- Index
- Preface
- Product Overview
- Virtual Switching Systems (VSS)
- Layer 2 LAN Port Configuration
- Flex Links
- EtherChannels
- IEEE 802.1ak MVRP and MRP
- VLAN Trunking Protocol (VTP)
- VLANs
- Private VLANs (PVLANs)
- Private Hosts
- IEEE 802.1Q Tunneling
- Layer 2 Protocol Tunneling
- Spanning Tree Protocols (STP, MST)
- Optional STP Features
- IP Unicast Layer 3 Switching
- Multiprotocol Label Switching (MPLS)
- MPLS VPN Support
- Ethernet over MPLS (EoMPLS)
- Virtual Private LAN Services (VPLS)
- Ethernet Virtual Connections (EVC)
- Layer 2 over Multipoint GRE (L2omGRE)
- IPv4 Multicast Layer 3 Features
- IPv4 Multicast IGMP Snooping
- IPv4 PIM Snooping
- IPv4 Multicast VLAN Registration (MVR)
- IPv4 IGMP Filtering
- IPv4 Router Guard
- IPv4 Multicast VPN Support
- IPv6 Multicast Layer 3 Features
- IPv6 MLD Snooping
- NetFlow Hardware Support
- Call Home
- System Event Archive (SEA)
- Backplane Platform Monitoring
- Local SPAN, RSPAN, and ERSPAN
- SNMP IfIndex Persistence
- Top-N Reports
- Layer 2 Traceroute Utility
- Mini Protocol Analyzer
- PFC QoS Overview
- PFC QoS Guidelines and Restrictions
- PFC QoS Classification, Marking, and Policing
- PFC QoS Policy Based Queueing
- PFC QoS Global and Interface Options
- AutoQoS
- MPLS QoS
- PFC QoS Statistics Data Export
- Cisco IOS ACL Support
- Cisco TrustSec (CTS)
- AutoSecure
- MAC Address-Based Traffic Blocking
- Port ACLs (PACLs)
- VLAN ACLs (VACLs)
- Policy-Based Forwarding (PBF)
- Denial of Service (DoS) Protection
- Control Plane Policing (CoPP)
- Dynamic Host Configuration Protocol (DHCP) Snooping
- IP Source Guard
- Dynamic ARP Inspection (DAI)
- Traffic Storm Control
- Unknown Unicast and Multicast Flood Control
- IEEE 802.1X Port-Based Authentication
- Configuring Web-Based Authentication
- Port Security
- Lawful Intercept
- Online Diagnostic Tests
- Migrating From a 12.2SX QoS Configuration
Index
Numerics
4K VLANs (support for 4,096 VLANs) 24-2
802.1AE Tagging 68-2
802.1Q
Layer 2 protocol tunneling
See Layer 2 protocol tunneling
mapping to ISL VLANs 24-7
trunks 19-4
restrictions 19-2
tunneling
configuration guidelines 27-1
configuring tunnel ports 27-6
overview 27-4
802.1Q Ethertype
specifying custom 19-15
802.1X 81-1
802.1x accounting 81-41
802.3ad
802.3af 18-2
802.3x Flow Control 11-9
A
AAA
AAA (authentication, authorization, and accounting). See also port-based authentication. 81-6, 82-2
aaa accounting dot1x command 81-41
aaa accounting system command 81-41
abbreviating commands 2-5
access, restricting MIB 84-10
access control entries and lists 67-1
access-enable host timeout (not supported) 67-4
access port, configuring 19-14
access rights 84-9
access setup, example 84-11
accounting
with 802.1x 81-41
with IEEE 802.1x 81-16
ACEs and ACLs 67-1
ACLs
downloadable 82-2
downloadable (dACLs) 81-23
Filter-ID 81-24
per-user 81-24
port
defined 71-2
redirect URL 81-25
static sharing 81-25
acronyms, list of A-1
activating lawful intercept 84-8
admin function (mediation device) 84-7, 84-8
administration, definition 84-6
advertisements, VTP 23-4
aggregate policing 61-4
aging time
accelerated
for MSTP 29-45
maximum
alarms
major 14-4
minor 14-4
Allow DHCP Option 82 on Untrusted Port
configuring 76-10
understanding 76-5
any transport over MPLS (AToM) 37-3
Ethernet over MPLS 37-3
ARP ACL 67-12
ARP spoofing 78-3
AToM 37-3
audience 1-xlv
authentication control-direction command 81-50
authentication event command 81-43
authentication failed VLAN
authentication open comand 81-15
authentication password, VTP 23-5
authentication periodic command 81-36, 81-47
authentication port-control command 81-43
authentication timer reauthenticate command 81-36
authorized ports with 802.1X 81-12
automatic QoS
configuration guidelines and restrictions 64-2
macros 64-4
overview 64-2
AutoQoS 64-1
auto-sync command 9-4
B
BackboneFast
backup interfaces
binding database, DHCP snooping
See DHCP snooping binding database
binding table, DHCP snooping
See DHCP snooping binding database
blocking state, STP 29-8
blue beacon 1-6
BPDU
RSTP format 29-16
BPDU guard
BPDUs
Bridge Assurance 30-5
Shared Spanning Tree Protocol (SSTP) 30-20
Bridge Assurance
inconsistent state 30-5
supported protocols and link types 30-5
bridge domain
configuring 39-8
bridge groups 33-1
bridge ID
bridge priority, STP 29-34
bridge protocol data units
bridging 33-1
broadcast storms
C
CALEA, See Communications Assistance for Law Enforcement Act (CALEA)
Call Home
description 51-3
message format options 51-3
messages
format options 51-3
call home 51-1
alert groups 51-28
contact information 51-19
destination profiles 51-20
displaying information 51-39
pattern matching 51-31
periodic notification 51-30
rate limit messages 51-31
severity threshold 51-30
smart call home feature 51-4
SMTP server 51-2
testing communications 51-32
call home alert groups
configuring 51-28
description 51-28
subscribing 51-29
call home customer information
entering information 51-19
call home destination profiles
attributes 51-21
description 51-20
displaying 51-42
call home notifications
full-txt format for syslog 51-15
XML format for syslog 51-15
CDP
host presence detection 81-14, 83-4
to configure Cisco phones 17-3
CEF
configuring
RP 31-5
supervisor engine 31-4
examples 31-3
Layer 3 switching 31-2
packet rewrite 31-2
certificate authority (CA) 51-2
channel-group group
Cisco Discovery Protocol
Cisco Emergency Responder 17-4
Cisco Express Forwarding 35-3
CISCO-IP-TAP-MIB
citapStreamVRF 84-2
overview 84-8
restricting access to 84-10, 84-11
CISCO-TAP2-MIB
accessing 84-9
overview 84-8
restricting access to 84-10, 84-11
CIST regional root
CIST root
class command 61-9
class map configuration 61-8, 62-11
clear authentication sessions command 81-38
clear counters command 11-12
clear dot1x command 81-37
clear interface command 11-13
CLI
accessing 2-1
backing out one level 2-5
console configuration mode 2-5
getting list of commands 2-6
global configuration mode 2-5
history substitution 2-4
interface configuration mode 2-5
privileged EXEC mode 2-5
ROM monitor 2-7
software basics 2-4
collection function 84-6
command line processing 2-3
commands, getting list of 2-6
Communications Assistance for Law Enforcement Act
CALEA for Voice 84-5
lawful intercept 84-4
community ports 25-7
configuration example
EoMPLS VLAN mode 37-4
VPLS, 802.1Q access port for untagged traffic from CE 38-8
VPLS, associating the attachment circuit with the VSI at the PE 38-13
VPLS, L2 VLAN instance on the PE 38-10
VPLS, MPLS in the PE 38-11
VPLS, using QinQ to place all VLANs into a single VPLS 38-9
VPLS, VFI in the PE 38-12
configuration guidelines
EVCs 39-2
lawful intercept 84-10, 84-11, 84-12
SNMP 84-10
console configuration mode 2-5
content IAP 84-6
control plane policing
CoPP 75-1
applying QoS service policy to control plane 75-5
configuring
ACLs to match traffic 75-5
enabling MLS QoS 75-5
packet classification criteria 75-5
service-policy map 75-5
control plane configuration mode
entering 75-5
displaying
dynamic information 75-9
number of conforming bytes and packets 75-9
rate information 75-9
entering control plane configuration mode 75-5
monitoring statistics 75-9
overview 75-3
packet classification guidelines 75-2
traffic classification
defining 75-6
guidelines 75-7
overview 75-6
sample ACLs 75-7
sample classes 75-6
CoS
counters
clearing interface 11-12, 11-13
critical authentication 81-8
critical authentication, IEEE 802.1x 81-44
CSCsr62404 11-9
CSCtx75254 5-2
cTap2MediationDebug notification 84-12
cTap2MediationNewIndex object 84-8
cTap2MediationTable 84-8
cTap2MediationTimedOut notification 84-12
cTap2MIBActive notification 84-12
cTap2StreamDebug notification 84-12
cTap2StreamTable 84-8
customer contact information
entering for call home 51-19
D
dACL
See ACLs, downloadable 81-23
dCEF 31-4
debug commands
IP MMLS 42-31
DEC spanning-tree protocol 33-1
default configuration
dynamic ARP inspection 78-6
EVCs 39-9
Flex Links 20-4
IP MMLS 42-15
MSTP 29-26
MVR 44-5
UDLD 12-4
voice VLAN 17-4
VTP 23-9
default VLAN 19-10
denial of service protection 74-1
device IDs
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 76-7
overview 76-5
packet format, suboption
circuit ID 76-7
remote ID 76-7
remote ID suboption 76-7
DHCP option 82 allow on untrusted port 76-10
DHCP snooping
802.1X data insertion 81-15
binding database
See DHCP snooping binding database
configuration guidelines 76-8
configuring 76-9
default configuration 76-8
displaying binding tables 76-18
enabling 76-9, 76-10, 76-11, 76-12, 76-13, 76-14
enabling the database agent 76-14
message exchange process 76-6
option 82 data insertion 76-5
overview 76-3
Snooping database agent 76-7
DHCP snooping binding database
described 76-5
entries 76-5
DHCP snooping binding table
See DHCP snooping binding database
DHCP Snooping Database Agent
adding to the database (example) 76-18
enabling (example) 76-15
overview 76-7
reading from a TFTP file (example) 76-17
DHCP snooping increased bindings limit 76-14
DiffServ
configuring short pipe mode 65-30
configuring uniform mode 65-34
short pipe mode 65-27
uniform mode 65-28
DiffServ tunneling modes 65-4
Disabling PIM Snooping Designated Router Flooding 47-6
distributed Cisco Express Forwarding
distributed egress SPAN 54-10, 54-15
documentation, related 1-xlv
Domain Name System 84-2
DoS protection 74-1
monitoring packet drop statistics
using monitor session commands 74-8
using VACL capture 74-10
QoS ACLs 74-2
security ACLs 74-2
uRPF check 74-5
dot1x initialize interface command 81-37
dot1x max-reauth-req command 81-41
dot1x max-req command 81-40
dot1x pae authenticator command 81-31
dot1x re-authenticate interface command 81-36
dot1x timeout quiet-period command 81-38
DSCP-based queue mapping 63-14
duplex mode
autonegotiation status 11-6
configuring interface 11-4
dynamic ARP inspection
ARP cache poisoning 78-3
ARP requests, described 78-3
ARP spoofing attack 78-3
configuration guidelines 78-2
configuring
logging system messages 78-14
rate limit for incoming ARP packets 78-5, 78-10
default configuration 78-6
denial-of-service attacks, preventing 78-10
described 78-3
DHCP snooping binding database 78-4
displaying
ARP ACLs 78-15
configuration and operating state 78-15
trust state and rate limit 78-15
error-disabled state for exceeding rate limit 78-5
function of 78-4
interface trust states 78-4
log buffer
logging of dropped packets, described 78-6
logging system messages
configuring 78-14
man-in-the middle attack, described 78-4
network security issues and interface trust states 78-4
priority of ARP ACLs and DHCP snooping entries 78-6
rate limiting of ARP packets
configuring 78-10
described 78-5
error-disabled state 78-5
validation checks, performing 78-11
Dynamic Host Configuration Protocol snooping 76-1
E
EAC 68-2
EAPOL. See also port-based authentication. 81-6
eFSU, See Enhanced Fast Software Upgrade (eFSU)
egress SPAN 54-10
electronic traffic, monitoring 84-7
e-mail addresses
assigning for call home 51-19
e-mail notifications
Call Home 51-3
enable mode 2-5
enable sticky secure MAC address 83-8
enabling
IP MMLS
on router interfaces 42-16
lawful intercept 84-8
SNMP notifications 84-12
Endpoint Admission Control (EAC) 68-2
enhanced Fast Software Upgrade (eFSU)
aborting (issu abortversion command) 5-13
accepting the new software version 5-11
commiting the new software to standby RP (issu commitversion command) 5-12
displaying maximum outage time for module 5-10
error handling 5-5
forcing a switchover (issu runversion command) 5-10
issu loadversion command 5-8
loading new software onto standby RP 5-8
memory reservation on module 5-4
memory reservation on module, prohibiting 5-4
OIR not supported 5-2
operation 5-3
outage times 5-4
performing 5-5
steps 5-5
usage guidelines and limitations 5-2
verifying redundancy mode 5-7
environmental monitoring
LED indications 14-4
SNMP traps 14-4
supervisor engine and switching modules 14-4
Syslog messages 14-4
using CLI commands 14-1
EOBC
for MAC address table synchronization 19-3
EoMPLS 37-3
configuring 37-4
configuring VLAN mode 37-3
guidelines and restrictions 37-2
port mode 37-3
VLAN mode 37-3
ERSPAN 54-1
EtherChannel
channel-group group
configuration guidelines 4-27, 21-2
configuring
Layer 2 21-8
configuring (tasks) 4-26, 21-7
interface port-channel
command example 21-8
interface port-channel (command) 21-8
lacp system-priority
command example 21-10
Layer 2
configuring 21-8
load balancing
configuring 21-11
understanding 21-7
modes 21-4
PAgP
understanding 21-5
port-channel interfaces 21-7
port-channel load-balance
command example 21-12
STP 21-7
EtherChannel Guard
Ethernet
setting port duplex 11-10
Ethernet flow point
Ethernet over MPLS (EoMPLS) configuration
EoMPLS port mode 37-6
EoMPLS VLAN mode 37-4
Ethernet Virtual Connection
EVC
broadcast domain 39-4
configuration guidelines 39-2
default configuration 39-9
supported features 39-2
EXP mutation 65-4
extended range VLANs 24-2
extended system ID
MSTP 29-39
Extensible Authentication Protocol over LAN. See EAPOL.
F
fall-back bridging 33-1
fast link notification
on VSL failure 4-13
fiber-optic, detecting unidirectional links 12-1
FIB TCAM 35-3
figure
lawful intercept overview 84-5
Flex Links 20-1
configuration guidelines 20-2
configuring 20-4
default configuration 20-4
description 20-2
monitoring 20-5
flow control 11-9
forward-delay time
MSTP 29-45
forward-delay time, STP 29-35
frame distribution
See EtherChannel load balancing
G
get requests 84-7, 84-8, 84-11
global configuration mode 2-5
guest VLAN and 802.1x 81-19
H
hardware Layer 3 switching
guidelines 31-2
hello time
MSTP 29-44
hello time, STP 29-35
High Capacity Power Supply Support 13-4
history
CLI 2-4
host mode
host ports
kinds of 25-7
host presence CDP message 17-4, 81-14
host presence TLV message 83-4
http
//www-tac.cisco.com/Teams/ks/c3/xmlkwery.php?srId=612293409 21-3
I
IAP
content IAP 84-6
definition 84-6
content IAP 84-6
identification IAP 84-6
ICMP unreachable messages 67-2
ID IAP 84-6
IDs
serial IDs 51-12
IEEE 802.1Q Ethertype
specifying custom 19-15
IEEE 802.1Q Tagging on a Per-Port Basis 27-7
IEEE 802.1w
IEEE 802.1x
authentication failed VLAN 81-19
critical ports 81-20
DHCP snooping 81-15
guest VLAN 81-19
MAC authentication bypass 81-26
network admission control Layer 2 validation 81-27
port security interoperability 81-22
RADIUS-supplied session timeout 81-35
voice VLAN 81-22
wake-on-LAN support 81-28
IEEE 802.3ad
IEEE 802.3af 18-2
IEEE 802.3x Flow Control 11-9
IEEE bridging protocol 33-1
IGMP 43-1
configuration guidelines 49-9
enabling 43-9
join messages 43-3
leave processing
enabling 43-13
queries 43-4
query interval
configuring 43-12
snooping
fast leave 43-6
joining multicast group 43-3, 45-4
leaving multicast group 43-5, 45-4
snooping querier
enabling 43-9
IGMPv3 42-26
IGMP v3lite 42-26
ignore port trust 61-11
inaccessible authentication bypass 81-20
ingress SPAN 54-10
intercept access point
intercept-related information (IRI) 84-6, 84-7
intercepts, multiple 84-6
interface
configuration mode 2-5
Layer 2 modes 19-4
number 11-2
interface port-channel
command example 21-8
interface port-channel (command) 21-8
interfaces
configuring, duplex mode 11-3
configuring, speed 11-3
configururing, overview 11-2
counters, clearing 11-12, 11-13
displaying information about 11-12
maintaining 11-12
monitoring 11-12
range of 11-2
restarting 11-13
shutting down
task 11-13
interfaces command 11-2
interfaces range command 53-3
interfaces range macro command 11-2
internal VLANs 24-3
Internet Group Management Protocol 43-1, 45-1
IP accounting, IP MMLS and 42-2
IP CEF
topology (figure) 31-4
ip flow-export source command 56-3, 56-4, 56-5
ip http server 1-7
ip local policy route-map command 32-5
IP MMLS
cache, overview 42-4
configuration guideline 42-1
debug commands 42-31
default configuration 42-15
enabling
on router interfaces 42-16
Layer 3 MLS cache 42-4
overview 42-2
packet rewrite 42-5
router
enabling globally 42-16
enabling on interfaces 42-16
PIM, enabling 42-16
IP multicast
IGMP snooping and 43-8
MLDv2 snooping and 49-9
IP multicast MLS
ip multicast-routing command
enabling IP multicast 42-16
IP phone
configuring 17-5
ip pim command
enabling IP PIM 42-16
ip policy route-map command 32-5
IP Source Guard 77-1
configuring 77-3
configuring on private VLANs 77-5
overview 77-2
IP unnumbered 33-1
IPv4 Multicast over Point-to-Point GRE Tunnels 1-8
IPv4 Multicast VPN 41-1
IPv6 Multicast Layer 3 Switching 48-1
IPv6 QoS 60-4
ISL trunks 19-4
isolated port 25-7
J
join messages, IGMP 43-3
jumbo frames 11-6
K
keyboard shortcuts 2-3
L
label edge router 35-2
label switched path 37-1
label switch router 35-2, 35-4
LACP
system ID 21-6
Law Enforcement Agency (LEA) 84-4
lawful intercept
collection function 84-6
configuring 84-10, 84-11, 84-12
enabling 84-8
IRI 84-6
mediation device 84-5
prerequisites 84-1
processing 84-7
security considerations 84-9
SNMP notifications 84-12
lawful intercept processing 84-7
Layer 2
configuring interfaces 19-5
access port 19-14
trunk 19-8
defaults 19-5
interface modes 19-4
show interfaces 11-8, 11-9, 19-6, 19-13
switching
understanding 19-2
trunks
understanding 19-4
VLAN
interface assignment 24-6
Layer 2 Interfaces
configuring 19-1
Layer 2 protocol tunneling
configuring Layer 2 tunnels 28-3
overview 28-2
Layer 2 Traceroute 57-1
Layer 2 traceroute
and ARP 57-2
and CDP 57-1
described 57-2
IP addresses and subnets 57-2
MAC addresses and VLANs 57-2
multicast traffic 57-2
multiple devices on a port 57-2
unicast traffic 57-2
usage guidelines 57-1
Layer 3
IP MMLS and MLS cache 42-4
Layer 3 switched packet rewrite
CEF 31-2
Layer 3 switching
CEF 31-2
Layer 4 port operations (ACLs) 67-2
leave processing, IGMP
enabling 43-13
leave processing, MLDv2
enabling 49-12
Link Failure
detecting unidirectional 29-25
link negotiation 11-5
link redundancy
load deferral
MEC traffic recovery 4-6
Local Egress Replication 42-19
logical operation unit
loop guard
LOU
description 67-3
determining maximum number of 67-3
M
MAC address-based blocking 70-1
MAC address table notification 19-7
MAC authentication bypass. See also port-based authentication. 81-26
MAC move (port security) 83-3
macros 3-1
MACSec 68-2
magic packet 81-28
main-cpu command 9-4
mapping 802.1Q VLANs to ISL VLANs 24-7
markdown
match ip address command 32-4
match length command 32-4
maximum aging time
MSTP 29-45
maximum aging time, STP 29-36
maximum hop count, MSTP 29-46
MEC
configuration 4-44
described 4-14
failure 4-15
port load share deferral 4-16
mediation device
definition 84-5
description 84-5
MIBs
CISCO-IP-TAP-MIB 84-2, 84-8, 84-10
CISCO-TAP2-MIB 84-8, 84-9, 84-10
SNMP-COMMUNITY-MIB 84-9
microflow policing 61-4
Mini Protocol Analyzer 58-1
Min-Links 21-13
MLD
report 49-5
MLD snooping
query interval
configuring 49-10
MLDv1 49-2
MLDv2 49-1
enabling 49-11
leave processing
enabling 49-12
queries 49-6
snooping
fast leave 49-8
joining multicast group 49-5
leaving multicast group 49-7
understanding 49-3
snooping querier
enabling 49-10
understanding 49-3
MLDv2 Snooping 49-1
monitoring
Flex Links 20-5
MVR 44-8
private VLANs 25-16
monitoring electronic traffic 84-7
aggregate label 35-2
any transport over MPLS 37-3
basic configuration 35-9
core 35-4
DiffServ Tunneling Modes 65-26
egress 35-4
experimental field 65-3
hardware features 35-5
ingress 35-4
IP to MPLS path 35-4
labels 35-2
MPLS to IP path 35-4
MPLS to MPLS path 35-4
nonaggregate lable 35-2
QoS default configuration 65-13
restrictions 35-1
VPN 65-11
VPN guidelines and restrictions 36-2
MPLS QoS
Classification 65-2
Class of Service 65-2
commands 65-15
configuring a class map 65-17
configuring a policy map 65-20
configuring egress EXP mutation 65-24
configuring EXP Value Maps 65-25
Differentiated Services Code Point 65-2
displaying a policy map 65-24
E-LSP 65-2
EXP bits 65-2
features 65-2
IP Precedence 65-2
QoS Tags 65-2
queueing-only mode 65-17
MPLS QoS configuration
class map to classify MPLS packets 65-17
MPLS supported commands 35-2
MPLS VPN
limitations and restrictions 36-2
MQC 59-1
MST
interoperation with Rapid PVST+ 30-20
root bridge 30-20
MSTP
boundary ports
configuration guidelines 29-2
described 29-22
CIST, described 29-19
CIST root 29-21
configuration guidelines 29-2
configuring
forward-delay time 29-45
hello time 29-44
link type for rapid convergence 29-46
maximum aging time 29-45
maximum hop count 29-46
MST region 29-38
neighbor type 29-46
path cost 29-42
port priority 29-41
root switch 29-39
secondary root switch 29-40
switch priority 29-43
CST
defined 29-19
operations between regions 29-20
default configuration 29-26
displaying status 29-47
enabling the mode 29-38
extended system ID
effects on root switch 29-39
effects on secondary root switch 29-40
unexpected behavior 29-39
IEEE 802.1s
implementation 29-23
port role naming change 29-23
terminology 29-21
interoperability with IEEE 802.1D
described 29-24
restarting migration process 29-47
IST
defined 29-19
master 29-20
operations within a region 29-20
mapping VLANs to MST instance 29-38
MST region
CIST 29-19
configuring 29-38
described 29-19
hop-count mechanism 29-22
IST 29-19
supported spanning-tree instances 29-19
overview 29-18
root switch
configuring 29-39
effects of extended system ID 29-39
unexpected behavior 29-39
status, displaying 29-47
MTU size (default) 24-3
multiauthentication (multiauth). See also port-based authentication. 81-14
multicast
IGMP snooping and 43-8
MLDv2 snooping and 49-9
non-RPF 42-7
PIM snooping 47-4
multicast flood blocking 80-1
multicast groups
multicast groups, IPv6
joining 49-5
Multicast Listener Discovery version 2 49-1
Multicast Replication Mode Detection enhancement 42-18
multicast storms
multicast television application 44-3
multicast VLAN 44-2
Multicast VLAN Registration 44-1
multichassis EtherChannel
see MEC 4-14
Multidomain Authentication (MDA). See also port-based authentication. 81-14
Multilayer MAC ACL QoS Filtering 67-9
multiple path RPF check 74-5
Multiple Spanning Tree
MUX-UNI Support 35-7
MUX-UNI support 35-7
MVAP (Multi-VLAN Access Port). See also port-based authentication. 81-22
MVR
and IGMPv3 44-2
configuring interfaces 44-6
default configuration 44-5
example application 44-3
in the switch stack 44-5
monitoring 44-8
multicast television application 44-3
restrictions 44-1
setting global parameters 44-6
N
NAC
agentless audit support 81-27
critical authentication 81-20, 81-44
IEEE 802.1x authentication using a RADIUS server 81-47
IEEE 802.1x validation using RADIUS server 81-47
inaccessible authentication bypass 81-44
Layer 2 IEEE 802.1x validation 81-47
Layer 2 IEEE802.1x validation 81-27
native VLAN 19-11
NDAC 68-2
NetFlow
table, displaying entries 31-5
Network Device Admission Control (NDAC) 68-2
network ports
Bridge Assurance 30-5
description 30-2
non-RPF multicast 42-7
normal-range VLANs
notifications, See SNMP notifications
NSF with SSO does not support IPv6 multicast traffic. 7-1, 8-1
O
OIR 11-11
online diagnostics
CompactFlash disk verification A-44
configuring 15-2
datapath verification A-14
diagnostic sanity check 15-24
egress datapath test A-5
error counter test A-5
interrupt counter test A-5
memory tests 15-24
overview 15-2
running tests 15-6
test descriptions A-1
understanding 15-2
online diagnostic tests A-1
online insertion and removal
out-f-band MAC address table synchronization
configuring 19-6
in a VSS 4-2
out of profile
P
packet capture 58-2
packet rewrite
CEF 31-2
IP MMLS and 42-5
packets
multicast 71-6
PAgP
understanding 21-5
path cost
MSTP 29-42
PBACLs 67-5
PBF 72-4
PBR 1-8
PBR (policy-based routing)
configuration (example) 32-7
enabling 32-4
peer inconsistent state
in PVST simulation 30-20
per-port VTP enable and disable 23-16
PFC
recirculation 35-5
PIM, IP MMLS and 42-16
PIM snooping
designated router flooding 47-6
enabling globally 47-5
enabling in a VLAN 47-5
overview 47-4
platform aging command
platform ip multicast command
PoE 18-2
Cisco prestandard 18-2
IEEE 802.3af 18-2
PoE management 18-3
power policing 18-3
power use measurement 18-3
policy-based ACLs (PBACLs) 67-5
policy-based forwarding (PBF) 73-2
policy-based routing
policy-based routing (PBR)
configuring 32-1
attaching to an interface 61-17, 62-16, 74-4
policy-map command 61-9
port ACLs
defined 71-2
port ACLs (PACLs) 71-1
Port Aggregation Protocol
port-based authentication
AAA authorization 81-30
accounting 81-16
configuring 81-41
authentication server
RADIUS server 81-7
configuration guidelines 81-2, 82-1
configuring
guest VLAN 81-42
inaccessible authentication bypass 81-44
initializing authentication of a client 81-37
manual reauthentication of a client 81-36
RADIUS server parameters on the switch 81-32, 82-9
restricted VLAN 81-43
switch-to-authentication-server retransmission time 81-39
switch-to-client EAP-request frame retransmission time 81-39
switch-to-client frame-retransmission number 81-40
switch-to-client retransmission time 81-39
user distribution 81-42
VLAN group assignment 81-42
default configuration 81-28, 82-7
described 81-6
DHCP snooping 81-15
DHCP snooping and insertion 76-6
displaying statistics 81-51, 82-15
EAPOL-start frame 81-10
EAP-request/identity frame 81-10
EAP-response/identity frame 81-10
enabling
802.1X authentication 81-30, 81-32, 82-9
periodic reauthentication 81-35
encapsulation 81-7
guest VLAN
configuration guidelines 81-19, 81-20
described 81-19
host mode 81-13
inaccessible authentication bypass
configuring 81-44
described 81-20
guidelines 81-4
initiation and message exchange 81-10
MAC authentication bypass 81-26
magic packet 81-28
method lists 81-30
modes 81-13
multiauth mode, described 81-14
multidomain authentication mode, described 81-14
multiple-hosts mode, described 81-13
ports
authorization state and dot1x port-control command 81-12
authorized and unauthorized 81-12
critical 81-20
voice VLAN 81-22
port security
and voice VLAN 81-23
described 81-22
interactions 81-22
multiple-hosts mode 81-13
pre-authentication open access 81-15, 81-33
resetting to default values 81-51
supplicant, defined 81-7
switch
RADIUS client 81-7
user distribution
configuring 81-42
described 81-18
guidelines 81-4
VLAN assignment
AAA authorization 81-30
characteristics 81-17
configuration tasks 81-18
described 81-17
VLAN group
guidelines 81-4
voice VLAN
described 81-22
PVID 81-22
VVID 81-22
wake-on-LAN, described 81-28
port-based QoS features
port-channel
port-channel load-balance
port-channel load-defer command 4-44
port-channel port load-defer command 4-44
port cost, STP 29-32
port debounce timer
disabling 11-10
displaying 11-10
enabling 11-10
PortFast
edge ports 30-2
network ports 30-2
PortFast Edge BPDU filtering
See STP PortFast Edge BPDU filtering
PortFast port types
edge 30-2
network 30-2
port mode 37-3
port negotiation 11-5
port priority
MSTP 29-41
port priority, STP 29-31
ports
setting the debounce timer 11-10
port security
configuring 83-4
described 83-3
displaying 83-10
enable sticky secure MAC address 83-8
sticky MAC address 83-3
violations 83-3
Port Security is supported on trunks 83-2, 83-5, 83-7, 83-9
port security MAC move 83-3
port security on PVLAN ports 83-2
Port Security with Sticky Secure MAC Addresses 83-3
power management
enabling/disabling redundancy 13-2
overview 13-1
powering modules up or down 13-3
power policing 18-6
Power over Ethernet 18-2
power over ethernet 18-2
pre-authentication open access. See port-based authentication.
prerequisites for lawful intercept 84-1
primary links 20-2
primary VLANs 25-6
priority
private hosts 26-1
private hosts feature
configuration guidelines 26-1
configuring (detailed steps) 26-9
configuring (summary) 26-8
multicast operation 26-4
overview 26-4
port ACLs (PACLs) 26-7
protocol-independent MAC ACLs 26-4
restricting traffic flow with PACLs 26-5
spoofing protection 26-3
private VLANs 25-1
across multiple switches 25-9
and SVIs 25-10
benefits of 25-5
configuration guidelines 25-2, 25-4, 25-10
configuring 25-10
host ports 25-14
pomiscuous ports 25-15
routing secondary VLAN ingress traffic 25-13
secondary VLANs with primary VLANs 25-12
VLANs as private 25-11
end station access to 25-8
IP addressing 25-8
monitoring 25-16
ports
community 25-7
configuration guidelines 25-4
isolated 25-7
promiscuous 25-7
primary VLANs 25-6
secondary VLANs 25-6
subdomains 25-5
traffic in 25-10
privileged EXEC mode 2-5
promiscuous ports 25-7
protocol tunneling
See Layer 2 protocol tunneling 28-2
PVRST
See Rapid-PVST 29-3
PVST
description 29-3
PVST simulation
description 30-20
peer inconsistent state 30-20
root bridge 30-20
Q
QoS
auto-QoS
enabling for VoIP 64-4
IPv6 60-4
See also automatic QoS 64-1
QoS CoS
port value, configuring 63-2
QoS default configuration 66-2
QoS DSCP
maps, configuring 63-7
QoS mapping
CoS values to DSCP values 63-4, 63-7
DSCP markdown values 63-8, 65-14
DSCP values to CoS values 63-9
IP precedence values to DSCP values 63-7
QoS markdown 61-4
QoS out of profile 61-4
QoS policing rule
aggregate 61-4
microflow 61-4
QoS port
trust state 63-10
QoS port-based or VLAN-based 63-12
QoS receive queue 63-18
QoS statistics data export 66-2
configuring 66-2
configuring destination host 66-7
configuring time interval 66-6, 66-8
QoS transmit queues 62-6, 63-15, 63-16
QoS VLAN-based or port-based 63-12
queries, IGMP 43-4
queries, MLDv2 49-6
R
RADIUS 76-6
RADIUS. See also port-based authentication. 81-7
range
command 53-3
macro 11-2
rapid convergence 29-14
Rapid-PVST
enabling 29-36
Rapid PVST+
interoperation with MST 30-20
Rapid-PVST+
overview 29-3
Rapid Spanning Tree
Rapid Spanning Tree Protocol
receive queues
recirculation 35-5
redirect URLs
described 81-25
reduced MAC address 29-3
redundancy (RPR+) 9-1
configuring 9-4
configuring supervisor engine 9-2
displaying supervisor engine configuration 9-5
redundancy command 9-4
related documentation 1-xlv
Remote Authentication Dial-In User Service. See RADIUS.
report, MLD 49-5
reserved-range VLANs
restricted VLAN
configuring 81-43
described 81-19
using with IEEE 802.1x 81-19
restricting MIB access 84-10, 84-11
rewrite, packet
CEF 31-2
IP MMLS 42-5
RHI 4-51
RIF cache monitoring 11-12
ROM monitor
CLI 2-7
root bridge
MST 30-20
PVST simulation 30-20
root bridge, STP 29-29
root guard
root switch
MSTP 29-39
route health injection
route-map (IP) command 32-4
route maps
defining 32-4
router guard 46-1
RPF
failure 42-7
non-RPF multicast 42-7
RPR and RPR+ support IPv6 multicast traffic 9-1
RSTP
active topology 29-13
BPDU
format 29-16
processing 29-17
designated port, defined 29-13
designated switch, defined 29-13
interoperability with IEEE 802.1D
described 29-24
restarting migration process 29-47
topology changes 29-17
overview 29-13
port roles
described 29-13
synchronized 29-15
proposal-agreement handshake process 29-14
rapid convergence
described 29-14
edge ports and Port Fast 29-14
point-to-point links 29-14, 29-46
root ports 29-14
root port, defined 29-13
S
secondary VLANs 25-6
Secure MAC Address Aging Type 83-9
security
configuring 69-1
security, port 83-3
security considerations 84-9
Security Exchange Protocol (SXP) 68-2
Security Group Access Control List (SGACL) 68-2
Security Group Tag (SGT) 68-2
serial IDs
description 51-12
serial interfaces
clearing 11-13
synchronous
maintaining 11-13
server IDs
description 51-12
service instance
configuration mode 39-5
creating 39-4
defined 39-4
service-policy input command 61-17, 62-16, 63-4, 63-6, 65-25, 74-4
service-provider network, MSTP and RSTP 29-18
set default interface command 32-4
set interface command 32-4
set ip default next-hop command 32-4
set ip df command
PBR 32-4
set ip next-hop command 32-4
set ip precedence command
PBR 32-4
set ip vrf command
PBR 32-4
set power redundancy enable/disable command 13-2
set requests 84-7, 84-8, 84-11
setting up lawful intercept 84-7
SGACL 68-2
SGT 68-2
short pipe mode
configuring 65-30
show authentication command 81-52
show catalyst6000 chassis-mac-address command 29-4
show dot1x interface command 81-36
show eobc command 11-12
show history command 2-4
show ibc command 11-12
show interfaces command 11-8, 11-9, 11-12, 19-6, 19-13
clearing interface counters 11-12
displaying, speed and duplex mode 11-6
show ip local policy command 32-5
show mab command 81-55
show module command 9-5
show platform aging command 50-4
show platform entry command 31-5
show platform ip multicast group command
displaying IP MMLS group 42-27
show platform ip multicast interface command
displaying IP MMLS interface 42-27
show platform ip multicast source command
displaying IP MMLS source 42-27
show platform ip multicast statistics command
displaying IP MMLS statistics 42-27
show platform ip multicast summary
displaying IP MMLS configuration 42-27
show protocols command 11-12
show rif command 11-12
show running-config command 11-12
show svclc rhi-routes command 4-51
show version command 11-12
shutdown command 11-13
shutdown interfaces
result 11-13
slot number, description 11-2
smart call home 51-1
description 51-4
destination profile (note) 51-21
registration requirements 51-4
service contract requirements 51-2
Transport Gateway (TG) aggregation point 51-3
SMARTnet
smart call home registration 51-4
smart port macros 3-1
configuration guidelines 3-2
Smartports macros
applying global parameter values 3-14
applying macros 3-14
creating 3-13
default configuration 3-4
defined 3-4
displaying 3-15
tracing 3-2
SNMP
configuring 84-10
default view 84-9
get and set requests 84-7, 84-8, 84-11
support and documentation 1-7
SNMP-COMMUNITY-MIB 84-9
snooping
software
upgrading router 5-5
source IDs
call home event format 51-11
source specific multicast with IGMPv3, IGMP v3lite, and URD 42-26
SPAN
configuration guidelines 54-2
configuring 54-12
sources 54-16, 54-19, 54-21, 54-22, 54-24, 54-25, 54-26, 54-28
VLAN filtering 54-30
destination port support on EtherChannels 54-12, 54-19, 54-22, 54-24, 54-25, 54-29
distributed egress 54-10, 54-15
modules that disable for ERSPAN 54-7
input packets with don't learn option
local SPAN 54-17, 54-18, 54-19
understanding 54-12
local SPAN egress session increase 54-3, 54-16
overview 54-7
SPAN Destination Port Permit Lists 54-15
spanning-tree backbonefast
spanning-tree cost
command 29-33
command example 29-33
spanning-tree portfast
spanning-tree portfast bpdu-guard
command 30-8
spanning-tree port-priority
command 29-31
spanning-tree protocol for bridging 33-1
spanning-tree uplinkfast
command 30-13
command example 30-13
spanning-tree vlan
command 29-27, 29-29, 29-30, 29-31, 30-8, 30-17
command example 29-28, 29-29, 29-30, 29-31
spanning-tree vlan cost
command 29-33
spanning-tree vlan forward-time
command 29-35
command example 29-35
spanning-tree vlan hello-time
command 29-35
command example 29-35
spanning-tree vlan max-age
command 29-36
command example 29-36
spanning-tree vlan port-priority
command 29-31
command example 29-32
spanning-tree vlan priority
command 29-34
command example 29-34
speed
configuring interface 11-4
speed command 11-4
speed mode
autonegotiation status 11-6
standards, lawful intercept 84-4
standby links 20-2
static sharing
description 81-25
statistics
sticky ARP 74-7
sticky MAC address 83-3
Sticky secure MAC addresses 83-8, 83-9
storm control
STP
configuring 29-26
bridge priority 29-34
forward-delay time 29-35
hello time 29-35
maximum aging time 29-36
port cost 29-32
port priority 29-31
root bridge 29-29
secondary root switch 29-30
defaults 29-25
EtherChannel 21-7
normal ports 30-3
understanding 29-2
802.1Q Trunks 29-12
Blocking State 29-8
BPDUs 29-4
disabled state 29-12
forwarding state 29-11
learning state 29-10
listening state 29-9
overview 29-3
port states 29-6
protocol timers 29-5
root bridge election 29-5
topology 29-5
STP BackboneFast
configuring 30-15
figure
adding a switch 30-18
spanning-tree backbonefast
understanding 30-13
STP BPDU Guard
configuring 30-7
spanning-tree portfast bpdu-guard
command 30-8
understanding 30-7
STP bridge ID 29-3
STP EtherChannel guard 30-16
STP extensions
description??to 30-20
STP loop guard
configuring 30-19
overview 30-17
STP PortFast
BPDU filter
configuring 30-10
BPDU filtering 30-9
configuring 30-2
spanning-tree portfast
understanding 30-2
STP port types
normal 30-3
STP root guard 30-17
STP UplinkFast
configuring 30-12
spanning-tree uplinkfast
command 30-13
command example 30-13
understanding 30-11
subdomains, private VLAN 25-5
supervisor engine
environmental monitoring 14-1
redundancy 9-1
synchronizing configurations 9-5
supervisor engine redundancy
configuring 9-2
supervisor engines
displaying redundancy configuration 9-5
supplicant 81-7
surveillance 84-7
svclc command 4-50
Switched Port Analyzer 54-1
switch fabric functionality 10-1
configuring 10-3
monitoring 10-4
switchport
configuring 19-14
example 19-13
show interfaces 11-8, 11-9, 19-6, 19-13
switchport access vlan 19-6, 19-7, 19-10, 19-14
example 19-15
switchport mode access 19-4, 19-6, 19-7, 19-14
example 19-15
switchport mode dynamic 19-9
switchport mode dynamic auto 19-4
switchport mode dynamic desirable 19-4
default 19-5
example 19-13
switchport mode trunk 19-4, 19-9
switchport nonegotiate 19-4
switchport trunk allowed vlan 19-11
switchport trunk encapsulation 19-7, 19-9
switchport trunk encapsulation dot1q
example 19-13
switchport trunk encapsulation negotiate
default 19-5
switchport trunk native vlan 19-11
switchport trunk pruning vlan 19-12
switch priority
MSTP 29-43
switch TopN reports
foreground execution 56-2
running 56-3
viewing 56-3
SXP 68-2
system event archive (SEA) 52-1
System Hardware Capacity 1-3
T
TDR
checking cable connectivity 11-14
enabling and disabling test 11-14
guidelines 11-14
Telnet
accessing CLI 2-2
Time Domain Reflectometer 11-14
TLV
host presence detection 17-4, 81-14, 83-4
traceroute, Layer 2
and ARP 57-2
and CDP 57-1
described 57-2
IP addresses and subnets 57-2
MAC addresses and VLANs 57-2
multicast traffic 57-2
multiple devices on a port 57-2
unicast traffic 57-2
usage guidelines 57-1
traffic-storm control
command
broadcast 79-4
described 79-2
monitoring 79-5
thresholds 79-2
traffic suppression
transmit queues
trunks 19-4
802.1Q Restrictions 19-2
allowed VLANs 19-11
configuring 19-8
default interface configuration 19-6
default VLAN 19-10
different VTP domains 19-4
native VLAN 19-11
to non-DTP device 19-4
VLAN 1 minimization 19-12
trusted boundary 17-6
trusted boundary (extended trust for CDP devices) 17-4
trustpoint 51-2
tunneling, 802.1Q
See 802.1Q 27-4
type length value
U
UDE
configuration 34-5
overview 34-4
UDE and UDLR 34-1
UDLD
default configuration 12-4
enabling
globally 12-5
overview 12-2
UDLR 34-1
back channel 34-3
configuration 34-6
tunnel
(example) 34-7
ARP and NHRP 34-4
UDLR (unidirectional link routing) 34-1
UDP port for SNMP notifications 84-12
UMFB 80-2
unauthorized ports with 802.1X 81-12
unicast storms
Unidirectional Ethernet 34-1
unidirectional ethernet
example of setting 34-5
UniDirectional Link Detection Protocol
uniform mode
configuring 65-34
unknown multicast flood blocking
unknown unicast and multicast flood blocking 80-1
unknown unicast flood blocking
unknown unicast flood rate-limiting
UplinkFast
URD 42-26
User-Based Rate Limiting 61-6, 61-15
user EXEC mode 2-5
UUFB 80-2
UUFRL 80-2
V
VACLs 72-2
configuring
examples 72-5
Layer 3 VLAN interfaces 72-5
Layer 4 port operations 67-2
logging
configuration example 72-8
configuring 72-7
restrictions 72-7
MAC address based 72-2
multicast packets 71-6
SVIs 72-5
WAN interfaces 72-2
virtual private LAN services (VPLS) 38-1
associating attachment circuit with the VSI at the PE 38-13
basic configuration 38-2
configuration example 38-18
configuring MPLS in the PE 38-11
configuring PE layer 2 interface to the CE 38-7
configuring the VFI in the PE 38-12
overview 38-2
restrictions 38-2
services 38-5
vlan
command example 24-6
VLAN Access Control Lists
VLAN-based QoS filtering 67-10
VLAN-bridge spanning-tree protocol 33-1
vlan database
vlan group command 81-42
VLAN locking 24-4
vlan mapping dot1q
VLAN maps
applying 71-8
VLAN mode 37-3
VLAN port provisioning verification 24-4
VLANs
allowed on trunk 19-11
configuration guidelines 24-2
configuring 24-1
configuring (tasks) 24-4
defaults 24-3
extended range 24-3
interface assignment 24-6
multicast 44-2
name (default) 24-3
normal range 24-3
reserved range 24-3
support for 4,096 VLANs 24-2
token ring 24-3
trunks
understanding 19-4
understanding 24-2
VLAN 1 minimization 19-12
VTP domain 24-4
VLAN translation
voice VLAN
Cisco 7960 phone, port connections 17-2
configuration guidelines 17-1
configuring IP phone for data traffic
override CoS of incoming frame 17-6, 18-4
configuring ports for voice traffic in
802.1Q frames 17-5
connecting to an IP phone 17-5
default configuration 17-4
overview 17-2
voice VLAN. See also port-based authentication. 81-22
VPN
configuration example 36-4
guidelines and restrictions 36-2
VPN supported commands 36-2
VPN switching 36-1
VSS
dual-active detection
Enhanced PAgP, advantages 4-23
Enhanced PAgP, description 4-23
enhanced PAgP, description 4-45
fast-hello, advantages 4-23
fast-hello, description 4-23
VSLP fast-hello, configuration 4-46
VTP
client, configuring 23-15
configuration guidelines 23-1
default configuration 23-9
disabling 23-15
domains 23-3
VLANs 24-4
modes
client 23-4
server 23-4
transparent 23-4
monitoring 23-17
overview 23-2
per-port enable and disable 23-16
pruning
configuration 19-12
configuring 23-12
overview 23-7
server, configuring 23-15
statistics 23-17
transparent mode, configuring 23-15
version 2
enabling 23-13
overview 23-5
version 3
enabling 23-13
overview 23-6
server type, configuring 23-11
W
wake-on-LAN. See also port-based authentication. 81-28
web-based authentication
AAA fail policy 82-5
description 82-2
web browser interface 1-7
wiretaps 84-4