-
Catalyst 6500 Series Software Configuration Guide, 8.7
-
Index
-
Preface
-
Product Overview
-
Command-Line Interfaces
-
Configuring the Switch IP Address and Default Gateway
-
Configuring Ethernet, Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet Switching
-
Configuring Ethernet VLAN Trunks
-
Configuring EtherChannel
-
Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling
-
Configuring Spanning Tree
-
Configuring Spanning Tree PortFast, UplinkFast, BackboneFast, and Loop Guard
-
Configuring VTP
-
Configuring VLANs
-
Configuring InterVLAN Routing
-
Configuring CEF for PFC2/PFC3
-
Configuring MLS
-
Configuring Access Control
-
Configuring NDE
-
Configuring GVRP
-
Configuring MVRP
-
Configuring Dynamic Port VLAN Membership with VMPS
-
Checking Status and Connectivity
-
Configuring Online Diagnostics
-
Administering the Switch
-
Configuring Redundancy
-
Configuring NSF with SSO MSFC Redundancy
-
Modifying the Switch Boot Configuration
-
Working with the Flash File System
-
Working with System Software Images
-
Working with Configuration Files
-
Configuring System Message Logging
-
Configuring DNS
-
Configuring CDP
-
Configuring UDLD
-
Configuring DHCP Snooping and IP Source Guard
-
Configuring NTP
-
Configuring Broadcast Suppression
-
Configuring Layer 3 Protocol Filtering
-
Configuring the IP Permit List
-
Configuring Port Security
-
Configuring Switch Access Using AAA
-
Configuring 802.1x Authentication
-
Configuring MAC Authentication Bypass
-
Configuring Web-Based Proxy Authentication
-
Tracking Host Aging
-
Configuring Network Admission Control
-
Configuring Unicast Flood Blocking
-
Configuring SNMP
-
Configuring RMON
-
Configuring SPAN, RSPAN and the Mini Protocol Analyzer
-
Using Switch TopN Reports
-
Configuring Multicast Services
-
Configuring QoS
-
Configuring Automatic QoS
-
Configuring ASLB
-
Configuring the Switch Fabric Module
-
Configuring a VoIP Network
-
Configuring MSFC IOS Features
-
Acronyms
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y -
Index
Numerics
10/100-Mbps port speeds, setting 4-6
1000BASE-T (copper) GBIC
port negotiation limitation 4-2
10-Gigabit Ethernet Switching Module
default configuration 4-3
setting the flow control 4-8
supported encapsulation types 5-2
24-port FXS analog interface module
configuring 55-28
description 55-5
802.1ak
802.1Q
configuring 5-7
example configuration 5-18
mapping VLANs to ISL 11-9
overview 5-1
restrictions 5-4
VLAN mapping 11-9
802.1Q Ethertype
specifying custom 5-12
specifying default 5-13
802.1Q tagging
disabling on specific ports 5-11
802.1Q tunneling
configuration guidelines 8-2
configuring 8-4
Layer 2 protocol tunneling 8-6
rate limiters 8-7
understanding 8-1
802.1Q tunnel ports
CoS-to-CoS maps
configuring 51-60
802.1X authentication 40-23, 40-24
authentication failure VLAN, configuring 40-38
authentication server
defined 40-3
client, defined 40-3
configuring 802.1X with ACL assignments 40-26
configuring a unidirectional controlled port 40-25
configuring authenticated identity-to-port description mappings 40-37
configuring DNS resolution for a RADIUS server configuration 40-37
configuring user distribution 40-32
configuring with private VLANs 40-41
disabling multiple hosts 40-19
EAP-request frames
setting retransmit time 40-20
enabling and disabling 802.1X RADIUS accounting and tracking 40-34
enabling automatic reauthentication 40-17
enabling multiple hosts 40-18
global
disabling 40-14
enabling 40-14
identity frames
setting retransmit time 40-20
inaccessible authentication bypass, configuring 40-15
individual ports
enabling 40-15
initializing 40-15
overview 40-2
RADIUS server failure, configuring 40-40
rate limiting 40-13
returning to default values 40-22
setting automatic reauthentication 40-17
setting idle time 40-19
setting reauthentication manually 40-18
setting retransmission number 40-21
supplicant
automatic reauthentication 40-17
manual reauthentication 40-18
support for DHCP relay agent 40-8
support for guest VLANs 40-9
transport layer packets
setting retransmission time 40-21
using a RADIUS server for VLAN assignment 40-7
with ARP traffic inspection 40-11
with auxiliary VLANs 40-8
with port security 40-10
802.1x authentication
manual reauthentication 40-18
802.3ah Ethernet OAM, configuring 20-26
8-port T1/E1 PSTN interface module
configuring 55-27
description 55-6
A
abbreviating commands 2-9
Accelerated Server Load Balancing
access control entries
access control lists
access control subsystem
SNMP entity 46-7
accessing the MSFC
console port 2-3
Telnet session 2-4
accounting
configuration guidelines 39-55
creating accounting records 39-53
default configuration 39-55
disabling 39-57
enabling 39-56
events 39-52
example configuration 39-58
overview 39-52
specifying RADIUS servers 39-53
suppressing accounting 39-54
updating the server 39-54
ACE
ACL
ACL compiler optimization, enabling 15-82
ACLs, downloadable 15-116
ACL statistics, clearing 15-85
ACL statistics, displaying 15-86
ACL statistics on a per-ACE basis, enabling 15-84
ACL statistics on a per-ACL basis, enabling 15-83
ACL statistics on a per-VLAN basis, enabling 15-84
acronyms, list of A-1
adding hosts 40-24
addresses
Address Recognition Protocol
address resolution protocol
address table and switching 4-2
adjacency table 13-7
administering the switch 22-1, 30-1
advertisements, VTP 10-3
aggregate policing rule
aging-time
CEF 13-12
MLS 14-19
PFC2 NetFlow statistics 13-29
alarms, major and minor 22-15
aliases
creating for commands 22-6
IP
creating 22-7
designating 2-6
AppleTalk, configuring interVLAN routing 12-4
ARP
configuring permanent and static entries 15-39, 22-9
inspecting ARP traffic using VACLs 15-30
restricting ARP traffic using VACLs 15-29
ASLB
cabling guidelines 53-7
configuration examples 53-18
configuring ASLB on the switch 53-7
configuring the LocalDirector interfaces 53-7
data forwarding 53-4
hardware and software requirements 53-1
Layer 2 operation 53-3
Layer 3 operation 53-3
audience xxxix
auditing agentless hosts 41-14
Auth 42-8
authentication
login
overview 39-2
password 39-14
login lockout enhancement 39-2
NTP and 34-4
overview 39-2
recovering password 39-16
See also
authorization
overview 39-44
See also
authorized ports with 802.1X 40-4
automatic module shutdown
configuring 4-14
unsupported modules 4-14
automatic QoS
CLI interface 52-13
configuration guidelines and restrictions 52-4
configuration statements 52-18
CoS and DSCP values 52-2
global automatic QoS macro 52-6
how to use 52-28
macros 52-3
overview 52-1
port-specific automatic QoS macro 52-9
summary of features 52-27
syslogs 52-25
warnings and error conditions 52-23
auto-MDI/MDIX 4-7
autonegotiation
duplex 4-6
speed 4-6
trunks 5-2
auto state
disabling 12-9
autostate
configuring
exclude mode 12-7
track mode 12-8
displaying configuration 12-8
overview 12-6
exclude mode 12-6
normal mode 12-6
track mode 12-7
auxiliary VLANs
configuring 55-20
disabling auxiliary VLANs until an IP phone is detected 55-22
dynamic port VLAN membership 19-14
overview 55-8
with 802.1X authentication 40-8
B
BackboneFast 9-4
disabling 9-19
displaying statistics 9-18
enabling 9-18
figure
after indirect link failure 9-5
before indirect link failure 9-5
multiple spanning tree 7-17
back-end authenticator-to-supplicant 40-21
backplane
threshold detection 20-20
banner
blocking transitions 20-23
BOOT environment variables
default 25-5
displaying 25-12
boot field
overview 25-3
setting 25-6
boot image and switch 23-3
booting
configuration register, setting value 25-10
from Melody Compact Flash 3-5
ignoring NVRAM 25-9
booting the MSFC for the first time 3-4
BOOTP and in-band (sc0) interface 3-10
Bootstrap Protocol
BPDU
skewing 7-59
overview 7-24
BPDU Filter
multiple spanning tree 7-17
BPDU guard
multiple spanning tree 7-17
note 9-11
BPDU overview 7-3
BPDU skewing
monitoring 20-23
Break key (note) 2-1
bridged flow statistics 14-28, 16-3
bridge ID and MAC addresses 7-14
bridge ID priority, PVST+ 7-27
bridge protocol data units
broadcast suppression 35-1
disabling 35-4
enabling 35-3
enabling errdisable state 35-4
suppressing multicast traffic 50-7
suppressing unicast traffic 35-2
bundling
C
cache
IP MLS, displaying entries 14-24
MLS, overview 14-5
cache engine clusters 57-2
cache engines 57-2
cache farms
CAM, IP MLS 14-22
CAM table, duplicate MAC entries 20-5
capturing traffic flows 15-57
CDP
default configuration 31-2
disabling
globally 31-2
on ports 31-3
displaying neighbor information 31-5
enabling
globally 31-2
on ports 31-3
holdtime, setting 31-4
message interval, setting 31-4
overview 31-1
adjacency table 13-7
aging 13-12
configuration guidelines for multicast 13-14
IP multicast 13-18
MSFC2 13-16
supervisor engine 13-15
displaying information 13-15
examples 13-10
FIB 13-6
flow masks 13-12
destination-ip 13-12
destination-ipx 13-12
full flow 13-12
modes 13-12
source-destination-ip 13-12
source-destination-vlan 13-12
Layer 3 switching 13-2
overview 13-5
packet rewrite 13-2
restrictions for multicast 13-14
CEF for PFC2
CGMP
leaving multicast group 50-5
channel modes, EtherChannel (table)
LACP 6-13
PAgP 6-6
channels, clearing and restoring channel counters 6-20
checksum, verifying Flash file 26-9
CIDR, configuring static routes 22-8
Cisco CallManager, overview 55-5
Cisco Discovery Protocol
Cisco Group Management Protocol
Cisco IP Phone 7960 55-2
Cisco VG200 55-7
CIST 7-17
classless interdomain routing
clear boot system flash command 25-11
clearing the configuration 28-9
clear mls entry command 13-34, 14-29
clear mls entry ipx command 14-29
clear mls statistics command 13-36, 14-31
CLI
backing out one level 2-9
configuration mode 2-8
console configuration mode 2-9
getting list of commands 2-10
global configuration mode 2-9
interface configuration mode (IOS) 2-9
levels of access 2-8
privileged EXEC mode 2-9
ROM monitor 2-1
software basics 2-8
switch
accessing 2-2
console port 2-2
designating addresses and aliases 2-6
designating modules, ports, VLANs 2-5
editing 2-6
help 2-8
history substitution 2-7
normal mode 2-5
operating 2-5
overview 2-2
port ranges 2-6
ports, designating 2-5
privileged mode 2-5
shortcuts 2-7
Telnet 2-3
VLANs, designating 2-5
clock, setting 22-4
command aliases, creating 22-6
command-line interface
commands, getting list of 2-10
committing ACLs
Common and Internal Spanning Tree
See also CIST 7-17
Common Open Policy Service
Common Spanning Tree
community ports 11-20
Compact Flash memory 3-5
CONFIG_FILE variable, setting recurrence 25-7
configuration
clearing (switch) 28-9
configuration files
clearing using rcp 28-9
copying using rcp 28-6
creating 28-2
downloading
from Flash device 28-4
preparation 28-3
rcp 28-7
via TFTP 28-4
guidelines for creating 28-2
profile files
lockdown profile 28-16
running configuration
downloading via rcp 28-7
downloading via TFTP 28-4
uploading via rcp 28-8
uploading via TFTP 28-6
uploading
to rcp server 28-8
to TFTP server 28-6
uploading using rcp or SCP
preparation 28-8
configuration mode 2-8
configuration register
boot field, setting switch 25-6
CONFIG_FILE recurrence, setting 25-7
default setting 25-5
ignoring NVRAM at boot 25-9
overview 25-2
ROM monitor console port baud rate 25-6
setting 25-10
congestion avoidance
console configuration mode 2-9
console port
accessing MSFC 2-3
downloading software images
example PC download 27-31
example UNIX download 27-32
PC procedure 27-29
preparing for 27-28
UNIX procedure 27-30
ROM monitor baud rate 25-6
SLIP and 3-9
system message logging settings 29-5
user sessions
disconnecting 20-14
monitoring 20-14
contact, setting 22-3
content-addressable memory
Conventions xlii
convergence
improving 7-47
COPS
communications parameters 51-84
configuring 51-79
domain name 51-84
deleting 51-84
PDP server configuration
deleting 51-83
port ASICs 51-80
QoS policy source 51-80
roles 51-81
deleting 51-83
removing 51-82
selecting locally configured QoS policy 51-81
CoS
CoS-to-CoS maps
configuring 51-60
counters, configuring for IOS ACLs, PACLs, and VACLs 15-81
CRAM feature 15-87
critical recovery delay, setting 40-21
crypto image
uploading
using RCP 27-26
common spanning tree 7-21
D
DAI 15-39
database, VMPS
downloading 19-7
example configuration file 19-10
date, setting 22-4
daughter cards
power efficiency 55-15
daylight saving time
disabling adjustment 34-7
enabling adjustment 34-6
default gateway
configuring 3-8
removing 3-8
deficit weighted round robin 51-66
designated MSFC 23-24
DES key
clearing 39-41
defining 39-41
destination-based QoS
destination flow masks 14-6
destination-ip flow masks 13-12
destination-ipx flow masks 13-12
detection
BPDU skewing 7-60
DHCP
in-band (sc0) interface and 3-10
options 3-3
releasing lease 3-11
renewing lease 3-11
DHCP snooping
configuration guidelines 33-3
configuring on a VLAN 33-2
default configuration 33-3
displaying binding tables 33-11
displaying configuration 33-12
enabling 33-3
enabling (example) 33-6
enabling Host Tracking Information Option 33-4
enabling on private VLAN 33-4
MAC address matching 33-5
overview 33-1
DHCP snooping for an MSFC
enabling (example) 33-7
differentiated services codepoint
Digital Optical Monitoring 20-66
directed broadcasts 13-36
disabling 40-24
disabling MLS
on MSFC interfaces 14-16
on the supervisor engine (note) 14-19
DISL
dispatcher
SNMP entity 46-7
DNS
default configuration 30-2
disabling 30-4
domain name
clearing 30-3
setting 30-2
enabling 30-2
overview 30-1
server
clearing 30-3
specifying 30-2
setting up 30-2
system name and 22-2
system prompt and 22-2
documentation
related 1-xlii
DOM
See Digital Optical Monitoring
domain name
clearing 30-3
setting 30-2
Domain Name System
dot1x
disabling multiple hosts 40-19
EAP-request frames
setting retransmit time 40-20
enabling automatic reauthentication 40-17
enabling multiple hosts 40-18
global
disabling 40-14
disabling web-based proxy authentication 42-10
enabling 40-14
enabling web-based proxy authentication 42-10
identity frames
setting retransmit time 40-20
manual reauthentication 40-18
returning to default values 40-22
setting idle time 40-19
setting retransmission number 40-21
transport layer packets
setting retransmission time 40-21
downloading
configuration files
from Flash device 28-4
preparation 28-3
using rcp or SCP 28-7
via TFTP 28-4
software images
example, multiple module 27-13, 27-20
example, single module 27-12, 27-20
example, supervisor engine 27-9, 27-18
overview 27-5
preparation 27-16
supervisor engine 27-7, 27-16, 27-23
Xmodem or Ymodem 27-33
drop thresholds
DSCP
DTP
non-Cisco devices and 5-4
overview 5-2
duplex, Ethernet 4-6
DWRR 51-66
dynamic ARP inspection
Dynamic Host Configuration Protocol
Dynamic Host Configuration Protocol snooping
dynamic interswitch link (DISL) protocol
dynamic port VLAN membership
configuring 19-5
default configuration 19-2
example 19-12
for auxiliary VLANs 19-14
overview 19-1
reconfirming 19-7
troubleshooting 19-10
Dynamic Trunking Protocol
E
efficiency
PoE daughter cards 55-15
enable mode 2-9
enable password
recovering lost 39-16
setting 39-15
enabling 40-23
MLS, on MSFC interfaces 14-16
enabling IP MMLS
on MSFC interfaces 13-20, 14-33
encapsulation type descriptions, trunks (table) 5-3
environmental monitoring
LED indications 22-15
SNMP traps 22-15
supervisor engine and switching modules 22-15
syslog messages 22-15
using CLI commands 22-14
environment variables
See BOOT environment variables
EPLD images, upgrading 27-2
errdisable state, using with broadcast suppression 35-4
errdisable timeout, configuring 4-12
error detection, configuring 4-16
error messages
system message logging (syslog) 29-1
VMPS (table) 19-9
EtherChannel
administrative groups 6-7
bundling 6-2
channel modes (table)
LACP 6-13
PAgP 6-6
clearing and restoring channel counters 6-20
configuration guidelines 6-3
configuring
port modes 6-8
port path cost 6-9
VLAN cost 6-9
configuring link error handling 20-24
configuring manually or using PAgP 6-7
example configuration 5-15, 5-18
frame distribution 6-2
IDs 6-7
maximum number of channels supported 6-2, 6-5
modes, using LACP 6-13
overview 6-2
PAgP and 6-6
PAgP modes 6-6
port aggregation protocol 6-6
port VLAN cost 6-9
Ethernet
autonegotiation, speed 4-6
checking connectivity 4-21
configuring 4-1
default configuration 4-3
flow control keywords (table) 4-8
overview 4-1
port duplex, setting 4-6
port enable state 4-9
port name, setting 4-5
port negotiation 4-9
port speed, setting 4-6
setting port duplex 4-10
switching frames 4-2
timeout periods 4-12
Ethernet ingress port
ACLs 51-17
QoS ACLs 51-17
Ethernet OAM, configuring 20-26
EtherTypes 51-17
extended range VLANs
extended trust for CDP devices (trusted boundary feature) 55-33
F
fast aging-time 14-21
PFC2 statistics 13-30
Fast EtherChannel
Fast Ethernet
FIB 13-6
fiber-optic, detecting unidirectional links 32-1
file transfer protocols, comparison of 27-5
filtering syntax for QoS 51-46
filters
filters, NDE
Firewall Services Module, configuring VLANs for 11-37
Flash file system
checksum 26-9
files
copying 26-6
deleting 26-8
listing 26-5
restoring 26-8
setting default 26-2
formatting device 26-9
overview 26-1
setting configuration modes 26-2
Flash memory
Melody Compact Flash 3-5
storing ACLs 15-64
Flash PC cards, formatting 26-9
Flash synchronization
examples 23-15
overview 23-4
flex links, configuring 4-17
flowcharts, QoS 51-3
flow control 4-8
configuring 4-8
keywords (table) 4-8
flow masks
CEF 13-12
destination-ip 13-12
destination-ipx 13-12
full flow 13-12
source-destination-ip 13-12
source-destination-vlan 13-12
IP MLS entries 14-9
IP MLS full flow 14-6
IPX MLS 14-6
minimum 14-21
PFC2 statistics 13-31
MLS
destination 14-6
source-destination-ip 14-6
source-destination-vlan 14-6
modes 14-6
CEF 13-12
overview 14-6
flows
IP MMLS
completely and partially switched 13-9, 14-10
MLS 14-4
multicast
completely and partially switched 14-10
for DHCP relay agent 40-23, 40-24
formatting Flash devices 26-9
forwarding information base (FIB) 13-6
frame retransmission number 40-21
FTP
uploading software images 27-15
full flow flow mask 13-12, 14-6
full vlan flow mask 13-12
G
GARP Multicast Registration Protocol
GARP timers, setting 17-7, 50-24
GARP VLAN Registration Protocol
General Attribute Registration Protocol
Gigabit Ethernet
Gigabit Ethernet trunks
global configuration mode 2-9
GMRP
default configuration 50-19
disabling
globally 50-26
per-port 50-21
enabling
globally 50-20
per-port 50-20
forward-all option
disabling 50-22
enabling 50-21
hardware and software requirements 50-19
overview 50-6
registration
fixed 50-23
forbidden 50-23
normal 50-22
statistics
clearing 50-25
viewing 50-25
timers 50-24
guest VLAN 40-24
GVRP
configuration guidelines 17-2
declarations from blocking ports 17-6
default configuration 17-2
disabling
globally 17-9
on 802.1Q ports 17-8
enabling
dynamic VLAN creation 17-4
globally 17-3
on 802.1Q ports 17-3
registration
fixed 17-5
forbidden 17-6
normal 17-5
setting GARP timers 17-7
statistics
clearing 17-8
viewing 17-8
timers 17-7
H
he 54-12
high availability
configuring 23-12
downloading different image on standby supervisor engine 23-14
overview 23-9
supported features 23-10
versioning overview 23-11
with the integrated 720-Gbps switch fabric 54-2
history, switch CLI 2-7
Hot Standby Routing Protocol
HSRP
ACLs
IOS ACL configuration 23-24
reflexive and dynamic ACLs (note) 23-24
configuration examples 23-30
configuration requirements 23-22
configuring 23-28
designated MSFC 23-24
failure scenarios 23-26
hardware and software requirements 23-21, 23-50
overview 23-21
routing protocol peering 23-23
I
I-BPDU 7-17
ICMP
ping
executing 20-16
overview 20-15
testing connectivity with 4-21
time exceeded messages 20-18
traceroute and 20-18
IGMP
configuration guidelines 50-9
disabling 50-18
enabling 50-10
joining multicast group 50-4
leave processing
disabling 50-18
enabling 50-12
leaving multicast group 50-5
multicast group
clearing 50-28
multicast router ports
clearing 50-28
specifying 50-26
overview 50-2
statistics, viewing 50-17
IGMP version 3
enabling 50-12
fast-block processing 50-5
enabling 50-14
images
inaccessible authentication bypass, configuring 44-24
in-band (sc0) interface
DHCP and 3-10
RARP and 3-10
VLAN assignment 11-2
in-band (sc0 and sc1) interface
configuring 3-7
feature comparison 3-6
IP address, assigning 3-7
inline power
efficiency 55-15
interface configuration mode 2-9
interfaces
in-band (sc0) 11-2
in-band (sc0 and sc1) 3-4, 3-7
Internal Sub Tree Protocol
See ISTP 7-16
Internet Group Management Protocol
Internet Protocol
interVLAN routing
AppleTalk, configuring 12-4
IP, configuring 12-3
IPX, configuring 12-3
overview 12-1
IOS
bringing up interface 2-11
viewing and saving configuration 2-11
IOS ACLs 15-3
common uses for 15-9
configuring counters 15-81
configuring rate limiting for Cisco IOS ACL Logging 15-14
features
supported in PFC 15-10
supported in PFC II 15-13
unsupported 15-44
hardware and software handling in PFC 15-10
hardware and software handling in PFC2 15-13
hardware requirements 15-2
overview 15-2
reflexive ACLs with PFC 15-11
reflexive ACLs with PFC2 15-15
supported features 15-10, 15-13
with VACLs 15-17
IP
accounting, IP MMLS and 14-15
CIDR and 22-8
configuring interVLAN routing 12-3
default gateway, configuring 3-8
static routes 22-8
subnetworks, VLANs and 11-2
IP addresses
adding to IP permit list 37-2
aliases, creating 22-7
automatic assignment 3-2
BOOTP 3-10
clearing from IP permit list 37-5
designating 2-6
DHCP 3-10
in-band (sc0 and sc1) interface 3-7
obtaining from DHCP, BOOTP or RARP 3-10
RARP 3-10
setting on supervisor engine 3-7
SLIP (sl0) interface 3-10
IP aliases
creating 22-7
designating 2-6
IP CEF
topology (figure) 13-10
IP-directed broadcasts, configuring 13-36
ip flow-export destination command 16-11
ip flow-export source command 16-11
IP MLS or IP MMLS
ip mtu command 14-14
IP multicast
broadcast suppression
disabling 35-4
enabling 35-3
configuration guidelines
CEF 13-14
displaying routing table 13-21, 14-34
GMRP and 50-19
group entries 50-26
group information 50-17
groups
clearing 50-28
joining 50-4
IGMP fast-leave processing 50-18
IGMP querier
configuring 50-15
overview 50-8
IGMP snooping and 50-9
IGMP statistics 50-17
overview 50-1
rate limiting multicast traffic 50-14
RGMP 50-29
router
clearing ports 50-28
specifying port for 50-26
router information 50-17
router ports
clearing 50-28
IP permit list
addresses, adding 37-2
caution 37-5
clearing entries 37-5
default configuration 37-2
disabling 37-4
enabling 37-3
overview 37-1
IP phones
detecting an IP phone 55-16
high availability support 55-16
powering off phones 55-15
removing a phone from the network 55-15
wall powered phones 55-15
IP Source Guard
IP source guard
configuring 33-16
displaying 33-17
overview 33-15
IP traceroute
executing 20-19
overview 20-18
IPX, configuring interVLAN routing 12-3
IPX MLS
ISL 5-14
example configuration 5-14, 5-15
mapping 802.1Q VLANs 11-9
overview 5-1
isolated port 11-20
ISTP 7-16
J
jumbo frames
configuring 4-19
disabling 4-19
enabling 4-19
on sc0 interface 4-19
K
Kerberos authentication
DES key, defining and clearing 39-41
disabling credentials forwarding 39-40
enabling 39-35
enabling credentials forwarding 39-39
login procedure 39-7
mapping realm to host name 39-37
non-kerberized login procedure 39-9
overview 39-5
realm, defining 39-36
servers, specifying 39-36
SRVTAB files, copying 39-37
Kermit
example downloads
caution 27-28
PC procedure 27-31
UNIX procedure 27-32
PC software download procedure 27-29
preparing to download software images 27-28
UNIX software download procedure 27-30
keys
L
LACP
configuration parameters 6-13
configuration procedures 6-15
modes 6-13
Layer 2
forwarding table for IP MMLS 14-5
PDU rate limiters 7-25
protocol tunneling 8-6
traceroute utility 20-17
Layer 3 switched packet rewrite
CEF 13-2
MLS 14-2
Layer 3 switching
CEF 13-2
MLS 14-1
Layer 4 port operations (ACLs) 15-24
leave processing, IGMP
disabling 50-18
enabling 50-12
Link Aggregation Control Protocol
link error handling, configuring 20-24
load balancing 7-16
load sharing on trunks 5-22
local authentication
configuration guidelines 39-11, 40-12
default configuration 39-10, 40-11, 42-8
disabling 39-15
enable password, setting 39-15
enabling 39-13
login password, setting 39-14
overview 39-3
password recovery 39-16
local director
local user authentication
deleting an account 39-17, 39-19
disabling 39-18
enabling 39-17
overview 39-3
setting passwords 39-17
location, setting 22-3
logging, configuring rate limiting for Cisco IOS ACL logging 15-14
logging messages, VACLs 15-59
logical operation unit
login authentication
overview 39-2
login banners
clearing 22-5
configuring 22-5
displaying or suppressing the "Cisco Systems Console" login banner 22-5
overview 22-4
login passwords
recovering 39-16
setting 39-14
loop guard
configuring 9-19
multiple spanning tree 7-17
overview 9-6
LOU
description 15-24
determining maximum number of 15-24
M
MAC addresses
address table 4-2
allocation 7-14
blocking 38-2
blocking unicast flood packets 45-1
CAM table, duplication indicator 20-5
configuring move counters 20-62
designating 2-6
port security and 38-2
MAC-address monitoring
clearing
configuration 38-17
configuring 38-14
global monitoring 38-14
displaying
configuration 38-18
global configuration 38-18
specifying
lower threshold 38-16
MAC addresses 38-15
polling interval 38-16
upper threshold 38-17
MAC address move counters, configuring 20-62
MAC address reduction 7-15
MAC authentication bypass
ACL assignments 41-13
agentless hosts, auditing 41-14
bypass events 41-4
bypass states 41-3
configuration guidelines and restrictions 41-4
configuring 41-6
overview 41-2
QoS ACLs, configuring 41-13
reauthentication of MAC addresses 41-2
MAC utilization
clearing counters 20-9
overview 20-7
setting the load interval 20-7
viewing statistics 20-7
mapping VLANs 11-9
markdown (QoS) 51-24
marking (QoS) 51-29
MDI/MDIX 4-7
MDIX 4-7
Melody Compact Flash memory 3-5
memory use
monitoring 20-21
message-of-the-day
message processing subsystem 46-8
metric values, switch TopN reports (table) 49-2
metro Ethernet CFM 20-38
MIBs
RMON/RMON2 support (table) 47-3
microflow policing rule 51-24
Mini Protocol Analyzer
configuration guidelines 48-20
configuring from CLI 48-21
hardware requirements 48-19
overview 48-19
session limits 48-5
session limits table 48-6
MISTP
caution 7-36
configuring an instance 7-37
conflicts, MISTP VLAN 7-43
default configuration 7-35
enabling an instance 7-41
mapping VLANs to 7-41
MIST-PVST+ 7-34
port cost 7-38
port instance cost 7-40
port instance priority 7-40
port priority 7-39
unmapping VLANs from 7-44
MLS
access lists, flow masks and 14-6
aging-time 14-19
cache
clearing entries 14-29
displaying all entries 14-25
displaying by IP destination address 14-25
displaying by IP source address 14-26
displaying by IPX destination address 14-26
displaying by specific flow 14-27
entries, clearing 14-29
entries, displaying IP multicast 14-39
entries, displaying IP unicast 14-24
overview 14-5
size (note) 14-20
CAM entries, displaying 14-22
clearing
cache entries 14-29
configuration guidelines
MTU 14-14
routing commands with IP MLS 14-14
configuration guidelines for IP MMLS
MSFC 14-15
switches 14-14
configuration guidelines for IPX MLS
interaction with other features 14-15
MTU 14-16
configuration information, displaying
IP or IPX 14-23
multicast 14-38
configuring IP-directed broadcasts 13-36
configuring threshold 13-19, 14-33
debug commands
on MSFC 14-18
on MSFC2 for multicast traffic 13-24
on MSFC for multicast traffic 14-36
debugging
on supervisor engine 13-36, 14-31
default configuration 14-12
disabling
on MSFC interface 14-16
on supervisor engine (note) 14-19
displaying
cache entries 14-24
information 14-23
multicast routing table 13-21, 14-34
enabling
IP PIM on MSFC 14-33
IP PIM on router 13-19
on MSFC interfaces 13-20, 14-33
entries (note) 14-20
examples 14-11
fast aging-time 14-21
flow masks
access lists and 14-6
destination 14-6
full flow 14-6
IP MLS entries and 14-9
minimum 14-21
modes 14-6
overview 14-6
source-destination-ip 14-6
source-destination-vlan 14-6
flows 14-4
completely and partially switched 13-9, 14-10
completely and partially switched multicast 13-9, 14-10
guidelines 14-13
Layer 2 forwarding table 14-5
monitoring on MSFC 13-22, 14-17, 14-35
MSFC
disabling on interfaces 14-16
displaying interface information 13-21, 14-34
enabling globally 14-32
enabling on interfaces 13-20, 14-16, 14-33
monitoring 13-22, 14-17, 14-35
multicast routing table, displaying 14-34
PIM, enabling 14-33
MTU size
IP 14-14
IPX 14-16
NetFlow table entries, displaying 13-26
packet rewrite 14-2
packet threshold values for IP 14-21
restrictions
for IP MMLS, MSFC 14-15
for IP MMLS, switches 14-14
route-processor (note) 14-32
routers
enabling globally 13-18
multicast routing table, displaying 13-21
PIM, enabling 13-19
routing command restrictions 14-14
setting minimum flow mask 14-21
specifying aging time 14-19
specifying fast aging time 14-21
statistics
displaying by protocol 14-30
displaying for MLS cache entries 14-30
switches
cache entries, displaying 14-39
configuration, displaying 14-38
disabling (note) 14-19
NetFlow table entries, displaying 13-26
statistics, clearing 13-26, 14-39
statistics, displaying 13-25, 14-38
topology (figure) 14-11
unsupported IP MMLS features 14-15
mls ip multicast command
enabling IP MMLS 50-35, 50-36, 50-37
MMLS
modules
checking status 20-2
designating on command-line 2-5
downloading software images 27-8, 27-17
status, checking 20-2
supervisor engine
configuring 3-1
monitoring
memory usage 20-21
system warnings 20-19
MOTD
MSFC
accessing from switch
console port 2-3
telnet session 2-4
AppleTalk interVLAN routing, configuring 12-4
as MLS route processor for Catalyst 5000 family switches 14-16
booting for the first time 3-4
configuration guidelines
interVLAN routing 12-2
IP MMLS 14-15
MLS 14-13
configuration mode 2-10
configuring
Appletalk interVLAN routing 12-4
interVLAN routing 12-1
IP interVLAN routing 12-3
IP MMLS 14-32
IPX interVLAN routing 12-3
MLS 14-16
redundancy with HSRP 23-28
configuring redundancy 23-21
displaying IP MMLS interface information 13-21, 14-34
enabling
IP multicast routing 14-32
MMLS on MSFC interfaces 13-20, 14-33
IP interVLAN routing, configuring 12-3
IP MMLS, monitoring 13-22, 14-35
IPX interVLAN routing, configuring 12-3
multicast routing table, displaying 14-34
overview 12-1
PIM, enabling on MSFC interfaces 14-33
session command and 2-4
switch console command and 2-3
MSFC2
Catalyst 5000 support 13-1
configuring
IP multicast 13-18
unicast Layer3 switching 13-16
enabling IP multicast routing 13-18
multicast routing table, displaying 13-21
PIM, enabling on MSFC2 VLAN interfaces 13-19
MST 7-16
boundary ports 7-22
bridge ID priority 7-54
configuration 7-21
configuring 7-51
edge ports 7-23
enabling 7-51
hop count 7-23
instances 7-21
interoperability 7-19
interoperability with PVST+ 7-17
link type 7-23
mapping VLANs to 7-58
message age 7-23
port cost 7-55
port instance cost 7-56
port instance priority 7-57
port priority 7-56
region 7-22
regional root 7-22
regions 7-21
MSTP
M-record 7-17
M-tree 7-17
MTU
IP MLS and 14-14
IPX MLS and 14-16
multicast
groups
leaving 50-5
multicast suppression 35-2, 50-7
multicast traffic, rate limiting 50-14
Multilayer Switch Feature Card
Multilayer Switching
Multilayer Switch Module
See MSM A-3
multiple forwarding paths 7-16
Multiple Spanning Tree
See MST 7-16
Multiple VLAN Registration Protocol
clearing
configuration 18-11
counters 18-11
statistics 18-11
configuration guidelines 18-2
configuring 18-2
declarations from STP blocking ports 18-6
default configuration 18-2
disabling
globally 18-10
on trunk ports 18-10
enabling
dynamic VLAN creation 18-4
globally 18-3
on trunk ports 18-4
overview 18-1
registration
fixed 18-5
forbidden 18-6
normal 18-5
setting MVRP timers 18-7
viewing
configuration summary 18-8
state machines 18-9
statistics 18-9
trunks 18-10
MVRP timers, setting 18-7, 18-8
N
native VLAN
802.1Q and 5-4
NDE
clearing an NDE collector 16-10
configuration, displaying 16-16
data collection 16-2
data export address
removing 16-16
data export collector, specifying 16-9
disabling 16-16
displaying configuration 16-16
filters
clearing 16-15
destination and source subnet 16-13
destination host, specifying 16-13
destination TCP/UDP port, specifying 16-13
overview 16-3
protocol, specifying 16-14
source host and destination TCP/UDP port, specifying 16-14
overview 16-1
protocols
removing for statistics collection 16-15
specifying for statistics collection 16-14
RMON 16-1
specifying
collectors, single or dual collectors 16-9
destination and source subnets 16-13
destination host filters 16-13
destination TCP/UDP port filters 16-14
protocol filters 16-14
protocols for statistics collection 16-14
statistics collection
removing protocols for 16-15
specifying protocols for 16-14
NetFlow Data Export
Network Address Translation
network admission control
agentless hosts, auditing41-14to 41-17
LAN port 802.1X 44-34
LAN port IP
CLI command examples 44-9
configuration example 44-30
configuration guidelines and restrictions 44-6
configuration procedure 44-8
configuring policy-based ACLs 44-21
overview 44-2
prerequisites 44-6
network fault tolerance 7-16
network management
Network Time Protocol
NMS
Mini Protocol Analyzer, configuring 48-1
RSPAN, configuring 48-1
SPAN, configuring 48-1
normal-range VLANs
NTP
authentication 34-4
broadcast-client mode
configuring 34-3
disabling 34-8
client mode
configuring 34-4
disabling 34-8
daylight saving time adjustment
disabling 34-7
enabling 34-6
default configuration 34-2
disabling 34-8
overview 34-1
server
clearing 34-8
specifying 34-4
time zone
clearing 34-7
setting 34-5
NVRAM
caution 25-9
ignoring content at boot 25-9
setting configuration modes 26-2
O
OAM, configuring 20-26
Obtaining Documentation xliii
online diagnostics (generic)
configuring 21-2
overview 21-1
understanding 21-1
Organization xxxix
out of profile
P
packet-buffer error handling, configuring 20-24
packet rewrite
CEF 13-2
MLS and 14-2
packets
bridged 15-7
multicast 15-8
routed 15-8
packet threshold
CEF 13-30
IP MLS 14-21
PACLs
configuration examples 15-76
configuration guidelines 15-69
configuring counters 15-81
configuring from the CLI 15-72
interaction with IP source guard and DHCP snooping 33-15
overview 15-68
PAgP
administrative groups 6-7
configuring EtherChannel, using 6-7
modes 6-6
passwords
enable 39-15
login 39-14
recovering lost 39-16
PBF
configuration example 15-100
configuring 15-92
clearing PBF ACEs 15-97
committing PBF VACLs 15-95
configuring hosts for PBF 15-98
configuring VACLs for PBF 15-94
disabling PBF and clearing the MAC address 15-93
displaying PBF information 15-96
displaying PBF statistics 15-96
enabling jumbo frame forwarding 15-95
enabling PBF 15-92
specifying adjacency table entries 15-94
specifying a PBF MAC address 15-92
enhanced, software release 7.5(1) and later 15-102
enhanced, software release 8.3(1) and later 15-105
enhanced, software release 8.6(1) and later 15-110
hardware and software requirements 15-91
limitations
2000 hosts 15-100
Linux 15-98
MS-Windows 15-100
NT 15-100
Sun Workstations 15-99
overview 15-91
PC card
PCMCIA
PDP server
PDU
rate limiters
configuring 7-61
disabling 7-61
enabling 7-61
permit list
PFC
IGMP snooping and 50-9
protocol filtering and 36-1
QoS, see Layer 3 Switching Engine
PFC2
NetFlow
fast aging-time 13-30
flow masks 13-31
packet threshold values for IP 13-30
statistics 13-27
statistics, clearing 13-34
statistics, specifying aging time 13-29
statistics aging-time 13-29
table, displaying entries 13-32
QoS policing rule 51-24
statistics 13-11
displaying for NetFlow table entries 13-33
displaying for NetFlow top talkers 13-33
phones, Cisco IP Phone 7960 55-2
PIM, IP MMLS and 14-33
PIM, IP multicast and 13-19
ping
command 4-21
executing 20-16
overview 20-15
testing connectivity 4-21
policy-based ACLs, configuring 44-21
policy-based forwarding, see PBF
policy decision point servers
Policy Feature Card
Port Aggregation Protocol
port-based authentication
authentication server
RADIUS server 40-3
device roles 40-2
EAPOL-start frame 40-3
EAP-request/identity frame 40-3
EAP-response/identity frame 40-3
encapsulation 40-3
initiation and message exchange 40-3
ports
authorization state and dot1x port-control command 40-5
authorized and unauthorized 40-4
switch
as proxy 40-3
RADIUS client 40-3
port-based QoS features
port bundling, EtherChannel 6-2
port counters
monitoring 20-19
port debounce timer
disabling 4-10
displaying 4-10
enabling 4-10
modifying the settings 4-11
PortFast
BPDU filter 9-3
configuring 9-13
BPDU guard 9-2
configuring 9-11
configuring 9-8
disabling 9-10
enabling 9-8
multiple spanning tree 7-17
port provisioning verification 11-12
ports
capabilities, checking 20-6
changing the default port enable state 4-9
checking status 20-3
community 11-20
configuring error detection 4-16
designating on command-line 2-5
duplex 4-6
dynamic VLAN membership
configuring 19-5
default configuration 19-2
example 19-12
overview 19-1
reconfirming 19-7
troubleshooting 19-10
errdisable timeout, configuring 4-12
isolated 11-20
modifying the port debounce timer settings 4-11
name 4-5
PRBS test for 10-Gigabit Ethernet links 20-10
promiscuous 11-20
setting the debounce timer 4-10
speed, 10/100 Ethernet 4-6
VLAN assignments 11-10
port security
age time, specifying 38-7
changing the default port enable state 4-9
clearing MAC addresses 38-8
configuration guidelines 38-4
disabling 38-11
enabling 38-4
on trunk ports 38-5
enabling with 802.1X authentication 40-10
MAC addresses, specifying number 38-5
monitoring 38-12
overview 38-2
security violation action, specifying 38-10
shutdown time, specifying 38-11
with 802.1X authentication 40-10
port status, checking 20-3
power management
displaying power mode 55-18
enabling/disabling redundancy 22-12
overview 22-12
powering modules up or down 22-14
setting default allocation for a port 55-17, 55-18
setting the inline power notification threshold for a module 55-18
voice 55-11
PRBS test 20-10
private VLANs 11-19
community VLAN 11-20
configuration guidelines 11-21
configuring ACLs 15-43
creating 11-25
delete mapping 11-29
deleting 11-28
deleting isolated, community, or two-way community VLANs 11-29
hardware/software interactions 11-22
isolated VLAN 11-20
primary VLAN 11-20
two-way community VLAN 11-20
using with 802.1X authentication 40-41
privileged EXEC mode 2-9
prompt
configuring 22-3
overview 22-2
protocol data units
protocol filtering
configuring 36-3
default configuration 36-2
disabling 36-3
enabling 36-3
overview 36-1
protocol support 36-2
protocol tunneling
configuration guidelines 8-7
configuring 8-7
understanding 8-6
pruning, VTP
PVST+ 7-26
bridge ID priority, configuring 7-27
default configuration 7-26
default port cost mode 7-29
disabling 7-32
port cost 7-28
port priority 7-29
port VLAN priority 7-31
Q
QoS
(note) 15-3
COPS
See also automatic QoS 52-1
statistics data export 51-29
configuring 51-89
configuring destination host 51-93
configuring time interval 51-92
displaying information 51-93
trust-cos
port keyword 51-12
trust-dscp
port keyword 51-12
trust-ipprec
port keyword 51-12
QoS ACE
ICMP, creating 51-48
ICMP, options 51-19
IGMP, creating 51-49
IGMP, options 51-21
IP addresses and masks 51-46
IP Layer3 options 51-18
IP Layer 4 port options 51-47
IP Layer4 protocol options 51-18
IP precedence parameter options 51-47
IP with Layer 4 options 51-50
IP with only Layer 3 options 51-49
IPX, creating 51-51
IPX, options 51-21
MAC, creating 51-53
MAC, options 51-21
TCP, creating 51-47
TCP, options 51-19
UDP, creating 51-48
UDP, options 51-19
QoS ACL 51-17
committing 51-55
creating 51-45
default 51-22
default IP 51-50
default IPX, creating 51-54
default MAC, creating 51-54
deleting named 51-54
detaching 51-57
discarding uncommitted 51-55
IP, named 51-46
MAB, configuring with 41-13
marking rules 51-23
modifying 51-45
named 51-17
names 51-45
policing rules
creating 51-42
deleting 51-45
description 51-24
reverting to default values 51-55
storing in Flash memory 15-64
QoS classification (definition) 51-3
QoS classification criteria
IP ACEs
Layer 3 51-18
Layer 4 ICMP 51-19
Layer 4 IGMP 51-21
Layer 4 protocol 51-18
Layer 4 TCP 51-19
Layer 4 UDP 51-19
IPX ACE 51-21
MAC ACE Layer 2 51-21
QoS configuring 51-38
QoS configuring on Cisco IP Phone 7960 55-31
QoS congestion avoidance
definition 51-3
dual transmit queue ports 51-29
receive queue 51-14
QoS CoS
and ToS final values from Layer 3 Switching Engine 51-27
configuring port value 51-41
definition 51-2
QoS default configuration 51-30
QoS definitions 51-2
QoS destination-based 51-61
deleting 51-62
QoS disabling 51-79
QoS display
information 51-76
statistics 51-77
QoS DSCP
definition 51-2
internal values 51-16
maps, configuring 51-73
QoS DSCP ACE keyword 51-23
QoS dual receive, triple transmit queue ports
clearing 51-72
configuring 51-68, 51-70, 51-71
QoS dual transmit queue
thresholds, configuring 51-63
QoS dual transmit queue ports
congestion avoidance 51-29
QoS Ethernet egress port
feature summary 51-11
scheduling, congestion avoidance, and marking 51-9, 51-28
QoS Ethernet ingress port
classification, marking, scheduling, and congestion avoidance 51-5
feature summary 51-10
Layer 3 Switching Engine classification features 51-15
marking, scheduling, congestion avoidance, and classification 51-12
scheduling 51-14
scheduling and congestion avoidance 51-13
QoS EtherType field values 51-17
QoS feature set summary 51-10
QoS filtering 51-46
QoS final Layer 3 Switching Engine CoS and ToS values 51-27
QoS flowcharts 51-3
QoS internal DSCP values 51-16
QoS IP phone, configuring 55-31
QoS IPX ACE 51-21
QoS labels (definition) 51-2
QoS Layer 2 Switching Engine
classification and marking 51-8, 51-28
feature summary 51-11
QoS Layer 3 Switching Engine
classification, marking, and policing 51-6, 51-15
feature summary 51-10
QoS MAC ACE Layer 2 51-21
QoS mapping
CoS values to drop thresholds 51-67
CoS values to DSCP values 51-73
DSCP markdown values 51-75
DSCP values to CoS values 51-74
IP precedence values to DSCP values 51-74
QoS markdown 51-24
QoS marking 51-29
based on per-port classification 51-15
definition 51-3
MSFC 51-8
trusted ports 51-13
untrusted ports 51-13
QoS MSFC 51-8
QoS out of profile 51-24
QoS policing
definition 51-3
microflow, enabling for nonrouted traffic 51-62
token bucket 51-24
QoS policing rule 51-24
aggregate 51-24
dual rate 51-24
deleting 51-45
microflow 51-24
QoS policy 51-80
QoS port
trust state 51-41
QoS port-based or VLAN-based 51-40
QoS port keywords 51-12
QoS receive queue 51-13
drop thresholds (figure) 51-14
tail-drop thresholds, configuring 51-63
QoS reverting to defaults 51-79
QoS scheduling (definition) 51-3
QoS single-port ATM OC-12 switching module features 51-11
QoS single-port ATM OC-12 switching module marking 51-9
QoS single-receive, dual-transmit queue ports
configuring 51-68
QoS strict priority receive queue 51-13
QoS ToS
and CoS final values from Layer 3 Switching Engine 51-27
definition 51-2
QoS traffic flow through QoS features 51-4
QoS transmit queue
allocating bandwidth between 51-66
size ratio 51-67
QoS transmit queues 51-28, 51-70, 51-72
QoS triple transmit queue WRED drop thresholds 51-64
QoS trust-cos
ACE keyword 51-23
QoS trust-dscp
ACE keyword 51-23
QoS trust-ipprec
ACE keyword 51-23
QoS untrusted port keyword 51-12
QoS VLAN-based or port-based 51-26, 51-40
QoS WRED drop thresholds 51-64
R
RADIUS accounting
configuration guidelines 39-55
creating records 39-53
disabling 39-57
enabling 39-56
events 39-52
example configuration 39-58
overview 39-52
servers, specifying 39-53
suppressing 39-54
updating the server 39-54
RADIUS authentication
configuration guidelines 39-11, 40-12
deadtime, setting 39-30
default configuration 39-10, 40-11, 42-8
disabling 39-33
enabling 39-27
key, clearing 39-32
key, specifying 39-26
overview 39-5
retransmit count, setting 39-29
servers
clearing 39-32
specifying 39-26
specifying optional attributes 39-31
timeout, setting 39-29
using a RADIUS server for 802.1X VLAN assignment 40-7
RADIUS authorization
disabling 39-50
enabling 39-50
Rapid-PVST+
configuring 7-33
overview 7-13
Rapid Spanning Tree
See RSTP 7-18
RARP
in-band (SC0) interface and 3-4
rate limiters
configuring for Layer 2 PDU 7-61
disabling 7-61
enabling 7-61
with 802.1Q tunneling 8-7
with 802.1X authentication 40-13
rate limiting, for Cisco IOS ACL logging 15-14
rate limiting multicast traffic 50-14
rcp
downloading configuration files 28-7
downloading supervisor engine images 27-16
downloading switching module images 27-17
overview 28-6
uploading configuration files 28-8
receive queues
redundancy (NSF)
configuring
BGP 24-8
CEF 24-7
IS-IS 24-10
OSPF 24-9
redundancy (SSO)
redundancy command 24-6
redundancy overview 23-21
redundant
synchronizing boot images 23-18
synchronizing runtime image with bootstring 23-16
redundant supervisor engine
See supervisor engine, redundant
Related Documentation xlii
related documentation 1-xlii
Remote Monitoring
Remote Switched Port Analyzer
reserved-range VLANs
reset
scheduling
absolute date and time 22-10
within a specific timeframe 22-11
scheduling system reset 22-10
retransmission time
authenticator-to-supplicant 40-20
back-end authenticator-to-authentication-server 40-21
back-end authenticator-to-supplicant 40-20
Reverse Address Resolution Protocol
rewrite, packet
CEF 13-2
MLS 14-2
rganization xxxix
RGMP
configuring 50-30
default configuration 50-30
disabling 50-31
enabling 50-31
joining multicast group 50-4
multicast groups 50-31
multicast protocols 50-34
RGMP-capable router ports 50-32
RGMP-related router commands 50-33
RGMP statistics
displaying 50-32
statistics
clearing 50-33
VLAN statistics
displaying 50-32
RMON 16-1
enabling 47-2
overview 47-1
supported MIB objects 47-3
viewing data 47-2
ROM monitor
BOOT environment variable and 25-3, 25-4
boot process and 25-2
CLI 2-1
configuration register and 25-2
console port baud rate 25-6
root guard
disabling 7-48
enabling 7-48
multiple spanning tree 7-17
root switch
improving convergence 7-46
primary, configuring 7-45
secondary, configuring 7-46
router, multicast 50-26
Router Group Management Protocol
routing tables, multicast 13-21, 14-34
RSPAN
concepts and terminology 48-1
configuration examples 48-15
configuration guidelines 48-11
configuring
from CLI 48-12
multiple RSPAN sessions 48-17
single RSPAN session 48-15
session limits 48-5
session limits table 48-6
RSTP
port roles 7-18
port states 7-19
RSVP 51-85
disabling 51-86
DSBM election participation
disabling 51-86
enabling 51-86
enabling 51-85
PDP server configuration
deleting 51-87
policy timeout 51-88
S
sc0 (in-band) interface
jumbo frame support 4-19
VLAN assignment 11-2
sc0 and sc1 (in-band) interface
configuring 3-7
IP address, assigning 3-7
overview 3-1
scheduling
scheduling a system reset 22-10
SCP
downloading configuration files 28-7
downloading software crypto images 27-23
download procedure
example 27-24
overview 28-7
uploading configuration files 28-8
uploading software images 27-26
secure ports
disabling unicast flood blocking 38-9
enabling unicast flood blocking 38-9
secure shell encryption
configuring 20-12
security
configuring 24-1, 37-1, 38-1, 40-1, 42-1
IP permit list 37-1
passwords, configuring 39-14, 39-15
security ACL, removing VACL to VLAN mapping 15-56
Serial Control Protocol commands (table) 14-18
serial download
example PC software image download 27-31
example UNIX software image download 27-32
PC software image download procedure 27-29
preparing to download 27-28
UNIX software image download procedure 27-30
session command, MSFC and 2-4
set defaultcostmode command 7-30
set inlinepower defaultallocation command 55-17
set logging level acl command 15-59
set mls agingtime command 13-29, 14-20
set mls agingtime fast command 13-30, 14-21
set mls flow command 13-31, 14-22, 16-12
set module power up/down command 22-14
set power redundancy enable/disable command 22-12
set spantree portcost command 7-28, 7-38, 7-55
set spantree portpri command 7-29
set spantree portvlancost command 7-31
set spantree priority command 7-27, 7-37, 7-54
SFTP
downloading the software image with 27-26
uploading the software image with 27-27
shaped round robin 51-66
shortcuts, Layer 3
short keyword (note) 14-9
show cam command 14-22
show environment power command 55-19
show mls debug command 13-36, 14-31
show mls entry command 13-32, 14-9, 14-25
show mls entry ip destination command 14-25
show mls entry ip flow command 14-27
show mls entry ip source command 14-26
show mls entry ipx command 14-27
show mls ip multicast group command
displaying IP MMLS group 13-22, 14-35
show mls ip multicast interface command
displaying IP MMLS interface 13-22, 14-35
show mls ip multicast source command
displaying IP MMLS source 13-22, 14-35
show mls ip multicast statistics command
displaying IP MMLS statistics 13-22, 14-35
show mls ip multicast summary
displaying IP MMLS configuration 13-22, 14-35
show mls rp command 14-17
show mls statistics entry command 13-33, 14-30
show mls statistics protocol command 14-30
show mls statistics top talkers command 13-33
show module command 22-12, 22-14
show port inlinepower command 55-18
show port mac-address 20-4
show spantree conflicts command 7-43
Simple Network Management Protocol
single router mode redundancy
Single Spanning Tree
skewing
BPDU configuring 7-59
sl0 (SLIP) interface
configuring 3-9
overview 3-1
SLIP
caution 3-9
console port and 3-9
enabling 3-9
sl0 interface 3-4
slip attach command 3-9
slip detach command 3-9
SLIP (sl0) interface
configuring 3-9
SmartPorts 55-38
SNMP
clearing IP addresses associated with access numbers 46-15
clearing SNMP community strings 46-14
configuring SNMPv1 and SNMPv2c 46-11
configuring SNMPv3 46-16
enabling and disabling SNMP processing 46-10
ifindex persistence feature 46-5
overview 46-4
security models and levels 46-4
setting access numbers for hosts 46-14
setting multiple SNMP community strings 46-13
SNMP agents and MIBs 46-6
SNMPv1 overview 46-5
SNMPv2c overview 46-5
SNMPv3 overview 46-7
supported RMON MIB objects 47-3
terms 46-1
SNMP entity
access control subsystem 46-7
definition 46-7
dispatcher 46-7
message processing subsystem 46-7, 46-8
software images
downloading
example, multiple module 27-13, 27-20
example, single module 27-12, 27-20
example, supervisor engine 27-9, 27-18
overview 27-5
preparation 27-16
preparing for 27-7
supervisor engine 27-7, 27-16, 27-23
downloading using SCP
preparing for 27-23
downloading using SFTP 27-26
upgrading EPLD images 27-2
uploading
supervisor engine 27-15, 27-22, 27-26
uploading using SCP
preparing for 27-25
uploading using SFTP 27-27
verifying 27-35
source-destination-ip flow mask 13-12, 14-6
source-destination-vlan flow mask 13-12, 14-6
SPAN
caution 48-8
configuration guidelines 48-7
configuring from CLI 48-8
destination port 48-2
egress 48-3
hardware requirements 48-6
ingress 48-3
NMS and 48-1
overview 48-6
session 48-2
session limits 48-5
session limits table 48-6
source port 48-2
traffic 48-4
spanning tree
warnings, executing 20-23
Spanning Tree Protocol
speed
10/100 Ethernet port, setting 4-6
SRM
configuration guidelines 23-44
configuring on Supervisor Engine 1 and Supervisor Engine 2 23-45
configuring on Supervisor Engine 720 23-45
getting out of SRM 23-49
hardware and software requirements 23-43
upgrading images with SRM enabled 23-48
SRR 51-66
SSH 20-12
SSH keyboard interactive 20-13
interoperability 7-19
standby supervisor engine
See redundant supervisor engine
See supervisor engine, redundant
startup tasks
booting from Melody Compact Flash 3-5
booting the MSFC 3-4
static routes
CIDR and 22-8
configuring 22-8
VLSM and 22-8
statistics
BPDU skewing 7-59
bridged flow 16-3
statistics, PFC2 13-11
STP
BPDUs and 7-3
bridge ID priority, understanding 7-15
forward delay timer 7-49
hello time 7-49
IEEE, overview 7-2
MAC address allocation 7-14
MAC address reduction 7-15
enabling 11-7
maximum age timer 7-49
port states 7-6
timers
strict-priority queue
See QoS
supervisor engine
BOOT environment variables
displaying 25-12
boot image 23-3
configuration register
boot field, setting 25-6
ignore NVRAM, setting 25-9
overview 25-2
ROM monitor baud rate, setting 25-6
setting 25-10
console port
ROM monitor baud rate 25-6
SLIP and 3-9
default boot configuration 25-5
default configuration 3-6
default gateways 3-8
downloading software images 27-7, 27-16, 27-23
Flash file system
IP address, setting 3-7
management interfaces
overview 3-1
sc0 and sc1 (in-band), configuring 3-7
sl0 (SLIP), configuring 3-9
preparing to configure 3-4
redundant
configuration guidelines 23-5
Flash synchronization 23-4, 23-15
forcing switchover to standby 23-6
overview 23-2
slot assignment 23-2
understanding 23-2
verifying status 23-5
ROM monitor 25-2
sc0 and sc1 (in-band) interface 3-7
sl0 (SLIP) interface 3-9
software images
downloading 27-7, 27-16, 27-23
startup, specifying 25-1
startup configuration 25-1
static routes 22-8
switchover 23-6
uploading software images 27-15, 27-22, 27-26
Supervisor Engine 1
environmental monitoring 22-14
supplicant
automatic reauthentication 40-17
manual reauthentication 40-18
switch administration
modules, checking status 20-2
ports, checking status 20-3
switch boot process 25-2
switch CLI
accessing 2-2
help 2-8
history substitution 2-7
IP addresses, designating 2-6
IP aliases, designating 2-6
MAC addresses, designating 2-6
modules, designating 2-5
operating 2-5
overview 2-2
ports, designating 2-5
VLANs, designating 2-5
switch console command, MSFC and 2-3
Switched Port Analyzer
switch fabric module
configuring and monitoring 54-4
external switch fabric module 54-2
fabric module counters 54-7
forwarding modes 54-3
integrated 720-Gbps switch fabric 54-2
LCD banner 54-12
overview 54-1
slot locations 54-3
switching address table 4-2
switching modules
switch management interfaces
See supervisor engine, management interfaces
switchover
See supervisor engine, switchover
switch TopN reports
background execution 49-2
foreground execution 49-2
metric values (table) 49-2
overview 49-1
running 49-3
viewing 49-3
syslog
buffer size, setting 29-7
configuration, displaying 29-9
configuring 29-5
daemon, configuring 29-8
default configuration 29-4
limiting the number of syslog messages 29-7
logging levels, setting 29-6
message format 29-3
message log, displaying 29-11
overview 29-1
session settings, setting 29-5
system syslog dump, enabling and disabling 29-11
system syslog dump, specifying the device and filename 29-12
time stamp, changing enable state 29-7
syslog dump, enabling and disabling 29-11
system
monitoring 20-19
system clock, setting 22-4
system contact, setting 22-3
system image
switch
downloading using SCP 27-23
startup, specifying 25-1
system location, setting 22-3
system message logging
buffer size, setting 29-7
configuration, displaying 29-9
configuring 29-5
console session logging
disabling 29-5
enabling 29-5
daemon, configuring 29-8
default configuration 29-4
definitions
elements (table) 29-3
severity level (table) 29-3
displaying system messages 29-9
logging levels, setting 29-6
message format 29-3
message log, displaying 29-11
overview 29-1
server, configuring 29-8
session settings, setting 29-5
syslog daemon, configuring 29-8
syslog server
configuring 29-8
deleting 29-9
disabling logging 29-9
Telnet session logging
disabling 29-5
enabling 29-5
time stamp, changing enable state 29-7
system name
clearing 22-3
configuring
static system name 22-2
static system prompt 22-3
overview 22-2
system prompt
configuring 22-3
overview 22-2
system reset
scheduling 22-10
absolute date and time 22-10
within a specific timeframe 22-11
system status report 22-16
system syslog dump, enabling and disabling 29-11
system warnings
executing 20-20
hardware level 20-23
using 20-19
T
TACACS+ accounting
configuration guidelines 39-55
creating records 39-53
disabling 39-57
enabling 39-56
events 39-52
example configuration 39-58
overview 39-52
suppressing 39-54
updating the server 39-54
TACACS+ authentication
clearing servers 39-24
command authorization 39-45
command authorization overview 39-45
configuration guidelines 39-11, 39-47, 40-12
default configuration 39-10, 39-46, 40-11, 42-8
directed request, enabling and disabling 39-19, 39-23
example configuration 39-43, 39-51
key, clearing 39-24
key, specifying 39-21
login attempts allowed 39-22
primary options and fallback options 39-45
servers, clearing 39-24
servers, specifying 39-19
timeout interval 39-22
TACACS+ authorization overview 39-44
TCP intercept with PFC 15-11
TCP intercept with PFC II 15-15
TCP QoS features
TDR
checking cable connectivity 20-11
enabling and disabling test 20-11
guidelines 20-11
Telnet
executing 20-12
limit login attempts
authentication 39-2
configure authentication 39-11
configure TACACS+ 39-21, 39-22
local authentication 39-13
privileged mode 39-12
TACACS+ 39-4
system message logging settings 29-6
user sessions
disconnecting 20-14
monitoring 20-14
Telnet, accessing MSFC 2-4
Terminal Access Controller Access Control System Plus
text file configuration mode
auto-save option 26-3
setting the configuration mode 26-2
TFTP
downloading configuration files 28-3
downloading software images
example, multiple module 27-13, 27-20
example, single module 27-12
example, supervisor engine 27-9, 27-18
uploading configuration files 28-5, 28-6
uploading software images 27-15, 27-22
thresholds
time, setting 22-4
Time Domain Reflectometer
timers, configuring
forward delay 7-49
hello time 7-49
maximum aging time 7-49
time zone
clearing 34-7
setting 34-5
token bucket 51-24
Token Ring
See VLANs, Token Ring 11-31
TopN reports
ToS
traceroute
traceroute command 4-21
traffic, handling
fragmented 15-6
unfragmented 15-6
transceivers, monitoring
See Digital Optical Monitoring
transmit queues
TrBRF
TrCRF
Trivial File Transfer Protocol
troubleshooting
system message logging and 29-1
VMPS 19-9
trunks
802.1Q
configuring 5-7
negotiating 5-8
restrictions 5-4
tagging native VLAN traffic 5-11
allowed VLANs 5-8
autonegotiation 5-2
configuring
802.1Q trunk 5-7
ISL/802.1Q negotiating trunk port 5-8
ISL trunk 5-6
default configuration 5-5
defining allowed VLANs 5-8
disabling 5-9
encapsulation types
descriptions (table) 5-3
example configurations
802.1Q 5-18
load sharing 5-22
ISL
over EtherChannel link 5-15
trunk configuration 5-14
load-sharing traffic 5-22
modes (table) 5-2
overview 5-1
parallel configuration 5-27
possible configurations (table) 5-3
VLAN 1, disabling 5-28
VLANs, allowed 5-8
trust-dscp
trusted boundary, configuring 55-33
trust-ipprec
tunneling
U
UDLD
default configuration 32-2
disabling
globally 32-4
on ports 32-4
displaying configuration 32-5
enabling
globally 32-3
on ports 32-3
overview 32-1
specify the message interval 32-4
UDP QoS features
unauthorized ports with 802.1X 40-4
unicast flood blocking
blocking MAC addresses 45-1
guidelines for 45-2
disabling 45-3
disabling on a secure port 38-9
displaying 45-3
enabling 45-2
enabling on a secure port 38-9
unicast suppression 35-2
UniDirectional Link Detection Protocol
untrusted
UplinkFast 9-3
disabling 9-17
enabling 9-16
figure 9-4
MISTP mode 9-15
multiple spanning tree 7-17
PVST+ mode 9-15
uploading
configuration files
running configuration 28-6, 28-8
TFTP 28-6
software images
preparing for 27-25
supervisor engine 27-15, 27-22, 27-26
user EXEC mode 2-9
user sessions
disconnecting 20-14
monitoring 20-14
V
VACLs 15-4
ACEs
overview 15-5
applying on
bridged packets 15-7
multicast packets 15-8
routed packets 15-8
capturing traffic flows 15-57
common uses for 15-25
configuration
figure 15-26
guidelines 15-45
summary 15-46
configuration guidelines 15-45
configuring 15-44
configuring counters 15-81
configuring for policy-based forwarding 15-90
configuring on private VLANs 15-43
denying access to a server on another VLAN
procedure 15-29
features unsupported 15-44
hardware requirements 15-2
inspecting ARP traffic 15-30
Layer 2 parameters 15-5
Layer 3 parameters 15-5
Layer 4 parameters 15-5
Layer 4 port operations 15-23
logging messages 15-59
overview 15-2
redirecting broadcast traffic to a specific server port
figure 15-27
procedure 15-27
restricting ARP traffic 15-29
restricting the DHCP response for a specific server
figure 15-28
procedure 15-28
storing in Flash memory 15-64
supported features 15-5
types and ACE parameters 15-5
types and parameters 15-5
with IOS ACLs 15-17
virtual LAN
VLAN Access Control Lists
VLAN-based SPAN
VLAN filtering
trunk 48-4
VLAN Management Policy Server
VLAN mapping 11-14
VLANs
allowed on trunk 5-8
configuring for use with the Firewall Services Module 11-37
configuring VLAN mapping 11-14
default configuration 11-3
deleting 11-13
designating on command-line 2-5
Ethernet 11-5
FDDI 11-30
in-band (sc0) interface assignment 11-2
internet
assigning ports to 11-10
mapping 802.1Q to ISL 11-9
ports, assigning to 11-10
IP subnetworks and 11-2
mapping 802.1Q to ISL 11-9
MISTP VLAN conflicts
native
802.1Q and 5-4
port provisioning verification 11-12
private
protocol filtering and 36-1
reserved range 11-2
sc0 (in-band) interface assignment 11-2
Token Ring 11-31
trunks
VTP domain and 11-1
VLAN Trunking Protocol
VLSM
static routes and 22-8
VMPS
administering 19-6
configuration file
backing up 19-8
configuring 19-5
database
creating 19-4
downloading 19-7
example configuration file 19-10
default configuration 19-2
disabling 19-5
dynamic port membership
configuring 19-5
example 19-12
overview 19-1
reconfirming 19-7
troubleshooting 19-10
error messages (table) 19-9
example configurations
database configuration file 19-10
dynamic port VLAN membership 19-12
monitoring 19-6
overview 19-1
reconfirming membership 19-7
troubleshooting 19-9
voice-over-IP network
analog station gateway, 24-port FXS analog interface module 55-5
analog trunk gateway, description 55-6
auxiliary VLANs, configuring 55-20
CDP 55-10
Cisco CallManager 55-5
Cisco IP Phone 7960 55-2
CLI commands 55-10
configuring access gateways 55-23
converged voice gateway, Cisco VG200 55-7
digital trunk gateway, 8-port T1/E1 PSTN interface module 55-6
display active call information 55-29
extended trust for CDP devices (trusted boundary feature) 55-33
how a call is made 55-8
overview 55-1
QoS, configuring 55-31
SmartPorts 55-38
Cisco IP Phone, overview 55-39
Cisco SoftPhone, overview 55-39
CLI interface 55-41
enhancements in software release 8.4(1) 55-44
guidelines and restrictions 55-40
how to use 55-43
macro statements 55-42
software and hardware requirements 55-1
VLAN overview 55-8
VSPAN 48-3
VTP
"off" mode, configuring 10-8
advertisements 10-3
caution 10-6
client, configuring 10-7
configuration guidelines 10-5
configuring
client 10-7
server 10-6
default configuration 10-5
disabling 10-8
domains 10-2
modes
client 10-2
off 10-3
server 10-2
transparent 10-3
monitoring 10-12
overview 10-1
pruning
configuring 10-10
disabling 10-12
figure 10-4
overview 10-4
server, configuring 10-6
statistics 10-12
transparent mode, configuring 10-8
version 2
disabling 10-10
enabling 10-9
overview 10-3
version 3
changing modes 10-23
configuring 10-22
configuring passwords 10-26
configuring transparent mode 10-25
configuring version 3 takeover 10-27
configuring VTP client 10-24
configuring VTP server 10-23
default configuration 10-21
disabling 10-25
disabling per port 10-28
enabling 10-22
naming extended range VLANs 11-3, 11-7
show commands 10-29
understanding 10-12
with private VLANs 11-22
VLANs and 11-1
VTP pruning
configuring 10-10
disabling 10-12
overview 10-4
W
web-based proxy authentication
access control
PBACLs 42-5
authentication server
defined 42-3
RADIUS server 42-3
configuring
ACL for ACE 42-9
maximum login attempts allowed 42-13
quiet period 42-12
session timeout period 42-12
URL for Login Fail page 42-12
URL for Login page 42-11
defined 42-2
defining
host 42-3
NAD 42-3
supplicant 42-3
switch 42-3
device roles 42-2
disabling
globally 42-10
on a port 42-10
displaying
current state 42-13
per-port information 42-14
RADIUS assigned value 42-13
summary of information 42-13
enabling
globally 42-10
on a port 42-10
global
disabling 42-10
enabling 42-10
high availability 42-6
host detection 42-4
host state
authenticated 42-6
authenticating 42-6
authentication fail 42-7
connecting 42-6
Held 42-7
initialize 42-6
session-timeout 42-6
HTTP traffic interception 42-4
idefault configuration 42-8
initializing 42-11
initiation and message exchange 42-3
interaction with other features
802.1X 42-7
Auth-Fail VLAN 42-8
DAI 42-7
DHCP snooping 42-7
guest VLAN 42-8
IPSG 42-7
MAC-autthentication bypass 42-7
NAC 42-8
port security 42-8
VVID 42-8
multiple hosts per port 42-6
overview 42-2
supported HTML pages 42-5
Login Fail page, defined 42-6
Login page, defined 42-5
Success page, defined 42-6
Web Cache Coordination Protocol
web caches
weighted round robin 51-66
WRED 51-64
write tech support 22-16
WRR 51-66
X
XENPAK
See Digital Optical Monitoring
Xmodem software download 27-33
Y
Ymodem software download 27-33