

Layer 2 protocol tunneling 22-12

multicast router interfaces 21-11

multi-VRF CE 31-12

traffic flowing among switches 47-1

tunneling 22-12

VLAN filters 39-30

VLAN maps 39-30

M-record 17-23

MST

and multiple spanning trees 1-3, 17-22

boundary ports 17-27

BPDUs 17-23

configuration parameters 17-26

configuring 17-29

displaying configurations 17-33

edge ports 17-27

enabling 17-29

hop count 17-28

instances

configuring parameters 17-32

description 17-22

number supported 17-26

interoperability with PVST+ 17-23

link type 17-28

master 17-27

message age 17-28

regions 17-26

restrictions 17-29

to-SST interoperability 17-24

MSTP

EtherChannel guard

enabling 18-6

M-record 17-23

M-tree 17-23

M-tree 17-23

MTUS

understanding 6-17

MTU size

configuring 6-18, 6-25

default 13-4

multicast

See IP multicast

Multicast client aging robustness 21-3

multicast groups

static joins 21-7

multicast packets

blocking 41-2

Multicast router discovery 21-3

multicast router interfaces, monitoring 21-11

multicast router ports, adding 21-8

multicast routers

displaying routing tables 29-16

flood suppression 20-10

Multicast Storm Control

enabling 42-4

disabling 42-7

suppression on Sup 6-E 42-4

suppression on WS-X4014 42-5

suppression on WS-X4016 42-5

WS-X4515, WS-X4014, and WS-X4013+ Sup Engs 42-5

WS-X4516 Sup Eng 42-5

multidomain authentication

See MDA

Multiple Domain Authentication

configuring 34-28

overview of Host Mode 34-6

multiple forwarding paths 1-3, 17-22

Multiple Spanning Tree

See MST

multiple VPN routing/forwarding

See multi-VRF CE

multi-VRF CE

components 31-4

configuration example 31-8

default configuration 31-4

defined 31-1

displaying 31-12

monitoring 31-12

network components 31-4

packet-forwarding process 31-4

N

named aggregate policers, creating 32-31

named IPv6 ACLs, configuring

ACLs

configuring named IPv6 ACLs 39-20

named MAC extended ACLs

ACLs

configuring named MAC extended 39-19

native VLAN

and 802.1Q tunneling 22-4

specifying 15-6

NetFlow

aggregation

minimum mask,default value 46-11

destination-prefix aggregation

configuration (example) 46-16

minimum mask, configuring 46-11

IP

flow switching cache 46-9

prefix aggregation

configuration (example) 46-14

minimum mask, configuring 46-11

source-prefix aggregation

minimum mask, configuring 46-11

switching

checking for required hardware 46-6

configuration (example) 46-13

configuring switched IP flows 46-8

enabling Collection 46-7

exporting cache entries 46-9

statistics 46-9

NetFlow statistics

caveats on supervisor 46-6

checking for required hardware 46-6

configuring collection 46-6

enabling Collection 46-7

exporting cache entries 46-9

overview of collection 46-1

switched/bridged IP flows 46-8

Network Assistant

and VTY 12-11

configure

enable communication with switch 12-13, 12-17

default configuration 12-2

overview of CLI commands 12-2

network fault tolerance 1-3, 17-22

network management

configuring 23-1

RMON 47-1

SNMP 45-1

Network Time Protocol

See NTP

network traffic, marking 32-72

New Software Features in Release 7.7

TDR 7-3

Next Hop Resolution Protocol

See NHRP

NFFC/NFFC II

IGMP snooping and 20-4

NHRP

support 1-8

non-IP traffic filtering 39-19

non-RPF traffic

description 29-9

in redundant configurations (figure) 29-10

Nonstop Forwarding

See NSF

nonvolatile random-access memory

See NVRAM

normal-range VLANs

See VLANs

NSF

defined 9-1

guidelines and restrictions 9-9

operation 9-4

NSF-aware

supervisor engines 9-3

support 9-2

NSF-capable

supervisor engines 9-3

support 9-2

NSF with SSO supervisor engine redundancy

and CEF 9-5

overview 9-3

SSO operation 9-4

NTP

associations

authenticating 4-4

defined 4-2

enabling broadcast messages 4-7

peer 4-6

server 4-6

default configuration 4-4

displaying the configuration 4-11

overview 4-2

restricting access

creating an access group 4-9

disabling NTP services per interface 4-10

source IP address, configuring 4-10

stratum 4-2

synchronizing devices 4-6

time

services 4-2

synchronizing 4-2

NVRAM

saving settings 3-10

O

OIR

overview 6-22

Online Diagnostics 48-1

online insertion and removal

See OIR

Open Shortest Path First

See OSPF

operating system images

See system images

Option 82

enabling DHCP Snooping 37-9

OSPF

area concept 1-9

description 1-9

P

packets

modifying 32-16

software processed

and QoS 32-16

packet type filtering

overview 43-15

SPAN enhancement 43-15

PACL, using with access-group mode 39-35

PACL with VLAN maps and router ACLs 39-37

PAgP

understanding 19-3

passwords

configuring enable password 3-13

configuring enable secret password 3-13

encrypting 3-22

in clusters 12-8

recovering lost enable password 3-25

setting line password 3-14

PBR (policy-based routing)

configuration (example) 30-5

enabling 30-3

features 30-2

overview 30-1

route maps 30-2

when to use 30-2

per-port and VLAN Access Control List 37-16

per-port per-VLAN QoS

enabling 32-48

overview 32-16

Per-VLAN Rapid Spanning Tree 17-6

enabling 17-20

overview 17-6

PE to CE routing, configuring 31-7

Physical Layer 3 interfaces, configuring 26-11

PIM

configuring dense mode 29-14

configuring sparse mode 29-14

displaying information 29-15

displaying statistics 29-20

enabling sparse-dense mode 29-14, 29-15

overview 29-3

PIM-DM 29-3

PIM-SM 29-3

ping

executing 7-7

overview 7-7

ping command 7-7, 29-16

PoE 11-7

configuring power consumption for single device 11-5

configuring power consumption for switch 11-4

power consumption for powered devices

Intelligent Power Management 11-4

powering down a module 10-20

power management modes 11-2

show interface status 11-6

point-to-point

in 802.1X authentication (figure) 34-2, 34-17

police command 32-37

policed-DSCP map 32-58

policers

description 32-5

types of 32-10

policies

See QoS policies

policing

how to implement 32-72

See QoS policing

policy associations, QoS on Sup 6-E 32-89

policy-map command 32-33, 32-36

policy map marking action, configuring 32-77

policy maps

attaching to interfaces 32-40

configuring 32-35

port ACLs

and voice VLAN 39-4

defined 39-3

limitations 39-5

Port Aggregation Protocol

see PAgP

port-based authentication

802.1X with voice VLAN 34-18

changing the quiet period 34-44

client, defined 34-2

configuration guidelines 34-23

configure 802.1X accounting 34-32

configure switch-to-RADIUS server communication 34-26

configure with Authentication Failed VLAN assignment 34-40

configure with Critical Authentication 34-36, 34-37

configure with Guest-VLANs 34-32, 34-41

configure with MAC Authentication Bypass 34-35

configure with Wake-on-LAN 34-39

configuring

Multiple Domain Authentication 34-28

configuring Guest-VLAN 34-26

configuring manual re-authentication of a client 34-47

controlling authorization state 34-4

default configuration 34-22

described 34-1

device roles 34-2

displaying statistics 34-48

enabling 34-23

enabling multiple hosts 34-43

enabling periodic re-authentication 34-42

encapsulation 34-3

host mode 34-6

initiation and message exchange 34-3

method lists 34-23

multidomain authentication 34-19

multiple-hosts mode, described 34-6

port security

multiple-hosts mode 34-7

ports not supported 34-4

resetting to default values 34-48

setting retransmission number 34-46

setting retransmission time 34-45

topologies, supported 34-21

using with port security 34-15

with Critical Authentication 34-12

with Guest VLANs 34-8

with MAC Authentication Bypass 34-9

with VLAN assignment 34-7

port-based QoS features

See QoS

port-channel interfaces

See also EtherChannel

creating 19-6

overview 19-2

port-channel load-balance

command 19-12

command example 19-12

port-channel load-balance command 19-13

port cost (STP)

configuring 17-15

PortFast

and MST 17-23

BPDU filter, configuring 18-9

configuring or enabling 18-16

overview 18-6

PortFast BPDU filtering

and MST 17-23

enabling 18-9

overview 18-9

port numbering with TwinGig Convertors 6-8

port priority

configuring MST instances 17-32

configuring STP 17-13

ports

blocking 41-1

checking status 7-2

dynamic VLAN membership

example 13-25

reconfirming 13-22

forwarding, resuming 41-3

See also interfaces

port security

aging 35-5

and QoS trusted boundary 32-26

configuring 35-7

displaying 35-26

guidelines and restrictions 35-31

on access ports 35-6, 35-21

on private VLAN 35-13

host 35-14

over Layer 2 EtherChannel 35-31

promiscuous 35-15

topology 35-14, 35-17, 35-31

on trunk port 35-16

guidelines and restrictions 35-14, 35-17, 35-20, 35-31

port mode changes 35-21

on voice ports 35-21

RADIUS accounting 34-16

sticky learning 35-5

using with 802.1X 34-15

violations 35-5

with 802.1X Authentication 35-30

with DHCP and IP Source Guard 35-30

with other features 35-31

port states

description 17-5

port trust state

See trust states

power

inline 33-5

power dc input command 10-17

power handling for Supervisor Engine II-TS 11-11

power inline command 11-3

power inline consumption command 11-4, 11-5

power management

Catalyst 4500 series 10-6

Catalyst 4500 Switch power supplies 10-13

Catalyst 4948 series 10-20

configuring combined mode 10-12

configuring redundant mode 10-11

overview 10-1

redundancy 10-6

power management for Catalyst 4500 Switch

combined mode 10-8

redundant mode 10-8

power management limitations in Catalyst 4500 Switch 10-9

power management mode

selecting 10-8

Power-On-Self-Test diagnostics 48-3, 48-14

Power-On-Self-Test for Supervisor Engine V-10GE 48-8

power redundancy-mode command 10-11

power supplies

available power for Catalyst 4500 Switch 10-13

fixed 10-7

variable 10-7, 10-20

primary VLANs 40-2, 40-5

associating with secondary VLANs 40-14

configuring as a PVLAN 40-13

priority

overriding CoS of incoming frames 33-4

priority queuing, QoS on Sup 6-E 32-84

private VLAN

configure port security 35-14

enabling DHCP Snooping 37-11

private VLANs

across multiple switches 40-5

and SVIs 40-10

benefits of 40-2

community ports 40-4

community VLANs 40-3, 40-4

default configuration 40-11

end station access to 40-3

isolated port 40-4

isolated VLANs 40-3, 40-4

ports

community 40-4

isolated 40-4

promiscuous 40-5

primary VLANs 40-2, 40-5

promiscuous ports 40-5

secondary VLANs 40-3

subdomains 40-2

traffic in 40-9

privileged EXEC mode 2-5

privileges

changing default 3-23

configuring levels 3-23

exiting 3-24

logging in 3-24

promiscuous ports

configuring PVLAN 40-15

defined 40-5

setting mode 40-22

protocol timers 17-4

provider edge devices 31-2

pruning, VTP

See VTP pruning

pseudobridges

description 17-25

PVACL 37-16

PVID (port VLAN ID)

and 802.1X with voice VLAN ports 34-18

PVLAN promiscuous trunk port

configuring 40-2, 40-15, 40-19

PVLANs

802.1q support 40-12

across multiple switches 40-5

configuration guidelines 40-11

configure port security 35-13, 35-15, 35-17

configure port security in a wireless setting 35-31

configure port security over Layer 2 EtherChannel 35-31

configuring 40-10

configuring a VLAN 40-13

configuring promiscuous ports 40-15

host ports

configuring a Layer 2 interface 40-16

setting 40-22

overview 40-1

permitting routing, example 40-21

promiscuous mode

setting 40-22

setting

interface mode 40-22

Q

QoS

allocating bandwidth 32-56

and software processed packets 32-16

auto-QoS

configuration and defaults display 32-20

configuration guidelines 32-19

described 32-17

displaying 32-20

effects on NVRAM configuration 32-19

enabling for VoIP 32-19

basic model 32-5

burst size 32-31

classification32-6to 32-10

configuration guidelines 32-25

auto-QoS 32-19

configuring

auto-QoS 32-17

DSCP maps 32-57

dynamic buffer limiting 32-27

traffic shaping 32-56

trusted boundary 32-26

configuring Layer 2 Control Packet QoS, feature interaction 32-64

configuring Layer 2 Control Packet QoS, guidelines 32-64

configuring Layer 2 Control Packet QoS, overview 32-60

configuring UBRL 32-42

configuring VLAN-based on Layer 2 interfaces 32-51

creating named aggregate policers 32-31

creating policing rules 32-32

default auto configuration 32-17

default configuration 32-23

definitions 32-3

disabling on interfaces 32-40

enabling and disabling 32-50

enabling hierarchical policers 32-46

enabling on interfaces 32-40

enabling per-port per-VLAN 32-48

flowcharts 32-8, 32-12

IP phones

automatic classification and queueing 32-17

detection and trusted settings 32-17, 32-26

overview 32-1

overview of per-port per-VLAN 32-16

packet modification 32-16

port-based 32-51

priority 32-15

traffic shaping 32-16

transmit rate 32-56

trust states

trusted device 32-26

VLAN-based 32-51

See also COS; DSCP values; transmit queues

QoS active queue management

tracking queue length 32-14

QoS labels

definition 32-3

QoS mapping tables

CoS-to-DSCP 32-57

DSCP-to-CoS 32-59

policed-DSCP 32-58

types 32-14

QoS marking

description 32-5

QoS on Sup 6-E

Active Queue management via DBL 32-85

active queue management via DBL 32-81, 32-85

classification 32-71

configuring 32-67

configuring the policy map marking action 32-77

hardware capabilities for marking 32-77

hierarchical policies 32-87

how to implement policing 32-72

marking action drivers 32-75

marking network traffic 32-72

MQC-based QoS configuration 32-68

multi-attribute marking support 32-76

platform hardware capabilities 32-70

platform restrictions 32-72

platform-supported classification criteria and QoS features 32-68, 32-69

policing 32-71

policy associations 32-89

prerequisites for applying a service policy 32-70

priority queuing 32-84

restrictions for applying a service policy 32-70

shaping 32-79

sharing(bandwidth) 32-81

sharing(blandwidth), shapring, and priority queuing 32-79

software QoS 32-89

traffic marking procedure flowchart 32-75

QoS policers

burst size 32-31

types of 32-10

QoS policing

definition 32-5

described 32-5, 32-10

QoS policy

attaching to interfaces 32-11

overview of configuration 32-33

QoS service policy

prerequisites 32-70

restrictions for applying 32-70

QoS transmit queues

allocating bandwidth 32-56

burst 32-16

configuring traffic shaping 32-56

mapping DHCP values to 32-55

maximum rate 32-16

overview 32-14

sharing link bandwidth 32-15

QoS transmit queues, configuring 32-54

Quality of service

See QoS

queueing 32-6, 32-14

R

RADIUS server

configure to-Switch communication 34-26

configuring settings 34-28

parameters on the switch 34-26

range command 6-4

range macros

defining 6-5

ranges of interfaces

configuring 6-4

Rapid Spanning Tree

See RSTP

rcommand command 12-12

re-authentication of a client

configuring manual 34-47

enabling periodic 34-42

reduced MAC address 17-2

redundancy

configuring 8-7

guidelines and restrictions 8-6

changes made through SNMP 8-11

NSF-aware support 9-2

NSF-capable support 9-2

overview 8-2

redundancy command 8-8

understanding synchronization 8-5

redundancy (NSF) 9-1

configuring

BGP 9-11

CEF 9-11

EIGRP 9-16

IS-IS 9-14

OSPF 9-13

routing protocols 9-5

redundancy (RPR)

route processor redundancy 8-3

synchronization 8-5

redundancy (SSO)

redundancy command 9-10

route processor redundancy 8-3

synchronization 8-5

related documentation xl

reload command 3-28, 3-29

Remote Network Monitoring

See RMON

replication

description 29-8

report suppression, IGMP

disabling 21-11

reserved-range VLANs

See VLANs

reset command 51-3

resetting an interface to default configuration 6-26

resetting a switch to defaults 3-31

restricting access

NTP services 4-8

TACACS+ 3-15

retransmission number

setting in 802.1X authentication 34-46

retransmission time

changing in 802.1X authentication 34-45

RFC

1157, SNMPv1 45-2

1305, NTP 4-2

1757, RMON 47-2

1901, SNMPv2C 45-2

1902 to 1907, SNMPv2 45-2

2273-2275, SNMPv3 45-2

RIP

description 1-9

RMON

default configuration 47-3

displaying status 47-7

enabling alarms and events 47-4

groups supported 47-2

overview 47-1

ROM monitor

boot process and 3-26

CLI 2-7

commands51-2to 51-3

debug commands 51-5

entering 51-2

exiting 51-6

overview 51-1

root bridge

configuring 17-9

selecting in MST 17-22

root guard

and MST 17-23

enabling 18-2

overview 18-2

routed packets

ACLs 39-32

route-map (IP) command 30-3

route maps

defining 30-3

PBR 30-2

router ACLs

description 39-3

using with VLAN maps 39-31

router ACLs, using PACL with VLAN maps 39-37

route targets

VPN 31-4

Routing Information Protocol

See RIP

RPF

<Emphasis>See Unicast RPF

RSPAN

configuration guidelines 43-16

destination ports 43-5

IDS 43-2

monitored ports 43-4

monitoring ports 43-5

received traffic 43-3

sessions

creating 43-17

defined 43-3

limiting source traffic to specific VLANs 43-23

monitoring VLANs 43-22

removing source (monitored) ports 43-21

specifying monitored ports 43-17

source ports 43-4

transmitted traffic 43-4

VLAN-based 43-5

RSTP

compatibility 17-23

description 17-22

port roles 17-24

port states 17-24

S

SAID

See 802.10 SAID

scheduling 32-14

defined 32-5

overview 32-6

secondary root switch 17-12

secondary VLANs 40-3

associating with primary 40-14

permitting routing 40-21

security

configuring 36-1

Security Association Identifier

See 802.10 SAID

selecting a power management mode 10-8

selecting X2/TwinGig Convertor Mode 6-8

sequence numbers in log messages 44-7

servers, VTP

See VTP servers

service-policy command 32-33

service-policy input command 25-2, 32-40

service-provider networks

and customer VLANs 22-2

set default interface command 30-4

set interface command 30-3

set ip default next-hop command 30-4

set ip next-hop command 30-3

set-request operation 45-4

severity levels, defining in system messages 44-8

shaping, QoS on Sup 6-E 32-79

sharing(bandwidth), QoS on Sup 6-E 32-81

show adjacency command 27-9

show boot command 3-31

show catalyst4000 chassis-mac-address command 17-3

show cdp command 23-2, 23-3

show cdp entry command 23-4

show cdp interface command 23-3

show cdp neighbors command 23-4

show cdp traffic command 23-4

show ciscoview package command 4-33

show ciscoview version command 4-33

show cluster members command 12-12

show configuration command 6-13

show debugging command 23-4

show environment command 10-2

show history command 2-4

show interfaces command 6-18, 6-23, 6-25

show interfaces status command 7-2

show ip cache flow aggregation destination-prefix command 46-12

show ip cache flow aggregation prefix command 46-12

show ip cache flow aggregation source-prefix command 46-12

show ip cache flow command 46-9

show ip cef command 27-8

show ip eigrp interfaces command 26-18

show ip eigrp neighbors command 26-18

show ip eigrp topology command 26-18

show ip eigrp traffic command 26-18

show ip interface command 29-16

show ip local policy command 30-5

show ip mroute command 29-16

show ip pim interface command 29-16

show l2protocol command 22-12

show mac-address-table address command 7-3

show mac-address-table interface command 7-3

show mls entry command 27-8

show module command 7-1, 17-5

show PoE consumed 11-7

show power inline command 11-6

show power inline consumption command 11-5

show power supplies command 10-11

show protocols command 6-23

show running-config command

adding description for an interface 6-13

checking your settings 3-9

displaying ACLs 39-24, 39-27, 39-34, 39-35

show startup-config command 3-10

show users command 7-6

show version command 3-29

shutdown, command 6-24

shutdown threshold for Layer 2 protocol packets 22-9

shutting down

interfaces 6-24

Simple Network Management Protocol

See SNMP

single spanning tree

See SST

slot numbers, description 6-2

Smartports macros

applying global parameter values 16-8

applying macros 16-8

applying parameter values 16-8

configuration guidelines 16-5

configuring 16-2

creating 16-7

default configuration 16-3

defined 16-1

displaying 16-13

tracing 16-6

SNMP

accessing MIB variables with 45-4

agent

described 45-4

disabling 45-7

authentication level 45-10

community strings

configuring 45-7

overview 45-4

configuration examples 45-16

configuration guidelines 45-6

default configuration 45-6

enabling 50-16

engine ID 45-6

groups 45-6, 45-9

host 45-6

informs

and trap keyword 45-11

described 45-5

differences from traps 45-5

enabling 45-14

limiting access by TFTP servers 45-15

limiting system log messages to NMS 44-9

manager functions 45-3

notifications 45-5

overview 45-1, 45-4

status, displaying 45-17

system contact and location 45-15

trap manager, configuring 45-13

traps

described 45-3, 45-5

differences from informs 45-5

enabling 45-11

enabling MAC address notification 4-22

enabling MAC move notification 4-24

enabling MAC threshold notification 4-26

overview 45-1, 45-4

types of 45-11

users 45-6, 45-9

versions supported 45-2

SNMP commands 50-16

SNMPv1 45-2

SNMPv2C 45-2

SNMPv3 45-2

software

upgrading 8-13

software configuration register 3-26

software QoS, on Sup 6-E 32-89

software switching

description 27-5

interfaces 27-6

key data structures used 29-7

SPAN

and ACLs 43-5

configuration guidelines 43-7

configuring43-6to 43-10

destination ports 43-5

IDS 43-2

monitored port, defined 43-4

monitoring port, defined 43-5

received traffic 43-3

sessions

defined 43-3

source ports 43-4

transmitted traffic 43-4

VLAN-based 43-5

SPAN and RSPAN

concepts and terminology 43-3

default configuration 43-6

displaying status 43-25

overview 43-1

session limits 43-6

SPAN enhancements

access list filtering 43-13

configuration example 43-16

CPU port sniffing 43-10

encapsulation configuration 43-12

ingress packets 43-12

packet type filtering 43-15

spanning-tree backbonefast command 18-16

spanning-tree cost command 17-15

spanning-tree guard root command 18-2

spanning-tree portfast bpdu-guard command 18-8

spanning-tree portfast command 18-7

spanning-tree port-priority command 17-13

spanning-tree uplinkfast command 18-12

spanning-tree vlan

command 17-9

command example 17-9

spanning-tree vlan command 17-8

spanning-tree vlan cost command 17-15

spanning-tree vlan forward-time command 17-19

spanning-tree vlan hello-time command 17-17

spanning-tree vlan max-age command 17-18

spanning-tree vlan port-priority command 17-13

spanning-tree vlan priority command 17-17

spanning-tree vlan root primary command 17-10

spanning-tree vlan root secondary command 17-12

speed

configuring interface 6-11

speed command 6-11

SSO

configuring 9-10

SSO operation 9-4

SST

description 17-22

interoperability 17-24

static addresses

See addresses

static routes

configuring 3-11

verifying 3-12

statistics

displaying 802.1X 34-48

displaying PIM 29-20

NetFlow accounting 46-9

SNMP input and output 45-17

sticky learning

configuration file 35-5

defined 35-5

disabling 35-5

enabling 35-5

saving addresses 35-5

sticky MAC addresses

configuring 35-7

defined 35-4

Storm Control

displaying 42-7

enabling Broadcast 42-3

enabling Multicast 42-4

hardware-based, implementing 42-2

overview 42-1

software-based, implementing 42-2

STP

bridge ID 17-2

configuring17-7to 17-20

creating topology 17-4

defaults 17-6

disabling 17-19

enabling 17-7

enabling extended system ID 17-8

enabling Per-VLAN Rapid Spanning Tree 17-20

EtherChannel guard

disabling 18-6

forward-delay time 17-18

hello time 17-17

Layer 2 protocol tunneling 22-7

maximum aging time 17-18

overview 17-1, 17-3

per-VLAN rapid spanning tree 17-6

port cost 17-15

port priority 17-13

root bridge 17-9

stratum, NTP 4-2

stub routing (EIGRP)

benefits 26-17

configuration tasks 26-17

configuring 26-13

overview 26-12, 26-13

restrictions 26-17

verifying 26-18

subdomains, private VLAN 40-2

summer time 4-13

supervisor engine

accessing the redundant 8-15

configuring3-8to 3-13

copying files to standby 8-15

default configuration 3-1

default gateways 3-11

environmental monitoring 10-1

redundancy 9-1

ROM monitor 3-26

startup configuration 3-25

static routes 3-11

synchronizing configurations 8-11

Supervisor Engine II-TS

insufficient inline power handling 10-18, 11-11

SVI Autostate Exclude

understanding 26-3

SVI Autostate exclude

configuring 26-7

switched packets

and ACLs 39-31

Switched Port Analyzer

See SPAN

switching, NetFlow

checking for required hardware 46-6

configuration (example) 46-13

configuring switched IP flows 46-8

enabling Collection 46-7

exporting cache entries 46-9

switchport

show interfaces 6-18, 6-25

switchport access vlan command 15-6, 15-8

switchport block multicast command 41-2

switchport block unicast command 41-2

switchport mode access command 15-8

switchport mode dot1q-tunnel command 22-6

switchport mode dynamic command 15-6

switchport mode trunk command 15-6

switch ports

See access ports

switchport trunk allowed vlan command 15-6

switchport trunk encapsulation command 15-6

switchport trunk encapsulation dot1q command 15-3

switchport trunk encapsulation isl command 15-3

switchport trunk encapsulation negotiate command 15-3

switchport trunk native vlan command 15-6

switchport trunk pruning vlan command 15-7

switch-to-RADIUS server communication

configuring 34-26

sysret command 51-5

system

reviewing configuration 3-10

settings at startup 3-27

system alarms

on Sup 2+ to V-10GE 10-5

on Sup 6-E 10-5

overview 10-4

system clock

configuring

daylight saving time 4-13

manually 4-11

summer time 4-13

time zones 4-12

displaying the time and date 4-12

overview 4-2

See also NTP

system images

loading from Flash memory 3-30

modifying boot field 3-27

specifying 3-30

system message logging

default configuration 44-3

defining error message severity levels 44-8

disabling 44-4

displaying the configuration 44-12

enabling 44-4

facility keywords, described 44-11

level keywords, described 44-8

limiting messages 44-9

message format 44-2

overview 44-1

sequence numbers, enabling and disabling 44-7

setting the display destination device 44-4

synchronizing log messages 44-5

timestamps, enabling and disabling 44-7

UNIX syslog servers

configuring the daemon 44-10

configuring the logging facility 44-11

facilities supported 44-11

system MTU

802.1Q tunneling 22-5

maximums 22-5

system name

default configuration 4-15

default setting 4-15

manual configuration 4-15

See also DNS

system prompt, default setting 4-14, 4-15

T

TACACS+ 36-1

accounting, defined 3-16

authentication, defined 3-16

authorization, defined 3-16

configuring

accounting 3-21

authentication key 3-18

authorization 3-21

login authentication 3-19

default configuration 3-18

displaying the configuration 3-22

identifying the server 3-18

limiting the services to the user 3-21

operation of 3-17

overview 3-15

tracking services accessed by user 3-21

tagged packets

802.1Q 22-3

Layer 2 protocol 22-7

TCAM programming algorithm

changing 39-9

TCAM programming algorithm, overview 39-7

TCAM programming and ACLs 39-10, 39-12

for Sup II-Plust thru V-10GE 39-6

TCAM programming and ACLs for Sup 6-E 39-15

TCAM region, changing the algorithm 39-9

TCAM region, resizing 39-10

TDR

checking cable connectivity 7-3

enabling and disabling test 7-3

guidelines 7-3

Telnet

accessing CLI 2-2

disconnecting user sessions 7-6

executing 7-5

monitoring user sessions 7-6

telnet command 7-5

Terminal Access Controller Access Control System Plus

See TACACS+

TFTP

configuration files in base directory 3-4

configuring for autoconfiguration 3-4

limiting access by servers 45-15

TFTP download

See also console download

time

See NTP and system clock

Time Domain Reflectometer

See TDR

time exceeded messages 7-8

timer

See login timer

timestamps in log messages 44-7

time zones 4-12

Token Ring

media not supported (note) 13-5, 13-9

Topology change notification processing

MLD Snooping

Topology change notification processing 21-5

TOS

description 32-4

trace command 7-9

traceroute

See IP traceroute

See Layer 2 Traceroute

traceroute mac command 7-10

traceroute mac ip command 7-10

traffic

blocking flooded 41-2

traffic control

using ACLs (figure) 39-4

using VLAN maps (figure) 39-5

traffic marking procedure flowchart 32-75

traffic shaping 32-16

translational bridge numbers (defaults) 13-4

transmit queues

See QoS transmit queues

transmit rate 32-56

traps

configuring MAC address notification 4-22

configuring MAC move notification 4-24

configuring MAC threshold notification 4-26

configuring managers 45-11

defined 45-3

enabling 4-22, 4-24, 4-26, 45-11

notification types 45-11

overview 45-1, 45-4

troubleshooting

with CiscoWorks 45-4

with system message logging 44-1

with traceroute 7-8

troubleshooting high CPU due to ACLs 39-12

trunk ports

configure port security 35-16

configuring PVLAN40-17to 40-19

trunks

802.1Q restrictions 15-5

configuring 15-6

configuring access VLANs 15-6

configuring allowed VLANs 15-6

default interface configuration 15-6

different VTP domains 15-3

enabling to non-DTP device 15-4

encapsulation 15-3

specifying native VLAN 15-6

understanding 15-3

trusted boundary for QoS 32-26

Trust State of interfaces, configuring

trust states

configuring 32-52

tunneling

defined 22-1

tunnel ports

802.1Q, configuring 22-6

described 22-2

incompatibilities with other features 22-5

TwinGig Convertors

limitations on using 6-8

port numbering 6-8

selecting X2/TwinGig Convertor mode 6-8

type of service

See TOS

U

UDLD

default configuration 24-2

disabling 24-3

enabling 24-3

overview 24-1

unauthorized ports with 802.1X 34-4

unicast

See IP unicast

unicast flood blocking

configuring 41-1

unicast MAC address filtering

and adding static addresses 4-29

and broadcast MAC addresses 4-28

and CPU packets 4-29

and multicast addresses 4-28

and router MAC addresses 4-28

configuration guidelines 4-28

described 4-28

unicast MAC address filtering, configuring

ACLs

configuring unicast MAC address filtering 39-19

Unicast RPF (Unicast Reverse Path Forwarding)

applying 28-5

BGP attributes

caution 28-4

CEF

requirement 28-2

tables 28-7

configuring 28-9

(examples)??to 28-12

BOOTP 28-8

DHCP 28-8

enterprise network (figure) 28-6

prerequisites 28-9

routing table requirements 28-7

tasks 28-9

verifying 28-10

deploying 28-5

description 28-2

disabling 28-11

enterprise network (figure) 28-6

FIB 28-2

implementing 28-4

maintaining 28-10

monitoring 28-10

packets, dropping (figure) 28-4

prerequisites 28-9

restrictions

basic 28-8

routing asymmetry 28-7

routing asymmetry (figure) 28-8

routing table requirements 28-7

security policy

applying 28-5

attacks, mitigating 28-5

deploying 28-5

tunneling 28-5

source addresses, validating 28-3

(figure) 28-3, 28-4

failure 28-3

traffic filtering 28-5

tunneling 28-5

validation

failure 28-3, 28-4

packets, dropping 28-3

source addresses 28-3

verifying 28-10

unicast traffic

blocking 41-2

unidirectional ethernet

enabling 25-2

example of setting 25-2

overview 25-1

UniDirectional Link Detection Protocol

See UDLD

UNIX syslog servers

daemon configuration 44-10

facilities supported 44-11

message logging configuration 44-11

UplinkFast

and MST 17-23

enabling 18-16

MST and 17-23

overview 18-11

User Based Rate Limiting

configuring 32-42

overview 32-42

user EXEC mode 2-5

user sessions

disconnecting 7-6

monitoring 7-6

using PACL with access-group mode 39-35

V

VACLs

Layer 4 port operations 39-15

virtual configuration register 51-3

virtual LANs

See VLANs

Virtual Private Network

See VPN

VLAN ACLs

See VLAN maps

VLAN-based QoS on Layer 2 interfaces, configuring 32-51

vlan command 13-6

vlan dot1q tag native command 22-4

VLAN ID, discovering 4-30

VLAN Management Policy Server

See VMPS

VLAN maps

applying to a VLAN 39-27

configuration example 39-28

configuration guidelines 39-23

configuring 39-23

creating and deleting entries 39-24

defined 39-3

denying access example 39-29

denying packets 39-24

displaying 39-30

order of entries 39-24

permitting packets 39-24

router ACLs and 39-31

using (figure) 39-5

using in your network 39-27

VLAN maps, PACL and Router ACLs 39-37

VLANs

allowed on trunk 15-6

configuration guidelines 13-3

configuring 13-5

customer numbering in service-provider networks 22-3

default configuration 13-4

description 1-5

extended range 13-3

IDs (default) 13-4

interface assignment 13-7

limiting source traffic with RSPAN 43-23

monitoring with RSPAN 43-22

name (default) 13-4

normal range 13-3

overview 13-1

reserved range 13-3

See also PVLANs

VLAN Trunking Protocol

See VTP

VLAN trunks

overview 15-3

VMPS

configuration file example 13-28

configuring dynamic access ports on client 13-21

configuring retry interval 13-23

database configuration file 13-28

dynamic port membership

example 13-25

reconfirming 13-22

reconfirming assignments 13-22

reconfirming membership interval 13-22

server overview 13-17

VMPS client

administering and monitoring 13-23

configure switch

configure reconfirmation interval 13-22

dynamic ports 13-21

entering IP VMPS address 13-20

reconfirmation interval 13-23

reconfirm VLAM membership 13-22

default configuration 13-20

dynamic VLAN membership overview 13-19

troubleshooting dynamic port VLAN membership 13-24

VMPS server

fall-back VLAN 13-18

illegal VMPS client requests 13-19

overview 13-17

security modes

multiple 13-18

open 13-17

secure 13-18

voice interfaces

configuring 33-1

Voice over IP

configuring 33-1

voice ports

configuring VVID 33-3

voice traffic 11-2, 33-5

voice VLAN

IP phone data traffic, described 33-2

IP phone voice traffic, described 33-2

voice VLAN ports

using 802.1X 34-18

VPN

configuring routing in 31-6

forwarding 31-4

in service provider networks 31-1

routes 31-2

routing and forwarding table

See VRF

VRF

defining 31-4

tables 31-1

VTP

configuration guidelines 13-11

configuring13-12to 13-16

configuring transparent mode 13-15

default configuration 13-12

disabling 13-15

Layer 2 protocol tunneling 22-7

monitoring 13-16

overview 13-7

See also VTP version 2

VTP advertisements

description 13-9

VTP clients

configuring 13-14

VTP domains

description 13-8

VTP modes 13-8

VTP pruning

enabling 13-13

overview 13-10

VTP servers

configuring 13-14

VTP statistics

displaying 13-16

VTP version 2

enabling 13-13

overview 13-9

See also VTP

VTY and Network Assistant 12-11

VVID (voice VLAN ID)

and 802.1X authentication 34-18

configuring 33-3

W

Wake-on-LAN

configure with 802.1X 34-39

WCCP

configuration examples 49-9

configuring on a router 49-2, 49-10

features 49-4

restrictions 49-5

service groups 49-6

Web Cache Communication Protocol

See WCCP xxxix, 49-1

web caches

See cache engines

web cache services

description 49-4

web caching

See web cache services

See also WCCP

web scaling 49-1