- Preface
- Overview
- Using the Command-Line Interface
- Assigning the Switch IP Address and Default Gateway
- Configuring Cisco IOS Configuration Engine
- Configuring MODBUS TCP
- Administering the Switch
- Configuring Switch Alarms
- Configuring Switch-Based Authentication
- Configuring SDM Templates
- Configuring IEEE 802.1x Port-Based Authentication
- Configuring Web-Based Authentication
- Configuring Interfaces
- Configuring Smartports Macros
- Configuring VLANs
- Configuring Private VLANs
- Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
- Configuring STP
- Configuring MSTP
- Configuring Optional Spanning-Tree Features
- Configuring Resilient Ethernet Protocol
- Configuring Flex Links and the MAC Address-Table Move Update Feature
- Configuring DHCP Features and IP Source Guard
- Configuring Dynamic ARP Inspection
- Configuring LLDP and LLDP-MED
- Configuring IGMP Snooping and MVR
- Configuring Port-Based Traffic Control
- Configuring CDP
- Configuring UDLD
- Configuring SPAN and RSPAN
- Configuring RMON
- Configuring System Message Logging
- Configuring SNMP
- Configuring Embedded Event Manager
- Configuring Network Security with ACLs
- Configuring Control-Plane Security
- Configuring QoS
- Configuring EtherChannels and Link State Tracking
- Configuring IP Unicast Routing
- Configuring IPv6 Unicast Routing
- Configuring IPv6 MLD Snooping
- Configuring IPv6 ACLs
- Configuring HSRP
- Configuring Cisco IOS IP SLAs Operations
- Configuring Enhanced Object Tracking
- Configuring Ethernet OAM, CFM, and E-LMI
- Configuring IP Multicast Routing
- Configuring MSDP
- Troubleshooting
- Configuring Online Diagnostics
- Supported MIBs
- Working with the Cisco IOS File System, Configuration Files, and Software Images
- MODBUS TCP Registers
- Unsupported Commands in Cisco IOS Release 12.2(53)EX
A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
K -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
X -
Y -
Index
A
abbreviating commands 2-3
ABRs 38-23
access-class command 34-18
access control entries
access-denied response, VMPS 14-24
access groups
applying IPv4 ACLs to interfaces 34-19
Layer 2 34-19
Layer 3 34-20
access lists
access ports
and Layer 2 protocol tunneling 16-16
defined 12-4
accounting
with RADIUS 8-33
ACEs
defined 34-2
Ethernet 34-2
IP 34-2
ACL classification, QoS 36-11
ACLs
ACEs 34-2
applying
on multicast packets 34-38
on routed packets 34-37
on switched packets 34-37
time ranges to 34-16
to IPv6 interfaces 41-7
to QoS 36-11
classifying traffic for QoS 36-36
comments in 34-18
compiling 34-22
examples of 34-22
extended IPv4
creating 34-10
matching criteria 34-7
hardware and software handling 34-20
IP
creating 34-7
implicit deny 34-9, 34-13, 34-15
implicit masks 34-9
matching criteria 34-7
undefined 34-20
IPv4
applying to interfaces 34-19
creating 34-7
matching criteria 34-7
named 34-14
numbers 34-8
terminal lines, setting on 34-18
unsupported features 34-6
IPv6
applying to interfaces 41-7
displaying 41-8
interactions with other features 41-4
limitations 41-3
matching criteria 41-3
named 41-3
precedence of 41-2
supported 41-2
unsupported features 41-3
Layer 4 information in 34-36
logging messages 34-8
MAC extended 34-26
named
IPv4 34-14
IPv6 41-3
names 41-4
precedence of 34-2
QoS 36-11
resequencing entries 34-14
router ACLs and VLAN map configuration guidelines 34-36
standard IPv4
creating 34-9
matching criteria 34-7
support for 1-8
support in hardware 34-20
time ranges 34-16
types supported 34-2
unsupported features
IPv4 34-6
IPv6 41-3
using router ACLs with VLAN maps 34-35
VLAN maps
configuration guidelines 34-29
configuring 34-29
active link 21-2, 21-4, 21-5, 21-6
active router 42-1
active traffic monitoring, IP SLAs 43-1
address aliasing 25-2
addresses
displaying the MAC address table 6-31
dynamic
accelerated aging 17-8
changing the aging time 6-21
default aging 17-8
defined 6-19
learning 6-20
removing 6-22
IPv6 39-2
MAC, discovering 6-31
multicast
group address range 46-2
STP address management 17-8
static
adding and removing 6-27
defined 6-19
Address Resolution Protocol
adjacency tables, with CEF 38-95
administrative distances
defined 38-107
OSPF 38-31
routing protocol defaults 38-97
administrative VLAN, REP 20-8
configuring 20-8
ADU, MODBUS message 5-1
advertisements
CDP 27-1
LLDP 24-1
RIP 38-18
age timer, REP 20-8
aggregatable global unicast addresses 39-3
aggregate addresses, BGP 38-58
aggregated ports
aggregate policers
configuration guidelines 36-49
configuring 36-49
described 36-17
aging, accelerating 17-8
aging time
accelerated
for MSTP 18-23
MAC address table 6-21
maximum
for MSTP 18-24
for STP 17-22
alarm profiles
configuring 7-12
creating or modifying 7-11
alarms
default configuration 7-6
displaying 7-13
power supply 7-2
RMON 30-3
temperature 7-2
allowed-VLAN list 14-18
application data unit
area border routers
area routing
IS-IS 38-62
ISO IGRP 38-62
ARP
configuring 38-8
encapsulation 38-9
static cache configuration 38-8
table
address resolution 6-31
managing 6-31
ASBRs 38-23
AS-path filters, BGP 38-52
associating the temperature alarms to a relay 7-9
assured forwarding, DSCP 36-8
asymmetrical links, and IEEE 802.1Q tunneling 16-4
attaching an alarm profile to a port 7-12
attributes, RADIUS
vendor-proprietary 8-35
vendor-specific 8-34
attribute-value pairs 10-14, 10-15
authentication
EIGRP 38-39
HSRP 42-10
local mode with AAA 8-42
NTP associations 6-4
RADIUS
key 8-26
login 8-28
TACACS+
defined 8-11
key 8-13
login 8-14
See also port-based authentication
authentication failed VLAN
authentication keys, and routing protocols 38-108
authentication manager
CLI commands 10-8
compatibility with older 802.1x CLI commands10-8to ??
overview 10-7
single session ID 10-25
authoritative time source, described 6-2
authorization
with RADIUS 8-32
authorized ports with 802.1x 10-8
autoconfiguration 3-3
auto enablement 10-24
autonegotiation
duplex mode 1-2
interface configuration guidelines 12-22
mismatches 48-5
autonomous system boundary routers
autonomous systems, in BGP 38-46
Auto-RP, described 46-6
autosensing, port speed 1-2
availability, features 1-5
B
backup interfaces
backup links 21-2
backup static routing, configuring 44-12
bandwidth, QoS, configuring 36-61
bandwidth command
for CBWFQ 36-26
QoS, configuring 36-61
QoS, described 36-28
with police command 36-30
bandwidth remaining percent command 36-30
banners
configuring
login 6-19
message-of-the-day login 6-18
default configuration 6-17
when displayed 6-17
Berkeley r-tools replacement 8-54
best-effort packet delivery 36-1
BGP
aggregate addresses 38-58
aggregate routes, configuring 38-58
CIDR 38-58
clear commands 38-61
community filtering 38-55
configuring neighbors 38-56
default configuration 38-44, 38-74
described 38-43
enabling 38-46
monitoring 38-61
multipath support 38-50
neighbors, types of 38-46
path selection 38-50
peers, configuring 38-56
prefix filtering 38-54
resetting sessions 38-49
route dampening 38-60
route maps 38-52
route reflectors 38-59
routing domain confederation 38-59
routing session with multi-VRF CE 38-90
show commands 38-61
supernets 38-58
support for 1-10
Version 4 38-43
binding database
DHCP snooping
See DHCP snooping binding database
bindings
DHCP snooping database 22-6
IP source guard 22-19
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 26-6
Boolean expressions in tracked lists 44-4
booting
boot loader, function of 3-2
boot process 3-1
manually 3-19
specific image 3-19
boot loader
accessing 3-20
described 3-2
environment variables 3-21
prompt 3-20
trap-door mechanism 3-2
bootstrap router (BSR), described 46-6
Border Gateway Protocol
BPDU
error-disabled state 19-3
filtering 19-3
RSTP format 18-12
BPDU filtering
described 19-3
disabling 19-9
enabling 19-8
support for 1-6
BPDU guard
described 19-3
disabling 19-8
enabling 19-7
support for 1-6
broadcast flooding 38-15
broadcast packets
directed 38-12
flooded 38-12
broadcast storm-control command 26-4
bulk statistics
defined 32-6
file 32-6
object list, configuring 32-18
object list, described 32-6
schema, configuring 32-18
schema, described 32-6
transfer 32-19
bulkstat object-list 32-18
bulkstat schema 32-18
C
cables, monitoring for unidirectional links 28-1
CA trustpoint
configuring 8-51
defined 8-48
CBWFQ
and bandwidth command 36-28, 36-61
configuration guidelines 36-61
QoS scheduling 36-26
CDP
configuring 27-2
default configuration 27-2
defined with LLDP 24-1
described 27-1
disabling for routing device27-3to 27-4
enabling and disabling
on an interface 27-4
on a switch 27-3
Layer 2 protocol tunneling 16-13
monitoring 27-5
overview 27-1
power negotiation extensions 12-7
support for 1-4
transmission timer and holdtime, setting 27-2
updates 27-2
CEF
defined 38-95
enabling 38-96
IPv6 39-18
CFM
and Ethernet OAM
configuring 45-54
interaction 45-53
and OAM manager 45-47
and other features 45-8
and tunnels 45-8
clearing 45-30
configuration
errors 45-6
guidelines 45-7
configuring
crosscheck 45-11
fault alarms 45-16
port MEP 45-14
static remote MEP 45-12
the network 45-8
continuity check messages 45-5
crosscheck 45-5
default configuration 45-7
defined 45-2
down MEPs 45-4
draft 1 45-4
draft 8.1 45-4
EtherChannel support 45-7
fault alarms
configuring 45-16
defined 45-5
IEEE 802.1ag 45-2
IP SLAs
support for 45-6
with endpoint discovers 45-20
loopback messages 45-5
maintenance association 45-3
maintenance domain 45-2
maintenance point 45-3
manually configuring IP SLAs ping or jitter 45-17
measuring network performance 45-6
messages
continuity check 45-5
loopback 45-5
traceroute 45-5
on EtherChannel port channels 45-7
port MEP, configuring 45-14
remote MEPs 45-5
SNMP traps 45-5
static RMEP
check 45-5
configuring 45-12
traceroute messages 45-5
types of messages 45-5
UNIs 45-4
up MEPs 45-4
version interoperability 45-6
Y.1731 description 45-22
child policies, QoS 36-12, 36-27
CIDR 38-58
CipherSuites 8-50
Cisco Configuration Engine 1-3
Cisco Configuration Professional 1-3
Cisco Data Collection MIB 32-1
Cisco Discovery Protocol
Cisco Express Forwarding
Cisco intelligent power management 12-7
Cisco IOS File System
Cisco IOS IP SLAs 43-1
Cisco IP Phone, MODBUS client 5-1
Cisco Process MIB 32-1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 10-15
attribute-value pairs for redirect URL 10-14
configuration guide 10-50
CISP 10-24
CIST root or regional root
class-based priority queuing, QoS 36-20
class-based shaping
configuration guidelines 36-63
configuring 36-63
for QoS 36-26
Class-Based-Weighted-Fair-Queuing
classification
based on ACL lookup 36-11
in packet headers 36-6
per-port per VLAN 36-12, 36-55
QoS comparisons 36-10
QoS group 36-11
classless interdomain routing
classless routing 38-6
class map
match-all option 36-7
match-any option 36-7
class-map command 36-3
class maps, QoS
configuring 36-40
described 36-7
class of service
class selectors, DSCP 36-9
clearing, Ethernet CFM 45-30
clearing interfaces 12-36
CLI
abbreviating commands 2-3
command modes 2-1
described 1-3
editing features
enabling and disabling 2-6
keystroke editing 2-6
wrapped lines 2-8
error messages 2-4
filtering command output 2-8
getting help 2-3
history
changing the buffer size 2-5
described 2-4
disabling 2-5
recalling commands 2-5
no and default forms of commands 2-4
Client Information Signalling Protocol
client processes, tracking 44-1
CLNS
clock
CNS
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-7
for upgrading 4-14
CoA Request Commands 8-22
command-line interface
command macros, creating 13-4
command modes 2-1
commands
abbreviating 2-3
no and default 2-4
setting privilege levels 8-8
common session ID
see single session ID 10-25
community list, BGP 38-55
community ports 15-3
community strings
configuring 32-8
overview 32-4
compatibility, feature 26-11
config.text 3-18
configurable leave timer, IGMP 25-5
configuration, initial, defaults 1-12
configuration examples
network 1-12
policy maps 36-79
QoS
adding customers 36-81
adding or deleting a class 36-84
adding or deleting classification criteria 36-81, 36-82
adding or deleting configured actions 36-83
changing queuing or scheduling parameters 36-82
initial 36-79
configuration files
archiving B-20
clearing the startup configuration B-20
creating using a text editor B-11
default name 3-18
deleting a stored configuration B-20
described B-9
downloading
automatically 3-18
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
guidelines
for creating and using B-10
for replacing and rolling back B-21
invalid combinations when copying B-6
limiting TFTP server access 32-17, 32-18, 32-19, 32-20
obtaining with DHCP 3-9
password recovery disable considerations 8-5
replacing a running configuration B-20, B-21
rolling back a running configuration B-20, B-21
specifying the filename 3-18
system contact and location information 32-17
types and location B-11
uploading
reasons for B-9
using FTP B-15
using RCP B-19
using TFTP B-13
configuration guidelines
aggregate policers 36-49
CBWFQ 36-61
CFM 45-7
class-based shaping 36-63
EtherChannel 37-10
Ethernet OAM 45-34
HSRP 42-5
individual policers 36-45
input policy maps 36-44
link-state tracking 37-24
marking in policy maps 36-53
multi-VRF CE 38-84
OAM manager 45-48
output policy maps 36-60
per-port, per-VLAN QoS 36-55
PIM stub routing 46-12
port security 26-10
QoS, general 36-35
QoS class maps 36-40
REP 20-7
rollback and replacement B-21
SSM 46-16
SSM mapping 46-17
strict priority queuing 36-65
unconditional priority policing 36-67
UNI VLANs 14-12
VLAN mapping 16-9
VLANs 14-8
WTD 36-70
configuration replacement B-20
configuration rollback B-20
configuration settings, saving 3-15
configure terminal command 12-14
configuring 802.1x user distribution 10-45
configuring marking in input policy maps 36-53
configuring port-based authentication violation modes 10-32
congestion avoidance, QoS 36-2, 36-31
congestion management, QoS 36-2, 36-25
connections, secure remote 8-44
Connectivity Fault Management
connectivity problems 48-8, 48-11, 48-13
console port, connecting to 2-9
control packets
and control-plane security 35-2
dropping and rate-limiting 35-2
control-plane security
configuring 35-6
control packets 35-2
monitoring 35-7
policers 35-3
policing 35-2
purpose of 35-1
control protocol, IP SLAs 43-3
convergence, REP 20-4
corrupted software recovery
steps with Xmodem 48-2
steps with Xmodem and Express Setup 48-3
CoS
classification 36-8
values 36-6
counters, clearing interface 12-36
CPU overload, protection from 35-1
CPU policers 35-5
CPU protection 35-3
CPU threshold notification 32-21
CPU threshold table 32-1, 32-20
CPU utilization statistics 32-20
crashinfo file 48-19
critical authentication, IEEE 802.1x 10-42
critical VLAN 10-18
cryptographic software image
Kerberos 8-38
SSH 8-43
SSL 8-48
customer edge devices 38-82
customizable web pages, web-based authentication 11-6
C-VLAN 16-7
D
DACL
data collection, bulk statistics 32-20
daylight saving time 6-13
debugging
enabling all system diagnostics 48-16
enabling for a specific feature 48-16
redirecting error message output 48-17
using commands 48-15
default actions, table maps 36-14
default alarm configuration 7-6
default commands 2-4
default configuration
banners 6-17
booting 3-18
CDP 27-2
CFM 45-7
DHCP 22-8
DHCP option 82 22-8
DHCP snooping 22-8
DHCP snooping binding database 22-8
DNS 6-16
dynamic ARP inspection 23-5
EIGRP 38-36
E-LMI and OAM 45-48
EtherChannel 37-10
Ethernet OAM 45-34
Flex Links 21-7
HSRP 42-5
IEEE 802.1Q tunneling 16-4
IEEE 802.1x 10-26
IGMP 46-37
IGMP filtering 25-24
IGMP snooping 25-6, 40-5, 40-6
IGMP throttling 25-24
initial switch information 3-3
IP addressing, IP routing 38-4
IP multicast routing 46-9
IP SLAs 43-5
IP source guard 22-21
IPv6 39-9
IS-IS 38-63
Layer 2 interfaces 12-18
Layer 2 protocol tunneling 16-16
LLDP 24-3
MAC address table 6-21
MAC address-table move update 21-7
MSDP 47-3
MSTP 18-14
multi-VRF CE 38-84
MVR 25-18
NTP 6-4
optional spanning-tree configuration 19-5
OSPF 38-24
password and privilege level 8-2
PIM 46-9
private VLANs 15-6
QoS 36-35
RADIUS 8-25
REP 20-7
RIP 38-18
RMON 30-3
RSPAN 29-9
SDM template 9-3
SNMP 32-7
SPAN 29-9
SSL 8-50
STP 17-11
system message logging 31-3
system name and prompt 6-15
TACACS+ 8-13
UDLD 28-4
VLAN, Layer 2 Ethernet interfaces 14-16
VLAN mapping 16-9
VLANs 14-7
VMPS 14-25
Y.1731 45-25
default networks 38-98
default policer configuration
ENIs and UNIs 35-4
NNIs 35-5
default router preference
default routes 38-98
default routing 38-2
default service, DSCP 36-8
default template 9-1
default web-based authentication configuration, 802.1X 11-9
denial-of-service attacks, preventing 35-1
description command 12-31
designing your network, examples 1-12
destination addresses
in IPv4 ACLs 34-11
in IPv6 ACLs 41-5
destination-IP address-based forwarding, EtherChannel 37-8
destination-MAC address forwarding, EtherChannel 37-7
device discovery protocol 24-1, 27-1
DHCP, enabling the relay agent 22-10
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-4
DNS 3-8
relay device 3-8
server side 3-6
TFTP server 3-7
example 3-9
lease options
for IP address information 3-6
for receiving the configuration file 3-7
overview 3-3
relationship to BOOTP 3-4
support for 1-4
DHCP-based autoconfiguration and image update
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP for IPv6
DHCP object tracking, configuring primary interface 44-11
DHCP option 82
circuit ID suboption 22-5
configuration guidelines 22-8
default configuration 22-8
displaying 22-15
forwarding address, specifying 22-10
helper address 22-10
overview 22-3
packet format, suboption
circuit ID 22-5
remote ID 22-5
remote ID suboption 22-5
DHCP server port-based address allocation
configuration guidelines 22-16
default configuration 22-16
described 22-15
displaying 22-18
enabling 22-16
reserved addresses 22-17
DHCP snooping
accepting untrusted packets form edge switch 22-3, 22-12
and private VLANs 22-13
binding database
See DHCP snooping binding database
configuration guidelines 22-8
default configuration 22-8
displaying binding tables 22-15
message exchange process 22-4
option 82 data insertion 22-3
trusted interface 22-2
untrusted interface 22-2
untrusted messages 22-2
DHCP snooping binding database
adding bindings 22-14
binding entries, displaying 22-15
binding file
format 22-7
location 22-6
bindings 22-6
clearing agent statistics 22-15
configuration guidelines 22-9
configuring 22-14
default configuration 22-8
deleting
binding file 22-14
bindings 22-15
database agent 22-14
described 22-6
displaying 22-15
binding entries 22-15
status and statistics 22-15
enabling 22-14
entry 22-6
renewing database 22-15
resetting
delay value 22-14
timeout value 22-14
DHCP snooping binding table
See DHCP snooping binding database
DHCPv6
configuration guidelines 39-14
default configuration 39-14
described 39-5
enabling client function 39-17
enabling DHCPv6 server function 39-15
diagnostic schedule command 49-2
Differentiated Services Code Point
Diffusing Update Algorithm (DUAL) 38-34
Digital Optical Monitoring
directed unicast requests 1-4
directories
changing B-5
creating and removing B-5
displaying the working B-5
discovery, Ethernet OAM 45-33
displaying switch alarms 7-13
distributed controller, MODBUS client 5-1
distribute-list command 38-106
DNS
and DHCP-based autoconfiguration 3-8
default configuration 6-16
displaying the configuration 6-17
in IPv6 39-3
overview 6-15
setting up 6-16
support for 1-4
DNS-based SSM mapping 46-19, 46-20
DoM
displaying supported transceivers 12-36
domain names, DNS 6-15
Domain Name System
domains, ISO IGRP routing 38-62
dot1q-tunnel switchport mode 14-15
double-tagged packets
IEEE 802.1Q tunneling 16-2
Layer 2 protocol tunneling 16-15
downloadable ACL 10-14, 10-15, 10-50
downloading
configuration files
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
image files
deleting old image B-28
reasons for B-24
using FTP B-30
using RCP B-34
using TFTP B-27
using the device manager or Network Assistant B-24
drop threshold for Layer 2 protocol packets 16-16
DRP
configuring 39-12
described 39-4
IPv6 39-4
DSCP
assured forwarding 36-8
classification 36-8
class selectors 36-9
default service 36-8
expedited forwarding 36-9
values 36-6
DUAL finite state machine, EIGRP 38-35
dual IPv4 and IPv6 templates 9-2, 39-5
dual protocol stacks
IPv4 and IPv6 39-5
SDM templates supporting 39-5
dual-purpose ports
default port type 12-11
defaults 12-27
defined 12-11
frame size 12-27
LEDs 12-11
setting the type 12-27
duplex mode, configuring 12-21
dynamic access ports
characteristics 14-5
configuring 14-26
defined 12-4
dynamic addresses
dynamic ARP inspection
ARP cache poisoning 23-1
ARP requests, described 23-1
ARP spoofing attack 23-1
clearing
log buffer 23-15
statistics 23-15
configuration guidelines 23-6
configuring
ACLs for non-DHCP environments 23-8
in DHCP environments 23-7
log buffer 23-13
rate limit for incoming ARP packets 23-4, 23-10
default configuration 23-5
denial-of-service attacks, preventing 23-10
described 23-1
DHCP snooping binding database 23-2
displaying
ARP ACLs 23-14
configuration and operating state 23-14
log buffer 23-15
statistics 23-15
trust state and rate limit 23-14
error-disabled state for exceeding rate limit 23-4
function of 23-2
interface trust states 23-3
log buffer
clearing 23-15
configuring 23-13
displaying 23-15
logging of dropped packets, described 23-4
man-in-the middle attack, described 23-2
network security issues and interface trust states 23-3
priority of ARP ACLs and DHCP snooping entries 23-4
rate limiting of ARP packets
configuring 23-10
described 23-4
error-disabled state 23-4
statistics
clearing 23-15
displaying 23-15
validation checks, performing 23-12
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 14-24
reconfirming 14-27
troubleshooting 14-28
types of connections 14-26
dynamic routing
ISO CLNS 38-62
protocols 38-2
E
EBGP 38-42
editing features
enabling and disabling 2-6
keystrokes used 2-6
wrapped lines 2-8
EEM 3.2 33-5
EIGRP
authentication 38-39
components 38-35
configuring 38-37
default configuration 38-36
definition 38-34
interface parameters, configuring 38-38
monitoring 38-41
stub routing 38-40
support for 1-10
EIGRP IPv6 39-6
electronic security perimeter
E-LMI
and OAM Manager 45-47
CE device configuration 45-52
configuration guidelines 45-48
configuring a CE device 45-51
configuring a PE device 45-51
default configuration 45-48
defined 45-46
enabling 45-50
information 45-46
monitoring 45-53
PE device configuration 45-52
embedded event manager
3.2 33-5
actions 33-4
displaying information 33-7
environmental variables 33-4
event detectors 33-2
policies 33-4
registering and defining an applet 33-6
registering and defining a TCL script 33-7
understanding 33-1
enable password 8-3
enable secret password 8-3
enabling SNMP traps 7-13
encryption, CipherSuite 8-50
encryption for passwords 8-3
Enhanced IGRP
enhanced network interface
enhanced object tracking
backup static routing 44-12
commands 44-1
defined 44-1
DHCP primary interface 44-11
HSRP 44-7
IP routing state 44-2
IP SLAs 44-9
line-protocol state 44-2
network monitoring with IP SLAs 44-11
routing policy, configuring 44-12
static route primary interface 44-10
tracked lists 44-3
ENI
configuring 12-20
described 12-2
protocol control packets on 35-1
environment variables
embedded event manager 33-4
function of 3-21
equal-cost routing 1-10, 38-96
error messages during command entry 2-4
ESP, substations 1-15
EtherChannel
802.3ad, described 37-6
automatic creation of 37-4, 37-6
channel groups
binding physical and logical interfaces 37-3
numbering of 37-3
configuration guidelines 37-10
configuring
Layer 2 interfaces 37-11
Layer 3 physical interfaces 37-15
Layer 3 port-channel logical interfaces 37-14
default configuration 37-10
described 37-2
displaying status 37-22
forwarding methods 37-7, 37-17
interaction
with STP 37-10
with VLANs 37-11
LACP
described 37-6
displaying status 37-22
hot-standby ports 37-19
interaction with other features 37-7
Layer 2 protocol tunneling 16-14
modes 37-6
port priority 37-21
system priority 37-20
Layer 3 interface 38-3
logical interfaces, described 37-3
PAgP
aggregate-port learners 37-18
compatibility with Catalyst 1900 37-18
described 37-4
displaying status 37-22
interaction with other features 37-5
learn method and priority configuration 37-18
modes 37-5
support for 1-2
port-channel interfaces
described 37-3
numbering of 37-3
port groups 12-6
support for 1-2
EtherChannel guard
described 19-3
disabling 19-10
enabling 19-9
Ethernet Alarm Signal function 45-23
Ethernet infrastructure 45-1
Ethernet Link Management Interface
Ethernet Locked Signal function 45-24
Ethernet loopback, characteristics 45-43
Ethernet OAM
and CFM interaction 45-53
configuration guidelines 45-34
configuring with CFM 45-54
default configuration 45-34
discovery 45-33
manager 45-1
messages 45-33
protocol
CFM notifications 45-53
monitoring 45-42
remote failure indications 45-33, 45-39
templates 45-39
Ethernet operation, administration, and maintenance
Ethernet Remote Defect Indication (ETH-RDI) 45-24
Ethernet terminal loopback 36-78
Ethernet virtual connections
Ethernet VLANs
adding 14-9
defaults and ranges 14-8
modifying 14-9
EUI 39-3
EVCs
configuring 45-49
in CFM domains 45-46
event detectors, embedded event manager 33-2
events, RMON 30-3
examples, network configuration 1-12
expedited forwarding, DSCP 36-9
extended-range VLANs
creating with an internal VLAN ID 14-12
defined 14-1
extended system ID
MSTP 18-17
extended universal identifier
Extensible Authentication Protocol over LAN 10-1
external BGP
external neighbors, BGP 38-46
F
Fast Convergence 21-3
FCS bit error rate alarm
configuring 7-10
defined 7-3
FCS error hysteresis threshold 7-2
features, incompatible 26-11
FIB 38-95
fiber-optic, detecting unidirectional links 28-1
files
copying B-6
crashinfo
description 48-19
displaying the contents of 48-19
location 48-19
deleting B-7
displaying the contents of B-9
tar
creating B-7
displaying the contents of B-8
extracting B-8
image file format B-25
file system
displaying available file systems B-2
displaying file information B-4
local file system names B-1
network file system names B-6
setting the default B-4
filtering
in a VLAN 34-29
non-IP traffic 34-26
show and more command output 2-8
filtering show and more command output 2-8
filters, IP
flash device, number of B-1
flexible authentication ordering
configuring 10-53
overview 10-23
Flex Link Multicast Fast Convergence 21-3
Flex Links
configuration guidelines 21-8
configuring preferred VLAN 21-11
configuring VLAN load balancing 21-10
default configuration 21-7
description 21-1
link load balancing 21-2
monitoring 21-14
VLANs 21-2
flooded traffic, blocking 26-7
forward-delay time
MSTP 18-23
STP 17-22
Forwarding Information Base
FTP
accessing MIB files A-4
configuration files
downloading B-14
overview B-13
preparing the server B-14
uploading B-15
image files
deleting old image B-32
downloading B-30
preparing the server B-29
uploading B-32
G
general query 21-5
Generating IGMP Reports 21-3
generic object oriented substation events messages
get-bulk-request operation 32-3
get-next-request operation 32-3, 32-4
get-request operation 32-3, 32-4
get-response operation 32-3
global configuration mode 2-2
global leave, IGMP 25-11
global status monitoring alarms 7-2
guest VLAN and 802.1x 10-16
H
hardware limitations and Layer 3 interfaces 12-32
hello time
MSTP 18-23
STP 17-21
help, for the command line 2-3
history
changing the buffer size 2-5
described 2-4
disabling 2-5
recalling commands 2-5
history table, level and number of syslog messages 31-9
HMI, MODBUS client 5-1
host ports
configuring 15-11
kinds of 15-2
hosts, limit on dynamic ports 14-28
Hot Standby Router Protocol
HP OpenView 1-3
HSRP
authentication string 42-10
command-switch redundancy 1-6
configuration guidelines 42-5
configuring 42-5
default configuration 42-5
definition 42-1
monitoring 42-12
object tracking 44-7
overview 42-1
priority 42-7
routing redundancy 1-10
support for ICMP redirect messages 42-12
timers 42-10
tracking 42-8
HTTP(S) Over IPv6 39-7
HTTP over SSL
HTTPS 8-48
configuring 8-52
self-signed certificate 8-49
HTTP secure server 8-48
human machine interface
I
IBPG 38-42
ICMP
IPv6 39-4
redirect messages 38-10
support for 1-10
time-exceeded messages 48-13
traceroute 48-13
unreachable messages 34-19
unreachable messages and IPv6 41-4
unreachables and ACLs 34-20
ICMP ping
executing 48-8
overview 48-8
ICMP Router Discovery Protocol
ICMPv6 39-4
IDS appliances
and ingress RSPAN 29-19
and ingress SPAN 29-12
IED
MODBUS client 5-1
substation device 1-15
IEEE 802.1ag 45-2
IEEE 802.1D
IEEE 802.1Q
and trunk ports 12-4
configuration limitations 14-15
encapsulation 14-15
native VLAN for untagged traffic 14-19
tunneling
compatibility with other features 16-5
defaults 16-4
described 16-1
tunnel ports with other features 16-6
IEEE 802.1s
IEEE 802.1w
IEEE 802.1x
IEEE 802.3ad
IEEE 802.3ah Ethernet OAM discovery 45-1
IEEE 802.3z flow control 12-29
ifIndex values, SNMP 32-5
IFS 1-4
IGMP
configurable leave timer, described 25-5
configurable leave timer, procedures 25-9
configuring the switch
as a member of a group 46-37
statically connected member 46-42
controlling access to groups 46-38
default configuration 46-37
deleting cache entries 46-46
displaying groups 46-47
fast switching 46-42
flooded multicast traffic
controlling flooding time 25-10
disabling on an interface 25-11
global leave 25-11
query solicitation 25-11
recovering from flood mode 25-11
host-query interval, modifying 46-40
joining multicast group 25-3
join messages 25-3
leave processing, enabling 25-9, 40-9
leaving multicast group 25-5
multicast reachability 46-37
overview 46-2
queries 25-3
report suppression
described 25-6
supported versions 25-2
support for 1-2
Version 1
changing to Version 2 46-39
described 46-3
Version 2
changing to Version 1 46-39
described 46-3
maximum query response time value 46-41
pruning groups 46-41
query timeout value 46-41
IGMP configurable leave timer 25-5
IGMP filtering
configuring 25-25
default configuration 25-24
described 25-24
monitoring 25-29
support for 1-2
IGMP groups
configuring filtering 25-27
setting the maximum number 25-26
IGMP helper 46-5
IGMP leave timer, configuring 25-9
IGMP profile
applying 25-26
configuration mode 25-25
configuring 25-25
IGMP snooping
and address aliasing 25-2
configuring 25-6
default configuration 25-6, 40-5, 40-6
definition 25-1
enabling and disabling 25-7, 40-6
global configuration 25-7
Immediate Leave 25-5
querier
configuration guidelines 25-12
configuring 25-12
supported versions 25-2
support for 1-2
VLAN configuration 25-7
IGMP throttling
configuring 25-27
default configuration 25-24
described 25-24
displaying action 25-28
IGP 38-23
Immediate Leave, IGMP
configuration guidelines 25-9
described 25-5
inaccessible authentication bypass 10-18
support for multiauth ports 10-18
individual policers
configuration guidelines 36-45
configuring 36-45
initial configuration
defaults 1-12
input policy maps
classification criteria 36-5
configuration guidelines 36-44
configuring 36-44
displaying statistics 36-78
intelligent electronic device
interface
number 12-14
range macros 12-16
interface command 12-14
interface configuration, REP 20-9
interface configuration mode 2-2
interfaces
configuration guidelines, duplex and speed 12-21
configuring
duplex mode 12-21
procedure 12-14
speed 12-21
counters, clearing 12-36
described 12-31
descriptive name, adding 12-31
displaying information about 12-35
flow control 12-29
management 1-3
monitoring 12-35
naming 12-31
physical, identifying 12-14
range of 12-15
restarting 12-37
shutting down 12-37
status 12-35
supported 12-14
types of 12-1
interfaces range macro command 12-16
interface types 12-14
ENI 12-2
NNI 12-2
UNI 12-2
Interior Gateway Protocol
Intermediate System-to-Intermediate System
internal BGP
internal neighbors, BGP 38-46
Internet Control Message Protocol
Internet Group Management Protocol
Internet Protocol version 6
Intrusion Detection System
inventory management TLV 24-6
IP ACLs
for QoS classification 36-11
implicit masks 34-9
named 34-14
undefined 34-20
IP addresses
128-bit 39-2
classes of 38-5
default configuration 38-4
discovering 6-31
for IP routing 38-3
IPv6 39-2
MAC address association 38-7
monitoring 38-16
IP broadcast address 38-14
ip cef distributed command 38-95
IP directed broadcasts 38-12
ip igmp profile command 25-25
IP information
assigned
manually 3-14
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing
addresses
all-hosts 46-2
all-multicast-routers 46-2
host group address range 46-2
administratively-scoped boundaries, described 46-44
and IGMP snooping 25-1
Auto-RP
adding to an existing sparse-mode cloud 46-24
benefits of 46-24
clearing the cache 46-46
configuration guidelines 46-10
filtering incoming RP announcement messages 46-27
overview 46-6
preventing candidate RP spoofing 46-27
preventing join messages to false RPs 46-26
setting up in a new internetwork 46-24
using with BSR 46-32
bootstrap router
configuration guidelines 46-10
configuring candidate BSRs 46-30
configuring candidate RPs 46-31
defining the IP multicast boundary 46-29
defining the PIM domain border 46-28
overview 46-6
using with Auto-RP 46-32
Cisco implementation 46-1
configuring
basic multicast routing 46-10
IP multicast boundary 46-44
default configuration 46-9
enabling
multicast forwarding 46-11
PIM mode 46-12
group-to-RP mappings
Auto-RP 46-6
BSR 46-6
MBONE
deleting sdr cache entries 46-46
described 46-43
displaying sdr cache 46-47
enabling sdr listener support 46-43
limiting sdr cache entry lifetime 46-44
SAP packets for conference session announcement 46-43
Session Directory (sdr) tool, described 46-43
monitoring
packet rate loss 46-47
peering devices 46-47
tracing a path 46-47
multicast forwarding, described 46-7
PIMv1 and PIMv2 interoperability 46-9
reverse path check (RPF) 46-7
routing table
deleting 46-46
displaying 46-47
RP
assigning manually 46-22
configuring Auto-RP 46-24
configuring PIMv2 BSR 46-28
monitoring mapping information 46-33
using Auto-RP and BSR 46-32
statistics, displaying system and network 46-46
IP packets, classification 36-6
IP precedence
classification 36-8
values 36-6
IP protocols
routing 1-10
IP routes, monitoring 38-109
IP routing
connecting interfaces with 12-12
disabling 38-17
enabling 38-17
IP Service Level Agreements
IP service levels, analyzing 43-1
IP SLAs
benefits 43-2
CFM endpoint discovery 45-20
configuration guidelines 43-5
configuring object tracking 44-9
Control Protocol 43-3
default configuration 43-5
definition 43-1
manually configuring CFM ping or jitter 45-17
measuring network performance 43-2
monitoring 43-6
object tracking 44-9
operation 43-2
reachability tracking 44-9
responder
described 43-3
enabling 43-5
response time 43-4
SNMP support 43-2
supported metrics 43-2
track object monitoring agent, configuring 44-11
track state 44-9
IP source guard
and 802.1x 22-21
and DHCP snooping 22-19
and EtherChannels 22-21
and port security 22-21
and private VLANs 22-21
and routed ports 22-21
and TCAM entries 22-21
and trunk interfaces 22-21
and VRF 22-21
binding configuration
automatic 22-19
manual 22-19
binding table 22-19
configuration guidelines 22-21
default configuration 22-21
described 22-19
disabling 22-22
displaying
bindings 22-23
configuration 22-23
enabling 22-21
filtering
source IP address 22-19
source IP and MAC address 22-20
static bindings
adding 22-21
deleting 22-22
IP traceroute
executing 48-14
overview 48-13
IP unicast routing
address resolution 38-7
administrative distances 38-97, 38-107
ARP 38-7
assigning IP addresses to Layer 3 interfaces 38-5
authentication keys 38-108
broadcast
address 38-14
flooding 38-15
packets 38-12
storms 38-12
classless routing 38-6
configuring static routes 38-97
default
addressing configuration 38-4
gateways 38-10
networks 38-98
routes 38-98
routing 38-2
directed broadcasts 38-12
disabling 38-17
dynamic routing 38-2
enabling 38-17
EtherChannel Layer 3 interface 38-3
IGP 38-23
inter-VLAN 38-2
IP addressing
classes 38-5
configuring 38-3
IPv6 39-2
IRDP 38-10
Layer 3 interfaces 38-3
MAC address and IP address 38-7
passive interfaces 38-106
proxy ARP 38-7
redistribution 38-99
reverse address resolution 38-7
routed ports 38-3
static routing 38-2
steps to configure 38-3
subnet mask 38-5
subnet zero 38-5
supernet 38-6
UDP 38-13
with SVIs 38-3
IPv4 ACLs
applying to interfaces 34-19
extended, creating 34-10
named 34-14
standard, creating 34-9
IPv6
ACLs
displaying 41-8
limitations 41-3
matching criteria 41-3
port 41-2
precedence 41-2
router 41-2
supported 41-2
addresses 39-2
address formats 39-2
applications 39-4
assigning address 39-9
autoconfiguration 39-4
CEFv6 39-18
default configuration 39-9
default router preference (DRP) 39-4
defined 39-1
Enhanced Interior Gateway Routing Protocol (EIGRP) 39-6
feature limitations 39-8
features not supported 39-8
forwarding 39-9
ICMP 39-4
neighbor discovery 39-4
OSPF 39-6
path MTU discovery 39-3
Router ID 39-6
Stateless Autoconfiguration 39-4
supported features 39-2
switch limitations 39-8
traffic, filtering 41-3
understanding static routes 39-6
IRDP
configuring 38-11
definition 38-10
support for 1-10
IS-IS
addresses 38-62
area routing 38-62
default configuration 38-63
monitoring 38-71
show commands 38-71
support for 1-10
system routing 38-62
ISL trunking with IEEE 802.1 tunneling 16-4
ISO CLNS
clear commands 38-71
dynamic routing protocols 38-62
monitoring 38-71
NETs 38-62
NSAPs 38-62
OSI standard 38-62
ISO IGRP
area routing 38-62
system routing 38-62
isolated port 15-2
ITU-T Y.1731
J
join messages, IGMP 25-3
K
KDC
described 8-38
keepalive command 12-20
keepalive messages
default 12-20
restriction 17-2
Kerberos
authenticating to
boundary switch 8-41
KDC 8-41
network services 8-41
configuration examples 8-38
configuring 8-41
credentials 8-39
cryptographic software image 8-38
described 8-38
KDC 8-38
operation 8-40
realm 8-40
server 8-40
support for 1-8
switch as trusted third party 8-38
terms 8-39
TGT 8-40
tickets 8-39
key distribution center
L
l2protocol-tunnel command 16-18
LACP
Layer 2 interfaces, default configuration 12-18
Layer 2 packets, classification 36-6
Layer 2 protocol packets, and control-plane security 35-2
Layer 2 protocol tunneling
configuring 16-15
configuring for EtherChannels 16-19
default configuration 16-16
defined 16-13
guidelines 16-16
Layer-2 template 9-1
Layer 2 traceroute
and ARP 48-12
and CDP 48-12
broadcast traffic 48-11
described 48-11
IP addresses and subnets 48-12
MAC addresses and VLANs 48-12
multicast traffic 48-12
multiple devices on a port 48-12
unicast traffic 48-11
usage guidelines 48-12
Layer 3 features 1-10
Layer 3 interfaces
assigning IP addresses to 38-5
assigning IPv4 and IPv6 addresses to 39-13
assigning IPv6 addresses to 39-10
changing from Layer 2 mode 38-5, 38-87
types of 38-3
LDAP 4-2
Leaking IGMP Reports 21-4
lightweight directory access protocol
line configuration mode 2-2
Link Aggregation Control Protocol
Link Failure, detecting unidirectional 18-8
link fault alarm 7-3
link integrity, verifying with REP 20-3
Link Layer Discovery Protocol
link local unicast addresses 39-3
link monitoring, Ethernet OAM 45-33, 45-36
link redundancy
links, unidirectional 28-1
link state advertisements (LSAs) 38-29
link-state tracking
configuration guidelines 37-24
configuring 37-24
described 37-22
LLDP
configuring 24-3
characteristics 24-3
default configuration 24-3
disabling and enabling
globally 24-4
on an interface 24-5
monitoring and maintaining 24-7
overview 24-1
supported TLVs 24-2
transmission timer and holdtime, setting 24-3
LLDP-MED
configuring 24-3
configuring TLVs 24-6
monitoring and maintaining 24-7
supported TLVs 24-2
LLDP Media Endpoint Discovery
load balancing 42-4
local SPAN 29-2
logging messages, ACL 34-8
login authentication
with RADIUS 8-28
with TACACS+ 8-14
login banners 6-17
log messages
loop guard
described 19-5
enabling 19-10
support for 1-6
M
MAC addresses
aging time 6-21
and VLAN association 6-20
building the address table 6-20
default configuration 6-21
disabling learning on a VLAN 6-30
discovering 6-31
displaying 6-31
displaying in the IP source binding table 22-23
dynamic
learning 6-20
removing 6-22
in ACLs 34-26
IP address association 38-7
static
adding 6-28
characteristics of 6-27
dropping 6-29
removing 6-28
MAC address learning, disabling on a VLAN 6-30
MAC address notification, support for 1-11
MAC address-table move update
configuration guidelines 21-8
configuring 21-12
default configuration 21-7
description 21-6
monitoring 21-14
MAC address-to-VLAN mapping 14-23
MAC authentication bypass
802.1x readiness check 10-12
configuring 10-45
MAC extended access lists
applying to Layer 2 interfaces 34-28
configuring for QoS 36-39
creating 34-26
defined 34-26
magic packet 10-20
Maintenance end points
Maintenance intermediate points
manageability features 1-3
management access
in-band
CLI session 1-4
SNMP 1-4
out-of-band console port connection 1-4
management options
CLI 2-1
CNS 4-1
overview 1-3
manual preemption, REP, configuring 20-14
marking
action with aggregate policers 36-49
match command, QoS
guidelines 36-40
matching, IPv4 ACLs 34-7
matching classifications, QoS 36-7
maximum aging time
MSTP 18-24
STP 17-22
maximum hop count, MSTP 18-24
maximum number of allowed devices, port-based authentication 10-28
maximum-paths command 38-50, 38-96
media-type command 12-27
membership mode, VLAN port 14-5
MEPs
and STP 45-4
defined 45-3
messages
Ethernet OAM 45-33
to users through banners 6-17
metrics, in BGP 38-50
metric translations, between routing protocols 38-102
metro tags 16-2
MHSRP 42-4
MIBs
accessing files with FTP A-4
location of files A-4
overview 32-1
SNMP interaction with 32-4
supported A-1
MIPs
and STP 45-4
defined 45-4
mirroring traffic for analysis 29-1
mismatches, autonegotiation 48-5
MODBUS
clients
Cisco IP Phone 5-1
distributed controller 5-1
HMI 5-1
IED 5-1
substation router 5-1
substation switch 5-1
using registers C-1
wireless access point 5-1
connecting to clients 5-1
defaults 5-2
registers
port information C-2
system information C-1
RTU in a SCADA system 5-1
security 5-1
Modicon Communication Bus
modular QoS command-line interface
module number 12-14
monitoring
access groups 34-39
alarms 7-13
BGP 38-61
cables for unidirectional links 28-1
CDP 27-5
CEF 38-96
control-plane security 35-7
EIGRP 38-41
E-LMI 45-53
Ethernet OAM 45-42
Ethernet OAM protocol 45-42
features 1-11
Flex Links 21-14
HSRP 42-12
IEEE 802.1Q tunneling 16-23
IGMP
filters 25-29
interfaces 12-35
IP
address tables 38-16
multicast routing 46-46
routes 38-109
IP SLAs operations 43-6
IPv4 ACL configuration 34-39
IPv6 ACL configuration 41-8
IS-IS 38-71
ISO CLNS 38-71
Layer 2 protocol tunneling 16-23
MAC address-table move update 21-14
MSDP peers 47-17
multicast router interfaces 25-15, 40-12
multi-VRF CE 38-94
MVR 25-23
network traffic for analysis with probe 29-2
OAM manager 45-53
object tracking 44-12
OSPF 38-34
port
blocking 26-18
protection 26-18
private VLANs 15-14
QoS 36-78
REP 20-15
RP mapping information 46-33
source-active messages 47-17
speed and duplex mode 12-23
SSM mapping 46-22
traffic flowing among switches 30-1
traffic suppression 26-18
tunneling 16-23
VLAN
filters 34-39
maps 34-39
VLANs 14-14
VMPS 14-28
MQC
process 36-3
steps to configure 36-3
MSDP
benefits of 47-3
clearing MSDP connections and statistics 47-17
controlling source information
forwarded by switch 47-11
originated by switch 47-8
received by switch 47-13
default configuration 47-3
dense-mode regions
sending SA messages to 47-15
specifying the originating address 47-16
filtering
incoming SA messages 47-13
SA messages to a peer 47-11
SA requests from a peer 47-10
join latency, defined 47-6
meshed groups
configuring 47-14
defined 47-14
originating address, changing 47-16
overview 47-1
peer-RPF flooding 47-2
peers
configuring a default 47-4
monitoring 47-17
peering relationship, overview 47-1
requesting source information from 47-7
shutting down 47-15
source-active messages
caching 47-6
clearing cache entries 47-18
defined 47-2
filtering from a peer 47-10
filtering incoming 47-13
filtering to a peer 47-11
limiting data with TTL 47-12
monitoring 47-17
restricting advertised sources 47-8
support for 1-10
MSTP
boundary ports
configuration guidelines 18-15
described 18-6
BPDU filtering
described 19-3
enabling 19-8
BPDU guard
described 19-3
enabling 19-7
CIST
description 18-3
regional root 18-5
root 18-5
configuration guidelines 18-15, 19-6
configuring
forward-delay time 18-23
hello time 18-23
link type for rapid convergence 18-25
maximum aging time 18-24
maximum hop count 18-24
MST region 18-16
neighbor type 18-25
path cost 18-21
port priority 18-19
root switch 18-17
secondary root switch 18-18
switch priority 18-22
CST
defined 18-3
operations between regions 18-3
default configuration 18-14
default optional feature configuration 19-5
displaying status 18-27
enabling the mode 18-16
EtherChannel guard
described 19-3
enabling 19-9
extended system ID
effects on root switch 18-17
effects on secondary root switch 18-18
unexpected behavior 18-17
IEEE 802.1s
implementation 18-6
port role naming change 18-7
instances supported 17-10
interface state, blocking to forwarding 19-2
interoperability and compatibility among modes 17-10
interoperability with 802.1D
described 18-8
restarting migration process 18-26
IST
defined 18-2
master 18-3
operations within a region 18-3
loop guard
described 19-5
enabling 19-10
mapping VLANs to MST instance 18-16
MST region
CIST 18-3
configuring 18-16
described 18-2
hop-count mechanism 18-5
IST 18-2
supported spanning-tree instances 18-2
optional features supported 1-5
overview 18-2
Port Fast
described 19-2
enabling 19-6
preventing root switch selection 19-4
root guard
described 19-4
enabling 19-10
root switch
configuring 18-17
effects of extended system ID 18-17
unexpected behavior 18-17
shutdown Port Fast-enabled port 19-3
status, displaying 18-27
multiauth mode
See multiple-authentication mode
multicast Ethernet loopback (ETH-LB) 45-24
multicast Ethernet loopback, using 45-29
multicast groups
Immediate Leave 25-5
leaving 25-5
multicast packets
ACLs on 34-38
multicast router interfaces, monitoring 25-15, 40-12
multicast router ports, adding 25-7, 40-8
Multicast Source Discovery Protocol
multicast storm 26-1
multicast storm-control command 26-4
multicast television application 25-16
multicast VLAN 25-15
Multicast VLAN Registration
multiple-authentication mode
description 10-10
support for inaccessible authentication bypass 10-18
Multiple HSRP
multiple VPN routing/forwarding in customer edge devices
multi-VRF CE
configuration example 38-90
configuration guidelines 38-84
configuring 38-83
default configuration 38-84
defined 38-81
displaying 38-94
monitoring 38-94
network components 38-83
packet-forwarding process 38-83
support for 1-11
MVR
and address aliasing 25-19
and IGMPv3 25-19
configuration guidelines 25-18
configuring interfaces 25-21
default configuration 25-18
described 25-15
example application 25-16
modes 25-20
monitoring 25-23
multicast television application 25-16
setting global parameters 25-19
support for 1-2
MVRoT, guidelines 25-18
MVR over trunk ports
N
NAC
critical authentication 10-18, 10-42
IEEE 802.1x authentication using a RADIUS server 10-47
IEEE 802.1x validation using RADIUS server 10-47
inaccessible authentication bypass 10-42
Layer 2 IEEE 802.1x validation 10-22, 10-47
named IPv4 ACLs 34-14
named IPv6 ACLs 41-3
NameSpace Mapper
native VLAN
and IEEE 802.1Q tunneling 16-4
configuring 14-19
default 14-19
NEAT
configuring 10-48
overview 10-24
neighbor discovery, IPv6 39-4
neighbor discovery/recovery, EIGRP 38-35
neighbor offset numbers, REP 20-4
neighbors, BGP 38-56
Network Edge Access Topology
network management
CDP 27-1
RMON 30-1
SNMP 32-1
network node interface
network performance, measuring with IP SLAs 43-2
network policy TLV 24-6
Network Time Protocol
NNI
configuring 12-20
described 12-2
protocol control packets on 35-1
no (form of) commands 2-4
non-IP traffic filtering 34-26
Nonstop Forwarding Awareness
nontrunking mode 14-15
normal-range VLANs
characteristics 14-3
configuring 14-7
defined 14-1
no switchport command 12-5
not-so-stubby areas
NSAPs, as ISO IGRP addresses 38-62
NSF Awareness
BGP 38-46
EIGRP 38-37
IS-IS 38-64
OSPF 38-25
NSM 4-3
NSSA, OSPF 38-29
NTP
associations
authenticating 6-4
defined 6-2
enabling broadcast messages 6-6
peer 6-5
server 6-5
default configuration 6-4
displaying the configuration 6-11
overview 6-2
restricting access
creating an access group 6-8
disabling NTP services per interface 6-10
source IP address, configuring 6-10
stratum 6-2
support for 1-4
synchronizing devices 6-5
time
services 6-2
synchronizing 6-2
O
OAM
client 45-32
features 45-33
sublayer 45-32
OAM manager
and E-LMI 45-47
configuration guidelines 45-48
monitoring 45-53
purpose of 45-46
with CFM 45-47
with CFM and Ethernet OAM 45-53
OAM protocol data units 45-32, 45-34
OBFL
configuring 48-20
described 48-20
displaying 48-21
object tracking
HSRP 44-7
IP SLAs 44-9
IP SLAs, configuring 44-9
monitoring 44-12
on-board failure logging
online diagnostics
described 49-1
overview 49-1
running tests 49-5
open1x authentication
configuring 10-53
description 10-23
Open Shortest Path First
optimizing system resources 9-1
options, management 1-3
OSPF
area parameters, configuring 38-29
configuring 38-25
default configuration
metrics 38-31
route 38-31
settings 38-24
described 38-23
for IPv6 39-6
interface parameters, configuring 38-26
LSA group pacing 38-32
monitoring 38-34
network types, configuring 38-28
router IDs 38-33
route summarization 38-31
support for 1-10
virtual links 38-31
output policies 36-5
output policy maps
classification criteria 36-5
configuration guidelines 36-60
configuring 36-60
displaying statistics 36-78
P
packet classification
defined 36-6
to organize traffic 36-2
packet marking
configuring 36-53
defined 36-21
packet policing, for QoS 36-2
PAgP
Layer 2 protocol tunneling 16-14
parallel paths, in routing tables 38-96
parent policies, QoS 36-12, 36-27
passive interfaces
configuring 38-106
OSPF 38-31
passwords
default configuration 8-2
disabling recovery of 8-5
encrypting 8-3
for security 1-7
overview 8-1
recovery of 48-4
setting
enable 8-3
enable secret 8-3
Telnet 8-6
with usernames 8-6
path cost
MSTP 18-21
STP 17-19
path MTU discovery 39-3
PBR
defined 38-102
enabling 38-104
fast-switched policy-based routing 38-105
local policy-based routing 38-105
peers, BGP 38-56
percentage thresholds in tracked lists 44-6
performance features 1-2
periodic data collection and transfer mechanism 32-6
per-port, per-VLAN policy maps, configuration guidelines 36-55
per-port facility loopback, defined 45-43
per-port per VLAN policing 36-12, 36-55
persistent self-signed certificate 8-49
per-user ACLs and Filter-Ids 10-8
per-VLAN spanning-tree plus
PE to CE routing, configuring 38-90
physical ports 12-3
PIM
default configuration 46-9
dense mode
overview 46-4
rendezvous point (RP), described 46-4
RPF lookups 46-8
displaying neighbors 46-47
enabling a mode 46-12
overview 46-3
router-query message interval, modifying 46-36
shared tree and source tree, overview 46-33
shortest path tree, delaying the use of 46-35
sparse mode
join messages and shared tree 46-4
overview 46-4
prune messages 46-4
RPF lookups 46-8
stub routing
configuration guidelines 46-12
enabling 46-13
overview 46-5
support for 1-10
versions
interoperability 46-9
troubleshooting interoperability problems 46-33
v2 improvements 46-3
ping
executing 48-8
overview 48-8
PoE
auto mode 12-8
CDP with power consumption, described 12-7
CDP with power negotiation, described 12-7
Cisco intelligent power management 12-7
configuring 12-24
devices supported 12-6
high-power devices operating in low-power mode 12-7
IEEE power classification levels 12-7
monitoring 12-9
policing power usage 12-9
power budgeting 12-25
power consumption 12-25
powered-device detection and initial power allocation 12-7
power management modes 12-8
power negotiation extensions to CDP 12-7
standards supported 12-7
static mode 12-8
troubleshooting 48-5
police aggregate command 36-52
police command, with individual policers 36-45, 36-57
policer aggregate command 36-49
policer configuration
default for ENIs and UNIs 35-4
default for NNIs 35-5
policers
configuring for more than one traffic class 36-49
described 36-2
policing
aggregate in input policy maps 36-17
described 36-2
individual in input policy maps 36-16
priority in output policy maps 36-20
QoS 36-15
policy-based routing
policy-map command 36-3
policy-map marking, configuration guidelines 36-53
policy maps
configuration examples 36-79
described 36-16
input
configuring 36-44
described 36-4
output
configuring 36-60
described 36-4
port ACLs
defined 34-2
types of 34-3
Port Aggregation Protocol
port-based authentication
accounting 10-10
authentication server
RADIUS server 10-3
configuration guidelines 10-27, 11-9
configuring
802.1x authentication 10-32
guest VLAN 10-39
host mode 10-34
inaccessible authentication bypass 10-42
manual re-authentication of a client 10-35
periodic re-authentication 10-34
quiet period 10-35
RADIUS server parameters on the switch 10-29, 11-11
restricted VLAN 10-40
switch-to-client frame-retransmission number 10-37
switch-to-client retransmission time 10-36
default configuration 10-26, 11-9
described 10-1
displaying statistics 10-54, 11-17
downloadable ACLs and redirect URLs
EAPOL-start frame 10-5
EAP-request/identity frame 10-5
EAP-response/identity frame 10-5
enabling
802.1X authentication 11-11
encapsulation 10-3
flexible authentication ordering
configuring 10-53
overview 10-23
guest VLAN
configuration guidelines 10-16, 10-17
described 10-16
host mode 10-9
inaccessible authentication bypass
configuring 10-42
described 10-18
initiation and message exchange 10-5
magic packet 10-20
maximum number of allowed devices per port 10-28
method lists 10-32
multiple authentication 10-10
multiple-hosts mode, described 10-9
ports
authorization state and dot1x port-control command 10-8
authorized and unauthorized 10-8
port security
described 10-19
interactions 10-19
multiple-hosts mode 10-9
readiness check
configuring 10-28
resetting to default values 10-47
statistics, displaying 10-54
switch
RADIUS client 10-3
switch supplicant
configuring 10-48
overview 10-24
user distribution
guidelines 10-22
overview 10-21
VLAN assignment
AAA authorization 10-32
characteristics 10-12
configuration tasks 10-13
described 10-12
voice aware 802.1x security
configuring 10-31
described 10-30
wake-on-LAN, described 10-20
port-based authentication methods, supported 10-7
port-channel
Port Fast
described 19-2
enabling 19-6
support for 1-6
port membership modes, VLAN 14-4
port not forwarding alarm 7-3
port not operating alarm 7-3
port priority
MSTP 18-19
STP 17-17
ports
access 12-4
blocking 26-6
dual-purpose 12-11
dynamic access 14-5
IEEE 802.1Q tunnel 14-5
protected 26-5
REP 20-6
routed 12-5
secure 26-8
switch 12-3
VLAN assignments 14-11
port security
aging 26-15
and private VLANs 26-16
configuration guidelines 26-10
configuring 26-11
default configuration 26-10
described 26-8
displaying 26-18
enabling 26-16
on trunk ports 26-12
sticky learning 26-9
violations 26-9
with other features 26-10
port shaping
configuring 36-64
described 36-27
port-shutdown response, VMPS 14-24
port status monitoring alarms
FCS bit error rate alarm 7-3
link fault alarm 7-3
port not forwarding alarm 7-3
port not operating alarm 7-3
port types 12-2
power 24-6
power management TLV 24-6
power over Ethernet
power substations 1-15
preempt delay time, REP 20-5
preemption (delay) default configuration 21-7
preferential treatment of traffic
prefix lists, BGP 38-54
preventing unauthorized access 8-1
primary edge port, REP 20-4
primary interface
for object tracking, DHCP, configuring 44-11
for static routing, configuring 44-10
primary links 21-2
priority
HSRP 42-7
priority command 36-20
configuring strict priority queuing 36-65
for QoS scheduling 36-26
for strict priority queuing 36-30
priority policing, described 36-20
priority queues
configuring 36-65
described 36-30
for QoS scheduling 36-26
priority with police
commands 36-20
configuring 36-67
described 36-30
priority with unconditional policing, QoS 36-26
private VLANs
across multiple switches 15-4
and SVIs 15-5
and UNI VLANs 14-13
benefits of 15-1
community ports 15-3
configuration guidelines 15-6, 15-8
configuration tasks 15-6
configuring 15-9
default configuration 15-6
end station access to 15-3
IP addressing 15-4
isolated port 15-2
mapping 15-13
monitoring 15-14
ports
community 15-3
configuration guidelines 15-8
configuring host ports 15-11
configuring promiscuous ports 15-12
described 14-5
isolated 15-2
promiscuous 15-2
promiscuous ports 15-2
secondary VLANs 15-2
subdomains 15-1
traffic in 15-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 8-9
exiting 8-9
logging into 8-9
setting a command with 8-8
promiscuous ports
configuring 15-12
defined 15-2
protected ports 26-5
protocol control packets 35-1
protocol-dependent modules, EIGRP 38-35
Protocol-Independent Multicast Protocol
provider edge devices 38-82
proxy ARP
configuring 38-9
definition 38-7
with IP routing disabled 38-10
proxy reports 21-3
PVST+
802.1Q trunking interoperability 17-10
described 17-9
instances supported 17-10
Q
QinQ
QoS
aggregate policers 36-17
and MQC 36-1
basic model 36-2
CBWFQ 36-28
CBWFQ, configuring 36-61
class-based shaping, described 36-26
classification
ACL lookup 36-11
based on CoS value 36-8
based on DSCP 36-8
based on IP precedence 36-8
based on QoS group 36-11
based on VLAN IDs 36-12, 36-55
class maps, described 36-7
comparisons 36-10
criteria 36-6
in frames and packets 36-6
policy maps, described 36-16
class maps
configuration guidelines 36-40
configuring 36-40
configuration examples
adding customers 36-81
adding or deleting a class 36-84
adding or deleting classification criteria 36-81, 36-82
adding or deleting configured actions 36-83
changing queuing or scheduling parameters 36-82
configuration guidelines
aggregate policers 36-49
CBWFQ 36-61
class-based shaping 36-63
class maps 36-40
general 36-35
individual policers 36-45
input policy maps 36-44
marking 36-53
output policy maps 36-60
unconditional priority policing 36-67
WTD 36-70
configuring
aggregate policers 36-49
class-based shaping 36-63
classification with IP ACLs 36-36
class maps 36-40
individual policers 36-46
individual policing 36-45, 36-57
input policy maps with marking 36-53
IP ACLs 36-36
MAC ACLs 36-39
output policy maps 36-60
port shaping 36-64
priority queues 36-65
queue size 36-31
requirements 36-34
service policies 36-43
strict priority queuing 36-65
table maps 36-42
unconditional priority policing 36-67
congestion avoidance 36-2, 36-31
congestion management 36-2, 36-25
CPU-generated traffic
configuring output policy classification criteria 36-5
configuring QoS group number 36-12
configuring queue-limit 36-70
output remarking 36-6
default configuration 36-35
initial configuration example 36-79
input policy maps
configuring 36-44
described 36-5
IP packet classification 36-6
Layer 2 packet classification 36-6
Layer 3 packet classification 36-6
marking, described 36-2
match command 36-7
output policy maps
configuring 36-61
described 36-5
overview 36-1
packet classification 36-2
packet marking 36-21
packet policing 36-2
parent-child hierarchy 36-12, 36-27
per-port, per-VLAN hierarchical policy maps, described 36-12
policers
configuring 36-46, 36-51, 36-68
described 36-15
policing
aggregate 36-17
individual 36-16
priority 36-20
policy maps
attaching 36-43
attaching to an interface 36-19
displaying statistics 36-78
port shaping, described 36-27
preconfiguration 36-34
priority policing, described 36-20
priority with police 36-30
queue size 36-32
scheduling 36-25
CBWFQ 36-26
priority queuing 36-26
traffic shaping 36-25
strict priority queuing 36-30
supported table maps 36-14
support for 1-9
table maps 36-14
testing 36-78
traffic shaping, described 36-26
unconditional priority policing 36-30
WTD 36-32
QoS groups
classification 36-11, 36-12, 36-55
QoS information, displaying 36-78
quality of service
queries, IGMP 25-3
query solicitation, IGMP 25-11
queue bandwidth and queue size, relationship 36-33
queue-limit command, QoS 36-32, 36-33, 36-69
queue size, QoS, managing 36-31
R
RADIUS
attributes
vendor-proprietary 8-35
vendor-specific 8-34
Change of Authorization 8-19
configuring
accounting 8-33
authentication 8-28
authorization 8-32
communication, global 8-26, 8-34
communication, per-server 8-25, 8-26
multiple UDP ports 8-26
default configuration 8-25
defining AAA server groups 8-30
displaying the configuration 8-38
identifying the server 8-25
limiting the services to the user 8-32
method list, defined 8-25
operation of 8-19
overview 8-17
server load balancing 8-38
suggested network environments 8-18
support for 1-8
tracking services accessed by user 8-33
range
macro 12-16
of interfaces 12-15
rapid convergence 18-10
rapid per-VLAN spanning-tree plus
rapid PVST+
802.1Q trunking interoperability 17-10
described 17-9
instances supported 17-10
Rapid Spanning Tree Protocol
RARP 38-7
rate-limiting threshold, CPU protection 35-6
RCP
configuration files
downloading B-18
overview B-16
preparing the server B-17
uploading B-19
image files
deleting old image B-36
downloading B-34
preparing the server B-33
uploading B-36
reachability, tracking IP SLAs IP host 44-9
readiness check, port-based authentication
configuring 10-28
reconfirmation interval, VMPS, changing 14-27
reconfirming dynamic VLAN membership 14-27
recovery procedures 48-1
redundancy
EtherChannel 37-3
HSRP 42-1
STP
backbone 17-8
path cost 14-21
port priority 14-20
reliable transport protocol, EIGRP 38-35
reloading software 3-22
Remote Authentication Dial-In User Service
Remote Copy Protocol
remote failure indications, Ethernet OAM 45-33, 45-39
remote loopback, Ethernet OAM 45-33, 45-35
Remote Network Monitoring
Remote SPAN
remote SPAN 29-2
remote terminal unit
REP
administrative VLAN, configuring 20-8
age timer 20-8
and STP 20-6
configuration guidelines 20-7
configuring interfaces 20-9
convergence 20-4
default configuration 20-7
manual preemption, configuring 20-14
monitoring 20-15
neighbor offset numbers 20-4
open segment 20-2
ports 20-6
preempt delay time 20-5
primary edge port 20-4
ring segment 20-2
secondary edge port 20-4
segments
characteristics 20-2
described 20-1
SNMP traps, configuring 20-14
supported interfaces 20-1
triggering VLAN load balancing 20-5
verifying link integrity 20-3
VLAN
blocking 20-13
load balancing 20-4
report suppression, IGMP
described 25-6
resequencing ACL entries 34-14
reserved addresses in DHCP pools 22-17
resets, in BGP 38-49
resetting a UDLD-shutdown interface 28-6
Resilient Ethernet Protocol
responder, IP SLAs
described 43-3
enabling 43-5
response time, measuring with IP SLAs 43-4
restricted VLAN
configuring 10-40
described 10-17
using with IEEE 802.1x 10-17
restricting access
NTP services 6-8
overview 8-1
passwords and privilege levels 8-2
RADIUS 8-17
TACACS+ 8-10
retry count, VMPS, changing 14-27
reverse address resolution 38-7
Reverse Address Resolution Protocol
RFC
1112, IP multicast and IGMP 25-2
1157, SNMPv1 32-2
1305, NTP 6-2
1587, NSSAs 38-23
1757, RMON 30-2
1901, SNMPv2C 32-2
1902 to 1907, SNMPv2 32-2
2236, IP multicast and IGMP 25-2
2273-2275, SNMPv3 32-2
2475, DSCP 36-9
2597, AF per-hop behavior 36-9
2598, EF 36-9
5176, compliance 8-20
RIP
advertisements 38-18
authentication 38-20
configuring 38-19
default configuration 38-18
described 38-18
for IPv6 39-6
hop counts 38-18
summary addresses 38-21
support for 1-10
RMON
default configuration 30-3
displaying status 30-6
enabling alarms and events 30-3
groups supported 30-2
overview 30-1
statistics
collecting group Ethernet 30-5
collecting group history 30-5
support for 1-11
root guard
described 19-4
enabling 19-10
support for 1-6
root switch
MSTP 18-17
STP 17-15
route calculation timers, OSPF 38-31
route dampening, BGP 38-60
routed packets, ACLs on 34-37
routed ports
configuring 38-3
defined 12-5
route-map command 38-104
route maps
BGP 38-52
policy-based routing 38-103
router ACLs
defined 34-2
types of 34-4
route reflectors, BGP 38-59
router ID, OSPF 38-33
route selection, BGP 38-50
route summarization, OSPF 38-31
route targets, VPN 38-83
routing
default 38-2
dynamic 38-2
IPv6 traffic 39-2
redistribution of information 38-99
static 38-2
routing domain confederation, BGP 38-59
Routing Information Protocol
routing protocol administrative distances 38-97
RSPAN
characteristics 29-7
configuration guidelines 29-15
default configuration 29-9
defined 29-2
destination ports 29-6
displaying status 29-22
interaction with other features 29-8
monitored ports 29-5
monitoring ports 29-6
received traffic 29-4
session limits 29-10
sessions
creating 29-16
defined 29-3
limiting source traffic to specific VLANs 29-21
specifying monitored ports 29-16
with ingress traffic enabled 29-19
source ports 29-5
transmitted traffic 29-5
VLAN-based 29-6
RSPAN VLANs, and UNI VLANs 14-13
RSTP
active topology 18-9
BPDU
format 18-12
processing 18-13
designated port, defined 18-9
designated switch, defined 18-9
interoperability with 802.1D
described 18-8
restarting migration process 18-26
topology changes 18-13
overview 18-8
port roles
described 18-9
synchronized 18-11
proposal-agreement handshake process 18-10
rapid convergence
described 18-10
edge ports and Port Fast 18-10
point-to-point links 18-10, 18-25
root ports 18-10
root port, defined 18-9
RTU, in SCADA system 5-1
running configuration
saving 3-15
S
SCADA system
control traffic 1-15
using MODBUS 5-1
scheduled reloads 3-22
scheduling, QoS 36-25
SCP
and SSH 8-54
configuring 8-54
SD flash memory card B-3
SDM
described 9-1
templates
configuring 9-4
number of 9-1
SDM template
configuration guidelines 9-4
configuring 9-3
default 9-1
dual IPv4 and IPv6 9-2
Layer 2 9-1
types of 9-1
secondary edge port, REP 20-4
secondary VLANs 15-2
Secure Digital flash memory card
secure HTTP client
configuring 8-53
displaying 8-54
secure HTTP server
configuring 8-52
displaying 8-54
secure MAC addresses
deleting 26-14
maximum number of 26-9
types of 26-8
secure ports, configuring 26-8
secure remote connections 8-44
Secure Socket Layer
security, port 26-8
security features 1-7
sequence numbers in log messages 31-7
service-policy command
attaching policy maps 36-4
guidelines 36-60
using 36-43
service-provider networks
and customer VLANs 16-2
and IEEE 802.1Q tunneling 16-1
Layer 2 protocols across 16-13
Layer 2 protocol tunneling for EtherChannels 16-14
MSTP and RSTP 18-1
set command
for QoS marking 36-21
guidelines 36-53
set-request operation 32-4
setting a secondary temperature threshold 7-7, 7-8
setting power supply alarm options 7-6
setting the FCS error hysteresis threshold 7-10
severity levels, defining in system messages 31-8
SFPs
monitoring status of 1-11, 12-36, 48-7
security and identification 48-6
status, displaying 1-11
shape average command, QoS 36-25, 36-27, 36-63
shaped round robin
show access-lists hw-summary command 34-21
show alarm commands 7-13
show and more command output, filtering 2-8
show cdp traffic command 27-5
show configuration command 12-31
show forward command 48-17
show interfaces command 12-23, 12-31
show interfaces switchport backup command 21-4
show l2protocol command 16-18, 16-20, 16-21
show lldp traffic command 24-7
show platform forward command 48-17
show running-config command
displaying ACLs 34-19, 34-31, 34-33
interface description in 12-31
shutdown command on interfaces 12-37
shutdown threshold for Layer 2 protocol packets 16-16
Simple Network Management Protocol
single session ID 10-25
Smartports macros
applying Cisco-default macros 13-4
applying global parameter values 13-5
default configuration 13-1
displaying 13-6
tracing 13-3
SMNP traps, and CFM 45-5
SNAP 27-1
SNMP
accessing MIB variables with 32-4
agent
described 32-4
disabling 32-8
and IP SLAs 43-2
authentication level 32-11
community strings
configuring 32-8
overview 32-4
configuration examples 32-21
default configuration 32-7
engine ID 32-7
host 32-7
ifIndex values 32-5
in-band management 1-4
informs
and trap keyword 32-12
described 32-5
differences from traps 32-5
disabling 32-16
enabling 32-16
limiting
access by TFTP servers 32-17
system log messages to NMS 31-9
MIBs
location of A-4
supported A-1
notifications 32-5
security levels 32-3
setting CPU threshold notification 32-16
status, displaying 32-23
system contact and location 32-17
trap manager, configuring 32-14
traps
differences from informs 32-5
disabling 32-16
enabling 32-12
enabling MAC address notification 6-22, 6-24, 6-26
REP 20-14
types of 32-13
versions supported 32-2
SNMP and Syslog Over IPv6 39-7
SNMPv1 32-2
SNMPv2C 32-2
SNMPv3 32-3
snooping, IGMP 25-1
software images
location in flash B-24
recovery procedures 48-2
scheduling reloads 3-22
tar file format, described B-25
See also downloading and uploading
source addresses
in IPv4 ACLs 34-11
in IPv6 ACLs 41-5
source-and-destination-IP address based forwarding, EtherChannel 37-8
source-and-destination MAC address forwarding, EtherChannel 37-8
source-IP address based forwarding, EtherChannel 37-8
source-MAC address forwarding, EtherChannel 37-7
Source-specific multicast
SPAN
configuration guidelines 29-10
default configuration 29-9
destination ports 29-6
displaying status 29-22
interaction with other features 29-8
monitored ports 29-5
monitoring ports 29-6
ports, restrictions 26-11
received traffic 29-4
session limits 29-10
sessions
configuring ingress forwarding 29-13, 29-20
creating 29-10
defined 29-3
limiting source traffic to specific VLANs 29-14
removing destination (monitoring) ports 29-12
specifying monitored ports 29-10
with ingress traffic enabled 29-12
source ports 29-5
traffic 29-4
transmitted traffic 29-5
VLAN-based 29-6
spanning tree and native VLANs 14-16
Spanning Tree Protocol
speed, configuring on interfaces 12-21
SRR, support for 1-9
SSH
configuring 8-45
cryptographic software image 8-43
encryption methods 8-44
user authentication methods, supported 8-44
SSL
configuration guidelines 8-51
configuring a secure HTTP client 8-53
configuring a secure HTTP server 8-52
cryptographic software image 8-48
described 8-48
monitoring 8-54
SSM
address management restrictions 46-16
CGMP limitations 46-16
components 46-14
configuration guidelines 46-16
differs from Internet standard multicast 46-14
IGMP snooping 46-16
IGMPv3
host signalling 46-15
overview 46-14
IP address range 46-15
monitoring 46-17
operations 46-15
PIM 46-14
state maintenance limitations 46-16
SSM mapping
configuration guidelines 46-17
defined 46-17
monitoring 46-22
overview 46-18
restrictions 46-18
static traffic forwarding 46-21
standby ip command 42-6
standby links 21-2
standby router 42-1
standby timers, HSRP 42-10
startup configuration
booting
manually 3-19
specific image 3-19
clearing B-20
configuration file
automatically downloading 3-18
specifying the filename 3-18
default boot configuration 3-18
static access ports
assigning to VLAN 14-11
static addresses
static IP routing 1-10
static MAC addressing 1-8
static route primary interface, configuring 44-10
static routes
configuring 38-97
understanding 39-6
static routing 38-2
static SSM mapping 46-18, 46-20
static traffic forwarding 46-21
static VLAN membership 14-2
statistics
802.1X 11-17
802.1x 10-54
CDP 27-5
interface 12-35
IP multicast routing 46-46
LLDP 24-7
LLDP-MED 24-7
OSPF 38-34
RMON
group Ethernet 30-5
group history 30-5
SNMP input and output 32-23
sticky learning 26-9
storm control
configuring 26-3
described 26-1
disabling 26-5
displaying 26-18
support for 1-2
thresholds 26-1
STP
and REP 20-6
BPDU filtering
described 19-3
disabling 19-9
enabling 19-8
BPDU guard
described 19-3
disabling 19-8
enabling 19-7
BPDU message exchange 17-3
configuration guidelines 17-12, 19-6
configuring
forward-delay time 17-22
hello time 17-21
maximum aging time 17-22
path cost 17-19
port priority 17-17
root switch 17-15
secondary root switch 17-17
spanning-tree mode 17-13
switch priority 17-20
counters, clearing 17-23
default configuration 17-11
default optional feature configuration 19-5
designated port, defined 17-3
designated switch, defined 17-3
disabling 17-15
displaying status 17-23
EtherChannel guard
described 19-3
disabling 19-10
enabling 19-9
extended system ID
effects on root switch 17-15
effects on the secondary root switch 17-17
overview 17-4
unexpected behavior 17-15
features supported 1-5
IEEE 802.1D
and bridge ID 17-4
and multicast addresses 17-8
IEEE 802.1t and VLAN identifier 17-4
inferior BPDU 17-3
instances supported 17-10
interface states
blocking 17-6
blocking to forwarding 19-2
disabled 17-7
learning 17-6
listening 17-6
overview 17-4
interoperability and compatibility among modes 17-10
keepalive messages 17-2
Layer 2 protocol tunneling 16-13
limitations with 802.1Q trunks 17-10
load sharing
overview 14-19
using path costs 14-21
using port priorities 14-20
loop guard
described 19-5
enabling 19-10
modes supported 17-9
multicast addresses, effect of 17-8
optional features supported 1-5
overview 17-2
Port Fast
described 19-2
enabling 19-6
port priorities 14-20
preventing root switch selection 19-4
protocols supported 17-9
redundant connectivity 17-8
root guard
described 19-4
enabling 19-10
root port, defined 17-3
root switch
configuring 17-15
effects of extended system ID 17-4, 17-15
election 17-3
unexpected behavior 17-15
status, displaying 17-23
superior BPDU 17-3
timers, described 17-21
stratum, NTP 6-2
strict priority queuing 36-65
configuration guidelines 36-65
configuring 36-66
defined 36-30
QoS 36-30
stub areas, OSPF 38-29
stub routing, EIGRP 38-40
subdomains, private VLAN 15-1
subnet mask 38-5
subnet zero 38-5
substation
application 1-15
router, MODBUS client 5-1
switch, MODBUS client 5-1
success response, VMPS 14-24
summer time 6-13
SunNet Manager 1-3
supernet 38-6
supervisory control and data acquisition system
supported port-based authentication methods 10-7
SVIs
and IP unicast routing 38-3
and router ACLs 34-4
connecting VLANs 12-11
defined 12-5
routing between VLANs 14-2
S-VLAN 16-7
switch console port 1-4
Switch Database Management
switched packets, ACLs on 34-37
Switched Port Analyzer
switched ports 12-3
switchport backup interface 21-4, 21-5
switchport block multicast command 26-7
switchport block unicast command 26-7
switchport command 12-18
switchport mode dot1q-tunnel command 16-6
switchport protected command 26-6
switch priority
MSTP 18-22
STP 17-20
switch software features 1-1
switch virtual interface
synchronization, BGP 38-46
syslog
system clock
configuring
daylight saving time 6-13
manually 6-11
summer time 6-13
time zones 6-12
displaying the time and date 6-12
overview 6-1
system message logging
default configuration 31-3
defining error message severity levels 31-8
disabling 31-3
displaying the configuration 31-13
enabling 31-4
facility keywords, described 31-12
level keywords, described 31-8
limiting messages 31-9
message format 31-2
overview 31-1
sequence numbers, enabling and disabling 31-7
setting the display destination device 31-4
synchronizing log messages 31-5
syslog facility 1-11
time stamps, enabling and disabling 31-6
UNIX syslog servers
configuring the daemon 31-11
configuring the logging facility 31-12
facilities supported 31-12
system MTU
and IEEE 802.1Q tunneling 16-5
and IS-IS LSPs 38-67
system name
default configuration 6-15
default setting 6-15
manual configuration 6-15
system prompt, default setting 6-15
system resources, optimizing 9-1
system routing
IS-IS 38-62
ISO IGRP 38-62
System-to-Intermediate System Protocol
T
table maps
default actions 36-14
described 36-14
for QoS marking 36-21
QoS, configuring 36-42
types of 36-14
TACACS+
accounting, defined 8-11
authentication, defined 8-11
authorization, defined 8-11
configuring
accounting 8-16
authentication key 8-13
authorization 8-16
login authentication 8-14
default configuration 8-13
displaying the configuration 8-17
identifying the server 8-13
limiting the services to the user 8-16
operation of 8-12
overview 8-10
support for 1-8
tracking services accessed by user 8-16
tagged packets
IEEE 802.1Q 16-3
Layer 2 protocol 16-13
tar files
creating B-7
displaying the contents of B-8
extracting B-8
image file format B-25
TCL script, registering and defining with embedded event manager 33-7
TDR 1-11
Telnet
accessing management interfaces 2-9
number of connections 1-4
setting a password 8-6
temperature alarms, configuring 7-7, 7-8
templates
Ethernet OAM 45-39
SDM 9-2
temporary self-signed certificate 8-49
Terminal Access Controller Access Control System Plus
terminal lines, setting a password 8-6
terminal loopback, defined 45-43
TFTP
configuration files
downloading B-12
in base directory 3-7
preparing the server B-11
uploading B-13
configuring for autoconfiguration 3-7
image files
deleting B-28
downloading B-27
preparing the server B-26
uploading B-28
limiting access by servers 32-17
TFTP server 1-4
threshold, traffic level 26-2
time
Time Domain Reflector
time-range command 34-16
time ranges in ACLs 34-16
time stamps in log messages 31-6
time-to-live 38-15
time zones 6-12
TLVs
defined 24-1
LLDP 24-2
LLDP-MED 24-2
traceroute, Layer 2
and ARP 48-12
and CDP 48-12
broadcast traffic 48-11
described 48-11
IP addresses and subnets 48-12
MAC addresses and VLANs 48-12
multicast traffic 48-12
multiple devices on a port 48-12
unicast traffic 48-11
usage guidelines 48-12
traceroute command 48-14
tracked lists
configuring 44-3
types 44-3
tracked objects
by Boolean expression 44-4
by threshold percentage 44-6
by threshold weight 44-5
tracking
interface line-protocol state 44-2
IP routing state 44-2
objects 44-1
process 44-1
track state, tracking IP SLAs 44-9
traffic
blocking flooded 26-7
fragmented 34-5
fragmented IPv6 41-2
unfragmented 34-5
traffic class, defined 36-3
traffic classification, typical values 36-10
traffic marking 36-21
traffic policies, elements in 36-3
traffic shaping
for QoS scheduling 36-25
QoS traffic control 36-26
traffic suppression 26-1
transmission and distribution 1-15
trap-door mechanism 3-2
traps
configuring MAC address notification 6-22, 6-24, 6-26
configuring managers 32-12
defined 32-4
enabling 6-22, 6-24, 6-26, 32-12
notification types 32-13
triggering alarm options
configurable relay 7-3
methods 7-3
SNMP traps 7-4
syslog messages 7-4
troubleshooting
connectivity problems 48-8, 48-11, 48-13
detecting unidirectional links 28-1
displaying crash information 48-19
PIMv1 and PIMv2 interoperability problems 46-33
setting packet forwarding 48-17
SFP security and identification 48-6
show forward command 48-17
with CiscoWorks 32-4
with debug commands 48-15
with ping 48-8
with system message logging 31-1
with traceroute 48-13
trunk failover
trunking encapsulation 1-6
trunk ports
configuring 14-17
trunks
allowed-VLAN list 14-18
load sharing
setting STP path costs 14-21
using STP port priorities 14-20
native VLAN for untagged traffic 14-19
parallel 14-21
trustpoints, CA 8-48
tunneling
defined 16-1
IEEE 802.1Q 16-1
Layer 2 protocol 16-13
tunnel ports
defined 14-5
IEEE 802.1Q, configuring 16-6
incompatibilities with other features 16-6
twisted-pair Ethernet, detecting unidirectional links 28-1
U
UDLD
configuration guidelines 28-4
default configuration 28-4
disabling
globally 28-5
on fiber-optic interfaces 28-5
per interface 28-5
echoing detection mechanism 28-2
enabling
globally 28-5
per interface 28-5
Layer 2 protocol tunneling 16-15
link-detection mechanism 28-1
neighbor database 28-2
overview 28-1
resetting an interface 28-6
status, displaying 28-6
support for 1-5
UDP
configuring 38-13
datagrams 38-15
forwarding 38-13
unauthorized ports with 802.1x 10-8
unconditional priority policing
configuration guidelines 36-67
priority with police 36-30
UN-ENI VLANs
defined 14-5
UNI 14-5
configuring 12-20
described 12-2
protocol control packets on 35-1
unicast MAC address filtering
and adding static addresses 6-29
and broadcast MAC addresses 6-28
and CPU packets 6-28
and multicast addresses 6-28
and router MAC addresses 6-28
configuration guidelines 6-28
described 6-28
unicast storm 26-1
unicast storm control command 26-4
unicast traffic, blocking 26-7
UNI community VLAN 14-6
UniDirectional Link Detection protocol
UNI isolated VLAN 14-6
UNIs, remote (CFM) 45-47
UNI VLANs
and private VLANs 14-13
and RSPAN VLANs 14-13
configuration guidelines 14-12
configuring 14-13
UNIX syslog servers
daemon configuration 31-11
facilities supported 31-12
message logging configuration 31-12
upgrading software images
upgrading with CNS 4-14
uploading
configuration files
reasons for B-9
using FTP B-15
using RCP B-19
using TFTP B-13
image files
reasons for B-24
using FTP B-32
using RCP B-36
using TFTP B-28
usage guidelines
Layer 2 traceroute 48-12
USB mini-Type B console port 12-12
User Datagram Protocol
user EXEC mode 2-2
username-based authentication 8-6
user network interface
utility substation 1-15
V
Virtual Private Network
vlan.dat file 14-3
VLAN 1
disabling on a trunk port 14-18
minimization 14-18
VLAN ACLs
vlan-assignment response, VMPS 14-24
VLAN blocking, REP 20-13
VLAN configuration mode 2-2
VLAN database
VLAN configuration saved in 14-10
VLANs saved in 14-3
vlan dot1q tag native command 16-4
VLAN filtering and SPAN 29-6
vlan global configuration command 14-7, 14-9
VLAN ID
discovering 6-31
service provider 16-8
VLAN ID translation
VLAN load balancing
configuration guidelines on flex links 21-8
on flex links 21-2
REP 20-4
triggering 20-5
VLAN loopback, defined 45-43
VLAN Management Policy Server
VLAN map entries, order of 34-29
VLAN mapping
1-to-1
configuring 16-10
described 16-8
configuration guidelines 16-9
configuring on a trunk port 16-10
default 16-9
described 16-7
selective Q-in-Q
configuring 16-12
described 16-8
traditional Q-in-Q
configuring 16-11
described 16-8
types of 16-8
VLAN maps
applying 34-33
common uses for 34-33
configuration guidelines 34-29
configuring 34-29
creating 34-30
denying access to a server example 34-34
denying and permitting packets 34-31
displaying 34-39
examples of ACLs and VLAN maps 34-31
removing 34-33
support for 1-8
wiring closet configuration example 34-34
with router ACLs 34-39
VLAN membership
confirming 14-27
modes 14-5
VLAN Query Protocol
VLANs
adding 14-9
aging dynamic addresses 17-9
allowed on trunk 14-18
and spanning-tree instances 14-3, 14-9
configuration guidelines 14-8
connecting through SVIs 12-11
customer numbering in service-provider networks 16-3
default configuration 14-7
displaying 14-14
extended-range 14-1
features 1-6
illustrated 14-2
internal 14-9
limiting source traffic
with RSPAN 29-21
with SPAN 29-14
modifying 14-9
multicast 25-15
native, configuring 14-19
number supported 1-6
parameters 14-3
port membership modes 14-4
static-access ports 14-11
STP and 802.1Q trunks 17-10
supported 14-3
traffic between 14-2
UNI
community 14-6
isolated 14-6
VLAN trunks 14-15
VMPS
administering 14-28
configuration example 14-28
configuration guidelines 14-25
default configuration 14-25
description 14-23
dynamic port membership
described 14-24
reconfirming 14-27
troubleshooting 14-28
mapping MAC addresses to VLANs 14-23
monitoring 14-28
reconfirmation interval, changing 14-27
reconfirming membership 14-27
retry count, changing 14-27
voice aware 802.1x security, port-based authentication
configuring 10-31
described 10-30
VPN
configuring routing in 38-89
forwarding 38-84
in service provider networks 38-81
routes 38-82
VPN routing and forwarding table
VRF
defining 38-83
tables 38-81
VRF-aware services
ARP 38-86
configuring 38-86
FTP 38-88
HSRP 38-87
ping 38-86
RADIUS 38-89
SNMP 38-87
syslog 38-88
TFTP 38-88
traceroute 38-88
VTP Layer 2 protocol tunneling 16-13
W
warm reload 3-22
web-based authentication
802.1x readiness check10-12to ??
customizable web pages 11-6
description 11-1
interactions with other features 11-7
weighted tail drop
weight thresholds in tracked lists 44-5
wireless access point, MODBUS client 5-1
WTD
configuration guidelines 36-70
described 36-31
support for 1-9
X
Y
Y.1731
default configuration 45-25
description 45-22
ETH-AIS
configuring 45-25
Ethernet Alarm Signal function description 45-23
ETH-LCK
configuring 45-27
Ethernet Locked Signal function description 45-24
ETH-RDI 45-24
multicast Ethernet loopback 45-29
multicast ETH-LB 45-24
terminology 45-23
Feedback