-
Catalyst 6500 Release 12.2SXH and Later Software Configuration Guide
-
Index
-
Preface
-
Product Overview
- Configuration Fundamentals
-
Configuring Virtual Switching Systems
- High Availability
- Interface and Hardware Components
-
LAN Switching
-
Configuring LAN Ports for Layer 2 Switching
-
Configuring Flex Links
-
Configuring EtherChannels
-
Configuring VTP
-
Configuring VLANs
-
Configuring Private VLANs
-
Configuring Private Hosts
-
Configuring IEEE 802.1Q Tunneling
-
Configuring Layer 2 Protocol Tunneling
-
Configuring STP and MST
-
Configuring Optional STP Features
-
- IP Routing Protocols
- Multiprotocol Label Switching
- IP Switching
- IP Application Services
- IPv6
- IP Multicast
- Quality of Service
-
Security
-
Configuring Network Security
-
Using AutoSecure
-
Understanding Cisco IOS ACL Support
-
Configuring Port ACLs and VLAN ACLs
-
Configuring Denial of Service Protection
-
Configuring Control Plane Policing (CoPP)
-
Configuring DHCP Snooping
-
Configuring IP Source Guard
-
Configuring Dynamic ARP Inspection
-
Configuring Traffic Storm Control
-
Configuring Unknown Unicast and Multicast Flood Control
-
Configuring Network Admission Control
-
Configuring IEEE 802.1X Port-Based Authentication
-
Configuring Web-Based Authentication
-
Configuring Port Security
-
- NetFlow
- Network Management
-
Online Diagnostic Tests
-
Acronyms
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
Numerics
4K VLANs (support for 4,096 VLANs) 18-2
802.10 SAID (default) 18-6
802.1Q
encapsulation 14-4
Layer 2 protocol tunneling
See Layer 2 protocol tunneling
mapping to ISL VLANs 18-13, 18-16
trunks 14-3
restrictions 14-6
tunneling
configuration guidelines 21-3
configuring tunnel ports 21-6
overview 21-1
802.1Q Ethertype
specifying custom 14-18
802.1X
802.1x accounting 53-42
802.3ad
802.3x Flow Control 9-13
A
AAA 41-1, 42-1, 43-1, 45-1, 46-1
AAA (authentication, authorization, and accounting). See also port-based authentication. 53-2, 54-2
aaa accounting dot1x command 53-43
aaa accounting system command 53-43
abbreviating commands 2-5
access control entries and lists 41-1, 42-1, 43-1, 45-1, 46-1
access-enable host timeout (not supported) 43-2
access lists
using with WCCP 29-11
access port, configuring 14-16
accounting
with 802.1x 53-42
with IEEE 802.1x 53-12
ACEs and ACLs 41-1, 42-1, 43-1, 45-1
ACLs
downloadable 54-7
downloadable (dACLs) 53-19
Filter-ID 53-20
per-user 53-20
port
defined 44-2
redirect URL 53-21
static sharing 53-21
advertisements, VTP 17-3
aggregate policing
aging time
accelerated
for MSTP 23-47
maximum
for MSTP 23-48
aging-time
IP MLS 56-8
alarms
major 11-12
minor 11-12
Allow DHCP Option 82 on Untrusted Port
configuring 47-10
understanding 47-3
any transport over MPLS (AToM) 27-13
compatibility with previous releases of AToM 27-15
Ethernet over MPLS 27-16
ARP ACL 37-69
ARP spoofing 49-1
AToM 27-13
audience 1-xxxvii
Authentication, Authorization, and Accounting
Authentication, Authorization, and Accounting (AAA) 45-1, 46-1
authentication control-direction command 53-54
authentication event command 53-44
authentication failed VLAN
authentication open comand 53-11
authentication password, VTP 17-4
authentication periodic command 53-37, 53-51
authentication port-control command 53-44
authentication timer reauthenticate command 53-37
authorized ports with 802.1X 53-8
automatic QoS
configuration guidelines and restrictions 38-3
macros 38-3
overview 38-1
AutoQoS 38-1
auto-sync command 7-4
auxiliary VLAN
B
BackboneFast
backup interfaces
binding database, DHCP snooping
See DHCP snooping binding database
binding table, DHCP snooping
See DHCP snooping binding database
blocking floods 51-1
blocking state, STP 23-7
BPDU
RSTP format 23-16
BPDU guard
BPDUs
Bridge Assurance 24-3
Shared Spanning Tree Protocol (SSTP) 24-12
Bridge Assurance
inconsistent state 24-3
supported protocols and link types 24-3
bridge groups 25-2
bridge ID
bridge priority, STP 23-35
bridge protocol data units
bridging 25-2
broadcast storms
C
cache engine clusters 29-1
cache engines 29-1
cache farms
Call Home
description 61-2
message format options 61-2
messages
format options 61-2
call home 61-1
alert groups 61-6
configuring e-mail options 61-9
contact information 61-4
default settings 61-17
destination profiles 61-5
displaying information 61-13
mail-server priority 61-10
pattern matching 61-9
periodic notification 61-8
rate limit messages 61-9
severity threshold 61-8
smart call home feature 61-2
SMTP server 61-9
testing communications 61-10
call home alert groups
configuring 61-6
description 61-6
subscribing 61-7
call home contacts
assigning information 61-4
call home destination profiles
attributes 61-5
configuring 61-5
description 61-5
displaying 61-16
call home notifications
full-txt format for syslog 61-28
XML format for syslog 61-28
CDP
host presence detection 53-10, 55-3
to configure Cisco phones 13-2
CEF 28-1
configuring
RP 28-5
supervisor engine 28-5
examples 28-3
Layer 3 switching 28-2
packet rewrite 28-2
CEF for PFC2
certificate authority (CA) 61-3
CGMP 33-8
disabling automatic detection 33-13
channel-group group
Cisco Cache Engines 29-2
Cisco Discovery Protocol
Cisco Emergency Responder 13-6
Cisco Express Forwarding 27-3
Cisco Group Management Protocol
Cisco IOS Unicast Reverse Path Forwarding 41-2
CIST regional root
CIST root
class command 37-73
class-map command 37-65
class map configuration 37-70
clear authentication sessions command 53-39
clear counters command 9-17
clear dot1x command 53-39
clear interface command 9-18
clear mls ip multicast statistics command
clears IP MMLS statistics 32-27
CLI
accessing 2-2
backing out one level 2-5
console configuration mode 2-5
getting list of commands 2-5
global configuration mode 2-5
history substitution 2-4
interface configuration mode 2-5
privileged EXEC mode 2-5
ROM monitor 2-7
software basics 2-4
command line processing 2-3
commands, getting list of 2-5
Committed Access Rate (CAR), not supported 37-2
community ports 19-3
Concurrent routing and bridging (CRB) 25-2
configuration example
EoMPLS VLAN mode 27-17
configure terminal command 9-2
configuring 37-72
console configuration mode 2-5
contact information
assigning for call home 61-4
control plane policing
CoPP 46-1
applying QoS service policy to control plane 46-3
configuring
ACLs to match traffic 46-3
enabling MLS QoS 46-3
packet classification criteria 46-3
service-policy map 46-3
control plane configuration mode
entering 46-3
displaying
dynamic information 46-4
number of conforming bytes and packets 46-4
rate information 46-4
entering control plane configuration mode 46-3
monitoring statistics 46-4
overview 46-1
packet classification guidelines 46-4
traffic classification
defining 46-5
guidelines 46-6
overview 46-5
sample ACLs 46-7
sample classes 46-5
CoS
counters
critical authentication 53-4
critical authentication, IEEE 802.1x 53-47
CSCtc21076 43-8
D
dACL
See ACLs, downloadable 53-19
debug commands
IP MMLS 32-27
DEC spanning-tree protocol 25-2
default configuration
dynamic ARP inspection 49-5
Flex Links 15-2
IP MMLS 32-8
MSTP 23-39
MVR 33-19
UDLD 10-3
voice VLAN 13-6
VTP 17-8
default NDE configuration 57-10
default VLAN 14-12
deficit weighted round robin 37-107
denial of service protection
description command 9-15
destination-ip flow mask 56-3
destination-source-ip flow mask 56-3
device IDs
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 47-5
overview 47-3
packet format, suboption
circuit ID 47-5
remote ID 47-5
remote ID suboption 47-5
DHCP option 82 allow on untrusted port 47-10
DHCP snooping
802.1X data insertion 53-11
binding database
See DHCP snooping binding database
configuration guidelines 47-6
configuring 47-9
default configuration 47-6
detecting spurious servers 47-13
displaying binding tables 47-18
enabling 47-9, 47-10, 47-11, 47-12, 47-13
enabling the database agent 47-14
message exchange process 47-4
option 82 data insertion 47-3
overview 47-1
Snooping database agent 47-5
DHCP snooping binding database
described 47-3
entries 47-3
DHCP snooping binding table
See DHCP snooping binding database
DHCP Snooping Database Agent
adding to the database (example) 47-17
enabling (example) 47-15
overview 47-5
reading from a TFTP file (example) 47-16
DHCP snooping increased bindings limit 47-7, 47-14
differentiated services codepoint
DiffServ
configuring short pipe mode 39-34
configuring uniform mode 39-39
short pipe mode 39-31
uniform mode 39-32
DiffServ tunneling modes 39-4
Disabling PIM Snooping Designated Router Flooding 35-6
distributed Cisco Express Forwarding
distributed egress SPAN 58-5, 58-17
documentation, related 1-xxxvii
DoS protection
monitoring packet drop statistics
using monitor session commands 45-15
using VACL capture 45-16
Supervisor Engine 2
configuration guidelines and restrictions 45-13
Supervisor Engine 720
default configurations 45-13
egress ACL bridget packet rate limiters 45-7
FIB glean rate limiters 45-9
FIB receive rate limiters 45-8
ICMP redirect rate limiters 45-9
IGMP unreachable rate limiters 45-8
ingress ACL bridget packet rate limiters 45-7
IP errors rate limiters 45-11
IPv4 multicast rate limiters 45-11
IPv6 multicast rate limiters 45-12
Layer 2 PDU rate limiters 45-10
Layer 2 protocol tunneling rate limiters 45-10
MTU failure rate limiters 45-10
multicast directyly connected rate limiters 45-11
multicast FIB miss rate limiters 45-11
multicast IGMP snooping rate limiters 45-10
network under SYN attack 45-5
QoS ACLs 45-3
security ACLs 45-2
TCP intercept 45-5
traffic storm control 45-4
TTL failure rate limiter 45-8
uRPF check 45-4
uRPF failure rate limiters 45-8
VACL log rate limiters 45-10
Supervisor Engine 720Layer 3 security features rate limiters 45-9
understanding how it works 45-2
dot1x auth-fail max-attempts command 53-46
dot1x critical command 53-49
dot1x initialize interface command 53-38
dot1x mac-auth-bypass command 53-50
dot1x max-reauth-req command 53-42
dot1x max-req command 53-41
dot1x pae authenticator command 53-31
dot1x port-control command 53-44
dot1x re-authenticate interface command 53-38
dot1x reauthentication command 53-37
dot1x timeout quiet-period command 53-40
dot1x timeout reauth-period command 53-37
DSCP
DSCP-based queue mapping 37-98
duplex mode
autonegotiation status 9-9
configuring interface 9-7
DWRR 37-107
dynamic ARP inspection
ARP cache poisoning 49-2
ARP requests, described 49-2
ARP spoofing attack 49-2
clearing
log buffer 49-15
statistics 49-15
configuration guidelines 49-6
configuring
logging system messages 49-13
rate limit for incoming ARP packets 49-4, 49-9
default configuration 49-5
denial-of-service attacks, preventing 49-9
described 49-1
DHCP snooping binding database 49-3
displaying
ARP ACLs 49-14
configuration and operating state 49-15
log buffer 49-15
statistics 49-15
trust state and rate limit 49-15
error-disabled state for exceeding rate limit 49-4
function of 49-2
interface trust states 49-3
log buffer
clearing 49-15
displaying 49-15
logging of dropped packets, described 49-5
logging system messages
configuring 49-13
man-in-the middle attack, described 49-2
network security issues and interface trust states 49-3
priority of ARP ACLs and DHCP snooping entries 49-4
rate limiting of ARP packets
configuring 49-9
described 49-4
error-disabled state 49-4
statistics
clearing 49-15
displaying 49-15
validation checks, performing 49-11
Dynamic Host Configuration Protocol snooping
E
EAPOL. See also port-based authentication. 53-1
eFSU
for a virtual switching system 4-52
eFSU, See Enhanced Fast Software Upgrade (eFSU)
eFSU. See enhanced Fast Software Upgrade (eFSU)
Egress ACL support for remarked DSCP 37-13
egress ACL support for remarked DSCP 37-61
egress replication performance improvement 32-14
egress SPAN 58-5
e-mail addresses
assigning for call home 61-4
e-mail notifications
Call Home 61-2
enable mode 2-5
enable sticky secure MAC address 55-9
enabling
IP MMLS
on router interfaces 32-12
encapsulation 14-4
enhanced Fast Software Upgrade (eFSU)
aborting (issu abortversion command) 5-14
accepting the new software version 5-12
commiting the new software to standby RP (issu commitversion command) 5-12
displaying maximum outage time for module 5-10
error handling 5-3
forcing a switchover (issu runversion command) 5-10
issu loadversion command 5-8
loading new software onto standby RP 5-8
memory reservation on module 5-3
memory reservation on module, prohibiting 5-3
OIR not supported 5-4
operation 5-2
outage times 5-3
performing 5-4
steps 5-5
usage guidelines and limitations 5-4
verifying redundancy mode 5-6
environmental monitoring
LED indications 11-12
SNMP traps 11-12
supervisor engine and switching modules 11-12
Syslog messages 11-12
using CLI commands 11-10
EOBC
for MAC address table synchronization 14-3
EoMPLS 27-14
configuring 27-16
configuring VLAN mode 27-16
guidelines and restrictions 27-14
port mode 27-16
port mode configuration guidelines 27-19
VLAN mode 27-16
ERSPAN 58-1
EtherChannel
channel-group group
configuration guidelines 4-26, 16-6
configuring
Layer 2 16-8
configuring (tasks) 4-26, 16-7
DFC restriction, see CSCdt27074 in the Release Notes
interface port-channel
command example 16-8
interface port-channel (command) 16-8
lacp system-priority
command example 16-11
Layer 2
configuring 16-8
load balancing
configuring 16-11
understanding 16-5
modes 16-3
PAgP
understanding 16-3
port-channel interfaces 16-5
port-channel load-balance
command example 16-12
STP 16-5
switchport trunk encapsulation dot1q 16-6
EtherChannel Guard
Ethernet
setting port duplex 9-14
Ethernet over MPLS (EoMPLS) configuration
EoMPLS port mode 27-20
EoMPLS VLAN mode 27-17
EXP mutation 39-4
extended range VLANs 18-2
extended system ID
MSTP 23-41
Extensible Authentication Protocol over LAN. See EAPOL.
F
fabric switching mode
fabric switching-mode allow dcef-only command on Supervisor Engine 720 6-2
fabric switchover 6-9
fall-back bridging 25-2
fastethernet 9-2
fast fabric switchover 6-9
fast link notification
on VSL failure 4-11
fiber-optic, detecting unidirectional links 10-1
FIB TCAM 27-3
filters, NDE
destination host filter, specifying 57-17
destination TCP/UDP port, specifying 57-16
protocol 57-17
source host and destination TCP/UDP port 57-16
Flex Links 15-1
configuration guidelines 15-2
configuring 15-3
default configuration 15-2
description 15-1
monitoring 15-3
flood blocking 51-1
flow control 9-13
flow masks
IP MLS
destination-ip 56-3
destination-source-ip 56-3
ip-full 56-3
minimum 56-8
flows
IP MMLS
completely and partially switched 32-4
forward-delay time
MSTP 23-47
forward-delay time, STP 23-36
frame distribution
See EtherChannel load balancing
FSU
for a virtual switching system 4-52
G
global configuration mode 2-5
guest VLAN and 802.1x 53-15
guidelines 20-5
H
hardware Layer 3 switching
guidelines 28-4
hello time
MSTP 23-46
hello time, STP 23-35
High Capacity Power Supply Support 11-4
history
CLI 2-4
host mode
host ports
kinds of 19-3
host presence CDP message 13-3, 53-10
host presence TLV message 55-3
http
//www-tac.cisco.com/Teams/ks/c3/xmlkwery.php?srId=612293409 16-6
I
ICMP unreachable messages 43-3
IDs
serial IDs 61-25
IEEE 802.10 SAID (default) 18-6
IEEE 802.1Q
IEEE 802.1Q Ethertype
specifying custom 14-18
IEEE 802.1Q Tagging on a Per-Port Basis 21-7
IEEE 802.1w
IEEE 802.1x
authentication failed VLAN 53-15
critical ports 53-16
DHCP snooping 53-11
guest VLAN 53-15
MAC authentication bypass 53-22
network admission control Layer 2 validation 53-23
port security interoperability 53-18
RADIUS-supplied session timeout 53-37
voice VLAN 53-18
wake-on-LAN support 53-24
IEEE 802.3ad
IEEE 802.3x Flow Control 9-13
IEEE bridging protocol 25-2
IGMP
configuration guidelines 31-8, 33-7
enabling 33-10
Internet Group Management Protocol 33-1
join messages 33-2
leave processing
enabling 33-12
queries 33-3
query interval
configuring 33-11
snooping
fast leave 33-5
joining multicast group 33-2, 34-2
leaving multicast group 33-4, 34-4
snooping querier
enabling 33-9
IGMPv3 32-10
IGMP v3lite 32-10
ignore port trust 37-9, 37-16, 37-58, 37-74
inaccessible authentication bypass 53-16
ingress SPAN 58-5
inline power 13-4
inline-power policing and override 13-5
Integrated routing and bridging (IRB) 25-2
interface
configuration mode 2-5
Layer 2 modes 14-4
number 9-2
interface port-channel
command example 16-8
interface port-channel (command) 16-8
interfaces
configuring 9-2
configuring, duplex mode 9-7
configuring, speed 9-7
configururing, overview 9-2
descriptive name, adding 9-15
displaying information about 9-16
maintaining 9-16
monitoring 9-16
naming 9-15
range of 9-4
restarting 9-18
shutting down
task 9-18
interfaces command 9-2
interfaces range command 9-4, 60-2
interfaces range macro command 9-6
internal VLANs 18-2
Internet Group Management Protocol
IP accounting, IP MMLS and 32-9
IP CEF
topology (figure) 28-4
ip flow-export destination command 57-14
ip flow-export source command 56-12, 57-13, 57-14, 63-3, 63-4
ip-full flow mask 56-3
ip http server 1-6
IP MLS
aging-time 56-8
flow masks
destination-ip 56-3
destination-source-ip 56-3
ip-full 56-3
minimum 56-8
IP MMLS
cache, overview 32-2
configuration guideline 32-9
debug commands 32-27
default configuration 32-8
enabling
on router interfaces 32-12
flows
completely and partially switched 32-4
Layer 3 MLS cache 32-2
overview 32-2
packet rewrite 32-3
router
enabling globally 32-10
enabling on interfaces 32-12
multicast routing table, displaying 32-21
PIM, enabling 32-11
switch
statistics, clearing 32-27
unsupported features 32-9
IP multicast
IGMP snooping and 33-9
MLDv2 snooping and 31-10
IP multicast MLS
ip multicast-routing command
enabling IP multicast 32-11
IP phone
configuring 13-7
ip pim command
enabling IP PIM 32-11
IP Source Guard
configuring 48-3
configuring on private VLANs 48-4
overview 48-1
IP unnumbered 25-2
IPv4 Multicast over Point-to-Point GRE Tunnels 1-6
IPv4 Multicast VPN 36-1
IPv6 Multicast PFC3 and DFC3 Layer 3 Switching 30-1
IPv6 QoS 37-52
ip wccp version command 29-8
ISL encapsulation 14-4
ISL trunks 14-3
isolated port 19-3
J
join messages, IGMP 33-2
jumbo frames 9-10
K
keyboard shortcuts 2-3
L
label edge router 27-2
label switched path 27-16
label switch router 27-2, 27-3
LACP
system ID 16-4
Layer 2
configuring interfaces 14-6
access port 14-16
trunk 14-10
defaults 14-5
interface modes 14-4
show interfaces 9-12, 9-13, 14-7, 14-15
switching
understanding 14-1
trunks
understanding 14-3
VLAN
interface assignment 18-12
Layer 2 Interfaces
configuring 14-1
Layer 2 protocol tunneling
configuring Layer 2 tunnels 22-2
overview 22-1
Layer 2 remarking 37-15
Layer 2 Traceroute 64-1
Layer 2 traceroute
and ARP 64-2
and CDP 64-2
described 64-1
IP addresses and subnets 64-2
MAC addresses and VLANs 64-2
multicast traffic 64-2
multiple devices on a port 64-2
unicast traffic 64-1
usage guidelines 64-2
Layer 3
IP MMLS and MLS cache 32-2
Layer 3 switched packet rewrite
CEF 28-2
Layer 3 switching
CEF 28-2
Layer 4 port operations (ACLs) 43-10
leave processing, IGMP
enabling 33-12
leave processing, MLDv2
enabling 31-12
Link Failure
detecting unidirectional 23-25
link negotiation 9-8
link redundancy
Load Balancing 27-8
Local Egress Replication 32-14
logical operation unit
loop guard
LOU
description 43-11
determining maximum number of 43-11
M
MAC address-based blocking 41-1
MAC address table notification 14-8
mac-address-table synchronize command 14-3
MAC authentication bypass. See also port-based authentication. 53-22
MAC move (port security) 55-2
macros 3-1
magic packet 53-24
main-cpu command 7-4
mapping 802.1Q VLANs to ISL VLANs 18-13, 18-16
markdown
maximum aging time
MSTP 23-48
maximum aging time, STP 23-37
maximum hop count, MSTP 23-48
MEC
configuration 4-41
described 4-12
failure 4-13
port load share deferral 4-14
microflow policing rule
Mini Protocol Analyzer 65-1
Min-Links 16-13
MLD
report 31-4
MLD snooping
query interval
configuring 31-12
MLDv1 31-8
MLDv2 31-1
enabling 31-10
leave processing
enabling 31-12
queries 31-5
snooping
fast leave 31-7
joining multicast group 31-4
leaving multicast group 31-6
understanding 31-2
snooping querier
enabling 31-9
understanding 31-2
MLDv2 Snooping 31-1
MLS
configuring threshold 32-15
RP
threshold 32-15
mls aging command
configuring IP MLS 56-9
mls flow command
configuring IP MLS 56-8, 56-12, 57-12
mls ip multicast command
mls nde flow command
configuring a host and port filter 57-16
configuring a host flow filter 57-17
configuring a port filter 57-16
configuring a protocol flow filter 57-17
mls nde sender command 57-11
monitoring
Flex Links 15-3
private VLANs 19-17
aggregate label 27-2
any transport over MPLS 27-13
basic configuration 27-8
core 27-3
DiffServ Tunneling Modes 39-30
egress 27-4
experimental field 39-3
guidelines and restrictions 27-7
hardware features 27-4
ingress 27-3
IP to MPLS path 27-3
labels 27-2
Layer 2 VPN load balancing 27-8
MPLS to IP path 27-4
MPLS to MPLS path 27-3
nonaggregate lable 27-2
QoS default configuration 39-15
VPN 39-12
VPN guidelines and restrictions 27-11
mpls l2 transport route command 27-15
MPLS QoS
Classification 39-2
Class of Service 39-2
commands 39-16
configuring a class map 39-20
configuring a policy map 39-22
configuring egress EXP mutation 39-28
configuring EXP Value Maps 39-29
Differentiated Services Code Point 39-2
displaying a policy map 39-27
E-LSP 39-2
enabling QoS globally 39-18
EXP bits 39-2
features 39-3
IP Precedence 39-2
QoS Tags 39-2
queueing-only mode 39-19
MPLS QoS configuration
class map to classify MPLS packets 39-20
MPLS supported commands 27-7
MPLS VPN
limitations and restrictions 27-11
MQC 37-1
not supported
CAR 37-2
queuing 37-2
supported
policy maps 37-3
MST
interoperation with Rapid PVST+ 24-11
root bridge 24-12
MSTP
boundary ports
configuration guidelines 23-39
described 23-23
CIST, described 23-20
CIST root 23-22
configuration guidelines 23-39
configuring
forward-delay time 23-47
hello time 23-46
link type for rapid convergence 23-48
maximum aging time 23-48
maximum hop count 23-48
MST region 23-40
neighbor type 23-49
path cost 23-44
port priority 23-43
root switch 23-41
secondary root switch 23-43
switch priority 23-45
CST
defined 23-20
operations between regions 23-21
default configuration 23-39
displaying status 23-50
enabling the mode 23-40
extended system ID
effects on root switch 23-41
effects on secondary root switch 23-43
unexpected behavior 23-42
IEEE 802.1s
implementation 23-24
port role naming change 23-24
terminology 23-22
interoperability with IEEE 802.1D
described 23-26
restarting migration process 23-50
IST
defined 23-20
master 23-20
operations within a region 23-20
mapping VLANs to MST instance 23-40
MST region
CIST 23-20
configuring 23-40
described 23-19
hop-count mechanism 23-23
IST 23-20
supported spanning-tree instances 23-19
overview 23-18
root switch
configuring 23-41
effects of extended system ID 23-41
unexpected behavior 23-42
status, displaying 23-50
MTU size (default) 18-6
multiauthentication (multiauth). See also port-based authentication. 53-10
multicast
IGMP snooping and 33-9
MLDv2 snooping and 31-10
NetFlow statistics 57-10
non-RPF 32-5
PIM snooping 35-4
multicast, displaying routing table 32-21
Multicast enhancement - egress replication performance improvement 32-14
Multicast Enhancement - Replication Mode Detection 32-12
multicast flood blocking 51-1
multicast groups
multicast groups, IPv6
joining 31-4
Multicast Listener Discovery version 2
multicast multilayer switching
Multicast Replication Mode Detection enhancement 32-12
multicast RPF 32-2
multicast storms
multicast television application 33-17
multicast VLAN 33-16
Multicast VLAN Registration
multicast VLAN registration (MVR)
MVR 33-16
multichassis EtherChannel
see MEC 4-12
Multidomain Authentication (MDA). See also port-based authentication. 53-10
Multilayer MAC ACL QoS Filtering 37-66
multilayer switch feature card
multiple path RPF check 41-2
Multiple Spanning Tree
MUX-UNI Support 27-23
MUX-UNI support 27-23
MVAP (Multi-VLAN Access Port). See also port-based authentication. 53-18
MVR
and IGMPv3 33-20
configuration guidelines 33-20
configuring interfaces 33-21
default configuration 33-19
described 33-16
example application 33-17
in the switch stack 33-19
multicast television application 33-17
setting global parameters 33-20
N
NAC
agentless audit support 53-23
critical authentication 53-16, 53-47
for Layer 3 interfaces 52-2, 52-14
IEEE 802.1x authentication using a RADIUS server 53-51
IEEE 802.1x validation using RADIUS server 53-51
inaccessible authentication bypass 53-47
Layer 2 IEEE 802.1x validation 53-51
Layer 2 IEEE802.1x validation 53-23
non-responsive hosts 52-6
SSO 52-12
native VLAN 14-13
NBAR 37-1
NDE
configuration, displaying 57-17
displaying configuration 57-17
enabling 57-10
filters
destination host, specifying 57-17
destination TCP/UDP port, specifying 57-16
protocol, specifying 57-17
source host and destination TCP/UDP port, specifying 57-16
multicast 57-10
specifying
destination host filters 57-17
destination TCP/UDP port filters 57-16
protocol filters 57-17
NDE configuration, default 57-10
NDE version 8 57-3
NetFlow
table, displaying entries 28-6
Netflow Multiple Export Destinations 57-14
NetFlow search engine 32-6
NetFlow version 9 57-3
Network Admission Control
Network Admission Control (NAC) 52-1
network admission control for Layer 3 interfaces 52-2, 52-14
Network-Based Application Recognition 37-1
network ports
Bridge Assurance 24-3
description 24-2
non-RPF multicast 32-5
Nonstop Forwarding
normal-range VLANs
NSF 6-1
NSF with SSO does not support IPv6 multicast traffic. 6-1
O
OIR 9-16
online diagnostics
CompactFlash disk verification A-40
configuring 12-2
datapath verification A-6
diagnostic sanity check 12-12
egress datapath test A-9
error counter test A-4
interrupt counter test A-4
memory tests 12-12
overview 12-1
running tests 12-5
test descriptions A-1
understanding 12-1
online diagnostic tests A-1
online insertion and removal
out-f-band MAC address table synchronization
configuring 14-8
in a VSS 4-24
out of profile
P
packet burst 45-7
packet capture 65-1
packet recirculation 37-13
packet rewrite
CEF 28-2
IP MMLS and 32-3
packets
multicast 44-6
PACLs. See private hosts feature
PAgP
understanding 16-3
path cost
MSTP 23-44
PBACLs 43-3
PBF 44-14
peer inconsistent state
in PVST simulation 24-12
per-port VTP enable and disable 17-17
PFC
recirculation 27-4
PFC3 32-6
PIM, IP MMLS and 32-11
PIM snooping
designated router flooding 35-6
enabling globally 35-5
enabling in a VLAN 35-5
overview 35-4
platform cwan acl software-switched command 44-12
platform ipv4 pbr optimize tcam command 25-4
PoE
Cisco Prestandard Inline Power 13-4, 13-5
police command 37-76
policing
policing. See power management.
policy 37-65
policy-based ACLs (PBACLs) 43-3
policy-based forwarding (PBF) 44-2
policy-based routing
policy enforcement 52-7
policy map 37-72
attaching to an interface 37-79
policy-map command 37-66, 37-73
port ACLs
defined 44-2
port ACLs (PACLs) 44-1
Port Aggregation Protocol
port-based authentication
AAA authorization 53-30
accounting 53-12
configuring 53-42
authentication server
configuration guidelines 53-26, 54-7
configuring
guest VLAN 53-44
inaccessible authentication bypass 53-47
initializing authentication of a client 53-38
manual reauthentication of a client 53-38
RADIUS server parameters on the switch 53-32, 54-9
restricted VLAN 53-45
switch-to-authentication-server retransmission time 53-41
switch-to-client EAP-request frame retransmission time 53-40
switch-to-client frame-retransmission number 53-41, 53-42
switch-to-client retransmission time 53-40
user distribution 53-43
VLAN group assignment 53-43
default configuration 53-25, 54-7
described 53-1
DHCP snooping 53-11
DHCP snooping and insertion 47-4
displaying statistics 53-56, 54-15
EAPOL-start frame 53-6
EAP-request/identity frame 53-6
EAP-response/identity frame 53-6
enabling
802.1X authentication 53-30, 53-32, 54-9
periodic reauthentication 53-37
encapsulation 53-3
guest VLAN
configuration guidelines 53-15, 53-16
described 53-15
host mode 53-9
inaccessible authentication bypass
configuring 53-47
described 53-16
guidelines 53-29
initiation and message exchange 53-6
MAC authentication bypass 53-22
magic packet 53-24
method lists 53-30
modes 53-9
multiauth mode, described 53-10
multidomain authentication mode, described 53-10
multiple-hosts mode, described 53-9
ports
authorization state and dot1x port-control command 53-8
authorized and unauthorized 53-8
critical 53-16
voice VLAN 53-18
port security
and voice VLAN 53-19
described 53-18
interactions 53-19
multiple-hosts mode 53-9
pre-authentication open access 53-11, 53-34
resetting to default values 53-55
supplicant, defined 53-3
switch
RADIUS client 53-3
user distribution
configuring 53-43
described 53-14
guidelines 53-29
VLAN assignment
AAA authorization 53-30
characteristics 53-13
configuration tasks 53-14
described 53-13
VLAN group
guidelines 53-29
voice VLAN
described 53-18
PVID 53-18
VVID 53-18
wake-on-LAN, described 53-24
port-based QoS features
port channel
switchport trunk encapsulation dot1q 16-6
port-channel
port-channel load-balance
port-channel load-defer command 4-43
port-channel port load-defer command 4-43
port cost, STP 23-33
port debounce timer
disabling 9-14
displaying 9-14
enabling 9-14
PortFast
PortFast BPDU filtering
See STP PortFast BPDU filtering
port mode 27-16
port negotiation 9-8
port priority
MSTP 23-43
port priority, STP 23-31
ports
setting the debounce timer 9-14
port security
configuring 55-5
default configuration 55-3
described 55-2
displaying 55-12
enable sticky secure MAC address 55-9
sticky MAC address 55-2
violations 55-2
Port Security is supported on trunks 55-4, 55-5, 55-9, 55-10
port security MAC move 55-2
port security on PVLAN ports 55-4
Port Security with Sticky Secure MAC Addresses 55-2
power management
enabling/disabling redundancy 11-2
inline power 13-4
inline power policing 13-5, 13-6
overview 11-1
powering modules up or down 11-3
power policing 13-11
system power requirements, nine-slot chassis 11-5
pre-authentication open access. See port-based authentication.
primary links 15-1
primary VLANs 19-2
priority
private hosts 20-1
private hosts feature
configuration guidelines 20-5
configuring (detailed steps) 20-8
configuring (summary) 20-8
multicast operation 20-7
overview 20-1
port ACLs (PACLs) 20-5
port types 20-3
protocol-independent MAC ACLs 20-2
restricting traffic flow with PACLs 20-3
spoofing protection 20-7
private VLANs 19-1
across multiple switches 19-5
and SVIs 19-6
benefits of 19-2
configuration guidelines 19-7, 19-9, 19-11
configuring 19-11
host ports 19-15
pomiscuous ports 19-16
routing secondary VLAN ingress traffic 19-13
secondary VLANs with primary VLANs 19-12
VLANs as private 19-11
end station access to 19-4
IP addressing 19-4
monitoring 19-17
ports
community 19-3
configuration guidelines 19-9
isolated 19-3
promiscuous 19-3
primary VLANs 19-2
secondary VLANs 19-2
subdomains 19-2
traffic in 19-6
privileged EXEC mode 2-5
promiscuous ports 19-3
protocol tunneling
See Layer 2 protocol tunneling 22-1
pruning, VTP
PVLANs
PVRST
See Rapid-PVST 23-18
PVST
description 23-2
PVST+
description 23-12
PVST simulation
description 24-11
peer inconsistent state 24-12
root bridge 24-12
Q
QoS
auto-QoS
enabling for VoIP 38-4
IPv6 37-52
See also automatic QoS 38-1
QoS classification (definition) 37-120
QoS congestion avoidance
definition 37-121
QoS CoS
and ToS final L3 Switching Engine values 37-12
and ToS final values from L3 Switching Engine 37-12
definition 37-120
port value, configuring 37-92
QoS default configuration 37-111, 40-2
QoS DSCP
definition 37-121
internal values 37-10
maps, configuring 37-86
QoS dual transmit queue
thresholds
QoS Ethernet egress port
scheduling 37-111
scheduling, congestion avoidance, and marking 37-12
QoS Ethernet ingress port
classification, marking, scheduling, and congestion avoidance 37-6
QoS final L3 Switching Engine CoS and ToS values 37-12
QoS internal DSCP values 37-10
QoS L3 Switching Engine
classification, marking, and policing 37-9
feature summary 37-16
QoS labels (definition) 37-121
QoS mapping
CoS values to DSCP values 37-84, 37-87
DSCP markdown values 37-28, 37-88, 39-16
DSCP values to CoS values 37-89
IP precedence values to DSCP values 37-87
QoS markdown 37-20
QoS marking
definition 37-121
trusted ports 37-15
untrusted ports 37-15
QoS multilayer switch feature card 37-17
QoS out of profile 37-19
QoS policing
definition 37-121
microflow, enabling for nonrouted traffic 37-60
QoS policing rule
aggregate 37-17
creating 37-64
microflow 37-17
QoS port
QoS port-based or VLAN-based 37-60
QoS queues
transmit, allocating bandwidth between 37-107
QoS receive queue 37-8, 37-103, 37-105
drop thresholds 37-22
QoS RP
marking 37-17
QoS scheduling (definition) 37-121
QoS session-based 37-11
QoS single-receive, dual-transmit queue ports
configuring 37-98
QoS statistics data export 40-1
configuring 40-2
configuring destination host 40-7
configuring time interval 40-6, 40-8
QoS ToS
and CoS final values from L3 Switching Engine 37-12
definition 37-121
QoS traffic flow through QoS features 37-4
QoS transmit queue
QoS transmit queues 37-23, 37-100, 37-101, 37-104
QoS trust-cos
port keyword 37-14
QoS trust-dscp
port keyword 37-14
QoS trust-ipprec
port keyword 37-14
QoS untrusted port keyword 37-14
QoS VLAN-based or port-based 37-11, 37-60
queries, IGMP 33-3
queries, MLDv2 31-5
R
RADIUS 47-4
RADIUS. See also port-based authentication. 53-3
range
macro 9-6
of interfaces 9-4
rapid convergence 23-14
Rapid-PVST
enabling 23-37
overview 23-18
Rapid PVST+
interoperation with MST 24-11
Rapid Spanning Tree
Rapid Spanning Tree Protocol
receive queues
redirect URLs
described 53-21
reduced MAC address 23-2
redundancy (NSF) 6-1
configuring
BGP 6-14
CEF 6-13
EIGRP 6-19
IS-IS 6-17
OSPF 6-15
configuring multicast NSF with SSO 6-13
configuring supervisor engine 6-10
routing protocols 6-4
redundancy (RPR+) 7-1
configuring 7-4
configuring supervisor engine 7-3
displaying supervisor engine configuration 7-5
redundancy command 7-4
redundancy (SSO)
redundancy command 6-11
related documentation 1-xxxvii
Remote Authentication Dial-In User Service. See RADIUS.
Remote source-route bridging (RSRB) 25-2
Replication Mode Detection 32-12
report, MLD 31-4
reserved-range VLANs
restricted VLAN
configuring 53-45
described 53-15
using with IEEE 802.1x 53-15
rewrite, packet
CEF 28-2
IP MMLS 32-3
RHI 4-51
RIF cache monitoring 9-17
ROM monitor
CLI 2-7
root bridge
MST 24-12
PVST simulation 24-12
root bridge, STP 23-30
root guard
root switch
MSTP 23-41
route health injection
route processor redundancy
router guard 34-1
routing table, multicast 32-21
RPF
failure 32-5
multicast 32-2
non-RPF multicast 32-5
unicast 41-2
RPR+
RPR and RPR+ support IPv6 multicast traffic 7-1
RSTP
active topology 23-13
BPDU
format 23-16
processing 23-17
designated port, defined 23-13
designated switch, defined 23-13
interoperability with IEEE 802.1D
described 23-26
restarting migration process 23-50
topology changes 23-17
overview 23-13
port roles
described 23-13
synchronized 23-15
proposal-agreement handshake process 23-14
rapid convergence
described 23-14
edge ports and Port Fast 23-14
point-to-point links 23-14, 23-48
root ports 23-14
root port, defined 23-13
S
SAID 18-6
Sampled NetFlow
description 57-8
scheduling
SEA
secondary VLANs 19-2
Secure MAC Address Aging Type 55-11
security
configuring 41-1, 42-1, 43-1, 45-1, 46-1
security, port 55-2
serial IDs
description 61-25
serial interfaces
clearing 9-18
synchronous
maintaining 9-18
server IDs
description 61-25
service-policy command 37-66
service-policy input command 37-61, 37-79, 37-84, 37-86, 39-29
service-provider network, MSTP and RSTP 23-19
set power redundancy enable/disable command 11-2
shaped round robin 37-107
short pipe mode
configuring 39-34
show authentication command 53-57
show catalyst6000 chassis-mac-address command 23-3
show configuration command 9-15
show dot1x interface command 53-37
show eobc command 9-17
show hardware command 9-3
show history command 2-4
show ibc command 9-17
show interfaces command 9-2, 9-12, 9-13, 9-15, 9-17, 14-7, 14-15
clearing interface counters 9-17
displaying, interface type numbers 9-2
displaying, speed and duplex mode 9-9
show ip flow export command
displaying NDE export flow IP address and UDP port 57-15
show ip interface command
displaying IP MMLS interfaces 32-19
show ip mroute command
displaying IP multicast routing table 32-21
show ip pim interface command
displaying IP MMLS router configuration 32-19
show mab command 53-60
show mls aging command 56-9, 56-10
show mls entry command 28-6
show mls ip multicast group command
displaying IP MMLS group 32-22, 32-25
show mls ip multicast interface command
displaying IP MMLS interface 32-22, 32-25
show mls ip multicast source command
displaying IP MMLS source 32-22, 32-25
show mls ip multicast statistics command
displaying IP MMLS statistics 32-22, 32-25
show mls ip multicast summary
displaying IP MMLS configuration 32-22, 32-25
show mls nde command 57-17
displaying NDE flow IP address 57-15
show mls rp command
displaying IP MLS configuration 56-8
show module command 7-5
show platform acl software-switched command 44-12
show protocols command 9-17
show rif command 9-17
show running-config command 9-15, 9-17
show svclc rhi-routes command 4-51
show version command 9-17
show vlan group command 53-43
shutdown command 9-18
shutdown interfaces
result 9-18
slot number, description 9-2
smart call home 61-1
description 61-2
destination profile (note) 61-5
registration requirements 61-3
service contract requirements 61-3
Transport Gateway (TG) aggregation point 61-3
SMARTnet
smart call home registration 61-3
smart port macros 3-1
configuration guidelines 3-3
Smartports macros
applying global parameter values 3-14
applying macros 3-14
creating 3-13
default configuration 3-2
defined 3-2
displaying 3-16
tracing 3-4
SNMP
support and documentation 1-5
snooping
software
upgrading router 5-4
source IDs
call home event format 61-25
source-only-ip flow mask 56-3
source specific multicast with IGMPv3, IGMP v3lite, and URD 32-10
SPAN
configuration guidelines 58-7
configuring 58-13
sources 58-18, 58-20, 58-22, 58-24, 58-25, 58-27, 58-28, 58-30
VLAN filtering 58-32
CPU source 58-6, 58-18, 58-19, 58-22, 58-28
destination port support on EtherChannels 58-7, 58-21, 58-24, 58-26, 58-27, 58-31
distributed egress 58-5, 58-17
modules that disable 58-12
modules that disable for ERSPAN 58-13
input packets with don't learn option
local SPAN 58-19, 58-20, 58-21
understanding 58-7
local SPAN egress session increase 58-8, 58-18
overview 58-1
SPAN Destination Port Permit Lists 58-16
spanning-tree backbonefast
spanning-tree cost
command 23-33
command example 23-34
spanning-tree portfast
command example 24-13
spanning-tree portfast bpdu-guard
command 24-16
spanning-tree port-priority
command 23-32
spanning-tree protocol for bridging 25-2
spanning-tree uplinkfast
command 24-17
command example 24-18
spanning-tree vlan
command 23-28, 23-29, 23-30, 23-31, 24-19
command example 23-28, 23-29, 23-31
spanning-tree vlan cost
command 23-33
spanning-tree vlan forward-time
command 23-36
command example 23-36
spanning-tree vlan hello-time
command 23-36
command example 23-36
spanning-tree vlan max-age
command 23-37
command example 23-37
spanning-tree vlan port-priority
command 23-32
command example 23-33
spanning-tree vlan priority
command 23-35
command example 23-35
speed
configuring interface 9-7
speed mode
autonegotiation status 9-9
SRR 37-107
SSO for network admission control 52-12
standby links 15-1
static sharing
configuring 53-31
description 53-21
statistics
sticky ARP 45-18
sticky MAC address 55-2
Sticky secure MAC addresses 55-9, 55-10
storm control
STP
configuring 23-26
bridge priority 23-35
forward-delay time 23-36
hello time 23-35
maximum aging time 23-37
port cost 23-33
port priority 23-31
root bridge 23-30
secondary root switch 23-31
defaults 23-27
edge ports 24-2
EtherChannel 16-5
network ports 24-2
normal ports 24-2
PortFast 24-2
understanding 23-1
802.1Q Trunks 23-12
Blocking State 23-7
BPDUs 23-3
disabled state 23-11
forwarding state 23-10
learning state 23-9
listening state 23-8
overview 23-2
port states 23-5
protocol timers 23-4
root bridge election 23-4
topology 23-5
STP BackboneFast
configuring 24-18
figure
adding a switch 24-10
spanning-tree backbonefast
understanding 24-7
STP BPDU Guard
configuring 24-16
spanning-tree portfast bpdu-guard
command 24-16
understanding 24-5
STP bridge ID 23-2
STP EtherChannel guard 24-9
STP extensions
STP loop guard
configuring 24-20
overview 24-10
STP PortFast
BPDU filter
configuring 24-15
BPDU filtering 24-5
configuring 24-12
spanning-tree portfast
command example 24-13
understanding 24-2
STP port types
description 24-2
edge 24-2
network 24-2
normal 24-2
STP UplinkFast
configuring 24-17
spanning-tree uplinkfast
command 24-17
command example 24-18
understanding 24-6
subdomains, private VLAN 19-2
supervisor engine
environmental monitoring 11-10
synchronizing configurations 6-20, 7-5
supervisor engine redundancy
supervisor engines
displaying redundancy configuration 7-5
supplicant 53-3
svclc command 4-50
Switched Port Analyzer
switch fabric functionality 8-1
configuring 8-3
monitoring 8-3
switchport
configuring 14-16
example 14-15
show interfaces 9-12, 9-13, 14-7, 14-15
switchport access vlan 14-8, 14-9, 14-12, 14-16
example 14-17
switchport mode access 14-4, 14-8, 14-9, 14-16
example 14-17
switchport mode dynamic 14-11
switchport mode dynamic auto 14-4
switchport mode dynamic desirable 14-4
default 14-5
example 14-15
switchport mode trunk 14-4, 14-11
switchport nonegotiate 14-4
switchport trunk allowed vlan 14-13
switchport trunk encapsulation 14-9, 14-10
switchport trunk encapsulation dot1q 14-4
example 14-15
switchport trunk encapsulation isl 14-4
switchport trunk encapsulation negotiate 14-4
default 14-5
switchport trunk native vlan 14-13
switchport trunk pruning vlan 14-14
switch priority
MSTP 23-45
switch TopN reports
foreground execution 63-2
running 63-2
viewing 63-2
system event archive (SEA) 59-1
System Event Archive, configuring 59-1
System Hardware Capacity 11-5
T
TACACS+ 41-1, 42-1, 43-1, 45-1, 46-1
TCP Intercept 41-2
TDR
checking cable connectivity 9-19
enabling and disabling test 9-19
guidelines 9-19
Telnet
accessing CLI 2-2
Time Domain Reflectometer
TLV
host presence detection 13-3, 53-10, 55-3
traceroute, Layer 2
and ARP 64-2
and CDP 64-2
described 64-1
IP addresses and subnets 64-2
MAC addresses and VLANs 64-2
multicast traffic 64-2
multiple devices on a port 64-2
unicast traffic 64-1
usage guidelines 64-2
traffic flood blocking 51-1
traffic-storm control
command
broadcast 50-4
described 50-1
monitoring 50-6
thresholds 50-1
traffic suppression
translational bridge numbers (defaults) 18-6
transmit queues
trunks 14-3
802.1Q Restrictions 14-6
allowed VLANs 14-13
configuring 14-10
default interface configuration 14-7
default VLAN 14-12
different VTP domains 14-4
encapsulation 14-4
native VLAN 14-13
to non-DTP device 14-5
VLAN 1 minimization 14-14
trust-dscp
trusted boundary 13-9
trusted boundary (extended trust for CDP devices) 13-3
trust-ipprec
trustpoint 61-3
tunneling, 802.1Q
See 802.1Q 21-1
type length value
U
UDE 26-1
configuration 26-3
overview 26-2
UDE and UDLR 26-1
UDLD
default configuration 10-3
enabling
globally 10-3
on ports 10-4
overview 10-1
UDLR 26-1
back channel 26-1
configuration 26-6
tunnel
(example) 26-7
ARP and NHRP 26-3
UDLR (unidirectional link routing)
UMFB 51-1
unauthorized ports with 802.1X 53-8
Unicast and Multicast Flood Blocking 51-1
unicast flood blocking 51-1
unicast RPF 41-2
unicast storms
Unidirectional Ethernet
unidirectional ethernet
example of setting 26-5
UniDirectional Link Detection Protocol
uniform mode
configuring 39-39
unknown multicast flood blocking
unknown unicast flood blocking
unknown unicast flood rate-limiting
untrusted
upgrade guidelines 27-15
UplinkFast
URD 32-10
User-Based Rate Limiting 37-19, 37-76
user EXEC mode 2-5
UUFB 51-1
UUFRL 51-1
V
VACLs 44-2
configuring 44-11
examples 44-15
Layer 3 VLAN interfaces 44-14
Layer 4 port operations 43-10
logging
configuration example 44-19
configuring 44-19
restrictions 44-19
MAC address based 44-11
multicast packets 44-6
SVIs 44-14
WAN interfaces 44-2
virtual LAN
vlan
command 18-11, 18-12, 57-12, 57-13, 58-22
VLAN Access Control Lists
VLAN-based QoS filtering 37-67
VLAN-bridge spanning-tree protocol 25-2
vlan database
command 18-11, 18-12, 57-12, 57-13, 58-22
example 18-12
vlan group command 53-43
VLAN locking 18-10
vlan mapping dot1q
command example 18-17
VLAN maps
applying 44-9
VLAN mode 27-16
VLAN port provisioning verification 18-10
VLANs
allowed on trunk 14-13
configuration guidelines 18-8
configuration options
global configuration mode 18-9
VLAN database mode 18-9
configuring 18-1
configuring (tasks) 18-9
defaults 18-6
extended range 18-2
ID (default) 18-6
interface assignment 18-12
multicast 33-16
name (default) 18-6
normal range 18-2
private
reserved range 18-2
support for 4,096 VLANs 18-2
token ring 18-3
trunks
understanding 14-3
understanding 18-1
VLAN 1 minimization 14-14
VTP domain 18-3
VLAN translation
VLAN Trunking Protocol
voice VLAN
Cisco 7960 phone, port connections 13-2
configuration guidelines 13-7
configuring IP phone for data traffic
override CoS of incoming frame 13-9, 13-10
configuring ports for voice traffic in
802.1Q frames 13-8
connecting to an IP phone 13-7
default configuration 13-6
overview 13-1
voice VLAN. See also port-based authentication. 53-18
VPN
configuration example 27-12
guidelines and restrictions 27-11
VPN supported commands 27-11
VPN switching 27-9
VSS
dual-active detection
Enhanced PAgP, advantages 4-20
Enhanced PAgP, description 4-20
enhanced PAgP, description 4-43
fast-hello, advantages 4-20
fast-hello, description 4-21
IP BFD, advantages 4-20
IP BFD, description 4-21
IP BFG, configuration 4-45
VSLP fast-hello, configuration 4-46
VTP
client, configuring 17-15
configuration guidelines 17-9
default configuration 17-8
disabling 17-15
domains 17-2
VLANs 18-3
modes
client 17-3
server 17-3
transparent 17-3
monitoring 17-18
overview 17-1
per-port enable and disable 17-17
pruning
configuration 14-14
configuring 17-13
overview 17-6
server, configuring 17-15
statistics 17-18
transparent mode, configuring 17-15
version 2
enabling 17-13
overview 17-4
version 3
enabling 17-14
overview 17-5
server type, configuring 17-12
W
wake-on-LAN. See also port-based authentication. 53-24
WCCP
configuring on a router 29-2, 29-15
service groups 29-9
specifying protocol version 29-8
web-based authentication
AAA fail policy 54-4
description 54-1
web browser interface 1-6
Web Cache Communication Protocol
See WCCP 29-1
web caches
web cache services
description 29-6
web caching
weighted round robin 37-107
wireless access point
inline power 13-4
WRR 37-107
X
xconnect command 27-15