- Index
- Preface
- Product Overview
- Command-Line Interfaces
- Configuring the Switch for the First Time
- Administering the Switch
- Configuring Interfaces
- Checking Port Status and Connectivity
- Configuring Supervisor Engine Redundancy Using RPR and SSO
- Configuring NSF with SSO Supervisor Engine Redundancy
- Environmental Monitoring and Power Management
- Configuring Power over Ethernet
- Configuring Switches with Cisco Network Assistant
- Configuring VLANs, VTP, and VMPS
- Configuring Layer 2 Ethernet Interfaces
- Configuring SmartPort Macros
- Configuring STP and MST
- Configuring Optional STP Features
- Configuring EtherChannel
- Configuring IGMP Snooping and Filtering
- Configuring 802.1Q and Layer 2 Protocol Tunneling
- Configuring CDP
- Configuring UDLD
- Configuring Unidirectional Ethernet
- Configuring Layer 3 Interfaces
- Configuring Cisco Express Forwarding
- Configuring IP Multicast
- Configuring NetFlow
- Configuring Policy-Based Routing
- Configuring VRF-lite
- Configuring QoS
- Configuring Voice Interfaces
- Configuring 802.1X Port-Based Authentication
- Configuring Port Security
- Configuring RMON
- Configuring Control Plane Policing
- Configuring DHCP Snooping and IP Source Guard
- Configuring Dynamic ARP Inspection
- Configuring Network Security with ACLs
- Configuring Private VLANs
- Configuring Port Unicast and Multicast Flood Blocking
- Configuring Port-Based Traffic Control
- Configuring SPAN and RSPAN
- Configuring Dynamic VLAN Membership
- Configuring System Message Logging
- Configuring SNMP
- Performing Diagnostics on the Catalyst 4500 Series Switch
- Configuring MIB Support
- Configuring WCCPv2 Services
- Acronyms
- Understanding and Configuring Multiple Spanning Trees
Index
Numerics
10/100 autonegotiation feature, forced5-8
10-Gigabit Ethernet port
deploy with Gigabit Ethernet SFP ports5-6
802.10 SAID (default)12-4
802.1Q
trunks15-6
tunneling
compatibility with other features19-5
defaults19-4
described19-2
tunnel ports with other features19-6
802.1Q VLANs
encapsulation13-3
trunk restrictions13-5
802.1s
802.1w
802.1X
802.1X authentication
for Critical Authentication30-10
for guest VLANs30-8
for MAC Authentication Bypass30-9
for Wake-on-LAN30-11
RADIUS accounting30-15
with port security30-13
with VLAN assignment30-6
with voice VLAN ports30-18
802.3ad
A
AAA32-1
'aaa accounting dot1x default start-stop group radius' command, enable .1X accounting30-27
'aaa accounting system default start-stop group radius' command, enable .1X accounting30-27
'aaa authentication dot1x' command, create a .1X AAA authen method list30-22
'aaa authorization network group radius' command, configure for RADIUS authorization30-22
'aaa new-model' command, enable AAA30-22
allowing VLAN assignment30-22
default setting30-20
enabling .1X authentication30-21
enabling system accounting with .1X accounting30-17
logging update/watchdog packets30-17
abbreviating commands2-5
access control entries
access control entries and lists32-1
access list filtering, SPAN enhancement39-13
access lists
using with WCCP46-7
access ports
and Layer 2 protocol tunneling19-9
configure port security31-6, 31-21
configuring13-8
access VLANs13-6
accounting
configuring for 802.1X30-27
ACEs
ACLs35-2
Ethernet35-2
IP35-2
Layer 4 operation restrictions35-9
ACEs and ACLs32-1
ACLs
ACEs35-2
and SPAN39-5
and TCAM programming35-6
applying on routed packets35-22
applying on switched packets35-21
compatibility on the same switch35-3
configuring with VLAN maps35-21
CPU impact35-11
hardware and software support35-5
IP, matching criteria for port ACLs35-4
MAC extended35-12
matching criteria for router ACLs35-3
port
and voice VLAN35-4
defined35-2
limitations35-4
processing35-11
troubleshooting48-1
types supported35-2
acronyms, list ofA-1
active queue management28-14
adding members to a community11-11
addresses
displaying the MAC address table4-30
dynamic
changing the aging time4-21
defined4-19
learning4-20
removing4-22
MAC, discovering4-30
static
adding and removing4-27
defined4-19
address resolution4-30
adjacency tables
description24-2
displaying statistics24-9
advertisements, VTP
aging time
MAC address table4-21
alarms
major9-2
minor9-2
ARP
defined4-30
table
address resolution4-30
managing4-30
asymmetrical links, and 802.1Q tunneling19-4
audiencexxix
authentication
NTP associations4-4
See also port-based authentication
TACACS+
defined3-16
key3-18
login3-19
Authentication, Authorization, and Accounting (AAA)32-1
Authentication Failed VLAN assignment
configure with 802.1X30-35
authentication server
defined30-3
RADIUS server30-3
authoritative time source, described4-2
authorization
authorized and unauthorized ports30-4
authorized ports with 802.1X30-4
autoconfiguration3-2
automatic discovery
considerations11-10
automatic QoS
autonegotiation feature
forced 10/100Mbps5-8
Auto-QoS
configuring28-17
auto-sync command7-7
B
b44-3
BackboneFast
adding a switch (figure)16-3
and MST15-23
configuring16-15
link failure (figure)16-13, 16-14
not supported MST15-23
understanding16-12
banners
configuring
login4-19
message-of-the-day login4-18
default configuration4-18
when displayed4-17
b flash command44-3
BGP1-7
routing session with multi-VRF CE27-7
blocking packets37-1
blocking state (STP)
RSTP comparisons (table)15-24
boot bootldr command3-31
boot command3-27
boot commands44-3
boot fields
See configuration register boot fields
bootstrap program
boot system flash command3-28
Border Gateway Protocol
boundary ports
description15-27
BPDU Guard
and MST15-23
configuring16-15
overview16-7
BPDUs
and media speed15-2
pseudobridges and15-25
what they contain15-3
bridge ID
bridge priority (STP)15-16
bridge protocol data units
broadcast storm control
disabling38-4
BSR
configuration example25-21
burst rate28-51
burst size28-28
C
cache engine clustersxxxi, 46-1
cache farms
candidates
automatic discovery11-10
candidate switch, cluster
defined11-15
requirements11-15
cautions for passwords
encrypting3-22
CDP
and trusted boundary28-26
automatic discovery in communities11-10
configuration20-2
displaying configuration20-3
enabling on interfaces20-3
Layer 2 protocol tunneling19-7
maintaining20-3
monitoring20-3
cdp enable command20-3
CEF
adjacency tables24-2
and NSF with SSO8-5
configuring load balancing24-7
displaying statistics24-8
enabling24-6
hardware switching24-4
load balancing24-6
overview24-1
software switching24-4
CGMP
overview18-1
channel-group group command17-7, 17-10
Cisco 7600 series Internet router
enabling SNMP47-16
Cisco Discovery Protocol
Cisco Express Forwarding
Cisco Group Management Protocol
Cisco IOS NSF-aware
support8-2
Cisco IOS NSF-capable support8-2
Cisco IP Phones
configuring29-2
sound quality29-1
CiscoWorks 200041-4
CIST
description15-22
class-map command28-30
class of service
clear cdp counters command20-4
clear cdp table command20-3
clear counters command5-17
clearing
IP multicast table entries25-20
clear ip eigrp neighbors command23-11
clear ip flow stats command42-9
CLI
accessing2-1
backing out one level2-5
getting commands2-5
history substitution2-3
managing clusters11-15
modes2-5
monitoring environments39-1
ROM monitor2-7
software basics2-4
clients
in 802.1X authentication30-2
clock
clustering switches
command switch characteristics11-14, 11-15
and VTY11-14
convert to a community11-12
managing
through CLI11-15
overview11-13
planning considerations
CLI11-15
passwords11-11
command-line processing2-3
command modes2-5
commands
b flash44-3
boot44-3
confreg44-3
dev44-3
dir device44-3
frame44-5
i44-3
listing2-5
meminfo44-5
reset44-3
ROM monitor debugging44-5
SNMP47-16
sysret44-5
command switch, cluster
requirements11-14
common and internal spanning tree
common spanning tree
community of switches
access modes in Network Assistant11-11
adding devices11-11
candidate characterisitcs11-9
communication protocols11-11
community name11-10
configuration information11-11
converting from a cluster11-12
host name11-10
passwords11-11
community ports36-4
community strings
configuring41-7
overview41-4
and SPAN features36-11
configure as a PVLAN36-12
compiling MIBs47-16
config-register command3-28
config terminal command3-9
configurable leave timer,IGMP18-3
configuration examples
SNMP41-15
configuration files
limiting TFTP server access41-15
obtaining with DHCP3-6
saving3-10
system contact and location information41-14
configuration guidelines
SNMP41-6
configuration register
boot fields
listing value3-29
modifying3-28
changing from ROM monitor44-3
configuring3-26
settings at startup3-27
configure terminal command3-28, 5-2
confreg command44-3
console configuration mode2-5
console port
disconnecting user sessions6-6
monitoring user sessions6-6
control plane policing
CoPP
applying QoS service policy to control plane32-3
configuring
ACLs to match traffic32-3
enabling MLS QoS32-3
packet classification criteria32-3
service-policy map32-3
control plane configuration mode
entering32-3
displaying
dynamic information32-7
number of conforming bytes and packets32-7
rate information32-7
entering control plane configuration mode32-3
monitoring statistics32-7
overview32-1
copy running-config startup-config command3-10
copy system:running-config nvram:startup-config command3-31
CoS
configuring port value28-47
definition28-3
figure28-2
overriding on Cisco IP Phones29-4
priority29-4
CoS-to-DSCP maps28-52
counters
clearing MFIB25-20
clearing on interfaces5-17
CPU port sniffing39-10
Critical Authentication
configure with 802.1X30-32
CST
description15-25
IST and15-22
MST and15-22
customer edge devices27-2
D
daylight saving time4-13
debug commands, ROM monitor44-5
default configuration
802.1X30-20
auto-QoS28-17
banners4-18
DNS4-16
IGMP filtering18-18
Layer 2 protocol tunneling19-9
MAC address table4-21
multi-VRF CE27-4
NTP4-4
private VLANs36-10
RMON43-3
SNMP41-6
SPAN and RSPAN39-6
system message logging40-3
system name and prompt4-15
TACACS+3-18
default gateway
configuring3-11
verifying configuration3-11
default settings, erase commad3-31
deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports5-6
description command5-10
detecting unidirectional links21-1
dev command44-3
DHCP-based autoconfiguration
client request message exchange3-3
configuring
client side3-3
DNS3-5
relay device3-5
server-side3-4
TFTP server3-4
example3-7
lease options
for IP address information3-4
for receiving the configuration file3-4
overview3-2
relationship to BOOTP3-3
DHCP snooping
configuring33-3
default configuration33-3
displaying binding tables33-10
displaying configuration33-11
enabling33-4
enabling on private VLAN33-6
enabling the database agent33-6
overview33-1
Snooping database agent33-2
DHCP Snooping Database Agent
adding to the database (example)33-9
enabling (example)33-7
overview33-2
reading from a TFTP file (example)33-8
Diagnostics
online45-1
troubleshooting45-2
Power-On-Self-Test
causes of failure45-13
how it works45-3
overview45-3
Power-On-Self-Test for Supervisor Engine V-10GE45-7
Differentiated Services Code Point values
DiffServ architecture, QoS28-2
Digital optical monitoring transceiver support5-7
dir device command44-3
disabled state
RSTP comparisons (table)15-24
disabling
broadcast storm control38-4
disconnect command6-6
discovery, clusters
DNS
and DHCP-based autoconfiguration3-5
default configuration4-16
displaying the configuration4-17
overview4-15
setting up4-16
documentation
organizationxxix
relatedxxxii
domain names
DNS4-15
Domain Name System
double-tagged packets
802.1Q tunneling19-2
Layer 2 protocol tunneling19-9
drop threshold for Layer 2 protocol packets19-9
DSCP maps28-52
DSCP-to-CoS maps
configuring28-54
DSCP values
configuring maps28-52
configuring port value28-48
definition28-4
IP precedence28-2
mapping markdown28-24
mapping to transmit queues28-49
DTP
VLAN trunks and13-3
duplex command5-9
duplex mode
configuring interface5-8
dynamic ARP inspection
ARP cache poisoning34-2
configuring
ACLs for non-DHCP environments34-10
in DHCP environments34-5
log buffer34-14
rate limit for incoming ARP packets34-16
denial-of-service attacks, preventing34-16
interface trust state, security coverage34-3
log buffer
configuring34-14
logging of dropped packets34-4
overview34-1
port channels, their behavior34-4
priority of static bindings34-4
purpose of34-2
rate limiting of ARP packets34-4
configuring34-16
validation checks, performing34-18
Dynamic Host Configuration Protocol snooping
dynamic port VLAN membership
example12-26
limit on hosts12-25
reconfirming12-23
troubleshooting12-25
Dynamic Trunking Protocol
E
EAP frames
changing retransmission time30-40
exchanging (figure)30-4, 30-6, 30-10
request/identity30-3
response/identity30-3
setting retransmission number30-41
EAPOL frames
802.1X authentication and30-3
OTP authentication, example (figure)30-4, 30-6, 30-10
start30-3
edge ports
description15-27
EGP
overview1-7
EIGRP (Enhanced IGRP)
stub routing
benefits23-10
configuration tasks23-10
configuring23-6
overview23-6
restrictions23-10
verifying23-11
EIGRP (enhanced IGRP)
overview1-7
eigrp stub command23-11
Embedded CiscoView
displaying information11-26
installing and configuring11-24
overview11-23
enable mode2-5
enabling SNMP47-16
encapsulation types13-3
Enhanced Interior Gateway Routing Protocol
environmental monitoring
LED indications9-2
SNMP traps9-2
supervisor engine9-2
switching modules9-2
using CLI commands9-1
EtherChannel
channel-group group command17-7, 17-10
configuration guidelines17-5
configuring Layer 217-9
configuring Layer 317-6
interface port-channel command17-7
lacp system-priority
command example17-12
modes17-3
overview17-1
PAgP
Understanding17-3
physical interface configuration17-7
port-channel interfaces17-2
port-channel load-balance command17-12
removing17-14
removing interfaces17-13
explicit host tracking
enabling18-10
extended range VLANs
Extensible Authentication Protocol over LAN30-1
Exterior Gateway Protocol
F
FastDrop
clearing entries25-20
displaying entries25-19
overview25-10
FIB
description24-2
filtering
in a VLAN35-14
non-IP traffic35-12
flags25-11
Flash memory
configuring router to boot from3-30
loading system images from3-30
security precautions3-30
flooded traffic, blocking37-2
flow control, configuring5-11
forward-delay time (STP)
configuring15-18
forwarding information base
frame command44-5
G
gateway
get-bulk-request operation41-3
get-next-request operation41-3, 41-4
get-request operation41-3, 41-4
get-response operation41-3
Gigabit Ethernet SFP ports
deploy with 10-Gigabit Ethernet5-6
global configuration mode2-5
Guest-VLANs
configure with 802.1X30-28, 30-36
H
hardware and software ACL support35-5
hardware switching24-5
hello time (STP)
configuring15-17
high CPU, troubleshooting48-3
history
CLI2-3
history table, level and number of syslog messages40-9
hop counts
configuring MST bridges15-28
host
configuring host statically18-10
limit on dynamic port12-25
host ports
kinds of36-4
Hot Standby Routing Protocol
HSRP
description1-6
hw-module module num power command9-17
I
ICMP
enabling6-11
ping6-7
running IP traceroute6-8
time exceeded messages6-8
i command44-3
IDS
using with SPAN and RSPAN39-2
IEEE 802.1s
IEEE 802.1w
IEEE 802.3ad
IGMP
configurable leave timer
enabling18-8
configurable-leave timer18-3
description25-3
enabling25-13
explicit host tracking18-4, 18-10
immediate-leave processing18-3
overview18-1
IGMP filtering
configuring18-18
default configuration18-18
described18-18
monitoring18-21
IGMP groups
setting the maximum number18-20
IGMP Immediate Leave
configuration guidelines18-8
IGMP profile
applying18-19
configuration mode18-18
configuring18-19
IGMP snooping
configuration guidelines18-4
IP multicast and25-4
monitoring18-13
overview18-1
IGRP
description1-7
immediate-leave processing
enabling18-8
IGMP
ingress packets, SPAN enhancement39-12
inline power
configuring on Cisco IP phones29-5
insufficient inline power handling for Supervisor Engine II-TS9-15
Intelligent Power Management10-4
interface port-channel command17-7
interface range command5-4
interface range macro command5-5
interfaces
adding descriptive name5-10
clearing counters5-17
configuring5-2
configuring ranges5-4
displaying information about5-16
Layer 2 modes13-4
maintaining5-16
monitoring5-16
naming5-10
numbers5-2
overview5-1
restarting5-17
Interior Gateway Routing Protocol
Internet Control Message Protocol
Internet Group Management Protocol
Inter-Switch Link encapsulation
Intrusion Detection System
IP
configuring default gateway3-11
configuring static routes3-11
displaying statistics24-8
flow switching cache42-9
IP addresses
cluster candidate or member11-15
cluster command switch11-14
discovering4-30
ip cef command24-6
IP Enhanced IGRP
interfaces, displaying23-11
ip flow-aggregation cache destination-prefix command42-11
ip flow-aggregation cache prefix command42-11
ip flow-aggregation cache source-prefix command42-12
ip flow-export command42-9
ip icmp rate-limit unreachable command6-12
ip igmp profile command18-18
ip igmp snooping tcn flood command18-12
ip igmp snooping tcn flood query count command18-12
ip igmp snooping tcn query solicit command18-13
IP information
assigned
through DHCP-based autoconfiguration3-2
ip load-sharing per-destination command24-7
ip local policy route-map command26-5
ip mask-reply command6-13
IP multicast
clearing table entries25-20
configuring25-12
default configuration25-13
displaying PIM information25-15
displaying the routing table information25-16
enabling25-13
enabling dense-mode PIM25-14
enabling sparse-mode25-14
features not supported25-12
hardware forwarding25-8
monitoring25-15
overview25-1
routing protocols25-2
software forwarding25-8
troubleshooting48-4
See also Auto-RP; IGMP; PIM; RP; RPF
ip multicast-routing command25-13
IP phones
automatic classification and queueing28-17
configuring voice ports29-3
See Cisco IP Phones29-1
trusted boundary for QoS28-26
ip pim command25-14
ip pim dense-mode command25-14
ip pim sparse-dense-mode command25-15
ip policy route-map command26-4
ip redirects command6-12
ip route-cache flow command42-7
IP routing tables
deleting entries25-20
IP Source Guard
configuring33-12
configuring on private VLANs33-13
overview33-11
IP statistics
displaying24-8
IP traceroute
executing6-8
overview6-8
IP unicast
displaying statistics24-8
troubleshooting48-10
ip unreachables command6-11
IPX
redistribution of route information with EIGRP1-7
ISL
encapsulation13-3
trunking with 802.1Q tunneling19-4
isolated port36-4
IST
and MST regions15-22
description15-22
master15-27
J
jumbo frames
and ethernet ports5-14
configuring MTU sizes for5-15
ports and linecards that support5-13
VLAN interfaces5-14
K
keyboard shortcuts2-3
L
l2protocol-tunnel command19-11
labels, definition28-3
LACP
system ID17-4
Layer 2 access ports13-8
Layer 2 frames
classification with CoS28-2
Layer 2 interfaces
assigning VLANs12-8
configuring13-5
configuring as PVLAN host ports36-16
configuring as PVLAN promiscuous ports36-14
configuring as PVLAN trunk ports36-17
defaults13-5
disabling configuration13-9
modes13-4
show interfaces command13-7
Layer 2 interface type
resetting36-21
setting36-21
Layer 2 protocol tunneling
configuring19-9
default configuration19-9
defined19-7
guidelines19-10
Layer 2 switching
overview13-1
Layer 2 Traceroute
and ARP6-10
and CDP6-9
host-to-host paths6-9
IP addresses and subnets6-10
MAC addresses and VLANs6-10
multicast traffic6-10
multiple devices on a port6-10
usage guidelines6-9
Layer 2 trunks
configuring13-6
overview13-3
Layer 3 packets
classification methods28-2
Layer 4 port operations
configuration guidelines35-10
restrictions35-9
LEDs
description (table)9-2
listening state (STP)
RSTP comparisons (table)15-24
load balancing
configuring for CEF24-7
configuring for EtherChannel17-12
per-destination24-7
login authentication
with TACACS+3-19
login banners4-17
login timer
changing6-5
log messages
logoutwarning command6-6
loop guard
and MST15-23
configuring16-4
overview16-3
M
MAC addresses
aging time4-21
allocating15-5
and VLAN association4-20
convert dynamic to sticky secure31-5
default configuration4-21
discovering4-30
displaying in DHCP snooping binding table33-11
dynamic
learning4-20
removing4-22
in ACLs35-12
static
adding4-28
allowing4-29
characteristics of4-27
dropping4-29
removing4-28
sticky31-4
sticky secure, adding31-5
MAC Authentication Bypass
configure with 802.1X30-31
MAC extended access lists35-12
macros
main-cpu command7-7
management options
SNMP41-1
mapping
DSCP markdown values28-24
DSCP values to transmit queues28-49
mapping tables
configuring DSCP28-52
described28-14
mask destination command42-11
mask source command42-11, 42-12
match ip address command26-3
maximum aging time (STP)
configuring15-18
members
automatic discovery11-10
member switch
managing11-15
member switch, cluster
defined11-14
requirements11-15
meminfo command44-5
messages, to users through banners4-17
metro tags19-2
MFIB
CEF25-5
displaying25-18
overview25-11
MIBs
compiling47-16
overview41-1
related information47-15
SNMP interaction with41-4
modules
checking status6-1
powering down9-17
monitoring
802.1Q tunneling19-12
ACL information35-29
IGMP filters18-21
IGMP snooping18-13
Layer 2 protocol tunneling19-12
multi-VRF CE27-12
private VLANs36-21
traffic flowing among switches43-1
tunneling19-12
VLAN filters35-20
VLAN maps35-20
M-record15-23
MST
and multiple spanning trees1-3, 15-22
boundary ports15-27
BPDUs15-23
configuration parameters15-26
configuring15-29
displaying configurations15-34
edge ports15-27
enabling15-29
hop count15-28
instances
configuring parameters15-33
description15-22
number supported15-26
interoperability with PVST+15-23
link type15-28
master15-27
message age15-28
regions15-26
restrictions15-29
to-SST interoperability15-24
MSTP
M-record15-23
M-tree15-23
M-tree15-23
MTU size
default12-4
multicast
multicast packets
blocking37-2
multicast routers
displaying routing tables25-16
flood suppression18-10
Multicast Storm Control
overview38-6
suppression on WS-X401438-7
suppression on WS-X401638-6
multiple forwarding paths1-3, 15-22
Multiple Spanning Tree
multiple VPN routing/forwarding
multi-VRF CE
components27-4
configuration example27-8
default configuration27-4
defined27-1
displaying27-12
monitoring27-12
network components27-4
packet-forwarding process27-4
N
native VLAN
and 802.1Q tunneling19-4
specifying13-6
NetFlow
aggregation
minimum mask,default value42-11
destination-prefix aggregation
configuration (example)42-16
minimum mask, configuring42-11
IP
flow switching cache42-9
prefix aggregation
configuration (example)42-14
minimum mask, configuring42-11
source-prefix aggregation
minimum mask, configuring42-11
switching
checking for required hardware42-6
configuration (example)42-13
configuring switched IP flows42-8
enabling Collection42-7
exporting cache entries42-9
statistics42-9
NetFlow statistics
caveats on supervisor42-6
checking for required hardware42-6
configuring collection42-6
enabling Collection42-7
exporting cache entries42-9
overview of collection42-1
switched/bridged IP flows42-8
Network Assistant
and VTY11-14
configure
enable communication with switch11-16, 11-20
connect to a device11-7
default configuration11-4
installation requirements11-2
installing11-5
launch11-7
overview of CLI commands11-4
software and hardware requirements11-2
network fault tolerance1-3, 15-22
network management
configuring20-1
RMON43-1
SNMP41-1
Network Time Protocol
New Software Features in Release 7.7
TDR6-3
Next Hop Resolution Protocol
NFFC/NFFC II
IGMP snooping and18-4
NHRP
support1-7
non-IP traffic filtering35-12
non-RPF traffic
description25-9
in redundant configurations (figure)25-10
Nonstop Forwarding
nonvolatile random-access memory
normal-range VLANs
NSF
defined8-1
guidelines and restrictions8-9
operation8-4
NSF-aware
supervisor engines8-3
support8-2
NSF-capable
supervisor engines8-3
support8-2
NSF with SSO supervisor engine redundancy
and CEF8-5
overview8-4
SSO operation8-4
NTP
associations
authenticating4-4
defined4-2
enabling broadcast messages4-7
peer4-6
server4-6
default configuration4-4
displaying the configuration4-11
overview4-2
restricting access
creating an access group4-9
disabling NTP services per interface4-10
source IP address, configuring4-10
stratum4-2
synchronizing devices4-6
time
services4-2
synchronizing4-2
NVRAM
saving settings3-10
O
OIR
overview5-16
Online Diagnostics45-1
online insertion and removal
Open Shortest Path First
operating system images
OSPF
area concept1-8
description1-8
P
packets
modifying28-16
software processed
and QoS28-16
packet type filtering
overview39-15
SPAN enhancement39-15
PAgP
understanding17-3
passwords
configuring enable password3-14
configuring enable secret password3-14
encrypting3-22
in clusters11-11
recovering lost enable password3-24
setting line password3-14
PBR (policy-based routing)
configuration (example)26-5
enabling26-3
features26-2
overview26-1
route maps26-2
when to use26-2
PeerResetReason environmental variable
tracking supervisor engine resets48-14
per-port and VLAN Access Control List33-11
per-port per-VLAN QoS
enabling28-42
overview28-16
Per-VLAN Rapid Spanning Tree15-6
enabling15-20
overview15-6
PE to CE routing, configuring27-7
PIM
configuring dense mode25-14
configuring sparse mode25-14
displaying information25-15
displaying statistics25-20
enabling sparse-dense mode25-14, 25-15
overview25-3
PIM-DM25-3
PIM-SM25-3
ping
executing6-7
overview6-7
PoE10-8
configuring power consumption for single device10-5
configuring power consumption for switch10-5
power consumption for powered devices
Intelligent Power Management10-4
overview10-4
supported cabling topology10-6
powering down a module9-17
power management modes10-2
show interface status10-7
point-to-point
in 802.1X authentication (figure)30-2, 30-16
police command28-34
policed-DSCP map28-53
policers
description28-5
types of28-10
policies
policing
policy-map command28-30, 28-32
policy maps
attaching to interfaces28-35
configuring28-32
port ACLs
and voice VLAN35-4
defined35-2
limitations35-4
Port Aggregation Protocol
port-based authentication
802.1X with voice VLAN30-18
changing the quiet period30-39
client, defined30-2
configuration guidelines30-21
configure 802.1X accounting30-27
configure switch-to-RADIUS server communication30-24
configure with Authentication Failed VLAN assignment30-35
configure with Critical Authentication30-32
configure with Guest-VLANs30-28, 30-36
configure with MAC Authentication Bypass30-31
configure with Wake-on-LAN30-34
configuring Guest-VLAN30-24
configuring manual re-authentication of a client30-42
controlling authorization state30-4
default configuration30-20
described30-1
device roles30-2
displaying statistics30-43
enabling30-21
enabling multiple hosts30-38
enabling periodic re-authentication30-37
encapsulation30-3
initiation and message exchange30-3
method lists30-21
ports not supported30-4
resetting to default values30-43
setting retransmission number30-41
setting retransmission time30-40
topologies, supported30-19
using with port security30-13
with Critical Authentication30-10
with Guest VLANs30-8
with MAC Authentication Bypass30-9
with VLAN assignment30-6
port-based QoS features
port-channel interfaces
creating17-6
overview17-2
port-channel load-balance
command17-12
command example17-12
port-channel load-balance command17-12
port cost (STP)
configuring15-15
PortFast
and MST15-23
BPDU filter, configuring16-8
configuring or enabling16-15
overview16-5
PortFast BPDU filtering
and MST15-23
enabling16-8
overview16-8
port priority
configuring MST instances15-33
configuring STP15-13
ports
blocking37-1
checking status6-2
dynamic VLAN membership
example12-26
reconfirming12-23
forwarding, resuming37-3
port security
aging31-5
and QoS trusted boundary28-26
configuring31-7
displaying31-26
guidelines and restrictions31-31
on private VLAN31-13
host31-13
promiscuous31-15
on trunk port31-16
guidelines and restrictions31-13, 31-17, 31-20, 31-31
port mode changes31-21
on voice ports31-21
RADIUS accounting30-15
sticky learning31-5
troubleshooting
common system error messages31-33
verifying that an address is secure31-32
using with 802.1X30-13
violations31-5
with 802.1X Authentication31-30
with DHCP and IP Source Guard31-30
with other features31-31
port states
description15-5
port trust state
power
inline29-5
power dc input command9-14
power handling for Supervisor Engine II-TS10-12
power inline command10-3
power inline consumption command10-5
power management
Catalyst 4500 series9-3
Catalyst 4500 Series power supplies9-9
Catalyst 4948 series9-17
combined mode9-5
configuring combined mode9-8
configuring redundant mode9-7
overview9-1
redundancy9-3
redundant mode9-5
Power-On-Self-Test diagnostics45-3, 45-13
Power-On-Self-Test for Supervisor Engine V-10GE45-7
power redundancy-mode command9-8
power supplies
fixed9-4
associating with secondary VLANs36-13
configuring as a PVLAN36-12
priority
overriding CoS of incoming frames29-4
private VLAN
configure port security31-13
private VLANs
across multiple switches36-5
and SVIs36-9
benefits of36-2
community ports36-4
default configuration36-10
end station access to36-3
isolated port36-4
monitoring36-21
ports
community36-4
isolated36-4
promiscuous36-5
promiscuous ports36-5
secondary VLANs36-3
subdomains36-2
traffic in36-8
troubleshooting
common system error messages36-23
verifying that an address is secure36-23
privileged EXEC mode2-5
privileges
changing default3-23
configuring levels3-23
exiting3-24
logging in3-23
promiscuous ports
configuring PVLAN36-14
defined36-5
setting mode36-21
protocol timers15-4
provider edge devices27-2
pruning, VTP
pseudobridges
description15-25
PVACL33-11
PVID (port VLAN ID)
and 802.1X with voice VLAN ports30-18
PVLAN promiscuous trunk port
PVLANs
802.1q support36-12
across multiple switches36-5
configuration guidelines36-10
configure port security31-13, 31-15, 31-17, 31-31
configuring36-9
configuring a VLAN36-12
configuring promiscuous ports36-14
host ports
configuring a Layer 2 interface36-16
setting36-21
overview36-1
permitting routing, example36-20
promiscuous mode
setting36-21
setting
interface mode36-21
Q
QoS
allocating bandwidth28-50
and software processed packets28-16
auto-QoS
configuration and defaults display28-20
configuration guidelines28-18
described28-17
displaying28-20
effects on NVRAM configuration28-18
enabling for VoIP28-19
basic model28-5
burst size28-28
configuration guidelines28-25
auto-QoS28-18
configuring
auto-QoS28-17
DSCP maps28-52
traffic shaping28-51
trusted boundary28-26
VLAN-based28-46
configuring UBRL28-36
creating policing rules28-29
default auto configuration28-17
default configuration28-23
definitions28-3
disabling on interfaces28-35
enabling and disabling28-45
enabling on interfaces28-35
enabling per-port per-VLAN28-42
IP phones
automatic classification and queueing28-17
detection and trusted settings28-17, 28-26
overview28-1
overview of per-port per-VLAN28-16
packet modification28-16
port-based28-46
priority28-15
traffic shaping28-15
transmit rate28-51
trust states
trusted device28-26
VLAN-based28-46
See also COS; DSCP values; transmit queues
QoS active queue management
tracking queue length28-14
QoS labels
definition28-3
QoS mapping tables
CoS-to-DSCP28-52
DSCP-to-CoS28-54
policed-DSCP28-53
types28-14
QoS marking
description28-5
QoS policers
burst size28-28
types of28-10
QoS policing
definition28-5
QoS policy
attaching to interfaces28-11
overview of configuration28-29
QoS transmit queues
allocating bandwidth28-50
burst28-15
configuring28-49
configuring traffic shaping28-51
mapping DHCP values to28-49
maximum rate28-15
overview28-14
sharing link bandwidth28-15
Quality of service
R
RADIUS server
configure to-Switch communication30-24
configuring settings30-26
parameters on the switch30-24
range command5-4
range macros
defining5-5
ranges of interfaces
configuring5-4
Rapid Spanning Tree
rcommand command11-15
re-authentication of a client
configuring manual30-42
enabling periodic30-37
reduced MAC address15-2
redundancy
configuring7-7
guidelines and restrictions7-5
changes made through SNMP7-11
NSF-aware support8-2
NSF-capable support8-2
overview7-2
redundancy command7-7
understanding synchronization7-4
redundancy (NSF)8-1
configuring
BGP8-11
CEF8-11
EIGRP8-16
IS-IS8-14
OSPF8-13
routing protocols8-5
redundancy (RPR)
route processor redundancy7-3
synchronization7-5
redundancy (SSO)
redundancy command8-10
route processor redundancy7-3
synchronization7-5
related documentationxxxii
Remote Network Monitoring
replication
description25-8
reserved-range VLANs
reset command44-3
resetting a switch to defaults3-31
restricting access
NTP services4-8
TACACS+3-15
retransmission number
setting in 802.1X authentication30-41
retransmission time
changing in 802.1X authentication30-40
RFC
1157, SNMPv141-2
1305, NTP4-2
1757, RMON43-2
1901, SNMPv2C41-2
1902 to 1907, SNMPv241-2
2273-2275, SNMPv341-2
RIP
description1-8
RMON
default configuration43-3
displaying status43-6
enabling alarms and events43-3
groups supported43-2
overview43-1
ROM monitor
boot process and3-25
CLI2-7
debug commands44-5
entering44-2
exiting44-6
overview44-1
root bridge
configuring15-9
selecting in MST15-22
root guard
and MST15-23
enabling16-2
overview16-2
routed packets
ACLs35-22
route-map (IP) command26-3
route maps
defining26-3
PBR26-2
router ACLs
description35-2
using with VLAN maps35-21
route targets
VPN27-4
Routing Information Protocol
RSPAN
configuration guidelines39-16
destination ports39-5
IDS39-2
monitored ports39-4
monitoring ports39-5
received traffic39-3
sessions
creating39-17
defined39-3
limiting source traffic to specific VLANs39-23
monitoring VLANs39-22
removing source (monitored) ports39-21
specifying monitored ports39-17
source ports39-4
transmitted traffic39-4
VLAN-based39-5
RSTP
compatibility15-23
description15-22
port roles15-23
port states15-24
S
SAID
scheduling28-14
defined28-5
overview28-6
secondary root switch15-12
secondary VLANs36-3
associating with primary36-13
permitting routing36-20
security
configuring32-1
Security Association Identifier
sequence numbers in log messages40-7
servers, VTP
service-policy command28-30
service-policy input command22-2, 28-35
service-provider networks
and customer VLANs19-2
Layer 2 protocols across19-7
set default interface command26-4
set interface command26-4
set ip default next-hop command26-4
set ip next-hop command26-4
set-request operation41-4
severity levels, defining in system messages40-8
show adjacency command24-9
show boot command3-31
show catalyst4000 chassis-mac-address command15-3
show cdp entry command20-4
show cdp interface command20-3
show cdp neighbors command20-4
show cdp traffic command20-4
show ciscoview package command11-26
show ciscoview version command11-26
show cluster members command11-15
show configuration command5-10
show debugging command20-4
show environment command9-2
show history command2-4
show interfaces command5-15, 5-16, 5-18, 5-19
show interfaces status command6-2
show ip cache flow aggregation destination-prefix command42-12
show ip cache flow aggregation prefix command42-12
show ip cache flow aggregation source-prefix command42-12
show ip cache flow command42-9
show ip cef command24-8
show ip eigrp interfaces command23-11
show ip eigrp neighbors command23-11
show ip eigrp topology command23-11
show ip eigrp traffic command23-11
show ip interface command25-15
show ip local policy command26-5
show ip mroute command25-15
show ip pim interface command25-15
show l2protocol command19-11
show mac-address-table address command6-3
show mac-address-table interface command6-3
show mls entry command24-8
show PoE consumed10-8
show power inline command10-7
show power inline consumption command10-5
show power supplies command9-8
show protocols command5-17
show running-config command
adding description for an interface5-10
checking your settings3-9
displaying ACLs35-15, 35-17, 35-24, 35-25
show startup-config command3-10
show users command6-6
show version command3-28, 3-29
shutdown, command5-18
shutdown threshold for Layer 2 protocol packets19-9
shutting down
interfaces5-17
Simple Network Management Protocol
single spanning tree
slot numbers, description5-2
Smartports macros
applying global parameter values14-8
applying macros14-8
applying parameter values14-9
configuration guidelines14-6
configuring14-2
creating14-8
default configuration14-4
defined14-1
displaying14-13
tracing14-7
website14-2
SNMP
accessing MIB variables with41-4
agent
described41-4
disabling41-7
authentication level41-10
community strings
configuring41-7
overview41-4
configuration examples41-15
configuration guidelines41-6
default configuration41-6
enabling47-16
engine ID41-6
host41-6
informs
and trap keyword41-11
described41-5
differences from traps41-5
enabling41-14
limiting access by TFTP servers41-15
limiting system log messages to NMS40-9
manager functions41-3
notifications41-5
status, displaying41-16
system contact and location41-14
trap manager, configuring41-13
traps
differences from informs41-5
enabling41-11
enabling MAC address notification4-22
enabling MAC move notification4-24
enabling MAC threshold notification4-26
types of41-11
versions supported41-2
SNMP commands47-16
SNMPv141-2
SNMPv2C41-2
SNMPv341-2
software
upgrading7-13
software configuration register3-26
software switching
description24-5
interfaces24-6
key data structures used25-7
SPAN
and ACLs39-5
configuration guidelines39-7
destination ports39-5
IDS39-2
monitored port, defined39-4
monitoring port, defined39-5
received traffic39-3
sessions
defined39-3
source ports39-4
transmitted traffic39-4
VLAN-based39-5
SPAN and RSPAN
concepts and terminology39-3
default configuration39-6
displaying status39-25
overview39-1
session limits39-6
SPAN enhancements
access list filtering39-13
configuration example39-15
CPU port sniffing39-10
encapsulation configuration39-12
ingress packets39-12
packet type filtering39-15
spanning-tree backbonefast command16-15
spanning-tree cost command15-15
spanning-tree guard root command16-2
spanning-tree portfast bpdu-guard command16-7
spanning-tree portfast command16-6
spanning-tree port-priority command15-13
spanning-tree uplinkfast command16-11
spanning-tree vlan
command15-9
command example15-9
spanning-tree vlan command15-8
spanning-tree vlan cost command15-15
spanning-tree vlan forward-time command15-19
spanning-tree vlan hello-time command15-17
spanning-tree vlan max-age command15-18
spanning-tree vlan port-priority command15-13
spanning-tree vlan priority command15-17
spanning-tree vlan root primary command15-10
spanning-tree vlan root secondary command15-12
speed
configuring interface5-8
speed command5-8
SSO
configuring8-10
SSO operation8-4
SST
description15-22
interoperability15-24
static addresses
static routes
configuring3-11
verifying3-12
statistics
displaying 802.1X30-43
displaying PIM25-20
NetFlow accounting42-9
SNMP input and output41-16
sticky learning
configuration file31-5
defined31-5
disabling31-5
enabling31-5
saving addresses31-5
sticky MAC addresses
configuring31-7
defined31-4
Storm Control
disabling38-4
displaying38-5
enabling38-3
hardware-based, implementing38-2
overview38-1
STP
bridge ID15-2
creating topology15-4
defaults15-6
disabling15-19
enabling15-7
enabling extended system ID15-8
enabling Per-VLAN Rapid Spanning Tree15-20
forward-delay time15-18
hello time15-17
Layer 2 protocol tunneling19-7
maximum aging time15-18
per-VLAN rapid spanning tree15-6
port cost15-15
port priority15-13
root bridge15-9
stratum, NTP4-2
stub routing (EIGRP)
benefits23-10
configuration tasks23-10
configuring23-6
overview23-6
restrictions23-10
verifying23-11
subdomains, private VLAN36-2
summer time4-13
supervisor engine
accessing the redundant7-14
copying files to standby7-14
default configuration3-1
default gateways3-11
environmental monitoring9-1
redundancy8-1
ROM monitor3-25
startup configuration3-25
static routes3-11
synchronizing configurations7-11
Supervisor Engine II-TS
insufficient inline power handling9-15, 10-12
SVIs
and router ACLs35-3
switched packets
and ACLs35-21
Switched Port Analyzer
switching, NetFlow
checking for required hardware42-6
configuration (example)42-13
configuring switched IP flows42-8
enabling Collection42-7
exporting cache entries42-9
switchport
show interfaces5-15, 5-18, 5-19
switchport access vlan command13-6, 13-8
switchport block multicast command37-2
switchport block unicast command37-2
switchport mode access command13-8
switchport mode dot1q-tunnel command19-6
switchport mode dynamic command13-6
switchport mode trunk command13-6
switch ports
switchport trunk allowed vlan command13-6
switchport trunk encapsulation command13-6
switchport trunk encapsulation dot1q command13-3
switchport trunk encapsulation isl command13-3
switchport trunk encapsulation negotiate command13-3
switchport trunk native vlan command13-6
switchport trunk pruning vlan command13-6
switch-to-RADIUS server communication
configuring30-24
syslog
syslog messages9-2
sysret command44-5
system
reviewing configuration3-10
settings at startup3-27
system clock
configuring
daylight saving time4-13
manually4-11
summer time4-13
time zones4-12
displaying the time and date4-12
overview4-1
system images
loading from Flash memory3-30
modifying boot field3-27
specifying3-29
system message logging
default configuration40-3
defining error message severity levels40-8
disabling40-4
displaying the configuration40-12
enabling40-4
facility keywords, described40-12
level keywords, described40-8
limiting messages40-9
message format40-2
overview40-1
sequence numbers, enabling and disabling40-7
setting the display destination device40-4
synchronizing log messages40-5
timestamps, enabling and disabling40-7
UNIX syslog servers
configuring the daemon40-10
configuring the logging facility40-11
facilities supported40-12
system MTU
802.1Q tunneling19-5
maximums19-5
system name
default configuration4-15
default setting4-15
manual configuration4-15
system prompt, default setting4-14, 4-15
T
TACACS+32-1
accounting, defined3-16
authentication, defined3-16
authorization, defined3-16
configuring
accounting3-21
authentication key3-18
authorization3-21
login authentication3-19
default configuration3-18
displaying the configuration3-22
identifying the server3-18
limiting the services to the user3-21
operation of3-17
overview3-15
tracking services accessed by user3-21
tagged packets
802.1Q19-3
Layer 2 protocol19-7
TCAM programming and ACLs35-6
TDR
checking cable connectivity6-3
enabling and disabling test6-3
guidelines6-3
Telnet
accessing CLI2-2
disconnecting user sessions6-6
executing6-5
monitoring user sessions6-6
telnet command6-5
Terminal Access Controller Access Control System Plus
TFTP
configuration files in base directory3-5
configuring for autoconfiguration3-4
limiting access by servers41-15
TFTP download
time
Time Domain Reflectometer
time exceeded messages6-8
timer
timestamps in log messages40-7
time zones4-12
Token Ring
media not supported (note)12-4, 12-10
TOS
description28-4
trace command6-9
traceroute
traceroute mac command6-10
traceroute mac ip command6-10
traffic
blocking flooded37-2
traffic control
using ACLs (figure)35-4
using VLAN maps (figure)35-5
traffic shaping28-15
translational bridge numbers (defaults)12-4
transmit queues
transmit rate28-51
traps
configuring MAC address notification4-22
configuring MAC move notification4-24
configuring MAC threshold notification4-26
configuring managers41-11
defined41-3
enabling4-22, 4-24, 4-26, 41-11
notification types41-11
troubleshooting
ACLs48-1
high CPU48-3
IP multicast48-4
IP unicast48-10
tracking supervisor engine resets through PeerResetReason variable48-14
with CiscoWorks41-4
with system message logging40-1
with traceroute6-8
trunk ports
configure port security31-16
configuring PVLAN36-17to 36-18
trunks
802.1Q restrictions13-5
configuring13-6
configuring access VLANs13-6
configuring allowed VLANs13-6
default interface configuration13-6
different VTP domains13-3
enabling to non-DTP device13-4
encapsulation13-3
specifying native VLAN13-6
understanding13-3
trusted boundary for QoS28-26
trust states
configuring28-46
tunneling
defined19-1
Layer 2 protocol19-7
tunnel ports
802.1Q, configuring19-6
described19-2
incompatibilities with other features19-5
type of service
U
UDLD
default configuration21-2
disabling21-3
enabling21-3
overview21-1
unauthorized ports with 802.1X30-4
unicast
unicast flood blocking
configuring37-1
unicast MAC address filtering
and adding static addresses4-29
and broadcast MAC addresses4-28
and CPU packets4-28
and multicast addresses4-28
and router MAC addresses4-28
configuration guidelines4-28
described4-28
unicast traffic
blocking37-2
unidirectional ethernet
enabling22-2
example of setting22-2
overview22-1
UniDirectional Link Detection Protocol
UNIX syslog servers
daemon configuration40-10
facilities supported40-12
message logging configuration40-11
UplinkFast
and MST15-23
enabling16-15
MST and15-23
overview16-10
User Based Rate Limiting
configuring28-37
overview28-36
user EXEC mode2-5
user sessions
disconnecting6-6
monitoring6-6
V
VACLs
Layer 4 port operations35-9
virtual configuration register44-3
virtual LANs
Virtual Private Network
VLAN ACLs
vlan database command12-7
vlan dot1q tag native command19-4
VLAN ID, discovering4-30
VLAN Management Policy Server
VLAN maps
common uses for35-18
configuration example35-18
configuration guidelines35-14
configuring35-13
creating entries35-15
defined35-3
denying access example35-19
denying packets35-15
displaying35-20
examples35-19
order of entries35-14
permitting packets35-15
router ACLs and35-21
using (figure)35-5
VLANs
allowed on trunk13-6
configuration guidelines12-3
configuring12-4
customer numbering in service-provider networks19-3
default configuration12-4
description1-5
extended range12-3
IDs (default)12-4
interface assignment12-8
limiting source traffic with RSPAN39-23
monitoring with RSPAN39-22
name (default)12-4
normal range12-3
overview12-1
reserved range12-3
VLAN Trunking Protocol
VLAN trunks
overview13-3
VMPS
configuration file example12-29
configuring dynamic access ports on client12-22
configuring retry interval12-24
database configuration file12-29
dynamic port membership
example12-26
reconfirming12-23
reconfirming assignments12-23
reconfirming membership interval12-23
server overview12-17
VMPS client
administering and monitoring12-24
configure switch
configure reconfirmation interval12-23
dynamic ports12-22
entering IP VMPS address12-21
reconfirmation interval12-24
reconfirm VLAM membership12-23
default configuration12-21
dynamic VLAN membership overview12-20
troubleshooting dynamic port VLAN membership12-25
VMPS server
fall-back VLAN12-19
illegal VMPS client requests12-20
overview12-17
security modes
multiple12-19
open12-18
secure12-19
voice interfaces
configuring29-1
Voice over IP
configuring29-1
voice ports
configuring VVID29-3
voice VLAN
IP phone data traffic, described29-2
IP phone voice traffic, described29-2
voice VLAN ports
using 802.1X30-18
VPN
configuring routing in27-6
forwarding27-4
in service provider networks27-1
routes27-2
routing and forwarding table
VRF
defining27-4
tables27-1
VTP
configuration guidelines12-12
configuring transparent mode12-16
default configuration12-12
disabling12-16
Layer 2 protocol tunneling19-7
monitoring12-16
overview12-8
VTP advertisements
description12-9
VTP clients
configuring12-15
VTP domains
description12-9
VTP modes12-9
VTP pruning
enabling12-13
overview12-10
VTP servers
configuring12-14
VTP statistics
displaying12-16
VTP version 2
enabling12-14
overview12-10
VTY and Network Assistant11-14
VVID (voice VLAN ID)
and 802.1X authentication30-18
configuring29-3
W
Wake-on-LAN
configure with 802.1X30-34
WCCP
configuration examples46-8
configuring on a router46-2, 46-10
features46-4
restrictions46-5
service groups46-6
Web Cache Communication Protocol
web caches
web cache services
description46-4
web caching
web scaling46-1