Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W -

Index

Numerics

4K VLANs (support for 4,096 VLANs) 24-2

802.1AE Tagging 68-2

802.1Q

Layer 2 protocol tunneling

See Layer 2 protocol tunneling

mapping to ISL VLANs 24-7

trunks 19-4

restrictions 19-2

tunneling

configuration guidelines 27-1

configuring tunnel ports 27-6

overview 27-4

802.1Q Ethertype

specifying custom 19-15

802.1X 81-1

802.1x accounting 81-41

802.3ad

See LACP

802.3af 18-2

802.3x Flow Control 11-9

A

AAA

fail policy 81-8, 82-5

AAA (authentication, authorization, and accounting). See also port-based authentication. 81-6, 82-2

aaa accounting dot1x command 81-41

aaa accounting system command 81-41

abbreviating commands 2-5

access, restricting MIB 84-10

access control entries and lists 67-1

access-enable host timeout (not supported) 67-4

access port, configuring 19-14

access rights 84-9

access setup, example 84-11

accounting

with 802.1x 81-41

with IEEE 802.1x 81-16

ACEs and ACLs 67-1

ACLs

downloadable 82-2

downloadable (dACLs) 81-23

Filter-ID 81-24

per-user 81-24

port

defined 71-2

redirect URL 81-25

static sharing 81-25

acronyms, list of A-1

activating lawful intercept 84-8

admin function (mediation device) 84-7, 84-8

administration, definition 84-6

advertisements, VTP 23-4

aggregate label 35-2, 35-5

aggregate policing 61-4

aging time

accelerated

for MSTP 29-45

maximum

for MSTP 29-45, 29-46

alarms

major 14-4

minor 14-4

Allow DHCP Option 82 on Untrusted Port

configuring 76-10

understanding 76-5

any transport over MPLS (AToM) 37-3

Ethernet over MPLS 37-3

ARP ACL 67-12

ARP spoofing 78-3

AToM 37-3

audience 1-xlv

authentication control-direction command 81-50

authentication event command 81-43

authentication failed VLAN

See restricted VLAN

authentication open comand 81-15

authentication password, VTP 23-5

authentication periodic command 81-36, 81-47

authentication port-control command 81-43

authentication timer reauthenticate command 81-36

authorized ports with 802.1X 81-12

automatic QoS

configuration guidelines and restrictions 64-2

macros 64-4

overview 64-2

AutoQoS 64-1

auto-sync command 9-4

B

BackboneFast

See STP BackboneFast

backup interfaces

See Flex Links

binding database, DHCP snooping

See DHCP snooping binding database

binding table, DHCP snooping

See DHCP snooping binding database

blocking state, STP 29-8

blue beacon 1-6

BPDU

RSTP format 29-16

BPDU guard

See STP BPDU guard

BPDUs

Bridge Assurance 30-5

Shared Spanning Tree Protocol (SSTP) 30-20

Bridge Assurance

description30-4to 30-6

inconsistent state 30-5

supported protocols and link types 30-5

bridge domain

configuring 39-8

bridge groups 33-1

bridge ID

See STP bridge ID

bridge priority, STP 29-34

bridge protocol data units

see BPDUs

bridging 33-1

broadcast storms

see traffic-storm control

C

CALEA, See Communications Assistance for Law Enforcement Act (CALEA)

Call Home

description 51-3

message format options 51-3

messages

format options 51-3

call home 51-1

alert groups 51-28

contact information 51-19

destination profiles 51-20

displaying information 51-39

pattern matching 51-31

periodic notification 51-30

rate limit messages 51-31

severity threshold 51-30

smart call home feature 51-4

SMTP server 51-2

testing communications 51-32

call home alert groups

configuring 51-28

description 51-28

subscribing 51-29

call home customer information

entering information 51-19

call home destination profiles

attributes 51-21

description 51-20

displaying 51-42

call home notifications

full-txt format for syslog 51-15

XML format for syslog 51-15

CDP

host presence detection 81-14, 83-4

to configure Cisco phones 17-3

CEF

configuring

RP 31-5

supervisor engine 31-4

examples 31-3

Layer 3 switching 31-2

packet rewrite 31-2

certificate authority (CA) 51-2

channel-group group

command 21-8, 21-13, 21-14

command example 21-9, 21-14

Cisco Discovery Protocol

See CDP

Cisco Emergency Responder 17-4

Cisco Express Forwarding 35-3

CISCO-IP-TAP-MIB

citapStreamVRF 84-2

overview 84-8

restricting access to 84-10, 84-11

CISCO-TAP2-MIB

accessing 84-9

overview 84-8

restricting access to 84-10, 84-11

CIST regional root

See MSTP

CIST root

See MSTP

class command 61-9

class map configuration 61-8, 62-11

clear authentication sessions command 81-38

clear counters command 11-12

clear dot1x command 81-37

clear interface command 11-13

CLI

accessing 2-1

backing out one level 2-5

console configuration mode 2-5

getting list of commands 2-6

global configuration mode 2-5

history substitution 2-4

interface configuration mode 2-5

privileged EXEC mode 2-5

ROM monitor 2-7

software basics 2-4

collection function 84-6

command line processing 2-3

commands, getting list of 2-6

Communications Assistance for Law Enforcement Act

CALEA for Voice 84-5

lawful intercept 84-4

community ports 25-7

community VLANs 25-6, 25-7

configuration example

EoMPLS port mode 37-4, 37-7

EoMPLS VLAN mode 37-4

VPLS, 802.1Q access port for untagged traffic from CE 38-8

VPLS, associating the attachment circuit with the VSI at the PE 38-13

VPLS, L2 VLAN instance on the PE 38-10

VPLS, MPLS in the PE 38-11

VPLS, using QinQ to place all VLANs into a single VPLS 38-9

VPLS, VFI in the PE 38-12

configuration guidelines

EVCs 39-2

configuring 61-9, 62-11

lawful intercept 84-10, 84-11, 84-12

SNMP 84-10

console configuration mode 2-5

content IAP 84-6

control plane policing

See CoPP

CoPP 75-1

applying QoS service policy to control plane 75-5

configuring

ACLs to match traffic 75-5

enabling MLS QoS 75-5

packet classification criteria 75-5

service-policy map 75-5

control plane configuration mode

entering 75-5

displaying

dynamic information 75-9

number of conforming bytes and packets 75-9

rate information 75-9

entering control plane configuration mode 75-5

monitoring statistics 75-9

overview 75-3

packet classification guidelines 75-2

traffic classification

defining 75-6

guidelines 75-7

overview 75-6

sample ACLs 75-7

sample classes 75-6

CoS

override priority 17-6, 18-4

counters

clearing interface 11-12, 11-13

critical authentication 81-8

critical authentication, IEEE 802.1x 81-44

CSCsr62404 11-9

CSCtx75254 5-2

cTap2MediationDebug notification 84-12

cTap2MediationNewIndex object 84-8

cTap2MediationTable 84-8

cTap2MediationTimedOut notification 84-12

cTap2MIBActive notification 84-12

cTap2StreamDebug notification 84-12

cTap2StreamTable 84-8

customer contact information

entering for call home 51-19

D

dACL

See ACLs, downloadable 81-23

dCEF 31-4

debug commands

IP MMLS 42-31

DEC spanning-tree protocol 33-1

default configuration

802.1X 81-28, 82-7

dynamic ARP inspection 78-6

EVCs 39-9

Flex Links 20-4

IP MMLS 42-15

MSTP 29-26

MVR 44-5

UDLD 12-4

voice VLAN 17-4

VTP 23-9

default VLAN 19-10

denial of service protection 74-1

device IDs

call home format 51-11, 51-12

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP option 82

circuit ID suboption 76-7

overview 76-5

packet format, suboption

circuit ID 76-7

remote ID 76-7

remote ID suboption 76-7

DHCP option 82 allow on untrusted port 76-10

DHCP snooping

802.1X data insertion 81-15

binding database

See DHCP snooping binding database

configuration guidelines 76-8

configuring 76-9

default configuration 76-8

displaying binding tables 76-18

enabling 76-9, 76-10, 76-11, 76-12, 76-13, 76-14

enabling the database agent 76-14

message exchange process 76-6

monitoring 77-5, 77-6

option 82 data insertion 76-5

overview 76-3

Snooping database agent 76-7

DHCP snooping binding database

described 76-5

entries 76-5

DHCP snooping binding table

See DHCP snooping binding database

DHCP Snooping Database Agent

adding to the database (example) 76-18

enabling (example) 76-15

overview 76-7

reading from a TFTP file (example) 76-17

DHCP snooping increased bindings limit 76-14

DiffServ

configuring short pipe mode 65-30

configuring uniform mode 65-34

short pipe mode 65-27

uniform mode 65-28

DiffServ tunneling modes 65-4

Disabling PIM Snooping Designated Router Flooding 47-6

distributed Cisco Express Forwarding

See dCEF

distributed egress SPAN 54-10, 54-15

DNS, See Domain Name System

DNS, see Domain Name System

documentation, related 1-xlv

Domain Name System 84-2

DoS protection 74-1

monitoring packet drop statistics

using monitor session commands 74-8

using VACL capture 74-10

QoS ACLs 74-2

security ACLs 74-2

uRPF check 74-5

dot1x initialize interface command 81-37

dot1x max-reauth-req command 81-41

dot1x max-req command 81-40

dot1x pae authenticator command 81-31

dot1x re-authenticate interface command 81-36

dot1x timeout quiet-period command 81-38

DSCP-based queue mapping 63-14

duplex command 11-5, 11-6

duplex mode

autonegotiation status 11-6

configuring interface 11-4

dynamic ARP inspection

ARP cache poisoning 78-3

ARP requests, described 78-3

ARP spoofing attack 78-3

configuration guidelines 78-2

configuring

log buffer 78-13, 78-15

logging system messages 78-14

rate limit for incoming ARP packets 78-5, 78-10

default configuration 78-6

denial-of-service attacks, preventing 78-10

described 78-3

DHCP snooping binding database 78-4

displaying

ARP ACLs 78-15

configuration and operating state 78-15

trust state and rate limit 78-15

error-disabled state for exceeding rate limit 78-5

function of 78-4

interface trust states 78-4

log buffer

configuring 78-13, 78-15

logging of dropped packets, described 78-6

logging system messages

configuring 78-14

man-in-the middle attack, described 78-4

network security issues and interface trust states 78-4

priority of ARP ACLs and DHCP snooping entries 78-6

rate limiting of ARP packets

configuring 78-10

described 78-5

error-disabled state 78-5

validation checks, performing 78-11

Dynamic Host Configuration Protocol snooping 76-1

E

EAC 68-2

EAPOL. See also port-based authentication. 81-6

eFSU, See Enhanced Fast Software Upgrade (eFSU)

egress SPAN 54-10

electronic traffic, monitoring 84-7

e-mail addresses

assigning for call home 51-19

e-mail notifications

Call Home 51-3

enable mode 2-5

enable sticky secure MAC address 83-8

enabling

IP MMLS

on router interfaces 42-16

lawful intercept 84-8

SNMP notifications 84-12

Endpoint Admission Control (EAC) 68-2

enhanced Fast Software Upgrade (eFSU)

aborting (issu abortversion command) 5-13

accepting the new software version 5-11

commiting the new software to standby RP (issu commitversion command) 5-12

displaying maximum outage time for module 5-10

error handling 5-5

forcing a switchover (issu runversion command) 5-10

issu loadversion command 5-8

loading new software onto standby RP 5-8

memory reservation on module 5-4

memory reservation on module, prohibiting 5-4

OIR not supported 5-2

operation 5-3

outage times 5-4

performing 5-5

steps 5-5

usage guidelines and limitations 5-2

verifying redundancy mode 5-7

environmental monitoring

LED indications 14-4

SNMP traps 14-4

supervisor engine and switching modules 14-4

Syslog messages 14-4

using CLI commands 14-1

EOBC

for MAC address table synchronization 19-3

EoMPLS 37-3

configuring 37-4

configuring VLAN mode 37-3

guidelines and restrictions 37-2

port mode 37-3

VLAN mode 37-3

ERSPAN 54-1

EtherChannel

channel-group group

command 21-8, 21-13, 21-14

command example 21-9, 21-14

configuration guidelines 4-27, 21-2

configuring

Layer 2 21-8

configuring (tasks) 4-26, 21-7

interface port-channel

command example 21-8

interface port-channel (command) 21-8

lacp system-priority

command example 21-10

Layer 2

configuring 21-8

load balancing

configuring 21-11

understanding 21-7

Min-Links 21-13, 21-14

modes 21-4

PAgP

understanding 21-5

port-channel interfaces 21-7

port-channel load-balance

command 21-10, 21-11

command example 21-12

STP 21-7

understanding 4-4, 21-3

EtherChannel Guard

See STP EtherChannel Guard

Ethernet

setting port duplex 11-10

Ethernet flow point

See EFP

Ethernet over MPLS (EoMPLS) configuration

EoMPLS port mode 37-6

EoMPLS VLAN mode 37-4

Ethernet Virtual Connection

See EVC

EVC

broadcast domain 39-4

configuration guidelines 39-2

default configuration 39-9

supported features 39-2

EXP mutation 65-4

extended range VLANs 24-2

See VLANs

extended system ID

MSTP 29-39

Extensible Authentication Protocol over LAN. See EAPOL.

F

fall-back bridging 33-1

fast link notification

on VSL failure 4-13

fiber-optic, detecting unidirectional links 12-1

FIB TCAM 35-3

figure

lawful intercept overview 84-5

Flex Links 20-1

configuration guidelines 20-2

configuring 20-4

default configuration 20-4

description 20-2

monitoring 20-5

flow control 11-9

forward-delay time

MSTP 29-45

forward-delay time, STP 29-35

frame distribution

See EtherChannel load balancing

G

get requests 84-7, 84-8, 84-11

global configuration mode 2-5

guest VLAN and 802.1x 81-19

H

hardware Layer 3 switching

guidelines 31-2

hello time

MSTP 29-44

hello time, STP 29-35

High Capacity Power Supply Support 13-4

history

CLI 2-4

host mode

see port-based authentication

host ports

kinds of 25-7

host presence CDP message 17-4, 81-14

host presence TLV message 83-4

http

//www-tac.cisco.com/Teams/ks/c3/xmlkwery.php?srId=612293409 21-3

I

IAP

content IAP 84-6

definition 84-6

content IAP 84-6

identification IAP 84-6

types of

ICMP unreachable messages 67-2

ID IAP 84-6

IDs

serial IDs 51-12

IEEE 802.1Q Ethertype

specifying custom 19-15

IEEE 802.1Q Tagging on a Per-Port Basis 27-7

IEEE 802.1w

See RSTP

IEEE 802.1x

accounting 81-16, 81-41

authentication failed VLAN 81-19

critical ports 81-20

DHCP snooping 81-15

guest VLAN 81-19

MAC authentication bypass 81-26

network admission control Layer 2 validation 81-27

port security interoperability 81-22

RADIUS-supplied session timeout 81-35

voice VLAN 81-22

wake-on-LAN support 81-28

IEEE 802.3ad

See LACP

IEEE 802.3af 18-2

IEEE 802.3x Flow Control 11-9

IEEE bridging protocol 33-1

IGMP 43-1

configuration guidelines 49-9

enabling 43-9

join messages 43-3

leave processing

enabling 43-13

queries 43-4

query interval

configuring 43-12

snooping

fast leave 43-6

joining multicast group 43-3, 45-4

leaving multicast group 43-5, 45-4

understanding 43-3, 45-3

snooping querier

enabling 43-9

understanding 43-3, 45-3

IGMPv3 42-26

IGMP v3lite 42-26

ignore port trust 61-11

inaccessible authentication bypass 81-20

ingress SPAN 54-10

intercept access point

See IAP

intercept-related information (IRI) 84-6, 84-7

intercepts, multiple 84-6

interface

configuration mode 2-5

Layer 2 modes 19-4

number 11-2

interface port-channel

command example 21-8

interface port-channel (command) 21-8

interfaces

configuring, duplex mode 11-3

configuring, speed 11-3

configururing, overview 11-2

counters, clearing 11-12, 11-13

displaying information about 11-12

maintaining 11-12

monitoring 11-12

range of 11-2

restarting 11-13

shutting down

task 11-13

interfaces command 11-2

interfaces range command 53-3

interfaces range macro command 11-2

internal VLANs 24-3

Internet Group Management Protocol 43-1, 45-1

IP accounting, IP MMLS and 42-2

IP CEF

topology (figure) 31-4

ip flow-export source command 56-3, 56-4, 56-5

ip http server 1-7

ip local policy route-map command 32-5

IP MMLS

cache, overview 42-4

configuration guideline 42-1

debug commands 42-31

default configuration 42-15

enabling

on router interfaces 42-16

Layer 3 MLS cache 42-4

overview 42-2

packet rewrite 42-5

router

enabling globally 42-16

enabling on interfaces 42-16

PIM, enabling 42-16

IP multicast

IGMP snooping and 43-8

MLDv2 snooping and 49-9

overview 43-2, 45-2, 46-2

IP multicast MLS

See IP MMLS

ip multicast-routing command

enabling IP multicast 42-16

IP phone

configuring 17-5

ip pim command

enabling IP PIM 42-16

ip policy route-map command 32-5

IP Source Guard 77-1

configuring 77-3

configuring on private VLANs 77-5

displaying 77-5, 77-6

overview 77-2

IP unnumbered 33-1

IPv4 Multicast over Point-to-Point GRE Tunnels 1-8

IPv4 Multicast VPN 41-1

IPv6 Multicast Layer 3 Switching 48-1

IPv6 QoS 60-4

ISL trunks 19-4

isolated port 25-7

isolated VLANs 25-6, 25-7

J

join messages, IGMP 43-3

jumbo frames 11-6

K

keyboard shortcuts 2-3

L

label edge router 35-2

label switched path 37-1

label switch router 35-2, 35-4

LACP

system ID 21-6

Law Enforcement Agency (LEA) 84-4

lawful intercept

admin function 84-7, 84-8

collection function 84-6

configuring 84-10, 84-11, 84-12

enabling 84-8

IRI 84-6

mediation device 84-5

overview 84-4, 84-5

prerequisites 84-1

processing 84-7

security considerations 84-9

SNMP notifications 84-12

lawful intercept processing 84-7

Layer 2

configuring interfaces 19-5

access port 19-14

trunk 19-8

defaults 19-5

interface modes 19-4

show interfaces 11-8, 11-9, 19-6, 19-13

switching

understanding 19-2

trunks

understanding 19-4

VLAN

interface assignment 24-6

Layer 2 Interfaces

configuring 19-1

Layer 2 protocol tunneling

configuring Layer 2 tunnels 28-3

overview 28-2

Layer 2 Traceroute 57-1

Layer 2 traceroute

and ARP 57-2

and CDP 57-1

described 57-2

IP addresses and subnets 57-2

MAC addresses and VLANs 57-2

multicast traffic 57-2

multiple devices on a port 57-2

unicast traffic 57-2

usage guidelines 57-1

Layer 3

IP MMLS and MLS cache 42-4

Layer 3 switched packet rewrite

CEF 31-2

Layer 3 switching

CEF 31-2

Layer 4 port operations (ACLs) 67-2

leave processing, IGMP

enabling 43-13

leave processing, MLDv2

enabling 49-12

LERs 65-2, 65-6, 65-7

Link Failure

detecting unidirectional 29-25

link negotiation 11-5

link redundancy

See Flex Links

load deferral

MEC traffic recovery 4-6

Local Egress Replication 42-19

logical operation unit

See LOU

loop guard

See STP loop guard

LOU

description 67-3

determining maximum number of 67-3

LSRs 65-2, 65-6

M

mab command 81-43, 81-47

MAC address-based blocking 70-1

MAC address table notification 19-7

MAC authentication bypass. See also port-based authentication. 81-26

MAC move (port security) 83-3

macros 3-1

See Smartports macros

MACSec 68-2

magic packet 81-28

main-cpu command 9-4

mapping 802.1Q VLANs to ISL VLANs 24-7

markdown

see QoS markdown

match ip address command 32-4

match length command 32-4

maximum aging time

MSTP 29-45

maximum aging time, STP 29-36

maximum hop count, MSTP 29-46

MEC

configuration 4-44

described 4-14

failure 4-15

port load share deferral 4-16

mediation device

admin function 84-7, 84-8

definition 84-5

description 84-5

MIBs

CISCO-IP-TAP-MIB 84-2, 84-8, 84-10

CISCO-TAP2-MIB 84-8, 84-9, 84-10

SNMP-COMMUNITY-MIB 84-9

SNMP-USM-MIB 84-4, 84-9

SNMP-VACM-MIB 84-4, 84-9

microflow policing 61-4

Mini Protocol Analyzer 58-1

Min-Links 21-13

MLD

report 49-5

MLD snooping

query interval

configuring 49-10

MLDv1 49-2

MLDv2 49-1

enabling 49-11

leave processing

enabling 49-12

queries 49-6

snooping

fast leave 49-8

joining multicast group 49-5

leaving multicast group 49-7

understanding 49-3

snooping querier

enabling 49-10

understanding 49-3

MLDv2 Snooping 49-1

monitoring

Flex Links 20-5

MVR 44-8

private VLANs 25-16

monitoring electronic traffic 84-7

MPLS 35-1, 35-2

aggregate label 35-2

any transport over MPLS 37-3

basic configuration 35-9

core 35-4

DiffServ Tunneling Modes 65-26

egress 35-4

experimental field 65-3

hardware features 35-5

ingress 35-4

IP to MPLS path 35-4

labels 35-2

MPLS to IP path 35-4

MPLS to MPLS path 35-4

nonaggregate lable 35-2

QoS default configuration 65-13

restrictions 35-1

VPN 65-11

VPN guidelines and restrictions 36-2

MPLS QoS

Classification 65-2

Class of Service 65-2

commands 65-15

configuring a class map 65-17

configuring a policy map 65-20

configuring egress EXP mutation 65-24

configuring EXP Value Maps 65-25

Differentiated Services Code Point 65-2

displaying a policy map 65-24

E-LSP 65-2

EXP bits 65-2

features 65-2

IP Precedence 65-2

QoS Tags 65-2

queueing-only mode 65-17

MPLS QoS configuration

class map to classify MPLS packets 65-17

MPLS supported commands 35-2

MPLS VPN

limitations and restrictions 36-2

MQC 59-1

MST

interoperation with Rapid PVST+ 30-20

root bridge 30-20

MSTP

boundary ports

configuration guidelines 29-2

described 29-22

CIST, described 29-19

CIST regional root 29-20

CIST root 29-21

configuration guidelines 29-2

configuring

forward-delay time 29-45

hello time 29-44

link type for rapid convergence 29-46

maximum aging time 29-45

maximum hop count 29-46

MST region 29-38

neighbor type 29-46

path cost 29-42

port priority 29-41

root switch 29-39

secondary root switch 29-40

switch priority 29-43

CST

defined 29-19

operations between regions 29-20

default configuration 29-26

displaying status 29-47

enabling the mode 29-38

extended system ID

effects on root switch 29-39

effects on secondary root switch 29-40

unexpected behavior 29-39

IEEE 802.1s

implementation 29-23

port role naming change 29-23

terminology 29-21

interoperability with IEEE 802.1D

described 29-24

restarting migration process 29-47

IST

defined 29-19

master 29-20

operations within a region 29-20

mapping VLANs to MST instance 29-38

MST region

CIST 29-19

configuring 29-38

described 29-19

hop-count mechanism 29-22

IST 29-19

supported spanning-tree instances 29-19

overview 29-18

root switch

configuring 29-39

effects of extended system ID 29-39

unexpected behavior 29-39

status, displaying 29-47

MTU size (default) 24-3

multiauthentication (multiauth). See also port-based authentication. 81-14

multicast

IGMP snooping and 43-8

MLDv2 snooping and 49-9

non-RPF 42-7

overview 43-2, 45-2, 46-2

PIM snooping 47-4

multicast flood blocking 80-1

multicast groups

joining 43-3, 45-4

leaving 43-5, 49-7

multicast groups, IPv6

joining 49-5

Multicast Listener Discovery version 2 49-1

Multicast Replication Mode Detection enhancement 42-18

multicast storms

see traffic-storm control

multicast television application 44-3

multicast VLAN 44-2

Multicast VLAN Registration 44-1

multichassis EtherChannel

see MEC 4-14

Multidomain Authentication (MDA). See also port-based authentication. 81-14

Multilayer MAC ACL QoS Filtering 67-9

multiple path RPF check 74-5

Multiple Spanning Tree

See MST

MUX-UNI Support 35-7

MUX-UNI support 35-7

MVAP (Multi-VLAN Access Port). See also port-based authentication. 81-22

MVR

and IGMPv3 44-2

configuring interfaces 44-6

default configuration 44-5

example application 44-3

in the switch stack 44-5

monitoring 44-8

multicast television application 44-3

restrictions 44-1

setting global parameters 44-6

N

NAC

agentless audit support 81-27

critical authentication 81-20, 81-44

IEEE 802.1x authentication using a RADIUS server 81-47

IEEE 802.1x validation using RADIUS server 81-47

inaccessible authentication bypass 81-44

Layer 2 IEEE 802.1x validation 81-47

Layer 2 IEEE802.1x validation 81-27

native VLAN 19-11

NDAC 68-2

NetFlow

table, displaying entries 31-5

Network Device Admission Control (NDAC) 68-2

network ports

Bridge Assurance 30-5

description 30-2

nonaggregate label 35-2, 35-5

non-RPF multicast 42-7

normal-range VLANs

See VLANs

notifications, See SNMP notifications

NSF with SSO does not support IPv6 multicast traffic. 7-1, 8-1

O

OIR 11-11

online diagnostics

CompactFlash disk verification A-44

configuring 15-2

datapath verification A-14

diagnostic sanity check 15-24

egress datapath test A-5

error counter test A-5

interrupt counter test A-5

memory tests 15-24

overview 15-2

running tests 15-6

test descriptions A-1

understanding 15-2

online diagnostic tests A-1

online insertion and removal

See OIR

out-f-band MAC address table synchronization

configuring 19-6

in a VSS 4-2

out of profile

see QoS out of profile

P

packet capture 58-2

packet rewrite

CEF 31-2

IP MMLS and 42-5

packets

multicast 71-6

PAgP

understanding 21-5

path cost

MSTP 29-42

PBACLs 67-5

PBF 72-4

PBR 1-8

PBR (policy-based routing)

configuration (example) 32-7

enabling 32-4

peer inconsistent state

in PVST simulation 30-20

per-port VTP enable and disable 23-16

PFC

recirculation 35-5

PIM, IP MMLS and 42-16

PIM snooping

designated router flooding 47-6

enabling globally 47-5

enabling in a VLAN 47-5

overview 47-4

platform aging command

configuring IP MLS 50-3, 50-4

platform ip multicast command

enabling IP MMLS42-17to 42-27

PoE 18-2

Cisco prestandard 18-2

IEEE 802.3af 18-2

PoE management 18-3

power policing 18-3

power use measurement 18-3

police command 61-13, 61-14

policy-based ACLs (PBACLs) 67-5

policy-based forwarding (PBF) 73-2

policy-based routing

See PBR

policy-based routing (PBR)

configuring 32-1

policy map 61-9, 62-11

attaching to an interface 61-17, 62-16, 74-4

policy-map command 61-9

port ACLs

defined 71-2

port ACLs (PACLs) 71-1

Port Aggregation Protocol

see PAgP

port-based authentication

AAA authorization 81-30

accounting 81-16

configuring 81-41

authentication server

defined 81-7, 82-3

RADIUS server 81-7

client, defined 81-7, 82-3

configuration guidelines 81-2, 82-1

configuring

guest VLAN 81-42

inaccessible authentication bypass 81-44

initializing authentication of a client 81-37

manual reauthentication of a client 81-36

RADIUS server 81-33, 82-10

RADIUS server parameters on the switch 81-32, 82-9

restricted VLAN 81-43

switch-to-authentication-server retransmission time 81-39

switch-to-client EAP-request frame retransmission time 81-39

switch-to-client frame-retransmission number 81-40

switch-to-client retransmission time 81-39

user distribution 81-42

VLAN group assignment 81-42

default configuration 81-28, 82-7

described 81-6

device roles 81-6, 82-3

DHCP snooping 81-15

DHCP snooping and insertion 76-6

displaying statistics 81-51, 82-15

EAPOL-start frame 81-10

EAP-request/identity frame 81-10

EAP-response/identity frame 81-10

enabling

802.1X authentication 81-30, 81-32, 82-9

periodic reauthentication 81-35

encapsulation 81-7

guest VLAN

configuration guidelines 81-19, 81-20

described 81-19

host mode 81-13

inaccessible authentication bypass

configuring 81-44

described 81-20

guidelines 81-4

initiation and message exchange 81-10

MAC authentication bypass 81-26

magic packet 81-28

method lists 81-30

modes 81-13

multiauth mode, described 81-14

multidomain authentication mode, described 81-14

multiple-hosts mode, described 81-13

ports

authorization state and dot1x port-control command 81-12

authorized and unauthorized 81-12

critical 81-20

voice VLAN 81-22

port security

and voice VLAN 81-23

described 81-22

interactions 81-22

multiple-hosts mode 81-13

pre-authentication open access 81-15, 81-33

resetting to default values 81-51

supplicant, defined 81-7

switch

as proxy 81-7, 82-3

RADIUS client 81-7

user distribution

configuring 81-42

described 81-18

guidelines 81-4

VLAN assignment

AAA authorization 81-30

characteristics 81-17

configuration tasks 81-18

described 81-17

VLAN group

guidelines 81-4

voice VLAN

described 81-22

PVID 81-22

VVID 81-22

wake-on-LAN, described 81-28

port-based QoS features

see QoS

port-channel

see EtherChannel

port-channel load-balance

command 21-10, 21-11

command example 21-10, 21-12

port-channel load-defer command 4-44

port-channel port load-defer command 4-44

port cost, STP 29-32

port debounce timer

disabling 11-10

displaying 11-10

enabling 11-10

PortFast

edge ports 30-2

network ports 30-2

See STP PortFast

PortFast Edge BPDU filtering

See STP PortFast Edge BPDU filtering

PortFast port types

description30-2, 30-2to ??

edge 30-2

network 30-2

port mode 37-3

port negotiation 11-5

port priority

MSTP 29-41

port priority, STP 29-31

ports

setting the debounce timer 11-10

port security

aging 83-9, 83-10

configuring 83-4

described 83-3

displaying 83-10

enable sticky secure MAC address 83-8

sticky MAC address 83-3

violations 83-3

Port Security is supported on trunks 83-2, 83-5, 83-7, 83-9

port security MAC move 83-3

port security on PVLAN ports 83-2

Port Security with Sticky Secure MAC Addresses 83-3

power management

enabling/disabling redundancy 13-2

overview 13-1

powering modules up or down 13-3

power policing 18-6

Power over Ethernet 18-2

power over ethernet 18-2

pre-authentication open access. See port-based authentication.

prerequisites for lawful intercept 84-1

primary links 20-2

primary VLANs 25-6

priority

overriding CoS 17-6, 18-4

private hosts 26-1

private hosts feature

configuration guidelines 26-1

configuring (detailed steps) 26-9

configuring (summary) 26-8

multicast operation 26-4

overview 26-4

port ACLs (PACLs) 26-7

port types 26-5, 26-6

protocol-independent MAC ACLs 26-4

restricting traffic flow with PACLs 26-5

spoofing protection 26-3

private VLANs 25-1

across multiple switches 25-9

and SVIs 25-10

benefits of 25-5

community VLANs 25-6, 25-7

configuration guidelines 25-2, 25-4, 25-10

configuring 25-10

host ports 25-14

pomiscuous ports 25-15

routing secondary VLAN ingress traffic 25-13

secondary VLANs with primary VLANs 25-12

VLANs as private 25-11

end station access to 25-8

IP addressing 25-8

isolated VLANs 25-6, 25-7

monitoring 25-16

ports

community 25-7

configuration guidelines 25-4

isolated 25-7

promiscuous 25-7

primary VLANs 25-6

secondary VLANs 25-6

subdomains 25-5

traffic in 25-10

privileged EXEC mode 2-5

promiscuous ports 25-7

protocol tunneling

See Layer 2 protocol tunneling 28-2

PVRST

See Rapid-PVST 29-3

PVST

description 29-3

PVST simulation

description 30-20

peer inconsistent state 30-20

root bridge 30-20

Q

QoS

auto-QoS

enabling for VoIP 64-4

IPv6 60-4

See also automatic QoS 64-1

QoS CoS

port value, configuring 63-2

QoS default configuration 66-2

QoS DSCP

maps, configuring 63-7

QoS mapping

CoS values to DSCP values 63-4, 63-7

DSCP markdown values 63-8, 65-14

DSCP mutation 63-3, 65-25

DSCP values to CoS values 63-9

IP precedence values to DSCP values 63-7

QoS markdown 61-4

QoS out of profile 61-4

QoS policing rule

aggregate 61-4

microflow 61-4

QoS port

trust state 63-10

QoS port-based or VLAN-based 63-12

QoS receive queue 63-18

QoS statistics data export 66-2

configuring 66-2

configuring destination host 66-7

configuring time interval 66-6, 66-8

QoS transmit queues 62-6, 63-15, 63-16

QoS VLAN-based or port-based 63-12

queries, IGMP 43-4

queries, MLDv2 49-6

R

RADIUS 76-6

RADIUS. See also port-based authentication. 81-7

range

command 53-3

macro 11-2

rapid convergence 29-14

Rapid-PVST

enabling 29-36

Rapid PVST+

interoperation with MST 30-20

Rapid-PVST+

overview 29-3

Rapid Spanning Tree

See RSTP

Rapid Spanning Tree Protocol

See RSTP

receive queues

see QoS receive queues

recirculation 35-5

redirect URLs

described 81-25

reduced MAC address 29-3

redundancy (RPR+) 9-1

configuring 9-4

configuring supervisor engine 9-2

displaying supervisor engine configuration 9-5

redundancy command 9-4

related documentation 1-xlv

Remote Authentication Dial-In User Service. See RADIUS.

report, MLD 49-5

reserved-range VLANs

See VLANs

restricted VLAN

configuring 81-43

described 81-19

using with IEEE 802.1x 81-19

restricting MIB access 84-10, 84-11

rewrite, packet

CEF 31-2

IP MMLS 42-5

RHI 4-51

RIF cache monitoring 11-12

ROM monitor

CLI 2-7

root bridge

MST 30-20

PVST simulation 30-20

root bridge, STP 29-29

root guard

See STP root guard

root switch

MSTP 29-39

route health injection

See RHI

route-map (IP) command 32-4

route maps

defining 32-4

router guard 46-1

RPF

failure 42-7

non-RPF multicast 42-7

RPR and RPR+ support IPv6 multicast traffic 9-1

RSTP

active topology 29-13

BPDU

format 29-16

processing 29-17

designated port, defined 29-13

designated switch, defined 29-13

interoperability with IEEE 802.1D

described 29-24

restarting migration process 29-47

topology changes 29-17

overview 29-13

port roles

described 29-13

synchronized 29-15

proposal-agreement handshake process 29-14

rapid convergence

described 29-14

edge ports and Port Fast 29-14

point-to-point links 29-14, 29-46

root ports 29-14

root port, defined 29-13

See also MSTP

S

secondary VLANs 25-6

Secure MAC Address Aging Type 83-9

security

configuring 69-1

security, port 83-3

security considerations 84-9

Security Exchange Protocol (SXP) 68-2

Security Group Access Control List (SGACL) 68-2

Security Group Tag (SGT) 68-2

serial IDs

description 51-12

serial interfaces

clearing 11-13

synchronous

maintaining 11-13

server IDs

description 51-12

service instance

configuration mode 39-5

creating 39-4

defined 39-4

service-policy input command 61-17, 62-16, 63-4, 63-6, 65-25, 74-4

service-provider network, MSTP and RSTP 29-18

set default interface command 32-4

set interface command 32-4

set ip default next-hop command 32-4

set ip df command

PBR 32-4

set ip next-hop command 32-4

set ip precedence command

PBR 32-4

set ip vrf command

PBR 32-4

set power redundancy enable/disable command 13-2

set requests 84-7, 84-8, 84-11

setting up lawful intercept 84-7

SGACL 68-2

SGT 68-2

short pipe mode

configuring 65-30

show authentication command 81-52

show catalyst6000 chassis-mac-address command 29-4

show dot1x interface command 81-36

show eobc command 11-12

show history command 2-4

show ibc command 11-12

show interfaces command 11-8, 11-9, 11-12, 19-6, 19-13

clearing interface counters 11-12

displaying, speed and duplex mode 11-6

show ip local policy command 32-5

show mab command 81-55

show module command 9-5

show platform aging command 50-4

show platform entry command 31-5

show platform ip multicast group command

displaying IP MMLS group 42-27

show platform ip multicast interface command

displaying IP MMLS interface 42-27

show platform ip multicast source command

displaying IP MMLS source 42-27

show platform ip multicast statistics command

displaying IP MMLS statistics 42-27

show platform ip multicast summary

displaying IP MMLS configuration 42-27

show protocols command 11-12

show rif command 11-12

show running-config command 11-12

displaying ACLs 71-7, 71-8

show svclc rhi-routes command 4-51

show version command 11-12

shutdown command 11-13

shutdown interfaces

result 11-13

slot number, description 11-2

smart call home 51-1

description 51-4

destination profile (note) 51-21

registration requirements 51-4

service contract requirements 51-2

Transport Gateway (TG) aggregation point 51-3

SMARTnet

smart call home registration 51-4

smart port macros 3-1

configuration guidelines 3-2

Smartports macros

applying global parameter values 3-14

applying macros 3-14

creating 3-13

default configuration 3-4

defined 3-4

displaying 3-15

tracing 3-2

SNMP

configuring 84-10

default view 84-9

get and set requests 84-7, 84-8, 84-11

notifications 84-9, 84-12

support and documentation 1-7

SNMP-COMMUNITY-MIB 84-9

SNMP-USM-MIB 84-4, 84-9

SNMP-VACM-MIB 84-4, 84-9

snooping

See IGMP snooping

software

upgrading router 5-5

source IDs

call home event format 51-11

source specific multicast with IGMPv3, IGMP v3lite, and URD 42-26

SPAN

configuration guidelines 54-2

configuring 54-12

sources 54-16, 54-19, 54-21, 54-22, 54-24, 54-25, 54-26, 54-28

VLAN filtering 54-30

destination port support on EtherChannels 54-12, 54-19, 54-22, 54-24, 54-25, 54-29

distributed egress 54-10, 54-15

modules that disable for ERSPAN 54-7

input packets with don't learn option

ERSPAN 54-28, 54-29

local SPAN 54-17, 54-18, 54-19

RSPAN 54-22, 54-23, 54-25

understanding 54-12

local SPAN egress session increase 54-3, 54-16

overview 54-7

SPAN Destination Port Permit Lists 54-15

spanning-tree backbonefast

command 30-15, 30-16

command example 30-15, 30-16

spanning-tree cost

command 29-33

command example 29-33

spanning-tree portfast

command 30-2, 30-3, 30-4

command example 30-3, 30-4

spanning-tree portfast bpdu-guard

command 30-8

spanning-tree port-priority

command 29-31

spanning-tree protocol for bridging 33-1

spanning-tree uplinkfast

command 30-13

command example 30-13

spanning-tree vlan

command 29-27, 29-29, 29-30, 29-31, 30-8, 30-17

command example 29-28, 29-29, 29-30, 29-31

spanning-tree vlan cost

command 29-33

spanning-tree vlan forward-time

command 29-35

command example 29-35

spanning-tree vlan hello-time

command 29-35

command example 29-35

spanning-tree vlan max-age

command 29-36

command example 29-36

spanning-tree vlan port-priority

command 29-31

command example 29-32

spanning-tree vlan priority

command 29-34

command example 29-34

speed

configuring interface 11-4

speed command 11-4

speed mode

autonegotiation status 11-6

standards, lawful intercept 84-4

standby links 20-2

static sharing

description 81-25

statistics

802.1X 81-51, 82-15

sticky ARP 74-7

sticky MAC address 83-3

Sticky secure MAC addresses 83-8, 83-9

storm control

see traffic-storm control

STP

configuring 29-26

bridge priority 29-34

enabling 29-27, 29-28

forward-delay time 29-35

hello time 29-35

maximum aging time 29-36

port cost 29-32

port priority 29-31

root bridge 29-29

secondary root switch 29-30

defaults 29-25

EtherChannel 21-7

normal ports 30-3

understanding 29-2

802.1Q Trunks 29-12

Blocking State 29-8

BPDUs 29-4

disabled state 29-12

forwarding state 29-11

learning state 29-10

listening state 29-9

overview 29-3

port states 29-6

protocol timers 29-5

root bridge election 29-5

topology 29-5

STP BackboneFast

configuring 30-15

figure

adding a switch 30-18

spanning-tree backbonefast

command 30-15, 30-16

command example 30-15, 30-16

understanding 30-13

STP BPDU Guard

configuring 30-7

spanning-tree portfast bpdu-guard

command 30-8

understanding 30-7

STP bridge ID 29-3

STP EtherChannel guard 30-16

STP extensions

description??to 30-20

STP loop guard

configuring 30-19

overview 30-17

STP PortFast

BPDU filter

configuring 30-10

BPDU filtering 30-9

configuring 30-2

spanning-tree portfast

command 30-2, 30-3, 30-4

command example 30-3, 30-4

understanding 30-2

STP port types

normal 30-3

STP root guard 30-17

STP UplinkFast

configuring 30-12

spanning-tree uplinkfast

command 30-13

command example 30-13

understanding 30-11

subdomains, private VLAN 25-5

supervisor engine

environmental monitoring 14-1

redundancy 9-1

synchronizing configurations 9-5

supervisor engine redundancy

configuring 9-2

supervisor engines

displaying redundancy configuration 9-5

supplicant 81-7

surveillance 84-7

svclc command 4-50

Switched Port Analyzer 54-1

switch fabric functionality 10-1

configuring 10-3

monitoring 10-4

switchport

configuring 19-14

example 19-13

show interfaces 11-8, 11-9, 19-6, 19-13

switchport access vlan 19-6, 19-7, 19-10, 19-14

example 19-15

switchport mode access 19-4, 19-6, 19-7, 19-14

example 19-15

switchport mode dynamic 19-9

switchport mode dynamic auto 19-4

switchport mode dynamic desirable 19-4

default 19-5

example 19-13

switchport mode trunk 19-4, 19-9

switchport nonegotiate 19-4

switchport trunk allowed vlan 19-11

switchport trunk encapsulation 19-7, 19-9

switchport trunk encapsulation dot1q

example 19-13

switchport trunk encapsulation negotiate

default 19-5

switchport trunk native vlan 19-11

switchport trunk pruning vlan 19-12

switch priority

MSTP 29-43

switch TopN reports

foreground execution 56-2

running 56-3

viewing 56-3

SXP 68-2

system event archive (SEA) 52-1

System Hardware Capacity 1-3

T

TDR

checking cable connectivity 11-14

enabling and disabling test 11-14

guidelines 11-14

Telnet

accessing CLI 2-2

Time Domain Reflectometer 11-14

TLV

host presence detection 17-4, 81-14, 83-4

traceroute, Layer 2

and ARP 57-2

and CDP 57-1

described 57-2

IP addresses and subnets 57-2

MAC addresses and VLANs 57-2

multicast traffic 57-2

multiple devices on a port 57-2

unicast traffic 57-2

usage guidelines 57-1

traffic-storm control

command

broadcast 79-4

described 79-2

monitoring 79-5

thresholds 79-2

traffic suppression

see traffic-storm control

transmit queues

see QoS transmit queues

traps, see SNMP notifications

trunks 19-4

802.1Q Restrictions 19-2

allowed VLANs 19-11

configuring 19-8

default interface configuration 19-6

default VLAN 19-10

different VTP domains 19-4

native VLAN 19-11

to non-DTP device 19-4

VLAN 1 minimization 19-12

trusted boundary 17-6

trusted boundary (extended trust for CDP devices) 17-4

trustpoint 51-2

tunneling 65-4, 65-26

tunneling, 802.1Q

See 802.1Q 27-4

type length value

See TLV

U

UDE

configuration 34-5

overview 34-4

UDE and UDLR 34-1

UDLD

default configuration 12-4

enabling

globally 12-5

on ports 12-5, 12-6

overview 12-2

UDLR 34-1

back channel 34-3

configuration 34-6

tunnel

(example) 34-7

ARP and NHRP 34-4

UDLR (unidirectional link routing) 34-1

UDP port for SNMP notifications 84-12

UMFB 80-2

unauthorized ports with 802.1X 81-12

unicast storms

see traffic-storm control

Unidirectional Ethernet 34-1

unidirectional ethernet

example of setting 34-5

UniDirectional Link Detection Protocol

see UDLD

uniform mode

configuring 65-34

unknown multicast flood blocking

See UMFB

unknown unicast and multicast flood blocking 80-1

unknown unicast flood blocking

See UUFB

unknown unicast flood rate-limiting

See UUFRL

UplinkFast

See STP UplinkFast

URD 42-26

User-Based Rate Limiting 61-6, 61-15

user EXEC mode 2-5

UUFB 80-2

UUFRL 80-2

V

VACLs 72-2

configuring

examples 72-5

Layer 3 VLAN interfaces 72-5

Layer 4 port operations 67-2

logging

configuration example 72-8

configuring 72-7

restrictions 72-7

MAC address based 72-2

multicast packets 71-6

SVIs 72-5

WAN interfaces 72-2

virtual private LAN services (VPLS) 38-1

associating attachment circuit with the VSI at the PE 38-13

basic configuration 38-2

configuration example 38-18

configuring MPLS in the PE 38-11

configuring PE layer 2 interface to the CE 38-7

configuring the VFI in the PE 38-12

overview 38-2

restrictions 38-2

services 38-5

vlan

command 24-5, 24-6, 54-20

command example 24-6

VLAN Access Control Lists

See VACLs

VLAN-based QoS filtering 67-10

VLAN-bridge spanning-tree protocol 33-1

vlan database

command 24-5, 24-6, 54-20

vlan group command 81-42

VLAN locking 24-4

vlan mapping dot1q

command 24-8, 24-9

VLAN maps

applying 71-8

VLAN mode 37-3

VLAN port provisioning verification 24-4

VLANs

allowed on trunk 19-11

configuration guidelines 24-2

configuring 24-1

configuring (tasks) 24-4

defaults 24-3

extended range 24-3

interface assignment 24-6

multicast 44-2

name (default) 24-3

normal range 24-3

reserved range 24-3

support for 4,096 VLANs 24-2

token ring 24-3

trunks

understanding 19-4

understanding 24-2

VLAN 1 minimization 19-12

VTP domain 24-4

VLAN translation

command example 24-8, 24-9

voice VLAN

Cisco 7960 phone, port connections 17-2

configuration guidelines 17-1

configuring IP phone for data traffic

override CoS of incoming frame 17-6, 18-4

configuring ports for voice traffic in

802.1Q frames 17-5

connecting to an IP phone 17-5

default configuration 17-4

overview 17-2

voice VLAN. See also port-based authentication. 81-22

VPN

configuration example 36-4

guidelines and restrictions 36-2

VPN supported commands 36-2

VPN switching 36-1

VSS

dual-active detection

Enhanced PAgP, advantages 4-23

Enhanced PAgP, description 4-23

enhanced PAgP, description 4-45

fast-hello, advantages 4-23

fast-hello, description 4-23

VSLP fast-hello, configuration 4-46

VTP

advertisements 23-4, 23-5

client, configuring 23-15

configuration guidelines 23-1

default configuration 23-9

disabling 23-15

domains 23-3

VLANs 24-4

modes

client 23-4

server 23-4

transparent 23-4

monitoring 23-17

overview 23-2

per-port enable and disable 23-16

pruning

configuration 19-12

configuring 23-12

overview 23-7

server, configuring 23-15

statistics 23-17

transparent mode, configuring 23-15

version 2

enabling 23-13

overview 23-5

version 3

enabling 23-13

overview 23-6

server type, configuring 23-11

W

wake-on-LAN. See also port-based authentication. 81-28

web-based authentication

AAA fail policy 82-5

description 82-2

web browser interface 1-7

wiretaps 84-4