-
Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.2SR
-
Preface
-
Product Overview
-
Configuring the Router for the First Time
-
Configuring a Route Switch Processor 720
-
Configuring a Supervisor Engine 720
-
Configuring a Supervisor Engine 32
-
Configuring NSF with SSO Supervisor Engine Redundancy
-
Configuring RPR and RPR+ Supervisor Engine Redundancy
-
ISSU and eFSU on Cisco 7600 Series Routers
-
Configuring Interfaces
-
Configuring LAN Ports for Layer 2 Switching
-
Configuring Flex Links
-
Configuring EtherChannels
-
Configuring VTP
-
Configuring VLANs
-
Configuring Private VLANs
-
Configuring Cisco IP Phone Support
-
Configuring IEEE 802.1Q Tunneling
-
Configuring Layer 2 Protocol Tunneling
-
Configuring STP and MST
-
Configuring Optional STP Features
-
Configuring Layer 3 Interfaces
-
IP Subscriber Awareness over Ethernet
-
Configuring UDE and UDLR
-
Configuring Multiprotocol Label Switching on the PFC
-
Configuring IPv4 Multicast VPN Support
-
Configuring IP Unicast Layer 3 Switching
-
Configuring IPv6 Multicast PFC3 and DFC3 Layer 3 Switching
-
Configuring IPv4 Multicast Layer 3 Switching
-
Configuring MLDv2 Snooping for IPv6 Multicast Traffic
-
Configuring IGMP Snooping for IPv4 Multicast Traffic
-
Configuring PIM Snooping
-
Configuring Network Security
-
Understanding Cisco IOS ACL Support
-
Configuring VLAN ACLs
-
Private Hosts (Using PACLs)
-
Configuring Denial of Service Protection
-
Configuring DHCP Snooping
-
Configuring Dynamic ARP Inspection
-
Configuring Traffic Storm Control
-
Unknown Unicast Flood Blocking
-
Configuring PFC QoS
-
Configuring MPLS QoS on the PFC
-
Configuring PFC QoS Statistics Data Export
-
Configuring IEEE 802.1X Port-Based Authentication
-
Configuring Port Security
-
Configuring UDLD
-
Configuring NetFlow and NDE
-
Configuring Local SPAN, RSPAN, and ERSPAN
-
Configuring SNMP IfIndex Persistence
-
Power Management and Environmental Monitoring
-
Configuring Online Diagnostics
-
Configuring Web Cache Services Using WCCP
-
Using the Top N Utility
-
Using the Layer 2 Traceroute Utility
-
Online Diagnostic Tests
-
Acronyms
-
Cisco IOS Release 12.2SRB Software Images
-
Index
-
Table Of Contents
Symbols - Numerics - A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
Symbols
!Mini Protocol Analyzer 56-1
Numerics
4K VLANs (support for 4,096 VLANs) 14-2
802.10 SAID (default) 14-6
802.1Q
encapsulation 10-3
Layer 2 protocol tunneling
See Layer 2 protocol tunneling
mapping to ISL VLANs 14-13, 14-16
trunks 10-2
restrictions 10-5
tunneling 17-1
configuration guidelines 17-4
configuring tunnel ports 17-6
802.1Q Ethertype, specifying custom 10-15
802.1X
802.3ad
802.3X Flow Control 8-12
A
access control entries and lists 32-1, 33-1, 36-1
access-enable host timeout (not supported) 33-2
access interface (IP subscriber) 22-3
access lists, using with WCCP 52-10
access port, configuring 10-14
ACEs and ACLs 32-1, 33-1, 36-1
addresses
advertisements, VTP 13-3
aggregate policing
aging time
IP MLS 47-20
maximum
for MSTP 19-47
MSTP accelerated 19-46
MSTP maximum 19-47
alarms
major 50-12
minor 50-12
Allow DHCP Option 82 on Untrusted Port
configuring 37-10
understanding 37-3
any transport over MPLS (AToM) 24-13
compatibility with previous releases of AToM 24-16
Ethernet over MPLS 24-16
ARP spoofing 38-1
AToM 24-13
authentication
See also port-based authentication
Authentication, Authorization, and Accounting
Authentication, Authorization, and Accounting (AAA) 36-1
authorized ports with 802.1X 44-4
auto-sync command 7-6
B
BackboneFast
backup interfaces
bandwidth-remaining ratio (BRR), IP subscriber 22-4, 22-5, 22-6, 22-7
binding database, DHCP snooping
See DHCP snooping binding database
binding database, DHCP snooping
See DHCP snooping binding database
blocking floods 40-1
blocking state, STP 19-7
boot bootldr command 2-19
boot command 2-15
boot config command 2-19
boot system command 2-14, 2-19
boot system flash command 2-15
BPDU, RSTP format 19-15
BPDU guard
bridge groups 21-2
bridge ID
bridge priority, STP 19-33
bridge protocol data units
bridging 21-2
broadcast storms
C
cache engine clusters 52-1
cache engines 52-1
cache farms
Call Home
description 55-1
message format options 55-1
messages
format options 55-1
call home 55-1
alert groups 55-6
configuring e-mail options 55-9
contact information 55-3
default settings 55-15
destination profiles 55-4
displaying information 55-11
mail-server priority 55-9
pattern matching 55-8
periodic notification 55-8
rate limit messages 55-9
severity threshold 55-8
smart call home feature 55-2
SMTP server 55-9
testing communications 55-10
call home alert groups
configuring 55-6
description 55-6
subscribing 55-6
call home contacts
assigning information 55-3
call home destination profiles
attributes 55-4
configuring 55-5
description 55-4
displaying 55-14
call home notifications
full-txt format for syslog 55-25
XML format for syslog 55-26
cautions for passwords
encrypting 2-10
TACACS+ 2-10
CEF
configuring
MSFC2 26-5
supervisor engine 26-4
examples 26-3
Layer 3 switching 26-2
packet rewrite 26-2
certificate authority (CA) 55-3
CGMP 30-8
channel-group group
command example 12-9
checking running configuration 2-4
Cisco Cache Engines 52-2
Cisco Express Forwarding 24-3
Cisco Group Management Protocol
Cisco IOS Release 12.2SRB software images C-1
Cisco IOS Unicast Reverse Path Forwarding 32-2
CiscoView 1-2
CIST regional root
CIST root
class command 41-60
classification (QoS) 41-106
class-map command 41-52
class map configuration 41-57
class of service (CoS) 41-106
Committed Access Rate (CAR), not supported 41-2
community ports 15-3
Concurrent routing and bridging (CRB) 21-2
CONFIG_FILE environment variable
configuration file, viewing 2-19
description 2-18
config-register command 2-16
config terminal command 2-3
configuration
file, saving 2-5
register
changing settings 2-16
settings at startup 2-15
configuration example
EoMPLS VLAN mode 24-17
configuration register boot field
listing value 2-17
modification tasks 2-16
configure command 2-3
configure terminal command 2-16, 8-2
configuring 41-59
global parameters
sample configuration 2-2
using configuration mode2-3to 2-4
contact information
assigning for call home 55-3
control plane policing
control plane policing and protection (CoPP)
per-subscriber 22-4
CoPP
applying QoS service policy to control plane 36-20
configuring
ACLs to match traffic 36-20
enabling MLS QoS 36-20
packet classification criteria 36-20
service-policy map 36-20
control plane configuration mode, entering 36-20
displaying
dynamic information 36-21
number of conforming bytes and packets 36-21
rate information 36-21
entering control plane configuration mode 36-20
monitoring statistics 36-21
overview 36-19
packet classification guidelines 36-21
traffic classification
defining 36-23
guidelines 36-24
overview 36-23
sample ACLs 36-24
sample classes 36-23
CoPP. See control plane policing and protection (CoPP)
copy running-config startup-config command 2-5
copy system
running-config nvram
startup-config command 2-19
CoS, override priority 16-7, 16-8
D
debug commands
IP MMLS 28-25
debug fm private-hosts command 35-30
debug private-hosts command 35-31
DEC spanning-tree protocol 21-2
default configuration
802.1X 44-6
dynamic ARP inspection 38-5
Flex Links 11-2
IP MMLS 28-7
MSTP 19-38
supervisor engine 2-2
UDLD 46-3
voice VLAN 16-4
VTP 13-6
default NDE configuration 47-13
default VLAN 10-10
deficit weighted round robin 41-94
denial of service protection
description command 8-14
destination-ip flow mask 47-3
destination-source-ip flow mask 47-3
device IDs
call home format 55-22
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 37-5
overview 37-3
packet format, suboption
circuit ID 37-5
remote ID 37-5
remote ID suboption 37-5
DHCP option 82 allow on untrusted port 37-10
DHCP snooping
binding database
See DHCP snooping binding database
configuration guidelines 37-6
configuring 37-8
default configuration 37-6
displaying binding tables 37-18
enabling 37-9, 37-10, 37-11, 37-13, 37-14
enabling the database agent 37-14
message exchange process 37-4
option 82 data insertion 37-3
overview 37-1
Snooping database agent 37-5
DHCP snooping binding database
described 37-2
entries 37-2
DHCP snooping binding table
See DHCP snooping binding database
DHCP Snooping Database Agent
adding to the database (example) 37-18
enabling (example) 37-15
overview 37-5
reading from a TFTP file (example) 37-17
DHCP snooping increased bindings limit 37-7, 37-15
differentiated services codepoint
Differentiated Services Code Point (DSCP) 41-106
DiffServ
configuring short pipe mode 43-34
configuring uniform mode 43-39
short pipe mode 43-31
uniform mode 43-32
DiffServ tunneling modes 43-4
Disabling PIM Snooping Designated Router Flooding 31-6
distributed Cisco Express Forwarding
documentation, related 1-vii
document organization 1-iv
DoS protection
monitoring packet drop statistics
using monitor session commands 36-15
using VACL capture 36-17
PFC configuration guidelines and restrictions 36-14
Supervisor Engine 720 36-2
default configurations 36-13
egress ACL bridget packet rate limiters 36-7
FIB glean rate limiters 36-9
FIB receive rate limiters 36-9
ICMP redirect rate limiters 36-9
IGMP unreachable rate limiters 36-8
ingress ACL bridget packet rate limiters 36-7
IP errors rate limiters 36-11
IPv4 multicast rate limiters 36-11
IPv6 multicast rate limiters 36-12
Layer 2 PDU rate limiters 36-10
Layer 2 protocol tunneling rate limiters 36-10
MTU failure rate limiters 36-10
multicast directyly connected rate limiters 36-11
multicast FIB miss rate limiters 36-11
multicast IGMP snooping rate limiters 36-10
network under SYN attack 36-5
QoS ACLs 36-3
security ACLs 36-3
TCP intercept 36-5
traffic storm control 36-4
TTL failure rate limiter 36-8
uRPF check 36-4
uRPF failure rate limiters 36-8
VACL log rate limiters 36-10
Supervisor Engine 720Layer 3 security features rate limiters 36-9
understanding how it works 36-2
DSCP
DSCP-based queue mapping 41-85
dual-priority queues
duplex mode
configuring interface 8-6
DWRR 41-94
dynamic ARP inspection
ARP cache poisoning 38-2
ARP requests, described 38-1
ARP spoofing attack 38-2
clearing
log buffer 38-16
statistics 38-16
configuration guidelines 38-5
configuring
logging system messages 38-14
rate limit for incoming ARP packets 38-4, 38-9
default configuration 38-5
denial-of-service attacks, preventing 38-9
described 38-1
DHCP snooping binding database 38-3
displaying
ARP ACLs 38-15
configuration and operating state 38-15
log buffer 38-16
statistics 38-16
trust state and rate limit 38-15
error-disabled state for exceeding rate limit 38-4
function of 38-2
interface trust states 38-3
log buffer
clearing 38-16
displaying 38-16
logging of dropped packets, described 38-4
logging system messages
configuring 38-14
man-in-the middle attack, described 38-2
network security issues and interface trust states 38-3
priority of ARP ACLs and DHCP snooping entries 38-4
rate limiting of ARP packets
configuring 38-9
described 38-4
error-disabled state 38-4
statistics
clearing 38-16
displaying 38-16
validation checks, performing 38-11
Dynamic Host Configuration Protocol snooping
E
eFSU. See enhanced Fast Software Upgrade (eFSU)
Egress ACL support for remarked DSCP 41-12
egress ACL support for remarked DSCP 41-48
egress replication performance improvement 28-13
e-mail addresses
assigning for call home 55-3
e-mail notifications
Call Home 55-1
Embedded CiscoView 1-2
enable sticky secure MAC address 45-8
enabling
IP MMLS
on router interfaces 28-11
encapsulation 10-3
enhanced Fast Software Upgrade (eFSU)
aborting (issu abortversion command) 6-19
accepting the new software version 6-17
commiting the new software to standby RP (issu commitversion command) 6-17
disabling compatibility matrix check 6-9
displaying maximum outage time for line cards 6-14
error handling 6-4
forcing a switchover (issu runversion command) 6-14
issu loadversion command 6-12
loading new software onto standby RP 6-12
memory reservation on line card 6-3
memory reservation on line card, prohibiting 6-3
OIR not supported 6-7
operation 6-2
outage times 6-3
overview 6-1
performing 6-7
SSO, RPR, and RPR+ modes 6-7
steps 6-8
usage guidelines and limitations 6-6
verifying redundancy mode 6-10
enhanced interface range command 8-3
environmental monitoring
LED indications 50-12
SNMP traps 50-12
supervisor engine and switching modules 50-12
Syslog messages 50-12
using CLI commands 50-10
environment variables
CONFIG_FILE 2-18
controlling 2-19
viewing 2-19
EoMPLS 24-14
configuring 24-16
configuring VLAN mode 24-16
guidelines and restrictions 24-14
port mode 24-16
port mode configuration guidelines 24-20
VLAN mode 24-16
erase startup-config command
configuration files cleared with 2-6
ERSPAN 48-1
EtherChannel
channel-group group
command example 12-9
configuration guidelines 12-5
configuring
Layer 2 12-8
configuring (tasks) 12-7
interface port-channel
command example 12-8
interface port-channel (command) 12-7
lacp system-priority
command example 12-10
Layer 2, configuring 12-8
load balancing
configuring 12-11
understanding 12-5
modes 12-2
PAgP, understanding 12-3
port-channel interfaces 12-5
port-channel load-balance
command example 12-11
STP 12-5
switchport trunk encapsulation dot1q 12-6
understanding 12-1
EtherChannel Guard
EtherChannel Min-Links 12-12
Ethernet, setting port duplex 8-13
Ethernet over MPLS (EoMPLS) configuration
EoMPLS port mode 24-20
EoMPLS VLAN mode 24-17
examples
software configuration register2-14to 2-17
EXP mutation 43-4
extended range VLANs 14-2
extended system ID, MSTP 19-40
Extensible Authentication Protocol over LAN 44-1
F
fabric switching mode
fabric switching-mode allow dcef-only command on Supervisor Engine 720 5-2, 7-4
fall-back bridging 21-2
fiber-optic, detecting unidirectional links 46-1
FIB TCAM 24-2
filters, NDE
destination host filter, specifying 47-27
destination TCP/UDP port, specifying 47-26
overview 47-7
protocol 47-27
source host and destination TCP/UDP port 47-26
Flash memory
configuration process 2-18
configuring router to boot from 2-18
loading system image from 2-17
security precautions 2-18
write protection 2-18
Flex Links 11-1
configuration guidelines 11-2
configuring 11-3
default configuration 11-2
description 11-1
monitoring 11-3
flood blocking 40-1
flow control 8-12
flow masks
IP MLS
destination-ip 47-3
destination-source-ip 47-3
interface-destination-source-ip 47-3
ip-full 47-3
ip-interface-full 47-3
minimum 47-19
overview 47-3
flowmasks
NetFlow (Release 12.2SRA) 47-3
NetFlow (Release 12.2SRB) 47-3
flows
IP MMLS
completely and partially switched 28-3
forward-delay time
MSTP 19-46
forward-delay time, MSTP 19-46
forward-delay time, STP 19-35
frame distribution
See EtherChannel load balancing
G
global parameters, configuring 2-2
H
hardware Layer 3 switching, guidelines 26-4
hello time, MSTP 19-45
hello time, STP 19-34
High Capacity Power Supply Support 50-4
host ports 15-3
I
ICMP unreachable messages 33-1
IDs
serial IDs 55-22
IEEE 802.10 SAID (default) 14-6
IEEE 802.1Q
IEEE 802.1Q Ethertype
specifying custom 10-15
IEEE 802.1w
IEEE 802.3ad
IEEE 802.3X Flow Control 8-12
IEEE bridging protocol 21-2
IGMP
configuration guidelines 29-7, 30-7
enabling 30-10
Internet Group Management Protocol 30-1
join messages 30-2
leave processing
enabling 30-12
queries 30-3
query interval, configuring 30-11
snooping
fast leave 30-5
joining multicast group 30-2
leaving multicast group 30-4
understanding 30-2
snooping querier
enabling 30-9
understanding 30-2
IGMPv3 28-9
IGMP v3lite 28-9
In Service Software Upgrade (ISSU) 6-1
Integrated routing and bridging (IRB) 21-2
interface
command 2-3
Layer 2 modes 10-4
number 8-1
interface, access (IP subscriber) 22-3
interface access command 22-17
interface-destination-source-ip flow mask 47-3
interface port-channel
command example 12-8
interface port-channel (command) 12-7
interfaces
configuring 8-2
configuring, duplex mode 8-5
configuring, speed 8-5
configururing, overview 8-1
descriptive name, adding 8-14
naming 8-14
range of 8-3
interfaces command 8-2
interfaces range command 8-3
interfaces range macro command 8-4
Internet Group Management Protocol
IP accounting, IP MMLS and 28-8
IP addresses
assigned by BOOTP protocol 2-6
set to default 2-6
IP CEF, topology (figure) 26-3
ip flow-export destination command 47-23
ip flow-export source command 47-22, 47-24, 53-3, 53-4
ip-full flow mask 47-3
ip http server 1-1
ip-interface-full flow mask 47-3
IP MLS
aging-time 47-20
flow masks
destination-ip 47-3
destination-source-ip 47-3
interface-destination-source-ip 47-3
ip-full 47-3
ip-interface-full 47-3
minimum 47-19
overview 47-3
NDE
IP MMLS
cache, overview 28-2
configuration guideline 28-7
debug commands 28-25
default configuration 28-7
enabling
on router interfaces 28-11
flows
completely and partially switched 28-3
Layer 3 MLS cache 28-2
overview 28-2
packet rewrite 28-3
router
displaying interface information 28-17
enabling globally 28-9
enabling on interfaces 28-11
multicast routing table, displaying 28-20
PIM, enabling 28-10
unsupported features 28-8
IP multicast
IGMP snooping and 30-9
MLDv2 snooping and 29-9
overview 30-1
IP multicast MLS
ip multicast-routing command
enabling IP multicast 28-10
IP phone, configuring 16-5
ip pim command
enabling IP PIM 28-10
IP precedence 41-107
IP static routes 2-5
IP subscriber awareness
benefits 22-2
configuration example 22-14
configuration guidelines 22-11
control plane policing and protection (CoPP) 22-4
interface access command 22-17
IP subscriber interface 22-3
IP subscriber session 22-3
lawful intercept 22-4
overview 22-1
per-subscriber features 22-4
QoS 22-4
bandwidth-remaining ratio (BRR) 22-4, 22-5, 22-6, 22-7
dual-priority queues 22-4, 22-9
priority-rate propagation 22-5, 22-9, 22-10
QoS recommendations 22-5
Radius accounting 22-4
security ACLs 22-4
unsupported features 22-10
IP unnumbered 21-1
IPv4 Multicast over Point-to-Point GRE Tunnels 1-4
IPv4 Multicast VPN 25-1
IPv6 Multicast PFC3 and DFC3 Layer 3 Switching 27-1
ip wccp version command 52-8
ISL encapsulation 10-3
ISL trunks 10-2
isolated port 15-3
ISSU, See In Service Software Upgrade (ISSU)
J
join messages, IGMP 30-2
jumbo frames 8-9
L
label edge router 24-2
label switched path 24-16
label switch router 24-2, 24-3
LACP
system ID 12-4
lawful intercept, per-subscriber 22-4
Layer 2
configuring interfaces 10-6
access port 10-14
trunk 10-7
defaults 10-5
interface modes 10-4
show interfaces 8-11, 8-12, 10-7, 10-12
switching 10-1
trunks 10-2
VLAN interface assignment 14-12
Layer 2 interfaces, configuring 10-1
Layer 2 protocol tunneling
configuring Layer 2 tunnels 18-2
overview 18-1
Layer 2 remarking 41-15
Layer 2 Traceroute 54-1
Layer 2 traceroute
and ARP 54-2
and CDP 54-1
described 54-1
IP addresses and subnets 54-2
MAC addresses and VLANs 54-2
multicast traffic 54-2
multiple devices on a port 54-2
unicast traffic 54-1
usage guidelines 54-1
Layer 3
IP MMLS and MLS cache 28-2
Layer 3 switched packet rewrite
CEF 26-2
Layer 3 switching
CEF 26-2
Layer 4 port operations (ACLs) 33-5
leave processing, IGMP
enabling 30-12
leave processing, MLDv2
enabling 29-12
link failure, detecting unidirectional 19-24
link negotiation 8-7
link redundancy
Load Balancing 24-8
Local Egress Replication 28-13
logical operation unit
loop guard
LOU
description 33-6
determining maximum number of 33-6
M
MAC address
adding to BOOTP configuration file 2-7
MAC address-based blocking 32-1
MAC move (port security) 45-2
macro, interfaces range 8-4
main-cpu command 7-6
mapping 802.1Q VLANs to ISL VLANs 14-13, 14-16
markdown
maximum aging time, MSTP 19-47
maximum aging time, STP 19-36
maximum hop count, MSTP 19-47
microflow policing rule
Min-Links 12-12
MLD report 29-4
MLD snooping
query interval, configuring 29-11
MLDv2 29-1
enabling 29-9
leave processing
enabling 29-12
queries 29-4
snooping
fast leave 29-6
joining multicast group 29-4
leaving multicast group 29-6
understanding 29-1
snooping querier
enabling 29-8
understanding 29-1
MLDv2 Snooping 29-1
MLS
configuring threshold 28-14
MSFC threshold 28-14
mls aging command
configuring IP MLS 47-20
mls flow command
configuring IP MLS 47-18, 47-19
mls ip multicast command
enabling IP MMLS 28-11, 28-12, 28-14, 28-15, 28-16, 28-22, 28-23
mls nde flow command
configuring a host and port filter 47-26
configuring a host flow filter 47-27
configuring a port filter 47-26
configuring a protocol flow filter 47-27
mls nde sender command 47-21
monitoring
Flex Links 11-3
private VLANs 15-17
MPLS 24-2
aggregate label 24-2
any transport over MPLS 24-13
basic configuration 24-8
core 24-3
DiffServ Tunneling Modes 43-31
egress 24-4
experimental field 43-3
guidelines and restrictions 24-7
ingress 24-3
IP to MPLS path 24-3
labels 24-2
Layer 2 VPN load balancing 24-8
MPLS to IP path 24-4
MPLS to MPLS path 24-3
nonaggregate lable 24-2
QoS default configuration 43-15
VPN 43-12
VPN guidelines and restrictions 24-11
mpls l2 transport route command 24-16
MPLS QoS
Classification 43-2
Class of Service 43-2
commands 43-16
configuring a class map 43-20
configuring a policy map 43-23
configuring egress EXP mutation 43-28
configuring EXP Value Maps 43-30
Differentiated Services Code Point 43-2
displaying a policy map 43-27
E-LSP 43-2
enabling QoS globally 43-18
EXP bits 43-2
features 43-3
IP Precedence 43-2
QoS Tags 43-2
queueing-only mode 43-19
MPLS QoS configuration
class map to classify MPLS packets 43-20
MPLS VPN, limitations and restrictions 24-11
MQC 41-1
not supported
CAR 41-2
queuing 41-2
supported
policy maps 41-3
MSTP
boundary ports
configuration guidelines 19-38
described 19-22
CIST, described 19-19
CIST root 19-21
configuration guidelines 19-38
configuring
forward-delay time 19-46
link type for rapid convergence 19-47
maximum aging time 19-47
maximum hop count 19-47
MST region 19-39
neighbor type 19-48
path cost 19-43
port priority 19-42
root switch 19-40
secondary root switch 19-42
switch priority 19-44
configuring hello time 19-45
CST
defined 19-19
operations between regions 19-20
default configuration 19-38
displaying status 19-49
enabling the mode 19-39
extended system ID
effects on root switch 19-40
effects on secondary root switch 19-42
unexpected behavior 19-41
IEEE 802.1s
implementation 19-23
port role naming change 19-23
terminology 19-21
interoperability with IEEE 802.1D
described 19-25
restarting migration process 19-49
IST
defined 19-19
master 19-20
operations within a region 19-20
mapping VLANs to MST instance 19-39
MST region
CIST 19-19
configuring 19-39
described 19-18
hop-count mechanism 19-22
IST 19-19
supported spanning-tree instances 19-19
overview 19-18
root switch
configuring 19-40
effects of extended system ID 19-40
unexpected behavior 19-41
status, displaying 19-49
MTU size (default) 14-6
multicast
IGMP snooping and 30-9
MLDv2 snooping and 29-9
NetFlow statistics 47-14
non-RPF 28-5
overview 30-1
PIM snooping 31-4
multicast, displaying routing table 28-20
Multicast enhancement - egress replication performance improvement 28-13
Multicast Enhancement - Replication Mode Detection 28-11
multicast flood blocking 40-1
multicast groups
joining 30-2
multicast groups, IPv6
joining 29-4
Multicast Listener Discovery version 2
multicast multilayer switching
Multicast Replication Mode Detection enhancement 28-11
multicast RPF 28-2
multicast storms
multilayer switch feature card
multiple path RPF check 32-2
N
native VLAN 10-10
NBAR 41-1
NDE
configuration, displaying 47-27
displaying configuration 47-27
enabling 47-15
filters
destination host, specifying 47-27
destination TCP/UDP port, specifying 47-26
overview 47-7
protocol, specifying 47-27
source host and destination TCP/UDP port, specifying 47-26
multicast 47-14
overview 47-1
specifying
destination host filters 47-27
destination TCP/UDP port filters 47-26
protocol filters 47-27
NDE configuration, default 47-13
NDE version 8 47-10
NetFlow and NDE for Ingress Bridged IP Traffic 47-23
NetFlow Data Export
Netflow Multiple Export Destinations 47-23
NetFlow version 9 47-3
Network-Based Application Recognition 41-1
non-RPF multicast 28-5
Nonstop Forwarding
nonvolatile random-access memory
normal-range VLANs
NSF 5-1
NSF with SSO does not support IPv6 multicast traffic. 5-1
NVRAM
saving settings 2-5
O
OIR 8-15
online diagnostics
configuring 51-2
diagnostic sanity check 51-11
memory tests 51-10
overview 51-1
running tests 51-6
schedule switchover 51-10
test descriptions A-1
understanding 51-1
online diagnostic tests A-1
online insertion and removal
operating system image
out of profile
P
packet burst 36-7
packet capture 56-1
packet recirculation 41-12
packet rewrite
CEF 26-2
IP MMLS and 28-3
packets
multicast 34-4
PACLs. See private hosts feature
PAgP
understanding 12-3
passwords
configuring
enable password 2-8
enable secret 2-8
line password 2-9
static enable password 2-8
TACACS+ 2-9
TACACS+ (caution) 2-10
encrypting 2-10
(caution) 2-10
recovering lost enable passwords 2-12
path cost
MSTP 19-43
PFC3BXL
hardware features 24-4
MPLS guidelines and restrictions 24-7
MPLS label switching 24-1
MPLS supported commands 24-7
recirculation 24-4
supported Cisco IOS features 24-5
VPN supported commands 24-11
VPN switching 24-10
PFC compatibility with RSP720 3-2
PIM, IP MMLS and 28-10
PIM snooping
designated router flooding 31-6
enabling globally 31-5
enabling in a VLAN 31-5
overview 31-4
police command 41-63
policing
policing, QoS (definition) 41-107
policy 41-52
policy-based routing
policy map 41-59
attaching to an interface 41-66
policy-map command 41-53, 41-60
Port Aggregation Protocol
port-based ACLs (PACLs). See private hosts feature
port-based authentication
authentication server
defined 44-2
RADIUS server 44-2
client, defined 44-2
configuration guidelines 44-7
configuring
initializing authentication of a client 44-11
manual reauthentication of a client 44-11
quiet period 44-12
RADIUS server 44-10
RADIUS server parameters on the switch 44-9
switch-to-authentication-server retransmission time 44-14
switch-to-client EAP-request frame retransmission time 44-13
switch-to-client frame-retransmission number 44-14
switch-to-client retransmission time 44-13
default configuration 44-6
described 44-1
device roles 44-2
displaying statistics 44-16
EAPOL-start frame 44-3
EAP-request/identity frame 44-3
EAP-response/identity frame 44-3
enabling
802.1X authentication 44-8, 44-9
periodic reauthentication 44-10
encapsulation 44-2
initiation and message exchange 44-3
method lists 44-8
ports
authorization state and dot1x port-control command 44-4
authorized and unauthorized 44-4
resetting to default values 44-16
switch
as proxy 44-2
RADIUS client 44-2
topologies, supported 44-5
port-based QoS features
port channel
switchport trunk encapsulation dot1q 12-6
port-channel
port-channel load-balance
port cost, STP 19-32
port debounce timer 8-13
PortFast
PortFast BPDU filtering
See STP PortFast BPDU filtering
port mode 24-16
port negotiation 8-7
port priority
MSTP 19-42
port priority, STP 19-30
ports
setting the debounce timer 8-13
port security
configuring 45-4
default configuration 45-3
described 45-1
displaying 45-11
enable sticky secure MAC address 45-8
violations 45-2
Port Security is supported on trunks 45-4, 45-7, 45-9
port security MAC move 45-2
port security on PVLAN ports 45-3
Port Security with Sticky Secure MAC Addresses 45-2
power management
enabling/disabling redundancy 50-2
overview 50-1
powering modules up or down 50-3
system power requirements, nine-slot chassis 50-5
primary links 11-1
primary VLANs 15-2
priority
priority-rate propagation, IP subscriber 22-5, 22-9, 22-10
private-hosts command 35-13
private hosts feature
command reference 35-12
configuration guidelines 35-5, 35-6
configuring (detailed steps) 35-9
configuring (summary) 35-8
debug fm private-hosts command 35-30
debug private-hosts command 35-31
isolating hosts in a VLAN 35-2
multicast operation 35-7
overview 35-1
port ACLs (PACLs) 35-5
private-hosts command 35-13
private-hosts mac-list command 35-14
private-hosts mode command 35-16
private-hosts promiscuous command 35-18
private-hosts vlan-list command 35-20
protocol-independent MAC ACLs 35-1
restricting traffic flow with PACLs 35-3
show fm private-hosts command 35-22
show private-hosts access-lists command 35-25
show private-hosts configuration command 35-27
show private-hosts interface configuration command 35-28
show private-hosts mac-list command 35-29
spoofing protection 35-7
private-hosts mac-list command 35-14
private-hosts mode command 35-16
private-hosts promiscuous command 35-18
private-hosts vlan-list command 35-20
private VLANs 15-1
across multiple switches 15-5
and SVIs 15-6
benefits of 15-2
configuration guidelines 15-7, 15-9, 15-11
configuring 15-11
host ports 15-14
pomiscuous ports 15-15
routing secondary VLAN ingress traffic 15-13
secondary VLANs with primary VLANs 15-12
VLANs as private 15-11
end station access to 15-4
IP addressing 15-4
monitoring 15-17
ports
community 15-3
configuration guidelines 15-9
isolated 15-3
promiscuous 15-3
primary VLANs 15-2
secondary VLANs 15-2
subdomains 15-2
traffic in 15-6
privileges
changing default 2-11
configuring
multiple levels 2-10
privilege level 2-11
exiting 2-12
logging in 2-11
procedures
global parameters, configuring 2-2
using configuration mode2-3to 2-4
promiscuous ports 15-3
protocol tunneling
See Layer 2 protocol tunneling 18-1
pruning, VTP
PVLANs
PVRST
See Rapid-PVST 19-17
Q
QoS
class of service (CoS), definition 41-106
DSCP (definition) 41-106
IP precedence 41-107
marking 41-107
policing 41-107
Type of Service (ToS) 41-107
QoS, per-subscriber 22-4
QoS classification (definition)
QoS
classification 41-106
QoS congestion avoidance
QoS
congestion avoidance 41-106
QoS CoS
and ToS final L3 Switching Engine values 41-11
and ToS final values from L3 Switching Engine 41-11
port value, configuring 41-78
QoS default configuration 41-96, 42-2
QoS DSCP
definition 41-106
internal values 41-9
maps, configuring 41-72
QoS dual transmit queue
thresholds
QoS enhancements, RSP720 3-5
QoS Ethernet egress port
scheduling 41-96
scheduling, congestion avoidance, and marking 41-11, 41-13
QoS Ethernet ingress port
classification, marking, scheduling, and congestion avoidance 41-6
QoS final L3 Switching Engine CoS and ToS values 41-11
QoS internal DSCP values 41-9
QoS L3 Switching Engine
classification, marking, and policing 41-9
feature summary 41-16
QoS labels (definition) 41-107
QoS mapping
CoS values to DSCP values 41-69, 41-73
DSCP markdown values 41-27, 41-74, 43-16
DSCP values to CoS values 41-75
IP precedence values to DSCP values 41-73
QoS markdown 41-20
QoS marking
definition 41-107
trusted ports 41-14
untrusted ports 41-14
QoS MSFC
marking 41-17
QoS multilayer switch feature card 41-17
QoS OSM egress port
feature summary 41-13
QoS out of profile 41-19
QoS policing
definition 41-107
microflow, enabling for nonrouted traffic 41-47
QoS policing rule
aggregate 41-17
creating 41-51
microflow 41-17
QoS port
trust state 41-76
QoS port-based or VLAN-based 41-47
QoS queues
transmit, allocating bandwidth between 41-94
QoS receive queue 41-8, 41-89, 41-92
drop thresholds 41-22
QoS scheduling (definition) 41-107
QoS statistics data export 42-1
configuring 42-2
configuring destination host 42-7
configuring time interval 42-6, 42-9
QoS ToS
and CoS final values from L3 Switching Engine 41-11
definition 41-107
QoS traffic flow through QoS features 41-4
QoS transmit queue
QoS transmit queues 41-23, 41-86, 41-88, 41-90, 41-91
QoS trust-cos
QoS trust-dscp
QoS trust-ipprec
QoS untrusted port keyword 41-14, 41-15
QoS VLAN-based or port-based 41-10, 41-47
queries, IGMP 30-3
queries, MLDv2 29-4
queues
dual-priority (IP subscriber) 22-4, 22-9
R
Radius accounting, per-subscriber 22-4
rapid convergence 19-13
Rapid-PVST
enabling 19-36
overview 19-17
Rapid Spanning Tree
Rapid Spanning Tree Protocol
receive queues
reduced MAC address 19-2
redundancy (NSF) 5-1
configuring
BGP 5-13
CEF 5-13
EIGRP 5-18
IS-IS 5-16
OSPF 5-15
configuring multicast NSF with SSO 5-12
configuring supervisor engine 5-10
routing protocols 5-4
redundancy (RPR+) 7-1
configuring 7-6
configuring supervisor engine 7-5
displaying supervisor engine configuration 7-7
redundancy command 7-6
route processor redundancy plus 7-3
redundancy (SSO)
redundancy command 5-11
related documentation 1-vii
reload command 2-16
Remote source-route bridging (RSRB) 21-2
Replication Mode Detection 28-11
report, MLD 29-4
reserved-range VLANs
rewrite, packet
CEF 26-2
IP MMLS 28-3
RIF cache monitoring 8-15
rommon command 2-17
ROM monitor
boot process and 2-13
root bridge, STP 19-28
root guard
root switch
MSTP 19-40
route processor redundancy
Route Switch Processor 720 (RSP720)
chassis support 3-1
feature support 3-2
flash memory 3-6
hardware components 3-2
high availability 3-3
IPv6 ACL enhancements 3-3
load balancing on GE bundles 3-4
overview 3-1
packet fragmentation over GRE tunnels 3-4
performance improvements 3-3
PFC compatibility 3-2
ports 3-6
QoS enhancements 3-5
rate-limiting of unknown unicast packets 3-3
scalability 3-3
switching modes 3-8
unsupported features 3-5
routing table, multicast 28-20
RPF
failure 28-5
multicast 28-2
non-RPF multicast 28-5
unicast 32-2
RPR+
RPR and RPR+ support IPv6 multicast traffic 7-1
RSTP
active topology 19-12
BPDU
format 19-15
processing 19-16
designated port, defined 19-12
designated switch, defined 19-12
interoperability with IEEE 802.1D
described 19-25
restarting migration process 19-49
topology changes 19-17
overview 19-12
port roles
described 19-12
synchronized 19-14
proposal-agreement handshake process 19-13
rapid convergence
described 19-13
edge ports and Port Fast 19-13
point-to-point links 19-13, 19-47
root ports 19-13
root port, defined 19-12
S
SAID 14-6
sample configuration 2-4
Sampled NetFlow
description 47-8
saving the configuration file 2-5
scheduling
secondary VLANs 15-2
Secure MAC Address Aging Type 45-10
security
security, port 45-1
security ACLs, per-subscriber 22-4
security precautions with Flash memory card 2-18
serial IDs
description 55-22
server IDs
description 55-23
service-policy command 41-53
service-policy input command 41-48, 41-66, 41-69, 41-72, 43-29
service-provider network, MSTP and RSTP 19-18
set power redundancy enable/disable command 50-2
short pipe mode, configuring 43-34
show boot command 2-19
show catalyst6000 chassis-mac-address command 19-3
show ciscoview package command 1-3
show ciscoview version command 1-3
show configuration command 8-14
show eobc command 8-15
show fm private-hosts command 35-22
show hardware command 8-2
show ibc command 8-15
show interfaces command 8-2, 8-11, 8-12, 8-14, 8-15, 10-7, 10-12
displaying, interface type numbers 8-2
displaying, speed and duplex mode 8-8
show ip flow export command
displaying NDE export flow IP address and UDP port 47-25
show ip interface command
displaying IP MMLS interfaces 28-18
show ip mroute command
displaying IP multicast routing table 28-20
show ip pim interface command
displaying IP MMLS router configuration 28-18
show mls aging command 47-20
show mls entry command 26-5
show mls ip multicast group command
displaying IP MMLS group 28-21, 28-24
show mls ip multicast interface command
displaying IP MMLS interface 28-21, 28-24
show mls ip multicast source command
displaying IP MMLS source 28-21, 28-24
show mls ip multicast statistics command
displaying IP MMLS statistics 28-21, 28-24
show mls ip multicast summary
displaying IP MMLS configuration 28-21, 28-24
show mls nde command 47-27
displaying NDE flow IP address 47-25
show mls rp command
displaying IP MLS configuration 47-19
show module command 7-7
show private-hosts access-lists command 35-25
show private-hosts configuration command 35-27
show private-hosts interface configuration command 35-28
show private-hosts mac-list command 35-29
show protocols command 8-15
show rif command 8-15
show running-config command 2-4, 8-14, 8-15
show startup-config command 2-5
show version command 2-3, 2-16, 2-17, 8-15
slot number, description 8-1
smart call home 55-1
description 55-2
destination profile (note) 55-4
registration requirements 55-2
service contract requirements 55-3
Transport Gateway (TG) aggregation point 55-2
SMARTnet
smart call home registration 55-2
SNMP
support and documentation 1-1
snooping
software
upgrading router 6-7
software configuration register functions2-14to 2-17
software images, Release 12.2SRB C-1
source IDs
call home event format 55-22
source-only-ip flow mask 47-3
source specific multicast with IGMPv3, IGMP v3lite, and URD 28-9
SPAN
configuration guidelines 48-6
configuring 48-11
sources 48-15, 48-19, 48-25, 48-27
VLAN filtering 48-29
overview 48-1
SPAN Destination Port Permit Lists 48-14
spanning-tree backbonefast
spanning-tree cost
command 19-32
spanning-tree portfast
command example 20-8
spanning-tree portfast bpdu-guard
command 20-11
spanning-tree port-priority
spanning-tree protocol for bridging 21-2
spanning-tree uplinkfast
command 20-12
command example 20-12
spanning-tree vlan
command 19-27, 19-29, 19-30, 20-14
command example 19-27, 19-29, 19-30
spanning-tree vlan cost
command 19-32
spanning-tree vlan forward-time
command 19-35
command example 19-35
spanning-tree vlan hello-time
command 19-34
command example 19-35
spanning-tree vlan max-age
command 19-36
command example 19-36
spanning-tree vlan port-priority
command 19-30
command example 19-31
spanning-tree vlan priority
command 19-34
command example 19-34
speed
configuring interface 8-6
standby link 11-1
standby links 11-1
static route, configuring 2-5
statistics
802.1X 44-16
Sticky ARP 36-25
sticky ARP 36-25
Sticky secure MAC addresses 45-8, 45-9
storm control
STP
configuring 19-25
bridge priority 19-33
forward-delay time 19-35
hello time 19-34
maximum aging time 19-36
port cost 19-32
port priority 19-30
root bridge 19-28
secondary root switch 19-29
defaults 19-26
EtherChannel 12-5
understanding 19-1
802.1Q Trunks 19-11
Blocking State 19-7
BPDUs 19-3
disabled state 19-11
forwarding state 19-10
learning state 19-9
listening state 19-8
overview 19-2
port states 19-5
protocol timers 19-4
root bridge election 19-4
topology 19-4
STP BackboneFast
configuring 20-13
figure
adding a switch 20-7
spanning-tree backbonefast
understanding 20-4
STP BPDU Guard
configuring 20-11
spanning-tree portfast bpdu-guard
command 20-11
understanding 20-2
STP bridge ID 19-2
STP EtherChannel guard 20-6
STP loop guard
configuring 20-15
overview 20-6
STP PortFast
BPDU filter
configuring 20-10
BPDU filtering 20-2
configuring 20-8
spanning-tree portfast
command example 20-8
understanding 20-2
STP UplinkFast
configuring 20-12
spanning-tree uplinkfast
command 20-12
command example 20-12
understanding 20-3
subdomains, private VLAN 15-2
subscribers. See IP subscriber awareness
supervisor engine
configuring 2-1
default configuration 2-2
environmental monitoring 50-10
ROM monitor 2-13
startup configuration 2-13
static routes 2-5
synchronizing configurations 5-19, 7-7
Supervisor Engine 2, no longer supported
Supervisor Engine 32 9-1
flash memory 9-1
ports 9-2
supported chassis 9-1
supervisor engine redundancy
supervisor engines
displaying redundancy configuration 7-7
Switched Port Analyzer
switch fabric functionality 3-7, 4-2
switchport
configuring 10-14
example 10-13
show interfaces 8-11, 8-12, 10-7, 10-12
switchport access vlan 10-10, 10-14
example 10-14
switchport mode access 10-4, 10-14
example 10-14
switchport mode dynamic 10-9
switchport mode dynamic auto 10-4
switchport mode dynamic desirable 10-4
default 10-5
example 10-13
switchport mode trunk 10-4, 10-9
switchport nonegotiate 10-4
switchport trunk allowed vlan 10-11
switchport trunk encapsulation 10-8
switchport trunk encapsulation dot1q 10-3
example 10-13
switchport trunk encapsulation isl 10-3
switchport trunk encapsulation negotiate 10-3
default 10-5
switchport trunk native vlan 10-10
switchport trunk pruning vlan 10-11
switch priority
MSTP 19-44
switch TopN reports
foreground execution 53-2
overview 53-1
running 53-2
viewing 53-2
system
configuration register
settings at startup 2-15
configuring global parameters 2-2
System Hardware Capacity 50-5
system image
determining if and how to load 2-15
loading from Flash 2-17
T
TCP Intercept 32-2
TDR
checking cable connectivity 8-16
enabling and disabling test 8-16
guidelines 8-16
Time Domain Reflectometer
TopN reports
traceroute, Layer 2
and ARP 54-2
and CDP 54-1
described 54-1
IP addresses and subnets 54-2
MAC addresses and VLANs 54-2
multicast traffic 54-2
multiple devices on a port 54-2
unicast traffic 54-1
usage guidelines 54-1
traffic flood blocking 40-1
traffic-storm control
command
broadcast 39-3
described 39-1
monitoring 39-5
thresholds 39-1
traffic suppression
translational bridge numbers (defaults) 14-6
transmit queues
trunks 10-2
802.1Q Restrictions 10-5
allowed VLANs 10-11
configuring 10-7
default interface configuration 10-7
default VLAN 10-10
different VTP domains 10-3
encapsulation 10-3
native VLAN 10-10
to non-DTP device 10-4
VLAN 1 minimization 10-11
trust-dscp
trust-ipprec
trustpoint 55-3
tunneling, 802.1Q
See 802.1Q 17-1
Type of Service (ToS) 41-107
U
UDE 23-1
configuration 23-3
overview 23-2
UDE and UDLR 23-1
UDLD
default configuration 46-3
enabling
globally 46-3
on ports 46-4
overview 46-1
UDLR 23-1
back channel 23-1
configuration 23-6
tunnel
(example) 23-7
ARP and NHRP 23-3
UDLR (unidirectional link routing)
unauthorized ports with 802.1X 44-4
Unicast and Multicast Flood Blocking 40-1
unicast flood blocking 40-1
unicast RPF 32-2
unicast storms
Unidirectional Ethernet
unidirectional ethernet
example of setting 23-5
UniDirectional Link Detection Protocol
uniform mode
configuring 43-39
untrusted
upgrade guidelines 24-16
UplinkFast
URD 28-9
User-Based Rate Limiting 41-19, 41-64
V
VACLs 34-1
configuring 34-4
examples 34-9
Layer 3 VLAN interfaces 34-8
Layer 4 port operations 33-5
logging
configuration example 34-11
configuring 34-10
restrictions 34-10
MAC address based 34-5
multicast packets 34-4
overview 34-1
SVIs 34-8
WAN interfaces 34-1
version 8 (NDE) 47-10
virtual LAN
vlan
command 14-10, 14-12, 47-17, 47-18, 48-19
command example 14-10
VLAN-based QoS filtering 41-54
VLAN-bridge spanning-tree protocol 21-2
vlan database
command 14-10, 14-12, 47-17, 47-18, 48-19
vlan mapping dot1q
command example 14-17
VLAN mode 24-16
VLANs
allowed on trunk 10-11
configuration guidelines 14-8
configuring 14-1
configuring (tasks) 14-8
defaults 14-6
extended range 14-2
ID (default) 14-6
interface assignment 14-12
name (default) 14-6
normal range 14-2
private
reserved range 14-2
support for 4,096 VLANs 14-2
token ring 14-3
trunks
understanding 10-2
understanding 14-1
VLAN 1 minimization 10-11
VTP domain 14-3
VLAN translation
VLAN Trunking Protocol
voice VLAN
Cisco 7960 phone, port connections 16-1
configuration guidelines 16-4
configuring IP phone for data traffic
override CoS of incoming frame 16-7, 16-8
configuring ports for voice traffic in
802.1Q frames 16-5
connecting to an IP phone 16-5
default configuration 16-4
overview 16-1
VPN
configuration example 24-12
guidelines and restrictions 24-11
VTP
advertisements 13-3
client, configuring 13-10
configuration guidelines 13-6
default configuration 13-6
disabling 13-10
domains 13-2
VLANs 14-3
modes
client 13-2
server 13-2
transparent 13-2
monitoring 13-13
overview 13-1
pruning
configuration 10-11
configuring 13-9
overview 13-5
server, configuring 13-10
statistics 13-13
transparent mode, configuring 13-10
version 2
enabling 13-10
overview 13-3
W
WCCP
configuring on a router 52-2, 52-14
service groups 52-8
specifying protocol version 52-7
web browser interface 1-1
Web Cache Communication Protocol
web caches
web cache services
description 52-5
web caching
web scaling 52-1
weighted round robin 41-94
WRR 41-94
X
xconnect command 24-16