Catalyst 6500 Release 12.2SX Software Configuration Guide
Index
Downloads: This chapterpdf (PDF - 1.15MB) The complete bookPDF (PDF - 21.37MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -

Index

Numerics

4K VLANs (support for 4,096 VLANs) 23-2

802.1AE Tagging 50-2

802.1Q

encapsulation 17-4

Layer 2 protocol tunneling

See Layer 2 protocol tunneling

mapping to ISL VLANs 23-7, 23-10

trunks 17-3

restrictions 17-5

tunneling

configuration guidelines 26-3

configuring tunnel ports 26-6

overview 26-1

802.1Q Ethertype

specifying custom 17-18

802.1X

See port-based authentication

802.1x accounting 60-48

802.3ad

See LACP

802.3af 16-2

802.3at 16-2

802.3x Flow Control 8-13

A

AAA 47-1, 48-1, 49-1, 52-1, 53-1

fail policy 60-4, 61-4

AAA (authentication, authorization, and accounting). See also port-based authentication. 60-1, 61-2

aaa accounting dot1x command 60-48

aaa accounting system command 60-48

abbreviating commands 2-5

access control entries and lists 47-1, 48-1, 49-1, 52-1, 53-1

access-enable host timeout (not supported) 49-2

access port, configuring 17-16

accounting

with 802.1x 60-48

with IEEE 802.1x 60-12

ACEs and ACLs 47-1, 48-1, 49-1, 52-1

ACLs

downloadable 61-7

downloadable (dACLs) 60-20

Filter-ID 60-21

per-user 60-20

port, defined 51-2

redirect URL 60-21

static sharing 60-22

acronyms, list of B-1, C-1

advertisements, VTP 22-3

aggregate label 32-2, 32-4

aggregate policing

see QoS policing

aging time

accelerated

for MSTP 28-47

maximum

for MSTP 28-48

aging-time

IP MLS 63-11

alarms

major 10-12

minor 10-12

Allow DHCP Option 82 on Untrusted Port

configuring 54-11

understanding 54-3

any transport over MPLS (AToM) 32-17

compatibility with previous releases of AToM 32-19

Ethernet over MPLS 32-19

ARP ACL 43-72

ARP spoofing 56-1

AToM 32-17

audience 1-xli

Authentication, Authorization, and Accounting

See AAA

Authentication, Authorization, and Accounting (AAA) 52-1, 53-1

authentication control-direction command 60-62

authentication event command 60-50

authentication failed VLAN

See restricted VLAN

authentication open comand 60-11

authentication password, VTP 22-4

authentication periodic command 60-42, 60-59

authentication port-control command 60-50

authentication timer reauthenticate command 60-43

authorized ports with 802.1X 60-8

auto enablement 60-28

automatic FPD image upgrade

(example) A-56

disabling A-53

re-enabling A-53

automatic QoS

configuration guidelines and restrictions 44-3

macros 44-3

overview 44-1

AutoQoS 44-1

auto-sync command 7-4

auxiliary VLAN

See voice VLAN

B

BackboneFast

See STP BackboneFast

backup interfaces

See Flex Links

binding database, DHCP snooping

See DHCP snooping binding database

binding table, DHCP snooping

See DHCP snooping binding database

blocking floods 58-1

blocking state, STP 28-7

BPDU

RSTP format 28-16

BPDU guard

See STP BPDU guard

BPDUs

Bridge Assurance 29-3

Shared Spanning Tree Protocol (SSTP) 29-12

Bridge Assurance

description29-3to 29-5

inconsistent state 29-3

supported protocols and link types 29-3

bridge groups 30-2

bridge ID

See STP bridge ID

bridge priority, STP 28-35

bridge protocol data units

see BPDUs

bridging 30-2

broadcast storms

see traffic-storm control

C

Call Home

description 65-2

message format options 65-2

messages

format options 65-2

call home 65-1

alert groups 65-13

contact information 65-4

default settings 65-3

destination profiles 65-5

displaying information 65-23

pattern matching 65-16

periodic notification 65-15

rate limit messages 65-11

severity threshold 65-15

smart call home feature 65-3

SMTP server 65-4

testing communications 65-16

call home alert groups

configuring 65-13

description 65-14

subscribing 65-14

call home customer information

entering information 65-4

call home destination profiles

attributes 65-6

description 65-6

displaying 65-25

call home notifications

full-txt format for syslog 65-37

XML format for syslog 65-37

CDP

host presence detection 60-10, 62-3

to configure Cisco phones 15-2

CEF 34-1

configuring

RP 34-5

supervisor engine 34-5

examples 34-3

Layer 3 switching 34-2

packet rewrite 34-2

CEF for PFC2

See CEF

certificate authority (CA) 65-4

CGMP 38-8

disabling automatic detection 38-14

Change of Authorization

See CoA

channel-group group

command 19-9, 19-14, 19-15, 19-16, 19-17

command example 19-10, 19-15

Cisco Discovery Protocol

See CDP

Cisco Emergency Responder 15-3

Cisco EnergyWise 11-1

Cisco Express Forwarding 32-3

Cisco Group Management Protocol

See CGMP

Cisco IOS Unicast Reverse Path Forwarding 47-2

CISP 60-28

CIST regional root

See MSTP

CIST root

See MSTP

class command 43-76

class-map command 43-68

class map configuration 43-73

clear authentication sessions command 60-45

clear counters command 8-18

clear dot1x command 60-44

clear interface command 8-18

clear mls ip multicast statistics command

clears IP MMLS statistics 37-28

CLI

accessing 2-2

backing out one level 2-5

console configuration mode 2-5

getting list of commands 2-5

global configuration mode 2-5

history substitution 2-4

interface configuration mode 2-5

privileged EXEC mode 2-5

ROM monitor 2-7

software basics 2-4

Client Information Signalling Protocol

See CISP

CoA

description 60-25

command line processing 2-3

commands

class-map 32-11, 32-12

commands, getting list of 2-5

Committed Access Rate (CAR), not supported 43-2

community ports 24-3

community VLANs 24-2, 24-3

Concurrent routing and bridging (CRB) 30-2

configuration example

EoMPLS port mode 32-20, 32-23

EoMPLS VLAN mode 32-21

configure terminal command 8-2, A-61

configuring 43-75

console configuration mode 2-5

control plane policing

See CoPP

CoPP 53-1

applying QoS service policy to control plane 53-3

configuring

ACLs to match traffic 53-3

enabling MLS QoS 53-3

packet classification criteria 53-3

service-policy map 53-3

control plane configuration mode

entering 53-3

displaying

dynamic information 53-4

number of conforming bytes and packets 53-4

rate information 53-4

entering control plane configuration mode 53-3

monitoring statistics 53-4

overview 53-1

packet classification guidelines 53-4

traffic classification

defining 53-6

guidelines 53-7

overview 53-6

sample ACLs 53-7

sample classes 53-6

CoS

override priority 15-6, 16-5

counters

clearing interface 8-18

critical authentication 60-4

critical authentication, IEEE 802.1x 60-53

CSCsr62404 8-14

CSCtc21076 49-8

CSCtd34068 43-53

CSCte40004 43-53, 51-12

CSCte95941 43-55

customer contact information

entering for call home 65-4

D

dACL

See ACLs, downloadable 60-20

dCEF 34-4, 34-5

deactivation, verifying for ES+ modules A-60

debug commands

IP MMLS 37-28

DEC spanning-tree protocol 30-2

default configuration

802.1X 60-34, 61-7

dynamic ARP inspection 56-5

Flex Links 18-4

IP MMLS 37-9

MSTP 28-39

MVR 39-4

UDLD 9-4

voice VLAN 15-4

VTP 22-8

default NDE configuration 64-10

default VLAN 17-12

deficit weighted round robin 43-110

denial of service protection

See DoS protection

description command 8-16

destination-ip flow mask 63-2

destination-source-ip flow mask 63-3

device IDs

call home format 65-33, 65-34

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP option 82

circuit ID suboption 54-5

overview 54-3

packet format, suboption

circuit ID 54-5

remote ID 54-5

remote ID suboption 54-5

DHCP option 82 allow on untrusted port 54-11

DHCP snooping

802.1X data insertion 60-11

binding database

See DHCP snooping binding database

configuration guidelines 54-7

configuring 54-9

default configuration 54-7

detecting spurious servers 54-14

displaying binding tables 54-19

enabling 54-9, 54-10, 54-11, 54-12, 54-13, 54-14, 54-15

enabling the database agent 54-16

message exchange process 54-4

monitoring 55-4, 55-6

option 82 data insertion 54-3

overview 54-1

Snooping database agent 54-5

DHCP snooping binding database

described 54-3

entries 54-3

DHCP snooping binding table

See DHCP snooping binding database

DHCP Snooping Database Agent

adding to the database (example) 54-19

enabling (example) 54-16

overview 54-5

reading from a TFTP file (example) 54-18

DHCP snooping increased bindings limit 54-7, 54-16

differentiated services codepoint

See QoS DSCP

DiffServ

configuring short pipe mode 45-34

configuring uniform mode 45-39

short pipe mode 45-31

uniform mode 45-32

DiffServ tunneling modes 45-4

Disabling PIM Snooping Designated Router Flooding 41-6

distributed Cisco Express Forwarding

See dCEF

distributed egress SPAN 68-5, 68-18

documentation, related 1-xli

DoS protection

configuration guidelines and restrictions 52-13

default configurations 52-13

egress ACL bridget packet rate limiters 52-7

FIB glean rate limiters 52-9

FIB receive rate limiters 52-8

ICMP redirect rate limiters 52-9

IGMP unreachable rate limiters 52-8

ingress ACL bridget packet rate limiters 52-7

IP errors rate limiters 52-11

IPv4 multicast rate limiters 52-11

IPv6 multicast rate limiters 52-12

Layer 2 PDU rate limiters 52-10

Layer 2 protocol tunneling rate limiters 52-10

Layer 3 security features rate limiters 52-9

monitoring packet drop statistics

using monitor session commands 52-14, 52-15

using VACL capture 52-16

MTU failure rate limiters 52-10

multicast directyly connected rate limiters 52-11

multicast FIB miss rate limiters 52-11

multicast IGMP snooping rate limiters 52-10

network under SYN attack 52-4

QoS ACLs 52-2

security ACLs 52-2

TCP intercept 52-4

traffic storm control 52-3

TTL failure rate limiter 52-8

understanding how it works 52-2

uRPF check 52-3

uRPF failure rate limiters 52-7

VACL log rate limiters 52-9

dot1x auth-fail max-attempts command 60-52

dot1x critical command 60-55

dot1x initialize interface command 60-44

dot1x mac-auth-bypass command 60-57

dot1x max-reauth-req command 60-47

dot1x max-req command 60-47

dot1x pae authenticator command 60-36

dot1x port-control command 60-50

dot1x re-authenticate interface command 60-43

dot1x reauthentication command 60-42

dot1x timeout quiet-period command 60-45

dot1x timeout reauth-period command 60-43

drop command A-10, A-11

DSCP

See QoS DSCP

DSCP-based queue mapping 43-101

duplex command 8-8, 8-9

duplex mode

autonegotiation status 8-9

configuring interface 8-7

DWRR 43-110

dynamic ARP inspection

ARP cache poisoning 56-2

ARP requests, described 56-2

ARP spoofing attack 56-2

clearing

log buffer 56-15

statistics 56-15

configuration guidelines 56-6

configuring

log buffer 56-13, 56-14

logging system messages 56-13

rate limit for incoming ARP packets 56-4, 56-9

default configuration 56-5

denial-of-service attacks, preventing 56-9

described 56-1

DHCP snooping binding database 56-3

displaying

ARP ACLs 56-14

configuration and operating state 56-15

log buffer 56-15

statistics 56-15

trust state and rate limit 56-15

error-disabled state for exceeding rate limit 56-4

function of 56-2

interface trust states 56-3

log buffer

clearing 56-15

configuring 56-13, 56-14

displaying 56-15

logging of dropped packets, described 56-5

logging system messages

configuring 56-13

man-in-the middle attack, described 56-2

network security issues and interface trust states 56-3

priority of ARP ACLs and DHCP snooping entries 56-4

rate limiting of ARP packets

configuring 56-9

described 56-4

error-disabled state 56-4

statistics

clearing 56-15

displaying 56-15

validation checks, performing 56-11

Dynamic Host Configuration Protocol snooping

See DHCP snooping

E

EAC 50-2

EAPOL. See also port-based authentication. 60-1

eFSU

for a virtual switching system 4-54

eFSU, See Enhanced Fast Software Upgrade (eFSU)

eFSU. See enhanced Fast Software Upgrade (eFSU)

Egress ACL support for remarked DSCP 43-13

egress ACL support for remarked DSCP 43-63

egress replication performance improvement 37-15

egress SPAN 68-5

e-mail addresses

assigning for call home 65-4

e-mail notifications

Call Home 65-2

enable mode 2-5

enable sticky secure MAC address 62-9

enabling

IP MMLS

on router interfaces 37-13

encapsulation 17-4

Endpoint Admission Control (EAC) 50-2

EnergyWise 11-1

enhanced Fast Software Upgrade (eFSU)

aborting (issu abortversion command) 5-13

accepting the new software version 5-11

commiting the new software to standby RP (issu commitversion command) 5-12

displaying maximum outage time for module 5-10

error handling 5-4

forcing a switchover (issu runversion command) 5-10

issu loadversion command 5-8

loading new software onto standby RP 5-8

memory reservation on module 5-3

memory reservation on module, prohibiting 5-3

OIR not supported 5-4

operation 5-2

outage times 5-3

performing 5-5, 5-14

restrictions 5-4

steps 5-5

verifying redundancy mode 5-7

environmental monitoring

LED indications 10-12

SNMP traps 10-12

supervisor engine and switching modules 10-12

Syslog messages 10-12

using CLI commands 10-10

EOBC

for MAC address table synchronization 17-2

EoMPLS 32-17

configuring 32-19

configuring VLAN mode 32-19

guidelines and restrictions 32-18

port mode 32-19

port mode configuration guidelines 32-23

VLAN mode 32-19

ERSPAN 68-1

ES+ module

activation (example) A-61

deactivating A-60

deactivation (example) A-61

reactivating A-60

restrictions A-2

EtherChannel

channel-group group

command 19-9, 19-14, 19-15, 19-16, 19-17

command example 19-10, 19-15

configuration guidelines 4-30, 19-6

configuring

Layer 2 19-9, 19-16

configuring (tasks) 4-29, 19-8

DFC restriction, see CSCdt27074 in the Release Notes

interface port-channel

command example 19-8

interface port-channel (command) 19-8

lacp system-priority

command example 19-11

Layer 2

configuring 19-9, 19-16

load balancing

configuring 19-12

understanding 19-5

Min-Links 19-14, 19-15

modes 19-3

PAgP

understanding 19-3

port-channel interfaces 19-5

port-channel load-balance

command 19-11, 19-12

command example 19-12

STP 19-5

switchport trunk encapsulation dot1q 19-6

understanding 4-1, 19-1

EtherChannel Guard

See STP EtherChannel Guard

Ethernet

setting port duplex 8-15

Ethernet over MPLS (EoMPLS) configuration

EoMPLS port mode 32-23

EoMPLS VLAN mode 32-20

event tracer feature A-58

EXP mutation 45-4

extended range VLANs 23-2

See VLANs

extended system ID

MSTP 28-41

Extensible Authentication Protocol over LAN. See EAPOL.

F

fabric switching mode

See switch fabric module

fabric switching-mode allow dcef-only command on Supervisor Engine 720 6-2

fabric switchover 6-9

fall-back bridging 30-2

fastethernet 8-2

fast fabric switchover 6-9

fast link notification

on VSL failure 4-13

fiber-optic, detecting unidirectional links 9-1

FIB TCAM 32-3

filters, NDE

destination host filter, specifying 64-17

destination TCP/UDP port, specifying 64-16

protocol 64-17

source host and destination TCP/UDP port 64-16

Flex Links 18-1

configuration guidelines 18-4

configuring 18-4

default configuration 18-4

description 18-1

monitoring 18-5

flood blocking 58-1

flow control 8-13

flow masks

IP MLS

destination-ip 63-2

destination-source-ip 63-3

ip-full 63-3

minimum 63-10

overview 64-3

flows

IP MMLS

completely and partially switched 37-4

forward-delay time

MSTP 28-47

forward-delay time, STP 28-36

FPD image packages

caution A-51, A-56

displaying default information A-56

downloadingA-54to A-55

modifying the default pathA-55to A-56

overview A-49

version number requirements A-50

FPD images

displaying minimum and current versions A-56

manually upgrading A-54

upgrade scenarios A-51

upgrading in productionA-52to A-53

FPDs (field-programmable devices), description A-49

frame distribution

See EtherChannel load balancing

FSU

for a virtual switching system 4-54

FTP server, downloading FPD images toA-54to A-55

G

global configuration mode 2-5

guest VLAN and 802.1x 60-15

guidelines 25-6

H

hardware Layer 3 switching

guidelines 34-4

hello time

MSTP 28-46

hello time, STP 28-36

hierarchical QoS A-31

High Capacity Power Supply Support 10-4

history

CLI 2-4

host mode

see port-based authentication

host ports

kinds of 24-3

host presence CDP message 15-3, 60-10

host presence TLV message 62-3

http

//www-tac.cisco.com/Teams/ks/c3/xmlkwery.php?srId=612293409 19-7

hw-module subslot shutdown command A-61

I

ICMP unreachable messages 49-3

IDs

serial IDs 65-34

IEEE 802.1Q

See 802.1Q

IEEE 802.1Q Ethertype

specifying custom 17-18

IEEE 802.1Q Tagging on a Per-Port Basis 26-7

IEEE 802.1w

See RSTP

IEEE 802.1x

accounting 60-12, 60-48

authentication failed VLAN 60-16

critical ports 60-17

DHCP snooping 60-11

guest VLAN 60-15

MAC authentication bypass 60-23

network admission control Layer 2 validation 60-24

port security interoperability 60-19

RADIUS-supplied session timeout 60-42

voice VLAN 60-18

wake-on-LAN support 60-25

IEEE 802.3ad

See LACP

IEEE 802.3af 16-2

IEEE 802.3at 16-2

IEEE 802.3x Flow Control 8-13

IEEE bridging protocol 30-2

IGMP

configuration guidelines 36-8, 38-7

enabling 38-9

general query interval

configuring 38-11, 38-12

Internet Group Management Protocol 38-1

join messages 38-2

leave processing

enabling 38-13

queries 38-3

query interval

configuring 38-13

snooping

fast leave 38-5

joining multicast group 38-2, 40-2

leaving multicast group 38-4, 40-4

understanding 38-2, 40-2

snooping querier

enabling 38-10

understanding 38-2, 40-2

IGMPv3 37-11

IGMP v3lite 37-11

ignore port trust 43-9, 43-16, 43-60, 43-77

inaccessible authentication bypass 60-17

ingress SPAN 68-5

Integrated routing and bridging (IRB) 30-2

interface

configuration mode 2-5

Layer 2 modes 17-4

number 8-2

interface port-channel

command example 19-8

interface port-channel (command) 19-8

interfaces

configuring 8-2

configuring, duplex mode 8-7

configuring, speed 8-7

configururing, overview 8-2

counters, clearing 8-18

descriptive name, adding 8-16

displaying information about 8-17

maintaining 8-17

monitoring 8-17

naming 8-16

range of 8-4

restarting 8-19

shutting down

task 8-19

interfaces command 8-2

interfaces range command 8-4, 67-2

interfaces range macro command 8-6

internal VLANs 23-2

Internet Group Management Protocol

See IGMP

IP accounting, IP MMLS and 37-10

IP CEF

topology (figure) 34-4

ip flow-export destination command 64-14

ip flow-export source command 63-14, 64-13, 64-14, 70-3, 70-4

ip-full flow mask 63-3

ip http server 1-6

IP MLS

aging-time 63-11

flow masks

destination-ip 63-2

destination-source-ip 63-3

ip-full 63-3

minimum 63-10

overview 64-3

IP MMLS

cache, overview 37-2

configuration guideline 37-10

debug commands 37-28

default configuration 37-9

enabling

on router interfaces 37-13

flows

completely and partially switched 37-4

Layer 3 MLS cache 37-2

overview 37-2

packet rewrite 37-3

router

enabling globally 37-11

enabling on interfaces 37-13

multicast routing table, displaying 37-22

PIM, enabling 37-12

switch

statistics, clearing 37-28

unsupported features 37-10

IP multicast

IGMP snooping and 38-9

MLDv2 snooping and 36-10

overview 38-2, 40-1, 40-7

IP multicast MLS

See IP MMLS

ip multicast-routing command

enabling IP multicast 37-12

IP phone

configuring 15-5

ip pim command

enabling IP PIM 37-12

IP Source Guard

configuring 55-3

configuring on private VLANs 55-4

displaying 55-4, 55-6

overview 55-1

IP unnumbered 30-2

IPv4 Multicast over Point-to-Point GRE Tunnels 1-6

IPv4 Multicast VPN 42-1

IPv6 Multicast PFC3 and DFC3 Layer 3 Switching 35-1

IPv6 QoS 43-55

ISL encapsulation 17-4

ISL trunks 17-3

isolated port 24-3

isolated VLANs 24-2, 24-3

J

join messages, IGMP 38-2

jumbo frames 8-10

K

keyboard shortcuts 2-3

L

label edge router 32-2

label switched path 32-19

label switch router 32-2, 32-4

LACP

system ID 19-4

Layer 2

configuring interfaces 17-6

access port 17-16

trunk 17-10

defaults 17-5

interface modes 17-4

show interfaces 8-12, 8-13, 17-7, 17-15

switching

understanding 17-1

trunks

understanding 17-3

VLAN

interface assignment 23-6

Layer 2 Interfaces

configuring 17-1

Layer 2 protocol tunneling

configuring Layer 2 tunnels 27-2

overview 27-1

Layer 2 remarking 43-15

Layer 2 Traceroute 71-1

Layer 2 traceroute

and ARP 71-2

and CDP 71-2

described 71-1

IP addresses and subnets 71-2

MAC addresses and VLANs 71-2

multicast traffic 71-2

multiple devices on a port 71-2

unicast traffic 71-1

usage guidelines 71-2

Layer 3

IP MMLS and MLS cache 37-2

Layer 3 switched packet rewrite

CEF 34-2

Layer 3 switching

CEF 34-2

Layer 4 port operations (ACLs) 49-10

leave processing, IGMP

enabling 38-13

leave processing, MLDv2

enabling 36-12

LERs 45-2, 45-6, 45-7

Link Failure

detecting unidirectional 28-25

link negotiation 8-8

link redundancy

See Flex Links

LLDP-MED

configuring

TLVs 16-8

LLQ A-27

Load Balancing 32-8

Local Egress Replication 37-15

logical operation unit

See LOU

loop guard

See STP loop guard

LOU

description 49-11

determining maximum number of 49-11

LSRs 45-2, 45-6

M

mab command 60-50, 60-57

MAC address-based blocking 47-2

MAC address table notification 17-8

mac-address-table synchronize command 17-3

MAC authentication bypass. See also port-based authentication. 60-23

MAC move (port security) 62-2

macros 3-1

See Smartports macros

MACSec 50-2

magic packet 60-25

main-cpu command 7-4

mapping 802.1Q VLANs to ISL VLANs 23-7, 23-10

markdown

see QoS markdown

marking A-16

match access-group command A-7

match cos command A-7

match input vlan command A-7

match ip dscp command A-7

match ip precedence command A-7

match mpls experimental command A-7

match vlan command A-7

maximum aging time

MSTP 28-48

maximum aging time, STP 28-37

maximum hop count, MSTP 28-48

MEC

configuration 4-44

described 4-14

failure 4-15

port load share deferral 4-16

microflow policing rule

see QoS policing

Mini Protocol Analyzer 72-1

Min-Links 19-14

MLD

report 36-4

MLD snooping

query interval

configuring 36-12

MLDv1 36-8

MLDv2 36-1

enabling 36-10

leave processing

enabling 36-12

queries 36-5

snooping

fast leave 36-7

joining multicast group 36-4

leaving multicast group 36-6

understanding 36-2

snooping querier

enabling 36-9

understanding 36-2

MLDv2 Snooping 36-1

MLS

configuring threshold 37-16

RP

threshold 37-16

mls aging command

configuring IP MLS 63-12

mls flow command

configuring IP MLS 63-11, 63-15, 64-12

mls ip multicast command

enabling IP MMLS37-13to 37-25

mls nde flow command

configuring a host and port filter 64-16

configuring a host flow filter 64-17

configuring a port filter 64-16

configuring a protocol flow filter 64-17

mls nde sender command 64-11

monitoring

Flex Links 18-5

MVR 39-8, 39-9

private VLANs 24-17

MPLS 32-2

aggregate label 32-2

any transport over MPLS 32-17

basic configuration 32-8

core 32-4

DiffServ Tunneling Modes 45-30

egress 32-4

experimental field 45-3

guidelines and restrictions 32-7

hardware-supported features 32-5

ingress 32-3

IP to MPLS path 32-3

labels 32-2

Layer 2 VPN load balancing 32-8

MPLS to IP path 32-4

MPLS to MPLS path 32-4

nonaggregate lable 32-2

QoS default configuration 45-15

supported commands 32-7

traffic engineering A-33

VPN 45-12

VPN guidelines and restrictions 32-14

mpls l2 transport route command 32-19

MPLS QoS

Classification 45-2

Class of Service 45-2

commands 45-16

configuring a class map 45-20

configuring a policy map 45-22

configuring egress EXP mutation 45-28

configuring EXP Value Maps 45-29

Differentiated Services Code Point 45-2

displaying a policy map 45-27

E-LSP 45-2

enabling QoS globally 45-18

EXP bits 45-2

features 45-3

IP Precedence 45-2

QoS Tags 45-2

queueing-only mode 45-19

MPLS QoS configuration

class map to classify MPLS packets 45-20

MPLS VPN

limitations and restrictions 32-14

MQC 43-1

not supported

CAR 43-2

queuing 43-2

supported

policy maps 43-3

MST

interoperation with Rapid PVST+ 29-11

root bridge 29-12

MSTP

boundary ports

configuration guidelines 28-39

described 28-23

CIST, described 28-20

CIST regional root 28-20

CIST root 28-22

configuration guidelines 28-39

configuring

forward-delay time 28-47

hello time 28-46

link type for rapid convergence 28-48

maximum aging time 28-48

maximum hop count 28-48

MST region 28-40

neighbor type 28-49

path cost 28-44

port priority 28-43

root switch 28-41

secondary root switch 28-43

switch priority 28-45

CST

defined 28-20

operations between regions 28-21

default configuration 28-39

displaying status 28-50

enabling the mode 28-40

extended system ID

effects on root switch 28-41

effects on secondary root switch 28-43

unexpected behavior 28-42

IEEE 802.1s

implementation 28-24

port role naming change 28-24

terminology 28-22

interoperability with IEEE 802.1D

described 28-26

restarting migration process 28-50

IST

defined 28-20

master 28-20

operations within a region 28-20

mapping VLANs to MST instance 28-40

MST region

CIST 28-20

configuring 28-40

described 28-19

hop-count mechanism 28-23

IST 28-20

supported spanning-tree instances 28-19

overview 28-18

root switch

configuring 28-41

effects of extended system ID 28-41

unexpected behavior 28-42

status, displaying 28-50

MTU size (default) 23-4

multiauthentication (multiauth). See also port-based authentication. 60-10

multicast

IGMP snooping and 38-9

MLDv2 snooping and 36-10

NetFlow statistics 64-10

non-RPF 37-5

overview 38-2, 40-1, 40-7

PIM snooping 41-4

multicast, displaying routing table 37-22

Multicast enhancement - egress replication performance improvement 37-15

Multicast Enhancement - Replication Mode Detection 37-13

multicast flood blocking 58-1

multicast groups

joining 38-2, 40-2

leaving 36-6, 38-4

multicast groups, IPv6

joining 36-4

Multicast Listener Discovery version 2

See MLDv2

multicast multilayer switching

See IPv4 MMLS

Multicast Replication Mode Detection enhancement 37-13

multicast RPF 37-2

multicast storms

see traffic-storm control

multicast television application 39-2

multicast VLAN 39-1

Multicast VLAN Registration

See MVR

multicast VLAN registration (MVR)

MVR 39-1

multichassis EtherChannel

see MEC 4-14

Multidomain Authentication (MDA). See also port-based authentication. 60-10

Multilayer MAC ACL QoS Filtering 43-69

multilayer switch feature card

see RP

multiple path RPF check 47-2

Multiple Spanning Tree

See MST

MUX-UNI Support 32-26

MUX-UNI support 32-26

MVAP (Multi-VLAN Access Port). See also port-based authentication. 60-18

MVR

and IGMPv3 39-5

configuration guidelines 39-5

configuring interfaces 39-6

default configuration 39-4

described 39-1

example application 39-2

in the switch stack 39-4

monitoring 39-8, 39-9

multicast television application 39-2

setting global parameters 39-5

N

NAC

agentless audit support 60-24

critical authentication 60-17, 60-53

for Layer 3 interfaces 59-2, 59-14

IEEE 802.1x authentication using a RADIUS server 60-58

IEEE 802.1x validation using RADIUS server 60-58

inaccessible authentication bypass 60-53

Layer 2 IEEE 802.1x validation 60-58

Layer 2 IEEE802.1x validation 60-24

non-responsive hosts 59-6

SSO 59-12

native VLAN 17-13

NBAR 43-1

NDAC 50-2

NDE

configuration, displaying 64-17

displaying configuration 64-17

enabling 64-10

filters

destination host, specifying 64-17

destination TCP/UDP port, specifying 64-16

protocol, specifying 64-17

source host and destination TCP/UDP port, specifying 64-16

multicast 64-10

specifying

destination host filters 64-17

destination TCP/UDP port filters 64-16

protocol filters 64-17

NDE configuration, default 64-10

NDE version 8 64-3

NEAT

configuring 60-64

overview 60-27

NetFlow

table, displaying entries 34-6

Netflow Multiple Export Destinations 64-14

NetFlow search engine 37-6

NetFlow version 9 64-3

Network Admission Control

See NAC

Network Admission Control (NAC) 59-1

network admission control for Layer 3 interfaces 59-2, 59-14

Network-Based Application Recognition 43-1

Network Device Admission Control (NDAC) 50-2

Network Edge Access Topology

See NEAT

network ports

Bridge Assurance 29-3

description 29-2

nonaggregate label 32-2, 32-4

non-RPF multicast 37-5

Nonstop Forwarding

See NSF

no power enable module command A-59, A-60, A-61

normal-range VLANs

See VLANs

no upgrade fpd auto command A-53

NSF 6-1

NSF with SSO does not support IPv6 multicast traffic. 6-1

O

OIR 8-16, A-59

online diagnostics

CompactFlash disk verification B-44

configuring 12-2

datapath verification B-14

egress datapath test B-4

error counter test B-4

interrupt counter test B-4

memory tests 12-12

overview 12-1

running tests 12-5

test descriptions B-1

understanding 12-1

online diagnostic tests B-1

online insertion and removal A-59

See OIR

out-f-band MAC address table synchronization

configuring 17-8

in a VSS 4-27

out of profile

see QoS out of profile

P

packet burst 52-7

packet capture 72-1

packet recirculation 43-13

packet rewrite

CEF 34-2

IP MMLS and 37-3

packets

multicast 51-7

PAgP

understanding 19-3

path cost

MSTP 28-44

PBACLs 49-3

PBF 51-14

PBR 1-7, 30-4

peer inconsistent state

in PVST simulation 29-12

per-port VTP enable and disable 22-17

PFC

recirculation 32-4

PFC3 37-6

PIM, IP MMLS and 37-12

PIM snooping

designated router flooding 41-6

enabling globally 41-5

enabling in a VLAN 41-5

overview 41-4

platform cwan acl software-switched command 51-12

platform ipv4 pbr optimize tcam command 30-4

PoE 16-2

Cisco prestandard 16-2

IEEE 802.3af 16-2

IEEE 802.3at 16-2

PoE management 16-3

power policing 16-3

power use measurement 16-3

police command 43-78

policing

See QoS policing

policy 43-67

policy-based ACLs (PBACLs) 49-3

policy-based forwarding (PBF) 51-3

policy-based routing

See PBR

policy enforcement 59-7

policy map 43-75

attaching to an interface 43-82

policy-map command 43-68, 43-75

port ACLs

defined 51-2

port ACLs (PACLs) 51-1

Port Aggregation Protocol

see PAgP

port-based authentication

AAA authorization 60-35

accounting 60-12

configuring 60-48

authentication server

defined 60-3, 61-2

RADIUS server 59-4, 60-3

client, defined 60-3, 61-2

configuration guidelines 60-29, 61-7

configuring

guest VLAN 60-49

inaccessible authentication bypass 60-53

initializing authentication of a client 60-44

manual reauthentication of a client 60-43

RADIUS server 60-38, 61-11

RADIUS server parameters on the switch 60-37, 61-9

restricted VLAN 60-51

switch-to-authentication-server retransmission time 60-46

switch-to-client EAP-request frame retransmission time 60-46

switch-to-client frame-retransmission number 60-47

switch-to-client retransmission time 60-46

user distribution 60-49

VLAN group assignment 60-49

default configuration 60-34, 61-7

described 60-1

device roles 60-2, 61-2

DHCP snooping 60-11

DHCP snooping and insertion 54-4

displaying statistics 60-66, 61-15

EAPOL-start frame 60-6

EAP-request/identity frame 60-6

EAP-response/identity frame 60-6

enabling

802.1X authentication 60-35, 60-37, 61-9

periodic reauthentication 60-42

encapsulation 60-3

guest VLAN

configuration guidelines 60-16, 60-17

described 60-15

host mode 60-9

inaccessible authentication bypass

configuring 60-53

described 60-17

guidelines 60-32

initiation and message exchange 60-6

MAC authentication bypass 60-23

magic packet 60-25

method lists 60-35

modes 60-9

multiauth mode, described 60-10

multidomain authentication mode, described 60-10

multiple-hosts mode, described 60-9

ports

authorization state and dot1x port-control command 60-8

authorized and unauthorized 60-8

critical 60-17

voice VLAN 60-18

port security

and voice VLAN 60-20

described 60-19

interactions 60-19

multiple-hosts mode 60-9

pre-authentication open access 60-11, 60-39

resetting to default values 60-63

supplicant, defined 60-3

switch

as proxy 60-3, 61-2

RADIUS client 60-3

switch supplicant

configuring 60-64

overview 60-27

user distribution

configuring 60-49

described 60-15

guidelines 60-31

VLAN assignment

AAA authorization 60-35

characteristics 60-14

configuration tasks 60-14

described 60-13

VLAN group

guidelines 60-31

voice VLAN

described 60-18

PVID 60-18

VVID 60-18

wake-on-LAN, described 60-25

port-based QoS features

see QoS

port channel

switchport trunk encapsulation dot1q 19-6

port-channel

see EtherChannel

port-channel load-balance

command 19-11, 19-12

command example 19-11, 19-12

port-channel load-defer command 4-45

port-channel port load-defer command 4-45

port cost, STP 28-33

port debounce timer

disabling 8-15

displaying 8-15

enabling 8-15

PortFast

See STP PortFast

PortFast BPDU filtering

See STP PortFast BPDU filtering

port mode 32-19

port negotiation 8-8

port priority

MSTP 28-43

port priority, STP 28-32

ports

setting the debounce timer 8-15

port security

aging 62-11, 62-12

configuring 62-5

default configuration 62-3

described 62-2

displaying 62-12

enable sticky secure MAC address 62-9

sticky MAC address 62-2

violations 62-2

Port Security is supported on trunks 62-4, 62-5, 62-9, 62-10

port security MAC move 62-2

port security on PVLAN ports 62-4

Port Security with Sticky Secure MAC Addresses 62-2

power enable module command A-60, A-61

power management

enabling/disabling redundancy 10-2

overview 10-1

powering modules up or down 10-3

power policing 16-8

system power requirements, nine-slot chassis 10-5

power negotiation

through LLDP 16-8

Power over Ethernet 16-2

power over ethernet 16-2

pre-authentication open access. See port-based authentication.

primary links 18-1

primary VLANs 24-2

priority

overriding CoS 15-6, 16-5

private hosts 25-1

private hosts feature

configuration guidelines 25-6

configuring (detailed steps) 25-9

configuring (summary) 25-8

multicast operation 25-8

overview 25-2

port ACLs (PACLs) 25-5

port types 25-3, 25-4

protocol-independent MAC ACLs 25-2

restricting traffic flow with PACLs 25-3

spoofing protection 25-7

private VLANs 24-1

across multiple switches 24-5

and SVIs 24-6

benefits of 24-2

community VLANs 24-2, 24-3

configuration guidelines 24-7, 24-9, 24-11

configuring 24-11

host ports 24-15

pomiscuous ports 24-16

routing secondary VLAN ingress traffic 24-13

secondary VLANs with primary VLANs 24-12

VLANs as private 24-11

end station access to 24-4

IP addressing 24-4

isolated VLANs 24-2, 24-3

monitoring 24-17

ports

community 24-3

configuration guidelines 24-9

isolated 24-3

promiscuous 24-3

primary VLANs 24-2

secondary VLANs 24-2

subdomains 24-2

traffic in 24-6

privileged EXEC mode 2-5

promiscuous ports 24-3

protocol tunneling

See Layer 2 protocol tunneling 27-1

pruning, VTP

See VTP, pruning

PVLANs

See private VLANs

PVRST

See Rapid-PVST 28-18

PVST

description 28-2

PVST+

description 28-12

PVST simulation

description 29-11

peer inconsistent state 29-12

root bridge 29-12

Q

QoS

auto-QoS

enabling for VoIP 44-4

ingress trust A-4

IPv6 43-55

marking A-16

policing A-9

See also automatic QoS 44-1

shaping A-19

QoS classification (definition) 43-123

QoS congestion avoidance

definition 43-124

QoS CoS

and ToS final L3 Switching Engine values 43-12

and ToS final values from L3 Switching Engine 43-12

definition 43-123

port value, configuring 43-94

QoS default configuration 43-114, 46-2

QoS DSCP

definition 43-124

internal values 43-10

maps, configuring 43-89

QoS dual transmit queue

thresholds

configuring 43-95, 43-99

QoS Ethernet egress port

scheduling 43-114

scheduling, congestion avoidance, and marking 43-12

QoS Ethernet ingress port

classification, marking, scheduling, and congestion avoidance 43-6

QoS final L3 Switching Engine CoS and ToS values 43-12

QoS internal DSCP values 43-10

QoS L3 Switching Engine

classification, marking, and policing 43-9

feature summary 43-16

QoS labels (definition) 43-124

QoS mapping

CoS values to DSCP values 43-86, 43-89

DSCP markdown values 43-28, 43-90, 45-16

DSCP mutation 43-85, 45-29

DSCP values to CoS values 43-92

IP precedence values to DSCP values 43-90

QoS markdown 43-20

QoS marking

definition 43-124

trusted ports 43-15

untrusted ports 43-15

QoS multilayer switch feature card 43-17

QoS out of profile 43-20

QoS policing

definition 43-124

microflow, enabling for nonrouted traffic 43-62

QoS policing rule

aggregate 43-17

creating 43-67

microflow 43-17

QoS port

trust state 43-92, 43-94

QoS port-based or VLAN-based 43-63

QoS queues

transmit, allocating bandwidth between 43-110

QoS receive queue 43-8, 43-105, 43-107

drop thresholds 43-22

QoS RP

marking 43-17

QoS scheduling (definition) 43-124

QoS session-based 43-11

QoS single-receive, dual-transmit queue ports

configuring 43-100

QoS statistics data export 46-1

configuring 46-2

configuring destination host 46-7

configuring time interval 46-6, 46-8

QoS ToS

and CoS final values from L3 Switching Engine 43-12

definition 43-124

QoS traffic flow through QoS features 43-4

QoS transmit queue

size ratio 43-112, 43-113

QoS transmit queues 43-23, 43-103, 43-104, 43-106, 43-107

QoS trust-cos

port keyword 43-14

QoS trust-dscp

port keyword 43-14

QoS trust-ipprec

port keyword 43-14

QoS untrusted port keyword 43-14

QoS VLAN-based or port-based 43-11, 43-63

quad-supervisor

uplink forwarding 4-7

queries, IGMP 38-3

queries, MLDv2 36-5

queue scheduling A-21

R

RADIUS 54-4

RADIUS. See also port-based authentication. 60-3

range

command 8-4, 67-2

macro 8-6

of interfaces 8-4

rapid convergence 28-14

Rapid-PVST

enabling 28-37

overview 28-18

Rapid PVST+

interoperation with MST 29-11

Rapid Spanning Tree

See RSTP

Rapid Spanning Tree Protocol

See RSTP

receive queues

see QoS receive queues

recirculation 32-4, 43-13

redirect URLs

described 60-21

reduced MAC address 28-2

redundancy (NSF) 6-1

configuring

BGP 6-14

CEF 6-13

EIGRP 6-19

IS-IS 6-17

OSPF 6-15

configuring multicast NSF with SSO 6-13

configuring supervisor engine 6-10

routing protocols 6-4

redundancy (RPR) 7-1

configuring 7-4

configuring supervisor engine 7-3

displaying supervisor engine configuration 7-5

redundancy command 7-4

redundancy (SSO)

redundancy command 6-11

related documentation 1-xli

Remote Authentication Dial-In User Service. See RADIUS.

Remote source-route bridging (RSRB) 30-2

Replication Mode Detection 37-13

report, MLD 36-4

reserved-range VLANs

See VLANs

restricted VLAN

configuring 60-51

described 60-16

using with IEEE 802.1x 60-16

rewrite, packet

CEF 34-2

IP MMLS 37-3

RHI 4-53

RIF cache monitoring 8-17

ROM monitor

CLI 2-7

root bridge

MST 29-12

PVST simulation 29-12

root bridge, STP 28-30

root guard

See STP root guard

root switch

MSTP 28-41

route health injection

See RHI

route processor redundancy

See redundancy (RPR)

router guard 40-1

routing table, multicast 37-22

RPF

failure 37-5

multicast 37-2

non-RPF multicast 37-5

unicast 47-2

RPR

See redundancy (RPR)

RPR support IPv6 multicast traffic 7-1

RSTP

active topology 28-13

BPDU

format 28-16

processing 28-17

designated port, defined 28-13

designated switch, defined 28-13

interoperability with IEEE 802.1D

described 28-26

restarting migration process 28-50

topology changes 28-17

overview 28-13

port roles

described 28-13

synchronized 28-15

proposal-agreement handshake process 28-14

rapid convergence

described 28-14

edge ports and Port Fast 28-14

point-to-point links 28-14, 28-48

root ports 28-14

root port, defined 28-13

See also MSTP

S

Sampled NetFlow

description 64-8

scheduling

see QoS

SEA

See System Event Archive

secondary VLANs 24-2

Secure MAC Address Aging Type 62-11

security

configuring 47-1, 48-1, 49-1, 52-1, 53-1

security, port 62-2

Security Exchange Protocol (SXP) 50-2

Security Group Access Control List (SGACL) 50-2

Security Group Tag (SGT) 50-2

serial IDs

description 65-34

serial interfaces

clearing 8-18

synchronous

maintaining 8-18

server IDs

description 65-34

service-policy command 43-68

service-policy input command 43-63, 43-82, 43-86, 43-88, 45-29

service-provider network, MSTP and RSTP 28-19

set cos command A-17

set-dscp-transmit command A-10, A-11

set ip dscp command A-17

set ip precedence command A-17

set mpls experimental imposition command A-17

set-mpls-experimental-imposition-transmit command A-10, A-11

set mpls experimental topmost command A-17

set-mpls-experimental-topmost-transmit command A-10, A-11

set power redundancy enable/disable command 10-2

set-prec-transmit command A-10, A-11

SGACL 50-2

SGT 50-2

shape adaptive command A-19

shaped round robin 43-110

shape peak command A-20

short pipe mode

configuring 45-34

show authentication command 60-67

show catalyst6000 chassis-mac-address command 28-3

show configuration command 8-16

show dot1x interface command 60-43

show eobc command 8-17

show hardware command 8-3

show history command 2-4

show hw-module subslot command A-56

show ibc command 8-17

show interfaces command 8-3, 8-12, 8-13, 8-16, 8-17, 17-7, 17-15

clearing interface counters 8-18

displaying, interface type numbers 8-3

displaying, speed and duplex mode 8-9

show ip flow export command

displaying NDE export flow IP address and UDP port 64-15

show ip interface command

displaying IP MMLS interfaces 37-20

show ip mroute command

displaying IP multicast routing table 37-22

show ip pim interface command

displaying IP MMLS router configuration 37-20

show mab command 60-70

show mls aging command 63-12

show mls entry command 34-6

show mls ip multicast group command

displaying IP MMLS group 37-23, 37-26

show mls ip multicast interface command

displaying IP MMLS interface 37-23, 37-26

show mls ip multicast source command

displaying IP MMLS source 37-23, 37-26

show mls ip multicast statistics command

displaying IP MMLS statistics 37-23, 37-26

show mls ip multicast summary

displaying IP MMLS configuration 37-23, 37-26

show mls nde command 64-17

displaying NDE flow IP address 64-15

show mls rp command

displaying IP MLS configuration 63-11

show module command 7-5, A-60

show platform acl software-switched command 51-12

show policy-map class command A-26

show policy-map command A-26

show policy-map interface command A-27

show protocols command 8-17

show queue command A-27

show rif command 8-17

show running-config command 8-16, 8-17, A-55

displaying ACLs 51-9

show svclc rhi-routes command 4-53

show upgrade package default command A-56

show version command 8-17

show vlan group command 60-49

shutdown command 8-19

shutdown interfaces

result 8-19

slot number, description 8-2

smart call home 65-1

description 65-3

destination profile (note) 65-6

registration requirements 65-3

service contract requirements 65-4

Transport Gateway (TG) aggregation point 65-2

SMARTnet

smart call home registration 65-3

smart port macros 3-1

configuration guidelines 3-3

Smartports macros

applying global parameter values 3-14

applying macros 3-14

creating 3-13

default configuration 3-2

defined 3-2

displaying 3-16

tracing 3-4

SNMP

support and documentation 1-5

snooping

See IGMP snooping

See MLDv2 snooping

software

upgrading router 5-5, 5-14

source IDs

call home event format 65-34

source-only-ip flow mask 63-2

source specific multicast with IGMPv3, IGMP v3lite, and URD 37-11

SPAN

configuration guidelines 68-7

configuring 68-15

sources 68-20, 68-22, 68-24, 68-26, 68-27, 68-28, 68-30, 68-32

VLAN filtering 68-34

CPU source 68-6, 68-20, 68-21, 68-24, 68-30

destination port support on EtherChannels 68-7, 68-22, 68-26, 68-28, 68-29, 68-33

distributed egress 68-5, 68-18

modules that disable 68-14

modules that disable for ERSPAN 68-14

input packets with don't learn option

ERSPAN 68-32, 68-33

local SPAN 68-20, 68-21, 68-22, 68-23

RSPAN 68-26, 68-28, 68-29

understanding 68-7

local SPAN egress session increase 68-10, 68-20

overview 68-1

SPAN Destination Port Permit Lists 68-18

spanning-tree backbonefast

command 29-19, 29-20

command example 29-19, 29-20

spanning-tree cost

command 28-34

command example 28-34

spanning-tree portfast

command 29-12, 29-14

command example 29-13

spanning-tree portfast bpdu-guard

command 29-17

spanning-tree port-priority

command 28-32

spanning-tree protocol for bridging 30-2

spanning-tree uplinkfast

command 29-18

command example 29-18, 29-19

spanning-tree vlan

command 28-28, 28-29, 28-31, 29-18, 29-20

command example 28-28, 28-29, 28-31

spanning-tree vlan cost

command 28-34

spanning-tree vlan forward-time

command 28-36

command example 28-37

spanning-tree vlan hello-time

command 28-36

command example 28-36

spanning-tree vlan max-age

command 28-37

command example 28-37

spanning-tree vlan port-priority

command 28-32

command example 28-33

spanning-tree vlan priority

command 28-35

command example 28-35

speed

configuring interface 8-7

speed command 1-3, 8-8

speed mode

autonegotiation status 8-9

SRR 43-110

SSO for network admission control 59-12

standby links 18-1

static sharing

configuring 60-36

description 60-22

statistics

802.1X 60-66, 61-15

sticky ARP 52-18

sticky MAC address 62-2

Sticky secure MAC addresses 62-9, 62-10

storm control

see traffic-storm control

STP

configuring 28-26

bridge priority 28-35

enabling 28-28, 28-29

forward-delay time 28-36

hello time 28-36

maximum aging time 28-37

port cost 28-33

port priority 28-32

root bridge 28-30

secondary root switch 28-31

defaults 28-27

edge ports 29-2

EtherChannel 19-5

network ports 29-2

normal ports 29-2

PortFast 29-2

understanding 28-2

802.1Q Trunks 28-12

Blocking State 28-7

BPDUs 28-4

disabled state 28-11

forwarding state 28-10

learning state 28-9

listening state 28-8

overview 28-2

port states 28-6

protocol timers 28-5

root bridge election 28-4

topology 28-5

STP BackboneFast

configuring 29-19

figure

adding a switch 29-10

spanning-tree backbonefast

command 29-19, 29-20

command example 29-19, 29-20

understanding 29-7

STP BPDU Guard

configuring 29-16

spanning-tree portfast bpdu-guard

command 29-17

understanding 29-5

STP bridge ID 28-2

STP EtherChannel guard 29-9

STP extensions

description29-2to 29-12

STP loop guard

configuring 29-21

overview 29-10

STP PortFast

BPDU filter

configuring 29-15

BPDU filtering 29-5

configuring 29-12

spanning-tree portfast

command 29-12, 29-14

command example 29-13

understanding 29-2

STP port types

description 29-2

edge 29-2

network 29-2

normal 29-2

STP root guard 29-10, 29-20

STP UplinkFast

configuring 29-18

spanning-tree uplinkfast

command 29-18

command example 29-18, 29-19

understanding 29-6

subdomains, private VLAN 24-2

supervisor engine

environmental monitoring 10-10

redundancy 6-1, 7-1

synchronizing configurations 6-20, 7-5

Supervisor Engine 32 1-4, 1-5

supervisor engine redundancy

configuring 6-10, 7-3

supervisor engines

displaying redundancy configuration 7-5

supplicant 60-3

svclc command 4-52

Switched Port Analyzer

See SPAN

switch fabric functionality 14-1

configuring 14-3

monitoring 14-4

switchport

configuring 17-16

example 17-15

show interfaces 8-12, 8-13, 17-7, 17-15

switchport access vlan 17-8, 17-9, 17-12, 17-16

example 17-17

switchport mode access 17-4, 17-8, 17-9, 17-16

example 17-17

switchport mode dynamic 17-11

switchport mode dynamic auto 17-4

switchport mode dynamic desirable 17-4

default 17-5

example 17-15

switchport mode trunk 17-4, 17-11

switchport nonegotiate 17-4

switchport trunk allowed vlan 17-13

switchport trunk encapsulation 17-9, 17-10

switchport trunk encapsulation dot1q 17-4

example 17-15

switchport trunk encapsulation isl 17-4

switchport trunk encapsulation negotiate 17-4

default 17-5

switchport trunk native vlan 17-13

switchport trunk pruning vlan 17-14

switch priority

MSTP 28-45

switch TopN reports

foreground execution 70-2

running 70-2

viewing 70-2

SXP 50-2

system event archive (SEA) 66-1

System Event Archive, configuring 66-1

System Hardware Capacity 10-5

T

TACACS+ 47-1, 48-1, 49-1, 52-1, 53-1

TCP Intercept 47-2

TDR

checking cable connectivity 8-19

enabling and disabling test 8-19

guidelines 8-19

Telnet

accessing CLI 2-2

TFTP server, downloading FPD images toA-54to A-55

Time Domain Reflectometer

See TDR

TLV

host presence detection 15-3, 60-10, 62-3

traceroute, Layer 2

and ARP 71-2

and CDP 71-2

described 71-1

IP addresses and subnets 71-2

MAC addresses and VLANs 71-2

multicast traffic 71-2

multiple devices on a port 71-2

unicast traffic 71-1

usage guidelines 71-2

traffic flood blocking 58-1

traffic-storm control

command

action shutdown 57-4, 57-6

broadcast 57-4, 57-6

multicast 57-4, 57-6

unicast 57-4, 57-6

described 57-1

monitoring 57-7

thresholds 57-1

traffic suppression

see traffic-storm control

transmit queues

see QoS transmit queues

troubleshooting A-57, A-58

trunks 17-3

802.1Q Restrictions 17-5

allowed VLANs 17-13

configuring 17-10

default interface configuration 17-7

default VLAN 17-12

different VTP domains 17-3

encapsulation 17-4

native VLAN 17-13

to non-DTP device 17-5

VLAN 1 minimization 17-14

trust-dscp

see QoS trust-dscp

trusted boundary 15-6

trusted boundary (extended trust for CDP devices) 15-3

trust-ipprec

see QoS trust-ipprec

trustpoint 65-4

tunneling 45-4, 45-30

tunneling, 802.1Q

See 802.1Q 26-1

type length value

See TLV

U

UDE 31-1

configuration 31-4

overview 31-2

UDE and UDLR 31-1

UDLD

default configuration 9-4

enabling

globally 9-5

on ports 9-5, 9-6

overview 9-1

UDLR 31-1

back channel 31-2

configuration 31-6

tunnel

(example) 31-7

ARP and NHRP 31-3

UDLR (unidirectional link routing)

See UDLR

UMFB 58-1

unauthorized ports with 802.1X 60-8

Unicast and Multicast Flood Blocking 58-1

unicast flood blocking 58-1

unicast RPF 47-2

unicast storms

see traffic-storm control

Unidirectional Ethernet

see UDE

unidirectional ethernet

example of setting 31-5

UniDirectional Link Detection Protocol

see UDLD

uniform mode

configuring 45-39

unknown multicast flood blocking

See UMFB

unknown unicast flood blocking

See UUFB

unknown unicast flood rate-limiting

See UUFRL

untrusted

see QoS trust-cos

see QoS untrusted

upgrade fpd auto command A-53, A-55, A-56

upgrade fpd path command A-54, A-56

upgrade guidelines 32-19

upgrade hw-module subslot command A-54

UplinkFast

See STP UplinkFast

uplink forwarding

quad-supervisor 4-7

URD 37-11

User-Based Rate Limiting 43-19, 43-79

user EXEC mode 2-5

UUFB 58-1

UUFRL 58-1

V

VACLs 51-2

configuring 51-11

examples 51-16

Layer 3 VLAN interfaces 51-15

Layer 4 port operations 49-10

logging

configuration example 51-20

configuring 51-20

restrictions 51-20

MAC address based 51-11

multicast packets 51-7

SVIs 51-15

WAN interfaces 51-2

virtual LAN

See VLANs

vlan

command 23-5, 23-7, 64-12, 64-13, 68-24

command example 23-6

VLAN Access Control Lists

See VACLs

VLAN-based QoS filtering 43-70

VLAN-bridge spanning-tree protocol 30-2

vlan database

command 23-5, 23-7, 64-12, 64-13, 68-24

example 23-6

vlan group command 60-49

VLAN locking 23-4

vlan mapping dot1q

command 23-9, 23-10, 23-11

command example 23-11

VLAN maps

applying 51-9

VLAN mode 32-19

VLAN port provisioning verification 23-4

VLANs

allowed on trunk 17-13

configuration guidelines 23-3

configuring 23-1

configuring (tasks) 23-3

defaults 23-4

extended range 23-2

interface assignment 23-6

multicast 39-1

name (default) 23-4

normal range 23-2

private

See private VLANs

reserved range 23-2

support for 4,096 VLANs 23-2

token ring 23-4

trunks

understanding 17-3

understanding 23-1

VLAN 1 minimization 17-14

VTP domain 23-4

VLAN translation

command example 23-10

VLAN Trunking Protocol

See VTP

voice VLAN

Cisco 7960 phone, port connections 15-2

configuration guidelines 15-4

configuring IP phone for data traffic

override CoS of incoming frame 15-6, 16-5

configuring ports for voice traffic in

802.1Q frames 15-5

connecting to an IP phone 15-5

default configuration 15-4

overview 15-1

voice VLAN. See also port-based authentication. 60-18

VPN

configuration example 32-15

guidelines and restrictions 32-14

VPN supported commands 32-14

VPN switching 32-13

VSS

dual-active detection

Enhanced PAgP, advantages 4-23

Enhanced PAgP, description 4-23

enhanced PAgP, description 4-45

fast-hello, advantages 4-23

fast hello, description 4-24

IP BFD, advantages 4-23

IP BFD, description 4-24

IP BFG, configuration 4-47

VSLP fast-hello, configuration 4-48

VTP

advertisements 22-3, 22-4

client, configuring 22-15

configuration guidelines 22-9

default configuration 22-8

disabling 22-15

domains 22-2

VLANs 23-4

modes

client 22-3

server 22-3

transparent 22-3

monitoring 22-18

overview 22-1

per-port enable and disable 22-17

pruning

configuration 17-14

configuring 22-13

overview 22-6

server, configuring 22-15

statistics 22-18

transparent mode, configuring 22-15

version 2

enabling 22-13

overview 22-4

version 3

enabling 22-14

overview 22-5

server type, configuring 22-12

W

wake-on-LAN. See also port-based authentication. 60-25

web-based authentication

AAA fail policy 61-4

description 61-1

web browser interface 1-6

weighted round robin 43-110

WRR 43-110

X

xconnect command 32-19

XFPs, troubleshooting A-58