Index Numerics
10/100 autonegotiation feature, forced 6-17
10-Gigabit Ethernet or Gigabit Ethernet ports
deploy on WS-X4606-10GE-E and Sup 6-E 6-13
10-Gigabit Ethernet port
deploy with Gigabit Ethernet SFP ports 6-11, 6-13
1400 W DC Power supply
special considerations 10-18
1400 W DC SP Triple Input power supply
special considerations 10-19
802.10 SAID (default) 13-5
802.1Q
trunks 18-6
tunneling
compatibility with other features 25-5
defaults 25-3
described 25-2
tunnel ports with other features 25-6
802.1Q VLANs
encapsulation 15-3
trunk restrictions 15-5
802.1s
See MST
802.1w
See MST
802.1X
See port-based authentication
802.1X authentication
Authentication Failed VLAN assignment 40-18
for Critical Authentication 40-15
for guest VLANs 40-12
for MAC Authentication Bypass 40-13
for Unidirectional Controlled Port 40-16
VLAN User Distribution 40-16
web-based authentication 40-15
with port security 40-19
with VLAN assignment 40-11
with voice VLAN ports 40-22
802.1X Host Mode 40-7
multiauthentication mode 40-9
multidomain authentication mode 40-8
single-host 40-8
802.3ad
See LACP
A
AAA 44-1
fail policy 42-4
AAA (authentication, authorization, and accounting). See also port-based authentication. 42-2
abbreviating commands 2-5
access control entries
See ACEs
access control entries and lists 44-1
access-group mode, configuring on Layer 2 interface 47-38
access-group mode, using PACL with 47-37
access list filtering, SPAN enhancement 51-13
access lists
using with WCCP 61-7
access ports
and Layer 2 protocol tunneling 25-15
configure port security 43-7, 43-23
configuring 15-8
access VLANs 15-6
accounting
with RADIUS 40-104
with TACACS+ 3-16, 3-21
ACEs
ACLs 47-2
IP 47-3
Layer 4 operation restrictions 47-16
ACEs and ACLs 44-1
ACL assignments, port-based authentication 40-20
ACL assignments and redirect URLs, configure 40-37
ACL configuration, displaying a Layer 2 interface 47-39
ACLs
ACEs 47-2
and SPAN 51-5
and TCAM programming for Sup 6-E 47-15
and TCAM programming for Sup II-Plus thru V-10GE 47-7
applying IPv6 ACLs to a Layer 3 interface 47-23
applying on routed packets 47-33
applying on switched packets 47-32
chaning the TCAM programming algorithm 47-9
compatibility on the same switch 47-3
configuring with VLAN maps 47-31
CPU impact 47-18
downloadable 42-7
hardware and software support 47-6
IP, matching criteria for port ACLs 47-4
MAC extended 47-20
matching criteria for router ACLs 47-3
port
and voice VLAN 47-5
defined 47-3
processing 47-18
resize the TCAM regions 47-11
selecting mode of capturing control packets 47-13
TCAM programming algorithm 47-8
troubleshooting high CPU 47-12
types supported 47-3
understanding 47-2
VLAN maps 47-5
ACLs, applying to a Layer 2 interface 47-38
ACLs and VLAN maps, examples 47-26
acronyms, list of A-1
action drivers, marking 37-72
active queue management 37-15
active queue management via DBL, QoS on Sup 6-E 37-85
active traffic monitoring, IP SLAs 58-1
adding members to a community 12-9
addresses
displaying the MAC table 4-35
dynamic
changing the aging time 4-21
defined 4-19
learning 4-20
removing 4-22
IPv6 47-2
MAC, discovering 4-35
See MAC addresses
static
adding and removing 4-27
defined 4-19
address resolution 4-35
adjacency tables
description 31-2
displaying statistics 31-9
administrative VLAN
REP, configuring 20-8
administrative VLAN, REP 20-8
advertisements
LLDP 1-4, 27-2
advertisements, VTP
See VTP advertisements
aggregation switch, enabling DHCP snooping 45-10
aging time
MAC address table 4-21
All Auth manager sessions, displaying summary 40-110
All Auth manager sessions on the switch authorized for a specified authentication method 40-111
ANCP client
enabling and configuring 34-2
guidelines and restrictions 34-5
identify a port with DHCP option 82 34-4
identify a port with protocol 34-2
overview 34-1
ANCP protocol
identifying a port with 34-2
applying IPv6 ACLs to a Layer 3 interface 47-23
AQM via DBL, QoS on Sup 6-E 37-85
archiving crashfiles information 2-8
ARP
defined 4-35
table
address resolution 4-35
managing 4-35
asymmetrical links, and 802.1Q tunneling 25-3
attributes, RADIUS
vendor-proprietary 40-107
vendor-specific 40-105
authentication
NTP associations 4-4
RADIUS
key 40-97
login 40-99
See also port-based authentication
TACACS+
defined 3-16
key 3-18
login 3-19
Authentication, Authorization, and Accounting (AAA) 44-1
Authentication Failed, configuring 80.1X 40-67
Authentication methods registered with the Auth manager, determining 40-110
authentication open comand 40-9
authentication proxy web pages 42-4
authentication server
defined 40-3
RADIUS server 40-3
Auth manager session for an interface, verifying 40-111
Auth manager summary, displaying 40-110
authoritative time source, described 4-2
authorization
with RADIUS 40-103
with TACACS+ 3-16, 3-21
authorized and unauthorized ports 40-5
authorized ports with 802.1X 40-5
autoconfiguration 3-2
automatic discovery
considerations 12-7
automatic QoS
See QoS
Auto-MDIX on a port
configuring 6-28
displaying the configuration 6-28
overview 6-27
autonegotiation feature
forced 10/100Mbps 6-17
Auto-QoS
configuring 37-57
Auto SmartPorts built-in macros
configuring parameters 17-6
Auto SmartPorts macros
built-in macros 17-4
configuration guidelines 17-4
default configuration 17-3
defined 17-1
displaying 17-13
enabling 17-3
IOS shell 17-2, 17-9
Auto Smartports macros
defined 1-2
Auto SmartPorts user-defined macros
configuring 17-9
auto-sync command 8-7
Auto SmartPorts macros
See also SmartPorts macros
Auto Smartports macros
See also Smartports macros
B
Baby Giants
interacting with 6-25
BackboneFast
adding a switch (figure) 21-4
and MST 18-23
configuring 21-16
link failure (figure) 21-14, 21-15
not supported MST 18-23
understanding 21-14
See also STP
banners
configuring
login 4-19
message-of-the-day login 4-18
default configuration 4-18
when displayed 4-17
b command 62-3
b flash command 62-3
BGP 1-11
routing session with multi-VRF CE 36-12
blocking packets 49-1
blocking state (STP)
RSTP comparisons (table) 18-24
boot bootldr command 3-31
boot command 3-28
boot commands 62-3
boot fields
See configuration register boot fields
bootstrap program
See ROM monitor
boot system command 3-26, 3-31
boot system flash command 3-28
Border Gateway Protocol
See BGP
boundary ports
description 18-27
BPDU Guard
and MST 18-23
configuring 21-16
overview 21-8
BPDUs
and media speed 18-2
pseudobridges and 18-25
what they contain 18-3
bridge ID
See STP bridge ID
bridge priority (STP) 18-17
bridge protocol data units
See BPDUs
Broadcast Storm Control
disabling 50-6
enabling 50-3
Built-in macros and user-defined triggers, configuring mapping 17-9
burst rate 37-53
burst size 37-28
C
cache engine clusters 61-1
cache engines 61-1
cache farms
See cache engine clusters
Call Home
description 1-17, 57-2
message format options 57-2
messages
format options 57-2
call home 57-1
alert groups 57-6
configuring e-mail options 57-9
contact information 57-4
default settings 57-18
destination profiles 57-5
displaying information 57-13
mail-server priority 57-10
pattern matching 57-9
periodic notification 57-8
rate limit messages 57-9
severity threshold 57-8
smart call home feature 57-2
SMTP server 57-9
testing communications 57-10
call home alert groups
configuring 57-6
description 57-6
subscribing 57-7
call home contacts
assigning information 57-4
call home destination profiles
attributes 57-5
configuring 57-5
description 57-5
displaying 57-16
call home notifications
full-txt format for syslog 57-25
XML format for syslog 57-28
candidates
automatic discovery 12-7
candidate switch, cluster
defined 12-12
Capturing control packets
selecting mode 47-13
cautions
Unicast RPF
BGP optional attributes 32-4
cautions for passwords
encrypting 3-22
CDP
and trusted boundary 37-22
automatic discovery in communities 12-7
configuration 26-2
defined with LLDP 27-1
displaying configuration 26-3
enabling on interfaces 26-3
host presence detection 40-9
Layer 2 protocol tunneling 25-13
maintaining 26-3
monitoring 26-3
overview 1-3, 26-1
cdp enable command 26-3
CEF
adjacency tables 31-2
and NSF with SSO 9-5
configuring load balancing 31-7
displaying statistics 31-8
enabling 31-6, 60-2
hardware switching 31-4
load balancing 31-6
overview 31-1
software switching 31-4
certificate authority (CA) 57-3
CFM
and Ethernet OAM interaction 55-35
configuration guidelines 55-8, 56-4
configuring crosscheck for VLANs 55-11
configuring over VLANs 55-9
crosscheck 55-7
default configuration 55-8
defined 55-2
disabling on a port 55-9
EtherChannel support 55-8, 56-4
IP SLAs support for 55-7
IP SLAs with endpoint discovers 55-15
maintenance domain 55-3
maintenance point 55-4
manually configuring IP SLAs ping or jitter 55-13
measuring network performance 55-7
monitoring 55-18
on EtherChannel port channels 55-8
sample configuration 55-16
SNMP traps 55-7
types of messages 55-6
CGMP
overview 23-1
Change of Authorization, RADIUS 40-91
channel-group group command 22-8, 22-10
Cisco 7600 series Internet router
enabling SNMP 63-4, 63-5
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco IOS IP SLAs 58-2
Cisco IOS NSF-aware
support 9-2
Cisco IOS NSF-capable support 9-2
Cisco IP Phones
configuring 38-3
sound quality 38-1
CiscoWorks 2000 53-4
CIST
description 18-22
civic location 27-3
class level, configure in a service policy 37-83
class-map command 37-29
class of service
See CoS
clear cdp counters command 26-4
clear cdp table command 26-3
clear counters command 6-31
clearing
IP multicast table entries 33-29
clear ip eigrp neighbors command 30-19
clear ip flow stats command 54-9
CLI
accessing 2-2
backing out one level 2-5
getting commands 2-5
history substitution 2-4
managing clusters 12-13
modes 2-5
monitoring environments 51-1
ROM monitor 2-7
software basics 2-4
clients
in 802.1X authentication 40-3
clock
See system clock
clustering switches
command switch characteristics
and VTY 12-12
convert to a community 12-10
managing
through CLI 12-13
overview 12-2
planning considerations
CLI 12-13
passwords 12-8
CoA Request Commands 40-93
command-line processing 2-3
command modes 2-5
commands
b 62-3
b flash 62-3
boot 62-3
confreg 62-3
dev 62-3
dir device 62-3
frame 62-5
i 62-3
listing 2-5
meminfo 62-5
reset 62-3
ROM monitor 62-2 to 62-3
ROM monitor debugging 62-5
SNMP 63-4
sysret 62-5
command switch, cluster
requirements 12-11
common and internal spanning tree
See CIST
common spanning tree
See CST
community of switches
access modes in Network Assistant 12-9
adding devices 12-9
communication protocols 12-9
community name 12-8
configuration information 12-9
converting from a cluster 12-10
host name 12-8
passwords 12-8
community ports 39-3
community strings
configuring 53-7
overview 53-4
community VLANs 39-2, 39-3
and SPAN features 39-12
configure as a PVLAN 39-13
compiling MIBs 63-4
config-register command 3-29
config terminal command 3-9
configurable leave timer,IGMP 23-4
configuration examples
SNMP 53-15
configuration files
limiting TFTP server access 53-15
obtaining with DHCP 3-6
saving 3-10
system contact and location information 53-14
configuration guidelines
CFM 55-8, 56-4
Ethernet OAM 55-20
REP 20-7
SNMP 53-6
VLAN mapping 25-10
configuration register
boot fields
listing value 3-29
modifying 3-28
changing from ROM monitor 62-3
changing settings 3-28 to 3-29
configuring 3-26
settings at startup 3-27
configure class-level queue-limit in a service policy 37-83
configure terminal command 3-29, 6-2
configuring access-group mode on Layer 2 interface 47-38
configuring flow control 6-20
configuring interface link and trunk status envents 6-32
configuring named IPv6 ACLs 47-22
configuring named MAC extended ACLs 47-20, 47-21
configuring unicast MAC address filtering 47-19
configuring VLAN maps 47-24
confreg command 62-3
Connectivity Fault Management
See CFM
console configuration mode 2-5
console download 62-4 to 62-5
console port
disconnecting user sessions 7-7
monitoring user sessions 7-6
contact information
assigning for call home 57-4
controlling switch access with RADIUS 40-89
Control Plane Policing
and Layer 2 Control packet QoS, configuration example 44-14
configuration guidelines and restrictions 44-8
configuring for control plane traffic 44-4
configuring for data plane and management plan traffic 44-6
defaults 44-4
general guidelines 44-3
monitoring 44-9
understanding 44-2
control protocol, IP SLAs 58-4
convergence
REP 20-4
copy running-config startup-config command 3-10
copy system:running-config nvram:startup-config command 3-31
CoS
definition 37-4
figure 37-2
overriding on Cisco IP Phones 38-5
priority 38-5
CoS Mutation
configuring 37-37
CoS-to-DSCP maps 37-54
CoS value, configuring for an interface 37-50
counters
clearing MFIB 33-29
clearing on interfaces 6-31
CPU, impact of ACL processing 47-18
CPU port sniffing 51-10
crashfiles information, archiving 2-8
Critical Authentication
configure with 802.1X 40-59
crosscheck, CFM 55-7, 55-11
CST
description 18-25
IST and 18-22
MST and 18-22
customer edge devices 36-2
C-VLAN 1-2, 25-7
D
database agent
configuration examples 45-16
enabling the DHCP Snooping 45-13
daylight saving time 4-13
debug commands, ROM monitor 62-5
default configuration
802.1X 40-27
auto-QoS 37-58
banners 4-18
CFM 55-8
DNS 4-16
Ethernet OAM 55-20
IGMP filtering 23-20
IGMP snooping 24-5, 24-6
IP SLAs 58-7
IPv6 47-7
Layer 2 protocol tunneling 25-16
LLDP 27-4
MAC address table 4-21
multi-VRF CE 36-3
NTP 4-4
private VLANs 39-11
RADIUS 40-96
REP 20-7
resetting the interface 6-34
RMON 59-3
SNMP 53-5
SPAN and RSPAN 51-6
system message logging 52-3
TACACS+ 3-18
VLAN mapping 25-9
default gateway
configuring 3-11
verifying configuration 3-11
default settings, erase commad 3-32
default web-based authentication configuration
802.1X 42-6
denial-of-service attacks
IP address spoofing, mitigating 32-5
Unicast RPF, deploying 32-5
denying access to a server on another VLAN 47-30
deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports 6-11, 6-13
deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports on WS-X4606-10GE-E and Sup 6-E 6-13
description command 6-20
dev command 62-3
device discovery protocol 27-1
device IDs
call home format 57-21, 57-22
DHCP
configuring
rate limit for incoming packets 45-14
denial-of-service attacks, preventing 45-14
rate limiting of packets
configuring 45-14
DHCP-based autoconfiguration
client request message exchange 3-3
configuring
client side 3-3
DNS 3-5
relay device 3-5
server-side 3-4
TFTP server 3-4
example 3-7
lease options
for IP address information 3-4
for receiving the configuration file 3-4
overview 3-2
relationship to BOOTP 3-3
DHCP option 82
identifying a port with 34-4
overview 45-4
DHCP Snooping
enabling, and Option 82 45-10
DHCP snooping
accepting untrusted packets form edge switch 45-10
configuring 45-6
default configuration 45-7
displaying binding tables 45-19
displaying configuration 45-19
displaying information 45-19
enabling 45-8
enabling on private VLAN 45-12
enabling on the aggregation switch 45-10
enabling the database agent 45-13
message exchange process 45-4
monitoring 45-23
option 82 data insertion 45-4
overview 45-1
Snooping database agent 45-2
DHCP Snooping Database Agent
adding to the database (example) 45-18
enabling (example) 45-16
overview 45-2
reading from a TFTP file (example) 45-17
Diagnostics
online 60-1
Power-On-Self-Test
causes of failure 60-21
how it works 60-10
overview 60-10
Power-On-Self-Test for Supervisor Engine V-10GE 60-15
Differentiated Services Code Point values
See DSCP values
DiffServ architecture, QoS 37-2
Digital optical monitoring transceiver support 6-16
dir device command 62-3
disabled state
RSTP comparisons (table) 18-24
disabling
broadcast storm control 50-6
disabling multicast storm control 50-7
disconnect command 7-7
discovery, clusters
See automatic discovery
discovery, Ethernet OAM 55-19
displaying
Auth Manager sumary for an interface 40-110
MAB details 40-113
summary of all Auth manager sessions 40-110
summary of all Auth manager sessions on the switch authorized for a specified authentication method 40-111
displaying EtherChannel to a Virtual Switch System 22-14
displaying storm control 50-8
display PoE consumed by a module 11-8
DNS
and DHCP-based autoconfiguration 3-5
default configuration 4-16
displaying the configuration 4-17
overview 4-15
setting up 4-16
domain names
DNS 4-15
Domain Name System
See DNS
double-tagged packets
802.1Q tunneling 25-2
Layer 2 protocol tunneling 25-15
downloading MIBs 63-3, 63-4
drop threshold for Layer 2 protocol packets 25-16
DSCP maps 37-54
DSCP-to-CoS maps
configuring 37-56
DSCP values
configuring maps 37-54
definition 37-4
IP precedence 37-3
mapping markdown 37-19
mapping to transmit queues 37-52
DSCP values, configuring port value 37-50
DTP
VLAN trunks and 15-3
duplex command 6-19
duplex mode
configuring interface 6-17
dynamic ARP inspection
ARP cache poisoning 46-2
configuring
ACLs for non-DHCP environments 46-11
in DHCP environments 46-5
log buffer 46-14
rate limit for incoming ARP packets 46-16
denial-of-service attacks, preventing 46-16
interface trust state, security coverage 46-3
log buffer
configuring 46-14
logging of dropped packets 46-4
overview 46-1
port channels, their behavior 46-5
priority of static bindings 46-4
purpose of 46-2
rate limiting of ARP packets 46-4
configuring 46-16
validation checks, performing 46-19
dynamic buffer limiting
globally 37-24
on specific CoS values 37-26
on specific IP DSCP values 37-25
Dynamic Host Configuration Protocol snooping
See DHCP snooping
dynamic port VLAN membership
example 13-29
limit on hosts 13-29
reconfirming 13-26
troubleshooting 13-29
Dynamic Trunking Protocol
See DTP
E
EAP frames
changing retransmission time 40-80
exchanging (figure) 40-5, 40-7, 40-14
request/identity 40-4
response/identity 40-4
setting retransmission number 40-81
EAPOL frames
802.1X authentication and 40-3
OTP authentication, example (figure) 40-5, 40-14
start 40-4
edge ports
description 18-27
EGP
overview 1-11
EIGRP
configuration examples 30-19
monitoring and maintaining 30-19
EIGRP (Enhanced IGRP)
stub routing
benefits 30-17
configuration tasks 30-18
configuring 30-14
overview 30-14
restrictions 30-17
verifying 30-18
EIGRP (enhanced IGRP)
overview 1-12
eigrp stub command 30-18
EIGRP stub routing, configuring 30-13
ELIN location 27-3
e-mail addresses
assigning for call home 57-4
e-mail notifications
Call Home 1-17, 57-2
Embedded CiscoView
displaying information 4-39
installing and configuring 4-36
overview 4-36
emergency alarms on Sup Engine 6-E systems 10-3
enable command 3-9, 3-28
enable mode 2-5
enabling or disabling QOS on an interface 37-47
enabling SNMP 63-4, 63-5
encapsulation types 15-3
Enhanced Interior Gateway Routing Protocol
See EIGRP
Enhanced PoE support on E-series 11-16
environmental conditions
Sup Engine 6-E 10-3
Sup Engines II-Plus to V-10GE 10-2
environmental monitoring
using CLI commands 10-1
EPM logging 40-113
EtherChannel
channel-group group command 22-8, 22-10
configuration guidelines 22-5
configuring 22-6 to 22-14
configuring Layer 2 22-9
configuring Layer 3 22-6
displaying to a virtual switch system 22-14
interface port-channel command 22-7
lacp system-priority
command example 22-12
modes 22-3
overview 22-2
PAgP
Understanding 22-3
physical interface configuration 22-7
port-channel interfaces 22-2
port-channel load-balance command 22-13
removing 22-14
removing interfaces 22-13
EtherChannel guard
disabling 21-7
enabling 21-6
overview 21-6
Ethernet infrastructure 55-1
Ethernet management port
and routing 6-6
and routing protocols 6-6
configuring 6-10
default setting 6-6
described 1-19, 6-6
for network management 1-19, 6-6
specifying 6-10
supported features 6-9
unsupported features 6-10
Ethernet management port, internal
and routing protocols 6-6
Ethernet Management Port, using 6-6
Ethernet OAM 55-19
and CFM interaction 55-35
configuration guidelines 55-20
default configuration 55-20
discovery 55-19
enabling 55-21
link monitoring 55-19, 55-24
manager 55-1
messages 55-20
protocol
defined 55-19
monitoring 55-33
remote failure indications 55-19
remote loopback 55-20, 55-22
templates 55-29
Ethernet OAM protocol CFM notifications 55-35
Ethernet operation, administration, and maintenance
See Ethernet OAM
event triggers, user-defined
configuring, 802.1X-based 17-7
configuring, MAC address-based 17-8
explicit host tracking
enabling 23-11
extended range VLANs
See VLANs
Extensible Authentication Protocol over LAN 40-2
Exterior Gateway Protocol
See EGP
F
Fa0 port
See Ethernet management port
Fallback Authentication
configure with 802.1X 40-71
FastDrop
overview 33-11
fastethernet0 port
See Ethernet management port
Fast UDLD
configuring probe message interval 28-8
default configuration 28-4
displaying link status 28-9
enabling globally 28-5
enabling on individual interface 28-7
enabling per-interface 28-6
modes of operation 28-3
resetting disabled LAN interfaces 28-8
use case 28-2
Fast UDLD, overview 28-1
FIB
description 31-2
See also MFIB
fiber-optics interfaces
disabling UDLD 28-7
Filter-ID ACL and Per-User ACL, configureport-based authentication
configure Per-User ACL and Filter-ID ACL 40-43
filtering
in a VLAN 47-24
non-IP traffic 47-20, 47-21
flags 33-12
Flash memory
configuring router to boot from 3-31
loading system images from 3-30
security precautions 3-30
Flex Links
configuration guidelines 19-5
configuring 19-6
configuring preferred VLAN 19-9
configuring VLAN load balancing 19-8
monitoring 19-12
flooded traffic, blocking 49-2
flowchart, traffic marking procedure 37-72
flow control, configuring 6-20
For 11-14
forward-delay time (STP)
configuring 18-19
forwarding information base
See FIB
frame command 62-5
G
gateway
See default gateway
get-bulk-request operation 53-3
get-next-request operation 53-3, 53-4
get-request operation 53-3, 53-4
get-response operation 53-3
Gigabit Ethernet SFP ports
deploy with 10-Gigabit Ethernet 6-11, 6-13
global configuration mode 2-5
Guest-VLANs
configure with 802.1X 40-54
H
hardware and software ACL support 47-6
hardware switching 31-5
hello time (STP)
configuring 18-17
hierarchical policers, configuring 37-42
high CPU due to ACLs, troubleshooting 47-12
history
CLI 2-4
history table, level and number of syslog messages 52-9
hop counts
configuring MST bridges 18-28
host
limit on dynamic port 13-29
host ports
kinds of 39-3
host presence CDP message 40-9
Hot Standby Routing Protocol
See HSRP
HSRP
description 1-10
http
//www.cisco.com/en/US/docs/ios/12_4/ip_sla/configuration/guide/hsla_c.html 58-1, 58-4, 58-6, 58-7
//www.cisco.com/en/US/docs/ios/fundamentals/command reference/cf_book.html 52-1, 53-1, 59-1
hw-module module num power command 10-21
I
ICMP
enabling 7-12
ping 7-8
running IP traceroute 7-9
time exceeded messages 7-9
ICMP Echo operation
configuring 58-12
IP SLAs 58-11
i command 62-3
IDS
using with SPAN and RSPAN 51-2
IEEE 802.1ag 55-2
IEEE 802.1s
See MST
IEEE 802.1w
See MST
IEEE 802.3ad
See LACP
IEEE 802.3ah Ethernet OAM discovery 55-1
IGMP
configurable-leave timer 23-4
description 33-3
enabling 33-14
explicit host tracking 23-4
immediate-leave processing 23-3
leave processing, enabling 24-8
overview 23-1
report suppression
disabling 24-10
IGMP filtering
configuring 23-21
default configuration 23-20
described 23-20
monitoring 23-24
IGMP groups
setting the maximum number 23-23
IGMP Immediate Leave
configuration guidelines 23-9
IGMP profile
applying 23-22
configuration mode 23-21
configuring 23-21
IGMP Snooping
configure
leave timer 23-9
configuring
Learning Methods 23-7
static connection to a multicast router 23-8
configuring host statically 23-11
enabling
Immediate-Leave processing
explicit host tracking 23-11
suppressing multicast flooding 23-12
IGMP snooping
configuration guidelines 23-5
default configuration 24-5, 24-6
enabling
globally 23-6
on a VLAN 23-6
enabling and disabling 24-6
IP multicast and 33-4
monitoring 23-14, 24-11
overview 23-1
IGMP Snooping, displaying
group 23-16
hot membership 23-15
how to 23-15
MAC address entries 23-18
multicast router interfaces 23-17
on a VLAN interface 23-18
Querier information 23-19
IGMPSnooping Querier, configuring 23-10
IGRP
description 1-12
Immediate Leave, IGMP
enabling 24-8
immediate-leave processing
enabling 23-8
IGMP
See fast-leave processing
ingress packets, SPAN enhancement 51-12
inline power
configuring on Cisco IP phones 38-5
insufficient inline power handling for Supervisor Engine II-TS 10-19
Intelligent Power Management 11-4
interacting with Baby Giants 6-25
interface command 3-9, 6-2
interface configuration
REP 20-9
interface link and trunk status events
configuring 6-32
interface port-channel command 22-7
interface range command 6-4
interface range macro command 6-10
interfaces
adding descriptive name 6-19
clearing counters 6-31
configuring 6-2
configuring ranges 6-4
displaying information about 6-30
Layer 2 modes 15-4
maintaining 6-30
monitoring 6-30
naming 6-19
numbers 6-2
overview 6-2
restarting 6-31
See also Layer 2 interfaces
using the Ethernet Management Port 6-6
Interior Gateway Routing Protocol
See IGRP
Internet Control Message Protocol
See ICMP
Internet Group Management Protocol
See IGMP
Internet Protocol version 6
See IPv6
Inter-Switch Link encapsulation
See ISL encapsulation
Intrusion Detection System
See IDS
inventory management TLV 27-3, 27-8
IOS shell
See Auto SmartPorts macros
IP
configuring default gateway 3-11
configuring static routes 3-11
displaying statistics 31-8
flow switching cache 54-9
IP addresses
128-bit 47-2
cluster candidate or member 12-12
cluster command switch 12-11
discovering 4-35
IPv6 47-2
ip cef command 31-6, 60-2
IP Enhanced IGRP
interfaces, displaying 30-19
ip flow-aggregation cache destination-prefix command 54-11
ip flow-aggregation cache prefix command 54-11
ip flow-aggregation cache source-prefix command 54-12
ip flow-export command 54-9
ip icmp rate-limit unreachable command 7-13
ip igmp profile command 23-21
ip igmp snooping tcn flood command 23-13
ip igmp snooping tcn flood query count command 23-14
ip igmp snooping tcn query solicit command 23-14
IP information
assigned
through DHCP-based autoconfiguration 3-2
ip load-sharing per-destination command 31-7
ip local policy route-map command 35-8
ip mask-reply command 7-14
IP MTU sizes,configuring 30-9
IP multicast
clearing table entries 33-29
configuring 33-13
default configuration 33-13
displaying PIM information 33-24
displaying the routing table information 33-24
enabling dense-mode PIM 33-15
enabling sparse-mode 33-15
features not supported 33-13
hardware forwarding 33-9
IGMP snooping and 23-5, 33-4
overview 33-1
routing protocols 33-2
software forwarding 33-9
See also Auto-RP; IGMP; PIM; RP; RPF
IP multicast routing
enabling 33-14
monitoring and maintaining 33-24
ip multicast-routing command 33-14
IP multicast traffic, load splitting 33-23
IP phones
automatic classification and queueing 37-58
configuring voice ports 38-3
See Cisco IP Phones 38-1
trusted boundary for QoS 37-22
ip pim command 33-15
ip pim dense-mode command 33-15
ip pim sparse-dense-mode command 33-16
ip policy route-map command 35-7
IP Port Security for Static Hosts
on a Layer 2 access port 45-25
on a PVLAN host port 45-28
overview 45-24
ip redirects command 7-13
ip route-cache flow command 54-7
IP routing tables
deleting entries 33-29
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 58-1
IP SLAs
benefits 58-3
CFM endpoint discovery 55-15
Control Protocol 58-4
default configuration 58-7
definition 58-1
ICMP echo operation 58-11
manually configuring CFM ping or jitter 55-13
measuring network performance 58-3
multioperations scheduling 58-6
operation 58-4
responder
described 58-4
enabling 58-8
response time 58-5
scheduling 58-6
SNMP support 58-3
supported metrics 58-3
threshold monitoring 58-6
UDP jitter operation 58-9
IP Source Guard
configuring 45-21
configuring on private VLANs 45-22
displaying 45-22, 45-23
overview 45-23
IP statistics
displaying 31-8
IP traceroute
executing 7-9
overview 7-9
IP unicast
displaying statistics 31-8
IP Unnumbered support
configuring on a range of Ethernet VLANs 14-5
configuring on LAN and VLAN interfaces 14-4
configuring with connected host polling 14-6
DHCP Option 82 14-2
displaying settings 14-7
format of agent remote ID suboptions 14-3
troubleshooting 14-8
with conected host polling 14-3
with DHCP server and Relay agent 14-2
ip unreachables command 7-12
IPv4, IPv6, and MAC ACLs, configuring on a Layer 2 interface 47-37
IPv6
addresses 47-2
default configuration 47-7
defined 1-14, 47-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 47-6
Router ID 47-6
OSPF 47-6
IPv6 control traffic, policing 44-16
IPX
redistribution of route information with EIGRP 1-12
is 25-19
ISL
encapsulation 15-3
trunking with 802.1Q tunneling 25-4
isolated port 39-3
isolated VLANs 39-2, 39-3, 39-4
ISSU
compatibility matrix 5-12
compatiblity verification using Cisco Feature Navigator 5-13
description 1-14
NSF overview 5-3
perform the process
aborting a software upgrade 5-24
configuring the rollback timer as a safeguard 5-25
displaying a compatibility matrix 5-26
loading the new software on the new standby 5-22
stopping the rollback timer 5-21
switching to the standby 5-19
verify the ISSU state 5-16
verify the redundancy mode 5-14
verify the software installation 5-14
vload the new software on standby 5-16
prerequisites 5-1
process overview 5-6
restrictions 5-1
SNMP support 5-13
SSO overview 5-3
versioning capability in software to support 5-11
IST
and MST regions 18-22
description 18-22
master 18-27
J
jumbo frames
and ethernet ports 6-24
configuring MTU sizes for 6-25
ports and linecards that support 6-22
understanding MTUs 6-23
understanding support 6-23
VLAN interfaces 6-24
K
keyboard shortcuts 2-3
L
l2protocol-tunnel command 25-17
labels, definition 37-4
LACP
system ID 22-4
Layer 2 access ports 15-8
Layer 2 Control Packet QoS
and CoPP configuration example 44-14
default configuation 44-11
disabling 44-13
enabvling 44-12
guideline and restrictions 44-16
understanding 44-11
Layer 2 frames
classification with CoS 37-2
Layer 2 interface
applying ACLs 47-38
configuring access-mode mode on 47-38
configuring IPv4, IPv6, and MAC ACLs 47-37
displaying an ACL configuration 47-39
Layer 2 interfaces
assigning VLANs 13-7
configuring 15-5
configuring as PVLAN host ports 39-17
configuring as PVLAN promiscuous ports 39-16
configuring as PVLAN trunk ports 39-18
defaults 15-5
disabling configuration 15-9
modes 15-4
show interfaces command 15-7
Layer 2 interface type
resetting 39-22
setting 39-22
Layer 2 protocol tunneling
default configuration 25-16
guidelines 25-16
Layer 2 switching
overview 15-1
Layer 2 Traceroute
and ARP 7-11
and CDP 7-10
host-to-host paths 7-10
IP addresses and subnets 7-11
MAC addresses and VLANs 7-10
multicast traffic 7-10
multiple devices on a port 7-11
unicast traffic 1-28, 7-10
usage guidelines 7-10
Layer 2 trunks
configuring 15-6
overview 15-3
Layer 3 interface, applying IPv6 ACLs 47-23
Layer 3 interface counters,configuring 30-10
Layer 3 interface counters,understanding 30-3
Layer 3 interfaces
changing from Layer 2 mode 36-7
configuration guidelines 30-5
configuring VLANs as interfaces 30-7
overview 30-1
counters 30-3
logical 30-2
physical 30-2
SVI autostate exclude 30-3
Layer 3 packets
classification methods 37-3
Layer 4 port operations
configuration guidelines 47-17
restrictions 47-16
Leave timer, enabling 23-9
limitations on using a TwinGig Convertor 6-14
link and trunk status events
configuring interface 6-32
link integrity, verifying with REP 20-3
Link Layer Discovery Protocol
See CDP
link monitoring, Ethernet OAM 55-19, 55-24
link-state tracking
configuration guidelines 22-20
default configuration 22-20
described 22-17
displaying status 22-21
generic configuration procedure 22-20
link status, displaying UDLD 28-9
listening state (STP)
RSTP comparisons (table) 18-24
LLDP
configuring 27-4
characteristics 27-5
default configuration 27-4
disabling and enabling
globally 27-6
on an interface 27-7
monitoring and maintaining 27-13
overview 27-1
transmission timer and holdtime, setting 27-5
LLDP-MED
configuring
procedures 27-4
TLVs 27-8, 27-10
monitoring and maintaining 27-13
overview 27-1
supported TLVs 27-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing
configuring for CEF 31-7
configuring for EtherChannel 22-12
overview 22-5, 31-6
per-destination 31-7
load splitting IP multicast traffic 33-23
Location Service
overview 27-1
location service
configuring 27-11
understanding 27-3
location TLV 27-3, 27-8
logging, EPM 40-113
Logical Layer 3 interfaces
configuring 30-6
logical layer 3 VLAN interfaces 30-2
login authentication
with RADIUS 40-99
with TACACS+ 3-19
login banners 4-17
login timer
changing 7-6
logoutwarning command 7-6
loop guard
and MST 18-23
configuring 21-5
overview 21-3
M
MAC/PHY configuration status TLV 27-2
MAC addresses
aging time 4-21
allocating 18-6
and VLAN association 4-20
building tables 4-20, 15-2
convert dynamic to sticky secure 43-5
default configuration 4-21
disabling learning on a VLAN 4-30
discovering 4-35
displaying 7-3
displaying in DHCP snooping binding table 45-19
dynamic
learning 4-20
removing 4-22
in ACLs 47-20
static
adding 4-28
allowing 4-29
characteristics of 4-27
dropping 4-29
removing 4-28
sticky 43-4
sticky secure, adding 43-5
MAC address learning, disabling on a VLAN 4-30
confuguring 4-30
deployment scenarios 4-31
feature compatibility 4-33
feature incompatibility 4-34
feature inompatibility 4-34
usage guidelines 4-31
MAC address table
displaying 4-35
MAC address-table move update
configuration guidelines 19-9
configuring 19-10
monitoring 19-12
MAC Authentication Bypass
configure with 802.1X 40-57
MAC details, displaying 40-113
MAC extended access lists 47-20
macros
See Auto SmartPorts macros
See Auto Smartports macros
See Smartports macros
main-cpu command 8-7
Maintenance end points
See MEPs
Maintenance intermediate points
See MIPs
management address TLV 27-2
management options
SNMP 53-1
Management Port, Ethernet 6-6
manual preemption, REP, configuring 20-12
mapping
DSCP markdown values 37-19
DSCP values to transmit queues 37-52
mapping tables
configuring DSCP 37-54
described 37-15
marking
hardware capabilities 37-74
marking action drivers 37-72
marking network traffic 37-69
marking support, multi-attribute 37-73
mask destination command 54-11
mask source command 54-11, 54-12
Match CoS for non-IPV4 traffic
configuring 37-31
match ip address command 35-6
maximum aging time (STP)
configuring 18-18
MDA
configuration guidelines 40-23 to ??
described 40-23
members
automatic discovery 12-7
member switch
managing 12-13
member switch, cluster
defined 12-2
meminfo command 62-5
MEPs
defined 55-4
messages, Ethernet OAM 55-20
messages, to users through banners 4-17
Metro features
Ethernet CFM, introduction 1-3
Ethernet OAM Protocol, introduction 1-3
Flex Link and MAC Address-Table Move Update, introduction 1-3
Y.1731 (AIS and RDI), introduction 1-9
metro tags 25-2
MFIB
CEF 33-5
overview 33-12
MFIB, IP
displaying 33-27
MIBs
compiling 63-4
downloading 63-3, 63-4
overview 53-1
related information 63-3
SNMP interaction with 53-4
MIPs
defined 55-5
MLD Done messages and Immediate-leave 24-4
MLD messages 24-2
MLD queries 24-3
MLD reports 24-4
MLD Snooping
MLD Done messages and Immediate-leave 24-4
MLD messages 24-2
MLD queries 24-3
MLD reports 24-4
Multicast client aging robustness 24-3
Multicast router discovery 24-3
overview 24-1
Mode of capturing control packets, selecting 47-13
modules
checking status 7-1
powering down 10-21
monitoring
802.1Q tunneling 25-19
ACL information 47-42
Ethernet CFM 55-18
Ethernet OAM 55-33
Ethernet OAM protocol 55-33
Flex Links 19-12
IGMP
snooping 24-11
IGMP filters 23-24
IGMP snooping 23-14
Layer 2 protocol tunneling 25-19
MAC address-table move update 19-12
multicast router interfaces 24-11
multi-VRF CE 36-17
REP 20-13
traffic flowing among switches 59-1
tunneling 25-19
VLAN filters 47-31
VLAN maps 47-31
M-record 18-23
MST
and multiple spanning trees 1-5, 18-22
boundary ports 18-27
BPDUs 18-23
configuration parameters 18-26
configuring 18-29
displaying configurations 18-33
edge ports 18-27
enabling 18-29
hop count 18-28
instances
configuring parameters 18-32
description 18-23
number supported 18-26
interoperability with PVST+ 18-23
link type 18-28
master 18-27
message age 18-28
regions 18-26
restrictions 18-29
to-SST interoperability 18-24
MSTP
EtherChannel guard
enabling 21-6
M-record 18-23
M-tree 18-23
M-tree 18-23
MTUS
understanding 6-23
MTU size
configuring 6-25, 6-26, 6-32, 6-33
default 13-5
Multi-authentication
described 40-23
multiauthentication mode 40-9
multicast
See IP multicast
Multicast client aging robustness 24-3
multicast groups
static joins 24-7
multicast packets
blocking 49-2
Multicast router discovery 24-3
multicast router interfaces, displaying 23-17
multicast router interfaces, monitoring 24-11
multicast router ports, adding 24-7
multicast routers
flood suppression 23-12
multicast router table
displaying 33-24
Multicast Storm Control
enabling 50-4
disabling 50-7
suppression on Sup 6-E 50-5
suppression on WS-X4014 50-5
suppression on WS-X4016 50-6
WS-X4515, WS-X4014, and WS-X4013+ Sup Engs 50-5
WS-X4516 Sup Eng 50-6
multidomain authentication
See MDA
multidomain authentication mode 40-8
multioperations scheduling, IP SLAs 58-6
Multiple AuthorizationAuthentication
configuring 40-33
Multiple Domain Authentication 40-33
multiple forwarding paths 1-5, 18-22
multiple-hosts mode 40-8
Multiple Spanning Tree
See MST
multiple VPN routing/forwarding
See multi-VRF CE
multi-VRF CE
components 36-3
configuration example 36-13
default configuration 36-3
defined 36-1
displaying 36-17
monitoring 36-17
network components 36-3
packet-forwarding process 36-3
N
named aggregate policers, creating 37-27
named IPv6 ACLs, configuring
ACLs
configuring named IPv6 ACLs 47-22
named MAC extended ACLs
ACLs
configuring named MAC extended 47-20, 47-21
native VLAN
and 802.1Q tunneling 25-4
specifying 15-6
NEAT
configuring 40-82
overview 40-24
neighbor offset numbers, REP 20-4
NetFlow
aggregation
minimum mask,default value 54-11
destination-prefix aggregation
configuration (example) 54-16
minimum mask, configuring 54-11
IP
flow switching cache 54-9
prefix aggregation
configuration (example) 54-14
minimum mask, configuring 54-11
source-prefix aggregation
minimum mask, configuring 54-11
switching
checking for required hardware 54-6
configuration (example) 54-13
configuring switched IP flows 54-8
enabling Collection 54-7
exporting cache entries 54-9
statistics 54-9
NetFlow statistics
caveats on supervisor 54-6
checking for required hardware 54-6
configuring collection 54-6
enabling Collection 54-7
exporting cache entries 54-9
overview of collection 54-2
switched/bridged IP flows 54-8
Network Assistant
and VTY 12-12
configure
enable communication with switch 12-13, 12-17
default configuration 12-2
overview of CLI commands 12-3
Network Edge Access Topology
See NEAT
network fault tolerance 1-5, 18-22
network management
configuring 26-1
RMON 59-1
SNMP 53-1
network performance, measuring with IP SLAs 58-3
network policy TLV 27-2, 27-8
Network Time Protocol
See NTP
network traffic, marking 37-69
New Software Features in Release 7.7
TDR 7-3
Next Hop Resolution Protocol
See NHRP
NHRP
support 1-12
non-fiber-optics interfaces
disabling UDLD 28-7
non-IP traffic filtering 47-20, 47-21
non-RPF traffic
description 33-10
in redundant configurations (figure) 33-11
Nonstop Forwarding
See NSF
nonvolatile random-access memory
See NVRAM
normal-range VLANs
See VLANs
NSF
defined 9-1
guidelines and restrictions 9-9
operation 9-5
NSF-aware
supervisor engines 9-3
support 9-2
NSF-capable
supervisor engines 9-3
support 9-2
NSF with SSO supervisor engine redundancy
and CEF 9-5
overview 9-4
SSO operation 9-4
NTP
associations
authenticating 4-4
defined 4-2
enabling broadcast messages 4-7
peer 4-6
server 4-6
default configuration 4-4
displaying the configuration 4-11
overview 4-2
restricting access
creating an access group 4-9
disabling NTP services per interface 4-10
source IP address, configuring 4-10
stratum 4-2
synchronizing devices 4-6
time
services 4-2
synchronizing 4-2
NVRAM
saving settings 3-10
O
OAM
client 55-19
features 55-19
sublayer 55-19
OAM manager
with CFM and Ethernet OAM 55-35
OAM PDUs 55-21
OAM protocol data units 55-19
OIR
overview 6-29
on-demaind online diagnostics 60-2
online diagnostic
troubleshooting 60-8
Online Diagnostics 60-1
online diagnostics
configuring on-demaind 60-2
data path, displaying test results 60-7
displaying tests and test results 60-4
linecard 60-8
scheduling 60-2
starting and stopping tests 60-3
online insertion and removal
See OIR
Open Shortest Path First
See OSPF
operating system images
See system images
Option 82
enabling DHCP Snooping 45-10
OSPF
area concept 1-13
description 1-13
for IPv6 47-6
P
packets
modifying 37-17
software processed
and QoS 37-17
packet type filtering
overview 51-15
SPAN enhancement 51-15
PACL
using with access-group mode 47-37
PACL configuration guidelines 47-35
PACL with VLAN maps and router ACLs 47-39
PAgP
understanding 22-3
passwords
configuring enable password 3-14
configuring enable secret password 3-14
encrypting 3-22
in clusters 12-8
recovering lost enable password 3-25
setting line password 3-14
PBR (policy-based routing)
configuration (example) 35-8
enabling 35-6
features 35-2
overview 35-1
route-map processing logic 35-3
route-map processing logic example 35-4
route maps 35-2
when to use 35-5
per-port and VLAN Access Control List 45-20
per-port per-VLAN QoS
enabling 37-44
overview 37-17
Per-User ACL and Filter-ID ACL, configure 40-43
Per-VLAN Rapid Spanning Tree 18-6
enabling 18-20
overview 18-6
PE to CE routing, configuring 36-12
physical layer 3 interfaces 30-2
Physical Layer 3 interfaces, configuring 30-12
PIM
configuring dense mode 33-15
configuring sparse mode 33-15
displaying information 33-24
displaying statistics 33-28
enabling sparse-dense mode 33-15, 33-16
overview 33-3
PIM-DM 33-3
PIM on an interface, enabling 33-14
PIM-SM 33-4
PIM-SSM mapping, enabling 33-17
ping
executing 7-8
overview 7-8
ping command 7-8, 33-24
PoE 11-8
configuring power consumption for single device 11-6
configuring power consumption for switch 11-5
Enhanced PoE support on E-series 11-16
policing and monitoring 11-12
power consumption for powered devices
Intelligent Power Management 11-4
powering down a module 10-21
power management modes 11-2
show interface status 11-7
PoE policing
configuring errdisable recovery 11-15
configuring on an interface 11-13
displaying on an interface 11-14
power modes 11-13
point-to-point
in 802.1X authentication (figure) 40-3
police command 37-34
policed-DSCP map 37-55
policers
description 37-6
types of 37-10
policies
See QoS policies
policing
how to implement 37-69
See QoS policing
policing, PoE 11-12
policing IPv6 control traffic 44-16
policy associations, QoS on Sup 6-E 37-86
policy-map command 37-29, 37-32
policy map marking action, configuring 37-74
policy maps
attaching to interfaces 37-36
configuring 37-32
port ACLs
and voice VLAN 47-5
defined 47-3
Port Aggregation Protocol
see PAgP
port-based authentication
802.1X with voice VLAN 40-22
Authentication Failed VLAN assignment 40-18
authentication server
defined 42-2
changing the quiet period 40-79
client, defined 40-3, 42-2
configuration guidelines 40-28, 42-7
configure ACL assignments and redirect URLs 40-37
configure switch-to-RADIUS server communication 40-32
configure with Authentication Failed 40-67
configure with Critical Authentication 40-59
configure with Guest-VLANs 40-54
configure with MAC Authentication Bypass 40-57
configure with VLAN User Distribution 40-64
configure with Voice VLAN 40-69
configuring
Multiple Domain Authentication and Multiple Authorization 40-33
RADIUS server 42-10
RADIUS server parameters on the switch 42-9
configuring Fallback Authentication 40-71
configuring Guest-VLAN 40-32
configuring manual re-authentication of a client 40-88
configuring with Unidirectional Controlled Port 40-62
controlling authorization state 40-5
default configuration 40-27, 42-6
described 40-1
device roles 40-2, 42-2
displaying statistics 40-109, 42-15
enabling 40-28
802.1X authentication 42-9
enabling multiple hosts 40-77
enabling periodic re-authentication 40-76
encapsulation 40-3
host mode 40-7
initiation and message exchange 40-4
method lists 40-28
modes 40-7
multidomain authentication 40-23
multiple-hosts mode, described 40-8
port security
multiple-hosts mode 40-8
ports not supported 40-5
pre-authentication open access 40-9
resetting to default values 40-88
setting retransmission number 40-81
setting retransmission time 40-80
switch
as proxy 42-2
switch supplicant
configuring 40-82
overview 40-24
topologies, supported 40-25
using with ACL assignments and redirect URLs 40-20
using with port security 40-19
with Critical Authentication 40-15
with Guest VLANs 40-12
with MAC Authentication Bypass 40-13
with Unidirectional Controlled Port 40-16
with VLAN assignment 40-11
with VLAN User Distribution 40-16
port-based QoS features
See QoS
port-channel interfaces
See also EtherChannel
creating 22-7
overview 22-2
port-channel load-balance
command 22-12
command example 22-12
port-channel load-balance command 22-13
port cost (STP)
configuring 18-15
port description TLV 27-2
PortFast
and MST 18-23
BPDU filter, configuring 21-10
configuring or enabling 21-16
overview 21-7
PortFast BPDU filtering
and MST 18-23
enabling 21-10
overview 21-9
port numbering with TwinGig Convertors 6-13
port priority
configuring MST instances 18-32
configuring STP 18-13
ports
blocking 49-1
checking status 7-2
dynamic VLAN membership
example 13-29
reconfirming 13-26
forwarding, resuming 49-3
REP 20-6
See also interfaces
port security
aging 43-5
and QoS trusted boundary 37-22
configuring 43-8
displaying 43-29
guidelines and restrictions 43-34
on access ports 43-7, 43-23
on private VLAN 43-15
host 43-15
over Layer 2 EtherChannel 43-34
promiscuous 43-17
topology 43-16, 43-19, 43-34
on trunk port 43-18
guidelines and restrictions 43-16, 43-19, 43-34
port mode changes 43-23
on voice ports 43-23
sticky learning 43-5
using with 802.1X 40-19
violations 43-6
with 802.1X Authentication 43-33
with DHCP and IP Source Guard 43-32
with other features 43-34
port states
description 18-5
port trust state
See trust states
port VLAN ID TLV 27-2
power
inline 38-5
power dc input command 10-18
power handling for Supervisor Engine II-TS 11-12
power inline command 11-3
power inline consumption command 11-5, 11-6
power management
Catalyst 4500 series 10-6
Catalyst 4500 Switch power supplies 10-13
Catalyst 4948 series 10-21
configuring combined mode 10-12
configuring redundant mode 10-11
overview 10-1
redundancy 10-6
power management for Catalyst 4500 Switch
combined mode 10-8
redundant mode 10-8
power management limitations in Catalyst 4500 Switch 10-9
power management mode
selecting 10-8
power management TLV 27-2, 27-8
power negotiation
through LLDP 27-10
Power-On-Self-Test diagnostics 60-10, 60-21
Power-On-Self-Test for Supervisor Engine V-10GE 60-15
power redundancy-mode command 10-12
power supplies
available power for Catalyst 4500 Switch 10-13
fixed 10-7
variable 10-7, 10-21
pre-authentication open access 40-9
pre-authentication open access. See port-based authentication.
preempt delay time, REP 20-5
primary edge port, REP 20-4
primary VLANs 39-2, 39-4
associating with secondary VLANs 39-14
configuring as a PVLAN 39-13
priority
overriding CoS of incoming frames 38-5
priority queuing, QoS on Sup 6-E 37-81
private VLAN
configure port security 43-15, 43-16
enabling DHCP Snooping 45-12
private VLANs
across multiple switches 39-4
and SVIs 39-9
benefits of 39-2
community ports 39-3
community VLANs 39-2, 39-3
default configuration 39-11
end station access to 39-2
isolated port 39-3
isolated VLANs 39-2, 39-3, 39-4
ports
community 39-3
isolated 39-3
promiscuous 39-4
primary VLANs 39-2, 39-4
promiscuous ports 39-4
secondary VLANs 39-2
subdomains 39-2
traffic in 39-8
privileged EXEC mode 2-5
privileges
changing default 3-23
configuring levels 3-23
exiting 3-24
logging in 3-24
promiscuous ports
configuring PVLAN 39-16
defined 39-4
setting mode 39-22
protocol timers 18-4
provider edge devices 36-2
pruning, VTP
See VTP pruning
pseudobridges
description 18-25
PVACL 45-20
PVID (port VLAN ID)
and 802.1X with voice VLAN ports 40-22
PVLAN promiscuous trunk port
configuring 39-10, 39-16, 39-20
PVLANs
802.1q support 39-13
across multiple switches 39-4
configuration guidelines 39-11
configure port security 43-15, 43-17, 43-19
configure port security in a wireless setting 43-34
configure port security over Layer 2 EtherChannel 43-34
configuring 39-10
configuring a VLAN 39-13
configuring promiscuous ports 39-16
host ports
configuring a Layer 2 interface 39-17
setting 39-22
overview 39-1
permitting routing, example 39-21
promiscuous mode
setting 39-22
setting
interface mode 39-22
Q
QoS
allocating bandwidth 37-52
and software processed packets 37-17
auto-QoS
configuration and defaults display 37-61
configuration guidelines 37-59
described 37-57
displaying 37-61
effects on NVRAM configuration 37-59
enabling for VoIP 37-60
basic model 37-6
burst size 37-28
classification 37-6 to 37-10
configuration guidelines 37-20
auto-QoS 37-59
configuring
auto-QoS 37-57
DSCP maps 37-54
dynamic buffer limiting 37-23
traffic shaping 37-53
trusted boundary 37-22
configuring UBRL 37-38
configuring VLAN-based on Layer 2 interfaces 37-48
creating named aggregate policers 37-27
creating policing rules 37-29
default auto configuration 37-58
default configuration 37-19
definitions 37-3
disabling on interfaces 37-36
enabling and disabling 37-47
enabling hierarchical policers 37-42
enabling on interfaces 37-36
enabling per-port per-VLAN 37-44
flowcharts 37-8, 37-13
IP phones
automatic classification and queueing 37-58
detection and trusted settings 37-22, 37-58
overview 37-2
overview of per-port per-VLAN 37-17
packet modification 37-17
port-based 37-48
priority 37-16
traffic shaping 37-17
transmit rate 37-53
trust states
trusted device 37-22
VLAN-based 37-48
See also COS; DSCP values; transmit queues
QoS active queue management
tracking queue length 37-15
QoS labels
definition 37-4
QoS mapping tables
CoS-to-DSCP 37-54
DSCP-to-CoS 37-56
policed-DSCP 37-55
types 37-15
QoS marking
description 37-5
QoS on Sup 6-E
Active Queue management via DBL 37-85
active queue management via DBL 37-79, 37-85
classification 37-67
configuring 37-64
configuring the policy map marking action 37-74
hardware capabilities for marking 37-74
how to implement policing 37-69
marking action drivers 37-72
marking network traffic 37-69
MQC-based QoS configuration 37-64
multi-attribute marking support 37-73
platform hardware capabilities 37-67
platform restrictions 37-69
platform-supported classification criteria and QoS features 37-64, 37-66
policing 37-68
policy associations 37-86
prerequisites for applying a service policy 37-67
priority queuing 37-81
queue-limiting 37-83
restrictions for applying a service policy 37-67
shaping 37-77
sharing(bandwidth) 37-79
sharing(blandwidth), shapring, and priority queuing 37-76
software QoS 37-88
traffic marking procedure flowchart 37-72
QoS policers
burst size 37-28
types of 37-10
QoS policing
definition 37-5
described 37-6, 37-10
QoS policy
attaching to interfaces 37-12
overview of configuration 37-29
QoS service policy
prerequisites 37-67
restrictions for applying 37-67
QoS transmit queues
allocating bandwidth 37-52
burst 37-17
configuring traffic shaping 37-53
mapping DHCP values to 37-52
maximum rate 37-17
overview 37-15
sharing link bandwidth 37-16
QoS transmit queues, configuring 37-51
Quality of service
See QoS
queueing 37-6, 37-15
queue-limiting, QoS on Sup 6-E 37-83
R
RADIUS
attributes
vendor-proprietary 40-107
vendor-specific 40-105
change of authorization 40-91
configuring
accounting 40-104
authentication 40-99
authorization 40-103
communication, global 40-97, 40-105
communication, per-server 40-96, 40-97
multiple UDP ports 40-97
default configuration 40-96
defining AAA server groups 40-101
displaying the configuration 40-109
identifying the server 40-96
limiting the services to the user 40-103
method list, defined 40-96
operation of 40-90
server load balancing 40-109
suggested network environments 40-89
tracking services accessed by user 40-104
understanding 40-89
RADIUS, controlling switch access with 40-89
RADIUS Change of Authorization 40-91
RADIUS server
configure to-Switch communication 40-32
configuring settings 40-33
parameters on the switch 40-32
RA Guard
configuring 47-44
deployment 47-43
examples 47-44
introduction 47-42
usage guidelines 47-45
range command 6-4
range macros
defining 6-10
ranges of interfaces
configuring 6-4
Rapid Spanning Tree
See RSTP
rcommand command 12-13
re-authentication of a client
configuring manual 40-88
enabling periodic 40-76
redirect URLs, port-based authentication 40-20
reduced MAC address 18-2
redundancy
configuring 8-7
guidelines and restrictions 8-5
changes made through SNMP 8-11
NSF-aware support 9-2
NSF-capable support 9-2
overview 8-2
redundancy command 8-7
understanding synchronization 8-4
redundancy (NSF) 9-1
configuring
BGP 9-12
CEF 9-11
EIGRP 9-17
IS-IS 9-14
OSPF 9-13
routing protocols 9-5
redundancy (RPR)
route processor redundancy 8-3
synchronization 8-5
redundancy (SSO)
redundancy command 9-10
route processor redundancy 8-3
synchronization 8-5
reload command 3-28, 3-29
Remote Authentication Dial-In User Service
See RADIUS
remote failure indications 55-19
remote loopback, Ethernet OAM 55-20, 55-22
Remote Network Monitoring
See RMON
rendezvous point, configuring 33-17
rendezvous point, configuring single static 33-21
REP
administrative VLAN 20-8
administrative VLAN, configuring 20-8
and STP 20-5
configuration guidelines 20-7
configuring interfaces 20-9
convergence 20-4
default configuration 20-7
manual preemption, configuring 20-12
monitoring 20-13
neighbor offset numbers 20-4
open segment 20-2
ports 20-6
preempt delay time 20-5
primary edge port 20-4
ring segment 20-2
secondary edge port 20-4
segments 20-1
characteristics 20-2
SNMP traps, configuring 20-13
supported interfaces 20-1
triggering VLAN load balancing 20-5
verifying link integrity 20-3
VLAN blocking 20-12
VLAN load balancing 20-4
replication
description 33-9
report suppression, IGMP
disabling 24-10
reserved-range VLANs
See VLANs
reset command 62-3
resetting an interface to default configuration 6-34
resetting a switch to defaults 3-32
Resilient Ethernet ProtocolLSee REP
responder, IP SLAs
described 58-4
enabling 58-8
response time, measuring with IP SLAs 58-5
restricting access
NTP services 4-8
RADIUS 40-89
TACACS+ 3-15
retransmission number
setting in 802.1X authentication 40-81
retransmission time
changing in 802.1X authentication 40-80
RFC
1157, SNMPv1 53-2
1305, NTP 4-2
1757, RMON 59-2
1901, SNMPv2C 53-2
1902 to 1907, SNMPv2 53-2
2273-2275, SNMPv3 53-2
RFC 5176 Compliance 40-91
RIP
description 1-13
for IPv6 47-6
RMON
default configuration 59-3
displaying status 59-6
enabling alarms and events 59-3
groups supported 59-2
overview 59-1
ROM monitor
boot process and 3-26
CLI 2-7
commands 62-2 to 62-3
debug commands 62-5
entering 62-1
exiting 62-6
overview 62-1
root bridge
configuring 18-9
selecting in MST 18-22
root guard
and MST 18-23
enabling 21-2
overview 21-2
routed packets
ACLs 47-33
route-map (IP) command 35-6
route maps
defining 35-6
PBR 35-2
router ACLs
description 47-3
using with VLAN maps 47-31
router ACLs, using PACL with VLAN maps 47-39
route targets
VPN 36-3
Routing Information Protocol
See RIP
RPF
<Emphasis>See Unicast RPF
RSPAN
configuration guidelines 51-16
destination ports 51-5
IDS 51-2
monitored ports 51-4
monitoring ports 51-5
received traffic 51-3
sessions
creating 51-17
defined 51-3
limiting source traffic to specific VLANs 51-23
monitoring VLANs 51-22
removing source (monitored) ports 51-21
specifying monitored ports 51-17
source ports 51-4
transmitted traffic 51-4
VLAN-based 51-5
RSTP
compatibility 18-23
description 18-22
port roles 18-24
port states 18-24
S
SAID
See 802.10 SAID
scheduling 37-15
defined 37-5
overview 37-6
scheduling, IP SLAs operations 58-6
secondary edge port, REP 20-4
secondary root switch 18-12
secondary VLANs 39-2
associating with primary 39-14
permitting routing 39-21
security
configuring 44-1
Security Association Identifier
See 802.10 SAID
selecting a power management mode 10-8
selecting X2/TwinGig Convertor Mode 6-14
sequence numbers in log messages 52-7
server IDs
description 57-23
service policy, configure class-level queue-limit 37-83
service-policy command 37-29
service-policy input command 29-2, 37-36
service-provider networks
and customer VLANs 25-2
set default interface command 35-7
set interface command 35-7
set ip default next-hop command 35-7
set ip next-hop command 35-6
set-request operation 53-4
severity levels, defining in system messages 52-8
shaping, QoS on Sup 6-E 37-77
sharing(bandwidth), QoS on Sup 6-E 37-79
Shell functions
See Auto SmartPorts macros
See Auto Smartports macros
Shell triggers
See Auto SmartPorts macros
See Auto Smartports macros
show adjacency command 31-9
show boot command 3-31
show catalyst4000 chassis-mac-address command 18-3
show cdp command 26-2, 26-3
show cdp entry command 26-4
show cdp interface command 26-3
show cdp neighbors command 26-4
show cdp traffic command 26-4
show ciscoview package command 4-39
show ciscoview version command 4-39
show cluster members command 12-13
show configuration command 6-19
show debugging command 26-4
show environment command 10-2
show history command 2-4
show interfaces command 6-25, 6-26, 6-30, 6-32, 6-33
show interfaces status command 7-2
show ip cache flow aggregation destination-prefix command 54-12
show ip cache flow aggregation prefix command 54-12
show ip cache flow aggregation source-prefix command 54-12
show ip cache flow command 54-9
show ip cef command 31-8
show ip eigrp interfaces command 30-19
show ip eigrp neighbors command 30-19
show ip eigrp topology command 30-19
show ip eigrp traffic command 30-19
show ip interface command 33-24
show ip local policy command 35-8
show ip mroute command 33-24
show ip pim interface command 33-24
show l2protocol command 25-18
show lldp traffic command 27-14
show mac-address-table address command 7-3
show mac-address-table interface command 7-3
show mls entry command 31-8
show module command 7-1, 18-6
show PoE consumed 11-8
show power inline command 11-7
show power inline consumption command 11-5
show power supplies command 10-12
show protocols command 6-30
show running-config command
adding description for an interface 6-19
checking your settings 3-9
displaying ACLs 47-26, 47-28, 47-37, 47-38
show startup-config command 3-10
show users command 7-7
show version command 3-29
shutdown, command 6-31
shutdown threshold for Layer 2 protocol packets 25-16
shutting down
interfaces 6-31
Simple Network Management Protocol
See SNMP
single-host mode 40-8
single spanning tree
See SST
single static RP, configuring 33-21
slot numbers, description 6-2
smart call home 57-1
description 57-2
destination profile (note) 57-5
registration requirements 57-3
service contract requirements 57-3
Transport Gateway (TG) aggregation point 57-2
SMARTnet
smart call home registration 57-3
Smartports macros
applying Cisco-default macros 16-15
applying global parameter values 16-9, 16-15, 16-16
applying macros 16-9
applying parameter values 16-9
configuration guidelines 16-6, 16-15
configuring 16-2
creating 16-8
default configuration 16-4, 16-14
defined 1-6, 16-1
displaying 16-14
tracing 16-7, 16-15
SMNP traps, and CFM 55-7
SNMP
accessing MIB variables with 53-4
agent
described 53-4
disabling 53-7
and IP SLAs 58-3
authentication level 53-10
community strings
configuring 53-7
overview 53-4
configuration examples 53-15
configuration guidelines 53-6
default configuration 53-5
enabling 63-4, 63-5
engine ID 53-6
groups 53-6, 53-9
host 53-6
informs
and trap keyword 53-11
described 53-5
differences from traps 53-5
enabling 53-14
limiting access by TFTP servers 53-15
limiting system log messages to NMS 52-9
manager functions 53-3
notifications 53-5
overview 53-1, 53-4
status, displaying 53-16
system contact and location 53-14
trap manager, configuring 53-13
traps
described 53-3, 53-5
differences from informs 53-5
enabling 53-11
enabling MAC address notification 4-22
enabling MAC move notification 4-24
enabling MAC threshold notification 4-26
overview 53-1, 53-4
types of 53-11
users 53-6, 53-9
versions supported 53-2
SNMP commands 63-4
SNMP traps
REP 20-13
SNMPv1 53-2
SNMPv2C 53-2
SNMPv3 53-2
software
upgrading 8-12
software configuration register 3-26
software QoS, on Sup 6-E 37-88
software switching
description 31-5
interfaces 31-6
key data structures used 33-8
source IDs
call home event format 57-22
SPAN
and ACLs 51-5
configuration guidelines 51-7
configuring 51-7 to 51-10
destination ports 51-5
IDS 51-2
monitored port, defined 51-4
monitoring port, defined 51-5
received traffic 51-3
sessions
defined 51-3
source ports 51-4
transmitted traffic 51-4
VLAN-based 51-5
SPAN and RSPAN
concepts and terminology 51-3
default configuration 51-6
displaying status 51-25
overview 51-1
session limits 51-6
SPAN enhancements
access list filtering 51-13
configuration example 51-16
CPU port sniffing 51-10
encapsulation configuration 51-12
ingress packets 51-12
packet type filtering 51-15
spanning-tree backbonefast command 21-16
spanning-tree cost command 18-15
spanning-tree guard root command 21-2
spanning-tree portfast bpdu-guard command 21-9
spanning-tree portfast command 21-7
spanning-tree port-priority command 18-13
spanning-tree uplinkfast command 21-13
spanning-tree vlan
command 18-9
command example 18-9
spanning-tree vlan command 18-8
spanning-tree vlan cost command 18-16
spanning-tree vlan forward-time command 18-19
spanning-tree vlan hello-time command 18-18
spanning-tree vlan max-age command 18-18
spanning-tree vlan port-priority command 18-13
spanning-tree vlan priority command 18-17
spanning-tree vlan root primary command 18-10
spanning-tree vlan root secondary command 18-12
speed
configuring interface 6-17
speed command 6-18
SSO
configuring 9-10
SSO operation 9-4
SST
description 18-22
interoperability 18-24
static ACL, removing the requirement 47-35
static addresses
See addresses
static routes
configuring 3-11
verifying 3-12
statistics
802.1X 42-15
displaying 802.1X 40-109
displaying PIM 33-28
LLDP 27-13
LLDP-MED 27-13
NetFlow accounting 54-9
SNMP input and output 53-16
sticky learning
configuration file 43-6
defined 43-5
disabling 43-6
enabling 43-5
saving addresses 43-6
sticky MAC addresses
configuring 43-8
defined 43-4
Storm Control
displaying 50-8
enabling Broadcast 50-3
enabling Multicast 50-4
hardware-based, implementing 50-2
overview 50-1
software-based, implementing 50-3
STP
and REP 20-5
bridge ID 18-2
configuring 18-7 to 18-20
creating topology 18-5
defaults 18-7
disabling 18-20
enabling 18-8
enabling extended system ID 18-9
enabling Per-VLAN Rapid Spanning Tree 18-20
EtherChannel guard
disabling 21-7
forward-delay time 18-19
hello time 18-17
Layer 2 protocol tunneling 25-13
maximum aging time 18-18
overview 18-1, 18-3
per-VLAN rapid spanning tree 18-6
port cost 18-15
port priority 18-13
root bridge 18-9
stratum, NTP 4-2
stub routing (EIGRP)
benefits 30-17
configuration tasks 30-18
configuring 30-14
overview 30-13, 30-14
restrictions 30-17
verifying 30-18
subdomains, private VLAN 39-2
summer time 4-13
supervisor engine
accessing the redundant 8-14
configuring 3-8 to 3-13
copying files to standby 8-14
default configuration 3-1
default gateways 3-11
environmental monitoring 10-1
redundancy 9-1
ROM monitor 3-26
startup configuration 3-25
static routes 3-11
synchronizing configurations 8-10
Supervisor Engine II-TS
insufficient inline power handling 10-19, 11-12
Smartports macros
See also Auto Smartports macros
SVI Autostate Exclude
understanding 30-3
SVI Autostate exclude
configuring 30-7
S-VLAN 1-2, 25-7
switch 47-2
switch access with RADIUS, controlling 40-89
switched packets
and ACLs 47-32
Switched Port Analyzer
See SPAN
switching, NetFlow
checking for required hardware 54-6
configuration (example) 54-13
configuring switched IP flows 54-8
enabling Collection 54-7
exporting cache entries 54-9
switchport
show interfaces 6-25, 6-26, 6-32, 6-33
switchport access vlan command 15-6, 15-8
switchport block multicast command 49-2
switchport block unicast command 49-2
switchport mode access command 15-8
switchport mode dot1q-tunnel command 25-6
switchport mode dynamic command 15-6
switchport mode trunk command 15-6
switch ports
See access ports
switchport trunk allowed vlan command 15-6
switchport trunk encapsulation command 15-6
switchport trunk encapsulation dot1q command 15-3
switchport trunk encapsulation isl command 15-3
switchport trunk encapsulation negotiate command 15-3
switchport trunk native vlan command 15-6
switchport trunk pruning vlan command 15-7
switch-to-RADIUS server communication
configuring 40-32
sysret command 62-5
system
reviewing configuration 3-10
settings at startup 3-27
system alarms
on Sup 2+ to V-10GE 10-5
on Sup 6-E 10-5
overview 10-4
system and network statistics, displaying 33-24
system capabilities TLV 27-2
system clock
configuring
daylight saving time 4-13
manually 4-11
summer time 4-13
time zones 4-12
displaying the time and date 4-12
overview 4-2
See also NTP
system description TLV 27-2
system images
loading from Flash memory 3-30
modifying boot field 3-27
specifying 3-30
system message logging
default configuration 52-3
defining error message severity levels 52-8
disabling 52-4
displaying the configuration 52-12
enabling 52-4
facility keywords, described 52-12
level keywords, described 52-9
limiting messages 52-9
message format 52-2
overview 52-1
sequence numbers, enabling and disabling 52-7
setting the display destination device 52-5
synchronizing log messages 52-6
timestamps, enabling and disabling 52-7
UNIX syslog servers
configuring the daemon 52-10
configuring the logging facility 52-11
facilities supported 52-12
system MTU
802.1Q tunneling 25-5
maximums 25-5
system name
manual configuration 4-15
See also DNS
system name TLV 27-2
system prompt, default setting 4-14
T
TACACS+ 44-1
accounting, defined 3-16
authentication, defined 3-16
authorization, defined 3-16
configuring
accounting 3-21
authentication key 3-18
authorization 3-21
login authentication 3-19
default configuration 3-18
displaying the configuration 3-22
identifying the server 3-18
limiting the services to the user 3-21
operation of 3-17
overview 3-15
tracking services accessed by user 3-21
tagged packets
802.1Q 25-3
Layer 2 protocol 25-13
TCAM programming algorithm
changing 47-9
TCAM programming algorithm, overview 47-8
TCAM programming and ACLs 47-11, 47-13
for Sup II-Plust thru V-10GE 47-7
TCAM programming and ACLs for Sup 6-E 47-15
TCAM region, changing the algorithm 47-9
TCAM region, resizing 47-11
TDR
checking cable connectivity 7-3
enabling and disabling test 7-3
guidelines 7-3
Telnet
accessing CLI 2-2
disconnecting user sessions 7-7
executing 7-6
monitoring user sessions 7-6
telnet command 7-6
templates, Ethernet OAM 55-29
Terminal Access Controller Access Control System Plus
See TACACS+
TFTP
configuration files in base directory 3-5
configuring for autoconfiguration 3-4
limiting access by servers 53-15
TFTP download
See also console download
threshold monitoring, IP SLAs 58-6
time
See NTP and system clock
Time Domain Reflectometer
See TDR
time exceeded messages 7-9
timer
See login timer
timestamps in log messages 52-7
time zones 4-12
TLV
host presence detection 40-9
TLVs
defined 1-4, 27-2
LLDP-MED 27-2
Token Ring
media not supported (note) 13-5, 13-10
Topology change notification processing
MLD Snooping
Topology change notification processing 24-4
TOS
description 37-4
trace command 7-9
traceroute
See IP traceroute
See Layer 2 Traceroute
traceroute mac command 7-11
traceroute mac ip command 7-11
traffic
blocking flooded 49-2
traffic control
using ACLs (figure) 47-4
using VLAN maps (figure) 47-6
traffic marking procedure flowchart 37-72
traffic shaping 37-17
translational bridge numbers (defaults) 13-5
transmit queues
See QoS transmit queues
transmit rate 37-53
traps
configuring MAC address notification 4-22
configuring MAC move notification 4-24
configuring MAC threshold notification 4-26
configuring managers 53-11
defined 53-3
enabling 4-22, 4-24, 4-26, 53-11
notification types 53-11
overview 53-1, 53-4
troubleshooting
with CiscoWorks 53-4
with system message logging 52-1
with traceroute 7-9
troubleshooting high CPU due to ACLs 47-12
trunk failover
See link-state tracking
trunk ports
configure port security 43-18
configuring PVLAN 39-18 to 39-19
trunks
802.1Q restrictions 15-5
configuring 15-6
configuring access VLANs 15-6
configuring allowed VLANs 15-6
default interface configuration 15-6
different VTP domains 15-3
enabling to non-DTP device 15-4
encapsulation 15-3
specifying native VLAN 15-6
understanding 15-3
trusted boundary for QoS 37-22
trustpoint 57-3
Trust State of interfaces, configuring
trust states
configuring 37-49
tunneling
defined 25-1
tunnel ports
802.1Q, configuring 25-6
described 25-2
incompatibilities with other features 25-5
TwinGig Convertors
limitations on using 6-14
port numbering 6-13
selecting X2/TwinGig Convertor mode 6-14
type length value
See TLV
type of service
See TOS
U
UDLD
configuring probe message interval per-interface 28-8
default configuration 28-4
disabling on fiber-optic interfaces 28-7
disabling on non-fiber-optic interfaces 28-7
displaying link status 28-9
enabling globally 28-5
enabling per-interface 28-6
modes of operation 28-3
resetting disabled LAN interfaces 28-8
use case 28-2
UDLD, overview 28-1
UDP jitter, configuring 58-9
UDP jitter operation, IP SLAs 58-9
unauthorized ports with 802.1X 40-5
unicast
See IP unicast
unicast flood blocking
configuring 49-1
unicast MAC address filtering
and adding static addresses 4-29
and broadcast MAC addresses 4-29
and CPU packets 4-29
and multicast addresses 4-29
and router MAC addresses 4-29
configuration guidelines 4-29
described 4-28
unicast MAC address filtering, configuring
ACLs
configuring unicast MAC address filtering 47-19
Unicast RPF (Unicast Reverse Path Forwarding)
applying 32-5
BGP attributes
caution 32-4
CEF
requirement 32-2
tables 32-7
configuring 32-9
(examples) ?? to 32-12
BOOTP 32-8
DHCP 32-8
enterprise network (figure) 32-6
prerequisites 32-9
routing table requirements 32-7
tasks 32-9
verifying 32-10
deploying 32-5
description 32-2
disabling 32-11
enterprise network (figure) 32-6
FIB 32-2
implementing 32-4
packets, dropping (figure) 32-4
prerequisites 32-9
restrictions
basic 32-8
routing asymmetry 32-7
routing asymmetry (figure) 32-8
routing table requirements 32-7
security policy
applying 32-5
attacks, mitigating 32-5
deploying 32-5
tunneling 32-5
source addresses, validating 32-3
(figure) 32-3, 32-4
failure 32-3
traffic filtering 32-5
tunneling 32-5
validation
failure 32-3, 32-4
packets, dropping 32-3
source addresses 32-3
verifying 32-10
unicast traffic
blocking 49-2
Unidirectional Controlled Port, configuring 802.1X 40-62
unidirectional ethernet
enabling 29-2
example of setting 29-2
overview 29-1
UniDirectional Link Detection Protocol
See UDLD
UNIX syslog servers
daemon configuration 52-10
facilities supported 52-12
message logging configuration 52-11
UplinkFast
and MST 18-23
enabling 21-16
MST and 18-23
overview 21-11
User Based Rate Limiting
configuring 37-39
overview 37-38
user-defined event triggers
configuring, 802.1X-based 17-7
configuring, MAC address-based 17-8
User-defined triggers and built-in macros, configuring mapping 17-9
user EXEC mode 2-5
user sessions
disconnecting 7-7
monitoring 7-6
V
VACLs
Layer 4 port operations 47-16
virtual configuration register 62-3
virtual LANs
See VLANs
Virtual Private Network
See VPN
Virtual Switch System(VSS), displaying EtherChannel to 22-14
VLAN ACLs
See VLAN maps
VLAN-based QoS on Layer 2 interfaces, configuring 37-48
VLAN blocking, REP 20-12
vlan command 13-6
vlan dot1q tag native command 25-4
VLAN ID
service provider 25-9
VLAN ID, discovering 4-35
VLAN ID translation
See VLAN mapping
VLAN load balancing
REP 20-4
VLAN load balancing, triggering 20-5
VLAN load balancing on flex links 19-2
configuration guidelines 19-5
VLAN Management Policy Server
See VMPS
VLAN mapping
1-to-1 25-8
1-to-1, configuring 25-11
configuration guidelines 25-10
configuring 25-11
configuring on a trunk port 25-10
default 25-9
described 1-2, 25-7
selective QinQ 25-8
selective Q-in-Q, configuring 25-12
traditional QinQ 25-8
traditional Q-in-Q, configuring 25-12
types of 25-8
VLAN maps
applying to a VLAN 47-28
configuration example 47-29
configuration guidelines 47-25
configuring 47-24
creating and deleting entries 47-25
defined 47-3
denying access example 47-30
denying packets 47-26
displaying 47-31
order of entries 47-25
permitting packets 47-26
router ACLs and 47-31
using (figure) 47-5
using in your network 47-28
VLAN maps, PACL and Router ACLs 47-39
VLANs
allowed on trunk 15-6
configuration guidelines 13-3
configuring 13-5
configuring as Layer 3 interfaces 30-7
customer numbering in service-provider networks 25-3
default configuration 13-4
description 1-8
extended range 13-3
IDs (default) 13-5
interface assignment 13-7
limiting source traffic with RSPAN 51-23
monitoring with RSPAN 51-22
name (default) 13-5
normal range 13-3
overview 13-1
reserved range 13-3
See also PVLANs
VLAN Trunking Protocol
See VTP
VLAN trunks
overview 15-3
VLAN User Distribution, configuring 802.1X 40-64
VMPS
configuration file example 13-32
configuring dynamic access ports on client 13-25
configuring retry interval 13-27
database configuration file 13-32
dynamic port membership
example 13-29
reconfirming 13-26
reconfirming assignments 13-26
reconfirming membership interval 13-26
server overview 13-21
VMPS client
administering and monitoring 13-28
configure switch
configure reconfirmation interval 13-26
dynamic ports 13-25
entering IP VMPS address 13-24
reconfirmation interval 13-27
reconfirm VLAM membership 13-26
default configuration 13-24
dynamic VLAN membership overview 13-23
troubleshooting dynamic port VLAN membership 13-29
VMPS server
fall-back VLAN 13-23
illegal VMPS client requests 13-23
overview 13-21
security modes
multiple 13-22
open 13-22
secure 13-22
voice interfaces
configuring 38-1
Voice over IP
configuring 38-1
voice ports
configuring VVID 38-3
voice traffic 11-2, 38-5
voice VLAN
IP phone data traffic, described 38-2
IP phone voice traffic, described 38-2
Voice VLAN, configure 802.1X 40-69
voice VLAN ports
using 802.1X 40-22
VPN
configuring routing in 36-12
forwarding 36-3
in service provider networks 36-1
routes 36-2
routing and forwarding table
See VRF
VRF
defining 36-3
tables 36-1
VRF-aware services
ARP 36-6, 36-9
configuring 36-6
ftp 36-8
ping 36-6
SNMP 36-7
syslog 36-8
tftp 36-8
traceroute 36-8
uRPF 36-7
VRF-lite
description 1-17
VTP
client, configuring 13-16
configuration guidelines 13-12
default configuration 13-13
disabling 13-16
Layer 2 protocol tunneling 25-13
monitoring 13-19
overview 13-8
pruning
configuring 13-15
See also VTP version 2
server, configuring 13-16
statistics 13-19
transparent mode, configuring 13-16
version 2
enabling 13-15
VTP advertisements
description 13-9
VTP domains
description 13-8
VTP modes 13-9
VTP pruning
overview 13-11
VTP versions 2 and 3
overview 13-9
See also VTP
VTY and Network Assistant 12-12
VVID (voice VLAN ID)
and 802.1X authentication 40-22
configuring 38-3
W
WCCP
configuration examples 61-9
configuring on a router 61-2, 61-10
features 61-4
restrictions 61-5
service groups 61-6
web-based authentication
AAA fail policy 42-4
authentication proxy web pages 42-4
description 1-29, 40-15, 42-1
web-based authentication, interactions with other features 42-4
Web Cache Communication Protocol
See WCCP 61-1
web caches
See cache engines
web cache services
description 61-4
web caching
See web cache services
See also WCCP
web scaling 61-1
Index
Numerics
10/100 autonegotiation feature, forced 6-17
10-Gigabit Ethernet or Gigabit Ethernet ports
deploy on WS-X4606-10GE-E and Sup 6-E 6-13
10-Gigabit Ethernet port
deploy with Gigabit Ethernet SFP ports 6-11, 6-13
1400 W DC Power supply
special considerations 10-18
1400 W DC SP Triple Input power supply
special considerations 10-19
802.10 SAID (default) 13-5
802.1Q
trunks 18-6
tunneling
compatibility with other features 25-5
defaults 25-3
described 25-2
tunnel ports with other features 25-6
802.1Q VLANs
encapsulation 15-3
trunk restrictions 15-5
802.1s
See MST
802.1w
See MST
802.1X
See port-based authentication
802.1X authentication
Authentication Failed VLAN assignment 40-18
for Critical Authentication 40-15
for guest VLANs 40-12
for MAC Authentication Bypass 40-13
for Unidirectional Controlled Port 40-16
VLAN User Distribution 40-16
web-based authentication 40-15
with port security 40-19
with VLAN assignment 40-11
with voice VLAN ports 40-22
802.1X Host Mode 40-7
multiauthentication mode 40-9
multidomain authentication mode 40-8
single-host 40-8
802.3ad
See LACP
A
AAA 44-1
fail policy 42-4
AAA (authentication, authorization, and accounting). See also port-based authentication. 42-2
abbreviating commands 2-5
access control entries
See ACEs
access control entries and lists 44-1
access-group mode, configuring on Layer 2 interface 47-38
access-group mode, using PACL with 47-37
access list filtering, SPAN enhancement 51-13
access lists
using with WCCP 61-7
access ports
and Layer 2 protocol tunneling 25-15
configure port security 43-7, 43-23
configuring 15-8
access VLANs 15-6
accounting
with RADIUS 40-104
with TACACS+ 3-16, 3-21
ACEs
ACLs 47-2
IP 47-3
Layer 4 operation restrictions 47-16
ACEs and ACLs 44-1
ACL assignments, port-based authentication 40-20
ACL assignments and redirect URLs, configure 40-37
ACL configuration, displaying a Layer 2 interface 47-39
ACLs
ACEs 47-2
and SPAN 51-5
and TCAM programming for Sup 6-E 47-15
and TCAM programming for Sup II-Plus thru V-10GE 47-7
applying IPv6 ACLs to a Layer 3 interface 47-23
applying on routed packets 47-33
applying on switched packets 47-32
chaning the TCAM programming algorithm 47-9
compatibility on the same switch 47-3
configuring with VLAN maps 47-31
CPU impact 47-18
downloadable 42-7
hardware and software support 47-6
IP, matching criteria for port ACLs 47-4
MAC extended 47-20
matching criteria for router ACLs 47-3
port
and voice VLAN 47-5
defined 47-3
processing 47-18
resize the TCAM regions 47-11
selecting mode of capturing control packets 47-13
TCAM programming algorithm 47-8
troubleshooting high CPU 47-12
types supported 47-3
understanding 47-2
VLAN maps 47-5
ACLs, applying to a Layer 2 interface 47-38
ACLs and VLAN maps, examples 47-26
acronyms, list of A-1
action drivers, marking 37-72
active queue management 37-15
active queue management via DBL, QoS on Sup 6-E 37-85
active traffic monitoring, IP SLAs 58-1
adding members to a community 12-9
addresses
displaying the MAC table 4-35
dynamic
changing the aging time 4-21
defined 4-19
learning 4-20
removing 4-22
IPv6 47-2
MAC, discovering 4-35
See MAC addresses
static
adding and removing 4-27
defined 4-19
address resolution 4-35
adjacency tables
description 31-2
displaying statistics 31-9
administrative VLAN
REP, configuring 20-8
administrative VLAN, REP 20-8
advertisements
LLDP 1-4, 27-2
advertisements, VTP
See VTP advertisements
aggregation switch, enabling DHCP snooping 45-10
aging time
MAC address table 4-21
All Auth manager sessions, displaying summary 40-110
All Auth manager sessions on the switch authorized for a specified authentication method 40-111
ANCP client
enabling and configuring 34-2
guidelines and restrictions 34-5
identify a port with DHCP option 82 34-4
identify a port with protocol 34-2
overview 34-1
ANCP protocol
identifying a port with 34-2
applying IPv6 ACLs to a Layer 3 interface 47-23
AQM via DBL, QoS on Sup 6-E 37-85
archiving crashfiles information 2-8
ARP
defined 4-35
table
address resolution 4-35
managing 4-35
asymmetrical links, and 802.1Q tunneling 25-3
attributes, RADIUS
vendor-proprietary 40-107
vendor-specific 40-105
authentication
NTP associations 4-4
RADIUS
key 40-97
login 40-99
See also port-based authentication
TACACS+
defined 3-16
key 3-18
login 3-19
Authentication, Authorization, and Accounting (AAA) 44-1
Authentication Failed, configuring 80.1X 40-67
Authentication methods registered with the Auth manager, determining 40-110
authentication open comand 40-9
authentication proxy web pages 42-4
authentication server
defined 40-3
RADIUS server 40-3
Auth manager session for an interface, verifying 40-111
Auth manager summary, displaying 40-110
authoritative time source, described 4-2
authorization
with RADIUS 40-103
with TACACS+ 3-16, 3-21
authorized and unauthorized ports 40-5
authorized ports with 802.1X 40-5
autoconfiguration 3-2
automatic discovery
considerations 12-7
automatic QoS
See QoS
Auto-MDIX on a port
configuring 6-28
displaying the configuration 6-28
overview 6-27
autonegotiation feature
forced 10/100Mbps 6-17
Auto-QoS
configuring 37-57
Auto SmartPorts built-in macros
configuring parameters 17-6
Auto SmartPorts macros
built-in macros 17-4
configuration guidelines 17-4
default configuration 17-3
defined 17-1
displaying 17-13
enabling 17-3
IOS shell 17-2, 17-9
Auto Smartports macros
defined 1-2
Auto SmartPorts user-defined macros
configuring 17-9
auto-sync command 8-7
Auto SmartPorts macros
See also SmartPorts macros
Auto Smartports macros
See also Smartports macros
B
Baby Giants
interacting with 6-25
BackboneFast
adding a switch (figure) 21-4
and MST 18-23
configuring 21-16
link failure (figure) 21-14, 21-15
not supported MST 18-23
understanding 21-14
See also STP
banners
configuring
login 4-19
message-of-the-day login 4-18
default configuration 4-18
when displayed 4-17
b command 62-3
b flash command 62-3
BGP 1-11
routing session with multi-VRF CE 36-12
blocking packets 49-1
blocking state (STP)
RSTP comparisons (table) 18-24
boot bootldr command 3-31
boot command 3-28
boot commands 62-3
boot fields
See configuration register boot fields
bootstrap program
See ROM monitor
boot system command 3-26, 3-31
boot system flash command 3-28
Border Gateway Protocol
See BGP
boundary ports
description 18-27
BPDU Guard
and MST 18-23
configuring 21-16
overview 21-8
BPDUs
and media speed 18-2
pseudobridges and 18-25
what they contain 18-3
bridge ID
See STP bridge ID
bridge priority (STP) 18-17
bridge protocol data units
See BPDUs
Broadcast Storm Control
disabling 50-6
enabling 50-3
Built-in macros and user-defined triggers, configuring mapping 17-9
burst rate 37-53
burst size 37-28
C
cache engine clusters 61-1
cache engines 61-1
cache farms
See cache engine clusters
Call Home
description 1-17, 57-2
message format options 57-2
messages
format options 57-2
call home 57-1
alert groups 57-6
configuring e-mail options 57-9
contact information 57-4
default settings 57-18
destination profiles 57-5
displaying information 57-13
mail-server priority 57-10
pattern matching 57-9
periodic notification 57-8
rate limit messages 57-9
severity threshold 57-8
smart call home feature 57-2
SMTP server 57-9
testing communications 57-10
call home alert groups
configuring 57-6
description 57-6
subscribing 57-7
call home contacts
assigning information 57-4
call home destination profiles
attributes 57-5
configuring 57-5
description 57-5
displaying 57-16
call home notifications
full-txt format for syslog 57-25
XML format for syslog 57-28
candidates
automatic discovery 12-7
candidate switch, cluster
defined 12-12
Capturing control packets
selecting mode 47-13
cautions
Unicast RPF
BGP optional attributes 32-4
cautions for passwords
encrypting 3-22
CDP
and trusted boundary 37-22
automatic discovery in communities 12-7
configuration 26-2
defined with LLDP 27-1
displaying configuration 26-3
enabling on interfaces 26-3
host presence detection 40-9
Layer 2 protocol tunneling 25-13
maintaining 26-3
monitoring 26-3
overview 1-3, 26-1
cdp enable command 26-3
CEF
adjacency tables 31-2
and NSF with SSO 9-5
configuring load balancing 31-7
displaying statistics 31-8
enabling 31-6, 60-2
hardware switching 31-4
load balancing 31-6
overview 31-1
software switching 31-4
certificate authority (CA) 57-3
CFM
and Ethernet OAM interaction 55-35
configuration guidelines 55-8, 56-4
configuring crosscheck for VLANs 55-11
configuring over VLANs 55-9
crosscheck 55-7
default configuration 55-8
defined 55-2
disabling on a port 55-9
EtherChannel support 55-8, 56-4
IP SLAs support for 55-7
IP SLAs with endpoint discovers 55-15
maintenance domain 55-3
maintenance point 55-4
manually configuring IP SLAs ping or jitter 55-13
measuring network performance 55-7
monitoring 55-18
on EtherChannel port channels 55-8
sample configuration 55-16
SNMP traps 55-7
types of messages 55-6
CGMP
overview 23-1
Change of Authorization, RADIUS 40-91
channel-group group command 22-8, 22-10
Cisco 7600 series Internet router
enabling SNMP 63-4, 63-5
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco IOS IP SLAs 58-2
Cisco IOS NSF-aware
support 9-2
Cisco IOS NSF-capable support 9-2
Cisco IP Phones
configuring 38-3
sound quality 38-1
CiscoWorks 2000 53-4
CIST
description 18-22
civic location 27-3
class level, configure in a service policy 37-83
class-map command 37-29
class of service
See CoS
clear cdp counters command 26-4
clear cdp table command 26-3
clear counters command 6-31
clearing
IP multicast table entries 33-29
clear ip eigrp neighbors command 30-19
clear ip flow stats command 54-9
CLI
accessing 2-2
backing out one level 2-5
getting commands 2-5
history substitution 2-4
managing clusters 12-13
modes 2-5
monitoring environments 51-1
ROM monitor 2-7
software basics 2-4
clients
in 802.1X authentication 40-3
clock
See system clock
clustering switches
command switch characteristics
and VTY 12-12
convert to a community 12-10
managing
through CLI 12-13
overview 12-2
planning considerations
CLI 12-13
passwords 12-8
CoA Request Commands 40-93
command-line processing 2-3
command modes 2-5
commands
b 62-3
b flash 62-3
boot 62-3
confreg 62-3
dev 62-3
dir device 62-3
frame 62-5
i 62-3
listing 2-5
meminfo 62-5
reset 62-3
ROM monitor 62-2 to 62-3
ROM monitor debugging 62-5
SNMP 63-4
sysret 62-5
command switch, cluster
requirements 12-11
common and internal spanning tree
See CIST
common spanning tree
See CST
community of switches
access modes in Network Assistant 12-9
adding devices 12-9
communication protocols 12-9
community name 12-8
configuration information 12-9
converting from a cluster 12-10
host name 12-8
passwords 12-8
community ports 39-3
community strings
configuring 53-7
overview 53-4
community VLANs 39-2, 39-3
and SPAN features 39-12
configure as a PVLAN 39-13
compiling MIBs 63-4
config-register command 3-29
config terminal command 3-9
configurable leave timer,IGMP 23-4
configuration examples
SNMP 53-15
configuration files
limiting TFTP server access 53-15
obtaining with DHCP 3-6
saving 3-10
system contact and location information 53-14
configuration guidelines
CFM 55-8, 56-4
Ethernet OAM 55-20
REP 20-7
SNMP 53-6
VLAN mapping 25-10
configuration register
boot fields
listing value 3-29
modifying 3-28
changing from ROM monitor 62-3
changing settings 3-28 to 3-29
configuring 3-26
settings at startup 3-27
configure class-level queue-limit in a service policy 37-83
configure terminal command 3-29, 6-2
configuring access-group mode on Layer 2 interface 47-38
configuring flow control 6-20
configuring interface link and trunk status envents 6-32
configuring named IPv6 ACLs 47-22
configuring named MAC extended ACLs 47-20, 47-21
configuring unicast MAC address filtering 47-19
configuring VLAN maps 47-24
confreg command 62-3
Connectivity Fault Management
See CFM
console configuration mode 2-5
console download 62-4 to 62-5
console port
disconnecting user sessions 7-7
monitoring user sessions 7-6
contact information
assigning for call home 57-4
controlling switch access with RADIUS 40-89
Control Plane Policing
and Layer 2 Control packet QoS, configuration example 44-14
configuration guidelines and restrictions 44-8
configuring for control plane traffic 44-4
configuring for data plane and management plan traffic 44-6
defaults 44-4
general guidelines 44-3
monitoring 44-9
understanding 44-2
control protocol, IP SLAs 58-4
convergence
REP 20-4
copy running-config startup-config command 3-10
copy system:running-config nvram:startup-config command 3-31
CoS
definition 37-4
figure 37-2
overriding on Cisco IP Phones 38-5
priority 38-5
CoS Mutation
configuring 37-37
CoS-to-DSCP maps 37-54
CoS value, configuring for an interface 37-50
counters
clearing MFIB 33-29
clearing on interfaces 6-31
CPU, impact of ACL processing 47-18
CPU port sniffing 51-10
crashfiles information, archiving 2-8
Critical Authentication
configure with 802.1X 40-59
crosscheck, CFM 55-7, 55-11
CST
description 18-25
IST and 18-22
MST and 18-22
customer edge devices 36-2
C-VLAN 1-2, 25-7
D
database agent
configuration examples 45-16
enabling the DHCP Snooping 45-13
daylight saving time 4-13
debug commands, ROM monitor 62-5
default configuration
802.1X 40-27
auto-QoS 37-58
banners 4-18
CFM 55-8
DNS 4-16
Ethernet OAM 55-20
IGMP filtering 23-20
IGMP snooping 24-5, 24-6
IP SLAs 58-7
IPv6 47-7
Layer 2 protocol tunneling 25-16
LLDP 27-4
MAC address table 4-21
multi-VRF CE 36-3
NTP 4-4
private VLANs 39-11
RADIUS 40-96
REP 20-7
resetting the interface 6-34
RMON 59-3
SNMP 53-5
SPAN and RSPAN 51-6
system message logging 52-3
TACACS+ 3-18
VLAN mapping 25-9
default gateway
configuring 3-11
verifying configuration 3-11
default settings, erase commad 3-32
default web-based authentication configuration
802.1X 42-6
denial-of-service attacks
IP address spoofing, mitigating 32-5
Unicast RPF, deploying 32-5
denying access to a server on another VLAN 47-30
deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports 6-11, 6-13
deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports on WS-X4606-10GE-E and Sup 6-E 6-13
description command 6-20
dev command 62-3
device discovery protocol 27-1
device IDs
call home format 57-21, 57-22
DHCP
configuring
rate limit for incoming packets 45-14
denial-of-service attacks, preventing 45-14
rate limiting of packets
configuring 45-14
DHCP-based autoconfiguration
client request message exchange 3-3
configuring
client side 3-3
DNS 3-5
relay device 3-5
server-side 3-4
TFTP server 3-4
example 3-7
lease options
for IP address information 3-4
for receiving the configuration file 3-4
overview 3-2
relationship to BOOTP 3-3
DHCP option 82
identifying a port with 34-4
overview 45-4
DHCP Snooping
enabling, and Option 82 45-10
DHCP snooping
accepting untrusted packets form edge switch 45-10
configuring 45-6
default configuration 45-7
displaying binding tables 45-19
displaying configuration 45-19
displaying information 45-19
enabling 45-8
enabling on private VLAN 45-12
enabling on the aggregation switch 45-10
enabling the database agent 45-13
message exchange process 45-4
monitoring 45-23
option 82 data insertion 45-4
overview 45-1
Snooping database agent 45-2
DHCP Snooping Database Agent
adding to the database (example) 45-18
enabling (example) 45-16
overview 45-2
reading from a TFTP file (example) 45-17
Diagnostics
online 60-1
Power-On-Self-Test
causes of failure 60-21
how it works 60-10
overview 60-10
Power-On-Self-Test for Supervisor Engine V-10GE 60-15
Differentiated Services Code Point values
See DSCP values
DiffServ architecture, QoS 37-2
Digital optical monitoring transceiver support 6-16
dir device command 62-3
disabled state
RSTP comparisons (table) 18-24
disabling
broadcast storm control 50-6
disabling multicast storm control 50-7
disconnect command 7-7
discovery, clusters
See automatic discovery
discovery, Ethernet OAM 55-19
displaying
Auth Manager sumary for an interface 40-110
MAB details 40-113
summary of all Auth manager sessions 40-110
summary of all Auth manager sessions on the switch authorized for a specified authentication method 40-111
displaying EtherChannel to a Virtual Switch System 22-14
displaying storm control 50-8
display PoE consumed by a module 11-8
DNS
and DHCP-based autoconfiguration 3-5
default configuration 4-16
displaying the configuration 4-17
overview 4-15
setting up 4-16
domain names
DNS 4-15
Domain Name System
See DNS
double-tagged packets
802.1Q tunneling 25-2
Layer 2 protocol tunneling 25-15
downloading MIBs 63-3, 63-4
drop threshold for Layer 2 protocol packets 25-16
DSCP maps 37-54
DSCP-to-CoS maps
configuring 37-56
DSCP values
configuring maps 37-54
definition 37-4
IP precedence 37-3
mapping markdown 37-19
mapping to transmit queues 37-52
DSCP values, configuring port value 37-50
DTP
VLAN trunks and 15-3
duplex command 6-19
duplex mode
configuring interface 6-17
dynamic ARP inspection
ARP cache poisoning 46-2
configuring
ACLs for non-DHCP environments 46-11
in DHCP environments 46-5
log buffer 46-14
rate limit for incoming ARP packets 46-16
denial-of-service attacks, preventing 46-16
interface trust state, security coverage 46-3
log buffer
configuring 46-14
logging of dropped packets 46-4
overview 46-1
port channels, their behavior 46-5
priority of static bindings 46-4
purpose of 46-2
rate limiting of ARP packets 46-4
configuring 46-16
validation checks, performing 46-19
dynamic buffer limiting
globally 37-24
on specific CoS values 37-26
on specific IP DSCP values 37-25
Dynamic Host Configuration Protocol snooping
See DHCP snooping
dynamic port VLAN membership
example 13-29
limit on hosts 13-29
reconfirming 13-26
troubleshooting 13-29
Dynamic Trunking Protocol
See DTP
E
EAP frames
changing retransmission time 40-80
exchanging (figure) 40-5, 40-7, 40-14
request/identity 40-4
response/identity 40-4
setting retransmission number 40-81
EAPOL frames
802.1X authentication and 40-3
OTP authentication, example (figure) 40-5, 40-14
start 40-4
edge ports
description 18-27
EGP
overview 1-11
EIGRP
configuration examples 30-19
monitoring and maintaining 30-19
EIGRP (Enhanced IGRP)
stub routing
benefits 30-17
configuration tasks 30-18
configuring 30-14
overview 30-14
restrictions 30-17
verifying 30-18
EIGRP (enhanced IGRP)
overview 1-12
eigrp stub command 30-18
EIGRP stub routing, configuring 30-13
ELIN location 27-3
e-mail addresses
assigning for call home 57-4
e-mail notifications
Call Home 1-17, 57-2
Embedded CiscoView
displaying information 4-39
installing and configuring 4-36
overview 4-36
emergency alarms on Sup Engine 6-E systems 10-3
enable command 3-9, 3-28
enable mode 2-5
enabling or disabling QOS on an interface 37-47
enabling SNMP 63-4, 63-5
encapsulation types 15-3
Enhanced Interior Gateway Routing Protocol
See EIGRP
Enhanced PoE support on E-series 11-16
environmental conditions
Sup Engine 6-E 10-3
Sup Engines II-Plus to V-10GE 10-2
environmental monitoring
using CLI commands 10-1
EPM logging 40-113
EtherChannel
channel-group group command 22-8, 22-10
configuration guidelines 22-5
configuring 22-6 to 22-14
configuring Layer 2 22-9
configuring Layer 3 22-6
displaying to a virtual switch system 22-14
interface port-channel command 22-7
lacp system-priority
command example 22-12
modes 22-3
overview 22-2
PAgP
Understanding 22-3
physical interface configuration 22-7
port-channel interfaces 22-2
port-channel load-balance command 22-13
removing 22-14
removing interfaces 22-13
EtherChannel guard
disabling 21-7
enabling 21-6
overview 21-6
Ethernet infrastructure 55-1
Ethernet management port
and routing 6-6
and routing protocols 6-6
configuring 6-10
default setting 6-6
described 1-19, 6-6
for network management 1-19, 6-6
specifying 6-10
supported features 6-9
unsupported features 6-10
Ethernet management port, internal
and routing protocols 6-6
Ethernet Management Port, using 6-6
Ethernet OAM 55-19
and CFM interaction 55-35
configuration guidelines 55-20
default configuration 55-20
discovery 55-19
enabling 55-21
link monitoring 55-19, 55-24
manager 55-1
messages 55-20
protocol
defined 55-19
monitoring 55-33
remote failure indications 55-19
remote loopback 55-20, 55-22
templates 55-29
Ethernet OAM protocol CFM notifications 55-35
Ethernet operation, administration, and maintenance
See Ethernet OAM
event triggers, user-defined
configuring, 802.1X-based 17-7
configuring, MAC address-based 17-8
explicit host tracking
enabling 23-11
extended range VLANs
See VLANs
Extensible Authentication Protocol over LAN 40-2
Exterior Gateway Protocol
See EGP
F
Fa0 port
See Ethernet management port
Fallback Authentication
configure with 802.1X 40-71
FastDrop
overview 33-11
fastethernet0 port
See Ethernet management port
Fast UDLD
configuring probe message interval 28-8
default configuration 28-4
displaying link status 28-9
enabling globally 28-5
enabling on individual interface 28-7
enabling per-interface 28-6
modes of operation 28-3
resetting disabled LAN interfaces 28-8
use case 28-2
Fast UDLD, overview 28-1
FIB
description 31-2
See also MFIB
fiber-optics interfaces
disabling UDLD 28-7
Filter-ID ACL and Per-User ACL, configureport-based authentication
configure Per-User ACL and Filter-ID ACL 40-43
filtering
in a VLAN 47-24
non-IP traffic 47-20, 47-21
flags 33-12
Flash memory
configuring router to boot from 3-31
loading system images from 3-30
security precautions 3-30
Flex Links
configuration guidelines 19-5
configuring 19-6
configuring preferred VLAN 19-9
configuring VLAN load balancing 19-8
monitoring 19-12
flooded traffic, blocking 49-2
flowchart, traffic marking procedure 37-72
flow control, configuring 6-20
For 11-14
forward-delay time (STP)
configuring 18-19
forwarding information base
See FIB
frame command 62-5
G
gateway
See default gateway
get-bulk-request operation 53-3
get-next-request operation 53-3, 53-4
get-request operation 53-3, 53-4
get-response operation 53-3
Gigabit Ethernet SFP ports
deploy with 10-Gigabit Ethernet 6-11, 6-13
global configuration mode 2-5
Guest-VLANs
configure with 802.1X 40-54
H
hardware and software ACL support 47-6
hardware switching 31-5
hello time (STP)
configuring 18-17
hierarchical policers, configuring 37-42
high CPU due to ACLs, troubleshooting 47-12
history
CLI 2-4
history table, level and number of syslog messages 52-9
hop counts
configuring MST bridges 18-28
host
limit on dynamic port 13-29
host ports
kinds of 39-3
host presence CDP message 40-9
Hot Standby Routing Protocol
See HSRP
HSRP
description 1-10
http
//www.cisco.com/en/US/docs/ios/12_4/ip_sla/configuration/guide/hsla_c.html 58-1, 58-4, 58-6, 58-7
//www.cisco.com/en/US/docs/ios/fundamentals/command reference/cf_book.html 52-1, 53-1, 59-1
hw-module module num power command 10-21
I
ICMP
enabling 7-12
ping 7-8
running IP traceroute 7-9
time exceeded messages 7-9
ICMP Echo operation
configuring 58-12
IP SLAs 58-11
i command 62-3
IDS
using with SPAN and RSPAN 51-2
IEEE 802.1ag 55-2
IEEE 802.1s
See MST
IEEE 802.1w
See MST
IEEE 802.3ad
See LACP
IEEE 802.3ah Ethernet OAM discovery 55-1
IGMP
configurable-leave timer 23-4
description 33-3
enabling 33-14
explicit host tracking 23-4
immediate-leave processing 23-3
leave processing, enabling 24-8
overview 23-1
report suppression
disabling 24-10
IGMP filtering
configuring 23-21
default configuration 23-20
described 23-20
monitoring 23-24
IGMP groups
setting the maximum number 23-23
IGMP Immediate Leave
configuration guidelines 23-9
IGMP profile
applying 23-22
configuration mode 23-21
configuring 23-21
IGMP Snooping
configure
leave timer 23-9
configuring
Learning Methods 23-7
static connection to a multicast router 23-8
configuring host statically 23-11
enabling
Immediate-Leave processing
explicit host tracking 23-11
suppressing multicast flooding 23-12
IGMP snooping
configuration guidelines 23-5
default configuration 24-5, 24-6
enabling
globally 23-6
on a VLAN 23-6
enabling and disabling 24-6
IP multicast and 33-4
monitoring 23-14, 24-11
overview 23-1
IGMP Snooping, displaying
group 23-16
hot membership 23-15
how to 23-15
MAC address entries 23-18
multicast router interfaces 23-17
on a VLAN interface 23-18
Querier information 23-19
IGMPSnooping Querier, configuring 23-10
IGRP
description 1-12
Immediate Leave, IGMP
enabling 24-8
immediate-leave processing
enabling 23-8
IGMP
See fast-leave processing
ingress packets, SPAN enhancement 51-12
inline power
configuring on Cisco IP phones 38-5
insufficient inline power handling for Supervisor Engine II-TS 10-19
Intelligent Power Management 11-4
interacting with Baby Giants 6-25
interface command 3-9, 6-2
interface configuration
REP 20-9
interface link and trunk status events
configuring 6-32
interface port-channel command 22-7
interface range command 6-4
interface range macro command 6-10
interfaces
adding descriptive name 6-19
clearing counters 6-31
configuring 6-2
configuring ranges 6-4
displaying information about 6-30
Layer 2 modes 15-4
maintaining 6-30
monitoring 6-30
naming 6-19
numbers 6-2
overview 6-2
restarting 6-31
See also Layer 2 interfaces
using the Ethernet Management Port 6-6
Interior Gateway Routing Protocol
See IGRP
Internet Control Message Protocol
See ICMP
Internet Group Management Protocol
See IGMP
Internet Protocol version 6
See IPv6
Inter-Switch Link encapsulation
See ISL encapsulation
Intrusion Detection System
See IDS
inventory management TLV 27-3, 27-8
IOS shell
See Auto SmartPorts macros
IP
configuring default gateway 3-11
configuring static routes 3-11
displaying statistics 31-8
flow switching cache 54-9
IP addresses
128-bit 47-2
cluster candidate or member 12-12
cluster command switch 12-11
discovering 4-35
IPv6 47-2
ip cef command 31-6, 60-2
IP Enhanced IGRP
interfaces, displaying 30-19
ip flow-aggregation cache destination-prefix command 54-11
ip flow-aggregation cache prefix command 54-11
ip flow-aggregation cache source-prefix command 54-12
ip flow-export command 54-9
ip icmp rate-limit unreachable command 7-13
ip igmp profile command 23-21
ip igmp snooping tcn flood command 23-13
ip igmp snooping tcn flood query count command 23-14
ip igmp snooping tcn query solicit command 23-14
IP information
assigned
through DHCP-based autoconfiguration 3-2
ip load-sharing per-destination command 31-7
ip local policy route-map command 35-8
ip mask-reply command 7-14
IP MTU sizes,configuring 30-9
IP multicast
clearing table entries 33-29
configuring 33-13
default configuration 33-13
displaying PIM information 33-24
displaying the routing table information 33-24
enabling dense-mode PIM 33-15
enabling sparse-mode 33-15
features not supported 33-13
hardware forwarding 33-9
IGMP snooping and 23-5, 33-4
overview 33-1
routing protocols 33-2
software forwarding 33-9
See also Auto-RP; IGMP; PIM; RP; RPF
IP multicast routing
enabling 33-14
monitoring and maintaining 33-24
ip multicast-routing command 33-14
IP multicast traffic, load splitting 33-23
IP phones
automatic classification and queueing 37-58
configuring voice ports 38-3
See Cisco IP Phones 38-1
trusted boundary for QoS 37-22
ip pim command 33-15
ip pim dense-mode command 33-15
ip pim sparse-dense-mode command 33-16
ip policy route-map command 35-7
IP Port Security for Static Hosts
on a Layer 2 access port 45-25
on a PVLAN host port 45-28
overview 45-24
ip redirects command 7-13
ip route-cache flow command 54-7
IP routing tables
deleting entries 33-29
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 58-1
IP SLAs
benefits 58-3
CFM endpoint discovery 55-15
Control Protocol 58-4
default configuration 58-7
definition 58-1
ICMP echo operation 58-11
manually configuring CFM ping or jitter 55-13
measuring network performance 58-3
multioperations scheduling 58-6
operation 58-4
responder
described 58-4
enabling 58-8
response time 58-5
scheduling 58-6
SNMP support 58-3
supported metrics 58-3
threshold monitoring 58-6
UDP jitter operation 58-9
IP Source Guard
configuring 45-21
configuring on private VLANs 45-22
displaying 45-22, 45-23
overview 45-23
IP statistics
displaying 31-8
IP traceroute
executing 7-9
overview 7-9
IP unicast
displaying statistics 31-8
IP Unnumbered support
configuring on a range of Ethernet VLANs 14-5
configuring on LAN and VLAN interfaces 14-4
configuring with connected host polling 14-6
DHCP Option 82 14-2
displaying settings 14-7
format of agent remote ID suboptions 14-3
troubleshooting 14-8
with conected host polling 14-3
with DHCP server and Relay agent 14-2
ip unreachables command 7-12
IPv4, IPv6, and MAC ACLs, configuring on a Layer 2 interface 47-37
IPv6
addresses 47-2
default configuration 47-7
defined 1-14, 47-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 47-6
Router ID 47-6
OSPF 47-6
IPv6 control traffic, policing 44-16
IPX
redistribution of route information with EIGRP 1-12
is 25-19
ISL
encapsulation 15-3
trunking with 802.1Q tunneling 25-4
isolated port 39-3
isolated VLANs 39-2, 39-3, 39-4
ISSU
compatibility matrix 5-12
compatiblity verification using Cisco Feature Navigator 5-13
description 1-14
NSF overview 5-3
perform the process
aborting a software upgrade 5-24
configuring the rollback timer as a safeguard 5-25
displaying a compatibility matrix 5-26
loading the new software on the new standby 5-22
stopping the rollback timer 5-21
switching to the standby 5-19
verify the ISSU state 5-16
verify the redundancy mode 5-14
verify the software installation 5-14
vload the new software on standby 5-16
prerequisites 5-1
process overview 5-6
restrictions 5-1
SNMP support 5-13
SSO overview 5-3
versioning capability in software to support 5-11
IST
and MST regions 18-22
description 18-22
master 18-27
J
jumbo frames
and ethernet ports 6-24
configuring MTU sizes for 6-25
ports and linecards that support 6-22
understanding MTUs 6-23
understanding support 6-23
VLAN interfaces 6-24
K
keyboard shortcuts 2-3
L
l2protocol-tunnel command 25-17
labels, definition 37-4
LACP
system ID 22-4
Layer 2 access ports 15-8
Layer 2 Control Packet QoS
and CoPP configuration example 44-14
default configuation 44-11
disabling 44-13
enabvling 44-12
guideline and restrictions 44-16
understanding 44-11
Layer 2 frames
classification with CoS 37-2
Layer 2 interface
applying ACLs 47-38
configuring access-mode mode on 47-38
configuring IPv4, IPv6, and MAC ACLs 47-37
displaying an ACL configuration 47-39
Layer 2 interfaces
assigning VLANs 13-7
configuring 15-5
configuring as PVLAN host ports 39-17
configuring as PVLAN promiscuous ports 39-16
configuring as PVLAN trunk ports 39-18
defaults 15-5
disabling configuration 15-9
modes 15-4
show interfaces command 15-7
Layer 2 interface type
resetting 39-22
setting 39-22
Layer 2 protocol tunneling
default configuration 25-16
guidelines 25-16
Layer 2 switching
overview 15-1
Layer 2 Traceroute
and ARP 7-11
and CDP 7-10
host-to-host paths 7-10
IP addresses and subnets 7-11
MAC addresses and VLANs 7-10
multicast traffic 7-10
multiple devices on a port 7-11
unicast traffic 1-28, 7-10
usage guidelines 7-10
Layer 2 trunks
configuring 15-6
overview 15-3
Layer 3 interface, applying IPv6 ACLs 47-23
Layer 3 interface counters,configuring 30-10
Layer 3 interface counters,understanding 30-3
Layer 3 interfaces
changing from Layer 2 mode 36-7
configuration guidelines 30-5
configuring VLANs as interfaces 30-7
overview 30-1
counters 30-3
logical 30-2
physical 30-2
SVI autostate exclude 30-3
Layer 3 packets
classification methods 37-3
Layer 4 port operations
configuration guidelines 47-17
restrictions 47-16
Leave timer, enabling 23-9
limitations on using a TwinGig Convertor 6-14
link and trunk status events
configuring interface 6-32
link integrity, verifying with REP 20-3
Link Layer Discovery Protocol
See CDP
link monitoring, Ethernet OAM 55-19, 55-24
link-state tracking
configuration guidelines 22-20
default configuration 22-20
described 22-17
displaying status 22-21
generic configuration procedure 22-20
link status, displaying UDLD 28-9
listening state (STP)
RSTP comparisons (table) 18-24
LLDP
configuring 27-4
characteristics 27-5
default configuration 27-4
disabling and enabling
globally 27-6
on an interface 27-7
monitoring and maintaining 27-13
overview 27-1
transmission timer and holdtime, setting 27-5
LLDP-MED
configuring
procedures 27-4
TLVs 27-8, 27-10
monitoring and maintaining 27-13
overview 27-1
supported TLVs 27-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing
configuring for CEF 31-7
configuring for EtherChannel 22-12
overview 22-5, 31-6
per-destination 31-7
load splitting IP multicast traffic 33-23
Location Service
overview 27-1
location service
configuring 27-11
understanding 27-3
location TLV 27-3, 27-8
logging, EPM 40-113
Logical Layer 3 interfaces
configuring 30-6
logical layer 3 VLAN interfaces 30-2
login authentication
with RADIUS 40-99
with TACACS+ 3-19
login banners 4-17
login timer
changing 7-6
logoutwarning command 7-6
loop guard
and MST 18-23
configuring 21-5
overview 21-3
M
MAC/PHY configuration status TLV 27-2
MAC addresses
aging time 4-21
allocating 18-6
and VLAN association 4-20
building tables 4-20, 15-2
convert dynamic to sticky secure 43-5
default configuration 4-21
disabling learning on a VLAN 4-30
discovering 4-35
displaying 7-3
displaying in DHCP snooping binding table 45-19
dynamic
learning 4-20
removing 4-22
in ACLs 47-20
static
adding 4-28
allowing 4-29
characteristics of 4-27
dropping 4-29
removing 4-28
sticky 43-4
sticky secure, adding 43-5
MAC address learning, disabling on a VLAN 4-30
confuguring 4-30
deployment scenarios 4-31
feature compatibility 4-33
feature incompatibility 4-34
feature inompatibility 4-34
usage guidelines 4-31
MAC address table
displaying 4-35
MAC address-table move update
configuration guidelines 19-9
configuring 19-10
monitoring 19-12
MAC Authentication Bypass
configure with 802.1X 40-57
MAC details, displaying 40-113
MAC extended access lists 47-20
macros
See Auto SmartPorts macros
See Auto Smartports macros
See Smartports macros
main-cpu command 8-7
Maintenance end points
See MEPs
Maintenance intermediate points
See MIPs
management address TLV 27-2
management options
SNMP 53-1
Management Port, Ethernet 6-6
manual preemption, REP, configuring 20-12
mapping
DSCP markdown values 37-19
DSCP values to transmit queues 37-52
mapping tables
configuring DSCP 37-54
described 37-15
marking
hardware capabilities 37-74
marking action drivers 37-72
marking network traffic 37-69
marking support, multi-attribute 37-73
mask destination command 54-11
mask source command 54-11, 54-12
Match CoS for non-IPV4 traffic
configuring 37-31
match ip address command 35-6
maximum aging time (STP)
configuring 18-18
MDA
configuration guidelines 40-23 to ??
described 40-23
members
automatic discovery 12-7
member switch
managing 12-13
member switch, cluster
defined 12-2
meminfo command 62-5
MEPs
defined 55-4
messages, Ethernet OAM 55-20
messages, to users through banners 4-17
Metro features
Ethernet CFM, introduction 1-3
Ethernet OAM Protocol, introduction 1-3
Flex Link and MAC Address-Table Move Update, introduction 1-3
Y.1731 (AIS and RDI), introduction 1-9
metro tags 25-2
MFIB
CEF 33-5
overview 33-12
MFIB, IP
displaying 33-27
MIBs
compiling 63-4
downloading 63-3, 63-4
overview 53-1
related information 63-3
SNMP interaction with 53-4
MIPs
defined 55-5
MLD Done messages and Immediate-leave 24-4
MLD messages 24-2
MLD queries 24-3
MLD reports 24-4
MLD Snooping
MLD Done messages and Immediate-leave 24-4
MLD messages 24-2
MLD queries 24-3
MLD reports 24-4
Multicast client aging robustness 24-3
Multicast router discovery 24-3
overview 24-1
Mode of capturing control packets, selecting 47-13
modules
checking status 7-1
powering down 10-21
monitoring
802.1Q tunneling 25-19
ACL information 47-42
Ethernet CFM 55-18
Ethernet OAM 55-33
Ethernet OAM protocol 55-33
Flex Links 19-12
IGMP
snooping 24-11
IGMP filters 23-24
IGMP snooping 23-14
Layer 2 protocol tunneling 25-19
MAC address-table move update 19-12
multicast router interfaces 24-11
multi-VRF CE 36-17
REP 20-13
traffic flowing among switches 59-1
tunneling 25-19
VLAN filters 47-31
VLAN maps 47-31
M-record 18-23
MST
and multiple spanning trees 1-5, 18-22
boundary ports 18-27
BPDUs 18-23
configuration parameters 18-26
configuring 18-29
displaying configurations 18-33
edge ports 18-27
enabling 18-29
hop count 18-28
instances
configuring parameters 18-32
description 18-23
number supported 18-26
interoperability with PVST+ 18-23
link type 18-28
master 18-27
message age 18-28
regions 18-26
restrictions 18-29
to-SST interoperability 18-24
MSTP
EtherChannel guard
enabling 21-6
M-record 18-23
M-tree 18-23
M-tree 18-23
MTUS
understanding 6-23
MTU size
configuring 6-25, 6-26, 6-32, 6-33
default 13-5
Multi-authentication
described 40-23
multiauthentication mode 40-9
multicast
See IP multicast
Multicast client aging robustness 24-3
multicast groups
static joins 24-7
multicast packets
blocking 49-2
Multicast router discovery 24-3
multicast router interfaces, displaying 23-17
multicast router interfaces, monitoring 24-11
multicast router ports, adding 24-7
multicast routers
flood suppression 23-12
multicast router table
displaying 33-24
Multicast Storm Control
enabling 50-4
disabling 50-7
suppression on Sup 6-E 50-5
suppression on WS-X4014 50-5
suppression on WS-X4016 50-6
WS-X4515, WS-X4014, and WS-X4013+ Sup Engs 50-5
WS-X4516 Sup Eng 50-6
multidomain authentication
See MDA
multidomain authentication mode 40-8
multioperations scheduling, IP SLAs 58-6
Multiple AuthorizationAuthentication
configuring 40-33
Multiple Domain Authentication 40-33
multiple forwarding paths 1-5, 18-22
multiple-hosts mode 40-8
Multiple Spanning Tree
See MST
multiple VPN routing/forwarding
See multi-VRF CE
multi-VRF CE
components 36-3
configuration example 36-13
default configuration 36-3
defined 36-1
displaying 36-17
monitoring 36-17
network components 36-3
packet-forwarding process 36-3
N
named aggregate policers, creating 37-27
named IPv6 ACLs, configuring
ACLs
configuring named IPv6 ACLs 47-22
named MAC extended ACLs
ACLs
configuring named MAC extended 47-20, 47-21
native VLAN
and 802.1Q tunneling 25-4
specifying 15-6
NEAT
configuring 40-82
overview 40-24
neighbor offset numbers, REP 20-4
NetFlow
aggregation
minimum mask,default value 54-11
destination-prefix aggregation
configuration (example) 54-16
minimum mask, configuring 54-11
IP
flow switching cache 54-9
prefix aggregation
configuration (example) 54-14
minimum mask, configuring 54-11
source-prefix aggregation
minimum mask, configuring 54-11
switching
checking for required hardware 54-6
configuration (example) 54-13
configuring switched IP flows 54-8
enabling Collection 54-7
exporting cache entries 54-9
statistics 54-9
NetFlow statistics
caveats on supervisor 54-6
checking for required hardware 54-6
configuring collection 54-6
enabling Collection 54-7
exporting cache entries 54-9
overview of collection 54-2
switched/bridged IP flows 54-8
Network Assistant
and VTY 12-12
configure
enable communication with switch 12-13, 12-17
default configuration 12-2
overview of CLI commands 12-3
Network Edge Access Topology
See NEAT
network fault tolerance 1-5, 18-22
network management
configuring 26-1
RMON 59-1
SNMP 53-1
network performance, measuring with IP SLAs 58-3
network policy TLV 27-2, 27-8
Network Time Protocol
See NTP
network traffic, marking 37-69
New Software Features in Release 7.7
TDR 7-3
Next Hop Resolution Protocol
See NHRP
NHRP
support 1-12
non-fiber-optics interfaces
disabling UDLD 28-7
non-IP traffic filtering 47-20, 47-21
non-RPF traffic
description 33-10
in redundant configurations (figure) 33-11
Nonstop Forwarding
See NSF
nonvolatile random-access memory
See NVRAM
normal-range VLANs
See VLANs
NSF
defined 9-1
guidelines and restrictions 9-9
operation 9-5
NSF-aware
supervisor engines 9-3
support 9-2
NSF-capable
supervisor engines 9-3
support 9-2
NSF with SSO supervisor engine redundancy
and CEF 9-5
overview 9-4
SSO operation 9-4
NTP
associations
authenticating 4-4
defined 4-2
enabling broadcast messages 4-7
peer 4-6
server 4-6
default configuration 4-4
displaying the configuration 4-11
overview 4-2
restricting access
creating an access group 4-9
disabling NTP services per interface 4-10
source IP address, configuring 4-10
stratum 4-2
synchronizing devices 4-6
time
services 4-2
synchronizing 4-2
NVRAM
saving settings 3-10
O
OAM
client 55-19
features 55-19
sublayer 55-19
OAM manager
with CFM and Ethernet OAM 55-35
OAM PDUs 55-21
OAM protocol data units 55-19
OIR
overview 6-29
on-demaind online diagnostics 60-2
online diagnostic
troubleshooting 60-8
Online Diagnostics 60-1
online diagnostics
configuring on-demaind 60-2
data path, displaying test results 60-7
displaying tests and test results 60-4
linecard 60-8
scheduling 60-2
starting and stopping tests 60-3
online insertion and removal
See OIR
Open Shortest Path First
See OSPF
operating system images
See system images
Option 82
enabling DHCP Snooping 45-10
OSPF
area concept 1-13
description 1-13
for IPv6 47-6
P
packets
modifying 37-17
software processed
and QoS 37-17
packet type filtering
overview 51-15
SPAN enhancement 51-15
PACL
using with access-group mode 47-37
PACL configuration guidelines 47-35
PACL with VLAN maps and router ACLs 47-39
PAgP
understanding 22-3
passwords
configuring enable password 3-14
configuring enable secret password 3-14
encrypting 3-22
in clusters 12-8
recovering lost enable password 3-25
setting line password 3-14
PBR (policy-based routing)
configuration (example) 35-8
enabling 35-6
features 35-2
overview 35-1
route-map processing logic 35-3
route-map processing logic example 35-4
route maps 35-2
when to use 35-5
per-port and VLAN Access Control List 45-20
per-port per-VLAN QoS
enabling 37-44
overview 37-17
Per-User ACL and Filter-ID ACL, configure 40-43
Per-VLAN Rapid Spanning Tree 18-6
enabling 18-20
overview 18-6
PE to CE routing, configuring 36-12
physical layer 3 interfaces 30-2
Physical Layer 3 interfaces, configuring 30-12
PIM
configuring dense mode 33-15
configuring sparse mode 33-15
displaying information 33-24
displaying statistics 33-28
enabling sparse-dense mode 33-15, 33-16
overview 33-3
PIM-DM 33-3
PIM on an interface, enabling 33-14
PIM-SM 33-4
PIM-SSM mapping, enabling 33-17
ping
executing 7-8
overview 7-8
ping command 7-8, 33-24
PoE 11-8
configuring power consumption for single device 11-6
configuring power consumption for switch 11-5
Enhanced PoE support on E-series 11-16
policing and monitoring 11-12
power consumption for powered devices
Intelligent Power Management 11-4
powering down a module 10-21
power management modes 11-2
show interface status 11-7
PoE policing
configuring errdisable recovery 11-15
configuring on an interface 11-13
displaying on an interface 11-14
power modes 11-13
point-to-point
in 802.1X authentication (figure) 40-3
police command 37-34
policed-DSCP map 37-55
policers
description 37-6
types of 37-10
policies
See QoS policies
policing
how to implement 37-69
See QoS policing
policing, PoE 11-12
policing IPv6 control traffic 44-16
policy associations, QoS on Sup 6-E 37-86
policy-map command 37-29, 37-32
policy map marking action, configuring 37-74
policy maps
attaching to interfaces 37-36
configuring 37-32
port ACLs
and voice VLAN 47-5
defined 47-3
Port Aggregation Protocol
see PAgP
port-based authentication
802.1X with voice VLAN 40-22
Authentication Failed VLAN assignment 40-18
authentication server
defined 42-2
changing the quiet period 40-79
client, defined 40-3, 42-2
configuration guidelines 40-28, 42-7
configure ACL assignments and redirect URLs 40-37
configure switch-to-RADIUS server communication 40-32
configure with Authentication Failed 40-67
configure with Critical Authentication 40-59
configure with Guest-VLANs 40-54
configure with MAC Authentication Bypass 40-57
configure with VLAN User Distribution 40-64
configure with Voice VLAN 40-69
configuring
Multiple Domain Authentication and Multiple Authorization 40-33
RADIUS server 42-10
RADIUS server parameters on the switch 42-9
configuring Fallback Authentication 40-71
configuring Guest-VLAN 40-32
configuring manual re-authentication of a client 40-88
configuring with Unidirectional Controlled Port 40-62
controlling authorization state 40-5
default configuration 40-27, 42-6
described 40-1
device roles 40-2, 42-2
displaying statistics 40-109, 42-15
enabling 40-28
802.1X authentication 42-9
enabling multiple hosts 40-77
enabling periodic re-authentication 40-76
encapsulation 40-3
host mode 40-7
initiation and message exchange 40-4
method lists 40-28
modes 40-7
multidomain authentication 40-23
multiple-hosts mode, described 40-8
port security
multiple-hosts mode 40-8
ports not supported 40-5
pre-authentication open access 40-9
resetting to default values 40-88
setting retransmission number 40-81
setting retransmission time 40-80
switch
as proxy 42-2
switch supplicant
configuring 40-82
overview 40-24
topologies, supported 40-25
using with ACL assignments and redirect URLs 40-20
using with port security 40-19
with Critical Authentication 40-15
with Guest VLANs 40-12
with MAC Authentication Bypass 40-13
with Unidirectional Controlled Port 40-16
with VLAN assignment 40-11
with VLAN User Distribution 40-16
port-based QoS features
See QoS
port-channel interfaces
See also EtherChannel
creating 22-7
overview 22-2
port-channel load-balance
command 22-12
command example 22-12
port-channel load-balance command 22-13
port cost (STP)
configuring 18-15
port description TLV 27-2
PortFast
and MST 18-23
BPDU filter, configuring 21-10
configuring or enabling 21-16
overview 21-7
PortFast BPDU filtering
and MST 18-23
enabling 21-10
overview 21-9
port numbering with TwinGig Convertors 6-13
port priority
configuring MST instances 18-32
configuring STP 18-13
ports
blocking 49-1
checking status 7-2
dynamic VLAN membership
example 13-29
reconfirming 13-26
forwarding, resuming 49-3
REP 20-6
See also interfaces
port security
aging 43-5
and QoS trusted boundary 37-22
configuring 43-8
displaying 43-29
guidelines and restrictions 43-34
on access ports 43-7, 43-23
on private VLAN 43-15
host 43-15
over Layer 2 EtherChannel 43-34
promiscuous 43-17
topology 43-16, 43-19, 43-34
on trunk port 43-18
guidelines and restrictions 43-16, 43-19, 43-34
port mode changes 43-23
on voice ports 43-23
sticky learning 43-5
using with 802.1X 40-19
violations 43-6
with 802.1X Authentication 43-33
with DHCP and IP Source Guard 43-32
with other features 43-34
port states
description 18-5
port trust state
See trust states
port VLAN ID TLV 27-2
power
inline 38-5
power dc input command 10-18
power handling for Supervisor Engine II-TS 11-12
power inline command 11-3
power inline consumption command 11-5, 11-6
power management
Catalyst 4500 series 10-6
Catalyst 4500 Switch power supplies 10-13
Catalyst 4948 series 10-21
configuring combined mode 10-12
configuring redundant mode 10-11
overview 10-1
redundancy 10-6
power management for Catalyst 4500 Switch
combined mode 10-8
redundant mode 10-8
power management limitations in Catalyst 4500 Switch 10-9
power management mode
selecting 10-8
power management TLV 27-2, 27-8
power negotiation
through LLDP 27-10
Power-On-Self-Test diagnostics 60-10, 60-21
Power-On-Self-Test for Supervisor Engine V-10GE 60-15
power redundancy-mode command 10-12
power supplies
available power for Catalyst 4500 Switch 10-13
fixed 10-7
variable 10-7, 10-21
pre-authentication open access 40-9
pre-authentication open access. See port-based authentication.
preempt delay time, REP 20-5
primary edge port, REP 20-4
primary VLANs 39-2, 39-4
associating with secondary VLANs 39-14
configuring as a PVLAN 39-13
priority
overriding CoS of incoming frames 38-5
priority queuing, QoS on Sup 6-E 37-81
private VLAN
configure port security 43-15, 43-16
enabling DHCP Snooping 45-12
private VLANs
across multiple switches 39-4
and SVIs 39-9
benefits of 39-2
community ports 39-3
community VLANs 39-2, 39-3
default configuration 39-11
end station access to 39-2
isolated port 39-3
isolated VLANs 39-2, 39-3, 39-4
ports
community 39-3
isolated 39-3
promiscuous 39-4
primary VLANs 39-2, 39-4
promiscuous ports 39-4
secondary VLANs 39-2
subdomains 39-2
traffic in 39-8
privileged EXEC mode 2-5
privileges
changing default 3-23
configuring levels 3-23
exiting 3-24
logging in 3-24
promiscuous ports
configuring PVLAN 39-16
defined 39-4
setting mode 39-22
protocol timers 18-4
provider edge devices 36-2
pruning, VTP
See VTP pruning
pseudobridges
description 18-25
PVACL 45-20
PVID (port VLAN ID)
and 802.1X with voice VLAN ports 40-22
PVLAN promiscuous trunk port
configuring 39-10, 39-16, 39-20
PVLANs
802.1q support 39-13
across multiple switches 39-4
configuration guidelines 39-11
configure port security 43-15, 43-17, 43-19
configure port security in a wireless setting 43-34
configure port security over Layer 2 EtherChannel 43-34
configuring 39-10
configuring a VLAN 39-13
configuring promiscuous ports 39-16
host ports
configuring a Layer 2 interface 39-17
setting 39-22
overview 39-1
permitting routing, example 39-21
promiscuous mode
setting 39-22
setting
interface mode 39-22
Q
QoS
allocating bandwidth 37-52
and software processed packets 37-17
auto-QoS
configuration and defaults display 37-61
configuration guidelines 37-59
described 37-57
displaying 37-61
effects on NVRAM configuration 37-59
enabling for VoIP 37-60
basic model 37-6
burst size 37-28
classification 37-6 to 37-10
configuration guidelines 37-20
auto-QoS 37-59
configuring
auto-QoS 37-57
DSCP maps 37-54
dynamic buffer limiting 37-23
traffic shaping 37-53
trusted boundary 37-22
configuring UBRL 37-38
configuring VLAN-based on Layer 2 interfaces 37-48
creating named aggregate policers 37-27
creating policing rules 37-29
default auto configuration 37-58
default configuration 37-19
definitions 37-3
disabling on interfaces 37-36
enabling and disabling 37-47
enabling hierarchical policers 37-42
enabling on interfaces 37-36
enabling per-port per-VLAN 37-44
flowcharts 37-8, 37-13
IP phones
automatic classification and queueing 37-58
detection and trusted settings 37-22, 37-58
overview 37-2
overview of per-port per-VLAN 37-17
packet modification 37-17
port-based 37-48
priority 37-16
traffic shaping 37-17
transmit rate 37-53
trust states
trusted device 37-22
VLAN-based 37-48
See also COS; DSCP values; transmit queues
QoS active queue management
tracking queue length 37-15
QoS labels
definition 37-4
QoS mapping tables
CoS-to-DSCP 37-54
DSCP-to-CoS 37-56
policed-DSCP 37-55
types 37-15
QoS marking
description 37-5
QoS on Sup 6-E
Active Queue management via DBL 37-85
active queue management via DBL 37-79, 37-85
classification 37-67
configuring 37-64
configuring the policy map marking action 37-74
hardware capabilities for marking 37-74
how to implement policing 37-69
marking action drivers 37-72
marking network traffic 37-69
MQC-based QoS configuration 37-64
multi-attribute marking support 37-73
platform hardware capabilities 37-67
platform restrictions 37-69
platform-supported classification criteria and QoS features 37-64, 37-66
policing 37-68
policy associations 37-86
prerequisites for applying a service policy 37-67
priority queuing 37-81
queue-limiting 37-83
restrictions for applying a service policy 37-67
shaping 37-77
sharing(bandwidth) 37-79
sharing(blandwidth), shapring, and priority queuing 37-76
software QoS 37-88
traffic marking procedure flowchart 37-72
QoS policers
burst size 37-28
types of 37-10
QoS policing
definition 37-5
described 37-6, 37-10
QoS policy
attaching to interfaces 37-12
overview of configuration 37-29
QoS service policy
prerequisites 37-67
restrictions for applying 37-67
QoS transmit queues
allocating bandwidth 37-52
burst 37-17
configuring traffic shaping 37-53
mapping DHCP values to 37-52
maximum rate 37-17
overview 37-15
sharing link bandwidth 37-16
QoS transmit queues, configuring 37-51
Quality of service
See QoS
queueing 37-6, 37-15
queue-limiting, QoS on Sup 6-E 37-83
R
RADIUS
attributes
vendor-proprietary 40-107
vendor-specific 40-105
change of authorization 40-91
configuring
accounting 40-104
authentication 40-99
authorization 40-103
communication, global 40-97, 40-105
communication, per-server 40-96, 40-97
multiple UDP ports 40-97
default configuration 40-96
defining AAA server groups 40-101
displaying the configuration 40-109
identifying the server 40-96
limiting the services to the user 40-103
method list, defined 40-96
operation of 40-90
server load balancing 40-109
suggested network environments 40-89
tracking services accessed by user 40-104
understanding 40-89
RADIUS, controlling switch access with 40-89
RADIUS Change of Authorization 40-91
RADIUS server
configure to-Switch communication 40-32
configuring settings 40-33
parameters on the switch 40-32
RA Guard
configuring 47-44
deployment 47-43
examples 47-44
introduction 47-42
usage guidelines 47-45
range command 6-4
range macros
defining 6-10
ranges of interfaces
configuring 6-4
Rapid Spanning Tree
See RSTP
rcommand command 12-13
re-authentication of a client
configuring manual 40-88
enabling periodic 40-76
redirect URLs, port-based authentication 40-20
reduced MAC address 18-2
redundancy
configuring 8-7
guidelines and restrictions 8-5
changes made through SNMP 8-11
NSF-aware support 9-2
NSF-capable support 9-2
overview 8-2
redundancy command 8-7
understanding synchronization 8-4
redundancy (NSF) 9-1
configuring
BGP 9-12
CEF 9-11
EIGRP 9-17
IS-IS 9-14
OSPF 9-13
routing protocols 9-5
redundancy (RPR)
route processor redundancy 8-3
synchronization 8-5
redundancy (SSO)
redundancy command 9-10
route processor redundancy 8-3
synchronization 8-5
reload command 3-28, 3-29
Remote Authentication Dial-In User Service
See RADIUS
remote failure indications 55-19
remote loopback, Ethernet OAM 55-20, 55-22
Remote Network Monitoring
See RMON
rendezvous point, configuring 33-17
rendezvous point, configuring single static 33-21
REP
administrative VLAN 20-8
administrative VLAN, configuring 20-8
and STP 20-5
configuration guidelines 20-7
configuring interfaces 20-9
convergence 20-4
default configuration 20-7
manual preemption, configuring 20-12
monitoring 20-13
neighbor offset numbers 20-4
open segment 20-2
ports 20-6
preempt delay time 20-5
primary edge port 20-4
ring segment 20-2
secondary edge port 20-4
segments 20-1
characteristics 20-2
SNMP traps, configuring 20-13
supported interfaces 20-1
triggering VLAN load balancing 20-5
verifying link integrity 20-3
VLAN blocking 20-12
VLAN load balancing 20-4
replication
description 33-9
report suppression, IGMP
disabling 24-10
reserved-range VLANs
See VLANs
reset command 62-3
resetting an interface to default configuration 6-34
resetting a switch to defaults 3-32
Resilient Ethernet ProtocolLSee REP
responder, IP SLAs
described 58-4
enabling 58-8
response time, measuring with IP SLAs 58-5
restricting access
NTP services 4-8
RADIUS 40-89
TACACS+ 3-15
retransmission number
setting in 802.1X authentication 40-81
retransmission time
changing in 802.1X authentication 40-80
RFC
1157, SNMPv1 53-2
1305, NTP 4-2
1757, RMON 59-2
1901, SNMPv2C 53-2
1902 to 1907, SNMPv2 53-2
2273-2275, SNMPv3 53-2
RFC 5176 Compliance 40-91
RIP
description 1-13
for IPv6 47-6
RMON
default configuration 59-3
displaying status 59-6
enabling alarms and events 59-3
groups supported 59-2
overview 59-1
ROM monitor
boot process and 3-26
CLI 2-7
commands 62-2 to 62-3
debug commands 62-5
entering 62-1
exiting 62-6
overview 62-1
root bridge
configuring 18-9
selecting in MST 18-22
root guard
and MST 18-23
enabling 21-2
overview 21-2
routed packets
ACLs 47-33
route-map (IP) command 35-6
route maps
defining 35-6
PBR 35-2
router ACLs
description 47-3
using with VLAN maps 47-31
router ACLs, using PACL with VLAN maps 47-39
route targets
VPN 36-3
Routing Information Protocol
See RIP
RPF
<Emphasis>See Unicast RPF
RSPAN
configuration guidelines 51-16
destination ports 51-5
IDS 51-2
monitored ports 51-4
monitoring ports 51-5
received traffic 51-3
sessions
creating 51-17
defined 51-3
limiting source traffic to specific VLANs 51-23
monitoring VLANs 51-22
removing source (monitored) ports 51-21
specifying monitored ports 51-17
source ports 51-4
transmitted traffic 51-4
VLAN-based 51-5
RSTP
compatibility 18-23
description 18-22
port roles 18-24
port states 18-24
S
SAID
See 802.10 SAID
scheduling 37-15
defined 37-5
overview 37-6
scheduling, IP SLAs operations 58-6
secondary edge port, REP 20-4
secondary root switch 18-12
secondary VLANs 39-2
associating with primary 39-14
permitting routing 39-21
security
configuring 44-1
Security Association Identifier
See 802.10 SAID
selecting a power management mode 10-8
selecting X2/TwinGig Convertor Mode 6-14
sequence numbers in log messages 52-7
server IDs
description 57-23
service policy, configure class-level queue-limit 37-83
service-policy command 37-29
service-policy input command 29-2, 37-36
service-provider networks
and customer VLANs 25-2
set default interface command 35-7
set interface command 35-7
set ip default next-hop command 35-7
set ip next-hop command 35-6
set-request operation 53-4
severity levels, defining in system messages 52-8
shaping, QoS on Sup 6-E 37-77
sharing(bandwidth), QoS on Sup 6-E 37-79
Shell functions
See Auto SmartPorts macros
See Auto Smartports macros
Shell triggers
See Auto SmartPorts macros
See Auto Smartports macros
show adjacency command 31-9
show boot command 3-31
show catalyst4000 chassis-mac-address command 18-3
show cdp command 26-2, 26-3
show cdp entry command 26-4
show cdp interface command 26-3
show cdp neighbors command 26-4
show cdp traffic command 26-4
show ciscoview package command 4-39
show ciscoview version command 4-39
show cluster members command 12-13
show configuration command 6-19
show debugging command 26-4
show environment command 10-2
show history command 2-4
show interfaces command 6-25, 6-26, 6-30, 6-32, 6-33
show interfaces status command 7-2
show ip cache flow aggregation destination-prefix command 54-12
show ip cache flow aggregation prefix command 54-12
show ip cache flow aggregation source-prefix command 54-12
show ip cache flow command 54-9
show ip cef command 31-8
show ip eigrp interfaces command 30-19
show ip eigrp neighbors command 30-19
show ip eigrp topology command 30-19
show ip eigrp traffic command 30-19
show ip interface command 33-24
show ip local policy command 35-8
show ip mroute command 33-24
show ip pim interface command 33-24
show l2protocol command 25-18
show lldp traffic command 27-14
show mac-address-table address command 7-3
show mac-address-table interface command 7-3
show mls entry command 31-8
show module command 7-1, 18-6
show PoE consumed 11-8
show power inline command 11-7
show power inline consumption command 11-5
show power supplies command 10-12
show protocols command 6-30
show running-config command
adding description for an interface 6-19
checking your settings 3-9
displaying ACLs 47-26, 47-28, 47-37, 47-38
show startup-config command 3-10
show users command 7-7
show version command 3-29
shutdown, command 6-31
shutdown threshold for Layer 2 protocol packets 25-16
shutting down
interfaces 6-31
Simple Network Management Protocol
See SNMP
single-host mode 40-8
single spanning tree
See SST
single static RP, configuring 33-21
slot numbers, description 6-2
smart call home 57-1
description 57-2
destination profile (note) 57-5
registration requirements 57-3
service contract requirements 57-3
Transport Gateway (TG) aggregation point 57-2
SMARTnet
smart call home registration 57-3
Smartports macros
applying Cisco-default macros 16-15
applying global parameter values 16-9, 16-15, 16-16
applying macros 16-9
applying parameter values 16-9
configuration guidelines 16-6, 16-15
configuring 16-2
creating 16-8
default configuration 16-4, 16-14
defined 1-6, 16-1
displaying 16-14
tracing 16-7, 16-15
SMNP traps, and CFM 55-7
SNMP
accessing MIB variables with 53-4
agent
described 53-4
disabling 53-7
and IP SLAs 58-3
authentication level 53-10
community strings
configuring 53-7
overview 53-4
configuration examples 53-15
configuration guidelines 53-6
default configuration 53-5
enabling 63-4, 63-5
engine ID 53-6
groups 53-6, 53-9
host 53-6
informs
and trap keyword 53-11
described 53-5
differences from traps 53-5
enabling 53-14
limiting access by TFTP servers 53-15
limiting system log messages to NMS 52-9
manager functions 53-3
notifications 53-5
overview 53-1, 53-4
status, displaying 53-16
system contact and location 53-14
trap manager, configuring 53-13
traps
described 53-3, 53-5
differences from informs 53-5
enabling 53-11
enabling MAC address notification 4-22
enabling MAC move notification 4-24
enabling MAC threshold notification 4-26
overview 53-1, 53-4
types of 53-11
users 53-6, 53-9
versions supported 53-2
SNMP commands 63-4
SNMP traps
REP 20-13
SNMPv1 53-2
SNMPv2C 53-2
SNMPv3 53-2
software
upgrading 8-12
software configuration register 3-26
software QoS, on Sup 6-E 37-88
software switching
description 31-5
interfaces 31-6
key data structures used 33-8
source IDs
call home event format 57-22
SPAN
and ACLs 51-5
configuration guidelines 51-7
configuring 51-7 to 51-10
destination ports 51-5
IDS 51-2
monitored port, defined 51-4
monitoring port, defined 51-5
received traffic 51-3
sessions
defined 51-3
source ports 51-4
transmitted traffic 51-4
VLAN-based 51-5
SPAN and RSPAN
concepts and terminology 51-3
default configuration 51-6
displaying status 51-25
overview 51-1
session limits 51-6
SPAN enhancements
access list filtering 51-13
configuration example 51-16
CPU port sniffing 51-10
encapsulation configuration 51-12
ingress packets 51-12
packet type filtering 51-15
spanning-tree backbonefast command 21-16
spanning-tree cost command 18-15
spanning-tree guard root command 21-2
spanning-tree portfast bpdu-guard command 21-9
spanning-tree portfast command 21-7
spanning-tree port-priority command 18-13
spanning-tree uplinkfast command 21-13
spanning-tree vlan
command 18-9
command example 18-9
spanning-tree vlan command 18-8
spanning-tree vlan cost command 18-16
spanning-tree vlan forward-time command 18-19
spanning-tree vlan hello-time command 18-18
spanning-tree vlan max-age command 18-18
spanning-tree vlan port-priority command 18-13
spanning-tree vlan priority command 18-17
spanning-tree vlan root primary command 18-10
spanning-tree vlan root secondary command 18-12
speed
configuring interface 6-17
speed command 6-18
SSO
configuring 9-10
SSO operation 9-4
SST
description 18-22
interoperability 18-24
static ACL, removing the requirement 47-35
static addresses
See addresses
static routes
configuring 3-11
verifying 3-12
statistics
802.1X 42-15
displaying 802.1X 40-109
displaying PIM 33-28
LLDP 27-13
LLDP-MED 27-13
NetFlow accounting 54-9
SNMP input and output 53-16
sticky learning
configuration file 43-6
defined 43-5
disabling 43-6
enabling 43-5
saving addresses 43-6
sticky MAC addresses
configuring 43-8
defined 43-4
Storm Control
displaying 50-8
enabling Broadcast 50-3
enabling Multicast 50-4
hardware-based, implementing 50-2
overview 50-1
software-based, implementing 50-3
STP
and REP 20-5
bridge ID 18-2
configuring 18-7 to 18-20
creating topology 18-5
defaults 18-7
disabling 18-20
enabling 18-8
enabling extended system ID 18-9
enabling Per-VLAN Rapid Spanning Tree 18-20
EtherChannel guard
disabling 21-7
forward-delay time 18-19
hello time 18-17
Layer 2 protocol tunneling 25-13
maximum aging time 18-18
overview 18-1, 18-3
per-VLAN rapid spanning tree 18-6
port cost 18-15
port priority 18-13
root bridge 18-9
stratum, NTP 4-2
stub routing (EIGRP)
benefits 30-17
configuration tasks 30-18
configuring 30-14
overview 30-13, 30-14
restrictions 30-17
verifying 30-18
subdomains, private VLAN 39-2
summer time 4-13
supervisor engine
accessing the redundant 8-14
configuring 3-8 to 3-13
copying files to standby 8-14
default configuration 3-1
default gateways 3-11
environmental monitoring 10-1
redundancy 9-1
ROM monitor 3-26
startup configuration 3-25
static routes 3-11
synchronizing configurations 8-10
Supervisor Engine II-TS
insufficient inline power handling 10-19, 11-12
Smartports macros
See also Auto Smartports macros
SVI Autostate Exclude
understanding 30-3
SVI Autostate exclude
configuring 30-7
S-VLAN 1-2, 25-7
switch 47-2
switch access with RADIUS, controlling 40-89
switched packets
and ACLs 47-32
Switched Port Analyzer
See SPAN
switching, NetFlow
checking for required hardware 54-6
configuration (example) 54-13
configuring switched IP flows 54-8
enabling Collection 54-7
exporting cache entries 54-9
switchport
show interfaces 6-25, 6-26, 6-32, 6-33
switchport access vlan command 15-6, 15-8
switchport block multicast command 49-2
switchport block unicast command 49-2
switchport mode access command 15-8
switchport mode dot1q-tunnel command 25-6
switchport mode dynamic command 15-6
switchport mode trunk command 15-6
switch ports
See access ports
switchport trunk allowed vlan command 15-6
switchport trunk encapsulation command 15-6
switchport trunk encapsulation dot1q command 15-3
switchport trunk encapsulation isl command 15-3
switchport trunk encapsulation negotiate command 15-3
switchport trunk native vlan command 15-6
switchport trunk pruning vlan command 15-7
switch-to-RADIUS server communication
configuring 40-32
sysret command 62-5
system
reviewing configuration 3-10
settings at startup 3-27
system alarms
on Sup 2+ to V-10GE 10-5
on Sup 6-E 10-5
overview 10-4
system and network statistics, displaying 33-24
system capabilities TLV 27-2
system clock
configuring
daylight saving time 4-13
manually 4-11
summer time 4-13
time zones 4-12
displaying the time and date 4-12
overview 4-2
See also NTP
system description TLV 27-2
system images
loading from Flash memory 3-30
modifying boot field 3-27
specifying 3-30
system message logging
default configuration 52-3
defining error message severity levels 52-8
disabling 52-4
displaying the configuration 52-12
enabling 52-4
facility keywords, described 52-12
level keywords, described 52-9
limiting messages 52-9
message format 52-2
overview 52-1
sequence numbers, enabling and disabling 52-7
setting the display destination device 52-5
synchronizing log messages 52-6
timestamps, enabling and disabling 52-7
UNIX syslog servers
configuring the daemon 52-10
configuring the logging facility 52-11
facilities supported 52-12
system MTU
802.1Q tunneling 25-5
maximums 25-5
system name
manual configuration 4-15
See also DNS
system name TLV 27-2
system prompt, default setting 4-14
T
TACACS+ 44-1
accounting, defined 3-16
authentication, defined 3-16
authorization, defined 3-16
configuring
accounting 3-21
authentication key 3-18
authorization 3-21
login authentication 3-19
default configuration 3-18
displaying the configuration 3-22
identifying the server 3-18
limiting the services to the user 3-21
operation of 3-17
overview 3-15
tracking services accessed by user 3-21
tagged packets
802.1Q 25-3
Layer 2 protocol 25-13
TCAM programming algorithm
changing 47-9
TCAM programming algorithm, overview 47-8
TCAM programming and ACLs 47-11, 47-13
for Sup II-Plust thru V-10GE 47-7
TCAM programming and ACLs for Sup 6-E 47-15
TCAM region, changing the algorithm 47-9
TCAM region, resizing 47-11
TDR
checking cable connectivity 7-3
enabling and disabling test 7-3
guidelines 7-3
Telnet
accessing CLI 2-2
disconnecting user sessions 7-7
executing 7-6
monitoring user sessions 7-6
telnet command 7-6
templates, Ethernet OAM 55-29
Terminal Access Controller Access Control System Plus
See TACACS+
TFTP
configuration files in base directory 3-5
configuring for autoconfiguration 3-4
limiting access by servers 53-15
TFTP download
See also console download
threshold monitoring, IP SLAs 58-6
time
See NTP and system clock
Time Domain Reflectometer
See TDR
time exceeded messages 7-9
timer
See login timer
timestamps in log messages 52-7
time zones 4-12
TLV
host presence detection 40-9
TLVs
defined 1-4, 27-2
LLDP-MED 27-2
Token Ring
media not supported (note) 13-5, 13-10
Topology change notification processing
MLD Snooping
Topology change notification processing 24-4
TOS
description 37-4
trace command 7-9
traceroute
See IP traceroute
See Layer 2 Traceroute
traceroute mac command 7-11
traceroute mac ip command 7-11
traffic
blocking flooded 49-2
traffic control
using ACLs (figure) 47-4
using VLAN maps (figure) 47-6
traffic marking procedure flowchart 37-72
traffic shaping 37-17
translational bridge numbers (defaults) 13-5
transmit queues
See QoS transmit queues
transmit rate 37-53
traps
configuring MAC address notification 4-22
configuring MAC move notification 4-24
configuring MAC threshold notification 4-26
configuring managers 53-11
defined 53-3
enabling 4-22, 4-24, 4-26, 53-11
notification types 53-11
overview 53-1, 53-4
troubleshooting
with CiscoWorks 53-4
with system message logging 52-1
with traceroute 7-9
troubleshooting high CPU due to ACLs 47-12
trunk failover
See link-state tracking
trunk ports
configure port security 43-18
configuring PVLAN 39-18 to 39-19
trunks
802.1Q restrictions 15-5
configuring 15-6
configuring access VLANs 15-6
configuring allowed VLANs 15-6
default interface configuration 15-6
different VTP domains 15-3
enabling to non-DTP device 15-4
encapsulation 15-3
specifying native VLAN 15-6
understanding 15-3
trusted boundary for QoS 37-22
trustpoint 57-3
Trust State of interfaces, configuring
trust states
configuring 37-49
tunneling
defined 25-1
tunnel ports
802.1Q, configuring 25-6
described 25-2
incompatibilities with other features 25-5
TwinGig Convertors
limitations on using 6-14
port numbering 6-13
selecting X2/TwinGig Convertor mode 6-14
type length value
See TLV
type of service
See TOS
U
UDLD
configuring probe message interval per-interface 28-8
default configuration 28-4
disabling on fiber-optic interfaces 28-7
disabling on non-fiber-optic interfaces 28-7
displaying link status 28-9
enabling globally 28-5
enabling per-interface 28-6
modes of operation 28-3
resetting disabled LAN interfaces 28-8
use case 28-2
UDLD, overview 28-1
UDP jitter, configuring 58-9
UDP jitter operation, IP SLAs 58-9
unauthorized ports with 802.1X 40-5
unicast
See IP unicast
unicast flood blocking
configuring 49-1
unicast MAC address filtering
and adding static addresses 4-29
and broadcast MAC addresses 4-29
and CPU packets 4-29
and multicast addresses 4-29
and router MAC addresses 4-29
configuration guidelines 4-29
described 4-28
unicast MAC address filtering, configuring
ACLs
configuring unicast MAC address filtering 47-19
Unicast RPF (Unicast Reverse Path Forwarding)
applying 32-5
BGP attributes
caution 32-4
CEF
requirement 32-2
tables 32-7
configuring 32-9
(examples) ?? to 32-12
BOOTP 32-8
DHCP 32-8
enterprise network (figure) 32-6
prerequisites 32-9
routing table requirements 32-7
tasks 32-9
verifying 32-10
deploying 32-5
description 32-2
disabling 32-11
enterprise network (figure) 32-6
FIB 32-2
implementing 32-4
packets, dropping (figure) 32-4
prerequisites 32-9
restrictions
basic 32-8
routing asymmetry 32-7
routing asymmetry (figure) 32-8
routing table requirements 32-7
security policy
applying 32-5
attacks, mitigating 32-5
deploying 32-5
tunneling 32-5
source addresses, validating 32-3
(figure) 32-3, 32-4
failure 32-3
traffic filtering 32-5
tunneling 32-5
validation
failure 32-3, 32-4
packets, dropping 32-3
source addresses 32-3
verifying 32-10
unicast traffic
blocking 49-2
Unidirectional Controlled Port, configuring 802.1X 40-62
unidirectional ethernet
enabling 29-2
example of setting 29-2
overview 29-1
UniDirectional Link Detection Protocol
See UDLD
UNIX syslog servers
daemon configuration 52-10
facilities supported 52-12
message logging configuration 52-11
UplinkFast
and MST 18-23
enabling 21-16
MST and 18-23
overview 21-11
User Based Rate Limiting
configuring 37-39
overview 37-38
user-defined event triggers
configuring, 802.1X-based 17-7
configuring, MAC address-based 17-8
User-defined triggers and built-in macros, configuring mapping 17-9
user EXEC mode 2-5
user sessions
disconnecting 7-7
monitoring 7-6
V
VACLs
Layer 4 port operations 47-16
virtual configuration register 62-3
virtual LANs
See VLANs
Virtual Private Network
See VPN
Virtual Switch System(VSS), displaying EtherChannel to 22-14
VLAN ACLs
See VLAN maps
VLAN-based QoS on Layer 2 interfaces, configuring 37-48
VLAN blocking, REP 20-12
vlan command 13-6
vlan dot1q tag native command 25-4
VLAN ID
service provider 25-9
VLAN ID, discovering 4-35
VLAN ID translation
See VLAN mapping
VLAN load balancing
REP 20-4
VLAN load balancing, triggering 20-5
VLAN load balancing on flex links 19-2
configuration guidelines 19-5
VLAN Management Policy Server
See VMPS
VLAN mapping
1-to-1 25-8
1-to-1, configuring 25-11
configuration guidelines 25-10
configuring 25-11
configuring on a trunk port 25-10
default 25-9
described 1-2, 25-7
selective QinQ 25-8
selective Q-in-Q, configuring 25-12
traditional QinQ 25-8
traditional Q-in-Q, configuring 25-12
types of 25-8
VLAN maps
applying to a VLAN 47-28
configuration example 47-29
configuration guidelines 47-25
configuring 47-24
creating and deleting entries 47-25
defined 47-3
denying access example 47-30
denying packets 47-26
displaying 47-31
order of entries 47-25
permitting packets 47-26
router ACLs and 47-31
using (figure) 47-5
using in your network 47-28
VLAN maps, PACL and Router ACLs 47-39
VLANs
allowed on trunk 15-6
configuration guidelines 13-3
configuring 13-5
configuring as Layer 3 interfaces 30-7
customer numbering in service-provider networks 25-3
default configuration 13-4
description 1-8
extended range 13-3
IDs (default) 13-5
interface assignment 13-7
limiting source traffic with RSPAN 51-23
monitoring with RSPAN 51-22
name (default) 13-5
normal range 13-3
overview 13-1
reserved range 13-3
See also PVLANs
VLAN Trunking Protocol
See VTP
VLAN trunks
overview 15-3
VLAN User Distribution, configuring 802.1X 40-64
VMPS
configuration file example 13-32
configuring dynamic access ports on client 13-25
configuring retry interval 13-27
database configuration file 13-32
dynamic port membership
example 13-29
reconfirming 13-26
reconfirming assignments 13-26
reconfirming membership interval 13-26
server overview 13-21
VMPS client
administering and monitoring 13-28
configure switch
configure reconfirmation interval 13-26
dynamic ports 13-25
entering IP VMPS address 13-24
reconfirmation interval 13-27
reconfirm VLAM membership 13-26
default configuration 13-24
dynamic VLAN membership overview 13-23
troubleshooting dynamic port VLAN membership 13-29
VMPS server
fall-back VLAN 13-23
illegal VMPS client requests 13-23
overview 13-21
security modes
multiple 13-22
open 13-22
secure 13-22
voice interfaces
configuring 38-1
Voice over IP
configuring 38-1
voice ports
configuring VVID 38-3
voice traffic 11-2, 38-5
voice VLAN
IP phone data traffic, described 38-2
IP phone voice traffic, described 38-2
Voice VLAN, configure 802.1X 40-69
voice VLAN ports
using 802.1X 40-22
VPN
configuring routing in 36-12
forwarding 36-3
in service provider networks 36-1
routes 36-2
routing and forwarding table
See VRF
VRF
defining 36-3
tables 36-1
VRF-aware services
ARP 36-6, 36-9
configuring 36-6
ftp 36-8
ping 36-6
SNMP 36-7
syslog 36-8
tftp 36-8
traceroute 36-8
uRPF 36-7
VRF-lite
description 1-17
VTP
client, configuring 13-16
configuration guidelines 13-12
default configuration 13-13
disabling 13-16
Layer 2 protocol tunneling 25-13
monitoring 13-19
overview 13-8
pruning
configuring 13-15
See also VTP version 2
server, configuring 13-16
statistics 13-19
transparent mode, configuring 13-16
version 2
enabling 13-15
VTP advertisements
description 13-9
VTP domains
description 13-8
VTP modes 13-9
VTP pruning
overview 13-11
VTP versions 2 and 3
overview 13-9
See also VTP
VTY and Network Assistant 12-12
VVID (voice VLAN ID)
and 802.1X authentication 40-22
configuring 38-3
W
WCCP
configuration examples 61-9
configuring on a router 61-2, 61-10
features 61-4
restrictions 61-5
service groups 61-6
web-based authentication
AAA fail policy 42-4
authentication proxy web pages 42-4
description 1-29, 40-15, 42-1
web-based authentication, interactions with other features 42-4
Web Cache Communication Protocol
See WCCP 61-1
web caches
See cache engines
web cache services
description 61-4
web caching
See web cache services
See also WCCP
web scaling 61-1