Release 15.1SY Supervisor Engine 2T Software Configuration Guide
Index
Downloads: This chapterpdf (PDF - 2.65MB) The complete bookPDF (PDF - 14.36MB) | Feedback

Index

Numerics

4K VLANs (support for 4,096 VLANs) 26-2

802.1AE Tagging 71-2

802.1Q

Layer 2 protocol tunneling

See Layer 2 protocol tunneling

mapping to ISL VLANs 26-7

trunks 21-4

restrictions 21-2

tunneling

configuration guidelines 29-1

configuring tunnel ports 29-6

overview 29-4

802.1Q Ethertype

specifying custom 21-15

802.1X 84-1

802.1x accounting 84-43

802.3ad

See LACP

802.3af 20-2

802.3at 20-2

802.3x Flow Control 10-9

A

AAA

fail policy 84-8, 85-5

AAA (authentication, authorization, and accounting). See also port-based authentication. 84-6, 85-2

aaa accounting dot1x command 84-44

aaa accounting system command 84-44

abbreviating commands 2-5

access, restricting MIB 87-10

access control entries and lists 70-1

access-enable host timeout (not supported) 70-4

access port, configuring 21-14

access rights 87-9

access setup, example 87-11

accounting

with 802.1x 84-43

with IEEE 802.1x 84-16

ACEs and ACLs 70-1

ACLs

downloadable 85-2

downloadable (dACLs) 84-24

Filter-ID 84-25

per-user 84-24

port

defined 74-2

redirect URL 84-25

static sharing 84-25

acronyms, list of A-1

activating lawful intercept 87-8

admin function (mediation device) 87-7, 87-8

administration, definition 87-6

advertisements, VTP 25-4

aggregate label 37-2, 37-5

aggregate policing 64-4

aging time

accelerated

for MSTP 31-45

maximum

for MSTP 31-45, 31-46

alarms

major 15-4

minor 15-4

Allow DHCP Option 82 on Untrusted Port

configuring 79-10

understanding 79-5

any transport over MPLS (AToM) 39-3

Ethernet over MPLS 39-3

ARP ACL 70-12

ARP spoofing 81-3

AToM 39-3

audience 1-xlv

authentication control-direction command 84-53

authentication event command 84-45

authentication failed VLAN

See restricted VLAN

authentication open comand 84-15

authentication password, VTP 25-5

authentication periodic command 84-38, 84-50

authentication port-control command 84-45

authentication timer reauthenticate command 84-38

authorized ports with 802.1X 84-12

auto enablement 84-30

automatic QoS

configuration guidelines and restrictions 67-2

macros 67-4

overview 67-2

AutoQoS 67-1

auto-sync command 9-4

B

BackboneFast

See STP BackboneFast

backup interfaces

See Flex Links

binding database, DHCP snooping

See DHCP snooping binding database

binding table, DHCP snooping

See DHCP snooping binding database

blocking state, STP 31-8

blue beacon 1-6

BPDU

RSTP format 31-16

BPDU guard

See STP BPDU guard

BPDUs

Bridge Assurance 32-5

Shared Spanning Tree Protocol (SSTP) 32-20

Bridge Assurance

description 32-4 to 32-6

inconsistent state 32-5

supported protocols and link types 32-5

bridge domain

configuring 42-8

bridge groups 35-1

bridge ID

See STP bridge ID

bridge priority, STP 31-34

bridge protocol data units

see BPDUs

bridging 35-1

broadcast storms

see traffic-storm control

C

CALEA, See Communications Assistance for Law Enforcement Act (CALEA)

Call Home

description 54-3

message format options 54-3

messages

format options 54-3

call home 54-1

alert groups 54-31

contact information 54-21

destination profiles 54-22

displaying information 54-45

pattern matching 54-36

periodic notification 54-33

rate limit messages 54-38

severity threshold 54-33

smart call home feature 54-4

SMTP server 54-2

testing communications 54-38

call home alert groups

configuring 54-31

description 54-31

subscribing 54-31

call home customer information

entering information 54-21

call home destination profiles

attributes 54-23

description 54-23

displaying 54-48

call home notifications

full-txt format for syslog 54-17

XML format for syslog 54-17

CDP

host presence detection 84-14, 86-4

to configure Cisco phones 19-3

CEF

configuring

RP 33-5

supervisor engine 33-4

examples 33-3

Layer 3 switching 33-2

packet rewrite 33-2

certificate authority (CA) 54-2

channel-group group

command 11-7, 11-10, 23-9, 23-14, 23-15, 23-16

command example 23-9, 23-15

Cisco Discovery Protocol

See CDP

Cisco Emergency Responder 19-4

Cisco EnergyWise 13-1

Cisco Express Forwarding 37-3

CISCO-IP-TAP-MIB

citapStreamVRF 87-2

overview 87-8

restricting access to 87-10, 87-11

CISCO-TAP2-MIB

accessing 87-9

overview 87-8

restricting access to 87-10, 87-11

CISP 84-30

CIST regional root

See MSTP

CIST root

See MSTP

class command 64-9

class map configuration 64-8, 65-11

clear authentication sessions command 84-40

clear counters command 10-12

clear dot1x command 84-40

clear interface command 10-13

CLI

accessing 2-1

backing out one level 2-5

console configuration mode 2-5

getting list of commands 2-6

global configuration mode 2-5

history substitution 2-4

interface configuration mode 2-5

privileged EXEC mode 2-5

ROM monitor 2-7

software basics 2-4

Client Information Signalling Protocol

See CISP

collection function 87-6

command line processing 2-3

commands, getting list of 2-6

Communications Assistance for Law Enforcement Act

CALEA for Voice 87-5

lawful intercept 87-4

community ports 27-7

community VLANs 27-6, 27-7

configuration example

EoMPLS port mode 39-4, 39-7

EoMPLS VLAN mode 39-4

VPLS, 802.1Q access port for untagged traffic from CE 40-8

VPLS, associating the attachment circuit with the VSI at the PE 40-13

VPLS, L2 VLAN instance on the PE 40-10

VPLS, MPLS in the PE 40-11

VPLS, using QinQ to place all VLANs into a single VPLS 40-9

VPLS, VFI in the PE 40-12

configuration guidelines

EVCs 42-2

configuring 64-9, 65-11

lawful intercept 87-10, 87-11, 87-12

SNMP 87-10

console configuration mode 2-5

content IAP 87-6

control plane policing

See CoPP

CoPP 78-1

applying QoS service policy to control plane 78-5

configuring

ACLs to match traffic 78-5

enabling MLS QoS 78-5

packet classification criteria 78-5

service-policy map 78-5

control plane configuration mode

entering 78-5

displaying

dynamic information 78-9

number of conforming bytes and packets 78-9

rate information 78-9

entering control plane configuration mode 78-5

monitoring statistics 78-9

overview 78-3

packet classification guidelines 78-2

traffic classification

defining 78-6

guidelines 78-7

overview 78-6

sample ACLs 78-8

sample classes 78-6

CoS

override priority 19-6, 20-5

counters

clearing interface 10-12, 10-13

critical authentication 84-8

critical authentication, IEEE 802.1x 84-47

CSCsr62404 10-9

CSCtx75254 5-2

cTap2MediationDebug notification 87-12

cTap2MediationNewIndex object 87-8

cTap2MediationTable 87-8

cTap2MediationTimedOut notification 87-12

cTap2MIBActive notification 87-12

cTap2StreamDebug notification 87-12

cTap2StreamTable 87-8

customer contact information

entering for call home 54-21

D

dACL

See ACLs, downloadable 84-24

dCEF 33-4

debug commands

IP MMLS 44-31

DEC spanning-tree protocol 35-1

default configuration

802.1X 84-31, 85-7

dynamic ARP inspection 81-6

EVCs 42-9

Flex Links 22-4

IP MMLS 44-15

MSTP 31-26

MVR 47-5

UDLD 12-4

voice VLAN 19-4

VTP 25-9

default VLAN 21-10

denial of service protection 77-1

device IDs

call home format 54-13, 54-14

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP option 82

circuit ID suboption 79-7

overview 79-5

packet format, suboption

circuit ID 79-7

remote ID 79-7

remote ID suboption 79-7

DHCP option 82 allow on untrusted port 79-10

DHCP snooping

802.1X data insertion 84-15

binding database

See DHCP snooping binding database

configuration guidelines 79-8

configuring 79-9

default configuration 79-8

displaying binding tables 79-18

enabling 79-9, 79-10, 79-11, 79-12, 79-13, 79-14

enabling the database agent 79-14

message exchange process 79-6

monitoring 80-5, 80-6

option 82 data insertion 79-5

overview 79-3

Snooping database agent 79-7

DHCP snooping binding database

described 79-5

entries 79-5

DHCP snooping binding table

See DHCP snooping binding database

DHCP Snooping Database Agent

adding to the database (example) 79-18

enabling (example) 79-15

overview 79-7

reading from a TFTP file (example) 79-17

DHCP snooping increased bindings limit 79-14

DiffServ

configuring short pipe mode 68-30

configuring uniform mode 68-34

short pipe mode 68-27

uniform mode 68-28

DiffServ tunneling modes 68-4

Disabling PIM Snooping Designated Router Flooding 46-6

distributed Cisco Express Forwarding

See dCEF

distributed egress SPAN 57-10, 57-15

DNS, See Domain Name System

DNS, see Domain Name System

documentation, related 1-xlv

Domain Name System 87-2

DoS protection 77-1

monitoring packet drop statistics

using monitor session commands 77-10

using VACL capture 77-12

QoS ACLs 77-2

security ACLs 77-2

uRPF check 77-6

dot1x initialize interface command 84-39

dot1x max-reauth-req command 84-43

dot1x max-req command 84-42

dot1x pae authenticator command 84-34

dot1x re-authenticate interface command 84-39

dot1x timeout quiet-period command 84-41

DSCP-based queue mapping 66-14

duplex command 10-5, 10-6

duplex mode

autonegotiation status 10-6

configuring interface 10-4

dynamic ARP inspection

ARP cache poisoning 81-3

ARP requests, described 81-3

ARP spoofing attack 81-3

configuration guidelines 81-2

configuring

log buffer 81-13, 81-15

logging system messages 81-14

rate limit for incoming ARP packets 81-5, 81-10

default configuration 81-6

denial-of-service attacks, preventing 81-10

described 81-3

DHCP snooping binding database 81-4

displaying

ARP ACLs 81-15

configuration and operating state 81-15

trust state and rate limit 81-15

error-disabled state for exceeding rate limit 81-5

function of 81-4

interface trust states 81-4

log buffer

configuring 81-13, 81-15

logging of dropped packets, described 81-6

logging system messages

configuring 81-14

man-in-the middle attack, described 81-4

network security issues and interface trust states 81-4

priority of ARP ACLs and DHCP snooping entries 81-6

rate limiting of ARP packets

configuring 81-10

described 81-5

error-disabled state 81-5

validation checks, performing 81-11

Dynamic Host Configuration Protocol snooping 79-1

E

EAC 71-2

EAPOL. See also port-based authentication. 84-6

eFSU, See Enhanced Fast Software Upgrade (eFSU)

egress SPAN 57-10

electronic traffic, monitoring 87-7

e-mail addresses

assigning for call home 54-21

e-mail notifications

Call Home 54-3

enable mode 2-5

enable sticky secure MAC address 86-8

enabling

IP MMLS

on router interfaces 44-16

lawful intercept 87-8

SNMP notifications 87-12

Endpoint Admission Control (EAC) 71-2

EnergyWise 13-1

enhanced Fast Software Upgrade (eFSU)

aborting (issu abortversion command) 5-13

accepting the new software version 5-11

commiting the new software to standby RP (issu commitversion command) 5-12

displaying maximum outage time for module 5-10

error handling 5-5

forcing a switchover (issu runversion command) 5-10

issu loadversion command 5-8

loading new software onto standby RP 5-8

memory reservation on module 5-4

memory reservation on module, prohibiting 5-4

OIR not supported 5-2

operation 5-3

outage times 5-4

performing 5-5

steps 5-5

usage guidelines and limitations 5-2

verifying redundancy mode 5-7

environmental monitoring

LED indications 15-4

SNMP traps 15-4

supervisor engine and switching modules 15-4

Syslog messages 15-4

using CLI commands 15-1

EOBC

for MAC address table synchronization 21-3

EoMPLS 39-3

configuring 39-4

configuring VLAN mode 39-3

guidelines and restrictions 39-2

port mode 39-3

VLAN mode 39-3

ERSPAN 57-1

EtherChannel

channel-group group

command 11-7, 11-10, 23-9, 23-14, 23-15, 23-16

command example 23-9, 23-15

configuration guidelines 4-28, 23-2

configuring

Layer 2 23-9

configuring (tasks) 4-28, 23-7

interface port-channel

command example 23-8

interface port-channel (command) 11-6, 11-7, 23-8

lacp system-priority

command example 23-11

Layer 2

configuring 23-9, 23-15

load balancing

configuring 23-11

understanding 23-7

Min-Links 23-13, 23-14

modes 23-4

PAgP

understanding 23-5

port-channel interfaces 23-7

port-channel load-balance

command 23-11

command example 23-12

STP 23-7

understanding 4-4, 23-3

EtherChannel Guard

See STP EtherChannel Guard

Ethernet

setting port duplex 10-10

Ethernet flow point

See EFP

Ethernet over MPLS (EoMPLS) configuration

EoMPLS port mode 39-6

EoMPLS VLAN mode 39-4

Ethernet Virtual Connection

See EVC

EVC

broadcast domain 42-4

configuration guidelines 42-2

default configuration 42-9

supported features 42-2

EXP mutation 68-4

extended range VLANs 26-2

See VLANs

extended system ID

MSTP 31-39

Extensible Authentication Protocol over LAN. See EAPOL.

F

fall-back bridging 35-1

fast link notification

on VSL failure 4-15

fiber-optic, detecting unidirectional links 12-1

FIB TCAM 37-3

figure

lawful intercept overview 87-5

Flex Links 22-1

configuration guidelines 22-2

configuring 22-4

default configuration 22-4

description 22-2

monitoring 22-6

flex links

interface preemption 22-3

flow control 10-9

forward-delay time

MSTP 31-45

forward-delay time, STP 31-35

frame distribution

See EtherChannel load balancing

G

get requests 87-7, 87-8, 87-11

global configuration mode 2-5

guest VLAN and 802.1x 84-19

H

hardware Layer 3 switching

guidelines 33-2

hello time

MSTP 31-44

hello time, STP 31-35

High Capacity Power Supply Support 14-4

history

CLI 2-4

host mode

see port-based authentication

host ports

kinds of 27-7

host presence CDP message 19-4, 84-14

host presence TLV message 86-4

http

//www-tac.cisco.com/Teams/ks/c3/xmlkwery.php?srId=612293409 23-3

I

IAP

content IAP 87-6

definition 87-6

content IAP 87-6

identification IAP 87-6

types of

ICMP unreachable messages 70-2

ID IAP 87-6

IDs

serial IDs 54-14

IEEE 802.1Q Ethertype

specifying custom 21-15

IEEE 802.1Q Tagging on a Per-Port Basis 29-7

IEEE 802.1w

See RSTP

IEEE 802.1x

accounting 84-16, 84-43

authentication failed VLAN 84-20

critical ports 84-21

DHCP snooping 84-15

guest VLAN 84-19

MAC authentication bypass 84-26

network admission control Layer 2 validation 84-27

port security interoperability 84-23

RADIUS-supplied session timeout 84-38

voice VLAN 84-22

wake-on-LAN support 84-28

IEEE 802.3ad

See LACP

IEEE 802.3af 20-2

IEEE 802.3at 20-2

IEEE 802.3x Flow Control 10-9

IEEE bridging protocol 35-1

IGMP 45-1

configuration guidelines 52-9

enabling 45-9

join messages 45-3

leave processing

enabling 45-13

queries 45-4

query interval

configuring 45-12

snooping

fast leave 45-6

joining multicast group 45-3, 48-4

leaving multicast group 45-5, 48-4

understanding 45-3, 48-3

snooping querier

enabling 45-9

understanding 45-3, 48-3

IGMPv3 44-26

IGMP v3lite 44-26

ignore port trust 64-11

inaccessible authentication bypass 84-21

ingress SPAN 57-10

intercept access point

See IAP

intercept-related information (IRI) 87-6, 87-7

intercepts, multiple 87-6

interface

configuration mode 2-5

Layer 2 modes 21-4

number 10-2

interface port-channel

command example 23-8

interface port-channel (command) 11-6, 11-7, 23-8

interfaces

configuring, duplex mode 10-3

configuring, speed 10-3

configururing, overview 10-2

counters, clearing 10-12, 10-13

displaying information about 10-12

maintaining 10-12

monitoring 10-12

range of 10-2

restarting 10-13

shutting down

task 10-13

interfaces command 10-2

interfaces range command 56-3

interfaces range macro command 10-2

internal VLANs 26-3

Internet Group Management Protocol 45-1, 48-1

IP accounting, IP MMLS and 44-2

IP CEF

topology (figure) 33-4

ip flow-export source command 59-3, 59-4, 59-5

ip http server 1-7

ip local policy route-map command 34-5

IP MMLS

cache, overview 44-4

configuration guideline 44-1

debug commands 44-31

default configuration 44-15

enabling

on router interfaces 44-16

Layer 3 MLS cache 44-4

overview 44-2

packet rewrite 44-5

router

enabling globally 44-16

enabling on interfaces 44-16

PIM, enabling 44-16

IP multicast

IGMP snooping and 45-8

MLDv2 snooping and 52-9

overview 45-2, 48-2, 49-2

IP multicast MLS

See IP MMLS

ip multicast-routing command

enabling IP multicast 44-16

IP phone

configuring 19-5

ip pim command

enabling IP PIM 44-16

ip policy route-map command 34-5

IP Source Guard 80-1

configuring 80-3

configuring on private VLANs 80-5

displaying 80-5, 80-6

overview 80-2

IP unnumbered 35-1

IPv4 Multicast over Point-to-Point GRE Tunnels 1-8

IPv4 Multicast VPN 50-1

IPv6 Multicast Layer 3 Switching 51-1

IPv6 QoS 63-4

ISL trunks 21-4

isolated port 27-7

isolated VLANs 27-6, 27-7

J

join messages, IGMP 45-3

jumbo frames 10-6

K

keyboard shortcuts 2-3

L

label edge router 37-2

label switched path 39-1

label switch router 37-2, 37-4

LACP

system ID 23-6

Law Enforcement Agency (LEA) 87-4

lawful intercept

admin function 87-7, 87-8

collection function 87-6

configuring 87-10, 87-11, 87-12

enabling 87-8

IRI 87-6

mediation device 87-5

overview 87-4, 87-5

prerequisites 87-1

processing 87-7

security considerations 87-9

SNMP notifications 87-12

lawful intercept processing 87-7

Layer 2

configuring interfaces 21-5

access port 21-14

trunk 21-8

defaults 21-5

interface modes 21-4

show interfaces 10-8, 10-9, 21-6, 21-13

switching

understanding 21-2

trunks

understanding 21-4

VLAN

interface assignment 26-6

Layer 2 Interfaces

configuring 21-1

Layer 2 protocol tunneling

configuring Layer 2 tunnels 30-3

overview 30-2

Layer 2 Traceroute 60-1

Layer 2 traceroute

and ARP 60-2

and CDP 60-1

described 60-2

IP addresses and subnets 60-2

MAC addresses and VLANs 60-2

multicast traffic 60-2

multiple devices on a port 60-2

unicast traffic 60-2

usage guidelines 60-1

Layer 3

IP MMLS and MLS cache 44-4

Layer 3 switched packet rewrite

CEF 33-2

Layer 3 switching

CEF 33-2

Layer 4 port operations (ACLs) 70-2

leave processing, IGMP

enabling 45-13

leave processing, MLDv2

enabling 52-12

LERs 68-2, 68-6, 68-7

Link Failure

detecting unidirectional 31-25

link negotiation 10-5

link redundancy

See Flex Links

LLDP-MED

configuring

TLVs 20-8

load deferral

MEC traffic recovery 4-6

Local Egress Replication 44-19

logical operation unit

See LOU

loop guard

See STP loop guard

LOU

description 70-3

determining maximum number of 70-3

LSRs 68-2, 68-6

M

mab command 84-45, 84-50

MAC address-based blocking 73-1

MAC address table notification 21-7

MAC authentication bypass. See also port-based authentication. 84-26

MAC move (port security) 86-3

macros 3-1

See Smartports macros

MACSec 71-2

magic packet 84-28

main-cpu command 9-4

mapping 802.1Q VLANs to ISL VLANs 26-7

markdown

see QoS markdown

match ip address command 34-4

match length command 34-4

maximum aging time

MSTP 31-45

maximum aging time, STP 31-36

maximum hop count, MSTP 31-46

MEC

configuration 4-45

described 4-15

failure 4-16

port load share deferral 4-17

mediation device

admin function 87-7, 87-8

definition 87-5

description 87-5

MIBs

CISCO-IP-TAP-MIB 87-2, 87-8, 87-10

CISCO-TAP2-MIB 87-8, 87-9, 87-10

SNMP-COMMUNITY-MIB 87-9

SNMP-USM-MIB 87-4, 87-9

SNMP-VACM-MIB 87-4, 87-9

microflow policing 64-4

Mini Protocol Analyzer 61-1

Min-Links 23-13

MLD

report 52-5

MLD snooping

query interval

configuring 52-10

MLDv1 52-2

MLDv2 52-1

enabling 52-11

leave processing

enabling 52-12

queries 52-6

snooping

fast leave 52-8

joining multicast group 52-5

leaving multicast group 52-7

understanding 52-3

snooping querier

enabling 52-10

understanding 52-3

MLDv2 Snooping 52-1

monitoring

Flex Links 22-6

MVR 47-8

private VLANs 27-16

monitoring electronic traffic 87-7

MPLS 37-1, 37-2

aggregate label 37-2

any transport over MPLS 39-3

basic configuration 37-9

core 37-4

DiffServ Tunneling Modes 68-26

egress 37-4

experimental field 68-3

hardware features 37-5

ingress 37-4

IP to MPLS path 37-4

labels 37-2

MPLS to IP path 37-4

MPLS to MPLS path 37-4

nonaggregate lable 37-2

QoS default configuration 68-13

restrictions 37-1

VPN 68-11

VPN guidelines and restrictions 38-2

MPLS QoS

Classification 68-2

Class of Service 68-2

commands 68-15

configuring a class map 68-17

configuring a policy map 68-20

configuring egress EXP mutation 68-24

configuring EXP Value Maps 68-25

Differentiated Services Code Point 68-2

displaying a policy map 68-24

E-LSP 68-2

EXP bits 68-2

features 68-2

IP Precedence 68-2

QoS Tags 68-2

queueing-only mode 68-17

MPLS QoS configuration

class map to classify MPLS packets 68-17

MPLS supported commands 37-2

MPLS VPN

limitations and restrictions 38-2

MQC 62-1

MST

interoperation with Rapid PVST+ 32-20

root bridge 32-20

MSTP

boundary ports

configuration guidelines 31-2

described 31-22

CIST, described 31-19

CIST regional root 31-20

CIST root 31-21

configuration guidelines 31-2

configuring

forward-delay time 31-45

hello time 31-44

link type for rapid convergence 31-46

maximum aging time 31-45

maximum hop count 31-46

MST region 31-38

neighbor type 31-46

path cost 31-42

port priority 31-41

root switch 31-39

secondary root switch 31-40

switch priority 31-43

CST

defined 31-19

operations between regions 31-20

default configuration 31-26

displaying status 31-47

enabling the mode 31-38

extended system ID

effects on root switch 31-39

effects on secondary root switch 31-40

unexpected behavior 31-39

IEEE 802.1s

implementation 31-23

port role naming change 31-23

terminology 31-21

interoperability with IEEE 802.1D

described 31-24

restarting migration process 31-47

IST

defined 31-19

master 31-20

operations within a region 31-20

mapping VLANs to MST instance 31-38

MST region

CIST 31-19

configuring 31-38

described 31-19

hop-count mechanism 31-22

IST 31-19

supported spanning-tree instances 31-19

overview 31-18

root switch

configuring 31-39

effects of extended system ID 31-39

unexpected behavior 31-39

status, displaying 31-47

MTU size (default) 26-3

multiauthentication (multiauth). See also port-based authentication. 84-15

multicast

IGMP snooping and 45-8

MLDv2 snooping and 52-9

non-RPF 44-7

overview 45-2, 48-2, 49-2

PIM snooping 46-4

multicast flood blocking 83-1

multicast groups

joining 45-3, 48-4

leaving 45-5, 52-7

multicast groups, IPv6

joining 52-5

Multicast Listener Discovery version 2 52-1

Multicast Replication Mode Detection enhancement 44-18

multicast storms

see traffic-storm control

multicast television application 47-3

multicast VLAN 47-2

Multicast VLAN Registration 47-1

multichassis EtherChannel

see MEC 4-15

Multidomain Authentication (MDA). See also port-based authentication. 84-14

Multilayer MAC ACL QoS Filtering 70-9

multiple path RPF check 77-7

Multiple Spanning Tree

See MST

MUX-UNI Support 37-7

MUX-UNI support 37-7

MVAP (Multi-VLAN Access Port). See also port-based authentication. 84-22

MVR

and IGMPv3 47-2

configuring interfaces 47-6

default configuration 47-5

example application 47-3

in the switch stack 47-5

monitoring 47-8

multicast television application 47-3

restrictions 47-1

setting global parameters 47-6

N

NAC

agentless audit support 84-27

critical authentication 84-21, 84-47

IEEE 802.1x authentication using a RADIUS server 84-50

IEEE 802.1x validation using RADIUS server 84-50

inaccessible authentication bypass 84-47

Layer 2 IEEE 802.1x validation 84-50

Layer 2 IEEE802.1x validation 84-27

native VLAN 21-11

NDAC 71-2

NEAT

configuring 84-54

overview 84-30

NetFlow

table, displaying entries 33-5

Network Device Admission Control (NDAC) 71-2

Network Edge Access Topology

See NEAT

network ports

Bridge Assurance 32-5

description 32-2

nonaggregate label 37-2, 37-5

non-RPF multicast 44-7

normal-range VLANs

See VLANs

notifications, See SNMP notifications

NSF with SSO does not support IPv6 multicast traffic. 7-1, 8-1

O

OIR 10-11

online diagnostics

CompactFlash disk verification A-45

configuring 16-2

datapath verification A-15

diagnostic sanity check 16-24

egress datapath test A-5

error counter test A-5

interrupt counter test A-5

memory tests 16-24

overview 16-2

running tests 16-6

test descriptions A-1

understanding 16-2

online diagnostic tests A-1

online insertion and removal

See OIR

out-f-band MAC address table synchronization

configuring 21-6

in a VSS 4-2

out of profile

see QoS out of profile

P

packet capture 61-2

packet rewrite

CEF 33-2

IP MMLS and 44-5

packets

multicast 74-6

PAgP

understanding 23-5

path cost

MSTP 31-42

PBACLs 70-5

PBF 75-4

PBR 1-8

PBR (policy-based routing)

configuration (example) 34-7

enabling 34-4

peer inconsistent state

in PVST simulation 32-20

per-port VTP enable and disable 25-16

PFC

recirculation 37-5

PIM, IP MMLS and 44-16

PIM snooping

designated router flooding 46-6

enabling globally 46-5

enabling in a VLAN 46-5

overview 46-4

platform aging command

configuring IP MLS 53-3, 53-4

platform ip multicast command

enabling IP MMLS 44-17 to 44-27

PoE 20-2

Cisco prestandard 20-3

IEEE 802.3af 20-2

IEEE 802.3at 20-2

PoE management 20-3

power policing 20-4

power use measurement 20-4

police command 64-13, 64-14

policy-based ACLs (PBACLs) 70-5

policy-based forwarding (PBF) 76-2

policy-based routing

See PBR

policy-based routing (PBR)

configuring 34-1

policy map 64-9, 65-11

attaching to an interface 64-17, 65-17, 77-6

policy-map command 64-9

port ACLs

defined 74-2

port ACLs (PACLs) 74-1

Port Aggregation Protocol

see PAgP

port-based authentication

AAA authorization 84-33

accounting 84-16

configuring 84-43

authentication server

defined 84-7, 85-3

RADIUS server 84-7

client, defined 84-7, 85-3

configuration guidelines 84-2, 85-1

configuring

guest VLAN 84-45

inaccessible authentication bypass 84-47

initializing authentication of a client 84-39

manual reauthentication of a client 84-39

RADIUS server 84-35, 85-10

RADIUS server parameters on the switch 84-34, 85-9

restricted VLAN 84-46

switch-to-authentication-server retransmission time 84-42

switch-to-client EAP-request frame retransmission time 84-41

switch-to-client frame-retransmission number 84-42, 84-43

switch-to-client retransmission time 84-41

user distribution 84-44

VLAN group assignment 84-44

default configuration 84-31, 85-7

described 84-6

device roles 84-7, 85-3

DHCP snooping 84-15

DHCP snooping and insertion 79-6

displaying statistics 84-57, 85-15

EAPOL-start frame 84-10

EAP-request/identity frame 84-10

EAP-response/identity frame 84-10

enabling

802.1X authentication 84-33, 84-34, 85-9

periodic reauthentication 84-38

encapsulation 84-7

guest VLAN

configuration guidelines 84-19, 84-20

described 84-19

host mode 84-13

inaccessible authentication bypass

configuring 84-47

described 84-21

guidelines 84-4

initiation and message exchange 84-10

MAC authentication bypass 84-26

magic packet 84-28

method lists 84-33

modes 84-13

multiauth mode, described 84-15

multidomain authentication mode, described 84-14

multiple-hosts mode, described 84-13

ports

authorization state and dot1x port-control command 84-12

authorized and unauthorized 84-12

critical 84-21

voice VLAN 84-22

port security

and voice VLAN 84-23

described 84-23

interactions 84-23

multiple-hosts mode 84-13

pre-authentication open access 84-15, 84-36

resetting to default values 84-57

supplicant, defined 84-7

switch

as proxy 84-7, 85-3

RADIUS client 84-7

switch supplicant

configuring 84-54

overview 84-30

user distribution

configuring 84-44

described 84-18

guidelines 84-4

VLAN assignment

AAA authorization 84-33

characteristics 84-17

configuration tasks 84-18

described 84-17

VLAN group

guidelines 84-4

voice VLAN

described 84-22

PVID 84-22

VVID 84-22

wake-on-LAN, described 84-28

port-based QoS features

see QoS

port-channel

see EtherChannel

port-channel load-balance

command 23-11

command example 23-11, 23-12

port-channel load-defer command 4-46

port-channel port load-defer command 4-46

port cost, STP 31-32

port debounce timer

disabling 10-10

displaying 10-10

enabling 10-10

PortFast

edge ports 32-2

network ports 32-2

See STP PortFast

PortFast Edge BPDU filtering

See STP PortFast Edge BPDU filtering

PortFast port types

description 32-2, 32-2 to ??

edge 32-2

network 32-2

port mode 39-3

port negotiation 10-5

port priority

MSTP 31-41

port priority, STP 31-31

ports

setting the debounce timer 10-10

port security

aging 86-9, 86-10

configuring 86-4

described 86-3

displaying 86-10

enable sticky secure MAC address 86-8

sticky MAC address 86-3

violations 86-3

Port Security is supported on trunks 86-2, 86-5, 86-7, 86-9

port security MAC move 86-3

port security on PVLAN ports 86-2

Port Security with Sticky Secure MAC Addresses 86-3

power management

enabling/disabling redundancy 14-2

overview 14-1

powering modules up or down 14-3

power policing 20-8

power negotiation

through LLDP 20-8

Power over Ethernet 20-2

power over ethernet 20-2

pre-authentication open access. See port-based authentication.

preemption, default configuration 22-4

preemption delay, default configuration 22-4

prerequisites for lawful intercept 87-1

primary links 22-2

primary VLANs 27-6

priority

overriding CoS 19-6, 20-5

private hosts 28-1

private hosts feature

configuration guidelines 28-1

configuring (detailed steps) 28-9

configuring (summary) 28-8

multicast operation 28-4

overview 28-4

port ACLs (PACLs) 28-7

port types 28-5, 28-6

protocol-independent MAC ACLs 28-4

restricting traffic flow with PACLs 28-5

spoofing protection 28-3

private VLANs 27-1

across multiple switches 27-9

and SVIs 27-10

benefits of 27-5

community VLANs 27-6, 27-7

configuration guidelines 27-2, 27-4, 27-10

configuring 27-10

host ports 27-14

pomiscuous ports 27-15

routing secondary VLAN ingress traffic 27-13

secondary VLANs with primary VLANs 27-12

VLANs as private 27-11

end station access to 27-8

IP addressing 27-8

isolated VLANs 27-6, 27-7

monitoring 27-16

ports

community 27-7

configuration guidelines 27-4

isolated 27-7

promiscuous 27-7

primary VLANs 27-6

secondary VLANs 27-6

subdomains 27-5

traffic in 27-10

privileged EXEC mode 2-5

promiscuous ports 27-7

protocol tunneling

See Layer 2 protocol tunneling 30-2

PVRST

See Rapid-PVST 31-3

PVST

description 31-3

PVST simulation

description 32-20

peer inconsistent state 32-20

root bridge 32-20

Q

QoS

auto-QoS

enabling for VoIP 67-4

IPv6 63-4

See also automatic QoS 67-1

QoS CoS

port value, configuring 66-2

QoS default configuration 69-2

QoS DSCP

maps, configuring 66-7

QoS mapping

CoS values to DSCP values 66-4, 66-7

DSCP markdown values 66-8, 68-14

DSCP mutation 66-3, 68-25

DSCP values to CoS values 66-9

IP precedence values to DSCP values 66-7

QoS markdown 64-4

QoS out of profile 64-4

QoS policing rule

aggregate 64-4

microflow 64-4

QoS port

trust state 66-10

QoS port-based or VLAN-based 66-12

QoS receive queue 66-18

QoS statistics data export 69-2

configuring 69-2

configuring destination host 69-7

configuring time interval 69-6, 69-8

QoS transmit queues 65-6, 66-15, 66-16

QoS VLAN-based or port-based 66-12

queries, IGMP 45-4

queries, MLDv2 52-6

R

RADIUS 79-6

RADIUS. See also port-based authentication. 84-7

range

command 56-3

macro 10-2

rapid convergence 31-14

Rapid-PVST

enabling 31-36

Rapid PVST+

interoperation with MST 32-20

Rapid-PVST+

overview 31-3

Rapid Spanning Tree

See RSTP

Rapid Spanning Tree Protocol

See RSTP

receive queues

see QoS receive queues

recirculation 37-5

redirect URLs

described 84-25

reduced MAC address 31-3

redundancy (RPR+) 9-1

configuring 9-4

configuring supervisor engine 9-2

displaying supervisor engine configuration 9-5

redundancy command 9-4

related documentation 1-xlv

Remote Authentication Dial-In User Service. See RADIUS.

report, MLD 52-5

reserved-range VLANs

See VLANs

restricted VLAN

configuring 84-46

described 84-20

using with IEEE 802.1x 84-20

restricting MIB access 87-10, 87-11

rewrite, packet

CEF 33-2

IP MMLS 44-5

RHI 4-52

RIF cache monitoring 10-12

ROM monitor

CLI 2-7

root bridge

MST 32-20

PVST simulation 32-20

root bridge, STP 31-29

root guard

See STP root guard

root switch

MSTP 31-39

route health injection

See RHI

route-map (IP) command 34-4

route maps

defining 34-4

router guard 49-1

RPF

failure 44-7

non-RPF multicast 44-7

RPR and RPR+ support IPv6 multicast traffic 9-1

RSTP

active topology 31-13

BPDU

format 31-16

processing 31-17

designated port, defined 31-13

designated switch, defined 31-13

interoperability with IEEE 802.1D

described 31-24

restarting migration process 31-47

topology changes 31-17

overview 31-13

port roles

described 31-13

synchronized 31-15

proposal-agreement handshake process 31-14

rapid convergence

described 31-14

edge ports and Port Fast 31-14

point-to-point links 31-14, 31-46

root ports 31-14

root port, defined 31-13

See also MSTP

S

secondary VLANs 27-6

Secure MAC Address Aging Type 86-9

security

configuring 72-1

security, port 86-3

security considerations 87-9

Security Exchange Protocol (SXP) 71-2

Security Group Access Control List (SGACL) 71-2

Security Group Tag (SGT) 71-2

serial IDs

description 54-14

serial interfaces

clearing 10-13

synchronous

maintaining 10-13

server IDs

description 54-14

service instance

configuration mode 42-5

creating 42-4

defined 42-4

service-policy input command 64-17, 65-17, 66-4, 66-6, 68-25, 77-6

service-provider network, MSTP and RSTP 31-18

set default interface command 34-4

set interface command 34-4

set ip default next-hop command 34-4

set ip df command

PBR 34-4

set ip next-hop command 34-4

set ip precedence command

PBR 34-4

set ip vrf command

PBR 34-4

set power redundancy enable/disable command 14-2

set requests 87-7, 87-8, 87-11

setting up lawful intercept 87-7

SGACL 71-2

SGT 71-2

short pipe mode

configuring 68-30

show authentication command 84-58

show catalyst6000 chassis-mac-address command 31-4

show dot1x interface command 84-39

show eobc command 10-12

show history command 2-4

show ibc command 10-12

show interfaces command 10-8, 10-9, 10-12, 21-6, 21-13

clearing interface counters 10-12

displaying, speed and duplex mode 10-6

show ip local policy command 34-5

show mab command 84-61

show module command 9-5

show platform aging command 53-4

show platform entry command 33-5

show platform ip multicast group command

displaying IP MMLS group 44-27

show platform ip multicast interface command

displaying IP MMLS interface 44-27

show platform ip multicast source command

displaying IP MMLS source 44-27

show platform ip multicast statistics command

displaying IP MMLS statistics 44-27

show platform ip multicast summary

displaying IP MMLS configuration 44-27

show protocols command 10-12

show rif command 10-12

show running-config command 10-12

displaying ACLs 74-7, 74-8

show svclc rhi-routes command 4-52

show version command 10-12

shutdown command 10-13

shutdown interfaces

result 10-13

slot number, description 10-2

smart call home 54-1

description 54-4

destination profile (note) 54-23

registration requirements 54-5

service contract requirements 54-2

Transport Gateway (TG) aggregation point 54-4

SMARTnet

smart call home registration 54-5

smart port macros 3-1

configuration guidelines 3-2

Smartports macros

applying global parameter values 3-14

applying macros 3-14

creating 3-13

default configuration 3-4

defined 3-4

displaying 3-15

tracing 3-2

SNMP

configuring 87-10

default view 87-9

get and set requests 87-7, 87-8, 87-11

notifications 87-9, 87-12

support and documentation 1-7

SNMP-COMMUNITY-MIB 87-9

SNMP-USM-MIB 87-4, 87-9

SNMP-VACM-MIB 87-4, 87-9

snooping

See IGMP snooping

software

upgrading router 5-5

source IDs

call home event format 54-13

source specific multicast with IGMPv3, IGMP v3lite, and URD 44-26

SPAN

configuration guidelines 57-2

configuring 57-12

sources 57-16, 57-19, 57-21, 57-22, 57-24, 57-25, 57-26, 57-28

VLAN filtering 57-30

destination port support on EtherChannels 57-12, 57-19, 57-22, 57-24, 57-25, 57-29

distributed egress 57-10, 57-15

modules that disable for ERSPAN 57-7

input packets with don’t learn option

ERSPAN 57-28, 57-29

local SPAN 57-17, 57-18, 57-19

RSPAN 57-22, 57-23, 57-25

understanding 57-12

local SPAN egress session increase 57-3, 57-16

overview 57-7

SPAN Destination Port Permit Lists 57-15

spanning-tree backbonefast

command 32-15, 32-16

command example 32-15, 32-16

spanning-tree cost

command 31-33

command example 31-33

spanning-tree portfast

command 32-2, 32-3, 32-4

command example 32-3, 32-4

spanning-tree portfast bpdu-guard

command 32-8

spanning-tree port-priority

command 31-31

spanning-tree protocol for bridging 35-1

spanning-tree uplinkfast

command 32-13

command example 32-13

spanning-tree vlan

command 31-27, 31-29, 31-30, 31-31, 32-8, 32-17

command example 31-28, 31-29, 31-30, 31-31

spanning-tree vlan cost

command 31-33

spanning-tree vlan forward-time

command 31-35

command example 31-35

spanning-tree vlan hello-time

command 31-35

command example 31-35

spanning-tree vlan max-age

command 31-36

command example 31-36

spanning-tree vlan port-priority

command 31-31

command example 31-32

spanning-tree vlan priority

command 31-34

command example 31-34

speed

configuring interface 10-4

speed command 10-4

speed mode

autonegotiation status 10-6

standards, lawful intercept 87-4

standby links 22-2

static sharing

description 84-25

statistics

802.1X 84-57, 85-15

sticky ARP 77-9

sticky MAC address 86-3

Sticky secure MAC addresses 86-8, 86-9

storm control

see traffic-storm control

STP

configuring 31-26

bridge priority 31-34

enabling 31-27, 31-28

forward-delay time 31-35

hello time 31-35

maximum aging time 31-36

port cost 31-32

port priority 31-31

root bridge 31-29

secondary root switch 31-30

defaults 31-25

EtherChannel 23-7

normal ports 32-3

understanding 31-2

802.1Q Trunks 31-12

Blocking State 31-8

BPDUs 31-4

disabled state 31-12

forwarding state 31-11

learning state 31-10

listening state 31-9

overview 31-3

port states 31-6

protocol timers 31-5

root bridge election 31-5

topology 31-5

STP BackboneFast

configuring 32-15

figure

adding a switch 32-18

spanning-tree backbonefast

command 32-15, 32-16

command example 32-15, 32-16

understanding 32-13

STP BPDU Guard

configuring 32-7

spanning-tree portfast bpdu-guard

command 32-8

understanding 32-7

STP bridge ID 31-3

STP EtherChannel guard 32-16

STP extensions

description ?? to 32-20

STP loop guard

configuring 32-19

overview 32-17

STP PortFast

BPDU filter

configuring 32-10

BPDU filtering 32-9

configuring 32-2

spanning-tree portfast

command 32-2, 32-3, 32-4

command example 32-3, 32-4

understanding 32-2

STP port types

normal 32-3

STP root guard 32-17

STP UplinkFast

configuring 32-12

spanning-tree uplinkfast

command 32-13

command example 32-13

understanding 32-11

subdomains, private VLAN 27-5

supervisor engine

environmental monitoring 15-1

redundancy 9-1

synchronizing configurations 9-5

supervisor engine redundancy

configuring 9-2

supervisor engines

displaying redundancy configuration 9-5

supplicant 84-7

surveillance 87-7

svclc command 4-52

Switched Port Analyzer 57-1

switch fabric functionality 18-1

configuring 18-3

monitoring 18-4

switchport

configuring 21-14

example 21-13

show interfaces 10-8, 10-9, 21-6, 21-13

switchport access vlan 21-6, 21-7, 21-10, 21-14

example 21-15

switchport mode access 21-4, 21-6, 21-7, 21-14

example 21-15

switchport mode dynamic 21-9

switchport mode dynamic auto 21-4

switchport mode dynamic desirable 21-4

default 21-5

example 21-13

switchport mode trunk 21-4, 21-9

switchport nonegotiate 21-4

switchport trunk allowed vlan 21-11

switchport trunk encapsulation 21-7, 21-9

switchport trunk encapsulation dot1q

example 21-13

switchport trunk encapsulation negotiate

default 21-5

switchport trunk native vlan 21-11

switchport trunk pruning vlan 21-12

switch priority

MSTP 31-43

switch TopN reports

foreground execution 59-2

running 59-3

viewing 59-3

SXP 71-2

system event archive (SEA) 55-1

System Hardware Capacity 1-3

T

TDR

checking cable connectivity 10-14

enabling and disabling test 10-14

guidelines 10-14

Telnet

accessing CLI 2-2

Time Domain Reflectometer 10-14

TLV

host presence detection 19-4, 84-14, 86-4

traceroute, Layer 2

and ARP 60-2

and CDP 60-1

described 60-2

IP addresses and subnets 60-2

MAC addresses and VLANs 60-2

multicast traffic 60-2

multiple devices on a port 60-2

unicast traffic 60-2

usage guidelines 60-1

traffic-storm control

command

broadcast 82-4

described 82-2

monitoring 82-5

thresholds 82-2

traffic suppression

see traffic-storm control

transmit queues

see QoS transmit queues

traps, see SNMP notifications

trunks 21-4

802.1Q Restrictions 21-2

allowed VLANs 21-11

configuring 21-8

default interface configuration 21-6

default VLAN 21-10

different VTP domains 21-4

native VLAN 21-11

to non-DTP device 21-4

VLAN 1 minimization 21-12

trusted boundary 19-6

trusted boundary (extended trust for CDP devices) 19-4

trustpoint 54-2

tunneling 68-4, 68-26

tunneling, 802.1Q

See 802.1Q 29-4

type length value

See TLV

U

UDE

configuration 36-5

overview 36-4

UDE and UDLR 36-1

UDLD

default configuration 12-4

enabling

globally 12-5

on ports 12-5, 12-6

overview 12-2

UDLR 36-1

back channel 36-3

configuration 36-6

tunnel

(example) 36-7

ARP and NHRP 36-4

UDLR (unidirectional link routing) 36-1

UDP port for SNMP notifications 87-12

UMFB 83-2

unauthorized ports with 802.1X 84-12

unicast storms

see traffic-storm control

Unidirectional Ethernet 36-1

unidirectional ethernet

example of setting 36-5

UniDirectional Link Detection Protocol

see UDLD

uniform mode

configuring 68-34

unknown multicast flood blocking

See UMFB

unknown unicast and multicast flood blocking 83-1

unknown unicast flood blocking

See UUFB

unknown unicast flood rate-limiting

See UUFRL

UplinkFast

See STP UplinkFast

URD 44-26

User-Based Rate Limiting 64-6, 64-15

user EXEC mode 2-5

UUFB 83-2

UUFRL 83-2

V

VACLs 75-2

configuring

examples 75-5

Layer 3 VLAN interfaces 75-5

Layer 4 port operations 70-2

logging

configuration example 75-8

configuring 75-7

restrictions 75-7

MAC address based 75-2

multicast packets 74-6

SVIs 75-5

WAN interfaces 75-2

virtual private LAN services (VPLS) 40-1

associating attachment circuit with the VSI at the PE 40-13

basic configuration 40-2

configuration example 40-18

configuring MPLS in the PE 40-11

configuring PE layer 2 interface to the CE 40-7

configuring the VFI in the PE 40-12

overview 40-2

restrictions 40-2

services 40-5

vlan

command 26-5, 26-6, 57-20

command example 26-6

VLAN Access Control Lists

See VACLs

VLAN-based QoS filtering 70-10

VLAN-bridge spanning-tree protocol 35-1

vlan database

command 26-5, 26-6, 57-20

vlan group command 84-44

VLAN locking 26-4

vlan mapping dot1q

command 26-8, 26-9

VLAN maps

applying 74-8

VLAN mode 39-3

VLAN port provisioning verification 26-4

VLANs

allowed on trunk 21-11

configuration guidelines 26-2

configuring 26-1

configuring (tasks) 26-4

defaults 26-3

extended range 26-3

interface assignment 26-6

multicast 47-2

name (default) 26-3

normal range 26-3

reserved range 26-3

support for 4,096 VLANs 26-2

token ring 26-3

trunks

understanding 21-4

understanding 26-2

VLAN 1 minimization 21-12

VTP domain 26-4

VLAN translation

command example 26-8, 26-9

voice VLAN

Cisco 7960 phone, port connections 19-2

configuration guidelines 19-1

configuring IP phone for data traffic

override CoS of incoming frame 19-6, 20-5

configuring ports for voice traffic in

802.1Q frames 19-5

connecting to an IP phone 19-5

default configuration 19-4

overview 19-2

voice VLAN. See also port-based authentication. 84-22

VPN

configuration example 38-4

guidelines and restrictions 38-2

VPN supported commands 38-2

VPN switching 38-1

VSS

dual-active detection

Enhanced PAgP, advantages 4-24

Enhanced PAgP, description 4-24

enhanced PAgP, description 4-46

fast-hello, advantages 4-24

fast-hello, description 4-25

VSLP fast-hello, configuration 4-48

VSS Quad-Sup SSO (V4SO) 4-9

VTP

advertisements 25-4, 25-5

client, configuring 25-15

configuration guidelines 25-1

default configuration 25-9

disabling 25-15

domains 25-3

VLANs 26-4

modes

client 25-4

server 25-4

transparent 25-4

monitoring 25-17

overview 25-2

per-port enable and disable 25-16

pruning

configuration 21-12

configuring 25-12

overview 25-7

server, configuring 25-15

statistics 25-17

transparent mode, configuring 25-15

version 2

enabling 25-13

overview 25-5

version 3

enabling 25-13

overview 25-6

server type, configuring 25-11

W

wake-on-LAN. See also port-based authentication. 84-28

web-based authentication

AAA fail policy 85-5

description 85-2

web browser interface 1-7

wiretaps 87-4