Catalyst 6500 Release 12.2SY Software Configuration Guide
Index
Downloads: This chapterpdf (PDF - 0.98MB) The complete bookPDF (PDF - 18.17MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W -

Index

Numerics

4K VLANs (support for 4,096 VLANs) 23-2

802.1AE Tagging 67-2

802.1Q

Layer 2 protocol tunneling

See Layer 2 protocol tunneling

mapping to ISL VLANs 23-7

trunks 18-4

restrictions 18-2

tunneling

configuration guidelines 26-1

configuring tunnel ports 26-6

overview 26-4

802.1Q Ethertype

specifying custom 18-15

802.1X 80-1

802.1x accounting 80-41

802.3ad

See LACP

802.3af 17-2

802.3x Flow Control 10-9

A

AAA

fail policy 80-8, 81-5

AAA (authentication, authorization, and accounting). See also port-based authentication. 80-6, 81-2

aaa accounting dot1x command 80-41

aaa accounting system command 80-41

abbreviating commands 2-5

access, restricting MIB 83-10

access control entries and lists 66-1

access-enable host timeout (not supported) 66-4

access port, configuring 18-14

access rights 83-9

access setup, example 83-11

accounting

with 802.1x 80-41

with IEEE 802.1x 80-16

ACEs and ACLs 66-1

ACLs

downloadable 81-2

downloadable (dACLs) 80-23

Filter-ID 80-24

per-user 80-24

port

defined 70-2

redirect URL 80-25

static sharing 80-25

acronyms, list of A-1

activating lawful intercept 83-8

admin function (mediation device) 83-7, 83-8

administration, definition 83-6

advertisements, VTP 22-4

aggregate label 34-2, 34-5

aggregate policing 60-4

aging time

accelerated

for MSTP 28-45

maximum

for MSTP 28-45, 28-46

alarms

major 13-4

minor 13-4

Allow DHCP Option 82 on Untrusted Port

configuring 75-10

understanding 75-5

any transport over MPLS (AToM) 36-3

Ethernet over MPLS 36-3

ARP ACL 66-12

ARP spoofing 77-3

AToM 36-3

audience 1-xliii

authentication control-direction command 80-50

authentication event command 80-43

authentication failed VLAN

See restricted VLAN

authentication open comand 80-15

authentication password, VTP 22-5

authentication periodic command 80-36, 80-47

authentication port-control command 80-43

authentication timer reauthenticate command 80-36

authorized ports with 802.1X 80-12

automatic QoS

configuration guidelines and restrictions 63-2

macros 63-4

overview 63-2

AutoQoS 63-1

auto-sync command 8-4

B

BackboneFast

See STP BackboneFast

backup interfaces

See Flex Links

binding database, DHCP snooping

See DHCP snooping binding database

binding table, DHCP snooping

See DHCP snooping binding database

blocking state, STP 28-8

blue beacon 1-6

BPDU

RSTP format 28-16

BPDU guard

See STP BPDU guard

BPDUs

Bridge Assurance 29-5

Shared Spanning Tree Protocol (SSTP) 29-20

Bridge Assurance

description29-4to 29-6

inconsistent state 29-5

supported protocols and link types 29-5

bridge domain

configuring 38-8

bridge groups 32-1

bridge ID

See STP bridge ID

bridge priority, STP 28-34

bridge protocol data units

see BPDUs

bridging 32-1

broadcast storms

see traffic-storm control

C

CALEA, See Communications Assistance for Law Enforcement Act (CALEA)

Call Home

description 50-3

message format options 50-3

messages

format options 50-3

call home 50-1

alert groups 50-28

contact information 50-19

destination profiles 50-20

displaying information 50-39

pattern matching 50-31

periodic notification 50-30

rate limit messages 50-31

severity threshold 50-30

smart call home feature 50-4

SMTP server 50-2

testing communications 50-32

call home alert groups

configuring 50-28

description 50-28

subscribing 50-29

call home customer information

entering information 50-19

call home destination profiles

attributes 50-21

description 50-20

displaying 50-42

call home notifications

full-txt format for syslog 50-15

XML format for syslog 50-15

CDP

host presence detection 80-14, 82-4

to configure Cisco phones 16-3

CEF

configuring

RP 30-5

supervisor engine 30-4

examples 30-3

Layer 3 switching 30-2

packet rewrite 30-2

certificate authority (CA) 50-2

channel-group group

command 20-9, 20-13, 20-14, 20-15

command example 20-9, 20-14

Cisco Discovery Protocol

See CDP

Cisco Emergency Responder 16-4

Cisco Express Forwarding 34-3

CISCO-IP-TAP-MIB

citapStreamVRF 83-2

overview 83-8

restricting access to 83-10, 83-11

CISCO-TAP2-MIB

accessing 83-9

overview 83-8

restricting access to 83-10, 83-11

CIST regional root

See MSTP

CIST root

See MSTP

class command 60-9

class map configuration 60-8, 61-11

clear authentication sessions command 80-38

clear counters command 10-12

clear dot1x command 80-37

clear interface command 10-13

CLI

accessing 2-1

backing out one level 2-5

console configuration mode 2-5

getting list of commands 2-6

global configuration mode 2-5

history substitution 2-4

interface configuration mode 2-5

privileged EXEC mode 2-5

ROM monitor 2-7

software basics 2-4

collection function 83-6

command line processing 2-3

commands, getting list of 2-6

Communications Assistance for Law Enforcement Act

CALEA for Voice 83-5

lawful intercept 83-4

community ports 24-7

community VLANs 24-6, 24-7

configuration example

EoMPLS port mode 36-4, 36-7

EoMPLS VLAN mode 36-4

VPLS, 802.1Q access port for untagged traffic from CE 37-8

VPLS, 802.1Q Trunk for tagged traffic from the CE device 37-7

VPLS, associating the attachment circuit with the VSI at the PE 37-13

VPLS, L2 VLAN instance on the PE 37-10

VPLS, MPLS in the PE 37-11

VPLS, using QinQ to place all VLANs into a single VPLS 37-9

VPLS, VFI in the PE 37-12

configuration guidelines

EVCs 38-2

configuring 60-8, 61-11

lawful intercept 83-10, 83-11, 83-12

SNMP 83-10

console configuration mode 2-5

content IAP 83-6

control plane policing

See CoPP

CoPP 74-1

applying QoS service policy to control plane 74-5

configuring

ACLs to match traffic 74-5

enabling MLS QoS 74-5

packet classification criteria 74-5

service-policy map 74-5

control plane configuration mode

entering 74-5

displaying

dynamic information 74-9

number of conforming bytes and packets 74-9

rate information 74-9

entering control plane configuration mode 74-5

monitoring statistics 74-9

overview 74-3

packet classification guidelines 74-2

traffic classification

defining 74-6

guidelines 74-7

overview 74-6

sample ACLs 74-7

sample classes 74-6

CoS

override priority 16-6, 17-4

counters

clearing interface 10-12, 10-13

critical authentication 80-8

critical authentication, IEEE 802.1x 80-44

CSCsr62404 10-9

cTap2MediationDebug notification 83-12

cTap2MediationNewIndex object 83-8

cTap2MediationTable 83-8

cTap2MediationTimedOut notification 83-12

cTap2MIBActive notification 83-12

cTap2StreamDebug notification 83-12

cTap2StreamTable 83-8

customer contact information

entering for call home 50-19

D

dACL

See ACLs, downloadable 80-23

dCEF 30-4

debug commands

IP MMLS 40-31

DEC spanning-tree protocol 32-1

default configuration

802.1X 80-28, 81-7

dynamic ARP inspection 77-6

EVCs 38-9

Flex Links 19-4

IP MMLS 40-15

MSTP 28-26

MVR 44-5

UDLD 11-3

voice VLAN 16-4

VTP 22-9

default VLAN 18-10

denial of service protection 73-1

device IDs

call home format 50-11, 50-12

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP option 82

circuit ID suboption 75-7

overview 75-5

packet format, suboption

circuit ID 75-7

remote ID 75-7

remote ID suboption 75-7

DHCP option 82 allow on untrusted port 75-10

DHCP snooping

802.1X data insertion 80-15

binding database

See DHCP snooping binding database

configuration guidelines 75-8

configuring 75-9

default configuration 75-8

displaying binding tables 75-18

enabling 75-9, 75-10, 75-11, 75-12, 75-13, 75-14

enabling the database agent 75-14

message exchange process 75-6

monitoring 76-5, 76-6

option 82 data insertion 75-5

overview 75-3

Snooping database agent 75-7

DHCP snooping binding database

described 75-5

entries 75-5

DHCP snooping binding table

See DHCP snooping binding database

DHCP Snooping Database Agent

adding to the database (example) 75-18

enabling (example) 75-15

overview 75-7

reading from a TFTP file (example) 75-17

DHCP snooping increased bindings limit 75-14

DiffServ

configuring short pipe mode 64-30

configuring uniform mode 64-34

short pipe mode 64-27

uniform mode 64-28

DiffServ tunneling modes 64-4

Disabling PIM Snooping Designated Router Flooding 47-6

distributed Cisco Express Forwarding

See dCEF

distributed egress SPAN 53-10, 53-15

DNS, See Domain Name System

DNS, see Domain Name System

documentation, related 1-xliii

Domain Name System 83-2

DoS protection 73-1

monitoring packet drop statistics

using monitor session commands 73-8

using VACL capture 73-10

QoS ACLs 73-2

security ACLs 73-2

uRPF check 73-5

dot1x initialize interface command 80-37

dot1x max-reauth-req command 80-41

dot1x max-req command 80-40

dot1x pae authenticator command 80-31

dot1x re-authenticate interface command 80-36

dot1x timeout quiet-period command 80-38

DSCP-based queue mapping 62-14

duplex command 10-5, 10-6

duplex mode

autonegotiation status 10-6

configuring interface 10-4

dynamic ARP inspection

ARP cache poisoning 77-3

ARP requests, described 77-3

ARP spoofing attack 77-3

configuration guidelines 77-2

configuring

log buffer 77-13, 77-15

logging system messages 77-14

rate limit for incoming ARP packets 77-5, 77-10

default configuration 77-6

denial-of-service attacks, preventing 77-10

described 77-3

DHCP snooping binding database 77-4

displaying

ARP ACLs 77-15

configuration and operating state 77-15

trust state and rate limit 77-15

error-disabled state for exceeding rate limit 77-5

function of 77-4

interface trust states 77-4

log buffer

configuring 77-13, 77-15

logging of dropped packets, described 77-6

logging system messages

configuring 77-14

man-in-the middle attack, described 77-4

network security issues and interface trust states 77-4

priority of ARP ACLs and DHCP snooping entries 77-6

rate limiting of ARP packets

configuring 77-10

described 77-5

error-disabled state 77-5

validation checks, performing 77-11

Dynamic Host Configuration Protocol snooping 75-1

E

EAC 67-2

EAPOL. See also port-based authentication. 80-6

egress SPAN 53-10

electronic traffic, monitoring 83-7

e-mail addresses

assigning for call home 50-19

e-mail notifications

Call Home 50-3

enable mode 2-5

enable sticky secure MAC address 82-8

enabling

IP MMLS

on router interfaces 40-16

lawful intercept 83-8

SNMP notifications 83-12

Endpoint Admission Control (EAC) 67-2

environmental monitoring

LED indications 13-4

SNMP traps 13-4

supervisor engine and switching modules 13-4

Syslog messages 13-4

using CLI commands 13-1

EOBC

for MAC address table synchronization 18-3

EoMPLS 36-3

configuring 36-4

configuring VLAN mode 36-3

guidelines and restrictions 36-2

port mode 36-3

VLAN mode 36-3

ERSPAN 53-1

EtherChannel

channel-group group

command 20-9, 20-13, 20-14, 20-15

command example 20-9, 20-14

configuration guidelines 4-26, 20-2

configuring

Layer 2 20-9

configuring (tasks) 4-25, 20-7

interface port-channel

command example 20-8

interface port-channel (command) 20-8

lacp system-priority

command example 20-11

Layer 2

configuring 20-9

load balancing

configuring 20-11

understanding 20-7

Min-Links 20-13, 20-14

modes 20-4

PAgP

understanding 20-5

port-channel interfaces 20-7

port-channel load-balance

command 20-11

command example 20-12

STP 20-7

understanding 4-4, 20-3

EtherChannel Guard

See STP EtherChannel Guard

Ethernet

setting port duplex 10-10

Ethernet flow point

See EFP

Ethernet over MPLS (EoMPLS) configuration

EoMPLS port mode 36-6

EoMPLS VLAN mode 36-4

Ethernet Virtual Connection

See EVC

EVC

broadcast domain 38-4

configuration guidelines 38-2

default configuration 38-9

supported features 38-2

EXP mutation 64-4

extended range VLANs 23-2

See VLANs

extended system ID

MSTP 28-39

Extensible Authentication Protocol over LAN. See EAPOL.

F

fall-back bridging 32-1

fast link notification

on VSL failure 4-13

fiber-optic, detecting unidirectional links 11-1

FIB TCAM 34-3

figure

lawful intercept overview 83-5

Flex Links 19-1

configuration guidelines 19-2

configuring 19-4

default configuration 19-4

description 19-2

monitoring 19-5

flow control 10-9

forward-delay time

MSTP 28-45

forward-delay time, STP 28-35

frame distribution

See EtherChannel load balancing

G

get requests 83-7, 83-8, 83-11

global configuration mode 2-5

guest VLAN and 802.1x 80-19

H

hardware Layer 3 switching

guidelines 30-2

hello time

MSTP 28-44

hello time, STP 28-35

High Capacity Power Supply Support 12-4

history

CLI 2-4

host mode

see port-based authentication

host ports

kinds of 24-7

host presence CDP message 16-4, 80-14

host presence TLV message 82-4

http

//www-tac.cisco.com/Teams/ks/c3/xmlkwery.php?srId=612293409 20-3

I

IAP

content IAP 83-6

definition 83-6

content IAP 83-6

identification IAP 83-6

types of

ICMP unreachable messages 66-2

ID IAP 83-6

IDs

serial IDs 50-12

IEEE 802.1Q Ethertype

specifying custom 18-15

IEEE 802.1Q Tagging on a Per-Port Basis 26-7

IEEE 802.1w

See RSTP

IEEE 802.1x

accounting 80-16, 80-41

authentication failed VLAN 80-19

critical ports 80-20

DHCP snooping 80-15

guest VLAN 80-19

MAC authentication bypass 80-26

network admission control Layer 2 validation 80-27

port security interoperability 80-22

RADIUS-supplied session timeout 80-35

voice VLAN 80-22

wake-on-LAN support 80-28

IEEE 802.3ad

See LACP

IEEE 802.3af 17-2

IEEE 802.3x Flow Control 10-9

IEEE bridging protocol 32-1

IGMP 43-1

configuration guidelines 42-9

enabling 43-9

join messages 43-3

leave processing

enabling 43-13

queries 43-4

query interval

configuring 43-12

snooping

fast leave 43-6

joining multicast group 43-3, 45-4

leaving multicast group 43-5, 45-4

understanding 43-3, 45-3

snooping querier

enabling 43-9

understanding 43-3, 45-3

IGMPv3 40-26

IGMP v3lite 40-26

ignore port trust 60-10

inaccessible authentication bypass 80-20

ingress SPAN 53-10

intercept access point

See IAP

intercept-related information (IRI) 83-6, 83-7

intercepts, multiple 83-6

interface

configuration mode 2-5

Layer 2 modes 18-4

number 10-2

interface port-channel

command example 20-8

interface port-channel (command) 20-8

interfaces

configuring, duplex mode 10-3

configuring, speed 10-3

configururing, overview 10-2

counters, clearing 10-12, 10-13

displaying information about 10-12

maintaining 10-12

monitoring 10-12

range of 10-2

restarting 10-13

shutting down

task 10-13

interfaces command 10-2

interfaces range command 52-3

interfaces range macro command 10-2

internal VLANs 23-3

Internet Group Management Protocol 43-1, 45-1

IP accounting, IP MMLS and 40-2

IP CEF

topology (figure) 30-4

ip flow-export source command 55-3, 55-4, 55-5

ip http server 1-7

ip local policy route-map command 31-5

IP MMLS

cache, overview 40-4

configuration guideline 40-1

debug commands 40-31

default configuration 40-15

enabling

on router interfaces 40-16

Layer 3 MLS cache 40-4

overview 40-2

packet rewrite 40-5

router

enabling globally 40-16

enabling on interfaces 40-16

PIM, enabling 40-16

IP multicast

IGMP snooping and 43-8

MLDv2 snooping and 42-9

overview 43-2, 45-2, 46-2

IP multicast MLS

See IP MMLS

ip multicast-routing command

enabling IP multicast 40-16

IP phone

configuring 16-5

ip pim command

enabling IP PIM 40-16

ip policy route-map command 31-5

IP Source Guard 76-1

configuring 76-3

configuring on private VLANs 76-5

displaying 76-5, 76-6

overview 76-2

IP unnumbered 32-1

IPv4 Multicast over Point-to-Point GRE Tunnels 1-8

IPv4 Multicast VPN 48-1

IPv6 Multicast Layer 3 Switching 41-1

IPv6 QoS 59-3

ISL trunks 18-4

isolated port 24-7

isolated VLANs 24-6, 24-7

J

join messages, IGMP 43-3

jumbo frames 10-6

K

keyboard shortcuts 2-3

L

label edge router 34-2

label switched path 36-1

label switch router 34-2, 34-4

LACP

system ID 20-6

Law Enforcement Agency (LEA) 83-4

lawful intercept

admin function 83-7, 83-8

collection function 83-6

configuring 83-10, 83-11, 83-12

enabling 83-8

IRI 83-6

mediation device 83-5

overview 83-4, 83-5

prerequisites 83-1

processing 83-7

security considerations 83-9

SNMP notifications 83-12

lawful intercept processing 83-7

Layer 2

configuring interfaces 18-5

access port 18-14

trunk 18-8

defaults 18-5

interface modes 18-4

show interfaces 10-8, 10-9, 18-6, 18-13

switching

understanding 18-2

trunks

understanding 18-4

VLAN

interface assignment 23-6

Layer 2 Interfaces

configuring 18-1

Layer 2 protocol tunneling

configuring Layer 2 tunnels 27-3

overview 27-2

Layer 2 Traceroute 56-1

Layer 2 traceroute

and ARP 56-2

and CDP 56-1

described 56-2

IP addresses and subnets 56-2

MAC addresses and VLANs 56-2

multicast traffic 56-2

multiple devices on a port 56-2

unicast traffic 56-2

usage guidelines 56-1

Layer 3

IP MMLS and MLS cache 40-4

Layer 3 switched packet rewrite

CEF 30-2

Layer 3 switching

CEF 30-2

Layer 4 port operations (ACLs) 66-2

leave processing, IGMP

enabling 43-13

leave processing, MLDv2

enabling 42-12

LERs 64-2, 64-6, 64-7

Link Failure

detecting unidirectional 28-25

link negotiation 10-5

link redundancy

See Flex Links

load deferral

MEC traffic recovery 4-6

Local Egress Replication 40-19

logical operation unit

See LOU

loop guard

See STP loop guard

LOU

description 66-3

determining maximum number of 66-3

LSRs 64-2, 64-6

M

mab command 80-43, 80-47

MAC address-based blocking 69-1

MAC address table notification 18-7

MAC authentication bypass. See also port-based authentication. 80-26

MAC move (port security) 82-3

macros 3-1

See Smartports macros

MACSec 67-2

magic packet 80-28

main-cpu command 8-4

mapping 802.1Q VLANs to ISL VLANs 23-7

markdown

see QoS markdown

match ip address command 31-4

match length command 31-4

maximum aging time

MSTP 28-45

maximum aging time, STP 28-36

maximum hop count, MSTP 28-46

MEC

configuration 4-41

described 4-13

failure 4-14

port load share deferral 4-15

mediation device

admin function 83-7, 83-8

definition 83-5

description 83-5

MIBs

CISCO-IP-TAP-MIB 83-2, 83-8, 83-10

CISCO-TAP2-MIB 83-8, 83-9, 83-10

SNMP-COMMUNITY-MIB 83-9

SNMP-USM-MIB 83-4, 83-9

SNMP-VACM-MIB 83-4, 83-9

microflow policing 60-4

Mini Protocol Analyzer 57-1

Min-Links 20-13

MLD

report 42-5

MLD snooping

query interval

configuring 42-10

MLDv1 42-2

MLDv2 42-1

enabling 42-11

leave processing

enabling 42-12

queries 42-6

snooping

fast leave 42-8

joining multicast group 42-5

leaving multicast group 42-7

understanding 42-3

snooping querier

enabling 42-10

understanding 42-3

MLDv2 Snooping 42-1

monitoring

Flex Links 19-5

MVR 44-8

private VLANs 24-16

monitoring electronic traffic 83-7

MPLS 34-1, 34-2

aggregate label 34-2

any transport over MPLS 36-3

basic configuration 34-9

core 34-4

DiffServ Tunneling Modes 64-26

egress 34-4

experimental field 64-3

hardware features 34-5

ingress 34-4

IP to MPLS path 34-4

labels 34-2

MPLS to IP path 34-4

MPLS to MPLS path 34-4

nonaggregate lable 34-2

QoS default configuration 64-13

restrictions 34-1

VPN 64-11

VPN guidelines and restrictions 35-2

MPLS QoS

Classification 64-2

Class of Service 64-2

commands 64-15

configuring a class map 64-17

configuring a policy map 64-20

configuring egress EXP mutation 64-24

configuring EXP Value Maps 64-25

Differentiated Services Code Point 64-2

displaying a policy map 64-24

E-LSP 64-2

EXP bits 64-2

features 64-2

IP Precedence 64-2

QoS Tags 64-2

queueing-only mode 64-17

MPLS QoS configuration

class map to classify MPLS packets 64-17

MPLS supported commands 34-2

MPLS VPN

limitations and restrictions 35-2

MQC 58-1

MST

interoperation with Rapid PVST+ 29-20

root bridge 29-20

MSTP

boundary ports

configuration guidelines 28-2

described 28-22

CIST, described 28-19

CIST regional root 28-20

CIST root 28-21

configuration guidelines 28-2

configuring

forward-delay time 28-45

hello time 28-44

link type for rapid convergence 28-46

maximum aging time 28-45

maximum hop count 28-46

MST region 28-38

neighbor type 28-46

path cost 28-42

port priority 28-41

root switch 28-39

secondary root switch 28-40

switch priority 28-43

CST

defined 28-19

operations between regions 28-20

default configuration 28-26

displaying status 28-47

enabling the mode 28-38

extended system ID

effects on root switch 28-39

effects on secondary root switch 28-40

unexpected behavior 28-39

IEEE 802.1s

implementation 28-23

port role naming change 28-23

terminology 28-21

interoperability with IEEE 802.1D

described 28-24

restarting migration process 28-47

IST

defined 28-19

master 28-20

operations within a region 28-20

mapping VLANs to MST instance 28-38

MST region

CIST 28-19

configuring 28-38

described 28-19

hop-count mechanism 28-22

IST 28-19

supported spanning-tree instances 28-19

overview 28-18

root switch

configuring 28-39

effects of extended system ID 28-39

unexpected behavior 28-39

status, displaying 28-47

MTU size (default) 23-3

multiauthentication (multiauth). See also port-based authentication. 80-14

multicast

IGMP snooping and 43-8

MLDv2 snooping and 42-9

non-RPF 40-7

overview 43-2, 45-2, 46-2

PIM snooping 47-4

multicast flood blocking 79-1

multicast groups

joining 43-3, 45-4

leaving 42-7, 43-5

multicast groups, IPv6

joining 42-5

Multicast Listener Discovery version 2 42-1

Multicast Replication Mode Detection enhancement 40-18

multicast storms

see traffic-storm control

multicast television application 44-3

multicast VLAN 44-2

Multicast VLAN Registration 44-1

multichassis EtherChannel

see MEC 4-13

Multidomain Authentication (MDA). See also port-based authentication. 80-14

Multilayer MAC ACL QoS Filtering 66-9

multiple path RPF check 73-5

Multiple Spanning Tree

See MST

MUX-UNI Support 34-7

MUX-UNI support 34-7

MVAP (Multi-VLAN Access Port). See also port-based authentication. 80-22

MVR

and IGMPv3 44-2

configuring interfaces 44-6

default configuration 44-5

example application 44-3

in the switch stack 44-5

monitoring 44-8

multicast television application 44-3

restrictions 44-1

setting global parameters 44-6

N

NAC

agentless audit support 80-27

critical authentication 80-20, 80-44

IEEE 802.1x authentication using a RADIUS server 80-47

IEEE 802.1x validation using RADIUS server 80-47

inaccessible authentication bypass 80-44

Layer 2 IEEE 802.1x validation 80-47

Layer 2 IEEE802.1x validation 80-27

native VLAN 18-11

NDAC 67-2

NetFlow

table, displaying entries 30-5

Network Device Admission Control (NDAC) 67-2

network ports

Bridge Assurance 29-5

description 29-2

nonaggregate label 34-2, 34-5

non-RPF multicast 40-7

normal-range VLANs

See VLANs

notifications, See SNMP notifications

NSF with SSO does not support IPv6 multicast traffic. 6-1, 7-1

O

OIR 10-11

online diagnostics

CompactFlash disk verification A-40

configuring 14-2

datapath verification A-11

diagnostic sanity check 14-24

egress datapath test A-5

error counter test A-5

interrupt counter test A-5

memory tests 14-24

overview 14-2

running tests 14-6

test descriptions A-1

understanding 14-2

online diagnostic tests A-1

online insertion and removal

See OIR

out-f-band MAC address table synchronization

configuring 18-6

in a VSS 4-2

out of profile

see QoS out of profile

P

packet capture 57-2

packet rewrite

CEF 30-2

IP MMLS and 40-5

packets

multicast 70-6

PAgP

understanding 20-5

path cost

MSTP 28-42

PBACLs 66-5

PBF 71-4

PBR 1-8

PBR (policy-based routing)

configuration (example) 31-7

enabling 31-4

peer inconsistent state

in PVST simulation 29-20

per-port VTP enable and disable 22-16

PFC

recirculation 34-5

PIM, IP MMLS and 40-16

PIM snooping

designated router flooding 47-6

enabling globally 47-5

enabling in a VLAN 47-5

overview 47-4

platform aging command

configuring IP MLS 49-3, 49-4

platform ip multicast command

enabling IP MMLS40-17to 40-27

PoE 17-2

Cisco prestandard 17-2

IEEE 802.3af 17-2

PoE management 17-3

power policing 17-3

power use measurement 17-3

police command 60-12, 60-14

policy-based ACLs (PBACLs) 66-5

policy-based forwarding (PBF) 72-2

policy-based routing

See PBR

policy-based routing (PBR)

configuring 31-1

policy map 60-8, 61-11

attaching to an interface 60-16, 61-15, 73-4

policy-map command 60-9

port ACLs

defined 70-2

port ACLs (PACLs) 70-1

Port Aggregation Protocol

see PAgP

port-based authentication

AAA authorization 80-30

accounting 80-16

configuring 80-41

authentication server

defined 80-7, 81-3

RADIUS server 80-7

client, defined 80-7, 81-3

configuration guidelines 80-2, 81-1

configuring

guest VLAN 80-42

inaccessible authentication bypass 80-44

initializing authentication of a client 80-37

manual reauthentication of a client 80-36

RADIUS server 80-33, 81-10

RADIUS server parameters on the switch 80-32, 81-9

restricted VLAN 80-43

switch-to-authentication-server retransmission time 80-39

switch-to-client EAP-request frame retransmission time 80-39

switch-to-client frame-retransmission number 80-40

switch-to-client retransmission time 80-39

user distribution 80-42

VLAN group assignment 80-42

default configuration 80-28, 81-7

described 80-6

device roles 80-6, 81-3

DHCP snooping 80-15

DHCP snooping and insertion 75-6

displaying statistics 80-51, 81-15

EAPOL-start frame 80-10

EAP-request/identity frame 80-10

EAP-response/identity frame 80-10

enabling

802.1X authentication 80-30, 80-32, 81-9

periodic reauthentication 80-35

encapsulation 80-7

guest VLAN

configuration guidelines 80-19, 80-20

described 80-19

host mode 80-13

inaccessible authentication bypass

configuring 80-44

described 80-20

guidelines 80-4

initiation and message exchange 80-10

MAC authentication bypass 80-26

magic packet 80-28

method lists 80-30

modes 80-13

multiauth mode, described 80-14

multidomain authentication mode, described 80-14

multiple-hosts mode, described 80-13

ports

authorization state and dot1x port-control command 80-12

authorized and unauthorized 80-12

critical 80-20

voice VLAN 80-22

port security

and voice VLAN 80-23

described 80-22

interactions 80-22

multiple-hosts mode 80-13

pre-authentication open access 80-15, 80-33

resetting to default values 80-51

supplicant, defined 80-7

switch

as proxy 80-7, 81-3

RADIUS client 80-7

user distribution

configuring 80-42

described 80-18

guidelines 80-4

VLAN assignment

AAA authorization 80-30

characteristics 80-17

configuration tasks 80-18

described 80-17

VLAN group

guidelines 80-4

voice VLAN

described 80-22

PVID 80-22

VVID 80-22

wake-on-LAN, described 80-28

port-based QoS features

see QoS

port-channel

see EtherChannel

port-channel load-balance

command 20-11

command example 20-11, 20-12

port-channel load-defer command 4-41

port-channel port load-defer command 4-41

port cost, STP 28-32

port debounce timer

disabling 10-10

displaying 10-10

enabling 10-10

PortFast

edge ports 29-2

network ports 29-2

See STP PortFast

PortFast Edge BPDU filtering

See STP PortFast Edge BPDU filtering

PortFast port types

description29-2, 29-2to ??

edge 29-2

network 29-2

port mode 36-3

port negotiation 10-5

port priority

MSTP 28-41

port priority, STP 28-31

ports

setting the debounce timer 10-10

port security

aging 82-9, 82-10

configuring 82-4

described 82-3

displaying 82-10

enable sticky secure MAC address 82-8

sticky MAC address 82-3

violations 82-3

Port Security is supported on trunks 82-2, 82-5, 82-7, 82-9

port security MAC move 82-3

port security on PVLAN ports 82-2

Port Security with Sticky Secure MAC Addresses 82-3

power management

enabling/disabling redundancy 12-2

overview 12-1

powering modules up or down 12-3

power policing 17-6

Power over Ethernet 17-2

power over ethernet 17-2

pre-authentication open access. See port-based authentication.

prerequisites for lawful intercept 83-1

primary links 19-2

primary VLANs 24-6

priority

overriding CoS 16-6, 17-4

private hosts 25-1

private hosts feature

configuration guidelines 25-1

configuring (detailed steps) 25-9

configuring (summary) 25-8

multicast operation 25-4

overview 25-4

port ACLs (PACLs) 25-7

port types 25-5, 25-6

protocol-independent MAC ACLs 25-4

restricting traffic flow with PACLs 25-5

spoofing protection 25-3

private VLANs 24-1

across multiple switches 24-9

and SVIs 24-10

benefits of 24-5

community VLANs 24-6, 24-7

configuration guidelines 24-2, 24-4, 24-10

configuring 24-10

host ports 24-14

pomiscuous ports 24-15

routing secondary VLAN ingress traffic 24-13

secondary VLANs with primary VLANs 24-12

VLANs as private 24-11

end station access to 24-8

IP addressing 24-8

isolated VLANs 24-6, 24-7

monitoring 24-16

ports

community 24-7

configuration guidelines 24-4

isolated 24-7

promiscuous 24-7

primary VLANs 24-6

secondary VLANs 24-6

subdomains 24-5

traffic in 24-10

privileged EXEC mode 2-5

promiscuous ports 24-7

protocol tunneling

See Layer 2 protocol tunneling 27-2

PVRST

See Rapid-PVST 28-3

PVST

description 28-3

PVST simulation

description 29-20

peer inconsistent state 29-20

root bridge 29-20

Q

QoS

auto-QoS

enabling for VoIP 63-4

IPv6 59-3

See also automatic QoS 63-1

QoS CoS

port value, configuring 62-2

QoS default configuration 65-2

QoS DSCP

maps, configuring 62-7

QoS mapping

CoS values to DSCP values 62-4, 62-7

DSCP markdown values 62-8, 64-14

DSCP mutation 62-3, 64-25

DSCP values to CoS values 62-9

IP precedence values to DSCP values 62-7

QoS markdown 60-4

QoS out of profile 60-4

QoS policing rule

aggregate 60-4

microflow 60-4

QoS port

trust state 62-10

QoS port-based or VLAN-based 62-12

QoS receive queue 62-18

QoS statistics data export 65-2

configuring 65-2

configuring destination host 65-7

configuring time interval 65-6, 65-8

QoS transmit queues 61-6, 62-15, 62-16

QoS VLAN-based or port-based 62-12

queries, IGMP 43-4

queries, MLDv2 42-6

R

RADIUS 75-6

RADIUS. See also port-based authentication. 80-7

range

command 52-3

macro 10-2

rapid convergence 28-14

Rapid-PVST

enabling 28-36

Rapid PVST+

interoperation with MST 29-20

Rapid-PVST+

overview 28-3

Rapid Spanning Tree

See RSTP

Rapid Spanning Tree Protocol

See RSTP

receive queues

see QoS receive queues

recirculation 34-5

redirect URLs

described 80-25

reduced MAC address 28-3

redundancy (RPR+) 8-1

configuring 8-4

configuring supervisor engine 8-2

displaying supervisor engine configuration 8-5

redundancy command 8-4

related documentation 1-xliii

Remote Authentication Dial-In User Service. See RADIUS.

report, MLD 42-5

reserved-range VLANs

See VLANs

restricted VLAN

configuring 80-43

described 80-19

using with IEEE 802.1x 80-19

restricting MIB access 83-10, 83-11

rewrite, packet

CEF 30-2

IP MMLS 40-5

RHI 4-48

RIF cache monitoring 10-12

ROM monitor

CLI 2-7

root bridge

MST 29-20

PVST simulation 29-20

root bridge, STP 28-29

root guard

See STP root guard

root switch

MSTP 28-39

route health injection

See RHI

route-map (IP) command 31-4

route maps

defining 31-4

router guard 46-1

RPF

failure 40-7

non-RPF multicast 40-7

RPR and RPR+ support IPv6 multicast traffic 8-1

RSTP

active topology 28-13

BPDU

format 28-16

processing 28-17

designated port, defined 28-13

designated switch, defined 28-13

interoperability with IEEE 802.1D

described 28-24

restarting migration process 28-47

topology changes 28-17

overview 28-13

port roles

described 28-13

synchronized 28-15

proposal-agreement handshake process 28-14

rapid convergence

described 28-14

edge ports and Port Fast 28-14

point-to-point links 28-14, 28-46

root ports 28-14

root port, defined 28-13

See also MSTP

S

secondary VLANs 24-6

Secure MAC Address Aging Type 82-9

security

configuring 68-1

security, port 82-3

security considerations 83-9

Security Exchange Protocol (SXP) 67-2

Security Group Access Control List (SGACL) 67-2

Security Group Tag (SGT) 67-2

serial IDs

description 50-12

serial interfaces

clearing 10-13

synchronous

maintaining 10-13

server IDs

description 50-12

service instance

configuration mode 38-5

creating 38-4

defined 38-4

service-policy input command 60-16, 61-15, 62-4, 62-6, 64-25, 73-4

service-provider network, MSTP and RSTP 28-18

set default interface command 31-4

set interface command 31-4

set ip default next-hop command 31-4

set ip df command

PBR 31-4

set ip next-hop command 31-4

set ip precedence command

PBR 31-4

set ip vrf command

PBR 31-4

set power redundancy enable/disable command 12-2

set requests 83-7, 83-8, 83-11

setting up lawful intercept 83-7

SGACL 67-2

SGT 67-2

short pipe mode

configuring 64-30

show authentication command 80-52

show catalyst6000 chassis-mac-address command 28-4

show dot1x interface command 80-36

show eobc command 10-12

show history command 2-4

show ibc command 10-12

show interfaces command 10-8, 10-9, 10-12, 18-6, 18-13

clearing interface counters 10-12

displaying, speed and duplex mode 10-6

show ip local policy command 31-5

show mab command 80-55

show module command 8-5

show platform aging command 49-4

show platform entry command 30-5

show platform ip multicast group command

displaying IP MMLS group 40-27

show platform ip multicast interface command

displaying IP MMLS interface 40-27

show platform ip multicast source command

displaying IP MMLS source 40-27

show platform ip multicast statistics command

displaying IP MMLS statistics 40-27

show platform ip multicast summary

displaying IP MMLS configuration 40-27

show protocols command 10-12

show rif command 10-12

show running-config command 10-12

displaying ACLs 70-7, 70-8

show svclc rhi-routes command 4-48

show version command 10-12

shutdown command 10-13

shutdown interfaces

result 10-13

slot number, description 10-2

smart call home 50-1

description 50-4

destination profile (note) 50-21

registration requirements 50-4

service contract requirements 50-2

Transport Gateway (TG) aggregation point 50-3

SMARTnet

smart call home registration 50-4

smart port macros 3-1

configuration guidelines 3-2

Smartports macros

applying global parameter values 3-14

applying macros 3-14

creating 3-13

default configuration 3-4

defined 3-4

displaying 3-15

tracing 3-2

SNMP

configuring 83-10

default view 83-9

get and set requests 83-7, 83-8, 83-11

notifications 83-9, 83-12

support and documentation 1-7

SNMP-COMMUNITY-MIB 83-9

SNMP-USM-MIB 83-4, 83-9

SNMP-VACM-MIB 83-4, 83-9

snooping

See IGMP snooping

source IDs

call home event format 50-11

source specific multicast with IGMPv3, IGMP v3lite, and URD 40-26

SPAN

configuration guidelines 53-2

configuring 53-12

sources 53-16, 53-19, 53-21, 53-22, 53-24, 53-25, 53-26, 53-28

VLAN filtering 53-30

destination port support on EtherChannels 53-12, 53-19, 53-22, 53-24, 53-25, 53-29

distributed egress 53-10, 53-15

modules that disable for ERSPAN 53-7

input packets with don't learn option

ERSPAN 53-28, 53-29

local SPAN 53-17, 53-18, 53-19

RSPAN 53-22, 53-23, 53-25

understanding 53-12

local SPAN egress session increase 53-3, 53-16

overview 53-7

SPAN Destination Port Permit Lists 53-15

spanning-tree backbonefast

command 29-15, 29-16

command example 29-15, 29-16

spanning-tree cost

command 28-33

command example 28-33

spanning-tree portfast

command 29-2, 29-3, 29-4

command example 29-3, 29-4

spanning-tree portfast bpdu-guard

command 29-8

spanning-tree port-priority

command 28-31

spanning-tree protocol for bridging 32-1

spanning-tree uplinkfast

command 29-13

command example 29-13

spanning-tree vlan

command 28-27, 28-29, 28-30, 28-31, 29-8, 29-17

command example 28-28, 28-29, 28-30, 28-31

spanning-tree vlan cost

command 28-33

spanning-tree vlan forward-time

command 28-35

command example 28-35

spanning-tree vlan hello-time

command 28-35

command example 28-35

spanning-tree vlan max-age

command 28-36

command example 28-36

spanning-tree vlan port-priority

command 28-31

command example 28-32

spanning-tree vlan priority

command 28-34

command example 28-34

speed

configuring interface 10-4

speed command 10-4

speed mode

autonegotiation status 10-6

standards, lawful intercept 83-4

standby links 19-2

static sharing

description 80-25

statistics

802.1X 80-51, 81-15

sticky ARP 73-7

sticky MAC address 82-3

Sticky secure MAC addresses 82-8, 82-9

storm control

see traffic-storm control

STP

configuring 28-26

bridge priority 28-34

enabling 28-27, 28-28

forward-delay time 28-35

hello time 28-35

maximum aging time 28-36

port cost 28-32

port priority 28-31

root bridge 28-29

secondary root switch 28-30

defaults 28-25

EtherChannel 20-7

normal ports 29-3

understanding 28-2

802.1Q Trunks 28-12

Blocking State 28-8

BPDUs 28-4

disabled state 28-12

forwarding state 28-11

learning state 28-10

listening state 28-9

overview 28-3

port states 28-6

protocol timers 28-5

root bridge election 28-5

topology 28-5

STP BackboneFast

configuring 29-15

figure

adding a switch 29-18

spanning-tree backbonefast

command 29-15, 29-16

command example 29-15, 29-16

understanding 29-13

STP BPDU Guard

configuring 29-7

spanning-tree portfast bpdu-guard

command 29-8

understanding 29-7

STP bridge ID 28-3

STP EtherChannel guard 29-16

STP extensions

description??to 29-20

STP loop guard

configuring 29-19

overview 29-17

STP PortFast

BPDU filter

configuring 29-10

BPDU filtering 29-9

configuring 29-2

spanning-tree portfast

command 29-2, 29-3, 29-4

command example 29-3, 29-4

understanding 29-2

STP port types

normal 29-3

STP root guard 29-17

STP UplinkFast

configuring 29-12

spanning-tree uplinkfast

command 29-13

command example 29-13

understanding 29-11

subdomains, private VLAN 24-5

supervisor engine

environmental monitoring 13-1

redundancy 8-1

synchronizing configurations 8-5

supervisor engine redundancy

configuring 8-2

supervisor engines

displaying redundancy configuration 8-5

supplicant 80-7

surveillance 83-7

svclc command 4-47

Switched Port Analyzer 53-1

switch fabric functionality 9-1

configuring 9-3

monitoring 9-4

switchport

configuring 18-14

example 18-13

show interfaces 10-8, 10-9, 18-6, 18-13

switchport access vlan 18-6, 18-7, 18-10, 18-14

example 18-15

switchport mode access 18-4, 18-6, 18-7, 18-14

example 18-15

switchport mode dynamic 18-9

switchport mode dynamic auto 18-4

switchport mode dynamic desirable 18-4

default 18-5

example 18-13

switchport mode trunk 18-4, 18-9

switchport nonegotiate 18-4

switchport trunk allowed vlan 18-11

switchport trunk encapsulation 18-7, 18-9

switchport trunk encapsulation dot1q

example 18-13

switchport trunk encapsulation negotiate

default 18-5

switchport trunk native vlan 18-11

switchport trunk pruning vlan 18-12

switch priority

MSTP 28-43

switch TopN reports

foreground execution 55-2

running 55-3

viewing 55-3

SXP 67-2

system event archive (SEA) 51-1

System Hardware Capacity 1-3

T

TDR

checking cable connectivity 10-14

enabling and disabling test 10-14

guidelines 10-14

Telnet

accessing CLI 2-2

Time Domain Reflectometer 10-14

TLV

host presence detection 16-4, 80-14, 82-4

traceroute, Layer 2

and ARP 56-2

and CDP 56-1

described 56-2

IP addresses and subnets 56-2

MAC addresses and VLANs 56-2

multicast traffic 56-2

multiple devices on a port 56-2

unicast traffic 56-2

usage guidelines 56-1

traffic-storm control

command

broadcast 78-4

described 78-2

monitoring 78-5

thresholds 78-2

traffic suppression

see traffic-storm control

transmit queues

see QoS transmit queues

traps, see SNMP notifications

trunks 18-4

802.1Q Restrictions 18-2

allowed VLANs 18-11

configuring 18-8

default interface configuration 18-6

default VLAN 18-10

different VTP domains 18-4

native VLAN 18-11

to non-DTP device 18-4

VLAN 1 minimization 18-12

trusted boundary 16-6

trusted boundary (extended trust for CDP devices) 16-4

trustpoint 50-2

tunneling 64-4, 64-26

tunneling, 802.1Q

See 802.1Q 26-4

type length value

See TLV

U

UDE

configuration 33-5

overview 33-4

UDE and UDLR 33-1

UDLD

default configuration 11-3

enabling

globally 11-3

on ports 11-4

overview 11-2

UDLR 33-1

back channel 33-3

configuration 33-6

tunnel

(example) 33-7

ARP and NHRP 33-4

UDLR (unidirectional link routing) 33-1

UDP port for SNMP notifications 83-12

UMFB 79-2

unauthorized ports with 802.1X 80-12

unicast storms

see traffic-storm control

Unidirectional Ethernet 33-1

unidirectional ethernet

example of setting 33-5

UniDirectional Link Detection Protocol

see UDLD

uniform mode

configuring 64-34

unknown multicast flood blocking

See UMFB

unknown unicast and multicast flood blocking 79-1

unknown unicast flood blocking

See UUFB

unknown unicast flood rate-limiting

See UUFRL

UplinkFast

See STP UplinkFast

URD 40-26

User-Based Rate Limiting 60-6, 60-14

user EXEC mode 2-5

UUFB 79-2

UUFRL 79-2

V

VACLs 71-2

configuring

examples 71-5

Layer 3 VLAN interfaces 71-5

Layer 4 port operations 66-2

logging

configuration example 71-7

configuring 71-7

restrictions 71-7

MAC address based 71-2

multicast packets 70-6

SVIs 71-5

WAN interfaces 71-2

virtual private LAN services (VPLS) 37-1

associating attachment circuit with the VSI at the PE 37-13

basic configuration 37-2

configuration example 37-18

configuring MPLS in the PE 37-11

configuring PE layer 2 interface to the CE 37-7

configuring the VFI in the PE 37-12

overview 37-2

restrictions 37-2

services 37-5

supported features 37-4

vlan

command 23-5, 23-6, 53-20

command example 23-6

VLAN Access Control Lists

See VACLs

VLAN-based QoS filtering 66-10

VLAN-bridge spanning-tree protocol 32-1

vlan database

command 23-5, 23-6, 53-20

vlan group command 80-42

VLAN locking 23-4

vlan mapping dot1q

command 23-8, 23-9

VLAN maps

applying 70-8

VLAN mode 36-3

VLAN port provisioning verification 23-4

VLANs

allowed on trunk 18-11

configuration guidelines 23-2

configuring 23-1

configuring (tasks) 23-4

defaults 23-3

extended range 23-3

interface assignment 23-6

multicast 44-2

name (default) 23-3

normal range 23-3

reserved range 23-3

support for 4,096 VLANs 23-2

token ring 23-3

trunks

understanding 18-4

understanding 23-2

VLAN 1 minimization 18-12

VTP domain 23-4

VLAN translation

command example 23-8, 23-9

voice VLAN

Cisco 7960 phone, port connections 16-2

configuration guidelines 16-1

configuring IP phone for data traffic

override CoS of incoming frame 16-6, 17-4

configuring ports for voice traffic in

802.1Q frames 16-5

connecting to an IP phone 16-5

default configuration 16-4

overview 16-2

voice VLAN. See also port-based authentication. 80-22

VPN

configuration example 35-4

guidelines and restrictions 35-2

VPN supported commands 35-2

VPN switching 35-1

VSS

dual-active detection

Enhanced PAgP, advantages 4-22

Enhanced PAgP, description 4-22

enhanced PAgP, description 4-42

fast-hello, advantages 4-22

fast-hello, description 4-22

VSLP fast-hello, configuration 4-43

VTP

advertisements 22-4, 22-5

client, configuring 22-15

configuration guidelines 22-1

default configuration 22-9

disabling 22-15

domains 22-3

VLANs 23-4

modes

client 22-4

server 22-4

transparent 22-4

monitoring 22-17

overview 22-2

per-port enable and disable 22-16

pruning

configuration 18-12

configuring 22-12

overview 22-7

server, configuring 22-15

statistics 22-17

transparent mode, configuring 22-15

version 2

enabling 22-13

overview 22-5

version 3

enabling 22-13

overview 22-6

server type, configuring 22-11

W

wake-on-LAN. See also port-based authentication. 80-28

web-based authentication

AAA fail policy 81-5

description 81-2

web browser interface 1-7

wiretaps 83-4