Catalyst Supervisor Engine 32 PISA IOS Software Configuration Guide, 12.2ZY
Index
Downloads: This chapterpdf (PDF - 863.0KB) The complete bookPDF (PDF - 12.8MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -

Index

Numerics

4K VLANs (support for 4,096 VLANs) 12-2

802.10 SAID (default) 12-6

802.1Q

encapsulation 8-3

Layer 2 protocol tunneling

See Layer 2 protocol tunneling

mapping to ISL VLANs 12-12, 12-15

trunks 8-2

restrictions 8-5

tunneling

configuration guidelines 15-3

configuring tunnel ports 15-6

overview 15-1

802.1Q Ethertype

specifying custom 8-15

802.1X

See port-based authentication

802.3ad

See LACP

802.3af. See PoE.

802.3x Flow Control 7-13

A

AAA 30-1, 31-1, 33-1

abbreviating commands 2-5

access control entries and lists 30-1, 31-1, 33-1

access-enable host timeout (not supported) 31-2

access port, configuring 8-14

ACEs and ACLs 30-1, 31-1, 33-1

acronyms, list of A-1, B-1

addresses

IP, see IP addresses

MAC, see MAC addresses

advertisements, VTP 11-3

aggregate label 21-2, 21-4

aggregate policing

see QoS policing

aging time

accelerated

for MSTP 17-46

maximum

for MSTP 17-47

aging-time

IP MLS 47-7

alarms

major 50-12

minor 50-12

Allow DHCP Option 82 on Untrusted Port

configuring 34-8

understanding 34-2

any transport over MPLS (AToM) 21-13

compatibility with previous releases of AToM 21-15

Ethernet over MPLS 21-16

ARP ACL 38-57

ARP spoofing 35-1

AToM 21-13

audience 1-xxix

authentication

See also port-based authentication

Authentication, Authorization, and Accounting

See AAA

Authentication, Authorization, and Accounting (AAA) 33-1

authorized ports with 802.1X 42-4

auto-sync command 6-4

auxiliary VLAN

See voice VLAN

B

BackboneFast

See STP BackboneFast

backup interfaces

See Flex Links

binding database, DHCP snooping

See DHCP snooping binding database

binding table, DHCP snooping

See DHCP snooping binding database

blocking floods 37-1

blocking state, STP 17-7

boot bootldr command 3-25

boot command 3-21

boot config command 3-25

boot system command 3-20, 3-25

boot system flash command 3-22

BPDU

RSTP format 17-15

BPDU guard

See STP BPDU guard

bridge groups 19-2

bridge ID

See STP bridge ID

bridge priority, STP 17-33

bridge protocol data units

see BPDUs

bridging 19-2

broadcast storms

see traffic-storm control

C

cautions for passwords

encrypting 3-17

TACACS+ 3-16

CDP

configuration task lists 44-1

enabling on an interface 44-2

monitoring and maintaining 44-3

overview 44-1

cdp enable command 44-2

CEF 23-1

configuring

MSFC2 23-5

supervisor engine 23-4

examples 23-3

Layer 3 switching 23-2

packet rewrite 23-2

CEF for PFC2

See CEF

CGMP 27-7

channel-group group

command 10-8, 10-11

command example 10-8

checking

configuration, system 3-10

Cisco Discovery Protocol

See CDP

Cisco Express Forwarding 21-3

Cisco Group Management Protocol

See CGMP

Cisco IOS Unicast Reverse Path Forwarding 30-2

CiscoView 1-2

CIST regional root

See MSTP

CIST root

See MSTP

class command 38-62

class-map command 38-53

class map configuration 38-58

clear cdp counters command 44-3

clear cdp table command 44-3

clear counters command 7-17

clear interface command 7-18

clear mls ip multicast statistics command

clears IP MMLS statistics 25-22

CLI

accessing 2-1

backing out one level 2-5

console configuration mode 2-5

getting list of commands 2-5

global configuration mode 2-5

history substitution 2-3

interface configuration mode 2-5

privileged EXEC mode 2-5

ROM monitor 2-7

software basics 2-4

command line processing 2-3

commands, getting list of 2-5

Committed Access Rate (CAR), not supported 38-2

community ports 13-3

community VLANs 13-2, 13-3

Concurrent routing and bridging (CRB) 19-2

CONFIG_FILE environment variable

configuration file, viewing 3-26

description 3-25

config-register command 3-22

config terminal command 3-10

configuration

file, saving 3-11

interfaces3-8to 3-9

register

changing settings3-22to 3-23

configuration3-20to 3-23

settings at startup 3-21

configuration example

EoMPLS port mode 21-17, 21-20

EoMPLS VLAN mode 21-17

configuration register boot field

listing value 3-23

modification tasks 3-22

configure command 3-9

configure terminal command 3-22, 7-2

configuring 38-61

global parameters

procedure 3-3

sample configuration3-3to 3-8

interfaces3-8to 3-9

using configuration mode 3-10

console configuration mode 2-5

control plane policing

See CoPP

CoPP

applying QoS service policy to control plane 33-20

configuring

ACLs to match traffic 33-20

enabling MLS QoS 33-20

packet classification criteria 33-20

service-policy map 33-20

control plane configuration mode

entering 33-20

displaying

dynamic information 33-21

number of conforming bytes and packets 33-21

rate information 33-21

entering control plane configuration mode 33-20

monitoring statistics 33-21

overview 33-18

packet classification guidelines 33-21

traffic classification

defining 33-22

guidelines 33-23

overview 33-22

sample ACLs 33-24

sample classes 33-22

copy running-config startup-config command 3-11

copy system

running-config nvram

startup-config command 3-25

CoS

override priority 14-8, 14-9

counters

clearing interface 7-17, 7-18

CSCtc21076 31-4

D

dCEF 23-4, 23-5

debug commands

IP MMLS 25-22

DEC spanning-tree protocol 19-2

default configuration

802.1X 42-5

dynamic ARP inspection 35-5

Flex Links 9-2

IP MMLS 25-6

MSTP 17-37

supervisor engine 3-1

UDLD 45-3

voice VLAN 14-5

VTP 11-5

default NDE configuration 46-10

default VLAN 8-10

deficit weighted round robin 38-89

denial of service protection

See DoS protection

description command 7-16

destination-ip flow mask 47-3

destination-source-ip flow mask 47-3

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP option 82

circuit ID suboption 34-4

configuration guidelines 34-6

overview 34-2

packet format, suboption

circuit ID 34-4

remote ID 34-4

remote ID suboption 34-4

DHCP option 82 allow on untrusted port 34-8

DHCP snooping

binding database

See DHCP snooping binding database

configuration guidelines 34-5, 34-6

configuring 34-7

default configuration 34-5

displaying binding tables 34-16

enabling 34-7, 34-8, 34-9, 34-11, 34-12

enabling the database agent 34-12

message exchange process 34-3

option 82 data insertion 34-2

overview 34-1

Snooping database agent 34-4

trusted interface 34-2

untrusted interface 34-2

untrusted messages 34-1

DHCP snooping binding database

described 34-2

entries 34-2

DHCP snooping binding table

See DHCP snooping binding database

DHCP Snooping Database Agent

adding to the database (example) 34-16

enabling (example) 34-13

overview 34-4

reading from a TFTP file (example) 34-14

differentiated services codepoint

See QoS DSCP

DiffServ

configuring short pipe mode 39-34

configuring uniform mode 39-39

short pipe mode 39-31

uniform mode 39-32

DiffServ tunneling modes 39-4

Disabling PIM Snooping Designated Router Flooding 28-6

distributed Cisco Express Forwarding

See dCEF

documentation, related 1-xxix

DoS protection

monitoring packet drop statistics

using monitor session commands 33-15

using VACL capture 33-16

Supervisor Engine 2

configuration guidelines and restrictions 33-14

Supervisor Engine 720

default configurations 33-13

egress ACL bridget packet rate limiters 33-7

FIB glean rate limiters 33-8

FIB receive rate limiters 33-8

ICMP redirect rate limiters 33-9

IGMP unreachable rate limiters 33-8

ingress ACL bridget packet rate limiters 33-7

IP errors rate limiters 33-11

IPv4 multicast rate limiters 33-11

IPv6 multicast rate limiters 33-11

Layer 2 PDU rate limiters 33-10

Layer 2 protocol tunneling rate limiters 33-10

MTU failure rate limiters 33-10

multicast directyly connected rate limiters 33-11

multicast FIB miss rate limiters 33-11

multicast IGMP snooping rate limiters 33-10

network under SYN attack 33-4

QoS ACLs 33-3

security ACLs 33-2

TCP intercept 33-4

traffic storm control 33-4

TTL failure rate limiter 33-8

uRPF check 33-3

uRPF failure rate limiters 33-7

VACL log rate limiters 33-9

Supervisor Engine 720Layer 3 security features rate limiters 33-9

understanding how it works 33-2

DSCP

See QoS DSCP

duplex command 7-8, 7-9

duplex mode

configuring interface 7-7

DWRR 38-89

dynamic ARP inspection

ARP cache poisoning 35-2

ARP requests, described 35-1

ARP spoofing attack 35-2

clearing

log buffer 35-16

statistics 35-15

configuration guidelines 35-5

configuring

log buffer 35-13, 35-14

logging system messages 35-13

rate limit for incoming ARP packets 35-4, 35-9

default configuration 35-5

denial-of-service attacks, preventing 35-9

described 35-1

DHCP snooping binding database 35-3

displaying

ARP ACLs 35-15

configuration and operating state 35-15

log buffer 35-16

statistics 35-15

trust state and rate limit 35-15

error-disabled state for exceeding rate limit 35-4

function of 35-2

interface trust states 35-3

log buffer

clearing 35-16

configuring 35-13, 35-14

displaying 35-16

logging of dropped packets, described 35-4

logging system messages

configuring 35-13

man-in-the middle attack, described 35-2

network security issues and interface trust states 35-3

priority of ARP ACLs and DHCP snooping entries 35-4

rate limiting of ARP packets

configuring 35-9

described 35-4

error-disabled state 35-4

statistics

clearing 35-15

displaying 35-15

validation checks, performing 35-11

Dynamic Host Configuration Protocol snooping

See DHCP snooping

E

Egress ACL support for remarked DSCP 38-13

egress ACL support for remarked DSCP 38-49

Embedded CiscoView 1-2

enable command 3-10, 3-22

enable mode 2-5

enable sticky secure MAC address 43-8

enabling

IP MMLS

on router interfaces 25-10

encapsulation 8-3

environmental monitoring

LED indications 50-12

SNMP traps 50-12

supervisor engine and switching modules 50-12

Syslog messages 50-12

using CLI commands 50-10

environment variables

CONFIG_FILE 3-25

controlling 3-25

viewing 3-25

EoMPLS 21-14

configuring 21-16

configuring VLAN mode 21-16

guidelines and restrictions 21-14

port mode 21-16

port mode configuration guidelines 21-19

VLAN mode 21-16

erase startup-config command

configuration files cleared with 3-13

ERSPAN 48-1

EtherChannel

channel-group group

command 10-8, 10-11

command example 10-8

configuration guidelines 10-5

configuring

Layer 2 10-7

configuring (tasks) 10-6

DFC restriction, see CSCdt27074 in the Release Notes

interface port-channel

command example 10-7

interface port-channel (command) 10-7

lacp system-priority

command example 10-10

Layer 2

configuring 10-7

load balancing

configuring 10-10

understanding 10-4

modes 10-2

PAgP

Understanding 10-3

port-channel interfaces 10-4

port-channel load-balance

command 10-10

command example 10-11

STP 10-4

switchport trunk encapsulation dot1q 10-5

understanding 10-1

EtherChannel Guard

See STP EtherChannel Guard

EtherChannel Min-Links 10-11

Ethernet

setting port duplex 7-14

Ethernet over MPLS (EoMPLS) configuration

EoMPLS port mode 21-20

EoMPLS VLAN mode 21-17

examples

configuration

interface3-8to 3-9

software configuration register3-20to 3-23

configuring global parameters 3-3

EXP mutation 39-4

extended range VLANs 12-2

See VLANs

extended system ID

MSTP 17-40

Extensible Authentication Protocol over LAN 42-1

F

fall-back bridging 19-2

fastethernet 7-2

fiber-optic, detecting unidirectional links 45-1

FIB TCAM 21-2

filters, NDE

destination host filter, specifying 46-17

destination TCP/UDP port, specifying 46-16

protocol 46-17

source host and destination TCP/UDP port 46-17

Flash memory

configuration process 3-24

configuring router to boot from 3-24

loading system image from 3-24

security precautions 3-24

write protection 3-24

Flex Links 9-1

configuration guidelines 9-2

configuring 9-3

default configuration 9-2

description 9-1

monitoring 9-3

flood blocking 37-1

flow control 7-13

flow masks

IP MLS

destination-ip 47-3

destination-source-ip 47-3

interface-destination-source-ip 47-3

ip-full 47-3

ip-interface-full 47-3

minimum 47-7

overview 46-2, 47-3

flows

IP MMLS

completely and partially switched 25-3

forward-delay time

MSTP 17-46

forward-delay time, STP 17-35

frame distribution

See EtherChannel load balancing

G

global configuration mode 2-5

global parameters, configuring 3-3

H

hardware Layer 3 switching

guidelines 23-4

hello time

MSTP 17-45

hello time, STP 17-34

High Capacity Power Supply Support 50-4

history

CLI 2-3

host ports

kinds of 13-3

http

//www-tac.cisco.com/Teams/ks/c3/xmlkwery.php?srId=612293409 10-6

I

ICMP unreachable messages 31-1

IEEE 802.10 SAID (default) 12-6

IEEE 802.1Q

See 802.1Q

IEEE 802.1Q Ethertype

specifying custom 8-15

IEEE 802.1w

See RSTP

IEEE 802.3ad

See LACP

IEEE 802.3af. See PoE.

IEEE 802.3x Flow Control 7-13

IEEE bridging protocol 19-2

IGMP

configuration guidelines 26-7, 27-7

enabling 27-10

Internet Group Management Protocol 27-1

join messages 27-2

leave processing

enabling 27-12

queries 27-3

query interval

configuring 27-11

snooping

fast leave 27-5

joining multicast group 27-2

leaving multicast group 27-4

understanding 27-2

snooping querier

enabling 27-8

understanding 27-2

IGMPv3 25-9

IGMP v3lite 25-9

ignore port trust 38-9, 38-16, 38-46, 38-63

IGRP, configuring 3-7

inline power 14-3

Integrated routing and bridging (IRB) 19-2

interface

command 3-10

configuration3-8to 3-9

configuration mode 2-5

Layer 2 modes 8-4

number 7-2

parameters, configuring 3-8

interface-destination-source-ip flow mask 47-3

interface port-channel

command example 10-7

interface port-channel (command) 10-7

interfaces

configuring 7-2

configuring, duplex mode 7-7

configuring, speed 7-7

configururing, overview 7-2

counters, clearing 7-17, 7-18

descriptive name, adding 7-15

displaying information about 7-17

maintaining 7-16

monitoring 7-16

naming 7-15

range of 7-4

restarting 7-18

shutting down

task 7-18

interfaces command 7-2

interfaces range command 4-4, 4-5, 7-4

interfaces range macro command 7-5

Interior Gateway Routing Protocol

See IGRP, configuring

Internet Group Management Protocol

See IGMP

IP

static routes 3-11

IP accounting, IP MMLS and 25-8

IP addresses

assigned by BOOTP protocol 3-13

set to default 3-13

IP CEF

topology (figure) 23-3

ip flow-export destination command 46-14

ip flow-export source command 46-13, 46-15, 47-12, 52-3, 52-4

ip-full flow mask 47-3

ip http server 1-1

ip-interface-full flow mask 47-3

IP MLS

aging-time 47-7

flow masks

destination-ip 47-3

destination-source-ip 47-3

interface-destination-source-ip 47-3

ip-full 47-3

ip-interface-full 47-3

minimum 47-7

overview 46-2, 47-3

IP MMLS

cache, overview 25-2

configuration guideline 25-7

debug commands 25-22

default configuration 25-6

enabling

on router interfaces 25-10

flows

completely and partially switched 25-3

Layer 3 MLS cache 25-2

overview 25-2

packet rewrite 25-3

router

displaying interface information 25-14

enabling globally 25-9

enabling on interfaces 25-10

multicast routing table, displaying 25-16

PIM, enabling 25-9

switch

statistics, clearing 25-22

unsupported features 25-8

IP multicast

IGMP snooping and 27-9

MLDv2 snooping and 26-9

overview 27-1

IP multicast MLS

See IP MMLS

ip multicast-routing command

enabling IP multicast 25-9

IP phone

configuring 14-6

ip pim command

enabling IP PIM 25-9, 25-10

IP unnumbered 19-1

IPv4 Multicast over Point-to-Point GRE Tunnels 1-4

IPv4 Multicast VPN 22-1

IPv6 Multicast PFC3 and DFC3 Layer 3 Switching 24-1

IPv6 QoS 38-41

ISL encapsulation 8-3

ISL trunks 8-2

isolated port 13-3

isolated VLANs 13-2, 13-3

J

join messages, IGMP 27-2

jumbo frames 7-10

K

keyboard shortcuts 2-3

L

label edge router 21-2

label switched path 21-16

label switch router 21-2, 21-3

LACP

system ID 10-4

Layer 2

configuring interfaces 8-6

access port 8-14

trunk 8-8

defaults 8-5

interface modes 8-4

show interfaces 7-12, 7-13, 8-7, 8-12

switching

understanding 8-1

trunks

understanding 8-2

VLAN

interface assignment 12-11

Layer 2 Interfaces

configuring 8-1

Layer 2 protocol tunneling

configuring Layer 2 tunnels 16-2

overview 16-1

Layer 2 remarking 38-15

Layer 2 Traceroute 53-1

Layer 2 traceroute

and ARP 53-2

and CDP 53-1

described 53-1

IP addresses and subnets 53-2

MAC addresses and VLANs 53-2

multicast traffic 53-2

multiple devices on a port 53-2

unicast traffic 53-1

usage guidelines 53-1

Layer 3

IP MMLS and MLS cache 25-2

Layer 3 switched packet rewrite

CEF 23-2

Layer 3 switching

CEF 23-2

Layer 4 port operations (ACLs) 31-6

leave processing, IGMP

enabling 27-12

leave processing, MLDv2

enabling 26-12

LERs 39-2, 39-6, 39-7

Link Failure

detecting unidirectional 17-24

link negotiation 7-8

link redundancy

See Flex Links

Load Balancing 21-7

logical operation unit

See LOU

loop guard

See STP loop guard

LOU

description 31-6

determining maximum number of 31-6

LSRs 39-2, 39-6

M

MAC address

adding to BOOTP configuration file 3-13

MAC address-based blocking 30-1

MAC move (port security) 43-2

main-cpu command 6-4

mapping 802.1Q VLANs to ISL VLANs 12-12, 12-15

markdown

see QoS markdown

maximum aging time

MSTP 17-47

maximum aging time, STP 17-35

maximum hop count, MSTP 17-47

microflow policing rule

see QoS policing

Min-Links 10-11

MLD

report 26-4

MLD snooping

query interval

configuring 26-11

MLDv2 26-1

enabling 26-9

leave processing

enabling 26-12

queries 26-4

snooping

fast leave 26-6

joining multicast group 26-4

leaving multicast group 26-6

understanding 26-1

snooping querier

enabling 26-8

understanding 26-1

MLDv2 Snooping 26-1

MLS

configuring threshold 25-11

MSFC

threshold 25-11

mls aging command

configuring IP MLS 47-8

mls flow command

configuring IP MLS 46-12, 47-7, 47-9

mls ip multicast command

enabling IP MMLS 25-10, 25-11, 25-12, 25-13, 25-18, 25-19

mls nde flow command

configuring a host and port filter 46-17

configuring a host flow filter 46-17

configuring a port filter 46-16

configuring a protocol flow filter 46-17

mls nde sender command 46-11

monitoring

Flex Links 9-3

private VLANs 13-17

MPLS 21-2

aggregate label 21-2

any transport over MPLS 21-13

basic configuration 21-8

core 21-3

DiffServ Tunneling Modes 39-31

egress 21-3

experimental field 39-3

guidelines and restrictions 21-7

ingress 21-3

IP to MPLS path 21-3

labels 21-2

Layer 2 VPN load balancing 21-8

MPLS to IP path 21-3

MPLS to MPLS path 21-3

nonaggregate lable 21-2

QoS default configuration 39-15

VPN 39-12

VPN guidelines and restrictions 21-11

mpls l2 transport route command 21-15

MPLS QoS

Classification 39-2

Class of Service 39-2

commands 39-16

configuring a class map 39-20

configuring a policy map 39-23

configuring egress EXP mutation 39-28

configuring EXP Value Maps 39-30

Differentiated Services Code Point 39-2

displaying a policy map 39-27

E-LSP 39-2

enabling QoS globally 39-18

EXP bits 39-2

features 39-3

IP Precedence 39-2

QoS Tags 39-2

queueing-only mode 39-19

MPLS QoS configuration

class map to classify MPLS packets 39-20

MPLS VPN

limitations and restrictions 21-11

MQC 38-1

not supported

CAR 38-2

queuing 38-2

supported

policy maps 38-3

MSTP

boundary ports

configuration guidelines 17-38

described 17-22

CIST, described 17-19

CIST regional root 17-20

CIST root 17-21

configuration guidelines 17-38

configuring

forward-delay time 17-46

hello time 17-45

link type for rapid convergence 17-47

maximum aging time 17-47

maximum hop count 17-47

MST region 17-38

neighbor type 17-48

path cost 17-43

port priority 17-42

root switch 17-40

secondary root switch 17-41

switch priority 17-44

CST

defined 17-19

operations between regions 17-20

default configuration 17-37

displaying status 17-49

enabling the mode 17-38

extended system ID

effects on root switch 17-40

effects on secondary root switch 17-41

unexpected behavior 17-40

IEEE 802.1s

implementation 17-23

port role naming change 17-23

terminology 17-21

interoperability with IEEE 802.1D

described 17-25

restarting migration process 17-49

IST

defined 17-19

master 17-20

operations within a region 17-20

mapping VLANs to MST instance 17-39

MST region

CIST 17-19

configuring 17-38

described 17-18

hop-count mechanism 17-22

IST 17-19

supported spanning-tree instances 17-19

overview 17-17

root switch

configuring 17-40

effects of extended system ID 17-40

unexpected behavior 17-40

status, displaying 17-49

MTU size (default) 12-6

multicast

IGMP snooping and 27-9

MLDv2 snooping and 26-9

NetFlow statistics 46-10

non-RPF 25-5

overview 27-1

PIM snooping 28-4

RGMP 29-1

multicast, displaying routing table 25-16

multicast flood blocking 37-1

multicast groups

joining 27-2

leaving 26-6, 27-4

multicast groups, IPv6

joining 26-4

Multicast Listener Discovery version 2

See MLDv2

multicast multilayer switching

See IPv4 MMLS

multicast RPF 25-2

multicast storms

see traffic-storm control

Multilayer MAC ACL QoS Filtering 38-54

multilayer switch feature card

see MSFC

multiple path RPF check 30-2

N

NAC

non-responsive hosts 41-5

native VLAN 8-10

NDE

configuration, displaying 46-18

displaying configuration 46-18

enabling 46-10

filters

destination host, specifying 46-17

destination TCP/UDP port, specifying 46-16

protocol, specifying 46-17

source host and destination TCP/UDP port, specifying 46-17

multicast 46-10

specifying

destination host filters 46-17

destination TCP/UDP port filters 46-17

protocol filters 46-17

NDE configuration, default 46-10

NDE version 8 46-3

Netflow Multiple Export Destinations 46-14

NetFlow version 9 46-3

Network Admission Control

See NAC

Network Admission Control (NAC) 41-1

network management

configuring 44-1

nonaggregate label 21-2, 21-4

non-RPF multicast 25-5

Nonstop Forwarding

See NSF

nonvolatile random-access memory

See NVRAM

normal-range VLANs

See VLANs

NSF 5-1

NSF with SSO does not support IPv6 multicast traffic. 5-1

NVRAM

saving settings 3-11

O

OIR 7-16

online diagnostics

configuring 51-2

memory tests 51-10

overview 51-1

running tests 51-6

schedule switchover 51-10

test descriptions A-1

understanding 51-1

online diagnostic tests A-1

online insertion and removal

See OIR

operating system image

See system image

out of profile

see QoS out of profile

P

packet burst 33-7

packet recirculation 38-13

packet rewrite

CEF 23-2

IP MMLS and 25-3

packets

multicast 32-4

PAgP

understanding 10-3

passwords

configuring

enable password 3-15

enable secret 3-15

line password 3-15

static enable password 3-14

TACACS+ 3-16

TACACS+ (caution) 3-16

encrypting 3-16

(caution) 3-17

recovering lost enable passwords 3-18

path cost

MSTP 17-43

PBR 1-4, 19-4

PFC2

NetFlow

table, displaying entries 23-5

PFC3BXL

hardware features 21-4

MPLS guidelines and restrictions 21-7

MPLS label switching 21-1

MPLS supported commands 21-7

recirculation 21-4

supported Cisco IOS features 21-5

VPN supported commands 21-11

VPN switching 21-9

PIM, IP MMLS and 25-9

PIM snooping

designated router flooding 28-6

enabling globally 28-5

enabling in a VLAN 28-5

overview 28-4

PISA EtherChannel 4-3

PoE

Cisco Prestandard Inline Power 14-3, 14-5

IEEE 802.3af 14-3, 14-5

police command 38-64

policing

See QoS policing

policy 38-53

policy-based routing

See PBR

policy enforcement 41-5

policy map 38-61

attaching to an interface 38-67

policy-map command 38-53, 38-61

Port Aggregation Protocol

see PAgP

port-based authentication

authentication server

defined 42-2

RADIUS server 41-3, 42-2

client, defined 42-2

configuration guidelines 42-6

configuring

initializing authentication of a client 42-11

manual reauthentication of a client 42-11

quiet period 42-11

RADIUS server 42-10

RADIUS server parameters on the switch 42-8

switch-to-authentication-server retransmission time 42-13

switch-to-client EAP-request frame retransmission time 42-13

switch-to-client frame-retransmission number 42-14

switch-to-client retransmission time 42-12

default configuration 42-5

described 42-1

device roles 42-2

displaying statistics 42-15

EAPOL-start frame 42-3

EAP-request/identity frame 42-3

EAP-response/identity frame 42-3

enabling

802.1X authentication 42-7, 42-8

periodic reauthentication 42-10

encapsulation 42-2

initiation and message exchange 42-3

method lists 42-7

ports

authorization state and dot1x port-control command 42-4

authorized and unauthorized 42-4

resetting to default values 42-15

switch

as proxy 42-2

RADIUS client 42-2

topologies, supported 42-4

port-based QoS features

see QoS

port channel

switchport trunk encapsulation dot1q 10-5

port-channel

see EtherChannel

port-channel load-balance

command 10-10

command example 10-10, 10-11

port cost, STP 17-32

port debounce timer

disabling 7-14

displaying 7-14

enabling 7-14

PortFast

See STP PortFast

PortFast BPDU filtering

See STP PortFast BPDU filtering

port mode 21-16

port negotiation 7-8

port priority

MSTP 17-42

port priority, STP 17-30

ports

setting the debounce timer 7-14

port security

aging 43-10, 43-11

configuring 43-4

default configuration 43-3

described 43-1

displaying 43-11

enable sticky secure MAC address 43-8

sticky MAC address 43-2

violations 43-2

Port Security is supported on trunks 43-3, 43-4, 43-7, 43-9

port security MAC move 43-2

port security on PVLAN ports 43-3

Port Security with Sticky Secure MAC Addresses 43-2

power management

enabling/disabling redundancy 50-2

inline power 14-4

overview 50-1

powering modules up or down 50-3

system power requirements, nine-slot chassis 50-5

Power over Ethernet. See PoE.

primary links 9-1

primary VLANs 13-2

priority

overriding CoS 14-8, 14-9

private VLANs 13-1

across multiple switches 13-5

and SVIs 13-6

benefits of 13-2

community VLANs 13-2, 13-3

configuration guidelines 13-7, 13-9, 13-11

configuring 13-11

host ports 13-14

pomiscuous ports 13-15

routing secondary VLAN ingress traffic 13-13

secondary VLANs with primary VLANs 13-12

VLANs as private 13-11

end station access to 13-4

IP addressing 13-4

isolated VLANs 13-2, 13-3

monitoring 13-17

ports

community 13-3

configuration guidelines 13-9

isolated 13-3

promiscuous 13-3

primary VLANs 13-2

secondary VLANs 13-2

subdomains 13-2

traffic in 13-6

privileged EXEC mode 2-5

privileges

changing default 3-17

configuring

multiple levels 3-17

privilege level 3-17

exiting 3-18

logging in 3-18

procedures

global parameters, configuring3-3to 3-8

interfaces, configuring3-8to 3-9

using configuration mode 3-10

promiscuous ports 13-3

protocol tunneling

See Layer 2 protocol tunneling 16-1

pruning, VTP

See VTP, pruning

PVLANs

See private VLANs

PVRST

See Rapid-PVST 17-17

Q

QoS

IPv6 38-41

QoS classification (definition) 38-102

QoS congestion avoidance

definition 38-103

QoS CoS

and ToS final L3 Switching Engine values 38-12

and ToS final values from L3 Switching Engine 38-12

definition 38-102

port value, configuring 38-78

QoS default configuration 38-93, 40-2

QoS DSCP

definition 38-103

internal values 38-10

maps, configuring 38-73

QoS dual transmit queue

thresholds

configuring 38-79, 38-83

QoS Ethernet egress port

scheduling 38-93

scheduling, congestion avoidance, and marking 38-12

QoS Ethernet ingress port

classification, marking, scheduling, and congestion avoidance 38-6

QoS final L3 Switching Engine CoS and ToS values 38-12

QoS internal DSCP values 38-10

QoS L3 Switching Engine

classification, marking, and policing 38-9

feature summary 38-15

QoS labels (definition) 38-103

QoS mapping

CoS values to DSCP values 38-70, 38-73

DSCP markdown values 38-26, 38-74, 39-16

DSCP mutation 38-69, 39-29

DSCP values to CoS values 38-76

IP precedence values to DSCP values 38-74

QoS markdown 38-19

QoS marking

definition 38-103

trusted ports 38-14

untrusted ports 38-14

QoS MSFC

marking 38-16

QoS multilayer switch feature card 38-16

QoS out of profile 38-19

QoS policing

definition 38-103

microflow, enabling for nonrouted traffic 38-48

QoS policing rule

aggregate 38-17

creating 38-52

microflow 38-17

QoS port

trust state 38-77

QoS port-based or VLAN-based 38-48

QoS queues

transmit, allocating bandwidth between 38-89

QoS receive queue 38-7, 38-87

drop thresholds 38-21

QoS scheduling (definition) 38-103

QoS single-receive, dual-transmit queue ports

configuring 38-84

QoS statistics data export 40-1

configuring 40-2

configuring destination host 40-7

configuring time interval 40-6, 40-9

QoS ToS

and CoS final values from L3 Switching Engine 38-12

definition 38-103

QoS traffic flow through QoS features 38-4

QoS transmit queue

size ratio 38-91, 38-92

QoS transmit queues 38-22, 38-85, 38-86

QoS trust-cos

port keyword 38-14

QoS trust-dscp

port keyword 38-14

QoS trust-ipprec

port keyword 38-14

QoS untrusted port keyword 38-14

QoS VLAN-based or port-based 38-11, 38-48

queries, IGMP 27-3

queries, MLDv2 26-4

R

range

command 4-4, 4-5, 7-4

macro 7-5

of interfaces 7-4

rapid convergence 17-13

Rapid-PVST

enabling 17-36

overview 17-17

Rapid Spanning Tree

See RSTP

Rapid Spanning Tree Protocol

See RSTP

receive queues

see QoS receive queues

recirculation 21-4, 38-13

reduced MAC address 17-2

redundancy (NSF) 5-1

configuring

BGP 5-13

CEF 5-12

EIGRP 5-18

IS-IS 5-15

OSPF 5-14

configuring multicast NSF with SSO 5-11

configuring supervisor engine 5-9

routing protocols 5-4

redundancy (RPR) 6-1

configuring 6-4

configuring supervisor engine 6-3

displaying supervisor engine configuration 6-5

redundancy command 6-4

redundancy (SSO)

redundancy command 5-11

related documentation 1-xxix

reload command 3-22, 3-23

Remote source-route bridging (RSRB) 19-2

report, MLD 26-4

reserved-range VLANs

See VLANs

rewrite, packet

CEF 23-2

IP MMLS 25-3

RGMP 29-1

overview 29-1

packet types 29-2

RIF cache monitoring 7-17

rommon command 3-23

ROM monitor

boot process and 3-19

CLI 2-7

root bridge, STP 17-28

root guard

See STP root guard

root switch

MSTP 17-40

route processor redundancy

See redundancy (RPR)

router-port group management protocol

See RGMP

routing table, multicast 25-16

RPF

failure 25-5

multicast 25-2

non-RPF multicast 25-5

unicast 30-2

RPR

See redundancy (RPR)

RSTP

active topology 17-12

BPDU

format 17-15

processing 17-16

designated port, defined 17-12

designated switch, defined 17-12

interoperability with IEEE 802.1D

described 17-25

restarting migration process 17-49

topology changes 17-17

overview 17-12

port roles

described 17-12

synchronized 17-14

proposal-agreement handshake process 17-13

rapid convergence

described 17-13

edge ports and Port Fast 17-13

point-to-point links 17-13, 17-47

root ports 17-13

root port, defined 17-12

See also MSTP

S

SAID 12-6

sample configuration3-2to 3-10

Sampled NetFlow

description 46-8

saving the configuration file 3-11

scheduling

see QoS

secondary VLANs 13-2

Secure MAC Address Aging Type 43-10

security

configuring 30-1, 31-1, 33-1

security, port 43-1

security precautions with Flash memory card 3-24

serial interfaces

clearing 7-18

synchronous

maintaining 7-18

service-policy command 38-53

service-policy input command 38-49, 38-67, 38-70, 38-72, 39-29

service-provider network, MSTP and RSTP 17-18

set power redundancy enable/disable command 50-2

setup command 3-2

shaped round robin 38-89

short pipe mode

configuring 39-34

show boot command 3-25

show catalyst6000 chassis-mac-address command 17-3

show cdp command 44-2, 44-3

show cdp entry command 44-3

show cdp interface command 44-3

show cdp neighbors command 44-3

show cdp traffic command 44-3

show ciscoview package command 1-3

show ciscoview version command 1-3

show configuration command 7-15

show debugging command 44-3

show eobc command 7-17

show hardware command 7-3

show history command 2-4

show ibc command 7-17

show interfaces command 7-3, 7-12, 7-13, 7-15, 7-17, 8-7, 8-12

clearing interface counters 7-17

displaying, interface type numbers 7-3

displaying, speed and duplex mode 7-9

show ip flow export command

displaying NDE export flow IP address and UDP port 46-15

show ip interface command

displaying IP MMLS interfaces 25-14

show ip mroute command

displaying IP multicast routing table 25-16

show ip pim interface command

displaying IP MMLS router configuration 25-14

show mls aging command 47-8

show mls entry command 23-5

show mls ip multicast group command

displaying IP MMLS group 25-17, 25-20

show mls ip multicast interface command

displaying IP MMLS interface 25-17, 25-20

show mls ip multicast source command

displaying IP MMLS source 25-17, 25-20

show mls ip multicast statistics command

displaying IP MMLS statistics 25-17, 25-20

show mls ip multicast summary

displaying IP MMLS configuration 25-17, 25-20

show mls nde command 46-18

displaying NDE flow IP address 46-15

show mls rp command

displaying IP MLS configuration 47-7

show module command 6-5

show protocols command 7-17

show rif command 7-17

show running-config command 3-10, 7-15, 7-17

show startup-config command 3-11

show version command 3-9, 3-22, 3-23, 7-17

shutdown command 7-18

shutdown interfaces

result 7-18

slot number, description 7-2

SNMP

support and documentation 1-1

snooping

See IGMP snooping

See MLDv2 snooping

software configuration register functions3-20to 3-23

source-only-ip flow mask 47-3

source specific multicast with IGMPv3, IGMP v3lite, and URD 25-9

SPAN

configuration guidelines 48-6

configuring 48-11

sources 48-12, 48-14, 48-15, 48-16, 48-18

VLAN filtering 48-20

overview 48-1

SPAN Destination Port Permit Lists 48-11

spanning-tree backbonefast

command 18-13, 18-14

command example 18-13, 18-14

spanning-tree cost

command 17-32

command example 17-32, 17-33

spanning-tree portfast

command 18-8, 18-9

command example 18-8

spanning-tree portfast bpdu-guard

command 18-11

spanning-tree port-priority

command 17-30, 17-31

spanning-tree protocol for bridging 19-2

spanning-tree uplinkfast

command 18-12

command example 18-12, 18-13

spanning-tree vlan

command 17-27, 17-29, 17-30, 18-14

command example 17-27, 17-29, 17-30

spanning-tree vlan cost

command 17-32

spanning-tree vlan forward-time

command 17-35

command example 17-35

spanning-tree vlan hello-time

command 17-34

command example 17-34

spanning-tree vlan max-age

command 17-35

command example 17-36

spanning-tree vlan port-priority

command 17-30

command example 17-31

spanning-tree vlan priority

command 17-33

command example 17-34

speed

configuring interface 7-7

speed command 4-3, 7-7

SRR 38-89

standby link 9-1

standby links 9-1

static route, configuring 3-11

statistics

802.1X 42-15

Sticky ARP 33-25

sticky ARP 33-25

sticky MAC address 43-2

Sticky secure MAC addresses 43-8, 43-9

storm control

see traffic-storm control

STP

configuring 17-25

bridge priority 17-33

enabling 17-26, 17-28

forward-delay time 17-35

hello time 17-34

maximum aging time 17-35

port cost 17-32

port priority 17-30

root bridge 17-28

secondary root switch 17-29

defaults 17-26

EtherChannel 10-4

understanding 17-1

802.1Q Trunks 17-11

Blocking State 17-7

BPDUs 17-3

disabled state 17-10

forwarding state 17-9

learning state 17-8

listening state 17-7

overview 17-2

port states 17-5

protocol timers 17-4

root bridge election 17-4

topology 17-4

STP BackboneFast

configuring 18-13

figure

adding a switch 18-7

spanning-tree backbonefast

command 18-13, 18-14

command example 18-13, 18-14

understanding 18-4

STP BPDU Guard

configuring 18-11

spanning-tree portfast bpdu-guard

command 18-11

understanding 18-2

STP bridge ID 17-2

STP EtherChannel guard 18-6

STP loop guard

configuring 18-15

overview 18-6

STP PortFast

BPDU filter

configuring 18-10

BPDU filtering 18-2

configuring 18-8

spanning-tree portfast

command 18-8, 18-9

command example 18-8

understanding 18-2

STP root guard 18-6, 18-14

STP UplinkFast

configuring 18-12

spanning-tree uplinkfast

command 18-12

command example 18-12, 18-13

understanding 18-3

subdomains, private VLAN 13-2

supervisor engine

configuring 3-1

default configuration 3-1

environmental monitoring 50-10

redundancy 5-1, 6-1

ROM monitor 3-19

startup configuration 3-19

static routes 3-11

synchronizing configurations 5-19, 6-5

Supervisor Engine 32 4-1

supervisor engine redundancy

configuring 5-9, 6-3

supervisor engines

displaying redundancy configuration 6-5

Switched Port Analyzer

See SPAN

switchport

configuring 8-14

example 8-13

show interfaces 7-12, 7-13, 8-7, 8-12

switchport access vlan 8-10, 8-14

example 8-14

switchport mode access 8-4, 8-14

example 8-14

switchport mode dynamic 8-9

switchport mode dynamic auto 8-4

switchport mode dynamic desirable 8-4

default 8-5

example 8-13

switchport mode trunk 8-4, 8-9

switchport nonegotiate 8-4

switchport trunk allowed vlan 8-11

switchport trunk encapsulation 8-8

switchport trunk encapsulation dot1q 8-3

example 8-13

switchport trunk encapsulation isl 8-3

switchport trunk encapsulation negotiate 8-3

default 8-5

switchport trunk native vlan 8-10

switchport trunk pruning vlan 8-12

switch priority

MSTP 17-44

switch TopN reports

foreground execution 52-2

running 52-2

viewing 52-2

system

configuration register

configuration3-20to 3-23

settings at startup 3-21

configuring global parameters3-3to 3-8

System Hardware Capacity 50-5

system image

determining if and how to load 3-21

loading from Flash 3-24

specifying the startup 3-23

T

TACACS+ 30-1, 31-1, 33-1

TCP Intercept 30-2

TDR

checking cable connectivity 7-19

enabling and disabling test 7-19

guidelines 7-19

Telnet

accessing CLI 2-2

Time Domain Reflectometer

See TDR

traceroute, Layer 2

and ARP 53-2

and CDP 53-1

described 53-1

IP addresses and subnets 53-2

MAC addresses and VLANs 53-2

multicast traffic 53-2

multiple devices on a port 53-2

unicast traffic 53-1

usage guidelines 53-1

traffic flood blocking 37-1

traffic-storm control

command

broadcast 36-3

described 36-1

monitoring 36-5

thresholds 36-1

traffic suppression

see traffic-storm control

translational bridge numbers (defaults) 12-6

transmit queues

see QoS transmit queues

trunks 8-2

802.1Q Restrictions 8-5

allowed VLANs 8-11

configuring 8-8

default interface configuration 8-7

default VLAN 8-10

different VTP domains 8-3

encapsulation 8-3

native VLAN 8-10

to non-DTP device 8-4

VLAN 1 minimization 8-11

trust-dscp

see QoS trust-dscp

trust-ipprec

see QoS trust-ipprec

tunneling 39-4, 39-31

tunneling, 802.1Q

See 802.1Q 15-1

U

UDE 20-1

configuration 20-3

overview 20-2

UDE and UDLR 20-1

UDLD

default configuration 45-3

enabling

globally 45-3

on ports 45-4

overview 45-1

UDLR 20-1

back channel 20-1

configuration 20-6

tunnel

(example) 20-7

ARP and NHRP 20-3

UDLR (unidirectional link routing)

See UDLR

UMFB 37-1

unauthorized ports with 802.1X 42-4

Unicast and Multicast Flood Blocking 37-1

unicast flood blocking 37-1

unicast RPF 30-2

unicast storms

see traffic-storm control

Unidirectional Ethernet

see UDE

unidirectional ethernet

example of setting 20-5

UniDirectional Link Detection Protocol

see UDLD

uniform mode

configuring 39-39

unknown multicast flood blocking

See UMFB

unknown unicast flood blocking

See UUFB

untrusted

see QoS trust-cos

see QoS untrusted

upgrade guidelines 21-15

UplinkFast

See STP UplinkFast

URD 25-9

User-Based Rate Limiting 38-18, 38-65

user EXEC mode 2-5

UUFB 37-1

V

VACLs 32-1

configuring 32-4

examples 32-9

Layer 3 VLAN interfaces 32-8

Layer 4 port operations 31-5

logging

configuration example 32-11

configuring 32-11

restrictions 32-11

MAC address based 32-5

multicast packets 32-4

overview 32-1

SVIs 32-8

WAN interfaces 32-1

virtual LAN

See VLANs

vlan

command 12-10, 12-12, 46-12, 46-13, 48-13

command example 12-11

VLAN-based QoS filtering 38-55

VLAN-bridge spanning-tree protocol 19-2

vlan database

command 12-10, 12-12, 46-12, 46-13, 48-13

example 12-11

vlan mapping dot1q

command 12-14, 12-15, 12-16

command example 12-16

VLAN mode 21-16

VLANs

allowed on trunk 8-11

configuration guidelines 12-8

configuration options

global configuration mode 12-9

VLAN database mode 12-9

configuring 12-1

configuring (tasks) 12-9

defaults 12-6

extended range 12-2

ID (default) 12-6

interface assignment 12-11

name (default) 12-6

normal range 12-2

private

See private VLANs

reserved range 12-2

support for 4,096 VLANs 12-2

token ring 12-3

trunks

understanding 8-2

understanding 12-1

VLAN 1 minimization 8-11

VTP domain 12-3

VLAN translation

command example 12-15

VLAN Trunking Protocol

See VTP

voice VLAN

Cisco 7960 phone, port connections 14-1

configuration guidelines 14-6

configuring IP phone for data traffic

override CoS of incoming frame 14-8, 14-9

configuring ports for voice traffic in

802.1Q frames 14-7

connecting to an IP phone 14-6

default configuration 14-5

overview 14-1

VPN

configuration example 21-12

guidelines and restrictions 21-11

VTP

advertisements 11-3

client, configuring 11-8

configuration guidelines 11-5

default configuration 11-5

disabling 11-8

domains 11-2

VLANs 12-3

modes

client 11-2

server 11-2

transparent 11-2

monitoring 11-10

overview 11-1

pruning

configuration 8-12

configuring 11-7

overview 11-3

server, configuring 11-8

statistics 11-10

transparent mode, configuring 11-8

version 2

enabling 11-7

overview 11-3

W

web browser interface 1-1

weighted round robin 38-89

wireless access point

inline power 14-4

WRR 38-89

X

xconnect command 21-15