Index Numerics
4K VLANs (support for 4,096 VLANs) 23-2
802.1AE Tagging 67-2
802.1Q
Layer 2 protocol tunneling
See Layer 2 protocol tunneling
mapping to ISL VLANs 23-7
trunks 18-4
restrictions 18-2
tunneling
configuration guidelines 26-1
configuring tunnel ports 26-6
overview 26-4
802.1Q Ethertype
specifying custom 18-15
802.1X 80-1
802.1x accounting 80-41
802.3ad
See LACP
802.3af 17-2
802.3x Flow Control 10-9
A
AAA
fail policy 80-8, 81-5
AAA (authentication, authorization, and accounting). See also port-based authentication. 80-6, 81-2
aaa accounting dot1x command 80-41
aaa accounting system command 80-41
abbreviating commands 2-5
access, restricting MIB 83-10
access control entries and lists 66-1
access-enable host timeout (not supported) 66-4
access port, configuring 18-14
access rights 83-9
access setup, example 83-11
accounting
with 802.1x 80-41
with IEEE 802.1x 80-16
ACEs and ACLs 66-1
ACLs
downloadable 81-2
downloadable (dACLs) 80-23
Filter-ID 80-24
per-user 80-24
port
defined 70-2
redirect URL 80-25
static sharing 80-25
acronyms, list of A-1
activating lawful intercept 83-8
admin function (mediation device) 83-7, 83-8
administration, definition 83-6
advertisements, VTP 22-4
aggregate label 34-2, 34-5
aggregate policing 60-4
aging time
accelerated
for MSTP 28-45
maximum
for MSTP 28-45, 28-46
alarms
major 13-4
minor 13-4
Allow DHCP Option 82 on Untrusted Port
configuring 75-10
understanding 75-5
any transport over MPLS (AToM) 36-3
Ethernet over MPLS 36-3
ARP ACL 66-12
ARP spoofing 77-3
AToM 36-3
audience 1-xliii
authentication control-direction command 80-50
authentication event command 80-43
authentication failed VLAN
See restricted VLAN
authentication open comand 80-15
authentication password, VTP 22-5
authentication periodic command 80-36, 80-47
authentication port-control command 80-43
authentication timer reauthenticate command 80-36
authorized ports with 802.1X 80-12
automatic QoS
configuration guidelines and restrictions 63-2
macros 63-4
overview 63-2
AutoQoS 63-1
auto-sync command 8-4
B
BackboneFast
See STP BackboneFast
backup interfaces
See Flex Links
binding database, DHCP snooping
See DHCP snooping binding database
binding table, DHCP snooping
See DHCP snooping binding database
blocking state, STP 28-8
blue beacon 1-6
BPDU
RSTP format 28-16
BPDU guard
See STP BPDU guard
BPDUs
Bridge Assurance 29-5
Shared Spanning Tree Protocol (SSTP) 29-20
Bridge Assurance
description 29-4 to 29-6
inconsistent state 29-5
supported protocols and link types 29-5
bridge domain
configuring 38-8
bridge groups 32-1
bridge ID
See STP bridge ID
bridge priority, STP 28-34
bridge protocol data units
see BPDUs
bridging 32-1
broadcast storms
see traffic-storm control
C
CALEA, See Communications Assistance for Law Enforcement Act (CALEA)
Call Home
description 50-3
message format options 50-3
messages
format options 50-3
call home 50-1
alert groups 50-28
contact information 50-19
destination profiles 50-20
displaying information 50-39
pattern matching 50-31
periodic notification 50-30
rate limit messages 50-31
severity threshold 50-30
smart call home feature 50-4
SMTP server 50-2
testing communications 50-32
call home alert groups
configuring 50-28
description 50-28
subscribing 50-29
call home customer information
entering information 50-19
call home destination profiles
attributes 50-21
description 50-20
displaying 50-42
call home notifications
full-txt format for syslog 50-15
XML format for syslog 50-15
CDP
host presence detection 80-14, 82-4
to configure Cisco phones 16-3
CEF
configuring
RP 30-5
supervisor engine 30-4
examples 30-3
Layer 3 switching 30-2
packet rewrite 30-2
certificate authority (CA) 50-2
channel-group group
command 20-8, 20-13, 20-14
command example 20-9, 20-14
Cisco Discovery Protocol
See CDP
Cisco Emergency Responder 16-4
Cisco Express Forwarding 34-3
CISCO-IP-TAP-MIB
citapStreamVRF 83-2
overview 83-8
restricting access to 83-10, 83-11
CISCO-TAP2-MIB
accessing 83-9
overview 83-8
restricting access to 83-10, 83-11
CIST regional root
See MSTP
CIST root
See MSTP
class command 60-9
class map configuration 60-8, 61-11
clear authentication sessions command 80-38
clear counters command 10-12
clear dot1x command 80-37
clear interface command 10-13
CLI
accessing 2-1
backing out one level 2-5
console configuration mode 2-5
getting list of commands 2-6
global configuration mode 2-5
history substitution 2-4
interface configuration mode 2-5
privileged EXEC mode 2-5
ROM monitor 2-7
software basics 2-4
collection function 83-6
command line processing 2-3
commands, getting list of 2-6
Communications Assistance for Law Enforcement Act
CALEA for Voice 83-5
lawful intercept 83-4
community ports 24-7
community VLANs 24-6, 24-7
configuration example
EoMPLS port mode 36-4, 36-7
EoMPLS VLAN mode 36-4
VPLS, 802.1Q access port for untagged traffic from CE 37-8
VPLS, associating the attachment circuit with the VSI at the PE 37-13
VPLS, L2 VLAN instance on the PE 37-10
VPLS, MPLS in the PE 37-11
VPLS, using QinQ to place all VLANs into a single VPLS 37-9
VPLS, VFI in the PE 37-12
configuration guidelines
EVCs 38-2
configuring 60-9, 61-11
lawful intercept 83-10, 83-11, 83-12
SNMP 83-10
console configuration mode 2-5
content IAP 83-6
control plane policing
See CoPP
CoPP 74-1
applying QoS service policy to control plane 74-5
configuring
ACLs to match traffic 74-5
enabling MLS QoS 74-5
packet classification criteria 74-5
service-policy map 74-5
control plane configuration mode
entering 74-5
displaying
dynamic information 74-9
number of conforming bytes and packets 74-9
rate information 74-9
entering control plane configuration mode 74-5
monitoring statistics 74-9
overview 74-3
packet classification guidelines 74-2
traffic classification
defining 74-6
guidelines 74-7
overview 74-6
sample ACLs 74-7
sample classes 74-6
CoS
override priority 16-6, 17-4
counters
clearing interface 10-12, 10-13
critical authentication 80-8
critical authentication, IEEE 802.1x 80-44
CSCsr62404 10-9
cTap2MediationDebug notification 83-12
cTap2MediationNewIndex object 83-8
cTap2MediationTable 83-8
cTap2MediationTimedOut notification 83-12
cTap2MIBActive notification 83-12
cTap2StreamDebug notification 83-12
cTap2StreamTable 83-8
customer contact information
entering for call home 50-19
D
dACL
See ACLs, downloadable 80-23
dCEF 30-4
debug commands
IP MMLS 40-31
DEC spanning-tree protocol 32-1
default configuration
802.1X 80-28, 81-7
dynamic ARP inspection 77-6
EVCs 38-9
Flex Links 19-4
IP MMLS 40-15
MSTP 28-26
MVR 44-5
UDLD 11-3
voice VLAN 16-4
VTP 22-9
default VLAN 18-10
denial of service protection 73-1
device IDs
call home format 50-11, 50-12
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 75-7
overview 75-5
packet format, suboption
circuit ID 75-7
remote ID 75-7
remote ID suboption 75-7
DHCP option 82 allow on untrusted port 75-10
DHCP snooping
802.1X data insertion 80-15
binding database
See DHCP snooping binding database
configuration guidelines 75-8
configuring 75-9
default configuration 75-8
displaying binding tables 75-18
enabling 75-9, 75-10, 75-11, 75-12, 75-13, 75-14
enabling the database agent 75-14
message exchange process 75-6
monitoring 76-5, 76-6
option 82 data insertion 75-5
overview 75-3
Snooping database agent 75-7
DHCP snooping binding database
described 75-5
entries 75-5
DHCP snooping binding table
See DHCP snooping binding database
DHCP Snooping Database Agent
adding to the database (example) 75-18
enabling (example) 75-15
overview 75-7
reading from a TFTP file (example) 75-17
DHCP snooping increased bindings limit 75-14
DiffServ
configuring short pipe mode 64-30
configuring uniform mode 64-34
short pipe mode 64-27
uniform mode 64-28
DiffServ tunneling modes 64-4
Disabling PIM Snooping Designated Router Flooding 47-6
distributed Cisco Express Forwarding
See dCEF
distributed egress SPAN 53-10, 53-15
DNS, See Domain Name System
DNS, see Domain Name System
documentation, related 1-xliii
Domain Name System 83-2
DoS protection 73-1
monitoring packet drop statistics
using monitor session commands 73-8
using VACL capture 73-10
QoS ACLs 73-2
security ACLs 73-2
uRPF check 73-5
dot1x initialize interface command 80-37
dot1x max-reauth-req command 80-41
dot1x max-req command 80-40
dot1x pae authenticator command 80-31
dot1x re-authenticate interface command 80-36
dot1x timeout quiet-period command 80-38
DSCP-based queue mapping 62-14
duplex command 10-5, 10-6
duplex mode
autonegotiation status 10-6
configuring interface 10-4
dynamic ARP inspection
ARP cache poisoning 77-3
ARP requests, described 77-3
ARP spoofing attack 77-3
configuration guidelines 77-2
configuring
log buffer 77-13, 77-15
logging system messages 77-14
rate limit for incoming ARP packets 77-5, 77-10
default configuration 77-6
denial-of-service attacks, preventing 77-10
described 77-3
DHCP snooping binding database 77-4
displaying
ARP ACLs 77-15
configuration and operating state 77-15
trust state and rate limit 77-15
error-disabled state for exceeding rate limit 77-5
function of 77-4
interface trust states 77-4
log buffer
configuring 77-13, 77-15
logging of dropped packets, described 77-6
logging system messages
configuring 77-14
man-in-the middle attack, described 77-4
network security issues and interface trust states 77-4
priority of ARP ACLs and DHCP snooping entries 77-6
rate limiting of ARP packets
configuring 77-10
described 77-5
error-disabled state 77-5
validation checks, performing 77-11
Dynamic Host Configuration Protocol snooping 75-1
E
EAC 67-2
EAPOL. See also port-based authentication. 80-6
egress SPAN 53-10
electronic traffic, monitoring 83-7
e-mail addresses
assigning for call home 50-19
e-mail notifications
Call Home 50-3
enable mode 2-5
enable sticky secure MAC address 82-8
enabling
IP MMLS
on router interfaces 40-16
lawful intercept 83-8
SNMP notifications 83-12
Endpoint Admission Control (EAC) 67-2
environmental monitoring
LED indications 13-4
SNMP traps 13-4
supervisor engine and switching modules 13-4
Syslog messages 13-4
using CLI commands 13-1
EOBC
for MAC address table synchronization 18-3
EoMPLS 36-3
configuring 36-4
configuring VLAN mode 36-3
guidelines and restrictions 36-2
port mode 36-3
VLAN mode 36-3
ERSPAN 53-1
EtherChannel
channel-group group
command 20-8, 20-13, 20-14
command example 20-9, 20-14
configuration guidelines 4-26, 20-2
configuring
Layer 2 20-8
configuring (tasks) 4-26, 20-7
interface port-channel
command example 20-8
interface port-channel (command) 20-8
lacp system-priority
command example 20-10
Layer 2
configuring 20-8
load balancing
configuring 20-11
understanding 20-7
Min-Links 20-13, 20-14
modes 20-4
PAgP
understanding 20-5
port-channel interfaces 20-7
port-channel load-balance
command 20-10, 20-11
command example 20-12
STP 20-7
understanding 4-4, 20-3
EtherChannel Guard
See STP EtherChannel Guard
Ethernet
setting port duplex 10-10
Ethernet flow point
See EFP
Ethernet over MPLS (EoMPLS) configuration
EoMPLS port mode 36-6
EoMPLS VLAN mode 36-4
Ethernet Virtual Connection
See EVC
EVC
broadcast domain 38-4
configuration guidelines 38-2
default configuration 38-9
supported features 38-2
EXP mutation 64-4
extended range VLANs 23-2
See VLANs
extended system ID
MSTP 28-39
Extensible Authentication Protocol over LAN. See EAPOL.
F
fall-back bridging 32-1
fast link notification
on VSL failure 4-13
fiber-optic, detecting unidirectional links 11-1
FIB TCAM 34-3
figure
lawful intercept overview 83-5
Flex Links 19-1
configuration guidelines 19-2
configuring 19-4
default configuration 19-4
description 19-2
monitoring 19-5
flow control 10-9
forward-delay time
MSTP 28-45
forward-delay time, STP 28-35
frame distribution
See EtherChannel load balancing
G
get requests 83-7, 83-8, 83-11
global configuration mode 2-5
guest VLAN and 802.1x 80-19
H
hardware Layer 3 switching
guidelines 30-2
hello time
MSTP 28-44
hello time, STP 28-35
High Capacity Power Supply Support 12-4
history
CLI 2-4
host mode
see port-based authentication
host ports
kinds of 24-7
host presence CDP message 16-4, 80-14
host presence TLV message 82-4
http
//www-tac.cisco.com/Teams/ks/c3/xmlkwery.php?srId=612293409 20-3
I
IAP
content IAP 83-6
definition 83-6
content IAP 83-6
identification IAP 83-6
types of
ICMP unreachable messages 66-2
ID IAP 83-6
IDs
serial IDs 50-12
IEEE 802.1Q Ethertype
specifying custom 18-15
IEEE 802.1Q Tagging on a Per-Port Basis 26-7
IEEE 802.1w
See RSTP
IEEE 802.1x
accounting 80-16, 80-41
authentication failed VLAN 80-19
critical ports 80-20
DHCP snooping 80-15
guest VLAN 80-19
MAC authentication bypass 80-26
network admission control Layer 2 validation 80-27
port security interoperability 80-22
RADIUS-supplied session timeout 80-35
voice VLAN 80-22
wake-on-LAN support 80-28
IEEE 802.3ad
See LACP
IEEE 802.3af 17-2
IEEE 802.3x Flow Control 10-9
IEEE bridging protocol 32-1
IGMP 43-1
configuration guidelines 42-9
enabling 43-9
join messages 43-3
leave processing
enabling 43-13
queries 43-4
query interval
configuring 43-12
snooping
fast leave 43-6
joining multicast group 43-3, 45-4
leaving multicast group 43-5, 45-4
understanding 43-3, 45-3
snooping querier
enabling 43-9
understanding 43-3, 45-3
IGMPv3 40-26
IGMP v3lite 40-26
ignore port trust 60-11
inaccessible authentication bypass 80-20
ingress SPAN 53-10
intercept access point
See IAP
intercept-related information (IRI) 83-6, 83-7
intercepts, multiple 83-6
interface
configuration mode 2-5
Layer 2 modes 18-4
number 10-2
interface port-channel
command example 20-8
interface port-channel (command) 20-8
interfaces
configuring, duplex mode 10-3
configuring, speed 10-3
configururing, overview 10-2
counters, clearing 10-12, 10-13
displaying information about 10-12
maintaining 10-12
monitoring 10-12
range of 10-2
restarting 10-13
shutting down
task 10-13
interfaces command 10-2
interfaces range command 52-3
interfaces range macro command 10-2
internal VLANs 23-3
Internet Group Management Protocol 43-1, 45-1
IP accounting, IP MMLS and 40-2
IP CEF
topology (figure) 30-4
ip flow-export source command 55-3, 55-4, 55-5
ip http server 1-7
ip local policy route-map command 31-5
IP MMLS
cache, overview 40-4
configuration guideline 40-1
debug commands 40-31
default configuration 40-15
enabling
on router interfaces 40-16
Layer 3 MLS cache 40-4
overview 40-2
packet rewrite 40-5
router
enabling globally 40-16
enabling on interfaces 40-16
PIM, enabling 40-16
IP multicast
IGMP snooping and 43-8
MLDv2 snooping and 42-9
overview 43-2, 45-2, 46-2
IP multicast MLS
See IP MMLS
ip multicast-routing command
enabling IP multicast 40-16
IP phone
configuring 16-5
ip pim command
enabling IP PIM 40-16
ip policy route-map command 31-5
IP Source Guard 76-1
configuring 76-3
configuring on private VLANs 76-5
displaying 76-5, 76-6
overview 76-2
IP unnumbered 32-1
IPv4 Multicast over Point-to-Point GRE Tunnels 1-8
IPv4 Multicast VPN 48-1
IPv6 Multicast Layer 3 Switching 41-1
IPv6 QoS 59-3
ISL trunks 18-4
isolated port 24-7
isolated VLANs 24-6, 24-7
J
join messages, IGMP 43-3
jumbo frames 10-6
K
keyboard shortcuts 2-3
L
label edge router 34-2
label switched path 36-1
label switch router 34-2, 34-4
LACP
system ID 20-6
Law Enforcement Agency (LEA) 83-4
lawful intercept
admin function 83-7, 83-8
collection function 83-6
configuring 83-10, 83-11, 83-12
enabling 83-8
IRI 83-6
mediation device 83-5
overview 83-4, 83-5
prerequisites 83-1
processing 83-7
security considerations 83-9
SNMP notifications 83-12
lawful intercept processing 83-7
Layer 2
configuring interfaces 18-5
access port 18-14
trunk 18-8
defaults 18-5
interface modes 18-4
show interfaces 10-8, 10-9, 18-6, 18-13
switching
understanding 18-2
trunks
understanding 18-4
VLAN
interface assignment 23-6
Layer 2 Interfaces
configuring 18-1
Layer 2 protocol tunneling
configuring Layer 2 tunnels 27-3
overview 27-2
Layer 2 Traceroute 56-1
Layer 2 traceroute
and ARP 56-2
and CDP 56-1
described 56-2
IP addresses and subnets 56-2
MAC addresses and VLANs 56-2
multicast traffic 56-2
multiple devices on a port 56-2
unicast traffic 56-2
usage guidelines 56-1
Layer 3
IP MMLS and MLS cache 40-4
Layer 3 switched packet rewrite
CEF 30-2
Layer 3 switching
CEF 30-2
Layer 4 port operations (ACLs) 66-2
leave processing, IGMP
enabling 43-13
leave processing, MLDv2
enabling 42-12
LERs 64-2, 64-6, 64-7
Link Failure
detecting unidirectional 28-25
link negotiation 10-5
link redundancy
See Flex Links
load deferral
MEC traffic recovery 4-6
Local Egress Replication 40-19
logical operation unit
See LOU
loop guard
See STP loop guard
LOU
description 66-3
determining maximum number of 66-3
LSRs 64-2, 64-6
M
mab command 80-43, 80-47
MAC address-based blocking 69-1
MAC address table notification 18-7
MAC authentication bypass. See also port-based authentication. 80-26
MAC move (port security) 82-3
macros 3-1
See Smartports macros
MACSec 67-2
magic packet 80-28
main-cpu command 8-4
mapping 802.1Q VLANs to ISL VLANs 23-7
markdown
see QoS markdown
match ip address command 31-4
match length command 31-4
maximum aging time
MSTP 28-45
maximum aging time, STP 28-36
maximum hop count, MSTP 28-46
MEC
configuration 4-42
described 4-14
failure 4-15
port load share deferral 4-16
mediation device
admin function 83-7, 83-8
definition 83-5
description 83-5
MIBs
CISCO-IP-TAP-MIB 83-2, 83-8, 83-10
CISCO-TAP2-MIB 83-8, 83-9, 83-10
SNMP-COMMUNITY-MIB 83-9
SNMP-USM-MIB 83-4, 83-9
SNMP-VACM-MIB 83-4, 83-9
microflow policing 60-4
Mini Protocol Analyzer 57-1
Min-Links 20-13
MLD
report 42-5
MLD snooping
query interval
configuring 42-10
MLDv1 42-2
MLDv2 42-1
enabling 42-11
leave processing
enabling 42-12
queries 42-6
snooping
fast leave 42-8
joining multicast group 42-5
leaving multicast group 42-7
understanding 42-3
snooping querier
enabling 42-10
understanding 42-3
MLDv2 Snooping 42-1
monitoring
Flex Links 19-5
MVR 44-8
private VLANs 24-16
monitoring electronic traffic 83-7
MPLS 34-1, 34-2
aggregate label 34-2
any transport over MPLS 36-3
basic configuration 34-9
core 34-4
DiffServ Tunneling Modes 64-26
egress 34-4
experimental field 64-3
hardware features 34-5
ingress 34-4
IP to MPLS path 34-4
labels 34-2
MPLS to IP path 34-4
MPLS to MPLS path 34-4
nonaggregate lable 34-2
QoS default configuration 64-13
restrictions 34-1
VPN 64-11
VPN guidelines and restrictions 35-2
MPLS QoS
Classification 64-2
Class of Service 64-2
commands 64-15
configuring a class map 64-17
configuring a policy map 64-20
configuring egress EXP mutation 64-24
configuring EXP Value Maps 64-25
Differentiated Services Code Point 64-2
displaying a policy map 64-24
E-LSP 64-2
EXP bits 64-2
features 64-2
IP Precedence 64-2
QoS Tags 64-2
queueing-only mode 64-17
MPLS QoS configuration
class map to classify MPLS packets 64-17
MPLS supported commands 34-2
MPLS VPN
limitations and restrictions 35-2
MQC 58-1
MST
interoperation with Rapid PVST+ 29-20
root bridge 29-20
MSTP
boundary ports
configuration guidelines 28-2
described 28-22
CIST, described 28-19
CIST regional root 28-20
CIST root 28-21
configuration guidelines 28-2
configuring
forward-delay time 28-45
hello time 28-44
link type for rapid convergence 28-46
maximum aging time 28-45
maximum hop count 28-46
MST region 28-38
neighbor type 28-46
path cost 28-42
port priority 28-41
root switch 28-39
secondary root switch 28-40
switch priority 28-43
CST
defined 28-19
operations between regions 28-20
default configuration 28-26
displaying status 28-47
enabling the mode 28-38
extended system ID
effects on root switch 28-39
effects on secondary root switch 28-40
unexpected behavior 28-39
IEEE 802.1s
implementation 28-23
port role naming change 28-23
terminology 28-21
interoperability with IEEE 802.1D
described 28-24
restarting migration process 28-47
IST
defined 28-19
master 28-20
operations within a region 28-20
mapping VLANs to MST instance 28-38
MST region
CIST 28-19
configuring 28-38
described 28-19
hop-count mechanism 28-22
IST 28-19
supported spanning-tree instances 28-19
overview 28-18
root switch
configuring 28-39
effects of extended system ID 28-39
unexpected behavior 28-39
status, displaying 28-47
MTU size (default) 23-3
multiauthentication (multiauth). See also port-based authentication. 80-14
multicast
IGMP snooping and 43-8
MLDv2 snooping and 42-9
non-RPF 40-7
overview 43-2, 45-2, 46-2
PIM snooping 47-4
multicast flood blocking 79-1
multicast groups
joining 43-3, 45-4
leaving 42-7, 43-5
multicast groups, IPv6
joining 42-5
Multicast Listener Discovery version 2 42-1
Multicast Replication Mode Detection enhancement 40-18
multicast storms
see traffic-storm control
multicast television application 44-3
multicast VLAN 44-2
Multicast VLAN Registration 44-1
multichassis EtherChannel
see MEC 4-14
Multidomain Authentication (MDA). See also port-based authentication. 80-14
Multilayer MAC ACL QoS Filtering 66-9
multiple path RPF check 73-5
Multiple Spanning Tree
See MST
MUX-UNI Support 34-7
MUX-UNI support 34-7
MVAP (Multi-VLAN Access Port). See also port-based authentication. 80-22
MVR
and IGMPv3 44-2
configuring interfaces 44-6
default configuration 44-5
example application 44-3
in the switch stack 44-5
monitoring 44-8
multicast television application 44-3
restrictions 44-1
setting global parameters 44-6
N
NAC
agentless audit support 80-27
critical authentication 80-20, 80-44
IEEE 802.1x authentication using a RADIUS server 80-47
IEEE 802.1x validation using RADIUS server 80-47
inaccessible authentication bypass 80-44
Layer 2 IEEE 802.1x validation 80-47
Layer 2 IEEE802.1x validation 80-27
native VLAN 18-11
NDAC 67-2
NetFlow
table, displaying entries 30-5
Network Device Admission Control (NDAC) 67-2
network ports
Bridge Assurance 29-5
description 29-2
nonaggregate label 34-2, 34-5
non-RPF multicast 40-7
normal-range VLANs
See VLANs
notifications, See SNMP notifications
NSF with SSO does not support IPv6 multicast traffic. 6-1, 7-1
O
OIR 10-11
online diagnostics
CompactFlash disk verification A-40
configuring 14-2
datapath verification A-11
diagnostic sanity check 14-24
egress datapath test A-5
error counter test A-5
interrupt counter test A-5
memory tests 14-24
overview 14-2
running tests 14-6
test descriptions A-1
understanding 14-2
online diagnostic tests A-1
online insertion and removal
See OIR
out-f-band MAC address table synchronization
configuring 18-6
in a VSS 4-2
out of profile
see QoS out of profile
P
packet capture 57-2
packet rewrite
CEF 30-2
IP MMLS and 40-5
packets
multicast 70-6
PAgP
understanding 20-5
path cost
MSTP 28-42
PBACLs 66-5
PBF 71-4
PBR 1-8
PBR (policy-based routing)
configuration (example) 31-7
enabling 31-4
peer inconsistent state
in PVST simulation 29-20
per-port VTP enable and disable 22-16
PFC
recirculation 34-5
PIM, IP MMLS and 40-16
PIM snooping
designated router flooding 47-6
enabling globally 47-5
enabling in a VLAN 47-5
overview 47-4
platform aging command
configuring IP MLS 49-3, 49-4
platform ip multicast command
enabling IP MMLS 40-17 to 40-27
PoE 17-2
Cisco prestandard 17-2
IEEE 802.3af 17-2
PoE management 17-3
power policing 17-3
power use measurement 17-3
police command 60-13, 60-14
policy-based ACLs (PBACLs) 66-5
policy-based forwarding (PBF) 72-2
policy-based routing
See PBR
policy-based routing (PBR)
configuring 31-1
policy map 60-9, 61-11
attaching to an interface 60-17, 61-15, 73-4
policy-map command 60-9
port ACLs
defined 70-2
port ACLs (PACLs) 70-1
Port Aggregation Protocol
see PAgP
port-based authentication
AAA authorization 80-30
accounting 80-16
configuring 80-41
authentication server
defined 80-7, 81-3
RADIUS server 80-7
client, defined 80-7, 81-3
configuration guidelines 80-2, 81-1
configuring
guest VLAN 80-42
inaccessible authentication bypass 80-44
initializing authentication of a client 80-37
manual reauthentication of a client 80-36
RADIUS server 80-33, 81-10
RADIUS server parameters on the switch 80-32, 81-9
restricted VLAN 80-43
switch-to-authentication-server retransmission time 80-39
switch-to-client EAP-request frame retransmission time 80-39
switch-to-client frame-retransmission number 80-40
switch-to-client retransmission time 80-39
user distribution 80-42
VLAN group assignment 80-42
default configuration 80-28, 81-7
described 80-6
device roles 80-6, 81-3
DHCP snooping 80-15
DHCP snooping and insertion 75-6
displaying statistics 80-51, 81-15
EAPOL-start frame 80-10
EAP-request/identity frame 80-10
EAP-response/identity frame 80-10
enabling
802.1X authentication 80-30, 80-32, 81-9
periodic reauthentication 80-35
encapsulation 80-7
guest VLAN
configuration guidelines 80-19, 80-20
described 80-19
host mode 80-13
inaccessible authentication bypass
configuring 80-44
described 80-20
guidelines 80-4
initiation and message exchange 80-10
MAC authentication bypass 80-26
magic packet 80-28
method lists 80-30
modes 80-13
multiauth mode, described 80-14
multidomain authentication mode, described 80-14
multiple-hosts mode, described 80-13
ports
authorization state and dot1x port-control command 80-12
authorized and unauthorized 80-12
critical 80-20
voice VLAN 80-22
port security
and voice VLAN 80-23
described 80-22
interactions 80-22
multiple-hosts mode 80-13
pre-authentication open access 80-15, 80-33
resetting to default values 80-51
supplicant, defined 80-7
switch
as proxy 80-7, 81-3
RADIUS client 80-7
user distribution
configuring 80-42
described 80-18
guidelines 80-4
VLAN assignment
AAA authorization 80-30
characteristics 80-17
configuration tasks 80-18
described 80-17
VLAN group
guidelines 80-4
voice VLAN
described 80-22
PVID 80-22
VVID 80-22
wake-on-LAN, described 80-28
port-based QoS features
see QoS
port-channel
see EtherChannel
port-channel load-balance
command 20-10, 20-11
command example 20-10, 20-12
port-channel load-defer command 4-42
port-channel port load-defer command 4-42
port cost, STP 28-32
port debounce timer
disabling 10-10
displaying 10-10
enabling 10-10
PortFast
edge ports 29-2
network ports 29-2
See STP PortFast
PortFast Edge BPDU filtering
See STP PortFast Edge BPDU filtering
PortFast port types
description 29-2, 29-2 to ??
edge 29-2
network 29-2
port mode 36-3
port negotiation 10-5
port priority
MSTP 28-41
port priority, STP 28-31
ports
setting the debounce timer 10-10
port security
aging 82-9, 82-10
configuring 82-4
described 82-3
displaying 82-10
enable sticky secure MAC address 82-8
sticky MAC address 82-3
violations 82-3
Port Security is supported on trunks 82-2, 82-5, 82-7, 82-9
port security MAC move 82-3
port security on PVLAN ports 82-2
Port Security with Sticky Secure MAC Addresses 82-3
power management
enabling/disabling redundancy 12-2
overview 12-1
powering modules up or down 12-3
power policing 17-6
Power over Ethernet 17-2
power over ethernet 17-2
pre-authentication open access. See port-based authentication.
prerequisites for lawful intercept 83-1
primary links 19-2
primary VLANs 24-6
priority
overriding CoS 16-6, 17-4
private hosts 25-1
private hosts feature
configuration guidelines 25-1
configuring (detailed steps) 25-9
configuring (summary) 25-8
multicast operation 25-4
overview 25-4
port ACLs (PACLs) 25-7
port types 25-5, 25-6
protocol-independent MAC ACLs 25-4
restricting traffic flow with PACLs 25-5
spoofing protection 25-3
private VLANs 24-1
across multiple switches 24-9
and SVIs 24-10
benefits of 24-5
community VLANs 24-6, 24-7
configuration guidelines 24-2, 24-4, 24-10
configuring 24-10
host ports 24-14
pomiscuous ports 24-15
routing secondary VLAN ingress traffic 24-13
secondary VLANs with primary VLANs 24-12
VLANs as private 24-11
end station access to 24-8
IP addressing 24-8
isolated VLANs 24-6, 24-7
monitoring 24-16
ports
community 24-7
configuration guidelines 24-4
isolated 24-7
promiscuous 24-7
primary VLANs 24-6
secondary VLANs 24-6
subdomains 24-5
traffic in 24-10
privileged EXEC mode 2-5
promiscuous ports 24-7
protocol tunneling
See Layer 2 protocol tunneling 27-2
PVRST
See Rapid-PVST 28-3
PVST
description 28-3
PVST simulation
description 29-20
peer inconsistent state 29-20
root bridge 29-20
Q
QoS
auto-QoS
enabling for VoIP 63-4
IPv6 59-3
See also automatic QoS 63-1
QoS CoS
port value, configuring 62-2
QoS default configuration 65-2
QoS DSCP
maps, configuring 62-7
QoS mapping
CoS values to DSCP values 62-4, 62-7
DSCP markdown values 62-8, 64-14
DSCP mutation 62-3, 64-25
DSCP values to CoS values 62-9
IP precedence values to DSCP values 62-7
QoS markdown 60-4
QoS out of profile 60-4
QoS policing rule
aggregate 60-4
microflow 60-4
QoS port
trust state 62-10
QoS port-based or VLAN-based 62-12
QoS receive queue 62-18
QoS statistics data export 65-2
configuring 65-2
configuring destination host 65-7
configuring time interval 65-6, 65-8
QoS transmit queues 61-6, 62-15, 62-16
QoS VLAN-based or port-based 62-12
queries, IGMP 43-4
queries, MLDv2 42-6
R
RADIUS 75-6
RADIUS. See also port-based authentication. 80-7
range
command 52-3
macro 10-2
rapid convergence 28-14
Rapid-PVST
enabling 28-36
Rapid PVST+
interoperation with MST 29-20
Rapid-PVST+
overview 28-3
Rapid Spanning Tree
See RSTP
Rapid Spanning Tree Protocol
See RSTP
receive queues
see QoS receive queues
recirculation 34-5
redirect URLs
described 80-25
reduced MAC address 28-3
redundancy (RPR+) 8-1
configuring 8-4
configuring supervisor engine 8-2
displaying supervisor engine configuration 8-5
redundancy command 8-4
related documentation 1-xliii
Remote Authentication Dial-In User Service. See RADIUS.
report, MLD 42-5
reserved-range VLANs
See VLANs
restricted VLAN
configuring 80-43
described 80-19
using with IEEE 802.1x 80-19
restricting MIB access 83-10, 83-11
rewrite, packet
CEF 30-2
IP MMLS 40-5
RHI 4-49
RIF cache monitoring 10-12
ROM monitor
CLI 2-7
root bridge
MST 29-20
PVST simulation 29-20
root bridge, STP 28-29
root guard
See STP root guard
root switch
MSTP 28-39
route health injection
See RHI
route-map (IP) command 31-4
route maps
defining 31-4
router guard 46-1
RPF
failure 40-7
non-RPF multicast 40-7
RPR and RPR+ support IPv6 multicast traffic 8-1
RSTP
active topology 28-13
BPDU
format 28-16
processing 28-17
designated port, defined 28-13
designated switch, defined 28-13
interoperability with IEEE 802.1D
described 28-24
restarting migration process 28-47
topology changes 28-17
overview 28-13
port roles
described 28-13
synchronized 28-15
proposal-agreement handshake process 28-14
rapid convergence
described 28-14
edge ports and Port Fast 28-14
point-to-point links 28-14, 28-46
root ports 28-14
root port, defined 28-13
See also MSTP
S
secondary VLANs 24-6
Secure MAC Address Aging Type 82-9
security
configuring 68-1
security, port 82-3
security considerations 83-9
Security Exchange Protocol (SXP) 67-2
Security Group Access Control List (SGACL) 67-2
Security Group Tag (SGT) 67-2
serial IDs
description 50-12
serial interfaces
clearing 10-13
synchronous
maintaining 10-13
server IDs
description 50-12
service instance
configuration mode 38-5
creating 38-4
defined 38-4
service-policy input command 60-17, 61-15, 62-4, 62-6, 64-25, 73-4
service-provider network, MSTP and RSTP 28-18
set default interface command 31-4
set interface command 31-4
set ip default next-hop command 31-4
set ip df command
PBR 31-4
set ip next-hop command 31-4
set ip precedence command
PBR 31-4
set ip vrf command
PBR 31-4
set power redundancy enable/disable command 12-2
set requests 83-7, 83-8, 83-11
setting up lawful intercept 83-7
SGACL 67-2
SGT 67-2
short pipe mode
configuring 64-30
show authentication command 80-52
show catalyst6000 chassis-mac-address command 28-4
show dot1x interface command 80-36
show eobc command 10-12
show history command 2-4
show ibc command 10-12
show interfaces command 10-8, 10-9, 10-12, 18-6, 18-13
clearing interface counters 10-12
displaying, speed and duplex mode 10-6
show ip local policy command 31-5
show mab command 80-55
show module command 8-5
show platform aging command 49-4
show platform entry command 30-5
show platform ip multicast group command
displaying IP MMLS group 40-27
show platform ip multicast interface command
displaying IP MMLS interface 40-27
show platform ip multicast source command
displaying IP MMLS source 40-27
show platform ip multicast statistics command
displaying IP MMLS statistics 40-27
show platform ip multicast summary
displaying IP MMLS configuration 40-27
show protocols command 10-12
show rif command 10-12
show running-config command 10-12
displaying ACLs 70-7, 70-8
show svclc rhi-routes command 4-49
show version command 10-12
shutdown command 10-13
shutdown interfaces
result 10-13
slot number, description 10-2
smart call home 50-1
description 50-4
destination profile (note) 50-21
registration requirements 50-4
service contract requirements 50-2
Transport Gateway (TG) aggregation point 50-3
SMARTnet
smart call home registration 50-4
smart port macros 3-1
configuration guidelines 3-2
Smartports macros
applying global parameter values 3-14
applying macros 3-14
creating 3-13
default configuration 3-4
defined 3-4
displaying 3-15
tracing 3-2
SNMP
configuring 83-10
default view 83-9
get and set requests 83-7, 83-8, 83-11
notifications 83-9, 83-12
support and documentation 1-7
SNMP-COMMUNITY-MIB 83-9
SNMP-USM-MIB 83-4, 83-9
SNMP-VACM-MIB 83-4, 83-9
snooping
See IGMP snooping
source IDs
call home event format 50-11
source specific multicast with IGMPv3, IGMP v3lite, and URD 40-26
SPAN
configuration guidelines 53-2
configuring 53-12
sources 53-16, 53-19, 53-21, 53-22, 53-24, 53-25, 53-26, 53-28
VLAN filtering 53-30
destination port support on EtherChannels 53-12, 53-19, 53-22, 53-24, 53-25, 53-29
distributed egress 53-10, 53-15
modules that disable for ERSPAN 53-7
input packets with don’t learn option
ERSPAN 53-28, 53-29
local SPAN 53-17, 53-18, 53-19
RSPAN 53-22, 53-23, 53-25
understanding 53-12
local SPAN egress session increase 53-3, 53-16
overview 53-7
SPAN Destination Port Permit Lists 53-15
spanning-tree backbonefast
command 29-15, 29-16
command example 29-15, 29-16
spanning-tree cost
command 28-33
command example 28-33
spanning-tree portfast
command 29-2, 29-3, 29-4
command example 29-3, 29-4
spanning-tree portfast bpdu-guard
command 29-8
spanning-tree port-priority
command 28-31
spanning-tree protocol for bridging 32-1
spanning-tree uplinkfast
command 29-13
command example 29-13
spanning-tree vlan
command 28-27, 28-29, 28-30, 28-31, 29-8, 29-17
command example 28-28, 28-29, 28-30, 28-31
spanning-tree vlan cost
command 28-33
spanning-tree vlan forward-time
command 28-35
command example 28-35
spanning-tree vlan hello-time
command 28-35
command example 28-35
spanning-tree vlan max-age
command 28-36
command example 28-36
spanning-tree vlan port-priority
command 28-31
command example 28-32
spanning-tree vlan priority
command 28-34
command example 28-34
speed
configuring interface 10-4
speed command 10-4
speed mode
autonegotiation status 10-6
standards, lawful intercept 83-4
standby links 19-2
static sharing
description 80-25
statistics
802.1X 80-51, 81-15
sticky ARP 73-7
sticky MAC address 82-3
Sticky secure MAC addresses 82-8, 82-9
storm control
see traffic-storm control
STP
configuring 28-26
bridge priority 28-34
enabling 28-27, 28-28
forward-delay time 28-35
hello time 28-35
maximum aging time 28-36
port cost 28-32
port priority 28-31
root bridge 28-29
secondary root switch 28-30
defaults 28-25
EtherChannel 20-7
normal ports 29-3
understanding 28-2
802.1Q Trunks 28-12
Blocking State 28-8
BPDUs 28-4
disabled state 28-12
forwarding state 28-11
learning state 28-10
listening state 28-9
overview 28-3
port states 28-6
protocol timers 28-5
root bridge election 28-5
topology 28-5
STP BackboneFast
configuring 29-15
figure
adding a switch 29-18
spanning-tree backbonefast
command 29-15, 29-16
command example 29-15, 29-16
understanding 29-13
STP BPDU Guard
configuring 29-7
spanning-tree portfast bpdu-guard
command 29-8
understanding 29-7
STP bridge ID 28-3
STP EtherChannel guard 29-16
STP extensions
description ?? to 29-20
STP loop guard
configuring 29-19
overview 29-17
STP PortFast
BPDU filter
configuring 29-10
BPDU filtering 29-9
configuring 29-2
spanning-tree portfast
command 29-2, 29-3, 29-4
command example 29-3, 29-4
understanding 29-2
STP port types
normal 29-3
STP root guard 29-17
STP UplinkFast
configuring 29-12
spanning-tree uplinkfast
command 29-13
command example 29-13
understanding 29-11
subdomains, private VLAN 24-5
supervisor engine
environmental monitoring 13-1
redundancy 8-1
synchronizing configurations 8-5
supervisor engine redundancy
configuring 8-2
supervisor engines
displaying redundancy configuration 8-5
supplicant 80-7
surveillance 83-7
svclc command 4-48
Switched Port Analyzer 53-1
switch fabric functionality 9-1
configuring 9-3
monitoring 9-4
switchport
configuring 18-14
example 18-13
show interfaces 10-8, 10-9, 18-6, 18-13
switchport access vlan 18-6, 18-7, 18-10, 18-14
example 18-15
switchport mode access 18-4, 18-6, 18-7, 18-14
example 18-15
switchport mode dynamic 18-9
switchport mode dynamic auto 18-4
switchport mode dynamic desirable 18-4
default 18-5
example 18-13
switchport mode trunk 18-4, 18-9
switchport nonegotiate 18-4
switchport trunk allowed vlan 18-11
switchport trunk encapsulation 18-7, 18-9
switchport trunk encapsulation dot1q
example 18-13
switchport trunk encapsulation negotiate
default 18-5
switchport trunk native vlan 18-11
switchport trunk pruning vlan 18-12
switch priority
MSTP 28-43
switch TopN reports
foreground execution 55-2
running 55-3
viewing 55-3
SXP 67-2
system event archive (SEA) 51-1
System Hardware Capacity 1-3
T
TDR
checking cable connectivity 10-14
enabling and disabling test 10-14
guidelines 10-14
Telnet
accessing CLI 2-2
Time Domain Reflectometer 10-14
TLV
host presence detection 16-4, 80-14, 82-4
traceroute, Layer 2
and ARP 56-2
and CDP 56-1
described 56-2
IP addresses and subnets 56-2
MAC addresses and VLANs 56-2
multicast traffic 56-2
multiple devices on a port 56-2
unicast traffic 56-2
usage guidelines 56-1
traffic-storm control
command
broadcast 78-4
described 78-2
monitoring 78-5
thresholds 78-2
traffic suppression
see traffic-storm control
transmit queues
see QoS transmit queues
traps, see SNMP notifications
trunks 18-4
802.1Q Restrictions 18-2
allowed VLANs 18-11
configuring 18-8
default interface configuration 18-6
default VLAN 18-10
different VTP domains 18-4
native VLAN 18-11
to non-DTP device 18-4
VLAN 1 minimization 18-12
trusted boundary 16-6
trusted boundary (extended trust for CDP devices) 16-4
trustpoint 50-2
tunneling 64-4, 64-26
tunneling, 802.1Q
See 802.1Q 26-4
type length value
See TLV
U
UDE
configuration 33-5
overview 33-4
UDE and UDLR 33-1
UDLD
default configuration 11-3
enabling
globally 11-3
on ports 11-4
overview 11-2
UDLR 33-1
back channel 33-3
configuration 33-6
tunnel
(example) 33-7
ARP and NHRP 33-4
UDLR (unidirectional link routing) 33-1
UDP port for SNMP notifications 83-12
UMFB 79-2
unauthorized ports with 802.1X 80-12
unicast storms
see traffic-storm control
Unidirectional Ethernet 33-1
unidirectional ethernet
example of setting 33-5
UniDirectional Link Detection Protocol
see UDLD
uniform mode
configuring 64-34
unknown multicast flood blocking
See UMFB
unknown unicast and multicast flood blocking 79-1
unknown unicast flood blocking
See UUFB
unknown unicast flood rate-limiting
See UUFRL
UplinkFast
See STP UplinkFast
URD 40-26
User-Based Rate Limiting 60-6, 60-15
user EXEC mode 2-5
UUFB 79-2
UUFRL 79-2
V
VACLs 71-2
configuring
examples 71-5
Layer 3 VLAN interfaces 71-5
Layer 4 port operations 66-2
logging
configuration example 71-7
configuring 71-7
restrictions 71-7
MAC address based 71-2
multicast packets 70-6
SVIs 71-5
WAN interfaces 71-2
virtual private LAN services (VPLS) 37-1
associating attachment circuit with the VSI at the PE 37-13
basic configuration 37-2
configuration example 37-18
configuring MPLS in the PE 37-11
configuring PE layer 2 interface to the CE 37-7
configuring the VFI in the PE 37-12
overview 37-2
restrictions 37-2
services 37-5
vlan
command 23-5, 23-6, 53-20
command example 23-6
VLAN Access Control Lists
See VACLs
VLAN-based QoS filtering 66-10
VLAN-bridge spanning-tree protocol 32-1
vlan database
command 23-5, 23-6, 53-20
vlan group command 80-42
VLAN locking 23-4
vlan mapping dot1q
command 23-8, 23-9
VLAN maps
applying 70-8
VLAN mode 36-3
VLAN port provisioning verification 23-4
VLANs
allowed on trunk 18-11
configuration guidelines 23-2
configuring 23-1
configuring (tasks) 23-4
defaults 23-3
extended range 23-3
interface assignment 23-6
multicast 44-2
name (default) 23-3
normal range 23-3
reserved range 23-3
support for 4,096 VLANs 23-2
token ring 23-3
trunks
understanding 18-4
understanding 23-2
VLAN 1 minimization 18-12
VTP domain 23-4
VLAN translation
command example 23-8, 23-9
voice VLAN
Cisco 7960 phone, port connections 16-2
configuration guidelines 16-1
configuring IP phone for data traffic
override CoS of incoming frame 16-6, 17-4
configuring ports for voice traffic in
802.1Q frames 16-5
connecting to an IP phone 16-5
default configuration 16-4
overview 16-2
voice VLAN. See also port-based authentication. 80-22
VPN
configuration example 35-4
guidelines and restrictions 35-2
VPN supported commands 35-2
VPN switching 35-1
VSS
dual-active detection
Enhanced PAgP, advantages 4-23
Enhanced PAgP, description 4-23
enhanced PAgP, description 4-43
fast-hello, advantages 4-23
fast-hello, description 4-23
VSLP fast-hello, configuration 4-44
VTP
advertisements 22-4, 22-5
client, configuring 22-15
configuration guidelines 22-1
default configuration 22-9
disabling 22-15
domains 22-3
VLANs 23-4
modes
client 22-4
server 22-4
transparent 22-4
monitoring 22-17
overview 22-2
per-port enable and disable 22-16
pruning
configuration 18-12
configuring 22-12
overview 22-7
server, configuring 22-15
statistics 22-17
transparent mode, configuring 22-15
version 2
enabling 22-13
overview 22-5
version 3
enabling 22-13
overview 22-6
server type, configuring 22-11
W
wake-on-LAN. See also port-based authentication. 80-28
web-based authentication
AAA fail policy 81-5
description 81-2
web browser interface 1-7
wiretaps 83-4
Index
Numerics
4K VLANs (support for 4,096 VLANs) 23-2
802.1AE Tagging 67-2
802.1Q
Layer 2 protocol tunneling
See Layer 2 protocol tunneling
mapping to ISL VLANs 23-7
trunks 18-4
restrictions 18-2
tunneling
configuration guidelines 26-1
configuring tunnel ports 26-6
overview 26-4
802.1Q Ethertype
specifying custom 18-15
802.1X 80-1
802.1x accounting 80-41
802.3ad
See LACP
802.3af 17-2
802.3x Flow Control 10-9
A
AAA
fail policy 80-8, 81-5
AAA (authentication, authorization, and accounting). See also port-based authentication. 80-6, 81-2
aaa accounting dot1x command 80-41
aaa accounting system command 80-41
abbreviating commands 2-5
access, restricting MIB 83-10
access control entries and lists 66-1
access-enable host timeout (not supported) 66-4
access port, configuring 18-14
access rights 83-9
access setup, example 83-11
accounting
with 802.1x 80-41
with IEEE 802.1x 80-16
ACEs and ACLs 66-1
ACLs
downloadable 81-2
downloadable (dACLs) 80-23
Filter-ID 80-24
per-user 80-24
port
defined 70-2
redirect URL 80-25
static sharing 80-25
acronyms, list of A-1
activating lawful intercept 83-8
admin function (mediation device) 83-7, 83-8
administration, definition 83-6
advertisements, VTP 22-4
aggregate label 34-2, 34-5
aggregate policing 60-4
aging time
accelerated
for MSTP 28-45
maximum
for MSTP 28-45, 28-46
alarms
major 13-4
minor 13-4
Allow DHCP Option 82 on Untrusted Port
configuring 75-10
understanding 75-5
any transport over MPLS (AToM) 36-3
Ethernet over MPLS 36-3
ARP ACL 66-12
ARP spoofing 77-3
AToM 36-3
audience 1-xliii
authentication control-direction command 80-50
authentication event command 80-43
authentication failed VLAN
See restricted VLAN
authentication open comand 80-15
authentication password, VTP 22-5
authentication periodic command 80-36, 80-47
authentication port-control command 80-43
authentication timer reauthenticate command 80-36
authorized ports with 802.1X 80-12
automatic QoS
configuration guidelines and restrictions 63-2
macros 63-4
overview 63-2
AutoQoS 63-1
auto-sync command 8-4
B
BackboneFast
See STP BackboneFast
backup interfaces
See Flex Links
binding database, DHCP snooping
See DHCP snooping binding database
binding table, DHCP snooping
See DHCP snooping binding database
blocking state, STP 28-8
blue beacon 1-6
BPDU
RSTP format 28-16
BPDU guard
See STP BPDU guard
BPDUs
Bridge Assurance 29-5
Shared Spanning Tree Protocol (SSTP) 29-20
Bridge Assurance
description 29-4 to 29-6
inconsistent state 29-5
supported protocols and link types 29-5
bridge domain
configuring 38-8
bridge groups 32-1
bridge ID
See STP bridge ID
bridge priority, STP 28-34
bridge protocol data units
see BPDUs
bridging 32-1
broadcast storms
see traffic-storm control
C
CALEA, See Communications Assistance for Law Enforcement Act (CALEA)
Call Home
description 50-3
message format options 50-3
messages
format options 50-3
call home 50-1
alert groups 50-28
contact information 50-19
destination profiles 50-20
displaying information 50-39
pattern matching 50-31
periodic notification 50-30
rate limit messages 50-31
severity threshold 50-30
smart call home feature 50-4
SMTP server 50-2
testing communications 50-32
call home alert groups
configuring 50-28
description 50-28
subscribing 50-29
call home customer information
entering information 50-19
call home destination profiles
attributes 50-21
description 50-20
displaying 50-42
call home notifications
full-txt format for syslog 50-15
XML format for syslog 50-15
CDP
host presence detection 80-14, 82-4
to configure Cisco phones 16-3
CEF
configuring
RP 30-5
supervisor engine 30-4
examples 30-3
Layer 3 switching 30-2
packet rewrite 30-2
certificate authority (CA) 50-2
channel-group group
command 20-8, 20-13, 20-14
command example 20-9, 20-14
Cisco Discovery Protocol
See CDP
Cisco Emergency Responder 16-4
Cisco Express Forwarding 34-3
CISCO-IP-TAP-MIB
citapStreamVRF 83-2
overview 83-8
restricting access to 83-10, 83-11
CISCO-TAP2-MIB
accessing 83-9
overview 83-8
restricting access to 83-10, 83-11
CIST regional root
See MSTP
CIST root
See MSTP
class command 60-9
class map configuration 60-8, 61-11
clear authentication sessions command 80-38
clear counters command 10-12
clear dot1x command 80-37
clear interface command 10-13
CLI
accessing 2-1
backing out one level 2-5
console configuration mode 2-5
getting list of commands 2-6
global configuration mode 2-5
history substitution 2-4
interface configuration mode 2-5
privileged EXEC mode 2-5
ROM monitor 2-7
software basics 2-4
collection function 83-6
command line processing 2-3
commands, getting list of 2-6
Communications Assistance for Law Enforcement Act
CALEA for Voice 83-5
lawful intercept 83-4
community ports 24-7
community VLANs 24-6, 24-7
configuration example
EoMPLS port mode 36-4, 36-7
EoMPLS VLAN mode 36-4
VPLS, 802.1Q access port for untagged traffic from CE 37-8
VPLS, associating the attachment circuit with the VSI at the PE 37-13
VPLS, L2 VLAN instance on the PE 37-10
VPLS, MPLS in the PE 37-11
VPLS, using QinQ to place all VLANs into a single VPLS 37-9
VPLS, VFI in the PE 37-12
configuration guidelines
EVCs 38-2
configuring 60-9, 61-11
lawful intercept 83-10, 83-11, 83-12
SNMP 83-10
console configuration mode 2-5
content IAP 83-6
control plane policing
See CoPP
CoPP 74-1
applying QoS service policy to control plane 74-5
configuring
ACLs to match traffic 74-5
enabling MLS QoS 74-5
packet classification criteria 74-5
service-policy map 74-5
control plane configuration mode
entering 74-5
displaying
dynamic information 74-9
number of conforming bytes and packets 74-9
rate information 74-9
entering control plane configuration mode 74-5
monitoring statistics 74-9
overview 74-3
packet classification guidelines 74-2
traffic classification
defining 74-6
guidelines 74-7
overview 74-6
sample ACLs 74-7
sample classes 74-6
CoS
override priority 16-6, 17-4
counters
clearing interface 10-12, 10-13
critical authentication 80-8
critical authentication, IEEE 802.1x 80-44
CSCsr62404 10-9
cTap2MediationDebug notification 83-12
cTap2MediationNewIndex object 83-8
cTap2MediationTable 83-8
cTap2MediationTimedOut notification 83-12
cTap2MIBActive notification 83-12
cTap2StreamDebug notification 83-12
cTap2StreamTable 83-8
customer contact information
entering for call home 50-19
D
dACL
See ACLs, downloadable 80-23
dCEF 30-4
debug commands
IP MMLS 40-31
DEC spanning-tree protocol 32-1
default configuration
802.1X 80-28, 81-7
dynamic ARP inspection 77-6
EVCs 38-9
Flex Links 19-4
IP MMLS 40-15
MSTP 28-26
MVR 44-5
UDLD 11-3
voice VLAN 16-4
VTP 22-9
default VLAN 18-10
denial of service protection 73-1
device IDs
call home format 50-11, 50-12
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 75-7
overview 75-5
packet format, suboption
circuit ID 75-7
remote ID 75-7
remote ID suboption 75-7
DHCP option 82 allow on untrusted port 75-10
DHCP snooping
802.1X data insertion 80-15
binding database
See DHCP snooping binding database
configuration guidelines 75-8
configuring 75-9
default configuration 75-8
displaying binding tables 75-18
enabling 75-9, 75-10, 75-11, 75-12, 75-13, 75-14
enabling the database agent 75-14
message exchange process 75-6
monitoring 76-5, 76-6
option 82 data insertion 75-5
overview 75-3
Snooping database agent 75-7
DHCP snooping binding database
described 75-5
entries 75-5
DHCP snooping binding table
See DHCP snooping binding database
DHCP Snooping Database Agent
adding to the database (example) 75-18
enabling (example) 75-15
overview 75-7
reading from a TFTP file (example) 75-17
DHCP snooping increased bindings limit 75-14
DiffServ
configuring short pipe mode 64-30
configuring uniform mode 64-34
short pipe mode 64-27
uniform mode 64-28
DiffServ tunneling modes 64-4
Disabling PIM Snooping Designated Router Flooding 47-6
distributed Cisco Express Forwarding
See dCEF
distributed egress SPAN 53-10, 53-15
DNS, See Domain Name System
DNS, see Domain Name System
documentation, related 1-xliii
Domain Name System 83-2
DoS protection 73-1
monitoring packet drop statistics
using monitor session commands 73-8
using VACL capture 73-10
QoS ACLs 73-2
security ACLs 73-2
uRPF check 73-5
dot1x initialize interface command 80-37
dot1x max-reauth-req command 80-41
dot1x max-req command 80-40
dot1x pae authenticator command 80-31
dot1x re-authenticate interface command 80-36
dot1x timeout quiet-period command 80-38
DSCP-based queue mapping 62-14
duplex command 10-5, 10-6
duplex mode
autonegotiation status 10-6
configuring interface 10-4
dynamic ARP inspection
ARP cache poisoning 77-3
ARP requests, described 77-3
ARP spoofing attack 77-3
configuration guidelines 77-2
configuring
log buffer 77-13, 77-15
logging system messages 77-14
rate limit for incoming ARP packets 77-5, 77-10
default configuration 77-6
denial-of-service attacks, preventing 77-10
described 77-3
DHCP snooping binding database 77-4
displaying
ARP ACLs 77-15
configuration and operating state 77-15
trust state and rate limit 77-15
error-disabled state for exceeding rate limit 77-5
function of 77-4
interface trust states 77-4
log buffer
configuring 77-13, 77-15
logging of dropped packets, described 77-6
logging system messages
configuring 77-14
man-in-the middle attack, described 77-4
network security issues and interface trust states 77-4
priority of ARP ACLs and DHCP snooping entries 77-6
rate limiting of ARP packets
configuring 77-10
described 77-5
error-disabled state 77-5
validation checks, performing 77-11
Dynamic Host Configuration Protocol snooping 75-1
E
EAC 67-2
EAPOL. See also port-based authentication. 80-6
egress SPAN 53-10
electronic traffic, monitoring 83-7
e-mail addresses
assigning for call home 50-19
e-mail notifications
Call Home 50-3
enable mode 2-5
enable sticky secure MAC address 82-8
enabling
IP MMLS
on router interfaces 40-16
lawful intercept 83-8
SNMP notifications 83-12
Endpoint Admission Control (EAC) 67-2
environmental monitoring
LED indications 13-4
SNMP traps 13-4
supervisor engine and switching modules 13-4
Syslog messages 13-4
using CLI commands 13-1
EOBC
for MAC address table synchronization 18-3
EoMPLS 36-3
configuring 36-4
configuring VLAN mode 36-3
guidelines and restrictions 36-2
port mode 36-3
VLAN mode 36-3
ERSPAN 53-1
EtherChannel
channel-group group
command 20-8, 20-13, 20-14
command example 20-9, 20-14
configuration guidelines 4-26, 20-2
configuring
Layer 2 20-8
configuring (tasks) 4-26, 20-7
interface port-channel
command example 20-8
interface port-channel (command) 20-8
lacp system-priority
command example 20-10
Layer 2
configuring 20-8
load balancing
configuring 20-11
understanding 20-7
Min-Links 20-13, 20-14
modes 20-4
PAgP
understanding 20-5
port-channel interfaces 20-7
port-channel load-balance
command 20-10, 20-11
command example 20-12
STP 20-7
understanding 4-4, 20-3
EtherChannel Guard
See STP EtherChannel Guard
Ethernet
setting port duplex 10-10
Ethernet flow point
See EFP
Ethernet over MPLS (EoMPLS) configuration
EoMPLS port mode 36-6
EoMPLS VLAN mode 36-4
Ethernet Virtual Connection
See EVC
EVC
broadcast domain 38-4
configuration guidelines 38-2
default configuration 38-9
supported features 38-2
EXP mutation 64-4
extended range VLANs 23-2
See VLANs
extended system ID
MSTP 28-39
Extensible Authentication Protocol over LAN. See EAPOL.
F
fall-back bridging 32-1
fast link notification
on VSL failure 4-13
fiber-optic, detecting unidirectional links 11-1
FIB TCAM 34-3
figure
lawful intercept overview 83-5
Flex Links 19-1
configuration guidelines 19-2
configuring 19-4
default configuration 19-4
description 19-2
monitoring 19-5
flow control 10-9
forward-delay time
MSTP 28-45
forward-delay time, STP 28-35
frame distribution
See EtherChannel load balancing
G
get requests 83-7, 83-8, 83-11
global configuration mode 2-5
guest VLAN and 802.1x 80-19
H
hardware Layer 3 switching
guidelines 30-2
hello time
MSTP 28-44
hello time, STP 28-35
High Capacity Power Supply Support 12-4
history
CLI 2-4
host mode
see port-based authentication
host ports
kinds of 24-7
host presence CDP message 16-4, 80-14
host presence TLV message 82-4
http
//www-tac.cisco.com/Teams/ks/c3/xmlkwery.php?srId=612293409 20-3
I
IAP
content IAP 83-6
definition 83-6
content IAP 83-6
identification IAP 83-6
types of
ICMP unreachable messages 66-2
ID IAP 83-6
IDs
serial IDs 50-12
IEEE 802.1Q Ethertype
specifying custom 18-15
IEEE 802.1Q Tagging on a Per-Port Basis 26-7
IEEE 802.1w
See RSTP
IEEE 802.1x
accounting 80-16, 80-41
authentication failed VLAN 80-19
critical ports 80-20
DHCP snooping 80-15
guest VLAN 80-19
MAC authentication bypass 80-26
network admission control Layer 2 validation 80-27
port security interoperability 80-22
RADIUS-supplied session timeout 80-35
voice VLAN 80-22
wake-on-LAN support 80-28
IEEE 802.3ad
See LACP
IEEE 802.3af 17-2
IEEE 802.3x Flow Control 10-9
IEEE bridging protocol 32-1
IGMP 43-1
configuration guidelines 42-9
enabling 43-9
join messages 43-3
leave processing
enabling 43-13
queries 43-4
query interval
configuring 43-12
snooping
fast leave 43-6
joining multicast group 43-3, 45-4
leaving multicast group 43-5, 45-4
understanding 43-3, 45-3
snooping querier
enabling 43-9
understanding 43-3, 45-3
IGMPv3 40-26
IGMP v3lite 40-26
ignore port trust 60-11
inaccessible authentication bypass 80-20
ingress SPAN 53-10
intercept access point
See IAP
intercept-related information (IRI) 83-6, 83-7
intercepts, multiple 83-6
interface
configuration mode 2-5
Layer 2 modes 18-4
number 10-2
interface port-channel
command example 20-8
interface port-channel (command) 20-8
interfaces
configuring, duplex mode 10-3
configuring, speed 10-3
configururing, overview 10-2
counters, clearing 10-12, 10-13
displaying information about 10-12
maintaining 10-12
monitoring 10-12
range of 10-2
restarting 10-13
shutting down
task 10-13
interfaces command 10-2
interfaces range command 52-3
interfaces range macro command 10-2
internal VLANs 23-3
Internet Group Management Protocol 43-1, 45-1
IP accounting, IP MMLS and 40-2
IP CEF
topology (figure) 30-4
ip flow-export source command 55-3, 55-4, 55-5
ip http server 1-7
ip local policy route-map command 31-5
IP MMLS
cache, overview 40-4
configuration guideline 40-1
debug commands 40-31
default configuration 40-15
enabling
on router interfaces 40-16
Layer 3 MLS cache 40-4
overview 40-2
packet rewrite 40-5
router
enabling globally 40-16
enabling on interfaces 40-16
PIM, enabling 40-16
IP multicast
IGMP snooping and 43-8
MLDv2 snooping and 42-9
overview 43-2, 45-2, 46-2
IP multicast MLS
See IP MMLS
ip multicast-routing command
enabling IP multicast 40-16
IP phone
configuring 16-5
ip pim command
enabling IP PIM 40-16
ip policy route-map command 31-5
IP Source Guard 76-1
configuring 76-3
configuring on private VLANs 76-5
displaying 76-5, 76-6
overview 76-2
IP unnumbered 32-1
IPv4 Multicast over Point-to-Point GRE Tunnels 1-8
IPv4 Multicast VPN 48-1
IPv6 Multicast Layer 3 Switching 41-1
IPv6 QoS 59-3
ISL trunks 18-4
isolated port 24-7
isolated VLANs 24-6, 24-7
J
join messages, IGMP 43-3
jumbo frames 10-6
K
keyboard shortcuts 2-3
L
label edge router 34-2
label switched path 36-1
label switch router 34-2, 34-4
LACP
system ID 20-6
Law Enforcement Agency (LEA) 83-4
lawful intercept
admin function 83-7, 83-8
collection function 83-6
configuring 83-10, 83-11, 83-12
enabling 83-8
IRI 83-6
mediation device 83-5
overview 83-4, 83-5
prerequisites 83-1
processing 83-7
security considerations 83-9
SNMP notifications 83-12
lawful intercept processing 83-7
Layer 2
configuring interfaces 18-5
access port 18-14
trunk 18-8
defaults 18-5
interface modes 18-4
show interfaces 10-8, 10-9, 18-6, 18-13
switching
understanding 18-2
trunks
understanding 18-4
VLAN
interface assignment 23-6
Layer 2 Interfaces
configuring 18-1
Layer 2 protocol tunneling
configuring Layer 2 tunnels 27-3
overview 27-2
Layer 2 Traceroute 56-1
Layer 2 traceroute
and ARP 56-2
and CDP 56-1
described 56-2
IP addresses and subnets 56-2
MAC addresses and VLANs 56-2
multicast traffic 56-2
multiple devices on a port 56-2
unicast traffic 56-2
usage guidelines 56-1
Layer 3
IP MMLS and MLS cache 40-4
Layer 3 switched packet rewrite
CEF 30-2
Layer 3 switching
CEF 30-2
Layer 4 port operations (ACLs) 66-2
leave processing, IGMP
enabling 43-13
leave processing, MLDv2
enabling 42-12
LERs 64-2, 64-6, 64-7
Link Failure
detecting unidirectional 28-25
link negotiation 10-5
link redundancy
See Flex Links
load deferral
MEC traffic recovery 4-6
Local Egress Replication 40-19
logical operation unit
See LOU
loop guard
See STP loop guard
LOU
description 66-3
determining maximum number of 66-3
LSRs 64-2, 64-6
M
mab command 80-43, 80-47
MAC address-based blocking 69-1
MAC address table notification 18-7
MAC authentication bypass. See also port-based authentication. 80-26
MAC move (port security) 82-3
macros 3-1
See Smartports macros
MACSec 67-2
magic packet 80-28
main-cpu command 8-4
mapping 802.1Q VLANs to ISL VLANs 23-7
markdown
see QoS markdown
match ip address command 31-4
match length command 31-4
maximum aging time
MSTP 28-45
maximum aging time, STP 28-36
maximum hop count, MSTP 28-46
MEC
configuration 4-42
described 4-14
failure 4-15
port load share deferral 4-16
mediation device
admin function 83-7, 83-8
definition 83-5
description 83-5
MIBs
CISCO-IP-TAP-MIB 83-2, 83-8, 83-10
CISCO-TAP2-MIB 83-8, 83-9, 83-10
SNMP-COMMUNITY-MIB 83-9
SNMP-USM-MIB 83-4, 83-9
SNMP-VACM-MIB 83-4, 83-9
microflow policing 60-4
Mini Protocol Analyzer 57-1
Min-Links 20-13
MLD
report 42-5
MLD snooping
query interval
configuring 42-10
MLDv1 42-2
MLDv2 42-1
enabling 42-11
leave processing
enabling 42-12
queries 42-6
snooping
fast leave 42-8
joining multicast group 42-5
leaving multicast group 42-7
understanding 42-3
snooping querier
enabling 42-10
understanding 42-3
MLDv2 Snooping 42-1
monitoring
Flex Links 19-5
MVR 44-8
private VLANs 24-16
monitoring electronic traffic 83-7
MPLS 34-1, 34-2
aggregate label 34-2
any transport over MPLS 36-3
basic configuration 34-9
core 34-4
DiffServ Tunneling Modes 64-26
egress 34-4
experimental field 64-3
hardware features 34-5
ingress 34-4
IP to MPLS path 34-4
labels 34-2
MPLS to IP path 34-4
MPLS to MPLS path 34-4
nonaggregate lable 34-2
QoS default configuration 64-13
restrictions 34-1
VPN 64-11
VPN guidelines and restrictions 35-2
MPLS QoS
Classification 64-2
Class of Service 64-2
commands 64-15
configuring a class map 64-17
configuring a policy map 64-20
configuring egress EXP mutation 64-24
configuring EXP Value Maps 64-25
Differentiated Services Code Point 64-2
displaying a policy map 64-24
E-LSP 64-2
EXP bits 64-2
features 64-2
IP Precedence 64-2
QoS Tags 64-2
queueing-only mode 64-17
MPLS QoS configuration
class map to classify MPLS packets 64-17
MPLS supported commands 34-2
MPLS VPN
limitations and restrictions 35-2
MQC 58-1
MST
interoperation with Rapid PVST+ 29-20
root bridge 29-20
MSTP
boundary ports
configuration guidelines 28-2
described 28-22
CIST, described 28-19
CIST regional root 28-20
CIST root 28-21
configuration guidelines 28-2
configuring
forward-delay time 28-45
hello time 28-44
link type for rapid convergence 28-46
maximum aging time 28-45
maximum hop count 28-46
MST region 28-38
neighbor type 28-46
path cost 28-42
port priority 28-41
root switch 28-39
secondary root switch 28-40
switch priority 28-43
CST
defined 28-19
operations between regions 28-20
default configuration 28-26
displaying status 28-47
enabling the mode 28-38
extended system ID
effects on root switch 28-39
effects on secondary root switch 28-40
unexpected behavior 28-39
IEEE 802.1s
implementation 28-23
port role naming change 28-23
terminology 28-21
interoperability with IEEE 802.1D
described 28-24
restarting migration process 28-47
IST
defined 28-19
master 28-20
operations within a region 28-20
mapping VLANs to MST instance 28-38
MST region
CIST 28-19
configuring 28-38
described 28-19
hop-count mechanism 28-22
IST 28-19
supported spanning-tree instances 28-19
overview 28-18
root switch
configuring 28-39
effects of extended system ID 28-39
unexpected behavior 28-39
status, displaying 28-47
MTU size (default) 23-3
multiauthentication (multiauth). See also port-based authentication. 80-14
multicast
IGMP snooping and 43-8
MLDv2 snooping and 42-9
non-RPF 40-7
overview 43-2, 45-2, 46-2
PIM snooping 47-4
multicast flood blocking 79-1
multicast groups
joining 43-3, 45-4
leaving 42-7, 43-5
multicast groups, IPv6
joining 42-5
Multicast Listener Discovery version 2 42-1
Multicast Replication Mode Detection enhancement 40-18
multicast storms
see traffic-storm control
multicast television application 44-3
multicast VLAN 44-2
Multicast VLAN Registration 44-1
multichassis EtherChannel
see MEC 4-14
Multidomain Authentication (MDA). See also port-based authentication. 80-14
Multilayer MAC ACL QoS Filtering 66-9
multiple path RPF check 73-5
Multiple Spanning Tree
See MST
MUX-UNI Support 34-7
MUX-UNI support 34-7
MVAP (Multi-VLAN Access Port). See also port-based authentication. 80-22
MVR
and IGMPv3 44-2
configuring interfaces 44-6
default configuration 44-5
example application 44-3
in the switch stack 44-5
monitoring 44-8
multicast television application 44-3
restrictions 44-1
setting global parameters 44-6
N
NAC
agentless audit support 80-27
critical authentication 80-20, 80-44
IEEE 802.1x authentication using a RADIUS server 80-47
IEEE 802.1x validation using RADIUS server 80-47
inaccessible authentication bypass 80-44
Layer 2 IEEE 802.1x validation 80-47
Layer 2 IEEE802.1x validation 80-27
native VLAN 18-11
NDAC 67-2
NetFlow
table, displaying entries 30-5
Network Device Admission Control (NDAC) 67-2
network ports
Bridge Assurance 29-5
description 29-2
nonaggregate label 34-2, 34-5
non-RPF multicast 40-7
normal-range VLANs
See VLANs
notifications, See SNMP notifications
NSF with SSO does not support IPv6 multicast traffic. 6-1, 7-1
O
OIR 10-11
online diagnostics
CompactFlash disk verification A-40
configuring 14-2
datapath verification A-11
diagnostic sanity check 14-24
egress datapath test A-5
error counter test A-5
interrupt counter test A-5
memory tests 14-24
overview 14-2
running tests 14-6
test descriptions A-1
understanding 14-2
online diagnostic tests A-1
online insertion and removal
See OIR
out-f-band MAC address table synchronization
configuring 18-6
in a VSS 4-2
out of profile
see QoS out of profile
P
packet capture 57-2
packet rewrite
CEF 30-2
IP MMLS and 40-5
packets
multicast 70-6
PAgP
understanding 20-5
path cost
MSTP 28-42
PBACLs 66-5
PBF 71-4
PBR 1-8
PBR (policy-based routing)
configuration (example) 31-7
enabling 31-4
peer inconsistent state
in PVST simulation 29-20
per-port VTP enable and disable 22-16
PFC
recirculation 34-5
PIM, IP MMLS and 40-16
PIM snooping
designated router flooding 47-6
enabling globally 47-5
enabling in a VLAN 47-5
overview 47-4
platform aging command
configuring IP MLS 49-3, 49-4
platform ip multicast command
enabling IP MMLS 40-17 to 40-27
PoE 17-2
Cisco prestandard 17-2
IEEE 802.3af 17-2
PoE management 17-3
power policing 17-3
power use measurement 17-3
police command 60-13, 60-14
policy-based ACLs (PBACLs) 66-5
policy-based forwarding (PBF) 72-2
policy-based routing
See PBR
policy-based routing (PBR)
configuring 31-1
policy map 60-9, 61-11
attaching to an interface 60-17, 61-15, 73-4
policy-map command 60-9
port ACLs
defined 70-2
port ACLs (PACLs) 70-1
Port Aggregation Protocol
see PAgP
port-based authentication
AAA authorization 80-30
accounting 80-16
configuring 80-41
authentication server
defined 80-7, 81-3
RADIUS server 80-7
client, defined 80-7, 81-3
configuration guidelines 80-2, 81-1
configuring
guest VLAN 80-42
inaccessible authentication bypass 80-44
initializing authentication of a client 80-37
manual reauthentication of a client 80-36
RADIUS server 80-33, 81-10
RADIUS server parameters on the switch 80-32, 81-9
restricted VLAN 80-43
switch-to-authentication-server retransmission time 80-39
switch-to-client EAP-request frame retransmission time 80-39
switch-to-client frame-retransmission number 80-40
switch-to-client retransmission time 80-39
user distribution 80-42
VLAN group assignment 80-42
default configuration 80-28, 81-7
described 80-6
device roles 80-6, 81-3
DHCP snooping 80-15
DHCP snooping and insertion 75-6
displaying statistics 80-51, 81-15
EAPOL-start frame 80-10
EAP-request/identity frame 80-10
EAP-response/identity frame 80-10
enabling
802.1X authentication 80-30, 80-32, 81-9
periodic reauthentication 80-35
encapsulation 80-7
guest VLAN
configuration guidelines 80-19, 80-20
described 80-19
host mode 80-13
inaccessible authentication bypass
configuring 80-44
described 80-20
guidelines 80-4
initiation and message exchange 80-10
MAC authentication bypass 80-26
magic packet 80-28
method lists 80-30
modes 80-13
multiauth mode, described 80-14
multidomain authentication mode, described 80-14
multiple-hosts mode, described 80-13
ports
authorization state and dot1x port-control command 80-12
authorized and unauthorized 80-12
critical 80-20
voice VLAN 80-22
port security
and voice VLAN 80-23
described 80-22
interactions 80-22
multiple-hosts mode 80-13
pre-authentication open access 80-15, 80-33
resetting to default values 80-51
supplicant, defined 80-7
switch
as proxy 80-7, 81-3
RADIUS client 80-7
user distribution
configuring 80-42
described 80-18
guidelines 80-4
VLAN assignment
AAA authorization 80-30
characteristics 80-17
configuration tasks 80-18
described 80-17
VLAN group
guidelines 80-4
voice VLAN
described 80-22
PVID 80-22
VVID 80-22
wake-on-LAN, described 80-28
port-based QoS features
see QoS
port-channel
see EtherChannel
port-channel load-balance
command 20-10, 20-11
command example 20-10, 20-12
port-channel load-defer command 4-42
port-channel port load-defer command 4-42
port cost, STP 28-32
port debounce timer
disabling 10-10
displaying 10-10
enabling 10-10
PortFast
edge ports 29-2
network ports 29-2
See STP PortFast
PortFast Edge BPDU filtering
See STP PortFast Edge BPDU filtering
PortFast port types
description 29-2, 29-2 to ??
edge 29-2
network 29-2
port mode 36-3
port negotiation 10-5
port priority
MSTP 28-41
port priority, STP 28-31
ports
setting the debounce timer 10-10
port security
aging 82-9, 82-10
configuring 82-4
described 82-3
displaying 82-10
enable sticky secure MAC address 82-8
sticky MAC address 82-3
violations 82-3
Port Security is supported on trunks 82-2, 82-5, 82-7, 82-9
port security MAC move 82-3
port security on PVLAN ports 82-2
Port Security with Sticky Secure MAC Addresses 82-3
power management
enabling/disabling redundancy 12-2
overview 12-1
powering modules up or down 12-3
power policing 17-6
Power over Ethernet 17-2
power over ethernet 17-2
pre-authentication open access. See port-based authentication.
prerequisites for lawful intercept 83-1
primary links 19-2
primary VLANs 24-6
priority
overriding CoS 16-6, 17-4
private hosts 25-1
private hosts feature
configuration guidelines 25-1
configuring (detailed steps) 25-9
configuring (summary) 25-8
multicast operation 25-4
overview 25-4
port ACLs (PACLs) 25-7
port types 25-5, 25-6
protocol-independent MAC ACLs 25-4
restricting traffic flow with PACLs 25-5
spoofing protection 25-3
private VLANs 24-1
across multiple switches 24-9
and SVIs 24-10
benefits of 24-5
community VLANs 24-6, 24-7
configuration guidelines 24-2, 24-4, 24-10
configuring 24-10
host ports 24-14
pomiscuous ports 24-15
routing secondary VLAN ingress traffic 24-13
secondary VLANs with primary VLANs 24-12
VLANs as private 24-11
end station access to 24-8
IP addressing 24-8
isolated VLANs 24-6, 24-7
monitoring 24-16
ports
community 24-7
configuration guidelines 24-4
isolated 24-7
promiscuous 24-7
primary VLANs 24-6
secondary VLANs 24-6
subdomains 24-5
traffic in 24-10
privileged EXEC mode 2-5
promiscuous ports 24-7
protocol tunneling
See Layer 2 protocol tunneling 27-2
PVRST
See Rapid-PVST 28-3
PVST
description 28-3
PVST simulation
description 29-20
peer inconsistent state 29-20
root bridge 29-20
Q
QoS
auto-QoS
enabling for VoIP 63-4
IPv6 59-3
See also automatic QoS 63-1
QoS CoS
port value, configuring 62-2
QoS default configuration 65-2
QoS DSCP
maps, configuring 62-7
QoS mapping
CoS values to DSCP values 62-4, 62-7
DSCP markdown values 62-8, 64-14
DSCP mutation 62-3, 64-25
DSCP values to CoS values 62-9
IP precedence values to DSCP values 62-7
QoS markdown 60-4
QoS out of profile 60-4
QoS policing rule
aggregate 60-4
microflow 60-4
QoS port
trust state 62-10
QoS port-based or VLAN-based 62-12
QoS receive queue 62-18
QoS statistics data export 65-2
configuring 65-2
configuring destination host 65-7
configuring time interval 65-6, 65-8
QoS transmit queues 61-6, 62-15, 62-16
QoS VLAN-based or port-based 62-12
queries, IGMP 43-4
queries, MLDv2 42-6
R
RADIUS 75-6
RADIUS. See also port-based authentication. 80-7
range
command 52-3
macro 10-2
rapid convergence 28-14
Rapid-PVST
enabling 28-36
Rapid PVST+
interoperation with MST 29-20
Rapid-PVST+
overview 28-3
Rapid Spanning Tree
See RSTP
Rapid Spanning Tree Protocol
See RSTP
receive queues
see QoS receive queues
recirculation 34-5
redirect URLs
described 80-25
reduced MAC address 28-3
redundancy (RPR+) 8-1
configuring 8-4
configuring supervisor engine 8-2
displaying supervisor engine configuration 8-5
redundancy command 8-4
related documentation 1-xliii
Remote Authentication Dial-In User Service. See RADIUS.
report, MLD 42-5
reserved-range VLANs
See VLANs
restricted VLAN
configuring 80-43
described 80-19
using with IEEE 802.1x 80-19
restricting MIB access 83-10, 83-11
rewrite, packet
CEF 30-2
IP MMLS 40-5
RHI 4-49
RIF cache monitoring 10-12
ROM monitor
CLI 2-7
root bridge
MST 29-20
PVST simulation 29-20
root bridge, STP 28-29
root guard
See STP root guard
root switch
MSTP 28-39
route health injection
See RHI
route-map (IP) command 31-4
route maps
defining 31-4
router guard 46-1
RPF
failure 40-7
non-RPF multicast 40-7
RPR and RPR+ support IPv6 multicast traffic 8-1
RSTP
active topology 28-13
BPDU
format 28-16
processing 28-17
designated port, defined 28-13
designated switch, defined 28-13
interoperability with IEEE 802.1D
described 28-24
restarting migration process 28-47
topology changes 28-17
overview 28-13
port roles
described 28-13
synchronized 28-15
proposal-agreement handshake process 28-14
rapid convergence
described 28-14
edge ports and Port Fast 28-14
point-to-point links 28-14, 28-46
root ports 28-14
root port, defined 28-13
See also MSTP
S
secondary VLANs 24-6
Secure MAC Address Aging Type 82-9
security
configuring 68-1
security, port 82-3
security considerations 83-9
Security Exchange Protocol (SXP) 67-2
Security Group Access Control List (SGACL) 67-2
Security Group Tag (SGT) 67-2
serial IDs
description 50-12
serial interfaces
clearing 10-13
synchronous
maintaining 10-13
server IDs
description 50-12
service instance
configuration mode 38-5
creating 38-4
defined 38-4
service-policy input command 60-17, 61-15, 62-4, 62-6, 64-25, 73-4
service-provider network, MSTP and RSTP 28-18
set default interface command 31-4
set interface command 31-4
set ip default next-hop command 31-4
set ip df command
PBR 31-4
set ip next-hop command 31-4
set ip precedence command
PBR 31-4
set ip vrf command
PBR 31-4
set power redundancy enable/disable command 12-2
set requests 83-7, 83-8, 83-11
setting up lawful intercept 83-7
SGACL 67-2
SGT 67-2
short pipe mode
configuring 64-30
show authentication command 80-52
show catalyst6000 chassis-mac-address command 28-4
show dot1x interface command 80-36
show eobc command 10-12
show history command 2-4
show ibc command 10-12
show interfaces command 10-8, 10-9, 10-12, 18-6, 18-13
clearing interface counters 10-12
displaying, speed and duplex mode 10-6
show ip local policy command 31-5
show mab command 80-55
show module command 8-5
show platform aging command 49-4
show platform entry command 30-5
show platform ip multicast group command
displaying IP MMLS group 40-27
show platform ip multicast interface command
displaying IP MMLS interface 40-27
show platform ip multicast source command
displaying IP MMLS source 40-27
show platform ip multicast statistics command
displaying IP MMLS statistics 40-27
show platform ip multicast summary
displaying IP MMLS configuration 40-27
show protocols command 10-12
show rif command 10-12
show running-config command 10-12
displaying ACLs 70-7, 70-8
show svclc rhi-routes command 4-49
show version command 10-12
shutdown command 10-13
shutdown interfaces
result 10-13
slot number, description 10-2
smart call home 50-1
description 50-4
destination profile (note) 50-21
registration requirements 50-4
service contract requirements 50-2
Transport Gateway (TG) aggregation point 50-3
SMARTnet
smart call home registration 50-4
smart port macros 3-1
configuration guidelines 3-2
Smartports macros
applying global parameter values 3-14
applying macros 3-14
creating 3-13
default configuration 3-4
defined 3-4
displaying 3-15
tracing 3-2
SNMP
configuring 83-10
default view 83-9
get and set requests 83-7, 83-8, 83-11
notifications 83-9, 83-12
support and documentation 1-7
SNMP-COMMUNITY-MIB 83-9
SNMP-USM-MIB 83-4, 83-9
SNMP-VACM-MIB 83-4, 83-9
snooping
See IGMP snooping
source IDs
call home event format 50-11
source specific multicast with IGMPv3, IGMP v3lite, and URD 40-26
SPAN
configuration guidelines 53-2
configuring 53-12
sources 53-16, 53-19, 53-21, 53-22, 53-24, 53-25, 53-26, 53-28
VLAN filtering 53-30
destination port support on EtherChannels 53-12, 53-19, 53-22, 53-24, 53-25, 53-29
distributed egress 53-10, 53-15
modules that disable for ERSPAN 53-7
input packets with don’t learn option
ERSPAN 53-28, 53-29
local SPAN 53-17, 53-18, 53-19
RSPAN 53-22, 53-23, 53-25
understanding 53-12
local SPAN egress session increase 53-3, 53-16
overview 53-7
SPAN Destination Port Permit Lists 53-15
spanning-tree backbonefast
command 29-15, 29-16
command example 29-15, 29-16
spanning-tree cost
command 28-33
command example 28-33
spanning-tree portfast
command 29-2, 29-3, 29-4
command example 29-3, 29-4
spanning-tree portfast bpdu-guard
command 29-8
spanning-tree port-priority
command 28-31
spanning-tree protocol for bridging 32-1
spanning-tree uplinkfast
command 29-13
command example 29-13
spanning-tree vlan
command 28-27, 28-29, 28-30, 28-31, 29-8, 29-17
command example 28-28, 28-29, 28-30, 28-31
spanning-tree vlan cost
command 28-33
spanning-tree vlan forward-time
command 28-35
command example 28-35
spanning-tree vlan hello-time
command 28-35
command example 28-35
spanning-tree vlan max-age
command 28-36
command example 28-36
spanning-tree vlan port-priority
command 28-31
command example 28-32
spanning-tree vlan priority
command 28-34
command example 28-34
speed
configuring interface 10-4
speed command 10-4
speed mode
autonegotiation status 10-6
standards, lawful intercept 83-4
standby links 19-2
static sharing
description 80-25
statistics
802.1X 80-51, 81-15
sticky ARP 73-7
sticky MAC address 82-3
Sticky secure MAC addresses 82-8, 82-9
storm control
see traffic-storm control
STP
configuring 28-26
bridge priority 28-34
enabling 28-27, 28-28
forward-delay time 28-35
hello time 28-35
maximum aging time 28-36
port cost 28-32
port priority 28-31
root bridge 28-29
secondary root switch 28-30
defaults 28-25
EtherChannel 20-7
normal ports 29-3
understanding 28-2
802.1Q Trunks 28-12
Blocking State 28-8
BPDUs 28-4
disabled state 28-12
forwarding state 28-11
learning state 28-10
listening state 28-9
overview 28-3
port states 28-6
protocol timers 28-5
root bridge election 28-5
topology 28-5
STP BackboneFast
configuring 29-15
figure
adding a switch 29-18
spanning-tree backbonefast
command 29-15, 29-16
command example 29-15, 29-16
understanding 29-13
STP BPDU Guard
configuring 29-7
spanning-tree portfast bpdu-guard
command 29-8
understanding 29-7
STP bridge ID 28-3
STP EtherChannel guard 29-16
STP extensions
description ?? to 29-20
STP loop guard
configuring 29-19
overview 29-17
STP PortFast
BPDU filter
configuring 29-10
BPDU filtering 29-9
configuring 29-2
spanning-tree portfast
command 29-2, 29-3, 29-4
command example 29-3, 29-4
understanding 29-2
STP port types
normal 29-3
STP root guard 29-17
STP UplinkFast
configuring 29-12
spanning-tree uplinkfast
command 29-13
command example 29-13
understanding 29-11
subdomains, private VLAN 24-5
supervisor engine
environmental monitoring 13-1
redundancy 8-1
synchronizing configurations 8-5
supervisor engine redundancy
configuring 8-2
supervisor engines
displaying redundancy configuration 8-5
supplicant 80-7
surveillance 83-7
svclc command 4-48
Switched Port Analyzer 53-1
switch fabric functionality 9-1
configuring 9-3
monitoring 9-4
switchport
configuring 18-14
example 18-13
show interfaces 10-8, 10-9, 18-6, 18-13
switchport access vlan 18-6, 18-7, 18-10, 18-14
example 18-15
switchport mode access 18-4, 18-6, 18-7, 18-14
example 18-15
switchport mode dynamic 18-9
switchport mode dynamic auto 18-4
switchport mode dynamic desirable 18-4
default 18-5
example 18-13
switchport mode trunk 18-4, 18-9
switchport nonegotiate 18-4
switchport trunk allowed vlan 18-11
switchport trunk encapsulation 18-7, 18-9
switchport trunk encapsulation dot1q
example 18-13
switchport trunk encapsulation negotiate
default 18-5
switchport trunk native vlan 18-11
switchport trunk pruning vlan 18-12
switch priority
MSTP 28-43
switch TopN reports
foreground execution 55-2
running 55-3
viewing 55-3
SXP 67-2
system event archive (SEA) 51-1
System Hardware Capacity 1-3
T
TDR
checking cable connectivity 10-14
enabling and disabling test 10-14
guidelines 10-14
Telnet
accessing CLI 2-2
Time Domain Reflectometer 10-14
TLV
host presence detection 16-4, 80-14, 82-4
traceroute, Layer 2
and ARP 56-2
and CDP 56-1
described 56-2
IP addresses and subnets 56-2
MAC addresses and VLANs 56-2
multicast traffic 56-2
multiple devices on a port 56-2
unicast traffic 56-2
usage guidelines 56-1
traffic-storm control
command
broadcast 78-4
described 78-2
monitoring 78-5
thresholds 78-2
traffic suppression
see traffic-storm control
transmit queues
see QoS transmit queues
traps, see SNMP notifications
trunks 18-4
802.1Q Restrictions 18-2
allowed VLANs 18-11
configuring 18-8
default interface configuration 18-6
default VLAN 18-10
different VTP domains 18-4
native VLAN 18-11
to non-DTP device 18-4
VLAN 1 minimization 18-12
trusted boundary 16-6
trusted boundary (extended trust for CDP devices) 16-4
trustpoint 50-2
tunneling 64-4, 64-26
tunneling, 802.1Q
See 802.1Q 26-4
type length value
See TLV
U
UDE
configuration 33-5
overview 33-4
UDE and UDLR 33-1
UDLD
default configuration 11-3
enabling
globally 11-3
on ports 11-4
overview 11-2
UDLR 33-1
back channel 33-3
configuration 33-6
tunnel
(example) 33-7
ARP and NHRP 33-4
UDLR (unidirectional link routing) 33-1
UDP port for SNMP notifications 83-12
UMFB 79-2
unauthorized ports with 802.1X 80-12
unicast storms
see traffic-storm control
Unidirectional Ethernet 33-1
unidirectional ethernet
example of setting 33-5
UniDirectional Link Detection Protocol
see UDLD
uniform mode
configuring 64-34
unknown multicast flood blocking
See UMFB
unknown unicast and multicast flood blocking 79-1
unknown unicast flood blocking
See UUFB
unknown unicast flood rate-limiting
See UUFRL
UplinkFast
See STP UplinkFast
URD 40-26
User-Based Rate Limiting 60-6, 60-15
user EXEC mode 2-5
UUFB 79-2
UUFRL 79-2
V
VACLs 71-2
configuring
examples 71-5
Layer 3 VLAN interfaces 71-5
Layer 4 port operations 66-2
logging
configuration example 71-7
configuring 71-7
restrictions 71-7
MAC address based 71-2
multicast packets 70-6
SVIs 71-5
WAN interfaces 71-2
virtual private LAN services (VPLS) 37-1
associating attachment circuit with the VSI at the PE 37-13
basic configuration 37-2
configuration example 37-18
configuring MPLS in the PE 37-11
configuring PE layer 2 interface to the CE 37-7
configuring the VFI in the PE 37-12
overview 37-2
restrictions 37-2
services 37-5
vlan
command 23-5, 23-6, 53-20
command example 23-6
VLAN Access Control Lists
See VACLs
VLAN-based QoS filtering 66-10
VLAN-bridge spanning-tree protocol 32-1
vlan database
command 23-5, 23-6, 53-20
vlan group command 80-42
VLAN locking 23-4
vlan mapping dot1q
command 23-8, 23-9
VLAN maps
applying 70-8
VLAN mode 36-3
VLAN port provisioning verification 23-4
VLANs
allowed on trunk 18-11
configuration guidelines 23-2
configuring 23-1
configuring (tasks) 23-4
defaults 23-3
extended range 23-3
interface assignment 23-6
multicast 44-2
name (default) 23-3
normal range 23-3
reserved range 23-3
support for 4,096 VLANs 23-2
token ring 23-3
trunks
understanding 18-4
understanding 23-2
VLAN 1 minimization 18-12
VTP domain 23-4
VLAN translation
command example 23-8, 23-9
voice VLAN
Cisco 7960 phone, port connections 16-2
configuration guidelines 16-1
configuring IP phone for data traffic
override CoS of incoming frame 16-6, 17-4
configuring ports for voice traffic in
802.1Q frames 16-5
connecting to an IP phone 16-5
default configuration 16-4
overview 16-2
voice VLAN. See also port-based authentication. 80-22
VPN
configuration example 35-4
guidelines and restrictions 35-2
VPN supported commands 35-2
VPN switching 35-1
VSS
dual-active detection
Enhanced PAgP, advantages 4-23
Enhanced PAgP, description 4-23
enhanced PAgP, description 4-43
fast-hello, advantages 4-23
fast-hello, description 4-23
VSLP fast-hello, configuration 4-44
VTP
advertisements 22-4, 22-5
client, configuring 22-15
configuration guidelines 22-1
default configuration 22-9
disabling 22-15
domains 22-3
VLANs 23-4
modes
client 22-4
server 22-4
transparent 22-4
monitoring 22-17
overview 22-2
per-port enable and disable 22-16
pruning
configuration 18-12
configuring 22-12
overview 22-7
server, configuring 22-15
statistics 22-17
transparent mode, configuring 22-15
version 2
enabling 22-13
overview 22-5
version 3
enabling 22-13
overview 22-6
server type, configuring 22-11
W
wake-on-LAN. See also port-based authentication. 80-28
web-based authentication
AAA fail policy 81-5
description 81-2
web browser interface 1-7
wiretaps 83-4