- Index
- Preface
- Product Overview
- Command-Line Interfaces
- Smart Port Macros
- Virtual Switching Systems (VSS)
- Enhanced Fast Software Upgrade (eFSU)
- Fast Software Upgrades
- Stateful Switchover (SSO)
- Non-Stop Forwarding (NSF)
- RPR Supervisor Engine Redundancy
- Layer 2 LAN Port Configuration
- Flex Links
- EtherChannels
- IEEE 802.1ak MVRP and MRP
- VLAN Trunking Protocol (VTP)
- VLANs
- Private VLANs (PVLANs)
- Private Hosts
- IEEE 802.1Q Tunneling
- Layer 2 Protocol Tunneling
- Spanning Tree Protocols (STP, MST)
- Optional STP Features
- IP Unicast Layer 3 Switching
- Policy Based Routing (PBR)
- Layer 3 Interface Configuration
- Unidirectional Ethernet (UDE) and unidirectional link routing (UDLR)
- Multiprotocol Label Switching (MPLS)
- MPLS VPN Support
- Ethernet over MPLS (EoMPLS)
- IPv4 Multicast Layer 3 Features
- IPv4 Multicast IGMP Snooping
- IPv4 PIM Snooping
- IPv4 Multicast VLAN Registration (MVR)
- IPv4 IGMP Filtering
- IPv4 Router Guard
- IPv4 Multicast VPN Support
- IPv6 Multicast Layer 3 Features
- IPv6 MLD Snooping
- Netflow
- NetFlow Data Export (NDE)
- Call Home
- System Event Archive (SEA)
- Backplane Platform Monitoring
- Local SPAN, RSPAN, and ERSPAN
- SNMP IfIndex Persistence
- Top-N Reports
- Layer 2 Traceroute Utility
- Mini Protocol Analyzer
- PFC QoS
- AutoQoS
- MPLS QoS
- PFC QoS Statistics Data Export
- Cisco IOS ACL Support
- Cisco TrustSec (CTS)
- AutoSecure
- MAC Address-Based Traffic Blocking
- Port ACLs (PACLs)
- VLAN ACLs (VACLs)
- Policy-Based Forwarding (PBF)
- Denial of Service (DoS) Protection
- Control Plane Policing (CoPP)
- Dynamic Host Configuration Protocol (DHCP) Snooping
- IP Source Guard
- Dynamic ARP Inspection (DAI)
- Traffic Storm Control
- Unknown Unicast and Multicast Flood Control
- IEEE 802.1X Port-Based Authentication
- Configuring Web-Based Authentication
- Port Security
- Lawful Intercept
- Online Diagnostic Tests
Index
Numerics
4K VLANs (support for 4,096 VLANs) 25-2
802.1AE Tagging 63-2
802.1Q
Layer 2 protocol tunneling
See Layer 2 protocol tunneling
mapping to ISL VLANs 25-7
trunks 20-4
restrictions 20-2
tunneling
configuration guidelines 28-1
configuring tunnel ports 28-6
overview 28-4
802.1Q Ethertype
specifying custom 20-15
802.1X 76-1
802.1x accounting 76-43
802.3ad
802.3af 19-2
802.3at 19-2
802.3x Flow Control 10-9
A
AAA 70-3
AAA (authentication, authorization, and accounting). See also port-based authentication. 76-6, 77-2
aaa accounting dot1x command 76-44
aaa accounting system command 76-44
abbreviating commands 2-5
access, restricting MIB 79-10
access control entries and lists 62-1
access-enable host timeout (not supported) 62-4
access port, configuring 20-14
access rights 79-9
access setup, example 79-11
accounting
with 802.1x 76-43
with IEEE 802.1x 76-16
ACEs and ACLs 62-1
ACLs
downloadable 77-2
downloadable (dACLs) 76-24
Filter-ID 76-25
per-user 76-24
port
defined 66-2
redirect URL 76-25
static sharing 76-25
acronyms, list of A-1
activating lawful intercept 79-8
admin function (mediation device) 79-7, 79-8
administration, definition 79-6
advertisements, VTP 24-4
aggregate policing
aging time
accelerated
for MSTP 30-45
maximum
aging-time
IP MLS 48-12
alarms
major 14-4
minor 14-4
Allow DHCP Option 82 on Untrusted Port
configuring 71-10
understanding 71-5
any transport over MPLS (AToM) 38-3
Ethernet over MPLS 38-3
ARP spoofing 73-3
AToM 38-3
audience 1-xliii
Authentication, Authorization, and Accounting (AAA) 70-3
authentication control-direction command 76-53
authentication event command 76-45
authentication failed VLAN
authentication open comand 76-15
authentication password, VTP 24-5
authentication periodic command 76-38, 76-50
authentication port-control command 76-45
authentication timer reauthenticate command 76-38
authorized ports with 802.1X 76-12
auto enablement 76-30
automatic QoS
configuration guidelines and restrictions 59-2
macros 59-4
overview 59-2
AutoQoS 59-1
auto-sync command 9-4
B
BackboneFast
backup interfaces
binding database, DHCP snooping
See DHCP snooping binding database
binding table, DHCP snooping
See DHCP snooping binding database
blocking state, STP 30-8
BPDU
RSTP format 30-16
BPDU guard
BPDUs
Bridge Assurance 31-5
Shared Spanning Tree Protocol (SSTP) 31-20
Bridge Assurance
inconsistent state 31-5
supported protocols and link types 31-5
bridge groups 34-1
bridge ID
bridge priority, STP 30-34
bridge protocol data units
bridging 34-1
broadcast storms
C
CALEA, See Communications Assistance for Law Enforcement Act (CALEA)
Call Home
description 50-3
message format options 50-4
messages
format options 50-4
call home 50-1
alert groups 50-31
contact information 50-21
destination profiles 50-22
displaying information 50-45
pattern matching 50-36
periodic notification 50-33
rate limit messages 50-38
severity threshold 50-33
smart call home feature 50-5
SMTP server 50-2
testing communications 50-38
call home alert groups
configuring 50-31
description 50-31
subscribing 50-31
call home customer information
entering information 50-21
call home destination profiles
attributes 50-23
description 50-23
displaying 50-48
call home notifications
full-txt format for syslog 50-17
XML format for syslog 50-17
CDP
host presence detection 76-14, 78-4
to configure Cisco phones 18-3
CEF
configuring
RP 32-5
supervisor engine 32-4
examples 32-3
Layer 3 switching 32-2
packet rewrite 32-2
certificate authority (CA) 50-2
CGMP
disabling automatic detection 40-13
channel-group group
command 22-9, 22-13, 22-14, 22-15, 22-16
Cisco Discovery Protocol
Cisco Emergency Responder 18-4
Cisco EnergyWise 12-1
Cisco Express Forwarding 36-3
CISCO-IP-TAP-MIB
citapStreamVRF 79-2
overview 79-8
restricting access to 79-10, 79-11
CISCO-TAP2-MIB
accessing 79-9
overview 79-8
restricting access to 79-10, 79-11
CISP 76-30
CIST regional root
CIST root
class command 58-73
class-map command 58-65
class map configuration 58-70
clear authentication sessions command 76-40
clear counters command 10-12
clear dot1x command 76-40
clear interface command 10-13
clear mls ip multicast statistics command
clears IP MMLS statistics 39-27
CLI
accessing 2-1
backing out one level 2-5
console configuration mode 2-5
getting list of commands 2-6
global configuration mode 2-5
history substitution 2-4
interface configuration mode 2-5
privileged EXEC mode 2-5
ROM monitor 2-7
software basics 2-4
Client Information Signalling Protocol
collection function 79-6
command line processing 2-3
commands, getting list of 2-6
Communications Assistance for Law Enforcement Act
CALEA for Voice 79-5
lawful intercept 79-4
community ports 26-7
configuration example
EoMPLS VLAN mode 38-4
configuring 58-72
lawful intercept 79-10, 79-11, 79-12
SNMP 79-10
console configuration mode 2-5
content IAP 79-6
control plane policing
CoPP
applying QoS service policy to control plane 70-3
configuring
ACLs to match traffic 70-3
enabling MLS QoS 70-3
packet classification criteria 70-3
service-policy map 70-3
control plane configuration mode
entering 70-3
displaying
dynamic information 70-4
number of conforming bytes and packets 70-4
rate information 70-4
entering control plane configuration mode 70-3
monitoring statistics 70-4
overview 70-3
packet classification guidelines 70-4
traffic classification
defining 70-6
guidelines 70-7
overview 70-6
sample ACLs 70-7
sample classes 70-6
CoS
counters
clearing interface 10-12, 10-13
critical authentication 76-8
critical authentication, IEEE 802.1x 76-47
CSCsr62404 10-9
CSCtc21076 62-14
CSCtd34068 58-2
CSCte40004 58-2
CSCtx75254 5-2
cTap2MediationDebug notification 79-12
cTap2MediationNewIndex object 79-8
cTap2MediationTable 79-8
cTap2MediationTimedOut notification 79-12
cTap2MIBActive notification 79-12
cTap2StreamDebug notification 79-12
cTap2StreamTable 79-8
customer contact information
entering for call home 50-21
D
dACL
See ACLs, downloadable 76-24
dCEF 32-4
debug commands
IP MMLS 39-27
DEC spanning-tree protocol 34-1
default configuration
dynamic ARP inspection 73-6
Flex Links 21-4
IP MMLS 39-9
MSTP 30-26
MVR 42-5
UDLD 11-4
voice VLAN 18-4
VTP 24-9
default VLAN 20-10
deficit weighted round robin 58-107
denial of service protection 69-1
destination-ip flow mask 48-8
destination-source-ip flow mask 48-8
device IDs
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 71-7
overview 71-5
packet format, suboption
circuit ID 71-7
remote ID 71-7
remote ID suboption 71-7
DHCP option 82 allow on untrusted port 71-10
DHCP snooping
802.1X data insertion 76-15
binding database
See DHCP snooping binding database
configuration guidelines 71-8
configuring 71-9
default configuration 71-8
displaying binding tables 71-18
enabling 71-9, 71-10, 71-11, 71-12, 71-13, 71-14
enabling the database agent 71-14
message exchange process 71-6
option 82 data insertion 71-5
overview 71-3
Snooping database agent 71-7
DHCP snooping binding database
described 71-5
entries 71-5
DHCP snooping binding table
See DHCP snooping binding database
DHCP Snooping Database Agent
adding to the database (example) 71-18
enabling (example) 71-15
overview 71-7
reading from a TFTP file (example) 71-17
DHCP snooping increased bindings limit 71-14
differentiated services codepoint
DiffServ
configuring short pipe mode 60-32
configuring uniform mode 60-36
short pipe mode 60-29
uniform mode 60-31
DiffServ tunneling modes 60-4
Disabling PIM Snooping Designated Router Flooding 41-6
distributed Cisco Express Forwarding
distributed egress SPAN 53-10, 53-15
documentation, related 1-xliii
Domain Name System 79-2
DoS protection 69-1
default configurations 69-17
egress ACL bridget packet rate limiters 69-13
FIB glean rate limiters 69-14
FIB receive rate limiters 69-14
ICMP redirect rate limiters 69-15
IGMP unreachable rate limiters 69-14
ingress ACL bridget packet rate limiters 69-13
IP errors rate limiters 69-16
IPv4 multicast rate limiters 69-16
IPv6 multicast rate limiters 69-16
Layer 2 PDU rate limiters 69-15
Layer 2 protocol tunneling rate limiters 69-16
Layer 3 security features rate limiters 69-14
monitoring packet drop statistics
using monitor session commands 69-22
using VACL capture 69-24
MTU failure rate limiters 69-15
multicast IGMP snooping rate limiters 69-15
QoS ACLs 69-2
security ACLs 69-2
TTL failure rate limiter 69-13
uRPF check 69-6
uRPF failure rate limiters 69-13
VACL log rate limiters 69-15
dot1x initialize interface command 76-39
dot1x max-reauth-req command 76-43
dot1x max-req command 76-42
dot1x pae authenticator command 76-34
dot1x re-authenticate interface command 76-39
dot1x timeout quiet-period command 76-41
DSCP
DSCP-based queue mapping 58-98
duplex mode
autonegotiation status 10-6
configuring interface 10-4
DWRR 58-107
dynamic ARP inspection
ARP cache poisoning 73-3
ARP requests, described 73-3
ARP spoofing attack 73-3
configuration guidelines 73-2
configuring
logging system messages 73-14
rate limit for incoming ARP packets 73-5, 73-10
default configuration 73-6
denial-of-service attacks, preventing 73-10
described 73-3
DHCP snooping binding database 73-4
displaying
ARP ACLs 73-15
configuration and operating state 73-15
trust state and rate limit 73-15
error-disabled state for exceeding rate limit 73-5
function of 73-4
interface trust states 73-4
log buffer
logging of dropped packets, described 73-6
logging system messages
configuring 73-14
man-in-the middle attack, described 73-4
network security issues and interface trust states 73-4
priority of ARP ACLs and DHCP snooping entries 73-6
rate limiting of ARP packets
configuring 73-10
described 73-5
error-disabled state 73-5
validation checks, performing 73-11
Dynamic Host Configuration Protocol snooping 71-1
E
EAC 63-2
EAPOL. See also port-based authentication. 76-6
eFSU, See Enhanced Fast Software Upgrade (eFSU)
Egress ACL support for remarked DSCP 58-19
egress ACL support for remarked DSCP 58-61
egress replication performance improvement 39-14
egress SPAN 53-10
electronic traffic, monitoring 79-7
e-mail addresses
assigning for call home 50-21
e-mail notifications
Call Home 50-3
enable mode 2-5
enable sticky secure MAC address 78-8
enabling
IP MMLS
on router interfaces 39-12
lawful intercept 79-8
SNMP notifications 79-12
Endpoint Admission Control (EAC) 63-2
EnergyWise 12-1
enhanced Fast Software Upgrade (eFSU)
aborting (issu abortversion command) 5-13
accepting the new software version 5-11
commiting the new software to standby RP (issu commitversion command) 5-12
displaying maximum outage time for module 5-10
error handling 5-5
forcing a switchover (issu runversion command) 5-10
issu loadversion command 5-8
loading new software onto standby RP 5-8
memory reservation on module 5-4
memory reservation on module, prohibiting 5-4
OIR not supported 5-2
operation 5-3
outage times 5-4
performing 5-5
steps 5-5
usage guidelines and limitations 5-2
verifying redundancy mode 5-7
environmental monitoring
LED indications 14-4
SNMP traps 14-4
supervisor engine and switching modules 14-4
Syslog messages 14-4
using CLI commands 14-1
EOBC
for MAC address table synchronization 20-3
EoMPLS 38-3
configuring 38-4
configuring VLAN mode 38-3
guidelines and restrictions 38-2
port mode 38-3
VLAN mode 38-3
ERSPAN 53-1
EtherChannel
channel-group group
command 22-9, 22-13, 22-14, 22-15, 22-16
configuration guidelines 4-28, 22-2
configuring
Layer 2 22-9
configuring (tasks) 4-28, 22-7
interface port-channel
command example 22-8
interface port-channel (command) 22-8
lacp system-priority
command example 22-11
Layer 2
load balancing
configuring 22-11
understanding 22-7
modes 22-4
PAgP
understanding 22-5
port-channel interfaces 22-7
port-channel load-balance
command 22-11
command example 22-12
STP 22-7
EtherChannel Guard
Ethernet
setting port duplex 10-10
Ethernet over MPLS (EoMPLS) configuration
EoMPLS port mode 38-6
EoMPLS VLAN mode 38-4
EXP mutation 60-4
extended range VLANs 25-2
extended system ID
MSTP 30-39
Extensible Authentication Protocol over LAN. See EAPOL.
F
fall-back bridging 34-1
fast link notification
on VSL failure 4-15
fiber-optic, detecting unidirectional links 11-1
FIB TCAM 36-3
figure
lawful intercept overview 79-5
filters, NDE
destination host filter, specifying 49-18
destination TCP/UDP port, specifying 49-17
protocol 49-18
source host and destination TCP/UDP port 49-17
Flex Links 21-1
configuration guidelines 21-2
configuring 21-4
default configuration 21-4
description 21-2
monitoring 21-6
flex links
interface preemption 21-3
flow control 10-9
flow masks
IP MLS
destination-ip 48-8
destination-source-ip 48-8
ip-full 48-8
minimum 48-11
overview 49-3
flows
IP MMLS
completely and partially switched 39-4
forward-delay time
MSTP 30-45
forward-delay time, STP 30-35
frame distribution
See EtherChannel load balancing
G
get requests 79-7, 79-8, 79-11
global configuration mode 2-5
guest VLAN and 802.1x 76-19
H
hardware Layer 3 switching
guidelines 32-2
hello time
MSTP 30-44
hello time, STP 30-35
High Capacity Power Supply Support 13-4
history
CLI 2-4
host mode
host ports
kinds of 26-7
host presence CDP message 18-4, 76-14
host presence TLV message 78-4
http
//www-tac.cisco.com/Teams/ks/c3/xmlkwery.php?srId=612293409 22-2
I
IAP
content IAP 79-6
definition 79-6
content IAP 79-6
identification IAP 79-6
ICMP unreachable messages 62-2
ID IAP 79-6
IDs
serial IDs 50-14
IEEE 802.1Q Ethertype
specifying custom 20-15
IEEE 802.1Q Tagging on a Per-Port Basis 28-7
IEEE 802.1w
IEEE 802.1x
authentication failed VLAN 76-20
critical ports 76-21
DHCP snooping 76-15
guest VLAN 76-19
MAC authentication bypass 76-26
network admission control Layer 2 validation 76-27
port security interoperability 76-23
RADIUS-supplied session timeout 76-38
voice VLAN 76-22
wake-on-LAN support 76-28
IEEE 802.3ad
IEEE 802.3af 19-2
IEEE 802.3at 19-2
IEEE 802.3x Flow Control 10-9
IEEE bridging protocol 34-1
IGMP 40-1
configuration guidelines 47-9
enabling 40-9
join messages 40-3
leave processing
enabling 40-12
queries 40-4
query interval
configuring 40-11
snooping
fast leave 40-6
joining multicast group 40-3, 43-4
leaving multicast group 40-5, 43-4
snooping querier
enabling 40-9
IGMPv3 39-10
IGMP v3lite 39-10
ignore port trust 58-15, 58-22, 58-58, 58-74
inaccessible authentication bypass 76-21
ingress SPAN 53-10
intercept access point
intercept-related information (IRI) 79-6, 79-7
intercepts, multiple 79-6
interface
configuration mode 2-5
Layer 2 modes 20-4
number 10-2
interface port-channel
command example 22-8
interface port-channel (command) 22-8
interfaces
configuring, duplex mode 10-3
configuring, speed 10-3
configururing, overview 10-2
counters, clearing 10-12, 10-13
displaying information about 10-12
maintaining 10-12
monitoring 10-12
range of 10-2
restarting 10-13
shutting down
task 10-13
interfaces command 10-2
interfaces range command 52-3
interfaces range macro command 10-2
internal VLANs 25-3
Internet Group Management Protocol 40-1, 43-1
IP accounting, IP MMLS and 39-2
IP CEF
topology (figure) 32-4
ip flow-export destination command 49-14
ip flow-export source command 48-14, 49-14, 49-15, 55-3, 55-4, 55-5
ip-full flow mask 48-8
ip http server 1-7
ip local policy route-map command 33-5
IP MLS
aging-time 48-12
flow masks
destination-ip 48-8
destination-source-ip 48-8
ip-full 48-8
minimum 48-11
overview 49-3
IP MMLS
cache, overview 39-3
configuration guideline 39-1
debug commands 39-27
default configuration 39-9
enabling
on router interfaces 39-12
flows
completely and partially switched 39-4
Layer 3 MLS cache 39-3
overview 39-3
packet rewrite 39-4
router
enabling globally 39-10
enabling on interfaces 39-12
multicast routing table, displaying 39-21
PIM, enabling 39-11
switch
statistics, clearing 39-27
unsupported features 39-2
IP multicast
IGMP snooping and 40-8
MLDv2 snooping and 47-9
IP multicast MLS
ip multicast-routing command
enabling IP multicast 39-11
IP phone
configuring 18-5
ip pim command
enabling IP PIM 39-11
ip policy route-map command 33-5
IP Source Guard 72-1
configuring 72-3
configuring on private VLANs 72-5
overview 72-2
IP unnumbered 34-1
IPv4 Multicast over Point-to-Point GRE Tunnels 1-8
IPv4 Multicast VPN 45-1
IPv6 Multicast PFC3 and DFC3 Layer 3 Switching 46-1
IPv6 QoS 58-4
ISL trunks 20-4
isolated port 26-7
J
join messages, IGMP 40-3
jumbo frames 10-6
K
keyboard shortcuts 2-3
L
label edge router 36-2
label switched path 38-1
label switch router 36-2, 36-4
LACP
system ID 22-6
Law Enforcement Agency (LEA) 79-4
lawful intercept
collection function 79-6
configuring 79-10, 79-11, 79-12
enabling 79-8
IRI 79-6
mediation device 79-5
prerequisites 79-1
processing 79-7
security considerations 79-9
SNMP notifications 79-12
lawful intercept processing 79-7
Layer 2
configuring interfaces 20-5
access port 20-14
trunk 20-8
defaults 20-5
interface modes 20-4
show interfaces 10-8, 10-9, 20-6, 20-13
switching
understanding 20-2
trunks
understanding 20-4
VLAN
interface assignment 25-6
Layer 2 Interfaces
configuring 20-1
Layer 2 protocol tunneling
configuring Layer 2 tunnels 29-3
overview 29-2
Layer 2 remarking 58-21
Layer 2 Traceroute 56-1
Layer 2 traceroute
and ARP 56-2
and CDP 56-1
described 56-2
IP addresses and subnets 56-2
MAC addresses and VLANs 56-2
multicast traffic 56-2
multiple devices on a port 56-2
unicast traffic 56-2
usage guidelines 56-1
Layer 3
IP MMLS and MLS cache 39-3
Layer 3 switched packet rewrite
CEF 32-2
Layer 3 switching
CEF 32-2
Layer 4 port operations (ACLs) 62-2
leave processing, IGMP
enabling 40-12
leave processing, MLDv2
enabling 47-12
Link Failure
detecting unidirectional 30-25
link negotiation 10-5
link redundancy
LLDP-MED
configuring
TLVs 19-8
load deferral
MEC traffic recovery 4-6
Local Egress Replication 39-14
logical operation unit
loop guard
LOU
description 62-3
determining maximum number of 62-3
M
MAC address-based blocking 65-1
MAC address table notification 20-7
MAC authentication bypass. See also port-based authentication. 76-26
MAC move (port security) 78-3
macros 3-1
MACSec 63-2
magic packet 76-28
main-cpu command 9-4
mapping 802.1Q VLANs to ISL VLANs 25-7
markdown
match ip address command 33-4
match length command 33-4
maximum aging time
MSTP 30-45
maximum aging time, STP 30-36
maximum hop count, MSTP 30-46
MEC
configuration 4-45
described 4-15
failure 4-16
port load share deferral 4-17
mediation device
definition 79-5
description 79-5
MIBs
CISCO-IP-TAP-MIB 79-2, 79-8, 79-10
CISCO-TAP2-MIB 79-8, 79-9, 79-10
SNMP-COMMUNITY-MIB 79-9
microflow policing rule
Mini Protocol Analyzer 57-1
Min-Links 22-13
MLD
report 47-5
MLD snooping
query interval
configuring 47-10
MLDv1 47-2
MLDv2 47-1
enabling 47-11
leave processing
enabling 47-12
queries 47-6
snooping
fast leave 47-8
joining multicast group 47-5
leaving multicast group 47-7
understanding 47-3
snooping querier
enabling 47-10
understanding 47-3
MLDv2 Snooping 47-1
MLS
configuring threshold 39-15
RP
threshold 39-15
mls aging command
configuring IP MLS 48-12
mls flow command
configuring IP MLS 48-11, 48-15, 49-13
mls ip multicast command
mls nde flow command
configuring a host and port filter 49-17
configuring a host flow filter 49-18
configuring a port filter 49-17
configuring a protocol flow filter 49-18
mls nde sender command 49-12
monitoring
Flex Links 21-6
MVR 42-8
private VLANs 26-16
monitoring electronic traffic 79-7
aggregate label 36-2
any transport over MPLS 38-3
basic configuration 36-9
core 36-4
DiffServ Tunneling Modes 60-29
egress 36-4
experimental field 60-3
hardware features 36-5
ingress 36-4
IP to MPLS path 36-4
labels 36-2
MPLS to IP path 36-4
MPLS to MPLS path 36-4
nonaggregate lable 36-2
QoS default configuration 60-13
restrictions 36-1
VPN 60-11
VPN guidelines and restrictions 37-2
MPLS QoS
Classification 60-2
Class of Service 60-2
commands 60-15
configuring a class map 60-18
configuring a policy map 60-21
configuring egress EXP mutation 60-27
configuring EXP Value Maps 60-28
Differentiated Services Code Point 60-2
displaying a policy map 60-26
E-LSP 60-2
enabling QoS globally 60-17
EXP bits 60-2
features 60-2
IP Precedence 60-2
QoS Tags 60-2
queueing-only mode 60-17
MPLS QoS configuration
class map to classify MPLS packets 60-18
MPLS supported commands 36-2
MPLS VPN
limitations and restrictions 37-2
MQC
supported
policy maps 58-9
MST
interoperation with Rapid PVST+ 31-20
root bridge 31-20
MSTP
boundary ports
configuration guidelines 30-2
described 30-22
CIST, described 30-19
CIST root 30-21
configuration guidelines 30-2
configuring
forward-delay time 30-45
hello time 30-44
link type for rapid convergence 30-46
maximum aging time 30-45
maximum hop count 30-46
MST region 30-38
neighbor type 30-46
path cost 30-42
port priority 30-41
root switch 30-39
secondary root switch 30-40
switch priority 30-43
CST
defined 30-19
operations between regions 30-20
default configuration 30-26
displaying status 30-47
enabling the mode 30-38
extended system ID
effects on root switch 30-39
effects on secondary root switch 30-40
unexpected behavior 30-39
IEEE 802.1s
implementation 30-23
port role naming change 30-23
terminology 30-21
interoperability with IEEE 802.1D
described 30-24
restarting migration process 30-47
IST
defined 30-19
master 30-20
operations within a region 30-20
mapping VLANs to MST instance 30-38
MST region
CIST 30-19
configuring 30-38
described 30-19
hop-count mechanism 30-22
IST 30-19
supported spanning-tree instances 30-19
overview 30-18
root switch
configuring 30-39
effects of extended system ID 30-39
unexpected behavior 30-39
status, displaying 30-47
MTU size (default) 25-3
multiauthentication (multiauth). See also port-based authentication. 76-15
multicast
IGMP snooping and 40-8
MLDv2 snooping and 47-9
NetFlow statistics 49-1
non-RPF 39-6
PIM snooping 41-4
multicast, displaying routing table 39-21
Multicast enhancement - egress replication performance improvement 39-14
Multicast Enhancement - Replication Mode Detection 39-12
multicast flood blocking 75-1
multicast groups
multicast groups, IPv6
joining 47-5
Multicast Listener Discovery version 2 47-1
Multicast Replication Mode Detection enhancement 39-12
multicast RPF 39-3
multicast storms
multicast television application 42-3
multicast VLAN 42-2
Multicast VLAN Registration 42-1
multichassis EtherChannel
see MEC 4-15
Multidomain Authentication (MDA). See also port-based authentication. 76-14
Multilayer MAC ACL QoS Filtering 58-66, 62-9
multilayer switch feature card
multiple path RPF check 69-8
Multiple Spanning Tree
MUX-UNI Support 36-7
MUX-UNI support 36-7
MVAP (Multi-VLAN Access Port). See also port-based authentication. 76-22
MVR
and IGMPv3 42-2
configuring interfaces 42-6
default configuration 42-5
example application 42-3
in the switch stack 42-5
monitoring 42-8
multicast television application 42-3
restrictions 42-1
setting global parameters 42-6
N
NAC
agentless audit support 76-27
critical authentication 76-21, 76-47
IEEE 802.1x authentication using a RADIUS server 76-50
IEEE 802.1x validation using RADIUS server 76-50
inaccessible authentication bypass 76-47
Layer 2 IEEE 802.1x validation 76-50
Layer 2 IEEE802.1x validation 76-27
native VLAN 20-11
NDAC 63-2
NDE
configuration, displaying 49-18
displaying configuration 49-18
enabling 49-11
filters
destination host, specifying 49-18
destination TCP/UDP port, specifying 49-17
protocol, specifying 49-18
source host and destination TCP/UDP port, specifying 49-17
multicast 49-1
specifying
destination host filters 49-18
destination TCP/UDP port filters 49-17
protocol filters 49-18
NDE version 8 49-3
NEAT
configuring 76-54
overview 76-30
NetFlow
table, displaying entries 32-5
Netflow Multiple Export Destinations 49-15
NetFlow search engine 39-7
NetFlow version 9 49-3
Network Device Admission Control (NDAC) 63-2
Network Edge Access Topology
network ports
Bridge Assurance 31-5
description 31-2
non-RPF multicast 39-6
normal-range VLANs
notifications, See SNMP notifications
NSF with SSO does not support IPv6 multicast traffic. 7-1, 8-1
O
OIR 10-11
online diagnostics
CompactFlash disk verification A-41
configuring 15-2
datapath verification A-14
diagnostic sanity check 15-24
egress datapath test A-4
error counter test A-4
interrupt counter test A-4
memory tests 15-24
overview 15-2
running tests 15-6
test descriptions A-1
understanding 15-2
online diagnostic tests A-1
online insertion and removal
out-f-band MAC address table synchronization
configuring 20-6
in a VSS 4-2
out of profile
P
packet burst 69-13
packet capture 57-2
packet recirculation 58-19
packet rewrite
CEF 32-2
IP MMLS and 39-4
packets
multicast 66-6
PAgP
understanding 22-5
path cost
MSTP 30-42
PBACLs 62-6
PBF 67-4
PBR 1-8
PBR (policy-based routing)
configuration (example) 33-7
enabling 33-4
peer inconsistent state
in PVST simulation 31-20
per-port VTP enable and disable 24-16
PFC
recirculation 36-5
PFC3 39-7
PIM, IP MMLS and 39-11
PIM snooping
designated router flooding 41-6
enabling globally 41-5
enabling in a VLAN 41-5
overview 41-4
PoE 19-2
Cisco prestandard 19-3
IEEE 802.3af 19-2
IEEE 802.3at 19-2
PoE management 19-3
power policing 19-4
power use measurement 19-4
police command 58-76
policy 58-65
policy-based ACLs (PBACLs) 62-6
policy-based forwarding (PBF) 68-2
policy-based routing
policy-based routing (PBR)
configuring 33-1
policy map 58-72
attaching to an interface 58-79, 69-6
policy-map command 58-65, 58-73
port ACLs
defined 66-2
port ACLs (PACLs) 66-1
Port Aggregation Protocol
port-based authentication
AAA authorization 76-33
accounting 76-16
configuring 76-43
authentication server
RADIUS server 76-7
configuration guidelines 76-2, 77-1
configuring
guest VLAN 76-45
inaccessible authentication bypass 76-47
initializing authentication of a client 76-39
manual reauthentication of a client 76-39
RADIUS server parameters on the switch 76-34, 77-9
restricted VLAN 76-46
switch-to-authentication-server retransmission time 76-42
switch-to-client EAP-request frame retransmission time 76-41
switch-to-client frame-retransmission number 76-42, 76-43
switch-to-client retransmission time 76-41
user distribution 76-44
VLAN group assignment 76-44
default configuration 76-31, 77-7
described 76-6
DHCP snooping 76-15
DHCP snooping and insertion 71-6
displaying statistics 76-57, 77-15
EAPOL-start frame 76-10
EAP-request/identity frame 76-10
EAP-response/identity frame 76-10
enabling
802.1X authentication 76-33, 76-34, 77-9
periodic reauthentication 76-38
encapsulation 76-7
guest VLAN
configuration guidelines 76-19, 76-20
described 76-19
host mode 76-13
inaccessible authentication bypass
configuring 76-47
described 76-21
guidelines 76-4
initiation and message exchange 76-10
MAC authentication bypass 76-26
magic packet 76-28
method lists 76-33
modes 76-13
multiauth mode, described 76-15
multidomain authentication mode, described 76-14
multiple-hosts mode, described 76-13
ports
authorization state and dot1x port-control command 76-12
authorized and unauthorized 76-12
critical 76-21
voice VLAN 76-22
port security
and voice VLAN 76-23
described 76-23
interactions 76-23
multiple-hosts mode 76-13
pre-authentication open access 76-15, 76-36
resetting to default values 76-57
supplicant, defined 76-7
switch
RADIUS client 76-7
switch supplicant
configuring 76-54
overview 76-30
user distribution
configuring 76-44
described 76-18
guidelines 76-4
VLAN assignment
AAA authorization 76-33
characteristics 76-17
configuration tasks 76-18
described 76-17
VLAN group
guidelines 76-4
voice VLAN
described 76-22
PVID 76-22
VVID 76-22
wake-on-LAN, described 76-28
port-based QoS features
port-channel
port-channel load-balance
command 22-11
port-channel load-defer command 4-45
port-channel port load-defer command 4-45
port cost, STP 30-32
port debounce timer
disabling 10-10
displaying 10-10
enabling 10-10
PortFast
edge ports 31-2
network ports 31-2
PortFast Edge BPDU filtering
See STP PortFast Edge BPDU filtering
PortFast port types
edge 31-2
network 31-2
port mode 38-3
port negotiation 10-5
port priority
MSTP 30-41
port priority, STP 30-31
ports
setting the debounce timer 10-10
port security
configuring 78-4
described 78-3
displaying 78-10
enable sticky secure MAC address 78-8
sticky MAC address 78-3
violations 78-3
Port Security is supported on trunks 78-2, 78-5, 78-7, 78-9
port security MAC move 78-3
port security on PVLAN ports 78-2
Port Security with Sticky Secure MAC Addresses 78-3
power management
enabling/disabling redundancy 13-2
overview 13-1
powering modules up or down 13-3
power policing 19-8
power negotiation
through LLDP 19-8
Power over Ethernet 19-2
power over ethernet 19-2
pre-authentication open access. See port-based authentication.
preemption, default configuration 21-4
preemption delay, default configuration 21-4
prerequisites for lawful intercept 79-1
primary links 21-2
primary VLANs 26-6
priority
private hosts 27-1
private hosts feature
configuration guidelines 27-1
configuring (detailed steps) 27-9
configuring (summary) 27-8
multicast operation 27-4
overview 27-4
port ACLs (PACLs) 27-7
protocol-independent MAC ACLs 27-4
restricting traffic flow with PACLs 27-5
spoofing protection 27-3
private VLANs 26-1
across multiple switches 26-9
and SVIs 26-10
benefits of 26-5
configuration guidelines 26-2, 26-4, 26-10
configuring 26-10
host ports 26-14
pomiscuous ports 26-15
routing secondary VLAN ingress traffic 26-13
secondary VLANs with primary VLANs 26-12
VLANs as private 26-11
end station access to 26-8
IP addressing 26-8
monitoring 26-16
ports
community 26-7
configuration guidelines 26-4
isolated 26-7
promiscuous 26-7
primary VLANs 26-6
secondary VLANs 26-6
subdomains 26-5
traffic in 26-10
privileged EXEC mode 2-5
promiscuous ports 26-7
protocol tunneling
See Layer 2 protocol tunneling 29-2
PVRST
See Rapid-PVST 30-3
PVST
description 30-3
PVST simulation
description 31-20
peer inconsistent state 31-20
root bridge 31-20
Q
QoS
auto-QoS
enabling for VoIP 59-4
IPv6 58-4
See also automatic QoS 59-1
QoS classification (definition) 58-120
QoS congestion avoidance
definition 58-121
QoS CoS
and ToS final L3 Switching Engine values 58-18
and ToS final values from L3 Switching Engine 58-18
definition 58-120
port value, configuring 58-91
QoS default configuration 58-111, 61-2
QoS DSCP
definition 58-121
internal values 58-16
maps, configuring 58-86
QoS dual transmit queue
thresholds
QoS Ethernet egress port
scheduling 58-111
scheduling, congestion avoidance, and marking 58-18
QoS Ethernet ingress port
classification, marking, scheduling, and congestion avoidance 58-12
QoS final L3 Switching Engine CoS and ToS values 58-18
QoS internal DSCP values 58-16
QoS L3 Switching Engine
classification, marking, and policing 58-15
feature summary 58-22
QoS labels (definition) 58-121
QoS mapping
CoS values to DSCP values 58-83, 58-86
DSCP markdown values 58-34, 58-87, 60-14
DSCP values to CoS values 58-89
IP precedence values to DSCP values 58-87
QoS markdown 58-25
QoS marking
definition 58-121
trusted ports 58-21
untrusted ports 58-20
QoS multilayer switch feature card 58-23
QoS out of profile 58-25
QoS policing
definition 58-121
microflow, enabling for nonrouted traffic 58-60
QoS policing rule
aggregate 58-23
creating 58-64
microflow 58-23
QoS port
QoS port-based or VLAN-based 58-60
QoS queues
transmit, allocating bandwidth between 58-107
QoS receive queue 58-14, 58-102, 58-104
drop thresholds 58-28
QoS RP
marking 58-23
QoS scheduling (definition) 58-121
QoS session-based 58-17
QoS single-receive, dual-transmit queue ports
configuring 58-97
QoS statistics data export 61-2
configuring 61-2
configuring destination host 61-7
configuring time interval 61-6, 61-8
QoS ToS
and CoS final values from L3 Switching Engine 58-18
definition 58-121
QoS traffic flow through QoS features 58-9
QoS transmit queue
QoS transmit queues 58-29, 58-100, 58-101, 58-103, 58-104
QoS trust-cos
port keyword 58-20
QoS trust-dscp
port keyword 58-20
QoS trust-ipprec
port keyword 58-20
QoS untrusted port keyword 58-20
QoS VLAN-based or port-based 58-17, 58-60
quad-supervisor
uplink forwarding 4-9
queries, IGMP 40-4
queries, MLDv2 47-6
R
RADIUS 71-6
RADIUS. See also port-based authentication. 76-7
range
command 52-3
macro 10-2
rapid convergence 30-14
Rapid-PVST
enabling 30-36
Rapid PVST+
interoperation with MST 31-20
Rapid-PVST+
overview 30-3
Rapid Spanning Tree
Rapid Spanning Tree Protocol
receive queues
redirect URLs
described 76-25
reduced MAC address 30-3
redundancy (RPR+) 9-1
configuring 9-4
configuring supervisor engine 9-2
displaying supervisor engine configuration 9-5
redundancy command 9-4
related documentation 1-xliii
Remote Authentication Dial-In User Service. See RADIUS.
Replication Mode Detection 39-12
report, MLD 47-5
reserved-range VLANs
restricted VLAN
configuring 76-46
described 76-20
using with IEEE 802.1x 76-20
restricting MIB access 79-10, 79-11
rewrite, packet
CEF 32-2
IP MMLS 39-4
RHI 4-52
RIF cache monitoring 10-12
ROM monitor
CLI 2-7
root bridge
MST 31-20
PVST simulation 31-20
root bridge, STP 30-29
root guard
root switch
MSTP 30-39
route health injection
route-map (IP) command 33-4
route maps
defining 33-4
router guard 44-1
routing table, multicast 39-21
RPF
failure 39-6
multicast 39-3
non-RPF multicast 39-6
RPR and RPR+ support IPv6 multicast traffic 9-1
RSTP
active topology 30-13
BPDU
format 30-16
processing 30-17
designated port, defined 30-13
designated switch, defined 30-13
interoperability with IEEE 802.1D
described 30-24
restarting migration process 30-47
topology changes 30-17
overview 30-13
port roles
described 30-13
synchronized 30-15
proposal-agreement handshake process 30-14
rapid convergence
described 30-14
edge ports and Port Fast 30-14
point-to-point links 30-14, 30-46
root ports 30-14
root port, defined 30-13
S
Sampled NetFlow
description 49-9
scheduling
secondary VLANs 26-6
Secure MAC Address Aging Type 78-9
security
security, port 78-3
security considerations 79-9
Security Exchange Protocol (SXP) 63-2
Security Group Access Control List (SGACL) 63-2
Security Group Tag (SGT) 63-2
serial IDs
description 50-14
serial interfaces
clearing 10-13
synchronous
maintaining 10-13
server IDs
description 50-14
service-policy command 58-65
service-policy input command 58-61, 58-79, 58-83, 58-85, 60-28, 69-6
service-provider network, MSTP and RSTP 30-18
set default interface command 33-4
set interface command 33-4
set ip default next-hop command 33-4
set ip df command
PBR 33-4
set ip next-hop command 33-4
set ip precedence command
PBR 33-4
set ip vrf command
PBR 33-4
set power redundancy enable/disable command 13-2
set requests 79-7, 79-8, 79-11
setting up lawful intercept 79-7
SGACL 63-2
SGT 63-2
shaped round robin 58-107
short pipe mode
configuring 60-32
show authentication command 76-58
show catalyst6000 chassis-mac-address command 30-4
show dot1x interface command 76-39
show eobc command 10-12
show history command 2-4
show ibc command 10-12
show interfaces command 10-8, 10-9, 10-12, 20-6, 20-13
clearing interface counters 10-12
displaying, speed and duplex mode 10-6
show ip flow export command
displaying NDE export flow IP address and UDP port 49-16
show ip interface command
displaying IP MMLS interfaces 39-19
show ip local policy command 33-5
show ip mroute command
displaying IP multicast routing table 39-21
show ip pim interface command
displaying IP MMLS router configuration 39-19
show mab command 76-61
show mls aging command 48-13
show mls ip multicast group command
displaying IP MMLS group 39-22, 39-25
show mls ip multicast interface command
displaying IP MMLS interface 39-22, 39-25
show mls ip multicast source command
displaying IP MMLS source 39-22, 39-25
show mls ip multicast statistics command
displaying IP MMLS statistics 39-22, 39-25
show mls ip multicast summary
displaying IP MMLS configuration 39-22, 39-25
show mls nde command 49-18
displaying NDE flow IP address 49-16
show mls rp command
displaying IP MLS configuration 48-11
show module command 9-5
show platform entry command 32-5
show protocols command 10-12
show rif command 10-12
show running-config command 10-12
show svclc rhi-routes command 4-52
show version command 10-12
shutdown command 10-13
shutdown interfaces
result 10-13
slot number, description 10-2
smart call home 50-1
description 50-5
destination profile (note) 50-23
registration requirements 50-5
service contract requirements 50-2
Transport Gateway (TG) aggregation point 50-4
SMARTnet
smart call home registration 50-5
smart port macros 3-1
configuration guidelines 3-2
Smartports macros
applying global parameter values 3-14
applying macros 3-14
creating 3-13
default configuration 3-4
defined 3-4
displaying 3-15
tracing 3-2
SNMP
configuring 79-10
default view 79-9
get and set requests 79-7, 79-8, 79-11
support and documentation 1-7
SNMP-COMMUNITY-MIB 79-9
snooping
software
upgrading router 5-5
source IDs
call home event format 50-13
source-only-ip flow mask 48-8
source specific multicast with IGMPv3, IGMP v3lite, and URD 39-10
SPAN
configuration guidelines 53-2
configuring 53-12
sources 53-16, 53-19, 53-21, 53-22, 53-24, 53-25, 53-26, 53-28
VLAN filtering 53-30
destination port support on EtherChannels 53-12, 53-19, 53-22, 53-24, 53-25, 53-29
distributed egress 53-10, 53-15
modules that disable for ERSPAN 53-7
input packets with don't learn option
local SPAN 53-17, 53-18, 53-19
understanding 53-12
local SPAN egress session increase 53-3, 53-16
overview 53-7
SPAN Destination Port Permit Lists 53-15
spanning-tree backbonefast
spanning-tree cost
command 30-33
command example 30-33
spanning-tree portfast
spanning-tree portfast bpdu-guard
command 31-8
spanning-tree port-priority
command 30-31
spanning-tree protocol for bridging 34-1
spanning-tree uplinkfast
command 31-13
command example 31-13
spanning-tree vlan
command 30-27, 30-29, 30-30, 30-31, 31-8, 31-17
command example 30-28, 30-29, 30-30, 30-31
spanning-tree vlan cost
command 30-33
spanning-tree vlan forward-time
command 30-35
command example 30-35
spanning-tree vlan hello-time
command 30-35
command example 30-35
spanning-tree vlan max-age
command 30-36
command example 30-36
spanning-tree vlan port-priority
command 30-31
command example 30-32
spanning-tree vlan priority
command 30-34
command example 30-34
speed
configuring interface 10-4
speed mode
autonegotiation status 10-6
SRR 58-107
standards, lawful intercept 79-4
standby links 21-2
static sharing
description 76-25
statistics
sticky ARP 69-21
sticky MAC address 78-3
Sticky secure MAC addresses 78-8, 78-9
storm control
STP
configuring 30-26
bridge priority 30-34
forward-delay time 30-35
hello time 30-35
maximum aging time 30-36
port cost 30-32
port priority 30-31
root bridge 30-29
secondary root switch 30-30
defaults 30-25
EtherChannel 22-7
normal ports 31-3
understanding 30-2
802.1Q Trunks 30-12
Blocking State 30-8
BPDUs 30-4
disabled state 30-12
forwarding state 30-11
learning state 30-10
listening state 30-9
overview 30-3
port states 30-6
protocol timers 30-5
root bridge election 30-5
topology 30-5
STP BackboneFast
configuring 31-15
figure
adding a switch 31-18
spanning-tree backbonefast
understanding 31-13
STP BPDU Guard
configuring 31-7
spanning-tree portfast bpdu-guard
command 31-8
understanding 31-7
STP bridge ID 30-3
STP EtherChannel guard 31-16
STP extensions
description??to 31-20
STP loop guard
configuring 31-19
overview 31-17
STP PortFast
BPDU filter
configuring 31-10
BPDU filtering 31-9
configuring 31-2
spanning-tree portfast
understanding 31-2
STP port types
normal 31-3
STP root guard 31-17
STP UplinkFast
configuring 31-12
spanning-tree uplinkfast
command 31-13
command example 31-13
understanding 31-11
subdomains, private VLAN 26-5
supervisor engine
environmental monitoring 14-1
redundancy 9-1
synchronizing configurations 9-5
supervisor engine redundancy
configuring 9-2
supervisor engines
displaying redundancy configuration 9-5
supplicant 76-7
surveillance 79-7
svclc command 4-51
Switched Port Analyzer 53-1
switch fabric functionality 17-1
configuring 17-3
monitoring 17-4
switchport
configuring 20-14
example 20-13
show interfaces 10-8, 10-9, 20-6, 20-13
switchport access vlan 20-6, 20-7, 20-10, 20-14
example 20-15
switchport mode access 20-4, 20-6, 20-7, 20-14
example 20-15
switchport mode dynamic 20-9
switchport mode dynamic auto 20-4
switchport mode dynamic desirable 20-4
default 20-5
example 20-13
switchport mode trunk 20-4, 20-9
switchport nonegotiate 20-4
switchport trunk allowed vlan 20-11
switchport trunk encapsulation 20-7, 20-9
switchport trunk encapsulation dot1q
example 20-13
switchport trunk encapsulation negotiate
default 20-5
switchport trunk native vlan 20-11
switchport trunk pruning vlan 20-12
switch priority
MSTP 30-43
switch TopN reports
foreground execution 55-2
running 55-3
viewing 55-3
SXP 63-2
system event archive (SEA) 51-1
System Hardware Capacity 1-4
T
TDR
checking cable connectivity 10-14
enabling and disabling test 10-14
guidelines 10-14
Telnet
accessing CLI 2-2
Time Domain Reflectometer 10-14
TLV
host presence detection 18-4, 76-14, 78-4
traceroute, Layer 2
and ARP 56-2
and CDP 56-1
described 56-2
IP addresses and subnets 56-2
MAC addresses and VLANs 56-2
multicast traffic 56-2
multiple devices on a port 56-2
unicast traffic 56-2
usage guidelines 56-1
traffic-storm control
command
broadcast 74-4
described 74-2
monitoring 74-5
thresholds 74-2
traffic suppression
transmit queues
trunks 20-4
802.1Q Restrictions 20-2
allowed VLANs 20-11
configuring 20-8
default interface configuration 20-6
default VLAN 20-10
different VTP domains 20-4
native VLAN 20-11
to non-DTP device 20-4
VLAN 1 minimization 20-12
trust-dscp
trusted boundary 18-6
trusted boundary (extended trust for CDP devices) 18-4
trust-ipprec
trustpoint 50-2
tunneling, 802.1Q
See 802.1Q 28-4
type length value
U
UDE
configuration 35-5
overview 35-4
UDE and UDLR 35-1
UDLD
default configuration 11-4
enabling
globally 11-5
overview 11-2
UDLR 35-1
back channel 35-3
configuration 35-6
tunnel
(example) 35-7
ARP and NHRP 35-4
UDLR (unidirectional link routing) 35-1
UDP port for SNMP notifications 79-12
UMFB 75-2
unauthorized ports with 802.1X 76-12
unicast storms
Unidirectional Ethernet 35-1
unidirectional ethernet
example of setting 35-5
UniDirectional Link Detection Protocol
uniform mode
configuring 60-36
unknown multicast flood blocking
unknown unicast and multicast flood blocking 75-1
unknown unicast flood blocking
unknown unicast flood rate-limiting
untrusted
UplinkFast
URD 39-10
User-Based Rate Limiting 58-25, 58-76
user EXEC mode 2-5
UUFB 75-2
UUFRL 75-2
V
VACLs 67-2
configuring
examples 67-5
Layer 3 VLAN interfaces 67-5
Layer 4 port operations 62-2
logging
configuration example 67-8
configuring 67-7
restrictions 67-7
MAC address based 67-2
multicast packets 66-6
SVIs 67-5
WAN interfaces 67-2
vlan
command 25-5, 25-6, 49-13, 53-20
command example 25-6
VLAN Access Control Lists
VLAN-based QoS filtering 58-67, 62-10
VLAN-bridge spanning-tree protocol 34-1
vlan database
command 25-5, 25-6, 49-13, 53-20
vlan group command 76-44
VLAN locking 25-4
vlan mapping dot1q
command 25-8
VLAN maps
applying 66-8
VLAN mode 38-3
VLAN port provisioning verification 25-4
VLANs
allowed on trunk 20-11
configuration guidelines 25-2
configuring 25-1
configuring (tasks) 25-4
defaults 25-3
extended range 25-3
interface assignment 25-6
multicast 42-2
name (default) 25-3
normal range 25-3
reserved range 25-3
support for 4,096 VLANs 25-2
token ring 25-3
trunks
understanding 20-4
understanding 25-2
VLAN 1 minimization 20-12
VTP domain 25-4
VLAN translation
voice VLAN
Cisco 7960 phone, port connections 18-2
configuration guidelines 18-1
configuring IP phone for data traffic
override CoS of incoming frame 18-6, 19-5
configuring ports for voice traffic in
802.1Q frames 18-5
connecting to an IP phone 18-5
default configuration 18-4
overview 18-2
voice VLAN. See also port-based authentication. 76-22
VPN
configuration example 37-4
guidelines and restrictions 37-2
VPN supported commands 37-2
VPN switching 37-1
VSS
dual-active detection
Enhanced PAgP, advantages 4-24
Enhanced PAgP, description 4-24
enhanced PAgP, description 4-46
fast-hello, advantages 4-24
fast-hello, description 4-25
VSLP fast-hello, configuration 4-47
VTP
client, configuring 24-15
configuration guidelines 24-1
default configuration 24-9
disabling 24-15
domains 24-3
VLANs 25-4
modes
client 24-4
server 24-4
transparent 24-4
monitoring 24-17
overview 24-2
per-port enable and disable 24-16
pruning
configuration 20-12
configuring 24-12
overview 24-7
server, configuring 24-15
statistics 24-17
transparent mode, configuring 24-15
version 2
enabling 24-13
overview 24-5
version 3
enabling 24-13
overview 24-6
server type, configuring 24-11
W
wake-on-LAN. See also port-based authentication. 76-28
web-based authentication
AAA fail policy 77-5
description 77-2
web browser interface 1-7
weighted round robin 58-107
wiretaps 79-4
WRR 58-107