Catalyst 4500 Series Switch Software Configuration Guide, Release IOS XE 3.3(0)XO
Index
Downloads: This chapterpdf (PDF - 1.42MB) The complete bookPDF (PDF - 15.25MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - Y -

Index

Numerics

10/100 autonegotiation feature, forced 6-13

10-Gigabit Ethernet or Gigabit Ethernet ports

deploy on WS-X4606-10GE-E and Sup 6-E 6-11

10-Gigabit Ethernet port

deploy with Gigabit Ethernet SFP ports 6-11

1400 W DC Power supply

special considerations 10-17

1400 W DC SP Triple Input power supply

special considerations 10-18

802.10 SAID (default) 13-5

802.1AE

standard 40-2

802.1Q

trunks 18-6

tunneling

compatibility with other features 25-5

defaults 25-3

described 25-2

tunnel ports with other features 25-6

802.1Q VLANs

trunk restrictions 15-4

802.1s

See MST

802.1w

See MST

802.1X

See port-based authentication

802.1X authentication

Authentication Failed VLAN assignment 41-17

for Critical Authentication 41-14

for guest VLANs 41-11

for MAC Authentication Bypass 41-12

for Unidirectional Controlled Port 41-15

VLAN User Distribution 41-16

web-based authentication 41-14

with port security 41-19

with VLAN assignment 41-10

with voice VLAN ports 41-22

802.1X Host Mode 41-6

multiauthentication mode 41-8

multidomain authentication mode 41-7

single-host 41-7

802.1x-REV 40-2

802.3ad

See LACP

A

AAA 45-1

AAA (authentication, authorization, and accounting). See also port-based authentication. 43-2

abbreviating commands 2-5

about Wireshark 53-1

access control entries

See ACEs

access control entries and lists 45-1

access-group mode, configuring on Layer 2 interface 49-31

access-group mode, using PACL with 49-30

access list filtering, SPAN enhancement 52-13

access lists

using with WCCP 65-8

access ports

and Layer 2 protocol tunneling 25-15

configure port security 44-7, 44-22

configuring 15-7

access VLANs 15-5

accounting

with RADIUS 41-98

with TACACS+ 3-16, 3-21

ACEs

ACLs 49-2

IP 1-34, 49-2

Layer 4 operation restrictions 49-10

ACEs and ACLs 45-1

ACL assignments, port-based authentication 41-20

ACL assignments and redirect URLs, configure 41-36

ACL configuration, displaying a Layer 2 interface 49-32

ACLs

ACEs 49-2

and SPAN 52-5

and TCAM programming for Sup 6-E 49-9

and TCAM programming for Sup II-Plus thru V-10GE 49-6

applying IPv6 ACLs to a Layer 3 interface 49-16

applying on routed packets 49-26

applying on switched packets 49-25

compatibility on the same switch 49-3

configuring with VLAN maps 49-25

CPU impact 49-12

downloadable 43-7

hardware and software support 49-5

IP, matching criteria for port ACLs 49-4

MAC extended 49-13

matching criteria for router ACLs 49-3

port

and voice VLAN 49-4

defined 49-3

processing 49-12

selecting mode of capturing control packets 49-7

troubleshooting high CPU 49-6

types supported 49-3

understanding 49-2

VLAN maps 49-5

ACLs, applying to a Layer 2 interface 49-31

ACLs and VLAN maps, examples 49-19

acronyms, list of A-1

action drivers, marking 37-20

activating and deactivating a capture point, Wireshark 53-10

activating and deactivating Wiresharkcapture points, conceptual, Wireshark 53-5

active queue management 37-9

active queue management via DBL, QoS on Sup 6-E 37-33

active traffic monitoring, IP SLAs 62-1

adding members to a community 12-9

addresses

displaying the MAC table 4-37

dynamic

changing the aging time 4-23

defined 4-21

learning 4-21

removing 4-24

IPv6 47-2

MAC, discovering 4-37

See MAC addresses

static

adding and removing 4-29

defined 4-21

address resolution 4-37

adjacency tables

description 31-2

displaying statistics 31-9

administrative VLAN

REP, configuring 20-9

administrative VLAN, REP 20-8

advertisements

LLDP 1-6, 27-2

advertisements, VTP

See VTP advertisements

aggregation switch, enabling DHCP snooping 48-9

aging time

MAC address table 4-23

All Auth manager sessions, displaying summary 41-104

All Auth manager sessions on the switch authorized for a specified authentication method 41-105

ANCP client

enabling and configuring 34-2

guidelines and restrictions 34-5

identify a port with DHCP option 82 34-4

identify a port with protocol 34-2

overview 34-1

ANCP protocol

identifying a port with 34-2

applying IPv6 ACLs to a Layer 3 interface 49-16

AQM via DBL, QoS on Sup 6-E 37-33

archiving crashfiles information 2-8

ARP

defined 4-37

table

address resolution 4-37

managing 4-37

asymmetrical links, and 802.1Q tunneling 25-3

attachment points, Wireshark 53-2

attributes, RADIUS

vendor-proprietary 41-101

vendor-specific 41-99

authentication

NTP associations 4-4

RADIUS

key 41-91

login 41-93

See also port-based authentication

TACACS+

defined 3-16

key 3-18

login 3-19

Authentication, Authorization, and Accounting (AAA) 45-1

Authentication Failed, configuring 80.1X 41-62

Authentication methods registered with the Auth manager, determining 41-104

authentication open comand 41-8

authentication proxy web pages 43-4

authentication server

defined 41-3

RADIUS server 41-3

Auth manager session for an interface, verifying 41-105

Auth manager summary, displaying 41-104

authoritative time source, described 4-2

authorization

with RADIUS 41-97

with TACACS+ 3-16, 3-21

authorized and unauthorized ports 41-5

authorized ports with 802.1X 41-5

autoconfiguration 3-2

automatic discovery

considerations 12-7

Auto-MDIX on a port

configuring 6-23

displaying the configuration 6-24

overview 6-22

autonegotiation feature

forced 10/100Mbps 6-13

Auto SmartPorts built-in macros

configuring parameters 17-6

Auto SmartPorts macros

built-in macros 17-5

configuration guidelines 17-5

default configuration 17-4

defined 17-1

displaying 17-13

enabling 17-4

IOS shell 17-2, 17-10

Auto Smartports macros

defined 1-2

Auto SmartPorts user-defined macros

configuring 17-10

auto-sync command 8-7

Auto SmartPorts macros

See also SmartPorts macros

Auto Smartports macros

See also Smartports macros

B

Baby Giants

interacting with 6-21

BackboneFast

adding a switch (figure) 21-3

and MST 18-23

configuring 21-15

link failure (figure) 21-14, 21-15

not supported MST 18-23

understanding 21-13

See also STP

banners

configuring

login 4-20

message-of-the-day login 4-18

default configuration 4-18

when displayed 4-17

b command 66-3

b flash command 66-3

BGP 1-14

routing session with multi-VRF CE 36-12

blocking packets 50-1

blocking state (STP)

RSTP comparisons (table) 18-24

Boolean expressions in tracked lists 54-4

boot bootldr command 3-31

boot command 3-28

boot commands 66-3

boot fields

See configuration register boot fields

bootstrap program

See ROM monitor

boot system command 3-26, 3-31

boot system flash command 3-28

Border Gateway Protocol

See BGP

boundary ports

description 18-27

BPDU Guard

and MST 18-23

configuring 21-15

overview 21-8

BPDUs

and media speed 18-2

pseudobridges and 18-25

what they contain 18-3

bridge ID

See STP bridge ID

bridge priority (STP) 18-17

bridge protocol data units

See BPDUs

Broadcast Storm Control

disabling 51-5

enabling 51-3

Built-in macros and user-defined triggers, configuring mapping 17-9

C

cache engine clusters 65-1

cache engines 65-1

cache farms

See cache engine clusters

Call Home

description 1-21, 61-2

message format options 61-2

messages

format options 61-2

call home 61-1

alert groups 61-6

configuring e-mail options 61-9

contact information 61-4

default settings 61-18

destination profiles 61-5

displaying information 61-14

mail-server priority 61-10

pattern matching 61-9

periodic notification 61-8

rate limit messages 61-9

severity threshold 61-8

smart call home feature 61-2

SMTP server 61-9

testing communications 61-10

call home alert groups

configuring 61-6

description 61-6

subscribing 61-7

call home contacts

assigning information 61-4

call home destination profiles

attributes 61-5

configuring 61-5

description 61-5

displaying 61-16

call home notifications

full-txt format for syslog 61-25

XML format for syslog 61-28

candidates

automatic discovery 12-7

candidate switch, cluster

defined 12-12

capture filter, Wireshark 53-3

capture points, Wireshark 53-2

Capturing control packets

selecting mode 49-7

cautions

Unicast RPF

BGP optional attributes 32-4

cautions for passwords

encrypting 3-22

CDP

automatic discovery in communities 12-7

configuration 26-2

defined with LLDP 27-1

displaying configuration 26-3

enabling on interfaces 26-3

host presence detection 41-8

Layer 2 protocol tunneling 25-13

maintaining 26-3

monitoring 26-3

overview 1-3, 26-1

cdp enable command 26-3

CEF

adjacency tables 31-2

and NSF with SSO 9-4

configuring load balancing 31-7

displaying statistics 31-8

enabling 31-6, 64-2

hardware switching 31-4

load balancing 31-6

overview 31-2

software switching 31-4

certificate authority (CA) 61-3

CFM

and Ethernet OAM, configuring 59-51

and Ethernet OAM interaction 59-51

clearing 59-31

configuration guidelines 59-7, 60-4

configuring crosscheck for VLANs 59-11

configuring fault alarms 59-16

configuring port MEP 59-14

configuring static remote MEP 59-13, 59-16, 59-18

crosscheck 59-5

defined 59-2

EtherChannel support 59-7, 60-4

fault alarms

configuring 59-16

IP SLAs support for 59-6

IP SLAs with endpoint discovers 59-21

maintenance domain 59-2

manually configuring IP SLAs ping or jitter 59-19

measuring network performance 59-6

monitoring 59-32, 59-33

port MEP, configuring 59-14

remote MEPs 59-5

static RMEP, configuring 59-13, 59-16, 59-18

static RMEP check 59-5

Y.1731

described 59-27

CGMP

overview 23-1

Change of Authorization, RADIUS 41-84

channel-group group command 22-8, 22-10

Cisco 7600 series Internet router

enabling SNMP 67-4, 67-5

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding

See CEF

Cisco Group Management Protocol

See CGMP

Cisco IOS IP SLAs 62-2

Cisco IOS NSF-aware

support 9-2

Cisco IOS NSF-capable support 9-2

Cisco IP Phones

configuring 38-3

sound quality 38-1

Cisco TrustSec

credentials 40-10

switch-to-switch security

802.1x mode 40-11

configuration example 40-13

manual mode 40-12

Cisco TrustSec Network Device Admission Control

See NDAC

CiscoWorks 2000 57-4

CIST

description 18-22

civic location 27-3

class level, configure in a service policy 37-30

class of service

See CoS

clear cdp counters command 26-4

clear cdp table command 26-3

clear counters command 6-28

clearing

Ethernet CFM 59-31

IP multicast table entries 33-27

clear ip eigrp neighbors command 30-18

CLI

accessing 2-1

backing out one level 2-5

getting commands 2-5

history substitution 2-3

managing clusters 12-13

modes 2-5

monitoring environments 52-1

ROM monitor 2-7

software basics 2-4

client processes, tracking 54-1

clients

in 802.1X authentication 41-3

clock

See system clock

clustering switches

command switch characteristics

and VTY 12-12

convert to a community 12-10

managing

through CLI 12-13

overview 12-2

planning considerations

CLI 12-13

passwords 12-8

CoA Request Commands 41-87

command-line processing 2-3

command modes 2-5

commands

b 66-3

b flash 66-3

boot 66-3

confreg 66-3

dev 66-3

dir device 66-3

frame 66-5

i 66-3

listing 2-5

meminfo 66-5

reset 66-3

ROM monitor66-2to 66-3

ROM monitor debugging 66-5

SNMP 67-4

sysret 66-5

command switch, cluster

requirements 12-11

common and internal spanning tree

See CIST

common spanning tree

See CST

community of switches

access modes in Network Assistant 12-9

adding devices 12-9

communication protocols 12-8

community name 12-8

configuration information 12-9

converting from a cluster 12-10

host name 12-8

passwords 12-8

community ports 39-3

community strings

configuring 57-7

overview 57-4

community VLANs 39-2, 39-3

configure as a PVLAN 39-15

compiling MIBs 67-4

config-register command 3-29

config terminal command 3-9

configurable leave timer,IGMP 23-4

configuration examples

SNMP 57-15

configuration files

limiting TFTP server access 57-15

obtaining with DHCP 3-6

saving 3-10

system contact and location information 57-14

configuration guidelines

CFM 59-7, 60-4

Ethernet OAM 59-35

REP 20-7

SNMP 57-6

VLAN mapping 25-10

configuration register

boot fields

listing value 3-29

modifying 3-28

changing from ROM monitor 66-3

changing settings3-28to 3-29

configuring 3-26

settings at startup 3-27

configure class-level queue-limit in a service policy 37-30

configure terminal command 3-29, 6-2

configuring access-group mode on Layer 2 interface 49-31

configuring flow control 6-15

configuring interface link and trunk status envents 6-29

configuring named IPv6 ACLs 49-15

configuring named MAC extended ACLs 49-13, 49-14

configuring unicast MAC address filtering 49-13

configuring VLAN maps 49-17

confreg command 66-3

Connectivity Fault Management

See CFM

console configuration mode 2-5

console download66-4to 66-5

console port

disconnecting user sessions 7-8

monitoring user sessions 7-7

contact information

assigning for call home 61-4

controlling switch access with RADIUS 41-82

Control Plane Policing

and Layer 2 Control packet QoS, configuration example 45-13

configuration guidelines and restrictions 45-7

configuring for control plane traffic 45-4

configuring for data plane and management plan traffic 45-5

defaults 45-3

general guidelines 45-3

monitoring 45-7

understanding 45-2

control protocol, IP SLAs 62-4

convergence

REP 20-4

copy running-config startup-config command 3-10

copy system:running-config nvram:startup-config command 3-32

core system filter, Wireshark 53-3

CoS

definition 37-3

figure 37-2

overriding on Cisco IP Phones 38-5

priority 38-5

counters

clearing MFIB 33-27

clearing on interfaces 6-28

CPU, impact of ACL processing 49-12

CPU port sniffing 52-10

crashfiles information, archiving 2-8

Critical Authentication

configure with 802.1X 41-56

crosscheck, CFM 59-5, 59-11

CST

description 18-25

IST and 18-22

MST and 18-22

customer edge devices 36-2

C-VLAN 1-2, 25-7

D

database agent

configuration examples 48-15

enabling the DHCP Snooping 48-13

daylight saving time 4-13

debug commands, ROM monitor 66-5

decoding and displaying packets, Wireshark 53-5

default configuration

802.1X 41-27

banners 4-18

DNS 4-16

Ethernet OAM 59-35

IGMP filtering 23-20

IGMP snooping 24-5, 24-6

IP SLAs 62-6

IPv6 47-7

Layer 2 protocol tunneling 25-16

LLDP 27-5

MAC address table 4-23

multi-VRF CE 36-3

NTP 4-4

private VLANs 39-12

RADIUS 41-90

REP 20-7

resetting the interface 6-32

RMON 63-3

SNMP 57-5

SPAN and RSPAN 52-6

system message logging 55-3

TACACS+ 3-18

VLAN mapping 25-9

Y.1731 59-29

default gateway

configuring 3-11

verifying configuration 3-11

default settings, erase commad 3-32

default web-based authentication configuration

802.1X 43-6

defining/modifying/deleting a capture point, Wireshark 53-8

denial-of-service attacks

IP address spoofing, mitigating 32-5

Unicast RPF, deploying 32-5

denying access to a server on another VLAN 49-23

deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports 6-11

deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports on WS-X4606-10GE-E and Sup 6-E 6-11

description command 6-15

dev command 66-3

device discovery protocol 27-1

device IDs

call home format 61-21, 61-22

DHCP

configuring

rate limit for incoming packets 48-13

denial-of-service attacks, preventing 48-13

rate limiting of packets

configuring 48-13

DHCP-based autoconfiguration

client request message exchange 3-3

configuring

client side 3-3

DNS 3-5

relay device 3-5

server-side 3-4

TFTP server 3-4

example 3-7

lease options

for IP address information 3-4

for receiving the configuration file 3-4

overview 3-2

relationship to BOOTP 3-3

DHCP option 82

identifying a port with 34-4

overview 48-4

DHCP Snooping

enabling, and Option 82 48-10

DHCP snooping

accepting untrusted packets form edge switch 48-10

configuring 48-6

default configuration 48-7

displaying binding tables 48-19

displaying configuration 48-19

displaying information 48-18

enabling 48-7

enabling on private VLAN 48-12

enabling on the aggregation switch 48-9

enabling the database agent 48-13

message exchange process 48-4

monitoring 48-23

option 82 data insertion 48-4

overview 48-1

Snooping database agent 48-2

DHCP Snooping Database Agent

adding to the database (example) 48-18

enabling (example) 48-15

overview 48-2

reading from a TFTP file (example) 48-17

Diagnostics

online 64-1

Power-On-Self-Test

causes of failure 64-14

how it works 64-10

overview 64-10

Power-On-Self-Test for Supervisor Engine V-10GE 64-10

Differentiated Services Code Point values

See DSCP values

DiffServ architecture, QoS 37-2

Digital optical monitoring transceiver support 6-11

dir device command 66-3

disabled state

RSTP comparisons (table) 18-24

disabling

broadcast storm control 51-5

disabling multicast storm control 51-5

disconnect command 7-8

discovery, clusters

See automatic discovery

discovery, Ethernet OAM 59-34

display dection and removal events 11-7

display filter, Wireshark 53-3

displaying

Auth Manager sumary for an interface 41-104

MAB details 41-107

summary of all Auth manager sessions 41-104

summary of all Auth manager sessions on the switch authorized for a specified authentication method 41-105

displaying EtherChannel to a Virtual Switch System 22-16

displaying storm control 51-6

displaying Wireshark information 53-13

display PoE consumed by a module 11-8

display PoE detection and removal events 11-7

DNS

and DHCP-based autoconfiguration 3-5

default configuration 4-16

displaying the configuration 4-17

overview 4-15

setting up 4-16

document conventions i-liii

domain names

DNS 4-15

Domain Name System

See DNS

double-tagged packets

802.1Q tunneling 25-2

Layer 2 protocol tunneling 25-15

downloading MIBs 67-3, 67-4

drop threshold for Layer 2 protocol packets 25-16

DSCP values

definition 37-4

IP precedence 37-2

duplex command 6-14

duplex mode

configuring interface 6-12

dynamic ARP inspection

ARP cache poisoning 46-2

configuring

ACLs for non-DHCP environments 46-11

in DHCP environments 46-5

log buffer 46-14

rate limit for incoming ARP packets 46-16

denial-of-service attacks, preventing 46-16

interface trust state, security coverage 46-3

log buffer

configuring 46-14

logging of dropped packets 46-4

overview 46-1

port channels, their behavior 46-5

priority of static bindings 46-4

purpose of 46-2

rate limiting of ARP packets 46-4

configuring 46-16

validation checks, performing 46-19

Dynamic Host Configuration Protocol snooping

See DHCP snooping

dynamic port VLAN membership

example 13-29

limit on hosts 13-29

reconfirming 13-26

troubleshooting 13-29

E

EAP frames

changing retransmission time 41-73

exchanging (figure) 41-4, 41-6, 41-13

request/identity 41-4

response/identity 41-4

setting retransmission number 41-74

EAPOL frames

802.1X authentication and 41-3

OTP authentication, example (figure) 41-4, 41-13

start 41-4

edge ports

description 18-27

EGP

overview 1-14

EIGRP

configuration examples 30-19

monitoring and maintaining 30-18

EIGRP (Enhanced IGRP)

stub routing

benefits 30-17

configuration tasks 30-17

configuring 30-13

overview 30-13

restrictions 30-17

verifying 30-18

EIGRP (enhanced IGRP)

overview 1-15

eigrp stub command 30-18

EIGRP stub routing, configuring 30-12

ELIN location 27-3

e-mail addresses

assigning for call home 61-4

e-mail notifications

Call Home 1-21, 61-2

Embedded CiscoView

displaying information 4-41

installing and configuring 4-38

overview 4-38

emergency alarms on Sup Engine 6-E systems 10-3

enable command 3-9, 3-28

enable mode 2-5

enabling SNMP 67-4, 67-5

encryption keying 40-2

encryption keys, MKA 40-2

Enhanced Interior Gateway Routing Protocol

See EIGRP

enhanced object tracking

defined 54-1

IP routing state 54-2

line-protocol state 54-2

tracked lists 54-3

Enhanced PoE support on E-series 11-15

Enhanced PoE support on E-series,configuring Universal PoE 11-16

environmental monitoring

using CLI commands 10-1

EPM logging 41-107

errdisable recovery

configuring 11-14

EtherChannel

channel-group group command 22-8, 22-10

configuration guidelines 22-5

configuring22-6to 22-15

configuring Layer 2 22-10

configuring Layer 3 22-6

displaying to a virtual switch system 22-16

interface port-channel command 22-7

lacp system-priority

command example 22-13

modes 22-3

overview 22-2

PAgP

Understanding 22-3

physical interface configuration 22-7

port-channel interfaces 22-2

port-channel load-balance command 22-14

removing 22-15

removing interfaces 22-15

EtherChannel guard

disabling 21-6

enabling 21-6

overview 21-6

Ethernet management port

and routing 6-6

and routing protocols 6-6

configuring 6-10

default setting 6-6

described 1-26, 6-6

for network management 1-26, 6-6

specifying 6-10

supported features 6-9

unsupported features 6-10

Ethernet management port, internal

and routing protocols 6-6

Ethernet Management Port, using 6-6

Ethernet OAM 59-34

and CFM interaction 59-51

configuration guidelines 59-35

configuring with CFM 59-51

default configuration 59-35

discovery 59-34

enabling 59-36, 59-52

link monitoring 59-34, 59-38

messages 59-34

protocol

defined 59-33

monitoring 59-49

remote failure indications 59-34

remote loopback 59-34, 59-37

templates 59-44

Ethernet OAM protocol CFM notifications 59-51

Ethernet Remote Defect Indication (ETH-RDI) 59-28

event triggers, user-defined

configuring, 802.1X-based 17-8

configuring, MAC address-based 17-9

explicit host tracking

enabling 23-11

extended range VLANs

See VLANs

Extensible Authentication Protocol over LAN 41-2

Exterior Gateway Protocol

See EGP

F

Fa0 port

See Ethernet management port

Fallback Authentication

configure with 802.1X 41-66

FastDrop

overview 33-10

fastethernet0 port

See Ethernet management port

Fast UDLD

configuring probe message interval 28-8

default configuration 28-4

displaying link status 28-8

enabling globally 28-5

enabling on individual interface 28-7

enabling per-interface 28-6

modes of operation 28-3

resetting disabled LAN interfaces 28-8

use case 28-2

Fast UDLD, overview 28-1

feature interactions, Wireshark 53-6

FIB

description 31-2

See also MFIB

fiber-optics interfaces

disabling UDLD 28-7

Filter-ID ACL and Per-User ACL, configureport-based authentication

configure Per-User ACL and Filter-ID ACL 41-42

filtering

in a VLAN 49-17

non-IP traffic 49-13, 49-14

filters, Wireshark 53-2

flags 33-11

Flash memory

configuring router to boot from 3-31

loading system images from 3-30

security precautions 3-31

Flexible NetFlow

caveats 58-1

defined 1-4, 58-1

Flex Links

configuration guidelines 19-6

configuring 19-6, 19-7

configuring preferred VLAN 19-9

configuring VLAN load balancing 19-8

monitoring 19-12

flooded traffic, blocking 50-2

flowchart, traffic marking procedure 37-20

flow control, configuring 6-15

For 11-13

forward-delay time (STP)

configuring 18-19

forwarding information base

See FIB

frame command 66-5

G

gateway

See default gateway

get-bulk-request operation 57-3

get-next-request operation 57-3, 57-4

get-request operation 57-3, 57-4

get-response operation 57-3

Gigabit Ethernet SFP ports

deploy with 10-Gigabit Ethernet 6-11

global configuration mode 2-5

Guest-VLANs

configure with 802.1X 41-52

H

hardware and software ACL support 49-5

hardware switching 31-5

hello time (STP)

configuring 18-17

high CPU due to ACLs, troubleshooting 49-6

history

CLI 2-3

history table, level and number of syslog messages 55-9

hop counts

configuring MST bridges 18-28

host

limit on dynamic port 13-29

host modes, MACsec 40-4

host ports

kinds of 39-4

host presence CDP message 41-8

Hot Standby Routing Protocol

See HSRP

HSRP

description 1-13

http

//www.cisco.com/en/US/docs/ios/fnetflow/configuration/guide/12_4t/fnf_12_4t_book.html 58-1

hw-module module num power command 10-18

I

ICMP

enabling 7-13

ping 7-8

running IP traceroute 7-10

time exceeded messages 7-10

ICMP Echo operation

configuring 62-11

IP SLAs 62-11

i command 66-3

IDS

using with SPAN and RSPAN 52-2

IEEE 802.1ag 59-2

IEEE 802.1s

See MST

IEEE 802.1w

See MST

IEEE 802.3ad

See LACP

IGMP

configurable-leave timer 23-4

description 33-3

enabling 33-13

explicit host tracking 23-4

immediate-leave processing 23-3

leave processing, enabling 24-8

overview 23-1

report suppression

disabling 24-10

IGMP filtering

configuring 23-20

default configuration 23-20

described 23-20

monitoring 23-23

IGMP groups

setting the maximum number 23-22

IGMP Immediate Leave

configuration guidelines 23-9

IGMP profile

applying 23-21

configuration mode 23-20

configuring 23-20

IGMP Snooping

configure

leave timer 23-9

configuring

Learning Methods 23-7

static connection to a multicast router 23-7

configuring host statically 23-11

enabling

Immediate-Leave processing

explicit host tracking 23-11

suppressing multicast flooding 23-12

IGMP snooping

configuration guidelines 23-5

default configuration 24-5, 24-6

enabling

globally 23-5

on a VLAN 23-6

enabling and disabling 24-6

IP multicast and 33-4

monitoring 23-14, 24-10

overview 23-1

IGMP Snooping, displaying

group 23-16

hot membership 23-15

how to 23-14

MAC address entries 23-17

multicast router interfaces 23-17

on a VLAN interface 23-18

Querier information 23-18

IGMPSnooping Querier, configuring 23-10

Immediate Leave, IGMP

enabling 24-8

immediate-leave processing

enabling 23-8

IGMP

See fast-leave processing

ingress packets, SPAN enhancement 52-12

inline power

configuring on Cisco IP phones 38-5

insufficient inline power handling for Supervisor Engine II-TS 10-18

Intelligent Power Management 11-4

interacting with Baby Giants 6-21

interface

displaying operational status 11-6

interface command 3-9, 6-2

interface configuration

REP 20-10

interface link and trunk status events

configuring 6-29

interface port-channel command 22-7

interface range command 6-4

interface range macro command 6-10

interfaces

adding descriptive name 6-15

clearing counters 6-28

configuring 6-2

configuring ranges 6-4

displaying information about 6-28

Layer 2 modes 15-3

maintaining 6-27

monitoring 6-27

naming 6-15

numbers 6-2

overview 6-2

restarting 6-29

See also Layer 2 interfaces

using the Ethernet Management Port 6-6

Internet Control Message Protocol

See ICMP

Internet Group Management Protocol

See IGMP

Internet Protocol version 6

See IPv6

introduction

802.1X Identity-Based Network Security, list of supported features 1-30

Cisco Call Home 1-21

Cisco Energy Wise 1-21

Cisco IOS IP Service Level Agreements 1-21

Cisco IOS Mediatrace and Performance Monitor 1-23

Cisco Medianet AutoQoS 1-22

Cisco Medianet Flow Metadata 1-23

Cisco Media Services Proxy 1-22

Cisco TrustSec MACsec Encryption 1-32

Cisco TrustSec Security Architecture 1-31

Debugging Features (platform and debug platform) 1-36

Dynamic Host Control Protocol 1-25

Easy Virtual Network 1-25

Embedded Event Manager 1-26

Ethernet Management Port 1-26

hard-based Control Plane Policing 1-33

Intelligent Power Management 1-27

IP Source Guard 1-33

IP Source Guard or Static Hosts 1-33

Layer 2 traceroute 1-36

MAC Address Notification 1-27

NAC

Layer 2 802.1X authentication 1-34

Layer 2 IP validation 1-34

Network Security with ACLs (IP ACLs, MAC ACLs, Port ACLs, Router, ACLs, and VLAN ACLs) 1-34

Port Security 1-35

Power over Ethernet 1-27

Simple Network Management Protocol 1-28

SPAN and RSPAN 1-28

Time Domain Reflectometry 1-36

Universal Power over Ethernet 1-28

Web-based Authentication 1-36

Web Content Coordination Protocol 1-29

XML-PI 1-29

Intrusion Detection System

See IDS

inventory management TLV 27-3, 27-9

IOS shell

See Auto SmartPorts macros

IP

configuring default gateway 3-11

configuring static routes 3-11

displaying statistics 31-8

IP addresses

128-bit 47-2

cluster candidate or member 12-12

cluster command switch 12-11

discovering 4-37

IPv6 47-2

ip cef command 31-6, 64-2

IP Enhanced IGRP

interfaces, displaying 30-19

ip icmp rate-limit unreachable command 7-13

ip igmp profile command 23-20

ip igmp snooping tcn flood command 23-13

ip igmp snooping tcn flood query count command 23-13

ip igmp snooping tcn query solicit command 23-14

IP information

assigned

through DHCP-based autoconfiguration 3-2

ip load-sharing per-destination command 31-7

ip local policy route-map command 35-7

ip mask-reply command 7-14

IP MTU sizes,configuring 30-9

IP multicast

clearing table entries 33-27

configuring 33-12

default configuration 33-12

displaying PIM information 33-22

displaying the routing table information 33-23

enabling dense-mode PIM 33-14

enabling sparse-mode 33-14

features not supported 33-12

hardware forwarding 33-8

IGMP snooping and 23-4, 33-4

overview 33-1

routing protocols 33-2

software forwarding 33-8

See also Auto-RP; IGMP; PIM; RP; RPF

IP multicast routing

enabling 33-13

monitoring and maintaining 33-22

ip multicast-routing command 33-13

IP multicast traffic, load splitting 33-21

IP phones

configuring voice ports 38-3

See Cisco IP Phones 38-1

ip pim command 33-14

ip pim dense-mode command 33-14

ip pim sparse-dense-mode command 33-15

ip policy route-map command 35-7

IP Port Security for Static Hosts

on a Layer 2 access port 48-25

on a PVLAN host port 48-28

overview 48-24

ip redirects command 7-14

IP routing tables

deleting entries 33-27

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing 62-1

IP SLAs

benefits 62-2

CFM endpoint discovery 59-21

configuration guidelines 62-6

Control Protocol 62-4

default configuration 62-6

definition 62-1

ICMP echo operation 62-11

manually configuring CFM ping or jitter 59-19

measuring network performance 62-3

multioperations scheduling 62-5

operation 62-3

reachability tracking 54-9

responder

described 62-4

enabling 62-7

response time 62-4

scheduling 62-5

SNMP support 62-2

supported metrics 62-2

threshold monitoring 62-6

track state 54-9

UDP jitter operation 62-8

IP Source Guard

configuring 48-20

configuring on private VLANs 48-22

displaying 48-22, 48-23

overview 48-23

IP statistics

displaying 31-8

IP traceroute

executing 7-10

overview 7-9

IP unicast

displaying statistics 31-8

IP Unnumbered support

configuring on a range of Ethernet VLANs 14-5

configuring on LAN and VLAN interfaces 14-4

configuring with connected host polling 14-6

DHCP Option 82 14-2

displaying settings 14-7

format of agent remote ID suboptions 14-2

troubleshooting 14-8

with conected host polling 14-3

with DHCP server and Relay agent 14-2

ip unreachables command 7-13

IPv4, IPv6, and MAC ACLs, configuring on a Layer 2 interface 49-29

IPv6

addresses 47-2

default configuration 47-7

defined 1-17, 47-1

Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 47-6

Router ID 47-6

OSPF 47-6

IPv6 control traffic, policing 45-15

IPX

redistribution of route information with EIGRP 1-15

is 25-19

ISL

trunking with 802.1Q tunneling 25-4

isolated port 39-4

isolated VLANs 39-2, 39-3, 39-4

ISSU

compatibility matrix 5-13

compatiblity verification using Cisco Feature Navigator 5-14

NSF overview 5-3

perform the process

aborting a software upgrade 5-31

configuring the rollback timer as a safeguard 5-32

displaying a compatibility matrix 5-34

loading the new software on the new standby 5-24

stopping the rollback timer 5-23

switching to the standby 5-21

verify the ISSU state 5-17

verify the redundancy mode 5-16

verify the software installation 5-15

vload the new software on standby 5-18

prerequisites 5-2

process overview 5-6

restrictions 5-2

SNMP support 5-14

SSO overview 5-3

IST

and MST regions 18-22

description 18-22

master 18-27

ITU-T Y.1731

See Y.1731

J

jumbo frames

and ethernet ports 6-19

configuring MTU sizes for 6-20

ports and linecards that support 6-18

understanding MTUs 6-18

understanding support 6-18

VLAN interfaces 6-20

K

keyboard shortcuts 2-3

L

l2protocol-tunnel command 25-17

labels, definition 37-3

LACP

system ID 22-4

Layer 2 access ports 15-7

Layer 2 Control Packet QoS

and CoPP configuration example 45-13

default configuation 45-10

disabling 45-12

enabvling 45-11

guideline and restrictions 45-15

understanding 45-10

Layer 2 frames

classification with CoS 37-2

Layer 2 interface

applying ACLs 49-31

configuring access-mode mode on 49-31

configuring IPv4, IPv6, and MAC ACLs 49-29

displaying an ACL configuration 49-32

Layer 2 interfaces

assigning VLANs 13-7

configuring 15-5

configuring as PVLAN host ports 39-18

configuring as PVLAN promiscuous ports 39-17

configuring as PVLAN trunk ports 39-19

defaults 15-4

disabling configuration 15-8

modes 15-3

show interfaces command 15-6

Layer 2 interface type

resetting 39-24

setting 39-24

Layer 2 protocol tunneling

default configuration 25-16

guidelines 25-16

Layer 2 switching

overview 15-1

Layer 2 Traceroute

and ARP 7-11

and CDP 7-11

host-to-host paths 7-11

IP addresses and subnets 7-11

MAC addresses and VLANs 7-11

multicast traffic 7-11

multiple devices on a port 7-11

unicast traffic 1-36, 7-10

usage guidelines 7-11

Layer 2 trunks

configuring 15-5

overview 15-3

Layer 3 interface, applying IPv6 ACLs 49-16

Layer 3 interface counters,configuring 30-10

Layer 3 interface counters,understanding 30-3

Layer 3 interfaces

changing from Layer 2 mode 36-7

configuration guidelines 30-5

configuring VLANs as interfaces 30-7

overview 30-1

counters 30-3

logical 30-2

physical 30-2

SVI autostate exclude 30-3

Layer 3 packets

classification methods 37-2

Layer 4 port operations

configuration guidelines 49-11

restrictions 49-10

Leave timer, enabling 23-9

link and trunk status events

configuring interface 6-29

link integrity, verifying with REP 20-4

Link Layer Discovery Protocol

See CDP

link monitoring, Ethernet OAM 59-34, 59-38

link-state tracking

configuration guidelines 22-21

default configuration 22-21

described 22-18

displaying status 22-22

generic configuration procedure 22-21

link status, displaying UDLD 28-8

listening state (STP)

RSTP comparisons (table) 18-24

LLDP

configuring 27-4

characteristics 27-5

default configuration 27-5

disabling and enabling

globally 27-6

on an interface 27-7

monitoring and maintaining 27-14

overview 27-1

transmission timer and holdtime, setting 27-5

LLDP-MED

configuring

procedures 27-4

TLVs 27-9, 27-11

monitoring and maintaining 27-14

overview 27-1

supported TLVs 27-2

LLDP Media Endpoint Discovery

See LLDP-MED

load balancing

configuring for CEF 31-7

configuring for EtherChannel 22-14

overview 22-5, 31-6

per-destination 31-7

load splitting IP multicast traffic 33-21

Location Service

overview 27-1

location service

configuring 27-12

understanding 27-3

location TLV 27-3, 27-9

logging, EPM 41-107

Logical Layer 3 interfaces

configuring 30-6

logical layer 3 VLAN interfaces 30-2

login authentication

with RADIUS 41-93

with TACACS+ 3-19

login banners 4-17

login timer

changing 7-7

logoutwarning command 7-7

loop guard

and MST 18-23

configuring 21-4

overview 21-3

M

MAC/PHY configuration status TLV 27-2

MAC addresses

aging time 4-23

allocating 18-6

and VLAN association 4-22

building tables 4-21, 15-2

convert dynamic to sticky secure 44-5

default configuration 4-23

disabling learning on a VLAN 4-32

discovering 4-37

displaying 7-4

displaying in DHCP snooping binding table 48-19

dynamic

learning 4-21

removing 4-24

in ACLs 49-13

static

adding 4-30

allowing 4-31

characteristics of 4-29

dropping 4-31

removing 4-30

sticky 44-4

sticky secure, adding 44-5

MAC address learning, disabling on a VLAN 4-32

confuguring 4-32

deployment scenarios 4-33

feature compatibility 4-35

feature incompatibility 4-36

feature inompatibility 4-36

usage guidelines 4-33

MAC address table

displaying 4-37

MAC address-table move update

configuration guidelines 19-10

configuring 19-10

monitoring 19-12

MAC Authentication Bypass

configure with 802.1X 41-55

MAC details, displaying 41-107

MAC extended access lists 49-13

macl 49-14

macros

See Auto SmartPorts macros

See Auto Smartports macros

See Smartports macros

MACSec

802.1AE Tagging 40-8

MACsec 40-2

configuring on an interface 40-7

defined 40-1, 40-2

switch-to-switch security 40-1

MACsec Key Agreement Protocol

See MKA

main-cpu command 8-7

management address TLV 27-2

management options

SNMP 57-1

Management Port, Ethernet 6-6

manual preemption, REP, configuring 20-13

marking

hardware capabilities 37-22

marking action drivers 37-20

marking network traffic 37-17

marking support, multi-attribute 37-21

match ip address command 35-6

maximum aging time (STP)

configuring 18-18

MDA

configuration guidelines41-23to ??

described 41-22

Media Access Control Security

See MACsec

members

automatic discovery 12-7

member switch

managing 12-13

member switch, cluster

defined 12-2

meminfo command 66-5

messages, Ethernet OAM 59-34

messages, to users through banners 4-17

Metro features

Ethernet CFM, introduction 1-3

Ethernet OAM Protocol, introduction 1-3

Flex Link and MAC Address-Table Move Update, introduction 1-4

Y.1731 (AIS and RDI), introduction 1-10

metro tags 25-2

MFIB

CEF 33-5

overview 33-11

MFIB, IP

displaying 33-25

MIBs

compiling 67-4

downloading 67-3, 67-4

overview 57-1

related information 67-3

SNMP interaction with 57-4

MKA

configuring policies 40-6

defined 40-2

policies 40-3

replay protection 40-3

statistics 40-5

virtual ports 40-3

MLD Done messages and Immediate-leave 24-4

MLD messages 24-2

MLD queries 24-3

MLD reports 24-4

MLD Snooping

MLD Done messages and Immediate-leave 24-4

MLD messages 24-2

MLD queries 24-3

MLD reports 24-4

Multicast client aging robustness 24-3

Multicast router discovery 24-3

overview 24-1

Mode of capturing control packets, selecting 49-7

modules

checking status 7-2

powering down 10-18

monitoring

802.1Q tunneling 25-18

ACL information 49-35

Ethernet CFM 59-32, 59-33

Ethernet OAM 59-49

Ethernet OAM protocol 59-49

Flex Links 19-12

IGMP

snooping 24-10

IGMP filters 23-23

IGMP snooping 23-14

Layer 2 protocol tunneling 25-18

MAC address-table move update 19-12

multicast router interfaces 24-11

multi-VRF CE 36-17

object tracking 54-12

REP 20-14

traffic flowing among switches 63-1

tunneling 25-18

VLAN filters 49-24

VLAN maps 49-24

M-record 18-23

MST

and multiple spanning trees 1-7, 18-22

boundary ports 18-27

BPDUs 18-23

configuration parameters 18-26

configuring 18-29

displaying configurations 18-33

edge ports 18-27

enabling 18-29

hop count 18-28

instances

configuring parameters 18-32

description 18-23

number supported 18-26

interoperability with PVST+ 18-23

link type 18-28

master 18-27

message age 18-28

regions 18-26

restrictions 18-29

to-SST interoperability 18-24

MSTP

EtherChannel guard

enabling 21-6

M-record 18-23

M-tree 18-23

M-tree 18-23

MTUS

understanding 6-18

MTU size

configuring 6-20, 6-21, 6-30

default 13-5

Multi-authentication

described 41-22

multiauthentication mode 41-8

multicast

See IP multicast

Multicast client aging robustness 24-3

multicast Ethernet loopback (ETH-LB) 59-29

multicast Ethernet loopback, using 59-31

multicast groups

static joins 24-7

multicast packets

blocking 50-2

Multicast router discovery 24-3

multicast router interfaces, displaying 23-17

multicast router interfaces, monitoring 24-11

multicast router ports, adding 24-7

multicast routers

flood suppression 23-12

multicast router table

displaying 33-23

Multicast Storm Control

enabling 51-4

disabling 51-5

multidomain authentication

See MDA

multidomain authentication mode 41-7

multioperations scheduling, IP SLAs 62-5

Multiple AuthorizationAuthentication

configuring 41-33

Multiple Domain Authentication 41-33

multiple forwarding paths 1-7, 18-22

multiple-hosts mode 41-7

Multiple Spanning Tree

See MST

multiple VPN routing/forwarding

See multi-VRF CE

multi-VRF CE

components 36-3

configuration example 36-13

default configuration 36-3

defined 36-1

displaying 36-17

monitoring 36-17

network components 36-3

packet-forwarding process 36-3

N

NAC Layer 2 802.1X authentication, intro 1-34

NAC Layer 2 IP validation, intro 1-34

named IPv6 ACLs, configuring

ACLs

configuring named IPv6 ACLs 49-15

named MAC extended ACLs

ACLs

configuring named MAC extended 49-13, 49-14

native VLAN

and 802.1Q tunneling 25-4

specifying 15-5

NDAC 40-9

defined 40-9

MACsec 40-1

NEAT

configuring 41-75

overview 41-24

neighbor offset numbers, REP 20-5

Network Assistant

and VTY 12-12

configure

enable communication with switch 12-13, 12-17

default configuration 12-3

overview of CLI commands 12-3

Network Device Admission Control (NDAC) 40-9

Network Edge Access Topology

See NEAT

network fault tolerance 1-7, 18-22

network management

configuring 26-1

RMON 63-1

SNMP 57-1

network performance, measuring with IP SLAs 62-3

network policy TLV 27-2, 27-9

Network Time Protocol

See NTP

network traffic, marking 37-17

New Software Features in Release 7.7

TDR 7-4

Next Hop Resolution Protocol

See NHRP

NHRP

support 1-15

non-fiber-optics interfaces

disabling UDLD 28-7

non-IP traffic filtering 49-13, 49-14

non-RPF traffic

description 33-9

in redundant configurations (figure) 33-10

Nonstop Forwarding

See NSF

nonvolatile random-access memory

See NVRAM

normal-range VLANs

See VLANs

NSF

defined 9-1

guidelines and restrictions 9-8

operation 9-4

NSF-aware

support 9-2

NSF-capable

support 9-2

NSF with SSO supervisor engine redundancy

and CEF 9-4

overview 9-3

SSO operation 9-3

NTP

associations

authenticating 4-4

defined 4-2

enabling broadcast messages 4-7

peer 4-6

server 4-6

default configuration 4-4

displaying the configuration 4-11

overview 4-2

restricting access

creating an access group 4-9

disabling NTP services per interface 4-10

source IP address, configuring 4-10

stratum 4-2

synchronizing devices 4-6

time

services 4-2

synchronizing 4-2

ntroduction

PPPoE Intermediate Agent 1-35

Storm Control 1-35

uRPF Strict Mode 1-36

NVRAM

saving settings 3-10

O

OAM

client 59-34

features 59-34

sublayer 59-34

OAM manager

configuring 59-52

with CFM and Ethernet OAM 59-51

OAM PDUs 59-35

OAM protocol data units 59-33

object tracking

monitoring 54-12

OIR

overview 6-25

on-demaind online diagnostics 64-2

online diagnostic

troubleshooting 64-8

Online Diagnostics 64-1

online diagnostics

configuring on-demaind 64-2

data path, displaying test results 64-7

displaying tests and test results 64-4

linecard 64-8

scheduling 64-2

starting and stopping tests 64-3

online insertion and removal

See OIR

Open Shortest Path First

See OSPF

operating system images

See system images

Option 82

enabling DHCP Snooping 48-10

OSPF

area concept 1-16

description 1-16

for IPv6 47-6

P

packets

modifying 37-9

packet type filtering

overview 52-14

SPAN enhancement 52-14

PACL

using with access-group mode 49-30

PACL configuration guidelines 49-28

PACL with VLAN maps and router ACLs 49-32

PAgP

understanding 22-3

passwords

configuring enable password 3-14

configuring enable secret password 3-14

encrypting 3-22

in clusters 12-8

recovering lost enable password 3-25

setting line password 3-14

PBR (policy-based routing)

configuration (example) 35-8

enabling 35-6

features 35-2

overview 35-1

route-map processing logic 35-3

route-map processing logic example 35-4

route maps 35-2

when to use 35-5

percentage thresholds in tracked lists 54-6

per-port and VLAN Access Control List 48-19

per-port per-VLAN QoS

enabling 37-34

overview 37-10

Per-User ACL and Filter-ID ACL, configure 41-42

Per-VLAN Rapid Spanning Tree 18-6

enabling 18-20

overview 18-6

PE to CE routing, configuring 36-12

physical layer 3 interfaces 30-2

Physical Layer 3 interfaces, configuring 30-11

PIM

configuring dense mode 33-14

configuring sparse mode 33-14

displaying information 33-22

displaying statistics 33-26

enabling sparse-dense mode 33-14, 33-15

overview 33-3

PIM-DM 33-3

PIM on an interface, enabling 33-13

PIM-SM 33-3

PIM-SSM mapping, enabling 33-16

ping

executing 7-9

overview 7-8

ping command 7-9, 33-22

PoE 11-7, 11-8

configuring power consumption, powered devices 11-5

configuring power consumption for single device 11-5, 11-16

displaying operational status for an interface 11-6

Enhanced PoE support on E-series 11-15

policing and monitoring 11-12

power consumption for powered devices

Intelligent Power Management 11-4

powering down a module 10-18

power management modes 11-2

PoE policing

configuring errdisable recovery 11-14

configuring on an interface 11-13

displaying on an interface 11-14

power modes 11-12

point-to-point

in 802.1X authentication (figure) 41-3

policing

how to implement 37-17

See QoS policing

policing, PoE 11-12

policing IPv6 control traffic 45-15

policy associations, QoS on Sup 6-E 37-38

policy-map command 37-15

policy map marking action, configuring 37-22

port ACLs

and voice VLAN 49-4

defined 49-3

Port Aggregation Protocol

see PAgP

port-based authentication

802.1X with voice VLAN 41-22

Authentication Failed VLAN assignment 41-17

authentication server

defined 43-2

changing the quiet period 41-72

client, defined 41-3, 43-2

configuration guidelines 41-28, 43-6

configure ACL assignments and redirect URLs 41-36

configure switch-to-RADIUS server communication 41-31

configure with Authentication Failed 41-62

configure with Critical Authentication 41-56

configure with Guest-VLANs 41-52

configure with MAC Authentication Bypass 41-55

configure with VLAN User Distribution 41-59

configure with Voice VLAN 41-63

configuring

Multiple Domain Authentication and Multiple Authorization 41-33

RADIUS server 43-10

RADIUS server parameters on the switch 43-9

configuring Fallback Authentication 41-66

configuring Guest-VLAN 41-31

configuring manual re-authentication of a client 41-81

configuring with Unidirectional Controlled Port 41-58

controlling authorization state 41-5

default configuration 41-27, 43-6

described 41-1

device roles 41-2, 43-2

displaying statistics 41-103, 43-14

enabling 41-28

802.1X authentication 43-9

enabling multiple hosts 41-71

enabling periodic re-authentication 41-70

encapsulation 41-3

host mode 41-6

how 802.1X fails on a port 41-25

initiation and message exchange 41-4

method lists 41-28

modes 41-6

multidomain authentication 41-22

multiple-hosts mode, described 41-7

port security

multiple-hosts mode 41-7

ports not supported 41-5

pre-authentication open access 41-8

resetting to default values 41-82

setting retransmission number 41-74

setting retransmission time 41-73

switch

as proxy 43-2

switch supplicant

configuring 41-75

overview 41-24

topologies, supported 41-25

using with ACL assignments and redirect URLs 41-20

using with port security 41-19

with Critical Authentication 41-14

with Guest VLANs 41-11

with MAC Authentication Bypass 41-12

with Unidirectional Controlled Port 41-15

with VLAN assignment 41-10

with VLAN User Distribution 41-16

port-channel interfaces

See also EtherChannel

creating 22-7

overview 22-2

port-channel load-balance

command 22-13

command example 22-13

port-channel load-balance command 22-14

port cost (STP)

configuring 18-15

port description TLV 27-2

PortFast

and MST 18-23

BPDU filter, configuring 21-9

configuring or enabling 21-15

overview 21-6

PortFast BPDU filtering

and MST 18-23

enabling 21-9

overview 21-9

port priority

configuring MST instances 18-32

configuring STP 18-13

ports

blocking 50-1

checking status 7-3

dynamic VLAN membership

example 13-29

reconfirming 13-26

forwarding, resuming 50-3

REP 20-6

See also interfaces

port security

aging 44-5

configuring 44-7

displaying 44-28

guidelines and restrictions 44-33

on access ports 44-7, 44-22

on private VLAN 44-14

host 44-14

promiscuous 44-16

topology 44-15, 44-18, 44-32

on trunk port 44-17

guidelines and restrictions 44-15, 44-18, 44-32

port mode changes 44-22

on voice ports 44-22

sticky learning 44-5

using with 802.1X 41-19

violations 44-6

with 802.1X Authentication 44-32

with DHCP and IP Source Guard 44-31

with other features 44-33

port states

description 18-5

port VLAN ID TLV 27-2

power

inline 38-5

power dc input command 10-17

powered devices, configuring power consumption 11-5

power handling for Supervisor Engine II-TS 11-12

power inline command 11-3

power inline consumption command 11-5

power management

Catalyst 4500 series 10-5

Catalyst 4500 Switch power supplies 10-12

configuring combined mode 10-11

configuring redundant mode 10-10

overview 10-1

redundancy 10-5

power management for Catalyst 4500 Switch

combined mode 10-7

redundant mode 10-7

power management limitations in Catalyst 4500 Switch 10-8

power management mode

selecting 10-7

power management TLV 27-2, 27-3, 27-9

power negotiation

through LLDP 27-11

Power-On-Self-Test diagnostics 64-10, 64-14

Power-On-Self-Test for Supervisor Engine V-10GE 64-10

power policing, displaying on an interface 11-14

power redundancy-mode command 10-10

power supplies

available power for Catalyst 4500 Switch 10-12

fixed 10-6

variable 10-6

pre-authentication open access 41-8

pre-authentication open access. See port-based authentication.

preempt delay time, REP 20-5

primary edge port, REP 20-4

primary VLANs 39-2, 39-4

associating with secondary VLANs 39-16

configuring as a PVLAN 39-15

priority

overriding CoS of incoming frames 38-5

priority queuing, QoS on Sup 6-E 37-29

private VLAN

configure port security 44-14, 44-15

enabling DHCP Snooping 48-12

private VLANs

across multiple switches 39-5

and SVIs 39-10

benefits of 39-2

community ports 39-3

community VLANs 39-2, 39-3

default configuration 39-12

end station access to 39-3

isolated port 39-4

isolated VLANs 39-2, 39-3, 39-4

ports

community 39-3

isolated 39-4

promiscuous 39-4

primary VLANs 39-2, 39-4

promiscuous ports 39-4

secondary VLANs 39-2

subdomains 39-2

traffic in 39-9

privileged EXEC mode 2-5

privileges

changing default 3-23

configuring levels 3-23

exiting 3-24

logging in 3-24

promiscuous ports

configuring PVLAN 39-17

defined 39-4

setting mode 39-24

protocol timers 18-4

provider edge devices 36-2

pruning, VTP

See VTP pruning

pseudobridges

description 18-25

PVACL 48-19

PVID (port VLAN ID)

and 802.1X with voice VLAN ports 41-22

PVLAN promiscuous trunk port

configuring 39-11, 39-17, 39-21

PVLANs

802.1q support 39-14

across multiple switches 39-5

configuration guidelines 39-12

configure port security 44-14, 44-16, 44-18

configure port security in a wireless setting 44-32

configuring 39-11

configuring a VLAN 39-15

configuring promiscuous ports 39-17

host ports

configuring a Layer 2 interface 39-18

setting 39-24

overview 39-1

permitting routing, example 39-23

promiscuous mode

setting 39-24

setting

interface mode 39-24

Q

QoS

classification37-6to ??

definitions 37-3

enabling per-port per-VLAN 37-34

overview 37-1

overview of per-port per-VLAN 37-10

packet modification 37-9

traffic shaping 37-9

See also COS; DSCP values; transmit queues

QoS active queue management

tracking queue length 37-9

QoS labels

definition 37-3

QoS marking

description 37-5

QoS on Sup 6-E

Active Queue management via DBL 37-33

active queue management via DBL 37-26, 37-33

classification 37-15

configuring 37-12

configuring CoS mutation 37-44

configuring the policy map marking action 37-22

hardware capabilities for marking 37-22

how to implement policing 37-17

marking action drivers 37-20

marking network traffic 37-17

MQC-based QoS configuration 37-13

multi-attribute marking support 37-21

platform hardware capabilities 37-14

platform restrictions 37-17

platform-supported classification criteria and QoS features 37-13

policing 37-16

policy associations 37-38

prerequisites for applying a service policy 37-14

priority queuing 37-29

queue-limiting 37-30

restrictions for applying a service policy 37-14

shaping 37-24

sharing(bandwidth) 37-26

sharing(blandwidth), shapring, and priority queuing 37-24

software QoS 37-39

traffic marking procedure flowchart 37-20

QoS policing

definition 37-5

described 37-8

QoS policy

attaching to interfaces 37-8

QoS service policy

prerequisites 37-14

restrictions for applying 37-14

QoS transmit queues

burst 37-9

maximum rate 37-9

sharing link bandwidth 37-9

Quality of service

See QoS

queueing 37-8

queue-limiting, QoS on Sup 6-E 37-30

R

RADIUS

attributes

vendor-proprietary 41-101

vendor-specific 41-99

change of authorization 41-84

configuring

accounting 41-98

authentication 41-93

authorization 41-97

communication, global 41-91, 41-99

communication, per-server 41-90, 41-91

multiple UDP ports 41-91

default configuration 41-90

defining AAA server groups 41-95

displaying the configuration 41-103

identifying the server 41-90

limiting the services to the user 41-97

method list, defined 41-90

operation of 41-84

server load balancing 41-103

suggested network environments 41-83

tracking services accessed by user 41-98

understanding 41-83

RADIUS, controlling switch access with 41-82

RADIUS Change of Authorization 41-84

RADIUS server

configure to-Switch communication 41-31

configuring settings 41-33

parameters on the switch 41-31

RA Guard

configuring 49-36

deployment 49-36

examples 49-36

introduction 49-35

usage guidelines 49-37

range command 6-4

range macros

defining 6-10

ranges of interfaces

configuring 6-4

Rapid Spanning Tree

See RSTP

rcommand command 12-13

reachability, tracking IP SLAs IP host 54-9

re-authentication of a client

configuring manual 41-81

enabling periodic 41-70

redirect URLs, port-based authentication 41-20

reduced MAC address 18-2

redundancy

configuring 8-7

guidelines and restrictions 8-5

changes made through SNMP 8-10

NSF-aware support 9-2

NSF-capable support 9-2

overview 8-2

redundancy command 8-7

understanding synchronization 8-4

redundancy (NSF) 9-1

configuring

BGP 9-11

CEF 9-10

EIGRP 9-16

IS-IS 9-13

OSPF 9-12

routing protocols 9-5

redundancy (RPR)

route processor redundancy 8-2

synchronization 8-5

redundancy (SSO)

redundancy command 9-9

route processor redundancy 8-3

synchronization 8-5

reload command 3-28, 3-29

Remote Authentication Dial-In User Service

See RADIUS

remote failure indications 59-34

remote loopback, Ethernet OAM 59-34, 59-37

Remote Network Monitoring

See RMON

rendezvous point, configuring 33-16

rendezvous point, configuring single static 33-19

REP

administrative VLAN 20-8

administrative VLAN, configuring 20-9

and STP 20-6

configuration guidelines 20-7

configuring interfaces 20-10

convergence 20-4

default configuration 20-7

manual preemption, configuring 20-13

monitoring 20-14

neighbor offset numbers 20-5

open segment 20-2

ports 20-6

preempt delay time 20-5

primary edge port 20-4

ring segment 20-2

secondary edge port 20-4

segments 20-1

characteristics 20-2

SNMP traps, configuring 20-14

supported interfaces 20-1

triggering VLAN load balancing 20-6

verifying link integrity 20-4

VLAN blocking 20-13

VLAN load balancing 20-4

replication

description 33-8

report suppression, IGMP

disabling 24-10

reserved-range VLANs

See VLANs

reset command 66-3

resetting an interface to default configuration 6-32

resetting a switch to defaults 3-32

Resilient Ethernet ProtocolLSee REP

responder, IP SLAs

described 62-4

enabling 62-7

response time, measuring with IP SLAs 62-4

restricting access

NTP services 4-8

RADIUS 41-82

TACACS+ 3-15

retransmission number

setting in 802.1X authentication 41-74

retransmission time

changing in 802.1X authentication 41-73

RFC

1157, SNMPv1 57-2

1305, NTP 4-2

1757, RMON 63-2

1901, SNMPv2C 57-2

1902 to 1907, SNMPv2 57-2

2273-2275, SNMPv3 57-2

RFC 5176 Compliance 41-85

RIP

description 1-16

for IPv6 47-5

RMON

default configuration 63-3

displaying status 63-6

enabling alarms and events 63-3

groups supported 63-2

overview 63-1

ROM monitor

boot process and 3-26

CLI 2-7

commands66-2to 66-3

debug commands 66-5

entering 66-1

exiting 66-6

overview 66-1

root bridge

configuring 18-9

selecting in MST 18-22

root guard

and MST 18-23

enabling 21-2

overview 21-2

routed packets

ACLs 49-26

route-map (IP) command 35-6

route maps

defining 35-6

PBR 35-2

router ACLs

description 1-35, 49-3

using with VLAN maps 49-25

router ACLs, using PACL with VLAN maps 49-32

route targets

VPN 36-3

Routing Information Protocol

See RIP

RPF

<Emphasis>See Unicast RPF

RSPAN

configuration guidelines 52-16

destination ports 52-5

IDS 52-2

monitored ports 52-4

monitoring ports 52-5

received traffic 52-3

sessions

creating 52-17

defined 52-3

limiting source traffic to specific VLANs 52-23

monitoring VLANs 52-21

removing source (monitored) ports 52-20

specifying monitored ports 52-17

source ports 52-4

transmitted traffic 52-4

VLAN-based 52-5

RSTP

compatibility 18-23

description 18-22

port roles 18-24

port states 18-24

S

SAID

See 802.10 SAID

SAP

defined 40-9

negotiation 40-9

support 40-1

scheduling 37-8

scheduling, IP SLAs operations 62-5

secondary edge port, REP 20-4

secondary root switch 18-12

secondary VLANs 39-2

associating with primary 39-16

permitting routing 39-23

security

configuring 45-1

Security Association Identifier

See 802.10 SAID

Security Exchange Protocol

See SXP

Security Exchange Protocol

See SAP

selecting a power management mode 10-7

sequence numbers in log messages 55-7

server IDs

description 61-23

service policy, configure class-level queue-limit 37-30

service-policy input command 29-2

service-provider networks

and customer VLANs 25-2

session keys, MKA 40-2

set default interface command 35-6, 35-7

set interface command 35-6

set ip default next-hop command 35-6

set ip next-hop command 35-6

set-request operation 57-4

severity levels, defining in system messages 55-8

shaping, QoS on Sup 6-E 37-24

sharing(bandwidth), QoS on Sup 6-E 37-26

Shell functions

See Auto SmartPorts macros

See Auto Smartports macros

Shell triggers

See Auto SmartPorts macros

See Auto Smartports macros

show adjacency command 31-9

show boot command 3-32

show catalyst4000 chassis-mac-address command 18-3

show cdp command 26-2, 26-3

show cdp entry command 26-4

show cdp interface command 26-3

show cdp neighbors command 26-4

show cdp traffic command 26-4

show ciscoview package command 4-41

show ciscoview version command 4-41

show cluster members command 12-13

show configuration command 6-15

show debugging command 26-4

show environment command 10-2

show history command 2-4

show interfaces command 6-20, 6-21, 6-28, 6-30

show interfaces status command 7-3

show ip cef command 31-8

show ip eigrp interfaces command 30-19

show ip eigrp neighbors command 30-19

show ip eigrp topology command 30-19

show ip eigrp traffic command 30-19

show ip interface command 33-22

show ip local policy command 35-7

show ip mroute command 33-22

show ip pim interface command 33-22

show l2protocol command 25-18

show lldp traffic command 27-15

show mac-address-table address command 7-4

show mac-address-table interface command 7-4

show mls entry command 31-8

show module command 7-2, 18-6

show PoE consumed 11-8

show power inline command 11-6

show power supplies command 10-11

show protocols command 6-28

show running-config command

adding description for an interface 6-15

checking your settings 3-9

displaying ACLs 49-19, 49-21, 49-30, 49-31

show startup-config command 3-10

show users command 7-7

show version command 3-29

shutdown, command 6-29

shutdown threshold for Layer 2 protocol packets 25-16

shutting down

interfaces 6-29

Simple Network Management Protocol

See SNMP

single-host mode 41-7

single spanning tree

See SST

single static RP, configuring 33-19

slot numbers, description 6-2

smart call home 61-1

description 61-2

destination profile (note) 61-5

registration requirements 61-3

service contract requirements 61-3

Transport Gateway (TG) aggregation point 61-2

SMARTnet

smart call home registration 61-3

Smartports macros

applying global parameter values 16-9, 16-15, 16-16

applying macros 16-9

applying parameter values 16-9

configuration guidelines 16-6, 16-15

configuring 16-2

creating 16-8

default configuration 16-4, 16-14

defined 1-8, 16-1

displaying 16-14

tracing 16-7, 16-15

SNMP

accessing MIB variables with 57-4

agent

described 57-4

disabling 57-7

and IP SLAs 62-2

authentication level 57-10

community strings

configuring 57-7

overview 57-4

configuration examples 57-15

configuration guidelines 57-6

default configuration 57-5

enabling 67-4, 67-5

engine ID 57-6

groups 57-6, 57-9

host 57-6

informs

and trap keyword 57-11

described 57-5

differences from traps 57-5

enabling 57-14

limiting access by TFTP servers 57-15

limiting system log messages to NMS 55-9

manager functions 57-3

notifications 57-5

overview 57-1, 57-4

status, displaying 57-16

system contact and location 57-14

trap manager, configuring 57-13

traps

described 57-3, 57-5

differences from informs 57-5

enabling 57-11

enabling MAC address notification 4-24

enabling MAC move notification 4-26

enabling MAC threshold notification 4-28

overview 57-1, 57-4

types of 57-11

users 57-6, 57-9

versions supported 57-2

SNMP commands 67-4

SNMP traps

REP 20-14

SNMPv1 57-2

SNMPv2C 57-2

SNMPv3 57-2

software

upgrading 8-12

software configuration register 3-26

software QoS, on Sup 6-E 37-39

software switching

description 31-5

interfaces 31-6

key data structures used 33-7

source IDs

call home event format 61-22

SPAN

and ACLs 52-5

configuration guidelines 52-7

configuring52-7to 52-10

destination ports 52-5

IDS 52-2

monitored port, defined 52-4

monitoring port, defined 52-5

received traffic 52-3

sessions

defined 52-3

source ports 52-4

transmitted traffic 52-4

VLAN-based 52-5

SPAN and RSPAN

concepts and terminology 52-3

default configuration 52-6

displaying status 52-24

overview 52-1

session limits 52-6

SPAN enhancements

access list filtering 52-13

configuration example 52-15

CPU port sniffing 52-10

encapsulation configuration 52-12

ingress packets 52-12

packet type filtering 52-14

spanning-tree backbonefast command 21-16

spanning-tree cost command 18-15

spanning-tree guard root command 21-2

spanning-tree portfast bpdu-guard command 21-8

spanning-tree portfast command 21-7

spanning-tree port-priority command 18-13

spanning-tree uplinkfast command 21-12

spanning-tree vlan

command 18-9

command example 18-9

spanning-tree vlan command 18-8

spanning-tree vlan cost command 18-16

spanning-tree vlan forward-time command 18-19

spanning-tree vlan hello-time command 18-18

spanning-tree vlan max-age command 18-18

spanning-tree vlan port-priority command 18-13

spanning-tree vlan priority command 18-17

spanning-tree vlan root primary command 18-10

spanning-tree vlan root secondary command 18-12

speed

configuring interface 6-12

speed command 6-13

SSO

configuring 9-9

SSO operation 9-3

SST

description 18-22

interoperability 18-24

static ACL, removing the requirement 49-28

static addresses

See addresses

static routes

configuring 3-11

verifying 3-12

statistics

802.1X 43-14

displaying 802.1X 41-103

displaying PIM 33-26

LLDP 27-14

LLDP-MED 27-14

MKA 40-5

SNMP input and output 57-16

sticky learning

configuration file 44-6

defined 44-5

disabling 44-6

enabling 44-5

saving addresses 44-6

sticky MAC addresses

configuring 44-7

defined 44-4

storing captured packets to a .pcap file, Wireshark 53-4

Storm Control

displaying 51-6

enabling Broadcast 51-3

enabling Multicast 51-4

hardware-based, implementing 51-2

overview 51-1

software-based, implementing 51-2

STP

and REP 20-6

bridge ID 18-2

configuring18-7to 18-20

creating topology 18-4

defaults 18-7

disabling 18-20

enabling 18-8

enabling extended system ID 18-9

enabling Per-VLAN Rapid Spanning Tree 18-20

EtherChannel guard

disabling 21-6

forward-delay time 18-19

hello time 18-17

Layer 2 protocol tunneling 25-13

maximum aging time 18-18

overview 18-1, 18-3

per-VLAN rapid spanning tree 18-6

port cost 18-15

port priority 18-13

root bridge 18-9

stratum, NTP 4-2

stub routing (EIGRP)

benefits 30-17

configuration tasks 30-17

configuring 30-13

overview 30-13

restrictions 30-17

verifying 30-18

subdomains, private VLAN 39-2

summer time 4-13

supervisor engine

accessing the redundant 8-13

configuring3-8to 3-13

copying files to standby 8-13

default configuration 3-1

default gateways 3-11

environmental monitoring 10-1

redundancy 9-1

ROM monitor 3-26

startup configuration 3-25

static routes 3-11

synchronizing configurations 8-10

Supervisor Engine II-TS

insufficient inline power handling 10-18, 11-12

Smartports macros

See also Auto Smartports macros

SVI Autostate Exclude

understanding 30-3

SVI Autostate exclude

configuring 30-7

S-VLAN 1-2, 25-7

switch 47-2

switch access with RADIUS, controlling 41-82

switched packets

and ACLs 49-25

Switched Port Analyzer

See SPAN

switchport

show interfaces 6-20, 6-21, 6-30

switchport access vlan command 15-5, 15-7

switchport block multicast command 50-2

switchport block unicast command 50-2

switchport mode access command 15-7

switchport mode dot1q-tunnel command 25-6

switchport mode dynamic command 15-5

switchport mode trunk command 15-5

switch ports

See access ports

switchport trunk allowed vlan command 15-5

switchport trunk encapsulation command 15-5

switchport trunk native vlan command 15-5

switchport trunk pruning vlan command 15-6

switch-to-RADIUS server communication

configuring 41-31

sysret command 66-5

system

reviewing configuration 3-10

settings at startup 3-27

system alarms

overview 10-4

system and network statistics, displaying 33-22

system capabilities TLV 27-2

system clock

configuring

daylight saving time 4-13

manually 4-11

summer time 4-13

time zones 4-12

displaying the time and date 4-12

overview 4-2

See also NTP

system description TLV 27-2

system images

loading from Flash memory 3-30

modifying boot field 3-27

specifying 3-30

system message logging

default configuration 55-3

defining error message severity levels 55-8

disabling 55-4

displaying the configuration 55-12

enabling 55-4

facility keywords, described 55-12

level keywords, described 55-9

limiting messages 55-9

message format 55-2

overview 55-1

sequence numbers, enabling and disabling 55-7

setting the display destination device 55-5

synchronizing log messages 55-6

timestamps, enabling and disabling 55-7

UNIX syslog servers

configuring the daemon 55-10

configuring the logging facility 55-11

facilities supported 55-12

system MTU

802.1Q tunneling 25-5

maximums 25-5

system name

manual configuration 4-15

See also DNS

system name TLV 27-2

system prompt, default setting 4-14

T

TACACS+ 45-1

accounting, defined 3-16

authentication, defined 3-16

authorization, defined 3-16

configuring

accounting 3-21

authentication key 3-18

authorization 3-21

login authentication 3-19

default configuration 3-18

displaying the configuration 3-22

identifying the server 3-18

limiting the services to the user 3-21

operation of 3-17

overview 3-15

tracking services accessed by user 3-21

tagged packets

802.1Q 25-3

Layer 2 protocol 25-13

TCAM programming and ACLs 49-7

for Sup II-Plust thru V-10GE 49-6

TCAM programming and ACLs for Sup 6-E 49-9

TDR

checking cable connectivity 7-4

enabling and disabling test 7-4

guidelines 7-4

Telnet

accessing CLI 2-2

disconnecting user sessions 7-8

executing 7-6

monitoring user sessions 7-7

telnet command 7-7

templates, Ethernet OAM 59-44

Terminal Access Controller Access Control System Plus

See TACACS+

TFTP

configuration files in base directory 3-5

configuring for autoconfiguration 3-4

limiting access by servers 57-15

TFTP download

See also console download

threshold monitoring, IP SLAs 62-6

time

See NTP and system clock

Time Domain Reflectometer

See TDR

time exceeded messages 7-10

timer

See login timer

timestamps in log messages 55-7

time zones 4-12

TLV

host presence detection 41-8

TLVs

defined 1-6, 27-2

LLDP-MED 27-2

Token Ring

media not supported (note) 13-5, 13-10

Topology change notification processing

MLD Snooping

Topology change notification processing 24-4

TOS

description 37-4

trace command 7-10

traceroute

See IP traceroute

See Layer 2 Traceroute

traceroute mac command 7-12

traceroute mac ip command 7-12

tracked lists

configuring 54-3

types 54-3

tracked objects

by Boolean expression 54-4

by threshold percentage 54-6

by threshold weight 54-5

tracking interface line-protocol state 54-2

tracking IP routing state 54-2

tracking objects 54-1

tracking process 54-1

track state, tracking IP SLAs 54-9

traffic

blocking flooded 50-2

traffic control

using ACLs (figure) 49-4

using VLAN maps (figure) 49-5

traffic marking procedure flowchart 37-20

traffic shaping 37-9

translational bridge numbers (defaults) 13-5

traps

configuring MAC address notification 4-24

configuring MAC move notification 4-26

configuring MAC threshold notification 4-28

configuring managers 57-11

defined 57-3

enabling 4-24, 4-26, 4-28, 57-11

notification types 57-11

overview 57-1, 57-4

troubleshooting

with CiscoWorks 57-4

with system message logging 55-1

with traceroute 7-9

troubleshooting high CPU due to ACLs 49-6

trunk failover

See link-state tracking

trunk ports

configure port security 44-17

configuring PVLAN39-19to 39-21

trunks

802.1Q restrictions 15-4

configuring 15-5

configuring access VLANs 15-5

configuring allowed VLANs 15-5

default interface configuration 15-5

enabling to non-DTP device 15-3

specifying native VLAN 15-5

understanding 15-3

trustpoint 61-3

tunneling

defined 25-1

tunnel ports

802.1Q, configuring 25-6

described 25-2

incompatibilities with other features 25-5

type length value

See TLV

type of service

See TOS

U

UDLD

configuring probe message interval per-interface 28-8

default configuration 28-4

disabling on fiber-optic interfaces 28-7

disabling on non-fiber-optic interfaces 28-7

displaying link status 28-8

enabling globally 28-5

enabling per-interface 28-6

modes of operation 28-3

resetting disabled LAN interfaces 28-8

use case 28-2

UDLD, overview 28-1

UDP jitter, configuring 62-9

UDP jitter operation, IP SLAs 62-8

unauthorized ports with 802.1X 41-5

unicast

See IP unicast

unicast flood blocking

configuring 50-1

unicast MAC address filtering

and adding static addresses 4-31

and broadcast MAC addresses 4-30

and CPU packets 4-30

and multicast addresses 4-30

and router MAC addresses 4-30

configuration guidelines 4-30

described 4-30

unicast MAC address filtering, configuring

ACLs

configuring unicast MAC address filtering 49-13

Unicast RPF (Unicast Reverse Path Forwarding)

applying 32-5

BGP attributes

caution 32-4

CEF

requirement 32-2

tables 32-7

configuring 32-9

(examples)??to 32-12

BOOTP 32-8

DHCP 32-8

enterprise network (figure) 32-6

prerequisites 32-9

routing table requirements 32-7

tasks 32-9

verifying 32-10

deploying 32-5

description 1-19, 32-1

disabling 32-11

enterprise network (figure) 32-6

FIB 32-2

implementing 32-4

packets, dropping (figure) 32-4

prerequisites 32-9

restrictions

basic 32-8

routing asymmetry 32-7

routing asymmetry (figure) 32-8

routing table requirements 32-7

security policy

applying 32-5

attacks, mitigating 32-5

deploying 32-5

tunneling 32-5

source addresses, validating 32-3

(figure) 32-3, 32-4

failure 32-3

traffic filtering 32-5

tunneling 32-5

validation

failure 32-3, 32-4

packets, dropping 32-3

source addresses 32-3

verifying 32-10

unicast traffic

blocking 50-2

Unidirectional Controlled Port, configuring 802.1X 41-58

unidirectional ethernet

enabling 29-2

example of setting 29-2

overview 29-1

UniDirectional Link Detection Protocol

See UDLD

Universal PoE, configuring 11-16

UNIX syslog servers

daemon configuration 55-10

facilities supported 55-12

message logging configuration 55-11

UplinkFast

and MST 18-23

enabling 21-15

MST and 18-23

overview 21-11

usage examples, Wireshark 53-17

user-defined event triggers

configuring, 802.1X-based 17-8

configuring, MAC address-based 17-9

User-defined triggers and built-in macros, configuring mapping 17-9

user EXEC mode 2-5

user sessions

disconnecting 7-8

monitoring 7-7

V

VACLs

Layer 4 port operations 49-10

virtual configuration register 66-3

virtual LANs

See VLANs

virtual ports, MKA 40-3

Virtual Private Network

See VPN

Virtual Switch System(VSS), displaying EtherChannel to 22-16

VLAN ACLs

See VLAN maps

VLAN blocking, REP 20-13

vlan command 13-6

vlan dot1q tag native command 25-4

VLAN ID

service provider 25-9

VLAN ID, discovering 4-37

VLAN ID translation

See VLAN mapping

VLAN load balancing

REP 20-4

VLAN load balancing, triggering 20-6

VLAN load balancing on flex links 19-2

configuration guidelines 19-6

VLAN Management Policy Server

See VMPS

VLAN mapping

1-to-1 25-8

1-to-1, configuring 25-11

configuration guidelines 25-10

configuring 25-11

configuring on a trunk port 25-11

default 25-9

described 1-2, 25-7

selective QinQ 25-8

selective Q-in-Q, configuring 25-12

traditional QinQ 25-8

traditional Q-in-Q, configuring 25-12

types of 25-8

VLAN maps

applying to a VLAN 49-21

configuration example 49-22

configuration guidelines 49-18

configuring 49-17

creating and deleting entries 49-19

defined 1-35

denying access example 49-23

denying packets 49-19

displaying 49-24

order of entries 49-18

permitting packets 49-19

router ACLs and 49-25

using (figure) 49-5

using in your network 49-22

VLAN maps, PACL and Router ACLs 49-32

VLANs

allowed on trunk 15-5

configuration guidelines 13-3

configuring 13-5

configuring as Layer 3 interfaces 30-7

customer numbering in service-provider networks 25-3

default configuration 13-4

description 1-9

extended range 13-3

IDs (default) 13-5

interface assignment 13-7

limiting source traffic with RSPAN 52-23

monitoring with RSPAN 52-21

name (default) 13-5

normal range 13-3

overview 13-1

reserved range 13-3

See also PVLANs

VLAN Trunking Protocol

See VTP

VLAN trunks

overview 15-3

VLAN User Distribution, configuring 802.1X 41-59

VMPS

configuration file example 13-32

configuring dynamic access ports on client 13-25

configuring retry interval 13-27

database configuration file 13-32

dynamic port membership

example 13-29

reconfirming 13-26

reconfirming assignments 13-26

reconfirming membership interval 13-26

server overview 13-21

VMPS client

administering and monitoring 13-28

configure switch

configure reconfirmation interval 13-26

dynamic ports 13-25

entering IP VMPS address 13-24

reconfirmation interval 13-27

reconfirm VLAM membership 13-26

default configuration 13-24

dynamic VLAN membership overview 13-23

troubleshooting dynamic port VLAN membership 13-29

VMPS server

fall-back VLAN 13-23

illegal VMPS client requests 13-23

overview 13-21

security modes

multiple 13-22

open 13-22

secure 13-22

voice interfaces

configuring 38-1

Voice over IP

configuring 38-1

voice ports

configuring VVID 38-3

voice traffic 11-2, 38-5

voice VLAN

IP phone data traffic, described 38-2

IP phone voice traffic, described 38-2

Voice VLAN, configure 802.1X 41-63

voice VLAN ports

using 802.1X 41-22

VPN

configuring routing in 36-12

forwarding 36-3

in service provider networks 36-1

routes 36-2

routing and forwarding table

See VRF

VRF

defining 36-3

tables 36-1

VRF-aware services

ARP 36-6, 36-9

configuring 36-5

ftp 36-8

ping 36-6

SNMP 36-7

syslog 36-8

tftp 36-8

traceroute 36-8

uRPF 36-7

VRF-lite

description 1-19

VTP

client, configuring 13-16

configuration guidelines 13-12

default configuration 13-13

disabling 13-16

Layer 2 protocol tunneling 25-14

monitoring 13-19

overview 13-8

pruning

configuring 13-15

See also VTP version 2

server, configuring 13-16

statistics 13-19

transparent mode, configuring 13-16

version 2

enabling 13-15

VTP advertisements

description 13-9

VTP domains

description 13-8

VTP modes 13-9

VTP pruning

overview 13-11

VTP versions 2 and 3

overview 13-9

See also VTP

VTY and Network Assistant 12-12

VVID (voice VLAN ID)

and 802.1X authentication 41-22

configuring 38-3

W

WCCP

configuration examples 65-10

configuring on a router 65-2, 65-11

features 65-4

restrictions 65-5

service groups 65-6

web-based authentication

authentication proxy web pages 43-4

description 1-36, 41-14, 43-1

web-based authentication, interactions with other features 43-4

Web Cache Communication Protocol

See WCCP 65-1

web caches

See cache engines

web cache services

description 65-4

web caching

See web cache services

See also WCCP

web scaling 65-1

weight thresholds in tracked lists 54-5

Wireshark

activating and deactivating, capture points, conceptual 53-5

attachment points 53-2

capture filter 53-3

capture points 53-2

core system filter 53-3

decoding and displaying packets 53-5

display filter 53-3

feature interactions 53-6

filters 53-2

storing captured packets to a .pcap filter 53-4

usage examples 53-17

Wireshark, about 53-1

Wireshark, activating and deactivating a capture point 53-10

Wireshark, defining/modifying/deleting a capture point 53-8

Wireshark, displaying information 53-13

Y

Y.1731

default configuration 59-29

described 59-27

ETH-AIS

Ethernet Alarm Signal function (ETH-AIS)

     1

ETH-RDI 59-28

multicast Ethernet loopback 59-31

multicast ETH-LB 59-29

terminology 59-27