- Book Index
- Preface
- Product Overview
- Command-Line Interfaces
- Configuring the Switch for the First Time
- Administering the Switch
- Configuring the Cisco IOS In-Service Software Upgrade Process
- Configuring the Cisco IOS XE In Service Software Upgrade Process
- Configuring Interfaces
- Checking Port Status and Connectivity
- Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 6-E and 6L-E
- Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E and 7L-E
- Configuring Cisco NSF with SSO Supervisor Engine Redundancy
- Environmental Monitoring and Power Management
- Configuring Power over Ethernet
- Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant
- Configuring VLANs, VTP, and VMPS
- Configuring IP Unnumbered Interface
- Configuring Layer 2 Ethernet Interfaces
- Configuring SmartPort Macros
- Configuring Auto SmartPort Macros
- Configuring STP and MST
- Configuring Flex Links and MAC Address-Table Move Update
- Configuring Resilient Ethernet Protocol
- Configuring Optional STP Features
- Configuring EtherChannel and Link State Tracking
- Configuring IGMP Snooping and Filtering
- Configuring IPv6 MLD Snooping
- Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling
- Configuring CDP
- Configuring LLDP, LLDP-MED, and Location Service
- Configuring UDLD
- Configuring Unidirectional Ethernet
- Configuring Layer 3 Interfaces
- Configuring Cisco Express Forwarding
- Configuring Unicast Reverse Path Forwarding
- Configuring IP Multicast
- Configuring ANCP Client
- Configuring Bidirectional Forwarding Detection
- Configuring Policy-Based Routing
- Configuring VRF-lite
- Configuring Quality of Service
- Configuring Voice Interfaces
- Configuring Private VLANs
- Configurig MACsec Encryption
- Configuring 802.1X Port-Based Authentication
- Configuring the PPPoE Intermediate Agent
- Configuring Web-Based Authentication
- Configuring Port Security
- Configuring Control Plane Policing and Layer 2 Control Packet QoS
- Configuring Dynamic ARP Inspection
- Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts
- Configuring Network Security with ACLs
- Support for IPv6
- Port Unicast and Multicast Flood Blocking
- Configuring Storm Control
- Configuring SPAN and RSPAN
- Configuring Wireshark
- Configuring Enhanced Object Tracking
- Configuring System Message Logging
- Configuring OBFL
- Configuring SNMP
- Configuring Netflow-lite
- Configuring Flexible NetFlow
- Configuring Ethernet OAM and CFM
- Configuring Y.1731 (AIS and RDI)
- Configuring Call Home
- Configuring Cisco IOS IP SLA Operations
- Configuring RMON
- Performing Diagnostics
- Configuring WCCP Version 2 Services
- Configuring MIB Support
- ROM Monitor
- Acronyms and Abbreviations
Index
Numerics
10/100 autonegotiation feature, forced 7-20
10-Gigabit Ethernet or Gigabit Ethernet ports
deploy on WS-X4606-10GE-E and Sup 6-E 7-13
10-Gigabit Ethernet port
deploy with Gigabit Ethernet SFP ports 7-12, 7-13
1400 W DC Power supply
special considerations 12-18
1400 W DC SP Triple Input power supply
special considerations 12-19
802.10 SAID (default) 15-5
802.1AE
standard 43-2
802.1Q
trunks 20-6
tunneling
compatibility with other features 27-5
defaults 27-3
described 27-2
tunnel ports with other features 27-6
802.1Q VLANs
trunk restrictions 17-4
802.1s
802.1w
802.1X
802.1X authentication
Authentication Failed VLAN assignment 44-17
for Critical Authentication 44-14
for guest VLANs 44-11
for MAC Authentication Bypass 44-12
for Unidirectional Controlled Port 44-15
VLAN User Distribution 44-16
web-based authentication 44-14
with port security 44-19
with VLAN assignment 44-10
with voice VLAN ports 44-22
802.1X Host Mode 44-6
multiauthentication mode 44-8
multidomain authentication mode 44-7
single-host 44-7
802.1x-REV 43-2
802.3ad
A
AAA (authentication, authorization, and accounting). See also port-based authentication. 46-2
abbreviating commands 2-5
about Wireshark 56-1
access control entries
access-group mode, configuring on Layer 2 interface 51-31
access-group mode, using PACL with 51-30
access list filtering, SPAN enhancement 55-13
access lists
using with WCCP 69-8
access ports
and Layer 2 protocol tunneling 27-15
configure port security 47-7, 47-22
configuring 17-7
access VLANs 17-5
accounting
with RADIUS 44-108
ACEs
ACLs 51-2
Layer 4 operation restrictions 51-10
ACL assignments, port-based authentication 44-20
ACL assignments and redirect URLs, configure 44-38
ACL configuration, displaying a Layer 2 interface 51-32
ACLs
ACEs 51-2
and SPAN 55-5
and TCAM programming for Sup 6-E 51-10
and TCAM programming for Sup II-Plus thru V-10GE 51-6
applying IPv6 ACLs to a Layer 3 interface 51-17
applying on routed packets 51-26
applying on switched packets 51-25
compatibility on the same switch 51-3
configuring with VLAN maps 51-25
CPU impact 51-12
downloadable 46-7
hardware and software support 51-6
IP, matching criteria for port ACLs 51-4
MAC extended 51-14
matching criteria for router ACLs 51-3
port
and voice VLAN 51-4
defined 51-3
processing 51-12
selecting mode of capturing control packets 51-7
troubleshooting high CPU 51-6
types supported 51-3
understanding 51-2
VLAN maps 51-5
ACLs, applying to a Layer 2 interface 51-31
ACLs and VLAN maps, examples 51-19
acronyms, list of A-1
action drivers, marking 40-20
activating and deactivating a capture point, Wireshark 56-10
activating and deactivating Wiresharkcapture points, conceptual, Wireshark 56-6
active queue management 40-9
active queue management via DBL, QoS on Sup 6-E 40-33
active traffic monitoring, IP SLAs 66-1
adding members to a community 14-9
addresses
displaying the MAC table 4-37
dynamic
changing the aging time 4-23
defined 4-21
learning 4-22
removing 4-24
IPv6 52-2
MAC, discovering 4-37
static
adding and removing 4-29
defined 4-21
address resolution 4-37
adjacency tables
description 33-2
displaying statistics 33-9
administrative VLAN
REP, configuring 22-9
administrative VLAN, REP 22-8
advertisements
advertisements, VTP
aggregation switch, enabling DHCP snooping 50-9
aging time
MAC address table 4-23
All Auth manager sessions, displaying summary 44-114
All Auth manager sessions on the switch authorized for a specified authentication method 44-115
ANCP client
enabling and configuring 36-2
guidelines and restrictions 36-5
identify a port with DHCP option 82 36-4
identify a port with protocol 36-2
overview 36-1
ANCP protocol
identifying a port with 36-2
applying IPv6 ACLs to a Layer 3 interface 51-17
AQM via DBL, QoS on Sup 6-E 40-33
archiving crashfiles information 2-8
ARP
defined 4-37
table
address resolution 4-37
managing 4-37
asymmetrical links, and 802.1Q tunneling 27-3
attachment points, Wireshark 56-2
attributes, RADIUS
vendor-proprietary 44-111
vendor-specific 44-109
authentication
NTP associations 4-4
RADIUS
key 44-101
login 44-103
See also port-based authentication
TACACS+
defined 3-16
key 3-18
login 3-19
Authentication Failed, configuring 80.1X 44-68
Authentication methods registered with the Auth manager, determining 44-114
authentication open comand 44-8
authentication proxy web pages 46-4
authentication server
defined 44-3
RADIUS server 44-3
Auth manager session for an interface, verifying 44-115
Auth manager summary, displaying 44-114
authoritative time source, described 4-2
authorization
with RADIUS 44-107
authorized and unauthorized ports 44-5
authorized ports with 802.1X 44-5
autoconfiguration 3-2
automatic discovery
considerations 14-7
Auto-MDIX on a port
configuring 7-30
displaying the configuration 7-30
overview 7-29
autonegotiation feature
forced 10/100Mbps 7-20
Auto SmartPorts built-in macros
configuring parameters 19-6
Auto SmartPorts macros
built-in macros 19-5
configuration guidelines 19-5
default configuration 19-4
defined 19-1
displaying 19-13
enabling 19-4
Auto Smartports macros
defined 1-2
Auto SmartPorts user-defined macros
configuring 19-10
Auto SmartPorts macros
Auto Smartports macros
B
Baby Giants
interacting with 7-28
BackboneFast
adding a switch (figure) 23-3
and MST 20-23
configuring 23-15
link failure (figure) 23-14, 23-15
not supported MST 20-23
understanding 23-13
banners
configuring
login 4-20
message-of-the-day login 4-18
default configuration 4-18
when displayed 4-17
b command 71-3
BFD
and hardware support 37-7
configuration example
BFD in a BGP network 37-25
BFD in an EIGRP network with echo mode enabled by default 37-17
BFD in an OSPF network 37-21
support for static routing 37-27
configuring
Echo mode 37-14
session parameters on the interface 37-8
Slow timer 37-15
support for BGP 37-8
support for dynamic routing protocols 37-8
support for EIGRP 37-9
support for OSPF 37-10
support for static routing 37-13
disabling echo mode without asymmetry 37-16
monitoring and troubleshooting 37-16
neighbor relationships 37-3
operation 37-2
prerequisites 37-2
restrictions 37-2
b flash command 71-3
BGP 1-15
routing session with multi-VRF CE 39-12
blocking packets 53-1
blocking state (STP)
RSTP comparisons (table) 20-24
Boolean expressions in tracked lists 57-4
boot bootldr command 3-31
boot command 3-28
boot commands 71-3
boot fields
See configuration register boot fields
bootstrap program
boot system command 3-26, 3-31
boot system flash command 3-28
Border Gateway Protocol
boundary ports
description 20-27
BPDU Guard
and MST 20-23
configuring 23-15
overview 23-8
BPDUs
and media speed 20-2
pseudobridges and 20-25
what they contain 20-3
bridge ID
bridge priority (STP) 20-17
bridge protocol data units
Broadcast Storm Control
disabling 54-5
enabling 54-3
Built-in macros and user-defined triggers, configuring mapping 19-9
C
cache engine clusters 69-1
cache engines 69-1
cache farms
Call Home
message format options 65-2
messages
format options 65-2
call home 65-1
alert groups 65-6
configuring e-mail options 65-9
contact information 65-4
default settings 65-18
destination profiles 65-5
displaying information 65-14
mail-server priority 65-10
pattern matching 65-9
periodic notification 65-8
rate limit messages 65-9
severity threshold 65-8
smart call home feature 65-2
SMTP server 65-9
testing communications 65-10
call home alert groups
configuring 65-6
description 65-6
subscribing 65-7
call home contacts
assigning information 65-4
call home destination profiles
attributes 65-5
configuring 65-5
description 65-5
displaying 65-16
call home notifications
full-txt format for syslog 65-25
XML format for syslog 65-28
candidates
automatic discovery 14-7
candidate switch, cluster
defined 14-12
capture filter, Wireshark 56-3
capture points, Wireshark 56-2
Capturing control packets
selecting mode 51-7
cautions
Unicast RPF
BGP optional attributes 34-4
cautions for passwords
encrypting 3-22
CDP
automatic discovery in communities 14-7
configuration 28-2
defined with LLDP 29-1
displaying configuration 28-3
enabling on interfaces 28-3
host presence detection 44-8
Layer 2 protocol tunneling 27-13
maintaining 28-3
monitoring 28-3
cdp enable command 28-3
CEF
adjacency tables 33-2
and NSF with SSO 11-5
configuring load balancing 33-7
displaying statistics 33-8
hardware switching 33-4
load balancing 33-6
overview 33-2
software switching 33-4
certificate authority (CA) 65-3
CFM
and Ethernet OAM, configuring 63-51
and Ethernet OAM interaction 63-51
clearing 63-31
configuration guidelines 63-7, 64-4
configuring crosscheck for VLANs 63-11
configuring fault alarms 63-16
configuring port MEP 63-14
configuring static remote MEP 63-13, 63-16, 63-18
crosscheck 63-5
defined 63-2
EtherChannel support 63-7, 64-4
fault alarms
configuring 63-16
IP SLAs support for 63-6
IP SLAs with endpoint discovers 63-21
maintenance domain 63-2
manually configuring IP SLAs ping or jitter 63-19
measuring network performance 63-6
port MEP, configuring 63-14
remote MEPs 63-5
static RMEP, configuring 63-13, 63-16, 63-18
static RMEP check 63-5
Y.1731
described 63-27
CGMP
overview 25-1
Change of Authorization, RADIUS 44-94
channel-group group command 24-8, 24-10
Cisco 7600 series Internet router
Cisco Discovery Protocol
Cisco Express Forwarding
Cisco Group Management Protocol
Cisco IOS IP SLAs 66-2
Cisco IOS NSF-aware
support 11-2
Cisco IOS NSF-capable support 11-2
Cisco IP Phones
configuring 41-3
sound quality 41-1
Cisco TrustSec
credentials 43-10
switch-to-switch security
802.1x mode 43-11
configuration example 43-13
manual mode 43-12
Cisco TrustSec Network Device Admission Control
CiscoWorks 2000 60-4
CIST
description 20-22
civic location 29-3
class level, configure in a service policy 40-30
class of service
clear cdp counters command 28-4
clear cdp table command 28-3
clear counters command 7-35
clearing
Ethernet CFM 63-31
IP multicast table entries 35-27
clear ip eigrp neighbors command 32-19
CLI
accessing 2-2
backing out one level 2-5
getting commands 2-5
history substitution 2-4
managing clusters 14-13
modes 2-5
monitoring environments 55-1
ROM monitor 2-7
software basics 2-4
client processes, tracking 57-1
clients
in 802.1X authentication 44-3
clock
clustering switches
command switch characteristics
and VTY 14-12
convert to a community 14-10
managing
through CLI 14-13
overview 14-2
planning considerations
CLI 14-13
passwords 14-8
CoA Request Commands 44-97
command-line processing 2-3
command modes 2-5
commands
b 71-3
b flash 71-3
boot 71-3
confreg 71-3
dev 71-3
dir device 71-3
frame 71-5
i 71-3
listing 2-5
meminfo 71-5
reset 71-3
ROM monitor debugging 71-5
SNMP 70-4
sysret 71-5
command switch, cluster
requirements 14-11
common and internal spanning tree
common spanning tree
community of switches
access modes in Network Assistant 14-9
adding devices 14-9
communication protocols 14-8
community name 14-8
configuration information 14-9
converting from a cluster 14-10
host name 14-8
passwords 14-8
community ports 42-3
community strings
configuring 60-7
overview 60-4
configure as a PVLAN 42-15
compiling MIBs 70-4
config-register command 3-29
config terminal command 3-9
configurable leave timer,IGMP 25-4
configuration examples
SNMP 60-15
configuration files
limiting TFTP server access 60-15
obtaining with DHCP 3-6
saving 3-10
system contact and location information 60-14
configuration guidelines
Ethernet OAM 63-35
REP 22-7
SNMP 60-6
VLAN mapping 27-10
configuration register
boot fields
listing value 3-29
modifying 3-28
changing from ROM monitor 71-3
configuring 3-26
settings at startup 3-27
configure class-level queue-limit in a service policy 40-30
configure terminal command 3-29, 7-2
configuring access-group mode on Layer 2 interface 51-31
configuring flow control 7-22
configuring interface link and trunk status envents 7-36
configuring named IPv6 ACLs 51-16
configuring named MAC extended ACLs 51-14, 51-15
configuring unicast MAC address filtering 51-13
configuring VLAN maps 51-17
confreg command 71-3
Connectivity Fault Management
console configuration mode 2-5
console port
disconnecting user sessions 8-8
monitoring user sessions 8-7
contact information
assigning for call home 65-4
controlling switch access with RADIUS 44-92
Control Plane Policing
and Layer 2 Control packet QoS, configuration example 48-14
configuration guidelines and restrictions 48-8
configuring for control plane traffic 48-4
configuring for data plane and management plan traffic 48-5
defaults 48-4
general guidelines 48-3
monitoring 48-9
understanding 48-2
control protocol, IP SLAs 66-4
convergence
REP 22-4
copy running-config startup-config command 3-10
copy system:running-config nvram:startup-config command 3-32
core system filter, Wireshark 56-3
CoS
definition 40-3
figure 40-2
overriding on Cisco IP Phones 41-5
priority 41-5
counters
clearing MFIB 35-28
clearing on interfaces 7-35
CPU, impact of ACL processing 51-12
CPU port sniffing 55-10
crashfiles information, archiving 2-8
Critical Authentication
configure with 802.1X 44-60
CST
description 20-25
IST and 20-22
MST and 20-22
customer edge devices 39-2
D
database agent
configuration examples 50-15
enabling the DHCP Snooping 50-13
daylight saving time 4-13
debug commands, ROM monitor 71-5
decoding and displaying packets, Wireshark 56-5
default configuration
802.1X 44-27
banners 4-18
DNS 4-16
Ethernet OAM 63-35
IGMP filtering 25-20
IP SLAs 66-6
IPv6 52-7
Layer 2 protocol tunneling 27-16
LLDP 29-5
MAC address table 4-23
multi-VRF CE 39-3
NTP 4-4
private VLANs 42-12
RADIUS 44-100
REP 22-7
resetting the interface 7-38
RMON 67-3
SNMP 60-5
SPAN and RSPAN 55-6
system message logging 58-3
TACACS+ 3-18
VLAN mapping 27-9
Y.1731 63-29
default gateway
configuring 3-11
verifying configuration 3-11
default settings, erase commad 3-32
default web-based authentication configuration
802.1X 46-6
defining/modifying/deleting a capture point, Wireshark 56-8
denial-of-service attacks
IP address spoofing, mitigating 34-5
Unicast RPF, deploying 34-5
denying access to a server on another VLAN 51-23
deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports 7-12, 7-13
deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports on WS-X4606-10GE-E and Sup 6-E 7-13
description command 7-22
dev command 71-3
device discovery protocol 29-1
device IDs
DHCP
configuring
rate limit for incoming packets 50-13
denial-of-service attacks, preventing 50-13
rate limiting of packets
configuring 50-13
DHCP-based autoconfiguration
client request message exchange 3-3
configuring
client side 3-3
DNS 3-5
relay device 3-5
server-side 3-4
TFTP server 3-4
example 3-7
lease options
for IP address information 3-4
for receiving the configuration file 3-4
overview 3-2
relationship to BOOTP 3-3
DHCP option 82
identifying a port with 36-4
overview 50-4
DHCP Snooping
enabling, and Option 82 50-10
DHCP snooping
accepting untrusted packets form edge switch 50-10
configuring 50-6
default configuration 50-7
displaying binding tables 50-19
displaying configuration 50-19
displaying information 50-18
enabling 50-7
enabling on private VLAN 50-12
enabling on the aggregation switch 50-9
enabling the database agent 50-13
message exchange process 50-4
monitoring 50-23
option 82 data insertion 50-4
overview 50-1
Snooping database agent 50-2
DHCP Snooping Database Agent
adding to the database (example) 50-18
enabling (example) 50-15
overview 50-2
reading from a TFTP file (example) 50-17
Diagnostics
online 68-1
Power-On-Self-Test
causes of failure 68-20
how it works 68-10
overview 68-10
Power-On-Self-Test for Supervisor Engine V-10GE 68-13
Differentiated Services Code Point values
DiffServ architecture, QoS 40-2
Digital optical monitoring transceiver support 7-18
dir device command 71-3
disabled state
RSTP comparisons (table) 20-24
disabling
broadcast storm control 54-5
disabling multicast storm control 54-5
disconnect command 8-8
discovery, clusters
discovery, Ethernet OAM 63-34
display dection and removal events 13-7
display filter, Wireshark 56-4
displaying
Auth Manager sumary for an interface 44-114
MAB details 44-117
summary of all Auth manager sessions 44-114
summary of all Auth manager sessions on the switch authorized for a specified authentication method 44-115
displaying EtherChannel to a Virtual Switch System 24-16
displaying storm control 54-6
displaying Wireshark information 56-13
display PoE consumed by a module 13-8
display PoE detection and removal events 13-7
DNS
and DHCP-based autoconfiguration 3-5
default configuration 4-16
displaying the configuration 4-17
overview 4-15
setting up 4-16
domain names
DNS 4-15
Domain Name System
double-tagged packets
802.1Q tunneling 27-2
Layer 2 protocol tunneling 27-15
drop threshold for Layer 2 protocol packets 27-16
DSCP values
definition 40-4
IP precedence 40-2
duplex command 7-21
duplex mode
configuring interface 7-19
dynamic ARP inspection
ARP cache poisoning 49-2
configuring
ACLs for non-DHCP environments 49-11
in DHCP environments 49-5
log buffer 49-14
rate limit for incoming ARP packets 49-16
denial-of-service attacks, preventing 49-16
interface trust state, security coverage 49-3
log buffer
configuring 49-14
logging of dropped packets 49-4
overview 49-1
port channels, their behavior 49-5
priority of static bindings 49-4
purpose of 49-2
rate limiting of ARP packets 49-4
configuring 49-16
validation checks, performing 49-19
Dynamic Host Configuration Protocol snooping
dynamic port VLAN membership
example 15-29
limit on hosts 15-29
reconfirming 15-26
troubleshooting 15-29
E
EAP frames
changing retransmission time 44-82
exchanging (figure) 44-4, 44-6, 44-13
request/identity 44-4
response/identity 44-4
setting retransmission number 44-83
EAPOL frames
802.1X authentication and 44-3
OTP authentication, example (figure) 44-4, 44-13
start 44-4
Echo mode,configuring BFD 37-14
edge ports
description 20-27
EGP
overview 1-15
EIGRP
configuration examples 32-19
monitoring and maintaining 32-19
EIGRP (Enhanced IGRP)
stub routing
benefits 32-17
configuration tasks 32-18
configuring 32-14
overview 32-14
restrictions 32-17
verifying 32-18
EIGRP (enhanced IGRP)
overview 1-15
eigrp stub command 32-18
EIGRP stub routing, configuring 32-13
ELIN location 29-3
e-mail addresses
assigning for call home 65-4
e-mail notifications
Embedded CiscoView
displaying information 4-41
installing and configuring 4-38
overview 4-38
emergency alarms on Sup Engine 6-E systems 12-4
enable mode 2-5
encryption keying 43-2
encryption keys, MKA 43-2
Enhanced Interior Gateway Routing Protocol
enhanced object tracking
defined 57-1
IP routing state 57-2
line-protocol state 57-2
tracked lists 57-3
Enhanced PoE support on E-series 13-15
Enhanced PoE support on E-series,configuring Universal PoE 13-16
environmental monitoring
using CLI commands 12-1
EPM logging 44-117
errdisable recovery
configuring 13-14
EtherChannel
channel-group group command 24-8, 24-10
configuration guidelines 24-5
configuring Layer 2 24-10
configuring Layer 3 24-6
displaying to a virtual switch system 24-16
interface port-channel command 24-7
lacp system-priority
command example 24-13
modes 24-3
overview 24-2
PAgP
Understanding 24-3
physical interface configuration 24-7
port-channel interfaces 24-2
port-channel load-balance command 24-14
removing 24-15
removing interfaces 24-15
EtherChannel guard
disabling 23-6
enabling 23-6
overview 23-6
Ethernet management port
and routing 7-6
and routing protocols 7-6
configuring 7-10
default setting 7-6
for network management 1-26, 7-6
specifying 7-10
supported features 7-9
unsupported features 7-10
Ethernet management port, internal
and routing protocols 7-6
Ethernet Management Port, using 7-6
Ethernet OAM 63-34
and CFM interaction 63-51
configuration guidelines 63-35
configuring with CFM 63-51
default configuration 63-35
discovery 63-34
messages 63-34
protocol
defined 63-33
monitoring 63-49
remote failure indications 63-34
templates 63-45
Ethernet OAM protocol CFM notifications 63-51
Ethernet Remote Defect Indication (ETH-RDI) 63-28
event triggers, user-defined
configuring, 802.1X-based 19-8
configuring, MAC address-based 19-9
explicit host tracking
enabling 25-11
extended range VLANs
Extensible Authentication Protocol over LAN 44-2
Exterior Gateway Protocol
F
Fa0 port
Failure detection, using BFD 37-6
Fallback Authentication
configure with 802.1X 44-73
FastDrop
overview 35-10
fastethernet0 port
Fast UDLD
configuring probe message interval 30-8
default configuration 30-4
displaying link status 30-9
enabling globally 30-5
enabling on individual interface 30-7
enabling per-interface 30-6
modes of operation 30-3
resetting disabled LAN interfaces 30-8
use case 30-2
Fast UDLD, overview 30-1
feature interactions, Wireshark 56-6
FIB
description 33-2
fiber-optics interfaces
disabling UDLD 30-7
Filter-ID ACL and Per-User ACL, configureport-based authentication
configure Per-User ACL and Filter-ID ACL 44-44
filtering
in a VLAN 51-17
filters, Wireshark 56-3
flags 35-11
Flash memory
configuring router to boot from 3-31
loading system images from 3-30
security precautions 3-31
Flexible NetFlow
guidelines 62-1
Flex Links
configuration guidelines 21-6
configuring preferred VLAN 21-9
configuring VLAN load balancing 21-8
monitoring 21-12
flooded traffic, blocking 53-2
flowchart, traffic marking procedure 40-20
flow control, configuring 7-22
For 13-13
forward-delay time (STP)
configuring 20-19
forwarding information base
frame command 71-5
G
gateway
get-bulk-request operation 60-3
get-next-request operation 60-3, 60-4
get-request operation 60-3, 60-4
get-response operation 60-3
Gigabit Ethernet SFP ports
deploy with 10-Gigabit Ethernet 7-12, 7-13
global configuration mode 2-5
Guest-VLANs
configure with 802.1X 44-55
H
hardware and software ACL support 51-6
hardware switching 33-5
hello time (STP)
configuring 20-17
high CPU due to ACLs, troubleshooting 51-6
history
CLI 2-4
history table, level and number of syslog messages 58-9
hop counts
configuring MST bridges 20-28
host
limit on dynamic port 15-29
host modes, MACsec 43-4
host ports
kinds of 42-4
host presence CDP message 44-8
Hot Standby Routing Protocol
HSRP
description 1-13
hw-module module num power command 12-20
I
ICMP
enabling 8-13
ping 8-8
running IP traceroute 8-10
time exceeded messages 8-10
ICMP Echo operation
configuring 66-11
IP SLAs 66-11
i command 71-3
IDS
using with SPAN and RSPAN 55-2
IEEE 802.1ag 63-2
IEEE 802.1s
IEEE 802.1w
IEEE 802.3ad
IGMP
configurable-leave timer 25-4
description 35-3
enabling 35-14
explicit host tracking 25-4
immediate-leave processing 25-3
leave processing, enabling 26-8
overview 25-1
report suppression
disabling 26-10
IGMP filtering
configuring 25-21
default configuration 25-20
described 25-20
monitoring 25-24
IGMP groups
setting the maximum number 25-23
IGMP Immediate Leave
configuration guidelines 25-9
IGMP profile
applying 25-22
configuration mode 25-21
configuring 25-21
IGMP Snooping
configure
leave timer 25-9
configuring
Learning Methods 25-7
static connection to a multicast router 25-8
configuring host statically 25-11
enabling
explicit host tracking 25-11
suppressing multicast flooding 25-12
IGMP snooping
configuration guidelines 25-5
default configuration 26-5, 26-6
enabling
globally 25-6
on a VLAN 25-6
enabling and disabling 26-6
IP multicast and 35-4
overview 25-1
IGMP Snooping, displaying
group 25-16
hot membership 25-15
how to 25-15
MAC address entries 25-18
multicast router interfaces 25-17
on a VLAN interface 25-18
Querier information 25-19
IGMPSnooping Querier, configuring 25-10
Immediate Leave, IGMP
enabling 26-8
immediate-leave processing
enabling 25-8
IGMP
ingress packets, SPAN enhancement 55-12
inline power
configuring on Cisco IP phones 41-5
insufficient inline power handling for Supervisor Engine II-TS 12-19
Intelligent Power Management 13-4
interacting with Baby Giants 7-28
interface
displaying operational status 13-6
interface configuration
REP 22-10
interface link and trunk status events
configuring 7-36
interface port-channel command 24-7
interface range command 7-4
interface range macro command 7-10
interfaces
adding descriptive name 7-22
clearing counters 7-35
configuring 7-2
configuring ranges 7-4
displaying information about 7-34
Layer 2 modes 17-3
maintaining 7-34
monitoring 7-34
naming 7-22
numbers 7-2
overview 7-2
using the Ethernet Management Port 7-6
Internet Control Message Protocol
Internet Group Management Protocol
Internet Protocol version 6
introduction
802.1X Identity-Based Network Security, list of supported features 1-31
Cisco Call Home 1-21
Cisco Energy Wise 1-21
Cisco IOS IP Service Level Agreements 1-22
Cisco IOS Mediatrace and Performance Monitor 1-24
Cisco Medianet AutoQoS 1-23
Cisco Medianet Flow Metadata 1-23
Cisco Media Services Proxy 1-22
Cisco TrustSec MACsec Encryption 1-33
Cisco TrustSec Security Architecture 1-32
Debugging Features (platform and debug platform) 1-37
Dynamic Host Control Protocol 1-25
Easy Virtual Network 1-25
Embedded Event Manager 1-26
Ethernet Management Port 1-26
FAT File Management System (Sup 60-E, 6L-E, 4948E, and 4900M) 1-27
File System Management (Sup 7-E and 7L-E) 1-26
hard-based Control Plane Policing 1-34
Intelligent Power Management 1-27
IP Source Guard 1-34
IP Source Guard or Static Hosts 1-34
Layer 2 traceroute 1-37
MAC Address Notification 1-27
NAC
Layer 2 802.1X authentication 1-35
Layer 2 IP validation 1-35
NetFlow-lite 1-28
Network Security with ACLs (IP ACLs, MAC ACLs, Port ACLs, Router, ACLs, and VLAN ACLs) 1-35
Port Security 1-36
Power over Ethernet 1-28
Simple Network Management Protocol 1-28
SPAN and RSPAN 1-29
Time Domain Reflectometry 1-37
Universal Power over Ethernet 1-29
Web-based Authentication 1-38
Web Content Coordination Protocol 1-29
Wireshark 1-30
XML-PI 1-30
Intrusion Detection System
inventory management TLV 29-3, 29-9
IOS shell
IP
configuring default gateway 3-11
configuring static routes 3-11
displaying statistics 33-8
IP addresses
128-bit 52-2
cluster candidate or member 14-12
cluster command switch 14-11
discovering 4-37
IPv6 52-2
IP Enhanced IGRP
interfaces, displaying 32-19
ip icmp rate-limit unreachable command 8-13
ip igmp profile command 25-21
ip igmp snooping tcn flood command 25-13
ip igmp snooping tcn flood query count command 25-14
ip igmp snooping tcn query solicit command 25-14
IP information
assigned
through DHCP-based autoconfiguration 3-2
ip load-sharing per-destination command 33-7
ip local policy route-map command 38-7
ip mask-reply command 8-14
IP MTU sizes,configuring 32-9
IP multicast
clearing table entries 35-27
configuring 35-12
default configuration 35-13
displaying PIM information 35-23
displaying the routing table information 35-23
enabling dense-mode PIM 35-14
enabling sparse-mode 35-14
features not supported 35-12
hardware forwarding 35-8
overview 35-1
routing protocols 35-2
software forwarding 35-8
See also Auto-RP; IGMP; PIM; RP; RPF
IP multicast routing
enabling 35-13
monitoring and maintaining 35-22
ip multicast-routing command 35-13
IP multicast traffic, load splitting 35-21
IP phones
configuring voice ports 41-3
See Cisco IP Phones 41-1
ip pim command 35-14
ip pim dense-mode command 35-14
ip pim sparse-dense-mode command 35-15, 35-16
ip policy route-map command 38-7
IP Port Security for Static Hosts
on a Layer 2 access port 50-25
on a PVLAN host port 50-28
overview 50-24
ip redirects command 8-14
IP routing tables
deleting entries 35-27
IP Service Level Agreements
IP service levels, analyzing 66-1
IP SLAs
benefits 66-2
CFM endpoint discovery 63-21
configuration guidelines 66-6
Control Protocol 66-4
default configuration 66-6
definition 66-1
ICMP echo operation 66-11
manually configuring CFM ping or jitter 63-19
measuring network performance 66-3
multioperations scheduling 66-5
operation 66-3
reachability tracking 57-9
responder
described 66-4
enabling 66-7
response time 66-4
scheduling 66-5
SNMP support 66-2
supported metrics 66-2
threshold monitoring 66-6
track state 57-9
UDP jitter operation 66-8
IP Source Guard
configuring 50-20
configuring on private VLANs 50-22
overview 50-23
IP statistics
displaying 33-8
IP traceroute
executing 8-10
overview 8-9
IP unicast
displaying statistics 33-8
IP Unnumbered support
configuring on a range of Ethernet VLANs 16-5
configuring on LAN and VLAN interfaces 16-4
configuring with connected host polling 16-6
DHCP Option 82 16-2
displaying settings 16-7
format of agent remote ID suboptions 16-2
troubleshooting 16-8
with conected host polling 16-3
with DHCP server and Relay agent 16-2
ip unreachables command 8-13
IPv4, IPv6, and MAC ACLs, configuring on a Layer 2 interface 51-29
IPv6
addresses 52-2
default configuration 52-7
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 52-6
Router ID 52-6
OSPF 52-6
IPv6 control traffic, policing 48-16
IPX
redistribution of route information with EIGRP 1-15
is 27-19
ISL
trunking with 802.1Q tunneling 27-4
isolated port 42-4
isolated VLANs 42-2, 42-3, 42-4
ISSU
compatibility matrix 5-14, 6-13
compatiblity verification using Cisco Feature Navigator 5-15, 6-14
perform the process
aborting a software upgrade 5-31, 6-31
configuring the rollback timer as a safeguard 5-32, 6-32
displaying a compatibility matrix 5-34, 5-37, 6-34
loading the new software on the new standby 5-24, 6-24
stopping the rollback timer 5-23, 6-23
switching to the standby 5-21, 6-21
verify the ISSU state 5-17, 6-17
verify the redundancy mode 5-16, 6-16
verify the software installation 5-16, 6-15
vload the new software on standby 5-18, 6-18
versioning capability in software to support 5-13
IST
and MST regions 20-22
description 20-22
master 20-27
ITU-T Y.1731
J
jumbo frames
and ethernet ports 7-26
configuring MTU sizes for 7-27
ports and linecards that support 7-24
understanding MTUs 7-25
understanding support 7-25
VLAN interfaces 7-26
K
keyboard shortcuts 2-3
L
l2protocol-tunnel command 27-17
labels, definition 40-3
LACP
system ID 24-4
Layer 2 access ports 17-7
Layer 2 Control Packet QoS
and CoPP configuration example 48-14
default configuation 48-11
disabling 48-13
enabvling 48-12
guideline and restrictions 48-16
understanding 48-11
Layer 2 frames
classification with CoS 40-2
Layer 2 interface
applying ACLs 51-31
configuring access-mode mode on 51-31
configuring IPv4, IPv6, and MAC ACLs 51-29
displaying an ACL configuration 51-32
Layer 2 interfaces
assigning VLANs 15-7
configuring 17-5
configuring as PVLAN host ports 42-18
configuring as PVLAN promiscuous ports 42-17
configuring as PVLAN trunk ports 42-19
defaults 17-4
disabling configuration 17-8
modes 17-3
show interfaces command 17-6
Layer 2 interface type
resetting 42-24
setting 42-24
Layer 2 protocol tunneling
default configuration 27-16
guidelines 27-16
Layer 2 switching
overview 17-1
Layer 2 Traceroute
and ARP 8-11
and CDP 8-11
host-to-host paths 8-11
IP addresses and subnets 8-11
MAC addresses and VLANs 8-11
multicast traffic 8-11
multiple devices on a port 8-11
usage guidelines 8-11
Layer 2 trunks
configuring 17-5
overview 17-3
Layer 3 interface, applying IPv6 ACLs 51-17
Layer 3 interface counters,configuring 32-10
Layer 3 interface counters,understanding 32-3
Layer 3 interfaces
changing from Layer 2 mode 39-7
configuration guidelines 32-5
configuring VLANs as interfaces 32-7
overview 32-1
counters 32-3
logical 32-2
physical 32-2
SVI autostate exclude 32-3
Layer 3 packets
classification methods 40-2
Layer 4 port operations
configuration guidelines 51-11
restrictions 51-10
Leave timer, enabling 25-9
limitations on using a TwinGig Convertor 7-14
link and trunk status events
configuring interface 7-36
link integrity, verifying with REP 22-4
Link Layer Discovery Protocol
link monitoring, Ethernet OAM 63-34, 63-38
link-state tracking
configuration guidelines 24-21
default configuration 24-21
described 24-18
displaying status 24-22
generic configuration procedure 24-21
link status, displaying UDLD 30-9
listening state (STP)
RSTP comparisons (table) 20-24
LLDP
configuring 29-4
characteristics 29-5
default configuration 29-5
disabling and enabling
globally 29-6
on an interface 29-7
monitoring and maintaining 29-14
overview 29-1
transmission timer and holdtime, setting 29-5
LLDP-MED
configuring
procedures 29-4
monitoring and maintaining 29-14
overview 29-1
supported TLVs 29-2
LLDP Media Endpoint Discovery
load balancing
configuring for CEF 33-7
configuring for EtherChannel 24-14
per-destination 33-7
load splitting IP multicast traffic 35-21
Location Service
overview 29-1
location service
configuring 29-12
understanding 29-3
logging, EPM 44-117
Logical Layer 3 interfaces
configuring 32-6
logical layer 3 VLAN interfaces 32-2
login authentication
with RADIUS 44-103
with TACACS+ 3-19
login banners 4-17
login timer
changing 8-7
logoutwarning command 8-7
loop guard
and MST 20-23
configuring 23-4
overview 23-3
M
MAC/PHY configuration status TLV 29-2
MAC addresses
aging time 4-23
allocating 20-6
and VLAN association 4-22
convert dynamic to sticky secure 47-5
default configuration 4-23
disabling learning on a VLAN 4-32
discovering 4-37
displaying 8-4
displaying in DHCP snooping binding table 50-19
dynamic
learning 4-22
removing 4-24
in ACLs 51-14
static
adding 4-30
allowing 4-31
characteristics of 4-29
dropping 4-31
removing 4-30
sticky 47-4
sticky secure, adding 47-5
MAC address learning, disabling on a VLAN 4-32
confuguring 4-32
deployment scenarios 4-33
feature compatibility 4-35
feature incompatibility 4-36
feature inompatibility 4-36
usage guidelines 4-33
MAC address table
displaying 4-37
MAC address-table move update
configuration guidelines 21-10
configuring 21-10
monitoring 21-12
MAC Authentication Bypass
configure with 802.1X 44-58
MAC details, displaying 44-117
MAC extended access lists 51-14
macl 51-14
macros
MACSec
802.1AE Tagging 43-8
MACsec 43-2
configuring on an interface 43-7
switch-to-switch security 43-1
MACsec Key Agreement Protocol
management address TLV 29-2
management options
SNMP 60-1
Management Port, Ethernet 7-6
manual preemption, REP, configuring 22-13
marking
hardware capabilities 40-22
marking action drivers 40-20
marking network traffic 40-17
marking support, multi-attribute 40-21
match ip address command 38-6
maximum aging time (STP)
configuring 20-18
MDA
configuration guidelines44-23to ??
described 44-22
Media Access Control Security
members
automatic discovery 14-7
member switch
managing 14-13
member switch, cluster
defined 14-2
meminfo command 71-5
messages, Ethernet OAM 63-34
messages, to users through banners 4-17
Metro features
Ethernet CFM, introduction 1-3
Ethernet OAM Protocol, introduction 1-3
Flex Link and MAC Address-Table Move Update, introduction 1-4
Y.1731 (AIS and RDI), introduction 1-10
metro tags 27-2
MFIB
CEF 35-5
overview 35-11
MFIB, IP
displaying 35-25
MIBs
compiling 70-4
overview 60-1
related information 70-3
SNMP interaction with 60-4
MKA
configuring policies 43-6
defined 43-2
policies 43-3
replay protection 43-3
statistics 43-5
virtual ports 43-3
MLD Done messages and Immediate-leave 26-4
MLD messages 26-2
MLD queries 26-3
MLD reports 26-4
MLD Snooping
MLD Done messages and Immediate-leave 26-4
MLD messages 26-2
MLD queries 26-3
MLD reports 26-4
Multicast client aging robustness 26-3
Multicast router discovery 26-3
overview 26-1
Mode of capturing control packets, selecting 51-7
modules
checking status 8-2
powering down 12-19
monitoring
802.1Q tunneling 27-18
ACL information 51-35
Ethernet OAM 63-49
Ethernet OAM protocol 63-49
Flex Links 21-12
IGMP
snooping 26-10
IGMP filters 25-24
IGMP snooping 25-14
Layer 2 protocol tunneling 27-18
MAC address-table move update 21-12
multicast router interfaces 26-11
multi-VRF CE 39-17
object tracking 57-12
REP 22-14
traffic flowing among switches 67-1
tunneling 27-18
VLAN filters 51-24
VLAN maps 51-24
monitoring and troubleshooting
BFD 37-16
M-record 20-23
MST
and multiple spanning trees 1-7, 20-22
boundary ports 20-27
BPDUs 20-23
configuration parameters 20-26
configuring 20-29
displaying configurations 20-33
edge ports 20-27
enabling 20-29
hop count 20-28
instances
configuring parameters 20-32
description 20-23
number supported 20-26
interoperability with PVST+ 20-23
link type 20-28
master 20-27
message age 20-28
regions 20-26
restrictions 20-29
to-SST interoperability 20-24
MSTP
EtherChannel guard
enabling 23-6
M-record 20-23
M-tree 20-23
M-tree 20-23
MTUS
understanding 7-25
MTU size
default 15-5
Multi-authentication
described 44-22
multiauthentication mode 44-8
multicast
Multicast client aging robustness 26-3
multicast Ethernet loopback (ETH-LB) 63-29
multicast Ethernet loopback, using 63-31
multicast groups
static joins 26-7
multicast packets
blocking 53-2
Multicast router discovery 26-3
multicast router interfaces, displaying 25-17
multicast router interfaces, monitoring 26-11
multicast router ports, adding 26-7
multicast routers
flood suppression 25-12
multicast router table
displaying 35-23
Multicast Storm Control
enabling 54-4
disabling 54-5
multidomain authentication
multidomain authentication mode 44-7
multioperations scheduling, IP SLAs 66-5
Multiple AuthorizationAuthentication
configuring 44-34
Multiple Domain Authentication 44-34
multiple forwarding paths 1-7, 20-22
multiple-hosts mode 44-7
Multiple Spanning Tree
multiple VPN routing/forwarding
multi-VRF CE
components 39-3
configuration example 39-13
default configuration 39-3
defined 39-1
displaying 39-17
monitoring 39-17
network components 39-3
packet-forwarding process 39-3
N
NAC Layer 2 802.1X authentication, intro 1-35
NAC Layer 2 IP validation, intro 1-35
named IPv6 ACLs, configuring
ACLs
configuring named IPv6 ACLs 51-16
named MAC extended ACLs
ACLs
configuring named MAC extended 51-14, 51-15
native VLAN
and 802.1Q tunneling 27-4
specifying 17-5
NDAC 43-9
defined 43-9
MACsec 43-1
NEAT
configuring 44-85
overview 44-24
neighbor offset numbers, REP 22-5
NetFlow-lite
clear commands 61-9
display commands 61-8
NetFlow packet sampling
about 61-2
Network Assistant
and VTY 14-12
configure
enable communication with switch 14-13, 14-17
default configuration 14-3
overview of CLI commands 14-3
Network Device Admission Control (NDAC) 43-9
Network Edge Access Topology
network fault tolerance 1-7, 20-22
network management
configuring 28-1
RMON 67-1
SNMP 60-1
network performance, measuring with IP SLAs 66-3
Network Time Protocol
network traffic, marking 40-17
New Software Features in Release 7.7
TDR 8-4
Next Hop Resolution Protocol
NHRP
support 1-15
non-fiber-optics interfaces
disabling UDLD 30-7
non-IP traffic filtering 51-14, 51-15
non-RPF traffic
description 35-10
in redundant configurations (figure) 35-10
Nonstop Forwarding
nonvolatile random-access memory
normal-range VLANs
NSF
defined 11-1
guidelines and restrictions 11-9
operation 11-4
NSF-aware
supervisor engines 11-3
support 11-2
NSF-capable
supervisor engines 11-3
support 11-2
NSF with SSO supervisor engine redundancy
and CEF 11-5
overview 11-3
SSO operation 11-4
NTP
associations
authenticating 4-4
defined 4-2
enabling broadcast messages 4-7
peer 4-6
server 4-6
default configuration 4-4
displaying the configuration 4-11
overview 4-2
restricting access
creating an access group 4-9
disabling NTP services per interface 4-10
source IP address, configuring 4-10
stratum 4-2
synchronizing devices 4-6
time
services 4-2
synchronizing 4-2
ntroduction
PPPoE Intermediate Agent 1-36
Storm Control 1-36
uRPF Strict Mode 1-37
NVRAM
saving settings 3-10
O
OAM
client 63-34
features 63-34
sublayer 63-34
OAM manager
configuring 63-52
with CFM and Ethernet OAM 63-51
OAM PDUs 63-35
OAM protocol data units 63-33
object tracking
monitoring 57-12
OIR
overview 7-31
on-demaind online diagnostics 68-2
online diagnostic
troubleshooting 68-8
Online Diagnostics 68-1
online diagnostics
configuring on-demaind 68-2
data path, displaying test results 68-7
displaying tests and test results 68-4
linecard 68-8
scheduling 68-2
starting and stopping tests 68-3
online insertion and removal
Open Shortest Path First
operating system images
Option 82
enabling DHCP Snooping 50-10
OSPF
area concept 1-16
description 1-16
for IPv6 52-6
P
packets
modifying 40-9
packet type filtering
overview 55-14
SPAN enhancement 55-14
PACL
using with access-group mode 51-30
PACL configuration guidelines 51-28
PACL with VLAN maps and router ACLs 51-32
PAgP
understanding 24-3
passwords
configuring enable password 3-14
configuring enable secret password 3-14
encrypting 3-22
in clusters 14-8
recovering lost enable password 3-25
setting line password 3-14
PBR (policy-based routing)
configuration (example) 38-8
enabling 38-6
features 38-2
overview 38-1
route-map processing logic 38-3
route-map processing logic example 38-4
route maps 38-2
when to use 38-5
percentage thresholds in tracked lists 57-6
per-port and VLAN Access Control List 50-19
per-port per-VLAN QoS
enabling 40-35
overview 40-10
Per-User ACL and Filter-ID ACL, configure 44-44
Per-VLAN Rapid Spanning Tree 20-6
enabling 20-20
overview 20-6
PE to CE routing, configuring 39-12
physical layer 3 interfaces 32-2
Physical Layer 3 interfaces, configuring 32-12
PIM
configuring dense mode 35-14
configuring sparse mode 35-14
displaying information 35-23
displaying statistics 35-27
enabling sparse-dense mode 35-14, 35-15
overview 35-3
PIM-DM 35-3
PIM on an interface, enabling 35-14
PIM-SM 35-3
PIM-SSM mapping, enabling 35-16
ping
executing 8-9
overview 8-8
configuring power consumption, powered devices 13-5
configuring power consumption for single device 13-5, 13-16
displaying operational status for an interface 13-6
Enhanced PoE support on E-series 13-15
policing and monitoring 13-12
power consumption for powered devices
Intelligent Power Management 13-4
powering down a module 12-19
power management modes 13-2
PoE policing
configuring errdisable recovery 13-14
configuring on an interface 13-13
displaying on an interface 13-14
power modes 13-12
point-to-point
in 802.1X authentication (figure) 44-3
policing
how to implement 40-17
policing, PoE 13-12
policing IPv6 control traffic 48-16
policy associations, QoS on Sup 6-E 40-38
policy-map command 40-15
policy map marking action, configuring 40-22
port ACLs
and voice VLAN 51-4
defined 51-3
Port Aggregation Protocol
port-based authentication
802.1X with voice VLAN 44-22
Authentication Failed VLAN assignment 44-17
authentication server
defined 46-2
changing the quiet period 44-81
configuration guidelines 44-28, 46-6
configure ACL assignments and redirect URLs 44-38
configure switch-to-RADIUS server communication 44-32
configure with Authentication Failed 44-68
configure with Critical Authentication 44-60
configure with Guest-VLANs 44-55
configure with MAC Authentication Bypass 44-58
configure with VLAN User Distribution 44-66
configure with Voice VLAN 44-70
configuring
Multiple Domain Authentication and Multiple Authorization 44-34
RADIUS server 46-10
RADIUS server parameters on the switch 46-9
configuring Fallback Authentication 44-73
configuring Guest-VLAN 44-32
configuring manual re-authentication of a client 44-91
configuring with Unidirectional Controlled Port 44-64
controlling authorization state 44-5
default configuration 44-27, 46-6
described 44-1
displaying statistics 44-113, 46-14
enabling 44-28
802.1X authentication 46-9
enabling multiple hosts 44-80
enabling periodic re-authentication 44-78
encapsulation 44-3
host mode 44-6
how 802.1X fails on a port 44-25
initiation and message exchange 44-4
method lists 44-28
modes 44-6
multidomain authentication 44-22
multiple-hosts mode, described 44-7
port security
multiple-hosts mode 44-7
ports not supported 44-5
pre-authentication open access 44-8
resetting to default values 44-92
setting retransmission number 44-83
setting retransmission time 44-82
switch
as proxy 46-2
switch supplicant
configuring 44-85
overview 44-24
topologies, supported 44-25
using with ACL assignments and redirect URLs 44-20
using with port security 44-19
with Critical Authentication 44-14
with Guest VLANs 44-11
with MAC Authentication Bypass 44-12
with Unidirectional Controlled Port 44-15
with VLAN assignment 44-10
with VLAN User Distribution 44-16
port-channel interfaces
creating 24-7
overview 24-2
port-channel load-balance
command 24-13
command example 24-13
port-channel load-balance command 24-14
port cost (STP)
configuring 20-15
port description TLV 29-2
PortFast
and MST 20-23
BPDU filter, configuring 23-9
configuring or enabling 23-15
overview 23-6
PortFast BPDU filtering
and MST 20-23
enabling 23-9
overview 23-9
port numbering with TwinGig Convertors 7-13
port priority
configuring MST instances 20-32
configuring STP 20-13
ports
blocking 53-1
checking status 8-3
dynamic VLAN membership
example 15-29
reconfirming 15-26
forwarding, resuming 53-3
REP 22-6
port security
aging 47-5
configuring 47-7
displaying 47-28
guidelines and restrictions 47-33
on private VLAN 47-14
host 47-14
promiscuous 47-16
on trunk port 47-17
guidelines and restrictions 47-15, 47-18, 47-32
port mode changes 47-22
on voice ports 47-22
sticky learning 47-5
using with 802.1X 44-19
violations 47-6
with 802.1X Authentication 47-32
with DHCP and IP Source Guard 47-31
with other features 47-33
port states
description 20-5
port VLAN ID TLV 29-2
power
inline 41-5
power dc input command 12-19
powered devices, configuring power consumption 13-5
power handling for Supervisor Engine II-TS 13-12
power inline command 13-3
power inline consumption command 13-5
power management
Catalyst 4500 series 12-7
Catalyst 4500 Switch power supplies 12-13
Catalyst 4948 series 12-20
configuring combined mode 12-12
configuring redundant mode 12-11
overview 12-1
redundancy 12-7
power management for Catalyst 4500 Switch
combined mode 12-9
redundant mode 12-8
power management limitations in Catalyst 4500 Switch 12-9
power management mode
selecting 12-9
power management TLV 29-2, 29-3, 29-9
power negotiation
through LLDP 29-11
Power-On-Self-Test diagnostics 68-10, 68-20
Power-On-Self-Test for Supervisor Engine V-10GE 68-13
power policing, displaying on an interface 13-14
power redundancy-mode command 12-12
power supplies
available power for Catalyst 4500 Switch 12-13
fixed 12-7
pre-authentication open access 44-8
pre-authentication open access. See port-based authentication.
preempt delay time, REP 22-5
primary edge port, REP 22-4
associating with secondary VLANs 42-16
configuring as a PVLAN 42-15
priority
overriding CoS of incoming frames 41-5
priority queuing, QoS on Sup 6-E 40-29
private VLAN
configure port security 47-14, 47-15
enabling DHCP Snooping 50-12
private VLANs
across multiple switches 42-5
and SVIs 42-10
benefits of 42-2
community ports 42-3
default configuration 42-12
end station access to 42-3
isolated port 42-4
isolated VLANs 42-2, 42-3, 42-4
ports
community 42-3
isolated 42-4
promiscuous 42-4
promiscuous ports 42-4
secondary VLANs 42-2
subdomains 42-2
traffic in 42-9
privileged EXEC mode 2-5
privileges
changing default 3-23
configuring levels 3-23
exiting 3-24
logging in 3-24
promiscuous ports
configuring PVLAN 42-17
defined 42-4
setting mode 42-24
protocol timers 20-4
provider edge devices 39-2
pruning, VTP
pseudobridges
description 20-25
PVACL 50-19
PVID (port VLAN ID)
and 802.1X with voice VLAN ports 44-22
PVLAN promiscuous trunk port
configuring 42-11, 42-17, 42-21
PVLANs
802.1q support 42-14
across multiple switches 42-5
configuration guidelines 42-12
configure port security 47-14, 47-16, 47-18
configure port security in a wireless setting 47-32
configuring 42-11
configuring a VLAN 42-15
configuring promiscuous ports 42-17
host ports
configuring a Layer 2 interface 42-18
setting 42-24
overview 42-1
permitting routing, example 42-23
promiscuous mode
setting 42-24
setting
interface mode 42-24
Q
QoS
classification40-6to ??
definitions 40-3
enabling per-port per-VLAN 40-35
overview 40-1
overview of per-port per-VLAN 40-10
packet modification 40-9
traffic shaping 40-9
See also COS; DSCP values; transmit queues
QoS active queue management
tracking queue length 40-9
QoS labels
definition 40-3
QoS marking
description 40-5
QoS on Sup 6-E
Active Queue management via DBL 40-33
active queue management via DBL 40-26, 40-33
classification 40-15
configuring 40-12
configuring CoS mutation 40-44
configuring the policy map marking action 40-22
hardware capabilities for marking 40-22
how to implement policing 40-17
marking action drivers 40-20
marking network traffic 40-17
MQC-based QoS configuration 40-13
multi-attribute marking support 40-21
platform hardware capabilities 40-14
platform restrictions 40-17
platform-supported classification criteria and QoS features 40-13
policing 40-16
policy associations 40-38
prerequisites for applying a service policy 40-14
priority queuing 40-29
queue-limiting 40-30
restrictions for applying a service policy 40-14
shaping 40-24
sharing(bandwidth) 40-26
sharing(blandwidth), shapring, and priority queuing 40-24
software QoS 40-39
traffic marking procedure flowchart 40-20
QoS policing
definition 40-5
described 40-8
QoS policy
attaching to interfaces 40-8
QoS service policy
prerequisites 40-14
restrictions for applying 40-14
QoS transmit queues
burst 40-9
maximum rate 40-9
sharing link bandwidth 40-9
Quality of service
queueing 40-8
queue-limiting, QoS on Sup 6-E 40-30
R
RADIUS
attributes
vendor-proprietary 44-111
vendor-specific 44-109
change of authorization 44-94
configuring
accounting 44-108
authentication 44-103
authorization 44-107
communication, global 44-101, 44-109
communication, per-server 44-100, 44-101
multiple UDP ports 44-101
default configuration 44-100
defining AAA server groups 44-105
displaying the configuration 44-113
identifying the server 44-100
limiting the services to the user 44-107
method list, defined 44-100
operation of 44-94
server load balancing 44-113
suggested network environments 44-93
tracking services accessed by user 44-108
understanding 44-93
RADIUS, controlling switch access with 44-92
RADIUS Change of Authorization 44-94
RADIUS server
configure to-Switch communication 44-32
configuring settings 44-34
parameters on the switch 44-32
RA Guard
configuring 51-36
deployment 51-36
examples 51-37
introduction 51-35
usage guidelines 51-38
range command 7-4
range macros
defining 7-10
ranges of interfaces
configuring 7-4
Rapid Spanning Tree
rcommand command 14-13
reachability, tracking IP SLAs IP host 57-9
re-authentication of a client
configuring manual 44-91
enabling periodic 44-78
redirect URLs, port-based authentication 44-20
reduced MAC address 20-2
redundancy
guidelines and restrictions 9-5, 10-5
changes made through SNMP 9-11, 10-11
NSF-aware support 11-2
NSF-capable support 11-2
understanding synchronization 9-4, 10-5
redundancy (NSF) 11-1
configuring
BGP 11-11
CEF 11-10
EIGRP 11-16
IS-IS 11-13
OSPF 11-12
routing protocols 11-5
redundancy (RPR)
route processor redundancy 9-2, 10-3
redundancy (SSO)
redundancy command 11-10
route processor redundancy 9-3, 10-3
Remote Authentication Dial-In User Service
remote failure indications 63-34
remote loopback, Ethernet OAM 63-34, 63-37
Remote Network Monitoring
rendezvous point, configuring 35-16
rendezvous point, configuring single static 35-20
REP
administrative VLAN 22-8
administrative VLAN, configuring 22-9
and STP 22-6
configuration guidelines 22-7
configuring interfaces 22-10
convergence 22-4
default configuration 22-7
manual preemption, configuring 22-13
monitoring 22-14
neighbor offset numbers 22-5
open segment 22-2
ports 22-6
preempt delay time 22-5
primary edge port 22-4
ring segment 22-2
secondary edge port 22-4
segments 22-1
characteristics 22-2
SNMP traps, configuring 22-14
supported interfaces 22-1
triggering VLAN load balancing 22-6
verifying link integrity 22-4
VLAN blocking 22-13
VLAN load balancing 22-4
replication
description 35-9
report suppression, IGMP
disabling 26-10
reserved-range VLANs
reset command 71-3
resetting an interface to default configuration 7-38
resetting a switch to defaults 3-32
Resilient Ethernet ProtocolLSee REP
responder, IP SLAs
described 66-4
enabling 66-7
response time, measuring with IP SLAs 66-4
restricting access
NTP services 4-8
RADIUS 44-92
TACACS+ 3-15
retransmission number
setting in 802.1X authentication 44-83
retransmission time
changing in 802.1X authentication 44-82
RFC
1157, SNMPv1 60-2
1305, NTP 4-2
1757, RMON 67-2
1901, SNMPv2C 60-2
1902 to 1907, SNMPv2 60-2
2273-2275, SNMPv3 60-2
RFC 5176 Compliance 44-95
RIP
description 1-16
for IPv6 52-5
RMON
default configuration 67-3
displaying status 67-6
enabling alarms and events 67-3
groups supported 67-2
overview 67-1
ROM monitor
boot process and 3-26
CLI 2-7
debug commands 71-5
entering 71-1
exiting 71-6
overview 71-1
root bridge
configuring 20-10
selecting in MST 20-22
root guard
and MST 20-23
enabling 23-2
overview 23-2
routed packets
ACLs 51-26
route-map (IP) command 38-6
route maps
defining 38-6
PBR 38-2
router ACLs
using with VLAN maps 51-25
router ACLs, using PACL with VLAN maps 51-32
route targets
VPN 39-3
Routing Information Protocol
RSPAN
configuration guidelines 55-16
destination ports 55-5
IDS 55-2
monitored ports 55-4
monitoring ports 55-5
received traffic 55-3
sessions
creating 55-17
defined 55-3
limiting source traffic to specific VLANs 55-23
monitoring VLANs 55-21
removing source (monitored) ports 55-20
specifying monitored ports 55-17
source ports 55-4
transmitted traffic 55-4
VLAN-based 55-5
RSTP
compatibility 20-23
description 20-22
port roles 20-24
port states 20-24
S
SAID
SAP
defined 43-9
negotiation 43-9
support 43-1
scheduling 40-8
scheduling, IP SLAs operations 66-5
secondary edge port, REP 22-4
secondary root switch 20-12
secondary VLANs 42-2
associating with primary 42-16
permitting routing 42-23
Security Association Identifier
Security Exchange Protocol
Security Exchange Protocol
selecting a power management mode 12-9
selecting X2/TwinGig Convertor Mode 7-14
sequence numbers in log messages 58-7
server IDs
description 65-23
service policy, configure class-level queue-limit 40-30
service-policy input command 31-2
service-provider networks
and customer VLANs 27-2
session keys, MKA 43-2
set default interface command 38-6, 38-7
set interface command 38-6
set ip default next-hop command 38-6
set ip next-hop command 38-6
set-request operation 60-4
severity levels, defining in system messages 58-8
shaping, QoS on Sup 6-E 40-24
sharing(bandwidth), QoS on Sup 6-E 40-26
Shell functions
Shell triggers
show adjacency command 33-9
show boot command 3-32
show catalyst4000 chassis-mac-address command 20-3
show cdp entry command 28-4
show cdp interface command 28-3
show cdp neighbors command 28-4
show cdp traffic command 28-4
show ciscoview package command 4-41
show ciscoview version command 4-41
show cluster members command 14-13
show configuration command 7-22
show debugging command 28-4
show environment command 12-2
show history command 2-4
show interfaces command 7-27, 7-28, 7-35, 7-37
show interfaces status command 8-3
show ip cef command 33-8
show ip eigrp interfaces command 32-19
show ip eigrp neighbors command 32-19
show ip eigrp topology command 32-19
show ip eigrp traffic command 32-19
show ip interface command 35-23
show ip local policy command 38-7
show ip mroute command 35-23
show ip pim interface command 35-23
show l2protocol command 27-18
show lldp traffic command 29-15
show mac-address-table address command 8-4
show mac-address-table interface command 8-4
show mls entry command 33-8
show PoE consumed 13-8
show power inline command 13-6
show power supplies command 12-12
show protocols command 7-35
show running-config command
adding description for an interface 7-22
checking your settings 3-9
displaying ACLs 51-19, 51-21, 51-30, 51-31
show startup-config command 3-10
show users command 8-7
show version command 3-29
shutdown, command 7-36
shutdown threshold for Layer 2 protocol packets 27-16
shutting down
interfaces 7-35
Simple Network Management Protocol
single-host mode 44-7
single spanning tree
single static RP, configuring 35-20
slot numbers, description 7-2
Slow timer, configuring BFD 37-15
smart call home 65-1
description 65-2
destination profile (note) 65-5
registration requirements 65-3
service contract requirements 65-3
Transport Gateway (TG) aggregation point 65-2
SMARTnet
smart call home registration 65-3
Smartports macros
applying global parameter values 18-9, 18-15, 18-16
applying macros 18-9
applying parameter values 18-9
configuration guidelines 18-6, 18-15
configuring 18-2
creating 18-8
default configuration 18-4, 18-14
displaying 18-14
SNMP
accessing MIB variables with 60-4
agent
described 60-4
disabling 60-7
and IP SLAs 66-2
authentication level 60-10
community strings
configuring 60-7
overview 60-4
configuration examples 60-15
configuration guidelines 60-6
default configuration 60-5
engine ID 60-6
host 60-6
informs
and trap keyword 60-11
described 60-5
differences from traps 60-5
enabling 60-14
limiting access by TFTP servers 60-15
limiting system log messages to NMS 58-9
manager functions 60-3
notifications 60-5
status, displaying 60-16
system contact and location 60-14
trap manager, configuring 60-13
traps
differences from informs 60-5
enabling 60-11
enabling MAC address notification 4-24
enabling MAC move notification 4-26
enabling MAC threshold notification 4-28
types of 60-11
versions supported 60-2
SNMP commands 70-4
SNMP traps
REP 22-14
SNMPv1 60-2
SNMPv2C 60-2
SNMPv3 60-2
software
software configuration register 3-26
software QoS, on Sup 6-E 40-39
software switching
description 33-5
interfaces 33-6
key data structures used 35-7
source IDs
call home event format 65-22
SPAN
and ACLs 55-5
configuration guidelines 55-7
destination ports 55-5
IDS 55-2
monitored port, defined 55-4
monitoring port, defined 55-5
received traffic 55-3
sessions
defined 55-3
source ports 55-4
transmitted traffic 55-4
VLAN-based 55-5
SPAN and RSPAN
concepts and terminology 55-3
default configuration 55-6
displaying status 55-24
overview 55-1
session limits 55-6
SPAN enhancements
access list filtering 55-13
configuration example 55-15
CPU port sniffing 55-10
encapsulation configuration 55-12
ingress packets 55-12
packet type filtering 55-14
spanning-tree backbonefast command 23-16
spanning-tree cost command 20-16
spanning-tree guard root command 23-2
spanning-tree portfast bpdu-guard command 23-8
spanning-tree portfast command 23-7
spanning-tree port-priority command 20-13
spanning-tree uplinkfast command 23-12
spanning-tree vlan
command 20-9
command example 20-9
spanning-tree vlan command 20-8
spanning-tree vlan cost command 20-16
spanning-tree vlan forward-time command 20-19
spanning-tree vlan hello-time command 20-18
spanning-tree vlan max-age command 20-18
spanning-tree vlan port-priority command 20-13
spanning-tree vlan priority command 20-17
spanning-tree vlan root primary command 20-10
spanning-tree vlan root secondary command 20-12
speed
configuring interface 7-19
speed command 7-20
SSO
configuring 11-10
SSO operation 11-4
SST
description 20-22
interoperability 20-24
static ACL, removing the requirement 51-28
static addresses
static routes
configuring 3-11
verifying 3-12
statistics
802.1X 46-14
displaying 802.1X 44-113
displaying PIM 35-27
LLDP 29-14
LLDP-MED 29-14
MKA 43-5
SNMP input and output 60-16
sticky learning
configuration file 47-6
defined 47-5
disabling 47-6
enabling 47-5
saving addresses 47-6
sticky MAC addresses
configuring 47-7
defined 47-4
storing captured packets to a .pcap file, Wireshark 56-4
Storm Control
displaying 54-6
enabling Broadcast 54-3
enabling Multicast 54-4
hardware-based, implementing 54-2
overview 54-1
software-based, implementing 54-2
STP
and REP 22-6
bridge ID 20-2
creating topology 20-5
defaults 20-7
disabling 20-20
enabling 20-8
enabling extended system ID 20-9
enabling Per-VLAN Rapid Spanning Tree 20-20
EtherChannel guard
disabling 23-6
forward-delay time 20-19
hello time 20-17
Layer 2 protocol tunneling 27-13
maximum aging time 20-18
per-VLAN rapid spanning tree 20-6
port cost 20-15
port priority 20-13
root bridge 20-10
stratum, NTP 4-2
stub routing (EIGRP)
benefits 32-17
configuration tasks 32-18
configuring 32-14
restrictions 32-17
verifying 32-18
subdomains, private VLAN 42-2
summer time 4-13
supervisor engine
accessing the redundant 9-14, 10-14
copying files to standby 9-14, 10-14
default configuration 3-1
default gateways 3-11
environmental monitoring 12-1
redundancy 11-1
ROM monitor 3-26
startup configuration 3-25
static routes 3-11
synchronizing configurations 9-11, 10-10
Supervisor Engine II-TS
insufficient inline power handling 12-19, 13-12
Smartports macros
See also Auto Smartports macros
SVI Autostate Exclude
understanding 32-3
SVI Autostate exclude
configuring 32-7
switch 52-2
switch access with RADIUS, controlling 44-92
switched packets
and ACLs 51-25
Switched Port Analyzer
switchport
show interfaces 7-27, 7-28, 7-37
switchport access vlan command 17-5, 17-7
switchport block multicast command 53-2
switchport block unicast command 53-2
switchport mode access command 17-7
switchport mode dot1q-tunnel command 27-6
switchport mode dynamic command 17-5
switchport mode trunk command 17-5
switch ports
switchport trunk allowed vlan command 17-5
switchport trunk native vlan command 17-5
switchport trunk pruning vlan command 17-6
switch-to-RADIUS server communication
configuring 44-32
sysret command 71-5
system
reviewing configuration 3-10
settings at startup 3-27
system alarms
overview 12-5
system and network statistics, displaying 35-23
system capabilities TLV 29-2
system clock
configuring
daylight saving time 4-13
manually 4-11
summer time 4-13
time zones 4-12
displaying the time and date 4-12
overview 4-2
system description TLV 29-2
system images
loading from Flash memory 3-30
modifying boot field 3-27
specifying 3-30
system message logging
default configuration 58-3
defining error message severity levels 58-8
disabling 58-4
displaying the configuration 58-12
enabling 58-4
facility keywords, described 58-12
level keywords, described 58-9
limiting messages 58-9
message format 58-2
overview 58-1
sequence numbers, enabling and disabling 58-7
setting the display destination device 58-5
synchronizing log messages 58-6
timestamps, enabling and disabling 58-7
UNIX syslog servers
configuring the daemon 58-10
configuring the logging facility 58-11
facilities supported 58-12
system MTU
802.1Q tunneling 27-5
maximums 27-5
system name
manual configuration 4-15
system name TLV 29-2
system prompt, default setting 4-14
T
TACACS+
accounting, defined 3-16
authentication, defined 3-16
authorization, defined 3-16
configuring
accounting 3-21
authentication key 3-18
authorization 3-21
login authentication 3-19
default configuration 3-18
displaying the configuration 3-22
identifying the server 3-18
limiting the services to the user 3-21
operation of 3-17
overview 3-15
tracking services accessed by user 3-21
tagged packets
802.1Q 27-3
Layer 2 protocol 27-13
TCAM programming and ACLs 51-7
for Sup II-Plust thru V-10GE 51-6
TCAM programming and ACLs for Sup 6-E 51-10
TDR
checking cable connectivity 8-4
enabling and disabling test 8-4
guidelines 8-4
Telnet
accessing CLI 2-2
disconnecting user sessions 8-8
executing 8-6
monitoring user sessions 8-7
telnet command 8-7
templates, Ethernet OAM 63-45
Terminal Access Controller Access Control System Plus
TFTP
configuration files in base directory 3-5
configuring for autoconfiguration 3-4
limiting access by servers 60-15
TFTP download
threshold monitoring, IP SLAs 66-6
time
Time Domain Reflectometer
time exceeded messages 8-10
timer
timestamps in log messages 58-7
time zones 4-12
TLV
host presence detection 44-8
TLVs
LLDP-MED 29-2
Token Ring
media not supported (note) 15-5, 15-10
Topology change notification processing
MLD Snooping
Topology change notification processing 26-4
TOS
description 40-4
trace command 8-10
traceroute
traceroute mac command 8-12
traceroute mac ip command 8-12
tracked lists
configuring 57-3
types 57-3
tracked objects
by Boolean expression 57-4
by threshold percentage 57-6
by threshold weight 57-5
tracking interface line-protocol state 57-2
tracking IP routing state 57-2
tracking objects 57-1
tracking process 57-1
track state, tracking IP SLAs 57-9
traffic
blocking flooded 53-2
traffic control
using ACLs (figure) 51-4
using VLAN maps (figure) 51-5
traffic marking procedure flowchart 40-20
traffic shaping 40-9
translational bridge numbers (defaults) 15-5
traps
configuring MAC address notification 4-24
configuring MAC move notification 4-26
configuring MAC threshold notification 4-28
configuring managers 60-11
defined 60-3
enabling 4-24, 4-26, 4-28, 60-11
notification types 60-11
troubleshooting
with CiscoWorks 60-4
with system message logging 58-1
with traceroute 8-9
troubleshooting high CPU due to ACLs 51-6
trunk failover
trunk ports
configure port security 47-17
configuring PVLAN42-19to 42-21
trunks
802.1Q restrictions 17-4
configuring 17-5
configuring access VLANs 17-5
configuring allowed VLANs 17-5
default interface configuration 17-5
enabling to non-DTP device 17-3
specifying native VLAN 17-5
understanding 17-3
trustpoint 65-3
tunneling
defined 27-1
tunnel ports
802.1Q, configuring 27-6
described 27-2
incompatibilities with other features 27-5
TwinGig Convertors
limitations on using 7-14
port numbering 7-13
selecting X2/TwinGig Convertor mode 7-14
type length value
type of service
U
UDLD
configuring probe message interval per-interface 30-8
default configuration 30-4
disabling on fiber-optic interfaces 30-7
disabling on non-fiber-optic interfaces 30-7
displaying link status 30-9
enabling globally 30-5
enabling per-interface 30-6
modes of operation 30-3
resetting disabled LAN interfaces 30-8
use case 30-2
UDLD, overview 30-1
UDP jitter, configuring 66-9
UDP jitter operation, IP SLAs 66-8
unauthorized ports with 802.1X 44-5
unicast
unicast flood blocking
configuring 53-1
unicast MAC address filtering
and adding static addresses 4-31
and broadcast MAC addresses 4-30
and CPU packets 4-30
and multicast addresses 4-30
and router MAC addresses 4-30
configuration guidelines 4-30
described 4-30
unicast MAC address filtering, configuring
ACLs
configuring unicast MAC address filtering 51-13
Unicast RPF (Unicast Reverse Path Forwarding)
applying 34-5
BGP attributes
caution 34-4
CEF
requirement 34-2
tables 34-7
configuring 34-9
(examples)??to 34-12
BOOTP 34-8
DHCP 34-8
enterprise network (figure) 34-6
prerequisites 34-9
routing table requirements 34-7
tasks 34-9
verifying 34-10
deploying 34-5
disabling 34-11
enterprise network (figure) 34-6
FIB 34-2
implementing 34-4
packets, dropping (figure) 34-4
prerequisites 34-9
restrictions
basic 34-8
routing asymmetry 34-7
routing asymmetry (figure) 34-8
routing table requirements 34-7
security policy
applying 34-5
attacks, mitigating 34-5
deploying 34-5
tunneling 34-5
source addresses, validating 34-3
failure 34-3
traffic filtering 34-5
tunneling 34-5
validation
packets, dropping 34-3
source addresses 34-3
verifying 34-10
unicast traffic
blocking 53-2
Unidirectional Controlled Port, configuring 802.1X 44-64
unidirectional ethernet
enabling 31-2
example of setting 31-2
overview 31-1
UniDirectional Link Detection Protocol
Universal PoE, configuring 13-16
UNIX syslog servers
daemon configuration 58-10
facilities supported 58-12
message logging configuration 58-11
UplinkFast
and MST 20-23
enabling 23-15
MST and 20-23
overview 23-11
usage examples, Wireshark 56-17
user-defined event triggers
configuring, 802.1X-based 19-8
configuring, MAC address-based 19-9
User-defined triggers and built-in macros, configuring mapping 19-9
user EXEC mode 2-5
user sessions
disconnecting 8-8
monitoring 8-7
V
VACLs
Layer 4 port operations 51-10
virtual configuration register 71-3
virtual LANs
virtual ports, MKA 43-3
Virtual Private Network
Virtual Switch System(VSS), displaying EtherChannel to 24-16
VLAN ACLs
VLAN blocking, REP 22-13
vlan command 15-6
vlan dot1q tag native command 27-4
VLAN ID
service provider 27-9
VLAN ID, discovering 4-37
VLAN ID translation
VLAN load balancing
REP 22-4
VLAN load balancing, triggering 22-6
VLAN load balancing on flex links 21-2
configuration guidelines 21-6
VLAN Management Policy Server
VLAN mapping
1-to-1 27-8
1-to-1, configuring 27-11
configuration guidelines 27-10
configuring 27-11
configuring on a trunk port 27-11
default 27-9
selective QinQ 27-8
selective Q-in-Q, configuring 27-12
traditional QinQ 27-8
traditional Q-in-Q, configuring 27-12
types of 27-8
VLAN maps
applying to a VLAN 51-21
configuration example 51-22
configuration guidelines 51-18
configuring 51-17
creating and deleting entries 51-19
defined 1-36
denying access example 51-23
denying packets 51-19
displaying 51-24
order of entries 51-18
permitting packets 51-19
router ACLs and 51-25
using (figure) 51-5
using in your network 51-22
VLAN maps, PACL and Router ACLs 51-32
VLANs
allowed on trunk 17-5
configuration guidelines 15-3
configuring 15-5
configuring as Layer 3 interfaces 32-7
customer numbering in service-provider networks 27-3
default configuration 15-4
description 1-10
extended range 15-3
IDs (default) 15-5
interface assignment 15-7
limiting source traffic with RSPAN 55-23
monitoring with RSPAN 55-21
name (default) 15-5
normal range 15-3
overview 15-1
reserved range 15-3
VLAN Trunking Protocol
VLAN trunks
overview 17-3
VLAN User Distribution, configuring 802.1X 44-66
VMPS
configuration file example 15-32
configuring dynamic access ports on client 15-25
configuring retry interval 15-27
database configuration file 15-32
dynamic port membership
example 15-29
reconfirming 15-26
reconfirming assignments 15-26
reconfirming membership interval 15-26
server overview 15-21
VMPS client
administering and monitoring 15-28
configure switch
configure reconfirmation interval 15-26
dynamic ports 15-25
entering IP VMPS address 15-24
reconfirmation interval 15-27
reconfirm VLAM membership 15-26
default configuration 15-24
dynamic VLAN membership overview 15-23
troubleshooting dynamic port VLAN membership 15-29
VMPS server
fall-back VLAN 15-23
illegal VMPS client requests 15-23
overview 15-21
security modes
multiple 15-22
open 15-22
secure 15-22
Voice over IP
configuring 41-1
voice ports
configuring VVID 41-3
voice VLAN
IP phone data traffic, described 41-2
IP phone voice traffic, described 41-2
Voice VLAN, configure 802.1X 44-70
voice VLAN ports
using 802.1X 44-22
VPN
configuring routing in 39-12
forwarding 39-3
in service provider networks 39-1
routes 39-2
routing and forwarding table
VRF
defining 39-3
tables 39-1
VRF-aware services
configuring 39-5
ftp 39-8
ping 39-6
SNMP 39-7
syslog 39-8
tftp 39-8
traceroute 39-8
uRPF 39-7
VRF-lite
description 1-20
VTP
client, configuring 15-16
configuration guidelines 15-12
default configuration 15-13
disabling 15-16
Layer 2 protocol tunneling 27-14
monitoring 15-19
overview 15-8
pruning
configuring 15-15
server, configuring 15-16
statistics 15-19
transparent mode, configuring 15-16
version 2
enabling 15-15
VTP advertisements
description 15-9
VTP domains
description 15-8
VTP modes 15-9
VTP pruning
overview 15-11
VTP versions 2 and 3
overview 15-9
VTY and Network Assistant 14-12
VVID (voice VLAN ID)
and 802.1X authentication 44-22
configuring 41-3
W
WCCP
configuration examples 69-10
configuring on a router 69-2, 69-11
features 69-4
restrictions 69-5
service groups 69-6
web-based authentication
authentication proxy web pages 46-4
web-based authentication, interactions with other features 46-4
Web Cache Communication Protocol
See WCCP 69-1
web caches
web cache services
description 69-4
web caching
web scaling 69-1
weight thresholds in tracked lists 57-5
Wireshark
activating and deactivating, capture points, conceptual 56-6
attachment points 56-2
capture filter 56-3
capture points 56-2
core system filter 56-3
decoding and displaying packets 56-5
display filter 56-4
feature interactions 56-6
filters 56-3
storing captured packets to a .pcap filter 56-4
usage examples 56-17
Wireshark, about 56-1
Wireshark, activating and deactivating a capture point 56-10
Wireshark, defining/modifying/deleting a capture point 56-8
Wireshark, displaying information 56-13
Y
Y.1731
default configuration 63-29
described 63-27
ETH-AIS
Ethernet Alarm Signal function (ETH-AIS)
ETH-RDI 63-28
multicast Ethernet loopback 63-31
multicast ETH-LB 63-29
terminology 63-27