Catalyst 4500 Series Switch Software Configuration Guide, Release IOS XE 3.3.0SG and IOS 15.1(1)SG
Book Index
Downloads: This chapterpdf (PDF - 1.45MB) The complete bookPDF (PDF - 19.36MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - Y -

Index

Numerics

10/100 autonegotiation feature, forced 7-20

10-Gigabit Ethernet or Gigabit Ethernet ports

deploy on WS-X4606-10GE-E and Sup 6-E 7-13

10-Gigabit Ethernet port

deploy with Gigabit Ethernet SFP ports 7-12, 7-13

1400 W DC Power supply

special considerations 12-18

1400 W DC SP Triple Input power supply

special considerations 12-19

802.10 SAID (default) 15-5

802.1AE

standard 43-2

802.1Q

trunks 20-6

tunneling

compatibility with other features 27-5

defaults 27-3

described 27-2

tunnel ports with other features 27-6

802.1Q VLANs

trunk restrictions 17-4

802.1s

See MST

802.1w

See MST

802.1X

See port-based authentication

802.1X authentication

Authentication Failed VLAN assignment 44-17

for Critical Authentication 44-14

for guest VLANs 44-11

for MAC Authentication Bypass 44-12

for Unidirectional Controlled Port 44-15

VLAN User Distribution 44-16

web-based authentication 44-14

with port security 44-19

with VLAN assignment 44-10

with voice VLAN ports 44-22

802.1X Host Mode 44-6

multiauthentication mode 44-8

multidomain authentication mode 44-7

single-host 44-7

802.1x-REV 43-2

802.3ad

See LACP

A

AAA (authentication, authorization, and accounting). See also port-based authentication. 46-2

abbreviating commands 2-5

about Wireshark 56-1

access control entries

See ACEs

access-group mode, configuring on Layer 2 interface 51-31

access-group mode, using PACL with 51-30

access list filtering, SPAN enhancement 55-13

access lists

using with WCCP 69-8

access ports

and Layer 2 protocol tunneling 27-15

configure port security 47-7, 47-22

configuring 17-7

access VLANs 17-5

accounting

with RADIUS 44-108

with TACACS+ 3-16, 3-21

ACEs

ACLs 51-2

IP 1-35, 51-2

Layer 4 operation restrictions 51-10

ACL assignments, port-based authentication 44-20

ACL assignments and redirect URLs, configure 44-38

ACL configuration, displaying a Layer 2 interface 51-32

ACLs

ACEs 51-2

and SPAN 55-5

and TCAM programming for Sup 6-E 51-10

and TCAM programming for Sup II-Plus thru V-10GE 51-6

applying IPv6 ACLs to a Layer 3 interface 51-17

applying on routed packets 51-26

applying on switched packets 51-25

compatibility on the same switch 51-3

configuring with VLAN maps 51-25

CPU impact 51-12

downloadable 46-7

hardware and software support 51-6

IP, matching criteria for port ACLs 51-4

MAC extended 51-14

matching criteria for router ACLs 51-3

port

and voice VLAN 51-4

defined 51-3

processing 51-12

selecting mode of capturing control packets 51-7

troubleshooting high CPU 51-6

types supported 51-3

understanding 51-2

VLAN maps 51-5

ACLs, applying to a Layer 2 interface 51-31

ACLs and VLAN maps, examples 51-19

acronyms, list of A-1

action drivers, marking 40-20

activating and deactivating a capture point, Wireshark 56-10

activating and deactivating Wiresharkcapture points, conceptual, Wireshark 56-6

active queue management 40-9

active queue management via DBL, QoS on Sup 6-E 40-33

active traffic monitoring, IP SLAs 66-1

adding members to a community 14-9

addresses

displaying the MAC table 4-37

dynamic

changing the aging time 4-23

defined 4-21

learning 4-22

removing 4-24

IPv6 52-2

MAC, discovering 4-37

See MAC addresses

static

adding and removing 4-29

defined 4-21

address resolution 4-37

adjacency tables

description 33-2

displaying statistics 33-9

administrative VLAN

REP, configuring 22-9

administrative VLAN, REP 22-8

advertisements

LLDP 1-6, 29-2

advertisements, VTP

See VTP advertisements

aggregation switch, enabling DHCP snooping 50-9

aging time

MAC address table 4-23

All Auth manager sessions, displaying summary 44-114

All Auth manager sessions on the switch authorized for a specified authentication method 44-115

ANCP client

enabling and configuring 36-2

guidelines and restrictions 36-5

identify a port with DHCP option 82 36-4

identify a port with protocol 36-2

overview 36-1

ANCP protocol

identifying a port with 36-2

applying IPv6 ACLs to a Layer 3 interface 51-17

AQM via DBL, QoS on Sup 6-E 40-33

archiving crashfiles information 2-8

ARP

defined 4-37

table

address resolution 4-37

managing 4-37

asymmetrical links, and 802.1Q tunneling 27-3

attachment points, Wireshark 56-2

attributes, RADIUS

vendor-proprietary 44-111

vendor-specific 44-109

authentication

NTP associations 4-4

RADIUS

key 44-101

login 44-103

See also port-based authentication

TACACS+

defined 3-16

key 3-18

login 3-19

Authentication Failed, configuring 80.1X 44-68

Authentication methods registered with the Auth manager, determining 44-114

authentication open comand 44-8

authentication proxy web pages 46-4

authentication server

defined 44-3

RADIUS server 44-3

Auth manager session for an interface, verifying 44-115

Auth manager summary, displaying 44-114

authoritative time source, described 4-2

authorization

with RADIUS 44-107

with TACACS+ 3-16, 3-21

authorized and unauthorized ports 44-5

authorized ports with 802.1X 44-5

autoconfiguration 3-2

automatic discovery

considerations 14-7

Auto-MDIX on a port

configuring 7-30

displaying the configuration 7-30

overview 7-29

autonegotiation feature

forced 10/100Mbps 7-20

Auto SmartPorts built-in macros

configuring parameters 19-6

Auto SmartPorts macros

built-in macros 19-5

configuration guidelines 19-5

default configuration 19-4

defined 19-1

displaying 19-13

enabling 19-4

IOS shell 19-2, 19-10

Auto Smartports macros

defined 1-2

Auto SmartPorts user-defined macros

configuring 19-10

auto-sync command 9-8, 10-7

Auto SmartPorts macros

See also SmartPorts macros

Auto Smartports macros

See also Smartports macros

B

Baby Giants

interacting with 7-28

BackboneFast

adding a switch (figure) 23-3

and MST 20-23

configuring 23-15

link failure (figure) 23-14, 23-15

not supported MST 20-23

understanding 23-13

See also STP

banners

configuring

login 4-20

message-of-the-day login 4-18

default configuration 4-18

when displayed 4-17

b command 71-3

BFD

and hardware support 37-7

configuration example

BFD in a BGP network 37-25

BFD in an EIGRP network with echo mode enabled by default 37-17

BFD in an OSPF network 37-21

support for static routing 37-27

configuring

Echo mode 37-14

session parameters on the interface 37-8

Slow timer 37-15

support for BGP 37-8

support for dynamic routing protocols 37-8

support for EIGRP 37-9

support for OSPF 37-10

support for static routing 37-13

disabling echo mode without asymmetry 37-16

monitoring and troubleshooting 37-16

neighbor relationships 37-3

operation 37-2

prerequisites 37-2

restrictions 37-2

b flash command 71-3

BGP 1-15

routing session with multi-VRF CE 39-12

blocking packets 53-1

blocking state (STP)

RSTP comparisons (table) 20-24

Boolean expressions in tracked lists 57-4

boot bootldr command 3-31

boot command 3-28

boot commands 71-3

boot fields

See configuration register boot fields

bootstrap program

See ROM monitor

boot system command 3-26, 3-31

boot system flash command 3-28

Border Gateway Protocol

See BGP

boundary ports

description 20-27

BPDU Guard

and MST 20-23

configuring 23-15

overview 23-8

BPDUs

and media speed 20-2

pseudobridges and 20-25

what they contain 20-3

bridge ID

See STP bridge ID

bridge priority (STP) 20-17

bridge protocol data units

See BPDUs

Broadcast Storm Control

disabling 54-5

enabling 54-3

Built-in macros and user-defined triggers, configuring mapping 19-9

C

cache engine clusters 69-1

cache engines 69-1

cache farms

See cache engine clusters

Call Home

description 1-21, 65-2

message format options 65-2

messages

format options 65-2

call home 65-1

alert groups 65-6

configuring e-mail options 65-9

contact information 65-4

default settings 65-18

destination profiles 65-5

displaying information 65-14

mail-server priority 65-10

pattern matching 65-9

periodic notification 65-8

rate limit messages 65-9

severity threshold 65-8

smart call home feature 65-2

SMTP server 65-9

testing communications 65-10

call home alert groups

configuring 65-6

description 65-6

subscribing 65-7

call home contacts

assigning information 65-4

call home destination profiles

attributes 65-5

configuring 65-5

description 65-5

displaying 65-16

call home notifications

full-txt format for syslog 65-25

XML format for syslog 65-28

candidates

automatic discovery 14-7

candidate switch, cluster

defined 14-12

capture filter, Wireshark 56-3

capture points, Wireshark 56-2

Capturing control packets

selecting mode 51-7

cautions

Unicast RPF

BGP optional attributes 34-4

cautions for passwords

encrypting 3-22

CDP

automatic discovery in communities 14-7

configuration 28-2

defined with LLDP 29-1

displaying configuration 28-3

enabling on interfaces 28-3

host presence detection 44-8

Layer 2 protocol tunneling 27-13

maintaining 28-3

monitoring 28-3

overview 1-3, 28-1

cdp enable command 28-3

CEF

adjacency tables 33-2

and NSF with SSO 11-5

configuring load balancing 33-7

displaying statistics 33-8

enabling 33-6, 68-2

hardware switching 33-4

load balancing 33-6

overview 33-2

software switching 33-4

certificate authority (CA) 65-3

CFM

and Ethernet OAM, configuring 63-51

and Ethernet OAM interaction 63-51

clearing 63-31

configuration guidelines 63-7, 64-4

configuring crosscheck for VLANs 63-11

configuring fault alarms 63-16

configuring port MEP 63-14

configuring static remote MEP 63-13, 63-16, 63-18

crosscheck 63-5

defined 63-2

EtherChannel support 63-7, 64-4

fault alarms

configuring 63-16

IP SLAs support for 63-6

IP SLAs with endpoint discovers 63-21

maintenance domain 63-2

manually configuring IP SLAs ping or jitter 63-19

measuring network performance 63-6

monitoring 63-32, 63-33

port MEP, configuring 63-14

remote MEPs 63-5

static RMEP, configuring 63-13, 63-16, 63-18

static RMEP check 63-5

Y.1731

described 63-27

CGMP

overview 25-1

Change of Authorization, RADIUS 44-94

channel-group group command 24-8, 24-10

Cisco 7600 series Internet router

enabling SNMP 70-4, 70-5

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco IOS IP SLAs 66-2

Cisco IOS NSF-aware

support 11-2

Cisco IOS NSF-capable support 11-2

Cisco IP Phones

configuring 41-3

sound quality 41-1

Cisco TrustSec

credentials 43-10

switch-to-switch security

802.1x mode 43-11

configuration example 43-13

manual mode 43-12

Cisco TrustSec Network Device Admission Control

See NDAC

CiscoWorks 2000 60-4

CIST

description 20-22

civic location 29-3

class level, configure in a service policy 40-30

class of service

See CoS

clear cdp counters command 28-4

clear cdp table command 28-3

clear counters command 7-35

clearing

Ethernet CFM 63-31

IP multicast table entries 35-27

clear ip eigrp neighbors command 32-19

CLI

accessing 2-2

backing out one level 2-5

getting commands 2-5

history substitution 2-4

managing clusters 14-13

modes 2-5

monitoring environments 55-1

ROM monitor 2-7

software basics 2-4

client processes, tracking 57-1

clients

in 802.1X authentication 44-3

clock

See system clock

clustering switches

command switch characteristics

and VTY 14-12

convert to a community 14-10

managing

through CLI 14-13

overview 14-2

planning considerations

CLI 14-13

passwords 14-8

CoA Request Commands 44-97

command-line processing 2-3

command modes 2-5

commands

b 71-3

b flash 71-3

boot 71-3

confreg 71-3

dev 71-3

dir device 71-3

frame 71-5

i 71-3

listing 2-5

meminfo 71-5

reset 71-3

ROM monitor71-2to 71-3

ROM monitor debugging 71-5

SNMP 70-4

sysret 71-5

command switch, cluster

requirements 14-11

common and internal spanning tree

See CIST

common spanning tree

See CST

community of switches

access modes in Network Assistant 14-9

adding devices 14-9

communication protocols 14-8

community name 14-8

configuration information 14-9

converting from a cluster 14-10

host name 14-8

passwords 14-8

community ports 42-3

community strings

configuring 60-7

overview 60-4

community VLANs 42-2, 42-3

configure as a PVLAN 42-15

compiling MIBs 70-4

config-register command 3-29

config terminal command 3-9

configurable leave timer,IGMP 25-4

configuration examples

SNMP 60-15

configuration files

limiting TFTP server access 60-15

obtaining with DHCP 3-6

saving 3-10

system contact and location information 60-14

configuration guidelines

CFM 63-7, 64-4

Ethernet OAM 63-35

REP 22-7

SNMP 60-6

VLAN mapping 27-10

configuration register

boot fields

listing value 3-29

modifying 3-28

changing from ROM monitor 71-3

changing settings3-28to 3-29

configuring 3-26

settings at startup 3-27

configure class-level queue-limit in a service policy 40-30

configure terminal command 3-29, 7-2

configuring access-group mode on Layer 2 interface 51-31

configuring flow control 7-22

configuring interface link and trunk status envents 7-36

configuring named IPv6 ACLs 51-16

configuring named MAC extended ACLs 51-14, 51-15

configuring unicast MAC address filtering 51-13

configuring VLAN maps 51-17

confreg command 71-3

Connectivity Fault Management

See CFM

console configuration mode 2-5

console download71-4to 71-5

console port

disconnecting user sessions 8-8

monitoring user sessions 8-7

contact information

assigning for call home 65-4

controlling switch access with RADIUS 44-92

Control Plane Policing

and Layer 2 Control packet QoS, configuration example 48-14

configuration guidelines and restrictions 48-8

configuring for control plane traffic 48-4

configuring for data plane and management plan traffic 48-5

defaults 48-4

general guidelines 48-3

monitoring 48-9

understanding 48-2

control protocol, IP SLAs 66-4

convergence

REP 22-4

copy running-config startup-config command 3-10

copy system:running-config nvram:startup-config command 3-32

core system filter, Wireshark 56-3

CoS

definition 40-3

figure 40-2

overriding on Cisco IP Phones 41-5

priority 41-5

counters

clearing MFIB 35-28

clearing on interfaces 7-35

CPU, impact of ACL processing 51-12

CPU port sniffing 55-10

crashfiles information, archiving 2-8

Critical Authentication

configure with 802.1X 44-60

crosscheck, CFM 63-5, 63-11

CST

description 20-25

IST and 20-22

MST and 20-22

customer edge devices 39-2

C-VLAN 1-2, 27-7

D

database agent

configuration examples 50-15

enabling the DHCP Snooping 50-13

daylight saving time 4-13

debug commands, ROM monitor 71-5

decoding and displaying packets, Wireshark 56-5

default configuration

802.1X 44-27

banners 4-18

DNS 4-16

Ethernet OAM 63-35

IGMP filtering 25-20

IGMP snooping 26-5, 26-6

IP SLAs 66-6

IPv6 52-7

Layer 2 protocol tunneling 27-16

LLDP 29-5

MAC address table 4-23

multi-VRF CE 39-3

NTP 4-4

private VLANs 42-12

RADIUS 44-100

REP 22-7

resetting the interface 7-38

RMON 67-3

SNMP 60-5

SPAN and RSPAN 55-6

system message logging 58-3

TACACS+ 3-18

VLAN mapping 27-9

Y.1731 63-29

default gateway

configuring 3-11

verifying configuration 3-11

default settings, erase commad 3-32

default web-based authentication configuration

802.1X 46-6

defining/modifying/deleting a capture point, Wireshark 56-8

denial-of-service attacks

IP address spoofing, mitigating 34-5

Unicast RPF, deploying 34-5

denying access to a server on another VLAN 51-23

deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports 7-12, 7-13

deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports on WS-X4606-10GE-E and Sup 6-E 7-13

description command 7-22

dev command 71-3

device discovery protocol 29-1

device IDs

call home format 65-21, 65-22

DHCP

configuring

rate limit for incoming packets 50-13

denial-of-service attacks, preventing 50-13

rate limiting of packets

configuring 50-13

DHCP-based autoconfiguration

client request message exchange 3-3

configuring

client side 3-3

DNS 3-5

relay device 3-5

server-side 3-4

TFTP server 3-4

example 3-7

lease options

for IP address information 3-4

for receiving the configuration file 3-4

overview 3-2

relationship to BOOTP 3-3

DHCP option 82

identifying a port with 36-4

overview 50-4

DHCP Snooping

enabling, and Option 82 50-10

DHCP snooping

accepting untrusted packets form edge switch 50-10

configuring 50-6

default configuration 50-7

displaying binding tables 50-19

displaying configuration 50-19

displaying information 50-18

enabling 50-7

enabling on private VLAN 50-12

enabling on the aggregation switch 50-9

enabling the database agent 50-13

message exchange process 50-4

monitoring 50-23

option 82 data insertion 50-4

overview 50-1

Snooping database agent 50-2

DHCP Snooping Database Agent

adding to the database (example) 50-18

enabling (example) 50-15

overview 50-2

reading from a TFTP file (example) 50-17

Diagnostics

online 68-1

Power-On-Self-Test

causes of failure 68-20

how it works 68-10

overview 68-10

Power-On-Self-Test for Supervisor Engine V-10GE 68-13

Differentiated Services Code Point values

See DSCP values

DiffServ architecture, QoS 40-2

Digital optical monitoring transceiver support 7-18

dir device command 71-3

disabled state

RSTP comparisons (table) 20-24

disabling

broadcast storm control 54-5

disabling multicast storm control 54-5

disconnect command 8-8

discovery, clusters

See automatic discovery

discovery, Ethernet OAM 63-34

display dection and removal events 13-7

display filter, Wireshark 56-4

displaying

Auth Manager sumary for an interface 44-114

MAB details 44-117

summary of all Auth manager sessions 44-114

summary of all Auth manager sessions on the switch authorized for a specified authentication method 44-115

displaying EtherChannel to a Virtual Switch System 24-16

displaying storm control 54-6

displaying Wireshark information 56-13

display PoE consumed by a module 13-8

display PoE detection and removal events 13-7

DNS

and DHCP-based autoconfiguration 3-5

default configuration 4-16

displaying the configuration 4-17

overview 4-15

setting up 4-16

domain names

DNS 4-15

Domain Name System

See DNS

double-tagged packets

802.1Q tunneling 27-2

Layer 2 protocol tunneling 27-15

downloading MIBs 70-3, 70-4

drop threshold for Layer 2 protocol packets 27-16

DSCP values

definition 40-4

IP precedence 40-2

duplex command 7-21

duplex mode

configuring interface 7-19

dynamic ARP inspection

ARP cache poisoning 49-2

configuring

ACLs for non-DHCP environments 49-11

in DHCP environments 49-5

log buffer 49-14

rate limit for incoming ARP packets 49-16

denial-of-service attacks, preventing 49-16

interface trust state, security coverage 49-3

log buffer

configuring 49-14

logging of dropped packets 49-4

overview 49-1

port channels, their behavior 49-5

priority of static bindings 49-4

purpose of 49-2

rate limiting of ARP packets 49-4

configuring 49-16

validation checks, performing 49-19

Dynamic Host Configuration Protocol snooping

See DHCP snooping

dynamic port VLAN membership

example 15-29

limit on hosts 15-29

reconfirming 15-26

troubleshooting 15-29

E

EAP frames

changing retransmission time 44-82

exchanging (figure) 44-4, 44-6, 44-13

request/identity 44-4

response/identity 44-4

setting retransmission number 44-83

EAPOL frames

802.1X authentication and 44-3

OTP authentication, example (figure) 44-4, 44-13

start 44-4

Echo mode,configuring BFD 37-14

edge ports

description 20-27

EGP

overview 1-15

EIGRP

configuration examples 32-19

monitoring and maintaining 32-19

EIGRP (Enhanced IGRP)

stub routing

benefits 32-17

configuration tasks 32-18

configuring 32-14

overview 32-14

restrictions 32-17

verifying 32-18

EIGRP (enhanced IGRP)

overview 1-15

eigrp stub command 32-18

EIGRP stub routing, configuring 32-13

ELIN location 29-3

e-mail addresses

assigning for call home 65-4

e-mail notifications

Call Home 1-21, 65-2

Embedded CiscoView

displaying information 4-41

installing and configuring 4-38

overview 4-38

emergency alarms on Sup Engine 6-E systems 12-4

enable command 3-9, 3-28

enable mode 2-5

enabling SNMP 70-4, 70-5

encryption keying 43-2

encryption keys, MKA 43-2

Enhanced Interior Gateway Routing Protocol

See EIGRP

enhanced object tracking

defined 57-1

IP routing state 57-2

line-protocol state 57-2

tracked lists 57-3

Enhanced PoE support on E-series 13-15

Enhanced PoE support on E-series,configuring Universal PoE 13-16

environmental monitoring

using CLI commands 12-1

EPM logging 44-117

errdisable recovery

configuring 13-14

EtherChannel

channel-group group command 24-8, 24-10

configuration guidelines 24-5

configuring24-6to 24-15

configuring Layer 2 24-10

configuring Layer 3 24-6

displaying to a virtual switch system 24-16

interface port-channel command 24-7

lacp system-priority

command example 24-13

modes 24-3

overview 24-2

PAgP

Understanding 24-3

physical interface configuration 24-7

port-channel interfaces 24-2

port-channel load-balance command 24-14

removing 24-15

removing interfaces 24-15

EtherChannel guard

disabling 23-6

enabling 23-6

overview 23-6

Ethernet management port

and routing 7-6

and routing protocols 7-6

configuring 7-10

default setting 7-6

described 1-26, 7-6

for network management 1-26, 7-6

specifying 7-10

supported features 7-9

unsupported features 7-10

Ethernet management port, internal

and routing protocols 7-6

Ethernet Management Port, using 7-6

Ethernet OAM 63-34

and CFM interaction 63-51

configuration guidelines 63-35

configuring with CFM 63-51

default configuration 63-35

discovery 63-34

enabling 63-36, 63-52

link monitoring 63-34, 63-38

messages 63-34

protocol

defined 63-33

monitoring 63-49

remote failure indications 63-34

remote loopback 63-34, 63-37

templates 63-45

Ethernet OAM protocol CFM notifications 63-51

Ethernet Remote Defect Indication (ETH-RDI) 63-28

event triggers, user-defined

configuring, 802.1X-based 19-8

configuring, MAC address-based 19-9

explicit host tracking

enabling 25-11

extended range VLANs

See VLANs

Extensible Authentication Protocol over LAN 44-2

Exterior Gateway Protocol

See EGP

F

Fa0 port

See Ethernet management port

Failure detection, using BFD 37-6

Fallback Authentication

configure with 802.1X 44-73

FastDrop

overview 35-10

fastethernet0 port

See Ethernet management port

Fast UDLD

configuring probe message interval 30-8

default configuration 30-4

displaying link status 30-9

enabling globally 30-5

enabling on individual interface 30-7

enabling per-interface 30-6

modes of operation 30-3

resetting disabled LAN interfaces 30-8

use case 30-2

Fast UDLD, overview 30-1

feature interactions, Wireshark 56-6

FIB

description 33-2

See also MFIB

fiber-optics interfaces

disabling UDLD 30-7

Filter-ID ACL and Per-User ACL, configureport-based authentication

configure Per-User ACL and Filter-ID ACL 44-44

filtering

in a VLAN 51-17

non-IP traffic 51-14, 51-15

filters, Wireshark 56-3

flags 35-11

Flash memory

configuring router to boot from 3-31

loading system images from 3-30

security precautions 3-31

Flexible NetFlow

defined 1-4, 62-1

guidelines 62-1

Flex Links

configuration guidelines 21-6

configuring 21-6, 21-7

configuring preferred VLAN 21-9

configuring VLAN load balancing 21-8

monitoring 21-12

flooded traffic, blocking 53-2

flowchart, traffic marking procedure 40-20

flow control, configuring 7-22

For 13-13

forward-delay time (STP)

configuring 20-19

forwarding information base

See FIB

frame command 71-5

G

gateway

See default gateway

get-bulk-request operation 60-3

get-next-request operation 60-3, 60-4

get-request operation 60-3, 60-4

get-response operation 60-3

Gigabit Ethernet SFP ports

deploy with 10-Gigabit Ethernet 7-12, 7-13

global configuration mode 2-5

Guest-VLANs

configure with 802.1X 44-55

H

hardware and software ACL support 51-6

hardware switching 33-5

hello time (STP)

configuring 20-17

high CPU due to ACLs, troubleshooting 51-6

history

CLI 2-4

history table, level and number of syslog messages 58-9

hop counts

configuring MST bridges 20-28

host

limit on dynamic port 15-29

host modes, MACsec 43-4

host ports

kinds of 42-4

host presence CDP message 44-8

Hot Standby Routing Protocol

See HSRP

HSRP

description 1-13

hw-module module num power command 12-20

I

ICMP

enabling 8-13

ping 8-8

running IP traceroute 8-10

time exceeded messages 8-10

ICMP Echo operation

configuring 66-11

IP SLAs 66-11

i command 71-3

IDS

using with SPAN and RSPAN 55-2

IEEE 802.1ag 63-2

IEEE 802.1s

See MST

IEEE 802.1w

See MST

IEEE 802.3ad

See LACP

IGMP

configurable-leave timer 25-4

description 35-3

enabling 35-14

explicit host tracking 25-4

immediate-leave processing 25-3

leave processing, enabling 26-8

overview 25-1

report suppression

disabling 26-10

IGMP filtering

configuring 25-21

default configuration 25-20

described 25-20

monitoring 25-24

IGMP groups

setting the maximum number 25-23

IGMP Immediate Leave

configuration guidelines 25-9

IGMP profile

applying 25-22

configuration mode 25-21

configuring 25-21

IGMP Snooping

configure

leave timer 25-9

configuring

Learning Methods 25-7

static connection to a multicast router 25-8

configuring host statically 25-11

enabling

Immediate-Leave processing

explicit host tracking 25-11

suppressing multicast flooding 25-12

IGMP snooping

configuration guidelines 25-5

default configuration 26-5, 26-6

enabling

globally 25-6

on a VLAN 25-6

enabling and disabling 26-6

IP multicast and 35-4

monitoring 25-14, 26-10

overview 25-1

IGMP Snooping, displaying

group 25-16

hot membership 25-15

how to 25-15

MAC address entries 25-18

multicast router interfaces 25-17

on a VLAN interface 25-18

Querier information 25-19

IGMPSnooping Querier, configuring 25-10

Immediate Leave, IGMP

enabling 26-8

immediate-leave processing

enabling 25-8

IGMP

See fast-leave processing

ingress packets, SPAN enhancement 55-12

inline power

configuring on Cisco IP phones 41-5

insufficient inline power handling for Supervisor Engine II-TS 12-19

Intelligent Power Management 13-4

interacting with Baby Giants 7-28

interface

displaying operational status 13-6

interface command 3-9, 7-2

interface configuration

REP 22-10

interface link and trunk status events

configuring 7-36

interface port-channel command 24-7

interface range command 7-4

interface range macro command 7-10

interfaces

adding descriptive name 7-22

clearing counters 7-35

configuring 7-2

configuring ranges 7-4

displaying information about 7-34

Layer 2 modes 17-3

maintaining 7-34

monitoring 7-34

naming 7-22

numbers 7-2

overview 7-2

restarting 7-35, 7-36

See also Layer 2 interfaces

using the Ethernet Management Port 7-6

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

Internet Protocol version 6

See IPv6

introduction

802.1X Identity-Based Network Security, list of supported features 1-31

Cisco Call Home 1-21

Cisco Energy Wise 1-21

Cisco IOS IP Service Level Agreements 1-22

Cisco IOS Mediatrace and Performance Monitor 1-24

Cisco Medianet AutoQoS 1-23

Cisco Medianet Flow Metadata 1-23

Cisco Media Services Proxy 1-22

Cisco TrustSec MACsec Encryption 1-33

Cisco TrustSec Security Architecture 1-32

Debugging Features (platform and debug platform) 1-37

Dynamic Host Control Protocol 1-25

Easy Virtual Network 1-25

Embedded Event Manager 1-26

Ethernet Management Port 1-26

FAT File Management System (Sup 60-E, 6L-E, 4948E, and 4900M) 1-27

File System Management (Sup 7-E and 7L-E) 1-26

hard-based Control Plane Policing 1-34

Intelligent Power Management 1-27

IP Source Guard 1-34

IP Source Guard or Static Hosts 1-34

Layer 2 traceroute 1-37

MAC Address Notification 1-27

NAC

Layer 2 802.1X authentication 1-35

Layer 2 IP validation 1-35

NetFlow-lite 1-28

Network Security with ACLs (IP ACLs, MAC ACLs, Port ACLs, Router, ACLs, and VLAN ACLs) 1-35

Port Security 1-36

Power over Ethernet 1-28

Simple Network Management Protocol 1-28

SPAN and RSPAN 1-29

Time Domain Reflectometry 1-37

Universal Power over Ethernet 1-29

Web-based Authentication 1-38

Web Content Coordination Protocol 1-29

Wireshark 1-30

XML-PI 1-30

Intrusion Detection System

See IDS

inventory management TLV 29-3, 29-9

IOS shell

See Auto SmartPorts macros

IP

configuring default gateway 3-11

configuring static routes 3-11

displaying statistics 33-8

IP addresses

128-bit 52-2

cluster candidate or member 14-12

cluster command switch 14-11

discovering 4-37

IPv6 52-2

ip cef command 33-6, 68-2

IP Enhanced IGRP

interfaces, displaying 32-19

ip icmp rate-limit unreachable command 8-13

ip igmp profile command 25-21

ip igmp snooping tcn flood command 25-13

ip igmp snooping tcn flood query count command 25-14

ip igmp snooping tcn query solicit command 25-14

IP information

assigned

through DHCP-based autoconfiguration 3-2

ip load-sharing per-destination command 33-7

ip local policy route-map command 38-7

ip mask-reply command 8-14

IP MTU sizes,configuring 32-9

IP multicast

clearing table entries 35-27

configuring 35-12

default configuration 35-13

displaying PIM information 35-23

displaying the routing table information 35-23

enabling dense-mode PIM 35-14

enabling sparse-mode 35-14

features not supported 35-12

hardware forwarding 35-8

IGMP snooping and 25-5, 35-4

overview 35-1

routing protocols 35-2

software forwarding 35-8

See also Auto-RP; IGMP; PIM; RP; RPF

IP multicast routing

enabling 35-13

monitoring and maintaining 35-22

ip multicast-routing command 35-13

IP multicast traffic, load splitting 35-21

IP phones

configuring voice ports 41-3

See Cisco IP Phones 41-1

ip pim command 35-14

ip pim dense-mode command 35-14

ip pim sparse-dense-mode command 35-15, 35-16

ip policy route-map command 38-7

IP Port Security for Static Hosts

on a Layer 2 access port 50-25

on a PVLAN host port 50-28

overview 50-24

ip redirects command 8-14

IP routing tables

deleting entries 35-27

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 66-1

IP SLAs

benefits 66-2

CFM endpoint discovery 63-21

configuration guidelines 66-6

Control Protocol 66-4

default configuration 66-6

definition 66-1

ICMP echo operation 66-11

manually configuring CFM ping or jitter 63-19

measuring network performance 66-3

multioperations scheduling 66-5

operation 66-3

reachability tracking 57-9

responder

described 66-4

enabling 66-7

response time 66-4

scheduling 66-5

SNMP support 66-2

supported metrics 66-2

threshold monitoring 66-6

track state 57-9

UDP jitter operation 66-8

IP Source Guard

configuring 50-20

configuring on private VLANs 50-22

displaying 50-22, 50-23

overview 50-23

IP statistics

displaying 33-8

IP traceroute

executing 8-10

overview 8-9

IP unicast

displaying statistics 33-8

IP Unnumbered support

configuring on a range of Ethernet VLANs 16-5

configuring on LAN and VLAN interfaces 16-4

configuring with connected host polling 16-6

DHCP Option 82 16-2

displaying settings 16-7

format of agent remote ID suboptions 16-2

troubleshooting 16-8

with conected host polling 16-3

with DHCP server and Relay agent 16-2

ip unreachables command 8-13

IPv4, IPv6, and MAC ACLs, configuring on a Layer 2 interface 51-29

IPv6

addresses 52-2

default configuration 52-7

defined 1-17, 52-1

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 52-6

Router ID 52-6

OSPF 52-6

IPv6 control traffic, policing 48-16

IPX

redistribution of route information with EIGRP 1-15

is 27-19

ISL

trunking with 802.1Q tunneling 27-4

isolated port 42-4

isolated VLANs 42-2, 42-3, 42-4

ISSU

compatibility matrix 5-14, 6-13

compatiblity verification using Cisco Feature Navigator 5-15, 6-14

NSF overview 5-3, 6-3

perform the process

aborting a software upgrade 5-31, 6-31

configuring the rollback timer as a safeguard 5-32, 6-32

displaying a compatibility matrix 5-34, 5-37, 6-34

loading the new software on the new standby 5-24, 6-24

stopping the rollback timer 5-23, 6-23

switching to the standby 5-21, 6-21

verify the ISSU state 5-17, 6-17

verify the redundancy mode 5-16, 6-16

verify the software installation 5-16, 6-15

vload the new software on standby 5-18, 6-18

prerequisites 5-2, 6-2

process overview 5-6, 6-6

restrictions 5-2, 6-2

SNMP support 5-15, 6-14

SSO overview 5-3, 6-3

versioning capability in software to support 5-13

IST

and MST regions 20-22

description 20-22

master 20-27

ITU-T Y.1731

See Y.1731

J

jumbo frames

and ethernet ports 7-26

configuring MTU sizes for 7-27

ports and linecards that support 7-24

understanding MTUs 7-25

understanding support 7-25

VLAN interfaces 7-26

K

keyboard shortcuts 2-3

L

l2protocol-tunnel command 27-17

labels, definition 40-3

LACP

system ID 24-4

Layer 2 access ports 17-7

Layer 2 Control Packet QoS

and CoPP configuration example 48-14

default configuation 48-11

disabling 48-13

enabvling 48-12

guideline and restrictions 48-16

understanding 48-11

Layer 2 frames

classification with CoS 40-2

Layer 2 interface

applying ACLs 51-31

configuring access-mode mode on 51-31

configuring IPv4, IPv6, and MAC ACLs 51-29

displaying an ACL configuration 51-32

Layer 2 interfaces

assigning VLANs 15-7

configuring 17-5

configuring as PVLAN host ports 42-18

configuring as PVLAN promiscuous ports 42-17

configuring as PVLAN trunk ports 42-19

defaults 17-4

disabling configuration 17-8

modes 17-3

show interfaces command 17-6

Layer 2 interface type

resetting 42-24

setting 42-24

Layer 2 protocol tunneling

default configuration 27-16

guidelines 27-16

Layer 2 switching

overview 17-1

Layer 2 Traceroute

and ARP 8-11

and CDP 8-11

host-to-host paths 8-11

IP addresses and subnets 8-11

MAC addresses and VLANs 8-11

multicast traffic 8-11

multiple devices on a port 8-11

unicast traffic 1-37, 8-10

usage guidelines 8-11

Layer 2 trunks

configuring 17-5

overview 17-3

Layer 3 interface, applying IPv6 ACLs 51-17

Layer 3 interface counters,configuring 32-10

Layer 3 interface counters,understanding 32-3

Layer 3 interfaces

changing from Layer 2 mode 39-7

configuration guidelines 32-5

configuring VLANs as interfaces 32-7

overview 32-1

counters 32-3

logical 32-2

physical 32-2

SVI autostate exclude 32-3

Layer 3 packets

classification methods 40-2

Layer 4 port operations

configuration guidelines 51-11

restrictions 51-10

Leave timer, enabling 25-9

limitations on using a TwinGig Convertor 7-14

link and trunk status events

configuring interface 7-36

link integrity, verifying with REP 22-4

Link Layer Discovery Protocol

See CDP

link monitoring, Ethernet OAM 63-34, 63-38

link-state tracking

configuration guidelines 24-21

default configuration 24-21

described 24-18

displaying status 24-22

generic configuration procedure 24-21

link status, displaying UDLD 30-9

listening state (STP)

RSTP comparisons (table) 20-24

LLDP

configuring 29-4

characteristics 29-5

default configuration 29-5

disabling and enabling

globally 29-6

on an interface 29-7

monitoring and maintaining 29-14

overview 29-1

transmission timer and holdtime, setting 29-5

LLDP-MED

configuring

procedures 29-4

TLVs 29-9, 29-11

monitoring and maintaining 29-14

overview 29-1

supported TLVs 29-2

LLDP Media Endpoint Discovery

See LLDP-MED

load balancing

configuring for CEF 33-7

configuring for EtherChannel 24-14

overview 24-5, 33-6

per-destination 33-7

load splitting IP multicast traffic 35-21

Location Service

overview 29-1

location service

configuring 29-12

understanding 29-3

location TLV 29-3, 29-9

logging, EPM 44-117

Logical Layer 3 interfaces

configuring 32-6

logical layer 3 VLAN interfaces 32-2

login authentication

with RADIUS 44-103

with TACACS+ 3-19

login banners 4-17

login timer

changing 8-7

logoutwarning command 8-7

loop guard

and MST 20-23

configuring 23-4

overview 23-3

M

MAC/PHY configuration status TLV 29-2

MAC addresses

aging time 4-23

allocating 20-6

and VLAN association 4-22

building tables 4-21, 17-2

convert dynamic to sticky secure 47-5

default configuration 4-23

disabling learning on a VLAN 4-32

discovering 4-37

displaying 8-4

displaying in DHCP snooping binding table 50-19

dynamic

learning 4-22

removing 4-24

in ACLs 51-14

static

adding 4-30

allowing 4-31

characteristics of 4-29

dropping 4-31

removing 4-30

sticky 47-4

sticky secure, adding 47-5

MAC address learning, disabling on a VLAN 4-32

confuguring 4-32

deployment scenarios 4-33

feature compatibility 4-35

feature incompatibility 4-36

feature inompatibility 4-36

usage guidelines 4-33

MAC address table

displaying 4-37

MAC address-table move update

configuration guidelines 21-10

configuring 21-10

monitoring 21-12

MAC Authentication Bypass

configure with 802.1X 44-58

MAC details, displaying 44-117

MAC extended access lists 51-14

macl 51-14

macros

See Auto SmartPorts macros

See Auto Smartports macros

See Smartports macros

MACSec

802.1AE Tagging 43-8

MACsec 43-2

configuring on an interface 43-7

defined 43-1, 43-2

switch-to-switch security 43-1

MACsec Key Agreement Protocol

See MKA

main-cpu command 9-8, 10-7

management address TLV 29-2

management options

SNMP 60-1

Management Port, Ethernet 7-6

manual preemption, REP, configuring 22-13

marking

hardware capabilities 40-22

marking action drivers 40-20

marking network traffic 40-17

marking support, multi-attribute 40-21

match ip address command 38-6

maximum aging time (STP)

configuring 20-18

MDA

configuration guidelines44-23to ??

described 44-22

Media Access Control Security

See MACsec

members

automatic discovery 14-7

member switch

managing 14-13

member switch, cluster

defined 14-2

meminfo command 71-5

messages, Ethernet OAM 63-34

messages, to users through banners 4-17

Metro features

Ethernet CFM, introduction 1-3

Ethernet OAM Protocol, introduction 1-3

Flex Link and MAC Address-Table Move Update, introduction 1-4

Y.1731 (AIS and RDI), introduction 1-10

metro tags 27-2

MFIB

CEF 35-5

overview 35-11

MFIB, IP

displaying 35-25

MIBs

compiling 70-4

downloading 70-3, 70-4

overview 60-1

related information 70-3

SNMP interaction with 60-4

MKA

configuring policies 43-6

defined 43-2

policies 43-3

replay protection 43-3

statistics 43-5

virtual ports 43-3

MLD Done messages and Immediate-leave 26-4

MLD messages 26-2

MLD queries 26-3

MLD reports 26-4

MLD Snooping

MLD Done messages and Immediate-leave 26-4

MLD messages 26-2

MLD queries 26-3

MLD reports 26-4

Multicast client aging robustness 26-3

Multicast router discovery 26-3

overview 26-1

Mode of capturing control packets, selecting 51-7

modules

checking status 8-2

powering down 12-19

monitoring

802.1Q tunneling 27-18

ACL information 51-35

Ethernet CFM 63-32, 63-33

Ethernet OAM 63-49

Ethernet OAM protocol 63-49

Flex Links 21-12

IGMP

snooping 26-10

IGMP filters 25-24

IGMP snooping 25-14

Layer 2 protocol tunneling 27-18

MAC address-table move update 21-12

multicast router interfaces 26-11

multi-VRF CE 39-17

object tracking 57-12

REP 22-14

traffic flowing among switches 67-1

tunneling 27-18

VLAN filters 51-24

VLAN maps 51-24

monitoring and troubleshooting

BFD 37-16

M-record 20-23

MST

and multiple spanning trees 1-7, 20-22

boundary ports 20-27

BPDUs 20-23

configuration parameters 20-26

configuring 20-29

displaying configurations 20-33

edge ports 20-27

enabling 20-29

hop count 20-28

instances

configuring parameters 20-32

description 20-23

number supported 20-26

interoperability with PVST+ 20-23

link type 20-28

master 20-27

message age 20-28

regions 20-26

restrictions 20-29

to-SST interoperability 20-24

MSTP

EtherChannel guard

enabling 23-6

M-record 20-23

M-tree 20-23

M-tree 20-23

MTUS

understanding 7-25

MTU size

configuring 7-27, 7-28, 7-37

default 15-5

Multi-authentication

described 44-22

multiauthentication mode 44-8

multicast

See IP multicast

Multicast client aging robustness 26-3

multicast Ethernet loopback (ETH-LB) 63-29

multicast Ethernet loopback, using 63-31

multicast groups

static joins 26-7

multicast packets

blocking 53-2

Multicast router discovery 26-3

multicast router interfaces, displaying 25-17

multicast router interfaces, monitoring 26-11

multicast router ports, adding 26-7

multicast routers

flood suppression 25-12

multicast router table

displaying 35-23

Multicast Storm Control

enabling 54-4

disabling 54-5

multidomain authentication

See MDA

multidomain authentication mode 44-7

multioperations scheduling, IP SLAs 66-5

Multiple AuthorizationAuthentication

configuring 44-34

Multiple Domain Authentication 44-34

multiple forwarding paths 1-7, 20-22

multiple-hosts mode 44-7

Multiple Spanning Tree

See MST

multiple VPN routing/forwarding

See multi-VRF CE

multi-VRF CE

components 39-3

configuration example 39-13

default configuration 39-3

defined 39-1

displaying 39-17

monitoring 39-17

network components 39-3

packet-forwarding process 39-3

N

NAC Layer 2 802.1X authentication, intro 1-35

NAC Layer 2 IP validation, intro 1-35

named IPv6 ACLs, configuring

ACLs

configuring named IPv6 ACLs 51-16

named MAC extended ACLs

ACLs

configuring named MAC extended 51-14, 51-15

native VLAN

and 802.1Q tunneling 27-4

specifying 17-5

NDAC 43-9

defined 43-9

MACsec 43-1

NEAT

configuring 44-85

overview 44-24

neighbor offset numbers, REP 22-5

NetFlow-lite

clear commands 61-9

display commands 61-8

NetFlow packet sampling

about 61-2

Network Assistant

and VTY 14-12

configure

enable communication with switch 14-13, 14-17

default configuration 14-3

overview of CLI commands 14-3

Network Device Admission Control (NDAC) 43-9

Network Edge Access Topology

See NEAT

network fault tolerance 1-7, 20-22

network management

configuring 28-1

RMON 67-1

SNMP 60-1

network performance, measuring with IP SLAs 66-3

network policy TLV 29-2, 29-9

Network Time Protocol

See NTP

network traffic, marking 40-17

New Software Features in Release 7.7

TDR 8-4

Next Hop Resolution Protocol

See NHRP

NHRP

support 1-15

non-fiber-optics interfaces

disabling UDLD 30-7

non-IP traffic filtering 51-14, 51-15

non-RPF traffic

description 35-10

in redundant configurations (figure) 35-10

Nonstop Forwarding

See NSF

nonvolatile random-access memory

See NVRAM

normal-range VLANs

See VLANs

NSF

defined 11-1

guidelines and restrictions 11-9

operation 11-4

NSF-aware

supervisor engines 11-3

support 11-2

NSF-capable

supervisor engines 11-3

support 11-2

NSF with SSO supervisor engine redundancy

and CEF 11-5

overview 11-3

SSO operation 11-4

NTP

associations

authenticating 4-4

defined 4-2

enabling broadcast messages 4-7

peer 4-6

server 4-6

default configuration 4-4

displaying the configuration 4-11

overview 4-2

restricting access

creating an access group 4-9

disabling NTP services per interface 4-10

source IP address, configuring 4-10

stratum 4-2

synchronizing devices 4-6

time

services 4-2

synchronizing 4-2

ntroduction

PPPoE Intermediate Agent 1-36

Storm Control 1-36

uRPF Strict Mode 1-37

NVRAM

saving settings 3-10

O

OAM

client 63-34

features 63-34

sublayer 63-34

OAM manager

configuring 63-52

with CFM and Ethernet OAM 63-51

OAM PDUs 63-35

OAM protocol data units 63-33

object tracking

monitoring 57-12

OIR

overview 7-31

on-demaind online diagnostics 68-2

online diagnostic

troubleshooting 68-8

Online Diagnostics 68-1

online diagnostics

configuring on-demaind 68-2

data path, displaying test results 68-7

displaying tests and test results 68-4

linecard 68-8

scheduling 68-2

starting and stopping tests 68-3

online insertion and removal

See OIR

Open Shortest Path First

See OSPF

operating system images

See system images

Option 82

enabling DHCP Snooping 50-10

OSPF

area concept 1-16

description 1-16

for IPv6 52-6

P

packets

modifying 40-9

packet type filtering

overview 55-14

SPAN enhancement 55-14

PACL

using with access-group mode 51-30

PACL configuration guidelines 51-28

PACL with VLAN maps and router ACLs 51-32

PAgP

understanding 24-3

passwords

configuring enable password 3-14

configuring enable secret password 3-14

encrypting 3-22

in clusters 14-8

recovering lost enable password 3-25

setting line password 3-14

PBR (policy-based routing)

configuration (example) 38-8

enabling 38-6

features 38-2

overview 38-1

route-map processing logic 38-3

route-map processing logic example 38-4

route maps 38-2

when to use 38-5

percentage thresholds in tracked lists 57-6

per-port and VLAN Access Control List 50-19

per-port per-VLAN QoS

enabling 40-35

overview 40-10

Per-User ACL and Filter-ID ACL, configure 44-44

Per-VLAN Rapid Spanning Tree 20-6

enabling 20-20

overview 20-6

PE to CE routing, configuring 39-12

physical layer 3 interfaces 32-2

Physical Layer 3 interfaces, configuring 32-12

PIM

configuring dense mode 35-14

configuring sparse mode 35-14

displaying information 35-23

displaying statistics 35-27

enabling sparse-dense mode 35-14, 35-15

overview 35-3

PIM-DM 35-3

PIM on an interface, enabling 35-14

PIM-SM 35-3

PIM-SSM mapping, enabling 35-16

ping

executing 8-9

overview 8-8

ping command 8-9, 35-23

PoE 13-7, 13-8

configuring power consumption, powered devices 13-5

configuring power consumption for single device 13-5, 13-16

displaying operational status for an interface 13-6

Enhanced PoE support on E-series 13-15

policing and monitoring 13-12

power consumption for powered devices

Intelligent Power Management 13-4

powering down a module 12-19

power management modes 13-2

PoE policing

configuring errdisable recovery 13-14

configuring on an interface 13-13

displaying on an interface 13-14

power modes 13-12

point-to-point

in 802.1X authentication (figure) 44-3

policing

how to implement 40-17

See QoS policing

policing, PoE 13-12

policing IPv6 control traffic 48-16

policy associations, QoS on Sup 6-E 40-38

policy-map command 40-15

policy map marking action, configuring 40-22

port ACLs

and voice VLAN 51-4

defined 51-3

Port Aggregation Protocol

see PAgP

port-based authentication

802.1X with voice VLAN 44-22

Authentication Failed VLAN assignment 44-17

authentication server

defined 46-2

changing the quiet period 44-81

client, defined 44-3, 46-2

configuration guidelines 44-28, 46-6

configure ACL assignments and redirect URLs 44-38

configure switch-to-RADIUS server communication 44-32

configure with Authentication Failed 44-68

configure with Critical Authentication 44-60

configure with Guest-VLANs 44-55

configure with MAC Authentication Bypass 44-58

configure with VLAN User Distribution 44-66

configure with Voice VLAN 44-70

configuring

Multiple Domain Authentication and Multiple Authorization 44-34

RADIUS server 46-10

RADIUS server parameters on the switch 46-9

configuring Fallback Authentication 44-73

configuring Guest-VLAN 44-32

configuring manual re-authentication of a client 44-91

configuring with Unidirectional Controlled Port 44-64

controlling authorization state 44-5

default configuration 44-27, 46-6

described 44-1

device roles 44-2, 46-2

displaying statistics 44-113, 46-14

enabling 44-28

802.1X authentication 46-9

enabling multiple hosts 44-80

enabling periodic re-authentication 44-78

encapsulation 44-3

host mode 44-6

how 802.1X fails on a port 44-25

initiation and message exchange 44-4

method lists 44-28

modes 44-6

multidomain authentication 44-22

multiple-hosts mode, described 44-7

port security

multiple-hosts mode 44-7

ports not supported 44-5

pre-authentication open access 44-8

resetting to default values 44-92

setting retransmission number 44-83

setting retransmission time 44-82

switch

as proxy 46-2

switch supplicant

configuring 44-85

overview 44-24

topologies, supported 44-25

using with ACL assignments and redirect URLs 44-20

using with port security 44-19

with Critical Authentication 44-14

with Guest VLANs 44-11

with MAC Authentication Bypass 44-12

with Unidirectional Controlled Port 44-15

with VLAN assignment 44-10

with VLAN User Distribution 44-16

port-channel interfaces

See also EtherChannel

creating 24-7

overview 24-2

port-channel load-balance

command 24-13

command example 24-13

port-channel load-balance command 24-14

port cost (STP)

configuring 20-15

port description TLV 29-2

PortFast

and MST 20-23

BPDU filter, configuring 23-9

configuring or enabling 23-15

overview 23-6

PortFast BPDU filtering

and MST 20-23

enabling 23-9

overview 23-9

port numbering with TwinGig Convertors 7-13

port priority

configuring MST instances 20-32

configuring STP 20-13

ports

blocking 53-1

checking status 8-3

dynamic VLAN membership

example 15-29

reconfirming 15-26

forwarding, resuming 53-3

REP 22-6

See also interfaces

port security

aging 47-5

configuring 47-7

displaying 47-28

guidelines and restrictions 47-33

on access ports 47-7, 47-22

on private VLAN 47-14

host 47-14

promiscuous 47-16

topology 47-15, 47-18, 47-32

on trunk port 47-17

guidelines and restrictions 47-15, 47-18, 47-32

port mode changes 47-22

on voice ports 47-22

sticky learning 47-5

using with 802.1X 44-19

violations 47-6

with 802.1X Authentication 47-32

with DHCP and IP Source Guard 47-31

with other features 47-33

port states

description 20-5

port VLAN ID TLV 29-2

power

inline 41-5

power dc input command 12-19

powered devices, configuring power consumption 13-5

power handling for Supervisor Engine II-TS 13-12

power inline command 13-3

power inline consumption command 13-5

power management

Catalyst 4500 series 12-7

Catalyst 4500 Switch power supplies 12-13

Catalyst 4948 series 12-20

configuring combined mode 12-12

configuring redundant mode 12-11

overview 12-1

redundancy 12-7

power management for Catalyst 4500 Switch

combined mode 12-9

redundant mode 12-8

power management limitations in Catalyst 4500 Switch 12-9

power management mode

selecting 12-9

power management TLV 29-2, 29-3, 29-9

power negotiation

through LLDP 29-11

Power-On-Self-Test diagnostics 68-10, 68-20

Power-On-Self-Test for Supervisor Engine V-10GE 68-13

power policing, displaying on an interface 13-14

power redundancy-mode command 12-12

power supplies

available power for Catalyst 4500 Switch 12-13

fixed 12-7

variable 12-7, 12-20

pre-authentication open access 44-8

pre-authentication open access. See port-based authentication.

preempt delay time, REP 22-5

primary edge port, REP 22-4

primary VLANs 42-2, 42-4

associating with secondary VLANs 42-16

configuring as a PVLAN 42-15

priority

overriding CoS of incoming frames 41-5

priority queuing, QoS on Sup 6-E 40-29

private VLAN

configure port security 47-14, 47-15

enabling DHCP Snooping 50-12

private VLANs

across multiple switches 42-5

and SVIs 42-10

benefits of 42-2

community ports 42-3

community VLANs 42-2, 42-3

default configuration 42-12

end station access to 42-3

isolated port 42-4

isolated VLANs 42-2, 42-3, 42-4

ports

community 42-3

isolated 42-4

promiscuous 42-4

primary VLANs 42-2, 42-4

promiscuous ports 42-4

secondary VLANs 42-2

subdomains 42-2

traffic in 42-9

privileged EXEC mode 2-5

privileges

changing default 3-23

configuring levels 3-23

exiting 3-24

logging in 3-24

promiscuous ports

configuring PVLAN 42-17

defined 42-4

setting mode 42-24

protocol timers 20-4

provider edge devices 39-2

pruning, VTP

See VTP pruning

pseudobridges

description 20-25

PVACL 50-19

PVID (port VLAN ID)

and 802.1X with voice VLAN ports 44-22

PVLAN promiscuous trunk port

configuring 42-11, 42-17, 42-21

PVLANs

802.1q support 42-14

across multiple switches 42-5

configuration guidelines 42-12

configure port security 47-14, 47-16, 47-18

configure port security in a wireless setting 47-32

configuring 42-11

configuring a VLAN 42-15

configuring promiscuous ports 42-17

host ports

configuring a Layer 2 interface 42-18

setting 42-24

overview 42-1

permitting routing, example 42-23

promiscuous mode

setting 42-24

setting

interface mode 42-24

Q

QoS

classification40-6to ??

definitions 40-3

enabling per-port per-VLAN 40-35

overview 40-1

overview of per-port per-VLAN 40-10

packet modification 40-9

traffic shaping 40-9

See also COS; DSCP values; transmit queues

QoS active queue management

tracking queue length 40-9

QoS labels

definition 40-3

QoS marking

description 40-5

QoS on Sup 6-E

Active Queue management via DBL 40-33

active queue management via DBL 40-26, 40-33

classification 40-15

configuring 40-12

configuring CoS mutation 40-44

configuring the policy map marking action 40-22

hardware capabilities for marking 40-22

how to implement policing 40-17

marking action drivers 40-20

marking network traffic 40-17

MQC-based QoS configuration 40-13

multi-attribute marking support 40-21

platform hardware capabilities 40-14

platform restrictions 40-17

platform-supported classification criteria and QoS features 40-13

policing 40-16

policy associations 40-38

prerequisites for applying a service policy 40-14

priority queuing 40-29

queue-limiting 40-30

restrictions for applying a service policy 40-14

shaping 40-24

sharing(bandwidth) 40-26

sharing(blandwidth), shapring, and priority queuing 40-24

software QoS 40-39

traffic marking procedure flowchart 40-20

QoS policing

definition 40-5

described 40-8

QoS policy

attaching to interfaces 40-8

QoS service policy

prerequisites 40-14

restrictions for applying 40-14

QoS transmit queues

burst 40-9

maximum rate 40-9

sharing link bandwidth 40-9

Quality of service

See QoS

queueing 40-8

queue-limiting, QoS on Sup 6-E 40-30

R

RADIUS

attributes

vendor-proprietary 44-111

vendor-specific 44-109

change of authorization 44-94

configuring

accounting 44-108

authentication 44-103

authorization 44-107

communication, global 44-101, 44-109

communication, per-server 44-100, 44-101

multiple UDP ports 44-101

default configuration 44-100

defining AAA server groups 44-105

displaying the configuration 44-113

identifying the server 44-100

limiting the services to the user 44-107

method list, defined 44-100

operation of 44-94

server load balancing 44-113

suggested network environments 44-93

tracking services accessed by user 44-108

understanding 44-93

RADIUS, controlling switch access with 44-92

RADIUS Change of Authorization 44-94

RADIUS server

configure to-Switch communication 44-32

configuring settings 44-34

parameters on the switch 44-32

RA Guard

configuring 51-36

deployment 51-36

examples 51-37

introduction 51-35

usage guidelines 51-38

range command 7-4

range macros

defining 7-10

ranges of interfaces

configuring 7-4

Rapid Spanning Tree

See RSTP

rcommand command 14-13

reachability, tracking IP SLAs IP host 57-9

re-authentication of a client

configuring manual 44-91

enabling periodic 44-78

redirect URLs, port-based authentication 44-20

reduced MAC address 20-2

redundancy

configuring 9-7, 10-7

guidelines and restrictions 9-5, 10-5

changes made through SNMP 9-11, 10-11

NSF-aware support 11-2

NSF-capable support 11-2

overview 9-2, 10-2

redundancy command 9-8, 10-7

understanding synchronization 9-4, 10-5

redundancy (NSF) 11-1

configuring

BGP 11-11

CEF 11-10

EIGRP 11-16

IS-IS 11-13

OSPF 11-12

routing protocols 11-5

redundancy (RPR)

route processor redundancy 9-2, 10-3

synchronization 9-5, 10-5

redundancy (SSO)

redundancy command 11-10

route processor redundancy 9-3, 10-3

synchronization 9-5, 10-5

reload command 3-28, 3-29

Remote Authentication Dial-In User Service

See RADIUS

remote failure indications 63-34

remote loopback, Ethernet OAM 63-34, 63-37

Remote Network Monitoring

See RMON

rendezvous point, configuring 35-16

rendezvous point, configuring single static 35-20

REP

administrative VLAN 22-8

administrative VLAN, configuring 22-9

and STP 22-6

configuration guidelines 22-7

configuring interfaces 22-10

convergence 22-4

default configuration 22-7

manual preemption, configuring 22-13

monitoring 22-14

neighbor offset numbers 22-5

open segment 22-2

ports 22-6

preempt delay time 22-5

primary edge port 22-4

ring segment 22-2

secondary edge port 22-4

segments 22-1

characteristics 22-2

SNMP traps, configuring 22-14

supported interfaces 22-1

triggering VLAN load balancing 22-6

verifying link integrity 22-4

VLAN blocking 22-13

VLAN load balancing 22-4

replication

description 35-9

report suppression, IGMP

disabling 26-10

reserved-range VLANs

See VLANs

reset command 71-3

resetting an interface to default configuration 7-38

resetting a switch to defaults 3-32

Resilient Ethernet ProtocolLSee REP

responder, IP SLAs

described 66-4

enabling 66-7

response time, measuring with IP SLAs 66-4

restricting access

NTP services 4-8

RADIUS 44-92

TACACS+ 3-15

retransmission number

setting in 802.1X authentication 44-83

retransmission time

changing in 802.1X authentication 44-82

RFC

1157, SNMPv1 60-2

1305, NTP 4-2

1757, RMON 67-2

1901, SNMPv2C 60-2

1902 to 1907, SNMPv2 60-2

2273-2275, SNMPv3 60-2

RFC 5176 Compliance 44-95

RIP

description 1-16

for IPv6 52-5

RMON

default configuration 67-3

displaying status 67-6

enabling alarms and events 67-3

groups supported 67-2

overview 67-1

ROM monitor

boot process and 3-26

CLI 2-7

commands71-2to 71-3

debug commands 71-5

entering 71-1

exiting 71-6

overview 71-1

root bridge

configuring 20-10

selecting in MST 20-22

root guard

and MST 20-23

enabling 23-2

overview 23-2

routed packets

ACLs 51-26

route-map (IP) command 38-6

route maps

defining 38-6

PBR 38-2

router ACLs

description 1-36, 51-3

using with VLAN maps 51-25

router ACLs, using PACL with VLAN maps 51-32

route targets

VPN 39-3

Routing Information Protocol

See RIP

RPF

<Emphasis>See Unicast RPF

RSPAN

configuration guidelines 55-16

destination ports 55-5

IDS 55-2

monitored ports 55-4

monitoring ports 55-5

received traffic 55-3

sessions

creating 55-17

defined 55-3

limiting source traffic to specific VLANs 55-23

monitoring VLANs 55-21

removing source (monitored) ports 55-20

specifying monitored ports 55-17

source ports 55-4

transmitted traffic 55-4

VLAN-based 55-5

RSTP

compatibility 20-23

description 20-22

port roles 20-24

port states 20-24

S

SAID

See 802.10 SAID

SAP

defined 43-9

negotiation 43-9

support 43-1

scheduling 40-8

scheduling, IP SLAs operations 66-5

secondary edge port, REP 22-4

secondary root switch 20-12

secondary VLANs 42-2

associating with primary 42-16

permitting routing 42-23

Security Association Identifier

See 802.10 SAID

Security Exchange Protocol

See SXP

Security Exchange Protocol

See SAP

selecting a power management mode 12-9

selecting X2/TwinGig Convertor Mode 7-14

sequence numbers in log messages 58-7

server IDs

description 65-23

service policy, configure class-level queue-limit 40-30

service-policy input command 31-2

service-provider networks

and customer VLANs 27-2

session keys, MKA 43-2

set default interface command 38-6, 38-7

set interface command 38-6

set ip default next-hop command 38-6

set ip next-hop command 38-6

set-request operation 60-4

severity levels, defining in system messages 58-8

shaping, QoS on Sup 6-E 40-24

sharing(bandwidth), QoS on Sup 6-E 40-26

Shell functions

See Auto SmartPorts macros

See Auto Smartports macros

Shell triggers

See Auto SmartPorts macros

See Auto Smartports macros

show adjacency command 33-9

show boot command 3-32

show catalyst4000 chassis-mac-address command 20-3

show cdp command 28-2, 28-3

show cdp entry command 28-4

show cdp interface command 28-3

show cdp neighbors command 28-4

show cdp traffic command 28-4

show ciscoview package command 4-41

show ciscoview version command 4-41

show cluster members command 14-13

show configuration command 7-22

show debugging command 28-4

show environment command 12-2

show history command 2-4

show interfaces command 7-27, 7-28, 7-35, 7-37

show interfaces status command 8-3

show ip cef command 33-8

show ip eigrp interfaces command 32-19

show ip eigrp neighbors command 32-19

show ip eigrp topology command 32-19

show ip eigrp traffic command 32-19

show ip interface command 35-23

show ip local policy command 38-7

show ip mroute command 35-23

show ip pim interface command 35-23

show l2protocol command 27-18

show lldp traffic command 29-15

show mac-address-table address command 8-4

show mac-address-table interface command 8-4

show mls entry command 33-8

show module command 8-2, 20-6

show PoE consumed 13-8

show power inline command 13-6

show power supplies command 12-12

show protocols command 7-35

show running-config command

adding description for an interface 7-22

checking your settings 3-9

displaying ACLs 51-19, 51-21, 51-30, 51-31

show startup-config command 3-10

show users command 8-7

show version command 3-29

shutdown, command 7-36

shutdown threshold for Layer 2 protocol packets 27-16

shutting down

interfaces 7-35

Simple Network Management Protocol

See SNMP

single-host mode 44-7

single spanning tree

See SST

single static RP, configuring 35-20

slot numbers, description 7-2

Slow timer, configuring BFD 37-15

smart call home 65-1

description 65-2

destination profile (note) 65-5

registration requirements 65-3

service contract requirements 65-3

Transport Gateway (TG) aggregation point 65-2

SMARTnet

smart call home registration 65-3

Smartports macros

applying global parameter values 18-9, 18-15, 18-16

applying macros 18-9

applying parameter values 18-9

configuration guidelines 18-6, 18-15

configuring 18-2

creating 18-8

default configuration 18-4, 18-14

defined 1-8, 18-1

displaying 18-14

tracing 18-7, 18-15

SNMP

accessing MIB variables with 60-4

agent

described 60-4

disabling 60-7

and IP SLAs 66-2

authentication level 60-10

community strings

configuring 60-7

overview 60-4

configuration examples 60-15

configuration guidelines 60-6

default configuration 60-5

enabling 70-4, 70-5

engine ID 60-6

groups 60-6, 60-9

host 60-6

informs

and trap keyword 60-11

described 60-5

differences from traps 60-5

enabling 60-14

limiting access by TFTP servers 60-15

limiting system log messages to NMS 58-9

manager functions 60-3

notifications 60-5

overview 60-1, 60-4

status, displaying 60-16

system contact and location 60-14

trap manager, configuring 60-13

traps

described 60-3, 60-5

differences from informs 60-5

enabling 60-11

enabling MAC address notification 4-24

enabling MAC move notification 4-26

enabling MAC threshold notification 4-28

overview 60-1, 60-4

types of 60-11

users 60-6, 60-9

versions supported 60-2

SNMP commands 70-4

SNMP traps

REP 22-14

SNMPv1 60-2

SNMPv2C 60-2

SNMPv3 60-2

software

upgrading 9-13, 10-12

software configuration register 3-26

software QoS, on Sup 6-E 40-39

software switching

description 33-5

interfaces 33-6

key data structures used 35-7

source IDs

call home event format 65-22

SPAN

and ACLs 55-5

configuration guidelines 55-7

configuring55-7to 55-10

destination ports 55-5

IDS 55-2

monitored port, defined 55-4

monitoring port, defined 55-5

received traffic 55-3

sessions

defined 55-3

source ports 55-4

transmitted traffic 55-4

VLAN-based 55-5

SPAN and RSPAN

concepts and terminology 55-3

default configuration 55-6

displaying status 55-24

overview 55-1

session limits 55-6

SPAN enhancements

access list filtering 55-13

configuration example 55-15

CPU port sniffing 55-10

encapsulation configuration 55-12

ingress packets 55-12

packet type filtering 55-14

spanning-tree backbonefast command 23-16

spanning-tree cost command 20-16

spanning-tree guard root command 23-2

spanning-tree portfast bpdu-guard command 23-8

spanning-tree portfast command 23-7

spanning-tree port-priority command 20-13

spanning-tree uplinkfast command 23-12

spanning-tree vlan

command 20-9

command example 20-9

spanning-tree vlan command 20-8

spanning-tree vlan cost command 20-16

spanning-tree vlan forward-time command 20-19

spanning-tree vlan hello-time command 20-18

spanning-tree vlan max-age command 20-18

spanning-tree vlan port-priority command 20-13

spanning-tree vlan priority command 20-17

spanning-tree vlan root primary command 20-10

spanning-tree vlan root secondary command 20-12

speed

configuring interface 7-19

speed command 7-20

SSO

configuring 11-10

SSO operation 11-4

SST

description 20-22

interoperability 20-24

static ACL, removing the requirement 51-28

static addresses

See addresses

static routes

configuring 3-11

verifying 3-12

statistics

802.1X 46-14

displaying 802.1X 44-113

displaying PIM 35-27

LLDP 29-14

LLDP-MED 29-14

MKA 43-5

SNMP input and output 60-16

sticky learning

configuration file 47-6

defined 47-5

disabling 47-6

enabling 47-5

saving addresses 47-6

sticky MAC addresses

configuring 47-7

defined 47-4

storing captured packets to a .pcap file, Wireshark 56-4

Storm Control

displaying 54-6

enabling Broadcast 54-3

enabling Multicast 54-4

hardware-based, implementing 54-2

overview 54-1

software-based, implementing 54-2

STP

and REP 22-6

bridge ID 20-2

configuring20-7to 20-20

creating topology 20-5

defaults 20-7

disabling 20-20

enabling 20-8

enabling extended system ID 20-9

enabling Per-VLAN Rapid Spanning Tree 20-20

EtherChannel guard

disabling 23-6

forward-delay time 20-19

hello time 20-17

Layer 2 protocol tunneling 27-13

maximum aging time 20-18

overview 20-1, 20-3

per-VLAN rapid spanning tree 20-6

port cost 20-15

port priority 20-13

root bridge 20-10

stratum, NTP 4-2

stub routing (EIGRP)

benefits 32-17

configuration tasks 32-18

configuring 32-14

overview 32-13, 32-14

restrictions 32-17

verifying 32-18

subdomains, private VLAN 42-2

summer time 4-13

supervisor engine

accessing the redundant 9-14, 10-14

configuring3-8to 3-13

copying files to standby 9-14, 10-14

default configuration 3-1

default gateways 3-11

environmental monitoring 12-1

redundancy 11-1

ROM monitor 3-26

startup configuration 3-25

static routes 3-11

synchronizing configurations 9-11, 10-10

Supervisor Engine II-TS

insufficient inline power handling 12-19, 13-12

Smartports macros

See also Auto Smartports macros

SVI Autostate Exclude

understanding 32-3

SVI Autostate exclude

configuring 32-7

S-VLAN 1-2, 27-7

switch 52-2

switch access with RADIUS, controlling 44-92

switched packets

and ACLs 51-25

Switched Port Analyzer

See SPAN

switchport

show interfaces 7-27, 7-28, 7-37

switchport access vlan command 17-5, 17-7

switchport block multicast command 53-2

switchport block unicast command 53-2

switchport mode access command 17-7

switchport mode dot1q-tunnel command 27-6

switchport mode dynamic command 17-5

switchport mode trunk command 17-5

switch ports

See access ports

switchport trunk allowed vlan command 17-5

switchport trunk native vlan command 17-5

switchport trunk pruning vlan command 17-6

switch-to-RADIUS server communication

configuring 44-32

sysret command 71-5

system

reviewing configuration 3-10

settings at startup 3-27

system alarms

overview 12-5

system and network statistics, displaying 35-23

system capabilities TLV 29-2

system clock

configuring

daylight saving time 4-13

manually 4-11

summer time 4-13

time zones 4-12

displaying the time and date 4-12

overview 4-2

See also NTP

system description TLV 29-2

system images

loading from Flash memory 3-30

modifying boot field 3-27

specifying 3-30

system message logging

default configuration 58-3

defining error message severity levels 58-8

disabling 58-4

displaying the configuration 58-12

enabling 58-4

facility keywords, described 58-12

level keywords, described 58-9

limiting messages 58-9

message format 58-2

overview 58-1

sequence numbers, enabling and disabling 58-7

setting the display destination device 58-5

synchronizing log messages 58-6

timestamps, enabling and disabling 58-7

UNIX syslog servers

configuring the daemon 58-10

configuring the logging facility 58-11

facilities supported 58-12

system MTU

802.1Q tunneling 27-5

maximums 27-5

system name

manual configuration 4-15

See also DNS

system name TLV 29-2

system prompt, default setting 4-14

T

TACACS+

accounting, defined 3-16

authentication, defined 3-16

authorization, defined 3-16

configuring

accounting 3-21

authentication key 3-18

authorization 3-21

login authentication 3-19

default configuration 3-18

displaying the configuration 3-22

identifying the server 3-18

limiting the services to the user 3-21

operation of 3-17

overview 3-15

tracking services accessed by user 3-21

tagged packets

802.1Q 27-3

Layer 2 protocol 27-13

TCAM programming and ACLs 51-7

for Sup II-Plust thru V-10GE 51-6

TCAM programming and ACLs for Sup 6-E 51-10

TDR

checking cable connectivity 8-4

enabling and disabling test 8-4

guidelines 8-4

Telnet

accessing CLI 2-2

disconnecting user sessions 8-8

executing 8-6

monitoring user sessions 8-7

telnet command 8-7

templates, Ethernet OAM 63-45

Terminal Access Controller Access Control System Plus

See TACACS+

TFTP

configuration files in base directory 3-5

configuring for autoconfiguration 3-4

limiting access by servers 60-15

TFTP download

See also console download

threshold monitoring, IP SLAs 66-6

time

See NTP and system clock

Time Domain Reflectometer

See TDR

time exceeded messages 8-10

timer

See login timer

timestamps in log messages 58-7

time zones 4-12

TLV

host presence detection 44-8

TLVs

defined 1-6, 29-2

LLDP-MED 29-2

Token Ring

media not supported (note) 15-5, 15-10

Topology change notification processing

MLD Snooping

Topology change notification processing 26-4

TOS

description 40-4

trace command 8-10

traceroute

See IP traceroute

See Layer 2 Traceroute

traceroute mac command 8-12

traceroute mac ip command 8-12

tracked lists

configuring 57-3

types 57-3

tracked objects

by Boolean expression 57-4

by threshold percentage 57-6

by threshold weight 57-5

tracking interface line-protocol state 57-2

tracking IP routing state 57-2

tracking objects 57-1

tracking process 57-1

track state, tracking IP SLAs 57-9

traffic

blocking flooded 53-2

traffic control

using ACLs (figure) 51-4

using VLAN maps (figure) 51-5

traffic marking procedure flowchart 40-20

traffic shaping 40-9

translational bridge numbers (defaults) 15-5

traps

configuring MAC address notification 4-24

configuring MAC move notification 4-26

configuring MAC threshold notification 4-28

configuring managers 60-11

defined 60-3

enabling 4-24, 4-26, 4-28, 60-11

notification types 60-11

overview 60-1, 60-4

troubleshooting

with CiscoWorks 60-4

with system message logging 58-1

with traceroute 8-9

troubleshooting high CPU due to ACLs 51-6

trunk failover

See link-state tracking

trunk ports

configure port security 47-17

configuring PVLAN42-19to 42-21

trunks

802.1Q restrictions 17-4

configuring 17-5

configuring access VLANs 17-5

configuring allowed VLANs 17-5

default interface configuration 17-5

enabling to non-DTP device 17-3

specifying native VLAN 17-5

understanding 17-3

trustpoint 65-3

tunneling

defined 27-1

tunnel ports

802.1Q, configuring 27-6

described 27-2

incompatibilities with other features 27-5

TwinGig Convertors

limitations on using 7-14

port numbering 7-13

selecting X2/TwinGig Convertor mode 7-14

type length value

See TLV

type of service

See TOS

U

UDLD

configuring probe message interval per-interface 30-8

default configuration 30-4

disabling on fiber-optic interfaces 30-7

disabling on non-fiber-optic interfaces 30-7

displaying link status 30-9

enabling globally 30-5

enabling per-interface 30-6

modes of operation 30-3

resetting disabled LAN interfaces 30-8

use case 30-2

UDLD, overview 30-1

UDP jitter, configuring 66-9

UDP jitter operation, IP SLAs 66-8

unauthorized ports with 802.1X 44-5

unicast

See IP unicast

unicast flood blocking

configuring 53-1

unicast MAC address filtering

and adding static addresses 4-31

and broadcast MAC addresses 4-30

and CPU packets 4-30

and multicast addresses 4-30

and router MAC addresses 4-30

configuration guidelines 4-30

described 4-30

unicast MAC address filtering, configuring

ACLs

configuring unicast MAC address filtering 51-13

Unicast RPF (Unicast Reverse Path Forwarding)

applying 34-5

BGP attributes

caution 34-4

CEF

requirement 34-2

tables 34-7

configuring 34-9

(examples)??to 34-12

BOOTP 34-8

DHCP 34-8

enterprise network (figure) 34-6

prerequisites 34-9

routing table requirements 34-7

tasks 34-9

verifying 34-10

deploying 34-5

description 1-19, 34-1

disabling 34-11

enterprise network (figure) 34-6

FIB 34-2

implementing 34-4

packets, dropping (figure) 34-4

prerequisites 34-9

restrictions

basic 34-8

routing asymmetry 34-7

routing asymmetry (figure) 34-8

routing table requirements 34-7

security policy

applying 34-5

attacks, mitigating 34-5

deploying 34-5

tunneling 34-5

source addresses, validating 34-3

(figure) 34-3, 34-4

failure 34-3

traffic filtering 34-5

tunneling 34-5

validation

failure 34-3, 34-4

packets, dropping 34-3

source addresses 34-3

verifying 34-10

unicast traffic

blocking 53-2

Unidirectional Controlled Port, configuring 802.1X 44-64

unidirectional ethernet

enabling 31-2

example of setting 31-2

overview 31-1

UniDirectional Link Detection Protocol

See UDLD

Universal PoE, configuring 13-16

UNIX syslog servers

daemon configuration 58-10

facilities supported 58-12

message logging configuration 58-11

UplinkFast

and MST 20-23

enabling 23-15

MST and 20-23

overview 23-11

usage examples, Wireshark 56-17

user-defined event triggers

configuring, 802.1X-based 19-8

configuring, MAC address-based 19-9

User-defined triggers and built-in macros, configuring mapping 19-9

user EXEC mode 2-5

user sessions

disconnecting 8-8

monitoring 8-7

V

VACLs

Layer 4 port operations 51-10

virtual configuration register 71-3

virtual LANs

See VLANs

virtual ports, MKA 43-3

Virtual Private Network

See VPN

Virtual Switch System(VSS), displaying EtherChannel to 24-16

VLAN ACLs

See VLAN maps

VLAN blocking, REP 22-13

vlan command 15-6

vlan dot1q tag native command 27-4

VLAN ID

service provider 27-9

VLAN ID, discovering 4-37

VLAN ID translation

See VLAN mapping

VLAN load balancing

REP 22-4

VLAN load balancing, triggering 22-6

VLAN load balancing on flex links 21-2

configuration guidelines 21-6

VLAN Management Policy Server

See VMPS

VLAN mapping

1-to-1 27-8

1-to-1, configuring 27-11

configuration guidelines 27-10

configuring 27-11

configuring on a trunk port 27-11

default 27-9

described 1-2, 27-7

selective QinQ 27-8

selective Q-in-Q, configuring 27-12

traditional QinQ 27-8

traditional Q-in-Q, configuring 27-12

types of 27-8

VLAN maps

applying to a VLAN 51-21

configuration example 51-22

configuration guidelines 51-18

configuring 51-17

creating and deleting entries 51-19

defined 1-36

denying access example 51-23

denying packets 51-19

displaying 51-24

order of entries 51-18

permitting packets 51-19

router ACLs and 51-25

using (figure) 51-5

using in your network 51-22

VLAN maps, PACL and Router ACLs 51-32

VLANs

allowed on trunk 17-5

configuration guidelines 15-3

configuring 15-5

configuring as Layer 3 interfaces 32-7

customer numbering in service-provider networks 27-3

default configuration 15-4

description 1-10

extended range 15-3

IDs (default) 15-5

interface assignment 15-7

limiting source traffic with RSPAN 55-23

monitoring with RSPAN 55-21

name (default) 15-5

normal range 15-3

overview 15-1

reserved range 15-3

See also PVLANs

VLAN Trunking Protocol

See VTP

VLAN trunks

overview 17-3

VLAN User Distribution, configuring 802.1X 44-66

VMPS

configuration file example 15-32

configuring dynamic access ports on client 15-25

configuring retry interval 15-27

database configuration file 15-32

dynamic port membership

example 15-29

reconfirming 15-26

reconfirming assignments 15-26

reconfirming membership interval 15-26

server overview 15-21

VMPS client

administering and monitoring 15-28

configure switch

configure reconfirmation interval 15-26

dynamic ports 15-25

entering IP VMPS address 15-24

reconfirmation interval 15-27

reconfirm VLAM membership 15-26

default configuration 15-24

dynamic VLAN membership overview 15-23

troubleshooting dynamic port VLAN membership 15-29

VMPS server

fall-back VLAN 15-23

illegal VMPS client requests 15-23

overview 15-21

security modes

multiple 15-22

open 15-22

secure 15-22

Voice over IP

configuring 41-1

voice ports

configuring VVID 41-3

voice traffic 13-2, 41-5

voice VLAN

IP phone data traffic, described 41-2

IP phone voice traffic, described 41-2

Voice VLAN, configure 802.1X 44-70

voice VLAN ports

using 802.1X 44-22

VPN

configuring routing in 39-12

forwarding 39-3

in service provider networks 39-1

routes 39-2

routing and forwarding table

See VRF

VRF

defining 39-3

tables 39-1

VRF-aware services

ARP 39-6, 39-9

configuring 39-5

ftp 39-8

ping 39-6

SNMP 39-7

syslog 39-8

tftp 39-8

traceroute 39-8

uRPF 39-7

VRF-lite

description 1-20

VTP

client, configuring 15-16

configuration guidelines 15-12

default configuration 15-13

disabling 15-16

Layer 2 protocol tunneling 27-14

monitoring 15-19

overview 15-8

pruning

configuring 15-15

See also VTP version 2

server, configuring 15-16

statistics 15-19

transparent mode, configuring 15-16

version 2

enabling 15-15

VTP advertisements

description 15-9

VTP domains

description 15-8

VTP modes 15-9

VTP pruning

overview 15-11

VTP versions 2 and 3

overview 15-9

See also VTP

VTY and Network Assistant 14-12

VVID (voice VLAN ID)

and 802.1X authentication 44-22

configuring 41-3

W

WCCP

configuration examples 69-10

configuring on a router 69-2, 69-11

features 69-4

restrictions 69-5

service groups 69-6

web-based authentication

authentication proxy web pages 46-4

description 1-38, 44-14, 46-1

web-based authentication, interactions with other features 46-4

Web Cache Communication Protocol

See WCCP 69-1

web caches

See cache engines

web cache services

description 69-4

web caching

See web cache services

See also WCCP

web scaling 69-1

weight thresholds in tracked lists 57-5

Wireshark

activating and deactivating, capture points, conceptual 56-6

attachment points 56-2

capture filter 56-3

capture points 56-2

core system filter 56-3

decoding and displaying packets 56-5

display filter 56-4

feature interactions 56-6

filters 56-3

storing captured packets to a .pcap filter 56-4

usage examples 56-17

Wireshark, about 56-1

Wireshark, activating and deactivating a capture point 56-10

Wireshark, defining/modifying/deleting a capture point 56-8

Wireshark, displaying information 56-13

Y

Y.1731

default configuration 63-29

described 63-27

ETH-AIS

Ethernet Alarm Signal function (ETH-AIS)

     1

ETH-RDI 63-28

multicast Ethernet loopback 63-31

multicast ETH-LB 63-29

terminology 63-27