A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
K -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
X -
Y -
Index
A
abbreviating commands 2-3
ABRs 38-23
access-class command 34-18
access control entries
See ACEs
access-denied response, VMPS 14-24
access groups
applying IPv4 ACLs to interfaces 34-19
Layer 2 34-19
Layer 3 34-20
access lists
See ACLs
access ports
and Layer 2 protocol tunneling 16-16
defined 12-4
accounting
with IEEE 802.1x 10-10, 10-38
with RADIUS 8-33
with TACACS+ 8-11, 8-16
ACEs
defined 34-2
Ethernet 34-2
IP 34-2
ACL classification, QoS 36-11
ACLs
ACEs 34-2
any keyword 34-12, 36-38
applying
on multicast packets 34-38
on routed packets 34-37
on switched packets 34-37
time ranges to 34-16
to an interface 34-19, 41-7
to IPv6 interfaces 41-7
to QoS 36-11
classifying traffic for QoS 36-36
comments in 34-18
compiling 34-22
defined 34-1, 34-7
examples of 34-22
extended IPv4
creating 34-10
matching criteria 34-7
hardware and software handling 34-20
host keyword 34-12, 36-38
IP
creating 34-7
implicit deny 34-9, 34-13, 34-15
implicit masks 34-9
matching criteria 34-7
undefined 34-20
IPv4
applying to interfaces 34-19
creating 34-7
matching criteria 34-7
named 34-14
numbers 34-8
terminal lines, setting on 34-18
unsupported features 34-6
IPv6
applying to interfaces 41-7
configuring 41-3, 41-4
displaying 41-8
interactions with other features 41-4
limitations 41-3
matching criteria 41-3
named 41-3
precedence of 41-2
supported 41-2
unsupported features 41-3
Layer 4 information in 34-36
logging messages 34-8
MAC extended 34-26
matching 34-7, 34-20
monitoring 34-39, 41-8
named
IPv4 34-14
IPv6 41-3
names 41-4
port 34-2, 41-2
precedence of 34-2
QoS 36-11
resequencing entries 34-14
router 34-2, 41-2
router ACLs and VLAN map configuration guidelines 34-36
standard IPv4
creating 34-9
matching criteria 34-7
support for 1-8
support in hardware 34-20
time ranges 34-16
types supported 34-2
unsupported features
IPv4 34-6
IPv6 41-3
using router ACLs with VLAN maps 34-35
VLAN maps
configuration guidelines 34-29
configuring 34-29
active link 21-2, 21-4, 21-5, 21-6
active router 42-1
active traffic monitoring, IP SLAs 43-1
address aliasing 25-2
addresses
displaying the MAC address table 6-31
dynamic
accelerated aging 17-8
changing the aging time 6-21
default aging 17-8
defined 6-19
learning 6-20
removing 6-22
IPv6 39-2
MAC, discovering 6-31
multicast
group address range 46-2
STP address management 17-8
static
adding and removing 6-27
defined 6-19
address resolution 6-31, 38-7
Address Resolution Protocol
See ARP
adjacency tables, with CEF 38-95
administrative distances
defined 38-107
OSPF 38-31
routing protocol defaults 38-97
administrative VLAN, REP 20-8
configuring 20-8
ADU, MODBUS message 5-1
advertisements
CDP 27-1
LLDP 24-1
RIP 38-18
age timer, REP 20-8
aggregatable global unicast addresses 39-3
aggregate addresses, BGP 38-58
aggregated ports
See EtherChannel
aggregate policers
configuration guidelines 36-49
configuring 36-49
described 36-17
aging, accelerating 17-8
aging time
accelerated
for MSTP 18-23
for STP 17-8, 17-22
MAC address table 6-21
maximum
for MSTP 18-24
for STP 17-22
alarm profiles
configuring 7-12
creating or modifying 7-11
alarms
default configuration 7-6
displaying 7-13
power supply 7-2
RMON 30-3
temperature 7-2
allowed-VLAN list 14-18
application data unit
See ADU
area border routers
See ABRs
area routing
IS-IS 38-62
ISO IGRP 38-62
ARP
configuring 38-8
defined 1-4, 6-31, 38-7
encapsulation 38-9
static cache configuration 38-8
table
address resolution 6-31
managing 6-31
ASBRs 38-23
AS-path filters, BGP 38-52
associating the temperature alarms to a relay 7-9
assured forwarding, DSCP 36-8
asymmetrical links, and IEEE 802.1Q tunneling 16-4
attaching an alarm profile to a port 7-12
attributes, RADIUS
vendor-proprietary 8-35
vendor-specific 8-34
attribute-value pairs 10-14, 10-15
authentication
EIGRP 38-39
HSRP 42-10
local mode with AAA 8-42
NTP associations 6-4
RADIUS
key 8-26
login 8-28
TACACS+
defined 8-11
key 8-13
login 8-14
See also port-based authentication
authentication failed VLAN
See restricted VLAN
authentication keys, and routing protocols 38-108
authentication manager
CLI commands 10-8
compatibility with older 802.1x CLI commands10-8to ??
overview 10-7
single session ID 10-25
authoritative time source, described 6-2
authorization
with RADIUS 8-32
with TACACS+ 8-11, 8-16
authorized ports with 802.1x 10-8
autoconfiguration 3-3
auto enablement 10-24
autonegotiation
duplex mode 1-2
interface configuration guidelines 12-22
mismatches 48-5
autonomous system boundary routers
See ASBRs
autonomous systems, in BGP 38-46
Auto-RP, described 46-6
autosensing, port speed 1-2
availability, features 1-5
B
backup interfaces
See Flex Links
backup links 21-2
backup static routing, configuring 44-12
bandwidth, QoS, configuring 36-61
bandwidth command
for CBWFQ 36-26
QoS, configuring 36-61
QoS, described 36-28
with police command 36-30
bandwidth remaining percent command 36-30
banners
configuring
login 6-19
message-of-the-day login 6-18
default configuration 6-17
when displayed 6-17
Berkeley r-tools replacement 8-54
best-effort packet delivery 36-1
BGP
aggregate addresses 38-58
aggregate routes, configuring 38-58
CIDR 38-58
clear commands 38-61
community filtering 38-55
configuring neighbors 38-56
default configuration 38-44, 38-74
described 38-43
enabling 38-46
monitoring 38-61
multipath support 38-50
neighbors, types of 38-46
path selection 38-50
peers, configuring 38-56
prefix filtering 38-54
resetting sessions 38-49
route dampening 38-60
route maps 38-52
route reflectors 38-59
routing domain confederation 38-59
routing session with multi-VRF CE 38-90
show commands 38-61
supernets 38-58
support for 1-10
Version 4 38-43
binding database
DHCP snooping
See DHCP snooping binding database
bindings
DHCP snooping database 22-6
IP source guard 22-19
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 26-6
Boolean expressions in tracked lists 44-4
booting
boot loader, function of 3-2
boot process 3-1
manually 3-19
specific image 3-19
boot loader
accessing 3-20
described 3-2
environment variables 3-21
prompt 3-20
trap-door mechanism 3-2
bootstrap router (BSR), described 46-6
Border Gateway Protocol
See BGP
BPDU
error-disabled state 19-3
filtering 19-3
RSTP format 18-12
BPDU filtering
described 19-3
disabling 19-9
enabling 19-8
support for 1-6
BPDU guard
described 19-3
disabling 19-8
enabling 19-7
support for 1-6
broadcast flooding 38-15
broadcast packets
directed 38-12
flooded 38-12
broadcast storm-control command 26-4
broadcast storms 26-1, 38-12
bulk statistics
defined 32-6
file 32-6
object list, configuring 32-18
object list, described 32-6
schema, configuring 32-18
schema, described 32-6
transfer 32-19
bulkstat object-list 32-18
bulkstat schema 32-18
C
cables, monitoring for unidirectional links 28-1
CA trustpoint
configuring 8-51
defined 8-48
CBWFQ
and bandwidth command 36-28, 36-61
configuration guidelines 36-61
QoS scheduling 36-26
CDP
configuring 27-2
default configuration 27-2
defined with LLDP 24-1
described 27-1
disabling for routing device27-3to 27-4
enabling and disabling
on an interface 27-4
on a switch 27-3
Layer 2 protocol tunneling 16-13
monitoring 27-5
overview 27-1
power negotiation extensions 12-7
support for 1-4
transmission timer and holdtime, setting 27-2
updates 27-2
CEF
defined 38-95
enabling 38-96
IPv6 39-18
CFM
and Ethernet OAM
configuring 45-54
interaction 45-53
and OAM manager 45-47
and other features 45-8
and tunnels 45-8
clearing 45-30
configuration
errors 45-6
guidelines 45-7
configuring
crosscheck 45-11
fault alarms 45-16
port MEP 45-14
static remote MEP 45-12
the network 45-8
continuity check messages 45-5
crosscheck 45-5
default configuration 45-7
defined 45-2
down MEPs 45-4
draft 1 45-4
draft 8.1 45-4
EtherChannel support 45-7
fault alarms
configuring 45-16
defined 45-5
IEEE 802.1ag 45-2
IP SLAs
support for 45-6
with endpoint discovers 45-20
loopback messages 45-5
maintenance association 45-3
maintenance domain 45-2
maintenance point 45-3
manually configuring IP SLAs ping or jitter 45-17
measuring network performance 45-6
messages
continuity check 45-5
loopback 45-5
traceroute 45-5
monitoring 45-30, 45-32
on EtherChannel port channels 45-7
port MEP, configuring 45-14
remote MEPs 45-5
SNMP traps 45-5
static RMEP
check 45-5
configuring 45-12
traceroute messages 45-5
types of messages 45-5
UNIs 45-4
up MEPs 45-4
version interoperability 45-6
Y.1731 description 45-22
child policies, QoS 36-12, 36-27
CIDR 38-58
CipherSuites 8-50
Cisco Configuration Engine 1-3
Cisco Configuration Professional 1-3
Cisco Data Collection MIB 32-1
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco intelligent power management 12-7
Cisco IOS File System
See IFS
Cisco IOS IP SLAs 43-1
Cisco IP Phone, MODBUS client 5-1
Cisco Process MIB 32-1
Cisco Secure ACS
attribute-value pairs for downloadable ACLs 10-15
attribute-value pairs for redirect URL 10-14
configuration guide 10-50
CiscoWorks 2000 1-3, 32-4
CISP 10-24
CIST root or regional root
See MSTP
class-based priority queuing, QoS 36-20
class-based shaping
configuration guidelines 36-63
configuring 36-63
for QoS 36-26
Class-Based-Weighted-Fair-Queuing
See CBWFQ
classification
based on ACL lookup 36-11
in packet headers 36-6
per-port per VLAN 36-12, 36-55
QoS comparisons 36-10
QoS group 36-11
classless interdomain routing
See CIDR
classless routing 38-6
class map
match-all option 36-7
match-any option 36-7
class-map command 36-3
class maps, QoS
configuring 36-40
described 36-7
class of service
See CoS
class selectors, DSCP 36-9
clearing, Ethernet CFM 45-30
clearing interfaces 12-36
CLI
abbreviating commands 2-3
command modes 2-1
described 1-3
editing features
enabling and disabling 2-6
keystroke editing 2-6
wrapped lines 2-8
error messages 2-4
filtering command output 2-8
getting help 2-3
history
changing the buffer size 2-5
described 2-4
disabling 2-5
recalling commands 2-5
no and default forms of commands 2-4
Client Information Signalling Protocol
See CISP
client processes, tracking 44-1
CLNS
See ISO CLNS
clock
See system clock
CNS
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-7
for upgrading 4-14
CoA Request Commands 8-22
command-line interface
See CLI
command macros, creating 13-4
command modes 2-1
commands
abbreviating 2-3
no and default 2-4
setting privilege levels 8-8
common session ID
see single session ID 10-25
community list, BGP 38-55
community ports 15-3
community strings
configuring 32-8
overview 32-4
community VLANs 15-2, 15-3
compatibility, feature 26-11
config.text 3-18
configurable leave timer, IGMP 25-5
configuration, initial, defaults 1-12
configuration examples
network 1-12
policy maps 36-79
QoS
adding customers 36-81
adding or deleting a class 36-84
adding or deleting classification criteria 36-81, 36-82
adding or deleting configured actions 36-83
changing queuing or scheduling parameters 36-82
initial 36-79
configuration files
archiving B-20
clearing the startup configuration B-20
creating using a text editor B-11
default name 3-18
deleting a stored configuration B-20
described B-9
downloading
automatically 3-18
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
guidelines
for creating and using B-10
for replacing and rolling back B-21
invalid combinations when copying B-6
limiting TFTP server access 32-17, 32-18, 32-19, 32-20
obtaining with DHCP 3-9
password recovery disable considerations 8-5
replacing a running configuration B-20, B-21
rolling back a running configuration B-20, B-21
specifying the filename 3-18
system contact and location information 32-17
types and location B-11
uploading
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-15
using RCP B-19
using TFTP B-13
configuration guidelines
aggregate policers 36-49
CBWFQ 36-61
CFM 45-7
class-based shaping 36-63
EtherChannel 37-10
Ethernet OAM 45-34
HSRP 42-5
individual policers 36-45
input policy maps 36-44
link-state tracking 37-24
marking in policy maps 36-53
multi-VRF CE 38-84
OAM manager 45-48
output policy maps 36-60
per-port, per-VLAN QoS 36-55
PIM stub routing 46-12
port security 26-10
QoS, general 36-35
QoS class maps 36-40
REP 20-7
rollback and replacement B-21
SSM 46-16
SSM mapping 46-17
strict priority queuing 36-65
unconditional priority policing 36-67
UNI VLANs 14-12
VLAN mapping 16-9
VLANs 14-8
WTD 36-70
configuration replacement B-20
configuration rollback B-20
configuration settings, saving 3-15
configure terminal command 12-14
configuring 802.1x user distribution 10-45
configuring marking in input policy maps 36-53
configuring port-based authentication violation modes 10-32
congestion avoidance, QoS 36-2, 36-31
congestion management, QoS 36-2, 36-25
connections, secure remote 8-44
Connectivity Fault Management
See CFM
connectivity problems 48-8, 48-11, 48-13
console port, connecting to 2-9
control packets
and control-plane security 35-2
dropping and rate-limiting 35-2
control-plane security
configuring 35-6
control packets 35-2
monitoring 35-7
policers 35-3
policing 35-2
purpose of 35-1
control protocol, IP SLAs 43-3
convergence, REP 20-4
corrupted software recovery
steps with Xmodem 48-2
steps with Xmodem and Express Setup 48-3
CoS
classification 36-8
values 36-6
counters, clearing interface 12-36
CPU overload, protection from 35-1
CPU policers 35-5
CPU protection 35-3
CPU threshold notification 32-21
CPU threshold table 32-1, 32-20
CPU utilization statistics 32-20
crashinfo file 48-19
critical authentication, IEEE 802.1x 10-42
critical VLAN 10-18
crosscheck, CFM 45-5, 45-11
cryptographic software image
Kerberos 8-38
SSH 8-43
SSL 8-48
customer edge devices 38-82
customizable web pages, web-based authentication 11-6
C-VLAN 16-7
D
DACL
See downloadable ACL
data collection, bulk statistics 32-20
daylight saving time 6-13
debugging
enabling all system diagnostics 48-16
enabling for a specific feature 48-16
redirecting error message output 48-17
using commands 48-15
default actions, table maps 36-14
default alarm configuration 7-6
default commands 2-4
default configuration
banners 6-17
BGP 38-44, 38-74
booting 3-18
CDP 27-2
CFM 45-7
DHCP 22-8
DHCP option 82 22-8
DHCP snooping 22-8
DHCP snooping binding database 22-8
DNS 6-16
dynamic ARP inspection 23-5
EIGRP 38-36
E-LMI and OAM 45-48
EtherChannel 37-10
Ethernet OAM 45-34
Flex Links 21-7
HSRP 42-5
IEEE 802.1Q tunneling 16-4
IEEE 802.1x 10-26
IGMP 46-37
IGMP filtering 25-24
IGMP snooping 25-6, 40-5, 40-6
IGMP throttling 25-24
initial switch information 3-3
IP addressing, IP routing 38-4
IP multicast routing 46-9
IP SLAs 43-5
IP source guard 22-21
IPv6 39-9
IS-IS 38-63
Layer 2 interfaces 12-18
Layer 2 protocol tunneling 16-16
LLDP 24-3
MAC address table 6-21
MAC address-table move update 21-7
MSDP 47-3
MSTP 18-14
multi-VRF CE 38-84
MVR 25-18
NTP 6-4
optional spanning-tree configuration 19-5
OSPF 38-24
password and privilege level 8-2
PIM 46-9
private VLANs 15-6
QoS 36-35
RADIUS 8-25
REP 20-7
RIP 38-18
RMON 30-3
RSPAN 29-9
SDM template 9-3
SNMP 32-7
SPAN 29-9
SSL 8-50
STP 17-11
system message logging 31-3
system name and prompt 6-15
TACACS+ 8-13
UDLD 28-4
VLAN, Layer 2 Ethernet interfaces 14-16
VLAN mapping 16-9
VLANs 14-7
VMPS 14-25
Y.1731 45-25
default gateway 3-15, 38-10
default networks 38-98
default policer configuration
ENIs and UNIs 35-4
NNIs 35-5
default router preference
See DRP
default routes 38-98
default routing 38-2
default service, DSCP 36-8
default template 9-1
default web-based authentication configuration, 802.1X 11-9
denial-of-service attacks, preventing 35-1
description command 12-31
designing your network, examples 1-12
destination addresses
in IPv4 ACLs 34-11
in IPv6 ACLs 41-5
destination-IP address-based forwarding, EtherChannel 37-8
destination-MAC address forwarding, EtherChannel 37-7
device discovery protocol 24-1, 27-1
DHCP, enabling the relay agent 22-10
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-4
DNS 3-8
relay device 3-8
server side 3-6
TFTP server 3-7
example 3-9
lease options
for IP address information 3-6
for receiving the configuration file 3-7
overview 3-3
relationship to BOOTP 3-4
relay support 1-4, 1-10
support for 1-4
DHCP-based autoconfiguration and image update
configuring3-11to 3-14
understanding3-5to 3-6
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP for IPv6
See DHCPv6
DHCP object tracking, configuring primary interface 44-11
DHCP option 82
circuit ID suboption 22-5
configuration guidelines 22-8
default configuration 22-8
displaying 22-15
forwarding address, specifying 22-10
helper address 22-10
overview 22-3
packet format, suboption
circuit ID 22-5
remote ID 22-5
remote ID suboption 22-5
DHCP server port-based address allocation
configuration guidelines 22-16
default configuration 22-16
described 22-15
displaying 22-18
enabling 22-16
reserved addresses 22-17
DHCP snooping
accepting untrusted packets form edge switch 22-3, 22-12
and private VLANs 22-13
binding database
See DHCP snooping binding database
configuration guidelines 22-8
default configuration 22-8
displaying binding tables 22-15
message exchange process 22-4
option 82 data insertion 22-3
trusted interface 22-2
untrusted interface 22-2
untrusted messages 22-2
DHCP snooping binding database
adding bindings 22-14
binding entries, displaying 22-15
binding file
format 22-7
location 22-6
bindings 22-6
clearing agent statistics 22-15
configuration guidelines 22-9
configuring 22-14
default configuration 22-8
deleting
binding file 22-14
bindings 22-15
database agent 22-14
described 22-6
displaying 22-15
binding entries 22-15
status and statistics 22-15
enabling 22-14
entry 22-6
renewing database 22-15
resetting
delay value 22-14
timeout value 22-14
DHCP snooping binding table
See DHCP snooping binding database
DHCPv6
configuration guidelines 39-14
default configuration 39-14
described 39-5
enabling client function 39-17
enabling DHCPv6 server function 39-15
diagnostic schedule command 49-2
Differentiated Services Code Point
See DSCP
Diffusing Update Algorithm (DUAL) 38-34
Digital Optical Monitoring
see DoM
directed unicast requests 1-4
directories
changing B-5
creating and removing B-5
displaying the working B-5
discovery, Ethernet OAM 45-33
displaying switch alarms 7-13
distributed controller, MODBUS client 5-1
distribute-list command 38-106
DNS
and DHCP-based autoconfiguration 3-8
default configuration 6-16
displaying the configuration 6-17
in IPv6 39-3
overview 6-15
setting up 6-16
support for 1-4
DNS-based SSM mapping 46-19, 46-20
DoM
displaying supported transceivers 12-36
domain names, DNS 6-15
Domain Name System
See DNS
domains, ISO IGRP routing 38-62
dot1q-tunnel switchport mode 14-15
double-tagged packets
IEEE 802.1Q tunneling 16-2
Layer 2 protocol tunneling 16-15
downloadable ACL 10-14, 10-15, 10-50
downloading
configuration files
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-14
using RCP B-18
using TFTP B-12
image files
deleting old image B-28
preparing B-26, B-29, B-33
reasons for B-24
using FTP B-30
using RCP B-34
using TFTP B-27
using the device manager or Network Assistant B-24
drop threshold for Layer 2 protocol packets 16-16
DRP
configuring 39-12
described 39-4
IPv6 39-4
DSCP
assured forwarding 36-8
classification 36-8
class selectors 36-9
default service 36-8
expedited forwarding 36-9
values 36-6
DUAL finite state machine, EIGRP 38-35
dual IPv4 and IPv6 templates 9-2, 39-5
dual protocol stacks
IPv4 and IPv6 39-5
SDM templates supporting 39-5
dual-purpose ports
default port type 12-11
defaults 12-27
defined 12-11
frame size 12-27
LEDs 12-11
setting the type 12-27
duplex mode, configuring 12-21
dynamic access ports
characteristics 14-5
configuring 14-26
defined 12-4
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 23-1
ARP requests, described 23-1
ARP spoofing attack 23-1
clearing
log buffer 23-15
statistics 23-15
configuration guidelines 23-6
configuring
ACLs for non-DHCP environments 23-8
in DHCP environments 23-7
log buffer 23-13
rate limit for incoming ARP packets 23-4, 23-10
default configuration 23-5
denial-of-service attacks, preventing 23-10
described 23-1
DHCP snooping binding database 23-2
displaying
ARP ACLs 23-14
configuration and operating state 23-14
log buffer 23-15
statistics 23-15
trust state and rate limit 23-14
error-disabled state for exceeding rate limit 23-4
function of 23-2
interface trust states 23-3
log buffer
clearing 23-15
configuring 23-13
displaying 23-15
logging of dropped packets, described 23-4
man-in-the middle attack, described 23-2
network security issues and interface trust states 23-3
priority of ARP ACLs and DHCP snooping entries 23-4
rate limiting of ARP packets
configuring 23-10
described 23-4
error-disabled state 23-4
statistics
clearing 23-15
displaying 23-15
validation checks, performing 23-12
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 14-24
reconfirming 14-27
troubleshooting 14-28
types of connections 14-26
dynamic routing
ISO CLNS 38-62
protocols 38-2
E
EBGP 38-42
editing features
enabling and disabling 2-6
keystrokes used 2-6
wrapped lines 2-8
EEM 3.2 33-5
EIGRP
authentication 38-39
components 38-35
configuring 38-37
default configuration 38-36
definition 38-34
interface parameters, configuring 38-38
monitoring 38-41
stub routing 38-40
support for 1-10
EIGRP IPv6 39-6
electronic security perimeter
SEE ESP
E-LMI
and OAM Manager 45-47
CE device configuration 45-52
configuration guidelines 45-48
configuring a CE device 45-51
configuring a PE device 45-51
default configuration 45-48
defined 45-46
enabling 45-50
information 45-46
monitoring 45-53
PE device configuration 45-52
embedded event manager
3.2 33-5
actions 33-4
configuring 33-1, 33-5
displaying information 33-7
environmental variables 33-4
event detectors 33-2
policies 33-4
registering and defining an applet 33-6
registering and defining a TCL script 33-7
understanding 33-1
enable password 8-3
enable secret password 8-3
enabling SNMP traps 7-13
encryption, CipherSuite 8-50
encryption for passwords 8-3
Enhanced IGRP
See EIGRP
enhanced network interface
See ENI
enhanced object tracking
backup static routing 44-12
commands 44-1
defined 44-1
DHCP primary interface 44-11
HSRP 44-7
IP routing state 44-2
IP SLAs 44-9
line-protocol state 44-2
network monitoring with IP SLAs 44-11
routing policy, configuring 44-12
static route primary interface 44-10
tracked lists 44-3
ENI
configuring 12-20
described 12-2
protocol control packets on 35-1
environment variables
embedded event manager 33-4
function of 3-21
equal-cost routing 1-10, 38-96
error messages during command entry 2-4
ESP, substations 1-15
EtherChannel
802.3ad, described 37-6
automatic creation of 37-4, 37-6
channel groups
binding physical and logical interfaces 37-3
numbering of 37-3
configuration guidelines 37-10
configuring
Layer 2 interfaces 37-11
Layer 3 physical interfaces 37-15
Layer 3 port-channel logical interfaces 37-14
default configuration 37-10
described 37-2
displaying status 37-22
forwarding methods 37-7, 37-17
interaction
with STP 37-10
with VLANs 37-11
LACP
described 37-6
displaying status 37-22
hot-standby ports 37-19
interaction with other features 37-7
Layer 2 protocol tunneling 16-14
modes 37-6
port priority 37-21
system priority 37-20
Layer 3 interface 38-3
load balancing 37-7, 37-17
logical interfaces, described 37-3
PAgP
aggregate-port learners 37-18
compatibility with Catalyst 1900 37-18
described 37-4
displaying status 37-22
interaction with other features 37-5
learn method and priority configuration 37-18
modes 37-5
support for 1-2
port-channel interfaces
described 37-3
numbering of 37-3
port groups 12-6
support for 1-2
EtherChannel guard
described 19-3
disabling 19-10
enabling 19-9
Ethernet Alarm Signal function 45-23
Ethernet infrastructure 45-1
Ethernet Link Management Interface
See E-LMI
Ethernet Locked Signal function 45-24
Ethernet loopback, characteristics 45-43
Ethernet OAM
and CFM interaction 45-53
configuration guidelines 45-34
configuring with CFM 45-54
default configuration 45-34
discovery 45-33
enabling 45-34, 45-55
link monitoring 45-33, 45-36
manager 45-1
messages 45-33
protocol
CFM notifications 45-53
defined 45-1, 45-32
monitoring 45-42
remote failure indications 45-33, 45-39
remote loopback 45-33, 45-35
templates 45-39
Ethernet operation, administration, and maintenance
See Ethernet OAM
Ethernet Remote Defect Indication (ETH-RDI) 45-24
Ethernet terminal loopback 36-78
Ethernet virtual connections
See EVCs
Ethernet VLANs
adding 14-9
defaults and ranges 14-8
modifying 14-9
EUI 39-3
EVCs
configuring 45-49
in CFM domains 45-46
event detectors, embedded event manager 33-2
events, RMON 30-3
examples, network configuration 1-12
expedited forwarding, DSCP 36-9
Express Setup 1-4, 13-2
extended-range VLANs
creating with an internal VLAN ID 14-12
defined 14-1
extended system ID
MSTP 18-17
STP 17-4, 17-15
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 10-1
external BGP
See EBGP
external neighbors, BGP 38-46
F
Fast Convergence 21-3
FCS bit error rate alarm
configuring 7-10
defined 7-3
FCS error hysteresis threshold 7-2
features, incompatible 26-11
FIB 38-95
fiber-optic, detecting unidirectional links 28-1
files
copying B-6
crashinfo
description 48-19
displaying the contents of 48-19
location 48-19
deleting B-7
displaying the contents of B-9
tar
creating B-7
displaying the contents of B-8
extracting B-8
image file format B-25
file system
displaying available file systems B-2
displaying file information B-4
local file system names B-1
network file system names B-6
setting the default B-4
filtering
in a VLAN 34-29
IPv6 traffic 41-3, 41-7
non-IP traffic 34-26
show and more command output 2-8
filtering show and more command output 2-8
filters, IP
See ACLs, IP
flash device, number of B-1
flexible authentication ordering
configuring 10-53
overview 10-23
Flex Link Multicast Fast Convergence 21-3
Flex Links
configuration guidelines 21-8
configuring 21-8, 21-9
configuring preferred VLAN 21-11
configuring VLAN load balancing 21-10
default configuration 21-7
description 21-1
link load balancing 21-2
monitoring 21-14
VLANs 21-2
flooded traffic, blocking 26-7
flow control 1-2, 12-29
forward-delay time
MSTP 18-23
STP 17-22
Forwarding Information Base
See FIB
FTP
accessing MIB files A-4
configuration files
downloading B-14
overview B-13
preparing the server B-14
uploading B-15
image files
deleting old image B-32
downloading B-30
preparing the server B-29
uploading B-32
G
general query 21-5
Generating IGMP Reports 21-3
generic object oriented substation events messages
See GOOSE messages
get-bulk-request operation 32-3
get-next-request operation 32-3, 32-4
get-request operation 32-3, 32-4
get-response operation 32-3
global configuration mode 2-2
global leave, IGMP 25-11
global status monitoring alarms 7-2
GOOSE messages 1-3, 1-15
guest VLAN and 802.1x 10-16
H
hardware limitations and Layer 3 interfaces 12-32
hello time
MSTP 18-23
STP 17-21
help, for the command line 2-3
history
changing the buffer size 2-5
described 2-4
disabling 2-5
recalling commands 2-5
history table, level and number of syslog messages 31-9
HMI, MODBUS client 5-1
host ports
configuring 15-11
kinds of 15-2
hosts, limit on dynamic ports 14-28
Hot Standby Router Protocol
See HSRP
HP OpenView 1-3
HSRP
authentication string 42-10
command-switch redundancy 1-6
configuration guidelines 42-5
configuring 42-5
default configuration 42-5
definition 42-1
monitoring 42-12
object tracking 44-7
overview 42-1
priority 42-7
routing redundancy 1-10
support for ICMP redirect messages 42-12
timers 42-10
tracking 42-8
HTTP(S) Over IPv6 39-7
HTTP over SSL
see HTTPS
HTTPS 8-48
configuring 8-52
self-signed certificate 8-49
HTTP secure server 8-48
human machine interface
See HMI
I
IBPG 38-42
ICMP
IPv6 39-4
redirect messages 38-10
support for 1-10
time-exceeded messages 48-13
traceroute 48-13
unreachable messages 34-19
unreachable messages and IPv6 41-4
unreachables and ACLs 34-20
ICMP ping
executing 48-8
overview 48-8
ICMP Router Discovery Protocol
See IRDP
ICMPv6 39-4
IDS appliances
and ingress RSPAN 29-19
and ingress SPAN 29-12
IED
MODBUS client 5-1
substation device 1-15
IEEE 802.1ag 45-2
IEEE 802.1D
See STP
IEEE 802.1Q
and trunk ports 12-4
configuration limitations 14-15
encapsulation 14-15
native VLAN for untagged traffic 14-19
tunneling
compatibility with other features 16-5
defaults 16-4
described 16-1
tunnel ports with other features 16-6
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3ah Ethernet OAM discovery 45-1
IEEE 802.3z flow control 12-29
ifIndex values, SNMP 32-5
IFS 1-4
IGMP
configurable leave timer, described 25-5
configurable leave timer, procedures 25-9
configuring the switch
as a member of a group 46-37
statically connected member 46-42
controlling access to groups 46-38
default configuration 46-37
deleting cache entries 46-46
displaying groups 46-47
fast switching 46-42
flooded multicast traffic
controlling flooding time 25-10
disabling on an interface 25-11
global leave 25-11
query solicitation 25-11
recovering from flood mode 25-11
host-query interval, modifying 46-40
joining multicast group 25-3
join messages 25-3
leave processing, enabling 25-9, 40-9
leaving multicast group 25-5
multicast reachability 46-37
overview 46-2
queries 25-3
report suppression
described 25-6
disabling 25-14, 40-11
supported versions 25-2
support for 1-2
Version 1
changing to Version 2 46-39
described 46-3
Version 2
changing to Version 1 46-39
described 46-3
maximum query response time value 46-41
pruning groups 46-41
query timeout value 46-41
IGMP configurable leave timer 25-5
IGMP filtering
configuring 25-25
default configuration 25-24
described 25-24
monitoring 25-29
support for 1-2
IGMP groups
configuring filtering 25-27
setting the maximum number 25-26
IGMP helper 46-5
IGMP leave timer, configuring 25-9
IGMP profile
applying 25-26
configuration mode 25-25
configuring 25-25
IGMP snooping
and address aliasing 25-2
configuring 25-6
default configuration 25-6, 40-5, 40-6
definition 25-1
enabling and disabling 25-7, 40-6
global configuration 25-7
Immediate Leave 25-5
monitoring 25-14, 40-11
querier
configuration guidelines 25-12
configuring 25-12
supported versions 25-2
support for 1-2
VLAN configuration 25-7
IGMP throttling
configuring 25-27
default configuration 25-24
described 25-24
displaying action 25-28
IGP 38-23
Immediate Leave, IGMP
configuration guidelines 25-9
described 25-5
enabling 25-9, 40-9
inaccessible authentication bypass 10-18
support for multiauth ports 10-18
individual policers
configuration guidelines 36-45
configuring 36-45
initial configuration
defaults 1-12
Express Setup 1-4, 13-2
input policy maps
classification criteria 36-5
configuration guidelines 36-44
configuring 36-44
displaying statistics 36-78
intelligent electronic device
See IED
interface
number 12-14
range macros 12-16
interface command 12-14
interface configuration, REP 20-9
interface configuration mode 2-2
interfaces
configuration guidelines, duplex and speed 12-21
configuring
duplex mode 12-21
procedure 12-14
speed 12-21
counters, clearing 12-36
described 12-31
descriptive name, adding 12-31
displaying information about 12-35
flow control 12-29
management 1-3
monitoring 12-35
naming 12-31
physical, identifying 12-14
range of 12-15
restarting 12-37
shutting down 12-37
status 12-35
supported 12-14
types of 12-1
interfaces range macro command 12-16
interface types 12-14
ENI 12-2
NNI 12-2
UNI 12-2
Interior Gateway Protocol
See IGP
Intermediate System-to-Intermediate System
See IS-IS
internal BGP
See IBGP
internal neighbors, BGP 38-46
Internet Control Message Protocol
See ICMP
Internet Group Management Protocol
See IGMP
Internet Protocol version 6
See IPv6
inter-VLAN routing 1-10, 38-2
Intrusion Detection System
See IDS appliances
inventory management TLV 24-6
IP ACLs
for QoS classification 36-11
implicit deny 34-9, 34-13
implicit masks 34-9
named 34-14
undefined 34-20
IP addresses
128-bit 39-2
classes of 38-5
default configuration 38-4
discovering 6-31
for IP routing 38-3
IPv6 39-2
MAC address association 38-7
monitoring 38-16
IP broadcast address 38-14
ip cef distributed command 38-95
IP directed broadcasts 38-12
ip igmp profile command 25-25
IP information
assigned
manually 3-14
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing
addresses
all-hosts 46-2
all-multicast-routers 46-2
host group address range 46-2
administratively-scoped boundaries, described 46-44
and IGMP snooping 25-1
Auto-RP
adding to an existing sparse-mode cloud 46-24
benefits of 46-24
clearing the cache 46-46
configuration guidelines 46-10
filtering incoming RP announcement messages 46-27
overview 46-6
preventing candidate RP spoofing 46-27
preventing join messages to false RPs 46-26
setting up in a new internetwork 46-24
using with BSR 46-32
bootstrap router
configuration guidelines 46-10
configuring candidate BSRs 46-30
configuring candidate RPs 46-31
defining the IP multicast boundary 46-29
defining the PIM domain border 46-28
overview 46-6
using with Auto-RP 46-32
Cisco implementation 46-1
configuring
basic multicast routing 46-10
IP multicast boundary 46-44
default configuration 46-9
enabling
multicast forwarding 46-11
PIM mode 46-12
group-to-RP mappings
Auto-RP 46-6
BSR 46-6
MBONE
deleting sdr cache entries 46-46
described 46-43
displaying sdr cache 46-47
enabling sdr listener support 46-43
limiting sdr cache entry lifetime 46-44
SAP packets for conference session announcement 46-43
Session Directory (sdr) tool, described 46-43
monitoring
packet rate loss 46-47
peering devices 46-47
tracing a path 46-47
multicast forwarding, described 46-7
PIMv1 and PIMv2 interoperability 46-9
reverse path check (RPF) 46-7
routing table
deleting 46-46
displaying 46-47
RP
assigning manually 46-22
configuring Auto-RP 46-24
configuring PIMv2 BSR 46-28
monitoring mapping information 46-33
using Auto-RP and BSR 46-32
statistics, displaying system and network 46-46
See also IGMP
See also PIM
IP packets, classification 36-6
IP precedence
classification 36-8
values 36-6
IP protocols
routing 1-10
IP routes, monitoring 38-109
IP routing
connecting interfaces with 12-12
disabling 38-17
enabling 38-17
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 43-1
IP SLAs
benefits 43-2
CFM endpoint discovery 45-20
configuration guidelines 43-5
configuring object tracking 44-9
Control Protocol 43-3
default configuration 43-5
definition 43-1
manually configuring CFM ping or jitter 45-17
measuring network performance 43-2
monitoring 43-6
object tracking 44-9
operation 43-2
reachability tracking 44-9
responder
described 43-3
enabling 43-5
response time 43-4
SNMP support 43-2
supported metrics 43-2
track object monitoring agent, configuring 44-11
track state 44-9
IP source guard
and 802.1x 22-21
and DHCP snooping 22-19
and EtherChannels 22-21
and port security 22-21
and private VLANs 22-21
and routed ports 22-21
and TCAM entries 22-21
and trunk interfaces 22-21
and VRF 22-21
binding configuration
automatic 22-19
manual 22-19
binding table 22-19
configuration guidelines 22-21
default configuration 22-21
described 22-19
disabling 22-22
displaying
bindings 22-23
configuration 22-23
enabling 22-21
filtering
source IP address 22-19
source IP and MAC address 22-20
static bindings
adding 22-21
deleting 22-22
IP traceroute
executing 48-14
overview 48-13
IP unicast routing
address resolution 38-7
administrative distances 38-97, 38-107
ARP 38-7
assigning IP addresses to Layer 3 interfaces 38-5
authentication keys 38-108
broadcast
address 38-14
flooding 38-15
packets 38-12
storms 38-12
classless routing 38-6
configuring static routes 38-97
default
addressing configuration 38-4
gateways 38-10
networks 38-98
routes 38-98
routing 38-2
directed broadcasts 38-12
disabling 38-17
dynamic routing 38-2
enabling 38-17
EtherChannel Layer 3 interface 38-3
IGP 38-23
inter-VLAN 38-2
IP addressing
classes 38-5
configuring 38-3
IPv6 39-2
IRDP 38-10
Layer 3 interfaces 38-3
MAC address and IP address 38-7
passive interfaces 38-106
proxy ARP 38-7
redistribution 38-99
reverse address resolution 38-7
routed ports 38-3
static routing 38-2
steps to configure 38-3
subnet mask 38-5
subnet zero 38-5
supernet 38-6
UDP 38-13
with SVIs 38-3
See also BGP
See also EIGRP
See also IS-IS
See also OSPF
See also RIP
IPv4 ACLs
applying to interfaces 34-19
extended, creating 34-10
named 34-14
standard, creating 34-9
IPv6
ACLs
displaying 41-8
limitations 41-3
matching criteria 41-3
port 41-2
precedence 41-2
router 41-2
supported 41-2
addresses 39-2
address formats 39-2
applications 39-4
assigning address 39-9
autoconfiguration 39-4
CEFv6 39-18
default configuration 39-9
default router preference (DRP) 39-4
defined 39-1
Enhanced Interior Gateway Routing Protocol (EIGRP) 39-6
feature limitations 39-8
features not supported 39-8
forwarding 39-9
ICMP 39-4
neighbor discovery 39-4
OSPF 39-6
path MTU discovery 39-3
Router ID 39-6
SDM templates 9-2, 40-1, 41-1
Stateless Autoconfiguration 39-4
supported features 39-2
switch limitations 39-8
traffic, filtering 41-3
understanding static routes 39-6
IRDP
configuring 38-11
definition 38-10
support for 1-10
IS-IS
addresses 38-62
area routing 38-62
default configuration 38-63
monitoring 38-71
show commands 38-71
support for 1-10
system routing 38-62
ISL trunking with IEEE 802.1 tunneling 16-4
ISO CLNS
clear commands 38-71
dynamic routing protocols 38-62
monitoring 38-71
NETs 38-62
NSAPs 38-62
OSI standard 38-62
ISO IGRP
area routing 38-62
system routing 38-62
isolated port 15-2
isolated VLANs 15-2, 15-3
ITU-T Y.1731
See Y.1731
J
join messages, IGMP 25-3
K
KDC
described 8-38
See also Kerberos
keepalive command 12-20
keepalive messages
default 12-20
restriction 17-2
Kerberos
authenticating to
boundary switch 8-41
KDC 8-41
network services 8-41
configuration examples 8-38
configuring 8-41
credentials 8-39
cryptographic software image 8-38
described 8-38
KDC 8-38
operation 8-40
realm 8-40
server 8-40
support for 1-8
switch as trusted third party 8-38
terms 8-39
TGT 8-40
tickets 8-39
key distribution center
See KDC
L
l2protocol-tunnel command 16-18
LACP
See EtherChannel
Layer 2 interfaces, default configuration 12-18
Layer 2 packets, classification 36-6
Layer 2 protocol packets, and control-plane security 35-2
Layer 2 protocol tunneling
configuring 16-15
configuring for EtherChannels 16-19
default configuration 16-16
defined 16-13
guidelines 16-16
Layer-2 template 9-1
Layer 2 traceroute
and ARP 48-12
and CDP 48-12
broadcast traffic 48-11
described 48-11
IP addresses and subnets 48-12
MAC addresses and VLANs 48-12
multicast traffic 48-12
multiple devices on a port 48-12
unicast traffic 48-11
usage guidelines 48-12
Layer 3 features 1-10
Layer 3 interfaces
assigning IP addresses to 38-5
assigning IPv4 and IPv6 addresses to 39-13
assigning IPv6 addresses to 39-10
changing from Layer 2 mode 38-5, 38-87
types of 38-3
LDAP 4-2
Leaking IGMP Reports 21-4
lightweight directory access protocol
See LDAP
line configuration mode 2-2
Link Aggregation Control Protocol
See EtherChannel
Link Failure, detecting unidirectional 18-8
link fault alarm 7-3
link integrity, verifying with REP 20-3
Link Layer Discovery Protocol
See CDP
link local unicast addresses 39-3
link monitoring, Ethernet OAM 45-33, 45-36
link redundancy
See Flex Links
links, unidirectional 28-1
link state advertisements (LSAs) 38-29
link-state tracking
configuration guidelines 37-24
configuring 37-24
described 37-22
LLDP
configuring 24-3
characteristics 24-3
default configuration 24-3
disabling and enabling
globally 24-4
on an interface 24-5
monitoring and maintaining 24-7
overview 24-1
supported TLVs 24-2
transmission timer and holdtime, setting 24-3
LLDP-MED
configuring 24-3
configuring TLVs 24-6
monitoring and maintaining 24-7
overview 24-1, 24-2
supported TLVs 24-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing 42-4
local SPAN 29-2
logging messages, ACL 34-8
login authentication
with RADIUS 8-28
with TACACS+ 8-14
login banners 6-17
log messages
See system message logging
loop guard
described 19-5
enabling 19-10
support for 1-6
M
MAC addresses
aging time 6-21
and VLAN association 6-20
building the address table 6-20
default configuration 6-21
disabling learning on a VLAN 6-30
discovering 6-31
displaying 6-31
displaying in the IP source binding table 22-23
dynamic
learning 6-20
removing 6-22
in ACLs 34-26
IP address association 38-7
static
adding 6-28
allowing 6-29, 6-30
characteristics of 6-27
dropping 6-29
removing 6-28
MAC address learning, disabling on a VLAN 6-30
MAC address notification, support for 1-11
MAC address-table move update
configuration guidelines 21-8
configuring 21-12
default configuration 21-7
description 21-6
monitoring 21-14
MAC address-to-VLAN mapping 14-23
MAC authentication bypass
802.1x readiness check 10-12
configuring 10-45
MAC extended access lists
applying to Layer 2 interfaces 34-28
configuring for QoS 36-39
creating 34-26
defined 34-26
magic packet 10-20
Maintenance end points
See MEPs
Maintenance intermediate points
See MIPs
manageability features 1-3
management access
in-band
CLI session 1-4
SNMP 1-4
out-of-band console port connection 1-4
management options
CLI 2-1
CNS 4-1
overview 1-3
manual preemption, REP, configuring 20-14
marking
action with aggregate policers 36-49
described 36-2, 36-15
match command, QoS
for classification 36-3, 36-7
guidelines 36-40
matching, IPv4 ACLs 34-7
matching classifications, QoS 36-7
maximum aging time
MSTP 18-24
STP 17-22
maximum hop count, MSTP 18-24
maximum number of allowed devices, port-based authentication 10-28
maximum-paths command 38-50, 38-96
media-type command 12-27
membership mode, VLAN port 14-5
MEPs
and STP 45-4
defined 45-3
messages
Ethernet OAM 45-33
to users through banners 6-17
metrics, in BGP 38-50
metric translations, between routing protocols 38-102
metro tags 16-2
MHSRP 42-4
MIBs
accessing files with FTP A-4
location of files A-4
overview 32-1
SNMP interaction with 32-4
supported A-1
MIPs
and STP 45-4
defined 45-4
mirroring traffic for analysis 29-1
mismatches, autonegotiation 48-5
MODBUS
clients
Cisco IP Phone 5-1
distributed controller 5-1
HMI 5-1
IED 5-1
substation router 5-1
substation switch 5-1
using registers C-1
wireless access point 5-1
commands 5-2, 5-3
connecting to clients 5-1
defaults 5-2
registers
port information C-2
system information C-1
RTU in a SCADA system 5-1
security 5-1
server 5-1, 5-2
Modicon Communication Bus
See MODBUS
modular QoS command-line interface
See MQC
module number 12-14
monitoring
access groups 34-39
alarms 7-13
BGP 38-61
cables for unidirectional links 28-1
CDP 27-5
CEF 38-96
control-plane security 35-7
EIGRP 38-41
E-LMI 45-53
Ethernet CFM 45-30, 45-32
Ethernet OAM 45-42
Ethernet OAM protocol 45-42
features 1-11
Flex Links 21-14
HSRP 42-12
IEEE 802.1Q tunneling 16-23
IGMP
filters 25-29
snooping 25-14, 40-11
interfaces 12-35
IP
address tables 38-16
multicast routing 46-46
routes 38-109
IP SLAs operations 43-6
IPv4 ACL configuration 34-39
IPv6 ACL configuration 41-8
IS-IS 38-71
ISO CLNS 38-71
Layer 2 protocol tunneling 16-23
MAC address-table move update 21-14
MSDP peers 47-17
multicast router interfaces 25-15, 40-12
multi-VRF CE 38-94
MVR 25-23
network traffic for analysis with probe 29-2
OAM manager 45-53
object tracking 44-12
OSPF 38-34
port
blocking 26-18
protection 26-18
private VLANs 15-14
QoS 36-78
REP 20-15
RP mapping information 46-33
SFP status 1-11, 12-36, 48-7
source-active messages 47-17
speed and duplex mode 12-23
SSM mapping 46-22
traffic flowing among switches 30-1
traffic suppression 26-18
tunneling 16-23
VLAN
filters 34-39
maps 34-39
VLANs 14-14
VMPS 14-28
MQC
process 36-3
steps to configure 36-3
mrouter port 21-3, 21-5
MSDP
benefits of 47-3
clearing MSDP connections and statistics 47-17
controlling source information
forwarded by switch 47-11
originated by switch 47-8
received by switch 47-13
default configuration 47-3
dense-mode regions
sending SA messages to 47-15
specifying the originating address 47-16
filtering
incoming SA messages 47-13
SA messages to a peer 47-11
SA requests from a peer 47-10
join latency, defined 47-6
meshed groups
configuring 47-14
defined 47-14
originating address, changing 47-16
overview 47-1
peer-RPF flooding 47-2
peers
configuring a default 47-4
monitoring 47-17
peering relationship, overview 47-1
requesting source information from 47-7
shutting down 47-15
source-active messages
caching 47-6
clearing cache entries 47-18
defined 47-2
filtering from a peer 47-10
filtering incoming 47-13
filtering to a peer 47-11
limiting data with TTL 47-12
monitoring 47-17
restricting advertised sources 47-8
support for 1-10
MSTP
boundary ports
configuration guidelines 18-15
described 18-6
BPDU filtering
described 19-3
enabling 19-8
BPDU guard
described 19-3
enabling 19-7
CIST
description 18-3
regional root 18-5
root 18-5
configuration guidelines 18-15, 19-6
configuring
forward-delay time 18-23
hello time 18-23
link type for rapid convergence 18-25
maximum aging time 18-24
maximum hop count 18-24
MST region 18-16
neighbor type 18-25
path cost 18-21
port priority 18-19
root switch 18-17
secondary root switch 18-18
switch priority 18-22
CST
defined 18-3
operations between regions 18-3
default configuration 18-14
default optional feature configuration 19-5
displaying status 18-27
enabling the mode 18-16
EtherChannel guard
described 19-3
enabling 19-9
extended system ID
effects on root switch 18-17
effects on secondary root switch 18-18
unexpected behavior 18-17
IEEE 802.1s
implementation 18-6
port role naming change 18-7
instances supported 17-10
interface state, blocking to forwarding 19-2
interoperability and compatibility among modes 17-10
interoperability with 802.1D
described 18-8
restarting migration process 18-26
IST
defined 18-2
master 18-3
operations within a region 18-3
loop guard
described 19-5
enabling 19-10
mapping VLANs to MST instance 18-16
MST region
CIST 18-3
configuring 18-16
described 18-2
hop-count mechanism 18-5
IST 18-2
supported spanning-tree instances 18-2
optional features supported 1-5
overview 18-2
Port Fast
described 19-2
enabling 19-6
preventing root switch selection 19-4
root guard
described 19-4
enabling 19-10
root switch
configuring 18-17
effects of extended system ID 18-17
unexpected behavior 18-17
shutdown Port Fast-enabled port 19-3
status, displaying 18-27
multiauth mode
See multiple-authentication mode
multicast Ethernet loopback (ETH-LB) 45-24
multicast Ethernet loopback, using 45-29
multicast groups
Immediate Leave 25-5
leaving 25-5
static joins 25-8, 40-8
multicast packets
ACLs on 34-38
multicast router interfaces, monitoring 25-15, 40-12
multicast router ports, adding 25-7, 40-8
Multicast Source Discovery Protocol
See MSDP
multicast storm 26-1
multicast storm-control command 26-4
multicast television application 25-16
multicast VLAN 25-15
Multicast VLAN Registration
See MVR
multiple-authentication mode
description 10-10
support for inaccessible authentication bypass 10-18
Multiple HSRP
See MHSRP
multiple VPN routing/forwarding in customer edge devices
See multi-VRF CE
multi-VRF CE
configuration example 38-90
configuration guidelines 38-84
configuring 38-83
default configuration 38-84
defined 38-81
displaying 38-94
monitoring 38-94
network components 38-83
packet-forwarding process 38-83
support for 1-11
MVR
and address aliasing 25-19
and IGMPv3 25-19
configuration guidelines 25-18
configuring interfaces 25-21
default configuration 25-18
described 25-15
example application 25-16
modes 25-20
monitoring 25-23
multicast television application 25-16
setting global parameters 25-19
support for 1-2
MVRoT, guidelines 25-18
MVR over trunk ports
See MVRoT
N
NAC
critical authentication 10-18, 10-42
IEEE 802.1x authentication using a RADIUS server 10-47
IEEE 802.1x validation using RADIUS server 10-47
inaccessible authentication bypass 10-42
Layer 2 IEEE 802.1x validation 10-22, 10-47
named IPv4 ACLs 34-14
named IPv6 ACLs 41-3
NameSpace Mapper
See NSM
native VLAN
and IEEE 802.1Q tunneling 16-4
configuring 14-19
default 14-19
NEAT
configuring 10-48
overview 10-24
neighbor discovery, IPv6 39-4
neighbor discovery/recovery, EIGRP 38-35
neighbor offset numbers, REP 20-4
neighbors, BGP 38-56
Network Edge Access Topology
See NEAT
network management
CDP 27-1
RMON 30-1
SNMP 32-1
network node interface
See NNI
network performance, measuring with IP SLAs 43-2
network policy TLV 24-6
Network Time Protocol
See NTP
NNI
configuring 12-20
described 12-2
protocol control packets on 35-1
no (form of) commands 2-4
non-IP traffic filtering 34-26
Nonstop Forwarding Awareness
See NSF Awareness
nontrunking mode 14-15
normal-range VLANs
characteristics 14-3
configuring 14-7
defined 14-1
no switchport command 12-5
not-so-stubby areas
See NSSA
NSAPs, as ISO IGRP addresses 38-62
NSF Awareness
BGP 38-46
EIGRP 38-37
IS-IS 38-64
OSPF 38-25
NSM 4-3
NSSA, OSPF 38-29
NTP
associations
authenticating 6-4
defined 6-2
enabling broadcast messages 6-6
peer 6-5
server 6-5
default configuration 6-4
displaying the configuration 6-11
overview 6-2
restricting access
creating an access group 6-8
disabling NTP services per interface 6-10
source IP address, configuring 6-10
stratum 6-2
support for 1-4
synchronizing devices 6-5
time
services 6-2
synchronizing 6-2
O
OAM
client 45-32
features 45-33
sublayer 45-32
OAM manager
and E-LMI 45-47
configuration guidelines 45-48
configuring 45-48, 45-54
monitoring 45-53
purpose of 45-46
with CFM 45-47
with CFM and Ethernet OAM 45-53
OAM protocol data units 45-32, 45-34
OBFL
configuring 48-20
described 48-20
displaying 48-21
object tracking
HSRP 44-7
IP SLAs 44-9
IP SLAs, configuring 44-9
monitoring 44-12
on-board failure logging
See OBFL
online diagnostics
described 49-1
overview 49-1
running tests 49-5
open1x authentication
configuring 10-53
description 10-23
Open Shortest Path First
See OSPF
optimizing system resources 9-1
options, management 1-3
OSPF
area parameters, configuring 38-29
configuring 38-25
default configuration
metrics 38-31
route 38-31
settings 38-24
described 38-23
for IPv6 39-6
interface parameters, configuring 38-26
LSA group pacing 38-32
monitoring 38-34
network types, configuring 38-28
router IDs 38-33
route summarization 38-31
support for 1-10
virtual links 38-31
output policies 36-5
output policy maps
classification criteria 36-5
configuration guidelines 36-60
configuring 36-60
displaying statistics 36-78
P
packet classification
defined 36-6
to organize traffic 36-2
packet marking
configuring 36-53
defined 36-21
packet policing, for QoS 36-2
PAgP
Layer 2 protocol tunneling 16-14
See EtherChannel
parallel paths, in routing tables 38-96
parent policies, QoS 36-12, 36-27
passive interfaces
configuring 38-106
OSPF 38-31
passwords
default configuration 8-2
disabling recovery of 8-5
encrypting 8-3
for security 1-7
overview 8-1
recovery of 48-4
setting
enable 8-3
enable secret 8-3
Telnet 8-6
with usernames 8-6
path cost
MSTP 18-21
STP 17-19
path MTU discovery 39-3
PBR
defined 38-102
enabling 38-104
fast-switched policy-based routing 38-105
local policy-based routing 38-105
peers, BGP 38-56
percentage thresholds in tracked lists 44-6
performance features 1-2
periodic data collection and transfer mechanism 32-6
per-port, per-VLAN policy maps, configuration guidelines 36-55
per-port facility loopback, defined 45-43
per-port per VLAN policing 36-12, 36-55
persistent self-signed certificate 8-49
per-user ACLs and Filter-Ids 10-8
per-VLAN spanning-tree plus
See PVST+
PE to CE routing, configuring 38-90
physical ports 12-3
PIM
default configuration 46-9
dense mode
overview 46-4
rendezvous point (RP), described 46-4
RPF lookups 46-8
displaying neighbors 46-47
enabling a mode 46-12
overview 46-3
router-query message interval, modifying 46-36
shared tree and source tree, overview 46-33
shortest path tree, delaying the use of 46-35
sparse mode
join messages and shared tree 46-4
overview 46-4
prune messages 46-4
RPF lookups 46-8
stub routing
configuration guidelines 46-12
enabling 46-13
overview 46-5
support for 1-10
versions
interoperability 46-9
troubleshooting interoperability problems 46-33
v2 improvements 46-3
ping
executing 48-8
overview 48-8
PoE
auto mode 12-8
CDP with power consumption, described 12-7
CDP with power negotiation, described 12-7
Cisco intelligent power management 12-7
configuring 12-24
devices supported 12-6
high-power devices operating in low-power mode 12-7
IEEE power classification levels 12-7
monitoring 12-9
policing power usage 12-9
power budgeting 12-25
power consumption 12-25
powered-device detection and initial power allocation 12-7
power management modes 12-8
power negotiation extensions to CDP 12-7
standards supported 12-7
static mode 12-8
troubleshooting 48-5
police aggregate command 36-52
police command, with individual policers 36-45, 36-57
policer aggregate command 36-49
policer configuration
default for ENIs and UNIs 35-4
default for NNIs 35-5
policers
configuring for more than one traffic class 36-49
described 36-2
policing
aggregate in input policy maps 36-17
described 36-2
individual in input policy maps 36-16
priority in output policy maps 36-20
QoS 36-15
policy-based routing
See PBR
policy-map command 36-3
policy-map marking, configuration guidelines 36-53
policy maps
attaching 36-4, 36-43
configuration examples 36-79
described 36-16
input
configuring 36-44
described 36-4
output
configuring 36-60
described 36-4
port ACLs
defined 34-2
types of 34-3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 10-10
authentication server
defined 10-3, 11-2
RADIUS server 10-3
client, defined 10-3, 11-2
configuration guidelines 10-27, 11-9
configuring
802.1x authentication 10-32
guest VLAN 10-39
host mode 10-34
inaccessible authentication bypass 10-42
manual re-authentication of a client 10-35
periodic re-authentication 10-34
quiet period 10-35
RADIUS server 10-30, 11-13
RADIUS server parameters on the switch 10-29, 11-11
restricted VLAN 10-40
switch-to-client frame-retransmission number 10-37
switch-to-client retransmission time 10-36
violation modes 10-20, 10-32
default configuration 10-26, 11-9
described 10-1
device roles 10-2, 11-2
displaying statistics 10-54, 11-17
downloadable ACLs and redirect URLs
configuring10-50to 10-53
overview10-14to 10-15
EAPOL-start frame 10-5
EAP-request/identity frame 10-5
EAP-response/identity frame 10-5
enabling
802.1X authentication 11-11
encapsulation 10-3
flexible authentication ordering
configuring 10-53
overview 10-23
guest VLAN
configuration guidelines 10-16, 10-17
described 10-16
host mode 10-9
inaccessible authentication bypass
configuring 10-42
described 10-18
initiation and message exchange 10-5
magic packet 10-20
maximum number of allowed devices per port 10-28
method lists 10-32
multiple authentication 10-10
multiple-hosts mode, described 10-9
ports
authorization state and dot1x port-control command 10-8
authorized and unauthorized 10-8
port security
described 10-19
interactions 10-19
multiple-hosts mode 10-9
readiness check
configuring 10-28
described 10-12, 10-28
resetting to default values 10-47
statistics, displaying 10-54
switch
as proxy 10-3, 11-2
RADIUS client 10-3
switch supplicant
configuring 10-48
overview 10-24
user distribution
guidelines 10-22
overview 10-21
VLAN assignment
AAA authorization 10-32
characteristics 10-12
configuration tasks 10-13
described 10-12
voice aware 802.1x security
configuring 10-31
described 10-30
wake-on-LAN, described 10-20
port-based authentication methods, supported 10-7
port blocking 1-2, 26-6
port-channel
See EtherChannel
Port Fast
described 19-2
enabling 19-6
support for 1-6
port membership modes, VLAN 14-4
port not forwarding alarm 7-3
port not operating alarm 7-3
port priority
MSTP 18-19
STP 17-17
ports
access 12-4
blocking 26-6
dual-purpose 12-11
dynamic access 14-5
IEEE 802.1Q tunnel 14-5
protected 26-5
REP 20-6
routed 12-5
secure 26-8
static-access 14-5, 14-11
switch 12-3
trunks 14-5, 14-15
VLAN assignments 14-11
port security
aging 26-15
and private VLANs 26-16
configuration guidelines 26-10
configuring 26-11
default configuration 26-10
described 26-8
displaying 26-18
enabling 26-16
on trunk ports 26-12
sticky learning 26-9
violations 26-9
with other features 26-10
port shaping
configuring 36-64
described 36-27
port-shutdown response, VMPS 14-24
port status monitoring alarms
FCS bit error rate alarm 7-3
link fault alarm 7-3
port not forwarding alarm 7-3
port not operating alarm 7-3
port types 12-2
power 24-6
power management TLV 24-6
power over Ethernet
See PoE
power substations 1-15
preempt delay time, REP 20-5
preemption (delay) default configuration 21-7
preferential treatment of traffic
See QoS
prefix lists, BGP 38-54
preventing unauthorized access 8-1
primary edge port, REP 20-4
primary interface
for object tracking, DHCP, configuring 44-11
for static routing, configuring 44-10
primary links 21-2
primary VLANs 15-1, 15-3
priority
HSRP 42-7
priority command 36-20
configuring strict priority queuing 36-65
for QoS scheduling 36-26
for strict priority queuing 36-30
priority policing, described 36-20
priority queues
configuring 36-65
described 36-30
for QoS scheduling 36-26
priority with police
commands 36-20
configuring 36-67
described 36-30
priority with unconditional policing, QoS 36-26
private VLANs
across multiple switches 15-4
and SVIs 15-5
and UNI VLANs 14-13
benefits of 15-1
community ports 15-3
community VLANs 15-2, 15-3
configuration guidelines 15-6, 15-8
configuration tasks 15-6
configuring 15-9
default configuration 15-6
end station access to 15-3
IP addressing 15-4
isolated port 15-2
isolated VLANs 15-2, 15-3
mapping 15-13
monitoring 15-14
ports
community 15-3
configuration guidelines 15-8
configuring host ports 15-11
configuring promiscuous ports 15-12
described 14-5
isolated 15-2
promiscuous 15-2
primary VLANs 15-1, 15-3
promiscuous ports 15-2
secondary VLANs 15-2
subdomains 15-1
traffic in 15-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 8-9
exiting 8-9
logging into 8-9
overview 8-2, 8-7
setting a command with 8-8
promiscuous ports
configuring 15-12
defined 15-2
protected ports 26-5
protocol control packets 35-1
protocol-dependent modules, EIGRP 38-35
Protocol-Independent Multicast Protocol
See PIM
provider edge devices 38-82
proxy ARP
configuring 38-9
definition 38-7
with IP routing disabled 38-10
proxy reports 21-3
PVST+
802.1Q trunking interoperability 17-10
described 17-9
instances supported 17-10
Q
QinQ
See IEEE 802.1Q tunneling
QoS
aggregate policers 36-17
and MQC 36-1
basic model 36-2
CBWFQ 36-28
CBWFQ, configuring 36-61
class-based shaping, described 36-26
classification
ACL lookup 36-11
based on CoS value 36-8
based on DSCP 36-8
based on IP precedence 36-8
based on QoS group 36-11
based on VLAN IDs 36-12, 36-55
class maps, described 36-7
comparisons 36-10
criteria 36-6
in frames and packets 36-6
policy maps, described 36-16
class maps
configuration guidelines 36-40
configuring 36-40
configuration examples
adding customers 36-81
adding or deleting a class 36-84
adding or deleting classification criteria 36-81, 36-82
adding or deleting configured actions 36-83
changing queuing or scheduling parameters 36-82
configuration guidelines
aggregate policers 36-49
CBWFQ 36-61
class-based shaping 36-63
class maps 36-40
general 36-35
individual policers 36-45
input policy maps 36-44
marking 36-53
output policy maps 36-60
unconditional priority policing 36-67
WTD 36-70
configuring
aggregate policers 36-49
class-based shaping 36-63
classification with IP ACLs 36-36
class maps 36-40
individual policers 36-46
individual policing 36-45, 36-57
input policy maps with marking 36-53
IP ACLs 36-36
MAC ACLs 36-39
output policy maps 36-60
port shaping 36-64
priority queues 36-65
queue size 36-31
requirements 36-34
service policies 36-43
strict priority queuing 36-65
table maps 36-42
unconditional priority policing 36-67
WTD 36-69, 36-70
congestion avoidance 36-2, 36-31
congestion management 36-2, 36-25
CPU-generated traffic
configuring output policy classification criteria 36-5
configuring QoS group number 36-12
configuring queue-limit 36-70
output remarking 36-6
default configuration 36-35
initial configuration example 36-79
input policy maps
configuring 36-44
described 36-5
IP packet classification 36-6
Layer 2 packet classification 36-6
Layer 3 packet classification 36-6
marking, described 36-2
match command 36-7
output policy maps
configuring 36-61
described 36-5
overview 36-1
packet classification 36-2
packet marking 36-21
packet policing 36-2
parent-child hierarchy 36-12, 36-27
per-port, per-VLAN hierarchical policy maps, described 36-12
policers
configuring 36-46, 36-51, 36-68
described 36-15
policing
aggregate 36-17
described 36-2, 36-15
individual 36-16
priority 36-20
policy maps
attaching 36-43
attaching to an interface 36-19
displaying statistics 36-78
port shaping, described 36-27
preconfiguration 36-34
priority policing, described 36-20
priority with police 36-30
queue size 36-32
scheduling 36-25
CBWFQ 36-26
priority queuing 36-26
traffic shaping 36-25
strict priority queuing 36-30
supported table maps 36-14
support for 1-9
table maps 36-14
testing 36-78
traffic shaping, described 36-26
unconditional priority policing 36-30
WTD 36-32
QoS groups
classification 36-11, 36-12, 36-55
described 36-5, 36-11
QoS information, displaying 36-78
quality of service
See QoS
queries, IGMP 25-3
query solicitation, IGMP 25-11
queue bandwidth and queue size, relationship 36-33
queue-limit command, QoS 36-32, 36-33, 36-69
queue size, QoS, managing 36-31
R
RADIUS
attributes
vendor-proprietary 8-35
vendor-specific 8-34
Change of Authorization 8-19
configuring
accounting 8-33
authentication 8-28
authorization 8-32
communication, global 8-26, 8-34
communication, per-server 8-25, 8-26
multiple UDP ports 8-26
default configuration 8-25
defining AAA server groups 8-30
displaying the configuration 8-38
identifying the server 8-25
limiting the services to the user 8-32
method list, defined 8-25
operation of 8-19
overview 8-17
server load balancing 8-38
suggested network environments 8-18
support for 1-8
tracking services accessed by user 8-33
range
macro 12-16
of interfaces 12-15
rapid convergence 18-10
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
802.1Q trunking interoperability 17-10
described 17-9
instances supported 17-10
Rapid Spanning Tree Protocol
See RSTP
RARP 38-7
rate-limiting threshold, CPU protection 35-6
RCP
configuration files
downloading B-18
overview B-16
preparing the server B-17
uploading B-19
image files
deleting old image B-36
downloading B-34
preparing the server B-33
uploading B-36
reachability, tracking IP SLAs IP host 44-9
readiness check, port-based authentication
configuring 10-28
described 10-12, 10-28
reconfirmation interval, VMPS, changing 14-27
reconfirming dynamic VLAN membership 14-27
recovery procedures 48-1
redirect URL 10-14, 10-50
redundancy
EtherChannel 37-3
HSRP 42-1
STP
backbone 17-8
path cost 14-21
port priority 14-20
reliable transport protocol, EIGRP 38-35
reloading software 3-22
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
remote failure indications, Ethernet OAM 45-33, 45-39
remote loopback, Ethernet OAM 45-33, 45-35
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 29-2
remote terminal unit
See RTU
REP
administrative VLAN, configuring 20-8
age timer 20-8
and STP 20-6
configuration guidelines 20-7
configuring interfaces 20-9
convergence 20-4
default configuration 20-7
manual preemption, configuring 20-14
monitoring 20-15
neighbor offset numbers 20-4
open segment 20-2
ports 20-6
preempt delay time 20-5
primary edge port 20-4
ring segment 20-2
secondary edge port 20-4
segments
characteristics 20-2
described 20-1
SNMP traps, configuring 20-14
supported interfaces 20-1
triggering VLAN load balancing 20-5
verifying link integrity 20-3
VLAN
blocking 20-13
load balancing 20-4
report suppression, IGMP
described 25-6
disabling 25-14, 40-11
resequencing ACL entries 34-14
reserved addresses in DHCP pools 22-17
resets, in BGP 38-49
resetting a UDLD-shutdown interface 28-6
Resilient Ethernet Protocol
See REP
responder, IP SLAs
described 43-3
enabling 43-5
response time, measuring with IP SLAs 43-4
restricted VLAN
configuring 10-40
described 10-17
using with IEEE 802.1x 10-17
restricting access
NTP services 6-8
overview 8-1
passwords and privilege levels 8-2
RADIUS 8-17
TACACS+ 8-10
retry count, VMPS, changing 14-27
reverse address resolution 38-7
Reverse Address Resolution Protocol
See RARP
RFC
1112, IP multicast and IGMP 25-2
1157, SNMPv1 32-2
1305, NTP 6-2
1587, NSSAs 38-23
1757, RMON 30-2
1901, SNMPv2C 32-2
1902 to 1907, SNMPv2 32-2
2236, IP multicast and IGMP 25-2
2273-2275, SNMPv3 32-2
2475, DSCP 36-9
2597, AF per-hop behavior 36-9
2598, EF 36-9
5176, compliance 8-20
RIP
advertisements 38-18
authentication 38-20
configuring 38-19
default configuration 38-18
described 38-18
for IPv6 39-6
hop counts 38-18
summary addresses 38-21
support for 1-10
RMON
default configuration 30-3
displaying status 30-6
enabling alarms and events 30-3
groups supported 30-2
overview 30-1
statistics
collecting group Ethernet 30-5
collecting group history 30-5
support for 1-11
root guard
described 19-4
enabling 19-10
support for 1-6
root switch
MSTP 18-17
STP 17-15
route calculation timers, OSPF 38-31
route dampening, BGP 38-60
routed packets, ACLs on 34-37
routed ports
configuring 38-3
defined 12-5
IP addresses on 12-32, 38-3
route-map command 38-104
route maps
BGP 38-52
policy-based routing 38-103
router ACLs
defined 34-2
types of 34-4
route reflectors, BGP 38-59
router ID, OSPF 38-33
route selection, BGP 38-50
route summarization, OSPF 38-31
route targets, VPN 38-83
routing
default 38-2
dynamic 38-2
IPv6 traffic 39-2
redistribution of information 38-99
static 38-2
routing domain confederation, BGP 38-59
Routing Information Protocol
See RIP
routing protocol administrative distances 38-97
RSPAN
characteristics 29-7
configuration guidelines 29-15
default configuration 29-9
defined 29-2
destination ports 29-6
displaying status 29-22
interaction with other features 29-8
monitored ports 29-5
monitoring ports 29-6
overview 1-11, 29-1
received traffic 29-4
session limits 29-10
sessions
creating 29-16
defined 29-3
limiting source traffic to specific VLANs 29-21
specifying monitored ports 29-16
with ingress traffic enabled 29-19
source ports 29-5
transmitted traffic 29-5
VLAN-based 29-6
RSPAN VLANs, and UNI VLANs 14-13
RSTP
active topology 18-9
BPDU
format 18-12
processing 18-13
designated port, defined 18-9
designated switch, defined 18-9
interoperability with 802.1D
described 18-8
restarting migration process 18-26
topology changes 18-13
overview 18-8
port roles
described 18-9
synchronized 18-11
proposal-agreement handshake process 18-10
rapid convergence
described 18-10
edge ports and Port Fast 18-10
point-to-point links 18-10, 18-25
root ports 18-10
root port, defined 18-9
See also MSTP
RTU, in SCADA system 5-1
running configuration
replacing B-20, B-21
rolling back B-20, B-21
saving 3-15
S
SCADA system
control traffic 1-15
using MODBUS 5-1
scheduled reloads 3-22
scheduling, QoS 36-25
SCP
and SSH 8-54
configuring 8-54
SD flash memory card B-3
SDM
described 9-1
templates
configuring 9-4
number of 9-1
SDM template
configuration guidelines 9-4
configuring 9-3
default 9-1
dual IPv4 and IPv6 9-2
Layer 2 9-1
types of 9-1
secondary edge port, REP 20-4
secondary VLANs 15-2
Secure Copy Protocol
Secure Digital flash memory card
See SD flash memory card
secure HTTP client
configuring 8-53
displaying 8-54
secure HTTP server
configuring 8-52
displaying 8-54
secure MAC addresses
deleting 26-14
maximum number of 26-9
types of 26-8
secure ports, configuring 26-8
secure remote connections 8-44
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 26-8
security features 1-7
See SCP
sequence numbers in log messages 31-7
service-policy command
attaching policy maps 36-4
guidelines 36-60
using 36-43
service-provider networks
and customer VLANs 16-2
and IEEE 802.1Q tunneling 16-1
Layer 2 protocols across 16-13
Layer 2 protocol tunneling for EtherChannels 16-14
MSTP and RSTP 18-1
set command
for QoS marking 36-21
guidelines 36-53
set-request operation 32-4
setting a secondary temperature threshold 7-7, 7-8
setting power supply alarm options 7-6
setting the FCS error hysteresis threshold 7-10
severity levels, defining in system messages 31-8
SFPs
monitoring status of 1-11, 12-36, 48-7
security and identification 48-6
status, displaying 1-11
shape average command, QoS 36-25, 36-27, 36-63
shaped round robin
See SRR
show access-lists hw-summary command 34-21
show alarm commands 7-13
show and more command output, filtering 2-8
show cdp traffic command 27-5
show configuration command 12-31
show forward command 48-17
show interfaces command 12-23, 12-31
show interfaces switchport backup command 21-4
show l2protocol command 16-18, 16-20, 16-21
show lldp traffic command 24-7
show platform forward command 48-17
show running-config command
displaying ACLs 34-19, 34-31, 34-33
interface description in 12-31
shutdown command on interfaces 12-37
shutdown threshold for Layer 2 protocol packets 16-16
Simple Network Management Protocol
See SNMP
single session ID 10-25
Smartports macros
applying Cisco-default macros 13-4
applying global parameter values 13-5
default configuration 13-1
displaying 13-6
tracing 13-3
SMNP traps, and CFM 45-5
SNAP 27-1
SNMP
accessing MIB variables with 32-4
agent
described 32-4
disabling 32-8
and IP SLAs 43-2
authentication level 32-11
community strings
configuring 32-8
overview 32-4
configuration examples 32-21
default configuration 32-7
engine ID 32-7
groups 32-7, 32-10
host 32-7
ifIndex values 32-5
in-band management 1-4
informs
and trap keyword 32-12
described 32-5
differences from traps 32-5
disabling 32-16
enabling 32-16
limiting
access by TFTP servers 32-17
system log messages to NMS 31-9
manager functions 1-3, 32-3
MIBs
location of A-4
supported A-1
notifications 32-5
overview 32-1, 32-4
security levels 32-3
setting CPU threshold notification 32-16
status, displaying 32-23
system contact and location 32-17
trap manager, configuring 32-14
traps
described 32-4, 32-5
differences from informs 32-5
disabling 32-16
enabling 32-12
enabling MAC address notification 6-22, 6-24, 6-26
overview 32-1, 32-4
REP 20-14
types of 32-13
users 32-7, 32-10
versions supported 32-2
SNMP and Syslog Over IPv6 39-7
SNMPv1 32-2
SNMPv2C 32-2
SNMPv3 32-3
snooping, IGMP 25-1
software images
location in flash B-24
recovery procedures 48-2
scheduling reloads 3-22
tar file format, described B-25
See also downloading and uploading
source addresses
in IPv4 ACLs 34-11
in IPv6 ACLs 41-5
source-and-destination-IP address based forwarding, EtherChannel 37-8
source-and-destination MAC address forwarding, EtherChannel 37-8
source-IP address based forwarding, EtherChannel 37-8
source-MAC address forwarding, EtherChannel 37-7
Source-specific multicast
See SSM
SPAN
configuration guidelines 29-10
default configuration 29-9
destination ports 29-6
displaying status 29-22
interaction with other features 29-8
monitored ports 29-5
monitoring ports 29-6
overview 1-11, 29-1
ports, restrictions 26-11
received traffic 29-4
session limits 29-10
sessions
configuring ingress forwarding 29-13, 29-20
creating 29-10
defined 29-3
limiting source traffic to specific VLANs 29-14
removing destination (monitoring) ports 29-12
specifying monitored ports 29-10
with ingress traffic enabled 29-12
source ports 29-5
traffic 29-4
transmitted traffic 29-5
VLAN-based 29-6
spanning tree and native VLANs 14-16
Spanning Tree Protocol
See STP
speed, configuring on interfaces 12-21
SRR, support for 1-9
SSH
configuring 8-45
cryptographic software image 8-43
described 1-4, 8-44
encryption methods 8-44
user authentication methods, supported 8-44
SSL
configuration guidelines 8-51
configuring a secure HTTP client 8-53
configuring a secure HTTP server 8-52
cryptographic software image 8-48
described 8-48
monitoring 8-54
SSM
address management restrictions 46-16
CGMP limitations 46-16
components 46-14
configuration guidelines 46-16
configuring 46-14, 46-17
differs from Internet standard multicast 46-14
IGMP snooping 46-16
IGMPv3
host signalling 46-15
overview 46-14
IP address range 46-15
monitoring 46-17
operations 46-15
PIM 46-14
state maintenance limitations 46-16
SSM mapping
configuration guidelines 46-17
configuring 46-17, 46-20
defined 46-17
DNS-based 46-19, 46-20
monitoring 46-22
overview 46-18
restrictions 46-18
static 46-18, 46-20
static traffic forwarding 46-21
standby ip command 42-6
standby links 21-2
standby router 42-1
standby timers, HSRP 42-10
startup configuration
booting
manually 3-19
specific image 3-19
clearing B-20
configuration file
automatically downloading 3-18
specifying the filename 3-18
default boot configuration 3-18
static access ports
assigning to VLAN 14-11
defined 12-4, 14-5
static addresses
See addresses
static IP routing 1-10
static MAC addressing 1-8
static route primary interface, configuring 44-10
static routes
configuring 38-97
understanding 39-6
static routing 38-2
static SSM mapping 46-18, 46-20
static traffic forwarding 46-21
static VLAN membership 14-2
statistics
802.1X 11-17
802.1x 10-54
CDP 27-5
interface 12-35
IP multicast routing 46-46
LLDP 24-7
LLDP-MED 24-7
OSPF 38-34
RMON
group Ethernet 30-5
group history 30-5
SNMP input and output 32-23
sticky learning 26-9
storm control
configuring 26-3
described 26-1
disabling 26-5
displaying 26-18
support for 1-2
thresholds 26-1
STP
and REP 20-6
BPDU filtering
described 19-3
disabling 19-9
enabling 19-8
BPDU guard
described 19-3
disabling 19-8
enabling 19-7
BPDU message exchange 17-3
configuration guidelines 17-12, 19-6
configuring
forward-delay time 17-22
hello time 17-21
maximum aging time 17-22
path cost 17-19
port priority 17-17
root switch 17-15
secondary root switch 17-17
spanning-tree mode 17-13
switch priority 17-20
counters, clearing 17-23
default configuration 17-11
default optional feature configuration 19-5
designated port, defined 17-3
designated switch, defined 17-3
disabling 17-15
displaying status 17-23
EtherChannel guard
described 19-3
disabling 19-10
enabling 19-9
extended system ID
effects on root switch 17-15
effects on the secondary root switch 17-17
overview 17-4
unexpected behavior 17-15
features supported 1-5
IEEE 802.1D
and bridge ID 17-4
and multicast addresses 17-8
IEEE 802.1t and VLAN identifier 17-4
inferior BPDU 17-3
instances supported 17-10
interface states
blocking 17-6
blocking to forwarding 19-2
disabled 17-7
forwarding 17-5, 17-6
learning 17-6
listening 17-6
overview 17-4
interoperability and compatibility among modes 17-10
keepalive messages 17-2
Layer 2 protocol tunneling 16-13
limitations with 802.1Q trunks 17-10
load sharing
overview 14-19
using path costs 14-21
using port priorities 14-20
loop guard
described 19-5
enabling 19-10
modes supported 17-9
multicast addresses, effect of 17-8
optional features supported 1-5
overview 17-2
path costs 14-21, 14-22
Port Fast
described 19-2
enabling 19-6
port priorities 14-20
preventing root switch selection 19-4
protocols supported 17-9
redundant connectivity 17-8
root guard
described 19-4
enabling 19-10
root port, defined 17-3
root switch
configuring 17-15
effects of extended system ID 17-4, 17-15
election 17-3
unexpected behavior 17-15
status, displaying 17-23
superior BPDU 17-3
timers, described 17-21
stratum, NTP 6-2
strict priority queuing 36-65
configuration guidelines 36-65
configuring 36-66
defined 36-30
QoS 36-30
stub areas, OSPF 38-29
stub routing, EIGRP 38-40
subdomains, private VLAN 15-1
subnet mask 38-5
subnet zero 38-5
substation
application 1-15
router, MODBUS client 5-1
switch, MODBUS client 5-1
success response, VMPS 14-24
summer time 6-13
SunNet Manager 1-3
supernet 38-6
supervisory control and data acquisition system
See SCADA system
supported port-based authentication methods 10-7
SVIs
and IP unicast routing 38-3
and router ACLs 34-4
connecting VLANs 12-11
defined 12-5
routing between VLANs 14-2
S-VLAN 16-7
switch console port 1-4
Switch Database Management
See SDM
switched packets, ACLs on 34-37
Switched Port Analyzer
See SPAN
switched ports 12-3
switchport backup interface 21-4, 21-5
switchport block multicast command 26-7
switchport block unicast command 26-7
switchport command 12-18
switchport mode dot1q-tunnel command 16-6
switchport protected command 26-6
switch priority
MSTP 18-22
STP 17-20
switch software features 1-1
switch virtual interface
See SVI
synchronization, BGP 38-46
syslog
See system message logging
system clock
configuring
daylight saving time 6-13
manually 6-11
summer time 6-13
time zones 6-12
displaying the time and date 6-12
overview 6-1
See also NTP
system message logging
default configuration 31-3
defining error message severity levels 31-8
disabling 31-3
displaying the configuration 31-13
enabling 31-4
facility keywords, described 31-12
level keywords, described 31-8
limiting messages 31-9
message format 31-2
overview 31-1
sequence numbers, enabling and disabling 31-7
setting the display destination device 31-4
synchronizing log messages 31-5
syslog facility 1-11
time stamps, enabling and disabling 31-6
UNIX syslog servers
configuring the daemon 31-11
configuring the logging facility 31-12
facilities supported 31-12
system MTU
and IEEE 802.1Q tunneling 16-5
and IS-IS LSPs 38-67
system name
default configuration 6-15
default setting 6-15
manual configuration 6-15
See also DNS
system prompt, default setting 6-15
system resources, optimizing 9-1
system routing
IS-IS 38-62
ISO IGRP 38-62
System-to-Intermediate System Protocol
See IS-IS
T
table maps
default actions 36-14
described 36-14
for QoS marking 36-21
QoS, configuring 36-42
types of 36-14
TACACS+
accounting, defined 8-11
authentication, defined 8-11
authorization, defined 8-11
configuring
accounting 8-16
authentication key 8-13
authorization 8-16
login authentication 8-14
default configuration 8-13
displaying the configuration 8-17
identifying the server 8-13
limiting the services to the user 8-16
operation of 8-12
overview 8-10
support for 1-8
tracking services accessed by user 8-16
tagged packets
IEEE 802.1Q 16-3
Layer 2 protocol 16-13
tar files
creating B-7
displaying the contents of B-8
extracting B-8
image file format B-25
TCL script, registering and defining with embedded event manager 33-7
TDR 1-11
Telnet
accessing management interfaces 2-9
number of connections 1-4
setting a password 8-6
temperature alarms, configuring 7-7, 7-8
templates
Ethernet OAM 45-39
SDM 9-2
temporary self-signed certificate 8-49
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 8-6
terminal loopback, defined 45-43
TFTP
configuration files
downloading B-12
in base directory 3-7
preparing the server B-11
uploading B-13
configuring for autoconfiguration 3-7
image files
deleting B-28
downloading B-27
preparing the server B-26
uploading B-28
limiting access by servers 32-17
TFTP server 1-4
threshold, traffic level 26-2
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 34-16
time ranges in ACLs 34-16
time stamps in log messages 31-6
time-to-live 38-15
time zones 6-12
TLVs
defined 24-1
LLDP 24-2
LLDP-MED 24-2
traceroute, Layer 2
and ARP 48-12
and CDP 48-12
broadcast traffic 48-11
described 48-11
IP addresses and subnets 48-12
MAC addresses and VLANs 48-12
multicast traffic 48-12
multiple devices on a port 48-12
unicast traffic 48-11
usage guidelines 48-12
traceroute command 48-14
See also IP traceroute
tracked lists
configuring 44-3
types 44-3
tracked objects
by Boolean expression 44-4
by threshold percentage 44-6
by threshold weight 44-5
tracking
interface line-protocol state 44-2
IP routing state 44-2
objects 44-1
process 44-1
track state, tracking IP SLAs 44-9
traffic
blocking flooded 26-7
fragmented 34-5
fragmented IPv6 41-2
unfragmented 34-5
traffic class, defined 36-3
traffic classification, typical values 36-10
traffic marking 36-21
traffic policies, elements in 36-3
traffic shaping
for QoS scheduling 36-25
QoS traffic control 36-26
traffic suppression 26-1
transmission and distribution 1-15
trap-door mechanism 3-2
traps
configuring MAC address notification 6-22, 6-24, 6-26
configuring managers 32-12
defined 32-4
enabling 6-22, 6-24, 6-26, 32-12
notification types 32-13
overview 32-1, 32-4
triggering alarm options
configurable relay 7-3
methods 7-3
SNMP traps 7-4
syslog messages 7-4
troubleshooting
connectivity problems 48-8, 48-11, 48-13
detecting unidirectional links 28-1
displaying crash information 48-19
PIMv1 and PIMv2 interoperability problems 46-33
setting packet forwarding 48-17
SFP security and identification 48-6
show forward command 48-17
with CiscoWorks 32-4
with debug commands 48-15
with ping 48-8
with system message logging 31-1
with traceroute 48-13
trunk failover
See link-state tracking
trunking encapsulation 1-6
trunk ports
configuring 14-17
defined 12-4, 14-5
trunks
allowed-VLAN list 14-18
load sharing
setting STP path costs 14-21
using STP port priorities 14-20
native VLAN for untagged traffic 14-19
parallel 14-21
trustpoints, CA 8-48
tunneling
defined 16-1
IEEE 802.1Q 16-1
Layer 2 protocol 16-13
tunnel ports
defined 14-5
described 12-4, 16-1
IEEE 802.1Q, configuring 16-6
incompatibilities with other features 16-6
twisted-pair Ethernet, detecting unidirectional links 28-1
U
UDLD
configuration guidelines 28-4
default configuration 28-4
disabling
globally 28-5
on fiber-optic interfaces 28-5
per interface 28-5
echoing detection mechanism 28-2
enabling
globally 28-5
per interface 28-5
Layer 2 protocol tunneling 16-15
link-detection mechanism 28-1
neighbor database 28-2
overview 28-1
resetting an interface 28-6
status, displaying 28-6
support for 1-5
UDP
configuring 38-13
datagrams 38-15
defined
forwarding 38-13
unauthorized ports with 802.1x 10-8
unconditional priority policing
configuration guidelines 36-67
priority with police 36-30
UN-ENI VLANs
defined 14-5
UNI 14-5
configuring 12-20
described 12-2
protocol control packets on 35-1
unicast MAC address filtering
and adding static addresses 6-29
and broadcast MAC addresses 6-28
and CPU packets 6-28
and multicast addresses 6-28
and router MAC addresses 6-28
configuration guidelines 6-28
described 6-28
unicast storm 26-1
unicast storm control command 26-4
unicast traffic, blocking 26-7
UNI community VLAN 14-6
UniDirectional Link Detection protocol
See UDLD
UNI isolated VLAN 14-6
UNIs, remote (CFM) 45-47
UNI VLANs
and private VLANs 14-13
and RSPAN VLANs 14-13
configuration guidelines 14-12
configuring 14-13
UNIX syslog servers
daemon configuration 31-11
facilities supported 31-12
message logging configuration 31-12
upgrading software images
See downloading
upgrading with CNS 4-14
uploading
configuration files
preparing B-11, B-14, B-17
reasons for B-9
using FTP B-15
using RCP B-19
using TFTP B-13
image files
preparing B-26, B-29, B-33
reasons for B-24
using FTP B-32
using RCP B-36
using TFTP B-28
usage guidelines
Layer 2 traceroute 48-12
USB mini-Type B console port 12-12
User Datagram Protocol
See UDP
user EXEC mode 2-2
username-based authentication 8-6
user network interface
See UNI
utility substation 1-15
V
Virtual Private Network
See VPN
virtual router 42-1, 42-2
vlan.dat file 14-3
VLAN 1
disabling on a trunk port 14-18
minimization 14-18
VLAN ACLs
See VLAN maps
vlan-assignment response, VMPS 14-24
VLAN blocking, REP 20-13
VLAN configuration mode 2-2
VLAN database
VLAN configuration saved in 14-10
VLANs saved in 14-3
vlan dot1q tag native command 16-4
VLAN filtering and SPAN 29-6
vlan global configuration command 14-7, 14-9
VLAN ID
discovering 6-31
service provider 16-8
VLAN ID translation
See VLAN mapping
VLAN load balancing
configuration guidelines on flex links 21-8
on flex links 21-2
REP 20-4
triggering 20-5
VLAN loopback, defined 45-43
VLAN Management Policy Server
See VMPS
VLAN map entries, order of 34-29
VLAN mapping
1-to-1
configuring 16-10
described 16-8
configuration guidelines 16-9
configuring on a trunk port 16-10
default 16-9
described 16-7
selective Q-in-Q
configuring 16-12
described 16-8
traditional Q-in-Q
configuring 16-11
described 16-8
types of 16-8
VLAN maps
applying 34-33
common uses for 34-33
configuration guidelines 34-29
configuring 34-29
creating 34-30
defined 34-2, 34-5
denying access to a server example 34-34
denying and permitting packets 34-31
displaying 34-39
examples of ACLs and VLAN maps 34-31
removing 34-33
support for 1-8
wiring closet configuration example 34-34
with router ACLs 34-39
VLAN membership
confirming 14-27
modes 14-5
VLAN Query Protocol
See VQP
VLANs
adding 14-9
aging dynamic addresses 17-9
allowed on trunk 14-18
and spanning-tree instances 14-3, 14-9
configuration guidelines 14-8
connecting through SVIs 12-11
customer numbering in service-provider networks 16-3
default configuration 14-7
described 12-2, 14-1
displaying 14-14
extended-range 14-1
features 1-6
illustrated 14-2
internal 14-9
limiting source traffic
with RSPAN 29-21
with SPAN 29-14
modifying 14-9
multicast 25-15
native, configuring 14-19
normal-range 14-1, 14-3
number supported 1-6
parameters 14-3
port membership modes 14-4
static-access ports 14-11
STP and 802.1Q trunks 17-10
supported 14-3
traffic between 14-2
UNI
community 14-6
isolated 14-6
VLAN trunks 14-15
VMPS
administering 14-28
configuration example 14-28
configuration guidelines 14-25
default configuration 14-25
description 14-23
dynamic port membership
described 14-24
reconfirming 14-27
troubleshooting 14-28
mapping MAC addresses to VLANs 14-23
monitoring 14-28
reconfirmation interval, changing 14-27
reconfirming membership 14-27
retry count, changing 14-27
voice aware 802.1x security, port-based authentication
configuring 10-31
described 10-30
VPN
configuring routing in 38-89
forwarding 38-84
in service provider networks 38-81
routes 38-82
VPN routing and forwarding table
See VRF
VQP 1-6, 14-23
VRF
defining 38-83
tables 38-81
VRF-aware services
ARP 38-86
configuring 38-86
FTP 38-88
HSRP 38-87
ping 38-86
RADIUS 38-89
SNMP 38-87
syslog 38-88
TFTP 38-88
traceroute 38-88
VTP Layer 2 protocol tunneling 16-13
W
warm reload 3-22
web-based authentication
802.1x readiness check10-12to ??
configuring 11-16, 11-17
customizable web pages 11-6
description 11-1
interactions with other features 11-7
weighted tail drop
See WTD
weight thresholds in tracked lists 44-5
wireless access point, MODBUS client 5-1
WTD
configuration guidelines 36-70
configuring 36-69, 36-70
described 36-31
support for 1-9
X
Xmodem protocol 48-2, 48-3
Y
Y.1731
default configuration 45-25
description 45-22
ETH-AIS
configuring 45-25
Ethernet Alarm Signal function description 45-23
ETH-LCK
configuring 45-27
Ethernet Locked Signal function description 45-24
ETH-RDI 45-24
multicast Ethernet loopback 45-29
multicast ETH-LB 45-24
terminology 45-23