Catalyst 4500 Series Switch Software Configuration Guide, Release IOS XE 3.4.xSG and IOS 15.1(2)SGx
Index
Downloads: This chapterpdf (PDF - 1.51MB) The complete bookPDF (PDF - 19.02MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - Y -

Index

Numerics

10/100 autonegotiation feature, forced 8-20

10-Gigabit Ethernet or Gigabit Ethernet ports

deploy on WS-X4606-10GE-E and Sup 6-E 8-13

10-Gigabit Ethernet port

deploy with Gigabit Ethernet SFP ports 8-12, 8-13

1400 W DC Power supply

special considerations 13-18

1400 W DC SP Triple Input power supply

special considerations 13-19

802.10 SAID (default) 16-5

802.1AE

standard 44-2

802.1Q

trunks 21-6

tunneling

compatibility with other features 28-5

defaults 28-3

described 28-2

tunnel ports with other features 28-6

802.1Q VLANs

trunk restrictions 18-4

802.1s

See MST

802.1w

See MST

802.1X

See port-based authentication

802.1X authentication

Authentication Failed VLAN assignment 45-17

for Critical Authentication 45-14

for guest VLANs 45-11

for MAC Authentication Bypass 45-12

for Unidirectional Controlled Port 45-15

VLAN User Distribution 45-16

web-based authentication 45-14

with port security 45-19

with VLAN assignment 45-10

with voice VLAN ports 45-22

802.1X Host Mode 45-6

multiauthentication mode 45-8

multidomain authentication mode 45-7

single-host 45-7

802.1x-REV 44-2

802.3ad

See LACP

A

AAA 49-1

AAA (authentication, authorization, and accounting). See also port-based authentication. 47-2

abbreviating commands 2-5

about Wireshark 57-2

access control entries

See ACEs

access control entries and lists 49-1

access-group mode, configuring on Layer 2 interface 52-31

access-group mode, using PACL with 52-30

access list filtering, SPAN enhancement 56-13

access lists

using with WCCP 70-8

access ports

and Layer 2 protocol tunneling 28-15

configure port security 48-7, 48-22

configuring 18-7

access VLANs 18-5

accounting

with RADIUS 45-107

with TACACS+ 3-16, 3-21

ACEs

ACLs 52-2

IP 1-39, 52-2

Layer 4 operation restrictions 52-10

ACEs and ACLs 49-1

ACL assignments, port-based authentication 45-20

ACL assignments and redirect URLs, configure 45-38

ACL configuration, displaying a Layer 2 interface 52-32

ACLs

ACEs 52-2

and SPAN 56-5

and TCAM programming for Sup 6-E 52-10

and TCAM programming for Sup II-Plus thru V-10GE 52-6

applying IPv6 ACLs to a Layer 3 interface 52-17

applying on routed packets 52-26

applying on switched packets 52-25

compatibility on the same switch 52-3

configuring with VLAN maps 52-25

CPU impact 52-12

downloadable 47-7

hardware and software support 52-6

IP, matching criteria for port ACLs 52-4

MAC extended 52-14

matching criteria for router ACLs 52-3

port

and voice VLAN 52-4

defined 52-3

processing 52-12

selecting mode of capturing control packets 52-7

troubleshooting high CPU 52-6

types supported 52-3

understanding 52-2

VLAN maps 52-5

ACLs, applying to a Layer 2 interface 52-31

ACLs and VLAN maps, examples 52-19

acronyms, list of A-1

action drivers, marking 41-21, 41-55

activating and deactivating a capture point, Wireshark 57-10

activating and deactivating Wiresharkcapture points, conceptual, Wireshark 57-6

active queue management 41-9

active queue management via DBL, QoS on Sup 6-E 41-34, 41-68

active traffic monitoring, IP SLAs 67-1

adding members to a community 15-9

addresses

displaying the MAC table 4-37

dynamic

changing the aging time 4-23

defined 4-21

learning 4-22

removing 4-24

IPv6 53-2

MAC, discovering 4-37

See MAC addresses

static

adding and removing 4-29

defined 4-21

address resolution 4-37

adjacency tables

description 34-2

displaying statistics 34-9

administrative VLAN

REP, configuring 23-9

administrative VLAN, REP 23-8

advertisements

LLDP 1-7, 30-2

advertisements, VTP

See VTP advertisements

aggregation switch, enabling DHCP snooping 51-9

aging time

MAC address table 4-23

All Auth manager sessions, displaying summary 45-122

All Auth manager sessions on the switch authorized for a specified authentication method 45-122

ANCP client

enabling and configuring 37-2

guidelines and restrictions 37-5

identify a port with DHCP option 82 37-4

identify a port with protocol 37-2

overview 37-1

ANCP protocol

identifying a port with 37-2

applying IPv6 ACLs to a Layer 3 interface 52-17

AQM via DBL, QoS on Sup 6-E 41-34, 41-68

archiving crashfiles information 2-8

ARP

defined 4-37

table

address resolution 4-37

managing 4-37

asymmetrical links, and 802.1Q tunneling 28-3

attachment points, Wireshark 57-2

attributes, RADIUS

vendor-proprietary 45-110

vendor-specific 45-108

authentication

NTP associations 4-4

RADIUS

key 45-100

login 45-102

See also port-based authentication

TACACS+

defined 3-16

key 3-18

login 3-19

Authentication, Authorization, and Accounting (AAA) 49-1

Authentication Failed, configuring 80.1X 45-68

Authentication methods registered with the Auth manager, determining 45-121

authentication open comand 45-8

authentication proxy web pages 47-4

authentication server

defined 45-3

RADIUS server 45-3

Auth manager session for an interface, verifying 45-122

Auth manager summary, displaying 45-122

authoritative time source, described 4-2

authorization

with RADIUS 45-106

with TACACS+ 3-16, 3-21

authorized and unauthorized ports 45-5

authorized ports with 802.1X 45-5

autoconfiguration 3-2

automatic discovery

considerations 15-7

Auto-MDIX on a port

configuring 8-30

displaying the configuration 8-31

overview 8-29

autonegotiation feature

forced 10/100Mbps 8-20

Auto SmartPorts built-in macros

configuring parameters 20-6

Auto SmartPorts macros

built-in macros 20-5

configuration guidelines 20-5

default configuration 20-4

defined 20-1

displaying 20-13

enabling 20-4

IOS shell 20-2, 20-10

Auto Smartports macros

defined 1-2

Auto SmartPorts user-defined macros

configuring 20-10

auto-sync command 10-8, 11-7

Auto SmartPorts macros

See also SmartPorts macros

Auto Smartports macros

See also Smartports macros

B

Baby Giants

interacting with 8-28

BackboneFast

adding a switch (figure) 24-3

and MST 21-23

configuring 24-15

link failure (figure) 24-14, 24-15

not supported MST 21-23

understanding 24-13

See also STP

banners

configuring

login 4-20

message-of-the-day login 4-18

default configuration 4-18

when displayed 4-17

b command 72-3

BFD

and hardware support 38-7

configuration example

BFD in a BGP network 38-25

BFD in an EIGRP network with echo mode enabled by default 38-17

BFD in an OSPF network 38-21

support for static routing 38-27

configuring

Echo mode 38-14

session parameters on the interface 38-8

Slow timer 38-15

support for BGP 38-8

support for dynamic routing protocols 38-8

support for EIGRP 38-9

support for OSPF 38-10

support for static routing 38-13

disabling echo mode without asymmetry 38-16

monitoring and troubleshooting 38-16

neighbor relationships 38-3

operation 38-2

prerequisites 38-2

restrictions 38-2

b flash command 72-3

BGP 1-17

routing session with multi-VRF CE 40-12

blocking packets 54-1

blocking state (STP)

RSTP comparisons (table) 21-24

Boolean expressions in tracked lists 58-4

boot bootldr command 3-31

boot command 3-28

boot commands 72-3

boot fields

See configuration register boot fields

bootstrap program

See ROM monitor

boot system command 3-26, 3-31

boot system flash command 3-28

Border Gateway Protocol

See BGP

boundary ports

description 21-27

BPDU Guard

and MST 21-23

configuring 24-15

overview 24-8

BPDUs

and media speed 21-2

pseudobridges and 21-25

what they contain 21-3

bridge ID

See STP bridge ID

bridge priority (STP) 21-17

bridge protocol data units

See BPDUs

Broadcast Storm Control

disabling 55-5

enabling 55-3

Built-in macros and user-defined triggers, configuring mapping 20-9

C

cache engine clusters 70-1

cache engines 70-1

cache farms

See cache engine clusters

Call Home

description 1-23, 66-2

message format options 66-2

messages

format options 66-2

call home 66-1

alert groups 66-6

configuring e-mail options 66-9

contact information 66-4

default settings 66-18

destination profiles 66-5

displaying information 66-14

mail-server priority 66-10

pattern matching 66-9

periodic notification 66-8

rate limit messages 66-9

severity threshold 66-8

smart call home feature 66-2

SMTP server 66-9

testing communications 66-10

call home alert groups

configuring 66-6

description 66-6

subscribing 66-7

call home contacts

assigning information 66-4

call home destination profiles

attributes 66-5

configuring 66-5

description 66-5

displaying 66-16

call home notifications

full-txt format for syslog 66-25

XML format for syslog 66-28

candidates

automatic discovery 15-7

candidate switch, cluster

defined 15-12

capture filter, Wireshark 57-3

capture points, Wireshark 57-2

Capturing control packets

selecting mode 52-7

cautions

Unicast RPF

BGP optional attributes 35-4

cautions for passwords

encrypting 3-22

CDP

automatic discovery in communities 15-7

configuration 29-2

defined with LLDP 30-1

displaying configuration 29-3

enabling on interfaces 29-3

host presence detection 45-8

Layer 2 protocol tunneling 28-13

maintaining 29-3

monitoring 29-3

overview 1-3, 29-1

cdp enable command 29-3

CEF

adjacency tables 34-2

and NSF with SSO 12-5

configuring load balancing 34-7

displaying statistics 34-8

enabling 34-6, 69-2

hardware switching 34-4

load balancing 34-6

overview 34-2

software switching 34-4

certificate authority (CA) 66-3

CFM

and Ethernet OAM, configuring 64-51

and Ethernet OAM interaction 64-51

clearing 64-31

configuration guidelines 64-7, 65-4

configuring crosscheck for VLANs 64-11

configuring fault alarms 64-16

configuring port MEP 64-14

configuring static remote MEP 64-13, 64-16, 64-18

crosscheck 64-5

defined 64-2

EtherChannel support 64-7, 65-4

fault alarms

configuring 64-16

IP SLAs support for 64-6

IP SLAs with endpoint discovers 64-21

maintenance domain 64-2

manually configuring IP SLAs ping or jitter 64-19

measuring network performance 64-6

monitoring 64-32, 64-33

port MEP, configuring 64-14

remote MEPs 64-5

static RMEP, configuring 64-13, 64-16, 64-18

static RMEP check 64-5

Y.1731

described 64-27

CGMP

overview 26-1

Change of Authorization, RADIUS 45-93

channel-group group command 25-8, 25-10

Cisco 7600 series Internet router

enabling SNMP 71-4, 71-5

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco IOS IP SLAs 67-2

Cisco IOS NSF-aware

support 12-2

Cisco IOS NSF-capable support 12-2

Cisco IP Phones

configuring 42-3

sound quality 42-1

Cisco TrustSec

credentials 44-10

switch-to-switch security

802.1x mode 44-11

configuration example 44-13

manual mode 44-12

Cisco TrustSec Network Device Admission Control

See NDAC

CiscoWorks 2000 61-4

CIST

description 21-22

civic location 30-3

class level, configure in a service policy 41-31, 41-65

class of service

See CoS

clear cdp counters command 29-4

clear cdp table command 29-3

clear counters command 8-35

clearing

Ethernet CFM 64-31

IP multicast table entries 36-28

clear ip eigrp neighbors command 33-19

CLI

accessing 2-2

backing out one level 2-5

getting commands 2-5

history substitution 2-4

managing clusters 15-13

modes 2-5

monitoring environments 56-1

ROM monitor 2-7

software basics 2-4

client processes, tracking 58-1

clients

in 802.1X authentication 45-3

clock

See system clock

clustering switches

command switch characteristics

and VTY 15-12

convert to a community 15-10

managing

through CLI 15-13

overview 15-2

planning considerations

CLI 15-13

passwords 15-8

CoA Request Commands 45-96

command-line processing 2-3

command modes 2-5

commands

b 72-3

b flash 72-3

boot 72-3

confreg 72-3

dev 72-3

dir device 72-3

frame 72-5

i 72-3

listing 2-5

meminfo 72-5

reset 72-3

ROM monitor72-2to 72-3

ROM monitor debugging 72-5

SNMP 71-4

sysret 72-5

command switch, cluster

requirements 15-11

common and internal spanning tree

See CIST

common spanning tree

See CST

community of switches

access modes in Network Assistant 15-9

adding devices 15-9

communication protocols 15-8

community name 15-8

configuration information 15-9

converting from a cluster 15-10

host name 15-8

passwords 15-8

community ports 43-3

community strings

configuring 61-7

overview 61-4

community VLANs 43-2, 43-3

configure as a PVLAN 43-15

compiling MIBs 71-4

config-register command 3-29

config terminal command 3-9

configurable leave timer,IGMP 26-4

configuration examples

SNMP 61-15

configuration files

limiting TFTP server access 61-15

obtaining with DHCP 3-6

saving 3-10

system contact and location information 61-14

configuration guidelines

CFM 64-7, 65-4

Ethernet OAM 64-35

REP 23-7

SNMP 61-6

VLAN mapping 28-10

configuration register

boot fields

listing value 3-29

modifying 3-28

changing from ROM monitor 72-3

changing settings3-28to 3-29

configuring 3-26

settings at startup 3-27

configure class-level queue-limit in a service policy 41-31, 41-65

configure terminal command 3-29, 8-2

configuring access-group mode on Layer 2 interface 52-31

configuring flow control 8-22

configuring interface link and trunk status envents 8-36

configuring named IPv6 ACLs 52-16

configuring named MAC extended ACLs 52-14, 52-15

configuring unicast MAC address filtering 52-13

configuring VLAN maps 52-17

confreg command 72-3

Connectivity Fault Management

See CFM

console configuration mode 2-5

console download72-4to 72-5

console port

disconnecting user sessions 9-8

monitoring user sessions 9-7

contact information

assigning for call home 66-4

controlling switch access with RADIUS 45-91

Control Plane Policing

and Layer 2 Control packet QoS, configuration example 49-14

configuration guidelines and restrictions 49-8

configuring for control plane traffic 49-4

configuring for data plane and management plan traffic 49-5

defaults 49-4

general guidelines 49-3

monitoring 49-9

understanding 49-2

control protocol, IP SLAs 67-4

convergence

REP 23-4

copy running-config startup-config command 3-10

copy system:running-config nvram:startup-config command 3-32

core system filter, Wireshark 57-3

CoS

definition 41-4

figure 41-2

overriding on Cisco IP Phones 42-5

priority 42-5

counters

clearing MFIB 36-28

clearing on interfaces 8-35

CPU, impact of ACL processing 52-12

CPU port sniffing 56-10

crashfiles information, archiving 2-8

Critical Authentication

configure with 802.1X 45-60

crosscheck, CFM 64-5, 64-11

CST

description 21-25

IST and 21-22

MST and 21-22

customer edge devices 40-2

C-VLAN 1-2, 28-7

D

database agent

configuration examples 51-15

enabling the DHCP Snooping 51-13

daylight saving time 4-13

debug commands, ROM monitor 72-5

decoding and displaying packets, Wireshark 57-5

default configuration

802.1X 45-27

banners 4-18

DNS 4-16

Ethernet OAM 64-35

IGMP filtering 26-20

IGMP snooping 27-5, 27-6

IP SLAs 67-6

IPv6 53-7

Layer 2 protocol tunneling 28-16

LLDP 30-5

MAC address table 4-23

multi-VRF CE 40-3

NTP 4-4

private VLANs 43-12

RADIUS 45-99

REP 23-7

resetting the interface 8-39

RMON 68-3

SNMP 61-5

SPAN and RSPAN 56-6

system message logging 59-3

TACACS+ 3-18

VLAN mapping 28-9

Y.1731 64-29

default gateway

configuring 3-11

verifying configuration 3-11

default settings, erase commad 3-32

default web-based authentication configuration

802.1X 47-6

defining/modifying/deleting a capture point, Wireshark 57-8

denial-of-service attacks

IP address spoofing, mitigating 35-5

Unicast RPF, deploying 35-5

denying access to a server on another VLAN 52-23

deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports 8-12, 8-13

deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports on WS-X4606-10GE-E and Sup 6-E 8-13

description command 8-22

dev command 72-3

device discovery protocol 30-1

device IDs

call home format 66-21, 66-22

device sensor

configuring 45-114

DHCP

configuring

rate limit for incoming packets 51-13

denial-of-service attacks, preventing 51-13

rate limiting of packets

configuring 51-13

DHCP-based autoconfiguration

client request message exchange 3-3

configuring

client side 3-3

DNS 3-5

relay device 3-5

server-side 3-4

TFTP server 3-4

example 3-7

lease options

for IP address information 3-4

for receiving the configuration file 3-4

overview 3-2

relationship to BOOTP 3-3

DHCP option 82

identifying a port with 37-4

overview 51-4

DHCP Snooping

enabling, and Option 82 51-10

DHCP snooping

accepting untrusted packets form edge switch 51-10

configuring 51-6

default configuration 51-7

displaying binding tables 51-19

displaying configuration 51-19

displaying information 51-18

enabling 51-7

enabling on private VLAN 51-12

enabling on the aggregation switch 51-9

enabling the database agent 51-13

message exchange process 51-4

monitoring 51-23

option 82 data insertion 51-4

overview 51-1

Snooping database agent 51-2

DHCP Snooping Database Agent

adding to the database (example) 51-18

enabling (example) 51-15

overview 51-2

reading from a TFTP file (example) 51-17

Diagnostics

online 69-1

Power-On-Self-Test

causes of failure 69-20

how it works 69-10

overview 69-10

Power-On-Self-Test for Supervisor Engine V-10GE 69-13

Differentiated Services Code Point values

See DSCP values

DiffServ architecture, QoS 41-2

Digital optical monitoring transceiver support 8-18

dir device command 72-3

disabled state

RSTP comparisons (table) 21-24

disabling

broadcast storm control 55-5

disabling multicast storm control 55-5

disconnect command 9-8

discovery, clusters

See automatic discovery

discovery, Ethernet OAM 64-34

display dection and removal events 14-7

display filter, Wireshark 57-4

displaying

Auth Manager sumary for an interface 45-122

MAB details 45-124

summary of all Auth manager sessions 45-122

summary of all Auth manager sessions on the switch authorized for a specified authentication method 45-122

displaying EtherChannel to a Virtual Switch System 25-16

displaying storm control 55-6

displaying Wireshark information 57-14

display PoE consumed by a module 14-8

display PoE detection and removal events 14-7

DNS

and DHCP-based autoconfiguration 3-5

default configuration 4-16

displaying the configuration 4-17

overview 4-15

setting up 4-16

domain names

DNS 4-15

Domain Name System

See DNS

double-tagged packets

802.1Q tunneling 28-2

Layer 2 protocol tunneling 28-15

downloading MIBs 71-3, 71-4

drop threshold for Layer 2 protocol packets 28-16

DSCP values

definition 41-4

IP precedence 41-2

duplex command 8-21

duplex mode

configuring interface 8-19

dynamic ARP inspection

ARP cache poisoning 50-2

configuring

ACLs for non-DHCP environments 50-11

in DHCP environments 50-5

log buffer 50-14

rate limit for incoming ARP packets 50-16

denial-of-service attacks, preventing 50-16

interface trust state, security coverage 50-3

log buffer

configuring 50-14

logging of dropped packets 50-4

overview 50-1

port channels, their behavior 50-5

priority of static bindings 50-4

purpose of 50-2

rate limiting of ARP packets 50-4

configuring 50-16

validation checks, performing 50-19

Dynamic Host Configuration Protocol snooping

See DHCP snooping

dynamic port VLAN membership

example 16-29

limit on hosts 16-29

reconfirming 16-26

troubleshooting 16-29

E

EAP frames

changing retransmission time 45-81

exchanging (figure) 45-4, 45-6, 45-13

request/identity 45-4

response/identity 45-4

setting retransmission number 45-82

EAPOL frames

802.1X authentication and 45-3

OTP authentication, example (figure) 45-4, 45-13

start 45-4

Echo mode,configuring BFD 38-14

edge ports

description 21-27

EGP

overview 1-17

EIGRP

configuration examples 33-19

monitoring and maintaining 33-19

EIGRP (Enhanced IGRP)

stub routing

benefits 33-17

configuration tasks 33-18

configuring 33-14

overview 33-14

restrictions 33-17

verifying 33-18

EIGRP (enhanced IGRP)

overview 1-17

eigrp stub command 33-18

EIGRP stub routing, configuring 33-13

ELIN location 30-3

e-mail addresses

assigning for call home 66-4

e-mail notifications

Call Home 1-23, 66-2

Embedded CiscoView

displaying information 4-41

installing and configuring 4-38

overview 4-38

emergency alarms on Sup Engine 6-E systems 13-4

enable command 3-9, 3-28

enable mode 2-5

enabling SNMP 71-4, 71-5

encryption keying 44-2

encryption keys, MKA 44-2

Enhanced Interior Gateway Routing Protocol

See EIGRP

enhanced object tracking

defined 58-1

IP routing state 58-2

line-protocol state 58-2

tracked lists 58-3

Enhanced PoE support on E-series 14-15

Enhanced PoE support on E-series,configuring Universal PoE 14-16

environmental monitoring

using CLI commands 13-1

EPM logging 45-125

errdisable recovery

configuring 14-14

EtherChannel

channel-group group command 25-8, 25-10

configuration guidelines 5-29, 25-5

configuring25-6to 25-16

configuring (tasks) 5-29

configuring Layer 2 25-10

configuring Layer 3 25-7

DFC restriction, see CSCdt27074 in the Release Notes

displaying to a virtual switch system 25-16

interface port-channel command 25-7

lacp system-priority

command example 25-13

modes 25-3

overview 25-2

PAgP

Understanding 25-4

physical interface configuration 25-7

port-channel interfaces 25-2

port-channel load-balance command 25-14

removing 25-15

removing interfaces 25-15

understanding 5-2

EtherChannel guard

disabling 24-6

enabling 24-6

overview 24-6

Ethernet management port

and routing 8-6

and routing protocols 8-6

configuring 8-10

default setting 8-6

described 1-29, 8-6

for network management 1-29, 8-6

specifying 8-10

supported features 8-10

unsupported features 8-10

Ethernet management port, internal

and routing protocols 8-6

Ethernet Management Port, using 8-6

Ethernet OAM 64-34

and CFM interaction 64-51

configuration guidelines 64-35

configuring with CFM 64-51

default configuration 64-35

discovery 64-34

enabling 64-36, 64-52

link monitoring 64-34, 64-38

messages 64-34

protocol

defined 64-33

monitoring 64-49

remote failure indications 64-34

remote loopback 64-34, 64-37

templates 64-45

Ethernet OAM protocol CFM notifications 64-51

Ethernet Remote Defect Indication (ETH-RDI) 64-28

event triggers, user-defined

configuring, 802.1X-based 20-8

configuring, MAC address-based 20-9

explicit host tracking

enabling 26-11

extended range VLANs

See VLANs

Extensible Authentication Protocol over LAN 45-2

Exterior Gateway Protocol

See EGP

F

Fa0 port

See Ethernet management port

Failure detection, using BFD 38-6

Fallback Authentication

configure with 802.1X 45-73

FastDrop

overview 36-11

fastethernet0 port

See Ethernet management port

fast link notification

on VSL failure 5-14

Fast UDLD

configuring probe message interval 31-8

default configuration 31-4

displaying link status 31-9

enabling globally 31-5

enabling on individual interface 31-7

enabling per-interface 31-6

modes of operation 31-3

resetting disabled LAN interfaces 31-8

use case 31-2

Fast UDLD, overview 31-1

feature interactions, Wireshark 57-6

FIB

description 34-2

See also MFIB

fiber-optics interfaces

disabling UDLD 31-7

Filter-ID ACL and Per-User ACL, configureport-based authentication

configure Per-User ACL and Filter-ID ACL 45-44

filtering

in a VLAN 52-17

non-IP traffic 52-14, 52-15

filters, Wireshark 57-3

flags 36-12

Flash memory

configuring router to boot from 3-31

loading system images from 3-30

security precautions 3-31

Flexible NetFlow

caveats 63-1, 63-7

defined 1-4, 63-1

Flex Links

configuration guidelines 22-6

configuring 22-6, 22-7

configuring preferred VLAN 22-9

configuring VLAN load balancing 22-8

monitoring 22-12

flooded traffic, blocking 54-2

flowchart, traffic marking procedure 41-21, 41-55

flow control, configuring 8-22

For 14-13

forward-delay time (STP)

configuring 21-19

forwarding information base

See FIB

frame command 72-5

G

gateway

See default gateway

get-bulk-request operation 61-3

get-next-request operation 61-3, 61-4

get-request operation 61-3, 61-4

get-response operation 61-3

Gigabit Ethernet SFP ports

deploy with 10-Gigabit Ethernet 8-12, 8-13

GLBP, introduction 1-15

global configuration mode 2-5

Guest-VLANs

configure with 802.1X 45-55

H

hardware and software ACL support 52-6

hardware switching 34-5

hello time (STP)

configuring 21-17

high CPU due to ACLs, troubleshooting 52-6

history

CLI 2-4

history table, level and number of syslog messages 59-9

hop counts

configuring MST bridges 21-28

host

limit on dynamic port 16-29

host modes, MACsec 44-4

host ports

kinds of 43-4

host presence CDP message 45-8

Hot Standby Routing Protocol

See HSRP

HSRP

description 1-15

HSRP, introduction 1-15

hw-module module num power command 13-20

I

ICMP

enabling 9-13

ping 9-8

running IP traceroute 9-10

time exceeded messages 9-10

ICMP Echo operation

configuring 67-11

IP SLAs 67-11

i command 72-3

IDS

using with SPAN and RSPAN 56-2

IEEE 802.1ag 64-2

IEEE 802.1s

See MST

IEEE 802.1w

See MST

IEEE 802.3ad

See LACP

IGMP

configurable-leave timer 26-4

description 36-3

enabling 36-14

explicit host tracking 26-4

immediate-leave processing 26-3

leave processing, enabling 27-8

overview 26-1

report suppression

disabling 27-10

IGMP filtering

configuring 26-21

default configuration 26-20

described 26-20

monitoring 26-24

IGMP groups

setting the maximum number 26-23

IGMP Immediate Leave

configuration guidelines 26-9

IGMP profile

applying 26-22

configuration mode 26-21

configuring 26-21

IGMP Snooping

configure

leave timer 26-9

configuring

Learning Methods 26-7

static connection to a multicast router 26-8

configuring host statically 26-11

enabling

Immediate-Leave processing

explicit host tracking 26-11

suppressing multicast flooding 26-12

IGMP snooping

configuration guidelines 26-5

default configuration 27-5, 27-6

enabling

globally 26-6

on a VLAN 26-6

enabling and disabling 27-6

IP multicast and 36-4

monitoring 26-14, 27-10

overview 26-1

IGMP Snooping, displaying

group 26-16

hot membership 26-15

how to 26-15

MAC address entries 26-18

multicast router interfaces 26-17

on a VLAN interface 26-18

Querier information 26-19

IGMPSnooping Querier, configuring 26-10

Immediate Leave, IGMP

enabling 27-8

immediate-leave processing

enabling 26-8

IGMP

See fast-leave processing

ingress packets, SPAN enhancement 56-12

inline power

configuring on Cisco IP phones 42-5

insufficient inline power handling for Supervisor Engine II-TS 13-19

Intelligent Power Management 14-4

interacting with Baby Giants 8-28

interface

displaying operational status 14-6

interface command 3-9, 8-2

interface configuration

REP 23-10

interface link and trunk status events

configuring 8-36

interface port-channel command 25-7

interface range command 8-4

interface range macro command 8-11

interfaces

adding descriptive name 8-22

clearing counters 8-35

configuring 8-2

configuring ranges 8-4

displaying information about 8-35

Layer 2 modes 18-3

maintaining 8-34

monitoring 8-34

naming 8-22

numbers 8-2

overview 8-2

restarting 8-36

See also Layer 2 interfaces

using the Ethernet Management Port 8-6

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

Internet Protocol version 6

See IPv6

introduction

802.1X Identity-Based Network Security, list of supported features 1-34

Bidirectional Forwarding Detection 1-13

Cisco Call Home 1-23

Cisco Energy Wise 1-24

Cisco Express Forwarding 1-14

Cisco IOS IP Service Level Agreements 1-24

Cisco IOS Mediatrace and Performance Monitor 1-26

Cisco Medianet AutoQoS 1-25

Cisco Medianet Flow Metadata 1-25

Cisco Media Services Proxy 1-25

Cisco TrustSec MACsec Encryption 1-35

Cisco TrustSec Security Architecture 1-35

Debugging Features (platform and debug platform) 1-41

Device Sensor 1-14

Dynamic Host Control Protocol 1-27

Easy Virtual Network 1-28

EIGRP Stub routing 1-14

Embedded Event Manager 1-29

Enhanced Object Tracking 1-14

EtherChannel bundles 1-3

Ethernet CFM 1-3

Ethernet Management Port 1-29

Ethernet OAM Protocol 1-3

FAT File Management System (Sup 60-E, 6L-E, 4948E, and 4900M) 1-29

File System Management (Sup 7-E and 7L-E) 1-29

Flexible Netflow (Sup 7-E and 7L-E) 1-4

Flex Link and MAC Address-Table Move Update 1-4

GLBP 1-15

hard-based Control Plane Policing 1-37

HSRP 1-15

In Service Software Upgrade 1-19

Intelligent Power Management 1-30

Internet Group Management Protocol (IGMP) Snooping 1-4

IP Routing protocols 1-16

IP Source Guard 1-37

IP Source Guard or Static Hosts 1-37

IPv6 1-19

IPv6 First Hop Security 1-37

IPv6 Multicast BSR and BSR Scoped Zone Support, introduction 1-5

IPv6 Multicast Listen Discovery (MLD) and Multicast Listen Discovery Snooping 1-6

IS-IS 1-18

Jumbo Frame 1-6

Layer 2 traceroute 1-41

Link Aggregation Control Protocol 1-7

MAC Address Notification 1-30

NAC

Layer 2 802.1X authentication 1-39

Layer 2 IP validation 1-39

NetFlow-lite 1-30

Network Security with ACLs (IP ACLs, MAC ACLs, Port ACLs, Router, ACLs, and VLAN ACLs) 1-39

NSF with SSO 1-20

OSPF 1-18

OSPF for Routed Access 1-21

Port Security 1-40

Power over Ethernet 1-31

RIP 1-19

Simple Network Management Protocol 1-31

SPAN and RSPAN 1-31

Time Domain Reflectometry 1-41

Unicast Reverse Path Forwarding 1-22

Universal Power over Ethernet 1-32

Virtual Router Redundancy Protocol 1-22

VRF-lite 1-22

Web-based Authentication 1-41

Web Content Coordination Protocol 1-32

Wireshark 1-32

XML-PI 1-33

Intrusion Detection System

See IDS

inventory management TLV 30-3, 30-9

IOS shell

See Auto SmartPorts macros

IP

configuring default gateway 3-11

configuring static routes 3-11

displaying statistics 34-8

IP addresses

128-bit 53-2

cluster candidate or member 15-12

cluster command switch 15-11

discovering 4-37

IPv6 53-2

ip cef command 34-6, 69-2

IP Enhanced IGRP

interfaces, displaying 33-19

ip icmp rate-limit unreachable command 9-13

ip igmp profile command 26-21

ip igmp snooping tcn flood command 26-13

ip igmp snooping tcn flood query count command 26-14

ip igmp snooping tcn query solicit command 26-14

IP information

assigned

through DHCP-based autoconfiguration 3-2

ip load-sharing per-destination command 34-7

ip local policy route-map command 39-8

ip mask-reply command 9-14

IP MTU sizes,configuring 33-9

IP multicast

clearing table entries 36-28

configuring 36-13

default configuration 36-13

displaying PIM information 36-23

displaying the routing table information 36-24

enabling dense-mode PIM 36-15

enabling sparse-mode 36-15

features not supported 36-13

hardware forwarding 36-9

IGMP snooping and 26-5, 36-4

overview 36-1

routing protocols 36-2

software forwarding 36-9

See also Auto-RP; IGMP; PIM; RP; RPF

IP multicast routing

enabling 36-14

monitoring and maintaining 36-23

ip multicast-routing command 36-14

IP multicast traffic, load splitting 36-22

IP phones

configuring voice ports 42-3

See Cisco IP Phones 42-1

ip pim command 36-15

ip pim dense-mode command 36-15

ip pim sparse-dense-mode command 36-16

ip policy route-map command 39-8

IP Port Security for Static Hosts

on a Layer 2 access port 51-25

on a PVLAN host port 51-28

overview 51-24

ip redirects command 9-14

IP routing tables

deleting entries 36-28

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 67-1

IP SLAs

benefits 67-2

CFM endpoint discovery 64-21

configuration guidelines 67-6

Control Protocol 67-4

default configuration 67-6

definition 67-1

ICMP echo operation 67-11

manually configuring CFM ping or jitter 64-19

measuring network performance 67-3

multioperations scheduling 67-5

operation 67-3

reachability tracking 58-9

responder

described 67-4

enabling 67-7

response time 67-4

scheduling 67-5

SNMP support 67-2

supported metrics 67-2

threshold monitoring 67-6

track state 58-9

UDP jitter operation 67-8

IP Source Guard

configuring 51-20

configuring on private VLANs 51-22

displaying 51-22, 51-23

overview 51-23

IP statistics

displaying 34-8

IP traceroute

executing 9-10

overview 9-9

IP unicast

displaying statistics 34-8

IP Unnumbered support

configuring on a range of Ethernet VLANs 17-5

configuring on LAN and VLAN interfaces 17-4

configuring with connected host polling 17-6

DHCP Option 82 17-2

displaying settings 17-7

format of agent remote ID suboptions 17-2

troubleshooting 17-8

with conected host polling 17-3

with DHCP server and Relay agent 17-2

ip unreachables command 9-13

IPv4, IPv6, and MAC ACLs, configuring on a Layer 2 interface 52-29

IPv6

addresses 53-2

default configuration 53-7

defined 1-19, 53-1

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 53-6

Router ID 53-6

OSPF 53-6

IPv6 control traffic, policing 49-16

IPv6 First Hop Security, introduction 1-37

IPX

redistribution of route information with EIGRP 1-17

is 28-19

IS-IS, introduction 1-18

ISL

trunking with 802.1Q tunneling 28-4

isolated port 43-4

isolated VLANs 43-2, 43-3, 43-4

ISSU

compatibility matrix 5-61, 6-14, 7-13

compatiblity verification using Cisco Feature Navigator 5-62, 6-15, 7-14

NSF overview 6-3, 7-3

perform the process

aborting a software upgrade 5-78, 6-34, 7-33

configuring the rollback timer as a safeguard 5-79, 6-35, 7-35

displaying a compatibility matrix 5-81, 6-36, 6-40, 7-36

loading the new software on the new standby 5-71, 6-27, 7-26

stopping the rollback timer 5-70, 6-26, 7-25

switching to the standby 5-68, 6-24, 7-23

verify the ISSU state 5-65, 6-20, 7-20

verify the redundancy mode 5-64, 6-19, 7-18

verify the software installation 5-63, 6-18, 7-18

vload the new software on standby 5-67, 6-21, 7-20

prerequisites 5-57, 6-2, 7-2

process overview 6-6, 7-6

restrictions 5-57, 6-2, 7-2

SNMP support 6-15, 7-14

SSO overview 6-3, 7-3

versioning capability in software to support 6-13

IST

and MST regions 21-22

description 21-22

master 21-27

ITU-T Y.1731

See Y.1731

J

jumbo frames

and ethernet ports 8-26

configuring MTU sizes for 8-27

ports and linecards that support 8-25

understanding MTUs 8-25

understanding support 8-25

VLAN interfaces 8-27

K

keyboard shortcuts 2-3

L

l2protocol-tunnel command 28-17

labels, definition 41-4

LACP

system ID 25-4

Layer 2 access ports 18-7

Layer 2 Control Packet QoS

and CoPP configuration example 49-14

default configuation 49-11

disabling 49-13

enabvling 49-12

guideline and restrictions 49-16

understanding 49-11

Layer 2 frames

classification with CoS 41-2

Layer 2 interface

applying ACLs 52-31

configuring access-mode mode on 52-31

configuring IPv4, IPv6, and MAC ACLs 52-29

displaying an ACL configuration 52-32

Layer 2 interfaces

assigning VLANs 16-7

configuring 18-5

configuring as PVLAN host ports 43-18

configuring as PVLAN promiscuous ports 43-17

configuring as PVLAN trunk ports 43-19

defaults 18-4

disabling configuration 18-8

modes 18-3

show interfaces command 18-6

Layer 2 interface type

resetting 43-24

setting 43-24

Layer 2 protocol tunneling

default configuration 28-16

guidelines 28-16

Layer 2 switching

overview 18-1

Layer 2 Traceroute

and ARP 9-11

and CDP 9-11

host-to-host paths 9-11

IP addresses and subnets 9-11

MAC addresses and VLANs 9-11

multicast traffic 9-11

multiple devices on a port 9-11

unicast traffic 1-41, 9-10

usage guidelines 9-11

Layer 2 trunks

configuring 18-5

overview 18-3

Layer 3 interface, applying IPv6 ACLs 52-17

Layer 3 interface counters,configuring 33-10

Layer 3 interface counters,understanding 33-3

Layer 3 interfaces

changing from Layer 2 mode 40-7

configuration guidelines 33-5

configuring VLANs as interfaces 33-7

overview 33-1

counters 33-3

logical 33-2

physical 33-2

SVI autostate exclude 33-3

Layer 3 packets

classification methods 41-2

Layer 4 port operations

configuration guidelines 52-11

restrictions 52-10

Leave timer, enabling 26-9

limitations on using a TwinGig Convertor 8-14

Link Aggregation Control Protocol, introduction 1-7

link and trunk status events

configuring interface 8-36

link integrity, verifying with REP 23-4

Link Layer Discovery Protocol

See CDP

link monitoring, Ethernet OAM 64-34, 64-38

link-state tracking

configuration guidelines 25-21

default configuration 25-21

described 25-18

displaying status 25-22

generic configuration procedure 25-21

link status, displaying UDLD 31-9

listening state (STP)

RSTP comparisons (table) 21-24

LLDP

configuring 30-4

characteristics 30-5

default configuration 30-5

disabling and enabling

globally 30-6

on an interface 30-7

monitoring and maintaining 30-14

overview 30-1

transmission timer and holdtime, setting 30-5

LLDP-MED

configuring

procedures 30-4

TLVs 30-9, 30-11

monitoring and maintaining 30-14

overview 30-1

supported TLVs 30-2

LLDP Media Endpoint Discovery

See LLDP-MED

load balancing

configuring for CEF 34-7

configuring for EtherChannel 25-14

overview 25-5, 34-6

per-destination 34-7

load splitting IP multicast traffic 36-22

Location Service

overview 30-1

location service

configuring 30-12

understanding 30-3

location TLV 30-3, 30-9

logging, EPM 45-125

Logical Layer 3 interfaces

configuring 33-6

logical layer 3 VLAN interfaces 33-2

login authentication

with RADIUS 45-102

with TACACS+ 3-19

login banners 4-17

login timer

changing 9-7

logoutwarning command 9-7

loop guard

and MST 21-23

configuring 24-4

overview 24-3

M

MAC/PHY configuration status TLV 30-2

MAC addresses

aging time 4-23

allocating 21-6

and VLAN association 4-22

building tables 4-21, 18-2

convert dynamic to sticky secure 48-5

default configuration 4-23

disabling learning on a VLAN 4-32

discovering 4-37

displaying 9-4

displaying in DHCP snooping binding table 51-19

dynamic

learning 4-22

removing 4-24

in ACLs 52-14

static

adding 4-30

allowing 4-31

characteristics of 4-29

dropping 4-31

removing 4-30

sticky 48-4

sticky secure, adding 48-5

MAC address learning, disabling on a VLAN 4-32

confuguring 4-32

deployment scenarios 4-33

feature compatibility 4-35

feature incompatibility 4-36

feature inompatibility 4-36

usage guidelines 4-33

MAC address table

displaying 4-37

MAC address-table move update

configuration guidelines 22-10

configuring 22-10

monitoring 22-12

MAC Authentication Bypass

configure with 802.1X 45-58

MAC details, displaying 45-124

MAC extended access lists 52-14

macl 52-14

macros

See Auto SmartPorts macros

See Auto Smartports macros

See Smartports macros

MACSec

802.1AE Tagging 44-8

MACsec 44-2

configuring on an interface 44-7

defined 44-1, 44-2

switch-to-switch security 44-1

MACsec Key Agreement Protocol

See MKA

main-cpu command 10-8, 11-7

management address TLV 30-2

management options

SNMP 61-1

Management Port, Ethernet 8-6

manual preemption, REP, configuring 23-13

marking

hardware capabilities 41-23, 41-57

marking action drivers 41-21, 41-55

marking network traffic 41-18, 41-52

marking support, multi-attribute 41-22, 41-56

match ip address command 39-6

maximum aging time (STP)

configuring 21-18

MDA

configuration guidelines45-23to ??

described 45-22

MEC

configuration 5-53

described 5-14

failure 5-15

Media Access Control Security

See MACsec

members

automatic discovery 15-7

member switch

managing 15-13

member switch, cluster

defined 15-2

meminfo command 72-5

messages, Ethernet OAM 64-34

messages, to users through banners 4-17

Metro features

Y.1731 (AIS and RDI), introduction 1-12

metro tags 28-2

MFIB

CEF 36-6

overview 36-12

MFIB, IP

displaying 36-26

MIBs

compiling 71-4

downloading 71-3, 71-4

overview 61-1

related information 71-3

SNMP interaction with 61-4

MKA

configuring policies 44-6

defined 44-2

policies 44-3

replay protection 44-3

statistics 44-5

virtual ports 44-3

MLD Done messages and Immediate-leave 27-4

MLD messages 27-2

MLD queries 27-3

MLD reports 27-4

MLD Snooping

MLD Done messages and Immediate-leave 27-4

MLD messages 27-2

MLD queries 27-3

MLD reports 27-4

Multicast client aging robustness 27-3

Multicast router discovery 27-3

overview 27-1

Mode of capturing control packets, selecting 52-7

modules

checking status 9-2

powering down 13-19

monitoring

802.1Q tunneling 28-18

ACL information 52-35

Ethernet CFM 64-32, 64-33

Ethernet OAM 64-49

Ethernet OAM protocol 64-49

Flex Links 22-12

IGMP

snooping 27-10

IGMP filters 26-24

IGMP snooping 26-14

Layer 2 protocol tunneling 28-18

MAC address-table move update 22-12

multicast router interfaces 27-11

multi-VRF CE 40-17

object tracking 58-12

REP 23-14

traffic flowing among switches 68-1

tunneling 28-18

VLAN filters 52-24

VLAN maps 52-24

monitoring and troubleshooting

BFD 38-16

M-record 21-23

MST

and multiple spanning trees 1-8, 21-22

boundary ports 21-27

BPDUs 21-23

configuration parameters 21-26

configuring 21-29

displaying configurations 21-33

edge ports 21-27

enabling 21-29

hop count 21-28

instances

configuring parameters 21-32

description 21-23

number supported 21-26

interoperability with PVST+ 21-23

link type 21-28

master 21-27

message age 21-28

regions 21-26

restrictions 21-29

to-SST interoperability 21-24

MSTP

EtherChannel guard

enabling 24-6

M-record 21-23

M-tree 21-23

M-tree 21-23

MTUS

understanding 8-25

MTU size

configuring 8-27, 8-28, 8-37

default 16-5

Multi-authentication

described 45-22

multiauthentication mode 45-8

multicast

See IP multicast

Multicast client aging robustness 27-3

multicast Ethernet loopback (ETH-LB) 64-29

multicast Ethernet loopback, using 64-31

Multicast Forwarding Information Base (MFIB) 36-12

multicast groups

static joins 27-7

Multicast HA 36-13

Multicast implementation

HA 36-13

MFIB 36-12

S/M, 224/4 36-13

multicast packets

blocking 54-2

Multicast router discovery 27-3

multicast router interfaces, displaying 26-17

multicast router interfaces, monitoring 27-11

multicast router ports, adding 27-7

multicast routers

flood suppression 26-12

multicast router table

displaying 36-24

Multicast Storm Control

enabling 55-4

disabling 55-5

multichassis EtherChannel

see MEC 5-14

multidomain authentication

See MDA

multidomain authentication mode 45-7

multioperations scheduling, IP SLAs 67-5

Multiple AuthorizationAuthentication

configuring 45-34

Multiple Domain Authentication 45-34

multiple forwarding paths 1-8, 21-22

multiple-hosts mode 45-7

Multiple Spanning Tree

See MST

multiple VPN routing/forwarding

See multi-VRF CE

multi-VRF CE

components 40-3

configuration example 40-13

default configuration 40-3

defined 40-1

displaying 40-17

monitoring 40-17

network components 40-3

packet-forwarding process 40-3

N

NAC Layer 2 802.1X authentication, intro 1-39

NAC Layer 2 IP validation, intro 1-39

named IPv6 ACLs, configuring

ACLs

configuring named IPv6 ACLs 52-16

named MAC extended ACLs

ACLs

configuring named MAC extended 52-14, 52-15

native VLAN

and 802.1Q tunneling 28-4

specifying 18-5

NDAC 44-9

defined 44-9

MACsec 44-1

NEAT

configuring 45-84

overview 45-24

neighbor offset numbers, REP 23-5

NetFlow-lite

clear commands 62-9

display commands 62-8

NetFlow packet sampling

about 62-2

Network Assistant

and VTY 15-12

configure

enable communication with switch 15-13, 15-17

default configuration 15-3

overview of CLI commands 15-3

Network Device Admission Control (NDAC) 44-9

Network Edge Access Topology

See NEAT

network fault tolerance 1-8, 21-22

network management

configuring 29-1

RMON 68-1

SNMP 61-1

network performance, measuring with IP SLAs 67-3

network policy TLV 30-2, 30-9

Network Time Protocol

See NTP

network traffic, marking 41-18, 41-52

New Software Features in Release 7.7

TDR 9-4

Next Hop Resolution Protocol

See NHRP

NHRP

support 1-17

non-fiber-optics interfaces

disabling UDLD 31-7

non-IP traffic filtering 52-14, 52-15

non-RPF traffic

description 36-10

in redundant configurations (figure) 36-11

Nonstop Forwarding

See NSF

nonvolatile random-access memory

See NVRAM

normal-range VLANs

See VLANs

NSF

defined 12-1

guidelines and restrictions 12-9

operation 12-4

NSF-aware

supervisor engines 12-3

support 12-2

NSF-capable

supervisor engines 12-3

support 12-2

NSF with SSO supervisor engine redundancy

and CEF 12-5

overview 12-3

SSO operation 12-4

NTP

associations

authenticating 4-4

defined 4-2

enabling broadcast messages 4-7

peer 4-6

server 4-6

default configuration 4-4

displaying the configuration 4-11

overview 4-2

restricting access

creating an access group 4-9

disabling NTP services per interface 4-10

source IP address, configuring 4-10

stratum 4-2

synchronizing devices 4-6

time

services 4-2

synchronizing 4-2

ntroduction

PPPoE Intermediate Agent 1-40

Storm Control 1-40

uRPF Strict Mode 1-40

NVRAM

saving settings 3-10

O

OAM

client 64-34

features 64-34

sublayer 64-34

OAM manager

configuring 64-52

with CFM and Ethernet OAM 64-51

OAM PDUs 64-35

OAM protocol data units 64-33

object tracking

monitoring 58-12

OIR

overview 8-32

on-demaind online diagnostics 69-2

online diagnostic

troubleshooting 69-8

Online Diagnostics 69-1

online diagnostics

configuring on-demaind 69-2

data path, displaying test results 69-7

displaying tests and test results 69-4

linecard 69-8

scheduling 69-2

starting and stopping tests 69-3

online insertion and removal

See OIR

Open Shortest Path First

See OSPF

operating system images

See system images

Option 82

enabling DHCP Snooping 51-10

OSPF

area concept 1-18

description 1-18

for IPv6 53-6

OSPF, introduction 1-18

OSPF for Routed Access, introduction 1-21

P

packets

modifying 41-9

packet type filtering

overview 56-14

SPAN enhancement 56-14

PACL

using with access-group mode 52-30

PACL configuration guidelines 52-28

PACL with VLAN maps and router ACLs 52-32

PAgP

understanding 25-4

passwords

configuring enable password 3-14

configuring enable secret password 3-14

encrypting 3-22

in clusters 15-8

recovering lost enable password 3-25

setting line password 3-14

PBR (policy-based routing)

configuration (example) 39-9

enabling 39-6

features 39-2

overview 39-1

route-map processing logic 39-3

route-map processing logic example 39-4

route maps 39-2

when to use 39-5

percentage thresholds in tracked lists 58-6

per-port and VLAN Access Control List 51-19

per-port per-VLAN QoS

enabling 41-36, 41-70

overview 41-10

Per-User ACL and Filter-ID ACL, configure 45-44

Per-VLAN Rapid Spanning Tree 21-6

enabling 21-20

overview 21-6

PE to CE routing, configuring 40-12

physical layer 3 interfaces 33-2

Physical Layer 3 interfaces, configuring 33-12

PIM

configuring dense mode 36-15

configuring sparse mode 36-15

displaying information 36-23

displaying statistics 36-27

enabling sparse-dense mode 36-15, 36-16

overview 36-3

PIM-DM 36-3

PIM on an interface, enabling 36-14

PIM-SM 36-3

PIM-SSM mapping, enabling 36-17

ping

executing 9-9

overview 9-8

ping command 9-9, 36-23

PoE 14-7, 14-8

configuring power consumption, powered devices 14-5

configuring power consumption for single device 14-5, 14-16

displaying operational status for an interface 14-6

Enhanced PoE support on E-series 14-15

policing and monitoring 14-12

power consumption for powered devices

Intelligent Power Management 14-4

powering down a module 13-19

power management modes 14-2

PoE policing

configuring errdisable recovery 14-14

configuring on an interface 14-13

displaying on an interface 14-14

power modes 14-12

point-to-point

in 802.1X authentication (figure) 45-3

policing

how to implement 41-18, 41-52

See QoS policing

policing, PoE 14-12

policing IPv6 control traffic 49-16

policy associations, QoS on Sup 6-E 41-39, 41-73

policy-map command 41-16, 41-51

policy map marking action, configuring 41-23, 41-57

port ACLs

and voice VLAN 52-4

defined 52-3

Port Aggregation Protocol

see PAgP

port-based authentication

802.1X with voice VLAN 45-22

Authentication Failed VLAN assignment 45-17

authentication server

defined 47-2

changing the quiet period 45-80

client, defined 45-3, 47-2

configuration guidelines 45-28, 47-6

configure ACL assignments and redirect URLs 45-38

configure switch-to-RADIUS server communication 45-32

configure with Authentication Failed 45-68

configure with Critical Authentication 45-60

configure with Guest-VLANs 45-55

configure with MAC Authentication Bypass 45-58

configure with VLAN User Distribution 45-66

configure with Voice VLAN 45-70

configuring

Multiple Domain Authentication and Multiple Authorization 45-34

RADIUS server 47-10

RADIUS server parameters on the switch 47-9

configuring Fallback Authentication 45-73

configuring Guest-VLAN 45-32

configuring manual re-authentication of a client 45-90

configuring with Unidirectional Controlled Port 45-64

controlling authorization state 45-5

default configuration 45-27, 47-6

described 45-1

device roles 45-2, 47-2

displaying statistics 45-121, 47-14

enabling 45-28

802.1X authentication 47-9

enabling multiple hosts 45-79

enabling periodic re-authentication 45-77

encapsulation 45-3

host mode 45-6

how 802.1X fails on a port 45-25

initiation and message exchange 45-4

method lists 45-28

modes 45-6

multidomain authentication 45-22

multiple-hosts mode, described 45-7

port security

multiple-hosts mode 45-7

ports not supported 45-5

pre-authentication open access 45-8

resetting to default values 45-91

setting retransmission number 45-82

setting retransmission time 45-81

switch

as proxy 47-2

switch supplicant

configuring 45-84

overview 45-24

topologies, supported 45-25

using with ACL assignments and redirect URLs 45-20

using with port security 45-19

with Critical Authentication 45-14

with Guest VLANs 45-11

with MAC Authentication Bypass 45-12

with Unidirectional Controlled Port 45-15

with VLAN assignment 45-10

with VLAN User Distribution 45-16

port-channel

see EtherChannel

port-channel interfaces

See also EtherChannel

creating 25-7

overview 25-2

port-channel load-balance

command 25-13

command example 25-13

port-channel load-balance command 25-14

port cost (STP)

configuring 21-15

port description TLV 30-2

PortFast

and MST 21-23

BPDU filter, configuring 24-9

configuring or enabling 24-15

overview 24-6

PortFast BPDU filtering

and MST 21-23

enabling 24-9

overview 24-9

port numbering with TwinGig Convertors 8-13

port priority

configuring MST instances 21-32

configuring STP 21-13

ports

blocking 54-1

checking status 9-3

dynamic VLAN membership

example 16-29

reconfirming 16-26

forwarding, resuming 54-3

REP 23-6

See also interfaces

port security

aging 48-5

configuring 48-7

displaying 48-28

guidelines and restrictions 48-33

on access ports 48-7, 48-22

on private VLAN 48-14

host 48-14

promiscuous 48-16

topology 48-15, 48-18, 48-32

on trunk port 48-17

guidelines and restrictions 48-15, 48-18, 48-32

port mode changes 48-22

on voice ports 48-22

sticky learning 48-5

using with 802.1X 45-19

violations 48-6

with 802.1X Authentication 48-32

with DHCP and IP Source Guard 48-31

with other features 48-33

port states

description 21-5

port VLAN ID TLV 30-2

power

inline 42-5

power dc input command 13-19

powered devices, configuring power consumption 14-5

power handling for Supervisor Engine II-TS 14-12

power inline command 14-3

power inline consumption command 14-5

power management

Catalyst 4500 series 13-7

Catalyst 4500 Switch power supplies 13-13

Catalyst 4948 series 13-20

configuring combined mode 13-12

configuring redundant mode 13-11

overview 13-1

redundancy 13-7

power management for Catalyst 4500 Switch

combined mode 13-9

redundant mode 13-8

power management limitations in Catalyst 4500 Switch 13-9

power management mode

selecting 13-9

power management TLV 30-2, 30-3, 30-9

power negotiation

through LLDP 30-11

Power-On-Self-Test diagnostics 69-10, 69-20

Power-On-Self-Test for Supervisor Engine V-10GE 69-13

power policing, displaying on an interface 14-14

power redundancy-mode command 13-12

power supplies

available power for Catalyst 4500 Switch 13-13

fixed 13-7

variable 13-7, 13-20

pre-authentication open access 45-8

pre-authentication open access. See port-based authentication.

preempt delay time, REP 23-5

primary edge port, REP 23-4

primary VLANs 43-2, 43-4

associating with secondary VLANs 43-16

configuring as a PVLAN 43-15

priority

overriding CoS of incoming frames 42-5

priority queuing, QoS on Sup 6-E 41-30, 41-64

private VLAN

configure port security 48-14, 48-15

enabling DHCP Snooping 51-12

private VLANs

across multiple switches 43-5

and SVIs 43-10

benefits of 43-2

community ports 43-3

community VLANs 43-2, 43-3

default configuration 43-12

end station access to 43-3

isolated port 43-4

isolated VLANs 43-2, 43-3, 43-4

ports

community 43-3

isolated 43-4

promiscuous 43-4

primary VLANs 43-2, 43-4

promiscuous ports 43-4

secondary VLANs 43-2

subdomains 43-2

traffic in 43-9

privileged EXEC mode 2-5

privileges

changing default 3-23

configuring levels 3-23

exiting 3-24

logging in 3-24

promiscuous ports

configuring PVLAN 43-17

defined 43-4

setting mode 43-24

protocol timers 21-4

provider edge devices 40-2

pruning, VTP

See VTP pruning

pseudobridges

description 21-25

PVACL 51-19

PVID (port VLAN ID)

and 802.1X with voice VLAN ports 45-22

PVLAN promiscuous trunk port

configuring 43-11, 43-17, 43-21

PVLANs

802.1q support 43-14

across multiple switches 43-5

configuration guidelines 43-12

configure port security 48-14, 48-16, 48-18

configure port security in a wireless setting 48-32

configuring 43-11

configuring a VLAN 43-15

configuring promiscuous ports 43-17

host ports

configuring a Layer 2 interface 43-18

setting 43-24

overview 43-1

permitting routing, example 43-23

promiscuous mode

setting 43-24

setting

interface mode 43-24

Q

QoS

classification41-6to ??

definitions 41-3

enabling per-port per-VLAN 41-36, 41-70

overview 41-2

overview of per-port per-VLAN 41-10

packet modification 41-9

traffic shaping 41-9

See also COS; DSCP values; transmit queues

QoS active queue management

tracking queue length 41-9

QoS labels

definition 41-4

QoS marking

description 41-5

QoS on Sup 6-E

Active Queue management via DBL 41-34, 41-68

active queue management via DBL 41-27, 41-34, 41-61, 41-68

classification 41-16, 41-50

configuring 41-13, 41-47

configuring CoS mutation 41-45, 41-79

configuring the policy map marking action 41-23, 41-57

hardware capabilities for marking 41-23, 41-57

how to implement policing 41-18, 41-52

marking action drivers 41-21, 41-55

marking network traffic 41-18, 41-52

MQC-based QoS configuration 41-13, 41-48

multi-attribute marking support 41-22, 41-56

platform hardware capabilities 41-15, 41-49

platform restrictions 41-18, 41-52

platform-supported classification criteria and QoS features 41-13, 41-14, 41-48

policing 41-17, 41-51

policy associations 41-39, 41-73

prerequisites for applying a service policy 41-15, 41-49

priority queuing 41-30, 41-64

queue-limiting 41-31, 41-65

restrictions for applying a service policy 41-15, 41-50

shaping 41-25, 41-59

sharing(bandwidth) 41-27, 41-61

sharing(blandwidth), shapring, and priority queuing 41-25, 41-59

software QoS 41-40, 41-74

traffic marking procedure flowchart 41-21, 41-55

QoS policing

definition 41-5

described 41-8

QoS policy

attaching to interfaces 41-8

QoS service policy

prerequisites 41-15, 41-49

restrictions for applying 41-15, 41-50

QoS transmit queues

burst 41-9

maximum rate 41-9

sharing link bandwidth 41-9

quad-supervisor

uplink forwarding 5-6

Quality of service

See QoS

queueing 41-8

queue-limiting, QoS on Sup 6-E 41-31, 41-65

R

RADIUS

attributes

vendor-proprietary 45-110

vendor-specific 45-108

change of authorization 45-93

configuring

accounting 45-107

authentication 45-102

authorization 45-106

communication, global 45-100, 45-108

communication, per-server 45-99, 45-100

multiple UDP ports 45-100

default configuration 45-99

defining AAA server groups 45-104

displaying the configuration 45-112

identifying the server 45-99

limiting the services to the user 45-106

method list, defined 45-99

operation of 45-93

server load balancing 45-112

suggested network environments 45-92

tracking services accessed by user 45-107

understanding 45-92

RADIUS, controlling switch access with 45-91

RADIUS Change of Authorization 45-93

RADIUS server

configure to-Switch communication 45-32

configuring settings 45-34

parameters on the switch 45-32

RA Guard

configuring 52-36

deployment 52-36

examples 52-37

introduction 52-35

usage guidelines 52-38

range command 8-4

range macros

defining 8-11

ranges of interfaces

configuring 8-4

Rapid Spanning Tree

See RSTP

rcommand command 15-13

reachability, tracking IP SLAs IP host 58-9

re-authentication of a client

configuring manual 45-90

enabling periodic 45-77

redirect URLs, port-based authentication 45-20

reduced MAC address 21-2

redundancy

configuring 10-7, 11-7

guidelines and restrictions 10-5, 11-5

changes made through SNMP 10-11, 11-11

NSF-aware support 12-2

NSF-capable support 12-2

overview 10-2, 11-2

redundancy command 10-8, 11-7

understanding synchronization 10-4, 11-5

redundancy (NSF) 12-1

configuring

BGP 12-11

CEF 12-10

EIGRP 12-16

IS-IS 12-13

OSPF 12-12

routing protocols 12-5

redundancy (RPR)

route processor redundancy 10-2, 11-3

synchronization 10-5, 11-5

redundancy (SSO)

redundancy command 12-10

route processor redundancy 10-3, 11-3

synchronization 10-5, 11-5

reload command 3-28, 3-29

Remote Authentication Dial-In User Service

See RADIUS

remote failure indications 64-34

remote loopback, Ethernet OAM 64-34, 64-37

Remote Network Monitoring

See RMON

rendezvous point, configuring 36-17

rendezvous point, configuring single static 36-20

REP

administrative VLAN 23-8

administrative VLAN, configuring 23-9

and STP 23-6

configuration guidelines 23-7

configuring interfaces 23-10

convergence 23-4

default configuration 23-7

manual preemption, configuring 23-13

monitoring 23-14

neighbor offset numbers 23-5

open segment 23-2

ports 23-6

preempt delay time 23-5

primary edge port 23-4

ring segment 23-2

secondary edge port 23-4

segments 23-1

characteristics 23-2

SNMP traps, configuring 23-14

supported interfaces 23-1

triggering VLAN load balancing 23-6

verifying link integrity 23-4

VLAN blocking 23-13

VLAN load balancing 23-4

replication

description 36-9

report suppression, IGMP

disabling 27-10

reserved-range VLANs

See VLANs

reset command 72-3

resetting an interface to default configuration 8-39

resetting a switch to defaults 3-32

Resilient Ethernet ProtocolLSee REP

responder, IP SLAs

described 67-4

enabling 67-7

response time, measuring with IP SLAs 67-4

restricting access

NTP services 4-8

RADIUS 45-91

TACACS+ 3-15

retransmission number

setting in 802.1X authentication 45-82

retransmission time

changing in 802.1X authentication 45-81

RFC

1157, SNMPv1 61-2

1305, NTP 4-2

1757, RMON 68-2

1901, SNMPv2C 61-2

1902 to 1907, SNMPv2 61-2

2273-2275, SNMPv3 61-2

RFC 5176 Compliance 45-94

RIP

description 1-19

for IPv6 53-5

RIP, introduction 1-19

RMON

default configuration 68-3

displaying status 68-6

enabling alarms and events 68-3

groups supported 68-2

overview 68-1

ROM monitor

boot process and 3-26

CLI 2-7

commands72-2to 72-3

debug commands 72-5

entering 72-1

exiting 72-6

overview 72-1

root bridge

configuring 21-10

selecting in MST 21-22

root guard

and MST 21-23

enabling 24-2

overview 24-2

routed packets

ACLs 52-26

route-map (IP) command 39-6

route maps

defining 39-6

PBR 39-2

router ACLs

description 1-39, 52-3

using with VLAN maps 52-25

router ACLs, using PACL with VLAN maps 52-32

route targets

VPN 40-3

Routing Information Protocol

See RIP

RPF

<Emphasis>See Unicast RPF

RSPAN

configuration guidelines 56-16

destination ports 56-5

IDS 56-2

monitored ports 56-4

monitoring ports 56-5

received traffic 56-3

sessions

creating 56-17

defined 56-3

limiting source traffic to specific VLANs 56-23

monitoring VLANs 56-21

removing source (monitored) ports 56-20

specifying monitored ports 56-17

source ports 56-4

transmitted traffic 56-4

VLAN-based 56-5

RSTP

compatibility 21-23

description 21-22

port roles 21-24

port states 21-24

S

S/M, 224/4 36-13

SAID

See 802.10 SAID

SAP

defined 44-9

negotiation 44-9

support 44-1

scheduling 41-8

scheduling, IP SLAs operations 67-5

secondary edge port, REP 23-4

secondary root switch 21-12

secondary VLANs 43-2

associating with primary 43-16

permitting routing 43-23

security

configuring 49-1

Security Association Identifier

See 802.10 SAID

Security Exchange Protocol

See SXP

Security Exchange Protocol

See SAP

selecting a power management mode 13-9

selecting X2/TwinGig Convertor Mode 8-14

sequence numbers in log messages 59-7

server IDs

description 66-23

service policy, configure class-level queue-limit 41-31, 41-65

service-policy input command 32-2

service-provider networks

and customer VLANs 28-2

session keys, MKA 44-2

set default interface command 39-7, 39-8

set interface command 39-7

set ip default next-hop command 39-7

set ip next-hop command 39-6, 39-7

set-request operation 61-4

severity levels, defining in system messages 59-8

shaping, QoS on Sup 6-E 41-25, 41-59

sharing(bandwidth), QoS on Sup 6-E 41-27, 41-61

Shell functions

See Auto SmartPorts macros

See Auto Smartports macros

Shell triggers

See Auto SmartPorts macros

See Auto Smartports macros

show adjacency command 34-9

show boot command 3-32

show catalyst4000 chassis-mac-address command 21-3

show cdp command 29-2, 29-3

show cdp entry command 29-4

show cdp interface command 29-3

show cdp neighbors command 29-4

show cdp traffic command 29-4

show ciscoview package command 4-41

show ciscoview version command 4-41

show cluster members command 15-13

show configuration command 8-22

show debugging command 29-4

show environment command 13-2

show history command 2-4

show interfaces command 8-27, 8-28, 8-35, 8-37

show interfaces status command 9-3

show ip cef command 34-8

show ip eigrp interfaces command 33-19

show ip eigrp neighbors command 33-19

show ip eigrp topology command 33-19

show ip eigrp traffic command 33-19

show ip interface command 36-23

show ip local policy command 39-8

show ip mroute command 36-23

show ip pim interface command 36-23

show l2protocol command 28-18

show lldp traffic command 30-15

show mac-address-table address command 9-4

show mac-address-table interface command 9-4

show mls entry command 34-8

show module command 9-2, 21-6

show PoE consumed 14-8

show power inline command 14-6

show power supplies command 13-12

show protocols command 8-35

show running-config command

adding description for an interface 8-22

checking your settings 3-9

displaying ACLs 52-19, 52-21, 52-30, 52-31

show startup-config command 3-10

show users command 9-7

show version command 3-29

shutdown, command 8-36

shutdown threshold for Layer 2 protocol packets 28-16

shutting down

interfaces 8-36

Simple Network Management Protocol

See SNMP

single-host mode 45-7

single spanning tree

See SST

single static RP, configuring 36-20

slot numbers, description 8-2

Slow timer, configuring BFD 38-15

smart call home 66-1

description 66-2

destination profile (note) 66-5

registration requirements 66-3

service contract requirements 66-3

Transport Gateway (TG) aggregation point 66-2

SMARTnet

smart call home registration 66-3

Smartports macros

applying global parameter values 19-9, 19-15, 19-16

applying macros 19-9

applying parameter values 19-9

configuration guidelines 19-6, 19-15

configuring 19-2

creating 19-8

default configuration 19-4, 19-14

defined 1-10, 19-1

displaying 19-14

tracing 19-7, 19-15

SNMP

accessing MIB variables with 61-4

agent

described 61-4

disabling 61-7

and IP SLAs 67-2

authentication level 61-10

community strings

configuring 61-7

overview 61-4

configuration examples 61-15

configuration guidelines 61-6

default configuration 61-5

enabling 71-4, 71-5

engine ID 61-6

groups 61-6, 61-9

host 61-6

informs

and trap keyword 61-11

described 61-5

differences from traps 61-5

enabling 61-14

limiting access by TFTP servers 61-15

limiting system log messages to NMS 59-9

manager functions 61-3

notifications 61-5

overview 61-1, 61-4

status, displaying 61-16

system contact and location 61-14

trap manager, configuring 61-13

traps

described 61-3, 61-5

differences from informs 61-5

enabling 61-11

enabling MAC address notification 4-24

enabling MAC move notification 4-26

enabling MAC threshold notification 4-28

overview 61-1, 61-4

types of 61-11

users 61-6, 61-9

versions supported 61-2

SNMP commands 71-4

SNMP traps

REP 23-14

SNMPv1 61-2

SNMPv2C 61-2

SNMPv3 61-2

software

upgrading 10-13, 11-12

software configuration register 3-26

software QoS, on Sup 6-E 41-40, 41-74

software switching

description 34-5

interfaces 34-6

key data structures used 36-8

source IDs

call home event format 66-22

SPAN

and ACLs 56-5

configuration guidelines 56-7

configuring56-7to 56-10

destination ports 56-5

IDS 56-2

monitored port, defined 56-4

monitoring port, defined 56-5

received traffic 56-3

sessions

defined 56-3

source ports 56-4

transmitted traffic 56-4

VLAN-based 56-5

SPAN and RSPAN

concepts and terminology 56-3

default configuration 56-6

displaying status 56-24

overview 56-1

session limits 56-6

SPAN enhancements

access list filtering 56-13

configuration example 56-15

CPU port sniffing 56-10

encapsulation configuration 56-12

ingress packets 56-12

packet type filtering 56-14

spanning-tree backbonefast command 24-16

spanning-tree cost command 21-16

spanning-tree guard root command 24-2

spanning-tree portfast bpdu-guard command 24-8

spanning-tree portfast command 24-7

spanning-tree port-priority command 21-13

spanning-tree uplinkfast command 24-12

spanning-tree vlan

command 21-9

command example 21-9

spanning-tree vlan command 21-8

spanning-tree vlan cost command 21-16

spanning-tree vlan forward-time command 21-19

spanning-tree vlan hello-time command 21-18

spanning-tree vlan max-age command 21-18

spanning-tree vlan port-priority command 21-13

spanning-tree vlan priority command 21-17

spanning-tree vlan root primary command 21-10

spanning-tree vlan root secondary command 21-12

speed

configuring interface 8-19

speed command 8-20

SSO

configuring 12-10

SSO operation 12-4

SST

description 21-22

interoperability 21-24

static ACL, removing the requirement 52-28

static addresses

See addresses

static routes

configuring 3-11

verifying 3-12

statistics

802.1X 47-14

displaying 802.1X 45-121

displaying PIM 36-27

LLDP 30-14

LLDP-MED 30-14

MKA 44-5

SNMP input and output 61-16

sticky learning

configuration file 48-6

defined 48-5

disabling 48-6

enabling 48-5

saving addresses 48-6

sticky MAC addresses

configuring 48-7

defined 48-4

storing captured packets to a .pcap file, Wireshark 57-4

Storm Control

displaying 55-6

enabling Broadcast 55-3

enabling Multicast 55-4

hardware-based, implementing 55-2

overview 55-1

software-based, implementing 55-2

STP

and REP 23-6

bridge ID 21-2

configuring21-7to 21-20

creating topology 21-5

defaults 21-7

disabling 21-20

enabling 21-8

enabling extended system ID 21-9

enabling Per-VLAN Rapid Spanning Tree 21-20

EtherChannel guard

disabling 24-6

forward-delay time 21-19

hello time 21-17

Layer 2 protocol tunneling 28-13

maximum aging time 21-18

overview 21-1, 21-3

per-VLAN rapid spanning tree 21-6

port cost 21-15

port priority 21-13

root bridge 21-10

stratum, NTP 4-2

stub routing (EIGRP)

benefits 33-17

configuration tasks 33-18

configuring 33-14

overview 33-13, 33-14

restrictions 33-17

verifying 33-18

subdomains, private VLAN 43-2

summer time 4-13

supervisor engine

accessing the redundant 10-14, 11-14

configuring3-8to 3-13

copying files to standby 10-14, 11-14

default configuration 3-1

default gateways 3-11

environmental monitoring 13-1

redundancy 12-1

ROM monitor 3-26

startup configuration 3-25

static routes 3-11

synchronizing configurations 10-11, 11-10

Supervisor Engine II-TS

insufficient inline power handling 13-19, 14-12

Smartports macros

See also Auto Smartports macros

SVI Autostate Exclude

understanding 33-3

SVI Autostate exclude

configuring 33-7

S-VLAN 1-2, 28-7

switch 53-2

switch access with RADIUS, controlling 45-91

switched packets

and ACLs 52-25

Switched Port Analyzer

See SPAN

switchport

show interfaces 8-27, 8-28, 8-37

switchport access vlan command 18-5, 18-7

switchport block multicast command 54-2

switchport block unicast command 54-2

switchport mode access command 18-7

switchport mode dot1q-tunnel command 28-6

switchport mode dynamic command 18-5

switchport mode trunk command 18-5

switch ports

See access ports

switchport trunk allowed vlan command 18-5

switchport trunk native vlan command 18-5

switchport trunk pruning vlan command 18-6

switch-to-RADIUS server communication

configuring 45-32

sysret command 72-5

system

reviewing configuration 3-10

settings at startup 3-27

system alarms

overview 13-5

system and network statistics, displaying 36-23

system capabilities TLV 30-2

system clock

configuring

daylight saving time 4-13

manually 4-11

summer time 4-13

time zones 4-12

displaying the time and date 4-12

overview 4-2

See also NTP

system description TLV 30-2

system images

loading from Flash memory 3-30

modifying boot field 3-27

specifying 3-30

system message logging

default configuration 59-3

defining error message severity levels 59-8

disabling 59-4

displaying the configuration 59-12

enabling 59-4

facility keywords, described 59-12

level keywords, described 59-9

limiting messages 59-9

message format 59-2

overview 59-1

sequence numbers, enabling and disabling 59-7

setting the display destination device 59-5

synchronizing log messages 59-6

timestamps, enabling and disabling 59-7

UNIX syslog servers

configuring the daemon 59-10

configuring the logging facility 59-11

facilities supported 59-12

system MTU

802.1Q tunneling 28-5

maximums 28-5

system name

manual configuration 4-15

See also DNS

system name TLV 30-2

system prompt, default setting 4-14

T

TACACS+ 49-1

accounting, defined 3-16

authentication, defined 3-16

authorization, defined 3-16

configuring

accounting 3-21

authentication key 3-18

authorization 3-21

login authentication 3-19

default configuration 3-18

displaying the configuration 3-22

identifying the server 3-18

limiting the services to the user 3-21

operation of 3-17

overview 3-15

tracking services accessed by user 3-21

tagged packets

802.1Q 28-3

Layer 2 protocol 28-13

TCAM programming and ACLs 52-7

for Sup II-Plust thru V-10GE 52-6

TCAM programming and ACLs for Sup 6-E 52-10

TDR

checking cable connectivity 9-4

enabling and disabling test 9-4

guidelines 9-4

Telnet

accessing CLI 2-2

disconnecting user sessions 9-8

executing 9-6

monitoring user sessions 9-7

telnet command 9-7

templates, Ethernet OAM 64-45

Terminal Access Controller Access Control System Plus

See TACACS+

TFTP

configuration files in base directory 3-5

configuring for autoconfiguration 3-4

limiting access by servers 61-15

TFTP download

See also console download

threshold monitoring, IP SLAs 67-6

time

See NTP and system clock

Time Domain Reflectometer

See TDR

time exceeded messages 9-10

timer

See login timer

timestamps in log messages 59-7

time zones 4-12

TLV

host presence detection 45-8

TLVs

defined 1-7, 30-2

LLDP-MED 30-2

Token Ring

media not supported (note) 16-5, 16-10

Topology change notification processing

MLD Snooping

Topology change notification processing 27-4

TOS

description 41-4

trace command 9-10

traceroute

See IP traceroute

See Layer 2 Traceroute

traceroute mac command 9-12

traceroute mac ip command 9-12

tracked lists

configuring 58-3

types 58-3

tracked objects

by Boolean expression 58-4

by threshold percentage 58-6

by threshold weight 58-5

tracking interface line-protocol state 58-2

tracking IP routing state 58-2

tracking objects 58-1

tracking process 58-1

track state, tracking IP SLAs 58-9

traffic

blocking flooded 54-2

traffic control

using ACLs (figure) 52-4

using VLAN maps (figure) 52-5

traffic marking procedure flowchart 41-21, 41-55

traffic shaping 41-9

translational bridge numbers (defaults) 16-5

traps

configuring MAC address notification 4-24

configuring MAC move notification 4-26

configuring MAC threshold notification 4-28

configuring managers 61-11

defined 61-3

enabling 4-24, 4-26, 4-28, 61-11

notification types 61-11

overview 61-1, 61-4

troubleshooting

with CiscoWorks 61-4

with system message logging 59-1

with traceroute 9-9

troubleshooting high CPU due to ACLs 52-6

trunk failover

See link-state tracking

trunk ports

configure port security 48-17

configuring PVLAN43-19to 43-21

trunks

802.1Q restrictions 18-4

configuring 18-5

configuring access VLANs 18-5

configuring allowed VLANs 18-5

default interface configuration 18-5

enabling to non-DTP device 18-3

specifying native VLAN 18-5

understanding 18-3

trustpoint 66-3

tunneling

defined 28-1

tunnel ports

802.1Q, configuring 28-6

described 28-2

incompatibilities with other features 28-5

TwinGig Convertors

limitations on using 8-14

port numbering 8-13

selecting X2/TwinGig Convertor mode 8-14

type length value

See TLV

type of service

See TOS

U

UDLD

configuring probe message interval per-interface 31-8

default configuration 31-4

disabling on fiber-optic interfaces 31-7

disabling on non-fiber-optic interfaces 31-7

displaying link status 31-9

enabling globally 31-5

enabling per-interface 31-6

modes of operation 31-3

resetting disabled LAN interfaces 31-8

use case 31-2

UDLD, overview 31-1

UDP jitter, configuring 67-9

UDP jitter operation, IP SLAs 67-8

unauthorized ports with 802.1X 45-5

unicast

See IP unicast

unicast flood blocking

configuring 54-1

unicast MAC address filtering

and adding static addresses 4-31

and broadcast MAC addresses 4-30

and CPU packets 4-30

and multicast addresses 4-30

and router MAC addresses 4-30

configuration guidelines 4-30

described 4-30

unicast MAC address filtering, configuring

ACLs

configuring unicast MAC address filtering 52-13

Unicast RPF (Unicast Reverse Path Forwarding)

applying 35-5

BGP attributes

caution 35-4

CEF

requirement 35-2

tables 35-7

configuring 35-9

(examples)??to 35-12

BOOTP 35-8

DHCP 35-8

enterprise network (figure) 35-6

prerequisites 35-9

routing table requirements 35-7

tasks 35-9

verifying 35-10

deploying 35-5

description 1-22, 35-1

disabling 35-11

enterprise network (figure) 35-6

FIB 35-2

implementing 35-4

packets, dropping (figure) 35-4

prerequisites 35-9

restrictions

basic 35-8

routing asymmetry 35-7

routing asymmetry (figure) 35-8

routing table requirements 35-7

security policy

applying 35-5

attacks, mitigating 35-5

deploying 35-5

tunneling 35-5

source addresses, validating 35-3

(figure) 35-3, 35-4

failure 35-3

traffic filtering 35-5

tunneling 35-5

validation

failure 35-3, 35-4

packets, dropping 35-3

source addresses 35-3

verifying 35-10

unicast traffic

blocking 54-2

Unidirectional Controlled Port, configuring 802.1X 45-64

unidirectional ethernet

enabling 32-2

example of setting 32-2

overview 32-1

UniDirectional Link Detection Protocol

See UDLD

Universal PoE, configuring 14-16

UNIX syslog servers

daemon configuration 59-10

facilities supported 59-12

message logging configuration 59-11

UplinkFast

and MST 21-23

enabling 24-15

MST and 21-23

overview 24-11

uplink forwarding

quad-supervisor 5-6

usage examples, Wireshark 57-19

user-defined event triggers

configuring, 802.1X-based 20-8

configuring, MAC address-based 20-9

User-defined triggers and built-in macros, configuring mapping 20-9

user EXEC mode 2-5

user sessions

disconnecting 9-8

monitoring 9-7

V

VACLs

Layer 4 port operations 52-10

virtual configuration register 72-3

virtual LANs

See VLANs

virtual ports, MKA 44-3

Virtual Private Network

See VPN

Virtual Router Redundancy Protocol, introduction 1-22

Virtual Switch System(VSS), displaying EtherChannel to 25-16

VLAN ACLs

See VLAN maps

VLAN blocking, REP 23-13

vlan command 16-6

vlan dot1q tag native command 28-4

VLAN ID

service provider 28-9

VLAN ID, discovering 4-37

VLAN ID translation

See VLAN mapping

VLAN load balancing

REP 23-4

VLAN load balancing, triggering 23-6

VLAN load balancing on flex links 22-2

configuration guidelines 22-6

VLAN Management Policy Server

See VMPS

VLAN mapping

1-to-1 28-8

1-to-1, configuring 28-11

configuration guidelines 28-10

configuring 28-11

configuring on a trunk port 28-11

default 28-9

described 1-2, 28-7

selective QinQ 28-8

selective Q-in-Q, configuring 28-12

traditional QinQ 28-8

traditional Q-in-Q, configuring 28-12

types of 28-8

VLAN maps

applying to a VLAN 52-21

configuration example 52-22

configuration guidelines 52-18

configuring 52-17

creating and deleting entries 52-19

defined 1-39

denying access example 52-23

denying packets 52-19

displaying 52-24

order of entries 52-18

permitting packets 52-19

router ACLs and 52-25

using (figure) 52-5

using in your network 52-22

VLAN maps, PACL and Router ACLs 52-32

VLANs

allowed on trunk 18-5

configuration guidelines 16-3

configuring 16-5

configuring as Layer 3 interfaces 33-7

customer numbering in service-provider networks 28-3

default configuration 16-4

description 1-11

extended range 16-3

IDs (default) 16-5

interface assignment 16-7

limiting source traffic with RSPAN 56-23

monitoring with RSPAN 56-21

name (default) 16-5

normal range 16-3

overview 16-1

reserved range 16-3

See also PVLANs

VLAN Trunking Protocol

See VTP

VLAN trunks

overview 18-3

VLAN User Distribution, configuring 802.1X 45-66

VMPS

configuration file example 16-32

configuring dynamic access ports on client 16-25

configuring retry interval 16-27

database configuration file 16-32

dynamic port membership

example 16-29

reconfirming 16-26

reconfirming assignments 16-26

reconfirming membership interval 16-26

server overview 16-21

VMPS client

administering and monitoring 16-28

configure switch

configure reconfirmation interval 16-26

dynamic ports 16-25

entering IP VMPS address 16-24

reconfirmation interval 16-27

reconfirm VLAM membership 16-26

default configuration 16-24

dynamic VLAN membership overview 16-23

troubleshooting dynamic port VLAN membership 16-29

VMPS server

fall-back VLAN 16-23

illegal VMPS client requests 16-23

overview 16-21

security modes

multiple 16-22

open 16-22

secure 16-22

voice interfaces

configuring 42-1

Voice over IP

configuring 42-1

voice ports

configuring VVID 42-3

voice traffic 14-2, 42-5

voice VLAN

IP phone data traffic, described 42-2

IP phone voice traffic, described 42-2

Voice VLAN, configure 802.1X 45-70

voice VLAN ports

using 802.1X 45-22

VPN

configuring routing in 40-12

forwarding 40-3

in service provider networks 40-1

routes 40-2

routing and forwarding table

See VRF

VRF

defining 40-3

tables 40-1

VRF-aware services

ARP 40-6, 40-9

configuring 40-5

ftp 40-8

ping 40-6

SNMP 40-7

syslog 40-8

tftp 40-8

traceroute 40-8

uRPF 40-7

VRF-lite

description 1-22

VSS

dual-active detection

Enhanced PAgP, advantages 5-23

Enhanced PAgP, description 5-23

enhanced PAgP, description 5-53

VTP

client, configuring 16-16

configuration guidelines 16-12

default configuration 16-13

disabling 16-16

Layer 2 protocol tunneling 28-14

monitoring 16-19

overview 16-8

pruning

configuring 16-15

See also VTP version 2

server, configuring 16-16

statistics 16-19

transparent mode, configuring 16-16

version 2

enabling 16-15

VTP advertisements

description 16-9

VTP domains

description 16-8

VTP modes 16-9

VTP pruning

overview 16-11

VTP versions 2 and 3

overview 16-9

See also VTP

VTY and Network Assistant 15-12

VVID (voice VLAN ID)

and 802.1X authentication 45-22

configuring 42-3

W

WCCP

configuration examples 70-10

configuring on a router 70-2, 70-11

features 70-4

restrictions 70-5

service groups 70-6

web-based authentication

authentication proxy web pages 47-4

description 1-41, 45-14, 47-1

web-based authentication, interactions with other features 47-4

Web Cache Communication Protocol

See WCCP 70-1

web caches

See cache engines

web cache services

description 70-4

web caching

See web cache services

See also WCCP

web scaling 70-1

weight thresholds in tracked lists 58-5

Wireshark

activating and deactivating, capture points, conceptual 57-6

attachment points 57-2

capture filter 57-3

capture points 57-2

core system filter 57-3

decoding and displaying packets 57-5

display filter 57-4

feature interactions 57-6

filters 57-3

storing captured packets to a .pcap filter 57-4

usage examples 57-19

Wireshark, about 57-2

Wireshark, activating and deactivating a capture point 57-10

Wireshark, defining/modifying/deleting a capture point 57-8

Wireshark, displaying information 57-14

Y

Y.1731

default configuration 64-29

described 64-27

ETH-AIS

Ethernet Alarm Signal function (ETH-AIS)

     1

ETH-RDI 64-28

multicast Ethernet loopback 64-31

multicast ETH-LB 64-29

terminology 64-27