-
Catalyst 6500 Release 12.2SXH and Later Software Configuration Guide
-
Index
-
Preface
-
Product Overview
- Configuration Fundamentals
-
Configuring Virtual Switching Systems
- High Availability
- Interface and Hardware Components
-
LAN Switching
-
Configuring LAN Ports for Layer 2 Switching
-
Configuring Flex Links
-
Configuring EtherChannels
-
Configuring VTP
-
Configuring VLANs
-
Configuring Private VLANs
-
Configuring Private Hosts
-
Configuring IEEE 802.1Q Tunneling
-
Configuring Layer 2 Protocol Tunneling
-
Configuring STP and MST
-
Configuring Optional STP Features
-
- IP Routing Protocols
- Multiprotocol Label Switching
- IP Switching
- IPv6
- IP Multicast
- Quality of Service
-
Security
-
Configuring Network Security
-
Using AutoSecure
-
Understanding Cisco IOS ACL Support
-
Configuring Port ACLs and VLAN ACLs
-
Configuring Denial of Service Protection
-
Configuring Control Plane Policing (CoPP)
-
Configuring DHCP Snooping
-
Configuring IP Source Guard
-
Configuring Dynamic ARP Inspection
-
Configuring Traffic Storm Control
-
Configuring Unknown Unicast and Multicast Flood Control
-
Configuring Network Admission Control
-
Configuring IEEE 802.1X Port-Based Authentication
-
Configuring Web-Based Authentication
-
Configuring Port Security
-
- NetFlow
- Network Management
-
Online Diagnostic Tests
-
Acronyms
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
Numerics
4K VLANs (support for 4,096 VLANs) 18-2
802.10 SAID (default) 18-6
802.1Q
encapsulation 14-4
Layer 2 protocol tunneling
See Layer 2 protocol tunneling
mapping to ISL VLANs 18-13, 18-16
trunks 14-3
restrictions 14-6
tunneling
configuration guidelines 21-3
configuring tunnel ports 21-6
overview 21-1
802.1Q Ethertype
specifying custom 14-18
802.1X
802.1x accounting 52-42
802.3ad
802.3x Flow Control 9-13
A
AAA 40-1, 41-1, 42-1, 44-1, 45-1
AAA (authentication, authorization, and accounting). See also port-based authentication. 52-2, 53-2
aaa accounting dot1x command 52-43
aaa accounting system command 52-43
abbreviating commands 2-5
access control entries and lists 40-1, 41-1, 42-1, 44-1, 45-1
access-enable host timeout (not supported) 42-2
access port, configuring 14-16
accounting
with 802.1x 52-42
with IEEE 802.1x 52-12
ACEs and ACLs 40-1, 41-1, 42-1, 44-1
ACLs
downloadable 53-7
downloadable (dACLs) 52-19
Filter-ID 52-20
per-user 52-20
port
defined 43-2
redirect URL 52-21
static sharing 52-21
advertisements, VTP 17-3
aggregate policing
aging time
accelerated
for MSTP 23-47
maximum
for MSTP 23-48
aging-time
IP MLS 55-8
alarms
major 11-12
minor 11-12
Allow DHCP Option 82 on Untrusted Port
configuring 46-10
understanding 46-3
any transport over MPLS (AToM) 27-13
compatibility with previous releases of AToM 27-15
Ethernet over MPLS 27-16
ARP ACL 36-69
ARP spoofing 48-1
AToM 27-13
audience 1-xxxvii
Authentication, Authorization, and Accounting
Authentication, Authorization, and Accounting (AAA) 44-1, 45-1
authentication control-direction command 52-54
authentication event command 52-44
authentication failed VLAN
authentication open comand 52-11
authentication password, VTP 17-4
authentication periodic command 52-37, 52-51
authentication port-control command 52-44
authentication timer reauthenticate command 52-37
authorized ports with 802.1X 52-8
automatic QoS
configuration guidelines and restrictions 37-3
macros 37-3
overview 37-1
AutoQoS 37-1
auto-sync command 7-4
auxiliary VLAN
B
BackboneFast
backup interfaces
binding database, DHCP snooping
See DHCP snooping binding database
binding table, DHCP snooping
See DHCP snooping binding database
blocking floods 50-1
blocking state, STP 23-7
BPDU
RSTP format 23-16
BPDU guard
BPDUs
Bridge Assurance 24-3
Shared Spanning Tree Protocol (SSTP) 24-12
Bridge Assurance
inconsistent state 24-3
supported protocols and link types 24-3
bridge groups 25-2
bridge ID
bridge priority, STP 23-35
bridge protocol data units
bridging 25-2
broadcast storms
C
Call Home
description 60-2
message format options 60-2
messages
format options 60-2
call home 60-1
alert groups 60-6
configuring e-mail options 60-9
contact information 60-4
default settings 60-17
destination profiles 60-5
displaying information 60-13
mail-server priority 60-10
pattern matching 60-9
periodic notification 60-8
rate limit messages 60-9
severity threshold 60-8
smart call home feature 60-2
SMTP server 60-9
testing communications 60-10
call home alert groups
configuring 60-6
description 60-6
subscribing 60-7
call home contacts
assigning information 60-4
call home destination profiles
attributes 60-5
configuring 60-5
description 60-5
displaying 60-16
call home notifications
full-txt format for syslog 60-28
XML format for syslog 60-28
CDP
host presence detection 52-10, 54-3
to configure Cisco phones 13-2
CEF 28-1
configuring
RP 28-5
supervisor engine 28-5
examples 28-3
Layer 3 switching 28-2
packet rewrite 28-2
CEF for PFC2
certificate authority (CA) 60-3
CGMP 32-8
disabling automatic detection 32-13
channel-group group
Cisco Discovery Protocol
Cisco Emergency Responder 13-6
Cisco Express Forwarding 27-3
Cisco Group Management Protocol
Cisco IOS Unicast Reverse Path Forwarding 40-2
CIST regional root
CIST root
class command 36-73
class-map command 36-65
class map configuration 36-70
clear authentication sessions command 52-39
clear counters command 9-17
clear dot1x command 52-39
clear interface command 9-18
clear mls ip multicast statistics command
clears IP MMLS statistics 31-27
CLI
accessing 2-2
backing out one level 2-5
console configuration mode 2-5
getting list of commands 2-5
global configuration mode 2-5
history substitution 2-4
interface configuration mode 2-5
privileged EXEC mode 2-5
ROM monitor 2-7
software basics 2-4
command line processing 2-3
commands, getting list of 2-5
Committed Access Rate (CAR), not supported 36-2
community ports 19-3
Concurrent routing and bridging (CRB) 25-2
configuration example
EoMPLS VLAN mode 27-17
configure terminal command 9-2
configuring 36-72
console configuration mode 2-5
contact information
assigning for call home 60-4
control plane policing
CoPP 45-1
applying QoS service policy to control plane 45-3
configuring
ACLs to match traffic 45-3
enabling MLS QoS 45-3
packet classification criteria 45-3
service-policy map 45-3
control plane configuration mode
entering 45-3
displaying
dynamic information 45-4
number of conforming bytes and packets 45-4
rate information 45-4
entering control plane configuration mode 45-3
monitoring statistics 45-4
overview 45-1
packet classification guidelines 45-4
traffic classification
defining 45-5
guidelines 45-6
overview 45-5
sample ACLs 45-7
sample classes 45-5
CoS
counters
critical authentication 52-4
critical authentication, IEEE 802.1x 52-47
CSCsr62404 9-14
CSCtc21076 42-8
D
dACL
See ACLs, downloadable 52-19
debug commands
IP MMLS 31-27
DEC spanning-tree protocol 25-2
default configuration
dynamic ARP inspection 48-5
Flex Links 15-2
IP MMLS 31-8
MSTP 23-39
MVR 32-19
UDLD 10-3
voice VLAN 13-6
VTP 17-8
default NDE configuration 56-10
default VLAN 14-12
deficit weighted round robin 36-107
denial of service protection
description command 9-16
destination-ip flow mask 55-3
destination-source-ip flow mask 55-3
device IDs
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 46-5
overview 46-3
packet format, suboption
circuit ID 46-5
remote ID 46-5
remote ID suboption 46-5
DHCP option 82 allow on untrusted port 46-10
DHCP snooping
802.1X data insertion 52-11
binding database
See DHCP snooping binding database
configuration guidelines 46-6
configuring 46-9
default configuration 46-6
detecting spurious servers 46-13
displaying binding tables 46-18
enabling 46-9, 46-10, 46-11, 46-12, 46-13
enabling the database agent 46-14
message exchange process 46-4
option 82 data insertion 46-3
overview 46-1
Snooping database agent 46-5
DHCP snooping binding database
described 46-3
entries 46-3
DHCP snooping binding table
See DHCP snooping binding database
DHCP Snooping Database Agent
adding to the database (example) 46-17
enabling (example) 46-15
overview 46-5
reading from a TFTP file (example) 46-16
DHCP snooping increased bindings limit 46-7, 46-14
differentiated services codepoint
DiffServ
configuring short pipe mode 38-34
configuring uniform mode 38-39
short pipe mode 38-31
uniform mode 38-32
DiffServ tunneling modes 38-4
Disabling PIM Snooping Designated Router Flooding 34-6
distributed Cisco Express Forwarding
distributed egress SPAN 57-5, 57-17
documentation, related 1-xxxvii
DoS protection
monitoring packet drop statistics
using monitor session commands 44-15
using VACL capture 44-16
Supervisor Engine 2
configuration guidelines and restrictions 44-13
Supervisor Engine 720
default configurations 44-13
egress ACL bridget packet rate limiters 44-7
FIB glean rate limiters 44-9
FIB receive rate limiters 44-8
ICMP redirect rate limiters 44-9
IGMP unreachable rate limiters 44-8
ingress ACL bridget packet rate limiters 44-7
IP errors rate limiters 44-11
IPv4 multicast rate limiters 44-11
IPv6 multicast rate limiters 44-12
Layer 2 PDU rate limiters 44-10
Layer 2 protocol tunneling rate limiters 44-10
MTU failure rate limiters 44-10
multicast directyly connected rate limiters 44-11
multicast FIB miss rate limiters 44-11
multicast IGMP snooping rate limiters 44-10
network under SYN attack 44-5
QoS ACLs 44-3
security ACLs 44-2
TCP intercept 44-5
traffic storm control 44-4
TTL failure rate limiter 44-8
uRPF check 44-4
uRPF failure rate limiters 44-8
VACL log rate limiters 44-10
Supervisor Engine 720Layer 3 security features rate limiters 44-9
understanding how it works 44-2
dot1x auth-fail max-attempts command 52-46
dot1x critical command 52-49
dot1x initialize interface command 52-38
dot1x mac-auth-bypass command 52-50
dot1x max-reauth-req command 52-42
dot1x max-req command 52-41
dot1x pae authenticator command 52-31
dot1x port-control command 52-44
dot1x re-authenticate interface command 52-38
dot1x reauthentication command 52-37
dot1x timeout quiet-period command 52-40
dot1x timeout reauth-period command 52-37
DSCP
DSCP-based queue mapping 36-98
duplex mode
autonegotiation status 9-9
configuring interface 9-7
DWRR 36-107
dynamic ARP inspection
ARP cache poisoning 48-2
ARP requests, described 48-2
ARP spoofing attack 48-2
clearing
log buffer 48-15
statistics 48-15
configuration guidelines 48-6
configuring
logging system messages 48-13
rate limit for incoming ARP packets 48-4, 48-9
default configuration 48-5
denial-of-service attacks, preventing 48-9
described 48-1
DHCP snooping binding database 48-3
displaying
ARP ACLs 48-14
configuration and operating state 48-15
log buffer 48-15
statistics 48-15
trust state and rate limit 48-15
error-disabled state for exceeding rate limit 48-4
function of 48-2
interface trust states 48-3
log buffer
clearing 48-15
displaying 48-15
logging of dropped packets, described 48-5
logging system messages
configuring 48-13
man-in-the middle attack, described 48-2
network security issues and interface trust states 48-3
priority of ARP ACLs and DHCP snooping entries 48-4
rate limiting of ARP packets
configuring 48-9
described 48-4
error-disabled state 48-4
statistics
clearing 48-15
displaying 48-15
validation checks, performing 48-11
Dynamic Host Configuration Protocol snooping
E
EAPOL. See also port-based authentication. 52-1
eFSU
for a virtual switching system 4-52
eFSU, See Enhanced Fast Software Upgrade (eFSU)
eFSU. See enhanced Fast Software Upgrade (eFSU)
Egress ACL support for remarked DSCP 36-13
egress ACL support for remarked DSCP 36-61
egress replication performance improvement 31-14
egress SPAN 57-5
e-mail addresses
assigning for call home 60-4
e-mail notifications
Call Home 60-2
enable mode 2-5
enable sticky secure MAC address 54-9
enabling
IP MMLS
on router interfaces 31-12
encapsulation 14-4
enhanced Fast Software Upgrade (eFSU)
aborting (issu abortversion command) 5-14
accepting the new software version 5-12
commiting the new software to standby RP (issu commitversion command) 5-12
displaying maximum outage time for module 5-10
error handling 5-4
forcing a switchover (issu runversion command) 5-10
issu loadversion command 5-8
loading new software onto standby RP 5-8
memory reservation on module 5-3
memory reservation on module, prohibiting 5-3
OIR not supported 5-4
operation 5-2
outage times 5-3
steps 5-5
usage guidelines and limitations 5-4
verifying redundancy mode 5-7
environmental monitoring
LED indications 11-12
SNMP traps 11-12
supervisor engine and switching modules 11-12
Syslog messages 11-12
using CLI commands 11-10
EOBC
for MAC address table synchronization 14-3
EoMPLS 27-14
configuring 27-16
configuring VLAN mode 27-16
guidelines and restrictions 27-14
port mode 27-16
port mode configuration guidelines 27-19
VLAN mode 27-16
ERSPAN 57-1
EtherChannel
channel-group group
configuration guidelines 4-26, 16-6
configuring
Layer 2 16-8
configuring (tasks) 4-26, 16-7
DFC restriction, see CSCdt27074 in the Release Notes
interface port-channel
command example 16-8
interface port-channel (command) 16-8
lacp system-priority
command example 16-11
Layer 2
configuring 16-8
load balancing
configuring 16-11
understanding 16-5
modes 16-3
PAgP
understanding 16-3
port-channel interfaces 16-5
port-channel load-balance
command example 16-12
STP 16-5
switchport trunk encapsulation dot1q 16-6
EtherChannel Guard
Ethernet
setting port duplex 9-14
Ethernet over MPLS (EoMPLS) configuration
EoMPLS port mode 27-20
EoMPLS VLAN mode 27-17
EXP mutation 38-4
extended range VLANs 18-2
extended system ID
MSTP 23-41
Extensible Authentication Protocol over LAN. See EAPOL.
F
fabric switching mode
fabric switching-mode allow dcef-only command on Supervisor Engine 720 6-2
fabric switchover 6-9
fall-back bridging 25-2
fastethernet 9-2
fast fabric switchover 6-9
fast link notification
on VSL failure 4-11
fiber-optic, detecting unidirectional links 10-1
FIB TCAM 27-3
filters, NDE
destination host filter, specifying 56-17
destination TCP/UDP port, specifying 56-16
protocol 56-17
source host and destination TCP/UDP port 56-16
Flex Links 15-1
configuration guidelines 15-2
configuring 15-3
default configuration 15-2
description 15-1
monitoring 15-3
flood blocking 50-1
flow control 9-13
flow masks
IP MLS
destination-ip 55-3
destination-source-ip 55-3
ip-full 55-3
minimum 55-8
flows
IP MMLS
completely and partially switched 31-4
forward-delay time
MSTP 23-47
forward-delay time, STP 23-36
frame distribution
See EtherChannel load balancing
FSU
for a virtual switching system 4-52
G
global configuration mode 2-5
guest VLAN and 802.1x 52-15
guidelines 20-5
H
hardware Layer 3 switching
guidelines 28-4
hello time
MSTP 23-46
hello time, STP 23-35
High Capacity Power Supply Support 11-4
history
CLI 2-4
host mode
host ports
kinds of 19-3
host presence CDP message 13-3, 52-10
host presence TLV message 54-3
http
//www-tac.cisco.com/Teams/ks/c3/xmlkwery.php?srId=612293409 16-6
I
ICMP unreachable messages 42-3
IDs
serial IDs 60-25
IEEE 802.10 SAID (default) 18-6
IEEE 802.1Q
IEEE 802.1Q Ethertype
specifying custom 14-18
IEEE 802.1Q Tagging on a Per-Port Basis 21-7
IEEE 802.1w
IEEE 802.1x
authentication failed VLAN 52-15
critical ports 52-16
DHCP snooping 52-11
guest VLAN 52-15
MAC authentication bypass 52-22
network admission control Layer 2 validation 52-23
port security interoperability 52-18
RADIUS-supplied session timeout 52-37
voice VLAN 52-18
wake-on-LAN support 52-24
IEEE 802.3ad
IEEE 802.3x Flow Control 9-13
IEEE bridging protocol 25-2
IGMP
configuration guidelines 30-8, 32-7
enabling 32-10
Internet Group Management Protocol 32-1
join messages 32-2
leave processing
enabling 32-12
queries 32-3
query interval
configuring 32-11
snooping
fast leave 32-5
joining multicast group 32-2, 33-2
leaving multicast group 32-4, 33-4
snooping querier
enabling 32-9
IGMPv3 31-10
IGMP v3lite 31-10
ignore port trust 36-9, 36-16, 36-58, 36-74
inaccessible authentication bypass 52-16
ingress SPAN 57-5
inline power 13-4
inline-power policing and override 13-5
Integrated routing and bridging (IRB) 25-2
interface
configuration mode 2-5
Layer 2 modes 14-4
number 9-2
interface port-channel
command example 16-8
interface port-channel (command) 16-8
interfaces
configuring 9-2
configuring, duplex mode 9-7
configuring, speed 9-7
configururing, overview 9-2
descriptive name, adding 9-15
displaying information about 9-17
maintaining 9-16
monitoring 9-16
naming 9-15
range of 9-4
restarting 9-18
shutting down
task 9-18
interfaces command 9-2
interfaces range command 9-4, 59-2
interfaces range macro command 9-6
internal VLANs 18-2
Internet Group Management Protocol
IP accounting, IP MMLS and 31-9
IP CEF
topology (figure) 28-4
ip flow-export destination command 56-14
ip flow-export source command 55-12, 56-13, 56-14, 62-3, 62-4
ip-full flow mask 55-3
ip http server 1-6
IP MLS
aging-time 55-8
flow masks
destination-ip 55-3
destination-source-ip 55-3
ip-full 55-3
minimum 55-8
IP MMLS
cache, overview 31-2
configuration guideline 31-9
debug commands 31-27
default configuration 31-8
enabling
on router interfaces 31-12
flows
completely and partially switched 31-4
Layer 3 MLS cache 31-2
overview 31-2
packet rewrite 31-3
router
enabling globally 31-10
enabling on interfaces 31-12
multicast routing table, displaying 31-21
PIM, enabling 31-11
switch
statistics, clearing 31-27
unsupported features 31-9
IP multicast
IGMP snooping and 32-9
MLDv2 snooping and 30-10
IP multicast MLS
ip multicast-routing command
enabling IP multicast 31-11
IP phone
configuring 13-7
ip pim command
enabling IP PIM 31-11
IP Source Guard
configuring 47-3
configuring on private VLANs 47-4
overview 47-1
IP unnumbered 25-2
IPv4 Multicast over Point-to-Point GRE Tunnels 1-6
IPv4 Multicast VPN 35-1
IPv6 Multicast PFC3 and DFC3 Layer 3 Switching 29-1
IPv6 QoS 36-52
ISL encapsulation 14-4
ISL trunks 14-3
isolated port 19-3
J
join messages, IGMP 32-2
jumbo frames 9-10
K
keyboard shortcuts 2-3
L
label edge router 27-2
label switched path 27-16
label switch router 27-2, 27-3
LACP
system ID 16-4
Layer 2
configuring interfaces 14-6
access port 14-16
trunk 14-10
defaults 14-5
interface modes 14-4
show interfaces 9-12, 9-13, 14-7, 14-15
switching
understanding 14-1
trunks
understanding 14-3
VLAN
interface assignment 18-12
Layer 2 Interfaces
configuring 14-1
Layer 2 protocol tunneling
configuring Layer 2 tunnels 22-2
overview 22-1
Layer 2 remarking 36-15
Layer 2 Traceroute 63-1
Layer 2 traceroute
and ARP 63-2
and CDP 63-2
described 63-1
IP addresses and subnets 63-2
MAC addresses and VLANs 63-2
multicast traffic 63-2
multiple devices on a port 63-2
unicast traffic 63-1
usage guidelines 63-2
Layer 3
IP MMLS and MLS cache 31-2
Layer 3 switched packet rewrite
CEF 28-2
Layer 3 switching
CEF 28-2
Layer 4 port operations (ACLs) 42-10
leave processing, IGMP
enabling 32-12
leave processing, MLDv2
enabling 30-12
Link Failure
detecting unidirectional 23-25
link negotiation 9-8
link redundancy
Load Balancing 27-8
Local Egress Replication 31-14
logical operation unit
loop guard
LOU
description 42-11
determining maximum number of 42-11
M
MAC address-based blocking 40-1
MAC address table notification 14-8
mac-address-table synchronize command 14-3
MAC authentication bypass. See also port-based authentication. 52-22
MAC move (port security) 54-2
macros 3-1
magic packet 52-24
main-cpu command 7-4
mapping 802.1Q VLANs to ISL VLANs 18-13, 18-16
markdown
maximum aging time
MSTP 23-48
maximum aging time, STP 23-37
maximum hop count, MSTP 23-48
MEC
configuration 4-41
described 4-12
failure 4-13
port load share deferral 4-14
microflow policing rule
Mini Protocol Analyzer 64-1
Min-Links 16-13
MLD
report 30-4
MLD snooping
query interval
configuring 30-12
MLDv1 30-8
MLDv2 30-1
enabling 30-10
leave processing
enabling 30-12
queries 30-5
snooping
fast leave 30-7
joining multicast group 30-4
leaving multicast group 30-6
understanding 30-2
snooping querier
enabling 30-9
understanding 30-2
MLDv2 Snooping 30-1
MLS
configuring threshold 31-15
RP
threshold 31-15
mls aging command
configuring IP MLS 55-9
mls flow command
configuring IP MLS 55-8, 55-12, 56-12
mls ip multicast command
mls nde flow command
configuring a host and port filter 56-16
configuring a host flow filter 56-17
configuring a port filter 56-16
configuring a protocol flow filter 56-17
mls nde sender command 56-11
monitoring
Flex Links 15-3
private VLANs 19-17
aggregate label 27-2
any transport over MPLS 27-13
basic configuration 27-8
core 27-3
DiffServ Tunneling Modes 38-30
egress 27-4
experimental field 38-3
guidelines and restrictions 27-7
hardware features 27-4
ingress 27-3
IP to MPLS path 27-3
labels 27-2
Layer 2 VPN load balancing 27-8
MPLS to IP path 27-4
MPLS to MPLS path 27-3
nonaggregate lable 27-2
QoS default configuration 38-15
VPN 38-12
VPN guidelines and restrictions 27-11
mpls l2 transport route command 27-15
MPLS QoS
Classification 38-2
Class of Service 38-2
commands 38-16
configuring a class map 38-20
configuring a policy map 38-22
configuring egress EXP mutation 38-28
configuring EXP Value Maps 38-29
Differentiated Services Code Point 38-2
displaying a policy map 38-27
E-LSP 38-2
enabling QoS globally 38-18
EXP bits 38-2
features 38-3
IP Precedence 38-2
QoS Tags 38-2
queueing-only mode 38-19
MPLS QoS configuration
class map to classify MPLS packets 38-20
MPLS supported commands 27-7
MPLS VPN
limitations and restrictions 27-11
MQC 36-1
not supported
CAR 36-2
queuing 36-2
supported
policy maps 36-3
MST
interoperation with Rapid PVST+ 24-11
root bridge 24-12
MSTP
boundary ports
configuration guidelines 23-39
described 23-23
CIST, described 23-20
CIST root 23-22
configuration guidelines 23-39
configuring
forward-delay time 23-47
hello time 23-46
link type for rapid convergence 23-48
maximum aging time 23-48
maximum hop count 23-48
MST region 23-40
neighbor type 23-49
path cost 23-44
port priority 23-43
root switch 23-41
secondary root switch 23-43
switch priority 23-45
CST
defined 23-20
operations between regions 23-21
default configuration 23-39
displaying status 23-50
enabling the mode 23-40
extended system ID
effects on root switch 23-41
effects on secondary root switch 23-43
unexpected behavior 23-42
IEEE 802.1s
implementation 23-24
port role naming change 23-24
terminology 23-22
interoperability with IEEE 802.1D
described 23-26
restarting migration process 23-50
IST
defined 23-20
master 23-20
operations within a region 23-20
mapping VLANs to MST instance 23-40
MST region
CIST 23-20
configuring 23-40
described 23-19
hop-count mechanism 23-23
IST 23-20
supported spanning-tree instances 23-19
overview 23-18
root switch
configuring 23-41
effects of extended system ID 23-41
unexpected behavior 23-42
status, displaying 23-50
MTU size (default) 18-6
multiauthentication (multiauth). See also port-based authentication. 52-10
multicast
IGMP snooping and 32-9
MLDv2 snooping and 30-10
NetFlow statistics 56-10
non-RPF 31-5
PIM snooping 34-4
multicast, displaying routing table 31-21
Multicast enhancement - egress replication performance improvement 31-14
Multicast Enhancement - Replication Mode Detection 31-12
multicast flood blocking 50-1
multicast groups
multicast groups, IPv6
joining 30-4
Multicast Listener Discovery version 2
multicast multilayer switching
Multicast Replication Mode Detection enhancement 31-12
multicast RPF 31-2
multicast storms
multicast television application 32-17
multicast VLAN 32-16
Multicast VLAN Registration
multicast VLAN registration (MVR)
MVR 32-16
multichassis EtherChannel
see MEC 4-12
Multidomain Authentication (MDA). See also port-based authentication. 52-10
Multilayer MAC ACL QoS Filtering 36-66
multilayer switch feature card
multiple path RPF check 40-2
Multiple Spanning Tree
MUX-UNI Support 27-23
MUX-UNI support 27-23
MVAP (Multi-VLAN Access Port). See also port-based authentication. 52-18
MVR
and IGMPv3 32-20
configuration guidelines 32-20
configuring interfaces 32-21
default configuration 32-19
described 32-16
example application 32-17
in the switch stack 32-19
multicast television application 32-17
setting global parameters 32-20
N
NAC
agentless audit support 52-23
critical authentication 52-16, 52-47
for Layer 3 interfaces 51-2, 51-14
IEEE 802.1x authentication using a RADIUS server 52-51
IEEE 802.1x validation using RADIUS server 52-51
inaccessible authentication bypass 52-47
Layer 2 IEEE 802.1x validation 52-51
Layer 2 IEEE802.1x validation 52-23
non-responsive hosts 51-6
SSO 51-12
native VLAN 14-13
NBAR 36-1
NDE
configuration, displaying 56-17
displaying configuration 56-17
enabling 56-10
filters
destination host, specifying 56-17
destination TCP/UDP port, specifying 56-16
protocol, specifying 56-17
source host and destination TCP/UDP port, specifying 56-16
multicast 56-10
specifying
destination host filters 56-17
destination TCP/UDP port filters 56-16
protocol filters 56-17
NDE configuration, default 56-10
NDE version 8 56-3
NetFlow
table, displaying entries 28-6
Netflow Multiple Export Destinations 56-14
NetFlow search engine 31-6
NetFlow version 9 56-3
Network Admission Control
Network Admission Control (NAC) 51-1
network admission control for Layer 3 interfaces 51-2, 51-14
Network-Based Application Recognition 36-1
network ports
Bridge Assurance 24-3
description 24-2
non-RPF multicast 31-5
Nonstop Forwarding
normal-range VLANs
NSF 6-1
NSF with SSO does not support IPv6 multicast traffic. 6-1
O
OIR 9-16
online diagnostics
CompactFlash disk verification A-40
configuring 12-2
datapath verification A-6
diagnostic sanity check 12-12
egress datapath test A-9
error counter test A-4
interrupt counter test A-4
memory tests 12-12
overview 12-1
running tests 12-5
test descriptions A-1
understanding 12-1
online diagnostic tests A-1
online insertion and removal
out-f-band MAC address table synchronization
configuring 14-8
in a VSS 4-24
out of profile
P
packet burst 44-7
packet capture 64-1
packet recirculation 36-13
packet rewrite
CEF 28-2
IP MMLS and 31-3
packets
multicast 43-6
PACLs. See private hosts feature
PAgP
understanding 16-3
path cost
MSTP 23-44
PBACLs 42-3
PBF 43-14
peer inconsistent state
in PVST simulation 24-12
per-port VTP enable and disable 17-17
PFC
recirculation 27-4
PFC3 31-6
PIM, IP MMLS and 31-11
PIM snooping
designated router flooding 34-6
enabling globally 34-5
enabling in a VLAN 34-5
overview 34-4
platform cwan acl software-switched command 43-12
platform ipv4 pbr optimize tcam command 25-4
PoE
Cisco Prestandard Inline Power 13-4, 13-5
police command 36-76
policing
policing. See power management.
policy 36-65
policy-based ACLs (PBACLs) 42-3
policy-based forwarding (PBF) 43-2
policy-based routing
policy enforcement 51-7
policy map 36-72
attaching to an interface 36-79
policy-map command 36-66, 36-73
port ACLs
defined 43-2
port ACLs (PACLs) 43-1
Port Aggregation Protocol
port-based authentication
AAA authorization 52-30
accounting 52-12
configuring 52-42
authentication server
configuration guidelines 52-26, 53-7
configuring
guest VLAN 52-44
inaccessible authentication bypass 52-47
initializing authentication of a client 52-38
manual reauthentication of a client 52-38
RADIUS server parameters on the switch 52-32, 53-9
restricted VLAN 52-45
switch-to-authentication-server retransmission time 52-41
switch-to-client EAP-request frame retransmission time 52-40
switch-to-client frame-retransmission number 52-41, 52-42
switch-to-client retransmission time 52-40
user distribution 52-43
VLAN group assignment 52-43
default configuration 52-25, 53-7
described 52-1
DHCP snooping 52-11
DHCP snooping and insertion 46-4
displaying statistics 52-56, 53-15
EAPOL-start frame 52-6
EAP-request/identity frame 52-6
EAP-response/identity frame 52-6
enabling
802.1X authentication 52-30, 52-32, 53-9
periodic reauthentication 52-37
encapsulation 52-3
guest VLAN
configuration guidelines 52-15, 52-16
described 52-15
host mode 52-9
inaccessible authentication bypass
configuring 52-47
described 52-16
guidelines 52-29
initiation and message exchange 52-6
MAC authentication bypass 52-22
magic packet 52-24
method lists 52-30
modes 52-9
multiauth mode, described 52-10
multidomain authentication mode, described 52-10
multiple-hosts mode, described 52-9
ports
authorization state and dot1x port-control command 52-8
authorized and unauthorized 52-8
critical 52-16
voice VLAN 52-18
port security
and voice VLAN 52-19
described 52-18
interactions 52-19
multiple-hosts mode 52-9
pre-authentication open access 52-11, 52-34
resetting to default values 52-55
supplicant, defined 52-3
switch
RADIUS client 52-3
user distribution
configuring 52-43
described 52-14
guidelines 52-29
VLAN assignment
AAA authorization 52-30
characteristics 52-13
configuration tasks 52-14
described 52-13
VLAN group
guidelines 52-29
voice VLAN
described 52-18
PVID 52-18
VVID 52-18
wake-on-LAN, described 52-24
port-based QoS features
port channel
switchport trunk encapsulation dot1q 16-6
port-channel
port-channel load-balance
port-channel load-defer command 4-43
port-channel port load-defer command 4-43
port cost, STP 23-33
port debounce timer
disabling 9-14
displaying 9-14
enabling 9-14
PortFast
PortFast BPDU filtering
See STP PortFast BPDU filtering
port mode 27-16
port negotiation 9-8
port priority
MSTP 23-43
port priority, STP 23-31
ports
setting the debounce timer 9-14
port security
configuring 54-5
default configuration 54-3
described 54-2
displaying 54-12
enable sticky secure MAC address 54-9
sticky MAC address 54-2
violations 54-2
Port Security is supported on trunks 54-4, 54-5, 54-9, 54-10
port security MAC move 54-2
port security on PVLAN ports 54-4
Port Security with Sticky Secure MAC Addresses 54-2
power management
enabling/disabling redundancy 11-2
inline power 13-4
inline power policing 13-5, 13-6
overview 11-1
powering modules up or down 11-3
power policing 13-11
system power requirements, nine-slot chassis 11-5
pre-authentication open access. See port-based authentication.
primary links 15-1
primary VLANs 19-2
priority
private hosts 20-1
private hosts feature
configuration guidelines 20-5
configuring (detailed steps) 20-8
configuring (summary) 20-8
multicast operation 20-7
overview 20-1
port ACLs (PACLs) 20-5
port types 20-3
protocol-independent MAC ACLs 20-2
restricting traffic flow with PACLs 20-3
spoofing protection 20-7
private VLANs 19-1
across multiple switches 19-5
and SVIs 19-6
benefits of 19-2
configuration guidelines 19-7, 19-9, 19-11
configuring 19-11
host ports 19-15
pomiscuous ports 19-16
routing secondary VLAN ingress traffic 19-13
secondary VLANs with primary VLANs 19-12
VLANs as private 19-11
end station access to 19-4
IP addressing 19-4
monitoring 19-17
ports
community 19-3
configuration guidelines 19-9
isolated 19-3
promiscuous 19-3
primary VLANs 19-2
secondary VLANs 19-2
subdomains 19-2
traffic in 19-6
privileged EXEC mode 2-5
promiscuous ports 19-3
protocol tunneling
See Layer 2 protocol tunneling 22-1
pruning, VTP
PVLANs
PVRST
See Rapid-PVST 23-18
PVST
description 23-2
PVST+
description 23-12
PVST simulation
description 24-11
peer inconsistent state 24-12
root bridge 24-12
Q
QoS
auto-QoS
enabling for VoIP 37-4
IPv6 36-52
See also automatic QoS 37-1
QoS classification (definition) 36-120
QoS congestion avoidance
definition 36-121
QoS CoS
and ToS final L3 Switching Engine values 36-12
and ToS final values from L3 Switching Engine 36-12
definition 36-120
port value, configuring 36-92
QoS default configuration 36-111, 39-2
QoS DSCP
definition 36-121
internal values 36-10
maps, configuring 36-86
QoS dual transmit queue
thresholds
QoS Ethernet egress port
scheduling 36-111
scheduling, congestion avoidance, and marking 36-12
QoS Ethernet ingress port
classification, marking, scheduling, and congestion avoidance 36-6
QoS final L3 Switching Engine CoS and ToS values 36-12
QoS internal DSCP values 36-10
QoS L3 Switching Engine
classification, marking, and policing 36-9
feature summary 36-16
QoS labels (definition) 36-121
QoS mapping
CoS values to DSCP values 36-84, 36-87
DSCP markdown values 36-28, 36-88, 38-16
DSCP values to CoS values 36-89
IP precedence values to DSCP values 36-87
QoS markdown 36-20
QoS marking
definition 36-121
trusted ports 36-15
untrusted ports 36-15
QoS multilayer switch feature card 36-17
QoS out of profile 36-19
QoS policing
definition 36-121
microflow, enabling for nonrouted traffic 36-60
QoS policing rule
aggregate 36-17
creating 36-64
microflow 36-17
QoS port
QoS port-based or VLAN-based 36-60
QoS queues
transmit, allocating bandwidth between 36-107
QoS receive queue 36-8, 36-103, 36-105
drop thresholds 36-22
QoS RP
marking 36-17
QoS scheduling (definition) 36-121
QoS session-based 36-11
QoS single-receive, dual-transmit queue ports
configuring 36-98
QoS statistics data export 39-1
configuring 39-2
configuring destination host 39-7
configuring time interval 39-6, 39-8
QoS ToS
and CoS final values from L3 Switching Engine 36-12
definition 36-121
QoS traffic flow through QoS features 36-4
QoS transmit queue
QoS transmit queues 36-23, 36-100, 36-101, 36-104
QoS trust-cos
port keyword 36-14
QoS trust-dscp
port keyword 36-14
QoS trust-ipprec
port keyword 36-14
QoS untrusted port keyword 36-14
QoS VLAN-based or port-based 36-11, 36-60
queries, IGMP 32-3
queries, MLDv2 30-5
R
RADIUS 46-4
RADIUS. See also port-based authentication. 52-3
range
macro 9-6
of interfaces 9-4
rapid convergence 23-14
Rapid-PVST
enabling 23-37
overview 23-18
Rapid PVST+
interoperation with MST 24-11
Rapid Spanning Tree
Rapid Spanning Tree Protocol
receive queues
redirect URLs
described 52-21
reduced MAC address 23-2
redundancy (NSF) 6-1
configuring
BGP 6-14
CEF 6-13
EIGRP 6-19
IS-IS 6-17
OSPF 6-15
configuring multicast NSF with SSO 6-13
configuring supervisor engine 6-10
routing protocols 6-4
redundancy (RPR+) 7-1
configuring 7-4
configuring supervisor engine 7-3
displaying supervisor engine configuration 7-5
redundancy command 7-4
redundancy (SSO)
redundancy command 6-11
related documentation 1-xxxvii
Remote Authentication Dial-In User Service. See RADIUS.
Remote source-route bridging (RSRB) 25-2
Replication Mode Detection 31-12
report, MLD 30-4
reserved-range VLANs
restricted VLAN
configuring 52-45
described 52-15
using with IEEE 802.1x 52-15
rewrite, packet
CEF 28-2
IP MMLS 31-3
RHI 4-51
RIF cache monitoring 9-17
ROM monitor
CLI 2-7
root bridge
MST 24-12
PVST simulation 24-12
root bridge, STP 23-30
root guard
root switch
MSTP 23-41
route health injection
route processor redundancy
router guard 33-1
routing table, multicast 31-21
RPF
failure 31-5
multicast 31-2
non-RPF multicast 31-5
unicast 40-2
RPR+
RPR and RPR+ support IPv6 multicast traffic 7-1
RSTP
active topology 23-13
BPDU
format 23-16
processing 23-17
designated port, defined 23-13
designated switch, defined 23-13
interoperability with IEEE 802.1D
described 23-26
restarting migration process 23-50
topology changes 23-17
overview 23-13
port roles
described 23-13
synchronized 23-15
proposal-agreement handshake process 23-14
rapid convergence
described 23-14
edge ports and Port Fast 23-14
point-to-point links 23-14, 23-48
root ports 23-14
root port, defined 23-13
S
SAID 18-6
Sampled NetFlow
description 56-8
scheduling
SEA
secondary VLANs 19-2
Secure MAC Address Aging Type 54-11
security
configuring 40-1, 41-1, 42-1, 44-1, 45-1
security, port 54-2
serial IDs
description 60-25
serial interfaces
clearing 9-18
synchronous
maintaining 9-18
server IDs
description 60-25
service-policy command 36-66
service-policy input command 36-61, 36-79, 36-84, 36-86, 38-29
service-provider network, MSTP and RSTP 23-19
set power redundancy enable/disable command 11-2
shaped round robin 36-107
short pipe mode
configuring 38-34
show authentication command 52-57
show catalyst6000 chassis-mac-address command 23-3
show configuration command 9-15
show dot1x interface command 52-37
show eobc command 9-17
show hardware command 9-3
show history command 2-4
show ibc command 9-17
show interfaces command 9-2, 9-12, 9-13, 9-15, 9-17, 14-7, 14-15
clearing interface counters 9-17
displaying, interface type numbers 9-2
displaying, speed and duplex mode 9-9
show ip flow export command
displaying NDE export flow IP address and UDP port 56-15
show ip interface command
displaying IP MMLS interfaces 31-19
show ip mroute command
displaying IP multicast routing table 31-21
show ip pim interface command
displaying IP MMLS router configuration 31-19
show mab command 52-60
show mls aging command 55-9, 55-10
show mls entry command 28-6
show mls ip multicast group command
displaying IP MMLS group 31-22, 31-25
show mls ip multicast interface command
displaying IP MMLS interface 31-22, 31-25
show mls ip multicast source command
displaying IP MMLS source 31-22, 31-25
show mls ip multicast statistics command
displaying IP MMLS statistics 31-22, 31-25
show mls ip multicast summary
displaying IP MMLS configuration 31-22, 31-25
show mls nde command 56-17
displaying NDE flow IP address 56-15
show mls rp command
displaying IP MLS configuration 55-8
show module command 7-5
show platform acl software-switched command 43-12
show protocols command 9-17
show rif command 9-17
show running-config command 9-15, 9-17
show svclc rhi-routes command 4-51
show version command 9-17
show vlan group command 52-43
shutdown command 9-18
shutdown interfaces
result 9-18
slot number, description 9-2
smart call home 60-1
description 60-2
destination profile (note) 60-5
registration requirements 60-3
service contract requirements 60-3
Transport Gateway (TG) aggregation point 60-3
SMARTnet
smart call home registration 60-3
smart port macros 3-1
configuration guidelines 3-3
Smartports macros
applying global parameter values 3-14
applying macros 3-14
creating 3-13
default configuration 3-2
defined 3-2
displaying 3-16
tracing 3-4
SNMP
support and documentation 1-5
snooping
software
source IDs
call home event format 60-25
source-only-ip flow mask 55-3
source specific multicast with IGMPv3, IGMP v3lite, and URD 31-10
SPAN
configuration guidelines 57-7
configuring 57-13
sources 57-18, 57-20, 57-22, 57-24, 57-25, 57-27, 57-28, 57-30
VLAN filtering 57-32
CPU source 57-6, 57-18, 57-19, 57-22, 57-28
destination port support on EtherChannels 57-7, 57-21, 57-24, 57-26, 57-27, 57-31
distributed egress 57-5, 57-17
modules that disable 57-12
modules that disable for ERSPAN 57-13
input packets with don't learn option
local SPAN 57-19, 57-20, 57-21
understanding 57-7
local SPAN egress session increase 57-8, 57-18
overview 57-1
SPAN Destination Port Permit Lists 57-16
spanning-tree backbonefast
spanning-tree cost
command 23-33
command example 23-34
spanning-tree portfast
command example 24-13
spanning-tree portfast bpdu-guard
command 24-16
spanning-tree port-priority
command 23-32
spanning-tree protocol for bridging 25-2
spanning-tree uplinkfast
command 24-17
command example 24-18
spanning-tree vlan
command 23-28, 23-29, 23-30, 23-31, 24-19
command example 23-28, 23-29, 23-31
spanning-tree vlan cost
command 23-33
spanning-tree vlan forward-time
command 23-36
command example 23-36
spanning-tree vlan hello-time
command 23-36
command example 23-36
spanning-tree vlan max-age
command 23-37
command example 23-37
spanning-tree vlan port-priority
command 23-32
command example 23-33
spanning-tree vlan priority
command 23-35
command example 23-35
speed
configuring interface 9-7
speed mode
autonegotiation status 9-9
SRR 36-107
SSO for network admission control 51-12
standby links 15-1
static sharing
configuring 52-31
description 52-21
statistics
sticky ARP 44-18
sticky MAC address 54-2
Sticky secure MAC addresses 54-9, 54-10
storm control
STP
configuring 23-26
bridge priority 23-35
forward-delay time 23-36
hello time 23-35
maximum aging time 23-37
port cost 23-33
port priority 23-31
root bridge 23-30
secondary root switch 23-31
defaults 23-27
edge ports 24-2
EtherChannel 16-5
network ports 24-2
normal ports 24-2
PortFast 24-2
understanding 23-1
802.1Q Trunks 23-12
Blocking State 23-7
BPDUs 23-3
disabled state 23-11
forwarding state 23-10
learning state 23-9
listening state 23-8
overview 23-2
port states 23-5
protocol timers 23-4
root bridge election 23-4
topology 23-5
STP BackboneFast
configuring 24-18
figure
adding a switch 24-10
spanning-tree backbonefast
understanding 24-7
STP BPDU Guard
configuring 24-16
spanning-tree portfast bpdu-guard
command 24-16
understanding 24-5
STP bridge ID 23-2
STP EtherChannel guard 24-9
STP extensions
STP loop guard
configuring 24-20
overview 24-10
STP PortFast
BPDU filter
configuring 24-15
BPDU filtering 24-5
configuring 24-12
spanning-tree portfast
command example 24-13
understanding 24-2
STP port types
description 24-2
edge 24-2
network 24-2
normal 24-2
STP UplinkFast
configuring 24-17
spanning-tree uplinkfast
command 24-17
command example 24-18
understanding 24-6
subdomains, private VLAN 19-2
supervisor engine
environmental monitoring 11-10
synchronizing configurations 6-20, 7-5
supervisor engine redundancy
supervisor engines
displaying redundancy configuration 7-5
supplicant 52-3
svclc command 4-50
Switched Port Analyzer
switch fabric functionality 8-1
configuring 8-3
monitoring 8-3
switchport
configuring 14-16
example 14-15
show interfaces 9-12, 9-13, 14-7, 14-15
switchport access vlan 14-8, 14-9, 14-12, 14-16
example 14-17
switchport mode access 14-4, 14-8, 14-9, 14-16
example 14-17
switchport mode dynamic 14-11
switchport mode dynamic auto 14-4
switchport mode dynamic desirable 14-4
default 14-5
example 14-15
switchport mode trunk 14-4, 14-11
switchport nonegotiate 14-4
switchport trunk allowed vlan 14-13
switchport trunk encapsulation 14-9, 14-10
switchport trunk encapsulation dot1q 14-4
example 14-15
switchport trunk encapsulation isl 14-4
switchport trunk encapsulation negotiate 14-4
default 14-5
switchport trunk native vlan 14-13
switchport trunk pruning vlan 14-14
switch priority
MSTP 23-45
switch TopN reports
foreground execution 62-2
running 62-2
viewing 62-2
system event archive (SEA) 58-1
System Event Archive, configuring 58-1
System Hardware Capacity 11-5
T
TACACS+ 40-1, 41-1, 42-1, 44-1, 45-1
TCP Intercept 40-2
TDR
checking cable connectivity 9-19
enabling and disabling test 9-19
guidelines 9-19
Telnet
accessing CLI 2-2
Time Domain Reflectometer
TLV
host presence detection 13-3, 52-10, 54-3
traceroute, Layer 2
and ARP 63-2
and CDP 63-2
described 63-1
IP addresses and subnets 63-2
MAC addresses and VLANs 63-2
multicast traffic 63-2
multiple devices on a port 63-2
unicast traffic 63-1
usage guidelines 63-2
traffic flood blocking 50-1
traffic-storm control
command
broadcast 49-4
described 49-1
monitoring 49-6
thresholds 49-1
traffic suppression
translational bridge numbers (defaults) 18-6
transmit queues
trunks 14-3
802.1Q Restrictions 14-6
allowed VLANs 14-13
configuring 14-10
default interface configuration 14-7
default VLAN 14-12
different VTP domains 14-4
encapsulation 14-4
native VLAN 14-13
to non-DTP device 14-5
VLAN 1 minimization 14-14
trust-dscp
trusted boundary 13-9
trusted boundary (extended trust for CDP devices) 13-3
trust-ipprec
trustpoint 60-3
tunneling, 802.1Q
See 802.1Q 21-1
type length value
U
UDE 26-1
configuration 26-3
overview 26-2
UDE and UDLR 26-1
UDLD
default configuration 10-3
enabling
globally 10-3
on ports 10-4
overview 10-1
UDLR 26-1
back channel 26-1
configuration 26-6
tunnel
(example) 26-7
ARP and NHRP 26-3
UDLR (unidirectional link routing)
UMFB 50-1
unauthorized ports with 802.1X 52-8
Unicast and Multicast Flood Blocking 50-1
unicast flood blocking 50-1
unicast RPF 40-2
unicast storms
Unidirectional Ethernet
unidirectional ethernet
example of setting 26-5
UniDirectional Link Detection Protocol
uniform mode
configuring 38-39
unknown multicast flood blocking
unknown unicast flood blocking
unknown unicast flood rate-limiting
untrusted
upgrade guidelines 27-15
UplinkFast
URD 31-10
User-Based Rate Limiting 36-19, 36-76
user EXEC mode 2-5
UUFB 50-1
UUFRL 50-1
V
VACLs 43-2
configuring 43-11
examples 43-15
Layer 3 VLAN interfaces 43-14
Layer 4 port operations 42-10
logging
configuration example 43-19
configuring 43-19
restrictions 43-19
MAC address based 43-11
multicast packets 43-6
SVIs 43-14
WAN interfaces 43-2
virtual LAN
vlan
command 18-11, 18-12, 56-12, 56-13, 57-22
VLAN Access Control Lists
VLAN-based QoS filtering 36-67
VLAN-bridge spanning-tree protocol 25-2
vlan database
command 18-11, 18-12, 56-12, 56-13, 57-22
example 18-12
vlan group command 52-43
VLAN locking 18-10
vlan mapping dot1q
command example 18-17
VLAN maps
applying 43-9
VLAN mode 27-16
VLAN port provisioning verification 18-10
VLANs
allowed on trunk 14-13
configuration guidelines 18-8
configuration options
global configuration mode 18-9
VLAN database mode 18-9
configuring 18-1
configuring (tasks) 18-9
defaults 18-6
extended range 18-2
ID (default) 18-6
interface assignment 18-12
multicast 32-16
name (default) 18-6
normal range 18-2
private
reserved range 18-2
support for 4,096 VLANs 18-2
token ring 18-3
trunks
understanding 14-3
understanding 18-1
VLAN 1 minimization 14-14
VTP domain 18-3
VLAN translation
VLAN Trunking Protocol
voice VLAN
Cisco 7960 phone, port connections 13-2
configuration guidelines 13-7
configuring IP phone for data traffic
override CoS of incoming frame 13-9, 13-10
configuring ports for voice traffic in
802.1Q frames 13-8
connecting to an IP phone 13-7
default configuration 13-6
overview 13-1
voice VLAN. See also port-based authentication. 52-18
VPN
configuration example 27-12
guidelines and restrictions 27-11
VPN supported commands 27-11
VPN switching 27-9
VSS
dual-active detection
Enhanced PAgP, advantages 4-20
Enhanced PAgP, description 4-20
enhanced PAgP, description 4-43
fast-hello, advantages 4-20
fast-hello, description 4-21
IP BFD, advantages 4-20
IP BFD, description 4-21
IP BFG, configuration 4-45
VSLP fast-hello, configuration 4-46
VTP
client, configuring 17-15
configuration guidelines 17-9
default configuration 17-8
disabling 17-15
domains 17-2
VLANs 18-3
modes
client 17-3
server 17-3
transparent 17-3
monitoring 17-18
overview 17-1
per-port enable and disable 17-17
pruning
configuration 14-14
configuring 17-13
overview 17-6
server, configuring 17-15
statistics 17-18
transparent mode, configuring 17-15
version 2
enabling 17-13
overview 17-4
version 3
enabling 17-14
overview 17-5
server type, configuring 17-12
W
wake-on-LAN. See also port-based authentication. 52-24
web-based authentication
AAA fail policy 53-4
description 53-1
web browser interface 1-6
weighted round robin 36-107
wireless access point
inline power 13-4
WRR 36-107
X
xconnect command 27-15