Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.2SR
Index

Table Of Contents

Symbols - Numerics - A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - Q - R - S - T - U - V - W - X -

Index

Symbols

!Mini Protocol Analyzer 56-1

Numerics

4K VLANs (support for 4,096 VLANs) 14-2

802.10 SAID (default) 14-6

802.1Q

encapsulation 10-3

Layer 2 protocol tunneling

See Layer 2 protocol tunneling

mapping to ISL VLANs 14-13, 14-16

trunks 10-2

restrictions 10-5

tunneling 17-1

configuration guidelines 17-4

configuring tunnel ports 17-6

802.1Q Ethertype, specifying custom 10-15

802.1X

See port-based authentication

802.3ad

See LACP

802.3X Flow Control 8-12

A

AAA 32-1, 33-1, 36-1

access control entries and lists 32-1, 33-1, 36-1

access-enable host timeout (not supported) 33-2

access interface (IP subscriber) 22-3

access lists, using with WCCP 52-10

access port, configuring 10-14

ACEs and ACLs 32-1, 33-1, 36-1

acronyms, list of A-1, B-1

addresses

IP, see IP addresses

MAC, see MAC addresses

advertisements, VTP 13-3

aggregate label 24-2, 24-4

aggregate policing

see QoS policing

aging time

IP MLS 47-20

maximum

for MSTP 19-47

MSTP accelerated 19-46

MSTP maximum 19-47

alarms

major 50-12

minor 50-12

Allow DHCP Option 82 on Untrusted Port

configuring 37-10

understanding 37-3

any transport over MPLS (AToM) 24-13

compatibility with previous releases of AToM 24-16

Ethernet over MPLS 24-16

ARP spoofing 38-1

AToM 24-13

authentication

See also port-based authentication

Authentication, Authorization, and Accounting

See AAA

Authentication, Authorization, and Accounting (AAA) 36-1

authorized ports with 802.1X 44-4

auto-sync command 7-6

B

BackboneFast

See STP BackboneFast

backup interfaces

See Flex Links

bandwidth-remaining ratio (BRR), IP subscriber 22-4, 22-5, 22-6, 22-7

binding database, DHCP snooping

See DHCP snooping binding database

binding database, DHCP snooping

See DHCP snooping binding database

blocking floods 40-1

blocking state, STP 19-7

boot bootldr command 2-19

boot command 2-15

boot config command 2-19

boot system command 2-14, 2-19

boot system flash command 2-15

BPDU, RSTP format 19-15

BPDU guard

See STP BPDU guard

bridge groups 21-2

bridge ID

See STP bridge ID

bridge priority, STP 19-33

bridge protocol data units

see BPDUs

bridging 21-2

broadcast storms

see traffic-storm control

C

cache engine clusters 52-1

cache engines 52-1

cache farms

See cache engine clusters

Call Home

description 55-1

message format options 55-1

messages

format options 55-1

call home 55-1

alert groups 55-6

configuring e-mail options 55-9

contact information 55-3

default settings 55-15

destination profiles 55-4

displaying information 55-11

mail-server priority 55-9

pattern matching 55-8

periodic notification 55-8

rate limit messages 55-9

severity threshold 55-8

smart call home feature 55-2

SMTP server 55-9

testing communications 55-10

call home alert groups

configuring 55-6

description 55-6

subscribing 55-6

call home contacts

assigning information 55-3

call home destination profiles

attributes 55-4

configuring 55-5

description 55-4

displaying 55-14

call home notifications

full-txt format for syslog 55-25

XML format for syslog 55-26

cautions for passwords

encrypting 2-10

TACACS+ 2-10

CEF

configuring

MSFC2 26-5

supervisor engine 26-4

examples 26-3

Layer 3 switching 26-2

packet rewrite 26-2

certificate authority (CA) 55-3

CGMP 30-8

channel-group group

command 12-8, 12-12, 12-13

command example 12-9

checking running configuration 2-4

Cisco Cache Engines 52-2

Cisco Express Forwarding 24-3

Cisco Group Management Protocol

See CGMP

Cisco IOS Release 12.2SRB software images C-1

Cisco IOS Unicast Reverse Path Forwarding 32-2

CiscoView 1-2

CIST regional root

See MSTP

CIST root

See MSTP

class command 41-60

classification (QoS) 41-106

class-map command 41-52

class map configuration 41-57

class of service (CoS) 41-106

Committed Access Rate (CAR), not supported 41-2

community ports 15-3

community VLANs 15-2, 15-3

Concurrent routing and bridging (CRB) 21-2

CONFIG_FILE environment variable

configuration file, viewing 2-19

description 2-18

config-register command 2-16

config terminal command 2-3

configuration

file, saving 2-5

register

changing settings 2-16

configuration2-14to 2-17

settings at startup 2-15

configuration example

EoMPLS port mode 24-17, 24-20

EoMPLS VLAN mode 24-17

configuration register boot field

listing value 2-17

modification tasks 2-16

configure command 2-3

configure terminal command 2-16, 8-2

configuring 41-59

global parameters

sample configuration 2-2

using configuration mode2-3to 2-4

contact information

assigning for call home 55-3

control plane policing

See CoPP

control plane policing and protection (CoPP)

per-subscriber 22-4

CoPP

applying QoS service policy to control plane 36-20

configuring

ACLs to match traffic 36-20

enabling MLS QoS 36-20

packet classification criteria 36-20

service-policy map 36-20

control plane configuration mode, entering 36-20

displaying

dynamic information 36-21

number of conforming bytes and packets 36-21

rate information 36-21

entering control plane configuration mode 36-20

monitoring statistics 36-21

overview 36-19

packet classification guidelines 36-21

traffic classification

defining 36-23

guidelines 36-24

overview 36-23

sample ACLs 36-24

sample classes 36-23

CoPP. See control plane policing and protection (CoPP)

copy running-config startup-config command 2-5

copy system

running-config nvram

startup-config command 2-19

CoS, override priority 16-7, 16-8

D

dCEF 26-4, 26-5

debug commands

IP MMLS 28-25

debug fm private-hosts command 35-30

debug private-hosts command 35-31

DEC spanning-tree protocol 21-2

default configuration

802.1X 44-6

dynamic ARP inspection 38-5

Flex Links 11-2

IP MMLS 28-7

MSTP 19-38

supervisor engine 2-2

UDLD 46-3

voice VLAN 16-4

VTP 13-6

default NDE configuration 47-13

default VLAN 10-10

deficit weighted round robin 41-94

denial of service protection

See DoS protection

description command 8-14

destination-ip flow mask 47-3

destination-source-ip flow mask 47-3

device IDs

call home format 55-22

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP option 82

circuit ID suboption 37-5

overview 37-3

packet format, suboption

circuit ID 37-5

remote ID 37-5

remote ID suboption 37-5

DHCP option 82 allow on untrusted port 37-10

DHCP snooping

binding database

See DHCP snooping binding database

configuration guidelines 37-6

configuring 37-8

default configuration 37-6

displaying binding tables 37-18

enabling 37-9, 37-10, 37-11, 37-13, 37-14

enabling the database agent 37-14

message exchange process 37-4

option 82 data insertion 37-3

overview 37-1

Snooping database agent 37-5

DHCP snooping binding database

described 37-2

entries 37-2

DHCP snooping binding table

See DHCP snooping binding database

DHCP Snooping Database Agent

adding to the database (example) 37-18

enabling (example) 37-15

overview 37-5

reading from a TFTP file (example) 37-17

DHCP snooping increased bindings limit 37-7, 37-15

differentiated services codepoint

See QoS DSCP

Differentiated Services Code Point (DSCP) 41-106

DiffServ

configuring short pipe mode 43-34

configuring uniform mode 43-39

short pipe mode 43-31

uniform mode 43-32

DiffServ tunneling modes 43-4

Disabling PIM Snooping Designated Router Flooding 31-6

distributed Cisco Express Forwarding

See dCEF

documentation, related 1-vii

document organization 1-iv

DoS protection

monitoring packet drop statistics

using monitor session commands 36-15

using VACL capture 36-17

PFC configuration guidelines and restrictions 36-14

Supervisor Engine 720 36-2

default configurations 36-13

egress ACL bridget packet rate limiters 36-7

FIB glean rate limiters 36-9

FIB receive rate limiters 36-9

ICMP redirect rate limiters 36-9

IGMP unreachable rate limiters 36-8

ingress ACL bridget packet rate limiters 36-7

IP errors rate limiters 36-11

IPv4 multicast rate limiters 36-11

IPv6 multicast rate limiters 36-12

Layer 2 PDU rate limiters 36-10

Layer 2 protocol tunneling rate limiters 36-10

MTU failure rate limiters 36-10

multicast directyly connected rate limiters 36-11

multicast FIB miss rate limiters 36-11

multicast IGMP snooping rate limiters 36-10

network under SYN attack 36-5

QoS ACLs 36-3

security ACLs 36-3

TCP intercept 36-5

traffic storm control 36-4

TTL failure rate limiter 36-8

uRPF check 36-4

uRPF failure rate limiters 36-8

VACL log rate limiters 36-10

Supervisor Engine 720Layer 3 security features rate limiters 36-9

understanding how it works 36-2

DSCP

See QoS DSCP

DSCP-based queue mapping 41-85

dual-priority queues

IP subscriber 22-4, 22-9

duplex command 8-7, 8-8

duplex mode

configuring interface 8-6

DWRR 41-94

dynamic ARP inspection

ARP cache poisoning 38-2

ARP requests, described 38-1

ARP spoofing attack 38-2

clearing

log buffer 38-16

statistics 38-16

configuration guidelines 38-5

configuring

log buffer 38-13, 38-14

logging system messages 38-14

rate limit for incoming ARP packets 38-4, 38-9

default configuration 38-5

denial-of-service attacks, preventing 38-9

described 38-1

DHCP snooping binding database 38-3

displaying

ARP ACLs 38-15

configuration and operating state 38-15

log buffer 38-16

statistics 38-16

trust state and rate limit 38-15

error-disabled state for exceeding rate limit 38-4

function of 38-2

interface trust states 38-3

log buffer

clearing 38-16

configuring 38-13, 38-14

displaying 38-16

logging of dropped packets, described 38-4

logging system messages

configuring 38-14

man-in-the middle attack, described 38-2

network security issues and interface trust states 38-3

priority of ARP ACLs and DHCP snooping entries 38-4

rate limiting of ARP packets

configuring 38-9

described 38-4

error-disabled state 38-4

statistics

clearing 38-16

displaying 38-16

validation checks, performing 38-11

Dynamic Host Configuration Protocol snooping

See DHCP snooping

E

eFSU. See enhanced Fast Software Upgrade (eFSU)

Egress ACL support for remarked DSCP 41-12

egress ACL support for remarked DSCP 41-48

egress replication performance improvement 28-13

e-mail addresses

assigning for call home 55-3

e-mail notifications

Call Home 55-1

Embedded CiscoView 1-2

enable command 2-3, 2-16

enable sticky secure MAC address 45-8

enabling

IP MMLS

on router interfaces 28-11

encapsulation 10-3

enhanced Fast Software Upgrade (eFSU)

aborting (issu abortversion command) 6-19

accepting the new software version 6-17

commiting the new software to standby RP (issu commitversion command) 6-17

disabling compatibility matrix check 6-9

displaying maximum outage time for line cards 6-14

error handling 6-4

forcing a switchover (issu runversion command) 6-14

issu loadversion command 6-12

loading new software onto standby RP 6-12

memory reservation on line card 6-3

memory reservation on line card, prohibiting 6-3

OIR not supported 6-7

operation 6-2

outage times 6-3

overview 6-1

performing 6-7

SSO, RPR, and RPR+ modes 6-7

steps 6-8

usage guidelines and limitations 6-6

verifying redundancy mode 6-10

enhanced interface range command 8-3

environmental monitoring

LED indications 50-12

SNMP traps 50-12

supervisor engine and switching modules 50-12

Syslog messages 50-12

using CLI commands 50-10

environment variables

CONFIG_FILE 2-18

controlling 2-19

viewing 2-19

EoMPLS 24-14

configuring 24-16

configuring VLAN mode 24-16

guidelines and restrictions 24-14

port mode 24-16

port mode configuration guidelines 24-20

VLAN mode 24-16

erase startup-config command

configuration files cleared with 2-6

ERSPAN 48-1

EtherChannel

channel-group group

command 12-8, 12-12, 12-13

command example 12-9

configuration guidelines 12-5

configuring

Layer 2 12-8

configuring (tasks) 12-7

interface port-channel

command example 12-8

interface port-channel (command) 12-7

lacp system-priority

command example 12-10

Layer 2, configuring 12-8

load balancing

configuring 12-11

understanding 12-5

modes 12-2

PAgP, understanding 12-3

port-channel interfaces 12-5

port-channel load-balance

command 12-10, 12-11

command example 12-11

STP 12-5

switchport trunk encapsulation dot1q 12-6

understanding 12-1

EtherChannel Guard

See STP EtherChannel Guard

EtherChannel Min-Links 12-12

Ethernet, setting port duplex 8-13

Ethernet over MPLS (EoMPLS) configuration

EoMPLS port mode 24-20

EoMPLS VLAN mode 24-17

examples

software configuration register2-14to 2-17

EXP mutation 43-4

extended range VLANs 14-2

See VLANs

extended system ID, MSTP 19-40

Extensible Authentication Protocol over LAN 44-1

F

fabric switching mode

See switch fabric module

fabric switching-mode allow dcef-only command on Supervisor Engine 720 5-2, 7-4

fall-back bridging 21-2

fiber-optic, detecting unidirectional links 46-1

FIB TCAM 24-2

filters, NDE

destination host filter, specifying 47-27

destination TCP/UDP port, specifying 47-26

overview 47-7

protocol 47-27

source host and destination TCP/UDP port 47-26

Flash memory

configuration process 2-18

configuring router to boot from 2-18

loading system image from 2-17

security precautions 2-18

write protection 2-18

Flex Links 11-1

configuration guidelines 11-2

configuring 11-3

default configuration 11-2

description 11-1

monitoring 11-3

flood blocking 40-1

flow control 8-12

flow masks

IP MLS

destination-ip 47-3

destination-source-ip 47-3

interface-destination-source-ip 47-3

ip-full 47-3

ip-interface-full 47-3

minimum 47-19

overview 47-3

flowmasks

NetFlow (Release 12.2SRA) 47-3

NetFlow (Release 12.2SRB) 47-3

flows

IP MMLS

completely and partially switched 28-3

forward-delay time

MSTP 19-46

forward-delay time, MSTP 19-46

forward-delay time, STP 19-35

frame distribution

See EtherChannel load balancing

G

global parameters, configuring 2-2

H

hardware Layer 3 switching, guidelines 26-4

hello time, MSTP 19-45

hello time, STP 19-34

High Capacity Power Supply Support 50-4

host ports 15-3

I

ICMP unreachable messages 33-1

IDs

serial IDs 55-22

IEEE 802.10 SAID (default) 14-6

IEEE 802.1Q

See 802.1Q

IEEE 802.1Q Ethertype

specifying custom 10-15

IEEE 802.1w

See RSTP

IEEE 802.3ad

See LACP

IEEE 802.3X Flow Control 8-12

IEEE bridging protocol 21-2

IGMP

configuration guidelines 29-7, 30-7

enabling 30-10

Internet Group Management Protocol 30-1

join messages 30-2

leave processing

enabling 30-12

queries 30-3

query interval, configuring 30-11

snooping

fast leave 30-5

joining multicast group 30-2

leaving multicast group 30-4

understanding 30-2

snooping querier

enabling 30-9

understanding 30-2

IGMPv3 28-9

IGMP v3lite 28-9

In Service Software Upgrade (ISSU) 6-1

Integrated routing and bridging (IRB) 21-2

interface

command 2-3

Layer 2 modes 10-4

number 8-1

interface, access (IP subscriber) 22-3

interface access command 22-17

interface-destination-source-ip flow mask 47-3

interface port-channel

command example 12-8

interface port-channel (command) 12-7

interfaces

configuring 8-2

configuring, duplex mode 8-5

configuring, speed 8-5

configururing, overview 8-1

descriptive name, adding 8-14

naming 8-14

range of 8-3

interfaces command 8-2

interfaces range command 8-3

interfaces range macro command 8-4

Internet Group Management Protocol

See IGMP

IP accounting, IP MMLS and 28-8

IP addresses

assigned by BOOTP protocol 2-6

set to default 2-6

IP CEF, topology (figure) 26-3

ip flow-export destination command 47-23

ip flow-export source command 47-22, 47-24, 53-3, 53-4

ip-full flow mask 47-3

ip http server 1-1

ip-interface-full flow mask 47-3

IP MLS

aging-time 47-20

flow masks

destination-ip 47-3

destination-source-ip 47-3

interface-destination-source-ip 47-3

ip-full 47-3

ip-interface-full 47-3

minimum 47-19

overview 47-3

NDE

See NDE

IP MMLS

cache, overview 28-2

configuration guideline 28-7

debug commands 28-25

default configuration 28-7

enabling

on router interfaces 28-11

flows

completely and partially switched 28-3

Layer 3 MLS cache 28-2

overview 28-2

packet rewrite 28-3

router

displaying interface information 28-17

enabling globally 28-9

enabling on interfaces 28-11

multicast routing table, displaying 28-20

PIM, enabling 28-10

unsupported features 28-8

IP multicast

IGMP snooping and 30-9

MLDv2 snooping and 29-9

overview 30-1

IP multicast MLS

See IP MMLS

ip multicast-routing command

enabling IP multicast 28-10

IP phone, configuring 16-5

ip pim command

enabling IP PIM 28-10

IP precedence 41-107

IP static routes 2-5

IP subscriber awareness

benefits 22-2

configuration example 22-14

configuration guidelines 22-11

configuring 22-12, 22-13

control plane policing and protection (CoPP) 22-4

interface access command 22-17

IP subscriber interface 22-3

IP subscriber session 22-3

lawful intercept 22-4

overview 22-1

per-subscriber features 22-4

QoS 22-4

bandwidth-remaining ratio (BRR) 22-4, 22-5, 22-6, 22-7

dual-priority queues 22-4, 22-9

priority-rate propagation 22-5, 22-9, 22-10

QoS recommendations 22-5

Radius accounting 22-4

security ACLs 22-4

unsupported features 22-10

IP unnumbered 21-1

IPv4 Multicast over Point-to-Point GRE Tunnels 1-4

IPv4 Multicast VPN 25-1

IPv6 Multicast PFC3 and DFC3 Layer 3 Switching 27-1

ip wccp version command 52-8

ISL encapsulation 10-3

ISL trunks 10-2

isolated port 15-3

isolated VLANs 15-2, 15-3

ISSU, See In Service Software Upgrade (ISSU)

J

join messages, IGMP 30-2

jumbo frames 8-9

L

label edge router 24-2

label switched path 24-16

label switch router 24-2, 24-3

LACP

system ID 12-4

lawful intercept, per-subscriber 22-4

Layer 2

configuring interfaces 10-6

access port 10-14

trunk 10-7

defaults 10-5

interface modes 10-4

show interfaces 8-11, 8-12, 10-7, 10-12

switching 10-1

trunks 10-2

VLAN interface assignment 14-12

Layer 2 interfaces, configuring 10-1

Layer 2 protocol tunneling

configuring Layer 2 tunnels 18-2

overview 18-1

Layer 2 remarking 41-15

Layer 2 Traceroute 54-1

Layer 2 traceroute

and ARP 54-2

and CDP 54-1

described 54-1

IP addresses and subnets 54-2

MAC addresses and VLANs 54-2

multicast traffic 54-2

multiple devices on a port 54-2

unicast traffic 54-1

usage guidelines 54-1

Layer 3

IP MMLS and MLS cache 28-2

Layer 3 switched packet rewrite

CEF 26-2

Layer 3 switching

CEF 26-2

Layer 4 port operations (ACLs) 33-5

leave processing, IGMP

enabling 30-12

leave processing, MLDv2

enabling 29-12

LERs 43-2, 43-6, 43-7

link failure, detecting unidirectional 19-24

link negotiation 8-7

link redundancy

See Flex Links

Load Balancing 24-8

Local Egress Replication 28-13

logical operation unit

See LOU

loop guard

See STP loop guard

LOU

description 33-6

determining maximum number of 33-6

LSRs 43-2, 43-6

M

MAC address

adding to BOOTP configuration file 2-7

MAC address-based blocking 32-1

MAC move (port security) 45-2

macro, interfaces range 8-4

main-cpu command 7-6

mapping 802.1Q VLANs to ISL VLANs 14-13, 14-16

markdown

see QoS markdown

maximum aging time, MSTP 19-47

maximum aging time, STP 19-36

maximum hop count, MSTP 19-47

microflow policing rule

see QoS policing

Min-Links 12-12

MLD report 29-4

MLD snooping

query interval, configuring 29-11

MLDv2 29-1

enabling 29-9

leave processing

enabling 29-12

queries 29-4

snooping

fast leave 29-6

joining multicast group 29-4

leaving multicast group 29-6

understanding 29-1

snooping querier

enabling 29-8

understanding 29-1

MLDv2 Snooping 29-1

MLS

configuring threshold 28-14

MSFC threshold 28-14

mls aging command

configuring IP MLS 47-20

mls flow command

configuring IP MLS 47-18, 47-19

mls ip multicast command

enabling IP MMLS 28-11, 28-12, 28-14, 28-15, 28-16, 28-22, 28-23

mls nde flow command

configuring a host and port filter 47-26

configuring a host flow filter 47-27

configuring a port filter 47-26

configuring a protocol flow filter 47-27

mls nde sender command 47-21

monitoring

Flex Links 11-3

private VLANs 15-17

MPLS 24-2

aggregate label 24-2

any transport over MPLS 24-13

basic configuration 24-8

core 24-3

DiffServ Tunneling Modes 43-31

egress 24-4

experimental field 43-3

guidelines and restrictions 24-7

ingress 24-3

IP to MPLS path 24-3

labels 24-2

Layer 2 VPN load balancing 24-8

MPLS to IP path 24-4

MPLS to MPLS path 24-3

nonaggregate lable 24-2

QoS default configuration 43-15

VPN 43-12

VPN guidelines and restrictions 24-11

mpls l2 transport route command 24-16

MPLS QoS

Classification 43-2

Class of Service 43-2

commands 43-16

configuring a class map 43-20

configuring a policy map 43-23

configuring egress EXP mutation 43-28

configuring EXP Value Maps 43-30

Differentiated Services Code Point 43-2

displaying a policy map 43-27

E-LSP 43-2

enabling QoS globally 43-18

EXP bits 43-2

features 43-3

IP Precedence 43-2

QoS Tags 43-2

queueing-only mode 43-19

MPLS QoS configuration

class map to classify MPLS packets 43-20

MPLS VPN, limitations and restrictions 24-11

MQC 41-1

not supported

CAR 41-2

queuing 41-2

supported

policy maps 41-3

MSTP

boundary ports

configuration guidelines 19-38

described 19-22

CIST, described 19-19

CIST regional root 19-20

CIST root 19-21

configuration guidelines 19-38

configuring

forward-delay time 19-46

link type for rapid convergence 19-47

maximum aging time 19-47

maximum hop count 19-47

MST region 19-39

neighbor type 19-48

path cost 19-43

port priority 19-42

root switch 19-40

secondary root switch 19-42

switch priority 19-44

configuring hello time 19-45

CST

defined 19-19

operations between regions 19-20

default configuration 19-38

displaying status 19-49

enabling the mode 19-39

extended system ID

effects on root switch 19-40

effects on secondary root switch 19-42

unexpected behavior 19-41

IEEE 802.1s

implementation 19-23

port role naming change 19-23

terminology 19-21

interoperability with IEEE 802.1D

described 19-25

restarting migration process 19-49

IST

defined 19-19

master 19-20

operations within a region 19-20

mapping VLANs to MST instance 19-39

MST region

CIST 19-19

configuring 19-39

described 19-18

hop-count mechanism 19-22

IST 19-19

supported spanning-tree instances 19-19

overview 19-18

root switch

configuring 19-40

effects of extended system ID 19-40

unexpected behavior 19-41

status, displaying 19-49

MTU size (default) 14-6

multicast

IGMP snooping and 30-9

MLDv2 snooping and 29-9

NetFlow statistics 47-14

non-RPF 28-5

overview 30-1

PIM snooping 31-4

multicast, displaying routing table 28-20

Multicast enhancement - egress replication performance improvement 28-13

Multicast Enhancement - Replication Mode Detection 28-11

multicast flood blocking 40-1

multicast groups

joining 30-2

leaving 29-6, 30-4

multicast groups, IPv6

joining 29-4

Multicast Listener Discovery version 2

See MLDv2

multicast multilayer switching

See IPv4 MMLS

Multicast Replication Mode Detection enhancement 28-11

multicast RPF 28-2

multicast storms

see traffic-storm control

multilayer switch feature card

see MSFC

multiple path RPF check 32-2

N

native VLAN 10-10

NBAR 41-1

NDE

configuration, displaying 47-27

displaying configuration 47-27

enabling 47-15

filters

destination host, specifying 47-27

destination TCP/UDP port, specifying 47-26

overview 47-7

protocol, specifying 47-27

source host and destination TCP/UDP port, specifying 47-26

multicast 47-14

overview 47-1

specifying

destination host filters 47-27

destination TCP/UDP port filters 47-26

protocol filters 47-27

NDE configuration, default 47-13

NDE version 8 47-10

NetFlow and NDE for Ingress Bridged IP Traffic 47-23

NetFlow Data Export

See NDE

Netflow Multiple Export Destinations 47-23

NetFlow version 9 47-3

Network-Based Application Recognition 41-1

nonaggregate label 24-2, 24-4

non-RPF multicast 28-5

Nonstop Forwarding

See NSF

nonvolatile random-access memory

See NVRAM

normal-range VLANs

See VLANs

NSF 5-1

NSF with SSO does not support IPv6 multicast traffic. 5-1

NVRAM

saving settings 2-5

O

OIR 8-15

online diagnostics

configuring 51-2

diagnostic sanity check 51-11

memory tests 51-10

overview 51-1

running tests 51-6

schedule switchover 51-10

test descriptions A-1

understanding 51-1

online diagnostic tests A-1

online insertion and removal

See OIR

operating system image

See system image

out of profile

see QoS out of profile

P

packet burst 36-7

packet capture 56-1

packet recirculation 41-12

packet rewrite

CEF 26-2

IP MMLS and 28-3

packets

multicast 34-4

PACLs. See private hosts feature

PAgP

understanding 12-3

passwords

configuring

enable password 2-8

enable secret 2-8

line password 2-9

static enable password 2-8

TACACS+ 2-9

TACACS+ (caution) 2-10

encrypting 2-10

(caution) 2-10

recovering lost enable passwords 2-12

path cost

MSTP 19-43

PBR 1-4, 21-4

PFC3BXL

hardware features 24-4

MPLS guidelines and restrictions 24-7

MPLS label switching 24-1

MPLS supported commands 24-7

recirculation 24-4

supported Cisco IOS features 24-5

VPN supported commands 24-11

VPN switching 24-10

PFC compatibility with RSP720 3-2

PIM, IP MMLS and 28-10

PIM snooping

designated router flooding 31-6

enabling globally 31-5

enabling in a VLAN 31-5

overview 31-4

police command 41-63

policing

See QoS policing

policing, QoS (definition) 41-107

policy 41-52

policy-based routing

See PBR

policy map 41-59

attaching to an interface 41-66

policy-map command 41-53, 41-60

Port Aggregation Protocol

see PAgP

port-based ACLs (PACLs). See private hosts feature

port-based authentication

authentication server

defined 44-2

RADIUS server 44-2

client, defined 44-2

configuration guidelines 44-7

configuring

initializing authentication of a client 44-11

manual reauthentication of a client 44-11

quiet period 44-12

RADIUS server 44-10

RADIUS server parameters on the switch 44-9

switch-to-authentication-server retransmission time 44-14

switch-to-client EAP-request frame retransmission time 44-13

switch-to-client frame-retransmission number 44-14

switch-to-client retransmission time 44-13

default configuration 44-6

described 44-1

device roles 44-2

displaying statistics 44-16

EAPOL-start frame 44-3

EAP-request/identity frame 44-3

EAP-response/identity frame 44-3

enabling

802.1X authentication 44-8, 44-9

periodic reauthentication 44-10

encapsulation 44-2

initiation and message exchange 44-3

method lists 44-8

ports

authorization state and dot1x port-control command 44-4

authorized and unauthorized 44-4

resetting to default values 44-16

switch

as proxy 44-2

RADIUS client 44-2

topologies, supported 44-5

port-based QoS features

see QoS

port channel

switchport trunk encapsulation dot1q 12-6

port-channel

see EtherChannel

port-channel load-balance

command 12-10, 12-11

command example 12-10, 12-11

port cost, STP 19-32

port debounce timer 8-13

PortFast

See STP PortFast

PortFast BPDU filtering

See STP PortFast BPDU filtering

port mode 24-16

port negotiation 8-7

port priority

MSTP 19-42

port priority, STP 19-30

ports

setting the debounce timer 8-13

port security

aging 45-10, 45-11

configuring 45-4

default configuration 45-3

described 45-1

displaying 45-11

enable sticky secure MAC address 45-8

violations 45-2

Port Security is supported on trunks 45-4, 45-7, 45-9

port security MAC move 45-2

port security on PVLAN ports 45-3

Port Security with Sticky Secure MAC Addresses 45-2

power management

enabling/disabling redundancy 50-2

overview 50-1

powering modules up or down 50-3

system power requirements, nine-slot chassis 50-5

primary links 11-1

primary VLANs 15-2

priority

overriding CoS 16-7, 16-8

priority-rate propagation, IP subscriber 22-5, 22-9, 22-10

private-hosts command 35-13

private hosts feature

command reference 35-12

configuration guidelines 35-5, 35-6

configuring (detailed steps) 35-9

configuring (summary) 35-8

debug fm private-hosts command 35-30

debug private-hosts command 35-31

isolating hosts in a VLAN 35-2

multicast operation 35-7

overview 35-1

port ACLs (PACLs) 35-5

port types 35-3, 35-4

private-hosts command 35-13

private-hosts mac-list command 35-14

private-hosts mode command 35-16

private-hosts promiscuous command 35-18

private-hosts vlan-list command 35-20

protocol-independent MAC ACLs 35-1

restricting traffic flow with PACLs 35-3

show fm private-hosts command 35-22

show private-hosts access-lists command 35-25

show private-hosts configuration command 35-27

show private-hosts interface configuration command 35-28

show private-hosts mac-list command 35-29

spoofing protection 35-7

private-hosts mac-list command 35-14

private-hosts mode command 35-16

private-hosts promiscuous command 35-18

private-hosts vlan-list command 35-20

private VLANs 15-1

across multiple switches 15-5

and SVIs 15-6

benefits of 15-2

community VLANs 15-2, 15-3

configuration guidelines 15-7, 15-9, 15-11

configuring 15-11

host ports 15-14

pomiscuous ports 15-15

routing secondary VLAN ingress traffic 15-13

secondary VLANs with primary VLANs 15-12

VLANs as private 15-11

end station access to 15-4

IP addressing 15-4

isolated VLANs 15-2, 15-3

monitoring 15-17

ports

community 15-3

configuration guidelines 15-9

isolated 15-3

promiscuous 15-3

primary VLANs 15-2

secondary VLANs 15-2

subdomains 15-2

traffic in 15-6

privileges

changing default 2-11

configuring

multiple levels 2-10

privilege level 2-11

exiting 2-12

logging in 2-11

procedures

global parameters, configuring 2-2

using configuration mode2-3to 2-4

promiscuous ports 15-3

protocol tunneling

See Layer 2 protocol tunneling 18-1

pruning, VTP

See VTP, pruning

PVLANs

See private VLANs

PVRST

See Rapid-PVST 19-17

Q

QoS

class of service (CoS), definition 41-106

DSCP (definition) 41-106

IP precedence 41-107

marking 41-107

policing 41-107

Type of Service (ToS) 41-107

QoS, per-subscriber 22-4

QoS classification (definition)

QoS

classification 41-106

QoS congestion avoidance

QoS

congestion avoidance 41-106

QoS CoS

and ToS final L3 Switching Engine values 41-11

and ToS final values from L3 Switching Engine 41-11

port value, configuring 41-78

QoS default configuration 41-96, 42-2

QoS DSCP

definition 41-106

internal values 41-9

maps, configuring 41-72

QoS dual transmit queue

thresholds

configuring 41-78, 41-83

QoS enhancements, RSP720 3-5

QoS Ethernet egress port

scheduling 41-96

scheduling, congestion avoidance, and marking 41-11, 41-13

QoS Ethernet ingress port

classification, marking, scheduling, and congestion avoidance 41-6

QoS final L3 Switching Engine CoS and ToS values 41-11

QoS internal DSCP values 41-9

QoS L3 Switching Engine

classification, marking, and policing 41-9

feature summary 41-16

QoS labels (definition) 41-107

QoS mapping

CoS values to DSCP values 41-69, 41-73

DSCP markdown values 41-27, 41-74, 43-16

DSCP mutation 41-68, 43-29

DSCP values to CoS values 41-75

IP precedence values to DSCP values 41-73

QoS markdown 41-20

QoS marking

definition 41-107

trusted ports 41-14

untrusted ports 41-14

QoS MSFC

marking 41-17

QoS multilayer switch feature card 41-17

QoS OSM egress port

feature summary 41-13

QoS out of profile 41-19

QoS policing

definition 41-107

microflow, enabling for nonrouted traffic 41-47

QoS policing rule

aggregate 41-17

creating 41-51

microflow 41-17

QoS port

trust state 41-76

QoS port-based or VLAN-based 41-47

QoS queues

transmit, allocating bandwidth between 41-94

QoS receive queue 41-8, 41-89, 41-92

drop thresholds 41-22

QoS scheduling (definition) 41-107

QoS statistics data export 42-1

configuring 42-2

configuring destination host 42-7

configuring time interval 42-6, 42-9

QoS ToS

and CoS final values from L3 Switching Engine 41-11

definition 41-107

QoS traffic flow through QoS features 41-4

QoS transmit queue

size ratio 41-95, 41-96

QoS transmit queues 41-23, 41-86, 41-88, 41-90, 41-91

QoS trust-cos

port keyword 41-14, 41-16

QoS trust-dscp

port keyword 41-14, 41-15

QoS trust-ipprec

port keyword 41-14, 41-15

QoS untrusted port keyword 41-14, 41-15

QoS VLAN-based or port-based 41-10, 41-47

queries, IGMP 30-3

queries, MLDv2 29-4

queues

dual-priority (IP subscriber) 22-4, 22-9

R

Radius accounting, per-subscriber 22-4

rapid convergence 19-13

Rapid-PVST

enabling 19-36

overview 19-17

Rapid Spanning Tree

See RSTP

Rapid Spanning Tree Protocol

See RSTP

receive queues

see QoS receive queues

recirculation 24-4, 41-12

reduced MAC address 19-2

redundancy (NSF) 5-1

configuring

BGP 5-13

CEF 5-13

EIGRP 5-18

IS-IS 5-16

OSPF 5-15

configuring multicast NSF with SSO 5-12

configuring supervisor engine 5-10

routing protocols 5-4

redundancy (RPR+) 7-1

configuring 7-6

configuring supervisor engine 7-5

displaying supervisor engine configuration 7-7

redundancy command 7-6

route processor redundancy plus 7-3

redundancy (SSO)

redundancy command 5-11

related documentation 1-vii

reload command 2-16

Remote source-route bridging (RSRB) 21-2

Replication Mode Detection 28-11

report, MLD 29-4

reserved-range VLANs

See VLANs

rewrite, packet

CEF 26-2

IP MMLS 28-3

RIF cache monitoring 8-15

rommon command 2-17

ROM monitor

boot process and 2-13

root bridge, STP 19-28

root guard

See STP root guard

root switch

MSTP 19-40

route processor redundancy

See redundancy (RPR+)

Route Switch Processor 720 (RSP720)

chassis support 3-1

feature support 3-2

flash memory 3-6

hardware components 3-2

high availability 3-3

IPv6 ACL enhancements 3-3

load balancing on GE bundles 3-4

overview 3-1

packet fragmentation over GRE tunnels 3-4

performance improvements 3-3

PFC compatibility 3-2

ports 3-6

QoS enhancements 3-5

rate-limiting of unknown unicast packets 3-3

scalability 3-3

switching modes 3-8

unsupported features 3-5

routing table, multicast 28-20

RPF

failure 28-5

multicast 28-2

non-RPF multicast 28-5

unicast 32-2

RPR+

See redundancy (RPR+)

RPR and RPR+ support IPv6 multicast traffic 7-1

RSTP

active topology 19-12

BPDU

format 19-15

processing 19-16

designated port, defined 19-12

designated switch, defined 19-12

interoperability with IEEE 802.1D

described 19-25

restarting migration process 19-49

topology changes 19-17

overview 19-12

port roles

described 19-12

synchronized 19-14

proposal-agreement handshake process 19-13

rapid convergence

described 19-13

edge ports and Port Fast 19-13

point-to-point links 19-13, 19-47

root ports 19-13

root port, defined 19-12

See also MSTP

S

SAID 14-6

sample configuration 2-4

Sampled NetFlow

description 47-8

saving the configuration file 2-5

scheduling

see QoS

secondary VLANs 15-2

Secure MAC Address Aging Type 45-10

security

configuring 32-1, 33-1, 36-1

security, port 45-1

security ACLs, per-subscriber 22-4

security precautions with Flash memory card 2-18

serial IDs

description 55-22

server IDs

description 55-23

service-policy command 41-53

service-policy input command 41-48, 41-66, 41-69, 41-72, 43-29

service-provider network, MSTP and RSTP 19-18

set power redundancy enable/disable command 50-2

short pipe mode, configuring 43-34

show boot command 2-19

show catalyst6000 chassis-mac-address command 19-3

show ciscoview package command 1-3

show ciscoview version command 1-3

show configuration command 8-14

show eobc command 8-15

show fm private-hosts command 35-22

show hardware command 8-2

show ibc command 8-15

show interfaces command 8-2, 8-11, 8-12, 8-14, 8-15, 10-7, 10-12

displaying, interface type numbers 8-2

displaying, speed and duplex mode 8-8

show ip flow export command

displaying NDE export flow IP address and UDP port 47-25

show ip interface command

displaying IP MMLS interfaces 28-18

show ip mroute command

displaying IP multicast routing table 28-20

show ip pim interface command

displaying IP MMLS router configuration 28-18

show mls aging command 47-20

show mls entry command 26-5

show mls ip multicast group command

displaying IP MMLS group 28-21, 28-24

show mls ip multicast interface command

displaying IP MMLS interface 28-21, 28-24

show mls ip multicast source command

displaying IP MMLS source 28-21, 28-24

show mls ip multicast statistics command

displaying IP MMLS statistics 28-21, 28-24

show mls ip multicast summary

displaying IP MMLS configuration 28-21, 28-24

show mls nde command 47-27

displaying NDE flow IP address 47-25

show mls rp command

displaying IP MLS configuration 47-19

show module command 7-7

show private-hosts access-lists command 35-25

show private-hosts configuration command 35-27

show private-hosts interface configuration command 35-28

show private-hosts mac-list command 35-29

show protocols command 8-15

show rif command 8-15

show running-config command 2-4, 8-14, 8-15

show startup-config command 2-5

show version command 2-3, 2-16, 2-17, 8-15

slot number, description 8-1

smart call home 55-1

description 55-2

destination profile (note) 55-4

registration requirements 55-2

service contract requirements 55-3

Transport Gateway (TG) aggregation point 55-2

SMARTnet

smart call home registration 55-2

SNMP

support and documentation 1-1

snooping

See IGMP snooping

See MLDv2 snooping

software

upgrading router 6-7

software configuration register functions2-14to 2-17

software images, Release 12.2SRB C-1

source IDs

call home event format 55-22

source-only-ip flow mask 47-3

source specific multicast with IGMPv3, IGMP v3lite, and URD 28-9

SPAN

configuration guidelines 48-6

configuring 48-11

sources 48-15, 48-19, 48-25, 48-27

VLAN filtering 48-29

overview 48-1

SPAN Destination Port Permit Lists 48-14

spanning-tree backbonefast

command 20-13, 20-14

command example 20-13, 20-14

spanning-tree cost

command 19-32

command example 19-32, 19-33

spanning-tree portfast

command 20-8, 20-9

command example 20-8

spanning-tree portfast bpdu-guard

command 20-11

spanning-tree port-priority

command 19-30, 19-31

spanning-tree protocol for bridging 21-2

spanning-tree uplinkfast

command 20-12

command example 20-12

spanning-tree vlan

command 19-27, 19-29, 19-30, 20-14

command example 19-27, 19-29, 19-30

spanning-tree vlan cost

command 19-32

spanning-tree vlan forward-time

command 19-35

command example 19-35

spanning-tree vlan hello-time

command 19-34

command example 19-35

spanning-tree vlan max-age

command 19-36

command example 19-36

spanning-tree vlan port-priority

command 19-30

command example 19-31

spanning-tree vlan priority

command 19-34

command example 19-34

speed

configuring interface 8-6

speed command 4-2, 8-6

standby link 11-1

standby links 11-1

static route, configuring 2-5

statistics

802.1X 44-16

Sticky ARP 36-25

sticky ARP 36-25

Sticky secure MAC addresses 45-8, 45-9

storm control

see traffic-storm control

STP

configuring 19-25

bridge priority 19-33

enabling 19-26, 19-28

forward-delay time 19-35

hello time 19-34

maximum aging time 19-36

port cost 19-32

port priority 19-30

root bridge 19-28

secondary root switch 19-29

defaults 19-26

EtherChannel 12-5

understanding 19-1

802.1Q Trunks 19-11

Blocking State 19-7

BPDUs 19-3

disabled state 19-11

forwarding state 19-10

learning state 19-9

listening state 19-8

overview 19-2

port states 19-5

protocol timers 19-4

root bridge election 19-4

topology 19-4

STP BackboneFast

configuring 20-13

figure

adding a switch 20-7

spanning-tree backbonefast

command 20-13, 20-14

command example 20-13, 20-14

understanding 20-4

STP BPDU Guard

configuring 20-11

spanning-tree portfast bpdu-guard

command 20-11

understanding 20-2

STP bridge ID 19-2

STP EtherChannel guard 20-6

STP loop guard

configuring 20-15

overview 20-6

STP PortFast

BPDU filter

configuring 20-10

BPDU filtering 20-2

configuring 20-8

spanning-tree portfast

command 20-8, 20-9

command example 20-8

understanding 20-2

STP root guard 20-6, 20-14

STP UplinkFast

configuring 20-12

spanning-tree uplinkfast

command 20-12

command example 20-12

understanding 20-3

subdomains, private VLAN 15-2

subscribers. See IP subscriber awareness

supervisor engine

configuring 2-1

default configuration 2-2

environmental monitoring 50-10

redundancy 5-1, 7-1

ROM monitor 2-13

startup configuration 2-13

static routes 2-5

synchronizing configurations 5-19, 7-7

Supervisor Engine 2, no longer supported

Supervisor Engine 32 9-1

flash memory 9-1

ports 9-2

supported chassis 9-1

supervisor engine redundancy

configuring 5-10, 7-5

supervisor engines

displaying redundancy configuration 7-7

Switched Port Analyzer

See SPAN

switch fabric functionality 3-7, 4-2

configuring 3-8, 4-4

monitoring 3-9, 4-4

switchport

configuring 10-14

example 10-13

show interfaces 8-11, 8-12, 10-7, 10-12

switchport access vlan 10-10, 10-14

example 10-14

switchport mode access 10-4, 10-14

example 10-14

switchport mode dynamic 10-9

switchport mode dynamic auto 10-4

switchport mode dynamic desirable 10-4

default 10-5

example 10-13

switchport mode trunk 10-4, 10-9

switchport nonegotiate 10-4

switchport trunk allowed vlan 10-11

switchport trunk encapsulation 10-8

switchport trunk encapsulation dot1q 10-3

example 10-13

switchport trunk encapsulation isl 10-3

switchport trunk encapsulation negotiate 10-3

default 10-5

switchport trunk native vlan 10-10

switchport trunk pruning vlan 10-11

switch priority

MSTP 19-44

switch TopN reports

foreground execution 53-2

overview 53-1

running 53-2

viewing 53-2

system

configuration register

configuration2-14to 2-17

settings at startup 2-15

configuring global parameters 2-2

System Hardware Capacity 50-5

system image

determining if and how to load 2-15

loading from Flash 2-17

T

TACACS+ 32-1, 33-1, 36-1

TCP Intercept 32-2

TDR

checking cable connectivity 8-16

enabling and disabling test 8-16

guidelines 8-16

Time Domain Reflectometer

See TDR

TopN reports

See switch TopN reports

traceroute, Layer 2

and ARP 54-2

and CDP 54-1

described 54-1

IP addresses and subnets 54-2

MAC addresses and VLANs 54-2

multicast traffic 54-2

multiple devices on a port 54-2

unicast traffic 54-1

usage guidelines 54-1

traffic flood blocking 40-1

traffic-storm control

command

broadcast 39-3

described 39-1

monitoring 39-5

thresholds 39-1

traffic suppression

see traffic-storm control

translational bridge numbers (defaults) 14-6

transmit queues

see QoS transmit queues

trunks 10-2

802.1Q Restrictions 10-5

allowed VLANs 10-11

configuring 10-7

default interface configuration 10-7

default VLAN 10-10

different VTP domains 10-3

encapsulation 10-3

native VLAN 10-10

to non-DTP device 10-4

VLAN 1 minimization 10-11

trust-dscp

see QoS trust-dscp

trust-ipprec

see QoS trust-ipprec

trustpoint 55-3

tunneling 43-4, 43-31

tunneling, 802.1Q

See 802.1Q 17-1

Type of Service (ToS) 41-107

U

UDE 23-1

configuration 23-3

overview 23-2

UDE and UDLR 23-1

UDLD

default configuration 46-3

enabling

globally 46-3

on ports 46-4

overview 46-1

UDLR 23-1

back channel 23-1

configuration 23-6

tunnel

(example) 23-7

ARP and NHRP 23-3

UDLR (unidirectional link routing)

See UDLR

unauthorized ports with 802.1X 44-4

Unicast and Multicast Flood Blocking 40-1

unicast flood blocking 40-1

unicast RPF 32-2

unicast storms

see traffic-storm control

Unidirectional Ethernet

see UDE

unidirectional ethernet

example of setting 23-5

UniDirectional Link Detection Protocol

see UDLD

uniform mode

configuring 43-39

untrusted

see QoS trust-cos

see QoS untrusted

upgrade guidelines 24-16

UplinkFast

See STP UplinkFast

URD 28-9

User-Based Rate Limiting 41-19, 41-64

V

VACLs 34-1

configuring 34-4

examples 34-9

Layer 3 VLAN interfaces 34-8

Layer 4 port operations 33-5

logging

configuration example 34-11

configuring 34-10

restrictions 34-10

MAC address based 34-5

multicast packets 34-4

overview 34-1

SVIs 34-8

WAN interfaces 34-1

version 8 (NDE) 47-10

virtual LAN

See VLANs

vlan

command 14-10, 14-12, 47-17, 47-18, 48-19

command example 14-10

VLAN-based QoS filtering 41-54

VLAN-bridge spanning-tree protocol 21-2

vlan database

command 14-10, 14-12, 47-17, 47-18, 48-19

vlan mapping dot1q

command 14-15, 14-16

command example 14-17

VLAN mode 24-16

VLANs

allowed on trunk 10-11

configuration guidelines 14-8

configuring 14-1

configuring (tasks) 14-8

defaults 14-6

extended range 14-2

ID (default) 14-6

interface assignment 14-12

name (default) 14-6

normal range 14-2

private

See private VLANs

reserved range 14-2

support for 4,096 VLANs 14-2

token ring 14-3

trunks

understanding 10-2

understanding 14-1

VLAN 1 minimization 10-11

VTP domain 14-3

VLAN translation

command example 14-15, 14-16

VLAN Trunking Protocol

See VTP

voice VLAN

Cisco 7960 phone, port connections 16-1

configuration guidelines 16-4

configuring IP phone for data traffic

override CoS of incoming frame 16-7, 16-8

configuring ports for voice traffic in

802.1Q frames 16-5

connecting to an IP phone 16-5

default configuration 16-4

overview 16-1

VPN

configuration example 24-12

guidelines and restrictions 24-11

VTP

advertisements 13-3

client, configuring 13-10

configuration guidelines 13-6

default configuration 13-6

disabling 13-10

domains 13-2

VLANs 14-3

modes

client 13-2

server 13-2

transparent 13-2

monitoring 13-13

overview 13-1

pruning

configuration 10-11

configuring 13-9

overview 13-5

server, configuring 13-10

statistics 13-13

transparent mode, configuring 13-10

version 2

enabling 13-10

overview 13-3

W

WCCP

configuring on a router 52-2, 52-14

service groups 52-8

specifying protocol version 52-7

web browser interface 1-1

Web Cache Communication Protocol

See WCCP

web caches

See cache engines

web cache services

description 52-5

web caching

See web cache services

See also WCCP

web scaling 52-1

weighted round robin 41-94

WRR 41-94

X

xconnect command 24-16