-
Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.2SR
-
Preface
-
Product Overview
-
Configuring the Router for the First Time
-
Configuring a Route Switch Processor 720
-
Configuring a Supervisor Engine 720
-
Configuring a Supervisor Engine 32
-
Configuring NSF with SSO Supervisor Engine Redundancy
-
Configuring RPR and RPR+ Supervisor Engine Redundancy
-
ISSU and eFSU on Cisco 7600 Series Routers
-
Configuring Interfaces
-
Configuring LAN Ports for Layer 2 Switching
-
Configuring Flex Links
-
Configuring EtherChannels
-
Configuring VTP
-
Configuring VLANs
-
Configuring Private VLANs
-
Configuring Cisco IP Phone Support
-
Configuring IEEE 802.1Q Tunneling
-
Configuring Layer 2 Protocol Tunneling
-
Configuring STP and MST
-
Configuring Optional STP Features
-
Configuring Layer 3 Interfaces
-
IP Subscriber Awareness over Ethernet
-
Configuring UDE and UDLR
-
Configuring Multiprotocol Label Switching on the PFC
-
Configuring IPv4 Multicast VPN Support
-
Configuring IP Unicast Layer 3 Switching
-
Configuring IPv6 Multicast PFC3 and DFC3 Layer 3 Switching
-
Configuring IPv4 Multicast Layer 3 Switching
-
Configuring MLDv2 Snooping for IPv6 Multicast Traffic
-
Configuring IGMP Snooping for IPv4 Multicast Traffic
-
Configuring PIM Snooping
-
Configuring Network Security
-
Understanding Cisco IOS ACL Support
-
Configuring VLAN ACLs
-
Private Hosts (Using PACLs)
-
Configuring Denial of Service Protection
-
Configuring DHCP Snooping
-
Configuring Dynamic ARP Inspection
-
Configuring Traffic Storm Control
-
Unknown Unicast Flood Blocking
-
Configuring PFC QoS
-
Configuring MPLS QoS on the PFC
-
Configuring PFC QoS Statistics Data Export
-
Configuring IEEE 802.1X Port-Based Authentication
-
Configuring Port Security
-
Configuring UDLD
-
Configuring NetFlow and NDE
-
Configuring Local SPAN, RSPAN, and ERSPAN
-
Configuring SNMP IfIndex Persistence
-
Power Management and Environmental Monitoring
-
Configuring Online Diagnostics
-
Configuring Web Cache Services Using WCCP
-
Using the Top N Utility
-
Using the Layer 2 Traceroute Utility
-
Online Diagnostic Tests
-
Configuring Call Home
-
Acronyms
-
Cisco IOS Release 12.2SRB Software Images
-
Index
-
Table Of Contents
Symbols - Numerics - A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
Symbols
!Mini Protocol Analyzer 56-1
Numerics
4K VLANs (support for 4,096 VLANs) 12-2
802.10 SAID (default) 12-6
802.1Q
encapsulation 8-3
Layer 2 protocol tunneling
See Layer 2 protocol tunneling
mapping to ISL VLANs 12-12, 12-15
trunks 8-2
restrictions 8-5
tunneling 15-1
configuration guidelines 15-4
configuring tunnel ports 15-6
802.1Q Ethertype, specifying custom 8-15
802.1X
802.3ad
802.3X Flow Control 7-12
A
access control entries and lists 29-1, 30-1, 32-1
access-enable host timeout (not supported) 30-2
access interface (IP subscriber) 22-3
access lists, using with WCCP 48-10
access port, configuring 8-14
ACEs and ACLs 29-1, 30-1, 32-1
addresses
advertisements, VTP 11-3
aggregate policing
aging time
IP MLS 43-20
maximum
for MSTP 17-47
MSTP accelerated 17-46
MSTP maximum 17-47
alarms
major 46-12
minor 46-12
Allow DHCP Option 82 on Untrusted Port
configuring 33-10
understanding 33-3
any transport over MPLS (AToM) 21-13
compatibility with previous releases of AToM 21-15
Ethernet over MPLS 21-16
ARP spoofing 34-1
AToM 21-13
authentication
See also port-based authentication
Authentication, Authorization, and Accounting
Authentication, Authorization, and Accounting (AAA) 32-1
authorized ports with 802.1X 40-4
auto-sync command 6-6
B
BackboneFast
backup interfaces
bandwidth-remaining ratio (BRR), IP subscriber 22-4, 22-5, 22-6, 22-7
binding database, DHCP snooping
See DHCP snooping binding database
binding database, DHCP snooping
See DHCP snooping binding database
blocking floods 36-1
blocking state, STP 17-7
boot bootldr command 2-19
boot command 2-15
boot config command 2-19
boot system command 2-14, 2-19
boot system flash command 2-15
BPDU, RSTP format 17-15
BPDU guard
bridge groups 19-2
bridge ID
bridge priority, STP 17-33
bridge protocol data units
bridging 19-2
broadcast storms
C
cache engine clusters 48-1
cache engines 48-1
cache farms
Call Home
description 55-1
message format options 55-1
messages
format options 55-1
call home 55-1
alert groups 55-6
configuring e-mail options 55-8
contact information 55-3
default settings 55-15
destination profiles 55-4
displaying information 55-11
mail-server priority 55-9
pattern matching 55-8
periodic notification 55-7
rate limit messages 55-8
severity threshold 55-8
smart call home feature 55-2
SMTP server 55-8
testing communications 55-10
call home alert groups
configuring 55-6
description 55-6
subscribing 55-6
call home contacts
assigning information 55-3
call home destination profiles
attributes 55-4
configuring 55-5
description 55-4
displaying 55-14
call home notifications
full-txt format for syslog 55-25
XML format for syslog 55-25
cautions for passwords
encrypting 2-10
TACACS+ 2-10
CEF
configuring
MSFC2 23-5
supervisor engine 23-4
examples 23-3
Layer 3 switching 23-2
packet rewrite 23-2
certificate authority (CA) 55-3
CGMP 27-8
channel-group group
command example 10-9
checking running configuration 2-4
Cisco Cache Engines 48-2
Cisco Express Forwarding 21-3
Cisco Group Management Protocol
Cisco IOS Release 12.2SRB software images C-1
Cisco IOS Unicast Reverse Path Forwarding 29-2
CiscoView 1-2
CIST regional root
CIST root
class command 37-60
classification (QoS) 37-106
class-map command 37-52
class map configuration 37-57
class of service (CoS) 37-106
clear mls ip multicast statistics command
clears IP MMLS statistics 25-24
Committed Access Rate (CAR), not supported 37-2
community ports 13-3
Concurrent routing and bridging (CRB) 19-2
CONFIG_FILE environment variable
configuration file, viewing 2-19
description 2-18
config-register command 2-16
config terminal command 2-3
configuration
file, saving 2-5
register
changing settings 2-16
settings at startup 2-15
configuration example
EoMPLS VLAN mode 21-17
configuration register boot field
listing value 2-17
modification tasks 2-16
configure command 2-3
configure terminal command 2-16, 7-2
configuring 37-59
global parameters
sample configuration 2-2
using configuration mode2-3to 2-4
contact information
assigning for call home 55-3
control plane policing
control plane policing and protection (CoPP)
per-subscriber 22-4
CoPP
applying QoS service policy to control plane 32-20
configuring
ACLs to match traffic 32-20
enabling MLS QoS 32-20
packet classification criteria 32-20
service-policy map 32-20
control plane configuration mode, entering 32-20
displaying
dynamic information 32-21
number of conforming bytes and packets 32-21
rate information 32-21
entering control plane configuration mode 32-20
monitoring statistics 32-21
overview 32-19
packet classification guidelines 32-21
traffic classification
defining 32-23
guidelines 32-24
overview 32-23
sample ACLs 32-24
sample classes 32-23
CoPP. See control plane policing and protection (CoPP)
copy running-config startup-config command 2-5
copy system
running-config nvram
startup-config command 2-19
CoS, override priority 14-7, 14-8
D
debug commands
IP MMLS 25-24
debug fm private-hosts command 34-30
debug private-hosts command 34-31
DEC spanning-tree protocol 19-2
default configuration
802.1X 40-6
dynamic ARP inspection 34-5
Flex Links 9-2
IP MMLS 25-6
MSTP 17-38
supervisor engine 2-2
UDLD 42-3
voice VLAN 14-4
VTP 11-6
default NDE configuration 43-13
default VLAN 8-10
deficit weighted round robin 37-94
denial of service protection
description command 7-14
destination-ip flow mask 43-3
destination-source-ip flow mask 43-3
device IDs
call home format 55-22
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 33-5
overview 33-3
packet format, suboption
circuit ID 33-5
remote ID 33-5
remote ID suboption 33-5
DHCP option 82 allow on untrusted port 33-10
DHCP snooping
binding database
See DHCP snooping binding database
configuration guidelines 33-6
configuring 33-8
default configuration 33-6
displaying binding tables 33-18
enabling 33-9, 33-10, 33-11, 33-13, 33-14
enabling the database agent 33-14
message exchange process 33-4
option 82 data insertion 33-3
overview 33-1
Snooping database agent 33-5
DHCP snooping binding database
described 33-2
entries 33-2
DHCP snooping binding table
See DHCP snooping binding database
DHCP Snooping Database Agent
adding to the database (example) 33-18
enabling (example) 33-15
overview 33-5
reading from a TFTP file (example) 33-17
DHCP snooping increased bindings limit 33-7, 33-15
differentiated services codepoint
Differentiated Services Code Point (DSCP) 37-106
DiffServ
configuring short pipe mode 38-34
configuring uniform mode 38-39
short pipe mode 38-31
uniform mode 38-32
DiffServ tunneling modes 38-4
Disabling PIM Snooping Designated Router Flooding 28-6
distributed Cisco Express Forwarding
documentation, related 1-4
document organization 1-2
DoS protection
monitoring packet drop statistics
using monitor session commands 32-15
using VACL capture 32-17
PFC configuration guidelines and restrictions 32-14
Supervisor Engine 720 32-2
default configurations 32-13
egress ACL bridget packet rate limiters 32-7
FIB glean rate limiters 32-9
FIB receive rate limiters 32-9
ICMP redirect rate limiters 32-9
IGMP unreachable rate limiters 32-8
ingress ACL bridget packet rate limiters 32-7
IP errors rate limiters 32-11
IPv4 multicast rate limiters 32-11
IPv6 multicast rate limiters 32-12
Layer 2 PDU rate limiters 32-10
Layer 2 protocol tunneling rate limiters 32-10
MTU failure rate limiters 32-10
multicast directyly connected rate limiters 32-11
multicast FIB miss rate limiters 32-11
multicast IGMP snooping rate limiters 32-10
network under SYN attack 32-5
QoS ACLs 32-3
security ACLs 32-3
TCP intercept 32-5
traffic storm control 32-4
TTL failure rate limiter 32-8
uRPF check 32-4
uRPF failure rate limiters 32-8
VACL log rate limiters 32-10
Supervisor Engine 720Layer 3 security features rate limiters 32-9
understanding how it works 32-2
DSCP
DSCP-based queue mapping 37-85
dual-priority queues
duplex mode
configuring interface 7-6
DWRR 37-94
dynamic ARP inspection
ARP cache poisoning 34-2
ARP requests, described 34-1
ARP spoofing attack 34-2
clearing
log buffer 34-16
statistics 34-15
configuration guidelines 34-5
configuring
logging system messages 34-13
rate limit for incoming ARP packets 34-4, 34-9
default configuration 34-5
denial-of-service attacks, preventing 34-9
described 34-1
DHCP snooping binding database 34-3
displaying
ARP ACLs 34-15
configuration and operating state 34-15
log buffer 34-16
statistics 34-15
trust state and rate limit 34-15
error-disabled state for exceeding rate limit 34-4
function of 34-2
interface trust states 34-3
log buffer
clearing 34-16
displaying 34-16
logging of dropped packets, described 34-4
logging system messages
configuring 34-13
man-in-the middle attack, described 34-2
network security issues and interface trust states 34-3
priority of ARP ACLs and DHCP snooping entries 34-4
rate limiting of ARP packets
configuring 34-9
described 34-4
error-disabled state 34-4
statistics
clearing 34-15
displaying 34-15
validation checks, performing 34-11
Dynamic Host Configuration Protocol snooping
E
eFSU. See enhanced Fast Software Upgrade (eFSU)
Egress ACL support for remarked DSCP 37-12
egress ACL support for remarked DSCP 37-48
egress replication performance improvement 25-12
e-mail addresses
assigning for call home 55-3
e-mail notifications
Call Home 55-1
Embedded CiscoView 1-2
enable sticky secure MAC address 41-8
enabling
IP MMLS
on router interfaces 25-10
encapsulation 8-3
enhanced Fast Software Upgrade (eFSU)
aborting (issu abortversion command) 8-19
accepting the new software version 8-17
commiting the new software to standby RP (issu commitversion command) 8-17
disabling compatibility matrix check 8-9
displaying maximum outage time for line cards 8-14
error handling 8-4
forcing a switchover (issu runversion command) 8-14
issu loadversion command 8-12
loading new software onto standby RP 8-12
memory reservation on line card 8-3
memory reservation on line card, prohibiting 8-3
OIR not supported 8-7
operation 8-2
outage times 8-3
overview 8-1
performing 8-7
SSO, RPR, and RPR+ modes 8-7
steps 8-8
usage guidelines and limitations 8-6
verifying redundancy mode 8-10
enhanced interface range command 7-3
environmental monitoring
LED indications 46-12
SNMP traps 46-12
supervisor engine and switching modules 46-12
Syslog messages 46-12
using CLI commands 46-10
environment variables
CONFIG_FILE 2-18
controlling 2-19
viewing 2-19
EoMPLS 21-14
configuring 21-16
configuring VLAN mode 21-16
guidelines and restrictions 21-14
port mode 21-16
port mode configuration guidelines 21-20
VLAN mode 21-16
erase startup-config command
configuration files cleared with 2-6
ERSPAN 44-1
EtherChannel
channel-group group
command example 10-9
configuration guidelines 10-5
configuring
Layer 2 10-8
configuring (tasks) 10-7
interface port-channel
command example 10-8
interface port-channel (command) 10-7
lacp system-priority
command example 10-10
Layer 2, configuring 10-8
load balancing
configuring 10-11
understanding 10-5
modes 10-2
PAgP, understanding 10-3
port-channel interfaces 10-5
port-channel load-balance
command example 10-11
STP 10-5
switchport trunk encapsulation dot1q 10-6
understanding 10-1
EtherChannel Guard
EtherChannel Min-Links 10-12
Ethernet, setting port duplex 7-13
Ethernet over MPLS (EoMPLS) configuration
EoMPLS port mode 21-20
EoMPLS VLAN mode 21-17
examples
software configuration register2-14to 2-17
EXP mutation 38-4
extended range VLANs 12-2
extended system ID, MSTP 17-40
Extensible Authentication Protocol over LAN 40-1
F
fabric switching mode
fabric switching-mode allow dcef-only command on Supervisor Engine 720 5-2, 6-4
fall-back bridging 19-2
fiber-optic, detecting unidirectional links 42-1
FIB TCAM 21-2
filters, NDE
destination host filter, specifying 43-27
destination TCP/UDP port, specifying 43-26
overview 43-7
protocol 43-27
source host and destination TCP/UDP port 43-26
Flash memory
configuration process 2-18
configuring router to boot from 2-18
loading system image from 2-17
security precautions 2-18
write protection 2-18
Flex Links 9-1
configuration guidelines 9-2
configuring 9-3
default configuration 9-2
description 9-1
monitoring 9-3
flood blocking 36-1
flow control 7-12
flow masks
IP MLS
destination-ip 43-3
destination-source-ip 43-3
interface-destination-source-ip 43-3
ip-full 43-3
ip-interface-full 43-3
minimum 43-19
overview 43-3
flowmasks
NetFlow (Release 12.2SRA) 43-3
NetFlow (Release 12.2SRB) 43-3
flows
IP MMLS
completely and partially switched 25-3
forward-delay time
MSTP 17-46
forward-delay time, MSTP 17-46
forward-delay time, STP 17-35
frame distribution
See EtherChannel load balancing
G
global parameters, configuring 2-2
H
hardware Layer 3 switching, guidelines 23-4
hello time, MSTP 17-45
hello time, STP 17-34
High Capacity Power Supply Support 46-4
host ports 13-3
I
ICMP unreachable messages 30-1
IDs
serial IDs 55-22
IEEE 802.10 SAID (default) 12-6
IEEE 802.1Q
IEEE 802.1Q Ethertype
specifying custom 8-15
IEEE 802.1w
IEEE 802.3ad
IEEE 802.3X Flow Control 7-12
IEEE bridging protocol 19-2
IGMP
configuration guidelines 26-7, 27-7
enabling 27-10
Internet Group Management Protocol 27-1
join messages 27-2
leave processing
enabling 27-12
queries 27-3
query interval, configuring 27-11
snooping
fast leave 27-5
joining multicast group 27-2
leaving multicast group 27-4
understanding 27-2
snooping querier
enabling 27-9
understanding 27-2
IGMPv3 25-9
IGMP v3lite 25-9
In Service Software Upgrade (ISSU) 8-1
Integrated routing and bridging (IRB) 19-2
interface
command 2-3
Layer 2 modes 8-4
number 7-1
interface, access (IP subscriber) 22-3
interface access command 22-17
interface-destination-source-ip flow mask 43-3
interface port-channel
command example 10-8
interface port-channel (command) 10-7
interfaces
configuring 7-2
configuring, duplex mode 7-5
configuring, speed 7-5
configururing, overview 7-1
descriptive name, adding 7-14
naming 7-14
range of 7-3
interfaces command 7-2
interfaces range command 7-3
interfaces range macro command 7-4
Internet Group Management Protocol
IP accounting, IP MMLS and 25-8
IP addresses
assigned by BOOTP protocol 2-6
set to default 2-6
IP CEF, topology (figure) 23-3
ip flow-export destination command 43-23
ip flow-export source command 43-22, 43-24, 49-3, 49-4
ip-full flow mask 43-3
ip http server 1-1
ip-interface-full flow mask 43-3
IP MLS
aging-time 43-20
flow masks
destination-ip 43-3
destination-source-ip 43-3
interface-destination-source-ip 43-3
ip-full 43-3
ip-interface-full 43-3
minimum 43-19
overview 43-3
NDE
IP MMLS
cache, overview 25-2
configuration guideline 25-7
debug commands 25-24
default configuration 25-6
enabling
on router interfaces 25-10
flows
completely and partially switched 25-3
Layer 3 MLS cache 25-2
overview 25-2
packet rewrite 25-3
router
displaying interface information 25-16
enabling globally 25-9
enabling on interfaces 25-10
multicast routing table, displaying 25-18
PIM, enabling 25-9
switch
statistics, clearing 25-24
unsupported features 25-8
IP multicast
IGMP snooping and 27-9
MLDv2 snooping and 26-9
overview 27-1
IP multicast MLS
ip multicast-routing command
enabling IP multicast 25-9
IP phone, configuring 14-5
ip pim command
IP precedence 37-107
IP static routes 2-5
IP subscriber awareness
benefits 22-2
configuration example 22-14
configuration guidelines 22-11
control plane policing and protection (CoPP) 22-4
interface access command 22-17
IP subscriber interface 22-3
IP subscriber session 22-3
lawful intercept 22-4
overview 22-1
per-subscriber features 22-4
QoS 22-4
bandwidth-remaining ratio (BRR) 22-4, 22-5, 22-6, 22-7
dual-priority queues 22-4, 22-9
priority-rate propagation 22-5, 22-9, 22-10
QoS recommendations 22-5
Radius accounting 22-4
security ACLs 22-4
unsupported features 22-10
IP unnumbered 19-1
IPv4 Multicast over Point-to-Point GRE Tunnels 1-4
IPv4 Multicast VPN 22-1
IPv6 Multicast PFC3 and DFC3 Layer 3 Switching 24-1
ip wccp version command 48-8
ISL encapsulation 8-3
ISL trunks 8-2
isolated port 13-3
ISSU, See In Service Software Upgrade (ISSU)
J
join messages, IGMP 27-2
jumbo frames 7-9
L
label edge router 21-2
label switched path 21-16
label switch router 21-2, 21-3
LACP
system ID 10-4
lawful intercept, per-subscriber 22-4
Layer 2
configuring interfaces 8-6
access port 8-14
trunk 8-7
defaults 8-5
interface modes 8-4
show interfaces 7-11, 7-12, 8-7, 8-12
switching 8-1
trunks 8-2
VLAN interface assignment 12-11
Layer 2 interfaces, configuring 8-1
Layer 2 protocol tunneling
configuring Layer 2 tunnels 16-2
overview 16-1
Layer 2 remarking 37-15
Layer 2 Traceroute 50-1
Layer 2 traceroute
and ARP 50-2
and CDP 50-1
described 50-1
IP addresses and subnets 50-2
MAC addresses and VLANs 50-2
multicast traffic 50-2
multiple devices on a port 50-2
unicast traffic 50-1
usage guidelines 50-1
Layer 3
IP MMLS and MLS cache 25-2
Layer 3 switched packet rewrite
CEF 23-2
Layer 3 switching
CEF 23-2
Layer 4 port operations (ACLs) 30-5
leave processing, IGMP
enabling 27-12
leave processing, MLDv2
enabling 26-12
link failure, detecting unidirectional 17-24
link negotiation 7-7
link redundancy
Load Balancing 21-8
Local Egress Replication 25-12
logical operation unit
loop guard
LOU
description 30-6
determining maximum number of 30-6
M
MAC address
adding to BOOTP configuration file 2-7
MAC address-based blocking 29-1
MAC move (port security) 41-2
macro, interfaces range 7-4
main-cpu command 6-6
mapping 802.1Q VLANs to ISL VLANs 12-12, 12-15
markdown
maximum aging time, MSTP 17-47
maximum aging time, STP 17-36
maximum hop count, MSTP 17-47
microflow policing rule
Min-Links 10-12
MLD report 26-4
MLD snooping
query interval, configuring 26-11
MLDv2 26-1
enabling 26-9
leave processing
enabling 26-12
queries 26-4
snooping
fast leave 26-6
joining multicast group 26-4
leaving multicast group 26-6
understanding 26-1
snooping querier
enabling 26-8
understanding 26-1
MLDv2 Snooping 26-1
MLS
configuring threshold 25-13
MSFC threshold 25-13
mls aging command
configuring IP MLS 43-20
mls flow command
configuring IP MLS 43-18, 43-19
mls ip multicast command
enabling IP MMLS 25-10, 25-11, 25-13, 25-14, 25-15, 25-20, 25-21
mls nde flow command
configuring a host and port filter 43-26
configuring a host flow filter 43-27
configuring a port filter 43-26
configuring a protocol flow filter 43-27
mls nde sender command 43-21
monitoring
Flex Links 9-3
private VLANs 13-17
MPLS 21-2
aggregate label 21-2
any transport over MPLS 21-13
basic configuration 21-8
core 21-3
DiffServ Tunneling Modes 38-31
egress 21-4
experimental field 38-3
guidelines and restrictions 21-7
ingress 21-3
IP to MPLS path 21-3
labels 21-2
Layer 2 VPN load balancing 21-8
MPLS to IP path 21-4
MPLS to MPLS path 21-3
nonaggregate lable 21-2
QoS default configuration 38-15
VPN 38-12
VPN guidelines and restrictions 21-11
mpls l2 transport route command 21-15
MPLS QoS
Classification 38-2
Class of Service 38-2
commands 38-16
configuring a class map 38-20
configuring a policy map 38-23
configuring egress EXP mutation 38-28
configuring EXP Value Maps 38-30
Differentiated Services Code Point 38-2
displaying a policy map 38-27
E-LSP 38-2
enabling QoS globally 38-18
EXP bits 38-2
features 38-3
IP Precedence 38-2
QoS Tags 38-2
queueing-only mode 38-19
MPLS QoS configuration
class map to classify MPLS packets 38-20
MPLS VPN, limitations and restrictions 21-11
MQC 37-1
not supported
CAR 37-2
queuing 37-2
supported
policy maps 37-3
MSTP
boundary ports
configuration guidelines 17-38
described 17-22
CIST, described 17-19
CIST root 17-21
configuration guidelines 17-38
configuring
forward-delay time 17-46
link type for rapid convergence 17-47
maximum aging time 17-47
maximum hop count 17-47
MST region 17-39
neighbor type 17-48
path cost 17-43
port priority 17-42
root switch 17-40
secondary root switch 17-42
switch priority 17-44
configuring hello time 17-45
CST
defined 17-19
operations between regions 17-20
default configuration 17-38
displaying status 17-49
enabling the mode 17-39
extended system ID
effects on root switch 17-40
effects on secondary root switch 17-42
unexpected behavior 17-41
IEEE 802.1s
implementation 17-23
port role naming change 17-23
terminology 17-21
interoperability with IEEE 802.1D
described 17-25
restarting migration process 17-49
IST
defined 17-19
master 17-20
operations within a region 17-20
mapping VLANs to MST instance 17-39
MST region
CIST 17-19
configuring 17-39
described 17-18
hop-count mechanism 17-22
IST 17-19
supported spanning-tree instances 17-19
overview 17-18
root switch
configuring 17-40
effects of extended system ID 17-40
unexpected behavior 17-41
status, displaying 17-49
MTU size (default) 12-6
multicast
IGMP snooping and 27-9
MLDv2 snooping and 26-9
NetFlow statistics 43-14
non-RPF 25-5
overview 27-1
PIM snooping 28-4
multicast, displaying routing table 25-18
Multicast enhancement - egress replication performance improvement 25-12
Multicast Enhancement - Replication Mode Detection 25-11
multicast flood blocking 36-1
multicast groups
joining 27-2
multicast groups, IPv6
joining 26-4
Multicast Listener Discovery version 2
multicast multilayer switching
Multicast Replication Mode Detection enhancement 25-11
multicast RPF 25-2
multicast storms
multilayer switch feature card
multiple path RPF check 29-2
N
native VLAN 8-10
NBAR 37-1
NDE
configuration, displaying 43-27
displaying configuration 43-27
enabling 43-15
filters
destination host, specifying 43-27
destination TCP/UDP port, specifying 43-26
overview 43-7
protocol, specifying 43-27
source host and destination TCP/UDP port, specifying 43-26
multicast 43-14
overview 43-1
specifying
destination host filters 43-27
destination TCP/UDP port filters 43-26
protocol filters 43-27
NDE configuration, default 43-13
NDE version 8 43-10
NetFlow and NDE for Ingress Bridged IP Traffic 43-23
NetFlow Data Export
Netflow Multiple Export Destinations 43-23
NetFlow version 9 43-3
Network-Based Application Recognition 37-1
non-RPF multicast 25-5
Nonstop Forwarding
nonvolatile random-access memory
normal-range VLANs
NSF 5-1
NSF with SSO does not support IPv6 multicast traffic. 5-1
NVRAM
saving settings 2-5
O
OIR 7-15
online diagnostics
configuring 47-2
diagnostic sanity check 47-11
memory tests 47-10
overview 47-1
running tests 47-6
schedule switchover 47-10
test descriptions A-1
understanding 47-1
online diagnostic tests A-1
online insertion and removal
operating system image
out of profile
P
packet burst 32-7
packet capture 56-1
packet recirculation 37-12
packet rewrite
CEF 23-2
IP MMLS and 25-3
packets
multicast 31-4
PACLs. See private hosts feature
PAgP
understanding 10-3
passwords
configuring
enable password 2-8
enable secret 2-8
line password 2-9
static enable password 2-8
TACACS+ 2-9
TACACS+ (caution) 2-10
encrypting 2-10
(caution) 2-10
recovering lost enable passwords 2-12
path cost
MSTP 17-43
PFC3BXL
hardware features 21-4
MPLS guidelines and restrictions 21-7
MPLS label switching 21-1
MPLS supported commands 21-7
recirculation 21-4
supported Cisco IOS features 21-5
VPN supported commands 21-11
VPN switching 21-10
PFC compatibility with RSP720 3-2
PIM, IP MMLS and 25-9
PIM snooping
designated router flooding 28-6
enabling globally 28-5
enabling in a VLAN 28-5
overview 28-4
police command 37-63
policing
policing, QoS (definition) 37-107
policy 37-52
policy-based routing
policy map 37-59
attaching to an interface 37-66
policy-map command 37-53, 37-60
Port Aggregation Protocol
port-based ACLs (PACLs). See private hosts feature
port-based authentication
authentication server
defined 40-2
RADIUS server 40-2
client, defined 40-2
configuration guidelines 40-7
configuring
initializing authentication of a client 40-11
manual reauthentication of a client 40-11
quiet period 40-12
RADIUS server 40-10
RADIUS server parameters on the switch 40-9
switch-to-authentication-server retransmission time 40-14
switch-to-client EAP-request frame retransmission time 40-13
switch-to-client frame-retransmission number 40-14
switch-to-client retransmission time 40-13
default configuration 40-6
described 40-1
device roles 40-2
displaying statistics 40-16
EAPOL-start frame 40-3
EAP-request/identity frame 40-3
EAP-response/identity frame 40-3
enabling
802.1X authentication 40-8, 40-9
periodic reauthentication 40-10
encapsulation 40-2
initiation and message exchange 40-3
method lists 40-8
ports
authorization state and dot1x port-control command 40-4
authorized and unauthorized 40-4
resetting to default values 40-16
switch
as proxy 40-2
RADIUS client 40-2
topologies, supported 40-5
port-based QoS features
port channel
switchport trunk encapsulation dot1q 10-6
port-channel
port-channel load-balance
port cost, STP 17-32
port debounce timer 7-13
PortFast
PortFast BPDU filtering
See STP PortFast BPDU filtering
port mode 21-16
port negotiation 7-7
port priority
MSTP 17-42
port priority, STP 17-30
ports
setting the debounce timer 7-13
port security
configuring 41-4
default configuration 41-3
described 41-1
displaying 41-11
enable sticky secure MAC address 41-8
violations 41-2
Port Security is supported on trunks 41-4, 41-7, 41-9
port security MAC move 41-2
port security on PVLAN ports 41-3
Port Security with Sticky Secure MAC Addresses 41-2
power management
enabling/disabling redundancy 46-2
overview 46-1
powering modules up or down 46-3
system power requirements, nine-slot chassis 46-5
primary links 9-1
primary VLANs 13-2
priority
priority-rate propagation, IP subscriber 22-5, 22-9, 22-10
private-hosts command 34-13
private hosts feature
command reference 34-12
configuration guidelines 34-5, 34-6
configuring (detailed steps) 34-9
configuring (summary) 34-8
debug fm private-hosts command 34-30
debug private-hosts command 34-31
isolating hosts in a VLAN 34-2
multicast operation 34-7
overview 34-1
port ACLs (PACLs) 34-5
private-hosts command 34-13
private-hosts mac-list command 34-14
private-hosts mode command 34-16
private-hosts promiscuous command 34-18
private-hosts vlan-list command 34-20
protocol-independent MAC ACLs 34-1
restricting traffic flow with PACLs 34-3
show fm private-hosts command 34-22
show private-hosts access-lists command 34-25
show private-hosts configuration command 34-27
show private-hosts interface configuration command 34-28
show private-hosts mac-list command 34-29
spoofing protection 34-7
private-hosts mac-list command 34-14
private-hosts mode command 34-16
private-hosts promiscuous command 34-18
private-hosts vlan-list command 34-20
private VLANs 13-1
across multiple switches 13-5
and SVIs 13-6
benefits of 13-2
configuration guidelines 13-7, 13-9, 13-11
configuring 13-11
host ports 13-14
pomiscuous ports 13-15
routing secondary VLAN ingress traffic 13-13
secondary VLANs with primary VLANs 13-12
VLANs as private 13-11
end station access to 13-4
IP addressing 13-4
monitoring 13-17
ports
community 13-3
configuration guidelines 13-9
isolated 13-3
promiscuous 13-3
primary VLANs 13-2
secondary VLANs 13-2
subdomains 13-2
traffic in 13-6
privileges
changing default 2-11
configuring
multiple levels 2-10
privilege level 2-11
exiting 2-12
logging in 2-11
procedures
global parameters, configuring 2-2
using configuration mode2-3to 2-4
promiscuous ports 13-3
protocol tunneling
See Layer 2 protocol tunneling 16-1
pruning, VTP
PVLANs
PVRST
See Rapid-PVST 17-17
Q
QoS
class of service (CoS), definition 37-106
DSCP (definition) 37-106
IP precedence 37-107
marking 37-107
policing 37-107
Type of Service (ToS) 37-107
QoS, per-subscriber 22-4
QoS classification (definition)
QoS
classification 37-106
QoS congestion avoidance
QoS
congestion avoidance 37-106
QoS CoS
and ToS final L3 Switching Engine values 37-11
and ToS final values from L3 Switching Engine 37-11
port value, configuring 37-78
QoS default configuration 37-96, 39-2
QoS DSCP
definition 37-106
internal values 37-9
maps, configuring 37-72
QoS dual transmit queue
thresholds
QoS enhancements, RSP720 3-5
QoS Ethernet egress port
scheduling 37-96
scheduling, congestion avoidance, and marking 37-11, 37-13
QoS Ethernet ingress port
classification, marking, scheduling, and congestion avoidance 37-6
QoS final L3 Switching Engine CoS and ToS values 37-11
QoS internal DSCP values 37-9
QoS L3 Switching Engine
classification, marking, and policing 37-9
feature summary 37-16
QoS labels (definition) 37-107
QoS mapping
CoS values to DSCP values 37-69, 37-73
DSCP markdown values 37-27, 37-74, 38-16
DSCP values to CoS values 37-75
IP precedence values to DSCP values 37-73
QoS markdown 37-20
QoS marking
definition 37-107
trusted ports 37-14
untrusted ports 37-14
QoS MSFC
marking 37-17
QoS multilayer switch feature card 37-17
QoS OSM egress port
feature summary 37-13
QoS out of profile 37-19
QoS policing
definition 37-107
microflow, enabling for nonrouted traffic 37-47
QoS policing rule
aggregate 37-17
creating 37-51
microflow 37-17
QoS port
trust state 37-76
QoS port-based or VLAN-based 37-47
QoS queues
transmit, allocating bandwidth between 37-94
QoS receive queue 37-8, 37-89, 37-92
drop thresholds 37-22
QoS scheduling (definition) 37-107
QoS statistics data export 39-1
configuring 39-2
configuring destination host 39-7
configuring time interval 39-6, 39-9
QoS ToS
and CoS final values from L3 Switching Engine 37-11
definition 37-107
QoS traffic flow through QoS features 37-4
QoS transmit queue
QoS transmit queues 37-23, 37-86, 37-88, 37-90, 37-91
QoS trust-cos
QoS trust-dscp
QoS trust-ipprec
QoS untrusted port keyword 37-14, 37-15
QoS VLAN-based or port-based 37-10, 37-47
queries, IGMP 27-3
queries, MLDv2 26-4
queues
dual-priority (IP subscriber) 22-4, 22-9
R
Radius accounting, per-subscriber 22-4
rapid convergence 17-13
Rapid-PVST
enabling 17-36
overview 17-17
Rapid Spanning Tree
Rapid Spanning Tree Protocol
receive queues
reduced MAC address 17-2
redundancy (NSF) 5-1
configuring
BGP 5-13
CEF 5-13
EIGRP 5-18
IS-IS 5-16
OSPF 5-15
configuring multicast NSF with SSO 5-12
configuring supervisor engine 5-10
routing protocols 5-4
redundancy (RPR+) 6-1
configuring 6-6
configuring supervisor engine 6-5
displaying supervisor engine configuration 6-7
redundancy command 6-6
route processor redundancy plus 6-3
redundancy (SSO)
redundancy command 5-11
related documentation 1-4
reload command 2-16
Remote source-route bridging (RSRB) 19-2
Replication Mode Detection 25-11
report, MLD 26-4
reserved-range VLANs
rewrite, packet
CEF 23-2
IP MMLS 25-3
RIF cache monitoring 7-15
rommon command 2-17
ROM monitor
boot process and 2-13
root bridge, STP 17-28
root guard
root switch
MSTP 17-40
route processor redundancy
Route Switch Processor 720 (RSP720)
chassis support 3-1
feature support 3-2
flash memory 3-6
hardware components 3-2
high availability 3-3
IPv6 ACL enhancements 3-3
load balancing on GE bundles 3-4
overview 3-1
packet fragmentation over GRE tunnels 3-4
performance improvements 3-3
PFC compatibility 3-2
ports 3-6
QoS enhancements 3-5
rate-limiting of unknown unicast packets 3-3
scalability 3-3
switching modes 3-8
unsupported features 3-5
routing table, multicast 25-18
RPF
failure 25-5
multicast 25-2
non-RPF multicast 25-5
unicast 29-2
RPR+
RPR and RPR+ support IPv6 multicast traffic 6-1
RSTP
active topology 17-12
BPDU
format 17-15
processing 17-16
designated port, defined 17-12
designated switch, defined 17-12
interoperability with IEEE 802.1D
described 17-25
restarting migration process 17-49
topology changes 17-17
overview 17-12
port roles
described 17-12
synchronized 17-14
proposal-agreement handshake process 17-13
rapid convergence
described 17-13
edge ports and Port Fast 17-13
point-to-point links 17-13, 17-47
root ports 17-13
root port, defined 17-12
S
SAID 12-6
sample configuration 2-4
Sampled NetFlow
description 43-8
saving the configuration file 2-5
scheduling
secondary VLANs 13-2
Secure MAC Address Aging Type 41-10
security
security, port 41-1
security ACLs, per-subscriber 22-4
security precautions with Flash memory card 2-18
serial IDs
description 55-22
server IDs
description 55-23
service-policy command 37-53
service-policy input command 37-48, 37-66, 37-69, 37-72, 38-29
service-provider network, MSTP and RSTP 17-18
set power redundancy enable/disable command 46-2
short pipe mode, configuring 38-34
show boot command 2-19
show catalyst6000 chassis-mac-address command 17-3
show ciscoview package command 1-3
show ciscoview version command 1-3
show configuration command 7-14
show eobc command 7-15
show fm private-hosts command 34-22
show hardware command 7-2
show ibc command 7-15
show interfaces command 7-2, 7-11, 7-12, 7-14, 7-15, 8-7, 8-12
displaying, interface type numbers 7-2
displaying, speed and duplex mode 7-8
show ip flow export command
displaying NDE export flow IP address and UDP port 43-25
show ip interface command
displaying IP MMLS interfaces 25-16
show ip mroute command
displaying IP multicast routing table 25-18
show ip pim interface command
displaying IP MMLS router configuration 25-16
show mls aging command 43-20
show mls entry command 23-5
show mls ip multicast group command
displaying IP MMLS group 25-19, 25-22
show mls ip multicast interface command
displaying IP MMLS interface 25-19, 25-22
show mls ip multicast source command
displaying IP MMLS source 25-19, 25-22
show mls ip multicast statistics command
displaying IP MMLS statistics 25-19, 25-22
show mls ip multicast summary
displaying IP MMLS configuration 25-19, 25-22
show mls nde command 43-27
displaying NDE flow IP address 43-25
show mls rp command
displaying IP MLS configuration 43-19
show module command 6-7
show private-hosts access-lists command 34-25
show private-hosts configuration command 34-27
show private-hosts interface configuration command 34-28
show private-hosts mac-list command 34-29
show protocols command 7-15
show rif command 7-15
show running-config command 2-4, 7-14, 7-15
show startup-config command 2-5
show version command 2-3, 2-16, 2-17, 7-15
slot number, description 7-1
smart call home 55-1
description 55-2
destination profile (note) 55-4
registration requirements 55-2
service contract requirements 55-3
Transport Gateway (TG) aggregation point 55-2
SMARTnet
smart call home registration 55-2
SNMP
support and documentation 1-1
snooping
software
upgrading router 8-7
software configuration register functions2-14to 2-17
software images, Release 12.2SRB C-1
source IDs
call home event format 55-22
source-only-ip flow mask 43-3
source specific multicast with IGMPv3, IGMP v3lite, and URD 25-9
SPAN
configuration guidelines 44-6
configuring 44-11
sources 44-15, 44-19, 44-25, 44-27
VLAN filtering 44-29
overview 44-1
SPAN Destination Port Permit Lists 44-14
spanning-tree backbonefast
spanning-tree cost
command 17-32
spanning-tree portfast
command example 18-8
spanning-tree portfast bpdu-guard
command 18-11
spanning-tree port-priority
spanning-tree protocol for bridging 19-2
spanning-tree uplinkfast
command 18-12
command example 18-12
spanning-tree vlan
command 17-27, 17-29, 17-30, 18-14
command example 17-27, 17-29, 17-30
spanning-tree vlan cost
command 17-32
spanning-tree vlan forward-time
command 17-35
command example 17-35
spanning-tree vlan hello-time
command 17-34
command example 17-35
spanning-tree vlan max-age
command 17-36
command example 17-36
spanning-tree vlan port-priority
command 17-30
command example 17-31
spanning-tree vlan priority
command 17-34
command example 17-34
speed
configuring interface 7-6
standby link 9-1
standby links 9-1
static route, configuring 2-5
statistics
802.1X 40-16
Sticky ARP 32-25
sticky ARP 32-25
Sticky secure MAC addresses 41-8, 41-9
storm control
STP
configuring 17-25
bridge priority 17-33
forward-delay time 17-35
hello time 17-34
maximum aging time 17-36
port cost 17-32
port priority 17-30
root bridge 17-28
secondary root switch 17-29
defaults 17-26
EtherChannel 10-5
understanding 17-1
802.1Q Trunks 17-11
Blocking State 17-7
BPDUs 17-3
disabled state 17-11
forwarding state 17-10
learning state 17-9
listening state 17-8
overview 17-2
port states 17-5
protocol timers 17-4
root bridge election 17-4
topology 17-4
STP BackboneFast
configuring 18-13
figure
adding a switch 18-7
spanning-tree backbonefast
understanding 18-4
STP BPDU Guard
configuring 18-11
spanning-tree portfast bpdu-guard
command 18-11
understanding 18-2
STP bridge ID 17-2
STP EtherChannel guard 18-6
STP loop guard
configuring 18-15
overview 18-6
STP PortFast
BPDU filter
configuring 18-10
BPDU filtering 18-2
configuring 18-8
spanning-tree portfast
command example 18-8
understanding 18-2
STP UplinkFast
configuring 18-12
spanning-tree uplinkfast
command 18-12
command example 18-12
understanding 18-3
subdomains, private VLAN 13-2
subscribers. See IP subscriber awareness
supervisor engine
configuring 2-1
default configuration 2-2
environmental monitoring 46-10
ROM monitor 2-13
startup configuration 2-13
static routes 2-5
synchronizing configurations 5-19, 6-7
Supervisor Engine 2, no longer supported
Supervisor Engine 32 4-1
flash memory 4-1
ports 4-2
supported chassis 4-1
supervisor engine redundancy
supervisor engines
displaying redundancy configuration 6-7
Switched Port Analyzer
switch fabric functionality 3-7, 3-2
switchport
configuring 8-14
example 8-13
show interfaces 7-11, 7-12, 8-7, 8-12
switchport access vlan 8-10, 8-14
example 8-14
switchport mode access 8-4, 8-14
example 8-14
switchport mode dynamic 8-9
switchport mode dynamic auto 8-4
switchport mode dynamic desirable 8-4
default 8-5
example 8-13
switchport mode trunk 8-4, 8-9
switchport nonegotiate 8-4
switchport trunk allowed vlan 8-11
switchport trunk encapsulation 8-8
switchport trunk encapsulation dot1q 8-3
example 8-13
switchport trunk encapsulation isl 8-3
switchport trunk encapsulation negotiate 8-3
default 8-5
switchport trunk native vlan 8-10
switchport trunk pruning vlan 8-11
switch priority
MSTP 17-44
switch TopN reports
foreground execution 49-2
overview 49-1
running 49-2
viewing 49-2
system
configuration register
settings at startup 2-15
configuring global parameters 2-2
System Hardware Capacity 46-5
system image
determining if and how to load 2-15
loading from Flash 2-17
T
TCP Intercept 29-2
TDR
checking cable connectivity 7-16
enabling and disabling test 7-16
guidelines 7-16
Time Domain Reflectometer
TopN reports
traceroute, Layer 2
and ARP 50-2
and CDP 50-1
described 50-1
IP addresses and subnets 50-2
MAC addresses and VLANs 50-2
multicast traffic 50-2
multiple devices on a port 50-2
unicast traffic 50-1
usage guidelines 50-1
traffic flood blocking 36-1
traffic-storm control
command
broadcast 35-3
described 35-1
monitoring 35-5
thresholds 35-1
traffic suppression
translational bridge numbers (defaults) 12-6
transmit queues
trunks 8-2
802.1Q Restrictions 8-5
allowed VLANs 8-11
configuring 8-7
default interface configuration 8-7
default VLAN 8-10
different VTP domains 8-3
encapsulation 8-3
native VLAN 8-10
to non-DTP device 8-4
VLAN 1 minimization 8-11
trust-dscp
trust-ipprec
trustpoint 55-3
tunneling, 802.1Q
See 802.1Q 15-1
Type of Service (ToS) 37-107
U
UDE 20-1
configuration 20-3
overview 20-2
UDE and UDLR 20-1
UDLD
default configuration 42-3
enabling
globally 42-3
on ports 42-4
overview 42-1
UDLR 20-1
back channel 20-1
configuration 20-6
tunnel
(example) 20-7
ARP and NHRP 20-3
UDLR (unidirectional link routing)
unauthorized ports with 802.1X 40-4
Unicast and Multicast Flood Blocking 36-1
unicast flood blocking 36-1
unicast RPF 29-2
unicast storms
Unidirectional Ethernet
unidirectional ethernet
example of setting 20-5
UniDirectional Link Detection Protocol
uniform mode
configuring 38-39
untrusted
upgrade guidelines 21-15
UplinkFast
URD 25-9
User-Based Rate Limiting 37-19, 37-64
V
VACLs 31-1
configuring 31-4
examples 31-9
Layer 3 VLAN interfaces 31-8
Layer 4 port operations 30-5
logging
configuration example 31-11
configuring 31-10
restrictions 31-10
MAC address based 31-5
multicast packets 31-4
overview 31-1
SVIs 31-8
WAN interfaces 31-1
version 8 (NDE) 43-10
virtual LAN
vlan
command 12-10, 12-11, 43-17, 43-18, 44-19
command example 12-10
VLAN-based QoS filtering 37-54
VLAN-bridge spanning-tree protocol 19-2
vlan database
command 12-10, 12-11, 43-17, 43-18, 44-19
vlan mapping dot1q
command example 12-16
VLAN mode 21-16
VLANs
allowed on trunk 8-11
configuration guidelines 12-8
configuring 12-1
configuring (tasks) 12-8
defaults 12-6
extended range 12-2
ID (default) 12-6
interface assignment 12-11
name (default) 12-6
normal range 12-2
private
reserved range 12-2
support for 4,096 VLANs 12-2
token ring 12-3
trunks
understanding 8-2
understanding 12-1
VLAN 1 minimization 8-11
VTP domain 12-3
VLAN translation
VLAN Trunking Protocol
voice VLAN
Cisco 7960 phone, port connections 14-1
configuration guidelines 14-4
configuring IP phone for data traffic
override CoS of incoming frame 14-7, 14-8
configuring ports for voice traffic in
802.1Q frames 14-5
connecting to an IP phone 14-5
default configuration 14-4
overview 14-1
VPN
configuration example 21-12
guidelines and restrictions 21-11
VTP
advertisements 11-3
client, configuring 11-10
configuration guidelines 11-6
default configuration 11-6
disabling 11-10
domains 11-2
VLANs 12-3
modes
client 11-2
server 11-2
transparent 11-2
monitoring 11-13
overview 11-1
pruning
configuration 8-11
configuring 11-9
overview 11-5
server, configuring 11-10
statistics 11-13
transparent mode, configuring 11-10
version 2
enabling 11-10
overview 11-3
W
WCCP
configuring on a router 48-2, 48-14
service groups 48-8
specifying protocol version 48-7
web browser interface 1-1
Web Cache Communication Protocol
web caches
web cache services
description 48-5
web caching
web scaling 48-1
weighted round robin 37-94
WRR 37-94
X
xconnect command 21-15