Release 15.1SY Supervisor Engine 2T Software Configuration Guide
Index
Downloads: This chapterpdf (PDF - 0.97MB) The complete bookPDF (PDF - 13.65MB) | Feedback

Index

Numerics

4K VLANs (support for 4,096 VLANs) 16-2

802.1AE Tagging 41-2

802.1Q

Layer 2 protocol tunneling

See Layer 2 protocol tunneling

mapping to ISL VLANs 16-7

trunks 11-4

restrictions 11-2

tunneling

configuration guidelines 19-1

configuring tunnel ports 19-6

overview 19-4

802.1Q Ethertype

specifying custom 11-15

802.1X 54-1

802.1x accounting 54-43

802.3ad

See LACP

802.3af 10-2

802.3at 10-2

802.3x Flow Control 10-9

A

AAA

fail policy 54-8, 55-5

AAA (authentication, authorization, and accounting). See also port-based authentication. 54-6, 55-2

aaa accounting dot1x command 54-44

aaa accounting system command 54-44

abbreviating commands 2-5

access, restricting MIB 57-10

access control entries and lists 40-1

access-enable host timeout (not supported) 40-4

access port, configuring 11-14

access rights 57-9

access setup, example 57-11

accounting

with 802.1x 54-43

with IEEE 802.1x 54-16

ACEs and ACLs 40-1

ACLs

downloadable 55-2

downloadable (dACLs) 54-24

Filter-ID 54-25

per-user 54-24

port

defined 44-2

redirect URL 54-25

static sharing 54-25

acronyms, list of 1-1

activating lawful intercept 57-8

admin function (mediation device) 57-7, 57-8

administration, definition 57-6

advertisements, VTP 15-4

aggregate label 7-2, 7-5

aggregate policing 34-4

aging time

accelerated

for MSTP 1-45

maximum

for MSTP 1-45, 1-46

alarms

major 5-4

minor 5-4

Allow DHCP Option 82 on Untrusted Port

configuring 49-10

understanding 49-5

any transport over MPLS (AToM) 9-3

Ethernet over MPLS 9-3

ARP ACL 40-12

ARP spoofing 51-3

AToM 9-3

audience 1-45

authentication control-direction command 54-53

authentication event command 54-45

authentication failed VLAN

See restricted VLAN

authentication open comand 54-15

authentication password, VTP 15-5

authentication periodic command 54-38, 54-50

authentication port-control command 54-45

authentication timer reauthenticate command 54-38

authorized ports with 802.1X 54-12

auto enablement 54-30

automatic QoS

configuration guidelines and restrictions 37-2

macros 37-4

overview 37-2

AutoQoS 37-1

auto-sync command 9-4

B

BackboneFast

See STP BackboneFast

backup interfaces

See Flex Links

binding database, DHCP snooping

See DHCP snooping binding database

binding table, DHCP snooping

See DHCP snooping binding database

blocking state, STP 1-8

blue beacon 1-8

BPDU

RSTP format 1-16

BPDU guard

See STP BPDU guard

BPDUs

Bridge Assurance 2-5

Shared Spanning Tree Protocol (SSTP) 2-20

Bridge Assurance

description 2-4 to 2-6

inconsistent state 2-5

supported protocols and link types 2-5

bridge domain

configuring 12-8

bridge groups 5-1

bridge ID

See STP bridge ID

bridge priority, STP 1-34

bridge protocol data units

see BPDUs

bridging 5-1

broadcast storms

see traffic-storm control

C

CALEA, See Communications Assistance for Law Enforcement Act (CALEA)

Call Home

description 24-3

message format options 24-3

messages

format options 24-3

call home 24-1

alert groups 24-31

contact information 24-21

destination profiles 24-22

displaying information 24-45

pattern matching 24-36

periodic notification 24-33

rate limit messages 24-38

severity threshold 24-33

smart call home feature 24-4

SMTP server 24-2

testing communications 24-38

call home alert groups

configuring 24-31

description 24-31

subscribing 24-31

call home customer information

entering information 24-21

call home destination profiles

attributes 24-23

description 24-23

displaying 24-48

call home notifications

full-txt format for syslog 24-17

XML format for syslog 24-17

CDP

host presence detection 54-14, 56-4

to configure Cisco phones 9-3

CEF

configuring

RP 3-5

supervisor engine 3-4

examples 3-3

Layer 3 switching 3-2

packet rewrite 3-2

certificate authority (CA) 24-2

channel-group group

command 2-7, 2-10, 13-9, 13-14, 13-15, 13-16

command example 13-9, 13-15

Cisco Discovery Protocol

See CDP

Cisco Emergency Responder 9-4

Cisco EnergyWise 3-1

Cisco Express Forwarding 7-3

CISCO-IP-TAP-MIB

citapStreamVRF 57-2

overview 57-8

restricting access to 57-10, 57-11

CISCO-TAP2-MIB

accessing 57-9

overview 57-8

restricting access to 57-10, 57-11

CISP 54-30

CIST regional root

See MSTP

CIST root

See MSTP

class command 34-9

class map configuration 34-8, 35-11

clear authentication sessions command 54-40

clear counters command 10-12

clear dot1x command 54-40

clear interface command 10-13

CLI

accessing 2-1

backing out one level 2-5

console configuration mode 2-5

getting list of commands 2-6

global configuration mode 2-5

history substitution 2-4

interface configuration mode 2-5

privileged EXEC mode 2-5

ROM monitor 2-7

software basics 2-4

Client Information Signalling Protocol

See CISP

collection function 57-6

command line processing 2-3

commands, getting list of 2-6

Communications Assistance for Law Enforcement Act

CALEA for Voice 57-5

lawful intercept 57-4

community ports 17-7

community VLANs 17-6, 17-7

configuration example

EoMPLS port mode 9-4, 9-7

EoMPLS VLAN mode 9-4

VPLS, 802.1Q access port for untagged traffic from CE 10-8

VPLS, associating the attachment circuit with the VSI at the PE 10-13

VPLS, L2 VLAN instance on the PE 10-10

VPLS, MPLS in the PE 10-11

VPLS, using QinQ to place all VLANs into a single VPLS 10-9

VPLS, VFI in the PE 10-12

configuration guidelines

EVCs 12-2

configuring 34-9, 35-11

lawful intercept 57-10, 57-11, 57-12

SNMP 57-10

console configuration mode 2-5

content IAP 57-6

control plane policing

See CoPP

CoPP 48-1

applying QoS service policy to control plane 48-5

configuring

ACLs to match traffic 48-5

enabling MLS QoS 48-5

packet classification criteria 48-5

service-policy map 48-5

control plane configuration mode

entering 48-5

displaying

dynamic information 48-9

number of conforming bytes and packets 48-9

rate information 48-9

entering control plane configuration mode 48-5

monitoring statistics 48-9

overview 48-3

packet classification guidelines 48-2

traffic classification

defining 48-6

guidelines 48-7

overview 48-6

sample ACLs 48-8

sample classes 48-6

CoS

override priority 9-6, 10-5

counters

clearing interface 10-12, 10-13

critical authentication 54-8

critical authentication, IEEE 802.1x 54-47

CSCsr62404 10-9

CSCtx75254 5-2

cTap2MediationDebug notification 57-12

cTap2MediationNewIndex object 57-8

cTap2MediationTable 57-8

cTap2MediationTimedOut notification 57-12

cTap2MIBActive notification 57-12

cTap2StreamDebug notification 57-12

cTap2StreamTable 57-8

customer contact information

entering for call home 24-21

D

dACL

See ACLs, downloadable 54-24

dCEF 3-4

debug commands

IP MMLS 14-31

DEC spanning-tree protocol 5-1

default configuration

802.1X 54-31, 55-7

dynamic ARP inspection 51-6

EVCs 12-9

Flex Links 12-4

IP MMLS 14-15

MSTP 1-26

MVR 17-5

UDLD 1-4

voice VLAN 9-4

VTP 15-9

default VLAN 11-10

denial of service protection 47-1

device IDs

call home format 24-13, 24-14

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP option 82

circuit ID suboption 49-7

overview 49-5

packet format, suboption

circuit ID 49-7

remote ID 49-7

remote ID suboption 49-7

DHCP option 82 allow on untrusted port 49-10

DHCP snooping

802.1X data insertion 54-15

binding database

See DHCP snooping binding database

configuration guidelines 49-8

configuring 49-9

default configuration 49-8

displaying binding tables 49-18

enabling 49-9, 49-10, 49-11, 49-12, 49-13, 49-14

enabling the database agent 49-14

message exchange process 49-6

monitoring 50-5, 50-6

option 82 data insertion 49-5

overview 49-3

Snooping database agent 49-7

DHCP snooping binding database

described 49-5

entries 49-5

DHCP snooping binding table

See DHCP snooping binding database

DHCP Snooping Database Agent

adding to the database (example) 49-18

enabling (example) 49-15

overview 49-7

reading from a TFTP file (example) 49-17

DHCP snooping increased bindings limit 49-14

DiffServ

configuring short pipe mode 38-30

configuring uniform mode 38-34

short pipe mode 38-27

uniform mode 38-28

DiffServ tunneling modes 38-4

Disabling PIM Snooping Designated Router Flooding 16-6

distributed Cisco Express Forwarding

See dCEF

distributed egress SPAN 27-10, 27-15

DNS, See Domain Name System

DNS, see Domain Name System

documentation, related 1-45

Domain Name System 57-2

DoS protection 47-1

monitoring packet drop statistics

using monitor session commands 47-10

using VACL capture 47-12

QoS ACLs 47-2

security ACLs 47-2

uRPF check 47-6

dot1x initialize interface command 54-39

dot1x max-reauth-req command 54-43

dot1x max-req command 54-42

dot1x pae authenticator command 54-34

dot1x re-authenticate interface command 54-39

dot1x timeout quiet-period command 54-41

DSCP-based queue mapping 36-14

duplex command 10-5, 10-6

duplex mode

autonegotiation status 10-6

configuring interface 10-4

dynamic ARP inspection

ARP cache poisoning 51-3

ARP requests, described 51-3

ARP spoofing attack 51-3

configuration guidelines 51-2

configuring

log buffer 51-13, 51-15

logging system messages 51-14

rate limit for incoming ARP packets 51-5, 51-10

default configuration 51-6

denial-of-service attacks, preventing 51-10

described 51-3

DHCP snooping binding database 51-4

displaying

ARP ACLs 51-15

configuration and operating state 51-15

trust state and rate limit 51-15

error-disabled state for exceeding rate limit 51-5

function of 51-4

interface trust states 51-4

log buffer

configuring 51-13, 51-15

logging of dropped packets, described 51-6

logging system messages

configuring 51-14

man-in-the middle attack, described 51-4

network security issues and interface trust states 51-4

priority of ARP ACLs and DHCP snooping entries 51-6

rate limiting of ARP packets

configuring 51-10

described 51-5

error-disabled state 51-5

validation checks, performing 51-11

Dynamic Host Configuration Protocol snooping 49-1

E

EAC 41-2

EAPOL. See also port-based authentication. 54-6

eFSU, See Enhanced Fast Software Upgrade (eFSU)

egress SPAN 27-10

electronic traffic, monitoring 57-7

e-mail addresses

assigning for call home 24-21

e-mail notifications

Call Home 24-3

enable mode 2-5

enable sticky secure MAC address 56-8

enabling

IP MMLS

on router interfaces 14-16

lawful intercept 57-8

SNMP notifications 57-12

Endpoint Admission Control (EAC) 41-2

EnergyWise 3-1

enhanced Fast Software Upgrade (eFSU)

aborting (issu abortversion command) 5-13

accepting the new software version 5-11

commiting the new software to standby RP (issu commitversion command) 5-12

displaying maximum outage time for module 5-10

error handling 5-5

forcing a switchover (issu runversion command) 5-10

issu loadversion command 5-8

loading new software onto standby RP 5-8

memory reservation on module 5-4

memory reservation on module, prohibiting 5-4

OIR not supported 5-2

operation 5-3

outage times 5-4

performing 5-5

steps 5-5

usage guidelines and limitations 5-2

verifying redundancy mode 5-7

environmental monitoring

LED indications 5-4

SNMP traps 5-4

supervisor engine and switching modules 5-4

Syslog messages 5-4

using CLI commands 5-1

EOBC

for MAC address table synchronization 11-3

EoMPLS 9-3

configuring 9-4

configuring VLAN mode 9-3

guidelines and restrictions 9-2

port mode 9-3

VLAN mode 9-3

ERSPAN 27-1

EtherChannel

channel-group group

command 2-7, 2-10, 13-9, 13-14, 13-15, 13-16

command example 13-9, 13-15

configuration guidelines 4-28, 13-2

configuring

Layer 2 13-9

configuring (tasks) 4-28, 13-7

interface port-channel

command example 13-8

interface port-channel (command) 2-6, 2-7, 13-8

lacp system-priority

command example 13-11

Layer 2

configuring 13-9, 13-15

load balancing

configuring 13-11

understanding 13-7

Min-Links 13-13, 13-14

modes 13-4

PAgP

understanding 13-5

port-channel interfaces 13-7

port-channel load-balance

command 13-11

command example 13-12

STP 13-7

understanding 4-4, 13-3

EtherChannel Guard

See STP EtherChannel Guard

Ethernet

setting port duplex 10-10

Ethernet flow point

See EFP

Ethernet over MPLS (EoMPLS) configuration

EoMPLS port mode 9-6

EoMPLS VLAN mode 9-4

Ethernet Virtual Connection

See EVC

EVC

broadcast domain 12-4

configuration guidelines 12-2

default configuration 12-9

supported features 12-2

EXP mutation 38-4

extended range VLANs 16-2

See VLANs

extended system ID

MSTP 1-39

Extensible Authentication Protocol over LAN. See EAPOL.

F

fall-back bridging 5-1

fast link notification

on VSL failure 4-15

fiber-optic, detecting unidirectional links 1-1

FIB TCAM 7-3

figure

lawful intercept overview 57-5

Flex Links 12-1

configuration guidelines 12-2

configuring 12-4

default configuration 12-4

description 12-2

monitoring 12-6

flex links

interface preemption 12-3

flow control 10-9

forward-delay time

MSTP 1-45

forward-delay time, STP 1-35

frame distribution

See EtherChannel load balancing

G

get requests 57-7, 57-8, 57-11

global configuration mode 2-5

guest VLAN and 802.1x 54-19

H

hardware Layer 3 switching

guidelines 3-2

hello time

MSTP 1-44

hello time, STP 1-35

High Capacity Power Supply Support 4-4

history

CLI 2-4

host mode

see port-based authentication

host ports

kinds of 17-7

host presence CDP message 9-4, 54-14

host presence TLV message 56-4

http

//www-tac.cisco.com/Teams/ks/c3/xmlkwery.php?srId=612293409 13-3

I

IAP

content IAP 57-6

definition 57-6

content IAP 57-6

identification IAP 57-6

types of

ICMP unreachable messages 40-2

ID IAP 57-6

IDs

serial IDs 24-14

IEEE 802.1Q Ethertype

specifying custom 11-15

IEEE 802.1Q Tagging on a Per-Port Basis 19-7

IEEE 802.1w

See RSTP

IEEE 802.1x

accounting 54-16, 54-43

authentication failed VLAN 54-20

critical ports 54-21

DHCP snooping 54-15

guest VLAN 54-19

MAC authentication bypass 54-26

network admission control Layer 2 validation 54-27

port security interoperability 54-23

RADIUS-supplied session timeout 54-38

voice VLAN 54-22

wake-on-LAN support 54-28

IEEE 802.3ad

See LACP

IEEE 802.3af 10-2

IEEE 802.3at 10-2

IEEE 802.3x Flow Control 10-9

IEEE bridging protocol 5-1

IGMP 15-1

configuration guidelines 22-9

enabling 15-9

join messages 15-3

leave processing

enabling 15-13

queries 15-4

query interval

configuring 15-12

snooping

fast leave 15-6

joining multicast group 15-3, 18-4

leaving multicast group 15-5, 18-4

understanding 15-3, 18-3

snooping querier

enabling 15-9

understanding 15-3, 18-3

IGMPv3 14-26

IGMP v3lite 14-26

ignore port trust 34-11

inaccessible authentication bypass 54-21

ingress SPAN 27-10

intercept access point

See IAP

intercept-related information (IRI) 57-6, 57-7

intercepts, multiple 57-6

interface

configuration mode 2-5

Layer 2 modes 11-4

number 10-2

interface port-channel

command example 13-8

interface port-channel (command) 2-6, 2-7, 13-8

interfaces

configuring, duplex mode 10-3

configuring, speed 10-3

configururing, overview 10-2

counters, clearing 10-12, 10-13

displaying information about 10-12

maintaining 10-11

monitoring 10-11

range of 10-2

restarting 10-13

shutting down

task 10-13

interfaces command 10-2

interfaces range command 26-3

interfaces range macro command 10-2

internal VLANs 16-3

Internet Group Management Protocol 15-1, 18-1

IP accounting, IP MMLS and 14-2

IP CEF

topology (figure) 3-4

ip flow-export source command 29-3, 29-4, 29-5

ip http server 1-9

ip local policy route-map command 4-5

IP MMLS

cache, overview 14-4

configuration guideline 14-1

debug commands 14-31

default configuration 14-15

enabling

on router interfaces 14-16

Layer 3 MLS cache 14-4

overview 14-2

packet rewrite 14-5

router

enabling globally 14-16

enabling on interfaces 14-16

PIM, enabling 14-16

IP multicast

IGMP snooping and 15-8

MLDv2 snooping and 22-9

overview 15-2, 18-2, 19-2

IP multicast MLS

See IP MMLS

ip multicast-routing command

enabling IP multicast 14-16

IP phone

configuring 9-5

ip pim command

enabling IP PIM 14-16

ip policy route-map command 4-5

IP Source Guard 50-1

configuring 50-3

configuring on private VLANs 50-5

displaying 50-5, 50-6

overview 50-2

IP unnumbered 5-1

IPv4 Multicast over Point-to-Point GRE Tunnels 1-10

IPv4 Multicast VPN 20-1

IPv6 Multicast Layer 3 Switching 21-1

IPv6 QoS 33-4

ISL trunks 11-4

isolated port 17-7

isolated VLANs 17-6, 17-7

J

join messages, IGMP 15-3

jumbo frames 10-6

K

keyboard shortcuts 2-3

L

label edge router 7-2

label switched path 9-1

label switch router 7-2, 7-4

LACP

system ID 13-6

Law Enforcement Agency (LEA) 57-4

lawful intercept

admin function 57-7, 57-8

collection function 57-6

configuring 57-10, 57-11, 57-12

enabling 57-8

IRI 57-6

mediation device 57-5

overview 57-4, 57-5

prerequisites 57-1

processing 57-7

security considerations 57-9

SNMP notifications 57-12

lawful intercept processing 57-7

Layer 2

configuring interfaces 11-5

access port 11-14

trunk 11-8

defaults 11-5

interface modes 11-4

show interfaces 10-8, 10-9, 11-6, 11-13

switching

understanding 11-2

trunks

understanding 11-4

VLAN

interface assignment 16-6

Layer 2 Interfaces

configuring 11-1

Layer 2 protocol tunneling

configuring Layer 2 tunnels 20-3

overview 20-2

Layer 2 Traceroute 30-1

Layer 2 traceroute

and ARP 30-2

and CDP 30-1

described 30-2

IP addresses and subnets 30-2

MAC addresses and VLANs 30-2

multicast traffic 30-2

multiple devices on a port 30-2

unicast traffic 30-2

usage guidelines 30-1

Layer 3

IP MMLS and MLS cache 14-4

Layer 3 switched packet rewrite

CEF 3-2

Layer 3 switching

CEF 3-2

Layer 4 port operations (ACLs) 40-2

leave processing, IGMP

enabling 15-13

leave processing, MLDv2

enabling 22-12

LERs 38-2, 38-6, 38-7

Link Failure

detecting unidirectional 1-25

link negotiation 10-5

link redundancy

See Flex Links

LLDP-MED

configuring

TLVs 10-8

load deferral

MEC traffic recovery 4-6

Local Egress Replication 14-19

logical operation unit

See LOU

loop guard

See STP loop guard

LOU

description 40-3

determining maximum number of 40-3

LSRs 38-2, 38-6

M

mab command 54-45, 54-50

MAC address-based blocking 43-1

MAC address table notification 11-7

MAC authentication bypass. See also port-based authentication. 54-26

MAC move (port security) 56-3

macros 3-1

See Smartports macros

MACSec 41-2

magic packet 54-28

main-cpu command 9-4

mapping 802.1Q VLANs to ISL VLANs 16-7

markdown

see QoS markdown

match ip address command 4-4

match length command 4-4

maximum aging time

MSTP 1-45

maximum aging time, STP 1-36

maximum hop count, MSTP 1-46

MEC

configuration 4-45

described 4-15

failure 4-16

port load share deferral 4-17

mediation device

admin function 57-7, 57-8

definition 57-5

description 57-5

MIBs

CISCO-IP-TAP-MIB 57-2, 57-8, 57-10

CISCO-TAP2-MIB 57-8, 57-9, 57-10

SNMP-COMMUNITY-MIB 57-9

SNMP-USM-MIB 57-4, 57-9

SNMP-VACM-MIB 57-4, 57-9

microflow policing 34-4

Mini Protocol Analyzer 31-1

Min-Links 13-13

MLD

report 22-5

MLD snooping

query interval

configuring 22-10

MLDv1 22-2

MLDv2 22-1

enabling 22-11

leave processing

enabling 22-12

queries 22-6

snooping

fast leave 22-8

joining multicast group 22-5

leaving multicast group 22-7

understanding 22-3

snooping querier

enabling 22-10

understanding 22-3

MLDv2 Snooping 22-1

monitoring

Flex Links 12-6

MVR 17-8

private VLANs 17-16

monitoring electronic traffic 57-7

MPLS 7-1, 7-2

aggregate label 7-2

any transport over MPLS 9-3

basic configuration 7-9

core 7-4

DiffServ Tunneling Modes 38-26

egress 7-4

experimental field 38-3

hardware features 7-5

ingress 7-4

IP to MPLS path 7-4

labels 7-2

MPLS to IP path 7-4

MPLS to MPLS path 7-4

nonaggregate lable 7-2

QoS default configuration 38-13

restrictions 7-1

VPN 38-11

VPN guidelines and restrictions 8-2

MPLS QoS

Classification 38-2

Class of Service 38-2

commands 38-15

configuring a class map 38-17

configuring a policy map 38-20

configuring egress EXP mutation 38-24

configuring EXP Value Maps 38-25

Differentiated Services Code Point 38-2

displaying a policy map 38-24

E-LSP 38-2

EXP bits 38-2

features 38-2

IP Precedence 38-2

QoS Tags 38-2

queueing-only mode 38-17

MPLS QoS configuration

class map to classify MPLS packets 38-17

MPLS supported commands 7-2

MPLS VPN

limitations and restrictions 8-2

MQC 32-1

MST

interoperation with Rapid PVST+ 2-20

root bridge 2-20

MSTP

boundary ports

configuration guidelines 1-2

described 1-22

CIST, described 1-19

CIST regional root 1-20

CIST root 1-21

configuration guidelines 1-2

configuring

forward-delay time 1-45

hello time 1-44

link type for rapid convergence 1-46

maximum aging time 1-45

maximum hop count 1-46

MST region 1-38

neighbor type 1-46

path cost 1-42

port priority 1-41

root switch 1-39

secondary root switch 1-40

switch priority 1-43

CST

defined 1-19

operations between regions 1-20

default configuration 1-26

displaying status 1-47

enabling the mode 1-38

extended system ID

effects on root switch 1-39

effects on secondary root switch 1-40

unexpected behavior 1-39

IEEE 802.1s

implementation 1-23

port role naming change 1-23

terminology 1-21

interoperability with IEEE 802.1D

described 1-24

restarting migration process 1-47

IST

defined 1-19

master 1-20

operations within a region 1-20

mapping VLANs to MST instance 1-38

MST region

CIST 1-19

configuring 1-38

described 1-19

hop-count mechanism 1-22

IST 1-19

supported spanning-tree instances 1-19

overview 1-18

root switch

configuring 1-39

effects of extended system ID 1-39

unexpected behavior 1-39

status, displaying 1-47

MTU size (default) 16-3

multiauthentication (multiauth). See also port-based authentication. 54-15

multicast

IGMP snooping and 15-8

MLDv2 snooping and 22-9

non-RPF 14-7

overview 15-2, 18-2, 19-2

PIM snooping 16-4

multicast flood blocking 53-1

multicast groups

joining 15-3, 18-4

leaving 15-5, 22-7

multicast groups, IPv6

joining 22-5

Multicast Listener Discovery version 2 22-1

Multicast Replication Mode Detection enhancement 14-18

multicast storms

see traffic-storm control

multicast television application 17-3

multicast VLAN 17-2

Multicast VLAN Registration 17-1

multichassis EtherChannel

see MEC 4-15

Multidomain Authentication (MDA). See also port-based authentication. 54-14

Multilayer MAC ACL QoS Filtering 40-9

multiple path RPF check 47-7

Multiple Spanning Tree

See MST

MUX-UNI Support 7-7

MUX-UNI support 7-7

MVAP (Multi-VLAN Access Port). See also port-based authentication. 54-22

MVR

and IGMPv3 17-2

configuring interfaces 17-6

default configuration 17-5

example application 17-3

in the switch stack 17-5

monitoring 17-8

multicast television application 17-3

restrictions 17-1

setting global parameters 17-6

N

NAC

agentless audit support 54-27

critical authentication 54-21, 54-47

IEEE 802.1x authentication using a RADIUS server 54-50

IEEE 802.1x validation using RADIUS server 54-50

inaccessible authentication bypass 54-47

Layer 2 IEEE 802.1x validation 54-50

Layer 2 IEEE802.1x validation 54-27

native VLAN 11-11

NDAC 41-2

NEAT

configuring 54-54

overview 54-30

NetFlow

table, displaying entries 3-5

Network Device Admission Control (NDAC) 41-2

Network Edge Access Topology

See NEAT

network ports

Bridge Assurance 2-5

description 2-2

nonaggregate label 7-2, 7-5

non-RPF multicast 14-7

normal-range VLANs

See VLANs

notifications, See SNMP notifications

NSF with SSO does not support IPv6 multicast traffic. 7-1, 8-1

O

OIR 10-11

online diagnostics

CompactFlash disk verification 1-45

configuring 6-2

datapath verification 1-15

diagnostic sanity check 6-24

egress datapath test 1-5

error counter test 1-5

interrupt counter test 1-5

memory tests 6-24

overview 6-2

running tests 6-6

test descriptions 1-1

understanding 6-2

online diagnostic tests 1-1

online insertion and removal

See OIR

out-f-band MAC address table synchronization

configuring 11-6

in a VSS 4-2

out of profile

see QoS out of profile

P

packet capture 31-2

packet rewrite

CEF 3-2

IP MMLS and 14-5

packets

multicast 44-6

PAgP

understanding 13-5

path cost

MSTP 1-42

PBACLs 40-5

PBF 45-4

PBR 1-10

PBR (policy-based routing)

configuration (example) 4-7

enabling 4-4

peer inconsistent state

in PVST simulation 2-20

per-port VTP enable and disable 15-16

PFC

recirculation 7-5

PIM, IP MMLS and 14-16

PIM snooping

designated router flooding 16-6

enabling globally 16-5

enabling in a VLAN 16-5

overview 16-4

platform aging command

configuring IP MLS 23-3, 23-4

platform ip multicast command

enabling IP MMLS 14-17 to 14-27

PoE 10-2

Cisco prestandard 10-3

IEEE 802.3af 10-2

IEEE 802.3at 10-2

PoE management 10-3

power policing 10-4

power use measurement 10-4

police command 34-13, 34-14

policy-based ACLs (PBACLs) 40-5

policy-based forwarding (PBF) 46-2

policy-based routing

See PBR

policy-based routing (PBR)

configuring 4-1

policy map 34-9, 35-11

attaching to an interface 34-17, 35-17, 47-6

policy-map command 34-9

port ACLs

defined 44-2

port ACLs (PACLs) 44-1

Port Aggregation Protocol

see PAgP

port-based authentication

AAA authorization 54-33

accounting 54-16

configuring 54-43

authentication server

defined 54-7, 55-3

RADIUS server 54-7

client, defined 54-7, 55-3

configuration guidelines 54-2, 55-1

configuring

guest VLAN 54-45

inaccessible authentication bypass 54-47

initializing authentication of a client 54-39

manual reauthentication of a client 54-39

RADIUS server 54-35, 55-10

RADIUS server parameters on the switch 54-34, 55-9

restricted VLAN 54-46

switch-to-authentication-server retransmission time 54-42

switch-to-client EAP-request frame retransmission time 54-41

switch-to-client frame-retransmission number 54-42, 54-43

switch-to-client retransmission time 54-41

user distribution 54-44

VLAN group assignment 54-44

default configuration 54-31, 55-7

described 54-6

device roles 54-7, 55-3

DHCP snooping 54-15

DHCP snooping and insertion 49-6

displaying statistics 54-57, 55-15

EAPOL-start frame 54-10

EAP-request/identity frame 54-10

EAP-response/identity frame 54-10

enabling

802.1X authentication 54-33, 54-34, 55-9

periodic reauthentication 54-38

encapsulation 54-7

guest VLAN

configuration guidelines 54-19, 54-20

described 54-19

host mode 54-13

inaccessible authentication bypass

configuring 54-47

described 54-21

guidelines 54-4

initiation and message exchange 54-10

MAC authentication bypass 54-26

magic packet 54-28

method lists 54-33

modes 54-13

multiauth mode, described 54-15

multidomain authentication mode, described 54-14

multiple-hosts mode, described 54-13

ports

authorization state and dot1x port-control command 54-12

authorized and unauthorized 54-12

critical 54-21

voice VLAN 54-22

port security

and voice VLAN 54-23

described 54-23

interactions 54-23

multiple-hosts mode 54-13

pre-authentication open access 54-15, 54-36

resetting to default values 54-57

supplicant, defined 54-7

switch

as proxy 54-7, 55-3

RADIUS client 54-7

switch supplicant

configuring 54-54

overview 54-30

user distribution

configuring 54-44

described 54-18

guidelines 54-4

VLAN assignment

AAA authorization 54-33

characteristics 54-17

configuration tasks 54-18

described 54-17

VLAN group

guidelines 54-4

voice VLAN

described 54-22

PVID 54-22

VVID 54-22

wake-on-LAN, described 54-28

port-based QoS features

see QoS

port-channel

see EtherChannel

port-channel load-balance

command 13-11

command example 13-11, 13-12

port-channel load-defer command 4-46

port-channel port load-defer command 4-46

port cost, STP 1-32

port debounce timer

disabling 10-10

displaying 10-10

enabling 10-10

PortFast

edge ports 2-2

network ports 2-2

See STP PortFast

PortFast Edge BPDU filtering

See STP PortFast Edge BPDU filtering

PortFast port types

description 2-2, 2-2 to ??

edge 2-2

network 2-2

port mode 9-3

port negotiation 10-5

port priority

MSTP 1-41

port priority, STP 1-31

ports

setting the debounce timer 10-10

port security

aging 56-9, 56-10

configuring 56-4

described 56-3

displaying 56-10

enable sticky secure MAC address 56-8

sticky MAC address 56-3

violations 56-3

Port Security is supported on trunks 56-2, 56-5, 56-7, 56-9

port security MAC move 56-3

port security on PVLAN ports 56-2

Port Security with Sticky Secure MAC Addresses 56-3

power management

enabling/disabling redundancy 4-2

overview 4-1

powering modules up or down 4-3

power policing 10-8

power negotiation

through LLDP 10-8

Power over Ethernet 10-2

power over ethernet 10-2

pre-authentication open access. See port-based authentication.

preemption, default configuration 12-4

preemption delay, default configuration 12-4

prerequisites for lawful intercept 57-1

primary links 12-2

primary VLANs 17-6

priority

overriding CoS 9-6, 10-5

private hosts 18-1

private hosts feature

configuration guidelines 18-1

configuring (detailed steps) 18-9

configuring (summary) 18-8

multicast operation 18-4

overview 18-4

port ACLs (PACLs) 18-7

port types 18-5, 18-6

protocol-independent MAC ACLs 18-4

restricting traffic flow with PACLs 18-5

spoofing protection 18-3

private VLANs 17-1

across multiple switches 17-9

and SVIs 17-10

benefits of 17-5

community VLANs 17-6, 17-7

configuration guidelines 17-2, 17-4, 17-10

configuring 17-10

host ports 17-14

pomiscuous ports 17-15

routing secondary VLAN ingress traffic 17-13

secondary VLANs with primary VLANs 17-12

VLANs as private 17-11

end station access to 17-8

IP addressing 17-8

isolated VLANs 17-6, 17-7

monitoring 17-16

ports

community 17-7

configuration guidelines 17-4

isolated 17-7

promiscuous 17-7

primary VLANs 17-6

secondary VLANs 17-6

subdomains 17-5

traffic in 17-10

privileged EXEC mode 2-5

promiscuous ports 17-7

protocol tunneling

See Layer 2 protocol tunneling 20-2

PVRST

See Rapid-PVST 1-3

PVST

description 1-3

PVST simulation

description 2-20

peer inconsistent state 2-20

root bridge 2-20

Q

QoS

auto-QoS

enabling for VoIP 37-4

IPv6 33-4

See also automatic QoS 37-1

QoS CoS

port value, configuring 36-2

QoS default configuration 39-2

QoS DSCP

maps, configuring 36-7

QoS mapping

CoS values to DSCP values 36-4, 36-7

DSCP markdown values 36-8, 38-14

DSCP mutation 36-3, 38-25

DSCP values to CoS values 36-9

IP precedence values to DSCP values 36-7

QoS markdown 34-4

QoS out of profile 34-4

QoS policing rule

aggregate 34-4

microflow 34-4

QoS port

trust state 36-10

QoS port-based or VLAN-based 36-12

QoS receive queue 36-18

QoS statistics data export 39-2

configuring 39-2

configuring destination host 39-7

configuring time interval 39-6, 39-8

QoS transmit queues 35-6, 36-15, 36-16

QoS VLAN-based or port-based 36-12

queries, IGMP 15-4

queries, MLDv2 22-6

R

RADIUS 49-6

RADIUS. See also port-based authentication. 54-7

range

command 26-3

macro 10-2

rapid convergence 1-14

Rapid-PVST

enabling 1-36

Rapid PVST+

interoperation with MST 2-20

Rapid-PVST+

overview 1-3

Rapid Spanning Tree

See RSTP

Rapid Spanning Tree Protocol

See RSTP

receive queues

see QoS receive queues

recirculation 7-5

redirect URLs

described 54-25

reduced MAC address 1-3

redundancy (RPR+) 9-1

configuring 9-4

configuring supervisor engine 9-2

displaying supervisor engine configuration 9-5

redundancy command 9-4

related documentation 1-45

Remote Authentication Dial-In User Service. See RADIUS.

report, MLD 22-5

reserved-range VLANs

See VLANs

restricted VLAN

configuring 54-46

described 54-20

using with IEEE 802.1x 54-20

restricting MIB access 57-10, 57-11

rewrite, packet

CEF 3-2

IP MMLS 14-5

RHI 4-52

RIF cache monitoring 10-12

ROM monitor

CLI 2-7

root bridge

MST 2-20

PVST simulation 2-20

root bridge, STP 1-29

root guard

See STP root guard

root switch

MSTP 1-39

route health injection

See RHI

route-map (IP) command 4-4

route maps

defining 4-4

router guard 19-1

RPF

failure 14-7

non-RPF multicast 14-7

RPR and RPR+ support IPv6 multicast traffic 9-1

RSTP

active topology 1-13

BPDU

format 1-16

processing 1-17

designated port, defined 1-13

designated switch, defined 1-13

interoperability with IEEE 802.1D

described 1-24

restarting migration process 1-47

topology changes 1-17

overview 1-13

port roles

described 1-13

synchronized 1-15

proposal-agreement handshake process 1-14

rapid convergence

described 1-14

edge ports and Port Fast 1-14

point-to-point links 1-14, 1-46

root ports 1-14

root port, defined 1-13

See also MSTP

S

secondary VLANs 17-6

Secure MAC Address Aging Type 56-9

security

configuring 42-1

security, port 56-3

security considerations 57-9

Security Exchange Protocol (SXP) 41-2

Security Group Access Control List (SGACL) 41-2

Security Group Tag (SGT) 41-2

serial IDs

description 24-14

serial interfaces

clearing 10-13

synchronous

maintaining 10-13

server IDs

description 24-14

service instance

configuration mode 12-5

creating 12-4

defined 12-4

service-policy input command 34-17, 35-17, 36-4, 36-6, 38-25, 47-6

service-provider network, MSTP and RSTP 1-18

set default interface command 4-4

set interface command 4-4

set ip default next-hop command 4-4

set ip df command

PBR 4-4

set ip next-hop command 4-4

set ip precedence command

PBR 4-4

set ip vrf command

PBR 4-4

set power redundancy enable/disable command 4-2

set requests 57-7, 57-8, 57-11

setting up lawful intercept 57-7

SGACL 41-2

SGT 41-2

short pipe mode

configuring 38-30

show authentication command 54-58

show catalyst6000 chassis-mac-address command 1-4

show dot1x interface command 54-39

show eobc command 10-12

show history command 2-4

show ibc command 10-12

show interfaces command 10-8, 10-9, 10-12, 11-6, 11-13

clearing interface counters 10-12

displaying, speed and duplex mode 10-6

show ip local policy command 4-5

show mab command 54-61

show module command 9-5

show platform aging command 23-4

show platform entry command 3-5

show platform ip multicast group command

displaying IP MMLS group 14-27

show platform ip multicast interface command

displaying IP MMLS interface 14-27

show platform ip multicast source command

displaying IP MMLS source 14-27

show platform ip multicast statistics command

displaying IP MMLS statistics 14-27

show platform ip multicast summary

displaying IP MMLS configuration 14-27

show protocols command 10-12

show rif command 10-12

show running-config command 10-12

displaying ACLs 44-7, 44-8

show svclc rhi-routes command 4-52

show version command 10-12

shutdown command 10-13

shutdown interfaces

result 10-13

slot number, description 10-2

smart call home 24-1

description 24-4

destination profile (note) 24-23

registration requirements 24-5

service contract requirements 24-2

Transport Gateway (TG) aggregation point 24-4

SMARTnet

smart call home registration 24-5

smart port macros 3-1

configuration guidelines 3-2

Smartports macros

applying global parameter values 3-14

applying macros 3-14

creating 3-13

default configuration 3-4

defined 3-4

displaying 3-15

tracing 3-2

SNMP

configuring 57-10

default view 57-9

get and set requests 57-7, 57-8, 57-11

notifications 57-9, 57-12

support and documentation 1-9

SNMP-COMMUNITY-MIB 57-9

SNMP-USM-MIB 57-4, 57-9

SNMP-VACM-MIB 57-4, 57-9

snooping

See IGMP snooping

software

upgrading router 5-5

source IDs

call home event format 24-13

source specific multicast with IGMPv3, IGMP v3lite, and URD 14-26

SPAN

configuration guidelines 27-2

configuring 27-12

sources 27-16, 27-19, 27-21, 27-22, 27-24, 27-25, 27-26, 27-28

VLAN filtering 27-30

destination port support on EtherChannels 27-12, 27-19, 27-22, 27-24, 27-25, 27-29

distributed egress 27-10, 27-15

modules that disable for ERSPAN 27-7

input packets with don’t learn option

ERSPAN 27-28, 27-29

local SPAN 27-17, 27-18, 27-19

RSPAN 27-22, 27-23, 27-25

understanding 27-12

local SPAN egress session increase 27-3, 27-16

overview 27-7

SPAN Destination Port Permit Lists 27-15

spanning-tree backbonefast

command 2-15, 2-16

command example 2-15, 2-16

spanning-tree cost

command 1-33

command example 1-33

spanning-tree portfast

command 2-2, 2-3, 2-4

command example 2-3, 2-4

spanning-tree portfast bpdu-guard

command 2-8

spanning-tree port-priority

command 1-31

spanning-tree protocol for bridging 5-1

spanning-tree uplinkfast

command 2-13

command example 2-13

spanning-tree vlan

command 1-27, 1-29, 1-30, 1-31, 2-8, 2-17

command example 1-28, 1-29, 1-30, 1-31

spanning-tree vlan cost

command 1-33

spanning-tree vlan forward-time

command 1-35

command example 1-35

spanning-tree vlan hello-time

command 1-35

command example 1-35

spanning-tree vlan max-age

command 1-36

command example 1-36

spanning-tree vlan port-priority

command 1-31

command example 1-32

spanning-tree vlan priority

command 1-34

command example 1-34

speed

configuring interface 10-4

speed command 10-4

speed mode

autonegotiation status 10-6

standards, lawful intercept 57-4

standby links 12-2

static sharing

description 54-25

statistics

802.1X 54-57, 55-15

sticky ARP 47-9

sticky MAC address 56-3

Sticky secure MAC addresses 56-8, 56-9

storm control

see traffic-storm control

STP

configuring 1-26

bridge priority 1-34

enabling 1-27, 1-28

forward-delay time 1-35

hello time 1-35

maximum aging time 1-36

port cost 1-32

port priority 1-31

root bridge 1-29

secondary root switch 1-30

defaults 1-25

EtherChannel 13-7

normal ports 2-3

understanding 1-2

802.1Q Trunks 1-12

Blocking State 1-8

BPDUs 1-4

disabled state 1-12

forwarding state 1-11

learning state 1-10

listening state 1-9

overview 1-3

port states 1-6

protocol timers 1-5

root bridge election 1-5

topology 1-5

STP BackboneFast

configuring 2-15

figure

adding a switch 2-18

spanning-tree backbonefast

command 2-15, 2-16

command example 2-15, 2-16

understanding 2-13

STP BPDU Guard

configuring 2-7

spanning-tree portfast bpdu-guard

command 2-8

understanding 2-7

STP bridge ID 1-3

STP EtherChannel guard 2-16

STP extensions

description ?? to 2-20

STP loop guard

configuring 2-19

overview 2-17

STP PortFast

BPDU filter

configuring 2-10

BPDU filtering 2-9

configuring 2-2

spanning-tree portfast

command 2-2, 2-3, 2-4

command example 2-3, 2-4

understanding 2-2

STP port types

normal 2-3

STP root guard 2-17

STP UplinkFast

configuring 2-12

spanning-tree uplinkfast

command 2-13

command example 2-13

understanding 2-11

subdomains, private VLAN 17-5

supervisor engine

environmental monitoring 5-1

redundancy 9-1

synchronizing configurations 9-5

supervisor engine redundancy

configuring 9-2

supervisor engines

displaying redundancy configuration 9-5

supplicant 54-7

surveillance 57-7

svclc command 4-52

Switched Port Analyzer 27-1

switch fabric functionality 8-1

configuring 8-3

monitoring 8-4

switchport

configuring 11-14

example 11-13

show interfaces 10-8, 10-9, 11-6, 11-13

switchport access vlan 11-6, 11-7, 11-10, 11-14

example 11-15

switchport mode access 11-4, 11-6, 11-7, 11-14

example 11-15

switchport mode dynamic 11-9

switchport mode dynamic auto 11-4

switchport mode dynamic desirable 11-4

default 11-5

example 11-13

switchport mode trunk 11-4, 11-9

switchport nonegotiate 11-4

switchport trunk allowed vlan 11-11

switchport trunk encapsulation 11-7, 11-9

switchport trunk encapsulation dot1q

example 11-13

switchport trunk encapsulation negotiate

default 11-5

switchport trunk native vlan 11-11

switchport trunk pruning vlan 11-12

switch priority

MSTP 1-43

switch TopN reports

foreground execution 29-2

running 29-3

viewing 29-3

SXP 41-2

system event archive (SEA) 25-1

System Hardware Capacity 1-5

T

TDR

checking cable connectivity 10-14

enabling and disabling test 10-14

guidelines 10-14

Telnet

accessing CLI 2-2

Time Domain Reflectometer 10-14

TLV

host presence detection 9-4, 54-14, 56-4

traceroute, Layer 2

and ARP 30-2

and CDP 30-1

described 30-2

IP addresses and subnets 30-2

MAC addresses and VLANs 30-2

multicast traffic 30-2

multiple devices on a port 30-2

unicast traffic 30-2

usage guidelines 30-1

traffic-storm control

command

broadcast 52-4

described 52-2

monitoring 52-5

thresholds 52-2

traffic suppression

see traffic-storm control

transmit queues

see QoS transmit queues

traps, see SNMP notifications

trunks 11-4

802.1Q Restrictions 11-2

allowed VLANs 11-11

configuring 11-8

default interface configuration 11-6

default VLAN 11-10

different VTP domains 11-4

native VLAN 11-11

to non-DTP device 11-4

VLAN 1 minimization 11-12

trusted boundary 9-6

trusted boundary (extended trust for CDP devices) 9-4

trustpoint 24-2

tunneling 38-4, 38-26

tunneling, 802.1Q

See 802.1Q 19-4

type length value

See TLV

U

UDE

configuration 6-5

overview 6-4

UDE and UDLR 6-1

UDLD

default configuration 1-4

enabling

globally 1-5

on ports 1-5, 1-6

overview 1-2

UDLR 6-1

back channel 6-3

configuration 6-6

tunnel

(example) 6-7

ARP and NHRP 6-4

UDLR (unidirectional link routing) 6-1

UDP port for SNMP notifications 57-12

UMFB 53-2

unauthorized ports with 802.1X 54-12

unicast storms

see traffic-storm control

Unidirectional Ethernet 6-1

unidirectional ethernet

example of setting 6-5

UniDirectional Link Detection Protocol

see UDLD

uniform mode

configuring 38-34

unknown multicast flood blocking

See UMFB

unknown unicast and multicast flood blocking 53-1

unknown unicast flood blocking

See UUFB

unknown unicast flood rate-limiting

See UUFRL

UplinkFast

See STP UplinkFast

URD 14-26

User-Based Rate Limiting 34-6, 34-15

user EXEC mode 2-5

UUFB 53-2

UUFRL 53-2

V

VACLs 45-2

configuring

examples 45-5

Layer 3 VLAN interfaces 45-5

Layer 4 port operations 40-2

logging

configuration example 45-8

configuring 45-7

restrictions 45-7

MAC address based 45-2

multicast packets 44-6

SVIs 45-5

WAN interfaces 45-2

virtual private LAN services (VPLS) 10-1

associating attachment circuit with the VSI at the PE 10-13

basic configuration 10-2

configuration example 10-18

configuring MPLS in the PE 10-11

configuring PE layer 2 interface to the CE 10-7

configuring the VFI in the PE 10-12

overview 10-2

restrictions 10-2

services 10-5

vlan

command 16-5, 16-6, 27-20

command example 16-6

VLAN Access Control Lists

See VACLs

VLAN-based QoS filtering 40-10

VLAN-bridge spanning-tree protocol 5-1

vlan database

command 16-5, 16-6, 27-20

vlan group command 54-44

VLAN locking 16-4

vlan mapping dot1q

command 16-8, 16-9

VLAN maps

applying 44-8

VLAN mode 9-3

VLAN port provisioning verification 16-4

VLANs

allowed on trunk 11-11

configuration guidelines 16-2

configuring 16-1

configuring (tasks) 16-4

defaults 16-3

extended range 16-3

interface assignment 16-6

multicast 17-2

name (default) 16-3

normal range 16-3

reserved range 16-3

support for 4,096 VLANs 16-2

token ring 16-3

trunks

understanding 11-4

understanding 16-2

VLAN 1 minimization 11-12

VTP domain 16-4

VLAN translation

command example 16-8, 16-9

voice VLAN

Cisco 7960 phone, port connections 9-2

configuration guidelines 9-1

configuring IP phone for data traffic

override CoS of incoming frame 9-6, 10-5

configuring ports for voice traffic in

802.1Q frames 9-5

connecting to an IP phone 9-5

default configuration 9-4

overview 9-2

voice VLAN. See also port-based authentication. 54-22

VPN

configuration example 8-4

guidelines and restrictions 8-2

VPN supported commands 8-2

VPN switching 8-1

VSS

dual-active detection

Enhanced PAgP, advantages 4-24

Enhanced PAgP, description 4-24

enhanced PAgP, description 4-46

fast-hello, advantages 4-24

fast-hello, description 4-25

VSLP fast-hello, configuration 4-48

VSS Quad-Sup SSO (V4SO) 4-9

VTP

advertisements 15-4, 15-5

client, configuring 15-15

configuration guidelines 15-1

default configuration 15-9

disabling 15-15

domains 15-3

VLANs 16-4

modes

client 15-4

server 15-4

transparent 15-4

monitoring 15-17

overview 15-2

per-port enable and disable 15-16

pruning

configuration 11-12

configuring 15-12

overview 15-7

server, configuring 15-15

statistics 15-17

transparent mode, configuring 15-15

version 2

enabling 15-13

overview 15-5

version 3

enabling 15-13

overview 15-6

server type, configuring 15-11

W

wake-on-LAN. See also port-based authentication. 54-28

web-based authentication

AAA fail policy 55-5

description 55-2

web browser interface 1-9

wiretaps 57-4