Release 15.1SY Supervisor Engine 720 Software Configuration Guide
Index
Downloads: This chapterpdf (PDF - 1.08MB) The complete bookPDF (PDF - 19.34MB) | Feedback

Index

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W -

Index

Numerics

4K VLANs (support for 4,096 VLANs) 25-2

802.1AE Tagging 63-2

802.1Q

Layer 2 protocol tunneling

See Layer 2 protocol tunneling

mapping to ISL VLANs 25-7

trunks 20-4

restrictions 20-2

tunneling

configuration guidelines 28-1

configuring tunnel ports 28-6

overview 28-4

802.1Q Ethertype

specifying custom 20-15

802.1X 76-1

802.1x accounting 76-43

802.3ad

See LACP

802.3af 19-2

802.3at 19-2

802.3x Flow Control 10-9

A

AAA 70-3

fail policy 76-8, 77-5

AAA (authentication, authorization, and accounting). See also port-based authentication. 76-6, 77-2

aaa accounting dot1x command 76-44

aaa accounting system command 76-44

abbreviating commands 2-5

access, restricting MIB 79-10

access control entries and lists 62-1

access-enable host timeout (not supported) 62-4

access port, configuring 20-14

access rights 79-9

access setup, example 79-11

accounting

with 802.1x 76-43

with IEEE 802.1x 76-16

ACEs and ACLs 62-1

ACLs

downloadable 77-2

downloadable (dACLs) 76-24

Filter-ID 76-25

per-user 76-24

port

defined 66-2

redirect URL 76-25

static sharing 76-25

acronyms, list of A-1

activating lawful intercept 79-8

admin function (mediation device) 79-7, 79-8

administration, definition 79-6

advertisements, VTP 24-4

aggregate label 36-2, 36-5

aggregate policing

see QoS policing

aging time

accelerated

for MSTP 30-45

maximum

for MSTP 30-45, 30-46

aging-time

IP MLS 48-12

alarms

major 14-4

minor 14-4

Allow DHCP Option 82 on Untrusted Port

configuring 71-10

understanding 71-5

any transport over MPLS (AToM) 38-3

Ethernet over MPLS 38-3

ARP ACL 58-69, 62-12

ARP spoofing 73-3

AToM 38-3

audience 1-xliii

Authentication, Authorization, and Accounting (AAA) 70-3

authentication control-direction command 76-53

authentication event command 76-45

authentication failed VLAN

See restricted VLAN

authentication open comand 76-15

authentication password, VTP 24-5

authentication periodic command 76-38, 76-50

authentication port-control command 76-45

authentication timer reauthenticate command 76-38

authorized ports with 802.1X 76-12

auto enablement 76-30

automatic QoS

configuration guidelines and restrictions 59-2

macros 59-4

overview 59-2

AutoQoS 59-1

auto-sync command 9-4

B

BackboneFast

See STP BackboneFast

backup interfaces

See Flex Links

binding database, DHCP snooping

See DHCP snooping binding database

binding table, DHCP snooping

See DHCP snooping binding database

blocking state, STP 30-8

BPDU

RSTP format 30-16

BPDU guard

See STP BPDU guard

BPDUs

Bridge Assurance 31-5

Shared Spanning Tree Protocol (SSTP) 31-20

Bridge Assurance

description31-4to 31-6

inconsistent state 31-5

supported protocols and link types 31-5

bridge groups 34-1

bridge ID

See STP bridge ID

bridge priority, STP 30-34

bridge protocol data units

see BPDUs

bridging 34-1

broadcast storms

see traffic-storm control

C

CALEA, See Communications Assistance for Law Enforcement Act (CALEA)

Call Home

description 50-3

message format options 50-4

messages

format options 50-4

call home 50-1

alert groups 50-31

contact information 50-21

destination profiles 50-22

displaying information 50-45

pattern matching 50-36

periodic notification 50-33

rate limit messages 50-38

severity threshold 50-33

smart call home feature 50-5

SMTP server 50-2

testing communications 50-38

call home alert groups

configuring 50-31

description 50-31

subscribing 50-31

call home customer information

entering information 50-21

call home destination profiles

attributes 50-23

description 50-23

displaying 50-48

call home notifications

full-txt format for syslog 50-17

XML format for syslog 50-17

CDP

host presence detection 76-14, 78-4

to configure Cisco phones 18-3

CEF

configuring

RP 32-5

supervisor engine 32-4

examples 32-3

Layer 3 switching 32-2

packet rewrite 32-2

certificate authority (CA) 50-2

CGMP

disabling automatic detection 40-13

channel-group group

command 22-9, 22-13, 22-14, 22-15, 22-16

command example 22-9, 22-14

Cisco Discovery Protocol

See CDP

Cisco Emergency Responder 18-4

Cisco EnergyWise 12-1

Cisco Express Forwarding 36-3

CISCO-IP-TAP-MIB

citapStreamVRF 79-2

overview 79-8

restricting access to 79-10, 79-11

CISCO-TAP2-MIB

accessing 79-9

overview 79-8

restricting access to 79-10, 79-11

CISP 76-30

CIST regional root

See MSTP

CIST root

See MSTP

class command 58-73

class-map command 58-65

class map configuration 58-70

clear authentication sessions command 76-40

clear counters command 10-12

clear dot1x command 76-40

clear interface command 10-13

clear mls ip multicast statistics command

clears IP MMLS statistics 39-27

CLI

accessing 2-1

backing out one level 2-5

console configuration mode 2-5

getting list of commands 2-6

global configuration mode 2-5

history substitution 2-4

interface configuration mode 2-5

privileged EXEC mode 2-5

ROM monitor 2-7

software basics 2-4

Client Information Signalling Protocol

See CISP

collection function 79-6

command line processing 2-3

commands, getting list of 2-6

Communications Assistance for Law Enforcement Act

CALEA for Voice 79-5

lawful intercept 79-4

community ports 26-7

community VLANs 26-6, 26-7

configuration example

EoMPLS port mode 38-4, 38-7

EoMPLS VLAN mode 38-4

configuring 58-72

lawful intercept 79-10, 79-11, 79-12

SNMP 79-10

console configuration mode 2-5

content IAP 79-6

control plane policing

See CoPP

CoPP

applying QoS service policy to control plane 70-3

configuring

ACLs to match traffic 70-3

enabling MLS QoS 70-3

packet classification criteria 70-3

service-policy map 70-3

control plane configuration mode

entering 70-3

displaying

dynamic information 70-4

number of conforming bytes and packets 70-4

rate information 70-4

entering control plane configuration mode 70-3

monitoring statistics 70-4

overview 70-3

packet classification guidelines 70-4

traffic classification

defining 70-6

guidelines 70-7

overview 70-6

sample ACLs 70-7

sample classes 70-6

CoS

override priority 18-6, 19-5

counters

clearing interface 10-12, 10-13

critical authentication 76-8

critical authentication, IEEE 802.1x 76-47

CSCsr62404 10-9

CSCtc21076 62-14

CSCtd34068 58-2

CSCte40004 58-2

CSCtx75254 5-2

cTap2MediationDebug notification 79-12

cTap2MediationNewIndex object 79-8

cTap2MediationTable 79-8

cTap2MediationTimedOut notification 79-12

cTap2MIBActive notification 79-12

cTap2StreamDebug notification 79-12

cTap2StreamTable 79-8

customer contact information

entering for call home 50-21

D

dACL

See ACLs, downloadable 76-24

dCEF 32-4

debug commands

IP MMLS 39-27

DEC spanning-tree protocol 34-1

default configuration

802.1X 76-31, 77-7

dynamic ARP inspection 73-6

Flex Links 21-4

IP MMLS 39-9

MSTP 30-26

MVR 42-5

UDLD 11-4

voice VLAN 18-4

VTP 24-9

default VLAN 20-10

deficit weighted round robin 58-107

denial of service protection 69-1

destination-ip flow mask 48-8

destination-source-ip flow mask 48-8

device IDs

call home format 50-13, 50-14

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP option 82

circuit ID suboption 71-7

overview 71-5

packet format, suboption

circuit ID 71-7

remote ID 71-7

remote ID suboption 71-7

DHCP option 82 allow on untrusted port 71-10

DHCP snooping

802.1X data insertion 76-15

binding database

See DHCP snooping binding database

configuration guidelines 71-8

configuring 71-9

default configuration 71-8

displaying binding tables 71-18

enabling 71-9, 71-10, 71-11, 71-12, 71-13, 71-14

enabling the database agent 71-14

message exchange process 71-6

monitoring 72-5, 72-6

option 82 data insertion 71-5

overview 71-3

Snooping database agent 71-7

DHCP snooping binding database

described 71-5

entries 71-5

DHCP snooping binding table

See DHCP snooping binding database

DHCP Snooping Database Agent

adding to the database (example) 71-18

enabling (example) 71-15

overview 71-7

reading from a TFTP file (example) 71-17

DHCP snooping increased bindings limit 71-14

differentiated services codepoint

See QoS DSCP

DiffServ

configuring short pipe mode 60-32

configuring uniform mode 60-36

short pipe mode 60-29

uniform mode 60-31

DiffServ tunneling modes 60-4

Disabling PIM Snooping Designated Router Flooding 41-6

distributed Cisco Express Forwarding

See dCEF

distributed egress SPAN 53-10, 53-15

DNS, See Domain Name System

DNS, see Domain Name System

documentation, related 1-xliii

Domain Name System 79-2

DoS protection 69-1

default configurations 69-17

egress ACL bridget packet rate limiters 69-13

FIB glean rate limiters 69-14

FIB receive rate limiters 69-14

ICMP redirect rate limiters 69-15

IGMP unreachable rate limiters 69-14

ingress ACL bridget packet rate limiters 69-13

IP errors rate limiters 69-16

IPv4 multicast rate limiters 69-16

IPv6 multicast rate limiters 69-16

Layer 2 PDU rate limiters 69-15

Layer 2 protocol tunneling rate limiters 69-16

Layer 3 security features rate limiters 69-14

monitoring packet drop statistics

using monitor session commands 69-22

using VACL capture 69-24

MTU failure rate limiters 69-15

multicast IGMP snooping rate limiters 69-15

QoS ACLs 69-2

security ACLs 69-2

TTL failure rate limiter 69-13

uRPF check 69-6

uRPF failure rate limiters 69-13

VACL log rate limiters 69-15

dot1x initialize interface command 76-39

dot1x max-reauth-req command 76-43

dot1x max-req command 76-42

dot1x pae authenticator command 76-34

dot1x re-authenticate interface command 76-39

dot1x timeout quiet-period command 76-41

DSCP

See QoS DSCP

DSCP-based queue mapping 58-98

duplex command 10-5, 10-6

duplex mode

autonegotiation status 10-6

configuring interface 10-4

DWRR 58-107

dynamic ARP inspection

ARP cache poisoning 73-3

ARP requests, described 73-3

ARP spoofing attack 73-3

configuration guidelines 73-2

configuring

log buffer 73-13, 73-15

logging system messages 73-14

rate limit for incoming ARP packets 73-5, 73-10

default configuration 73-6

denial-of-service attacks, preventing 73-10

described 73-3

DHCP snooping binding database 73-4

displaying

ARP ACLs 73-15

configuration and operating state 73-15

trust state and rate limit 73-15

error-disabled state for exceeding rate limit 73-5

function of 73-4

interface trust states 73-4

log buffer

configuring 73-13, 73-15

logging of dropped packets, described 73-6

logging system messages

configuring 73-14

man-in-the middle attack, described 73-4

network security issues and interface trust states 73-4

priority of ARP ACLs and DHCP snooping entries 73-6

rate limiting of ARP packets

configuring 73-10

described 73-5

error-disabled state 73-5

validation checks, performing 73-11

Dynamic Host Configuration Protocol snooping 71-1

E

EAC 63-2

EAPOL. See also port-based authentication. 76-6

eFSU, See Enhanced Fast Software Upgrade (eFSU)

Egress ACL support for remarked DSCP 58-19

egress ACL support for remarked DSCP 58-61

egress replication performance improvement 39-14

egress SPAN 53-10

electronic traffic, monitoring 79-7

e-mail addresses

assigning for call home 50-21

e-mail notifications

Call Home 50-3

enable mode 2-5

enable sticky secure MAC address 78-8

enabling

IP MMLS

on router interfaces 39-12

lawful intercept 79-8

SNMP notifications 79-12

Endpoint Admission Control (EAC) 63-2

EnergyWise 12-1

enhanced Fast Software Upgrade (eFSU)

aborting (issu abortversion command) 5-13

accepting the new software version 5-11

commiting the new software to standby RP (issu commitversion command) 5-12

displaying maximum outage time for module 5-10

error handling 5-5

forcing a switchover (issu runversion command) 5-10

issu loadversion command 5-8

loading new software onto standby RP 5-8

memory reservation on module 5-4

memory reservation on module, prohibiting 5-4

OIR not supported 5-2

operation 5-3

outage times 5-4

performing 5-5

steps 5-5

usage guidelines and limitations 5-2

verifying redundancy mode 5-7

environmental monitoring

LED indications 14-4

SNMP traps 14-4

supervisor engine and switching modules 14-4

Syslog messages 14-4

using CLI commands 14-1

EOBC

for MAC address table synchronization 20-3

EoMPLS 38-3

configuring 38-4

configuring VLAN mode 38-3

guidelines and restrictions 38-2

port mode 38-3

VLAN mode 38-3

ERSPAN 53-1

EtherChannel

channel-group group

command 22-9, 22-13, 22-14, 22-15, 22-16

command example 22-9, 22-14

configuration guidelines 4-28, 22-2

configuring

Layer 2 22-9

configuring (tasks) 4-28, 22-7

interface port-channel

command example 22-8

interface port-channel (command) 22-8

lacp system-priority

command example 22-11

Layer 2

configuring 22-9, 22-15

load balancing

configuring 22-11

understanding 22-7

Min-Links 22-13, 22-14

modes 22-4

PAgP

understanding 22-5

port-channel interfaces 22-7

port-channel load-balance

command 22-11

command example 22-12

STP 22-7

understanding 4-4, 22-3

EtherChannel Guard

See STP EtherChannel Guard

Ethernet

setting port duplex 10-10

Ethernet over MPLS (EoMPLS) configuration

EoMPLS port mode 38-6

EoMPLS VLAN mode 38-4

EXP mutation 60-4

extended range VLANs 25-2

See VLANs

extended system ID

MSTP 30-39

Extensible Authentication Protocol over LAN. See EAPOL.

F

fall-back bridging 34-1

fast link notification

on VSL failure 4-15

fiber-optic, detecting unidirectional links 11-1

FIB TCAM 36-3

figure

lawful intercept overview 79-5

filters, NDE

destination host filter, specifying 49-18

destination TCP/UDP port, specifying 49-17

protocol 49-18

source host and destination TCP/UDP port 49-17

Flex Links 21-1

configuration guidelines 21-2

configuring 21-4

default configuration 21-4

description 21-2

monitoring 21-6

flex links

interface preemption 21-3

flow control 10-9

flow masks

IP MLS

destination-ip 48-8

destination-source-ip 48-8

ip-full 48-8

minimum 48-11

overview 49-3

flows

IP MMLS

completely and partially switched 39-4

forward-delay time

MSTP 30-45

forward-delay time, STP 30-35

frame distribution

See EtherChannel load balancing

G

get requests 79-7, 79-8, 79-11

global configuration mode 2-5

guest VLAN and 802.1x 76-19

H

hardware Layer 3 switching

guidelines 32-2

hello time

MSTP 30-44

hello time, STP 30-35

High Capacity Power Supply Support 13-4

history

CLI 2-4

host mode

see port-based authentication

host ports

kinds of 26-7

host presence CDP message 18-4, 76-14

host presence TLV message 78-4

http

//www-tac.cisco.com/Teams/ks/c3/xmlkwery.php?srId=612293409 22-2

I

IAP

content IAP 79-6

definition 79-6

content IAP 79-6

identification IAP 79-6

types of

ICMP unreachable messages 62-2

ID IAP 79-6

IDs

serial IDs 50-14

IEEE 802.1Q Ethertype

specifying custom 20-15

IEEE 802.1Q Tagging on a Per-Port Basis 28-7

IEEE 802.1w

See RSTP

IEEE 802.1x

accounting 76-16, 76-43

authentication failed VLAN 76-20

critical ports 76-21

DHCP snooping 76-15

guest VLAN 76-19

MAC authentication bypass 76-26

network admission control Layer 2 validation 76-27

port security interoperability 76-23

RADIUS-supplied session timeout 76-38

voice VLAN 76-22

wake-on-LAN support 76-28

IEEE 802.3ad

See LACP

IEEE 802.3af 19-2

IEEE 802.3at 19-2

IEEE 802.3x Flow Control 10-9

IEEE bridging protocol 34-1

IGMP 40-1

configuration guidelines 47-9

enabling 40-9

join messages 40-3

leave processing

enabling 40-12

queries 40-4

query interval

configuring 40-11

snooping

fast leave 40-6

joining multicast group 40-3, 43-4

leaving multicast group 40-5, 43-4

understanding 40-3, 43-3

snooping querier

enabling 40-9

understanding 40-3, 43-3

IGMPv3 39-10

IGMP v3lite 39-10

ignore port trust 58-15, 58-22, 58-58, 58-74

inaccessible authentication bypass 76-21

ingress SPAN 53-10

intercept access point

See IAP

intercept-related information (IRI) 79-6, 79-7

intercepts, multiple 79-6

interface

configuration mode 2-5

Layer 2 modes 20-4

number 10-2

interface port-channel

command example 22-8

interface port-channel (command) 22-8

interfaces

configuring, duplex mode 10-3

configuring, speed 10-3

configururing, overview 10-2

counters, clearing 10-12, 10-13

displaying information about 10-12

maintaining 10-12

monitoring 10-12

range of 10-2

restarting 10-13

shutting down

task 10-13

interfaces command 10-2

interfaces range command 52-3

interfaces range macro command 10-2

internal VLANs 25-3

Internet Group Management Protocol 40-1, 43-1

IP accounting, IP MMLS and 39-2

IP CEF

topology (figure) 32-4

ip flow-export destination command 49-14

ip flow-export source command 48-14, 49-14, 49-15, 55-3, 55-4, 55-5

ip-full flow mask 48-8

ip http server 1-7

ip local policy route-map command 33-5

IP MLS

aging-time 48-12

flow masks

destination-ip 48-8

destination-source-ip 48-8

ip-full 48-8

minimum 48-11

overview 49-3

IP MMLS

cache, overview 39-3

configuration guideline 39-1

debug commands 39-27

default configuration 39-9

enabling

on router interfaces 39-12

flows

completely and partially switched 39-4

Layer 3 MLS cache 39-3

overview 39-3

packet rewrite 39-4

router

enabling globally 39-10

enabling on interfaces 39-12

multicast routing table, displaying 39-21

PIM, enabling 39-11

switch

statistics, clearing 39-27

unsupported features 39-2

IP multicast

IGMP snooping and 40-8

MLDv2 snooping and 47-9

overview 40-2, 43-2, 44-2

IP multicast MLS

See IP MMLS

ip multicast-routing command

enabling IP multicast 39-11

IP phone

configuring 18-5

ip pim command

enabling IP PIM 39-11

ip policy route-map command 33-5

IP Source Guard 72-1

configuring 72-3

configuring on private VLANs 72-5

displaying 72-5, 72-6

overview 72-2

IP unnumbered 34-1

IPv4 Multicast over Point-to-Point GRE Tunnels 1-8

IPv4 Multicast VPN 45-1

IPv6 Multicast PFC3 and DFC3 Layer 3 Switching 46-1

IPv6 QoS 58-4

ISL trunks 20-4

isolated port 26-7

isolated VLANs 26-6, 26-7

J

join messages, IGMP 40-3

jumbo frames 10-6

K

keyboard shortcuts 2-3

L

label edge router 36-2

label switched path 38-1

label switch router 36-2, 36-4

LACP

system ID 22-6

Law Enforcement Agency (LEA) 79-4

lawful intercept

admin function 79-7, 79-8

collection function 79-6

configuring 79-10, 79-11, 79-12

enabling 79-8

IRI 79-6

mediation device 79-5

overview 79-4, 79-5

prerequisites 79-1

processing 79-7

security considerations 79-9

SNMP notifications 79-12

lawful intercept processing 79-7

Layer 2

configuring interfaces 20-5

access port 20-14

trunk 20-8

defaults 20-5

interface modes 20-4

show interfaces 10-8, 10-9, 20-6, 20-13

switching

understanding 20-2

trunks

understanding 20-4

VLAN

interface assignment 25-6

Layer 2 Interfaces

configuring 20-1

Layer 2 protocol tunneling

configuring Layer 2 tunnels 29-3

overview 29-2

Layer 2 remarking 58-21

Layer 2 Traceroute 56-1

Layer 2 traceroute

and ARP 56-2

and CDP 56-1

described 56-2

IP addresses and subnets 56-2

MAC addresses and VLANs 56-2

multicast traffic 56-2

multiple devices on a port 56-2

unicast traffic 56-2

usage guidelines 56-1

Layer 3

IP MMLS and MLS cache 39-3

Layer 3 switched packet rewrite

CEF 32-2

Layer 3 switching

CEF 32-2

Layer 4 port operations (ACLs) 62-2

leave processing, IGMP

enabling 40-12

leave processing, MLDv2

enabling 47-12

LERs 60-2, 60-6, 60-7

Link Failure

detecting unidirectional 30-25

link negotiation 10-5

link redundancy

See Flex Links

LLDP-MED

configuring

TLVs 19-8

load deferral

MEC traffic recovery 4-6

Local Egress Replication 39-14

logical operation unit

See LOU

loop guard

See STP loop guard

LOU

description 62-3

determining maximum number of 62-3

LSRs 60-2, 60-6

M

mab command 76-45, 76-50

MAC address-based blocking 65-1

MAC address table notification 20-7

MAC authentication bypass. See also port-based authentication. 76-26

MAC move (port security) 78-3

macros 3-1

See Smartports macros

MACSec 63-2

magic packet 76-28

main-cpu command 9-4

mapping 802.1Q VLANs to ISL VLANs 25-7

markdown

see QoS markdown

match ip address command 33-4

match length command 33-4

maximum aging time

MSTP 30-45

maximum aging time, STP 30-36

maximum hop count, MSTP 30-46

MEC

configuration 4-45

described 4-15

failure 4-16

port load share deferral 4-17

mediation device

admin function 79-7, 79-8

definition 79-5

description 79-5

MIBs

CISCO-IP-TAP-MIB 79-2, 79-8, 79-10

CISCO-TAP2-MIB 79-8, 79-9, 79-10

SNMP-COMMUNITY-MIB 79-9

SNMP-USM-MIB 79-4, 79-9

SNMP-VACM-MIB 79-4, 79-9

microflow policing rule

see QoS policing

Mini Protocol Analyzer 57-1

Min-Links 22-13

MLD

report 47-5

MLD snooping

query interval

configuring 47-10

MLDv1 47-2

MLDv2 47-1

enabling 47-11

leave processing

enabling 47-12

queries 47-6

snooping

fast leave 47-8

joining multicast group 47-5

leaving multicast group 47-7

understanding 47-3

snooping querier

enabling 47-10

understanding 47-3

MLDv2 Snooping 47-1

MLS

configuring threshold 39-15

RP

threshold 39-15

mls aging command

configuring IP MLS 48-12

mls flow command

configuring IP MLS 48-11, 48-15, 49-13

mls ip multicast command

enabling IP MMLS39-12to 39-24

mls nde flow command

configuring a host and port filter 49-17

configuring a host flow filter 49-18

configuring a port filter 49-17

configuring a protocol flow filter 49-18

mls nde sender command 49-12

monitoring

Flex Links 21-6

MVR 42-8

private VLANs 26-16

monitoring electronic traffic 79-7

MPLS 36-1, 36-2

aggregate label 36-2

any transport over MPLS 38-3

basic configuration 36-9

core 36-4

DiffServ Tunneling Modes 60-29

egress 36-4

experimental field 60-3

hardware features 36-5

ingress 36-4

IP to MPLS path 36-4

labels 36-2

MPLS to IP path 36-4

MPLS to MPLS path 36-4

nonaggregate lable 36-2

QoS default configuration 60-13

restrictions 36-1

VPN 60-11

VPN guidelines and restrictions 37-2

MPLS QoS

Classification 60-2

Class of Service 60-2

commands 60-15

configuring a class map 60-18

configuring a policy map 60-21

configuring egress EXP mutation 60-27

configuring EXP Value Maps 60-28

Differentiated Services Code Point 60-2

displaying a policy map 60-26

E-LSP 60-2

enabling QoS globally 60-17

EXP bits 60-2

features 60-2

IP Precedence 60-2

QoS Tags 60-2

queueing-only mode 60-17

MPLS QoS configuration

class map to classify MPLS packets 60-18

MPLS supported commands 36-2

MPLS VPN

limitations and restrictions 37-2

MQC

supported

policy maps 58-9

MST

interoperation with Rapid PVST+ 31-20

root bridge 31-20

MSTP

boundary ports

configuration guidelines 30-2

described 30-22

CIST, described 30-19

CIST regional root 30-20

CIST root 30-21

configuration guidelines 30-2

configuring

forward-delay time 30-45

hello time 30-44

link type for rapid convergence 30-46

maximum aging time 30-45

maximum hop count 30-46

MST region 30-38

neighbor type 30-46

path cost 30-42

port priority 30-41

root switch 30-39

secondary root switch 30-40

switch priority 30-43

CST

defined 30-19

operations between regions 30-20

default configuration 30-26

displaying status 30-47

enabling the mode 30-38

extended system ID

effects on root switch 30-39

effects on secondary root switch 30-40

unexpected behavior 30-39

IEEE 802.1s

implementation 30-23

port role naming change 30-23

terminology 30-21

interoperability with IEEE 802.1D

described 30-24

restarting migration process 30-47

IST

defined 30-19

master 30-20

operations within a region 30-20

mapping VLANs to MST instance 30-38

MST region

CIST 30-19

configuring 30-38

described 30-19

hop-count mechanism 30-22

IST 30-19

supported spanning-tree instances 30-19

overview 30-18

root switch

configuring 30-39

effects of extended system ID 30-39

unexpected behavior 30-39

status, displaying 30-47

MTU size (default) 25-3

multiauthentication (multiauth). See also port-based authentication. 76-15

multicast

IGMP snooping and 40-8

MLDv2 snooping and 47-9

NetFlow statistics 49-1

non-RPF 39-6

overview 40-2, 43-2, 44-2

PIM snooping 41-4

multicast, displaying routing table 39-21

Multicast enhancement - egress replication performance improvement 39-14

Multicast Enhancement - Replication Mode Detection 39-12

multicast flood blocking 75-1

multicast groups

joining 40-3, 43-4

leaving 40-5, 47-7

multicast groups, IPv6

joining 47-5

Multicast Listener Discovery version 2 47-1

Multicast Replication Mode Detection enhancement 39-12

multicast RPF 39-3

multicast storms

see traffic-storm control

multicast television application 42-3

multicast VLAN 42-2

Multicast VLAN Registration 42-1

multichassis EtherChannel

see MEC 4-15

Multidomain Authentication (MDA). See also port-based authentication. 76-14

Multilayer MAC ACL QoS Filtering 58-66, 62-9

multilayer switch feature card

see RP

multiple path RPF check 69-8

Multiple Spanning Tree

See MST

MUX-UNI Support 36-7

MUX-UNI support 36-7

MVAP (Multi-VLAN Access Port). See also port-based authentication. 76-22

MVR

and IGMPv3 42-2

configuring interfaces 42-6

default configuration 42-5

example application 42-3

in the switch stack 42-5

monitoring 42-8

multicast television application 42-3

restrictions 42-1

setting global parameters 42-6

N

NAC

agentless audit support 76-27

critical authentication 76-21, 76-47

IEEE 802.1x authentication using a RADIUS server 76-50

IEEE 802.1x validation using RADIUS server 76-50

inaccessible authentication bypass 76-47

Layer 2 IEEE 802.1x validation 76-50

Layer 2 IEEE802.1x validation 76-27

native VLAN 20-11

NDAC 63-2

NDE

configuration, displaying 49-18

displaying configuration 49-18

enabling 49-11

filters

destination host, specifying 49-18

destination TCP/UDP port, specifying 49-17

protocol, specifying 49-18

source host and destination TCP/UDP port, specifying 49-17

multicast 49-1

specifying

destination host filters 49-18

destination TCP/UDP port filters 49-17

protocol filters 49-18

NDE version 8 49-3

NEAT

configuring 76-54

overview 76-30

NetFlow

table, displaying entries 32-5

Netflow Multiple Export Destinations 49-15

NetFlow search engine 39-7

NetFlow version 9 49-3

Network Device Admission Control (NDAC) 63-2

Network Edge Access Topology

See NEAT

network ports

Bridge Assurance 31-5

description 31-2

nonaggregate label 36-2, 36-5

non-RPF multicast 39-6

normal-range VLANs

See VLANs

notifications, See SNMP notifications

NSF with SSO does not support IPv6 multicast traffic. 7-1, 8-1

O

OIR 10-11

online diagnostics

CompactFlash disk verification A-41

configuring 15-2

datapath verification A-14

diagnostic sanity check 15-24

egress datapath test A-4

error counter test A-4

interrupt counter test A-4

memory tests 15-24

overview 15-2

running tests 15-6

test descriptions A-1

understanding 15-2

online diagnostic tests A-1

online insertion and removal

See OIR

out-f-band MAC address table synchronization

configuring 20-6

in a VSS 4-2

out of profile

see QoS out of profile

P

packet burst 69-13

packet capture 57-2

packet recirculation 58-19

packet rewrite

CEF 32-2

IP MMLS and 39-4

packets

multicast 66-6

PAgP

understanding 22-5

path cost

MSTP 30-42

PBACLs 62-6

PBF 67-4

PBR 1-8

PBR (policy-based routing)

configuration (example) 33-7

enabling 33-4

peer inconsistent state

in PVST simulation 31-20

per-port VTP enable and disable 24-16

PFC

recirculation 36-5

PFC3 39-7

PIM, IP MMLS and 39-11

PIM snooping

designated router flooding 41-6

enabling globally 41-5

enabling in a VLAN 41-5

overview 41-4

PoE 19-2

Cisco prestandard 19-3

IEEE 802.3af 19-2

IEEE 802.3at 19-2

PoE management 19-3

power policing 19-4

power use measurement 19-4

police command 58-76

policy 58-65

policy-based ACLs (PBACLs) 62-6

policy-based forwarding (PBF) 68-2

policy-based routing

See PBR

policy-based routing (PBR)

configuring 33-1

policy map 58-72

attaching to an interface 58-79, 69-6

policy-map command 58-65, 58-73

port ACLs

defined 66-2

port ACLs (PACLs) 66-1

Port Aggregation Protocol

see PAgP

port-based authentication

AAA authorization 76-33

accounting 76-16

configuring 76-43

authentication server

defined 76-7, 77-3

RADIUS server 76-7

client, defined 76-7, 77-3

configuration guidelines 76-2, 77-1

configuring

guest VLAN 76-45

inaccessible authentication bypass 76-47

initializing authentication of a client 76-39

manual reauthentication of a client 76-39

RADIUS server 76-35, 77-10

RADIUS server parameters on the switch 76-34, 77-9

restricted VLAN 76-46

switch-to-authentication-server retransmission time 76-42

switch-to-client EAP-request frame retransmission time 76-41

switch-to-client frame-retransmission number 76-42, 76-43

switch-to-client retransmission time 76-41

user distribution 76-44

VLAN group assignment 76-44

default configuration 76-31, 77-7

described 76-6

device roles 76-7, 77-3

DHCP snooping 76-15

DHCP snooping and insertion 71-6

displaying statistics 76-57, 77-15

EAPOL-start frame 76-10

EAP-request/identity frame 76-10

EAP-response/identity frame 76-10

enabling

802.1X authentication 76-33, 76-34, 77-9

periodic reauthentication 76-38

encapsulation 76-7

guest VLAN

configuration guidelines 76-19, 76-20

described 76-19

host mode 76-13

inaccessible authentication bypass

configuring 76-47

described 76-21

guidelines 76-4

initiation and message exchange 76-10

MAC authentication bypass 76-26

magic packet 76-28

method lists 76-33

modes 76-13

multiauth mode, described 76-15

multidomain authentication mode, described 76-14

multiple-hosts mode, described 76-13

ports

authorization state and dot1x port-control command 76-12

authorized and unauthorized 76-12

critical 76-21

voice VLAN 76-22

port security

and voice VLAN 76-23

described 76-23

interactions 76-23

multiple-hosts mode 76-13

pre-authentication open access 76-15, 76-36

resetting to default values 76-57

supplicant, defined 76-7

switch

as proxy 76-7, 77-3

RADIUS client 76-7

switch supplicant

configuring 76-54

overview 76-30

user distribution

configuring 76-44

described 76-18

guidelines 76-4

VLAN assignment

AAA authorization 76-33

characteristics 76-17

configuration tasks 76-18

described 76-17

VLAN group

guidelines 76-4

voice VLAN

described 76-22

PVID 76-22

VVID 76-22

wake-on-LAN, described 76-28

port-based QoS features

see QoS

port-channel

see EtherChannel

port-channel load-balance

command 22-11

command example 22-11, 22-12

port-channel load-defer command 4-45

port-channel port load-defer command 4-45

port cost, STP 30-32

port debounce timer

disabling 10-10

displaying 10-10

enabling 10-10

PortFast

edge ports 31-2

network ports 31-2

See STP PortFast

PortFast Edge BPDU filtering

See STP PortFast Edge BPDU filtering

PortFast port types

description31-2, 31-2to ??

edge 31-2

network 31-2

port mode 38-3

port negotiation 10-5

port priority

MSTP 30-41

port priority, STP 30-31

ports

setting the debounce timer 10-10

port security

aging 78-9, 78-10

configuring 78-4

described 78-3

displaying 78-10

enable sticky secure MAC address 78-8

sticky MAC address 78-3

violations 78-3

Port Security is supported on trunks 78-2, 78-5, 78-7, 78-9

port security MAC move 78-3

port security on PVLAN ports 78-2

Port Security with Sticky Secure MAC Addresses 78-3

power management

enabling/disabling redundancy 13-2

overview 13-1

powering modules up or down 13-3

power policing 19-8

power negotiation

through LLDP 19-8

Power over Ethernet 19-2

power over ethernet 19-2

pre-authentication open access. See port-based authentication.

preemption, default configuration 21-4

preemption delay, default configuration 21-4

prerequisites for lawful intercept 79-1

primary links 21-2

primary VLANs 26-6

priority

overriding CoS 18-6, 19-5

private hosts 27-1

private hosts feature

configuration guidelines 27-1

configuring (detailed steps) 27-9

configuring (summary) 27-8

multicast operation 27-4

overview 27-4

port ACLs (PACLs) 27-7

port types 27-5, 27-6

protocol-independent MAC ACLs 27-4

restricting traffic flow with PACLs 27-5

spoofing protection 27-3

private VLANs 26-1

across multiple switches 26-9

and SVIs 26-10

benefits of 26-5

community VLANs 26-6, 26-7

configuration guidelines 26-2, 26-4, 26-10

configuring 26-10

host ports 26-14

pomiscuous ports 26-15

routing secondary VLAN ingress traffic 26-13

secondary VLANs with primary VLANs 26-12

VLANs as private 26-11

end station access to 26-8

IP addressing 26-8

isolated VLANs 26-6, 26-7

monitoring 26-16

ports

community 26-7

configuration guidelines 26-4

isolated 26-7

promiscuous 26-7

primary VLANs 26-6

secondary VLANs 26-6

subdomains 26-5

traffic in 26-10

privileged EXEC mode 2-5

promiscuous ports 26-7

protocol tunneling

See Layer 2 protocol tunneling 29-2

PVRST

See Rapid-PVST 30-3

PVST

description 30-3

PVST simulation

description 31-20

peer inconsistent state 31-20

root bridge 31-20

Q

QoS

auto-QoS

enabling for VoIP 59-4

IPv6 58-4

See also automatic QoS 59-1

QoS classification (definition) 58-120

QoS congestion avoidance

definition 58-121

QoS CoS

and ToS final L3 Switching Engine values 58-18

and ToS final values from L3 Switching Engine 58-18

definition 58-120

port value, configuring 58-91

QoS default configuration 58-111, 61-2

QoS DSCP

definition 58-121

internal values 58-16

maps, configuring 58-86

QoS dual transmit queue

thresholds

configuring 58-92, 58-96

QoS Ethernet egress port

scheduling 58-111

scheduling, congestion avoidance, and marking 58-18

QoS Ethernet ingress port

classification, marking, scheduling, and congestion avoidance 58-12

QoS final L3 Switching Engine CoS and ToS values 58-18

QoS internal DSCP values 58-16

QoS L3 Switching Engine

classification, marking, and policing 58-15

feature summary 58-22

QoS labels (definition) 58-121

QoS mapping

CoS values to DSCP values 58-83, 58-86

DSCP markdown values 58-34, 58-87, 60-14

DSCP mutation 58-82, 60-27

DSCP values to CoS values 58-89

IP precedence values to DSCP values 58-87

QoS markdown 58-25

QoS marking

definition 58-121

trusted ports 58-21

untrusted ports 58-20

QoS multilayer switch feature card 58-23

QoS out of profile 58-25

QoS policing

definition 58-121

microflow, enabling for nonrouted traffic 58-60

QoS policing rule

aggregate 58-23

creating 58-64

microflow 58-23

QoS port

trust state 58-89, 58-91

QoS port-based or VLAN-based 58-60

QoS queues

transmit, allocating bandwidth between 58-107

QoS receive queue 58-14, 58-102, 58-104

drop thresholds 58-28

QoS RP

marking 58-23

QoS scheduling (definition) 58-121

QoS session-based 58-17

QoS single-receive, dual-transmit queue ports

configuring 58-97

QoS statistics data export 61-2

configuring 61-2

configuring destination host 61-7

configuring time interval 61-6, 61-8

QoS ToS

and CoS final values from L3 Switching Engine 58-18

definition 58-121

QoS traffic flow through QoS features 58-9

QoS transmit queue

size ratio 58-109, 58-110

QoS transmit queues 58-29, 58-100, 58-101, 58-103, 58-104

QoS trust-cos

port keyword 58-20

QoS trust-dscp

port keyword 58-20

QoS trust-ipprec

port keyword 58-20

QoS untrusted port keyword 58-20

QoS VLAN-based or port-based 58-17, 58-60

quad-supervisor

uplink forwarding 4-9

queries, IGMP 40-4

queries, MLDv2 47-6

R

RADIUS 71-6

RADIUS. See also port-based authentication. 76-7

range

command 52-3

macro 10-2

rapid convergence 30-14

Rapid-PVST

enabling 30-36

Rapid PVST+

interoperation with MST 31-20

Rapid-PVST+

overview 30-3

Rapid Spanning Tree

See RSTP

Rapid Spanning Tree Protocol

See RSTP

receive queues

see QoS receive queues

recirculation 36-5, 58-19

redirect URLs

described 76-25

reduced MAC address 30-3

redundancy (RPR+) 9-1

configuring 9-4

configuring supervisor engine 9-2

displaying supervisor engine configuration 9-5

redundancy command 9-4

related documentation 1-xliii

Remote Authentication Dial-In User Service. See RADIUS.

Replication Mode Detection 39-12

report, MLD 47-5

reserved-range VLANs

See VLANs

restricted VLAN

configuring 76-46

described 76-20

using with IEEE 802.1x 76-20

restricting MIB access 79-10, 79-11

rewrite, packet

CEF 32-2

IP MMLS 39-4

RHI 4-52

RIF cache monitoring 10-12

ROM monitor

CLI 2-7

root bridge

MST 31-20

PVST simulation 31-20

root bridge, STP 30-29

root guard

See STP root guard

root switch

MSTP 30-39

route health injection

See RHI

route-map (IP) command 33-4

route maps

defining 33-4

router guard 44-1

routing table, multicast 39-21

RPF

failure 39-6

multicast 39-3

non-RPF multicast 39-6

RPR and RPR+ support IPv6 multicast traffic 9-1

RSTP

active topology 30-13

BPDU

format 30-16

processing 30-17

designated port, defined 30-13

designated switch, defined 30-13

interoperability with IEEE 802.1D

described 30-24

restarting migration process 30-47

topology changes 30-17

overview 30-13

port roles

described 30-13

synchronized 30-15

proposal-agreement handshake process 30-14

rapid convergence

described 30-14

edge ports and Port Fast 30-14

point-to-point links 30-14, 30-46

root ports 30-14

root port, defined 30-13

See also MSTP

S

Sampled NetFlow

description 49-9

scheduling

see QoS

secondary VLANs 26-6

Secure MAC Address Aging Type 78-9

security

configuring 64-1, 70-3

security, port 78-3

security considerations 79-9

Security Exchange Protocol (SXP) 63-2

Security Group Access Control List (SGACL) 63-2

Security Group Tag (SGT) 63-2

serial IDs

description 50-14

serial interfaces

clearing 10-13

synchronous

maintaining 10-13

server IDs

description 50-14

service-policy command 58-65

service-policy input command 58-61, 58-79, 58-83, 58-85, 60-28, 69-6

service-provider network, MSTP and RSTP 30-18

set default interface command 33-4

set interface command 33-4

set ip default next-hop command 33-4

set ip df command

PBR 33-4

set ip next-hop command 33-4

set ip precedence command

PBR 33-4

set ip vrf command

PBR 33-4

set power redundancy enable/disable command 13-2

set requests 79-7, 79-8, 79-11

setting up lawful intercept 79-7

SGACL 63-2

SGT 63-2

shaped round robin 58-107

short pipe mode

configuring 60-32

show authentication command 76-58

show catalyst6000 chassis-mac-address command 30-4

show dot1x interface command 76-39

show eobc command 10-12

show history command 2-4

show ibc command 10-12

show interfaces command 10-8, 10-9, 10-12, 20-6, 20-13

clearing interface counters 10-12

displaying, speed and duplex mode 10-6

show ip flow export command

displaying NDE export flow IP address and UDP port 49-16

show ip interface command

displaying IP MMLS interfaces 39-19

show ip local policy command 33-5

show ip mroute command

displaying IP multicast routing table 39-21

show ip pim interface command

displaying IP MMLS router configuration 39-19

show mab command 76-61

show mls aging command 48-13

show mls ip multicast group command

displaying IP MMLS group 39-22, 39-25

show mls ip multicast interface command

displaying IP MMLS interface 39-22, 39-25

show mls ip multicast source command

displaying IP MMLS source 39-22, 39-25

show mls ip multicast statistics command

displaying IP MMLS statistics 39-22, 39-25

show mls ip multicast summary

displaying IP MMLS configuration 39-22, 39-25

show mls nde command 49-18

displaying NDE flow IP address 49-16

show mls rp command

displaying IP MLS configuration 48-11

show module command 9-5

show platform entry command 32-5

show protocols command 10-12

show rif command 10-12

show running-config command 10-12

displaying ACLs 66-7, 66-8

show svclc rhi-routes command 4-52

show version command 10-12

shutdown command 10-13

shutdown interfaces

result 10-13

slot number, description 10-2

smart call home 50-1

description 50-5

destination profile (note) 50-23

registration requirements 50-5

service contract requirements 50-2

Transport Gateway (TG) aggregation point 50-4

SMARTnet

smart call home registration 50-5

smart port macros 3-1

configuration guidelines 3-2

Smartports macros

applying global parameter values 3-14

applying macros 3-14

creating 3-13

default configuration 3-4

defined 3-4

displaying 3-15

tracing 3-2

SNMP

configuring 79-10

default view 79-9

get and set requests 79-7, 79-8, 79-11

notifications 79-9, 79-12

support and documentation 1-7

SNMP-COMMUNITY-MIB 79-9

SNMP-USM-MIB 79-4, 79-9

SNMP-VACM-MIB 79-4, 79-9

snooping

See IGMP snooping

software

upgrading router 5-5

source IDs

call home event format 50-13

source-only-ip flow mask 48-8

source specific multicast with IGMPv3, IGMP v3lite, and URD 39-10

SPAN

configuration guidelines 53-2

configuring 53-12

sources 53-16, 53-19, 53-21, 53-22, 53-24, 53-25, 53-26, 53-28

VLAN filtering 53-30

destination port support on EtherChannels 53-12, 53-19, 53-22, 53-24, 53-25, 53-29

distributed egress 53-10, 53-15

modules that disable for ERSPAN 53-7

input packets with don't learn option

ERSPAN 53-28, 53-29

local SPAN 53-17, 53-18, 53-19

RSPAN 53-22, 53-23, 53-25

understanding 53-12

local SPAN egress session increase 53-3, 53-16

overview 53-7

SPAN Destination Port Permit Lists 53-15

spanning-tree backbonefast

command 31-15, 31-16

command example 31-15, 31-16

spanning-tree cost

command 30-33

command example 30-33

spanning-tree portfast

command 31-2, 31-3, 31-4

command example 31-3, 31-4

spanning-tree portfast bpdu-guard

command 31-8

spanning-tree port-priority

command 30-31

spanning-tree protocol for bridging 34-1

spanning-tree uplinkfast

command 31-13

command example 31-13

spanning-tree vlan

command 30-27, 30-29, 30-30, 30-31, 31-8, 31-17

command example 30-28, 30-29, 30-30, 30-31

spanning-tree vlan cost

command 30-33

spanning-tree vlan forward-time

command 30-35

command example 30-35

spanning-tree vlan hello-time

command 30-35

command example 30-35

spanning-tree vlan max-age

command 30-36

command example 30-36

spanning-tree vlan port-priority

command 30-31

command example 30-32

spanning-tree vlan priority

command 30-34

command example 30-34

speed

configuring interface 10-4

speed command 1-3, 10-4

speed mode

autonegotiation status 10-6

SRR 58-107

standards, lawful intercept 79-4

standby links 21-2

static sharing

description 76-25

statistics

802.1X 76-57, 77-15

sticky ARP 69-21

sticky MAC address 78-3

Sticky secure MAC addresses 78-8, 78-9

storm control

see traffic-storm control

STP

configuring 30-26

bridge priority 30-34

enabling 30-27, 30-28

forward-delay time 30-35

hello time 30-35

maximum aging time 30-36

port cost 30-32

port priority 30-31

root bridge 30-29

secondary root switch 30-30

defaults 30-25

EtherChannel 22-7

normal ports 31-3

understanding 30-2

802.1Q Trunks 30-12

Blocking State 30-8

BPDUs 30-4

disabled state 30-12

forwarding state 30-11

learning state 30-10

listening state 30-9

overview 30-3

port states 30-6

protocol timers 30-5

root bridge election 30-5

topology 30-5

STP BackboneFast

configuring 31-15

figure

adding a switch 31-18

spanning-tree backbonefast

command 31-15, 31-16

command example 31-15, 31-16

understanding 31-13

STP BPDU Guard

configuring 31-7

spanning-tree portfast bpdu-guard

command 31-8

understanding 31-7

STP bridge ID 30-3

STP EtherChannel guard 31-16

STP extensions

description??to 31-20

STP loop guard

configuring 31-19

overview 31-17

STP PortFast

BPDU filter

configuring 31-10

BPDU filtering 31-9

configuring 31-2

spanning-tree portfast

command 31-2, 31-3, 31-4

command example 31-3, 31-4

understanding 31-2

STP port types

normal 31-3

STP root guard 31-17

STP UplinkFast

configuring 31-12

spanning-tree uplinkfast

command 31-13

command example 31-13

understanding 31-11

subdomains, private VLAN 26-5

supervisor engine

environmental monitoring 14-1

redundancy 9-1

synchronizing configurations 9-5

supervisor engine redundancy

configuring 9-2

supervisor engines

displaying redundancy configuration 9-5

supplicant 76-7

surveillance 79-7

svclc command 4-51

Switched Port Analyzer 53-1

switch fabric functionality 17-1

configuring 17-3

monitoring 17-4

switchport

configuring 20-14

example 20-13

show interfaces 10-8, 10-9, 20-6, 20-13

switchport access vlan 20-6, 20-7, 20-10, 20-14

example 20-15

switchport mode access 20-4, 20-6, 20-7, 20-14

example 20-15

switchport mode dynamic 20-9

switchport mode dynamic auto 20-4

switchport mode dynamic desirable 20-4

default 20-5

example 20-13

switchport mode trunk 20-4, 20-9

switchport nonegotiate 20-4

switchport trunk allowed vlan 20-11

switchport trunk encapsulation 20-7, 20-9

switchport trunk encapsulation dot1q

example 20-13

switchport trunk encapsulation negotiate

default 20-5

switchport trunk native vlan 20-11

switchport trunk pruning vlan 20-12

switch priority

MSTP 30-43

switch TopN reports

foreground execution 55-2

running 55-3

viewing 55-3

SXP 63-2

system event archive (SEA) 51-1

System Hardware Capacity 1-4

T

TDR

checking cable connectivity 10-14

enabling and disabling test 10-14

guidelines 10-14

Telnet

accessing CLI 2-2

Time Domain Reflectometer 10-14

TLV

host presence detection 18-4, 76-14, 78-4

traceroute, Layer 2

and ARP 56-2

and CDP 56-1

described 56-2

IP addresses and subnets 56-2

MAC addresses and VLANs 56-2

multicast traffic 56-2

multiple devices on a port 56-2

unicast traffic 56-2

usage guidelines 56-1

traffic-storm control

command

broadcast 74-4

described 74-2

monitoring 74-5

thresholds 74-2

traffic suppression

see traffic-storm control

transmit queues

see QoS transmit queues

traps, see SNMP notifications

trunks 20-4

802.1Q Restrictions 20-2

allowed VLANs 20-11

configuring 20-8

default interface configuration 20-6

default VLAN 20-10

different VTP domains 20-4

native VLAN 20-11

to non-DTP device 20-4

VLAN 1 minimization 20-12

trust-dscp

see QoS trust-dscp

trusted boundary 18-6

trusted boundary (extended trust for CDP devices) 18-4

trust-ipprec

see QoS trust-ipprec

trustpoint 50-2

tunneling 60-4, 60-29

tunneling, 802.1Q

See 802.1Q 28-4

type length value

See TLV

U

UDE

configuration 35-5

overview 35-4

UDE and UDLR 35-1

UDLD

default configuration 11-4

enabling

globally 11-5

on ports 11-5, 11-6

overview 11-2

UDLR 35-1

back channel 35-3

configuration 35-6

tunnel

(example) 35-7

ARP and NHRP 35-4

UDLR (unidirectional link routing) 35-1

UDP port for SNMP notifications 79-12

UMFB 75-2

unauthorized ports with 802.1X 76-12

unicast storms

see traffic-storm control

Unidirectional Ethernet 35-1

unidirectional ethernet

example of setting 35-5

UniDirectional Link Detection Protocol

see UDLD

uniform mode

configuring 60-36

unknown multicast flood blocking

See UMFB

unknown unicast and multicast flood blocking 75-1

unknown unicast flood blocking

See UUFB

unknown unicast flood rate-limiting

See UUFRL

untrusted

see QoS trust-cos

see QoS untrusted

UplinkFast

See STP UplinkFast

URD 39-10

User-Based Rate Limiting 58-25, 58-76

user EXEC mode 2-5

UUFB 75-2

UUFRL 75-2

V

VACLs 67-2

configuring

examples 67-5

Layer 3 VLAN interfaces 67-5

Layer 4 port operations 62-2

logging

configuration example 67-8

configuring 67-7

restrictions 67-7

MAC address based 67-2

multicast packets 66-6

SVIs 67-5

WAN interfaces 67-2

vlan

command 25-5, 25-6, 49-13, 53-20

command example 25-6

VLAN Access Control Lists

See VACLs

VLAN-based QoS filtering 58-67, 62-10

VLAN-bridge spanning-tree protocol 34-1

vlan database

command 25-5, 25-6, 49-13, 53-20

vlan group command 76-44

VLAN locking 25-4

vlan mapping dot1q

command 25-8

VLAN maps

applying 66-8

VLAN mode 38-3

VLAN port provisioning verification 25-4

VLANs

allowed on trunk 20-11

configuration guidelines 25-2

configuring 25-1

configuring (tasks) 25-4

defaults 25-3

extended range 25-3

interface assignment 25-6

multicast 42-2

name (default) 25-3

normal range 25-3

reserved range 25-3

support for 4,096 VLANs 25-2

token ring 25-3

trunks

understanding 20-4

understanding 25-2

VLAN 1 minimization 20-12

VTP domain 25-4

VLAN translation

command example 25-8, 25-9

voice VLAN

Cisco 7960 phone, port connections 18-2

configuration guidelines 18-1

configuring IP phone for data traffic

override CoS of incoming frame 18-6, 19-5

configuring ports for voice traffic in

802.1Q frames 18-5

connecting to an IP phone 18-5

default configuration 18-4

overview 18-2

voice VLAN. See also port-based authentication. 76-22

VPN

configuration example 37-4

guidelines and restrictions 37-2

VPN supported commands 37-2

VPN switching 37-1

VSS

dual-active detection

Enhanced PAgP, advantages 4-24

Enhanced PAgP, description 4-24

enhanced PAgP, description 4-46

fast-hello, advantages 4-24

fast-hello, description 4-25

VSLP fast-hello, configuration 4-47

VTP

advertisements 24-4, 24-5

client, configuring 24-15

configuration guidelines 24-1

default configuration 24-9

disabling 24-15

domains 24-3

VLANs 25-4

modes

client 24-4

server 24-4

transparent 24-4

monitoring 24-17

overview 24-2

per-port enable and disable 24-16

pruning

configuration 20-12

configuring 24-12

overview 24-7

server, configuring 24-15

statistics 24-17

transparent mode, configuring 24-15

version 2

enabling 24-13

overview 24-5

version 3

enabling 24-13

overview 24-6

server type, configuring 24-11

W

wake-on-LAN. See also port-based authentication. 76-28

web-based authentication

AAA fail policy 77-5

description 77-2

web browser interface 1-7

weighted round robin 58-107

wiretaps 79-4

WRR 58-107